Date
June 17, 2025, 3:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.200097] ================================================================== [ 26.200343] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 26.200693] Read of size 121 at addr fff00000c73ad900 by task kunit_try_catch/287 [ 26.200862] [ 26.201060] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.201396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.201490] Hardware name: linux,dummy-virt (DT) [ 26.201570] Call trace: [ 26.201629] show_stack+0x20/0x38 (C) [ 26.201740] dump_stack_lvl+0x8c/0xd0 [ 26.201852] print_report+0x118/0x608 [ 26.201944] kasan_report+0xdc/0x128 [ 26.202044] kasan_check_range+0x100/0x1a8 [ 26.202166] __kasan_check_read+0x20/0x30 [ 26.202285] copy_user_test_oob+0x728/0xec8 [ 26.202404] kunit_try_run_case+0x170/0x3f0 [ 26.202553] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.202671] kthread+0x328/0x630 [ 26.202793] ret_from_fork+0x10/0x20 [ 26.202970] [ 26.203021] Allocated by task 287: [ 26.203134] kasan_save_stack+0x3c/0x68 [ 26.203237] kasan_save_track+0x20/0x40 [ 26.203331] kasan_save_alloc_info+0x40/0x58 [ 26.203439] __kasan_kmalloc+0xd4/0xd8 [ 26.203567] __kmalloc_noprof+0x198/0x4c8 [ 26.203697] kunit_kmalloc_array+0x34/0x88 [ 26.203802] copy_user_test_oob+0xac/0xec8 [ 26.203911] kunit_try_run_case+0x170/0x3f0 [ 26.204054] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.204225] kthread+0x328/0x630 [ 26.204318] ret_from_fork+0x10/0x20 [ 26.204408] [ 26.204464] The buggy address belongs to the object at fff00000c73ad900 [ 26.204464] which belongs to the cache kmalloc-128 of size 128 [ 26.204616] The buggy address is located 0 bytes inside of [ 26.204616] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.204788] [ 26.204839] The buggy address belongs to the physical page: [ 26.204921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.205110] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.205229] page_type: f5(slab) [ 26.205403] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.205546] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.205808] page dumped because: kasan: bad access detected [ 26.205905] [ 26.205958] Memory state around the buggy address: [ 26.206054] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.206228] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.206366] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.206448] ^ [ 26.206527] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.206607] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.206718] ================================================================== [ 26.229668] ================================================================== [ 26.229903] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 26.230037] Read of size 121 at addr fff00000c73ad900 by task kunit_try_catch/287 [ 26.232205] [ 26.235002] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.235302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.235373] Hardware name: linux,dummy-virt (DT) [ 26.235457] Call trace: [ 26.235517] show_stack+0x20/0x38 (C) [ 26.235658] dump_stack_lvl+0x8c/0xd0 [ 26.235805] print_report+0x118/0x608 [ 26.235908] kasan_report+0xdc/0x128 [ 26.236009] kasan_check_range+0x100/0x1a8 [ 26.236121] __kasan_check_read+0x20/0x30 [ 26.236231] copy_user_test_oob+0x3c8/0xec8 [ 26.236342] kunit_try_run_case+0x170/0x3f0 [ 26.236451] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.236578] kthread+0x328/0x630 [ 26.236695] ret_from_fork+0x10/0x20 [ 26.237449] [ 26.237507] Allocated by task 287: [ 26.237581] kasan_save_stack+0x3c/0x68 [ 26.237690] kasan_save_track+0x20/0x40 [ 26.237864] kasan_save_alloc_info+0x40/0x58 [ 26.237951] __kasan_kmalloc+0xd4/0xd8 [ 26.238025] __kmalloc_noprof+0x198/0x4c8 [ 26.238104] kunit_kmalloc_array+0x34/0x88 [ 26.238195] copy_user_test_oob+0xac/0xec8 [ 26.238276] kunit_try_run_case+0x170/0x3f0 [ 26.239949] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.240127] kthread+0x328/0x630 [ 26.240228] ret_from_fork+0x10/0x20 [ 26.240337] [ 26.240394] The buggy address belongs to the object at fff00000c73ad900 [ 26.240394] which belongs to the cache kmalloc-128 of size 128 [ 26.240554] The buggy address is located 0 bytes inside of [ 26.240554] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.240718] [ 26.240784] The buggy address belongs to the physical page: [ 26.240854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.240961] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.241083] page_type: f5(slab) [ 26.241178] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.241301] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.241393] page dumped because: kasan: bad access detected [ 26.241461] [ 26.241502] Memory state around the buggy address: [ 26.241584] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.241697] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.241843] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.241944] ^ [ 26.242034] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.243289] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.243464] ================================================================== [ 26.256905] ================================================================== [ 26.257270] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 26.257515] Read of size 121 at addr fff00000c73ad900 by task kunit_try_catch/287 [ 26.257586] [ 26.257640] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.257765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.257872] Hardware name: linux,dummy-virt (DT) [ 26.258151] Call trace: [ 26.258249] show_stack+0x20/0x38 (C) [ 26.258468] dump_stack_lvl+0x8c/0xd0 [ 26.258627] print_report+0x118/0x608 [ 26.258900] kasan_report+0xdc/0x128 [ 26.259020] kasan_check_range+0x100/0x1a8 [ 26.259156] __kasan_check_read+0x20/0x30 [ 26.259326] copy_user_test_oob+0x4a0/0xec8 [ 26.259490] kunit_try_run_case+0x170/0x3f0 [ 26.259656] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.259864] kthread+0x328/0x630 [ 26.260017] ret_from_fork+0x10/0x20 [ 26.260148] [ 26.260199] Allocated by task 287: [ 26.260288] kasan_save_stack+0x3c/0x68 [ 26.260392] kasan_save_track+0x20/0x40 [ 26.260488] kasan_save_alloc_info+0x40/0x58 [ 26.260591] __kasan_kmalloc+0xd4/0xd8 [ 26.260718] __kmalloc_noprof+0x198/0x4c8 [ 26.260813] kunit_kmalloc_array+0x34/0x88 [ 26.261574] copy_user_test_oob+0xac/0xec8 [ 26.261795] kunit_try_run_case+0x170/0x3f0 [ 26.262003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.262128] kthread+0x328/0x630 [ 26.262230] ret_from_fork+0x10/0x20 [ 26.262326] [ 26.262381] The buggy address belongs to the object at fff00000c73ad900 [ 26.262381] which belongs to the cache kmalloc-128 of size 128 [ 26.262527] The buggy address is located 0 bytes inside of [ 26.262527] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.262645] [ 26.262690] The buggy address belongs to the physical page: [ 26.262794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.262925] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.263102] page_type: f5(slab) [ 26.263256] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.263443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.263595] page dumped because: kasan: bad access detected [ 26.263716] [ 26.263775] Memory state around the buggy address: [ 26.263848] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.264482] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.264631] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.264725] ^ [ 26.264845] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.265155] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.265264] ================================================================== [ 26.171630] ================================================================== [ 26.172085] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 26.172285] Write of size 121 at addr fff00000c73ad900 by task kunit_try_catch/287 [ 26.172429] [ 26.172542] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.172778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.172859] Hardware name: linux,dummy-virt (DT) [ 26.172955] Call trace: [ 26.173020] show_stack+0x20/0x38 (C) [ 26.173149] dump_stack_lvl+0x8c/0xd0 [ 26.174064] print_report+0x118/0x608 [ 26.174268] kasan_report+0xdc/0x128 [ 26.174387] kasan_check_range+0x100/0x1a8 [ 26.174487] __kasan_check_write+0x20/0x30 [ 26.174581] copy_user_test_oob+0x234/0xec8 [ 26.174669] kunit_try_run_case+0x170/0x3f0 [ 26.174824] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.174950] kthread+0x328/0x630 [ 26.175040] ret_from_fork+0x10/0x20 [ 26.175152] [ 26.175196] Allocated by task 287: [ 26.175262] kasan_save_stack+0x3c/0x68 [ 26.175357] kasan_save_track+0x20/0x40 [ 26.175426] kasan_save_alloc_info+0x40/0x58 [ 26.175516] __kasan_kmalloc+0xd4/0xd8 [ 26.175671] __kmalloc_noprof+0x198/0x4c8 [ 26.175947] kunit_kmalloc_array+0x34/0x88 [ 26.176196] copy_user_test_oob+0xac/0xec8 [ 26.176427] kunit_try_run_case+0x170/0x3f0 [ 26.176539] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.176654] kthread+0x328/0x630 [ 26.176763] ret_from_fork+0x10/0x20 [ 26.177236] [ 26.177318] The buggy address belongs to the object at fff00000c73ad900 [ 26.177318] which belongs to the cache kmalloc-128 of size 128 [ 26.177686] The buggy address is located 0 bytes inside of [ 26.177686] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.177883] [ 26.178169] The buggy address belongs to the physical page: [ 26.178250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.178402] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.178502] page_type: f5(slab) [ 26.178590] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.178685] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.178787] page dumped because: kasan: bad access detected [ 26.178859] [ 26.178907] Memory state around the buggy address: [ 26.179202] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.179742] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.180077] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.180476] ^ [ 26.180949] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.181218] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.181633] ================================================================== [ 26.219931] ================================================================== [ 26.220120] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 26.220298] Write of size 121 at addr fff00000c73ad900 by task kunit_try_catch/287 [ 26.220467] [ 26.220605] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.220903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.220991] Hardware name: linux,dummy-virt (DT) [ 26.221083] Call trace: [ 26.221138] show_stack+0x20/0x38 (C) [ 26.221254] dump_stack_lvl+0x8c/0xd0 [ 26.221462] print_report+0x118/0x608 [ 26.221572] kasan_report+0xdc/0x128 [ 26.221663] kasan_check_range+0x100/0x1a8 [ 26.221799] __kasan_check_write+0x20/0x30 [ 26.221909] copy_user_test_oob+0x35c/0xec8 [ 26.222075] kunit_try_run_case+0x170/0x3f0 [ 26.222234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.222416] kthread+0x328/0x630 [ 26.222566] ret_from_fork+0x10/0x20 [ 26.222736] [ 26.222834] Allocated by task 287: [ 26.222910] kasan_save_stack+0x3c/0x68 [ 26.223014] kasan_save_track+0x20/0x40 [ 26.223112] kasan_save_alloc_info+0x40/0x58 [ 26.223209] __kasan_kmalloc+0xd4/0xd8 [ 26.223307] __kmalloc_noprof+0x198/0x4c8 [ 26.223410] kunit_kmalloc_array+0x34/0x88 [ 26.223509] copy_user_test_oob+0xac/0xec8 [ 26.223605] kunit_try_run_case+0x170/0x3f0 [ 26.223701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.223827] kthread+0x328/0x630 [ 26.223920] ret_from_fork+0x10/0x20 [ 26.224016] [ 26.224068] The buggy address belongs to the object at fff00000c73ad900 [ 26.224068] which belongs to the cache kmalloc-128 of size 128 [ 26.224245] The buggy address is located 0 bytes inside of [ 26.224245] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.224405] [ 26.224466] The buggy address belongs to the physical page: [ 26.224553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.224692] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.226351] page_type: f5(slab) [ 26.226472] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.226583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.226676] page dumped because: kasan: bad access detected [ 26.226777] [ 26.226819] Memory state around the buggy address: [ 26.226900] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.227003] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.227101] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.227183] ^ [ 26.227268] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.227358] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.227445] ================================================================== [ 26.244127] ================================================================== [ 26.244244] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 26.244761] Write of size 121 at addr fff00000c73ad900 by task kunit_try_catch/287 [ 26.245132] [ 26.245445] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.245961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.246039] Hardware name: linux,dummy-virt (DT) [ 26.246141] Call trace: [ 26.246194] show_stack+0x20/0x38 (C) [ 26.246312] dump_stack_lvl+0x8c/0xd0 [ 26.246431] print_report+0x118/0x608 [ 26.246679] kasan_report+0xdc/0x128 [ 26.246831] kasan_check_range+0x100/0x1a8 [ 26.247240] __kasan_check_write+0x20/0x30 [ 26.247615] copy_user_test_oob+0x434/0xec8 [ 26.247754] kunit_try_run_case+0x170/0x3f0 [ 26.247914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.248035] kthread+0x328/0x630 [ 26.248236] ret_from_fork+0x10/0x20 [ 26.248561] [ 26.248675] Allocated by task 287: [ 26.248826] kasan_save_stack+0x3c/0x68 [ 26.248955] kasan_save_track+0x20/0x40 [ 26.249345] kasan_save_alloc_info+0x40/0x58 [ 26.249459] __kasan_kmalloc+0xd4/0xd8 [ 26.249642] __kmalloc_noprof+0x198/0x4c8 [ 26.249939] kunit_kmalloc_array+0x34/0x88 [ 26.250144] copy_user_test_oob+0xac/0xec8 [ 26.250249] kunit_try_run_case+0x170/0x3f0 [ 26.250346] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.250530] kthread+0x328/0x630 [ 26.250786] ret_from_fork+0x10/0x20 [ 26.251107] [ 26.251324] The buggy address belongs to the object at fff00000c73ad900 [ 26.251324] which belongs to the cache kmalloc-128 of size 128 [ 26.251480] The buggy address is located 0 bytes inside of [ 26.251480] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.251757] [ 26.252072] The buggy address belongs to the physical page: [ 26.252173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.252464] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.252912] page_type: f5(slab) [ 26.253119] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.253411] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.253812] page dumped because: kasan: bad access detected [ 26.254007] [ 26.254168] Memory state around the buggy address: [ 26.254394] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.254514] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.254833] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.255404] ^ [ 26.255517] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.255605] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.255679] ==================================================================
[ 26.836266] ================================================================== [ 26.837159] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 26.838876] Read of size 121 at addr ffff888102ed7700 by task kunit_try_catch/305 [ 26.839451] [ 26.839739] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 26.839904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.839949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.840013] Call Trace: [ 26.840062] <TASK> [ 26.840111] dump_stack_lvl+0x73/0xb0 [ 26.840162] print_report+0xd1/0x650 [ 26.840243] ? __virt_addr_valid+0x1db/0x2d0 [ 26.840286] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.840375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.840453] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.840530] kasan_report+0x141/0x180 [ 26.840610] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.840697] kasan_check_range+0x10c/0x1c0 [ 26.840771] __kasan_check_read+0x15/0x20 [ 26.840843] copy_user_test_oob+0x4aa/0x10f0 [ 26.840924] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.840971] ? finish_task_switch.isra.0+0x153/0x700 [ 26.841016] ? __switch_to+0x5d9/0xf60 [ 26.841087] ? dequeue_task_fair+0x166/0x4e0 [ 26.841135] ? __schedule+0x10cc/0x2b60 [ 26.841175] ? __pfx_read_tsc+0x10/0x10 [ 26.841212] ? ktime_get_ts64+0x86/0x230 [ 26.841256] kunit_try_run_case+0x1a5/0x480 [ 26.841324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.841368] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.841410] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.841451] ? __kthread_parkme+0x82/0x180 [ 26.841489] ? preempt_count_sub+0x50/0x80 [ 26.841528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.841568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.841606] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.841645] kthread+0x337/0x6f0 [ 26.841673] ? trace_preempt_on+0x20/0xc0 [ 26.841714] ? __pfx_kthread+0x10/0x10 [ 26.841743] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.841778] ? calculate_sigpending+0x7b/0xa0 [ 26.841812] ? __pfx_kthread+0x10/0x10 [ 26.841843] ret_from_fork+0x41/0x80 [ 26.841878] ? __pfx_kthread+0x10/0x10 [ 26.841909] ret_from_fork_asm+0x1a/0x30 [ 26.841957] </TASK> [ 26.841974] [ 26.858218] Allocated by task 305: [ 26.858557] kasan_save_stack+0x45/0x70 [ 26.858923] kasan_save_track+0x18/0x40 [ 26.859667] kasan_save_alloc_info+0x3b/0x50 [ 26.860948] __kasan_kmalloc+0xb7/0xc0 [ 26.861661] __kmalloc_noprof+0x1c9/0x500 [ 26.862002] kunit_kmalloc_array+0x25/0x60 [ 26.862382] copy_user_test_oob+0xab/0x10f0 [ 26.862738] kunit_try_run_case+0x1a5/0x480 [ 26.863686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.864322] kthread+0x337/0x6f0 [ 26.864778] ret_from_fork+0x41/0x80 [ 26.865327] ret_from_fork_asm+0x1a/0x30 [ 26.866064] [ 26.866340] The buggy address belongs to the object at ffff888102ed7700 [ 26.866340] which belongs to the cache kmalloc-128 of size 128 [ 26.867261] The buggy address is located 0 bytes inside of [ 26.867261] allocated 120-byte region [ffff888102ed7700, ffff888102ed7778) [ 26.868191] [ 26.868448] The buggy address belongs to the physical page: [ 26.868873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ed7 [ 26.869918] flags: 0x200000000000000(node=0|zone=2) [ 26.870928] page_type: f5(slab) [ 26.871305] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.872210] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.872839] page dumped because: kasan: bad access detected [ 26.873673] [ 26.873904] Memory state around the buggy address: [ 26.874697] ffff888102ed7600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.875453] ffff888102ed7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.876170] >ffff888102ed7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.876910] ^ [ 26.877727] ffff888102ed7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.878493] ffff888102ed7800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.879283] ================================================================== [ 26.924599] ================================================================== [ 26.925008] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 26.926762] Read of size 121 at addr ffff888102ed7700 by task kunit_try_catch/305 [ 26.927570] [ 26.928391] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 26.928467] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.928489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.928522] Call Trace: [ 26.928550] <TASK> [ 26.928577] dump_stack_lvl+0x73/0xb0 [ 26.928622] print_report+0xd1/0x650 [ 26.928664] ? __virt_addr_valid+0x1db/0x2d0 [ 26.928701] ? copy_user_test_oob+0x604/0x10f0 [ 26.928734] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.928772] ? copy_user_test_oob+0x604/0x10f0 [ 26.928805] kasan_report+0x141/0x180 [ 26.928843] ? copy_user_test_oob+0x604/0x10f0 [ 26.928883] kasan_check_range+0x10c/0x1c0 [ 26.928918] __kasan_check_read+0x15/0x20 [ 26.928950] copy_user_test_oob+0x604/0x10f0 [ 26.928987] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.929020] ? finish_task_switch.isra.0+0x153/0x700 [ 26.929086] ? __switch_to+0x5d9/0xf60 [ 26.929125] ? dequeue_task_fair+0x166/0x4e0 [ 26.929167] ? __schedule+0x10cc/0x2b60 [ 26.929209] ? __pfx_read_tsc+0x10/0x10 [ 26.929245] ? ktime_get_ts64+0x86/0x230 [ 26.929287] kunit_try_run_case+0x1a5/0x480 [ 26.929355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.929396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.929435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.929474] ? __kthread_parkme+0x82/0x180 [ 26.929510] ? preempt_count_sub+0x50/0x80 [ 26.929549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.929589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.929627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.929667] kthread+0x337/0x6f0 [ 26.929695] ? trace_preempt_on+0x20/0xc0 [ 26.929736] ? __pfx_kthread+0x10/0x10 [ 26.929765] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.929799] ? calculate_sigpending+0x7b/0xa0 [ 26.929835] ? __pfx_kthread+0x10/0x10 [ 26.929865] ret_from_fork+0x41/0x80 [ 26.929902] ? __pfx_kthread+0x10/0x10 [ 26.929931] ret_from_fork_asm+0x1a/0x30 [ 26.929978] </TASK> [ 26.929996] [ 26.950308] Allocated by task 305: [ 26.950703] kasan_save_stack+0x45/0x70 [ 26.951093] kasan_save_track+0x18/0x40 [ 26.951568] kasan_save_alloc_info+0x3b/0x50 [ 26.951928] __kasan_kmalloc+0xb7/0xc0 [ 26.952384] __kmalloc_noprof+0x1c9/0x500 [ 26.953081] kunit_kmalloc_array+0x25/0x60 [ 26.953673] copy_user_test_oob+0xab/0x10f0 [ 26.954153] kunit_try_run_case+0x1a5/0x480 [ 26.954683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.955378] kthread+0x337/0x6f0 [ 26.955860] ret_from_fork+0x41/0x80 [ 26.956367] ret_from_fork_asm+0x1a/0x30 [ 26.956851] [ 26.957140] The buggy address belongs to the object at ffff888102ed7700 [ 26.957140] which belongs to the cache kmalloc-128 of size 128 [ 26.958322] The buggy address is located 0 bytes inside of [ 26.958322] allocated 120-byte region [ffff888102ed7700, ffff888102ed7778) [ 26.959462] [ 26.959713] The buggy address belongs to the physical page: [ 26.960423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ed7 [ 26.961251] flags: 0x200000000000000(node=0|zone=2) [ 26.961788] page_type: f5(slab) [ 26.962277] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.963019] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.963864] page dumped because: kasan: bad access detected [ 26.964685] [ 26.964782] Memory state around the buggy address: [ 26.964957] ffff888102ed7600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.965580] ffff888102ed7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.966343] >ffff888102ed7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.967015] ^ [ 26.967787] ffff888102ed7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.968732] ffff888102ed7800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.969505] ================================================================== [ 26.785394] ================================================================== [ 26.786000] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.787107] Write of size 121 at addr ffff888102ed7700 by task kunit_try_catch/305 [ 26.787849] [ 26.788086] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 26.789165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.789202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.789262] Call Trace: [ 26.789330] <TASK> [ 26.789387] dump_stack_lvl+0x73/0xb0 [ 26.789475] print_report+0xd1/0x650 [ 26.789556] ? __virt_addr_valid+0x1db/0x2d0 [ 26.789631] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.789701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.789775] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.789843] kasan_report+0x141/0x180 [ 26.789918] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.789999] kasan_check_range+0x10c/0x1c0 [ 26.790099] __kasan_check_write+0x18/0x20 [ 26.790164] copy_user_test_oob+0x3fd/0x10f0 [ 26.790226] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.790284] ? finish_task_switch.isra.0+0x153/0x700 [ 26.790372] ? __switch_to+0x5d9/0xf60 [ 26.790431] ? dequeue_task_fair+0x166/0x4e0 [ 26.790496] ? __schedule+0x10cc/0x2b60 [ 26.790562] ? __pfx_read_tsc+0x10/0x10 [ 26.790616] ? ktime_get_ts64+0x86/0x230 [ 26.790685] kunit_try_run_case+0x1a5/0x480 [ 26.790758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.790823] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.790895] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.790968] ? __kthread_parkme+0x82/0x180 [ 26.791044] ? preempt_count_sub+0x50/0x80 [ 26.791129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.791207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.791278] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.791383] kthread+0x337/0x6f0 [ 26.791435] ? trace_preempt_on+0x20/0xc0 [ 26.791509] ? __pfx_kthread+0x10/0x10 [ 26.791563] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.791622] ? calculate_sigpending+0x7b/0xa0 [ 26.791681] ? __pfx_kthread+0x10/0x10 [ 26.791730] ret_from_fork+0x41/0x80 [ 26.791787] ? __pfx_kthread+0x10/0x10 [ 26.791836] ret_from_fork_asm+0x1a/0x30 [ 26.791926] </TASK> [ 26.791957] [ 26.814590] Allocated by task 305: [ 26.815007] kasan_save_stack+0x45/0x70 [ 26.816102] kasan_save_track+0x18/0x40 [ 26.816676] kasan_save_alloc_info+0x3b/0x50 [ 26.817059] __kasan_kmalloc+0xb7/0xc0 [ 26.817484] __kmalloc_noprof+0x1c9/0x500 [ 26.817865] kunit_kmalloc_array+0x25/0x60 [ 26.818891] copy_user_test_oob+0xab/0x10f0 [ 26.819320] kunit_try_run_case+0x1a5/0x480 [ 26.819870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.820594] kthread+0x337/0x6f0 [ 26.821341] ret_from_fork+0x41/0x80 [ 26.821847] ret_from_fork_asm+0x1a/0x30 [ 26.822239] [ 26.822675] The buggy address belongs to the object at ffff888102ed7700 [ 26.822675] which belongs to the cache kmalloc-128 of size 128 [ 26.823758] The buggy address is located 0 bytes inside of [ 26.823758] allocated 120-byte region [ffff888102ed7700, ffff888102ed7778) [ 26.825123] [ 26.825545] The buggy address belongs to the physical page: [ 26.826141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ed7 [ 26.826587] flags: 0x200000000000000(node=0|zone=2) [ 26.827231] page_type: f5(slab) [ 26.827630] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.828465] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.829229] page dumped because: kasan: bad access detected [ 26.829675] [ 26.830126] Memory state around the buggy address: [ 26.830665] ffff888102ed7600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.831317] ffff888102ed7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.832211] >ffff888102ed7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.832861] ^ [ 26.833652] ffff888102ed7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.834559] ffff888102ed7800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.835311] ================================================================== [ 26.880280] ================================================================== [ 26.880835] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 26.882169] Write of size 121 at addr ffff888102ed7700 by task kunit_try_catch/305 [ 26.883875] [ 26.884539] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 26.884816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.884852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.884886] Call Trace: [ 26.884915] <TASK> [ 26.884942] dump_stack_lvl+0x73/0xb0 [ 26.884989] print_report+0xd1/0x650 [ 26.885031] ? __virt_addr_valid+0x1db/0x2d0 [ 26.885110] ? copy_user_test_oob+0x557/0x10f0 [ 26.885148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.885187] ? copy_user_test_oob+0x557/0x10f0 [ 26.885220] kasan_report+0x141/0x180 [ 26.885256] ? copy_user_test_oob+0x557/0x10f0 [ 26.885319] kasan_check_range+0x10c/0x1c0 [ 26.885359] __kasan_check_write+0x18/0x20 [ 26.885393] copy_user_test_oob+0x557/0x10f0 [ 26.885429] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.885460] ? finish_task_switch.isra.0+0x153/0x700 [ 26.885501] ? __switch_to+0x5d9/0xf60 [ 26.885534] ? dequeue_task_fair+0x166/0x4e0 [ 26.885572] ? __schedule+0x10cc/0x2b60 [ 26.885610] ? __pfx_read_tsc+0x10/0x10 [ 26.885646] ? ktime_get_ts64+0x86/0x230 [ 26.885694] kunit_try_run_case+0x1a5/0x480 [ 26.885738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.885776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.885817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.885857] ? __kthread_parkme+0x82/0x180 [ 26.885894] ? preempt_count_sub+0x50/0x80 [ 26.885934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.885974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.886013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.886063] kthread+0x337/0x6f0 [ 26.886110] ? trace_preempt_on+0x20/0xc0 [ 26.886150] ? __pfx_kthread+0x10/0x10 [ 26.886180] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.886215] ? calculate_sigpending+0x7b/0xa0 [ 26.886251] ? __pfx_kthread+0x10/0x10 [ 26.886279] ret_from_fork+0x41/0x80 [ 26.886340] ? __pfx_kthread+0x10/0x10 [ 26.886371] ret_from_fork_asm+0x1a/0x30 [ 26.886420] </TASK> [ 26.886438] [ 26.901625] Allocated by task 305: [ 26.902109] kasan_save_stack+0x45/0x70 [ 26.902604] kasan_save_track+0x18/0x40 [ 26.903078] kasan_save_alloc_info+0x3b/0x50 [ 26.903552] __kasan_kmalloc+0xb7/0xc0 [ 26.904009] __kmalloc_noprof+0x1c9/0x500 [ 26.904498] kunit_kmalloc_array+0x25/0x60 [ 26.904833] copy_user_test_oob+0xab/0x10f0 [ 26.905207] kunit_try_run_case+0x1a5/0x480 [ 26.905927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.906564] kthread+0x337/0x6f0 [ 26.906957] ret_from_fork+0x41/0x80 [ 26.907412] ret_from_fork_asm+0x1a/0x30 [ 26.907837] [ 26.908046] The buggy address belongs to the object at ffff888102ed7700 [ 26.908046] which belongs to the cache kmalloc-128 of size 128 [ 26.909441] The buggy address is located 0 bytes inside of [ 26.909441] allocated 120-byte region [ffff888102ed7700, ffff888102ed7778) [ 26.910554] [ 26.910784] The buggy address belongs to the physical page: [ 26.911188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ed7 [ 26.911936] flags: 0x200000000000000(node=0|zone=2) [ 26.913854] page_type: f5(slab) [ 26.915087] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.915778] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.916602] page dumped because: kasan: bad access detected [ 26.917354] [ 26.917740] Memory state around the buggy address: [ 26.918348] ffff888102ed7600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.919263] ffff888102ed7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.920011] >ffff888102ed7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.920746] ^ [ 26.921447] ffff888102ed7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.922322] ffff888102ed7800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.923012] ==================================================================