Date
June 23, 2025, 7:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.188986] ================================================================== [ 37.189145] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 37.189313] Read of size 8 at addr fff00000c7801278 by task kunit_try_catch/293 [ 37.189448] [ 37.190010] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.190488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.190629] Hardware name: linux,dummy-virt (DT) [ 37.191145] Call trace: [ 37.191211] show_stack+0x20/0x38 (C) [ 37.191349] dump_stack_lvl+0x8c/0xd0 [ 37.191718] print_report+0x118/0x608 [ 37.191867] kasan_report+0xdc/0x128 [ 37.192129] __asan_report_load8_noabort+0x20/0x30 [ 37.192658] copy_to_kernel_nofault+0x204/0x250 [ 37.193113] copy_to_kernel_nofault_oob+0x158/0x418 [ 37.193251] kunit_try_run_case+0x170/0x3f0 [ 37.193379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.194550] kthread+0x328/0x630 [ 37.194780] ret_from_fork+0x10/0x20 [ 37.195480] [ 37.195539] Allocated by task 293: [ 37.196245] kasan_save_stack+0x3c/0x68 [ 37.196567] kasan_save_track+0x20/0x40 [ 37.196996] kasan_save_alloc_info+0x40/0x58 [ 37.197183] __kasan_kmalloc+0xd4/0xd8 [ 37.197290] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.197712] copy_to_kernel_nofault_oob+0xc8/0x418 [ 37.197817] kunit_try_run_case+0x170/0x3f0 [ 37.198129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.198656] kthread+0x328/0x630 [ 37.198774] ret_from_fork+0x10/0x20 [ 37.199088] [ 37.199159] The buggy address belongs to the object at fff00000c7801200 [ 37.199159] which belongs to the cache kmalloc-128 of size 128 [ 37.200007] The buggy address is located 0 bytes to the right of [ 37.200007] allocated 120-byte region [fff00000c7801200, fff00000c7801278) [ 37.200199] [ 37.200261] The buggy address belongs to the physical page: [ 37.200342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.201319] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.202581] page_type: f5(slab) [ 37.202714] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.202986] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.203104] page dumped because: kasan: bad access detected [ 37.203927] [ 37.203992] Memory state around the buggy address: [ 37.204491] fff00000c7801100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.204605] fff00000c7801180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.204717] >fff00000c7801200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.205856] ^ [ 37.206183] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.206590] fff00000c7801300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.206701] ================================================================== [ 37.216834] ================================================================== [ 37.216930] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 37.217696] Write of size 8 at addr fff00000c7801278 by task kunit_try_catch/293 [ 37.218842] [ 37.218927] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.219743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.219967] Hardware name: linux,dummy-virt (DT) [ 37.220215] Call trace: [ 37.220294] show_stack+0x20/0x38 (C) [ 37.220791] dump_stack_lvl+0x8c/0xd0 [ 37.221136] print_report+0x118/0x608 [ 37.221265] kasan_report+0xdc/0x128 [ 37.222153] kasan_check_range+0x100/0x1a8 [ 37.222665] __kasan_check_write+0x20/0x30 [ 37.222803] copy_to_kernel_nofault+0x8c/0x250 [ 37.223756] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 37.223980] kunit_try_run_case+0x170/0x3f0 [ 37.224120] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.224277] kthread+0x328/0x630 [ 37.224412] ret_from_fork+0x10/0x20 [ 37.224551] [ 37.224608] Allocated by task 293: [ 37.224715] kasan_save_stack+0x3c/0x68 [ 37.224919] kasan_save_track+0x20/0x40 [ 37.225092] kasan_save_alloc_info+0x40/0x58 [ 37.225433] __kasan_kmalloc+0xd4/0xd8 [ 37.225586] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.225856] copy_to_kernel_nofault_oob+0xc8/0x418 [ 37.225993] kunit_try_run_case+0x170/0x3f0 [ 37.226537] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.226848] kthread+0x328/0x630 [ 37.227045] ret_from_fork+0x10/0x20 [ 37.227149] [ 37.227217] The buggy address belongs to the object at fff00000c7801200 [ 37.227217] which belongs to the cache kmalloc-128 of size 128 [ 37.227480] The buggy address is located 0 bytes to the right of [ 37.227480] allocated 120-byte region [fff00000c7801200, fff00000c7801278) [ 37.227646] [ 37.227751] The buggy address belongs to the physical page: [ 37.227845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.227979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.228331] page_type: f5(slab) [ 37.228675] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.228803] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.228936] page dumped because: kasan: bad access detected [ 37.229320] [ 37.229384] Memory state around the buggy address: [ 37.229479] fff00000c7801100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.229652] fff00000c7801180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.229772] >fff00000c7801200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.229877] ^ [ 37.229990] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.230122] fff00000c7801300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.230237] ==================================================================
[ 26.081459] ================================================================== [ 26.082437] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 26.082819] Read of size 8 at addr ffff888102c14878 by task kunit_try_catch/310 [ 26.083273] [ 26.083904] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.084027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.084046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.084068] Call Trace: [ 26.084097] <TASK> [ 26.084126] dump_stack_lvl+0x73/0xb0 [ 26.084175] print_report+0xd1/0x650 [ 26.084207] ? __virt_addr_valid+0x1db/0x2d0 [ 26.084241] ? copy_to_kernel_nofault+0x225/0x260 [ 26.084267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.084290] ? copy_to_kernel_nofault+0x225/0x260 [ 26.084310] kasan_report+0x141/0x180 [ 26.084330] ? copy_to_kernel_nofault+0x225/0x260 [ 26.084354] __asan_report_load8_noabort+0x18/0x20 [ 26.084375] copy_to_kernel_nofault+0x225/0x260 [ 26.084428] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 26.084467] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.084507] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.084555] ? trace_hardirqs_on+0x37/0xe0 [ 26.084608] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.084634] kunit_try_run_case+0x1a5/0x480 [ 26.084658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.084678] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.084698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.084718] ? __kthread_parkme+0x82/0x180 [ 26.084737] ? preempt_count_sub+0x50/0x80 [ 26.084757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.084778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.084798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.084819] kthread+0x337/0x6f0 [ 26.084844] ? trace_preempt_on+0x20/0xc0 [ 26.084865] ? __pfx_kthread+0x10/0x10 [ 26.084883] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.084901] ? calculate_sigpending+0x7b/0xa0 [ 26.084922] ? __pfx_kthread+0x10/0x10 [ 26.084941] ret_from_fork+0x116/0x1d0 [ 26.084958] ? __pfx_kthread+0x10/0x10 [ 26.084976] ret_from_fork_asm+0x1a/0x30 [ 26.085004] </TASK> [ 26.085016] [ 26.097508] Allocated by task 310: [ 26.097647] kasan_save_stack+0x45/0x70 [ 26.098519] kasan_save_track+0x18/0x40 [ 26.098740] kasan_save_alloc_info+0x3b/0x50 [ 26.099517] __kasan_kmalloc+0xb7/0xc0 [ 26.099699] __kmalloc_cache_noprof+0x189/0x420 [ 26.099867] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.100451] kunit_try_run_case+0x1a5/0x480 [ 26.100694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.101634] kthread+0x337/0x6f0 [ 26.101858] ret_from_fork+0x116/0x1d0 [ 26.101996] ret_from_fork_asm+0x1a/0x30 [ 26.102575] [ 26.102942] The buggy address belongs to the object at ffff888102c14800 [ 26.102942] which belongs to the cache kmalloc-128 of size 128 [ 26.103799] The buggy address is located 0 bytes to the right of [ 26.103799] allocated 120-byte region [ffff888102c14800, ffff888102c14878) [ 26.104455] [ 26.104570] The buggy address belongs to the physical page: [ 26.105211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.105461] flags: 0x200000000000000(node=0|zone=2) [ 26.105621] page_type: f5(slab) [ 26.105739] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.105952] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.106396] page dumped because: kasan: bad access detected [ 26.106746] [ 26.106844] Memory state around the buggy address: [ 26.107026] ffff888102c14700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.107303] ffff888102c14780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.108593] >ffff888102c14800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.108845] ^ [ 26.109063] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.109803] ffff888102c14900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.110759] ================================================================== [ 26.112066] ================================================================== [ 26.112405] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.113043] Write of size 8 at addr ffff888102c14878 by task kunit_try_catch/310 [ 26.113612] [ 26.113728] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.113809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.113835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.113873] Call Trace: [ 26.113901] <TASK> [ 26.114121] dump_stack_lvl+0x73/0xb0 [ 26.114188] print_report+0xd1/0x650 [ 26.114232] ? __virt_addr_valid+0x1db/0x2d0 [ 26.114278] ? copy_to_kernel_nofault+0x99/0x260 [ 26.114320] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.114368] ? copy_to_kernel_nofault+0x99/0x260 [ 26.114434] kasan_report+0x141/0x180 [ 26.114481] ? copy_to_kernel_nofault+0x99/0x260 [ 26.114534] kasan_check_range+0x10c/0x1c0 [ 26.114579] __kasan_check_write+0x18/0x20 [ 26.114622] copy_to_kernel_nofault+0x99/0x260 [ 26.114671] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.114717] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.114762] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.114812] ? trace_hardirqs_on+0x37/0xe0 [ 26.114866] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.114918] kunit_try_run_case+0x1a5/0x480 [ 26.114951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.114973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.114994] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.115016] ? __kthread_parkme+0x82/0x180 [ 26.115034] ? preempt_count_sub+0x50/0x80 [ 26.115055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.115075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.115095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.115115] kthread+0x337/0x6f0 [ 26.115132] ? trace_preempt_on+0x20/0xc0 [ 26.115151] ? __pfx_kthread+0x10/0x10 [ 26.115168] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.115187] ? calculate_sigpending+0x7b/0xa0 [ 26.115207] ? __pfx_kthread+0x10/0x10 [ 26.115226] ret_from_fork+0x116/0x1d0 [ 26.115243] ? __pfx_kthread+0x10/0x10 [ 26.115261] ret_from_fork_asm+0x1a/0x30 [ 26.115289] </TASK> [ 26.115301] [ 26.127887] Allocated by task 310: [ 26.128227] kasan_save_stack+0x45/0x70 [ 26.128501] kasan_save_track+0x18/0x40 [ 26.128648] kasan_save_alloc_info+0x3b/0x50 [ 26.129177] __kasan_kmalloc+0xb7/0xc0 [ 26.129438] __kmalloc_cache_noprof+0x189/0x420 [ 26.129638] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.130881] kunit_try_run_case+0x1a5/0x480 [ 26.131121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.131351] kthread+0x337/0x6f0 [ 26.131470] ret_from_fork+0x116/0x1d0 [ 26.131598] ret_from_fork_asm+0x1a/0x30 [ 26.132472] [ 26.132615] The buggy address belongs to the object at ffff888102c14800 [ 26.132615] which belongs to the cache kmalloc-128 of size 128 [ 26.133544] The buggy address is located 0 bytes to the right of [ 26.133544] allocated 120-byte region [ffff888102c14800, ffff888102c14878) [ 26.133963] [ 26.134129] The buggy address belongs to the physical page: [ 26.134294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.134586] flags: 0x200000000000000(node=0|zone=2) [ 26.134835] page_type: f5(slab) [ 26.135477] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.135717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.136354] page dumped because: kasan: bad access detected [ 26.136709] [ 26.136819] Memory state around the buggy address: [ 26.137354] ffff888102c14700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.137724] ffff888102c14780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.138469] >ffff888102c14800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.138843] ^ [ 26.139101] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.139553] ffff888102c14900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.139965] ==================================================================