Date
June 5, 2025, 7:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.590183] ================================================================== [ 30.590467] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 30.590615] Read of size 121 at addr fff00000c7719c00 by task kunit_try_catch/285 [ 30.590752] [ 30.590859] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.591282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.591388] Hardware name: linux,dummy-virt (DT) [ 30.591506] Call trace: [ 30.591658] show_stack+0x20/0x38 (C) [ 30.591926] dump_stack_lvl+0x8c/0xd0 [ 30.592032] print_report+0x118/0x608 [ 30.592147] kasan_report+0xdc/0x128 [ 30.592215] kasan_check_range+0x100/0x1a8 [ 30.592277] __kasan_check_read+0x20/0x30 [ 30.592362] copy_user_test_oob+0x728/0xec8 [ 30.592432] kunit_try_run_case+0x170/0x3f0 [ 30.592495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.592567] kthread+0x328/0x630 [ 30.592623] ret_from_fork+0x10/0x20 [ 30.592685] [ 30.592711] Allocated by task 285: [ 30.592748] kasan_save_stack+0x3c/0x68 [ 30.592800] kasan_save_track+0x20/0x40 [ 30.592851] kasan_save_alloc_info+0x40/0x58 [ 30.592905] __kasan_kmalloc+0xd4/0xd8 [ 30.592951] __kmalloc_noprof+0x198/0x4c8 [ 30.593002] kunit_kmalloc_array+0x34/0x88 [ 30.593051] copy_user_test_oob+0xac/0xec8 [ 30.593100] kunit_try_run_case+0x170/0x3f0 [ 30.593150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.593207] kthread+0x328/0x630 [ 30.593248] ret_from_fork+0x10/0x20 [ 30.593307] [ 30.593370] The buggy address belongs to the object at fff00000c7719c00 [ 30.593370] which belongs to the cache kmalloc-128 of size 128 [ 30.593577] The buggy address is located 0 bytes inside of [ 30.593577] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.593744] [ 30.593801] The buggy address belongs to the physical page: [ 30.594324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.594515] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.594743] page_type: f5(slab) [ 30.594861] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.594994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.596186] page dumped because: kasan: bad access detected [ 30.596285] [ 30.596358] Memory state around the buggy address: [ 30.596643] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.597512] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.597966] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.598891] ^ [ 30.599357] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.600276] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.600691] ================================================================== [ 30.628528] ================================================================== [ 30.628635] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 30.628740] Read of size 121 at addr fff00000c7719c00 by task kunit_try_catch/285 [ 30.628867] [ 30.628952] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.629161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.629236] Hardware name: linux,dummy-virt (DT) [ 30.629525] Call trace: [ 30.629595] show_stack+0x20/0x38 (C) [ 30.629914] dump_stack_lvl+0x8c/0xd0 [ 30.630041] print_report+0x118/0x608 [ 30.630156] kasan_report+0xdc/0x128 [ 30.630300] kasan_check_range+0x100/0x1a8 [ 30.630464] __kasan_check_read+0x20/0x30 [ 30.630605] copy_user_test_oob+0x3c8/0xec8 [ 30.630752] kunit_try_run_case+0x170/0x3f0 [ 30.630892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.631052] kthread+0x328/0x630 [ 30.631186] ret_from_fork+0x10/0x20 [ 30.631323] [ 30.631403] Allocated by task 285: [ 30.631487] kasan_save_stack+0x3c/0x68 [ 30.631590] kasan_save_track+0x20/0x40 [ 30.631706] kasan_save_alloc_info+0x40/0x58 [ 30.631907] __kasan_kmalloc+0xd4/0xd8 [ 30.632107] __kmalloc_noprof+0x198/0x4c8 [ 30.632268] kunit_kmalloc_array+0x34/0x88 [ 30.632415] copy_user_test_oob+0xac/0xec8 [ 30.632541] kunit_try_run_case+0x170/0x3f0 [ 30.632662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.632797] kthread+0x328/0x630 [ 30.632995] ret_from_fork+0x10/0x20 [ 30.633201] [ 30.633258] The buggy address belongs to the object at fff00000c7719c00 [ 30.633258] which belongs to the cache kmalloc-128 of size 128 [ 30.633442] The buggy address is located 0 bytes inside of [ 30.633442] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.633621] [ 30.633789] The buggy address belongs to the physical page: [ 30.633929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.634095] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.634254] page_type: f5(slab) [ 30.634384] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.634533] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.634656] page dumped because: kasan: bad access detected [ 30.634747] [ 30.634802] Memory state around the buggy address: [ 30.634895] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.635010] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.635181] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.635419] ^ [ 30.635729] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.635853] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.635973] ================================================================== [ 30.636409] ================================================================== [ 30.636516] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 30.636621] Write of size 121 at addr fff00000c7719c00 by task kunit_try_catch/285 [ 30.636758] [ 30.636830] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.637039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.637114] Hardware name: linux,dummy-virt (DT) [ 30.637191] Call trace: [ 30.637253] show_stack+0x20/0x38 (C) [ 30.637406] dump_stack_lvl+0x8c/0xd0 [ 30.637533] print_report+0x118/0x608 [ 30.637646] kasan_report+0xdc/0x128 [ 30.637758] kasan_check_range+0x100/0x1a8 [ 30.637879] __kasan_check_write+0x20/0x30 [ 30.637996] copy_user_test_oob+0x434/0xec8 [ 30.638115] kunit_try_run_case+0x170/0x3f0 [ 30.638231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.639869] kthread+0x328/0x630 [ 30.640008] ret_from_fork+0x10/0x20 [ 30.640154] [ 30.640205] Allocated by task 285: [ 30.640297] kasan_save_stack+0x3c/0x68 [ 30.640435] kasan_save_track+0x20/0x40 [ 30.640606] kasan_save_alloc_info+0x40/0x58 [ 30.640748] __kasan_kmalloc+0xd4/0xd8 [ 30.641235] __kmalloc_noprof+0x198/0x4c8 [ 30.641392] kunit_kmalloc_array+0x34/0x88 [ 30.641512] copy_user_test_oob+0xac/0xec8 [ 30.641612] kunit_try_run_case+0x170/0x3f0 [ 30.641715] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.641857] kthread+0x328/0x630 [ 30.642026] ret_from_fork+0x10/0x20 [ 30.642299] [ 30.642370] The buggy address belongs to the object at fff00000c7719c00 [ 30.642370] which belongs to the cache kmalloc-128 of size 128 [ 30.642518] The buggy address is located 0 bytes inside of [ 30.642518] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.642673] [ 30.642724] The buggy address belongs to the physical page: [ 30.642834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.643157] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.643279] page_type: f5(slab) [ 30.643402] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.643545] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.644139] page dumped because: kasan: bad access detected [ 30.644248] [ 30.644309] Memory state around the buggy address: [ 30.644426] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.644560] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.644689] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.644852] ^ [ 30.644999] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.645247] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.645417] ================================================================== [ 30.559926] ================================================================== [ 30.560211] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 30.560421] Write of size 121 at addr fff00000c7719c00 by task kunit_try_catch/285 [ 30.560560] [ 30.560660] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.562267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.562413] Hardware name: linux,dummy-virt (DT) [ 30.562853] Call trace: [ 30.563263] show_stack+0x20/0x38 (C) [ 30.563823] dump_stack_lvl+0x8c/0xd0 [ 30.564250] print_report+0x118/0x608 [ 30.564495] kasan_report+0xdc/0x128 [ 30.564631] kasan_check_range+0x100/0x1a8 [ 30.565152] __kasan_check_write+0x20/0x30 [ 30.565861] copy_user_test_oob+0x234/0xec8 [ 30.566098] kunit_try_run_case+0x170/0x3f0 [ 30.566429] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.566570] kthread+0x328/0x630 [ 30.566695] ret_from_fork+0x10/0x20 [ 30.567082] [ 30.567247] Allocated by task 285: [ 30.567449] kasan_save_stack+0x3c/0x68 [ 30.567658] kasan_save_track+0x20/0x40 [ 30.567754] kasan_save_alloc_info+0x40/0x58 [ 30.567866] __kasan_kmalloc+0xd4/0xd8 [ 30.567976] __kmalloc_noprof+0x198/0x4c8 [ 30.568142] kunit_kmalloc_array+0x34/0x88 [ 30.568354] copy_user_test_oob+0xac/0xec8 [ 30.568471] kunit_try_run_case+0x170/0x3f0 [ 30.568584] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.568966] kthread+0x328/0x630 [ 30.569162] ret_from_fork+0x10/0x20 [ 30.569269] [ 30.569350] The buggy address belongs to the object at fff00000c7719c00 [ 30.569350] which belongs to the cache kmalloc-128 of size 128 [ 30.569506] The buggy address is located 0 bytes inside of [ 30.569506] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.569677] [ 30.569797] The buggy address belongs to the physical page: [ 30.570062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.570220] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.570461] page_type: f5(slab) [ 30.570576] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.570717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.570832] page dumped because: kasan: bad access detected [ 30.570977] [ 30.571077] Memory state around the buggy address: [ 30.571172] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.571393] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.571577] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.571684] ^ [ 30.571956] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.572021] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.572124] ================================================================== [ 30.616657] ================================================================== [ 30.616781] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 30.616898] Write of size 121 at addr fff00000c7719c00 by task kunit_try_catch/285 [ 30.617023] [ 30.617298] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.617541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.617877] Hardware name: linux,dummy-virt (DT) [ 30.618107] Call trace: [ 30.618267] show_stack+0x20/0x38 (C) [ 30.618413] dump_stack_lvl+0x8c/0xd0 [ 30.618531] print_report+0x118/0x608 [ 30.618655] kasan_report+0xdc/0x128 [ 30.618798] kasan_check_range+0x100/0x1a8 [ 30.618929] __kasan_check_write+0x20/0x30 [ 30.619045] copy_user_test_oob+0x35c/0xec8 [ 30.619167] kunit_try_run_case+0x170/0x3f0 [ 30.619287] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.619439] kthread+0x328/0x630 [ 30.619551] ret_from_fork+0x10/0x20 [ 30.619674] [ 30.619726] Allocated by task 285: [ 30.619805] kasan_save_stack+0x3c/0x68 [ 30.619984] kasan_save_track+0x20/0x40 [ 30.620107] kasan_save_alloc_info+0x40/0x58 [ 30.620774] __kasan_kmalloc+0xd4/0xd8 [ 30.621255] __kmalloc_noprof+0x198/0x4c8 [ 30.621795] kunit_kmalloc_array+0x34/0x88 [ 30.622111] copy_user_test_oob+0xac/0xec8 [ 30.622359] kunit_try_run_case+0x170/0x3f0 [ 30.622489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.622653] kthread+0x328/0x630 [ 30.622754] ret_from_fork+0x10/0x20 [ 30.622924] [ 30.623038] The buggy address belongs to the object at fff00000c7719c00 [ 30.623038] which belongs to the cache kmalloc-128 of size 128 [ 30.623188] The buggy address is located 0 bytes inside of [ 30.623188] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.623363] [ 30.623418] The buggy address belongs to the physical page: [ 30.623499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.623659] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.623882] page_type: f5(slab) [ 30.623977] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.624303] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.624438] page dumped because: kasan: bad access detected [ 30.624533] [ 30.624593] Memory state around the buggy address: [ 30.624690] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.624824] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.624955] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.625133] ^ [ 30.627204] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.627355] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.627475] ================================================================== [ 30.646251] ================================================================== [ 30.646418] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 30.646576] Read of size 121 at addr fff00000c7719c00 by task kunit_try_catch/285 [ 30.646793] [ 30.646996] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.647568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.647786] Hardware name: linux,dummy-virt (DT) [ 30.648146] Call trace: [ 30.648249] show_stack+0x20/0x38 (C) [ 30.648393] dump_stack_lvl+0x8c/0xd0 [ 30.648511] print_report+0x118/0x608 [ 30.648628] kasan_report+0xdc/0x128 [ 30.648740] kasan_check_range+0x100/0x1a8 [ 30.648863] __kasan_check_read+0x20/0x30 [ 30.648979] copy_user_test_oob+0x4a0/0xec8 [ 30.649099] kunit_try_run_case+0x170/0x3f0 [ 30.649224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.649388] kthread+0x328/0x630 [ 30.649496] ret_from_fork+0x10/0x20 [ 30.649614] [ 30.649662] Allocated by task 285: [ 30.649733] kasan_save_stack+0x3c/0x68 [ 30.649828] kasan_save_track+0x20/0x40 [ 30.649925] kasan_save_alloc_info+0x40/0x58 [ 30.650026] __kasan_kmalloc+0xd4/0xd8 [ 30.650675] __kmalloc_noprof+0x198/0x4c8 [ 30.651095] kunit_kmalloc_array+0x34/0x88 [ 30.655387] copy_user_test_oob+0xac/0xec8 [ 30.655740] kunit_try_run_case+0x170/0x3f0 [ 30.656139] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.657386] kthread+0x328/0x630 [ 30.657488] ret_from_fork+0x10/0x20 [ 30.657580] [ 30.657637] The buggy address belongs to the object at fff00000c7719c00 [ 30.657637] which belongs to the cache kmalloc-128 of size 128 [ 30.657838] The buggy address is located 0 bytes inside of [ 30.657838] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.658072] [ 30.658136] The buggy address belongs to the physical page: [ 30.658236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.658777] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.658994] page_type: f5(slab) [ 30.659113] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.659312] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.659789] page dumped because: kasan: bad access detected [ 30.659937] [ 30.660039] Memory state around the buggy address: [ 30.660241] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.661192] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.661764] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.661878] ^ [ 30.661993] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.662114] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.662222] ==================================================================
[ 15.616695] ================================================================== [ 15.617091] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.617328] Read of size 121 at addr ffff888102b2dc00 by task kunit_try_catch/302 [ 15.617737] [ 15.617857] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 15.617910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.617922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.617945] Call Trace: [ 15.617960] <TASK> [ 15.617973] dump_stack_lvl+0x73/0xb0 [ 15.617999] print_report+0xd1/0x650 [ 15.618023] ? __virt_addr_valid+0x1db/0x2d0 [ 15.618048] ? copy_user_test_oob+0x604/0x10f0 [ 15.618073] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.618110] ? copy_user_test_oob+0x604/0x10f0 [ 15.618136] kasan_report+0x141/0x180 [ 15.618160] ? copy_user_test_oob+0x604/0x10f0 [ 15.618190] kasan_check_range+0x10c/0x1c0 [ 15.618216] __kasan_check_read+0x15/0x20 [ 15.618237] copy_user_test_oob+0x604/0x10f0 [ 15.618264] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.618299] ? finish_task_switch.isra.0+0x153/0x700 [ 15.618324] ? __switch_to+0x47/0xf50 [ 15.618351] ? __schedule+0x10cc/0x2b60 [ 15.618387] ? __pfx_read_tsc+0x10/0x10 [ 15.618409] ? ktime_get_ts64+0x86/0x230 [ 15.618435] kunit_try_run_case+0x1a5/0x480 [ 15.618458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.618480] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.618507] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.618534] ? __kthread_parkme+0x82/0x180 [ 15.618556] ? preempt_count_sub+0x50/0x80 [ 15.618580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.618604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.618658] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.618686] kthread+0x337/0x6f0 [ 15.618713] ? trace_preempt_on+0x20/0xc0 [ 15.618737] ? __pfx_kthread+0x10/0x10 [ 15.618759] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.618783] ? calculate_sigpending+0x7b/0xa0 [ 15.618810] ? __pfx_kthread+0x10/0x10 [ 15.618833] ret_from_fork+0x116/0x1d0 [ 15.618853] ? __pfx_kthread+0x10/0x10 [ 15.618875] ret_from_fork_asm+0x1a/0x30 [ 15.618917] </TASK> [ 15.618928] [ 15.626366] Allocated by task 302: [ 15.626548] kasan_save_stack+0x45/0x70 [ 15.626791] kasan_save_track+0x18/0x40 [ 15.627002] kasan_save_alloc_info+0x3b/0x50 [ 15.627229] __kasan_kmalloc+0xb7/0xc0 [ 15.627426] __kmalloc_noprof+0x1c9/0x500 [ 15.627568] kunit_kmalloc_array+0x25/0x60 [ 15.627839] copy_user_test_oob+0xab/0x10f0 [ 15.628074] kunit_try_run_case+0x1a5/0x480 [ 15.628259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.628476] kthread+0x337/0x6f0 [ 15.628670] ret_from_fork+0x116/0x1d0 [ 15.628878] ret_from_fork_asm+0x1a/0x30 [ 15.629110] [ 15.629182] The buggy address belongs to the object at ffff888102b2dc00 [ 15.629182] which belongs to the cache kmalloc-128 of size 128 [ 15.629746] The buggy address is located 0 bytes inside of [ 15.629746] allocated 120-byte region [ffff888102b2dc00, ffff888102b2dc78) [ 15.630196] [ 15.630307] The buggy address belongs to the physical page: [ 15.630567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2d [ 15.630901] flags: 0x200000000000000(node=0|zone=2) [ 15.631066] page_type: f5(slab) [ 15.631186] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.631417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.631645] page dumped because: kasan: bad access detected [ 15.631903] [ 15.631994] Memory state around the buggy address: [ 15.632249] ffff888102b2db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.632576] ffff888102b2db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.632856] >ffff888102b2dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.633083] ^ [ 15.633297] ffff888102b2dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.633514] ffff888102b2dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.633728] ================================================================== [ 15.596248] ================================================================== [ 15.596563] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.597054] Write of size 121 at addr ffff888102b2dc00 by task kunit_try_catch/302 [ 15.597297] [ 15.597381] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 15.597424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.597437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.597458] Call Trace: [ 15.597470] <TASK> [ 15.597484] dump_stack_lvl+0x73/0xb0 [ 15.597510] print_report+0xd1/0x650 [ 15.598616] ? __virt_addr_valid+0x1db/0x2d0 [ 15.598649] ? copy_user_test_oob+0x557/0x10f0 [ 15.598688] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.598715] ? copy_user_test_oob+0x557/0x10f0 [ 15.598747] kasan_report+0x141/0x180 [ 15.598772] ? copy_user_test_oob+0x557/0x10f0 [ 15.598817] kasan_check_range+0x10c/0x1c0 [ 15.598843] __kasan_check_write+0x18/0x20 [ 15.599035] copy_user_test_oob+0x557/0x10f0 [ 15.599066] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.599091] ? finish_task_switch.isra.0+0x153/0x700 [ 15.599363] ? __switch_to+0x47/0xf50 [ 15.599390] ? __schedule+0x10cc/0x2b60 [ 15.599415] ? __pfx_read_tsc+0x10/0x10 [ 15.599438] ? ktime_get_ts64+0x86/0x230 [ 15.599464] kunit_try_run_case+0x1a5/0x480 [ 15.599487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.599509] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.599537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.599564] ? __kthread_parkme+0x82/0x180 [ 15.599587] ? preempt_count_sub+0x50/0x80 [ 15.599612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.599953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.600026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.600068] kthread+0x337/0x6f0 [ 15.600089] ? trace_preempt_on+0x20/0xc0 [ 15.600113] ? __pfx_kthread+0x10/0x10 [ 15.600146] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.600171] ? calculate_sigpending+0x7b/0xa0 [ 15.600198] ? __pfx_kthread+0x10/0x10 [ 15.600221] ret_from_fork+0x116/0x1d0 [ 15.600242] ? __pfx_kthread+0x10/0x10 [ 15.600265] ret_from_fork_asm+0x1a/0x30 [ 15.600298] </TASK> [ 15.600310] [ 15.608142] Allocated by task 302: [ 15.608358] kasan_save_stack+0x45/0x70 [ 15.608531] kasan_save_track+0x18/0x40 [ 15.608773] kasan_save_alloc_info+0x3b/0x50 [ 15.608991] __kasan_kmalloc+0xb7/0xc0 [ 15.609172] __kmalloc_noprof+0x1c9/0x500 [ 15.609382] kunit_kmalloc_array+0x25/0x60 [ 15.609591] copy_user_test_oob+0xab/0x10f0 [ 15.609814] kunit_try_run_case+0x1a5/0x480 [ 15.610034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.610270] kthread+0x337/0x6f0 [ 15.610457] ret_from_fork+0x116/0x1d0 [ 15.610645] ret_from_fork_asm+0x1a/0x30 [ 15.610931] [ 15.611004] The buggy address belongs to the object at ffff888102b2dc00 [ 15.611004] which belongs to the cache kmalloc-128 of size 128 [ 15.611368] The buggy address is located 0 bytes inside of [ 15.611368] allocated 120-byte region [ffff888102b2dc00, ffff888102b2dc78) [ 15.611867] [ 15.611969] The buggy address belongs to the physical page: [ 15.612218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2d [ 15.612573] flags: 0x200000000000000(node=0|zone=2) [ 15.613011] page_type: f5(slab) [ 15.613139] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.613372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.613643] page dumped because: kasan: bad access detected [ 15.613910] [ 15.614017] Memory state around the buggy address: [ 15.614268] ffff888102b2db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.614622] ffff888102b2db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.614959] >ffff888102b2dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.615233] ^ [ 15.615529] ffff888102b2dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.615837] ffff888102b2dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.616137] ================================================================== [ 15.574672] ================================================================== [ 15.574962] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.575243] Read of size 121 at addr ffff888102b2dc00 by task kunit_try_catch/302 [ 15.575870] [ 15.576065] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 15.576122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.576136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.576157] Call Trace: [ 15.576183] <TASK> [ 15.576196] dump_stack_lvl+0x73/0xb0 [ 15.576225] print_report+0xd1/0x650 [ 15.576249] ? __virt_addr_valid+0x1db/0x2d0 [ 15.576274] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.576300] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.576325] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.576352] kasan_report+0x141/0x180 [ 15.576385] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.576415] kasan_check_range+0x10c/0x1c0 [ 15.576441] __kasan_check_read+0x15/0x20 [ 15.576472] copy_user_test_oob+0x4aa/0x10f0 [ 15.576500] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.576526] ? finish_task_switch.isra.0+0x153/0x700 [ 15.576559] ? __switch_to+0x47/0xf50 [ 15.576586] ? __schedule+0x10cc/0x2b60 [ 15.576611] ? __pfx_read_tsc+0x10/0x10 [ 15.576652] ? ktime_get_ts64+0x86/0x230 [ 15.576677] kunit_try_run_case+0x1a5/0x480 [ 15.576701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.576723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.576759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.576786] ? __kthread_parkme+0x82/0x180 [ 15.576808] ? preempt_count_sub+0x50/0x80 [ 15.576843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.576866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.576904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.576932] kthread+0x337/0x6f0 [ 15.576953] ? trace_preempt_on+0x20/0xc0 [ 15.576977] ? __pfx_kthread+0x10/0x10 [ 15.576999] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.577024] ? calculate_sigpending+0x7b/0xa0 [ 15.577055] ? __pfx_kthread+0x10/0x10 [ 15.577078] ret_from_fork+0x116/0x1d0 [ 15.577098] ? __pfx_kthread+0x10/0x10 [ 15.577120] ret_from_fork_asm+0x1a/0x30 [ 15.577153] </TASK> [ 15.577165] [ 15.587956] Allocated by task 302: [ 15.588138] kasan_save_stack+0x45/0x70 [ 15.588298] kasan_save_track+0x18/0x40 [ 15.588437] kasan_save_alloc_info+0x3b/0x50 [ 15.588668] __kasan_kmalloc+0xb7/0xc0 [ 15.588857] __kmalloc_noprof+0x1c9/0x500 [ 15.589236] kunit_kmalloc_array+0x25/0x60 [ 15.589386] copy_user_test_oob+0xab/0x10f0 [ 15.589537] kunit_try_run_case+0x1a5/0x480 [ 15.589737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.590023] kthread+0x337/0x6f0 [ 15.590245] ret_from_fork+0x116/0x1d0 [ 15.590380] ret_from_fork_asm+0x1a/0x30 [ 15.590522] [ 15.590593] The buggy address belongs to the object at ffff888102b2dc00 [ 15.590593] which belongs to the cache kmalloc-128 of size 128 [ 15.591140] The buggy address is located 0 bytes inside of [ 15.591140] allocated 120-byte region [ffff888102b2dc00, ffff888102b2dc78) [ 15.591739] [ 15.591840] The buggy address belongs to the physical page: [ 15.592041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2d [ 15.592415] flags: 0x200000000000000(node=0|zone=2) [ 15.592616] page_type: f5(slab) [ 15.592805] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.593133] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.593464] page dumped because: kasan: bad access detected [ 15.593710] [ 15.593781] Memory state around the buggy address: [ 15.594025] ffff888102b2db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.594340] ffff888102b2db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.594613] >ffff888102b2dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.594845] ^ [ 15.595068] ffff888102b2dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.595401] ffff888102b2dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.595746] ================================================================== [ 15.549372] ================================================================== [ 15.549723] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.550078] Write of size 121 at addr ffff888102b2dc00 by task kunit_try_catch/302 [ 15.550459] [ 15.550552] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 15.550597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.550611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.550646] Call Trace: [ 15.550679] <TASK> [ 15.550695] dump_stack_lvl+0x73/0xb0 [ 15.550722] print_report+0xd1/0x650 [ 15.550746] ? __virt_addr_valid+0x1db/0x2d0 [ 15.550789] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.550815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.550841] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.550867] kasan_report+0x141/0x180 [ 15.550901] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.550932] kasan_check_range+0x10c/0x1c0 [ 15.550958] __kasan_check_write+0x18/0x20 [ 15.550980] copy_user_test_oob+0x3fd/0x10f0 [ 15.551007] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.551033] ? finish_task_switch.isra.0+0x153/0x700 [ 15.551058] ? __switch_to+0x47/0xf50 [ 15.551085] ? __schedule+0x10cc/0x2b60 [ 15.551111] ? __pfx_read_tsc+0x10/0x10 [ 15.551133] ? ktime_get_ts64+0x86/0x230 [ 15.551158] kunit_try_run_case+0x1a5/0x480 [ 15.551200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.551223] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.551266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.551294] ? __kthread_parkme+0x82/0x180 [ 15.551316] ? preempt_count_sub+0x50/0x80 [ 15.551341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.551364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.551392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.551421] kthread+0x337/0x6f0 [ 15.551441] ? trace_preempt_on+0x20/0xc0 [ 15.551466] ? __pfx_kthread+0x10/0x10 [ 15.551489] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.551513] ? calculate_sigpending+0x7b/0xa0 [ 15.551540] ? __pfx_kthread+0x10/0x10 [ 15.551563] ret_from_fork+0x116/0x1d0 [ 15.551583] ? __pfx_kthread+0x10/0x10 [ 15.551606] ret_from_fork_asm+0x1a/0x30 [ 15.551648] </TASK> [ 15.551659] [ 15.559527] Allocated by task 302: [ 15.559783] kasan_save_stack+0x45/0x70 [ 15.560014] kasan_save_track+0x18/0x40 [ 15.560241] kasan_save_alloc_info+0x3b/0x50 [ 15.560453] __kasan_kmalloc+0xb7/0xc0 [ 15.560660] __kmalloc_noprof+0x1c9/0x500 [ 15.560828] kunit_kmalloc_array+0x25/0x60 [ 15.561020] copy_user_test_oob+0xab/0x10f0 [ 15.561247] kunit_try_run_case+0x1a5/0x480 [ 15.561436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.561677] kthread+0x337/0x6f0 [ 15.561830] ret_from_fork+0x116/0x1d0 [ 15.562050] ret_from_fork_asm+0x1a/0x30 [ 15.562248] [ 15.562349] The buggy address belongs to the object at ffff888102b2dc00 [ 15.562349] which belongs to the cache kmalloc-128 of size 128 [ 15.562953] The buggy address is located 0 bytes inside of [ 15.562953] allocated 120-byte region [ffff888102b2dc00, ffff888102b2dc78) [ 15.563486] [ 15.563580] The buggy address belongs to the physical page: [ 15.563830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2d [ 15.564581] flags: 0x200000000000000(node=0|zone=2) [ 15.566720] page_type: f5(slab) [ 15.566858] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.568126] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.569153] page dumped because: kasan: bad access detected [ 15.570035] [ 15.570399] Memory state around the buggy address: [ 15.571266] ffff888102b2db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.572041] ffff888102b2db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.572347] >ffff888102b2dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.572905] ^ [ 15.573344] ffff888102b2dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.573594] ffff888102b2dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.573956] ==================================================================