Date
July 3, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.709921] ================================================================== [ 23.710424] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 23.711073] Read of size 8 at addr fff00000c659c278 by task kunit_try_catch/281 [ 23.711257] [ 23.711397] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.711833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.711911] Hardware name: linux,dummy-virt (DT) [ 23.712017] Call trace: [ 23.712095] show_stack+0x20/0x38 (C) [ 23.712221] dump_stack_lvl+0x8c/0xd0 [ 23.712343] print_report+0x118/0x608 [ 23.712456] kasan_report+0xdc/0x128 [ 23.712586] __asan_report_load8_noabort+0x20/0x30 [ 23.712709] copy_to_kernel_nofault+0x204/0x250 [ 23.712842] copy_to_kernel_nofault_oob+0x158/0x418 [ 23.712973] kunit_try_run_case+0x170/0x3f0 [ 23.713122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.713321] kthread+0x328/0x630 [ 23.713463] ret_from_fork+0x10/0x20 [ 23.713632] [ 23.713717] Allocated by task 281: [ 23.713786] kasan_save_stack+0x3c/0x68 [ 23.713879] kasan_save_track+0x20/0x40 [ 23.713977] kasan_save_alloc_info+0x40/0x58 [ 23.714124] __kasan_kmalloc+0xd4/0xd8 [ 23.714240] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.714338] copy_to_kernel_nofault_oob+0xc8/0x418 [ 23.714435] kunit_try_run_case+0x170/0x3f0 [ 23.714524] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.714638] kthread+0x328/0x630 [ 23.714725] ret_from_fork+0x10/0x20 [ 23.714826] [ 23.714900] The buggy address belongs to the object at fff00000c659c200 [ 23.714900] which belongs to the cache kmalloc-128 of size 128 [ 23.715092] The buggy address is located 0 bytes to the right of [ 23.715092] allocated 120-byte region [fff00000c659c200, fff00000c659c278) [ 23.715286] [ 23.715370] The buggy address belongs to the physical page: [ 23.715463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659c [ 23.715622] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.715772] page_type: f5(slab) [ 23.715883] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.716047] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.716147] page dumped because: kasan: bad access detected [ 23.716227] [ 23.716281] Memory state around the buggy address: [ 23.716398] fff00000c659c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.716575] fff00000c659c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.716746] >fff00000c659c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.716893] ^ [ 23.717070] fff00000c659c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.717221] fff00000c659c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.717327] ================================================================== [ 23.721460] ================================================================== [ 23.721536] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 23.721606] Write of size 8 at addr fff00000c659c278 by task kunit_try_catch/281 [ 23.721676] [ 23.721803] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.721973] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.722053] Hardware name: linux,dummy-virt (DT) [ 23.722133] Call trace: [ 23.722921] show_stack+0x20/0x38 (C) [ 23.723113] dump_stack_lvl+0x8c/0xd0 [ 23.723243] print_report+0x118/0x608 [ 23.723357] kasan_report+0xdc/0x128 [ 23.723463] kasan_check_range+0x100/0x1a8 [ 23.723567] __kasan_check_write+0x20/0x30 [ 23.723677] copy_to_kernel_nofault+0x8c/0x250 [ 23.723783] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 23.723898] kunit_try_run_case+0x170/0x3f0 [ 23.724208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.724818] kthread+0x328/0x630 [ 23.725090] ret_from_fork+0x10/0x20 [ 23.725212] [ 23.725356] Allocated by task 281: [ 23.725423] kasan_save_stack+0x3c/0x68 [ 23.725870] kasan_save_track+0x20/0x40 [ 23.725986] kasan_save_alloc_info+0x40/0x58 [ 23.726089] __kasan_kmalloc+0xd4/0xd8 [ 23.726545] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.726841] copy_to_kernel_nofault_oob+0xc8/0x418 [ 23.727138] kunit_try_run_case+0x170/0x3f0 [ 23.727331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.727455] kthread+0x328/0x630 [ 23.727536] ret_from_fork+0x10/0x20 [ 23.727683] [ 23.727744] The buggy address belongs to the object at fff00000c659c200 [ 23.727744] which belongs to the cache kmalloc-128 of size 128 [ 23.728327] The buggy address is located 0 bytes to the right of [ 23.728327] allocated 120-byte region [fff00000c659c200, fff00000c659c278) [ 23.728518] [ 23.728574] The buggy address belongs to the physical page: [ 23.728718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659c [ 23.729279] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.729425] page_type: f5(slab) [ 23.729592] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.729843] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.729957] page dumped because: kasan: bad access detected [ 23.730043] [ 23.730115] Memory state around the buggy address: [ 23.730188] fff00000c659c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.730307] fff00000c659c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.730485] >fff00000c659c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.730581] ^ [ 23.730730] fff00000c659c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.730880] fff00000c659c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.731013] ==================================================================
[ 15.507589] ================================================================== [ 15.508041] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.508327] Read of size 8 at addr ffff8881039bf678 by task kunit_try_catch/299 [ 15.509119] [ 15.509503] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.509658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.509677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.509702] Call Trace: [ 15.509717] <TASK> [ 15.509736] dump_stack_lvl+0x73/0xb0 [ 15.509768] print_report+0xd1/0x650 [ 15.509794] ? __virt_addr_valid+0x1db/0x2d0 [ 15.509818] ? copy_to_kernel_nofault+0x225/0x260 [ 15.509842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.509864] ? copy_to_kernel_nofault+0x225/0x260 [ 15.509888] kasan_report+0x141/0x180 [ 15.509912] ? copy_to_kernel_nofault+0x225/0x260 [ 15.509941] __asan_report_load8_noabort+0x18/0x20 [ 15.509967] copy_to_kernel_nofault+0x225/0x260 [ 15.509993] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.510017] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.510040] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.510066] ? trace_hardirqs_on+0x37/0xe0 [ 15.510097] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.510138] kunit_try_run_case+0x1a5/0x480 [ 15.510165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.510187] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.510211] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.510234] ? __kthread_parkme+0x82/0x180 [ 15.510256] ? preempt_count_sub+0x50/0x80 [ 15.510280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.510322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.510346] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.510370] kthread+0x337/0x6f0 [ 15.510390] ? trace_preempt_on+0x20/0xc0 [ 15.510413] ? __pfx_kthread+0x10/0x10 [ 15.510435] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.510457] ? calculate_sigpending+0x7b/0xa0 [ 15.510481] ? __pfx_kthread+0x10/0x10 [ 15.510503] ret_from_fork+0x116/0x1d0 [ 15.510526] ? __pfx_kthread+0x10/0x10 [ 15.510547] ret_from_fork_asm+0x1a/0x30 [ 15.510578] </TASK> [ 15.510591] [ 15.521581] Allocated by task 299: [ 15.521777] kasan_save_stack+0x45/0x70 [ 15.521959] kasan_save_track+0x18/0x40 [ 15.522354] kasan_save_alloc_info+0x3b/0x50 [ 15.522745] __kasan_kmalloc+0xb7/0xc0 [ 15.522959] __kmalloc_cache_noprof+0x189/0x420 [ 15.523378] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.523570] kunit_try_run_case+0x1a5/0x480 [ 15.523804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.524182] kthread+0x337/0x6f0 [ 15.524395] ret_from_fork+0x116/0x1d0 [ 15.524656] ret_from_fork_asm+0x1a/0x30 [ 15.524848] [ 15.525149] The buggy address belongs to the object at ffff8881039bf600 [ 15.525149] which belongs to the cache kmalloc-128 of size 128 [ 15.525956] The buggy address is located 0 bytes to the right of [ 15.525956] allocated 120-byte region [ffff8881039bf600, ffff8881039bf678) [ 15.526683] [ 15.526923] The buggy address belongs to the physical page: [ 15.527338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039bf [ 15.527641] flags: 0x200000000000000(node=0|zone=2) [ 15.528192] page_type: f5(slab) [ 15.528341] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.528681] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.529075] page dumped because: kasan: bad access detected [ 15.529570] [ 15.529655] Memory state around the buggy address: [ 15.530019] ffff8881039bf500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.530500] ffff8881039bf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.530841] >ffff8881039bf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.531289] ^ [ 15.531767] ffff8881039bf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.532276] ffff8881039bf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.532633] ================================================================== [ 15.533490] ================================================================== [ 15.534413] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.534670] Write of size 8 at addr ffff8881039bf678 by task kunit_try_catch/299 [ 15.535030] [ 15.535357] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.535405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.535418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.535440] Call Trace: [ 15.535453] <TASK> [ 15.535469] dump_stack_lvl+0x73/0xb0 [ 15.535498] print_report+0xd1/0x650 [ 15.535522] ? __virt_addr_valid+0x1db/0x2d0 [ 15.535780] ? copy_to_kernel_nofault+0x99/0x260 [ 15.535805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.535828] ? copy_to_kernel_nofault+0x99/0x260 [ 15.535852] kasan_report+0x141/0x180 [ 15.535876] ? copy_to_kernel_nofault+0x99/0x260 [ 15.535905] kasan_check_range+0x10c/0x1c0 [ 15.535930] __kasan_check_write+0x18/0x20 [ 15.535950] copy_to_kernel_nofault+0x99/0x260 [ 15.535975] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.535999] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.536024] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.536049] ? trace_hardirqs_on+0x37/0xe0 [ 15.536081] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.536109] kunit_try_run_case+0x1a5/0x480 [ 15.536148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.536171] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.536195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.536219] ? __kthread_parkme+0x82/0x180 [ 15.536241] ? preempt_count_sub+0x50/0x80 [ 15.536266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.536289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.536312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.536338] kthread+0x337/0x6f0 [ 15.536358] ? trace_preempt_on+0x20/0xc0 [ 15.536381] ? __pfx_kthread+0x10/0x10 [ 15.536402] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.536423] ? calculate_sigpending+0x7b/0xa0 [ 15.536448] ? __pfx_kthread+0x10/0x10 [ 15.536470] ret_from_fork+0x116/0x1d0 [ 15.536489] ? __pfx_kthread+0x10/0x10 [ 15.536510] ret_from_fork_asm+0x1a/0x30 [ 15.536541] </TASK> [ 15.536553] [ 15.547738] Allocated by task 299: [ 15.548483] kasan_save_stack+0x45/0x70 [ 15.549148] kasan_save_track+0x18/0x40 [ 15.550042] kasan_save_alloc_info+0x3b/0x50 [ 15.550903] __kasan_kmalloc+0xb7/0xc0 [ 15.551822] __kmalloc_cache_noprof+0x189/0x420 [ 15.552483] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.553378] kunit_try_run_case+0x1a5/0x480 [ 15.553781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.554596] kthread+0x337/0x6f0 [ 15.554926] ret_from_fork+0x116/0x1d0 [ 15.555425] ret_from_fork_asm+0x1a/0x30 [ 15.555849] [ 15.556062] The buggy address belongs to the object at ffff8881039bf600 [ 15.556062] which belongs to the cache kmalloc-128 of size 128 [ 15.556928] The buggy address is located 0 bytes to the right of [ 15.556928] allocated 120-byte region [ffff8881039bf600, ffff8881039bf678) [ 15.557901] [ 15.558067] The buggy address belongs to the physical page: [ 15.558854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039bf [ 15.559280] flags: 0x200000000000000(node=0|zone=2) [ 15.559811] page_type: f5(slab) [ 15.560098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.560520] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.560756] page dumped because: kasan: bad access detected [ 15.560929] [ 15.561001] Memory state around the buggy address: [ 15.561172] ffff8881039bf500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.561922] ffff8881039bf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.562668] >ffff8881039bf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.563380] ^ [ 15.564042] ffff8881039bf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.564927] ffff8881039bf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.565711] ==================================================================