Date
July 10, 2025, 9:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.494722] ================================================================== [ 32.494913] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 32.495067] Write of size 8 at addr fff00000c9bc2878 by task kunit_try_catch/312 [ 32.495165] [ 32.495254] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.495475] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.495512] Hardware name: linux,dummy-virt (DT) [ 32.496151] Call trace: [ 32.496269] show_stack+0x20/0x38 (C) [ 32.496377] dump_stack_lvl+0x8c/0xd0 [ 32.496454] print_report+0x118/0x5d0 [ 32.496557] kasan_report+0xdc/0x128 [ 32.496601] kasan_check_range+0x100/0x1a8 [ 32.496650] __kasan_check_write+0x20/0x30 [ 32.496739] copy_to_kernel_nofault+0x8c/0x250 [ 32.496981] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 32.497088] kunit_try_run_case+0x170/0x3f0 [ 32.497224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.497281] kthread+0x328/0x630 [ 32.497365] ret_from_fork+0x10/0x20 [ 32.497578] [ 32.497672] Allocated by task 312: [ 32.497721] kasan_save_stack+0x3c/0x68 [ 32.497805] kasan_save_track+0x20/0x40 [ 32.497866] kasan_save_alloc_info+0x40/0x58 [ 32.497906] __kasan_kmalloc+0xd4/0xd8 [ 32.497945] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.497987] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.498030] kunit_try_run_case+0x170/0x3f0 [ 32.498072] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.498120] kthread+0x328/0x630 [ 32.498162] ret_from_fork+0x10/0x20 [ 32.498201] [ 32.498222] The buggy address belongs to the object at fff00000c9bc2800 [ 32.498222] which belongs to the cache kmalloc-128 of size 128 [ 32.498285] The buggy address is located 0 bytes to the right of [ 32.498285] allocated 120-byte region [fff00000c9bc2800, fff00000c9bc2878) [ 32.498353] [ 32.498423] The buggy address belongs to the physical page: [ 32.498702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.499011] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.499365] page_type: f5(slab) [ 32.499602] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.499953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.500185] page dumped because: kasan: bad access detected [ 32.500418] [ 32.500441] Memory state around the buggy address: [ 32.500487] fff00000c9bc2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.500538] fff00000c9bc2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.500585] >fff00000c9bc2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.500877] ^ [ 32.500942] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.501125] fff00000c9bc2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.501252] ================================================================== [ 32.487731] ================================================================== [ 32.487800] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 32.487870] Read of size 8 at addr fff00000c9bc2878 by task kunit_try_catch/312 [ 32.488108] [ 32.488263] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.488460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.488515] Hardware name: linux,dummy-virt (DT) [ 32.488672] Call trace: [ 32.488743] show_stack+0x20/0x38 (C) [ 32.488796] dump_stack_lvl+0x8c/0xd0 [ 32.488843] print_report+0x118/0x5d0 [ 32.488888] kasan_report+0xdc/0x128 [ 32.488931] __asan_report_load8_noabort+0x20/0x30 [ 32.488981] copy_to_kernel_nofault+0x204/0x250 [ 32.489037] copy_to_kernel_nofault_oob+0x158/0x418 [ 32.489425] kunit_try_run_case+0x170/0x3f0 [ 32.489571] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.489915] kthread+0x328/0x630 [ 32.489965] ret_from_fork+0x10/0x20 [ 32.490016] [ 32.490523] Allocated by task 312: [ 32.490644] kasan_save_stack+0x3c/0x68 [ 32.490756] kasan_save_track+0x20/0x40 [ 32.490811] kasan_save_alloc_info+0x40/0x58 [ 32.490850] __kasan_kmalloc+0xd4/0xd8 [ 32.490891] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.490933] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.490977] kunit_try_run_case+0x170/0x3f0 [ 32.491072] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.491183] kthread+0x328/0x630 [ 32.491368] ret_from_fork+0x10/0x20 [ 32.491471] [ 32.491530] The buggy address belongs to the object at fff00000c9bc2800 [ 32.491530] which belongs to the cache kmalloc-128 of size 128 [ 32.491644] The buggy address is located 0 bytes to the right of [ 32.491644] allocated 120-byte region [fff00000c9bc2800, fff00000c9bc2878) [ 32.491719] [ 32.491742] The buggy address belongs to the physical page: [ 32.491781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.491838] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.491893] page_type: f5(slab) [ 32.491948] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.492152] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.492437] page dumped because: kasan: bad access detected [ 32.492478] [ 32.492500] Memory state around the buggy address: [ 32.492541] fff00000c9bc2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.492603] fff00000c9bc2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.492650] >fff00000c9bc2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.493072] ^ [ 32.493238] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.493319] fff00000c9bc2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.493362] ==================================================================
[ 29.087414] ================================================================== [ 29.088054] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.088370] Read of size 8 at addr ffff8881060c3c78 by task kunit_try_catch/329 [ 29.088690] [ 29.089130] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.089499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.089516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.089541] Call Trace: [ 29.089557] <TASK> [ 29.089578] dump_stack_lvl+0x73/0xb0 [ 29.089612] print_report+0xd1/0x610 [ 29.089640] ? __virt_addr_valid+0x1db/0x2d0 [ 29.089668] ? copy_to_kernel_nofault+0x225/0x260 [ 29.089693] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.089730] ? copy_to_kernel_nofault+0x225/0x260 [ 29.089755] kasan_report+0x141/0x180 [ 29.089796] ? copy_to_kernel_nofault+0x225/0x260 [ 29.089825] __asan_report_load8_noabort+0x18/0x20 [ 29.089851] copy_to_kernel_nofault+0x225/0x260 [ 29.089877] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.089902] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.089926] ? finish_task_switch.isra.0+0x153/0x700 [ 29.089950] ? __schedule+0x10cc/0x2b60 [ 29.089975] ? trace_hardirqs_on+0x37/0xe0 [ 29.090008] ? __pfx_read_tsc+0x10/0x10 [ 29.090033] ? ktime_get_ts64+0x86/0x230 [ 29.090060] kunit_try_run_case+0x1a5/0x480 [ 29.090084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.090106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.090132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.090156] ? __kthread_parkme+0x82/0x180 [ 29.090179] ? preempt_count_sub+0x50/0x80 [ 29.090204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.090227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.090253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.090281] kthread+0x337/0x6f0 [ 29.090302] ? trace_preempt_on+0x20/0xc0 [ 29.090325] ? __pfx_kthread+0x10/0x10 [ 29.090348] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.090371] ? calculate_sigpending+0x7b/0xa0 [ 29.090396] ? __pfx_kthread+0x10/0x10 [ 29.090419] ret_from_fork+0x116/0x1d0 [ 29.090441] ? __pfx_kthread+0x10/0x10 [ 29.090463] ret_from_fork_asm+0x1a/0x30 [ 29.090512] </TASK> [ 29.090526] [ 29.102261] Allocated by task 329: [ 29.102716] kasan_save_stack+0x45/0x70 [ 29.103059] kasan_save_track+0x18/0x40 [ 29.103236] kasan_save_alloc_info+0x3b/0x50 [ 29.103638] __kasan_kmalloc+0xb7/0xc0 [ 29.104036] __kmalloc_cache_noprof+0x189/0x420 [ 29.104295] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.104501] kunit_try_run_case+0x1a5/0x480 [ 29.104716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.105073] kthread+0x337/0x6f0 [ 29.105403] ret_from_fork+0x116/0x1d0 [ 29.105678] ret_from_fork_asm+0x1a/0x30 [ 29.106172] [ 29.106270] The buggy address belongs to the object at ffff8881060c3c00 [ 29.106270] which belongs to the cache kmalloc-128 of size 128 [ 29.106981] The buggy address is located 0 bytes to the right of [ 29.106981] allocated 120-byte region [ffff8881060c3c00, ffff8881060c3c78) [ 29.107760] [ 29.107896] The buggy address belongs to the physical page: [ 29.108129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.108633] flags: 0x200000000000000(node=0|zone=2) [ 29.108939] page_type: f5(slab) [ 29.109149] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.109393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.109746] page dumped because: kasan: bad access detected [ 29.110001] [ 29.110092] Memory state around the buggy address: [ 29.110303] ffff8881060c3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.110605] ffff8881060c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.110951] >ffff8881060c3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.111169] ^ [ 29.111538] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.111914] ffff8881060c3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.112531] ================================================================== [ 29.113418] ================================================================== [ 29.113744] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.114091] Write of size 8 at addr ffff8881060c3c78 by task kunit_try_catch/329 [ 29.114404] [ 29.114568] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.114619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.114632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.114691] Call Trace: [ 29.114715] <TASK> [ 29.114733] dump_stack_lvl+0x73/0xb0 [ 29.114783] print_report+0xd1/0x610 [ 29.114837] ? __virt_addr_valid+0x1db/0x2d0 [ 29.114863] ? copy_to_kernel_nofault+0x99/0x260 [ 29.114887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.114915] ? copy_to_kernel_nofault+0x99/0x260 [ 29.114939] kasan_report+0x141/0x180 [ 29.114962] ? copy_to_kernel_nofault+0x99/0x260 [ 29.114992] kasan_check_range+0x10c/0x1c0 [ 29.115017] __kasan_check_write+0x18/0x20 [ 29.115041] copy_to_kernel_nofault+0x99/0x260 [ 29.115068] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.115092] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.115116] ? finish_task_switch.isra.0+0x153/0x700 [ 29.115140] ? __schedule+0x10cc/0x2b60 [ 29.115163] ? trace_hardirqs_on+0x37/0xe0 [ 29.115197] ? __pfx_read_tsc+0x10/0x10 [ 29.115222] ? ktime_get_ts64+0x86/0x230 [ 29.115248] kunit_try_run_case+0x1a5/0x480 [ 29.115271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.115293] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.115317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.115341] ? __kthread_parkme+0x82/0x180 [ 29.115363] ? preempt_count_sub+0x50/0x80 [ 29.115388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.115411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.115438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.115467] kthread+0x337/0x6f0 [ 29.115495] ? trace_preempt_on+0x20/0xc0 [ 29.115520] ? __pfx_kthread+0x10/0x10 [ 29.115542] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.115565] ? calculate_sigpending+0x7b/0xa0 [ 29.115593] ? __pfx_kthread+0x10/0x10 [ 29.115616] ret_from_fork+0x116/0x1d0 [ 29.115637] ? __pfx_kthread+0x10/0x10 [ 29.115660] ret_from_fork_asm+0x1a/0x30 [ 29.115728] </TASK> [ 29.115744] [ 29.124028] Allocated by task 329: [ 29.124160] kasan_save_stack+0x45/0x70 [ 29.124300] kasan_save_track+0x18/0x40 [ 29.124526] kasan_save_alloc_info+0x3b/0x50 [ 29.124781] __kasan_kmalloc+0xb7/0xc0 [ 29.124975] __kmalloc_cache_noprof+0x189/0x420 [ 29.125196] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.125531] kunit_try_run_case+0x1a5/0x480 [ 29.125771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.125987] kthread+0x337/0x6f0 [ 29.126157] ret_from_fork+0x116/0x1d0 [ 29.126423] ret_from_fork_asm+0x1a/0x30 [ 29.126625] [ 29.126738] The buggy address belongs to the object at ffff8881060c3c00 [ 29.126738] which belongs to the cache kmalloc-128 of size 128 [ 29.127228] The buggy address is located 0 bytes to the right of [ 29.127228] allocated 120-byte region [ffff8881060c3c00, ffff8881060c3c78) [ 29.127649] [ 29.127775] The buggy address belongs to the physical page: [ 29.128310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.128685] flags: 0x200000000000000(node=0|zone=2) [ 29.128950] page_type: f5(slab) [ 29.129117] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.129368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.129676] page dumped because: kasan: bad access detected [ 29.130721] [ 29.131818] Memory state around the buggy address: [ 29.131984] ffff8881060c3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.132203] ffff8881060c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.132419] >ffff8881060c3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.132789] ^ [ 29.133010] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.133223] ffff8881060c3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.133434] ==================================================================