Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.206005] ================================================================== [ 31.206876] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 31.207711] Read of size 121 at addr fff00000c6414800 by task kunit_try_catch/274 [ 31.208597] [ 31.208960] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 31.209116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.209155] Hardware name: linux,dummy-virt (DT) [ 31.209224] Call trace: [ 31.209297] show_stack+0x20/0x38 (C) [ 31.209439] dump_stack_lvl+0x8c/0xd0 [ 31.209581] print_report+0x118/0x608 [ 31.209722] kasan_report+0xdc/0x128 [ 31.209854] kasan_check_range+0x100/0x1a8 [ 31.209945] __kasan_check_read+0x20/0x30 [ 31.210004] copy_user_test_oob+0x4a0/0xec0 [ 31.210066] kunit_try_run_case+0x170/0x3f0 [ 31.210123] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.210203] kthread+0x318/0x620 [ 31.210260] ret_from_fork+0x10/0x20 [ 31.210322] [ 31.216178] Allocated by task 274: [ 31.216711] kasan_save_stack+0x3c/0x68 [ 31.217375] kasan_save_track+0x20/0x40 [ 31.217868] kasan_save_alloc_info+0x40/0x58 [ 31.218471] __kasan_kmalloc+0xd4/0xd8 [ 31.218966] __kmalloc_noprof+0x198/0x4c8 [ 31.219506] kunit_kmalloc_array+0x34/0x88 [ 31.220052] copy_user_test_oob+0xac/0xec0 [ 31.220606] kunit_try_run_case+0x170/0x3f0 [ 31.221163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.221856] kthread+0x318/0x620 [ 31.222395] ret_from_fork+0x10/0x20 [ 31.222933] [ 31.223235] The buggy address belongs to the object at fff00000c6414800 [ 31.223235] which belongs to the cache kmalloc-128 of size 128 [ 31.224455] The buggy address is located 0 bytes inside of [ 31.224455] allocated 120-byte region [fff00000c6414800, fff00000c6414878) [ 31.225583] [ 31.225874] The buggy address belongs to the physical page: [ 31.226513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414 [ 31.227256] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.228020] page_type: f5(slab) [ 31.228509] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.229348] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.230640] page dumped because: kasan: bad access detected [ 31.231358] [ 31.231798] Memory state around the buggy address: [ 31.232327] fff00000c6414700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.233243] fff00000c6414780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.233958] >fff00000c6414800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.234638] ^ [ 31.235657] fff00000c6414880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.236535] fff00000c6414900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.237222] ================================================================== [ 31.012830] ================================================================== [ 31.014376] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 31.015534] Write of size 121 at addr fff00000c6414800 by task kunit_try_catch/274 [ 31.016487] [ 31.016997] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 31.017164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.017214] Hardware name: linux,dummy-virt (DT) [ 31.017298] Call trace: [ 31.017333] show_stack+0x20/0x38 (C) [ 31.017406] dump_stack_lvl+0x8c/0xd0 [ 31.017475] print_report+0x118/0x608 [ 31.017540] kasan_report+0xdc/0x128 [ 31.017601] kasan_check_range+0x100/0x1a8 [ 31.017658] __kasan_check_write+0x20/0x30 [ 31.017715] copy_user_test_oob+0x234/0xec0 [ 31.017775] kunit_try_run_case+0x170/0x3f0 [ 31.017840] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.017933] kthread+0x318/0x620 [ 31.017999] ret_from_fork+0x10/0x20 [ 31.018063] [ 31.024312] Allocated by task 274: [ 31.024798] kasan_save_stack+0x3c/0x68 [ 31.025388] kasan_save_track+0x20/0x40 [ 31.025903] kasan_save_alloc_info+0x40/0x58 [ 31.026499] __kasan_kmalloc+0xd4/0xd8 [ 31.027141] __kmalloc_noprof+0x198/0x4c8 [ 31.027663] kunit_kmalloc_array+0x34/0x88 [ 31.028217] copy_user_test_oob+0xac/0xec0 [ 31.028770] kunit_try_run_case+0x170/0x3f0 [ 31.029377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.030044] kthread+0x318/0x620 [ 31.030532] ret_from_fork+0x10/0x20 [ 31.030992] [ 31.031287] The buggy address belongs to the object at fff00000c6414800 [ 31.031287] which belongs to the cache kmalloc-128 of size 128 [ 31.032578] The buggy address is located 0 bytes inside of [ 31.032578] allocated 120-byte region [fff00000c6414800, fff00000c6414878) [ 31.033810] [ 31.034154] The buggy address belongs to the physical page: [ 31.034818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414 [ 31.035603] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.036326] page_type: f5(slab) [ 31.036871] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.037659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.038412] page dumped because: kasan: bad access detected [ 31.039051] [ 31.039360] Memory state around the buggy address: [ 31.039953] fff00000c6414700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.040650] fff00000c6414780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.041468] >fff00000c6414800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.042248] ^ [ 31.043443] fff00000c6414880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.044075] fff00000c6414900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.044908] ================================================================== [ 31.054126] ================================================================== [ 31.054878] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 31.055647] Read of size 121 at addr fff00000c6414800 by task kunit_try_catch/274 [ 31.056295] [ 31.056705] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 31.056951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.057038] Hardware name: linux,dummy-virt (DT) [ 31.057130] Call trace: [ 31.057198] show_stack+0x20/0x38 (C) [ 31.057336] dump_stack_lvl+0x8c/0xd0 [ 31.057496] print_report+0x118/0x608 [ 31.057615] kasan_report+0xdc/0x128 [ 31.057679] kasan_check_range+0x100/0x1a8 [ 31.057737] __kasan_check_read+0x20/0x30 [ 31.057795] copy_user_test_oob+0x728/0xec0 [ 31.057860] kunit_try_run_case+0x170/0x3f0 [ 31.057955] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.058023] kthread+0x318/0x620 [ 31.058082] ret_from_fork+0x10/0x20 [ 31.058142] [ 31.064525] Allocated by task 274: [ 31.065090] kasan_save_stack+0x3c/0x68 [ 31.065703] kasan_save_track+0x20/0x40 [ 31.066301] kasan_save_alloc_info+0x40/0x58 [ 31.066952] __kasan_kmalloc+0xd4/0xd8 [ 31.067581] __kmalloc_noprof+0x198/0x4c8 [ 31.068140] kunit_kmalloc_array+0x34/0x88 [ 31.068876] copy_user_test_oob+0xac/0xec0 [ 31.069493] kunit_try_run_case+0x170/0x3f0 [ 31.070107] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.070791] kthread+0x318/0x620 [ 31.071227] ret_from_fork+0x10/0x20 [ 31.071658] [ 31.072042] The buggy address belongs to the object at fff00000c6414800 [ 31.072042] which belongs to the cache kmalloc-128 of size 128 [ 31.073120] The buggy address is located 0 bytes inside of [ 31.073120] allocated 120-byte region [fff00000c6414800, fff00000c6414878) [ 31.074609] [ 31.075154] The buggy address belongs to the physical page: [ 31.075743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414 [ 31.076722] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.077468] page_type: f5(slab) [ 31.077821] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.078761] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.079549] page dumped because: kasan: bad access detected [ 31.080183] [ 31.080505] Memory state around the buggy address: [ 31.081111] fff00000c6414700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.081902] fff00000c6414780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.082676] >fff00000c6414800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.083435] ^ [ 31.084176] fff00000c6414880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.084991] fff00000c6414900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.085655] ================================================================== [ 31.092873] ================================================================== [ 31.093860] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 31.095043] Write of size 121 at addr fff00000c6414800 by task kunit_try_catch/274 [ 31.096768] [ 31.097472] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 31.097703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.097763] Hardware name: linux,dummy-virt (DT) [ 31.097807] Call trace: [ 31.097835] show_stack+0x20/0x38 (C) [ 31.097985] dump_stack_lvl+0x8c/0xd0 [ 31.098132] print_report+0x118/0x608 [ 31.098214] kasan_report+0xdc/0x128 [ 31.098276] kasan_check_range+0x100/0x1a8 [ 31.098332] __kasan_check_write+0x20/0x30 [ 31.098389] copy_user_test_oob+0x35c/0xec0 [ 31.098450] kunit_try_run_case+0x170/0x3f0 [ 31.098507] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.098572] kthread+0x318/0x620 [ 31.098627] ret_from_fork+0x10/0x20 [ 31.098687] [ 31.105310] Allocated by task 274: [ 31.105945] kasan_save_stack+0x3c/0x68 [ 31.106599] kasan_save_track+0x20/0x40 [ 31.107367] kasan_save_alloc_info+0x40/0x58 [ 31.108019] __kasan_kmalloc+0xd4/0xd8 [ 31.108725] __kmalloc_noprof+0x198/0x4c8 [ 31.109400] kunit_kmalloc_array+0x34/0x88 [ 31.109979] copy_user_test_oob+0xac/0xec0 [ 31.110760] kunit_try_run_case+0x170/0x3f0 [ 31.111456] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.112253] kthread+0x318/0x620 [ 31.112932] ret_from_fork+0x10/0x20 [ 31.113490] [ 31.113912] The buggy address belongs to the object at fff00000c6414800 [ 31.113912] which belongs to the cache kmalloc-128 of size 128 [ 31.115243] The buggy address is located 0 bytes inside of [ 31.115243] allocated 120-byte region [fff00000c6414800, fff00000c6414878) [ 31.116571] [ 31.116931] The buggy address belongs to the physical page: [ 31.117691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414 [ 31.118654] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.119453] page_type: f5(slab) [ 31.120023] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.120915] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.121734] page dumped because: kasan: bad access detected [ 31.122412] [ 31.122774] Memory state around the buggy address: [ 31.123435] fff00000c6414700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.124276] fff00000c6414780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.125099] >fff00000c6414800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.125866] ^ [ 31.126575] fff00000c6414880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.127357] fff00000c6414900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.128244] ================================================================== [ 31.165492] ================================================================== [ 31.166223] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 31.167479] Write of size 121 at addr fff00000c6414800 by task kunit_try_catch/274 [ 31.168310] [ 31.168671] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 31.169503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.169590] Hardware name: linux,dummy-virt (DT) [ 31.169685] Call trace: [ 31.169752] show_stack+0x20/0x38 (C) [ 31.169913] dump_stack_lvl+0x8c/0xd0 [ 31.170044] print_report+0x118/0x608 [ 31.170283] kasan_report+0xdc/0x128 [ 31.170410] kasan_check_range+0x100/0x1a8 [ 31.170538] __kasan_check_write+0x20/0x30 [ 31.170663] copy_user_test_oob+0x434/0xec0 [ 31.170791] kunit_try_run_case+0x170/0x3f0 [ 31.170960] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.171102] kthread+0x318/0x620 [ 31.171227] ret_from_fork+0x10/0x20 [ 31.171349] [ 31.181568] Allocated by task 274: [ 31.182369] kasan_save_stack+0x3c/0x68 [ 31.182868] kasan_save_track+0x20/0x40 [ 31.183345] kasan_save_alloc_info+0x40/0x58 [ 31.183827] __kasan_kmalloc+0xd4/0xd8 [ 31.184629] __kmalloc_noprof+0x198/0x4c8 [ 31.185176] kunit_kmalloc_array+0x34/0x88 [ 31.185727] copy_user_test_oob+0xac/0xec0 [ 31.186418] kunit_try_run_case+0x170/0x3f0 [ 31.187064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.187746] kthread+0x318/0x620 [ 31.188287] ret_from_fork+0x10/0x20 [ 31.188852] [ 31.189256] The buggy address belongs to the object at fff00000c6414800 [ 31.189256] which belongs to the cache kmalloc-128 of size 128 [ 31.190535] The buggy address is located 0 bytes inside of [ 31.190535] allocated 120-byte region [fff00000c6414800, fff00000c6414878) [ 31.191852] [ 31.192270] The buggy address belongs to the physical page: [ 31.192981] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414 [ 31.193922] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.194677] page_type: f5(slab) [ 31.195224] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.196105] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.196907] page dumped because: kasan: bad access detected [ 31.197583] [ 31.197973] Memory state around the buggy address: [ 31.198549] fff00000c6414700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.199394] fff00000c6414780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.200111] >fff00000c6414800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.200829] ^ [ 31.201633] fff00000c6414880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.202411] fff00000c6414900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.203185] ================================================================== [ 31.131432] ================================================================== [ 31.132158] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 31.133281] Read of size 121 at addr fff00000c6414800 by task kunit_try_catch/274 [ 31.134314] [ 31.134741] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 31.135048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.135119] Hardware name: linux,dummy-virt (DT) [ 31.135164] Call trace: [ 31.135195] show_stack+0x20/0x38 (C) [ 31.135265] dump_stack_lvl+0x8c/0xd0 [ 31.135328] print_report+0x118/0x608 [ 31.135386] kasan_report+0xdc/0x128 [ 31.135444] kasan_check_range+0x100/0x1a8 [ 31.135502] __kasan_check_read+0x20/0x30 [ 31.135558] copy_user_test_oob+0x3c8/0xec0 [ 31.135616] kunit_try_run_case+0x170/0x3f0 [ 31.135675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.135737] kthread+0x318/0x620 [ 31.135792] ret_from_fork+0x10/0x20 [ 31.135859] [ 31.142819] Allocated by task 274: [ 31.143542] kasan_save_stack+0x3c/0x68 [ 31.144351] kasan_save_track+0x20/0x40 [ 31.145008] kasan_save_alloc_info+0x40/0x58 [ 31.145566] __kasan_kmalloc+0xd4/0xd8 [ 31.146076] __kmalloc_noprof+0x198/0x4c8 [ 31.146625] kunit_kmalloc_array+0x34/0x88 [ 31.147296] copy_user_test_oob+0xac/0xec0 [ 31.147802] kunit_try_run_case+0x170/0x3f0 [ 31.148336] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.148959] kthread+0x318/0x620 [ 31.149467] ret_from_fork+0x10/0x20 [ 31.149959] [ 31.150294] The buggy address belongs to the object at fff00000c6414800 [ 31.150294] which belongs to the cache kmalloc-128 of size 128 [ 31.151393] The buggy address is located 0 bytes inside of [ 31.151393] allocated 120-byte region [fff00000c6414800, fff00000c6414878) [ 31.152566] [ 31.152951] The buggy address belongs to the physical page: [ 31.153552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414 [ 31.154339] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.155062] page_type: f5(slab) [ 31.155530] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.156326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.157041] page dumped because: kasan: bad access detected [ 31.157666] [ 31.157988] Memory state around the buggy address: [ 31.158548] fff00000c6414700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.159303] fff00000c6414780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.160071] >fff00000c6414800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.160667] ^ [ 31.161795] fff00000c6414880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.162561] fff00000c6414900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.163345] ==================================================================
[ 23.847765] ================================================================== [ 23.848314] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 23.848801] Write of size 121 at addr ffff888102c74500 by task kunit_try_catch/293 [ 23.849364] [ 23.849616] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 23.849730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.849764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.849820] Call Trace: [ 23.849885] <TASK> [ 23.849932] dump_stack_lvl+0x73/0xb0 [ 23.850029] print_report+0xd1/0x650 [ 23.850090] ? __virt_addr_valid+0x1db/0x2d0 [ 23.850149] ? copy_user_test_oob+0x558/0x10f0 [ 23.850204] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.850272] ? copy_user_test_oob+0x558/0x10f0 [ 23.850337] kasan_report+0x140/0x180 [ 23.850402] ? copy_user_test_oob+0x558/0x10f0 [ 23.850477] kasan_check_range+0x10c/0x1c0 [ 23.850543] __kasan_check_write+0x18/0x20 [ 23.850603] copy_user_test_oob+0x558/0x10f0 [ 23.850660] ? __pfx_copy_user_test_oob+0x10/0x10 [ 23.850698] ? finish_task_switch.isra.0+0x153/0x700 [ 23.850734] ? __switch_to+0x5d9/0xf60 [ 23.850771] ? __schedule+0xce8/0x2840 [ 23.850803] ? __pfx_read_tsc+0x10/0x10 [ 23.850834] ? ktime_get_ts64+0x86/0x230 [ 23.850890] kunit_try_run_case+0x1a6/0x480 [ 23.850923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.850955] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.850987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.851018] ? __kthread_parkme+0x82/0x160 [ 23.851050] ? preempt_count_sub+0x50/0x80 [ 23.851081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.851111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.851146] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.851180] kthread+0x324/0x6e0 [ 23.851209] ? trace_preempt_on+0x20/0xc0 [ 23.851241] ? __pfx_kthread+0x10/0x10 [ 23.851270] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.851314] ? calculate_sigpending+0x7b/0xa0 [ 23.851348] ? __pfx_kthread+0x10/0x10 [ 23.851379] ret_from_fork+0x41/0x80 [ 23.851405] ? __pfx_kthread+0x10/0x10 [ 23.851435] ret_from_fork_asm+0x1a/0x30 [ 23.851478] </TASK> [ 23.851494] [ 23.862647] Allocated by task 293: [ 23.863081] kasan_save_stack+0x45/0x70 [ 23.863379] kasan_save_track+0x18/0x40 [ 23.863829] kasan_save_alloc_info+0x3b/0x50 [ 23.864294] __kasan_kmalloc+0xb7/0xc0 [ 23.864675] __kmalloc_noprof+0x1ca/0x500 [ 23.865094] kunit_kmalloc_array+0x25/0x60 [ 23.865482] copy_user_test_oob+0xac/0x10f0 [ 23.865782] kunit_try_run_case+0x1a6/0x480 [ 23.866064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.866538] kthread+0x324/0x6e0 [ 23.866906] ret_from_fork+0x41/0x80 [ 23.867219] ret_from_fork_asm+0x1a/0x30 [ 23.867638] [ 23.867887] The buggy address belongs to the object at ffff888102c74500 [ 23.867887] which belongs to the cache kmalloc-128 of size 128 [ 23.868903] The buggy address is located 0 bytes inside of [ 23.868903] allocated 120-byte region [ffff888102c74500, ffff888102c74578) [ 23.869561] [ 23.869724] The buggy address belongs to the physical page: [ 23.870019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c74 [ 23.870409] flags: 0x200000000000000(node=0|zone=2) [ 23.870688] page_type: f5(slab) [ 23.870922] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.871582] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.872519] page dumped because: kasan: bad access detected [ 23.873011] [ 23.873225] Memory state around the buggy address: [ 23.873873] ffff888102c74400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.874613] ffff888102c74480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.875231] >ffff888102c74500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.875782] ^ [ 23.876289] ffff888102c74580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.877068] ffff888102c74600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.877696] ================================================================== [ 23.771158] ================================================================== [ 23.772002] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 23.772499] Write of size 121 at addr ffff888102c74500 by task kunit_try_catch/293 [ 23.773085] [ 23.773287] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 23.773396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.773431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.773482] Call Trace: [ 23.773525] <TASK> [ 23.773570] dump_stack_lvl+0x73/0xb0 [ 23.773647] print_report+0xd1/0x650 [ 23.773707] ? __virt_addr_valid+0x1db/0x2d0 [ 23.773764] ? copy_user_test_oob+0x3fe/0x10f0 [ 23.773820] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.773899] ? copy_user_test_oob+0x3fe/0x10f0 [ 23.773963] kasan_report+0x140/0x180 [ 23.774030] ? copy_user_test_oob+0x3fe/0x10f0 [ 23.774099] kasan_check_range+0x10c/0x1c0 [ 23.774159] __kasan_check_write+0x18/0x20 [ 23.774219] copy_user_test_oob+0x3fe/0x10f0 [ 23.774281] ? __pfx_copy_user_test_oob+0x10/0x10 [ 23.774337] ? finish_task_switch.isra.0+0x153/0x700 [ 23.774399] ? __switch_to+0x5d9/0xf60 [ 23.774464] ? __schedule+0xce8/0x2840 [ 23.774521] ? __pfx_read_tsc+0x10/0x10 [ 23.774574] ? ktime_get_ts64+0x86/0x230 [ 23.774637] kunit_try_run_case+0x1a6/0x480 [ 23.774707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.774769] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.774828] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.774885] ? __kthread_parkme+0x82/0x160 [ 23.774919] ? preempt_count_sub+0x50/0x80 [ 23.774953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.774984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.775022] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.775056] kthread+0x324/0x6e0 [ 23.775085] ? trace_preempt_on+0x20/0xc0 [ 23.775118] ? __pfx_kthread+0x10/0x10 [ 23.775147] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.775177] ? calculate_sigpending+0x7b/0xa0 [ 23.775206] ? __pfx_kthread+0x10/0x10 [ 23.775236] ret_from_fork+0x41/0x80 [ 23.775262] ? __pfx_kthread+0x10/0x10 [ 23.775298] ret_from_fork_asm+0x1a/0x30 [ 23.775351] </TASK> [ 23.775369] [ 23.789880] Allocated by task 293: [ 23.790251] kasan_save_stack+0x45/0x70 [ 23.790613] kasan_save_track+0x18/0x40 [ 23.790977] kasan_save_alloc_info+0x3b/0x50 [ 23.791397] __kasan_kmalloc+0xb7/0xc0 [ 23.791731] __kmalloc_noprof+0x1ca/0x500 [ 23.792912] kunit_kmalloc_array+0x25/0x60 [ 23.793160] copy_user_test_oob+0xac/0x10f0 [ 23.794013] kunit_try_run_case+0x1a6/0x480 [ 23.794351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.794718] kthread+0x324/0x6e0 [ 23.795261] ret_from_fork+0x41/0x80 [ 23.795836] ret_from_fork_asm+0x1a/0x30 [ 23.796133] [ 23.796268] The buggy address belongs to the object at ffff888102c74500 [ 23.796268] which belongs to the cache kmalloc-128 of size 128 [ 23.797634] The buggy address is located 0 bytes inside of [ 23.797634] allocated 120-byte region [ffff888102c74500, ffff888102c74578) [ 23.798599] [ 23.798782] The buggy address belongs to the physical page: [ 23.799043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c74 [ 23.800140] flags: 0x200000000000000(node=0|zone=2) [ 23.800957] page_type: f5(slab) [ 23.801225] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.802023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.803047] page dumped because: kasan: bad access detected [ 23.803414] [ 23.803622] Memory state around the buggy address: [ 23.804154] ffff888102c74400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.804946] ffff888102c74480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.805396] >ffff888102c74500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.806033] ^ [ 23.806640] ffff888102c74580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.807115] ffff888102c74600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.807812] ================================================================== [ 23.878817] ================================================================== [ 23.879349] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 23.880060] Read of size 121 at addr ffff888102c74500 by task kunit_try_catch/293 [ 23.880422] [ 23.880596] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 23.880705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.880740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.880798] Call Trace: [ 23.881170] <TASK> [ 23.881237] dump_stack_lvl+0x73/0xb0 [ 23.881333] print_report+0xd1/0x650 [ 23.881399] ? __virt_addr_valid+0x1db/0x2d0 [ 23.881463] ? copy_user_test_oob+0x605/0x10f0 [ 23.881525] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.881582] ? copy_user_test_oob+0x605/0x10f0 [ 23.881645] kasan_report+0x140/0x180 [ 23.881709] ? copy_user_test_oob+0x605/0x10f0 [ 23.881786] kasan_check_range+0x10c/0x1c0 [ 23.881869] __kasan_check_read+0x15/0x20 [ 23.881934] copy_user_test_oob+0x605/0x10f0 [ 23.882004] ? __pfx_copy_user_test_oob+0x10/0x10 [ 23.882068] ? finish_task_switch.isra.0+0x153/0x700 [ 23.882134] ? __switch_to+0x5d9/0xf60 [ 23.882207] ? __schedule+0xce8/0x2840 [ 23.882267] ? __pfx_read_tsc+0x10/0x10 [ 23.882329] ? ktime_get_ts64+0x86/0x230 [ 23.882398] kunit_try_run_case+0x1a6/0x480 [ 23.882460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.882519] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.882573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.882638] ? __kthread_parkme+0x82/0x160 [ 23.882691] ? preempt_count_sub+0x50/0x80 [ 23.882742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.882794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.882878] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.882939] kthread+0x324/0x6e0 [ 23.882991] ? trace_preempt_on+0x20/0xc0 [ 23.883053] ? __pfx_kthread+0x10/0x10 [ 23.883112] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.883176] ? calculate_sigpending+0x7b/0xa0 [ 23.883237] ? __pfx_kthread+0x10/0x10 [ 23.883298] ret_from_fork+0x41/0x80 [ 23.883354] ? __pfx_kthread+0x10/0x10 [ 23.883417] ret_from_fork_asm+0x1a/0x30 [ 23.883504] </TASK> [ 23.883536] [ 23.896248] Allocated by task 293: [ 23.896682] kasan_save_stack+0x45/0x70 [ 23.897161] kasan_save_track+0x18/0x40 [ 23.897759] kasan_save_alloc_info+0x3b/0x50 [ 23.898145] __kasan_kmalloc+0xb7/0xc0 [ 23.898672] __kmalloc_noprof+0x1ca/0x500 [ 23.898984] kunit_kmalloc_array+0x25/0x60 [ 23.899359] copy_user_test_oob+0xac/0x10f0 [ 23.899622] kunit_try_run_case+0x1a6/0x480 [ 23.899925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.900483] kthread+0x324/0x6e0 [ 23.900818] ret_from_fork+0x41/0x80 [ 23.901210] ret_from_fork_asm+0x1a/0x30 [ 23.901510] [ 23.901663] The buggy address belongs to the object at ffff888102c74500 [ 23.901663] which belongs to the cache kmalloc-128 of size 128 [ 23.902191] The buggy address is located 0 bytes inside of [ 23.902191] allocated 120-byte region [ffff888102c74500, ffff888102c74578) [ 23.903205] [ 23.903491] The buggy address belongs to the physical page: [ 23.903966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c74 [ 23.904790] flags: 0x200000000000000(node=0|zone=2) [ 23.905198] page_type: f5(slab) [ 23.905653] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.906060] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.906411] page dumped because: kasan: bad access detected [ 23.906686] [ 23.906828] Memory state around the buggy address: [ 23.907234] ffff888102c74400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.907972] ffff888102c74480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.908626] >ffff888102c74500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.909239] ^ [ 23.909722] ffff888102c74580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.910271] ffff888102c74600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.910720] ================================================================== [ 23.809115] ================================================================== [ 23.810017] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 23.810338] Read of size 121 at addr ffff888102c74500 by task kunit_try_catch/293 [ 23.810615] [ 23.810757] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 23.810873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.810910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.810965] Call Trace: [ 23.811071] <TASK> [ 23.811152] dump_stack_lvl+0x73/0xb0 [ 23.811299] print_report+0xd1/0x650 [ 23.811358] ? __virt_addr_valid+0x1db/0x2d0 [ 23.811412] ? copy_user_test_oob+0x4ab/0x10f0 [ 23.811469] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.811537] ? copy_user_test_oob+0x4ab/0x10f0 [ 23.811590] kasan_report+0x140/0x180 [ 23.811647] ? copy_user_test_oob+0x4ab/0x10f0 [ 23.811736] kasan_check_range+0x10c/0x1c0 [ 23.811802] __kasan_check_read+0x15/0x20 [ 23.811880] copy_user_test_oob+0x4ab/0x10f0 [ 23.811950] ? __pfx_copy_user_test_oob+0x10/0x10 [ 23.812012] ? finish_task_switch.isra.0+0x153/0x700 [ 23.812078] ? __switch_to+0x5d9/0xf60 [ 23.812146] ? __schedule+0xce8/0x2840 [ 23.812207] ? __pfx_read_tsc+0x10/0x10 [ 23.812266] ? ktime_get_ts64+0x86/0x230 [ 23.812335] kunit_try_run_case+0x1a6/0x480 [ 23.812402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.812460] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.812526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.812592] ? __kthread_parkme+0x82/0x160 [ 23.812645] ? preempt_count_sub+0x50/0x80 [ 23.812702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.812759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.812826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.813012] kthread+0x324/0x6e0 [ 23.813075] ? trace_preempt_on+0x20/0xc0 [ 23.813127] ? __pfx_kthread+0x10/0x10 [ 23.813169] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.813214] ? calculate_sigpending+0x7b/0xa0 [ 23.813257] ? __pfx_kthread+0x10/0x10 [ 23.813301] ret_from_fork+0x41/0x80 [ 23.813347] ? __pfx_kthread+0x10/0x10 [ 23.813397] ret_from_fork_asm+0x1a/0x30 [ 23.813480] </TASK> [ 23.813512] [ 23.826716] Allocated by task 293: [ 23.827252] kasan_save_stack+0x45/0x70 [ 23.827559] kasan_save_track+0x18/0x40 [ 23.827823] kasan_save_alloc_info+0x3b/0x50 [ 23.828344] __kasan_kmalloc+0xb7/0xc0 [ 23.828793] __kmalloc_noprof+0x1ca/0x500 [ 23.829282] kunit_kmalloc_array+0x25/0x60 [ 23.829737] copy_user_test_oob+0xac/0x10f0 [ 23.830235] kunit_try_run_case+0x1a6/0x480 [ 23.830596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.831135] kthread+0x324/0x6e0 [ 23.831349] ret_from_fork+0x41/0x80 [ 23.831779] ret_from_fork_asm+0x1a/0x30 [ 23.832266] [ 23.833704] The buggy address belongs to the object at ffff888102c74500 [ 23.833704] which belongs to the cache kmalloc-128 of size 128 [ 23.835588] The buggy address is located 0 bytes inside of [ 23.835588] allocated 120-byte region [ffff888102c74500, ffff888102c74578) [ 23.836587] [ 23.836795] The buggy address belongs to the physical page: [ 23.837404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c74 [ 23.838324] flags: 0x200000000000000(node=0|zone=2) [ 23.838668] page_type: f5(slab) [ 23.838916] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.840105] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.840842] page dumped because: kasan: bad access detected [ 23.841287] [ 23.841444] Memory state around the buggy address: [ 23.842000] ffff888102c74400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.842512] ffff888102c74480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.842963] >ffff888102c74500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.843396] ^ [ 23.844057] ffff888102c74580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.844588] ffff888102c74600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.845283] ==================================================================