Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.300991] ================================================================== [ 20.301062] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 20.301134] Read of size 8 at addr fff00000c78e9c78 by task kunit_try_catch/281 [ 20.301279] [ 20.301323] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.301450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.301610] Hardware name: linux,dummy-virt (DT) [ 20.301647] Call trace: [ 20.301673] show_stack+0x20/0x38 (C) [ 20.301728] dump_stack_lvl+0x8c/0xd0 [ 20.301780] print_report+0x118/0x5d0 [ 20.301954] kasan_report+0xdc/0x128 [ 20.302020] __asan_report_load8_noabort+0x20/0x30 [ 20.302075] copy_to_kernel_nofault+0x204/0x250 [ 20.302127] copy_to_kernel_nofault_oob+0x158/0x418 [ 20.302180] kunit_try_run_case+0x170/0x3f0 [ 20.302231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.302287] kthread+0x328/0x630 [ 20.302332] ret_from_fork+0x10/0x20 [ 20.302411] [ 20.302446] Allocated by task 281: [ 20.302482] kasan_save_stack+0x3c/0x68 [ 20.302535] kasan_save_track+0x20/0x40 [ 20.303532] kasan_save_alloc_info+0x40/0x58 [ 20.303606] __kasan_kmalloc+0xd4/0xd8 [ 20.303708] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.303800] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.303869] kunit_try_run_case+0x170/0x3f0 [ 20.303930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.304011] kthread+0x328/0x630 [ 20.304556] ret_from_fork+0x10/0x20 [ 20.304805] [ 20.305000] The buggy address belongs to the object at fff00000c78e9c00 [ 20.305000] which belongs to the cache kmalloc-128 of size 128 [ 20.305082] The buggy address is located 0 bytes to the right of [ 20.305082] allocated 120-byte region [fff00000c78e9c00, fff00000c78e9c78) [ 20.305513] [ 20.305617] The buggy address belongs to the physical page: [ 20.306067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.306566] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.306783] page_type: f5(slab) [ 20.306889] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.307272] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.307340] page dumped because: kasan: bad access detected [ 20.307508] [ 20.307572] Memory state around the buggy address: [ 20.307613] fff00000c78e9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.307667] fff00000c78e9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.307938] >fff00000c78e9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.308084] ^ [ 20.308210] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.308699] fff00000c78e9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.308943] ================================================================== [ 20.310806] ================================================================== [ 20.310886] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 20.311119] Write of size 8 at addr fff00000c78e9c78 by task kunit_try_catch/281 [ 20.311335] [ 20.311838] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.311966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.311998] Hardware name: linux,dummy-virt (DT) [ 20.312286] Call trace: [ 20.312512] show_stack+0x20/0x38 (C) [ 20.312692] dump_stack_lvl+0x8c/0xd0 [ 20.313109] print_report+0x118/0x5d0 [ 20.313279] kasan_report+0xdc/0x128 [ 20.313536] kasan_check_range+0x100/0x1a8 [ 20.313913] __kasan_check_write+0x20/0x30 [ 20.314453] copy_to_kernel_nofault+0x8c/0x250 [ 20.314523] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 20.314738] kunit_try_run_case+0x170/0x3f0 [ 20.315150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.315377] kthread+0x328/0x630 [ 20.315471] ret_from_fork+0x10/0x20 [ 20.315566] [ 20.315590] Allocated by task 281: [ 20.315634] kasan_save_stack+0x3c/0x68 [ 20.315710] kasan_save_track+0x20/0x40 [ 20.315758] kasan_save_alloc_info+0x40/0x58 [ 20.315810] __kasan_kmalloc+0xd4/0xd8 [ 20.315859] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.315903] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.315943] kunit_try_run_case+0x170/0x3f0 [ 20.315984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.316029] kthread+0x328/0x630 [ 20.316083] ret_from_fork+0x10/0x20 [ 20.316125] [ 20.316149] The buggy address belongs to the object at fff00000c78e9c00 [ 20.316149] which belongs to the cache kmalloc-128 of size 128 [ 20.316464] The buggy address is located 0 bytes to the right of [ 20.316464] allocated 120-byte region [fff00000c78e9c00, fff00000c78e9c78) [ 20.316696] [ 20.316969] The buggy address belongs to the physical page: [ 20.317335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.317586] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.317652] page_type: f5(slab) [ 20.318133] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.318386] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.318506] page dumped because: kasan: bad access detected [ 20.318658] [ 20.318744] Memory state around the buggy address: [ 20.318827] fff00000c78e9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.318897] fff00000c78e9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.319122] >fff00000c78e9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.319344] ^ [ 20.320172] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.320245] fff00000c78e9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.320315] ==================================================================
[ 19.814922] ================================================================== [ 19.814995] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.815076] Read of size 8 at addr fff00000c7a4ed78 by task kunit_try_catch/281 [ 19.815656] [ 19.815925] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.816442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.816483] Hardware name: linux,dummy-virt (DT) [ 19.816587] Call trace: [ 19.816691] show_stack+0x20/0x38 (C) [ 19.816752] dump_stack_lvl+0x8c/0xd0 [ 19.816825] print_report+0x118/0x5d0 [ 19.816882] kasan_report+0xdc/0x128 [ 19.816929] __asan_report_load8_noabort+0x20/0x30 [ 19.816999] copy_to_kernel_nofault+0x204/0x250 [ 19.817051] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.817099] kunit_try_run_case+0x170/0x3f0 [ 19.817359] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.817524] kthread+0x328/0x630 [ 19.817640] ret_from_fork+0x10/0x20 [ 19.817714] [ 19.817735] Allocated by task 281: [ 19.817767] kasan_save_stack+0x3c/0x68 [ 19.817848] kasan_save_track+0x20/0x40 [ 19.817971] kasan_save_alloc_info+0x40/0x58 [ 19.818064] __kasan_kmalloc+0xd4/0xd8 [ 19.818136] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.818191] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.818284] kunit_try_run_case+0x170/0x3f0 [ 19.818338] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.818421] kthread+0x328/0x630 [ 19.818478] ret_from_fork+0x10/0x20 [ 19.818518] [ 19.818542] The buggy address belongs to the object at fff00000c7a4ed00 [ 19.818542] which belongs to the cache kmalloc-128 of size 128 [ 19.818618] The buggy address is located 0 bytes to the right of [ 19.818618] allocated 120-byte region [fff00000c7a4ed00, fff00000c7a4ed78) [ 19.818694] [ 19.818717] The buggy address belongs to the physical page: [ 19.818779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.818840] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.818892] page_type: f5(slab) [ 19.818938] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.818989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.819168] page dumped because: kasan: bad access detected [ 19.819233] [ 19.819312] Memory state around the buggy address: [ 19.819443] fff00000c7a4ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.819525] fff00000c7a4ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.819587] >fff00000c7a4ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.819695] ^ [ 19.819798] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.819882] fff00000c7a4ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.819996] ================================================================== [ 19.820346] ================================================================== [ 19.820737] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.820812] Write of size 8 at addr fff00000c7a4ed78 by task kunit_try_catch/281 [ 19.820866] [ 19.820900] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.820982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.821011] Hardware name: linux,dummy-virt (DT) [ 19.821043] Call trace: [ 19.821069] show_stack+0x20/0x38 (C) [ 19.821120] dump_stack_lvl+0x8c/0xd0 [ 19.821170] print_report+0x118/0x5d0 [ 19.821217] kasan_report+0xdc/0x128 [ 19.821267] kasan_check_range+0x100/0x1a8 [ 19.821317] __kasan_check_write+0x20/0x30 [ 19.821425] copy_to_kernel_nofault+0x8c/0x250 [ 19.821475] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.821535] kunit_try_run_case+0x170/0x3f0 [ 19.821582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.821636] kthread+0x328/0x630 [ 19.821680] ret_from_fork+0x10/0x20 [ 19.821728] [ 19.821766] Allocated by task 281: [ 19.821796] kasan_save_stack+0x3c/0x68 [ 19.821839] kasan_save_track+0x20/0x40 [ 19.821877] kasan_save_alloc_info+0x40/0x58 [ 19.821925] __kasan_kmalloc+0xd4/0xd8 [ 19.821965] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.822015] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.822056] kunit_try_run_case+0x170/0x3f0 [ 19.822103] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.822154] kthread+0x328/0x630 [ 19.822190] ret_from_fork+0x10/0x20 [ 19.822226] [ 19.822247] The buggy address belongs to the object at fff00000c7a4ed00 [ 19.822247] which belongs to the cache kmalloc-128 of size 128 [ 19.822304] The buggy address is located 0 bytes to the right of [ 19.822304] allocated 120-byte region [fff00000c7a4ed00, fff00000c7a4ed78) [ 19.822379] [ 19.822409] The buggy address belongs to the physical page: [ 19.822444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.822505] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.822554] page_type: f5(slab) [ 19.822593] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.822645] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.822687] page dumped because: kasan: bad access detected [ 19.822718] [ 19.822748] Memory state around the buggy address: [ 19.822781] fff00000c7a4ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.822827] fff00000c7a4ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.822883] >fff00000c7a4ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.822924] ^ [ 19.822966] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.823011] fff00000c7a4ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.823061] ==================================================================
[ 19.440863] ================================================================== [ 19.440916] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.440966] Write of size 8 at addr fff00000c7716b78 by task kunit_try_catch/281 [ 19.441017] [ 19.441049] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.441132] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.441163] Hardware name: linux,dummy-virt (DT) [ 19.441196] Call trace: [ 19.441422] show_stack+0x20/0x38 (C) [ 19.441656] dump_stack_lvl+0x8c/0xd0 [ 19.441706] print_report+0x118/0x5d0 [ 19.441884] kasan_report+0xdc/0x128 [ 19.442148] kasan_check_range+0x100/0x1a8 [ 19.442202] __kasan_check_write+0x20/0x30 [ 19.442251] copy_to_kernel_nofault+0x8c/0x250 [ 19.442302] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.442352] kunit_try_run_case+0x170/0x3f0 [ 19.442401] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.442453] kthread+0x328/0x630 [ 19.442503] ret_from_fork+0x10/0x20 [ 19.442783] [ 19.442953] Allocated by task 281: [ 19.442988] kasan_save_stack+0x3c/0x68 [ 19.443034] kasan_save_track+0x20/0x40 [ 19.443073] kasan_save_alloc_info+0x40/0x58 [ 19.443115] __kasan_kmalloc+0xd4/0xd8 [ 19.443154] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.443195] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.444083] kunit_try_run_case+0x170/0x3f0 [ 19.444210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.444264] kthread+0x328/0x630 [ 19.444300] ret_from_fork+0x10/0x20 [ 19.444338] [ 19.444361] The buggy address belongs to the object at fff00000c7716b00 [ 19.444361] which belongs to the cache kmalloc-128 of size 128 [ 19.444420] The buggy address is located 0 bytes to the right of [ 19.444420] allocated 120-byte region [fff00000c7716b00, fff00000c7716b78) [ 19.444486] [ 19.444508] The buggy address belongs to the physical page: [ 19.444541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.444621] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.444672] page_type: f5(slab) [ 19.444723] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.444775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.444818] page dumped because: kasan: bad access detected [ 19.444851] [ 19.444871] Memory state around the buggy address: [ 19.444904] fff00000c7716a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.444948] fff00000c7716a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.444992] >fff00000c7716b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.445033] ^ [ 19.445075] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.445120] fff00000c7716c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.445160] ================================================================== [ 19.436812] ================================================================== [ 19.436887] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.436951] Read of size 8 at addr fff00000c7716b78 by task kunit_try_catch/281 [ 19.437004] [ 19.437054] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.437142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.437174] Hardware name: linux,dummy-virt (DT) [ 19.437217] Call trace: [ 19.437248] show_stack+0x20/0x38 (C) [ 19.437300] dump_stack_lvl+0x8c/0xd0 [ 19.437357] print_report+0x118/0x5d0 [ 19.437406] kasan_report+0xdc/0x128 [ 19.437453] __asan_report_load8_noabort+0x20/0x30 [ 19.437514] copy_to_kernel_nofault+0x204/0x250 [ 19.437566] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.437615] kunit_try_run_case+0x170/0x3f0 [ 19.437679] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.437745] kthread+0x328/0x630 [ 19.437788] ret_from_fork+0x10/0x20 [ 19.437836] [ 19.437856] Allocated by task 281: [ 19.437889] kasan_save_stack+0x3c/0x68 [ 19.437930] kasan_save_track+0x20/0x40 [ 19.437970] kasan_save_alloc_info+0x40/0x58 [ 19.438010] __kasan_kmalloc+0xd4/0xd8 [ 19.438049] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.438091] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.438132] kunit_try_run_case+0x170/0x3f0 [ 19.438170] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.438216] kthread+0x328/0x630 [ 19.438249] ret_from_fork+0x10/0x20 [ 19.438287] [ 19.438604] The buggy address belongs to the object at fff00000c7716b00 [ 19.438604] which belongs to the cache kmalloc-128 of size 128 [ 19.438774] The buggy address is located 0 bytes to the right of [ 19.438774] allocated 120-byte region [fff00000c7716b00, fff00000c7716b78) [ 19.438865] [ 19.439129] The buggy address belongs to the physical page: [ 19.439322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.439432] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.439574] page_type: f5(slab) [ 19.439616] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.439668] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.439710] page dumped because: kasan: bad access detected [ 19.439755] [ 19.439851] Memory state around the buggy address: [ 19.439911] fff00000c7716a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.439957] fff00000c7716a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.440001] >fff00000c7716b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.440042] ^ [ 19.440086] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.440131] fff00000c7716c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.440245] ==================================================================
[ 15.884653] ================================================================== [ 15.885241] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.885600] Read of size 8 at addr ffff8881026efd78 by task kunit_try_catch/299 [ 15.886260] [ 15.886370] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 15.886420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.886434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.886470] Call Trace: [ 15.886483] <TASK> [ 15.886503] dump_stack_lvl+0x73/0xb0 [ 15.886535] print_report+0xd1/0x610 [ 15.886562] ? __virt_addr_valid+0x1db/0x2d0 [ 15.886586] ? copy_to_kernel_nofault+0x225/0x260 [ 15.886612] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.886654] ? copy_to_kernel_nofault+0x225/0x260 [ 15.886680] kasan_report+0x141/0x180 [ 15.886703] ? copy_to_kernel_nofault+0x225/0x260 [ 15.886733] __asan_report_load8_noabort+0x18/0x20 [ 15.886759] copy_to_kernel_nofault+0x225/0x260 [ 15.886786] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.886812] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.886837] ? finish_task_switch.isra.0+0x153/0x700 [ 15.886862] ? __schedule+0x10cc/0x2b60 [ 15.886885] ? trace_hardirqs_on+0x37/0xe0 [ 15.886919] ? __pfx_read_tsc+0x10/0x10 [ 15.886940] ? ktime_get_ts64+0x86/0x230 [ 15.886967] kunit_try_run_case+0x1a5/0x480 [ 15.886994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.887017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.887042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.887067] ? __kthread_parkme+0x82/0x180 [ 15.887089] ? preempt_count_sub+0x50/0x80 [ 15.887114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.887139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.887164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.887190] kthread+0x337/0x6f0 [ 15.887209] ? trace_preempt_on+0x20/0xc0 [ 15.887233] ? __pfx_kthread+0x10/0x10 [ 15.887254] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.887277] ? calculate_sigpending+0x7b/0xa0 [ 15.887303] ? __pfx_kthread+0x10/0x10 [ 15.887325] ret_from_fork+0x116/0x1d0 [ 15.887344] ? __pfx_kthread+0x10/0x10 [ 15.887365] ret_from_fork_asm+0x1a/0x30 [ 15.887399] </TASK> [ 15.887410] [ 15.898516] Allocated by task 299: [ 15.899059] kasan_save_stack+0x45/0x70 [ 15.899404] kasan_save_track+0x18/0x40 [ 15.899712] kasan_save_alloc_info+0x3b/0x50 [ 15.900020] __kasan_kmalloc+0xb7/0xc0 [ 15.900307] __kmalloc_cache_noprof+0x189/0x420 [ 15.900697] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.900937] kunit_try_run_case+0x1a5/0x480 [ 15.901136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.901374] kthread+0x337/0x6f0 [ 15.901883] ret_from_fork+0x116/0x1d0 [ 15.902143] ret_from_fork_asm+0x1a/0x30 [ 15.902301] [ 15.902616] The buggy address belongs to the object at ffff8881026efd00 [ 15.902616] which belongs to the cache kmalloc-128 of size 128 [ 15.903248] The buggy address is located 0 bytes to the right of [ 15.903248] allocated 120-byte region [ffff8881026efd00, ffff8881026efd78) [ 15.904020] [ 15.904136] The buggy address belongs to the physical page: [ 15.904386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ef [ 15.904980] flags: 0x200000000000000(node=0|zone=2) [ 15.905316] page_type: f5(slab) [ 15.905589] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.906018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.906352] page dumped because: kasan: bad access detected [ 15.906758] [ 15.906863] Memory state around the buggy address: [ 15.907239] ffff8881026efc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.907691] ffff8881026efc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.907961] >ffff8881026efd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.908282] ^ [ 15.908776] ffff8881026efd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.909071] ffff8881026efe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.909610] ================================================================== [ 15.910510] ================================================================== [ 15.911455] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.911970] Write of size 8 at addr ffff8881026efd78 by task kunit_try_catch/299 [ 15.912696] [ 15.912798] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 15.912847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.912859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.912883] Call Trace: [ 15.912902] <TASK> [ 15.912922] dump_stack_lvl+0x73/0xb0 [ 15.912954] print_report+0xd1/0x610 [ 15.912978] ? __virt_addr_valid+0x1db/0x2d0 [ 15.913002] ? copy_to_kernel_nofault+0x99/0x260 [ 15.913026] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.913050] ? copy_to_kernel_nofault+0x99/0x260 [ 15.913076] kasan_report+0x141/0x180 [ 15.913112] ? copy_to_kernel_nofault+0x99/0x260 [ 15.913297] kasan_check_range+0x10c/0x1c0 [ 15.913324] __kasan_check_write+0x18/0x20 [ 15.913344] copy_to_kernel_nofault+0x99/0x260 [ 15.913371] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.913400] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.913448] ? finish_task_switch.isra.0+0x153/0x700 [ 15.913475] ? __schedule+0x10cc/0x2b60 [ 15.913500] ? trace_hardirqs_on+0x37/0xe0 [ 15.913534] ? __pfx_read_tsc+0x10/0x10 [ 15.913557] ? ktime_get_ts64+0x86/0x230 [ 15.913582] kunit_try_run_case+0x1a5/0x480 [ 15.913608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.913632] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.913657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.913682] ? __kthread_parkme+0x82/0x180 [ 15.913704] ? preempt_count_sub+0x50/0x80 [ 15.913729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.913753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.913779] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.913804] kthread+0x337/0x6f0 [ 15.913824] ? trace_preempt_on+0x20/0xc0 [ 15.913846] ? __pfx_kthread+0x10/0x10 [ 15.913868] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.913890] ? calculate_sigpending+0x7b/0xa0 [ 15.913916] ? __pfx_kthread+0x10/0x10 [ 15.913938] ret_from_fork+0x116/0x1d0 [ 15.913958] ? __pfx_kthread+0x10/0x10 [ 15.913979] ret_from_fork_asm+0x1a/0x30 [ 15.914013] </TASK> [ 15.914025] [ 15.925657] Allocated by task 299: [ 15.926067] kasan_save_stack+0x45/0x70 [ 15.926387] kasan_save_track+0x18/0x40 [ 15.926754] kasan_save_alloc_info+0x3b/0x50 [ 15.927016] __kasan_kmalloc+0xb7/0xc0 [ 15.927187] __kmalloc_cache_noprof+0x189/0x420 [ 15.927390] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.927856] kunit_try_run_case+0x1a5/0x480 [ 15.928109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.928453] kthread+0x337/0x6f0 [ 15.928743] ret_from_fork+0x116/0x1d0 [ 15.928881] ret_from_fork_asm+0x1a/0x30 [ 15.929239] [ 15.929582] The buggy address belongs to the object at ffff8881026efd00 [ 15.929582] which belongs to the cache kmalloc-128 of size 128 [ 15.930271] The buggy address is located 0 bytes to the right of [ 15.930271] allocated 120-byte region [ffff8881026efd00, ffff8881026efd78) [ 15.931032] [ 15.931135] The buggy address belongs to the physical page: [ 15.931568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ef [ 15.931922] flags: 0x200000000000000(node=0|zone=2) [ 15.932100] page_type: f5(slab) [ 15.932273] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.932564] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.933000] page dumped because: kasan: bad access detected [ 15.933250] [ 15.933369] Memory state around the buggy address: [ 15.933565] ffff8881026efc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.933800] ffff8881026efc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.934193] >ffff8881026efd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.934484] ^ [ 15.934714] ffff8881026efd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.935148] ffff8881026efe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.935479] ==================================================================
[ 16.359514] ================================================================== [ 16.360352] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.361522] Read of size 8 at addr ffff888102b7db78 by task kunit_try_catch/298 [ 16.362696] [ 16.362926] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.362984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.362999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.363036] Call Trace: [ 16.363054] <TASK> [ 16.363077] dump_stack_lvl+0x73/0xb0 [ 16.363118] print_report+0xd1/0x610 [ 16.363145] ? __virt_addr_valid+0x1db/0x2d0 [ 16.363172] ? copy_to_kernel_nofault+0x225/0x260 [ 16.363198] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.363222] ? copy_to_kernel_nofault+0x225/0x260 [ 16.363247] kasan_report+0x141/0x180 [ 16.363270] ? copy_to_kernel_nofault+0x225/0x260 [ 16.363299] __asan_report_load8_noabort+0x18/0x20 [ 16.363325] copy_to_kernel_nofault+0x225/0x260 [ 16.363351] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.363376] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.363401] ? finish_task_switch.isra.0+0x153/0x700 [ 16.363426] ? __schedule+0x10cc/0x2b60 [ 16.363450] ? trace_hardirqs_on+0x37/0xe0 [ 16.363484] ? __pfx_read_tsc+0x10/0x10 [ 16.363508] ? ktime_get_ts64+0x86/0x230 [ 16.363534] kunit_try_run_case+0x1a5/0x480 [ 16.363562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.363585] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.363611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.363636] ? __kthread_parkme+0x82/0x180 [ 16.363659] ? preempt_count_sub+0x50/0x80 [ 16.363683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.363708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.363733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.363758] kthread+0x337/0x6f0 [ 16.363778] ? trace_preempt_on+0x20/0xc0 [ 16.363801] ? __pfx_kthread+0x10/0x10 [ 16.363822] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.363845] ? calculate_sigpending+0x7b/0xa0 [ 16.363871] ? __pfx_kthread+0x10/0x10 [ 16.363893] ret_from_fork+0x116/0x1d0 [ 16.363913] ? __pfx_kthread+0x10/0x10 [ 16.363933] ret_from_fork_asm+0x1a/0x30 [ 16.363967] </TASK> [ 16.363979] [ 16.376643] Allocated by task 298: [ 16.377032] kasan_save_stack+0x45/0x70 [ 16.377487] kasan_save_track+0x18/0x40 [ 16.377875] kasan_save_alloc_info+0x3b/0x50 [ 16.378147] __kasan_kmalloc+0xb7/0xc0 [ 16.378564] __kmalloc_cache_noprof+0x189/0x420 [ 16.378929] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.379406] kunit_try_run_case+0x1a5/0x480 [ 16.379720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.380275] kthread+0x337/0x6f0 [ 16.380608] ret_from_fork+0x116/0x1d0 [ 16.380880] ret_from_fork_asm+0x1a/0x30 [ 16.381321] [ 16.381405] The buggy address belongs to the object at ffff888102b7db00 [ 16.381405] which belongs to the cache kmalloc-128 of size 128 [ 16.382450] The buggy address is located 0 bytes to the right of [ 16.382450] allocated 120-byte region [ffff888102b7db00, ffff888102b7db78) [ 16.383141] [ 16.383256] The buggy address belongs to the physical page: [ 16.383772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b7d [ 16.384525] flags: 0x200000000000000(node=0|zone=2) [ 16.384996] page_type: f5(slab) [ 16.385345] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.385996] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.386565] page dumped because: kasan: bad access detected [ 16.387104] [ 16.387276] Memory state around the buggy address: [ 16.387553] ffff888102b7da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.388151] ffff888102b7da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.388714] >ffff888102b7db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.388995] ^ [ 16.389860] ffff888102b7db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.390492] ffff888102b7dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.391129] ================================================================== [ 16.391833] ================================================================== [ 16.392149] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.393281] Write of size 8 at addr ffff888102b7db78 by task kunit_try_catch/298 [ 16.394131] [ 16.394321] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.394372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.394386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.394410] Call Trace: [ 16.394425] <TASK> [ 16.394445] dump_stack_lvl+0x73/0xb0 [ 16.394480] print_report+0xd1/0x610 [ 16.394505] ? __virt_addr_valid+0x1db/0x2d0 [ 16.394629] ? copy_to_kernel_nofault+0x99/0x260 [ 16.394658] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.394682] ? copy_to_kernel_nofault+0x99/0x260 [ 16.394707] kasan_report+0x141/0x180 [ 16.394730] ? copy_to_kernel_nofault+0x99/0x260 [ 16.394759] kasan_check_range+0x10c/0x1c0 [ 16.394783] __kasan_check_write+0x18/0x20 [ 16.394803] copy_to_kernel_nofault+0x99/0x260 [ 16.394830] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.394855] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.394879] ? finish_task_switch.isra.0+0x153/0x700 [ 16.394904] ? __schedule+0x10cc/0x2b60 [ 16.394928] ? trace_hardirqs_on+0x37/0xe0 [ 16.394960] ? __pfx_read_tsc+0x10/0x10 [ 16.394983] ? ktime_get_ts64+0x86/0x230 [ 16.395017] kunit_try_run_case+0x1a5/0x480 [ 16.395046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.395069] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.395095] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.395119] ? __kthread_parkme+0x82/0x180 [ 16.395141] ? preempt_count_sub+0x50/0x80 [ 16.395165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.395190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.395215] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.395240] kthread+0x337/0x6f0 [ 16.395261] ? trace_preempt_on+0x20/0xc0 [ 16.395283] ? __pfx_kthread+0x10/0x10 [ 16.395304] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.395326] ? calculate_sigpending+0x7b/0xa0 [ 16.395351] ? __pfx_kthread+0x10/0x10 [ 16.395373] ret_from_fork+0x116/0x1d0 [ 16.395392] ? __pfx_kthread+0x10/0x10 [ 16.395413] ret_from_fork_asm+0x1a/0x30 [ 16.395492] </TASK> [ 16.395507] [ 16.414262] Allocated by task 298: [ 16.414725] kasan_save_stack+0x45/0x70 [ 16.415190] kasan_save_track+0x18/0x40 [ 16.415551] kasan_save_alloc_info+0x3b/0x50 [ 16.415932] __kasan_kmalloc+0xb7/0xc0 [ 16.416383] __kmalloc_cache_noprof+0x189/0x420 [ 16.416622] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.417363] kunit_try_run_case+0x1a5/0x480 [ 16.417675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.417858] kthread+0x337/0x6f0 [ 16.417982] ret_from_fork+0x116/0x1d0 [ 16.418410] ret_from_fork_asm+0x1a/0x30 [ 16.418787] [ 16.418949] The buggy address belongs to the object at ffff888102b7db00 [ 16.418949] which belongs to the cache kmalloc-128 of size 128 [ 16.420145] The buggy address is located 0 bytes to the right of [ 16.420145] allocated 120-byte region [ffff888102b7db00, ffff888102b7db78) [ 16.420729] [ 16.420810] The buggy address belongs to the physical page: [ 16.420997] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b7d [ 16.422215] flags: 0x200000000000000(node=0|zone=2) [ 16.422775] page_type: f5(slab) [ 16.423218] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.423936] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.424517] page dumped because: kasan: bad access detected [ 16.424697] [ 16.424769] Memory state around the buggy address: [ 16.424935] ffff888102b7da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.425183] ffff888102b7da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.425579] >ffff888102b7db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.425876] ^ [ 16.426157] ffff888102b7db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.426875] ffff888102b7dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.427184] ==================================================================
[ 16.109163] ================================================================== [ 16.109944] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.110663] Write of size 8 at addr ffff888103abd078 by task kunit_try_catch/298 [ 16.111409] [ 16.111608] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.111654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.111667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.111690] Call Trace: [ 16.111703] <TASK> [ 16.111719] dump_stack_lvl+0x73/0xb0 [ 16.111749] print_report+0xd1/0x610 [ 16.111773] ? __virt_addr_valid+0x1db/0x2d0 [ 16.111798] ? copy_to_kernel_nofault+0x99/0x260 [ 16.111822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.111846] ? copy_to_kernel_nofault+0x99/0x260 [ 16.111872] kasan_report+0x141/0x180 [ 16.111909] ? copy_to_kernel_nofault+0x99/0x260 [ 16.111940] kasan_check_range+0x10c/0x1c0 [ 16.111965] __kasan_check_write+0x18/0x20 [ 16.111985] copy_to_kernel_nofault+0x99/0x260 [ 16.112011] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.112037] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.112061] ? finish_task_switch.isra.0+0x153/0x700 [ 16.112085] ? __schedule+0x10cc/0x2b60 [ 16.112107] ? trace_hardirqs_on+0x37/0xe0 [ 16.112140] ? __pfx_read_tsc+0x10/0x10 [ 16.112161] ? ktime_get_ts64+0x86/0x230 [ 16.112188] kunit_try_run_case+0x1a5/0x480 [ 16.112216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.112242] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.112267] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.112292] ? __kthread_parkme+0x82/0x180 [ 16.112315] ? preempt_count_sub+0x50/0x80 [ 16.112340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.112366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.112390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.112416] kthread+0x337/0x6f0 [ 16.112436] ? trace_preempt_on+0x20/0xc0 [ 16.112459] ? __pfx_kthread+0x10/0x10 [ 16.112480] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.112503] ? calculate_sigpending+0x7b/0xa0 [ 16.112547] ? __pfx_kthread+0x10/0x10 [ 16.112569] ret_from_fork+0x116/0x1d0 [ 16.112588] ? __pfx_kthread+0x10/0x10 [ 16.112609] ret_from_fork_asm+0x1a/0x30 [ 16.112642] </TASK> [ 16.112654] [ 16.126431] Allocated by task 298: [ 16.126768] kasan_save_stack+0x45/0x70 [ 16.127261] kasan_save_track+0x18/0x40 [ 16.127623] kasan_save_alloc_info+0x3b/0x50 [ 16.128123] __kasan_kmalloc+0xb7/0xc0 [ 16.128354] __kmalloc_cache_noprof+0x189/0x420 [ 16.128787] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.129070] kunit_try_run_case+0x1a5/0x480 [ 16.129497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.129973] kthread+0x337/0x6f0 [ 16.130127] ret_from_fork+0x116/0x1d0 [ 16.130279] ret_from_fork_asm+0x1a/0x30 [ 16.130425] [ 16.130498] The buggy address belongs to the object at ffff888103abd000 [ 16.130498] which belongs to the cache kmalloc-128 of size 128 [ 16.131609] The buggy address is located 0 bytes to the right of [ 16.131609] allocated 120-byte region [ffff888103abd000, ffff888103abd078) [ 16.132886] [ 16.133066] The buggy address belongs to the physical page: [ 16.133644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103abd [ 16.134410] flags: 0x200000000000000(node=0|zone=2) [ 16.134921] page_type: f5(slab) [ 16.135284] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.136008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.136863] page dumped because: kasan: bad access detected [ 16.137501] [ 16.137703] Memory state around the buggy address: [ 16.138188] ffff888103abcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.138817] ffff888103abcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.139525] >ffff888103abd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.140056] ^ [ 16.140381] ffff888103abd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.140605] ffff888103abd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.141311] ================================================================== [ 16.079193] ================================================================== [ 16.079915] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.080950] Read of size 8 at addr ffff888103abd078 by task kunit_try_catch/298 [ 16.082036] [ 16.082177] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.082229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.082242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.082266] Call Trace: [ 16.082280] <TASK> [ 16.082298] dump_stack_lvl+0x73/0xb0 [ 16.082387] print_report+0xd1/0x610 [ 16.082417] ? __virt_addr_valid+0x1db/0x2d0 [ 16.082541] ? copy_to_kernel_nofault+0x225/0x260 [ 16.082575] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.082601] ? copy_to_kernel_nofault+0x225/0x260 [ 16.082626] kasan_report+0x141/0x180 [ 16.082651] ? copy_to_kernel_nofault+0x225/0x260 [ 16.082682] __asan_report_load8_noabort+0x18/0x20 [ 16.082708] copy_to_kernel_nofault+0x225/0x260 [ 16.082735] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.082767] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.082792] ? finish_task_switch.isra.0+0x153/0x700 [ 16.082818] ? __schedule+0x10cc/0x2b60 [ 16.082842] ? trace_hardirqs_on+0x37/0xe0 [ 16.082877] ? __pfx_read_tsc+0x10/0x10 [ 16.082911] ? ktime_get_ts64+0x86/0x230 [ 16.082938] kunit_try_run_case+0x1a5/0x480 [ 16.082964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.083038] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.083067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.083092] ? __kthread_parkme+0x82/0x180 [ 16.083113] ? preempt_count_sub+0x50/0x80 [ 16.083138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.083163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.083188] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.083213] kthread+0x337/0x6f0 [ 16.083233] ? trace_preempt_on+0x20/0xc0 [ 16.083256] ? __pfx_kthread+0x10/0x10 [ 16.083277] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.083300] ? calculate_sigpending+0x7b/0xa0 [ 16.083326] ? __pfx_kthread+0x10/0x10 [ 16.083348] ret_from_fork+0x116/0x1d0 [ 16.083369] ? __pfx_kthread+0x10/0x10 [ 16.083390] ret_from_fork_asm+0x1a/0x30 [ 16.083424] </TASK> [ 16.083436] [ 16.096664] Allocated by task 298: [ 16.096963] kasan_save_stack+0x45/0x70 [ 16.097251] kasan_save_track+0x18/0x40 [ 16.097390] kasan_save_alloc_info+0x3b/0x50 [ 16.097542] __kasan_kmalloc+0xb7/0xc0 [ 16.097689] __kmalloc_cache_noprof+0x189/0x420 [ 16.098073] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.098487] kunit_try_run_case+0x1a5/0x480 [ 16.098930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.099466] kthread+0x337/0x6f0 [ 16.099813] ret_from_fork+0x116/0x1d0 [ 16.100010] ret_from_fork_asm+0x1a/0x30 [ 16.100418] [ 16.100603] The buggy address belongs to the object at ffff888103abd000 [ 16.100603] which belongs to the cache kmalloc-128 of size 128 [ 16.101157] The buggy address is located 0 bytes to the right of [ 16.101157] allocated 120-byte region [ffff888103abd000, ffff888103abd078) [ 16.101932] [ 16.102034] The buggy address belongs to the physical page: [ 16.102212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103abd [ 16.102458] flags: 0x200000000000000(node=0|zone=2) [ 16.102877] page_type: f5(slab) [ 16.103014] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.103277] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.103507] page dumped because: kasan: bad access detected [ 16.104056] [ 16.104245] Memory state around the buggy address: [ 16.104705] ffff888103abcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.105367] ffff888103abcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.106086] >ffff888103abd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.106811] ^ [ 16.107510] ffff888103abd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.107809] ffff888103abd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.108050] ==================================================================