Date
July 5, 2025, 5:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.241711] ================================================================== [ 21.241765] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 21.242284] Write of size 8 at addr fff00000c6398c78 by task kunit_try_catch/281 [ 21.242464] [ 21.242501] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.242583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.242800] Hardware name: linux,dummy-virt (DT) [ 21.243195] Call trace: [ 21.243275] show_stack+0x20/0x38 (C) [ 21.243467] dump_stack_lvl+0x8c/0xd0 [ 21.243559] print_report+0x118/0x608 [ 21.243811] kasan_report+0xdc/0x128 [ 21.244132] kasan_check_range+0x100/0x1a8 [ 21.244187] __kasan_check_write+0x20/0x30 [ 21.244300] copy_to_kernel_nofault+0x8c/0x250 [ 21.244964] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 21.245369] kunit_try_run_case+0x170/0x3f0 [ 21.245586] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.245681] kthread+0x328/0x630 [ 21.245780] ret_from_fork+0x10/0x20 [ 21.245847] [ 21.245879] Allocated by task 281: [ 21.245919] kasan_save_stack+0x3c/0x68 [ 21.245979] kasan_save_track+0x20/0x40 [ 21.246027] kasan_save_alloc_info+0x40/0x58 [ 21.246082] __kasan_kmalloc+0xd4/0xd8 [ 21.246135] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.246178] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.246218] kunit_try_run_case+0x170/0x3f0 [ 21.246258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.246334] kthread+0x328/0x630 [ 21.246368] ret_from_fork+0x10/0x20 [ 21.246405] [ 21.246426] The buggy address belongs to the object at fff00000c6398c00 [ 21.246426] which belongs to the cache kmalloc-128 of size 128 [ 21.246493] The buggy address is located 0 bytes to the right of [ 21.246493] allocated 120-byte region [fff00000c6398c00, fff00000c6398c78) [ 21.246567] [ 21.246598] The buggy address belongs to the physical page: [ 21.246647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.246708] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.247125] page_type: f5(slab) [ 21.247522] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.247835] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.248016] page dumped because: kasan: bad access detected [ 21.248149] [ 21.248209] Memory state around the buggy address: [ 21.248274] fff00000c6398b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.248411] fff00000c6398b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.248489] >fff00000c6398c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.248653] ^ [ 21.248822] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.248941] fff00000c6398d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.249047] ================================================================== [ 21.230186] ================================================================== [ 21.230255] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 21.230322] Read of size 8 at addr fff00000c6398c78 by task kunit_try_catch/281 [ 21.230373] [ 21.230412] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.230496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.231454] Hardware name: linux,dummy-virt (DT) [ 21.232499] Call trace: [ 21.232535] show_stack+0x20/0x38 (C) [ 21.232651] dump_stack_lvl+0x8c/0xd0 [ 21.232705] print_report+0x118/0x608 [ 21.232757] kasan_report+0xdc/0x128 [ 21.232802] __asan_report_load8_noabort+0x20/0x30 [ 21.232849] copy_to_kernel_nofault+0x204/0x250 [ 21.232912] copy_to_kernel_nofault_oob+0x158/0x418 [ 21.232962] kunit_try_run_case+0x170/0x3f0 [ 21.233013] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.233067] kthread+0x328/0x630 [ 21.233112] ret_from_fork+0x10/0x20 [ 21.233162] [ 21.233184] Allocated by task 281: [ 21.233218] kasan_save_stack+0x3c/0x68 [ 21.234851] kasan_save_track+0x20/0x40 [ 21.234926] kasan_save_alloc_info+0x40/0x58 [ 21.234969] __kasan_kmalloc+0xd4/0xd8 [ 21.235009] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.235050] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.235093] kunit_try_run_case+0x170/0x3f0 [ 21.235132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.235178] kthread+0x328/0x630 [ 21.235213] ret_from_fork+0x10/0x20 [ 21.235251] [ 21.235275] The buggy address belongs to the object at fff00000c6398c00 [ 21.235275] which belongs to the cache kmalloc-128 of size 128 [ 21.235336] The buggy address is located 0 bytes to the right of [ 21.235336] allocated 120-byte region [fff00000c6398c00, fff00000c6398c78) [ 21.235400] [ 21.235428] The buggy address belongs to the physical page: [ 21.236073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.236143] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.236342] page_type: f5(slab) [ 21.236389] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.237899] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.238347] page dumped because: kasan: bad access detected [ 21.238391] [ 21.238412] Memory state around the buggy address: [ 21.238737] fff00000c6398b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.238792] fff00000c6398b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.238839] >fff00000c6398c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.238891] ^ [ 21.239635] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.239915] fff00000c6398d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.240004] ==================================================================
[ 15.537272] ================================================================== [ 15.537796] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.538278] Write of size 8 at addr ffff8881031c1878 by task kunit_try_catch/300 [ 15.538678] [ 15.538979] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.539028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.539043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.539091] Call Trace: [ 15.539108] <TASK> [ 15.539126] dump_stack_lvl+0x73/0xb0 [ 15.539157] print_report+0xd1/0x650 [ 15.539181] ? __virt_addr_valid+0x1db/0x2d0 [ 15.539301] ? copy_to_kernel_nofault+0x99/0x260 [ 15.539329] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.539354] ? copy_to_kernel_nofault+0x99/0x260 [ 15.539421] kasan_report+0x141/0x180 [ 15.539468] ? copy_to_kernel_nofault+0x99/0x260 [ 15.539498] kasan_check_range+0x10c/0x1c0 [ 15.539523] __kasan_check_write+0x18/0x20 [ 15.539545] copy_to_kernel_nofault+0x99/0x260 [ 15.539571] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.539597] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.539621] ? finish_task_switch.isra.0+0x153/0x700 [ 15.539644] ? __schedule+0x10cc/0x2b60 [ 15.539667] ? trace_hardirqs_on+0x37/0xe0 [ 15.539709] ? __pfx_read_tsc+0x10/0x10 [ 15.539730] ? ktime_get_ts64+0x86/0x230 [ 15.539755] kunit_try_run_case+0x1a5/0x480 [ 15.539781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.539805] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.539829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.539854] ? __kthread_parkme+0x82/0x180 [ 15.539876] ? preempt_count_sub+0x50/0x80 [ 15.539901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.539926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.539951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.539976] kthread+0x337/0x6f0 [ 15.539997] ? trace_preempt_on+0x20/0xc0 [ 15.540020] ? __pfx_kthread+0x10/0x10 [ 15.540042] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.540065] ? calculate_sigpending+0x7b/0xa0 [ 15.540090] ? __pfx_kthread+0x10/0x10 [ 15.540113] ret_from_fork+0x116/0x1d0 [ 15.540132] ? __pfx_kthread+0x10/0x10 [ 15.540154] ret_from_fork_asm+0x1a/0x30 [ 15.540186] </TASK> [ 15.540347] [ 15.550647] Allocated by task 300: [ 15.550843] kasan_save_stack+0x45/0x70 [ 15.551056] kasan_save_track+0x18/0x40 [ 15.551474] kasan_save_alloc_info+0x3b/0x50 [ 15.551664] __kasan_kmalloc+0xb7/0xc0 [ 15.551829] __kmalloc_cache_noprof+0x189/0x420 [ 15.551988] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.552309] kunit_try_run_case+0x1a5/0x480 [ 15.552696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.553104] kthread+0x337/0x6f0 [ 15.553388] ret_from_fork+0x116/0x1d0 [ 15.553796] ret_from_fork_asm+0x1a/0x30 [ 15.553970] [ 15.554071] The buggy address belongs to the object at ffff8881031c1800 [ 15.554071] which belongs to the cache kmalloc-128 of size 128 [ 15.554835] The buggy address is located 0 bytes to the right of [ 15.554835] allocated 120-byte region [ffff8881031c1800, ffff8881031c1878) [ 15.555584] [ 15.555810] The buggy address belongs to the physical page: [ 15.556029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.556344] flags: 0x200000000000000(node=0|zone=2) [ 15.556591] page_type: f5(slab) [ 15.557000] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.557304] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.557753] page dumped because: kasan: bad access detected [ 15.558165] [ 15.558265] Memory state around the buggy address: [ 15.558599] ffff8881031c1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.559080] ffff8881031c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.559516] >ffff8881031c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.559964] ^ [ 15.560511] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.560950] ffff8881031c1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.561471] ================================================================== [ 15.512027] ================================================================== [ 15.512730] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.513307] Read of size 8 at addr ffff8881031c1878 by task kunit_try_catch/300 [ 15.513691] [ 15.513811] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.513937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.513984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.514030] Call Trace: [ 15.514070] <TASK> [ 15.514104] dump_stack_lvl+0x73/0xb0 [ 15.514135] print_report+0xd1/0x650 [ 15.514161] ? __virt_addr_valid+0x1db/0x2d0 [ 15.514184] ? copy_to_kernel_nofault+0x225/0x260 [ 15.514210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.514234] ? copy_to_kernel_nofault+0x225/0x260 [ 15.514259] kasan_report+0x141/0x180 [ 15.514304] ? copy_to_kernel_nofault+0x225/0x260 [ 15.514335] __asan_report_load8_noabort+0x18/0x20 [ 15.514371] copy_to_kernel_nofault+0x225/0x260 [ 15.514398] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.514424] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.514448] ? finish_task_switch.isra.0+0x153/0x700 [ 15.514481] ? __schedule+0x10cc/0x2b60 [ 15.514503] ? trace_hardirqs_on+0x37/0xe0 [ 15.514536] ? __pfx_read_tsc+0x10/0x10 [ 15.514558] ? ktime_get_ts64+0x86/0x230 [ 15.514584] kunit_try_run_case+0x1a5/0x480 [ 15.514611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.514659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.514698] ? __kthread_parkme+0x82/0x180 [ 15.514719] ? preempt_count_sub+0x50/0x80 [ 15.514743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.514793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.514817] kthread+0x337/0x6f0 [ 15.514839] ? trace_preempt_on+0x20/0xc0 [ 15.514862] ? __pfx_kthread+0x10/0x10 [ 15.514884] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.514907] ? calculate_sigpending+0x7b/0xa0 [ 15.514931] ? __pfx_kthread+0x10/0x10 [ 15.514954] ret_from_fork+0x116/0x1d0 [ 15.514975] ? __pfx_kthread+0x10/0x10 [ 15.514997] ret_from_fork_asm+0x1a/0x30 [ 15.515028] </TASK> [ 15.515042] [ 15.525247] Allocated by task 300: [ 15.526041] kasan_save_stack+0x45/0x70 [ 15.526408] kasan_save_track+0x18/0x40 [ 15.526654] kasan_save_alloc_info+0x3b/0x50 [ 15.526990] __kasan_kmalloc+0xb7/0xc0 [ 15.527158] __kmalloc_cache_noprof+0x189/0x420 [ 15.527636] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.527901] kunit_try_run_case+0x1a5/0x480 [ 15.528094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.528517] kthread+0x337/0x6f0 [ 15.528778] ret_from_fork+0x116/0x1d0 [ 15.528984] ret_from_fork_asm+0x1a/0x30 [ 15.529178] [ 15.529393] The buggy address belongs to the object at ffff8881031c1800 [ 15.529393] which belongs to the cache kmalloc-128 of size 128 [ 15.530007] The buggy address is located 0 bytes to the right of [ 15.530007] allocated 120-byte region [ffff8881031c1800, ffff8881031c1878) [ 15.530848] [ 15.530992] The buggy address belongs to the physical page: [ 15.531338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.531807] flags: 0x200000000000000(node=0|zone=2) [ 15.532160] page_type: f5(slab) [ 15.532630] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.532975] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.533503] page dumped because: kasan: bad access detected [ 15.533782] [ 15.533896] Memory state around the buggy address: [ 15.534146] ffff8881031c1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.534611] ffff8881031c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.534958] >ffff8881031c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.535394] ^ [ 15.535646] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.536090] ffff8881031c1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.536624] ==================================================================