Date
Dec. 3, 2024, 11:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.532586] ================================================================== [ 37.533493] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 37.534134] Write of size 121 at addr fff00000c594bf00 by task kunit_try_catch/274 [ 37.535405] [ 37.535729] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.537050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.537603] Hardware name: linux,dummy-virt (DT) [ 37.538203] Call trace: [ 37.538785] show_stack+0x20/0x38 (C) [ 37.539513] dump_stack_lvl+0x8c/0xd0 [ 37.540715] print_report+0x118/0x5e0 [ 37.541572] kasan_report+0xc8/0x118 [ 37.542151] kasan_check_range+0x100/0x1a8 [ 37.542836] __kasan_check_write+0x20/0x30 [ 37.543690] copy_user_test_oob+0x35c/0xec0 [ 37.544486] kunit_try_run_case+0x14c/0x3d0 [ 37.545174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.545952] kthread+0x24c/0x2d0 [ 37.546519] ret_from_fork+0x10/0x20 [ 37.547278] [ 37.548054] Allocated by task 274: [ 37.548470] kasan_save_stack+0x3c/0x68 [ 37.548968] kasan_save_track+0x20/0x40 [ 37.549665] kasan_save_alloc_info+0x40/0x58 [ 37.550309] __kasan_kmalloc+0xd4/0xd8 [ 37.550898] __kmalloc_noprof+0x188/0x4c8 [ 37.552074] kunit_kmalloc_array+0x34/0x88 [ 37.552738] copy_user_test_oob+0xac/0xec0 [ 37.553366] kunit_try_run_case+0x14c/0x3d0 [ 37.553986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.554786] kthread+0x24c/0x2d0 [ 37.555254] ret_from_fork+0x10/0x20 [ 37.555934] [ 37.556190] The buggy address belongs to the object at fff00000c594bf00 [ 37.556190] which belongs to the cache kmalloc-128 of size 128 [ 37.557907] The buggy address is located 0 bytes inside of [ 37.557907] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.560917] [ 37.561231] The buggy address belongs to the physical page: [ 37.562053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.562925] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.564042] page_type: f5(slab) [ 37.564809] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.566030] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.566684] page dumped because: kasan: bad access detected [ 37.567824] [ 37.568452] Memory state around the buggy address: [ 37.569245] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.570219] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.571446] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.572081] ^ [ 37.572959] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.573955] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.574921] ================================================================== [ 37.576677] ================================================================== [ 37.577397] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 37.578539] Read of size 121 at addr fff00000c594bf00 by task kunit_try_catch/274 [ 37.579606] [ 37.580014] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.581690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.582426] Hardware name: linux,dummy-virt (DT) [ 37.583571] Call trace: [ 37.584120] show_stack+0x20/0x38 (C) [ 37.584944] dump_stack_lvl+0x8c/0xd0 [ 37.585658] print_report+0x118/0x5e0 [ 37.586314] kasan_report+0xc8/0x118 [ 37.587016] kasan_check_range+0x100/0x1a8 [ 37.588240] __kasan_check_read+0x20/0x30 [ 37.588899] copy_user_test_oob+0x3c8/0xec0 [ 37.589701] kunit_try_run_case+0x14c/0x3d0 [ 37.590388] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.591486] kthread+0x24c/0x2d0 [ 37.591797] ret_from_fork+0x10/0x20 [ 37.592094] [ 37.592262] Allocated by task 274: [ 37.592557] kasan_save_stack+0x3c/0x68 [ 37.592851] kasan_save_track+0x20/0x40 [ 37.593135] kasan_save_alloc_info+0x40/0x58 [ 37.594285] __kasan_kmalloc+0xd4/0xd8 [ 37.595232] __kmalloc_noprof+0x188/0x4c8 [ 37.597113] kunit_kmalloc_array+0x34/0x88 [ 37.598011] copy_user_test_oob+0xac/0xec0 [ 37.598875] kunit_try_run_case+0x14c/0x3d0 [ 37.599793] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.600689] kthread+0x24c/0x2d0 [ 37.601178] ret_from_fork+0x10/0x20 [ 37.601779] [ 37.602116] The buggy address belongs to the object at fff00000c594bf00 [ 37.602116] which belongs to the cache kmalloc-128 of size 128 [ 37.603492] The buggy address is located 0 bytes inside of [ 37.603492] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.604918] [ 37.605220] The buggy address belongs to the physical page: [ 37.606112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.607037] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.607873] page_type: f5(slab) [ 37.608538] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.609734] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.611407] page dumped because: kasan: bad access detected [ 37.613469] [ 37.613824] Memory state around the buggy address: [ 37.614756] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.616383] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.617295] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.618450] ^ [ 37.620508] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.621632] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.622653] ================================================================== [ 37.625306] ================================================================== [ 37.626142] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 37.626863] Write of size 121 at addr fff00000c594bf00 by task kunit_try_catch/274 [ 37.629771] [ 37.630579] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.631604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.632486] Hardware name: linux,dummy-virt (DT) [ 37.633277] Call trace: [ 37.633760] show_stack+0x20/0x38 (C) [ 37.634304] dump_stack_lvl+0x8c/0xd0 [ 37.635223] print_report+0x118/0x5e0 [ 37.636322] kasan_report+0xc8/0x118 [ 37.636779] kasan_check_range+0x100/0x1a8 [ 37.637268] __kasan_check_write+0x20/0x30 [ 37.638144] copy_user_test_oob+0x434/0xec0 [ 37.638840] kunit_try_run_case+0x14c/0x3d0 [ 37.639635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.640473] kthread+0x24c/0x2d0 [ 37.641261] ret_from_fork+0x10/0x20 [ 37.642352] [ 37.642731] Allocated by task 274: [ 37.643364] kasan_save_stack+0x3c/0x68 [ 37.644056] kasan_save_track+0x20/0x40 [ 37.644706] kasan_save_alloc_info+0x40/0x58 [ 37.645351] __kasan_kmalloc+0xd4/0xd8 [ 37.646110] __kmalloc_noprof+0x188/0x4c8 [ 37.646605] kunit_kmalloc_array+0x34/0x88 [ 37.647219] copy_user_test_oob+0xac/0xec0 [ 37.648677] kunit_try_run_case+0x14c/0x3d0 [ 37.649403] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.650178] kthread+0x24c/0x2d0 [ 37.650668] ret_from_fork+0x10/0x20 [ 37.651839] [ 37.652177] The buggy address belongs to the object at fff00000c594bf00 [ 37.652177] which belongs to the cache kmalloc-128 of size 128 [ 37.654138] The buggy address is located 0 bytes inside of [ 37.654138] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.656254] [ 37.656636] The buggy address belongs to the physical page: [ 37.657572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.658527] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.659736] page_type: f5(slab) [ 37.660253] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.661244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.662801] page dumped because: kasan: bad access detected [ 37.663539] [ 37.664390] Memory state around the buggy address: [ 37.665063] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.666111] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.667073] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.668260] ^ [ 37.669647] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.671643] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.672634] ================================================================== [ 37.482800] ================================================================== [ 37.483692] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 37.484578] Read of size 121 at addr fff00000c594bf00 by task kunit_try_catch/274 [ 37.485604] [ 37.485951] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.487205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.487722] Hardware name: linux,dummy-virt (DT) [ 37.488262] Call trace: [ 37.488879] show_stack+0x20/0x38 (C) [ 37.489569] dump_stack_lvl+0x8c/0xd0 [ 37.490230] print_report+0x118/0x5e0 [ 37.490933] kasan_report+0xc8/0x118 [ 37.491481] kasan_check_range+0x100/0x1a8 [ 37.492293] __kasan_check_read+0x20/0x30 [ 37.492921] copy_user_test_oob+0x728/0xec0 [ 37.493583] kunit_try_run_case+0x14c/0x3d0 [ 37.494431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.495166] kthread+0x24c/0x2d0 [ 37.495813] ret_from_fork+0x10/0x20 [ 37.496541] [ 37.496877] Allocated by task 274: [ 37.497347] kasan_save_stack+0x3c/0x68 [ 37.498068] kasan_save_track+0x20/0x40 [ 37.498758] kasan_save_alloc_info+0x40/0x58 [ 37.499093] __kasan_kmalloc+0xd4/0xd8 [ 37.499487] __kmalloc_noprof+0x188/0x4c8 [ 37.500321] kunit_kmalloc_array+0x34/0x88 [ 37.500967] copy_user_test_oob+0xac/0xec0 [ 37.501589] kunit_try_run_case+0x14c/0x3d0 [ 37.502280] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.503073] kthread+0x24c/0x2d0 [ 37.503567] ret_from_fork+0x10/0x20 [ 37.504167] [ 37.504570] The buggy address belongs to the object at fff00000c594bf00 [ 37.504570] which belongs to the cache kmalloc-128 of size 128 [ 37.505966] The buggy address is located 0 bytes inside of [ 37.505966] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.507312] [ 37.507616] The buggy address belongs to the physical page: [ 37.508436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.509399] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.510201] page_type: f5(slab) [ 37.510733] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.511684] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.512683] page dumped because: kasan: bad access detected [ 37.513470] [ 37.513824] Memory state around the buggy address: [ 37.514496] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.515319] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.516233] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.517169] ^ [ 37.518018] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.518944] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.519915] ================================================================== [ 37.435893] ================================================================== [ 37.437361] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 37.438088] Write of size 121 at addr fff00000c594bf00 by task kunit_try_catch/274 [ 37.439196] [ 37.439912] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.441272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.441862] Hardware name: linux,dummy-virt (DT) [ 37.442510] Call trace: [ 37.442901] show_stack+0x20/0x38 (C) [ 37.443523] dump_stack_lvl+0x8c/0xd0 [ 37.444124] print_report+0x118/0x5e0 [ 37.444731] kasan_report+0xc8/0x118 [ 37.445245] kasan_check_range+0x100/0x1a8 [ 37.445969] __kasan_check_write+0x20/0x30 [ 37.446515] copy_user_test_oob+0x234/0xec0 [ 37.447356] kunit_try_run_case+0x14c/0x3d0 [ 37.448102] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.448976] kthread+0x24c/0x2d0 [ 37.449540] ret_from_fork+0x10/0x20 [ 37.450125] [ 37.450518] Allocated by task 274: [ 37.450977] kasan_save_stack+0x3c/0x68 [ 37.451688] kasan_save_track+0x20/0x40 [ 37.452276] kasan_save_alloc_info+0x40/0x58 [ 37.452911] __kasan_kmalloc+0xd4/0xd8 [ 37.453496] __kmalloc_noprof+0x188/0x4c8 [ 37.454055] kunit_kmalloc_array+0x34/0x88 [ 37.454738] copy_user_test_oob+0xac/0xec0 [ 37.455315] kunit_try_run_case+0x14c/0x3d0 [ 37.455987] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.456751] kthread+0x24c/0x2d0 [ 37.457248] ret_from_fork+0x10/0x20 [ 37.457802] [ 37.458279] The buggy address belongs to the object at fff00000c594bf00 [ 37.458279] which belongs to the cache kmalloc-128 of size 128 [ 37.459659] The buggy address is located 0 bytes inside of [ 37.459659] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.461037] [ 37.461409] The buggy address belongs to the physical page: [ 37.462188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.463060] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.463955] page_type: f5(slab) [ 37.464465] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.465594] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.466571] page dumped because: kasan: bad access detected [ 37.467191] [ 37.467638] Memory state around the buggy address: [ 37.468404] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.469384] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.470298] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.471120] ^ [ 37.472073] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.472963] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.473862] ================================================================== [ 37.674320] ================================================================== [ 37.676292] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 37.677262] Read of size 121 at addr fff00000c594bf00 by task kunit_try_catch/274 [ 37.678046] [ 37.678605] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.680672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.681662] Hardware name: linux,dummy-virt (DT) [ 37.682670] Call trace: [ 37.683491] show_stack+0x20/0x38 (C) [ 37.684854] dump_stack_lvl+0x8c/0xd0 [ 37.685913] print_report+0x118/0x5e0 [ 37.686730] kasan_report+0xc8/0x118 [ 37.687448] kasan_check_range+0x100/0x1a8 [ 37.688169] __kasan_check_read+0x20/0x30 [ 37.689397] copy_user_test_oob+0x4a0/0xec0 [ 37.690084] kunit_try_run_case+0x14c/0x3d0 [ 37.690509] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.691688] kthread+0x24c/0x2d0 [ 37.692164] ret_from_fork+0x10/0x20 [ 37.692966] [ 37.693571] Allocated by task 274: [ 37.694233] kasan_save_stack+0x3c/0x68 [ 37.695415] kasan_save_track+0x20/0x40 [ 37.696047] kasan_save_alloc_info+0x40/0x58 [ 37.696669] __kasan_kmalloc+0xd4/0xd8 [ 37.697204] __kmalloc_noprof+0x188/0x4c8 [ 37.698303] kunit_kmalloc_array+0x34/0x88 [ 37.698895] copy_user_test_oob+0xac/0xec0 [ 37.699651] kunit_try_run_case+0x14c/0x3d0 [ 37.700252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.701090] kthread+0x24c/0x2d0 [ 37.701543] ret_from_fork+0x10/0x20 [ 37.701972] [ 37.702235] The buggy address belongs to the object at fff00000c594bf00 [ 37.702235] which belongs to the cache kmalloc-128 of size 128 [ 37.704871] The buggy address is located 0 bytes inside of [ 37.704871] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.706460] [ 37.706858] The buggy address belongs to the physical page: [ 37.708253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.709481] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.710316] page_type: f5(slab) [ 37.710826] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.712847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.714011] page dumped because: kasan: bad access detected [ 37.714782] [ 37.715277] Memory state around the buggy address: [ 37.716079] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.717038] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.718095] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.719547] ^ [ 37.720898] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.722173] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.723177] ==================================================================
[ 32.680041] ================================================================== [ 32.680584] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 32.681497] Write of size 121 at addr ffff888102a99200 by task kunit_try_catch/294 [ 32.682221] [ 32.682475] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.683497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.683853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.684849] Call Trace: [ 32.685165] <TASK> [ 32.685580] dump_stack_lvl+0x73/0xb0 [ 32.686098] print_report+0xd1/0x640 [ 32.686518] ? __virt_addr_valid+0x1db/0x2d0 [ 32.686975] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.687724] kasan_report+0x102/0x140 [ 32.688203] ? copy_user_test_oob+0x558/0x10f0 [ 32.688724] ? copy_user_test_oob+0x558/0x10f0 [ 32.689205] kasan_check_range+0x10c/0x1c0 [ 32.689899] __kasan_check_write+0x18/0x20 [ 32.690402] copy_user_test_oob+0x558/0x10f0 [ 32.690984] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.691593] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.691934] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.692763] kunit_try_run_case+0x1b3/0x490 [ 32.693252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.693844] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.694320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.694854] ? __kthread_parkme+0x82/0x160 [ 32.695374] ? preempt_count_sub+0x50/0x80 [ 32.695745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.696391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.697115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.698024] kthread+0x257/0x310 [ 32.698413] ? __pfx_kthread+0x10/0x10 [ 32.699155] ret_from_fork+0x41/0x80 [ 32.699408] ? __pfx_kthread+0x10/0x10 [ 32.699814] ret_from_fork_asm+0x1a/0x30 [ 32.700272] </TASK> [ 32.700499] [ 32.700707] Allocated by task 294: [ 32.701074] kasan_save_stack+0x3d/0x60 [ 32.701432] kasan_save_track+0x18/0x40 [ 32.701850] kasan_save_alloc_info+0x3b/0x50 [ 32.702151] __kasan_kmalloc+0xb7/0xc0 [ 32.702411] __kmalloc_noprof+0x1c4/0x500 [ 32.702884] kunit_kmalloc_array+0x25/0x60 [ 32.703481] copy_user_test_oob+0xac/0x10f0 [ 32.704101] kunit_try_run_case+0x1b3/0x490 [ 32.704439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.704754] kthread+0x257/0x310 [ 32.705105] ret_from_fork+0x41/0x80 [ 32.705529] ret_from_fork_asm+0x1a/0x30 [ 32.705923] [ 32.706149] The buggy address belongs to the object at ffff888102a99200 [ 32.706149] which belongs to the cache kmalloc-128 of size 128 [ 32.707136] The buggy address is located 0 bytes inside of [ 32.707136] allocated 120-byte region [ffff888102a99200, ffff888102a99278) [ 32.708118] [ 32.708323] The buggy address belongs to the physical page: [ 32.708786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a99 [ 32.709274] flags: 0x200000000000000(node=0|zone=2) [ 32.709751] page_type: f5(slab) [ 32.710102] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.710864] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.711303] page dumped because: kasan: bad access detected [ 32.711663] [ 32.711865] Memory state around the buggy address: [ 32.712413] ffff888102a99100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.712941] ffff888102a99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.713328] >ffff888102a99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.713684] ^ [ 32.714037] ffff888102a99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.714654] ffff888102a99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.715257] ================================================================== [ 32.642025] ================================================================== [ 32.642567] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 32.642959] Read of size 121 at addr ffff888102a99200 by task kunit_try_catch/294 [ 32.643591] [ 32.643893] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.644922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.645245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.645936] Call Trace: [ 32.646279] <TASK> [ 32.646579] dump_stack_lvl+0x73/0xb0 [ 32.647069] print_report+0xd1/0x640 [ 32.647344] ? __virt_addr_valid+0x1db/0x2d0 [ 32.647899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.648666] kasan_report+0x102/0x140 [ 32.649022] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.649374] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.649682] kasan_check_range+0x10c/0x1c0 [ 32.650287] __kasan_check_read+0x15/0x20 [ 32.650734] copy_user_test_oob+0x4ab/0x10f0 [ 32.651203] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.651849] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.652317] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.652693] kunit_try_run_case+0x1b3/0x490 [ 32.652987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.653716] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.654552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.655131] ? __kthread_parkme+0x82/0x160 [ 32.655717] ? preempt_count_sub+0x50/0x80 [ 32.656164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.656671] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.657527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.657993] kthread+0x257/0x310 [ 32.658515] ? __pfx_kthread+0x10/0x10 [ 32.658954] ret_from_fork+0x41/0x80 [ 32.659434] ? __pfx_kthread+0x10/0x10 [ 32.660008] ret_from_fork_asm+0x1a/0x30 [ 32.660425] </TASK> [ 32.660654] [ 32.660803] Allocated by task 294: [ 32.661085] kasan_save_stack+0x3d/0x60 [ 32.661760] kasan_save_track+0x18/0x40 [ 32.662180] kasan_save_alloc_info+0x3b/0x50 [ 32.662724] __kasan_kmalloc+0xb7/0xc0 [ 32.663294] __kmalloc_noprof+0x1c4/0x500 [ 32.663824] kunit_kmalloc_array+0x25/0x60 [ 32.664281] copy_user_test_oob+0xac/0x10f0 [ 32.664622] kunit_try_run_case+0x1b3/0x490 [ 32.664889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.665403] kthread+0x257/0x310 [ 32.666104] ret_from_fork+0x41/0x80 [ 32.666606] ret_from_fork_asm+0x1a/0x30 [ 32.667016] [ 32.667315] The buggy address belongs to the object at ffff888102a99200 [ 32.667315] which belongs to the cache kmalloc-128 of size 128 [ 32.668549] The buggy address is located 0 bytes inside of [ 32.668549] allocated 120-byte region [ffff888102a99200, ffff888102a99278) [ 32.669563] [ 32.669783] The buggy address belongs to the physical page: [ 32.670299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a99 [ 32.670912] flags: 0x200000000000000(node=0|zone=2) [ 32.671649] page_type: f5(slab) [ 32.672091] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.672942] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.673397] page dumped because: kasan: bad access detected [ 32.674010] [ 32.674240] Memory state around the buggy address: [ 32.674741] ffff888102a99100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.675155] ffff888102a99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.676112] >ffff888102a99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.676755] ^ [ 32.677308] ffff888102a99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.678039] ffff888102a99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.678678] ================================================================== [ 32.600337] ================================================================== [ 32.601261] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 32.601750] Write of size 121 at addr ffff888102a99200 by task kunit_try_catch/294 [ 32.602380] [ 32.602680] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.603508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.603888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.604381] Call Trace: [ 32.605145] <TASK> [ 32.605881] dump_stack_lvl+0x73/0xb0 [ 32.606364] print_report+0xd1/0x640 [ 32.606876] ? __virt_addr_valid+0x1db/0x2d0 [ 32.607397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.608184] kasan_report+0x102/0x140 [ 32.608757] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.609351] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.609994] kasan_check_range+0x10c/0x1c0 [ 32.610618] __kasan_check_write+0x18/0x20 [ 32.611197] copy_user_test_oob+0x3fe/0x10f0 [ 32.611853] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.612492] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.612996] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.613455] kunit_try_run_case+0x1b3/0x490 [ 32.614512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.614794] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.615328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.616037] ? __kthread_parkme+0x82/0x160 [ 32.616690] ? preempt_count_sub+0x50/0x80 [ 32.617258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.618005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.618490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.619106] kthread+0x257/0x310 [ 32.619650] ? __pfx_kthread+0x10/0x10 [ 32.619896] ret_from_fork+0x41/0x80 [ 32.620287] ? __pfx_kthread+0x10/0x10 [ 32.621293] ret_from_fork_asm+0x1a/0x30 [ 32.621686] </TASK> [ 32.621955] [ 32.622567] Allocated by task 294: [ 32.622796] kasan_save_stack+0x3d/0x60 [ 32.623669] kasan_save_track+0x18/0x40 [ 32.624283] kasan_save_alloc_info+0x3b/0x50 [ 32.624900] __kasan_kmalloc+0xb7/0xc0 [ 32.625236] __kmalloc_noprof+0x1c4/0x500 [ 32.625958] kunit_kmalloc_array+0x25/0x60 [ 32.626327] copy_user_test_oob+0xac/0x10f0 [ 32.626911] kunit_try_run_case+0x1b3/0x490 [ 32.627298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.627802] kthread+0x257/0x310 [ 32.628069] ret_from_fork+0x41/0x80 [ 32.628503] ret_from_fork_asm+0x1a/0x30 [ 32.628878] [ 32.629036] The buggy address belongs to the object at ffff888102a99200 [ 32.629036] which belongs to the cache kmalloc-128 of size 128 [ 32.629962] The buggy address is located 0 bytes inside of [ 32.629962] allocated 120-byte region [ffff888102a99200, ffff888102a99278) [ 32.631246] [ 32.631408] The buggy address belongs to the physical page: [ 32.631727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a99 [ 32.632427] flags: 0x200000000000000(node=0|zone=2) [ 32.632947] page_type: f5(slab) [ 32.633321] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.633711] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.634280] page dumped because: kasan: bad access detected [ 32.635037] [ 32.635295] Memory state around the buggy address: [ 32.635947] ffff888102a99100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.637134] ffff888102a99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.637839] >ffff888102a99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.638510] ^ [ 32.639666] ffff888102a99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.640253] ffff888102a99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.640854] ================================================================== [ 32.717092] ================================================================== [ 32.717781] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 32.718347] Read of size 121 at addr ffff888102a99200 by task kunit_try_catch/294 [ 32.718658] [ 32.718798] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.719874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.720273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.720954] Call Trace: [ 32.721233] <TASK> [ 32.721425] dump_stack_lvl+0x73/0xb0 [ 32.721896] print_report+0xd1/0x640 [ 32.722360] ? __virt_addr_valid+0x1db/0x2d0 [ 32.722858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.723237] kasan_report+0x102/0x140 [ 32.723676] ? copy_user_test_oob+0x605/0x10f0 [ 32.723979] ? copy_user_test_oob+0x605/0x10f0 [ 32.724456] kasan_check_range+0x10c/0x1c0 [ 32.724814] __kasan_check_read+0x15/0x20 [ 32.725135] copy_user_test_oob+0x605/0x10f0 [ 32.725433] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.725923] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.726444] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.726959] kunit_try_run_case+0x1b3/0x490 [ 32.727416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.727799] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.728535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.729276] ? __kthread_parkme+0x82/0x160 [ 32.729724] ? preempt_count_sub+0x50/0x80 [ 32.730174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.730641] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.732079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.732950] kthread+0x257/0x310 [ 32.733927] ? __pfx_kthread+0x10/0x10 [ 32.735204] ret_from_fork+0x41/0x80 [ 32.735525] ? __pfx_kthread+0x10/0x10 [ 32.735786] ret_from_fork_asm+0x1a/0x30 [ 32.736095] </TASK> [ 32.736285] [ 32.736438] Allocated by task 294: [ 32.736660] kasan_save_stack+0x3d/0x60 [ 32.736843] kasan_save_track+0x18/0x40 [ 32.736986] kasan_save_alloc_info+0x3b/0x50 [ 32.737490] __kasan_kmalloc+0xb7/0xc0 [ 32.737977] __kmalloc_noprof+0x1c4/0x500 [ 32.738499] kunit_kmalloc_array+0x25/0x60 [ 32.739001] copy_user_test_oob+0xac/0x10f0 [ 32.739576] kunit_try_run_case+0x1b3/0x490 [ 32.740082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.740677] kthread+0x257/0x310 [ 32.740944] ret_from_fork+0x41/0x80 [ 32.741281] ret_from_fork_asm+0x1a/0x30 [ 32.741761] [ 32.741930] The buggy address belongs to the object at ffff888102a99200 [ 32.741930] which belongs to the cache kmalloc-128 of size 128 [ 32.742850] The buggy address is located 0 bytes inside of [ 32.742850] allocated 120-byte region [ffff888102a99200, ffff888102a99278) [ 32.743630] [ 32.743796] The buggy address belongs to the physical page: [ 32.744141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a99 [ 32.744915] flags: 0x200000000000000(node=0|zone=2) [ 32.745408] page_type: f5(slab) [ 32.745822] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.746546] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.747284] page dumped because: kasan: bad access detected [ 32.747876] [ 32.748158] Memory state around the buggy address: [ 32.748787] ffff888102a99100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.749559] ffff888102a99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.750257] >ffff888102a99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.751048] ^ [ 32.751793] ffff888102a99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.752545] ffff888102a99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.752991] ==================================================================