Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 64.933426] ================================================================== [ 64.940371] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 64.947399] Read of size 121 at addr ffff000800dad600 by task kunit_try_catch/334 [ 64.954864] [ 64.956350] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 64.956407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.956425] Hardware name: WinLink E850-96 board (DT) [ 64.956447] Call trace: [ 64.956461] show_stack+0x20/0x38 (C) [ 64.956497] dump_stack_lvl+0x8c/0xd0 [ 64.956538] print_report+0x118/0x608 [ 64.956573] kasan_report+0xdc/0x128 [ 64.956603] kasan_check_range+0x100/0x1a8 [ 64.956638] __kasan_check_read+0x20/0x30 [ 64.956673] copy_user_test_oob+0x728/0xec8 [ 64.956704] kunit_try_run_case+0x170/0x3f0 [ 64.956741] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.956782] kthread+0x328/0x630 [ 64.956817] ret_from_fork+0x10/0x20 [ 64.956854] [ 65.022485] Allocated by task 334: [ 65.025872] kasan_save_stack+0x3c/0x68 [ 65.029689] kasan_save_track+0x20/0x40 [ 65.033509] kasan_save_alloc_info+0x40/0x58 [ 65.037763] __kasan_kmalloc+0xd4/0xd8 [ 65.041495] __kmalloc_noprof+0x198/0x4c8 [ 65.045488] kunit_kmalloc_array+0x34/0x88 [ 65.049567] copy_user_test_oob+0xac/0xec8 [ 65.053649] kunit_try_run_case+0x170/0x3f0 [ 65.057814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.063283] kthread+0x328/0x630 [ 65.066494] ret_from_fork+0x10/0x20 [ 65.070053] [ 65.071529] The buggy address belongs to the object at ffff000800dad600 [ 65.071529] which belongs to the cache kmalloc-128 of size 128 [ 65.084032] The buggy address is located 0 bytes inside of [ 65.084032] allocated 120-byte region [ffff000800dad600, ffff000800dad678) [ 65.096442] [ 65.097922] The buggy address belongs to the physical page: [ 65.103477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dac [ 65.111462] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.119100] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.126045] page_type: f5(slab) [ 65.129178] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.136900] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.144626] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.152437] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.160250] head: 0bfffe0000000001 fffffdffe0036b01 00000000ffffffff 00000000ffffffff [ 65.168062] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.175867] page dumped because: kasan: bad access detected [ 65.181423] [ 65.182899] Memory state around the buggy address: [ 65.187681] ffff000800dad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.194882] ffff000800dad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.202087] >ffff000800dad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.209288] ^ [ 65.216409] ffff000800dad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.223614] ffff000800dad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.230815] ================================================================== [ 64.623030] ================================================================== [ 64.635341] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 64.642369] Write of size 121 at addr ffff000800dad600 by task kunit_try_catch/334 [ 64.649922] [ 64.651409] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 64.651465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.651483] Hardware name: WinLink E850-96 board (DT) [ 64.651505] Call trace: [ 64.651519] show_stack+0x20/0x38 (C) [ 64.651558] dump_stack_lvl+0x8c/0xd0 [ 64.651599] print_report+0x118/0x608 [ 64.651631] kasan_report+0xdc/0x128 [ 64.651665] kasan_check_range+0x100/0x1a8 [ 64.651699] __kasan_check_write+0x20/0x30 [ 64.651733] copy_user_test_oob+0x234/0xec8 [ 64.651766] kunit_try_run_case+0x170/0x3f0 [ 64.651805] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.651844] kthread+0x328/0x630 [ 64.651884] ret_from_fork+0x10/0x20 [ 64.651920] [ 64.717628] Allocated by task 334: [ 64.721018] kasan_save_stack+0x3c/0x68 [ 64.724833] kasan_save_track+0x20/0x40 [ 64.728652] kasan_save_alloc_info+0x40/0x58 [ 64.732906] __kasan_kmalloc+0xd4/0xd8 [ 64.736639] __kmalloc_noprof+0x198/0x4c8 [ 64.740632] kunit_kmalloc_array+0x34/0x88 [ 64.744711] copy_user_test_oob+0xac/0xec8 [ 64.748791] kunit_try_run_case+0x170/0x3f0 [ 64.752957] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.758426] kthread+0x328/0x630 [ 64.761638] ret_from_fork+0x10/0x20 [ 64.765197] [ 64.766674] The buggy address belongs to the object at ffff000800dad600 [ 64.766674] which belongs to the cache kmalloc-128 of size 128 [ 64.779174] The buggy address is located 0 bytes inside of [ 64.779174] allocated 120-byte region [ffff000800dad600, ffff000800dad678) [ 64.791585] [ 64.793066] The buggy address belongs to the physical page: [ 64.798621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dac [ 64.806606] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.814244] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.821187] page_type: f5(slab) [ 64.824327] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.832043] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.839771] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.847581] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.855394] head: 0bfffe0000000001 fffffdffe0036b01 00000000ffffffff 00000000ffffffff [ 64.863206] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.871011] page dumped because: kasan: bad access detected [ 64.876568] [ 64.878042] Memory state around the buggy address: [ 64.882823] ffff000800dad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.890027] ffff000800dad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.897232] >ffff000800dad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.904431] ^ [ 64.911553] ffff000800dad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.918757] ffff000800dad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.925960] ================================================================== [ 65.543170] ================================================================== [ 65.550259] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 65.557286] Read of size 121 at addr ffff000800dad600 by task kunit_try_catch/334 [ 65.564751] [ 65.566236] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 65.566290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.566307] Hardware name: WinLink E850-96 board (DT) [ 65.566329] Call trace: [ 65.566344] show_stack+0x20/0x38 (C) [ 65.566379] dump_stack_lvl+0x8c/0xd0 [ 65.566415] print_report+0x118/0x608 [ 65.566449] kasan_report+0xdc/0x128 [ 65.566480] kasan_check_range+0x100/0x1a8 [ 65.566514] __kasan_check_read+0x20/0x30 [ 65.566550] copy_user_test_oob+0x3c8/0xec8 [ 65.566581] kunit_try_run_case+0x170/0x3f0 [ 65.566618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.566658] kthread+0x328/0x630 [ 65.566690] ret_from_fork+0x10/0x20 [ 65.566726] [ 65.632372] Allocated by task 334: [ 65.635760] kasan_save_stack+0x3c/0x68 [ 65.639576] kasan_save_track+0x20/0x40 [ 65.643396] kasan_save_alloc_info+0x40/0x58 [ 65.647649] __kasan_kmalloc+0xd4/0xd8 [ 65.651383] __kmalloc_noprof+0x198/0x4c8 [ 65.655375] kunit_kmalloc_array+0x34/0x88 [ 65.659455] copy_user_test_oob+0xac/0xec8 [ 65.663534] kunit_try_run_case+0x170/0x3f0 [ 65.667701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.673170] kthread+0x328/0x630 [ 65.676381] ret_from_fork+0x10/0x20 [ 65.679940] [ 65.681416] The buggy address belongs to the object at ffff000800dad600 [ 65.681416] which belongs to the cache kmalloc-128 of size 128 [ 65.693919] The buggy address is located 0 bytes inside of [ 65.693919] allocated 120-byte region [ffff000800dad600, ffff000800dad678) [ 65.706329] [ 65.707807] The buggy address belongs to the physical page: [ 65.713366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dac [ 65.721347] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.728986] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.735932] page_type: f5(slab) [ 65.739065] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.746786] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.754513] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.762324] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.770137] head: 0bfffe0000000001 fffffdffe0036b01 00000000ffffffff 00000000ffffffff [ 65.777949] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.785755] page dumped because: kasan: bad access detected [ 65.791310] [ 65.792785] Memory state around the buggy address: [ 65.797565] ffff000800dad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.804769] ffff000800dad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.811973] >ffff000800dad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.819174] ^ [ 65.826296] ffff000800dad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.833501] ffff000800dad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.840703] ================================================================== [ 65.238365] ================================================================== [ 65.245231] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 65.252256] Write of size 121 at addr ffff000800dad600 by task kunit_try_catch/334 [ 65.259808] [ 65.261293] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 65.261350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.261368] Hardware name: WinLink E850-96 board (DT) [ 65.261389] Call trace: [ 65.261404] show_stack+0x20/0x38 (C) [ 65.261443] dump_stack_lvl+0x8c/0xd0 [ 65.261481] print_report+0x118/0x608 [ 65.261513] kasan_report+0xdc/0x128 [ 65.261546] kasan_check_range+0x100/0x1a8 [ 65.261581] __kasan_check_write+0x20/0x30 [ 65.261614] copy_user_test_oob+0x35c/0xec8 [ 65.261644] kunit_try_run_case+0x170/0x3f0 [ 65.261682] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.261723] kthread+0x328/0x630 [ 65.261756] ret_from_fork+0x10/0x20 [ 65.261792] [ 65.327514] Allocated by task 334: [ 65.330904] kasan_save_stack+0x3c/0x68 [ 65.334720] kasan_save_track+0x20/0x40 [ 65.338539] kasan_save_alloc_info+0x40/0x58 [ 65.342792] __kasan_kmalloc+0xd4/0xd8 [ 65.346526] __kmalloc_noprof+0x198/0x4c8 [ 65.350518] kunit_kmalloc_array+0x34/0x88 [ 65.354598] copy_user_test_oob+0xac/0xec8 [ 65.358677] kunit_try_run_case+0x170/0x3f0 [ 65.362844] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.368313] kthread+0x328/0x630 [ 65.371525] ret_from_fork+0x10/0x20 [ 65.375084] [ 65.376559] The buggy address belongs to the object at ffff000800dad600 [ 65.376559] which belongs to the cache kmalloc-128 of size 128 [ 65.389062] The buggy address is located 0 bytes inside of [ 65.389062] allocated 120-byte region [ffff000800dad600, ffff000800dad678) [ 65.401472] [ 65.402951] The buggy address belongs to the physical page: [ 65.408508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dac [ 65.416489] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.424131] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.431074] page_type: f5(slab) [ 65.434211] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.441930] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.449656] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.457467] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.465280] head: 0bfffe0000000001 fffffdffe0036b01 00000000ffffffff 00000000ffffffff [ 65.473092] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.480898] page dumped because: kasan: bad access detected [ 65.486453] [ 65.487929] Memory state around the buggy address: [ 65.492710] ffff000800dad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.499912] ffff000800dad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.507116] >ffff000800dad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.514318] ^ [ 65.521440] ffff000800dad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.528644] ffff000800dad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.535845] ================================================================== [ 66.153052] ================================================================== [ 66.160144] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 66.167172] Read of size 121 at addr ffff000800dad600 by task kunit_try_catch/334 [ 66.174638] [ 66.176122] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 66.176177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.176197] Hardware name: WinLink E850-96 board (DT) [ 66.176219] Call trace: [ 66.176232] show_stack+0x20/0x38 (C) [ 66.176267] dump_stack_lvl+0x8c/0xd0 [ 66.176305] print_report+0x118/0x608 [ 66.176336] kasan_report+0xdc/0x128 [ 66.176367] kasan_check_range+0x100/0x1a8 [ 66.176400] __kasan_check_read+0x20/0x30 [ 66.176433] copy_user_test_oob+0x4a0/0xec8 [ 66.176463] kunit_try_run_case+0x170/0x3f0 [ 66.176501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.176539] kthread+0x328/0x630 [ 66.176573] ret_from_fork+0x10/0x20 [ 66.176606] [ 66.242258] Allocated by task 334: [ 66.245645] kasan_save_stack+0x3c/0x68 [ 66.249463] kasan_save_track+0x20/0x40 [ 66.253282] kasan_save_alloc_info+0x40/0x58 [ 66.257536] __kasan_kmalloc+0xd4/0xd8 [ 66.261268] __kmalloc_noprof+0x198/0x4c8 [ 66.265261] kunit_kmalloc_array+0x34/0x88 [ 66.269341] copy_user_test_oob+0xac/0xec8 [ 66.273420] kunit_try_run_case+0x170/0x3f0 [ 66.277587] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.283056] kthread+0x328/0x630 [ 66.286267] ret_from_fork+0x10/0x20 [ 66.289827] [ 66.291302] The buggy address belongs to the object at ffff000800dad600 [ 66.291302] which belongs to the cache kmalloc-128 of size 128 [ 66.303803] The buggy address is located 0 bytes inside of [ 66.303803] allocated 120-byte region [ffff000800dad600, ffff000800dad678) [ 66.316215] [ 66.317693] The buggy address belongs to the physical page: [ 66.323249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dac [ 66.331233] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.338873] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.345817] page_type: f5(slab) [ 66.348949] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.356673] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.364400] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.372210] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.380024] head: 0bfffe0000000001 fffffdffe0036b01 00000000ffffffff 00000000ffffffff [ 66.387835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.395641] page dumped because: kasan: bad access detected [ 66.401196] [ 66.402672] Memory state around the buggy address: [ 66.407452] ffff000800dad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.414655] ffff000800dad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.421860] >ffff000800dad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.429061] ^ [ 66.436182] ffff000800dad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.443389] ffff000800dad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.450589] ================================================================== [ 65.848118] ================================================================== [ 65.855114] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 65.862142] Write of size 121 at addr ffff000800dad600 by task kunit_try_catch/334 [ 65.869694] [ 65.871179] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 65.871235] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.871254] Hardware name: WinLink E850-96 board (DT) [ 65.871276] Call trace: [ 65.871290] show_stack+0x20/0x38 (C) [ 65.871327] dump_stack_lvl+0x8c/0xd0 [ 65.871366] print_report+0x118/0x608 [ 65.871399] kasan_report+0xdc/0x128 [ 65.871431] kasan_check_range+0x100/0x1a8 [ 65.871463] __kasan_check_write+0x20/0x30 [ 65.871497] copy_user_test_oob+0x434/0xec8 [ 65.871527] kunit_try_run_case+0x170/0x3f0 [ 65.871566] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.871604] kthread+0x328/0x630 [ 65.871640] ret_from_fork+0x10/0x20 [ 65.871674] [ 65.937401] Allocated by task 334: [ 65.940788] kasan_save_stack+0x3c/0x68 [ 65.944606] kasan_save_track+0x20/0x40 [ 65.948425] kasan_save_alloc_info+0x40/0x58 [ 65.952679] __kasan_kmalloc+0xd4/0xd8 [ 65.956413] __kmalloc_noprof+0x198/0x4c8 [ 65.960405] kunit_kmalloc_array+0x34/0x88 [ 65.964485] copy_user_test_oob+0xac/0xec8 [ 65.968564] kunit_try_run_case+0x170/0x3f0 [ 65.972731] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.978199] kthread+0x328/0x630 [ 65.981411] ret_from_fork+0x10/0x20 [ 65.984970] [ 65.986446] The buggy address belongs to the object at ffff000800dad600 [ 65.986446] which belongs to the cache kmalloc-128 of size 128 [ 65.998948] The buggy address is located 0 bytes inside of [ 65.998948] allocated 120-byte region [ffff000800dad600, ffff000800dad678) [ 66.011359] [ 66.012836] The buggy address belongs to the physical page: [ 66.018395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dac [ 66.026379] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.034017] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.040959] page_type: f5(slab) [ 66.044095] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.051816] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.059543] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.067354] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.075167] head: 0bfffe0000000001 fffffdffe0036b01 00000000ffffffff 00000000ffffffff [ 66.082979] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.090785] page dumped because: kasan: bad access detected [ 66.096340] [ 66.097816] Memory state around the buggy address: [ 66.102597] ffff000800dad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.109799] ffff000800dad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.117003] >ffff000800dad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.124204] ^ [ 66.131327] ffff000800dad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.138531] ffff000800dad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.145732] ==================================================================
[ 21.062909] ================================================================== [ 21.062989] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.063113] Write of size 121 at addr fff00000c791de00 by task kunit_try_catch/287 [ 21.063230] [ 21.063319] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 21.063448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.063871] Hardware name: linux,dummy-virt (DT) [ 21.064244] Call trace: [ 21.064332] show_stack+0x20/0x38 (C) [ 21.064393] dump_stack_lvl+0x8c/0xd0 [ 21.064560] print_report+0x118/0x608 [ 21.064825] kasan_report+0xdc/0x128 [ 21.064905] kasan_check_range+0x100/0x1a8 [ 21.065426] __kasan_check_write+0x20/0x30 [ 21.065584] copy_user_test_oob+0x35c/0xec8 [ 21.065718] kunit_try_run_case+0x170/0x3f0 [ 21.065877] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.066347] kthread+0x328/0x630 [ 21.066440] ret_from_fork+0x10/0x20 [ 21.066554] [ 21.066585] Allocated by task 287: [ 21.066624] kasan_save_stack+0x3c/0x68 [ 21.066713] kasan_save_track+0x20/0x40 [ 21.066754] kasan_save_alloc_info+0x40/0x58 [ 21.066806] __kasan_kmalloc+0xd4/0xd8 [ 21.066873] __kmalloc_noprof+0x198/0x4c8 [ 21.066912] kunit_kmalloc_array+0x34/0x88 [ 21.066954] copy_user_test_oob+0xac/0xec8 [ 21.066998] kunit_try_run_case+0x170/0x3f0 [ 21.067040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.067095] kthread+0x328/0x630 [ 21.067143] ret_from_fork+0x10/0x20 [ 21.067199] [ 21.067221] The buggy address belongs to the object at fff00000c791de00 [ 21.067221] which belongs to the cache kmalloc-128 of size 128 [ 21.067299] The buggy address is located 0 bytes inside of [ 21.067299] allocated 120-byte region [fff00000c791de00, fff00000c791de78) [ 21.067372] [ 21.067405] The buggy address belongs to the physical page: [ 21.067452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10791d [ 21.067507] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.067564] page_type: f5(slab) [ 21.067610] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.067664] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.067714] page dumped because: kasan: bad access detected [ 21.067777] [ 21.067806] Memory state around the buggy address: [ 21.067850] fff00000c791dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.068114] fff00000c791dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.068176] >fff00000c791de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.068221] ^ [ 21.068265] fff00000c791de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.069417] fff00000c791df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.069879] ================================================================== [ 21.082621] ================================================================== [ 21.082702] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.082779] Write of size 121 at addr fff00000c791de00 by task kunit_try_catch/287 [ 21.082835] [ 21.082881] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 21.082968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.082998] Hardware name: linux,dummy-virt (DT) [ 21.083031] Call trace: [ 21.083055] show_stack+0x20/0x38 (C) [ 21.083105] dump_stack_lvl+0x8c/0xd0 [ 21.083161] print_report+0x118/0x608 [ 21.083231] kasan_report+0xdc/0x128 [ 21.083277] kasan_check_range+0x100/0x1a8 [ 21.083326] __kasan_check_write+0x20/0x30 [ 21.083375] copy_user_test_oob+0x434/0xec8 [ 21.083423] kunit_try_run_case+0x170/0x3f0 [ 21.083474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.083529] kthread+0x328/0x630 [ 21.083575] ret_from_fork+0x10/0x20 [ 21.083631] [ 21.083652] Allocated by task 287: [ 21.083685] kasan_save_stack+0x3c/0x68 [ 21.083738] kasan_save_track+0x20/0x40 [ 21.083778] kasan_save_alloc_info+0x40/0x58 [ 21.083817] __kasan_kmalloc+0xd4/0xd8 [ 21.083865] __kmalloc_noprof+0x198/0x4c8 [ 21.083963] kunit_kmalloc_array+0x34/0x88 [ 21.084326] copy_user_test_oob+0xac/0xec8 [ 21.084817] kunit_try_run_case+0x170/0x3f0 [ 21.085272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.085334] kthread+0x328/0x630 [ 21.085373] ret_from_fork+0x10/0x20 [ 21.085740] [ 21.086300] The buggy address belongs to the object at fff00000c791de00 [ 21.086300] which belongs to the cache kmalloc-128 of size 128 [ 21.086500] The buggy address is located 0 bytes inside of [ 21.086500] allocated 120-byte region [fff00000c791de00, fff00000c791de78) [ 21.086671] [ 21.086695] The buggy address belongs to the physical page: [ 21.087047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10791d [ 21.087498] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.087653] page_type: f5(slab) [ 21.087921] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.088071] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.088122] page dumped because: kasan: bad access detected [ 21.088159] [ 21.088181] Memory state around the buggy address: [ 21.088673] fff00000c791dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.089178] fff00000c791dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.089248] >fff00000c791de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.089294] ^ [ 21.089916] fff00000c791de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.090371] fff00000c791df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.090576] ================================================================== [ 21.031606] ================================================================== [ 21.031710] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.032384] Write of size 121 at addr fff00000c791de00 by task kunit_try_catch/287 [ 21.032464] [ 21.032749] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 21.032874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.033007] Hardware name: linux,dummy-virt (DT) [ 21.033076] Call trace: [ 21.033111] show_stack+0x20/0x38 (C) [ 21.033191] dump_stack_lvl+0x8c/0xd0 [ 21.033288] print_report+0x118/0x608 [ 21.033354] kasan_report+0xdc/0x128 [ 21.033634] kasan_check_range+0x100/0x1a8 [ 21.033726] __kasan_check_write+0x20/0x30 [ 21.033802] copy_user_test_oob+0x234/0xec8 [ 21.034063] kunit_try_run_case+0x170/0x3f0 [ 21.034289] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.034581] kthread+0x328/0x630 [ 21.034690] ret_from_fork+0x10/0x20 [ 21.035011] [ 21.035378] Allocated by task 287: [ 21.035684] kasan_save_stack+0x3c/0x68 [ 21.036147] kasan_save_track+0x20/0x40 [ 21.036244] kasan_save_alloc_info+0x40/0x58 [ 21.036434] __kasan_kmalloc+0xd4/0xd8 [ 21.036677] __kmalloc_noprof+0x198/0x4c8 [ 21.036780] kunit_kmalloc_array+0x34/0x88 [ 21.036980] copy_user_test_oob+0xac/0xec8 [ 21.037164] kunit_try_run_case+0x170/0x3f0 [ 21.037409] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.037644] kthread+0x328/0x630 [ 21.037732] ret_from_fork+0x10/0x20 [ 21.038127] [ 21.038166] The buggy address belongs to the object at fff00000c791de00 [ 21.038166] which belongs to the cache kmalloc-128 of size 128 [ 21.038329] The buggy address is located 0 bytes inside of [ 21.038329] allocated 120-byte region [fff00000c791de00, fff00000c791de78) [ 21.038397] [ 21.038424] The buggy address belongs to the physical page: [ 21.038459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10791d [ 21.038524] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.038580] page_type: f5(slab) [ 21.038636] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.038691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.038753] page dumped because: kasan: bad access detected [ 21.038790] [ 21.038818] Memory state around the buggy address: [ 21.038868] fff00000c791dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.038916] fff00000c791dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.038976] >fff00000c791de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.039019] ^ [ 21.039077] fff00000c791de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.039124] fff00000c791df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.039174] ================================================================== [ 21.045972] ================================================================== [ 21.046033] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.046088] Read of size 121 at addr fff00000c791de00 by task kunit_try_catch/287 [ 21.046621] [ 21.046871] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 21.046974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.047260] Hardware name: linux,dummy-virt (DT) [ 21.047504] Call trace: [ 21.047531] show_stack+0x20/0x38 (C) [ 21.047645] dump_stack_lvl+0x8c/0xd0 [ 21.047759] print_report+0x118/0x608 [ 21.048031] kasan_report+0xdc/0x128 [ 21.048276] kasan_check_range+0x100/0x1a8 [ 21.048549] __kasan_check_read+0x20/0x30 [ 21.048642] copy_user_test_oob+0x728/0xec8 [ 21.048826] kunit_try_run_case+0x170/0x3f0 [ 21.049317] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.049643] kthread+0x328/0x630 [ 21.049706] ret_from_fork+0x10/0x20 [ 21.050179] [ 21.050483] Allocated by task 287: [ 21.050673] kasan_save_stack+0x3c/0x68 [ 21.051045] kasan_save_track+0x20/0x40 [ 21.051177] kasan_save_alloc_info+0x40/0x58 [ 21.051428] __kasan_kmalloc+0xd4/0xd8 [ 21.051626] __kmalloc_noprof+0x198/0x4c8 [ 21.051689] kunit_kmalloc_array+0x34/0x88 [ 21.051922] copy_user_test_oob+0xac/0xec8 [ 21.051976] kunit_try_run_case+0x170/0x3f0 [ 21.052271] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.052430] kthread+0x328/0x630 [ 21.052491] ret_from_fork+0x10/0x20 [ 21.052553] [ 21.052576] The buggy address belongs to the object at fff00000c791de00 [ 21.052576] which belongs to the cache kmalloc-128 of size 128 [ 21.052647] The buggy address is located 0 bytes inside of [ 21.052647] allocated 120-byte region [fff00000c791de00, fff00000c791de78) [ 21.052713] [ 21.052744] The buggy address belongs to the physical page: [ 21.052778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10791d [ 21.052833] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.052906] page_type: f5(slab) [ 21.052952] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.053008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.053077] page dumped because: kasan: bad access detected [ 21.053114] [ 21.053135] Memory state around the buggy address: [ 21.053178] fff00000c791dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.053228] fff00000c791dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.053285] >fff00000c791de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.053329] ^ [ 21.053390] fff00000c791de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.053442] fff00000c791df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.053503] ================================================================== [ 21.072249] ================================================================== [ 21.072309] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.072362] Read of size 121 at addr fff00000c791de00 by task kunit_try_catch/287 [ 21.072416] [ 21.072692] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 21.072956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.072988] Hardware name: linux,dummy-virt (DT) [ 21.073544] Call trace: [ 21.073586] show_stack+0x20/0x38 (C) [ 21.073766] dump_stack_lvl+0x8c/0xd0 [ 21.073931] print_report+0x118/0x608 [ 21.073984] kasan_report+0xdc/0x128 [ 21.074047] kasan_check_range+0x100/0x1a8 [ 21.074097] __kasan_check_read+0x20/0x30 [ 21.074184] copy_user_test_oob+0x3c8/0xec8 [ 21.074525] kunit_try_run_case+0x170/0x3f0 [ 21.074793] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.074869] kthread+0x328/0x630 [ 21.074918] ret_from_fork+0x10/0x20 [ 21.075090] [ 21.075152] Allocated by task 287: [ 21.075189] kasan_save_stack+0x3c/0x68 [ 21.075234] kasan_save_track+0x20/0x40 [ 21.075591] kasan_save_alloc_info+0x40/0x58 [ 21.075809] __kasan_kmalloc+0xd4/0xd8 [ 21.075912] __kmalloc_noprof+0x198/0x4c8 [ 21.076003] kunit_kmalloc_array+0x34/0x88 [ 21.076139] copy_user_test_oob+0xac/0xec8 [ 21.076198] kunit_try_run_case+0x170/0x3f0 [ 21.076243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.076452] kthread+0x328/0x630 [ 21.077045] ret_from_fork+0x10/0x20 [ 21.077168] [ 21.077226] The buggy address belongs to the object at fff00000c791de00 [ 21.077226] which belongs to the cache kmalloc-128 of size 128 [ 21.077290] The buggy address is located 0 bytes inside of [ 21.077290] allocated 120-byte region [fff00000c791de00, fff00000c791de78) [ 21.077657] [ 21.077703] The buggy address belongs to the physical page: [ 21.077761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10791d [ 21.078307] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.078451] page_type: f5(slab) [ 21.078565] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.078620] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.078961] page dumped because: kasan: bad access detected [ 21.079243] [ 21.079327] Memory state around the buggy address: [ 21.079367] fff00000c791dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.080340] fff00000c791dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.080399] >fff00000c791de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.080443] ^ [ 21.080488] fff00000c791de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.081007] fff00000c791df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.081186] ================================================================== [ 21.094515] ================================================================== [ 21.095060] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.095131] Read of size 121 at addr fff00000c791de00 by task kunit_try_catch/287 [ 21.095534] [ 21.095700] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 21.095796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.096090] Hardware name: linux,dummy-virt (DT) [ 21.096175] Call trace: [ 21.096608] show_stack+0x20/0x38 (C) [ 21.096784] dump_stack_lvl+0x8c/0xd0 [ 21.096994] print_report+0x118/0x608 [ 21.097104] kasan_report+0xdc/0x128 [ 21.097154] kasan_check_range+0x100/0x1a8 [ 21.097202] __kasan_check_read+0x20/0x30 [ 21.097255] copy_user_test_oob+0x4a0/0xec8 [ 21.097981] kunit_try_run_case+0x170/0x3f0 [ 21.098100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.098371] kthread+0x328/0x630 [ 21.098459] ret_from_fork+0x10/0x20 [ 21.098598] [ 21.098620] Allocated by task 287: [ 21.098876] kasan_save_stack+0x3c/0x68 [ 21.099023] kasan_save_track+0x20/0x40 [ 21.099401] kasan_save_alloc_info+0x40/0x58 [ 21.099536] __kasan_kmalloc+0xd4/0xd8 [ 21.099581] __kmalloc_noprof+0x198/0x4c8 [ 21.099672] kunit_kmalloc_array+0x34/0x88 [ 21.099715] copy_user_test_oob+0xac/0xec8 [ 21.099777] kunit_try_run_case+0x170/0x3f0 [ 21.099820] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.099880] kthread+0x328/0x630 [ 21.100159] ret_from_fork+0x10/0x20 [ 21.100614] [ 21.100646] The buggy address belongs to the object at fff00000c791de00 [ 21.100646] which belongs to the cache kmalloc-128 of size 128 [ 21.100710] The buggy address is located 0 bytes inside of [ 21.100710] allocated 120-byte region [fff00000c791de00, fff00000c791de78) [ 21.100776] [ 21.101384] The buggy address belongs to the physical page: [ 21.101682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10791d [ 21.101962] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.102359] page_type: f5(slab) [ 21.102404] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.102648] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.103396] page dumped because: kasan: bad access detected [ 21.103603] [ 21.103912] Memory state around the buggy address: [ 21.103967] fff00000c791dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.104018] fff00000c791dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.104066] >fff00000c791de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.104111] ^ [ 21.104486] fff00000c791de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.104743] fff00000c791df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.104795] ==================================================================
[ 14.855259] ================================================================== [ 14.855514] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 14.855966] Read of size 121 at addr ffff888102f60f00 by task kunit_try_catch/304 [ 14.856324] [ 14.856457] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 14.856607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.856622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.856645] Call Trace: [ 14.856676] <TASK> [ 14.856696] dump_stack_lvl+0x73/0xb0 [ 14.856723] print_report+0xd1/0x650 [ 14.856747] ? __virt_addr_valid+0x1db/0x2d0 [ 14.856770] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.856790] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.856815] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.856836] kasan_report+0x141/0x180 [ 14.856859] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.856885] kasan_check_range+0x10c/0x1c0 [ 14.856906] __kasan_check_read+0x15/0x20 [ 14.856935] copy_user_test_oob+0x4aa/0x10f0 [ 14.856959] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.856979] ? finish_task_switch.isra.0+0x153/0x700 [ 14.857006] ? __switch_to+0x5d9/0xf60 [ 14.857028] ? dequeue_task_fair+0x166/0x4e0 [ 14.857054] ? __schedule+0x10cc/0x2b60 [ 14.857077] ? __pfx_read_tsc+0x10/0x10 [ 14.857099] ? ktime_get_ts64+0x86/0x230 [ 14.857125] kunit_try_run_case+0x1a5/0x480 [ 14.857152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.857176] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.857202] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.857226] ? __kthread_parkme+0x82/0x180 [ 14.857249] ? preempt_count_sub+0x50/0x80 [ 14.857275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.857300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.857324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.857348] kthread+0x337/0x6f0 [ 14.857365] ? trace_preempt_on+0x20/0xc0 [ 14.857390] ? __pfx_kthread+0x10/0x10 [ 14.857409] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.857431] ? calculate_sigpending+0x7b/0xa0 [ 14.857455] ? __pfx_kthread+0x10/0x10 [ 14.857473] ret_from_fork+0x41/0x80 [ 14.857495] ? __pfx_kthread+0x10/0x10 [ 14.857514] ret_from_fork_asm+0x1a/0x30 [ 14.857596] </TASK> [ 14.857609] [ 14.866093] Allocated by task 304: [ 14.866298] kasan_save_stack+0x45/0x70 [ 14.866619] kasan_save_track+0x18/0x40 [ 14.866838] kasan_save_alloc_info+0x3b/0x50 [ 14.867096] __kasan_kmalloc+0xb7/0xc0 [ 14.867352] __kmalloc_noprof+0x1c9/0x500 [ 14.867603] kunit_kmalloc_array+0x25/0x60 [ 14.867754] copy_user_test_oob+0xab/0x10f0 [ 14.867929] kunit_try_run_case+0x1a5/0x480 [ 14.868179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.868513] kthread+0x337/0x6f0 [ 14.868754] ret_from_fork+0x41/0x80 [ 14.868959] ret_from_fork_asm+0x1a/0x30 [ 14.869210] [ 14.869322] The buggy address belongs to the object at ffff888102f60f00 [ 14.869322] which belongs to the cache kmalloc-128 of size 128 [ 14.869791] The buggy address is located 0 bytes inside of [ 14.869791] allocated 120-byte region [ffff888102f60f00, ffff888102f60f78) [ 14.870493] [ 14.870623] The buggy address belongs to the physical page: [ 14.870908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 14.871274] flags: 0x200000000000000(node=0|zone=2) [ 14.871644] page_type: f5(slab) [ 14.871870] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.872164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.872498] page dumped because: kasan: bad access detected [ 14.872748] [ 14.872827] Memory state around the buggy address: [ 14.873051] ffff888102f60e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.873358] ffff888102f60e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.873661] >ffff888102f60f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.874026] ^ [ 14.874256] ffff888102f60f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.874545] ffff888102f61000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.875019] ================================================================== [ 14.896987] ================================================================== [ 14.897426] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 14.897825] Read of size 121 at addr ffff888102f60f00 by task kunit_try_catch/304 [ 14.898135] [ 14.898253] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 14.898302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.898315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.898338] Call Trace: [ 14.898359] <TASK> [ 14.898380] dump_stack_lvl+0x73/0xb0 [ 14.898405] print_report+0xd1/0x650 [ 14.898430] ? __virt_addr_valid+0x1db/0x2d0 [ 14.898454] ? copy_user_test_oob+0x604/0x10f0 [ 14.898477] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.898501] ? copy_user_test_oob+0x604/0x10f0 [ 14.898522] kasan_report+0x141/0x180 [ 14.898545] ? copy_user_test_oob+0x604/0x10f0 [ 14.898649] kasan_check_range+0x10c/0x1c0 [ 14.898671] __kasan_check_read+0x15/0x20 [ 14.898703] copy_user_test_oob+0x604/0x10f0 [ 14.898727] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.898747] ? finish_task_switch.isra.0+0x153/0x700 [ 14.898775] ? __switch_to+0x5d9/0xf60 [ 14.898802] ? dequeue_task_fair+0x166/0x4e0 [ 14.898831] ? __schedule+0x10cc/0x2b60 [ 14.898858] ? __pfx_read_tsc+0x10/0x10 [ 14.898880] ? ktime_get_ts64+0x86/0x230 [ 14.898906] kunit_try_run_case+0x1a5/0x480 [ 14.898943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.898966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.898992] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.899017] ? __kthread_parkme+0x82/0x180 [ 14.899042] ? preempt_count_sub+0x50/0x80 [ 14.899068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.899093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.899118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.899142] kthread+0x337/0x6f0 [ 14.899159] ? trace_preempt_on+0x20/0xc0 [ 14.899184] ? __pfx_kthread+0x10/0x10 [ 14.899202] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.899224] ? calculate_sigpending+0x7b/0xa0 [ 14.899248] ? __pfx_kthread+0x10/0x10 [ 14.899267] ret_from_fork+0x41/0x80 [ 14.899289] ? __pfx_kthread+0x10/0x10 [ 14.899308] ret_from_fork_asm+0x1a/0x30 [ 14.899339] </TASK> [ 14.899351] [ 14.908283] Allocated by task 304: [ 14.908535] kasan_save_stack+0x45/0x70 [ 14.908812] kasan_save_track+0x18/0x40 [ 14.908994] kasan_save_alloc_info+0x3b/0x50 [ 14.909144] __kasan_kmalloc+0xb7/0xc0 [ 14.909451] __kmalloc_noprof+0x1c9/0x500 [ 14.909676] kunit_kmalloc_array+0x25/0x60 [ 14.909940] copy_user_test_oob+0xab/0x10f0 [ 14.910112] kunit_try_run_case+0x1a5/0x480 [ 14.910323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.910719] kthread+0x337/0x6f0 [ 14.910875] ret_from_fork+0x41/0x80 [ 14.911132] ret_from_fork_asm+0x1a/0x30 [ 14.911373] [ 14.911477] The buggy address belongs to the object at ffff888102f60f00 [ 14.911477] which belongs to the cache kmalloc-128 of size 128 [ 14.912129] The buggy address is located 0 bytes inside of [ 14.912129] allocated 120-byte region [ffff888102f60f00, ffff888102f60f78) [ 14.912715] [ 14.912818] The buggy address belongs to the physical page: [ 14.913064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 14.913390] flags: 0x200000000000000(node=0|zone=2) [ 14.913676] page_type: f5(slab) [ 14.913805] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.914155] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.914639] page dumped because: kasan: bad access detected [ 14.914835] [ 14.914936] Memory state around the buggy address: [ 14.915289] ffff888102f60e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.915582] ffff888102f60e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915911] >ffff888102f60f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.916295] ^ [ 14.916617] ffff888102f60f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.916865] ffff888102f61000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.917204] ================================================================== [ 14.834892] ================================================================== [ 14.835286] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 14.835734] Write of size 121 at addr ffff888102f60f00 by task kunit_try_catch/304 [ 14.836153] [ 14.836256] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 14.836308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.836323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.836413] Call Trace: [ 14.836466] <TASK> [ 14.836488] dump_stack_lvl+0x73/0xb0 [ 14.836515] print_report+0xd1/0x650 [ 14.836540] ? __virt_addr_valid+0x1db/0x2d0 [ 14.836586] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.836607] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.836631] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.836652] kasan_report+0x141/0x180 [ 14.836676] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.836702] kasan_check_range+0x10c/0x1c0 [ 14.836723] __kasan_check_write+0x18/0x20 [ 14.836743] copy_user_test_oob+0x3fd/0x10f0 [ 14.836766] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.836787] ? finish_task_switch.isra.0+0x153/0x700 [ 14.836814] ? __switch_to+0x5d9/0xf60 [ 14.836838] ? dequeue_task_fair+0x166/0x4e0 [ 14.836864] ? __schedule+0x10cc/0x2b60 [ 14.836888] ? __pfx_read_tsc+0x10/0x10 [ 14.836910] ? ktime_get_ts64+0x86/0x230 [ 14.836946] kunit_try_run_case+0x1a5/0x480 [ 14.836973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.836996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.837022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.837047] ? __kthread_parkme+0x82/0x180 [ 14.837070] ? preempt_count_sub+0x50/0x80 [ 14.837095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.837119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.837144] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.837167] kthread+0x337/0x6f0 [ 14.837185] ? trace_preempt_on+0x20/0xc0 [ 14.837210] ? __pfx_kthread+0x10/0x10 [ 14.837229] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.837252] ? calculate_sigpending+0x7b/0xa0 [ 14.837274] ? __pfx_kthread+0x10/0x10 [ 14.837293] ret_from_fork+0x41/0x80 [ 14.837315] ? __pfx_kthread+0x10/0x10 [ 14.837333] ret_from_fork_asm+0x1a/0x30 [ 14.837364] </TASK> [ 14.837376] [ 14.845749] Allocated by task 304: [ 14.845895] kasan_save_stack+0x45/0x70 [ 14.846107] kasan_save_track+0x18/0x40 [ 14.846442] kasan_save_alloc_info+0x3b/0x50 [ 14.846763] __kasan_kmalloc+0xb7/0xc0 [ 14.846965] __kmalloc_noprof+0x1c9/0x500 [ 14.847135] kunit_kmalloc_array+0x25/0x60 [ 14.847340] copy_user_test_oob+0xab/0x10f0 [ 14.847481] kunit_try_run_case+0x1a5/0x480 [ 14.847825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.848126] kthread+0x337/0x6f0 [ 14.848278] ret_from_fork+0x41/0x80 [ 14.848409] ret_from_fork_asm+0x1a/0x30 [ 14.848725] [ 14.848859] The buggy address belongs to the object at ffff888102f60f00 [ 14.848859] which belongs to the cache kmalloc-128 of size 128 [ 14.849435] The buggy address is located 0 bytes inside of [ 14.849435] allocated 120-byte region [ffff888102f60f00, ffff888102f60f78) [ 14.850036] [ 14.850157] The buggy address belongs to the physical page: [ 14.850403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 14.850823] flags: 0x200000000000000(node=0|zone=2) [ 14.851077] page_type: f5(slab) [ 14.851228] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.851526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.851863] page dumped because: kasan: bad access detected [ 14.852097] [ 14.852190] Memory state around the buggy address: [ 14.852512] ffff888102f60e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.852860] ffff888102f60e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.853107] >ffff888102f60f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.853523] ^ [ 14.853846] ffff888102f60f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.854208] ffff888102f61000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.854521] ================================================================== [ 14.875709] ================================================================== [ 14.876240] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 14.876639] Write of size 121 at addr ffff888102f60f00 by task kunit_try_catch/304 [ 14.876978] [ 14.877165] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 14.877216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.877229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.877252] Call Trace: [ 14.877274] <TASK> [ 14.877295] dump_stack_lvl+0x73/0xb0 [ 14.877385] print_report+0xd1/0x650 [ 14.877422] ? __virt_addr_valid+0x1db/0x2d0 [ 14.877446] ? copy_user_test_oob+0x557/0x10f0 [ 14.877467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.877492] ? copy_user_test_oob+0x557/0x10f0 [ 14.877513] kasan_report+0x141/0x180 [ 14.877536] ? copy_user_test_oob+0x557/0x10f0 [ 14.877583] kasan_check_range+0x10c/0x1c0 [ 14.877605] __kasan_check_write+0x18/0x20 [ 14.877626] copy_user_test_oob+0x557/0x10f0 [ 14.877648] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.877669] ? finish_task_switch.isra.0+0x153/0x700 [ 14.877696] ? __switch_to+0x5d9/0xf60 [ 14.877719] ? dequeue_task_fair+0x166/0x4e0 [ 14.877744] ? __schedule+0x10cc/0x2b60 [ 14.877769] ? __pfx_read_tsc+0x10/0x10 [ 14.877790] ? ktime_get_ts64+0x86/0x230 [ 14.877817] kunit_try_run_case+0x1a5/0x480 [ 14.877844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.877867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.877892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.877926] ? __kthread_parkme+0x82/0x180 [ 14.877949] ? preempt_count_sub+0x50/0x80 [ 14.877975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.877999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.878024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.878048] kthread+0x337/0x6f0 [ 14.878066] ? trace_preempt_on+0x20/0xc0 [ 14.878090] ? __pfx_kthread+0x10/0x10 [ 14.878108] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.878131] ? calculate_sigpending+0x7b/0xa0 [ 14.878153] ? __pfx_kthread+0x10/0x10 [ 14.878172] ret_from_fork+0x41/0x80 [ 14.878196] ? __pfx_kthread+0x10/0x10 [ 14.878215] ret_from_fork_asm+0x1a/0x30 [ 14.878247] </TASK> [ 14.878259] [ 14.887325] Allocated by task 304: [ 14.887515] kasan_save_stack+0x45/0x70 [ 14.887691] kasan_save_track+0x18/0x40 [ 14.887891] kasan_save_alloc_info+0x3b/0x50 [ 14.888110] __kasan_kmalloc+0xb7/0xc0 [ 14.888302] __kmalloc_noprof+0x1c9/0x500 [ 14.888496] kunit_kmalloc_array+0x25/0x60 [ 14.888751] copy_user_test_oob+0xab/0x10f0 [ 14.888900] kunit_try_run_case+0x1a5/0x480 [ 14.889119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.889485] kthread+0x337/0x6f0 [ 14.889742] ret_from_fork+0x41/0x80 [ 14.889962] ret_from_fork_asm+0x1a/0x30 [ 14.890156] [ 14.890256] The buggy address belongs to the object at ffff888102f60f00 [ 14.890256] which belongs to the cache kmalloc-128 of size 128 [ 14.890795] The buggy address is located 0 bytes inside of [ 14.890795] allocated 120-byte region [ffff888102f60f00, ffff888102f60f78) [ 14.891411] [ 14.891512] The buggy address belongs to the physical page: [ 14.891840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 14.892222] flags: 0x200000000000000(node=0|zone=2) [ 14.892494] page_type: f5(slab) [ 14.892747] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.893121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.893461] page dumped because: kasan: bad access detected [ 14.893727] [ 14.893913] Memory state around the buggy address: [ 14.894181] ffff888102f60e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.894462] ffff888102f60e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.894889] >ffff888102f60f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.895236] ^ [ 14.895532] ffff888102f60f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.895875] ffff888102f61000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.896234] ==================================================================