Date
July 12, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.575330] ================================================================== [ 19.575408] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.575718] Read of size 8 at addr fff00000c7897a78 by task kunit_try_catch/281 [ 19.575853] [ 19.575898] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.576032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.576071] Hardware name: linux,dummy-virt (DT) [ 19.576138] Call trace: [ 19.576166] show_stack+0x20/0x38 (C) [ 19.576472] dump_stack_lvl+0x8c/0xd0 [ 19.576625] print_report+0x118/0x5d0 [ 19.576736] kasan_report+0xdc/0x128 [ 19.576905] __asan_report_load8_noabort+0x20/0x30 [ 19.576975] copy_to_kernel_nofault+0x204/0x250 [ 19.577091] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.577250] kunit_try_run_case+0x170/0x3f0 [ 19.577327] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.577612] kthread+0x328/0x630 [ 19.577855] ret_from_fork+0x10/0x20 [ 19.577929] [ 19.577954] Allocated by task 281: [ 19.578374] kasan_save_stack+0x3c/0x68 [ 19.578437] kasan_save_track+0x20/0x40 [ 19.578546] kasan_save_alloc_info+0x40/0x58 [ 19.578644] __kasan_kmalloc+0xd4/0xd8 [ 19.578796] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.578890] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.579026] kunit_try_run_case+0x170/0x3f0 [ 19.579117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.579295] kthread+0x328/0x630 [ 19.579594] ret_from_fork+0x10/0x20 [ 19.579730] [ 19.579766] The buggy address belongs to the object at fff00000c7897a00 [ 19.579766] which belongs to the cache kmalloc-128 of size 128 [ 19.579832] The buggy address is located 0 bytes to the right of [ 19.579832] allocated 120-byte region [fff00000c7897a00, fff00000c7897a78) [ 19.579909] [ 19.579932] The buggy address belongs to the physical page: [ 19.580082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.580150] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.580309] page_type: f5(slab) [ 19.580465] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.580591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.580708] page dumped because: kasan: bad access detected [ 19.580788] [ 19.580925] Memory state around the buggy address: [ 19.581026] fff00000c7897900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.581392] fff00000c7897980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.581551] >fff00000c7897a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.581658] ^ [ 19.581760] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.581810] fff00000c7897b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.581853] ================================================================== [ 19.583251] ================================================================== [ 19.583410] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.583477] Write of size 8 at addr fff00000c7897a78 by task kunit_try_catch/281 [ 19.583555] [ 19.583613] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.583828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.583879] Hardware name: linux,dummy-virt (DT) [ 19.583977] Call trace: [ 19.584057] show_stack+0x20/0x38 (C) [ 19.584122] dump_stack_lvl+0x8c/0xd0 [ 19.584433] print_report+0x118/0x5d0 [ 19.584622] kasan_report+0xdc/0x128 [ 19.584676] kasan_check_range+0x100/0x1a8 [ 19.584736] __kasan_check_write+0x20/0x30 [ 19.584782] copy_to_kernel_nofault+0x8c/0x250 [ 19.584831] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.584882] kunit_try_run_case+0x170/0x3f0 [ 19.584974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.585048] kthread+0x328/0x630 [ 19.585092] ret_from_fork+0x10/0x20 [ 19.585164] [ 19.585194] Allocated by task 281: [ 19.585224] kasan_save_stack+0x3c/0x68 [ 19.585271] kasan_save_track+0x20/0x40 [ 19.585324] kasan_save_alloc_info+0x40/0x58 [ 19.585376] __kasan_kmalloc+0xd4/0xd8 [ 19.585416] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.585465] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.585507] kunit_try_run_case+0x170/0x3f0 [ 19.585548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.585604] kthread+0x328/0x630 [ 19.585639] ret_from_fork+0x10/0x20 [ 19.585677] [ 19.585706] The buggy address belongs to the object at fff00000c7897a00 [ 19.585706] which belongs to the cache kmalloc-128 of size 128 [ 19.585777] The buggy address is located 0 bytes to the right of [ 19.585777] allocated 120-byte region [fff00000c7897a00, fff00000c7897a78) [ 19.585860] [ 19.585890] The buggy address belongs to the physical page: [ 19.585928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.586018] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.586070] page_type: f5(slab) [ 19.586110] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.586182] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.586795] page dumped because: kasan: bad access detected [ 19.586835] [ 19.586856] Memory state around the buggy address: [ 19.586891] fff00000c7897900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.587154] fff00000c7897980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.587565] >fff00000c7897a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.587648] ^ [ 19.587794] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.587898] fff00000c7897b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.588074] ==================================================================
[ 16.740586] ================================================================== [ 16.741685] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.742257] Read of size 8 at addr ffff888103a67478 by task kunit_try_catch/298 [ 16.742896] [ 16.743160] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.743207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.743220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.743243] Call Trace: [ 16.743257] <TASK> [ 16.743284] dump_stack_lvl+0x73/0xb0 [ 16.743317] print_report+0xd1/0x610 [ 16.743376] ? __virt_addr_valid+0x1db/0x2d0 [ 16.743401] ? copy_to_kernel_nofault+0x225/0x260 [ 16.743438] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.743464] ? copy_to_kernel_nofault+0x225/0x260 [ 16.743489] kasan_report+0x141/0x180 [ 16.743512] ? copy_to_kernel_nofault+0x225/0x260 [ 16.743542] __asan_report_load8_noabort+0x18/0x20 [ 16.743569] copy_to_kernel_nofault+0x225/0x260 [ 16.743595] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.743622] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.743648] ? finish_task_switch.isra.0+0x153/0x700 [ 16.743674] ? __schedule+0x10cc/0x2b60 [ 16.743697] ? trace_hardirqs_on+0x37/0xe0 [ 16.743730] ? __pfx_read_tsc+0x10/0x10 [ 16.743752] ? ktime_get_ts64+0x86/0x230 [ 16.743778] kunit_try_run_case+0x1a5/0x480 [ 16.743805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.743829] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.743855] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.743880] ? __kthread_parkme+0x82/0x180 [ 16.743903] ? preempt_count_sub+0x50/0x80 [ 16.743927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.743953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.743979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.744066] kthread+0x337/0x6f0 [ 16.744087] ? trace_preempt_on+0x20/0xc0 [ 16.744112] ? __pfx_kthread+0x10/0x10 [ 16.744133] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.744157] ? calculate_sigpending+0x7b/0xa0 [ 16.744183] ? __pfx_kthread+0x10/0x10 [ 16.744206] ret_from_fork+0x116/0x1d0 [ 16.744226] ? __pfx_kthread+0x10/0x10 [ 16.744247] ret_from_fork_asm+0x1a/0x30 [ 16.744291] </TASK> [ 16.744303] [ 16.758775] Allocated by task 298: [ 16.759074] kasan_save_stack+0x45/0x70 [ 16.759465] kasan_save_track+0x18/0x40 [ 16.759605] kasan_save_alloc_info+0x3b/0x50 [ 16.759753] __kasan_kmalloc+0xb7/0xc0 [ 16.759885] __kmalloc_cache_noprof+0x189/0x420 [ 16.760077] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.760299] kunit_try_run_case+0x1a5/0x480 [ 16.760525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.760779] kthread+0x337/0x6f0 [ 16.760911] ret_from_fork+0x116/0x1d0 [ 16.761067] ret_from_fork_asm+0x1a/0x30 [ 16.761276] [ 16.761374] The buggy address belongs to the object at ffff888103a67400 [ 16.761374] which belongs to the cache kmalloc-128 of size 128 [ 16.761793] The buggy address is located 0 bytes to the right of [ 16.761793] allocated 120-byte region [ffff888103a67400, ffff888103a67478) [ 16.762405] [ 16.762521] The buggy address belongs to the physical page: [ 16.762773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 16.763234] flags: 0x200000000000000(node=0|zone=2) [ 16.763430] page_type: f5(slab) [ 16.763551] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.763883] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.764284] page dumped because: kasan: bad access detected [ 16.764462] [ 16.764557] Memory state around the buggy address: [ 16.764808] ffff888103a67300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.765259] ffff888103a67380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.765597] >ffff888103a67400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.765893] ^ [ 16.766291] ffff888103a67480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.766610] ffff888103a67500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.766921] ================================================================== [ 16.767742] ================================================================== [ 16.768172] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.768958] Write of size 8 at addr ffff888103a67478 by task kunit_try_catch/298 [ 16.769526] [ 16.769634] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.769689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.769711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.769733] Call Trace: [ 16.769746] <TASK> [ 16.769761] dump_stack_lvl+0x73/0xb0 [ 16.769802] print_report+0xd1/0x610 [ 16.769826] ? __virt_addr_valid+0x1db/0x2d0 [ 16.769849] ? copy_to_kernel_nofault+0x99/0x260 [ 16.769875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.769900] ? copy_to_kernel_nofault+0x99/0x260 [ 16.769935] kasan_report+0x141/0x180 [ 16.769959] ? copy_to_kernel_nofault+0x99/0x260 [ 16.770023] kasan_check_range+0x10c/0x1c0 [ 16.770050] __kasan_check_write+0x18/0x20 [ 16.770071] copy_to_kernel_nofault+0x99/0x260 [ 16.770099] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.770125] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.770150] ? finish_task_switch.isra.0+0x153/0x700 [ 16.770175] ? __schedule+0x10cc/0x2b60 [ 16.770198] ? trace_hardirqs_on+0x37/0xe0 [ 16.770230] ? __pfx_read_tsc+0x10/0x10 [ 16.770253] ? ktime_get_ts64+0x86/0x230 [ 16.770287] kunit_try_run_case+0x1a5/0x480 [ 16.770313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.770337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.770410] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.770461] ? __kthread_parkme+0x82/0x180 [ 16.770483] ? preempt_count_sub+0x50/0x80 [ 16.770507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.770534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.770569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.770596] kthread+0x337/0x6f0 [ 16.770617] ? trace_preempt_on+0x20/0xc0 [ 16.770651] ? __pfx_kthread+0x10/0x10 [ 16.770673] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.770695] ? calculate_sigpending+0x7b/0xa0 [ 16.770725] ? __pfx_kthread+0x10/0x10 [ 16.770747] ret_from_fork+0x116/0x1d0 [ 16.770767] ? __pfx_kthread+0x10/0x10 [ 16.770798] ret_from_fork_asm+0x1a/0x30 [ 16.770831] </TASK> [ 16.770842] [ 16.780869] Allocated by task 298: [ 16.781020] kasan_save_stack+0x45/0x70 [ 16.781172] kasan_save_track+0x18/0x40 [ 16.781320] kasan_save_alloc_info+0x3b/0x50 [ 16.781471] __kasan_kmalloc+0xb7/0xc0 [ 16.781605] __kmalloc_cache_noprof+0x189/0x420 [ 16.781764] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.781930] kunit_try_run_case+0x1a5/0x480 [ 16.782078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.782257] kthread+0x337/0x6f0 [ 16.784416] ret_from_fork+0x116/0x1d0 [ 16.785477] ret_from_fork_asm+0x1a/0x30 [ 16.786437] [ 16.786551] The buggy address belongs to the object at ffff888103a67400 [ 16.786551] which belongs to the cache kmalloc-128 of size 128 [ 16.787301] The buggy address is located 0 bytes to the right of [ 16.787301] allocated 120-byte region [ffff888103a67400, ffff888103a67478) [ 16.788085] [ 16.788287] The buggy address belongs to the physical page: [ 16.788517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 16.788878] flags: 0x200000000000000(node=0|zone=2) [ 16.789447] page_type: f5(slab) [ 16.789606] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.789970] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.790685] page dumped because: kasan: bad access detected [ 16.791050] [ 16.791148] Memory state around the buggy address: [ 16.791332] ffff888103a67300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.791654] ffff888103a67380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.791975] >ffff888103a67400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.792636] ^ [ 16.793155] ffff888103a67480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.793692] ffff888103a67500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.794215] ==================================================================