Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 38.414318] ================================================================== [ 38.415162] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 38.415863] Write of size 121 at addr fff00000c596cb00 by task kunit_try_catch/274 [ 38.417020] [ 38.417459] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.418705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.419375] Hardware name: linux,dummy-virt (DT) [ 38.420011] Call trace: [ 38.420584] show_stack+0x20/0x38 (C) [ 38.421313] dump_stack_lvl+0x8c/0xd0 [ 38.421927] print_report+0x118/0x5e0 [ 38.422558] kasan_report+0xc8/0x118 [ 38.423255] kasan_check_range+0x100/0x1a8 [ 38.423958] __kasan_check_write+0x20/0x30 [ 38.424561] copy_user_test_oob+0x434/0xec0 [ 38.425310] kunit_try_run_case+0x14c/0x3d0 [ 38.426100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.426935] kthread+0x24c/0x2d0 [ 38.427586] ret_from_fork+0x10/0x20 [ 38.428304] [ 38.428654] Allocated by task 274: [ 38.429175] kasan_save_stack+0x3c/0x68 [ 38.429817] kasan_save_track+0x20/0x40 [ 38.430500] kasan_save_alloc_info+0x40/0x58 [ 38.431095] __kasan_kmalloc+0xd4/0xd8 [ 38.431801] __kmalloc_noprof+0x188/0x4c8 [ 38.432441] kunit_kmalloc_array+0x34/0x88 [ 38.434043] copy_user_test_oob+0xac/0xec0 [ 38.434646] kunit_try_run_case+0x14c/0x3d0 [ 38.435664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.436961] kthread+0x24c/0x2d0 [ 38.437461] ret_from_fork+0x10/0x20 [ 38.437972] [ 38.438344] The buggy address belongs to the object at fff00000c596cb00 [ 38.438344] which belongs to the cache kmalloc-128 of size 128 [ 38.439969] The buggy address is located 0 bytes inside of [ 38.439969] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.441990] [ 38.442363] The buggy address belongs to the physical page: [ 38.443253] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.444320] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.445258] page_type: f5(slab) [ 38.445829] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.446589] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.447681] page dumped because: kasan: bad access detected [ 38.448719] [ 38.449434] Memory state around the buggy address: [ 38.450312] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.451099] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.451843] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.452920] ^ [ 38.453981] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.455170] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.455870] ================================================================== [ 38.457458] ================================================================== [ 38.458077] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 38.459061] Read of size 121 at addr fff00000c596cb00 by task kunit_try_catch/274 [ 38.460021] [ 38.460812] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.463433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.463946] Hardware name: linux,dummy-virt (DT) [ 38.464820] Call trace: [ 38.465444] show_stack+0x20/0x38 (C) [ 38.466371] dump_stack_lvl+0x8c/0xd0 [ 38.467154] print_report+0x118/0x5e0 [ 38.467576] kasan_report+0xc8/0x118 [ 38.468303] kasan_check_range+0x100/0x1a8 [ 38.469007] __kasan_check_read+0x20/0x30 [ 38.470441] copy_user_test_oob+0x4a0/0xec0 [ 38.471102] kunit_try_run_case+0x14c/0x3d0 [ 38.471773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.472803] kthread+0x24c/0x2d0 [ 38.473460] ret_from_fork+0x10/0x20 [ 38.474153] [ 38.474524] Allocated by task 274: [ 38.475052] kasan_save_stack+0x3c/0x68 [ 38.475659] kasan_save_track+0x20/0x40 [ 38.476317] kasan_save_alloc_info+0x40/0x58 [ 38.477786] __kasan_kmalloc+0xd4/0xd8 [ 38.478369] __kmalloc_noprof+0x188/0x4c8 [ 38.479030] kunit_kmalloc_array+0x34/0x88 [ 38.479665] copy_user_test_oob+0xac/0xec0 [ 38.481033] kunit_try_run_case+0x14c/0x3d0 [ 38.481577] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.482330] kthread+0x24c/0x2d0 [ 38.482855] ret_from_fork+0x10/0x20 [ 38.483388] [ 38.483758] The buggy address belongs to the object at fff00000c596cb00 [ 38.483758] which belongs to the cache kmalloc-128 of size 128 [ 38.486024] The buggy address is located 0 bytes inside of [ 38.486024] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.487113] [ 38.487485] The buggy address belongs to the physical page: [ 38.488080] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.489221] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.490432] page_type: f5(slab) [ 38.490975] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.491853] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.493030] page dumped because: kasan: bad access detected [ 38.493636] [ 38.494028] Memory state around the buggy address: [ 38.494585] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.497000] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.497926] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.498705] ^ [ 38.499510] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.500344] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.501656] ================================================================== [ 38.271711] ================================================================== [ 38.272540] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 38.273434] Read of size 121 at addr fff00000c596cb00 by task kunit_try_catch/274 [ 38.274247] [ 38.274534] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.275398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.275998] Hardware name: linux,dummy-virt (DT) [ 38.277205] Call trace: [ 38.277981] show_stack+0x20/0x38 (C) [ 38.278645] dump_stack_lvl+0x8c/0xd0 [ 38.279238] print_report+0x118/0x5e0 [ 38.279741] kasan_report+0xc8/0x118 [ 38.281486] kasan_check_range+0x100/0x1a8 [ 38.282002] __kasan_check_read+0x20/0x30 [ 38.282762] copy_user_test_oob+0x728/0xec0 [ 38.283551] kunit_try_run_case+0x14c/0x3d0 [ 38.284286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.285334] kthread+0x24c/0x2d0 [ 38.286421] ret_from_fork+0x10/0x20 [ 38.287025] [ 38.287287] Allocated by task 274: [ 38.287709] kasan_save_stack+0x3c/0x68 [ 38.288623] kasan_save_track+0x20/0x40 [ 38.289662] kasan_save_alloc_info+0x40/0x58 [ 38.290837] __kasan_kmalloc+0xd4/0xd8 [ 38.291482] __kmalloc_noprof+0x188/0x4c8 [ 38.292193] kunit_kmalloc_array+0x34/0x88 [ 38.293669] copy_user_test_oob+0xac/0xec0 [ 38.294339] kunit_try_run_case+0x14c/0x3d0 [ 38.295035] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.295803] kthread+0x24c/0x2d0 [ 38.296614] ret_from_fork+0x10/0x20 [ 38.297448] [ 38.298060] The buggy address belongs to the object at fff00000c596cb00 [ 38.298060] which belongs to the cache kmalloc-128 of size 128 [ 38.299646] The buggy address is located 0 bytes inside of [ 38.299646] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.301596] [ 38.301887] The buggy address belongs to the physical page: [ 38.302539] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.304137] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.305217] page_type: f5(slab) [ 38.306021] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.306873] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.307683] page dumped because: kasan: bad access detected [ 38.308359] [ 38.309323] Memory state around the buggy address: [ 38.310087] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.311101] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.312116] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.313341] ^ [ 38.314362] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.315392] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.316406] ================================================================== [ 38.371456] ================================================================== [ 38.372086] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 38.373157] Read of size 121 at addr fff00000c596cb00 by task kunit_try_catch/274 [ 38.374787] [ 38.375230] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.376226] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.377552] Hardware name: linux,dummy-virt (DT) [ 38.378560] Call trace: [ 38.379124] show_stack+0x20/0x38 (C) [ 38.379846] dump_stack_lvl+0x8c/0xd0 [ 38.380602] print_report+0x118/0x5e0 [ 38.381333] kasan_report+0xc8/0x118 [ 38.381995] kasan_check_range+0x100/0x1a8 [ 38.382760] __kasan_check_read+0x20/0x30 [ 38.383454] copy_user_test_oob+0x3c8/0xec0 [ 38.384214] kunit_try_run_case+0x14c/0x3d0 [ 38.385022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.385838] kthread+0x24c/0x2d0 [ 38.386399] ret_from_fork+0x10/0x20 [ 38.387162] [ 38.387514] Allocated by task 274: [ 38.387984] kasan_save_stack+0x3c/0x68 [ 38.389018] kasan_save_track+0x20/0x40 [ 38.390076] kasan_save_alloc_info+0x40/0x58 [ 38.390693] __kasan_kmalloc+0xd4/0xd8 [ 38.391428] __kmalloc_noprof+0x188/0x4c8 [ 38.392116] kunit_kmalloc_array+0x34/0x88 [ 38.392742] copy_user_test_oob+0xac/0xec0 [ 38.393507] kunit_try_run_case+0x14c/0x3d0 [ 38.394031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.394586] kthread+0x24c/0x2d0 [ 38.395040] ret_from_fork+0x10/0x20 [ 38.395813] [ 38.396296] The buggy address belongs to the object at fff00000c596cb00 [ 38.396296] which belongs to the cache kmalloc-128 of size 128 [ 38.398287] The buggy address is located 0 bytes inside of [ 38.398287] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.399599] [ 38.400022] The buggy address belongs to the physical page: [ 38.401032] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.402657] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.403420] page_type: f5(slab) [ 38.403979] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.405023] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.405996] page dumped because: kasan: bad access detected [ 38.406695] [ 38.407117] Memory state around the buggy address: [ 38.407794] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.408636] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.409491] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.410332] ^ [ 38.411147] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.411943] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.412827] ================================================================== [ 38.220033] ================================================================== [ 38.221299] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 38.221991] Write of size 121 at addr fff00000c596cb00 by task kunit_try_catch/274 [ 38.222688] [ 38.223105] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.224473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.225056] Hardware name: linux,dummy-virt (DT) [ 38.225943] Call trace: [ 38.226598] show_stack+0x20/0x38 (C) [ 38.227517] dump_stack_lvl+0x8c/0xd0 [ 38.228286] print_report+0x118/0x5e0 [ 38.229529] kasan_report+0xc8/0x118 [ 38.230113] kasan_check_range+0x100/0x1a8 [ 38.230841] __kasan_check_write+0x20/0x30 [ 38.231486] copy_user_test_oob+0x234/0xec0 [ 38.232204] kunit_try_run_case+0x14c/0x3d0 [ 38.233003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.233754] kthread+0x24c/0x2d0 [ 38.234377] ret_from_fork+0x10/0x20 [ 38.234963] [ 38.235285] Allocated by task 274: [ 38.236035] kasan_save_stack+0x3c/0x68 [ 38.237466] kasan_save_track+0x20/0x40 [ 38.238145] kasan_save_alloc_info+0x40/0x58 [ 38.238816] __kasan_kmalloc+0xd4/0xd8 [ 38.239427] __kmalloc_noprof+0x188/0x4c8 [ 38.240016] kunit_kmalloc_array+0x34/0x88 [ 38.241108] copy_user_test_oob+0xac/0xec0 [ 38.241598] kunit_try_run_case+0x14c/0x3d0 [ 38.242343] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.243148] kthread+0x24c/0x2d0 [ 38.243765] ret_from_fork+0x10/0x20 [ 38.244454] [ 38.244845] The buggy address belongs to the object at fff00000c596cb00 [ 38.244845] which belongs to the cache kmalloc-128 of size 128 [ 38.246503] The buggy address is located 0 bytes inside of [ 38.246503] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.248748] [ 38.249208] The buggy address belongs to the physical page: [ 38.250073] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.251201] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.252042] page_type: f5(slab) [ 38.253420] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.254427] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.255280] page dumped because: kasan: bad access detected [ 38.256022] [ 38.256411] Memory state around the buggy address: [ 38.257550] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.258428] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.259316] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.260170] ^ [ 38.261696] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.262953] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.263703] ================================================================== [ 38.326264] ================================================================== [ 38.327034] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 38.328063] Write of size 121 at addr fff00000c596cb00 by task kunit_try_catch/274 [ 38.330155] [ 38.330638] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.331979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.332597] Hardware name: linux,dummy-virt (DT) [ 38.333498] Call trace: [ 38.333847] show_stack+0x20/0x38 (C) [ 38.334395] dump_stack_lvl+0x8c/0xd0 [ 38.335062] print_report+0x118/0x5e0 [ 38.335589] kasan_report+0xc8/0x118 [ 38.336227] kasan_check_range+0x100/0x1a8 [ 38.337946] __kasan_check_write+0x20/0x30 [ 38.338560] copy_user_test_oob+0x35c/0xec0 [ 38.339220] kunit_try_run_case+0x14c/0x3d0 [ 38.339922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.341058] kthread+0x24c/0x2d0 [ 38.341521] ret_from_fork+0x10/0x20 [ 38.342029] [ 38.342364] Allocated by task 274: [ 38.342809] kasan_save_stack+0x3c/0x68 [ 38.343991] kasan_save_track+0x20/0x40 [ 38.344884] kasan_save_alloc_info+0x40/0x58 [ 38.346320] __kasan_kmalloc+0xd4/0xd8 [ 38.346932] __kmalloc_noprof+0x188/0x4c8 [ 38.347606] kunit_kmalloc_array+0x34/0x88 [ 38.348213] copy_user_test_oob+0xac/0xec0 [ 38.348858] kunit_try_run_case+0x14c/0x3d0 [ 38.349931] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.350658] kthread+0x24c/0x2d0 [ 38.351277] ret_from_fork+0x10/0x20 [ 38.351893] [ 38.353415] The buggy address belongs to the object at fff00000c596cb00 [ 38.353415] which belongs to the cache kmalloc-128 of size 128 [ 38.354535] The buggy address is located 0 bytes inside of [ 38.354535] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.355835] [ 38.356260] The buggy address belongs to the physical page: [ 38.356991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.357821] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.358715] page_type: f5(slab) [ 38.359182] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.361180] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.361844] page dumped because: kasan: bad access detected [ 38.362610] [ 38.363485] Memory state around the buggy address: [ 38.364043] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.365290] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.366313] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.367116] ^ [ 38.367837] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.368959] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.370266] ==================================================================
[ 38.380597] ================================================================== [ 38.381344] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 38.382201] Read of size 121 at addr fff00000c5f1be00 by task kunit_try_catch/274 [ 38.383097] [ 38.383507] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.384485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.385137] Hardware name: linux,dummy-virt (DT) [ 38.385823] Call trace: [ 38.386300] show_stack+0x20/0x38 (C) [ 38.386969] dump_stack_lvl+0x8c/0xd0 [ 38.387596] print_report+0x118/0x5e0 [ 38.388227] kasan_report+0xc8/0x118 [ 38.388896] kasan_check_range+0x100/0x1a8 [ 38.389632] __kasan_check_read+0x20/0x30 [ 38.390300] copy_user_test_oob+0x728/0xec0 [ 38.390855] kunit_try_run_case+0x14c/0x3d0 [ 38.391582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.392311] kthread+0x24c/0x2d0 [ 38.392952] ret_from_fork+0x10/0x20 [ 38.393622] [ 38.393992] Allocated by task 274: [ 38.394512] kasan_save_stack+0x3c/0x68 [ 38.395050] kasan_save_track+0x20/0x40 [ 38.395710] kasan_save_alloc_info+0x40/0x58 [ 38.396391] __kasan_kmalloc+0xd4/0xd8 [ 38.397004] __kmalloc_noprof+0x188/0x4c8 [ 38.397585] kunit_kmalloc_array+0x34/0x88 [ 38.398163] copy_user_test_oob+0xac/0xec0 [ 38.398830] kunit_try_run_case+0x14c/0x3d0 [ 38.399436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.400223] kthread+0x24c/0x2d0 [ 38.400793] ret_from_fork+0x10/0x20 [ 38.401396] [ 38.401790] The buggy address belongs to the object at fff00000c5f1be00 [ 38.401790] which belongs to the cache kmalloc-128 of size 128 [ 38.403001] The buggy address is located 0 bytes inside of [ 38.403001] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.404192] [ 38.404621] The buggy address belongs to the physical page: [ 38.405362] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.406139] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.407043] page_type: f5(slab) [ 38.407655] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.408449] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.409459] page dumped because: kasan: bad access detected [ 38.410237] [ 38.410577] Memory state around the buggy address: [ 38.411268] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.412042] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.413006] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.413802] ^ [ 38.414730] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.415556] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.416413] ================================================================== [ 38.329216] ================================================================== [ 38.330824] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 38.331634] Write of size 121 at addr fff00000c5f1be00 by task kunit_try_catch/274 [ 38.332545] [ 38.332969] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.334019] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.334701] Hardware name: linux,dummy-virt (DT) [ 38.335361] Call trace: [ 38.335852] show_stack+0x20/0x38 (C) [ 38.336547] dump_stack_lvl+0x8c/0xd0 [ 38.337227] print_report+0x118/0x5e0 [ 38.338374] kasan_report+0xc8/0x118 [ 38.339443] kasan_check_range+0x100/0x1a8 [ 38.340164] __kasan_check_write+0x20/0x30 [ 38.340884] copy_user_test_oob+0x234/0xec0 [ 38.341543] kunit_try_run_case+0x14c/0x3d0 [ 38.342191] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.342956] kthread+0x24c/0x2d0 [ 38.343855] ret_from_fork+0x10/0x20 [ 38.344488] [ 38.344846] Allocated by task 274: [ 38.345326] kasan_save_stack+0x3c/0x68 [ 38.345947] kasan_save_track+0x20/0x40 [ 38.346602] kasan_save_alloc_info+0x40/0x58 [ 38.348055] __kasan_kmalloc+0xd4/0xd8 [ 38.348787] __kmalloc_noprof+0x188/0x4c8 [ 38.349479] kunit_kmalloc_array+0x34/0x88 [ 38.350205] copy_user_test_oob+0xac/0xec0 [ 38.351193] kunit_try_run_case+0x14c/0x3d0 [ 38.351870] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.352619] kthread+0x24c/0x2d0 [ 38.353100] ret_from_fork+0x10/0x20 [ 38.354228] [ 38.354569] The buggy address belongs to the object at fff00000c5f1be00 [ 38.354569] which belongs to the cache kmalloc-128 of size 128 [ 38.355769] The buggy address is located 0 bytes inside of [ 38.355769] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.357082] [ 38.357460] The buggy address belongs to the physical page: [ 38.358279] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.359440] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.360794] page_type: f5(slab) [ 38.361178] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.362396] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.363571] page dumped because: kasan: bad access detected [ 38.364345] [ 38.364825] Memory state around the buggy address: [ 38.365736] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.366764] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.367696] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.368586] ^ [ 38.369460] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.370379] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.371217] ================================================================== [ 38.425923] ================================================================== [ 38.426740] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 38.427621] Write of size 121 at addr fff00000c5f1be00 by task kunit_try_catch/274 [ 38.428275] [ 38.428687] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.429864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.430411] Hardware name: linux,dummy-virt (DT) [ 38.431143] Call trace: [ 38.431622] show_stack+0x20/0x38 (C) [ 38.432282] dump_stack_lvl+0x8c/0xd0 [ 38.432944] print_report+0x118/0x5e0 [ 38.433510] kasan_report+0xc8/0x118 [ 38.434183] kasan_check_range+0x100/0x1a8 [ 38.434795] __kasan_check_write+0x20/0x30 [ 38.435490] copy_user_test_oob+0x35c/0xec0 [ 38.436206] kunit_try_run_case+0x14c/0x3d0 [ 38.436947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.437734] kthread+0x24c/0x2d0 [ 38.438278] ret_from_fork+0x10/0x20 [ 38.438938] [ 38.439335] Allocated by task 274: [ 38.439818] kasan_save_stack+0x3c/0x68 [ 38.440451] kasan_save_track+0x20/0x40 [ 38.441020] kasan_save_alloc_info+0x40/0x58 [ 38.441711] __kasan_kmalloc+0xd4/0xd8 [ 38.442248] __kmalloc_noprof+0x188/0x4c8 [ 38.442901] kunit_kmalloc_array+0x34/0x88 [ 38.443583] copy_user_test_oob+0xac/0xec0 [ 38.444231] kunit_try_run_case+0x14c/0x3d0 [ 38.444880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.445517] kthread+0x24c/0x2d0 [ 38.446109] ret_from_fork+0x10/0x20 [ 38.446732] [ 38.447116] The buggy address belongs to the object at fff00000c5f1be00 [ 38.447116] which belongs to the cache kmalloc-128 of size 128 [ 38.448327] The buggy address is located 0 bytes inside of [ 38.448327] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.449803] [ 38.450168] The buggy address belongs to the physical page: [ 38.450944] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.451821] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.452677] page_type: f5(slab) [ 38.453221] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.453997] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.454976] page dumped because: kasan: bad access detected [ 38.455635] [ 38.455941] Memory state around the buggy address: [ 38.456675] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.457616] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.458511] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.459388] ^ [ 38.460339] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.461173] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.462078] ================================================================== [ 38.542184] ================================================================== [ 38.542969] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 38.543704] Read of size 121 at addr fff00000c5f1be00 by task kunit_try_catch/274 [ 38.544565] [ 38.544949] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.546332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.546984] Hardware name: linux,dummy-virt (DT) [ 38.547510] Call trace: [ 38.548005] show_stack+0x20/0x38 (C) [ 38.548677] dump_stack_lvl+0x8c/0xd0 [ 38.549247] print_report+0x118/0x5e0 [ 38.549936] kasan_report+0xc8/0x118 [ 38.550831] kasan_check_range+0x100/0x1a8 [ 38.551514] __kasan_check_read+0x20/0x30 [ 38.552116] copy_user_test_oob+0x4a0/0xec0 [ 38.552833] kunit_try_run_case+0x14c/0x3d0 [ 38.553458] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.554178] kthread+0x24c/0x2d0 [ 38.554765] ret_from_fork+0x10/0x20 [ 38.555408] [ 38.555814] Allocated by task 274: [ 38.556334] kasan_save_stack+0x3c/0x68 [ 38.556842] kasan_save_track+0x20/0x40 [ 38.557474] kasan_save_alloc_info+0x40/0x58 [ 38.558144] __kasan_kmalloc+0xd4/0xd8 [ 38.558669] __kmalloc_noprof+0x188/0x4c8 [ 38.559352] kunit_kmalloc_array+0x34/0x88 [ 38.560027] copy_user_test_oob+0xac/0xec0 [ 38.560636] kunit_try_run_case+0x14c/0x3d0 [ 38.561237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.561992] kthread+0x24c/0x2d0 [ 38.562591] ret_from_fork+0x10/0x20 [ 38.563090] [ 38.563473] The buggy address belongs to the object at fff00000c5f1be00 [ 38.563473] which belongs to the cache kmalloc-128 of size 128 [ 38.564756] The buggy address is located 0 bytes inside of [ 38.564756] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.565812] [ 38.566195] The buggy address belongs to the physical page: [ 38.566977] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.567993] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.568756] page_type: f5(slab) [ 38.569368] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.570244] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.571142] page dumped because: kasan: bad access detected [ 38.571933] [ 38.572319] Memory state around the buggy address: [ 38.572944] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.573910] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.574835] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.575602] ^ [ 38.576444] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.577335] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.578203] ================================================================== [ 38.464087] ================================================================== [ 38.464758] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 38.465750] Read of size 121 at addr fff00000c5f1be00 by task kunit_try_catch/274 [ 38.466629] [ 38.467042] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.468413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.469004] Hardware name: linux,dummy-virt (DT) [ 38.469758] Call trace: [ 38.470231] show_stack+0x20/0x38 (C) [ 38.470844] dump_stack_lvl+0x8c/0xd0 [ 38.471501] print_report+0x118/0x5e0 [ 38.472124] kasan_report+0xc8/0x118 [ 38.472742] kasan_check_range+0x100/0x1a8 [ 38.473335] __kasan_check_read+0x20/0x30 [ 38.473912] copy_user_test_oob+0x3c8/0xec0 [ 38.474617] kunit_try_run_case+0x14c/0x3d0 [ 38.475324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.476150] kthread+0x24c/0x2d0 [ 38.476778] ret_from_fork+0x10/0x20 [ 38.477428] [ 38.477784] Allocated by task 274: [ 38.478277] kasan_save_stack+0x3c/0x68 [ 38.478931] kasan_save_track+0x20/0x40 [ 38.479493] kasan_save_alloc_info+0x40/0x58 [ 38.480193] __kasan_kmalloc+0xd4/0xd8 [ 38.480750] __kmalloc_noprof+0x188/0x4c8 [ 38.481278] kunit_kmalloc_array+0x34/0x88 [ 38.481955] copy_user_test_oob+0xac/0xec0 [ 38.482638] kunit_try_run_case+0x14c/0x3d0 [ 38.483300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.484074] kthread+0x24c/0x2d0 [ 38.484616] ret_from_fork+0x10/0x20 [ 38.485099] [ 38.485413] The buggy address belongs to the object at fff00000c5f1be00 [ 38.485413] which belongs to the cache kmalloc-128 of size 128 [ 38.486896] The buggy address is located 0 bytes inside of [ 38.486896] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.488310] [ 38.489274] The buggy address belongs to the physical page: [ 38.490012] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.490911] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.491805] page_type: f5(slab) [ 38.492429] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.493303] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.494278] page dumped because: kasan: bad access detected [ 38.495019] [ 38.495396] Memory state around the buggy address: [ 38.495934] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.496722] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.497493] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.498297] ^ [ 38.499272] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.500138] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.500861] ================================================================== [ 38.502763] ================================================================== [ 38.503520] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 38.504287] Write of size 121 at addr fff00000c5f1be00 by task kunit_try_catch/274 [ 38.505218] [ 38.505653] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.506863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.507490] Hardware name: linux,dummy-virt (DT) [ 38.508191] Call trace: [ 38.508609] show_stack+0x20/0x38 (C) [ 38.509289] dump_stack_lvl+0x8c/0xd0 [ 38.509912] print_report+0x118/0x5e0 [ 38.510501] kasan_report+0xc8/0x118 [ 38.511161] kasan_check_range+0x100/0x1a8 [ 38.511745] __kasan_check_write+0x20/0x30 [ 38.512453] copy_user_test_oob+0x434/0xec0 [ 38.513038] kunit_try_run_case+0x14c/0x3d0 [ 38.513770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.514412] kthread+0x24c/0x2d0 [ 38.515037] ret_from_fork+0x10/0x20 [ 38.515716] [ 38.516104] Allocated by task 274: [ 38.516687] kasan_save_stack+0x3c/0x68 [ 38.517241] kasan_save_track+0x20/0x40 [ 38.517886] kasan_save_alloc_info+0x40/0x58 [ 38.518553] __kasan_kmalloc+0xd4/0xd8 [ 38.519185] __kmalloc_noprof+0x188/0x4c8 [ 38.520138] kunit_kmalloc_array+0x34/0x88 [ 38.520936] copy_user_test_oob+0xac/0xec0 [ 38.521589] kunit_try_run_case+0x14c/0x3d0 [ 38.522219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.522932] kthread+0x24c/0x2d0 [ 38.523516] ret_from_fork+0x10/0x20 [ 38.524130] [ 38.524520] The buggy address belongs to the object at fff00000c5f1be00 [ 38.524520] which belongs to the cache kmalloc-128 of size 128 [ 38.525698] The buggy address is located 0 bytes inside of [ 38.525698] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.526956] [ 38.527336] The buggy address belongs to the physical page: [ 38.528105] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.528980] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.529857] page_type: f5(slab) [ 38.530352] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.531261] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.532091] page dumped because: kasan: bad access detected [ 38.532877] [ 38.533191] Memory state around the buggy address: [ 38.533860] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.534764] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.535559] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.536382] ^ [ 38.537171] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.538001] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.538923] ==================================================================
[ 32.788316] ================================================================== [ 32.788828] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 32.788828] Read of size 121 at addr ffff8881028f6c00 by task kunit_try_catch/294 [ 32.788828] [ 32.788828] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.788828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.788828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.788828] Call Trace: [ 32.788828] <TASK> [ 32.788828] dump_stack_lvl+0x73/0xb0 [ 32.788828] print_report+0xd1/0x640 [ 32.788828] ? __virt_addr_valid+0x1db/0x2d0 [ 32.788828] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.788828] kasan_report+0x102/0x140 [ 32.788828] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.788828] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.788828] kasan_check_range+0x10c/0x1c0 [ 32.788828] __kasan_check_read+0x15/0x20 [ 32.788828] copy_user_test_oob+0x4ab/0x10f0 [ 32.788828] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.788828] ? __switch_to+0x5d9/0xf60 [ 32.788828] ? __schedule+0xc3e/0x2790 [ 32.788828] ? ktime_get_ts64+0x84/0x230 [ 32.788828] kunit_try_run_case+0x1b3/0x490 [ 32.788828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.788828] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.788828] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.788828] ? __kthread_parkme+0x82/0x160 [ 32.788828] ? preempt_count_sub+0x50/0x80 [ 32.788828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.788828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.788828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.788828] kthread+0x257/0x310 [ 32.788828] ? __pfx_kthread+0x10/0x10 [ 32.788828] ret_from_fork+0x41/0x80 [ 32.788828] ? __pfx_kthread+0x10/0x10 [ 32.788828] ret_from_fork_asm+0x1a/0x30 [ 32.788828] </TASK> [ 32.788828] [ 32.788828] Allocated by task 294: [ 32.788828] kasan_save_stack+0x3d/0x60 [ 32.788828] kasan_save_track+0x18/0x40 [ 32.788828] kasan_save_alloc_info+0x3b/0x50 [ 32.788828] __kasan_kmalloc+0xb7/0xc0 [ 32.788828] __kmalloc_noprof+0x1c4/0x500 [ 32.788828] kunit_kmalloc_array+0x25/0x60 [ 32.788828] copy_user_test_oob+0xac/0x10f0 [ 32.788828] kunit_try_run_case+0x1b3/0x490 [ 32.788828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.788828] kthread+0x257/0x310 [ 32.788828] ret_from_fork+0x41/0x80 [ 32.788828] ret_from_fork_asm+0x1a/0x30 [ 32.788828] [ 32.788828] The buggy address belongs to the object at ffff8881028f6c00 [ 32.788828] which belongs to the cache kmalloc-128 of size 128 [ 32.788828] The buggy address is located 0 bytes inside of [ 32.788828] allocated 120-byte region [ffff8881028f6c00, ffff8881028f6c78) [ 32.788828] [ 32.788828] The buggy address belongs to the physical page: [ 32.788828] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f6 [ 32.788828] flags: 0x200000000000000(node=0|zone=2) [ 32.788828] page_type: f5(slab) [ 32.788828] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.788828] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.788828] page dumped because: kasan: bad access detected [ 32.788828] [ 32.788828] Memory state around the buggy address: [ 32.788828] ffff8881028f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.788828] ffff8881028f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.788828] >ffff8881028f6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.788828] ^ [ 32.788828] ffff8881028f6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.788828] ffff8881028f6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.788828] ================================================================== [ 32.865825] ================================================================== [ 32.866214] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 32.866214] Read of size 121 at addr ffff8881028f6c00 by task kunit_try_catch/294 [ 32.866214] [ 32.866214] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.866403] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.866403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.866403] Call Trace: [ 32.866403] <TASK> [ 32.866403] dump_stack_lvl+0x73/0xb0 [ 32.866403] print_report+0xd1/0x640 [ 32.866403] ? __virt_addr_valid+0x1db/0x2d0 [ 32.866403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.866403] kasan_report+0x102/0x140 [ 32.866403] ? copy_user_test_oob+0x605/0x10f0 [ 32.866403] ? copy_user_test_oob+0x605/0x10f0 [ 32.866403] kasan_check_range+0x10c/0x1c0 [ 32.866403] __kasan_check_read+0x15/0x20 [ 32.866403] copy_user_test_oob+0x605/0x10f0 [ 32.866403] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.866403] ? __switch_to+0x5d9/0xf60 [ 32.866403] ? __schedule+0xc3e/0x2790 [ 32.866403] ? ktime_get_ts64+0x84/0x230 [ 32.866403] kunit_try_run_case+0x1b3/0x490 [ 32.866403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.866403] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.866403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.866403] ? __kthread_parkme+0x82/0x160 [ 32.866403] ? preempt_count_sub+0x50/0x80 [ 32.866403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.866403] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.866403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.866403] kthread+0x257/0x310 [ 32.866403] ? __pfx_kthread+0x10/0x10 [ 32.866403] ret_from_fork+0x41/0x80 [ 32.866403] ? __pfx_kthread+0x10/0x10 [ 32.866403] ret_from_fork_asm+0x1a/0x30 [ 32.866403] </TASK> [ 32.866403] [ 32.866403] Allocated by task 294: [ 32.866403] kasan_save_stack+0x3d/0x60 [ 32.866403] kasan_save_track+0x18/0x40 [ 32.866403] kasan_save_alloc_info+0x3b/0x50 [ 32.866403] __kasan_kmalloc+0xb7/0xc0 [ 32.866403] __kmalloc_noprof+0x1c4/0x500 [ 32.866403] kunit_kmalloc_array+0x25/0x60 [ 32.866403] copy_user_test_oob+0xac/0x10f0 [ 32.866403] kunit_try_run_case+0x1b3/0x490 [ 32.866403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.866403] kthread+0x257/0x310 [ 32.866403] ret_from_fork+0x41/0x80 [ 32.866403] ret_from_fork_asm+0x1a/0x30 [ 32.866403] [ 32.866403] The buggy address belongs to the object at ffff8881028f6c00 [ 32.866403] which belongs to the cache kmalloc-128 of size 128 [ 32.866403] The buggy address is located 0 bytes inside of [ 32.866403] allocated 120-byte region [ffff8881028f6c00, ffff8881028f6c78) [ 32.866403] [ 32.866403] The buggy address belongs to the physical page: [ 32.866403] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f6 [ 32.866403] flags: 0x200000000000000(node=0|zone=2) [ 32.866403] page_type: f5(slab) [ 32.866403] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.866403] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.866403] page dumped because: kasan: bad access detected [ 32.866403] [ 32.866403] Memory state around the buggy address: [ 32.866403] ffff8881028f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.866403] ffff8881028f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.866403] >ffff8881028f6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.866403] ^ [ 32.866403] ffff8881028f6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.866403] ffff8881028f6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.866403] ================================================================== [ 32.829039] ================================================================== [ 32.829517] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 32.829517] Write of size 121 at addr ffff8881028f6c00 by task kunit_try_catch/294 [ 32.829517] [ 32.829517] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.830793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.830793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.830793] Call Trace: [ 32.830793] <TASK> [ 32.830793] dump_stack_lvl+0x73/0xb0 [ 32.830793] print_report+0xd1/0x640 [ 32.830793] ? __virt_addr_valid+0x1db/0x2d0 [ 32.830793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.830793] kasan_report+0x102/0x140 [ 32.830793] ? copy_user_test_oob+0x558/0x10f0 [ 32.830793] ? copy_user_test_oob+0x558/0x10f0 [ 32.830793] kasan_check_range+0x10c/0x1c0 [ 32.830793] __kasan_check_write+0x18/0x20 [ 32.830793] copy_user_test_oob+0x558/0x10f0 [ 32.830793] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.830793] ? __switch_to+0x5d9/0xf60 [ 32.830793] ? __schedule+0xc3e/0x2790 [ 32.830793] ? ktime_get_ts64+0x84/0x230 [ 32.830793] kunit_try_run_case+0x1b3/0x490 [ 32.830793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.830793] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.830793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.830793] ? __kthread_parkme+0x82/0x160 [ 32.830793] ? preempt_count_sub+0x50/0x80 [ 32.830793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.830793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.830793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.830793] kthread+0x257/0x310 [ 32.830793] ? __pfx_kthread+0x10/0x10 [ 32.830793] ret_from_fork+0x41/0x80 [ 32.830793] ? __pfx_kthread+0x10/0x10 [ 32.830793] ret_from_fork_asm+0x1a/0x30 [ 32.830793] </TASK> [ 32.830793] [ 32.830793] Allocated by task 294: [ 32.830793] kasan_save_stack+0x3d/0x60 [ 32.830793] kasan_save_track+0x18/0x40 [ 32.830793] kasan_save_alloc_info+0x3b/0x50 [ 32.830793] __kasan_kmalloc+0xb7/0xc0 [ 32.830793] __kmalloc_noprof+0x1c4/0x500 [ 32.830793] kunit_kmalloc_array+0x25/0x60 [ 32.830793] copy_user_test_oob+0xac/0x10f0 [ 32.830793] kunit_try_run_case+0x1b3/0x490 [ 32.830793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.830793] kthread+0x257/0x310 [ 32.830793] ret_from_fork+0x41/0x80 [ 32.830793] ret_from_fork_asm+0x1a/0x30 [ 32.830793] [ 32.830793] The buggy address belongs to the object at ffff8881028f6c00 [ 32.830793] which belongs to the cache kmalloc-128 of size 128 [ 32.830793] The buggy address is located 0 bytes inside of [ 32.830793] allocated 120-byte region [ffff8881028f6c00, ffff8881028f6c78) [ 32.830793] [ 32.830793] The buggy address belongs to the physical page: [ 32.830793] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f6 [ 32.830793] flags: 0x200000000000000(node=0|zone=2) [ 32.830793] page_type: f5(slab) [ 32.830793] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.830793] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.830793] page dumped because: kasan: bad access detected [ 32.830793] [ 32.830793] Memory state around the buggy address: [ 32.830793] ffff8881028f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.830793] ffff8881028f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.830793] >ffff8881028f6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.830793] ^ [ 32.830793] ffff8881028f6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.830793] ffff8881028f6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.830793] ================================================================== [ 32.749823] ================================================================== [ 32.750130] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 32.750130] Write of size 121 at addr ffff8881028f6c00 by task kunit_try_catch/294 [ 32.750130] [ 32.750130] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.750130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.750130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.750130] Call Trace: [ 32.750130] <TASK> [ 32.750130] dump_stack_lvl+0x73/0xb0 [ 32.750130] print_report+0xd1/0x640 [ 32.750130] ? __virt_addr_valid+0x1db/0x2d0 [ 32.750130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.750130] kasan_report+0x102/0x140 [ 32.750130] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.750130] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.750130] kasan_check_range+0x10c/0x1c0 [ 32.750130] __kasan_check_write+0x18/0x20 [ 32.750130] copy_user_test_oob+0x3fe/0x10f0 [ 32.750130] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.750130] ? __switch_to+0x5d9/0xf60 [ 32.750130] ? __schedule+0xc3e/0x2790 [ 32.750130] ? ktime_get_ts64+0x84/0x230 [ 32.750130] kunit_try_run_case+0x1b3/0x490 [ 32.750130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.750130] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.750130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.750130] ? __kthread_parkme+0x82/0x160 [ 32.750130] ? preempt_count_sub+0x50/0x80 [ 32.750130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.750130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.750130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.750130] kthread+0x257/0x310 [ 32.750130] ? __pfx_kthread+0x10/0x10 [ 32.750130] ret_from_fork+0x41/0x80 [ 32.750130] ? __pfx_kthread+0x10/0x10 [ 32.750130] ret_from_fork_asm+0x1a/0x30 [ 32.750130] </TASK> [ 32.750130] [ 32.750130] Allocated by task 294: [ 32.750130] kasan_save_stack+0x3d/0x60 [ 32.750130] kasan_save_track+0x18/0x40 [ 32.750130] kasan_save_alloc_info+0x3b/0x50 [ 32.750130] __kasan_kmalloc+0xb7/0xc0 [ 32.750130] __kmalloc_noprof+0x1c4/0x500 [ 32.750130] kunit_kmalloc_array+0x25/0x60 [ 32.750130] copy_user_test_oob+0xac/0x10f0 [ 32.750130] kunit_try_run_case+0x1b3/0x490 [ 32.750130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.750130] kthread+0x257/0x310 [ 32.750130] ret_from_fork+0x41/0x80 [ 32.750130] ret_from_fork_asm+0x1a/0x30 [ 32.750130] [ 32.750130] The buggy address belongs to the object at ffff8881028f6c00 [ 32.750130] which belongs to the cache kmalloc-128 of size 128 [ 32.750130] The buggy address is located 0 bytes inside of [ 32.750130] allocated 120-byte region [ffff8881028f6c00, ffff8881028f6c78) [ 32.750130] [ 32.750130] The buggy address belongs to the physical page: [ 32.750130] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f6 [ 32.750130] flags: 0x200000000000000(node=0|zone=2) [ 32.750130] page_type: f5(slab) [ 32.750130] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.750130] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.750130] page dumped because: kasan: bad access detected [ 32.750130] [ 32.750130] Memory state around the buggy address: [ 32.750130] ffff8881028f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.750130] ffff8881028f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.750130] >ffff8881028f6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.750130] ^ [ 32.750130] ffff8881028f6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.750130] ffff8881028f6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.750130] ==================================================================
[ 27.517691] ================================================================== [ 27.518632] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 27.519043] Read of size 121 at addr ffff8881028cc000 by task kunit_try_catch/292 [ 27.519442] [ 27.519724] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.520899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.521317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.522369] Call Trace: [ 27.522614] <TASK> [ 27.522821] dump_stack_lvl+0x73/0xb0 [ 27.523105] print_report+0xd1/0x640 [ 27.523410] ? __virt_addr_valid+0x1db/0x2d0 [ 27.523978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.524579] kasan_report+0x102/0x140 [ 27.525182] ? copy_user_test_oob+0x4ab/0x10f0 [ 27.525792] ? copy_user_test_oob+0x4ab/0x10f0 [ 27.526330] kasan_check_range+0x10c/0x1c0 [ 27.526895] __kasan_check_read+0x15/0x20 [ 27.527351] copy_user_test_oob+0x4ab/0x10f0 [ 27.527990] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.528383] ? finish_task_switch.isra.0+0x153/0x700 [ 27.528950] ? __switch_to+0x5d9/0xf60 [ 27.529426] ? __schedule+0xc3e/0x2790 [ 27.529944] ? __pfx_read_tsc+0x10/0x10 [ 27.530300] ? ktime_get_ts64+0x84/0x230 [ 27.530894] kunit_try_run_case+0x1b3/0x490 [ 27.531221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.531616] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.532139] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.532682] ? __kthread_parkme+0x82/0x160 [ 27.533153] ? preempt_count_sub+0x50/0x80 [ 27.533461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.534011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.534658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.535098] kthread+0x257/0x310 [ 27.535588] ? __pfx_kthread+0x10/0x10 [ 27.536003] ret_from_fork+0x41/0x80 [ 27.536288] ? __pfx_kthread+0x10/0x10 [ 27.536618] ret_from_fork_asm+0x1a/0x30 [ 27.537190] </TASK> [ 27.537642] [ 27.537898] Allocated by task 292: [ 27.538321] kasan_save_stack+0x3d/0x60 [ 27.538793] kasan_save_track+0x18/0x40 [ 27.539076] kasan_save_alloc_info+0x3b/0x50 [ 27.539376] __kasan_kmalloc+0xb7/0xc0 [ 27.539814] __kmalloc_noprof+0x1c4/0x500 [ 27.540287] kunit_kmalloc_array+0x25/0x60 [ 27.540883] copy_user_test_oob+0xac/0x10f0 [ 27.541351] kunit_try_run_case+0x1b3/0x490 [ 27.541940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.542372] kthread+0x257/0x310 [ 27.544504] ret_from_fork+0x41/0x80 [ 27.544943] ret_from_fork_asm+0x1a/0x30 [ 27.545405] [ 27.545666] The buggy address belongs to the object at ffff8881028cc000 [ 27.545666] which belongs to the cache kmalloc-128 of size 128 [ 27.546428] The buggy address is located 0 bytes inside of [ 27.546428] allocated 120-byte region [ffff8881028cc000, ffff8881028cc078) [ 27.549247] [ 27.549881] The buggy address belongs to the physical page: [ 27.550926] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc [ 27.552220] flags: 0x200000000000000(node=0|zone=2) [ 27.552836] page_type: f5(slab) [ 27.553091] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.553516] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.553924] page dumped because: kasan: bad access detected [ 27.554214] [ 27.554306] Memory state around the buggy address: [ 27.554469] ffff8881028cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.555355] ffff8881028cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.556228] >ffff8881028cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.557099] ^ [ 27.557961] ffff8881028cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.558887] ffff8881028cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.559319] ================================================================== [ 27.604533] ================================================================== [ 27.605226] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 27.605842] Read of size 121 at addr ffff8881028cc000 by task kunit_try_catch/292 [ 27.606438] [ 27.606781] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.607479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.607991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.608720] Call Trace: [ 27.609194] <TASK> [ 27.609504] dump_stack_lvl+0x73/0xb0 [ 27.610060] print_report+0xd1/0x640 [ 27.610358] ? __virt_addr_valid+0x1db/0x2d0 [ 27.610752] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.611388] kasan_report+0x102/0x140 [ 27.611898] ? copy_user_test_oob+0x605/0x10f0 [ 27.612387] ? copy_user_test_oob+0x605/0x10f0 [ 27.613076] kasan_check_range+0x10c/0x1c0 [ 27.613637] __kasan_check_read+0x15/0x20 [ 27.614077] copy_user_test_oob+0x605/0x10f0 [ 27.614711] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.615166] ? finish_task_switch.isra.0+0x153/0x700 [ 27.615760] ? __switch_to+0x5d9/0xf60 [ 27.616245] ? __schedule+0xc3e/0x2790 [ 27.616713] ? __pfx_read_tsc+0x10/0x10 [ 27.617035] ? ktime_get_ts64+0x84/0x230 [ 27.617616] kunit_try_run_case+0x1b3/0x490 [ 27.618217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.618753] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.619119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.619804] ? __kthread_parkme+0x82/0x160 [ 27.620367] ? preempt_count_sub+0x50/0x80 [ 27.620899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.621432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.621872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.622542] kthread+0x257/0x310 [ 27.622992] ? __pfx_kthread+0x10/0x10 [ 27.623427] ret_from_fork+0x41/0x80 [ 27.623961] ? __pfx_kthread+0x10/0x10 [ 27.624338] ret_from_fork_asm+0x1a/0x30 [ 27.624950] </TASK> [ 27.625276] [ 27.625448] Allocated by task 292: [ 27.625756] kasan_save_stack+0x3d/0x60 [ 27.626055] kasan_save_track+0x18/0x40 [ 27.626360] kasan_save_alloc_info+0x3b/0x50 [ 27.626951] __kasan_kmalloc+0xb7/0xc0 [ 27.627321] __kmalloc_noprof+0x1c4/0x500 [ 27.627682] kunit_kmalloc_array+0x25/0x60 [ 27.627980] copy_user_test_oob+0xac/0x10f0 [ 27.628272] kunit_try_run_case+0x1b3/0x490 [ 27.628880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.629420] kthread+0x257/0x310 [ 27.629925] ret_from_fork+0x41/0x80 [ 27.630351] ret_from_fork_asm+0x1a/0x30 [ 27.630925] [ 27.631192] The buggy address belongs to the object at ffff8881028cc000 [ 27.631192] which belongs to the cache kmalloc-128 of size 128 [ 27.632292] The buggy address is located 0 bytes inside of [ 27.632292] allocated 120-byte region [ffff8881028cc000, ffff8881028cc078) [ 27.633390] [ 27.633751] The buggy address belongs to the physical page: [ 27.634236] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc [ 27.634981] flags: 0x200000000000000(node=0|zone=2) [ 27.635406] page_type: f5(slab) [ 27.635904] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.636548] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.637193] page dumped because: kasan: bad access detected [ 27.637824] [ 27.638030] Memory state around the buggy address: [ 27.638473] ffff8881028cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.639165] ffff8881028cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.639613] >ffff8881028cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.639990] ^ [ 27.640748] ffff8881028cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.641405] ffff8881028cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.642247] ================================================================== [ 27.560777] ================================================================== [ 27.561321] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 27.562078] Write of size 121 at addr ffff8881028cc000 by task kunit_try_catch/292 [ 27.562924] [ 27.563137] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.564080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.564693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.565329] Call Trace: [ 27.565817] <TASK> [ 27.566200] dump_stack_lvl+0x73/0xb0 [ 27.566701] print_report+0xd1/0x640 [ 27.567265] ? __virt_addr_valid+0x1db/0x2d0 [ 27.567774] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.568392] kasan_report+0x102/0x140 [ 27.568907] ? copy_user_test_oob+0x558/0x10f0 [ 27.569252] ? copy_user_test_oob+0x558/0x10f0 [ 27.570065] kasan_check_range+0x10c/0x1c0 [ 27.570561] __kasan_check_write+0x18/0x20 [ 27.572727] copy_user_test_oob+0x558/0x10f0 [ 27.573413] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.573889] ? finish_task_switch.isra.0+0x153/0x700 [ 27.574609] ? __switch_to+0x5d9/0xf60 [ 27.574927] ? __schedule+0xc3e/0x2790 [ 27.575217] ? __pfx_read_tsc+0x10/0x10 [ 27.575586] ? ktime_get_ts64+0x84/0x230 [ 27.576095] kunit_try_run_case+0x1b3/0x490 [ 27.576525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.577096] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.577631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.578158] ? __kthread_parkme+0x82/0x160 [ 27.578736] ? preempt_count_sub+0x50/0x80 [ 27.579277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.579745] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.580458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.581108] kthread+0x257/0x310 [ 27.581902] ? __pfx_kthread+0x10/0x10 [ 27.582205] ret_from_fork+0x41/0x80 [ 27.583163] ? __pfx_kthread+0x10/0x10 [ 27.583844] ret_from_fork_asm+0x1a/0x30 [ 27.584199] </TASK> [ 27.584469] [ 27.584634] Allocated by task 292: [ 27.584866] kasan_save_stack+0x3d/0x60 [ 27.585302] kasan_save_track+0x18/0x40 [ 27.585793] kasan_save_alloc_info+0x3b/0x50 [ 27.586203] __kasan_kmalloc+0xb7/0xc0 [ 27.586510] __kmalloc_noprof+0x1c4/0x500 [ 27.586948] kunit_kmalloc_array+0x25/0x60 [ 27.587377] copy_user_test_oob+0xac/0x10f0 [ 27.588258] kunit_try_run_case+0x1b3/0x490 [ 27.588582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.589131] kthread+0x257/0x310 [ 27.589454] ret_from_fork+0x41/0x80 [ 27.589924] ret_from_fork_asm+0x1a/0x30 [ 27.590470] [ 27.591723] The buggy address belongs to the object at ffff8881028cc000 [ 27.591723] which belongs to the cache kmalloc-128 of size 128 [ 27.592682] The buggy address is located 0 bytes inside of [ 27.592682] allocated 120-byte region [ffff8881028cc000, ffff8881028cc078) [ 27.593472] [ 27.594453] The buggy address belongs to the physical page: [ 27.594940] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc [ 27.595302] flags: 0x200000000000000(node=0|zone=2) [ 27.595516] page_type: f5(slab) [ 27.595757] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.596447] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.597216] page dumped because: kasan: bad access detected [ 27.597830] [ 27.598148] Memory state around the buggy address: [ 27.598631] ffff8881028cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.599190] ffff8881028cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.599963] >ffff8881028cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.600462] ^ [ 27.601407] ffff8881028cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.602570] ffff8881028cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.603214] ================================================================== [ 27.478940] ================================================================== [ 27.479551] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 27.480025] Write of size 121 at addr ffff8881028cc000 by task kunit_try_catch/292 [ 27.480754] [ 27.481018] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.481714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.482195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.482786] Call Trace: [ 27.483141] <TASK> [ 27.483432] dump_stack_lvl+0x73/0xb0 [ 27.483983] print_report+0xd1/0x640 [ 27.484501] ? __virt_addr_valid+0x1db/0x2d0 [ 27.484870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.485442] kasan_report+0x102/0x140 [ 27.485947] ? copy_user_test_oob+0x3fe/0x10f0 [ 27.486283] ? copy_user_test_oob+0x3fe/0x10f0 [ 27.486843] kasan_check_range+0x10c/0x1c0 [ 27.487353] __kasan_check_write+0x18/0x20 [ 27.487759] copy_user_test_oob+0x3fe/0x10f0 [ 27.488165] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.488661] ? finish_task_switch.isra.0+0x153/0x700 [ 27.489066] ? __switch_to+0x5d9/0xf60 [ 27.489545] ? __schedule+0xc3e/0x2790 [ 27.490014] ? __pfx_read_tsc+0x10/0x10 [ 27.490433] ? ktime_get_ts64+0x84/0x230 [ 27.491025] kunit_try_run_case+0x1b3/0x490 [ 27.491442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.491905] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.492407] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.492884] ? __kthread_parkme+0x82/0x160 [ 27.493189] ? preempt_count_sub+0x50/0x80 [ 27.493518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.494071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.494701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.495310] kthread+0x257/0x310 [ 27.495762] ? __pfx_kthread+0x10/0x10 [ 27.496215] ret_from_fork+0x41/0x80 [ 27.496614] ? __pfx_kthread+0x10/0x10 [ 27.497087] ret_from_fork_asm+0x1a/0x30 [ 27.497558] </TASK> [ 27.497863] [ 27.498071] Allocated by task 292: [ 27.498444] kasan_save_stack+0x3d/0x60 [ 27.499041] kasan_save_track+0x18/0x40 [ 27.499372] kasan_save_alloc_info+0x3b/0x50 [ 27.499907] __kasan_kmalloc+0xb7/0xc0 [ 27.500326] __kmalloc_noprof+0x1c4/0x500 [ 27.500683] kunit_kmalloc_array+0x25/0x60 [ 27.501150] copy_user_test_oob+0xac/0x10f0 [ 27.501605] kunit_try_run_case+0x1b3/0x490 [ 27.501935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.502569] kthread+0x257/0x310 [ 27.502961] ret_from_fork+0x41/0x80 [ 27.503415] ret_from_fork_asm+0x1a/0x30 [ 27.503964] [ 27.504261] The buggy address belongs to the object at ffff8881028cc000 [ 27.504261] which belongs to the cache kmalloc-128 of size 128 [ 27.505114] The buggy address is located 0 bytes inside of [ 27.505114] allocated 120-byte region [ffff8881028cc000, ffff8881028cc078) [ 27.506166] [ 27.506474] The buggy address belongs to the physical page: [ 27.507211] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc [ 27.507809] flags: 0x200000000000000(node=0|zone=2) [ 27.508122] page_type: f5(slab) [ 27.508543] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.509395] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.511646] page dumped because: kasan: bad access detected [ 27.511961] [ 27.512116] Memory state around the buggy address: [ 27.512397] ffff8881028cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.513320] ffff8881028cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.514152] >ffff8881028cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.514884] ^ [ 27.515595] ffff8881028cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.516091] ffff8881028cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.516464] ==================================================================