Date
July 18, 2025, 1:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.589620] ================================================================== [ 34.589668] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 34.589717] Write of size 8 at addr fff00000c970b178 by task kunit_try_catch/312 [ 34.589768] [ 34.589798] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.589880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.589909] Hardware name: linux,dummy-virt (DT) [ 34.589942] Call trace: [ 34.589964] show_stack+0x20/0x38 (C) [ 34.590013] dump_stack_lvl+0x8c/0xd0 [ 34.590068] print_report+0x118/0x5e8 [ 34.590127] kasan_report+0xdc/0x128 [ 34.590170] kasan_check_range+0x100/0x1a8 [ 34.590218] __kasan_check_write+0x20/0x30 [ 34.590266] copy_to_kernel_nofault+0x8c/0x250 [ 34.590315] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 34.590366] kunit_try_run_case+0x170/0x3f0 [ 34.590413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.590466] kthread+0x328/0x630 [ 34.590510] ret_from_fork+0x10/0x20 [ 34.590556] [ 34.590578] Allocated by task 312: [ 34.590606] kasan_save_stack+0x3c/0x68 [ 34.590645] kasan_save_track+0x20/0x40 [ 34.590681] kasan_save_alloc_info+0x40/0x58 [ 34.590720] __kasan_kmalloc+0xd4/0xd8 [ 34.590755] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.590796] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.590837] kunit_try_run_case+0x170/0x3f0 [ 34.590875] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.590919] kthread+0x328/0x630 [ 34.590952] ret_from_fork+0x10/0x20 [ 34.590989] [ 34.591011] The buggy address belongs to the object at fff00000c970b100 [ 34.591011] which belongs to the cache kmalloc-128 of size 128 [ 34.591071] The buggy address is located 0 bytes to the right of [ 34.591071] allocated 120-byte region [fff00000c970b100, fff00000c970b178) [ 34.591199] [ 34.591220] The buggy address belongs to the physical page: [ 34.591253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.591306] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.591356] page_type: f5(slab) [ 34.591407] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.591462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.591506] page dumped because: kasan: bad access detected [ 34.591540] [ 34.591561] Memory state around the buggy address: [ 34.591602] fff00000c970b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.591648] fff00000c970b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.591692] >fff00000c970b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.591743] ^ [ 34.591785] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.591838] fff00000c970b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.591879] ================================================================== [ 34.584830] ================================================================== [ 34.584900] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 34.584956] Read of size 8 at addr fff00000c970b178 by task kunit_try_catch/312 [ 34.585007] [ 34.585039] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.585246] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.585278] Hardware name: linux,dummy-virt (DT) [ 34.585312] Call trace: [ 34.585336] show_stack+0x20/0x38 (C) [ 34.585388] dump_stack_lvl+0x8c/0xd0 [ 34.585478] print_report+0x118/0x5e8 [ 34.585544] kasan_report+0xdc/0x128 [ 34.585590] __asan_report_load8_noabort+0x20/0x30 [ 34.585641] copy_to_kernel_nofault+0x204/0x250 [ 34.585697] copy_to_kernel_nofault_oob+0x158/0x418 [ 34.585763] kunit_try_run_case+0x170/0x3f0 [ 34.585850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.585903] kthread+0x328/0x630 [ 34.585961] ret_from_fork+0x10/0x20 [ 34.586011] [ 34.586039] Allocated by task 312: [ 34.586899] kasan_save_stack+0x3c/0x68 [ 34.586949] kasan_save_track+0x20/0x40 [ 34.586988] kasan_save_alloc_info+0x40/0x58 [ 34.587026] __kasan_kmalloc+0xd4/0xd8 [ 34.587063] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.587117] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.587159] kunit_try_run_case+0x170/0x3f0 [ 34.587197] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.587242] kthread+0x328/0x630 [ 34.587277] ret_from_fork+0x10/0x20 [ 34.587314] [ 34.587335] The buggy address belongs to the object at fff00000c970b100 [ 34.587335] which belongs to the cache kmalloc-128 of size 128 [ 34.587395] The buggy address is located 0 bytes to the right of [ 34.587395] allocated 120-byte region [fff00000c970b100, fff00000c970b178) [ 34.587460] [ 34.587482] The buggy address belongs to the physical page: [ 34.587516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.587570] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.587620] page_type: f5(slab) [ 34.587658] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.587710] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.587752] page dumped because: kasan: bad access detected [ 34.587785] [ 34.587806] Memory state around the buggy address: [ 34.587841] fff00000c970b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.588912] fff00000c970b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.588963] >fff00000c970b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.589003] ^ [ 34.589047] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.589103] fff00000c970b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.589145] ==================================================================
[ 28.537054] ================================================================== [ 28.537369] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 28.537717] Write of size 8 at addr ffff8881053b7978 by task kunit_try_catch/329 [ 28.537955] [ 28.538371] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.538501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.538515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.538539] Call Trace: [ 28.538553] <TASK> [ 28.538570] dump_stack_lvl+0x73/0xb0 [ 28.538604] print_report+0xd1/0x640 [ 28.538628] ? __virt_addr_valid+0x1db/0x2d0 [ 28.538652] ? copy_to_kernel_nofault+0x99/0x260 [ 28.538681] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.538708] ? copy_to_kernel_nofault+0x99/0x260 [ 28.538731] kasan_report+0x141/0x180 [ 28.538754] ? copy_to_kernel_nofault+0x99/0x260 [ 28.538782] kasan_check_range+0x10c/0x1c0 [ 28.538830] __kasan_check_write+0x18/0x20 [ 28.538873] copy_to_kernel_nofault+0x99/0x260 [ 28.538898] copy_to_kernel_nofault_oob+0x288/0x560 [ 28.538922] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 28.538945] ? finish_task_switch.isra.0+0x153/0x700 [ 28.538968] ? __schedule+0x10da/0x2b60 [ 28.538991] ? trace_hardirqs_on+0x37/0xe0 [ 28.539023] ? __pfx_read_tsc+0x10/0x10 [ 28.539046] ? ktime_get_ts64+0x86/0x230 [ 28.539071] kunit_try_run_case+0x1a5/0x480 [ 28.539095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.539117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.539151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.539185] ? __kthread_parkme+0x82/0x180 [ 28.539206] ? preempt_count_sub+0x50/0x80 [ 28.539229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.539253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.539276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.539301] kthread+0x337/0x6f0 [ 28.539321] ? trace_preempt_on+0x20/0xc0 [ 28.539354] ? __pfx_kthread+0x10/0x10 [ 28.539375] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.539405] ? calculate_sigpending+0x7b/0xa0 [ 28.539429] ? __pfx_kthread+0x10/0x10 [ 28.539451] ret_from_fork+0x116/0x1d0 [ 28.539471] ? __pfx_kthread+0x10/0x10 [ 28.539491] ret_from_fork_asm+0x1a/0x30 [ 28.539522] </TASK> [ 28.539533] [ 28.551153] Allocated by task 329: [ 28.551356] kasan_save_stack+0x45/0x70 [ 28.551553] kasan_save_track+0x18/0x40 [ 28.551716] kasan_save_alloc_info+0x3b/0x50 [ 28.551921] __kasan_kmalloc+0xb7/0xc0 [ 28.552089] __kmalloc_cache_noprof+0x189/0x420 [ 28.552292] copy_to_kernel_nofault_oob+0x12f/0x560 [ 28.553172] kunit_try_run_case+0x1a5/0x480 [ 28.553377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.553629] kthread+0x337/0x6f0 [ 28.554075] ret_from_fork+0x116/0x1d0 [ 28.554261] ret_from_fork_asm+0x1a/0x30 [ 28.554474] [ 28.554694] The buggy address belongs to the object at ffff8881053b7900 [ 28.554694] which belongs to the cache kmalloc-128 of size 128 [ 28.555604] The buggy address is located 0 bytes to the right of [ 28.555604] allocated 120-byte region [ffff8881053b7900, ffff8881053b7978) [ 28.556303] [ 28.556521] The buggy address belongs to the physical page: [ 28.556771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.557115] flags: 0x200000000000000(node=0|zone=2) [ 28.557329] page_type: f5(slab) [ 28.557493] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.557810] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.558112] page dumped because: kasan: bad access detected [ 28.558855] [ 28.558975] Memory state around the buggy address: [ 28.559162] ffff8881053b7800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.559618] ffff8881053b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.560059] >ffff8881053b7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.560396] ^ [ 28.560803] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.561318] ffff8881053b7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.561739] ================================================================== [ 28.508649] ================================================================== [ 28.509309] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 28.509998] Read of size 8 at addr ffff8881053b7978 by task kunit_try_catch/329 [ 28.510383] [ 28.510947] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.511011] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.511026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.511050] Call Trace: [ 28.511100] <TASK> [ 28.511120] dump_stack_lvl+0x73/0xb0 [ 28.511158] print_report+0xd1/0x640 [ 28.511185] ? __virt_addr_valid+0x1db/0x2d0 [ 28.511209] ? copy_to_kernel_nofault+0x225/0x260 [ 28.511234] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.511260] ? copy_to_kernel_nofault+0x225/0x260 [ 28.511284] kasan_report+0x141/0x180 [ 28.511307] ? copy_to_kernel_nofault+0x225/0x260 [ 28.511346] __asan_report_load8_noabort+0x18/0x20 [ 28.511371] copy_to_kernel_nofault+0x225/0x260 [ 28.511397] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 28.511421] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 28.511445] ? finish_task_switch.isra.0+0x153/0x700 [ 28.511469] ? __schedule+0x10da/0x2b60 [ 28.511494] ? trace_hardirqs_on+0x37/0xe0 [ 28.511525] ? __pfx_read_tsc+0x10/0x10 [ 28.511548] ? ktime_get_ts64+0x86/0x230 [ 28.511574] kunit_try_run_case+0x1a5/0x480 [ 28.511600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.511623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.511657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.511690] ? __kthread_parkme+0x82/0x180 [ 28.511711] ? preempt_count_sub+0x50/0x80 [ 28.511734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.511758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.511782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.511814] kthread+0x337/0x6f0 [ 28.511849] ? trace_preempt_on+0x20/0xc0 [ 28.511872] ? __pfx_kthread+0x10/0x10 [ 28.511893] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.511924] ? calculate_sigpending+0x7b/0xa0 [ 28.511949] ? __pfx_kthread+0x10/0x10 [ 28.511970] ret_from_fork+0x116/0x1d0 [ 28.511990] ? __pfx_kthread+0x10/0x10 [ 28.512011] ret_from_fork_asm+0x1a/0x30 [ 28.512043] </TASK> [ 28.512056] [ 28.524255] Allocated by task 329: [ 28.524481] kasan_save_stack+0x45/0x70 [ 28.524695] kasan_save_track+0x18/0x40 [ 28.524866] kasan_save_alloc_info+0x3b/0x50 [ 28.525358] __kasan_kmalloc+0xb7/0xc0 [ 28.525656] __kmalloc_cache_noprof+0x189/0x420 [ 28.525903] copy_to_kernel_nofault_oob+0x12f/0x560 [ 28.526482] kunit_try_run_case+0x1a5/0x480 [ 28.526954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.527228] kthread+0x337/0x6f0 [ 28.527438] ret_from_fork+0x116/0x1d0 [ 28.527831] ret_from_fork_asm+0x1a/0x30 [ 28.528011] [ 28.528105] The buggy address belongs to the object at ffff8881053b7900 [ 28.528105] which belongs to the cache kmalloc-128 of size 128 [ 28.528610] The buggy address is located 0 bytes to the right of [ 28.528610] allocated 120-byte region [ffff8881053b7900, ffff8881053b7978) [ 28.529455] [ 28.529727] The buggy address belongs to the physical page: [ 28.530025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.530685] flags: 0x200000000000000(node=0|zone=2) [ 28.531071] page_type: f5(slab) [ 28.531318] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.531971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.532490] page dumped because: kasan: bad access detected [ 28.532767] [ 28.532907] Memory state around the buggy address: [ 28.533141] ffff8881053b7800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.533667] ffff8881053b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.534111] >ffff8881053b7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.534408] ^ [ 28.534720] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.535206] ffff8881053b7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.535589] ==================================================================