Date
May 29, 2025, 7:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.080959] ================================================================== [ 26.081145] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 26.081304] Write of size 121 at addr fff00000c7883300 by task kunit_try_catch/285 [ 26.081463] [ 26.081552] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 26.082059] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.082135] Hardware name: linux,dummy-virt (DT) [ 26.082502] Call trace: [ 26.082678] show_stack+0x20/0x38 (C) [ 26.082854] dump_stack_lvl+0x8c/0xd0 [ 26.083160] print_report+0x118/0x608 [ 26.083483] kasan_report+0xdc/0x128 [ 26.083692] kasan_check_range+0x100/0x1a8 [ 26.083968] __kasan_check_write+0x20/0x30 [ 26.084192] copy_user_test_oob+0x434/0xec8 [ 26.084532] kunit_try_run_case+0x170/0x3f0 [ 26.084728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.084829] kthread+0x328/0x630 [ 26.084927] ret_from_fork+0x10/0x20 [ 26.085102] [ 26.085191] Allocated by task 285: [ 26.085283] kasan_save_stack+0x3c/0x68 [ 26.085387] kasan_save_track+0x20/0x40 [ 26.085500] kasan_save_alloc_info+0x40/0x58 [ 26.085634] __kasan_kmalloc+0xd4/0xd8 [ 26.085729] __kmalloc_noprof+0x190/0x4d0 [ 26.085844] kunit_kmalloc_array+0x34/0x88 [ 26.085941] copy_user_test_oob+0xac/0xec8 [ 26.086053] kunit_try_run_case+0x170/0x3f0 [ 26.086146] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.086290] kthread+0x328/0x630 [ 26.086915] ret_from_fork+0x10/0x20 [ 26.087602] [ 26.087719] The buggy address belongs to the object at fff00000c7883300 [ 26.087719] which belongs to the cache kmalloc-128 of size 128 [ 26.087910] The buggy address is located 0 bytes inside of [ 26.087910] allocated 120-byte region [fff00000c7883300, fff00000c7883378) [ 26.088054] [ 26.088101] The buggy address belongs to the physical page: [ 26.088326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107883 [ 26.088490] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.088617] page_type: f5(slab) [ 26.088721] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.089946] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.090108] page dumped because: kasan: bad access detected [ 26.090199] [ 26.090250] Memory state around the buggy address: [ 26.090374] fff00000c7883200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.090503] fff00000c7883280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.091022] >fff00000c7883300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.091189] ^ [ 26.091309] fff00000c7883380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.091476] fff00000c7883400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.091770] ================================================================== [ 26.093652] ================================================================== [ 26.093856] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 26.094041] Read of size 121 at addr fff00000c7883300 by task kunit_try_catch/285 [ 26.094235] [ 26.094326] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 26.094547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.095084] Hardware name: linux,dummy-virt (DT) [ 26.095189] Call trace: [ 26.095480] show_stack+0x20/0x38 (C) [ 26.095719] dump_stack_lvl+0x8c/0xd0 [ 26.096019] print_report+0x118/0x608 [ 26.096204] kasan_report+0xdc/0x128 [ 26.096338] kasan_check_range+0x100/0x1a8 [ 26.096530] __kasan_check_read+0x20/0x30 [ 26.096710] copy_user_test_oob+0x4a0/0xec8 [ 26.096844] kunit_try_run_case+0x170/0x3f0 [ 26.096980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.097165] kthread+0x328/0x630 [ 26.097321] ret_from_fork+0x10/0x20 [ 26.097455] [ 26.097506] Allocated by task 285: [ 26.097615] kasan_save_stack+0x3c/0x68 [ 26.097738] kasan_save_track+0x20/0x40 [ 26.097985] kasan_save_alloc_info+0x40/0x58 [ 26.098231] __kasan_kmalloc+0xd4/0xd8 [ 26.098492] __kmalloc_noprof+0x190/0x4d0 [ 26.098918] kunit_kmalloc_array+0x34/0x88 [ 26.099120] copy_user_test_oob+0xac/0xec8 [ 26.099282] kunit_try_run_case+0x170/0x3f0 [ 26.099376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.099493] kthread+0x328/0x630 [ 26.099607] ret_from_fork+0x10/0x20 [ 26.099699] [ 26.099755] The buggy address belongs to the object at fff00000c7883300 [ 26.099755] which belongs to the cache kmalloc-128 of size 128 [ 26.099902] The buggy address is located 0 bytes inside of [ 26.099902] allocated 120-byte region [fff00000c7883300, fff00000c7883378) [ 26.100362] [ 26.100468] The buggy address belongs to the physical page: [ 26.100575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107883 [ 26.100765] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.101107] page_type: f5(slab) [ 26.101220] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.101357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.101477] page dumped because: kasan: bad access detected [ 26.101587] [ 26.101638] Memory state around the buggy address: [ 26.101722] fff00000c7883200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.101839] fff00000c7883280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.102126] >fff00000c7883300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.102290] ^ [ 26.102489] fff00000c7883380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.102613] fff00000c7883400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.102983] ================================================================== [ 26.013878] ================================================================== [ 26.014057] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 26.014220] Read of size 121 at addr fff00000c7883300 by task kunit_try_catch/285 [ 26.014349] [ 26.015072] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 26.015375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.015475] Hardware name: linux,dummy-virt (DT) [ 26.015558] Call trace: [ 26.015669] show_stack+0x20/0x38 (C) [ 26.015951] dump_stack_lvl+0x8c/0xd0 [ 26.016183] print_report+0x118/0x608 [ 26.016701] kasan_report+0xdc/0x128 [ 26.016960] kasan_check_range+0x100/0x1a8 [ 26.017285] __kasan_check_read+0x20/0x30 [ 26.017725] copy_user_test_oob+0x728/0xec8 [ 26.017948] kunit_try_run_case+0x170/0x3f0 [ 26.018138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.018554] kthread+0x328/0x630 [ 26.018723] ret_from_fork+0x10/0x20 [ 26.019002] [ 26.019067] Allocated by task 285: [ 26.019152] kasan_save_stack+0x3c/0x68 [ 26.019250] kasan_save_track+0x20/0x40 [ 26.019340] kasan_save_alloc_info+0x40/0x58 [ 26.019769] __kasan_kmalloc+0xd4/0xd8 [ 26.019997] __kmalloc_noprof+0x190/0x4d0 [ 26.020120] kunit_kmalloc_array+0x34/0x88 [ 26.020491] copy_user_test_oob+0xac/0xec8 [ 26.020583] kunit_try_run_case+0x170/0x3f0 [ 26.020682] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.021040] kthread+0x328/0x630 [ 26.021252] ret_from_fork+0x10/0x20 [ 26.021580] [ 26.021642] The buggy address belongs to the object at fff00000c7883300 [ 26.021642] which belongs to the cache kmalloc-128 of size 128 [ 26.021810] The buggy address is located 0 bytes inside of [ 26.021810] allocated 120-byte region [fff00000c7883300, fff00000c7883378) [ 26.021973] [ 26.022034] The buggy address belongs to the physical page: [ 26.022295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107883 [ 26.022468] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.022667] page_type: f5(slab) [ 26.022932] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.023065] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.023419] page dumped because: kasan: bad access detected [ 26.023520] [ 26.023583] Memory state around the buggy address: [ 26.023804] fff00000c7883200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.023934] fff00000c7883280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.024271] >fff00000c7883300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.024374] ^ [ 26.024569] fff00000c7883380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.024809] fff00000c7883400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.024944] ================================================================== [ 26.064869] ================================================================== [ 26.064998] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 26.065120] Read of size 121 at addr fff00000c7883300 by task kunit_try_catch/285 [ 26.065250] [ 26.065340] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 26.066389] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.066545] Hardware name: linux,dummy-virt (DT) [ 26.066682] Call trace: [ 26.066775] show_stack+0x20/0x38 (C) [ 26.067024] dump_stack_lvl+0x8c/0xd0 [ 26.067505] print_report+0x118/0x608 [ 26.067977] kasan_report+0xdc/0x128 [ 26.068236] kasan_check_range+0x100/0x1a8 [ 26.068513] __kasan_check_read+0x20/0x30 [ 26.068879] copy_user_test_oob+0x3c8/0xec8 [ 26.069187] kunit_try_run_case+0x170/0x3f0 [ 26.069389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.069519] kthread+0x328/0x630 [ 26.069907] ret_from_fork+0x10/0x20 [ 26.070209] [ 26.070332] Allocated by task 285: [ 26.070690] kasan_save_stack+0x3c/0x68 [ 26.070851] kasan_save_track+0x20/0x40 [ 26.070946] kasan_save_alloc_info+0x40/0x58 [ 26.071036] __kasan_kmalloc+0xd4/0xd8 [ 26.071269] __kmalloc_noprof+0x190/0x4d0 [ 26.071507] kunit_kmalloc_array+0x34/0x88 [ 26.072078] copy_user_test_oob+0xac/0xec8 [ 26.072350] kunit_try_run_case+0x170/0x3f0 [ 26.072582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.072697] kthread+0x328/0x630 [ 26.072780] ret_from_fork+0x10/0x20 [ 26.072874] [ 26.073601] The buggy address belongs to the object at fff00000c7883300 [ 26.073601] which belongs to the cache kmalloc-128 of size 128 [ 26.073843] The buggy address is located 0 bytes inside of [ 26.073843] allocated 120-byte region [fff00000c7883300, fff00000c7883378) [ 26.074554] [ 26.074637] The buggy address belongs to the physical page: [ 26.074958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107883 [ 26.075436] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.075553] page_type: f5(slab) [ 26.075638] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.075761] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.075862] page dumped because: kasan: bad access detected [ 26.076656] [ 26.076789] Memory state around the buggy address: [ 26.076979] fff00000c7883200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.077264] fff00000c7883280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.077394] >fff00000c7883300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.077668] ^ [ 26.078103] fff00000c7883380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.078365] fff00000c7883400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.078482] ================================================================== [ 25.977699] ================================================================== [ 25.977954] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 25.978138] Write of size 121 at addr fff00000c7883300 by task kunit_try_catch/285 [ 25.978270] [ 25.978376] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 25.978635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.978722] Hardware name: linux,dummy-virt (DT) [ 25.979231] Call trace: [ 25.979424] show_stack+0x20/0x38 (C) [ 25.979593] dump_stack_lvl+0x8c/0xd0 [ 25.979874] print_report+0x118/0x608 [ 25.980102] kasan_report+0xdc/0x128 [ 25.980657] kasan_check_range+0x100/0x1a8 [ 25.980847] __kasan_check_write+0x20/0x30 [ 25.981063] copy_user_test_oob+0x234/0xec8 [ 25.981219] kunit_try_run_case+0x170/0x3f0 [ 25.981346] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.981922] kthread+0x328/0x630 [ 25.982167] ret_from_fork+0x10/0x20 [ 25.982537] [ 25.982595] Allocated by task 285: [ 25.982667] kasan_save_stack+0x3c/0x68 [ 25.982760] kasan_save_track+0x20/0x40 [ 25.982872] kasan_save_alloc_info+0x40/0x58 [ 25.983266] __kasan_kmalloc+0xd4/0xd8 [ 25.983883] __kmalloc_noprof+0x190/0x4d0 [ 25.984112] kunit_kmalloc_array+0x34/0x88 [ 25.984432] copy_user_test_oob+0xac/0xec8 [ 25.984508] kunit_try_run_case+0x170/0x3f0 [ 25.984557] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.984614] kthread+0x328/0x630 [ 25.984686] ret_from_fork+0x10/0x20 [ 25.984817] [ 25.984885] The buggy address belongs to the object at fff00000c7883300 [ 25.984885] which belongs to the cache kmalloc-128 of size 128 [ 25.985037] The buggy address is located 0 bytes inside of [ 25.985037] allocated 120-byte region [fff00000c7883300, fff00000c7883378) [ 25.985205] [ 25.985292] The buggy address belongs to the physical page: [ 25.985436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107883 [ 25.985644] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.985778] page_type: f5(slab) [ 25.985885] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.986013] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.986124] page dumped because: kasan: bad access detected [ 25.986214] [ 25.986273] Memory state around the buggy address: [ 25.986425] fff00000c7883200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.986539] fff00000c7883280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.986701] >fff00000c7883300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.986947] ^ [ 25.987273] fff00000c7883380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.987517] fff00000c7883400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.987610] ================================================================== [ 26.049309] ================================================================== [ 26.050657] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 26.050940] Write of size 121 at addr fff00000c7883300 by task kunit_try_catch/285 [ 26.051154] [ 26.051460] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 26.051861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.052448] Hardware name: linux,dummy-virt (DT) [ 26.052679] Call trace: [ 26.052780] show_stack+0x20/0x38 (C) [ 26.052995] dump_stack_lvl+0x8c/0xd0 [ 26.053223] print_report+0x118/0x608 [ 26.053461] kasan_report+0xdc/0x128 [ 26.053657] kasan_check_range+0x100/0x1a8 [ 26.054201] __kasan_check_write+0x20/0x30 [ 26.054456] copy_user_test_oob+0x35c/0xec8 [ 26.054802] kunit_try_run_case+0x170/0x3f0 [ 26.055002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.055220] kthread+0x328/0x630 [ 26.055448] ret_from_fork+0x10/0x20 [ 26.055648] [ 26.055708] Allocated by task 285: [ 26.055898] kasan_save_stack+0x3c/0x68 [ 26.056189] kasan_save_track+0x20/0x40 [ 26.056683] kasan_save_alloc_info+0x40/0x58 [ 26.056893] __kasan_kmalloc+0xd4/0xd8 [ 26.057071] __kmalloc_noprof+0x190/0x4d0 [ 26.057173] kunit_kmalloc_array+0x34/0x88 [ 26.057576] copy_user_test_oob+0xac/0xec8 [ 26.057779] kunit_try_run_case+0x170/0x3f0 [ 26.058291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.058491] kthread+0x328/0x630 [ 26.058578] ret_from_fork+0x10/0x20 [ 26.058662] [ 26.058707] The buggy address belongs to the object at fff00000c7883300 [ 26.058707] which belongs to the cache kmalloc-128 of size 128 [ 26.058872] The buggy address is located 0 bytes inside of [ 26.058872] allocated 120-byte region [fff00000c7883300, fff00000c7883378) [ 26.059040] [ 26.059097] The buggy address belongs to the physical page: [ 26.059192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107883 [ 26.059327] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.059477] page_type: f5(slab) [ 26.059582] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.060335] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.060464] page dumped because: kasan: bad access detected [ 26.060636] [ 26.060793] Memory state around the buggy address: [ 26.061016] fff00000c7883200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.061503] fff00000c7883280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.062040] >fff00000c7883300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.062279] ^ [ 26.062506] fff00000c7883380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.062619] fff00000c7883400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.062705] ==================================================================
[ 14.928343] ================================================================== [ 14.929190] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 14.929508] Write of size 121 at addr ffff888102f96900 by task kunit_try_catch/302 [ 14.929987] [ 14.930084] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 14.930278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.930296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.930321] Call Trace: [ 14.930337] <TASK> [ 14.930354] dump_stack_lvl+0x73/0xb0 [ 14.930382] print_report+0xd1/0x650 [ 14.930406] ? __virt_addr_valid+0x1db/0x2d0 [ 14.930429] ? copy_user_test_oob+0x557/0x10f0 [ 14.930450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.930475] ? copy_user_test_oob+0x557/0x10f0 [ 14.930496] kasan_report+0x141/0x180 [ 14.930520] ? copy_user_test_oob+0x557/0x10f0 [ 14.930552] kasan_check_range+0x10c/0x1c0 [ 14.930577] __kasan_check_write+0x18/0x20 [ 14.930599] copy_user_test_oob+0x557/0x10f0 [ 14.930634] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.930654] ? finish_task_switch.isra.0+0x153/0x700 [ 14.930678] ? __switch_to+0x47/0xf50 [ 14.930703] ? __schedule+0x10cc/0x2b60 [ 14.930727] ? __pfx_read_tsc+0x10/0x10 [ 14.930749] ? ktime_get_ts64+0x86/0x230 [ 14.930774] kunit_try_run_case+0x1a5/0x480 [ 14.930797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.930818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.930844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.930871] ? __kthread_parkme+0x82/0x180 [ 14.930891] ? preempt_count_sub+0x50/0x80 [ 14.930916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.930939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.930965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.930993] kthread+0x337/0x6f0 [ 14.931014] ? trace_preempt_on+0x20/0xc0 [ 14.931036] ? __pfx_kthread+0x10/0x10 [ 14.931059] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.931082] ? calculate_sigpending+0x7b/0xa0 [ 14.931107] ? __pfx_kthread+0x10/0x10 [ 14.931131] ret_from_fork+0x116/0x1d0 [ 14.931150] ? __pfx_kthread+0x10/0x10 [ 14.931173] ret_from_fork_asm+0x1a/0x30 [ 14.931204] </TASK> [ 14.931216] [ 14.940930] Allocated by task 302: [ 14.941176] kasan_save_stack+0x45/0x70 [ 14.941489] kasan_save_track+0x18/0x40 [ 14.941785] kasan_save_alloc_info+0x3b/0x50 [ 14.941989] __kasan_kmalloc+0xb7/0xc0 [ 14.942172] __kmalloc_noprof+0x1c9/0x500 [ 14.942371] kunit_kmalloc_array+0x25/0x60 [ 14.942583] copy_user_test_oob+0xab/0x10f0 [ 14.942766] kunit_try_run_case+0x1a5/0x480 [ 14.943404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.943653] kthread+0x337/0x6f0 [ 14.943822] ret_from_fork+0x116/0x1d0 [ 14.944164] ret_from_fork_asm+0x1a/0x30 [ 14.944435] [ 14.944529] The buggy address belongs to the object at ffff888102f96900 [ 14.944529] which belongs to the cache kmalloc-128 of size 128 [ 14.945214] The buggy address is located 0 bytes inside of [ 14.945214] allocated 120-byte region [ffff888102f96900, ffff888102f96978) [ 14.945875] [ 14.946049] The buggy address belongs to the physical page: [ 14.946394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f96 [ 14.946829] flags: 0x200000000000000(node=0|zone=2) [ 14.947140] page_type: f5(slab) [ 14.947300] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.947653] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.948108] page dumped because: kasan: bad access detected [ 14.948427] [ 14.948507] Memory state around the buggy address: [ 14.948751] ffff888102f96800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.949225] ffff888102f96880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.949547] >ffff888102f96900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.950036] ^ [ 14.950347] ffff888102f96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.950734] ffff888102f96a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.951161] ================================================================== [ 14.905258] ================================================================== [ 14.905798] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 14.906222] Read of size 121 at addr ffff888102f96900 by task kunit_try_catch/302 [ 14.906630] [ 14.906754] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 14.906871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.906888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.906966] Call Trace: [ 14.906984] <TASK> [ 14.907000] dump_stack_lvl+0x73/0xb0 [ 14.907029] print_report+0xd1/0x650 [ 14.907053] ? __virt_addr_valid+0x1db/0x2d0 [ 14.907077] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.907099] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.907123] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.907145] kasan_report+0x141/0x180 [ 14.907168] ? copy_user_test_oob+0x4aa/0x10f0 [ 14.907195] kasan_check_range+0x10c/0x1c0 [ 14.907220] __kasan_check_read+0x15/0x20 [ 14.907242] copy_user_test_oob+0x4aa/0x10f0 [ 14.907365] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.907387] ? finish_task_switch.isra.0+0x153/0x700 [ 14.907412] ? __switch_to+0x47/0xf50 [ 14.907438] ? __schedule+0x10cc/0x2b60 [ 14.907462] ? __pfx_read_tsc+0x10/0x10 [ 14.907484] ? ktime_get_ts64+0x86/0x230 [ 14.907510] kunit_try_run_case+0x1a5/0x480 [ 14.907532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.907553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.907578] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.907604] ? __kthread_parkme+0x82/0x180 [ 14.907637] ? preempt_count_sub+0x50/0x80 [ 14.907661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.907683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.907708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.907735] kthread+0x337/0x6f0 [ 14.907755] ? trace_preempt_on+0x20/0xc0 [ 14.907792] ? __pfx_kthread+0x10/0x10 [ 14.907814] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.907837] ? calculate_sigpending+0x7b/0xa0 [ 14.907862] ? __pfx_kthread+0x10/0x10 [ 14.907884] ret_from_fork+0x116/0x1d0 [ 14.907905] ? __pfx_kthread+0x10/0x10 [ 14.907927] ret_from_fork_asm+0x1a/0x30 [ 14.907957] </TASK> [ 14.907969] [ 14.917558] Allocated by task 302: [ 14.917885] kasan_save_stack+0x45/0x70 [ 14.918089] kasan_save_track+0x18/0x40 [ 14.918272] kasan_save_alloc_info+0x3b/0x50 [ 14.918482] __kasan_kmalloc+0xb7/0xc0 [ 14.918682] __kmalloc_noprof+0x1c9/0x500 [ 14.919110] kunit_kmalloc_array+0x25/0x60 [ 14.919295] copy_user_test_oob+0xab/0x10f0 [ 14.919507] kunit_try_run_case+0x1a5/0x480 [ 14.919880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.920193] kthread+0x337/0x6f0 [ 14.920413] ret_from_fork+0x116/0x1d0 [ 14.920680] ret_from_fork_asm+0x1a/0x30 [ 14.920849] [ 14.920958] The buggy address belongs to the object at ffff888102f96900 [ 14.920958] which belongs to the cache kmalloc-128 of size 128 [ 14.921679] The buggy address is located 0 bytes inside of [ 14.921679] allocated 120-byte region [ffff888102f96900, ffff888102f96978) [ 14.922269] [ 14.922362] The buggy address belongs to the physical page: [ 14.922604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f96 [ 14.923158] flags: 0x200000000000000(node=0|zone=2) [ 14.923455] page_type: f5(slab) [ 14.923711] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.924158] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.924545] page dumped because: kasan: bad access detected [ 14.924875] [ 14.924982] Memory state around the buggy address: [ 14.925311] ffff888102f96800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.925679] ffff888102f96880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.926044] >ffff888102f96900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.926346] ^ [ 14.926665] ffff888102f96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.927242] ffff888102f96a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.927629] ================================================================== [ 14.951681] ================================================================== [ 14.952056] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 14.952928] Read of size 121 at addr ffff888102f96900 by task kunit_try_catch/302 [ 14.953372] [ 14.953489] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 14.953670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.953686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.953709] Call Trace: [ 14.953726] <TASK> [ 14.953743] dump_stack_lvl+0x73/0xb0 [ 14.953782] print_report+0xd1/0x650 [ 14.953806] ? __virt_addr_valid+0x1db/0x2d0 [ 14.953830] ? copy_user_test_oob+0x604/0x10f0 [ 14.953851] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.953875] ? copy_user_test_oob+0x604/0x10f0 [ 14.953897] kasan_report+0x141/0x180 [ 14.953922] ? copy_user_test_oob+0x604/0x10f0 [ 14.953949] kasan_check_range+0x10c/0x1c0 [ 14.953974] __kasan_check_read+0x15/0x20 [ 14.953996] copy_user_test_oob+0x604/0x10f0 [ 14.954019] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.954040] ? finish_task_switch.isra.0+0x153/0x700 [ 14.954063] ? __switch_to+0x47/0xf50 [ 14.954089] ? __schedule+0x10cc/0x2b60 [ 14.954114] ? __pfx_read_tsc+0x10/0x10 [ 14.954136] ? ktime_get_ts64+0x86/0x230 [ 14.954162] kunit_try_run_case+0x1a5/0x480 [ 14.954184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.954206] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.954231] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.954257] ? __kthread_parkme+0x82/0x180 [ 14.954279] ? preempt_count_sub+0x50/0x80 [ 14.954302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.954325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.954351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.954377] kthread+0x337/0x6f0 [ 14.954397] ? trace_preempt_on+0x20/0xc0 [ 14.954421] ? __pfx_kthread+0x10/0x10 [ 14.954443] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.954467] ? calculate_sigpending+0x7b/0xa0 [ 14.954492] ? __pfx_kthread+0x10/0x10 [ 14.954515] ret_from_fork+0x116/0x1d0 [ 14.954540] ? __pfx_kthread+0x10/0x10 [ 14.954563] ret_from_fork_asm+0x1a/0x30 [ 14.954596] </TASK> [ 14.954630] [ 14.964736] Allocated by task 302: [ 14.965037] kasan_save_stack+0x45/0x70 [ 14.965238] kasan_save_track+0x18/0x40 [ 14.965428] kasan_save_alloc_info+0x3b/0x50 [ 14.965644] __kasan_kmalloc+0xb7/0xc0 [ 14.965839] __kmalloc_noprof+0x1c9/0x500 [ 14.966330] kunit_kmalloc_array+0x25/0x60 [ 14.966503] copy_user_test_oob+0xab/0x10f0 [ 14.966825] kunit_try_run_case+0x1a5/0x480 [ 14.967161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.967443] kthread+0x337/0x6f0 [ 14.967685] ret_from_fork+0x116/0x1d0 [ 14.967986] ret_from_fork_asm+0x1a/0x30 [ 14.968143] [ 14.968247] The buggy address belongs to the object at ffff888102f96900 [ 14.968247] which belongs to the cache kmalloc-128 of size 128 [ 14.969017] The buggy address is located 0 bytes inside of [ 14.969017] allocated 120-byte region [ffff888102f96900, ffff888102f96978) [ 14.969583] [ 14.969696] The buggy address belongs to the physical page: [ 14.970116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f96 [ 14.970554] flags: 0x200000000000000(node=0|zone=2) [ 14.970795] page_type: f5(slab) [ 14.971105] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.971441] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.971931] page dumped because: kasan: bad access detected [ 14.972162] [ 14.972376] Memory state around the buggy address: [ 14.972566] ffff888102f96800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.973106] ffff888102f96880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.973488] >ffff888102f96900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.973884] ^ [ 14.974176] ffff888102f96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.974490] ffff888102f96a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.974809] ================================================================== [ 14.882012] ================================================================== [ 14.882357] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 14.882877] Write of size 121 at addr ffff888102f96900 by task kunit_try_catch/302 [ 14.883457] [ 14.883563] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 14.883625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.883641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.883664] Call Trace: [ 14.883679] <TASK> [ 14.883696] dump_stack_lvl+0x73/0xb0 [ 14.883724] print_report+0xd1/0x650 [ 14.883747] ? __virt_addr_valid+0x1db/0x2d0 [ 14.883771] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.883914] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.883939] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.883961] kasan_report+0x141/0x180 [ 14.883985] ? copy_user_test_oob+0x3fd/0x10f0 [ 14.884010] kasan_check_range+0x10c/0x1c0 [ 14.884036] __kasan_check_write+0x18/0x20 [ 14.884058] copy_user_test_oob+0x3fd/0x10f0 [ 14.884082] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.884101] ? finish_task_switch.isra.0+0x153/0x700 [ 14.884125] ? __switch_to+0x47/0xf50 [ 14.884151] ? __schedule+0x10cc/0x2b60 [ 14.884175] ? __pfx_read_tsc+0x10/0x10 [ 14.884196] ? ktime_get_ts64+0x86/0x230 [ 14.884223] kunit_try_run_case+0x1a5/0x480 [ 14.884245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.884266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.884291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.884317] ? __kthread_parkme+0x82/0x180 [ 14.884338] ? preempt_count_sub+0x50/0x80 [ 14.884362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.884384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.884409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.884435] kthread+0x337/0x6f0 [ 14.884456] ? trace_preempt_on+0x20/0xc0 [ 14.884479] ? __pfx_kthread+0x10/0x10 [ 14.884500] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.884524] ? calculate_sigpending+0x7b/0xa0 [ 14.884549] ? __pfx_kthread+0x10/0x10 [ 14.884571] ret_from_fork+0x116/0x1d0 [ 14.884591] ? __pfx_kthread+0x10/0x10 [ 14.884626] ret_from_fork_asm+0x1a/0x30 [ 14.884657] </TASK> [ 14.884669] [ 14.894164] Allocated by task 302: [ 14.894359] kasan_save_stack+0x45/0x70 [ 14.894557] kasan_save_track+0x18/0x40 [ 14.894774] kasan_save_alloc_info+0x3b/0x50 [ 14.895279] __kasan_kmalloc+0xb7/0xc0 [ 14.895544] __kmalloc_noprof+0x1c9/0x500 [ 14.895721] kunit_kmalloc_array+0x25/0x60 [ 14.896101] copy_user_test_oob+0xab/0x10f0 [ 14.896272] kunit_try_run_case+0x1a5/0x480 [ 14.896604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.896975] kthread+0x337/0x6f0 [ 14.897157] ret_from_fork+0x116/0x1d0 [ 14.897332] ret_from_fork_asm+0x1a/0x30 [ 14.897516] [ 14.897606] The buggy address belongs to the object at ffff888102f96900 [ 14.897606] which belongs to the cache kmalloc-128 of size 128 [ 14.898419] The buggy address is located 0 bytes inside of [ 14.898419] allocated 120-byte region [ffff888102f96900, ffff888102f96978) [ 14.899116] [ 14.899346] The buggy address belongs to the physical page: [ 14.899632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f96 [ 14.900066] flags: 0x200000000000000(node=0|zone=2) [ 14.900398] page_type: f5(slab) [ 14.900579] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.901058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.901440] page dumped because: kasan: bad access detected [ 14.901692] [ 14.901777] Memory state around the buggy address: [ 14.902109] ffff888102f96800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.902421] ffff888102f96880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.902735] >ffff888102f96900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.903287] ^ [ 14.903659] ffff888102f96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.904114] ffff888102f96a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.904469] ==================================================================