Date
July 8, 2025, 4:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.670174] ================================================================== [ 20.670267] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.670585] Write of size 121 at addr fff00000c6e6ca00 by task kunit_try_catch/287 [ 20.670729] [ 20.670810] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.670930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.671005] Hardware name: linux,dummy-virt (DT) [ 20.671061] Call trace: [ 20.671087] show_stack+0x20/0x38 (C) [ 20.671142] dump_stack_lvl+0x8c/0xd0 [ 20.671194] print_report+0x118/0x608 [ 20.671311] kasan_report+0xdc/0x128 [ 20.671373] kasan_check_range+0x100/0x1a8 [ 20.671440] __kasan_check_write+0x20/0x30 [ 20.671492] copy_user_test_oob+0x234/0xec8 [ 20.671777] kunit_try_run_case+0x170/0x3f0 [ 20.671888] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.671985] kthread+0x328/0x630 [ 20.672102] ret_from_fork+0x10/0x20 [ 20.672154] [ 20.672204] Allocated by task 287: [ 20.672249] kasan_save_stack+0x3c/0x68 [ 20.672311] kasan_save_track+0x20/0x40 [ 20.672397] kasan_save_alloc_info+0x40/0x58 [ 20.672544] __kasan_kmalloc+0xd4/0xd8 [ 20.672612] __kmalloc_noprof+0x198/0x4c8 [ 20.672654] kunit_kmalloc_array+0x34/0x88 [ 20.672694] copy_user_test_oob+0xac/0xec8 [ 20.672733] kunit_try_run_case+0x170/0x3f0 [ 20.672773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.673060] kthread+0x328/0x630 [ 20.673178] ret_from_fork+0x10/0x20 [ 20.673265] [ 20.673405] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.673405] which belongs to the cache kmalloc-128 of size 128 [ 20.673489] The buggy address is located 0 bytes inside of [ 20.673489] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.673555] [ 20.673600] The buggy address belongs to the physical page: [ 20.673644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.673711] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.673771] page_type: f5(slab) [ 20.673822] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.673874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.673917] page dumped because: kasan: bad access detected [ 20.673950] [ 20.673974] Memory state around the buggy address: [ 20.674009] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.674054] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.674115] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.674156] ^ [ 20.674209] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.674268] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.674315] ================================================================== [ 20.701634] ================================================================== [ 20.701783] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.701836] Write of size 121 at addr fff00000c6e6ca00 by task kunit_try_catch/287 [ 20.701889] [ 20.701955] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.702171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.702201] Hardware name: linux,dummy-virt (DT) [ 20.702307] Call trace: [ 20.702374] show_stack+0x20/0x38 (C) [ 20.702428] dump_stack_lvl+0x8c/0xd0 [ 20.702477] print_report+0x118/0x608 [ 20.702525] kasan_report+0xdc/0x128 [ 20.702862] kasan_check_range+0x100/0x1a8 [ 20.702952] __kasan_check_write+0x20/0x30 [ 20.703005] copy_user_test_oob+0x434/0xec8 [ 20.703076] kunit_try_run_case+0x170/0x3f0 [ 20.703162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.703225] kthread+0x328/0x630 [ 20.703280] ret_from_fork+0x10/0x20 [ 20.703374] [ 20.703542] Allocated by task 287: [ 20.703576] kasan_save_stack+0x3c/0x68 [ 20.703747] kasan_save_track+0x20/0x40 [ 20.703813] kasan_save_alloc_info+0x40/0x58 [ 20.703866] __kasan_kmalloc+0xd4/0xd8 [ 20.703904] __kmalloc_noprof+0x198/0x4c8 [ 20.703950] kunit_kmalloc_array+0x34/0x88 [ 20.703990] copy_user_test_oob+0xac/0xec8 [ 20.704029] kunit_try_run_case+0x170/0x3f0 [ 20.704069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.704116] kthread+0x328/0x630 [ 20.704155] ret_from_fork+0x10/0x20 [ 20.704206] [ 20.704239] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.704239] which belongs to the cache kmalloc-128 of size 128 [ 20.704299] The buggy address is located 0 bytes inside of [ 20.704299] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.704372] [ 20.704634] The buggy address belongs to the physical page: [ 20.704693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.704782] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.704835] page_type: f5(slab) [ 20.704876] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.705035] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.705117] page dumped because: kasan: bad access detected [ 20.705232] [ 20.705310] Memory state around the buggy address: [ 20.705387] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.705514] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.705579] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.705684] ^ [ 20.705821] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.705902] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.705980] ================================================================== [ 20.678884] ================================================================== [ 20.679170] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.679286] Read of size 121 at addr fff00000c6e6ca00 by task kunit_try_catch/287 [ 20.679405] [ 20.679446] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.679548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.679580] Hardware name: linux,dummy-virt (DT) [ 20.679612] Call trace: [ 20.679637] show_stack+0x20/0x38 (C) [ 20.679932] dump_stack_lvl+0x8c/0xd0 [ 20.680017] print_report+0x118/0x608 [ 20.680083] kasan_report+0xdc/0x128 [ 20.680146] kasan_check_range+0x100/0x1a8 [ 20.680219] __kasan_check_read+0x20/0x30 [ 20.680499] copy_user_test_oob+0x728/0xec8 [ 20.680568] kunit_try_run_case+0x170/0x3f0 [ 20.680665] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.680797] kthread+0x328/0x630 [ 20.680892] ret_from_fork+0x10/0x20 [ 20.680995] [ 20.681108] Allocated by task 287: [ 20.681186] kasan_save_stack+0x3c/0x68 [ 20.681275] kasan_save_track+0x20/0x40 [ 20.681626] kasan_save_alloc_info+0x40/0x58 [ 20.681727] __kasan_kmalloc+0xd4/0xd8 [ 20.681830] __kmalloc_noprof+0x198/0x4c8 [ 20.681969] kunit_kmalloc_array+0x34/0x88 [ 20.682055] copy_user_test_oob+0xac/0xec8 [ 20.682118] kunit_try_run_case+0x170/0x3f0 [ 20.682171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.682217] kthread+0x328/0x630 [ 20.682257] ret_from_fork+0x10/0x20 [ 20.682294] [ 20.682574] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.682574] which belongs to the cache kmalloc-128 of size 128 [ 20.682752] The buggy address is located 0 bytes inside of [ 20.682752] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.682870] [ 20.682913] The buggy address belongs to the physical page: [ 20.683029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.683093] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.683170] page_type: f5(slab) [ 20.683243] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.683636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.683751] page dumped because: kasan: bad access detected [ 20.683899] [ 20.683959] Memory state around the buggy address: [ 20.684016] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.684090] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.684145] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.684186] ^ [ 20.684237] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.684283] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.684324] ================================================================== [ 20.706517] ================================================================== [ 20.706599] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.706650] Read of size 121 at addr fff00000c6e6ca00 by task kunit_try_catch/287 [ 20.706734] [ 20.706794] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.706916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.706963] Hardware name: linux,dummy-virt (DT) [ 20.707001] Call trace: [ 20.707025] show_stack+0x20/0x38 (C) [ 20.707082] dump_stack_lvl+0x8c/0xd0 [ 20.707446] print_report+0x118/0x608 [ 20.707507] kasan_report+0xdc/0x128 [ 20.707555] kasan_check_range+0x100/0x1a8 [ 20.707613] __kasan_check_read+0x20/0x30 [ 20.707664] copy_user_test_oob+0x4a0/0xec8 [ 20.707713] kunit_try_run_case+0x170/0x3f0 [ 20.707766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.707830] kthread+0x328/0x630 [ 20.707879] ret_from_fork+0x10/0x20 [ 20.707927] [ 20.707949] Allocated by task 287: [ 20.707979] kasan_save_stack+0x3c/0x68 [ 20.708022] kasan_save_track+0x20/0x40 [ 20.708060] kasan_save_alloc_info+0x40/0x58 [ 20.708102] __kasan_kmalloc+0xd4/0xd8 [ 20.708138] __kmalloc_noprof+0x198/0x4c8 [ 20.708178] kunit_kmalloc_array+0x34/0x88 [ 20.708224] copy_user_test_oob+0xac/0xec8 [ 20.708265] kunit_try_run_case+0x170/0x3f0 [ 20.708307] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.708364] kthread+0x328/0x630 [ 20.708403] ret_from_fork+0x10/0x20 [ 20.708440] [ 20.708461] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.708461] which belongs to the cache kmalloc-128 of size 128 [ 20.708758] The buggy address is located 0 bytes inside of [ 20.708758] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.708925] [ 20.709003] The buggy address belongs to the physical page: [ 20.709135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.709190] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.709239] page_type: f5(slab) [ 20.709279] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.709344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.709388] page dumped because: kasan: bad access detected [ 20.709422] [ 20.709469] Memory state around the buggy address: [ 20.709503] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.709648] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.709746] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.709893] ^ [ 20.709961] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.710063] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.710368] ================================================================== [ 20.695589] ================================================================== [ 20.695652] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.695704] Read of size 121 at addr fff00000c6e6ca00 by task kunit_try_catch/287 [ 20.695780] [ 20.695934] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.696094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.696126] Hardware name: linux,dummy-virt (DT) [ 20.696187] Call trace: [ 20.696294] show_stack+0x20/0x38 (C) [ 20.696404] dump_stack_lvl+0x8c/0xd0 [ 20.696528] print_report+0x118/0x608 [ 20.696613] kasan_report+0xdc/0x128 [ 20.696672] kasan_check_range+0x100/0x1a8 [ 20.696721] __kasan_check_read+0x20/0x30 [ 20.696768] copy_user_test_oob+0x3c8/0xec8 [ 20.696928] kunit_try_run_case+0x170/0x3f0 [ 20.697060] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.697161] kthread+0x328/0x630 [ 20.697289] ret_from_fork+0x10/0x20 [ 20.697483] [ 20.697542] Allocated by task 287: [ 20.697602] kasan_save_stack+0x3c/0x68 [ 20.697645] kasan_save_track+0x20/0x40 [ 20.697696] kasan_save_alloc_info+0x40/0x58 [ 20.697771] __kasan_kmalloc+0xd4/0xd8 [ 20.698099] __kmalloc_noprof+0x198/0x4c8 [ 20.698188] kunit_kmalloc_array+0x34/0x88 [ 20.698260] copy_user_test_oob+0xac/0xec8 [ 20.698432] kunit_try_run_case+0x170/0x3f0 [ 20.698504] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.698666] kthread+0x328/0x630 [ 20.698753] ret_from_fork+0x10/0x20 [ 20.698827] [ 20.698958] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.698958] which belongs to the cache kmalloc-128 of size 128 [ 20.699019] The buggy address is located 0 bytes inside of [ 20.699019] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.699082] [ 20.699104] The buggy address belongs to the physical page: [ 20.699138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.699451] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.699562] page_type: f5(slab) [ 20.699641] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.699789] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.699866] page dumped because: kasan: bad access detected [ 20.699928] [ 20.699979] Memory state around the buggy address: [ 20.700223] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.700388] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.700475] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.700619] ^ [ 20.700688] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.700769] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.700836] ================================================================== [ 20.689760] ================================================================== [ 20.689875] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.689929] Write of size 121 at addr fff00000c6e6ca00 by task kunit_try_catch/287 [ 20.689999] [ 20.690032] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.690505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.690549] Hardware name: linux,dummy-virt (DT) [ 20.690688] Call trace: [ 20.690737] show_stack+0x20/0x38 (C) [ 20.690801] dump_stack_lvl+0x8c/0xd0 [ 20.690891] print_report+0x118/0x608 [ 20.690956] kasan_report+0xdc/0x128 [ 20.691022] kasan_check_range+0x100/0x1a8 [ 20.691073] __kasan_check_write+0x20/0x30 [ 20.691128] copy_user_test_oob+0x35c/0xec8 [ 20.691210] kunit_try_run_case+0x170/0x3f0 [ 20.691267] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.691361] kthread+0x328/0x630 [ 20.691412] ret_from_fork+0x10/0x20 [ 20.691660] [ 20.691711] Allocated by task 287: [ 20.691760] kasan_save_stack+0x3c/0x68 [ 20.691804] kasan_save_track+0x20/0x40 [ 20.691861] kasan_save_alloc_info+0x40/0x58 [ 20.691924] __kasan_kmalloc+0xd4/0xd8 [ 20.692008] __kmalloc_noprof+0x198/0x4c8 [ 20.692065] kunit_kmalloc_array+0x34/0x88 [ 20.692109] copy_user_test_oob+0xac/0xec8 [ 20.692146] kunit_try_run_case+0x170/0x3f0 [ 20.692188] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.692360] kthread+0x328/0x630 [ 20.692419] ret_from_fork+0x10/0x20 [ 20.692458] [ 20.692480] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.692480] which belongs to the cache kmalloc-128 of size 128 [ 20.692539] The buggy address is located 0 bytes inside of [ 20.692539] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.692602] [ 20.692967] The buggy address belongs to the physical page: [ 20.693044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.693193] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.693287] page_type: f5(slab) [ 20.693645] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.693741] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.693810] page dumped because: kasan: bad access detected [ 20.693872] [ 20.693969] Memory state around the buggy address: [ 20.694025] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.694090] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.694157] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.694276] ^ [ 20.694349] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.694420] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.694462] ==================================================================
[ 15.490365] ================================================================== [ 15.490782] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.491125] Write of size 121 at addr ffff888103606900 by task kunit_try_catch/305 [ 15.491449] [ 15.491546] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.491612] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.491626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.491649] Call Trace: [ 15.491664] <TASK> [ 15.491681] dump_stack_lvl+0x73/0xb0 [ 15.491706] print_report+0xd1/0x650 [ 15.491730] ? __virt_addr_valid+0x1db/0x2d0 [ 15.491752] ? copy_user_test_oob+0x557/0x10f0 [ 15.491774] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.491800] ? copy_user_test_oob+0x557/0x10f0 [ 15.491822] kasan_report+0x141/0x180 [ 15.491846] ? copy_user_test_oob+0x557/0x10f0 [ 15.491885] kasan_check_range+0x10c/0x1c0 [ 15.491907] __kasan_check_write+0x18/0x20 [ 15.491929] copy_user_test_oob+0x557/0x10f0 [ 15.491953] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.491974] ? finish_task_switch.isra.0+0x153/0x700 [ 15.491999] ? __switch_to+0x5d9/0xf60 [ 15.492020] ? dequeue_task_fair+0x156/0x4e0 [ 15.492046] ? __schedule+0x10cc/0x2b60 [ 15.492070] ? __pfx_read_tsc+0x10/0x10 [ 15.492093] ? ktime_get_ts64+0x86/0x230 [ 15.492122] kunit_try_run_case+0x1a5/0x480 [ 15.492147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.492169] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.492194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.492220] ? __kthread_parkme+0x82/0x180 [ 15.492244] ? preempt_count_sub+0x50/0x80 [ 15.492269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.492292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.492317] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.492343] kthread+0x337/0x6f0 [ 15.492362] ? trace_preempt_on+0x20/0xc0 [ 15.492386] ? __pfx_kthread+0x10/0x10 [ 15.492406] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.492429] ? calculate_sigpending+0x7b/0xa0 [ 15.492451] ? __pfx_kthread+0x10/0x10 [ 15.492471] ret_from_fork+0x41/0x80 [ 15.492492] ? __pfx_kthread+0x10/0x10 [ 15.492512] ret_from_fork_asm+0x1a/0x30 [ 15.492555] </TASK> [ 15.492567] [ 15.499794] Allocated by task 305: [ 15.499960] kasan_save_stack+0x45/0x70 [ 15.500109] kasan_save_track+0x18/0x40 [ 15.500247] kasan_save_alloc_info+0x3b/0x50 [ 15.500395] __kasan_kmalloc+0xb7/0xc0 [ 15.500588] __kmalloc_noprof+0x1c9/0x500 [ 15.500899] kunit_kmalloc_array+0x25/0x60 [ 15.501349] copy_user_test_oob+0xab/0x10f0 [ 15.501529] kunit_try_run_case+0x1a5/0x480 [ 15.501677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.501855] kthread+0x337/0x6f0 [ 15.502727] ret_from_fork+0x41/0x80 [ 15.502932] ret_from_fork_asm+0x1a/0x30 [ 15.503132] [ 15.503232] The buggy address belongs to the object at ffff888103606900 [ 15.503232] which belongs to the cache kmalloc-128 of size 128 [ 15.504271] The buggy address is located 0 bytes inside of [ 15.504271] allocated 120-byte region [ffff888103606900, ffff888103606978) [ 15.504996] [ 15.505096] The buggy address belongs to the physical page: [ 15.505329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103606 [ 15.506053] flags: 0x200000000000000(node=0|zone=2) [ 15.506311] page_type: f5(slab) [ 15.506597] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.507201] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.507909] page dumped because: kasan: bad access detected [ 15.508150] [ 15.508243] Memory state around the buggy address: [ 15.508450] ffff888103606800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.509024] ffff888103606880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.509528] >ffff888103606900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.509963] ^ [ 15.510267] ffff888103606980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.510848] ffff888103606a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.511312] ================================================================== [ 15.512565] ================================================================== [ 15.512934] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.513360] Read of size 121 at addr ffff888103606900 by task kunit_try_catch/305 [ 15.514024] [ 15.514334] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.514394] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.514409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.514433] Call Trace: [ 15.514450] <TASK> [ 15.514467] dump_stack_lvl+0x73/0xb0 [ 15.514531] print_report+0xd1/0x650 [ 15.514556] ? __virt_addr_valid+0x1db/0x2d0 [ 15.514580] ? copy_user_test_oob+0x604/0x10f0 [ 15.514602] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.514626] ? copy_user_test_oob+0x604/0x10f0 [ 15.514648] kasan_report+0x141/0x180 [ 15.514673] ? copy_user_test_oob+0x604/0x10f0 [ 15.514700] kasan_check_range+0x10c/0x1c0 [ 15.514723] __kasan_check_read+0x15/0x20 [ 15.514745] copy_user_test_oob+0x604/0x10f0 [ 15.514769] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.514790] ? finish_task_switch.isra.0+0x153/0x700 [ 15.514816] ? __switch_to+0x5d9/0xf60 [ 15.514838] ? dequeue_task_fair+0x156/0x4e0 [ 15.514864] ? __schedule+0x10cc/0x2b60 [ 15.514899] ? __pfx_read_tsc+0x10/0x10 [ 15.514921] ? ktime_get_ts64+0x86/0x230 [ 15.514947] kunit_try_run_case+0x1a5/0x480 [ 15.514970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514991] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.515017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.515042] ? __kthread_parkme+0x82/0x180 [ 15.515065] ? preempt_count_sub+0x50/0x80 [ 15.515091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.515114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.515140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.515167] kthread+0x337/0x6f0 [ 15.515185] ? trace_preempt_on+0x20/0xc0 [ 15.515209] ? __pfx_kthread+0x10/0x10 [ 15.515229] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.515252] ? calculate_sigpending+0x7b/0xa0 [ 15.515274] ? __pfx_kthread+0x10/0x10 [ 15.515295] ret_from_fork+0x41/0x80 [ 15.515317] ? __pfx_kthread+0x10/0x10 [ 15.515337] ret_from_fork_asm+0x1a/0x30 [ 15.515368] </TASK> [ 15.515381] [ 15.526683] Allocated by task 305: [ 15.526868] kasan_save_stack+0x45/0x70 [ 15.527071] kasan_save_track+0x18/0x40 [ 15.527257] kasan_save_alloc_info+0x3b/0x50 [ 15.527460] __kasan_kmalloc+0xb7/0xc0 [ 15.527945] __kmalloc_noprof+0x1c9/0x500 [ 15.528277] kunit_kmalloc_array+0x25/0x60 [ 15.528707] copy_user_test_oob+0xab/0x10f0 [ 15.529135] kunit_try_run_case+0x1a5/0x480 [ 15.529410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.529840] kthread+0x337/0x6f0 [ 15.530029] ret_from_fork+0x41/0x80 [ 15.530205] ret_from_fork_asm+0x1a/0x30 [ 15.530396] [ 15.530495] The buggy address belongs to the object at ffff888103606900 [ 15.530495] which belongs to the cache kmalloc-128 of size 128 [ 15.531014] The buggy address is located 0 bytes inside of [ 15.531014] allocated 120-byte region [ffff888103606900, ffff888103606978) [ 15.531906] [ 15.532019] The buggy address belongs to the physical page: [ 15.532445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103606 [ 15.533178] flags: 0x200000000000000(node=0|zone=2) [ 15.533738] page_type: f5(slab) [ 15.534043] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.534555] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.535175] page dumped because: kasan: bad access detected [ 15.535485] [ 15.535728] Memory state around the buggy address: [ 15.535973] ffff888103606800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.536269] ffff888103606880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.536847] >ffff888103606900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.537307] ^ [ 15.537863] ffff888103606980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.538489] ffff888103606a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.538833] ================================================================== [ 15.441449] ================================================================== [ 15.441798] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.442160] Write of size 121 at addr ffff888103606900 by task kunit_try_catch/305 [ 15.442502] [ 15.442630] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.442677] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.442713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.442736] Call Trace: [ 15.442752] <TASK> [ 15.442769] dump_stack_lvl+0x73/0xb0 [ 15.442797] print_report+0xd1/0x650 [ 15.442823] ? __virt_addr_valid+0x1db/0x2d0 [ 15.442848] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.442905] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.442932] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.442954] kasan_report+0x141/0x180 [ 15.442979] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.443006] kasan_check_range+0x10c/0x1c0 [ 15.443029] __kasan_check_write+0x18/0x20 [ 15.443051] copy_user_test_oob+0x3fd/0x10f0 [ 15.443075] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.443096] ? finish_task_switch.isra.0+0x153/0x700 [ 15.443123] ? __switch_to+0x5d9/0xf60 [ 15.443144] ? dequeue_task_fair+0x156/0x4e0 [ 15.443170] ? __schedule+0x10cc/0x2b60 [ 15.443196] ? __pfx_read_tsc+0x10/0x10 [ 15.443217] ? ktime_get_ts64+0x86/0x230 [ 15.443263] kunit_try_run_case+0x1a5/0x480 [ 15.443286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.443307] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.443333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.443361] ? __kthread_parkme+0x82/0x180 [ 15.443384] ? preempt_count_sub+0x50/0x80 [ 15.443410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.443452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.443478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.443504] kthread+0x337/0x6f0 [ 15.443522] ? trace_preempt_on+0x20/0xc0 [ 15.443547] ? __pfx_kthread+0x10/0x10 [ 15.443567] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.443597] ? calculate_sigpending+0x7b/0xa0 [ 15.443621] ? __pfx_kthread+0x10/0x10 [ 15.443640] ret_from_fork+0x41/0x80 [ 15.443662] ? __pfx_kthread+0x10/0x10 [ 15.443682] ret_from_fork_asm+0x1a/0x30 [ 15.443716] </TASK> [ 15.443728] [ 15.451428] Allocated by task 305: [ 15.451613] kasan_save_stack+0x45/0x70 [ 15.451825] kasan_save_track+0x18/0x40 [ 15.451993] kasan_save_alloc_info+0x3b/0x50 [ 15.452226] __kasan_kmalloc+0xb7/0xc0 [ 15.452426] __kmalloc_noprof+0x1c9/0x500 [ 15.452654] kunit_kmalloc_array+0x25/0x60 [ 15.452857] copy_user_test_oob+0xab/0x10f0 [ 15.453015] kunit_try_run_case+0x1a5/0x480 [ 15.453162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.453421] kthread+0x337/0x6f0 [ 15.453676] ret_from_fork+0x41/0x80 [ 15.453920] ret_from_fork_asm+0x1a/0x30 [ 15.454137] [ 15.454213] The buggy address belongs to the object at ffff888103606900 [ 15.454213] which belongs to the cache kmalloc-128 of size 128 [ 15.454856] The buggy address is located 0 bytes inside of [ 15.454856] allocated 120-byte region [ffff888103606900, ffff888103606978) [ 15.455398] [ 15.455530] The buggy address belongs to the physical page: [ 15.455752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103606 [ 15.456101] flags: 0x200000000000000(node=0|zone=2) [ 15.456343] page_type: f5(slab) [ 15.456468] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.456704] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.456958] page dumped because: kasan: bad access detected [ 15.457134] [ 15.458008] Memory state around the buggy address: [ 15.458291] ffff888103606800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.458626] ffff888103606880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.459693] >ffff888103606900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.459939] ^ [ 15.461035] ffff888103606980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.461304] ffff888103606a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.461537] ================================================================== [ 15.462003] ================================================================== [ 15.463682] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.464240] Read of size 121 at addr ffff888103606900 by task kunit_try_catch/305 [ 15.464476] [ 15.465044] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.465097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.465112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.465145] Call Trace: [ 15.465162] <TASK> [ 15.465178] dump_stack_lvl+0x73/0xb0 [ 15.465206] print_report+0xd1/0x650 [ 15.465231] ? __virt_addr_valid+0x1db/0x2d0 [ 15.465255] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.465277] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.465302] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.465324] kasan_report+0x141/0x180 [ 15.465349] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.465375] kasan_check_range+0x10c/0x1c0 [ 15.465399] __kasan_check_read+0x15/0x20 [ 15.465420] copy_user_test_oob+0x4aa/0x10f0 [ 15.465445] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.465466] ? finish_task_switch.isra.0+0x153/0x700 [ 15.465491] ? __switch_to+0x5d9/0xf60 [ 15.465662] ? dequeue_task_fair+0x156/0x4e0 [ 15.465691] ? __schedule+0x10cc/0x2b60 [ 15.465718] ? __pfx_read_tsc+0x10/0x10 [ 15.465740] ? ktime_get_ts64+0x86/0x230 [ 15.465801] kunit_try_run_case+0x1a5/0x480 [ 15.465828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.465850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.465890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.465927] ? __kthread_parkme+0x82/0x180 [ 15.465951] ? preempt_count_sub+0x50/0x80 [ 15.465988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.466011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.466036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.466062] kthread+0x337/0x6f0 [ 15.466081] ? trace_preempt_on+0x20/0xc0 [ 15.466106] ? __pfx_kthread+0x10/0x10 [ 15.466126] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.466150] ? calculate_sigpending+0x7b/0xa0 [ 15.466173] ? __pfx_kthread+0x10/0x10 [ 15.466193] ret_from_fork+0x41/0x80 [ 15.466214] ? __pfx_kthread+0x10/0x10 [ 15.466234] ret_from_fork_asm+0x1a/0x30 [ 15.466265] </TASK> [ 15.466278] [ 15.479022] Allocated by task 305: [ 15.479390] kasan_save_stack+0x45/0x70 [ 15.479735] kasan_save_track+0x18/0x40 [ 15.479950] kasan_save_alloc_info+0x3b/0x50 [ 15.480361] __kasan_kmalloc+0xb7/0xc0 [ 15.480543] __kmalloc_noprof+0x1c9/0x500 [ 15.480985] kunit_kmalloc_array+0x25/0x60 [ 15.481173] copy_user_test_oob+0xab/0x10f0 [ 15.481476] kunit_try_run_case+0x1a5/0x480 [ 15.481958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.482389] kthread+0x337/0x6f0 [ 15.482591] ret_from_fork+0x41/0x80 [ 15.482961] ret_from_fork_asm+0x1a/0x30 [ 15.483102] [ 15.483176] The buggy address belongs to the object at ffff888103606900 [ 15.483176] which belongs to the cache kmalloc-128 of size 128 [ 15.483531] The buggy address is located 0 bytes inside of [ 15.483531] allocated 120-byte region [ffff888103606900, ffff888103606978) [ 15.484621] [ 15.484794] The buggy address belongs to the physical page: [ 15.485300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103606 [ 15.486017] flags: 0x200000000000000(node=0|zone=2) [ 15.486476] page_type: f5(slab) [ 15.486844] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.487483] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.487727] page dumped because: kasan: bad access detected [ 15.487909] [ 15.487979] Memory state around the buggy address: [ 15.488130] ffff888103606800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.488340] ffff888103606880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.488563] >ffff888103606900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.488777] ^ [ 15.489103] ffff888103606980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.489369] ffff888103606a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.489844] ==================================================================