Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| juno-r2 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 76.404295] ================================================================== [ 76.419357] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 76.426870] Read of size 8 at addr ffff000080dbcb78 by task kunit_try_catch/367 [ 76.434281] [ 76.435824] CPU: 1 UID: 0 PID: 367 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 76.435855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 76.435864] Hardware name: Thundercomm Dragonboard 845c (DT) [ 76.435876] Call trace: [ 76.435884] show_stack+0x20/0x38 (C) [ 76.435905] dump_stack_lvl+0x8c/0xd0 [ 76.435927] print_report+0x118/0x608 [ 76.435947] kasan_report+0xdc/0x128 [ 76.435966] __asan_report_load8_noabort+0x20/0x30 [ 76.435985] copy_to_kernel_nofault+0x204/0x250 [ 76.436006] copy_to_kernel_nofault_oob+0x158/0x418 [ 76.436025] kunit_try_run_case+0x170/0x3f0 [ 76.436047] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.436070] kthread+0x328/0x630 [ 76.436087] ret_from_fork+0x10/0x20 [ 76.436107] [ 76.507081] Allocated by task 367: [ 76.510540] kasan_save_stack+0x3c/0x68 [ 76.514450] kasan_save_track+0x20/0x40 [ 76.518361] kasan_save_alloc_info+0x40/0x58 [ 76.522698] __kasan_kmalloc+0xd4/0xd8 [ 76.526522] __kmalloc_cache_noprof+0x16c/0x3c0 [ 76.531136] copy_to_kernel_nofault_oob+0xc8/0x418 [ 76.536009] kunit_try_run_case+0x170/0x3f0 [ 76.540262] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.545834] kthread+0x328/0x630 [ 76.549125] ret_from_fork+0x10/0x20 [ 76.552770] [ 76.554302] The buggy address belongs to the object at ffff000080dbcb00 [ 76.554302] which belongs to the cache kmalloc-128 of size 128 [ 76.566968] The buggy address is located 0 bytes to the right of [ 76.566968] allocated 120-byte region [ffff000080dbcb00, ffff000080dbcb78) [ 76.580071] [ 76.581604] The buggy address belongs to the physical page: [ 76.587253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100dbc [ 76.595364] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.603122] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 76.610180] page_type: f5(slab) [ 76.613386] raw: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 76.621231] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.629077] head: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 76.637008] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.644939] head: 0bfffe0000000001 fffffdffc2036f01 00000000ffffffff 00000000ffffffff [ 76.652878] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 76.660812] page dumped because: kasan: bad access detected [ 76.666462] [ 76.667998] Memory state around the buggy address: [ 76.672861] ffff000080dbca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.680185] ffff000080dbca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.687501] >ffff000080dbcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 76.694813] ^ [ 76.702048] ffff000080dbcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.709371] ffff000080dbcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.716693] ================================================================== [ 76.724166] ================================================================== [ 76.731493] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 76.738911] Write of size 8 at addr ffff000080dbcb78 by task kunit_try_catch/367 [ 76.746409] [ 76.747952] CPU: 1 UID: 0 PID: 367 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 76.747984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 76.747993] Hardware name: Thundercomm Dragonboard 845c (DT) [ 76.748005] Call trace: [ 76.748013] show_stack+0x20/0x38 (C) [ 76.748032] dump_stack_lvl+0x8c/0xd0 [ 76.748053] print_report+0x118/0x608 [ 76.748074] kasan_report+0xdc/0x128 [ 76.748093] kasan_check_range+0x100/0x1a8 [ 76.748114] __kasan_check_write+0x20/0x30 [ 76.748131] copy_to_kernel_nofault+0x8c/0x250 [ 76.748151] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 76.748172] kunit_try_run_case+0x170/0x3f0 [ 76.748194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.748216] kthread+0x328/0x630 [ 76.748232] ret_from_fork+0x10/0x20 [ 76.748253] [ 76.822595] Allocated by task 367: [ 76.826056] kasan_save_stack+0x3c/0x68 [ 76.829966] kasan_save_track+0x20/0x40 [ 76.833876] kasan_save_alloc_info+0x40/0x58 [ 76.838214] __kasan_kmalloc+0xd4/0xd8 [ 76.842033] __kmalloc_cache_noprof+0x16c/0x3c0 [ 76.846647] copy_to_kernel_nofault_oob+0xc8/0x418 [ 76.851511] kunit_try_run_case+0x170/0x3f0 [ 76.855766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.861334] kthread+0x328/0x630 [ 76.864623] ret_from_fork+0x10/0x20 [ 76.868262] [ 76.869791] The buggy address belongs to the object at ffff000080dbcb00 [ 76.869791] which belongs to the cache kmalloc-128 of size 128 [ 76.882451] The buggy address is located 0 bytes to the right of [ 76.882451] allocated 120-byte region [ffff000080dbcb00, ffff000080dbcb78) [ 76.895555] [ 76.897093] The buggy address belongs to the physical page: [ 76.902741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100dbc [ 76.910855] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.918620] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 76.925675] page_type: f5(slab) [ 76.928879] raw: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 76.936720] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.944565] head: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 76.952504] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.960445] head: 0bfffe0000000001 fffffdffc2036f01 00000000ffffffff 00000000ffffffff [ 76.968375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 76.976310] page dumped because: kasan: bad access detected [ 76.981957] [ 76.983483] Memory state around the buggy address: [ 76.988351] ffff000080dbca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.995676] ffff000080dbca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.002991] >ffff000080dbcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.010311] ^ [ 77.017546] ffff000080dbcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.024868] ffff000080dbcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.032188] ==================================================================
[ 1525.454463] ================================================================== [ 1525.454492] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 1525.454537] Read of size 8 at addr ffff000827f2f478 by task kunit_try_catch/352 [ 1525.454572] [ 1525.454589] CPU: 3 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.454651] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.454669] Hardware name: ARM Juno development board (r2) (DT) [ 1525.454693] Call trace: [ 1525.454706] show_stack+0x20/0x38 (C) [ 1525.454744] dump_stack_lvl+0x8c/0xd0 [ 1525.454785] print_report+0x118/0x608 [ 1525.454827] kasan_report+0xdc/0x128 [ 1525.454867] __asan_report_load8_noabort+0x20/0x30 [ 1525.454906] copy_to_kernel_nofault+0x204/0x250 [ 1525.454948] copy_to_kernel_nofault_oob+0x158/0x418 [ 1525.454989] kunit_try_run_case+0x170/0x3f0 [ 1525.455030] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.455076] kthread+0x328/0x630 [ 1525.455109] ret_from_fork+0x10/0x20 [ 1525.455146] [ 1525.455158] Allocated by task 352: [ 1525.455176] kasan_save_stack+0x3c/0x68 [ 1525.455212] kasan_save_track+0x20/0x40 [ 1525.455244] kasan_save_alloc_info+0x40/0x58 [ 1525.455273] __kasan_kmalloc+0xd4/0xd8 [ 1525.455306] __kmalloc_cache_noprof+0x16c/0x3c0 [ 1525.455341] copy_to_kernel_nofault_oob+0xc8/0x418 [ 1525.455374] kunit_try_run_case+0x170/0x3f0 [ 1525.455407] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.455446] kthread+0x328/0x630 [ 1525.455471] ret_from_fork+0x10/0x20 [ 1525.455501] [ 1525.455512] The buggy address belongs to the object at ffff000827f2f400 [ 1525.455512] which belongs to the cache kmalloc-128 of size 128 [ 1525.455552] The buggy address is located 0 bytes to the right of [ 1525.455552] allocated 120-byte region [ffff000827f2f400, ffff000827f2f478) [ 1525.455598] [ 1525.455609] The buggy address belongs to the physical page: [ 1525.455628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.455664] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.455697] page_type: f5(slab) [ 1525.455725] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.455761] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.455788] page dumped because: kasan: bad access detected [ 1525.455808] [ 1525.455818] Memory state around the buggy address: [ 1525.455839] ffff000827f2f300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.455869] ffff000827f2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.455900] >ffff000827f2f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.455927] ^ [ 1525.455954] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.455985] ffff000827f2f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.456011] ================================================================== [ 1525.456085] ================================================================== [ 1525.456110] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 1525.456148] Write of size 8 at addr ffff000827f2f478 by task kunit_try_catch/352 [ 1525.456182] [ 1525.456198] CPU: 3 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.456258] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.456278] Hardware name: ARM Juno development board (r2) (DT) [ 1525.456300] Call trace: [ 1525.456313] show_stack+0x20/0x38 (C) [ 1525.456349] dump_stack_lvl+0x8c/0xd0 [ 1525.456389] print_report+0x118/0x608 [ 1525.456431] kasan_report+0xdc/0x128 [ 1525.456471] kasan_check_range+0x100/0x1a8 [ 1525.456516] __kasan_check_write+0x20/0x30 [ 1525.456551] copy_to_kernel_nofault+0x8c/0x250 [ 1525.456593] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 1525.456634] kunit_try_run_case+0x170/0x3f0 [ 1525.456674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.456720] kthread+0x328/0x630 [ 1525.456752] ret_from_fork+0x10/0x20 [ 1525.456791] [ 1525.456801] Allocated by task 352: [ 1525.456819] kasan_save_stack+0x3c/0x68 [ 1525.456853] kasan_save_track+0x20/0x40 [ 1525.456886] kasan_save_alloc_info+0x40/0x58 [ 1525.456915] __kasan_kmalloc+0xd4/0xd8 [ 1525.456948] __kmalloc_cache_noprof+0x16c/0x3c0 [ 1525.456981] copy_to_kernel_nofault_oob+0xc8/0x418 [ 1525.457015] kunit_try_run_case+0x170/0x3f0 [ 1525.457048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.457087] kthread+0x328/0x630 [ 1525.457112] ret_from_fork+0x10/0x20 [ 1525.457143] [ 1525.457153] The buggy address belongs to the object at ffff000827f2f400 [ 1525.457153] which belongs to the cache kmalloc-128 of size 128 [ 1525.457193] The buggy address is located 0 bytes to the right of [ 1525.457193] allocated 120-byte region [ffff000827f2f400, ffff000827f2f478) [ 1525.457239] [ 1525.457249] The buggy address belongs to the physical page: [ 1525.457268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.457302] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.457334] page_type: f5(slab) [ 1525.457361] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.457397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.457425] page dumped because: kasan: bad access detected [ 1525.457444] [ 1525.457454] Memory state around the buggy address: [ 1525.457474] ffff000827f2f300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.457505] ffff000827f2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.457536] >ffff000827f2f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.457562] ^ [ 1525.457589] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.457619] ffff000827f2f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.457645] ==================================================================
[ 29.978857] ================================================================== [ 29.978921] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 29.978987] Write of size 8 at addr fff00000c5773d78 by task kunit_try_catch/293 [ 29.979041] [ 29.979342] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 29.979512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.979547] Hardware name: linux,dummy-virt (DT) [ 29.979606] Call trace: [ 29.979656] show_stack+0x20/0x38 (C) [ 29.979717] dump_stack_lvl+0x8c/0xd0 [ 29.979917] print_report+0x118/0x608 [ 29.980108] kasan_report+0xdc/0x128 [ 29.980241] kasan_check_range+0x100/0x1a8 [ 29.980376] __kasan_check_write+0x20/0x30 [ 29.980525] copy_to_kernel_nofault+0x8c/0x250 [ 29.980657] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 29.980818] kunit_try_run_case+0x170/0x3f0 [ 29.981034] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.981212] kthread+0x328/0x630 [ 29.981299] ret_from_fork+0x10/0x20 [ 29.981487] [ 29.981509] Allocated by task 293: [ 29.981541] kasan_save_stack+0x3c/0x68 [ 29.981899] kasan_save_track+0x20/0x40 [ 29.982328] kasan_save_alloc_info+0x40/0x58 [ 29.982457] __kasan_kmalloc+0xd4/0xd8 [ 29.982523] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.982668] copy_to_kernel_nofault_oob+0xc8/0x418 [ 29.982819] kunit_try_run_case+0x170/0x3f0 [ 29.982864] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.982973] kthread+0x328/0x630 [ 29.983325] ret_from_fork+0x10/0x20 [ 29.983399] [ 29.983448] The buggy address belongs to the object at fff00000c5773d00 [ 29.983448] which belongs to the cache kmalloc-128 of size 128 [ 29.983511] The buggy address is located 0 bytes to the right of [ 29.983511] allocated 120-byte region [fff00000c5773d00, fff00000c5773d78) [ 29.983979] [ 29.984293] The buggy address belongs to the physical page: [ 29.984627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 29.984703] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.984756] page_type: f5(slab) [ 29.984798] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.984850] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.984893] page dumped because: kasan: bad access detected [ 29.984928] [ 29.984947] Memory state around the buggy address: [ 29.984980] fff00000c5773c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.985026] fff00000c5773c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.985081] >fff00000c5773d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.985121] ^ [ 29.985163] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.985207] fff00000c5773e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.985246] ================================================================== [ 29.970806] ================================================================== [ 29.970900] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 29.971245] Read of size 8 at addr fff00000c5773d78 by task kunit_try_catch/293 [ 29.971361] [ 29.971399] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 29.971508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.971596] Hardware name: linux,dummy-virt (DT) [ 29.971700] Call trace: [ 29.971813] show_stack+0x20/0x38 (C) [ 29.972121] dump_stack_lvl+0x8c/0xd0 [ 29.972205] print_report+0x118/0x608 [ 29.972381] kasan_report+0xdc/0x128 [ 29.972509] __asan_report_load8_noabort+0x20/0x30 [ 29.972709] copy_to_kernel_nofault+0x204/0x250 [ 29.972848] copy_to_kernel_nofault_oob+0x158/0x418 [ 29.973282] kunit_try_run_case+0x170/0x3f0 [ 29.973529] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.973654] kthread+0x328/0x630 [ 29.973787] ret_from_fork+0x10/0x20 [ 29.973886] [ 29.973982] Allocated by task 293: [ 29.974374] kasan_save_stack+0x3c/0x68 [ 29.974444] kasan_save_track+0x20/0x40 [ 29.974509] kasan_save_alloc_info+0x40/0x58 [ 29.974661] __kasan_kmalloc+0xd4/0xd8 [ 29.974757] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.975069] copy_to_kernel_nofault_oob+0xc8/0x418 [ 29.975161] kunit_try_run_case+0x170/0x3f0 [ 29.975331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.975401] kthread+0x328/0x630 [ 29.975751] ret_from_fork+0x10/0x20 [ 29.975985] [ 29.976143] The buggy address belongs to the object at fff00000c5773d00 [ 29.976143] which belongs to the cache kmalloc-128 of size 128 [ 29.976287] The buggy address is located 0 bytes to the right of [ 29.976287] allocated 120-byte region [fff00000c5773d00, fff00000c5773d78) [ 29.976424] [ 29.976449] The buggy address belongs to the physical page: [ 29.976483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 29.976835] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.976920] page_type: f5(slab) [ 29.976970] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.977098] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.977153] page dumped because: kasan: bad access detected [ 29.977202] [ 29.977224] Memory state around the buggy address: [ 29.977258] fff00000c5773c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.977303] fff00000c5773c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.977357] >fff00000c5773d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.977406] ^ [ 29.977447] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.977502] fff00000c5773e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.977558] ==================================================================
[ 25.985103] ================================================================== [ 25.985617] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 25.985917] Read of size 8 at addr ffff8881024e1a78 by task kunit_try_catch/310 [ 25.986340] [ 25.986481] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.986778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.986817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.986858] Call Trace: [ 25.986875] <TASK> [ 25.986898] dump_stack_lvl+0x73/0xb0 [ 25.986934] print_report+0xd1/0x650 [ 25.986962] ? __virt_addr_valid+0x1db/0x2d0 [ 25.986989] ? copy_to_kernel_nofault+0x225/0x260 [ 25.987013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.987049] ? copy_to_kernel_nofault+0x225/0x260 [ 25.987075] kasan_report+0x141/0x180 [ 25.987098] ? copy_to_kernel_nofault+0x225/0x260 [ 25.987129] __asan_report_load8_noabort+0x18/0x20 [ 25.987157] copy_to_kernel_nofault+0x225/0x260 [ 25.987183] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 25.987208] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 25.987246] ? finish_task_switch.isra.0+0x153/0x700 [ 25.987273] ? __schedule+0x10cc/0x2b60 [ 25.987299] ? trace_hardirqs_on+0x37/0xe0 [ 25.987330] ? trace_hardirqs_on+0x37/0xe0 [ 25.987353] ? __pfx_read_tsc+0x10/0x10 [ 25.987379] ? ktime_get_ts64+0x86/0x230 [ 25.987544] kunit_try_run_case+0x1a5/0x480 [ 25.987572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.987598] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.987625] ? __kthread_parkme+0x82/0x180 [ 25.987647] ? preempt_count_sub+0x50/0x80 [ 25.987671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.987697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.987721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.987747] kthread+0x337/0x6f0 [ 25.987768] ? trace_preempt_on+0x20/0xc0 [ 25.987806] ? __pfx_kthread+0x10/0x10 [ 25.987828] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.987852] ? calculate_sigpending+0x7b/0xa0 [ 25.987879] ? __pfx_kthread+0x10/0x10 [ 25.987901] ret_from_fork+0x116/0x1d0 [ 25.987923] ? __pfx_kthread+0x10/0x10 [ 25.987944] ret_from_fork_asm+0x1a/0x30 [ 25.987978] </TASK> [ 25.987991] [ 25.997670] Allocated by task 310: [ 25.997860] kasan_save_stack+0x45/0x70 [ 25.998057] kasan_save_track+0x18/0x40 [ 25.998637] kasan_save_alloc_info+0x3b/0x50 [ 25.998793] __kasan_kmalloc+0xb7/0xc0 [ 25.999087] __kmalloc_cache_noprof+0x189/0x420 [ 25.999288] copy_to_kernel_nofault_oob+0x12f/0x560 [ 25.999682] kunit_try_run_case+0x1a5/0x480 [ 25.999915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.000284] kthread+0x337/0x6f0 [ 26.000512] ret_from_fork+0x116/0x1d0 [ 26.000650] ret_from_fork_asm+0x1a/0x30 [ 26.000973] [ 26.001049] The buggy address belongs to the object at ffff8881024e1a00 [ 26.001049] which belongs to the cache kmalloc-128 of size 128 [ 26.001690] The buggy address is located 0 bytes to the right of [ 26.001690] allocated 120-byte region [ffff8881024e1a00, ffff8881024e1a78) [ 26.002349] [ 26.002460] The buggy address belongs to the physical page: [ 26.002721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.003053] flags: 0x200000000000000(node=0|zone=2) [ 26.003591] page_type: f5(slab) [ 26.003832] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.004147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.004465] page dumped because: kasan: bad access detected [ 26.004685] [ 26.004756] Memory state around the buggy address: [ 26.005296] ffff8881024e1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.005642] ffff8881024e1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.005970] >ffff8881024e1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.006501] ^ [ 26.006891] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.007232] ffff8881024e1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.007641] ================================================================== [ 26.008408] ================================================================== [ 26.008849] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.009302] Write of size 8 at addr ffff8881024e1a78 by task kunit_try_catch/310 [ 26.009611] [ 26.009723] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.009780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.009997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.010178] Call Trace: [ 26.010197] <TASK> [ 26.010232] dump_stack_lvl+0x73/0xb0 [ 26.010327] print_report+0xd1/0x650 [ 26.010355] ? __virt_addr_valid+0x1db/0x2d0 [ 26.010383] ? copy_to_kernel_nofault+0x99/0x260 [ 26.010410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.010439] ? copy_to_kernel_nofault+0x99/0x260 [ 26.010464] kasan_report+0x141/0x180 [ 26.010488] ? copy_to_kernel_nofault+0x99/0x260 [ 26.010607] kasan_check_range+0x10c/0x1c0 [ 26.010634] __kasan_check_write+0x18/0x20 [ 26.010659] copy_to_kernel_nofault+0x99/0x260 [ 26.010685] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.010710] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.010733] ? finish_task_switch.isra.0+0x153/0x700 [ 26.010760] ? __schedule+0x10cc/0x2b60 [ 26.010802] ? trace_hardirqs_on+0x37/0xe0 [ 26.010833] ? trace_hardirqs_on+0x37/0xe0 [ 26.010855] ? __pfx_read_tsc+0x10/0x10 [ 26.010879] ? ktime_get_ts64+0x86/0x230 [ 26.010904] kunit_try_run_case+0x1a5/0x480 [ 26.010932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.010957] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.010984] ? __kthread_parkme+0x82/0x180 [ 26.011006] ? preempt_count_sub+0x50/0x80 [ 26.011046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.011072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.011097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.011122] kthread+0x337/0x6f0 [ 26.011143] ? trace_preempt_on+0x20/0xc0 [ 26.011166] ? __pfx_kthread+0x10/0x10 [ 26.011188] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.011212] ? calculate_sigpending+0x7b/0xa0 [ 26.011249] ? __pfx_kthread+0x10/0x10 [ 26.011272] ret_from_fork+0x116/0x1d0 [ 26.011292] ? __pfx_kthread+0x10/0x10 [ 26.011314] ret_from_fork_asm+0x1a/0x30 [ 26.011346] </TASK> [ 26.011359] [ 26.021581] Allocated by task 310: [ 26.021744] kasan_save_stack+0x45/0x70 [ 26.022306] kasan_save_track+0x18/0x40 [ 26.022582] kasan_save_alloc_info+0x3b/0x50 [ 26.022889] __kasan_kmalloc+0xb7/0xc0 [ 26.023038] __kmalloc_cache_noprof+0x189/0x420 [ 26.023270] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.023510] kunit_try_run_case+0x1a5/0x480 [ 26.023997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.024445] kthread+0x337/0x6f0 [ 26.024662] ret_from_fork+0x116/0x1d0 [ 26.025062] ret_from_fork_asm+0x1a/0x30 [ 26.025446] [ 26.025585] The buggy address belongs to the object at ffff8881024e1a00 [ 26.025585] which belongs to the cache kmalloc-128 of size 128 [ 26.026454] The buggy address is located 0 bytes to the right of [ 26.026454] allocated 120-byte region [ffff8881024e1a00, ffff8881024e1a78) [ 26.027087] [ 26.027242] The buggy address belongs to the physical page: [ 26.027573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.027895] flags: 0x200000000000000(node=0|zone=2) [ 26.028322] page_type: f5(slab) [ 26.028493] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.028949] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.029454] page dumped because: kasan: bad access detected [ 26.029761] [ 26.029851] Memory state around the buggy address: [ 26.030300] ffff8881024e1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.030694] ffff8881024e1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.030968] >ffff8881024e1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.031578] ^ [ 26.031994] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.032414] ffff8881024e1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.032729] ==================================================================