Date
Dec. 6, 2024, 3:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 38.019225] ================================================================== [ 38.020018] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 38.021437] Read of size 121 at addr fff00000c66d6400 by task kunit_try_catch/274 [ 38.022178] [ 38.022612] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 38.023694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.024297] Hardware name: linux,dummy-virt (DT) [ 38.024805] Call trace: [ 38.025262] show_stack+0x20/0x38 (C) [ 38.025948] dump_stack_lvl+0x8c/0xd0 [ 38.026480] print_report+0x118/0x5e0 [ 38.027149] kasan_report+0xc8/0x118 [ 38.027802] kasan_check_range+0x100/0x1a8 [ 38.028415] __kasan_check_read+0x20/0x30 [ 38.029059] copy_user_test_oob+0x3c8/0xec0 [ 38.029719] kunit_try_run_case+0x14c/0x3d0 [ 38.030317] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.031112] kthread+0x24c/0x2d0 [ 38.031723] ret_from_fork+0x10/0x20 [ 38.032275] [ 38.032660] Allocated by task 274: [ 38.033148] kasan_save_stack+0x3c/0x68 [ 38.033781] kasan_save_track+0x20/0x40 [ 38.034269] kasan_save_alloc_info+0x40/0x58 [ 38.034947] __kasan_kmalloc+0xd4/0xd8 [ 38.035494] __kmalloc_noprof+0x188/0x4c8 [ 38.036086] kunit_kmalloc_array+0x34/0x88 [ 38.036751] copy_user_test_oob+0xac/0xec0 [ 38.037281] kunit_try_run_case+0x14c/0x3d0 [ 38.037968] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.038751] kthread+0x24c/0x2d0 [ 38.039305] ret_from_fork+0x10/0x20 [ 38.039875] [ 38.040244] The buggy address belongs to the object at fff00000c66d6400 [ 38.040244] which belongs to the cache kmalloc-128 of size 128 [ 38.041406] The buggy address is located 0 bytes inside of [ 38.041406] allocated 120-byte region [fff00000c66d6400, fff00000c66d6478) [ 38.042931] [ 38.043239] The buggy address belongs to the physical page: [ 38.043960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066d6 [ 38.044850] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.045644] page_type: f5(slab) [ 38.046142] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.047027] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 38.047910] page dumped because: kasan: bad access detected [ 38.048537] [ 38.048873] Memory state around the buggy address: [ 38.049563] fff00000c66d6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.050333] fff00000c66d6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.051193] >fff00000c66d6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.051964] ^ [ 38.052749] fff00000c66d6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.053561] fff00000c66d6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.054353] ================================================================== [ 37.885145] ================================================================== [ 37.886655] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 37.887473] Write of size 121 at addr fff00000c66d6400 by task kunit_try_catch/274 [ 37.888403] [ 37.889549] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 37.891082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.891957] Hardware name: linux,dummy-virt (DT) [ 37.892887] Call trace: [ 37.893359] show_stack+0x20/0x38 (C) [ 37.894033] dump_stack_lvl+0x8c/0xd0 [ 37.894743] print_report+0x118/0x5e0 [ 37.895285] kasan_report+0xc8/0x118 [ 37.895995] kasan_check_range+0x100/0x1a8 [ 37.896745] __kasan_check_write+0x20/0x30 [ 37.897483] copy_user_test_oob+0x234/0xec0 [ 37.898324] kunit_try_run_case+0x14c/0x3d0 [ 37.899137] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.900002] kthread+0x24c/0x2d0 [ 37.900655] ret_from_fork+0x10/0x20 [ 37.901335] [ 37.901736] Allocated by task 274: [ 37.902260] kasan_save_stack+0x3c/0x68 [ 37.902993] kasan_save_track+0x20/0x40 [ 37.903654] kasan_save_alloc_info+0x40/0x58 [ 37.904348] __kasan_kmalloc+0xd4/0xd8 [ 37.904910] __kmalloc_noprof+0x188/0x4c8 [ 37.905195] kunit_kmalloc_array+0x34/0x88 [ 37.905461] copy_user_test_oob+0xac/0xec0 [ 37.905936] kunit_try_run_case+0x14c/0x3d0 [ 37.906688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.907501] kthread+0x24c/0x2d0 [ 37.908057] ret_from_fork+0x10/0x20 [ 37.908664] [ 37.909006] The buggy address belongs to the object at fff00000c66d6400 [ 37.909006] which belongs to the cache kmalloc-128 of size 128 [ 37.910339] The buggy address is located 0 bytes inside of [ 37.910339] allocated 120-byte region [fff00000c66d6400, fff00000c66d6478) [ 37.911716] [ 37.912116] The buggy address belongs to the physical page: [ 37.912861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066d6 [ 37.913717] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.914712] page_type: f5(slab) [ 37.915295] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.916182] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.917055] page dumped because: kasan: bad access detected [ 37.917846] [ 37.918238] Memory state around the buggy address: [ 37.918837] fff00000c66d6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.919810] fff00000c66d6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.920711] >fff00000c66d6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.921491] ^ [ 37.922282] fff00000c66d6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.923190] fff00000c66d6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.924066] ================================================================== [ 38.056174] ================================================================== [ 38.057487] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 38.059244] Write of size 121 at addr fff00000c66d6400 by task kunit_try_catch/274 [ 38.060125] [ 38.060581] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 38.061763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.062327] Hardware name: linux,dummy-virt (DT) [ 38.062961] Call trace: [ 38.063461] show_stack+0x20/0x38 (C) [ 38.064074] dump_stack_lvl+0x8c/0xd0 [ 38.064765] print_report+0x118/0x5e0 [ 38.065399] kasan_report+0xc8/0x118 [ 38.066114] kasan_check_range+0x100/0x1a8 [ 38.066730] __kasan_check_write+0x20/0x30 [ 38.067471] copy_user_test_oob+0x434/0xec0 [ 38.068143] kunit_try_run_case+0x14c/0x3d0 [ 38.068857] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.069695] kthread+0x24c/0x2d0 [ 38.070286] ret_from_fork+0x10/0x20 [ 38.070921] [ 38.071286] Allocated by task 274: [ 38.071882] kasan_save_stack+0x3c/0x68 [ 38.072425] kasan_save_track+0x20/0x40 [ 38.073060] kasan_save_alloc_info+0x40/0x58 [ 38.073779] __kasan_kmalloc+0xd4/0xd8 [ 38.074368] __kmalloc_noprof+0x188/0x4c8 [ 38.075041] kunit_kmalloc_array+0x34/0x88 [ 38.075592] copy_user_test_oob+0xac/0xec0 [ 38.076307] kunit_try_run_case+0x14c/0x3d0 [ 38.076924] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.077705] kthread+0x24c/0x2d0 [ 38.078253] ret_from_fork+0x10/0x20 [ 38.078902] [ 38.079233] The buggy address belongs to the object at fff00000c66d6400 [ 38.079233] which belongs to the cache kmalloc-128 of size 128 [ 38.080566] The buggy address is located 0 bytes inside of [ 38.080566] allocated 120-byte region [fff00000c66d6400, fff00000c66d6478) [ 38.081819] [ 38.082248] The buggy address belongs to the physical page: [ 38.082954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066d6 [ 38.083887] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.084749] page_type: f5(slab) [ 38.085584] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.086240] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 38.086958] page dumped because: kasan: bad access detected [ 38.087457] [ 38.090354] Memory state around the buggy address: [ 38.091870] fff00000c66d6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.093617] fff00000c66d6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.095485] >fff00000c66d6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.097400] ^ [ 38.099218] fff00000c66d6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.101033] fff00000c66d6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.102807] ================================================================== [ 37.983146] ================================================================== [ 37.983867] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 37.984644] Write of size 121 at addr fff00000c66d6400 by task kunit_try_catch/274 [ 37.985373] [ 37.985864] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 37.987333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.987724] Hardware name: linux,dummy-virt (DT) [ 37.988388] Call trace: [ 37.988852] show_stack+0x20/0x38 (C) [ 37.989503] dump_stack_lvl+0x8c/0xd0 [ 37.990155] print_report+0x118/0x5e0 [ 37.990746] kasan_report+0xc8/0x118 [ 37.991391] kasan_check_range+0x100/0x1a8 [ 37.991954] __kasan_check_write+0x20/0x30 [ 37.992655] copy_user_test_oob+0x35c/0xec0 [ 37.993181] kunit_try_run_case+0x14c/0x3d0 [ 37.993892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.994612] kthread+0x24c/0x2d0 [ 37.995224] ret_from_fork+0x10/0x20 [ 37.995910] [ 37.996257] Allocated by task 274: [ 37.996719] kasan_save_stack+0x3c/0x68 [ 37.997326] kasan_save_track+0x20/0x40 [ 37.997950] kasan_save_alloc_info+0x40/0x58 [ 37.998463] __kasan_kmalloc+0xd4/0xd8 [ 37.999104] __kmalloc_noprof+0x188/0x4c8 [ 37.999705] kunit_kmalloc_array+0x34/0x88 [ 38.000356] copy_user_test_oob+0xac/0xec0 [ 38.000992] kunit_try_run_case+0x14c/0x3d0 [ 38.001660] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.002298] kthread+0x24c/0x2d0 [ 38.002888] ret_from_fork+0x10/0x20 [ 38.003348] [ 38.003731] The buggy address belongs to the object at fff00000c66d6400 [ 38.003731] which belongs to the cache kmalloc-128 of size 128 [ 38.004906] The buggy address is located 0 bytes inside of [ 38.004906] allocated 120-byte region [fff00000c66d6400, fff00000c66d6478) [ 38.006204] [ 38.006603] The buggy address belongs to the physical page: [ 38.007277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066d6 [ 38.008278] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.009010] page_type: f5(slab) [ 38.009583] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.010406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 38.011289] page dumped because: kasan: bad access detected [ 38.011957] [ 38.012302] Memory state around the buggy address: [ 38.012826] fff00000c66d6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.013757] fff00000c66d6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.014623] >fff00000c66d6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.015485] ^ [ 38.016228] fff00000c66d6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.017096] fff00000c66d6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.017893] ================================================================== [ 37.933046] ================================================================== [ 37.933819] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 37.934618] Read of size 121 at addr fff00000c66d6400 by task kunit_try_catch/274 [ 37.936095] [ 37.936432] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 37.937541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.938146] Hardware name: linux,dummy-virt (DT) [ 37.938878] Call trace: [ 37.939229] show_stack+0x20/0x38 (C) [ 37.939739] dump_stack_lvl+0x8c/0xd0 [ 37.940906] print_report+0x118/0x5e0 [ 37.941548] kasan_report+0xc8/0x118 [ 37.942171] kasan_check_range+0x100/0x1a8 [ 37.942939] __kasan_check_read+0x20/0x30 [ 37.944155] copy_user_test_oob+0x728/0xec0 [ 37.945096] kunit_try_run_case+0x14c/0x3d0 [ 37.946001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.947042] kthread+0x24c/0x2d0 [ 37.947971] ret_from_fork+0x10/0x20 [ 37.948878] [ 37.949206] Allocated by task 274: [ 37.949731] kasan_save_stack+0x3c/0x68 [ 37.950324] kasan_save_track+0x20/0x40 [ 37.950887] kasan_save_alloc_info+0x40/0x58 [ 37.951863] __kasan_kmalloc+0xd4/0xd8 [ 37.952483] __kmalloc_noprof+0x188/0x4c8 [ 37.953090] kunit_kmalloc_array+0x34/0x88 [ 37.953639] copy_user_test_oob+0xac/0xec0 [ 37.954711] kunit_try_run_case+0x14c/0x3d0 [ 37.955366] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.955976] kthread+0x24c/0x2d0 [ 37.956471] ret_from_fork+0x10/0x20 [ 37.957090] [ 37.957459] The buggy address belongs to the object at fff00000c66d6400 [ 37.957459] which belongs to the cache kmalloc-128 of size 128 [ 37.958883] The buggy address is located 0 bytes inside of [ 37.958883] allocated 120-byte region [fff00000c66d6400, fff00000c66d6478) [ 37.960169] [ 37.960770] The buggy address belongs to the physical page: [ 37.961740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066d6 [ 37.962929] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.963592] page_type: f5(slab) [ 37.964057] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.964798] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.965773] page dumped because: kasan: bad access detected [ 37.966598] [ 37.966977] Memory state around the buggy address: [ 37.968125] fff00000c66d6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.968963] fff00000c66d6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.970023] >fff00000c66d6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.971064] ^ [ 37.972194] fff00000c66d6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.973129] fff00000c66d6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.974121] ================================================================== [ 38.106571] ================================================================== [ 38.109657] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 38.111620] Read of size 121 at addr fff00000c66d6400 by task kunit_try_catch/274 [ 38.113888] [ 38.114748] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 38.116049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.117332] Hardware name: linux,dummy-virt (DT) [ 38.117977] Call trace: [ 38.118429] show_stack+0x20/0x38 (C) [ 38.119007] dump_stack_lvl+0x8c/0xd0 [ 38.119677] print_report+0x118/0x5e0 [ 38.120188] kasan_report+0xc8/0x118 [ 38.120846] kasan_check_range+0x100/0x1a8 [ 38.121434] __kasan_check_read+0x20/0x30 [ 38.122052] copy_user_test_oob+0x4a0/0xec0 [ 38.122729] kunit_try_run_case+0x14c/0x3d0 [ 38.123346] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.124162] kthread+0x24c/0x2d0 [ 38.124738] ret_from_fork+0x10/0x20 [ 38.125315] [ 38.125667] Allocated by task 274: [ 38.126158] kasan_save_stack+0x3c/0x68 [ 38.126790] kasan_save_track+0x20/0x40 [ 38.127373] kasan_save_alloc_info+0x40/0x58 [ 38.128015] __kasan_kmalloc+0xd4/0xd8 [ 38.128556] __kmalloc_noprof+0x188/0x4c8 [ 38.129164] kunit_kmalloc_array+0x34/0x88 [ 38.129816] copy_user_test_oob+0xac/0xec0 [ 38.130454] kunit_try_run_case+0x14c/0x3d0 [ 38.131022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.131822] kthread+0x24c/0x2d0 [ 38.132387] ret_from_fork+0x10/0x20 [ 38.133001] [ 38.133373] The buggy address belongs to the object at fff00000c66d6400 [ 38.133373] which belongs to the cache kmalloc-128 of size 128 [ 38.134400] The buggy address is located 0 bytes inside of [ 38.134400] allocated 120-byte region [fff00000c66d6400, fff00000c66d6478) [ 38.135876] [ 38.136252] The buggy address belongs to the physical page: [ 38.136915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066d6 [ 38.137674] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.138552] page_type: f5(slab) [ 38.139116] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.140058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 38.140855] page dumped because: kasan: bad access detected [ 38.141558] [ 38.141913] Memory state around the buggy address: [ 38.142603] fff00000c66d6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.143352] fff00000c66d6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.144247] >fff00000c66d6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.144991] ^ [ 38.145830] fff00000c66d6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.146581] fff00000c66d6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.147374] ==================================================================
[ 31.889238] ================================================================== [ 31.891006] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 31.891586] Read of size 121 at addr ffff888102933c00 by task kunit_try_catch/293 [ 31.892349] [ 31.892739] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 31.894259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.894859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.895763] Call Trace: [ 31.896081] <TASK> [ 31.896504] dump_stack_lvl+0x73/0xb0 [ 31.897393] print_report+0xd1/0x640 [ 31.897848] ? __virt_addr_valid+0x1db/0x2d0 [ 31.898597] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.899390] kasan_report+0x102/0x140 [ 31.899820] ? copy_user_test_oob+0x4ab/0x10f0 [ 31.900329] ? copy_user_test_oob+0x4ab/0x10f0 [ 31.900837] kasan_check_range+0x10c/0x1c0 [ 31.901253] __kasan_check_read+0x15/0x20 [ 31.901647] copy_user_test_oob+0x4ab/0x10f0 [ 31.902437] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.902917] ? finish_task_switch.isra.0+0x153/0x700 [ 31.903473] ? __switch_to+0x5d9/0xf60 [ 31.903913] ? __schedule+0xc70/0x27e0 [ 31.904364] ? __pfx_read_tsc+0x10/0x10 [ 31.904782] ? ktime_get_ts64+0x86/0x230 [ 31.905307] kunit_try_run_case+0x1b3/0x490 [ 31.905870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.906619] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 31.907075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.907786] ? __kthread_parkme+0x82/0x160 [ 31.908265] ? preempt_count_sub+0x50/0x80 [ 31.908881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.909551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.910204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.910845] kthread+0x257/0x310 [ 31.911350] ? __pfx_kthread+0x10/0x10 [ 31.911817] ret_from_fork+0x41/0x80 [ 31.912164] ? __pfx_kthread+0x10/0x10 [ 31.912717] ret_from_fork_asm+0x1a/0x30 [ 31.913329] </TASK> [ 31.913530] [ 31.913692] Allocated by task 293: [ 31.914227] kasan_save_stack+0x3d/0x60 [ 31.914822] kasan_save_track+0x18/0x40 [ 31.915363] kasan_save_alloc_info+0x3b/0x50 [ 31.915682] __kasan_kmalloc+0xb7/0xc0 [ 31.916123] __kmalloc_noprof+0x1c4/0x500 [ 31.916699] kunit_kmalloc_array+0x25/0x60 [ 31.917377] copy_user_test_oob+0xac/0x10f0 [ 31.917851] kunit_try_run_case+0x1b3/0x490 [ 31.918567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.919024] kthread+0x257/0x310 [ 31.919542] ret_from_fork+0x41/0x80 [ 31.919899] ret_from_fork_asm+0x1a/0x30 [ 31.920224] [ 31.920522] The buggy address belongs to the object at ffff888102933c00 [ 31.920522] which belongs to the cache kmalloc-128 of size 128 [ 31.922073] The buggy address is located 0 bytes inside of [ 31.922073] allocated 120-byte region [ffff888102933c00, ffff888102933c78) [ 31.923214] [ 31.923525] The buggy address belongs to the physical page: [ 31.924157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102933 [ 31.924829] flags: 0x200000000000000(node=0|zone=2) [ 31.925464] page_type: f5(slab) [ 31.925714] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.926477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.926916] page dumped because: kasan: bad access detected [ 31.927861] [ 31.928067] Memory state around the buggy address: [ 31.928559] ffff888102933b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.929018] ffff888102933b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.930112] >ffff888102933c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.930604] ^ [ 31.931645] ffff888102933c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.933321] ffff888102933d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.933917] ================================================================== [ 31.836924] ================================================================== [ 31.837757] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 31.838397] Write of size 121 at addr ffff888102933c00 by task kunit_try_catch/293 [ 31.839305] [ 31.839506] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 31.839912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.841202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.842615] Call Trace: [ 31.842981] <TASK> [ 31.843740] dump_stack_lvl+0x73/0xb0 [ 31.844140] print_report+0xd1/0x640 [ 31.844508] ? __virt_addr_valid+0x1db/0x2d0 [ 31.844985] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.845902] kasan_report+0x102/0x140 [ 31.846570] ? copy_user_test_oob+0x3fe/0x10f0 [ 31.847031] ? copy_user_test_oob+0x3fe/0x10f0 [ 31.847755] kasan_check_range+0x10c/0x1c0 [ 31.848974] __kasan_check_write+0x18/0x20 [ 31.849491] copy_user_test_oob+0x3fe/0x10f0 [ 31.850008] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.850737] ? finish_task_switch.isra.0+0x153/0x700 [ 31.851099] ? __switch_to+0x5d9/0xf60 [ 31.851553] ? __schedule+0xc70/0x27e0 [ 31.852067] ? __pfx_read_tsc+0x10/0x10 [ 31.852417] ? ktime_get_ts64+0x86/0x230 [ 31.852913] kunit_try_run_case+0x1b3/0x490 [ 31.854058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.854800] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 31.855423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.856348] ? __kthread_parkme+0x82/0x160 [ 31.856721] ? preempt_count_sub+0x50/0x80 [ 31.857470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.858170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.858810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.859493] kthread+0x257/0x310 [ 31.859832] ? __pfx_kthread+0x10/0x10 [ 31.860327] ret_from_fork+0x41/0x80 [ 31.860706] ? __pfx_kthread+0x10/0x10 [ 31.861916] ret_from_fork_asm+0x1a/0x30 [ 31.862343] </TASK> [ 31.862902] [ 31.863413] Allocated by task 293: [ 31.863667] kasan_save_stack+0x3d/0x60 [ 31.864571] kasan_save_track+0x18/0x40 [ 31.865056] kasan_save_alloc_info+0x3b/0x50 [ 31.865848] __kasan_kmalloc+0xb7/0xc0 [ 31.866334] __kmalloc_noprof+0x1c4/0x500 [ 31.867177] kunit_kmalloc_array+0x25/0x60 [ 31.867854] copy_user_test_oob+0xac/0x10f0 [ 31.868474] kunit_try_run_case+0x1b3/0x490 [ 31.868902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.869739] kthread+0x257/0x310 [ 31.870422] ret_from_fork+0x41/0x80 [ 31.870910] ret_from_fork_asm+0x1a/0x30 [ 31.871724] [ 31.871922] The buggy address belongs to the object at ffff888102933c00 [ 31.871922] which belongs to the cache kmalloc-128 of size 128 [ 31.873256] The buggy address is located 0 bytes inside of [ 31.873256] allocated 120-byte region [ffff888102933c00, ffff888102933c78) [ 31.875159] [ 31.875496] The buggy address belongs to the physical page: [ 31.876116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102933 [ 31.877399] flags: 0x200000000000000(node=0|zone=2) [ 31.878080] page_type: f5(slab) [ 31.878556] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.879755] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.880342] page dumped because: kasan: bad access detected [ 31.881161] [ 31.881417] Memory state around the buggy address: [ 31.882229] ffff888102933b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.882926] ffff888102933b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.884176] >ffff888102933c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.884800] ^ [ 31.885248] ffff888102933c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.886486] ffff888102933d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.887486] ================================================================== [ 31.992696] ================================================================== [ 31.995170] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 31.996577] Read of size 121 at addr ffff888102933c00 by task kunit_try_catch/293 [ 31.997833] [ 31.998522] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 31.999650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.000429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.001830] Call Trace: [ 32.002843] <TASK> [ 32.003148] dump_stack_lvl+0x73/0xb0 [ 32.003763] print_report+0xd1/0x640 [ 32.004435] ? __virt_addr_valid+0x1db/0x2d0 [ 32.005112] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.006047] kasan_report+0x102/0x140 [ 32.006508] ? copy_user_test_oob+0x605/0x10f0 [ 32.006975] ? copy_user_test_oob+0x605/0x10f0 [ 32.008178] kasan_check_range+0x10c/0x1c0 [ 32.008584] __kasan_check_read+0x15/0x20 [ 32.009300] copy_user_test_oob+0x605/0x10f0 [ 32.009970] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.010609] ? finish_task_switch.isra.0+0x153/0x700 [ 32.011510] ? __switch_to+0x5d9/0xf60 [ 32.012058] ? __schedule+0xc70/0x27e0 [ 32.013562] ? __pfx_read_tsc+0x10/0x10 [ 32.014085] ? ktime_get_ts64+0x86/0x230 [ 32.014684] kunit_try_run_case+0x1b3/0x490 [ 32.015505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.016033] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.016858] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.017586] ? __kthread_parkme+0x82/0x160 [ 32.017830] ? preempt_count_sub+0x50/0x80 [ 32.018171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.019157] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.019728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.021004] kthread+0x257/0x310 [ 32.021485] ? __pfx_kthread+0x10/0x10 [ 32.022051] ret_from_fork+0x41/0x80 [ 32.022911] ? __pfx_kthread+0x10/0x10 [ 32.024003] ret_from_fork_asm+0x1a/0x30 [ 32.024499] </TASK> [ 32.024827] [ 32.025070] Allocated by task 293: [ 32.025430] kasan_save_stack+0x3d/0x60 [ 32.025899] kasan_save_track+0x18/0x40 [ 32.026325] kasan_save_alloc_info+0x3b/0x50 [ 32.027504] __kasan_kmalloc+0xb7/0xc0 [ 32.027706] __kmalloc_noprof+0x1c4/0x500 [ 32.027894] kunit_kmalloc_array+0x25/0x60 [ 32.028164] copy_user_test_oob+0xac/0x10f0 [ 32.028884] kunit_try_run_case+0x1b3/0x490 [ 32.029825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.030539] kthread+0x257/0x310 [ 32.030960] ret_from_fork+0x41/0x80 [ 32.031453] ret_from_fork_asm+0x1a/0x30 [ 32.031841] [ 32.032147] The buggy address belongs to the object at ffff888102933c00 [ 32.032147] which belongs to the cache kmalloc-128 of size 128 [ 32.033485] The buggy address is located 0 bytes inside of [ 32.033485] allocated 120-byte region [ffff888102933c00, ffff888102933c78) [ 32.034628] [ 32.034883] The buggy address belongs to the physical page: [ 32.035278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102933 [ 32.036445] flags: 0x200000000000000(node=0|zone=2) [ 32.037666] page_type: f5(slab) [ 32.038315] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.039004] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.039647] page dumped because: kasan: bad access detected [ 32.040105] [ 32.040303] Memory state around the buggy address: [ 32.040857] ffff888102933b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.041411] ffff888102933b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.042355] >ffff888102933c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.043451] ^ [ 32.044108] ffff888102933c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.044559] ffff888102933d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.045712] ================================================================== [ 31.935704] ================================================================== [ 31.936525] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 31.937391] Write of size 121 at addr ffff888102933c00 by task kunit_try_catch/293 [ 31.938257] [ 31.938534] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 31.939292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.939852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.941021] Call Trace: [ 31.942039] <TASK> [ 31.942703] dump_stack_lvl+0x73/0xb0 [ 31.943152] print_report+0xd1/0x640 [ 31.943561] ? __virt_addr_valid+0x1db/0x2d0 [ 31.944018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.945728] kasan_report+0x102/0x140 [ 31.946431] ? copy_user_test_oob+0x558/0x10f0 [ 31.947103] ? copy_user_test_oob+0x558/0x10f0 [ 31.947796] kasan_check_range+0x10c/0x1c0 [ 31.948296] __kasan_check_write+0x18/0x20 [ 31.948718] copy_user_test_oob+0x558/0x10f0 [ 31.949622] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.950393] ? finish_task_switch.isra.0+0x153/0x700 [ 31.950896] ? __switch_to+0x5d9/0xf60 [ 31.951765] ? __schedule+0xc70/0x27e0 [ 31.952401] ? __pfx_read_tsc+0x10/0x10 [ 31.953061] ? ktime_get_ts64+0x86/0x230 [ 31.953756] kunit_try_run_case+0x1b3/0x490 [ 31.954586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.955384] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 31.956020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.956593] ? __kthread_parkme+0x82/0x160 [ 31.957442] ? preempt_count_sub+0x50/0x80 [ 31.957977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.958499] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.959100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.959634] kthread+0x257/0x310 [ 31.960088] ? __pfx_kthread+0x10/0x10 [ 31.960863] ret_from_fork+0x41/0x80 [ 31.961999] ? __pfx_kthread+0x10/0x10 [ 31.962623] ret_from_fork_asm+0x1a/0x30 [ 31.963102] </TASK> [ 31.964036] [ 31.964316] Allocated by task 293: [ 31.964866] kasan_save_stack+0x3d/0x60 [ 31.965617] kasan_save_track+0x18/0x40 [ 31.966074] kasan_save_alloc_info+0x3b/0x50 [ 31.966382] __kasan_kmalloc+0xb7/0xc0 [ 31.966742] __kmalloc_noprof+0x1c4/0x500 [ 31.967848] kunit_kmalloc_array+0x25/0x60 [ 31.968178] copy_user_test_oob+0xac/0x10f0 [ 31.969267] kunit_try_run_case+0x1b3/0x490 [ 31.969837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.970691] kthread+0x257/0x310 [ 31.971420] ret_from_fork+0x41/0x80 [ 31.971911] ret_from_fork_asm+0x1a/0x30 [ 31.972896] [ 31.973167] The buggy address belongs to the object at ffff888102933c00 [ 31.973167] which belongs to the cache kmalloc-128 of size 128 [ 31.974625] The buggy address is located 0 bytes inside of [ 31.974625] allocated 120-byte region [ffff888102933c00, ffff888102933c78) [ 31.976417] [ 31.976815] The buggy address belongs to the physical page: [ 31.977627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102933 [ 31.978342] flags: 0x200000000000000(node=0|zone=2) [ 31.979318] page_type: f5(slab) [ 31.979908] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.980783] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.981901] page dumped because: kasan: bad access detected [ 31.982622] [ 31.983019] Memory state around the buggy address: [ 31.983963] ffff888102933b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.984767] ffff888102933b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.986480] >ffff888102933c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.987139] ^ [ 31.988286] ffff888102933c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.989165] ffff888102933d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.990039] ==================================================================