Date
July 1, 2025, 3:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.046321] ================================================================== [ 20.046391] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 20.046577] Write of size 8 at addr fff00000c57ee678 by task kunit_try_catch/282 [ 20.046663] [ 20.046730] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.046848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.046898] Hardware name: linux,dummy-virt (DT) [ 20.046933] Call trace: [ 20.046957] show_stack+0x20/0x38 (C) [ 20.047009] dump_stack_lvl+0x8c/0xd0 [ 20.047061] print_report+0x118/0x608 [ 20.047299] kasan_report+0xdc/0x128 [ 20.047584] kasan_check_range+0x100/0x1a8 [ 20.047656] __kasan_check_write+0x20/0x30 [ 20.047723] copy_to_kernel_nofault+0x8c/0x250 [ 20.047775] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 20.047825] kunit_try_run_case+0x170/0x3f0 [ 20.047875] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.047931] kthread+0x328/0x630 [ 20.047998] ret_from_fork+0x10/0x20 [ 20.048048] [ 20.048070] Allocated by task 282: [ 20.048099] kasan_save_stack+0x3c/0x68 [ 20.048144] kasan_save_track+0x20/0x40 [ 20.048183] kasan_save_alloc_info+0x40/0x58 [ 20.048224] __kasan_kmalloc+0xd4/0xd8 [ 20.048262] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.048302] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.048343] kunit_try_run_case+0x170/0x3f0 [ 20.048384] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.048429] kthread+0x328/0x630 [ 20.048461] ret_from_fork+0x10/0x20 [ 20.048497] [ 20.048518] The buggy address belongs to the object at fff00000c57ee600 [ 20.048518] which belongs to the cache kmalloc-128 of size 128 [ 20.048599] The buggy address is located 0 bytes to the right of [ 20.048599] allocated 120-byte region [fff00000c57ee600, fff00000c57ee678) [ 20.048668] [ 20.048689] The buggy address belongs to the physical page: [ 20.048722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.048777] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.048827] page_type: f5(slab) [ 20.048867] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.048920] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.048965] page dumped because: kasan: bad access detected [ 20.048997] [ 20.049016] Memory state around the buggy address: [ 20.049050] fff00000c57ee500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.049097] fff00000c57ee580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.049143] >fff00000c57ee600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.049535] ^ [ 20.049610] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.049698] fff00000c57ee700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.049741] ================================================================== [ 20.039205] ================================================================== [ 20.039276] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 20.039414] Read of size 8 at addr fff00000c57ee678 by task kunit_try_catch/282 [ 20.039473] [ 20.039530] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.039827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.039874] Hardware name: linux,dummy-virt (DT) [ 20.039910] Call trace: [ 20.039936] show_stack+0x20/0x38 (C) [ 20.040021] dump_stack_lvl+0x8c/0xd0 [ 20.040074] print_report+0x118/0x608 [ 20.040292] kasan_report+0xdc/0x128 [ 20.040352] __asan_report_load8_noabort+0x20/0x30 [ 20.040480] copy_to_kernel_nofault+0x204/0x250 [ 20.040554] copy_to_kernel_nofault_oob+0x158/0x418 [ 20.040851] kunit_try_run_case+0x170/0x3f0 [ 20.041001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.041070] kthread+0x328/0x630 [ 20.041114] ret_from_fork+0x10/0x20 [ 20.041166] [ 20.041271] Allocated by task 282: [ 20.041355] kasan_save_stack+0x3c/0x68 [ 20.041578] kasan_save_track+0x20/0x40 [ 20.041763] kasan_save_alloc_info+0x40/0x58 [ 20.041827] __kasan_kmalloc+0xd4/0xd8 [ 20.041929] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.041993] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.042033] kunit_try_run_case+0x170/0x3f0 [ 20.042208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.042268] kthread+0x328/0x630 [ 20.042345] ret_from_fork+0x10/0x20 [ 20.042430] [ 20.042499] The buggy address belongs to the object at fff00000c57ee600 [ 20.042499] which belongs to the cache kmalloc-128 of size 128 [ 20.042716] The buggy address is located 0 bytes to the right of [ 20.042716] allocated 120-byte region [fff00000c57ee600, fff00000c57ee678) [ 20.042893] [ 20.042928] The buggy address belongs to the physical page: [ 20.042974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.043097] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.043170] page_type: f5(slab) [ 20.043339] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.043420] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.043465] page dumped because: kasan: bad access detected [ 20.043601] [ 20.043640] Memory state around the buggy address: [ 20.043741] fff00000c57ee500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.043811] fff00000c57ee580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.043858] >fff00000c57ee600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.044099] ^ [ 20.044181] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.044301] fff00000c57ee700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.044378] ==================================================================
[ 15.424238] ================================================================== [ 15.424568] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.424955] Write of size 8 at addr ffff8881027e1778 by task kunit_try_catch/298 [ 15.425303] [ 15.425454] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.425531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.425544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.425568] Call Trace: [ 15.425584] <TASK> [ 15.425606] dump_stack_lvl+0x73/0xb0 [ 15.425636] print_report+0xd1/0x650 [ 15.425673] ? __virt_addr_valid+0x1db/0x2d0 [ 15.425698] ? copy_to_kernel_nofault+0x99/0x260 [ 15.425722] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.425745] ? copy_to_kernel_nofault+0x99/0x260 [ 15.425798] kasan_report+0x141/0x180 [ 15.425821] ? copy_to_kernel_nofault+0x99/0x260 [ 15.425849] kasan_check_range+0x10c/0x1c0 [ 15.425884] __kasan_check_write+0x18/0x20 [ 15.425904] copy_to_kernel_nofault+0x99/0x260 [ 15.425956] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.425981] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.426016] ? finish_task_switch.isra.0+0x153/0x700 [ 15.426049] ? __schedule+0x10cc/0x2b60 [ 15.426072] ? trace_hardirqs_on+0x37/0xe0 [ 15.426104] ? __pfx_read_tsc+0x10/0x10 [ 15.426126] ? ktime_get_ts64+0x86/0x230 [ 15.426151] kunit_try_run_case+0x1a5/0x480 [ 15.426176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.426199] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.426223] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.426246] ? __kthread_parkme+0x82/0x180 [ 15.426267] ? preempt_count_sub+0x50/0x80 [ 15.426290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.426314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.426338] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.426361] kthread+0x337/0x6f0 [ 15.426380] ? trace_preempt_on+0x20/0xc0 [ 15.426403] ? __pfx_kthread+0x10/0x10 [ 15.426424] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.426444] ? calculate_sigpending+0x7b/0xa0 [ 15.426469] ? __pfx_kthread+0x10/0x10 [ 15.426490] ret_from_fork+0x116/0x1d0 [ 15.426509] ? __pfx_kthread+0x10/0x10 [ 15.426530] ret_from_fork_asm+0x1a/0x30 [ 15.426562] </TASK> [ 15.426575] [ 15.434735] Allocated by task 298: [ 15.434931] kasan_save_stack+0x45/0x70 [ 15.435139] kasan_save_track+0x18/0x40 [ 15.435331] kasan_save_alloc_info+0x3b/0x50 [ 15.435567] __kasan_kmalloc+0xb7/0xc0 [ 15.435793] __kmalloc_cache_noprof+0x189/0x420 [ 15.436043] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.436328] kunit_try_run_case+0x1a5/0x480 [ 15.436538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.436862] kthread+0x337/0x6f0 [ 15.437084] ret_from_fork+0x116/0x1d0 [ 15.437305] ret_from_fork_asm+0x1a/0x30 [ 15.437537] [ 15.437664] The buggy address belongs to the object at ffff8881027e1700 [ 15.437664] which belongs to the cache kmalloc-128 of size 128 [ 15.438160] The buggy address is located 0 bytes to the right of [ 15.438160] allocated 120-byte region [ffff8881027e1700, ffff8881027e1778) [ 15.438716] [ 15.438792] The buggy address belongs to the physical page: [ 15.438963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e1 [ 15.439382] flags: 0x200000000000000(node=0|zone=2) [ 15.439663] page_type: f5(slab) [ 15.439835] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.440233] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.440598] page dumped because: kasan: bad access detected [ 15.440859] [ 15.440930] Memory state around the buggy address: [ 15.441163] ffff8881027e1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.441518] ffff8881027e1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.441854] >ffff8881027e1700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.442166] ^ [ 15.442487] ffff8881027e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.442874] ffff8881027e1800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.443261] ================================================================== [ 15.398891] ================================================================== [ 15.400489] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.401465] Read of size 8 at addr ffff8881027e1778 by task kunit_try_catch/298 [ 15.402138] [ 15.402359] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.402416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.402431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.402456] Call Trace: [ 15.402471] <TASK> [ 15.402493] dump_stack_lvl+0x73/0xb0 [ 15.402529] print_report+0xd1/0x650 [ 15.402557] ? __virt_addr_valid+0x1db/0x2d0 [ 15.402583] ? copy_to_kernel_nofault+0x225/0x260 [ 15.402608] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.402632] ? copy_to_kernel_nofault+0x225/0x260 [ 15.402658] kasan_report+0x141/0x180 [ 15.402681] ? copy_to_kernel_nofault+0x225/0x260 [ 15.402710] __asan_report_load8_noabort+0x18/0x20 [ 15.402736] copy_to_kernel_nofault+0x225/0x260 [ 15.402761] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.402785] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.402820] ? finish_task_switch.isra.0+0x153/0x700 [ 15.402846] ? __schedule+0x10cc/0x2b60 [ 15.402868] ? trace_hardirqs_on+0x37/0xe0 [ 15.402912] ? __pfx_read_tsc+0x10/0x10 [ 15.402935] ? ktime_get_ts64+0x86/0x230 [ 15.402960] kunit_try_run_case+0x1a5/0x480 [ 15.402988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.403011] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.403044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.403066] ? __kthread_parkme+0x82/0x180 [ 15.403088] ? preempt_count_sub+0x50/0x80 [ 15.403111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.403134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.403158] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.403182] kthread+0x337/0x6f0 [ 15.403201] ? trace_preempt_on+0x20/0xc0 [ 15.403224] ? __pfx_kthread+0x10/0x10 [ 15.403245] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.403266] ? calculate_sigpending+0x7b/0xa0 [ 15.403291] ? __pfx_kthread+0x10/0x10 [ 15.403313] ret_from_fork+0x116/0x1d0 [ 15.403331] ? __pfx_kthread+0x10/0x10 [ 15.403352] ret_from_fork_asm+0x1a/0x30 [ 15.403384] </TASK> [ 15.403398] [ 15.413446] Allocated by task 298: [ 15.413659] kasan_save_stack+0x45/0x70 [ 15.413922] kasan_save_track+0x18/0x40 [ 15.414157] kasan_save_alloc_info+0x3b/0x50 [ 15.414387] __kasan_kmalloc+0xb7/0xc0 [ 15.414585] __kmalloc_cache_noprof+0x189/0x420 [ 15.414826] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.415062] kunit_try_run_case+0x1a5/0x480 [ 15.415250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.415418] kthread+0x337/0x6f0 [ 15.415536] ret_from_fork+0x116/0x1d0 [ 15.415814] ret_from_fork_asm+0x1a/0x30 [ 15.416031] [ 15.416130] The buggy address belongs to the object at ffff8881027e1700 [ 15.416130] which belongs to the cache kmalloc-128 of size 128 [ 15.416674] The buggy address is located 0 bytes to the right of [ 15.416674] allocated 120-byte region [ffff8881027e1700, ffff8881027e1778) [ 15.417251] [ 15.417350] The buggy address belongs to the physical page: [ 15.417630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e1 [ 15.417933] flags: 0x200000000000000(node=0|zone=2) [ 15.418144] page_type: f5(slab) [ 15.418275] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.418853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.419250] page dumped because: kasan: bad access detected [ 15.419503] [ 15.419598] Memory state around the buggy address: [ 15.419864] ffff8881027e1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.420269] ffff8881027e1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.420598] >ffff8881027e1700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.420967] ^ [ 15.421316] ffff8881027e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.421658] ffff8881027e1800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.422006] ==================================================================