Date
May 13, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.240096] ================================================================== [ 22.240340] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 22.240575] Read of size 8 at addr fff00000c6620b78 by task kunit_try_catch/281 [ 22.240707] [ 22.240775] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.241161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.241524] Hardware name: linux,dummy-virt (DT) [ 22.241591] Call trace: [ 22.241764] show_stack+0x20/0x38 (C) [ 22.242149] dump_stack_lvl+0x8c/0xd0 [ 22.242271] print_report+0x118/0x608 [ 22.242515] kasan_report+0xdc/0x128 [ 22.242669] __asan_report_load8_noabort+0x20/0x30 [ 22.242857] copy_to_kernel_nofault+0x204/0x250 [ 22.242918] copy_to_kernel_nofault_oob+0x158/0x418 [ 22.242987] kunit_try_run_case+0x170/0x3f0 [ 22.243142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.243211] kthread+0x328/0x630 [ 22.243654] ret_from_fork+0x10/0x20 [ 22.244077] [ 22.244136] Allocated by task 281: [ 22.244195] kasan_save_stack+0x3c/0x68 [ 22.244416] kasan_save_track+0x20/0x40 [ 22.244479] kasan_save_alloc_info+0x40/0x58 [ 22.244523] __kasan_kmalloc+0xd4/0xd8 [ 22.244728] __kmalloc_cache_noprof+0x15c/0x3c0 [ 22.244787] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.244837] kunit_try_run_case+0x170/0x3f0 [ 22.244932] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.245260] kthread+0x328/0x630 [ 22.245434] ret_from_fork+0x10/0x20 [ 22.245639] [ 22.245750] The buggy address belongs to the object at fff00000c6620b00 [ 22.245750] which belongs to the cache kmalloc-128 of size 128 [ 22.245850] The buggy address is located 0 bytes to the right of [ 22.245850] allocated 120-byte region [fff00000c6620b00, fff00000c6620b78) [ 22.246226] [ 22.246268] The buggy address belongs to the physical page: [ 22.246609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.247166] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.247260] page_type: f5(slab) [ 22.247506] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.247644] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.247742] page dumped because: kasan: bad access detected [ 22.248297] [ 22.248342] Memory state around the buggy address: [ 22.248449] fff00000c6620a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.248560] fff00000c6620a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.248650] >fff00000c6620b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.248884] ^ [ 22.249103] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.249182] fff00000c6620c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.249233] ================================================================== [ 22.252586] ================================================================== [ 22.252723] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 22.252808] Write of size 8 at addr fff00000c6620b78 by task kunit_try_catch/281 [ 22.253332] [ 22.253383] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.253483] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.253520] Hardware name: linux,dummy-virt (DT) [ 22.253953] Call trace: [ 22.254011] show_stack+0x20/0x38 (C) [ 22.254083] dump_stack_lvl+0x8c/0xd0 [ 22.254137] print_report+0x118/0x608 [ 22.254191] kasan_report+0xdc/0x128 [ 22.254240] kasan_check_range+0x100/0x1a8 [ 22.254632] __kasan_check_write+0x20/0x30 [ 22.254761] copy_to_kernel_nofault+0x8c/0x250 [ 22.254826] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 22.255466] kunit_try_run_case+0x170/0x3f0 [ 22.255554] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.255765] kthread+0x328/0x630 [ 22.255963] ret_from_fork+0x10/0x20 [ 22.256159] [ 22.256188] Allocated by task 281: [ 22.256365] kasan_save_stack+0x3c/0x68 [ 22.256426] kasan_save_track+0x20/0x40 [ 22.256689] kasan_save_alloc_info+0x40/0x58 [ 22.256771] __kasan_kmalloc+0xd4/0xd8 [ 22.256817] __kmalloc_cache_noprof+0x15c/0x3c0 [ 22.256863] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.257360] kunit_try_run_case+0x170/0x3f0 [ 22.257488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.257548] kthread+0x328/0x630 [ 22.257596] ret_from_fork+0x10/0x20 [ 22.257796] [ 22.257871] The buggy address belongs to the object at fff00000c6620b00 [ 22.257871] which belongs to the cache kmalloc-128 of size 128 [ 22.258206] The buggy address is located 0 bytes to the right of [ 22.258206] allocated 120-byte region [fff00000c6620b00, fff00000c6620b78) [ 22.258439] [ 22.258546] The buggy address belongs to the physical page: [ 22.258603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.259092] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.259232] page_type: f5(slab) [ 22.259296] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.259511] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.259679] page dumped because: kasan: bad access detected [ 22.259731] [ 22.259757] Memory state around the buggy address: [ 22.259820] fff00000c6620a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.259879] fff00000c6620a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.260260] >fff00000c6620b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.260337] ^ [ 22.260392] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.260447] fff00000c6620c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.260745] ==================================================================
[ 15.076262] ================================================================== [ 15.076914] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.077589] Write of size 8 at addr ffff8881029ceb78 by task kunit_try_catch/298 [ 15.078307] [ 15.078570] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.078630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.078644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.078666] Call Trace: [ 15.078679] <TASK> [ 15.078695] dump_stack_lvl+0x73/0xb0 [ 15.078757] print_report+0xd1/0x650 [ 15.078781] ? __virt_addr_valid+0x1db/0x2d0 [ 15.078816] ? copy_to_kernel_nofault+0x99/0x260 [ 15.078841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.078865] ? copy_to_kernel_nofault+0x99/0x260 [ 15.078891] kasan_report+0x141/0x180 [ 15.078915] ? copy_to_kernel_nofault+0x99/0x260 [ 15.078945] kasan_check_range+0x10c/0x1c0 [ 15.078972] __kasan_check_write+0x18/0x20 [ 15.078993] copy_to_kernel_nofault+0x99/0x260 [ 15.079020] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.079045] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.079070] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.079095] ? trace_hardirqs_on+0x37/0xe0 [ 15.079129] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.079158] kunit_try_run_case+0x1a5/0x480 [ 15.079202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.079225] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.079249] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.079272] ? __kthread_parkme+0x82/0x180 [ 15.079293] ? preempt_count_sub+0x50/0x80 [ 15.079318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.079342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.079369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.079395] kthread+0x337/0x6f0 [ 15.079416] ? trace_preempt_on+0x20/0xc0 [ 15.079439] ? __pfx_kthread+0x10/0x10 [ 15.079461] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.079483] ? calculate_sigpending+0x7b/0xa0 [ 15.079508] ? __pfx_kthread+0x10/0x10 [ 15.079532] ret_from_fork+0x116/0x1d0 [ 15.079551] ? __pfx_kthread+0x10/0x10 [ 15.079573] ret_from_fork_asm+0x1a/0x30 [ 15.079605] </TASK> [ 15.079625] [ 15.091971] Allocated by task 298: [ 15.092364] kasan_save_stack+0x45/0x70 [ 15.092604] kasan_save_track+0x18/0x40 [ 15.092948] kasan_save_alloc_info+0x3b/0x50 [ 15.093291] __kasan_kmalloc+0xb7/0xc0 [ 15.093552] __kmalloc_cache_noprof+0x189/0x420 [ 15.093875] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.094036] kunit_try_run_case+0x1a5/0x480 [ 15.094222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.094770] kthread+0x337/0x6f0 [ 15.095110] ret_from_fork+0x116/0x1d0 [ 15.095510] ret_from_fork_asm+0x1a/0x30 [ 15.095913] [ 15.096099] The buggy address belongs to the object at ffff8881029ceb00 [ 15.096099] which belongs to the cache kmalloc-128 of size 128 [ 15.096907] The buggy address is located 0 bytes to the right of [ 15.096907] allocated 120-byte region [ffff8881029ceb00, ffff8881029ceb78) [ 15.097767] [ 15.097894] The buggy address belongs to the physical page: [ 15.098240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.098788] flags: 0x200000000000000(node=0|zone=2) [ 15.098948] page_type: f5(slab) [ 15.099071] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.099647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.100337] page dumped because: kasan: bad access detected [ 15.100853] [ 15.101045] Memory state around the buggy address: [ 15.101506] ffff8881029cea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.101981] ffff8881029cea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.102474] >ffff8881029ceb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.102926] ^ [ 15.103133] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.103793] ffff8881029cec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104454] ================================================================== [ 15.050037] ================================================================== [ 15.050954] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.052211] Read of size 8 at addr ffff8881029ceb78 by task kunit_try_catch/298 [ 15.052456] [ 15.052561] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.052624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.052696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.052722] Call Trace: [ 15.052736] <TASK> [ 15.052754] dump_stack_lvl+0x73/0xb0 [ 15.052789] print_report+0xd1/0x650 [ 15.052815] ? __virt_addr_valid+0x1db/0x2d0 [ 15.052840] ? copy_to_kernel_nofault+0x225/0x260 [ 15.052866] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.052891] ? copy_to_kernel_nofault+0x225/0x260 [ 15.052916] kasan_report+0x141/0x180 [ 15.052940] ? copy_to_kernel_nofault+0x225/0x260 [ 15.052971] __asan_report_load8_noabort+0x18/0x20 [ 15.052993] copy_to_kernel_nofault+0x225/0x260 [ 15.053020] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.053046] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.053070] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.053096] ? trace_hardirqs_on+0x37/0xe0 [ 15.053129] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.053158] kunit_try_run_case+0x1a5/0x480 [ 15.053206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.053229] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.053255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.053278] ? __kthread_parkme+0x82/0x180 [ 15.053300] ? preempt_count_sub+0x50/0x80 [ 15.053326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.053350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.053374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.053398] kthread+0x337/0x6f0 [ 15.053419] ? trace_preempt_on+0x20/0xc0 [ 15.053442] ? __pfx_kthread+0x10/0x10 [ 15.053464] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.053486] ? calculate_sigpending+0x7b/0xa0 [ 15.053577] ? __pfx_kthread+0x10/0x10 [ 15.053604] ret_from_fork+0x116/0x1d0 [ 15.053647] ? __pfx_kthread+0x10/0x10 [ 15.053669] ret_from_fork_asm+0x1a/0x30 [ 15.053703] </TASK> [ 15.053716] [ 15.062237] Allocated by task 298: [ 15.062455] kasan_save_stack+0x45/0x70 [ 15.062767] kasan_save_track+0x18/0x40 [ 15.062983] kasan_save_alloc_info+0x3b/0x50 [ 15.063178] __kasan_kmalloc+0xb7/0xc0 [ 15.063396] __kmalloc_cache_noprof+0x189/0x420 [ 15.063623] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.063861] kunit_try_run_case+0x1a5/0x480 [ 15.064041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.064654] kthread+0x337/0x6f0 [ 15.064841] ret_from_fork+0x116/0x1d0 [ 15.065061] ret_from_fork_asm+0x1a/0x30 [ 15.065216] [ 15.065290] The buggy address belongs to the object at ffff8881029ceb00 [ 15.065290] which belongs to the cache kmalloc-128 of size 128 [ 15.066633] The buggy address is located 0 bytes to the right of [ 15.066633] allocated 120-byte region [ffff8881029ceb00, ffff8881029ceb78) [ 15.067635] [ 15.067724] The buggy address belongs to the physical page: [ 15.067905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.068151] flags: 0x200000000000000(node=0|zone=2) [ 15.068319] page_type: f5(slab) [ 15.068444] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.068820] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.069392] page dumped because: kasan: bad access detected [ 15.069626] [ 15.069892] Memory state around the buggy address: [ 15.070326] ffff8881029cea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.070686] ffff8881029cea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.071345] >ffff8881029ceb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.072301] ^ [ 15.073733] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.074595] ffff8881029cec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.075389] ==================================================================