Date
March 19, 2025, 10:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.832123] ================================================================== [ 39.832386] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 39.832971] Read of size 121 at addr fff00000c5dbd000 by task kunit_try_catch/287 [ 39.833161] [ 39.833257] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.833996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.834116] Hardware name: linux,dummy-virt (DT) [ 39.834998] Call trace: [ 39.835134] show_stack+0x20/0x38 (C) [ 39.835668] dump_stack_lvl+0x8c/0xd0 [ 39.835847] print_report+0x118/0x5f0 [ 39.836479] kasan_report+0xc8/0x118 [ 39.836935] kasan_check_range+0x100/0x1a8 [ 39.837114] __kasan_check_read+0x20/0x30 [ 39.837276] copy_user_test_oob+0x3c8/0xec0 [ 39.837430] kunit_try_run_case+0x14c/0x3d0 [ 39.837582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.837752] kthread+0x318/0x618 [ 39.838384] ret_from_fork+0x10/0x20 [ 39.839592] [ 39.839904] Allocated by task 287: [ 39.840198] kasan_save_stack+0x3c/0x68 [ 39.840587] kasan_save_track+0x20/0x40 [ 39.840881] kasan_save_alloc_info+0x40/0x58 [ 39.841638] __kasan_kmalloc+0xd4/0xd8 [ 39.841847] __kmalloc_noprof+0x188/0x4c8 [ 39.842018] kunit_kmalloc_array+0x34/0x88 [ 39.842173] copy_user_test_oob+0xac/0xec0 [ 39.842759] kunit_try_run_case+0x14c/0x3d0 [ 39.843449] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.844011] kthread+0x318/0x618 [ 39.844743] ret_from_fork+0x10/0x20 [ 39.844885] [ 39.845070] The buggy address belongs to the object at fff00000c5dbd000 [ 39.845070] which belongs to the cache kmalloc-128 of size 128 [ 39.845383] The buggy address is located 0 bytes inside of [ 39.845383] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.846144] [ 39.846532] The buggy address belongs to the physical page: [ 39.847125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.847310] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.848037] page_type: f5(slab) [ 39.848208] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.848391] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.848542] page dumped because: kasan: bad access detected [ 39.848654] [ 39.848714] Memory state around the buggy address: [ 39.849385] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.850208] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.851001] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.851196] ^ [ 39.851341] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.851497] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.851633] ================================================================== [ 39.780418] ================================================================== [ 39.780569] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 39.780775] Read of size 121 at addr fff00000c5dbd000 by task kunit_try_catch/287 [ 39.780989] [ 39.781155] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.781340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.781460] Hardware name: linux,dummy-virt (DT) [ 39.781571] Call trace: [ 39.781642] show_stack+0x20/0x38 (C) [ 39.781902] dump_stack_lvl+0x8c/0xd0 [ 39.782079] print_report+0x118/0x5f0 [ 39.782370] kasan_report+0xc8/0x118 [ 39.782629] kasan_check_range+0x100/0x1a8 [ 39.782892] __kasan_check_read+0x20/0x30 [ 39.783172] copy_user_test_oob+0x728/0xec0 [ 39.783441] kunit_try_run_case+0x14c/0x3d0 [ 39.783697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.783977] kthread+0x318/0x618 [ 39.784143] ret_from_fork+0x10/0x20 [ 39.784440] [ 39.784518] Allocated by task 287: [ 39.784629] kasan_save_stack+0x3c/0x68 [ 39.784765] kasan_save_track+0x20/0x40 [ 39.784918] kasan_save_alloc_info+0x40/0x58 [ 39.785077] __kasan_kmalloc+0xd4/0xd8 [ 39.785265] __kmalloc_noprof+0x188/0x4c8 [ 39.785430] kunit_kmalloc_array+0x34/0x88 [ 39.785575] copy_user_test_oob+0xac/0xec0 [ 39.785732] kunit_try_run_case+0x14c/0x3d0 [ 39.785924] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.786134] kthread+0x318/0x618 [ 39.786287] ret_from_fork+0x10/0x20 [ 39.786444] [ 39.786552] The buggy address belongs to the object at fff00000c5dbd000 [ 39.786552] which belongs to the cache kmalloc-128 of size 128 [ 39.786753] The buggy address is located 0 bytes inside of [ 39.786753] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.786980] [ 39.787076] The buggy address belongs to the physical page: [ 39.787741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.787924] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.788116] page_type: f5(slab) [ 39.788255] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.788504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.788720] page dumped because: kasan: bad access detected [ 39.788881] [ 39.789020] Memory state around the buggy address: [ 39.789241] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.789409] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.789579] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.789718] ^ [ 39.789855] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.790010] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.790295] ================================================================== [ 39.810571] ================================================================== [ 39.811151] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 39.811399] Write of size 121 at addr fff00000c5dbd000 by task kunit_try_catch/287 [ 39.811694] [ 39.811803] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.812618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.812816] Hardware name: linux,dummy-virt (DT) [ 39.812963] Call trace: [ 39.813192] show_stack+0x20/0x38 (C) [ 39.813460] dump_stack_lvl+0x8c/0xd0 [ 39.813639] print_report+0x118/0x5f0 [ 39.814097] kasan_report+0xc8/0x118 [ 39.814550] kasan_check_range+0x100/0x1a8 [ 39.814758] __kasan_check_write+0x20/0x30 [ 39.814937] copy_user_test_oob+0x35c/0xec0 [ 39.815125] kunit_try_run_case+0x14c/0x3d0 [ 39.815286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.815568] kthread+0x318/0x618 [ 39.815826] ret_from_fork+0x10/0x20 [ 39.816664] [ 39.816855] Allocated by task 287: [ 39.816982] kasan_save_stack+0x3c/0x68 [ 39.817138] kasan_save_track+0x20/0x40 [ 39.817266] kasan_save_alloc_info+0x40/0x58 [ 39.817396] __kasan_kmalloc+0xd4/0xd8 [ 39.817523] __kmalloc_noprof+0x188/0x4c8 [ 39.817636] kunit_kmalloc_array+0x34/0x88 [ 39.818214] copy_user_test_oob+0xac/0xec0 [ 39.818499] kunit_try_run_case+0x14c/0x3d0 [ 39.818664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.818824] kthread+0x318/0x618 [ 39.819579] ret_from_fork+0x10/0x20 [ 39.820293] [ 39.820386] The buggy address belongs to the object at fff00000c5dbd000 [ 39.820386] which belongs to the cache kmalloc-128 of size 128 [ 39.820851] The buggy address is located 0 bytes inside of [ 39.820851] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.821129] [ 39.821203] The buggy address belongs to the physical page: [ 39.821313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.822762] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.823356] page_type: f5(slab) [ 39.823701] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.824078] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.824230] page dumped because: kasan: bad access detected [ 39.825187] [ 39.825589] Memory state around the buggy address: [ 39.826310] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.826561] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.826742] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.826883] ^ [ 39.827900] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.828077] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.828931] ================================================================== [ 39.855163] ================================================================== [ 39.855454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 39.855605] Write of size 121 at addr fff00000c5dbd000 by task kunit_try_catch/287 [ 39.855775] [ 39.855868] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.856178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.856270] Hardware name: linux,dummy-virt (DT) [ 39.856987] Call trace: [ 39.857389] show_stack+0x20/0x38 (C) [ 39.857733] dump_stack_lvl+0x8c/0xd0 [ 39.857894] print_report+0x118/0x5f0 [ 39.858076] kasan_report+0xc8/0x118 [ 39.858264] kasan_check_range+0x100/0x1a8 [ 39.858444] __kasan_check_write+0x20/0x30 [ 39.858661] copy_user_test_oob+0x434/0xec0 [ 39.858827] kunit_try_run_case+0x14c/0x3d0 [ 39.859000] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.859429] kthread+0x318/0x618 [ 39.859629] ret_from_fork+0x10/0x20 [ 39.859844] [ 39.859940] Allocated by task 287: [ 39.860102] kasan_save_stack+0x3c/0x68 [ 39.860545] kasan_save_track+0x20/0x40 [ 39.860685] kasan_save_alloc_info+0x40/0x58 [ 39.860829] __kasan_kmalloc+0xd4/0xd8 [ 39.861001] __kmalloc_noprof+0x188/0x4c8 [ 39.861375] kunit_kmalloc_array+0x34/0x88 [ 39.862001] copy_user_test_oob+0xac/0xec0 [ 39.862357] kunit_try_run_case+0x14c/0x3d0 [ 39.862508] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.862667] kthread+0x318/0x618 [ 39.862792] ret_from_fork+0x10/0x20 [ 39.862945] [ 39.863080] The buggy address belongs to the object at fff00000c5dbd000 [ 39.863080] which belongs to the cache kmalloc-128 of size 128 [ 39.863356] The buggy address is located 0 bytes inside of [ 39.863356] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.863602] [ 39.863681] The buggy address belongs to the physical page: [ 39.863858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.864034] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.864206] page_type: f5(slab) [ 39.864331] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.864581] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.864790] page dumped because: kasan: bad access detected [ 39.864967] [ 39.865041] Memory state around the buggy address: [ 39.865177] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.865333] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.865510] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.865714] ^ [ 39.865869] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.866075] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.866209] ================================================================== [ 39.750745] ================================================================== [ 39.751074] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 39.751363] Write of size 121 at addr fff00000c5dbd000 by task kunit_try_catch/287 [ 39.751592] [ 39.751714] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.752088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.752227] Hardware name: linux,dummy-virt (DT) [ 39.752373] Call trace: [ 39.752553] show_stack+0x20/0x38 (C) [ 39.752733] dump_stack_lvl+0x8c/0xd0 [ 39.753396] print_report+0x118/0x5f0 [ 39.753672] kasan_report+0xc8/0x118 [ 39.754229] kasan_check_range+0x100/0x1a8 [ 39.754549] __kasan_check_write+0x20/0x30 [ 39.755164] copy_user_test_oob+0x234/0xec0 [ 39.755754] kunit_try_run_case+0x14c/0x3d0 [ 39.756506] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.756873] kthread+0x318/0x618 [ 39.757356] ret_from_fork+0x10/0x20 [ 39.757939] [ 39.758019] Allocated by task 287: [ 39.758151] kasan_save_stack+0x3c/0x68 [ 39.758290] kasan_save_track+0x20/0x40 [ 39.758413] kasan_save_alloc_info+0x40/0x58 [ 39.758548] __kasan_kmalloc+0xd4/0xd8 [ 39.758667] __kmalloc_noprof+0x188/0x4c8 [ 39.758797] kunit_kmalloc_array+0x34/0x88 [ 39.758934] copy_user_test_oob+0xac/0xec0 [ 39.759089] kunit_try_run_case+0x14c/0x3d0 [ 39.759229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.759379] kthread+0x318/0x618 [ 39.759504] ret_from_fork+0x10/0x20 [ 39.759623] [ 39.759695] The buggy address belongs to the object at fff00000c5dbd000 [ 39.759695] which belongs to the cache kmalloc-128 of size 128 [ 39.759904] The buggy address is located 0 bytes inside of [ 39.759904] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.761022] [ 39.761139] The buggy address belongs to the physical page: [ 39.761256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.761519] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.761932] page_type: f5(slab) [ 39.762772] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.764036] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.764262] page dumped because: kasan: bad access detected [ 39.764384] [ 39.764490] Memory state around the buggy address: [ 39.764772] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.765182] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.765698] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.765859] ^ [ 39.766237] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.766397] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.766531] ================================================================== [ 39.869221] ================================================================== [ 39.869498] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 39.869666] Read of size 121 at addr fff00000c5dbd000 by task kunit_try_catch/287 [ 39.869829] [ 39.869926] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.870225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.870323] Hardware name: linux,dummy-virt (DT) [ 39.870434] Call trace: [ 39.871351] show_stack+0x20/0x38 (C) [ 39.871644] dump_stack_lvl+0x8c/0xd0 [ 39.871912] print_report+0x118/0x5f0 [ 39.872590] kasan_report+0xc8/0x118 [ 39.873205] kasan_check_range+0x100/0x1a8 [ 39.873394] __kasan_check_read+0x20/0x30 [ 39.873592] copy_user_test_oob+0x4a0/0xec0 [ 39.873768] kunit_try_run_case+0x14c/0x3d0 [ 39.873935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.874336] kthread+0x318/0x618 [ 39.875489] ret_from_fork+0x10/0x20 [ 39.875745] [ 39.875921] Allocated by task 287: [ 39.876025] kasan_save_stack+0x3c/0x68 [ 39.876274] kasan_save_track+0x20/0x40 [ 39.876418] kasan_save_alloc_info+0x40/0x58 [ 39.876547] __kasan_kmalloc+0xd4/0xd8 [ 39.877169] __kmalloc_noprof+0x188/0x4c8 [ 39.877348] kunit_kmalloc_array+0x34/0x88 [ 39.878107] copy_user_test_oob+0xac/0xec0 [ 39.878271] kunit_try_run_case+0x14c/0x3d0 [ 39.878405] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.879349] kthread+0x318/0x618 [ 39.879722] ret_from_fork+0x10/0x20 [ 39.879870] [ 39.879939] The buggy address belongs to the object at fff00000c5dbd000 [ 39.879939] which belongs to the cache kmalloc-128 of size 128 [ 39.880479] The buggy address is located 0 bytes inside of [ 39.880479] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.881377] [ 39.881466] The buggy address belongs to the physical page: [ 39.881588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.881754] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.881916] page_type: f5(slab) [ 39.883136] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.883343] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.883491] page dumped because: kasan: bad access detected [ 39.883609] [ 39.883927] Memory state around the buggy address: [ 39.884618] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.885378] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.885849] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.886650] ^ [ 39.887499] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.888035] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.888200] ==================================================================
[ 28.985041] ================================================================== [ 28.985754] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x1130 [ 28.986347] Read of size 121 at addr ffff88810305ae00 by task kunit_try_catch/306 [ 28.986756] [ 28.986951] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 28.987082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.987144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.987202] Call Trace: [ 28.987236] <TASK> [ 28.987272] dump_stack_lvl+0x73/0xb0 [ 28.987348] print_report+0xd1/0x660 [ 28.987417] ? __virt_addr_valid+0x1db/0x2d0 [ 28.987544] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.987691] kasan_report+0x104/0x140 [ 28.987796] ? copy_user_test_oob+0x4aa/0x1130 [ 28.987877] ? copy_user_test_oob+0x4aa/0x1130 [ 28.987978] kasan_check_range+0x10c/0x1c0 [ 28.988054] __kasan_check_read+0x15/0x20 [ 28.988138] copy_user_test_oob+0x4aa/0x1130 [ 28.988223] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.988298] ? finish_task_switch.isra.0+0x153/0x730 [ 28.988365] ? __switch_to+0x5d9/0xf70 [ 28.988444] ? __schedule+0xd46/0x29c0 [ 28.988509] ? __pfx_read_tsc+0x10/0x10 [ 28.988571] ? ktime_get_ts64+0x86/0x240 [ 28.988644] kunit_try_run_case+0x1b2/0x490 [ 28.988720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.988819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.988883] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.988953] ? __kthread_parkme+0x82/0x160 [ 28.989020] ? preempt_count_sub+0x50/0x80 [ 28.989094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.989194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.989264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.989335] kthread+0x323/0x710 [ 28.989399] ? trace_preempt_on+0x20/0xc0 [ 28.989468] ? __pfx_kthread+0x10/0x10 [ 28.989536] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.989598] ? calculate_sigpending+0x7b/0xa0 [ 28.989664] ? __pfx_kthread+0x10/0x10 [ 28.989758] ret_from_fork+0x41/0x80 [ 28.989853] ? __pfx_kthread+0x10/0x10 [ 28.989950] ret_from_fork_asm+0x1a/0x30 [ 28.990045] </TASK> [ 28.990081] [ 29.003313] Allocated by task 306: [ 29.003702] kasan_save_stack+0x3d/0x60 [ 29.004200] kasan_save_track+0x18/0x40 [ 29.004625] kasan_save_alloc_info+0x3b/0x50 [ 29.005098] __kasan_kmalloc+0xb7/0xc0 [ 29.005446] __kmalloc_noprof+0x1c3/0x500 [ 29.005733] kunit_kmalloc_array+0x25/0x60 [ 29.006229] copy_user_test_oob+0xab/0x1130 [ 29.006783] kunit_try_run_case+0x1b2/0x490 [ 29.007259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.007806] kthread+0x323/0x710 [ 29.008655] ret_from_fork+0x41/0x80 [ 29.010381] ret_from_fork_asm+0x1a/0x30 [ 29.012271] [ 29.012444] The buggy address belongs to the object at ffff88810305ae00 [ 29.012444] which belongs to the cache kmalloc-128 of size 128 [ 29.013075] The buggy address is located 0 bytes inside of [ 29.013075] allocated 120-byte region [ffff88810305ae00, ffff88810305ae78) [ 29.014067] [ 29.014294] The buggy address belongs to the physical page: [ 29.014585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 29.015099] flags: 0x200000000000000(node=0|zone=2) [ 29.015444] page_type: f5(slab) [ 29.015719] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.016159] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.017735] page dumped because: kasan: bad access detected [ 29.018281] [ 29.020989] Memory state around the buggy address: [ 29.021339] ffff88810305ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.021715] ffff88810305ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.022077] >ffff88810305ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.022458] ^ [ 29.022848] ffff88810305ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.023341] ffff88810305af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.023752] ================================================================== [ 29.072686] ================================================================== [ 29.073380] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x1130 [ 29.073804] Read of size 121 at addr ffff88810305ae00 by task kunit_try_catch/306 [ 29.074487] [ 29.074745] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 29.074881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.074917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.075504] Call Trace: [ 29.075561] <TASK> [ 29.076027] dump_stack_lvl+0x73/0xb0 [ 29.076171] print_report+0xd1/0x660 [ 29.076260] ? __virt_addr_valid+0x1db/0x2d0 [ 29.076392] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.076473] kasan_report+0x104/0x140 [ 29.076536] ? copy_user_test_oob+0x604/0x1130 [ 29.076580] ? copy_user_test_oob+0x604/0x1130 [ 29.076628] kasan_check_range+0x10c/0x1c0 [ 29.076668] __kasan_check_read+0x15/0x20 [ 29.076699] copy_user_test_oob+0x604/0x1130 [ 29.076785] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.076822] ? finish_task_switch.isra.0+0x153/0x730 [ 29.076858] ? __switch_to+0x5d9/0xf70 [ 29.076897] ? __schedule+0xd46/0x29c0 [ 29.076931] ? __pfx_read_tsc+0x10/0x10 [ 29.076963] ? ktime_get_ts64+0x86/0x240 [ 29.077001] kunit_try_run_case+0x1b2/0x490 [ 29.077038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.077073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.077106] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.077164] ? __kthread_parkme+0x82/0x160 [ 29.077197] ? preempt_count_sub+0x50/0x80 [ 29.077235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.077271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.077307] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.077343] kthread+0x323/0x710 [ 29.077375] ? trace_preempt_on+0x20/0xc0 [ 29.077410] ? __pfx_kthread+0x10/0x10 [ 29.077444] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.077475] ? calculate_sigpending+0x7b/0xa0 [ 29.077508] ? __pfx_kthread+0x10/0x10 [ 29.077542] ret_from_fork+0x41/0x80 [ 29.077575] ? __pfx_kthread+0x10/0x10 [ 29.077608] ret_from_fork_asm+0x1a/0x30 [ 29.077657] </TASK> [ 29.077675] [ 29.097386] Allocated by task 306: [ 29.098130] kasan_save_stack+0x3d/0x60 [ 29.098544] kasan_save_track+0x18/0x40 [ 29.099344] kasan_save_alloc_info+0x3b/0x50 [ 29.099996] __kasan_kmalloc+0xb7/0xc0 [ 29.100416] __kmalloc_noprof+0x1c3/0x500 [ 29.101304] kunit_kmalloc_array+0x25/0x60 [ 29.101841] copy_user_test_oob+0xab/0x1130 [ 29.102485] kunit_try_run_case+0x1b2/0x490 [ 29.103291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.103752] kthread+0x323/0x710 [ 29.104252] ret_from_fork+0x41/0x80 [ 29.104660] ret_from_fork_asm+0x1a/0x30 [ 29.105457] [ 29.105843] The buggy address belongs to the object at ffff88810305ae00 [ 29.105843] which belongs to the cache kmalloc-128 of size 128 [ 29.106804] The buggy address is located 0 bytes inside of [ 29.106804] allocated 120-byte region [ffff88810305ae00, ffff88810305ae78) [ 29.108014] [ 29.108525] The buggy address belongs to the physical page: [ 29.109037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 29.110155] flags: 0x200000000000000(node=0|zone=2) [ 29.110676] page_type: f5(slab) [ 29.111628] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.112240] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.112790] page dumped because: kasan: bad access detected [ 29.113651] [ 29.114240] Memory state around the buggy address: [ 29.114505] ffff88810305ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.115171] ffff88810305ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.116003] >ffff88810305ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.117183] ^ [ 29.118103] ffff88810305ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.118756] ffff88810305af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.119885] ================================================================== [ 29.024556] ================================================================== [ 29.025238] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x1130 [ 29.026163] Write of size 121 at addr ffff88810305ae00 by task kunit_try_catch/306 [ 29.026705] [ 29.026920] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 29.028554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.028606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.028668] Call Trace: [ 29.028707] <TASK> [ 29.028746] dump_stack_lvl+0x73/0xb0 [ 29.028830] print_report+0xd1/0x660 [ 29.028899] ? __virt_addr_valid+0x1db/0x2d0 [ 29.029027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.029519] kasan_report+0x104/0x140 [ 29.029621] ? copy_user_test_oob+0x557/0x1130 [ 29.029700] ? copy_user_test_oob+0x557/0x1130 [ 29.029810] kasan_check_range+0x10c/0x1c0 [ 29.029935] __kasan_check_write+0x18/0x20 [ 29.030013] copy_user_test_oob+0x557/0x1130 [ 29.030095] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.030190] ? finish_task_switch.isra.0+0x153/0x730 [ 29.030259] ? __switch_to+0x5d9/0xf70 [ 29.030337] ? __schedule+0xd46/0x29c0 [ 29.030401] ? __pfx_read_tsc+0x10/0x10 [ 29.030463] ? ktime_get_ts64+0x86/0x240 [ 29.030536] kunit_try_run_case+0x1b2/0x490 [ 29.030610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.030677] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.030771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.030845] ? __kthread_parkme+0x82/0x160 [ 29.030915] ? preempt_count_sub+0x50/0x80 [ 29.030986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.031058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.031167] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.031249] kthread+0x323/0x710 [ 29.031314] ? trace_preempt_on+0x20/0xc0 [ 29.031387] ? __pfx_kthread+0x10/0x10 [ 29.031454] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.031517] ? calculate_sigpending+0x7b/0xa0 [ 29.031595] ? __pfx_kthread+0x10/0x10 [ 29.031683] ret_from_fork+0x41/0x80 [ 29.031826] ? __pfx_kthread+0x10/0x10 [ 29.031900] ret_from_fork_asm+0x1a/0x30 [ 29.032002] </TASK> [ 29.032039] [ 29.045234] Allocated by task 306: [ 29.045537] kasan_save_stack+0x3d/0x60 [ 29.046001] kasan_save_track+0x18/0x40 [ 29.046310] kasan_save_alloc_info+0x3b/0x50 [ 29.046614] __kasan_kmalloc+0xb7/0xc0 [ 29.046888] __kmalloc_noprof+0x1c3/0x500 [ 29.047359] kunit_kmalloc_array+0x25/0x60 [ 29.047971] copy_user_test_oob+0xab/0x1130 [ 29.048438] kunit_try_run_case+0x1b2/0x490 [ 29.048974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.049465] kthread+0x323/0x710 [ 29.049797] ret_from_fork+0x41/0x80 [ 29.050255] ret_from_fork_asm+0x1a/0x30 [ 29.050654] [ 29.050945] The buggy address belongs to the object at ffff88810305ae00 [ 29.050945] which belongs to the cache kmalloc-128 of size 128 [ 29.051939] The buggy address is located 0 bytes inside of [ 29.051939] allocated 120-byte region [ffff88810305ae00, ffff88810305ae78) [ 29.052795] [ 29.053018] The buggy address belongs to the physical page: [ 29.053531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 29.053955] flags: 0x200000000000000(node=0|zone=2) [ 29.055545] page_type: f5(slab) [ 29.056639] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.059659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.060439] page dumped because: kasan: bad access detected [ 29.061262] [ 29.061470] Memory state around the buggy address: [ 29.063303] ffff88810305ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.063764] ffff88810305ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.064444] >ffff88810305ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.065131] ^ [ 29.066086] ffff88810305ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.068529] ffff88810305af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.069216] ================================================================== [ 28.949903] ================================================================== [ 28.950436] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x1130 [ 28.950950] Write of size 121 at addr ffff88810305ae00 by task kunit_try_catch/306 [ 28.951674] [ 28.952010] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 28.952165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.952205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.952279] Call Trace: [ 28.952316] <TASK> [ 28.952378] dump_stack_lvl+0x73/0xb0 [ 28.952459] print_report+0xd1/0x660 [ 28.952522] ? __virt_addr_valid+0x1db/0x2d0 [ 28.952640] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.952763] kasan_report+0x104/0x140 [ 28.952833] ? copy_user_test_oob+0x3fd/0x1130 [ 28.952935] ? copy_user_test_oob+0x3fd/0x1130 [ 28.953004] kasan_check_range+0x10c/0x1c0 [ 28.953045] __kasan_check_write+0x18/0x20 [ 28.953078] copy_user_test_oob+0x3fd/0x1130 [ 28.953152] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.953216] ? finish_task_switch.isra.0+0x153/0x730 [ 28.953284] ? __switch_to+0x5d9/0xf70 [ 28.953376] ? __schedule+0xd46/0x29c0 [ 28.953473] ? __pfx_read_tsc+0x10/0x10 [ 28.953536] ? ktime_get_ts64+0x86/0x240 [ 28.953604] kunit_try_run_case+0x1b2/0x490 [ 28.953676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.953756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.953871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.953948] ? __kthread_parkme+0x82/0x160 [ 28.954016] ? preempt_count_sub+0x50/0x80 [ 28.954074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.954139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.954180] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.954216] kthread+0x323/0x710 [ 28.954249] ? trace_preempt_on+0x20/0xc0 [ 28.954285] ? __pfx_kthread+0x10/0x10 [ 28.954318] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.954350] ? calculate_sigpending+0x7b/0xa0 [ 28.954383] ? __pfx_kthread+0x10/0x10 [ 28.954417] ret_from_fork+0x41/0x80 [ 28.954449] ? __pfx_kthread+0x10/0x10 [ 28.954483] ret_from_fork_asm+0x1a/0x30 [ 28.954532] </TASK> [ 28.954550] [ 28.967880] Allocated by task 306: [ 28.968201] kasan_save_stack+0x3d/0x60 [ 28.968488] kasan_save_track+0x18/0x40 [ 28.968766] kasan_save_alloc_info+0x3b/0x50 [ 28.969280] __kasan_kmalloc+0xb7/0xc0 [ 28.969784] __kmalloc_noprof+0x1c3/0x500 [ 28.970436] kunit_kmalloc_array+0x25/0x60 [ 28.970893] copy_user_test_oob+0xab/0x1130 [ 28.971507] kunit_try_run_case+0x1b2/0x490 [ 28.971876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.972250] kthread+0x323/0x710 [ 28.972510] ret_from_fork+0x41/0x80 [ 28.972785] ret_from_fork_asm+0x1a/0x30 [ 28.973104] [ 28.973368] The buggy address belongs to the object at ffff88810305ae00 [ 28.973368] which belongs to the cache kmalloc-128 of size 128 [ 28.974387] The buggy address is located 0 bytes inside of [ 28.974387] allocated 120-byte region [ffff88810305ae00, ffff88810305ae78) [ 28.975421] [ 28.975679] The buggy address belongs to the physical page: [ 28.976261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 28.976896] flags: 0x200000000000000(node=0|zone=2) [ 28.977304] page_type: f5(slab) [ 28.977545] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.977954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.978752] page dumped because: kasan: bad access detected [ 28.979410] [ 28.979666] Memory state around the buggy address: [ 28.980148] ffff88810305ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.980533] ffff88810305ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.981041] >ffff88810305ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.981938] ^ [ 28.982655] ffff88810305ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.983307] ffff88810305af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.983792] ==================================================================