Date
July 10, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.984374] ================================================================== [ 18.984462] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 18.984540] Read of size 8 at addr fff00000c6454878 by task kunit_try_catch/281 [ 18.984593] [ 18.984636] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.984725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.984755] Hardware name: linux,dummy-virt (DT) [ 18.984789] Call trace: [ 18.984817] show_stack+0x20/0x38 (C) [ 18.985553] dump_stack_lvl+0x8c/0xd0 [ 18.986399] print_report+0x118/0x608 [ 18.986472] kasan_report+0xdc/0x128 [ 18.986563] __asan_report_load8_noabort+0x20/0x30 [ 18.986744] copy_to_kernel_nofault+0x204/0x250 [ 18.987073] copy_to_kernel_nofault_oob+0x158/0x418 [ 18.987142] kunit_try_run_case+0x170/0x3f0 [ 18.987196] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.987566] kthread+0x328/0x630 [ 18.987643] ret_from_fork+0x10/0x20 [ 18.988033] [ 18.988062] Allocated by task 281: [ 18.988126] kasan_save_stack+0x3c/0x68 [ 18.988417] kasan_save_track+0x20/0x40 [ 18.988697] kasan_save_alloc_info+0x40/0x58 [ 18.989044] __kasan_kmalloc+0xd4/0xd8 [ 18.989361] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.989446] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.989841] kunit_try_run_case+0x170/0x3f0 [ 18.989903] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.990245] kthread+0x328/0x630 [ 18.990522] ret_from_fork+0x10/0x20 [ 18.990668] [ 18.991020] The buggy address belongs to the object at fff00000c6454800 [ 18.991020] which belongs to the cache kmalloc-128 of size 128 [ 18.991291] The buggy address is located 0 bytes to the right of [ 18.991291] allocated 120-byte region [fff00000c6454800, fff00000c6454878) [ 18.991357] [ 18.991381] The buggy address belongs to the physical page: [ 18.991418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 18.991514] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.992632] page_type: f5(slab) [ 18.992912] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.993072] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.993250] page dumped because: kasan: bad access detected [ 18.993285] [ 18.993311] Memory state around the buggy address: [ 18.993349] fff00000c6454700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.993396] fff00000c6454780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.993443] >fff00000c6454800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.993486] ^ [ 18.993530] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.993575] fff00000c6454900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.993617] ================================================================== [ 18.996953] ================================================================== [ 18.997607] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 18.997671] Write of size 8 at addr fff00000c6454878 by task kunit_try_catch/281 [ 18.997723] [ 18.997938] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.998099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.998133] Hardware name: linux,dummy-virt (DT) [ 18.998204] Call trace: [ 18.998233] show_stack+0x20/0x38 (C) [ 18.998575] dump_stack_lvl+0x8c/0xd0 [ 18.998937] print_report+0x118/0x608 [ 18.999198] kasan_report+0xdc/0x128 [ 18.999575] kasan_check_range+0x100/0x1a8 [ 18.999856] __kasan_check_write+0x20/0x30 [ 18.999980] copy_to_kernel_nofault+0x8c/0x250 [ 19.000060] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.000489] kunit_try_run_case+0x170/0x3f0 [ 19.000546] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.000922] kthread+0x328/0x630 [ 19.000982] ret_from_fork+0x10/0x20 [ 19.001121] [ 19.001143] Allocated by task 281: [ 19.001176] kasan_save_stack+0x3c/0x68 [ 19.001722] kasan_save_track+0x20/0x40 [ 19.001991] kasan_save_alloc_info+0x40/0x58 [ 19.002052] __kasan_kmalloc+0xd4/0xd8 [ 19.002189] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.002629] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.002789] kunit_try_run_case+0x170/0x3f0 [ 19.002835] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.003043] kthread+0x328/0x630 [ 19.003419] ret_from_fork+0x10/0x20 [ 19.003721] [ 19.003791] The buggy address belongs to the object at fff00000c6454800 [ 19.003791] which belongs to the cache kmalloc-128 of size 128 [ 19.004001] The buggy address is located 0 bytes to the right of [ 19.004001] allocated 120-byte region [fff00000c6454800, fff00000c6454878) [ 19.004215] [ 19.004252] The buggy address belongs to the physical page: [ 19.004349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.004409] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.004463] page_type: f5(slab) [ 19.004505] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.005041] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.005308] page dumped because: kasan: bad access detected [ 19.005358] [ 19.005377] Memory state around the buggy address: [ 19.005486] fff00000c6454700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.005870] fff00000c6454780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.006031] >fff00000c6454800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.006258] ^ [ 19.006325] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.006380] fff00000c6454900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.006529] ==================================================================
[ 16.559508] ================================================================== [ 16.559951] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.560556] Write of size 8 at addr ffff8881027a3f78 by task kunit_try_catch/299 [ 16.562789] [ 16.562910] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.562955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.562968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.562989] Call Trace: [ 16.563003] <TASK> [ 16.563019] dump_stack_lvl+0x73/0xb0 [ 16.563050] print_report+0xd1/0x650 [ 16.563074] ? __virt_addr_valid+0x1db/0x2d0 [ 16.563097] ? copy_to_kernel_nofault+0x99/0x260 [ 16.563121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.563147] ? copy_to_kernel_nofault+0x99/0x260 [ 16.563172] kasan_report+0x141/0x180 [ 16.563195] ? copy_to_kernel_nofault+0x99/0x260 [ 16.563224] kasan_check_range+0x10c/0x1c0 [ 16.563249] __kasan_check_write+0x18/0x20 [ 16.563269] copy_to_kernel_nofault+0x99/0x260 [ 16.563296] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.563321] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.563359] ? finish_task_switch.isra.0+0x153/0x700 [ 16.563383] ? __schedule+0x10cc/0x2b60 [ 16.563406] ? trace_hardirqs_on+0x37/0xe0 [ 16.563437] ? __pfx_read_tsc+0x10/0x10 [ 16.563459] ? ktime_get_ts64+0x86/0x230 [ 16.563483] kunit_try_run_case+0x1a5/0x480 [ 16.563508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.564604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.564646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.564674] ? __kthread_parkme+0x82/0x180 [ 16.564698] ? preempt_count_sub+0x50/0x80 [ 16.564723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.564749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.564776] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.564803] kthread+0x337/0x6f0 [ 16.564823] ? trace_preempt_on+0x20/0xc0 [ 16.564848] ? __pfx_kthread+0x10/0x10 [ 16.564870] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.564893] ? calculate_sigpending+0x7b/0xa0 [ 16.564919] ? __pfx_kthread+0x10/0x10 [ 16.564941] ret_from_fork+0x116/0x1d0 [ 16.564961] ? __pfx_kthread+0x10/0x10 [ 16.564982] ret_from_fork_asm+0x1a/0x30 [ 16.565013] </TASK> [ 16.565025] [ 16.577156] Allocated by task 299: [ 16.577617] kasan_save_stack+0x45/0x70 [ 16.577939] kasan_save_track+0x18/0x40 [ 16.578246] kasan_save_alloc_info+0x3b/0x50 [ 16.578731] __kasan_kmalloc+0xb7/0xc0 [ 16.579040] __kmalloc_cache_noprof+0x189/0x420 [ 16.579266] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.579857] kunit_try_run_case+0x1a5/0x480 [ 16.580061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.580503] kthread+0x337/0x6f0 [ 16.580783] ret_from_fork+0x116/0x1d0 [ 16.580962] ret_from_fork_asm+0x1a/0x30 [ 16.581130] [ 16.581233] The buggy address belongs to the object at ffff8881027a3f00 [ 16.581233] which belongs to the cache kmalloc-128 of size 128 [ 16.582144] The buggy address is located 0 bytes to the right of [ 16.582144] allocated 120-byte region [ffff8881027a3f00, ffff8881027a3f78) [ 16.583009] [ 16.583241] The buggy address belongs to the physical page: [ 16.583741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a3 [ 16.584237] flags: 0x200000000000000(node=0|zone=2) [ 16.584455] page_type: f5(slab) [ 16.584986] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.585596] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.585951] page dumped because: kasan: bad access detected [ 16.586327] [ 16.586618] Memory state around the buggy address: [ 16.587035] ffff8881027a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.587646] ffff8881027a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.587940] >ffff8881027a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.588387] ^ [ 16.588901] ffff8881027a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.589355] ffff8881027a4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.589923] ================================================================== [ 16.528187] ================================================================== [ 16.529519] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.530479] Read of size 8 at addr ffff8881027a3f78 by task kunit_try_catch/299 [ 16.530959] [ 16.531060] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.531108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.531121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.531143] Call Trace: [ 16.531157] <TASK> [ 16.531176] dump_stack_lvl+0x73/0xb0 [ 16.531210] print_report+0xd1/0x650 [ 16.531236] ? __virt_addr_valid+0x1db/0x2d0 [ 16.531261] ? copy_to_kernel_nofault+0x225/0x260 [ 16.531287] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.531313] ? copy_to_kernel_nofault+0x225/0x260 [ 16.531351] kasan_report+0x141/0x180 [ 16.531375] ? copy_to_kernel_nofault+0x225/0x260 [ 16.531405] __asan_report_load8_noabort+0x18/0x20 [ 16.531431] copy_to_kernel_nofault+0x225/0x260 [ 16.531458] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.531507] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.531533] ? finish_task_switch.isra.0+0x153/0x700 [ 16.531559] ? __schedule+0x10cc/0x2b60 [ 16.531583] ? trace_hardirqs_on+0x37/0xe0 [ 16.531725] ? __pfx_read_tsc+0x10/0x10 [ 16.531760] ? ktime_get_ts64+0x86/0x230 [ 16.531788] kunit_try_run_case+0x1a5/0x480 [ 16.531816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.531841] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.531867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.531893] ? __kthread_parkme+0x82/0x180 [ 16.531916] ? preempt_count_sub+0x50/0x80 [ 16.531940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.531966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.531992] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.532018] kthread+0x337/0x6f0 [ 16.532038] ? trace_preempt_on+0x20/0xc0 [ 16.532062] ? __pfx_kthread+0x10/0x10 [ 16.532084] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.532107] ? calculate_sigpending+0x7b/0xa0 [ 16.532132] ? __pfx_kthread+0x10/0x10 [ 16.532154] ret_from_fork+0x116/0x1d0 [ 16.532180] ? __pfx_kthread+0x10/0x10 [ 16.532201] ret_from_fork_asm+0x1a/0x30 [ 16.532234] </TASK> [ 16.532245] [ 16.546494] Allocated by task 299: [ 16.546976] kasan_save_stack+0x45/0x70 [ 16.547189] kasan_save_track+0x18/0x40 [ 16.547520] kasan_save_alloc_info+0x3b/0x50 [ 16.547720] __kasan_kmalloc+0xb7/0xc0 [ 16.547910] __kmalloc_cache_noprof+0x189/0x420 [ 16.548107] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.548328] kunit_try_run_case+0x1a5/0x480 [ 16.548868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.549182] kthread+0x337/0x6f0 [ 16.549391] ret_from_fork+0x116/0x1d0 [ 16.549756] ret_from_fork_asm+0x1a/0x30 [ 16.550042] [ 16.550252] The buggy address belongs to the object at ffff8881027a3f00 [ 16.550252] which belongs to the cache kmalloc-128 of size 128 [ 16.551128] The buggy address is located 0 bytes to the right of [ 16.551128] allocated 120-byte region [ffff8881027a3f00, ffff8881027a3f78) [ 16.552001] [ 16.552302] The buggy address belongs to the physical page: [ 16.552768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a3 [ 16.553215] flags: 0x200000000000000(node=0|zone=2) [ 16.553704] page_type: f5(slab) [ 16.553863] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.554243] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.554801] page dumped because: kasan: bad access detected [ 16.555199] [ 16.555287] Memory state around the buggy address: [ 16.555777] ffff8881027a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.556640] ffff8881027a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.556932] >ffff8881027a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.557144] ^ [ 16.557458] ffff8881027a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.557675] ffff8881027a4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.557882] ==================================================================