Date
June 20, 2025, 12:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.405894] ================================================================== [ 36.406034] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 36.406172] Write of size 8 at addr fff00000c6515778 by task kunit_try_catch/292 [ 36.406297] [ 36.406699] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.407025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.407150] Hardware name: linux,dummy-virt (DT) [ 36.407242] Call trace: [ 36.407335] show_stack+0x20/0x38 (C) [ 36.407534] dump_stack_lvl+0x8c/0xd0 [ 36.407678] print_report+0x118/0x608 [ 36.407802] kasan_report+0xdc/0x128 [ 36.407918] kasan_check_range+0x100/0x1a8 [ 36.408037] __kasan_check_write+0x20/0x30 [ 36.408162] copy_to_kernel_nofault+0x8c/0x250 [ 36.408290] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 36.408545] kunit_try_run_case+0x170/0x3f0 [ 36.408947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.409018] kthread+0x328/0x630 [ 36.409125] ret_from_fork+0x10/0x20 [ 36.409195] [ 36.409221] Allocated by task 292: [ 36.409261] kasan_save_stack+0x3c/0x68 [ 36.409315] kasan_save_track+0x20/0x40 [ 36.409361] kasan_save_alloc_info+0x40/0x58 [ 36.409408] __kasan_kmalloc+0xd4/0xd8 [ 36.409452] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.409498] copy_to_kernel_nofault_oob+0xc8/0x418 [ 36.409546] kunit_try_run_case+0x170/0x3f0 [ 36.409591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.409697] kthread+0x328/0x630 [ 36.409792] ret_from_fork+0x10/0x20 [ 36.409884] [ 36.409928] The buggy address belongs to the object at fff00000c6515700 [ 36.409928] which belongs to the cache kmalloc-128 of size 128 [ 36.410047] The buggy address is located 0 bytes to the right of [ 36.410047] allocated 120-byte region [fff00000c6515700, fff00000c6515778) [ 36.410183] [ 36.410235] The buggy address belongs to the physical page: [ 36.410316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.410469] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.410623] page_type: f5(slab) [ 36.410745] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.410890] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.411009] page dumped because: kasan: bad access detected [ 36.411120] [ 36.411177] Memory state around the buggy address: [ 36.411288] fff00000c6515600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.411431] fff00000c6515680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.411562] >fff00000c6515700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.411671] ^ [ 36.411775] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.411892] fff00000c6515800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.412005] ================================================================== [ 36.395750] ================================================================== [ 36.396004] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 36.396238] Read of size 8 at addr fff00000c6515778 by task kunit_try_catch/292 [ 36.396622] [ 36.396769] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.397255] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.397350] Hardware name: linux,dummy-virt (DT) [ 36.397429] Call trace: [ 36.397487] show_stack+0x20/0x38 (C) [ 36.397619] dump_stack_lvl+0x8c/0xd0 [ 36.397732] print_report+0x118/0x608 [ 36.397893] kasan_report+0xdc/0x128 [ 36.398026] __asan_report_load8_noabort+0x20/0x30 [ 36.398181] copy_to_kernel_nofault+0x204/0x250 [ 36.398346] copy_to_kernel_nofault_oob+0x158/0x418 [ 36.398493] kunit_try_run_case+0x170/0x3f0 [ 36.398655] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.398796] kthread+0x328/0x630 [ 36.398908] ret_from_fork+0x10/0x20 [ 36.399029] [ 36.399090] Allocated by task 292: [ 36.399166] kasan_save_stack+0x3c/0x68 [ 36.399287] kasan_save_track+0x20/0x40 [ 36.399378] kasan_save_alloc_info+0x40/0x58 [ 36.399577] __kasan_kmalloc+0xd4/0xd8 [ 36.399775] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.400117] copy_to_kernel_nofault_oob+0xc8/0x418 [ 36.400260] kunit_try_run_case+0x170/0x3f0 [ 36.400368] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.400504] kthread+0x328/0x630 [ 36.400627] ret_from_fork+0x10/0x20 [ 36.400750] [ 36.400908] The buggy address belongs to the object at fff00000c6515700 [ 36.400908] which belongs to the cache kmalloc-128 of size 128 [ 36.401053] The buggy address is located 0 bytes to the right of [ 36.401053] allocated 120-byte region [fff00000c6515700, fff00000c6515778) [ 36.401418] [ 36.401521] The buggy address belongs to the physical page: [ 36.401630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.401783] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.401923] page_type: f5(slab) [ 36.402032] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.402171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.402288] page dumped because: kasan: bad access detected [ 36.402373] [ 36.402427] Memory state around the buggy address: [ 36.402533] fff00000c6515600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.402657] fff00000c6515680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.402996] >fff00000c6515700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.403221] ^ [ 36.403366] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.403497] fff00000c6515800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.403791] ==================================================================
[ 30.550202] ================================================================== [ 30.550799] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 30.551401] Write of size 8 at addr ffff888102b17878 by task kunit_try_catch/310 [ 30.551986] [ 30.552226] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.552359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.552401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.552462] Call Trace: [ 30.552509] <TASK> [ 30.552556] dump_stack_lvl+0x73/0xb0 [ 30.552633] print_report+0xd1/0x650 [ 30.552692] ? __virt_addr_valid+0x1db/0x2d0 [ 30.552747] ? copy_to_kernel_nofault+0x99/0x260 [ 30.552803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.552849] ? copy_to_kernel_nofault+0x99/0x260 [ 30.552895] kasan_report+0x141/0x180 [ 30.552944] ? copy_to_kernel_nofault+0x99/0x260 [ 30.553026] kasan_check_range+0x10c/0x1c0 [ 30.553079] __kasan_check_write+0x18/0x20 [ 30.553146] copy_to_kernel_nofault+0x99/0x260 [ 30.553201] copy_to_kernel_nofault_oob+0x288/0x560 [ 30.553246] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.553285] ? finish_task_switch.isra.0+0x153/0x700 [ 30.553324] ? __schedule+0x10cc/0x2b60 [ 30.553363] ? trace_hardirqs_on+0x37/0xe0 [ 30.553419] ? __pfx_read_tsc+0x10/0x10 [ 30.553478] ? ktime_get_ts64+0x86/0x230 [ 30.553532] ? irqentry_exit+0x2a/0x60 [ 30.553589] kunit_try_run_case+0x1a5/0x480 [ 30.553644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.553684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.553725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.553762] ? __kthread_parkme+0x82/0x180 [ 30.553800] ? preempt_count_sub+0x50/0x80 [ 30.553839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.553876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.553915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.553952] kthread+0x337/0x6f0 [ 30.553983] ? trace_preempt_on+0x20/0xc0 [ 30.554017] ? __pfx_kthread+0x10/0x10 [ 30.554062] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.554100] ? calculate_sigpending+0x7b/0xa0 [ 30.554139] ? __pfx_kthread+0x10/0x10 [ 30.554180] ret_from_fork+0x116/0x1d0 [ 30.554208] ? __pfx_kthread+0x10/0x10 [ 30.554230] ret_from_fork_asm+0x1a/0x30 [ 30.554265] </TASK> [ 30.554279] [ 30.568319] Allocated by task 310: [ 30.568661] kasan_save_stack+0x45/0x70 [ 30.569787] kasan_save_track+0x18/0x40 [ 30.570038] kasan_save_alloc_info+0x3b/0x50 [ 30.570671] __kasan_kmalloc+0xb7/0xc0 [ 30.570995] __kmalloc_cache_noprof+0x189/0x420 [ 30.571452] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.572107] kunit_try_run_case+0x1a5/0x480 [ 30.572539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.573095] kthread+0x337/0x6f0 [ 30.573378] ret_from_fork+0x116/0x1d0 [ 30.573795] ret_from_fork_asm+0x1a/0x30 [ 30.574382] [ 30.574533] The buggy address belongs to the object at ffff888102b17800 [ 30.574533] which belongs to the cache kmalloc-128 of size 128 [ 30.575939] The buggy address is located 0 bytes to the right of [ 30.575939] allocated 120-byte region [ffff888102b17800, ffff888102b17878) [ 30.576404] [ 30.576617] The buggy address belongs to the physical page: [ 30.577253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 30.578187] flags: 0x200000000000000(node=0|zone=2) [ 30.578716] page_type: f5(slab) [ 30.579148] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.579526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.579804] page dumped because: kasan: bad access detected [ 30.580017] [ 30.580164] Memory state around the buggy address: [ 30.580550] ffff888102b17700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.581085] ffff888102b17780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.582598] >ffff888102b17800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.583056] ^ [ 30.583570] ffff888102b17880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.584300] ffff888102b17900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.584846] ================================================================== [ 30.517295] ================================================================== [ 30.518626] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 30.519087] Read of size 8 at addr ffff888102b17878 by task kunit_try_catch/310 [ 30.519544] [ 30.519711] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.519795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.519813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.519842] Call Trace: [ 30.519862] <TASK> [ 30.519893] dump_stack_lvl+0x73/0xb0 [ 30.519958] print_report+0xd1/0x650 [ 30.520015] ? __virt_addr_valid+0x1db/0x2d0 [ 30.520071] ? copy_to_kernel_nofault+0x225/0x260 [ 30.520126] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.520178] ? copy_to_kernel_nofault+0x225/0x260 [ 30.520224] kasan_report+0x141/0x180 [ 30.520251] ? copy_to_kernel_nofault+0x225/0x260 [ 30.520281] __asan_report_load8_noabort+0x18/0x20 [ 30.520308] copy_to_kernel_nofault+0x225/0x260 [ 30.520336] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 30.520362] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.520388] ? finish_task_switch.isra.0+0x153/0x700 [ 30.520416] ? __schedule+0x10cc/0x2b60 [ 30.520476] ? trace_hardirqs_on+0x37/0xe0 [ 30.520546] ? __pfx_read_tsc+0x10/0x10 [ 30.520587] ? ktime_get_ts64+0x86/0x230 [ 30.520656] ? irqentry_exit+0x2a/0x60 [ 30.520707] kunit_try_run_case+0x1a5/0x480 [ 30.520762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.520811] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.520863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.520917] ? __kthread_parkme+0x82/0x180 [ 30.520970] ? preempt_count_sub+0x50/0x80 [ 30.521026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.521084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.521141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.521195] kthread+0x337/0x6f0 [ 30.521244] ? trace_preempt_on+0x20/0xc0 [ 30.521300] ? __pfx_kthread+0x10/0x10 [ 30.521345] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.521385] ? calculate_sigpending+0x7b/0xa0 [ 30.521430] ? __pfx_kthread+0x10/0x10 [ 30.521486] ret_from_fork+0x116/0x1d0 [ 30.521517] ? __pfx_kthread+0x10/0x10 [ 30.521541] ret_from_fork_asm+0x1a/0x30 [ 30.521604] </TASK> [ 30.521633] [ 30.534232] Allocated by task 310: [ 30.534491] kasan_save_stack+0x45/0x70 [ 30.535105] kasan_save_track+0x18/0x40 [ 30.535485] kasan_save_alloc_info+0x3b/0x50 [ 30.535864] __kasan_kmalloc+0xb7/0xc0 [ 30.536231] __kmalloc_cache_noprof+0x189/0x420 [ 30.536790] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.537145] kunit_try_run_case+0x1a5/0x480 [ 30.537389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.537855] kthread+0x337/0x6f0 [ 30.538172] ret_from_fork+0x116/0x1d0 [ 30.538508] ret_from_fork_asm+0x1a/0x30 [ 30.538850] [ 30.539151] The buggy address belongs to the object at ffff888102b17800 [ 30.539151] which belongs to the cache kmalloc-128 of size 128 [ 30.539980] The buggy address is located 0 bytes to the right of [ 30.539980] allocated 120-byte region [ffff888102b17800, ffff888102b17878) [ 30.540656] [ 30.540910] The buggy address belongs to the physical page: [ 30.541382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 30.541714] flags: 0x200000000000000(node=0|zone=2) [ 30.541939] page_type: f5(slab) [ 30.542123] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.542687] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.543470] page dumped because: kasan: bad access detected [ 30.544272] [ 30.544494] Memory state around the buggy address: [ 30.544947] ffff888102b17700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.545368] ffff888102b17780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.546065] >ffff888102b17800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.546603] ^ [ 30.547115] ffff888102b17880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547388] ffff888102b17900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547661] ==================================================================