Date
Dec. 5, 2024, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.870548] ================================================================== [ 36.872284] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 36.873233] Write of size 121 at addr fff00000c669bf00 by task kunit_try_catch/274 [ 36.874308] [ 36.874651] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 36.876589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.877145] Hardware name: linux,dummy-virt (DT) [ 36.877685] Call trace: [ 36.878193] show_stack+0x20/0x38 (C) [ 36.878785] dump_stack_lvl+0x8c/0xd0 [ 36.879486] print_report+0x118/0x5e0 [ 36.880100] kasan_report+0xc8/0x118 [ 36.880756] kasan_check_range+0x100/0x1a8 [ 36.881700] __kasan_check_write+0x20/0x30 [ 36.882301] copy_user_test_oob+0x234/0xec0 [ 36.882922] kunit_try_run_case+0x14c/0x3d0 [ 36.883795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.884708] kthread+0x24c/0x2d0 [ 36.885301] ret_from_fork+0x10/0x20 [ 36.885869] [ 36.886230] Allocated by task 274: [ 36.886776] kasan_save_stack+0x3c/0x68 [ 36.887701] kasan_save_track+0x20/0x40 [ 36.888291] kasan_save_alloc_info+0x40/0x58 [ 36.888964] __kasan_kmalloc+0xd4/0xd8 [ 36.889536] __kmalloc_noprof+0x188/0x4c8 [ 36.890213] kunit_kmalloc_array+0x34/0x88 [ 36.890892] copy_user_test_oob+0xac/0xec0 [ 36.892057] kunit_try_run_case+0x14c/0x3d0 [ 36.892675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.893671] kthread+0x24c/0x2d0 [ 36.894266] ret_from_fork+0x10/0x20 [ 36.894768] [ 36.895163] The buggy address belongs to the object at fff00000c669bf00 [ 36.895163] which belongs to the cache kmalloc-128 of size 128 [ 36.896672] The buggy address is located 0 bytes inside of [ 36.896672] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 36.898339] [ 36.898538] The buggy address belongs to the physical page: [ 36.898896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 36.899589] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.900537] page_type: f5(slab) [ 36.901079] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.902011] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.903055] page dumped because: kasan: bad access detected [ 36.904043] [ 36.904358] Memory state around the buggy address: [ 36.904927] fff00000c669be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 36.905893] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.906723] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.907989] ^ [ 36.908829] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.909665] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.910596] ================================================================== [ 36.918104] ================================================================== [ 36.918896] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 36.919922] Read of size 121 at addr fff00000c669bf00 by task kunit_try_catch/274 [ 36.921844] [ 36.922579] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 36.924717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.925260] Hardware name: linux,dummy-virt (DT) [ 36.925902] Call trace: [ 36.926357] show_stack+0x20/0x38 (C) [ 36.926972] dump_stack_lvl+0x8c/0xd0 [ 36.927421] print_report+0x118/0x5e0 [ 36.928416] kasan_report+0xc8/0x118 [ 36.928978] kasan_check_range+0x100/0x1a8 [ 36.929648] __kasan_check_read+0x20/0x30 [ 36.930272] copy_user_test_oob+0x728/0xec0 [ 36.930909] kunit_try_run_case+0x14c/0x3d0 [ 36.931805] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.932626] kthread+0x24c/0x2d0 [ 36.933165] ret_from_fork+0x10/0x20 [ 36.933725] [ 36.934104] Allocated by task 274: [ 36.934697] kasan_save_stack+0x3c/0x68 [ 36.935198] kasan_save_track+0x20/0x40 [ 36.935925] kasan_save_alloc_info+0x40/0x58 [ 36.936501] __kasan_kmalloc+0xd4/0xd8 [ 36.937108] __kmalloc_noprof+0x188/0x4c8 [ 36.937711] kunit_kmalloc_array+0x34/0x88 [ 36.938585] copy_user_test_oob+0xac/0xec0 [ 36.939665] kunit_try_run_case+0x14c/0x3d0 [ 36.940426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.941156] kthread+0x24c/0x2d0 [ 36.941600] ret_from_fork+0x10/0x20 [ 36.942253] [ 36.942572] The buggy address belongs to the object at fff00000c669bf00 [ 36.942572] which belongs to the cache kmalloc-128 of size 128 [ 36.944262] The buggy address is located 0 bytes inside of [ 36.944262] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 36.945691] [ 36.946052] The buggy address belongs to the physical page: [ 36.946691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 36.948320] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.949002] page_type: f5(slab) [ 36.949361] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.950225] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.951431] page dumped because: kasan: bad access detected [ 36.952241] [ 36.952487] Memory state around the buggy address: [ 36.953260] fff00000c669be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.954181] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.954995] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.956462] ^ [ 36.957682] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.958629] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.959595] ================================================================== [ 37.010658] ================================================================== [ 37.011633] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 37.012527] Read of size 121 at addr fff00000c669bf00 by task kunit_try_catch/274 [ 37.013790] [ 37.014253] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 37.015762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.016476] Hardware name: linux,dummy-virt (DT) [ 37.017544] Call trace: [ 37.018056] show_stack+0x20/0x38 (C) [ 37.018742] dump_stack_lvl+0x8c/0xd0 [ 37.019728] print_report+0x118/0x5e0 [ 37.020340] kasan_report+0xc8/0x118 [ 37.021048] kasan_check_range+0x100/0x1a8 [ 37.021808] __kasan_check_read+0x20/0x30 [ 37.022511] copy_user_test_oob+0x3c8/0xec0 [ 37.023208] kunit_try_run_case+0x14c/0x3d0 [ 37.023973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.024801] kthread+0x24c/0x2d0 [ 37.025419] ret_from_fork+0x10/0x20 [ 37.026050] [ 37.026412] Allocated by task 274: [ 37.027052] kasan_save_stack+0x3c/0x68 [ 37.028026] kasan_save_track+0x20/0x40 [ 37.028687] kasan_save_alloc_info+0x40/0x58 [ 37.029381] __kasan_kmalloc+0xd4/0xd8 [ 37.029917] __kmalloc_noprof+0x188/0x4c8 [ 37.030726] kunit_kmalloc_array+0x34/0x88 [ 37.031350] copy_user_test_oob+0xac/0xec0 [ 37.032002] kunit_try_run_case+0x14c/0x3d0 [ 37.032678] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.033441] kthread+0x24c/0x2d0 [ 37.034079] ret_from_fork+0x10/0x20 [ 37.034808] [ 37.035308] The buggy address belongs to the object at fff00000c669bf00 [ 37.035308] which belongs to the cache kmalloc-128 of size 128 [ 37.037253] The buggy address is located 0 bytes inside of [ 37.037253] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 37.039215] [ 37.039582] The buggy address belongs to the physical page: [ 37.040489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 37.041679] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.042596] page_type: f5(slab) [ 37.043154] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.044332] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.045284] page dumped because: kasan: bad access detected [ 37.046043] [ 37.046555] Memory state around the buggy address: [ 37.047225] fff00000c669be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.049178] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.050619] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.051899] ^ [ 37.052354] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.052767] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.054054] ================================================================== [ 37.098307] ================================================================== [ 37.099059] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 37.100808] Read of size 121 at addr fff00000c669bf00 by task kunit_try_catch/274 [ 37.101687] [ 37.102053] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 37.103614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.104474] Hardware name: linux,dummy-virt (DT) [ 37.105030] Call trace: [ 37.105475] show_stack+0x20/0x38 (C) [ 37.106032] dump_stack_lvl+0x8c/0xd0 [ 37.106666] print_report+0x118/0x5e0 [ 37.107412] kasan_report+0xc8/0x118 [ 37.108062] kasan_check_range+0x100/0x1a8 [ 37.108720] __kasan_check_read+0x20/0x30 [ 37.109358] copy_user_test_oob+0x4a0/0xec0 [ 37.110003] kunit_try_run_case+0x14c/0x3d0 [ 37.110651] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.111686] kthread+0x24c/0x2d0 [ 37.112204] ret_from_fork+0x10/0x20 [ 37.112856] [ 37.113253] Allocated by task 274: [ 37.113697] kasan_save_stack+0x3c/0x68 [ 37.114315] kasan_save_track+0x20/0x40 [ 37.115034] kasan_save_alloc_info+0x40/0x58 [ 37.115728] __kasan_kmalloc+0xd4/0xd8 [ 37.116058] __kmalloc_noprof+0x188/0x4c8 [ 37.116349] kunit_kmalloc_array+0x34/0x88 [ 37.116643] copy_user_test_oob+0xac/0xec0 [ 37.117064] kunit_try_run_case+0x14c/0x3d0 [ 37.117901] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.118954] kthread+0x24c/0x2d0 [ 37.119782] ret_from_fork+0x10/0x20 [ 37.120938] [ 37.121209] The buggy address belongs to the object at fff00000c669bf00 [ 37.121209] which belongs to the cache kmalloc-128 of size 128 [ 37.122834] The buggy address is located 0 bytes inside of [ 37.122834] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 37.124972] [ 37.125306] The buggy address belongs to the physical page: [ 37.126281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 37.127498] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.128635] page_type: f5(slab) [ 37.129485] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.130601] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.131851] page dumped because: kasan: bad access detected [ 37.132870] [ 37.133237] Memory state around the buggy address: [ 37.134128] fff00000c669be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.135153] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.136269] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.137087] ^ [ 37.137779] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.139071] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.140644] ================================================================== [ 37.055830] ================================================================== [ 37.056488] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 37.057114] Write of size 121 at addr fff00000c669bf00 by task kunit_try_catch/274 [ 37.058036] [ 37.058393] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 37.059516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.060145] Hardware name: linux,dummy-virt (DT) [ 37.061591] Call trace: [ 37.062115] show_stack+0x20/0x38 (C) [ 37.062996] dump_stack_lvl+0x8c/0xd0 [ 37.064091] print_report+0x118/0x5e0 [ 37.064919] kasan_report+0xc8/0x118 [ 37.065487] kasan_check_range+0x100/0x1a8 [ 37.066220] __kasan_check_write+0x20/0x30 [ 37.066835] copy_user_test_oob+0x434/0xec0 [ 37.067822] kunit_try_run_case+0x14c/0x3d0 [ 37.068434] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.069228] kthread+0x24c/0x2d0 [ 37.069806] ret_from_fork+0x10/0x20 [ 37.070442] [ 37.070771] Allocated by task 274: [ 37.071548] kasan_save_stack+0x3c/0x68 [ 37.072192] kasan_save_track+0x20/0x40 [ 37.072644] kasan_save_alloc_info+0x40/0x58 [ 37.073362] __kasan_kmalloc+0xd4/0xd8 [ 37.073862] __kmalloc_noprof+0x188/0x4c8 [ 37.074452] kunit_kmalloc_array+0x34/0x88 [ 37.075254] copy_user_test_oob+0xac/0xec0 [ 37.075911] kunit_try_run_case+0x14c/0x3d0 [ 37.076684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.077421] kthread+0x24c/0x2d0 [ 37.077947] ret_from_fork+0x10/0x20 [ 37.078681] [ 37.079029] The buggy address belongs to the object at fff00000c669bf00 [ 37.079029] which belongs to the cache kmalloc-128 of size 128 [ 37.081635] The buggy address is located 0 bytes inside of [ 37.081635] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 37.083121] [ 37.083472] The buggy address belongs to the physical page: [ 37.084550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 37.085632] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.086540] page_type: f5(slab) [ 37.087513] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.088413] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.089550] page dumped because: kasan: bad access detected [ 37.090235] [ 37.090605] Memory state around the buggy address: [ 37.091615] fff00000c669be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.092483] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.093176] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.094135] ^ [ 37.095006] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.096046] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.096990] ================================================================== [ 36.967911] ================================================================== [ 36.968663] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 36.969473] Write of size 121 at addr fff00000c669bf00 by task kunit_try_catch/274 [ 36.970269] [ 36.970671] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 36.972167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.972749] Hardware name: linux,dummy-virt (DT) [ 36.973296] Call trace: [ 36.973774] show_stack+0x20/0x38 (C) [ 36.974439] dump_stack_lvl+0x8c/0xd0 [ 36.975143] print_report+0x118/0x5e0 [ 36.975947] kasan_report+0xc8/0x118 [ 36.976502] kasan_check_range+0x100/0x1a8 [ 36.977137] __kasan_check_write+0x20/0x30 [ 36.977995] copy_user_test_oob+0x35c/0xec0 [ 36.978628] kunit_try_run_case+0x14c/0x3d0 [ 36.979275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.980236] kthread+0x24c/0x2d0 [ 36.980930] ret_from_fork+0x10/0x20 [ 36.981539] [ 36.981825] Allocated by task 274: [ 36.982478] kasan_save_stack+0x3c/0x68 [ 36.983222] kasan_save_track+0x20/0x40 [ 36.983994] kasan_save_alloc_info+0x40/0x58 [ 36.984981] __kasan_kmalloc+0xd4/0xd8 [ 36.985678] __kmalloc_noprof+0x188/0x4c8 [ 36.986493] kunit_kmalloc_array+0x34/0x88 [ 36.987085] copy_user_test_oob+0xac/0xec0 [ 36.987851] kunit_try_run_case+0x14c/0x3d0 [ 36.988773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.990064] kthread+0x24c/0x2d0 [ 36.991272] ret_from_fork+0x10/0x20 [ 36.992262] [ 36.992539] The buggy address belongs to the object at fff00000c669bf00 [ 36.992539] which belongs to the cache kmalloc-128 of size 128 [ 36.994217] The buggy address is located 0 bytes inside of [ 36.994217] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 36.995821] [ 36.996282] The buggy address belongs to the physical page: [ 36.997002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 36.998078] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.999027] page_type: f5(slab) [ 36.999634] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.000663] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.001618] page dumped because: kasan: bad access detected [ 37.002401] [ 37.002736] Memory state around the buggy address: [ 37.003523] fff00000c669be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.004469] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.005435] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.006355] ^ [ 37.007368] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.008452] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.009511] ==================================================================
[ 35.351293] ================================================================== [ 35.351913] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 35.352502] Write of size 121 at addr ffff888101ac8600 by task kunit_try_catch/292 [ 35.353379] [ 35.353643] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 35.354937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.355742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.356960] Call Trace: [ 35.357384] <TASK> [ 35.357961] dump_stack_lvl+0x73/0xb0 [ 35.358241] print_report+0xd1/0x640 [ 35.359180] ? __virt_addr_valid+0x1db/0x2d0 [ 35.359701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.360306] kasan_report+0x102/0x140 [ 35.360498] ? copy_user_test_oob+0x558/0x10f0 [ 35.360750] ? copy_user_test_oob+0x558/0x10f0 [ 35.361402] kasan_check_range+0x10c/0x1c0 [ 35.362430] __kasan_check_write+0x18/0x20 [ 35.362749] copy_user_test_oob+0x558/0x10f0 [ 35.363219] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.364047] ? finish_task_switch.isra.0+0x153/0x700 [ 35.364655] ? __switch_to+0x5d9/0xf60 [ 35.365185] ? irqentry_exit+0x2a/0x60 [ 35.365587] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 35.366134] ? trace_hardirqs_on+0x37/0xe0 [ 35.366574] ? __pfx_read_tsc+0x10/0x10 [ 35.367181] ? ktime_get_ts64+0x86/0x230 [ 35.367758] kunit_try_run_case+0x1b3/0x490 [ 35.368364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.369302] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.369836] ? __kthread_parkme+0x82/0x160 [ 35.370204] ? preempt_count_sub+0x50/0x80 [ 35.370567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.371062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.371512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.372230] kthread+0x257/0x310 [ 35.372547] ? __pfx_kthread+0x10/0x10 [ 35.373092] ret_from_fork+0x41/0x80 [ 35.373429] ? __pfx_kthread+0x10/0x10 [ 35.373801] ret_from_fork_asm+0x1a/0x30 [ 35.374327] </TASK> [ 35.374659] [ 35.374933] Allocated by task 292: [ 35.375262] kasan_save_stack+0x3d/0x60 [ 35.375742] kasan_save_track+0x18/0x40 [ 35.376121] kasan_save_alloc_info+0x3b/0x50 [ 35.376576] __kasan_kmalloc+0xb7/0xc0 [ 35.377094] __kmalloc_noprof+0x1c4/0x500 [ 35.377386] kunit_kmalloc_array+0x25/0x60 [ 35.377946] copy_user_test_oob+0xac/0x10f0 [ 35.378482] kunit_try_run_case+0x1b3/0x490 [ 35.378948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.379407] kthread+0x257/0x310 [ 35.379708] ret_from_fork+0x41/0x80 [ 35.380242] ret_from_fork_asm+0x1a/0x30 [ 35.380727] [ 35.380965] The buggy address belongs to the object at ffff888101ac8600 [ 35.380965] which belongs to the cache kmalloc-128 of size 128 [ 35.382120] The buggy address is located 0 bytes inside of [ 35.382120] allocated 120-byte region [ffff888101ac8600, ffff888101ac8678) [ 35.383033] [ 35.383292] The buggy address belongs to the physical page: [ 35.383872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac8 [ 35.384635] flags: 0x200000000000000(node=0|zone=2) [ 35.385161] page_type: f5(slab) [ 35.385486] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.386294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.387078] page dumped because: kasan: bad access detected [ 35.387497] [ 35.387822] Memory state around the buggy address: [ 35.388314] ffff888101ac8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.388799] ffff888101ac8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.389550] >ffff888101ac8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.390040] ^ [ 35.390840] ffff888101ac8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.391447] ffff888101ac8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.391998] ================================================================== [ 35.297396] ================================================================== [ 35.298757] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 35.299768] Read of size 121 at addr ffff888101ac8600 by task kunit_try_catch/292 [ 35.301430] [ 35.301797] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 35.303013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.303539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.304498] Call Trace: [ 35.305429] <TASK> [ 35.305671] dump_stack_lvl+0x73/0xb0 [ 35.306436] print_report+0xd1/0x640 [ 35.307016] ? __virt_addr_valid+0x1db/0x2d0 [ 35.307469] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.308530] kasan_report+0x102/0x140 [ 35.309239] ? copy_user_test_oob+0x4ab/0x10f0 [ 35.309697] ? copy_user_test_oob+0x4ab/0x10f0 [ 35.310636] kasan_check_range+0x10c/0x1c0 [ 35.311235] __kasan_check_read+0x15/0x20 [ 35.311831] copy_user_test_oob+0x4ab/0x10f0 [ 35.312319] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.312815] ? finish_task_switch.isra.0+0x153/0x700 [ 35.314044] ? __switch_to+0x5d9/0xf60 [ 35.314392] ? irqentry_exit+0x2a/0x60 [ 35.315033] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 35.315533] ? trace_hardirqs_on+0x37/0xe0 [ 35.316272] ? __pfx_read_tsc+0x10/0x10 [ 35.316966] ? ktime_get_ts64+0x86/0x230 [ 35.317354] kunit_try_run_case+0x1b3/0x490 [ 35.318177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.318643] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.319655] ? __kthread_parkme+0x82/0x160 [ 35.320382] ? preempt_count_sub+0x50/0x80 [ 35.321154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.321609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.322537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.323285] kthread+0x257/0x310 [ 35.323725] ? __pfx_kthread+0x10/0x10 [ 35.324472] ret_from_fork+0x41/0x80 [ 35.325141] ? __pfx_kthread+0x10/0x10 [ 35.325487] ret_from_fork_asm+0x1a/0x30 [ 35.326308] </TASK> [ 35.326534] [ 35.326705] Allocated by task 292: [ 35.327224] kasan_save_stack+0x3d/0x60 [ 35.328113] kasan_save_track+0x18/0x40 [ 35.328469] kasan_save_alloc_info+0x3b/0x50 [ 35.329473] __kasan_kmalloc+0xb7/0xc0 [ 35.329895] __kmalloc_noprof+0x1c4/0x500 [ 35.330361] kunit_kmalloc_array+0x25/0x60 [ 35.331135] copy_user_test_oob+0xac/0x10f0 [ 35.331614] kunit_try_run_case+0x1b3/0x490 [ 35.332514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.333285] kthread+0x257/0x310 [ 35.333560] ret_from_fork+0x41/0x80 [ 35.334374] ret_from_fork_asm+0x1a/0x30 [ 35.334775] [ 35.335109] The buggy address belongs to the object at ffff888101ac8600 [ 35.335109] which belongs to the cache kmalloc-128 of size 128 [ 35.336745] The buggy address is located 0 bytes inside of [ 35.336745] allocated 120-byte region [ffff888101ac8600, ffff888101ac8678) [ 35.338136] [ 35.338631] The buggy address belongs to the physical page: [ 35.339268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac8 [ 35.340421] flags: 0x200000000000000(node=0|zone=2) [ 35.341191] page_type: f5(slab) [ 35.341663] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.342737] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.343627] page dumped because: kasan: bad access detected [ 35.344404] [ 35.344989] Memory state around the buggy address: [ 35.345490] ffff888101ac8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.346381] ffff888101ac8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.347080] >ffff888101ac8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.347359] ^ [ 35.347633] ffff888101ac8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.348819] ffff888101ac8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.349701] ================================================================== [ 35.393235] ================================================================== [ 35.393848] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 35.394592] Read of size 121 at addr ffff888101ac8600 by task kunit_try_catch/292 [ 35.395137] [ 35.395319] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 35.396327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.396741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.397275] Call Trace: [ 35.397494] <TASK> [ 35.397841] dump_stack_lvl+0x73/0xb0 [ 35.398328] print_report+0xd1/0x640 [ 35.398884] ? __virt_addr_valid+0x1db/0x2d0 [ 35.399442] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.400029] kasan_report+0x102/0x140 [ 35.400369] ? copy_user_test_oob+0x605/0x10f0 [ 35.400718] ? copy_user_test_oob+0x605/0x10f0 [ 35.401315] kasan_check_range+0x10c/0x1c0 [ 35.401898] __kasan_check_read+0x15/0x20 [ 35.402345] copy_user_test_oob+0x605/0x10f0 [ 35.402827] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.403218] ? finish_task_switch.isra.0+0x153/0x700 [ 35.403651] ? __switch_to+0x5d9/0xf60 [ 35.404202] ? irqentry_exit+0x2a/0x60 [ 35.404657] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 35.405205] ? trace_hardirqs_on+0x37/0xe0 [ 35.405613] ? __pfx_read_tsc+0x10/0x10 [ 35.405977] ? ktime_get_ts64+0x86/0x230 [ 35.406282] kunit_try_run_case+0x1b3/0x490 [ 35.406915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.407454] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.407873] ? __kthread_parkme+0x82/0x160 [ 35.408195] ? preempt_count_sub+0x50/0x80 [ 35.408717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.409319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.410198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.410977] kthread+0x257/0x310 [ 35.411268] ? __pfx_kthread+0x10/0x10 [ 35.412225] ret_from_fork+0x41/0x80 [ 35.413122] ? __pfx_kthread+0x10/0x10 [ 35.413637] ret_from_fork_asm+0x1a/0x30 [ 35.414164] </TASK> [ 35.414448] [ 35.414735] Allocated by task 292: [ 35.415118] kasan_save_stack+0x3d/0x60 [ 35.415473] kasan_save_track+0x18/0x40 [ 35.415958] kasan_save_alloc_info+0x3b/0x50 [ 35.416270] __kasan_kmalloc+0xb7/0xc0 [ 35.416552] __kmalloc_noprof+0x1c4/0x500 [ 35.417147] kunit_kmalloc_array+0x25/0x60 [ 35.417716] copy_user_test_oob+0xac/0x10f0 [ 35.418374] kunit_try_run_case+0x1b3/0x490 [ 35.418888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.419287] kthread+0x257/0x310 [ 35.419550] ret_from_fork+0x41/0x80 [ 35.420125] ret_from_fork_asm+0x1a/0x30 [ 35.420725] [ 35.421059] The buggy address belongs to the object at ffff888101ac8600 [ 35.421059] which belongs to the cache kmalloc-128 of size 128 [ 35.422160] The buggy address is located 0 bytes inside of [ 35.422160] allocated 120-byte region [ffff888101ac8600, ffff888101ac8678) [ 35.423614] [ 35.423904] The buggy address belongs to the physical page: [ 35.424248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac8 [ 35.425249] flags: 0x200000000000000(node=0|zone=2) [ 35.425845] page_type: f5(slab) [ 35.426259] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.426857] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.427731] page dumped because: kasan: bad access detected [ 35.428165] [ 35.428398] Memory state around the buggy address: [ 35.429049] ffff888101ac8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.429744] ffff888101ac8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.430525] >ffff888101ac8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.431207] ^ [ 35.431949] ffff888101ac8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.432598] ffff888101ac8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.433367] ================================================================== [ 35.252882] ================================================================== [ 35.253501] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 35.254347] Write of size 121 at addr ffff888101ac8600 by task kunit_try_catch/292 [ 35.255514] [ 35.255875] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 35.257109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.257656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.258495] Call Trace: [ 35.259191] <TASK> [ 35.259865] dump_stack_lvl+0x73/0xb0 [ 35.260236] print_report+0xd1/0x640 [ 35.260997] ? __virt_addr_valid+0x1db/0x2d0 [ 35.261461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.262594] kasan_report+0x102/0x140 [ 35.263000] ? copy_user_test_oob+0x3fe/0x10f0 [ 35.263577] ? copy_user_test_oob+0x3fe/0x10f0 [ 35.264345] kasan_check_range+0x10c/0x1c0 [ 35.265131] __kasan_check_write+0x18/0x20 [ 35.265555] copy_user_test_oob+0x3fe/0x10f0 [ 35.266234] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.266830] ? finish_task_switch.isra.0+0x153/0x700 [ 35.267612] ? __switch_to+0x5d9/0xf60 [ 35.268212] ? irqentry_exit+0x2a/0x60 [ 35.268597] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 35.269166] ? trace_hardirqs_on+0x37/0xe0 [ 35.269576] ? __pfx_read_tsc+0x10/0x10 [ 35.270006] ? ktime_get_ts64+0x86/0x230 [ 35.270496] kunit_try_run_case+0x1b3/0x490 [ 35.270858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.271410] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.271992] ? __kthread_parkme+0x82/0x160 [ 35.272298] ? preempt_count_sub+0x50/0x80 [ 35.272891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.273466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.274042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.274567] kthread+0x257/0x310 [ 35.274924] ? __pfx_kthread+0x10/0x10 [ 35.275392] ret_from_fork+0x41/0x80 [ 35.275714] ? __pfx_kthread+0x10/0x10 [ 35.276234] ret_from_fork_asm+0x1a/0x30 [ 35.276808] </TASK> [ 35.277138] [ 35.277329] Allocated by task 292: [ 35.277581] kasan_save_stack+0x3d/0x60 [ 35.278166] kasan_save_track+0x18/0x40 [ 35.278573] kasan_save_alloc_info+0x3b/0x50 [ 35.279170] __kasan_kmalloc+0xb7/0xc0 [ 35.279458] __kmalloc_noprof+0x1c4/0x500 [ 35.280103] kunit_kmalloc_array+0x25/0x60 [ 35.280450] copy_user_test_oob+0xac/0x10f0 [ 35.280818] kunit_try_run_case+0x1b3/0x490 [ 35.281314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.282008] kthread+0x257/0x310 [ 35.282361] ret_from_fork+0x41/0x80 [ 35.282666] ret_from_fork_asm+0x1a/0x30 [ 35.283141] [ 35.283401] The buggy address belongs to the object at ffff888101ac8600 [ 35.283401] which belongs to the cache kmalloc-128 of size 128 [ 35.284477] The buggy address is located 0 bytes inside of [ 35.284477] allocated 120-byte region [ffff888101ac8600, ffff888101ac8678) [ 35.285468] [ 35.285653] The buggy address belongs to the physical page: [ 35.286070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac8 [ 35.287028] flags: 0x200000000000000(node=0|zone=2) [ 35.287472] page_type: f5(slab) [ 35.287828] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.288598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.289286] page dumped because: kasan: bad access detected [ 35.289928] [ 35.290181] Memory state around the buggy address: [ 35.290548] ffff888101ac8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.292155] ffff888101ac8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.293036] >ffff888101ac8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.293814] ^ [ 35.294493] ffff888101ac8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.295196] ffff888101ac8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.295805] ==================================================================