Date
May 12, 2025, 11:48 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.672309] ================================================================== [ 19.672378] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.672438] Read of size 121 at addr fff00000c78d3c00 by task kunit_try_catch/285 [ 19.672491] [ 19.672526] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 19.672611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.672641] Hardware name: linux,dummy-virt (DT) [ 19.672673] Call trace: [ 19.672697] show_stack+0x20/0x38 (C) [ 19.672746] dump_stack_lvl+0x8c/0xd0 [ 19.672794] print_report+0x118/0x608 [ 19.672838] kasan_report+0xdc/0x128 [ 19.672883] kasan_check_range+0x100/0x1a8 [ 19.672930] __kasan_check_read+0x20/0x30 [ 19.672975] copy_user_test_oob+0x728/0xec8 [ 19.673021] kunit_try_run_case+0x170/0x3f0 [ 19.673576] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.673876] kthread+0x328/0x630 [ 19.674155] ret_from_fork+0x10/0x20 [ 19.674215] [ 19.674240] Allocated by task 285: [ 19.674271] kasan_save_stack+0x3c/0x68 [ 19.674316] kasan_save_track+0x20/0x40 [ 19.674354] kasan_save_alloc_info+0x40/0x58 [ 19.674394] __kasan_kmalloc+0xd4/0xd8 [ 19.674685] __kmalloc_noprof+0x190/0x4d0 [ 19.674729] kunit_kmalloc_array+0x34/0x88 [ 19.674767] copy_user_test_oob+0xac/0xec8 [ 19.674803] kunit_try_run_case+0x170/0x3f0 [ 19.674839] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.674883] kthread+0x328/0x630 [ 19.675000] ret_from_fork+0x10/0x20 [ 19.675061] [ 19.675099] The buggy address belongs to the object at fff00000c78d3c00 [ 19.675099] which belongs to the cache kmalloc-128 of size 128 [ 19.675171] The buggy address is located 0 bytes inside of [ 19.675171] allocated 120-byte region [fff00000c78d3c00, fff00000c78d3c78) [ 19.675832] [ 19.675873] The buggy address belongs to the physical page: [ 19.675912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 19.675980] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.676035] page_type: f5(slab) [ 19.676092] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.676145] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.676187] page dumped because: kasan: bad access detected [ 19.676221] [ 19.676563] Memory state around the buggy address: [ 19.676640] fff00000c78d3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.676687] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.676836] >fff00000c78d3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.676876] ^ [ 19.677443] fff00000c78d3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.677635] fff00000c78d3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.677949] ================================================================== [ 19.684289] ================================================================== [ 19.684362] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.684429] Write of size 121 at addr fff00000c78d3c00 by task kunit_try_catch/285 [ 19.684488] [ 19.684522] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 19.684608] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.684638] Hardware name: linux,dummy-virt (DT) [ 19.684671] Call trace: [ 19.684696] show_stack+0x20/0x38 (C) [ 19.684746] dump_stack_lvl+0x8c/0xd0 [ 19.684794] print_report+0x118/0x608 [ 19.684840] kasan_report+0xdc/0x128 [ 19.684884] kasan_check_range+0x100/0x1a8 [ 19.684932] __kasan_check_write+0x20/0x30 [ 19.684979] copy_user_test_oob+0x35c/0xec8 [ 19.685023] kunit_try_run_case+0x170/0x3f0 [ 19.685083] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.685135] kthread+0x328/0x630 [ 19.685179] ret_from_fork+0x10/0x20 [ 19.685228] [ 19.685248] Allocated by task 285: [ 19.685277] kasan_save_stack+0x3c/0x68 [ 19.685951] kasan_save_track+0x20/0x40 [ 19.686017] kasan_save_alloc_info+0x40/0x58 [ 19.686075] __kasan_kmalloc+0xd4/0xd8 [ 19.686113] __kmalloc_noprof+0x190/0x4d0 [ 19.686153] kunit_kmalloc_array+0x34/0x88 [ 19.686312] copy_user_test_oob+0xac/0xec8 [ 19.686358] kunit_try_run_case+0x170/0x3f0 [ 19.686398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.686505] kthread+0x328/0x630 [ 19.686548] ret_from_fork+0x10/0x20 [ 19.686835] [ 19.686900] The buggy address belongs to the object at fff00000c78d3c00 [ 19.686900] which belongs to the cache kmalloc-128 of size 128 [ 19.687472] The buggy address is located 0 bytes inside of [ 19.687472] allocated 120-byte region [fff00000c78d3c00, fff00000c78d3c78) [ 19.687608] [ 19.687634] The buggy address belongs to the physical page: [ 19.687667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 19.687719] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.687769] page_type: f5(slab) [ 19.687811] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.687863] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.688903] page dumped because: kasan: bad access detected [ 19.689098] [ 19.689124] Memory state around the buggy address: [ 19.689163] fff00000c78d3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.689211] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.689255] >fff00000c78d3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.689293] ^ [ 19.689333] fff00000c78d3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.689376] fff00000c78d3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.689414] ================================================================== [ 19.701251] ================================================================== [ 19.701318] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.701378] Read of size 121 at addr fff00000c78d3c00 by task kunit_try_catch/285 [ 19.701430] [ 19.701462] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 19.701553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.701581] Hardware name: linux,dummy-virt (DT) [ 19.701614] Call trace: [ 19.701638] show_stack+0x20/0x38 (C) [ 19.701690] dump_stack_lvl+0x8c/0xd0 [ 19.701738] print_report+0x118/0x608 [ 19.701785] kasan_report+0xdc/0x128 [ 19.701828] kasan_check_range+0x100/0x1a8 [ 19.701875] __kasan_check_read+0x20/0x30 [ 19.702411] copy_user_test_oob+0x4a0/0xec8 [ 19.702500] kunit_try_run_case+0x170/0x3f0 [ 19.702571] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.702778] kthread+0x328/0x630 [ 19.702875] ret_from_fork+0x10/0x20 [ 19.702930] [ 19.703136] Allocated by task 285: [ 19.703411] kasan_save_stack+0x3c/0x68 [ 19.703569] kasan_save_track+0x20/0x40 [ 19.703614] kasan_save_alloc_info+0x40/0x58 [ 19.703920] __kasan_kmalloc+0xd4/0xd8 [ 19.704257] __kmalloc_noprof+0x190/0x4d0 [ 19.704309] kunit_kmalloc_array+0x34/0x88 [ 19.704454] copy_user_test_oob+0xac/0xec8 [ 19.704503] kunit_try_run_case+0x170/0x3f0 [ 19.704666] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.704759] kthread+0x328/0x630 [ 19.704924] ret_from_fork+0x10/0x20 [ 19.705207] [ 19.705245] The buggy address belongs to the object at fff00000c78d3c00 [ 19.705245] which belongs to the cache kmalloc-128 of size 128 [ 19.705310] The buggy address is located 0 bytes inside of [ 19.705310] allocated 120-byte region [fff00000c78d3c00, fff00000c78d3c78) [ 19.705385] [ 19.705805] The buggy address belongs to the physical page: [ 19.705963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 19.706029] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.706096] page_type: f5(slab) [ 19.706150] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.706203] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.706448] page dumped because: kasan: bad access detected [ 19.706643] [ 19.706673] Memory state around the buggy address: [ 19.706806] fff00000c78d3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.706939] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.706986] >fff00000c78d3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.707242] ^ [ 19.707403] fff00000c78d3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.707793] fff00000c78d3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.707846] ================================================================== [ 19.696861] ================================================================== [ 19.696985] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.697060] Write of size 121 at addr fff00000c78d3c00 by task kunit_try_catch/285 [ 19.697115] [ 19.697147] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 19.697234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.697262] Hardware name: linux,dummy-virt (DT) [ 19.697295] Call trace: [ 19.697319] show_stack+0x20/0x38 (C) [ 19.697369] dump_stack_lvl+0x8c/0xd0 [ 19.697417] print_report+0x118/0x608 [ 19.697464] kasan_report+0xdc/0x128 [ 19.697508] kasan_check_range+0x100/0x1a8 [ 19.697556] __kasan_check_write+0x20/0x30 [ 19.697604] copy_user_test_oob+0x434/0xec8 [ 19.697649] kunit_try_run_case+0x170/0x3f0 [ 19.697695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.697746] kthread+0x328/0x630 [ 19.697790] ret_from_fork+0x10/0x20 [ 19.697838] [ 19.697860] Allocated by task 285: [ 19.697925] kasan_save_stack+0x3c/0x68 [ 19.697972] kasan_save_track+0x20/0x40 [ 19.698010] kasan_save_alloc_info+0x40/0x58 [ 19.698060] __kasan_kmalloc+0xd4/0xd8 [ 19.698101] __kmalloc_noprof+0x190/0x4d0 [ 19.698139] kunit_kmalloc_array+0x34/0x88 [ 19.698175] copy_user_test_oob+0xac/0xec8 [ 19.698211] kunit_try_run_case+0x170/0x3f0 [ 19.698346] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.698647] kthread+0x328/0x630 [ 19.698734] ret_from_fork+0x10/0x20 [ 19.698792] [ 19.698820] The buggy address belongs to the object at fff00000c78d3c00 [ 19.698820] which belongs to the cache kmalloc-128 of size 128 [ 19.699243] The buggy address is located 0 bytes inside of [ 19.699243] allocated 120-byte region [fff00000c78d3c00, fff00000c78d3c78) [ 19.699435] [ 19.699552] The buggy address belongs to the physical page: [ 19.699590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 19.699663] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.699718] page_type: f5(slab) [ 19.699758] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.699943] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.700025] page dumped because: kasan: bad access detected [ 19.700074] [ 19.700096] Memory state around the buggy address: [ 19.700130] fff00000c78d3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.700175] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.700234] >fff00000c78d3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.700413] ^ [ 19.700456] fff00000c78d3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.700520] fff00000c78d3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.700560] ================================================================== [ 19.690940] ================================================================== [ 19.691015] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.691084] Read of size 121 at addr fff00000c78d3c00 by task kunit_try_catch/285 [ 19.691138] [ 19.691681] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 19.691829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.691946] Hardware name: linux,dummy-virt (DT) [ 19.691990] Call trace: [ 19.692023] show_stack+0x20/0x38 (C) [ 19.692110] dump_stack_lvl+0x8c/0xd0 [ 19.692164] print_report+0x118/0x608 [ 19.692212] kasan_report+0xdc/0x128 [ 19.692505] kasan_check_range+0x100/0x1a8 [ 19.692611] __kasan_check_read+0x20/0x30 [ 19.692679] copy_user_test_oob+0x3c8/0xec8 [ 19.692729] kunit_try_run_case+0x170/0x3f0 [ 19.692897] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.692977] kthread+0x328/0x630 [ 19.693027] ret_from_fork+0x10/0x20 [ 19.693139] [ 19.693176] Allocated by task 285: [ 19.693211] kasan_save_stack+0x3c/0x68 [ 19.693469] kasan_save_track+0x20/0x40 [ 19.693569] kasan_save_alloc_info+0x40/0x58 [ 19.693657] __kasan_kmalloc+0xd4/0xd8 [ 19.693701] __kmalloc_noprof+0x190/0x4d0 [ 19.693738] kunit_kmalloc_array+0x34/0x88 [ 19.693852] copy_user_test_oob+0xac/0xec8 [ 19.693910] kunit_try_run_case+0x170/0x3f0 [ 19.693954] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.694019] kthread+0x328/0x630 [ 19.694074] ret_from_fork+0x10/0x20 [ 19.694114] [ 19.694137] The buggy address belongs to the object at fff00000c78d3c00 [ 19.694137] which belongs to the cache kmalloc-128 of size 128 [ 19.694208] The buggy address is located 0 bytes inside of [ 19.694208] allocated 120-byte region [fff00000c78d3c00, fff00000c78d3c78) [ 19.694278] [ 19.694336] The buggy address belongs to the physical page: [ 19.694526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 19.694647] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.694842] page_type: f5(slab) [ 19.694894] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.694956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.695126] page dumped because: kasan: bad access detected [ 19.695167] [ 19.695191] Memory state around the buggy address: [ 19.695227] fff00000c78d3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.695272] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.695440] >fff00000c78d3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.695907] ^ [ 19.696132] fff00000c78d3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.696350] fff00000c78d3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.696400] ================================================================== [ 19.656083] ================================================================== [ 19.656177] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.656257] Write of size 121 at addr fff00000c78d3c00 by task kunit_try_catch/285 [ 19.656945] [ 19.657017] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 19.657357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.657448] Hardware name: linux,dummy-virt (DT) [ 19.657508] Call trace: [ 19.657543] show_stack+0x20/0x38 (C) [ 19.657831] dump_stack_lvl+0x8c/0xd0 [ 19.657994] print_report+0x118/0x608 [ 19.658060] kasan_report+0xdc/0x128 [ 19.658227] kasan_check_range+0x100/0x1a8 [ 19.658423] __kasan_check_write+0x20/0x30 [ 19.658691] copy_user_test_oob+0x234/0xec8 [ 19.658845] kunit_try_run_case+0x170/0x3f0 [ 19.659075] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.659181] kthread+0x328/0x630 [ 19.659467] ret_from_fork+0x10/0x20 [ 19.659548] [ 19.659725] Allocated by task 285: [ 19.659812] kasan_save_stack+0x3c/0x68 [ 19.660004] kasan_save_track+0x20/0x40 [ 19.660065] kasan_save_alloc_info+0x40/0x58 [ 19.660248] __kasan_kmalloc+0xd4/0xd8 [ 19.660332] __kmalloc_noprof+0x190/0x4d0 [ 19.660379] kunit_kmalloc_array+0x34/0x88 [ 19.660548] copy_user_test_oob+0xac/0xec8 [ 19.660603] kunit_try_run_case+0x170/0x3f0 [ 19.660642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.661015] kthread+0x328/0x630 [ 19.661084] ret_from_fork+0x10/0x20 [ 19.661143] [ 19.661307] The buggy address belongs to the object at fff00000c78d3c00 [ 19.661307] which belongs to the cache kmalloc-128 of size 128 [ 19.661408] The buggy address is located 0 bytes inside of [ 19.661408] allocated 120-byte region [fff00000c78d3c00, fff00000c78d3c78) [ 19.661518] [ 19.661762] The buggy address belongs to the physical page: [ 19.661867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 19.662021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.662089] page_type: f5(slab) [ 19.662135] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.662428] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.662578] page dumped because: kasan: bad access detected [ 19.662709] [ 19.662737] Memory state around the buggy address: [ 19.662776] fff00000c78d3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.662822] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.662886] >fff00000c78d3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.662928] ^ [ 19.662969] fff00000c78d3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.663293] fff00000c78d3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.663473] ==================================================================
[ 22.008713] ================================================================== [ 22.009161] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 22.009519] Write of size 121 at addr ffff88810232e100 by task kunit_try_catch/302 [ 22.010036] [ 22.010275] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 22.010383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.010413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.010462] Call Trace: [ 22.010495] <TASK> [ 22.010536] dump_stack_lvl+0x73/0xb0 [ 22.010600] print_report+0xd1/0x650 [ 22.010650] ? __virt_addr_valid+0x1db/0x2d0 [ 22.010699] ? copy_user_test_oob+0x3fd/0x10f0 [ 22.010754] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.010807] ? copy_user_test_oob+0x3fd/0x10f0 [ 22.010878] kasan_report+0x141/0x180 [ 22.010925] ? copy_user_test_oob+0x3fd/0x10f0 [ 22.010983] kasan_check_range+0x10c/0x1c0 [ 22.011047] __kasan_check_write+0x18/0x20 [ 22.011092] copy_user_test_oob+0x3fd/0x10f0 [ 22.011144] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.011187] ? finish_task_switch.isra.0+0x153/0x700 [ 22.011232] ? __switch_to+0x47/0xf50 [ 22.011297] ? __schedule+0x10cc/0x2b60 [ 22.011349] ? __pfx_read_tsc+0x10/0x10 [ 22.011396] ? ktime_get_ts64+0x86/0x230 [ 22.011449] kunit_try_run_case+0x1a5/0x480 [ 22.011489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.011517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.011545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.011569] ? __kthread_parkme+0x82/0x180 [ 22.011593] ? preempt_count_sub+0x50/0x80 [ 22.011619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.011646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.011683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.011736] kthread+0x337/0x6f0 [ 22.011760] ? trace_preempt_on+0x20/0xc0 [ 22.011789] ? __pfx_kthread+0x10/0x10 [ 22.011812] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.011835] ? calculate_sigpending+0x7b/0xa0 [ 22.011864] ? __pfx_kthread+0x10/0x10 [ 22.011887] ret_from_fork+0x116/0x1d0 [ 22.011909] ? __pfx_kthread+0x10/0x10 [ 22.011932] ret_from_fork_asm+0x1a/0x30 [ 22.011966] </TASK> [ 22.011980] [ 22.021766] Allocated by task 302: [ 22.021979] kasan_save_stack+0x45/0x70 [ 22.022199] kasan_save_track+0x18/0x40 [ 22.022404] kasan_save_alloc_info+0x3b/0x50 [ 22.022731] __kasan_kmalloc+0xb7/0xc0 [ 22.023047] __kmalloc_noprof+0x1c9/0x500 [ 22.023432] kunit_kmalloc_array+0x25/0x60 [ 22.023946] copy_user_test_oob+0xab/0x10f0 [ 22.024333] kunit_try_run_case+0x1a5/0x480 [ 22.024576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.025146] kthread+0x337/0x6f0 [ 22.025373] ret_from_fork+0x116/0x1d0 [ 22.025570] ret_from_fork_asm+0x1a/0x30 [ 22.025980] [ 22.026153] The buggy address belongs to the object at ffff88810232e100 [ 22.026153] which belongs to the cache kmalloc-128 of size 128 [ 22.027078] The buggy address is located 0 bytes inside of [ 22.027078] allocated 120-byte region [ffff88810232e100, ffff88810232e178) [ 22.027536] [ 22.027668] The buggy address belongs to the physical page: [ 22.028099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232e [ 22.028821] flags: 0x200000000000000(node=0|zone=2) [ 22.029074] page_type: f5(slab) [ 22.029283] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.029636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.030295] page dumped because: kasan: bad access detected [ 22.030709] [ 22.030886] Memory state around the buggy address: [ 22.031197] ffff88810232e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.031483] ffff88810232e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.032001] >ffff88810232e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.032507] ^ [ 22.032890] ffff88810232e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.033286] ffff88810232e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.033799] ================================================================== [ 22.068552] ================================================================== [ 22.068992] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 22.069755] Write of size 121 at addr ffff88810232e100 by task kunit_try_catch/302 [ 22.070611] [ 22.070924] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 22.071048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.071080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.071160] Call Trace: [ 22.071204] <TASK> [ 22.071273] dump_stack_lvl+0x73/0xb0 [ 22.071342] print_report+0xd1/0x650 [ 22.071375] ? __virt_addr_valid+0x1db/0x2d0 [ 22.071403] ? copy_user_test_oob+0x557/0x10f0 [ 22.071430] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.071456] ? copy_user_test_oob+0x557/0x10f0 [ 22.071483] kasan_report+0x141/0x180 [ 22.071508] ? copy_user_test_oob+0x557/0x10f0 [ 22.071539] kasan_check_range+0x10c/0x1c0 [ 22.071566] __kasan_check_write+0x18/0x20 [ 22.071588] copy_user_test_oob+0x557/0x10f0 [ 22.071617] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.071644] ? finish_task_switch.isra.0+0x153/0x700 [ 22.071728] ? __switch_to+0x47/0xf50 [ 22.071760] ? __schedule+0x10cc/0x2b60 [ 22.071785] ? __pfx_read_tsc+0x10/0x10 [ 22.071809] ? ktime_get_ts64+0x86/0x230 [ 22.071836] kunit_try_run_case+0x1a5/0x480 [ 22.071866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.071891] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.071917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.071942] ? __kthread_parkme+0x82/0x180 [ 22.071966] ? preempt_count_sub+0x50/0x80 [ 22.071991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.072020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.072045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.072072] kthread+0x337/0x6f0 [ 22.072095] ? trace_preempt_on+0x20/0xc0 [ 22.072123] ? __pfx_kthread+0x10/0x10 [ 22.072146] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.072169] ? calculate_sigpending+0x7b/0xa0 [ 22.072196] ? __pfx_kthread+0x10/0x10 [ 22.072220] ret_from_fork+0x116/0x1d0 [ 22.072241] ? __pfx_kthread+0x10/0x10 [ 22.072282] ret_from_fork_asm+0x1a/0x30 [ 22.072319] </TASK> [ 22.072333] [ 22.083990] Allocated by task 302: [ 22.084360] kasan_save_stack+0x45/0x70 [ 22.084778] kasan_save_track+0x18/0x40 [ 22.085106] kasan_save_alloc_info+0x3b/0x50 [ 22.085345] __kasan_kmalloc+0xb7/0xc0 [ 22.085643] __kmalloc_noprof+0x1c9/0x500 [ 22.085913] kunit_kmalloc_array+0x25/0x60 [ 22.086167] copy_user_test_oob+0xab/0x10f0 [ 22.086491] kunit_try_run_case+0x1a5/0x480 [ 22.086903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.087156] kthread+0x337/0x6f0 [ 22.087450] ret_from_fork+0x116/0x1d0 [ 22.087741] ret_from_fork_asm+0x1a/0x30 [ 22.087993] [ 22.088173] The buggy address belongs to the object at ffff88810232e100 [ 22.088173] which belongs to the cache kmalloc-128 of size 128 [ 22.088634] The buggy address is located 0 bytes inside of [ 22.088634] allocated 120-byte region [ffff88810232e100, ffff88810232e178) [ 22.089093] [ 22.089222] The buggy address belongs to the physical page: [ 22.089619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232e [ 22.090194] flags: 0x200000000000000(node=0|zone=2) [ 22.090618] page_type: f5(slab) [ 22.090957] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.091542] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.092101] page dumped because: kasan: bad access detected [ 22.092406] [ 22.092572] Memory state around the buggy address: [ 22.092901] ffff88810232e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.093189] ffff88810232e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.093478] >ffff88810232e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.093996] ^ [ 22.094514] ffff88810232e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.095079] ffff88810232e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.095476] ================================================================== [ 22.096466] ================================================================== [ 22.097100] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 22.098027] Read of size 121 at addr ffff88810232e100 by task kunit_try_catch/302 [ 22.098474] [ 22.098709] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 22.098827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.098860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.098910] Call Trace: [ 22.098951] <TASK> [ 22.099004] dump_stack_lvl+0x73/0xb0 [ 22.099077] print_report+0xd1/0x650 [ 22.099134] ? __virt_addr_valid+0x1db/0x2d0 [ 22.099182] ? copy_user_test_oob+0x604/0x10f0 [ 22.099230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.099289] ? copy_user_test_oob+0x604/0x10f0 [ 22.099338] kasan_report+0x141/0x180 [ 22.099380] ? copy_user_test_oob+0x604/0x10f0 [ 22.099437] kasan_check_range+0x10c/0x1c0 [ 22.099488] __kasan_check_read+0x15/0x20 [ 22.099534] copy_user_test_oob+0x604/0x10f0 [ 22.099590] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.099638] ? finish_task_switch.isra.0+0x153/0x700 [ 22.099724] ? __switch_to+0x47/0xf50 [ 22.099785] ? __schedule+0x10cc/0x2b60 [ 22.099833] ? __pfx_read_tsc+0x10/0x10 [ 22.099872] ? ktime_get_ts64+0x86/0x230 [ 22.099925] kunit_try_run_case+0x1a5/0x480 [ 22.099973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.100017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.100058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.100107] ? __kthread_parkme+0x82/0x180 [ 22.100152] ? preempt_count_sub+0x50/0x80 [ 22.100197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.100243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.100306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.100358] kthread+0x337/0x6f0 [ 22.100401] ? trace_preempt_on+0x20/0xc0 [ 22.100455] ? __pfx_kthread+0x10/0x10 [ 22.100502] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.100551] ? calculate_sigpending+0x7b/0xa0 [ 22.100606] ? __pfx_kthread+0x10/0x10 [ 22.100688] ret_from_fork+0x116/0x1d0 [ 22.100740] ? __pfx_kthread+0x10/0x10 [ 22.100789] ret_from_fork_asm+0x1a/0x30 [ 22.100861] </TASK> [ 22.100890] [ 22.110249] Allocated by task 302: [ 22.110594] kasan_save_stack+0x45/0x70 [ 22.111011] kasan_save_track+0x18/0x40 [ 22.111385] kasan_save_alloc_info+0x3b/0x50 [ 22.111795] __kasan_kmalloc+0xb7/0xc0 [ 22.112160] __kmalloc_noprof+0x1c9/0x500 [ 22.112542] kunit_kmalloc_array+0x25/0x60 [ 22.112925] copy_user_test_oob+0xab/0x10f0 [ 22.113310] kunit_try_run_case+0x1a5/0x480 [ 22.113722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.114165] kthread+0x337/0x6f0 [ 22.114484] ret_from_fork+0x116/0x1d0 [ 22.114777] ret_from_fork_asm+0x1a/0x30 [ 22.114984] [ 22.115127] The buggy address belongs to the object at ffff88810232e100 [ 22.115127] which belongs to the cache kmalloc-128 of size 128 [ 22.115999] The buggy address is located 0 bytes inside of [ 22.115999] allocated 120-byte region [ffff88810232e100, ffff88810232e178) [ 22.116832] [ 22.117018] The buggy address belongs to the physical page: [ 22.117245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232e [ 22.117566] flags: 0x200000000000000(node=0|zone=2) [ 22.117832] page_type: f5(slab) [ 22.118024] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.118623] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.119245] page dumped because: kasan: bad access detected [ 22.119736] [ 22.119926] Memory state around the buggy address: [ 22.120326] ffff88810232e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.120720] ffff88810232e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.121000] >ffff88810232e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.122343] ^ [ 22.122970] ffff88810232e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.123541] ffff88810232e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.124038] ================================================================== [ 22.036823] ================================================================== [ 22.037845] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 22.039557] Read of size 121 at addr ffff88810232e100 by task kunit_try_catch/302 [ 22.039859] [ 22.040023] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 22.040122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.040148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.040195] Call Trace: [ 22.040236] <TASK> [ 22.040293] dump_stack_lvl+0x73/0xb0 [ 22.040372] print_report+0xd1/0x650 [ 22.040428] ? __virt_addr_valid+0x1db/0x2d0 [ 22.040474] ? copy_user_test_oob+0x4aa/0x10f0 [ 22.040520] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.040568] ? copy_user_test_oob+0x4aa/0x10f0 [ 22.040612] kasan_report+0x141/0x180 [ 22.040655] ? copy_user_test_oob+0x4aa/0x10f0 [ 22.040714] kasan_check_range+0x10c/0x1c0 [ 22.040768] __kasan_check_read+0x15/0x20 [ 22.040851] copy_user_test_oob+0x4aa/0x10f0 [ 22.040908] ? __pfx_copy_user_test_oob+0x10/0x10 [ 22.041011] ? finish_task_switch.isra.0+0x153/0x700 [ 22.041060] ? __switch_to+0x47/0xf50 [ 22.041128] ? __schedule+0x10cc/0x2b60 [ 22.041172] ? __pfx_read_tsc+0x10/0x10 [ 22.041200] ? ktime_get_ts64+0x86/0x230 [ 22.041227] kunit_try_run_case+0x1a5/0x480 [ 22.041277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.041309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.041336] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.041362] ? __kthread_parkme+0x82/0x180 [ 22.041386] ? preempt_count_sub+0x50/0x80 [ 22.041411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.041437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.041464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.041490] kthread+0x337/0x6f0 [ 22.041513] ? trace_preempt_on+0x20/0xc0 [ 22.041540] ? __pfx_kthread+0x10/0x10 [ 22.041565] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.041588] ? calculate_sigpending+0x7b/0xa0 [ 22.041615] ? __pfx_kthread+0x10/0x10 [ 22.041638] ret_from_fork+0x116/0x1d0 [ 22.041665] ? __pfx_kthread+0x10/0x10 [ 22.041727] ret_from_fork_asm+0x1a/0x30 [ 22.041764] </TASK> [ 22.041779] [ 22.053197] Allocated by task 302: [ 22.053710] kasan_save_stack+0x45/0x70 [ 22.054124] kasan_save_track+0x18/0x40 [ 22.054483] kasan_save_alloc_info+0x3b/0x50 [ 22.054849] __kasan_kmalloc+0xb7/0xc0 [ 22.055707] __kmalloc_noprof+0x1c9/0x500 [ 22.056116] kunit_kmalloc_array+0x25/0x60 [ 22.056483] copy_user_test_oob+0xab/0x10f0 [ 22.057132] kunit_try_run_case+0x1a5/0x480 [ 22.057409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.057666] kthread+0x337/0x6f0 [ 22.057938] ret_from_fork+0x116/0x1d0 [ 22.058186] ret_from_fork_asm+0x1a/0x30 [ 22.058433] [ 22.058583] The buggy address belongs to the object at ffff88810232e100 [ 22.058583] which belongs to the cache kmalloc-128 of size 128 [ 22.059495] The buggy address is located 0 bytes inside of [ 22.059495] allocated 120-byte region [ffff88810232e100, ffff88810232e178) [ 22.060519] [ 22.060721] The buggy address belongs to the physical page: [ 22.060956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232e [ 22.061482] flags: 0x200000000000000(node=0|zone=2) [ 22.061877] page_type: f5(slab) [ 22.062229] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.062723] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.063365] page dumped because: kasan: bad access detected [ 22.063833] [ 22.063945] Memory state around the buggy address: [ 22.064153] ffff88810232e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.064719] ffff88810232e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.065212] >ffff88810232e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.065595] ^ [ 22.066043] ffff88810232e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.066570] ffff88810232e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.067153] ==================================================================