Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.464382] ================================================================== [ 30.465815] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 30.466620] Write of size 121 at addr fff00000c1313100 by task kunit_try_catch/273 [ 30.467484] [ 30.468180] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.469376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.470059] Hardware name: linux,dummy-virt (DT) [ 30.470687] Call trace: [ 30.471330] show_stack+0x20/0x38 (C) [ 30.471939] dump_stack_lvl+0x8c/0xd0 [ 30.472626] print_report+0x118/0x5e0 [ 30.473244] kasan_report+0xc8/0x118 [ 30.473902] kasan_check_range+0x100/0x1a8 [ 30.474527] __kasan_check_write+0x20/0x30 [ 30.475374] copy_user_test_oob+0x234/0xec0 [ 30.476057] kunit_try_run_case+0x14c/0x3d0 [ 30.476688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.477461] kthread+0x24c/0x2d0 [ 30.478001] ret_from_fork+0x10/0x20 [ 30.478644] [ 30.479398] Allocated by task 273: [ 30.479933] kasan_save_stack+0x3c/0x68 [ 30.480399] kasan_save_track+0x20/0x40 [ 30.481022] kasan_save_alloc_info+0x40/0x58 [ 30.481617] __kasan_kmalloc+0xd4/0xd8 [ 30.482137] __kmalloc_noprof+0x188/0x4c8 [ 30.482764] kunit_kmalloc_array+0x34/0x88 [ 30.483313] copy_user_test_oob+0xac/0xec0 [ 30.483950] kunit_try_run_case+0x14c/0x3d0 [ 30.484741] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.485425] kthread+0x24c/0x2d0 [ 30.486279] ret_from_fork+0x10/0x20 [ 30.486832] [ 30.487125] The buggy address belongs to the object at fff00000c1313100 [ 30.487125] which belongs to the cache kmalloc-128 of size 128 [ 30.488940] The buggy address is located 0 bytes inside of [ 30.488940] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.490129] [ 30.490448] The buggy address belongs to the physical page: [ 30.491134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.492206] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.492899] page_type: f5(slab) [ 30.493479] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.494489] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.495487] page dumped because: kasan: bad access detected [ 30.496207] [ 30.496599] Memory state around the buggy address: [ 30.497189] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.497961] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.498748] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.500190] ^ [ 30.500883] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.501848] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.502778] ================================================================== [ 30.552819] ================================================================== [ 30.553454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 30.554130] Write of size 121 at addr fff00000c1313100 by task kunit_try_catch/273 [ 30.554882] [ 30.555540] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.557022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.557648] Hardware name: linux,dummy-virt (DT) [ 30.558396] Call trace: [ 30.558798] show_stack+0x20/0x38 (C) [ 30.559578] dump_stack_lvl+0x8c/0xd0 [ 30.560145] print_report+0x118/0x5e0 [ 30.560743] kasan_report+0xc8/0x118 [ 30.561302] kasan_check_range+0x100/0x1a8 [ 30.561895] __kasan_check_write+0x20/0x30 [ 30.562522] copy_user_test_oob+0x35c/0xec0 [ 30.563283] kunit_try_run_case+0x14c/0x3d0 [ 30.563857] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.564787] kthread+0x24c/0x2d0 [ 30.565180] ret_from_fork+0x10/0x20 [ 30.565851] [ 30.566237] Allocated by task 273: [ 30.566664] kasan_save_stack+0x3c/0x68 [ 30.567774] kasan_save_track+0x20/0x40 [ 30.568459] kasan_save_alloc_info+0x40/0x58 [ 30.569257] __kasan_kmalloc+0xd4/0xd8 [ 30.569900] __kmalloc_noprof+0x188/0x4c8 [ 30.570415] kunit_kmalloc_array+0x34/0x88 [ 30.571111] copy_user_test_oob+0xac/0xec0 [ 30.571574] kunit_try_run_case+0x14c/0x3d0 [ 30.572030] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.572354] kthread+0x24c/0x2d0 [ 30.572565] ret_from_fork+0x10/0x20 [ 30.572981] [ 30.573260] The buggy address belongs to the object at fff00000c1313100 [ 30.573260] which belongs to the cache kmalloc-128 of size 128 [ 30.574251] The buggy address is located 0 bytes inside of [ 30.574251] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.576212] [ 30.576639] The buggy address belongs to the physical page: [ 30.577365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.578392] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.579090] page_type: f5(slab) [ 30.579518] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.580366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.581177] page dumped because: kasan: bad access detected [ 30.581909] [ 30.582269] Memory state around the buggy address: [ 30.583262] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.584256] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.584996] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.585760] ^ [ 30.586535] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.587937] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.588813] ================================================================== [ 30.590604] ================================================================== [ 30.591254] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 30.592516] Read of size 121 at addr fff00000c1313100 by task kunit_try_catch/273 [ 30.593793] [ 30.594260] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.595656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.596397] Hardware name: linux,dummy-virt (DT) [ 30.597018] Call trace: [ 30.597508] show_stack+0x20/0x38 (C) [ 30.598066] dump_stack_lvl+0x8c/0xd0 [ 30.598551] print_report+0x118/0x5e0 [ 30.599026] kasan_report+0xc8/0x118 [ 30.599526] kasan_check_range+0x100/0x1a8 [ 30.600321] __kasan_check_read+0x20/0x30 [ 30.601279] copy_user_test_oob+0x3c8/0xec0 [ 30.602042] kunit_try_run_case+0x14c/0x3d0 [ 30.602743] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.603642] kthread+0x24c/0x2d0 [ 30.604281] ret_from_fork+0x10/0x20 [ 30.604912] [ 30.605233] Allocated by task 273: [ 30.605681] kasan_save_stack+0x3c/0x68 [ 30.606175] kasan_save_track+0x20/0x40 [ 30.606649] kasan_save_alloc_info+0x40/0x58 [ 30.607238] __kasan_kmalloc+0xd4/0xd8 [ 30.607884] __kmalloc_noprof+0x188/0x4c8 [ 30.608898] kunit_kmalloc_array+0x34/0x88 [ 30.609595] copy_user_test_oob+0xac/0xec0 [ 30.610281] kunit_try_run_case+0x14c/0x3d0 [ 30.611438] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.612452] kthread+0x24c/0x2d0 [ 30.612946] ret_from_fork+0x10/0x20 [ 30.613640] [ 30.614047] The buggy address belongs to the object at fff00000c1313100 [ 30.614047] which belongs to the cache kmalloc-128 of size 128 [ 30.615559] The buggy address is located 0 bytes inside of [ 30.615559] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.617008] [ 30.617342] The buggy address belongs to the physical page: [ 30.617988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.618847] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.619629] page_type: f5(slab) [ 30.620112] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.620999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.621880] page dumped because: kasan: bad access detected [ 30.622464] [ 30.622812] Memory state around the buggy address: [ 30.623499] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.624395] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.625202] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.626060] ^ [ 30.626783] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.628010] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.628922] ================================================================== [ 30.668250] ================================================================== [ 30.668903] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 30.670459] Read of size 121 at addr fff00000c1313100 by task kunit_try_catch/273 [ 30.671390] [ 30.672474] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.673434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.673983] Hardware name: linux,dummy-virt (DT) [ 30.674565] Call trace: [ 30.675109] show_stack+0x20/0x38 (C) [ 30.675792] dump_stack_lvl+0x8c/0xd0 [ 30.676368] print_report+0x118/0x5e0 [ 30.677038] kasan_report+0xc8/0x118 [ 30.677677] kasan_check_range+0x100/0x1a8 [ 30.678319] __kasan_check_read+0x20/0x30 [ 30.679014] copy_user_test_oob+0x4a0/0xec0 [ 30.679788] kunit_try_run_case+0x14c/0x3d0 [ 30.680395] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.681155] kthread+0x24c/0x2d0 [ 30.681649] ret_from_fork+0x10/0x20 [ 30.682199] [ 30.682506] Allocated by task 273: [ 30.683049] kasan_save_stack+0x3c/0x68 [ 30.683868] kasan_save_track+0x20/0x40 [ 30.684361] kasan_save_alloc_info+0x40/0x58 [ 30.684993] __kasan_kmalloc+0xd4/0xd8 [ 30.685506] __kmalloc_noprof+0x188/0x4c8 [ 30.686064] kunit_kmalloc_array+0x34/0x88 [ 30.686601] copy_user_test_oob+0xac/0xec0 [ 30.687234] kunit_try_run_case+0x14c/0x3d0 [ 30.688231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.688906] kthread+0x24c/0x2d0 [ 30.689456] ret_from_fork+0x10/0x20 [ 30.690024] [ 30.690354] The buggy address belongs to the object at fff00000c1313100 [ 30.690354] which belongs to the cache kmalloc-128 of size 128 [ 30.692535] The buggy address is located 0 bytes inside of [ 30.692535] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.693757] [ 30.694065] The buggy address belongs to the physical page: [ 30.694674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.695859] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.696823] page_type: f5(slab) [ 30.697297] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.698256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.699163] page dumped because: kasan: bad access detected [ 30.699794] [ 30.700144] Memory state around the buggy address: [ 30.700696] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.701794] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.702605] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.703597] ^ [ 30.704253] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.705016] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.705833] ================================================================== [ 30.629967] ================================================================== [ 30.630732] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 30.632479] Write of size 121 at addr fff00000c1313100 by task kunit_try_catch/273 [ 30.633589] [ 30.634038] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.635382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.636126] Hardware name: linux,dummy-virt (DT) [ 30.636375] Call trace: [ 30.636544] show_stack+0x20/0x38 (C) [ 30.636904] dump_stack_lvl+0x8c/0xd0 [ 30.637567] print_report+0x118/0x5e0 [ 30.638248] kasan_report+0xc8/0x118 [ 30.638735] kasan_check_range+0x100/0x1a8 [ 30.639374] __kasan_check_write+0x20/0x30 [ 30.640413] copy_user_test_oob+0x434/0xec0 [ 30.641120] kunit_try_run_case+0x14c/0x3d0 [ 30.641773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.642448] kthread+0x24c/0x2d0 [ 30.643084] ret_from_fork+0x10/0x20 [ 30.643792] [ 30.644120] Allocated by task 273: [ 30.644660] kasan_save_stack+0x3c/0x68 [ 30.645257] kasan_save_track+0x20/0x40 [ 30.645861] kasan_save_alloc_info+0x40/0x58 [ 30.646439] __kasan_kmalloc+0xd4/0xd8 [ 30.647039] __kmalloc_noprof+0x188/0x4c8 [ 30.647798] kunit_kmalloc_array+0x34/0x88 [ 30.648285] copy_user_test_oob+0xac/0xec0 [ 30.648940] kunit_try_run_case+0x14c/0x3d0 [ 30.649509] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.650136] kthread+0x24c/0x2d0 [ 30.650672] ret_from_fork+0x10/0x20 [ 30.651680] [ 30.651944] The buggy address belongs to the object at fff00000c1313100 [ 30.651944] which belongs to the cache kmalloc-128 of size 128 [ 30.653014] The buggy address is located 0 bytes inside of [ 30.653014] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.654392] [ 30.654778] The buggy address belongs to the physical page: [ 30.655766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.656744] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.657465] page_type: f5(slab) [ 30.657932] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.658822] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.659864] page dumped because: kasan: bad access detected [ 30.660560] [ 30.660915] Memory state around the buggy address: [ 30.661473] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.662262] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.663225] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.664225] ^ [ 30.664892] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.665664] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.666472] ================================================================== [ 30.509025] ================================================================== [ 30.509721] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 30.510463] Read of size 121 at addr fff00000c1313100 by task kunit_try_catch/273 [ 30.511657] [ 30.512066] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.513346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.513975] Hardware name: linux,dummy-virt (DT) [ 30.514601] Call trace: [ 30.515240] show_stack+0x20/0x38 (C) [ 30.515903] dump_stack_lvl+0x8c/0xd0 [ 30.516480] print_report+0x118/0x5e0 [ 30.517154] kasan_report+0xc8/0x118 [ 30.517829] kasan_check_range+0x100/0x1a8 [ 30.518474] __kasan_check_read+0x20/0x30 [ 30.519272] copy_user_test_oob+0x728/0xec0 [ 30.519881] kunit_try_run_case+0x14c/0x3d0 [ 30.520489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.521243] kthread+0x24c/0x2d0 [ 30.521851] ret_from_fork+0x10/0x20 [ 30.522448] [ 30.522806] Allocated by task 273: [ 30.523537] kasan_save_stack+0x3c/0x68 [ 30.524128] kasan_save_track+0x20/0x40 [ 30.524765] kasan_save_alloc_info+0x40/0x58 [ 30.525452] __kasan_kmalloc+0xd4/0xd8 [ 30.526058] __kmalloc_noprof+0x188/0x4c8 [ 30.526680] kunit_kmalloc_array+0x34/0x88 [ 30.527388] copy_user_test_oob+0xac/0xec0 [ 30.528069] kunit_try_run_case+0x14c/0x3d0 [ 30.528636] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.529362] kthread+0x24c/0x2d0 [ 30.529862] ret_from_fork+0x10/0x20 [ 30.530372] [ 30.530679] The buggy address belongs to the object at fff00000c1313100 [ 30.530679] which belongs to the cache kmalloc-128 of size 128 [ 30.532337] The buggy address is located 0 bytes inside of [ 30.532337] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.533466] [ 30.534551] The buggy address belongs to the physical page: [ 30.535600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.536483] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.537280] page_type: f5(slab) [ 30.537774] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.538551] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.539537] page dumped because: kasan: bad access detected [ 30.540341] [ 30.540569] Memory state around the buggy address: [ 30.541021] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.541882] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.542738] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.543948] ^ [ 30.544745] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.545571] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.546365] ==================================================================
[ 32.133654] ================================================================== [ 32.134420] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 32.135302] Write of size 121 at addr ffff88810296dd00 by task kunit_try_catch/292 [ 32.136280] [ 32.136462] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 32.137200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.137672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.138679] Call Trace: [ 32.138956] <TASK> [ 32.139270] dump_stack_lvl+0x73/0xb0 [ 32.139835] print_report+0xd1/0x640 [ 32.140156] ? __virt_addr_valid+0x1db/0x2d0 [ 32.140667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.141400] kasan_report+0x102/0x140 [ 32.141777] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.142321] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.142698] kasan_check_range+0x10c/0x1c0 [ 32.143127] __kasan_check_write+0x18/0x20 [ 32.143948] copy_user_test_oob+0x3fe/0x10f0 [ 32.144402] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.144732] ? finish_task_switch.isra.0+0x153/0x700 [ 32.145371] ? __switch_to+0x5d9/0xf60 [ 32.146087] ? __schedule+0xc70/0x27e0 [ 32.146448] ? __pfx_read_tsc+0x10/0x10 [ 32.146745] ? ktime_get_ts64+0x86/0x230 [ 32.147318] kunit_try_run_case+0x1b3/0x490 [ 32.148078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.148854] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.149196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.149843] ? __kthread_parkme+0x82/0x160 [ 32.150501] ? preempt_count_sub+0x50/0x80 [ 32.151125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.151698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.152220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.152697] kthread+0x257/0x310 [ 32.153470] ? __pfx_kthread+0x10/0x10 [ 32.153923] ret_from_fork+0x41/0x80 [ 32.154405] ? __pfx_kthread+0x10/0x10 [ 32.154706] ret_from_fork_asm+0x1a/0x30 [ 32.155171] </TASK> [ 32.155615] [ 32.155920] Allocated by task 292: [ 32.156569] kasan_save_stack+0x3d/0x60 [ 32.157156] kasan_save_track+0x18/0x40 [ 32.157714] kasan_save_alloc_info+0x3b/0x50 [ 32.158496] __kasan_kmalloc+0xb7/0xc0 [ 32.158787] __kmalloc_noprof+0x1c4/0x500 [ 32.159444] kunit_kmalloc_array+0x25/0x60 [ 32.159985] copy_user_test_oob+0xac/0x10f0 [ 32.160584] kunit_try_run_case+0x1b3/0x490 [ 32.161091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.161740] kthread+0x257/0x310 [ 32.162061] ret_from_fork+0x41/0x80 [ 32.162442] ret_from_fork_asm+0x1a/0x30 [ 32.163093] [ 32.163355] The buggy address belongs to the object at ffff88810296dd00 [ 32.163355] which belongs to the cache kmalloc-128 of size 128 [ 32.164516] The buggy address is located 0 bytes inside of [ 32.164516] allocated 120-byte region [ffff88810296dd00, ffff88810296dd78) [ 32.165545] [ 32.165881] The buggy address belongs to the physical page: [ 32.166652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 32.167409] flags: 0x200000000000000(node=0|zone=2) [ 32.167755] page_type: f5(slab) [ 32.168070] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.169031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.169851] page dumped because: kasan: bad access detected [ 32.170357] [ 32.170539] Memory state around the buggy address: [ 32.171337] ffff88810296dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.172231] ffff88810296dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.172895] >ffff88810296dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.174302] ^ [ 32.175160] ffff88810296dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.175880] ffff88810296de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.176530] ================================================================== [ 32.224549] ================================================================== [ 32.226312] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 32.227291] Write of size 121 at addr ffff88810296dd00 by task kunit_try_catch/292 [ 32.227594] [ 32.227712] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 32.229200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.229700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.230369] Call Trace: [ 32.230789] <TASK> [ 32.231467] dump_stack_lvl+0x73/0xb0 [ 32.232009] print_report+0xd1/0x640 [ 32.232551] ? __virt_addr_valid+0x1db/0x2d0 [ 32.233045] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.233615] kasan_report+0x102/0x140 [ 32.234120] ? copy_user_test_oob+0x558/0x10f0 [ 32.234568] ? copy_user_test_oob+0x558/0x10f0 [ 32.235113] kasan_check_range+0x10c/0x1c0 [ 32.235912] __kasan_check_write+0x18/0x20 [ 32.236469] copy_user_test_oob+0x558/0x10f0 [ 32.237016] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.237791] ? finish_task_switch.isra.0+0x153/0x700 [ 32.238286] ? __switch_to+0x5d9/0xf60 [ 32.238702] ? __schedule+0xc70/0x27e0 [ 32.239124] ? __pfx_read_tsc+0x10/0x10 [ 32.240012] ? ktime_get_ts64+0x86/0x230 [ 32.240592] kunit_try_run_case+0x1b3/0x490 [ 32.241390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.242387] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.242842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.243557] ? __kthread_parkme+0x82/0x160 [ 32.244522] ? preempt_count_sub+0x50/0x80 [ 32.245111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.245561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.246296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.246997] kthread+0x257/0x310 [ 32.247558] ? __pfx_kthread+0x10/0x10 [ 32.248186] ret_from_fork+0x41/0x80 [ 32.248630] ? __pfx_kthread+0x10/0x10 [ 32.249322] ret_from_fork_asm+0x1a/0x30 [ 32.249765] </TASK> [ 32.250077] [ 32.250291] Allocated by task 292: [ 32.250625] kasan_save_stack+0x3d/0x60 [ 32.251807] kasan_save_track+0x18/0x40 [ 32.252178] kasan_save_alloc_info+0x3b/0x50 [ 32.252777] __kasan_kmalloc+0xb7/0xc0 [ 32.253583] __kmalloc_noprof+0x1c4/0x500 [ 32.254188] kunit_kmalloc_array+0x25/0x60 [ 32.254602] copy_user_test_oob+0xac/0x10f0 [ 32.255277] kunit_try_run_case+0x1b3/0x490 [ 32.256017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.256740] kthread+0x257/0x310 [ 32.257529] ret_from_fork+0x41/0x80 [ 32.258055] ret_from_fork_asm+0x1a/0x30 [ 32.258283] [ 32.258408] The buggy address belongs to the object at ffff88810296dd00 [ 32.258408] which belongs to the cache kmalloc-128 of size 128 [ 32.259094] The buggy address is located 0 bytes inside of [ 32.259094] allocated 120-byte region [ffff88810296dd00, ffff88810296dd78) [ 32.260386] [ 32.260558] The buggy address belongs to the physical page: [ 32.261291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 32.262210] flags: 0x200000000000000(node=0|zone=2) [ 32.262706] page_type: f5(slab) [ 32.263281] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.264186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.265094] page dumped because: kasan: bad access detected [ 32.265805] [ 32.266204] Memory state around the buggy address: [ 32.266601] ffff88810296dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.267570] ffff88810296dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.268479] >ffff88810296dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.269450] ^ [ 32.270069] ffff88810296dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.270750] ffff88810296de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.271587] ================================================================== [ 32.177870] ================================================================== [ 32.179317] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 32.179939] Read of size 121 at addr ffff88810296dd00 by task kunit_try_catch/292 [ 32.180658] [ 32.181669] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 32.182998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.183659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.184780] Call Trace: [ 32.185308] <TASK> [ 32.185650] dump_stack_lvl+0x73/0xb0 [ 32.186058] print_report+0xd1/0x640 [ 32.186597] ? __virt_addr_valid+0x1db/0x2d0 [ 32.187188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.187787] kasan_report+0x102/0x140 [ 32.188377] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.188800] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.189396] kasan_check_range+0x10c/0x1c0 [ 32.189817] __kasan_check_read+0x15/0x20 [ 32.190280] copy_user_test_oob+0x4ab/0x10f0 [ 32.190745] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.191438] ? finish_task_switch.isra.0+0x153/0x700 [ 32.191884] ? __switch_to+0x5d9/0xf60 [ 32.192301] ? __schedule+0xc70/0x27e0 [ 32.192833] ? __pfx_read_tsc+0x10/0x10 [ 32.193446] ? ktime_get_ts64+0x86/0x230 [ 32.193750] kunit_try_run_case+0x1b3/0x490 [ 32.194439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.194845] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.195511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.195983] ? __kthread_parkme+0x82/0x160 [ 32.196412] ? preempt_count_sub+0x50/0x80 [ 32.196888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.197518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.198158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.198775] kthread+0x257/0x310 [ 32.199455] ? __pfx_kthread+0x10/0x10 [ 32.200068] ret_from_fork+0x41/0x80 [ 32.200426] ? __pfx_kthread+0x10/0x10 [ 32.200868] ret_from_fork_asm+0x1a/0x30 [ 32.201492] </TASK> [ 32.201841] [ 32.202087] Allocated by task 292: [ 32.202470] kasan_save_stack+0x3d/0x60 [ 32.202984] kasan_save_track+0x18/0x40 [ 32.203390] kasan_save_alloc_info+0x3b/0x50 [ 32.203945] __kasan_kmalloc+0xb7/0xc0 [ 32.204447] __kmalloc_noprof+0x1c4/0x500 [ 32.204942] kunit_kmalloc_array+0x25/0x60 [ 32.205525] copy_user_test_oob+0xac/0x10f0 [ 32.205880] kunit_try_run_case+0x1b3/0x490 [ 32.206160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.206888] kthread+0x257/0x310 [ 32.207276] ret_from_fork+0x41/0x80 [ 32.207708] ret_from_fork_asm+0x1a/0x30 [ 32.208113] [ 32.208306] The buggy address belongs to the object at ffff88810296dd00 [ 32.208306] which belongs to the cache kmalloc-128 of size 128 [ 32.210826] The buggy address is located 0 bytes inside of [ 32.210826] allocated 120-byte region [ffff88810296dd00, ffff88810296dd78) [ 32.211781] [ 32.212570] The buggy address belongs to the physical page: [ 32.213083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 32.213976] flags: 0x200000000000000(node=0|zone=2) [ 32.214560] page_type: f5(slab) [ 32.215094] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.215621] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.216532] page dumped because: kasan: bad access detected [ 32.217196] [ 32.217520] Memory state around the buggy address: [ 32.218156] ffff88810296dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.218985] ffff88810296dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.219789] >ffff88810296dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.220531] ^ [ 32.221327] ffff88810296dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.222202] ffff88810296de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.223076] ================================================================== [ 32.272742] ================================================================== [ 32.273246] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 32.273987] Read of size 121 at addr ffff88810296dd00 by task kunit_try_catch/292 [ 32.274484] [ 32.274995] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 32.276035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.276335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.277244] Call Trace: [ 32.277699] <TASK> [ 32.278041] dump_stack_lvl+0x73/0xb0 [ 32.278597] print_report+0xd1/0x640 [ 32.279127] ? __virt_addr_valid+0x1db/0x2d0 [ 32.279627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.280217] kasan_report+0x102/0x140 [ 32.280541] ? copy_user_test_oob+0x605/0x10f0 [ 32.281271] ? copy_user_test_oob+0x605/0x10f0 [ 32.281948] kasan_check_range+0x10c/0x1c0 [ 32.282530] __kasan_check_read+0x15/0x20 [ 32.283001] copy_user_test_oob+0x605/0x10f0 [ 32.283551] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.284194] ? finish_task_switch.isra.0+0x153/0x700 [ 32.284621] ? __switch_to+0x5d9/0xf60 [ 32.285012] ? __schedule+0xc70/0x27e0 [ 32.285605] ? __pfx_read_tsc+0x10/0x10 [ 32.286182] ? ktime_get_ts64+0x86/0x230 [ 32.286623] kunit_try_run_case+0x1b3/0x490 [ 32.287067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.287691] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.288365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.289083] ? __kthread_parkme+0x82/0x160 [ 32.289507] ? preempt_count_sub+0x50/0x80 [ 32.289988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.290649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.291098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.291868] kthread+0x257/0x310 [ 32.292377] ? __pfx_kthread+0x10/0x10 [ 32.292871] ret_from_fork+0x41/0x80 [ 32.293177] ? __pfx_kthread+0x10/0x10 [ 32.294203] ret_from_fork_asm+0x1a/0x30 [ 32.295024] </TASK> [ 32.295343] [ 32.295592] Allocated by task 292: [ 32.295934] kasan_save_stack+0x3d/0x60 [ 32.296658] kasan_save_track+0x18/0x40 [ 32.297311] kasan_save_alloc_info+0x3b/0x50 [ 32.297968] __kasan_kmalloc+0xb7/0xc0 [ 32.298467] __kmalloc_noprof+0x1c4/0x500 [ 32.299186] kunit_kmalloc_array+0x25/0x60 [ 32.300189] copy_user_test_oob+0xac/0x10f0 [ 32.300729] kunit_try_run_case+0x1b3/0x490 [ 32.301165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.301716] kthread+0x257/0x310 [ 32.302414] ret_from_fork+0x41/0x80 [ 32.303161] ret_from_fork_asm+0x1a/0x30 [ 32.303743] [ 32.304246] The buggy address belongs to the object at ffff88810296dd00 [ 32.304246] which belongs to the cache kmalloc-128 of size 128 [ 32.305159] The buggy address is located 0 bytes inside of [ 32.305159] allocated 120-byte region [ffff88810296dd00, ffff88810296dd78) [ 32.306695] [ 32.307363] The buggy address belongs to the physical page: [ 32.307866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 32.308663] flags: 0x200000000000000(node=0|zone=2) [ 32.309457] page_type: f5(slab) [ 32.309731] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.310845] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.311728] page dumped because: kasan: bad access detected [ 32.312772] [ 32.313098] Memory state around the buggy address: [ 32.313886] ffff88810296dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.314691] ffff88810296dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.315718] >ffff88810296dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.316702] ^ [ 32.317493] ffff88810296dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.318377] ffff88810296de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319333] ==================================================================