Date
July 5, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.985321] ================================================================== [ 22.985953] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 22.986565] Read of size 8 at addr fff00000c7a37278 by task kunit_try_catch/282 [ 22.986753] [ 22.986906] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.987172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.987263] Hardware name: linux,dummy-virt (DT) [ 22.987347] Call trace: [ 22.987797] show_stack+0x20/0x38 (C) [ 22.987941] dump_stack_lvl+0x8c/0xd0 [ 22.988056] print_report+0x118/0x608 [ 22.988164] kasan_report+0xdc/0x128 [ 22.988257] __asan_report_load8_noabort+0x20/0x30 [ 22.988378] copy_to_kernel_nofault+0x204/0x250 [ 22.988498] copy_to_kernel_nofault_oob+0x158/0x418 [ 22.988609] kunit_try_run_case+0x170/0x3f0 [ 22.988727] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.988850] kthread+0x328/0x630 [ 22.988947] ret_from_fork+0x10/0x20 [ 22.989053] [ 22.989104] Allocated by task 282: [ 22.989171] kasan_save_stack+0x3c/0x68 [ 22.989270] kasan_save_track+0x20/0x40 [ 22.990194] kasan_save_alloc_info+0x40/0x58 [ 22.990803] __kasan_kmalloc+0xd4/0xd8 [ 22.990974] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.991144] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.991311] kunit_try_run_case+0x170/0x3f0 [ 22.991818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.992343] kthread+0x328/0x630 [ 22.992465] ret_from_fork+0x10/0x20 [ 22.992563] [ 22.992673] The buggy address belongs to the object at fff00000c7a37200 [ 22.992673] which belongs to the cache kmalloc-128 of size 128 [ 22.992888] The buggy address is located 0 bytes to the right of [ 22.992888] allocated 120-byte region [fff00000c7a37200, fff00000c7a37278) [ 22.993049] [ 22.993530] The buggy address belongs to the physical page: [ 22.993627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a37 [ 22.993830] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.993956] page_type: f5(slab) [ 22.994106] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.994297] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.994818] page dumped because: kasan: bad access detected [ 22.994996] [ 22.995066] Memory state around the buggy address: [ 22.995161] fff00000c7a37100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.995351] fff00000c7a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.995480] >fff00000c7a37200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.995571] ^ [ 22.995675] fff00000c7a37280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.996398] fff00000c7a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.996515] ================================================================== [ 22.999743] ================================================================== [ 22.999944] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 23.000149] Write of size 8 at addr fff00000c7a37278 by task kunit_try_catch/282 [ 23.000274] [ 23.000619] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.000819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.001259] Hardware name: linux,dummy-virt (DT) [ 23.001531] Call trace: [ 23.001615] show_stack+0x20/0x38 (C) [ 23.001749] dump_stack_lvl+0x8c/0xd0 [ 23.001951] print_report+0x118/0x608 [ 23.002134] kasan_report+0xdc/0x128 [ 23.002233] kasan_check_range+0x100/0x1a8 [ 23.002327] __kasan_check_write+0x20/0x30 [ 23.002452] copy_to_kernel_nofault+0x8c/0x250 [ 23.002572] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 23.002694] kunit_try_run_case+0x170/0x3f0 [ 23.002805] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.002931] kthread+0x328/0x630 [ 23.003533] ret_from_fork+0x10/0x20 [ 23.004000] [ 23.004240] Allocated by task 282: [ 23.004324] kasan_save_stack+0x3c/0x68 [ 23.004532] kasan_save_track+0x20/0x40 [ 23.004625] kasan_save_alloc_info+0x40/0x58 [ 23.005133] __kasan_kmalloc+0xd4/0xd8 [ 23.005790] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.006461] copy_to_kernel_nofault_oob+0xc8/0x418 [ 23.006601] kunit_try_run_case+0x170/0x3f0 [ 23.006709] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.006816] kthread+0x328/0x630 [ 23.006889] ret_from_fork+0x10/0x20 [ 23.006962] [ 23.007001] The buggy address belongs to the object at fff00000c7a37200 [ 23.007001] which belongs to the cache kmalloc-128 of size 128 [ 23.007119] The buggy address is located 0 bytes to the right of [ 23.007119] allocated 120-byte region [fff00000c7a37200, fff00000c7a37278) [ 23.007268] [ 23.007749] The buggy address belongs to the physical page: [ 23.008004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a37 [ 23.008484] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.008616] page_type: f5(slab) [ 23.009000] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.009134] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.009544] page dumped because: kasan: bad access detected [ 23.009632] [ 23.009722] Memory state around the buggy address: [ 23.009818] fff00000c7a37100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.009967] fff00000c7a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.010070] >fff00000c7a37200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.010146] ^ [ 23.010464] fff00000c7a37280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.010796] fff00000c7a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.010904] ==================================================================
[ 18.290123] ================================================================== [ 18.290470] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 18.290862] Write of size 8 at addr ffff8881038e9478 by task kunit_try_catch/299 [ 18.291298] [ 18.291438] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.291500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.291518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.291547] Call Trace: [ 18.291573] <TASK> [ 18.291596] dump_stack_lvl+0x73/0xb0 [ 18.291639] print_report+0xd1/0x650 [ 18.291681] ? __virt_addr_valid+0x1db/0x2d0 [ 18.291711] ? copy_to_kernel_nofault+0x99/0x260 [ 18.291741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.291770] ? copy_to_kernel_nofault+0x99/0x260 [ 18.291799] kasan_report+0x141/0x180 [ 18.291828] ? copy_to_kernel_nofault+0x99/0x260 [ 18.291863] kasan_check_range+0x10c/0x1c0 [ 18.291893] __kasan_check_write+0x18/0x20 [ 18.291917] copy_to_kernel_nofault+0x99/0x260 [ 18.291949] copy_to_kernel_nofault_oob+0x288/0x560 [ 18.291979] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 18.292008] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 18.292054] ? trace_hardirqs_on+0x37/0xe0 [ 18.292095] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 18.292130] kunit_try_run_case+0x1a5/0x480 [ 18.292161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.292188] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.292218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.292248] ? __kthread_parkme+0x82/0x180 [ 18.292275] ? preempt_count_sub+0x50/0x80 [ 18.292305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.292335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.292363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.292392] kthread+0x337/0x6f0 [ 18.292418] ? trace_preempt_on+0x20/0xc0 [ 18.292445] ? __pfx_kthread+0x10/0x10 [ 18.292472] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.292501] ? calculate_sigpending+0x7b/0xa0 [ 18.292532] ? __pfx_kthread+0x10/0x10 [ 18.292560] ret_from_fork+0x116/0x1d0 [ 18.292584] ? __pfx_kthread+0x10/0x10 [ 18.292612] ret_from_fork_asm+0x1a/0x30 [ 18.292661] </TASK> [ 18.292679] [ 18.302128] Allocated by task 299: [ 18.302368] kasan_save_stack+0x45/0x70 [ 18.302558] kasan_save_track+0x18/0x40 [ 18.302738] kasan_save_alloc_info+0x3b/0x50 [ 18.302920] __kasan_kmalloc+0xb7/0xc0 [ 18.303100] __kmalloc_cache_noprof+0x189/0x420 [ 18.303364] copy_to_kernel_nofault_oob+0x12f/0x560 [ 18.303643] kunit_try_run_case+0x1a5/0x480 [ 18.303905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.304245] kthread+0x337/0x6f0 [ 18.304392] ret_from_fork+0x116/0x1d0 [ 18.304554] ret_from_fork_asm+0x1a/0x30 [ 18.304755] [ 18.304980] The buggy address belongs to the object at ffff8881038e9400 [ 18.304980] which belongs to the cache kmalloc-128 of size 128 [ 18.305622] The buggy address is located 0 bytes to the right of [ 18.305622] allocated 120-byte region [ffff8881038e9400, ffff8881038e9478) [ 18.306357] [ 18.306494] The buggy address belongs to the physical page: [ 18.308975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e9 [ 18.310491] flags: 0x200000000000000(node=0|zone=2) [ 18.311385] page_type: f5(slab) [ 18.312563] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.314216] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.314741] page dumped because: kasan: bad access detected [ 18.316042] [ 18.317204] Memory state around the buggy address: [ 18.318097] ffff8881038e9300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.318382] ffff8881038e9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.318667] >ffff8881038e9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.320450] ^ [ 18.321751] ffff8881038e9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.323772] ffff8881038e9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.325195] ================================================================== [ 18.259157] ================================================================== [ 18.260249] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 18.260565] Read of size 8 at addr ffff8881038e9478 by task kunit_try_catch/299 [ 18.260923] [ 18.261106] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.261171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.261190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.261220] Call Trace: [ 18.261238] <TASK> [ 18.261265] dump_stack_lvl+0x73/0xb0 [ 18.261312] print_report+0xd1/0x650 [ 18.261343] ? __virt_addr_valid+0x1db/0x2d0 [ 18.261375] ? copy_to_kernel_nofault+0x225/0x260 [ 18.261405] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.261435] ? copy_to_kernel_nofault+0x225/0x260 [ 18.261493] kasan_report+0x141/0x180 [ 18.261521] ? copy_to_kernel_nofault+0x225/0x260 [ 18.261576] __asan_report_load8_noabort+0x18/0x20 [ 18.261607] copy_to_kernel_nofault+0x225/0x260 [ 18.261640] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 18.261685] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 18.261714] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 18.261746] ? trace_hardirqs_on+0x37/0xe0 [ 18.261810] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 18.261853] kunit_try_run_case+0x1a5/0x480 [ 18.261924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.261953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.261985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.262014] ? __kthread_parkme+0x82/0x180 [ 18.262042] ? preempt_count_sub+0x50/0x80 [ 18.262075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.262105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.262135] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.262164] kthread+0x337/0x6f0 [ 18.262190] ? trace_preempt_on+0x20/0xc0 [ 18.262217] ? __pfx_kthread+0x10/0x10 [ 18.262245] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.262273] ? calculate_sigpending+0x7b/0xa0 [ 18.262305] ? __pfx_kthread+0x10/0x10 [ 18.262333] ret_from_fork+0x116/0x1d0 [ 18.262359] ? __pfx_kthread+0x10/0x10 [ 18.262385] ret_from_fork_asm+0x1a/0x30 [ 18.262431] </TASK> [ 18.262448] [ 18.273435] Allocated by task 299: [ 18.274070] kasan_save_stack+0x45/0x70 [ 18.274581] kasan_save_track+0x18/0x40 [ 18.275047] kasan_save_alloc_info+0x3b/0x50 [ 18.275435] __kasan_kmalloc+0xb7/0xc0 [ 18.275679] __kmalloc_cache_noprof+0x189/0x420 [ 18.276277] copy_to_kernel_nofault_oob+0x12f/0x560 [ 18.276713] kunit_try_run_case+0x1a5/0x480 [ 18.277178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.277496] kthread+0x337/0x6f0 [ 18.277708] ret_from_fork+0x116/0x1d0 [ 18.278268] ret_from_fork_asm+0x1a/0x30 [ 18.278781] [ 18.279023] The buggy address belongs to the object at ffff8881038e9400 [ 18.279023] which belongs to the cache kmalloc-128 of size 128 [ 18.279591] The buggy address is located 0 bytes to the right of [ 18.279591] allocated 120-byte region [ffff8881038e9400, ffff8881038e9478) [ 18.280903] [ 18.281190] The buggy address belongs to the physical page: [ 18.281693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e9 [ 18.282414] flags: 0x200000000000000(node=0|zone=2) [ 18.282938] page_type: f5(slab) [ 18.283417] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.284131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.284673] page dumped because: kasan: bad access detected [ 18.285259] [ 18.285389] Memory state around the buggy address: [ 18.285642] ffff8881038e9300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.286526] ffff8881038e9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.287191] >ffff8881038e9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.287567] ^ [ 18.288287] ffff8881038e9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.288840] ffff8881038e9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.289337] ==================================================================