Date
July 3, 2025, 6:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.923595] ================================================================== [ 19.923678] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.923953] Read of size 8 at addr fff00000c7834478 by task kunit_try_catch/281 [ 19.924045] [ 19.924105] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.924194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.924587] Hardware name: linux,dummy-virt (DT) [ 19.924669] Call trace: [ 19.924713] show_stack+0x20/0x38 (C) [ 19.924776] dump_stack_lvl+0x8c/0xd0 [ 19.924828] print_report+0x118/0x608 [ 19.925245] kasan_report+0xdc/0x128 [ 19.925414] __asan_report_load8_noabort+0x20/0x30 [ 19.925759] copy_to_kernel_nofault+0x204/0x250 [ 19.925834] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.926460] kunit_try_run_case+0x170/0x3f0 [ 19.926604] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.926773] kthread+0x328/0x630 [ 19.926955] ret_from_fork+0x10/0x20 [ 19.927448] [ 19.927514] Allocated by task 281: [ 19.927563] kasan_save_stack+0x3c/0x68 [ 19.927718] kasan_save_track+0x20/0x40 [ 19.927836] kasan_save_alloc_info+0x40/0x58 [ 19.928176] __kasan_kmalloc+0xd4/0xd8 [ 19.928264] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.928389] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.928472] kunit_try_run_case+0x170/0x3f0 [ 19.928659] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.928860] kthread+0x328/0x630 [ 19.928935] ret_from_fork+0x10/0x20 [ 19.929607] [ 19.929710] The buggy address belongs to the object at fff00000c7834400 [ 19.929710] which belongs to the cache kmalloc-128 of size 128 [ 19.929807] The buggy address is located 0 bytes to the right of [ 19.929807] allocated 120-byte region [fff00000c7834400, fff00000c7834478) [ 19.929872] [ 19.929946] The buggy address belongs to the physical page: [ 19.930245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 19.930645] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.930716] page_type: f5(slab) [ 19.930817] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.930906] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.930947] page dumped because: kasan: bad access detected [ 19.930981] [ 19.931050] Memory state around the buggy address: [ 19.931183] fff00000c7834300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.931318] fff00000c7834380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.931449] >fff00000c7834400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.931490] ^ [ 19.931533] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.931577] fff00000c7834500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.931618] ================================================================== [ 19.932398] ================================================================== [ 19.932537] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.932592] Write of size 8 at addr fff00000c7834478 by task kunit_try_catch/281 [ 19.932644] [ 19.932703] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.932807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.932842] Hardware name: linux,dummy-virt (DT) [ 19.932875] Call trace: [ 19.932899] show_stack+0x20/0x38 (C) [ 19.932971] dump_stack_lvl+0x8c/0xd0 [ 19.933021] print_report+0x118/0x608 [ 19.933123] kasan_report+0xdc/0x128 [ 19.933180] kasan_check_range+0x100/0x1a8 [ 19.933330] __kasan_check_write+0x20/0x30 [ 19.933658] copy_to_kernel_nofault+0x8c/0x250 [ 19.933744] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.933919] kunit_try_run_case+0x170/0x3f0 [ 19.934005] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.934229] kthread+0x328/0x630 [ 19.934374] ret_from_fork+0x10/0x20 [ 19.934472] [ 19.934494] Allocated by task 281: [ 19.934555] kasan_save_stack+0x3c/0x68 [ 19.934911] kasan_save_track+0x20/0x40 [ 19.935077] kasan_save_alloc_info+0x40/0x58 [ 19.935216] __kasan_kmalloc+0xd4/0xd8 [ 19.935352] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.935460] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.935545] kunit_try_run_case+0x170/0x3f0 [ 19.935638] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.935722] kthread+0x328/0x630 [ 19.935757] ret_from_fork+0x10/0x20 [ 19.935792] [ 19.935965] The buggy address belongs to the object at fff00000c7834400 [ 19.935965] which belongs to the cache kmalloc-128 of size 128 [ 19.936173] The buggy address is located 0 bytes to the right of [ 19.936173] allocated 120-byte region [fff00000c7834400, fff00000c7834478) [ 19.936380] [ 19.936428] The buggy address belongs to the physical page: [ 19.936482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 19.936565] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.936616] page_type: f5(slab) [ 19.936668] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.936890] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.937086] page dumped because: kasan: bad access detected [ 19.937191] [ 19.937283] Memory state around the buggy address: [ 19.937375] fff00000c7834300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.937447] fff00000c7834380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.937493] >fff00000c7834400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.937552] ^ [ 19.937595] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.937870] fff00000c7834500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.937957] ==================================================================
[ 15.363893] ================================================================== [ 15.364236] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.364965] Write of size 8 at addr ffff888103348678 by task kunit_try_catch/299 [ 15.365312] [ 15.365465] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.365510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.365523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.365545] Call Trace: [ 15.365559] <TASK> [ 15.365575] dump_stack_lvl+0x73/0xb0 [ 15.365606] print_report+0xd1/0x650 [ 15.365631] ? __virt_addr_valid+0x1db/0x2d0 [ 15.365654] ? copy_to_kernel_nofault+0x99/0x260 [ 15.365699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.365737] ? copy_to_kernel_nofault+0x99/0x260 [ 15.365761] kasan_report+0x141/0x180 [ 15.365784] ? copy_to_kernel_nofault+0x99/0x260 [ 15.365826] kasan_check_range+0x10c/0x1c0 [ 15.365874] __kasan_check_write+0x18/0x20 [ 15.365895] copy_to_kernel_nofault+0x99/0x260 [ 15.365921] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.365945] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.365969] ? finish_task_switch.isra.0+0x153/0x700 [ 15.365992] ? __schedule+0x10cc/0x2b60 [ 15.366015] ? trace_hardirqs_on+0x37/0xe0 [ 15.366050] ? __pfx_read_tsc+0x10/0x10 [ 15.366071] ? ktime_get_ts64+0x86/0x230 [ 15.366108] kunit_try_run_case+0x1a5/0x480 [ 15.366131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.366155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.366180] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.366204] ? __kthread_parkme+0x82/0x180 [ 15.366225] ? preempt_count_sub+0x50/0x80 [ 15.366256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.366281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.366304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.366329] kthread+0x337/0x6f0 [ 15.366349] ? trace_preempt_on+0x20/0xc0 [ 15.366376] ? __pfx_kthread+0x10/0x10 [ 15.366397] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.366419] ? calculate_sigpending+0x7b/0xa0 [ 15.366443] ? __pfx_kthread+0x10/0x10 [ 15.366466] ret_from_fork+0x116/0x1d0 [ 15.366485] ? __pfx_kthread+0x10/0x10 [ 15.366506] ret_from_fork_asm+0x1a/0x30 [ 15.366536] </TASK> [ 15.366549] [ 15.374866] Allocated by task 299: [ 15.375067] kasan_save_stack+0x45/0x70 [ 15.375275] kasan_save_track+0x18/0x40 [ 15.375434] kasan_save_alloc_info+0x3b/0x50 [ 15.375650] __kasan_kmalloc+0xb7/0xc0 [ 15.375852] __kmalloc_cache_noprof+0x189/0x420 [ 15.376038] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.376288] kunit_try_run_case+0x1a5/0x480 [ 15.376490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.376788] kthread+0x337/0x6f0 [ 15.376973] ret_from_fork+0x116/0x1d0 [ 15.377168] ret_from_fork_asm+0x1a/0x30 [ 15.377370] [ 15.378346] The buggy address belongs to the object at ffff888103348600 [ 15.378346] which belongs to the cache kmalloc-128 of size 128 [ 15.378946] The buggy address is located 0 bytes to the right of [ 15.378946] allocated 120-byte region [ffff888103348600, ffff888103348678) [ 15.380183] [ 15.380271] The buggy address belongs to the physical page: [ 15.381032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103348 [ 15.381662] flags: 0x200000000000000(node=0|zone=2) [ 15.381899] page_type: f5(slab) [ 15.382063] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.382713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.383469] page dumped because: kasan: bad access detected [ 15.383710] [ 15.383805] Memory state around the buggy address: [ 15.384016] ffff888103348500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.384746] ffff888103348580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.385240] >ffff888103348600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.385782] ^ [ 15.386492] ffff888103348680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.387030] ffff888103348700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.387719] ================================================================== [ 15.335874] ================================================================== [ 15.336512] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.336847] Read of size 8 at addr ffff888103348678 by task kunit_try_catch/299 [ 15.337185] [ 15.337298] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.337349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.337362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.337387] Call Trace: [ 15.337400] <TASK> [ 15.337419] dump_stack_lvl+0x73/0xb0 [ 15.337450] print_report+0xd1/0x650 [ 15.337476] ? __virt_addr_valid+0x1db/0x2d0 [ 15.337501] ? copy_to_kernel_nofault+0x225/0x260 [ 15.337526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.337549] ? copy_to_kernel_nofault+0x225/0x260 [ 15.337573] kasan_report+0x141/0x180 [ 15.337596] ? copy_to_kernel_nofault+0x225/0x260 [ 15.337624] __asan_report_load8_noabort+0x18/0x20 [ 15.338051] copy_to_kernel_nofault+0x225/0x260 [ 15.338080] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.338120] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.338144] ? finish_task_switch.isra.0+0x153/0x700 [ 15.338170] ? __schedule+0x10cc/0x2b60 [ 15.338194] ? trace_hardirqs_on+0x37/0xe0 [ 15.338231] ? __pfx_read_tsc+0x10/0x10 [ 15.338255] ? ktime_get_ts64+0x86/0x230 [ 15.338281] kunit_try_run_case+0x1a5/0x480 [ 15.338309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.338333] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.338358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.338383] ? __kthread_parkme+0x82/0x180 [ 15.338406] ? preempt_count_sub+0x50/0x80 [ 15.338429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.338454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.338478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.338503] kthread+0x337/0x6f0 [ 15.338524] ? trace_preempt_on+0x20/0xc0 [ 15.338551] ? __pfx_kthread+0x10/0x10 [ 15.338573] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.338595] ? calculate_sigpending+0x7b/0xa0 [ 15.338621] ? __pfx_kthread+0x10/0x10 [ 15.338644] ret_from_fork+0x116/0x1d0 [ 15.338663] ? __pfx_kthread+0x10/0x10 [ 15.338685] ret_from_fork_asm+0x1a/0x30 [ 15.338717] </TASK> [ 15.338731] [ 15.351008] Allocated by task 299: [ 15.351453] kasan_save_stack+0x45/0x70 [ 15.351780] kasan_save_track+0x18/0x40 [ 15.351963] kasan_save_alloc_info+0x3b/0x50 [ 15.352345] __kasan_kmalloc+0xb7/0xc0 [ 15.352658] __kmalloc_cache_noprof+0x189/0x420 [ 15.352962] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.353399] kunit_try_run_case+0x1a5/0x480 [ 15.353687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.354013] kthread+0x337/0x6f0 [ 15.354336] ret_from_fork+0x116/0x1d0 [ 15.354512] ret_from_fork_asm+0x1a/0x30 [ 15.354847] [ 15.354947] The buggy address belongs to the object at ffff888103348600 [ 15.354947] which belongs to the cache kmalloc-128 of size 128 [ 15.355768] The buggy address is located 0 bytes to the right of [ 15.355768] allocated 120-byte region [ffff888103348600, ffff888103348678) [ 15.356496] [ 15.356806] The buggy address belongs to the physical page: [ 15.357017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103348 [ 15.357641] flags: 0x200000000000000(node=0|zone=2) [ 15.358001] page_type: f5(slab) [ 15.358257] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.358762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.359065] page dumped because: kasan: bad access detected [ 15.359483] [ 15.359593] Memory state around the buggy address: [ 15.359969] ffff888103348500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.360501] ffff888103348580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.360948] >ffff888103348600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.361478] ^ [ 15.361768] ffff888103348680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.362420] ffff888103348700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.362920] ==================================================================