Date
July 16, 2025, 12:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.614170] ================================================================== [ 33.614591] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 33.614673] Read of size 8 at addr fff00000c9bb7278 by task kunit_try_catch/312 [ 33.614815] [ 33.614894] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.615030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.615174] Hardware name: linux,dummy-virt (DT) [ 33.615392] Call trace: [ 33.615435] show_stack+0x20/0x38 (C) [ 33.615574] dump_stack_lvl+0x8c/0xd0 [ 33.615670] print_report+0x118/0x5d0 [ 33.615725] kasan_report+0xdc/0x128 [ 33.615769] __asan_report_load8_noabort+0x20/0x30 [ 33.616232] copy_to_kernel_nofault+0x204/0x250 [ 33.616326] copy_to_kernel_nofault_oob+0x158/0x418 [ 33.616392] kunit_try_run_case+0x170/0x3f0 [ 33.616604] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.616866] kthread+0x328/0x630 [ 33.617128] ret_from_fork+0x10/0x20 [ 33.617342] [ 33.617400] Allocated by task 312: [ 33.617471] kasan_save_stack+0x3c/0x68 [ 33.617527] kasan_save_track+0x20/0x40 [ 33.617818] kasan_save_alloc_info+0x40/0x58 [ 33.618005] __kasan_kmalloc+0xd4/0xd8 [ 33.618224] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.618325] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.618700] kunit_try_run_case+0x170/0x3f0 [ 33.618811] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.618909] kthread+0x328/0x630 [ 33.618992] ret_from_fork+0x10/0x20 [ 33.619137] [ 33.619197] The buggy address belongs to the object at fff00000c9bb7200 [ 33.619197] which belongs to the cache kmalloc-128 of size 128 [ 33.619319] The buggy address is located 0 bytes to the right of [ 33.619319] allocated 120-byte region [fff00000c9bb7200, fff00000c9bb7278) [ 33.619396] [ 33.619427] The buggy address belongs to the physical page: [ 33.619463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.619540] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.619596] page_type: f5(slab) [ 33.619650] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.619714] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.619760] page dumped because: kasan: bad access detected [ 33.619795] [ 33.619816] Memory state around the buggy address: [ 33.620204] fff00000c9bb7100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.620270] fff00000c9bb7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.620318] >fff00000c9bb7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.620764] ^ [ 33.620861] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.620986] fff00000c9bb7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.621074] ================================================================== [ 33.622080] ================================================================== [ 33.622258] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 33.622312] Write of size 8 at addr fff00000c9bb7278 by task kunit_try_catch/312 [ 33.622650] [ 33.622760] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.622867] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.622946] Hardware name: linux,dummy-virt (DT) [ 33.622982] Call trace: [ 33.623006] show_stack+0x20/0x38 (C) [ 33.623198] dump_stack_lvl+0x8c/0xd0 [ 33.623247] print_report+0x118/0x5d0 [ 33.623690] kasan_report+0xdc/0x128 [ 33.623799] kasan_check_range+0x100/0x1a8 [ 33.623857] __kasan_check_write+0x20/0x30 [ 33.623932] copy_to_kernel_nofault+0x8c/0x250 [ 33.623987] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 33.624040] kunit_try_run_case+0x170/0x3f0 [ 33.624352] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.624485] kthread+0x328/0x630 [ 33.624545] ret_from_fork+0x10/0x20 [ 33.624605] [ 33.624629] Allocated by task 312: [ 33.624663] kasan_save_stack+0x3c/0x68 [ 33.624726] kasan_save_track+0x20/0x40 [ 33.624763] kasan_save_alloc_info+0x40/0x58 [ 33.624803] __kasan_kmalloc+0xd4/0xd8 [ 33.624852] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.624905] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.624958] kunit_try_run_case+0x170/0x3f0 [ 33.624996] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.625043] kthread+0x328/0x630 [ 33.625086] ret_from_fork+0x10/0x20 [ 33.625134] [ 33.625164] The buggy address belongs to the object at fff00000c9bb7200 [ 33.625164] which belongs to the cache kmalloc-128 of size 128 [ 33.625236] The buggy address is located 0 bytes to the right of [ 33.625236] allocated 120-byte region [fff00000c9bb7200, fff00000c9bb7278) [ 33.625304] [ 33.625335] The buggy address belongs to the physical page: [ 33.625378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.625435] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.625485] page_type: f5(slab) [ 33.626042] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.626121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.626185] page dumped because: kasan: bad access detected [ 33.626443] [ 33.627384] Memory state around the buggy address: [ 33.627444] fff00000c9bb7100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.627557] fff00000c9bb7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.627628] >fff00000c9bb7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.627703] ^ [ 33.627975] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.628024] fff00000c9bb7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.628068] ==================================================================
[ 27.159971] ================================================================== [ 27.160424] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.161057] Write of size 8 at addr ffff88810611da78 by task kunit_try_catch/330 [ 27.161430] [ 27.161560] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.161646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.161660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.161682] Call Trace: [ 27.161696] <TASK> [ 27.161712] dump_stack_lvl+0x73/0xb0 [ 27.161743] print_report+0xd1/0x610 [ 27.161767] ? __virt_addr_valid+0x1db/0x2d0 [ 27.161792] ? copy_to_kernel_nofault+0x99/0x260 [ 27.161816] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.161843] ? copy_to_kernel_nofault+0x99/0x260 [ 27.161870] kasan_report+0x141/0x180 [ 27.161894] ? copy_to_kernel_nofault+0x99/0x260 [ 27.161925] kasan_check_range+0x10c/0x1c0 [ 27.161952] __kasan_check_write+0x18/0x20 [ 27.161977] copy_to_kernel_nofault+0x99/0x260 [ 27.162003] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.162030] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.162055] ? finish_task_switch.isra.0+0x153/0x700 [ 27.162079] ? __schedule+0x10c6/0x2b60 [ 27.162102] ? trace_hardirqs_on+0x37/0xe0 [ 27.162133] ? __pfx_read_tsc+0x10/0x10 [ 27.162157] ? ktime_get_ts64+0x86/0x230 [ 27.162183] kunit_try_run_case+0x1a5/0x480 [ 27.162208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.162232] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.162255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.162279] ? __kthread_parkme+0x82/0x180 [ 27.162300] ? preempt_count_sub+0x50/0x80 [ 27.162347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.162372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.162400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.162428] kthread+0x337/0x6f0 [ 27.162448] ? trace_preempt_on+0x20/0xc0 [ 27.162492] ? __pfx_kthread+0x10/0x10 [ 27.162513] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.162536] ? calculate_sigpending+0x7b/0xa0 [ 27.162562] ? __pfx_kthread+0x10/0x10 [ 27.162584] ret_from_fork+0x116/0x1d0 [ 27.162620] ? __pfx_kthread+0x10/0x10 [ 27.162641] ret_from_fork_asm+0x1a/0x30 [ 27.162698] </TASK> [ 27.162709] [ 27.171458] Allocated by task 330: [ 27.171586] kasan_save_stack+0x45/0x70 [ 27.172014] kasan_save_track+0x18/0x40 [ 27.172182] kasan_save_alloc_info+0x3b/0x50 [ 27.172387] __kasan_kmalloc+0xb7/0xc0 [ 27.172548] __kmalloc_cache_noprof+0x189/0x420 [ 27.172939] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.173148] kunit_try_run_case+0x1a5/0x480 [ 27.173285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.173524] kthread+0x337/0x6f0 [ 27.173764] ret_from_fork+0x116/0x1d0 [ 27.173955] ret_from_fork_asm+0x1a/0x30 [ 27.174142] [ 27.174272] The buggy address belongs to the object at ffff88810611da00 [ 27.174272] which belongs to the cache kmalloc-128 of size 128 [ 27.174733] The buggy address is located 0 bytes to the right of [ 27.174733] allocated 120-byte region [ffff88810611da00, ffff88810611da78) [ 27.175386] [ 27.175506] The buggy address belongs to the physical page: [ 27.176037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.176401] flags: 0x200000000000000(node=0|zone=2) [ 27.176671] page_type: f5(slab) [ 27.176842] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.177614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.177870] page dumped because: kasan: bad access detected [ 27.178032] [ 27.178095] Memory state around the buggy address: [ 27.178241] ffff88810611d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.178457] ffff88810611d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.178664] >ffff88810611da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.178865] ^ [ 27.179067] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.179273] ffff88810611db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.179960] ================================================================== [ 27.140751] ================================================================== [ 27.141480] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.141864] Read of size 8 at addr ffff88810611da78 by task kunit_try_catch/330 [ 27.142193] [ 27.142333] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.142390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.142424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.142447] Call Trace: [ 27.142462] <TASK> [ 27.142481] dump_stack_lvl+0x73/0xb0 [ 27.142515] print_report+0xd1/0x610 [ 27.142540] ? __virt_addr_valid+0x1db/0x2d0 [ 27.142565] ? copy_to_kernel_nofault+0x225/0x260 [ 27.142590] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.142632] ? copy_to_kernel_nofault+0x225/0x260 [ 27.142657] kasan_report+0x141/0x180 [ 27.142681] ? copy_to_kernel_nofault+0x225/0x260 [ 27.142728] __asan_report_load8_noabort+0x18/0x20 [ 27.142755] copy_to_kernel_nofault+0x225/0x260 [ 27.142781] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.142807] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.142847] ? finish_task_switch.isra.0+0x153/0x700 [ 27.142872] ? __schedule+0x10c6/0x2b60 [ 27.142896] ? trace_hardirqs_on+0x37/0xe0 [ 27.142928] ? __pfx_read_tsc+0x10/0x10 [ 27.142952] ? ktime_get_ts64+0x86/0x230 [ 27.142978] kunit_try_run_case+0x1a5/0x480 [ 27.143005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.143028] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.143051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.143075] ? __kthread_parkme+0x82/0x180 [ 27.143096] ? preempt_count_sub+0x50/0x80 [ 27.143120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.143145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.143172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.143200] kthread+0x337/0x6f0 [ 27.143239] ? trace_preempt_on+0x20/0xc0 [ 27.143263] ? __pfx_kthread+0x10/0x10 [ 27.143284] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.143330] ? calculate_sigpending+0x7b/0xa0 [ 27.143357] ? __pfx_kthread+0x10/0x10 [ 27.143379] ret_from_fork+0x116/0x1d0 [ 27.143400] ? __pfx_kthread+0x10/0x10 [ 27.143421] ret_from_fork_asm+0x1a/0x30 [ 27.143454] </TASK> [ 27.143466] [ 27.150394] Allocated by task 330: [ 27.150620] kasan_save_stack+0x45/0x70 [ 27.150873] kasan_save_track+0x18/0x40 [ 27.151066] kasan_save_alloc_info+0x3b/0x50 [ 27.151276] __kasan_kmalloc+0xb7/0xc0 [ 27.151549] __kmalloc_cache_noprof+0x189/0x420 [ 27.151964] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.152183] kunit_try_run_case+0x1a5/0x480 [ 27.152333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.152508] kthread+0x337/0x6f0 [ 27.152684] ret_from_fork+0x116/0x1d0 [ 27.152868] ret_from_fork_asm+0x1a/0x30 [ 27.153171] [ 27.153261] The buggy address belongs to the object at ffff88810611da00 [ 27.153261] which belongs to the cache kmalloc-128 of size 128 [ 27.153993] The buggy address is located 0 bytes to the right of [ 27.153993] allocated 120-byte region [ffff88810611da00, ffff88810611da78) [ 27.154567] [ 27.154637] The buggy address belongs to the physical page: [ 27.154802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.155161] flags: 0x200000000000000(node=0|zone=2) [ 27.155674] page_type: f5(slab) [ 27.155841] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.156143] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.156376] page dumped because: kasan: bad access detected [ 27.156543] [ 27.156617] Memory state around the buggy address: [ 27.156840] ffff88810611d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.157149] ffff88810611d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.157880] >ffff88810611da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.158142] ^ [ 27.158356] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.158562] ffff88810611db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.158776] ==================================================================