Date
July 3, 2025, 3:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.459601] ================================================================== [ 18.459865] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.460057] Read of size 121 at addr fff00000c77faa00 by task kunit_try_catch/288 [ 18.460115] [ 18.460151] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.460401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.460536] Hardware name: linux,dummy-virt (DT) [ 18.460600] Call trace: [ 18.460860] show_stack+0x20/0x38 (C) [ 18.460996] dump_stack_lvl+0x8c/0xd0 [ 18.461053] print_report+0x118/0x608 [ 18.461100] kasan_report+0xdc/0x128 [ 18.461283] kasan_check_range+0x100/0x1a8 [ 18.461346] __kasan_check_read+0x20/0x30 [ 18.461646] copy_user_test_oob+0x3c8/0xec8 [ 18.461716] kunit_try_run_case+0x170/0x3f0 [ 18.461848] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.461909] kthread+0x328/0x630 [ 18.461966] ret_from_fork+0x10/0x20 [ 18.462015] [ 18.462035] Allocated by task 288: [ 18.462066] kasan_save_stack+0x3c/0x68 [ 18.462124] kasan_save_track+0x20/0x40 [ 18.462193] kasan_save_alloc_info+0x40/0x58 [ 18.462235] __kasan_kmalloc+0xd4/0xd8 [ 18.462295] __kmalloc_noprof+0x198/0x4c8 [ 18.462594] kunit_kmalloc_array+0x34/0x88 [ 18.462784] copy_user_test_oob+0xac/0xec8 [ 18.462851] kunit_try_run_case+0x170/0x3f0 [ 18.463114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.463220] kthread+0x328/0x630 [ 18.463405] ret_from_fork+0x10/0x20 [ 18.463623] [ 18.463912] The buggy address belongs to the object at fff00000c77faa00 [ 18.463912] which belongs to the cache kmalloc-128 of size 128 [ 18.464182] The buggy address is located 0 bytes inside of [ 18.464182] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.464444] [ 18.464481] The buggy address belongs to the physical page: [ 18.464556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.464726] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.464831] page_type: f5(slab) [ 18.464971] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.465028] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.465072] page dumped because: kasan: bad access detected [ 18.465127] [ 18.465153] Memory state around the buggy address: [ 18.465203] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.465262] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.465317] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.465358] ^ [ 18.465399] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.465452] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.465493] ================================================================== [ 18.422881] ================================================================== [ 18.423451] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.423555] Write of size 121 at addr fff00000c77faa00 by task kunit_try_catch/288 [ 18.423611] [ 18.423692] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.423889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.423923] Hardware name: linux,dummy-virt (DT) [ 18.423972] Call trace: [ 18.424165] show_stack+0x20/0x38 (C) [ 18.424255] dump_stack_lvl+0x8c/0xd0 [ 18.424315] print_report+0x118/0x608 [ 18.424487] kasan_report+0xdc/0x128 [ 18.424548] kasan_check_range+0x100/0x1a8 [ 18.424595] __kasan_check_write+0x20/0x30 [ 18.424767] copy_user_test_oob+0x234/0xec8 [ 18.424959] kunit_try_run_case+0x170/0x3f0 [ 18.425070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.425213] kthread+0x328/0x630 [ 18.425397] ret_from_fork+0x10/0x20 [ 18.425457] [ 18.425478] Allocated by task 288: [ 18.425547] kasan_save_stack+0x3c/0x68 [ 18.425591] kasan_save_track+0x20/0x40 [ 18.425628] kasan_save_alloc_info+0x40/0x58 [ 18.425807] __kasan_kmalloc+0xd4/0xd8 [ 18.425855] __kmalloc_noprof+0x198/0x4c8 [ 18.425929] kunit_kmalloc_array+0x34/0x88 [ 18.425979] copy_user_test_oob+0xac/0xec8 [ 18.426017] kunit_try_run_case+0x170/0x3f0 [ 18.426057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.426101] kthread+0x328/0x630 [ 18.426152] ret_from_fork+0x10/0x20 [ 18.426189] [ 18.426212] The buggy address belongs to the object at fff00000c77faa00 [ 18.426212] which belongs to the cache kmalloc-128 of size 128 [ 18.426272] The buggy address is located 0 bytes inside of [ 18.426272] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.426334] [ 18.426358] The buggy address belongs to the physical page: [ 18.426403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.426466] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.426529] page_type: f5(slab) [ 18.426572] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.426624] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.426681] page dumped because: kasan: bad access detected [ 18.426715] [ 18.426744] Memory state around the buggy address: [ 18.426788] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.426834] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.426887] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.426927] ^ [ 18.427300] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.427349] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.427391] ================================================================== [ 18.473990] ================================================================== [ 18.474575] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.474643] Read of size 121 at addr fff00000c77faa00 by task kunit_try_catch/288 [ 18.474911] [ 18.475257] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.475516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.475551] Hardware name: linux,dummy-virt (DT) [ 18.475631] Call trace: [ 18.475750] show_stack+0x20/0x38 (C) [ 18.476122] dump_stack_lvl+0x8c/0xd0 [ 18.476388] print_report+0x118/0x608 [ 18.476583] kasan_report+0xdc/0x128 [ 18.476796] kasan_check_range+0x100/0x1a8 [ 18.476997] __kasan_check_read+0x20/0x30 [ 18.477071] copy_user_test_oob+0x4a0/0xec8 [ 18.477296] kunit_try_run_case+0x170/0x3f0 [ 18.477382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.477835] kthread+0x328/0x630 [ 18.477917] ret_from_fork+0x10/0x20 [ 18.478145] [ 18.478239] Allocated by task 288: [ 18.478491] kasan_save_stack+0x3c/0x68 [ 18.478544] kasan_save_track+0x20/0x40 [ 18.478582] kasan_save_alloc_info+0x40/0x58 [ 18.478623] __kasan_kmalloc+0xd4/0xd8 [ 18.478853] __kmalloc_noprof+0x198/0x4c8 [ 18.478926] kunit_kmalloc_array+0x34/0x88 [ 18.479027] copy_user_test_oob+0xac/0xec8 [ 18.479142] kunit_try_run_case+0x170/0x3f0 [ 18.479356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.479560] kthread+0x328/0x630 [ 18.479721] ret_from_fork+0x10/0x20 [ 18.479934] [ 18.479990] The buggy address belongs to the object at fff00000c77faa00 [ 18.479990] which belongs to the cache kmalloc-128 of size 128 [ 18.480052] The buggy address is located 0 bytes inside of [ 18.480052] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.480520] [ 18.480587] The buggy address belongs to the physical page: [ 18.480802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.480994] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.481060] page_type: f5(slab) [ 18.481215] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.481348] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.481435] page dumped because: kasan: bad access detected [ 18.481469] [ 18.481501] Memory state around the buggy address: [ 18.481546] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.481592] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.481641] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.481688] ^ [ 18.481740] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.481785] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.481835] ================================================================== [ 18.449813] ================================================================== [ 18.450111] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.450241] Write of size 121 at addr fff00000c77faa00 by task kunit_try_catch/288 [ 18.450323] [ 18.450539] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.450725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.451027] Hardware name: linux,dummy-virt (DT) [ 18.451125] Call trace: [ 18.451224] show_stack+0x20/0x38 (C) [ 18.451337] dump_stack_lvl+0x8c/0xd0 [ 18.451589] print_report+0x118/0x608 [ 18.451663] kasan_report+0xdc/0x128 [ 18.451766] kasan_check_range+0x100/0x1a8 [ 18.451926] __kasan_check_write+0x20/0x30 [ 18.452155] copy_user_test_oob+0x35c/0xec8 [ 18.452382] kunit_try_run_case+0x170/0x3f0 [ 18.452488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.452722] kthread+0x328/0x630 [ 18.452795] ret_from_fork+0x10/0x20 [ 18.453205] [ 18.453347] Allocated by task 288: [ 18.453406] kasan_save_stack+0x3c/0x68 [ 18.453581] kasan_save_track+0x20/0x40 [ 18.453718] kasan_save_alloc_info+0x40/0x58 [ 18.454015] __kasan_kmalloc+0xd4/0xd8 [ 18.454156] __kmalloc_noprof+0x198/0x4c8 [ 18.454281] kunit_kmalloc_array+0x34/0x88 [ 18.454518] copy_user_test_oob+0xac/0xec8 [ 18.454573] kunit_try_run_case+0x170/0x3f0 [ 18.454613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.454659] kthread+0x328/0x630 [ 18.455025] ret_from_fork+0x10/0x20 [ 18.455124] [ 18.455315] The buggy address belongs to the object at fff00000c77faa00 [ 18.455315] which belongs to the cache kmalloc-128 of size 128 [ 18.455525] The buggy address is located 0 bytes inside of [ 18.455525] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.455672] [ 18.455732] The buggy address belongs to the physical page: [ 18.455793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.456196] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.456310] page_type: f5(slab) [ 18.456655] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.456727] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.456852] page dumped because: kasan: bad access detected [ 18.457043] [ 18.457115] Memory state around the buggy address: [ 18.457171] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.457221] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.457474] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.457630] ^ [ 18.457883] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.458056] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.458298] ================================================================== [ 18.433457] ================================================================== [ 18.433688] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.433878] Read of size 121 at addr fff00000c77faa00 by task kunit_try_catch/288 [ 18.433939] [ 18.433983] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.434356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.434402] Hardware name: linux,dummy-virt (DT) [ 18.434641] Call trace: [ 18.434800] show_stack+0x20/0x38 (C) [ 18.434879] dump_stack_lvl+0x8c/0xd0 [ 18.435094] print_report+0x118/0x608 [ 18.435208] kasan_report+0xdc/0x128 [ 18.435287] kasan_check_range+0x100/0x1a8 [ 18.435430] __kasan_check_read+0x20/0x30 [ 18.435542] copy_user_test_oob+0x728/0xec8 [ 18.435765] kunit_try_run_case+0x170/0x3f0 [ 18.436007] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.436179] kthread+0x328/0x630 [ 18.436246] ret_from_fork+0x10/0x20 [ 18.436303] [ 18.436662] Allocated by task 288: [ 18.436723] kasan_save_stack+0x3c/0x68 [ 18.437033] kasan_save_track+0x20/0x40 [ 18.437086] kasan_save_alloc_info+0x40/0x58 [ 18.437193] __kasan_kmalloc+0xd4/0xd8 [ 18.437342] __kmalloc_noprof+0x198/0x4c8 [ 18.437449] kunit_kmalloc_array+0x34/0x88 [ 18.437601] copy_user_test_oob+0xac/0xec8 [ 18.437708] kunit_try_run_case+0x170/0x3f0 [ 18.437751] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.437918] kthread+0x328/0x630 [ 18.438014] ret_from_fork+0x10/0x20 [ 18.438101] [ 18.438125] The buggy address belongs to the object at fff00000c77faa00 [ 18.438125] which belongs to the cache kmalloc-128 of size 128 [ 18.438185] The buggy address is located 0 bytes inside of [ 18.438185] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.438418] [ 18.438533] The buggy address belongs to the physical page: [ 18.438660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.438764] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.439036] page_type: f5(slab) [ 18.439086] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.439159] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.439205] page dumped because: kasan: bad access detected [ 18.439337] [ 18.439546] Memory state around the buggy address: [ 18.439829] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.439909] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.440250] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.440340] ^ [ 18.440418] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.440697] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.440745] ================================================================== [ 18.466057] ================================================================== [ 18.466131] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.466440] Write of size 121 at addr fff00000c77faa00 by task kunit_try_catch/288 [ 18.466592] [ 18.466629] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.466932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.467103] Hardware name: linux,dummy-virt (DT) [ 18.467500] Call trace: [ 18.467640] show_stack+0x20/0x38 (C) [ 18.467725] dump_stack_lvl+0x8c/0xd0 [ 18.467832] print_report+0x118/0x608 [ 18.468075] kasan_report+0xdc/0x128 [ 18.468327] kasan_check_range+0x100/0x1a8 [ 18.468509] __kasan_check_write+0x20/0x30 [ 18.468686] copy_user_test_oob+0x434/0xec8 [ 18.468900] kunit_try_run_case+0x170/0x3f0 [ 18.468968] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.469275] kthread+0x328/0x630 [ 18.469720] ret_from_fork+0x10/0x20 [ 18.469879] [ 18.470031] Allocated by task 288: [ 18.470129] kasan_save_stack+0x3c/0x68 [ 18.470239] kasan_save_track+0x20/0x40 [ 18.470412] kasan_save_alloc_info+0x40/0x58 [ 18.470461] __kasan_kmalloc+0xd4/0xd8 [ 18.470503] __kmalloc_noprof+0x198/0x4c8 [ 18.470543] kunit_kmalloc_array+0x34/0x88 [ 18.470803] copy_user_test_oob+0xac/0xec8 [ 18.470935] kunit_try_run_case+0x170/0x3f0 [ 18.471226] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.471423] kthread+0x328/0x630 [ 18.471578] ret_from_fork+0x10/0x20 [ 18.471739] [ 18.471798] The buggy address belongs to the object at fff00000c77faa00 [ 18.471798] which belongs to the cache kmalloc-128 of size 128 [ 18.472233] The buggy address is located 0 bytes inside of [ 18.472233] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.472417] [ 18.472526] The buggy address belongs to the physical page: [ 18.472717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.472774] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.472884] page_type: f5(slab) [ 18.473022] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.473075] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.473118] page dumped because: kasan: bad access detected [ 18.473173] [ 18.473200] Memory state around the buggy address: [ 18.473233] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.473288] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.473347] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.473388] ^ [ 18.473431] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.473475] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.473515] ==================================================================
[ 15.234676] ================================================================== [ 15.234981] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.235287] Write of size 121 at addr ffff888103151e00 by task kunit_try_catch/305 [ 15.235604] [ 15.235717] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.235768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.235781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.235804] Call Trace: [ 15.235824] <TASK> [ 15.235844] dump_stack_lvl+0x73/0xb0 [ 15.235871] print_report+0xd1/0x650 [ 15.235895] ? __virt_addr_valid+0x1db/0x2d0 [ 15.235919] ? copy_user_test_oob+0x557/0x10f0 [ 15.235940] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.235964] ? copy_user_test_oob+0x557/0x10f0 [ 15.235985] kasan_report+0x141/0x180 [ 15.236009] ? copy_user_test_oob+0x557/0x10f0 [ 15.236036] kasan_check_range+0x10c/0x1c0 [ 15.236058] __kasan_check_write+0x18/0x20 [ 15.236080] copy_user_test_oob+0x557/0x10f0 [ 15.236103] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.236123] ? finish_task_switch.isra.0+0x153/0x700 [ 15.236150] ? __switch_to+0x5d9/0xf60 [ 15.236173] ? dequeue_task_fair+0x166/0x4e0 [ 15.236198] ? __schedule+0x10cc/0x2b60 [ 15.236233] ? __pfx_read_tsc+0x10/0x10 [ 15.236255] ? ktime_get_ts64+0x86/0x230 [ 15.236282] kunit_try_run_case+0x1a5/0x480 [ 15.236307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.236331] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.236356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.236381] ? __kthread_parkme+0x82/0x180 [ 15.236405] ? preempt_count_sub+0x50/0x80 [ 15.236431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.236457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.236482] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.236506] kthread+0x337/0x6f0 [ 15.236525] ? trace_preempt_on+0x20/0xc0 [ 15.236550] ? __pfx_kthread+0x10/0x10 [ 15.236568] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.236592] ? calculate_sigpending+0x7b/0xa0 [ 15.236614] ? __pfx_kthread+0x10/0x10 [ 15.236634] ret_from_fork+0x41/0x80 [ 15.236656] ? __pfx_kthread+0x10/0x10 [ 15.236675] ret_from_fork_asm+0x1a/0x30 [ 15.236707] </TASK> [ 15.236718] [ 15.244678] Allocated by task 305: [ 15.244821] kasan_save_stack+0x45/0x70 [ 15.244973] kasan_save_track+0x18/0x40 [ 15.245262] kasan_save_alloc_info+0x3b/0x50 [ 15.245472] __kasan_kmalloc+0xb7/0xc0 [ 15.245659] __kmalloc_noprof+0x1c9/0x500 [ 15.245802] kunit_kmalloc_array+0x25/0x60 [ 15.245946] copy_user_test_oob+0xab/0x10f0 [ 15.246091] kunit_try_run_case+0x1a5/0x480 [ 15.246309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.246569] kthread+0x337/0x6f0 [ 15.246739] ret_from_fork+0x41/0x80 [ 15.246927] ret_from_fork_asm+0x1a/0x30 [ 15.247143] [ 15.247249] The buggy address belongs to the object at ffff888103151e00 [ 15.247249] which belongs to the cache kmalloc-128 of size 128 [ 15.247632] The buggy address is located 0 bytes inside of [ 15.247632] allocated 120-byte region [ffff888103151e00, ffff888103151e78) [ 15.248190] [ 15.248293] The buggy address belongs to the physical page: [ 15.248472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.248716] flags: 0x200000000000000(node=0|zone=2) [ 15.248951] page_type: f5(slab) [ 15.249128] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.249486] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.250051] page dumped because: kasan: bad access detected [ 15.250335] [ 15.250434] Memory state around the buggy address: [ 15.250638] ffff888103151d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.250943] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.251185] >ffff888103151e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.251517] ^ [ 15.252596] ffff888103151e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.252972] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.253354] ================================================================== [ 15.255570] ================================================================== [ 15.255864] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.256109] Read of size 121 at addr ffff888103151e00 by task kunit_try_catch/305 [ 15.256735] [ 15.256947] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.256999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.257013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.257038] Call Trace: [ 15.257058] <TASK> [ 15.257080] dump_stack_lvl+0x73/0xb0 [ 15.257110] print_report+0xd1/0x650 [ 15.257136] ? __virt_addr_valid+0x1db/0x2d0 [ 15.257161] ? copy_user_test_oob+0x604/0x10f0 [ 15.257182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.257207] ? copy_user_test_oob+0x604/0x10f0 [ 15.257241] kasan_report+0x141/0x180 [ 15.257265] ? copy_user_test_oob+0x604/0x10f0 [ 15.257291] kasan_check_range+0x10c/0x1c0 [ 15.257313] __kasan_check_read+0x15/0x20 [ 15.257334] copy_user_test_oob+0x604/0x10f0 [ 15.257358] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.257379] ? finish_task_switch.isra.0+0x153/0x700 [ 15.257405] ? __switch_to+0x5d9/0xf60 [ 15.257428] ? dequeue_task_fair+0x166/0x4e0 [ 15.257454] ? __schedule+0x10cc/0x2b60 [ 15.257480] ? __pfx_read_tsc+0x10/0x10 [ 15.257501] ? ktime_get_ts64+0x86/0x230 [ 15.257528] kunit_try_run_case+0x1a5/0x480 [ 15.257560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.257583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.257609] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.257634] ? __kthread_parkme+0x82/0x180 [ 15.257658] ? preempt_count_sub+0x50/0x80 [ 15.257684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.257709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.257734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.257759] kthread+0x337/0x6f0 [ 15.257776] ? trace_preempt_on+0x20/0xc0 [ 15.257802] ? __pfx_kthread+0x10/0x10 [ 15.257820] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.257843] ? calculate_sigpending+0x7b/0xa0 [ 15.257866] ? __pfx_kthread+0x10/0x10 [ 15.257886] ret_from_fork+0x41/0x80 [ 15.257907] ? __pfx_kthread+0x10/0x10 [ 15.257926] ret_from_fork_asm+0x1a/0x30 [ 15.257959] </TASK> [ 15.257971] [ 15.267312] Allocated by task 305: [ 15.267599] kasan_save_stack+0x45/0x70 [ 15.268035] kasan_save_track+0x18/0x40 [ 15.268741] kasan_save_alloc_info+0x3b/0x50 [ 15.269420] __kasan_kmalloc+0xb7/0xc0 [ 15.269586] __kmalloc_noprof+0x1c9/0x500 [ 15.269838] kunit_kmalloc_array+0x25/0x60 [ 15.270235] copy_user_test_oob+0xab/0x10f0 [ 15.270536] kunit_try_run_case+0x1a5/0x480 [ 15.270888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.271216] kthread+0x337/0x6f0 [ 15.271406] ret_from_fork+0x41/0x80 [ 15.271786] ret_from_fork_asm+0x1a/0x30 [ 15.272090] [ 15.272320] The buggy address belongs to the object at ffff888103151e00 [ 15.272320] which belongs to the cache kmalloc-128 of size 128 [ 15.273023] The buggy address is located 0 bytes inside of [ 15.273023] allocated 120-byte region [ffff888103151e00, ffff888103151e78) [ 15.273603] [ 15.273856] The buggy address belongs to the physical page: [ 15.274238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.274584] flags: 0x200000000000000(node=0|zone=2) [ 15.274986] page_type: f5(slab) [ 15.275276] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.275675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.276066] page dumped because: kasan: bad access detected [ 15.276424] [ 15.276510] Memory state around the buggy address: [ 15.276879] ffff888103151d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.277306] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.277677] >ffff888103151e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.277983] ^ [ 15.278236] ffff888103151e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.278565] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.279098] ================================================================== [ 15.190206] ================================================================== [ 15.190568] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.190935] Write of size 121 at addr ffff888103151e00 by task kunit_try_catch/305 [ 15.191275] [ 15.191399] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.191450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.191462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.191487] Call Trace: [ 15.191501] <TASK> [ 15.191523] dump_stack_lvl+0x73/0xb0 [ 15.191573] print_report+0xd1/0x650 [ 15.191598] ? __virt_addr_valid+0x1db/0x2d0 [ 15.191621] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.191643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.191668] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.191703] kasan_report+0x141/0x180 [ 15.191727] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.191754] kasan_check_range+0x10c/0x1c0 [ 15.191775] __kasan_check_write+0x18/0x20 [ 15.191796] copy_user_test_oob+0x3fd/0x10f0 [ 15.191819] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.191840] ? finish_task_switch.isra.0+0x153/0x700 [ 15.191865] ? __switch_to+0x5d9/0xf60 [ 15.191907] ? dequeue_task_fair+0x166/0x4e0 [ 15.191933] ? __schedule+0x10cc/0x2b60 [ 15.191958] ? __pfx_read_tsc+0x10/0x10 [ 15.191979] ? ktime_get_ts64+0x86/0x230 [ 15.192005] kunit_try_run_case+0x1a5/0x480 [ 15.192031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.192055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.192082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.192106] ? __kthread_parkme+0x82/0x180 [ 15.192130] ? preempt_count_sub+0x50/0x80 [ 15.192156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.192181] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.192205] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.192241] kthread+0x337/0x6f0 [ 15.192258] ? trace_preempt_on+0x20/0xc0 [ 15.192283] ? __pfx_kthread+0x10/0x10 [ 15.192303] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.192326] ? calculate_sigpending+0x7b/0xa0 [ 15.192349] ? __pfx_kthread+0x10/0x10 [ 15.192368] ret_from_fork+0x41/0x80 [ 15.192389] ? __pfx_kthread+0x10/0x10 [ 15.192408] ret_from_fork_asm+0x1a/0x30 [ 15.192439] </TASK> [ 15.192451] [ 15.200062] Allocated by task 305: [ 15.200257] kasan_save_stack+0x45/0x70 [ 15.200457] kasan_save_track+0x18/0x40 [ 15.200597] kasan_save_alloc_info+0x3b/0x50 [ 15.200905] __kasan_kmalloc+0xb7/0xc0 [ 15.201127] __kmalloc_noprof+0x1c9/0x500 [ 15.201324] kunit_kmalloc_array+0x25/0x60 [ 15.201472] copy_user_test_oob+0xab/0x10f0 [ 15.201622] kunit_try_run_case+0x1a5/0x480 [ 15.201955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.202394] kthread+0x337/0x6f0 [ 15.202555] ret_from_fork+0x41/0x80 [ 15.202682] ret_from_fork_asm+0x1a/0x30 [ 15.202816] [ 15.202910] The buggy address belongs to the object at ffff888103151e00 [ 15.202910] which belongs to the cache kmalloc-128 of size 128 [ 15.203582] The buggy address is located 0 bytes inside of [ 15.203582] allocated 120-byte region [ffff888103151e00, ffff888103151e78) [ 15.203950] [ 15.204023] The buggy address belongs to the physical page: [ 15.204192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.204559] flags: 0x200000000000000(node=0|zone=2) [ 15.204839] page_type: f5(slab) [ 15.205029] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.205405] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.205699] page dumped because: kasan: bad access detected [ 15.205929] [ 15.206022] Memory state around the buggy address: [ 15.206242] ffff888103151d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.206486] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.206695] >ffff888103151e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.206977] ^ [ 15.207324] ffff888103151e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.207648] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.207886] ================================================================== [ 15.208534] ================================================================== [ 15.209242] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.209506] Read of size 121 at addr ffff888103151e00 by task kunit_try_catch/305 [ 15.210323] [ 15.210444] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.210491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.210504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.210526] Call Trace: [ 15.210544] <TASK> [ 15.210563] dump_stack_lvl+0x73/0xb0 [ 15.210590] print_report+0xd1/0x650 [ 15.210614] ? __virt_addr_valid+0x1db/0x2d0 [ 15.210637] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.210659] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.210683] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.210704] kasan_report+0x141/0x180 [ 15.210728] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.210755] kasan_check_range+0x10c/0x1c0 [ 15.210776] __kasan_check_read+0x15/0x20 [ 15.210797] copy_user_test_oob+0x4aa/0x10f0 [ 15.210821] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.210842] ? finish_task_switch.isra.0+0x153/0x700 [ 15.210867] ? __switch_to+0x5d9/0xf60 [ 15.210889] ? dequeue_task_fair+0x166/0x4e0 [ 15.210915] ? __schedule+0x10cc/0x2b60 [ 15.210939] ? __pfx_read_tsc+0x10/0x10 [ 15.210960] ? ktime_get_ts64+0x86/0x230 [ 15.210987] kunit_try_run_case+0x1a5/0x480 [ 15.211012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.211036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.211061] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.211086] ? __kthread_parkme+0x82/0x180 [ 15.211109] ? preempt_count_sub+0x50/0x80 [ 15.211135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.211160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.211183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.211208] kthread+0x337/0x6f0 [ 15.211236] ? trace_preempt_on+0x20/0xc0 [ 15.211261] ? __pfx_kthread+0x10/0x10 [ 15.211280] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.211303] ? calculate_sigpending+0x7b/0xa0 [ 15.211325] ? __pfx_kthread+0x10/0x10 [ 15.211345] ret_from_fork+0x41/0x80 [ 15.211366] ? __pfx_kthread+0x10/0x10 [ 15.211384] ret_from_fork_asm+0x1a/0x30 [ 15.211417] </TASK> [ 15.211428] [ 15.221633] Allocated by task 305: [ 15.221951] kasan_save_stack+0x45/0x70 [ 15.222144] kasan_save_track+0x18/0x40 [ 15.222333] kasan_save_alloc_info+0x3b/0x50 [ 15.222527] __kasan_kmalloc+0xb7/0xc0 [ 15.223006] __kmalloc_noprof+0x1c9/0x500 [ 15.223264] kunit_kmalloc_array+0x25/0x60 [ 15.223572] copy_user_test_oob+0xab/0x10f0 [ 15.223961] kunit_try_run_case+0x1a5/0x480 [ 15.224292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.224877] kthread+0x337/0x6f0 [ 15.225052] ret_from_fork+0x41/0x80 [ 15.225240] ret_from_fork_asm+0x1a/0x30 [ 15.225427] [ 15.225518] The buggy address belongs to the object at ffff888103151e00 [ 15.225518] which belongs to the cache kmalloc-128 of size 128 [ 15.226433] The buggy address is located 0 bytes inside of [ 15.226433] allocated 120-byte region [ffff888103151e00, ffff888103151e78) [ 15.227254] [ 15.227359] The buggy address belongs to the physical page: [ 15.227599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.228184] flags: 0x200000000000000(node=0|zone=2) [ 15.228597] page_type: f5(slab) [ 15.228928] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.229269] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.229599] page dumped because: kasan: bad access detected [ 15.230088] [ 15.230187] Memory state around the buggy address: [ 15.230636] ffff888103151d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.231121] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.231554] >ffff888103151e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.232332] ^ [ 15.232845] ffff888103151e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.233344] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.233958] ==================================================================