Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 43.587617] ================================================================== [ 43.588391] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 43.588999] Write of size 121 at addr fff00000c65d5200 by task kunit_try_catch/274 [ 43.589982] [ 43.590378] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.591294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.591890] Hardware name: linux,dummy-virt (DT) [ 43.592537] Call trace: [ 43.592905] show_stack+0x20/0x38 (C) [ 43.593534] dump_stack_lvl+0x8c/0xd0 [ 43.594140] print_report+0x118/0x5e0 [ 43.594658] kasan_report+0xc8/0x118 [ 43.595323] kasan_check_range+0x100/0x1a8 [ 43.595996] __kasan_check_write+0x20/0x30 [ 43.596682] copy_user_test_oob+0x35c/0xec0 [ 43.597290] kunit_try_run_case+0x14c/0x3d0 [ 43.597985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.598760] kthread+0x24c/0x2d0 [ 43.599320] ret_from_fork+0x10/0x20 [ 43.599865] [ 43.600211] Allocated by task 274: [ 43.600758] kasan_save_stack+0x3c/0x68 [ 43.601252] kasan_save_track+0x20/0x40 [ 43.601857] kasan_save_alloc_info+0x40/0x58 [ 43.602473] __kasan_kmalloc+0xd4/0xd8 [ 43.602914] __kmalloc_noprof+0x188/0x4c8 [ 43.603532] kunit_kmalloc_array+0x34/0x88 [ 43.604138] copy_user_test_oob+0xac/0xec0 [ 43.604786] kunit_try_run_case+0x14c/0x3d0 [ 43.605482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.606156] kthread+0x24c/0x2d0 [ 43.606643] ret_from_fork+0x10/0x20 [ 43.607114] [ 43.607474] The buggy address belongs to the object at fff00000c65d5200 [ 43.607474] which belongs to the cache kmalloc-128 of size 128 [ 43.608720] The buggy address is located 0 bytes inside of [ 43.608720] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.609982] [ 43.610315] The buggy address belongs to the physical page: [ 43.611021] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.611802] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.612640] page_type: f5(slab) [ 43.613146] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.613976] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.614775] page dumped because: kasan: bad access detected [ 43.615482] [ 43.615803] Memory state around the buggy address: [ 43.616461] fff00000c65d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.617238] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.618043] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.618826] ^ [ 43.619722] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.620504] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.621288] ================================================================== [ 43.488366] ================================================================== [ 43.489705] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 43.490872] Write of size 121 at addr fff00000c65d5200 by task kunit_try_catch/274 [ 43.491753] [ 43.492181] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.493580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.494309] Hardware name: linux,dummy-virt (DT) [ 43.495675] Call trace: [ 43.496184] show_stack+0x20/0x38 (C) [ 43.496855] dump_stack_lvl+0x8c/0xd0 [ 43.497585] print_report+0x118/0x5e0 [ 43.498319] kasan_report+0xc8/0x118 [ 43.498917] kasan_check_range+0x100/0x1a8 [ 43.499600] __kasan_check_write+0x20/0x30 [ 43.500247] copy_user_test_oob+0x234/0xec0 [ 43.500823] kunit_try_run_case+0x14c/0x3d0 [ 43.501873] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.502781] kthread+0x24c/0x2d0 [ 43.503201] ret_from_fork+0x10/0x20 [ 43.503894] [ 43.504333] Allocated by task 274: [ 43.504983] kasan_save_stack+0x3c/0x68 [ 43.505938] kasan_save_track+0x20/0x40 [ 43.506640] kasan_save_alloc_info+0x40/0x58 [ 43.507304] __kasan_kmalloc+0xd4/0xd8 [ 43.507899] __kmalloc_noprof+0x188/0x4c8 [ 43.508531] kunit_kmalloc_array+0x34/0x88 [ 43.509150] copy_user_test_oob+0xac/0xec0 [ 43.510225] kunit_try_run_case+0x14c/0x3d0 [ 43.510833] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.511603] kthread+0x24c/0x2d0 [ 43.512343] ret_from_fork+0x10/0x20 [ 43.513040] [ 43.513745] The buggy address belongs to the object at fff00000c65d5200 [ 43.513745] which belongs to the cache kmalloc-128 of size 128 [ 43.515140] The buggy address is located 0 bytes inside of [ 43.515140] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.516480] [ 43.516851] The buggy address belongs to the physical page: [ 43.517525] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.518366] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.519822] page_type: f5(slab) [ 43.520946] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.522142] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.523276] page dumped because: kasan: bad access detected [ 43.523851] [ 43.524088] Memory state around the buggy address: [ 43.524625] fff00000c65d5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 43.526179] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.527038] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.528472] ^ [ 43.529491] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.530684] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.531425] ================================================================== [ 43.540117] ================================================================== [ 43.540926] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 43.542267] Read of size 121 at addr fff00000c65d5200 by task kunit_try_catch/274 [ 43.543589] [ 43.543898] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.545171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.546262] Hardware name: linux,dummy-virt (DT) [ 43.547208] Call trace: [ 43.547588] show_stack+0x20/0x38 (C) [ 43.548152] dump_stack_lvl+0x8c/0xd0 [ 43.548603] print_report+0x118/0x5e0 [ 43.549259] kasan_report+0xc8/0x118 [ 43.549936] kasan_check_range+0x100/0x1a8 [ 43.550561] __kasan_check_read+0x20/0x30 [ 43.551161] copy_user_test_oob+0x728/0xec0 [ 43.551882] kunit_try_run_case+0x14c/0x3d0 [ 43.552598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.553391] kthread+0x24c/0x2d0 [ 43.554032] ret_from_fork+0x10/0x20 [ 43.554656] [ 43.555040] Allocated by task 274: [ 43.555525] kasan_save_stack+0x3c/0x68 [ 43.556126] kasan_save_track+0x20/0x40 [ 43.556780] kasan_save_alloc_info+0x40/0x58 [ 43.557482] __kasan_kmalloc+0xd4/0xd8 [ 43.558067] __kmalloc_noprof+0x188/0x4c8 [ 43.558658] kunit_kmalloc_array+0x34/0x88 [ 43.559277] copy_user_test_oob+0xac/0xec0 [ 43.559929] kunit_try_run_case+0x14c/0x3d0 [ 43.560487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.561278] kthread+0x24c/0x2d0 [ 43.561876] ret_from_fork+0x10/0x20 [ 43.562519] [ 43.562900] The buggy address belongs to the object at fff00000c65d5200 [ 43.562900] which belongs to the cache kmalloc-128 of size 128 [ 43.564146] The buggy address is located 0 bytes inside of [ 43.564146] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.565520] [ 43.565926] The buggy address belongs to the physical page: [ 43.566623] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.567519] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.568298] page_type: f5(slab) [ 43.568917] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.569786] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.570757] page dumped because: kasan: bad access detected [ 43.571382] [ 43.571748] Memory state around the buggy address: [ 43.572334] fff00000c65d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.573111] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.573939] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.574621] ^ [ 43.575417] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.576179] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.577021] ================================================================== [ 43.623388] ================================================================== [ 43.624526] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 43.625146] Read of size 121 at addr fff00000c65d5200 by task kunit_try_catch/274 [ 43.626512] [ 43.626864] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.628382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.629118] Hardware name: linux,dummy-virt (DT) [ 43.629916] Call trace: [ 43.630501] show_stack+0x20/0x38 (C) [ 43.631240] dump_stack_lvl+0x8c/0xd0 [ 43.631845] print_report+0x118/0x5e0 [ 43.632628] kasan_report+0xc8/0x118 [ 43.633337] kasan_check_range+0x100/0x1a8 [ 43.634125] __kasan_check_read+0x20/0x30 [ 43.634869] copy_user_test_oob+0x3c8/0xec0 [ 43.635716] kunit_try_run_case+0x14c/0x3d0 [ 43.636561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.637472] kthread+0x24c/0x2d0 [ 43.638003] ret_from_fork+0x10/0x20 [ 43.638758] [ 43.639090] Allocated by task 274: [ 43.639598] kasan_save_stack+0x3c/0x68 [ 43.640237] kasan_save_track+0x20/0x40 [ 43.640840] kasan_save_alloc_info+0x40/0x58 [ 43.641418] __kasan_kmalloc+0xd4/0xd8 [ 43.642002] __kmalloc_noprof+0x188/0x4c8 [ 43.642652] kunit_kmalloc_array+0x34/0x88 [ 43.643306] copy_user_test_oob+0xac/0xec0 [ 43.643919] kunit_try_run_case+0x14c/0x3d0 [ 43.644546] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.645140] kthread+0x24c/0x2d0 [ 43.645718] ret_from_fork+0x10/0x20 [ 43.646284] [ 43.646678] The buggy address belongs to the object at fff00000c65d5200 [ 43.646678] which belongs to the cache kmalloc-128 of size 128 [ 43.648024] The buggy address is located 0 bytes inside of [ 43.648024] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.649372] [ 43.649737] The buggy address belongs to the physical page: [ 43.650370] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.651422] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.652076] page_type: f5(slab) [ 43.652504] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.653665] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.654721] page dumped because: kasan: bad access detected [ 43.655549] [ 43.655938] Memory state around the buggy address: [ 43.656655] fff00000c65d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.657485] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.658301] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.659148] ^ [ 43.660005] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.660888] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.661732] ================================================================== [ 43.702615] ================================================================== [ 43.703584] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 43.704396] Read of size 121 at addr fff00000c65d5200 by task kunit_try_catch/274 [ 43.705209] [ 43.705684] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.706906] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.707530] Hardware name: linux,dummy-virt (DT) [ 43.708164] Call trace: [ 43.708615] show_stack+0x20/0x38 (C) [ 43.709302] dump_stack_lvl+0x8c/0xd0 [ 43.709891] print_report+0x118/0x5e0 [ 43.710481] kasan_report+0xc8/0x118 [ 43.711107] kasan_check_range+0x100/0x1a8 [ 43.711800] __kasan_check_read+0x20/0x30 [ 43.712420] copy_user_test_oob+0x4a0/0xec0 [ 43.713125] kunit_try_run_case+0x14c/0x3d0 [ 43.713874] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.714624] kthread+0x24c/0x2d0 [ 43.715076] ret_from_fork+0x10/0x20 [ 43.715594] [ 43.715893] Allocated by task 274: [ 43.716363] kasan_save_stack+0x3c/0x68 [ 43.716915] kasan_save_track+0x20/0x40 [ 43.717519] kasan_save_alloc_info+0x40/0x58 [ 43.718045] __kasan_kmalloc+0xd4/0xd8 [ 43.718709] __kmalloc_noprof+0x188/0x4c8 [ 43.719306] kunit_kmalloc_array+0x34/0x88 [ 43.719847] copy_user_test_oob+0xac/0xec0 [ 43.720495] kunit_try_run_case+0x14c/0x3d0 [ 43.721089] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.721886] kthread+0x24c/0x2d0 [ 43.722484] ret_from_fork+0x10/0x20 [ 43.723052] [ 43.723375] The buggy address belongs to the object at fff00000c65d5200 [ 43.723375] which belongs to the cache kmalloc-128 of size 128 [ 43.724635] The buggy address is located 0 bytes inside of [ 43.724635] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.725840] [ 43.726184] The buggy address belongs to the physical page: [ 43.726897] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.727835] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.728605] page_type: f5(slab) [ 43.729185] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.730136] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.731025] page dumped because: kasan: bad access detected [ 43.731677] [ 43.732053] Memory state around the buggy address: [ 43.732697] fff00000c65d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.733611] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.734393] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.735248] ^ [ 43.736071] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.736943] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.737713] ================================================================== [ 43.663780] ================================================================== [ 43.664660] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 43.665070] Write of size 121 at addr fff00000c65d5200 by task kunit_try_catch/274 [ 43.665718] [ 43.666166] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.667379] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.667860] Hardware name: linux,dummy-virt (DT) [ 43.668333] Call trace: [ 43.669275] show_stack+0x20/0x38 (C) [ 43.670002] dump_stack_lvl+0x8c/0xd0 [ 43.670723] print_report+0x118/0x5e0 [ 43.671326] kasan_report+0xc8/0x118 [ 43.672130] kasan_check_range+0x100/0x1a8 [ 43.672914] __kasan_check_write+0x20/0x30 [ 43.673684] copy_user_test_oob+0x434/0xec0 [ 43.674296] kunit_try_run_case+0x14c/0x3d0 [ 43.675106] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.675986] kthread+0x24c/0x2d0 [ 43.676698] ret_from_fork+0x10/0x20 [ 43.677280] [ 43.677855] Allocated by task 274: [ 43.678482] kasan_save_stack+0x3c/0x68 [ 43.679067] kasan_save_track+0x20/0x40 [ 43.679579] kasan_save_alloc_info+0x40/0x58 [ 43.680107] __kasan_kmalloc+0xd4/0xd8 [ 43.681140] __kmalloc_noprof+0x188/0x4c8 [ 43.681647] kunit_kmalloc_array+0x34/0x88 [ 43.682480] copy_user_test_oob+0xac/0xec0 [ 43.683048] kunit_try_run_case+0x14c/0x3d0 [ 43.683594] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.684371] kthread+0x24c/0x2d0 [ 43.684876] ret_from_fork+0x10/0x20 [ 43.685481] [ 43.685827] The buggy address belongs to the object at fff00000c65d5200 [ 43.685827] which belongs to the cache kmalloc-128 of size 128 [ 43.687074] The buggy address is located 0 bytes inside of [ 43.687074] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.688334] [ 43.688778] The buggy address belongs to the physical page: [ 43.689423] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.690257] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.691129] page_type: f5(slab) [ 43.691724] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.692684] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.693594] page dumped because: kasan: bad access detected [ 43.694239] [ 43.694636] Memory state around the buggy address: [ 43.695285] fff00000c65d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.696011] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.696656] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.697541] ^ [ 43.698326] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.699239] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.700115] ==================================================================
[ 35.991465] ================================================================== [ 35.991998] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 35.992683] Write of size 121 at addr ffff888101adc700 by task kunit_try_catch/292 [ 35.994211] [ 35.994529] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 35.995900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.996505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.997578] Call Trace: [ 35.997939] <TASK> [ 35.998149] dump_stack_lvl+0x73/0xb0 [ 35.998857] print_report+0xd1/0x640 [ 35.999426] ? __virt_addr_valid+0x1db/0x2d0 [ 35.999984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 36.000857] kasan_report+0x102/0x140 [ 36.001556] ? copy_user_test_oob+0x558/0x10f0 [ 36.002063] ? copy_user_test_oob+0x558/0x10f0 [ 36.003014] kasan_check_range+0x10c/0x1c0 [ 36.003749] __kasan_check_write+0x18/0x20 [ 36.004212] copy_user_test_oob+0x558/0x10f0 [ 36.004580] ? __pfx_copy_user_test_oob+0x10/0x10 [ 36.005233] ? finish_task_switch.isra.0+0x153/0x700 [ 36.005923] ? __switch_to+0x5d9/0xf60 [ 36.006380] ? __schedule+0xc3e/0x2790 [ 36.006769] ? __pfx_read_tsc+0x10/0x10 [ 36.007262] ? ktime_get_ts64+0x84/0x230 [ 36.007657] kunit_try_run_case+0x1b3/0x490 [ 36.008233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.008903] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 36.009516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 36.009991] ? __kthread_parkme+0x82/0x160 [ 36.010681] ? preempt_count_sub+0x50/0x80 [ 36.011150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.011654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 36.012233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.012961] kthread+0x257/0x310 [ 36.013275] ? __pfx_kthread+0x10/0x10 [ 36.013784] ret_from_fork+0x41/0x80 [ 36.014208] ? __pfx_kthread+0x10/0x10 [ 36.014695] ret_from_fork_asm+0x1a/0x30 [ 36.015320] </TASK> [ 36.015524] [ 36.015868] Allocated by task 292: [ 36.016361] kasan_save_stack+0x3d/0x60 [ 36.017004] kasan_save_track+0x18/0x40 [ 36.017382] kasan_save_alloc_info+0x3b/0x50 [ 36.017997] __kasan_kmalloc+0xb7/0xc0 [ 36.018648] __kmalloc_noprof+0x1c4/0x500 [ 36.019147] kunit_kmalloc_array+0x25/0x60 [ 36.019477] copy_user_test_oob+0xac/0x10f0 [ 36.019852] kunit_try_run_case+0x1b3/0x490 [ 36.020617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.021174] kthread+0x257/0x310 [ 36.021429] ret_from_fork+0x41/0x80 [ 36.022122] ret_from_fork_asm+0x1a/0x30 [ 36.022734] [ 36.022995] The buggy address belongs to the object at ffff888101adc700 [ 36.022995] which belongs to the cache kmalloc-128 of size 128 [ 36.024183] The buggy address is located 0 bytes inside of [ 36.024183] allocated 120-byte region [ffff888101adc700, ffff888101adc778) [ 36.025371] [ 36.025558] The buggy address belongs to the physical page: [ 36.026145] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 36.026906] flags: 0x200000000000000(node=0|zone=2) [ 36.027223] page_type: f5(slab) [ 36.027647] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 36.028294] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.029381] page dumped because: kasan: bad access detected [ 36.030021] [ 36.030216] Memory state around the buggy address: [ 36.030516] ffff888101adc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.031475] ffff888101adc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.032175] >ffff888101adc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.032819] ^ [ 36.033523] ffff888101adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.034227] ffff888101adc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.034775] ================================================================== [ 35.895357] ================================================================== [ 35.896041] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 35.896479] Write of size 121 at addr ffff888101adc700 by task kunit_try_catch/292 [ 35.897222] [ 35.897510] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 35.898847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.899376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.900343] Call Trace: [ 35.900543] <TASK> [ 35.900965] dump_stack_lvl+0x73/0xb0 [ 35.901422] print_report+0xd1/0x640 [ 35.902282] ? __virt_addr_valid+0x1db/0x2d0 [ 35.902838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.903435] kasan_report+0x102/0x140 [ 35.904078] ? copy_user_test_oob+0x3fe/0x10f0 [ 35.904650] ? copy_user_test_oob+0x3fe/0x10f0 [ 35.905266] kasan_check_range+0x10c/0x1c0 [ 35.905774] __kasan_check_write+0x18/0x20 [ 35.906303] copy_user_test_oob+0x3fe/0x10f0 [ 35.906994] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.907424] ? finish_task_switch.isra.0+0x153/0x700 [ 35.907985] ? __switch_to+0x5d9/0xf60 [ 35.908494] ? __schedule+0xc3e/0x2790 [ 35.908923] ? __pfx_read_tsc+0x10/0x10 [ 35.909304] ? ktime_get_ts64+0x84/0x230 [ 35.909859] kunit_try_run_case+0x1b3/0x490 [ 35.910393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.910986] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.911771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.912254] ? __kthread_parkme+0x82/0x160 [ 35.912764] ? preempt_count_sub+0x50/0x80 [ 35.913211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.913830] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.914542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.915091] kthread+0x257/0x310 [ 35.915446] ? __pfx_kthread+0x10/0x10 [ 35.916095] ret_from_fork+0x41/0x80 [ 35.916451] ? __pfx_kthread+0x10/0x10 [ 35.917022] ret_from_fork_asm+0x1a/0x30 [ 35.917438] </TASK> [ 35.917671] [ 35.917942] Allocated by task 292: [ 35.918422] kasan_save_stack+0x3d/0x60 [ 35.918914] kasan_save_track+0x18/0x40 [ 35.919291] kasan_save_alloc_info+0x3b/0x50 [ 35.919946] __kasan_kmalloc+0xb7/0xc0 [ 35.920398] __kmalloc_noprof+0x1c4/0x500 [ 35.920945] kunit_kmalloc_array+0x25/0x60 [ 35.921421] copy_user_test_oob+0xac/0x10f0 [ 35.921943] kunit_try_run_case+0x1b3/0x490 [ 35.922435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.923143] kthread+0x257/0x310 [ 35.923667] ret_from_fork+0x41/0x80 [ 35.924104] ret_from_fork_asm+0x1a/0x30 [ 35.924389] [ 35.924789] The buggy address belongs to the object at ffff888101adc700 [ 35.924789] which belongs to the cache kmalloc-128 of size 128 [ 35.925900] The buggy address is located 0 bytes inside of [ 35.925900] allocated 120-byte region [ffff888101adc700, ffff888101adc778) [ 35.926977] [ 35.927165] The buggy address belongs to the physical page: [ 35.927835] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 35.928314] flags: 0x200000000000000(node=0|zone=2) [ 35.929056] page_type: f5(slab) [ 35.929524] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.930293] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 35.931070] page dumped because: kasan: bad access detected [ 35.931547] [ 35.931860] Memory state around the buggy address: [ 35.932357] ffff888101adc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.932910] ffff888101adc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.933798] >ffff888101adc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.934350] ^ [ 35.935194] ffff888101adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.935912] ffff888101adc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.936568] ================================================================== [ 36.035913] ================================================================== [ 36.036537] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 36.037435] Read of size 121 at addr ffff888101adc700 by task kunit_try_catch/292 [ 36.038079] [ 36.038254] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 36.039203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.039818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.040600] Call Trace: [ 36.041013] <TASK> [ 36.041341] dump_stack_lvl+0x73/0xb0 [ 36.041935] print_report+0xd1/0x640 [ 36.042379] ? __virt_addr_valid+0x1db/0x2d0 [ 36.042831] ? kasan_complete_mode_report_info+0x2a/0x200 [ 36.043412] kasan_report+0x102/0x140 [ 36.043969] ? copy_user_test_oob+0x605/0x10f0 [ 36.044756] ? copy_user_test_oob+0x605/0x10f0 [ 36.045352] kasan_check_range+0x10c/0x1c0 [ 36.045967] __kasan_check_read+0x15/0x20 [ 36.046435] copy_user_test_oob+0x605/0x10f0 [ 36.046883] ? __pfx_copy_user_test_oob+0x10/0x10 [ 36.047550] ? finish_task_switch.isra.0+0x153/0x700 [ 36.048046] ? __switch_to+0x5d9/0xf60 [ 36.048555] ? __schedule+0xc3e/0x2790 [ 36.048954] ? __pfx_read_tsc+0x10/0x10 [ 36.049483] ? ktime_get_ts64+0x84/0x230 [ 36.049965] kunit_try_run_case+0x1b3/0x490 [ 36.050756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.051145] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 36.051792] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 36.052414] ? __kthread_parkme+0x82/0x160 [ 36.052733] ? preempt_count_sub+0x50/0x80 [ 36.053258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.054041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 36.054619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.055485] kthread+0x257/0x310 [ 36.055996] ? __pfx_kthread+0x10/0x10 [ 36.056306] ret_from_fork+0x41/0x80 [ 36.056586] ? __pfx_kthread+0x10/0x10 [ 36.057148] ret_from_fork_asm+0x1a/0x30 [ 36.057781] </TASK> [ 36.058085] [ 36.058243] Allocated by task 292: [ 36.058583] kasan_save_stack+0x3d/0x60 [ 36.059136] kasan_save_track+0x18/0x40 [ 36.059646] kasan_save_alloc_info+0x3b/0x50 [ 36.060071] __kasan_kmalloc+0xb7/0xc0 [ 36.060408] __kmalloc_noprof+0x1c4/0x500 [ 36.060903] kunit_kmalloc_array+0x25/0x60 [ 36.061202] copy_user_test_oob+0xac/0x10f0 [ 36.061745] kunit_try_run_case+0x1b3/0x490 [ 36.062459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.063058] kthread+0x257/0x310 [ 36.063464] ret_from_fork+0x41/0x80 [ 36.063976] ret_from_fork_asm+0x1a/0x30 [ 36.064423] [ 36.064582] The buggy address belongs to the object at ffff888101adc700 [ 36.064582] which belongs to the cache kmalloc-128 of size 128 [ 36.066776] The buggy address is located 0 bytes inside of [ 36.066776] allocated 120-byte region [ffff888101adc700, ffff888101adc778) [ 36.067920] [ 36.068184] The buggy address belongs to the physical page: [ 36.068685] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 36.069431] flags: 0x200000000000000(node=0|zone=2) [ 36.070113] page_type: f5(slab) [ 36.070425] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 36.071218] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.071976] page dumped because: kasan: bad access detected [ 36.072582] [ 36.072904] Memory state around the buggy address: [ 36.073323] ffff888101adc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.074091] ffff888101adc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.074886] >ffff888101adc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.075466] ^ [ 36.076111] ffff888101adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.076666] ffff888101adc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.077421] ================================================================== [ 35.937687] ================================================================== [ 35.938571] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 35.939299] Read of size 121 at addr ffff888101adc700 by task kunit_try_catch/292 [ 35.939958] [ 35.940222] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 35.941192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.941817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.942527] Call Trace: [ 35.942917] <TASK> [ 35.943192] dump_stack_lvl+0x73/0xb0 [ 35.943752] print_report+0xd1/0x640 [ 35.944146] ? __virt_addr_valid+0x1db/0x2d0 [ 35.944736] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.945274] kasan_report+0x102/0x140 [ 35.945736] ? copy_user_test_oob+0x4ab/0x10f0 [ 35.946361] ? copy_user_test_oob+0x4ab/0x10f0 [ 35.947040] kasan_check_range+0x10c/0x1c0 [ 35.948017] __kasan_check_read+0x15/0x20 [ 35.950524] copy_user_test_oob+0x4ab/0x10f0 [ 35.951421] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.952050] ? finish_task_switch.isra.0+0x153/0x700 [ 35.953375] ? __switch_to+0x5d9/0xf60 [ 35.954142] ? __schedule+0xc3e/0x2790 [ 35.954405] ? __pfx_read_tsc+0x10/0x10 [ 35.954678] ? ktime_get_ts64+0x84/0x230 [ 35.954968] kunit_try_run_case+0x1b3/0x490 [ 35.955245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.957846] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.959206] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.960461] ? __kthread_parkme+0x82/0x160 [ 35.961613] ? preempt_count_sub+0x50/0x80 [ 35.962162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.962608] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.963361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.964055] kthread+0x257/0x310 [ 35.964255] ? __pfx_kthread+0x10/0x10 [ 35.964446] ret_from_fork+0x41/0x80 [ 35.964625] ? __pfx_kthread+0x10/0x10 [ 35.964975] ret_from_fork_asm+0x1a/0x30 [ 35.965543] </TASK> [ 35.966390] [ 35.966759] Allocated by task 292: [ 35.967121] kasan_save_stack+0x3d/0x60 [ 35.967547] kasan_save_track+0x18/0x40 [ 35.968496] kasan_save_alloc_info+0x3b/0x50 [ 35.969246] __kasan_kmalloc+0xb7/0xc0 [ 35.969505] __kmalloc_noprof+0x1c4/0x500 [ 35.970153] kunit_kmalloc_array+0x25/0x60 [ 35.970607] copy_user_test_oob+0xac/0x10f0 [ 35.971304] kunit_try_run_case+0x1b3/0x490 [ 35.972017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.973205] kthread+0x257/0x310 [ 35.973555] ret_from_fork+0x41/0x80 [ 35.974284] ret_from_fork_asm+0x1a/0x30 [ 35.974911] [ 35.975173] The buggy address belongs to the object at ffff888101adc700 [ 35.975173] which belongs to the cache kmalloc-128 of size 128 [ 35.976235] The buggy address is located 0 bytes inside of [ 35.976235] allocated 120-byte region [ffff888101adc700, ffff888101adc778) [ 35.978095] [ 35.978475] The buggy address belongs to the physical page: [ 35.978827] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 35.979929] flags: 0x200000000000000(node=0|zone=2) [ 35.980234] page_type: f5(slab) [ 35.981117] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.982320] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 35.983519] page dumped because: kasan: bad access detected [ 35.983892] [ 35.984128] Memory state around the buggy address: [ 35.985149] ffff888101adc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.986135] ffff888101adc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.986671] >ffff888101adc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.987934] ^ [ 35.988482] ffff888101adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.989288] ffff888101adc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.990143] ==================================================================