Date
July 2, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.347959] ================================================================== [ 21.348025] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 21.348081] Write of size 8 at addr fff00000c7041878 by task kunit_try_catch/281 [ 21.348422] [ 21.348481] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.348795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.348910] Hardware name: linux,dummy-virt (DT) [ 21.349041] Call trace: [ 21.349106] show_stack+0x20/0x38 (C) [ 21.349164] dump_stack_lvl+0x8c/0xd0 [ 21.349507] print_report+0x118/0x608 [ 21.349705] kasan_report+0xdc/0x128 [ 21.349806] kasan_check_range+0x100/0x1a8 [ 21.350134] __kasan_check_write+0x20/0x30 [ 21.350450] copy_to_kernel_nofault+0x8c/0x250 [ 21.350673] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 21.350780] kunit_try_run_case+0x170/0x3f0 [ 21.350928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.350999] kthread+0x328/0x630 [ 21.351379] ret_from_fork+0x10/0x20 [ 21.351552] [ 21.351866] Allocated by task 281: [ 21.352129] kasan_save_stack+0x3c/0x68 [ 21.352446] kasan_save_track+0x20/0x40 [ 21.352587] kasan_save_alloc_info+0x40/0x58 [ 21.352944] __kasan_kmalloc+0xd4/0xd8 [ 21.353102] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.353463] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.353633] kunit_try_run_case+0x170/0x3f0 [ 21.353712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.353965] kthread+0x328/0x630 [ 21.354240] ret_from_fork+0x10/0x20 [ 21.354290] [ 21.354350] The buggy address belongs to the object at fff00000c7041800 [ 21.354350] which belongs to the cache kmalloc-128 of size 128 [ 21.354710] The buggy address is located 0 bytes to the right of [ 21.354710] allocated 120-byte region [fff00000c7041800, fff00000c7041878) [ 21.354788] [ 21.355006] The buggy address belongs to the physical page: [ 21.355238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.355384] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.355633] page_type: f5(slab) [ 21.355846] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.355937] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.356141] page dumped because: kasan: bad access detected [ 21.356226] [ 21.356247] Memory state around the buggy address: [ 21.356304] fff00000c7041700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.356353] fff00000c7041780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.356516] >fff00000c7041800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.356571] ^ [ 21.356636] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.356691] fff00000c7041900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.356939] ================================================================== [ 21.335727] ================================================================== [ 21.335990] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 21.336111] Read of size 8 at addr fff00000c7041878 by task kunit_try_catch/281 [ 21.336168] [ 21.336239] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.336474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.336567] Hardware name: linux,dummy-virt (DT) [ 21.336756] Call trace: [ 21.336791] show_stack+0x20/0x38 (C) [ 21.336910] dump_stack_lvl+0x8c/0xd0 [ 21.336964] print_report+0x118/0x608 [ 21.337015] kasan_report+0xdc/0x128 [ 21.337061] __asan_report_load8_noabort+0x20/0x30 [ 21.337421] copy_to_kernel_nofault+0x204/0x250 [ 21.337525] copy_to_kernel_nofault_oob+0x158/0x418 [ 21.337692] kunit_try_run_case+0x170/0x3f0 [ 21.337790] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.337927] kthread+0x328/0x630 [ 21.338286] ret_from_fork+0x10/0x20 [ 21.338445] [ 21.338527] Allocated by task 281: [ 21.338698] kasan_save_stack+0x3c/0x68 [ 21.338793] kasan_save_track+0x20/0x40 [ 21.338863] kasan_save_alloc_info+0x40/0x58 [ 21.339090] __kasan_kmalloc+0xd4/0xd8 [ 21.339305] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.339413] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.339482] kunit_try_run_case+0x170/0x3f0 [ 21.339626] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.339717] kthread+0x328/0x630 [ 21.339756] ret_from_fork+0x10/0x20 [ 21.339827] [ 21.340657] The buggy address belongs to the object at fff00000c7041800 [ 21.340657] which belongs to the cache kmalloc-128 of size 128 [ 21.340753] The buggy address is located 0 bytes to the right of [ 21.340753] allocated 120-byte region [fff00000c7041800, fff00000c7041878) [ 21.340866] [ 21.340922] The buggy address belongs to the physical page: [ 21.341629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.341912] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.342002] page_type: f5(slab) [ 21.342077] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.342253] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.342327] page dumped because: kasan: bad access detected [ 21.342437] [ 21.342509] Memory state around the buggy address: [ 21.342562] fff00000c7041700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.342769] fff00000c7041780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.343079] >fff00000c7041800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.343295] ^ [ 21.343407] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.343489] fff00000c7041900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.343595] ==================================================================
[ 15.292733] ================================================================== [ 15.293612] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.294079] Read of size 8 at addr ffff888102c8b978 by task kunit_try_catch/300 [ 15.294715] [ 15.294937] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.294999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.295015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.295039] Call Trace: [ 15.295054] <TASK> [ 15.295073] dump_stack_lvl+0x73/0xb0 [ 15.295107] print_report+0xd1/0x650 [ 15.295135] ? __virt_addr_valid+0x1db/0x2d0 [ 15.295161] ? copy_to_kernel_nofault+0x225/0x260 [ 15.295185] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.295209] ? copy_to_kernel_nofault+0x225/0x260 [ 15.295233] kasan_report+0x141/0x180 [ 15.295256] ? copy_to_kernel_nofault+0x225/0x260 [ 15.295284] __asan_report_load8_noabort+0x18/0x20 [ 15.295309] copy_to_kernel_nofault+0x225/0x260 [ 15.295334] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.295371] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.295395] ? finish_task_switch.isra.0+0x153/0x700 [ 15.295419] ? __schedule+0x10cc/0x2b60 [ 15.295442] ? trace_hardirqs_on+0x37/0xe0 [ 15.295475] ? __pfx_read_tsc+0x10/0x10 [ 15.295497] ? ktime_get_ts64+0x86/0x230 [ 15.295522] kunit_try_run_case+0x1a5/0x480 [ 15.295549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.295678] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.295712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.295737] ? __kthread_parkme+0x82/0x180 [ 15.295760] ? preempt_count_sub+0x50/0x80 [ 15.295785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.295810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.295835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.295859] kthread+0x337/0x6f0 [ 15.295879] ? trace_preempt_on+0x20/0xc0 [ 15.295902] ? __pfx_kthread+0x10/0x10 [ 15.295924] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.295945] ? calculate_sigpending+0x7b/0xa0 [ 15.295970] ? __pfx_kthread+0x10/0x10 [ 15.295992] ret_from_fork+0x116/0x1d0 [ 15.296012] ? __pfx_kthread+0x10/0x10 [ 15.296033] ret_from_fork_asm+0x1a/0x30 [ 15.296065] </TASK> [ 15.296079] [ 15.308375] Allocated by task 300: [ 15.308962] kasan_save_stack+0x45/0x70 [ 15.309309] kasan_save_track+0x18/0x40 [ 15.309612] kasan_save_alloc_info+0x3b/0x50 [ 15.309924] __kasan_kmalloc+0xb7/0xc0 [ 15.310125] __kmalloc_cache_noprof+0x189/0x420 [ 15.310367] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.310585] kunit_try_run_case+0x1a5/0x480 [ 15.310774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.311441] kthread+0x337/0x6f0 [ 15.311855] ret_from_fork+0x116/0x1d0 [ 15.312047] ret_from_fork_asm+0x1a/0x30 [ 15.312313] [ 15.312410] The buggy address belongs to the object at ffff888102c8b900 [ 15.312410] which belongs to the cache kmalloc-128 of size 128 [ 15.313339] The buggy address is located 0 bytes to the right of [ 15.313339] allocated 120-byte region [ffff888102c8b900, ffff888102c8b978) [ 15.314221] [ 15.314310] The buggy address belongs to the physical page: [ 15.314550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.315325] flags: 0x200000000000000(node=0|zone=2) [ 15.315784] page_type: f5(slab) [ 15.315966] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.316354] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.316858] page dumped because: kasan: bad access detected [ 15.317236] [ 15.317318] Memory state around the buggy address: [ 15.317801] ffff888102c8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.318137] ffff888102c8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.318441] >ffff888102c8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.319081] ^ [ 15.319389] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.319904] ffff888102c8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.320391] ================================================================== [ 15.321257] ================================================================== [ 15.321566] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.323057] Write of size 8 at addr ffff888102c8b978 by task kunit_try_catch/300 [ 15.323519] [ 15.323832] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.324022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.324039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.324062] Call Trace: [ 15.324076] <TASK> [ 15.324095] dump_stack_lvl+0x73/0xb0 [ 15.324129] print_report+0xd1/0x650 [ 15.324153] ? __virt_addr_valid+0x1db/0x2d0 [ 15.324178] ? copy_to_kernel_nofault+0x99/0x260 [ 15.324203] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.324226] ? copy_to_kernel_nofault+0x99/0x260 [ 15.324250] kasan_report+0x141/0x180 [ 15.324273] ? copy_to_kernel_nofault+0x99/0x260 [ 15.324301] kasan_check_range+0x10c/0x1c0 [ 15.324325] __kasan_check_write+0x18/0x20 [ 15.324358] copy_to_kernel_nofault+0x99/0x260 [ 15.324384] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.324409] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.324435] ? finish_task_switch.isra.0+0x153/0x700 [ 15.324458] ? __schedule+0x10cc/0x2b60 [ 15.324481] ? trace_hardirqs_on+0x37/0xe0 [ 15.324513] ? __pfx_read_tsc+0x10/0x10 [ 15.324535] ? ktime_get_ts64+0x86/0x230 [ 15.324560] kunit_try_run_case+0x1a5/0x480 [ 15.324597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.324620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.324644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.324668] ? __kthread_parkme+0x82/0x180 [ 15.324690] ? preempt_count_sub+0x50/0x80 [ 15.324713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.324737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.324761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.324786] kthread+0x337/0x6f0 [ 15.324805] ? trace_preempt_on+0x20/0xc0 [ 15.324828] ? __pfx_kthread+0x10/0x10 [ 15.324849] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.324871] ? calculate_sigpending+0x7b/0xa0 [ 15.324895] ? __pfx_kthread+0x10/0x10 [ 15.324917] ret_from_fork+0x116/0x1d0 [ 15.324936] ? __pfx_kthread+0x10/0x10 [ 15.324957] ret_from_fork_asm+0x1a/0x30 [ 15.324988] </TASK> [ 15.325001] [ 15.337810] Allocated by task 300: [ 15.338011] kasan_save_stack+0x45/0x70 [ 15.338210] kasan_save_track+0x18/0x40 [ 15.338401] kasan_save_alloc_info+0x3b/0x50 [ 15.338596] __kasan_kmalloc+0xb7/0xc0 [ 15.339187] __kmalloc_cache_noprof+0x189/0x420 [ 15.339636] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.340242] kunit_try_run_case+0x1a5/0x480 [ 15.340420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.340601] kthread+0x337/0x6f0 [ 15.340736] ret_from_fork+0x116/0x1d0 [ 15.340871] ret_from_fork_asm+0x1a/0x30 [ 15.341013] [ 15.341085] The buggy address belongs to the object at ffff888102c8b900 [ 15.341085] which belongs to the cache kmalloc-128 of size 128 [ 15.341455] The buggy address is located 0 bytes to the right of [ 15.341455] allocated 120-byte region [ffff888102c8b900, ffff888102c8b978) [ 15.343958] [ 15.344264] The buggy address belongs to the physical page: [ 15.345224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.345930] flags: 0x200000000000000(node=0|zone=2) [ 15.346168] page_type: f5(slab) [ 15.346329] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.347057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.347360] page dumped because: kasan: bad access detected [ 15.348097] [ 15.348281] Memory state around the buggy address: [ 15.348771] ffff888102c8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.349582] ffff888102c8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.350068] >ffff888102c8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.350770] ^ [ 15.351543] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.351976] ffff888102c8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.352663] ==================================================================