Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 28.956158] ================================================================== [ 28.956466] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 28.957220] Write of size 121 at addr fff00000c5a7bb00 by task kunit_try_catch/287 [ 28.957588] [ 28.957679] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 28.957897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.958518] Hardware name: linux,dummy-virt (DT) [ 28.958617] Call trace: [ 28.958966] show_stack+0x20/0x38 (C) [ 28.959748] dump_stack_lvl+0x8c/0xd0 [ 28.960002] print_report+0x118/0x608 [ 28.960462] kasan_report+0xdc/0x128 [ 28.960588] kasan_check_range+0x100/0x1a8 [ 28.960709] __kasan_check_write+0x20/0x30 [ 28.960825] copy_user_test_oob+0x35c/0xec8 [ 28.961791] kunit_try_run_case+0x170/0x3f0 [ 28.962399] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.962859] kthread+0x328/0x630 [ 28.963600] ret_from_fork+0x10/0x20 [ 28.964067] [ 28.964124] Allocated by task 287: [ 28.964206] kasan_save_stack+0x3c/0x68 [ 28.965211] kasan_save_track+0x20/0x40 [ 28.965321] kasan_save_alloc_info+0x40/0x58 [ 28.965548] __kasan_kmalloc+0xd4/0xd8 [ 28.965781] __kmalloc_noprof+0x198/0x4c8 [ 28.966371] kunit_kmalloc_array+0x34/0x88 [ 28.966760] copy_user_test_oob+0xac/0xec8 [ 28.967187] kunit_try_run_case+0x170/0x3f0 [ 28.967300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.968060] kthread+0x328/0x630 [ 28.968579] ret_from_fork+0x10/0x20 [ 28.968939] [ 28.968999] The buggy address belongs to the object at fff00000c5a7bb00 [ 28.968999] which belongs to the cache kmalloc-128 of size 128 [ 28.969142] The buggy address is located 0 bytes inside of [ 28.969142] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 28.969306] [ 28.969361] The buggy address belongs to the physical page: [ 28.970671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 28.971132] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.971734] page_type: f5(slab) [ 28.972027] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.972173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.972876] page dumped because: kasan: bad access detected [ 28.973296] [ 28.973567] Memory state around the buggy address: [ 28.974423] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.975007] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.975375] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.975804] ^ [ 28.975964] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.976083] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.976198] ================================================================== [ 28.991943] ================================================================== [ 28.992232] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 28.992370] Write of size 121 at addr fff00000c5a7bb00 by task kunit_try_catch/287 [ 28.992615] [ 28.992694] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 28.993336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.993518] Hardware name: linux,dummy-virt (DT) [ 28.993635] Call trace: [ 28.993748] show_stack+0x20/0x38 (C) [ 28.994270] dump_stack_lvl+0x8c/0xd0 [ 28.994495] print_report+0x118/0x608 [ 28.994981] kasan_report+0xdc/0x128 [ 28.995516] kasan_check_range+0x100/0x1a8 [ 28.995976] __kasan_check_write+0x20/0x30 [ 28.996675] copy_user_test_oob+0x434/0xec8 [ 28.997096] kunit_try_run_case+0x170/0x3f0 [ 28.997236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.998863] kthread+0x328/0x630 [ 28.999218] ret_from_fork+0x10/0x20 [ 28.999917] [ 29.000105] Allocated by task 287: [ 29.000331] kasan_save_stack+0x3c/0x68 [ 29.000480] kasan_save_track+0x20/0x40 [ 29.000794] kasan_save_alloc_info+0x40/0x58 [ 29.001077] __kasan_kmalloc+0xd4/0xd8 [ 29.001273] __kmalloc_noprof+0x198/0x4c8 [ 29.001709] kunit_kmalloc_array+0x34/0x88 [ 29.002158] copy_user_test_oob+0xac/0xec8 [ 29.002289] kunit_try_run_case+0x170/0x3f0 [ 29.002589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.002732] kthread+0x328/0x630 [ 29.002828] ret_from_fork+0x10/0x20 [ 29.003020] [ 29.003080] The buggy address belongs to the object at fff00000c5a7bb00 [ 29.003080] which belongs to the cache kmalloc-128 of size 128 [ 29.003358] The buggy address is located 0 bytes inside of [ 29.003358] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 29.003532] [ 29.003582] The buggy address belongs to the physical page: [ 29.003655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 29.003778] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.003898] page_type: f5(slab) [ 29.004118] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.004266] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.004478] page dumped because: kasan: bad access detected [ 29.004608] [ 29.004669] Memory state around the buggy address: [ 29.004764] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.004927] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.005050] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.005201] ^ [ 29.005326] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.005479] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.005590] ================================================================== [ 29.006655] ================================================================== [ 29.006805] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 29.007016] Read of size 121 at addr fff00000c5a7bb00 by task kunit_try_catch/287 [ 29.007391] [ 29.007465] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 29.007695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.007778] Hardware name: linux,dummy-virt (DT) [ 29.007912] Call trace: [ 29.007976] show_stack+0x20/0x38 (C) [ 29.008172] dump_stack_lvl+0x8c/0xd0 [ 29.008327] print_report+0x118/0x608 [ 29.008478] kasan_report+0xdc/0x128 [ 29.008657] kasan_check_range+0x100/0x1a8 [ 29.008912] __kasan_check_read+0x20/0x30 [ 29.009171] copy_user_test_oob+0x4a0/0xec8 [ 29.009302] kunit_try_run_case+0x170/0x3f0 [ 29.009461] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.010100] kthread+0x328/0x630 [ 29.010174] ret_from_fork+0x10/0x20 [ 29.010278] [ 29.010361] Allocated by task 287: [ 29.010492] kasan_save_stack+0x3c/0x68 [ 29.010627] kasan_save_track+0x20/0x40 [ 29.010721] kasan_save_alloc_info+0x40/0x58 [ 29.010830] __kasan_kmalloc+0xd4/0xd8 [ 29.011065] __kmalloc_noprof+0x198/0x4c8 [ 29.011232] kunit_kmalloc_array+0x34/0x88 [ 29.011364] copy_user_test_oob+0xac/0xec8 [ 29.011543] kunit_try_run_case+0x170/0x3f0 [ 29.011819] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.012050] kthread+0x328/0x630 [ 29.012171] ret_from_fork+0x10/0x20 [ 29.012283] [ 29.012349] The buggy address belongs to the object at fff00000c5a7bb00 [ 29.012349] which belongs to the cache kmalloc-128 of size 128 [ 29.012533] The buggy address is located 0 bytes inside of [ 29.012533] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 29.012740] [ 29.012809] The buggy address belongs to the physical page: [ 29.012902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 29.013026] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.013166] page_type: f5(slab) [ 29.013327] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.013488] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.013600] page dumped because: kasan: bad access detected [ 29.013874] [ 29.013936] Memory state around the buggy address: [ 29.014021] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.014156] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.014269] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.014514] ^ [ 29.014715] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.014881] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015165] ================================================================== [ 28.978465] ================================================================== [ 28.978760] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 28.979015] Read of size 121 at addr fff00000c5a7bb00 by task kunit_try_catch/287 [ 28.979172] [ 28.979393] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 28.979634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.979715] Hardware name: linux,dummy-virt (DT) [ 28.979810] Call trace: [ 28.979880] show_stack+0x20/0x38 (C) [ 28.980163] dump_stack_lvl+0x8c/0xd0 [ 28.980439] print_report+0x118/0x608 [ 28.980745] kasan_report+0xdc/0x128 [ 28.980941] kasan_check_range+0x100/0x1a8 [ 28.981116] __kasan_check_read+0x20/0x30 [ 28.981393] copy_user_test_oob+0x3c8/0xec8 [ 28.981592] kunit_try_run_case+0x170/0x3f0 [ 28.981773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.981920] kthread+0x328/0x630 [ 28.982069] ret_from_fork+0x10/0x20 [ 28.982189] [ 28.982237] Allocated by task 287: [ 28.982399] kasan_save_stack+0x3c/0x68 [ 28.982614] kasan_save_track+0x20/0x40 [ 28.982846] kasan_save_alloc_info+0x40/0x58 [ 28.983071] __kasan_kmalloc+0xd4/0xd8 [ 28.983296] __kmalloc_noprof+0x198/0x4c8 [ 28.983433] kunit_kmalloc_array+0x34/0x88 [ 28.983597] copy_user_test_oob+0xac/0xec8 [ 28.983721] kunit_try_run_case+0x170/0x3f0 [ 28.984017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.984229] kthread+0x328/0x630 [ 28.984435] ret_from_fork+0x10/0x20 [ 28.984590] [ 28.984660] The buggy address belongs to the object at fff00000c5a7bb00 [ 28.984660] which belongs to the cache kmalloc-128 of size 128 [ 28.984892] The buggy address is located 0 bytes inside of [ 28.984892] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 28.985061] [ 28.985114] The buggy address belongs to the physical page: [ 28.985226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 28.985357] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.985492] page_type: f5(slab) [ 28.985588] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.985716] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.985859] page dumped because: kasan: bad access detected [ 28.986084] [ 28.986134] Memory state around the buggy address: [ 28.986212] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.986326] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.986462] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.986621] ^ [ 28.986732] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.986877] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.987042] ================================================================== [ 28.918077] ================================================================== [ 28.918193] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 28.918493] Read of size 121 at addr fff00000c5a7bb00 by task kunit_try_catch/287 [ 28.918676] [ 28.918752] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 28.919869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.919962] Hardware name: linux,dummy-virt (DT) [ 28.920088] Call trace: [ 28.920456] show_stack+0x20/0x38 (C) [ 28.921457] dump_stack_lvl+0x8c/0xd0 [ 28.922330] print_report+0x118/0x608 [ 28.922481] kasan_report+0xdc/0x128 [ 28.922593] kasan_check_range+0x100/0x1a8 [ 28.922717] __kasan_check_read+0x20/0x30 [ 28.924217] copy_user_test_oob+0x728/0xec8 [ 28.925187] kunit_try_run_case+0x170/0x3f0 [ 28.925326] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.925933] kthread+0x328/0x630 [ 28.926567] ret_from_fork+0x10/0x20 [ 28.926957] [ 28.927156] Allocated by task 287: [ 28.927627] kasan_save_stack+0x3c/0x68 [ 28.928410] kasan_save_track+0x20/0x40 [ 28.928678] kasan_save_alloc_info+0x40/0x58 [ 28.928785] __kasan_kmalloc+0xd4/0xd8 [ 28.928878] __kmalloc_noprof+0x198/0x4c8 [ 28.928983] kunit_kmalloc_array+0x34/0x88 [ 28.929095] copy_user_test_oob+0xac/0xec8 [ 28.930412] kunit_try_run_case+0x170/0x3f0 [ 28.930941] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.932162] kthread+0x328/0x630 [ 28.932567] ret_from_fork+0x10/0x20 [ 28.932755] [ 28.932890] The buggy address belongs to the object at fff00000c5a7bb00 [ 28.932890] which belongs to the cache kmalloc-128 of size 128 [ 28.933464] The buggy address is located 0 bytes inside of [ 28.933464] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 28.934446] [ 28.934645] The buggy address belongs to the physical page: [ 28.934786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 28.935438] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.936115] page_type: f5(slab) [ 28.937178] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.937476] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.937587] page dumped because: kasan: bad access detected [ 28.937674] [ 28.938679] Memory state around the buggy address: [ 28.939153] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.940409] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.940578] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.940799] ^ [ 28.941008] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.941137] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.941501] ================================================================== [ 28.898118] ================================================================== [ 28.898603] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 28.898768] Write of size 121 at addr fff00000c5a7bb00 by task kunit_try_catch/287 [ 28.898896] [ 28.898992] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 28.899203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.899277] Hardware name: linux,dummy-virt (DT) [ 28.899357] Call trace: [ 28.900223] show_stack+0x20/0x38 (C) [ 28.900496] dump_stack_lvl+0x8c/0xd0 [ 28.900761] print_report+0x118/0x608 [ 28.901305] kasan_report+0xdc/0x128 [ 28.901444] kasan_check_range+0x100/0x1a8 [ 28.902275] __kasan_check_write+0x20/0x30 [ 28.903531] copy_user_test_oob+0x234/0xec8 [ 28.904046] kunit_try_run_case+0x170/0x3f0 [ 28.904550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.904853] kthread+0x328/0x630 [ 28.905429] ret_from_fork+0x10/0x20 [ 28.905687] [ 28.905718] Allocated by task 287: [ 28.905763] kasan_save_stack+0x3c/0x68 [ 28.905819] kasan_save_track+0x20/0x40 [ 28.905868] kasan_save_alloc_info+0x40/0x58 [ 28.905918] __kasan_kmalloc+0xd4/0xd8 [ 28.905965] __kmalloc_noprof+0x198/0x4c8 [ 28.906013] kunit_kmalloc_array+0x34/0x88 [ 28.906064] copy_user_test_oob+0xac/0xec8 [ 28.906113] kunit_try_run_case+0x170/0x3f0 [ 28.906166] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.906226] kthread+0x328/0x630 [ 28.906273] ret_from_fork+0x10/0x20 [ 28.906320] [ 28.906350] The buggy address belongs to the object at fff00000c5a7bb00 [ 28.906350] which belongs to the cache kmalloc-128 of size 128 [ 28.906493] The buggy address is located 0 bytes inside of [ 28.906493] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 28.907015] [ 28.907083] The buggy address belongs to the physical page: [ 28.907161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 28.907299] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.907447] page_type: f5(slab) [ 28.907555] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.907941] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.908222] page dumped because: kasan: bad access detected [ 28.908351] [ 28.908429] Memory state around the buggy address: [ 28.908567] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.908732] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.909037] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.909145] ^ [ 28.909304] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.909510] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.909675] ==================================================================
[ 16.642311] ================================================================== [ 16.643299] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.643949] Read of size 121 at addr ffff8881029ed100 by task kunit_try_catch/305 [ 16.644383] [ 16.644916] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.645032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.645058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.645096] Call Trace: [ 16.645134] <TASK> [ 16.645164] dump_stack_lvl+0x73/0xb0 [ 16.645201] print_report+0xd1/0x650 [ 16.645237] ? __virt_addr_valid+0x1db/0x2d0 [ 16.645264] ? copy_user_test_oob+0x604/0x10f0 [ 16.645285] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.645307] ? copy_user_test_oob+0x604/0x10f0 [ 16.645327] kasan_report+0x141/0x180 [ 16.645348] ? copy_user_test_oob+0x604/0x10f0 [ 16.645372] kasan_check_range+0x10c/0x1c0 [ 16.645392] __kasan_check_read+0x15/0x20 [ 16.645411] copy_user_test_oob+0x604/0x10f0 [ 16.645433] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.645452] ? finish_task_switch.isra.0+0x153/0x700 [ 16.645476] ? __switch_to+0x5d9/0xf60 [ 16.645497] ? dequeue_task_fair+0x166/0x4e0 [ 16.645520] ? __schedule+0x10cc/0x2b60 [ 16.645547] ? __pfx_read_tsc+0x10/0x10 [ 16.645577] ? ktime_get_ts64+0x86/0x230 [ 16.645666] kunit_try_run_case+0x1a5/0x480 [ 16.645718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.645763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.645812] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.645847] ? __kthread_parkme+0x82/0x180 [ 16.645871] ? preempt_count_sub+0x50/0x80 [ 16.645895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.645918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.645955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.645983] kthread+0x337/0x6f0 [ 16.646002] ? trace_preempt_on+0x20/0xc0 [ 16.646026] ? __pfx_kthread+0x10/0x10 [ 16.646045] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.646067] ? calculate_sigpending+0x7b/0xa0 [ 16.646087] ? __pfx_kthread+0x10/0x10 [ 16.646107] ret_from_fork+0x41/0x80 [ 16.646127] ? __pfx_kthread+0x10/0x10 [ 16.646146] ret_from_fork_asm+0x1a/0x30 [ 16.646177] </TASK> [ 16.646191] [ 16.655790] Allocated by task 305: [ 16.656123] kasan_save_stack+0x45/0x70 [ 16.656363] kasan_save_track+0x18/0x40 [ 16.656534] kasan_save_alloc_info+0x3b/0x50 [ 16.656860] __kasan_kmalloc+0xb7/0xc0 [ 16.657182] __kmalloc_noprof+0x1c9/0x500 [ 16.657492] kunit_kmalloc_array+0x25/0x60 [ 16.657925] copy_user_test_oob+0xab/0x10f0 [ 16.658303] kunit_try_run_case+0x1a5/0x480 [ 16.658686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.659094] kthread+0x337/0x6f0 [ 16.659365] ret_from_fork+0x41/0x80 [ 16.659634] ret_from_fork_asm+0x1a/0x30 [ 16.659817] [ 16.659975] The buggy address belongs to the object at ffff8881029ed100 [ 16.659975] which belongs to the cache kmalloc-128 of size 128 [ 16.660849] The buggy address is located 0 bytes inside of [ 16.660849] allocated 120-byte region [ffff8881029ed100, ffff8881029ed178) [ 16.661573] [ 16.661798] The buggy address belongs to the physical page: [ 16.662110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ed [ 16.662461] flags: 0x200000000000000(node=0|zone=2) [ 16.662922] page_type: f5(slab) [ 16.663200] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.663736] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.664259] page dumped because: kasan: bad access detected [ 16.664605] [ 16.664778] Memory state around the buggy address: [ 16.665065] ffff8881029ed000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.665380] ffff8881029ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.665937] >ffff8881029ed100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.666277] ^ [ 16.666785] ffff8881029ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.667228] ffff8881029ed200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.667746] ================================================================== [ 16.582619] ================================================================== [ 16.583215] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.583797] Read of size 121 at addr ffff8881029ed100 by task kunit_try_catch/305 [ 16.584307] [ 16.584461] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.584593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.584633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.584684] Call Trace: [ 16.584729] <TASK> [ 16.584774] dump_stack_lvl+0x73/0xb0 [ 16.584832] print_report+0xd1/0x650 [ 16.584873] ? __virt_addr_valid+0x1db/0x2d0 [ 16.584947] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.584989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.585049] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.585091] kasan_report+0x141/0x180 [ 16.585137] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.585186] kasan_check_range+0x10c/0x1c0 [ 16.585228] __kasan_check_read+0x15/0x20 [ 16.585269] copy_user_test_oob+0x4aa/0x10f0 [ 16.585317] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.585358] ? finish_task_switch.isra.0+0x153/0x700 [ 16.585404] ? __switch_to+0x5d9/0xf60 [ 16.585445] ? dequeue_task_fair+0x166/0x4e0 [ 16.586250] ? __schedule+0x10cc/0x2b60 [ 16.586330] ? __pfx_read_tsc+0x10/0x10 [ 16.586357] ? ktime_get_ts64+0x86/0x230 [ 16.586386] kunit_try_run_case+0x1a5/0x480 [ 16.586431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.586476] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.586525] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.586567] ? __kthread_parkme+0x82/0x180 [ 16.586613] ? preempt_count_sub+0x50/0x80 [ 16.586683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.586733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.586785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.586836] kthread+0x337/0x6f0 [ 16.586877] ? trace_preempt_on+0x20/0xc0 [ 16.586927] ? __pfx_kthread+0x10/0x10 [ 16.586968] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.586996] ? calculate_sigpending+0x7b/0xa0 [ 16.587019] ? __pfx_kthread+0x10/0x10 [ 16.587038] ret_from_fork+0x41/0x80 [ 16.587058] ? __pfx_kthread+0x10/0x10 [ 16.587075] ret_from_fork_asm+0x1a/0x30 [ 16.587105] </TASK> [ 16.587120] [ 16.598344] Allocated by task 305: [ 16.598631] kasan_save_stack+0x45/0x70 [ 16.598869] kasan_save_track+0x18/0x40 [ 16.599189] kasan_save_alloc_info+0x3b/0x50 [ 16.599544] __kasan_kmalloc+0xb7/0xc0 [ 16.599892] __kmalloc_noprof+0x1c9/0x500 [ 16.600070] kunit_kmalloc_array+0x25/0x60 [ 16.600252] copy_user_test_oob+0xab/0x10f0 [ 16.600789] kunit_try_run_case+0x1a5/0x480 [ 16.601000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.601239] kthread+0x337/0x6f0 [ 16.601404] ret_from_fork+0x41/0x80 [ 16.602181] ret_from_fork_asm+0x1a/0x30 [ 16.602742] [ 16.602951] The buggy address belongs to the object at ffff8881029ed100 [ 16.602951] which belongs to the cache kmalloc-128 of size 128 [ 16.603470] The buggy address is located 0 bytes inside of [ 16.603470] allocated 120-byte region [ffff8881029ed100, ffff8881029ed178) [ 16.604440] [ 16.604915] The buggy address belongs to the physical page: [ 16.605213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ed [ 16.605779] flags: 0x200000000000000(node=0|zone=2) [ 16.606179] page_type: f5(slab) [ 16.606366] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.607065] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.607519] page dumped because: kasan: bad access detected [ 16.607841] [ 16.607946] Memory state around the buggy address: [ 16.608167] ffff8881029ed000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.608463] ffff8881029ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.609359] >ffff8881029ed100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.610000] ^ [ 16.610441] ffff8881029ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.610704] ffff8881029ed200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.611272] ================================================================== [ 16.559275] ================================================================== [ 16.559695] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.560074] Write of size 121 at addr ffff8881029ed100 by task kunit_try_catch/305 [ 16.560534] [ 16.560797] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.560905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.560929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.560971] Call Trace: [ 16.561006] <TASK> [ 16.561046] dump_stack_lvl+0x73/0xb0 [ 16.561108] print_report+0xd1/0x650 [ 16.561158] ? __virt_addr_valid+0x1db/0x2d0 [ 16.561199] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.561236] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.561283] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.561326] kasan_report+0x141/0x180 [ 16.561368] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.561445] kasan_check_range+0x10c/0x1c0 [ 16.561489] __kasan_check_write+0x18/0x20 [ 16.561533] copy_user_test_oob+0x3fd/0x10f0 [ 16.561578] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.561618] ? finish_task_switch.isra.0+0x153/0x700 [ 16.561684] ? __switch_to+0x5d9/0xf60 [ 16.561721] ? dequeue_task_fair+0x166/0x4e0 [ 16.561770] ? __schedule+0x10cc/0x2b60 [ 16.561802] ? __pfx_read_tsc+0x10/0x10 [ 16.561829] ? ktime_get_ts64+0x86/0x230 [ 16.561861] kunit_try_run_case+0x1a5/0x480 [ 16.561895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.561916] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.561941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.561980] ? __kthread_parkme+0x82/0x180 [ 16.562004] ? preempt_count_sub+0x50/0x80 [ 16.562029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.562052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.562077] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.562099] kthread+0x337/0x6f0 [ 16.562117] ? trace_preempt_on+0x20/0xc0 [ 16.562142] ? __pfx_kthread+0x10/0x10 [ 16.562160] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.562182] ? calculate_sigpending+0x7b/0xa0 [ 16.562204] ? __pfx_kthread+0x10/0x10 [ 16.562223] ret_from_fork+0x41/0x80 [ 16.562244] ? __pfx_kthread+0x10/0x10 [ 16.562262] ret_from_fork_asm+0x1a/0x30 [ 16.562293] </TASK> [ 16.562306] [ 16.571112] Allocated by task 305: [ 16.571463] kasan_save_stack+0x45/0x70 [ 16.571828] kasan_save_track+0x18/0x40 [ 16.572034] kasan_save_alloc_info+0x3b/0x50 [ 16.572215] __kasan_kmalloc+0xb7/0xc0 [ 16.572431] __kmalloc_noprof+0x1c9/0x500 [ 16.572797] kunit_kmalloc_array+0x25/0x60 [ 16.573107] copy_user_test_oob+0xab/0x10f0 [ 16.573424] kunit_try_run_case+0x1a5/0x480 [ 16.573664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.574030] kthread+0x337/0x6f0 [ 16.574212] ret_from_fork+0x41/0x80 [ 16.574517] ret_from_fork_asm+0x1a/0x30 [ 16.574717] [ 16.574822] The buggy address belongs to the object at ffff8881029ed100 [ 16.574822] which belongs to the cache kmalloc-128 of size 128 [ 16.575450] The buggy address is located 0 bytes inside of [ 16.575450] allocated 120-byte region [ffff8881029ed100, ffff8881029ed178) [ 16.575822] [ 16.575935] The buggy address belongs to the physical page: [ 16.576135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ed [ 16.576404] flags: 0x200000000000000(node=0|zone=2) [ 16.576601] page_type: f5(slab) [ 16.576932] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.577451] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.577980] page dumped because: kasan: bad access detected [ 16.578376] [ 16.578560] Memory state around the buggy address: [ 16.578914] ffff8881029ed000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.579396] ffff8881029ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.579835] >ffff8881029ed100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.580071] ^ [ 16.580316] ffff8881029ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.580578] ffff8881029ed200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.581090] ================================================================== [ 16.614004] ================================================================== [ 16.614379] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.614634] Write of size 121 at addr ffff8881029ed100 by task kunit_try_catch/305 [ 16.615258] [ 16.615929] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.616045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.616070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.616104] Call Trace: [ 16.616131] <TASK> [ 16.616160] dump_stack_lvl+0x73/0xb0 [ 16.616196] print_report+0xd1/0x650 [ 16.616220] ? __virt_addr_valid+0x1db/0x2d0 [ 16.616243] ? copy_user_test_oob+0x557/0x10f0 [ 16.616262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.616284] ? copy_user_test_oob+0x557/0x10f0 [ 16.616304] kasan_report+0x141/0x180 [ 16.616326] ? copy_user_test_oob+0x557/0x10f0 [ 16.616350] kasan_check_range+0x10c/0x1c0 [ 16.616370] __kasan_check_write+0x18/0x20 [ 16.616389] copy_user_test_oob+0x557/0x10f0 [ 16.616411] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.616430] ? finish_task_switch.isra.0+0x153/0x700 [ 16.616453] ? __switch_to+0x5d9/0xf60 [ 16.616474] ? dequeue_task_fair+0x166/0x4e0 [ 16.616497] ? __schedule+0x10cc/0x2b60 [ 16.616520] ? __pfx_read_tsc+0x10/0x10 [ 16.616542] ? ktime_get_ts64+0x86/0x230 [ 16.616579] kunit_try_run_case+0x1a5/0x480 [ 16.616633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.616678] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.616725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.616773] ? __kthread_parkme+0x82/0x180 [ 16.616807] ? preempt_count_sub+0x50/0x80 [ 16.616832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.616855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.616878] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.616901] kthread+0x337/0x6f0 [ 16.616919] ? trace_preempt_on+0x20/0xc0 [ 16.616942] ? __pfx_kthread+0x10/0x10 [ 16.616960] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.616980] ? calculate_sigpending+0x7b/0xa0 [ 16.617002] ? __pfx_kthread+0x10/0x10 [ 16.617020] ret_from_fork+0x41/0x80 [ 16.617040] ? __pfx_kthread+0x10/0x10 [ 16.617058] ret_from_fork_asm+0x1a/0x30 [ 16.617089] </TASK> [ 16.617103] [ 16.629050] Allocated by task 305: [ 16.629329] kasan_save_stack+0x45/0x70 [ 16.630014] kasan_save_track+0x18/0x40 [ 16.630220] kasan_save_alloc_info+0x3b/0x50 [ 16.630410] __kasan_kmalloc+0xb7/0xc0 [ 16.631028] __kmalloc_noprof+0x1c9/0x500 [ 16.631235] kunit_kmalloc_array+0x25/0x60 [ 16.631386] copy_user_test_oob+0xab/0x10f0 [ 16.631954] kunit_try_run_case+0x1a5/0x480 [ 16.632213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.632748] kthread+0x337/0x6f0 [ 16.632996] ret_from_fork+0x41/0x80 [ 16.633376] ret_from_fork_asm+0x1a/0x30 [ 16.633976] [ 16.634099] The buggy address belongs to the object at ffff8881029ed100 [ 16.634099] which belongs to the cache kmalloc-128 of size 128 [ 16.634571] The buggy address is located 0 bytes inside of [ 16.634571] allocated 120-byte region [ffff8881029ed100, ffff8881029ed178) [ 16.635033] [ 16.635144] The buggy address belongs to the physical page: [ 16.635379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ed [ 16.635752] flags: 0x200000000000000(node=0|zone=2) [ 16.635959] page_type: f5(slab) [ 16.636127] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.637169] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.637474] page dumped because: kasan: bad access detected [ 16.637718] [ 16.637834] Memory state around the buggy address: [ 16.638568] ffff8881029ed000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.638972] ffff8881029ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.639441] >ffff8881029ed100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.639852] ^ [ 16.640270] ffff8881029ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.640807] ffff8881029ed200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.641090] ==================================================================