Date
May 13, 2025, 12:07 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 22.332245] ================================================================== [ 22.332336] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 22.332967] Write of size 121 at addr fff00000c6620c00 by task kunit_try_catch/285 [ 22.333055] [ 22.333186] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.333576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.333632] Hardware name: linux,dummy-virt (DT) [ 22.333675] Call trace: [ 22.333704] show_stack+0x20/0x38 (C) [ 22.333779] dump_stack_lvl+0x8c/0xd0 [ 22.333844] print_report+0x118/0x608 [ 22.333905] kasan_report+0xdc/0x128 [ 22.333958] kasan_check_range+0x100/0x1a8 [ 22.334362] __kasan_check_write+0x20/0x30 [ 22.334425] copy_user_test_oob+0x35c/0xec8 [ 22.334565] kunit_try_run_case+0x170/0x3f0 [ 22.334626] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.334798] kthread+0x328/0x630 [ 22.335202] ret_from_fork+0x10/0x20 [ 22.335272] [ 22.335296] Allocated by task 285: [ 22.335338] kasan_save_stack+0x3c/0x68 [ 22.335391] kasan_save_track+0x20/0x40 [ 22.335482] kasan_save_alloc_info+0x40/0x58 [ 22.335527] __kasan_kmalloc+0xd4/0xd8 [ 22.335589] __kmalloc_noprof+0x190/0x4d0 [ 22.335647] kunit_kmalloc_array+0x34/0x88 [ 22.335692] copy_user_test_oob+0xac/0xec8 [ 22.335770] kunit_try_run_case+0x170/0x3f0 [ 22.335810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.335853] kthread+0x328/0x630 [ 22.335891] ret_from_fork+0x10/0x20 [ 22.335930] [ 22.335953] The buggy address belongs to the object at fff00000c6620c00 [ 22.335953] which belongs to the cache kmalloc-128 of size 128 [ 22.336029] The buggy address is located 0 bytes inside of [ 22.336029] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.336098] [ 22.336125] The buggy address belongs to the physical page: [ 22.336162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.336253] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.336342] page_type: f5(slab) [ 22.336415] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.336524] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.336571] page dumped because: kasan: bad access detected [ 22.336610] [ 22.336633] Memory state around the buggy address: [ 22.336676] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.336750] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.336863] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.336909] ^ [ 22.336954] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.337013] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.337060] ================================================================== [ 22.345537] ================================================================== [ 22.345597] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 22.345662] Read of size 121 at addr fff00000c6620c00 by task kunit_try_catch/285 [ 22.345721] [ 22.345760] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.345881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.345942] Hardware name: linux,dummy-virt (DT) [ 22.346001] Call trace: [ 22.346033] show_stack+0x20/0x38 (C) [ 22.346092] dump_stack_lvl+0x8c/0xd0 [ 22.346179] print_report+0x118/0x608 [ 22.346233] kasan_report+0xdc/0x128 [ 22.346284] kasan_check_range+0x100/0x1a8 [ 22.346352] __kasan_check_read+0x20/0x30 [ 22.346496] copy_user_test_oob+0x4a0/0xec8 [ 22.346568] kunit_try_run_case+0x170/0x3f0 [ 22.346622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.346681] kthread+0x328/0x630 [ 22.346736] ret_from_fork+0x10/0x20 [ 22.346802] [ 22.346827] Allocated by task 285: [ 22.347058] kasan_save_stack+0x3c/0x68 [ 22.347164] kasan_save_track+0x20/0x40 [ 22.347220] kasan_save_alloc_info+0x40/0x58 [ 22.347285] __kasan_kmalloc+0xd4/0xd8 [ 22.347327] __kmalloc_noprof+0x190/0x4d0 [ 22.347371] kunit_kmalloc_array+0x34/0x88 [ 22.347413] copy_user_test_oob+0xac/0xec8 [ 22.347460] kunit_try_run_case+0x170/0x3f0 [ 22.347503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.347566] kthread+0x328/0x630 [ 22.347606] ret_from_fork+0x10/0x20 [ 22.347647] [ 22.347703] The buggy address belongs to the object at fff00000c6620c00 [ 22.347703] which belongs to the cache kmalloc-128 of size 128 [ 22.347781] The buggy address is located 0 bytes inside of [ 22.347781] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.347850] [ 22.347875] The buggy address belongs to the physical page: [ 22.347911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.347980] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.348096] page_type: f5(slab) [ 22.348186] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.348306] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.348356] page dumped because: kasan: bad access detected [ 22.348396] [ 22.348421] Memory state around the buggy address: [ 22.348461] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.348519] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.348623] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.348685] ^ [ 22.348734] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.348784] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.348828] ================================================================== [ 22.338029] ================================================================== [ 22.338141] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 22.338217] Read of size 121 at addr fff00000c6620c00 by task kunit_try_catch/285 [ 22.338278] [ 22.338318] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.338417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.338507] Hardware name: linux,dummy-virt (DT) [ 22.338554] Call trace: [ 22.338642] show_stack+0x20/0x38 (C) [ 22.338709] dump_stack_lvl+0x8c/0xd0 [ 22.338764] print_report+0x118/0x608 [ 22.338868] kasan_report+0xdc/0x128 [ 22.338922] kasan_check_range+0x100/0x1a8 [ 22.338993] __kasan_check_read+0x20/0x30 [ 22.339055] copy_user_test_oob+0x3c8/0xec8 [ 22.339110] kunit_try_run_case+0x170/0x3f0 [ 22.339166] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.339265] kthread+0x328/0x630 [ 22.339326] ret_from_fork+0x10/0x20 [ 22.339385] [ 22.339412] Allocated by task 285: [ 22.339447] kasan_save_stack+0x3c/0x68 [ 22.339581] kasan_save_track+0x20/0x40 [ 22.339630] kasan_save_alloc_info+0x40/0x58 [ 22.339680] __kasan_kmalloc+0xd4/0xd8 [ 22.339723] __kmalloc_noprof+0x190/0x4d0 [ 22.339816] kunit_kmalloc_array+0x34/0x88 [ 22.339855] copy_user_test_oob+0xac/0xec8 [ 22.339895] kunit_try_run_case+0x170/0x3f0 [ 22.339936] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.339997] kthread+0x328/0x630 [ 22.340040] ret_from_fork+0x10/0x20 [ 22.340083] [ 22.340108] The buggy address belongs to the object at fff00000c6620c00 [ 22.340108] which belongs to the cache kmalloc-128 of size 128 [ 22.340180] The buggy address is located 0 bytes inside of [ 22.340180] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.340313] [ 22.340339] The buggy address belongs to the physical page: [ 22.340375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.340476] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.340533] page_type: f5(slab) [ 22.340623] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.340682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.340727] page dumped because: kasan: bad access detected [ 22.340765] [ 22.340787] Memory state around the buggy address: [ 22.340826] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.340875] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.340923] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.340963] ^ [ 22.341084] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.341207] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.341258] ================================================================== [ 22.300482] ================================================================== [ 22.300720] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 22.300881] Write of size 121 at addr fff00000c6620c00 by task kunit_try_catch/285 [ 22.300992] [ 22.301051] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.301352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.301388] Hardware name: linux,dummy-virt (DT) [ 22.301432] Call trace: [ 22.301466] show_stack+0x20/0x38 (C) [ 22.301533] dump_stack_lvl+0x8c/0xd0 [ 22.301593] print_report+0x118/0x608 [ 22.301647] kasan_report+0xdc/0x128 [ 22.301700] kasan_check_range+0x100/0x1a8 [ 22.301753] __kasan_check_write+0x20/0x30 [ 22.301832] copy_user_test_oob+0x234/0xec8 [ 22.301892] kunit_try_run_case+0x170/0x3f0 [ 22.301953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.302027] kthread+0x328/0x630 [ 22.302258] ret_from_fork+0x10/0x20 [ 22.302360] [ 22.302390] Allocated by task 285: [ 22.302432] kasan_save_stack+0x3c/0x68 [ 22.302486] kasan_save_track+0x20/0x40 [ 22.302532] kasan_save_alloc_info+0x40/0x58 [ 22.302577] __kasan_kmalloc+0xd4/0xd8 [ 22.303132] __kmalloc_noprof+0x190/0x4d0 [ 22.303198] kunit_kmalloc_array+0x34/0x88 [ 22.303244] copy_user_test_oob+0xac/0xec8 [ 22.303288] kunit_try_run_case+0x170/0x3f0 [ 22.303335] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.303383] kthread+0x328/0x630 [ 22.303425] ret_from_fork+0x10/0x20 [ 22.303470] [ 22.303498] The buggy address belongs to the object at fff00000c6620c00 [ 22.303498] which belongs to the cache kmalloc-128 of size 128 [ 22.303570] The buggy address is located 0 bytes inside of [ 22.303570] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.303641] [ 22.303670] The buggy address belongs to the physical page: [ 22.303710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.303778] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.303840] page_type: f5(slab) [ 22.303894] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.303956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.304025] page dumped because: kasan: bad access detected [ 22.304065] [ 22.304134] Memory state around the buggy address: [ 22.304218] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.304274] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.304414] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.304550] ^ [ 22.304670] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.304721] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.304957] ================================================================== [ 22.341683] ================================================================== [ 22.341743] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 22.341816] Write of size 121 at addr fff00000c6620c00 by task kunit_try_catch/285 [ 22.341880] [ 22.341921] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.342026] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.342073] Hardware name: linux,dummy-virt (DT) [ 22.342132] Call trace: [ 22.342160] show_stack+0x20/0x38 (C) [ 22.342218] dump_stack_lvl+0x8c/0xd0 [ 22.342272] print_report+0x118/0x608 [ 22.342323] kasan_report+0xdc/0x128 [ 22.342412] kasan_check_range+0x100/0x1a8 [ 22.342516] __kasan_check_write+0x20/0x30 [ 22.342601] copy_user_test_oob+0x434/0xec8 [ 22.342712] kunit_try_run_case+0x170/0x3f0 [ 22.342788] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.342846] kthread+0x328/0x630 [ 22.343059] ret_from_fork+0x10/0x20 [ 22.343123] [ 22.343161] Allocated by task 285: [ 22.343199] kasan_save_stack+0x3c/0x68 [ 22.343248] kasan_save_track+0x20/0x40 [ 22.343292] kasan_save_alloc_info+0x40/0x58 [ 22.343339] __kasan_kmalloc+0xd4/0xd8 [ 22.343384] __kmalloc_noprof+0x190/0x4d0 [ 22.343426] kunit_kmalloc_array+0x34/0x88 [ 22.343468] copy_user_test_oob+0xac/0xec8 [ 22.343511] kunit_try_run_case+0x170/0x3f0 [ 22.343555] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.343635] kthread+0x328/0x630 [ 22.343680] ret_from_fork+0x10/0x20 [ 22.343740] [ 22.343794] The buggy address belongs to the object at fff00000c6620c00 [ 22.343794] which belongs to the cache kmalloc-128 of size 128 [ 22.343943] The buggy address is located 0 bytes inside of [ 22.343943] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.344035] [ 22.344103] The buggy address belongs to the physical page: [ 22.344142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.344203] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.344259] page_type: f5(slab) [ 22.344308] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.344445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.344499] page dumped because: kasan: bad access detected [ 22.344565] [ 22.344596] Memory state around the buggy address: [ 22.344639] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.344692] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.344742] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.344787] ^ [ 22.344834] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.344900] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.345009] ================================================================== [ 22.313497] ================================================================== [ 22.313590] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 22.313676] Read of size 121 at addr fff00000c6620c00 by task kunit_try_catch/285 [ 22.313736] [ 22.313840] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.313961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.314008] Hardware name: linux,dummy-virt (DT) [ 22.314204] Call trace: [ 22.314649] show_stack+0x20/0x38 (C) [ 22.314717] dump_stack_lvl+0x8c/0xd0 [ 22.314772] print_report+0x118/0x608 [ 22.314822] kasan_report+0xdc/0x128 [ 22.314872] kasan_check_range+0x100/0x1a8 [ 22.314925] __kasan_check_read+0x20/0x30 [ 22.314986] copy_user_test_oob+0x728/0xec8 [ 22.315043] kunit_try_run_case+0x170/0x3f0 [ 22.315609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.315806] kthread+0x328/0x630 [ 22.316138] ret_from_fork+0x10/0x20 [ 22.316354] [ 22.316383] Allocated by task 285: [ 22.316711] kasan_save_stack+0x3c/0x68 [ 22.316780] kasan_save_track+0x20/0x40 [ 22.316827] kasan_save_alloc_info+0x40/0x58 [ 22.316876] __kasan_kmalloc+0xd4/0xd8 [ 22.316918] __kmalloc_noprof+0x190/0x4d0 [ 22.316964] kunit_kmalloc_array+0x34/0x88 [ 22.317024] copy_user_test_oob+0xac/0xec8 [ 22.317070] kunit_try_run_case+0x170/0x3f0 [ 22.318460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.318561] kthread+0x328/0x630 [ 22.318615] ret_from_fork+0x10/0x20 [ 22.318661] [ 22.318693] The buggy address belongs to the object at fff00000c6620c00 [ 22.318693] which belongs to the cache kmalloc-128 of size 128 [ 22.319295] The buggy address is located 0 bytes inside of [ 22.319295] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.319386] [ 22.319520] The buggy address belongs to the physical page: [ 22.319607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.319677] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.319880] page_type: f5(slab) [ 22.320097] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.320232] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.320420] page dumped because: kasan: bad access detected [ 22.320557] [ 22.320585] Memory state around the buggy address: [ 22.320628] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.320680] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.320728] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.320959] ^ [ 22.321053] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.321246] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.321293] ==================================================================
[ 15.235713] ================================================================== [ 15.236004] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.236394] Write of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.237252] [ 15.237429] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.237476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.237489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.237512] Call Trace: [ 15.237526] <TASK> [ 15.237542] dump_stack_lvl+0x73/0xb0 [ 15.237568] print_report+0xd1/0x650 [ 15.237592] ? __virt_addr_valid+0x1db/0x2d0 [ 15.237627] ? copy_user_test_oob+0x557/0x10f0 [ 15.237649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.237673] ? copy_user_test_oob+0x557/0x10f0 [ 15.237695] kasan_report+0x141/0x180 [ 15.237718] ? copy_user_test_oob+0x557/0x10f0 [ 15.237745] kasan_check_range+0x10c/0x1c0 [ 15.237770] __kasan_check_write+0x18/0x20 [ 15.237791] copy_user_test_oob+0x557/0x10f0 [ 15.237814] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.237835] ? finish_task_switch.isra.0+0x153/0x700 [ 15.237858] ? __switch_to+0x47/0xf50 [ 15.237884] ? __schedule+0x10cc/0x2b60 [ 15.237907] ? __pfx_read_tsc+0x10/0x10 [ 15.237928] ? ktime_get_ts64+0x86/0x230 [ 15.237953] kunit_try_run_case+0x1a5/0x480 [ 15.237978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.238001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.238024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.238047] ? __kthread_parkme+0x82/0x180 [ 15.238069] ? preempt_count_sub+0x50/0x80 [ 15.238093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.238117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.238141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.238185] kthread+0x337/0x6f0 [ 15.238207] ? trace_preempt_on+0x20/0xc0 [ 15.238230] ? __pfx_kthread+0x10/0x10 [ 15.238253] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.238274] ? calculate_sigpending+0x7b/0xa0 [ 15.238299] ? __pfx_kthread+0x10/0x10 [ 15.238322] ret_from_fork+0x116/0x1d0 [ 15.238341] ? __pfx_kthread+0x10/0x10 [ 15.238363] ret_from_fork_asm+0x1a/0x30 [ 15.238395] </TASK> [ 15.238408] [ 15.250472] Allocated by task 302: [ 15.250819] kasan_save_stack+0x45/0x70 [ 15.251202] kasan_save_track+0x18/0x40 [ 15.251388] kasan_save_alloc_info+0x3b/0x50 [ 15.251537] __kasan_kmalloc+0xb7/0xc0 [ 15.251794] __kmalloc_noprof+0x1c9/0x500 [ 15.252156] kunit_kmalloc_array+0x25/0x60 [ 15.252546] copy_user_test_oob+0xab/0x10f0 [ 15.252938] kunit_try_run_case+0x1a5/0x480 [ 15.253338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.253608] kthread+0x337/0x6f0 [ 15.253740] ret_from_fork+0x116/0x1d0 [ 15.253873] ret_from_fork_asm+0x1a/0x30 [ 15.254012] [ 15.254084] The buggy address belongs to the object at ffff8881029cec00 [ 15.254084] which belongs to the cache kmalloc-128 of size 128 [ 15.255057] The buggy address is located 0 bytes inside of [ 15.255057] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.256103] [ 15.256286] The buggy address belongs to the physical page: [ 15.256770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.257465] flags: 0x200000000000000(node=0|zone=2) [ 15.257806] page_type: f5(slab) [ 15.257933] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.258189] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.258857] page dumped because: kasan: bad access detected [ 15.259357] [ 15.259515] Memory state around the buggy address: [ 15.259945] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.260547] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.260775] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.260988] ^ [ 15.261211] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.261428] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.261707] ================================================================== [ 15.262729] ================================================================== [ 15.263418] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.264175] Read of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.264958] [ 15.265140] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.265204] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.265217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.265239] Call Trace: [ 15.265254] <TASK> [ 15.265271] dump_stack_lvl+0x73/0xb0 [ 15.265297] print_report+0xd1/0x650 [ 15.265321] ? __virt_addr_valid+0x1db/0x2d0 [ 15.265345] ? copy_user_test_oob+0x604/0x10f0 [ 15.265366] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.265390] ? copy_user_test_oob+0x604/0x10f0 [ 15.265411] kasan_report+0x141/0x180 [ 15.265435] ? copy_user_test_oob+0x604/0x10f0 [ 15.265461] kasan_check_range+0x10c/0x1c0 [ 15.265487] __kasan_check_read+0x15/0x20 [ 15.265507] copy_user_test_oob+0x604/0x10f0 [ 15.265531] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.265551] ? finish_task_switch.isra.0+0x153/0x700 [ 15.265575] ? __switch_to+0x47/0xf50 [ 15.265602] ? __schedule+0x10cc/0x2b60 [ 15.265633] ? __pfx_read_tsc+0x10/0x10 [ 15.265654] ? ktime_get_ts64+0x86/0x230 [ 15.265679] kunit_try_run_case+0x1a5/0x480 [ 15.265704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.265726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.265750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.265773] ? __kthread_parkme+0x82/0x180 [ 15.265794] ? preempt_count_sub+0x50/0x80 [ 15.265818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.265843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.265867] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.265890] kthread+0x337/0x6f0 [ 15.265911] ? trace_preempt_on+0x20/0xc0 [ 15.265935] ? __pfx_kthread+0x10/0x10 [ 15.265958] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.265979] ? calculate_sigpending+0x7b/0xa0 [ 15.266004] ? __pfx_kthread+0x10/0x10 [ 15.266026] ret_from_fork+0x116/0x1d0 [ 15.266046] ? __pfx_kthread+0x10/0x10 [ 15.266067] ret_from_fork_asm+0x1a/0x30 [ 15.266100] </TASK> [ 15.266111] [ 15.275422] Allocated by task 302: [ 15.275584] kasan_save_stack+0x45/0x70 [ 15.275805] kasan_save_track+0x18/0x40 [ 15.275993] kasan_save_alloc_info+0x3b/0x50 [ 15.276138] __kasan_kmalloc+0xb7/0xc0 [ 15.276291] __kmalloc_noprof+0x1c9/0x500 [ 15.276520] kunit_kmalloc_array+0x25/0x60 [ 15.276851] copy_user_test_oob+0xab/0x10f0 [ 15.277636] kunit_try_run_case+0x1a5/0x480 [ 15.278076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.278284] kthread+0x337/0x6f0 [ 15.278503] ret_from_fork+0x116/0x1d0 [ 15.278902] ret_from_fork_asm+0x1a/0x30 [ 15.279172] [ 15.279270] The buggy address belongs to the object at ffff8881029cec00 [ 15.279270] which belongs to the cache kmalloc-128 of size 128 [ 15.279989] The buggy address is located 0 bytes inside of [ 15.279989] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.280756] [ 15.280860] The buggy address belongs to the physical page: [ 15.281056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.281651] flags: 0x200000000000000(node=0|zone=2) [ 15.281949] page_type: f5(slab) [ 15.282280] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.282605] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.282935] page dumped because: kasan: bad access detected [ 15.283163] [ 15.283487] Memory state around the buggy address: [ 15.283733] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.284181] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.284633] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.285044] ^ [ 15.285444] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.285867] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.286229] ================================================================== [ 15.179526] ================================================================== [ 15.180198] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.180827] Write of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.181487] [ 15.181687] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.181737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.181751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.181773] Call Trace: [ 15.181786] <TASK> [ 15.181804] dump_stack_lvl+0x73/0xb0 [ 15.181831] print_report+0xd1/0x650 [ 15.181855] ? __virt_addr_valid+0x1db/0x2d0 [ 15.181879] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.181900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.181925] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.181946] kasan_report+0x141/0x180 [ 15.181970] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.181996] kasan_check_range+0x10c/0x1c0 [ 15.182022] __kasan_check_write+0x18/0x20 [ 15.182043] copy_user_test_oob+0x3fd/0x10f0 [ 15.182066] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.182086] ? finish_task_switch.isra.0+0x153/0x700 [ 15.182109] ? __switch_to+0x47/0xf50 [ 15.182136] ? __schedule+0x10cc/0x2b60 [ 15.182158] ? __pfx_read_tsc+0x10/0x10 [ 15.182202] ? ktime_get_ts64+0x86/0x230 [ 15.182227] kunit_try_run_case+0x1a5/0x480 [ 15.182251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.182275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.182297] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.182320] ? __kthread_parkme+0x82/0x180 [ 15.182342] ? preempt_count_sub+0x50/0x80 [ 15.182366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.182390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.182414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.182439] kthread+0x337/0x6f0 [ 15.182459] ? trace_preempt_on+0x20/0xc0 [ 15.182489] ? __pfx_kthread+0x10/0x10 [ 15.182511] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.182532] ? calculate_sigpending+0x7b/0xa0 [ 15.182557] ? __pfx_kthread+0x10/0x10 [ 15.182580] ret_from_fork+0x116/0x1d0 [ 15.182599] ? __pfx_kthread+0x10/0x10 [ 15.182631] ret_from_fork_asm+0x1a/0x30 [ 15.182663] </TASK> [ 15.182674] [ 15.194666] Allocated by task 302: [ 15.194800] kasan_save_stack+0x45/0x70 [ 15.194944] kasan_save_track+0x18/0x40 [ 15.195080] kasan_save_alloc_info+0x3b/0x50 [ 15.195372] __kasan_kmalloc+0xb7/0xc0 [ 15.195722] __kmalloc_noprof+0x1c9/0x500 [ 15.196081] kunit_kmalloc_array+0x25/0x60 [ 15.196484] copy_user_test_oob+0xab/0x10f0 [ 15.196874] kunit_try_run_case+0x1a5/0x480 [ 15.197281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.197771] kthread+0x337/0x6f0 [ 15.198076] ret_from_fork+0x116/0x1d0 [ 15.198449] ret_from_fork_asm+0x1a/0x30 [ 15.198828] [ 15.198989] The buggy address belongs to the object at ffff8881029cec00 [ 15.198989] which belongs to the cache kmalloc-128 of size 128 [ 15.199550] The buggy address is located 0 bytes inside of [ 15.199550] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.199916] [ 15.199990] The buggy address belongs to the physical page: [ 15.200186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.200857] flags: 0x200000000000000(node=0|zone=2) [ 15.201312] page_type: f5(slab) [ 15.201624] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.202300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.202965] page dumped because: kasan: bad access detected [ 15.203468] [ 15.203636] Memory state around the buggy address: [ 15.204060] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.204651] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.204868] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.205082] ^ [ 15.205571] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.206203] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.206835] ================================================================== [ 15.207687] ================================================================== [ 15.208343] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.208691] Read of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.208922] [ 15.209008] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.209055] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.209068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.209090] Call Trace: [ 15.209103] <TASK> [ 15.209119] dump_stack_lvl+0x73/0xb0 [ 15.209147] print_report+0xd1/0x650 [ 15.209197] ? __virt_addr_valid+0x1db/0x2d0 [ 15.209221] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.209243] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.209267] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.209289] kasan_report+0x141/0x180 [ 15.209314] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.209341] kasan_check_range+0x10c/0x1c0 [ 15.209367] __kasan_check_read+0x15/0x20 [ 15.209387] copy_user_test_oob+0x4aa/0x10f0 [ 15.209411] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.209431] ? finish_task_switch.isra.0+0x153/0x700 [ 15.209455] ? __switch_to+0x47/0xf50 [ 15.209482] ? __schedule+0x10cc/0x2b60 [ 15.209505] ? __pfx_read_tsc+0x10/0x10 [ 15.209526] ? ktime_get_ts64+0x86/0x230 [ 15.209551] kunit_try_run_case+0x1a5/0x480 [ 15.209575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.209598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.209629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.209653] ? __kthread_parkme+0x82/0x180 [ 15.209674] ? preempt_count_sub+0x50/0x80 [ 15.209698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.209723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.209747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.209770] kthread+0x337/0x6f0 [ 15.209792] ? trace_preempt_on+0x20/0xc0 [ 15.209815] ? __pfx_kthread+0x10/0x10 [ 15.209837] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.209858] ? calculate_sigpending+0x7b/0xa0 [ 15.209884] ? __pfx_kthread+0x10/0x10 [ 15.209907] ret_from_fork+0x116/0x1d0 [ 15.209925] ? __pfx_kthread+0x10/0x10 [ 15.209947] ret_from_fork_asm+0x1a/0x30 [ 15.209980] </TASK> [ 15.209991] [ 15.222208] Allocated by task 302: [ 15.222534] kasan_save_stack+0x45/0x70 [ 15.222905] kasan_save_track+0x18/0x40 [ 15.223273] kasan_save_alloc_info+0x3b/0x50 [ 15.223671] __kasan_kmalloc+0xb7/0xc0 [ 15.224033] __kmalloc_noprof+0x1c9/0x500 [ 15.224424] kunit_kmalloc_array+0x25/0x60 [ 15.224632] copy_user_test_oob+0xab/0x10f0 [ 15.224778] kunit_try_run_case+0x1a5/0x480 [ 15.224928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.225106] kthread+0x337/0x6f0 [ 15.225376] ret_from_fork+0x116/0x1d0 [ 15.225730] ret_from_fork_asm+0x1a/0x30 [ 15.226102] [ 15.226283] The buggy address belongs to the object at ffff8881029cec00 [ 15.226283] which belongs to the cache kmalloc-128 of size 128 [ 15.227353] The buggy address is located 0 bytes inside of [ 15.227353] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.228416] [ 15.228578] The buggy address belongs to the physical page: [ 15.228821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.229064] flags: 0x200000000000000(node=0|zone=2) [ 15.229378] page_type: f5(slab) [ 15.229683] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.230345] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.231005] page dumped because: kasan: bad access detected [ 15.231514] [ 15.231690] Memory state around the buggy address: [ 15.231936] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.232155] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.232791] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.233425] ^ [ 15.233971] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.234251] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.234874] ==================================================================