Date
May 12, 2025, 6:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.474291] ================================================================== [ 22.475511] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 22.476172] Read of size 8 at addr fff00000c5a05c78 by task kunit_try_catch/270 [ 22.476423] [ 22.476553] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.476659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.476697] Hardware name: linux,dummy-virt (DT) [ 22.476810] Call trace: [ 22.476892] show_stack+0x20/0x38 (C) [ 22.476979] dump_stack_lvl+0x8c/0xd0 [ 22.477041] print_report+0x118/0x608 [ 22.477101] kasan_report+0xdc/0x128 [ 22.477158] __asan_report_load8_noabort+0x20/0x30 [ 22.477215] copy_to_kernel_nofault+0x204/0x250 [ 22.477276] copy_to_kernel_nofault_oob+0x158/0x418 [ 22.477335] kunit_try_run_case+0x170/0x3f0 [ 22.477395] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.477455] kthread+0x318/0x620 [ 22.477510] ret_from_fork+0x10/0x20 [ 22.477566] [ 22.480834] Allocated by task 270: [ 22.481142] kasan_save_stack+0x3c/0x68 [ 22.481462] kasan_save_track+0x20/0x40 [ 22.481825] kasan_save_alloc_info+0x40/0x58 [ 22.482094] __kasan_kmalloc+0xd4/0xd8 [ 22.482320] __kmalloc_cache_noprof+0x15c/0x3c0 [ 22.482664] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.482970] kunit_try_run_case+0x170/0x3f0 [ 22.483348] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.483652] kthread+0x318/0x620 [ 22.483905] ret_from_fork+0x10/0x20 [ 22.484144] [ 22.484333] The buggy address belongs to the object at fff00000c5a05c00 [ 22.484333] which belongs to the cache kmalloc-128 of size 128 [ 22.484974] The buggy address is located 0 bytes to the right of [ 22.484974] allocated 120-byte region [fff00000c5a05c00, fff00000c5a05c78) [ 22.485556] [ 22.485757] The buggy address belongs to the physical page: [ 22.486092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a05 [ 22.486495] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.487051] page_type: f5(slab) [ 22.487296] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.487838] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.488332] page dumped because: kasan: bad access detected [ 22.488646] [ 22.488854] Memory state around the buggy address: [ 22.489145] fff00000c5a05b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.489571] fff00000c5a05b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.489953] >fff00000c5a05c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.490346] ^ [ 22.490759] fff00000c5a05c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.491300] fff00000c5a05d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.491622] ================================================================== [ 22.492953] ================================================================== [ 22.493390] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 22.493794] Write of size 8 at addr fff00000c5a05c78 by task kunit_try_catch/270 [ 22.494263] [ 22.494423] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.494560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.494598] Hardware name: linux,dummy-virt (DT) [ 22.494641] Call trace: [ 22.494673] show_stack+0x20/0x38 (C) [ 22.494748] dump_stack_lvl+0x8c/0xd0 [ 22.494812] print_report+0x118/0x608 [ 22.494869] kasan_report+0xdc/0x128 [ 22.494925] kasan_check_range+0x100/0x1a8 [ 22.494983] __kasan_check_write+0x20/0x30 [ 22.495039] copy_to_kernel_nofault+0x8c/0x250 [ 22.495098] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 22.495157] kunit_try_run_case+0x170/0x3f0 [ 22.495214] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.495276] kthread+0x318/0x620 [ 22.495330] ret_from_fork+0x10/0x20 [ 22.495386] [ 22.498620] Allocated by task 270: [ 22.498816] kasan_save_stack+0x3c/0x68 [ 22.499184] kasan_save_track+0x20/0x40 [ 22.499407] kasan_save_alloc_info+0x40/0x58 [ 22.499681] __kasan_kmalloc+0xd4/0xd8 [ 22.499869] __kmalloc_cache_noprof+0x15c/0x3c0 [ 22.500250] copy_to_kernel_nofault_oob+0xc8/0x418 [ 22.500529] kunit_try_run_case+0x170/0x3f0 [ 22.500698] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.501248] kthread+0x318/0x620 [ 22.501595] ret_from_fork+0x10/0x20 [ 22.501877] [ 22.501982] The buggy address belongs to the object at fff00000c5a05c00 [ 22.501982] which belongs to the cache kmalloc-128 of size 128 [ 22.502939] The buggy address is located 0 bytes to the right of [ 22.502939] allocated 120-byte region [fff00000c5a05c00, fff00000c5a05c78) [ 22.503453] [ 22.503710] The buggy address belongs to the physical page: [ 22.504110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a05 [ 22.504594] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.504988] page_type: f5(slab) [ 22.505216] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.505570] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.506060] page dumped because: kasan: bad access detected [ 22.506269] [ 22.506429] Memory state around the buggy address: [ 22.506709] fff00000c5a05b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.507103] fff00000c5a05b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.507342] >fff00000c5a05c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.508454] ^ [ 22.509098] fff00000c5a05c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.509542] fff00000c5a05d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.509994] ==================================================================
[ 16.185735] ================================================================== [ 16.187056] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.187464] Read of size 8 at addr ffff888102addd78 by task kunit_try_catch/289 [ 16.187700] [ 16.187793] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.187854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.187869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.187895] Call Trace: [ 16.187912] <TASK> [ 16.187934] dump_stack_lvl+0x73/0xb0 [ 16.187969] print_report+0xd1/0x650 [ 16.187994] ? __virt_addr_valid+0x1db/0x2d0 [ 16.188020] ? copy_to_kernel_nofault+0x225/0x260 [ 16.188044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.188072] ? copy_to_kernel_nofault+0x225/0x260 [ 16.188097] kasan_report+0x140/0x180 [ 16.188119] ? copy_to_kernel_nofault+0x225/0x260 [ 16.188149] __asan_report_load8_noabort+0x18/0x20 [ 16.188172] copy_to_kernel_nofault+0x225/0x260 [ 16.188198] copy_to_kernel_nofault_oob+0x1ee/0x560 [ 16.188222] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.188245] ? finish_task_switch.isra.0+0x153/0x700 [ 16.188272] ? __schedule+0xce8/0x2840 [ 16.188299] ? trace_hardirqs_on+0x37/0xe0 [ 16.188332] ? __pfx_read_tsc+0x10/0x10 [ 16.188356] ? ktime_get_ts64+0x86/0x230 [ 16.188384] kunit_try_run_case+0x1a6/0x480 [ 16.188410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.188433] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.188456] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.188482] ? __kthread_parkme+0x82/0x160 [ 16.188507] ? preempt_count_sub+0x50/0x80 [ 16.188531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.188555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.188582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.188609] kthread+0x324/0x6e0 [ 16.188631] ? trace_preempt_on+0x20/0xc0 [ 16.188655] ? __pfx_kthread+0x10/0x10 [ 16.188679] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.188704] ? calculate_sigpending+0x7b/0xa0 [ 16.188727] ? __pfx_kthread+0x10/0x10 [ 16.188750] ret_from_fork+0x41/0x80 [ 16.188771] ? __pfx_kthread+0x10/0x10 [ 16.188794] ret_from_fork_asm+0x1a/0x30 [ 16.188828] </TASK> [ 16.188850] [ 16.198621] Allocated by task 289: [ 16.198793] kasan_save_stack+0x45/0x70 [ 16.198971] kasan_save_track+0x18/0x40 [ 16.199339] kasan_save_alloc_info+0x3b/0x50 [ 16.199529] __kasan_kmalloc+0xb7/0xc0 [ 16.199665] __kmalloc_cache_noprof+0x18a/0x420 [ 16.199824] copy_to_kernel_nofault_oob+0x130/0x560 [ 16.200244] kunit_try_run_case+0x1a6/0x480 [ 16.200455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.200701] kthread+0x324/0x6e0 [ 16.200887] ret_from_fork+0x41/0x80 [ 16.201092] ret_from_fork_asm+0x1a/0x30 [ 16.201304] [ 16.201395] The buggy address belongs to the object at ffff888102addd00 [ 16.201395] which belongs to the cache kmalloc-128 of size 128 [ 16.201832] The buggy address is located 0 bytes to the right of [ 16.201832] allocated 120-byte region [ffff888102addd00, ffff888102addd78) [ 16.202353] [ 16.202429] The buggy address belongs to the physical page: [ 16.202610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.202865] flags: 0x200000000000000(node=0|zone=2) [ 16.203289] page_type: f5(slab) [ 16.203477] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.203739] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.203980] page dumped because: kasan: bad access detected [ 16.204420] [ 16.204516] Memory state around the buggy address: [ 16.204897] ffff888102addc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.205353] ffff888102addc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.205572] >ffff888102addd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.205790] ^ [ 16.206233] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.206680] ffff888102adde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.206927] ================================================================== [ 16.208027] ================================================================== [ 16.208329] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.208642] Write of size 8 at addr ffff888102addd78 by task kunit_try_catch/289 [ 16.208905] [ 16.208998] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.209060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.209074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.209098] Call Trace: [ 16.209113] <TASK> [ 16.209146] dump_stack_lvl+0x73/0xb0 [ 16.209175] print_report+0xd1/0x650 [ 16.209200] ? __virt_addr_valid+0x1db/0x2d0 [ 16.209225] ? copy_to_kernel_nofault+0x99/0x260 [ 16.209249] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.209276] ? copy_to_kernel_nofault+0x99/0x260 [ 16.209300] kasan_report+0x140/0x180 [ 16.209324] ? copy_to_kernel_nofault+0x99/0x260 [ 16.209352] kasan_check_range+0x10c/0x1c0 [ 16.209376] __kasan_check_write+0x18/0x20 [ 16.209399] copy_to_kernel_nofault+0x99/0x260 [ 16.209424] copy_to_kernel_nofault_oob+0x289/0x560 [ 16.209448] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.209472] ? finish_task_switch.isra.0+0x153/0x700 [ 16.209497] ? __schedule+0xce8/0x2840 [ 16.209522] ? trace_hardirqs_on+0x37/0xe0 [ 16.209554] ? __pfx_read_tsc+0x10/0x10 [ 16.209578] ? ktime_get_ts64+0x86/0x230 [ 16.209604] kunit_try_run_case+0x1a6/0x480 [ 16.209629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.209653] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.209675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.209701] ? __kthread_parkme+0x82/0x160 [ 16.209725] ? preempt_count_sub+0x50/0x80 [ 16.209759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.209785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.209814] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.209854] kthread+0x324/0x6e0 [ 16.209880] ? trace_preempt_on+0x20/0xc0 [ 16.209906] ? __pfx_kthread+0x10/0x10 [ 16.209930] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.209955] ? calculate_sigpending+0x7b/0xa0 [ 16.209979] ? __pfx_kthread+0x10/0x10 [ 16.210003] ret_from_fork+0x41/0x80 [ 16.210025] ? __pfx_kthread+0x10/0x10 [ 16.210048] ret_from_fork_asm+0x1a/0x30 [ 16.210081] </TASK> [ 16.210095] [ 16.218195] Allocated by task 289: [ 16.218352] kasan_save_stack+0x45/0x70 [ 16.218509] kasan_save_track+0x18/0x40 [ 16.218796] kasan_save_alloc_info+0x3b/0x50 [ 16.219016] __kasan_kmalloc+0xb7/0xc0 [ 16.219204] __kmalloc_cache_noprof+0x18a/0x420 [ 16.219403] copy_to_kernel_nofault_oob+0x130/0x560 [ 16.219610] kunit_try_run_case+0x1a6/0x480 [ 16.219961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.220325] kthread+0x324/0x6e0 [ 16.220469] ret_from_fork+0x41/0x80 [ 16.220712] ret_from_fork_asm+0x1a/0x30 [ 16.220869] [ 16.220969] The buggy address belongs to the object at ffff888102addd00 [ 16.220969] which belongs to the cache kmalloc-128 of size 128 [ 16.221563] The buggy address is located 0 bytes to the right of [ 16.221563] allocated 120-byte region [ffff888102addd00, ffff888102addd78) [ 16.221964] [ 16.222040] The buggy address belongs to the physical page: [ 16.222215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.222772] flags: 0x200000000000000(node=0|zone=2) [ 16.223280] page_type: f5(slab) [ 16.223419] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.223690] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.224189] page dumped because: kasan: bad access detected [ 16.224400] [ 16.224494] Memory state around the buggy address: [ 16.224682] ffff888102addc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.224968] ffff888102addc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.225429] >ffff888102addd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.225748] ^ [ 16.226075] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.226371] ffff888102adde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.226654] ==================================================================