Date
July 15, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.152197] ================================================================== [ 21.152663] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.152964] Write of size 121 at addr fff00000c59cb700 by task kunit_try_catch/287 [ 21.153166] [ 21.153250] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.153511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.153758] Hardware name: linux,dummy-virt (DT) [ 21.153814] Call trace: [ 21.153994] show_stack+0x20/0x38 (C) [ 21.154148] dump_stack_lvl+0x8c/0xd0 [ 21.154340] print_report+0x118/0x5d0 [ 21.154712] kasan_report+0xdc/0x128 [ 21.154876] kasan_check_range+0x100/0x1a8 [ 21.154944] __kasan_check_write+0x20/0x30 [ 21.154993] copy_user_test_oob+0x434/0xec8 [ 21.155051] kunit_try_run_case+0x170/0x3f0 [ 21.155101] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.155158] kthread+0x328/0x630 [ 21.155225] ret_from_fork+0x10/0x20 [ 21.155277] [ 21.155298] Allocated by task 287: [ 21.155344] kasan_save_stack+0x3c/0x68 [ 21.155386] kasan_save_track+0x20/0x40 [ 21.155438] kasan_save_alloc_info+0x40/0x58 [ 21.155480] __kasan_kmalloc+0xd4/0xd8 [ 21.155528] __kmalloc_noprof+0x198/0x4c8 [ 21.155582] kunit_kmalloc_array+0x34/0x88 [ 21.155624] copy_user_test_oob+0xac/0xec8 [ 21.155661] kunit_try_run_case+0x170/0x3f0 [ 21.155710] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.155758] kthread+0x328/0x630 [ 21.155795] ret_from_fork+0x10/0x20 [ 21.155832] [ 21.155864] The buggy address belongs to the object at fff00000c59cb700 [ 21.155864] which belongs to the cache kmalloc-128 of size 128 [ 21.155927] The buggy address is located 0 bytes inside of [ 21.155927] allocated 120-byte region [fff00000c59cb700, fff00000c59cb778) [ 21.156005] [ 21.156048] The buggy address belongs to the physical page: [ 21.156090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.156156] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.156222] page_type: f5(slab) [ 21.156262] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.156316] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.156371] page dumped because: kasan: bad access detected [ 21.156416] [ 21.156437] Memory state around the buggy address: [ 21.156471] fff00000c59cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.156518] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.156565] >fff00000c59cb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.156607] ^ [ 21.156659] fff00000c59cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.156706] fff00000c59cb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.156750] ================================================================== [ 21.157958] ================================================================== [ 21.158013] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.158241] Read of size 121 at addr fff00000c59cb700 by task kunit_try_catch/287 [ 21.158318] [ 21.158349] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.158435] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.158463] Hardware name: linux,dummy-virt (DT) [ 21.158494] Call trace: [ 21.158733] show_stack+0x20/0x38 (C) [ 21.158802] dump_stack_lvl+0x8c/0xd0 [ 21.159270] print_report+0x118/0x5d0 [ 21.159323] kasan_report+0xdc/0x128 [ 21.159490] kasan_check_range+0x100/0x1a8 [ 21.159835] __kasan_check_read+0x20/0x30 [ 21.159918] copy_user_test_oob+0x4a0/0xec8 [ 21.160049] kunit_try_run_case+0x170/0x3f0 [ 21.160102] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.160166] kthread+0x328/0x630 [ 21.160230] ret_from_fork+0x10/0x20 [ 21.160283] [ 21.160304] Allocated by task 287: [ 21.160332] kasan_save_stack+0x3c/0x68 [ 21.160376] kasan_save_track+0x20/0x40 [ 21.160413] kasan_save_alloc_info+0x40/0x58 [ 21.160456] __kasan_kmalloc+0xd4/0xd8 [ 21.160494] __kmalloc_noprof+0x198/0x4c8 [ 21.160530] kunit_kmalloc_array+0x34/0x88 [ 21.161241] copy_user_test_oob+0xac/0xec8 [ 21.161305] kunit_try_run_case+0x170/0x3f0 [ 21.161699] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.162029] kthread+0x328/0x630 [ 21.162181] ret_from_fork+0x10/0x20 [ 21.162280] [ 21.162303] The buggy address belongs to the object at fff00000c59cb700 [ 21.162303] which belongs to the cache kmalloc-128 of size 128 [ 21.162375] The buggy address is located 0 bytes inside of [ 21.162375] allocated 120-byte region [fff00000c59cb700, fff00000c59cb778) [ 21.162794] [ 21.162843] The buggy address belongs to the physical page: [ 21.163043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.163174] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.163362] page_type: f5(slab) [ 21.163451] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.163631] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.163681] page dumped because: kasan: bad access detected [ 21.163875] [ 21.164121] Memory state around the buggy address: [ 21.164193] fff00000c59cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.164522] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.164816] >fff00000c59cb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.165185] ^ [ 21.165519] fff00000c59cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.165754] fff00000c59cb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.165984] ================================================================== [ 21.102335] ================================================================== [ 21.103029] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.103427] Write of size 121 at addr fff00000c59cb700 by task kunit_try_catch/287 [ 21.103493] [ 21.103836] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.104013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.104058] Hardware name: linux,dummy-virt (DT) [ 21.104093] Call trace: [ 21.104458] show_stack+0x20/0x38 (C) [ 21.104771] dump_stack_lvl+0x8c/0xd0 [ 21.104950] print_report+0x118/0x5d0 [ 21.105331] kasan_report+0xdc/0x128 [ 21.105413] kasan_check_range+0x100/0x1a8 [ 21.105543] __kasan_check_write+0x20/0x30 [ 21.105687] copy_user_test_oob+0x234/0xec8 [ 21.105764] kunit_try_run_case+0x170/0x3f0 [ 21.105831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.105889] kthread+0x328/0x630 [ 21.106283] ret_from_fork+0x10/0x20 [ 21.106395] [ 21.106719] Allocated by task 287: [ 21.106797] kasan_save_stack+0x3c/0x68 [ 21.107223] kasan_save_track+0x20/0x40 [ 21.107414] kasan_save_alloc_info+0x40/0x58 [ 21.107491] __kasan_kmalloc+0xd4/0xd8 [ 21.107531] __kmalloc_noprof+0x198/0x4c8 [ 21.107573] kunit_kmalloc_array+0x34/0x88 [ 21.107626] copy_user_test_oob+0xac/0xec8 [ 21.107670] kunit_try_run_case+0x170/0x3f0 [ 21.107713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.107767] kthread+0x328/0x630 [ 21.107822] ret_from_fork+0x10/0x20 [ 21.107867] [ 21.107890] The buggy address belongs to the object at fff00000c59cb700 [ 21.107890] which belongs to the cache kmalloc-128 of size 128 [ 21.107964] The buggy address is located 0 bytes inside of [ 21.107964] allocated 120-byte region [fff00000c59cb700, fff00000c59cb778) [ 21.108039] [ 21.108073] The buggy address belongs to the physical page: [ 21.108131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.108229] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.108286] page_type: f5(slab) [ 21.108351] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.108411] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.108456] page dumped because: kasan: bad access detected [ 21.108490] [ 21.108518] Memory state around the buggy address: [ 21.108569] fff00000c59cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.108621] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.108668] >fff00000c59cb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.108710] ^ [ 21.108753] fff00000c59cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.108804] fff00000c59cb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.108857] ================================================================== [ 21.134625] ================================================================== [ 21.134690] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.135015] Write of size 121 at addr fff00000c59cb700 by task kunit_try_catch/287 [ 21.135403] [ 21.135482] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.135670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.135701] Hardware name: linux,dummy-virt (DT) [ 21.135736] Call trace: [ 21.135762] show_stack+0x20/0x38 (C) [ 21.135886] dump_stack_lvl+0x8c/0xd0 [ 21.135937] print_report+0x118/0x5d0 [ 21.135983] kasan_report+0xdc/0x128 [ 21.136030] kasan_check_range+0x100/0x1a8 [ 21.136077] __kasan_check_write+0x20/0x30 [ 21.136137] copy_user_test_oob+0x35c/0xec8 [ 21.136186] kunit_try_run_case+0x170/0x3f0 [ 21.136261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.136319] kthread+0x328/0x630 [ 21.136365] ret_from_fork+0x10/0x20 [ 21.136412] [ 21.136442] Allocated by task 287: [ 21.136472] kasan_save_stack+0x3c/0x68 [ 21.136525] kasan_save_track+0x20/0x40 [ 21.136563] kasan_save_alloc_info+0x40/0x58 [ 21.136604] __kasan_kmalloc+0xd4/0xd8 [ 21.136640] __kmalloc_noprof+0x198/0x4c8 [ 21.136678] kunit_kmalloc_array+0x34/0x88 [ 21.136725] copy_user_test_oob+0xac/0xec8 [ 21.136764] kunit_try_run_case+0x170/0x3f0 [ 21.136805] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.136859] kthread+0x328/0x630 [ 21.136898] ret_from_fork+0x10/0x20 [ 21.136935] [ 21.136957] The buggy address belongs to the object at fff00000c59cb700 [ 21.136957] which belongs to the cache kmalloc-128 of size 128 [ 21.137024] The buggy address is located 0 bytes inside of [ 21.137024] allocated 120-byte region [fff00000c59cb700, fff00000c59cb778) [ 21.137099] [ 21.137130] The buggy address belongs to the physical page: [ 21.137167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.137240] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.137291] page_type: f5(slab) [ 21.137329] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.137921] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.138439] page dumped because: kasan: bad access detected [ 21.138737] [ 21.139022] Memory state around the buggy address: [ 21.139509] fff00000c59cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.139695] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.139779] >fff00000c59cb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.139989] ^ [ 21.140149] fff00000c59cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.140216] fff00000c59cb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.140889] ================================================================== [ 21.115694] ================================================================== [ 21.115756] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.115835] Read of size 121 at addr fff00000c59cb700 by task kunit_try_catch/287 [ 21.115898] [ 21.115933] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.116369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.116421] Hardware name: linux,dummy-virt (DT) [ 21.116459] Call trace: [ 21.116485] show_stack+0x20/0x38 (C) [ 21.116596] dump_stack_lvl+0x8c/0xd0 [ 21.116651] print_report+0x118/0x5d0 [ 21.116697] kasan_report+0xdc/0x128 [ 21.116795] kasan_check_range+0x100/0x1a8 [ 21.116849] __kasan_check_read+0x20/0x30 [ 21.116906] copy_user_test_oob+0x728/0xec8 [ 21.116972] kunit_try_run_case+0x170/0x3f0 [ 21.117025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.117082] kthread+0x328/0x630 [ 21.117127] ret_from_fork+0x10/0x20 [ 21.117542] [ 21.117596] Allocated by task 287: [ 21.117703] kasan_save_stack+0x3c/0x68 [ 21.117793] kasan_save_track+0x20/0x40 [ 21.118154] kasan_save_alloc_info+0x40/0x58 [ 21.118314] __kasan_kmalloc+0xd4/0xd8 [ 21.118474] __kmalloc_noprof+0x198/0x4c8 [ 21.118561] kunit_kmalloc_array+0x34/0x88 [ 21.118602] copy_user_test_oob+0xac/0xec8 [ 21.118674] kunit_try_run_case+0x170/0x3f0 [ 21.118977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.119176] kthread+0x328/0x630 [ 21.119343] ret_from_fork+0x10/0x20 [ 21.119432] [ 21.119490] The buggy address belongs to the object at fff00000c59cb700 [ 21.119490] which belongs to the cache kmalloc-128 of size 128 [ 21.119722] The buggy address is located 0 bytes inside of [ 21.119722] allocated 120-byte region [fff00000c59cb700, fff00000c59cb778) [ 21.119993] [ 21.120064] The buggy address belongs to the physical page: [ 21.120232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.120346] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.120403] page_type: f5(slab) [ 21.120952] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.121182] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.121288] page dumped because: kasan: bad access detected [ 21.121428] [ 21.121480] Memory state around the buggy address: [ 21.121554] fff00000c59cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.121604] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.121651] >fff00000c59cb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.121693] ^ [ 21.121739] fff00000c59cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.122413] fff00000c59cb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.122519] ================================================================== [ 21.142005] ================================================================== [ 21.142421] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.142490] Read of size 121 at addr fff00000c59cb700 by task kunit_try_catch/287 [ 21.142546] [ 21.142579] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.143232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.143287] Hardware name: linux,dummy-virt (DT) [ 21.143323] Call trace: [ 21.143347] show_stack+0x20/0x38 (C) [ 21.143400] dump_stack_lvl+0x8c/0xd0 [ 21.143991] print_report+0x118/0x5d0 [ 21.144064] kasan_report+0xdc/0x128 [ 21.144286] kasan_check_range+0x100/0x1a8 [ 21.144350] __kasan_check_read+0x20/0x30 [ 21.144402] copy_user_test_oob+0x3c8/0xec8 [ 21.144674] kunit_try_run_case+0x170/0x3f0 [ 21.144904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.145073] kthread+0x328/0x630 [ 21.145184] ret_from_fork+0x10/0x20 [ 21.145252] [ 21.145273] Allocated by task 287: [ 21.145308] kasan_save_stack+0x3c/0x68 [ 21.145688] kasan_save_track+0x20/0x40 [ 21.145988] kasan_save_alloc_info+0x40/0x58 [ 21.146185] __kasan_kmalloc+0xd4/0xd8 [ 21.146374] __kmalloc_noprof+0x198/0x4c8 [ 21.146455] kunit_kmalloc_array+0x34/0x88 [ 21.146544] copy_user_test_oob+0xac/0xec8 [ 21.146586] kunit_try_run_case+0x170/0x3f0 [ 21.146991] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.147312] kthread+0x328/0x630 [ 21.147394] ret_from_fork+0x10/0x20 [ 21.147504] [ 21.147674] The buggy address belongs to the object at fff00000c59cb700 [ 21.147674] which belongs to the cache kmalloc-128 of size 128 [ 21.147897] The buggy address is located 0 bytes inside of [ 21.147897] allocated 120-byte region [fff00000c59cb700, fff00000c59cb778) [ 21.148174] [ 21.148225] The buggy address belongs to the physical page: [ 21.148318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.148497] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.148894] page_type: f5(slab) [ 21.148952] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.149050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.149129] page dumped because: kasan: bad access detected [ 21.149165] [ 21.149234] Memory state around the buggy address: [ 21.149809] fff00000c59cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.149871] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.149917] >fff00000c59cb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.149960] ^ [ 21.150342] fff00000c59cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.150423] fff00000c59cb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.150486] ==================================================================
[ 14.902783] ================================================================== [ 14.903140] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 14.903422] Read of size 121 at addr ffff888103a34500 by task kunit_try_catch/304 [ 14.903644] [ 14.903772] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 14.903813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.903825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.903844] Call Trace: [ 14.903858] <TASK> [ 14.903872] dump_stack_lvl+0x73/0xb0 [ 14.903907] print_report+0xd1/0x610 [ 14.903929] ? __virt_addr_valid+0x1db/0x2d0 [ 14.903952] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.903972] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.903995] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.904017] kasan_report+0x141/0x180 [ 14.904039] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.904064] kasan_check_range+0x10c/0x1c0 [ 14.904084] __kasan_check_read+0x15/0x20 [ 14.904104] copy_user_test_oob+0x4aa/0x10f0 [ 14.904127] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.904147] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.904172] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.904198] kunit_try_run_case+0x1a5/0x480 [ 14.904219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.904237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.904262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.904286] ? __kthread_parkme+0x82/0x180 [ 14.904307] ? preempt_count_sub+0x50/0x80 [ 14.904332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.904352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.904376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.904401] kthread+0x337/0x6f0 [ 14.904417] ? trace_preempt_on+0x20/0xc0 [ 14.904441] ? __pfx_kthread+0x10/0x10 [ 14.904459] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.904481] ? calculate_sigpending+0x7b/0xa0 [ 14.904502] ? __pfx_kthread+0x10/0x10 [ 14.904521] ret_from_fork+0x41/0x80 [ 14.904542] ? __pfx_kthread+0x10/0x10 [ 14.904560] ret_from_fork_asm+0x1a/0x30 [ 14.904591] </TASK> [ 14.904602] [ 14.911437] Allocated by task 304: [ 14.911632] kasan_save_stack+0x45/0x70 [ 14.911846] kasan_save_track+0x18/0x40 [ 14.912070] kasan_save_alloc_info+0x3b/0x50 [ 14.912304] __kasan_kmalloc+0xb7/0xc0 [ 14.912504] __kmalloc_noprof+0x1c9/0x500 [ 14.912706] kunit_kmalloc_array+0x25/0x60 [ 14.912937] copy_user_test_oob+0xab/0x10f0 [ 14.913156] kunit_try_run_case+0x1a5/0x480 [ 14.913372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.913539] kthread+0x337/0x6f0 [ 14.913685] ret_from_fork+0x41/0x80 [ 14.913930] ret_from_fork_asm+0x1a/0x30 [ 14.914130] [ 14.914241] The buggy address belongs to the object at ffff888103a34500 [ 14.914241] which belongs to the cache kmalloc-128 of size 128 [ 14.914757] The buggy address is located 0 bytes inside of [ 14.914757] allocated 120-byte region [ffff888103a34500, ffff888103a34578) [ 14.915307] [ 14.915402] The buggy address belongs to the physical page: [ 14.915615] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a34 [ 14.915868] flags: 0x200000000000000(node=0|zone=2) [ 14.916128] page_type: f5(slab) [ 14.916293] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.916651] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.917065] page dumped because: kasan: bad access detected [ 14.917277] [ 14.917348] Memory state around the buggy address: [ 14.917563] ffff888103a34400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.917873] ffff888103a34480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.918202] >ffff888103a34500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.918506] ^ [ 14.918739] ffff888103a34580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.918955] ffff888103a34600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.919159] ================================================================== [ 14.886081] ================================================================== [ 14.886401] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 14.886712] Write of size 121 at addr ffff888103a34500 by task kunit_try_catch/304 [ 14.887077] [ 14.887186] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 14.887231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.887244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.887265] Call Trace: [ 14.887277] <TASK> [ 14.887292] dump_stack_lvl+0x73/0xb0 [ 14.887317] print_report+0xd1/0x610 [ 14.887341] ? __virt_addr_valid+0x1db/0x2d0 [ 14.887362] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.887382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.887405] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.887426] kasan_report+0x141/0x180 [ 14.887449] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.887475] kasan_check_range+0x10c/0x1c0 [ 14.887495] __kasan_check_write+0x18/0x20 [ 14.887515] copy_user_test_oob+0x3fd/0x10f0 [ 14.887537] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.887557] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.887584] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.887608] kunit_try_run_case+0x1a5/0x480 [ 14.887631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.887650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.887675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.887699] ? __kthread_parkme+0x82/0x180 [ 14.887721] ? preempt_count_sub+0x50/0x80 [ 14.887746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.887767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.887791] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.887814] kthread+0x337/0x6f0 [ 14.887832] ? trace_preempt_on+0x20/0xc0 [ 14.887855] ? __pfx_kthread+0x10/0x10 [ 14.887873] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.887906] ? calculate_sigpending+0x7b/0xa0 [ 14.887927] ? __pfx_kthread+0x10/0x10 [ 14.887946] ret_from_fork+0x41/0x80 [ 14.887967] ? __pfx_kthread+0x10/0x10 [ 14.887985] ret_from_fork_asm+0x1a/0x30 [ 14.888016] </TASK> [ 14.888026] [ 14.894701] Allocated by task 304: [ 14.894828] kasan_save_stack+0x45/0x70 [ 14.894983] kasan_save_track+0x18/0x40 [ 14.895162] kasan_save_alloc_info+0x3b/0x50 [ 14.895368] __kasan_kmalloc+0xb7/0xc0 [ 14.895559] __kmalloc_noprof+0x1c9/0x500 [ 14.895734] kunit_kmalloc_array+0x25/0x60 [ 14.895889] copy_user_test_oob+0xab/0x10f0 [ 14.896031] kunit_try_run_case+0x1a5/0x480 [ 14.896171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.896648] kthread+0x337/0x6f0 [ 14.896825] ret_from_fork+0x41/0x80 [ 14.897020] ret_from_fork_asm+0x1a/0x30 [ 14.897221] [ 14.897316] The buggy address belongs to the object at ffff888103a34500 [ 14.897316] which belongs to the cache kmalloc-128 of size 128 [ 14.897785] The buggy address is located 0 bytes inside of [ 14.897785] allocated 120-byte region [ffff888103a34500, ffff888103a34578) [ 14.898248] [ 14.898337] The buggy address belongs to the physical page: [ 14.898541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a34 [ 14.898781] flags: 0x200000000000000(node=0|zone=2) [ 14.898952] page_type: f5(slab) [ 14.899081] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.899588] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.899936] page dumped because: kasan: bad access detected [ 14.900187] [ 14.900281] Memory state around the buggy address: [ 14.900434] ffff888103a34400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.900648] ffff888103a34480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.901098] >ffff888103a34500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.901420] ^ [ 14.901744] ffff888103a34580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.901979] ffff888103a34600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.902190] ================================================================== [ 14.919609] ================================================================== [ 14.920305] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 14.921504] Write of size 121 at addr ffff888103a34500 by task kunit_try_catch/304 [ 14.921747] [ 14.921836] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 14.921893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.921905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.921926] Call Trace: [ 14.921938] <TASK> [ 14.921952] dump_stack_lvl+0x73/0xb0 [ 14.921978] print_report+0xd1/0x610 [ 14.922001] ? __virt_addr_valid+0x1db/0x2d0 [ 14.922024] ? copy_user_test_oob+0x557/0x10f0 [ 14.922043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.922066] ? copy_user_test_oob+0x557/0x10f0 [ 14.922087] kasan_report+0x141/0x180 [ 14.922110] ? copy_user_test_oob+0x557/0x10f0 [ 14.922136] kasan_check_range+0x10c/0x1c0 [ 14.922156] __kasan_check_write+0x18/0x20 [ 14.922176] copy_user_test_oob+0x557/0x10f0 [ 14.922198] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.922218] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.922247] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.922272] kunit_try_run_case+0x1a5/0x480 [ 14.922293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.922311] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.922335] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.922360] ? __kthread_parkme+0x82/0x180 [ 14.922382] ? preempt_count_sub+0x50/0x80 [ 14.922407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.922427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.922451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.922475] kthread+0x337/0x6f0 [ 14.922493] ? trace_preempt_on+0x20/0xc0 [ 14.922518] ? __pfx_kthread+0x10/0x10 [ 14.922537] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.922559] ? calculate_sigpending+0x7b/0xa0 [ 14.922580] ? __pfx_kthread+0x10/0x10 [ 14.922598] ret_from_fork+0x41/0x80 [ 14.922621] ? __pfx_kthread+0x10/0x10 [ 14.922639] ret_from_fork_asm+0x1a/0x30 [ 14.922670] </TASK> [ 14.922681] [ 14.930485] Allocated by task 304: [ 14.930836] kasan_save_stack+0x45/0x70 [ 14.931196] kasan_save_track+0x18/0x40 [ 14.931397] kasan_save_alloc_info+0x3b/0x50 [ 14.931605] __kasan_kmalloc+0xb7/0xc0 [ 14.931759] __kmalloc_noprof+0x1c9/0x500 [ 14.932004] kunit_kmalloc_array+0x25/0x60 [ 14.932198] copy_user_test_oob+0xab/0x10f0 [ 14.932374] kunit_try_run_case+0x1a5/0x480 [ 14.932563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.932753] kthread+0x337/0x6f0 [ 14.932871] ret_from_fork+0x41/0x80 [ 14.933064] ret_from_fork_asm+0x1a/0x30 [ 14.933278] [ 14.933377] The buggy address belongs to the object at ffff888103a34500 [ 14.933377] which belongs to the cache kmalloc-128 of size 128 [ 14.933838] The buggy address is located 0 bytes inside of [ 14.933838] allocated 120-byte region [ffff888103a34500, ffff888103a34578) [ 14.934295] [ 14.934393] The buggy address belongs to the physical page: [ 14.934617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a34 [ 14.934998] flags: 0x200000000000000(node=0|zone=2) [ 14.935212] page_type: f5(slab) [ 14.935332] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.935598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.935945] page dumped because: kasan: bad access detected [ 14.936271] [ 14.936341] Memory state around the buggy address: [ 14.936495] ffff888103a34400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.936805] ffff888103a34480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.937152] >ffff888103a34500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.937467] ^ [ 14.937742] ffff888103a34580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.938013] ffff888103a34600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.938241] ================================================================== [ 14.938780] ================================================================== [ 14.939530] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 14.940254] Read of size 121 at addr ffff888103a34500 by task kunit_try_catch/304 [ 14.940549] [ 14.940656] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 14.940700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.940713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.940732] Call Trace: [ 14.940747] <TASK> [ 14.940762] dump_stack_lvl+0x73/0xb0 [ 14.940787] print_report+0xd1/0x610 [ 14.941063] ? __virt_addr_valid+0x1db/0x2d0 [ 14.941095] ? copy_user_test_oob+0x604/0x10f0 [ 14.941117] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.941148] ? copy_user_test_oob+0x604/0x10f0 [ 14.941168] kasan_report+0x141/0x180 [ 14.941192] ? copy_user_test_oob+0x604/0x10f0 [ 14.941257] kasan_check_range+0x10c/0x1c0 [ 14.941278] __kasan_check_read+0x15/0x20 [ 14.941298] copy_user_test_oob+0x604/0x10f0 [ 14.941320] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.941339] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.941367] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.941392] kunit_try_run_case+0x1a5/0x480 [ 14.941413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.941432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.941456] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.941480] ? __kthread_parkme+0x82/0x180 [ 14.941501] ? preempt_count_sub+0x50/0x80 [ 14.941527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.941547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.941571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.941594] kthread+0x337/0x6f0 [ 14.941611] ? trace_preempt_on+0x20/0xc0 [ 14.941634] ? __pfx_kthread+0x10/0x10 [ 14.941652] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.941674] ? calculate_sigpending+0x7b/0xa0 [ 14.941696] ? __pfx_kthread+0x10/0x10 [ 14.941715] ret_from_fork+0x41/0x80 [ 14.941735] ? __pfx_kthread+0x10/0x10 [ 14.941754] ret_from_fork_asm+0x1a/0x30 [ 14.941785] </TASK> [ 14.941796] [ 14.952069] Allocated by task 304: [ 14.952365] kasan_save_stack+0x45/0x70 [ 14.952566] kasan_save_track+0x18/0x40 [ 14.952748] kasan_save_alloc_info+0x3b/0x50 [ 14.953189] __kasan_kmalloc+0xb7/0xc0 [ 14.953567] __kmalloc_noprof+0x1c9/0x500 [ 14.953963] kunit_kmalloc_array+0x25/0x60 [ 14.954176] copy_user_test_oob+0xab/0x10f0 [ 14.954368] kunit_try_run_case+0x1a5/0x480 [ 14.954552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.954779] kthread+0x337/0x6f0 [ 14.955188] ret_from_fork+0x41/0x80 [ 14.955553] ret_from_fork_asm+0x1a/0x30 [ 14.955875] [ 14.956083] The buggy address belongs to the object at ffff888103a34500 [ 14.956083] which belongs to the cache kmalloc-128 of size 128 [ 14.956744] The buggy address is located 0 bytes inside of [ 14.956744] allocated 120-byte region [ffff888103a34500, ffff888103a34578) [ 14.957936] [ 14.958046] The buggy address belongs to the physical page: [ 14.958457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a34 [ 14.959141] flags: 0x200000000000000(node=0|zone=2) [ 14.959542] page_type: f5(slab) [ 14.959830] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.960172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.960481] page dumped because: kasan: bad access detected [ 14.960708] [ 14.960794] Memory state around the buggy address: [ 14.961261] ffff888103a34400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.961746] ffff888103a34480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.962232] >ffff888103a34500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.962840] ^ [ 14.963227] ffff888103a34580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.963525] ffff888103a34600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.964029] ==================================================================