Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 63.982111] ================================================================== [ 63.996336] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 64.003709] Read of size 8 at addr ffff000801ad8e78 by task kunit_try_catch/328 [ 64.011000] [ 64.012488] CPU: 4 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 64.012548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.012567] Hardware name: WinLink E850-96 board (DT) [ 64.012588] Call trace: [ 64.012606] show_stack+0x20/0x38 (C) [ 64.012644] dump_stack_lvl+0x8c/0xd0 [ 64.012683] print_report+0x118/0x608 [ 64.012724] kasan_report+0xdc/0x128 [ 64.012757] __asan_report_load8_noabort+0x20/0x30 [ 64.012796] copy_to_kernel_nofault+0x204/0x250 [ 64.012836] copy_to_kernel_nofault_oob+0x158/0x418 [ 64.012873] kunit_try_run_case+0x170/0x3f0 [ 64.012911] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.012951] kthread+0x328/0x630 [ 64.012981] ret_from_fork+0x10/0x20 [ 64.013022] [ 64.080531] Allocated by task 328: [ 64.083918] kasan_save_stack+0x3c/0x68 [ 64.087736] kasan_save_track+0x20/0x40 [ 64.091554] kasan_save_alloc_info+0x40/0x58 [ 64.095807] __kasan_kmalloc+0xd4/0xd8 [ 64.099540] __kmalloc_cache_noprof+0x16c/0x3c0 [ 64.104054] copy_to_kernel_nofault_oob+0xc8/0x418 [ 64.108829] kunit_try_run_case+0x170/0x3f0 [ 64.112995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.118463] kthread+0x328/0x630 [ 64.121675] ret_from_fork+0x10/0x20 [ 64.125234] [ 64.126712] The buggy address belongs to the object at ffff000801ad8e00 [ 64.126712] which belongs to the cache kmalloc-128 of size 128 [ 64.139212] The buggy address is located 0 bytes to the right of [ 64.139212] allocated 120-byte region [ffff000801ad8e00, ffff000801ad8e78) [ 64.152143] [ 64.153623] The buggy address belongs to the physical page: [ 64.159179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ad8 [ 64.167162] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.174800] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.181746] page_type: f5(slab) [ 64.184883] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.192601] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.200331] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.208139] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.215952] head: 0bfffe0000000001 fffffdffe006b601 00000000ffffffff 00000000ffffffff [ 64.223764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.231571] page dumped because: kasan: bad access detected [ 64.237124] [ 64.238600] Memory state around the buggy address: [ 64.243380] ffff000801ad8d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.250583] ffff000801ad8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.257788] >ffff000801ad8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.264989] ^ [ 64.272112] ffff000801ad8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.279315] ffff000801ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.286518] ================================================================== [ 64.293956] ================================================================== [ 64.300931] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 64.308218] Write of size 8 at addr ffff000801ad8e78 by task kunit_try_catch/328 [ 64.315596] [ 64.317081] CPU: 4 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 64.317134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.317150] Hardware name: WinLink E850-96 board (DT) [ 64.317173] Call trace: [ 64.317190] show_stack+0x20/0x38 (C) [ 64.317226] dump_stack_lvl+0x8c/0xd0 [ 64.317266] print_report+0x118/0x608 [ 64.317305] kasan_report+0xdc/0x128 [ 64.317340] kasan_check_range+0x100/0x1a8 [ 64.317377] __kasan_check_write+0x20/0x30 [ 64.317409] copy_to_kernel_nofault+0x8c/0x250 [ 64.317445] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 64.317479] kunit_try_run_case+0x170/0x3f0 [ 64.317516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.317555] kthread+0x328/0x630 [ 64.317583] ret_from_fork+0x10/0x20 [ 64.317620] [ 64.388426] Allocated by task 328: [ 64.391810] kasan_save_stack+0x3c/0x68 [ 64.395629] kasan_save_track+0x20/0x40 [ 64.399449] kasan_save_alloc_info+0x40/0x58 [ 64.403702] __kasan_kmalloc+0xd4/0xd8 [ 64.407435] __kmalloc_cache_noprof+0x16c/0x3c0 [ 64.411948] copy_to_kernel_nofault_oob+0xc8/0x418 [ 64.416723] kunit_try_run_case+0x170/0x3f0 [ 64.420889] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.426358] kthread+0x328/0x630 [ 64.429570] ret_from_fork+0x10/0x20 [ 64.433128] [ 64.434606] The buggy address belongs to the object at ffff000801ad8e00 [ 64.434606] which belongs to the cache kmalloc-128 of size 128 [ 64.447106] The buggy address is located 0 bytes to the right of [ 64.447106] allocated 120-byte region [ffff000801ad8e00, ffff000801ad8e78) [ 64.460038] [ 64.461515] The buggy address belongs to the physical page: [ 64.467073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ad8 [ 64.475058] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.482696] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.489638] page_type: f5(slab) [ 64.492778] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.500496] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.508222] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.516033] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.523847] head: 0bfffe0000000001 fffffdffe006b601 00000000ffffffff 00000000ffffffff [ 64.531658] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.539463] page dumped because: kasan: bad access detected [ 64.545019] [ 64.546495] Memory state around the buggy address: [ 64.551274] ffff000801ad8d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.558478] ffff000801ad8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.565684] >ffff000801ad8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.572883] ^ [ 64.580005] ffff000801ad8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.587210] ffff000801ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.594411] ==================================================================
[ 30.669981] ================================================================== [ 30.670088] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 30.670203] Write of size 8 at addr fff00000c7772978 by task kunit_try_catch/281 [ 30.670327] [ 30.670399] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.670593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.670664] Hardware name: linux,dummy-virt (DT) [ 30.670743] Call trace: [ 30.670803] show_stack+0x20/0x38 (C) [ 30.674258] dump_stack_lvl+0x8c/0xd0 [ 30.674786] print_report+0x118/0x608 [ 30.675229] kasan_report+0xdc/0x128 [ 30.675364] kasan_check_range+0x100/0x1a8 [ 30.676197] __kasan_check_write+0x20/0x30 [ 30.676673] copy_to_kernel_nofault+0x8c/0x250 [ 30.676893] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 30.677119] kunit_try_run_case+0x170/0x3f0 [ 30.677614] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.677808] kthread+0x328/0x630 [ 30.678173] ret_from_fork+0x10/0x20 [ 30.678501] [ 30.678557] Allocated by task 281: [ 30.679816] kasan_save_stack+0x3c/0x68 [ 30.679963] kasan_save_track+0x20/0x40 [ 30.680115] kasan_save_alloc_info+0x40/0x58 [ 30.680226] __kasan_kmalloc+0xd4/0xd8 [ 30.680359] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.680495] copy_to_kernel_nofault_oob+0xc8/0x418 [ 30.680604] kunit_try_run_case+0x170/0x3f0 [ 30.680706] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.680832] kthread+0x328/0x630 [ 30.680959] ret_from_fork+0x10/0x20 [ 30.681073] [ 30.681139] The buggy address belongs to the object at fff00000c7772900 [ 30.681139] which belongs to the cache kmalloc-128 of size 128 [ 30.681584] The buggy address is located 0 bytes to the right of [ 30.681584] allocated 120-byte region [fff00000c7772900, fff00000c7772978) [ 30.681855] [ 30.681925] The buggy address belongs to the physical page: [ 30.682101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.682241] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.682689] page_type: f5(slab) [ 30.682800] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.683002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.683349] page dumped because: kasan: bad access detected [ 30.683540] [ 30.683590] Memory state around the buggy address: [ 30.684223] fff00000c7772800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.684610] fff00000c7772880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.685628] >fff00000c7772900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.686122] ^ [ 30.686267] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.686396] fff00000c7772a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.686593] ================================================================== [ 30.660295] ================================================================== [ 30.660436] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 30.660573] Read of size 8 at addr fff00000c7772978 by task kunit_try_catch/281 [ 30.660874] [ 30.661200] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.661486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.661598] Hardware name: linux,dummy-virt (DT) [ 30.661727] Call trace: [ 30.661802] show_stack+0x20/0x38 (C) [ 30.661963] dump_stack_lvl+0x8c/0xd0 [ 30.662176] print_report+0x118/0x608 [ 30.662311] kasan_report+0xdc/0x128 [ 30.662495] __asan_report_load8_noabort+0x20/0x30 [ 30.662658] copy_to_kernel_nofault+0x204/0x250 [ 30.662794] copy_to_kernel_nofault_oob+0x158/0x418 [ 30.662962] kunit_try_run_case+0x170/0x3f0 [ 30.663190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.663470] kthread+0x328/0x630 [ 30.663620] ret_from_fork+0x10/0x20 [ 30.663931] [ 30.663984] Allocated by task 281: [ 30.664165] kasan_save_stack+0x3c/0x68 [ 30.664302] kasan_save_track+0x20/0x40 [ 30.664403] kasan_save_alloc_info+0x40/0x58 [ 30.664536] __kasan_kmalloc+0xd4/0xd8 [ 30.664636] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.664779] copy_to_kernel_nofault_oob+0xc8/0x418 [ 30.664944] kunit_try_run_case+0x170/0x3f0 [ 30.665206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.665354] kthread+0x328/0x630 [ 30.665454] ret_from_fork+0x10/0x20 [ 30.665570] [ 30.665671] The buggy address belongs to the object at fff00000c7772900 [ 30.665671] which belongs to the cache kmalloc-128 of size 128 [ 30.665929] The buggy address is located 0 bytes to the right of [ 30.665929] allocated 120-byte region [fff00000c7772900, fff00000c7772978) [ 30.666205] [ 30.666264] The buggy address belongs to the physical page: [ 30.666345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.666485] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.666610] page_type: f5(slab) [ 30.666727] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.666936] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.667047] page dumped because: kasan: bad access detected [ 30.667209] [ 30.667270] Memory state around the buggy address: [ 30.667360] fff00000c7772800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.667479] fff00000c7772880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.667628] >fff00000c7772900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.667833] ^ [ 30.667965] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.668079] fff00000c7772a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.668195] ==================================================================
[ 26.564458] ================================================================== [ 26.565280] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.566927] Write of size 8 at addr ffff888101b3ea78 by task kunit_try_catch/299 [ 26.568401] [ 26.568780] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.568920] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.568967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.569037] Call Trace: [ 26.569089] <TASK> [ 26.569146] dump_stack_lvl+0x73/0xb0 [ 26.569261] print_report+0xd1/0x650 [ 26.569346] ? __virt_addr_valid+0x1db/0x2d0 [ 26.569453] ? copy_to_kernel_nofault+0x99/0x260 [ 26.569530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.569607] ? copy_to_kernel_nofault+0x99/0x260 [ 26.569711] kasan_report+0x141/0x180 [ 26.569786] ? copy_to_kernel_nofault+0x99/0x260 [ 26.569861] kasan_check_range+0x10c/0x1c0 [ 26.569924] __kasan_check_write+0x18/0x20 [ 26.569979] copy_to_kernel_nofault+0x99/0x260 [ 26.570043] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.570107] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.570168] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.570240] ? trace_hardirqs_on+0x37/0xe0 [ 26.570319] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.570392] kunit_try_run_case+0x1a5/0x480 [ 26.570463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.570572] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.570655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.570696] ? __kthread_parkme+0x82/0x180 [ 26.570729] ? preempt_count_sub+0x50/0x80 [ 26.570764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.570803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.570841] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.570878] kthread+0x337/0x6f0 [ 26.570906] ? trace_preempt_on+0x20/0xc0 [ 26.570939] ? __pfx_kthread+0x10/0x10 [ 26.570970] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.571003] ? calculate_sigpending+0x7b/0xa0 [ 26.571039] ? __pfx_kthread+0x10/0x10 [ 26.571070] ret_from_fork+0x116/0x1d0 [ 26.571098] ? __pfx_kthread+0x10/0x10 [ 26.571128] ret_from_fork_asm+0x1a/0x30 [ 26.571171] </TASK> [ 26.571187] [ 26.593037] Allocated by task 299: [ 26.594182] kasan_save_stack+0x45/0x70 [ 26.595073] kasan_save_track+0x18/0x40 [ 26.595625] kasan_save_alloc_info+0x3b/0x50 [ 26.596264] __kasan_kmalloc+0xb7/0xc0 [ 26.597033] __kmalloc_cache_noprof+0x189/0x420 [ 26.597726] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.598036] kunit_try_run_case+0x1a5/0x480 [ 26.598440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.599458] kthread+0x337/0x6f0 [ 26.600251] ret_from_fork+0x116/0x1d0 [ 26.601063] ret_from_fork_asm+0x1a/0x30 [ 26.601418] [ 26.602213] The buggy address belongs to the object at ffff888101b3ea00 [ 26.602213] which belongs to the cache kmalloc-128 of size 128 [ 26.603799] The buggy address is located 0 bytes to the right of [ 26.603799] allocated 120-byte region [ffff888101b3ea00, ffff888101b3ea78) [ 26.605824] [ 26.606026] The buggy address belongs to the physical page: [ 26.606699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b3e [ 26.608134] flags: 0x200000000000000(node=0|zone=2) [ 26.608684] page_type: f5(slab) [ 26.609314] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.609945] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.610743] page dumped because: kasan: bad access detected [ 26.611303] [ 26.611779] Memory state around the buggy address: [ 26.612531] ffff888101b3e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.613709] ffff888101b3e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.614310] >ffff888101b3ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.615186] ^ [ 26.615871] ffff888101b3ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.616685] ffff888101b3eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.617057] ================================================================== [ 26.509027] ================================================================== [ 26.510907] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 26.511619] Read of size 8 at addr ffff888101b3ea78 by task kunit_try_catch/299 [ 26.513164] [ 26.513865] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.514014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.514059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.514133] Call Trace: [ 26.514307] <TASK> [ 26.514376] dump_stack_lvl+0x73/0xb0 [ 26.514547] print_report+0xd1/0x650 [ 26.514641] ? __virt_addr_valid+0x1db/0x2d0 [ 26.514717] ? copy_to_kernel_nofault+0x225/0x260 [ 26.514785] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.514846] ? copy_to_kernel_nofault+0x225/0x260 [ 26.514908] kasan_report+0x141/0x180 [ 26.514971] ? copy_to_kernel_nofault+0x225/0x260 [ 26.515045] __asan_report_load8_noabort+0x18/0x20 [ 26.515110] copy_to_kernel_nofault+0x225/0x260 [ 26.515175] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 26.515245] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.515317] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.515391] ? trace_hardirqs_on+0x37/0xe0 [ 26.515582] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.515679] kunit_try_run_case+0x1a5/0x480 [ 26.515729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.515767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.515805] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.515840] ? __kthread_parkme+0x82/0x180 [ 26.515873] ? preempt_count_sub+0x50/0x80 [ 26.515907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.515944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.515980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.516016] kthread+0x337/0x6f0 [ 26.516046] ? trace_preempt_on+0x20/0xc0 [ 26.516079] ? __pfx_kthread+0x10/0x10 [ 26.516109] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.516142] ? calculate_sigpending+0x7b/0xa0 [ 26.516180] ? __pfx_kthread+0x10/0x10 [ 26.516212] ret_from_fork+0x116/0x1d0 [ 26.516287] ? __pfx_kthread+0x10/0x10 [ 26.516323] ret_from_fork_asm+0x1a/0x30 [ 26.516370] </TASK> [ 26.516388] [ 26.538997] Allocated by task 299: [ 26.540041] kasan_save_stack+0x45/0x70 [ 26.540377] kasan_save_track+0x18/0x40 [ 26.541025] kasan_save_alloc_info+0x3b/0x50 [ 26.541758] __kasan_kmalloc+0xb7/0xc0 [ 26.542168] __kmalloc_cache_noprof+0x189/0x420 [ 26.543073] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.543792] kunit_try_run_case+0x1a5/0x480 [ 26.544079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.544907] kthread+0x337/0x6f0 [ 26.545960] ret_from_fork+0x116/0x1d0 [ 26.547012] ret_from_fork_asm+0x1a/0x30 [ 26.547701] [ 26.548081] The buggy address belongs to the object at ffff888101b3ea00 [ 26.548081] which belongs to the cache kmalloc-128 of size 128 [ 26.549122] The buggy address is located 0 bytes to the right of [ 26.549122] allocated 120-byte region [ffff888101b3ea00, ffff888101b3ea78) [ 26.550600] [ 26.550883] The buggy address belongs to the physical page: [ 26.551376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b3e [ 26.552105] flags: 0x200000000000000(node=0|zone=2) [ 26.552841] page_type: f5(slab) [ 26.553267] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.554673] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.555302] page dumped because: kasan: bad access detected [ 26.555989] [ 26.556206] Memory state around the buggy address: [ 26.556724] ffff888101b3e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.557895] ffff888101b3e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.558475] >ffff888101b3ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.559036] ^ [ 26.559701] ffff888101b3ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.560702] ffff888101b3eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.561319] ==================================================================
[ 24.928827] ================================================================== [ 24.929532] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 24.929812] Read of size 8 at addr ffff8881038d5e78 by task kunit_try_catch/299 [ 24.930392] [ 24.930680] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 24.930810] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.930851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.930997] Call Trace: [ 24.931069] <TASK> [ 24.931120] dump_stack_lvl+0x73/0xb0 [ 24.931216] print_report+0xd1/0x650 [ 24.931300] ? __virt_addr_valid+0x1db/0x2d0 [ 24.931380] ? copy_to_kernel_nofault+0x225/0x260 [ 24.931454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.931530] ? copy_to_kernel_nofault+0x225/0x260 [ 24.931685] kasan_report+0x141/0x180 [ 24.931888] ? copy_to_kernel_nofault+0x225/0x260 [ 24.931984] __asan_report_load8_noabort+0x18/0x20 [ 24.932064] copy_to_kernel_nofault+0x225/0x260 [ 24.932123] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 24.932175] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 24.932212] ? finish_task_switch.isra.0+0x153/0x700 [ 24.932246] ? __schedule+0x10cc/0x2b60 [ 24.932280] ? trace_hardirqs_on+0x37/0xe0 [ 24.932326] ? __pfx_read_tsc+0x10/0x10 [ 24.932359] ? ktime_get_ts64+0x86/0x230 [ 24.932393] kunit_try_run_case+0x1a5/0x480 [ 24.932435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.932474] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.932512] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.932548] ? __kthread_parkme+0x82/0x180 [ 24.932577] ? preempt_count_sub+0x50/0x80 [ 24.932609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.932646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.932682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.932719] kthread+0x337/0x6f0 [ 24.932748] ? trace_preempt_on+0x20/0xc0 [ 24.932781] ? __pfx_kthread+0x10/0x10 [ 24.932810] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.932842] ? calculate_sigpending+0x7b/0xa0 [ 24.932904] ? __pfx_kthread+0x10/0x10 [ 24.932942] ret_from_fork+0x116/0x1d0 [ 24.932972] ? __pfx_kthread+0x10/0x10 [ 24.933003] ret_from_fork_asm+0x1a/0x30 [ 24.933046] </TASK> [ 24.933064] [ 24.950400] Allocated by task 299: [ 24.951029] kasan_save_stack+0x45/0x70 [ 24.951542] kasan_save_track+0x18/0x40 [ 24.951863] kasan_save_alloc_info+0x3b/0x50 [ 24.952280] __kasan_kmalloc+0xb7/0xc0 [ 24.952858] __kmalloc_cache_noprof+0x189/0x420 [ 24.953704] copy_to_kernel_nofault_oob+0x12f/0x560 [ 24.954369] kunit_try_run_case+0x1a5/0x480 [ 24.954808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.955527] kthread+0x337/0x6f0 [ 24.955999] ret_from_fork+0x116/0x1d0 [ 24.956527] ret_from_fork_asm+0x1a/0x30 [ 24.956887] [ 24.957302] The buggy address belongs to the object at ffff8881038d5e00 [ 24.957302] which belongs to the cache kmalloc-128 of size 128 [ 24.958502] The buggy address is located 0 bytes to the right of [ 24.958502] allocated 120-byte region [ffff8881038d5e00, ffff8881038d5e78) [ 24.959593] [ 24.959990] The buggy address belongs to the physical page: [ 24.960655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 24.961380] flags: 0x200000000000000(node=0|zone=2) [ 24.961899] page_type: f5(slab) [ 24.962273] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.962972] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.963810] page dumped because: kasan: bad access detected [ 24.964363] [ 24.964614] Memory state around the buggy address: [ 24.965168] ffff8881038d5d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.965970] ffff8881038d5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.966983] >ffff8881038d5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.967751] ^ [ 24.968623] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.969592] ffff8881038d5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.970118] ================================================================== [ 24.971514] ================================================================== [ 24.972103] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 24.973938] Write of size 8 at addr ffff8881038d5e78 by task kunit_try_catch/299 [ 24.974512] [ 24.974966] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 24.975252] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.975292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.975327] Call Trace: [ 24.975351] <TASK> [ 24.975371] dump_stack_lvl+0x73/0xb0 [ 24.975417] print_report+0xd1/0x650 [ 24.975451] ? __virt_addr_valid+0x1db/0x2d0 [ 24.975485] ? copy_to_kernel_nofault+0x99/0x260 [ 24.975522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.975555] ? copy_to_kernel_nofault+0x99/0x260 [ 24.975590] kasan_report+0x141/0x180 [ 24.975623] ? copy_to_kernel_nofault+0x99/0x260 [ 24.975663] kasan_check_range+0x10c/0x1c0 [ 24.975698] __kasan_check_write+0x18/0x20 [ 24.975726] copy_to_kernel_nofault+0x99/0x260 [ 24.975762] copy_to_kernel_nofault_oob+0x288/0x560 [ 24.975797] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 24.975831] ? finish_task_switch.isra.0+0x153/0x700 [ 24.975864] ? __schedule+0x10cc/0x2b60 [ 24.975928] ? trace_hardirqs_on+0x37/0xe0 [ 24.975974] ? __pfx_read_tsc+0x10/0x10 [ 24.976006] ? ktime_get_ts64+0x86/0x230 [ 24.976042] kunit_try_run_case+0x1a5/0x480 [ 24.976080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.976154] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.976196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.976232] ? __kthread_parkme+0x82/0x180 [ 24.976261] ? preempt_count_sub+0x50/0x80 [ 24.976294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.976331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.976367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.976403] kthread+0x337/0x6f0 [ 24.976432] ? trace_preempt_on+0x20/0xc0 [ 24.976464] ? __pfx_kthread+0x10/0x10 [ 24.976495] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.976526] ? calculate_sigpending+0x7b/0xa0 [ 24.976561] ? __pfx_kthread+0x10/0x10 [ 24.976593] ret_from_fork+0x116/0x1d0 [ 24.976619] ? __pfx_kthread+0x10/0x10 [ 24.976650] ret_from_fork_asm+0x1a/0x30 [ 24.976693] </TASK> [ 24.976710] [ 24.996115] Allocated by task 299: [ 24.996786] kasan_save_stack+0x45/0x70 [ 24.997323] kasan_save_track+0x18/0x40 [ 24.997724] kasan_save_alloc_info+0x3b/0x50 [ 24.998133] __kasan_kmalloc+0xb7/0xc0 [ 24.998642] __kmalloc_cache_noprof+0x189/0x420 [ 24.999134] copy_to_kernel_nofault_oob+0x12f/0x560 [ 24.999679] kunit_try_run_case+0x1a5/0x480 [ 25.000046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.000510] kthread+0x337/0x6f0 [ 25.001000] ret_from_fork+0x116/0x1d0 [ 25.001406] ret_from_fork_asm+0x1a/0x30 [ 25.001960] [ 25.002202] The buggy address belongs to the object at ffff8881038d5e00 [ 25.002202] which belongs to the cache kmalloc-128 of size 128 [ 25.003433] The buggy address is located 0 bytes to the right of [ 25.003433] allocated 120-byte region [ffff8881038d5e00, ffff8881038d5e78) [ 25.004601] [ 25.004796] The buggy address belongs to the physical page: [ 25.005189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.005948] flags: 0x200000000000000(node=0|zone=2) [ 25.006471] page_type: f5(slab) [ 25.006851] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.007581] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.008114] page dumped because: kasan: bad access detected [ 25.009059] [ 25.009395] Memory state around the buggy address: [ 25.009889] ffff8881038d5d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.010524] ffff8881038d5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.011218] >ffff8881038d5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.011666] ^ [ 25.012375] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.013185] ffff8881038d5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.013815] ==================================================================
[ 23.294093] ================================================================== [ 23.295460] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 23.296164] Read of size 8 at addr ffff00000e1a3278 by task kunit_try_catch/334 [ 23.296843] [ 23.297015] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.297068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.297084] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.297102] Call trace: [ 23.297114] show_stack+0x20/0x38 (C) [ 23.297152] dump_stack_lvl+0x8c/0xd0 [ 23.297189] print_report+0x118/0x608 [ 23.297225] kasan_report+0xdc/0x128 [ 23.297258] __asan_report_load8_noabort+0x20/0x30 [ 23.297298] copy_to_kernel_nofault+0x204/0x250 [ 23.297333] copy_to_kernel_nofault_oob+0x158/0x418 [ 23.297366] kunit_try_run_case+0x170/0x3f0 [ 23.297402] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.297441] kthread+0x328/0x630 [ 23.297469] ret_from_fork+0x10/0x20 [ 23.297502] [ 23.303546] Allocated by task 334: [ 23.303874] kasan_save_stack+0x3c/0x68 [ 23.304255] kasan_save_track+0x20/0x40 [ 23.304632] kasan_save_alloc_info+0x40/0x58 [ 23.305051] __kasan_kmalloc+0xd4/0xd8 [ 23.305420] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.305857] copy_to_kernel_nofault_oob+0xc8/0x418 [ 23.306317] kunit_try_run_case+0x170/0x3f0 [ 23.306724] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.307248] kthread+0x328/0x630 [ 23.307565] ret_from_fork+0x10/0x20 [ 23.307917] [ 23.308071] The buggy address belongs to the object at ffff00000e1a3200 [ 23.308071] which belongs to the cache kmalloc-128 of size 128 [ 23.309205] The buggy address is located 0 bytes to the right of [ 23.309205] allocated 120-byte region [ffff00000e1a3200, ffff00000e1a3278) [ 23.310381] [ 23.310536] The buggy address belongs to the physical page: [ 23.311053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe1a3 [ 23.311777] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.312391] page_type: f5(slab) [ 23.312707] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.313423] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.314130] page dumped because: kasan: bad access detected [ 23.314646] [ 23.314799] Memory state around the buggy address: [ 23.315248] ffff00000e1a3100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.315915] ffff00000e1a3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.316583] >ffff00000e1a3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.317244] ^ [ 23.317903] ffff00000e1a3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.318569] ffff00000e1a3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.319231] ================================================================== [ 23.320726] ================================================================== [ 23.321436] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 23.322131] Write of size 8 at addr ffff00000e1a3278 by task kunit_try_catch/334 [ 23.322805] [ 23.322964] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.323002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.323013] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.323026] Call trace: [ 23.323036] show_stack+0x20/0x38 (C) [ 23.323062] dump_stack_lvl+0x8c/0xd0 [ 23.323088] print_report+0x118/0x608 [ 23.323116] kasan_report+0xdc/0x128 [ 23.323139] kasan_check_range+0x100/0x1a8 [ 23.323166] __kasan_check_write+0x20/0x30 [ 23.323187] copy_to_kernel_nofault+0x8c/0x250 [ 23.323211] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 23.323235] kunit_try_run_case+0x170/0x3f0 [ 23.323261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.323289] kthread+0x328/0x630 [ 23.323309] ret_from_fork+0x10/0x20 [ 23.323333] [ 23.329624] Allocated by task 334: [ 23.329942] kasan_save_stack+0x3c/0x68 [ 23.330307] kasan_save_track+0x20/0x40 [ 23.330671] kasan_save_alloc_info+0x40/0x58 [ 23.331075] __kasan_kmalloc+0xd4/0xd8 [ 23.331432] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.331859] copy_to_kernel_nofault_oob+0xc8/0x418 [ 23.332305] kunit_try_run_case+0x170/0x3f0 [ 23.332700] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.333211] kthread+0x328/0x630 [ 23.333517] ret_from_fork+0x10/0x20 [ 23.333858] [ 23.334006] The buggy address belongs to the object at ffff00000e1a3200 [ 23.334006] which belongs to the cache kmalloc-128 of size 128 [ 23.335125] The buggy address is located 0 bytes to the right of [ 23.335125] allocated 120-byte region [ffff00000e1a3200, ffff00000e1a3278) [ 23.336285] [ 23.336433] The buggy address belongs to the physical page: [ 23.336940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe1a3 [ 23.337653] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.338253] page_type: f5(slab) [ 23.338555] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.339259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.339956] page dumped because: kasan: bad access detected [ 23.340462] [ 23.340610] Memory state around the buggy address: [ 23.341050] ffff00000e1a3100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.341705] ffff00000e1a3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.342359] >ffff00000e1a3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.343011] ^ [ 23.343656] ffff00000e1a3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.344310] ffff00000e1a3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.344963] ==================================================================