Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 21.613217] ================================================================== [ 21.613406] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.613585] Read of size 121 at addr fff00000c42a5300 by task kunit_try_catch/287 [ 21.613808] [ 21.613939] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.614146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.614211] Hardware name: linux,dummy-virt (DT) [ 21.614315] Call trace: [ 21.614392] show_stack+0x20/0x38 (C) [ 21.614559] dump_stack_lvl+0x8c/0xd0 [ 21.614713] print_report+0x118/0x608 [ 21.614854] kasan_report+0xdc/0x128 [ 21.614991] kasan_check_range+0x100/0x1a8 [ 21.615150] __kasan_check_read+0x20/0x30 [ 21.615264] copy_user_test_oob+0x728/0xec8 [ 21.615406] kunit_try_run_case+0x170/0x3f0 [ 21.615560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.615674] kthread+0x328/0x630 [ 21.615778] ret_from_fork+0x10/0x20 [ 21.616202] [ 21.616314] Allocated by task 287: [ 21.616589] kasan_save_stack+0x3c/0x68 [ 21.616686] kasan_save_track+0x20/0x40 [ 21.616776] kasan_save_alloc_info+0x40/0x58 [ 21.616860] __kasan_kmalloc+0xd4/0xd8 [ 21.616939] __kmalloc_noprof+0x190/0x4d0 [ 21.616983] kunit_kmalloc_array+0x34/0x88 [ 21.617026] copy_user_test_oob+0xac/0xec8 [ 21.617063] kunit_try_run_case+0x170/0x3f0 [ 21.617144] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.617236] kthread+0x328/0x630 [ 21.618187] ret_from_fork+0x10/0x20 [ 21.618356] [ 21.618437] The buggy address belongs to the object at fff00000c42a5300 [ 21.618437] which belongs to the cache kmalloc-128 of size 128 [ 21.619084] The buggy address is located 0 bytes inside of [ 21.619084] allocated 120-byte region [fff00000c42a5300, fff00000c42a5378) [ 21.619576] [ 21.619877] The buggy address belongs to the physical page: [ 21.620207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042a5 [ 21.620381] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.620491] page_type: f5(slab) [ 21.620594] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.620712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.620812] page dumped because: kasan: bad access detected [ 21.620898] [ 21.620944] Memory state around the buggy address: [ 21.622540] fff00000c42a5200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.622681] fff00000c42a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.622784] >fff00000c42a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.622888] ^ [ 21.623067] fff00000c42a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.623505] fff00000c42a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.623898] ================================================================== [ 21.656954] ================================================================== [ 21.657078] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.657182] Write of size 121 at addr fff00000c42a5300 by task kunit_try_catch/287 [ 21.657294] [ 21.657382] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.657598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.657664] Hardware name: linux,dummy-virt (DT) [ 21.658038] Call trace: [ 21.658265] show_stack+0x20/0x38 (C) [ 21.658501] dump_stack_lvl+0x8c/0xd0 [ 21.658628] print_report+0x118/0x608 [ 21.658750] kasan_report+0xdc/0x128 [ 21.658915] kasan_check_range+0x100/0x1a8 [ 21.659032] __kasan_check_write+0x20/0x30 [ 21.659194] copy_user_test_oob+0x434/0xec8 [ 21.659318] kunit_try_run_case+0x170/0x3f0 [ 21.659418] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.659581] kthread+0x328/0x630 [ 21.659886] ret_from_fork+0x10/0x20 [ 21.660031] [ 21.660307] Allocated by task 287: [ 21.660510] kasan_save_stack+0x3c/0x68 [ 21.660662] kasan_save_track+0x20/0x40 [ 21.660786] kasan_save_alloc_info+0x40/0x58 [ 21.660876] __kasan_kmalloc+0xd4/0xd8 [ 21.660941] __kmalloc_noprof+0x190/0x4d0 [ 21.661015] kunit_kmalloc_array+0x34/0x88 [ 21.661099] copy_user_test_oob+0xac/0xec8 [ 21.661185] kunit_try_run_case+0x170/0x3f0 [ 21.661279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.661387] kthread+0x328/0x630 [ 21.661495] ret_from_fork+0x10/0x20 [ 21.661648] [ 21.661729] The buggy address belongs to the object at fff00000c42a5300 [ 21.661729] which belongs to the cache kmalloc-128 of size 128 [ 21.661930] The buggy address is located 0 bytes inside of [ 21.661930] allocated 120-byte region [fff00000c42a5300, fff00000c42a5378) [ 21.662145] [ 21.662214] The buggy address belongs to the physical page: [ 21.662328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042a5 [ 21.662466] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.662577] page_type: f5(slab) [ 21.662653] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.662789] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.662931] page dumped because: kasan: bad access detected [ 21.663145] [ 21.663225] Memory state around the buggy address: [ 21.663306] fff00000c42a5200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.663664] fff00000c42a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.663822] >fff00000c42a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.663933] ^ [ 21.664244] fff00000c42a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.664411] fff00000c42a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.664495] ================================================================== [ 21.593915] ================================================================== [ 21.594728] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.594912] Write of size 121 at addr fff00000c42a5300 by task kunit_try_catch/287 [ 21.595041] [ 21.595146] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.595362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.595434] Hardware name: linux,dummy-virt (DT) [ 21.595515] Call trace: [ 21.595589] show_stack+0x20/0x38 (C) [ 21.595708] dump_stack_lvl+0x8c/0xd0 [ 21.595830] print_report+0x118/0x608 [ 21.595934] kasan_report+0xdc/0x128 [ 21.596032] kasan_check_range+0x100/0x1a8 [ 21.596141] __kasan_check_write+0x20/0x30 [ 21.596251] copy_user_test_oob+0x234/0xec8 [ 21.596361] kunit_try_run_case+0x170/0x3f0 [ 21.596476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.596616] kthread+0x328/0x630 [ 21.596717] ret_from_fork+0x10/0x20 [ 21.596871] [ 21.596933] Allocated by task 287: [ 21.597027] kasan_save_stack+0x3c/0x68 [ 21.597838] kasan_save_track+0x20/0x40 [ 21.597942] kasan_save_alloc_info+0x40/0x58 [ 21.598072] __kasan_kmalloc+0xd4/0xd8 [ 21.598174] __kmalloc_noprof+0x190/0x4d0 [ 21.598260] kunit_kmalloc_array+0x34/0x88 [ 21.598389] copy_user_test_oob+0xac/0xec8 [ 21.598509] kunit_try_run_case+0x170/0x3f0 [ 21.598657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.598762] kthread+0x328/0x630 [ 21.598853] ret_from_fork+0x10/0x20 [ 21.598983] [ 21.599040] The buggy address belongs to the object at fff00000c42a5300 [ 21.599040] which belongs to the cache kmalloc-128 of size 128 [ 21.599162] The buggy address is located 0 bytes inside of [ 21.599162] allocated 120-byte region [fff00000c42a5300, fff00000c42a5378) [ 21.599639] [ 21.599704] The buggy address belongs to the physical page: [ 21.599782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042a5 [ 21.599942] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.600087] page_type: f5(slab) [ 21.600191] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.600300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.600640] page dumped because: kasan: bad access detected [ 21.600776] [ 21.600854] Memory state around the buggy address: [ 21.600972] fff00000c42a5200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.601119] fff00000c42a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.601222] >fff00000c42a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.601326] ^ [ 21.601483] fff00000c42a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.601616] fff00000c42a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.601714] ================================================================== [ 21.647146] ================================================================== [ 21.647266] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.647374] Read of size 121 at addr fff00000c42a5300 by task kunit_try_catch/287 [ 21.647488] [ 21.647623] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.648163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.648372] Hardware name: linux,dummy-virt (DT) [ 21.648509] Call trace: [ 21.648569] show_stack+0x20/0x38 (C) [ 21.649006] dump_stack_lvl+0x8c/0xd0 [ 21.649399] print_report+0x118/0x608 [ 21.649576] kasan_report+0xdc/0x128 [ 21.649724] kasan_check_range+0x100/0x1a8 [ 21.649833] __kasan_check_read+0x20/0x30 [ 21.650036] copy_user_test_oob+0x3c8/0xec8 [ 21.650313] kunit_try_run_case+0x170/0x3f0 [ 21.650430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.650636] kthread+0x328/0x630 [ 21.651027] ret_from_fork+0x10/0x20 [ 21.651189] [ 21.651239] Allocated by task 287: [ 21.651811] kasan_save_stack+0x3c/0x68 [ 21.652060] kasan_save_track+0x20/0x40 [ 21.652205] kasan_save_alloc_info+0x40/0x58 [ 21.652311] __kasan_kmalloc+0xd4/0xd8 [ 21.652395] __kmalloc_noprof+0x190/0x4d0 [ 21.652476] kunit_kmalloc_array+0x34/0x88 [ 21.652575] copy_user_test_oob+0xac/0xec8 [ 21.652669] kunit_try_run_case+0x170/0x3f0 [ 21.652764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.652913] kthread+0x328/0x630 [ 21.653030] ret_from_fork+0x10/0x20 [ 21.653150] [ 21.653205] The buggy address belongs to the object at fff00000c42a5300 [ 21.653205] which belongs to the cache kmalloc-128 of size 128 [ 21.653416] The buggy address is located 0 bytes inside of [ 21.653416] allocated 120-byte region [fff00000c42a5300, fff00000c42a5378) [ 21.653586] [ 21.653637] The buggy address belongs to the physical page: [ 21.653705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042a5 [ 21.653865] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.654192] page_type: f5(slab) [ 21.654276] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.654387] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.654484] page dumped because: kasan: bad access detected [ 21.654569] [ 21.654610] Memory state around the buggy address: [ 21.655068] fff00000c42a5200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.655225] fff00000c42a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.655351] >fff00000c42a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.655462] ^ [ 21.655566] fff00000c42a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.655800] fff00000c42a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.656003] ================================================================== [ 21.637042] ================================================================== [ 21.637252] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.637375] Write of size 121 at addr fff00000c42a5300 by task kunit_try_catch/287 [ 21.637493] [ 21.637594] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.638075] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.638162] Hardware name: linux,dummy-virt (DT) [ 21.638249] Call trace: [ 21.638305] show_stack+0x20/0x38 (C) [ 21.638421] dump_stack_lvl+0x8c/0xd0 [ 21.638539] print_report+0x118/0x608 [ 21.638648] kasan_report+0xdc/0x128 [ 21.638755] kasan_check_range+0x100/0x1a8 [ 21.638866] __kasan_check_write+0x20/0x30 [ 21.639400] copy_user_test_oob+0x35c/0xec8 [ 21.639656] kunit_try_run_case+0x170/0x3f0 [ 21.639879] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.640115] kthread+0x328/0x630 [ 21.640480] ret_from_fork+0x10/0x20 [ 21.640677] [ 21.640727] Allocated by task 287: [ 21.640798] kasan_save_stack+0x3c/0x68 [ 21.640881] kasan_save_track+0x20/0x40 [ 21.641016] kasan_save_alloc_info+0x40/0x58 [ 21.641115] __kasan_kmalloc+0xd4/0xd8 [ 21.641367] __kmalloc_noprof+0x190/0x4d0 [ 21.641848] kunit_kmalloc_array+0x34/0x88 [ 21.642024] copy_user_test_oob+0xac/0xec8 [ 21.642124] kunit_try_run_case+0x170/0x3f0 [ 21.642210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.642661] kthread+0x328/0x630 [ 21.643174] ret_from_fork+0x10/0x20 [ 21.643334] [ 21.643412] The buggy address belongs to the object at fff00000c42a5300 [ 21.643412] which belongs to the cache kmalloc-128 of size 128 [ 21.643632] The buggy address is located 0 bytes inside of [ 21.643632] allocated 120-byte region [fff00000c42a5300, fff00000c42a5378) [ 21.643839] [ 21.643886] The buggy address belongs to the physical page: [ 21.643959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042a5 [ 21.644123] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.644296] page_type: f5(slab) [ 21.644396] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.644564] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.644656] page dumped because: kasan: bad access detected [ 21.644735] [ 21.644791] Memory state around the buggy address: [ 21.645059] fff00000c42a5200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.645221] fff00000c42a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.645566] >fff00000c42a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.645698] ^ [ 21.645813] fff00000c42a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.645950] fff00000c42a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.646040] ================================================================== [ 21.666526] ================================================================== [ 21.666759] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.667185] Read of size 121 at addr fff00000c42a5300 by task kunit_try_catch/287 [ 21.667371] [ 21.667451] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.667859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.667944] Hardware name: linux,dummy-virt (DT) [ 21.668009] Call trace: [ 21.668050] show_stack+0x20/0x38 (C) [ 21.668158] dump_stack_lvl+0x8c/0xd0 [ 21.668257] print_report+0x118/0x608 [ 21.668629] kasan_report+0xdc/0x128 [ 21.669077] kasan_check_range+0x100/0x1a8 [ 21.669309] __kasan_check_read+0x20/0x30 [ 21.669557] copy_user_test_oob+0x4a0/0xec8 [ 21.669696] kunit_try_run_case+0x170/0x3f0 [ 21.669811] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.669926] kthread+0x328/0x630 [ 21.670030] ret_from_fork+0x10/0x20 [ 21.670152] [ 21.670204] Allocated by task 287: [ 21.671314] kasan_save_stack+0x3c/0x68 [ 21.671548] kasan_save_track+0x20/0x40 [ 21.671657] kasan_save_alloc_info+0x40/0x58 [ 21.671837] __kasan_kmalloc+0xd4/0xd8 [ 21.671974] __kmalloc_noprof+0x190/0x4d0 [ 21.672064] kunit_kmalloc_array+0x34/0x88 [ 21.672147] copy_user_test_oob+0xac/0xec8 [ 21.672214] kunit_try_run_case+0x170/0x3f0 [ 21.672278] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.672362] kthread+0x328/0x630 [ 21.672425] ret_from_fork+0x10/0x20 [ 21.672488] [ 21.672539] The buggy address belongs to the object at fff00000c42a5300 [ 21.672539] which belongs to the cache kmalloc-128 of size 128 [ 21.672669] The buggy address is located 0 bytes inside of [ 21.672669] allocated 120-byte region [fff00000c42a5300, fff00000c42a5378) [ 21.672813] [ 21.675465] The buggy address belongs to the physical page: [ 21.675598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042a5 [ 21.675739] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.675856] page_type: f5(slab) [ 21.675945] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.676057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.676135] page dumped because: kasan: bad access detected [ 21.676200] [ 21.676241] Memory state around the buggy address: [ 21.676315] fff00000c42a5200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.676420] fff00000c42a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.676525] >fff00000c42a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.676631] ^ [ 21.676732] fff00000c42a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.676837] fff00000c42a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.677370] ==================================================================
[ 25.531076] ================================================================== [ 25.531671] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 25.533599] Write of size 121 at addr ffff888103c6f300 by task kunit_try_catch/305 [ 25.534293] [ 25.535659] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 25.535793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.535836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.535898] Call Trace: [ 25.535951] <TASK> [ 25.535995] dump_stack_lvl+0x73/0xb0 [ 25.536066] print_report+0xd1/0x650 [ 25.536127] ? __virt_addr_valid+0x1db/0x2d0 [ 25.536180] ? copy_user_test_oob+0x557/0x10f0 [ 25.536231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.536287] ? copy_user_test_oob+0x557/0x10f0 [ 25.536340] kasan_report+0x141/0x180 [ 25.536395] ? copy_user_test_oob+0x557/0x10f0 [ 25.536564] kasan_check_range+0x10c/0x1c0 [ 25.536630] __kasan_check_write+0x18/0x20 [ 25.536681] copy_user_test_oob+0x557/0x10f0 [ 25.536737] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.536785] ? finish_task_switch.isra.0+0x153/0x700 [ 25.536841] ? __switch_to+0x5d9/0xf60 [ 25.536889] ? dequeue_task_fair+0x166/0x4e0 [ 25.536952] ? __schedule+0x10cc/0x2b30 [ 25.537009] ? __pfx_read_tsc+0x10/0x10 [ 25.537101] ? ktime_get_ts64+0x86/0x230 [ 25.537190] kunit_try_run_case+0x1a5/0x480 [ 25.537273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.537351] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.537504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.537606] ? __kthread_parkme+0x82/0x180 [ 25.537685] ? preempt_count_sub+0x50/0x80 [ 25.537767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.537846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.537926] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.537991] kthread+0x337/0x6f0 [ 25.538061] ? trace_preempt_on+0x20/0xc0 [ 25.538132] ? __pfx_kthread+0x10/0x10 [ 25.538193] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.538258] ? calculate_sigpending+0x7b/0xa0 [ 25.538315] ? __pfx_kthread+0x10/0x10 [ 25.538372] ret_from_fork+0x41/0x80 [ 25.539566] ? __pfx_kthread+0x10/0x10 [ 25.539646] ret_from_fork_asm+0x1a/0x30 [ 25.539704] </TASK> [ 25.539720] [ 25.560748] Allocated by task 305: [ 25.561578] kasan_save_stack+0x45/0x70 [ 25.562276] kasan_save_track+0x18/0x40 [ 25.562955] kasan_save_alloc_info+0x3b/0x50 [ 25.563311] __kasan_kmalloc+0xb7/0xc0 [ 25.563768] __kmalloc_noprof+0x1c9/0x500 [ 25.564630] kunit_kmalloc_array+0x25/0x60 [ 25.564957] copy_user_test_oob+0xab/0x10f0 [ 25.565273] kunit_try_run_case+0x1a5/0x480 [ 25.566343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.566894] kthread+0x337/0x6f0 [ 25.567177] ret_from_fork+0x41/0x80 [ 25.567541] ret_from_fork_asm+0x1a/0x30 [ 25.568276] [ 25.568865] The buggy address belongs to the object at ffff888103c6f300 [ 25.568865] which belongs to the cache kmalloc-128 of size 128 [ 25.570124] The buggy address is located 0 bytes inside of [ 25.570124] allocated 120-byte region [ffff888103c6f300, ffff888103c6f378) [ 25.571431] [ 25.571978] The buggy address belongs to the physical page: [ 25.572298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c6f [ 25.573225] flags: 0x200000000000000(node=0|zone=2) [ 25.573948] page_type: f5(slab) [ 25.574258] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.575649] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.576270] page dumped because: kasan: bad access detected [ 25.577167] [ 25.577359] Memory state around the buggy address: [ 25.577697] ffff888103c6f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.578774] ffff888103c6f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.579302] >ffff888103c6f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.579973] ^ [ 25.580851] ffff888103c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.581337] ffff888103c6f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.581912] ================================================================== [ 25.487922] ================================================================== [ 25.488396] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 25.488922] Read of size 121 at addr ffff888103c6f300 by task kunit_try_catch/305 [ 25.489946] [ 25.490340] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 25.490492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.490536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.490598] Call Trace: [ 25.490648] <TASK> [ 25.490700] dump_stack_lvl+0x73/0xb0 [ 25.490778] print_report+0xd1/0x650 [ 25.490852] ? __virt_addr_valid+0x1db/0x2d0 [ 25.490927] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.491001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.491079] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.491152] kasan_report+0x141/0x180 [ 25.491234] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.491323] kasan_check_range+0x10c/0x1c0 [ 25.491405] __kasan_check_read+0x15/0x20 [ 25.491524] copy_user_test_oob+0x4aa/0x10f0 [ 25.491612] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.491685] ? finish_task_switch.isra.0+0x153/0x700 [ 25.491762] ? __switch_to+0x5d9/0xf60 [ 25.491834] ? dequeue_task_fair+0x166/0x4e0 [ 25.491941] ? __schedule+0x10cc/0x2b30 [ 25.492051] ? __pfx_read_tsc+0x10/0x10 [ 25.492108] ? ktime_get_ts64+0x86/0x230 [ 25.492178] kunit_try_run_case+0x1a5/0x480 [ 25.492261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.492340] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.492423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.492524] ? __kthread_parkme+0x82/0x180 [ 25.492601] ? preempt_count_sub+0x50/0x80 [ 25.492682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.492762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.492843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.492921] kthread+0x337/0x6f0 [ 25.492995] ? trace_preempt_on+0x20/0xc0 [ 25.493076] ? __pfx_kthread+0x10/0x10 [ 25.493153] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.493225] ? calculate_sigpending+0x7b/0xa0 [ 25.493297] ? __pfx_kthread+0x10/0x10 [ 25.493376] ret_from_fork+0x41/0x80 [ 25.493517] ? __pfx_kthread+0x10/0x10 [ 25.493611] ret_from_fork_asm+0x1a/0x30 [ 25.493712] </TASK> [ 25.493749] [ 25.510873] Allocated by task 305: [ 25.511215] kasan_save_stack+0x45/0x70 [ 25.511708] kasan_save_track+0x18/0x40 [ 25.512119] kasan_save_alloc_info+0x3b/0x50 [ 25.512536] __kasan_kmalloc+0xb7/0xc0 [ 25.512859] __kmalloc_noprof+0x1c9/0x500 [ 25.513253] kunit_kmalloc_array+0x25/0x60 [ 25.513771] copy_user_test_oob+0xab/0x10f0 [ 25.514219] kunit_try_run_case+0x1a5/0x480 [ 25.514736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.515283] kthread+0x337/0x6f0 [ 25.515731] ret_from_fork+0x41/0x80 [ 25.516041] ret_from_fork_asm+0x1a/0x30 [ 25.516491] [ 25.516721] The buggy address belongs to the object at ffff888103c6f300 [ 25.516721] which belongs to the cache kmalloc-128 of size 128 [ 25.517829] The buggy address is located 0 bytes inside of [ 25.517829] allocated 120-byte region [ffff888103c6f300, ffff888103c6f378) [ 25.518779] [ 25.518999] The buggy address belongs to the physical page: [ 25.519550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c6f [ 25.520126] flags: 0x200000000000000(node=0|zone=2) [ 25.520561] page_type: f5(slab) [ 25.520953] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.521723] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.522170] page dumped because: kasan: bad access detected [ 25.522649] [ 25.522876] Memory state around the buggy address: [ 25.523333] ffff888103c6f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.526040] ffff888103c6f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.527204] >ffff888103c6f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.527645] ^ [ 25.528002] ffff888103c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.528556] ffff888103c6f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.529643] ================================================================== [ 25.449867] ================================================================== [ 25.450419] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 25.451033] Write of size 121 at addr ffff888103c6f300 by task kunit_try_catch/305 [ 25.451674] [ 25.451954] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 25.452087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.452126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.452191] Call Trace: [ 25.452236] <TASK> [ 25.452286] dump_stack_lvl+0x73/0xb0 [ 25.452368] print_report+0xd1/0x650 [ 25.452517] ? __virt_addr_valid+0x1db/0x2d0 [ 25.452605] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.452674] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.452750] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.452821] kasan_report+0x141/0x180 [ 25.452901] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.452987] kasan_check_range+0x10c/0x1c0 [ 25.453049] __kasan_check_write+0x18/0x20 [ 25.453080] copy_user_test_oob+0x3fd/0x10f0 [ 25.453114] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.453141] ? finish_task_switch.isra.0+0x153/0x700 [ 25.453177] ? __switch_to+0x5d9/0xf60 [ 25.453206] ? dequeue_task_fair+0x166/0x4e0 [ 25.453241] ? __schedule+0x10cc/0x2b30 [ 25.453275] ? __pfx_read_tsc+0x10/0x10 [ 25.453304] ? ktime_get_ts64+0x86/0x230 [ 25.453340] kunit_try_run_case+0x1a5/0x480 [ 25.453374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.453413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.453513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.453552] ? __kthread_parkme+0x82/0x180 [ 25.453601] ? preempt_count_sub+0x50/0x80 [ 25.453637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.453672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.453705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.453738] kthread+0x337/0x6f0 [ 25.453768] ? trace_preempt_on+0x20/0xc0 [ 25.453803] ? __pfx_kthread+0x10/0x10 [ 25.453836] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.453869] ? calculate_sigpending+0x7b/0xa0 [ 25.453899] ? __pfx_kthread+0x10/0x10 [ 25.453931] ret_from_fork+0x41/0x80 [ 25.453961] ? __pfx_kthread+0x10/0x10 [ 25.453993] ret_from_fork_asm+0x1a/0x30 [ 25.454036] </TASK> [ 25.454050] [ 25.469631] Allocated by task 305: [ 25.469936] kasan_save_stack+0x45/0x70 [ 25.470263] kasan_save_track+0x18/0x40 [ 25.470913] kasan_save_alloc_info+0x3b/0x50 [ 25.471407] __kasan_kmalloc+0xb7/0xc0 [ 25.471859] __kmalloc_noprof+0x1c9/0x500 [ 25.472312] kunit_kmalloc_array+0x25/0x60 [ 25.472821] copy_user_test_oob+0xab/0x10f0 [ 25.473274] kunit_try_run_case+0x1a5/0x480 [ 25.473764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.474209] kthread+0x337/0x6f0 [ 25.474704] ret_from_fork+0x41/0x80 [ 25.475111] ret_from_fork_asm+0x1a/0x30 [ 25.475579] [ 25.475733] The buggy address belongs to the object at ffff888103c6f300 [ 25.475733] which belongs to the cache kmalloc-128 of size 128 [ 25.476382] The buggy address is located 0 bytes inside of [ 25.476382] allocated 120-byte region [ffff888103c6f300, ffff888103c6f378) [ 25.477093] [ 25.477290] The buggy address belongs to the physical page: [ 25.477828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c6f [ 25.478617] flags: 0x200000000000000(node=0|zone=2) [ 25.479134] page_type: f5(slab) [ 25.479545] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.480257] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.481032] page dumped because: kasan: bad access detected [ 25.481647] [ 25.481830] Memory state around the buggy address: [ 25.482167] ffff888103c6f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.482857] ffff888103c6f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.483469] >ffff888103c6f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.484517] ^ [ 25.485045] ffff888103c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.485546] ffff888103c6f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.486231] ================================================================== [ 25.584181] ================================================================== [ 25.584833] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 25.585531] Read of size 121 at addr ffff888103c6f300 by task kunit_try_catch/305 [ 25.586232] [ 25.587168] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 25.587560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.587605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.587666] Call Trace: [ 25.587714] <TASK> [ 25.587765] dump_stack_lvl+0x73/0xb0 [ 25.587844] print_report+0xd1/0x650 [ 25.587887] ? __virt_addr_valid+0x1db/0x2d0 [ 25.587918] ? copy_user_test_oob+0x604/0x10f0 [ 25.587946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.587979] ? copy_user_test_oob+0x604/0x10f0 [ 25.588010] kasan_report+0x141/0x180 [ 25.588044] ? copy_user_test_oob+0x604/0x10f0 [ 25.588081] kasan_check_range+0x10c/0x1c0 [ 25.588117] __kasan_check_read+0x15/0x20 [ 25.588146] copy_user_test_oob+0x604/0x10f0 [ 25.588177] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.588204] ? finish_task_switch.isra.0+0x153/0x700 [ 25.588238] ? __switch_to+0x5d9/0xf60 [ 25.588268] ? dequeue_task_fair+0x166/0x4e0 [ 25.588305] ? __schedule+0x10cc/0x2b30 [ 25.588340] ? __pfx_read_tsc+0x10/0x10 [ 25.588369] ? ktime_get_ts64+0x86/0x230 [ 25.588431] kunit_try_run_case+0x1a5/0x480 [ 25.588507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.588544] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.588580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.588615] ? __kthread_parkme+0x82/0x180 [ 25.588647] ? preempt_count_sub+0x50/0x80 [ 25.588682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.588716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.588749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.588782] kthread+0x337/0x6f0 [ 25.588812] ? trace_preempt_on+0x20/0xc0 [ 25.588846] ? __pfx_kthread+0x10/0x10 [ 25.588877] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.588908] ? calculate_sigpending+0x7b/0xa0 [ 25.588939] ? __pfx_kthread+0x10/0x10 [ 25.588972] ret_from_fork+0x41/0x80 [ 25.589003] ? __pfx_kthread+0x10/0x10 [ 25.589035] ret_from_fork_asm+0x1a/0x30 [ 25.589078] </TASK> [ 25.589092] [ 25.607178] Allocated by task 305: [ 25.607596] kasan_save_stack+0x45/0x70 [ 25.607942] kasan_save_track+0x18/0x40 [ 25.608343] kasan_save_alloc_info+0x3b/0x50 [ 25.608887] __kasan_kmalloc+0xb7/0xc0 [ 25.609323] __kmalloc_noprof+0x1c9/0x500 [ 25.609810] kunit_kmalloc_array+0x25/0x60 [ 25.610212] copy_user_test_oob+0xab/0x10f0 [ 25.610722] kunit_try_run_case+0x1a5/0x480 [ 25.611198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.611829] kthread+0x337/0x6f0 [ 25.612229] ret_from_fork+0x41/0x80 [ 25.612727] ret_from_fork_asm+0x1a/0x30 [ 25.613173] [ 25.613503] The buggy address belongs to the object at ffff888103c6f300 [ 25.613503] which belongs to the cache kmalloc-128 of size 128 [ 25.614279] The buggy address is located 0 bytes inside of [ 25.614279] allocated 120-byte region [ffff888103c6f300, ffff888103c6f378) [ 25.615434] [ 25.615696] The buggy address belongs to the physical page: [ 25.616161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c6f [ 25.616896] flags: 0x200000000000000(node=0|zone=2) [ 25.617344] page_type: f5(slab) [ 25.617811] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.618586] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.619040] page dumped because: kasan: bad access detected [ 25.619670] [ 25.619944] Memory state around the buggy address: [ 25.620497] ffff888103c6f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.621095] ffff888103c6f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.621783] >ffff888103c6f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.622446] ^ [ 25.623092] ffff888103c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.623742] ffff888103c6f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.624340] ==================================================================
[ 24.056969] ================================================================== [ 24.058211] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 24.058898] Write of size 121 at addr ffff00000c98ed00 by task kunit_try_catch/343 [ 24.059602] [ 24.059768] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 24.059821] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.059837] Hardware name: Radxa ROCK Pi 4B (DT) [ 24.059855] Call trace: [ 24.059868] show_stack+0x20/0x38 (C) [ 24.059901] dump_stack_lvl+0x8c/0xd0 [ 24.059934] print_report+0x118/0x608 [ 24.059964] kasan_report+0xdc/0x128 [ 24.059993] kasan_check_range+0x100/0x1a8 [ 24.060027] __kasan_check_write+0x20/0x30 [ 24.060060] copy_user_test_oob+0x234/0xec8 [ 24.060088] kunit_try_run_case+0x170/0x3f0 [ 24.060125] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.060165] kthread+0x328/0x630 [ 24.060201] ret_from_fork+0x10/0x20 [ 24.060235] [ 24.066123] Allocated by task 343: [ 24.066453] kasan_save_stack+0x3c/0x68 [ 24.066831] kasan_save_track+0x20/0x40 [ 24.067204] kasan_save_alloc_info+0x40/0x58 [ 24.067620] __kasan_kmalloc+0xd4/0xd8 [ 24.067984] __kmalloc_noprof+0x190/0x4d0 [ 24.068373] kunit_kmalloc_array+0x34/0x88 [ 24.068776] copy_user_test_oob+0xac/0xec8 [ 24.069171] kunit_try_run_case+0x170/0x3f0 [ 24.069579] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.070106] kthread+0x328/0x630 [ 24.070430] ret_from_fork+0x10/0x20 [ 24.070781] [ 24.070936] The buggy address belongs to the object at ffff00000c98ed00 [ 24.070936] which belongs to the cache kmalloc-128 of size 128 [ 24.072072] The buggy address is located 0 bytes inside of [ 24.072072] allocated 120-byte region [ffff00000c98ed00, ffff00000c98ed78) [ 24.073201] [ 24.073356] The buggy address belongs to the physical page: [ 24.073875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc98e [ 24.074600] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 24.075213] page_type: f5(slab) [ 24.075528] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 24.076246] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.076956] page dumped because: kasan: bad access detected [ 24.077472] [ 24.077627] Memory state around the buggy address: [ 24.078078] ffff00000c98ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.078746] ffff00000c98ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.079414] >ffff00000c98ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.080078] ^ [ 24.080735] ffff00000c98ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.081403] ffff00000c98ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.082068] ================================================================== [ 24.107767] ================================================================== [ 24.108430] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 24.109078] Write of size 121 at addr ffff00000c98ed00 by task kunit_try_catch/343 [ 24.109766] [ 24.109923] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 24.109961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.109972] Hardware name: Radxa ROCK Pi 4B (DT) [ 24.109985] Call trace: [ 24.109995] show_stack+0x20/0x38 (C) [ 24.110019] dump_stack_lvl+0x8c/0xd0 [ 24.110042] print_report+0x118/0x608 [ 24.110064] kasan_report+0xdc/0x128 [ 24.110085] kasan_check_range+0x100/0x1a8 [ 24.110109] __kasan_check_write+0x20/0x30 [ 24.110133] copy_user_test_oob+0x35c/0xec8 [ 24.110153] kunit_try_run_case+0x170/0x3f0 [ 24.110179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.110208] kthread+0x328/0x630 [ 24.110232] ret_from_fork+0x10/0x20 [ 24.110257] [ 24.116095] Allocated by task 343: [ 24.116412] kasan_save_stack+0x3c/0x68 [ 24.116775] kasan_save_track+0x20/0x40 [ 24.117136] kasan_save_alloc_info+0x40/0x58 [ 24.117538] __kasan_kmalloc+0xd4/0xd8 [ 24.117893] __kmalloc_noprof+0x190/0x4d0 [ 24.118270] kunit_kmalloc_array+0x34/0x88 [ 24.118658] copy_user_test_oob+0xac/0xec8 [ 24.119042] kunit_try_run_case+0x170/0x3f0 [ 24.119436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.119947] kthread+0x328/0x630 [ 24.120258] ret_from_fork+0x10/0x20 [ 24.120598] [ 24.120744] The buggy address belongs to the object at ffff00000c98ed00 [ 24.120744] which belongs to the cache kmalloc-128 of size 128 [ 24.121864] The buggy address is located 0 bytes inside of [ 24.121864] allocated 120-byte region [ffff00000c98ed00, ffff00000c98ed78) [ 24.122978] [ 24.123126] The buggy address belongs to the physical page: [ 24.123634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc98e [ 24.124347] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 24.124947] page_type: f5(slab) [ 24.125249] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 24.125953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.126653] page dumped because: kasan: bad access detected [ 24.127161] [ 24.127308] Memory state around the buggy address: [ 24.127747] ffff00000c98ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.128404] ffff00000c98ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.129059] >ffff00000c98ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.129711] ^ [ 24.130358] ffff00000c98ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.131014] ffff00000c98ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.131666] ================================================================== [ 24.082940] ================================================================== [ 24.083619] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 24.084281] Read of size 121 at addr ffff00000c98ed00 by task kunit_try_catch/343 [ 24.084963] [ 24.085119] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 24.085157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.085168] Hardware name: Radxa ROCK Pi 4B (DT) [ 24.085181] Call trace: [ 24.085191] show_stack+0x20/0x38 (C) [ 24.085215] dump_stack_lvl+0x8c/0xd0 [ 24.085239] print_report+0x118/0x608 [ 24.085261] kasan_report+0xdc/0x128 [ 24.085282] kasan_check_range+0x100/0x1a8 [ 24.085305] __kasan_check_read+0x20/0x30 [ 24.085329] copy_user_test_oob+0x728/0xec8 [ 24.085349] kunit_try_run_case+0x170/0x3f0 [ 24.085375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.085404] kthread+0x328/0x630 [ 24.085429] ret_from_fork+0x10/0x20 [ 24.085455] [ 24.091289] Allocated by task 343: [ 24.091611] kasan_save_stack+0x3c/0x68 [ 24.091976] kasan_save_track+0x20/0x40 [ 24.092338] kasan_save_alloc_info+0x40/0x58 [ 24.092740] __kasan_kmalloc+0xd4/0xd8 [ 24.093094] __kmalloc_noprof+0x190/0x4d0 [ 24.093473] kunit_kmalloc_array+0x34/0x88 [ 24.093862] copy_user_test_oob+0xac/0xec8 [ 24.094247] kunit_try_run_case+0x170/0x3f0 [ 24.094642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.095152] kthread+0x328/0x630 [ 24.095466] ret_from_fork+0x10/0x20 [ 24.095804] [ 24.095952] The buggy address belongs to the object at ffff00000c98ed00 [ 24.095952] which belongs to the cache kmalloc-128 of size 128 [ 24.097072] The buggy address is located 0 bytes inside of [ 24.097072] allocated 120-byte region [ffff00000c98ed00, ffff00000c98ed78) [ 24.098186] [ 24.098334] The buggy address belongs to the physical page: [ 24.098843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc98e [ 24.099555] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 24.100156] page_type: f5(slab) [ 24.100459] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 24.101162] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.101860] page dumped because: kasan: bad access detected [ 24.102367] [ 24.102515] Memory state around the buggy address: [ 24.102955] ffff00000c98ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.103611] ffff00000c98ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.104266] >ffff00000c98ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.104918] ^ [ 24.105564] ffff00000c98ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.106219] ffff00000c98ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.106872] ================================================================== [ 24.181822] ================================================================== [ 24.182477] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 24.183117] Read of size 121 at addr ffff00000c98ed00 by task kunit_try_catch/343 [ 24.183794] [ 24.183942] CPU: 4 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 24.183974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.183984] Hardware name: Radxa ROCK Pi 4B (DT) [ 24.183995] Call trace: [ 24.184002] show_stack+0x20/0x38 (C) [ 24.184023] dump_stack_lvl+0x8c/0xd0 [ 24.184042] print_report+0x118/0x608 [ 24.184061] kasan_report+0xdc/0x128 [ 24.184079] kasan_check_range+0x100/0x1a8 [ 24.184100] __kasan_check_read+0x20/0x30 [ 24.184121] copy_user_test_oob+0x4a0/0xec8 [ 24.184139] kunit_try_run_case+0x170/0x3f0 [ 24.184161] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.184188] kthread+0x328/0x630 [ 24.184209] ret_from_fork+0x10/0x20 [ 24.184230] [ 24.190052] Allocated by task 343: [ 24.190368] kasan_save_stack+0x3c/0x68 [ 24.190726] kasan_save_track+0x20/0x40 [ 24.191084] kasan_save_alloc_info+0x40/0x58 [ 24.191483] __kasan_kmalloc+0xd4/0xd8 [ 24.191834] __kmalloc_noprof+0x190/0x4d0 [ 24.192207] kunit_kmalloc_array+0x34/0x88 [ 24.192591] copy_user_test_oob+0xac/0xec8 [ 24.192971] kunit_try_run_case+0x170/0x3f0 [ 24.193363] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.193872] kthread+0x328/0x630 [ 24.194181] ret_from_fork+0x10/0x20 [ 24.194519] [ 24.194664] The buggy address belongs to the object at ffff00000c98ed00 [ 24.194664] which belongs to the cache kmalloc-128 of size 128 [ 24.195780] The buggy address is located 0 bytes inside of [ 24.195780] allocated 120-byte region [ffff00000c98ed00, ffff00000c98ed78) [ 24.196892] [ 24.197038] The buggy address belongs to the physical page: [ 24.197542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc98e [ 24.198250] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 24.198845] page_type: f5(slab) [ 24.199143] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 24.199844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.200539] page dumped because: kasan: bad access detected [ 24.201043] [ 24.201189] Memory state around the buggy address: [ 24.201626] ffff00000c98ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.202278] ffff00000c98ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.202931] >ffff00000c98ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.203580] ^ [ 24.204225] ffff00000c98ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.204878] ffff00000c98ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.205528] ================================================================== [ 24.157295] ================================================================== [ 24.157950] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 24.158588] Write of size 121 at addr ffff00000c98ed00 by task kunit_try_catch/343 [ 24.159273] [ 24.159423] CPU: 4 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 24.159456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.159465] Hardware name: Radxa ROCK Pi 4B (DT) [ 24.159476] Call trace: [ 24.159483] show_stack+0x20/0x38 (C) [ 24.159505] dump_stack_lvl+0x8c/0xd0 [ 24.159523] print_report+0x118/0x608 [ 24.159542] kasan_report+0xdc/0x128 [ 24.159561] kasan_check_range+0x100/0x1a8 [ 24.159581] __kasan_check_write+0x20/0x30 [ 24.159602] copy_user_test_oob+0x434/0xec8 [ 24.159620] kunit_try_run_case+0x170/0x3f0 [ 24.159642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.159669] kthread+0x328/0x630 [ 24.159691] ret_from_fork+0x10/0x20 [ 24.159712] [ 24.165545] Allocated by task 343: [ 24.165862] kasan_save_stack+0x3c/0x68 [ 24.166223] kasan_save_track+0x20/0x40 [ 24.166581] kasan_save_alloc_info+0x40/0x58 [ 24.166980] __kasan_kmalloc+0xd4/0xd8 [ 24.167331] __kmalloc_noprof+0x190/0x4d0 [ 24.167706] kunit_kmalloc_array+0x34/0x88 [ 24.168091] copy_user_test_oob+0xac/0xec8 [ 24.168470] kunit_try_run_case+0x170/0x3f0 [ 24.168862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.169371] kthread+0x328/0x630 [ 24.169680] ret_from_fork+0x10/0x20 [ 24.170018] [ 24.170165] The buggy address belongs to the object at ffff00000c98ed00 [ 24.170165] which belongs to the cache kmalloc-128 of size 128 [ 24.171281] The buggy address is located 0 bytes inside of [ 24.171281] allocated 120-byte region [ffff00000c98ed00, ffff00000c98ed78) [ 24.172393] [ 24.172539] The buggy address belongs to the physical page: [ 24.173043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc98e [ 24.173751] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 24.174346] page_type: f5(slab) [ 24.174644] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 24.175345] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.176041] page dumped because: kasan: bad access detected [ 24.176546] [ 24.176692] Memory state around the buggy address: [ 24.177130] ffff00000c98ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177782] ffff00000c98ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178434] >ffff00000c98ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.179084] ^ [ 24.179727] ffff00000c98ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.180381] ffff00000c98ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.181030] ================================================================== [ 24.132667] ================================================================== [ 24.133343] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 24.133993] Read of size 121 at addr ffff00000c98ed00 by task kunit_try_catch/343 [ 24.134675] [ 24.134830] CPU: 4 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 24.134867] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.134877] Hardware name: Radxa ROCK Pi 4B (DT) [ 24.134890] Call trace: [ 24.134898] show_stack+0x20/0x38 (C) [ 24.134922] dump_stack_lvl+0x8c/0xd0 [ 24.134944] print_report+0x118/0x608 [ 24.134964] kasan_report+0xdc/0x128 [ 24.134983] kasan_check_range+0x100/0x1a8 [ 24.135003] __kasan_check_read+0x20/0x30 [ 24.135025] copy_user_test_oob+0x3c8/0xec8 [ 24.135043] kunit_try_run_case+0x170/0x3f0 [ 24.135067] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.135094] kthread+0x328/0x630 [ 24.135117] ret_from_fork+0x10/0x20 [ 24.135138] [ 24.140969] Allocated by task 343: [ 24.141286] kasan_save_stack+0x3c/0x68 [ 24.141649] kasan_save_track+0x20/0x40 [ 24.142008] kasan_save_alloc_info+0x40/0x58 [ 24.142408] __kasan_kmalloc+0xd4/0xd8 [ 24.142759] __kmalloc_noprof+0x190/0x4d0 [ 24.143135] kunit_kmalloc_array+0x34/0x88 [ 24.143520] copy_user_test_oob+0xac/0xec8 [ 24.143901] kunit_try_run_case+0x170/0x3f0 [ 24.144293] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.144802] kthread+0x328/0x630 [ 24.145111] ret_from_fork+0x10/0x20 [ 24.145448] [ 24.145595] The buggy address belongs to the object at ffff00000c98ed00 [ 24.145595] which belongs to the cache kmalloc-128 of size 128 [ 24.146713] The buggy address is located 0 bytes inside of [ 24.146713] allocated 120-byte region [ffff00000c98ed00, ffff00000c98ed78) [ 24.147825] [ 24.147972] The buggy address belongs to the physical page: [ 24.148477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc98e [ 24.149189] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 24.149785] page_type: f5(slab) [ 24.150086] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 24.150788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.151484] page dumped because: kasan: bad access detected [ 24.151989] [ 24.152136] Memory state around the buggy address: [ 24.152574] ffff00000c98ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.153226] ffff00000c98ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.153879] >ffff00000c98ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.154528] ^ [ 24.155174] ffff00000c98ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.155827] ffff00000c98ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.156478] ==================================================================