Date
May 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.165350] ================================================================== [ 21.165529] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 21.165731] Read of size 8 at addr fff00000c7893278 by task kunit_try_catch/281 [ 21.165854] [ 21.165988] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.166269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.166347] Hardware name: linux,dummy-virt (DT) [ 21.166454] Call trace: [ 21.166535] show_stack+0x20/0x38 (C) [ 21.166700] dump_stack_lvl+0x8c/0xd0 [ 21.166866] print_report+0x118/0x608 [ 21.166971] kasan_report+0xdc/0x128 [ 21.167078] __asan_report_load8_noabort+0x20/0x30 [ 21.167189] copy_to_kernel_nofault+0x204/0x250 [ 21.167292] copy_to_kernel_nofault_oob+0x158/0x418 [ 21.167417] kunit_try_run_case+0x170/0x3f0 [ 21.167536] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.167681] kthread+0x328/0x630 [ 21.167969] ret_from_fork+0x10/0x20 [ 21.168146] [ 21.168198] Allocated by task 281: [ 21.168276] kasan_save_stack+0x3c/0x68 [ 21.168387] kasan_save_track+0x20/0x40 [ 21.168486] kasan_save_alloc_info+0x40/0x58 [ 21.169065] __kasan_kmalloc+0xd4/0xd8 [ 21.169332] __kmalloc_cache_noprof+0x15c/0x3c0 [ 21.169627] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.169945] kunit_try_run_case+0x170/0x3f0 [ 21.170107] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.170445] kthread+0x328/0x630 [ 21.170530] ret_from_fork+0x10/0x20 [ 21.170793] [ 21.170924] The buggy address belongs to the object at fff00000c7893200 [ 21.170924] which belongs to the cache kmalloc-128 of size 128 [ 21.171044] The buggy address is located 0 bytes to the right of [ 21.171044] allocated 120-byte region [fff00000c7893200, fff00000c7893278) [ 21.171180] [ 21.171575] The buggy address belongs to the physical page: [ 21.171801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.171931] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.172276] page_type: f5(slab) [ 21.172484] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.172645] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.172993] page dumped because: kasan: bad access detected [ 21.173088] [ 21.173217] Memory state around the buggy address: [ 21.173500] fff00000c7893100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.173701] fff00000c7893180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.174094] >fff00000c7893200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.174195] ^ [ 21.174678] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.174835] fff00000c7893300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.174947] ================================================================== [ 21.176186] ================================================================== [ 21.176362] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 21.176539] Write of size 8 at addr fff00000c7893278 by task kunit_try_catch/281 [ 21.176701] [ 21.176800] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.177049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.177137] Hardware name: linux,dummy-virt (DT) [ 21.177233] Call trace: [ 21.177304] show_stack+0x20/0x38 (C) [ 21.177408] dump_stack_lvl+0x8c/0xd0 [ 21.177506] print_report+0x118/0x608 [ 21.178127] kasan_report+0xdc/0x128 [ 21.178325] kasan_check_range+0x100/0x1a8 [ 21.178475] __kasan_check_write+0x20/0x30 [ 21.178605] copy_to_kernel_nofault+0x8c/0x250 [ 21.178728] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 21.178951] kunit_try_run_case+0x170/0x3f0 [ 21.179071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.179196] kthread+0x328/0x630 [ 21.179287] ret_from_fork+0x10/0x20 [ 21.179682] [ 21.179724] Allocated by task 281: [ 21.179806] kasan_save_stack+0x3c/0x68 [ 21.179913] kasan_save_track+0x20/0x40 [ 21.180011] kasan_save_alloc_info+0x40/0x58 [ 21.180110] __kasan_kmalloc+0xd4/0xd8 [ 21.180206] __kmalloc_cache_noprof+0x15c/0x3c0 [ 21.180335] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.180416] kunit_try_run_case+0x170/0x3f0 [ 21.180492] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.180582] kthread+0x328/0x630 [ 21.180650] ret_from_fork+0x10/0x20 [ 21.180744] [ 21.180808] The buggy address belongs to the object at fff00000c7893200 [ 21.180808] which belongs to the cache kmalloc-128 of size 128 [ 21.180947] The buggy address is located 0 bytes to the right of [ 21.180947] allocated 120-byte region [fff00000c7893200, fff00000c7893278) [ 21.181162] [ 21.181214] The buggy address belongs to the physical page: [ 21.181287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.181772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.181961] page_type: f5(slab) [ 21.182058] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.182456] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.182645] page dumped because: kasan: bad access detected [ 21.182846] [ 21.182897] Memory state around the buggy address: [ 21.182984] fff00000c7893100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.183090] fff00000c7893180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.183192] >fff00000c7893200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.183275] ^ [ 21.183359] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.183452] fff00000c7893300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.183543] ==================================================================
[ 14.949733] ================================================================== [ 14.950938] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 14.951494] Read of size 8 at addr ffff888102826b78 by task kunit_try_catch/299 [ 14.951794] [ 14.951983] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 14.952032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.952046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.952070] Call Trace: [ 14.952084] <TASK> [ 14.952102] dump_stack_lvl+0x73/0xb0 [ 14.952133] print_report+0xd1/0x650 [ 14.952160] ? __virt_addr_valid+0x1db/0x2d0 [ 14.952207] ? copy_to_kernel_nofault+0x225/0x260 [ 14.952232] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.952257] ? copy_to_kernel_nofault+0x225/0x260 [ 14.952328] kasan_report+0x141/0x180 [ 14.952354] ? copy_to_kernel_nofault+0x225/0x260 [ 14.952395] __asan_report_load8_noabort+0x18/0x20 [ 14.952418] copy_to_kernel_nofault+0x225/0x260 [ 14.952444] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 14.952470] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.952494] ? finish_task_switch.isra.0+0x153/0x700 [ 14.952519] ? __schedule+0x10cc/0x2b60 [ 14.952545] ? trace_hardirqs_on+0x37/0xe0 [ 14.952577] ? __pfx_read_tsc+0x10/0x10 [ 14.952600] ? ktime_get_ts64+0x86/0x230 [ 14.952627] kunit_try_run_case+0x1a5/0x480 [ 14.952651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.952671] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.952698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.952732] ? __kthread_parkme+0x82/0x180 [ 14.952754] ? preempt_count_sub+0x50/0x80 [ 14.952778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.952800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.952825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.952851] kthread+0x337/0x6f0 [ 14.952872] ? trace_preempt_on+0x20/0xc0 [ 14.952895] ? __pfx_kthread+0x10/0x10 [ 14.952917] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.952941] ? calculate_sigpending+0x7b/0xa0 [ 14.952967] ? __pfx_kthread+0x10/0x10 [ 14.952989] ret_from_fork+0x116/0x1d0 [ 14.953046] ? __pfx_kthread+0x10/0x10 [ 14.953069] ret_from_fork_asm+0x1a/0x30 [ 14.953101] </TASK> [ 14.953113] [ 14.966737] Allocated by task 299: [ 14.966877] kasan_save_stack+0x45/0x70 [ 14.967108] kasan_save_track+0x18/0x40 [ 14.967475] kasan_save_alloc_info+0x3b/0x50 [ 14.967870] __kasan_kmalloc+0xb7/0xc0 [ 14.968237] __kmalloc_cache_noprof+0x189/0x420 [ 14.968690] copy_to_kernel_nofault_oob+0x12f/0x560 [ 14.969205] kunit_try_run_case+0x1a5/0x480 [ 14.969658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.969931] kthread+0x337/0x6f0 [ 14.970271] ret_from_fork+0x116/0x1d0 [ 14.970695] ret_from_fork_asm+0x1a/0x30 [ 14.971200] [ 14.971362] The buggy address belongs to the object at ffff888102826b00 [ 14.971362] which belongs to the cache kmalloc-128 of size 128 [ 14.971777] The buggy address is located 0 bytes to the right of [ 14.971777] allocated 120-byte region [ffff888102826b00, ffff888102826b78) [ 14.973023] [ 14.973190] The buggy address belongs to the physical page: [ 14.973668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102826 [ 14.974338] flags: 0x200000000000000(node=0|zone=2) [ 14.974524] page_type: f5(slab) [ 14.974654] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.975289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.976094] page dumped because: kasan: bad access detected [ 14.976666] [ 14.976832] Memory state around the buggy address: [ 14.977356] ffff888102826a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.977831] ffff888102826a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.978115] >ffff888102826b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.978731] ^ [ 14.979441] ffff888102826b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.979930] ffff888102826c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.980305] ================================================================== [ 14.981426] ================================================================== [ 14.982424] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 14.983189] Write of size 8 at addr ffff888102826b78 by task kunit_try_catch/299 [ 14.984002] [ 14.984132] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 14.984179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.984193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.984216] Call Trace: [ 14.984230] <TASK> [ 14.984246] dump_stack_lvl+0x73/0xb0 [ 14.984274] print_report+0xd1/0x650 [ 14.984297] ? __virt_addr_valid+0x1db/0x2d0 [ 14.984394] ? copy_to_kernel_nofault+0x99/0x260 [ 14.984427] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.984472] ? copy_to_kernel_nofault+0x99/0x260 [ 14.984498] kasan_report+0x141/0x180 [ 14.984522] ? copy_to_kernel_nofault+0x99/0x260 [ 14.984551] kasan_check_range+0x10c/0x1c0 [ 14.984577] __kasan_check_write+0x18/0x20 [ 14.984597] copy_to_kernel_nofault+0x99/0x260 [ 14.984623] copy_to_kernel_nofault_oob+0x288/0x560 [ 14.984649] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.984673] ? finish_task_switch.isra.0+0x153/0x700 [ 14.984697] ? __schedule+0x10cc/0x2b60 [ 14.984721] ? trace_hardirqs_on+0x37/0xe0 [ 14.984753] ? __pfx_read_tsc+0x10/0x10 [ 14.984775] ? ktime_get_ts64+0x86/0x230 [ 14.984800] kunit_try_run_case+0x1a5/0x480 [ 14.984822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.984843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.984871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.984898] ? __kthread_parkme+0x82/0x180 [ 14.984920] ? preempt_count_sub+0x50/0x80 [ 14.984945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.984966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.984991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.985058] kthread+0x337/0x6f0 [ 14.985079] ? trace_preempt_on+0x20/0xc0 [ 14.985102] ? __pfx_kthread+0x10/0x10 [ 14.985124] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.985148] ? calculate_sigpending+0x7b/0xa0 [ 14.985173] ? __pfx_kthread+0x10/0x10 [ 14.985196] ret_from_fork+0x116/0x1d0 [ 14.985215] ? __pfx_kthread+0x10/0x10 [ 14.985237] ret_from_fork_asm+0x1a/0x30 [ 14.985268] </TASK> [ 14.985280] [ 14.994812] Allocated by task 299: [ 14.995004] kasan_save_stack+0x45/0x70 [ 14.995220] kasan_save_track+0x18/0x40 [ 14.995501] kasan_save_alloc_info+0x3b/0x50 [ 14.995716] __kasan_kmalloc+0xb7/0xc0 [ 14.995927] __kmalloc_cache_noprof+0x189/0x420 [ 14.996133] copy_to_kernel_nofault_oob+0x12f/0x560 [ 14.996397] kunit_try_run_case+0x1a5/0x480 [ 14.996607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.996990] kthread+0x337/0x6f0 [ 14.997173] ret_from_fork+0x116/0x1d0 [ 14.997468] ret_from_fork_asm+0x1a/0x30 [ 14.997687] [ 14.997807] The buggy address belongs to the object at ffff888102826b00 [ 14.997807] which belongs to the cache kmalloc-128 of size 128 [ 14.998424] The buggy address is located 0 bytes to the right of [ 14.998424] allocated 120-byte region [ffff888102826b00, ffff888102826b78) [ 14.999151] [ 14.999299] The buggy address belongs to the physical page: [ 14.999638] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102826 [ 15.000049] flags: 0x200000000000000(node=0|zone=2) [ 15.000436] page_type: f5(slab) [ 15.000614] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.000962] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.001551] page dumped because: kasan: bad access detected [ 15.001847] [ 15.001926] Memory state around the buggy address: [ 15.002262] ffff888102826a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.002508] ffff888102826a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.002745] >ffff888102826b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.003146] ^ [ 15.003502] ffff888102826b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.004534] ffff888102826c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.005093] ==================================================================