Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.851837] ================================================================== [ 20.851889] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.851955] Read of size 121 at addr fff00000c1729a00 by task kunit_try_catch/285 [ 20.852006] [ 20.852037] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.852149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.852239] Hardware name: linux,dummy-virt (DT) [ 20.852371] Call trace: [ 20.852495] show_stack+0x20/0x38 (C) [ 20.852547] dump_stack_lvl+0x8c/0xd0 [ 20.852593] print_report+0x118/0x608 [ 20.852651] kasan_report+0xdc/0x128 [ 20.852709] kasan_check_range+0x100/0x1a8 [ 20.853063] __kasan_check_read+0x20/0x30 [ 20.853121] copy_user_test_oob+0x4a0/0xec8 [ 20.853313] kunit_try_run_case+0x170/0x3f0 [ 20.853363] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.853427] kthread+0x328/0x630 [ 20.853473] ret_from_fork+0x10/0x20 [ 20.853523] [ 20.853544] Allocated by task 285: [ 20.853573] kasan_save_stack+0x3c/0x68 [ 20.853622] kasan_save_track+0x20/0x40 [ 20.854142] kasan_save_alloc_info+0x40/0x58 [ 20.854336] __kasan_kmalloc+0xd4/0xd8 [ 20.854376] __kmalloc_noprof+0x190/0x4d0 [ 20.854534] kunit_kmalloc_array+0x34/0x88 [ 20.854640] copy_user_test_oob+0xac/0xec8 [ 20.854682] kunit_try_run_case+0x170/0x3f0 [ 20.854721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.854769] kthread+0x328/0x630 [ 20.854808] ret_from_fork+0x10/0x20 [ 20.854846] [ 20.854870] The buggy address belongs to the object at fff00000c1729a00 [ 20.854870] which belongs to the cache kmalloc-128 of size 128 [ 20.854930] The buggy address is located 0 bytes inside of [ 20.854930] allocated 120-byte region [fff00000c1729a00, fff00000c1729a78) [ 20.855056] [ 20.855086] The buggy address belongs to the physical page: [ 20.855118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729 [ 20.855180] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.855229] page_type: f5(slab) [ 20.855311] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.855860] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.855905] page dumped because: kasan: bad access detected [ 20.855990] [ 20.856094] Memory state around the buggy address: [ 20.856185] fff00000c1729900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.856237] fff00000c1729980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.856279] >fff00000c1729a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.856640] ^ [ 20.856680] fff00000c1729a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.856780] fff00000c1729b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.857141] ================================================================== [ 20.847347] ================================================================== [ 20.847415] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.847464] Write of size 121 at addr fff00000c1729a00 by task kunit_try_catch/285 [ 20.847516] [ 20.847546] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.847633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.847671] Hardware name: linux,dummy-virt (DT) [ 20.847754] Call trace: [ 20.847779] show_stack+0x20/0x38 (C) [ 20.847831] dump_stack_lvl+0x8c/0xd0 [ 20.847877] print_report+0x118/0x608 [ 20.847925] kasan_report+0xdc/0x128 [ 20.847982] kasan_check_range+0x100/0x1a8 [ 20.848043] __kasan_check_write+0x20/0x30 [ 20.848149] copy_user_test_oob+0x434/0xec8 [ 20.848215] kunit_try_run_case+0x170/0x3f0 [ 20.848449] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.848505] kthread+0x328/0x630 [ 20.848551] ret_from_fork+0x10/0x20 [ 20.848606] [ 20.848712] Allocated by task 285: [ 20.848829] kasan_save_stack+0x3c/0x68 [ 20.848870] kasan_save_track+0x20/0x40 [ 20.848972] kasan_save_alloc_info+0x40/0x58 [ 20.849021] __kasan_kmalloc+0xd4/0xd8 [ 20.849178] __kmalloc_noprof+0x190/0x4d0 [ 20.849218] kunit_kmalloc_array+0x34/0x88 [ 20.849255] copy_user_test_oob+0xac/0xec8 [ 20.849292] kunit_try_run_case+0x170/0x3f0 [ 20.849331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.849384] kthread+0x328/0x630 [ 20.849424] ret_from_fork+0x10/0x20 [ 20.849473] [ 20.849495] The buggy address belongs to the object at fff00000c1729a00 [ 20.849495] which belongs to the cache kmalloc-128 of size 128 [ 20.849554] The buggy address is located 0 bytes inside of [ 20.849554] allocated 120-byte region [fff00000c1729a00, fff00000c1729a78) [ 20.849736] [ 20.849760] The buggy address belongs to the physical page: [ 20.849936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729 [ 20.849988] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.850039] page_type: f5(slab) [ 20.850084] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.850165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.850215] page dumped because: kasan: bad access detected [ 20.850293] [ 20.850313] Memory state around the buggy address: [ 20.850346] fff00000c1729900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.850392] fff00000c1729980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.850445] >fff00000c1729a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.850495] ^ [ 20.850535] fff00000c1729a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.850581] fff00000c1729b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.850620] ================================================================== [ 20.835374] ================================================================== [ 20.835437] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.835489] Write of size 121 at addr fff00000c1729a00 by task kunit_try_catch/285 [ 20.835947] [ 20.836093] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.836245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.836273] Hardware name: linux,dummy-virt (DT) [ 20.836308] Call trace: [ 20.836332] show_stack+0x20/0x38 (C) [ 20.836934] dump_stack_lvl+0x8c/0xd0 [ 20.837234] print_report+0x118/0x608 [ 20.837340] kasan_report+0xdc/0x128 [ 20.837388] kasan_check_range+0x100/0x1a8 [ 20.837439] __kasan_check_write+0x20/0x30 [ 20.837489] copy_user_test_oob+0x35c/0xec8 [ 20.837538] kunit_try_run_case+0x170/0x3f0 [ 20.837585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.837638] kthread+0x328/0x630 [ 20.837687] ret_from_fork+0x10/0x20 [ 20.837985] [ 20.838024] Allocated by task 285: [ 20.838070] kasan_save_stack+0x3c/0x68 [ 20.838114] kasan_save_track+0x20/0x40 [ 20.838154] kasan_save_alloc_info+0x40/0x58 [ 20.838207] __kasan_kmalloc+0xd4/0xd8 [ 20.838247] __kmalloc_noprof+0x190/0x4d0 [ 20.838285] kunit_kmalloc_array+0x34/0x88 [ 20.838323] copy_user_test_oob+0xac/0xec8 [ 20.838753] kunit_try_run_case+0x170/0x3f0 [ 20.838943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.839058] kthread+0x328/0x630 [ 20.839108] ret_from_fork+0x10/0x20 [ 20.839484] [ 20.839560] The buggy address belongs to the object at fff00000c1729a00 [ 20.839560] which belongs to the cache kmalloc-128 of size 128 [ 20.839656] The buggy address is located 0 bytes inside of [ 20.839656] allocated 120-byte region [fff00000c1729a00, fff00000c1729a78) [ 20.839728] [ 20.839751] The buggy address belongs to the physical page: [ 20.839785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729 [ 20.839979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.840290] page_type: f5(slab) [ 20.840402] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.840531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.840589] page dumped because: kasan: bad access detected [ 20.840623] [ 20.840645] Memory state around the buggy address: [ 20.840690] fff00000c1729900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.840777] fff00000c1729980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.840923] >fff00000c1729a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.841258] ^ [ 20.841431] fff00000c1729a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.841479] fff00000c1729b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.841556] ================================================================== [ 20.820317] ================================================================== [ 20.820371] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.820423] Read of size 121 at addr fff00000c1729a00 by task kunit_try_catch/285 [ 20.820475] [ 20.820507] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.821482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.821526] Hardware name: linux,dummy-virt (DT) [ 20.821785] Call trace: [ 20.821818] show_stack+0x20/0x38 (C) [ 20.821876] dump_stack_lvl+0x8c/0xd0 [ 20.821923] print_report+0x118/0x608 [ 20.821971] kasan_report+0xdc/0x128 [ 20.822018] kasan_check_range+0x100/0x1a8 [ 20.822343] __kasan_check_read+0x20/0x30 [ 20.822640] copy_user_test_oob+0x728/0xec8 [ 20.822763] kunit_try_run_case+0x170/0x3f0 [ 20.822814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.822880] kthread+0x328/0x630 [ 20.822928] ret_from_fork+0x10/0x20 [ 20.823384] [ 20.823510] Allocated by task 285: [ 20.823551] kasan_save_stack+0x3c/0x68 [ 20.823596] kasan_save_track+0x20/0x40 [ 20.823634] kasan_save_alloc_info+0x40/0x58 [ 20.823696] __kasan_kmalloc+0xd4/0xd8 [ 20.823887] __kmalloc_noprof+0x190/0x4d0 [ 20.823929] kunit_kmalloc_array+0x34/0x88 [ 20.823966] copy_user_test_oob+0xac/0xec8 [ 20.824007] kunit_try_run_case+0x170/0x3f0 [ 20.824188] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.824284] kthread+0x328/0x630 [ 20.824366] ret_from_fork+0x10/0x20 [ 20.824404] [ 20.824476] The buggy address belongs to the object at fff00000c1729a00 [ 20.824476] which belongs to the cache kmalloc-128 of size 128 [ 20.824685] The buggy address is located 0 bytes inside of [ 20.824685] allocated 120-byte region [fff00000c1729a00, fff00000c1729a78) [ 20.824750] [ 20.824772] The buggy address belongs to the physical page: [ 20.824812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729 [ 20.825078] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.825455] page_type: f5(slab) [ 20.825594] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.825694] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.825884] page dumped because: kasan: bad access detected [ 20.826179] [ 20.826204] Memory state around the buggy address: [ 20.826300] fff00000c1729900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.826377] fff00000c1729980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.826423] >fff00000c1729a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.826465] ^ [ 20.826704] fff00000c1729a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.826758] fff00000c1729b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.827149] ================================================================== [ 20.806813] ================================================================== [ 20.807142] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.807652] Write of size 121 at addr fff00000c1729a00 by task kunit_try_catch/285 [ 20.807710] [ 20.807761] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.807985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.808015] Hardware name: linux,dummy-virt (DT) [ 20.808055] Call trace: [ 20.808088] show_stack+0x20/0x38 (C) [ 20.808143] dump_stack_lvl+0x8c/0xd0 [ 20.808208] print_report+0x118/0x608 [ 20.808255] kasan_report+0xdc/0x128 [ 20.808302] kasan_check_range+0x100/0x1a8 [ 20.808350] __kasan_check_write+0x20/0x30 [ 20.808400] copy_user_test_oob+0x234/0xec8 [ 20.808449] kunit_try_run_case+0x170/0x3f0 [ 20.808502] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.808554] kthread+0x328/0x630 [ 20.808603] ret_from_fork+0x10/0x20 [ 20.808662] [ 20.808761] Allocated by task 285: [ 20.808838] kasan_save_stack+0x3c/0x68 [ 20.808968] kasan_save_track+0x20/0x40 [ 20.809015] kasan_save_alloc_info+0x40/0x58 [ 20.809150] __kasan_kmalloc+0xd4/0xd8 [ 20.809431] __kmalloc_noprof+0x190/0x4d0 [ 20.809675] kunit_kmalloc_array+0x34/0x88 [ 20.809723] copy_user_test_oob+0xac/0xec8 [ 20.809766] kunit_try_run_case+0x170/0x3f0 [ 20.809880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.810003] kthread+0x328/0x630 [ 20.810351] ret_from_fork+0x10/0x20 [ 20.810515] [ 20.810547] The buggy address belongs to the object at fff00000c1729a00 [ 20.810547] which belongs to the cache kmalloc-128 of size 128 [ 20.810752] The buggy address is located 0 bytes inside of [ 20.810752] allocated 120-byte region [fff00000c1729a00, fff00000c1729a78) [ 20.810829] [ 20.810856] The buggy address belongs to the physical page: [ 20.810893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729 [ 20.810957] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.811028] page_type: f5(slab) [ 20.811174] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.811237] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.811280] page dumped because: kasan: bad access detected [ 20.811316] [ 20.811339] Memory state around the buggy address: [ 20.811374] fff00000c1729900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.811419] fff00000c1729980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.811463] >fff00000c1729a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.811920] ^ [ 20.812024] fff00000c1729a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.812226] fff00000c1729b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.812293] ================================================================== [ 20.842740] ================================================================== [ 20.842798] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.842864] Read of size 121 at addr fff00000c1729a00 by task kunit_try_catch/285 [ 20.842926] [ 20.842979] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.843198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.843301] Hardware name: linux,dummy-virt (DT) [ 20.843333] Call trace: [ 20.843357] show_stack+0x20/0x38 (C) [ 20.843409] dump_stack_lvl+0x8c/0xd0 [ 20.843455] print_report+0x118/0x608 [ 20.844004] kasan_report+0xdc/0x128 [ 20.844060] kasan_check_range+0x100/0x1a8 [ 20.844110] __kasan_check_read+0x20/0x30 [ 20.844179] copy_user_test_oob+0x3c8/0xec8 [ 20.844237] kunit_try_run_case+0x170/0x3f0 [ 20.844286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.844339] kthread+0x328/0x630 [ 20.844385] ret_from_fork+0x10/0x20 [ 20.844521] [ 20.844622] Allocated by task 285: [ 20.844705] kasan_save_stack+0x3c/0x68 [ 20.844754] kasan_save_track+0x20/0x40 [ 20.844935] kasan_save_alloc_info+0x40/0x58 [ 20.844977] __kasan_kmalloc+0xd4/0xd8 [ 20.845020] __kmalloc_noprof+0x190/0x4d0 [ 20.845211] kunit_kmalloc_array+0x34/0x88 [ 20.845268] copy_user_test_oob+0xac/0xec8 [ 20.845320] kunit_try_run_case+0x170/0x3f0 [ 20.845468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.845512] kthread+0x328/0x630 [ 20.845550] ret_from_fork+0x10/0x20 [ 20.845593] [ 20.845710] The buggy address belongs to the object at fff00000c1729a00 [ 20.845710] which belongs to the cache kmalloc-128 of size 128 [ 20.846234] The buggy address is located 0 bytes inside of [ 20.846234] allocated 120-byte region [fff00000c1729a00, fff00000c1729a78) [ 20.846300] [ 20.846324] The buggy address belongs to the physical page: [ 20.846357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729 [ 20.846409] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.846457] page_type: f5(slab) [ 20.846496] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.846547] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.846590] page dumped because: kasan: bad access detected [ 20.846637] [ 20.846657] Memory state around the buggy address: [ 20.846690] fff00000c1729900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.846739] fff00000c1729980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.846784] >fff00000c1729a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.846822] ^ [ 20.846862] fff00000c1729a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.847020] fff00000c1729b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.847084] ==================================================================
[ 18.021593] ================================================================== [ 18.021844] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 18.022121] Read of size 121 at addr ffff888102b5b800 by task kunit_try_catch/303 [ 18.022624] [ 18.022703] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 18.022756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.022770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.022792] Call Trace: [ 18.022812] <TASK> [ 18.022833] dump_stack_lvl+0x73/0xb0 [ 18.022864] print_report+0xd1/0x650 [ 18.022888] ? __virt_addr_valid+0x1db/0x2d0 [ 18.022912] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.022937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.022961] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.022986] kasan_report+0x141/0x180 [ 18.023010] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.023040] kasan_check_range+0x10c/0x1c0 [ 18.023065] __kasan_check_read+0x15/0x20 [ 18.023087] copy_user_test_oob+0x4aa/0x10f0 [ 18.023114] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.023138] ? finish_task_switch.isra.0+0x153/0x700 [ 18.023161] ? __switch_to+0x47/0xf50 [ 18.023186] ? __schedule+0x10cc/0x2b60 [ 18.023210] ? __pfx_read_tsc+0x10/0x10 [ 18.023244] ? ktime_get_ts64+0x86/0x230 [ 18.023271] kunit_try_run_case+0x1a5/0x480 [ 18.023297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.023320] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.023344] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.023369] ? __kthread_parkme+0x82/0x180 [ 18.023391] ? preempt_count_sub+0x50/0x80 [ 18.023415] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.023439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.023463] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.023487] kthread+0x337/0x6f0 [ 18.023508] ? trace_preempt_on+0x20/0xc0 [ 18.023532] ? __pfx_kthread+0x10/0x10 [ 18.023554] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.023574] ? calculate_sigpending+0x7b/0xa0 [ 18.023599] ? __pfx_kthread+0x10/0x10 [ 18.023621] ret_from_fork+0x116/0x1d0 [ 18.023640] ? __pfx_kthread+0x10/0x10 [ 18.023662] ret_from_fork_asm+0x1a/0x30 [ 18.023694] </TASK> [ 18.023706] [ 18.030051] Allocated by task 303: [ 18.030234] kasan_save_stack+0x45/0x70 [ 18.030341] kasan_save_track+0x18/0x40 [ 18.030541] kasan_save_alloc_info+0x3b/0x50 [ 18.030669] __kasan_kmalloc+0xb7/0xc0 [ 18.030805] __kmalloc_noprof+0x1c9/0x500 [ 18.030900] kunit_kmalloc_array+0x25/0x60 [ 18.030993] copy_user_test_oob+0xab/0x10f0 [ 18.031255] kunit_try_run_case+0x1a5/0x480 [ 18.031480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.031683] kthread+0x337/0x6f0 [ 18.031767] ret_from_fork+0x116/0x1d0 [ 18.031851] ret_from_fork_asm+0x1a/0x30 [ 18.032093] [ 18.032208] The buggy address belongs to the object at ffff888102b5b800 [ 18.032208] which belongs to the cache kmalloc-128 of size 128 [ 18.032682] The buggy address is located 0 bytes inside of [ 18.032682] allocated 120-byte region [ffff888102b5b800, ffff888102b5b878) [ 18.032982] [ 18.033096] The buggy address belongs to the physical page: [ 18.033280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b5b [ 18.033424] flags: 0x200000000000000(node=0|zone=2) [ 18.033529] page_type: f5(slab) [ 18.033617] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.033884] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.034198] page dumped because: kasan: bad access detected [ 18.034478] [ 18.034605] Memory state around the buggy address: [ 18.034866] ffff888102b5b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.034999] ffff888102b5b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.035131] >ffff888102b5b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.035515] ^ [ 18.035896] ffff888102b5b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.036147] ffff888102b5b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.036324] ================================================================== [ 18.004793] ================================================================== [ 18.005128] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 18.005396] Write of size 121 at addr ffff888102b5b800 by task kunit_try_catch/303 [ 18.005806] [ 18.005926] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 18.005985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.005999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.006022] Call Trace: [ 18.006040] <TASK> [ 18.006060] dump_stack_lvl+0x73/0xb0 [ 18.006100] print_report+0xd1/0x650 [ 18.006127] ? __virt_addr_valid+0x1db/0x2d0 [ 18.006150] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.006176] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.006199] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.006309] kasan_report+0x141/0x180 [ 18.006362] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.006396] kasan_check_range+0x10c/0x1c0 [ 18.006423] __kasan_check_write+0x18/0x20 [ 18.006447] copy_user_test_oob+0x3fd/0x10f0 [ 18.006475] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.006500] ? finish_task_switch.isra.0+0x153/0x700 [ 18.006526] ? __switch_to+0x47/0xf50 [ 18.006556] ? __schedule+0x10cc/0x2b60 [ 18.006581] ? __pfx_read_tsc+0x10/0x10 [ 18.006604] ? ktime_get_ts64+0x86/0x230 [ 18.006631] kunit_try_run_case+0x1a5/0x480 [ 18.006659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.006684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.006709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.006733] ? __kthread_parkme+0x82/0x180 [ 18.006756] ? preempt_count_sub+0x50/0x80 [ 18.006781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.006806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.006831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.006856] kthread+0x337/0x6f0 [ 18.006877] ? trace_preempt_on+0x20/0xc0 [ 18.006904] ? __pfx_kthread+0x10/0x10 [ 18.006926] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.006949] ? calculate_sigpending+0x7b/0xa0 [ 18.006976] ? __pfx_kthread+0x10/0x10 [ 18.006999] ret_from_fork+0x116/0x1d0 [ 18.007020] ? __pfx_kthread+0x10/0x10 [ 18.007042] ret_from_fork_asm+0x1a/0x30 [ 18.007076] </TASK> [ 18.007090] [ 18.012714] Allocated by task 303: [ 18.012960] kasan_save_stack+0x45/0x70 [ 18.013204] kasan_save_track+0x18/0x40 [ 18.014176] kasan_save_alloc_info+0x3b/0x50 [ 18.014635] __kasan_kmalloc+0xb7/0xc0 [ 18.014784] __kmalloc_noprof+0x1c9/0x500 [ 18.014999] kunit_kmalloc_array+0x25/0x60 [ 18.015170] copy_user_test_oob+0xab/0x10f0 [ 18.015352] kunit_try_run_case+0x1a5/0x480 [ 18.015448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.015735] kthread+0x337/0x6f0 [ 18.015931] ret_from_fork+0x116/0x1d0 [ 18.016148] ret_from_fork_asm+0x1a/0x30 [ 18.016296] [ 18.016356] The buggy address belongs to the object at ffff888102b5b800 [ 18.016356] which belongs to the cache kmalloc-128 of size 128 [ 18.016800] The buggy address is located 0 bytes inside of [ 18.016800] allocated 120-byte region [ffff888102b5b800, ffff888102b5b878) [ 18.017274] [ 18.017409] The buggy address belongs to the physical page: [ 18.017633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b5b [ 18.017794] flags: 0x200000000000000(node=0|zone=2) [ 18.018070] page_type: f5(slab) [ 18.018262] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.018431] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.018771] page dumped because: kasan: bad access detected [ 18.018879] [ 18.018933] Memory state around the buggy address: [ 18.019042] ffff888102b5b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.019410] ffff888102b5b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.019820] >ffff888102b5b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.020131] ^ [ 18.020369] ffff888102b5b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.020578] ffff888102b5b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.020854] ================================================================== [ 18.050406] ================================================================== [ 18.050572] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 18.050760] Read of size 121 at addr ffff888102b5b800 by task kunit_try_catch/303 [ 18.051061] [ 18.051200] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 18.051259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.051273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.051295] Call Trace: [ 18.051311] <TASK> [ 18.051327] dump_stack_lvl+0x73/0xb0 [ 18.051355] print_report+0xd1/0x650 [ 18.051378] ? __virt_addr_valid+0x1db/0x2d0 [ 18.051402] ? copy_user_test_oob+0x604/0x10f0 [ 18.051426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.051449] ? copy_user_test_oob+0x604/0x10f0 [ 18.051474] kasan_report+0x141/0x180 [ 18.051496] ? copy_user_test_oob+0x604/0x10f0 [ 18.051525] kasan_check_range+0x10c/0x1c0 [ 18.051550] __kasan_check_read+0x15/0x20 [ 18.051571] copy_user_test_oob+0x604/0x10f0 [ 18.051598] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.051620] ? finish_task_switch.isra.0+0x153/0x700 [ 18.051641] ? __switch_to+0x47/0xf50 [ 18.051667] ? __schedule+0x10cc/0x2b60 [ 18.051689] ? __pfx_read_tsc+0x10/0x10 [ 18.051709] ? ktime_get_ts64+0x86/0x230 [ 18.051733] kunit_try_run_case+0x1a5/0x480 [ 18.051757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.051779] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.051801] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.051824] ? __kthread_parkme+0x82/0x180 [ 18.051844] ? preempt_count_sub+0x50/0x80 [ 18.051867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.051891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.051913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.051937] kthread+0x337/0x6f0 [ 18.051957] ? trace_preempt_on+0x20/0xc0 [ 18.051981] ? __pfx_kthread+0x10/0x10 [ 18.052002] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.052023] ? calculate_sigpending+0x7b/0xa0 [ 18.052048] ? __pfx_kthread+0x10/0x10 [ 18.052071] ret_from_fork+0x116/0x1d0 [ 18.052091] ? __pfx_kthread+0x10/0x10 [ 18.052112] ret_from_fork_asm+0x1a/0x30 [ 18.052144] </TASK> [ 18.052156] [ 18.058683] Allocated by task 303: [ 18.058850] kasan_save_stack+0x45/0x70 [ 18.058997] kasan_save_track+0x18/0x40 [ 18.059154] kasan_save_alloc_info+0x3b/0x50 [ 18.059331] __kasan_kmalloc+0xb7/0xc0 [ 18.059520] __kmalloc_noprof+0x1c9/0x500 [ 18.059664] kunit_kmalloc_array+0x25/0x60 [ 18.059841] copy_user_test_oob+0xab/0x10f0 [ 18.060034] kunit_try_run_case+0x1a5/0x480 [ 18.060127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.060241] kthread+0x337/0x6f0 [ 18.060322] ret_from_fork+0x116/0x1d0 [ 18.060407] ret_from_fork_asm+0x1a/0x30 [ 18.060494] [ 18.060546] The buggy address belongs to the object at ffff888102b5b800 [ 18.060546] which belongs to the cache kmalloc-128 of size 128 [ 18.061171] The buggy address is located 0 bytes inside of [ 18.061171] allocated 120-byte region [ffff888102b5b800, ffff888102b5b878) [ 18.061849] [ 18.061906] The buggy address belongs to the physical page: [ 18.062009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b5b [ 18.062148] flags: 0x200000000000000(node=0|zone=2) [ 18.062260] page_type: f5(slab) [ 18.062351] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.062759] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.063069] page dumped because: kasan: bad access detected [ 18.063351] [ 18.063447] Memory state around the buggy address: [ 18.063701] ffff888102b5b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.063880] ffff888102b5b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.064031] >ffff888102b5b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.064307] ^ [ 18.064550] ffff888102b5b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.064676] ffff888102b5b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.064846] ================================================================== [ 18.036827] ================================================================== [ 18.037101] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 18.037390] Write of size 121 at addr ffff888102b5b800 by task kunit_try_catch/303 [ 18.037665] [ 18.037756] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 18.037809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.037823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.037845] Call Trace: [ 18.037863] <TASK> [ 18.037882] dump_stack_lvl+0x73/0xb0 [ 18.037912] print_report+0xd1/0x650 [ 18.037938] ? __virt_addr_valid+0x1db/0x2d0 [ 18.037962] ? copy_user_test_oob+0x557/0x10f0 [ 18.037986] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.038011] ? copy_user_test_oob+0x557/0x10f0 [ 18.038037] kasan_report+0x141/0x180 [ 18.038061] ? copy_user_test_oob+0x557/0x10f0 [ 18.038091] kasan_check_range+0x10c/0x1c0 [ 18.038117] __kasan_check_write+0x18/0x20 [ 18.038138] copy_user_test_oob+0x557/0x10f0 [ 18.038166] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.038191] ? finish_task_switch.isra.0+0x153/0x700 [ 18.038214] ? __switch_to+0x47/0xf50 [ 18.038253] ? __schedule+0x10cc/0x2b60 [ 18.038277] ? __pfx_read_tsc+0x10/0x10 [ 18.038298] ? ktime_get_ts64+0x86/0x230 [ 18.038322] kunit_try_run_case+0x1a5/0x480 [ 18.038359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.038387] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.038412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.038436] ? __kthread_parkme+0x82/0x180 [ 18.038458] ? preempt_count_sub+0x50/0x80 [ 18.038484] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.038509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.038531] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.038555] kthread+0x337/0x6f0 [ 18.038577] ? trace_preempt_on+0x20/0xc0 [ 18.038601] ? __pfx_kthread+0x10/0x10 [ 18.038623] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.038645] ? calculate_sigpending+0x7b/0xa0 [ 18.038670] ? __pfx_kthread+0x10/0x10 [ 18.038693] ret_from_fork+0x116/0x1d0 [ 18.038712] ? __pfx_kthread+0x10/0x10 [ 18.038735] ret_from_fork_asm+0x1a/0x30 [ 18.038768] </TASK> [ 18.038780] [ 18.043968] Allocated by task 303: [ 18.044064] kasan_save_stack+0x45/0x70 [ 18.044160] kasan_save_track+0x18/0x40 [ 18.044346] kasan_save_alloc_info+0x3b/0x50 [ 18.044599] __kasan_kmalloc+0xb7/0xc0 [ 18.044771] __kmalloc_noprof+0x1c9/0x500 [ 18.044948] kunit_kmalloc_array+0x25/0x60 [ 18.045139] copy_user_test_oob+0xab/0x10f0 [ 18.045382] kunit_try_run_case+0x1a5/0x480 [ 18.045623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.045871] kthread+0x337/0x6f0 [ 18.046031] ret_from_fork+0x116/0x1d0 [ 18.046192] ret_from_fork_asm+0x1a/0x30 [ 18.046294] [ 18.046358] The buggy address belongs to the object at ffff888102b5b800 [ 18.046358] which belongs to the cache kmalloc-128 of size 128 [ 18.046879] The buggy address is located 0 bytes inside of [ 18.046879] allocated 120-byte region [ffff888102b5b800, ffff888102b5b878) [ 18.047307] [ 18.047369] The buggy address belongs to the physical page: [ 18.047476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b5b [ 18.047911] flags: 0x200000000000000(node=0|zone=2) [ 18.048192] page_type: f5(slab) [ 18.048306] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.048446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.048594] page dumped because: kasan: bad access detected [ 18.048703] [ 18.048810] Memory state around the buggy address: [ 18.049047] ffff888102b5b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.049317] ffff888102b5b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.049547] >ffff888102b5b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.049674] ^ [ 18.049800] ffff888102b5b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.049924] ffff888102b5b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.050043] ==================================================================