Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.574346] ================================================================== [ 21.574734] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.574891] Write of size 121 at addr fff00000c58a9600 by task kunit_try_catch/285 [ 21.574977] [ 21.575013] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 21.575180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.575209] Hardware name: linux,dummy-virt (DT) [ 21.575250] Call trace: [ 21.575442] show_stack+0x20/0x38 (C) [ 21.575762] dump_stack_lvl+0x8c/0xd0 [ 21.575885] print_report+0x118/0x608 [ 21.576005] kasan_report+0xdc/0x128 [ 21.576054] kasan_check_range+0x100/0x1a8 [ 21.576119] __kasan_check_write+0x20/0x30 [ 21.576168] copy_user_test_oob+0x35c/0xec8 [ 21.576217] kunit_try_run_case+0x170/0x3f0 [ 21.576576] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.576730] kthread+0x328/0x630 [ 21.576840] ret_from_fork+0x10/0x20 [ 21.577295] [ 21.577414] Allocated by task 285: [ 21.577561] kasan_save_stack+0x3c/0x68 [ 21.577717] kasan_save_track+0x20/0x40 [ 21.577763] kasan_save_alloc_info+0x40/0x58 [ 21.577836] __kasan_kmalloc+0xd4/0xd8 [ 21.578103] __kmalloc_noprof+0x198/0x4c8 [ 21.578356] kunit_kmalloc_array+0x34/0x88 [ 21.578435] copy_user_test_oob+0xac/0xec8 [ 21.578488] kunit_try_run_case+0x170/0x3f0 [ 21.578527] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.578573] kthread+0x328/0x630 [ 21.578607] ret_from_fork+0x10/0x20 [ 21.578656] [ 21.578688] The buggy address belongs to the object at fff00000c58a9600 [ 21.578688] which belongs to the cache kmalloc-128 of size 128 [ 21.578763] The buggy address is located 0 bytes inside of [ 21.578763] allocated 120-byte region [fff00000c58a9600, fff00000c58a9678) [ 21.578850] [ 21.578892] The buggy address belongs to the physical page: [ 21.578942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 21.579005] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.579067] page_type: f5(slab) [ 21.579110] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.579163] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.579206] page dumped because: kasan: bad access detected [ 21.579239] [ 21.579280] Memory state around the buggy address: [ 21.579330] fff00000c58a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.579688] fff00000c58a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.579850] >fff00000c58a9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.579898] ^ [ 21.579943] fff00000c58a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.579988] fff00000c58a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.580259] ================================================================== [ 21.533992] ================================================================== [ 21.534170] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.534267] Write of size 121 at addr fff00000c58a9600 by task kunit_try_catch/285 [ 21.534323] [ 21.534382] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 21.535577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.535669] Hardware name: linux,dummy-virt (DT) [ 21.535740] Call trace: [ 21.535865] show_stack+0x20/0x38 (C) [ 21.535951] dump_stack_lvl+0x8c/0xd0 [ 21.536397] print_report+0x118/0x608 [ 21.536617] kasan_report+0xdc/0x128 [ 21.536762] kasan_check_range+0x100/0x1a8 [ 21.536858] __kasan_check_write+0x20/0x30 [ 21.537009] copy_user_test_oob+0x234/0xec8 [ 21.537079] kunit_try_run_case+0x170/0x3f0 [ 21.537746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.537819] kthread+0x328/0x630 [ 21.538558] ret_from_fork+0x10/0x20 [ 21.538619] [ 21.538886] Allocated by task 285: [ 21.539096] kasan_save_stack+0x3c/0x68 [ 21.539186] kasan_save_track+0x20/0x40 [ 21.539329] kasan_save_alloc_info+0x40/0x58 [ 21.539431] __kasan_kmalloc+0xd4/0xd8 [ 21.539575] __kmalloc_noprof+0x198/0x4c8 [ 21.539623] kunit_kmalloc_array+0x34/0x88 [ 21.539662] copy_user_test_oob+0xac/0xec8 [ 21.539937] kunit_try_run_case+0x170/0x3f0 [ 21.540056] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.540165] kthread+0x328/0x630 [ 21.540243] ret_from_fork+0x10/0x20 [ 21.540376] [ 21.540456] The buggy address belongs to the object at fff00000c58a9600 [ 21.540456] which belongs to the cache kmalloc-128 of size 128 [ 21.540861] The buggy address is located 0 bytes inside of [ 21.540861] allocated 120-byte region [fff00000c58a9600, fff00000c58a9678) [ 21.541017] [ 21.541074] The buggy address belongs to the physical page: [ 21.541206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 21.541345] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.541511] page_type: f5(slab) [ 21.541573] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.542018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.542113] page dumped because: kasan: bad access detected [ 21.542178] [ 21.542388] Memory state around the buggy address: [ 21.542601] fff00000c58a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.542739] fff00000c58a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.542883] >fff00000c58a9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.542974] ^ [ 21.543350] fff00000c58a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.543525] fff00000c58a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.543591] ================================================================== [ 21.592707] ================================================================== [ 21.592807] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.592880] Write of size 121 at addr fff00000c58a9600 by task kunit_try_catch/285 [ 21.592935] [ 21.593145] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 21.593340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.593380] Hardware name: linux,dummy-virt (DT) [ 21.593414] Call trace: [ 21.593449] show_stack+0x20/0x38 (C) [ 21.594058] dump_stack_lvl+0x8c/0xd0 [ 21.594156] print_report+0x118/0x608 [ 21.594393] kasan_report+0xdc/0x128 [ 21.594496] kasan_check_range+0x100/0x1a8 [ 21.594558] __kasan_check_write+0x20/0x30 [ 21.594674] copy_user_test_oob+0x434/0xec8 [ 21.594748] kunit_try_run_case+0x170/0x3f0 [ 21.595064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.595275] kthread+0x328/0x630 [ 21.595328] ret_from_fork+0x10/0x20 [ 21.595677] [ 21.595745] Allocated by task 285: [ 21.595861] kasan_save_stack+0x3c/0x68 [ 21.595951] kasan_save_track+0x20/0x40 [ 21.596199] kasan_save_alloc_info+0x40/0x58 [ 21.596256] __kasan_kmalloc+0xd4/0xd8 [ 21.596597] __kmalloc_noprof+0x198/0x4c8 [ 21.597022] kunit_kmalloc_array+0x34/0x88 [ 21.597149] copy_user_test_oob+0xac/0xec8 [ 21.597247] kunit_try_run_case+0x170/0x3f0 [ 21.597404] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.597500] kthread+0x328/0x630 [ 21.597810] ret_from_fork+0x10/0x20 [ 21.597961] [ 21.597984] The buggy address belongs to the object at fff00000c58a9600 [ 21.597984] which belongs to the cache kmalloc-128 of size 128 [ 21.598106] The buggy address is located 0 bytes inside of [ 21.598106] allocated 120-byte region [fff00000c58a9600, fff00000c58a9678) [ 21.598177] [ 21.598225] The buggy address belongs to the physical page: [ 21.598272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 21.598332] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.598403] page_type: f5(slab) [ 21.598476] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.598529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.598581] page dumped because: kasan: bad access detected [ 21.598616] [ 21.598638] Memory state around the buggy address: [ 21.598672] fff00000c58a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.598717] fff00000c58a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.598769] >fff00000c58a9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.598818] ^ [ 21.598865] fff00000c58a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.598915] fff00000c58a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.598961] ================================================================== [ 21.554901] ================================================================== [ 21.554990] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.555055] Read of size 121 at addr fff00000c58a9600 by task kunit_try_catch/285 [ 21.555109] [ 21.556967] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 21.557311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.557344] Hardware name: linux,dummy-virt (DT) [ 21.558133] Call trace: [ 21.558242] show_stack+0x20/0x38 (C) [ 21.558632] dump_stack_lvl+0x8c/0xd0 [ 21.558795] print_report+0x118/0x608 [ 21.559186] kasan_report+0xdc/0x128 [ 21.559340] kasan_check_range+0x100/0x1a8 [ 21.559698] __kasan_check_read+0x20/0x30 [ 21.559841] copy_user_test_oob+0x728/0xec8 [ 21.559931] kunit_try_run_case+0x170/0x3f0 [ 21.560250] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.560389] kthread+0x328/0x630 [ 21.560497] ret_from_fork+0x10/0x20 [ 21.560624] [ 21.560645] Allocated by task 285: [ 21.560712] kasan_save_stack+0x3c/0x68 [ 21.561029] kasan_save_track+0x20/0x40 [ 21.561170] kasan_save_alloc_info+0x40/0x58 [ 21.561215] __kasan_kmalloc+0xd4/0xd8 [ 21.561534] __kmalloc_noprof+0x198/0x4c8 [ 21.561623] kunit_kmalloc_array+0x34/0x88 [ 21.561681] copy_user_test_oob+0xac/0xec8 [ 21.561720] kunit_try_run_case+0x170/0x3f0 [ 21.561761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.561828] kthread+0x328/0x630 [ 21.561869] ret_from_fork+0x10/0x20 [ 21.561913] [ 21.561937] The buggy address belongs to the object at fff00000c58a9600 [ 21.561937] which belongs to the cache kmalloc-128 of size 128 [ 21.562017] The buggy address is located 0 bytes inside of [ 21.562017] allocated 120-byte region [fff00000c58a9600, fff00000c58a9678) [ 21.562081] [ 21.562104] The buggy address belongs to the physical page: [ 21.562150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 21.562206] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.562261] page_type: f5(slab) [ 21.562306] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.562359] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.562401] page dumped because: kasan: bad access detected [ 21.562461] [ 21.562490] Memory state around the buggy address: [ 21.562527] fff00000c58a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.562572] fff00000c58a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.562626] >fff00000c58a9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.562695] ^ [ 21.562761] fff00000c58a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.562813] fff00000c58a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.562855] ================================================================== [ 21.599198] ================================================================== [ 21.599243] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.599313] Read of size 121 at addr fff00000c58a9600 by task kunit_try_catch/285 [ 21.599365] [ 21.600012] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 21.600295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.600386] Hardware name: linux,dummy-virt (DT) [ 21.600917] Call trace: [ 21.601023] show_stack+0x20/0x38 (C) [ 21.601296] dump_stack_lvl+0x8c/0xd0 [ 21.601716] print_report+0x118/0x608 [ 21.601910] kasan_report+0xdc/0x128 [ 21.602080] kasan_check_range+0x100/0x1a8 [ 21.602136] __kasan_check_read+0x20/0x30 [ 21.602183] copy_user_test_oob+0x4a0/0xec8 [ 21.602407] kunit_try_run_case+0x170/0x3f0 [ 21.602654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.603040] kthread+0x328/0x630 [ 21.603213] ret_from_fork+0x10/0x20 [ 21.603499] [ 21.603539] Allocated by task 285: [ 21.603573] kasan_save_stack+0x3c/0x68 [ 21.603750] kasan_save_track+0x20/0x40 [ 21.603940] kasan_save_alloc_info+0x40/0x58 [ 21.604041] __kasan_kmalloc+0xd4/0xd8 [ 21.604235] __kmalloc_noprof+0x198/0x4c8 [ 21.604522] kunit_kmalloc_array+0x34/0x88 [ 21.604673] copy_user_test_oob+0xac/0xec8 [ 21.604774] kunit_try_run_case+0x170/0x3f0 [ 21.604827] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.605063] kthread+0x328/0x630 [ 21.605660] ret_from_fork+0x10/0x20 [ 21.605799] [ 21.605879] The buggy address belongs to the object at fff00000c58a9600 [ 21.605879] which belongs to the cache kmalloc-128 of size 128 [ 21.606054] The buggy address is located 0 bytes inside of [ 21.606054] allocated 120-byte region [fff00000c58a9600, fff00000c58a9678) [ 21.606138] [ 21.606169] The buggy address belongs to the physical page: [ 21.606343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 21.606495] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.606860] page_type: f5(slab) [ 21.607017] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.607492] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.607777] page dumped because: kasan: bad access detected [ 21.608034] [ 21.608214] Memory state around the buggy address: [ 21.608464] fff00000c58a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.608702] fff00000c58a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.608952] >fff00000c58a9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.609065] ^ [ 21.609503] fff00000c58a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.609603] fff00000c58a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.609647] ================================================================== [ 21.581806] ================================================================== [ 21.582290] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.582626] Read of size 121 at addr fff00000c58a9600 by task kunit_try_catch/285 [ 21.582715] [ 21.582749] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 21.582835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.583107] Hardware name: linux,dummy-virt (DT) [ 21.583157] Call trace: [ 21.583448] show_stack+0x20/0x38 (C) [ 21.583729] dump_stack_lvl+0x8c/0xd0 [ 21.583868] print_report+0x118/0x608 [ 21.583979] kasan_report+0xdc/0x128 [ 21.584029] kasan_check_range+0x100/0x1a8 [ 21.584080] __kasan_check_read+0x20/0x30 [ 21.584127] copy_user_test_oob+0x3c8/0xec8 [ 21.584757] kunit_try_run_case+0x170/0x3f0 [ 21.584950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.585124] kthread+0x328/0x630 [ 21.585320] ret_from_fork+0x10/0x20 [ 21.585401] [ 21.585717] Allocated by task 285: [ 21.585837] kasan_save_stack+0x3c/0x68 [ 21.586125] kasan_save_track+0x20/0x40 [ 21.586621] kasan_save_alloc_info+0x40/0x58 [ 21.586790] __kasan_kmalloc+0xd4/0xd8 [ 21.587330] __kmalloc_noprof+0x198/0x4c8 [ 21.587415] kunit_kmalloc_array+0x34/0x88 [ 21.587580] copy_user_test_oob+0xac/0xec8 [ 21.587660] kunit_try_run_case+0x170/0x3f0 [ 21.587702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.587749] kthread+0x328/0x630 [ 21.587783] ret_from_fork+0x10/0x20 [ 21.587822] [ 21.587844] The buggy address belongs to the object at fff00000c58a9600 [ 21.587844] which belongs to the cache kmalloc-128 of size 128 [ 21.588617] The buggy address is located 0 bytes inside of [ 21.588617] allocated 120-byte region [fff00000c58a9600, fff00000c58a9678) [ 21.588805] [ 21.588927] The buggy address belongs to the physical page: [ 21.589205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 21.589269] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.589539] page_type: f5(slab) [ 21.589601] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.589967] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.590284] page dumped because: kasan: bad access detected [ 21.590516] [ 21.590647] Memory state around the buggy address: [ 21.590845] fff00000c58a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.590907] fff00000c58a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.590952] >fff00000c58a9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.590993] ^ [ 21.591059] fff00000c58a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.591103] fff00000c58a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.591146] ==================================================================
[ 19.896782] ================================================================== [ 19.897205] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 19.897388] Read of size 121 at addr ffff888103341c00 by task kunit_try_catch/302 [ 19.897564] [ 19.897817] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 19.897885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.897903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.897929] Call Trace: [ 19.897952] <TASK> [ 19.897972] dump_stack_lvl+0x73/0xb0 [ 19.898003] print_report+0xd1/0x650 [ 19.898031] ? __virt_addr_valid+0x1db/0x2d0 [ 19.898059] ? copy_user_test_oob+0x604/0x10f0 [ 19.898084] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.898109] ? copy_user_test_oob+0x604/0x10f0 [ 19.898135] kasan_report+0x141/0x180 [ 19.898159] ? copy_user_test_oob+0x604/0x10f0 [ 19.898190] kasan_check_range+0x10c/0x1c0 [ 19.898230] __kasan_check_read+0x15/0x20 [ 19.898256] copy_user_test_oob+0x604/0x10f0 [ 19.898286] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.898311] ? finish_task_switch.isra.0+0x153/0x700 [ 19.898337] ? __switch_to+0x47/0xf50 [ 19.898366] ? __schedule+0x10cc/0x2b60 [ 19.898392] ? __pfx_read_tsc+0x10/0x10 [ 19.898415] ? ktime_get_ts64+0x86/0x230 [ 19.898443] kunit_try_run_case+0x1a5/0x480 [ 19.898480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.898506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.898531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.898557] ? __kthread_parkme+0x82/0x180 [ 19.898579] ? preempt_count_sub+0x50/0x80 [ 19.898603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.898625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.898650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.898676] kthread+0x337/0x6f0 [ 19.898696] ? trace_preempt_on+0x20/0xc0 [ 19.898720] ? __pfx_kthread+0x10/0x10 [ 19.898741] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.898764] ? calculate_sigpending+0x7b/0xa0 [ 19.898789] ? __pfx_kthread+0x10/0x10 [ 19.898812] ret_from_fork+0x116/0x1d0 [ 19.898831] ? __pfx_kthread+0x10/0x10 [ 19.898852] ret_from_fork_asm+0x1a/0x30 [ 19.898885] </TASK> [ 19.898899] [ 19.908156] Allocated by task 302: [ 19.908547] kasan_save_stack+0x45/0x70 [ 19.908893] kasan_save_track+0x18/0x40 [ 19.909193] kasan_save_alloc_info+0x3b/0x50 [ 19.909733] __kasan_kmalloc+0xb7/0xc0 [ 19.909949] __kmalloc_noprof+0x1c9/0x500 [ 19.910156] kunit_kmalloc_array+0x25/0x60 [ 19.910728] copy_user_test_oob+0xab/0x10f0 [ 19.911148] kunit_try_run_case+0x1a5/0x480 [ 19.911271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.911842] kthread+0x337/0x6f0 [ 19.912179] ret_from_fork+0x116/0x1d0 [ 19.912299] ret_from_fork_asm+0x1a/0x30 [ 19.912420] [ 19.912853] The buggy address belongs to the object at ffff888103341c00 [ 19.912853] which belongs to the cache kmalloc-128 of size 128 [ 19.913694] The buggy address is located 0 bytes inside of [ 19.913694] allocated 120-byte region [ffff888103341c00, ffff888103341c78) [ 19.914211] [ 19.914286] The buggy address belongs to the physical page: [ 19.914844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103341 [ 19.915225] flags: 0x200000000000000(node=0|zone=2) [ 19.915479] page_type: f5(slab) [ 19.915695] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.916026] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.916984] page dumped because: kasan: bad access detected [ 19.917651] [ 19.917771] Memory state around the buggy address: [ 19.917904] ffff888103341b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.918207] ffff888103341b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.918615] >ffff888103341c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.918773] ^ [ 19.919260] ffff888103341c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.919529] ffff888103341d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.920053] ================================================================== [ 19.877627] ================================================================== [ 19.878378] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 19.878688] Write of size 121 at addr ffff888103341c00 by task kunit_try_catch/302 [ 19.878995] [ 19.879085] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 19.879140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.879167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.879194] Call Trace: [ 19.879248] <TASK> [ 19.879273] dump_stack_lvl+0x73/0xb0 [ 19.879305] print_report+0xd1/0x650 [ 19.879345] ? __virt_addr_valid+0x1db/0x2d0 [ 19.879381] ? copy_user_test_oob+0x557/0x10f0 [ 19.879421] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.879451] ? copy_user_test_oob+0x557/0x10f0 [ 19.879491] kasan_report+0x141/0x180 [ 19.879531] ? copy_user_test_oob+0x557/0x10f0 [ 19.879564] kasan_check_range+0x10c/0x1c0 [ 19.879603] __kasan_check_write+0x18/0x20 [ 19.879628] copy_user_test_oob+0x557/0x10f0 [ 19.879666] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.879696] ? finish_task_switch.isra.0+0x153/0x700 [ 19.879724] ? __switch_to+0x47/0xf50 [ 19.879766] ? __schedule+0x10cc/0x2b60 [ 19.879794] ? __pfx_read_tsc+0x10/0x10 [ 19.879830] ? ktime_get_ts64+0x86/0x230 [ 19.879859] kunit_try_run_case+0x1a5/0x480 [ 19.879899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.879924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.879951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.879991] ? __kthread_parkme+0x82/0x180 [ 19.880015] ? preempt_count_sub+0x50/0x80 [ 19.880053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.880079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.880107] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.880134] kthread+0x337/0x6f0 [ 19.880157] ? trace_preempt_on+0x20/0xc0 [ 19.880184] ? __pfx_kthread+0x10/0x10 [ 19.880207] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.880232] ? calculate_sigpending+0x7b/0xa0 [ 19.880260] ? __pfx_kthread+0x10/0x10 [ 19.880285] ret_from_fork+0x116/0x1d0 [ 19.880307] ? __pfx_kthread+0x10/0x10 [ 19.880330] ret_from_fork_asm+0x1a/0x30 [ 19.880364] </TASK> [ 19.880380] [ 19.887537] Allocated by task 302: [ 19.887814] kasan_save_stack+0x45/0x70 [ 19.888030] kasan_save_track+0x18/0x40 [ 19.888142] kasan_save_alloc_info+0x3b/0x50 [ 19.888256] __kasan_kmalloc+0xb7/0xc0 [ 19.888358] __kmalloc_noprof+0x1c9/0x500 [ 19.888477] kunit_kmalloc_array+0x25/0x60 [ 19.888851] copy_user_test_oob+0xab/0x10f0 [ 19.889188] kunit_try_run_case+0x1a5/0x480 [ 19.889563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.889968] kthread+0x337/0x6f0 [ 19.890080] ret_from_fork+0x116/0x1d0 [ 19.890318] ret_from_fork_asm+0x1a/0x30 [ 19.890568] [ 19.890697] The buggy address belongs to the object at ffff888103341c00 [ 19.890697] which belongs to the cache kmalloc-128 of size 128 [ 19.891152] The buggy address is located 0 bytes inside of [ 19.891152] allocated 120-byte region [ffff888103341c00, ffff888103341c78) [ 19.891684] [ 19.891751] The buggy address belongs to the physical page: [ 19.891883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103341 [ 19.892059] flags: 0x200000000000000(node=0|zone=2) [ 19.892541] page_type: f5(slab) [ 19.892795] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.893275] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.893608] page dumped because: kasan: bad access detected [ 19.893727] [ 19.893786] Memory state around the buggy address: [ 19.894136] ffff888103341b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.894609] ffff888103341b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.894761] >ffff888103341c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.894901] ^ [ 19.895040] ffff888103341c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.895184] ffff888103341d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.895826] ================================================================== [ 19.858238] ================================================================== [ 19.858613] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 19.859065] Read of size 121 at addr ffff888103341c00 by task kunit_try_catch/302 [ 19.859514] [ 19.859645] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 19.859700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.859737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.859767] Call Trace: [ 19.859789] <TASK> [ 19.859819] dump_stack_lvl+0x73/0xb0 [ 19.859854] print_report+0xd1/0x650 [ 19.859880] ? __virt_addr_valid+0x1db/0x2d0 [ 19.859908] ? copy_user_test_oob+0x4aa/0x10f0 [ 19.859934] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.859960] ? copy_user_test_oob+0x4aa/0x10f0 [ 19.859986] kasan_report+0x141/0x180 [ 19.860012] ? copy_user_test_oob+0x4aa/0x10f0 [ 19.860042] kasan_check_range+0x10c/0x1c0 [ 19.860068] __kasan_check_read+0x15/0x20 [ 19.860091] copy_user_test_oob+0x4aa/0x10f0 [ 19.860118] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.860158] ? finish_task_switch.isra.0+0x153/0x700 [ 19.860185] ? __switch_to+0x47/0xf50 [ 19.860228] ? __schedule+0x10cc/0x2b60 [ 19.860256] ? __pfx_read_tsc+0x10/0x10 [ 19.860280] ? ktime_get_ts64+0x86/0x230 [ 19.860310] kunit_try_run_case+0x1a5/0x480 [ 19.860335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.860357] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.860397] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.860426] ? __kthread_parkme+0x82/0x180 [ 19.860451] ? preempt_count_sub+0x50/0x80 [ 19.860495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.860519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.860547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.860575] kthread+0x337/0x6f0 [ 19.860597] ? trace_preempt_on+0x20/0xc0 [ 19.860625] ? __pfx_kthread+0x10/0x10 [ 19.860649] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.860673] ? calculate_sigpending+0x7b/0xa0 [ 19.860713] ? __pfx_kthread+0x10/0x10 [ 19.860740] ret_from_fork+0x116/0x1d0 [ 19.860763] ? __pfx_kthread+0x10/0x10 [ 19.860801] ret_from_fork_asm+0x1a/0x30 [ 19.860836] </TASK> [ 19.860861] [ 19.868423] Allocated by task 302: [ 19.868614] kasan_save_stack+0x45/0x70 [ 19.868735] kasan_save_track+0x18/0x40 [ 19.868843] kasan_save_alloc_info+0x3b/0x50 [ 19.868959] __kasan_kmalloc+0xb7/0xc0 [ 19.869062] __kmalloc_noprof+0x1c9/0x500 [ 19.869171] kunit_kmalloc_array+0x25/0x60 [ 19.869277] copy_user_test_oob+0xab/0x10f0 [ 19.869389] kunit_try_run_case+0x1a5/0x480 [ 19.869508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.869640] kthread+0x337/0x6f0 [ 19.869892] ret_from_fork+0x116/0x1d0 [ 19.870180] ret_from_fork_asm+0x1a/0x30 [ 19.870576] [ 19.870733] The buggy address belongs to the object at ffff888103341c00 [ 19.870733] which belongs to the cache kmalloc-128 of size 128 [ 19.871796] The buggy address is located 0 bytes inside of [ 19.871796] allocated 120-byte region [ffff888103341c00, ffff888103341c78) [ 19.872148] [ 19.872238] The buggy address belongs to the physical page: [ 19.872660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103341 [ 19.872921] flags: 0x200000000000000(node=0|zone=2) [ 19.873053] page_type: f5(slab) [ 19.873346] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.873814] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.874171] page dumped because: kasan: bad access detected [ 19.874439] [ 19.874591] Memory state around the buggy address: [ 19.874815] ffff888103341b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.875136] ffff888103341b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.875481] >ffff888103341c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.875818] ^ [ 19.876123] ffff888103341c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.876746] ffff888103341d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.876967] ================================================================== [ 19.839187] ================================================================== [ 19.839620] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 19.839910] Write of size 121 at addr ffff888103341c00 by task kunit_try_catch/302 [ 19.840190] [ 19.840391] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 19.840470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.840489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.840517] Call Trace: [ 19.840555] <TASK> [ 19.840584] dump_stack_lvl+0x73/0xb0 [ 19.840629] print_report+0xd1/0x650 [ 19.840662] ? __virt_addr_valid+0x1db/0x2d0 [ 19.840701] ? copy_user_test_oob+0x3fd/0x10f0 [ 19.840733] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.840760] ? copy_user_test_oob+0x3fd/0x10f0 [ 19.840789] kasan_report+0x141/0x180 [ 19.840814] ? copy_user_test_oob+0x3fd/0x10f0 [ 19.840846] kasan_check_range+0x10c/0x1c0 [ 19.840873] __kasan_check_write+0x18/0x20 [ 19.840894] copy_user_test_oob+0x3fd/0x10f0 [ 19.840923] ? __pfx_copy_user_test_oob+0x10/0x10 [ 19.840959] ? finish_task_switch.isra.0+0x153/0x700 [ 19.840988] ? __switch_to+0x47/0xf50 [ 19.841027] ? __schedule+0x10cc/0x2b60 [ 19.841058] ? __pfx_read_tsc+0x10/0x10 [ 19.841083] ? ktime_get_ts64+0x86/0x230 [ 19.841123] kunit_try_run_case+0x1a5/0x480 [ 19.841151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.841175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.841244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.841273] ? __kthread_parkme+0x82/0x180 [ 19.841298] ? preempt_count_sub+0x50/0x80 [ 19.841324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.841348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.841376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.841401] kthread+0x337/0x6f0 [ 19.841424] ? trace_preempt_on+0x20/0xc0 [ 19.841451] ? __pfx_kthread+0x10/0x10 [ 19.841495] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.841520] ? calculate_sigpending+0x7b/0xa0 [ 19.841547] ? __pfx_kthread+0x10/0x10 [ 19.841571] ret_from_fork+0x116/0x1d0 [ 19.841593] ? __pfx_kthread+0x10/0x10 [ 19.841616] ret_from_fork_asm+0x1a/0x30 [ 19.841651] </TASK> [ 19.841667] [ 19.848216] Allocated by task 302: [ 19.848322] kasan_save_stack+0x45/0x70 [ 19.848663] kasan_save_track+0x18/0x40 [ 19.848980] kasan_save_alloc_info+0x3b/0x50 [ 19.849387] __kasan_kmalloc+0xb7/0xc0 [ 19.849749] __kmalloc_noprof+0x1c9/0x500 [ 19.850020] kunit_kmalloc_array+0x25/0x60 [ 19.850196] copy_user_test_oob+0xab/0x10f0 [ 19.850497] kunit_try_run_case+0x1a5/0x480 [ 19.850617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.850756] kthread+0x337/0x6f0 [ 19.851028] ret_from_fork+0x116/0x1d0 [ 19.851439] ret_from_fork_asm+0x1a/0x30 [ 19.851796] [ 19.851889] The buggy address belongs to the object at ffff888103341c00 [ 19.851889] which belongs to the cache kmalloc-128 of size 128 [ 19.852225] The buggy address is located 0 bytes inside of [ 19.852225] allocated 120-byte region [ffff888103341c00, ffff888103341c78) [ 19.852919] [ 19.853093] The buggy address belongs to the physical page: [ 19.853386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103341 [ 19.853665] flags: 0x200000000000000(node=0|zone=2) [ 19.853802] page_type: f5(slab) [ 19.853908] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.854079] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.854326] page dumped because: kasan: bad access detected [ 19.854763] [ 19.854918] Memory state around the buggy address: [ 19.855328] ffff888103341b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.855778] ffff888103341b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.855936] >ffff888103341c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.856243] ^ [ 19.856775] ffff888103341c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.857084] ffff888103341d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.857478] ==================================================================