Date
June 2, 2025, 2:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.617428] ================================================================== [ 21.617913] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 21.618649] Write of size 121 at addr fff00000c65b6300 by task kunit_try_catch/275 [ 21.619222] [ 21.619571] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.619676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.619711] Hardware name: linux,dummy-virt (DT) [ 21.619827] Call trace: [ 21.619937] show_stack+0x20/0x38 (C) [ 21.620072] dump_stack_lvl+0x8c/0xd0 [ 21.620134] print_report+0x118/0x608 [ 21.620209] kasan_report+0xdc/0x128 [ 21.620263] kasan_check_range+0x100/0x1a8 [ 21.620314] __kasan_check_write+0x20/0x30 [ 21.620366] copy_user_test_oob+0x35c/0xec0 [ 21.620419] kunit_try_run_case+0x170/0x3f0 [ 21.620473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.620532] kthread+0x318/0x620 [ 21.620584] ret_from_fork+0x10/0x20 [ 21.620640] [ 21.624671] Allocated by task 275: [ 21.625035] kasan_save_stack+0x3c/0x68 [ 21.625406] kasan_save_track+0x20/0x40 [ 21.625744] kasan_save_alloc_info+0x40/0x58 [ 21.626094] __kasan_kmalloc+0xd4/0xd8 [ 21.626493] __kmalloc_noprof+0x198/0x4c8 [ 21.626803] kunit_kmalloc_array+0x34/0x88 [ 21.627163] copy_user_test_oob+0xac/0xec0 [ 21.627502] kunit_try_run_case+0x170/0x3f0 [ 21.627738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.628043] kthread+0x318/0x620 [ 21.628434] ret_from_fork+0x10/0x20 [ 21.628735] [ 21.628966] The buggy address belongs to the object at fff00000c65b6300 [ 21.628966] which belongs to the cache kmalloc-128 of size 128 [ 21.629816] The buggy address is located 0 bytes inside of [ 21.629816] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.630271] [ 21.630576] The buggy address belongs to the physical page: [ 21.630891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.631325] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.631663] page_type: f5(slab) [ 21.631886] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.632494] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.632854] page dumped because: kasan: bad access detected [ 21.633368] [ 21.633602] Memory state around the buggy address: [ 21.634032] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.634534] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.635033] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.635555] ^ [ 21.636017] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.636483] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.636938] ================================================================== [ 21.638469] ================================================================== [ 21.638861] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 21.639270] Read of size 121 at addr fff00000c65b6300 by task kunit_try_catch/275 [ 21.639549] [ 21.639723] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.639812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.639843] Hardware name: linux,dummy-virt (DT) [ 21.639882] Call trace: [ 21.639911] show_stack+0x20/0x38 (C) [ 21.639966] dump_stack_lvl+0x8c/0xd0 [ 21.640019] print_report+0x118/0x608 [ 21.640069] kasan_report+0xdc/0x128 [ 21.640119] kasan_check_range+0x100/0x1a8 [ 21.640184] __kasan_check_read+0x20/0x30 [ 21.640238] copy_user_test_oob+0x3c8/0xec0 [ 21.640287] kunit_try_run_case+0x170/0x3f0 [ 21.640337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.640392] kthread+0x318/0x620 [ 21.640440] ret_from_fork+0x10/0x20 [ 21.640493] [ 21.644825] Allocated by task 275: [ 21.645232] kasan_save_stack+0x3c/0x68 [ 21.645604] kasan_save_track+0x20/0x40 [ 21.645950] kasan_save_alloc_info+0x40/0x58 [ 21.646307] __kasan_kmalloc+0xd4/0xd8 [ 21.646643] __kmalloc_noprof+0x198/0x4c8 [ 21.646977] kunit_kmalloc_array+0x34/0x88 [ 21.647268] copy_user_test_oob+0xac/0xec0 [ 21.647621] kunit_try_run_case+0x170/0x3f0 [ 21.647961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.648505] kthread+0x318/0x620 [ 21.648789] ret_from_fork+0x10/0x20 [ 21.649116] [ 21.649360] The buggy address belongs to the object at fff00000c65b6300 [ 21.649360] which belongs to the cache kmalloc-128 of size 128 [ 21.649978] The buggy address is located 0 bytes inside of [ 21.649978] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.650541] [ 21.650699] The buggy address belongs to the physical page: [ 21.650998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.651740] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.652106] page_type: f5(slab) [ 21.652418] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.653013] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.653557] page dumped because: kasan: bad access detected [ 21.653956] [ 21.654193] Memory state around the buggy address: [ 21.654526] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.655036] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.655499] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.656029] ^ [ 21.656478] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.656963] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.657452] ================================================================== [ 21.592549] ================================================================== [ 21.592982] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 21.593472] Read of size 121 at addr fff00000c65b6300 by task kunit_try_catch/275 [ 21.594054] [ 21.594264] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.594367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.594403] Hardware name: linux,dummy-virt (DT) [ 21.594443] Call trace: [ 21.594474] show_stack+0x20/0x38 (C) [ 21.594535] dump_stack_lvl+0x8c/0xd0 [ 21.594587] print_report+0x118/0x608 [ 21.594638] kasan_report+0xdc/0x128 [ 21.594689] kasan_check_range+0x100/0x1a8 [ 21.594740] __kasan_check_read+0x20/0x30 [ 21.594793] copy_user_test_oob+0x728/0xec0 [ 21.594847] kunit_try_run_case+0x170/0x3f0 [ 21.594901] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.594960] kthread+0x318/0x620 [ 21.595009] ret_from_fork+0x10/0x20 [ 21.595066] [ 21.599385] Allocated by task 275: [ 21.599686] kasan_save_stack+0x3c/0x68 [ 21.600070] kasan_save_track+0x20/0x40 [ 21.600499] kasan_save_alloc_info+0x40/0x58 [ 21.600822] __kasan_kmalloc+0xd4/0xd8 [ 21.601085] __kmalloc_noprof+0x198/0x4c8 [ 21.601342] kunit_kmalloc_array+0x34/0x88 [ 21.601576] copy_user_test_oob+0xac/0xec0 [ 21.601819] kunit_try_run_case+0x170/0x3f0 [ 21.602303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.602535] kthread+0x318/0x620 [ 21.602869] ret_from_fork+0x10/0x20 [ 21.603138] [ 21.603359] The buggy address belongs to the object at fff00000c65b6300 [ 21.603359] which belongs to the cache kmalloc-128 of size 128 [ 21.603966] The buggy address is located 0 bytes inside of [ 21.603966] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.604665] [ 21.604849] The buggy address belongs to the physical page: [ 21.605119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.605680] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.605926] page_type: f5(slab) [ 21.606272] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.606927] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.607396] page dumped because: kasan: bad access detected [ 21.607796] [ 21.607975] Memory state around the buggy address: [ 21.608233] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.608644] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.609072] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.609482] ^ [ 21.609852] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.610604] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.610870] ================================================================== [ 21.677651] ================================================================== [ 21.678115] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 21.678594] Read of size 121 at addr fff00000c65b6300 by task kunit_try_catch/275 [ 21.679106] [ 21.679268] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.679374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.679435] Hardware name: linux,dummy-virt (DT) [ 21.679497] Call trace: [ 21.679532] show_stack+0x20/0x38 (C) [ 21.679602] dump_stack_lvl+0x8c/0xd0 [ 21.679671] print_report+0x118/0x608 [ 21.679725] kasan_report+0xdc/0x128 [ 21.679776] kasan_check_range+0x100/0x1a8 [ 21.679828] __kasan_check_read+0x20/0x30 [ 21.679877] copy_user_test_oob+0x4a0/0xec0 [ 21.679928] kunit_try_run_case+0x170/0x3f0 [ 21.679979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.680033] kthread+0x318/0x620 [ 21.680082] ret_from_fork+0x10/0x20 [ 21.680134] [ 21.682848] Allocated by task 275: [ 21.683139] kasan_save_stack+0x3c/0x68 [ 21.683563] kasan_save_track+0x20/0x40 [ 21.683916] kasan_save_alloc_info+0x40/0x58 [ 21.684204] __kasan_kmalloc+0xd4/0xd8 [ 21.684374] __kmalloc_noprof+0x198/0x4c8 [ 21.684651] kunit_kmalloc_array+0x34/0x88 [ 21.685055] copy_user_test_oob+0xac/0xec0 [ 21.685462] kunit_try_run_case+0x170/0x3f0 [ 21.685874] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.686143] kthread+0x318/0x620 [ 21.686462] ret_from_fork+0x10/0x20 [ 21.686705] [ 21.686875] The buggy address belongs to the object at fff00000c65b6300 [ 21.686875] which belongs to the cache kmalloc-128 of size 128 [ 21.687457] The buggy address is located 0 bytes inside of [ 21.687457] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.688168] [ 21.688341] The buggy address belongs to the physical page: [ 21.688617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.689045] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.689503] page_type: f5(slab) [ 21.689756] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.690209] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.690703] page dumped because: kasan: bad access detected [ 21.690970] [ 21.691147] Memory state around the buggy address: [ 21.691479] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.691866] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.692315] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.692731] ^ [ 21.693179] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.693602] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.694000] ================================================================== [ 21.659008] ================================================================== [ 21.659343] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 21.660027] Write of size 121 at addr fff00000c65b6300 by task kunit_try_catch/275 [ 21.660428] [ 21.660607] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.660712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.660761] Hardware name: linux,dummy-virt (DT) [ 21.660810] Call trace: [ 21.660840] show_stack+0x20/0x38 (C) [ 21.660901] dump_stack_lvl+0x8c/0xd0 [ 21.660957] print_report+0x118/0x608 [ 21.661014] kasan_report+0xdc/0x128 [ 21.661068] kasan_check_range+0x100/0x1a8 [ 21.661122] __kasan_check_write+0x20/0x30 [ 21.661282] copy_user_test_oob+0x434/0xec0 [ 21.661374] kunit_try_run_case+0x170/0x3f0 [ 21.661430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.661491] kthread+0x318/0x620 [ 21.661567] ret_from_fork+0x10/0x20 [ 21.661631] [ 21.664804] Allocated by task 275: [ 21.665166] kasan_save_stack+0x3c/0x68 [ 21.665484] kasan_save_track+0x20/0x40 [ 21.665808] kasan_save_alloc_info+0x40/0x58 [ 21.666123] __kasan_kmalloc+0xd4/0xd8 [ 21.666313] __kmalloc_noprof+0x198/0x4c8 [ 21.666492] kunit_kmalloc_array+0x34/0x88 [ 21.666661] copy_user_test_oob+0xac/0xec0 [ 21.666839] kunit_try_run_case+0x170/0x3f0 [ 21.667011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.667256] kthread+0x318/0x620 [ 21.667449] ret_from_fork+0x10/0x20 [ 21.667664] [ 21.667876] The buggy address belongs to the object at fff00000c65b6300 [ 21.667876] which belongs to the cache kmalloc-128 of size 128 [ 21.668875] The buggy address is located 0 bytes inside of [ 21.668875] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.669591] [ 21.669706] The buggy address belongs to the physical page: [ 21.670212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.670770] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.671358] page_type: f5(slab) [ 21.671716] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.672199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.672636] page dumped because: kasan: bad access detected [ 21.672984] [ 21.673149] Memory state around the buggy address: [ 21.673480] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.673965] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.674411] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.674860] ^ [ 21.675311] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.675743] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.676183] ================================================================== [ 21.567254] ================================================================== [ 21.568048] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 21.568798] Write of size 121 at addr fff00000c65b6300 by task kunit_try_catch/275 [ 21.569360] [ 21.569582] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.569696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.569733] Hardware name: linux,dummy-virt (DT) [ 21.569774] Call trace: [ 21.569804] show_stack+0x20/0x38 (C) [ 21.569877] dump_stack_lvl+0x8c/0xd0 [ 21.569938] print_report+0x118/0x608 [ 21.569994] kasan_report+0xdc/0x128 [ 21.570047] kasan_check_range+0x100/0x1a8 [ 21.570347] __kasan_check_write+0x20/0x30 [ 21.570632] copy_user_test_oob+0x234/0xec0 [ 21.570688] kunit_try_run_case+0x170/0x3f0 [ 21.570745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.570800] kthread+0x318/0x620 [ 21.570852] ret_from_fork+0x10/0x20 [ 21.570906] [ 21.574884] Allocated by task 275: [ 21.575253] kasan_save_stack+0x3c/0x68 [ 21.575709] kasan_save_track+0x20/0x40 [ 21.576044] kasan_save_alloc_info+0x40/0x58 [ 21.576422] __kasan_kmalloc+0xd4/0xd8 [ 21.576625] __kmalloc_noprof+0x198/0x4c8 [ 21.576841] kunit_kmalloc_array+0x34/0x88 [ 21.577064] copy_user_test_oob+0xac/0xec0 [ 21.577656] kunit_try_run_case+0x170/0x3f0 [ 21.577928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.578443] kthread+0x318/0x620 [ 21.578800] ret_from_fork+0x10/0x20 [ 21.579118] [ 21.579300] The buggy address belongs to the object at fff00000c65b6300 [ 21.579300] which belongs to the cache kmalloc-128 of size 128 [ 21.579971] The buggy address is located 0 bytes inside of [ 21.579971] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.580576] [ 21.580813] The buggy address belongs to the physical page: [ 21.581208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.581825] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.582331] page_type: f5(slab) [ 21.583092] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.583503] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.583967] page dumped because: kasan: bad access detected [ 21.584225] [ 21.584356] Memory state around the buggy address: [ 21.584533] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.584862] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.585490] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.585965] ^ [ 21.586377] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.586847] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.587079] ==================================================================
[ 16.839523] ================================================================== [ 16.839886] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 16.840477] Read of size 121 at addr ffff888102a2cf00 by task kunit_try_catch/293 [ 16.840700] [ 16.840779] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 16.840816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.840828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.840850] Call Trace: [ 16.840864] <TASK> [ 16.840899] dump_stack_lvl+0x73/0xb0 [ 16.840930] print_report+0xd1/0x650 [ 16.840958] ? __virt_addr_valid+0x1db/0x2d0 [ 16.840987] ? copy_user_test_oob+0x605/0x10f0 [ 16.841025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.841056] ? copy_user_test_oob+0x605/0x10f0 [ 16.841093] kasan_report+0x140/0x180 [ 16.841120] ? copy_user_test_oob+0x605/0x10f0 [ 16.841164] kasan_check_range+0x10c/0x1c0 [ 16.841192] __kasan_check_read+0x15/0x20 [ 16.841227] copy_user_test_oob+0x605/0x10f0 [ 16.841256] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.841282] ? finish_task_switch.isra.0+0x153/0x700 [ 16.841321] ? __switch_to+0x5d9/0xf60 [ 16.841352] ? __schedule+0xce8/0x2840 [ 16.841380] ? __pfx_read_tsc+0x10/0x10 [ 16.841406] ? ktime_get_ts64+0x86/0x230 [ 16.841436] kunit_try_run_case+0x1a6/0x480 [ 16.841464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.841490] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.841528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.841556] ? __kthread_parkme+0x82/0x160 [ 16.841594] ? preempt_count_sub+0x50/0x80 [ 16.841623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.841652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.841682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.841713] kthread+0x324/0x6e0 [ 16.841744] ? trace_preempt_on+0x20/0xc0 [ 16.841782] ? __pfx_kthread+0x10/0x10 [ 16.841809] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.841847] ? calculate_sigpending+0x7b/0xa0 [ 16.841875] ? __pfx_kthread+0x10/0x10 [ 16.841902] ret_from_fork+0x41/0x80 [ 16.841934] ? __pfx_kthread+0x10/0x10 [ 16.841961] ret_from_fork_asm+0x1a/0x30 [ 16.842006] </TASK> [ 16.842025] [ 16.849283] Allocated by task 293: [ 16.849411] kasan_save_stack+0x45/0x70 [ 16.849686] kasan_save_track+0x18/0x40 [ 16.849898] kasan_save_alloc_info+0x3b/0x50 [ 16.850153] __kasan_kmalloc+0xb7/0xc0 [ 16.850364] __kmalloc_noprof+0x1ca/0x500 [ 16.850622] kunit_kmalloc_array+0x25/0x60 [ 16.850773] copy_user_test_oob+0xac/0x10f0 [ 16.850924] kunit_try_run_case+0x1a6/0x480 [ 16.851084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.851266] kthread+0x324/0x6e0 [ 16.851392] ret_from_fork+0x41/0x80 [ 16.851537] ret_from_fork_asm+0x1a/0x30 [ 16.851738] [ 16.851834] The buggy address belongs to the object at ffff888102a2cf00 [ 16.851834] which belongs to the cache kmalloc-128 of size 128 [ 16.852424] The buggy address is located 0 bytes inside of [ 16.852424] allocated 120-byte region [ffff888102a2cf00, ffff888102a2cf78) [ 16.853065] [ 16.853164] The buggy address belongs to the physical page: [ 16.853459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 16.853694] flags: 0x200000000000000(node=0|zone=2) [ 16.853864] page_type: f5(slab) [ 16.853984] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.854222] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.854931] page dumped because: kasan: bad access detected [ 16.855201] [ 16.855310] Memory state around the buggy address: [ 16.855562] ffff888102a2ce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.855917] ffff888102a2ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.856251] >ffff888102a2cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.856614] ^ [ 16.856837] ffff888102a2cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.857061] ffff888102a2d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.857395] ================================================================== [ 16.820808] ================================================================== [ 16.821431] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 16.821822] Write of size 121 at addr ffff888102a2cf00 by task kunit_try_catch/293 [ 16.822172] [ 16.822279] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 16.822328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.822341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.822362] Call Trace: [ 16.822389] <TASK> [ 16.822404] dump_stack_lvl+0x73/0xb0 [ 16.822434] print_report+0xd1/0x650 [ 16.822470] ? __virt_addr_valid+0x1db/0x2d0 [ 16.822498] ? copy_user_test_oob+0x558/0x10f0 [ 16.822526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.822567] ? copy_user_test_oob+0x558/0x10f0 [ 16.822594] kasan_report+0x140/0x180 [ 16.822621] ? copy_user_test_oob+0x558/0x10f0 [ 16.822652] kasan_check_range+0x10c/0x1c0 [ 16.822688] __kasan_check_write+0x18/0x20 [ 16.822715] copy_user_test_oob+0x558/0x10f0 [ 16.822753] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.822780] ? finish_task_switch.isra.0+0x153/0x700 [ 16.822808] ? __switch_to+0x5d9/0xf60 [ 16.822838] ? __schedule+0xce8/0x2840 [ 16.822866] ? __pfx_read_tsc+0x10/0x10 [ 16.822891] ? ktime_get_ts64+0x86/0x230 [ 16.822921] kunit_try_run_case+0x1a6/0x480 [ 16.822949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.822975] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.823003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.823039] ? __kthread_parkme+0x82/0x160 [ 16.823066] ? preempt_count_sub+0x50/0x80 [ 16.823095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.823123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.823153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.823185] kthread+0x324/0x6e0 [ 16.823211] ? trace_preempt_on+0x20/0xc0 [ 16.823248] ? __pfx_kthread+0x10/0x10 [ 16.823276] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.823313] ? calculate_sigpending+0x7b/0xa0 [ 16.823341] ? __pfx_kthread+0x10/0x10 [ 16.823368] ret_from_fork+0x41/0x80 [ 16.823391] ? __pfx_kthread+0x10/0x10 [ 16.823418] ret_from_fork_asm+0x1a/0x30 [ 16.823453] </TASK> [ 16.823464] [ 16.830934] Allocated by task 293: [ 16.831141] kasan_save_stack+0x45/0x70 [ 16.831300] kasan_save_track+0x18/0x40 [ 16.831441] kasan_save_alloc_info+0x3b/0x50 [ 16.831614] __kasan_kmalloc+0xb7/0xc0 [ 16.831807] __kmalloc_noprof+0x1ca/0x500 [ 16.832044] kunit_kmalloc_array+0x25/0x60 [ 16.832342] copy_user_test_oob+0xac/0x10f0 [ 16.832723] kunit_try_run_case+0x1a6/0x480 [ 16.832920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.833179] kthread+0x324/0x6e0 [ 16.833346] ret_from_fork+0x41/0x80 [ 16.833480] ret_from_fork_asm+0x1a/0x30 [ 16.833833] [ 16.833945] The buggy address belongs to the object at ffff888102a2cf00 [ 16.833945] which belongs to the cache kmalloc-128 of size 128 [ 16.834463] The buggy address is located 0 bytes inside of [ 16.834463] allocated 120-byte region [ffff888102a2cf00, ffff888102a2cf78) [ 16.835001] [ 16.835103] The buggy address belongs to the physical page: [ 16.835336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 16.835737] flags: 0x200000000000000(node=0|zone=2) [ 16.835959] page_type: f5(slab) [ 16.836140] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.836464] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.836816] page dumped because: kasan: bad access detected [ 16.837054] [ 16.837151] Memory state around the buggy address: [ 16.837374] ffff888102a2ce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.837621] ffff888102a2ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.837964] >ffff888102a2cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.838226] ^ [ 16.838510] ffff888102a2cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838884] ffff888102a2d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.839130] ================================================================== [ 16.802811] ================================================================== [ 16.803156] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 16.803461] Read of size 121 at addr ffff888102a2cf00 by task kunit_try_catch/293 [ 16.803719] [ 16.803802] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 16.803842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.803855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.803876] Call Trace: [ 16.803892] <TASK> [ 16.803909] dump_stack_lvl+0x73/0xb0 [ 16.803938] print_report+0xd1/0x650 [ 16.803966] ? __virt_addr_valid+0x1db/0x2d0 [ 16.804035] ? copy_user_test_oob+0x4ab/0x10f0 [ 16.804065] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.804094] ? copy_user_test_oob+0x4ab/0x10f0 [ 16.804122] kasan_report+0x140/0x180 [ 16.804148] ? copy_user_test_oob+0x4ab/0x10f0 [ 16.804180] kasan_check_range+0x10c/0x1c0 [ 16.804208] __kasan_check_read+0x15/0x20 [ 16.804247] copy_user_test_oob+0x4ab/0x10f0 [ 16.804277] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.804314] ? finish_task_switch.isra.0+0x153/0x700 [ 16.804343] ? __switch_to+0x5d9/0xf60 [ 16.804373] ? __schedule+0xce8/0x2840 [ 16.804402] ? __pfx_read_tsc+0x10/0x10 [ 16.804428] ? ktime_get_ts64+0x86/0x230 [ 16.804458] kunit_try_run_case+0x1a6/0x480 [ 16.804487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.804513] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.804541] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.804578] ? __kthread_parkme+0x82/0x160 [ 16.804606] ? preempt_count_sub+0x50/0x80 [ 16.804635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.804674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.804705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.804735] kthread+0x324/0x6e0 [ 16.804762] ? trace_preempt_on+0x20/0xc0 [ 16.804791] ? __pfx_kthread+0x10/0x10 [ 16.804818] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.804845] ? calculate_sigpending+0x7b/0xa0 [ 16.804872] ? __pfx_kthread+0x10/0x10 [ 16.804900] ret_from_fork+0x41/0x80 [ 16.804923] ? __pfx_kthread+0x10/0x10 [ 16.804949] ret_from_fork_asm+0x1a/0x30 [ 16.804986] </TASK> [ 16.804998] [ 16.812342] Allocated by task 293: [ 16.812548] kasan_save_stack+0x45/0x70 [ 16.812774] kasan_save_track+0x18/0x40 [ 16.812945] kasan_save_alloc_info+0x3b/0x50 [ 16.813112] __kasan_kmalloc+0xb7/0xc0 [ 16.813288] __kmalloc_noprof+0x1ca/0x500 [ 16.813521] kunit_kmalloc_array+0x25/0x60 [ 16.813771] copy_user_test_oob+0xac/0x10f0 [ 16.814008] kunit_try_run_case+0x1a6/0x480 [ 16.814227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.814409] kthread+0x324/0x6e0 [ 16.814537] ret_from_fork+0x41/0x80 [ 16.814723] ret_from_fork_asm+0x1a/0x30 [ 16.815052] [ 16.815173] The buggy address belongs to the object at ffff888102a2cf00 [ 16.815173] which belongs to the cache kmalloc-128 of size 128 [ 16.815753] The buggy address is located 0 bytes inside of [ 16.815753] allocated 120-byte region [ffff888102a2cf00, ffff888102a2cf78) [ 16.816198] [ 16.816296] The buggy address belongs to the physical page: [ 16.816582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 16.816859] flags: 0x200000000000000(node=0|zone=2) [ 16.817107] page_type: f5(slab) [ 16.817248] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.817538] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.817890] page dumped because: kasan: bad access detected [ 16.818125] [ 16.818231] Memory state around the buggy address: [ 16.818407] ffff888102a2ce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.818778] ffff888102a2ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.819118] >ffff888102a2cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.819331] ^ [ 16.819809] ffff888102a2cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.820109] ffff888102a2d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.820367] ================================================================== [ 16.783622] ================================================================== [ 16.783888] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 16.784168] Write of size 121 at addr ffff888102a2cf00 by task kunit_try_catch/293 [ 16.784424] [ 16.784510] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 16.784551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.784563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.784597] Call Trace: [ 16.784611] <TASK> [ 16.784629] dump_stack_lvl+0x73/0xb0 [ 16.784660] print_report+0xd1/0x650 [ 16.784698] ? __virt_addr_valid+0x1db/0x2d0 [ 16.784726] ? copy_user_test_oob+0x3fe/0x10f0 [ 16.784753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.784783] ? copy_user_test_oob+0x3fe/0x10f0 [ 16.784811] kasan_report+0x140/0x180 [ 16.784837] ? copy_user_test_oob+0x3fe/0x10f0 [ 16.784869] kasan_check_range+0x10c/0x1c0 [ 16.784905] __kasan_check_write+0x18/0x20 [ 16.784933] copy_user_test_oob+0x3fe/0x10f0 [ 16.784972] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.784998] ? finish_task_switch.isra.0+0x153/0x700 [ 16.785048] ? __switch_to+0x5d9/0xf60 [ 16.785079] ? __schedule+0xce8/0x2840 [ 16.785108] ? __pfx_read_tsc+0x10/0x10 [ 16.785134] ? ktime_get_ts64+0x86/0x230 [ 16.785164] kunit_try_run_case+0x1a6/0x480 [ 16.785192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.785218] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.785247] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.785276] ? __kthread_parkme+0x82/0x160 [ 16.785304] ? preempt_count_sub+0x50/0x80 [ 16.785333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.785361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.785392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.785423] kthread+0x324/0x6e0 [ 16.785448] ? trace_preempt_on+0x20/0xc0 [ 16.785477] ? __pfx_kthread+0x10/0x10 [ 16.785505] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.785533] ? calculate_sigpending+0x7b/0xa0 [ 16.785559] ? __pfx_kthread+0x10/0x10 [ 16.785588] ret_from_fork+0x41/0x80 [ 16.785612] ? __pfx_kthread+0x10/0x10 [ 16.785640] ret_from_fork_asm+0x1a/0x30 [ 16.785675] </TASK> [ 16.785687] [ 16.793519] Allocated by task 293: [ 16.793726] kasan_save_stack+0x45/0x70 [ 16.793978] kasan_save_track+0x18/0x40 [ 16.794194] kasan_save_alloc_info+0x3b/0x50 [ 16.794353] __kasan_kmalloc+0xb7/0xc0 [ 16.794491] __kmalloc_noprof+0x1ca/0x500 [ 16.794774] kunit_kmalloc_array+0x25/0x60 [ 16.794980] copy_user_test_oob+0xac/0x10f0 [ 16.795190] kunit_try_run_case+0x1a6/0x480 [ 16.795345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.795526] kthread+0x324/0x6e0 [ 16.795716] ret_from_fork+0x41/0x80 [ 16.795931] ret_from_fork_asm+0x1a/0x30 [ 16.796180] [ 16.796259] The buggy address belongs to the object at ffff888102a2cf00 [ 16.796259] which belongs to the cache kmalloc-128 of size 128 [ 16.797552] The buggy address is located 0 bytes inside of [ 16.797552] allocated 120-byte region [ffff888102a2cf00, ffff888102a2cf78) [ 16.798071] [ 16.798167] The buggy address belongs to the physical page: [ 16.798384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 16.798772] flags: 0x200000000000000(node=0|zone=2) [ 16.799021] page_type: f5(slab) [ 16.799191] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.799445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.799735] page dumped because: kasan: bad access detected [ 16.800004] [ 16.800117] Memory state around the buggy address: [ 16.800330] ffff888102a2ce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.800663] ffff888102a2ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.800950] >ffff888102a2cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.801257] ^ [ 16.801542] ffff888102a2cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.801762] ffff888102a2d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.802114] ==================================================================