Date
July 20, 2025, 8:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.299511] ================================================================== [ 18.299583] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 18.299635] Write of size 8 at addr fff00000c64df078 by task kunit_try_catch/282 [ 18.299688] [ 18.299718] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.299924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.300009] Hardware name: linux,dummy-virt (DT) [ 18.300046] Call trace: [ 18.300072] show_stack+0x20/0x38 (C) [ 18.300125] dump_stack_lvl+0x8c/0xd0 [ 18.300219] print_report+0x118/0x5d0 [ 18.300271] kasan_report+0xdc/0x128 [ 18.300410] kasan_check_range+0x100/0x1a8 [ 18.300464] __kasan_check_write+0x20/0x30 [ 18.300679] copy_to_kernel_nofault+0x8c/0x250 [ 18.300748] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 18.300801] kunit_try_run_case+0x170/0x3f0 [ 18.300856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.301232] kthread+0x328/0x630 [ 18.301292] ret_from_fork+0x10/0x20 [ 18.301342] [ 18.301364] Allocated by task 282: [ 18.301683] kasan_save_stack+0x3c/0x68 [ 18.301806] kasan_save_track+0x20/0x40 [ 18.301882] kasan_save_alloc_info+0x40/0x58 [ 18.301954] __kasan_kmalloc+0xd4/0xd8 [ 18.302327] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.302419] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.302531] kunit_try_run_case+0x170/0x3f0 [ 18.302617] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.302718] kthread+0x328/0x630 [ 18.302807] ret_from_fork+0x10/0x20 [ 18.302919] [ 18.302984] The buggy address belongs to the object at fff00000c64df000 [ 18.302984] which belongs to the cache kmalloc-128 of size 128 [ 18.303045] The buggy address is located 0 bytes to the right of [ 18.303045] allocated 120-byte region [fff00000c64df000, fff00000c64df078) [ 18.303356] [ 18.303427] The buggy address belongs to the physical page: [ 18.303527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.303621] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.303873] page_type: f5(slab) [ 18.304076] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.304179] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.304292] page dumped because: kasan: bad access detected [ 18.304372] [ 18.304465] Memory state around the buggy address: [ 18.304532] fff00000c64def00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.304593] fff00000c64def80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.304638] >fff00000c64df000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.305120] ^ [ 18.305426] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.305505] fff00000c64df100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.305603] ================================================================== [ 18.295090] ================================================================== [ 18.295292] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 18.295375] Read of size 8 at addr fff00000c64df078 by task kunit_try_catch/282 [ 18.295458] [ 18.295754] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.295865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.295896] Hardware name: linux,dummy-virt (DT) [ 18.295931] Call trace: [ 18.295966] show_stack+0x20/0x38 (C) [ 18.296032] dump_stack_lvl+0x8c/0xd0 [ 18.296084] print_report+0x118/0x5d0 [ 18.296133] kasan_report+0xdc/0x128 [ 18.296198] __asan_report_load8_noabort+0x20/0x30 [ 18.296254] copy_to_kernel_nofault+0x204/0x250 [ 18.296306] copy_to_kernel_nofault_oob+0x158/0x418 [ 18.296355] kunit_try_run_case+0x170/0x3f0 [ 18.296413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.296475] kthread+0x328/0x630 [ 18.296529] ret_from_fork+0x10/0x20 [ 18.296581] [ 18.296605] Allocated by task 282: [ 18.296636] kasan_save_stack+0x3c/0x68 [ 18.296679] kasan_save_track+0x20/0x40 [ 18.296725] kasan_save_alloc_info+0x40/0x58 [ 18.296769] __kasan_kmalloc+0xd4/0xd8 [ 18.296806] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.296858] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.296929] kunit_try_run_case+0x170/0x3f0 [ 18.296969] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.297014] kthread+0x328/0x630 [ 18.297054] ret_from_fork+0x10/0x20 [ 18.297093] [ 18.297117] The buggy address belongs to the object at fff00000c64df000 [ 18.297117] which belongs to the cache kmalloc-128 of size 128 [ 18.297599] The buggy address is located 0 bytes to the right of [ 18.297599] allocated 120-byte region [fff00000c64df000, fff00000c64df078) [ 18.297732] [ 18.297791] The buggy address belongs to the physical page: [ 18.297863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.297959] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.298058] page_type: f5(slab) [ 18.298130] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.298219] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.298282] page dumped because: kasan: bad access detected [ 18.298318] [ 18.298477] Memory state around the buggy address: [ 18.298623] fff00000c64def00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.298750] fff00000c64def80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.298815] >fff00000c64df000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.298883] ^ [ 18.298962] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.299060] fff00000c64df100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.299113] ==================================================================
[ 16.940530] ================================================================== [ 16.941642] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.942119] Read of size 8 at addr ffff8881029dfe78 by task kunit_try_catch/299 [ 16.942645] [ 16.942752] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.942839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.942854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.942880] Call Trace: [ 16.942897] <TASK> [ 16.942918] dump_stack_lvl+0x73/0xb0 [ 16.942954] print_report+0xd1/0x610 [ 16.943018] ? __virt_addr_valid+0x1db/0x2d0 [ 16.943045] ? copy_to_kernel_nofault+0x225/0x260 [ 16.943071] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.943199] ? copy_to_kernel_nofault+0x225/0x260 [ 16.943232] kasan_report+0x141/0x180 [ 16.943258] ? copy_to_kernel_nofault+0x225/0x260 [ 16.943289] __asan_report_load8_noabort+0x18/0x20 [ 16.943315] copy_to_kernel_nofault+0x225/0x260 [ 16.943341] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.943367] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.943392] ? finish_task_switch.isra.0+0x153/0x700 [ 16.943418] ? __schedule+0x10c6/0x2b60 [ 16.943443] ? trace_hardirqs_on+0x37/0xe0 [ 16.943489] ? __pfx_read_tsc+0x10/0x10 [ 16.943514] ? ktime_get_ts64+0x86/0x230 [ 16.943542] kunit_try_run_case+0x1a5/0x480 [ 16.943572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.943595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.943622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.943647] ? __kthread_parkme+0x82/0x180 [ 16.943671] ? preempt_count_sub+0x50/0x80 [ 16.943696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.943722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.943747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.943773] kthread+0x337/0x6f0 [ 16.943795] ? trace_preempt_on+0x20/0xc0 [ 16.943819] ? __pfx_kthread+0x10/0x10 [ 16.943842] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.943865] ? calculate_sigpending+0x7b/0xa0 [ 16.943892] ? __pfx_kthread+0x10/0x10 [ 16.943916] ret_from_fork+0x116/0x1d0 [ 16.943936] ? __pfx_kthread+0x10/0x10 [ 16.943958] ret_from_fork_asm+0x1a/0x30 [ 16.943992] </TASK> [ 16.944004] [ 16.957237] Allocated by task 299: [ 16.957764] kasan_save_stack+0x45/0x70 [ 16.958160] kasan_save_track+0x18/0x40 [ 16.958489] kasan_save_alloc_info+0x3b/0x50 [ 16.958681] __kasan_kmalloc+0xb7/0xc0 [ 16.958876] __kmalloc_cache_noprof+0x189/0x420 [ 16.959494] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.959903] kunit_try_run_case+0x1a5/0x480 [ 16.960282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.960664] kthread+0x337/0x6f0 [ 16.960913] ret_from_fork+0x116/0x1d0 [ 16.961305] ret_from_fork_asm+0x1a/0x30 [ 16.961646] [ 16.961749] The buggy address belongs to the object at ffff8881029dfe00 [ 16.961749] which belongs to the cache kmalloc-128 of size 128 [ 16.962519] The buggy address is located 0 bytes to the right of [ 16.962519] allocated 120-byte region [ffff8881029dfe00, ffff8881029dfe78) [ 16.963003] [ 16.963108] The buggy address belongs to the physical page: [ 16.963728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 16.964284] flags: 0x200000000000000(node=0|zone=2) [ 16.964630] page_type: f5(slab) [ 16.965027] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.965445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.965971] page dumped because: kasan: bad access detected [ 16.966375] [ 16.966496] Memory state around the buggy address: [ 16.966690] ffff8881029dfd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.967065] ffff8881029dfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.967817] >ffff8881029dfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.968352] ^ [ 16.968783] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.969391] ffff8881029dff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.969919] ================================================================== [ 16.970971] ================================================================== [ 16.971922] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.972350] Write of size 8 at addr ffff8881029dfe78 by task kunit_try_catch/299 [ 16.972986] [ 16.973121] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.973175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.973189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.973215] Call Trace: [ 16.973231] <TASK> [ 16.973250] dump_stack_lvl+0x73/0xb0 [ 16.973286] print_report+0xd1/0x610 [ 16.973312] ? __virt_addr_valid+0x1db/0x2d0 [ 16.973338] ? copy_to_kernel_nofault+0x99/0x260 [ 16.973365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.973392] ? copy_to_kernel_nofault+0x99/0x260 [ 16.973417] kasan_report+0x141/0x180 [ 16.973442] ? copy_to_kernel_nofault+0x99/0x260 [ 16.973484] kasan_check_range+0x10c/0x1c0 [ 16.973511] __kasan_check_write+0x18/0x20 [ 16.973532] copy_to_kernel_nofault+0x99/0x260 [ 16.973559] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.973585] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.973611] ? finish_task_switch.isra.0+0x153/0x700 [ 16.973657] ? __schedule+0x10c6/0x2b60 [ 16.973683] ? trace_hardirqs_on+0x37/0xe0 [ 16.973717] ? __pfx_read_tsc+0x10/0x10 [ 16.973741] ? ktime_get_ts64+0x86/0x230 [ 16.973768] kunit_try_run_case+0x1a5/0x480 [ 16.973807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.973832] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.973859] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.973885] ? __kthread_parkme+0x82/0x180 [ 16.973909] ? preempt_count_sub+0x50/0x80 [ 16.973934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.973960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.973986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.974013] kthread+0x337/0x6f0 [ 16.974034] ? trace_preempt_on+0x20/0xc0 [ 16.974059] ? __pfx_kthread+0x10/0x10 [ 16.974081] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.974110] ? calculate_sigpending+0x7b/0xa0 [ 16.974137] ? __pfx_kthread+0x10/0x10 [ 16.974161] ret_from_fork+0x116/0x1d0 [ 16.974181] ? __pfx_kthread+0x10/0x10 [ 16.974205] ret_from_fork_asm+0x1a/0x30 [ 16.974242] </TASK> [ 16.974257] [ 16.988550] Allocated by task 299: [ 16.988911] kasan_save_stack+0x45/0x70 [ 16.989110] kasan_save_track+0x18/0x40 [ 16.989255] kasan_save_alloc_info+0x3b/0x50 [ 16.989481] __kasan_kmalloc+0xb7/0xc0 [ 16.989899] __kmalloc_cache_noprof+0x189/0x420 [ 16.990393] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.990921] kunit_try_run_case+0x1a5/0x480 [ 16.991381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.991979] kthread+0x337/0x6f0 [ 16.992346] ret_from_fork+0x116/0x1d0 [ 16.992717] ret_from_fork_asm+0x1a/0x30 [ 16.992944] [ 16.993145] The buggy address belongs to the object at ffff8881029dfe00 [ 16.993145] which belongs to the cache kmalloc-128 of size 128 [ 16.994034] The buggy address is located 0 bytes to the right of [ 16.994034] allocated 120-byte region [ffff8881029dfe00, ffff8881029dfe78) [ 16.994951] [ 16.995122] The buggy address belongs to the physical page: [ 16.995731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 16.996408] flags: 0x200000000000000(node=0|zone=2) [ 16.996951] page_type: f5(slab) [ 16.997257] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.997940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.998541] page dumped because: kasan: bad access detected [ 16.998728] [ 16.998851] Memory state around the buggy address: [ 16.999330] ffff8881029dfd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.000288] ffff8881029dfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.000947] >ffff8881029dfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.001339] ^ [ 17.002069] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.002714] ffff8881029dff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.003147] ==================================================================