Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.987655] ================================================================== [ 26.987786] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 26.987925] Write of size 8 at addr fff00000c7732278 by task kunit_try_catch/285 [ 26.988059] [ 26.988147] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 26.988361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.988745] Hardware name: linux,dummy-virt (DT) [ 26.989037] Call trace: [ 26.989105] show_stack+0x20/0x38 (C) [ 26.989228] dump_stack_lvl+0x8c/0xd0 [ 26.989543] print_report+0x118/0x608 [ 26.989729] kasan_report+0xdc/0x128 [ 26.990416] kasan_check_range+0x100/0x1a8 [ 26.990909] __kasan_check_write+0x20/0x30 [ 26.991165] copy_to_kernel_nofault+0x8c/0x250 [ 26.991624] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 26.992077] kunit_try_run_case+0x170/0x3f0 [ 26.992339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.992781] kthread+0x328/0x630 [ 26.992907] ret_from_fork+0x10/0x20 [ 26.993044] [ 26.993097] Allocated by task 285: [ 26.993273] kasan_save_stack+0x3c/0x68 [ 26.993594] kasan_save_track+0x20/0x40 [ 26.993806] kasan_save_alloc_info+0x40/0x58 [ 26.994014] __kasan_kmalloc+0xd4/0xd8 [ 26.994188] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.994564] copy_to_kernel_nofault_oob+0xc8/0x418 [ 26.994961] kunit_try_run_case+0x170/0x3f0 [ 26.995064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.995171] kthread+0x328/0x630 [ 26.995256] ret_from_fork+0x10/0x20 [ 26.996291] [ 26.996372] The buggy address belongs to the object at fff00000c7732200 [ 26.996372] which belongs to the cache kmalloc-128 of size 128 [ 26.996657] The buggy address is located 0 bytes to the right of [ 26.996657] allocated 120-byte region [fff00000c7732200, fff00000c7732278) [ 26.997142] [ 26.997568] The buggy address belongs to the physical page: [ 26.997675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 26.997824] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.998717] page_type: f5(slab) [ 26.999016] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.999811] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.000020] page dumped because: kasan: bad access detected [ 27.000295] [ 27.000579] Memory state around the buggy address: [ 27.000688] fff00000c7732100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.000872] fff00000c7732180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.001106] >fff00000c7732200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.001251] ^ [ 27.001371] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.001505] fff00000c7732300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.001616] ================================================================== [ 26.976953] ================================================================== [ 26.977468] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 26.977734] Read of size 8 at addr fff00000c7732278 by task kunit_try_catch/285 [ 26.977892] [ 26.977992] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 26.978316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.978466] Hardware name: linux,dummy-virt (DT) [ 26.978543] Call trace: [ 26.978606] show_stack+0x20/0x38 (C) [ 26.979027] dump_stack_lvl+0x8c/0xd0 [ 26.979175] print_report+0x118/0x608 [ 26.979310] kasan_report+0xdc/0x128 [ 26.979434] __asan_report_load8_noabort+0x20/0x30 [ 26.979573] copy_to_kernel_nofault+0x204/0x250 [ 26.979722] copy_to_kernel_nofault_oob+0x158/0x418 [ 26.980075] kunit_try_run_case+0x170/0x3f0 [ 26.980185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.980417] kthread+0x328/0x630 [ 26.980594] ret_from_fork+0x10/0x20 [ 26.980775] [ 26.980826] Allocated by task 285: [ 26.980920] kasan_save_stack+0x3c/0x68 [ 26.981066] kasan_save_track+0x20/0x40 [ 26.981195] kasan_save_alloc_info+0x40/0x58 [ 26.981348] __kasan_kmalloc+0xd4/0xd8 [ 26.981452] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.981573] copy_to_kernel_nofault_oob+0xc8/0x418 [ 26.981729] kunit_try_run_case+0x170/0x3f0 [ 26.981862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.982021] kthread+0x328/0x630 [ 26.982116] ret_from_fork+0x10/0x20 [ 26.982223] [ 26.982313] The buggy address belongs to the object at fff00000c7732200 [ 26.982313] which belongs to the cache kmalloc-128 of size 128 [ 26.982520] The buggy address is located 0 bytes to the right of [ 26.982520] allocated 120-byte region [fff00000c7732200, fff00000c7732278) [ 26.982917] [ 26.982986] The buggy address belongs to the physical page: [ 26.983245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 26.983413] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.983553] page_type: f5(slab) [ 26.983671] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.983789] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.983899] page dumped because: kasan: bad access detected [ 26.983988] [ 26.984046] Memory state around the buggy address: [ 26.984166] fff00000c7732100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.984272] fff00000c7732180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.984379] >fff00000c7732200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.984522] ^ [ 26.984878] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.985027] fff00000c7732300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.985170] ==================================================================
[ 18.335983] ================================================================== [ 18.336325] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 18.336929] Write of size 8 at addr ffff8881039f5178 by task kunit_try_catch/301 [ 18.337134] [ 18.337222] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.337276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.337291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.337315] Call Trace: [ 18.337337] <TASK> [ 18.337359] dump_stack_lvl+0x73/0xb0 [ 18.337393] print_report+0xd1/0x650 [ 18.337419] ? __virt_addr_valid+0x1db/0x2d0 [ 18.337442] ? copy_to_kernel_nofault+0x99/0x260 [ 18.337463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.337487] ? copy_to_kernel_nofault+0x99/0x260 [ 18.337508] kasan_report+0x141/0x180 [ 18.337530] ? copy_to_kernel_nofault+0x99/0x260 [ 18.337555] kasan_check_range+0x10c/0x1c0 [ 18.337590] __kasan_check_write+0x18/0x20 [ 18.337612] copy_to_kernel_nofault+0x99/0x260 [ 18.337712] copy_to_kernel_nofault_oob+0x288/0x560 [ 18.337738] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 18.337763] ? finish_task_switch.isra.0+0x153/0x700 [ 18.337789] ? __schedule+0x10cc/0x2b30 [ 18.337813] ? trace_hardirqs_on+0x37/0xe0 [ 18.337845] ? __pfx_read_tsc+0x10/0x10 [ 18.337866] ? ktime_get_ts64+0x86/0x230 [ 18.337894] kunit_try_run_case+0x1a5/0x480 [ 18.337919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.337941] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.337965] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.337988] ? __kthread_parkme+0x82/0x180 [ 18.338010] ? preempt_count_sub+0x50/0x80 [ 18.338034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.338058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.338080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.338103] kthread+0x337/0x6f0 [ 18.338120] ? trace_preempt_on+0x20/0xc0 [ 18.338143] ? __pfx_kthread+0x10/0x10 [ 18.338162] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.338182] ? calculate_sigpending+0x7b/0xa0 [ 18.338205] ? __pfx_kthread+0x10/0x10 [ 18.338224] ret_from_fork+0x41/0x80 [ 18.338244] ? __pfx_kthread+0x10/0x10 [ 18.338263] ret_from_fork_asm+0x1a/0x30 [ 18.338292] </TASK> [ 18.338306] [ 18.344913] Allocated by task 301: [ 18.345215] kasan_save_stack+0x45/0x70 [ 18.345484] kasan_save_track+0x18/0x40 [ 18.346066] kasan_save_alloc_info+0x3b/0x50 [ 18.346394] __kasan_kmalloc+0xb7/0xc0 [ 18.346688] __kmalloc_cache_noprof+0x189/0x420 [ 18.346884] copy_to_kernel_nofault_oob+0x12f/0x560 [ 18.347139] kunit_try_run_case+0x1a5/0x480 [ 18.347336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.347529] kthread+0x337/0x6f0 [ 18.347630] ret_from_fork+0x41/0x80 [ 18.347924] ret_from_fork_asm+0x1a/0x30 [ 18.348028] [ 18.348087] The buggy address belongs to the object at ffff8881039f5100 [ 18.348087] which belongs to the cache kmalloc-128 of size 128 [ 18.348303] The buggy address is located 0 bytes to the right of [ 18.348303] allocated 120-byte region [ffff8881039f5100, ffff8881039f5178) [ 18.348518] [ 18.348588] The buggy address belongs to the physical page: [ 18.349007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.349607] flags: 0x200000000000000(node=0|zone=2) [ 18.350034] page_type: f5(slab) [ 18.350127] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.350266] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.350400] page dumped because: kasan: bad access detected [ 18.350504] [ 18.350556] Memory state around the buggy address: [ 18.351259] ffff8881039f5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.351809] ffff8881039f5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.352366] >ffff8881039f5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.352839] ^ [ 18.353066] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.353203] ffff8881039f5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.353330] ================================================================== [ 18.319036] ================================================================== [ 18.319511] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 18.319929] Read of size 8 at addr ffff8881039f5178 by task kunit_try_catch/301 [ 18.320164] [ 18.320321] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.320383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.320409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.320436] Call Trace: [ 18.320453] <TASK> [ 18.320486] dump_stack_lvl+0x73/0xb0 [ 18.320522] print_report+0xd1/0x650 [ 18.320552] ? __virt_addr_valid+0x1db/0x2d0 [ 18.320596] ? copy_to_kernel_nofault+0x225/0x260 [ 18.320621] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.320645] ? copy_to_kernel_nofault+0x225/0x260 [ 18.320677] kasan_report+0x141/0x180 [ 18.320703] ? copy_to_kernel_nofault+0x225/0x260 [ 18.320728] __asan_report_load8_noabort+0x18/0x20 [ 18.320749] copy_to_kernel_nofault+0x225/0x260 [ 18.321059] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 18.321087] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 18.321111] ? finish_task_switch.isra.0+0x153/0x700 [ 18.321141] ? __schedule+0x10cc/0x2b30 [ 18.321164] ? trace_hardirqs_on+0x37/0xe0 [ 18.321198] ? __pfx_read_tsc+0x10/0x10 [ 18.321222] ? ktime_get_ts64+0x86/0x230 [ 18.321250] kunit_try_run_case+0x1a5/0x480 [ 18.321279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.321302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.321326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.321349] ? __kthread_parkme+0x82/0x180 [ 18.321372] ? preempt_count_sub+0x50/0x80 [ 18.321396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.321419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.321442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.321464] kthread+0x337/0x6f0 [ 18.321482] ? trace_preempt_on+0x20/0xc0 [ 18.321503] ? __pfx_kthread+0x10/0x10 [ 18.321522] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.321543] ? calculate_sigpending+0x7b/0xa0 [ 18.321577] ? __pfx_kthread+0x10/0x10 [ 18.321599] ret_from_fork+0x41/0x80 [ 18.321634] ? __pfx_kthread+0x10/0x10 [ 18.321653] ret_from_fork_asm+0x1a/0x30 [ 18.321684] </TASK> [ 18.321698] [ 18.328091] Allocated by task 301: [ 18.328231] kasan_save_stack+0x45/0x70 [ 18.328438] kasan_save_track+0x18/0x40 [ 18.328537] kasan_save_alloc_info+0x3b/0x50 [ 18.328668] __kasan_kmalloc+0xb7/0xc0 [ 18.328876] __kmalloc_cache_noprof+0x189/0x420 [ 18.329121] copy_to_kernel_nofault_oob+0x12f/0x560 [ 18.329362] kunit_try_run_case+0x1a5/0x480 [ 18.329588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.329703] kthread+0x337/0x6f0 [ 18.329924] ret_from_fork+0x41/0x80 [ 18.330230] ret_from_fork_asm+0x1a/0x30 [ 18.330338] [ 18.330453] The buggy address belongs to the object at ffff8881039f5100 [ 18.330453] which belongs to the cache kmalloc-128 of size 128 [ 18.330884] The buggy address is located 0 bytes to the right of [ 18.330884] allocated 120-byte region [ffff8881039f5100, ffff8881039f5178) [ 18.331209] [ 18.331274] The buggy address belongs to the physical page: [ 18.331384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.331536] flags: 0x200000000000000(node=0|zone=2) [ 18.331664] page_type: f5(slab) [ 18.331760] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.332017] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.332497] page dumped because: kasan: bad access detected [ 18.333167] [ 18.333288] Memory state around the buggy address: [ 18.333456] ffff8881039f5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.333990] ffff8881039f5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.334160] >ffff8881039f5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.334291] ^ [ 18.334736] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.335193] ffff8881039f5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.335422] ==================================================================