Date
July 12, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.455135] ================================================================== [ 23.455630] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 23.455814] Read of size 8 at addr fff00000c5942978 by task kunit_try_catch/282 [ 23.456099] [ 23.456301] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.456568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.456640] Hardware name: linux,dummy-virt (DT) [ 23.456722] Call trace: [ 23.456787] show_stack+0x20/0x38 (C) [ 23.457304] dump_stack_lvl+0x8c/0xd0 [ 23.457577] print_report+0x118/0x608 [ 23.457982] kasan_report+0xdc/0x128 [ 23.458115] __asan_report_load8_noabort+0x20/0x30 [ 23.458215] copy_to_kernel_nofault+0x204/0x250 [ 23.458302] copy_to_kernel_nofault_oob+0x158/0x418 [ 23.458398] kunit_try_run_case+0x170/0x3f0 [ 23.458491] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.458813] kthread+0x328/0x630 [ 23.459074] ret_from_fork+0x10/0x20 [ 23.459339] [ 23.459411] Allocated by task 282: [ 23.459584] kasan_save_stack+0x3c/0x68 [ 23.459975] kasan_save_track+0x20/0x40 [ 23.460213] kasan_save_alloc_info+0x40/0x58 [ 23.460468] __kasan_kmalloc+0xd4/0xd8 [ 23.460597] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.460812] copy_to_kernel_nofault_oob+0xc8/0x418 [ 23.460921] kunit_try_run_case+0x170/0x3f0 [ 23.461218] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.461501] kthread+0x328/0x630 [ 23.461781] ret_from_fork+0x10/0x20 [ 23.461894] [ 23.461962] The buggy address belongs to the object at fff00000c5942900 [ 23.461962] which belongs to the cache kmalloc-128 of size 128 [ 23.462110] The buggy address is located 0 bytes to the right of [ 23.462110] allocated 120-byte region [fff00000c5942900, fff00000c5942978) [ 23.462320] [ 23.462369] The buggy address belongs to the physical page: [ 23.462432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.462568] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.462761] page_type: f5(slab) [ 23.463019] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.463296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.463399] page dumped because: kasan: bad access detected [ 23.463482] [ 23.463524] Memory state around the buggy address: [ 23.463601] fff00000c5942800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.464060] fff00000c5942880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.464356] >fff00000c5942900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.464539] ^ [ 23.464840] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.464955] fff00000c5942a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.465051] ================================================================== [ 23.465931] ================================================================== [ 23.466044] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 23.466158] Write of size 8 at addr fff00000c5942978 by task kunit_try_catch/282 [ 23.466278] [ 23.466673] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.467613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.467694] Hardware name: linux,dummy-virt (DT) [ 23.467766] Call trace: [ 23.467856] show_stack+0x20/0x38 (C) [ 23.468139] dump_stack_lvl+0x8c/0xd0 [ 23.468628] print_report+0x118/0x608 [ 23.469237] kasan_report+0xdc/0x128 [ 23.469365] kasan_check_range+0x100/0x1a8 [ 23.469532] __kasan_check_write+0x20/0x30 [ 23.469747] copy_to_kernel_nofault+0x8c/0x250 [ 23.469879] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 23.469998] kunit_try_run_case+0x170/0x3f0 [ 23.470145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.470280] kthread+0x328/0x630 [ 23.470654] ret_from_fork+0x10/0x20 [ 23.470775] [ 23.470909] Allocated by task 282: [ 23.470989] kasan_save_stack+0x3c/0x68 [ 23.471280] kasan_save_track+0x20/0x40 [ 23.471631] kasan_save_alloc_info+0x40/0x58 [ 23.471809] __kasan_kmalloc+0xd4/0xd8 [ 23.471915] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.472091] copy_to_kernel_nofault_oob+0xc8/0x418 [ 23.472275] kunit_try_run_case+0x170/0x3f0 [ 23.472451] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.472624] kthread+0x328/0x630 [ 23.472815] ret_from_fork+0x10/0x20 [ 23.472915] [ 23.472962] The buggy address belongs to the object at fff00000c5942900 [ 23.472962] which belongs to the cache kmalloc-128 of size 128 [ 23.473098] The buggy address is located 0 bytes to the right of [ 23.473098] allocated 120-byte region [fff00000c5942900, fff00000c5942978) [ 23.473232] [ 23.473272] The buggy address belongs to the physical page: [ 23.473328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.473437] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.473553] page_type: f5(slab) [ 23.473925] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.474188] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.474403] page dumped because: kasan: bad access detected [ 23.474816] [ 23.474975] Memory state around the buggy address: [ 23.475064] fff00000c5942800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.475559] fff00000c5942880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.475697] >fff00000c5942900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.475815] ^ [ 23.475937] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.476050] fff00000c5942a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.476337] ==================================================================
[ 16.717210] ================================================================== [ 16.718563] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.719356] Read of size 8 at addr ffff888102b92f78 by task kunit_try_catch/299 [ 16.720224] [ 16.720529] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.720591] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.720604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.720627] Call Trace: [ 16.720642] <TASK> [ 16.720663] dump_stack_lvl+0x73/0xb0 [ 16.720819] print_report+0xd1/0x650 [ 16.720855] ? __virt_addr_valid+0x1db/0x2d0 [ 16.720882] ? copy_to_kernel_nofault+0x225/0x260 [ 16.720909] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.720934] ? copy_to_kernel_nofault+0x225/0x260 [ 16.720968] kasan_report+0x141/0x180 [ 16.720991] ? copy_to_kernel_nofault+0x225/0x260 [ 16.721021] __asan_report_load8_noabort+0x18/0x20 [ 16.721048] copy_to_kernel_nofault+0x225/0x260 [ 16.721075] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.721100] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.721125] ? finish_task_switch.isra.0+0x153/0x700 [ 16.721152] ? __schedule+0x10cc/0x2b60 [ 16.721176] ? trace_hardirqs_on+0x37/0xe0 [ 16.721210] ? __pfx_read_tsc+0x10/0x10 [ 16.721234] ? ktime_get_ts64+0x86/0x230 [ 16.721260] kunit_try_run_case+0x1a5/0x480 [ 16.721288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.721313] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.721339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.721365] ? __kthread_parkme+0x82/0x180 [ 16.721388] ? preempt_count_sub+0x50/0x80 [ 16.721412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.721438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.721464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.721492] kthread+0x337/0x6f0 [ 16.721513] ? trace_preempt_on+0x20/0xc0 [ 16.721537] ? __pfx_kthread+0x10/0x10 [ 16.721559] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.721582] ? calculate_sigpending+0x7b/0xa0 [ 16.721608] ? __pfx_kthread+0x10/0x10 [ 16.721631] ret_from_fork+0x116/0x1d0 [ 16.721683] ? __pfx_kthread+0x10/0x10 [ 16.721721] ret_from_fork_asm+0x1a/0x30 [ 16.721765] </TASK> [ 16.721777] [ 16.736137] Allocated by task 299: [ 16.736465] kasan_save_stack+0x45/0x70 [ 16.736822] kasan_save_track+0x18/0x40 [ 16.737041] kasan_save_alloc_info+0x3b/0x50 [ 16.737273] __kasan_kmalloc+0xb7/0xc0 [ 16.737406] __kmalloc_cache_noprof+0x189/0x420 [ 16.737564] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.737797] kunit_try_run_case+0x1a5/0x480 [ 16.738057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.738441] kthread+0x337/0x6f0 [ 16.738762] ret_from_fork+0x116/0x1d0 [ 16.738931] ret_from_fork_asm+0x1a/0x30 [ 16.739076] [ 16.739149] The buggy address belongs to the object at ffff888102b92f00 [ 16.739149] which belongs to the cache kmalloc-128 of size 128 [ 16.739630] The buggy address is located 0 bytes to the right of [ 16.739630] allocated 120-byte region [ffff888102b92f00, ffff888102b92f78) [ 16.740144] [ 16.740219] The buggy address belongs to the physical page: [ 16.740391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b92 [ 16.741042] flags: 0x200000000000000(node=0|zone=2) [ 16.741307] page_type: f5(slab) [ 16.741473] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.741885] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.742148] page dumped because: kasan: bad access detected [ 16.742461] [ 16.742579] Memory state around the buggy address: [ 16.742985] ffff888102b92e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.743319] ffff888102b92e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.743532] >ffff888102b92f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.744009] ^ [ 16.744295] ffff888102b92f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.744557] ffff888102b93000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.744999] ================================================================== [ 16.745449] ================================================================== [ 16.745808] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.746230] Write of size 8 at addr ffff888102b92f78 by task kunit_try_catch/299 [ 16.746570] [ 16.746657] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.746707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.746720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.746741] Call Trace: [ 16.746764] <TASK> [ 16.746781] dump_stack_lvl+0x73/0xb0 [ 16.746810] print_report+0xd1/0x650 [ 16.746834] ? __virt_addr_valid+0x1db/0x2d0 [ 16.746857] ? copy_to_kernel_nofault+0x99/0x260 [ 16.746883] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.746907] ? copy_to_kernel_nofault+0x99/0x260 [ 16.746932] kasan_report+0x141/0x180 [ 16.746955] ? copy_to_kernel_nofault+0x99/0x260 [ 16.746985] kasan_check_range+0x10c/0x1c0 [ 16.747018] __kasan_check_write+0x18/0x20 [ 16.747039] copy_to_kernel_nofault+0x99/0x260 [ 16.747065] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.747091] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.747116] ? finish_task_switch.isra.0+0x153/0x700 [ 16.747151] ? __schedule+0x10cc/0x2b60 [ 16.747173] ? trace_hardirqs_on+0x37/0xe0 [ 16.747217] ? __pfx_read_tsc+0x10/0x10 [ 16.747238] ? ktime_get_ts64+0x86/0x230 [ 16.747262] kunit_try_run_case+0x1a5/0x480 [ 16.747287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.747312] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.747337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.747372] ? __kthread_parkme+0x82/0x180 [ 16.747393] ? preempt_count_sub+0x50/0x80 [ 16.747418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.747455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.747481] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.747509] kthread+0x337/0x6f0 [ 16.747529] ? trace_preempt_on+0x20/0xc0 [ 16.747552] ? __pfx_kthread+0x10/0x10 [ 16.747574] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.747597] ? calculate_sigpending+0x7b/0xa0 [ 16.747622] ? __pfx_kthread+0x10/0x10 [ 16.747658] ret_from_fork+0x116/0x1d0 [ 16.747678] ? __pfx_kthread+0x10/0x10 [ 16.747699] ret_from_fork_asm+0x1a/0x30 [ 16.747731] </TASK> [ 16.747741] [ 16.758379] Allocated by task 299: [ 16.758518] kasan_save_stack+0x45/0x70 [ 16.758844] kasan_save_track+0x18/0x40 [ 16.759229] kasan_save_alloc_info+0x3b/0x50 [ 16.759766] __kasan_kmalloc+0xb7/0xc0 [ 16.760137] __kmalloc_cache_noprof+0x189/0x420 [ 16.760555] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.761077] kunit_try_run_case+0x1a5/0x480 [ 16.761232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.761403] kthread+0x337/0x6f0 [ 16.761521] ret_from_fork+0x116/0x1d0 [ 16.761769] ret_from_fork_asm+0x1a/0x30 [ 16.762151] [ 16.762313] The buggy address belongs to the object at ffff888102b92f00 [ 16.762313] which belongs to the cache kmalloc-128 of size 128 [ 16.763711] The buggy address is located 0 bytes to the right of [ 16.763711] allocated 120-byte region [ffff888102b92f00, ffff888102b92f78) [ 16.764816] [ 16.764892] The buggy address belongs to the physical page: [ 16.765062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b92 [ 16.765295] flags: 0x200000000000000(node=0|zone=2) [ 16.765454] page_type: f5(slab) [ 16.765571] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.766244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.767015] page dumped because: kasan: bad access detected [ 16.767507] [ 16.767738] Memory state around the buggy address: [ 16.768182] ffff888102b92e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.769028] ffff888102b92e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.769766] >ffff888102b92f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.770144] ^ [ 16.770353] ffff888102b92f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.770566] ffff888102b93000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.771181] ==================================================================