Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.739482] ================================================================== [ 19.739686] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.739750] Read of size 8 at addr fff00000c780a978 by task kunit_try_catch/281 [ 19.739804] [ 19.739840] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.739941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.739981] Hardware name: linux,dummy-virt (DT) [ 19.740016] Call trace: [ 19.740043] show_stack+0x20/0x38 (C) [ 19.740094] dump_stack_lvl+0x8c/0xd0 [ 19.740388] print_report+0x118/0x5d0 [ 19.740521] kasan_report+0xdc/0x128 [ 19.740753] __asan_report_load8_noabort+0x20/0x30 [ 19.740809] copy_to_kernel_nofault+0x204/0x250 [ 19.740868] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.742016] kunit_try_run_case+0x170/0x3f0 [ 19.742067] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.742123] kthread+0x328/0x630 [ 19.742166] ret_from_fork+0x10/0x20 [ 19.742216] [ 19.742236] Allocated by task 281: [ 19.742270] kasan_save_stack+0x3c/0x68 [ 19.742591] kasan_save_track+0x20/0x40 [ 19.742640] kasan_save_alloc_info+0x40/0x58 [ 19.742745] __kasan_kmalloc+0xd4/0xd8 [ 19.742796] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.742839] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.742959] kunit_try_run_case+0x170/0x3f0 [ 19.743071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.743118] kthread+0x328/0x630 [ 19.743154] ret_from_fork+0x10/0x20 [ 19.743215] [ 19.743277] The buggy address belongs to the object at fff00000c780a900 [ 19.743277] which belongs to the cache kmalloc-128 of size 128 [ 19.743503] The buggy address is located 0 bytes to the right of [ 19.743503] allocated 120-byte region [fff00000c780a900, fff00000c780a978) [ 19.743593] [ 19.743620] The buggy address belongs to the physical page: [ 19.743656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.743792] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.743974] page_type: f5(slab) [ 19.744025] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.744078] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.744265] page dumped because: kasan: bad access detected [ 19.744303] [ 19.744366] Memory state around the buggy address: [ 19.744476] fff00000c780a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.744567] fff00000c780a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.744636] >fff00000c780a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.744827] ^ [ 19.744914] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.745020] fff00000c780aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.745062] ================================================================== [ 19.746336] ================================================================== [ 19.746389] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.746440] Write of size 8 at addr fff00000c780a978 by task kunit_try_catch/281 [ 19.746493] [ 19.746525] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.746609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.746857] Hardware name: linux,dummy-virt (DT) [ 19.746989] Call trace: [ 19.747015] show_stack+0x20/0x38 (C) [ 19.747252] dump_stack_lvl+0x8c/0xd0 [ 19.747309] print_report+0x118/0x5d0 [ 19.747357] kasan_report+0xdc/0x128 [ 19.747406] kasan_check_range+0x100/0x1a8 [ 19.747457] __kasan_check_write+0x20/0x30 [ 19.747507] copy_to_kernel_nofault+0x8c/0x250 [ 19.747558] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.747608] kunit_try_run_case+0x170/0x3f0 [ 19.747667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.747722] kthread+0x328/0x630 [ 19.747864] ret_from_fork+0x10/0x20 [ 19.748011] [ 19.748142] Allocated by task 281: [ 19.748378] kasan_save_stack+0x3c/0x68 [ 19.748805] kasan_save_track+0x20/0x40 [ 19.748846] kasan_save_alloc_info+0x40/0x58 [ 19.748889] __kasan_kmalloc+0xd4/0xd8 [ 19.748940] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.748981] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.749021] kunit_try_run_case+0x170/0x3f0 [ 19.749062] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.749105] kthread+0x328/0x630 [ 19.749529] ret_from_fork+0x10/0x20 [ 19.749877] [ 19.750096] The buggy address belongs to the object at fff00000c780a900 [ 19.750096] which belongs to the cache kmalloc-128 of size 128 [ 19.750162] The buggy address is located 0 bytes to the right of [ 19.750162] allocated 120-byte region [fff00000c780a900, fff00000c780a978) [ 19.750229] [ 19.750275] The buggy address belongs to the physical page: [ 19.750308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.750479] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.750533] page_type: f5(slab) [ 19.750575] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.750780] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.750879] page dumped because: kasan: bad access detected [ 19.750976] [ 19.751083] Memory state around the buggy address: [ 19.751205] fff00000c780a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.751252] fff00000c780a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.751297] >fff00000c780a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.751366] ^ [ 19.751411] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.751457] fff00000c780aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.751498] ==================================================================
[ 20.054743] ================================================================== [ 20.054948] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 20.055092] Write of size 8 at addr fff00000c5b3e178 by task kunit_try_catch/281 [ 20.055204] [ 20.055237] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.055748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.055793] Hardware name: linux,dummy-virt (DT) [ 20.055855] Call trace: [ 20.055880] show_stack+0x20/0x38 (C) [ 20.056017] dump_stack_lvl+0x8c/0xd0 [ 20.056075] print_report+0x118/0x5d0 [ 20.056374] kasan_report+0xdc/0x128 [ 20.056707] kasan_check_range+0x100/0x1a8 [ 20.056794] __kasan_check_write+0x20/0x30 [ 20.056847] copy_to_kernel_nofault+0x8c/0x250 [ 20.056898] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 20.057079] kunit_try_run_case+0x170/0x3f0 [ 20.057144] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.057344] kthread+0x328/0x630 [ 20.057812] ret_from_fork+0x10/0x20 [ 20.057967] [ 20.058175] Allocated by task 281: [ 20.058268] kasan_save_stack+0x3c/0x68 [ 20.058450] kasan_save_track+0x20/0x40 [ 20.058858] kasan_save_alloc_info+0x40/0x58 [ 20.058993] __kasan_kmalloc+0xd4/0xd8 [ 20.059161] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.059324] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.059805] kunit_try_run_case+0x170/0x3f0 [ 20.059979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.060126] kthread+0x328/0x630 [ 20.060221] ret_from_fork+0x10/0x20 [ 20.060272] [ 20.060294] The buggy address belongs to the object at fff00000c5b3e100 [ 20.060294] which belongs to the cache kmalloc-128 of size 128 [ 20.060553] The buggy address is located 0 bytes to the right of [ 20.060553] allocated 120-byte region [fff00000c5b3e100, fff00000c5b3e178) [ 20.060697] [ 20.060938] The buggy address belongs to the physical page: [ 20.060982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.061042] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.061093] page_type: f5(slab) [ 20.061503] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.061666] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.061813] page dumped because: kasan: bad access detected [ 20.061874] [ 20.061904] Memory state around the buggy address: [ 20.061951] fff00000c5b3e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.062011] fff00000c5b3e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.062066] >fff00000c5b3e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.062118] ^ [ 20.062164] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.062219] fff00000c5b3e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.062269] ================================================================== [ 20.044055] ================================================================== [ 20.044414] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 20.044506] Read of size 8 at addr fff00000c5b3e178 by task kunit_try_catch/281 [ 20.044873] [ 20.044984] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.045091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.045398] Hardware name: linux,dummy-virt (DT) [ 20.045529] Call trace: [ 20.045693] show_stack+0x20/0x38 (C) [ 20.045802] dump_stack_lvl+0x8c/0xd0 [ 20.046018] print_report+0x118/0x5d0 [ 20.046143] kasan_report+0xdc/0x128 [ 20.046209] __asan_report_load8_noabort+0x20/0x30 [ 20.046667] copy_to_kernel_nofault+0x204/0x250 [ 20.047362] copy_to_kernel_nofault_oob+0x158/0x418 [ 20.047462] kunit_try_run_case+0x170/0x3f0 [ 20.047653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.047929] kthread+0x328/0x630 [ 20.048351] ret_from_fork+0x10/0x20 [ 20.048613] [ 20.048728] Allocated by task 281: [ 20.048856] kasan_save_stack+0x3c/0x68 [ 20.048910] kasan_save_track+0x20/0x40 [ 20.049134] kasan_save_alloc_info+0x40/0x58 [ 20.049339] __kasan_kmalloc+0xd4/0xd8 [ 20.049386] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.049432] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.049499] kunit_try_run_case+0x170/0x3f0 [ 20.049673] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.049783] kthread+0x328/0x630 [ 20.049860] ret_from_fork+0x10/0x20 [ 20.049908] [ 20.050020] The buggy address belongs to the object at fff00000c5b3e100 [ 20.050020] which belongs to the cache kmalloc-128 of size 128 [ 20.050091] The buggy address is located 0 bytes to the right of [ 20.050091] allocated 120-byte region [fff00000c5b3e100, fff00000c5b3e178) [ 20.050174] [ 20.050205] The buggy address belongs to the physical page: [ 20.050274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.050369] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.050427] page_type: f5(slab) [ 20.050485] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.050550] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.050629] page dumped because: kasan: bad access detected [ 20.050681] [ 20.050789] Memory state around the buggy address: [ 20.051483] fff00000c5b3e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.051549] fff00000c5b3e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.051632] >fff00000c5b3e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.051698] ^ [ 20.052014] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.052537] fff00000c5b3e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.052670] ==================================================================
[ 16.619529] ================================================================== [ 16.619840] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.620197] Write of size 8 at addr ffff88810315a178 by task kunit_try_catch/299 [ 16.620551] [ 16.620744] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.620792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.620805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.620828] Call Trace: [ 16.620847] <TASK> [ 16.620865] dump_stack_lvl+0x73/0xb0 [ 16.620894] print_report+0xd1/0x610 [ 16.620918] ? __virt_addr_valid+0x1db/0x2d0 [ 16.620942] ? copy_to_kernel_nofault+0x99/0x260 [ 16.620967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.620990] ? copy_to_kernel_nofault+0x99/0x260 [ 16.621015] kasan_report+0x141/0x180 [ 16.621038] ? copy_to_kernel_nofault+0x99/0x260 [ 16.621068] kasan_check_range+0x10c/0x1c0 [ 16.621093] __kasan_check_write+0x18/0x20 [ 16.621114] copy_to_kernel_nofault+0x99/0x260 [ 16.621140] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.621165] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.621189] ? finish_task_switch.isra.0+0x153/0x700 [ 16.621212] ? __schedule+0x10c6/0x2b60 [ 16.621235] ? trace_hardirqs_on+0x37/0xe0 [ 16.621267] ? __pfx_read_tsc+0x10/0x10 [ 16.621289] ? ktime_get_ts64+0x86/0x230 [ 16.621315] kunit_try_run_case+0x1a5/0x480 [ 16.621362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.621385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.621420] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.621444] ? __kthread_parkme+0x82/0x180 [ 16.621467] ? preempt_count_sub+0x50/0x80 [ 16.621493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.621519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.621544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.621586] kthread+0x337/0x6f0 [ 16.621608] ? trace_preempt_on+0x20/0xc0 [ 16.621631] ? __pfx_kthread+0x10/0x10 [ 16.621653] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.621676] ? calculate_sigpending+0x7b/0xa0 [ 16.621700] ? __pfx_kthread+0x10/0x10 [ 16.621724] ret_from_fork+0x116/0x1d0 [ 16.621744] ? __pfx_kthread+0x10/0x10 [ 16.621766] ret_from_fork_asm+0x1a/0x30 [ 16.621799] </TASK> [ 16.621835] [ 16.629894] Allocated by task 299: [ 16.630089] kasan_save_stack+0x45/0x70 [ 16.630342] kasan_save_track+0x18/0x40 [ 16.630588] kasan_save_alloc_info+0x3b/0x50 [ 16.630745] __kasan_kmalloc+0xb7/0xc0 [ 16.631008] __kmalloc_cache_noprof+0x189/0x420 [ 16.631236] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.631504] kunit_try_run_case+0x1a5/0x480 [ 16.631683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.631938] kthread+0x337/0x6f0 [ 16.632134] ret_from_fork+0x116/0x1d0 [ 16.632303] ret_from_fork_asm+0x1a/0x30 [ 16.632457] [ 16.632650] The buggy address belongs to the object at ffff88810315a100 [ 16.632650] which belongs to the cache kmalloc-128 of size 128 [ 16.633122] The buggy address is located 0 bytes to the right of [ 16.633122] allocated 120-byte region [ffff88810315a100, ffff88810315a178) [ 16.633508] [ 16.633583] The buggy address belongs to the physical page: [ 16.633759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.634160] flags: 0x200000000000000(node=0|zone=2) [ 16.634405] page_type: f5(slab) [ 16.634732] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.635165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.635458] page dumped because: kasan: bad access detected [ 16.635657] [ 16.635730] Memory state around the buggy address: [ 16.635888] ffff88810315a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.636242] ffff88810315a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.636592] >ffff88810315a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.636931] ^ [ 16.637298] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.637692] ffff88810315a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.637945] ================================================================== [ 16.586967] ================================================================== [ 16.588800] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.589492] Read of size 8 at addr ffff88810315a178 by task kunit_try_catch/299 [ 16.590370] [ 16.590618] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.590671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.590686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.590710] Call Trace: [ 16.590726] <TASK> [ 16.590744] dump_stack_lvl+0x73/0xb0 [ 16.590780] print_report+0xd1/0x610 [ 16.590806] ? __virt_addr_valid+0x1db/0x2d0 [ 16.590832] ? copy_to_kernel_nofault+0x225/0x260 [ 16.590856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.590880] ? copy_to_kernel_nofault+0x225/0x260 [ 16.590905] kasan_report+0x141/0x180 [ 16.590928] ? copy_to_kernel_nofault+0x225/0x260 [ 16.590959] __asan_report_load8_noabort+0x18/0x20 [ 16.590984] copy_to_kernel_nofault+0x225/0x260 [ 16.591011] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.591202] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.591228] ? finish_task_switch.isra.0+0x153/0x700 [ 16.591269] ? __schedule+0x10c6/0x2b60 [ 16.591294] ? trace_hardirqs_on+0x37/0xe0 [ 16.591330] ? __pfx_read_tsc+0x10/0x10 [ 16.591355] ? ktime_get_ts64+0x86/0x230 [ 16.591382] kunit_try_run_case+0x1a5/0x480 [ 16.591417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.591441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.591466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.591491] ? __kthread_parkme+0x82/0x180 [ 16.591513] ? preempt_count_sub+0x50/0x80 [ 16.591538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.591564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.591589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.591614] kthread+0x337/0x6f0 [ 16.591635] ? trace_preempt_on+0x20/0xc0 [ 16.591659] ? __pfx_kthread+0x10/0x10 [ 16.591681] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.591704] ? calculate_sigpending+0x7b/0xa0 [ 16.591730] ? __pfx_kthread+0x10/0x10 [ 16.591753] ret_from_fork+0x116/0x1d0 [ 16.591772] ? __pfx_kthread+0x10/0x10 [ 16.591795] ret_from_fork_asm+0x1a/0x30 [ 16.591830] </TASK> [ 16.591843] [ 16.609198] Allocated by task 299: [ 16.609724] kasan_save_stack+0x45/0x70 [ 16.610089] kasan_save_track+0x18/0x40 [ 16.610591] kasan_save_alloc_info+0x3b/0x50 [ 16.610760] __kasan_kmalloc+0xb7/0xc0 [ 16.610901] __kmalloc_cache_noprof+0x189/0x420 [ 16.611450] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.611968] kunit_try_run_case+0x1a5/0x480 [ 16.612558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.612818] kthread+0x337/0x6f0 [ 16.612948] ret_from_fork+0x116/0x1d0 [ 16.613086] ret_from_fork_asm+0x1a/0x30 [ 16.613233] [ 16.613310] The buggy address belongs to the object at ffff88810315a100 [ 16.613310] which belongs to the cache kmalloc-128 of size 128 [ 16.613699] The buggy address is located 0 bytes to the right of [ 16.613699] allocated 120-byte region [ffff88810315a100, ffff88810315a178) [ 16.614337] [ 16.614487] The buggy address belongs to the physical page: [ 16.614700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.615094] flags: 0x200000000000000(node=0|zone=2) [ 16.615351] page_type: f5(slab) [ 16.615537] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.615867] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.616140] page dumped because: kasan: bad access detected [ 16.616602] [ 16.616703] Memory state around the buggy address: [ 16.616893] ffff88810315a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.617128] ffff88810315a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.617632] >ffff88810315a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.617966] ^ [ 16.618220] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.618487] ffff88810315a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.618804] ==================================================================
[ 16.708066] ================================================================== [ 16.708730] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.709544] Write of size 8 at addr ffff8881027bca78 by task kunit_try_catch/299 [ 16.709847] [ 16.709940] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.709986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.710000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.710023] Call Trace: [ 16.710037] <TASK> [ 16.710053] dump_stack_lvl+0x73/0xb0 [ 16.710081] print_report+0xd1/0x610 [ 16.710104] ? __virt_addr_valid+0x1db/0x2d0 [ 16.710128] ? copy_to_kernel_nofault+0x99/0x260 [ 16.710162] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.710196] ? copy_to_kernel_nofault+0x99/0x260 [ 16.710220] kasan_report+0x141/0x180 [ 16.710243] ? copy_to_kernel_nofault+0x99/0x260 [ 16.710272] kasan_check_range+0x10c/0x1c0 [ 16.710296] __kasan_check_write+0x18/0x20 [ 16.710324] copy_to_kernel_nofault+0x99/0x260 [ 16.710349] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.710374] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.710398] ? finish_task_switch.isra.0+0x153/0x700 [ 16.710421] ? __schedule+0x10c6/0x2b60 [ 16.710444] ? trace_hardirqs_on+0x37/0xe0 [ 16.710475] ? __pfx_read_tsc+0x10/0x10 [ 16.710497] ? ktime_get_ts64+0x86/0x230 [ 16.710521] kunit_try_run_case+0x1a5/0x480 [ 16.710547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.710571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.710594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.710618] ? __kthread_parkme+0x82/0x180 [ 16.710639] ? preempt_count_sub+0x50/0x80 [ 16.710663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.710688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.710712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.710737] kthread+0x337/0x6f0 [ 16.710757] ? trace_preempt_on+0x20/0xc0 [ 16.710781] ? __pfx_kthread+0x10/0x10 [ 16.710803] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.710825] ? calculate_sigpending+0x7b/0xa0 [ 16.710849] ? __pfx_kthread+0x10/0x10 [ 16.710871] ret_from_fork+0x116/0x1d0 [ 16.710891] ? __pfx_kthread+0x10/0x10 [ 16.710913] ret_from_fork_asm+0x1a/0x30 [ 16.710943] </TASK> [ 16.710954] [ 16.723578] Allocated by task 299: [ 16.723720] kasan_save_stack+0x45/0x70 [ 16.724100] kasan_save_track+0x18/0x40 [ 16.724343] kasan_save_alloc_info+0x3b/0x50 [ 16.724560] __kasan_kmalloc+0xb7/0xc0 [ 16.724750] __kmalloc_cache_noprof+0x189/0x420 [ 16.725160] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.725434] kunit_try_run_case+0x1a5/0x480 [ 16.725658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.725853] kthread+0x337/0x6f0 [ 16.726119] ret_from_fork+0x116/0x1d0 [ 16.726347] ret_from_fork_asm+0x1a/0x30 [ 16.726568] [ 16.726643] The buggy address belongs to the object at ffff8881027bca00 [ 16.726643] which belongs to the cache kmalloc-128 of size 128 [ 16.727380] The buggy address is located 0 bytes to the right of [ 16.727380] allocated 120-byte region [ffff8881027bca00, ffff8881027bca78) [ 16.728086] [ 16.728198] The buggy address belongs to the physical page: [ 16.728432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.728678] flags: 0x200000000000000(node=0|zone=2) [ 16.728936] page_type: f5(slab) [ 16.729114] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.729458] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.729697] page dumped because: kasan: bad access detected [ 16.730294] [ 16.730534] Memory state around the buggy address: [ 16.730787] ffff8881027bc900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.731174] ffff8881027bc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.731401] >ffff8881027bca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.731660] ^ [ 16.731977] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.732302] ffff8881027bcb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.732721] ================================================================== [ 16.676484] ================================================================== [ 16.677258] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.677979] Read of size 8 at addr ffff8881027bca78 by task kunit_try_catch/299 [ 16.678856] [ 16.679067] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.679117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.679131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.679165] Call Trace: [ 16.679179] <TASK> [ 16.679196] dump_stack_lvl+0x73/0xb0 [ 16.679226] print_report+0xd1/0x610 [ 16.679251] ? __virt_addr_valid+0x1db/0x2d0 [ 16.679277] ? copy_to_kernel_nofault+0x225/0x260 [ 16.679301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.679324] ? copy_to_kernel_nofault+0x225/0x260 [ 16.679348] kasan_report+0x141/0x180 [ 16.679371] ? copy_to_kernel_nofault+0x225/0x260 [ 16.679399] __asan_report_load8_noabort+0x18/0x20 [ 16.679425] copy_to_kernel_nofault+0x225/0x260 [ 16.679450] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.679474] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.679498] ? finish_task_switch.isra.0+0x153/0x700 [ 16.679522] ? __schedule+0x10c6/0x2b60 [ 16.679545] ? trace_hardirqs_on+0x37/0xe0 [ 16.679578] ? __pfx_read_tsc+0x10/0x10 [ 16.679601] ? ktime_get_ts64+0x86/0x230 [ 16.679625] kunit_try_run_case+0x1a5/0x480 [ 16.679651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.679675] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.679699] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.679723] ? __kthread_parkme+0x82/0x180 [ 16.679744] ? preempt_count_sub+0x50/0x80 [ 16.679768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.679792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.679816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.679842] kthread+0x337/0x6f0 [ 16.679862] ? trace_preempt_on+0x20/0xc0 [ 16.679884] ? __pfx_kthread+0x10/0x10 [ 16.679905] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.679927] ? calculate_sigpending+0x7b/0xa0 [ 16.679952] ? __pfx_kthread+0x10/0x10 [ 16.679974] ret_from_fork+0x116/0x1d0 [ 16.679994] ? __pfx_kthread+0x10/0x10 [ 16.680015] ret_from_fork_asm+0x1a/0x30 [ 16.680046] </TASK> [ 16.680058] [ 16.691815] Allocated by task 299: [ 16.692439] kasan_save_stack+0x45/0x70 [ 16.692934] kasan_save_track+0x18/0x40 [ 16.693372] kasan_save_alloc_info+0x3b/0x50 [ 16.693826] __kasan_kmalloc+0xb7/0xc0 [ 16.694179] __kmalloc_cache_noprof+0x189/0x420 [ 16.694499] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.695070] kunit_try_run_case+0x1a5/0x480 [ 16.695241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.695753] kthread+0x337/0x6f0 [ 16.696164] ret_from_fork+0x116/0x1d0 [ 16.696586] ret_from_fork_asm+0x1a/0x30 [ 16.696995] [ 16.697077] The buggy address belongs to the object at ffff8881027bca00 [ 16.697077] which belongs to the cache kmalloc-128 of size 128 [ 16.697971] The buggy address is located 0 bytes to the right of [ 16.697971] allocated 120-byte region [ffff8881027bca00, ffff8881027bca78) [ 16.699303] [ 16.699480] The buggy address belongs to the physical page: [ 16.699990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.700819] flags: 0x200000000000000(node=0|zone=2) [ 16.701038] page_type: f5(slab) [ 16.701488] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.702248] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.702772] page dumped because: kasan: bad access detected [ 16.703073] [ 16.703383] Memory state around the buggy address: [ 16.703908] ffff8881027bc900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.704665] ffff8881027bc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.704967] >ffff8881027bca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.705198] ^ [ 16.705439] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.706071] ffff8881027bcb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.706772] ==================================================================