Date
July 22, 2025, 2:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.372817] ================================================================== [ 20.372884] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.372940] Write of size 121 at addr fff00000c6fc5700 by task kunit_try_catch/287 [ 20.372997] [ 20.373031] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.373133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.373184] Hardware name: linux,dummy-virt (DT) [ 20.373224] Call trace: [ 20.373251] show_stack+0x20/0x38 (C) [ 20.373324] dump_stack_lvl+0x8c/0xd0 [ 20.373379] print_report+0x118/0x5d0 [ 20.373439] kasan_report+0xdc/0x128 [ 20.373487] kasan_check_range+0x100/0x1a8 [ 20.373543] __kasan_check_write+0x20/0x30 [ 20.373596] copy_user_test_oob+0x35c/0xec8 [ 20.373645] kunit_try_run_case+0x170/0x3f0 [ 20.373696] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.373759] kthread+0x328/0x630 [ 20.373806] ret_from_fork+0x10/0x20 [ 20.373867] [ 20.373891] Allocated by task 287: [ 20.373929] kasan_save_stack+0x3c/0x68 [ 20.373982] kasan_save_track+0x20/0x40 [ 20.374031] kasan_save_alloc_info+0x40/0x58 [ 20.374074] __kasan_kmalloc+0xd4/0xd8 [ 20.374117] __kmalloc_noprof+0x198/0x4c8 [ 20.374160] kunit_kmalloc_array+0x34/0x88 [ 20.374201] copy_user_test_oob+0xac/0xec8 [ 20.374241] kunit_try_run_case+0x170/0x3f0 [ 20.374292] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.375423] kthread+0x328/0x630 [ 20.375649] ret_from_fork+0x10/0x20 [ 20.375700] [ 20.375749] The buggy address belongs to the object at fff00000c6fc5700 [ 20.375749] which belongs to the cache kmalloc-128 of size 128 [ 20.376091] The buggy address is located 0 bytes inside of [ 20.376091] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.376407] [ 20.376662] The buggy address belongs to the physical page: [ 20.376739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.376896] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.377092] page_type: f5(slab) [ 20.377200] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.377582] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.378349] page dumped because: kasan: bad access detected [ 20.378425] [ 20.378465] Memory state around the buggy address: [ 20.378764] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.378831] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.379100] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.379475] ^ [ 20.380255] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.380467] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.380696] ================================================================== [ 20.335887] ================================================================== [ 20.336591] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.336968] Write of size 121 at addr fff00000c6fc5700 by task kunit_try_catch/287 [ 20.337040] [ 20.337090] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.337823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.337881] Hardware name: linux,dummy-virt (DT) [ 20.337926] Call trace: [ 20.338023] show_stack+0x20/0x38 (C) [ 20.338353] dump_stack_lvl+0x8c/0xd0 [ 20.338503] print_report+0x118/0x5d0 [ 20.338597] kasan_report+0xdc/0x128 [ 20.338741] kasan_check_range+0x100/0x1a8 [ 20.338798] __kasan_check_write+0x20/0x30 [ 20.339041] copy_user_test_oob+0x234/0xec8 [ 20.339204] kunit_try_run_case+0x170/0x3f0 [ 20.339362] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.339497] kthread+0x328/0x630 [ 20.339592] ret_from_fork+0x10/0x20 [ 20.339946] [ 20.339996] Allocated by task 287: [ 20.340074] kasan_save_stack+0x3c/0x68 [ 20.340171] kasan_save_track+0x20/0x40 [ 20.340343] kasan_save_alloc_info+0x40/0x58 [ 20.340425] __kasan_kmalloc+0xd4/0xd8 [ 20.340464] __kmalloc_noprof+0x198/0x4c8 [ 20.340822] kunit_kmalloc_array+0x34/0x88 [ 20.341240] copy_user_test_oob+0xac/0xec8 [ 20.341598] kunit_try_run_case+0x170/0x3f0 [ 20.341724] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.341905] kthread+0x328/0x630 [ 20.342067] ret_from_fork+0x10/0x20 [ 20.342168] [ 20.342239] The buggy address belongs to the object at fff00000c6fc5700 [ 20.342239] which belongs to the cache kmalloc-128 of size 128 [ 20.342402] The buggy address is located 0 bytes inside of [ 20.342402] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.342773] [ 20.342877] The buggy address belongs to the physical page: [ 20.342966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.343124] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.343214] page_type: f5(slab) [ 20.343266] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.343327] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.343370] page dumped because: kasan: bad access detected [ 20.343405] [ 20.343798] Memory state around the buggy address: [ 20.343855] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.344055] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.344301] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.344371] ^ [ 20.344548] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.344709] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.344753] ================================================================== [ 20.352244] ================================================================== [ 20.352323] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.352377] Read of size 121 at addr fff00000c6fc5700 by task kunit_try_catch/287 [ 20.352433] [ 20.352468] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.352569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.352603] Hardware name: linux,dummy-virt (DT) [ 20.352643] Call trace: [ 20.352692] show_stack+0x20/0x38 (C) [ 20.352753] dump_stack_lvl+0x8c/0xd0 [ 20.352806] print_report+0x118/0x5d0 [ 20.352864] kasan_report+0xdc/0x128 [ 20.352911] kasan_check_range+0x100/0x1a8 [ 20.352968] __kasan_check_read+0x20/0x30 [ 20.353021] copy_user_test_oob+0x728/0xec8 [ 20.353070] kunit_try_run_case+0x170/0x3f0 [ 20.353122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.353176] kthread+0x328/0x630 [ 20.353223] ret_from_fork+0x10/0x20 [ 20.354869] [ 20.354975] Allocated by task 287: [ 20.355087] kasan_save_stack+0x3c/0x68 [ 20.355184] kasan_save_track+0x20/0x40 [ 20.355295] kasan_save_alloc_info+0x40/0x58 [ 20.355382] __kasan_kmalloc+0xd4/0xd8 [ 20.355729] __kmalloc_noprof+0x198/0x4c8 [ 20.355831] kunit_kmalloc_array+0x34/0x88 [ 20.355928] copy_user_test_oob+0xac/0xec8 [ 20.356031] kunit_try_run_case+0x170/0x3f0 [ 20.356118] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.356213] kthread+0x328/0x630 [ 20.356526] ret_from_fork+0x10/0x20 [ 20.356636] [ 20.356703] The buggy address belongs to the object at fff00000c6fc5700 [ 20.356703] which belongs to the cache kmalloc-128 of size 128 [ 20.356816] The buggy address is located 0 bytes inside of [ 20.356816] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.357243] [ 20.357510] The buggy address belongs to the physical page: [ 20.357551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.357648] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.358022] page_type: f5(slab) [ 20.358359] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.358542] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.359027] page dumped because: kasan: bad access detected [ 20.359356] [ 20.359490] Memory state around the buggy address: [ 20.359622] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.359699] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.360018] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.360246] ^ [ 20.360318] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.361000] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.361152] ================================================================== [ 20.396250] ================================================================== [ 20.396325] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.396381] Write of size 121 at addr fff00000c6fc5700 by task kunit_try_catch/287 [ 20.396455] [ 20.396491] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.396605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.396647] Hardware name: linux,dummy-virt (DT) [ 20.396684] Call trace: [ 20.396708] show_stack+0x20/0x38 (C) [ 20.396760] dump_stack_lvl+0x8c/0xd0 [ 20.396828] print_report+0x118/0x5d0 [ 20.396877] kasan_report+0xdc/0x128 [ 20.396926] kasan_check_range+0x100/0x1a8 [ 20.396982] __kasan_check_write+0x20/0x30 [ 20.397033] copy_user_test_oob+0x434/0xec8 [ 20.397082] kunit_try_run_case+0x170/0x3f0 [ 20.397133] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.397189] kthread+0x328/0x630 [ 20.397242] ret_from_fork+0x10/0x20 [ 20.397303] [ 20.397741] Allocated by task 287: [ 20.397788] kasan_save_stack+0x3c/0x68 [ 20.397869] kasan_save_track+0x20/0x40 [ 20.397912] kasan_save_alloc_info+0x40/0x58 [ 20.398381] __kasan_kmalloc+0xd4/0xd8 [ 20.398441] __kmalloc_noprof+0x198/0x4c8 [ 20.398484] kunit_kmalloc_array+0x34/0x88 [ 20.398773] copy_user_test_oob+0xac/0xec8 [ 20.398848] kunit_try_run_case+0x170/0x3f0 [ 20.399205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.399586] kthread+0x328/0x630 [ 20.399881] ret_from_fork+0x10/0x20 [ 20.399989] [ 20.400147] The buggy address belongs to the object at fff00000c6fc5700 [ 20.400147] which belongs to the cache kmalloc-128 of size 128 [ 20.400432] The buggy address is located 0 bytes inside of [ 20.400432] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.400762] [ 20.400808] The buggy address belongs to the physical page: [ 20.400934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.401117] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.401175] page_type: f5(slab) [ 20.401468] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.401643] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.401852] page dumped because: kasan: bad access detected [ 20.402008] [ 20.402037] Memory state around the buggy address: [ 20.402245] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.402424] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.402751] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.402821] ^ [ 20.402870] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.402919] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.402962] ================================================================== [ 20.404713] ================================================================== [ 20.404775] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.404827] Read of size 121 at addr fff00000c6fc5700 by task kunit_try_catch/287 [ 20.404884] [ 20.404919] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.405021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.405425] Hardware name: linux,dummy-virt (DT) [ 20.405728] Call trace: [ 20.405888] show_stack+0x20/0x38 (C) [ 20.405986] dump_stack_lvl+0x8c/0xd0 [ 20.406047] print_report+0x118/0x5d0 [ 20.406505] kasan_report+0xdc/0x128 [ 20.406667] kasan_check_range+0x100/0x1a8 [ 20.406902] __kasan_check_read+0x20/0x30 [ 20.407149] copy_user_test_oob+0x4a0/0xec8 [ 20.407722] kunit_try_run_case+0x170/0x3f0 [ 20.407966] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.408177] kthread+0x328/0x630 [ 20.408369] ret_from_fork+0x10/0x20 [ 20.408705] [ 20.408928] Allocated by task 287: [ 20.409015] kasan_save_stack+0x3c/0x68 [ 20.409212] kasan_save_track+0x20/0x40 [ 20.409310] kasan_save_alloc_info+0x40/0x58 [ 20.409355] __kasan_kmalloc+0xd4/0xd8 [ 20.409404] __kmalloc_noprof+0x198/0x4c8 [ 20.409785] kunit_kmalloc_array+0x34/0x88 [ 20.410056] copy_user_test_oob+0xac/0xec8 [ 20.410247] kunit_try_run_case+0x170/0x3f0 [ 20.410404] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.410525] kthread+0x328/0x630 [ 20.410568] ret_from_fork+0x10/0x20 [ 20.410622] [ 20.411056] The buggy address belongs to the object at fff00000c6fc5700 [ 20.411056] which belongs to the cache kmalloc-128 of size 128 [ 20.411490] The buggy address is located 0 bytes inside of [ 20.411490] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.411666] [ 20.411726] The buggy address belongs to the physical page: [ 20.411770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.411849] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.411908] page_type: f5(slab) [ 20.412168] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.412549] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.412769] page dumped because: kasan: bad access detected [ 20.412820] [ 20.413188] Memory state around the buggy address: [ 20.413311] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.413543] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.413597] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.414029] ^ [ 20.414408] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.414469] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.414791] ================================================================== [ 20.382249] ================================================================== [ 20.382316] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.382809] Read of size 121 at addr fff00000c6fc5700 by task kunit_try_catch/287 [ 20.382930] [ 20.382977] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.383476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.383788] Hardware name: linux,dummy-virt (DT) [ 20.383843] Call trace: [ 20.384114] show_stack+0x20/0x38 (C) [ 20.384501] dump_stack_lvl+0x8c/0xd0 [ 20.384615] print_report+0x118/0x5d0 [ 20.384710] kasan_report+0xdc/0x128 [ 20.385092] kasan_check_range+0x100/0x1a8 [ 20.385187] __kasan_check_read+0x20/0x30 [ 20.385428] copy_user_test_oob+0x3c8/0xec8 [ 20.385506] kunit_try_run_case+0x170/0x3f0 [ 20.385716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.385977] kthread+0x328/0x630 [ 20.386289] ret_from_fork+0x10/0x20 [ 20.387210] [ 20.387268] Allocated by task 287: [ 20.387420] kasan_save_stack+0x3c/0x68 [ 20.387646] kasan_save_track+0x20/0x40 [ 20.387858] kasan_save_alloc_info+0x40/0x58 [ 20.387950] __kasan_kmalloc+0xd4/0xd8 [ 20.388065] __kmalloc_noprof+0x198/0x4c8 [ 20.388212] kunit_kmalloc_array+0x34/0x88 [ 20.388346] copy_user_test_oob+0xac/0xec8 [ 20.388391] kunit_try_run_case+0x170/0x3f0 [ 20.388472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.388863] kthread+0x328/0x630 [ 20.389488] ret_from_fork+0x10/0x20 [ 20.389592] [ 20.389636] The buggy address belongs to the object at fff00000c6fc5700 [ 20.389636] which belongs to the cache kmalloc-128 of size 128 [ 20.389859] The buggy address is located 0 bytes inside of [ 20.389859] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.390083] [ 20.390139] The buggy address belongs to the physical page: [ 20.390185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.390455] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.390765] page_type: f5(slab) [ 20.390837] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.391260] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.391582] page dumped because: kasan: bad access detected [ 20.391768] [ 20.391849] Memory state around the buggy address: [ 20.391889] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.391965] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.392234] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.392421] ^ [ 20.392669] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.392805] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.393020] ==================================================================
[ 15.150617] ================================================================== [ 15.151000] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.151325] Read of size 121 at addr ffff888103cfcc00 by task kunit_try_catch/305 [ 15.151611] [ 15.151735] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 15.151780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.151792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.151813] Call Trace: [ 15.151829] <TASK> [ 15.151847] dump_stack_lvl+0x73/0xb0 [ 15.151884] print_report+0xd1/0x610 [ 15.151907] ? __virt_addr_valid+0x1db/0x2d0 [ 15.151930] ? copy_user_test_oob+0x604/0x10f0 [ 15.151961] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.151984] ? copy_user_test_oob+0x604/0x10f0 [ 15.152005] kasan_report+0x141/0x180 [ 15.152028] ? copy_user_test_oob+0x604/0x10f0 [ 15.152054] kasan_check_range+0x10c/0x1c0 [ 15.152075] __kasan_check_read+0x15/0x20 [ 15.152096] copy_user_test_oob+0x604/0x10f0 [ 15.152118] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.152138] ? finish_task_switch.isra.0+0x153/0x700 [ 15.152163] ? __switch_to+0x5d9/0xf60 [ 15.152183] ? dequeue_task_fair+0x166/0x4e0 [ 15.152208] ? __schedule+0x10c6/0x2b60 [ 15.152242] ? __pfx_read_tsc+0x10/0x10 [ 15.152272] ? ktime_get_ts64+0x86/0x230 [ 15.152298] kunit_try_run_case+0x1a5/0x480 [ 15.152320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.152377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.152398] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.152434] ? __kthread_parkme+0x82/0x180 [ 15.152456] ? preempt_count_sub+0x50/0x80 [ 15.152481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.152502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.152527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.152551] kthread+0x337/0x6f0 [ 15.152568] ? trace_preempt_on+0x20/0xc0 [ 15.152600] ? __pfx_kthread+0x10/0x10 [ 15.152619] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.152641] ? calculate_sigpending+0x7b/0xa0 [ 15.152673] ? __pfx_kthread+0x10/0x10 [ 15.152692] ret_from_fork+0x41/0x80 [ 15.152713] ? __pfx_kthread+0x10/0x10 [ 15.152731] ret_from_fork_asm+0x1a/0x30 [ 15.152772] </TASK> [ 15.152783] [ 15.160290] Allocated by task 305: [ 15.160495] kasan_save_stack+0x45/0x70 [ 15.160699] kasan_save_track+0x18/0x40 [ 15.160880] kasan_save_alloc_info+0x3b/0x50 [ 15.161094] __kasan_kmalloc+0xb7/0xc0 [ 15.161247] __kmalloc_noprof+0x1c9/0x500 [ 15.161413] kunit_kmalloc_array+0x25/0x60 [ 15.161626] copy_user_test_oob+0xab/0x10f0 [ 15.161830] kunit_try_run_case+0x1a5/0x480 [ 15.162031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.162295] kthread+0x337/0x6f0 [ 15.162467] ret_from_fork+0x41/0x80 [ 15.162608] ret_from_fork_asm+0x1a/0x30 [ 15.162803] [ 15.162898] The buggy address belongs to the object at ffff888103cfcc00 [ 15.162898] which belongs to the cache kmalloc-128 of size 128 [ 15.163443] The buggy address is located 0 bytes inside of [ 15.163443] allocated 120-byte region [ffff888103cfcc00, ffff888103cfcc78) [ 15.163933] [ 15.164006] The buggy address belongs to the physical page: [ 15.164179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cfc [ 15.164455] flags: 0x200000000000000(node=0|zone=2) [ 15.164618] page_type: f5(slab) [ 15.164741] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.165112] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.165484] page dumped because: kasan: bad access detected [ 15.165736] [ 15.165830] Memory state around the buggy address: [ 15.166083] ffff888103cfcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.166436] ffff888103cfcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.166766] >ffff888103cfcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.166995] ^ [ 15.167208] ffff888103cfcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.167457] ffff888103cfcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.167778] ================================================================== [ 15.113597] ================================================================== [ 15.113988] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.114297] Read of size 121 at addr ffff888103cfcc00 by task kunit_try_catch/305 [ 15.114611] [ 15.114698] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 15.114740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.114752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.114774] Call Trace: [ 15.114789] <TASK> [ 15.114803] dump_stack_lvl+0x73/0xb0 [ 15.114829] print_report+0xd1/0x610 [ 15.114852] ? __virt_addr_valid+0x1db/0x2d0 [ 15.114875] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.114895] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.114919] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.114951] kasan_report+0x141/0x180 [ 15.114975] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.115011] kasan_check_range+0x10c/0x1c0 [ 15.115032] __kasan_check_read+0x15/0x20 [ 15.115053] copy_user_test_oob+0x4aa/0x10f0 [ 15.115076] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.115096] ? finish_task_switch.isra.0+0x153/0x700 [ 15.115120] ? __switch_to+0x5d9/0xf60 [ 15.115142] ? dequeue_task_fair+0x166/0x4e0 [ 15.115167] ? __schedule+0x10c6/0x2b60 [ 15.115192] ? __pfx_read_tsc+0x10/0x10 [ 15.115213] ? ktime_get_ts64+0x86/0x230 [ 15.115248] kunit_try_run_case+0x1a5/0x480 [ 15.115270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.115290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.115311] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.115336] ? __kthread_parkme+0x82/0x180 [ 15.115377] ? preempt_count_sub+0x50/0x80 [ 15.115402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.115423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.115447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.115471] kthread+0x337/0x6f0 [ 15.115489] ? trace_preempt_on+0x20/0xc0 [ 15.115513] ? __pfx_kthread+0x10/0x10 [ 15.115531] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.115554] ? calculate_sigpending+0x7b/0xa0 [ 15.115575] ? __pfx_kthread+0x10/0x10 [ 15.115604] ret_from_fork+0x41/0x80 [ 15.115625] ? __pfx_kthread+0x10/0x10 [ 15.115643] ret_from_fork_asm+0x1a/0x30 [ 15.115692] </TASK> [ 15.115704] [ 15.123271] Allocated by task 305: [ 15.123424] kasan_save_stack+0x45/0x70 [ 15.123613] kasan_save_track+0x18/0x40 [ 15.123816] kasan_save_alloc_info+0x3b/0x50 [ 15.123990] __kasan_kmalloc+0xb7/0xc0 [ 15.124153] __kmalloc_noprof+0x1c9/0x500 [ 15.124406] kunit_kmalloc_array+0x25/0x60 [ 15.124578] copy_user_test_oob+0xab/0x10f0 [ 15.124780] kunit_try_run_case+0x1a5/0x480 [ 15.124958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.125208] kthread+0x337/0x6f0 [ 15.125337] ret_from_fork+0x41/0x80 [ 15.125489] ret_from_fork_asm+0x1a/0x30 [ 15.125628] [ 15.125697] The buggy address belongs to the object at ffff888103cfcc00 [ 15.125697] which belongs to the cache kmalloc-128 of size 128 [ 15.126051] The buggy address is located 0 bytes inside of [ 15.126051] allocated 120-byte region [ffff888103cfcc00, ffff888103cfcc78) [ 15.126580] [ 15.126690] The buggy address belongs to the physical page: [ 15.126986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cfc [ 15.127424] flags: 0x200000000000000(node=0|zone=2) [ 15.127693] page_type: f5(slab) [ 15.127845] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.128078] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.128313] page dumped because: kasan: bad access detected [ 15.128508] [ 15.128603] Memory state around the buggy address: [ 15.128829] ffff888103cfcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.129173] ffff888103cfcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.129527] >ffff888103cfcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.129861] ^ [ 15.130178] ffff888103cfcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.130510] ffff888103cfcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.130828] ================================================================== [ 15.131337] ================================================================== [ 15.131612] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.131942] Write of size 121 at addr ffff888103cfcc00 by task kunit_try_catch/305 [ 15.132181] [ 15.132307] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 15.132369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.132382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.132406] Call Trace: [ 15.132422] <TASK> [ 15.132437] dump_stack_lvl+0x73/0xb0 [ 15.132463] print_report+0xd1/0x610 [ 15.132486] ? __virt_addr_valid+0x1db/0x2d0 [ 15.132509] ? copy_user_test_oob+0x557/0x10f0 [ 15.132528] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.132552] ? copy_user_test_oob+0x557/0x10f0 [ 15.132573] kasan_report+0x141/0x180 [ 15.132596] ? copy_user_test_oob+0x557/0x10f0 [ 15.132622] kasan_check_range+0x10c/0x1c0 [ 15.132643] __kasan_check_write+0x18/0x20 [ 15.132663] copy_user_test_oob+0x557/0x10f0 [ 15.132686] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.132706] ? finish_task_switch.isra.0+0x153/0x700 [ 15.132731] ? __switch_to+0x5d9/0xf60 [ 15.132753] ? dequeue_task_fair+0x166/0x4e0 [ 15.132778] ? __schedule+0x10c6/0x2b60 [ 15.132802] ? __pfx_read_tsc+0x10/0x10 [ 15.132823] ? ktime_get_ts64+0x86/0x230 [ 15.132850] kunit_try_run_case+0x1a5/0x480 [ 15.132872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.132903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.132929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.132954] ? __kthread_parkme+0x82/0x180 [ 15.132989] ? preempt_count_sub+0x50/0x80 [ 15.133014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.133035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.133060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.133084] kthread+0x337/0x6f0 [ 15.133101] ? trace_preempt_on+0x20/0xc0 [ 15.133126] ? __pfx_kthread+0x10/0x10 [ 15.133144] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.133166] ? calculate_sigpending+0x7b/0xa0 [ 15.133188] ? __pfx_kthread+0x10/0x10 [ 15.133207] ret_from_fork+0x41/0x80 [ 15.133236] ? __pfx_kthread+0x10/0x10 [ 15.133255] ret_from_fork_asm+0x1a/0x30 [ 15.133286] </TASK> [ 15.133298] [ 15.140719] Allocated by task 305: [ 15.140845] kasan_save_stack+0x45/0x70 [ 15.140995] kasan_save_track+0x18/0x40 [ 15.141187] kasan_save_alloc_info+0x3b/0x50 [ 15.141448] __kasan_kmalloc+0xb7/0xc0 [ 15.141635] __kmalloc_noprof+0x1c9/0x500 [ 15.141832] kunit_kmalloc_array+0x25/0x60 [ 15.142029] copy_user_test_oob+0xab/0x10f0 [ 15.142253] kunit_try_run_case+0x1a5/0x480 [ 15.142481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.142732] kthread+0x337/0x6f0 [ 15.142883] ret_from_fork+0x41/0x80 [ 15.143014] ret_from_fork_asm+0x1a/0x30 [ 15.143153] [ 15.143917] The buggy address belongs to the object at ffff888103cfcc00 [ 15.143917] which belongs to the cache kmalloc-128 of size 128 [ 15.144562] The buggy address is located 0 bytes inside of [ 15.144562] allocated 120-byte region [ffff888103cfcc00, ffff888103cfcc78) [ 15.145100] [ 15.145196] The buggy address belongs to the physical page: [ 15.146174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cfc [ 15.146532] flags: 0x200000000000000(node=0|zone=2) [ 15.146758] page_type: f5(slab) [ 15.146919] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.147249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.147505] page dumped because: kasan: bad access detected [ 15.147740] [ 15.147858] Memory state around the buggy address: [ 15.148118] ffff888103cfcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.148513] ffff888103cfcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.148835] >ffff888103cfcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.149132] ^ [ 15.149455] ffff888103cfcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.149763] ffff888103cfcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.150030] ================================================================== [ 15.094729] ================================================================== [ 15.095420] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.096080] Write of size 121 at addr ffff888103cfcc00 by task kunit_try_catch/305 [ 15.096765] [ 15.096962] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 15.097018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.097030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.097052] Call Trace: [ 15.097067] <TASK> [ 15.097095] dump_stack_lvl+0x73/0xb0 [ 15.097122] print_report+0xd1/0x610 [ 15.097146] ? __virt_addr_valid+0x1db/0x2d0 [ 15.097169] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.097189] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.097213] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.097242] kasan_report+0x141/0x180 [ 15.097266] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.097300] kasan_check_range+0x10c/0x1c0 [ 15.097322] __kasan_check_write+0x18/0x20 [ 15.097368] copy_user_test_oob+0x3fd/0x10f0 [ 15.097391] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.097411] ? finish_task_switch.isra.0+0x153/0x700 [ 15.097437] ? __switch_to+0x5d9/0xf60 [ 15.097459] ? dequeue_task_fair+0x166/0x4e0 [ 15.097484] ? __schedule+0x10c6/0x2b60 [ 15.097509] ? __pfx_read_tsc+0x10/0x10 [ 15.097529] ? ktime_get_ts64+0x86/0x230 [ 15.097556] kunit_try_run_case+0x1a5/0x480 [ 15.097578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.097597] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.097620] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.097645] ? __kthread_parkme+0x82/0x180 [ 15.097667] ? preempt_count_sub+0x50/0x80 [ 15.097692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.097714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.097739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.097763] kthread+0x337/0x6f0 [ 15.097780] ? trace_preempt_on+0x20/0xc0 [ 15.097805] ? __pfx_kthread+0x10/0x10 [ 15.097825] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.097849] ? calculate_sigpending+0x7b/0xa0 [ 15.097872] ? __pfx_kthread+0x10/0x10 [ 15.097890] ret_from_fork+0x41/0x80 [ 15.097912] ? __pfx_kthread+0x10/0x10 [ 15.097930] ret_from_fork_asm+0x1a/0x30 [ 15.097962] </TASK> [ 15.097973] [ 15.105174] Allocated by task 305: [ 15.105388] kasan_save_stack+0x45/0x70 [ 15.105603] kasan_save_track+0x18/0x40 [ 15.105794] kasan_save_alloc_info+0x3b/0x50 [ 15.105999] __kasan_kmalloc+0xb7/0xc0 [ 15.106185] __kmalloc_noprof+0x1c9/0x500 [ 15.106417] kunit_kmalloc_array+0x25/0x60 [ 15.106644] copy_user_test_oob+0xab/0x10f0 [ 15.106827] kunit_try_run_case+0x1a5/0x480 [ 15.106971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.107183] kthread+0x337/0x6f0 [ 15.107383] ret_from_fork+0x41/0x80 [ 15.107594] ret_from_fork_asm+0x1a/0x30 [ 15.107792] [ 15.107885] The buggy address belongs to the object at ffff888103cfcc00 [ 15.107885] which belongs to the cache kmalloc-128 of size 128 [ 15.108439] The buggy address is located 0 bytes inside of [ 15.108439] allocated 120-byte region [ffff888103cfcc00, ffff888103cfcc78) [ 15.108930] [ 15.109043] The buggy address belongs to the physical page: [ 15.109269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cfc [ 15.109641] flags: 0x200000000000000(node=0|zone=2) [ 15.109854] page_type: f5(slab) [ 15.110049] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.110399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.110724] page dumped because: kasan: bad access detected [ 15.110946] [ 15.111063] Memory state around the buggy address: [ 15.111245] ffff888103cfcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.111595] ffff888103cfcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.111908] >ffff888103cfcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.112125] ^ [ 15.112431] ffff888103cfcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.112772] ffff888103cfcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.113090] ==================================================================