Date
July 9, 2025, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.876519] ================================================================== [ 19.876573] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.876626] Write of size 8 at addr fff00000c6c2cb78 by task kunit_try_catch/281 [ 19.876679] [ 19.876710] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.876800] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.876833] Hardware name: linux,dummy-virt (DT) [ 19.876865] Call trace: [ 19.876889] show_stack+0x20/0x38 (C) [ 19.876942] dump_stack_lvl+0x8c/0xd0 [ 19.876993] print_report+0x118/0x608 [ 19.877044] kasan_report+0xdc/0x128 [ 19.877256] kasan_check_range+0x100/0x1a8 [ 19.877731] __kasan_check_write+0x20/0x30 [ 19.877782] copy_to_kernel_nofault+0x8c/0x250 [ 19.877842] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.877894] kunit_try_run_case+0x170/0x3f0 [ 19.878667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.879187] kthread+0x328/0x630 [ 19.879494] ret_from_fork+0x10/0x20 [ 19.879751] [ 19.879845] Allocated by task 281: [ 19.880004] kasan_save_stack+0x3c/0x68 [ 19.880065] kasan_save_track+0x20/0x40 [ 19.880117] kasan_save_alloc_info+0x40/0x58 [ 19.880158] __kasan_kmalloc+0xd4/0xd8 [ 19.880198] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.880359] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.881136] kunit_try_run_case+0x170/0x3f0 [ 19.881185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.881271] kthread+0x328/0x630 [ 19.881305] ret_from_fork+0x10/0x20 [ 19.881345] [ 19.881654] The buggy address belongs to the object at fff00000c6c2cb00 [ 19.881654] which belongs to the cache kmalloc-128 of size 128 [ 19.881721] The buggy address is located 0 bytes to the right of [ 19.881721] allocated 120-byte region [fff00000c6c2cb00, fff00000c6c2cb78) [ 19.881788] [ 19.881843] The buggy address belongs to the physical page: [ 19.881897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.882108] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.882188] page_type: f5(slab) [ 19.882263] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.882467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.882566] page dumped because: kasan: bad access detected [ 19.882677] [ 19.882736] Memory state around the buggy address: [ 19.882777] fff00000c6c2ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.882824] fff00000c6c2ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.882905] >fff00000c6c2cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.883050] ^ [ 19.883196] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.883255] fff00000c6c2cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.883320] ================================================================== [ 19.869168] ================================================================== [ 19.869617] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.869716] Read of size 8 at addr fff00000c6c2cb78 by task kunit_try_catch/281 [ 19.869882] [ 19.869931] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.870118] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.870186] Hardware name: linux,dummy-virt (DT) [ 19.870235] Call trace: [ 19.870264] show_stack+0x20/0x38 (C) [ 19.870563] dump_stack_lvl+0x8c/0xd0 [ 19.870782] print_report+0x118/0x608 [ 19.870838] kasan_report+0xdc/0x128 [ 19.870888] __asan_report_load8_noabort+0x20/0x30 [ 19.870940] copy_to_kernel_nofault+0x204/0x250 [ 19.870992] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.871273] kunit_try_run_case+0x170/0x3f0 [ 19.871397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.871454] kthread+0x328/0x630 [ 19.871758] ret_from_fork+0x10/0x20 [ 19.871825] [ 19.871845] Allocated by task 281: [ 19.871879] kasan_save_stack+0x3c/0x68 [ 19.871958] kasan_save_track+0x20/0x40 [ 19.871999] kasan_save_alloc_info+0x40/0x58 [ 19.872047] __kasan_kmalloc+0xd4/0xd8 [ 19.872105] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.872148] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.872235] kunit_try_run_case+0x170/0x3f0 [ 19.872631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.872827] kthread+0x328/0x630 [ 19.872864] ret_from_fork+0x10/0x20 [ 19.872905] [ 19.872927] The buggy address belongs to the object at fff00000c6c2cb00 [ 19.872927] which belongs to the cache kmalloc-128 of size 128 [ 19.873001] The buggy address is located 0 bytes to the right of [ 19.873001] allocated 120-byte region [fff00000c6c2cb00, fff00000c6c2cb78) [ 19.873068] [ 19.873437] The buggy address belongs to the physical page: [ 19.873486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.873608] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.873665] page_type: f5(slab) [ 19.873899] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.873958] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.874002] page dumped because: kasan: bad access detected [ 19.874065] [ 19.874096] Memory state around the buggy address: [ 19.874243] fff00000c6c2ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.874305] fff00000c6c2ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874379] >fff00000c6c2cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.874625] ^ [ 19.874713] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874765] fff00000c6c2cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874841] ==================================================================
[ 16.585935] ================================================================== [ 16.586652] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.586994] Read of size 8 at addr ffff8881029c7d78 by task kunit_try_catch/298 [ 16.587285] [ 16.587383] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.587433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.587447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.587470] Call Trace: [ 16.587483] <TASK> [ 16.587501] dump_stack_lvl+0x73/0xb0 [ 16.587530] print_report+0xd1/0x650 [ 16.587555] ? __virt_addr_valid+0x1db/0x2d0 [ 16.587579] ? copy_to_kernel_nofault+0x225/0x260 [ 16.588101] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.588136] ? copy_to_kernel_nofault+0x225/0x260 [ 16.588164] kasan_report+0x141/0x180 [ 16.588192] ? copy_to_kernel_nofault+0x225/0x260 [ 16.588224] __asan_report_load8_noabort+0x18/0x20 [ 16.588252] copy_to_kernel_nofault+0x225/0x260 [ 16.588280] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.588307] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.588332] ? finish_task_switch.isra.0+0x153/0x700 [ 16.588358] ? __schedule+0x10cc/0x2b60 [ 16.588381] ? trace_hardirqs_on+0x37/0xe0 [ 16.588414] ? __pfx_read_tsc+0x10/0x10 [ 16.588438] ? ktime_get_ts64+0x86/0x230 [ 16.588464] kunit_try_run_case+0x1a5/0x480 [ 16.588490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.588515] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.588540] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.588565] ? __kthread_parkme+0x82/0x180 [ 16.588589] ? preempt_count_sub+0x50/0x80 [ 16.588625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.588652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.588677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.588705] kthread+0x337/0x6f0 [ 16.588725] ? trace_preempt_on+0x20/0xc0 [ 16.588749] ? __pfx_kthread+0x10/0x10 [ 16.588805] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.588829] ? calculate_sigpending+0x7b/0xa0 [ 16.588855] ? __pfx_kthread+0x10/0x10 [ 16.588878] ret_from_fork+0x116/0x1d0 [ 16.588898] ? __pfx_kthread+0x10/0x10 [ 16.588920] ret_from_fork_asm+0x1a/0x30 [ 16.588952] </TASK> [ 16.588964] [ 16.600838] Allocated by task 298: [ 16.601211] kasan_save_stack+0x45/0x70 [ 16.601641] kasan_save_track+0x18/0x40 [ 16.601964] kasan_save_alloc_info+0x3b/0x50 [ 16.602188] __kasan_kmalloc+0xb7/0xc0 [ 16.602533] __kmalloc_cache_noprof+0x189/0x420 [ 16.602771] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.603251] kunit_try_run_case+0x1a5/0x480 [ 16.603665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.603955] kthread+0x337/0x6f0 [ 16.604319] ret_from_fork+0x116/0x1d0 [ 16.604468] ret_from_fork_asm+0x1a/0x30 [ 16.604835] [ 16.604944] The buggy address belongs to the object at ffff8881029c7d00 [ 16.604944] which belongs to the cache kmalloc-128 of size 128 [ 16.605501] The buggy address is located 0 bytes to the right of [ 16.605501] allocated 120-byte region [ffff8881029c7d00, ffff8881029c7d78) [ 16.606309] [ 16.606591] The buggy address belongs to the physical page: [ 16.606868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.607447] flags: 0x200000000000000(node=0|zone=2) [ 16.607824] page_type: f5(slab) [ 16.608113] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.608641] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.609062] page dumped because: kasan: bad access detected [ 16.609345] [ 16.609513] Memory state around the buggy address: [ 16.609734] ffff8881029c7c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.610348] ffff8881029c7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.610690] >ffff8881029c7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.611245] ^ [ 16.611555] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.612079] ffff8881029c7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.612389] ================================================================== [ 16.613083] ================================================================== [ 16.613486] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.614106] Write of size 8 at addr ffff8881029c7d78 by task kunit_try_catch/298 [ 16.614462] [ 16.614586] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.614643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.614657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.614681] Call Trace: [ 16.614704] <TASK> [ 16.614724] dump_stack_lvl+0x73/0xb0 [ 16.614758] print_report+0xd1/0x650 [ 16.615021] ? __virt_addr_valid+0x1db/0x2d0 [ 16.615051] ? copy_to_kernel_nofault+0x99/0x260 [ 16.615078] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.615103] ? copy_to_kernel_nofault+0x99/0x260 [ 16.615129] kasan_report+0x141/0x180 [ 16.615152] ? copy_to_kernel_nofault+0x99/0x260 [ 16.615181] kasan_check_range+0x10c/0x1c0 [ 16.615206] __kasan_check_write+0x18/0x20 [ 16.615227] copy_to_kernel_nofault+0x99/0x260 [ 16.615254] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.615281] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.615307] ? finish_task_switch.isra.0+0x153/0x700 [ 16.615332] ? __schedule+0x10cc/0x2b60 [ 16.615354] ? trace_hardirqs_on+0x37/0xe0 [ 16.615389] ? __pfx_read_tsc+0x10/0x10 [ 16.615412] ? ktime_get_ts64+0x86/0x230 [ 16.615438] kunit_try_run_case+0x1a5/0x480 [ 16.615464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.615488] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.615514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.615539] ? __kthread_parkme+0x82/0x180 [ 16.615561] ? preempt_count_sub+0x50/0x80 [ 16.615585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.615625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.615651] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.615677] kthread+0x337/0x6f0 [ 16.615697] ? trace_preempt_on+0x20/0xc0 [ 16.615721] ? __pfx_kthread+0x10/0x10 [ 16.615743] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.615766] ? calculate_sigpending+0x7b/0xa0 [ 16.615813] ? __pfx_kthread+0x10/0x10 [ 16.615842] ret_from_fork+0x116/0x1d0 [ 16.615863] ? __pfx_kthread+0x10/0x10 [ 16.615885] ret_from_fork_asm+0x1a/0x30 [ 16.615918] </TASK> [ 16.615929] [ 16.626497] Allocated by task 298: [ 16.626885] kasan_save_stack+0x45/0x70 [ 16.627074] kasan_save_track+0x18/0x40 [ 16.627256] kasan_save_alloc_info+0x3b/0x50 [ 16.627533] __kasan_kmalloc+0xb7/0xc0 [ 16.627869] __kmalloc_cache_noprof+0x189/0x420 [ 16.628074] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.628417] kunit_try_run_case+0x1a5/0x480 [ 16.628634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.629007] kthread+0x337/0x6f0 [ 16.629162] ret_from_fork+0x116/0x1d0 [ 16.629311] ret_from_fork_asm+0x1a/0x30 [ 16.629630] [ 16.629731] The buggy address belongs to the object at ffff8881029c7d00 [ 16.629731] which belongs to the cache kmalloc-128 of size 128 [ 16.630493] The buggy address is located 0 bytes to the right of [ 16.630493] allocated 120-byte region [ffff8881029c7d00, ffff8881029c7d78) [ 16.631257] [ 16.631432] The buggy address belongs to the physical page: [ 16.631809] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.632101] flags: 0x200000000000000(node=0|zone=2) [ 16.632455] page_type: f5(slab) [ 16.632642] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.633049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.633355] page dumped because: kasan: bad access detected [ 16.633623] [ 16.633710] Memory state around the buggy address: [ 16.634147] ffff8881029c7c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.634403] ffff8881029c7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.634818] >ffff8881029c7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.635285] ^ [ 16.635542] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.635994] ffff8881029c7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.636249] ==================================================================