Date
May 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.301953] ================================================================== [ 21.302086] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.302198] Write of size 121 at addr fff00000c7893300 by task kunit_try_catch/285 [ 21.302312] [ 21.302392] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.302576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.302631] Hardware name: linux,dummy-virt (DT) [ 21.302704] Call trace: [ 21.302755] show_stack+0x20/0x38 (C) [ 21.303649] dump_stack_lvl+0x8c/0xd0 [ 21.303919] print_report+0x118/0x608 [ 21.304488] kasan_report+0xdc/0x128 [ 21.304616] kasan_check_range+0x100/0x1a8 [ 21.304855] __kasan_check_write+0x20/0x30 [ 21.305233] copy_user_test_oob+0x434/0xec8 [ 21.305355] kunit_try_run_case+0x170/0x3f0 [ 21.305471] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.305581] kthread+0x328/0x630 [ 21.305964] ret_from_fork+0x10/0x20 [ 21.306171] [ 21.306602] Allocated by task 285: [ 21.306689] kasan_save_stack+0x3c/0x68 [ 21.306995] kasan_save_track+0x20/0x40 [ 21.307122] kasan_save_alloc_info+0x40/0x58 [ 21.307553] __kasan_kmalloc+0xd4/0xd8 [ 21.307735] __kmalloc_noprof+0x190/0x4d0 [ 21.308033] kunit_kmalloc_array+0x34/0x88 [ 21.308209] copy_user_test_oob+0xac/0xec8 [ 21.308284] kunit_try_run_case+0x170/0x3f0 [ 21.308368] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.308474] kthread+0x328/0x630 [ 21.309295] ret_from_fork+0x10/0x20 [ 21.309396] [ 21.309444] The buggy address belongs to the object at fff00000c7893300 [ 21.309444] which belongs to the cache kmalloc-128 of size 128 [ 21.309587] The buggy address is located 0 bytes inside of [ 21.309587] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.309740] [ 21.309793] The buggy address belongs to the physical page: [ 21.310346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.310537] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.310649] page_type: f5(slab) [ 21.310738] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.310895] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.310998] page dumped because: kasan: bad access detected [ 21.311213] [ 21.311378] Memory state around the buggy address: [ 21.311595] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.311697] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.311887] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.312175] ^ [ 21.312282] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.312393] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.312625] ================================================================== [ 21.285138] ================================================================== [ 21.285562] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.285707] Write of size 121 at addr fff00000c7893300 by task kunit_try_catch/285 [ 21.285838] [ 21.285931] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.286148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.286217] Hardware name: linux,dummy-virt (DT) [ 21.286297] Call trace: [ 21.286356] show_stack+0x20/0x38 (C) [ 21.286465] dump_stack_lvl+0x8c/0xd0 [ 21.286573] print_report+0x118/0x608 [ 21.286681] kasan_report+0xdc/0x128 [ 21.286793] kasan_check_range+0x100/0x1a8 [ 21.286909] __kasan_check_write+0x20/0x30 [ 21.287010] copy_user_test_oob+0x35c/0xec8 [ 21.287120] kunit_try_run_case+0x170/0x3f0 [ 21.287234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.287366] kthread+0x328/0x630 [ 21.287464] ret_from_fork+0x10/0x20 [ 21.287573] [ 21.287618] Allocated by task 285: [ 21.287681] kasan_save_stack+0x3c/0x68 [ 21.287773] kasan_save_track+0x20/0x40 [ 21.287855] kasan_save_alloc_info+0x40/0x58 [ 21.287944] __kasan_kmalloc+0xd4/0xd8 [ 21.288023] __kmalloc_noprof+0x190/0x4d0 [ 21.288115] kunit_kmalloc_array+0x34/0x88 [ 21.289455] copy_user_test_oob+0xac/0xec8 [ 21.289613] kunit_try_run_case+0x170/0x3f0 [ 21.289690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.289772] kthread+0x328/0x630 [ 21.289842] ret_from_fork+0x10/0x20 [ 21.289938] [ 21.290068] The buggy address belongs to the object at fff00000c7893300 [ 21.290068] which belongs to the cache kmalloc-128 of size 128 [ 21.290200] The buggy address is located 0 bytes inside of [ 21.290200] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.290348] [ 21.290489] The buggy address belongs to the physical page: [ 21.290579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.290696] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.290809] page_type: f5(slab) [ 21.290893] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.290996] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.291265] page dumped because: kasan: bad access detected [ 21.291468] [ 21.291768] Memory state around the buggy address: [ 21.291881] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.292163] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.292284] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.292598] ^ [ 21.292905] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.293012] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.293311] ================================================================== [ 21.249936] ================================================================== [ 21.250594] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.251174] Write of size 121 at addr fff00000c7893300 by task kunit_try_catch/285 [ 21.251696] [ 21.251814] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.252016] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.252524] Hardware name: linux,dummy-virt (DT) [ 21.252944] Call trace: [ 21.253089] show_stack+0x20/0x38 (C) [ 21.253386] dump_stack_lvl+0x8c/0xd0 [ 21.253957] print_report+0x118/0x608 [ 21.254129] kasan_report+0xdc/0x128 [ 21.254229] kasan_check_range+0x100/0x1a8 [ 21.254342] __kasan_check_write+0x20/0x30 [ 21.254459] copy_user_test_oob+0x234/0xec8 [ 21.254564] kunit_try_run_case+0x170/0x3f0 [ 21.254675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.255063] kthread+0x328/0x630 [ 21.255179] ret_from_fork+0x10/0x20 [ 21.255238] [ 21.255261] Allocated by task 285: [ 21.255299] kasan_save_stack+0x3c/0x68 [ 21.255432] kasan_save_track+0x20/0x40 [ 21.255537] kasan_save_alloc_info+0x40/0x58 [ 21.255652] __kasan_kmalloc+0xd4/0xd8 [ 21.255740] __kmalloc_noprof+0x190/0x4d0 [ 21.255835] kunit_kmalloc_array+0x34/0x88 [ 21.255956] copy_user_test_oob+0xac/0xec8 [ 21.256029] kunit_try_run_case+0x170/0x3f0 [ 21.256100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.256207] kthread+0x328/0x630 [ 21.256278] ret_from_fork+0x10/0x20 [ 21.256371] [ 21.256420] The buggy address belongs to the object at fff00000c7893300 [ 21.256420] which belongs to the cache kmalloc-128 of size 128 [ 21.256640] The buggy address is located 0 bytes inside of [ 21.256640] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.256803] [ 21.256857] The buggy address belongs to the physical page: [ 21.256986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.257184] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.257364] page_type: f5(slab) [ 21.257476] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.257593] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.257690] page dumped because: kasan: bad access detected [ 21.257794] [ 21.257853] Memory state around the buggy address: [ 21.257948] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.258105] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.258211] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.258304] ^ [ 21.258407] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.258528] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.258655] ================================================================== [ 21.314428] ================================================================== [ 21.314542] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.314649] Read of size 121 at addr fff00000c7893300 by task kunit_try_catch/285 [ 21.314764] [ 21.315437] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.315707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.315993] Hardware name: linux,dummy-virt (DT) [ 21.316114] Call trace: [ 21.316164] show_stack+0x20/0x38 (C) [ 21.316275] dump_stack_lvl+0x8c/0xd0 [ 21.316413] print_report+0x118/0x608 [ 21.316603] kasan_report+0xdc/0x128 [ 21.316918] kasan_check_range+0x100/0x1a8 [ 21.317025] __kasan_check_read+0x20/0x30 [ 21.317135] copy_user_test_oob+0x4a0/0xec8 [ 21.317298] kunit_try_run_case+0x170/0x3f0 [ 21.317491] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.317628] kthread+0x328/0x630 [ 21.317721] ret_from_fork+0x10/0x20 [ 21.317826] [ 21.317872] Allocated by task 285: [ 21.317940] kasan_save_stack+0x3c/0x68 [ 21.318028] kasan_save_track+0x20/0x40 [ 21.318125] kasan_save_alloc_info+0x40/0x58 [ 21.318212] __kasan_kmalloc+0xd4/0xd8 [ 21.318291] __kmalloc_noprof+0x190/0x4d0 [ 21.318703] kunit_kmalloc_array+0x34/0x88 [ 21.318865] copy_user_test_oob+0xac/0xec8 [ 21.319011] kunit_try_run_case+0x170/0x3f0 [ 21.319136] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.319279] kthread+0x328/0x630 [ 21.319377] ret_from_fork+0x10/0x20 [ 21.319446] [ 21.319484] The buggy address belongs to the object at fff00000c7893300 [ 21.319484] which belongs to the cache kmalloc-128 of size 128 [ 21.319626] The buggy address is located 0 bytes inside of [ 21.319626] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.319913] [ 21.319957] The buggy address belongs to the physical page: [ 21.320024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.320142] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.320271] page_type: f5(slab) [ 21.320390] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.320561] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.320693] page dumped because: kasan: bad access detected [ 21.320817] [ 21.320863] Memory state around the buggy address: [ 21.320934] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.321306] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.321416] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.321505] ^ [ 21.321621] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.321731] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.321823] ================================================================== [ 21.294752] ================================================================== [ 21.294897] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.294962] Read of size 121 at addr fff00000c7893300 by task kunit_try_catch/285 [ 21.295014] [ 21.295051] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.295137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.295167] Hardware name: linux,dummy-virt (DT) [ 21.295201] Call trace: [ 21.295226] show_stack+0x20/0x38 (C) [ 21.295276] dump_stack_lvl+0x8c/0xd0 [ 21.295345] print_report+0x118/0x608 [ 21.295399] kasan_report+0xdc/0x128 [ 21.295444] kasan_check_range+0x100/0x1a8 [ 21.295492] __kasan_check_read+0x20/0x30 [ 21.295538] copy_user_test_oob+0x3c8/0xec8 [ 21.295583] kunit_try_run_case+0x170/0x3f0 [ 21.295631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.295683] kthread+0x328/0x630 [ 21.295723] ret_from_fork+0x10/0x20 [ 21.295771] [ 21.295793] Allocated by task 285: [ 21.295822] kasan_save_stack+0x3c/0x68 [ 21.295866] kasan_save_track+0x20/0x40 [ 21.295906] kasan_save_alloc_info+0x40/0x58 [ 21.295948] __kasan_kmalloc+0xd4/0xd8 [ 21.295984] __kmalloc_noprof+0x190/0x4d0 [ 21.296026] kunit_kmalloc_array+0x34/0x88 [ 21.296064] copy_user_test_oob+0xac/0xec8 [ 21.296101] kunit_try_run_case+0x170/0x3f0 [ 21.296141] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.296185] kthread+0x328/0x630 [ 21.296218] ret_from_fork+0x10/0x20 [ 21.296257] [ 21.296278] The buggy address belongs to the object at fff00000c7893300 [ 21.296278] which belongs to the cache kmalloc-128 of size 128 [ 21.296472] The buggy address is located 0 bytes inside of [ 21.296472] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.296813] [ 21.296987] The buggy address belongs to the physical page: [ 21.297279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.297613] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.297748] page_type: f5(slab) [ 21.297956] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.298099] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.298346] page dumped because: kasan: bad access detected [ 21.298469] [ 21.298783] Memory state around the buggy address: [ 21.298991] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.299243] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.299412] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.299766] ^ [ 21.300038] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.300138] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.300464] ================================================================== [ 21.266652] ================================================================== [ 21.266843] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.266978] Read of size 121 at addr fff00000c7893300 by task kunit_try_catch/285 [ 21.267107] [ 21.267201] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.267418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.267487] Hardware name: linux,dummy-virt (DT) [ 21.267746] Call trace: [ 21.267837] show_stack+0x20/0x38 (C) [ 21.267949] dump_stack_lvl+0x8c/0xd0 [ 21.268043] print_report+0x118/0x608 [ 21.268153] kasan_report+0xdc/0x128 [ 21.268259] kasan_check_range+0x100/0x1a8 [ 21.268411] __kasan_check_read+0x20/0x30 [ 21.268620] copy_user_test_oob+0x728/0xec8 [ 21.268781] kunit_try_run_case+0x170/0x3f0 [ 21.269359] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.269490] kthread+0x328/0x630 [ 21.269588] ret_from_fork+0x10/0x20 [ 21.269701] [ 21.269751] Allocated by task 285: [ 21.269817] kasan_save_stack+0x3c/0x68 [ 21.269913] kasan_save_track+0x20/0x40 [ 21.270001] kasan_save_alloc_info+0x40/0x58 [ 21.270100] __kasan_kmalloc+0xd4/0xd8 [ 21.270186] __kmalloc_noprof+0x190/0x4d0 [ 21.270278] kunit_kmalloc_array+0x34/0x88 [ 21.270380] copy_user_test_oob+0xac/0xec8 [ 21.270468] kunit_try_run_case+0x170/0x3f0 [ 21.270600] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.270712] kthread+0x328/0x630 [ 21.270810] ret_from_fork+0x10/0x20 [ 21.270945] [ 21.271005] The buggy address belongs to the object at fff00000c7893300 [ 21.271005] which belongs to the cache kmalloc-128 of size 128 [ 21.271146] The buggy address is located 0 bytes inside of [ 21.271146] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.271278] [ 21.271331] The buggy address belongs to the physical page: [ 21.271404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.271526] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.271669] page_type: f5(slab) [ 21.271757] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.271903] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.272016] page dumped because: kasan: bad access detected [ 21.272090] [ 21.272194] Memory state around the buggy address: [ 21.272377] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.272497] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.272709] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.272836] ^ [ 21.272968] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.273066] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.273148] ==================================================================
[ 15.156318] ================================================================== [ 15.156798] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.157387] Read of size 121 at addr ffff8881039b7800 by task kunit_try_catch/303 [ 15.157869] [ 15.158232] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 15.158285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.158298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.158322] Call Trace: [ 15.158338] <TASK> [ 15.158356] dump_stack_lvl+0x73/0xb0 [ 15.158398] print_report+0xd1/0x650 [ 15.158422] ? __virt_addr_valid+0x1db/0x2d0 [ 15.158446] ? copy_user_test_oob+0x604/0x10f0 [ 15.158470] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.158494] ? copy_user_test_oob+0x604/0x10f0 [ 15.158519] kasan_report+0x141/0x180 [ 15.158542] ? copy_user_test_oob+0x604/0x10f0 [ 15.158572] kasan_check_range+0x10c/0x1c0 [ 15.158597] __kasan_check_read+0x15/0x20 [ 15.158618] copy_user_test_oob+0x604/0x10f0 [ 15.158644] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.158668] ? finish_task_switch.isra.0+0x153/0x700 [ 15.158691] ? __switch_to+0x47/0xf50 [ 15.158740] ? __schedule+0x10cc/0x2b60 [ 15.158765] ? __pfx_read_tsc+0x10/0x10 [ 15.158787] ? ktime_get_ts64+0x86/0x230 [ 15.158812] kunit_try_run_case+0x1a5/0x480 [ 15.158834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.158855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.158880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.158905] ? __kthread_parkme+0x82/0x180 [ 15.158926] ? preempt_count_sub+0x50/0x80 [ 15.158950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.158972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.158997] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.159023] kthread+0x337/0x6f0 [ 15.159043] ? trace_preempt_on+0x20/0xc0 [ 15.159067] ? __pfx_kthread+0x10/0x10 [ 15.159089] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.159112] ? calculate_sigpending+0x7b/0xa0 [ 15.159136] ? __pfx_kthread+0x10/0x10 [ 15.159159] ret_from_fork+0x116/0x1d0 [ 15.159178] ? __pfx_kthread+0x10/0x10 [ 15.159199] ret_from_fork_asm+0x1a/0x30 [ 15.159230] </TASK> [ 15.159242] [ 15.166575] Allocated by task 303: [ 15.166806] kasan_save_stack+0x45/0x70 [ 15.166953] kasan_save_track+0x18/0x40 [ 15.167092] kasan_save_alloc_info+0x3b/0x50 [ 15.167306] __kasan_kmalloc+0xb7/0xc0 [ 15.167531] __kmalloc_noprof+0x1c9/0x500 [ 15.167741] kunit_kmalloc_array+0x25/0x60 [ 15.167944] copy_user_test_oob+0xab/0x10f0 [ 15.168176] kunit_try_run_case+0x1a5/0x480 [ 15.168354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.168636] kthread+0x337/0x6f0 [ 15.168889] ret_from_fork+0x116/0x1d0 [ 15.169055] ret_from_fork_asm+0x1a/0x30 [ 15.169260] [ 15.169358] The buggy address belongs to the object at ffff8881039b7800 [ 15.169358] which belongs to the cache kmalloc-128 of size 128 [ 15.169879] The buggy address is located 0 bytes inside of [ 15.169879] allocated 120-byte region [ffff8881039b7800, ffff8881039b7878) [ 15.170400] [ 15.170474] The buggy address belongs to the physical page: [ 15.170650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7 [ 15.171180] flags: 0x200000000000000(node=0|zone=2) [ 15.171355] page_type: f5(slab) [ 15.171487] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.172138] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.172480] page dumped because: kasan: bad access detected [ 15.172701] [ 15.172864] Memory state around the buggy address: [ 15.173021] ffff8881039b7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.173261] ffff8881039b7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.173587] >ffff8881039b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.173899] ^ [ 15.174211] ffff8881039b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.174553] ffff8881039b7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.174767] ================================================================== [ 15.107605] ================================================================== [ 15.108162] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.108631] Read of size 121 at addr ffff8881039b7800 by task kunit_try_catch/303 [ 15.109283] [ 15.109529] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 15.109609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.109625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.109647] Call Trace: [ 15.109666] <TASK> [ 15.109684] dump_stack_lvl+0x73/0xb0 [ 15.109798] print_report+0xd1/0x650 [ 15.109826] ? __virt_addr_valid+0x1db/0x2d0 [ 15.109850] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.109875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.109900] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.109927] kasan_report+0x141/0x180 [ 15.109951] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.109981] kasan_check_range+0x10c/0x1c0 [ 15.110006] __kasan_check_read+0x15/0x20 [ 15.110033] copy_user_test_oob+0x4aa/0x10f0 [ 15.110060] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.110083] ? finish_task_switch.isra.0+0x153/0x700 [ 15.110107] ? __switch_to+0x47/0xf50 [ 15.110133] ? __schedule+0x10cc/0x2b60 [ 15.110159] ? __pfx_read_tsc+0x10/0x10 [ 15.110182] ? ktime_get_ts64+0x86/0x230 [ 15.110208] kunit_try_run_case+0x1a5/0x480 [ 15.110231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.110251] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.110277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.110303] ? __kthread_parkme+0x82/0x180 [ 15.110325] ? preempt_count_sub+0x50/0x80 [ 15.110348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.110370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.110407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.110433] kthread+0x337/0x6f0 [ 15.110455] ? trace_preempt_on+0x20/0xc0 [ 15.110483] ? __pfx_kthread+0x10/0x10 [ 15.110505] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.110529] ? calculate_sigpending+0x7b/0xa0 [ 15.110555] ? __pfx_kthread+0x10/0x10 [ 15.110577] ret_from_fork+0x116/0x1d0 [ 15.110597] ? __pfx_kthread+0x10/0x10 [ 15.110618] ret_from_fork_asm+0x1a/0x30 [ 15.110650] </TASK> [ 15.110660] [ 15.121558] Allocated by task 303: [ 15.121925] kasan_save_stack+0x45/0x70 [ 15.122277] kasan_save_track+0x18/0x40 [ 15.122588] kasan_save_alloc_info+0x3b/0x50 [ 15.122892] __kasan_kmalloc+0xb7/0xc0 [ 15.123074] __kmalloc_noprof+0x1c9/0x500 [ 15.123253] kunit_kmalloc_array+0x25/0x60 [ 15.123456] copy_user_test_oob+0xab/0x10f0 [ 15.123663] kunit_try_run_case+0x1a5/0x480 [ 15.124284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.124542] kthread+0x337/0x6f0 [ 15.124885] ret_from_fork+0x116/0x1d0 [ 15.125171] ret_from_fork_asm+0x1a/0x30 [ 15.125494] [ 15.125781] The buggy address belongs to the object at ffff8881039b7800 [ 15.125781] which belongs to the cache kmalloc-128 of size 128 [ 15.126502] The buggy address is located 0 bytes inside of [ 15.126502] allocated 120-byte region [ffff8881039b7800, ffff8881039b7878) [ 15.126977] [ 15.127056] The buggy address belongs to the physical page: [ 15.127226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7 [ 15.127478] flags: 0x200000000000000(node=0|zone=2) [ 15.127638] page_type: f5(slab) [ 15.127757] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.127983] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.128203] page dumped because: kasan: bad access detected [ 15.128372] [ 15.128457] Memory state around the buggy address: [ 15.129122] ffff8881039b7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.129675] ffff8881039b7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.130142] >ffff8881039b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.130544] ^ [ 15.131128] ffff8881039b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.131479] ffff8881039b7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.131766] ================================================================== [ 15.083575] ================================================================== [ 15.084245] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.084502] Write of size 121 at addr ffff8881039b7800 by task kunit_try_catch/303 [ 15.084836] [ 15.085045] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 15.085093] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.085108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.085131] Call Trace: [ 15.085147] <TASK> [ 15.085164] dump_stack_lvl+0x73/0xb0 [ 15.085191] print_report+0xd1/0x650 [ 15.085216] ? __virt_addr_valid+0x1db/0x2d0 [ 15.085250] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.085274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.085297] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.085333] kasan_report+0x141/0x180 [ 15.085357] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.085395] kasan_check_range+0x10c/0x1c0 [ 15.085420] __kasan_check_write+0x18/0x20 [ 15.085441] copy_user_test_oob+0x3fd/0x10f0 [ 15.085467] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.085491] ? finish_task_switch.isra.0+0x153/0x700 [ 15.085514] ? __switch_to+0x47/0xf50 [ 15.085549] ? __schedule+0x10cc/0x2b60 [ 15.085574] ? __pfx_read_tsc+0x10/0x10 [ 15.085595] ? ktime_get_ts64+0x86/0x230 [ 15.085630] kunit_try_run_case+0x1a5/0x480 [ 15.085653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.085674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.085708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.085756] ? __kthread_parkme+0x82/0x180 [ 15.085777] ? preempt_count_sub+0x50/0x80 [ 15.085812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.085835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.085859] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.085884] kthread+0x337/0x6f0 [ 15.085905] ? trace_preempt_on+0x20/0xc0 [ 15.085929] ? __pfx_kthread+0x10/0x10 [ 15.085950] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.085973] ? calculate_sigpending+0x7b/0xa0 [ 15.085999] ? __pfx_kthread+0x10/0x10 [ 15.086021] ret_from_fork+0x116/0x1d0 [ 15.086051] ? __pfx_kthread+0x10/0x10 [ 15.086074] ret_from_fork_asm+0x1a/0x30 [ 15.086107] </TASK> [ 15.086119] [ 15.097213] Allocated by task 303: [ 15.097502] kasan_save_stack+0x45/0x70 [ 15.097699] kasan_save_track+0x18/0x40 [ 15.098036] kasan_save_alloc_info+0x3b/0x50 [ 15.098307] __kasan_kmalloc+0xb7/0xc0 [ 15.098466] __kmalloc_noprof+0x1c9/0x500 [ 15.098792] kunit_kmalloc_array+0x25/0x60 [ 15.099065] copy_user_test_oob+0xab/0x10f0 [ 15.099229] kunit_try_run_case+0x1a5/0x480 [ 15.099520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.099721] kthread+0x337/0x6f0 [ 15.099903] ret_from_fork+0x116/0x1d0 [ 15.100084] ret_from_fork_asm+0x1a/0x30 [ 15.100320] [ 15.100408] The buggy address belongs to the object at ffff8881039b7800 [ 15.100408] which belongs to the cache kmalloc-128 of size 128 [ 15.100949] The buggy address is located 0 bytes inside of [ 15.100949] allocated 120-byte region [ffff8881039b7800, ffff8881039b7878) [ 15.101480] [ 15.101572] The buggy address belongs to the physical page: [ 15.101871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7 [ 15.102343] flags: 0x200000000000000(node=0|zone=2) [ 15.102599] page_type: f5(slab) [ 15.102747] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.103100] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.103500] page dumped because: kasan: bad access detected [ 15.103765] [ 15.103849] Memory state around the buggy address: [ 15.104010] ffff8881039b7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.104387] ffff8881039b7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104689] >ffff8881039b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.105393] ^ [ 15.105897] ffff8881039b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.106297] ffff8881039b7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.106742] ================================================================== [ 15.132201] ================================================================== [ 15.132738] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.133330] Write of size 121 at addr ffff8881039b7800 by task kunit_try_catch/303 [ 15.133697] [ 15.133821] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 15.133867] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.133881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.133903] Call Trace: [ 15.133919] <TASK> [ 15.133935] dump_stack_lvl+0x73/0xb0 [ 15.133963] print_report+0xd1/0x650 [ 15.133987] ? __virt_addr_valid+0x1db/0x2d0 [ 15.134011] ? copy_user_test_oob+0x557/0x10f0 [ 15.134039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.134062] ? copy_user_test_oob+0x557/0x10f0 [ 15.134087] kasan_report+0x141/0x180 [ 15.134110] ? copy_user_test_oob+0x557/0x10f0 [ 15.134139] kasan_check_range+0x10c/0x1c0 [ 15.134164] __kasan_check_write+0x18/0x20 [ 15.134185] copy_user_test_oob+0x557/0x10f0 [ 15.134211] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.134236] ? finish_task_switch.isra.0+0x153/0x700 [ 15.134260] ? __switch_to+0x47/0xf50 [ 15.134286] ? __schedule+0x10cc/0x2b60 [ 15.134311] ? __pfx_read_tsc+0x10/0x10 [ 15.134332] ? ktime_get_ts64+0x86/0x230 [ 15.134358] kunit_try_run_case+0x1a5/0x480 [ 15.134392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.134413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.134438] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.134463] ? __kthread_parkme+0x82/0x180 [ 15.134484] ? preempt_count_sub+0x50/0x80 [ 15.134507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.134529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.134554] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.134579] kthread+0x337/0x6f0 [ 15.134599] ? trace_preempt_on+0x20/0xc0 [ 15.134624] ? __pfx_kthread+0x10/0x10 [ 15.134645] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.134669] ? calculate_sigpending+0x7b/0xa0 [ 15.134693] ? __pfx_kthread+0x10/0x10 [ 15.134729] ret_from_fork+0x116/0x1d0 [ 15.134749] ? __pfx_kthread+0x10/0x10 [ 15.134770] ret_from_fork_asm+0x1a/0x30 [ 15.135317] </TASK> [ 15.135332] [ 15.144811] Allocated by task 303: [ 15.145139] kasan_save_stack+0x45/0x70 [ 15.145307] kasan_save_track+0x18/0x40 [ 15.145519] kasan_save_alloc_info+0x3b/0x50 [ 15.145722] __kasan_kmalloc+0xb7/0xc0 [ 15.146194] __kmalloc_noprof+0x1c9/0x500 [ 15.146351] kunit_kmalloc_array+0x25/0x60 [ 15.146693] copy_user_test_oob+0xab/0x10f0 [ 15.147043] kunit_try_run_case+0x1a5/0x480 [ 15.147281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.147687] kthread+0x337/0x6f0 [ 15.147967] ret_from_fork+0x116/0x1d0 [ 15.148197] ret_from_fork_asm+0x1a/0x30 [ 15.148371] [ 15.148485] The buggy address belongs to the object at ffff8881039b7800 [ 15.148485] which belongs to the cache kmalloc-128 of size 128 [ 15.149196] The buggy address is located 0 bytes inside of [ 15.149196] allocated 120-byte region [ffff8881039b7800, ffff8881039b7878) [ 15.149821] [ 15.150160] The buggy address belongs to the physical page: [ 15.150415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7 [ 15.150924] flags: 0x200000000000000(node=0|zone=2) [ 15.151231] page_type: f5(slab) [ 15.151503] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.151910] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.152288] page dumped because: kasan: bad access detected [ 15.152622] [ 15.152714] Memory state around the buggy address: [ 15.153174] ffff8881039b7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.153505] ffff8881039b7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.153986] >ffff8881039b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.154369] ^ [ 15.154786] ffff8881039b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.155134] ffff8881039b7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.155502] ==================================================================