Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.960766] ================================================================== [ 18.961750] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 18.961824] Write of size 8 at addr fff00000c58c3a78 by task kunit_try_catch/282 [ 18.961969] [ 18.962014] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.962110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.962141] Hardware name: linux,dummy-virt (DT) [ 18.962184] Call trace: [ 18.962221] show_stack+0x20/0x38 (C) [ 18.962273] dump_stack_lvl+0x8c/0xd0 [ 18.962323] print_report+0x118/0x5d0 [ 18.962371] kasan_report+0xdc/0x128 [ 18.962419] kasan_check_range+0x100/0x1a8 [ 18.962518] __kasan_check_write+0x20/0x30 [ 18.962714] copy_to_kernel_nofault+0x8c/0x250 [ 18.962791] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 18.963121] kunit_try_run_case+0x170/0x3f0 [ 18.963217] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.963518] kthread+0x328/0x630 [ 18.963585] ret_from_fork+0x10/0x20 [ 18.963637] [ 18.963687] Allocated by task 282: [ 18.963719] kasan_save_stack+0x3c/0x68 [ 18.963762] kasan_save_track+0x20/0x40 [ 18.963829] kasan_save_alloc_info+0x40/0x58 [ 18.963871] __kasan_kmalloc+0xd4/0xd8 [ 18.963911] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.963954] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.963995] kunit_try_run_case+0x170/0x3f0 [ 18.964034] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.964079] kthread+0x328/0x630 [ 18.964112] ret_from_fork+0x10/0x20 [ 18.964190] [ 18.964266] The buggy address belongs to the object at fff00000c58c3a00 [ 18.964266] which belongs to the cache kmalloc-128 of size 128 [ 18.964622] The buggy address is located 0 bytes to the right of [ 18.964622] allocated 120-byte region [fff00000c58c3a00, fff00000c58c3a78) [ 18.964960] [ 18.964985] The buggy address belongs to the physical page: [ 18.965019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 18.965075] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.966314] page_type: f5(slab) [ 18.966433] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.967139] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.967540] page dumped because: kasan: bad access detected [ 18.967656] [ 18.968033] Memory state around the buggy address: [ 18.968300] fff00000c58c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.968371] fff00000c58c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.968624] >fff00000c58c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.969032] ^ [ 18.969167] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.969260] fff00000c58c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.971104] ================================================================== [ 18.954340] ================================================================== [ 18.954412] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 18.954660] Read of size 8 at addr fff00000c58c3a78 by task kunit_try_catch/282 [ 18.954856] [ 18.954902] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.955053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.955256] Hardware name: linux,dummy-virt (DT) [ 18.955293] Call trace: [ 18.955374] show_stack+0x20/0x38 (C) [ 18.955450] dump_stack_lvl+0x8c/0xd0 [ 18.955503] print_report+0x118/0x5d0 [ 18.955553] kasan_report+0xdc/0x128 [ 18.955599] __asan_report_load8_noabort+0x20/0x30 [ 18.955653] copy_to_kernel_nofault+0x204/0x250 [ 18.955703] copy_to_kernel_nofault_oob+0x158/0x418 [ 18.955913] kunit_try_run_case+0x170/0x3f0 [ 18.955986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.956070] kthread+0x328/0x630 [ 18.956114] ret_from_fork+0x10/0x20 [ 18.956230] [ 18.956280] Allocated by task 282: [ 18.956346] kasan_save_stack+0x3c/0x68 [ 18.956399] kasan_save_track+0x20/0x40 [ 18.956439] kasan_save_alloc_info+0x40/0x58 [ 18.956519] __kasan_kmalloc+0xd4/0xd8 [ 18.956590] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.956636] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.956701] kunit_try_run_case+0x170/0x3f0 [ 18.956787] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.958238] kthread+0x328/0x630 [ 18.958309] ret_from_fork+0x10/0x20 [ 18.958377] [ 18.958416] The buggy address belongs to the object at fff00000c58c3a00 [ 18.958416] which belongs to the cache kmalloc-128 of size 128 [ 18.958555] The buggy address is located 0 bytes to the right of [ 18.958555] allocated 120-byte region [fff00000c58c3a00, fff00000c58c3a78) [ 18.958662] [ 18.959012] The buggy address belongs to the physical page: [ 18.959089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 18.959194] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.959277] page_type: f5(slab) [ 18.959393] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.959459] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.959513] page dumped because: kasan: bad access detected [ 18.959545] [ 18.959582] Memory state around the buggy address: [ 18.959631] fff00000c58c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.959754] fff00000c58c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.959830] >fff00000c58c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.959897] ^ [ 18.959943] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.959989] fff00000c58c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.960032] ==================================================================
[ 19.663260] ================================================================== [ 19.663345] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.663775] Read of size 8 at addr fff00000c5ae0a78 by task kunit_try_catch/282 [ 19.663930] [ 19.664027] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.664307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.664378] Hardware name: linux,dummy-virt (DT) [ 19.664620] Call trace: [ 19.664764] show_stack+0x20/0x38 (C) [ 19.664829] dump_stack_lvl+0x8c/0xd0 [ 19.664956] print_report+0x118/0x5d0 [ 19.665025] kasan_report+0xdc/0x128 [ 19.665101] __asan_report_load8_noabort+0x20/0x30 [ 19.665472] copy_to_kernel_nofault+0x204/0x250 [ 19.665810] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.665903] kunit_try_run_case+0x170/0x3f0 [ 19.666063] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.666138] kthread+0x328/0x630 [ 19.666270] ret_from_fork+0x10/0x20 [ 19.666360] [ 19.666408] Allocated by task 282: [ 19.666465] kasan_save_stack+0x3c/0x68 [ 19.666899] kasan_save_track+0x20/0x40 [ 19.666974] kasan_save_alloc_info+0x40/0x58 [ 19.667093] __kasan_kmalloc+0xd4/0xd8 [ 19.667174] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.667292] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.667466] kunit_try_run_case+0x170/0x3f0 [ 19.667523] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.667585] kthread+0x328/0x630 [ 19.667765] ret_from_fork+0x10/0x20 [ 19.667999] [ 19.668055] The buggy address belongs to the object at fff00000c5ae0a00 [ 19.668055] which belongs to the cache kmalloc-128 of size 128 [ 19.668205] The buggy address is located 0 bytes to the right of [ 19.668205] allocated 120-byte region [fff00000c5ae0a00, fff00000c5ae0a78) [ 19.668434] [ 19.668645] The buggy address belongs to the physical page: [ 19.668712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.669222] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.669315] page_type: f5(slab) [ 19.669674] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.669803] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.669904] page dumped because: kasan: bad access detected [ 19.669973] [ 19.670111] Memory state around the buggy address: [ 19.670172] fff00000c5ae0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.670504] fff00000c5ae0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.670642] >fff00000c5ae0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.670781] ^ [ 19.670848] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.670996] fff00000c5ae0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.671072] ================================================================== [ 19.673671] ================================================================== [ 19.673741] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.673803] Write of size 8 at addr fff00000c5ae0a78 by task kunit_try_catch/282 [ 19.673860] [ 19.673891] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.673975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.674013] Hardware name: linux,dummy-virt (DT) [ 19.674046] Call trace: [ 19.674084] show_stack+0x20/0x38 (C) [ 19.674135] dump_stack_lvl+0x8c/0xd0 [ 19.674193] print_report+0x118/0x5d0 [ 19.675469] kasan_report+0xdc/0x128 [ 19.675519] kasan_check_range+0x100/0x1a8 [ 19.675685] __kasan_check_write+0x20/0x30 [ 19.675742] copy_to_kernel_nofault+0x8c/0x250 [ 19.675792] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.675843] kunit_try_run_case+0x170/0x3f0 [ 19.675891] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.675947] kthread+0x328/0x630 [ 19.675991] ret_from_fork+0x10/0x20 [ 19.676041] [ 19.676062] Allocated by task 282: [ 19.676091] kasan_save_stack+0x3c/0x68 [ 19.676134] kasan_save_track+0x20/0x40 [ 19.676174] kasan_save_alloc_info+0x40/0x58 [ 19.677794] __kasan_kmalloc+0xd4/0xd8 [ 19.678202] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.678927] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.678984] kunit_try_run_case+0x170/0x3f0 [ 19.679288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.679507] kthread+0x328/0x630 [ 19.679609] ret_from_fork+0x10/0x20 [ 19.679650] [ 19.679992] The buggy address belongs to the object at fff00000c5ae0a00 [ 19.679992] which belongs to the cache kmalloc-128 of size 128 [ 19.680435] The buggy address is located 0 bytes to the right of [ 19.680435] allocated 120-byte region [fff00000c5ae0a00, fff00000c5ae0a78) [ 19.680692] [ 19.680898] The buggy address belongs to the physical page: [ 19.681159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.681261] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.681312] page_type: f5(slab) [ 19.681353] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.681406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.681450] page dumped because: kasan: bad access detected [ 19.681484] [ 19.681504] Memory state around the buggy address: [ 19.681535] fff00000c5ae0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.682319] fff00000c5ae0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.682372] >fff00000c5ae0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.682415] ^ [ 19.682459] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.682504] fff00000c5ae0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.682547] ==================================================================
[ 16.511840] ================================================================== [ 16.512438] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.512816] Read of size 8 at addr ffff8881026ce878 by task kunit_try_catch/299 [ 16.513152] [ 16.513263] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.513315] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.513328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.513354] Call Trace: [ 16.513368] <TASK> [ 16.513387] dump_stack_lvl+0x73/0xb0 [ 16.513431] print_report+0xd1/0x610 [ 16.513470] ? __virt_addr_valid+0x1db/0x2d0 [ 16.513498] ? copy_to_kernel_nofault+0x225/0x260 [ 16.513524] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.513549] ? copy_to_kernel_nofault+0x225/0x260 [ 16.513574] kasan_report+0x141/0x180 [ 16.513597] ? copy_to_kernel_nofault+0x225/0x260 [ 16.513627] __asan_report_load8_noabort+0x18/0x20 [ 16.513654] copy_to_kernel_nofault+0x225/0x260 [ 16.513681] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.513707] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.513745] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.513774] ? trace_hardirqs_on+0x37/0xe0 [ 16.513807] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.513837] kunit_try_run_case+0x1a5/0x480 [ 16.513865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.513890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.513929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.513955] ? __kthread_parkme+0x82/0x180 [ 16.513979] ? preempt_count_sub+0x50/0x80 [ 16.514006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.514032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.514058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.514085] kthread+0x337/0x6f0 [ 16.514107] ? trace_preempt_on+0x20/0xc0 [ 16.514131] ? __pfx_kthread+0x10/0x10 [ 16.514153] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.514176] ? calculate_sigpending+0x7b/0xa0 [ 16.514203] ? __pfx_kthread+0x10/0x10 [ 16.514227] ret_from_fork+0x116/0x1d0 [ 16.514249] ? __pfx_kthread+0x10/0x10 [ 16.514271] ret_from_fork_asm+0x1a/0x30 [ 16.514304] </TASK> [ 16.514316] [ 16.521873] Allocated by task 299: [ 16.522024] kasan_save_stack+0x45/0x70 [ 16.522229] kasan_save_track+0x18/0x40 [ 16.522385] kasan_save_alloc_info+0x3b/0x50 [ 16.522613] __kasan_kmalloc+0xb7/0xc0 [ 16.522864] __kmalloc_cache_noprof+0x189/0x420 [ 16.523139] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.523350] kunit_try_run_case+0x1a5/0x480 [ 16.523552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.523793] kthread+0x337/0x6f0 [ 16.523983] ret_from_fork+0x116/0x1d0 [ 16.524164] ret_from_fork_asm+0x1a/0x30 [ 16.524341] [ 16.524467] The buggy address belongs to the object at ffff8881026ce800 [ 16.524467] which belongs to the cache kmalloc-128 of size 128 [ 16.525006] The buggy address is located 0 bytes to the right of [ 16.525006] allocated 120-byte region [ffff8881026ce800, ffff8881026ce878) [ 16.525406] [ 16.525508] The buggy address belongs to the physical page: [ 16.525767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ce [ 16.526136] flags: 0x200000000000000(node=0|zone=2) [ 16.526304] page_type: f5(slab) [ 16.526429] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.526957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.527239] page dumped because: kasan: bad access detected [ 16.527474] [ 16.527544] Memory state around the buggy address: [ 16.527700] ffff8881026ce700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.527915] ffff8881026ce780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.528130] >ffff8881026ce800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.528389] ^ [ 16.528747] ffff8881026ce880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.529062] ffff8881026ce900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.529372] ================================================================== [ 16.529983] ================================================================== [ 16.530227] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.530477] Write of size 8 at addr ffff8881026ce878 by task kunit_try_catch/299 [ 16.530844] [ 16.531049] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.531094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.531106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.531128] Call Trace: [ 16.531148] <TASK> [ 16.531179] dump_stack_lvl+0x73/0xb0 [ 16.531210] print_report+0xd1/0x610 [ 16.531234] ? __virt_addr_valid+0x1db/0x2d0 [ 16.531259] ? copy_to_kernel_nofault+0x99/0x260 [ 16.531285] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.531310] ? copy_to_kernel_nofault+0x99/0x260 [ 16.531335] kasan_report+0x141/0x180 [ 16.531358] ? copy_to_kernel_nofault+0x99/0x260 [ 16.531388] kasan_check_range+0x10c/0x1c0 [ 16.531414] __kasan_check_write+0x18/0x20 [ 16.531434] copy_to_kernel_nofault+0x99/0x260 [ 16.531474] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.531501] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.531537] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.531565] ? trace_hardirqs_on+0x37/0xe0 [ 16.531597] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.531628] kunit_try_run_case+0x1a5/0x480 [ 16.531655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.531680] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.531706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.531732] ? __kthread_parkme+0x82/0x180 [ 16.531755] ? preempt_count_sub+0x50/0x80 [ 16.531781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.531807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.531834] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.531861] kthread+0x337/0x6f0 [ 16.531882] ? trace_preempt_on+0x20/0xc0 [ 16.531906] ? __pfx_kthread+0x10/0x10 [ 16.531927] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.531951] ? calculate_sigpending+0x7b/0xa0 [ 16.531978] ? __pfx_kthread+0x10/0x10 [ 16.532000] ret_from_fork+0x116/0x1d0 [ 16.532021] ? __pfx_kthread+0x10/0x10 [ 16.532043] ret_from_fork_asm+0x1a/0x30 [ 16.532087] </TASK> [ 16.532108] [ 16.545248] Allocated by task 299: [ 16.545399] kasan_save_stack+0x45/0x70 [ 16.546292] kasan_save_track+0x18/0x40 [ 16.546759] kasan_save_alloc_info+0x3b/0x50 [ 16.546989] __kasan_kmalloc+0xb7/0xc0 [ 16.547167] __kmalloc_cache_noprof+0x189/0x420 [ 16.547509] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.547737] kunit_try_run_case+0x1a5/0x480 [ 16.547945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.548155] kthread+0x337/0x6f0 [ 16.548336] ret_from_fork+0x116/0x1d0 [ 16.548618] ret_from_fork_asm+0x1a/0x30 [ 16.548806] [ 16.548894] The buggy address belongs to the object at ffff8881026ce800 [ 16.548894] which belongs to the cache kmalloc-128 of size 128 [ 16.549319] The buggy address is located 0 bytes to the right of [ 16.549319] allocated 120-byte region [ffff8881026ce800, ffff8881026ce878) [ 16.550038] [ 16.550143] The buggy address belongs to the physical page: [ 16.550325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ce [ 16.550815] flags: 0x200000000000000(node=0|zone=2) [ 16.551052] page_type: f5(slab) [ 16.551176] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.551720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.551960] page dumped because: kasan: bad access detected [ 16.552145] [ 16.552240] Memory state around the buggy address: [ 16.552511] ffff8881026ce700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.552873] ffff8881026ce780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.553201] >ffff8881026ce800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.553725] ^ [ 16.554000] ffff8881026ce880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.554265] ffff8881026ce900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.554601] ==================================================================
[ 16.908940] ================================================================== [ 16.909217] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.909568] Write of size 8 at addr ffff8881025b8078 by task kunit_try_catch/300 [ 16.909983] [ 16.910474] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.910534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.910548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.910882] Call Trace: [ 16.910901] <TASK> [ 16.910918] dump_stack_lvl+0x73/0xb0 [ 16.910951] print_report+0xd1/0x610 [ 16.910975] ? __virt_addr_valid+0x1db/0x2d0 [ 16.910999] ? copy_to_kernel_nofault+0x99/0x260 [ 16.911025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.911062] ? copy_to_kernel_nofault+0x99/0x260 [ 16.911088] kasan_report+0x141/0x180 [ 16.911112] ? copy_to_kernel_nofault+0x99/0x260 [ 16.911154] kasan_check_range+0x10c/0x1c0 [ 16.911179] __kasan_check_write+0x18/0x20 [ 16.911200] copy_to_kernel_nofault+0x99/0x260 [ 16.911228] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.911255] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.911281] ? finish_task_switch.isra.0+0x153/0x700 [ 16.911306] ? __schedule+0x10cc/0x2b60 [ 16.911329] ? trace_hardirqs_on+0x37/0xe0 [ 16.911362] ? __pfx_read_tsc+0x10/0x10 [ 16.911384] ? ktime_get_ts64+0x86/0x230 [ 16.911409] kunit_try_run_case+0x1a5/0x480 [ 16.911436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.911461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.911488] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.911514] ? __kthread_parkme+0x82/0x180 [ 16.911536] ? preempt_count_sub+0x50/0x80 [ 16.911560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.911587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.911613] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.911641] kthread+0x337/0x6f0 [ 16.911661] ? trace_preempt_on+0x20/0xc0 [ 16.911686] ? __pfx_kthread+0x10/0x10 [ 16.911708] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.911732] ? calculate_sigpending+0x7b/0xa0 [ 16.911757] ? __pfx_kthread+0x10/0x10 [ 16.911780] ret_from_fork+0x116/0x1d0 [ 16.911801] ? __pfx_kthread+0x10/0x10 [ 16.911822] ret_from_fork_asm+0x1a/0x30 [ 16.911856] </TASK> [ 16.911867] [ 16.923778] Allocated by task 300: [ 16.924414] kasan_save_stack+0x45/0x70 [ 16.924736] kasan_save_track+0x18/0x40 [ 16.924977] kasan_save_alloc_info+0x3b/0x50 [ 16.925509] __kasan_kmalloc+0xb7/0xc0 [ 16.925688] __kmalloc_cache_noprof+0x189/0x420 [ 16.926017] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.926626] kunit_try_run_case+0x1a5/0x480 [ 16.926834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.927569] kthread+0x337/0x6f0 [ 16.927914] ret_from_fork+0x116/0x1d0 [ 16.928266] ret_from_fork_asm+0x1a/0x30 [ 16.928460] [ 16.928687] The buggy address belongs to the object at ffff8881025b8000 [ 16.928687] which belongs to the cache kmalloc-128 of size 128 [ 16.929378] The buggy address is located 0 bytes to the right of [ 16.929378] allocated 120-byte region [ffff8881025b8000, ffff8881025b8078) [ 16.930148] [ 16.930334] The buggy address belongs to the physical page: [ 16.930823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 16.931253] flags: 0x200000000000000(node=0|zone=2) [ 16.931601] page_type: f5(slab) [ 16.931820] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.932391] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.932865] page dumped because: kasan: bad access detected [ 16.933070] [ 16.933169] Memory state around the buggy address: [ 16.933410] ffff8881025b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.934157] ffff8881025b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.934584] >ffff8881025b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.934951] ^ [ 16.935490] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.935981] ffff8881025b8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.936559] ================================================================== [ 16.880509] ================================================================== [ 16.881206] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.881774] Read of size 8 at addr ffff8881025b8078 by task kunit_try_catch/300 [ 16.882555] [ 16.882798] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.882850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.882864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.882887] Call Trace: [ 16.882902] <TASK> [ 16.882921] dump_stack_lvl+0x73/0xb0 [ 16.882954] print_report+0xd1/0x610 [ 16.882980] ? __virt_addr_valid+0x1db/0x2d0 [ 16.883038] ? copy_to_kernel_nofault+0x225/0x260 [ 16.883162] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.883190] ? copy_to_kernel_nofault+0x225/0x260 [ 16.883216] kasan_report+0x141/0x180 [ 16.883240] ? copy_to_kernel_nofault+0x225/0x260 [ 16.883271] __asan_report_load8_noabort+0x18/0x20 [ 16.883298] copy_to_kernel_nofault+0x225/0x260 [ 16.883326] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.883353] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.883380] ? finish_task_switch.isra.0+0x153/0x700 [ 16.883406] ? __schedule+0x10cc/0x2b60 [ 16.883430] ? trace_hardirqs_on+0x37/0xe0 [ 16.883464] ? __pfx_read_tsc+0x10/0x10 [ 16.883488] ? ktime_get_ts64+0x86/0x230 [ 16.883514] kunit_try_run_case+0x1a5/0x480 [ 16.883541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.883566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.883592] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.883619] ? __kthread_parkme+0x82/0x180 [ 16.883651] ? preempt_count_sub+0x50/0x80 [ 16.883676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.883703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.883730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.883758] kthread+0x337/0x6f0 [ 16.883779] ? trace_preempt_on+0x20/0xc0 [ 16.883804] ? __pfx_kthread+0x10/0x10 [ 16.883826] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.883850] ? calculate_sigpending+0x7b/0xa0 [ 16.883877] ? __pfx_kthread+0x10/0x10 [ 16.883900] ret_from_fork+0x116/0x1d0 [ 16.883921] ? __pfx_kthread+0x10/0x10 [ 16.883943] ret_from_fork_asm+0x1a/0x30 [ 16.883977] </TASK> [ 16.883989] [ 16.895989] Allocated by task 300: [ 16.896605] kasan_save_stack+0x45/0x70 [ 16.896844] kasan_save_track+0x18/0x40 [ 16.897291] kasan_save_alloc_info+0x3b/0x50 [ 16.897605] __kasan_kmalloc+0xb7/0xc0 [ 16.897973] __kmalloc_cache_noprof+0x189/0x420 [ 16.898438] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.898693] kunit_try_run_case+0x1a5/0x480 [ 16.899091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.899396] kthread+0x337/0x6f0 [ 16.899561] ret_from_fork+0x116/0x1d0 [ 16.899872] ret_from_fork_asm+0x1a/0x30 [ 16.900340] [ 16.900448] The buggy address belongs to the object at ffff8881025b8000 [ 16.900448] which belongs to the cache kmalloc-128 of size 128 [ 16.901338] The buggy address is located 0 bytes to the right of [ 16.901338] allocated 120-byte region [ffff8881025b8000, ffff8881025b8078) [ 16.902154] [ 16.902273] The buggy address belongs to the physical page: [ 16.902674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 16.903201] flags: 0x200000000000000(node=0|zone=2) [ 16.903551] page_type: f5(slab) [ 16.903848] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.904270] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.904717] page dumped because: kasan: bad access detected [ 16.904992] [ 16.905323] Memory state around the buggy address: [ 16.905618] ffff8881025b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.905947] ffff8881025b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.906437] >ffff8881025b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.906991] ^ [ 16.907390] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.907808] ffff8881025b8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.908152] ==================================================================