Date
July 15, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.713003] ================================================================== [ 18.713059] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 18.713153] Write of size 8 at addr fff00000c593d278 by task kunit_try_catch/282 [ 18.713219] [ 18.713249] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.713333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.713362] Hardware name: linux,dummy-virt (DT) [ 18.714039] Call trace: [ 18.714096] show_stack+0x20/0x38 (C) [ 18.714148] dump_stack_lvl+0x8c/0xd0 [ 18.714218] print_report+0x118/0x5d0 [ 18.714411] kasan_report+0xdc/0x128 [ 18.714476] kasan_check_range+0x100/0x1a8 [ 18.714528] __kasan_check_write+0x20/0x30 [ 18.714575] copy_to_kernel_nofault+0x8c/0x250 [ 18.714623] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 18.714729] kunit_try_run_case+0x170/0x3f0 [ 18.714782] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.714835] kthread+0x328/0x630 [ 18.714879] ret_from_fork+0x10/0x20 [ 18.714927] [ 18.714959] Allocated by task 282: [ 18.715012] kasan_save_stack+0x3c/0x68 [ 18.715054] kasan_save_track+0x20/0x40 [ 18.715113] kasan_save_alloc_info+0x40/0x58 [ 18.715224] __kasan_kmalloc+0xd4/0xd8 [ 18.715413] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.715457] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.715498] kunit_try_run_case+0x170/0x3f0 [ 18.715563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.715670] kthread+0x328/0x630 [ 18.715723] ret_from_fork+0x10/0x20 [ 18.715813] [ 18.715878] The buggy address belongs to the object at fff00000c593d200 [ 18.715878] which belongs to the cache kmalloc-128 of size 128 [ 18.715978] The buggy address is located 0 bytes to the right of [ 18.715978] allocated 120-byte region [fff00000c593d200, fff00000c593d278) [ 18.716047] [ 18.716121] The buggy address belongs to the physical page: [ 18.716153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.716219] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.716269] page_type: f5(slab) [ 18.716343] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.716397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.716441] page dumped because: kasan: bad access detected [ 18.716568] [ 18.716590] Memory state around the buggy address: [ 18.716623] fff00000c593d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.716669] fff00000c593d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.716741] >fff00000c593d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.716803] ^ [ 18.717026] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.717076] fff00000c593d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.717168] ================================================================== [ 18.707730] ================================================================== [ 18.707931] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 18.708025] Read of size 8 at addr fff00000c593d278 by task kunit_try_catch/282 [ 18.708214] [ 18.708259] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.708637] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.708670] Hardware name: linux,dummy-virt (DT) [ 18.708705] Call trace: [ 18.708731] show_stack+0x20/0x38 (C) [ 18.708794] dump_stack_lvl+0x8c/0xd0 [ 18.708986] print_report+0x118/0x5d0 [ 18.709098] kasan_report+0xdc/0x128 [ 18.709324] __asan_report_load8_noabort+0x20/0x30 [ 18.709436] copy_to_kernel_nofault+0x204/0x250 [ 18.709486] copy_to_kernel_nofault_oob+0x158/0x418 [ 18.709534] kunit_try_run_case+0x170/0x3f0 [ 18.709584] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.709686] kthread+0x328/0x630 [ 18.709735] ret_from_fork+0x10/0x20 [ 18.709788] [ 18.709808] Allocated by task 282: [ 18.709837] kasan_save_stack+0x3c/0x68 [ 18.709881] kasan_save_track+0x20/0x40 [ 18.709981] kasan_save_alloc_info+0x40/0x58 [ 18.710044] __kasan_kmalloc+0xd4/0xd8 [ 18.710113] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.710169] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.710317] kunit_try_run_case+0x170/0x3f0 [ 18.710357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.710440] kthread+0x328/0x630 [ 18.710525] ret_from_fork+0x10/0x20 [ 18.710565] [ 18.710587] The buggy address belongs to the object at fff00000c593d200 [ 18.710587] which belongs to the cache kmalloc-128 of size 128 [ 18.710708] The buggy address is located 0 bytes to the right of [ 18.710708] allocated 120-byte region [fff00000c593d200, fff00000c593d278) [ 18.710776] [ 18.710797] The buggy address belongs to the physical page: [ 18.710831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.710924] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.710976] page_type: f5(slab) [ 18.711017] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.711070] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.711170] page dumped because: kasan: bad access detected [ 18.711279] [ 18.711357] Memory state around the buggy address: [ 18.711398] fff00000c593d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.711576] fff00000c593d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.711622] >fff00000c593d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.711664] ^ [ 18.711708] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.711753] fff00000c593d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.711794] ==================================================================
[ 16.428172] ================================================================== [ 16.429178] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.429529] Read of size 8 at addr ffff8881038e2878 by task kunit_try_catch/298 [ 16.429879] [ 16.429996] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.430046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.430060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.430083] Call Trace: [ 16.430097] <TASK> [ 16.430115] dump_stack_lvl+0x73/0xb0 [ 16.430148] print_report+0xd1/0x610 [ 16.430173] ? __virt_addr_valid+0x1db/0x2d0 [ 16.430198] ? copy_to_kernel_nofault+0x225/0x260 [ 16.430224] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.430249] ? copy_to_kernel_nofault+0x225/0x260 [ 16.430275] kasan_report+0x141/0x180 [ 16.430298] ? copy_to_kernel_nofault+0x225/0x260 [ 16.430328] __asan_report_load8_noabort+0x18/0x20 [ 16.430356] copy_to_kernel_nofault+0x225/0x260 [ 16.430390] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.430416] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.430442] ? finish_task_switch.isra.0+0x153/0x700 [ 16.430467] ? __schedule+0x10cc/0x2b60 [ 16.430491] ? trace_hardirqs_on+0x37/0xe0 [ 16.430524] ? __pfx_read_tsc+0x10/0x10 [ 16.430547] ? ktime_get_ts64+0x86/0x230 [ 16.430573] kunit_try_run_case+0x1a5/0x480 [ 16.430599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.430624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.430651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.430676] ? __kthread_parkme+0x82/0x180 [ 16.430699] ? preempt_count_sub+0x50/0x80 [ 16.430724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.430750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.431174] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.431205] kthread+0x337/0x6f0 [ 16.431227] ? trace_preempt_on+0x20/0xc0 [ 16.431252] ? __pfx_kthread+0x10/0x10 [ 16.431274] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.431298] ? calculate_sigpending+0x7b/0xa0 [ 16.431349] ? __pfx_kthread+0x10/0x10 [ 16.431372] ret_from_fork+0x116/0x1d0 [ 16.431395] ? __pfx_kthread+0x10/0x10 [ 16.431418] ret_from_fork_asm+0x1a/0x30 [ 16.431467] </TASK> [ 16.431479] [ 16.442524] Allocated by task 298: [ 16.442722] kasan_save_stack+0x45/0x70 [ 16.443650] kasan_save_track+0x18/0x40 [ 16.443815] kasan_save_alloc_info+0x3b/0x50 [ 16.444036] __kasan_kmalloc+0xb7/0xc0 [ 16.444531] __kmalloc_cache_noprof+0x189/0x420 [ 16.444921] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.445254] kunit_try_run_case+0x1a5/0x480 [ 16.445803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.446147] kthread+0x337/0x6f0 [ 16.446283] ret_from_fork+0x116/0x1d0 [ 16.446922] ret_from_fork_asm+0x1a/0x30 [ 16.447513] [ 16.447703] The buggy address belongs to the object at ffff8881038e2800 [ 16.447703] which belongs to the cache kmalloc-128 of size 128 [ 16.448998] The buggy address is located 0 bytes to the right of [ 16.448998] allocated 120-byte region [ffff8881038e2800, ffff8881038e2878) [ 16.449361] [ 16.449435] The buggy address belongs to the physical page: [ 16.449607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.450300] flags: 0x200000000000000(node=0|zone=2) [ 16.451048] page_type: f5(slab) [ 16.451488] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.451940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.452177] page dumped because: kasan: bad access detected [ 16.452769] [ 16.455054] Memory state around the buggy address: [ 16.455286] ffff8881038e2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.455518] ffff8881038e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.455738] >ffff8881038e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.456076] ^ [ 16.456407] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.456842] ffff8881038e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.457601] ================================================================== [ 16.459556] ================================================================== [ 16.460224] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.460983] Write of size 8 at addr ffff8881038e2878 by task kunit_try_catch/298 [ 16.461284] [ 16.461421] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.461486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.461499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.461539] Call Trace: [ 16.461551] <TASK> [ 16.461569] dump_stack_lvl+0x73/0xb0 [ 16.461599] print_report+0xd1/0x610 [ 16.461623] ? __virt_addr_valid+0x1db/0x2d0 [ 16.461648] ? copy_to_kernel_nofault+0x99/0x260 [ 16.461674] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.461699] ? copy_to_kernel_nofault+0x99/0x260 [ 16.461725] kasan_report+0x141/0x180 [ 16.461748] ? copy_to_kernel_nofault+0x99/0x260 [ 16.461790] kasan_check_range+0x10c/0x1c0 [ 16.461816] __kasan_check_write+0x18/0x20 [ 16.461837] copy_to_kernel_nofault+0x99/0x260 [ 16.461864] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.461890] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.461916] ? finish_task_switch.isra.0+0x153/0x700 [ 16.461941] ? __schedule+0x10cc/0x2b60 [ 16.461964] ? trace_hardirqs_on+0x37/0xe0 [ 16.461996] ? __pfx_read_tsc+0x10/0x10 [ 16.462018] ? ktime_get_ts64+0x86/0x230 [ 16.462043] kunit_try_run_case+0x1a5/0x480 [ 16.462070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.462095] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.462121] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.462147] ? __kthread_parkme+0x82/0x180 [ 16.462169] ? preempt_count_sub+0x50/0x80 [ 16.462194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.462220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.462246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.462274] kthread+0x337/0x6f0 [ 16.462295] ? trace_preempt_on+0x20/0xc0 [ 16.462351] ? __pfx_kthread+0x10/0x10 [ 16.462373] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.462403] ? calculate_sigpending+0x7b/0xa0 [ 16.462443] ? __pfx_kthread+0x10/0x10 [ 16.462467] ret_from_fork+0x116/0x1d0 [ 16.462487] ? __pfx_kthread+0x10/0x10 [ 16.462509] ret_from_fork_asm+0x1a/0x30 [ 16.462541] </TASK> [ 16.462553] [ 16.473769] Allocated by task 298: [ 16.474027] kasan_save_stack+0x45/0x70 [ 16.474231] kasan_save_track+0x18/0x40 [ 16.474642] kasan_save_alloc_info+0x3b/0x50 [ 16.474878] __kasan_kmalloc+0xb7/0xc0 [ 16.475272] __kmalloc_cache_noprof+0x189/0x420 [ 16.475489] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.475917] kunit_try_run_case+0x1a5/0x480 [ 16.476389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.476655] kthread+0x337/0x6f0 [ 16.477013] ret_from_fork+0x116/0x1d0 [ 16.477159] ret_from_fork_asm+0x1a/0x30 [ 16.477362] [ 16.477464] The buggy address belongs to the object at ffff8881038e2800 [ 16.477464] which belongs to the cache kmalloc-128 of size 128 [ 16.478331] The buggy address is located 0 bytes to the right of [ 16.478331] allocated 120-byte region [ffff8881038e2800, ffff8881038e2878) [ 16.478950] [ 16.479135] The buggy address belongs to the physical page: [ 16.479610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.480124] flags: 0x200000000000000(node=0|zone=2) [ 16.480466] page_type: f5(slab) [ 16.480602] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.481090] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.481614] page dumped because: kasan: bad access detected [ 16.482226] [ 16.482451] Memory state around the buggy address: [ 16.482774] ffff8881038e2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.483632] ffff8881038e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.484088] >ffff8881038e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.484310] ^ [ 16.485104] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.485774] ffff8881038e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.486493] ==================================================================