Date
July 2, 2025, 11:10 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 33.957867] ================================================================== [ 33.957999] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 33.958056] Write of size 8 at addr fff00000c8dc5878 by task kunit_try_catch/314 [ 33.958110] [ 33.958147] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.958447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.959149] Hardware name: linux,dummy-virt (DT) [ 33.959204] Call trace: [ 33.959231] show_stack+0x20/0x38 (C) [ 33.959287] dump_stack_lvl+0x8c/0xd0 [ 33.959348] print_report+0x118/0x608 [ 33.959408] kasan_report+0xdc/0x128 [ 33.959598] kasan_check_range+0x100/0x1a8 [ 33.959955] __kasan_check_write+0x20/0x30 [ 33.960025] copy_to_kernel_nofault+0x8c/0x250 [ 33.960077] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 33.960540] kunit_try_run_case+0x170/0x3f0 [ 33.960658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.960747] kthread+0x328/0x630 [ 33.960867] ret_from_fork+0x10/0x20 [ 33.961008] [ 33.961052] Allocated by task 314: [ 33.961084] kasan_save_stack+0x3c/0x68 [ 33.961285] kasan_save_track+0x20/0x40 [ 33.961336] kasan_save_alloc_info+0x40/0x58 [ 33.961652] __kasan_kmalloc+0xd4/0xd8 [ 33.961857] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.961917] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.962062] kunit_try_run_case+0x170/0x3f0 [ 33.962122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.962234] kthread+0x328/0x630 [ 33.962294] ret_from_fork+0x10/0x20 [ 33.962362] [ 33.962463] The buggy address belongs to the object at fff00000c8dc5800 [ 33.962463] which belongs to the cache kmalloc-128 of size 128 [ 33.962577] The buggy address is located 0 bytes to the right of [ 33.962577] allocated 120-byte region [fff00000c8dc5800, fff00000c8dc5878) [ 33.962700] [ 33.962727] The buggy address belongs to the physical page: [ 33.962915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 33.963241] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.963575] page_type: f5(slab) [ 33.963778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.964057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.964125] page dumped because: kasan: bad access detected [ 33.964324] [ 33.964397] Memory state around the buggy address: [ 33.964607] fff00000c8dc5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.964676] fff00000c8dc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.964729] >fff00000c8dc5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.964802] ^ [ 33.964859] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.964906] fff00000c8dc5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.964957] ================================================================== [ 33.950237] ================================================================== [ 33.950406] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 33.950479] Read of size 8 at addr fff00000c8dc5878 by task kunit_try_catch/314 [ 33.950551] [ 33.950776] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.951069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.951108] Hardware name: linux,dummy-virt (DT) [ 33.951170] Call trace: [ 33.951197] show_stack+0x20/0x38 (C) [ 33.951313] dump_stack_lvl+0x8c/0xd0 [ 33.951386] print_report+0x118/0x608 [ 33.951633] kasan_report+0xdc/0x128 [ 33.951872] __asan_report_load8_noabort+0x20/0x30 [ 33.952135] copy_to_kernel_nofault+0x204/0x250 [ 33.952225] copy_to_kernel_nofault_oob+0x158/0x418 [ 33.952305] kunit_try_run_case+0x170/0x3f0 [ 33.952360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.952417] kthread+0x328/0x630 [ 33.952668] ret_from_fork+0x10/0x20 [ 33.952971] [ 33.953008] Allocated by task 314: [ 33.953045] kasan_save_stack+0x3c/0x68 [ 33.953100] kasan_save_track+0x20/0x40 [ 33.953142] kasan_save_alloc_info+0x40/0x58 [ 33.953182] __kasan_kmalloc+0xd4/0xd8 [ 33.953224] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.953326] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.953385] kunit_try_run_case+0x170/0x3f0 [ 33.953428] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.953489] kthread+0x328/0x630 [ 33.953527] ret_from_fork+0x10/0x20 [ 33.953566] [ 33.953591] The buggy address belongs to the object at fff00000c8dc5800 [ 33.953591] which belongs to the cache kmalloc-128 of size 128 [ 33.953653] The buggy address is located 0 bytes to the right of [ 33.953653] allocated 120-byte region [fff00000c8dc5800, fff00000c8dc5878) [ 33.953735] [ 33.953763] The buggy address belongs to the physical page: [ 33.953808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 33.953875] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.954326] page_type: f5(slab) [ 33.954696] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.954837] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.954896] page dumped because: kasan: bad access detected [ 33.955102] [ 33.955157] Memory state around the buggy address: [ 33.955295] fff00000c8dc5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.955498] fff00000c8dc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.955623] >fff00000c8dc5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.955748] ^ [ 33.955843] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.955914] fff00000c8dc5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.956112] ==================================================================
[ 35.493027] ================================================================== [ 35.493093] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 35.493376] Read of size 8 at addr fff00000c988b078 by task kunit_try_catch/312 [ 35.493499] [ 35.493551] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.493654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.493692] Hardware name: linux,dummy-virt (DT) [ 35.493755] Call trace: [ 35.493781] show_stack+0x20/0x38 (C) [ 35.493833] dump_stack_lvl+0x8c/0xd0 [ 35.493913] print_report+0x118/0x608 [ 35.494043] kasan_report+0xdc/0x128 [ 35.494107] __asan_report_load8_noabort+0x20/0x30 [ 35.494304] copy_to_kernel_nofault+0x204/0x250 [ 35.494369] copy_to_kernel_nofault_oob+0x158/0x418 [ 35.494434] kunit_try_run_case+0x170/0x3f0 [ 35.494566] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.494721] kthread+0x328/0x630 [ 35.494807] ret_from_fork+0x10/0x20 [ 35.494879] [ 35.494901] Allocated by task 312: [ 35.494933] kasan_save_stack+0x3c/0x68 [ 35.494979] kasan_save_track+0x20/0x40 [ 35.495118] kasan_save_alloc_info+0x40/0x58 [ 35.495310] __kasan_kmalloc+0xd4/0xd8 [ 35.495400] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.495538] copy_to_kernel_nofault_oob+0xc8/0x418 [ 35.495585] kunit_try_run_case+0x170/0x3f0 [ 35.495625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.495672] kthread+0x328/0x630 [ 35.495938] ret_from_fork+0x10/0x20 [ 35.496058] [ 35.496108] The buggy address belongs to the object at fff00000c988b000 [ 35.496108] which belongs to the cache kmalloc-128 of size 128 [ 35.496221] The buggy address is located 0 bytes to the right of [ 35.496221] allocated 120-byte region [fff00000c988b000, fff00000c988b078) [ 35.496319] [ 35.496403] The buggy address belongs to the physical page: [ 35.496438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.496510] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.496788] page_type: f5(slab) [ 35.497188] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.497287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.497367] page dumped because: kasan: bad access detected [ 35.497415] [ 35.497441] Memory state around the buggy address: [ 35.497478] fff00000c988af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.497528] fff00000c988af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.497589] >fff00000c988b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.497650] ^ [ 35.497724] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.497770] fff00000c988b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.497821] ================================================================== [ 35.498256] ================================================================== [ 35.498312] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 35.498365] Write of size 8 at addr fff00000c988b078 by task kunit_try_catch/312 [ 35.498418] [ 35.498692] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.499004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.499105] Hardware name: linux,dummy-virt (DT) [ 35.499146] Call trace: [ 35.499180] show_stack+0x20/0x38 (C) [ 35.499234] dump_stack_lvl+0x8c/0xd0 [ 35.499783] print_report+0x118/0x608 [ 35.500052] kasan_report+0xdc/0x128 [ 35.500142] kasan_check_range+0x100/0x1a8 [ 35.500255] __kasan_check_write+0x20/0x30 [ 35.500342] copy_to_kernel_nofault+0x8c/0x250 [ 35.500461] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 35.500515] kunit_try_run_case+0x170/0x3f0 [ 35.500568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.500626] kthread+0x328/0x630 [ 35.500898] ret_from_fork+0x10/0x20 [ 35.501057] [ 35.501121] Allocated by task 312: [ 35.501375] kasan_save_stack+0x3c/0x68 [ 35.501488] kasan_save_track+0x20/0x40 [ 35.501610] kasan_save_alloc_info+0x40/0x58 [ 35.501688] __kasan_kmalloc+0xd4/0xd8 [ 35.501779] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.501858] copy_to_kernel_nofault_oob+0xc8/0x418 [ 35.501954] kunit_try_run_case+0x170/0x3f0 [ 35.502057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.502135] kthread+0x328/0x630 [ 35.502222] ret_from_fork+0x10/0x20 [ 35.502279] [ 35.502301] The buggy address belongs to the object at fff00000c988b000 [ 35.502301] which belongs to the cache kmalloc-128 of size 128 [ 35.502497] The buggy address is located 0 bytes to the right of [ 35.502497] allocated 120-byte region [fff00000c988b000, fff00000c988b078) [ 35.502570] [ 35.502700] The buggy address belongs to the physical page: [ 35.502770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.502828] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.502880] page_type: f5(slab) [ 35.502923] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.502976] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.503038] page dumped because: kasan: bad access detected [ 35.503089] [ 35.503109] Memory state around the buggy address: [ 35.503170] fff00000c988af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.503217] fff00000c988af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.503262] >fff00000c988b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.503304] ^ [ 35.503606] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.503725] fff00000c988b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.503790] ==================================================================
[ 27.127622] ================================================================== [ 27.128151] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.128462] Write of size 8 at addr ffff88810255ee78 by task kunit_try_catch/330 [ 27.128797] [ 27.128932] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.128990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.129006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.129032] Call Trace: [ 27.129050] <TASK> [ 27.129084] dump_stack_lvl+0x73/0xb0 [ 27.129119] print_report+0xd1/0x650 [ 27.129145] ? __virt_addr_valid+0x1db/0x2d0 [ 27.129172] ? copy_to_kernel_nofault+0x99/0x260 [ 27.129200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.129229] ? copy_to_kernel_nofault+0x99/0x260 [ 27.129256] kasan_report+0x141/0x180 [ 27.129280] ? copy_to_kernel_nofault+0x99/0x260 [ 27.129310] kasan_check_range+0x10c/0x1c0 [ 27.129336] __kasan_check_write+0x18/0x20 [ 27.129362] copy_to_kernel_nofault+0x99/0x260 [ 27.129389] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.129415] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.129440] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.129467] ? trace_hardirqs_on+0x37/0xe0 [ 27.129500] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.129530] kunit_try_run_case+0x1a5/0x480 [ 27.129560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.129586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.129610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.129635] ? __kthread_parkme+0x82/0x180 [ 27.129659] ? preempt_count_sub+0x50/0x80 [ 27.129686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.129714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.129740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.129769] kthread+0x337/0x6f0 [ 27.129792] ? trace_preempt_on+0x20/0xc0 [ 27.129816] ? __pfx_kthread+0x10/0x10 [ 27.129848] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.129875] ? calculate_sigpending+0x7b/0xa0 [ 27.129902] ? __pfx_kthread+0x10/0x10 [ 27.129938] ret_from_fork+0x116/0x1d0 [ 27.129962] ? __pfx_kthread+0x10/0x10 [ 27.129985] ret_from_fork_asm+0x1a/0x30 [ 27.130019] </TASK> [ 27.130034] [ 27.138349] Allocated by task 330: [ 27.138581] kasan_save_stack+0x45/0x70 [ 27.138822] kasan_save_track+0x18/0x40 [ 27.139196] kasan_save_alloc_info+0x3b/0x50 [ 27.139437] __kasan_kmalloc+0xb7/0xc0 [ 27.139631] __kmalloc_cache_noprof+0x189/0x420 [ 27.139878] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.140125] kunit_try_run_case+0x1a5/0x480 [ 27.140319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.140574] kthread+0x337/0x6f0 [ 27.140694] ret_from_fork+0x116/0x1d0 [ 27.140825] ret_from_fork_asm+0x1a/0x30 [ 27.140963] [ 27.141031] The buggy address belongs to the object at ffff88810255ee00 [ 27.141031] which belongs to the cache kmalloc-128 of size 128 [ 27.141585] The buggy address is located 0 bytes to the right of [ 27.141585] allocated 120-byte region [ffff88810255ee00, ffff88810255ee78) [ 27.142224] [ 27.142351] The buggy address belongs to the physical page: [ 27.142625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.143002] flags: 0x200000000000000(node=0|zone=2) [ 27.143309] page_type: f5(slab) [ 27.143501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.143853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.144371] page dumped because: kasan: bad access detected [ 27.144541] [ 27.144611] Memory state around the buggy address: [ 27.144765] ffff88810255ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.144982] ffff88810255ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.145595] >ffff88810255ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.145947] ^ [ 27.146305] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.146649] ffff88810255ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.147090] ================================================================== [ 27.097371] ================================================================== [ 27.098109] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.099104] Read of size 8 at addr ffff88810255ee78 by task kunit_try_catch/330 [ 27.099547] [ 27.099851] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.099917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.099945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.099973] Call Trace: [ 27.099994] <TASK> [ 27.100017] dump_stack_lvl+0x73/0xb0 [ 27.100057] print_report+0xd1/0x650 [ 27.100101] ? __virt_addr_valid+0x1db/0x2d0 [ 27.100130] ? copy_to_kernel_nofault+0x225/0x260 [ 27.100158] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.100198] ? copy_to_kernel_nofault+0x225/0x260 [ 27.100226] kasan_report+0x141/0x180 [ 27.100250] ? copy_to_kernel_nofault+0x225/0x260 [ 27.100281] __asan_report_load8_noabort+0x18/0x20 [ 27.100308] copy_to_kernel_nofault+0x225/0x260 [ 27.100335] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.100362] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.100387] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.100413] ? trace_hardirqs_on+0x37/0xe0 [ 27.100449] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.100479] kunit_try_run_case+0x1a5/0x480 [ 27.100509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.100536] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.100561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.100586] ? __kthread_parkme+0x82/0x180 [ 27.100612] ? preempt_count_sub+0x50/0x80 [ 27.100640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.100668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.100696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.100724] kthread+0x337/0x6f0 [ 27.100746] ? trace_preempt_on+0x20/0xc0 [ 27.100771] ? __pfx_kthread+0x10/0x10 [ 27.100794] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.100821] ? calculate_sigpending+0x7b/0xa0 [ 27.100849] ? __pfx_kthread+0x10/0x10 [ 27.100874] ret_from_fork+0x116/0x1d0 [ 27.100898] ? __pfx_kthread+0x10/0x10 [ 27.100921] ret_from_fork_asm+0x1a/0x30 [ 27.100956] </TASK> [ 27.100971] [ 27.113388] Allocated by task 330: [ 27.113787] kasan_save_stack+0x45/0x70 [ 27.114177] kasan_save_track+0x18/0x40 [ 27.114644] kasan_save_alloc_info+0x3b/0x50 [ 27.115046] __kasan_kmalloc+0xb7/0xc0 [ 27.115258] __kmalloc_cache_noprof+0x189/0x420 [ 27.115610] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.115844] kunit_try_run_case+0x1a5/0x480 [ 27.116351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.116586] kthread+0x337/0x6f0 [ 27.116751] ret_from_fork+0x116/0x1d0 [ 27.117094] ret_from_fork_asm+0x1a/0x30 [ 27.117435] [ 27.117654] The buggy address belongs to the object at ffff88810255ee00 [ 27.117654] which belongs to the cache kmalloc-128 of size 128 [ 27.118386] The buggy address is located 0 bytes to the right of [ 27.118386] allocated 120-byte region [ffff88810255ee00, ffff88810255ee78) [ 27.119162] [ 27.119264] The buggy address belongs to the physical page: [ 27.119524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.120186] flags: 0x200000000000000(node=0|zone=2) [ 27.120594] page_type: f5(slab) [ 27.120795] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.121368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.121785] page dumped because: kasan: bad access detected [ 27.122040] [ 27.122146] Memory state around the buggy address: [ 27.122623] ffff88810255ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.123015] ffff88810255ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.123826] >ffff88810255ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.124551] ^ [ 27.124846] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.125550] ffff88810255ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.125927] ==================================================================
[ 26.904098] ================================================================== [ 26.905004] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.905293] Write of size 8 at addr ffff888104915078 by task kunit_try_catch/329 [ 26.905615] [ 26.905727] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.905787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.905802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.905826] Call Trace: [ 26.905841] <TASK> [ 26.905872] dump_stack_lvl+0x73/0xb0 [ 26.905903] print_report+0xd1/0x650 [ 26.905927] ? __virt_addr_valid+0x1db/0x2d0 [ 26.905952] ? copy_to_kernel_nofault+0x99/0x260 [ 26.905976] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.906004] ? copy_to_kernel_nofault+0x99/0x260 [ 26.906028] kasan_report+0x141/0x180 [ 26.906050] ? copy_to_kernel_nofault+0x99/0x260 [ 26.906079] kasan_check_range+0x10c/0x1c0 [ 26.906104] __kasan_check_write+0x18/0x20 [ 26.906127] copy_to_kernel_nofault+0x99/0x260 [ 26.906153] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.906177] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.906200] ? finish_task_switch.isra.0+0x153/0x700 [ 26.906224] ? __schedule+0x10cc/0x2b60 [ 26.906247] ? trace_hardirqs_on+0x37/0xe0 [ 26.906279] ? __pfx_read_tsc+0x10/0x10 [ 26.906302] ? ktime_get_ts64+0x86/0x230 [ 26.906340] kunit_try_run_case+0x1a5/0x480 [ 26.906367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.906392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.906415] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.906438] ? __kthread_parkme+0x82/0x180 [ 26.906460] ? preempt_count_sub+0x50/0x80 [ 26.906483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.906782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.906811] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.906837] kthread+0x337/0x6f0 [ 26.906860] ? trace_preempt_on+0x20/0xc0 [ 26.906883] ? __pfx_kthread+0x10/0x10 [ 26.906905] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.906931] ? calculate_sigpending+0x7b/0xa0 [ 26.906957] ? __pfx_kthread+0x10/0x10 [ 26.906980] ret_from_fork+0x116/0x1d0 [ 26.907001] ? __pfx_kthread+0x10/0x10 [ 26.907024] ret_from_fork_asm+0x1a/0x30 [ 26.907056] </TASK> [ 26.907069] [ 26.915113] Allocated by task 329: [ 26.915296] kasan_save_stack+0x45/0x70 [ 26.915451] kasan_save_track+0x18/0x40 [ 26.915582] kasan_save_alloc_info+0x3b/0x50 [ 26.915784] __kasan_kmalloc+0xb7/0xc0 [ 26.915962] __kmalloc_cache_noprof+0x189/0x420 [ 26.916237] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.916446] kunit_try_run_case+0x1a5/0x480 [ 26.917009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.917244] kthread+0x337/0x6f0 [ 26.917399] ret_from_fork+0x116/0x1d0 [ 26.917538] ret_from_fork_asm+0x1a/0x30 [ 26.917803] [ 26.917886] The buggy address belongs to the object at ffff888104915000 [ 26.917886] which belongs to the cache kmalloc-128 of size 128 [ 26.918434] The buggy address is located 0 bytes to the right of [ 26.918434] allocated 120-byte region [ffff888104915000, ffff888104915078) [ 26.919157] [ 26.919242] The buggy address belongs to the physical page: [ 26.919499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104915 [ 26.919878] flags: 0x200000000000000(node=0|zone=2) [ 26.920046] page_type: f5(slab) [ 26.920168] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.920407] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.920931] page dumped because: kasan: bad access detected [ 26.921190] [ 26.921282] Memory state around the buggy address: [ 26.921522] ffff888104914f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.922122] ffff888104914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.922439] >ffff888104915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.922767] ^ [ 26.923059] ffff888104915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.923299] ffff888104915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.923544] ================================================================== [ 26.878407] ================================================================== [ 26.879957] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 26.880218] Read of size 8 at addr ffff888104915078 by task kunit_try_catch/329 [ 26.880453] [ 26.880589] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.880647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.880662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.880688] Call Trace: [ 26.880703] <TASK> [ 26.880726] dump_stack_lvl+0x73/0xb0 [ 26.880761] print_report+0xd1/0x650 [ 26.880788] ? __virt_addr_valid+0x1db/0x2d0 [ 26.880841] ? copy_to_kernel_nofault+0x225/0x260 [ 26.880867] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.880895] ? copy_to_kernel_nofault+0x225/0x260 [ 26.880920] kasan_report+0x141/0x180 [ 26.880942] ? copy_to_kernel_nofault+0x225/0x260 [ 26.880971] __asan_report_load8_noabort+0x18/0x20 [ 26.880997] copy_to_kernel_nofault+0x225/0x260 [ 26.881042] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 26.881066] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.881090] ? finish_task_switch.isra.0+0x153/0x700 [ 26.881116] ? __schedule+0x10cc/0x2b60 [ 26.881138] ? trace_hardirqs_on+0x37/0xe0 [ 26.881171] ? __pfx_read_tsc+0x10/0x10 [ 26.881196] ? ktime_get_ts64+0x86/0x230 [ 26.881240] kunit_try_run_case+0x1a5/0x480 [ 26.881269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.881294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.881329] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.881352] ? __kthread_parkme+0x82/0x180 [ 26.881374] ? preempt_count_sub+0x50/0x80 [ 26.881399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.881425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.881450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.881476] kthread+0x337/0x6f0 [ 26.881497] ? trace_preempt_on+0x20/0xc0 [ 26.881519] ? __pfx_kthread+0x10/0x10 [ 26.881541] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.881580] ? calculate_sigpending+0x7b/0xa0 [ 26.881607] ? __pfx_kthread+0x10/0x10 [ 26.881630] ret_from_fork+0x116/0x1d0 [ 26.881652] ? __pfx_kthread+0x10/0x10 [ 26.881688] ret_from_fork_asm+0x1a/0x30 [ 26.881722] </TASK> [ 26.881741] [ 26.891953] Allocated by task 329: [ 26.892125] kasan_save_stack+0x45/0x70 [ 26.892331] kasan_save_track+0x18/0x40 [ 26.892685] kasan_save_alloc_info+0x3b/0x50 [ 26.893156] __kasan_kmalloc+0xb7/0xc0 [ 26.893369] __kmalloc_cache_noprof+0x189/0x420 [ 26.893877] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.894161] kunit_try_run_case+0x1a5/0x480 [ 26.894508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.894929] kthread+0x337/0x6f0 [ 26.895109] ret_from_fork+0x116/0x1d0 [ 26.895284] ret_from_fork_asm+0x1a/0x30 [ 26.895473] [ 26.896001] The buggy address belongs to the object at ffff888104915000 [ 26.896001] which belongs to the cache kmalloc-128 of size 128 [ 26.896734] The buggy address is located 0 bytes to the right of [ 26.896734] allocated 120-byte region [ffff888104915000, ffff888104915078) [ 26.897323] [ 26.897398] The buggy address belongs to the physical page: [ 26.897666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104915 [ 26.898049] flags: 0x200000000000000(node=0|zone=2) [ 26.898314] page_type: f5(slab) [ 26.898455] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.899296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.899817] page dumped because: kasan: bad access detected [ 26.900138] [ 26.900213] Memory state around the buggy address: [ 26.900527] ffff888104914f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.900992] ffff888104914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.901318] >ffff888104915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.901884] ^ [ 26.902217] ffff888104915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.902668] ffff888104915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.903165] ==================================================================