Date
July 8, 2025, 7:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.470324] ================================================================== [ 22.470378] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 22.470458] Write of size 8 at addr fff00000c5713e78 by task kunit_try_catch/281 [ 22.470576] [ 22.470609] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.470956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.471000] Hardware name: linux,dummy-virt (DT) [ 22.471139] Call trace: [ 22.471173] show_stack+0x20/0x38 (C) [ 22.471242] dump_stack_lvl+0x8c/0xd0 [ 22.471371] print_report+0x118/0x608 [ 22.471425] kasan_report+0xdc/0x128 [ 22.471511] kasan_check_range+0x100/0x1a8 [ 22.471560] __kasan_check_write+0x20/0x30 [ 22.471607] copy_to_kernel_nofault+0x8c/0x250 [ 22.472160] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 22.472276] kunit_try_run_case+0x170/0x3f0 [ 22.472534] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.472652] kthread+0x328/0x630 [ 22.472798] ret_from_fork+0x10/0x20 [ 22.472986] [ 22.473096] Allocated by task 281: [ 22.473174] kasan_save_stack+0x3c/0x68 [ 22.473252] kasan_save_track+0x20/0x40 [ 22.473830] kasan_save_alloc_info+0x40/0x58 [ 22.473982] __kasan_kmalloc+0xd4/0xd8 [ 22.474114] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.474167] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.474415] kunit_try_run_case+0x170/0x3f0 [ 22.474667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.474837] kthread+0x328/0x630 [ 22.474924] ret_from_fork+0x10/0x20 [ 22.475055] [ 22.475080] The buggy address belongs to the object at fff00000c5713e00 [ 22.475080] which belongs to the cache kmalloc-128 of size 128 [ 22.475299] The buggy address is located 0 bytes to the right of [ 22.475299] allocated 120-byte region [fff00000c5713e00, fff00000c5713e78) [ 22.475805] [ 22.476120] The buggy address belongs to the physical page: [ 22.476160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.476236] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.476570] page_type: f5(slab) [ 22.477120] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.477184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.477547] page dumped because: kasan: bad access detected [ 22.477771] [ 22.477793] Memory state around the buggy address: [ 22.478080] fff00000c5713d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.478363] fff00000c5713d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.478753] >fff00000c5713e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.478868] ^ [ 22.479390] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.479697] fff00000c5713f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.479759] ================================================================== [ 22.465143] ================================================================== [ 22.465216] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 22.465339] Read of size 8 at addr fff00000c5713e78 by task kunit_try_catch/281 [ 22.465423] [ 22.465463] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.465550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.465888] Hardware name: linux,dummy-virt (DT) [ 22.466140] Call trace: [ 22.466184] show_stack+0x20/0x38 (C) [ 22.466248] dump_stack_lvl+0x8c/0xd0 [ 22.466441] print_report+0x118/0x608 [ 22.466542] kasan_report+0xdc/0x128 [ 22.466741] __asan_report_load8_noabort+0x20/0x30 [ 22.466982] copy_to_kernel_nofault+0x204/0x250 [ 22.467116] copy_to_kernel_nofault_oob+0x158/0x418 [ 22.467274] kunit_try_run_case+0x170/0x3f0 [ 22.467326] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.467382] kthread+0x328/0x630 [ 22.467423] ret_from_fork+0x10/0x20 [ 22.467473] [ 22.467495] Allocated by task 281: [ 22.467527] kasan_save_stack+0x3c/0x68 [ 22.467575] kasan_save_track+0x20/0x40 [ 22.467615] kasan_save_alloc_info+0x40/0x58 [ 22.467659] __kasan_kmalloc+0xd4/0xd8 [ 22.467699] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.467755] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.467795] kunit_try_run_case+0x170/0x3f0 [ 22.467836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.467882] kthread+0x328/0x630 [ 22.467932] ret_from_fork+0x10/0x20 [ 22.467972] [ 22.467994] The buggy address belongs to the object at fff00000c5713e00 [ 22.467994] which belongs to the cache kmalloc-128 of size 128 [ 22.468055] The buggy address is located 0 bytes to the right of [ 22.468055] allocated 120-byte region [fff00000c5713e00, fff00000c5713e78) [ 22.468133] [ 22.468156] The buggy address belongs to the physical page: [ 22.468199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.468253] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.468303] page_type: f5(slab) [ 22.468349] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.468409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.468451] page dumped because: kasan: bad access detected [ 22.468485] [ 22.468512] Memory state around the buggy address: [ 22.468545] fff00000c5713d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.468590] fff00000c5713d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.468635] >fff00000c5713e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.468675] ^ [ 22.469392] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.469577] fff00000c5713f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.469629] ==================================================================
[ 17.215526] ================================================================== [ 17.215769] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 17.216007] Write of size 8 at addr ffff888102629078 by task kunit_try_catch/298 [ 17.216280] [ 17.216375] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.216421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.216434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.216457] Call Trace: [ 17.216471] <TASK> [ 17.216489] dump_stack_lvl+0x73/0xb0 [ 17.216538] print_report+0xd1/0x650 [ 17.216562] ? __virt_addr_valid+0x1db/0x2d0 [ 17.217187] ? copy_to_kernel_nofault+0x99/0x260 [ 17.217221] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.217251] ? copy_to_kernel_nofault+0x99/0x260 [ 17.217275] kasan_report+0x141/0x180 [ 17.217299] ? copy_to_kernel_nofault+0x99/0x260 [ 17.217408] kasan_check_range+0x10c/0x1c0 [ 17.217436] __kasan_check_write+0x18/0x20 [ 17.217458] copy_to_kernel_nofault+0x99/0x260 [ 17.217590] copy_to_kernel_nofault_oob+0x288/0x560 [ 17.217616] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 17.217639] ? finish_task_switch.isra.0+0x153/0x700 [ 17.217663] ? __schedule+0x10cc/0x2b60 [ 17.217685] ? trace_hardirqs_on+0x37/0xe0 [ 17.217717] ? __pfx_read_tsc+0x10/0x10 [ 17.217739] ? ktime_get_ts64+0x86/0x230 [ 17.217764] kunit_try_run_case+0x1a5/0x480 [ 17.217789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.217812] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.217836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.217860] ? __kthread_parkme+0x82/0x180 [ 17.217881] ? preempt_count_sub+0x50/0x80 [ 17.217905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.217930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.217954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.217979] kthread+0x337/0x6f0 [ 17.217998] ? trace_preempt_on+0x20/0xc0 [ 17.218021] ? __pfx_kthread+0x10/0x10 [ 17.218230] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.218261] ? calculate_sigpending+0x7b/0xa0 [ 17.218286] ? __pfx_kthread+0x10/0x10 [ 17.218308] ret_from_fork+0x116/0x1d0 [ 17.218328] ? __pfx_kthread+0x10/0x10 [ 17.218349] ret_from_fork_asm+0x1a/0x30 [ 17.218381] </TASK> [ 17.218394] [ 17.229767] Allocated by task 298: [ 17.229960] kasan_save_stack+0x45/0x70 [ 17.230159] kasan_save_track+0x18/0x40 [ 17.230361] kasan_save_alloc_info+0x3b/0x50 [ 17.230921] __kasan_kmalloc+0xb7/0xc0 [ 17.231171] __kmalloc_cache_noprof+0x189/0x420 [ 17.231345] copy_to_kernel_nofault_oob+0x12f/0x560 [ 17.231798] kunit_try_run_case+0x1a5/0x480 [ 17.232138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.232573] kthread+0x337/0x6f0 [ 17.232721] ret_from_fork+0x116/0x1d0 [ 17.233002] ret_from_fork_asm+0x1a/0x30 [ 17.233205] [ 17.233308] The buggy address belongs to the object at ffff888102629000 [ 17.233308] which belongs to the cache kmalloc-128 of size 128 [ 17.233798] The buggy address is located 0 bytes to the right of [ 17.233798] allocated 120-byte region [ffff888102629000, ffff888102629078) [ 17.234319] [ 17.234413] The buggy address belongs to the physical page: [ 17.234648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102629 [ 17.234981] flags: 0x200000000000000(node=0|zone=2) [ 17.235840] page_type: f5(slab) [ 17.236052] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.236548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.237126] page dumped because: kasan: bad access detected [ 17.237549] [ 17.237640] Memory state around the buggy address: [ 17.237999] ffff888102628f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.238317] ffff888102628f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.238639] >ffff888102629000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.238937] ^ [ 17.239237] ffff888102629080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.239536] ffff888102629100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.239834] ================================================================== [ 17.189485] ================================================================== [ 17.190151] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 17.190491] Read of size 8 at addr ffff888102629078 by task kunit_try_catch/298 [ 17.190797] [ 17.190911] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.190961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.190974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.190997] Call Trace: [ 17.191011] <TASK> [ 17.191031] dump_stack_lvl+0x73/0xb0 [ 17.191097] print_report+0xd1/0x650 [ 17.191122] ? __virt_addr_valid+0x1db/0x2d0 [ 17.191146] ? copy_to_kernel_nofault+0x225/0x260 [ 17.191197] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.191224] ? copy_to_kernel_nofault+0x225/0x260 [ 17.191249] kasan_report+0x141/0x180 [ 17.191271] ? copy_to_kernel_nofault+0x225/0x260 [ 17.191301] __asan_report_load8_noabort+0x18/0x20 [ 17.191326] copy_to_kernel_nofault+0x225/0x260 [ 17.191351] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 17.191376] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 17.191400] ? finish_task_switch.isra.0+0x153/0x700 [ 17.191423] ? __schedule+0x10cc/0x2b60 [ 17.191446] ? trace_hardirqs_on+0x37/0xe0 [ 17.191478] ? __pfx_read_tsc+0x10/0x10 [ 17.191700] ? ktime_get_ts64+0x86/0x230 [ 17.191733] kunit_try_run_case+0x1a5/0x480 [ 17.191761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.191784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.191808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.191832] ? __kthread_parkme+0x82/0x180 [ 17.191854] ? preempt_count_sub+0x50/0x80 [ 17.191878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.191903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.191927] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.191951] kthread+0x337/0x6f0 [ 17.191970] ? trace_preempt_on+0x20/0xc0 [ 17.191994] ? __pfx_kthread+0x10/0x10 [ 17.192016] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.192038] ? calculate_sigpending+0x7b/0xa0 [ 17.192362] ? __pfx_kthread+0x10/0x10 [ 17.192385] ret_from_fork+0x116/0x1d0 [ 17.192406] ? __pfx_kthread+0x10/0x10 [ 17.192427] ret_from_fork_asm+0x1a/0x30 [ 17.192460] </TASK> [ 17.192473] [ 17.203458] Allocated by task 298: [ 17.203651] kasan_save_stack+0x45/0x70 [ 17.203950] kasan_save_track+0x18/0x40 [ 17.204333] kasan_save_alloc_info+0x3b/0x50 [ 17.204667] __kasan_kmalloc+0xb7/0xc0 [ 17.204979] __kmalloc_cache_noprof+0x189/0x420 [ 17.205295] copy_to_kernel_nofault_oob+0x12f/0x560 [ 17.205687] kunit_try_run_case+0x1a5/0x480 [ 17.205970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.206355] kthread+0x337/0x6f0 [ 17.206562] ret_from_fork+0x116/0x1d0 [ 17.206895] ret_from_fork_asm+0x1a/0x30 [ 17.207223] [ 17.207329] The buggy address belongs to the object at ffff888102629000 [ 17.207329] which belongs to the cache kmalloc-128 of size 128 [ 17.208093] The buggy address is located 0 bytes to the right of [ 17.208093] allocated 120-byte region [ffff888102629000, ffff888102629078) [ 17.209076] [ 17.209174] The buggy address belongs to the physical page: [ 17.209437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102629 [ 17.209773] flags: 0x200000000000000(node=0|zone=2) [ 17.210009] page_type: f5(slab) [ 17.210187] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.210480] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.211198] page dumped because: kasan: bad access detected [ 17.211384] [ 17.211459] Memory state around the buggy address: [ 17.212080] ffff888102628f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.212939] ffff888102628f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.213656] >ffff888102629000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.214130] ^ [ 17.214356] ffff888102629080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.214577] ffff888102629100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.214794] ==================================================================