Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.918236] ================================================================== [ 30.919845] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 30.921492] Read of size 8 at addr fff00000c64f9978 by task kunit_try_catch/270 [ 30.922758] [ 30.923219] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 30.923415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.923484] Hardware name: linux,dummy-virt (DT) [ 30.923570] Call trace: [ 30.923642] show_stack+0x20/0x38 (C) [ 30.923799] dump_stack_lvl+0x8c/0xd0 [ 30.924019] print_report+0x118/0x608 [ 30.924166] kasan_report+0xdc/0x128 [ 30.924346] __asan_report_load8_noabort+0x20/0x30 [ 30.924495] copy_to_kernel_nofault+0x204/0x250 [ 30.924616] copy_to_kernel_nofault_oob+0x158/0x418 [ 30.924685] kunit_try_run_case+0x170/0x3f0 [ 30.924747] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.924814] kthread+0x318/0x620 [ 30.924873] ret_from_fork+0x10/0x20 [ 30.924974] [ 30.931943] Allocated by task 270: [ 30.932545] kasan_save_stack+0x3c/0x68 [ 30.933273] kasan_save_track+0x20/0x40 [ 30.933753] kasan_save_alloc_info+0x40/0x58 [ 30.934436] __kasan_kmalloc+0xd4/0xd8 [ 30.934976] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.935601] copy_to_kernel_nofault_oob+0xc8/0x418 [ 30.936271] kunit_try_run_case+0x170/0x3f0 [ 30.936839] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.937899] kthread+0x318/0x620 [ 30.938569] ret_from_fork+0x10/0x20 [ 30.939164] [ 30.939468] The buggy address belongs to the object at fff00000c64f9900 [ 30.939468] which belongs to the cache kmalloc-128 of size 128 [ 30.941040] The buggy address is located 0 bytes to the right of [ 30.941040] allocated 120-byte region [fff00000c64f9900, fff00000c64f9978) [ 30.942179] [ 30.942403] The buggy address belongs to the physical page: [ 30.942931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 30.943611] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.944916] page_type: f5(slab) [ 30.945526] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.946302] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.947081] page dumped because: kasan: bad access detected [ 30.947655] [ 30.947956] Memory state around the buggy address: [ 30.948520] fff00000c64f9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.949611] fff00000c64f9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.950451] >fff00000c64f9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.951067] ^ [ 30.951668] fff00000c64f9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.952970] fff00000c64f9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.953809] ================================================================== [ 30.955454] ================================================================== [ 30.956047] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 30.956724] Write of size 8 at addr fff00000c64f9978 by task kunit_try_catch/270 [ 30.958222] [ 30.958613] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 30.958805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.958877] Hardware name: linux,dummy-virt (DT) [ 30.958974] Call trace: [ 30.959032] show_stack+0x20/0x38 (C) [ 30.959154] dump_stack_lvl+0x8c/0xd0 [ 30.959276] print_report+0x118/0x608 [ 30.959426] kasan_report+0xdc/0x128 [ 30.959572] kasan_check_range+0x100/0x1a8 [ 30.959717] __kasan_check_write+0x20/0x30 [ 30.959861] copy_to_kernel_nofault+0x8c/0x250 [ 30.960030] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 30.960104] kunit_try_run_case+0x170/0x3f0 [ 30.960165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.960233] kthread+0x318/0x620 [ 30.960293] ret_from_fork+0x10/0x20 [ 30.960354] [ 30.968430] Allocated by task 270: [ 30.968786] kasan_save_stack+0x3c/0x68 [ 30.969772] kasan_save_track+0x20/0x40 [ 30.970255] kasan_save_alloc_info+0x40/0x58 [ 30.970671] __kasan_kmalloc+0xd4/0xd8 [ 30.971063] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.971499] copy_to_kernel_nofault_oob+0xc8/0x418 [ 30.972537] kunit_try_run_case+0x170/0x3f0 [ 30.973647] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.974255] kthread+0x318/0x620 [ 30.974722] ret_from_fork+0x10/0x20 [ 30.975216] [ 30.975563] The buggy address belongs to the object at fff00000c64f9900 [ 30.975563] which belongs to the cache kmalloc-128 of size 128 [ 30.976981] The buggy address is located 0 bytes to the right of [ 30.976981] allocated 120-byte region [fff00000c64f9900, fff00000c64f9978) [ 30.978170] [ 30.978466] The buggy address belongs to the physical page: [ 30.979136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 30.979970] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.980583] page_type: f5(slab) [ 30.981167] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.981959] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.982720] page dumped because: kasan: bad access detected [ 30.983340] [ 30.983637] Memory state around the buggy address: [ 30.984133] fff00000c64f9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.984914] fff00000c64f9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.985922] >fff00000c64f9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.986626] ^ [ 30.987772] fff00000c64f9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.988415] fff00000c64f9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.989173] ==================================================================
[ 23.618914] ================================================================== [ 23.619766] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 23.621475] Write of size 8 at addr ffff88810298ab78 by task kunit_try_catch/289 [ 23.622162] [ 23.622739] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 23.622840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.622888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.622931] Call Trace: [ 23.622970] <TASK> [ 23.623007] dump_stack_lvl+0x73/0xb0 [ 23.623099] print_report+0xd1/0x650 [ 23.623166] ? __virt_addr_valid+0x1db/0x2d0 [ 23.623233] ? copy_to_kernel_nofault+0x99/0x260 [ 23.623297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.623368] ? copy_to_kernel_nofault+0x99/0x260 [ 23.623428] kasan_report+0x140/0x180 [ 23.623492] ? copy_to_kernel_nofault+0x99/0x260 [ 23.623562] kasan_check_range+0x10c/0x1c0 [ 23.623624] __kasan_check_write+0x18/0x20 [ 23.623690] copy_to_kernel_nofault+0x99/0x260 [ 23.623807] copy_to_kernel_nofault_oob+0x289/0x560 [ 23.623896] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 23.623963] ? finish_task_switch.isra.0+0x153/0x700 [ 23.624030] ? __schedule+0xce8/0x2840 [ 23.624086] ? trace_hardirqs_on+0x37/0xe0 [ 23.624132] ? __pfx_read_tsc+0x10/0x10 [ 23.624165] ? ktime_get_ts64+0x86/0x230 [ 23.624201] kunit_try_run_case+0x1a6/0x480 [ 23.624236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.624266] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.624309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.624349] ? __kthread_parkme+0x82/0x160 [ 23.624383] ? preempt_count_sub+0x50/0x80 [ 23.624416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.624468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.624528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.624580] kthread+0x324/0x6e0 [ 23.624622] ? trace_preempt_on+0x20/0xc0 [ 23.624669] ? __pfx_kthread+0x10/0x10 [ 23.624701] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.624735] ? calculate_sigpending+0x7b/0xa0 [ 23.624766] ? __pfx_kthread+0x10/0x10 [ 23.624797] ret_from_fork+0x41/0x80 [ 23.624825] ? __pfx_kthread+0x10/0x10 [ 23.624877] ret_from_fork_asm+0x1a/0x30 [ 23.624921] </TASK> [ 23.624937] [ 23.642735] Allocated by task 289: [ 23.643247] kasan_save_stack+0x45/0x70 [ 23.643748] kasan_save_track+0x18/0x40 [ 23.644028] kasan_save_alloc_info+0x3b/0x50 [ 23.644396] __kasan_kmalloc+0xb7/0xc0 [ 23.644990] __kmalloc_cache_noprof+0x18a/0x420 [ 23.645617] copy_to_kernel_nofault_oob+0x130/0x560 [ 23.646313] kunit_try_run_case+0x1a6/0x480 [ 23.646728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.647273] kthread+0x324/0x6e0 [ 23.647685] ret_from_fork+0x41/0x80 [ 23.648087] ret_from_fork_asm+0x1a/0x30 [ 23.648489] [ 23.648736] The buggy address belongs to the object at ffff88810298ab00 [ 23.648736] which belongs to the cache kmalloc-128 of size 128 [ 23.650060] The buggy address is located 0 bytes to the right of [ 23.650060] allocated 120-byte region [ffff88810298ab00, ffff88810298ab78) [ 23.651119] [ 23.651360] The buggy address belongs to the physical page: [ 23.651659] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298a [ 23.652273] flags: 0x200000000000000(node=0|zone=2) [ 23.652891] page_type: f5(slab) [ 23.653266] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.654079] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.654656] page dumped because: kasan: bad access detected [ 23.655220] [ 23.655510] Memory state around the buggy address: [ 23.656129] ffff88810298aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.656898] ffff88810298aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.658146] >ffff88810298ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.658612] ^ [ 23.659139] ffff88810298ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.659659] ffff88810298ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.660247] ================================================================== [ 23.576394] ================================================================== [ 23.577537] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 23.578510] Read of size 8 at addr ffff88810298ab78 by task kunit_try_catch/289 [ 23.578964] [ 23.579121] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 23.579181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.579200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.579228] Call Trace: [ 23.579250] <TASK> [ 23.579277] dump_stack_lvl+0x73/0xb0 [ 23.579343] print_report+0xd1/0x650 [ 23.579378] ? __virt_addr_valid+0x1db/0x2d0 [ 23.579413] ? copy_to_kernel_nofault+0x225/0x260 [ 23.579448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.579484] ? copy_to_kernel_nofault+0x225/0x260 [ 23.579516] kasan_report+0x140/0x180 [ 23.579549] ? copy_to_kernel_nofault+0x225/0x260 [ 23.579588] __asan_report_load8_noabort+0x18/0x20 [ 23.579622] copy_to_kernel_nofault+0x225/0x260 [ 23.579657] copy_to_kernel_nofault_oob+0x1ee/0x560 [ 23.579699] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 23.579731] ? finish_task_switch.isra.0+0x153/0x700 [ 23.579764] ? __schedule+0xce8/0x2840 [ 23.579799] ? trace_hardirqs_on+0x37/0xe0 [ 23.579865] ? __pfx_read_tsc+0x10/0x10 [ 23.579929] ? ktime_get_ts64+0x86/0x230 [ 23.579997] kunit_try_run_case+0x1a6/0x480 [ 23.580065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.580124] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.580195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.580264] ? __kthread_parkme+0x82/0x160 [ 23.580340] ? preempt_count_sub+0x50/0x80 [ 23.580394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.580448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.580962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.581041] kthread+0x324/0x6e0 [ 23.581088] ? trace_preempt_on+0x20/0xc0 [ 23.581138] ? __pfx_kthread+0x10/0x10 [ 23.581184] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.581233] ? calculate_sigpending+0x7b/0xa0 [ 23.581278] ? __pfx_kthread+0x10/0x10 [ 23.581340] ret_from_fork+0x41/0x80 [ 23.581382] ? __pfx_kthread+0x10/0x10 [ 23.581425] ret_from_fork_asm+0x1a/0x30 [ 23.581492] </TASK> [ 23.581519] [ 23.598827] Allocated by task 289: [ 23.599113] kasan_save_stack+0x45/0x70 [ 23.599398] kasan_save_track+0x18/0x40 [ 23.599712] kasan_save_alloc_info+0x3b/0x50 [ 23.600203] __kasan_kmalloc+0xb7/0xc0 [ 23.600654] __kmalloc_cache_noprof+0x18a/0x420 [ 23.601170] copy_to_kernel_nofault_oob+0x130/0x560 [ 23.602391] kunit_try_run_case+0x1a6/0x480 [ 23.602972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.603551] kthread+0x324/0x6e0 [ 23.603908] ret_from_fork+0x41/0x80 [ 23.604376] ret_from_fork_asm+0x1a/0x30 [ 23.605166] [ 23.605455] The buggy address belongs to the object at ffff88810298ab00 [ 23.605455] which belongs to the cache kmalloc-128 of size 128 [ 23.606819] The buggy address is located 0 bytes to the right of [ 23.606819] allocated 120-byte region [ffff88810298ab00, ffff88810298ab78) [ 23.607666] [ 23.608564] The buggy address belongs to the physical page: [ 23.609187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298a [ 23.609963] flags: 0x200000000000000(node=0|zone=2) [ 23.610567] page_type: f5(slab) [ 23.610961] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.611408] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.612221] page dumped because: kasan: bad access detected [ 23.613211] [ 23.613558] Memory state around the buggy address: [ 23.613866] ffff88810298aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.614416] ffff88810298aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.615074] >ffff88810298ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.615661] ^ [ 23.616295] ffff88810298ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.617250] ffff88810298ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.617516] ==================================================================