Date
May 12, 2025, 6:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.559775] ================================================================== [ 22.560284] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 22.560775] Read of size 121 at addr fff00000c6649400 by task kunit_try_catch/274 [ 22.561205] [ 22.561432] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.561535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.561570] Hardware name: linux,dummy-virt (DT) [ 22.561611] Call trace: [ 22.561658] show_stack+0x20/0x38 (C) [ 22.561721] dump_stack_lvl+0x8c/0xd0 [ 22.561807] print_report+0x118/0x608 [ 22.561867] kasan_report+0xdc/0x128 [ 22.561918] kasan_check_range+0x100/0x1a8 [ 22.561975] __kasan_check_read+0x20/0x30 [ 22.562028] copy_user_test_oob+0x728/0xec0 [ 22.562092] kunit_try_run_case+0x170/0x3f0 [ 22.562151] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.562213] kthread+0x318/0x620 [ 22.562263] ret_from_fork+0x10/0x20 [ 22.562318] [ 22.566589] Allocated by task 274: [ 22.566908] kasan_save_stack+0x3c/0x68 [ 22.567240] kasan_save_track+0x20/0x40 [ 22.567541] kasan_save_alloc_info+0x40/0x58 [ 22.567829] __kasan_kmalloc+0xd4/0xd8 [ 22.568140] __kmalloc_noprof+0x190/0x4d0 [ 22.568428] kunit_kmalloc_array+0x34/0x88 [ 22.568731] copy_user_test_oob+0xac/0xec0 [ 22.569060] kunit_try_run_case+0x170/0x3f0 [ 22.569322] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.569772] kthread+0x318/0x620 [ 22.570083] ret_from_fork+0x10/0x20 [ 22.570328] [ 22.570523] The buggy address belongs to the object at fff00000c6649400 [ 22.570523] which belongs to the cache kmalloc-128 of size 128 [ 22.571191] The buggy address is located 0 bytes inside of [ 22.571191] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.571906] [ 22.572086] The buggy address belongs to the physical page: [ 22.572378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.572816] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.573247] page_type: f5(slab) [ 22.573554] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.573945] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.574312] page dumped because: kasan: bad access detected [ 22.574780] [ 22.574933] Memory state around the buggy address: [ 22.575195] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.575720] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.576072] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.576503] ^ [ 22.576979] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.577375] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.577800] ================================================================== [ 22.532360] ================================================================== [ 22.533170] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 22.533641] Write of size 121 at addr fff00000c6649400 by task kunit_try_catch/274 [ 22.534004] [ 22.534237] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.534352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.534391] Hardware name: linux,dummy-virt (DT) [ 22.534435] Call trace: [ 22.534484] show_stack+0x20/0x38 (C) [ 22.535554] dump_stack_lvl+0x8c/0xd0 [ 22.535621] print_report+0x118/0x608 [ 22.535678] kasan_report+0xdc/0x128 [ 22.535731] kasan_check_range+0x100/0x1a8 [ 22.535806] __kasan_check_write+0x20/0x30 [ 22.535859] copy_user_test_oob+0x234/0xec0 [ 22.535915] kunit_try_run_case+0x170/0x3f0 [ 22.535970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.536029] kthread+0x318/0x620 [ 22.536081] ret_from_fork+0x10/0x20 [ 22.536137] [ 22.540033] Allocated by task 274: [ 22.540248] kasan_save_stack+0x3c/0x68 [ 22.540474] kasan_save_track+0x20/0x40 [ 22.540643] kasan_save_alloc_info+0x40/0x58 [ 22.541921] __kasan_kmalloc+0xd4/0xd8 [ 22.542242] __kmalloc_noprof+0x190/0x4d0 [ 22.542435] kunit_kmalloc_array+0x34/0x88 [ 22.542610] copy_user_test_oob+0xac/0xec0 [ 22.542876] kunit_try_run_case+0x170/0x3f0 [ 22.543170] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.544068] kthread+0x318/0x620 [ 22.544367] ret_from_fork+0x10/0x20 [ 22.544601] [ 22.544846] The buggy address belongs to the object at fff00000c6649400 [ 22.544846] which belongs to the cache kmalloc-128 of size 128 [ 22.545292] The buggy address is located 0 bytes inside of [ 22.545292] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.545879] [ 22.546028] The buggy address belongs to the physical page: [ 22.546695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.547265] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.547510] page_type: f5(slab) [ 22.547686] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.548050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.548675] page dumped because: kasan: bad access detected [ 22.548964] [ 22.549074] Memory state around the buggy address: [ 22.549893] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.550319] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.550891] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.551343] ^ [ 22.551687] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.552034] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.552359] ================================================================== [ 22.635929] ================================================================== [ 22.636319] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 22.637165] Read of size 121 at addr fff00000c6649400 by task kunit_try_catch/274 [ 22.637474] [ 22.637619] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.637714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.637768] Hardware name: linux,dummy-virt (DT) [ 22.637809] Call trace: [ 22.637839] show_stack+0x20/0x38 (C) [ 22.637897] dump_stack_lvl+0x8c/0xd0 [ 22.637952] print_report+0x118/0x608 [ 22.638001] kasan_report+0xdc/0x128 [ 22.638049] kasan_check_range+0x100/0x1a8 [ 22.638127] __kasan_check_read+0x20/0x30 [ 22.638181] copy_user_test_oob+0x4a0/0xec0 [ 22.638234] kunit_try_run_case+0x170/0x3f0 [ 22.638291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.638347] kthread+0x318/0x620 [ 22.638394] ret_from_fork+0x10/0x20 [ 22.638446] [ 22.642664] Allocated by task 274: [ 22.643090] kasan_save_stack+0x3c/0x68 [ 22.643421] kasan_save_track+0x20/0x40 [ 22.643773] kasan_save_alloc_info+0x40/0x58 [ 22.644000] __kasan_kmalloc+0xd4/0xd8 [ 22.644376] __kmalloc_noprof+0x190/0x4d0 [ 22.644616] kunit_kmalloc_array+0x34/0x88 [ 22.644950] copy_user_test_oob+0xac/0xec0 [ 22.645229] kunit_try_run_case+0x170/0x3f0 [ 22.645453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.645836] kthread+0x318/0x620 [ 22.646063] ret_from_fork+0x10/0x20 [ 22.646321] [ 22.646474] The buggy address belongs to the object at fff00000c6649400 [ 22.646474] which belongs to the cache kmalloc-128 of size 128 [ 22.646963] The buggy address is located 0 bytes inside of [ 22.646963] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.647685] [ 22.647930] The buggy address belongs to the physical page: [ 22.648237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.648532] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.649061] page_type: f5(slab) [ 22.649318] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.649734] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.650182] page dumped because: kasan: bad access detected [ 22.650452] [ 22.650643] Memory state around the buggy address: [ 22.650855] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.651252] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.651678] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.652098] ^ [ 22.652494] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.652896] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.653272] ================================================================== [ 22.619314] ================================================================== [ 22.619712] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 22.620757] Write of size 121 at addr fff00000c6649400 by task kunit_try_catch/274 [ 22.621114] [ 22.621262] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.621362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.621397] Hardware name: linux,dummy-virt (DT) [ 22.621436] Call trace: [ 22.621466] show_stack+0x20/0x38 (C) [ 22.621549] dump_stack_lvl+0x8c/0xd0 [ 22.621605] print_report+0x118/0x608 [ 22.621658] kasan_report+0xdc/0x128 [ 22.621711] kasan_check_range+0x100/0x1a8 [ 22.621785] __kasan_check_write+0x20/0x30 [ 22.621838] copy_user_test_oob+0x434/0xec0 [ 22.621892] kunit_try_run_case+0x170/0x3f0 [ 22.621943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.622001] kthread+0x318/0x620 [ 22.622051] ret_from_fork+0x10/0x20 [ 22.622119] [ 22.624887] Allocated by task 274: [ 22.625076] kasan_save_stack+0x3c/0x68 [ 22.625352] kasan_save_track+0x20/0x40 [ 22.625629] kasan_save_alloc_info+0x40/0x58 [ 22.625885] __kasan_kmalloc+0xd4/0xd8 [ 22.626139] __kmalloc_noprof+0x190/0x4d0 [ 22.626416] kunit_kmalloc_array+0x34/0x88 [ 22.626690] copy_user_test_oob+0xac/0xec0 [ 22.626906] kunit_try_run_case+0x170/0x3f0 [ 22.627121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.627566] kthread+0x318/0x620 [ 22.627862] ret_from_fork+0x10/0x20 [ 22.628093] [ 22.628280] The buggy address belongs to the object at fff00000c6649400 [ 22.628280] which belongs to the cache kmalloc-128 of size 128 [ 22.628767] The buggy address is located 0 bytes inside of [ 22.628767] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.629187] [ 22.629375] The buggy address belongs to the physical page: [ 22.629780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.630202] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.630615] page_type: f5(slab) [ 22.630847] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.631226] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.631693] page dumped because: kasan: bad access detected [ 22.631992] [ 22.632143] Memory state around the buggy address: [ 22.632359] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.632580] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.633122] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.633482] ^ [ 22.634032] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.634422] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.634778] ================================================================== [ 22.583829] ================================================================== [ 22.584294] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 22.584762] Write of size 121 at addr fff00000c6649400 by task kunit_try_catch/274 [ 22.585086] [ 22.585283] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.585421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.585458] Hardware name: linux,dummy-virt (DT) [ 22.585498] Call trace: [ 22.585530] show_stack+0x20/0x38 (C) [ 22.585591] dump_stack_lvl+0x8c/0xd0 [ 22.585665] print_report+0x118/0x608 [ 22.585728] kasan_report+0xdc/0x128 [ 22.585815] kasan_check_range+0x100/0x1a8 [ 22.585877] __kasan_check_write+0x20/0x30 [ 22.585934] copy_user_test_oob+0x35c/0xec0 [ 22.585989] kunit_try_run_case+0x170/0x3f0 [ 22.586042] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.586119] kthread+0x318/0x620 [ 22.586175] ret_from_fork+0x10/0x20 [ 22.586235] [ 22.590308] Allocated by task 274: [ 22.590667] kasan_save_stack+0x3c/0x68 [ 22.591090] kasan_save_track+0x20/0x40 [ 22.591344] kasan_save_alloc_info+0x40/0x58 [ 22.591699] __kasan_kmalloc+0xd4/0xd8 [ 22.591976] __kmalloc_noprof+0x190/0x4d0 [ 22.592194] kunit_kmalloc_array+0x34/0x88 [ 22.592555] copy_user_test_oob+0xac/0xec0 [ 22.592861] kunit_try_run_case+0x170/0x3f0 [ 22.593140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.593493] kthread+0x318/0x620 [ 22.593802] ret_from_fork+0x10/0x20 [ 22.594021] [ 22.594232] The buggy address belongs to the object at fff00000c6649400 [ 22.594232] which belongs to the cache kmalloc-128 of size 128 [ 22.594865] The buggy address is located 0 bytes inside of [ 22.594865] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.595526] [ 22.595687] The buggy address belongs to the physical page: [ 22.596047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.596502] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.596896] page_type: f5(slab) [ 22.597123] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.597479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.597952] page dumped because: kasan: bad access detected [ 22.598265] [ 22.598461] Memory state around the buggy address: [ 22.598804] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.599209] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.599590] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.600105] ^ [ 22.600455] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.600828] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.601205] ================================================================== [ 22.602360] ================================================================== [ 22.602695] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 22.603495] Read of size 121 at addr fff00000c6649400 by task kunit_try_catch/274 [ 22.604350] [ 22.604553] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.604669] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.604705] Hardware name: linux,dummy-virt (DT) [ 22.604758] Call trace: [ 22.604791] show_stack+0x20/0x38 (C) [ 22.604856] dump_stack_lvl+0x8c/0xd0 [ 22.604912] print_report+0x118/0x608 [ 22.604963] kasan_report+0xdc/0x128 [ 22.605012] kasan_check_range+0x100/0x1a8 [ 22.605063] __kasan_check_read+0x20/0x30 [ 22.605110] copy_user_test_oob+0x3c8/0xec0 [ 22.605160] kunit_try_run_case+0x170/0x3f0 [ 22.605208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.605260] kthread+0x318/0x620 [ 22.605310] ret_from_fork+0x10/0x20 [ 22.605361] [ 22.608397] Allocated by task 274: [ 22.608600] kasan_save_stack+0x3c/0x68 [ 22.608851] kasan_save_track+0x20/0x40 [ 22.609188] kasan_save_alloc_info+0x40/0x58 [ 22.609490] __kasan_kmalloc+0xd4/0xd8 [ 22.609802] __kmalloc_noprof+0x190/0x4d0 [ 22.610090] kunit_kmalloc_array+0x34/0x88 [ 22.610379] copy_user_test_oob+0xac/0xec0 [ 22.610747] kunit_try_run_case+0x170/0x3f0 [ 22.611056] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.611345] kthread+0x318/0x620 [ 22.611637] ret_from_fork+0x10/0x20 [ 22.611893] [ 22.612051] The buggy address belongs to the object at fff00000c6649400 [ 22.612051] which belongs to the cache kmalloc-128 of size 128 [ 22.612648] The buggy address is located 0 bytes inside of [ 22.612648] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.613151] [ 22.613340] The buggy address belongs to the physical page: [ 22.613668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.614202] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.614555] page_type: f5(slab) [ 22.614874] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.615178] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.615483] page dumped because: kasan: bad access detected [ 22.615757] [ 22.615942] Memory state around the buggy address: [ 22.616204] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.616604] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.616956] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.617245] ^ [ 22.617604] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.617967] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.618291] ==================================================================
[ 16.289305] ================================================================== [ 16.289688] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 16.290131] Write of size 121 at addr ffff888102adde00 by task kunit_try_catch/293 [ 16.290408] [ 16.290524] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.290574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.290587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.290610] Call Trace: [ 16.290627] <TASK> [ 16.290647] dump_stack_lvl+0x73/0xb0 [ 16.290677] print_report+0xd1/0x650 [ 16.290700] ? __virt_addr_valid+0x1db/0x2d0 [ 16.290723] ? copy_user_test_oob+0x3fe/0x10f0 [ 16.290747] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.290774] ? copy_user_test_oob+0x3fe/0x10f0 [ 16.290797] kasan_report+0x140/0x180 [ 16.290820] ? copy_user_test_oob+0x3fe/0x10f0 [ 16.290859] kasan_check_range+0x10c/0x1c0 [ 16.290883] __kasan_check_write+0x18/0x20 [ 16.290907] copy_user_test_oob+0x3fe/0x10f0 [ 16.290932] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.290954] ? finish_task_switch.isra.0+0x153/0x700 [ 16.290980] ? __switch_to+0x5d9/0xf60 [ 16.291007] ? __schedule+0xce8/0x2840 [ 16.291033] ? __pfx_read_tsc+0x10/0x10 [ 16.291069] ? ktime_get_ts64+0x86/0x230 [ 16.291096] kunit_try_run_case+0x1a6/0x480 [ 16.291121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.291143] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.291165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.291191] ? __kthread_parkme+0x82/0x160 [ 16.291215] ? preempt_count_sub+0x50/0x80 [ 16.291240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.291264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.291291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.291321] kthread+0x324/0x6e0 [ 16.291345] ? trace_preempt_on+0x20/0xc0 [ 16.291371] ? __pfx_kthread+0x10/0x10 [ 16.291394] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.291419] ? calculate_sigpending+0x7b/0xa0 [ 16.291442] ? __pfx_kthread+0x10/0x10 [ 16.291467] ret_from_fork+0x41/0x80 [ 16.291486] ? __pfx_kthread+0x10/0x10 [ 16.291510] ret_from_fork_asm+0x1a/0x30 [ 16.291542] </TASK> [ 16.291555] [ 16.298545] Allocated by task 293: [ 16.298750] kasan_save_stack+0x45/0x70 [ 16.298952] kasan_save_track+0x18/0x40 [ 16.299136] kasan_save_alloc_info+0x3b/0x50 [ 16.299290] __kasan_kmalloc+0xb7/0xc0 [ 16.299425] __kmalloc_noprof+0x1ca/0x500 [ 16.299634] kunit_kmalloc_array+0x25/0x60 [ 16.299845] copy_user_test_oob+0xac/0x10f0 [ 16.300090] kunit_try_run_case+0x1a6/0x480 [ 16.300238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.300416] kthread+0x324/0x6e0 [ 16.300578] ret_from_fork+0x41/0x80 [ 16.300770] ret_from_fork_asm+0x1a/0x30 [ 16.300984] [ 16.301120] The buggy address belongs to the object at ffff888102adde00 [ 16.301120] which belongs to the cache kmalloc-128 of size 128 [ 16.301664] The buggy address is located 0 bytes inside of [ 16.301664] allocated 120-byte region [ffff888102adde00, ffff888102adde78) [ 16.302178] [ 16.302281] The buggy address belongs to the physical page: [ 16.302501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.302828] flags: 0x200000000000000(node=0|zone=2) [ 16.303030] page_type: f5(slab) [ 16.303161] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.303576] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.303927] page dumped because: kasan: bad access detected [ 16.304141] [ 16.304238] Memory state around the buggy address: [ 16.304458] ffff888102addd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.304675] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.304923] >ffff888102adde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.305235] ^ [ 16.305550] ffff888102adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.305981] ffff888102addf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.306195] ================================================================== [ 16.324606] ================================================================== [ 16.325114] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 16.325349] Write of size 121 at addr ffff888102adde00 by task kunit_try_catch/293 [ 16.326048] [ 16.326159] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.326203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.326216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.326239] Call Trace: [ 16.326259] <TASK> [ 16.326279] dump_stack_lvl+0x73/0xb0 [ 16.326306] print_report+0xd1/0x650 [ 16.326328] ? __virt_addr_valid+0x1db/0x2d0 [ 16.326351] ? copy_user_test_oob+0x558/0x10f0 [ 16.326374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.326400] ? copy_user_test_oob+0x558/0x10f0 [ 16.326424] kasan_report+0x140/0x180 [ 16.326447] ? copy_user_test_oob+0x558/0x10f0 [ 16.326476] kasan_check_range+0x10c/0x1c0 [ 16.326500] __kasan_check_write+0x18/0x20 [ 16.326523] copy_user_test_oob+0x558/0x10f0 [ 16.326548] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.326571] ? finish_task_switch.isra.0+0x153/0x700 [ 16.326596] ? __switch_to+0x5d9/0xf60 [ 16.326624] ? __schedule+0xce8/0x2840 [ 16.326650] ? __pfx_read_tsc+0x10/0x10 [ 16.326673] ? ktime_get_ts64+0x86/0x230 [ 16.326699] kunit_try_run_case+0x1a6/0x480 [ 16.326722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.326745] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.326767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.326793] ? __kthread_parkme+0x82/0x160 [ 16.326816] ? preempt_count_sub+0x50/0x80 [ 16.326852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.326875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.326902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.326929] kthread+0x324/0x6e0 [ 16.326951] ? trace_preempt_on+0x20/0xc0 [ 16.326976] ? __pfx_kthread+0x10/0x10 [ 16.327000] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.327024] ? calculate_sigpending+0x7b/0xa0 [ 16.327047] ? __pfx_kthread+0x10/0x10 [ 16.327079] ret_from_fork+0x41/0x80 [ 16.327099] ? __pfx_kthread+0x10/0x10 [ 16.327122] ret_from_fork_asm+0x1a/0x30 [ 16.327155] </TASK> [ 16.327167] [ 16.334267] Allocated by task 293: [ 16.334464] kasan_save_stack+0x45/0x70 [ 16.334671] kasan_save_track+0x18/0x40 [ 16.334858] kasan_save_alloc_info+0x3b/0x50 [ 16.335008] __kasan_kmalloc+0xb7/0xc0 [ 16.335263] __kmalloc_noprof+0x1ca/0x500 [ 16.335631] kunit_kmalloc_array+0x25/0x60 [ 16.335777] copy_user_test_oob+0xac/0x10f0 [ 16.335933] kunit_try_run_case+0x1a6/0x480 [ 16.336080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.336257] kthread+0x324/0x6e0 [ 16.336383] ret_from_fork+0x41/0x80 [ 16.336513] ret_from_fork_asm+0x1a/0x30 [ 16.336656] [ 16.336729] The buggy address belongs to the object at ffff888102adde00 [ 16.336729] which belongs to the cache kmalloc-128 of size 128 [ 16.337549] The buggy address is located 0 bytes inside of [ 16.337549] allocated 120-byte region [ffff888102adde00, ffff888102adde78) [ 16.338110] [ 16.338208] The buggy address belongs to the physical page: [ 16.338393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.338632] flags: 0x200000000000000(node=0|zone=2) [ 16.338799] page_type: f5(slab) [ 16.338934] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.339165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.339391] page dumped because: kasan: bad access detected [ 16.339847] [ 16.339946] Memory state around the buggy address: [ 16.340325] ffff888102addd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.340654] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.340986] >ffff888102adde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.341644] ^ [ 16.341981] ffff888102adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.342243] ffff888102addf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.342486] ================================================================== [ 16.306801] ================================================================== [ 16.307211] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 16.307723] Read of size 121 at addr ffff888102adde00 by task kunit_try_catch/293 [ 16.308038] [ 16.308161] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.308206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.308220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.308243] Call Trace: [ 16.308265] <TASK> [ 16.308286] dump_stack_lvl+0x73/0xb0 [ 16.308313] print_report+0xd1/0x650 [ 16.308336] ? __virt_addr_valid+0x1db/0x2d0 [ 16.308359] ? copy_user_test_oob+0x4ab/0x10f0 [ 16.308382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.308408] ? copy_user_test_oob+0x4ab/0x10f0 [ 16.308432] kasan_report+0x140/0x180 [ 16.308455] ? copy_user_test_oob+0x4ab/0x10f0 [ 16.308483] kasan_check_range+0x10c/0x1c0 [ 16.308507] __kasan_check_read+0x15/0x20 [ 16.308530] copy_user_test_oob+0x4ab/0x10f0 [ 16.308555] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.308578] ? finish_task_switch.isra.0+0x153/0x700 [ 16.308604] ? __switch_to+0x5d9/0xf60 [ 16.308632] ? __schedule+0xce8/0x2840 [ 16.308657] ? __pfx_read_tsc+0x10/0x10 [ 16.308681] ? ktime_get_ts64+0x86/0x230 [ 16.308708] kunit_try_run_case+0x1a6/0x480 [ 16.308733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.308755] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.308776] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.308803] ? __kthread_parkme+0x82/0x160 [ 16.308826] ? preempt_count_sub+0x50/0x80 [ 16.308861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.308884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.308911] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.308938] kthread+0x324/0x6e0 [ 16.308961] ? trace_preempt_on+0x20/0xc0 [ 16.308986] ? __pfx_kthread+0x10/0x10 [ 16.309009] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.309033] ? calculate_sigpending+0x7b/0xa0 [ 16.309066] ? __pfx_kthread+0x10/0x10 [ 16.309090] ret_from_fork+0x41/0x80 [ 16.309110] ? __pfx_kthread+0x10/0x10 [ 16.309133] ret_from_fork_asm+0x1a/0x30 [ 16.309168] </TASK> [ 16.309180] [ 16.316120] Allocated by task 293: [ 16.316314] kasan_save_stack+0x45/0x70 [ 16.316520] kasan_save_track+0x18/0x40 [ 16.316859] kasan_save_alloc_info+0x3b/0x50 [ 16.317030] __kasan_kmalloc+0xb7/0xc0 [ 16.317218] __kmalloc_noprof+0x1ca/0x500 [ 16.317368] kunit_kmalloc_array+0x25/0x60 [ 16.317512] copy_user_test_oob+0xac/0x10f0 [ 16.317719] kunit_try_run_case+0x1a6/0x480 [ 16.317942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.318281] kthread+0x324/0x6e0 [ 16.318448] ret_from_fork+0x41/0x80 [ 16.318607] ret_from_fork_asm+0x1a/0x30 [ 16.318773] [ 16.318879] The buggy address belongs to the object at ffff888102adde00 [ 16.318879] which belongs to the cache kmalloc-128 of size 128 [ 16.319394] The buggy address is located 0 bytes inside of [ 16.319394] allocated 120-byte region [ffff888102adde00, ffff888102adde78) [ 16.319865] [ 16.319970] The buggy address belongs to the physical page: [ 16.320229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.320533] flags: 0x200000000000000(node=0|zone=2) [ 16.320766] page_type: f5(slab) [ 16.320930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.321242] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.321558] page dumped because: kasan: bad access detected [ 16.321783] [ 16.321892] Memory state around the buggy address: [ 16.322061] ffff888102addd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.322278] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.322495] >ffff888102adde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.322709] ^ [ 16.322970] ffff888102adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.323563] ffff888102addf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.323886] ================================================================== [ 16.343157] ================================================================== [ 16.343471] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 16.343708] Read of size 121 at addr ffff888102adde00 by task kunit_try_catch/293 [ 16.343951] [ 16.344039] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.344085] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.344098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.344122] Call Trace: [ 16.344143] <TASK> [ 16.344164] dump_stack_lvl+0x73/0xb0 [ 16.344191] print_report+0xd1/0x650 [ 16.344214] ? __virt_addr_valid+0x1db/0x2d0 [ 16.344238] ? copy_user_test_oob+0x605/0x10f0 [ 16.344261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.344288] ? copy_user_test_oob+0x605/0x10f0 [ 16.344312] kasan_report+0x140/0x180 [ 16.344335] ? copy_user_test_oob+0x605/0x10f0 [ 16.344362] kasan_check_range+0x10c/0x1c0 [ 16.344386] __kasan_check_read+0x15/0x20 [ 16.344409] copy_user_test_oob+0x605/0x10f0 [ 16.344434] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.344457] ? finish_task_switch.isra.0+0x153/0x700 [ 16.344482] ? __switch_to+0x5d9/0xf60 [ 16.344528] ? __schedule+0xce8/0x2840 [ 16.344557] ? __pfx_read_tsc+0x10/0x10 [ 16.344580] ? ktime_get_ts64+0x86/0x230 [ 16.344606] kunit_try_run_case+0x1a6/0x480 [ 16.344630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.344653] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.344675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.344701] ? __kthread_parkme+0x82/0x160 [ 16.344725] ? preempt_count_sub+0x50/0x80 [ 16.344750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.344774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.344801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.344828] kthread+0x324/0x6e0 [ 16.344861] ? trace_preempt_on+0x20/0xc0 [ 16.344886] ? __pfx_kthread+0x10/0x10 [ 16.344911] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.344936] ? calculate_sigpending+0x7b/0xa0 [ 16.344959] ? __pfx_kthread+0x10/0x10 [ 16.344983] ret_from_fork+0x41/0x80 [ 16.345002] ? __pfx_kthread+0x10/0x10 [ 16.345025] ret_from_fork_asm+0x1a/0x30 [ 16.345058] </TASK> [ 16.345071] [ 16.352307] Allocated by task 293: [ 16.352500] kasan_save_stack+0x45/0x70 [ 16.352705] kasan_save_track+0x18/0x40 [ 16.352898] kasan_save_alloc_info+0x3b/0x50 [ 16.353061] __kasan_kmalloc+0xb7/0xc0 [ 16.353260] __kmalloc_noprof+0x1ca/0x500 [ 16.353462] kunit_kmalloc_array+0x25/0x60 [ 16.353635] copy_user_test_oob+0xac/0x10f0 [ 16.353829] kunit_try_run_case+0x1a6/0x480 [ 16.353986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.354414] kthread+0x324/0x6e0 [ 16.354570] ret_from_fork+0x41/0x80 [ 16.354784] ret_from_fork_asm+0x1a/0x30 [ 16.355011] [ 16.355138] The buggy address belongs to the object at ffff888102adde00 [ 16.355138] which belongs to the cache kmalloc-128 of size 128 [ 16.355506] The buggy address is located 0 bytes inside of [ 16.355506] allocated 120-byte region [ffff888102adde00, ffff888102adde78) [ 16.355880] [ 16.355998] The buggy address belongs to the physical page: [ 16.356448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.356803] flags: 0x200000000000000(node=0|zone=2) [ 16.357051] page_type: f5(slab) [ 16.357259] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.357603] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.357829] page dumped because: kasan: bad access detected [ 16.358005] [ 16.358076] Memory state around the buggy address: [ 16.358230] ffff888102addd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.358790] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.359512] >ffff888102adde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.359857] ^ [ 16.360450] ffff888102adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.361434] ffff888102addf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.361883] ==================================================================