Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 64.770442] ================================================================== [ 64.782756] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 64.789783] Write of size 121 at addr ffff000800da9800 by task kunit_try_catch/329 [ 64.797333] [ 64.798820] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 64.798875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.798896] Hardware name: WinLink E850-96 board (DT) [ 64.798918] Call trace: [ 64.798932] show_stack+0x20/0x38 (C) [ 64.798970] dump_stack_lvl+0x8c/0xd0 [ 64.799009] print_report+0x118/0x608 [ 64.799048] kasan_report+0xdc/0x128 [ 64.799082] kasan_check_range+0x100/0x1a8 [ 64.799121] __kasan_check_write+0x20/0x30 [ 64.799152] copy_user_test_oob+0x234/0xec8 [ 64.799187] kunit_try_run_case+0x170/0x3f0 [ 64.799230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.799273] kthread+0x328/0x630 [ 64.799303] ret_from_fork+0x10/0x20 [ 64.799341] [ 64.865909] Allocated by task 329: [ 64.869296] kasan_save_stack+0x3c/0x68 [ 64.873113] kasan_save_track+0x20/0x40 [ 64.876932] kasan_save_alloc_info+0x40/0x58 [ 64.881186] __kasan_kmalloc+0xd4/0xd8 [ 64.884918] __kmalloc_noprof+0x190/0x4d0 [ 64.888911] kunit_kmalloc_array+0x34/0x88 [ 64.892992] copy_user_test_oob+0xac/0xec8 [ 64.897071] kunit_try_run_case+0x170/0x3f0 [ 64.901237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.906706] kthread+0x328/0x630 [ 64.909918] ret_from_fork+0x10/0x20 [ 64.913477] [ 64.914955] The buggy address belongs to the object at ffff000800da9800 [ 64.914955] which belongs to the cache kmalloc-128 of size 128 [ 64.927456] The buggy address is located 0 bytes inside of [ 64.927456] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 64.939865] [ 64.941344] The buggy address belongs to the physical page: [ 64.946901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 64.954886] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.962525] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.969467] page_type: f5(slab) [ 64.972604] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.980323] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.988050] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.995860] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.003673] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 65.011485] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.019291] page dumped because: kasan: bad access detected [ 65.024848] [ 65.026322] Memory state around the buggy address: [ 65.031104] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.038305] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.045512] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.052711] ^ [ 65.059832] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.067037] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.074239] ================================================================== [ 66.304907] ================================================================== [ 66.311896] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 66.318926] Read of size 121 at addr ffff000800da9800 by task kunit_try_catch/329 [ 66.326389] [ 66.327872] CPU: 2 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 66.327924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.327941] Hardware name: WinLink E850-96 board (DT) [ 66.327963] Call trace: [ 66.327978] show_stack+0x20/0x38 (C) [ 66.328014] dump_stack_lvl+0x8c/0xd0 [ 66.328052] print_report+0x118/0x608 [ 66.328088] kasan_report+0xdc/0x128 [ 66.328120] kasan_check_range+0x100/0x1a8 [ 66.328154] __kasan_check_read+0x20/0x30 [ 66.328184] copy_user_test_oob+0x4a0/0xec8 [ 66.328219] kunit_try_run_case+0x170/0x3f0 [ 66.328255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.328297] kthread+0x328/0x630 [ 66.328324] ret_from_fork+0x10/0x20 [ 66.328359] [ 66.394878] Allocated by task 329: [ 66.398264] kasan_save_stack+0x3c/0x68 [ 66.402083] kasan_save_track+0x20/0x40 [ 66.405902] kasan_save_alloc_info+0x40/0x58 [ 66.410156] __kasan_kmalloc+0xd4/0xd8 [ 66.413888] __kmalloc_noprof+0x190/0x4d0 [ 66.417881] kunit_kmalloc_array+0x34/0x88 [ 66.421961] copy_user_test_oob+0xac/0xec8 [ 66.426041] kunit_try_run_case+0x170/0x3f0 [ 66.430208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.435676] kthread+0x328/0x630 [ 66.438888] ret_from_fork+0x10/0x20 [ 66.442447] [ 66.443923] The buggy address belongs to the object at ffff000800da9800 [ 66.443923] which belongs to the cache kmalloc-128 of size 128 [ 66.456424] The buggy address is located 0 bytes inside of [ 66.456424] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 66.468835] [ 66.470313] The buggy address belongs to the physical page: [ 66.475869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 66.483853] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.491492] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.498437] page_type: f5(slab) [ 66.501570] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.509293] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.517019] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.524831] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.532643] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 66.540455] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.548261] page dumped because: kasan: bad access detected [ 66.553818] [ 66.555292] Memory state around the buggy address: [ 66.560074] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.567275] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.574480] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.581681] ^ [ 66.588803] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.596007] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.603209] ================================================================== [ 65.999186] ================================================================== [ 66.006001] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 66.013027] Write of size 121 at addr ffff000800da9800 by task kunit_try_catch/329 [ 66.020578] [ 66.022064] CPU: 2 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 66.022115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.022133] Hardware name: WinLink E850-96 board (DT) [ 66.022153] Call trace: [ 66.022168] show_stack+0x20/0x38 (C) [ 66.022206] dump_stack_lvl+0x8c/0xd0 [ 66.022244] print_report+0x118/0x608 [ 66.022280] kasan_report+0xdc/0x128 [ 66.022312] kasan_check_range+0x100/0x1a8 [ 66.022347] __kasan_check_write+0x20/0x30 [ 66.022376] copy_user_test_oob+0x434/0xec8 [ 66.022409] kunit_try_run_case+0x170/0x3f0 [ 66.022444] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.022485] kthread+0x328/0x630 [ 66.022513] ret_from_fork+0x10/0x20 [ 66.022547] [ 66.089154] Allocated by task 329: [ 66.092539] kasan_save_stack+0x3c/0x68 [ 66.096358] kasan_save_track+0x20/0x40 [ 66.100178] kasan_save_alloc_info+0x40/0x58 [ 66.104431] __kasan_kmalloc+0xd4/0xd8 [ 66.108164] __kmalloc_noprof+0x190/0x4d0 [ 66.112157] kunit_kmalloc_array+0x34/0x88 [ 66.116237] copy_user_test_oob+0xac/0xec8 [ 66.120316] kunit_try_run_case+0x170/0x3f0 [ 66.124483] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.129952] kthread+0x328/0x630 [ 66.133163] ret_from_fork+0x10/0x20 [ 66.136723] [ 66.138200] The buggy address belongs to the object at ffff000800da9800 [ 66.138200] which belongs to the cache kmalloc-128 of size 128 [ 66.150700] The buggy address is located 0 bytes inside of [ 66.150700] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 66.163111] [ 66.164590] The buggy address belongs to the physical page: [ 66.170146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 66.178131] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.185770] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.192713] page_type: f5(slab) [ 66.195846] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.203568] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.211294] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.219106] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.226919] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 66.234731] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.242537] page dumped because: kasan: bad access detected [ 66.248094] [ 66.249568] Memory state around the buggy address: [ 66.254348] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.261551] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.268755] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.275957] ^ [ 66.283078] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.290283] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.297484] ================================================================== [ 65.081656] ================================================================== [ 65.088652] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 65.095679] Read of size 121 at addr ffff000800da9800 by task kunit_try_catch/329 [ 65.103144] [ 65.104629] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 65.104688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.104708] Hardware name: WinLink E850-96 board (DT) [ 65.104729] Call trace: [ 65.104743] show_stack+0x20/0x38 (C) [ 65.104776] dump_stack_lvl+0x8c/0xd0 [ 65.104814] print_report+0x118/0x608 [ 65.104852] kasan_report+0xdc/0x128 [ 65.104885] kasan_check_range+0x100/0x1a8 [ 65.104922] __kasan_check_read+0x20/0x30 [ 65.104952] copy_user_test_oob+0x728/0xec8 [ 65.104987] kunit_try_run_case+0x170/0x3f0 [ 65.105025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.105064] kthread+0x328/0x630 [ 65.105094] ret_from_fork+0x10/0x20 [ 65.105131] [ 65.171632] Allocated by task 329: [ 65.175020] kasan_save_stack+0x3c/0x68 [ 65.178838] kasan_save_track+0x20/0x40 [ 65.182657] kasan_save_alloc_info+0x40/0x58 [ 65.186910] __kasan_kmalloc+0xd4/0xd8 [ 65.190643] __kmalloc_noprof+0x190/0x4d0 [ 65.194636] kunit_kmalloc_array+0x34/0x88 [ 65.198715] copy_user_test_oob+0xac/0xec8 [ 65.202795] kunit_try_run_case+0x170/0x3f0 [ 65.206962] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.212431] kthread+0x328/0x630 [ 65.215643] ret_from_fork+0x10/0x20 [ 65.219201] [ 65.220679] The buggy address belongs to the object at ffff000800da9800 [ 65.220679] which belongs to the cache kmalloc-128 of size 128 [ 65.233179] The buggy address is located 0 bytes inside of [ 65.233179] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 65.245590] [ 65.247069] The buggy address belongs to the physical page: [ 65.252624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 65.260607] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.268246] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.275190] page_type: f5(slab) [ 65.278328] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.286047] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.293774] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.301585] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.309398] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 65.317210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.325016] page dumped because: kasan: bad access detected [ 65.330572] [ 65.332047] Memory state around the buggy address: [ 65.336827] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.344030] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.351237] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.358436] ^ [ 65.365557] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.372762] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.379963] ================================================================== [ 65.693259] ================================================================== [ 65.700276] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 65.707304] Read of size 121 at addr ffff000800da9800 by task kunit_try_catch/329 [ 65.714767] [ 65.716252] CPU: 2 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 65.716310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.716328] Hardware name: WinLink E850-96 board (DT) [ 65.716348] Call trace: [ 65.716363] show_stack+0x20/0x38 (C) [ 65.716400] dump_stack_lvl+0x8c/0xd0 [ 65.716437] print_report+0x118/0x608 [ 65.716474] kasan_report+0xdc/0x128 [ 65.716506] kasan_check_range+0x100/0x1a8 [ 65.716542] __kasan_check_read+0x20/0x30 [ 65.716571] copy_user_test_oob+0x3c8/0xec8 [ 65.716604] kunit_try_run_case+0x170/0x3f0 [ 65.716639] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.716681] kthread+0x328/0x630 [ 65.716712] ret_from_fork+0x10/0x20 [ 65.716749] [ 65.783255] Allocated by task 329: [ 65.786644] kasan_save_stack+0x3c/0x68 [ 65.790461] kasan_save_track+0x20/0x40 [ 65.794279] kasan_save_alloc_info+0x40/0x58 [ 65.798533] __kasan_kmalloc+0xd4/0xd8 [ 65.802266] __kmalloc_noprof+0x190/0x4d0 [ 65.806259] kunit_kmalloc_array+0x34/0x88 [ 65.810339] copy_user_test_oob+0xac/0xec8 [ 65.814418] kunit_try_run_case+0x170/0x3f0 [ 65.818585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.824054] kthread+0x328/0x630 [ 65.827265] ret_from_fork+0x10/0x20 [ 65.830824] [ 65.832302] The buggy address belongs to the object at ffff000800da9800 [ 65.832302] which belongs to the cache kmalloc-128 of size 128 [ 65.844800] The buggy address is located 0 bytes inside of [ 65.844800] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 65.857213] [ 65.858692] The buggy address belongs to the physical page: [ 65.864249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 65.872232] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.879870] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.886814] page_type: f5(slab) [ 65.889950] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.897670] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.905397] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.913208] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.921021] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 65.928833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.936638] page dumped because: kasan: bad access detected [ 65.942196] [ 65.943669] Memory state around the buggy address: [ 65.948449] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.955652] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.962857] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.970058] ^ [ 65.977180] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.984384] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.991586] ================================================================== [ 65.387656] ================================================================== [ 65.394378] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 65.401404] Write of size 121 at addr ffff000800da9800 by task kunit_try_catch/329 [ 65.408956] [ 65.410441] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 65.410497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.410514] Hardware name: WinLink E850-96 board (DT) [ 65.410538] Call trace: [ 65.410554] show_stack+0x20/0x38 (C) [ 65.410590] dump_stack_lvl+0x8c/0xd0 [ 65.410626] print_report+0x118/0x608 [ 65.410664] kasan_report+0xdc/0x128 [ 65.410696] kasan_check_range+0x100/0x1a8 [ 65.410736] __kasan_check_write+0x20/0x30 [ 65.410766] copy_user_test_oob+0x35c/0xec8 [ 65.410797] kunit_try_run_case+0x170/0x3f0 [ 65.410831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.410872] kthread+0x328/0x630 [ 65.410899] ret_from_fork+0x10/0x20 [ 65.410937] [ 65.477531] Allocated by task 329: [ 65.480917] kasan_save_stack+0x3c/0x68 [ 65.484735] kasan_save_track+0x20/0x40 [ 65.488555] kasan_save_alloc_info+0x40/0x58 [ 65.492808] __kasan_kmalloc+0xd4/0xd8 [ 65.496541] __kmalloc_noprof+0x190/0x4d0 [ 65.500534] kunit_kmalloc_array+0x34/0x88 [ 65.504614] copy_user_test_oob+0xac/0xec8 [ 65.508693] kunit_try_run_case+0x170/0x3f0 [ 65.512860] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.518329] kthread+0x328/0x630 [ 65.521541] ret_from_fork+0x10/0x20 [ 65.525100] [ 65.526577] The buggy address belongs to the object at ffff000800da9800 [ 65.526577] which belongs to the cache kmalloc-128 of size 128 [ 65.539077] The buggy address is located 0 bytes inside of [ 65.539077] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 65.551488] [ 65.552966] The buggy address belongs to the physical page: [ 65.558522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 65.566508] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.574144] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.581088] page_type: f5(slab) [ 65.584225] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.591946] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.599673] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.607483] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.615296] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 65.623108] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.630914] page dumped because: kasan: bad access detected [ 65.636471] [ 65.637945] Memory state around the buggy address: [ 65.642727] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.649928] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.657135] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.664333] ^ [ 65.671455] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.678660] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.685861] ==================================================================
[ 30.012532] ================================================================== [ 30.012728] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 30.013997] Write of size 121 at addr fff00000c56e8f00 by task kunit_try_catch/286 [ 30.014142] [ 30.014234] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 30.014466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.014537] Hardware name: linux,dummy-virt (DT) [ 30.014617] Call trace: [ 30.014677] show_stack+0x20/0x38 (C) [ 30.014824] dump_stack_lvl+0x8c/0xd0 [ 30.014986] print_report+0x118/0x608 [ 30.015749] kasan_report+0xdc/0x128 [ 30.015908] kasan_check_range+0x100/0x1a8 [ 30.016055] __kasan_check_write+0x20/0x30 [ 30.016201] copy_user_test_oob+0x35c/0xec8 [ 30.016352] kunit_try_run_case+0x170/0x3f0 [ 30.016491] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.016645] kthread+0x328/0x630 [ 30.016966] ret_from_fork+0x10/0x20 [ 30.017119] [ 30.017181] Allocated by task 286: [ 30.017285] kasan_save_stack+0x3c/0x68 [ 30.017407] kasan_save_track+0x20/0x40 [ 30.017525] kasan_save_alloc_info+0x40/0x58 [ 30.017806] __kasan_kmalloc+0xd4/0xd8 [ 30.018107] __kmalloc_noprof+0x190/0x4d0 [ 30.018245] kunit_kmalloc_array+0x34/0x88 [ 30.018506] copy_user_test_oob+0xac/0xec8 [ 30.018693] kunit_try_run_case+0x170/0x3f0 [ 30.018797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.018920] kthread+0x328/0x630 [ 30.019103] ret_from_fork+0x10/0x20 [ 30.019277] [ 30.019434] The buggy address belongs to the object at fff00000c56e8f00 [ 30.019434] which belongs to the cache kmalloc-128 of size 128 [ 30.019911] The buggy address is located 0 bytes inside of [ 30.019911] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 30.020255] [ 30.020330] The buggy address belongs to the physical page: [ 30.020420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 30.020573] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.020736] page_type: f5(slab) [ 30.020840] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.021657] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.022059] page dumped because: kasan: bad access detected [ 30.022234] [ 30.022438] Memory state around the buggy address: [ 30.022561] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.022694] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.022815] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.022920] ^ [ 30.023021] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.025647] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.025783] ================================================================== [ 29.966133] ================================================================== [ 29.966428] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 29.966736] Write of size 121 at addr fff00000c56e8f00 by task kunit_try_catch/286 [ 29.966873] [ 29.967077] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 29.967301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.967393] Hardware name: linux,dummy-virt (DT) [ 29.967641] Call trace: [ 29.967733] show_stack+0x20/0x38 (C) [ 29.967874] dump_stack_lvl+0x8c/0xd0 [ 29.968135] print_report+0x118/0x608 [ 29.968288] kasan_report+0xdc/0x128 [ 29.968417] kasan_check_range+0x100/0x1a8 [ 29.969042] __kasan_check_write+0x20/0x30 [ 29.969113] copy_user_test_oob+0x234/0xec8 [ 29.969192] kunit_try_run_case+0x170/0x3f0 [ 29.970274] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.970430] kthread+0x328/0x630 [ 29.970553] ret_from_fork+0x10/0x20 [ 29.970776] [ 29.970839] Allocated by task 286: [ 29.970967] kasan_save_stack+0x3c/0x68 [ 29.971095] kasan_save_track+0x20/0x40 [ 29.971231] kasan_save_alloc_info+0x40/0x58 [ 29.971554] __kasan_kmalloc+0xd4/0xd8 [ 29.971673] __kmalloc_noprof+0x190/0x4d0 [ 29.971842] kunit_kmalloc_array+0x34/0x88 [ 29.971941] copy_user_test_oob+0xac/0xec8 [ 29.972038] kunit_try_run_case+0x170/0x3f0 [ 29.972200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.972488] kthread+0x328/0x630 [ 29.972714] ret_from_fork+0x10/0x20 [ 29.972887] [ 29.972967] The buggy address belongs to the object at fff00000c56e8f00 [ 29.972967] which belongs to the cache kmalloc-128 of size 128 [ 29.973188] The buggy address is located 0 bytes inside of [ 29.973188] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 29.973638] [ 29.973718] The buggy address belongs to the physical page: [ 29.973813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 29.973975] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.974178] page_type: f5(slab) [ 29.974300] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.974497] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.974611] page dumped because: kasan: bad access detected [ 29.974770] [ 29.974867] Memory state around the buggy address: [ 29.974966] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.975091] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.975301] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.975440] ^ [ 29.975576] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.975789] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.975936] ================================================================== [ 29.986174] ================================================================== [ 29.986329] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 29.986463] Read of size 121 at addr fff00000c56e8f00 by task kunit_try_catch/286 [ 29.986596] [ 29.986773] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 29.987596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.987726] Hardware name: linux,dummy-virt (DT) [ 29.988069] Call trace: [ 29.988264] show_stack+0x20/0x38 (C) [ 29.988403] dump_stack_lvl+0x8c/0xd0 [ 29.988537] print_report+0x118/0x608 [ 29.988926] kasan_report+0xdc/0x128 [ 29.989131] kasan_check_range+0x100/0x1a8 [ 29.989402] __kasan_check_read+0x20/0x30 [ 29.989783] copy_user_test_oob+0x728/0xec8 [ 29.989971] kunit_try_run_case+0x170/0x3f0 [ 29.990111] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.990247] kthread+0x328/0x630 [ 29.990370] ret_from_fork+0x10/0x20 [ 29.990541] [ 29.990627] Allocated by task 286: [ 29.990728] kasan_save_stack+0x3c/0x68 [ 29.990852] kasan_save_track+0x20/0x40 [ 29.990975] kasan_save_alloc_info+0x40/0x58 [ 29.991177] __kasan_kmalloc+0xd4/0xd8 [ 29.991543] __kmalloc_noprof+0x190/0x4d0 [ 29.991676] kunit_kmalloc_array+0x34/0x88 [ 29.991802] copy_user_test_oob+0xac/0xec8 [ 29.991899] kunit_try_run_case+0x170/0x3f0 [ 29.992295] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.992589] kthread+0x328/0x630 [ 29.992706] ret_from_fork+0x10/0x20 [ 29.993183] [ 29.993275] The buggy address belongs to the object at fff00000c56e8f00 [ 29.993275] which belongs to the cache kmalloc-128 of size 128 [ 29.993579] The buggy address is located 0 bytes inside of [ 29.993579] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 29.993809] [ 29.993866] The buggy address belongs to the physical page: [ 29.993946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 29.994075] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.994201] page_type: f5(slab) [ 29.994350] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.994573] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.994767] page dumped because: kasan: bad access detected [ 29.994855] [ 29.994916] Memory state around the buggy address: [ 29.995135] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.995351] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.995560] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.995661] ^ [ 29.995796] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.995925] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.996032] ================================================================== [ 30.028944] ================================================================== [ 30.029118] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 30.029354] Read of size 121 at addr fff00000c56e8f00 by task kunit_try_catch/286 [ 30.029548] [ 30.029635] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 30.030080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.030159] Hardware name: linux,dummy-virt (DT) [ 30.030282] Call trace: [ 30.030357] show_stack+0x20/0x38 (C) [ 30.030563] dump_stack_lvl+0x8c/0xd0 [ 30.030949] print_report+0x118/0x608 [ 30.031095] kasan_report+0xdc/0x128 [ 30.031305] kasan_check_range+0x100/0x1a8 [ 30.031658] __kasan_check_read+0x20/0x30 [ 30.031802] copy_user_test_oob+0x3c8/0xec8 [ 30.031924] kunit_try_run_case+0x170/0x3f0 [ 30.032044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.032177] kthread+0x328/0x630 [ 30.032339] ret_from_fork+0x10/0x20 [ 30.032460] [ 30.032511] Allocated by task 286: [ 30.032583] kasan_save_stack+0x3c/0x68 [ 30.032734] kasan_save_track+0x20/0x40 [ 30.032858] kasan_save_alloc_info+0x40/0x58 [ 30.032980] __kasan_kmalloc+0xd4/0xd8 [ 30.033097] __kmalloc_noprof+0x190/0x4d0 [ 30.033217] kunit_kmalloc_array+0x34/0x88 [ 30.033373] copy_user_test_oob+0xac/0xec8 [ 30.033484] kunit_try_run_case+0x170/0x3f0 [ 30.033605] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.033934] kthread+0x328/0x630 [ 30.034195] ret_from_fork+0x10/0x20 [ 30.034318] [ 30.034378] The buggy address belongs to the object at fff00000c56e8f00 [ 30.034378] which belongs to the cache kmalloc-128 of size 128 [ 30.034537] The buggy address is located 0 bytes inside of [ 30.034537] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 30.034797] [ 30.035010] The buggy address belongs to the physical page: [ 30.035533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 30.035880] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.036006] page_type: f5(slab) [ 30.036573] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.037298] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.037460] page dumped because: kasan: bad access detected [ 30.037836] [ 30.038130] Memory state around the buggy address: [ 30.038221] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.038330] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.038484] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.038605] ^ [ 30.039002] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.039115] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.039755] ================================================================== [ 30.068074] ================================================================== [ 30.068193] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 30.068334] Read of size 121 at addr fff00000c56e8f00 by task kunit_try_catch/286 [ 30.068456] [ 30.068539] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 30.073127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.073206] Hardware name: linux,dummy-virt (DT) [ 30.073916] Call trace: [ 30.073984] show_stack+0x20/0x38 (C) [ 30.074111] dump_stack_lvl+0x8c/0xd0 [ 30.075353] print_report+0x118/0x608 [ 30.075745] kasan_report+0xdc/0x128 [ 30.075860] kasan_check_range+0x100/0x1a8 [ 30.075992] __kasan_check_read+0x20/0x30 [ 30.077768] copy_user_test_oob+0x4a0/0xec8 [ 30.078290] kunit_try_run_case+0x170/0x3f0 [ 30.078565] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.079064] kthread+0x328/0x630 [ 30.079389] ret_from_fork+0x10/0x20 [ 30.079619] [ 30.079737] Allocated by task 286: [ 30.079827] kasan_save_stack+0x3c/0x68 [ 30.080003] kasan_save_track+0x20/0x40 [ 30.080109] kasan_save_alloc_info+0x40/0x58 [ 30.080232] __kasan_kmalloc+0xd4/0xd8 [ 30.080379] __kmalloc_noprof+0x190/0x4d0 [ 30.080487] kunit_kmalloc_array+0x34/0x88 [ 30.080672] copy_user_test_oob+0xac/0xec8 [ 30.080832] kunit_try_run_case+0x170/0x3f0 [ 30.081375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.081550] kthread+0x328/0x630 [ 30.081658] ret_from_fork+0x10/0x20 [ 30.082075] [ 30.082129] The buggy address belongs to the object at fff00000c56e8f00 [ 30.082129] which belongs to the cache kmalloc-128 of size 128 [ 30.082556] The buggy address is located 0 bytes inside of [ 30.082556] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 30.082759] [ 30.082919] The buggy address belongs to the physical page: [ 30.083005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 30.083143] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.083284] page_type: f5(slab) [ 30.083384] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.083511] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.083613] page dumped because: kasan: bad access detected [ 30.083714] [ 30.083769] Memory state around the buggy address: [ 30.083849] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.083956] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.084062] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.084158] ^ [ 30.084260] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.084367] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.084460] ================================================================== [ 30.042209] ================================================================== [ 30.042476] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 30.042893] Write of size 121 at addr fff00000c56e8f00 by task kunit_try_catch/286 [ 30.043247] [ 30.043347] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 30.043924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.044111] Hardware name: linux,dummy-virt (DT) [ 30.044199] Call trace: [ 30.044473] show_stack+0x20/0x38 (C) [ 30.044697] dump_stack_lvl+0x8c/0xd0 [ 30.045049] print_report+0x118/0x608 [ 30.045176] kasan_report+0xdc/0x128 [ 30.045322] kasan_check_range+0x100/0x1a8 [ 30.045450] __kasan_check_write+0x20/0x30 [ 30.045615] copy_user_test_oob+0x434/0xec8 [ 30.046047] kunit_try_run_case+0x170/0x3f0 [ 30.046479] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.047161] kthread+0x328/0x630 [ 30.047533] ret_from_fork+0x10/0x20 [ 30.047997] [ 30.048068] Allocated by task 286: [ 30.048162] kasan_save_stack+0x3c/0x68 [ 30.048348] kasan_save_track+0x20/0x40 [ 30.048458] kasan_save_alloc_info+0x40/0x58 [ 30.048846] __kasan_kmalloc+0xd4/0xd8 [ 30.049138] __kmalloc_noprof+0x190/0x4d0 [ 30.049412] kunit_kmalloc_array+0x34/0x88 [ 30.049862] copy_user_test_oob+0xac/0xec8 [ 30.050116] kunit_try_run_case+0x170/0x3f0 [ 30.050446] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.050581] kthread+0x328/0x630 [ 30.050841] ret_from_fork+0x10/0x20 [ 30.051198] [ 30.051306] The buggy address belongs to the object at fff00000c56e8f00 [ 30.051306] which belongs to the cache kmalloc-128 of size 128 [ 30.051472] The buggy address is located 0 bytes inside of [ 30.051472] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 30.051876] [ 30.052007] The buggy address belongs to the physical page: [ 30.053283] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 30.053475] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.054573] page_type: f5(slab) [ 30.054903] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.055513] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.056479] page dumped because: kasan: bad access detected [ 30.056574] [ 30.057420] Memory state around the buggy address: [ 30.057907] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.058424] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.058542] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.058641] ^ [ 30.058769] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.060229] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.061526] ==================================================================
[ 25.674891] ================================================================== [ 25.675589] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 25.676251] Write of size 121 at addr ffff8881022e0700 by task kunit_try_catch/302 [ 25.678902] [ 25.679461] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.679553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.679599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.679665] Call Trace: [ 25.680134] <TASK> [ 25.680172] dump_stack_lvl+0x73/0xb0 [ 25.680217] print_report+0xd1/0x650 [ 25.680256] ? __virt_addr_valid+0x1db/0x2d0 [ 25.680292] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.680322] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.680357] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.680386] kasan_report+0x141/0x180 [ 25.680420] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.680455] kasan_check_range+0x10c/0x1c0 [ 25.680491] __kasan_check_write+0x18/0x20 [ 25.680543] copy_user_test_oob+0x3fd/0x10f0 [ 25.680623] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.680655] ? finish_task_switch.isra.0+0x153/0x700 [ 25.680692] ? __switch_to+0x47/0xf50 [ 25.680732] ? __schedule+0x10cc/0x2b60 [ 25.680768] ? __pfx_read_tsc+0x10/0x10 [ 25.680801] ? ktime_get_ts64+0x86/0x230 [ 25.680862] kunit_try_run_case+0x1a5/0x480 [ 25.680898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.680930] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.680967] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.681005] ? __kthread_parkme+0x82/0x180 [ 25.681037] ? preempt_count_sub+0x50/0x80 [ 25.681070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.681102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.681138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.681175] kthread+0x337/0x6f0 [ 25.681204] ? trace_preempt_on+0x20/0xc0 [ 25.681238] ? __pfx_kthread+0x10/0x10 [ 25.681272] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.681307] ? calculate_sigpending+0x7b/0xa0 [ 25.681343] ? __pfx_kthread+0x10/0x10 [ 25.681375] ret_from_fork+0x116/0x1d0 [ 25.681400] ? __pfx_kthread+0x10/0x10 [ 25.681431] ret_from_fork_asm+0x1a/0x30 [ 25.681474] </TASK> [ 25.681491] [ 25.703256] Allocated by task 302: [ 25.703746] kasan_save_stack+0x45/0x70 [ 25.704044] kasan_save_track+0x18/0x40 [ 25.704488] kasan_save_alloc_info+0x3b/0x50 [ 25.704863] __kasan_kmalloc+0xb7/0xc0 [ 25.705301] __kmalloc_noprof+0x1c9/0x500 [ 25.705678] kunit_kmalloc_array+0x25/0x60 [ 25.706261] copy_user_test_oob+0xab/0x10f0 [ 25.707365] kunit_try_run_case+0x1a5/0x480 [ 25.707740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.708143] kthread+0x337/0x6f0 [ 25.708770] ret_from_fork+0x116/0x1d0 [ 25.709196] ret_from_fork_asm+0x1a/0x30 [ 25.709606] [ 25.709845] The buggy address belongs to the object at ffff8881022e0700 [ 25.709845] which belongs to the cache kmalloc-128 of size 128 [ 25.710788] The buggy address is located 0 bytes inside of [ 25.710788] allocated 120-byte region [ffff8881022e0700, ffff8881022e0778) [ 25.712394] [ 25.712797] The buggy address belongs to the physical page: [ 25.713377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e0 [ 25.714228] flags: 0x200000000000000(node=0|zone=2) [ 25.714877] page_type: f5(slab) [ 25.715357] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.716184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.716767] page dumped because: kasan: bad access detected [ 25.717235] [ 25.717811] Memory state around the buggy address: [ 25.718377] ffff8881022e0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.719265] ffff8881022e0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.719973] >ffff8881022e0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.720795] ^ [ 25.721513] ffff8881022e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.722124] ffff8881022e0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.722642] ================================================================== [ 25.724406] ================================================================== [ 25.725118] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 25.727135] Read of size 121 at addr ffff8881022e0700 by task kunit_try_catch/302 [ 25.727665] [ 25.727979] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.728115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.728163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.728206] Call Trace: [ 25.728248] <TASK> [ 25.728272] dump_stack_lvl+0x73/0xb0 [ 25.728322] print_report+0xd1/0x650 [ 25.728393] ? __virt_addr_valid+0x1db/0x2d0 [ 25.728431] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.728461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.728497] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.728528] kasan_report+0x141/0x180 [ 25.728845] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.728896] kasan_check_range+0x10c/0x1c0 [ 25.728935] __kasan_check_read+0x15/0x20 [ 25.728965] copy_user_test_oob+0x4aa/0x10f0 [ 25.728998] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.729026] ? finish_task_switch.isra.0+0x153/0x700 [ 25.729062] ? __switch_to+0x47/0xf50 [ 25.729100] ? __schedule+0x10cc/0x2b60 [ 25.729136] ? __pfx_read_tsc+0x10/0x10 [ 25.729167] ? ktime_get_ts64+0x86/0x230 [ 25.729202] kunit_try_run_case+0x1a5/0x480 [ 25.729232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.729262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.729299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.729335] ? __kthread_parkme+0x82/0x180 [ 25.729365] ? preempt_count_sub+0x50/0x80 [ 25.729397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.729428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.729464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.729502] kthread+0x337/0x6f0 [ 25.729531] ? trace_preempt_on+0x20/0xc0 [ 25.729599] ? __pfx_kthread+0x10/0x10 [ 25.729632] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.729666] ? calculate_sigpending+0x7b/0xa0 [ 25.729702] ? __pfx_kthread+0x10/0x10 [ 25.729733] ret_from_fork+0x116/0x1d0 [ 25.729762] ? __pfx_kthread+0x10/0x10 [ 25.729792] ret_from_fork_asm+0x1a/0x30 [ 25.729859] </TASK> [ 25.729877] [ 25.750131] Allocated by task 302: [ 25.750505] kasan_save_stack+0x45/0x70 [ 25.750889] kasan_save_track+0x18/0x40 [ 25.751216] kasan_save_alloc_info+0x3b/0x50 [ 25.751617] __kasan_kmalloc+0xb7/0xc0 [ 25.752151] __kmalloc_noprof+0x1c9/0x500 [ 25.752590] kunit_kmalloc_array+0x25/0x60 [ 25.753183] copy_user_test_oob+0xab/0x10f0 [ 25.753627] kunit_try_run_case+0x1a5/0x480 [ 25.754100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.754511] kthread+0x337/0x6f0 [ 25.754882] ret_from_fork+0x116/0x1d0 [ 25.755460] ret_from_fork_asm+0x1a/0x30 [ 25.755968] [ 25.756261] The buggy address belongs to the object at ffff8881022e0700 [ 25.756261] which belongs to the cache kmalloc-128 of size 128 [ 25.757424] The buggy address is located 0 bytes inside of [ 25.757424] allocated 120-byte region [ffff8881022e0700, ffff8881022e0778) [ 25.758590] [ 25.758889] The buggy address belongs to the physical page: [ 25.759390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e0 [ 25.760047] flags: 0x200000000000000(node=0|zone=2) [ 25.760592] page_type: f5(slab) [ 25.761003] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.761645] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.762376] page dumped because: kasan: bad access detected [ 25.763118] [ 25.763327] Memory state around the buggy address: [ 25.763929] ffff8881022e0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.764543] ffff8881022e0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.765169] >ffff8881022e0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.765844] ^ [ 25.766529] ffff8881022e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.767127] ffff8881022e0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.767867] ================================================================== [ 25.769147] ================================================================== [ 25.769918] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 25.770541] Write of size 121 at addr ffff8881022e0700 by task kunit_try_catch/302 [ 25.771316] [ 25.771629] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.771761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.771803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.771888] Call Trace: [ 25.771944] <TASK> [ 25.771995] dump_stack_lvl+0x73/0xb0 [ 25.772086] print_report+0xd1/0x650 [ 25.772191] ? __virt_addr_valid+0x1db/0x2d0 [ 25.772303] ? copy_user_test_oob+0x557/0x10f0 [ 25.772358] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.772431] ? copy_user_test_oob+0x557/0x10f0 [ 25.772509] kasan_report+0x141/0x180 [ 25.772631] ? copy_user_test_oob+0x557/0x10f0 [ 25.772750] kasan_check_range+0x10c/0x1c0 [ 25.772852] __kasan_check_write+0x18/0x20 [ 25.772935] copy_user_test_oob+0x557/0x10f0 [ 25.773042] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.773149] ? finish_task_switch.isra.0+0x153/0x700 [ 25.773229] ? __switch_to+0x47/0xf50 [ 25.773338] ? __schedule+0x10cc/0x2b60 [ 25.773460] ? __pfx_read_tsc+0x10/0x10 [ 25.773542] ? ktime_get_ts64+0x86/0x230 [ 25.773652] kunit_try_run_case+0x1a5/0x480 [ 25.773786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.773897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.773987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.774076] ? __kthread_parkme+0x82/0x180 [ 25.774159] ? preempt_count_sub+0x50/0x80 [ 25.774257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.774340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.774454] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.774573] kthread+0x337/0x6f0 [ 25.774649] ? trace_preempt_on+0x20/0xc0 [ 25.774735] ? __pfx_kthread+0x10/0x10 [ 25.774813] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.774914] ? calculate_sigpending+0x7b/0xa0 [ 25.775003] ? __pfx_kthread+0x10/0x10 [ 25.775042] ret_from_fork+0x116/0x1d0 [ 25.775071] ? __pfx_kthread+0x10/0x10 [ 25.775102] ret_from_fork_asm+0x1a/0x30 [ 25.775149] </TASK> [ 25.775165] [ 25.794755] Allocated by task 302: [ 25.795450] kasan_save_stack+0x45/0x70 [ 25.796139] kasan_save_track+0x18/0x40 [ 25.796799] kasan_save_alloc_info+0x3b/0x50 [ 25.797327] __kasan_kmalloc+0xb7/0xc0 [ 25.797712] __kmalloc_noprof+0x1c9/0x500 [ 25.798127] kunit_kmalloc_array+0x25/0x60 [ 25.798515] copy_user_test_oob+0xab/0x10f0 [ 25.799485] kunit_try_run_case+0x1a5/0x480 [ 25.800227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.800924] kthread+0x337/0x6f0 [ 25.801463] ret_from_fork+0x116/0x1d0 [ 25.802058] ret_from_fork_asm+0x1a/0x30 [ 25.802407] [ 25.802595] The buggy address belongs to the object at ffff8881022e0700 [ 25.802595] which belongs to the cache kmalloc-128 of size 128 [ 25.803401] The buggy address is located 0 bytes inside of [ 25.803401] allocated 120-byte region [ffff8881022e0700, ffff8881022e0778) [ 25.804935] [ 25.805718] The buggy address belongs to the physical page: [ 25.806340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e0 [ 25.807188] flags: 0x200000000000000(node=0|zone=2) [ 25.807768] page_type: f5(slab) [ 25.808273] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.809042] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.809884] page dumped because: kasan: bad access detected [ 25.810742] [ 25.810962] Memory state around the buggy address: [ 25.811315] ffff8881022e0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.813340] ffff8881022e0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.814408] >ffff8881022e0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.815082] ^ [ 25.815729] ffff8881022e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.816475] ffff8881022e0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.817170] ================================================================== [ 25.820489] ================================================================== [ 25.821591] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 25.823610] Read of size 121 at addr ffff8881022e0700 by task kunit_try_catch/302 [ 25.824210] [ 25.824398] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.824507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.824540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.824599] Call Trace: [ 25.824640] <TASK> [ 25.824681] dump_stack_lvl+0x73/0xb0 [ 25.824747] print_report+0xd1/0x650 [ 25.824807] ? __virt_addr_valid+0x1db/0x2d0 [ 25.824892] ? copy_user_test_oob+0x604/0x10f0 [ 25.824946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.825006] ? copy_user_test_oob+0x604/0x10f0 [ 25.825081] kasan_report+0x141/0x180 [ 25.825163] ? copy_user_test_oob+0x604/0x10f0 [ 25.825254] kasan_check_range+0x10c/0x1c0 [ 25.825716] __kasan_check_read+0x15/0x20 [ 25.825792] copy_user_test_oob+0x604/0x10f0 [ 25.825884] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.825950] ? finish_task_switch.isra.0+0x153/0x700 [ 25.826011] ? __switch_to+0x47/0xf50 [ 25.826082] ? __schedule+0x10cc/0x2b60 [ 25.827111] ? __pfx_read_tsc+0x10/0x10 [ 25.827180] ? ktime_get_ts64+0x86/0x230 [ 25.827245] kunit_try_run_case+0x1a5/0x480 [ 25.827286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.827318] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.827357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.827396] ? __kthread_parkme+0x82/0x180 [ 25.827429] ? preempt_count_sub+0x50/0x80 [ 25.827464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.827496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.827534] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.827719] kthread+0x337/0x6f0 [ 25.827760] ? trace_preempt_on+0x20/0xc0 [ 25.827797] ? __pfx_kthread+0x10/0x10 [ 25.827862] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.827904] ? calculate_sigpending+0x7b/0xa0 [ 25.827941] ? __pfx_kthread+0x10/0x10 [ 25.827974] ret_from_fork+0x116/0x1d0 [ 25.828002] ? __pfx_kthread+0x10/0x10 [ 25.828034] ret_from_fork_asm+0x1a/0x30 [ 25.828077] </TASK> [ 25.828096] [ 25.844076] Allocated by task 302: [ 25.844378] kasan_save_stack+0x45/0x70 [ 25.844995] kasan_save_track+0x18/0x40 [ 25.845323] kasan_save_alloc_info+0x3b/0x50 [ 25.845685] __kasan_kmalloc+0xb7/0xc0 [ 25.847044] __kmalloc_noprof+0x1c9/0x500 [ 25.848091] kunit_kmalloc_array+0x25/0x60 [ 25.848499] copy_user_test_oob+0xab/0x10f0 [ 25.849069] kunit_try_run_case+0x1a5/0x480 [ 25.849592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.850175] kthread+0x337/0x6f0 [ 25.850646] ret_from_fork+0x116/0x1d0 [ 25.851101] ret_from_fork_asm+0x1a/0x30 [ 25.851502] [ 25.851918] The buggy address belongs to the object at ffff8881022e0700 [ 25.851918] which belongs to the cache kmalloc-128 of size 128 [ 25.853029] The buggy address is located 0 bytes inside of [ 25.853029] allocated 120-byte region [ffff8881022e0700, ffff8881022e0778) [ 25.854086] [ 25.854354] The buggy address belongs to the physical page: [ 25.855028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e0 [ 25.855739] flags: 0x200000000000000(node=0|zone=2) [ 25.856233] page_type: f5(slab) [ 25.856776] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.857420] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.858258] page dumped because: kasan: bad access detected [ 25.858857] [ 25.859069] Memory state around the buggy address: [ 25.859604] ffff8881022e0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.860133] ffff8881022e0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.860753] >ffff8881022e0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.861390] ^ [ 25.861963] ffff8881022e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.862543] ffff8881022e0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.863291] ==================================================================
[ 91.230102] ================================================================== [ 91.237365] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x800/0x12b0 [ 91.244567] Read of size 121 at addr cc90cd00 by task kunit_try_catch/337 [ 91.251403] [ 91.252899] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 91.252929] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 91.252960] Hardware name: Generic DRA74X (Flattened Device Tree) [ 91.252960] Call trace: [ 91.252960] unwind_backtrace from show_stack+0x18/0x1c [ 91.252990] show_stack from dump_stack_lvl+0x70/0x90 [ 91.253021] dump_stack_lvl from print_report+0x158/0x528 [ 91.253051] print_report from kasan_report+0xdc/0x118 [ 91.253082] kasan_report from kasan_check_range+0x14c/0x198 [ 91.253082] kasan_check_range from copy_user_test_oob+0x800/0x12b0 [ 91.253112] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 91.253143] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.253173] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 91.253204] kthread from ret_from_fork+0x14/0x20 [ 91.253204] Exception stack(0xf256bfb0 to 0xf256bff8) [ 91.253234] bfa0: 00000000 00000000 00000000 00000000 [ 91.253234] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 91.253265] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 91.253265] [ 91.365386] Allocated by task 337: [ 91.368835] kasan_save_track+0x30/0x5c [ 91.372680] __kasan_kmalloc+0x8c/0x94 [ 91.376464] __kmalloc_noprof+0x20c/0x488 [ 91.380523] kunit_kmalloc_array+0x28/0x60 [ 91.384643] copy_user_test_oob+0xac/0x12b0 [ 91.388854] kunit_try_run_case+0x22c/0x5a8 [ 91.393096] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.398620] kthread+0x464/0x810 [ 91.401885] ret_from_fork+0x14/0x20 [ 91.405487] [ 91.406982] The buggy address belongs to the object at cc90cd00 [ 91.406982] which belongs to the cache kmalloc-128 of size 128 [ 91.418884] The buggy address is located 0 bytes inside of [ 91.418884] allocated 120-byte region [cc90cd00, cc90cd78) [ 91.429992] [ 91.431488] The buggy address belongs to the physical page: [ 91.437103] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 91.444366] flags: 0x0(zone=0) [ 91.447448] page_type: f5(slab) [ 91.450622] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 91.458770] raw: 00000000 [ 91.461395] page dumped because: kasan: bad access detected [ 91.467010] [ 91.468505] Memory state around the buggy address: [ 91.473327] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 91.479919] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.486480] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 91.493041] ^ [ 91.499542] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.506103] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.512664] ================================================================== [ 92.390350] ================================================================== [ 92.397644] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x12b0 [ 92.404815] Read of size 121 at addr cc90cd00 by task kunit_try_catch/337 [ 92.411651] [ 92.413146] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 92.413177] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 92.413208] Hardware name: Generic DRA74X (Flattened Device Tree) [ 92.413208] Call trace: [ 92.413208] unwind_backtrace from show_stack+0x18/0x1c [ 92.413238] show_stack from dump_stack_lvl+0x70/0x90 [ 92.413269] dump_stack_lvl from print_report+0x158/0x528 [ 92.413299] print_report from kasan_report+0xdc/0x118 [ 92.413299] kasan_report from kasan_check_range+0x14c/0x198 [ 92.413330] kasan_check_range from copy_user_test_oob+0x604/0x12b0 [ 92.413360] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 92.413391] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.413421] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 92.413452] kthread from ret_from_fork+0x14/0x20 [ 92.413452] Exception stack(0xf256bfb0 to 0xf256bff8) [ 92.413482] bfa0: 00000000 00000000 00000000 00000000 [ 92.413482] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 92.413513] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 92.413513] [ 92.525634] Allocated by task 337: [ 92.529052] kasan_save_track+0x30/0x5c [ 92.532928] __kasan_kmalloc+0x8c/0x94 [ 92.536712] __kmalloc_noprof+0x20c/0x488 [ 92.540740] kunit_kmalloc_array+0x28/0x60 [ 92.544891] copy_user_test_oob+0xac/0x12b0 [ 92.549102] kunit_try_run_case+0x22c/0x5a8 [ 92.553314] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.558837] kthread+0x464/0x810 [ 92.562103] ret_from_fork+0x14/0x20 [ 92.565704] [ 92.567199] The buggy address belongs to the object at cc90cd00 [ 92.567199] which belongs to the cache kmalloc-128 of size 128 [ 92.579101] The buggy address is located 0 bytes inside of [ 92.579101] allocated 120-byte region [cc90cd00, cc90cd78) [ 92.590240] [ 92.591735] The buggy address belongs to the physical page: [ 92.597351] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 92.604614] flags: 0x0(zone=0) [ 92.607696] page_type: f5(slab) [ 92.610870] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 92.618988] raw: 00000000 [ 92.621643] page dumped because: kasan: bad access detected [ 92.627227] [ 92.628753] Memory state around the buggy address: [ 92.633575] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 92.640136] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.646697] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 92.653289] ^ [ 92.659759] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.666320] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.672912] ================================================================== [ 92.100402] ================================================================== [ 92.107696] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x544/0x12b0 [ 92.114868] Write of size 121 at addr cc90cd00 by task kunit_try_catch/337 [ 92.121795] [ 92.123291] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 92.123321] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 92.123352] Hardware name: Generic DRA74X (Flattened Device Tree) [ 92.123352] Call trace: [ 92.123352] unwind_backtrace from show_stack+0x18/0x1c [ 92.123382] show_stack from dump_stack_lvl+0x70/0x90 [ 92.123413] dump_stack_lvl from print_report+0x158/0x528 [ 92.123443] print_report from kasan_report+0xdc/0x118 [ 92.123443] kasan_report from kasan_check_range+0x14c/0x198 [ 92.123474] kasan_check_range from copy_user_test_oob+0x544/0x12b0 [ 92.123504] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 92.123535] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.123565] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 92.123596] kthread from ret_from_fork+0x14/0x20 [ 92.123596] Exception stack(0xf256bfb0 to 0xf256bff8) [ 92.123626] bfa0: 00000000 00000000 00000000 00000000 [ 92.123626] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 92.123657] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 92.123657] [ 92.235778] Allocated by task 337: [ 92.239196] kasan_save_track+0x30/0x5c [ 92.243072] __kasan_kmalloc+0x8c/0x94 [ 92.246856] __kmalloc_noprof+0x20c/0x488 [ 92.250885] kunit_kmalloc_array+0x28/0x60 [ 92.255035] copy_user_test_oob+0xac/0x12b0 [ 92.259246] kunit_try_run_case+0x22c/0x5a8 [ 92.263458] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.268981] kthread+0x464/0x810 [ 92.272247] ret_from_fork+0x14/0x20 [ 92.275848] [ 92.277343] The buggy address belongs to the object at cc90cd00 [ 92.277343] which belongs to the cache kmalloc-128 of size 128 [ 92.289245] The buggy address is located 0 bytes inside of [ 92.289245] allocated 120-byte region [cc90cd00, cc90cd78) [ 92.300354] [ 92.301849] The buggy address belongs to the physical page: [ 92.307464] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 92.314758] flags: 0x0(zone=0) [ 92.317810] page_type: f5(slab) [ 92.320983] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 92.329132] raw: 00000000 [ 92.331756] page dumped because: kasan: bad access detected [ 92.337371] [ 92.338867] Memory state around the buggy address: [ 92.343688] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 92.350280] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.356842] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 92.363403] ^ [ 92.369903] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.376464] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.383026] ================================================================== [ 91.520233] ================================================================== [ 91.527526] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c4/0x12b0 [ 91.534698] Write of size 121 at addr cc90cd00 by task kunit_try_catch/337 [ 91.541625] [ 91.543121] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 91.543151] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 91.543182] Hardware name: Generic DRA74X (Flattened Device Tree) [ 91.543182] Call trace: [ 91.543182] unwind_backtrace from show_stack+0x18/0x1c [ 91.543212] show_stack from dump_stack_lvl+0x70/0x90 [ 91.543243] dump_stack_lvl from print_report+0x158/0x528 [ 91.543273] print_report from kasan_report+0xdc/0x118 [ 91.543304] kasan_report from kasan_check_range+0x14c/0x198 [ 91.543304] kasan_check_range from copy_user_test_oob+0x3c4/0x12b0 [ 91.543334] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 91.543365] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.543395] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 91.543426] kthread from ret_from_fork+0x14/0x20 [ 91.543426] Exception stack(0xf256bfb0 to 0xf256bff8) [ 91.543457] bfa0: 00000000 00000000 00000000 00000000 [ 91.543457] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 91.543487] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 91.543487] [ 91.655609] Allocated by task 337: [ 91.659057] kasan_save_track+0x30/0x5c [ 91.662902] __kasan_kmalloc+0x8c/0x94 [ 91.666687] __kmalloc_noprof+0x20c/0x488 [ 91.670745] kunit_kmalloc_array+0x28/0x60 [ 91.674865] copy_user_test_oob+0xac/0x12b0 [ 91.679077] kunit_try_run_case+0x22c/0x5a8 [ 91.683319] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.688842] kthread+0x464/0x810 [ 91.692077] ret_from_fork+0x14/0x20 [ 91.695678] [ 91.697204] The buggy address belongs to the object at cc90cd00 [ 91.697204] which belongs to the cache kmalloc-128 of size 128 [ 91.709075] The buggy address is located 0 bytes inside of [ 91.709075] allocated 120-byte region [cc90cd00, cc90cd78) [ 91.720214] [ 91.721710] The buggy address belongs to the physical page: [ 91.727325] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 91.734588] flags: 0x0(zone=0) [ 91.737670] page_type: f5(slab) [ 91.740844] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 91.748962] raw: 00000000 [ 91.751617] page dumped because: kasan: bad access detected [ 91.757232] [ 91.758728] Memory state around the buggy address: [ 91.763549] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 91.770111] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.776702] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 91.783264] ^ [ 91.789733] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.796325] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.802886] ================================================================== [ 91.810455] ================================================================== [ 91.817718] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x484/0x12b0 [ 91.824890] Read of size 121 at addr cc90cd00 by task kunit_try_catch/337 [ 91.831726] [ 91.833251] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 91.833282] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 91.833282] Hardware name: Generic DRA74X (Flattened Device Tree) [ 91.833282] Call trace: [ 91.833312] unwind_backtrace from show_stack+0x18/0x1c [ 91.833312] show_stack from dump_stack_lvl+0x70/0x90 [ 91.833343] dump_stack_lvl from print_report+0x158/0x528 [ 91.833374] print_report from kasan_report+0xdc/0x118 [ 91.833404] kasan_report from kasan_check_range+0x14c/0x198 [ 91.833435] kasan_check_range from copy_user_test_oob+0x484/0x12b0 [ 91.833435] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 91.833465] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.833496] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 91.833526] kthread from ret_from_fork+0x14/0x20 [ 91.833557] Exception stack(0xf256bfb0 to 0xf256bff8) [ 91.833557] bfa0: 00000000 00000000 00000000 00000000 [ 91.833587] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 91.833587] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 91.833618] [ 91.945739] Allocated by task 337: [ 91.949157] kasan_save_track+0x30/0x5c [ 91.953033] __kasan_kmalloc+0x8c/0x94 [ 91.956817] __kmalloc_noprof+0x20c/0x488 [ 91.960845] kunit_kmalloc_array+0x28/0x60 [ 91.964965] copy_user_test_oob+0xac/0x12b0 [ 91.969177] kunit_try_run_case+0x22c/0x5a8 [ 91.973419] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.978942] kthread+0x464/0x810 [ 91.982208] ret_from_fork+0x14/0x20 [ 91.985809] [ 91.987304] The buggy address belongs to the object at cc90cd00 [ 91.987304] which belongs to the cache kmalloc-128 of size 128 [ 91.999206] The buggy address is located 0 bytes inside of [ 91.999206] allocated 120-byte region [cc90cd00, cc90cd78) [ 92.010314] [ 92.011810] The buggy address belongs to the physical page: [ 92.017425] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 92.024688] flags: 0x0(zone=0) [ 92.027770] page_type: f5(slab) [ 92.030944] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 92.039093] raw: 00000000 [ 92.041717] page dumped because: kasan: bad access detected [ 92.047332] [ 92.048828] Memory state around the buggy address: [ 92.053649] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 92.060211] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.066802] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 92.073364] ^ [ 92.079864] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.086425] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.092987] ================================================================== [ 90.933654] ================================================================== [ 90.947052] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x24c/0x12b0 [ 90.954254] Write of size 121 at addr cc90cd00 by task kunit_try_catch/337 [ 90.961181] [ 90.962677] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 90.962707] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 90.962738] Hardware name: Generic DRA74X (Flattened Device Tree) [ 90.962738] Call trace: [ 90.962738] unwind_backtrace from show_stack+0x18/0x1c [ 90.962768] show_stack from dump_stack_lvl+0x70/0x90 [ 90.962799] dump_stack_lvl from print_report+0x158/0x528 [ 90.962829] print_report from kasan_report+0xdc/0x118 [ 90.962860] kasan_report from kasan_check_range+0x14c/0x198 [ 90.962860] kasan_check_range from copy_user_test_oob+0x24c/0x12b0 [ 90.962890] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 90.962921] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.962951] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 90.962982] kthread from ret_from_fork+0x14/0x20 [ 90.963012] Exception stack(0xf256bfb0 to 0xf256bff8) [ 90.963012] bfa0: 00000000 00000000 00000000 00000000 [ 90.963043] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 90.963043] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 90.963073] [ 91.075164] Allocated by task 337: [ 91.078613] kasan_save_track+0x30/0x5c [ 91.082489] __kasan_kmalloc+0x8c/0x94 [ 91.086242] __kmalloc_noprof+0x20c/0x488 [ 91.090301] kunit_kmalloc_array+0x28/0x60 [ 91.094421] copy_user_test_oob+0xac/0x12b0 [ 91.098663] kunit_try_run_case+0x22c/0x5a8 [ 91.102874] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.108398] kthread+0x464/0x810 [ 91.111663] ret_from_fork+0x14/0x20 [ 91.115264] [ 91.116760] The buggy address belongs to the object at cc90cd00 [ 91.116760] which belongs to the cache kmalloc-128 of size 128 [ 91.128662] The buggy address is located 0 bytes inside of [ 91.128662] allocated 120-byte region [cc90cd00, cc90cd78) [ 91.139770] [ 91.141265] The buggy address belongs to the physical page: [ 91.146881] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 91.154144] flags: 0x0(zone=0) [ 91.157226] page_type: f5(slab) [ 91.160400] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 91.168548] raw: 00000000 [ 91.171173] page dumped because: kasan: bad access detected [ 91.176788] [ 91.178283] Memory state around the buggy address: [ 91.183105] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 91.189697] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.196258] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 91.202819] ^ [ 91.209320] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.215881] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.222442] ==================================================================