Date
July 8, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.318393] ================================================================== [ 34.318449] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 34.318505] Write of size 8 at addr fff00000c9adfb78 by task kunit_try_catch/312 [ 34.318556] [ 34.318591] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.318679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.319881] Hardware name: linux,dummy-virt (DT) [ 34.319936] Call trace: [ 34.319962] show_stack+0x20/0x38 (C) [ 34.320018] dump_stack_lvl+0x8c/0xd0 [ 34.320066] print_report+0x118/0x5d0 [ 34.320115] kasan_report+0xdc/0x128 [ 34.320164] kasan_check_range+0x100/0x1a8 [ 34.320222] __kasan_check_write+0x20/0x30 [ 34.321200] copy_to_kernel_nofault+0x8c/0x250 [ 34.321442] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 34.321638] kunit_try_run_case+0x170/0x3f0 [ 34.322054] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.322127] kthread+0x328/0x630 [ 34.322174] ret_from_fork+0x10/0x20 [ 34.322825] [ 34.322905] Allocated by task 312: [ 34.322969] kasan_save_stack+0x3c/0x68 [ 34.323572] kasan_save_track+0x20/0x40 [ 34.323627] kasan_save_alloc_info+0x40/0x58 [ 34.323716] __kasan_kmalloc+0xd4/0xd8 [ 34.324139] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.324195] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.324687] kunit_try_run_case+0x170/0x3f0 [ 34.324982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.325108] kthread+0x328/0x630 [ 34.325149] ret_from_fork+0x10/0x20 [ 34.325349] [ 34.325423] The buggy address belongs to the object at fff00000c9adfb00 [ 34.325423] which belongs to the cache kmalloc-128 of size 128 [ 34.325485] The buggy address is located 0 bytes to the right of [ 34.325485] allocated 120-byte region [fff00000c9adfb00, fff00000c9adfb78) [ 34.325550] [ 34.325573] The buggy address belongs to the physical page: [ 34.326245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.326330] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.326625] page_type: f5(slab) [ 34.326756] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.327118] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.327269] page dumped because: kasan: bad access detected [ 34.327304] [ 34.327324] Memory state around the buggy address: [ 34.327775] fff00000c9adfa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.327853] fff00000c9adfa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.327905] >fff00000c9adfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.327945] ^ [ 34.327990] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.328035] fff00000c9adfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.328076] ================================================================== [ 34.305887] ================================================================== [ 34.305958] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 34.306029] Read of size 8 at addr fff00000c9adfb78 by task kunit_try_catch/312 [ 34.306079] [ 34.306120] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.307174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.307585] Hardware name: linux,dummy-virt (DT) [ 34.307845] Call trace: [ 34.307874] show_stack+0x20/0x38 (C) [ 34.308524] dump_stack_lvl+0x8c/0xd0 [ 34.308795] print_report+0x118/0x5d0 [ 34.308935] kasan_report+0xdc/0x128 [ 34.308985] __asan_report_load8_noabort+0x20/0x30 [ 34.309035] copy_to_kernel_nofault+0x204/0x250 [ 34.309789] copy_to_kernel_nofault_oob+0x158/0x418 [ 34.309856] kunit_try_run_case+0x170/0x3f0 [ 34.310327] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.310519] kthread+0x328/0x630 [ 34.310706] ret_from_fork+0x10/0x20 [ 34.310760] [ 34.311141] Allocated by task 312: [ 34.311182] kasan_save_stack+0x3c/0x68 [ 34.311561] kasan_save_track+0x20/0x40 [ 34.311943] kasan_save_alloc_info+0x40/0x58 [ 34.312181] __kasan_kmalloc+0xd4/0xd8 [ 34.312442] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.312497] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.312836] kunit_try_run_case+0x170/0x3f0 [ 34.312898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.312947] kthread+0x328/0x630 [ 34.313196] ret_from_fork+0x10/0x20 [ 34.313249] [ 34.313272] The buggy address belongs to the object at fff00000c9adfb00 [ 34.313272] which belongs to the cache kmalloc-128 of size 128 [ 34.313334] The buggy address is located 0 bytes to the right of [ 34.313334] allocated 120-byte region [fff00000c9adfb00, fff00000c9adfb78) [ 34.313398] [ 34.314051] The buggy address belongs to the physical page: [ 34.314116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.314255] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.314328] page_type: f5(slab) [ 34.314373] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.314427] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.314470] page dumped because: kasan: bad access detected [ 34.314505] [ 34.314526] Memory state around the buggy address: [ 34.314563] fff00000c9adfa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.314609] fff00000c9adfa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.315281] >fff00000c9adfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.315343] ^ [ 34.315867] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.316024] fff00000c9adfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.316252] ==================================================================
[ 27.535807] ================================================================== [ 27.536724] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.536994] Read of size 8 at addr ffff8881062af778 by task kunit_try_catch/329 [ 27.537220] [ 27.537331] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.537392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.537407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.537433] Call Trace: [ 27.537449] <TASK> [ 27.537471] dump_stack_lvl+0x73/0xb0 [ 27.537507] print_report+0xd1/0x610 [ 27.537534] ? __virt_addr_valid+0x1db/0x2d0 [ 27.538122] ? copy_to_kernel_nofault+0x225/0x260 [ 27.538162] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.538195] ? copy_to_kernel_nofault+0x225/0x260 [ 27.538223] kasan_report+0x141/0x180 [ 27.538261] ? copy_to_kernel_nofault+0x225/0x260 [ 27.538292] __asan_report_load8_noabort+0x18/0x20 [ 27.538321] copy_to_kernel_nofault+0x225/0x260 [ 27.538349] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.538375] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.538399] ? finish_task_switch.isra.0+0x153/0x700 [ 27.538426] ? __schedule+0x10cc/0x2b60 [ 27.538457] ? trace_hardirqs_on+0x37/0xe0 [ 27.538487] ? unwind_next_frame+0x18f/0x8e0 [ 27.538510] ? __unwind_start+0x1fc/0x390 [ 27.538533] ? ret_from_fork_asm+0x1a/0x30 [ 27.538561] ? __kernel_text_address+0x16/0x50 [ 27.538591] ? __pfx_read_tsc+0x10/0x10 [ 27.538618] ? ktime_get_ts64+0x86/0x230 [ 27.538647] kunit_try_run_case+0x1a5/0x480 [ 27.538674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.538695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.538720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.538766] ? __kthread_parkme+0x82/0x180 [ 27.538788] ? preempt_count_sub+0x50/0x80 [ 27.538812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.538845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.538875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.538902] kthread+0x337/0x6f0 [ 27.538926] ? trace_preempt_on+0x20/0xc0 [ 27.538950] ? __pfx_kthread+0x10/0x10 [ 27.538974] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.539003] ? calculate_sigpending+0x7b/0xa0 [ 27.539033] ? __pfx_kthread+0x10/0x10 [ 27.539059] ret_from_fork+0x116/0x1d0 [ 27.539079] ? __pfx_kthread+0x10/0x10 [ 27.539104] ret_from_fork_asm+0x1a/0x30 [ 27.539140] </TASK> [ 27.539155] [ 27.557174] Allocated by task 329: [ 27.557608] kasan_save_stack+0x45/0x70 [ 27.557953] kasan_save_track+0x18/0x40 [ 27.558272] kasan_save_alloc_info+0x3b/0x50 [ 27.558610] __kasan_kmalloc+0xb7/0xc0 [ 27.558989] __kmalloc_cache_noprof+0x189/0x420 [ 27.559303] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.559466] kunit_try_run_case+0x1a5/0x480 [ 27.559607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.559818] kthread+0x337/0x6f0 [ 27.560198] ret_from_fork+0x116/0x1d0 [ 27.560387] ret_from_fork_asm+0x1a/0x30 [ 27.560529] [ 27.560597] The buggy address belongs to the object at ffff8881062af700 [ 27.560597] which belongs to the cache kmalloc-128 of size 128 [ 27.561013] The buggy address is located 0 bytes to the right of [ 27.561013] allocated 120-byte region [ffff8881062af700, ffff8881062af778) [ 27.562226] [ 27.562328] The buggy address belongs to the physical page: [ 27.562568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.563135] flags: 0x200000000000000(node=0|zone=2) [ 27.563370] page_type: f5(slab) [ 27.563546] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.564175] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.564611] page dumped because: kasan: bad access detected [ 27.564915] [ 27.565097] Memory state around the buggy address: [ 27.565485] ffff8881062af600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.565877] ffff8881062af680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.566334] >ffff8881062af700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.566626] ^ [ 27.567029] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.567389] ffff8881062af800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.567644] ================================================================== [ 27.568537] ================================================================== [ 27.569062] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.569425] Write of size 8 at addr ffff8881062af778 by task kunit_try_catch/329 [ 27.569725] [ 27.570086] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.570144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.570158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.570183] Call Trace: [ 27.570201] <TASK> [ 27.570221] dump_stack_lvl+0x73/0xb0 [ 27.570268] print_report+0xd1/0x610 [ 27.570292] ? __virt_addr_valid+0x1db/0x2d0 [ 27.570319] ? copy_to_kernel_nofault+0x99/0x260 [ 27.570346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.570376] ? copy_to_kernel_nofault+0x99/0x260 [ 27.570403] kasan_report+0x141/0x180 [ 27.570426] ? copy_to_kernel_nofault+0x99/0x260 [ 27.570457] kasan_check_range+0x10c/0x1c0 [ 27.570484] __kasan_check_write+0x18/0x20 [ 27.570512] copy_to_kernel_nofault+0x99/0x260 [ 27.570540] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.570565] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.570590] ? finish_task_switch.isra.0+0x153/0x700 [ 27.570615] ? __schedule+0x10cc/0x2b60 [ 27.570645] ? trace_hardirqs_on+0x37/0xe0 [ 27.570675] ? unwind_next_frame+0x18f/0x8e0 [ 27.570698] ? __unwind_start+0x1fc/0x390 [ 27.570719] ? ret_from_fork_asm+0x1a/0x30 [ 27.570745] ? __kernel_text_address+0x16/0x50 [ 27.571139] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 27.571172] ? __pfx_read_tsc+0x10/0x10 [ 27.571200] ? ktime_get_ts64+0x86/0x230 [ 27.571229] kunit_try_run_case+0x1a5/0x480 [ 27.571269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.571292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.571317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.571349] ? __kthread_parkme+0x82/0x180 [ 27.571370] ? preempt_count_sub+0x50/0x80 [ 27.571396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.571420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.571448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.571476] kthread+0x337/0x6f0 [ 27.571499] ? trace_preempt_on+0x20/0xc0 [ 27.571525] ? __pfx_kthread+0x10/0x10 [ 27.571549] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.571578] ? calculate_sigpending+0x7b/0xa0 [ 27.571607] ? __pfx_kthread+0x10/0x10 [ 27.571632] ret_from_fork+0x116/0x1d0 [ 27.571653] ? __pfx_kthread+0x10/0x10 [ 27.571676] ret_from_fork_asm+0x1a/0x30 [ 27.571712] </TASK> [ 27.571724] [ 27.584126] Allocated by task 329: [ 27.584342] kasan_save_stack+0x45/0x70 [ 27.584547] kasan_save_track+0x18/0x40 [ 27.584703] kasan_save_alloc_info+0x3b/0x50 [ 27.584916] __kasan_kmalloc+0xb7/0xc0 [ 27.585662] __kmalloc_cache_noprof+0x189/0x420 [ 27.585859] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.586335] kunit_try_run_case+0x1a5/0x480 [ 27.586643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.586974] kthread+0x337/0x6f0 [ 27.587220] ret_from_fork+0x116/0x1d0 [ 27.587427] ret_from_fork_asm+0x1a/0x30 [ 27.587738] [ 27.587913] The buggy address belongs to the object at ffff8881062af700 [ 27.587913] which belongs to the cache kmalloc-128 of size 128 [ 27.588744] The buggy address is located 0 bytes to the right of [ 27.588744] allocated 120-byte region [ffff8881062af700, ffff8881062af778) [ 27.589543] [ 27.589832] The buggy address belongs to the physical page: [ 27.590073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.590368] flags: 0x200000000000000(node=0|zone=2) [ 27.590594] page_type: f5(slab) [ 27.590808] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.591091] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.591421] page dumped because: kasan: bad access detected [ 27.591601] [ 27.591692] Memory state around the buggy address: [ 27.592014] ffff8881062af600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.592255] ffff8881062af680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.592736] >ffff8881062af700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.593008] ^ [ 27.593419] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.593763] ffff8881062af800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.594313] ==================================================================