Date
May 23, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.444879] ================================================================== [ 32.445069] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 32.445222] Write of size 8 at addr fff00000c78a6078 by task kunit_try_catch/283 [ 32.445380] [ 32.445492] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.445722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.445812] Hardware name: linux,dummy-virt (DT) [ 32.445915] Call trace: [ 32.446000] show_stack+0x20/0x38 (C) [ 32.446155] dump_stack_lvl+0x8c/0xd0 [ 32.446302] print_report+0x118/0x608 [ 32.446442] kasan_report+0xdc/0x128 [ 32.446582] kasan_check_range+0x100/0x1a8 [ 32.447001] __kasan_check_write+0x20/0x30 [ 32.447214] copy_to_kernel_nofault+0x8c/0x250 [ 32.447365] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 32.447530] kunit_try_run_case+0x170/0x3f0 [ 32.447679] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.448806] kthread+0x328/0x630 [ 32.449030] ret_from_fork+0x10/0x20 [ 32.449216] [ 32.449298] Allocated by task 283: [ 32.449408] kasan_save_stack+0x3c/0x68 [ 32.449615] kasan_save_track+0x20/0x40 [ 32.449789] kasan_save_alloc_info+0x40/0x58 [ 32.450142] __kasan_kmalloc+0xd4/0xd8 [ 32.450297] __kmalloc_cache_noprof+0x15c/0x3c0 [ 32.450424] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.450814] kunit_try_run_case+0x170/0x3f0 [ 32.450971] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.451196] kthread+0x328/0x630 [ 32.451862] ret_from_fork+0x10/0x20 [ 32.452028] [ 32.452207] The buggy address belongs to the object at fff00000c78a6000 [ 32.452207] which belongs to the cache kmalloc-128 of size 128 [ 32.452400] The buggy address is located 0 bytes to the right of [ 32.452400] allocated 120-byte region [fff00000c78a6000, fff00000c78a6078) [ 32.452630] [ 32.452923] The buggy address belongs to the physical page: [ 32.453046] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.453214] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.453370] page_type: f5(slab) [ 32.453501] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.453632] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.453749] page dumped because: kasan: bad access detected [ 32.453839] [ 32.453895] Memory state around the buggy address: [ 32.454388] fff00000c78a5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.454879] fff00000c78a5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.455037] >fff00000c78a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.455167] ^ [ 32.455298] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.455463] fff00000c78a6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.455590] ================================================================== [ 32.432978] ================================================================== [ 32.433357] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 32.433650] Read of size 8 at addr fff00000c78a6078 by task kunit_try_catch/283 [ 32.433903] [ 32.434685] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.434960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.435050] Hardware name: linux,dummy-virt (DT) [ 32.435152] Call trace: [ 32.435229] show_stack+0x20/0x38 (C) [ 32.435401] dump_stack_lvl+0x8c/0xd0 [ 32.435574] print_report+0x118/0x608 [ 32.437136] kasan_report+0xdc/0x128 [ 32.437352] __asan_report_load8_noabort+0x20/0x30 [ 32.437639] copy_to_kernel_nofault+0x204/0x250 [ 32.437900] copy_to_kernel_nofault_oob+0x158/0x418 [ 32.438069] kunit_try_run_case+0x170/0x3f0 [ 32.438366] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.438548] kthread+0x328/0x630 [ 32.438679] ret_from_fork+0x10/0x20 [ 32.438825] [ 32.438888] Allocated by task 283: [ 32.438971] kasan_save_stack+0x3c/0x68 [ 32.439084] kasan_save_track+0x20/0x40 [ 32.439219] kasan_save_alloc_info+0x40/0x58 [ 32.439411] __kasan_kmalloc+0xd4/0xd8 [ 32.439543] __kmalloc_cache_noprof+0x15c/0x3c0 [ 32.439681] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.439819] kunit_try_run_case+0x170/0x3f0 [ 32.439980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.440122] kthread+0x328/0x630 [ 32.440224] ret_from_fork+0x10/0x20 [ 32.440327] [ 32.440388] The buggy address belongs to the object at fff00000c78a6000 [ 32.440388] which belongs to the cache kmalloc-128 of size 128 [ 32.440602] The buggy address is located 0 bytes to the right of [ 32.440602] allocated 120-byte region [fff00000c78a6000, fff00000c78a6078) [ 32.440884] [ 32.440978] The buggy address belongs to the physical page: [ 32.441069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.441264] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.441524] page_type: f5(slab) [ 32.441732] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.441920] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.442080] page dumped because: kasan: bad access detected [ 32.442245] [ 32.442330] Memory state around the buggy address: [ 32.442475] fff00000c78a5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.442597] fff00000c78a5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.442703] >fff00000c78a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.442837] ^ [ 32.442958] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.443083] fff00000c78a6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.443195] ==================================================================
[ 16.389091] ================================================================== [ 16.389440] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.389675] Write of size 8 at addr ffff8881026f5d78 by task kunit_try_catch/300 [ 16.389953] [ 16.390168] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.390235] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.390249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.390271] Call Trace: [ 16.390289] <TASK> [ 16.390335] dump_stack_lvl+0x73/0xb0 [ 16.390364] print_report+0xd1/0x650 [ 16.390388] ? __virt_addr_valid+0x1db/0x2d0 [ 16.390410] ? copy_to_kernel_nofault+0x99/0x260 [ 16.390432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.390456] ? copy_to_kernel_nofault+0x99/0x260 [ 16.390477] kasan_report+0x141/0x180 [ 16.390501] ? copy_to_kernel_nofault+0x99/0x260 [ 16.390528] kasan_check_range+0x10c/0x1c0 [ 16.390549] __kasan_check_write+0x18/0x20 [ 16.390573] copy_to_kernel_nofault+0x99/0x260 [ 16.390596] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.390622] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.390646] ? finish_task_switch.isra.0+0x153/0x700 [ 16.390670] ? __schedule+0x10cc/0x2b30 [ 16.390698] ? trace_hardirqs_on+0x37/0xe0 [ 16.390750] ? __pfx_read_tsc+0x10/0x10 [ 16.390771] ? ktime_get_ts64+0x86/0x230 [ 16.390797] kunit_try_run_case+0x1a5/0x480 [ 16.390838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.390861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.390901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.390926] ? __kthread_parkme+0x82/0x180 [ 16.390949] ? preempt_count_sub+0x50/0x80 [ 16.390975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.391000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.391023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.391240] kthread+0x337/0x6f0 [ 16.391268] ? trace_preempt_on+0x20/0xc0 [ 16.391292] ? __pfx_kthread+0x10/0x10 [ 16.391324] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.391368] ? calculate_sigpending+0x7b/0xa0 [ 16.391391] ? __pfx_kthread+0x10/0x10 [ 16.391424] ret_from_fork+0x41/0x80 [ 16.391447] ? __pfx_kthread+0x10/0x10 [ 16.391477] ret_from_fork_asm+0x1a/0x30 [ 16.391509] </TASK> [ 16.391522] [ 16.400510] Allocated by task 300: [ 16.400718] kasan_save_stack+0x45/0x70 [ 16.400942] kasan_save_track+0x18/0x40 [ 16.401297] kasan_save_alloc_info+0x3b/0x50 [ 16.401572] __kasan_kmalloc+0xb7/0xc0 [ 16.401716] __kmalloc_cache_noprof+0x189/0x420 [ 16.401867] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.402156] kunit_try_run_case+0x1a5/0x480 [ 16.402404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.402690] kthread+0x337/0x6f0 [ 16.402879] ret_from_fork+0x41/0x80 [ 16.403187] ret_from_fork_asm+0x1a/0x30 [ 16.403342] [ 16.403435] The buggy address belongs to the object at ffff8881026f5d00 [ 16.403435] which belongs to the cache kmalloc-128 of size 128 [ 16.404107] The buggy address is located 0 bytes to the right of [ 16.404107] allocated 120-byte region [ffff8881026f5d00, ffff8881026f5d78) [ 16.404807] [ 16.404973] The buggy address belongs to the physical page: [ 16.405228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f5 [ 16.405645] flags: 0x200000000000000(node=0|zone=2) [ 16.405864] page_type: f5(slab) [ 16.406111] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.406472] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.406709] page dumped because: kasan: bad access detected [ 16.406885] [ 16.406958] Memory state around the buggy address: [ 16.407182] ffff8881026f5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.407554] ffff8881026f5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.408035] >ffff8881026f5d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.408578] ^ [ 16.408875] ffff8881026f5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.409221] ffff8881026f5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.409452] ================================================================== [ 16.366035] ================================================================== [ 16.366837] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.367881] Read of size 8 at addr ffff8881026f5d78 by task kunit_try_catch/300 [ 16.368563] [ 16.368660] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.368710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.368725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.368748] Call Trace: [ 16.368763] <TASK> [ 16.368781] dump_stack_lvl+0x73/0xb0 [ 16.368812] print_report+0xd1/0x650 [ 16.368839] ? __virt_addr_valid+0x1db/0x2d0 [ 16.368862] ? copy_to_kernel_nofault+0x225/0x260 [ 16.368884] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.368908] ? copy_to_kernel_nofault+0x225/0x260 [ 16.368930] kasan_report+0x141/0x180 [ 16.368955] ? copy_to_kernel_nofault+0x225/0x260 [ 16.368982] __asan_report_load8_noabort+0x18/0x20 [ 16.369005] copy_to_kernel_nofault+0x225/0x260 [ 16.369028] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.369053] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.369077] ? finish_task_switch.isra.0+0x153/0x700 [ 16.369104] ? __schedule+0x10cc/0x2b30 [ 16.369127] ? trace_hardirqs_on+0x37/0xe0 [ 16.369160] ? __pfx_read_tsc+0x10/0x10 [ 16.369182] ? ktime_get_ts64+0x86/0x230 [ 16.369209] kunit_try_run_case+0x1a5/0x480 [ 16.369235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.369258] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.369282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.369318] ? __kthread_parkme+0x82/0x180 [ 16.369342] ? preempt_count_sub+0x50/0x80 [ 16.369368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.369392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.369416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.369440] kthread+0x337/0x6f0 [ 16.369459] ? trace_preempt_on+0x20/0xc0 [ 16.369483] ? __pfx_kthread+0x10/0x10 [ 16.369522] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.369544] ? calculate_sigpending+0x7b/0xa0 [ 16.369568] ? __pfx_kthread+0x10/0x10 [ 16.369588] ret_from_fork+0x41/0x80 [ 16.369610] ? __pfx_kthread+0x10/0x10 [ 16.369630] ret_from_fork_asm+0x1a/0x30 [ 16.369662] </TASK> [ 16.369675] [ 16.378987] Allocated by task 300: [ 16.379225] kasan_save_stack+0x45/0x70 [ 16.379483] kasan_save_track+0x18/0x40 [ 16.379684] kasan_save_alloc_info+0x3b/0x50 [ 16.379890] __kasan_kmalloc+0xb7/0xc0 [ 16.380201] __kmalloc_cache_noprof+0x189/0x420 [ 16.380462] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.380693] kunit_try_run_case+0x1a5/0x480 [ 16.380852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.381192] kthread+0x337/0x6f0 [ 16.381404] ret_from_fork+0x41/0x80 [ 16.381540] ret_from_fork_asm+0x1a/0x30 [ 16.381809] [ 16.381903] The buggy address belongs to the object at ffff8881026f5d00 [ 16.381903] which belongs to the cache kmalloc-128 of size 128 [ 16.382445] The buggy address is located 0 bytes to the right of [ 16.382445] allocated 120-byte region [ffff8881026f5d00, ffff8881026f5d78) [ 16.383294] [ 16.383415] The buggy address belongs to the physical page: [ 16.383810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f5 [ 16.384214] flags: 0x200000000000000(node=0|zone=2) [ 16.384466] page_type: f5(slab) [ 16.384685] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.385081] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.385301] page dumped because: kasan: bad access detected [ 16.385477] [ 16.385703] Memory state around the buggy address: [ 16.386053] ffff8881026f5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.386419] ffff8881026f5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.386633] >ffff8881026f5d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.387209] ^ [ 16.387591] ffff8881026f5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.387837] ffff8881026f5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.388391] ==================================================================