Date
June 2, 2025, 2:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 62.520854] ================================================================== [ 62.533221] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 62.540251] Write of size 121 at addr ffff000801c16100 by task kunit_try_catch/332 [ 62.547799] [ 62.549285] CPU: 4 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 62.549339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.549359] Hardware name: WinLink E850-96 board (DT) [ 62.549381] Call trace: [ 62.549397] show_stack+0x20/0x38 (C) [ 62.549433] dump_stack_lvl+0x8c/0xd0 [ 62.549470] print_report+0x118/0x608 [ 62.549500] kasan_report+0xdc/0x128 [ 62.549529] kasan_check_range+0x100/0x1a8 [ 62.549565] __kasan_check_write+0x20/0x30 [ 62.549598] copy_user_test_oob+0x234/0xec8 [ 62.549626] kunit_try_run_case+0x170/0x3f0 [ 62.549662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.549702] kthread+0x328/0x630 [ 62.549735] ret_from_fork+0x10/0x20 [ 62.549770] [ 62.615508] Allocated by task 332: [ 62.618896] kasan_save_stack+0x3c/0x68 [ 62.622712] kasan_save_track+0x20/0x40 [ 62.626531] kasan_save_alloc_info+0x40/0x58 [ 62.630784] __kasan_kmalloc+0xd4/0xd8 [ 62.634518] __kmalloc_noprof+0x198/0x4c8 [ 62.638511] kunit_kmalloc_array+0x34/0x88 [ 62.642589] copy_user_test_oob+0xac/0xec8 [ 62.646669] kunit_try_run_case+0x170/0x3f0 [ 62.650836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.656304] kthread+0x328/0x630 [ 62.659516] ret_from_fork+0x10/0x20 [ 62.663075] [ 62.664553] The buggy address belongs to the object at ffff000801c16100 [ 62.664553] which belongs to the cache kmalloc-128 of size 128 [ 62.677053] The buggy address is located 0 bytes inside of [ 62.677053] allocated 120-byte region [ffff000801c16100, ffff000801c16178) [ 62.689464] [ 62.690943] The buggy address belongs to the physical page: [ 62.696500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881c16 [ 62.704485] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 62.712121] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 62.719066] page_type: f5(slab) [ 62.722203] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 62.729923] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 62.737647] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 62.745459] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 62.753272] head: 0bfffe0000000001 fffffdffe0070581 00000000ffffffff 00000000ffffffff [ 62.761084] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 62.768889] page dumped because: kasan: bad access detected [ 62.774446] [ 62.775921] Memory state around the buggy address: [ 62.780702] ffff000801c16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.787903] ffff000801c16080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.795109] >ffff000801c16100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 62.802309] ^ [ 62.809431] ffff000801c16180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.816637] ffff000801c16200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.823838] ================================================================== [ 63.746113] ================================================================== [ 63.752993] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 63.760021] Write of size 121 at addr ffff000801c16100 by task kunit_try_catch/332 [ 63.767573] [ 63.769058] CPU: 4 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 63.769109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.769128] Hardware name: WinLink E850-96 board (DT) [ 63.769149] Call trace: [ 63.769162] show_stack+0x20/0x38 (C) [ 63.769195] dump_stack_lvl+0x8c/0xd0 [ 63.769229] print_report+0x118/0x608 [ 63.769259] kasan_report+0xdc/0x128 [ 63.769288] kasan_check_range+0x100/0x1a8 [ 63.769321] __kasan_check_write+0x20/0x30 [ 63.769355] copy_user_test_oob+0x434/0xec8 [ 63.769383] kunit_try_run_case+0x170/0x3f0 [ 63.769417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.769455] kthread+0x328/0x630 [ 63.769489] ret_from_fork+0x10/0x20 [ 63.769523] [ 63.835281] Allocated by task 332: [ 63.838667] kasan_save_stack+0x3c/0x68 [ 63.842485] kasan_save_track+0x20/0x40 [ 63.846304] kasan_save_alloc_info+0x40/0x58 [ 63.850557] __kasan_kmalloc+0xd4/0xd8 [ 63.854290] __kmalloc_noprof+0x198/0x4c8 [ 63.858283] kunit_kmalloc_array+0x34/0x88 [ 63.862363] copy_user_test_oob+0xac/0xec8 [ 63.866443] kunit_try_run_case+0x170/0x3f0 [ 63.870609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.876078] kthread+0x328/0x630 [ 63.879290] ret_from_fork+0x10/0x20 [ 63.882849] [ 63.884326] The buggy address belongs to the object at ffff000801c16100 [ 63.884326] which belongs to the cache kmalloc-128 of size 128 [ 63.896826] The buggy address is located 0 bytes inside of [ 63.896826] allocated 120-byte region [ffff000801c16100, ffff000801c16178) [ 63.909237] [ 63.910714] The buggy address belongs to the physical page: [ 63.916272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881c16 [ 63.924257] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.931895] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.938839] page_type: f5(slab) [ 63.941974] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.949695] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.957421] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.965233] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.973045] head: 0bfffe0000000001 fffffdffe0070581 00000000ffffffff 00000000ffffffff [ 63.980857] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 63.988663] page dumped because: kasan: bad access detected [ 63.994218] [ 63.995694] Memory state around the buggy address: [ 64.000473] ffff000801c16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.007677] ffff000801c16080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.014881] >ffff000801c16100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.022082] ^ [ 64.029204] ffff000801c16180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.036410] ffff000801c16200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.043610] ================================================================== [ 62.831312] ================================================================== [ 62.838254] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 62.845278] Read of size 121 at addr ffff000801c16100 by task kunit_try_catch/332 [ 62.852742] [ 62.854229] CPU: 4 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 62.854282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.854299] Hardware name: WinLink E850-96 board (DT) [ 62.854321] Call trace: [ 62.854334] show_stack+0x20/0x38 (C) [ 62.854371] dump_stack_lvl+0x8c/0xd0 [ 62.854408] print_report+0x118/0x608 [ 62.854439] kasan_report+0xdc/0x128 [ 62.854467] kasan_check_range+0x100/0x1a8 [ 62.854500] __kasan_check_read+0x20/0x30 [ 62.854533] copy_user_test_oob+0x728/0xec8 [ 62.854562] kunit_try_run_case+0x170/0x3f0 [ 62.854599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.854639] kthread+0x328/0x630 [ 62.854674] ret_from_fork+0x10/0x20 [ 62.854708] [ 62.920363] Allocated by task 332: [ 62.923751] kasan_save_stack+0x3c/0x68 [ 62.927568] kasan_save_track+0x20/0x40 [ 62.931387] kasan_save_alloc_info+0x40/0x58 [ 62.935641] __kasan_kmalloc+0xd4/0xd8 [ 62.939375] __kmalloc_noprof+0x198/0x4c8 [ 62.943366] kunit_kmalloc_array+0x34/0x88 [ 62.947446] copy_user_test_oob+0xac/0xec8 [ 62.951526] kunit_try_run_case+0x170/0x3f0 [ 62.955692] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.961161] kthread+0x328/0x630 [ 62.964373] ret_from_fork+0x10/0x20 [ 62.967932] [ 62.969409] The buggy address belongs to the object at ffff000801c16100 [ 62.969409] which belongs to the cache kmalloc-128 of size 128 [ 62.981909] The buggy address is located 0 bytes inside of [ 62.981909] allocated 120-byte region [ffff000801c16100, ffff000801c16178) [ 62.994320] [ 62.995799] The buggy address belongs to the physical page: [ 63.001355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881c16 [ 63.009341] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.016979] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.023923] page_type: f5(slab) [ 63.027057] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.034777] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.042504] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.050316] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.058128] head: 0bfffe0000000001 fffffdffe0070581 00000000ffffffff 00000000ffffffff [ 63.065940] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 63.073746] page dumped because: kasan: bad access detected [ 63.079301] [ 63.080777] Memory state around the buggy address: [ 63.085558] ffff000801c16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.092760] ffff000801c16080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.099965] >ffff000801c16100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 63.107166] ^ [ 63.114287] ffff000801c16180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.121493] ffff000801c16200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.128693] ================================================================== [ 63.441045] ================================================================== [ 63.448140] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 63.455164] Read of size 121 at addr ffff000801c16100 by task kunit_try_catch/332 [ 63.462629] [ 63.464115] CPU: 4 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 63.464172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.464189] Hardware name: WinLink E850-96 board (DT) [ 63.464211] Call trace: [ 63.464225] show_stack+0x20/0x38 (C) [ 63.464259] dump_stack_lvl+0x8c/0xd0 [ 63.464297] print_report+0x118/0x608 [ 63.464328] kasan_report+0xdc/0x128 [ 63.464358] kasan_check_range+0x100/0x1a8 [ 63.464390] __kasan_check_read+0x20/0x30 [ 63.464422] copy_user_test_oob+0x3c8/0xec8 [ 63.464450] kunit_try_run_case+0x170/0x3f0 [ 63.464487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.464525] kthread+0x328/0x630 [ 63.464558] ret_from_fork+0x10/0x20 [ 63.464593] [ 63.530250] Allocated by task 332: [ 63.533637] kasan_save_stack+0x3c/0x68 [ 63.537456] kasan_save_track+0x20/0x40 [ 63.541274] kasan_save_alloc_info+0x40/0x58 [ 63.545527] __kasan_kmalloc+0xd4/0xd8 [ 63.549260] __kmalloc_noprof+0x198/0x4c8 [ 63.553254] kunit_kmalloc_array+0x34/0x88 [ 63.557333] copy_user_test_oob+0xac/0xec8 [ 63.561413] kunit_try_run_case+0x170/0x3f0 [ 63.565579] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.571048] kthread+0x328/0x630 [ 63.574260] ret_from_fork+0x10/0x20 [ 63.577819] [ 63.579296] The buggy address belongs to the object at ffff000801c16100 [ 63.579296] which belongs to the cache kmalloc-128 of size 128 [ 63.591796] The buggy address is located 0 bytes inside of [ 63.591796] allocated 120-byte region [ffff000801c16100, ffff000801c16178) [ 63.604207] [ 63.605684] The buggy address belongs to the physical page: [ 63.611241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881c16 [ 63.619227] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.626866] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.633809] page_type: f5(slab) [ 63.636941] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.644664] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.652391] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.660202] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.668015] head: 0bfffe0000000001 fffffdffe0070581 00000000ffffffff 00000000ffffffff [ 63.675827] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 63.683633] page dumped because: kasan: bad access detected [ 63.689188] [ 63.690664] Memory state around the buggy address: [ 63.695444] ffff000801c16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.702647] ffff000801c16080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.709851] >ffff000801c16100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 63.717052] ^ [ 63.724174] ffff000801c16180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.731380] ffff000801c16200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.738579] ================================================================== [ 64.051033] ================================================================== [ 64.058023] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 64.065051] Read of size 121 at addr ffff000801c16100 by task kunit_try_catch/332 [ 64.072516] [ 64.073998] CPU: 4 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 64.074048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.074065] Hardware name: WinLink E850-96 board (DT) [ 64.074085] Call trace: [ 64.074096] show_stack+0x20/0x38 (C) [ 64.074126] dump_stack_lvl+0x8c/0xd0 [ 64.074158] print_report+0x118/0x608 [ 64.074189] kasan_report+0xdc/0x128 [ 64.074217] kasan_check_range+0x100/0x1a8 [ 64.074250] __kasan_check_read+0x20/0x30 [ 64.074284] copy_user_test_oob+0x4a0/0xec8 [ 64.074311] kunit_try_run_case+0x170/0x3f0 [ 64.074346] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.074385] kthread+0x328/0x630 [ 64.074417] ret_from_fork+0x10/0x20 [ 64.074451] [ 64.140136] Allocated by task 332: [ 64.143524] kasan_save_stack+0x3c/0x68 [ 64.147341] kasan_save_track+0x20/0x40 [ 64.151161] kasan_save_alloc_info+0x40/0x58 [ 64.155414] __kasan_kmalloc+0xd4/0xd8 [ 64.159146] __kmalloc_noprof+0x198/0x4c8 [ 64.163140] kunit_kmalloc_array+0x34/0x88 [ 64.167219] copy_user_test_oob+0xac/0xec8 [ 64.171299] kunit_try_run_case+0x170/0x3f0 [ 64.175465] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.180934] kthread+0x328/0x630 [ 64.184146] ret_from_fork+0x10/0x20 [ 64.187705] [ 64.189182] The buggy address belongs to the object at ffff000801c16100 [ 64.189182] which belongs to the cache kmalloc-128 of size 128 [ 64.201683] The buggy address is located 0 bytes inside of [ 64.201683] allocated 120-byte region [ffff000801c16100, ffff000801c16178) [ 64.214093] [ 64.215571] The buggy address belongs to the physical page: [ 64.221129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881c16 [ 64.229113] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.236752] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.243696] page_type: f5(slab) [ 64.246830] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.254551] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.262278] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.270089] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.277902] head: 0bfffe0000000001 fffffdffe0070581 00000000ffffffff 00000000ffffffff [ 64.285714] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.293519] page dumped because: kasan: bad access detected [ 64.299075] [ 64.300551] Memory state around the buggy address: [ 64.305330] ffff000801c16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.312533] ffff000801c16080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.319738] >ffff000801c16100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.326939] ^ [ 64.334061] ffff000801c16180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.341267] ffff000801c16200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.348467] ================================================================== [ 63.136241] ================================================================== [ 63.143108] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 63.150134] Write of size 121 at addr ffff000801c16100 by task kunit_try_catch/332 [ 63.157686] [ 63.159171] CPU: 4 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 63.159226] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.159243] Hardware name: WinLink E850-96 board (DT) [ 63.159265] Call trace: [ 63.159279] show_stack+0x20/0x38 (C) [ 63.159314] dump_stack_lvl+0x8c/0xd0 [ 63.159350] print_report+0x118/0x608 [ 63.159380] kasan_report+0xdc/0x128 [ 63.159409] kasan_check_range+0x100/0x1a8 [ 63.159442] __kasan_check_write+0x20/0x30 [ 63.159475] copy_user_test_oob+0x35c/0xec8 [ 63.159504] kunit_try_run_case+0x170/0x3f0 [ 63.159540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.159577] kthread+0x328/0x630 [ 63.159609] ret_from_fork+0x10/0x20 [ 63.159645] [ 63.225393] Allocated by task 332: [ 63.228780] kasan_save_stack+0x3c/0x68 [ 63.232598] kasan_save_track+0x20/0x40 [ 63.236417] kasan_save_alloc_info+0x40/0x58 [ 63.240671] __kasan_kmalloc+0xd4/0xd8 [ 63.244403] __kmalloc_noprof+0x198/0x4c8 [ 63.248396] kunit_kmalloc_array+0x34/0x88 [ 63.252477] copy_user_test_oob+0xac/0xec8 [ 63.256556] kunit_try_run_case+0x170/0x3f0 [ 63.260723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.266191] kthread+0x328/0x630 [ 63.269403] ret_from_fork+0x10/0x20 [ 63.272962] [ 63.274439] The buggy address belongs to the object at ffff000801c16100 [ 63.274439] which belongs to the cache kmalloc-128 of size 128 [ 63.286938] The buggy address is located 0 bytes inside of [ 63.286938] allocated 120-byte region [ffff000801c16100, ffff000801c16178) [ 63.299350] [ 63.300829] The buggy address belongs to the physical page: [ 63.306385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881c16 [ 63.314371] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.322008] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.328952] page_type: f5(slab) [ 63.332087] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.339808] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.347534] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.355345] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.363158] head: 0bfffe0000000001 fffffdffe0070581 00000000ffffffff 00000000ffffffff [ 63.370970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 63.378776] page dumped because: kasan: bad access detected [ 63.384331] [ 63.385807] Memory state around the buggy address: [ 63.390587] ffff000801c16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.397790] ffff000801c16080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.404995] >ffff000801c16100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 63.412196] ^ [ 63.419317] ffff000801c16180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.426523] ffff000801c16200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.433724] ==================================================================
[ 21.408731] ================================================================== [ 21.408821] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.408882] Read of size 121 at addr fff00000c3f9e800 by task kunit_try_catch/288 [ 21.409201] [ 21.409382] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B W N 6.15.1-rc1 #1 PREEMPT [ 21.409487] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.409665] Hardware name: linux,dummy-virt (DT) [ 21.409950] Call trace: [ 21.409989] show_stack+0x20/0x38 (C) [ 21.410066] dump_stack_lvl+0x8c/0xd0 [ 21.410377] print_report+0x118/0x608 [ 21.410501] kasan_report+0xdc/0x128 [ 21.410659] kasan_check_range+0x100/0x1a8 [ 21.410906] __kasan_check_read+0x20/0x30 [ 21.411083] copy_user_test_oob+0x728/0xec8 [ 21.411251] kunit_try_run_case+0x170/0x3f0 [ 21.411542] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.411724] kthread+0x328/0x630 [ 21.412034] ret_from_fork+0x10/0x20 [ 21.412282] [ 21.412505] Allocated by task 288: [ 21.412653] kasan_save_stack+0x3c/0x68 [ 21.412829] kasan_save_track+0x20/0x40 [ 21.413083] kasan_save_alloc_info+0x40/0x58 [ 21.413318] __kasan_kmalloc+0xd4/0xd8 [ 21.413442] __kmalloc_noprof+0x198/0x4c8 [ 21.413483] kunit_kmalloc_array+0x34/0x88 [ 21.413803] copy_user_test_oob+0xac/0xec8 [ 21.414001] kunit_try_run_case+0x170/0x3f0 [ 21.414167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.414230] kthread+0x328/0x630 [ 21.414277] ret_from_fork+0x10/0x20 [ 21.414641] [ 21.414865] The buggy address belongs to the object at fff00000c3f9e800 [ 21.414865] which belongs to the cache kmalloc-128 of size 128 [ 21.415143] The buggy address is located 0 bytes inside of [ 21.415143] allocated 120-byte region [fff00000c3f9e800, fff00000c3f9e878) [ 21.415286] [ 21.415310] The buggy address belongs to the physical page: [ 21.415520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f9e [ 21.415666] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.415864] page_type: f5(slab) [ 21.415912] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.416153] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.416300] page dumped because: kasan: bad access detected [ 21.416397] [ 21.416429] Memory state around the buggy address: [ 21.416467] fff00000c3f9e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.416699] fff00000c3f9e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.416902] >fff00000c3f9e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.417067] ^ [ 21.417216] fff00000c3f9e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.417308] fff00000c3f9e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.417491] ================================================================== [ 21.392854] ================================================================== [ 21.393278] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.393488] Write of size 121 at addr fff00000c3f9e800 by task kunit_try_catch/288 [ 21.393691] [ 21.393831] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B W N 6.15.1-rc1 #1 PREEMPT [ 21.394156] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.394310] Hardware name: linux,dummy-virt (DT) [ 21.394435] Call trace: [ 21.394627] show_stack+0x20/0x38 (C) [ 21.394836] dump_stack_lvl+0x8c/0xd0 [ 21.395105] print_report+0x118/0x608 [ 21.395365] kasan_report+0xdc/0x128 [ 21.395531] kasan_check_range+0x100/0x1a8 [ 21.395665] __kasan_check_write+0x20/0x30 [ 21.395825] copy_user_test_oob+0x234/0xec8 [ 21.396060] kunit_try_run_case+0x170/0x3f0 [ 21.396251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.396414] kthread+0x328/0x630 [ 21.396552] ret_from_fork+0x10/0x20 [ 21.396806] [ 21.396906] Allocated by task 288: [ 21.397071] kasan_save_stack+0x3c/0x68 [ 21.397157] kasan_save_track+0x20/0x40 [ 21.397390] kasan_save_alloc_info+0x40/0x58 [ 21.397517] __kasan_kmalloc+0xd4/0xd8 [ 21.397795] __kmalloc_noprof+0x198/0x4c8 [ 21.398015] kunit_kmalloc_array+0x34/0x88 [ 21.398068] copy_user_test_oob+0xac/0xec8 [ 21.398107] kunit_try_run_case+0x170/0x3f0 [ 21.398150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.398686] kthread+0x328/0x630 [ 21.398894] ret_from_fork+0x10/0x20 [ 21.399130] [ 21.399213] The buggy address belongs to the object at fff00000c3f9e800 [ 21.399213] which belongs to the cache kmalloc-128 of size 128 [ 21.399308] The buggy address is located 0 bytes inside of [ 21.399308] allocated 120-byte region [fff00000c3f9e800, fff00000c3f9e878) [ 21.399498] [ 21.399602] The buggy address belongs to the physical page: [ 21.399759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f9e [ 21.399977] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.400125] page_type: f5(slab) [ 21.400323] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.400535] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.400734] page dumped because: kasan: bad access detected [ 21.400806] [ 21.400827] Memory state around the buggy address: [ 21.401085] fff00000c3f9e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.401147] fff00000c3f9e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.401451] >fff00000c3f9e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.401551] ^ [ 21.401730] fff00000c3f9e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.401942] fff00000c3f9e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.402052] ================================================================== [ 21.442321] ================================================================== [ 21.442390] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.442473] Read of size 121 at addr fff00000c3f9e800 by task kunit_try_catch/288 [ 21.442527] [ 21.442779] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B W N 6.15.1-rc1 #1 PREEMPT [ 21.442882] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.442915] Hardware name: linux,dummy-virt (DT) [ 21.442947] Call trace: [ 21.443105] show_stack+0x20/0x38 (C) [ 21.443172] dump_stack_lvl+0x8c/0xd0 [ 21.443227] print_report+0x118/0x608 [ 21.443321] kasan_report+0xdc/0x128 [ 21.443496] kasan_check_range+0x100/0x1a8 [ 21.443683] __kasan_check_read+0x20/0x30 [ 21.443835] copy_user_test_oob+0x4a0/0xec8 [ 21.443888] kunit_try_run_case+0x170/0x3f0 [ 21.443940] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.444015] kthread+0x328/0x630 [ 21.444223] ret_from_fork+0x10/0x20 [ 21.444376] [ 21.444559] Allocated by task 288: [ 21.444840] kasan_save_stack+0x3c/0x68 [ 21.444963] kasan_save_track+0x20/0x40 [ 21.445050] kasan_save_alloc_info+0x40/0x58 [ 21.445095] __kasan_kmalloc+0xd4/0xd8 [ 21.445213] __kmalloc_noprof+0x198/0x4c8 [ 21.445297] kunit_kmalloc_array+0x34/0x88 [ 21.445371] copy_user_test_oob+0xac/0xec8 [ 21.445416] kunit_try_run_case+0x170/0x3f0 [ 21.445458] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.445518] kthread+0x328/0x630 [ 21.445556] ret_from_fork+0x10/0x20 [ 21.445595] [ 21.445617] The buggy address belongs to the object at fff00000c3f9e800 [ 21.445617] which belongs to the cache kmalloc-128 of size 128 [ 21.445934] The buggy address is located 0 bytes inside of [ 21.445934] allocated 120-byte region [fff00000c3f9e800, fff00000c3f9e878) [ 21.446114] [ 21.446289] The buggy address belongs to the physical page: [ 21.446386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f9e [ 21.446464] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.446522] page_type: f5(slab) [ 21.446736] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.446909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.447095] page dumped because: kasan: bad access detected [ 21.447182] [ 21.447466] Memory state around the buggy address: [ 21.447575] fff00000c3f9e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.447723] fff00000c3f9e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447827] >fff00000c3f9e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.447907] ^ [ 21.447994] fff00000c3f9e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.448039] fff00000c3f9e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.448326] ================================================================== [ 21.430294] ================================================================== [ 21.430363] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.430416] Read of size 121 at addr fff00000c3f9e800 by task kunit_try_catch/288 [ 21.430469] [ 21.430500] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B W N 6.15.1-rc1 #1 PREEMPT [ 21.430587] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.430620] Hardware name: linux,dummy-virt (DT) [ 21.430652] Call trace: [ 21.430677] show_stack+0x20/0x38 (C) [ 21.430726] dump_stack_lvl+0x8c/0xd0 [ 21.430776] print_report+0x118/0x608 [ 21.430825] kasan_report+0xdc/0x128 [ 21.430873] kasan_check_range+0x100/0x1a8 [ 21.430923] __kasan_check_read+0x20/0x30 [ 21.430973] copy_user_test_oob+0x3c8/0xec8 [ 21.431028] kunit_try_run_case+0x170/0x3f0 [ 21.431078] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.431136] kthread+0x328/0x630 [ 21.431184] ret_from_fork+0x10/0x20 [ 21.431235] [ 21.431256] Allocated by task 288: [ 21.431287] kasan_save_stack+0x3c/0x68 [ 21.431328] kasan_save_track+0x20/0x40 [ 21.433690] kasan_save_alloc_info+0x40/0x58 [ 21.433776] __kasan_kmalloc+0xd4/0xd8 [ 21.433817] __kmalloc_noprof+0x198/0x4c8 [ 21.433856] kunit_kmalloc_array+0x34/0x88 [ 21.433899] copy_user_test_oob+0xac/0xec8 [ 21.433938] kunit_try_run_case+0x170/0x3f0 [ 21.433981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.434030] kthread+0x328/0x630 [ 21.434069] ret_from_fork+0x10/0x20 [ 21.434109] [ 21.434134] The buggy address belongs to the object at fff00000c3f9e800 [ 21.434134] which belongs to the cache kmalloc-128 of size 128 [ 21.434192] The buggy address is located 0 bytes inside of [ 21.434192] allocated 120-byte region [fff00000c3f9e800, fff00000c3f9e878) [ 21.434257] [ 21.434281] The buggy address belongs to the physical page: [ 21.434314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f9e [ 21.434378] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.434628] page_type: f5(slab) [ 21.434916] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.435131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.435308] page dumped because: kasan: bad access detected [ 21.435406] [ 21.435438] Memory state around the buggy address: [ 21.435477] fff00000c3f9e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.435524] fff00000c3f9e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.435571] >fff00000c3f9e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.435613] ^ [ 21.435779] fff00000c3f9e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.435834] fff00000c3f9e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.435976] ================================================================== [ 21.436843] ================================================================== [ 21.436893] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.436946] Write of size 121 at addr fff00000c3f9e800 by task kunit_try_catch/288 [ 21.436998] [ 21.437030] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B W N 6.15.1-rc1 #1 PREEMPT [ 21.437135] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.437178] Hardware name: linux,dummy-virt (DT) [ 21.437212] Call trace: [ 21.437236] show_stack+0x20/0x38 (C) [ 21.437285] dump_stack_lvl+0x8c/0xd0 [ 21.437359] print_report+0x118/0x608 [ 21.437408] kasan_report+0xdc/0x128 [ 21.437457] kasan_check_range+0x100/0x1a8 [ 21.437508] __kasan_check_write+0x20/0x30 [ 21.437574] copy_user_test_oob+0x434/0xec8 [ 21.437625] kunit_try_run_case+0x170/0x3f0 [ 21.437676] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.437734] kthread+0x328/0x630 [ 21.437783] ret_from_fork+0x10/0x20 [ 21.437833] [ 21.437855] Allocated by task 288: [ 21.437884] kasan_save_stack+0x3c/0x68 [ 21.437935] kasan_save_track+0x20/0x40 [ 21.437975] kasan_save_alloc_info+0x40/0x58 [ 21.438026] __kasan_kmalloc+0xd4/0xd8 [ 21.438065] __kmalloc_noprof+0x198/0x4c8 [ 21.438105] kunit_kmalloc_array+0x34/0x88 [ 21.438146] copy_user_test_oob+0xac/0xec8 [ 21.438187] kunit_try_run_case+0x170/0x3f0 [ 21.438229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.438289] kthread+0x328/0x630 [ 21.438327] ret_from_fork+0x10/0x20 [ 21.439158] [ 21.439267] The buggy address belongs to the object at fff00000c3f9e800 [ 21.439267] which belongs to the cache kmalloc-128 of size 128 [ 21.439398] The buggy address is located 0 bytes inside of [ 21.439398] allocated 120-byte region [fff00000c3f9e800, fff00000c3f9e878) [ 21.439567] [ 21.439706] The buggy address belongs to the physical page: [ 21.439794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f9e [ 21.439934] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.440034] page_type: f5(slab) [ 21.440138] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.440205] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.440255] page dumped because: kasan: bad access detected [ 21.440290] [ 21.440310] Memory state around the buggy address: [ 21.440355] fff00000c3f9e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.440402] fff00000c3f9e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.440448] >fff00000c3f9e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.440688] ^ [ 21.440879] fff00000c3f9e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.440956] fff00000c3f9e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.440995] ================================================================== [ 21.425040] ================================================================== [ 21.425152] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.425236] Write of size 121 at addr fff00000c3f9e800 by task kunit_try_catch/288 [ 21.425294] [ 21.425536] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B W N 6.15.1-rc1 #1 PREEMPT [ 21.425829] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.425864] Hardware name: linux,dummy-virt (DT) [ 21.425900] Call trace: [ 21.426213] show_stack+0x20/0x38 (C) [ 21.426370] dump_stack_lvl+0x8c/0xd0 [ 21.427404] print_report+0x118/0x608 [ 21.427468] kasan_report+0xdc/0x128 [ 21.427518] kasan_check_range+0x100/0x1a8 [ 21.427567] __kasan_check_write+0x20/0x30 [ 21.427620] copy_user_test_oob+0x35c/0xec8 [ 21.427670] kunit_try_run_case+0x170/0x3f0 [ 21.427720] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.427778] kthread+0x328/0x630 [ 21.427828] ret_from_fork+0x10/0x20 [ 21.427880] [ 21.427900] Allocated by task 288: [ 21.427933] kasan_save_stack+0x3c/0x68 [ 21.427976] kasan_save_track+0x20/0x40 [ 21.428015] kasan_save_alloc_info+0x40/0x58 [ 21.428058] __kasan_kmalloc+0xd4/0xd8 [ 21.428096] __kmalloc_noprof+0x198/0x4c8 [ 21.428137] kunit_kmalloc_array+0x34/0x88 [ 21.428178] copy_user_test_oob+0xac/0xec8 [ 21.428218] kunit_try_run_case+0x170/0x3f0 [ 21.428264] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.428315] kthread+0x328/0x630 [ 21.428363] ret_from_fork+0x10/0x20 [ 21.428403] [ 21.428426] The buggy address belongs to the object at fff00000c3f9e800 [ 21.428426] which belongs to the cache kmalloc-128 of size 128 [ 21.428487] The buggy address is located 0 bytes inside of [ 21.428487] allocated 120-byte region [fff00000c3f9e800, fff00000c3f9e878) [ 21.428551] [ 21.428575] The buggy address belongs to the physical page: [ 21.428610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f9e [ 21.428665] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.428717] page_type: f5(slab) [ 21.428760] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.428813] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.428856] page dumped because: kasan: bad access detected [ 21.428891] [ 21.428915] Memory state around the buggy address: [ 21.428953] fff00000c3f9e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.429000] fff00000c3f9e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.429045] >fff00000c3f9e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.429087] ^ [ 21.429131] fff00000c3f9e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.429176] fff00000c3f9e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.429217] ==================================================================
[ 22.173930] ================================================================== [ 22.174637] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 22.175270] Read of size 121 at addr ffff888101e0b000 by task kunit_try_catch/306 [ 22.175692] [ 22.175918] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 22.176062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.176088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.176151] Call Trace: [ 22.176211] <TASK> [ 22.176253] dump_stack_lvl+0x73/0xb0 [ 22.176325] print_report+0xd1/0x650 [ 22.176402] ? __virt_addr_valid+0x1db/0x2d0 [ 22.176471] ? copy_user_test_oob+0x604/0x10f0 [ 22.176513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.176564] ? copy_user_test_oob+0x604/0x10f0 [ 22.176610] kasan_report+0x141/0x180 [ 22.176664] ? copy_user_test_oob+0x604/0x10f0 [ 22.176723] kasan_check_range+0x10c/0x1c0 [ 22.176790] __kasan_check_read+0x15/0x20 [ 22.176829] copy_user_test_oob+0x604/0x10f0 [ 22.176890] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.176925] ? finish_task_switch.isra.0+0x153/0x700 [ 22.176968] ? __switch_to+0x5d9/0xf60 [ 22.177000] ? dequeue_task_fair+0x166/0x4e0 [ 22.177039] ? __schedule+0x10cc/0x2b30 [ 22.177077] ? __pfx_read_tsc+0x10/0x10 [ 22.177142] ? ktime_get_ts64+0x86/0x230 [ 22.177211] kunit_try_run_case+0x1a5/0x480 [ 22.177263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.177308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.177362] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.177438] ? __kthread_parkme+0x82/0x180 [ 22.177500] ? preempt_count_sub+0x50/0x80 [ 22.177552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.177595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.177647] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.177696] kthread+0x337/0x6f0 [ 22.177742] ? trace_preempt_on+0x20/0xc0 [ 22.177817] ? __pfx_kthread+0x10/0x10 [ 22.177862] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.177902] ? calculate_sigpending+0x7b/0xa0 [ 22.177939] ? __pfx_kthread+0x10/0x10 [ 22.177971] ret_from_fork+0x41/0x80 [ 22.178005] ? __pfx_kthread+0x10/0x10 [ 22.178038] ret_from_fork_asm+0x1a/0x30 [ 22.178090] </TASK> [ 22.178162] [ 22.189482] Allocated by task 306: [ 22.189856] kasan_save_stack+0x45/0x70 [ 22.190279] kasan_save_track+0x18/0x40 [ 22.190555] kasan_save_alloc_info+0x3b/0x50 [ 22.190820] __kasan_kmalloc+0xb7/0xc0 [ 22.191183] __kmalloc_noprof+0x1c9/0x500 [ 22.191562] kunit_kmalloc_array+0x25/0x60 [ 22.191825] copy_user_test_oob+0xab/0x10f0 [ 22.192645] kunit_try_run_case+0x1a5/0x480 [ 22.194373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.194695] kthread+0x337/0x6f0 [ 22.194906] ret_from_fork+0x41/0x80 [ 22.195115] ret_from_fork_asm+0x1a/0x30 [ 22.195952] [ 22.196285] The buggy address belongs to the object at ffff888101e0b000 [ 22.196285] which belongs to the cache kmalloc-128 of size 128 [ 22.197396] The buggy address is located 0 bytes inside of [ 22.197396] allocated 120-byte region [ffff888101e0b000, ffff888101e0b078) [ 22.198363] [ 22.198530] The buggy address belongs to the physical page: [ 22.198824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e0b [ 22.199509] flags: 0x200000000000000(node=0|zone=2) [ 22.199784] page_type: f5(slab) [ 22.200001] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.200688] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.201391] page dumped because: kasan: bad access detected [ 22.201878] [ 22.202155] Memory state around the buggy address: [ 22.202578] ffff888101e0af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.203052] ffff888101e0af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.203728] >ffff888101e0b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.204849] ^ [ 22.205481] ffff888101e0b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.205959] ffff888101e0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.206568] ================================================================== [ 22.071779] ================================================================== [ 22.072315] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 22.072940] Write of size 121 at addr ffff888101e0b000 by task kunit_try_catch/306 [ 22.073785] [ 22.074052] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 22.074211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.074264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.074314] Call Trace: [ 22.074362] <TASK> [ 22.074409] dump_stack_lvl+0x73/0xb0 [ 22.074498] print_report+0xd1/0x650 [ 22.074557] ? __virt_addr_valid+0x1db/0x2d0 [ 22.074607] ? copy_user_test_oob+0x3fd/0x10f0 [ 22.074648] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.074681] ? copy_user_test_oob+0x3fd/0x10f0 [ 22.074705] kasan_report+0x141/0x180 [ 22.074732] ? copy_user_test_oob+0x3fd/0x10f0 [ 22.074786] kasan_check_range+0x10c/0x1c0 [ 22.074813] __kasan_check_write+0x18/0x20 [ 22.074836] copy_user_test_oob+0x3fd/0x10f0 [ 22.074863] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.074887] ? finish_task_switch.isra.0+0x153/0x700 [ 22.074917] ? __switch_to+0x5d9/0xf60 [ 22.074940] ? dequeue_task_fair+0x166/0x4e0 [ 22.074969] ? __schedule+0x10cc/0x2b30 [ 22.074995] ? __pfx_read_tsc+0x10/0x10 [ 22.075019] ? ktime_get_ts64+0x86/0x230 [ 22.075048] kunit_try_run_case+0x1a5/0x480 [ 22.075078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.075119] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.075158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.075184] ? __kthread_parkme+0x82/0x180 [ 22.075209] ? preempt_count_sub+0x50/0x80 [ 22.075238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.075264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.075290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.075316] kthread+0x337/0x6f0 [ 22.075336] ? trace_preempt_on+0x20/0xc0 [ 22.075365] ? __pfx_kthread+0x10/0x10 [ 22.075386] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.075411] ? calculate_sigpending+0x7b/0xa0 [ 22.075449] ? __pfx_kthread+0x10/0x10 [ 22.075483] ret_from_fork+0x41/0x80 [ 22.075523] ? __pfx_kthread+0x10/0x10 [ 22.075555] ret_from_fork_asm+0x1a/0x30 [ 22.075615] </TASK> [ 22.075656] [ 22.093009] Allocated by task 306: [ 22.093512] kasan_save_stack+0x45/0x70 [ 22.093975] kasan_save_track+0x18/0x40 [ 22.094460] kasan_save_alloc_info+0x3b/0x50 [ 22.094926] __kasan_kmalloc+0xb7/0xc0 [ 22.095338] __kmalloc_noprof+0x1c9/0x500 [ 22.095847] kunit_kmalloc_array+0x25/0x60 [ 22.096341] copy_user_test_oob+0xab/0x10f0 [ 22.096724] kunit_try_run_case+0x1a5/0x480 [ 22.096970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.097532] kthread+0x337/0x6f0 [ 22.097907] ret_from_fork+0x41/0x80 [ 22.098324] ret_from_fork_asm+0x1a/0x30 [ 22.098683] [ 22.098858] The buggy address belongs to the object at ffff888101e0b000 [ 22.098858] which belongs to the cache kmalloc-128 of size 128 [ 22.099427] The buggy address is located 0 bytes inside of [ 22.099427] allocated 120-byte region [ffff888101e0b000, ffff888101e0b078) [ 22.100463] [ 22.100630] The buggy address belongs to the physical page: [ 22.100902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e0b [ 22.101645] flags: 0x200000000000000(node=0|zone=2) [ 22.102170] page_type: f5(slab) [ 22.102548] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.103054] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.103571] page dumped because: kasan: bad access detected [ 22.104036] [ 22.104294] Memory state around the buggy address: [ 22.104673] ffff888101e0af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.105165] ffff888101e0af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.105810] >ffff888101e0b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.106329] ^ [ 22.106775] ffff888101e0b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.107291] ffff888101e0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.107830] ================================================================== [ 22.109383] ================================================================== [ 22.109986] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 22.110662] Read of size 121 at addr ffff888101e0b000 by task kunit_try_catch/306 [ 22.110953] [ 22.111269] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 22.111400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.111449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.111501] Call Trace: [ 22.111548] <TASK> [ 22.111595] dump_stack_lvl+0x73/0xb0 [ 22.111711] print_report+0xd1/0x650 [ 22.111778] ? __virt_addr_valid+0x1db/0x2d0 [ 22.111823] ? copy_user_test_oob+0x4aa/0x10f0 [ 22.111849] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.111876] ? copy_user_test_oob+0x4aa/0x10f0 [ 22.111900] kasan_report+0x141/0x180 [ 22.111927] ? copy_user_test_oob+0x4aa/0x10f0 [ 22.111974] kasan_check_range+0x10c/0x1c0 [ 22.112015] __kasan_check_read+0x15/0x20 [ 22.112060] copy_user_test_oob+0x4aa/0x10f0 [ 22.112153] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.112218] ? finish_task_switch.isra.0+0x153/0x700 [ 22.112272] ? __switch_to+0x5d9/0xf60 [ 22.112313] ? dequeue_task_fair+0x166/0x4e0 [ 22.112376] ? __schedule+0x10cc/0x2b30 [ 22.112442] ? __pfx_read_tsc+0x10/0x10 [ 22.112492] ? ktime_get_ts64+0x86/0x230 [ 22.112558] kunit_try_run_case+0x1a5/0x480 [ 22.112600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.112627] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.112656] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.112682] ? __kthread_parkme+0x82/0x180 [ 22.112708] ? preempt_count_sub+0x50/0x80 [ 22.112735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.112787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.112815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.112842] kthread+0x337/0x6f0 [ 22.112863] ? trace_preempt_on+0x20/0xc0 [ 22.112891] ? __pfx_kthread+0x10/0x10 [ 22.112912] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.112936] ? calculate_sigpending+0x7b/0xa0 [ 22.112962] ? __pfx_kthread+0x10/0x10 [ 22.112984] ret_from_fork+0x41/0x80 [ 22.113009] ? __pfx_kthread+0x10/0x10 [ 22.113030] ret_from_fork_asm+0x1a/0x30 [ 22.113067] </TASK> [ 22.113084] [ 22.128056] Allocated by task 306: [ 22.128306] kasan_save_stack+0x45/0x70 [ 22.128533] kasan_save_track+0x18/0x40 [ 22.128708] kasan_save_alloc_info+0x3b/0x50 [ 22.128903] __kasan_kmalloc+0xb7/0xc0 [ 22.129106] __kmalloc_noprof+0x1c9/0x500 [ 22.129326] kunit_kmalloc_array+0x25/0x60 [ 22.130229] copy_user_test_oob+0xab/0x10f0 [ 22.130683] kunit_try_run_case+0x1a5/0x480 [ 22.131406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.131999] kthread+0x337/0x6f0 [ 22.132366] ret_from_fork+0x41/0x80 [ 22.132614] ret_from_fork_asm+0x1a/0x30 [ 22.132848] [ 22.132998] The buggy address belongs to the object at ffff888101e0b000 [ 22.132998] which belongs to the cache kmalloc-128 of size 128 [ 22.134346] The buggy address is located 0 bytes inside of [ 22.134346] allocated 120-byte region [ffff888101e0b000, ffff888101e0b078) [ 22.134899] [ 22.135119] The buggy address belongs to the physical page: [ 22.135608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e0b [ 22.136016] flags: 0x200000000000000(node=0|zone=2) [ 22.136282] page_type: f5(slab) [ 22.136585] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.137453] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.138087] page dumped because: kasan: bad access detected [ 22.138339] [ 22.138440] Memory state around the buggy address: [ 22.138638] ffff888101e0af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.139059] ffff888101e0af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.140227] >ffff888101e0b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.140526] ^ [ 22.140797] ffff888101e0b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.140976] ffff888101e0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.141204] ================================================================== [ 22.142148] ================================================================== [ 22.142493] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 22.143201] Write of size 121 at addr ffff888101e0b000 by task kunit_try_catch/306 [ 22.143570] [ 22.143780] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 22.143895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.143926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.143972] Call Trace: [ 22.144018] <TASK> [ 22.144065] dump_stack_lvl+0x73/0xb0 [ 22.144179] print_report+0xd1/0x650 [ 22.144234] ? __virt_addr_valid+0x1db/0x2d0 [ 22.144294] ? copy_user_test_oob+0x557/0x10f0 [ 22.144345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.144395] ? copy_user_test_oob+0x557/0x10f0 [ 22.144437] kasan_report+0x141/0x180 [ 22.144480] ? copy_user_test_oob+0x557/0x10f0 [ 22.144530] kasan_check_range+0x10c/0x1c0 [ 22.144579] __kasan_check_write+0x18/0x20 [ 22.144622] copy_user_test_oob+0x557/0x10f0 [ 22.144667] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.144709] ? finish_task_switch.isra.0+0x153/0x700 [ 22.144770] ? __switch_to+0x5d9/0xf60 [ 22.144819] ? dequeue_task_fair+0x166/0x4e0 [ 22.144872] ? __schedule+0x10cc/0x2b30 [ 22.144922] ? __pfx_read_tsc+0x10/0x10 [ 22.144970] ? ktime_get_ts64+0x86/0x230 [ 22.145029] kunit_try_run_case+0x1a5/0x480 [ 22.145090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.145172] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.145229] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.145284] ? __kthread_parkme+0x82/0x180 [ 22.145336] ? preempt_count_sub+0x50/0x80 [ 22.145385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.145429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.145475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.145525] kthread+0x337/0x6f0 [ 22.145568] ? trace_preempt_on+0x20/0xc0 [ 22.145625] ? __pfx_kthread+0x10/0x10 [ 22.145672] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.145724] ? calculate_sigpending+0x7b/0xa0 [ 22.145791] ? __pfx_kthread+0x10/0x10 [ 22.145832] ret_from_fork+0x41/0x80 [ 22.145882] ? __pfx_kthread+0x10/0x10 [ 22.145927] ret_from_fork_asm+0x1a/0x30 [ 22.146000] </TASK> [ 22.146023] [ 22.157609] Allocated by task 306: [ 22.158068] kasan_save_stack+0x45/0x70 [ 22.159441] kasan_save_track+0x18/0x40 [ 22.159724] kasan_save_alloc_info+0x3b/0x50 [ 22.159970] __kasan_kmalloc+0xb7/0xc0 [ 22.160641] __kmalloc_noprof+0x1c9/0x500 [ 22.160877] kunit_kmalloc_array+0x25/0x60 [ 22.161075] copy_user_test_oob+0xab/0x10f0 [ 22.161771] kunit_try_run_case+0x1a5/0x480 [ 22.162313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.162636] kthread+0x337/0x6f0 [ 22.162831] ret_from_fork+0x41/0x80 [ 22.163166] ret_from_fork_asm+0x1a/0x30 [ 22.163462] [ 22.163671] The buggy address belongs to the object at ffff888101e0b000 [ 22.163671] which belongs to the cache kmalloc-128 of size 128 [ 22.164845] The buggy address is located 0 bytes inside of [ 22.164845] allocated 120-byte region [ffff888101e0b000, ffff888101e0b078) [ 22.165682] [ 22.165918] The buggy address belongs to the physical page: [ 22.166304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e0b [ 22.166731] flags: 0x200000000000000(node=0|zone=2) [ 22.167216] page_type: f5(slab) [ 22.167432] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.168048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.168528] page dumped because: kasan: bad access detected [ 22.168821] [ 22.169022] Memory state around the buggy address: [ 22.169472] ffff888101e0af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.169951] ffff888101e0af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.170455] >ffff888101e0b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.171000] ^ [ 22.171418] ffff888101e0b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.172014] ffff888101e0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.172527] ==================================================================