Date
July 19, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.118790] ================================================================== [ 18.118999] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 18.119128] Read of size 8 at addr fff00000c790e578 by task kunit_try_catch/281 [ 18.119201] [ 18.119244] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.119615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.119720] Hardware name: linux,dummy-virt (DT) [ 18.119761] Call trace: [ 18.119790] show_stack+0x20/0x38 (C) [ 18.120157] dump_stack_lvl+0x8c/0xd0 [ 18.120291] print_report+0x118/0x5d0 [ 18.120346] kasan_report+0xdc/0x128 [ 18.120678] __asan_report_load8_noabort+0x20/0x30 [ 18.120876] copy_to_kernel_nofault+0x204/0x250 [ 18.120979] copy_to_kernel_nofault_oob+0x158/0x418 [ 18.121104] kunit_try_run_case+0x170/0x3f0 [ 18.121163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.121582] kthread+0x328/0x630 [ 18.121916] ret_from_fork+0x10/0x20 [ 18.122054] [ 18.122372] Allocated by task 281: [ 18.122721] kasan_save_stack+0x3c/0x68 [ 18.122834] kasan_save_track+0x20/0x40 [ 18.122962] kasan_save_alloc_info+0x40/0x58 [ 18.123106] __kasan_kmalloc+0xd4/0xd8 [ 18.123217] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.123307] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.123519] kunit_try_run_case+0x170/0x3f0 [ 18.123772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.123940] kthread+0x328/0x630 [ 18.123981] ret_from_fork+0x10/0x20 [ 18.124047] [ 18.124073] The buggy address belongs to the object at fff00000c790e500 [ 18.124073] which belongs to the cache kmalloc-128 of size 128 [ 18.124295] The buggy address is located 0 bytes to the right of [ 18.124295] allocated 120-byte region [fff00000c790e500, fff00000c790e578) [ 18.124518] [ 18.124548] The buggy address belongs to the physical page: [ 18.124584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.124651] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.124727] page_type: f5(slab) [ 18.124780] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.124852] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.124897] page dumped because: kasan: bad access detected [ 18.124930] [ 18.124952] Memory state around the buggy address: [ 18.124996] fff00000c790e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.125049] fff00000c790e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.125095] >fff00000c790e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.125145] ^ [ 18.125190] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.125235] fff00000c790e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.125285] ================================================================== [ 18.126858] ================================================================== [ 18.127255] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 18.127334] Write of size 8 at addr fff00000c790e578 by task kunit_try_catch/281 [ 18.127389] [ 18.127448] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.127623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.127655] Hardware name: linux,dummy-virt (DT) [ 18.127845] Call trace: [ 18.127881] show_stack+0x20/0x38 (C) [ 18.128161] dump_stack_lvl+0x8c/0xd0 [ 18.128281] print_report+0x118/0x5d0 [ 18.128497] kasan_report+0xdc/0x128 [ 18.128733] kasan_check_range+0x100/0x1a8 [ 18.128895] __kasan_check_write+0x20/0x30 [ 18.129036] copy_to_kernel_nofault+0x8c/0x250 [ 18.129136] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 18.129496] kunit_try_run_case+0x170/0x3f0 [ 18.129716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.129882] kthread+0x328/0x630 [ 18.129952] ret_from_fork+0x10/0x20 [ 18.130126] [ 18.130167] Allocated by task 281: [ 18.130509] kasan_save_stack+0x3c/0x68 [ 18.130582] kasan_save_track+0x20/0x40 [ 18.130645] kasan_save_alloc_info+0x40/0x58 [ 18.130817] __kasan_kmalloc+0xd4/0xd8 [ 18.130897] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.131225] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.131315] kunit_try_run_case+0x170/0x3f0 [ 18.131515] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.131713] kthread+0x328/0x630 [ 18.131918] ret_from_fork+0x10/0x20 [ 18.132110] [ 18.132232] The buggy address belongs to the object at fff00000c790e500 [ 18.132232] which belongs to the cache kmalloc-128 of size 128 [ 18.132389] The buggy address is located 0 bytes to the right of [ 18.132389] allocated 120-byte region [fff00000c790e500, fff00000c790e578) [ 18.132481] [ 18.132581] The buggy address belongs to the physical page: [ 18.132651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.132740] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.133169] page_type: f5(slab) [ 18.133505] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.133844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.133913] page dumped because: kasan: bad access detected [ 18.133967] [ 18.134003] Memory state around the buggy address: [ 18.134054] fff00000c790e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.134179] fff00000c790e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.134234] >fff00000c790e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.134291] ^ [ 18.134338] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.134384] fff00000c790e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.134426] ==================================================================
[ 15.905536] ================================================================== [ 15.907067] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.907847] Read of size 8 at addr ffff888102fd1d78 by task kunit_try_catch/299 [ 15.908562] [ 15.908740] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 15.908788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.908802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.908825] Call Trace: [ 15.908837] <TASK> [ 15.908853] dump_stack_lvl+0x73/0xb0 [ 15.908906] print_report+0xd1/0x610 [ 15.908930] ? __virt_addr_valid+0x1db/0x2d0 [ 15.908954] ? copy_to_kernel_nofault+0x225/0x260 [ 15.908984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.909017] ? copy_to_kernel_nofault+0x225/0x260 [ 15.909041] kasan_report+0x141/0x180 [ 15.909064] ? copy_to_kernel_nofault+0x225/0x260 [ 15.909092] __asan_report_load8_noabort+0x18/0x20 [ 15.909117] copy_to_kernel_nofault+0x225/0x260 [ 15.909142] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.909166] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.909189] ? finish_task_switch.isra.0+0x153/0x700 [ 15.909212] ? __schedule+0x10cc/0x2b60 [ 15.909235] ? trace_hardirqs_on+0x37/0xe0 [ 15.909266] ? __pfx_read_tsc+0x10/0x10 [ 15.909288] ? ktime_get_ts64+0x86/0x230 [ 15.909312] kunit_try_run_case+0x1a5/0x480 [ 15.909340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.909369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.909393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.909417] ? __kthread_parkme+0x82/0x180 [ 15.909438] ? preempt_count_sub+0x50/0x80 [ 15.909461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.909486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.909509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.909533] kthread+0x337/0x6f0 [ 15.909553] ? trace_preempt_on+0x20/0xc0 [ 15.909576] ? __pfx_kthread+0x10/0x10 [ 15.909597] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.909619] ? calculate_sigpending+0x7b/0xa0 [ 15.909644] ? __pfx_kthread+0x10/0x10 [ 15.909666] ret_from_fork+0x116/0x1d0 [ 15.909685] ? __pfx_kthread+0x10/0x10 [ 15.909705] ret_from_fork_asm+0x1a/0x30 [ 15.909736] </TASK> [ 15.909748] [ 15.916956] Allocated by task 299: [ 15.917152] kasan_save_stack+0x45/0x70 [ 15.917444] kasan_save_track+0x18/0x40 [ 15.917790] kasan_save_alloc_info+0x3b/0x50 [ 15.917972] __kasan_kmalloc+0xb7/0xc0 [ 15.918119] __kmalloc_cache_noprof+0x189/0x420 [ 15.918279] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.918529] kunit_try_run_case+0x1a5/0x480 [ 15.918757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.919079] kthread+0x337/0x6f0 [ 15.919250] ret_from_fork+0x116/0x1d0 [ 15.919487] ret_from_fork_asm+0x1a/0x30 [ 15.919756] [ 15.919874] The buggy address belongs to the object at ffff888102fd1d00 [ 15.919874] which belongs to the cache kmalloc-128 of size 128 [ 15.920302] The buggy address is located 0 bytes to the right of [ 15.920302] allocated 120-byte region [ffff888102fd1d00, ffff888102fd1d78) [ 15.920868] [ 15.920975] The buggy address belongs to the physical page: [ 15.921166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102fd1 [ 15.921496] flags: 0x200000000000000(node=0|zone=2) [ 15.921717] page_type: f5(slab) [ 15.921862] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.922246] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.922574] page dumped because: kasan: bad access detected [ 15.922818] [ 15.922908] Memory state around the buggy address: [ 15.923097] ffff888102fd1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.923370] ffff888102fd1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.923586] >ffff888102fd1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.923798] ^ [ 15.924036] ffff888102fd1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.924253] ffff888102fd1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.924585] ================================================================== [ 15.925553] ================================================================== [ 15.926229] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.926574] Write of size 8 at addr ffff888102fd1d78 by task kunit_try_catch/299 [ 15.926878] [ 15.927071] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 15.927113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.927125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.927147] Call Trace: [ 15.927159] <TASK> [ 15.927172] dump_stack_lvl+0x73/0xb0 [ 15.927200] print_report+0xd1/0x610 [ 15.927223] ? __virt_addr_valid+0x1db/0x2d0 [ 15.927245] ? copy_to_kernel_nofault+0x99/0x260 [ 15.927269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.927292] ? copy_to_kernel_nofault+0x99/0x260 [ 15.927315] kasan_report+0x141/0x180 [ 15.927338] ? copy_to_kernel_nofault+0x99/0x260 [ 15.927373] kasan_check_range+0x10c/0x1c0 [ 15.927398] __kasan_check_write+0x18/0x20 [ 15.927417] copy_to_kernel_nofault+0x99/0x260 [ 15.927442] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.927466] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.927489] ? finish_task_switch.isra.0+0x153/0x700 [ 15.927512] ? __schedule+0x10cc/0x2b60 [ 15.927534] ? trace_hardirqs_on+0x37/0xe0 [ 15.927564] ? __pfx_read_tsc+0x10/0x10 [ 15.927586] ? ktime_get_ts64+0x86/0x230 [ 15.927609] kunit_try_run_case+0x1a5/0x480 [ 15.927633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.927657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.927680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.927704] ? __kthread_parkme+0x82/0x180 [ 15.927724] ? preempt_count_sub+0x50/0x80 [ 15.927747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.927772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.927795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.927820] kthread+0x337/0x6f0 [ 15.927840] ? trace_preempt_on+0x20/0xc0 [ 15.927862] ? __pfx_kthread+0x10/0x10 [ 15.927883] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.927904] ? calculate_sigpending+0x7b/0xa0 [ 15.927928] ? __pfx_kthread+0x10/0x10 [ 15.927949] ret_from_fork+0x116/0x1d0 [ 15.927968] ? __pfx_kthread+0x10/0x10 [ 15.927989] ret_from_fork_asm+0x1a/0x30 [ 15.928030] </TASK> [ 15.928040] [ 15.936799] Allocated by task 299: [ 15.937064] kasan_save_stack+0x45/0x70 [ 15.937321] kasan_save_track+0x18/0x40 [ 15.937540] kasan_save_alloc_info+0x3b/0x50 [ 15.937762] __kasan_kmalloc+0xb7/0xc0 [ 15.937941] __kmalloc_cache_noprof+0x189/0x420 [ 15.938143] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.938346] kunit_try_run_case+0x1a5/0x480 [ 15.938569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.938903] kthread+0x337/0x6f0 [ 15.939071] ret_from_fork+0x116/0x1d0 [ 15.939257] ret_from_fork_asm+0x1a/0x30 [ 15.939402] [ 15.939474] The buggy address belongs to the object at ffff888102fd1d00 [ 15.939474] which belongs to the cache kmalloc-128 of size 128 [ 15.940126] The buggy address is located 0 bytes to the right of [ 15.940126] allocated 120-byte region [ffff888102fd1d00, ffff888102fd1d78) [ 15.940702] [ 15.940778] The buggy address belongs to the physical page: [ 15.941185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102fd1 [ 15.942411] flags: 0x200000000000000(node=0|zone=2) [ 15.942579] page_type: f5(slab) [ 15.942703] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.942940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.943558] page dumped because: kasan: bad access detected [ 15.943845] [ 15.943943] Memory state around the buggy address: [ 15.944199] ffff888102fd1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.944819] ffff888102fd1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.945093] >ffff888102fd1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.945389] ^ [ 15.945824] ffff888102fd1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.946071] ffff888102fd1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.946289] ==================================================================