Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 54.767282] ================================================================== [ 54.768734] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 54.769635] Write of size 121 at addr fff00000c61a5600 by task kunit_try_catch/274 [ 54.771375] [ 54.771715] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.773043] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.774117] Hardware name: linux,dummy-virt (DT) [ 54.774732] Call trace: [ 54.775144] show_stack+0x20/0x38 (C) [ 54.775729] dump_stack_lvl+0x8c/0xd0 [ 54.776317] print_report+0x118/0x5e0 [ 54.776897] kasan_report+0xc8/0x118 [ 54.777791] kasan_check_range+0x100/0x1a8 [ 54.778407] __kasan_check_write+0x20/0x30 [ 54.779015] copy_user_test_oob+0x234/0xec0 [ 54.779617] kunit_try_run_case+0x14c/0x3d0 [ 54.780285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.780922] kthread+0x24c/0x2d0 [ 54.781900] ret_from_fork+0x10/0x20 [ 54.782509] [ 54.782827] Allocated by task 274: [ 54.783432] kasan_save_stack+0x3c/0x68 [ 54.784075] kasan_save_track+0x20/0x40 [ 54.784693] kasan_save_alloc_info+0x40/0x58 [ 54.785575] __kasan_kmalloc+0xd4/0xd8 [ 54.786155] __kmalloc_noprof+0x188/0x4c8 [ 54.786755] kunit_kmalloc_array+0x34/0x88 [ 54.787306] copy_user_test_oob+0xac/0xec0 [ 54.787854] kunit_try_run_case+0x14c/0x3d0 [ 54.788494] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.789192] kthread+0x24c/0x2d0 [ 54.789825] ret_from_fork+0x10/0x20 [ 54.790322] [ 54.790710] The buggy address belongs to the object at fff00000c61a5600 [ 54.790710] which belongs to the cache kmalloc-128 of size 128 [ 54.792834] The buggy address is located 0 bytes inside of [ 54.792834] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 54.794473] [ 54.794779] The buggy address belongs to the physical page: [ 54.795528] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 54.796491] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.797568] page_type: f5(slab) [ 54.798222] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 54.799159] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 54.800057] page dumped because: kasan: bad access detected [ 54.800713] [ 54.801021] Memory state around the buggy address: [ 54.802048] fff00000c61a5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 54.802941] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.804081] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.804901] ^ [ 54.806479] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.807585] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.808544] ================================================================== [ 54.864802] ================================================================== [ 54.865897] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 54.867251] Write of size 121 at addr fff00000c61a5600 by task kunit_try_catch/274 [ 54.868482] [ 54.868803] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.870126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.870702] Hardware name: linux,dummy-virt (DT) [ 54.871190] Call trace: [ 54.871582] show_stack+0x20/0x38 (C) [ 54.872156] dump_stack_lvl+0x8c/0xd0 [ 54.872822] print_report+0x118/0x5e0 [ 54.873421] kasan_report+0xc8/0x118 [ 54.873971] kasan_check_range+0x100/0x1a8 [ 54.874619] __kasan_check_write+0x20/0x30 [ 54.875227] copy_user_test_oob+0x35c/0xec0 [ 54.875784] kunit_try_run_case+0x14c/0x3d0 [ 54.876490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.877265] kthread+0x24c/0x2d0 [ 54.877733] ret_from_fork+0x10/0x20 [ 54.878390] [ 54.878763] Allocated by task 274: [ 54.879228] kasan_save_stack+0x3c/0x68 [ 54.879859] kasan_save_track+0x20/0x40 [ 54.880376] kasan_save_alloc_info+0x40/0x58 [ 54.881049] __kasan_kmalloc+0xd4/0xd8 [ 54.881698] __kmalloc_noprof+0x188/0x4c8 [ 54.882234] kunit_kmalloc_array+0x34/0x88 [ 54.882846] copy_user_test_oob+0xac/0xec0 [ 54.883404] kunit_try_run_case+0x14c/0x3d0 [ 54.884023] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.884627] kthread+0x24c/0x2d0 [ 54.885208] ret_from_fork+0x10/0x20 [ 54.885761] [ 54.886068] The buggy address belongs to the object at fff00000c61a5600 [ 54.886068] which belongs to the cache kmalloc-128 of size 128 [ 54.887426] The buggy address is located 0 bytes inside of [ 54.887426] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 54.888767] [ 54.889084] The buggy address belongs to the physical page: [ 54.889973] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 54.890874] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.891732] page_type: f5(slab) [ 54.892317] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 54.893177] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 54.894060] page dumped because: kasan: bad access detected [ 54.894742] [ 54.895132] Memory state around the buggy address: [ 54.895750] fff00000c61a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.896732] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.897675] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.898558] ^ [ 54.899406] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.900171] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.900972] ================================================================== [ 54.816603] ================================================================== [ 54.817609] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 54.819244] Read of size 121 at addr fff00000c61a5600 by task kunit_try_catch/274 [ 54.820212] [ 54.820595] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.821903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.822606] Hardware name: linux,dummy-virt (DT) [ 54.823254] Call trace: [ 54.823662] show_stack+0x20/0x38 (C) [ 54.824165] dump_stack_lvl+0x8c/0xd0 [ 54.824853] print_report+0x118/0x5e0 [ 54.825893] kasan_report+0xc8/0x118 [ 54.826511] kasan_check_range+0x100/0x1a8 [ 54.827115] __kasan_check_read+0x20/0x30 [ 54.827622] copy_user_test_oob+0x728/0xec0 [ 54.828128] kunit_try_run_case+0x14c/0x3d0 [ 54.828707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.829488] kthread+0x24c/0x2d0 [ 54.830132] ret_from_fork+0x10/0x20 [ 54.830694] [ 54.831003] Allocated by task 274: [ 54.831834] kasan_save_stack+0x3c/0x68 [ 54.832469] kasan_save_track+0x20/0x40 [ 54.833316] kasan_save_alloc_info+0x40/0x58 [ 54.833929] __kasan_kmalloc+0xd4/0xd8 [ 54.834462] __kmalloc_noprof+0x188/0x4c8 [ 54.835087] kunit_kmalloc_array+0x34/0x88 [ 54.835715] copy_user_test_oob+0xac/0xec0 [ 54.836393] kunit_try_run_case+0x14c/0x3d0 [ 54.836993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.838383] kthread+0x24c/0x2d0 [ 54.839087] ret_from_fork+0x10/0x20 [ 54.839599] [ 54.839916] The buggy address belongs to the object at fff00000c61a5600 [ 54.839916] which belongs to the cache kmalloc-128 of size 128 [ 54.841801] The buggy address is located 0 bytes inside of [ 54.841801] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 54.843366] [ 54.843860] The buggy address belongs to the physical page: [ 54.844515] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 54.844974] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.846283] page_type: f5(slab) [ 54.846759] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 54.847676] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 54.848651] page dumped because: kasan: bad access detected [ 54.849450] [ 54.849873] Memory state around the buggy address: [ 54.850521] fff00000c61a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.851417] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.852367] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.853391] ^ [ 54.854235] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.855050] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.855616] ================================================================== [ 54.902681] ================================================================== [ 54.903520] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 54.904167] Read of size 121 at addr fff00000c61a5600 by task kunit_try_catch/274 [ 54.905384] [ 54.906051] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.907233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.907761] Hardware name: linux,dummy-virt (DT) [ 54.908368] Call trace: [ 54.908732] show_stack+0x20/0x38 (C) [ 54.909370] dump_stack_lvl+0x8c/0xd0 [ 54.909943] print_report+0x118/0x5e0 [ 54.910526] kasan_report+0xc8/0x118 [ 54.911076] kasan_check_range+0x100/0x1a8 [ 54.911673] __kasan_check_read+0x20/0x30 [ 54.912322] copy_user_test_oob+0x3c8/0xec0 [ 54.912931] kunit_try_run_case+0x14c/0x3d0 [ 54.913630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.914415] kthread+0x24c/0x2d0 [ 54.914952] ret_from_fork+0x10/0x20 [ 54.915540] [ 54.915806] Allocated by task 274: [ 54.916286] kasan_save_stack+0x3c/0x68 [ 54.916920] kasan_save_track+0x20/0x40 [ 54.917479] kasan_save_alloc_info+0x40/0x58 [ 54.918158] __kasan_kmalloc+0xd4/0xd8 [ 54.918742] __kmalloc_noprof+0x188/0x4c8 [ 54.919347] kunit_kmalloc_array+0x34/0x88 [ 54.919871] copy_user_test_oob+0xac/0xec0 [ 54.920523] kunit_try_run_case+0x14c/0x3d0 [ 54.921109] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.921787] kthread+0x24c/0x2d0 [ 54.922269] ret_from_fork+0x10/0x20 [ 54.922893] [ 54.923188] The buggy address belongs to the object at fff00000c61a5600 [ 54.923188] which belongs to the cache kmalloc-128 of size 128 [ 54.924547] The buggy address is located 0 bytes inside of [ 54.924547] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 54.925892] [ 54.926187] The buggy address belongs to the physical page: [ 54.926961] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 54.927815] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.928626] page_type: f5(slab) [ 54.929071] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 54.930104] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 54.930991] page dumped because: kasan: bad access detected [ 54.931732] [ 54.932053] Memory state around the buggy address: [ 54.932605] fff00000c61a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.933516] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.934470] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.935230] ^ [ 54.936094] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.936947] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.937827] ================================================================== [ 54.939643] ================================================================== [ 54.940421] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 54.941221] Write of size 121 at addr fff00000c61a5600 by task kunit_try_catch/274 [ 54.942886] [ 54.943326] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.944447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.945098] Hardware name: linux,dummy-virt (DT) [ 54.945751] Call trace: [ 54.946125] show_stack+0x20/0x38 (C) [ 54.946641] dump_stack_lvl+0x8c/0xd0 [ 54.947279] print_report+0x118/0x5e0 [ 54.947869] kasan_report+0xc8/0x118 [ 54.948433] kasan_check_range+0x100/0x1a8 [ 54.949065] __kasan_check_write+0x20/0x30 [ 54.949769] copy_user_test_oob+0x434/0xec0 [ 54.950420] kunit_try_run_case+0x14c/0x3d0 [ 54.951125] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.951835] kthread+0x24c/0x2d0 [ 54.952366] ret_from_fork+0x10/0x20 [ 54.952981] [ 54.953342] Allocated by task 274: [ 54.953845] kasan_save_stack+0x3c/0x68 [ 54.954394] kasan_save_track+0x20/0x40 [ 54.954925] kasan_save_alloc_info+0x40/0x58 [ 54.955639] __kasan_kmalloc+0xd4/0xd8 [ 54.956215] __kmalloc_noprof+0x188/0x4c8 [ 54.956705] kunit_kmalloc_array+0x34/0x88 [ 54.957394] copy_user_test_oob+0xac/0xec0 [ 54.957997] kunit_try_run_case+0x14c/0x3d0 [ 54.958726] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.959363] kthread+0x24c/0x2d0 [ 54.959906] ret_from_fork+0x10/0x20 [ 54.960418] [ 54.960840] The buggy address belongs to the object at fff00000c61a5600 [ 54.960840] which belongs to the cache kmalloc-128 of size 128 [ 54.962209] The buggy address is located 0 bytes inside of [ 54.962209] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 54.963580] [ 54.963851] The buggy address belongs to the physical page: [ 54.964593] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 54.965520] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.966382] page_type: f5(slab) [ 54.966890] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 54.967761] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 54.968783] page dumped because: kasan: bad access detected [ 54.969574] [ 54.969888] Memory state around the buggy address: [ 54.970530] fff00000c61a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.971346] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.972270] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.973076] ^ [ 54.973894] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.974847] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.975802] ================================================================== [ 54.978785] ================================================================== [ 54.979554] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 54.980340] Read of size 121 at addr fff00000c61a5600 by task kunit_try_catch/274 [ 54.981087] [ 54.981572] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.982792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.983368] Hardware name: linux,dummy-virt (DT) [ 54.983908] Call trace: [ 54.984411] show_stack+0x20/0x38 (C) [ 54.985068] dump_stack_lvl+0x8c/0xd0 [ 54.985739] print_report+0x118/0x5e0 [ 54.986276] kasan_report+0xc8/0x118 [ 54.987004] kasan_check_range+0x100/0x1a8 [ 54.987622] __kasan_check_read+0x20/0x30 [ 54.988322] copy_user_test_oob+0x4a0/0xec0 [ 54.989018] kunit_try_run_case+0x14c/0x3d0 [ 54.989672] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.990396] kthread+0x24c/0x2d0 [ 54.991017] ret_from_fork+0x10/0x20 [ 54.991654] [ 54.991941] Allocated by task 274: [ 54.992500] kasan_save_stack+0x3c/0x68 [ 54.993131] kasan_save_track+0x20/0x40 [ 54.993686] kasan_save_alloc_info+0x40/0x58 [ 54.994269] __kasan_kmalloc+0xd4/0xd8 [ 54.994852] __kmalloc_noprof+0x188/0x4c8 [ 54.995350] kunit_kmalloc_array+0x34/0x88 [ 54.996005] copy_user_test_oob+0xac/0xec0 [ 54.996693] kunit_try_run_case+0x14c/0x3d0 [ 54.997283] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.998027] kthread+0x24c/0x2d0 [ 54.998516] ret_from_fork+0x10/0x20 [ 54.999047] [ 54.999417] The buggy address belongs to the object at fff00000c61a5600 [ 54.999417] which belongs to the cache kmalloc-128 of size 128 [ 55.000844] The buggy address is located 0 bytes inside of [ 55.000844] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 55.002212] [ 55.002618] The buggy address belongs to the physical page: [ 55.003279] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 55.004259] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.005054] page_type: f5(slab) [ 55.005591] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 55.006444] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 55.007477] page dumped because: kasan: bad access detected [ 55.008168] [ 55.008510] Memory state around the buggy address: [ 55.009120] fff00000c61a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.009989] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.010891] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 55.011752] ^ [ 55.012621] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.013491] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.014341] ==================================================================
[ 32.875087] ================================================================== [ 32.875719] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 32.876394] Read of size 121 at addr ffff888102a58900 by task kunit_try_catch/293 [ 32.876976] [ 32.877289] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 32.877937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.878432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.879152] Call Trace: [ 32.879493] <TASK> [ 32.879804] dump_stack_lvl+0x73/0xb0 [ 32.880302] print_report+0xd1/0x640 [ 32.880663] ? __virt_addr_valid+0x1db/0x2d0 [ 32.881142] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.881784] kasan_report+0x102/0x140 [ 32.882237] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.882764] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.883371] kasan_check_range+0x10c/0x1c0 [ 32.883700] __kasan_check_read+0x15/0x20 [ 32.884294] copy_user_test_oob+0x4ab/0x10f0 [ 32.884720] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.885312] ? finish_task_switch.isra.0+0x153/0x700 [ 32.885734] ? __switch_to+0x5d9/0xf60 [ 32.886140] ? __schedule+0xc3e/0x2790 [ 32.886569] ? __pfx_read_tsc+0x10/0x10 [ 32.886945] ? ktime_get_ts64+0x84/0x230 [ 32.887340] kunit_try_run_case+0x1b3/0x490 [ 32.887780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.888295] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.888709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.889360] ? __kthread_parkme+0x82/0x160 [ 32.889847] ? preempt_count_sub+0x50/0x80 [ 32.890388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.890810] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.891911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.893083] kthread+0x257/0x310 [ 32.893904] ? __pfx_kthread+0x10/0x10 [ 32.894521] ret_from_fork+0x41/0x80 [ 32.894923] ? __pfx_kthread+0x10/0x10 [ 32.895206] ret_from_fork_asm+0x1a/0x30 [ 32.896163] </TASK> [ 32.896394] [ 32.896554] Allocated by task 293: [ 32.896902] kasan_save_stack+0x3d/0x60 [ 32.897826] kasan_save_track+0x18/0x40 [ 32.898374] kasan_save_alloc_info+0x3b/0x50 [ 32.898893] __kasan_kmalloc+0xb7/0xc0 [ 32.899326] __kmalloc_noprof+0x1c4/0x500 [ 32.899901] kunit_kmalloc_array+0x25/0x60 [ 32.900391] copy_user_test_oob+0xac/0x10f0 [ 32.900820] kunit_try_run_case+0x1b3/0x490 [ 32.902034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.902505] kthread+0x257/0x310 [ 32.902929] ret_from_fork+0x41/0x80 [ 32.903298] ret_from_fork_asm+0x1a/0x30 [ 32.903752] [ 32.903945] The buggy address belongs to the object at ffff888102a58900 [ 32.903945] which belongs to the cache kmalloc-128 of size 128 [ 32.904858] The buggy address is located 0 bytes inside of [ 32.904858] allocated 120-byte region [ffff888102a58900, ffff888102a58978) [ 32.906197] [ 32.906390] The buggy address belongs to the physical page: [ 32.907043] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 32.907775] flags: 0x200000000000000(node=0|zone=2) [ 32.908622] page_type: f5(slab) [ 32.909440] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.910165] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.910893] page dumped because: kasan: bad access detected [ 32.911242] [ 32.911495] Memory state around the buggy address: [ 32.912098] ffff888102a58800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.912678] ffff888102a58880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.913823] >ffff888102a58900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.914569] ^ [ 32.915579] ffff888102a58980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.916419] ffff888102a58a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.917879] ================================================================== [ 32.919201] ================================================================== [ 32.919737] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 32.921231] Write of size 121 at addr ffff888102a58900 by task kunit_try_catch/293 [ 32.921919] [ 32.922703] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 32.924244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.924697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.926012] Call Trace: [ 32.926320] <TASK> [ 32.926737] dump_stack_lvl+0x73/0xb0 [ 32.927438] print_report+0xd1/0x640 [ 32.928014] ? __virt_addr_valid+0x1db/0x2d0 [ 32.928613] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.929119] kasan_report+0x102/0x140 [ 32.929964] ? copy_user_test_oob+0x558/0x10f0 [ 32.930446] ? copy_user_test_oob+0x558/0x10f0 [ 32.931163] kasan_check_range+0x10c/0x1c0 [ 32.931876] __kasan_check_write+0x18/0x20 [ 32.932605] copy_user_test_oob+0x558/0x10f0 [ 32.933319] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.933896] ? finish_task_switch.isra.0+0x153/0x700 [ 32.934468] ? __switch_to+0x5d9/0xf60 [ 32.934853] ? __schedule+0xc3e/0x2790 [ 32.935239] ? __pfx_read_tsc+0x10/0x10 [ 32.936137] ? ktime_get_ts64+0x84/0x230 [ 32.936764] kunit_try_run_case+0x1b3/0x490 [ 32.937409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.938084] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.938541] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.939004] ? __kthread_parkme+0x82/0x160 [ 32.939792] ? preempt_count_sub+0x50/0x80 [ 32.940430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.940853] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.941886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.942670] kthread+0x257/0x310 [ 32.943291] ? __pfx_kthread+0x10/0x10 [ 32.943662] ret_from_fork+0x41/0x80 [ 32.944045] ? __pfx_kthread+0x10/0x10 [ 32.944439] ret_from_fork_asm+0x1a/0x30 [ 32.944836] </TASK> [ 32.945665] [ 32.945848] Allocated by task 293: [ 32.946117] kasan_save_stack+0x3d/0x60 [ 32.946883] kasan_save_track+0x18/0x40 [ 32.947475] kasan_save_alloc_info+0x3b/0x50 [ 32.948133] __kasan_kmalloc+0xb7/0xc0 [ 32.948680] __kmalloc_noprof+0x1c4/0x500 [ 32.949259] kunit_kmalloc_array+0x25/0x60 [ 32.949676] copy_user_test_oob+0xac/0x10f0 [ 32.950104] kunit_try_run_case+0x1b3/0x490 [ 32.950896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.951561] kthread+0x257/0x310 [ 32.951963] ret_from_fork+0x41/0x80 [ 32.952540] ret_from_fork_asm+0x1a/0x30 [ 32.953022] [ 32.953333] The buggy address belongs to the object at ffff888102a58900 [ 32.953333] which belongs to the cache kmalloc-128 of size 128 [ 32.954458] The buggy address is located 0 bytes inside of [ 32.954458] allocated 120-byte region [ffff888102a58900, ffff888102a58978) [ 32.954901] [ 32.955066] The buggy address belongs to the physical page: [ 32.955486] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 32.956383] flags: 0x200000000000000(node=0|zone=2) [ 32.957271] page_type: f5(slab) [ 32.957878] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.958949] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.960082] page dumped because: kasan: bad access detected [ 32.960307] [ 32.960403] Memory state around the buggy address: [ 32.960601] ffff888102a58800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.960871] ffff888102a58880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.961629] >ffff888102a58900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.963483] ^ [ 32.964114] ffff888102a58980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.964816] ffff888102a58a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.966119] ================================================================== [ 32.832200] ================================================================== [ 32.832840] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 32.833587] Write of size 121 at addr ffff888102a58900 by task kunit_try_catch/293 [ 32.834270] [ 32.834563] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 32.835444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.836016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.836788] Call Trace: [ 32.837124] <TASK> [ 32.837389] dump_stack_lvl+0x73/0xb0 [ 32.837900] print_report+0xd1/0x640 [ 32.838510] ? __virt_addr_valid+0x1db/0x2d0 [ 32.838973] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.839597] kasan_report+0x102/0x140 [ 32.840151] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.840615] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.841327] kasan_check_range+0x10c/0x1c0 [ 32.841705] __kasan_check_write+0x18/0x20 [ 32.842215] copy_user_test_oob+0x3fe/0x10f0 [ 32.842890] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.843316] ? finish_task_switch.isra.0+0x153/0x700 [ 32.843928] ? __switch_to+0x5d9/0xf60 [ 32.844286] ? __schedule+0xc3e/0x2790 [ 32.844850] ? __pfx_read_tsc+0x10/0x10 [ 32.845419] ? ktime_get_ts64+0x84/0x230 [ 32.845790] kunit_try_run_case+0x1b3/0x490 [ 32.846635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.847061] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.847793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.848463] ? __kthread_parkme+0x82/0x160 [ 32.848942] ? preempt_count_sub+0x50/0x80 [ 32.849408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.850063] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.850776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.851587] kthread+0x257/0x310 [ 32.852089] ? __pfx_kthread+0x10/0x10 [ 32.852514] ret_from_fork+0x41/0x80 [ 32.852911] ? __pfx_kthread+0x10/0x10 [ 32.853651] ret_from_fork_asm+0x1a/0x30 [ 32.854206] </TASK> [ 32.854509] [ 32.854786] Allocated by task 293: [ 32.855089] kasan_save_stack+0x3d/0x60 [ 32.855638] kasan_save_track+0x18/0x40 [ 32.856756] kasan_save_alloc_info+0x3b/0x50 [ 32.857641] __kasan_kmalloc+0xb7/0xc0 [ 32.857835] __kmalloc_noprof+0x1c4/0x500 [ 32.858110] kunit_kmalloc_array+0x25/0x60 [ 32.858926] copy_user_test_oob+0xac/0x10f0 [ 32.859463] kunit_try_run_case+0x1b3/0x490 [ 32.860311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.860793] kthread+0x257/0x310 [ 32.861304] ret_from_fork+0x41/0x80 [ 32.861637] ret_from_fork_asm+0x1a/0x30 [ 32.862003] [ 32.862280] The buggy address belongs to the object at ffff888102a58900 [ 32.862280] which belongs to the cache kmalloc-128 of size 128 [ 32.863303] The buggy address is located 0 bytes inside of [ 32.863303] allocated 120-byte region [ffff888102a58900, ffff888102a58978) [ 32.864412] [ 32.864578] The buggy address belongs to the physical page: [ 32.865136] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 32.865727] flags: 0x200000000000000(node=0|zone=2) [ 32.866258] page_type: f5(slab) [ 32.866515] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.867352] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.867866] page dumped because: kasan: bad access detected [ 32.868523] [ 32.868731] Memory state around the buggy address: [ 32.869211] ffff888102a58800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.869811] ffff888102a58880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.870401] >ffff888102a58900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.871193] ^ [ 32.871666] ffff888102a58980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.872482] ffff888102a58a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.872952] ================================================================== [ 32.967216] ================================================================== [ 32.967790] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 32.968760] Read of size 121 at addr ffff888102a58900 by task kunit_try_catch/293 [ 32.969466] [ 32.970222] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 32.971636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.972375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.973840] Call Trace: [ 32.974173] <TASK> [ 32.974303] dump_stack_lvl+0x73/0xb0 [ 32.974505] print_report+0xd1/0x640 [ 32.974691] ? __virt_addr_valid+0x1db/0x2d0 [ 32.974893] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.975243] kasan_report+0x102/0x140 [ 32.975529] ? copy_user_test_oob+0x605/0x10f0 [ 32.976829] ? copy_user_test_oob+0x605/0x10f0 [ 32.977544] kasan_check_range+0x10c/0x1c0 [ 32.978001] __kasan_check_read+0x15/0x20 [ 32.978638] copy_user_test_oob+0x605/0x10f0 [ 32.978857] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.979647] ? finish_task_switch.isra.0+0x153/0x700 [ 32.980505] ? __switch_to+0x5d9/0xf60 [ 32.981249] ? __schedule+0xc3e/0x2790 [ 32.981884] ? __pfx_read_tsc+0x10/0x10 [ 32.982875] ? ktime_get_ts64+0x84/0x230 [ 32.983404] kunit_try_run_case+0x1b3/0x490 [ 32.983854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.984811] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.985637] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.986386] ? __kthread_parkme+0x82/0x160 [ 32.986826] ? preempt_count_sub+0x50/0x80 [ 32.987442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.987948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.988411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.989161] kthread+0x257/0x310 [ 32.989587] ? __pfx_kthread+0x10/0x10 [ 32.990003] ret_from_fork+0x41/0x80 [ 32.990514] ? __pfx_kthread+0x10/0x10 [ 32.991095] ret_from_fork_asm+0x1a/0x30 [ 32.991555] </TASK> [ 32.991918] [ 32.992500] Allocated by task 293: [ 32.992876] kasan_save_stack+0x3d/0x60 [ 32.993898] kasan_save_track+0x18/0x40 [ 32.994900] kasan_save_alloc_info+0x3b/0x50 [ 32.995546] __kasan_kmalloc+0xb7/0xc0 [ 32.995942] __kmalloc_noprof+0x1c4/0x500 [ 32.996381] kunit_kmalloc_array+0x25/0x60 [ 32.996803] copy_user_test_oob+0xac/0x10f0 [ 32.997764] kunit_try_run_case+0x1b3/0x490 [ 32.998516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.999799] kthread+0x257/0x310 [ 33.000518] ret_from_fork+0x41/0x80 [ 33.001228] ret_from_fork_asm+0x1a/0x30 [ 33.001443] [ 33.001543] The buggy address belongs to the object at ffff888102a58900 [ 33.001543] which belongs to the cache kmalloc-128 of size 128 [ 33.002003] The buggy address is located 0 bytes inside of [ 33.002003] allocated 120-byte region [ffff888102a58900, ffff888102a58978) [ 33.002936] [ 33.003261] The buggy address belongs to the physical page: [ 33.004229] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 33.005089] flags: 0x200000000000000(node=0|zone=2) [ 33.005638] page_type: f5(slab) [ 33.006027] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 33.006893] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.007774] page dumped because: kasan: bad access detected [ 33.008657] [ 33.009017] Memory state around the buggy address: [ 33.009541] ffff888102a58800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.010417] ffff888102a58880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.011185] >ffff888102a58900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.012132] ^ [ 33.012826] ffff888102a58980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.013605] ffff888102a58a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.014448] ==================================================================