Date
June 17, 2025, 3:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.044356] ================================================================== [ 26.044552] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 26.045245] Write of size 8 at addr fff00000c73ad878 by task kunit_try_catch/283 [ 26.045579] [ 26.045836] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.046257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.046353] Hardware name: linux,dummy-virt (DT) [ 26.046606] Call trace: [ 26.046739] show_stack+0x20/0x38 (C) [ 26.047057] dump_stack_lvl+0x8c/0xd0 [ 26.047373] print_report+0x118/0x608 [ 26.047748] kasan_report+0xdc/0x128 [ 26.048065] kasan_check_range+0x100/0x1a8 [ 26.048472] __kasan_check_write+0x20/0x30 [ 26.048683] copy_to_kernel_nofault+0x8c/0x250 [ 26.048996] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 26.049270] kunit_try_run_case+0x170/0x3f0 [ 26.049449] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.049786] kthread+0x328/0x630 [ 26.049965] ret_from_fork+0x10/0x20 [ 26.050080] [ 26.050129] Allocated by task 283: [ 26.050521] kasan_save_stack+0x3c/0x68 [ 26.050771] kasan_save_track+0x20/0x40 [ 26.050962] kasan_save_alloc_info+0x40/0x58 [ 26.051215] __kasan_kmalloc+0xd4/0xd8 [ 26.051374] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.051484] copy_to_kernel_nofault_oob+0xc8/0x418 [ 26.051589] kunit_try_run_case+0x170/0x3f0 [ 26.051701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.052301] kthread+0x328/0x630 [ 26.052448] ret_from_fork+0x10/0x20 [ 26.052544] [ 26.052603] The buggy address belongs to the object at fff00000c73ad800 [ 26.052603] which belongs to the cache kmalloc-128 of size 128 [ 26.052765] The buggy address is located 0 bytes to the right of [ 26.052765] allocated 120-byte region [fff00000c73ad800, fff00000c73ad878) [ 26.052928] [ 26.052984] The buggy address belongs to the physical page: [ 26.053068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.053206] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.053373] page_type: f5(slab) [ 26.053897] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.054019] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.054103] page dumped because: kasan: bad access detected [ 26.054198] [ 26.054243] Memory state around the buggy address: [ 26.054316] fff00000c73ad700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.054426] fff00000c73ad780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.055303] >fff00000c73ad800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.055529] ^ [ 26.055647] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.055781] fff00000c73ad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.055908] ================================================================== [ 26.028897] ================================================================== [ 26.029517] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 26.029787] Read of size 8 at addr fff00000c73ad878 by task kunit_try_catch/283 [ 26.029924] [ 26.030328] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.030789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.030936] Hardware name: linux,dummy-virt (DT) [ 26.031038] Call trace: [ 26.031183] show_stack+0x20/0x38 (C) [ 26.031740] dump_stack_lvl+0x8c/0xd0 [ 26.031990] print_report+0x118/0x608 [ 26.032153] kasan_report+0xdc/0x128 [ 26.032270] __asan_report_load8_noabort+0x20/0x30 [ 26.032856] copy_to_kernel_nofault+0x204/0x250 [ 26.033095] copy_to_kernel_nofault_oob+0x158/0x418 [ 26.033366] kunit_try_run_case+0x170/0x3f0 [ 26.033613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.033787] kthread+0x328/0x630 [ 26.033884] ret_from_fork+0x10/0x20 [ 26.033983] [ 26.034031] Allocated by task 283: [ 26.034108] kasan_save_stack+0x3c/0x68 [ 26.034738] kasan_save_track+0x20/0x40 [ 26.034968] kasan_save_alloc_info+0x40/0x58 [ 26.035163] __kasan_kmalloc+0xd4/0xd8 [ 26.035268] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.035464] copy_to_kernel_nofault_oob+0xc8/0x418 [ 26.035576] kunit_try_run_case+0x170/0x3f0 [ 26.036127] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.036347] kthread+0x328/0x630 [ 26.036492] ret_from_fork+0x10/0x20 [ 26.036656] [ 26.036745] The buggy address belongs to the object at fff00000c73ad800 [ 26.036745] which belongs to the cache kmalloc-128 of size 128 [ 26.037168] The buggy address is located 0 bytes to the right of [ 26.037168] allocated 120-byte region [fff00000c73ad800, fff00000c73ad878) [ 26.037472] [ 26.037756] The buggy address belongs to the physical page: [ 26.037880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.038012] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.038132] page_type: f5(slab) [ 26.038374] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.038642] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.038907] page dumped because: kasan: bad access detected [ 26.039148] [ 26.039235] Memory state around the buggy address: [ 26.039328] fff00000c73ad700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.039706] fff00000c73ad780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.039855] >fff00000c73ad800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.039969] ^ [ 26.040204] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.040420] fff00000c73ad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.040654] ==================================================================
[ 26.571839] ================================================================== [ 26.572972] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 26.573615] Read of size 8 at addr ffff8881030b5978 by task kunit_try_catch/301 [ 26.574211] [ 26.575499] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 26.575634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.575680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.575743] Call Trace: [ 26.575791] <TASK> [ 26.575849] dump_stack_lvl+0x73/0xb0 [ 26.575964] print_report+0xd1/0x650 [ 26.576068] ? __virt_addr_valid+0x1db/0x2d0 [ 26.576176] ? copy_to_kernel_nofault+0x225/0x260 [ 26.576281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.576354] ? copy_to_kernel_nofault+0x225/0x260 [ 26.576390] kasan_report+0x141/0x180 [ 26.576429] ? copy_to_kernel_nofault+0x225/0x260 [ 26.576469] __asan_report_load8_noabort+0x18/0x20 [ 26.576503] copy_to_kernel_nofault+0x225/0x260 [ 26.576538] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 26.576578] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.576615] ? finish_task_switch.isra.0+0x153/0x700 [ 26.576656] ? __schedule+0x10cc/0x2b60 [ 26.576692] ? trace_hardirqs_on+0x37/0xe0 [ 26.576741] ? __pfx_read_tsc+0x10/0x10 [ 26.576774] ? ktime_get_ts64+0x86/0x230 [ 26.576817] kunit_try_run_case+0x1a5/0x480 [ 26.576856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.576891] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.576929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.577017] ? __kthread_parkme+0x82/0x180 [ 26.577108] ? preempt_count_sub+0x50/0x80 [ 26.577152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.577192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.577230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.577269] kthread+0x337/0x6f0 [ 26.577321] ? trace_preempt_on+0x20/0xc0 [ 26.577364] ? __pfx_kthread+0x10/0x10 [ 26.577394] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.577429] ? calculate_sigpending+0x7b/0xa0 [ 26.577464] ? __pfx_kthread+0x10/0x10 [ 26.577492] ret_from_fork+0x41/0x80 [ 26.577527] ? __pfx_kthread+0x10/0x10 [ 26.577555] ret_from_fork_asm+0x1a/0x30 [ 26.577602] </TASK> [ 26.577620] [ 26.599602] Allocated by task 301: [ 26.599940] kasan_save_stack+0x45/0x70 [ 26.601131] kasan_save_track+0x18/0x40 [ 26.601971] kasan_save_alloc_info+0x3b/0x50 [ 26.602353] __kasan_kmalloc+0xb7/0xc0 [ 26.602752] __kmalloc_cache_noprof+0x189/0x420 [ 26.603190] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.603681] kunit_try_run_case+0x1a5/0x480 [ 26.604375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.604843] kthread+0x337/0x6f0 [ 26.605436] ret_from_fork+0x41/0x80 [ 26.605774] ret_from_fork_asm+0x1a/0x30 [ 26.606362] [ 26.606764] The buggy address belongs to the object at ffff8881030b5900 [ 26.606764] which belongs to the cache kmalloc-128 of size 128 [ 26.607778] The buggy address is located 0 bytes to the right of [ 26.607778] allocated 120-byte region [ffff8881030b5900, ffff8881030b5978) [ 26.608711] [ 26.608950] The buggy address belongs to the physical page: [ 26.609515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030b5 [ 26.610059] flags: 0x200000000000000(node=0|zone=2) [ 26.610756] page_type: f5(slab) [ 26.611243] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.611806] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.612805] page dumped because: kasan: bad access detected [ 26.613398] [ 26.613625] Memory state around the buggy address: [ 26.614140] ffff8881030b5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.614758] ffff8881030b5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.615383] >ffff8881030b5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.615930] ^ [ 26.616419] ffff8881030b5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.617210] ffff8881030b5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.617946] ================================================================== [ 26.619729] ================================================================== [ 26.620394] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.621012] Write of size 8 at addr ffff8881030b5978 by task kunit_try_catch/301 [ 26.621663] [ 26.621946] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 26.622085] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.622127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.622188] Call Trace: [ 26.622232] <TASK> [ 26.622285] dump_stack_lvl+0x73/0xb0 [ 26.623537] print_report+0xd1/0x650 [ 26.623626] ? __virt_addr_valid+0x1db/0x2d0 [ 26.623706] ? copy_to_kernel_nofault+0x99/0x260 [ 26.623784] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.623869] ? copy_to_kernel_nofault+0x99/0x260 [ 26.623962] kasan_report+0x141/0x180 [ 26.624047] ? copy_to_kernel_nofault+0x99/0x260 [ 26.624135] kasan_check_range+0x10c/0x1c0 [ 26.624212] __kasan_check_write+0x18/0x20 [ 26.624308] copy_to_kernel_nofault+0x99/0x260 [ 26.624394] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.625230] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.625274] ? finish_task_switch.isra.0+0x153/0x700 [ 26.625348] ? __schedule+0x10cc/0x2b60 [ 26.625389] ? trace_hardirqs_on+0x37/0xe0 [ 26.625440] ? __pfx_read_tsc+0x10/0x10 [ 26.625475] ? ktime_get_ts64+0x86/0x230 [ 26.625517] kunit_try_run_case+0x1a5/0x480 [ 26.625558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.625595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.625636] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.625674] ? __kthread_parkme+0x82/0x180 [ 26.625710] ? preempt_count_sub+0x50/0x80 [ 26.625748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.625787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.625825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.625864] kthread+0x337/0x6f0 [ 26.625891] ? trace_preempt_on+0x20/0xc0 [ 26.625929] ? __pfx_kthread+0x10/0x10 [ 26.626025] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.626111] ? calculate_sigpending+0x7b/0xa0 [ 26.626153] ? __pfx_kthread+0x10/0x10 [ 26.626185] ret_from_fork+0x41/0x80 [ 26.626223] ? __pfx_kthread+0x10/0x10 [ 26.626254] ret_from_fork_asm+0x1a/0x30 [ 26.626324] </TASK> [ 26.626345] [ 26.643005] Allocated by task 301: [ 26.643368] kasan_save_stack+0x45/0x70 [ 26.643712] kasan_save_track+0x18/0x40 [ 26.644053] kasan_save_alloc_info+0x3b/0x50 [ 26.644584] __kasan_kmalloc+0xb7/0xc0 [ 26.645459] __kmalloc_cache_noprof+0x189/0x420 [ 26.646601] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.647506] kunit_try_run_case+0x1a5/0x480 [ 26.648625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.649732] kthread+0x337/0x6f0 [ 26.650428] ret_from_fork+0x41/0x80 [ 26.650749] ret_from_fork_asm+0x1a/0x30 [ 26.651807] [ 26.652245] The buggy address belongs to the object at ffff8881030b5900 [ 26.652245] which belongs to the cache kmalloc-128 of size 128 [ 26.655023] The buggy address is located 0 bytes to the right of [ 26.655023] allocated 120-byte region [ffff8881030b5900, ffff8881030b5978) [ 26.656486] [ 26.656656] The buggy address belongs to the physical page: [ 26.657028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030b5 [ 26.657674] flags: 0x200000000000000(node=0|zone=2) [ 26.658356] page_type: f5(slab) [ 26.658729] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.659428] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.659907] page dumped because: kasan: bad access detected [ 26.660436] [ 26.660828] Memory state around the buggy address: [ 26.661497] ffff8881030b5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.662404] ffff8881030b5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.663134] >ffff8881030b5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.663805] ^ [ 26.664653] ffff8881030b5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.665143] ffff8881030b5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.665838] ==================================================================