Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 64.456351] ================================================================== [ 64.463317] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 64.470602] Write of size 8 at addr ffff000805826578 by task kunit_try_catch/325 [ 64.477980] [ 64.479465] CPU: 2 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 64.479519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.479537] Hardware name: WinLink E850-96 board (DT) [ 64.479558] Call trace: [ 64.479572] show_stack+0x20/0x38 (C) [ 64.479608] dump_stack_lvl+0x8c/0xd0 [ 64.479647] print_report+0x118/0x608 [ 64.479685] kasan_report+0xdc/0x128 [ 64.479716] kasan_check_range+0x100/0x1a8 [ 64.479753] __kasan_check_write+0x20/0x30 [ 64.479783] copy_to_kernel_nofault+0x8c/0x250 [ 64.479822] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 64.479854] kunit_try_run_case+0x170/0x3f0 [ 64.479891] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.479930] kthread+0x328/0x630 [ 64.479959] ret_from_fork+0x10/0x20 [ 64.479994] [ 64.551677] Allocated by task 325: [ 64.555066] kasan_save_stack+0x3c/0x68 [ 64.558882] kasan_save_track+0x20/0x40 [ 64.562701] kasan_save_alloc_info+0x40/0x58 [ 64.566955] __kasan_kmalloc+0xd4/0xd8 [ 64.570687] __kmalloc_cache_noprof+0x15c/0x3c0 [ 64.575201] copy_to_kernel_nofault_oob+0xc8/0x418 [ 64.579975] kunit_try_run_case+0x170/0x3f0 [ 64.584142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.589612] kthread+0x328/0x630 [ 64.592822] ret_from_fork+0x10/0x20 [ 64.596381] [ 64.597858] The buggy address belongs to the object at ffff000805826500 [ 64.597858] which belongs to the cache kmalloc-128 of size 128 [ 64.610358] The buggy address is located 0 bytes to the right of [ 64.610358] allocated 120-byte region [ffff000805826500, ffff000805826578) [ 64.623290] [ 64.624769] The buggy address belongs to the physical page: [ 64.630324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885826 [ 64.638309] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.645947] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.652890] page_type: f5(slab) [ 64.656025] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.663748] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.671474] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.679285] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.687098] head: 0bfffe0000000001 fffffdffe0160981 00000000ffffffff 00000000ffffffff [ 64.694910] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.702716] page dumped because: kasan: bad access detected [ 64.708273] [ 64.709747] Memory state around the buggy address: [ 64.714530] ffff000805826400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.721730] ffff000805826480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.728935] >ffff000805826500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.736136] ^ [ 64.743257] ffff000805826580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.750462] ffff000805826600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.757663] ================================================================== [ 64.143682] ================================================================== [ 64.157853] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 64.165225] Read of size 8 at addr ffff000805826578 by task kunit_try_catch/325 [ 64.172516] [ 64.174002] CPU: 2 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 64.174060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.174079] Hardware name: WinLink E850-96 board (DT) [ 64.174102] Call trace: [ 64.174117] show_stack+0x20/0x38 (C) [ 64.174157] dump_stack_lvl+0x8c/0xd0 [ 64.174200] print_report+0x118/0x608 [ 64.174238] kasan_report+0xdc/0x128 [ 64.174272] __asan_report_load8_noabort+0x20/0x30 [ 64.174308] copy_to_kernel_nofault+0x204/0x250 [ 64.174346] copy_to_kernel_nofault_oob+0x158/0x418 [ 64.174380] kunit_try_run_case+0x170/0x3f0 [ 64.174420] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.174461] kthread+0x328/0x630 [ 64.174493] ret_from_fork+0x10/0x20 [ 64.174531] [ 64.242914] Allocated by task 325: [ 64.246302] kasan_save_stack+0x3c/0x68 [ 64.250119] kasan_save_track+0x20/0x40 [ 64.253938] kasan_save_alloc_info+0x40/0x58 [ 64.258192] __kasan_kmalloc+0xd4/0xd8 [ 64.261924] __kmalloc_cache_noprof+0x15c/0x3c0 [ 64.266438] copy_to_kernel_nofault_oob+0xc8/0x418 [ 64.271212] kunit_try_run_case+0x170/0x3f0 [ 64.275379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.280849] kthread+0x328/0x630 [ 64.284059] ret_from_fork+0x10/0x20 [ 64.287618] [ 64.289097] The buggy address belongs to the object at ffff000805826500 [ 64.289097] which belongs to the cache kmalloc-128 of size 128 [ 64.301597] The buggy address is located 0 bytes to the right of [ 64.301597] allocated 120-byte region [ffff000805826500, ffff000805826578) [ 64.314527] [ 64.316006] The buggy address belongs to the physical page: [ 64.321564] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885826 [ 64.329548] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.337186] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.344129] page_type: f5(slab) [ 64.347267] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.354985] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.362713] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.370523] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.378336] head: 0bfffe0000000001 fffffdffe0160981 00000000ffffffff 00000000ffffffff [ 64.386148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.393954] page dumped because: kasan: bad access detected [ 64.399510] [ 64.400984] Memory state around the buggy address: [ 64.405769] ffff000805826400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.412967] ffff000805826480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.420173] >ffff000805826500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.427373] ^ [ 64.434494] ffff000805826580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.441700] ffff000805826600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.448902] ==================================================================
[ 29.861880] ================================================================== [ 29.862033] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 29.862188] Read of size 8 at addr fff00000c56e8e78 by task kunit_try_catch/282 [ 29.862312] [ 29.865878] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 29.866835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.866905] Hardware name: linux,dummy-virt (DT) [ 29.868173] Call trace: [ 29.868273] show_stack+0x20/0x38 (C) [ 29.868540] dump_stack_lvl+0x8c/0xd0 [ 29.868671] print_report+0x118/0x608 [ 29.870586] kasan_report+0xdc/0x128 [ 29.870867] __asan_report_load8_noabort+0x20/0x30 [ 29.871215] copy_to_kernel_nofault+0x204/0x250 [ 29.871380] copy_to_kernel_nofault_oob+0x158/0x418 [ 29.871662] kunit_try_run_case+0x170/0x3f0 [ 29.871826] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.871957] kthread+0x328/0x630 [ 29.872120] ret_from_fork+0x10/0x20 [ 29.872286] [ 29.872452] Allocated by task 282: [ 29.872667] kasan_save_stack+0x3c/0x68 [ 29.872798] kasan_save_track+0x20/0x40 [ 29.872900] kasan_save_alloc_info+0x40/0x58 [ 29.872997] __kasan_kmalloc+0xd4/0xd8 [ 29.873142] __kmalloc_cache_noprof+0x15c/0x3c0 [ 29.873271] copy_to_kernel_nofault_oob+0xc8/0x418 [ 29.873382] kunit_try_run_case+0x170/0x3f0 [ 29.873514] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.873758] kthread+0x328/0x630 [ 29.873870] ret_from_fork+0x10/0x20 [ 29.873981] [ 29.874045] The buggy address belongs to the object at fff00000c56e8e00 [ 29.874045] which belongs to the cache kmalloc-128 of size 128 [ 29.874205] The buggy address is located 0 bytes to the right of [ 29.874205] allocated 120-byte region [fff00000c56e8e00, fff00000c56e8e78) [ 29.874380] [ 29.874598] The buggy address belongs to the physical page: [ 29.874806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 29.874969] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.875115] page_type: f5(slab) [ 29.875300] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.875444] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.875822] page dumped because: kasan: bad access detected [ 29.876039] [ 29.876136] Memory state around the buggy address: [ 29.876368] fff00000c56e8d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.876482] fff00000c56e8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.876591] >fff00000c56e8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.876701] ^ [ 29.876810] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.876918] fff00000c56e8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.877077] ================================================================== [ 29.879375] ================================================================== [ 29.879529] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 29.879660] Write of size 8 at addr fff00000c56e8e78 by task kunit_try_catch/282 [ 29.879826] [ 29.880058] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 29.880182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.880228] Hardware name: linux,dummy-virt (DT) [ 29.880363] Call trace: [ 29.880497] show_stack+0x20/0x38 (C) [ 29.880731] dump_stack_lvl+0x8c/0xd0 [ 29.881111] print_report+0x118/0x608 [ 29.881401] kasan_report+0xdc/0x128 [ 29.881587] kasan_check_range+0x100/0x1a8 [ 29.881728] __kasan_check_write+0x20/0x30 [ 29.881849] copy_to_kernel_nofault+0x8c/0x250 [ 29.881973] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 29.882105] kunit_try_run_case+0x170/0x3f0 [ 29.882228] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.882361] kthread+0x328/0x630 [ 29.882474] ret_from_fork+0x10/0x20 [ 29.882599] [ 29.882731] Allocated by task 282: [ 29.882828] kasan_save_stack+0x3c/0x68 [ 29.882949] kasan_save_track+0x20/0x40 [ 29.883072] kasan_save_alloc_info+0x40/0x58 [ 29.883400] __kasan_kmalloc+0xd4/0xd8 [ 29.883525] __kmalloc_cache_noprof+0x15c/0x3c0 [ 29.883653] copy_to_kernel_nofault_oob+0xc8/0x418 [ 29.883791] kunit_try_run_case+0x170/0x3f0 [ 29.883912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.884086] kthread+0x328/0x630 [ 29.884192] ret_from_fork+0x10/0x20 [ 29.884360] [ 29.884429] The buggy address belongs to the object at fff00000c56e8e00 [ 29.884429] which belongs to the cache kmalloc-128 of size 128 [ 29.884605] The buggy address is located 0 bytes to the right of [ 29.884605] allocated 120-byte region [fff00000c56e8e00, fff00000c56e8e78) [ 29.884896] [ 29.884958] The buggy address belongs to the physical page: [ 29.885053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 29.885189] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.885398] page_type: f5(slab) [ 29.885700] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.886037] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.886179] page dumped because: kasan: bad access detected [ 29.886302] [ 29.886358] Memory state around the buggy address: [ 29.886452] fff00000c56e8d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.886583] fff00000c56e8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.886931] >fff00000c56e8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.887025] ^ [ 29.887256] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.887754] fff00000c56e8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.887876] ==================================================================
[ 25.495695] ================================================================== [ 25.497421] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 25.498131] Write of size 8 at addr ffff888102b56b78 by task kunit_try_catch/298 [ 25.499733] [ 25.500022] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.500148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.500181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.500274] Call Trace: [ 25.500322] <TASK> [ 25.500358] dump_stack_lvl+0x73/0xb0 [ 25.500401] print_report+0xd1/0x650 [ 25.500437] ? __virt_addr_valid+0x1db/0x2d0 [ 25.500474] ? copy_to_kernel_nofault+0x99/0x260 [ 25.500511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.500547] ? copy_to_kernel_nofault+0x99/0x260 [ 25.500611] kasan_report+0x141/0x180 [ 25.500649] ? copy_to_kernel_nofault+0x99/0x260 [ 25.500692] kasan_check_range+0x10c/0x1c0 [ 25.500729] __kasan_check_write+0x18/0x20 [ 25.500758] copy_to_kernel_nofault+0x99/0x260 [ 25.500796] copy_to_kernel_nofault_oob+0x288/0x560 [ 25.500860] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 25.500944] ? finish_task_switch.isra.0+0x153/0x700 [ 25.501025] ? __schedule+0x10cc/0x2b60 [ 25.501106] ? trace_hardirqs_on+0x37/0xe0 [ 25.501171] ? __pfx_read_tsc+0x10/0x10 [ 25.501423] ? ktime_get_ts64+0x86/0x230 [ 25.501465] kunit_try_run_case+0x1a5/0x480 [ 25.501500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.501530] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.501608] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.501651] ? __kthread_parkme+0x82/0x180 [ 25.501681] ? preempt_count_sub+0x50/0x80 [ 25.501717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.501749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.501785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.501822] kthread+0x337/0x6f0 [ 25.501884] ? trace_preempt_on+0x20/0xc0 [ 25.501920] ? __pfx_kthread+0x10/0x10 [ 25.501951] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.501986] ? calculate_sigpending+0x7b/0xa0 [ 25.502025] ? __pfx_kthread+0x10/0x10 [ 25.502056] ret_from_fork+0x116/0x1d0 [ 25.502084] ? __pfx_kthread+0x10/0x10 [ 25.502114] ret_from_fork_asm+0x1a/0x30 [ 25.502157] </TASK> [ 25.502188] [ 25.525794] Allocated by task 298: [ 25.526463] kasan_save_stack+0x45/0x70 [ 25.527105] kasan_save_track+0x18/0x40 [ 25.527603] kasan_save_alloc_info+0x3b/0x50 [ 25.527967] __kasan_kmalloc+0xb7/0xc0 [ 25.528977] __kmalloc_cache_noprof+0x189/0x420 [ 25.529598] copy_to_kernel_nofault_oob+0x12f/0x560 [ 25.530326] kunit_try_run_case+0x1a5/0x480 [ 25.530678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.531151] kthread+0x337/0x6f0 [ 25.531597] ret_from_fork+0x116/0x1d0 [ 25.532471] ret_from_fork_asm+0x1a/0x30 [ 25.533072] [ 25.533707] The buggy address belongs to the object at ffff888102b56b00 [ 25.533707] which belongs to the cache kmalloc-128 of size 128 [ 25.534607] The buggy address is located 0 bytes to the right of [ 25.534607] allocated 120-byte region [ffff888102b56b00, ffff888102b56b78) [ 25.536487] [ 25.536698] The buggy address belongs to the physical page: [ 25.537817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b56 [ 25.538591] flags: 0x200000000000000(node=0|zone=2) [ 25.539043] page_type: f5(slab) [ 25.540006] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.540920] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.541948] page dumped because: kasan: bad access detected [ 25.542779] [ 25.542965] Memory state around the buggy address: [ 25.543275] ffff888102b56a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.546142] ffff888102b56a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.546998] >ffff888102b56b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.549644] ^ [ 25.550237] ffff888102b56b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.551022] ffff888102b56c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.551889] ================================================================== [ 25.438996] ================================================================== [ 25.440474] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 25.441731] Read of size 8 at addr ffff888102b56b78 by task kunit_try_catch/298 [ 25.442585] [ 25.443143] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.443910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.443945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.443991] Call Trace: [ 25.444012] <TASK> [ 25.444053] dump_stack_lvl+0x73/0xb0 [ 25.444104] print_report+0xd1/0x650 [ 25.444163] ? __virt_addr_valid+0x1db/0x2d0 [ 25.444318] ? copy_to_kernel_nofault+0x225/0x260 [ 25.444361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.444417] ? copy_to_kernel_nofault+0x225/0x260 [ 25.444458] kasan_report+0x141/0x180 [ 25.444553] ? copy_to_kernel_nofault+0x225/0x260 [ 25.444638] __asan_report_load8_noabort+0x18/0x20 [ 25.444676] copy_to_kernel_nofault+0x225/0x260 [ 25.444716] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 25.444753] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 25.444789] ? finish_task_switch.isra.0+0x153/0x700 [ 25.444826] ? __schedule+0x10cc/0x2b60 [ 25.444892] ? trace_hardirqs_on+0x37/0xe0 [ 25.444940] ? __pfx_read_tsc+0x10/0x10 [ 25.444973] ? ktime_get_ts64+0x86/0x230 [ 25.445010] kunit_try_run_case+0x1a5/0x480 [ 25.445046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.445076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.445114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.445150] ? __kthread_parkme+0x82/0x180 [ 25.445220] ? preempt_count_sub+0x50/0x80 [ 25.445260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.445293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.445331] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.445368] kthread+0x337/0x6f0 [ 25.445398] ? trace_preempt_on+0x20/0xc0 [ 25.445430] ? __pfx_kthread+0x10/0x10 [ 25.445462] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.445495] ? calculate_sigpending+0x7b/0xa0 [ 25.445532] ? __pfx_kthread+0x10/0x10 [ 25.445578] ret_from_fork+0x116/0x1d0 [ 25.445621] ? __pfx_kthread+0x10/0x10 [ 25.445654] ret_from_fork_asm+0x1a/0x30 [ 25.445701] </TASK> [ 25.445718] [ 25.471010] Allocated by task 298: [ 25.471886] kasan_save_stack+0x45/0x70 [ 25.472701] kasan_save_track+0x18/0x40 [ 25.473055] kasan_save_alloc_info+0x3b/0x50 [ 25.473592] __kasan_kmalloc+0xb7/0xc0 [ 25.473931] __kmalloc_cache_noprof+0x189/0x420 [ 25.475146] copy_to_kernel_nofault_oob+0x12f/0x560 [ 25.475826] kunit_try_run_case+0x1a5/0x480 [ 25.476504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.476958] kthread+0x337/0x6f0 [ 25.477239] ret_from_fork+0x116/0x1d0 [ 25.477564] ret_from_fork_asm+0x1a/0x30 [ 25.478998] [ 25.479177] The buggy address belongs to the object at ffff888102b56b00 [ 25.479177] which belongs to the cache kmalloc-128 of size 128 [ 25.480562] The buggy address is located 0 bytes to the right of [ 25.480562] allocated 120-byte region [ffff888102b56b00, ffff888102b56b78) [ 25.481960] [ 25.482141] The buggy address belongs to the physical page: [ 25.483264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b56 [ 25.484171] flags: 0x200000000000000(node=0|zone=2) [ 25.484785] page_type: f5(slab) [ 25.485193] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.486248] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.487249] page dumped because: kasan: bad access detected [ 25.487818] [ 25.488164] Memory state around the buggy address: [ 25.488783] ffff888102b56a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.489815] ffff888102b56a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.490567] >ffff888102b56b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.491500] ^ [ 25.492473] ffff888102b56b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.493254] ffff888102b56c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.494127] ==================================================================
[ 90.636047] ================================================================== [ 90.643310] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x144/0x3fc [ 90.650756] Write of size 8 at addr cc963178 by task kunit_try_catch/333 [ 90.657501] [ 90.659027] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 90.659057] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 90.659057] Hardware name: Generic DRA74X (Flattened Device Tree) [ 90.659057] Call trace: [ 90.659088] unwind_backtrace from show_stack+0x18/0x1c [ 90.659118] show_stack from dump_stack_lvl+0x70/0x90 [ 90.659118] dump_stack_lvl from print_report+0x158/0x528 [ 90.659149] print_report from kasan_report+0xdc/0x118 [ 90.659179] kasan_report from kasan_check_range+0x14c/0x198 [ 90.659210] kasan_check_range from copy_to_kernel_nofault+0x144/0x3fc [ 90.659240] copy_to_kernel_nofault from copy_to_kernel_nofault_oob+0x258/0x4fc [ 90.659240] copy_to_kernel_nofault_oob from kunit_try_run_case+0x22c/0x5a8 [ 90.659271] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.659301] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 90.659332] kthread from ret_from_fork+0x14/0x20 [ 90.659362] Exception stack(0xf2553fb0 to 0xf2553ff8) [ 90.659362] 3fa0: 00000000 00000000 00000000 00000000 [ 90.659393] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 90.659393] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 90.659423] [ 90.779846] Allocated by task 333: [ 90.783264] kasan_save_track+0x30/0x5c [ 90.787139] __kasan_kmalloc+0x8c/0x94 [ 90.790893] copy_to_kernel_nofault_oob+0xf0/0x4fc [ 90.795745] kunit_try_run_case+0x22c/0x5a8 [ 90.799957] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.805480] kthread+0x464/0x810 [ 90.808746] ret_from_fork+0x14/0x20 [ 90.812347] [ 90.813842] The buggy address belongs to the object at cc963100 [ 90.813842] which belongs to the cache kmalloc-128 of size 128 [ 90.825744] The buggy address is located 0 bytes to the right of [ 90.825744] allocated 120-byte region [cc963100, cc963178) [ 90.837371] [ 90.838897] The buggy address belongs to the physical page: [ 90.844482] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c963 [ 90.851745] flags: 0x0(zone=0) [ 90.854827] page_type: f5(slab) [ 90.858001] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 90.866149] raw: 00000000 [ 90.868804] page dumped because: kasan: bad access detected [ 90.874389] [ 90.875915] Memory state around the buggy address: [ 90.880737] cc963000: 00 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc [ 90.887298] cc963080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.893859] >cc963100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 90.900451] ^ [ 90.906921] cc963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.913482] cc963200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.920074] ================================================================== [ 90.343170] ================================================================== [ 90.358154] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x37c/0x3fc [ 90.365600] Read of size 8 at addr cc963178 by task kunit_try_catch/333 [ 90.372253] [ 90.373779] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 90.373809] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 90.373809] Hardware name: Generic DRA74X (Flattened Device Tree) [ 90.373840] Call trace: [ 90.373840] unwind_backtrace from show_stack+0x18/0x1c [ 90.373870] show_stack from dump_stack_lvl+0x70/0x90 [ 90.373901] dump_stack_lvl from print_report+0x158/0x528 [ 90.373901] print_report from kasan_report+0xdc/0x118 [ 90.373931] kasan_report from copy_to_kernel_nofault+0x37c/0x3fc [ 90.373962] copy_to_kernel_nofault from copy_to_kernel_nofault_oob+0x1c0/0x4fc [ 90.373992] copy_to_kernel_nofault_oob from kunit_try_run_case+0x22c/0x5a8 [ 90.374023] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.374053] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 90.374084] kthread from ret_from_fork+0x14/0x20 [ 90.374084] Exception stack(0xf2553fb0 to 0xf2553ff8) [ 90.374114] 3fa0: 00000000 00000000 00000000 00000000 [ 90.374114] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 90.374145] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 90.374145] [ 90.488464] Allocated by task 333: [ 90.491882] kasan_save_track+0x30/0x5c [ 90.495758] __kasan_kmalloc+0x8c/0x94 [ 90.499542] copy_to_kernel_nofault_oob+0xf0/0x4fc [ 90.504364] kunit_try_run_case+0x22c/0x5a8 [ 90.508605] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.514129] kthread+0x464/0x810 [ 90.517395] ret_from_fork+0x14/0x20 [ 90.520996] [ 90.522491] The buggy address belongs to the object at cc963100 [ 90.522491] which belongs to the cache kmalloc-128 of size 128 [ 90.534393] The buggy address is located 0 bytes to the right of [ 90.534393] allocated 120-byte region [cc963100, cc963178) [ 90.546020] [ 90.547515] The buggy address belongs to the physical page: [ 90.553131] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c963 [ 90.560424] flags: 0x0(zone=0) [ 90.563507] page_type: f5(slab) [ 90.566650] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 90.574798] raw: 00000000 [ 90.577453] page dumped because: kasan: bad access detected [ 90.583038] [ 90.584564] Memory state around the buggy address: [ 90.589385] cc963000: 00 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc [ 90.595947] cc963080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.602508] >cc963100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 90.609100] ^ [ 90.615570] cc963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.622131] cc963200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.628723] ==================================================================