Date
July 1, 2025, 12:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.634510] ================================================================== [ 20.634895] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 20.635107] Read of size 8 at addr fff00000c79f0978 by task kunit_try_catch/281 [ 20.635169] [ 20.635236] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.635632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.635862] Hardware name: linux,dummy-virt (DT) [ 20.635991] Call trace: [ 20.636127] show_stack+0x20/0x38 (C) [ 20.636349] dump_stack_lvl+0x8c/0xd0 [ 20.636507] print_report+0x118/0x608 [ 20.636563] kasan_report+0xdc/0x128 [ 20.636977] __asan_report_load8_noabort+0x20/0x30 [ 20.637057] copy_to_kernel_nofault+0x204/0x250 [ 20.637458] copy_to_kernel_nofault_oob+0x158/0x418 [ 20.637549] kunit_try_run_case+0x170/0x3f0 [ 20.637618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.637685] kthread+0x328/0x630 [ 20.637812] ret_from_fork+0x10/0x20 [ 20.637866] [ 20.637888] Allocated by task 281: [ 20.637930] kasan_save_stack+0x3c/0x68 [ 20.637977] kasan_save_track+0x20/0x40 [ 20.638026] kasan_save_alloc_info+0x40/0x58 [ 20.638078] __kasan_kmalloc+0xd4/0xd8 [ 20.638122] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.638165] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.638206] kunit_try_run_case+0x170/0x3f0 [ 20.638248] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.638304] kthread+0x328/0x630 [ 20.638337] ret_from_fork+0x10/0x20 [ 20.638385] [ 20.638424] The buggy address belongs to the object at fff00000c79f0900 [ 20.638424] which belongs to the cache kmalloc-128 of size 128 [ 20.638506] The buggy address is located 0 bytes to the right of [ 20.638506] allocated 120-byte region [fff00000c79f0900, fff00000c79f0978) [ 20.638606] [ 20.638638] The buggy address belongs to the physical page: [ 20.638700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.638773] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.638826] page_type: f5(slab) [ 20.638875] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.638937] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.639300] page dumped because: kasan: bad access detected [ 20.639826] [ 20.640148] Memory state around the buggy address: [ 20.640559] fff00000c79f0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.640804] fff00000c79f0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.641002] >fff00000c79f0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.641326] ^ [ 20.641920] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.642323] fff00000c79f0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.642469] ================================================================== [ 20.646454] ================================================================== [ 20.646992] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 20.647083] Write of size 8 at addr fff00000c79f0978 by task kunit_try_catch/281 [ 20.647386] [ 20.647442] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.647866] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.647942] Hardware name: linux,dummy-virt (DT) [ 20.648025] Call trace: [ 20.648081] show_stack+0x20/0x38 (C) [ 20.648181] dump_stack_lvl+0x8c/0xd0 [ 20.648579] print_report+0x118/0x608 [ 20.648727] kasan_report+0xdc/0x128 [ 20.648882] kasan_check_range+0x100/0x1a8 [ 20.649140] __kasan_check_write+0x20/0x30 [ 20.649408] copy_to_kernel_nofault+0x8c/0x250 [ 20.649528] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 20.649703] kunit_try_run_case+0x170/0x3f0 [ 20.650186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.650380] kthread+0x328/0x630 [ 20.650637] ret_from_fork+0x10/0x20 [ 20.651250] [ 20.651362] Allocated by task 281: [ 20.651495] kasan_save_stack+0x3c/0x68 [ 20.651544] kasan_save_track+0x20/0x40 [ 20.651916] kasan_save_alloc_info+0x40/0x58 [ 20.652006] __kasan_kmalloc+0xd4/0xd8 [ 20.652160] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.652333] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.652478] kunit_try_run_case+0x170/0x3f0 [ 20.652610] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.652805] kthread+0x328/0x630 [ 20.652904] ret_from_fork+0x10/0x20 [ 20.653093] [ 20.653322] The buggy address belongs to the object at fff00000c79f0900 [ 20.653322] which belongs to the cache kmalloc-128 of size 128 [ 20.653422] The buggy address is located 0 bytes to the right of [ 20.653422] allocated 120-byte region [fff00000c79f0900, fff00000c79f0978) [ 20.653639] [ 20.653861] The buggy address belongs to the physical page: [ 20.654136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.654318] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.654466] page_type: f5(slab) [ 20.654583] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.654785] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.654871] page dumped because: kasan: bad access detected [ 20.655153] [ 20.655369] Memory state around the buggy address: [ 20.655461] fff00000c79f0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.655566] fff00000c79f0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.655663] >fff00000c79f0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.655905] ^ [ 20.656134] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.656257] fff00000c79f0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.656405] ==================================================================
[ 15.257922] ================================================================== [ 15.258267] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.259021] Write of size 8 at addr ffff8881030fbd78 by task kunit_try_catch/298 [ 15.259462] [ 15.259678] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.259728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.259742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.259858] Call Trace: [ 15.259877] <TASK> [ 15.259896] dump_stack_lvl+0x73/0xb0 [ 15.259927] print_report+0xd1/0x650 [ 15.259950] ? __virt_addr_valid+0x1db/0x2d0 [ 15.259974] ? copy_to_kernel_nofault+0x99/0x260 [ 15.259998] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.260021] ? copy_to_kernel_nofault+0x99/0x260 [ 15.260087] kasan_report+0x141/0x180 [ 15.260110] ? copy_to_kernel_nofault+0x99/0x260 [ 15.260138] kasan_check_range+0x10c/0x1c0 [ 15.260174] __kasan_check_write+0x18/0x20 [ 15.260194] copy_to_kernel_nofault+0x99/0x260 [ 15.260219] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.260243] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.260267] ? finish_task_switch.isra.0+0x153/0x700 [ 15.260290] ? __schedule+0x10cc/0x2b60 [ 15.260312] ? trace_hardirqs_on+0x37/0xe0 [ 15.260343] ? __pfx_read_tsc+0x10/0x10 [ 15.260365] ? ktime_get_ts64+0x86/0x230 [ 15.260388] kunit_try_run_case+0x1a5/0x480 [ 15.260413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.260436] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.260460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.260485] ? __kthread_parkme+0x82/0x180 [ 15.260506] ? preempt_count_sub+0x50/0x80 [ 15.260530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.260554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.260578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.260603] kthread+0x337/0x6f0 [ 15.260622] ? trace_preempt_on+0x20/0xc0 [ 15.260645] ? __pfx_kthread+0x10/0x10 [ 15.260665] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.260687] ? calculate_sigpending+0x7b/0xa0 [ 15.260713] ? __pfx_kthread+0x10/0x10 [ 15.260735] ret_from_fork+0x116/0x1d0 [ 15.260754] ? __pfx_kthread+0x10/0x10 [ 15.260775] ret_from_fork_asm+0x1a/0x30 [ 15.260805] </TASK> [ 15.260818] [ 15.275113] Allocated by task 298: [ 15.275329] kasan_save_stack+0x45/0x70 [ 15.275478] kasan_save_track+0x18/0x40 [ 15.276192] kasan_save_alloc_info+0x3b/0x50 [ 15.276495] __kasan_kmalloc+0xb7/0xc0 [ 15.276777] __kmalloc_cache_noprof+0x189/0x420 [ 15.276951] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.277589] kunit_try_run_case+0x1a5/0x480 [ 15.277791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.278002] kthread+0x337/0x6f0 [ 15.278230] ret_from_fork+0x116/0x1d0 [ 15.278591] ret_from_fork_asm+0x1a/0x30 [ 15.278790] [ 15.278883] The buggy address belongs to the object at ffff8881030fbd00 [ 15.278883] which belongs to the cache kmalloc-128 of size 128 [ 15.279680] The buggy address is located 0 bytes to the right of [ 15.279680] allocated 120-byte region [ffff8881030fbd00, ffff8881030fbd78) [ 15.280365] [ 15.280473] The buggy address belongs to the physical page: [ 15.280831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030fb [ 15.281448] flags: 0x200000000000000(node=0|zone=2) [ 15.281783] page_type: f5(slab) [ 15.282010] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.282445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.282833] page dumped because: kasan: bad access detected [ 15.283086] [ 15.283278] Memory state around the buggy address: [ 15.283594] ffff8881030fbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.283968] ffff8881030fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.284437] >ffff8881030fbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.284825] ^ [ 15.285157] ffff8881030fbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.285664] ffff8881030fbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.285942] ================================================================== [ 15.223298] ================================================================== [ 15.224752] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.225457] Read of size 8 at addr ffff8881030fbd78 by task kunit_try_catch/298 [ 15.225685] [ 15.225780] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.225828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.225842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.225867] Call Trace: [ 15.225882] <TASK> [ 15.225899] dump_stack_lvl+0x73/0xb0 [ 15.225931] print_report+0xd1/0x650 [ 15.225957] ? __virt_addr_valid+0x1db/0x2d0 [ 15.225981] ? copy_to_kernel_nofault+0x225/0x260 [ 15.226005] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.226041] ? copy_to_kernel_nofault+0x225/0x260 [ 15.226066] kasan_report+0x141/0x180 [ 15.226088] ? copy_to_kernel_nofault+0x225/0x260 [ 15.226116] __asan_report_load8_noabort+0x18/0x20 [ 15.226141] copy_to_kernel_nofault+0x225/0x260 [ 15.226166] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.226190] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.226216] ? finish_task_switch.isra.0+0x153/0x700 [ 15.226240] ? __schedule+0x10cc/0x2b60 [ 15.226262] ? trace_hardirqs_on+0x37/0xe0 [ 15.226293] ? __pfx_read_tsc+0x10/0x10 [ 15.226316] ? ktime_get_ts64+0x86/0x230 [ 15.226342] kunit_try_run_case+0x1a5/0x480 [ 15.226368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.226390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.226415] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.226438] ? __kthread_parkme+0x82/0x180 [ 15.226459] ? preempt_count_sub+0x50/0x80 [ 15.226483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.226508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.226532] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.226556] kthread+0x337/0x6f0 [ 15.226576] ? trace_preempt_on+0x20/0xc0 [ 15.226598] ? __pfx_kthread+0x10/0x10 [ 15.226619] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.226641] ? calculate_sigpending+0x7b/0xa0 [ 15.226666] ? __pfx_kthread+0x10/0x10 [ 15.226688] ret_from_fork+0x116/0x1d0 [ 15.226706] ? __pfx_kthread+0x10/0x10 [ 15.226727] ret_from_fork_asm+0x1a/0x30 [ 15.226758] </TASK> [ 15.226771] [ 15.246384] Allocated by task 298: [ 15.246828] kasan_save_stack+0x45/0x70 [ 15.246982] kasan_save_track+0x18/0x40 [ 15.247535] kasan_save_alloc_info+0x3b/0x50 [ 15.248205] __kasan_kmalloc+0xb7/0xc0 [ 15.248433] __kmalloc_cache_noprof+0x189/0x420 [ 15.248589] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.248747] kunit_try_run_case+0x1a5/0x480 [ 15.248888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.249085] kthread+0x337/0x6f0 [ 15.249260] ret_from_fork+0x116/0x1d0 [ 15.249452] ret_from_fork_asm+0x1a/0x30 [ 15.249667] [ 15.249783] The buggy address belongs to the object at ffff8881030fbd00 [ 15.249783] which belongs to the cache kmalloc-128 of size 128 [ 15.250484] The buggy address is located 0 bytes to the right of [ 15.250484] allocated 120-byte region [ffff8881030fbd00, ffff8881030fbd78) [ 15.251581] [ 15.251774] The buggy address belongs to the physical page: [ 15.252276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030fb [ 15.252705] flags: 0x200000000000000(node=0|zone=2) [ 15.252930] page_type: f5(slab) [ 15.253094] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.253585] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.253967] page dumped because: kasan: bad access detected [ 15.254284] [ 15.254393] Memory state around the buggy address: [ 15.254779] ffff8881030fbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.255086] ffff8881030fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.255542] >ffff8881030fbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.255944] ^ [ 15.256304] ffff8881030fbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.256737] ffff8881030fbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.257172] ==================================================================