Date
July 9, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.601973] ================================================================== [ 19.602143] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.602484] Read of size 8 at addr fff00000c76afe78 by task kunit_try_catch/281 [ 19.602561] [ 19.602605] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.603050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.603214] Hardware name: linux,dummy-virt (DT) [ 19.603252] Call trace: [ 19.603287] show_stack+0x20/0x38 (C) [ 19.603427] dump_stack_lvl+0x8c/0xd0 [ 19.603541] print_report+0x118/0x608 [ 19.603653] kasan_report+0xdc/0x128 [ 19.603700] __asan_report_load8_noabort+0x20/0x30 [ 19.603759] copy_to_kernel_nofault+0x204/0x250 [ 19.604009] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.604348] kunit_try_run_case+0x170/0x3f0 [ 19.604631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.604896] kthread+0x328/0x630 [ 19.604985] ret_from_fork+0x10/0x20 [ 19.605039] [ 19.605061] Allocated by task 281: [ 19.605094] kasan_save_stack+0x3c/0x68 [ 19.605237] kasan_save_track+0x20/0x40 [ 19.605446] kasan_save_alloc_info+0x40/0x58 [ 19.605489] __kasan_kmalloc+0xd4/0xd8 [ 19.605547] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.605693] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.605736] kunit_try_run_case+0x170/0x3f0 [ 19.605777] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.605823] kthread+0x328/0x630 [ 19.606110] ret_from_fork+0x10/0x20 [ 19.606250] [ 19.606302] The buggy address belongs to the object at fff00000c76afe00 [ 19.606302] which belongs to the cache kmalloc-128 of size 128 [ 19.606422] The buggy address is located 0 bytes to the right of [ 19.606422] allocated 120-byte region [fff00000c76afe00, fff00000c76afe78) [ 19.606488] [ 19.606512] The buggy address belongs to the physical page: [ 19.606558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.606699] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.606981] page_type: f5(slab) [ 19.607063] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.607369] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.607439] page dumped because: kasan: bad access detected [ 19.607472] [ 19.607492] Memory state around the buggy address: [ 19.607528] fff00000c76afd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.607575] fff00000c76afd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.607621] >fff00000c76afe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.607671] ^ [ 19.607772] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.608221] fff00000c76aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.608339] ================================================================== [ 19.609504] ================================================================== [ 19.609809] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.610134] Write of size 8 at addr fff00000c76afe78 by task kunit_try_catch/281 [ 19.610523] [ 19.610647] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.610734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.610763] Hardware name: linux,dummy-virt (DT) [ 19.610808] Call trace: [ 19.610893] show_stack+0x20/0x38 (C) [ 19.610949] dump_stack_lvl+0x8c/0xd0 [ 19.611002] print_report+0x118/0x608 [ 19.611049] kasan_report+0xdc/0x128 [ 19.611096] kasan_check_range+0x100/0x1a8 [ 19.611158] __kasan_check_write+0x20/0x30 [ 19.611203] copy_to_kernel_nofault+0x8c/0x250 [ 19.611252] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.611304] kunit_try_run_case+0x170/0x3f0 [ 19.611361] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.611416] kthread+0x328/0x630 [ 19.611550] ret_from_fork+0x10/0x20 [ 19.611738] [ 19.611759] Allocated by task 281: [ 19.611793] kasan_save_stack+0x3c/0x68 [ 19.612461] kasan_save_track+0x20/0x40 [ 19.612525] kasan_save_alloc_info+0x40/0x58 [ 19.612588] __kasan_kmalloc+0xd4/0xd8 [ 19.612740] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.612782] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.612824] kunit_try_run_case+0x170/0x3f0 [ 19.612883] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.613094] kthread+0x328/0x630 [ 19.613168] ret_from_fork+0x10/0x20 [ 19.613238] [ 19.613345] The buggy address belongs to the object at fff00000c76afe00 [ 19.613345] which belongs to the cache kmalloc-128 of size 128 [ 19.613481] The buggy address is located 0 bytes to the right of [ 19.613481] allocated 120-byte region [fff00000c76afe00, fff00000c76afe78) [ 19.613646] [ 19.613670] The buggy address belongs to the physical page: [ 19.613741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.613884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.613949] page_type: f5(slab) [ 19.613988] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.614720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.614944] page dumped because: kasan: bad access detected [ 19.614982] [ 19.615175] Memory state around the buggy address: [ 19.615225] fff00000c76afd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.615442] fff00000c76afd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.615496] >fff00000c76afe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.615538] ^ [ 19.615595] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.615941] fff00000c76aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.616040] ==================================================================
[ 16.516866] ================================================================== [ 16.517666] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.518060] Read of size 8 at addr ffff8881031fd378 by task kunit_try_catch/298 [ 16.518490] [ 16.518609] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.518659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.518691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.518726] Call Trace: [ 16.518763] <TASK> [ 16.518784] dump_stack_lvl+0x73/0xb0 [ 16.518819] print_report+0xd1/0x650 [ 16.518858] ? __virt_addr_valid+0x1db/0x2d0 [ 16.518883] ? copy_to_kernel_nofault+0x225/0x260 [ 16.518909] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.518935] ? copy_to_kernel_nofault+0x225/0x260 [ 16.518960] kasan_report+0x141/0x180 [ 16.518983] ? copy_to_kernel_nofault+0x225/0x260 [ 16.519039] __asan_report_load8_noabort+0x18/0x20 [ 16.519066] copy_to_kernel_nofault+0x225/0x260 [ 16.519093] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.519130] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.519155] ? finish_task_switch.isra.0+0x153/0x700 [ 16.519182] ? __schedule+0x10cc/0x2b60 [ 16.519231] ? trace_hardirqs_on+0x37/0xe0 [ 16.519265] ? __pfx_read_tsc+0x10/0x10 [ 16.519309] ? ktime_get_ts64+0x86/0x230 [ 16.519438] kunit_try_run_case+0x1a5/0x480 [ 16.519466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.519490] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.519516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.519542] ? __kthread_parkme+0x82/0x180 [ 16.519565] ? preempt_count_sub+0x50/0x80 [ 16.519589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.519614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.519641] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.519668] kthread+0x337/0x6f0 [ 16.519688] ? trace_preempt_on+0x20/0xc0 [ 16.519722] ? __pfx_kthread+0x10/0x10 [ 16.519744] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.519767] ? calculate_sigpending+0x7b/0xa0 [ 16.519793] ? __pfx_kthread+0x10/0x10 [ 16.519815] ret_from_fork+0x116/0x1d0 [ 16.519835] ? __pfx_kthread+0x10/0x10 [ 16.519857] ret_from_fork_asm+0x1a/0x30 [ 16.519890] </TASK> [ 16.519902] [ 16.528450] Allocated by task 298: [ 16.528699] kasan_save_stack+0x45/0x70 [ 16.528990] kasan_save_track+0x18/0x40 [ 16.529332] kasan_save_alloc_info+0x3b/0x50 [ 16.529718] __kasan_kmalloc+0xb7/0xc0 [ 16.529853] __kmalloc_cache_noprof+0x189/0x420 [ 16.530007] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.530519] kunit_try_run_case+0x1a5/0x480 [ 16.530805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.531060] kthread+0x337/0x6f0 [ 16.531289] ret_from_fork+0x116/0x1d0 [ 16.531613] ret_from_fork_asm+0x1a/0x30 [ 16.531818] [ 16.531925] The buggy address belongs to the object at ffff8881031fd300 [ 16.531925] which belongs to the cache kmalloc-128 of size 128 [ 16.532594] The buggy address is located 0 bytes to the right of [ 16.532594] allocated 120-byte region [ffff8881031fd300, ffff8881031fd378) [ 16.533154] [ 16.533309] The buggy address belongs to the physical page: [ 16.533604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.533979] flags: 0x200000000000000(node=0|zone=2) [ 16.534317] page_type: f5(slab) [ 16.534445] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.534810] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.535204] page dumped because: kasan: bad access detected [ 16.535475] [ 16.535637] Memory state around the buggy address: [ 16.535961] ffff8881031fd200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.536285] ffff8881031fd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.536660] >ffff8881031fd300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.537000] ^ [ 16.537394] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.538099] ffff8881031fd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.538488] ================================================================== [ 16.539202] ================================================================== [ 16.539520] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.539889] Write of size 8 at addr ffff8881031fd378 by task kunit_try_catch/298 [ 16.540202] [ 16.540311] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.540402] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.540416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.540437] Call Trace: [ 16.540462] <TASK> [ 16.540478] dump_stack_lvl+0x73/0xb0 [ 16.540509] print_report+0xd1/0x650 [ 16.540532] ? __virt_addr_valid+0x1db/0x2d0 [ 16.540556] ? copy_to_kernel_nofault+0x99/0x260 [ 16.540581] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.540607] ? copy_to_kernel_nofault+0x99/0x260 [ 16.540652] kasan_report+0x141/0x180 [ 16.540675] ? copy_to_kernel_nofault+0x99/0x260 [ 16.540715] kasan_check_range+0x10c/0x1c0 [ 16.540741] __kasan_check_write+0x18/0x20 [ 16.540761] copy_to_kernel_nofault+0x99/0x260 [ 16.540788] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.540814] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.540841] ? finish_task_switch.isra.0+0x153/0x700 [ 16.540866] ? __schedule+0x10cc/0x2b60 [ 16.540888] ? trace_hardirqs_on+0x37/0xe0 [ 16.540920] ? __pfx_read_tsc+0x10/0x10 [ 16.540942] ? ktime_get_ts64+0x86/0x230 [ 16.540967] kunit_try_run_case+0x1a5/0x480 [ 16.540992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.541016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.541072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.541099] ? __kthread_parkme+0x82/0x180 [ 16.541135] ? preempt_count_sub+0x50/0x80 [ 16.541173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.541212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.541252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.541279] kthread+0x337/0x6f0 [ 16.541313] ? trace_preempt_on+0x20/0xc0 [ 16.541350] ? __pfx_kthread+0x10/0x10 [ 16.541385] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.541434] ? calculate_sigpending+0x7b/0xa0 [ 16.541484] ? __pfx_kthread+0x10/0x10 [ 16.541507] ret_from_fork+0x116/0x1d0 [ 16.541528] ? __pfx_kthread+0x10/0x10 [ 16.542093] ret_from_fork_asm+0x1a/0x30 [ 16.542353] </TASK> [ 16.542369] [ 16.555159] Allocated by task 298: [ 16.555527] kasan_save_stack+0x45/0x70 [ 16.555744] kasan_save_track+0x18/0x40 [ 16.555921] kasan_save_alloc_info+0x3b/0x50 [ 16.556471] __kasan_kmalloc+0xb7/0xc0 [ 16.556758] __kmalloc_cache_noprof+0x189/0x420 [ 16.557370] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.557651] kunit_try_run_case+0x1a5/0x480 [ 16.557858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.558303] kthread+0x337/0x6f0 [ 16.558611] ret_from_fork+0x116/0x1d0 [ 16.558948] ret_from_fork_asm+0x1a/0x30 [ 16.559470] [ 16.559578] The buggy address belongs to the object at ffff8881031fd300 [ 16.559578] which belongs to the cache kmalloc-128 of size 128 [ 16.560327] The buggy address is located 0 bytes to the right of [ 16.560327] allocated 120-byte region [ffff8881031fd300, ffff8881031fd378) [ 16.560956] [ 16.561272] The buggy address belongs to the physical page: [ 16.561553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.561898] flags: 0x200000000000000(node=0|zone=2) [ 16.562388] page_type: f5(slab) [ 16.562605] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.563227] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.563567] page dumped because: kasan: bad access detected [ 16.563816] [ 16.563905] Memory state around the buggy address: [ 16.564416] ffff8881031fd200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.564887] ffff8881031fd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.565434] >ffff8881031fd300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.565740] ^ [ 16.566237] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.566779] ffff8881031fd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.567407] ==================================================================