Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.427114] ================================================================== [ 33.427202] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 33.427343] Write of size 8 at addr fff00000c922a378 by task kunit_try_catch/312 [ 33.427417] [ 33.427454] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.427801] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.427862] Hardware name: linux,dummy-virt (DT) [ 33.427985] Call trace: [ 33.428043] show_stack+0x20/0x38 (C) [ 33.428127] dump_stack_lvl+0x8c/0xd0 [ 33.428239] print_report+0x118/0x5e8 [ 33.428315] kasan_report+0xdc/0x128 [ 33.428381] kasan_check_range+0x100/0x1a8 [ 33.428481] __kasan_check_write+0x20/0x30 [ 33.428546] copy_to_kernel_nofault+0x8c/0x250 [ 33.428627] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 33.428681] kunit_try_run_case+0x170/0x3f0 [ 33.428885] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.429184] kthread+0x328/0x630 [ 33.429341] ret_from_fork+0x10/0x20 [ 33.429681] [ 33.429727] Allocated by task 312: [ 33.429763] kasan_save_stack+0x3c/0x68 [ 33.430027] kasan_save_track+0x20/0x40 [ 33.430292] kasan_save_alloc_info+0x40/0x58 [ 33.430484] __kasan_kmalloc+0xd4/0xd8 [ 33.430531] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.431076] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.431236] kunit_try_run_case+0x170/0x3f0 [ 33.431459] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.431553] kthread+0x328/0x630 [ 33.432006] ret_from_fork+0x10/0x20 [ 33.432089] [ 33.432375] The buggy address belongs to the object at fff00000c922a300 [ 33.432375] which belongs to the cache kmalloc-128 of size 128 [ 33.432625] The buggy address is located 0 bytes to the right of [ 33.432625] allocated 120-byte region [fff00000c922a300, fff00000c922a378) [ 33.432987] [ 33.433394] The buggy address belongs to the physical page: [ 33.433623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.434010] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.434108] page_type: f5(slab) [ 33.434206] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.434289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.434543] page dumped because: kasan: bad access detected [ 33.434698] [ 33.434974] Memory state around the buggy address: [ 33.435136] fff00000c922a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.435506] fff00000c922a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.435751] >fff00000c922a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.435986] ^ [ 33.436267] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.436693] fff00000c922a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.437014] ================================================================== [ 33.420322] ================================================================== [ 33.420396] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 33.420555] Read of size 8 at addr fff00000c922a378 by task kunit_try_catch/312 [ 33.420615] [ 33.420680] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.420981] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.421248] Hardware name: linux,dummy-virt (DT) [ 33.421289] Call trace: [ 33.421376] show_stack+0x20/0x38 (C) [ 33.421435] dump_stack_lvl+0x8c/0xd0 [ 33.421487] print_report+0x118/0x5e8 [ 33.421533] kasan_report+0xdc/0x128 [ 33.421579] __asan_report_load8_noabort+0x20/0x30 [ 33.421631] copy_to_kernel_nofault+0x204/0x250 [ 33.421682] copy_to_kernel_nofault_oob+0x158/0x418 [ 33.421734] kunit_try_run_case+0x170/0x3f0 [ 33.421794] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.421859] kthread+0x328/0x630 [ 33.421903] ret_from_fork+0x10/0x20 [ 33.421952] [ 33.421984] Allocated by task 312: [ 33.422021] kasan_save_stack+0x3c/0x68 [ 33.422077] kasan_save_track+0x20/0x40 [ 33.422130] kasan_save_alloc_info+0x40/0x58 [ 33.422176] __kasan_kmalloc+0xd4/0xd8 [ 33.422214] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.422257] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.422301] kunit_try_run_case+0x170/0x3f0 [ 33.422339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.422386] kthread+0x328/0x630 [ 33.422425] ret_from_fork+0x10/0x20 [ 33.422464] [ 33.422501] The buggy address belongs to the object at fff00000c922a300 [ 33.422501] which belongs to the cache kmalloc-128 of size 128 [ 33.422562] The buggy address is located 0 bytes to the right of [ 33.422562] allocated 120-byte region [fff00000c922a300, fff00000c922a378) [ 33.422628] [ 33.422660] The buggy address belongs to the physical page: [ 33.422708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.422766] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.422854] page_type: f5(slab) [ 33.423654] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.423765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.423853] page dumped because: kasan: bad access detected [ 33.423965] [ 33.424036] Memory state around the buggy address: [ 33.424132] fff00000c922a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.424313] fff00000c922a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.424485] >fff00000c922a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.424791] ^ [ 33.425098] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.425169] fff00000c922a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.425212] ==================================================================
[ 29.200811] ================================================================== [ 29.202265] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.203723] Read of size 8 at addr ffff888106002578 by task kunit_try_catch/329 [ 29.203983] [ 29.204082] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.204139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.204154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.204425] Call Trace: [ 29.204442] <TASK> [ 29.204478] dump_stack_lvl+0x73/0xb0 [ 29.204516] print_report+0xd1/0x640 [ 29.204550] ? __virt_addr_valid+0x1db/0x2d0 [ 29.204600] ? copy_to_kernel_nofault+0x225/0x260 [ 29.204627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.204656] ? copy_to_kernel_nofault+0x225/0x260 [ 29.204683] kasan_report+0x141/0x180 [ 29.204709] ? copy_to_kernel_nofault+0x225/0x260 [ 29.204740] __asan_report_load8_noabort+0x18/0x20 [ 29.204767] copy_to_kernel_nofault+0x225/0x260 [ 29.204794] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.204819] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.204855] ? __schedule+0x10da/0x2b60 [ 29.204892] ? finish_task_switch.isra.0+0x153/0x700 [ 29.204918] ? finish_task_switch.isra.0+0x156/0x700 [ 29.204950] ? __pfx_read_tsc+0x10/0x10 [ 29.204975] ? ktime_get_ts64+0x86/0x230 [ 29.205003] kunit_try_run_case+0x1a5/0x480 [ 29.205031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.205056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.205082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.205110] ? __kthread_parkme+0x82/0x180 [ 29.205132] ? preempt_count_sub+0x50/0x80 [ 29.205155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.205182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.205207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.205233] kthread+0x337/0x6f0 [ 29.205254] ? trace_preempt_on+0x20/0xc0 [ 29.205280] ? __pfx_kthread+0x10/0x10 [ 29.205303] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.205338] ? calculate_sigpending+0x7b/0xa0 [ 29.205365] ? __pfx_kthread+0x10/0x10 [ 29.205399] ret_from_fork+0x116/0x1d0 [ 29.205421] ? __pfx_kthread+0x10/0x10 [ 29.205444] ret_from_fork_asm+0x1a/0x30 [ 29.205477] </TASK> [ 29.205491] [ 29.217772] Allocated by task 329: [ 29.218547] kasan_save_stack+0x45/0x70 [ 29.218710] kasan_save_track+0x18/0x40 [ 29.218921] kasan_save_alloc_info+0x3b/0x50 [ 29.219108] __kasan_kmalloc+0xb7/0xc0 [ 29.219324] __kmalloc_cache_noprof+0x189/0x420 [ 29.219782] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.220002] kunit_try_run_case+0x1a5/0x480 [ 29.220335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.220804] kthread+0x337/0x6f0 [ 29.220965] ret_from_fork+0x116/0x1d0 [ 29.221258] ret_from_fork_asm+0x1a/0x30 [ 29.221456] [ 29.221559] The buggy address belongs to the object at ffff888106002500 [ 29.221559] which belongs to the cache kmalloc-128 of size 128 [ 29.222367] The buggy address is located 0 bytes to the right of [ 29.222367] allocated 120-byte region [ffff888106002500, ffff888106002578) [ 29.223296] [ 29.223416] The buggy address belongs to the physical page: [ 29.223657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106002 [ 29.224006] flags: 0x200000000000000(node=0|zone=2) [ 29.224234] page_type: f5(slab) [ 29.224638] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.225069] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.225441] page dumped because: kasan: bad access detected [ 29.225769] [ 29.225969] Memory state around the buggy address: [ 29.226369] ffff888106002400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.226757] ffff888106002480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.227100] >ffff888106002500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.227392] ^ [ 29.227816] ffff888106002580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.228122] ffff888106002600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.228620] ================================================================== [ 29.229602] ================================================================== [ 29.229917] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.230264] Write of size 8 at addr ffff888106002578 by task kunit_try_catch/329 [ 29.230763] [ 29.230926] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.230978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.230993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.231016] Call Trace: [ 29.231030] <TASK> [ 29.231046] dump_stack_lvl+0x73/0xb0 [ 29.231077] print_report+0xd1/0x640 [ 29.231103] ? __virt_addr_valid+0x1db/0x2d0 [ 29.231130] ? copy_to_kernel_nofault+0x99/0x260 [ 29.231155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.231305] ? copy_to_kernel_nofault+0x99/0x260 [ 29.231335] kasan_report+0x141/0x180 [ 29.231361] ? copy_to_kernel_nofault+0x99/0x260 [ 29.231391] kasan_check_range+0x10c/0x1c0 [ 29.231417] __kasan_check_write+0x18/0x20 [ 29.231442] copy_to_kernel_nofault+0x99/0x260 [ 29.231565] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.231595] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.231621] ? __schedule+0x10da/0x2b60 [ 29.231647] ? finish_task_switch.isra.0+0x153/0x700 [ 29.231671] ? finish_task_switch.isra.0+0x156/0x700 [ 29.231703] ? __pfx_read_tsc+0x10/0x10 [ 29.231727] ? ktime_get_ts64+0x86/0x230 [ 29.231753] kunit_try_run_case+0x1a5/0x480 [ 29.231779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.231841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.231868] ? __kthread_parkme+0x82/0x180 [ 29.231890] ? preempt_count_sub+0x50/0x80 [ 29.231914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.231966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.231992] kthread+0x337/0x6f0 [ 29.232012] ? trace_preempt_on+0x20/0xc0 [ 29.232036] ? __pfx_kthread+0x10/0x10 [ 29.232059] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.232084] ? calculate_sigpending+0x7b/0xa0 [ 29.232109] ? __pfx_kthread+0x10/0x10 [ 29.232132] ret_from_fork+0x116/0x1d0 [ 29.232153] ? __pfx_kthread+0x10/0x10 [ 29.232176] ret_from_fork_asm+0x1a/0x30 [ 29.232208] </TASK> [ 29.232221] [ 29.243151] Allocated by task 329: [ 29.243783] kasan_save_stack+0x45/0x70 [ 29.243977] kasan_save_track+0x18/0x40 [ 29.244176] kasan_save_alloc_info+0x3b/0x50 [ 29.244607] __kasan_kmalloc+0xb7/0xc0 [ 29.244807] __kmalloc_cache_noprof+0x189/0x420 [ 29.245039] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.245431] kunit_try_run_case+0x1a5/0x480 [ 29.245635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.245977] kthread+0x337/0x6f0 [ 29.246285] ret_from_fork+0x116/0x1d0 [ 29.246469] ret_from_fork_asm+0x1a/0x30 [ 29.246814] [ 29.246918] The buggy address belongs to the object at ffff888106002500 [ 29.246918] which belongs to the cache kmalloc-128 of size 128 [ 29.247542] The buggy address is located 0 bytes to the right of [ 29.247542] allocated 120-byte region [ffff888106002500, ffff888106002578) [ 29.248286] [ 29.248526] The buggy address belongs to the physical page: [ 29.248767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106002 [ 29.249103] flags: 0x200000000000000(node=0|zone=2) [ 29.249528] page_type: f5(slab) [ 29.249700] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.250142] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.250566] page dumped because: kasan: bad access detected [ 29.250782] [ 29.250895] Memory state around the buggy address: [ 29.251244] ffff888106002400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.251686] ffff888106002480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.251984] >ffff888106002500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.252346] ^ [ 29.252683] ffff888106002580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.253213] ffff888106002600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.253520] ==================================================================