Date
Dec. 4, 2024, 3:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.437521] ================================================================== [ 39.438233] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 39.439309] Read of size 121 at addr fff00000c6766e00 by task kunit_try_catch/273 [ 39.440750] [ 39.441087] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.443880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.444691] Hardware name: linux,dummy-virt (DT) [ 39.445485] Call trace: [ 39.445917] show_stack+0x20/0x38 (C) [ 39.446505] dump_stack_lvl+0x8c/0xd0 [ 39.447039] print_report+0x118/0x5e0 [ 39.447559] kasan_report+0xc8/0x118 [ 39.448147] kasan_check_range+0x100/0x1a8 [ 39.448764] __kasan_check_read+0x20/0x30 [ 39.449469] copy_user_test_oob+0x3c8/0xec0 [ 39.450016] kunit_try_run_case+0x14c/0x3d0 [ 39.450742] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.451593] kthread+0x24c/0x2d0 [ 39.452189] ret_from_fork+0x10/0x20 [ 39.452851] [ 39.453262] Allocated by task 273: [ 39.453739] kasan_save_stack+0x3c/0x68 [ 39.454329] kasan_save_track+0x20/0x40 [ 39.454766] kasan_save_alloc_info+0x40/0x58 [ 39.455229] __kasan_kmalloc+0xd4/0xd8 [ 39.455675] __kmalloc_noprof+0x188/0x4c8 [ 39.456100] kunit_kmalloc_array+0x34/0x88 [ 39.456753] copy_user_test_oob+0xac/0xec0 [ 39.457586] kunit_try_run_case+0x14c/0x3d0 [ 39.458074] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.458745] kthread+0x24c/0x2d0 [ 39.459370] ret_from_fork+0x10/0x20 [ 39.459918] [ 39.460213] The buggy address belongs to the object at fff00000c6766e00 [ 39.460213] which belongs to the cache kmalloc-128 of size 128 [ 39.461870] The buggy address is located 0 bytes inside of [ 39.461870] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.463487] [ 39.463813] The buggy address belongs to the physical page: [ 39.464538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.465229] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.466192] page_type: f5(slab) [ 39.466682] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.467735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.468874] page dumped because: kasan: bad access detected [ 39.469572] [ 39.469966] Memory state around the buggy address: [ 39.470651] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.471706] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.472701] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.473520] ^ [ 39.474401] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.475282] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.476232] ================================================================== [ 39.479349] ================================================================== [ 39.480226] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 39.480971] Write of size 121 at addr fff00000c6766e00 by task kunit_try_catch/273 [ 39.481896] [ 39.482408] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.483657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.484192] Hardware name: linux,dummy-virt (DT) [ 39.484818] Call trace: [ 39.485306] show_stack+0x20/0x38 (C) [ 39.485983] dump_stack_lvl+0x8c/0xd0 [ 39.486689] print_report+0x118/0x5e0 [ 39.487273] kasan_report+0xc8/0x118 [ 39.488032] kasan_check_range+0x100/0x1a8 [ 39.488759] __kasan_check_write+0x20/0x30 [ 39.489356] copy_user_test_oob+0x434/0xec0 [ 39.490038] kunit_try_run_case+0x14c/0x3d0 [ 39.490707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.491478] kthread+0x24c/0x2d0 [ 39.492100] ret_from_fork+0x10/0x20 [ 39.492808] [ 39.493136] Allocated by task 273: [ 39.493645] kasan_save_stack+0x3c/0x68 [ 39.494253] kasan_save_track+0x20/0x40 [ 39.494856] kasan_save_alloc_info+0x40/0x58 [ 39.495371] __kasan_kmalloc+0xd4/0xd8 [ 39.496122] __kmalloc_noprof+0x188/0x4c8 [ 39.496679] kunit_kmalloc_array+0x34/0x88 [ 39.497304] copy_user_test_oob+0xac/0xec0 [ 39.497941] kunit_try_run_case+0x14c/0x3d0 [ 39.498646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.499366] kthread+0x24c/0x2d0 [ 39.499823] ret_from_fork+0x10/0x20 [ 39.500443] [ 39.500814] The buggy address belongs to the object at fff00000c6766e00 [ 39.500814] which belongs to the cache kmalloc-128 of size 128 [ 39.502165] The buggy address is located 0 bytes inside of [ 39.502165] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.503564] [ 39.503911] The buggy address belongs to the physical page: [ 39.504791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.505724] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.506649] page_type: f5(slab) [ 39.507263] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.508108] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.509136] page dumped because: kasan: bad access detected [ 39.509970] [ 39.510318] Memory state around the buggy address: [ 39.510957] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.511940] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.512965] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.513847] ^ [ 39.514781] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.515682] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.516505] ================================================================== [ 39.295031] ================================================================== [ 39.296469] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 39.297285] Write of size 121 at addr fff00000c6766e00 by task kunit_try_catch/273 [ 39.298070] [ 39.299177] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.300510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.301127] Hardware name: linux,dummy-virt (DT) [ 39.301955] Call trace: [ 39.302456] show_stack+0x20/0x38 (C) [ 39.303145] dump_stack_lvl+0x8c/0xd0 [ 39.303850] print_report+0x118/0x5e0 [ 39.304416] kasan_report+0xc8/0x118 [ 39.304961] kasan_check_range+0x100/0x1a8 [ 39.305530] __kasan_check_write+0x20/0x30 [ 39.306481] copy_user_test_oob+0x234/0xec0 [ 39.307154] kunit_try_run_case+0x14c/0x3d0 [ 39.307754] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.308514] kthread+0x24c/0x2d0 [ 39.309072] ret_from_fork+0x10/0x20 [ 39.309820] [ 39.310277] Allocated by task 273: [ 39.311228] kasan_save_stack+0x3c/0x68 [ 39.311831] kasan_save_track+0x20/0x40 [ 39.312340] kasan_save_alloc_info+0x40/0x58 [ 39.313083] __kasan_kmalloc+0xd4/0xd8 [ 39.313652] __kmalloc_noprof+0x188/0x4c8 [ 39.314383] kunit_kmalloc_array+0x34/0x88 [ 39.315296] copy_user_test_oob+0xac/0xec0 [ 39.315862] kunit_try_run_case+0x14c/0x3d0 [ 39.316758] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.317745] kthread+0x24c/0x2d0 [ 39.319101] ret_from_fork+0x10/0x20 [ 39.319537] [ 39.320099] The buggy address belongs to the object at fff00000c6766e00 [ 39.320099] which belongs to the cache kmalloc-128 of size 128 [ 39.321445] The buggy address is located 0 bytes inside of [ 39.321445] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.323309] [ 39.323785] The buggy address belongs to the physical page: [ 39.324501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.325436] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.326485] page_type: f5(slab) [ 39.327275] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.328197] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.329154] page dumped because: kasan: bad access detected [ 39.329758] [ 39.330235] Memory state around the buggy address: [ 39.331466] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.332491] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.333464] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.335012] ^ [ 39.335619] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.336830] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.337684] ================================================================== [ 39.346381] ================================================================== [ 39.347785] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 39.348673] Read of size 121 at addr fff00000c6766e00 by task kunit_try_catch/273 [ 39.350179] [ 39.351057] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.352527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.353238] Hardware name: linux,dummy-virt (DT) [ 39.353967] Call trace: [ 39.354372] show_stack+0x20/0x38 (C) [ 39.355017] dump_stack_lvl+0x8c/0xd0 [ 39.355613] print_report+0x118/0x5e0 [ 39.356234] kasan_report+0xc8/0x118 [ 39.356911] kasan_check_range+0x100/0x1a8 [ 39.357642] __kasan_check_read+0x20/0x30 [ 39.358197] copy_user_test_oob+0x728/0xec0 [ 39.358950] kunit_try_run_case+0x14c/0x3d0 [ 39.359697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.360446] kthread+0x24c/0x2d0 [ 39.360999] ret_from_fork+0x10/0x20 [ 39.361732] [ 39.362177] Allocated by task 273: [ 39.362775] kasan_save_stack+0x3c/0x68 [ 39.363259] kasan_save_track+0x20/0x40 [ 39.364003] kasan_save_alloc_info+0x40/0x58 [ 39.364535] __kasan_kmalloc+0xd4/0xd8 [ 39.365185] __kmalloc_noprof+0x188/0x4c8 [ 39.365959] kunit_kmalloc_array+0x34/0x88 [ 39.366521] copy_user_test_oob+0xac/0xec0 [ 39.367238] kunit_try_run_case+0x14c/0x3d0 [ 39.367865] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.368607] kthread+0x24c/0x2d0 [ 39.369121] ret_from_fork+0x10/0x20 [ 39.369657] [ 39.370085] The buggy address belongs to the object at fff00000c6766e00 [ 39.370085] which belongs to the cache kmalloc-128 of size 128 [ 39.371451] The buggy address is located 0 bytes inside of [ 39.371451] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.372832] [ 39.373246] The buggy address belongs to the physical page: [ 39.373937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.374942] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.375746] page_type: f5(slab) [ 39.376293] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.377244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.378188] page dumped because: kasan: bad access detected [ 39.378866] [ 39.379194] Memory state around the buggy address: [ 39.379856] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.380647] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.381656] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.382483] ^ [ 39.383392] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.384304] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.385263] ================================================================== [ 39.394559] ================================================================== [ 39.395345] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 39.396136] Write of size 121 at addr fff00000c6766e00 by task kunit_try_catch/273 [ 39.397018] [ 39.397401] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.399172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.399834] Hardware name: linux,dummy-virt (DT) [ 39.400566] Call trace: [ 39.401104] show_stack+0x20/0x38 (C) [ 39.401939] dump_stack_lvl+0x8c/0xd0 [ 39.402681] print_report+0x118/0x5e0 [ 39.403296] kasan_report+0xc8/0x118 [ 39.403982] kasan_check_range+0x100/0x1a8 [ 39.404695] __kasan_check_write+0x20/0x30 [ 39.405379] copy_user_test_oob+0x35c/0xec0 [ 39.406074] kunit_try_run_case+0x14c/0x3d0 [ 39.406823] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.407702] kthread+0x24c/0x2d0 [ 39.408293] ret_from_fork+0x10/0x20 [ 39.408851] [ 39.409108] Allocated by task 273: [ 39.409501] kasan_save_stack+0x3c/0x68 [ 39.409953] kasan_save_track+0x20/0x40 [ 39.410397] kasan_save_alloc_info+0x40/0x58 [ 39.411070] __kasan_kmalloc+0xd4/0xd8 [ 39.411927] __kmalloc_noprof+0x188/0x4c8 [ 39.412588] kunit_kmalloc_array+0x34/0x88 [ 39.413058] copy_user_test_oob+0xac/0xec0 [ 39.416293] kunit_try_run_case+0x14c/0x3d0 [ 39.416977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.417730] kthread+0x24c/0x2d0 [ 39.418219] ret_from_fork+0x10/0x20 [ 39.418962] [ 39.419293] The buggy address belongs to the object at fff00000c6766e00 [ 39.419293] which belongs to the cache kmalloc-128 of size 128 [ 39.420715] The buggy address is located 0 bytes inside of [ 39.420715] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.422574] [ 39.423036] The buggy address belongs to the physical page: [ 39.424033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.424987] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.425729] page_type: f5(slab) [ 39.426272] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.427769] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.428640] page dumped because: kasan: bad access detected [ 39.429329] [ 39.429668] Memory state around the buggy address: [ 39.430409] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.431258] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.432287] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.433194] ^ [ 39.434131] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.435034] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.436038] ================================================================== [ 39.518205] ================================================================== [ 39.519129] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 39.520418] Read of size 121 at addr fff00000c6766e00 by task kunit_try_catch/273 [ 39.521146] [ 39.521485] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.523027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.523559] Hardware name: linux,dummy-virt (DT) [ 39.524336] Call trace: [ 39.524820] show_stack+0x20/0x38 (C) [ 39.525343] dump_stack_lvl+0x8c/0xd0 [ 39.526069] print_report+0x118/0x5e0 [ 39.526680] kasan_report+0xc8/0x118 [ 39.527270] kasan_check_range+0x100/0x1a8 [ 39.527903] __kasan_check_read+0x20/0x30 [ 39.528490] copy_user_test_oob+0x4a0/0xec0 [ 39.529111] kunit_try_run_case+0x14c/0x3d0 [ 39.529954] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.530671] kthread+0x24c/0x2d0 [ 39.531237] ret_from_fork+0x10/0x20 [ 39.531893] [ 39.532260] Allocated by task 273: [ 39.532754] kasan_save_stack+0x3c/0x68 [ 39.533367] kasan_save_track+0x20/0x40 [ 39.534106] kasan_save_alloc_info+0x40/0x58 [ 39.534745] __kasan_kmalloc+0xd4/0xd8 [ 39.535228] __kmalloc_noprof+0x188/0x4c8 [ 39.535920] kunit_kmalloc_array+0x34/0x88 [ 39.536536] copy_user_test_oob+0xac/0xec0 [ 39.537155] kunit_try_run_case+0x14c/0x3d0 [ 39.537698] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.538521] kthread+0x24c/0x2d0 [ 39.539067] ret_from_fork+0x10/0x20 [ 39.539807] [ 39.540102] The buggy address belongs to the object at fff00000c6766e00 [ 39.540102] which belongs to the cache kmalloc-128 of size 128 [ 39.541533] The buggy address is located 0 bytes inside of [ 39.541533] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.543031] [ 39.543366] The buggy address belongs to the physical page: [ 39.544113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.545038] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.545864] page_type: f5(slab) [ 39.546452] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.547407] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.548398] page dumped because: kasan: bad access detected [ 39.549090] [ 39.549420] Memory state around the buggy address: [ 39.550090] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.551035] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.551907] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.552782] ^ [ 39.553650] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.554530] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.555436] ==================================================================
[ 30.660639] ================================================================== [ 30.661285] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 30.661949] Write of size 121 at addr ffff8881029a4b00 by task kunit_try_catch/293 [ 30.662603] [ 30.662846] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.663711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.664416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.665338] Call Trace: [ 30.665674] <TASK> [ 30.666005] dump_stack_lvl+0x73/0xb0 [ 30.666395] print_report+0xd1/0x640 [ 30.666750] ? __virt_addr_valid+0x1db/0x2d0 [ 30.667278] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.667696] kasan_report+0x102/0x140 [ 30.668165] ? copy_user_test_oob+0x3fe/0x10f0 [ 30.668780] ? copy_user_test_oob+0x3fe/0x10f0 [ 30.669164] kasan_check_range+0x10c/0x1c0 [ 30.669544] __kasan_check_write+0x18/0x20 [ 30.670193] copy_user_test_oob+0x3fe/0x10f0 [ 30.670592] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.671151] ? finish_task_switch.isra.0+0x153/0x700 [ 30.671702] ? __switch_to+0x5d9/0xf60 [ 30.672022] ? __schedule+0xc3e/0x2790 [ 30.672502] ? __pfx_read_tsc+0x10/0x10 [ 30.673012] ? ktime_get_ts64+0x86/0x230 [ 30.673493] kunit_try_run_case+0x1b3/0x490 [ 30.673920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.674585] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.674991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.675577] ? __kthread_parkme+0x82/0x160 [ 30.675969] ? preempt_count_sub+0x50/0x80 [ 30.676429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.676780] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.677405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.678072] kthread+0x257/0x310 [ 30.678475] ? __pfx_kthread+0x10/0x10 [ 30.678922] ret_from_fork+0x41/0x80 [ 30.679282] ? __pfx_kthread+0x10/0x10 [ 30.679568] ret_from_fork_asm+0x1a/0x30 [ 30.680339] </TASK> [ 30.680761] [ 30.680923] Allocated by task 293: [ 30.681344] kasan_save_stack+0x3d/0x60 [ 30.682109] kasan_save_track+0x18/0x40 [ 30.682483] kasan_save_alloc_info+0x3b/0x50 [ 30.682997] __kasan_kmalloc+0xb7/0xc0 [ 30.683431] __kmalloc_noprof+0x1c4/0x500 [ 30.683748] kunit_kmalloc_array+0x25/0x60 [ 30.684271] copy_user_test_oob+0xac/0x10f0 [ 30.684763] kunit_try_run_case+0x1b3/0x490 [ 30.685070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.685418] kthread+0x257/0x310 [ 30.685774] ret_from_fork+0x41/0x80 [ 30.686267] ret_from_fork_asm+0x1a/0x30 [ 30.686612] [ 30.686800] The buggy address belongs to the object at ffff8881029a4b00 [ 30.686800] which belongs to the cache kmalloc-128 of size 128 [ 30.688066] The buggy address is located 0 bytes inside of [ 30.688066] allocated 120-byte region [ffff8881029a4b00, ffff8881029a4b78) [ 30.689479] [ 30.689687] The buggy address belongs to the physical page: [ 30.690367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a4 [ 30.690845] flags: 0x200000000000000(node=0|zone=2) [ 30.691729] page_type: f5(slab) [ 30.691991] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.693311] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.693791] page dumped because: kasan: bad access detected [ 30.694414] [ 30.694803] Memory state around the buggy address: [ 30.695138] ffff8881029a4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.695559] ffff8881029a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.696340] >ffff8881029a4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.697267] ^ [ 30.698057] ffff8881029a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698596] ffff8881029a4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.699029] ================================================================== [ 30.793778] ================================================================== [ 30.794499] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 30.796646] Read of size 121 at addr ffff8881029a4b00 by task kunit_try_catch/293 [ 30.797936] [ 30.798404] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.799728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.800308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.801148] Call Trace: [ 30.801430] <TASK> [ 30.801871] dump_stack_lvl+0x73/0xb0 [ 30.802538] print_report+0xd1/0x640 [ 30.802974] ? __virt_addr_valid+0x1db/0x2d0 [ 30.803722] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.804737] kasan_report+0x102/0x140 [ 30.805489] ? copy_user_test_oob+0x605/0x10f0 [ 30.805892] ? copy_user_test_oob+0x605/0x10f0 [ 30.806342] kasan_check_range+0x10c/0x1c0 [ 30.806764] __kasan_check_read+0x15/0x20 [ 30.807437] copy_user_test_oob+0x605/0x10f0 [ 30.807879] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.808492] ? finish_task_switch.isra.0+0x153/0x700 [ 30.809037] ? __switch_to+0x5d9/0xf60 [ 30.809595] ? __schedule+0xc3e/0x2790 [ 30.810114] ? __pfx_read_tsc+0x10/0x10 [ 30.810437] ? ktime_get_ts64+0x86/0x230 [ 30.810988] kunit_try_run_case+0x1b3/0x490 [ 30.811553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.812040] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.812471] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.813145] ? __kthread_parkme+0x82/0x160 [ 30.813720] ? preempt_count_sub+0x50/0x80 [ 30.814235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.814884] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.815426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.816002] kthread+0x257/0x310 [ 30.816445] ? __pfx_kthread+0x10/0x10 [ 30.816885] ret_from_fork+0x41/0x80 [ 30.817427] ? __pfx_kthread+0x10/0x10 [ 30.817955] ret_from_fork_asm+0x1a/0x30 [ 30.818463] </TASK> [ 30.818723] [ 30.818973] Allocated by task 293: [ 30.819439] kasan_save_stack+0x3d/0x60 [ 30.819974] kasan_save_track+0x18/0x40 [ 30.820466] kasan_save_alloc_info+0x3b/0x50 [ 30.821152] __kasan_kmalloc+0xb7/0xc0 [ 30.821713] __kmalloc_noprof+0x1c4/0x500 [ 30.822289] kunit_kmalloc_array+0x25/0x60 [ 30.822734] copy_user_test_oob+0xac/0x10f0 [ 30.823232] kunit_try_run_case+0x1b3/0x490 [ 30.823745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.824396] kthread+0x257/0x310 [ 30.824690] ret_from_fork+0x41/0x80 [ 30.825161] ret_from_fork_asm+0x1a/0x30 [ 30.825685] [ 30.825925] The buggy address belongs to the object at ffff8881029a4b00 [ 30.825925] which belongs to the cache kmalloc-128 of size 128 [ 30.827011] The buggy address is located 0 bytes inside of [ 30.827011] allocated 120-byte region [ffff8881029a4b00, ffff8881029a4b78) [ 30.828230] [ 30.828445] The buggy address belongs to the physical page: [ 30.829013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a4 [ 30.829815] flags: 0x200000000000000(node=0|zone=2) [ 30.830427] page_type: f5(slab) [ 30.830773] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.831629] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.832412] page dumped because: kasan: bad access detected [ 30.832937] [ 30.833260] Memory state around the buggy address: [ 30.833715] ffff8881029a4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.834314] ffff8881029a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.835149] >ffff8881029a4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.835795] ^ [ 30.836597] ffff8881029a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.837307] ffff8881029a4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.838017] ================================================================== [ 30.744109] ================================================================== [ 30.745827] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 30.746832] Write of size 121 at addr ffff8881029a4b00 by task kunit_try_catch/293 [ 30.747593] [ 30.747793] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.749722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.750673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.751536] Call Trace: [ 30.751849] <TASK> [ 30.752870] dump_stack_lvl+0x73/0xb0 [ 30.753280] print_report+0xd1/0x640 [ 30.753886] ? __virt_addr_valid+0x1db/0x2d0 [ 30.754336] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.755178] kasan_report+0x102/0x140 [ 30.755599] ? copy_user_test_oob+0x558/0x10f0 [ 30.756068] ? copy_user_test_oob+0x558/0x10f0 [ 30.756960] kasan_check_range+0x10c/0x1c0 [ 30.757687] __kasan_check_write+0x18/0x20 [ 30.758306] copy_user_test_oob+0x558/0x10f0 [ 30.758897] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.759861] ? finish_task_switch.isra.0+0x153/0x700 [ 30.760716] ? __switch_to+0x5d9/0xf60 [ 30.761091] ? __schedule+0xc3e/0x2790 [ 30.761752] ? __pfx_read_tsc+0x10/0x10 [ 30.762676] ? ktime_get_ts64+0x86/0x230 [ 30.763042] kunit_try_run_case+0x1b3/0x490 [ 30.763967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.765204] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.765864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.766473] ? __kthread_parkme+0x82/0x160 [ 30.766933] ? preempt_count_sub+0x50/0x80 [ 30.767512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.768062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.768980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.769744] kthread+0x257/0x310 [ 30.770392] ? __pfx_kthread+0x10/0x10 [ 30.770975] ret_from_fork+0x41/0x80 [ 30.771276] ? __pfx_kthread+0x10/0x10 [ 30.771985] ret_from_fork_asm+0x1a/0x30 [ 30.772793] </TASK> [ 30.773011] [ 30.773475] Allocated by task 293: [ 30.773798] kasan_save_stack+0x3d/0x60 [ 30.774206] kasan_save_track+0x18/0x40 [ 30.774585] kasan_save_alloc_info+0x3b/0x50 [ 30.774997] __kasan_kmalloc+0xb7/0xc0 [ 30.775368] __kmalloc_noprof+0x1c4/0x500 [ 30.776533] kunit_kmalloc_array+0x25/0x60 [ 30.776911] copy_user_test_oob+0xac/0x10f0 [ 30.777770] kunit_try_run_case+0x1b3/0x490 [ 30.778271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.779189] kthread+0x257/0x310 [ 30.779491] ret_from_fork+0x41/0x80 [ 30.779803] ret_from_fork_asm+0x1a/0x30 [ 30.780329] [ 30.780529] The buggy address belongs to the object at ffff8881029a4b00 [ 30.780529] which belongs to the cache kmalloc-128 of size 128 [ 30.781748] The buggy address is located 0 bytes inside of [ 30.781748] allocated 120-byte region [ffff8881029a4b00, ffff8881029a4b78) [ 30.782567] [ 30.782844] The buggy address belongs to the physical page: [ 30.783571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a4 [ 30.784318] flags: 0x200000000000000(node=0|zone=2) [ 30.784734] page_type: f5(slab) [ 30.785263] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.785945] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.786771] page dumped because: kasan: bad access detected [ 30.787321] [ 30.787570] Memory state around the buggy address: [ 30.787992] ffff8881029a4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.788712] ffff8881029a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.789381] >ffff8881029a4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.789913] ^ [ 30.790725] ffff8881029a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.791438] ffff8881029a4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.792170] ================================================================== [ 30.700493] ================================================================== [ 30.701587] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 30.702484] Read of size 121 at addr ffff8881029a4b00 by task kunit_try_catch/293 [ 30.703151] [ 30.703384] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.704373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.704718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.705547] Call Trace: [ 30.705807] <TASK> [ 30.706016] dump_stack_lvl+0x73/0xb0 [ 30.706319] print_report+0xd1/0x640 [ 30.706743] ? __virt_addr_valid+0x1db/0x2d0 [ 30.707345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.708270] kasan_report+0x102/0x140 [ 30.708817] ? copy_user_test_oob+0x4ab/0x10f0 [ 30.709427] ? copy_user_test_oob+0x4ab/0x10f0 [ 30.709878] kasan_check_range+0x10c/0x1c0 [ 30.710192] __kasan_check_read+0x15/0x20 [ 30.710494] copy_user_test_oob+0x4ab/0x10f0 [ 30.711470] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.712205] ? finish_task_switch.isra.0+0x153/0x700 [ 30.712825] ? __switch_to+0x5d9/0xf60 [ 30.713341] ? __schedule+0xc3e/0x2790 [ 30.714116] ? __pfx_read_tsc+0x10/0x10 [ 30.714587] ? ktime_get_ts64+0x86/0x230 [ 30.715200] kunit_try_run_case+0x1b3/0x490 [ 30.715765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.716365] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.716835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.717552] ? __kthread_parkme+0x82/0x160 [ 30.718009] ? preempt_count_sub+0x50/0x80 [ 30.718703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.719423] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.720197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.720787] kthread+0x257/0x310 [ 30.721242] ? __pfx_kthread+0x10/0x10 [ 30.721551] ret_from_fork+0x41/0x80 [ 30.722186] ? __pfx_kthread+0x10/0x10 [ 30.722486] ret_from_fork_asm+0x1a/0x30 [ 30.723126] </TASK> [ 30.723452] [ 30.723699] Allocated by task 293: [ 30.724015] kasan_save_stack+0x3d/0x60 [ 30.724652] kasan_save_track+0x18/0x40 [ 30.725005] kasan_save_alloc_info+0x3b/0x50 [ 30.725674] __kasan_kmalloc+0xb7/0xc0 [ 30.726248] __kmalloc_noprof+0x1c4/0x500 [ 30.726745] kunit_kmalloc_array+0x25/0x60 [ 30.727140] copy_user_test_oob+0xac/0x10f0 [ 30.727655] kunit_try_run_case+0x1b3/0x490 [ 30.728293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.728695] kthread+0x257/0x310 [ 30.729246] ret_from_fork+0x41/0x80 [ 30.729740] ret_from_fork_asm+0x1a/0x30 [ 30.730264] [ 30.730556] The buggy address belongs to the object at ffff8881029a4b00 [ 30.730556] which belongs to the cache kmalloc-128 of size 128 [ 30.731715] The buggy address is located 0 bytes inside of [ 30.731715] allocated 120-byte region [ffff8881029a4b00, ffff8881029a4b78) [ 30.733145] [ 30.733389] The buggy address belongs to the physical page: [ 30.733819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a4 [ 30.734737] flags: 0x200000000000000(node=0|zone=2) [ 30.735259] page_type: f5(slab) [ 30.735527] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.736498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.737426] page dumped because: kasan: bad access detected [ 30.737966] [ 30.738248] Memory state around the buggy address: [ 30.738737] ffff8881029a4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.739509] ffff8881029a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740042] >ffff8881029a4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.740814] ^ [ 30.741399] ffff8881029a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.742001] ffff8881029a4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.742828] ==================================================================