Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 20.069525] ================================================================== [ 20.069593] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 20.069673] Read of size 8 at addr fff00000c77ac278 by task kunit_try_catch/282 [ 20.077995] [ 20.078616] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 20.078715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.079384] Hardware name: linux,dummy-virt (DT) [ 20.079748] Call trace: [ 20.079781] show_stack+0x20/0x38 (C) [ 20.080495] dump_stack_lvl+0x8c/0xd0 [ 20.080936] print_report+0x118/0x608 [ 20.080999] kasan_report+0xdc/0x128 [ 20.082528] __asan_report_load8_noabort+0x20/0x30 [ 20.082748] copy_to_kernel_nofault+0x204/0x250 [ 20.083022] copy_to_kernel_nofault_oob+0x158/0x418 [ 20.083204] kunit_try_run_case+0x170/0x3f0 [ 20.083259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.083313] kthread+0x328/0x630 [ 20.083946] ret_from_fork+0x10/0x20 [ 20.084828] [ 20.085961] Allocated by task 282: [ 20.086162] kasan_save_stack+0x3c/0x68 [ 20.086754] kasan_save_track+0x20/0x40 [ 20.087484] kasan_save_alloc_info+0x40/0x58 [ 20.087796] __kasan_kmalloc+0xd4/0xd8 [ 20.088433] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.088765] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.089125] kunit_try_run_case+0x170/0x3f0 [ 20.089172] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.089218] kthread+0x328/0x630 [ 20.090137] ret_from_fork+0x10/0x20 [ 20.090452] [ 20.090524] The buggy address belongs to the object at fff00000c77ac200 [ 20.090524] which belongs to the cache kmalloc-128 of size 128 [ 20.091015] The buggy address is located 0 bytes to the right of [ 20.091015] allocated 120-byte region [fff00000c77ac200, fff00000c77ac278) [ 20.091156] [ 20.091182] The buggy address belongs to the physical page: [ 20.091220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ac [ 20.092461] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.093009] page_type: f5(slab) [ 20.093465] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.093648] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.094037] page dumped because: kasan: bad access detected [ 20.094075] [ 20.094656] Memory state around the buggy address: [ 20.094862] fff00000c77ac100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.094912] fff00000c77ac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.095115] >fff00000c77ac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.095163] ^ [ 20.095208] fff00000c77ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.095253] fff00000c77ac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.095296] ================================================================== [ 20.097777] ================================================================== [ 20.097838] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 20.097894] Write of size 8 at addr fff00000c77ac278 by task kunit_try_catch/282 [ 20.097947] [ 20.097995] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 20.098080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.098109] Hardware name: linux,dummy-virt (DT) [ 20.099269] Call trace: [ 20.099311] show_stack+0x20/0x38 (C) [ 20.099435] dump_stack_lvl+0x8c/0xd0 [ 20.099489] print_report+0x118/0x608 [ 20.099536] kasan_report+0xdc/0x128 [ 20.099582] kasan_check_range+0x100/0x1a8 [ 20.099631] __kasan_check_write+0x20/0x30 [ 20.099727] copy_to_kernel_nofault+0x8c/0x250 [ 20.099787] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 20.100354] kunit_try_run_case+0x170/0x3f0 [ 20.101407] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.101717] kthread+0x328/0x630 [ 20.101950] ret_from_fork+0x10/0x20 [ 20.102232] [ 20.102256] Allocated by task 282: [ 20.102524] kasan_save_stack+0x3c/0x68 [ 20.102633] kasan_save_track+0x20/0x40 [ 20.102997] kasan_save_alloc_info+0x40/0x58 [ 20.103046] __kasan_kmalloc+0xd4/0xd8 [ 20.103085] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.103125] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.103169] kunit_try_run_case+0x170/0x3f0 [ 20.103869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.104133] kthread+0x328/0x630 [ 20.104298] ret_from_fork+0x10/0x20 [ 20.104338] [ 20.104620] The buggy address belongs to the object at fff00000c77ac200 [ 20.104620] which belongs to the cache kmalloc-128 of size 128 [ 20.104832] The buggy address is located 0 bytes to the right of [ 20.104832] allocated 120-byte region [fff00000c77ac200, fff00000c77ac278) [ 20.104901] [ 20.105249] The buggy address belongs to the physical page: [ 20.105290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ac [ 20.106016] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.106298] page_type: f5(slab) [ 20.106512] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.106573] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.106938] page dumped because: kasan: bad access detected [ 20.106995] [ 20.107328] Memory state around the buggy address: [ 20.107366] fff00000c77ac100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.107546] fff00000c77ac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.107721] >fff00000c77ac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.107814] ^ [ 20.107859] fff00000c77ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.107905] fff00000c77ac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.107945] ==================================================================
[ 19.753649] ================================================================== [ 19.753945] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.754143] Write of size 8 at addr fff00000c76c9278 by task kunit_try_catch/282 [ 19.754210] [ 19.754318] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.754434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.754519] Hardware name: linux,dummy-virt (DT) [ 19.754568] Call trace: [ 19.754594] show_stack+0x20/0x38 (C) [ 19.754661] dump_stack_lvl+0x8c/0xd0 [ 19.754713] print_report+0x118/0x608 [ 19.754760] kasan_report+0xdc/0x128 [ 19.754806] kasan_check_range+0x100/0x1a8 [ 19.754856] __kasan_check_write+0x20/0x30 [ 19.754901] copy_to_kernel_nofault+0x8c/0x250 [ 19.754974] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.755027] kunit_try_run_case+0x170/0x3f0 [ 19.755085] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.755153] kthread+0x328/0x630 [ 19.755198] ret_from_fork+0x10/0x20 [ 19.755465] [ 19.755490] Allocated by task 282: [ 19.755709] kasan_save_stack+0x3c/0x68 [ 19.756054] kasan_save_track+0x20/0x40 [ 19.756178] kasan_save_alloc_info+0x40/0x58 [ 19.756260] __kasan_kmalloc+0xd4/0xd8 [ 19.756404] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.756542] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.756611] kunit_try_run_case+0x170/0x3f0 [ 19.756659] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.756819] kthread+0x328/0x630 [ 19.756972] ret_from_fork+0x10/0x20 [ 19.757184] [ 19.757246] The buggy address belongs to the object at fff00000c76c9200 [ 19.757246] which belongs to the cache kmalloc-128 of size 128 [ 19.757447] The buggy address is located 0 bytes to the right of [ 19.757447] allocated 120-byte region [fff00000c76c9200, fff00000c76c9278) [ 19.757674] [ 19.757714] The buggy address belongs to the physical page: [ 19.757771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c9 [ 19.757882] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.757971] page_type: f5(slab) [ 19.758159] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.758387] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.758470] page dumped because: kasan: bad access detected [ 19.758582] [ 19.758650] Memory state around the buggy address: [ 19.758696] fff00000c76c9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.758943] fff00000c76c9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.759092] >fff00000c76c9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.759161] ^ [ 19.759296] fff00000c76c9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.759393] fff00000c76c9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.759450] ================================================================== [ 19.747082] ================================================================== [ 19.747155] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.747296] Read of size 8 at addr fff00000c76c9278 by task kunit_try_catch/282 [ 19.747360] [ 19.747406] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.747499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.747734] Hardware name: linux,dummy-virt (DT) [ 19.747790] Call trace: [ 19.747824] show_stack+0x20/0x38 (C) [ 19.748085] dump_stack_lvl+0x8c/0xd0 [ 19.748214] print_report+0x118/0x608 [ 19.748286] kasan_report+0xdc/0x128 [ 19.748365] __asan_report_load8_noabort+0x20/0x30 [ 19.748428] copy_to_kernel_nofault+0x204/0x250 [ 19.748707] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.748771] kunit_try_run_case+0x170/0x3f0 [ 19.748871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.748945] kthread+0x328/0x630 [ 19.748988] ret_from_fork+0x10/0x20 [ 19.749083] [ 19.749103] Allocated by task 282: [ 19.749324] kasan_save_stack+0x3c/0x68 [ 19.749394] kasan_save_track+0x20/0x40 [ 19.749501] kasan_save_alloc_info+0x40/0x58 [ 19.749547] __kasan_kmalloc+0xd4/0xd8 [ 19.749613] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.749834] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.749907] kunit_try_run_case+0x170/0x3f0 [ 19.749961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.750007] kthread+0x328/0x630 [ 19.750097] ret_from_fork+0x10/0x20 [ 19.750175] [ 19.750317] The buggy address belongs to the object at fff00000c76c9200 [ 19.750317] which belongs to the cache kmalloc-128 of size 128 [ 19.750391] The buggy address is located 0 bytes to the right of [ 19.750391] allocated 120-byte region [fff00000c76c9200, fff00000c76c9278) [ 19.750606] [ 19.750656] The buggy address belongs to the physical page: [ 19.750782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c9 [ 19.750857] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.751002] page_type: f5(slab) [ 19.751065] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.751651] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.751729] page dumped because: kasan: bad access detected [ 19.751879] [ 19.751963] Memory state around the buggy address: [ 19.752042] fff00000c76c9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.752105] fff00000c76c9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.752414] >fff00000c76c9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.752521] ^ [ 19.752576] fff00000c76c9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.752640] fff00000c76c9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.752716] ==================================================================
[ 17.923485] ================================================================== [ 17.924160] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 17.924900] Read of size 8 at addr ffff888102abe578 by task kunit_try_catch/299 [ 17.925131] [ 17.925332] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.925447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.925485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.925563] Call Trace: [ 17.925591] <TASK> [ 17.925645] dump_stack_lvl+0x73/0xb0 [ 17.925704] print_report+0xd1/0x650 [ 17.925743] ? __virt_addr_valid+0x1db/0x2d0 [ 17.925779] ? copy_to_kernel_nofault+0x225/0x260 [ 17.925822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.926254] ? copy_to_kernel_nofault+0x225/0x260 [ 17.926295] kasan_report+0x141/0x180 [ 17.926322] ? copy_to_kernel_nofault+0x225/0x260 [ 17.926350] __asan_report_load8_noabort+0x18/0x20 [ 17.926375] copy_to_kernel_nofault+0x225/0x260 [ 17.926400] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 17.926426] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 17.926449] ? finish_task_switch.isra.0+0x153/0x700 [ 17.926471] ? __schedule+0x10cc/0x2b60 [ 17.926493] ? trace_hardirqs_on+0x37/0xe0 [ 17.926540] ? __pfx_read_tsc+0x10/0x10 [ 17.926573] ? ktime_get_ts64+0x86/0x230 [ 17.926610] kunit_try_run_case+0x1a5/0x480 [ 17.926662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.926685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.926708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.926730] ? __kthread_parkme+0x82/0x180 [ 17.926751] ? preempt_count_sub+0x50/0x80 [ 17.926773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.926795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.926818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.926840] kthread+0x337/0x6f0 [ 17.926859] ? trace_preempt_on+0x20/0xc0 [ 17.926880] ? __pfx_kthread+0x10/0x10 [ 17.926901] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.926921] ? calculate_sigpending+0x7b/0xa0 [ 17.926944] ? __pfx_kthread+0x10/0x10 [ 17.926965] ret_from_fork+0x116/0x1d0 [ 17.926983] ? __pfx_kthread+0x10/0x10 [ 17.927003] ret_from_fork_asm+0x1a/0x30 [ 17.927033] </TASK> [ 17.927047] [ 17.939082] Allocated by task 299: [ 17.939282] kasan_save_stack+0x45/0x70 [ 17.939515] kasan_save_track+0x18/0x40 [ 17.939789] kasan_save_alloc_info+0x3b/0x50 [ 17.940093] __kasan_kmalloc+0xb7/0xc0 [ 17.940286] __kmalloc_cache_noprof+0x189/0x420 [ 17.940558] copy_to_kernel_nofault_oob+0x12f/0x560 [ 17.940796] kunit_try_run_case+0x1a5/0x480 [ 17.940976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.941490] kthread+0x337/0x6f0 [ 17.941806] ret_from_fork+0x116/0x1d0 [ 17.942064] ret_from_fork_asm+0x1a/0x30 [ 17.942366] [ 17.942456] The buggy address belongs to the object at ffff888102abe500 [ 17.942456] which belongs to the cache kmalloc-128 of size 128 [ 17.942993] The buggy address is located 0 bytes to the right of [ 17.942993] allocated 120-byte region [ffff888102abe500, ffff888102abe578) [ 17.943737] [ 17.943891] The buggy address belongs to the physical page: [ 17.944298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102abe [ 17.944554] flags: 0x200000000000000(node=0|zone=2) [ 17.944757] page_type: f5(slab) [ 17.944911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.945156] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.945386] page dumped because: kasan: bad access detected [ 17.945574] [ 17.945686] Memory state around the buggy address: [ 17.945858] ffff888102abe400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.946092] ffff888102abe480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.946317] >ffff888102abe500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.946535] ^ [ 17.947053] ffff888102abe580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.947582] ffff888102abe600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.948087] ================================================================== [ 17.949060] ================================================================== [ 17.949696] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 17.950314] Write of size 8 at addr ffff888102abe578 by task kunit_try_catch/299 [ 17.950893] [ 17.951096] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.951198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.951223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.951260] Call Trace: [ 17.951291] <TASK> [ 17.951321] dump_stack_lvl+0x73/0xb0 [ 17.951385] print_report+0xd1/0x650 [ 17.951433] ? __virt_addr_valid+0x1db/0x2d0 [ 17.951479] ? copy_to_kernel_nofault+0x99/0x260 [ 17.951518] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.951556] ? copy_to_kernel_nofault+0x99/0x260 [ 17.951589] kasan_report+0x141/0x180 [ 17.951644] ? copy_to_kernel_nofault+0x99/0x260 [ 17.951694] kasan_check_range+0x10c/0x1c0 [ 17.951733] __kasan_check_write+0x18/0x20 [ 17.951764] copy_to_kernel_nofault+0x99/0x260 [ 17.951801] copy_to_kernel_nofault_oob+0x288/0x560 [ 17.951838] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 17.951872] ? finish_task_switch.isra.0+0x153/0x700 [ 17.951907] ? __schedule+0x10cc/0x2b60 [ 17.951941] ? trace_hardirqs_on+0x37/0xe0 [ 17.951989] ? __pfx_read_tsc+0x10/0x10 [ 17.952022] ? ktime_get_ts64+0x86/0x230 [ 17.952063] kunit_try_run_case+0x1a5/0x480 [ 17.952106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.952143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.952184] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.952225] ? __kthread_parkme+0x82/0x180 [ 17.952262] ? preempt_count_sub+0x50/0x80 [ 17.952302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.952337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.952372] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.952408] kthread+0x337/0x6f0 [ 17.952444] ? trace_preempt_on+0x20/0xc0 [ 17.952486] ? __pfx_kthread+0x10/0x10 [ 17.952526] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.952570] ? calculate_sigpending+0x7b/0xa0 [ 17.952658] ? __pfx_kthread+0x10/0x10 [ 17.952708] ret_from_fork+0x116/0x1d0 [ 17.952748] ? __pfx_kthread+0x10/0x10 [ 17.952791] ret_from_fork_asm+0x1a/0x30 [ 17.952855] </TASK> [ 17.952883] [ 17.964829] Allocated by task 299: [ 17.965116] kasan_save_stack+0x45/0x70 [ 17.965449] kasan_save_track+0x18/0x40 [ 17.965674] kasan_save_alloc_info+0x3b/0x50 [ 17.966021] __kasan_kmalloc+0xb7/0xc0 [ 17.966404] __kmalloc_cache_noprof+0x189/0x420 [ 17.966758] copy_to_kernel_nofault_oob+0x12f/0x560 [ 17.967013] kunit_try_run_case+0x1a5/0x480 [ 17.968013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.968422] kthread+0x337/0x6f0 [ 17.968720] ret_from_fork+0x116/0x1d0 [ 17.969305] ret_from_fork_asm+0x1a/0x30 [ 17.969627] [ 17.969908] The buggy address belongs to the object at ffff888102abe500 [ 17.969908] which belongs to the cache kmalloc-128 of size 128 [ 17.970608] The buggy address is located 0 bytes to the right of [ 17.970608] allocated 120-byte region [ffff888102abe500, ffff888102abe578) [ 17.971597] [ 17.972130] The buggy address belongs to the physical page: [ 17.972483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102abe [ 17.973204] flags: 0x200000000000000(node=0|zone=2) [ 17.973544] page_type: f5(slab) [ 17.973917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.974610] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.975145] page dumped because: kasan: bad access detected [ 17.975427] [ 17.975643] Memory state around the buggy address: [ 17.976054] ffff888102abe400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.976962] ffff888102abe480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.977739] >ffff888102abe500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.978131] ^ [ 17.978480] ffff888102abe580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.978724] ffff888102abe600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.979438] ==================================================================
[ 17.856849] ================================================================== [ 17.857525] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 17.857950] Read of size 8 at addr ffff8881031c0a78 by task kunit_try_catch/298 [ 17.858357] [ 17.858561] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.858615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.858630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.858656] Call Trace: [ 17.858671] <TASK> [ 17.858689] dump_stack_lvl+0x73/0xb0 [ 17.858763] print_report+0xd1/0x650 [ 17.858791] ? __virt_addr_valid+0x1db/0x2d0 [ 17.858818] ? copy_to_kernel_nofault+0x225/0x260 [ 17.858883] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.858939] ? copy_to_kernel_nofault+0x225/0x260 [ 17.858966] kasan_report+0x141/0x180 [ 17.858990] ? copy_to_kernel_nofault+0x225/0x260 [ 17.859022] __asan_report_load8_noabort+0x18/0x20 [ 17.859060] copy_to_kernel_nofault+0x225/0x260 [ 17.859087] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 17.859114] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 17.859176] ? finish_task_switch.isra.0+0x153/0x700 [ 17.859203] ? __schedule+0x10cc/0x2b60 [ 17.859226] ? trace_hardirqs_on+0x37/0xe0 [ 17.859261] ? __pfx_read_tsc+0x10/0x10 [ 17.859285] ? ktime_get_ts64+0x86/0x230 [ 17.859313] kunit_try_run_case+0x1a5/0x480 [ 17.859340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.859364] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.859389] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.859415] ? __kthread_parkme+0x82/0x180 [ 17.859437] ? preempt_count_sub+0x50/0x80 [ 17.859463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.859488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.859514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.859539] kthread+0x337/0x6f0 [ 17.859561] ? trace_preempt_on+0x20/0xc0 [ 17.859586] ? __pfx_kthread+0x10/0x10 [ 17.859610] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.859634] ? calculate_sigpending+0x7b/0xa0 [ 17.859662] ? __pfx_kthread+0x10/0x10 [ 17.859687] ret_from_fork+0x116/0x1d0 [ 17.859747] ? __pfx_kthread+0x10/0x10 [ 17.859787] ret_from_fork_asm+0x1a/0x30 [ 17.859822] </TASK> [ 17.859837] [ 17.878182] Allocated by task 298: [ 17.878380] kasan_save_stack+0x45/0x70 [ 17.878577] kasan_save_track+0x18/0x40 [ 17.879219] kasan_save_alloc_info+0x3b/0x50 [ 17.879462] __kasan_kmalloc+0xb7/0xc0 [ 17.879642] __kmalloc_cache_noprof+0x189/0x420 [ 17.880021] copy_to_kernel_nofault_oob+0x12f/0x560 [ 17.880225] kunit_try_run_case+0x1a5/0x480 [ 17.880440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.880701] kthread+0x337/0x6f0 [ 17.880966] ret_from_fork+0x116/0x1d0 [ 17.881204] ret_from_fork_asm+0x1a/0x30 [ 17.881390] [ 17.881478] The buggy address belongs to the object at ffff8881031c0a00 [ 17.881478] which belongs to the cache kmalloc-128 of size 128 [ 17.882206] The buggy address is located 0 bytes to the right of [ 17.882206] allocated 120-byte region [ffff8881031c0a00, ffff8881031c0a78) [ 17.882714] [ 17.882836] The buggy address belongs to the physical page: [ 17.883014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c0 [ 17.883531] flags: 0x200000000000000(node=0|zone=2) [ 17.884118] page_type: f5(slab) [ 17.884315] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.884616] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.885382] page dumped because: kasan: bad access detected [ 17.886110] [ 17.886220] Memory state around the buggy address: [ 17.886516] ffff8881031c0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.887261] ffff8881031c0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.887916] >ffff8881031c0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.888394] ^ [ 17.888975] ffff8881031c0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.889307] ffff8881031c0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.889611] ================================================================== [ 17.892275] ================================================================== [ 17.892626] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 17.893746] Write of size 8 at addr ffff8881031c0a78 by task kunit_try_catch/298 [ 17.894453] [ 17.894683] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.894748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.894764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.894786] Call Trace: [ 17.894801] <TASK> [ 17.894818] dump_stack_lvl+0x73/0xb0 [ 17.894849] print_report+0xd1/0x650 [ 17.894873] ? __virt_addr_valid+0x1db/0x2d0 [ 17.894897] ? copy_to_kernel_nofault+0x99/0x260 [ 17.894923] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.894951] ? copy_to_kernel_nofault+0x99/0x260 [ 17.894976] kasan_report+0x141/0x180 [ 17.895000] ? copy_to_kernel_nofault+0x99/0x260 [ 17.895031] kasan_check_range+0x10c/0x1c0 [ 17.895069] __kasan_check_write+0x18/0x20 [ 17.895090] copy_to_kernel_nofault+0x99/0x260 [ 17.895116] copy_to_kernel_nofault_oob+0x288/0x560 [ 17.895143] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 17.895167] ? finish_task_switch.isra.0+0x153/0x700 [ 17.895191] ? __schedule+0x10cc/0x2b60 [ 17.895214] ? trace_hardirqs_on+0x37/0xe0 [ 17.895248] ? __pfx_read_tsc+0x10/0x10 [ 17.895271] ? ktime_get_ts64+0x86/0x230 [ 17.895296] kunit_try_run_case+0x1a5/0x480 [ 17.895322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.895346] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.895370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.895395] ? __kthread_parkme+0x82/0x180 [ 17.895417] ? preempt_count_sub+0x50/0x80 [ 17.895442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.895467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.895492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.895517] kthread+0x337/0x6f0 [ 17.895538] ? trace_preempt_on+0x20/0xc0 [ 17.895563] ? __pfx_kthread+0x10/0x10 [ 17.895585] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.895608] ? calculate_sigpending+0x7b/0xa0 [ 17.895634] ? __pfx_kthread+0x10/0x10 [ 17.895657] ret_from_fork+0x116/0x1d0 [ 17.895677] ? __pfx_kthread+0x10/0x10 [ 17.895699] ret_from_fork_asm+0x1a/0x30 [ 17.895899] </TASK> [ 17.895918] [ 17.909400] Allocated by task 298: [ 17.909575] kasan_save_stack+0x45/0x70 [ 17.909797] kasan_save_track+0x18/0x40 [ 17.910090] kasan_save_alloc_info+0x3b/0x50 [ 17.910314] __kasan_kmalloc+0xb7/0xc0 [ 17.910522] __kmalloc_cache_noprof+0x189/0x420 [ 17.910752] copy_to_kernel_nofault_oob+0x12f/0x560 [ 17.910949] kunit_try_run_case+0x1a5/0x480 [ 17.911298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.911653] kthread+0x337/0x6f0 [ 17.911986] ret_from_fork+0x116/0x1d0 [ 17.912246] ret_from_fork_asm+0x1a/0x30 [ 17.912413] [ 17.912522] The buggy address belongs to the object at ffff8881031c0a00 [ 17.912522] which belongs to the cache kmalloc-128 of size 128 [ 17.913069] The buggy address is located 0 bytes to the right of [ 17.913069] allocated 120-byte region [ffff8881031c0a00, ffff8881031c0a78) [ 17.913614] [ 17.913707] The buggy address belongs to the physical page: [ 17.914253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c0 [ 17.914586] flags: 0x200000000000000(node=0|zone=2) [ 17.914875] page_type: f5(slab) [ 17.915096] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.915428] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.915700] page dumped because: kasan: bad access detected [ 17.916028] [ 17.916119] Memory state around the buggy address: [ 17.916285] ffff8881031c0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.916592] ffff8881031c0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.916920] >ffff8881031c0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.917358] ^ [ 17.917611] ffff8881031c0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.918123] ffff8881031c0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.918468] ==================================================================
[ 76.353990] ================================================================== [ 76.361240] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 76.368554] Write of size 8 at addr ffff888100cff178 by task kunit_try_catch/322 [ 76.375948] [ 76.377449] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 76.377458] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 76.377461] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 76.377465] Call Trace: [ 76.377466] <TASK> [ 76.377468] dump_stack_lvl+0x73/0xb0 [ 76.377473] print_report+0xd1/0x650 [ 76.377477] ? __virt_addr_valid+0x1db/0x2d0 [ 76.377482] ? copy_to_kernel_nofault+0x99/0x260 [ 76.377486] ? kasan_complete_mode_report_info+0x2a/0x200 [ 76.377492] ? copy_to_kernel_nofault+0x99/0x260 [ 76.377496] kasan_report+0x141/0x180 [ 76.377500] ? copy_to_kernel_nofault+0x99/0x260 [ 76.377506] kasan_check_range+0x10c/0x1c0 [ 76.377510] __kasan_check_write+0x18/0x20 [ 76.377514] copy_to_kernel_nofault+0x99/0x260 [ 76.377519] copy_to_kernel_nofault_oob+0x288/0x560 [ 76.377523] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 76.377528] ? finish_task_switch.isra.0+0x153/0x700 [ 76.377532] ? __schedule+0x10cc/0x2b60 [ 76.377536] ? trace_hardirqs_on+0x37/0xe0 [ 76.377542] ? ktime_get_ts64+0x83/0x230 [ 76.377546] kunit_try_run_case+0x1a2/0x480 [ 76.377551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 76.377556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 76.377560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 76.377564] ? __kthread_parkme+0x82/0x180 [ 76.377568] ? preempt_count_sub+0x50/0x80 [ 76.377573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 76.377577] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 76.377582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 76.377586] kthread+0x334/0x6f0 [ 76.377590] ? trace_preempt_on+0x20/0xc0 [ 76.377594] ? __pfx_kthread+0x10/0x10 [ 76.377598] ? _raw_spin_unlock_irq+0x47/0x80 [ 76.377602] ? calculate_sigpending+0x7b/0xa0 [ 76.377606] ? __pfx_kthread+0x10/0x10 [ 76.377611] ret_from_fork+0x113/0x1d0 [ 76.377614] ? __pfx_kthread+0x10/0x10 [ 76.377618] ret_from_fork_asm+0x1a/0x30 [ 76.377624] </TASK> [ 76.377626] [ 76.561967] Allocated by task 322: [ 76.565373] kasan_save_stack+0x45/0x70 [ 76.569212] kasan_save_track+0x18/0x40 [ 76.573051] kasan_save_alloc_info+0x3b/0x50 [ 76.577325] __kasan_kmalloc+0xb7/0xc0 [ 76.581111] __kmalloc_cache_noprof+0x189/0x420 [ 76.585646] copy_to_kernel_nofault_oob+0x12f/0x560 [ 76.590534] kunit_try_run_case+0x1a2/0x480 [ 76.594726] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 76.600126] kthread+0x334/0x6f0 [ 76.603363] ret_from_fork+0x113/0x1d0 [ 76.607122] ret_from_fork_asm+0x1a/0x30 [ 76.611055] [ 76.612555] The buggy address belongs to the object at ffff888100cff100 [ 76.612555] which belongs to the cache kmalloc-128 of size 128 [ 76.625070] The buggy address is located 0 bytes to the right of [ 76.625070] allocated 120-byte region [ffff888100cff100, ffff888100cff178) [ 76.638025] [ 76.639524] The buggy address belongs to the physical page: [ 76.645099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100cff [ 76.653105] flags: 0x200000000000000(node=0|zone=2) [ 76.657984] page_type: f5(slab) [ 76.661133] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 76.668881] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 76.676628] page dumped because: kasan: bad access detected [ 76.682199] [ 76.683698] Memory state around the buggy address: [ 76.688493] ffff888100cff000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.695721] ffff888100cff080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.702948] >ffff888100cff100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 76.710166] ^ [ 76.717298] ffff888100cff180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.724519] ffff888100cff200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.731738] ================================================================== [ 75.964511] ================================================================== [ 75.979398] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 75.986806] Read of size 8 at addr ffff888100cff178 by task kunit_try_catch/322 [ 75.994112] [ 75.995613] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 75.995622] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 75.995626] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 75.995629] Call Trace: [ 75.995631] <TASK> [ 75.995633] dump_stack_lvl+0x73/0xb0 [ 75.995639] print_report+0xd1/0x650 [ 75.995643] ? __virt_addr_valid+0x1db/0x2d0 [ 75.995647] ? copy_to_kernel_nofault+0x225/0x260 [ 75.995652] ? kasan_complete_mode_report_info+0x2a/0x200 [ 75.995657] ? copy_to_kernel_nofault+0x225/0x260 [ 75.995662] kasan_report+0x141/0x180 [ 75.995666] ? copy_to_kernel_nofault+0x225/0x260 [ 75.995672] __asan_report_load8_noabort+0x18/0x20 [ 75.995677] copy_to_kernel_nofault+0x225/0x260 [ 75.995681] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 75.995686] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 75.995690] ? finish_task_switch.isra.0+0x153/0x700 [ 75.995695] ? __schedule+0x10cc/0x2b60 [ 75.995699] ? trace_hardirqs_on+0x37/0xe0 [ 75.995705] ? ktime_get_ts64+0x83/0x230 [ 75.995709] kunit_try_run_case+0x1a2/0x480 [ 75.995714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 75.995718] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 75.995723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 75.995727] ? __kthread_parkme+0x82/0x180 [ 75.995731] ? preempt_count_sub+0x50/0x80 [ 75.995736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 75.995740] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 75.995745] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 75.995749] kthread+0x334/0x6f0 [ 75.995753] ? trace_preempt_on+0x20/0xc0 [ 75.995757] ? __pfx_kthread+0x10/0x10 [ 75.995761] ? _raw_spin_unlock_irq+0x47/0x80 [ 75.995765] ? calculate_sigpending+0x7b/0xa0 [ 75.995770] ? __pfx_kthread+0x10/0x10 [ 75.995774] ret_from_fork+0x113/0x1d0 [ 75.995777] ? __pfx_kthread+0x10/0x10 [ 75.995781] ret_from_fork_asm+0x1a/0x30 [ 75.995787] </TASK> [ 75.995789] [ 76.176952] Allocated by task 322: [ 76.180372] kasan_save_stack+0x45/0x70 [ 76.184225] kasan_save_track+0x18/0x40 [ 76.188062] kasan_save_alloc_info+0x3b/0x50 [ 76.192350] __kasan_kmalloc+0xb7/0xc0 [ 76.196133] __kmalloc_cache_noprof+0x189/0x420 [ 76.200674] copy_to_kernel_nofault_oob+0x12f/0x560 [ 76.205561] kunit_try_run_case+0x1a2/0x480 [ 76.209746] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 76.215146] kthread+0x334/0x6f0 [ 76.218387] ret_from_fork+0x113/0x1d0 [ 76.222140] ret_from_fork_asm+0x1a/0x30 [ 76.226066] [ 76.227565] The buggy address belongs to the object at ffff888100cff100 [ 76.227565] which belongs to the cache kmalloc-128 of size 128 [ 76.240080] The buggy address is located 0 bytes to the right of [ 76.240080] allocated 120-byte region [ffff888100cff100, ffff888100cff178) [ 76.253028] [ 76.254527] The buggy address belongs to the physical page: [ 76.260100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100cff [ 76.268109] flags: 0x200000000000000(node=0|zone=2) [ 76.272996] page_type: f5(slab) [ 76.276142] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 76.283883] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 76.291631] page dumped because: kasan: bad access detected [ 76.297203] [ 76.298701] Memory state around the buggy address: [ 76.303496] ffff888100cff000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.310721] ffff888100cff080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.317942] >ffff888100cff100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 76.325162] ^ [ 76.332303] ffff888100cff180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.339520] ffff888100cff200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.346739] ==================================================================