Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 62.852955] ================================================================== [ 62.859959] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 62.866986] Read of size 121 at addr ffff0008018e7500 by task kunit_try_catch/334 [ 62.874448] [ 62.875935] CPU: 2 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 62.875989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.876007] Hardware name: WinLink E850-96 board (DT) [ 62.876030] Call trace: [ 62.876043] show_stack+0x20/0x38 (C) [ 62.876076] dump_stack_lvl+0x8c/0xd0 [ 62.876114] print_report+0x118/0x608 [ 62.876146] kasan_report+0xdc/0x128 [ 62.876178] kasan_check_range+0x100/0x1a8 [ 62.876213] __kasan_check_read+0x20/0x30 [ 62.876248] copy_user_test_oob+0x728/0xec8 [ 62.876277] kunit_try_run_case+0x170/0x3f0 [ 62.876312] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.876350] kthread+0x328/0x630 [ 62.876384] ret_from_fork+0x10/0x20 [ 62.876421] [ 62.942069] Allocated by task 334: [ 62.945458] kasan_save_stack+0x3c/0x68 [ 62.949273] kasan_save_track+0x20/0x40 [ 62.953093] kasan_save_alloc_info+0x40/0x58 [ 62.957346] __kasan_kmalloc+0xd4/0xd8 [ 62.961079] __kmalloc_noprof+0x198/0x4c8 [ 62.965072] kunit_kmalloc_array+0x34/0x88 [ 62.969151] copy_user_test_oob+0xac/0xec8 [ 62.973231] kunit_try_run_case+0x170/0x3f0 [ 62.977398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.982867] kthread+0x328/0x630 [ 62.986080] ret_from_fork+0x10/0x20 [ 62.989637] [ 62.991115] The buggy address belongs to the object at ffff0008018e7500 [ 62.991115] which belongs to the cache kmalloc-128 of size 128 [ 63.003614] The buggy address is located 0 bytes inside of [ 63.003614] allocated 120-byte region [ffff0008018e7500, ffff0008018e7578) [ 63.016026] [ 63.017505] The buggy address belongs to the physical page: [ 63.023060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8818e6 [ 63.031045] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.038684] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.045626] page_type: f5(slab) [ 63.048762] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.056485] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.064210] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.072021] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.079834] head: 0bfffe0000000001 fffffdffe0063981 00000000ffffffff 00000000ffffffff [ 63.087646] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 63.095453] page dumped because: kasan: bad access detected [ 63.101007] [ 63.102482] Memory state around the buggy address: [ 63.107263] ffff0008018e7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.114466] ffff0008018e7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.121674] >ffff0008018e7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 63.128871] ^ [ 63.135993] ffff0008018e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.143198] ffff0008018e7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.150400] ================================================================== [ 62.542566] ================================================================== [ 62.554927] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 62.561955] Write of size 121 at addr ffff0008018e7500 by task kunit_try_catch/334 [ 62.569505] [ 62.570992] CPU: 2 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 62.571046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.571063] Hardware name: WinLink E850-96 board (DT) [ 62.571087] Call trace: [ 62.571102] show_stack+0x20/0x38 (C) [ 62.571138] dump_stack_lvl+0x8c/0xd0 [ 62.571176] print_report+0x118/0x608 [ 62.571207] kasan_report+0xdc/0x128 [ 62.571237] kasan_check_range+0x100/0x1a8 [ 62.571273] __kasan_check_write+0x20/0x30 [ 62.571307] copy_user_test_oob+0x234/0xec8 [ 62.571341] kunit_try_run_case+0x170/0x3f0 [ 62.571378] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.571417] kthread+0x328/0x630 [ 62.571453] ret_from_fork+0x10/0x20 [ 62.571491] [ 62.637212] Allocated by task 334: [ 62.640601] kasan_save_stack+0x3c/0x68 [ 62.644417] kasan_save_track+0x20/0x40 [ 62.648238] kasan_save_alloc_info+0x40/0x58 [ 62.652490] __kasan_kmalloc+0xd4/0xd8 [ 62.656222] __kmalloc_noprof+0x198/0x4c8 [ 62.660215] kunit_kmalloc_array+0x34/0x88 [ 62.664295] copy_user_test_oob+0xac/0xec8 [ 62.668375] kunit_try_run_case+0x170/0x3f0 [ 62.672541] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 62.678010] kthread+0x328/0x630 [ 62.681223] ret_from_fork+0x10/0x20 [ 62.684781] [ 62.686258] The buggy address belongs to the object at ffff0008018e7500 [ 62.686258] which belongs to the cache kmalloc-128 of size 128 [ 62.698760] The buggy address is located 0 bytes inside of [ 62.698760] allocated 120-byte region [ffff0008018e7500, ffff0008018e7578) [ 62.711169] [ 62.712649] The buggy address belongs to the physical page: [ 62.718206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8818e6 [ 62.726188] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 62.733828] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 62.740770] page_type: f5(slab) [ 62.743910] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 62.751627] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 62.759354] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 62.767166] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 62.774978] head: 0bfffe0000000001 fffffdffe0063981 00000000ffffffff 00000000ffffffff [ 62.782789] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 62.790595] page dumped because: kasan: bad access detected [ 62.796151] [ 62.797626] Memory state around the buggy address: [ 62.802407] ffff0008018e7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.809609] ffff0008018e7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.816817] >ffff0008018e7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 62.824015] ^ [ 62.831138] ffff0008018e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.838343] ffff0008018e7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.845543] ================================================================== [ 64.072900] ================================================================== [ 64.079732] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 64.086757] Read of size 121 at addr ffff0008018e7500 by task kunit_try_catch/334 [ 64.094222] [ 64.095706] CPU: 6 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 64.095759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.095778] Hardware name: WinLink E850-96 board (DT) [ 64.095798] Call trace: [ 64.095812] show_stack+0x20/0x38 (C) [ 64.095845] dump_stack_lvl+0x8c/0xd0 [ 64.095882] print_report+0x118/0x608 [ 64.095912] kasan_report+0xdc/0x128 [ 64.095943] kasan_check_range+0x100/0x1a8 [ 64.095974] __kasan_check_read+0x20/0x30 [ 64.096008] copy_user_test_oob+0x4a0/0xec8 [ 64.096037] kunit_try_run_case+0x170/0x3f0 [ 64.096071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.096109] kthread+0x328/0x630 [ 64.096142] ret_from_fork+0x10/0x20 [ 64.096176] [ 64.161842] Allocated by task 334: [ 64.165231] kasan_save_stack+0x3c/0x68 [ 64.169046] kasan_save_track+0x20/0x40 [ 64.172866] kasan_save_alloc_info+0x40/0x58 [ 64.177120] __kasan_kmalloc+0xd4/0xd8 [ 64.180852] __kmalloc_noprof+0x198/0x4c8 [ 64.184845] kunit_kmalloc_array+0x34/0x88 [ 64.188925] copy_user_test_oob+0xac/0xec8 [ 64.193005] kunit_try_run_case+0x170/0x3f0 [ 64.197171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.202640] kthread+0x328/0x630 [ 64.205851] ret_from_fork+0x10/0x20 [ 64.209411] [ 64.210886] The buggy address belongs to the object at ffff0008018e7500 [ 64.210886] which belongs to the cache kmalloc-128 of size 128 [ 64.223387] The buggy address is located 0 bytes inside of [ 64.223387] allocated 120-byte region [ffff0008018e7500, ffff0008018e7578) [ 64.235799] [ 64.237277] The buggy address belongs to the physical page: [ 64.242835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8818e6 [ 64.250818] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.258457] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.265400] page_type: f5(slab) [ 64.268536] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.276257] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.283983] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.291795] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.299608] head: 0bfffe0000000001 fffffdffe0063981 00000000ffffffff 00000000ffffffff [ 64.307420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.315225] page dumped because: kasan: bad access detected [ 64.320781] [ 64.322256] Memory state around the buggy address: [ 64.327036] ffff0008018e7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.334239] ffff0008018e7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.341444] >ffff0008018e7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.348645] ^ [ 64.355767] ffff0008018e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.362972] ffff0008018e7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.370174] ================================================================== [ 63.158048] ================================================================== [ 63.164816] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 63.171841] Write of size 121 at addr ffff0008018e7500 by task kunit_try_catch/334 [ 63.179391] [ 63.180878] CPU: 6 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 63.180931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.180948] Hardware name: WinLink E850-96 board (DT) [ 63.180970] Call trace: [ 63.180985] show_stack+0x20/0x38 (C) [ 63.181019] dump_stack_lvl+0x8c/0xd0 [ 63.181056] print_report+0x118/0x608 [ 63.181088] kasan_report+0xdc/0x128 [ 63.181121] kasan_check_range+0x100/0x1a8 [ 63.181155] __kasan_check_write+0x20/0x30 [ 63.181187] copy_user_test_oob+0x35c/0xec8 [ 63.181215] kunit_try_run_case+0x170/0x3f0 [ 63.181252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.181292] kthread+0x328/0x630 [ 63.181325] ret_from_fork+0x10/0x20 [ 63.181360] [ 63.247099] Allocated by task 334: [ 63.250486] kasan_save_stack+0x3c/0x68 [ 63.254304] kasan_save_track+0x20/0x40 [ 63.258123] kasan_save_alloc_info+0x40/0x58 [ 63.262377] __kasan_kmalloc+0xd4/0xd8 [ 63.266109] __kmalloc_noprof+0x198/0x4c8 [ 63.270102] kunit_kmalloc_array+0x34/0x88 [ 63.274182] copy_user_test_oob+0xac/0xec8 [ 63.278263] kunit_try_run_case+0x170/0x3f0 [ 63.282428] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.287897] kthread+0x328/0x630 [ 63.291109] ret_from_fork+0x10/0x20 [ 63.294668] [ 63.296143] The buggy address belongs to the object at ffff0008018e7500 [ 63.296143] which belongs to the cache kmalloc-128 of size 128 [ 63.308644] The buggy address is located 0 bytes inside of [ 63.308644] allocated 120-byte region [ffff0008018e7500, ffff0008018e7578) [ 63.321056] [ 63.322535] The buggy address belongs to the physical page: [ 63.328092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8818e6 [ 63.336075] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.343716] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.350658] page_type: f5(slab) [ 63.353792] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.361513] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.369240] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.377051] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.384864] head: 0bfffe0000000001 fffffdffe0063981 00000000ffffffff 00000000ffffffff [ 63.392676] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 63.400482] page dumped because: kasan: bad access detected [ 63.406037] [ 63.407513] Memory state around the buggy address: [ 63.412295] ffff0008018e7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.419496] ffff0008018e7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.426702] >ffff0008018e7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 63.433902] ^ [ 63.441023] ffff0008018e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.448228] ffff0008018e7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.455431] ================================================================== [ 63.462784] ================================================================== [ 63.469841] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 63.476870] Read of size 121 at addr ffff0008018e7500 by task kunit_try_catch/334 [ 63.484335] [ 63.485820] CPU: 6 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 63.485870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.485887] Hardware name: WinLink E850-96 board (DT) [ 63.485907] Call trace: [ 63.485921] show_stack+0x20/0x38 (C) [ 63.485954] dump_stack_lvl+0x8c/0xd0 [ 63.485991] print_report+0x118/0x608 [ 63.486021] kasan_report+0xdc/0x128 [ 63.486049] kasan_check_range+0x100/0x1a8 [ 63.486079] __kasan_check_read+0x20/0x30 [ 63.486111] copy_user_test_oob+0x3c8/0xec8 [ 63.486140] kunit_try_run_case+0x170/0x3f0 [ 63.486174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.486213] kthread+0x328/0x630 [ 63.486245] ret_from_fork+0x10/0x20 [ 63.486276] [ 63.551955] Allocated by task 334: [ 63.555343] kasan_save_stack+0x3c/0x68 [ 63.559160] kasan_save_track+0x20/0x40 [ 63.562979] kasan_save_alloc_info+0x40/0x58 [ 63.567233] __kasan_kmalloc+0xd4/0xd8 [ 63.570966] __kmalloc_noprof+0x198/0x4c8 [ 63.574958] kunit_kmalloc_array+0x34/0x88 [ 63.579038] copy_user_test_oob+0xac/0xec8 [ 63.583118] kunit_try_run_case+0x170/0x3f0 [ 63.587285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.592753] kthread+0x328/0x630 [ 63.595965] ret_from_fork+0x10/0x20 [ 63.599524] [ 63.601000] The buggy address belongs to the object at ffff0008018e7500 [ 63.601000] which belongs to the cache kmalloc-128 of size 128 [ 63.613500] The buggy address is located 0 bytes inside of [ 63.613500] allocated 120-byte region [ffff0008018e7500, ffff0008018e7578) [ 63.625913] [ 63.627388] The buggy address belongs to the physical page: [ 63.632947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8818e6 [ 63.640932] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.648570] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.655514] page_type: f5(slab) [ 63.658647] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.666370] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.674096] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.681908] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.689723] head: 0bfffe0000000001 fffffdffe0063981 00000000ffffffff 00000000ffffffff [ 63.697533] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 63.705338] page dumped because: kasan: bad access detected [ 63.710894] [ 63.712369] Memory state around the buggy address: [ 63.717149] ffff0008018e7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.724353] ffff0008018e7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.731557] >ffff0008018e7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 63.738758] ^ [ 63.745880] ffff0008018e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.753085] ffff0008018e7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.760286] ================================================================== [ 63.767599] ================================================================== [ 63.774700] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 63.781728] Write of size 121 at addr ffff0008018e7500 by task kunit_try_catch/334 [ 63.789278] [ 63.790762] CPU: 6 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 63.790816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.790833] Hardware name: WinLink E850-96 board (DT) [ 63.790854] Call trace: [ 63.790868] show_stack+0x20/0x38 (C) [ 63.790903] dump_stack_lvl+0x8c/0xd0 [ 63.790939] print_report+0x118/0x608 [ 63.790970] kasan_report+0xdc/0x128 [ 63.791000] kasan_check_range+0x100/0x1a8 [ 63.791032] __kasan_check_write+0x20/0x30 [ 63.791065] copy_user_test_oob+0x434/0xec8 [ 63.791094] kunit_try_run_case+0x170/0x3f0 [ 63.791129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.791167] kthread+0x328/0x630 [ 63.791199] ret_from_fork+0x10/0x20 [ 63.791233] [ 63.856985] Allocated by task 334: [ 63.860373] kasan_save_stack+0x3c/0x68 [ 63.864190] kasan_save_track+0x20/0x40 [ 63.868010] kasan_save_alloc_info+0x40/0x58 [ 63.872263] __kasan_kmalloc+0xd4/0xd8 [ 63.875996] __kmalloc_noprof+0x198/0x4c8 [ 63.879988] kunit_kmalloc_array+0x34/0x88 [ 63.884068] copy_user_test_oob+0xac/0xec8 [ 63.888148] kunit_try_run_case+0x170/0x3f0 [ 63.892315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.897783] kthread+0x328/0x630 [ 63.900995] ret_from_fork+0x10/0x20 [ 63.904555] [ 63.906030] The buggy address belongs to the object at ffff0008018e7500 [ 63.906030] which belongs to the cache kmalloc-128 of size 128 [ 63.918530] The buggy address is located 0 bytes inside of [ 63.918530] allocated 120-byte region [ffff0008018e7500, ffff0008018e7578) [ 63.930943] [ 63.932420] The buggy address belongs to the physical page: [ 63.937979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8818e6 [ 63.945962] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.953600] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 63.960544] page_type: f5(slab) [ 63.963679] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.971400] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.979126] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 63.986938] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 63.994752] head: 0bfffe0000000001 fffffdffe0063981 00000000ffffffff 00000000ffffffff [ 64.002565] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.010370] page dumped because: kasan: bad access detected [ 64.015924] [ 64.017399] Memory state around the buggy address: [ 64.022179] ffff0008018e7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.029383] ffff0008018e7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.036587] >ffff0008018e7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.043788] ^ [ 64.050910] ffff0008018e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.058116] ffff0008018e7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.065317] ==================================================================
[ 18.690706] ================================================================== [ 18.690812] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.691752] Write of size 121 at addr fff00000c793a500 by task kunit_try_catch/290 [ 18.692008] [ 18.692366] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 18.692548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.692692] Hardware name: linux,dummy-virt (DT) [ 18.692790] Call trace: [ 18.692932] show_stack+0x20/0x38 (C) [ 18.693437] dump_stack_lvl+0x8c/0xd0 [ 18.693539] print_report+0x118/0x608 [ 18.693693] kasan_report+0xdc/0x128 [ 18.693823] kasan_check_range+0x100/0x1a8 [ 18.693937] __kasan_check_write+0x20/0x30 [ 18.694251] copy_user_test_oob+0x234/0xec8 [ 18.694363] kunit_try_run_case+0x170/0x3f0 [ 18.694432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.694516] kthread+0x328/0x630 [ 18.694584] ret_from_fork+0x10/0x20 [ 18.694670] [ 18.694694] Allocated by task 290: [ 18.694749] kasan_save_stack+0x3c/0x68 [ 18.694803] kasan_save_track+0x20/0x40 [ 18.694840] kasan_save_alloc_info+0x40/0x58 [ 18.694881] __kasan_kmalloc+0xd4/0xd8 [ 18.694926] __kmalloc_noprof+0x198/0x4c8 [ 18.694974] kunit_kmalloc_array+0x34/0x88 [ 18.695030] copy_user_test_oob+0xac/0xec8 [ 18.695080] kunit_try_run_case+0x170/0x3f0 [ 18.695128] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.695185] kthread+0x328/0x630 [ 18.695235] ret_from_fork+0x10/0x20 [ 18.695271] [ 18.695293] The buggy address belongs to the object at fff00000c793a500 [ 18.695293] which belongs to the cache kmalloc-128 of size 128 [ 18.695359] The buggy address is located 0 bytes inside of [ 18.695359] allocated 120-byte region [fff00000c793a500, fff00000c793a578) [ 18.695429] [ 18.695455] The buggy address belongs to the physical page: [ 18.695500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793a [ 18.695569] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.695888] page_type: f5(slab) [ 18.696255] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.696345] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.696587] page dumped because: kasan: bad access detected [ 18.697063] [ 18.697106] Memory state around the buggy address: [ 18.697163] fff00000c793a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.698028] fff00000c793a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.698278] >fff00000c793a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.698663] ^ [ 18.698719] fff00000c793a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.699054] fff00000c793a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.699489] ================================================================== [ 18.725038] ================================================================== [ 18.725206] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.725307] Write of size 121 at addr fff00000c793a500 by task kunit_try_catch/290 [ 18.725363] [ 18.725399] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 18.725765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.725815] Hardware name: linux,dummy-virt (DT) [ 18.725848] Call trace: [ 18.725901] show_stack+0x20/0x38 (C) [ 18.725956] dump_stack_lvl+0x8c/0xd0 [ 18.726015] print_report+0x118/0x608 [ 18.726086] kasan_report+0xdc/0x128 [ 18.726135] kasan_check_range+0x100/0x1a8 [ 18.726186] __kasan_check_write+0x20/0x30 [ 18.726235] copy_user_test_oob+0x35c/0xec8 [ 18.726295] kunit_try_run_case+0x170/0x3f0 [ 18.726347] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.726402] kthread+0x328/0x630 [ 18.726461] ret_from_fork+0x10/0x20 [ 18.726510] [ 18.726539] Allocated by task 290: [ 18.726571] kasan_save_stack+0x3c/0x68 [ 18.726620] kasan_save_track+0x20/0x40 [ 18.726671] kasan_save_alloc_info+0x40/0x58 [ 18.726710] __kasan_kmalloc+0xd4/0xd8 [ 18.726748] __kmalloc_noprof+0x198/0x4c8 [ 18.726784] kunit_kmalloc_array+0x34/0x88 [ 18.726825] copy_user_test_oob+0xac/0xec8 [ 18.726869] kunit_try_run_case+0x170/0x3f0 [ 18.726910] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.726956] kthread+0x328/0x630 [ 18.726992] ret_from_fork+0x10/0x20 [ 18.727030] [ 18.727059] The buggy address belongs to the object at fff00000c793a500 [ 18.727059] which belongs to the cache kmalloc-128 of size 128 [ 18.727119] The buggy address is located 0 bytes inside of [ 18.727119] allocated 120-byte region [fff00000c793a500, fff00000c793a578) [ 18.727188] [ 18.727212] The buggy address belongs to the physical page: [ 18.727250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793a [ 18.727303] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.727350] page_type: f5(slab) [ 18.727400] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.727450] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.727501] page dumped because: kasan: bad access detected [ 18.727544] [ 18.727565] Memory state around the buggy address: [ 18.727599] fff00000c793a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.727924] fff00000c793a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.728385] >fff00000c793a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.729085] ^ [ 18.729528] fff00000c793a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.729722] fff00000c793a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.730047] ================================================================== [ 18.744950] ================================================================== [ 18.745013] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.745218] Write of size 121 at addr fff00000c793a500 by task kunit_try_catch/290 [ 18.745288] [ 18.745492] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 18.745588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.745772] Hardware name: linux,dummy-virt (DT) [ 18.746040] Call trace: [ 18.746084] show_stack+0x20/0x38 (C) [ 18.746137] dump_stack_lvl+0x8c/0xd0 [ 18.746524] print_report+0x118/0x608 [ 18.746599] kasan_report+0xdc/0x128 [ 18.746655] kasan_check_range+0x100/0x1a8 [ 18.746791] __kasan_check_write+0x20/0x30 [ 18.747090] copy_user_test_oob+0x434/0xec8 [ 18.747158] kunit_try_run_case+0x170/0x3f0 [ 18.747209] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.747489] kthread+0x328/0x630 [ 18.747559] ret_from_fork+0x10/0x20 [ 18.747752] [ 18.747981] Allocated by task 290: [ 18.748053] kasan_save_stack+0x3c/0x68 [ 18.748245] kasan_save_track+0x20/0x40 [ 18.748556] kasan_save_alloc_info+0x40/0x58 [ 18.748684] __kasan_kmalloc+0xd4/0xd8 [ 18.748848] __kmalloc_noprof+0x198/0x4c8 [ 18.748895] kunit_kmalloc_array+0x34/0x88 [ 18.748935] copy_user_test_oob+0xac/0xec8 [ 18.749132] kunit_try_run_case+0x170/0x3f0 [ 18.749358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.749543] kthread+0x328/0x630 [ 18.749828] ret_from_fork+0x10/0x20 [ 18.749988] [ 18.750068] The buggy address belongs to the object at fff00000c793a500 [ 18.750068] which belongs to the cache kmalloc-128 of size 128 [ 18.750147] The buggy address is located 0 bytes inside of [ 18.750147] allocated 120-byte region [fff00000c793a500, fff00000c793a578) [ 18.750395] [ 18.750651] The buggy address belongs to the physical page: [ 18.750701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793a [ 18.750758] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.750807] page_type: f5(slab) [ 18.750962] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.751050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.751095] page dumped because: kasan: bad access detected [ 18.751140] [ 18.751179] Memory state around the buggy address: [ 18.751229] fff00000c793a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.751291] fff00000c793a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.751336] >fff00000c793a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.751391] ^ [ 18.751436] fff00000c793a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.751501] fff00000c793a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.751547] ================================================================== [ 18.753528] ================================================================== [ 18.753592] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.753891] Read of size 121 at addr fff00000c793a500 by task kunit_try_catch/290 [ 18.754204] [ 18.754251] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 18.754583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.754746] Hardware name: linux,dummy-virt (DT) [ 18.754943] Call trace: [ 18.755078] show_stack+0x20/0x38 (C) [ 18.755303] dump_stack_lvl+0x8c/0xd0 [ 18.755514] print_report+0x118/0x608 [ 18.755621] kasan_report+0xdc/0x128 [ 18.755917] kasan_check_range+0x100/0x1a8 [ 18.756054] __kasan_check_read+0x20/0x30 [ 18.756160] copy_user_test_oob+0x4a0/0xec8 [ 18.756333] kunit_try_run_case+0x170/0x3f0 [ 18.756450] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.756655] kthread+0x328/0x630 [ 18.756968] ret_from_fork+0x10/0x20 [ 18.757236] [ 18.757311] Allocated by task 290: [ 18.757487] kasan_save_stack+0x3c/0x68 [ 18.757603] kasan_save_track+0x20/0x40 [ 18.757655] kasan_save_alloc_info+0x40/0x58 [ 18.757885] __kasan_kmalloc+0xd4/0xd8 [ 18.758242] __kmalloc_noprof+0x198/0x4c8 [ 18.758425] kunit_kmalloc_array+0x34/0x88 [ 18.758555] copy_user_test_oob+0xac/0xec8 [ 18.758782] kunit_try_run_case+0x170/0x3f0 [ 18.758830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.759096] kthread+0x328/0x630 [ 18.759450] ret_from_fork+0x10/0x20 [ 18.759948] [ 18.759986] The buggy address belongs to the object at fff00000c793a500 [ 18.759986] which belongs to the cache kmalloc-128 of size 128 [ 18.760055] The buggy address is located 0 bytes inside of [ 18.760055] allocated 120-byte region [fff00000c793a500, fff00000c793a578) [ 18.760378] [ 18.760512] The buggy address belongs to the physical page: [ 18.760793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793a [ 18.760949] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.761185] page_type: f5(slab) [ 18.761296] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.761398] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.761444] page dumped because: kasan: bad access detected [ 18.761511] [ 18.761680] Memory state around the buggy address: [ 18.761912] fff00000c793a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.761986] fff00000c793a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.762032] >fff00000c793a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.762092] ^ [ 18.762140] fff00000c793a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.762186] fff00000c793a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.762227] ================================================================== [ 18.706712] ================================================================== [ 18.706802] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.707102] Read of size 121 at addr fff00000c793a500 by task kunit_try_catch/290 [ 18.707207] [ 18.707244] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 18.707328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.707702] Hardware name: linux,dummy-virt (DT) [ 18.708013] Call trace: [ 18.708070] show_stack+0x20/0x38 (C) [ 18.708183] dump_stack_lvl+0x8c/0xd0 [ 18.708276] print_report+0x118/0x608 [ 18.708462] kasan_report+0xdc/0x128 [ 18.708724] kasan_check_range+0x100/0x1a8 [ 18.708986] __kasan_check_read+0x20/0x30 [ 18.709141] copy_user_test_oob+0x728/0xec8 [ 18.709331] kunit_try_run_case+0x170/0x3f0 [ 18.709480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.709565] kthread+0x328/0x630 [ 18.710113] ret_from_fork+0x10/0x20 [ 18.710488] [ 18.710559] Allocated by task 290: [ 18.710812] kasan_save_stack+0x3c/0x68 [ 18.711007] kasan_save_track+0x20/0x40 [ 18.711198] kasan_save_alloc_info+0x40/0x58 [ 18.711447] __kasan_kmalloc+0xd4/0xd8 [ 18.711659] __kmalloc_noprof+0x198/0x4c8 [ 18.711862] kunit_kmalloc_array+0x34/0x88 [ 18.712089] copy_user_test_oob+0xac/0xec8 [ 18.712232] kunit_try_run_case+0x170/0x3f0 [ 18.712445] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.712616] kthread+0x328/0x630 [ 18.712687] ret_from_fork+0x10/0x20 [ 18.712737] [ 18.712761] The buggy address belongs to the object at fff00000c793a500 [ 18.712761] which belongs to the cache kmalloc-128 of size 128 [ 18.712831] The buggy address is located 0 bytes inside of [ 18.712831] allocated 120-byte region [fff00000c793a500, fff00000c793a578) [ 18.712894] [ 18.712933] The buggy address belongs to the physical page: [ 18.712979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793a [ 18.713037] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.713093] page_type: f5(slab) [ 18.713141] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.713203] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.713244] page dumped because: kasan: bad access detected [ 18.713279] [ 18.713318] Memory state around the buggy address: [ 18.713371] fff00000c793a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.713418] fff00000c793a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.713482] >fff00000c793a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.713523] ^ [ 18.713575] fff00000c793a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.713619] fff00000c793a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.713819] ================================================================== [ 18.731539] ================================================================== [ 18.731948] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.732177] Read of size 121 at addr fff00000c793a500 by task kunit_try_catch/290 [ 18.732408] [ 18.732596] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 18.732736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.732977] Hardware name: linux,dummy-virt (DT) [ 18.733383] Call trace: [ 18.733570] show_stack+0x20/0x38 (C) [ 18.733835] dump_stack_lvl+0x8c/0xd0 [ 18.734007] print_report+0x118/0x608 [ 18.734248] kasan_report+0xdc/0x128 [ 18.734435] kasan_check_range+0x100/0x1a8 [ 18.734782] __kasan_check_read+0x20/0x30 [ 18.734846] copy_user_test_oob+0x3c8/0xec8 [ 18.734895] kunit_try_run_case+0x170/0x3f0 [ 18.735222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.735609] kthread+0x328/0x630 [ 18.736166] ret_from_fork+0x10/0x20 [ 18.736480] [ 18.736586] Allocated by task 290: [ 18.736812] kasan_save_stack+0x3c/0x68 [ 18.736877] kasan_save_track+0x20/0x40 [ 18.736918] kasan_save_alloc_info+0x40/0x58 [ 18.736965] __kasan_kmalloc+0xd4/0xd8 [ 18.737003] __kmalloc_noprof+0x198/0x4c8 [ 18.737447] kunit_kmalloc_array+0x34/0x88 [ 18.737824] copy_user_test_oob+0xac/0xec8 [ 18.737930] kunit_try_run_case+0x170/0x3f0 [ 18.738143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.738195] kthread+0x328/0x630 [ 18.738711] ret_from_fork+0x10/0x20 [ 18.738804] [ 18.738969] The buggy address belongs to the object at fff00000c793a500 [ 18.738969] which belongs to the cache kmalloc-128 of size 128 [ 18.739131] The buggy address is located 0 bytes inside of [ 18.739131] allocated 120-byte region [fff00000c793a500, fff00000c793a578) [ 18.739297] [ 18.739535] The buggy address belongs to the physical page: [ 18.739983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793a [ 18.740217] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.740588] page_type: f5(slab) [ 18.740659] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.740712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.741518] page dumped because: kasan: bad access detected [ 18.741656] [ 18.741904] Memory state around the buggy address: [ 18.741986] fff00000c793a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.742387] fff00000c793a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.742446] >fff00000c793a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.742782] ^ [ 18.743260] fff00000c793a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.743351] fff00000c793a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.743503] ==================================================================
[ 19.764604] ================================================================== [ 19.765021] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 19.765597] Write of size 121 at addr ffff888102b20500 by task kunit_try_catch/306 [ 19.766202] [ 19.766457] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 19.766573] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.766603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.766649] Call Trace: [ 19.766684] <TASK> [ 19.766729] dump_stack_lvl+0x73/0xb0 [ 19.766798] print_report+0xd1/0x650 [ 19.766853] ? __virt_addr_valid+0x1db/0x2d0 [ 19.766903] ? copy_user_test_oob+0x3fd/0x10f0 [ 19.766936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.766971] ? copy_user_test_oob+0x3fd/0x10f0 [ 19.767002] kasan_report+0x141/0x180 [ 19.767035] ? copy_user_test_oob+0x3fd/0x10f0 [ 19.767082] kasan_check_range+0x10c/0x1c0 [ 19.767123] __kasan_check_write+0x18/0x20 [ 19.767147] copy_user_test_oob+0x3fd/0x10f0 [ 19.767172] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.767194] ? finish_task_switch.isra.0+0x153/0x700 [ 19.767222] ? __switch_to+0x5d9/0xf60 [ 19.767245] ? dequeue_task_fair+0x166/0x4e0 [ 19.767273] ? __schedule+0x10cc/0x2b60 [ 19.767299] ? __pfx_read_tsc+0x10/0x10 [ 19.767321] ? ktime_get_ts64+0x86/0x230 [ 19.767403] kunit_try_run_case+0x1a5/0x480 [ 19.767443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.767483] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.767533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.767585] ? __kthread_parkme+0x82/0x180 [ 19.767639] ? preempt_count_sub+0x50/0x80 [ 19.767699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.767757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.767809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.767838] kthread+0x337/0x6f0 [ 19.767858] ? trace_preempt_on+0x20/0xc0 [ 19.767886] ? __pfx_kthread+0x10/0x10 [ 19.767907] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.767932] ? calculate_sigpending+0x7b/0xa0 [ 19.767958] ? __pfx_kthread+0x10/0x10 [ 19.767980] ret_from_fork+0x41/0x80 [ 19.768003] ? __pfx_kthread+0x10/0x10 [ 19.768023] ret_from_fork_asm+0x1a/0x30 [ 19.768057] </TASK> [ 19.768092] [ 19.779175] Allocated by task 306: [ 19.779541] kasan_save_stack+0x45/0x70 [ 19.779925] kasan_save_track+0x18/0x40 [ 19.780140] kasan_save_alloc_info+0x3b/0x50 [ 19.780378] __kasan_kmalloc+0xb7/0xc0 [ 19.780696] __kmalloc_noprof+0x1c9/0x500 [ 19.780911] kunit_kmalloc_array+0x25/0x60 [ 19.781109] copy_user_test_oob+0xab/0x10f0 [ 19.781404] kunit_try_run_case+0x1a5/0x480 [ 19.781599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.781813] kthread+0x337/0x6f0 [ 19.781974] ret_from_fork+0x41/0x80 [ 19.782135] ret_from_fork_asm+0x1a/0x30 [ 19.782429] [ 19.782605] The buggy address belongs to the object at ffff888102b20500 [ 19.782605] which belongs to the cache kmalloc-128 of size 128 [ 19.783042] The buggy address is located 0 bytes inside of [ 19.783042] allocated 120-byte region [ffff888102b20500, ffff888102b20578) [ 19.783475] [ 19.783607] The buggy address belongs to the physical page: [ 19.783840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b20 [ 19.784088] flags: 0x200000000000000(node=0|zone=2) [ 19.784277] page_type: f5(slab) [ 19.784455] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.784693] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.784938] page dumped because: kasan: bad access detected [ 19.785227] [ 19.785408] Memory state around the buggy address: [ 19.785790] ffff888102b20400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.790555] ffff888102b20480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.791666] >ffff888102b20500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.792502] ^ [ 19.793551] ffff888102b20580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.794016] ffff888102b20600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.794414] ================================================================== [ 19.858994] ================================================================== [ 19.859823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 19.860546] Read of size 121 at addr ffff888102b20500 by task kunit_try_catch/306 [ 19.860971] [ 19.861700] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 19.861797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.861814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.861842] Call Trace: [ 19.861871] <TASK> [ 19.861903] dump_stack_lvl+0x73/0xb0 [ 19.861943] print_report+0xd1/0x650 [ 19.861970] ? __virt_addr_valid+0x1db/0x2d0 [ 19.861999] ? copy_user_test_oob+0x604/0x10f0 [ 19.862023] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.862049] ? copy_user_test_oob+0x604/0x10f0 [ 19.862115] kasan_report+0x141/0x180 [ 19.862199] ? copy_user_test_oob+0x604/0x10f0 [ 19.862307] kasan_check_range+0x10c/0x1c0 [ 19.862355] __kasan_check_read+0x15/0x20 [ 19.862382] copy_user_test_oob+0x604/0x10f0 [ 19.862410] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.862432] ? finish_task_switch.isra.0+0x153/0x700 [ 19.862462] ? __switch_to+0x5d9/0xf60 [ 19.862487] ? dequeue_task_fair+0x166/0x4e0 [ 19.862515] ? __schedule+0x10cc/0x2b60 [ 19.862541] ? __pfx_read_tsc+0x10/0x10 [ 19.862563] ? ktime_get_ts64+0x86/0x230 [ 19.862592] kunit_try_run_case+0x1a5/0x480 [ 19.862621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.862646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.862673] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.862698] ? __kthread_parkme+0x82/0x180 [ 19.862724] ? preempt_count_sub+0x50/0x80 [ 19.862750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.862777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.862803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.862829] kthread+0x337/0x6f0 [ 19.862849] ? trace_preempt_on+0x20/0xc0 [ 19.862876] ? __pfx_kthread+0x10/0x10 [ 19.862897] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.862920] ? calculate_sigpending+0x7b/0xa0 [ 19.862944] ? __pfx_kthread+0x10/0x10 [ 19.862965] ret_from_fork+0x41/0x80 [ 19.862988] ? __pfx_kthread+0x10/0x10 [ 19.863008] ret_from_fork_asm+0x1a/0x30 [ 19.863043] </TASK> [ 19.863056] [ 19.873584] Allocated by task 306: [ 19.873966] kasan_save_stack+0x45/0x70 [ 19.874352] kasan_save_track+0x18/0x40 [ 19.874759] kasan_save_alloc_info+0x3b/0x50 [ 19.875105] __kasan_kmalloc+0xb7/0xc0 [ 19.875380] __kmalloc_noprof+0x1c9/0x500 [ 19.875765] kunit_kmalloc_array+0x25/0x60 [ 19.876019] copy_user_test_oob+0xab/0x10f0 [ 19.876353] kunit_try_run_case+0x1a5/0x480 [ 19.876746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.877146] kthread+0x337/0x6f0 [ 19.877518] ret_from_fork+0x41/0x80 [ 19.877718] ret_from_fork_asm+0x1a/0x30 [ 19.878111] [ 19.878315] The buggy address belongs to the object at ffff888102b20500 [ 19.878315] which belongs to the cache kmalloc-128 of size 128 [ 19.879058] The buggy address is located 0 bytes inside of [ 19.879058] allocated 120-byte region [ffff888102b20500, ffff888102b20578) [ 19.879883] [ 19.880123] The buggy address belongs to the physical page: [ 19.880480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b20 [ 19.881057] flags: 0x200000000000000(node=0|zone=2) [ 19.881321] page_type: f5(slab) [ 19.881718] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.882444] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.882872] page dumped because: kasan: bad access detected [ 19.883413] [ 19.883647] Memory state around the buggy address: [ 19.883909] ffff888102b20400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.884447] ffff888102b20480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.884728] >ffff888102b20500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.885400] ^ [ 19.885951] ffff888102b20580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.886561] ffff888102b20600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.887010] ================================================================== [ 19.826488] ================================================================== [ 19.826998] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 19.827697] Write of size 121 at addr ffff888102b20500 by task kunit_try_catch/306 [ 19.828144] [ 19.828435] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 19.828549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.828579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.828658] Call Trace: [ 19.828719] <TASK> [ 19.828769] dump_stack_lvl+0x73/0xb0 [ 19.828812] print_report+0xd1/0x650 [ 19.828841] ? __virt_addr_valid+0x1db/0x2d0 [ 19.828868] ? copy_user_test_oob+0x557/0x10f0 [ 19.828892] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.828929] ? copy_user_test_oob+0x557/0x10f0 [ 19.828967] kasan_report+0x141/0x180 [ 19.829025] ? copy_user_test_oob+0x557/0x10f0 [ 19.829145] kasan_check_range+0x10c/0x1c0 [ 19.829214] __kasan_check_write+0x18/0x20 [ 19.829262] copy_user_test_oob+0x557/0x10f0 [ 19.829351] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.829414] ? finish_task_switch.isra.0+0x153/0x700 [ 19.829470] ? __switch_to+0x5d9/0xf60 [ 19.829513] ? dequeue_task_fair+0x166/0x4e0 [ 19.829553] ? __schedule+0x10cc/0x2b60 [ 19.829590] ? __pfx_read_tsc+0x10/0x10 [ 19.829614] ? ktime_get_ts64+0x86/0x230 [ 19.829644] kunit_try_run_case+0x1a5/0x480 [ 19.829675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.829700] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.829729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.829756] ? __kthread_parkme+0x82/0x180 [ 19.829783] ? preempt_count_sub+0x50/0x80 [ 19.829811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.829839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.829865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.829892] kthread+0x337/0x6f0 [ 19.829912] ? trace_preempt_on+0x20/0xc0 [ 19.829940] ? __pfx_kthread+0x10/0x10 [ 19.829962] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.829987] ? calculate_sigpending+0x7b/0xa0 [ 19.830012] ? __pfx_kthread+0x10/0x10 [ 19.830034] ret_from_fork+0x41/0x80 [ 19.830057] ? __pfx_kthread+0x10/0x10 [ 19.830101] ret_from_fork_asm+0x1a/0x30 [ 19.830138] </TASK> [ 19.830153] [ 19.844024] Allocated by task 306: [ 19.844284] kasan_save_stack+0x45/0x70 [ 19.844527] kasan_save_track+0x18/0x40 [ 19.844889] kasan_save_alloc_info+0x3b/0x50 [ 19.845457] __kasan_kmalloc+0xb7/0xc0 [ 19.845702] __kmalloc_noprof+0x1c9/0x500 [ 19.846017] kunit_kmalloc_array+0x25/0x60 [ 19.846410] copy_user_test_oob+0xab/0x10f0 [ 19.846680] kunit_try_run_case+0x1a5/0x480 [ 19.847088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.847323] kthread+0x337/0x6f0 [ 19.847641] ret_from_fork+0x41/0x80 [ 19.847987] ret_from_fork_asm+0x1a/0x30 [ 19.848283] [ 19.848469] The buggy address belongs to the object at ffff888102b20500 [ 19.848469] which belongs to the cache kmalloc-128 of size 128 [ 19.849102] The buggy address is located 0 bytes inside of [ 19.849102] allocated 120-byte region [ffff888102b20500, ffff888102b20578) [ 19.849976] [ 19.850218] The buggy address belongs to the physical page: [ 19.850752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b20 [ 19.852009] flags: 0x200000000000000(node=0|zone=2) [ 19.852313] page_type: f5(slab) [ 19.852642] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.852974] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.853462] page dumped because: kasan: bad access detected [ 19.853837] [ 19.853962] Memory state around the buggy address: [ 19.854216] ffff888102b20400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.854829] ffff888102b20480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.855436] >ffff888102b20500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.855894] ^ [ 19.856209] ffff888102b20580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.856755] ffff888102b20600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.857505] ================================================================== [ 19.796097] ================================================================== [ 19.796614] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 19.796936] Read of size 121 at addr ffff888102b20500 by task kunit_try_catch/306 [ 19.797535] [ 19.797747] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 19.797848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.797880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.797932] Call Trace: [ 19.797980] <TASK> [ 19.798022] dump_stack_lvl+0x73/0xb0 [ 19.798106] print_report+0xd1/0x650 [ 19.798149] ? __virt_addr_valid+0x1db/0x2d0 [ 19.798188] ? copy_user_test_oob+0x4aa/0x10f0 [ 19.798222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.798293] ? copy_user_test_oob+0x4aa/0x10f0 [ 19.798401] kasan_report+0x141/0x180 [ 19.798453] ? copy_user_test_oob+0x4aa/0x10f0 [ 19.798512] kasan_check_range+0x10c/0x1c0 [ 19.798564] __kasan_check_read+0x15/0x20 [ 19.798644] copy_user_test_oob+0x4aa/0x10f0 [ 19.798701] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.798744] ? finish_task_switch.isra.0+0x153/0x700 [ 19.798793] ? __switch_to+0x5d9/0xf60 [ 19.798860] ? dequeue_task_fair+0x166/0x4e0 [ 19.798918] ? __schedule+0x10cc/0x2b60 [ 19.798973] ? __pfx_read_tsc+0x10/0x10 [ 19.799014] ? ktime_get_ts64+0x86/0x230 [ 19.799117] kunit_try_run_case+0x1a5/0x480 [ 19.799182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.799233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.799282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.799358] ? __kthread_parkme+0x82/0x180 [ 19.799412] ? preempt_count_sub+0x50/0x80 [ 19.799490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.799541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.799597] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.799637] kthread+0x337/0x6f0 [ 19.799660] ? trace_preempt_on+0x20/0xc0 [ 19.799689] ? __pfx_kthread+0x10/0x10 [ 19.799710] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.799735] ? calculate_sigpending+0x7b/0xa0 [ 19.799763] ? __pfx_kthread+0x10/0x10 [ 19.799801] ret_from_fork+0x41/0x80 [ 19.799828] ? __pfx_kthread+0x10/0x10 [ 19.799848] ret_from_fork_asm+0x1a/0x30 [ 19.799884] </TASK> [ 19.799898] [ 19.811854] Allocated by task 306: [ 19.812275] kasan_save_stack+0x45/0x70 [ 19.812542] kasan_save_track+0x18/0x40 [ 19.812757] kasan_save_alloc_info+0x3b/0x50 [ 19.813191] __kasan_kmalloc+0xb7/0xc0 [ 19.813636] __kmalloc_noprof+0x1c9/0x500 [ 19.813943] kunit_kmalloc_array+0x25/0x60 [ 19.814441] copy_user_test_oob+0xab/0x10f0 [ 19.814756] kunit_try_run_case+0x1a5/0x480 [ 19.815211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.815586] kthread+0x337/0x6f0 [ 19.815774] ret_from_fork+0x41/0x80 [ 19.816152] ret_from_fork_asm+0x1a/0x30 [ 19.816583] [ 19.816774] The buggy address belongs to the object at ffff888102b20500 [ 19.816774] which belongs to the cache kmalloc-128 of size 128 [ 19.817461] The buggy address is located 0 bytes inside of [ 19.817461] allocated 120-byte region [ffff888102b20500, ffff888102b20578) [ 19.818281] [ 19.818441] The buggy address belongs to the physical page: [ 19.818860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b20 [ 19.819649] flags: 0x200000000000000(node=0|zone=2) [ 19.819968] page_type: f5(slab) [ 19.820197] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.820497] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.821208] page dumped because: kasan: bad access detected [ 19.821460] [ 19.821585] Memory state around the buggy address: [ 19.821995] ffff888102b20400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.822636] ffff888102b20480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.823260] >ffff888102b20500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.823786] ^ [ 19.824321] ffff888102b20580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.824757] ffff888102b20600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.825347] ==================================================================