Date
May 23, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.606061] ================================================================== [ 32.606263] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.606790] Read of size 121 at addr fff00000c78a6100 by task kunit_try_catch/287 [ 32.606985] [ 32.607092] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.607339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.607434] Hardware name: linux,dummy-virt (DT) [ 32.607904] Call trace: [ 32.608165] show_stack+0x20/0x38 (C) [ 32.608362] dump_stack_lvl+0x8c/0xd0 [ 32.608531] print_report+0x118/0x608 [ 32.608722] kasan_report+0xdc/0x128 [ 32.608860] kasan_check_range+0x100/0x1a8 [ 32.609007] __kasan_check_read+0x20/0x30 [ 32.609125] copy_user_test_oob+0x728/0xec8 [ 32.609272] kunit_try_run_case+0x170/0x3f0 [ 32.609405] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.609592] kthread+0x328/0x630 [ 32.609747] ret_from_fork+0x10/0x20 [ 32.609892] [ 32.609953] Allocated by task 287: [ 32.610049] kasan_save_stack+0x3c/0x68 [ 32.610285] kasan_save_track+0x20/0x40 [ 32.610418] kasan_save_alloc_info+0x40/0x58 [ 32.610591] __kasan_kmalloc+0xd4/0xd8 [ 32.610739] __kmalloc_noprof+0x190/0x4d0 [ 32.610859] kunit_kmalloc_array+0x34/0x88 [ 32.610975] copy_user_test_oob+0xac/0xec8 [ 32.611087] kunit_try_run_case+0x170/0x3f0 [ 32.611210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.611351] kthread+0x328/0x630 [ 32.611490] ret_from_fork+0x10/0x20 [ 32.611597] [ 32.611666] The buggy address belongs to the object at fff00000c78a6100 [ 32.611666] which belongs to the cache kmalloc-128 of size 128 [ 32.611853] The buggy address is located 0 bytes inside of [ 32.611853] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.612077] [ 32.612153] The buggy address belongs to the physical page: [ 32.612282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.612511] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.612726] page_type: f5(slab) [ 32.612856] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.613004] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.613107] page dumped because: kasan: bad access detected [ 32.613219] [ 32.613274] Memory state around the buggy address: [ 32.613375] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.613539] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.613675] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.613785] ^ [ 32.613945] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.614087] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.614217] ================================================================== [ 32.627407] ================================================================== [ 32.627665] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.627888] Write of size 121 at addr fff00000c78a6100 by task kunit_try_catch/287 [ 32.628092] [ 32.628207] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.628493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.628624] Hardware name: linux,dummy-virt (DT) [ 32.628723] Call trace: [ 32.628805] show_stack+0x20/0x38 (C) [ 32.628980] dump_stack_lvl+0x8c/0xd0 [ 32.629154] print_report+0x118/0x608 [ 32.629299] kasan_report+0xdc/0x128 [ 32.629504] kasan_check_range+0x100/0x1a8 [ 32.629718] __kasan_check_write+0x20/0x30 [ 32.629871] copy_user_test_oob+0x35c/0xec8 [ 32.629999] kunit_try_run_case+0x170/0x3f0 [ 32.630122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.630318] kthread+0x328/0x630 [ 32.630539] ret_from_fork+0x10/0x20 [ 32.630744] [ 32.630831] Allocated by task 287: [ 32.630961] kasan_save_stack+0x3c/0x68 [ 32.631119] kasan_save_track+0x20/0x40 [ 32.631237] kasan_save_alloc_info+0x40/0x58 [ 32.631365] __kasan_kmalloc+0xd4/0xd8 [ 32.631723] __kmalloc_noprof+0x190/0x4d0 [ 32.631876] kunit_kmalloc_array+0x34/0x88 [ 32.632016] copy_user_test_oob+0xac/0xec8 [ 32.632162] kunit_try_run_case+0x170/0x3f0 [ 32.632275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.632399] kthread+0x328/0x630 [ 32.632526] ret_from_fork+0x10/0x20 [ 32.632627] [ 32.632683] The buggy address belongs to the object at fff00000c78a6100 [ 32.632683] which belongs to the cache kmalloc-128 of size 128 [ 32.632843] The buggy address is located 0 bytes inside of [ 32.632843] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.633025] [ 32.633096] The buggy address belongs to the physical page: [ 32.633192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.633340] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.633570] page_type: f5(slab) [ 32.633720] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.633874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.634010] page dumped because: kasan: bad access detected [ 32.634120] [ 32.634175] Memory state around the buggy address: [ 32.634307] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.634506] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.634688] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.634853] ^ [ 32.635000] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.635219] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.635390] ================================================================== [ 32.659564] ================================================================== [ 32.660135] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.660378] Read of size 121 at addr fff00000c78a6100 by task kunit_try_catch/287 [ 32.660550] [ 32.660649] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.660886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.660978] Hardware name: linux,dummy-virt (DT) [ 32.661870] Call trace: [ 32.661988] show_stack+0x20/0x38 (C) [ 32.662333] dump_stack_lvl+0x8c/0xd0 [ 32.662927] print_report+0x118/0x608 [ 32.663098] kasan_report+0xdc/0x128 [ 32.663235] kasan_check_range+0x100/0x1a8 [ 32.663473] __kasan_check_read+0x20/0x30 [ 32.663622] copy_user_test_oob+0x4a0/0xec8 [ 32.664287] kunit_try_run_case+0x170/0x3f0 [ 32.664859] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.665120] kthread+0x328/0x630 [ 32.665357] ret_from_fork+0x10/0x20 [ 32.665611] [ 32.665698] Allocated by task 287: [ 32.666163] kasan_save_stack+0x3c/0x68 [ 32.666311] kasan_save_track+0x20/0x40 [ 32.666493] kasan_save_alloc_info+0x40/0x58 [ 32.666699] __kasan_kmalloc+0xd4/0xd8 [ 32.666823] __kmalloc_noprof+0x190/0x4d0 [ 32.667419] kunit_kmalloc_array+0x34/0x88 [ 32.667674] copy_user_test_oob+0xac/0xec8 [ 32.667818] kunit_try_run_case+0x170/0x3f0 [ 32.668029] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.668566] kthread+0x328/0x630 [ 32.668812] ret_from_fork+0x10/0x20 [ 32.669018] [ 32.669165] The buggy address belongs to the object at fff00000c78a6100 [ 32.669165] which belongs to the cache kmalloc-128 of size 128 [ 32.669772] The buggy address is located 0 bytes inside of [ 32.669772] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.670012] [ 32.670099] The buggy address belongs to the physical page: [ 32.670288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.670908] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.671084] page_type: f5(slab) [ 32.671208] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.671370] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.671533] page dumped because: kasan: bad access detected [ 32.672213] [ 32.672285] Memory state around the buggy address: [ 32.672919] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.673286] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.673423] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.673535] ^ [ 32.674089] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.674282] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.674414] ================================================================== [ 32.637278] ================================================================== [ 32.637416] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.637577] Read of size 121 at addr fff00000c78a6100 by task kunit_try_catch/287 [ 32.637786] [ 32.637913] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.638160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.638246] Hardware name: linux,dummy-virt (DT) [ 32.638346] Call trace: [ 32.638430] show_stack+0x20/0x38 (C) [ 32.638633] dump_stack_lvl+0x8c/0xd0 [ 32.638809] print_report+0x118/0x608 [ 32.638993] kasan_report+0xdc/0x128 [ 32.639139] kasan_check_range+0x100/0x1a8 [ 32.639323] __kasan_check_read+0x20/0x30 [ 32.639515] copy_user_test_oob+0x3c8/0xec8 [ 32.639703] kunit_try_run_case+0x170/0x3f0 [ 32.639873] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.640075] kthread+0x328/0x630 [ 32.640271] ret_from_fork+0x10/0x20 [ 32.640474] [ 32.640541] Allocated by task 287: [ 32.640628] kasan_save_stack+0x3c/0x68 [ 32.640754] kasan_save_track+0x20/0x40 [ 32.640872] kasan_save_alloc_info+0x40/0x58 [ 32.640996] __kasan_kmalloc+0xd4/0xd8 [ 32.641110] __kmalloc_noprof+0x190/0x4d0 [ 32.641227] kunit_kmalloc_array+0x34/0x88 [ 32.641361] copy_user_test_oob+0xac/0xec8 [ 32.641548] kunit_try_run_case+0x170/0x3f0 [ 32.641938] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.642104] kthread+0x328/0x630 [ 32.642208] ret_from_fork+0x10/0x20 [ 32.642300] [ 32.642350] The buggy address belongs to the object at fff00000c78a6100 [ 32.642350] which belongs to the cache kmalloc-128 of size 128 [ 32.642569] The buggy address is located 0 bytes inside of [ 32.642569] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.642804] [ 32.642908] The buggy address belongs to the physical page: [ 32.643012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.643172] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.643328] page_type: f5(slab) [ 32.643486] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.643664] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.643839] page dumped because: kasan: bad access detected [ 32.643983] [ 32.644048] Memory state around the buggy address: [ 32.644176] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.644351] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.644546] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.644700] ^ [ 32.644964] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645111] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645218] ================================================================== [ 32.574756] ================================================================== [ 32.575348] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.575821] Write of size 121 at addr fff00000c78a6100 by task kunit_try_catch/287 [ 32.576503] [ 32.576693] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.576965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.577055] Hardware name: linux,dummy-virt (DT) [ 32.577237] Call trace: [ 32.577314] show_stack+0x20/0x38 (C) [ 32.577950] dump_stack_lvl+0x8c/0xd0 [ 32.578106] print_report+0x118/0x608 [ 32.578813] kasan_report+0xdc/0x128 [ 32.579356] kasan_check_range+0x100/0x1a8 [ 32.579593] __kasan_check_write+0x20/0x30 [ 32.579832] copy_user_test_oob+0x234/0xec8 [ 32.580048] kunit_try_run_case+0x170/0x3f0 [ 32.580376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.580583] kthread+0x328/0x630 [ 32.580729] ret_from_fork+0x10/0x20 [ 32.581606] [ 32.581703] Allocated by task 287: [ 32.581874] kasan_save_stack+0x3c/0x68 [ 32.582265] kasan_save_track+0x20/0x40 [ 32.582385] kasan_save_alloc_info+0x40/0x58 [ 32.582529] __kasan_kmalloc+0xd4/0xd8 [ 32.583597] __kmalloc_noprof+0x190/0x4d0 [ 32.583777] kunit_kmalloc_array+0x34/0x88 [ 32.583896] copy_user_test_oob+0xac/0xec8 [ 32.584003] kunit_try_run_case+0x170/0x3f0 [ 32.584100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.584613] kthread+0x328/0x630 [ 32.584743] ret_from_fork+0x10/0x20 [ 32.584852] [ 32.585063] The buggy address belongs to the object at fff00000c78a6100 [ 32.585063] which belongs to the cache kmalloc-128 of size 128 [ 32.585436] The buggy address is located 0 bytes inside of [ 32.585436] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.586145] [ 32.586230] The buggy address belongs to the physical page: [ 32.586387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.586585] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.586746] page_type: f5(slab) [ 32.587354] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.587566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.587706] page dumped because: kasan: bad access detected [ 32.587822] [ 32.587888] Memory state around the buggy address: [ 32.588480] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.588649] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.589140] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.589290] ^ [ 32.589432] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.590565] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.590728] ================================================================== [ 32.646692] ================================================================== [ 32.646899] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.647096] Write of size 121 at addr fff00000c78a6100 by task kunit_try_catch/287 [ 32.647308] [ 32.647501] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.648110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.648333] Hardware name: linux,dummy-virt (DT) [ 32.648520] Call trace: [ 32.648622] show_stack+0x20/0x38 (C) [ 32.649014] dump_stack_lvl+0x8c/0xd0 [ 32.649167] print_report+0x118/0x608 [ 32.649309] kasan_report+0xdc/0x128 [ 32.649464] kasan_check_range+0x100/0x1a8 [ 32.649608] __kasan_check_write+0x20/0x30 [ 32.650337] copy_user_test_oob+0x434/0xec8 [ 32.650591] kunit_try_run_case+0x170/0x3f0 [ 32.650825] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.651025] kthread+0x328/0x630 [ 32.651137] ret_from_fork+0x10/0x20 [ 32.651247] [ 32.651736] Allocated by task 287: [ 32.651854] kasan_save_stack+0x3c/0x68 [ 32.652056] kasan_save_track+0x20/0x40 [ 32.652583] kasan_save_alloc_info+0x40/0x58 [ 32.652732] __kasan_kmalloc+0xd4/0xd8 [ 32.652934] __kmalloc_noprof+0x190/0x4d0 [ 32.653118] kunit_kmalloc_array+0x34/0x88 [ 32.653237] copy_user_test_oob+0xac/0xec8 [ 32.653817] kunit_try_run_case+0x170/0x3f0 [ 32.653986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.654131] kthread+0x328/0x630 [ 32.654250] ret_from_fork+0x10/0x20 [ 32.654373] [ 32.654435] The buggy address belongs to the object at fff00000c78a6100 [ 32.654435] which belongs to the cache kmalloc-128 of size 128 [ 32.654684] The buggy address is located 0 bytes inside of [ 32.654684] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.655066] [ 32.655194] The buggy address belongs to the physical page: [ 32.655350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.655658] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.655815] page_type: f5(slab) [ 32.655968] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.656119] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.656307] page dumped because: kasan: bad access detected [ 32.656404] [ 32.656477] Memory state around the buggy address: [ 32.656611] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.656839] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.657005] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.657150] ^ [ 32.657322] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.657469] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.657647] ==================================================================
[ 16.487095] ================================================================== [ 16.487519] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.487748] Read of size 121 at addr ffff888102a4e100 by task kunit_try_catch/304 [ 16.488205] [ 16.488407] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.488454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.488479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.488502] Call Trace: [ 16.488516] <TASK> [ 16.488532] dump_stack_lvl+0x73/0xb0 [ 16.488560] print_report+0xd1/0x650 [ 16.488583] ? __virt_addr_valid+0x1db/0x2d0 [ 16.488606] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.488627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.488650] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.488672] kasan_report+0x141/0x180 [ 16.488696] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.488722] kasan_check_range+0x10c/0x1c0 [ 16.488743] __kasan_check_read+0x15/0x20 [ 16.488764] copy_user_test_oob+0x4aa/0x10f0 [ 16.488788] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.488851] ? finish_task_switch.isra.0+0x153/0x700 [ 16.488901] ? __switch_to+0x5d9/0xf60 [ 16.488946] ? dequeue_task_fair+0x166/0x4e0 [ 16.489018] ? __schedule+0x10cc/0x2b30 [ 16.489087] ? __pfx_read_tsc+0x10/0x10 [ 16.489109] ? ktime_get_ts64+0x86/0x230 [ 16.489136] kunit_try_run_case+0x1a5/0x480 [ 16.489161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.489214] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.489239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.489263] ? __kthread_parkme+0x82/0x180 [ 16.489286] ? preempt_count_sub+0x50/0x80 [ 16.489321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.489346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.489370] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.489394] kthread+0x337/0x6f0 [ 16.489412] ? trace_preempt_on+0x20/0xc0 [ 16.489437] ? __pfx_kthread+0x10/0x10 [ 16.489457] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.489478] ? calculate_sigpending+0x7b/0xa0 [ 16.489500] ? __pfx_kthread+0x10/0x10 [ 16.489520] ret_from_fork+0x41/0x80 [ 16.489541] ? __pfx_kthread+0x10/0x10 [ 16.489560] ret_from_fork_asm+0x1a/0x30 [ 16.489593] </TASK> [ 16.489605] [ 16.497975] Allocated by task 304: [ 16.498111] kasan_save_stack+0x45/0x70 [ 16.498257] kasan_save_track+0x18/0x40 [ 16.498424] kasan_save_alloc_info+0x3b/0x50 [ 16.498593] __kasan_kmalloc+0xb7/0xc0 [ 16.498734] __kmalloc_noprof+0x1c9/0x500 [ 16.498879] kunit_kmalloc_array+0x25/0x60 [ 16.499089] copy_user_test_oob+0xab/0x10f0 [ 16.499301] kunit_try_run_case+0x1a5/0x480 [ 16.499652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.499921] kthread+0x337/0x6f0 [ 16.500096] ret_from_fork+0x41/0x80 [ 16.500266] ret_from_fork_asm+0x1a/0x30 [ 16.500510] [ 16.500622] The buggy address belongs to the object at ffff888102a4e100 [ 16.500622] which belongs to the cache kmalloc-128 of size 128 [ 16.501255] The buggy address is located 0 bytes inside of [ 16.501255] allocated 120-byte region [ffff888102a4e100, ffff888102a4e178) [ 16.501635] [ 16.501712] The buggy address belongs to the physical page: [ 16.501886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4e [ 16.502129] flags: 0x200000000000000(node=0|zone=2) [ 16.502295] page_type: f5(slab) [ 16.502474] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.502937] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.503579] page dumped because: kasan: bad access detected [ 16.503890] [ 16.503992] Memory state around the buggy address: [ 16.504219] ffff888102a4e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.504771] ffff888102a4e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.505111] >ffff888102a4e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.505428] ^ [ 16.505760] ffff888102a4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.506097] ffff888102a4e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.506362] ================================================================== [ 16.467758] ================================================================== [ 16.468144] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.468475] Write of size 121 at addr ffff888102a4e100 by task kunit_try_catch/304 [ 16.468810] [ 16.468931] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.468981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.468995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.469035] Call Trace: [ 16.469049] <TASK> [ 16.469066] dump_stack_lvl+0x73/0xb0 [ 16.469113] print_report+0xd1/0x650 [ 16.469137] ? __virt_addr_valid+0x1db/0x2d0 [ 16.469159] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.469180] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.469204] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.469226] kasan_report+0x141/0x180 [ 16.469250] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.469276] kasan_check_range+0x10c/0x1c0 [ 16.469299] __kasan_check_write+0x18/0x20 [ 16.469329] copy_user_test_oob+0x3fd/0x10f0 [ 16.469352] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.469373] ? finish_task_switch.isra.0+0x153/0x700 [ 16.469397] ? __switch_to+0x5d9/0xf60 [ 16.469418] ? dequeue_task_fair+0x166/0x4e0 [ 16.469444] ? __schedule+0x10cc/0x2b30 [ 16.469476] ? __pfx_read_tsc+0x10/0x10 [ 16.469496] ? ktime_get_ts64+0x86/0x230 [ 16.469523] kunit_try_run_case+0x1a5/0x480 [ 16.469548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.469572] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.469597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.469623] ? __kthread_parkme+0x82/0x180 [ 16.469646] ? preempt_count_sub+0x50/0x80 [ 16.469671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.469696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.469719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.469744] kthread+0x337/0x6f0 [ 16.469762] ? trace_preempt_on+0x20/0xc0 [ 16.469787] ? __pfx_kthread+0x10/0x10 [ 16.469807] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.469830] ? calculate_sigpending+0x7b/0xa0 [ 16.469852] ? __pfx_kthread+0x10/0x10 [ 16.469872] ret_from_fork+0x41/0x80 [ 16.469894] ? __pfx_kthread+0x10/0x10 [ 16.469913] ret_from_fork_asm+0x1a/0x30 [ 16.469944] </TASK> [ 16.469956] [ 16.477577] Allocated by task 304: [ 16.477862] kasan_save_stack+0x45/0x70 [ 16.478104] kasan_save_track+0x18/0x40 [ 16.478314] kasan_save_alloc_info+0x3b/0x50 [ 16.478634] __kasan_kmalloc+0xb7/0xc0 [ 16.478855] __kmalloc_noprof+0x1c9/0x500 [ 16.479033] kunit_kmalloc_array+0x25/0x60 [ 16.479207] copy_user_test_oob+0xab/0x10f0 [ 16.479462] kunit_try_run_case+0x1a5/0x480 [ 16.479700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.479964] kthread+0x337/0x6f0 [ 16.480146] ret_from_fork+0x41/0x80 [ 16.480324] ret_from_fork_asm+0x1a/0x30 [ 16.480531] [ 16.480633] The buggy address belongs to the object at ffff888102a4e100 [ 16.480633] which belongs to the cache kmalloc-128 of size 128 [ 16.481191] The buggy address is located 0 bytes inside of [ 16.481191] allocated 120-byte region [ffff888102a4e100, ffff888102a4e178) [ 16.481798] [ 16.481899] The buggy address belongs to the physical page: [ 16.482160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4e [ 16.482552] flags: 0x200000000000000(node=0|zone=2) [ 16.482809] page_type: f5(slab) [ 16.483000] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.483388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.483766] page dumped because: kasan: bad access detected [ 16.484043] [ 16.484127] Memory state around the buggy address: [ 16.484370] ffff888102a4e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.484755] ffff888102a4e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.485114] >ffff888102a4e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.485436] ^ [ 16.485756] ffff888102a4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.486077] ffff888102a4e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.486430] ================================================================== [ 16.507138] ================================================================== [ 16.507464] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.507795] Write of size 121 at addr ffff888102a4e100 by task kunit_try_catch/304 [ 16.508167] [ 16.508279] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.508336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.508350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.508371] Call Trace: [ 16.508389] <TASK> [ 16.508406] dump_stack_lvl+0x73/0xb0 [ 16.508435] print_report+0xd1/0x650 [ 16.508458] ? __virt_addr_valid+0x1db/0x2d0 [ 16.508481] ? copy_user_test_oob+0x557/0x10f0 [ 16.508537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.508563] ? copy_user_test_oob+0x557/0x10f0 [ 16.508584] kasan_report+0x141/0x180 [ 16.508608] ? copy_user_test_oob+0x557/0x10f0 [ 16.508662] kasan_check_range+0x10c/0x1c0 [ 16.508707] __kasan_check_write+0x18/0x20 [ 16.508728] copy_user_test_oob+0x557/0x10f0 [ 16.508752] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.508772] ? finish_task_switch.isra.0+0x153/0x700 [ 16.508797] ? __switch_to+0x5d9/0xf60 [ 16.508818] ? dequeue_task_fair+0x166/0x4e0 [ 16.508843] ? __schedule+0x10cc/0x2b30 [ 16.508867] ? __pfx_read_tsc+0x10/0x10 [ 16.508888] ? ktime_get_ts64+0x86/0x230 [ 16.508915] kunit_try_run_case+0x1a5/0x480 [ 16.508939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.508962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.508987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.509011] ? __kthread_parkme+0x82/0x180 [ 16.509034] ? preempt_count_sub+0x50/0x80 [ 16.509059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.509084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.509108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.509132] kthread+0x337/0x6f0 [ 16.509150] ? trace_preempt_on+0x20/0xc0 [ 16.509206] ? __pfx_kthread+0x10/0x10 [ 16.509226] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.509249] ? calculate_sigpending+0x7b/0xa0 [ 16.509295] ? __pfx_kthread+0x10/0x10 [ 16.509323] ret_from_fork+0x41/0x80 [ 16.509346] ? __pfx_kthread+0x10/0x10 [ 16.509365] ret_from_fork_asm+0x1a/0x30 [ 16.509397] </TASK> [ 16.509409] [ 16.517672] Allocated by task 304: [ 16.517862] kasan_save_stack+0x45/0x70 [ 16.518219] kasan_save_track+0x18/0x40 [ 16.518430] kasan_save_alloc_info+0x3b/0x50 [ 16.518638] __kasan_kmalloc+0xb7/0xc0 [ 16.518835] __kmalloc_noprof+0x1c9/0x500 [ 16.519003] kunit_kmalloc_array+0x25/0x60 [ 16.519293] copy_user_test_oob+0xab/0x10f0 [ 16.519520] kunit_try_run_case+0x1a5/0x480 [ 16.519814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.520083] kthread+0x337/0x6f0 [ 16.520205] ret_from_fork+0x41/0x80 [ 16.520361] ret_from_fork_asm+0x1a/0x30 [ 16.520559] [ 16.520657] The buggy address belongs to the object at ffff888102a4e100 [ 16.520657] which belongs to the cache kmalloc-128 of size 128 [ 16.521332] The buggy address is located 0 bytes inside of [ 16.521332] allocated 120-byte region [ffff888102a4e100, ffff888102a4e178) [ 16.521967] [ 16.522067] The buggy address belongs to the physical page: [ 16.522457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4e [ 16.523082] flags: 0x200000000000000(node=0|zone=2) [ 16.523349] page_type: f5(slab) [ 16.523689] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.524057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.524412] page dumped because: kasan: bad access detected [ 16.524641] [ 16.524727] Memory state around the buggy address: [ 16.524957] ffff888102a4e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.525207] ffff888102a4e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.525527] >ffff888102a4e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.525742] ^ [ 16.526166] ffff888102a4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.526557] ffff888102a4e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.526797] ================================================================== [ 16.527478] ================================================================== [ 16.527952] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.528322] Read of size 121 at addr ffff888102a4e100 by task kunit_try_catch/304 [ 16.528773] [ 16.528905] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.528953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.528968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.528991] Call Trace: [ 16.529039] <TASK> [ 16.529057] dump_stack_lvl+0x73/0xb0 [ 16.529085] print_report+0xd1/0x650 [ 16.529110] ? __virt_addr_valid+0x1db/0x2d0 [ 16.529132] ? copy_user_test_oob+0x604/0x10f0 [ 16.529184] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.529208] ? copy_user_test_oob+0x604/0x10f0 [ 16.529229] kasan_report+0x141/0x180 [ 16.529253] ? copy_user_test_oob+0x604/0x10f0 [ 16.529279] kasan_check_range+0x10c/0x1c0 [ 16.529343] __kasan_check_read+0x15/0x20 [ 16.529364] copy_user_test_oob+0x604/0x10f0 [ 16.529388] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.529408] ? finish_task_switch.isra.0+0x153/0x700 [ 16.529432] ? __switch_to+0x5d9/0xf60 [ 16.529463] ? dequeue_task_fair+0x166/0x4e0 [ 16.529520] ? __schedule+0x10cc/0x2b30 [ 16.529544] ? __pfx_read_tsc+0x10/0x10 [ 16.529566] ? ktime_get_ts64+0x86/0x230 [ 16.529593] kunit_try_run_case+0x1a5/0x480 [ 16.529618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.529672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.529697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.529721] ? __kthread_parkme+0x82/0x180 [ 16.529744] ? preempt_count_sub+0x50/0x80 [ 16.529770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.529795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.529818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.529843] kthread+0x337/0x6f0 [ 16.529860] ? trace_preempt_on+0x20/0xc0 [ 16.529885] ? __pfx_kthread+0x10/0x10 [ 16.529904] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.529925] ? calculate_sigpending+0x7b/0xa0 [ 16.530000] ? __pfx_kthread+0x10/0x10 [ 16.530044] ret_from_fork+0x41/0x80 [ 16.530089] ? __pfx_kthread+0x10/0x10 [ 16.530108] ret_from_fork_asm+0x1a/0x30 [ 16.530164] </TASK> [ 16.530194] [ 16.538566] Allocated by task 304: [ 16.538770] kasan_save_stack+0x45/0x70 [ 16.538965] kasan_save_track+0x18/0x40 [ 16.539170] kasan_save_alloc_info+0x3b/0x50 [ 16.539420] __kasan_kmalloc+0xb7/0xc0 [ 16.539607] __kmalloc_noprof+0x1c9/0x500 [ 16.539839] kunit_kmalloc_array+0x25/0x60 [ 16.540060] copy_user_test_oob+0xab/0x10f0 [ 16.540282] kunit_try_run_case+0x1a5/0x480 [ 16.540524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.540713] kthread+0x337/0x6f0 [ 16.540853] ret_from_fork+0x41/0x80 [ 16.541029] ret_from_fork_asm+0x1a/0x30 [ 16.541238] [ 16.541352] The buggy address belongs to the object at ffff888102a4e100 [ 16.541352] which belongs to the cache kmalloc-128 of size 128 [ 16.541845] The buggy address is located 0 bytes inside of [ 16.541845] allocated 120-byte region [ffff888102a4e100, ffff888102a4e178) [ 16.542295] [ 16.542433] The buggy address belongs to the physical page: [ 16.542894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4e [ 16.543331] flags: 0x200000000000000(node=0|zone=2) [ 16.543612] page_type: f5(slab) [ 16.543746] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.544086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.544507] page dumped because: kasan: bad access detected [ 16.544768] [ 16.544865] Memory state around the buggy address: [ 16.545127] ffff888102a4e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.545471] ffff888102a4e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.545787] >ffff888102a4e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.546120] ^ [ 16.546469] ffff888102a4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.546836] ffff888102a4e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.547164] ==================================================================