Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 27.188712] ================================================================== [ 27.188851] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 27.188985] Write of size 121 at addr fff00000c7732300 by task kunit_try_catch/289 [ 27.189115] [ 27.189204] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.189423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.190214] Hardware name: linux,dummy-virt (DT) [ 27.190353] Call trace: [ 27.190522] show_stack+0x20/0x38 (C) [ 27.190751] dump_stack_lvl+0x8c/0xd0 [ 27.191020] print_report+0x118/0x608 [ 27.191162] kasan_report+0xdc/0x128 [ 27.191269] kasan_check_range+0x100/0x1a8 [ 27.191630] __kasan_check_write+0x20/0x30 [ 27.191860] copy_user_test_oob+0x434/0xec8 [ 27.191978] kunit_try_run_case+0x170/0x3f0 [ 27.192132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.192541] kthread+0x328/0x630 [ 27.192681] ret_from_fork+0x10/0x20 [ 27.192899] [ 27.192963] Allocated by task 289: [ 27.193138] kasan_save_stack+0x3c/0x68 [ 27.193375] kasan_save_track+0x20/0x40 [ 27.193490] kasan_save_alloc_info+0x40/0x58 [ 27.193587] __kasan_kmalloc+0xd4/0xd8 [ 27.194081] __kmalloc_noprof+0x198/0x4c8 [ 27.194442] kunit_kmalloc_array+0x34/0x88 [ 27.194638] copy_user_test_oob+0xac/0xec8 [ 27.194824] kunit_try_run_case+0x170/0x3f0 [ 27.194993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.195256] kthread+0x328/0x630 [ 27.195349] ret_from_fork+0x10/0x20 [ 27.195447] [ 27.195501] The buggy address belongs to the object at fff00000c7732300 [ 27.195501] which belongs to the cache kmalloc-128 of size 128 [ 27.195651] The buggy address is located 0 bytes inside of [ 27.195651] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.196206] [ 27.196548] The buggy address belongs to the physical page: [ 27.196710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.197052] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.197216] page_type: f5(slab) [ 27.197318] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.197451] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.197566] page dumped because: kasan: bad access detected [ 27.197654] [ 27.197704] Memory state around the buggy address: [ 27.198327] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.199059] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.199658] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.199863] ^ [ 27.199968] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.200529] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.200591] ================================================================== [ 27.170423] ================================================================== [ 27.170808] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 27.171382] Read of size 121 at addr fff00000c7732300 by task kunit_try_catch/289 [ 27.171614] [ 27.171714] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.172676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.172945] Hardware name: linux,dummy-virt (DT) [ 27.173515] Call trace: [ 27.173598] show_stack+0x20/0x38 (C) [ 27.174002] dump_stack_lvl+0x8c/0xd0 [ 27.174348] print_report+0x118/0x608 [ 27.174697] kasan_report+0xdc/0x128 [ 27.174984] kasan_check_range+0x100/0x1a8 [ 27.175109] __kasan_check_read+0x20/0x30 [ 27.175240] copy_user_test_oob+0x3c8/0xec8 [ 27.175472] kunit_try_run_case+0x170/0x3f0 [ 27.176205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.176840] kthread+0x328/0x630 [ 27.177008] ret_from_fork+0x10/0x20 [ 27.177314] [ 27.177435] Allocated by task 289: [ 27.177876] kasan_save_stack+0x3c/0x68 [ 27.178217] kasan_save_track+0x20/0x40 [ 27.178555] kasan_save_alloc_info+0x40/0x58 [ 27.178708] __kasan_kmalloc+0xd4/0xd8 [ 27.178809] __kmalloc_noprof+0x198/0x4c8 [ 27.179196] kunit_kmalloc_array+0x34/0x88 [ 27.179413] copy_user_test_oob+0xac/0xec8 [ 27.180021] kunit_try_run_case+0x170/0x3f0 [ 27.180145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.180275] kthread+0x328/0x630 [ 27.180377] ret_from_fork+0x10/0x20 [ 27.180790] [ 27.181493] The buggy address belongs to the object at fff00000c7732300 [ 27.181493] which belongs to the cache kmalloc-128 of size 128 [ 27.181752] The buggy address is located 0 bytes inside of [ 27.181752] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.182343] [ 27.182446] The buggy address belongs to the physical page: [ 27.182535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.182769] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.182976] page_type: f5(slab) [ 27.183090] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.183197] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.183566] page dumped because: kasan: bad access detected [ 27.183858] [ 27.183978] Memory state around the buggy address: [ 27.184094] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.184312] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.184660] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.184800] ^ [ 27.185094] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.185276] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.185624] ================================================================== [ 27.109672] ================================================================== [ 27.110115] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 27.110842] Read of size 121 at addr fff00000c7732300 by task kunit_try_catch/289 [ 27.111083] [ 27.111184] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.111388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.112028] Hardware name: linux,dummy-virt (DT) [ 27.112157] Call trace: [ 27.112459] show_stack+0x20/0x38 (C) [ 27.112608] dump_stack_lvl+0x8c/0xd0 [ 27.112739] print_report+0x118/0x608 [ 27.112860] kasan_report+0xdc/0x128 [ 27.114355] kasan_check_range+0x100/0x1a8 [ 27.114814] __kasan_check_read+0x20/0x30 [ 27.115153] copy_user_test_oob+0x728/0xec8 [ 27.115359] kunit_try_run_case+0x170/0x3f0 [ 27.115822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.116044] kthread+0x328/0x630 [ 27.116414] ret_from_fork+0x10/0x20 [ 27.116553] [ 27.117103] Allocated by task 289: [ 27.117376] kasan_save_stack+0x3c/0x68 [ 27.117551] kasan_save_track+0x20/0x40 [ 27.118184] kasan_save_alloc_info+0x40/0x58 [ 27.118344] __kasan_kmalloc+0xd4/0xd8 [ 27.118474] __kmalloc_noprof+0x198/0x4c8 [ 27.118559] kunit_kmalloc_array+0x34/0x88 [ 27.118656] copy_user_test_oob+0xac/0xec8 [ 27.118751] kunit_try_run_case+0x170/0x3f0 [ 27.118866] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.118995] kthread+0x328/0x630 [ 27.119092] ret_from_fork+0x10/0x20 [ 27.119921] [ 27.120003] The buggy address belongs to the object at fff00000c7732300 [ 27.120003] which belongs to the cache kmalloc-128 of size 128 [ 27.120655] The buggy address is located 0 bytes inside of [ 27.120655] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.120842] [ 27.120911] The buggy address belongs to the physical page: [ 27.121197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.121752] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.121910] page_type: f5(slab) [ 27.122593] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.122850] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.123027] page dumped because: kasan: bad access detected [ 27.123114] [ 27.123378] Memory state around the buggy address: [ 27.123558] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.124057] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.124565] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.124982] ^ [ 27.125126] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.125240] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.125347] ================================================================== [ 27.150721] ================================================================== [ 27.151268] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 27.151611] Write of size 121 at addr fff00000c7732300 by task kunit_try_catch/289 [ 27.151950] [ 27.152061] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.152592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.152798] Hardware name: linux,dummy-virt (DT) [ 27.152884] Call trace: [ 27.152951] show_stack+0x20/0x38 (C) [ 27.153685] dump_stack_lvl+0x8c/0xd0 [ 27.153852] print_report+0x118/0x608 [ 27.153963] kasan_report+0xdc/0x128 [ 27.154086] kasan_check_range+0x100/0x1a8 [ 27.154665] __kasan_check_write+0x20/0x30 [ 27.155579] copy_user_test_oob+0x35c/0xec8 [ 27.155769] kunit_try_run_case+0x170/0x3f0 [ 27.156001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.156254] kthread+0x328/0x630 [ 27.156388] ret_from_fork+0x10/0x20 [ 27.156848] [ 27.156914] Allocated by task 289: [ 27.157251] kasan_save_stack+0x3c/0x68 [ 27.157386] kasan_save_track+0x20/0x40 [ 27.157491] kasan_save_alloc_info+0x40/0x58 [ 27.157855] __kasan_kmalloc+0xd4/0xd8 [ 27.158149] __kmalloc_noprof+0x198/0x4c8 [ 27.158510] kunit_kmalloc_array+0x34/0x88 [ 27.158610] copy_user_test_oob+0xac/0xec8 [ 27.158691] kunit_try_run_case+0x170/0x3f0 [ 27.158784] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.159665] kthread+0x328/0x630 [ 27.159790] ret_from_fork+0x10/0x20 [ 27.159888] [ 27.159941] The buggy address belongs to the object at fff00000c7732300 [ 27.159941] which belongs to the cache kmalloc-128 of size 128 [ 27.160835] The buggy address is located 0 bytes inside of [ 27.160835] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.161097] [ 27.161164] The buggy address belongs to the physical page: [ 27.161298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.161535] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.161719] page_type: f5(slab) [ 27.161846] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.161990] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.162397] page dumped because: kasan: bad access detected [ 27.162774] [ 27.163144] Memory state around the buggy address: [ 27.163253] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.163632] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.163782] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.164396] ^ [ 27.164888] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.165065] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.165179] ================================================================== [ 27.204067] ================================================================== [ 27.204323] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 27.204831] Read of size 121 at addr fff00000c7732300 by task kunit_try_catch/289 [ 27.205094] [ 27.205285] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.206042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.206150] Hardware name: linux,dummy-virt (DT) [ 27.206237] Call trace: [ 27.206317] show_stack+0x20/0x38 (C) [ 27.206876] dump_stack_lvl+0x8c/0xd0 [ 27.207170] print_report+0x118/0x608 [ 27.207424] kasan_report+0xdc/0x128 [ 27.207761] kasan_check_range+0x100/0x1a8 [ 27.207901] __kasan_check_read+0x20/0x30 [ 27.208117] copy_user_test_oob+0x4a0/0xec8 [ 27.208357] kunit_try_run_case+0x170/0x3f0 [ 27.208668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.209147] kthread+0x328/0x630 [ 27.209287] ret_from_fork+0x10/0x20 [ 27.209617] [ 27.209744] Allocated by task 289: [ 27.209928] kasan_save_stack+0x3c/0x68 [ 27.210131] kasan_save_track+0x20/0x40 [ 27.210229] kasan_save_alloc_info+0x40/0x58 [ 27.210783] __kasan_kmalloc+0xd4/0xd8 [ 27.210964] __kmalloc_noprof+0x198/0x4c8 [ 27.211331] kunit_kmalloc_array+0x34/0x88 [ 27.211594] copy_user_test_oob+0xac/0xec8 [ 27.211833] kunit_try_run_case+0x170/0x3f0 [ 27.211950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.212061] kthread+0x328/0x630 [ 27.212142] ret_from_fork+0x10/0x20 [ 27.212228] [ 27.212279] The buggy address belongs to the object at fff00000c7732300 [ 27.212279] which belongs to the cache kmalloc-128 of size 128 [ 27.212450] The buggy address is located 0 bytes inside of [ 27.212450] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.212629] [ 27.212687] The buggy address belongs to the physical page: [ 27.212779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.212923] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.213063] page_type: f5(slab) [ 27.213172] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.213437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.213592] page dumped because: kasan: bad access detected [ 27.214032] [ 27.214095] Memory state around the buggy address: [ 27.214194] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.214828] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.215463] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.215594] ^ [ 27.215800] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.216115] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.216328] ================================================================== [ 27.078205] ================================================================== [ 27.078555] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 27.078820] Write of size 121 at addr fff00000c7732300 by task kunit_try_catch/289 [ 27.078954] [ 27.079057] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.079268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.079355] Hardware name: linux,dummy-virt (DT) [ 27.079445] Call trace: [ 27.079532] show_stack+0x20/0x38 (C) [ 27.079710] dump_stack_lvl+0x8c/0xd0 [ 27.079914] print_report+0x118/0x608 [ 27.080091] kasan_report+0xdc/0x128 [ 27.080210] kasan_check_range+0x100/0x1a8 [ 27.081332] __kasan_check_write+0x20/0x30 [ 27.081973] copy_user_test_oob+0x234/0xec8 [ 27.082228] kunit_try_run_case+0x170/0x3f0 [ 27.082468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.083102] kthread+0x328/0x630 [ 27.083313] ret_from_fork+0x10/0x20 [ 27.083859] [ 27.084266] Allocated by task 289: [ 27.084358] kasan_save_stack+0x3c/0x68 [ 27.084492] kasan_save_track+0x20/0x40 [ 27.085035] kasan_save_alloc_info+0x40/0x58 [ 27.085162] __kasan_kmalloc+0xd4/0xd8 [ 27.085669] __kmalloc_noprof+0x198/0x4c8 [ 27.085877] kunit_kmalloc_array+0x34/0x88 [ 27.086002] copy_user_test_oob+0xac/0xec8 [ 27.086097] kunit_try_run_case+0x170/0x3f0 [ 27.086597] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.086731] kthread+0x328/0x630 [ 27.086827] ret_from_fork+0x10/0x20 [ 27.086961] [ 27.087022] The buggy address belongs to the object at fff00000c7732300 [ 27.087022] which belongs to the cache kmalloc-128 of size 128 [ 27.087703] The buggy address is located 0 bytes inside of [ 27.087703] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.087989] [ 27.088292] The buggy address belongs to the physical page: [ 27.088530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.089351] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.090071] page_type: f5(slab) [ 27.090217] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.090365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.090626] page dumped because: kasan: bad access detected [ 27.090722] [ 27.090784] Memory state around the buggy address: [ 27.091275] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.091495] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.091840] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.092219] ^ [ 27.092870] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.093470] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.093577] ==================================================================
[ 18.438627] ================================================================== [ 18.439285] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 18.439729] Write of size 121 at addr ffff8881039f5200 by task kunit_try_catch/305 [ 18.440189] [ 18.440305] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.440353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.440366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.440388] Call Trace: [ 18.440403] <TASK> [ 18.440418] dump_stack_lvl+0x73/0xb0 [ 18.440445] print_report+0xd1/0x650 [ 18.440469] ? __virt_addr_valid+0x1db/0x2d0 [ 18.440491] ? copy_user_test_oob+0x557/0x10f0 [ 18.440510] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.440532] ? copy_user_test_oob+0x557/0x10f0 [ 18.440552] kasan_report+0x141/0x180 [ 18.440585] ? copy_user_test_oob+0x557/0x10f0 [ 18.440611] kasan_check_range+0x10c/0x1c0 [ 18.440631] __kasan_check_write+0x18/0x20 [ 18.440652] copy_user_test_oob+0x557/0x10f0 [ 18.440674] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.440693] ? finish_task_switch.isra.0+0x153/0x700 [ 18.440716] ? __switch_to+0x5d9/0xf60 [ 18.440736] ? dequeue_task_fair+0x166/0x4e0 [ 18.440759] ? __schedule+0x10cc/0x2b30 [ 18.440781] ? __pfx_read_tsc+0x10/0x10 [ 18.440800] ? ktime_get_ts64+0x86/0x230 [ 18.440824] kunit_try_run_case+0x1a5/0x480 [ 18.440848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.440870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.440893] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.440915] ? __kthread_parkme+0x82/0x180 [ 18.440937] ? preempt_count_sub+0x50/0x80 [ 18.440961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.440985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.441007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.441030] kthread+0x337/0x6f0 [ 18.441049] ? trace_preempt_on+0x20/0xc0 [ 18.441072] ? __pfx_kthread+0x10/0x10 [ 18.441092] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.441115] ? calculate_sigpending+0x7b/0xa0 [ 18.441138] ? __pfx_kthread+0x10/0x10 [ 18.441158] ret_from_fork+0x41/0x80 [ 18.441180] ? __pfx_kthread+0x10/0x10 [ 18.441199] ret_from_fork_asm+0x1a/0x30 [ 18.441229] </TASK> [ 18.441241] [ 18.447278] Allocated by task 305: [ 18.447373] kasan_save_stack+0x45/0x70 [ 18.447471] kasan_save_track+0x18/0x40 [ 18.447571] kasan_save_alloc_info+0x3b/0x50 [ 18.447837] __kasan_kmalloc+0xb7/0xc0 [ 18.448086] __kmalloc_noprof+0x1c9/0x500 [ 18.448407] kunit_kmalloc_array+0x25/0x60 [ 18.448670] copy_user_test_oob+0xab/0x10f0 [ 18.448906] kunit_try_run_case+0x1a5/0x480 [ 18.449126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.449457] kthread+0x337/0x6f0 [ 18.449553] ret_from_fork+0x41/0x80 [ 18.449650] ret_from_fork_asm+0x1a/0x30 [ 18.449887] [ 18.449986] The buggy address belongs to the object at ffff8881039f5200 [ 18.449986] which belongs to the cache kmalloc-128 of size 128 [ 18.450316] The buggy address is located 0 bytes inside of [ 18.450316] allocated 120-byte region [ffff8881039f5200, ffff8881039f5278) [ 18.450593] [ 18.450651] The buggy address belongs to the physical page: [ 18.451025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.451290] flags: 0x200000000000000(node=0|zone=2) [ 18.451446] page_type: f5(slab) [ 18.451636] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.451888] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.452084] page dumped because: kasan: bad access detected [ 18.452233] [ 18.452303] Memory state around the buggy address: [ 18.452431] ffff8881039f5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.452630] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.453887] >ffff8881039f5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.454185] ^ [ 18.454457] ffff8881039f5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.454628] ffff8881039f5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.454760] ================================================================== [ 18.424885] ================================================================== [ 18.425261] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 18.425483] Read of size 121 at addr ffff8881039f5200 by task kunit_try_catch/305 [ 18.425802] [ 18.425918] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.425965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.425980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.426001] Call Trace: [ 18.426018] <TASK> [ 18.426033] dump_stack_lvl+0x73/0xb0 [ 18.426061] print_report+0xd1/0x650 [ 18.426085] ? __virt_addr_valid+0x1db/0x2d0 [ 18.426108] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.426129] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.426151] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.426172] kasan_report+0x141/0x180 [ 18.426193] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.426219] kasan_check_range+0x10c/0x1c0 [ 18.426240] __kasan_check_read+0x15/0x20 [ 18.426261] copy_user_test_oob+0x4aa/0x10f0 [ 18.426283] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.426302] ? finish_task_switch.isra.0+0x153/0x700 [ 18.426325] ? __switch_to+0x5d9/0xf60 [ 18.426346] ? dequeue_task_fair+0x166/0x4e0 [ 18.426369] ? __schedule+0x10cc/0x2b30 [ 18.426391] ? __pfx_read_tsc+0x10/0x10 [ 18.426411] ? ktime_get_ts64+0x86/0x230 [ 18.426436] kunit_try_run_case+0x1a5/0x480 [ 18.426460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.426482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.426505] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.426527] ? __kthread_parkme+0x82/0x180 [ 18.426548] ? preempt_count_sub+0x50/0x80 [ 18.426583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.426607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.426631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.426654] kthread+0x337/0x6f0 [ 18.426695] ? trace_preempt_on+0x20/0xc0 [ 18.426721] ? __pfx_kthread+0x10/0x10 [ 18.426742] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.426763] ? calculate_sigpending+0x7b/0xa0 [ 18.426784] ? __pfx_kthread+0x10/0x10 [ 18.426803] ret_from_fork+0x41/0x80 [ 18.426826] ? __pfx_kthread+0x10/0x10 [ 18.426845] ret_from_fork_asm+0x1a/0x30 [ 18.426875] </TASK> [ 18.426888] [ 18.432003] Allocated by task 305: [ 18.432247] kasan_save_stack+0x45/0x70 [ 18.432455] kasan_save_track+0x18/0x40 [ 18.432680] kasan_save_alloc_info+0x3b/0x50 [ 18.432895] __kasan_kmalloc+0xb7/0xc0 [ 18.433188] __kmalloc_noprof+0x1c9/0x500 [ 18.433395] kunit_kmalloc_array+0x25/0x60 [ 18.433492] copy_user_test_oob+0xab/0x10f0 [ 18.433750] kunit_try_run_case+0x1a5/0x480 [ 18.433914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.434024] kthread+0x337/0x6f0 [ 18.434103] ret_from_fork+0x41/0x80 [ 18.434214] ret_from_fork_asm+0x1a/0x30 [ 18.434456] [ 18.434586] The buggy address belongs to the object at ffff8881039f5200 [ 18.434586] which belongs to the cache kmalloc-128 of size 128 [ 18.435086] The buggy address is located 0 bytes inside of [ 18.435086] allocated 120-byte region [ffff8881039f5200, ffff8881039f5278) [ 18.435479] [ 18.435593] The buggy address belongs to the physical page: [ 18.435880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.436115] flags: 0x200000000000000(node=0|zone=2) [ 18.436387] page_type: f5(slab) [ 18.436480] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.436791] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.437081] page dumped because: kasan: bad access detected [ 18.437244] [ 18.437355] Memory state around the buggy address: [ 18.437463] ffff8881039f5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.437607] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.437738] >ffff8881039f5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.437864] ^ [ 18.437992] ffff8881039f5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.438125] ffff8881039f5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.438248] ================================================================== [ 18.455285] ================================================================== [ 18.455448] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 18.456046] Read of size 121 at addr ffff8881039f5200 by task kunit_try_catch/305 [ 18.457007] [ 18.457195] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.457344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.457447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.457474] Call Trace: [ 18.457493] <TASK> [ 18.457690] dump_stack_lvl+0x73/0xb0 [ 18.457737] print_report+0xd1/0x650 [ 18.457764] ? __virt_addr_valid+0x1db/0x2d0 [ 18.457787] ? copy_user_test_oob+0x604/0x10f0 [ 18.457809] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.457832] ? copy_user_test_oob+0x604/0x10f0 [ 18.457853] kasan_report+0x141/0x180 [ 18.457878] ? copy_user_test_oob+0x604/0x10f0 [ 18.457903] kasan_check_range+0x10c/0x1c0 [ 18.457924] __kasan_check_read+0x15/0x20 [ 18.457946] copy_user_test_oob+0x604/0x10f0 [ 18.457970] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.457990] ? finish_task_switch.isra.0+0x153/0x700 [ 18.458014] ? __switch_to+0x5d9/0xf60 [ 18.458035] ? dequeue_task_fair+0x166/0x4e0 [ 18.458059] ? __schedule+0x10cc/0x2b30 [ 18.458082] ? __pfx_read_tsc+0x10/0x10 [ 18.458102] ? ktime_get_ts64+0x86/0x230 [ 18.458128] kunit_try_run_case+0x1a5/0x480 [ 18.458154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.458177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.458201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.458225] ? __kthread_parkme+0x82/0x180 [ 18.458248] ? preempt_count_sub+0x50/0x80 [ 18.458273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.458297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.458322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.458346] kthread+0x337/0x6f0 [ 18.458365] ? trace_preempt_on+0x20/0xc0 [ 18.458388] ? __pfx_kthread+0x10/0x10 [ 18.458408] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.458430] ? calculate_sigpending+0x7b/0xa0 [ 18.458452] ? __pfx_kthread+0x10/0x10 [ 18.458471] ret_from_fork+0x41/0x80 [ 18.458492] ? __pfx_kthread+0x10/0x10 [ 18.458512] ret_from_fork_asm+0x1a/0x30 [ 18.458543] </TASK> [ 18.459236] [ 18.468266] Allocated by task 305: [ 18.468467] kasan_save_stack+0x45/0x70 [ 18.468761] kasan_save_track+0x18/0x40 [ 18.469175] kasan_save_alloc_info+0x3b/0x50 [ 18.469335] __kasan_kmalloc+0xb7/0xc0 [ 18.469469] __kmalloc_noprof+0x1c9/0x500 [ 18.469668] kunit_kmalloc_array+0x25/0x60 [ 18.470060] copy_user_test_oob+0xab/0x10f0 [ 18.470219] kunit_try_run_case+0x1a5/0x480 [ 18.470475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.470937] kthread+0x337/0x6f0 [ 18.471149] ret_from_fork+0x41/0x80 [ 18.471309] ret_from_fork_asm+0x1a/0x30 [ 18.471540] [ 18.471672] The buggy address belongs to the object at ffff8881039f5200 [ 18.471672] which belongs to the cache kmalloc-128 of size 128 [ 18.472410] The buggy address is located 0 bytes inside of [ 18.472410] allocated 120-byte region [ffff8881039f5200, ffff8881039f5278) [ 18.473277] [ 18.473373] The buggy address belongs to the physical page: [ 18.473556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.473991] flags: 0x200000000000000(node=0|zone=2) [ 18.474175] page_type: f5(slab) [ 18.474434] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.474709] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.475023] page dumped because: kasan: bad access detected [ 18.475249] [ 18.475385] Memory state around the buggy address: [ 18.475670] ffff8881039f5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.476017] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.476268] >ffff8881039f5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.476545] ^ [ 18.477032] ffff8881039f5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.477615] ffff8881039f5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.477998] ================================================================== [ 18.409945] ================================================================== [ 18.410259] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 18.410471] Write of size 121 at addr ffff8881039f5200 by task kunit_try_catch/305 [ 18.410802] [ 18.410934] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.410987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.411002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.411024] Call Trace: [ 18.411041] <TASK> [ 18.411061] dump_stack_lvl+0x73/0xb0 [ 18.411090] print_report+0xd1/0x650 [ 18.411115] ? __virt_addr_valid+0x1db/0x2d0 [ 18.411146] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.411169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.411193] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.411214] kasan_report+0x141/0x180 [ 18.411238] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.411262] kasan_check_range+0x10c/0x1c0 [ 18.411285] __kasan_check_write+0x18/0x20 [ 18.411305] copy_user_test_oob+0x3fd/0x10f0 [ 18.411327] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.411347] ? finish_task_switch.isra.0+0x153/0x700 [ 18.411371] ? __switch_to+0x5d9/0xf60 [ 18.411394] ? dequeue_task_fair+0x166/0x4e0 [ 18.411420] ? __schedule+0x10cc/0x2b30 [ 18.411443] ? __pfx_read_tsc+0x10/0x10 [ 18.411465] ? ktime_get_ts64+0x86/0x230 [ 18.411491] kunit_try_run_case+0x1a5/0x480 [ 18.411517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.411540] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.411577] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.411603] ? __kthread_parkme+0x82/0x180 [ 18.411626] ? preempt_count_sub+0x50/0x80 [ 18.411652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.411676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.411700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.411723] kthread+0x337/0x6f0 [ 18.411743] ? trace_preempt_on+0x20/0xc0 [ 18.411767] ? __pfx_kthread+0x10/0x10 [ 18.411787] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.411809] ? calculate_sigpending+0x7b/0xa0 [ 18.411831] ? __pfx_kthread+0x10/0x10 [ 18.411852] ret_from_fork+0x41/0x80 [ 18.411873] ? __pfx_kthread+0x10/0x10 [ 18.411893] ret_from_fork_asm+0x1a/0x30 [ 18.411924] </TASK> [ 18.411937] [ 18.417888] Allocated by task 305: [ 18.417974] kasan_save_stack+0x45/0x70 [ 18.418071] kasan_save_track+0x18/0x40 [ 18.418159] kasan_save_alloc_info+0x3b/0x50 [ 18.418250] __kasan_kmalloc+0xb7/0xc0 [ 18.418333] __kmalloc_noprof+0x1c9/0x500 [ 18.418420] kunit_kmalloc_array+0x25/0x60 [ 18.418576] copy_user_test_oob+0xab/0x10f0 [ 18.418808] kunit_try_run_case+0x1a5/0x480 [ 18.419084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.419438] kthread+0x337/0x6f0 [ 18.419643] ret_from_fork+0x41/0x80 [ 18.419773] ret_from_fork_asm+0x1a/0x30 [ 18.419872] [ 18.419929] The buggy address belongs to the object at ffff8881039f5200 [ 18.419929] which belongs to the cache kmalloc-128 of size 128 [ 18.420139] The buggy address is located 0 bytes inside of [ 18.420139] allocated 120-byte region [ffff8881039f5200, ffff8881039f5278) [ 18.420940] [ 18.421072] The buggy address belongs to the physical page: [ 18.421275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.421421] flags: 0x200000000000000(node=0|zone=2) [ 18.421528] page_type: f5(slab) [ 18.421713] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.421996] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.422365] page dumped because: kasan: bad access detected [ 18.422670] [ 18.422753] Memory state around the buggy address: [ 18.422898] ffff8881039f5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.423030] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.423171] >ffff8881039f5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.423312] ^ [ 18.423442] ffff8881039f5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.423754] ffff8881039f5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.424104] ==================================================================