Date
June 19, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.569415] ================================================================== [ 34.569617] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 34.569799] Read of size 8 at addr fff00000c7741378 by task kunit_try_catch/292 [ 34.569995] [ 34.570110] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.570362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.570429] Hardware name: linux,dummy-virt (DT) [ 34.570504] Call trace: [ 34.570567] show_stack+0x20/0x38 (C) [ 34.570674] dump_stack_lvl+0x8c/0xd0 [ 34.570841] print_report+0x118/0x608 [ 34.570978] kasan_report+0xdc/0x128 [ 34.571096] __asan_report_load8_noabort+0x20/0x30 [ 34.571214] copy_to_kernel_nofault+0x204/0x250 [ 34.571365] copy_to_kernel_nofault_oob+0x158/0x418 [ 34.571518] kunit_try_run_case+0x170/0x3f0 [ 34.571710] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.571915] kthread+0x328/0x630 [ 34.572079] ret_from_fork+0x10/0x20 [ 34.572202] [ 34.572262] Allocated by task 292: [ 34.572342] kasan_save_stack+0x3c/0x68 [ 34.572454] kasan_save_track+0x20/0x40 [ 34.572550] kasan_save_alloc_info+0x40/0x58 [ 34.572655] __kasan_kmalloc+0xd4/0xd8 [ 34.572762] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.572901] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.573020] kunit_try_run_case+0x170/0x3f0 [ 34.573160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.573320] kthread+0x328/0x630 [ 34.573433] ret_from_fork+0x10/0x20 [ 34.573553] [ 34.573609] The buggy address belongs to the object at fff00000c7741300 [ 34.573609] which belongs to the cache kmalloc-128 of size 128 [ 34.573744] The buggy address is located 0 bytes to the right of [ 34.573744] allocated 120-byte region [fff00000c7741300, fff00000c7741378) [ 34.573987] [ 34.574046] The buggy address belongs to the physical page: [ 34.574124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.574269] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.574432] page_type: f5(slab) [ 34.574541] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.574701] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.574825] page dumped because: kasan: bad access detected [ 34.575038] [ 34.575097] Memory state around the buggy address: [ 34.575184] fff00000c7741200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.575295] fff00000c7741280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.575389] >fff00000c7741300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.575469] ^ [ 34.575561] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.575645] fff00000c7741400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.575739] ================================================================== [ 34.579489] ================================================================== [ 34.580024] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 34.580313] Write of size 8 at addr fff00000c7741378 by task kunit_try_catch/292 [ 34.580582] [ 34.580861] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.581349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.581552] Hardware name: linux,dummy-virt (DT) [ 34.581758] Call trace: [ 34.582098] show_stack+0x20/0x38 (C) [ 34.582259] dump_stack_lvl+0x8c/0xd0 [ 34.582381] print_report+0x118/0x608 [ 34.582681] kasan_report+0xdc/0x128 [ 34.583071] kasan_check_range+0x100/0x1a8 [ 34.583278] __kasan_check_write+0x20/0x30 [ 34.583396] copy_to_kernel_nofault+0x8c/0x250 [ 34.583747] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 34.584108] kunit_try_run_case+0x170/0x3f0 [ 34.584283] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.584518] kthread+0x328/0x630 [ 34.584763] ret_from_fork+0x10/0x20 [ 34.585056] [ 34.585349] Allocated by task 292: [ 34.585457] kasan_save_stack+0x3c/0x68 [ 34.585629] kasan_save_track+0x20/0x40 [ 34.585859] kasan_save_alloc_info+0x40/0x58 [ 34.586043] __kasan_kmalloc+0xd4/0xd8 [ 34.586228] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.586462] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.586555] kunit_try_run_case+0x170/0x3f0 [ 34.586649] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.586747] kthread+0x328/0x630 [ 34.587230] ret_from_fork+0x10/0x20 [ 34.587334] [ 34.587451] The buggy address belongs to the object at fff00000c7741300 [ 34.587451] which belongs to the cache kmalloc-128 of size 128 [ 34.587599] The buggy address is located 0 bytes to the right of [ 34.587599] allocated 120-byte region [fff00000c7741300, fff00000c7741378) [ 34.587776] [ 34.587836] The buggy address belongs to the physical page: [ 34.588279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.588651] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.589092] page_type: f5(slab) [ 34.589238] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.589538] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.589764] page dumped because: kasan: bad access detected [ 34.589944] [ 34.590073] Memory state around the buggy address: [ 34.590265] fff00000c7741200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.590459] fff00000c7741280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.590555] >fff00000c7741300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.590930] ^ [ 34.591162] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.591319] fff00000c7741400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.591431] ==================================================================
[ 30.295779] ================================================================== [ 30.296900] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 30.297481] Write of size 8 at addr ffff888103782e78 by task kunit_try_catch/310 [ 30.298496] [ 30.298792] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.298924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.299003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.299072] Call Trace: [ 30.299126] <TASK> [ 30.299172] dump_stack_lvl+0x73/0xb0 [ 30.299228] print_report+0xd1/0x650 [ 30.299258] ? __virt_addr_valid+0x1db/0x2d0 [ 30.299286] ? copy_to_kernel_nofault+0x99/0x260 [ 30.299332] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.299422] ? copy_to_kernel_nofault+0x99/0x260 [ 30.299464] kasan_report+0x141/0x180 [ 30.299505] ? copy_to_kernel_nofault+0x99/0x260 [ 30.299535] kasan_check_range+0x10c/0x1c0 [ 30.299560] __kasan_check_write+0x18/0x20 [ 30.299586] copy_to_kernel_nofault+0x99/0x260 [ 30.299613] copy_to_kernel_nofault_oob+0x288/0x560 [ 30.299638] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.299664] ? finish_task_switch.isra.0+0x153/0x700 [ 30.299690] ? __schedule+0x10cc/0x2b60 [ 30.299715] ? trace_hardirqs_on+0x37/0xe0 [ 30.299748] ? __pfx_read_tsc+0x10/0x10 [ 30.299771] ? ktime_get_ts64+0x86/0x230 [ 30.299799] kunit_try_run_case+0x1a5/0x480 [ 30.299827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.299851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.299877] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.299917] ? __kthread_parkme+0x82/0x180 [ 30.299953] ? preempt_count_sub+0x50/0x80 [ 30.299996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.300040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.300081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.300140] kthread+0x337/0x6f0 [ 30.300175] ? trace_preempt_on+0x20/0xc0 [ 30.300212] ? __pfx_kthread+0x10/0x10 [ 30.300246] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.300283] ? calculate_sigpending+0x7b/0xa0 [ 30.300323] ? __pfx_kthread+0x10/0x10 [ 30.300360] ret_from_fork+0x116/0x1d0 [ 30.300396] ? __pfx_kthread+0x10/0x10 [ 30.300434] ret_from_fork_asm+0x1a/0x30 [ 30.300482] </TASK> [ 30.300497] [ 30.317771] Allocated by task 310: [ 30.318587] kasan_save_stack+0x45/0x70 [ 30.318923] kasan_save_track+0x18/0x40 [ 30.319370] kasan_save_alloc_info+0x3b/0x50 [ 30.319810] __kasan_kmalloc+0xb7/0xc0 [ 30.320408] __kmalloc_cache_noprof+0x189/0x420 [ 30.320836] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.321053] kunit_try_run_case+0x1a5/0x480 [ 30.321711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.322413] kthread+0x337/0x6f0 [ 30.322812] ret_from_fork+0x116/0x1d0 [ 30.323275] ret_from_fork_asm+0x1a/0x30 [ 30.323613] [ 30.323721] The buggy address belongs to the object at ffff888103782e00 [ 30.323721] which belongs to the cache kmalloc-128 of size 128 [ 30.325086] The buggy address is located 0 bytes to the right of [ 30.325086] allocated 120-byte region [ffff888103782e00, ffff888103782e78) [ 30.326375] [ 30.326515] The buggy address belongs to the physical page: [ 30.327071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.328306] flags: 0x200000000000000(node=0|zone=2) [ 30.328598] page_type: f5(slab) [ 30.328846] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.330226] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.330599] page dumped because: kasan: bad access detected [ 30.331327] [ 30.331695] Memory state around the buggy address: [ 30.332080] ffff888103782d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.332702] ffff888103782d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.333476] >ffff888103782e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.334230] ^ [ 30.334490] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.334733] ffff888103782f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.334879] ================================================================== [ 30.258737] ================================================================== [ 30.259899] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 30.260551] Read of size 8 at addr ffff888103782e78 by task kunit_try_catch/310 [ 30.260870] [ 30.261343] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.261462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.261488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.261532] Call Trace: [ 30.261562] <TASK> [ 30.261604] dump_stack_lvl+0x73/0xb0 [ 30.261685] print_report+0xd1/0x650 [ 30.261743] ? __virt_addr_valid+0x1db/0x2d0 [ 30.261799] ? copy_to_kernel_nofault+0x225/0x260 [ 30.261841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.261896] ? copy_to_kernel_nofault+0x225/0x260 [ 30.261942] kasan_report+0x141/0x180 [ 30.261993] ? copy_to_kernel_nofault+0x225/0x260 [ 30.262366] __asan_report_load8_noabort+0x18/0x20 [ 30.262415] copy_to_kernel_nofault+0x225/0x260 [ 30.262443] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 30.262468] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.262492] ? finish_task_switch.isra.0+0x153/0x700 [ 30.262520] ? __schedule+0x10cc/0x2b60 [ 30.262546] ? trace_hardirqs_on+0x37/0xe0 [ 30.262579] ? __pfx_read_tsc+0x10/0x10 [ 30.262603] ? ktime_get_ts64+0x86/0x230 [ 30.262630] kunit_try_run_case+0x1a5/0x480 [ 30.262659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.262682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.262706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.262730] ? __kthread_parkme+0x82/0x180 [ 30.262753] ? preempt_count_sub+0x50/0x80 [ 30.262777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.262801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.262826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.262850] kthread+0x337/0x6f0 [ 30.262871] ? trace_preempt_on+0x20/0xc0 [ 30.262894] ? __pfx_kthread+0x10/0x10 [ 30.262926] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.263221] ? calculate_sigpending+0x7b/0xa0 [ 30.263275] ? __pfx_kthread+0x10/0x10 [ 30.263318] ret_from_fork+0x116/0x1d0 [ 30.263355] ? __pfx_kthread+0x10/0x10 [ 30.263388] ret_from_fork_asm+0x1a/0x30 [ 30.263445] </TASK> [ 30.263497] [ 30.280128] Allocated by task 310: [ 30.280506] kasan_save_stack+0x45/0x70 [ 30.280976] kasan_save_track+0x18/0x40 [ 30.281165] kasan_save_alloc_info+0x3b/0x50 [ 30.281564] __kasan_kmalloc+0xb7/0xc0 [ 30.281816] __kmalloc_cache_noprof+0x189/0x420 [ 30.282061] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.282477] kunit_try_run_case+0x1a5/0x480 [ 30.282850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.283235] kthread+0x337/0x6f0 [ 30.283372] ret_from_fork+0x116/0x1d0 [ 30.283727] ret_from_fork_asm+0x1a/0x30 [ 30.284142] [ 30.284308] The buggy address belongs to the object at ffff888103782e00 [ 30.284308] which belongs to the cache kmalloc-128 of size 128 [ 30.284850] The buggy address is located 0 bytes to the right of [ 30.284850] allocated 120-byte region [ffff888103782e00, ffff888103782e78) [ 30.285564] [ 30.285740] The buggy address belongs to the physical page: [ 30.286385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.286936] flags: 0x200000000000000(node=0|zone=2) [ 30.287521] page_type: f5(slab) [ 30.287927] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.288462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.288747] page dumped because: kasan: bad access detected [ 30.289076] [ 30.289258] Memory state around the buggy address: [ 30.289700] ffff888103782d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.290208] ffff888103782d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.290957] >ffff888103782e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.291480] ^ [ 30.292242] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.292886] ffff888103782f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.293602] ==================================================================