Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 90.881469] ================================================================== [ 90.888732] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x144/0x3fc [ 90.896179] Write of size 8 at addr cc23f178 by task kunit_try_catch/337 [ 90.902923] [ 90.904449] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 90.904479] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 90.904479] Hardware name: Generic DRA74X (Flattened Device Tree) [ 90.904479] Call trace: [ 90.904510] unwind_backtrace from show_stack+0x18/0x1c [ 90.904510] show_stack from dump_stack_lvl+0x70/0x90 [ 90.904541] dump_stack_lvl from print_report+0x158/0x528 [ 90.904571] print_report from kasan_report+0xdc/0x118 [ 90.904602] kasan_report from kasan_check_range+0x14c/0x198 [ 90.904632] kasan_check_range from copy_to_kernel_nofault+0x144/0x3fc [ 90.904632] copy_to_kernel_nofault from copy_to_kernel_nofault_oob+0x258/0x4fc [ 90.904663] copy_to_kernel_nofault_oob from kunit_try_run_case+0x22c/0x5a8 [ 90.904693] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.904724] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 90.904754] kthread from ret_from_fork+0x14/0x20 [ 90.904785] Exception stack(0xf2763fb0 to 0xf2763ff8) [ 90.904785] 3fa0: 00000000 00000000 00000000 00000000 [ 90.904815] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 90.904815] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 90.904846] [ 91.024383] Allocated by task 337: [ 91.027801] kasan_save_track+0x30/0x5c [ 91.031677] __kasan_kmalloc+0x8c/0x94 [ 91.035461] copy_to_kernel_nofault_oob+0xf0/0x4fc [ 91.040283] kunit_try_run_case+0x22c/0x5a8 [ 91.044525] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 91.050048] kthread+0x464/0x810 [ 91.053283] ret_from_fork+0x14/0x20 [ 91.056915] [ 91.058410] The buggy address belongs to the object at cc23f100 [ 91.058410] which belongs to the cache kmalloc-128 of size 128 [ 91.070312] The buggy address is located 0 bytes to the right of [ 91.070312] allocated 120-byte region [cc23f100, cc23f178) [ 91.081939] [ 91.083435] The buggy address belongs to the physical page: [ 91.089050] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23f [ 91.096313] flags: 0x0(zone=0) [ 91.099395] page_type: f5(slab) [ 91.102569] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 91.110717] raw: 00000000 [ 91.113372] page dumped because: kasan: bad access detected [ 91.118957] [ 91.120483] Memory state around the buggy address: [ 91.125305] cc23f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 91.131866] cc23f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.138427] >cc23f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 91.145019] ^ [ 91.151489] cc23f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.158050] cc23f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.164642] ================================================================== [ 90.589233] ================================================================== [ 90.604187] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x37c/0x3fc [ 90.611663] Read of size 8 at addr cc23f178 by task kunit_try_catch/337 [ 90.618316] [ 90.619812] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 90.619842] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 90.619873] Hardware name: Generic DRA74X (Flattened Device Tree) [ 90.619873] Call trace: [ 90.619873] unwind_backtrace from show_stack+0x18/0x1c [ 90.619903] show_stack from dump_stack_lvl+0x70/0x90 [ 90.619934] dump_stack_lvl from print_report+0x158/0x528 [ 90.619964] print_report from kasan_report+0xdc/0x118 [ 90.619995] kasan_report from copy_to_kernel_nofault+0x37c/0x3fc [ 90.620025] copy_to_kernel_nofault from copy_to_kernel_nofault_oob+0x1c0/0x4fc [ 90.620056] copy_to_kernel_nofault_oob from kunit_try_run_case+0x22c/0x5a8 [ 90.620056] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.620086] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 90.620117] kthread from ret_from_fork+0x14/0x20 [ 90.620147] Exception stack(0xf2763fb0 to 0xf2763ff8) [ 90.620147] 3fa0: 00000000 00000000 00000000 00000000 [ 90.620178] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 90.620208] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 90.620208] [ 90.733642] Allocated by task 337: [ 90.737060] kasan_save_track+0x30/0x5c [ 90.740936] __kasan_kmalloc+0x8c/0x94 [ 90.744720] copy_to_kernel_nofault_oob+0xf0/0x4fc [ 90.749542] kunit_try_run_case+0x22c/0x5a8 [ 90.753784] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 90.759307] kthread+0x464/0x810 [ 90.762542] ret_from_fork+0x14/0x20 [ 90.766174] [ 90.767669] The buggy address belongs to the object at cc23f100 [ 90.767669] which belongs to the cache kmalloc-128 of size 128 [ 90.779571] The buggy address is located 0 bytes to the right of [ 90.779571] allocated 120-byte region [cc23f100, cc23f178) [ 90.791198] [ 90.792724] The buggy address belongs to the physical page: [ 90.798309] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23f [ 90.805603] flags: 0x0(zone=0) [ 90.808685] page_type: f5(slab) [ 90.811828] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 90.819976] raw: 00000000 [ 90.822631] page dumped because: kasan: bad access detected [ 90.828247] [ 90.829742] Memory state around the buggy address: [ 90.834564] cc23f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 90.841125] cc23f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.847717] >cc23f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 90.854278] ^ [ 90.860778] cc23f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.867340] cc23f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.873901] ==================================================================
[ 75.943037] ================================================================== [ 75.950268] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 75.957583] Write of size 8 at addr ffff88810633a778 by task kunit_try_catch/324 [ 75.964974] [ 75.966475] CPU: 3 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 75.966484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 75.966486] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 75.966489] Call Trace: [ 75.966491] <TASK> [ 75.966493] dump_stack_lvl+0x73/0xb0 [ 75.966497] print_report+0xd1/0x650 [ 75.966502] ? __virt_addr_valid+0x1db/0x2d0 [ 75.966506] ? copy_to_kernel_nofault+0x99/0x260 [ 75.966510] ? kasan_complete_mode_report_info+0x2a/0x200 [ 75.966515] ? copy_to_kernel_nofault+0x99/0x260 [ 75.966520] kasan_report+0x141/0x180 [ 75.966524] ? copy_to_kernel_nofault+0x99/0x260 [ 75.966530] kasan_check_range+0x10c/0x1c0 [ 75.966535] __kasan_check_write+0x18/0x20 [ 75.966539] copy_to_kernel_nofault+0x99/0x260 [ 75.966544] copy_to_kernel_nofault_oob+0x288/0x560 [ 75.966548] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 75.966553] ? finish_task_switch.isra.0+0x153/0x700 [ 75.966558] ? __schedule+0x10cc/0x2b30 [ 75.966562] ? trace_hardirqs_on+0x37/0xe0 [ 75.966568] ? ktime_get_ts64+0x83/0x230 [ 75.966573] kunit_try_run_case+0x1a2/0x480 [ 75.966578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 75.966582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 75.966587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 75.966592] ? __kthread_parkme+0x82/0x180 [ 75.966596] ? preempt_count_sub+0x50/0x80 [ 75.966601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 75.966605] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 75.966609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 75.966614] kthread+0x334/0x6f0 [ 75.966618] ? trace_preempt_on+0x20/0xc0 [ 75.966622] ? __pfx_kthread+0x10/0x10 [ 75.966627] ? _raw_spin_unlock_irq+0x47/0x80 [ 75.966631] ? calculate_sigpending+0x7b/0xa0 [ 75.966635] ? __pfx_kthread+0x10/0x10 [ 75.966639] ret_from_fork+0x3e/0x80 [ 75.966643] ? __pfx_kthread+0x10/0x10 [ 75.966648] ret_from_fork_asm+0x1a/0x30 [ 75.966654] </TASK> [ 75.966656] [ 76.148962] Allocated by task 324: [ 76.152367] kasan_save_stack+0x45/0x70 [ 76.156214] kasan_save_track+0x18/0x40 [ 76.160054] kasan_save_alloc_info+0x3b/0x50 [ 76.164335] __kasan_kmalloc+0xb7/0xc0 [ 76.168086] __kmalloc_cache_noprof+0x189/0x420 [ 76.172620] copy_to_kernel_nofault_oob+0x12f/0x560 [ 76.177508] kunit_try_run_case+0x1a2/0x480 [ 76.181692] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 76.187119] kthread+0x334/0x6f0 [ 76.190359] ret_from_fork+0x3e/0x80 [ 76.193939] ret_from_fork_asm+0x1a/0x30 [ 76.197864] [ 76.199364] The buggy address belongs to the object at ffff88810633a700 [ 76.199364] which belongs to the cache kmalloc-128 of size 128 [ 76.211878] The buggy address is located 0 bytes to the right of [ 76.211878] allocated 120-byte region [ffff88810633a700, ffff88810633a778) [ 76.224835] [ 76.226333] The buggy address belongs to the physical page: [ 76.231906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10633a [ 76.239914] flags: 0x200000000000000(node=0|zone=2) [ 76.244801] page_type: f5(slab) [ 76.247949] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 76.255695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 76.263443] page dumped because: kasan: bad access detected [ 76.269014] [ 76.270513] Memory state around the buggy address: [ 76.275305] ffff88810633a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.282525] ffff88810633a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.289745] >ffff88810633a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 76.296973] ^ [ 76.304113] ffff88810633a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.311331] ffff88810633a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.318549] ================================================================== [ 75.555721] ================================================================== [ 75.570618] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 75.578017] Read of size 8 at addr ffff88810633a778 by task kunit_try_catch/324 [ 75.585324] [ 75.586824] CPU: 3 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 75.586833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 75.586835] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 75.586839] Call Trace: [ 75.586841] <TASK> [ 75.586843] dump_stack_lvl+0x73/0xb0 [ 75.586847] print_report+0xd1/0x650 [ 75.586852] ? __virt_addr_valid+0x1db/0x2d0 [ 75.586856] ? copy_to_kernel_nofault+0x225/0x260 [ 75.586860] ? kasan_complete_mode_report_info+0x2a/0x200 [ 75.586865] ? copy_to_kernel_nofault+0x225/0x260 [ 75.586870] kasan_report+0x141/0x180 [ 75.586874] ? copy_to_kernel_nofault+0x225/0x260 [ 75.586880] __asan_report_load8_noabort+0x18/0x20 [ 75.586884] copy_to_kernel_nofault+0x225/0x260 [ 75.586889] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 75.586894] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 75.586899] ? finish_task_switch.isra.0+0x153/0x700 [ 75.586904] ? __schedule+0x10cc/0x2b30 [ 75.586908] ? trace_hardirqs_on+0x37/0xe0 [ 75.586915] ? ktime_get_ts64+0x83/0x230 [ 75.586920] kunit_try_run_case+0x1a2/0x480 [ 75.586924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 75.586929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 75.586934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 75.586938] ? __kthread_parkme+0x82/0x180 [ 75.586943] ? preempt_count_sub+0x50/0x80 [ 75.586947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 75.586952] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 75.586957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 75.586961] kthread+0x334/0x6f0 [ 75.586965] ? trace_preempt_on+0x20/0xc0 [ 75.586970] ? __pfx_kthread+0x10/0x10 [ 75.586974] ? _raw_spin_unlock_irq+0x47/0x80 [ 75.586979] ? calculate_sigpending+0x7b/0xa0 [ 75.586983] ? __pfx_kthread+0x10/0x10 [ 75.586987] ret_from_fork+0x3e/0x80 [ 75.586992] ? __pfx_kthread+0x10/0x10 [ 75.586996] ret_from_fork_asm+0x1a/0x30 [ 75.587002] </TASK> [ 75.587004] [ 75.766224] Allocated by task 324: [ 75.769628] kasan_save_stack+0x45/0x70 [ 75.773467] kasan_save_track+0x18/0x40 [ 75.777306] kasan_save_alloc_info+0x3b/0x50 [ 75.781579] __kasan_kmalloc+0xb7/0xc0 [ 75.785331] __kmalloc_cache_noprof+0x189/0x420 [ 75.789865] copy_to_kernel_nofault_oob+0x12f/0x560 [ 75.794745] kunit_try_run_case+0x1a2/0x480 [ 75.798938] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 75.804336] kthread+0x334/0x6f0 [ 75.807569] ret_from_fork+0x3e/0x80 [ 75.811149] ret_from_fork_asm+0x1a/0x30 [ 75.815076] [ 75.816573] The buggy address belongs to the object at ffff88810633a700 [ 75.816573] which belongs to the cache kmalloc-128 of size 128 [ 75.829079] The buggy address is located 0 bytes to the right of [ 75.829079] allocated 120-byte region [ffff88810633a700, ffff88810633a778) [ 75.842026] [ 75.843525] The buggy address belongs to the physical page: [ 75.849098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10633a [ 75.857107] flags: 0x200000000000000(node=0|zone=2) [ 75.861987] page_type: f5(slab) [ 75.865134] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 75.872880] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 75.880628] page dumped because: kasan: bad access detected [ 75.886198] [ 75.887698] Memory state around the buggy address: [ 75.892509] ffff88810633a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.899739] ffff88810633a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.906964] >ffff88810633a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 75.914181] ^ [ 75.921314] ffff88810633a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.928535] ffff88810633a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.935761] ==================================================================