Date
July 25, 2025, 3:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 35.566075] ================================================================== [ 35.566147] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 35.566219] Read of size 8 at addr fff00000c9a8b878 by task kunit_try_catch/313 [ 35.566273] [ 35.566565] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.566801] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.566837] Hardware name: linux,dummy-virt (DT) [ 35.567044] Call trace: [ 35.567105] show_stack+0x20/0x38 (C) [ 35.567579] dump_stack_lvl+0x8c/0xd0 [ 35.567700] print_report+0x118/0x5e8 [ 35.567777] kasan_report+0xdc/0x128 [ 35.568410] __asan_report_load8_noabort+0x20/0x30 [ 35.569308] copy_to_kernel_nofault+0x204/0x250 [ 35.569446] copy_to_kernel_nofault_oob+0x158/0x418 [ 35.569577] kunit_try_run_case+0x170/0x3f0 [ 35.569634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.569902] kthread+0x328/0x630 [ 35.570377] ret_from_fork+0x10/0x20 [ 35.570515] [ 35.570586] Allocated by task 313: [ 35.570757] kasan_save_stack+0x3c/0x68 [ 35.570879] kasan_save_track+0x20/0x40 [ 35.570957] kasan_save_alloc_info+0x40/0x58 [ 35.571022] __kasan_kmalloc+0xd4/0xd8 [ 35.571116] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.571206] copy_to_kernel_nofault_oob+0xc8/0x418 [ 35.571319] kunit_try_run_case+0x170/0x3f0 [ 35.571360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.571412] kthread+0x328/0x630 [ 35.571449] ret_from_fork+0x10/0x20 [ 35.571802] [ 35.571929] The buggy address belongs to the object at fff00000c9a8b800 [ 35.571929] which belongs to the cache kmalloc-128 of size 128 [ 35.572044] The buggy address is located 0 bytes to the right of [ 35.572044] allocated 120-byte region [fff00000c9a8b800, fff00000c9a8b878) [ 35.572238] [ 35.572614] The buggy address belongs to the physical page: [ 35.572783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.572883] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.573089] page_type: f5(slab) [ 35.573503] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.573602] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.573983] page dumped because: kasan: bad access detected [ 35.574032] [ 35.574055] Memory state around the buggy address: [ 35.574113] fff00000c9a8b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.574172] fff00000c9a8b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.574221] >fff00000c9a8b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.574261] ^ [ 35.574304] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.574358] fff00000c9a8b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.574419] ================================================================== [ 35.575830] ================================================================== [ 35.576051] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 35.576218] Write of size 8 at addr fff00000c9a8b878 by task kunit_try_catch/313 [ 35.576410] [ 35.576477] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.576581] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.576943] Hardware name: linux,dummy-virt (DT) [ 35.576997] Call trace: [ 35.577024] show_stack+0x20/0x38 (C) [ 35.577078] dump_stack_lvl+0x8c/0xd0 [ 35.577435] print_report+0x118/0x5e8 [ 35.577574] kasan_report+0xdc/0x128 [ 35.577627] kasan_check_range+0x100/0x1a8 [ 35.577691] __kasan_check_write+0x20/0x30 [ 35.577995] copy_to_kernel_nofault+0x8c/0x250 [ 35.578083] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 35.578137] kunit_try_run_case+0x170/0x3f0 [ 35.578221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.578307] kthread+0x328/0x630 [ 35.578353] ret_from_fork+0x10/0x20 [ 35.578562] [ 35.578588] Allocated by task 313: [ 35.578774] kasan_save_stack+0x3c/0x68 [ 35.578833] kasan_save_track+0x20/0x40 [ 35.579138] kasan_save_alloc_info+0x40/0x58 [ 35.579296] __kasan_kmalloc+0xd4/0xd8 [ 35.579380] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.579424] copy_to_kernel_nofault_oob+0xc8/0x418 [ 35.579474] kunit_try_run_case+0x170/0x3f0 [ 35.579513] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.579855] kthread+0x328/0x630 [ 35.580088] ret_from_fork+0x10/0x20 [ 35.580145] [ 35.580206] The buggy address belongs to the object at fff00000c9a8b800 [ 35.580206] which belongs to the cache kmalloc-128 of size 128 [ 35.580505] The buggy address is located 0 bytes to the right of [ 35.580505] allocated 120-byte region [fff00000c9a8b800, fff00000c9a8b878) [ 35.580721] [ 35.580770] The buggy address belongs to the physical page: [ 35.580916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.581207] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.581259] page_type: f5(slab) [ 35.581573] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.581698] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.581784] page dumped because: kasan: bad access detected [ 35.581840] [ 35.582170] Memory state around the buggy address: [ 35.582284] fff00000c9a8b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.582367] fff00000c9a8b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.582433] >fff00000c9a8b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.582482] ^ [ 35.582534] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.582591] fff00000c9a8b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.582676] ==================================================================
[ 29.976401] ================================================================== [ 29.976636] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.977290] Write of size 8 at addr ffff888106253778 by task kunit_try_catch/330 [ 29.978398] [ 29.978644] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.978697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.978711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.978733] Call Trace: [ 29.978747] <TASK> [ 29.978765] dump_stack_lvl+0x73/0xb0 [ 29.978796] print_report+0xd1/0x640 [ 29.978822] ? __virt_addr_valid+0x1db/0x2d0 [ 29.978847] ? copy_to_kernel_nofault+0x99/0x260 [ 29.978871] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.978900] ? copy_to_kernel_nofault+0x99/0x260 [ 29.978926] kasan_report+0x141/0x180 [ 29.978962] ? copy_to_kernel_nofault+0x99/0x260 [ 29.978992] kasan_check_range+0x10c/0x1c0 [ 29.979018] __kasan_check_write+0x18/0x20 [ 29.979043] copy_to_kernel_nofault+0x99/0x260 [ 29.979090] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.979117] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.979163] ? finish_task_switch.isra.0+0x153/0x700 [ 29.979200] ? __schedule+0x10da/0x2b60 [ 29.979223] ? trace_hardirqs_on+0x37/0xe0 [ 29.979255] ? __pfx_read_tsc+0x10/0x10 [ 29.979279] ? ktime_get_ts64+0x86/0x230 [ 29.979305] kunit_try_run_case+0x1a5/0x480 [ 29.979331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.979355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.979378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.979406] ? __kthread_parkme+0x82/0x180 [ 29.979427] ? preempt_count_sub+0x50/0x80 [ 29.979453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.979478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.979503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.979529] kthread+0x337/0x6f0 [ 29.979551] ? trace_preempt_on+0x20/0xc0 [ 29.979575] ? __pfx_kthread+0x10/0x10 [ 29.979597] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.979623] ? calculate_sigpending+0x7b/0xa0 [ 29.979649] ? __pfx_kthread+0x10/0x10 [ 29.979673] ret_from_fork+0x116/0x1d0 [ 29.979694] ? __pfx_kthread+0x10/0x10 [ 29.979717] ret_from_fork_asm+0x1a/0x30 [ 29.979750] </TASK> [ 29.979762] [ 29.995790] Allocated by task 330: [ 29.996395] kasan_save_stack+0x45/0x70 [ 29.996925] kasan_save_track+0x18/0x40 [ 29.997390] kasan_save_alloc_info+0x3b/0x50 [ 29.997549] __kasan_kmalloc+0xb7/0xc0 [ 29.997681] __kmalloc_cache_noprof+0x189/0x420 [ 29.998026] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.998779] kunit_try_run_case+0x1a5/0x480 [ 29.999367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.000047] kthread+0x337/0x6f0 [ 30.000503] ret_from_fork+0x116/0x1d0 [ 30.000833] ret_from_fork_asm+0x1a/0x30 [ 30.000985] [ 30.001110] The buggy address belongs to the object at ffff888106253700 [ 30.001110] which belongs to the cache kmalloc-128 of size 128 [ 30.002299] The buggy address is located 0 bytes to the right of [ 30.002299] allocated 120-byte region [ffff888106253700, ffff888106253778) [ 30.002697] [ 30.002767] The buggy address belongs to the physical page: [ 30.002958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.003207] flags: 0x200000000000000(node=0|zone=2) [ 30.003573] page_type: f5(slab) [ 30.003819] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.004771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.005149] page dumped because: kasan: bad access detected [ 30.005430] [ 30.005525] Memory state around the buggy address: [ 30.006026] ffff888106253600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.006426] ffff888106253680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.006829] >ffff888106253700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.007368] ^ [ 30.007752] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.008310] ffff888106253800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.008642] ================================================================== [ 29.939407] ================================================================== [ 29.939932] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.940204] Read of size 8 at addr ffff888106253778 by task kunit_try_catch/330 [ 29.940432] [ 29.940524] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.940579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.940593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.940618] Call Trace: [ 29.940632] <TASK> [ 29.940652] dump_stack_lvl+0x73/0xb0 [ 29.940684] print_report+0xd1/0x640 [ 29.940710] ? __virt_addr_valid+0x1db/0x2d0 [ 29.940735] ? copy_to_kernel_nofault+0x225/0x260 [ 29.940760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.940788] ? copy_to_kernel_nofault+0x225/0x260 [ 29.940813] kasan_report+0x141/0x180 [ 29.940837] ? copy_to_kernel_nofault+0x225/0x260 [ 29.940867] __asan_report_load8_noabort+0x18/0x20 [ 29.940893] copy_to_kernel_nofault+0x225/0x260 [ 29.940919] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.941307] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.941347] ? finish_task_switch.isra.0+0x153/0x700 [ 29.941376] ? __schedule+0x10da/0x2b60 [ 29.941400] ? trace_hardirqs_on+0x37/0xe0 [ 29.941435] ? __pfx_read_tsc+0x10/0x10 [ 29.941669] ? ktime_get_ts64+0x86/0x230 [ 29.941700] kunit_try_run_case+0x1a5/0x480 [ 29.941731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.941756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.941927] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.941982] ? __kthread_parkme+0x82/0x180 [ 29.942006] ? preempt_count_sub+0x50/0x80 [ 29.942031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.942057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.942085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.942111] kthread+0x337/0x6f0 [ 29.942132] ? trace_preempt_on+0x20/0xc0 [ 29.942157] ? __pfx_kthread+0x10/0x10 [ 29.942180] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.942206] ? calculate_sigpending+0x7b/0xa0 [ 29.942232] ? __pfx_kthread+0x10/0x10 [ 29.942255] ret_from_fork+0x116/0x1d0 [ 29.942276] ? __pfx_kthread+0x10/0x10 [ 29.942299] ret_from_fork_asm+0x1a/0x30 [ 29.942333] </TASK> [ 29.942347] [ 29.960258] Allocated by task 330: [ 29.960632] kasan_save_stack+0x45/0x70 [ 29.960999] kasan_save_track+0x18/0x40 [ 29.961391] kasan_save_alloc_info+0x3b/0x50 [ 29.961811] __kasan_kmalloc+0xb7/0xc0 [ 29.962193] __kmalloc_cache_noprof+0x189/0x420 [ 29.962705] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.963188] kunit_try_run_case+0x1a5/0x480 [ 29.963595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.963835] kthread+0x337/0x6f0 [ 29.964053] ret_from_fork+0x116/0x1d0 [ 29.964400] ret_from_fork_asm+0x1a/0x30 [ 29.964634] [ 29.964704] The buggy address belongs to the object at ffff888106253700 [ 29.964704] which belongs to the cache kmalloc-128 of size 128 [ 29.965462] The buggy address is located 0 bytes to the right of [ 29.965462] allocated 120-byte region [ffff888106253700, ffff888106253778) [ 29.966538] [ 29.966887] The buggy address belongs to the physical page: [ 29.967520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 29.968366] flags: 0x200000000000000(node=0|zone=2) [ 29.968975] page_type: f5(slab) [ 29.969308] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.969541] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.969766] page dumped because: kasan: bad access detected [ 29.970607] [ 29.970814] Memory state around the buggy address: [ 29.971396] ffff888106253600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.972316] ffff888106253680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.973046] >ffff888106253700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.973539] ^ [ 29.973759] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.974841] ffff888106253800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.975697] ==================================================================