Date
June 23, 2025, 1:39 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.758262] ================================================================== [ 29.758594] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 29.758831] Write of size 121 at addr fff00000c7065800 by task kunit_try_catch/287 [ 29.759224] [ 29.759402] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.759640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.759713] Hardware name: linux,dummy-virt (DT) [ 29.759813] Call trace: [ 29.759877] show_stack+0x20/0x38 (C) [ 29.760004] dump_stack_lvl+0x8c/0xd0 [ 29.760151] print_report+0x118/0x608 [ 29.760280] kasan_report+0xdc/0x128 [ 29.760633] kasan_check_range+0x100/0x1a8 [ 29.760818] __kasan_check_write+0x20/0x30 [ 29.760968] copy_user_test_oob+0x35c/0xec8 [ 29.761131] kunit_try_run_case+0x170/0x3f0 [ 29.761477] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.761716] kthread+0x328/0x630 [ 29.761926] ret_from_fork+0x10/0x20 [ 29.762058] [ 29.762358] Allocated by task 287: [ 29.762555] kasan_save_stack+0x3c/0x68 [ 29.763279] kasan_save_track+0x20/0x40 [ 29.763533] kasan_save_alloc_info+0x40/0x58 [ 29.763651] __kasan_kmalloc+0xd4/0xd8 [ 29.763742] __kmalloc_noprof+0x198/0x4c8 [ 29.763836] kunit_kmalloc_array+0x34/0x88 [ 29.764053] copy_user_test_oob+0xac/0xec8 [ 29.764819] kunit_try_run_case+0x170/0x3f0 [ 29.765623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.766057] kthread+0x328/0x630 [ 29.766162] ret_from_fork+0x10/0x20 [ 29.766720] [ 29.766788] The buggy address belongs to the object at fff00000c7065800 [ 29.766788] which belongs to the cache kmalloc-128 of size 128 [ 29.767426] The buggy address is located 0 bytes inside of [ 29.767426] allocated 120-byte region [fff00000c7065800, fff00000c7065878) [ 29.767585] [ 29.767642] The buggy address belongs to the physical page: [ 29.767725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.767850] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.769266] page_type: f5(slab) [ 29.769500] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.769634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.770605] page dumped because: kasan: bad access detected [ 29.770881] [ 29.770989] Memory state around the buggy address: [ 29.771358] fff00000c7065700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.771491] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.771608] >fff00000c7065800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.772599] ^ [ 29.772798] fff00000c7065880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.772994] fff00000c7065900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.773098] ================================================================== [ 29.776064] ================================================================== [ 29.776199] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 29.776524] Read of size 121 at addr fff00000c7065800 by task kunit_try_catch/287 [ 29.776677] [ 29.776766] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.776965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.777030] Hardware name: linux,dummy-virt (DT) [ 29.777117] Call trace: [ 29.777302] show_stack+0x20/0x38 (C) [ 29.777444] dump_stack_lvl+0x8c/0xd0 [ 29.777594] print_report+0x118/0x608 [ 29.777765] kasan_report+0xdc/0x128 [ 29.777954] kasan_check_range+0x100/0x1a8 [ 29.778123] __kasan_check_read+0x20/0x30 [ 29.778266] copy_user_test_oob+0x3c8/0xec8 [ 29.778413] kunit_try_run_case+0x170/0x3f0 [ 29.778657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.778802] kthread+0x328/0x630 [ 29.778957] ret_from_fork+0x10/0x20 [ 29.779326] [ 29.779457] Allocated by task 287: [ 29.779539] kasan_save_stack+0x3c/0x68 [ 29.779647] kasan_save_track+0x20/0x40 [ 29.779785] kasan_save_alloc_info+0x40/0x58 [ 29.779989] __kasan_kmalloc+0xd4/0xd8 [ 29.780165] __kmalloc_noprof+0x198/0x4c8 [ 29.780431] kunit_kmalloc_array+0x34/0x88 [ 29.780550] copy_user_test_oob+0xac/0xec8 [ 29.780666] kunit_try_run_case+0x170/0x3f0 [ 29.780801] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.780962] kthread+0x328/0x630 [ 29.781078] ret_from_fork+0x10/0x20 [ 29.781198] [ 29.781260] The buggy address belongs to the object at fff00000c7065800 [ 29.781260] which belongs to the cache kmalloc-128 of size 128 [ 29.781495] The buggy address is located 0 bytes inside of [ 29.781495] allocated 120-byte region [fff00000c7065800, fff00000c7065878) [ 29.781670] [ 29.781821] The buggy address belongs to the physical page: [ 29.781929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.782067] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.782189] page_type: f5(slab) [ 29.782338] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.782591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.782707] page dumped because: kasan: bad access detected [ 29.782800] [ 29.782883] Memory state around the buggy address: [ 29.783006] fff00000c7065700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.783119] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.783232] >fff00000c7065800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.783334] ^ [ 29.783504] fff00000c7065880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.783700] fff00000c7065900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.783941] ================================================================== [ 29.799209] ================================================================== [ 29.799315] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 29.799438] Read of size 121 at addr fff00000c7065800 by task kunit_try_catch/287 [ 29.799564] [ 29.799644] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.800365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.802419] Hardware name: linux,dummy-virt (DT) [ 29.802508] Call trace: [ 29.802740] show_stack+0x20/0x38 (C) [ 29.803331] dump_stack_lvl+0x8c/0xd0 [ 29.803631] print_report+0x118/0x608 [ 29.803771] kasan_report+0xdc/0x128 [ 29.804514] kasan_check_range+0x100/0x1a8 [ 29.804722] __kasan_check_read+0x20/0x30 [ 29.804976] copy_user_test_oob+0x4a0/0xec8 [ 29.805611] kunit_try_run_case+0x170/0x3f0 [ 29.805807] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.806367] kthread+0x328/0x630 [ 29.806593] ret_from_fork+0x10/0x20 [ 29.806982] [ 29.807078] Allocated by task 287: [ 29.807258] kasan_save_stack+0x3c/0x68 [ 29.807447] kasan_save_track+0x20/0x40 [ 29.807582] kasan_save_alloc_info+0x40/0x58 [ 29.807722] __kasan_kmalloc+0xd4/0xd8 [ 29.807821] __kmalloc_noprof+0x198/0x4c8 [ 29.807918] kunit_kmalloc_array+0x34/0x88 [ 29.808122] copy_user_test_oob+0xac/0xec8 [ 29.808340] kunit_try_run_case+0x170/0x3f0 [ 29.808782] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.808982] kthread+0x328/0x630 [ 29.809093] ret_from_fork+0x10/0x20 [ 29.809215] [ 29.809298] The buggy address belongs to the object at fff00000c7065800 [ 29.809298] which belongs to the cache kmalloc-128 of size 128 [ 29.809590] The buggy address is located 0 bytes inside of [ 29.809590] allocated 120-byte region [fff00000c7065800, fff00000c7065878) [ 29.809762] [ 29.809885] The buggy address belongs to the physical page: [ 29.809970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.810119] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.810261] page_type: f5(slab) [ 29.810437] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.810688] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.811029] page dumped because: kasan: bad access detected [ 29.811465] [ 29.811530] Memory state around the buggy address: [ 29.811961] fff00000c7065700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.812083] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.812225] >fff00000c7065800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.812338] ^ [ 29.812462] fff00000c7065880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.812581] fff00000c7065900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.812854] ================================================================== [ 29.645113] ================================================================== [ 29.645491] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 29.646167] Write of size 121 at addr fff00000c7065800 by task kunit_try_catch/287 [ 29.646460] [ 29.646568] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.647462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.647734] Hardware name: linux,dummy-virt (DT) [ 29.648304] Call trace: [ 29.648537] show_stack+0x20/0x38 (C) [ 29.648788] dump_stack_lvl+0x8c/0xd0 [ 29.649350] print_report+0x118/0x608 [ 29.649497] kasan_report+0xdc/0x128 [ 29.649677] kasan_check_range+0x100/0x1a8 [ 29.650289] __kasan_check_write+0x20/0x30 [ 29.650504] copy_user_test_oob+0x234/0xec8 [ 29.650729] kunit_try_run_case+0x170/0x3f0 [ 29.651307] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.651532] kthread+0x328/0x630 [ 29.651748] ret_from_fork+0x10/0x20 [ 29.652017] [ 29.652476] Allocated by task 287: [ 29.652575] kasan_save_stack+0x3c/0x68 [ 29.652733] kasan_save_track+0x20/0x40 [ 29.652979] kasan_save_alloc_info+0x40/0x58 [ 29.653254] __kasan_kmalloc+0xd4/0xd8 [ 29.653814] __kmalloc_noprof+0x198/0x4c8 [ 29.653988] kunit_kmalloc_array+0x34/0x88 [ 29.654110] copy_user_test_oob+0xac/0xec8 [ 29.654304] kunit_try_run_case+0x170/0x3f0 [ 29.654796] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.655344] kthread+0x328/0x630 [ 29.655729] ret_from_fork+0x10/0x20 [ 29.656682] [ 29.656743] The buggy address belongs to the object at fff00000c7065800 [ 29.656743] which belongs to the cache kmalloc-128 of size 128 [ 29.657590] The buggy address is located 0 bytes inside of [ 29.657590] allocated 120-byte region [fff00000c7065800, fff00000c7065878) [ 29.657762] [ 29.657825] The buggy address belongs to the physical page: [ 29.657911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.658607] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.659072] page_type: f5(slab) [ 29.659634] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.660147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.660715] page dumped because: kasan: bad access detected [ 29.660810] [ 29.660862] Memory state around the buggy address: [ 29.660961] fff00000c7065700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.661357] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.661510] >fff00000c7065800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.661673] ^ [ 29.661805] fff00000c7065880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.661990] fff00000c7065900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.662141] ================================================================== [ 29.712198] ================================================================== [ 29.712364] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 29.712517] Read of size 121 at addr fff00000c7065800 by task kunit_try_catch/287 [ 29.712641] [ 29.712727] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.712928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.716789] Hardware name: linux,dummy-virt (DT) [ 29.717120] Call trace: [ 29.717497] show_stack+0x20/0x38 (C) [ 29.717695] dump_stack_lvl+0x8c/0xd0 [ 29.718466] print_report+0x118/0x608 [ 29.720125] kasan_report+0xdc/0x128 [ 29.720830] kasan_check_range+0x100/0x1a8 [ 29.721417] __kasan_check_read+0x20/0x30 [ 29.721794] copy_user_test_oob+0x728/0xec8 [ 29.722298] kunit_try_run_case+0x170/0x3f0 [ 29.723852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.724927] kthread+0x328/0x630 [ 29.725453] ret_from_fork+0x10/0x20 [ 29.725596] [ 29.726455] Allocated by task 287: [ 29.726612] kasan_save_stack+0x3c/0x68 [ 29.726950] kasan_save_track+0x20/0x40 [ 29.727197] kasan_save_alloc_info+0x40/0x58 [ 29.727846] __kasan_kmalloc+0xd4/0xd8 [ 29.728012] __kmalloc_noprof+0x198/0x4c8 [ 29.728943] kunit_kmalloc_array+0x34/0x88 [ 29.729184] copy_user_test_oob+0xac/0xec8 [ 29.729286] kunit_try_run_case+0x170/0x3f0 [ 29.730041] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.731011] kthread+0x328/0x630 [ 29.731164] ret_from_fork+0x10/0x20 [ 29.731263] [ 29.731319] The buggy address belongs to the object at fff00000c7065800 [ 29.731319] which belongs to the cache kmalloc-128 of size 128 [ 29.731484] The buggy address is located 0 bytes inside of [ 29.731484] allocated 120-byte region [fff00000c7065800, fff00000c7065878) [ 29.731637] [ 29.733141] The buggy address belongs to the physical page: [ 29.733482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.733955] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.734301] page_type: f5(slab) [ 29.734583] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.734718] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.735287] page dumped because: kasan: bad access detected [ 29.735419] [ 29.735475] Memory state around the buggy address: [ 29.736035] fff00000c7065700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.736196] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.736357] >fff00000c7065800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.736480] ^ [ 29.736589] fff00000c7065880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.736701] fff00000c7065900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.736810] ================================================================== [ 29.784486] ================================================================== [ 29.784593] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 29.784701] Write of size 121 at addr fff00000c7065800 by task kunit_try_catch/287 [ 29.784828] [ 29.784906] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.785151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.785333] Hardware name: linux,dummy-virt (DT) [ 29.785580] Call trace: [ 29.785640] show_stack+0x20/0x38 (C) [ 29.785756] dump_stack_lvl+0x8c/0xd0 [ 29.785880] print_report+0x118/0x608 [ 29.785990] kasan_report+0xdc/0x128 [ 29.786112] kasan_check_range+0x100/0x1a8 [ 29.786469] __kasan_check_write+0x20/0x30 [ 29.786667] copy_user_test_oob+0x434/0xec8 [ 29.786817] kunit_try_run_case+0x170/0x3f0 [ 29.786984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.787177] kthread+0x328/0x630 [ 29.787313] ret_from_fork+0x10/0x20 [ 29.787482] [ 29.787685] Allocated by task 287: [ 29.787763] kasan_save_stack+0x3c/0x68 [ 29.788470] kasan_save_track+0x20/0x40 [ 29.788625] kasan_save_alloc_info+0x40/0x58 [ 29.788766] __kasan_kmalloc+0xd4/0xd8 [ 29.789163] __kmalloc_noprof+0x198/0x4c8 [ 29.789706] kunit_kmalloc_array+0x34/0x88 [ 29.790180] copy_user_test_oob+0xac/0xec8 [ 29.790283] kunit_try_run_case+0x170/0x3f0 [ 29.790672] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.790734] kthread+0x328/0x630 [ 29.790812] ret_from_fork+0x10/0x20 [ 29.791284] [ 29.791350] The buggy address belongs to the object at fff00000c7065800 [ 29.791350] which belongs to the cache kmalloc-128 of size 128 [ 29.791885] The buggy address is located 0 bytes inside of [ 29.791885] allocated 120-byte region [fff00000c7065800, fff00000c7065878) [ 29.792050] [ 29.792102] The buggy address belongs to the physical page: [ 29.792177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.792300] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.792768] page_type: f5(slab) [ 29.793229] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.793917] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.794493] page dumped because: kasan: bad access detected [ 29.795174] [ 29.795323] Memory state around the buggy address: [ 29.795431] fff00000c7065700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.795680] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.795804] >fff00000c7065800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.796630] ^ [ 29.796905] fff00000c7065880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.797018] fff00000c7065900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.797303] ==================================================================
[ 24.278097] ================================================================== [ 24.278732] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 24.279390] Write of size 121 at addr ffff88810a090200 by task kunit_try_catch/306 [ 24.280073] [ 24.280417] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 24.280540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.280579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.280667] Call Trace: [ 24.280740] <TASK> [ 24.280788] dump_stack_lvl+0x73/0xb0 [ 24.280867] print_report+0xd1/0x650 [ 24.280964] ? __virt_addr_valid+0x1db/0x2d0 [ 24.281075] ? copy_user_test_oob+0x557/0x10f0 [ 24.281150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.281308] ? copy_user_test_oob+0x557/0x10f0 [ 24.281386] kasan_report+0x141/0x180 [ 24.281461] ? copy_user_test_oob+0x557/0x10f0 [ 24.281546] kasan_check_range+0x10c/0x1c0 [ 24.281637] __kasan_check_write+0x18/0x20 [ 24.281715] copy_user_test_oob+0x557/0x10f0 [ 24.281829] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.281937] ? finish_task_switch.isra.0+0x153/0x700 [ 24.282020] ? __switch_to+0x5d9/0xf60 [ 24.282087] ? dequeue_task_fair+0x156/0x4e0 [ 24.282189] ? __schedule+0x10cc/0x2b60 [ 24.282307] ? __pfx_read_tsc+0x10/0x10 [ 24.282340] ? ktime_get_ts64+0x86/0x230 [ 24.282378] kunit_try_run_case+0x1a5/0x480 [ 24.282416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.282452] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.282489] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.282523] ? __kthread_parkme+0x82/0x180 [ 24.282556] ? preempt_count_sub+0x50/0x80 [ 24.282593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.282660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.282698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.282735] kthread+0x337/0x6f0 [ 24.282759] ? trace_preempt_on+0x20/0xc0 [ 24.282794] ? __pfx_kthread+0x10/0x10 [ 24.282821] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.282854] ? calculate_sigpending+0x7b/0xa0 [ 24.282885] ? __pfx_kthread+0x10/0x10 [ 24.282911] ret_from_fork+0x41/0x80 [ 24.282942] ? __pfx_kthread+0x10/0x10 [ 24.282970] ret_from_fork_asm+0x1a/0x30 [ 24.283013] </TASK> [ 24.283028] [ 24.301963] Allocated by task 306: [ 24.302372] kasan_save_stack+0x45/0x70 [ 24.302905] kasan_save_track+0x18/0x40 [ 24.303352] kasan_save_alloc_info+0x3b/0x50 [ 24.303899] __kasan_kmalloc+0xb7/0xc0 [ 24.304507] __kmalloc_noprof+0x1c9/0x500 [ 24.304926] kunit_kmalloc_array+0x25/0x60 [ 24.305377] copy_user_test_oob+0xab/0x10f0 [ 24.305837] kunit_try_run_case+0x1a5/0x480 [ 24.306406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.306822] kthread+0x337/0x6f0 [ 24.307287] ret_from_fork+0x41/0x80 [ 24.307697] ret_from_fork_asm+0x1a/0x30 [ 24.308133] [ 24.308411] The buggy address belongs to the object at ffff88810a090200 [ 24.308411] which belongs to the cache kmalloc-128 of size 128 [ 24.309398] The buggy address is located 0 bytes inside of [ 24.309398] allocated 120-byte region [ffff88810a090200, ffff88810a090278) [ 24.310452] [ 24.310735] The buggy address belongs to the physical page: [ 24.311280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a090 [ 24.311997] flags: 0x200000000000000(node=0|zone=2) [ 24.312514] page_type: f5(slab) [ 24.312930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.313570] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.314361] page dumped because: kasan: bad access detected [ 24.314784] [ 24.315042] Memory state around the buggy address: [ 24.315513] ffff88810a090100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.316114] ffff88810a090180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.316722] >ffff88810a090200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.317277] ^ [ 24.317962] ffff88810a090280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.318588] ffff88810a090300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.319275] ================================================================== [ 24.235880] ================================================================== [ 24.236783] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 24.237530] Read of size 121 at addr ffff88810a090200 by task kunit_try_catch/306 [ 24.238266] [ 24.238542] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 24.238681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.238721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.238777] Call Trace: [ 24.238828] <TASK> [ 24.238872] dump_stack_lvl+0x73/0xb0 [ 24.238988] print_report+0xd1/0x650 [ 24.239071] ? __virt_addr_valid+0x1db/0x2d0 [ 24.239146] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.239257] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.239381] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.239459] kasan_report+0x141/0x180 [ 24.239576] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.239685] kasan_check_range+0x10c/0x1c0 [ 24.239762] __kasan_check_read+0x15/0x20 [ 24.239833] copy_user_test_oob+0x4aa/0x10f0 [ 24.239913] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.240024] ? finish_task_switch.isra.0+0x153/0x700 [ 24.240129] ? __switch_to+0x5d9/0xf60 [ 24.240240] ? dequeue_task_fair+0x156/0x4e0 [ 24.240327] ? __schedule+0x10cc/0x2b60 [ 24.240407] ? __pfx_read_tsc+0x10/0x10 [ 24.240479] ? ktime_get_ts64+0x86/0x230 [ 24.240597] kunit_try_run_case+0x1a5/0x480 [ 24.240704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.240780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.240901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.240984] ? __kthread_parkme+0x82/0x180 [ 24.241058] ? preempt_count_sub+0x50/0x80 [ 24.241137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.241193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.241271] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.241313] kthread+0x337/0x6f0 [ 24.241340] ? trace_preempt_on+0x20/0xc0 [ 24.241377] ? __pfx_kthread+0x10/0x10 [ 24.241405] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.241438] ? calculate_sigpending+0x7b/0xa0 [ 24.241470] ? __pfx_kthread+0x10/0x10 [ 24.241498] ret_from_fork+0x41/0x80 [ 24.241529] ? __pfx_kthread+0x10/0x10 [ 24.241555] ret_from_fork_asm+0x1a/0x30 [ 24.241617] </TASK> [ 24.241640] [ 24.258685] Allocated by task 306: [ 24.258966] kasan_save_stack+0x45/0x70 [ 24.259338] kasan_save_track+0x18/0x40 [ 24.259854] kasan_save_alloc_info+0x3b/0x50 [ 24.260344] __kasan_kmalloc+0xb7/0xc0 [ 24.260774] __kmalloc_noprof+0x1c9/0x500 [ 24.261394] kunit_kmalloc_array+0x25/0x60 [ 24.261888] copy_user_test_oob+0xab/0x10f0 [ 24.262443] kunit_try_run_case+0x1a5/0x480 [ 24.262968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.263655] kthread+0x337/0x6f0 [ 24.264056] ret_from_fork+0x41/0x80 [ 24.264591] ret_from_fork_asm+0x1a/0x30 [ 24.265026] [ 24.265402] The buggy address belongs to the object at ffff88810a090200 [ 24.265402] which belongs to the cache kmalloc-128 of size 128 [ 24.266475] The buggy address is located 0 bytes inside of [ 24.266475] allocated 120-byte region [ffff88810a090200, ffff88810a090278) [ 24.267442] [ 24.267645] The buggy address belongs to the physical page: [ 24.268007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a090 [ 24.268834] flags: 0x200000000000000(node=0|zone=2) [ 24.269365] page_type: f5(slab) [ 24.269903] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.270634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.271402] page dumped because: kasan: bad access detected [ 24.271873] [ 24.272052] Memory state around the buggy address: [ 24.272472] ffff88810a090100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.273168] ffff88810a090180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.273923] >ffff88810a090200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.274625] ^ [ 24.275424] ffff88810a090280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.276048] ffff88810a090300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.276729] ================================================================== [ 24.196855] ================================================================== [ 24.197415] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 24.198112] Write of size 121 at addr ffff88810a090200 by task kunit_try_catch/306 [ 24.198996] [ 24.199447] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 24.199598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.199659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.199739] Call Trace: [ 24.199808] <TASK> [ 24.199858] dump_stack_lvl+0x73/0xb0 [ 24.199931] print_report+0xd1/0x650 [ 24.199971] ? __virt_addr_valid+0x1db/0x2d0 [ 24.200007] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.200039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.200076] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.200107] kasan_report+0x141/0x180 [ 24.200141] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.200177] kasan_check_range+0x10c/0x1c0 [ 24.200210] __kasan_check_write+0x18/0x20 [ 24.200273] copy_user_test_oob+0x3fd/0x10f0 [ 24.200309] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.200339] ? finish_task_switch.isra.0+0x153/0x700 [ 24.200376] ? __switch_to+0x5d9/0xf60 [ 24.200404] ? dequeue_task_fair+0x156/0x4e0 [ 24.200439] ? __schedule+0x10cc/0x2b60 [ 24.200472] ? __pfx_read_tsc+0x10/0x10 [ 24.200503] ? ktime_get_ts64+0x86/0x230 [ 24.200539] kunit_try_run_case+0x1a5/0x480 [ 24.200578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.200639] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.200679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.200716] ? __kthread_parkme+0x82/0x180 [ 24.200756] ? preempt_count_sub+0x50/0x80 [ 24.200809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.200848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.200883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.200920] kthread+0x337/0x6f0 [ 24.200943] ? trace_preempt_on+0x20/0xc0 [ 24.200980] ? __pfx_kthread+0x10/0x10 [ 24.201007] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.201039] ? calculate_sigpending+0x7b/0xa0 [ 24.201103] ? __pfx_kthread+0x10/0x10 [ 24.201134] ret_from_fork+0x41/0x80 [ 24.201184] ? __pfx_kthread+0x10/0x10 [ 24.201218] ret_from_fork_asm+0x1a/0x30 [ 24.201291] </TASK> [ 24.201309] [ 24.218439] Allocated by task 306: [ 24.218855] kasan_save_stack+0x45/0x70 [ 24.219341] kasan_save_track+0x18/0x40 [ 24.219815] kasan_save_alloc_info+0x3b/0x50 [ 24.220286] __kasan_kmalloc+0xb7/0xc0 [ 24.220722] __kmalloc_noprof+0x1c9/0x500 [ 24.221167] kunit_kmalloc_array+0x25/0x60 [ 24.221693] copy_user_test_oob+0xab/0x10f0 [ 24.222084] kunit_try_run_case+0x1a5/0x480 [ 24.222559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.223096] kthread+0x337/0x6f0 [ 24.223484] ret_from_fork+0x41/0x80 [ 24.223810] ret_from_fork_asm+0x1a/0x30 [ 24.224160] [ 24.224397] The buggy address belongs to the object at ffff88810a090200 [ 24.224397] which belongs to the cache kmalloc-128 of size 128 [ 24.225380] The buggy address is located 0 bytes inside of [ 24.225380] allocated 120-byte region [ffff88810a090200, ffff88810a090278) [ 24.226122] [ 24.226365] The buggy address belongs to the physical page: [ 24.226820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a090 [ 24.227592] flags: 0x200000000000000(node=0|zone=2) [ 24.228089] page_type: f5(slab) [ 24.228513] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.229146] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.229708] page dumped because: kasan: bad access detected [ 24.230321] [ 24.230528] Memory state around the buggy address: [ 24.231025] ffff88810a090100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.231749] ffff88810a090180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.232438] >ffff88810a090200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.233099] ^ [ 24.233597] ffff88810a090280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.234072] ffff88810a090300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.234668] ================================================================== [ 24.320515] ================================================================== [ 24.321922] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 24.323014] Read of size 121 at addr ffff88810a090200 by task kunit_try_catch/306 [ 24.323710] [ 24.324026] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 24.324153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.324194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.324300] Call Trace: [ 24.324371] <TASK> [ 24.324450] dump_stack_lvl+0x73/0xb0 [ 24.324531] print_report+0xd1/0x650 [ 24.324623] ? __virt_addr_valid+0x1db/0x2d0 [ 24.324702] ? copy_user_test_oob+0x604/0x10f0 [ 24.324776] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.324879] ? copy_user_test_oob+0x604/0x10f0 [ 24.324982] kasan_report+0x141/0x180 [ 24.325062] ? copy_user_test_oob+0x604/0x10f0 [ 24.325154] kasan_check_range+0x10c/0x1c0 [ 24.325276] __kasan_check_read+0x15/0x20 [ 24.325354] copy_user_test_oob+0x604/0x10f0 [ 24.325457] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.325558] ? finish_task_switch.isra.0+0x153/0x700 [ 24.325651] ? __switch_to+0x5d9/0xf60 [ 24.325722] ? dequeue_task_fair+0x156/0x4e0 [ 24.325812] ? __schedule+0x10cc/0x2b60 [ 24.325853] ? __pfx_read_tsc+0x10/0x10 [ 24.325886] ? ktime_get_ts64+0x86/0x230 [ 24.325927] kunit_try_run_case+0x1a5/0x480 [ 24.325968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.326003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.326039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.326076] ? __kthread_parkme+0x82/0x180 [ 24.326108] ? preempt_count_sub+0x50/0x80 [ 24.326144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.326181] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.326265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.326308] kthread+0x337/0x6f0 [ 24.326335] ? trace_preempt_on+0x20/0xc0 [ 24.326370] ? __pfx_kthread+0x10/0x10 [ 24.326396] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.326429] ? calculate_sigpending+0x7b/0xa0 [ 24.326462] ? __pfx_kthread+0x10/0x10 [ 24.326489] ret_from_fork+0x41/0x80 [ 24.326523] ? __pfx_kthread+0x10/0x10 [ 24.326550] ret_from_fork_asm+0x1a/0x30 [ 24.326595] </TASK> [ 24.326635] [ 24.345076] Allocated by task 306: [ 24.345587] kasan_save_stack+0x45/0x70 [ 24.346094] kasan_save_track+0x18/0x40 [ 24.346641] kasan_save_alloc_info+0x3b/0x50 [ 24.347174] __kasan_kmalloc+0xb7/0xc0 [ 24.347656] __kmalloc_noprof+0x1c9/0x500 [ 24.348172] kunit_kmalloc_array+0x25/0x60 [ 24.348731] copy_user_test_oob+0xab/0x10f0 [ 24.349277] kunit_try_run_case+0x1a5/0x480 [ 24.349834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.350469] kthread+0x337/0x6f0 [ 24.350848] ret_from_fork+0x41/0x80 [ 24.351391] ret_from_fork_asm+0x1a/0x30 [ 24.351855] [ 24.352139] The buggy address belongs to the object at ffff88810a090200 [ 24.352139] which belongs to the cache kmalloc-128 of size 128 [ 24.353333] The buggy address is located 0 bytes inside of [ 24.353333] allocated 120-byte region [ffff88810a090200, ffff88810a090278) [ 24.354469] [ 24.354748] The buggy address belongs to the physical page: [ 24.355282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a090 [ 24.356095] flags: 0x200000000000000(node=0|zone=2) [ 24.356671] page_type: f5(slab) [ 24.357156] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.357941] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.358691] page dumped because: kasan: bad access detected [ 24.359143] [ 24.359435] Memory state around the buggy address: [ 24.359978] ffff88810a090100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.360744] ffff88810a090180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.361493] >ffff88810a090200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.362492] ^ [ 24.363020] ffff88810a090280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.363589] ffff88810a090300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.364174] ==================================================================