Date
Nov. 28, 2024, 2:36 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.363728] ================================================================== [ 37.364429] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 37.365023] Read of size 121 at addr fff00000c6409200 by task kunit_try_catch/273 [ 37.365956] [ 37.366396] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.368217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.368805] Hardware name: linux,dummy-virt (DT) [ 37.369300] Call trace: [ 37.369727] show_stack+0x20/0x38 (C) [ 37.370279] dump_stack_lvl+0x8c/0xd0 [ 37.370942] print_report+0x118/0x5e0 [ 37.371567] kasan_report+0xc8/0x118 [ 37.372147] kasan_check_range+0x100/0x1a8 [ 37.372762] __kasan_check_read+0x20/0x30 [ 37.373501] copy_user_test_oob+0x4a0/0xec0 [ 37.374165] kunit_try_run_case+0x14c/0x3d0 [ 37.374846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.375593] kthread+0x24c/0x2d0 [ 37.376187] ret_from_fork+0x10/0x20 [ 37.376830] [ 37.377172] Allocated by task 273: [ 37.377592] kasan_save_stack+0x3c/0x68 [ 37.378183] kasan_save_track+0x20/0x40 [ 37.378772] kasan_save_alloc_info+0x40/0x58 [ 37.379499] __kasan_kmalloc+0xd4/0xd8 [ 37.380084] __kmalloc_noprof+0x188/0x4c8 [ 37.380747] kunit_kmalloc_array+0x34/0x88 [ 37.381308] copy_user_test_oob+0xac/0xec0 [ 37.381956] kunit_try_run_case+0x14c/0x3d0 [ 37.382622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.383258] kthread+0x24c/0x2d0 [ 37.383826] ret_from_fork+0x10/0x20 [ 37.384438] [ 37.384749] The buggy address belongs to the object at fff00000c6409200 [ 37.384749] which belongs to the cache kmalloc-128 of size 128 [ 37.385995] The buggy address is located 0 bytes inside of [ 37.385995] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.387257] [ 37.387640] The buggy address belongs to the physical page: [ 37.388330] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.389230] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.390033] page_type: f5(slab) [ 37.390532] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.391441] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.392269] page dumped because: kasan: bad access detected [ 37.392926] [ 37.393318] Memory state around the buggy address: [ 37.393913] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.394725] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.395577] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.396391] ^ [ 37.397205] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.398030] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.398876] ================================================================== [ 37.326955] ================================================================== [ 37.327576] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 37.328440] Write of size 121 at addr fff00000c6409200 by task kunit_try_catch/273 [ 37.329399] [ 37.329814] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.330946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.331576] Hardware name: linux,dummy-virt (DT) [ 37.332131] Call trace: [ 37.332571] show_stack+0x20/0x38 (C) [ 37.333193] dump_stack_lvl+0x8c/0xd0 [ 37.333885] print_report+0x118/0x5e0 [ 37.334498] kasan_report+0xc8/0x118 [ 37.335035] kasan_check_range+0x100/0x1a8 [ 37.335680] __kasan_check_write+0x20/0x30 [ 37.336605] copy_user_test_oob+0x434/0xec0 [ 37.337277] kunit_try_run_case+0x14c/0x3d0 [ 37.337982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.338724] kthread+0x24c/0x2d0 [ 37.339300] ret_from_fork+0x10/0x20 [ 37.339881] [ 37.340234] Allocated by task 273: [ 37.340789] kasan_save_stack+0x3c/0x68 [ 37.341341] kasan_save_track+0x20/0x40 [ 37.341856] kasan_save_alloc_info+0x40/0x58 [ 37.342515] __kasan_kmalloc+0xd4/0xd8 [ 37.343078] __kmalloc_noprof+0x188/0x4c8 [ 37.343723] kunit_kmalloc_array+0x34/0x88 [ 37.344271] copy_user_test_oob+0xac/0xec0 [ 37.344924] kunit_try_run_case+0x14c/0x3d0 [ 37.345525] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.346264] kthread+0x24c/0x2d0 [ 37.346775] ret_from_fork+0x10/0x20 [ 37.347384] [ 37.347759] The buggy address belongs to the object at fff00000c6409200 [ 37.347759] which belongs to the cache kmalloc-128 of size 128 [ 37.348984] The buggy address is located 0 bytes inside of [ 37.348984] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.350316] [ 37.350655] The buggy address belongs to the physical page: [ 37.351372] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.352316] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.353034] page_type: f5(slab) [ 37.353615] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.354499] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.355354] page dumped because: kasan: bad access detected [ 37.356009] [ 37.356393] Memory state around the buggy address: [ 37.356920] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.357845] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.358594] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.359453] ^ [ 37.360259] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.361075] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.361876] ================================================================== [ 37.208218] ================================================================== [ 37.208967] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 37.209878] Read of size 121 at addr fff00000c6409200 by task kunit_try_catch/273 [ 37.210865] [ 37.211274] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.212597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.213394] Hardware name: linux,dummy-virt (DT) [ 37.214139] Call trace: [ 37.214710] show_stack+0x20/0x38 (C) [ 37.215299] dump_stack_lvl+0x8c/0xd0 [ 37.215815] print_report+0x118/0x5e0 [ 37.216323] kasan_report+0xc8/0x118 [ 37.217021] kasan_check_range+0x100/0x1a8 [ 37.217840] __kasan_check_read+0x20/0x30 [ 37.218584] copy_user_test_oob+0x728/0xec0 [ 37.219228] kunit_try_run_case+0x14c/0x3d0 [ 37.219871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.220616] kthread+0x24c/0x2d0 [ 37.221512] ret_from_fork+0x10/0x20 [ 37.222035] [ 37.222268] Allocated by task 273: [ 37.222831] kasan_save_stack+0x3c/0x68 [ 37.223428] kasan_save_track+0x20/0x40 [ 37.224000] kasan_save_alloc_info+0x40/0x58 [ 37.224609] __kasan_kmalloc+0xd4/0xd8 [ 37.225640] __kmalloc_noprof+0x188/0x4c8 [ 37.226351] kunit_kmalloc_array+0x34/0x88 [ 37.226942] copy_user_test_oob+0xac/0xec0 [ 37.227363] kunit_try_run_case+0x14c/0x3d0 [ 37.228032] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.228820] kthread+0x24c/0x2d0 [ 37.229322] ret_from_fork+0x10/0x20 [ 37.229869] [ 37.230241] The buggy address belongs to the object at fff00000c6409200 [ 37.230241] which belongs to the cache kmalloc-128 of size 128 [ 37.231514] The buggy address is located 0 bytes inside of [ 37.231514] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.232762] [ 37.233209] The buggy address belongs to the physical page: [ 37.233964] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.234860] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.235665] page_type: f5(slab) [ 37.236211] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.237040] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.237882] page dumped because: kasan: bad access detected [ 37.238634] [ 37.238977] Memory state around the buggy address: [ 37.239611] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.240501] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.241164] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.242098] ^ [ 37.242999] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.243769] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.244654] ================================================================== [ 37.290408] ================================================================== [ 37.291071] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 37.291969] Read of size 121 at addr fff00000c6409200 by task kunit_try_catch/273 [ 37.292845] [ 37.293293] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.294376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.294942] Hardware name: linux,dummy-virt (DT) [ 37.295679] Call trace: [ 37.296052] show_stack+0x20/0x38 (C) [ 37.296721] dump_stack_lvl+0x8c/0xd0 [ 37.297404] print_report+0x118/0x5e0 [ 37.298102] kasan_report+0xc8/0x118 [ 37.298661] kasan_check_range+0x100/0x1a8 [ 37.299348] __kasan_check_read+0x20/0x30 [ 37.300037] copy_user_test_oob+0x3c8/0xec0 [ 37.300665] kunit_try_run_case+0x14c/0x3d0 [ 37.301362] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.302022] kthread+0x24c/0x2d0 [ 37.302655] ret_from_fork+0x10/0x20 [ 37.303316] [ 37.303691] Allocated by task 273: [ 37.304173] kasan_save_stack+0x3c/0x68 [ 37.304801] kasan_save_track+0x20/0x40 [ 37.305377] kasan_save_alloc_info+0x40/0x58 [ 37.306051] __kasan_kmalloc+0xd4/0xd8 [ 37.306600] __kmalloc_noprof+0x188/0x4c8 [ 37.307244] kunit_kmalloc_array+0x34/0x88 [ 37.307854] copy_user_test_oob+0xac/0xec0 [ 37.308452] kunit_try_run_case+0x14c/0x3d0 [ 37.309087] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.309791] kthread+0x24c/0x2d0 [ 37.310332] ret_from_fork+0x10/0x20 [ 37.310892] [ 37.311287] The buggy address belongs to the object at fff00000c6409200 [ 37.311287] which belongs to the cache kmalloc-128 of size 128 [ 37.312442] The buggy address is located 0 bytes inside of [ 37.312442] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.313631] [ 37.314008] The buggy address belongs to the physical page: [ 37.314717] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.315571] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.316385] page_type: f5(slab) [ 37.316832] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.317769] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.318598] page dumped because: kasan: bad access detected [ 37.319210] [ 37.319588] Memory state around the buggy address: [ 37.320229] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.320957] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.321840] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.322643] ^ [ 37.323448] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.324269] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.325071] ================================================================== [ 37.156251] ================================================================== [ 37.157829] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 37.159155] Write of size 121 at addr fff00000c6409200 by task kunit_try_catch/273 [ 37.159945] [ 37.160338] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.161405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.161927] Hardware name: linux,dummy-virt (DT) [ 37.162580] Call trace: [ 37.162967] show_stack+0x20/0x38 (C) [ 37.163466] dump_stack_lvl+0x8c/0xd0 [ 37.164069] print_report+0x118/0x5e0 [ 37.164696] kasan_report+0xc8/0x118 [ 37.165352] kasan_check_range+0x100/0x1a8 [ 37.166005] __kasan_check_write+0x20/0x30 [ 37.166672] copy_user_test_oob+0x234/0xec0 [ 37.167812] kunit_try_run_case+0x14c/0x3d0 [ 37.168352] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.169200] kthread+0x24c/0x2d0 [ 37.169662] ret_from_fork+0x10/0x20 [ 37.170156] [ 37.170434] Allocated by task 273: [ 37.170749] kasan_save_stack+0x3c/0x68 [ 37.171016] kasan_save_track+0x20/0x40 [ 37.171611] kasan_save_alloc_info+0x40/0x58 [ 37.172307] __kasan_kmalloc+0xd4/0xd8 [ 37.172881] __kmalloc_noprof+0x188/0x4c8 [ 37.174565] kunit_kmalloc_array+0x34/0x88 [ 37.175421] copy_user_test_oob+0xac/0xec0 [ 37.176050] kunit_try_run_case+0x14c/0x3d0 [ 37.176815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.177866] kthread+0x24c/0x2d0 [ 37.178309] ret_from_fork+0x10/0x20 [ 37.178872] [ 37.179234] The buggy address belongs to the object at fff00000c6409200 [ 37.179234] which belongs to the cache kmalloc-128 of size 128 [ 37.180916] The buggy address is located 0 bytes inside of [ 37.180916] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.182918] [ 37.183311] The buggy address belongs to the physical page: [ 37.183935] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.184821] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.185841] page_type: f5(slab) [ 37.186991] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.188035] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.188924] page dumped because: kasan: bad access detected [ 37.189930] [ 37.190531] Memory state around the buggy address: [ 37.191201] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.192190] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.193437] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.195174] ^ [ 37.195922] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.196677] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.197838] ================================================================== [ 37.253650] ================================================================== [ 37.254357] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 37.255151] Write of size 121 at addr fff00000c6409200 by task kunit_try_catch/273 [ 37.255958] [ 37.256327] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.257540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.258058] Hardware name: linux,dummy-virt (DT) [ 37.258725] Call trace: [ 37.259174] show_stack+0x20/0x38 (C) [ 37.259766] dump_stack_lvl+0x8c/0xd0 [ 37.260427] print_report+0x118/0x5e0 [ 37.261022] kasan_report+0xc8/0x118 [ 37.261692] kasan_check_range+0x100/0x1a8 [ 37.262265] __kasan_check_write+0x20/0x30 [ 37.262967] copy_user_test_oob+0x35c/0xec0 [ 37.263573] kunit_try_run_case+0x14c/0x3d0 [ 37.264254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.265066] kthread+0x24c/0x2d0 [ 37.265737] ret_from_fork+0x10/0x20 [ 37.266347] [ 37.266708] Allocated by task 273: [ 37.267270] kasan_save_stack+0x3c/0x68 [ 37.267863] kasan_save_track+0x20/0x40 [ 37.268493] kasan_save_alloc_info+0x40/0x58 [ 37.269195] __kasan_kmalloc+0xd4/0xd8 [ 37.269793] __kmalloc_noprof+0x188/0x4c8 [ 37.270451] kunit_kmalloc_array+0x34/0x88 [ 37.270975] copy_user_test_oob+0xac/0xec0 [ 37.271633] kunit_try_run_case+0x14c/0x3d0 [ 37.272271] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.273012] kthread+0x24c/0x2d0 [ 37.273575] ret_from_fork+0x10/0x20 [ 37.274145] [ 37.274483] The buggy address belongs to the object at fff00000c6409200 [ 37.274483] which belongs to the cache kmalloc-128 of size 128 [ 37.275684] The buggy address is located 0 bytes inside of [ 37.275684] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.276862] [ 37.277299] The buggy address belongs to the physical page: [ 37.278011] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.278893] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.279808] page_type: f5(slab) [ 37.280302] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.281231] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.282054] page dumped because: kasan: bad access detected [ 37.282788] [ 37.283133] Memory state around the buggy address: [ 37.283819] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.284673] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.285518] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.286312] ^ [ 37.287062] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.287921] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.288735] ==================================================================
[ 28.808412] ================================================================== [ 28.809418] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 28.810965] Read of size 121 at addr ffff888101b6b500 by task kunit_try_catch/293 [ 28.811756] [ 28.812019] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 28.812860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.813358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.814415] Call Trace: [ 28.814627] <TASK> [ 28.815018] dump_stack_lvl+0x73/0xb0 [ 28.815557] print_report+0xd1/0x640 [ 28.815889] ? __virt_addr_valid+0x1db/0x2d0 [ 28.816601] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.817115] kasan_report+0x102/0x140 [ 28.817668] ? copy_user_test_oob+0x605/0x10f0 [ 28.818262] ? copy_user_test_oob+0x605/0x10f0 [ 28.818820] kasan_check_range+0x10c/0x1c0 [ 28.819304] __kasan_check_read+0x15/0x20 [ 28.819824] copy_user_test_oob+0x605/0x10f0 [ 28.820279] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.820907] ? finish_task_switch.isra.0+0x153/0x700 [ 28.821542] ? __switch_to+0x5d9/0xf60 [ 28.822051] ? __schedule+0xc3e/0x2790 [ 28.822470] ? __pfx_read_tsc+0x10/0x10 [ 28.822895] ? ktime_get_ts64+0x84/0x230 [ 28.823511] kunit_try_run_case+0x1b3/0x490 [ 28.823925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.824484] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.825133] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.825549] ? __kthread_parkme+0x82/0x160 [ 28.826134] ? preempt_count_sub+0x50/0x80 [ 28.826558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.827038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.827790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.828403] kthread+0x257/0x310 [ 28.828796] ? __pfx_kthread+0x10/0x10 [ 28.829358] ret_from_fork+0x41/0x80 [ 28.829720] ? __pfx_kthread+0x10/0x10 [ 28.830242] ret_from_fork_asm+0x1a/0x30 [ 28.830677] </TASK> [ 28.831050] [ 28.831324] Allocated by task 293: [ 28.831729] kasan_save_stack+0x3d/0x60 [ 28.832179] kasan_save_track+0x18/0x40 [ 28.832598] kasan_save_alloc_info+0x3b/0x50 [ 28.833123] __kasan_kmalloc+0xb7/0xc0 [ 28.833587] __kmalloc_noprof+0x1c4/0x500 [ 28.834179] kunit_kmalloc_array+0x25/0x60 [ 28.834683] copy_user_test_oob+0xac/0x10f0 [ 28.835250] kunit_try_run_case+0x1b3/0x490 [ 28.835662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.836378] kthread+0x257/0x310 [ 28.836839] ret_from_fork+0x41/0x80 [ 28.837174] ret_from_fork_asm+0x1a/0x30 [ 28.837752] [ 28.838003] The buggy address belongs to the object at ffff888101b6b500 [ 28.838003] which belongs to the cache kmalloc-128 of size 128 [ 28.838903] The buggy address is located 0 bytes inside of [ 28.838903] allocated 120-byte region [ffff888101b6b500, ffff888101b6b578) [ 28.840867] [ 28.841024] The buggy address belongs to the physical page: [ 28.841926] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b6b [ 28.843085] flags: 0x200000000000000(node=0|zone=2) [ 28.843727] page_type: f5(slab) [ 28.844443] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.845493] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.846429] page dumped because: kasan: bad access detected [ 28.846892] [ 28.847126] Memory state around the buggy address: [ 28.848085] ffff888101b6b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.848795] ffff888101b6b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.849690] >ffff888101b6b500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.850358] ^ [ 28.850942] ffff888101b6b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.851640] ffff888101b6b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.852215] ================================================================== [ 28.762684] ================================================================== [ 28.764350] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 28.765063] Write of size 121 at addr ffff888101b6b500 by task kunit_try_catch/293 [ 28.765964] [ 28.766216] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 28.767294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.767923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.769115] Call Trace: [ 28.769653] <TASK> [ 28.769958] dump_stack_lvl+0x73/0xb0 [ 28.770837] print_report+0xd1/0x640 [ 28.771544] ? __virt_addr_valid+0x1db/0x2d0 [ 28.772038] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.772599] kasan_report+0x102/0x140 [ 28.772994] ? copy_user_test_oob+0x558/0x10f0 [ 28.773970] ? copy_user_test_oob+0x558/0x10f0 [ 28.774776] kasan_check_range+0x10c/0x1c0 [ 28.775114] __kasan_check_write+0x18/0x20 [ 28.775752] copy_user_test_oob+0x558/0x10f0 [ 28.776257] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.776860] ? finish_task_switch.isra.0+0x153/0x700 [ 28.777472] ? __switch_to+0x5d9/0xf60 [ 28.777974] ? __schedule+0xc3e/0x2790 [ 28.778739] ? __pfx_read_tsc+0x10/0x10 [ 28.779590] ? ktime_get_ts64+0x84/0x230 [ 28.779995] kunit_try_run_case+0x1b3/0x490 [ 28.780506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.780878] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.781394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.781795] ? __kthread_parkme+0x82/0x160 [ 28.782321] ? preempt_count_sub+0x50/0x80 [ 28.782671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.783282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.783942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.784461] kthread+0x257/0x310 [ 28.784824] ? __pfx_kthread+0x10/0x10 [ 28.785414] ret_from_fork+0x41/0x80 [ 28.786055] ? __pfx_kthread+0x10/0x10 [ 28.786819] ret_from_fork_asm+0x1a/0x30 [ 28.787385] </TASK> [ 28.787746] [ 28.787896] Allocated by task 293: [ 28.788382] kasan_save_stack+0x3d/0x60 [ 28.789042] kasan_save_track+0x18/0x40 [ 28.789320] kasan_save_alloc_info+0x3b/0x50 [ 28.790221] __kasan_kmalloc+0xb7/0xc0 [ 28.790811] __kmalloc_noprof+0x1c4/0x500 [ 28.791495] kunit_kmalloc_array+0x25/0x60 [ 28.791880] copy_user_test_oob+0xac/0x10f0 [ 28.792319] kunit_try_run_case+0x1b3/0x490 [ 28.792709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.793253] kthread+0x257/0x310 [ 28.793731] ret_from_fork+0x41/0x80 [ 28.794232] ret_from_fork_asm+0x1a/0x30 [ 28.794699] [ 28.794899] The buggy address belongs to the object at ffff888101b6b500 [ 28.794899] which belongs to the cache kmalloc-128 of size 128 [ 28.796105] The buggy address is located 0 bytes inside of [ 28.796105] allocated 120-byte region [ffff888101b6b500, ffff888101b6b578) [ 28.797280] [ 28.797574] The buggy address belongs to the physical page: [ 28.798194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b6b [ 28.798963] flags: 0x200000000000000(node=0|zone=2) [ 28.799466] page_type: f5(slab) [ 28.799870] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.800654] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.801431] page dumped because: kasan: bad access detected [ 28.801923] [ 28.802212] Memory state around the buggy address: [ 28.802703] ffff888101b6b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.803454] ffff888101b6b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.804207] >ffff888101b6b500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.804857] ^ [ 28.805594] ffff888101b6b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.806373] ffff888101b6b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.807008] ================================================================== [ 28.675158] ================================================================== [ 28.675888] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 28.676641] Write of size 121 at addr ffff888101b6b500 by task kunit_try_catch/293 [ 28.677310] [ 28.677517] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 28.678212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.678743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.679550] Call Trace: [ 28.679781] <TASK> [ 28.679984] dump_stack_lvl+0x73/0xb0 [ 28.680808] print_report+0xd1/0x640 [ 28.681086] ? __virt_addr_valid+0x1db/0x2d0 [ 28.681611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.682172] kasan_report+0x102/0x140 [ 28.682606] ? copy_user_test_oob+0x3fe/0x10f0 [ 28.683002] ? copy_user_test_oob+0x3fe/0x10f0 [ 28.683593] kasan_check_range+0x10c/0x1c0 [ 28.684102] __kasan_check_write+0x18/0x20 [ 28.684437] copy_user_test_oob+0x3fe/0x10f0 [ 28.684960] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.685613] ? finish_task_switch.isra.0+0x153/0x700 [ 28.685951] ? __switch_to+0x5d9/0xf60 [ 28.686680] ? __schedule+0xc3e/0x2790 [ 28.687050] ? __pfx_read_tsc+0x10/0x10 [ 28.687444] ? ktime_get_ts64+0x84/0x230 [ 28.687866] kunit_try_run_case+0x1b3/0x490 [ 28.688227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.688595] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.689273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.689776] ? __kthread_parkme+0x82/0x160 [ 28.690110] ? preempt_count_sub+0x50/0x80 [ 28.690624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.691190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.691734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.692204] kthread+0x257/0x310 [ 28.692723] ? __pfx_kthread+0x10/0x10 [ 28.693012] ret_from_fork+0x41/0x80 [ 28.693287] ? __pfx_kthread+0x10/0x10 [ 28.693790] ret_from_fork_asm+0x1a/0x30 [ 28.694413] </TASK> [ 28.694728] [ 28.694960] Allocated by task 293: [ 28.695255] kasan_save_stack+0x3d/0x60 [ 28.695580] kasan_save_track+0x18/0x40 [ 28.696069] kasan_save_alloc_info+0x3b/0x50 [ 28.696493] __kasan_kmalloc+0xb7/0xc0 [ 28.696784] __kmalloc_noprof+0x1c4/0x500 [ 28.697069] kunit_kmalloc_array+0x25/0x60 [ 28.697785] copy_user_test_oob+0xac/0x10f0 [ 28.698281] kunit_try_run_case+0x1b3/0x490 [ 28.700044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.700448] kthread+0x257/0x310 [ 28.700688] ret_from_fork+0x41/0x80 [ 28.700942] ret_from_fork_asm+0x1a/0x30 [ 28.701397] [ 28.701714] The buggy address belongs to the object at ffff888101b6b500 [ 28.701714] which belongs to the cache kmalloc-128 of size 128 [ 28.703645] The buggy address is located 0 bytes inside of [ 28.703645] allocated 120-byte region [ffff888101b6b500, ffff888101b6b578) [ 28.705000] [ 28.705252] The buggy address belongs to the physical page: [ 28.705761] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b6b [ 28.706548] flags: 0x200000000000000(node=0|zone=2) [ 28.706998] page_type: f5(slab) [ 28.707291] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.707868] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.708738] page dumped because: kasan: bad access detected [ 28.709767] [ 28.710086] Memory state around the buggy address: [ 28.710820] ffff888101b6b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.711851] ffff888101b6b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.712769] >ffff888101b6b500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.713531] ^ [ 28.714037] ffff888101b6b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.714386] ffff888101b6b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.714909] ================================================================== [ 28.716035] ================================================================== [ 28.717245] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 28.717872] Read of size 121 at addr ffff888101b6b500 by task kunit_try_catch/293 [ 28.719100] [ 28.719502] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 28.720416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.721011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.721837] Call Trace: [ 28.722391] <TASK> [ 28.722680] dump_stack_lvl+0x73/0xb0 [ 28.723139] print_report+0xd1/0x640 [ 28.723682] ? __virt_addr_valid+0x1db/0x2d0 [ 28.724184] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.724942] kasan_report+0x102/0x140 [ 28.725470] ? copy_user_test_oob+0x4ab/0x10f0 [ 28.726020] ? copy_user_test_oob+0x4ab/0x10f0 [ 28.726734] kasan_check_range+0x10c/0x1c0 [ 28.727354] __kasan_check_read+0x15/0x20 [ 28.727823] copy_user_test_oob+0x4ab/0x10f0 [ 28.728374] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.728817] ? finish_task_switch.isra.0+0x153/0x700 [ 28.729327] ? __switch_to+0x5d9/0xf60 [ 28.729705] ? __schedule+0xc3e/0x2790 [ 28.730235] ? __pfx_read_tsc+0x10/0x10 [ 28.730664] ? ktime_get_ts64+0x84/0x230 [ 28.731166] kunit_try_run_case+0x1b3/0x490 [ 28.731590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.732295] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.732755] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.733295] ? __kthread_parkme+0x82/0x160 [ 28.733904] ? preempt_count_sub+0x50/0x80 [ 28.734394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.734963] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.735687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.736326] kthread+0x257/0x310 [ 28.736715] ? __pfx_kthread+0x10/0x10 [ 28.737220] ret_from_fork+0x41/0x80 [ 28.737733] ? __pfx_kthread+0x10/0x10 [ 28.738282] ret_from_fork_asm+0x1a/0x30 [ 28.738788] </TASK> [ 28.739103] [ 28.739395] Allocated by task 293: [ 28.739673] kasan_save_stack+0x3d/0x60 [ 28.740265] kasan_save_track+0x18/0x40 [ 28.740601] kasan_save_alloc_info+0x3b/0x50 [ 28.741180] __kasan_kmalloc+0xb7/0xc0 [ 28.741506] __kmalloc_noprof+0x1c4/0x500 [ 28.741950] kunit_kmalloc_array+0x25/0x60 [ 28.742451] copy_user_test_oob+0xac/0x10f0 [ 28.742852] kunit_try_run_case+0x1b3/0x490 [ 28.743287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.743943] kthread+0x257/0x310 [ 28.744251] ret_from_fork+0x41/0x80 [ 28.744548] ret_from_fork_asm+0x1a/0x30 [ 28.745031] [ 28.745359] The buggy address belongs to the object at ffff888101b6b500 [ 28.745359] which belongs to the cache kmalloc-128 of size 128 [ 28.747193] The buggy address is located 0 bytes inside of [ 28.747193] allocated 120-byte region [ffff888101b6b500, ffff888101b6b578) [ 28.748875] [ 28.749081] The buggy address belongs to the physical page: [ 28.750049] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b6b [ 28.750963] flags: 0x200000000000000(node=0|zone=2) [ 28.751720] page_type: f5(slab) [ 28.752154] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.753020] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.753932] page dumped because: kasan: bad access detected [ 28.754628] [ 28.754801] Memory state around the buggy address: [ 28.755926] ffff888101b6b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.756600] ffff888101b6b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.757620] >ffff888101b6b500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.758390] ^ [ 28.759007] ffff888101b6b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.760087] ffff888101b6b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.760758] ==================================================================