Date
July 9, 2025, 12:11 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.169687] ================================================================== [ 22.169774] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 22.169930] Read of size 8 at addr fff00000c6e98878 by task kunit_try_catch/282 [ 22.170005] [ 22.170052] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.170261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.170486] Hardware name: linux,dummy-virt (DT) [ 22.170536] Call trace: [ 22.170565] show_stack+0x20/0x38 (C) [ 22.170744] dump_stack_lvl+0x8c/0xd0 [ 22.170915] print_report+0x118/0x608 [ 22.170979] kasan_report+0xdc/0x128 [ 22.171084] __asan_report_load8_noabort+0x20/0x30 [ 22.171167] copy_to_kernel_nofault+0x204/0x250 [ 22.171478] copy_to_kernel_nofault_oob+0x158/0x418 [ 22.171562] kunit_try_run_case+0x170/0x3f0 [ 22.171618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.172243] kthread+0x328/0x630 [ 22.172436] ret_from_fork+0x10/0x20 [ 22.172516] [ 22.172607] Allocated by task 282: [ 22.172752] kasan_save_stack+0x3c/0x68 [ 22.172976] kasan_save_track+0x20/0x40 [ 22.173111] kasan_save_alloc_info+0x40/0x58 [ 22.173322] __kasan_kmalloc+0xd4/0xd8 [ 22.173579] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.173635] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.173991] kunit_try_run_case+0x170/0x3f0 [ 22.174114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.174194] kthread+0x328/0x630 [ 22.174275] ret_from_fork+0x10/0x20 [ 22.174429] [ 22.174501] The buggy address belongs to the object at fff00000c6e98800 [ 22.174501] which belongs to the cache kmalloc-128 of size 128 [ 22.174704] The buggy address is located 0 bytes to the right of [ 22.174704] allocated 120-byte region [fff00000c6e98800, fff00000c6e98878) [ 22.174925] [ 22.174963] The buggy address belongs to the physical page: [ 22.175141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.175210] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.175509] page_type: f5(slab) [ 22.175776] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.175857] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.176050] page dumped because: kasan: bad access detected [ 22.176119] [ 22.176265] Memory state around the buggy address: [ 22.176329] fff00000c6e98700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.176433] fff00000c6e98780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.176523] >fff00000c6e98800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.176566] ^ [ 22.176763] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.176819] fff00000c6e98900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.177358] ================================================================== [ 22.179329] ================================================================== [ 22.179412] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 22.179473] Write of size 8 at addr fff00000c6e98878 by task kunit_try_catch/282 [ 22.179593] [ 22.179645] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.179734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.179764] Hardware name: linux,dummy-virt (DT) [ 22.179796] Call trace: [ 22.179831] show_stack+0x20/0x38 (C) [ 22.179888] dump_stack_lvl+0x8c/0xd0 [ 22.179948] print_report+0x118/0x608 [ 22.179998] kasan_report+0xdc/0x128 [ 22.180517] kasan_check_range+0x100/0x1a8 [ 22.180610] __kasan_check_write+0x20/0x30 [ 22.180664] copy_to_kernel_nofault+0x8c/0x250 [ 22.180715] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 22.181013] kunit_try_run_case+0x170/0x3f0 [ 22.181227] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.181485] kthread+0x328/0x630 [ 22.181652] ret_from_fork+0x10/0x20 [ 22.181809] [ 22.181833] Allocated by task 282: [ 22.181908] kasan_save_stack+0x3c/0x68 [ 22.182128] kasan_save_track+0x20/0x40 [ 22.182379] kasan_save_alloc_info+0x40/0x58 [ 22.182537] __kasan_kmalloc+0xd4/0xd8 [ 22.182583] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.182664] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.182878] kunit_try_run_case+0x170/0x3f0 [ 22.182961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.183286] kthread+0x328/0x630 [ 22.183558] ret_from_fork+0x10/0x20 [ 22.183912] [ 22.184172] The buggy address belongs to the object at fff00000c6e98800 [ 22.184172] which belongs to the cache kmalloc-128 of size 128 [ 22.184424] The buggy address is located 0 bytes to the right of [ 22.184424] allocated 120-byte region [fff00000c6e98800, fff00000c6e98878) [ 22.184758] [ 22.184866] The buggy address belongs to the physical page: [ 22.184948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.185358] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.185497] page_type: f5(slab) [ 22.185540] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.185642] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.185722] page dumped because: kasan: bad access detected [ 22.186023] [ 22.186252] Memory state around the buggy address: [ 22.186466] fff00000c6e98700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.186520] fff00000c6e98780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.186929] >fff00000c6e98800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.187094] ^ [ 22.187146] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.187352] fff00000c6e98900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.187616] ==================================================================
[ 16.569699] ================================================================== [ 16.570079] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.570468] Write of size 8 at addr ffff8881026ad678 by task kunit_try_catch/298 [ 16.570987] [ 16.571287] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.571336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.571349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.571372] Call Trace: [ 16.571386] <TASK> [ 16.571402] dump_stack_lvl+0x73/0xb0 [ 16.571435] print_report+0xd1/0x650 [ 16.571459] ? __virt_addr_valid+0x1db/0x2d0 [ 16.571484] ? copy_to_kernel_nofault+0x99/0x260 [ 16.571677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.571707] ? copy_to_kernel_nofault+0x99/0x260 [ 16.571733] kasan_report+0x141/0x180 [ 16.571757] ? copy_to_kernel_nofault+0x99/0x260 [ 16.571787] kasan_check_range+0x10c/0x1c0 [ 16.571812] __kasan_check_write+0x18/0x20 [ 16.571834] copy_to_kernel_nofault+0x99/0x260 [ 16.571861] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.571887] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.571912] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.571961] ? trace_hardirqs_on+0x37/0xe0 [ 16.571995] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.572025] kunit_try_run_case+0x1a5/0x480 [ 16.572052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.572076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.572102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.572127] ? __kthread_parkme+0x82/0x180 [ 16.572149] ? preempt_count_sub+0x50/0x80 [ 16.572175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.572201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.572227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.572255] kthread+0x337/0x6f0 [ 16.572276] ? trace_preempt_on+0x20/0xc0 [ 16.572299] ? __pfx_kthread+0x10/0x10 [ 16.572321] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.572344] ? calculate_sigpending+0x7b/0xa0 [ 16.572369] ? __pfx_kthread+0x10/0x10 [ 16.572393] ret_from_fork+0x116/0x1d0 [ 16.572413] ? __pfx_kthread+0x10/0x10 [ 16.572435] ret_from_fork_asm+0x1a/0x30 [ 16.572468] </TASK> [ 16.572480] [ 16.582171] Allocated by task 298: [ 16.582499] kasan_save_stack+0x45/0x70 [ 16.582809] kasan_save_track+0x18/0x40 [ 16.583192] kasan_save_alloc_info+0x3b/0x50 [ 16.583514] __kasan_kmalloc+0xb7/0xc0 [ 16.583686] __kmalloc_cache_noprof+0x189/0x420 [ 16.583894] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.584328] kunit_try_run_case+0x1a5/0x480 [ 16.584512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.584908] kthread+0x337/0x6f0 [ 16.585137] ret_from_fork+0x116/0x1d0 [ 16.585398] ret_from_fork_asm+0x1a/0x30 [ 16.585560] [ 16.585666] The buggy address belongs to the object at ffff8881026ad600 [ 16.585666] which belongs to the cache kmalloc-128 of size 128 [ 16.586112] The buggy address is located 0 bytes to the right of [ 16.586112] allocated 120-byte region [ffff8881026ad600, ffff8881026ad678) [ 16.586980] [ 16.587066] The buggy address belongs to the physical page: [ 16.587241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ad [ 16.587481] flags: 0x200000000000000(node=0|zone=2) [ 16.587644] page_type: f5(slab) [ 16.587767] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.588087] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.588316] page dumped because: kasan: bad access detected [ 16.588486] [ 16.588678] Memory state around the buggy address: [ 16.588867] ffff8881026ad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.589097] ffff8881026ad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.589311] >ffff8881026ad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.589523] ^ [ 16.589753] ffff8881026ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.589985] ffff8881026ad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.590412] ================================================================== [ 16.544278] ================================================================== [ 16.544826] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.545118] Read of size 8 at addr ffff8881026ad678 by task kunit_try_catch/298 [ 16.545726] [ 16.545893] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.546039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.546055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.546079] Call Trace: [ 16.546093] <TASK> [ 16.546115] dump_stack_lvl+0x73/0xb0 [ 16.546153] print_report+0xd1/0x650 [ 16.546181] ? __virt_addr_valid+0x1db/0x2d0 [ 16.546207] ? copy_to_kernel_nofault+0x225/0x260 [ 16.546234] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.546259] ? copy_to_kernel_nofault+0x225/0x260 [ 16.546569] kasan_report+0x141/0x180 [ 16.546598] ? copy_to_kernel_nofault+0x225/0x260 [ 16.546628] __asan_report_load8_noabort+0x18/0x20 [ 16.546655] copy_to_kernel_nofault+0x225/0x260 [ 16.546682] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.546715] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.546741] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.546770] ? trace_hardirqs_on+0x37/0xe0 [ 16.546804] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.546833] kunit_try_run_case+0x1a5/0x480 [ 16.546861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.546885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.546912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.546946] ? __kthread_parkme+0x82/0x180 [ 16.546989] ? preempt_count_sub+0x50/0x80 [ 16.547015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.547041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.547068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.547094] kthread+0x337/0x6f0 [ 16.547114] ? trace_preempt_on+0x20/0xc0 [ 16.547138] ? __pfx_kthread+0x10/0x10 [ 16.547160] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.547184] ? calculate_sigpending+0x7b/0xa0 [ 16.547210] ? __pfx_kthread+0x10/0x10 [ 16.547232] ret_from_fork+0x116/0x1d0 [ 16.547253] ? __pfx_kthread+0x10/0x10 [ 16.547285] ret_from_fork_asm+0x1a/0x30 [ 16.547318] </TASK> [ 16.547331] [ 16.557789] Allocated by task 298: [ 16.558217] kasan_save_stack+0x45/0x70 [ 16.558527] kasan_save_track+0x18/0x40 [ 16.558787] kasan_save_alloc_info+0x3b/0x50 [ 16.559223] __kasan_kmalloc+0xb7/0xc0 [ 16.559384] __kmalloc_cache_noprof+0x189/0x420 [ 16.559762] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.560128] kunit_try_run_case+0x1a5/0x480 [ 16.560307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.560591] kthread+0x337/0x6f0 [ 16.561013] ret_from_fork+0x116/0x1d0 [ 16.561320] ret_from_fork_asm+0x1a/0x30 [ 16.561613] [ 16.561784] The buggy address belongs to the object at ffff8881026ad600 [ 16.561784] which belongs to the cache kmalloc-128 of size 128 [ 16.562479] The buggy address is located 0 bytes to the right of [ 16.562479] allocated 120-byte region [ffff8881026ad600, ffff8881026ad678) [ 16.563278] [ 16.563380] The buggy address belongs to the physical page: [ 16.563595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ad [ 16.564164] flags: 0x200000000000000(node=0|zone=2) [ 16.564383] page_type: f5(slab) [ 16.564681] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.565119] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.565409] page dumped because: kasan: bad access detected [ 16.565753] [ 16.565848] Memory state around the buggy address: [ 16.566197] ffff8881026ad500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.566702] ffff8881026ad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.567152] >ffff8881026ad600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.567553] ^ [ 16.567832] ffff8881026ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.568279] ffff8881026ad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.568654] ==================================================================