Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 28.804294] ================================================================== [ 28.804460] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 28.804622] Read of size 8 at addr fff00000c5a7ba78 by task kunit_try_catch/283 [ 28.804764] [ 28.804861] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 28.805290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.805407] Hardware name: linux,dummy-virt (DT) [ 28.805505] Call trace: [ 28.805566] show_stack+0x20/0x38 (C) [ 28.806009] dump_stack_lvl+0x8c/0xd0 [ 28.806138] print_report+0x118/0x608 [ 28.806263] kasan_report+0xdc/0x128 [ 28.806425] __asan_report_load8_noabort+0x20/0x30 [ 28.806833] copy_to_kernel_nofault+0x204/0x250 [ 28.807814] copy_to_kernel_nofault_oob+0x158/0x418 [ 28.808399] kunit_try_run_case+0x170/0x3f0 [ 28.808972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.809220] kthread+0x328/0x630 [ 28.809569] ret_from_fork+0x10/0x20 [ 28.809803] [ 28.809869] Allocated by task 283: [ 28.809955] kasan_save_stack+0x3c/0x68 [ 28.810077] kasan_save_track+0x20/0x40 [ 28.810331] kasan_save_alloc_info+0x40/0x58 [ 28.810466] __kasan_kmalloc+0xd4/0xd8 [ 28.810787] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.810923] copy_to_kernel_nofault_oob+0xc8/0x418 [ 28.811129] kunit_try_run_case+0x170/0x3f0 [ 28.811484] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.811840] kthread+0x328/0x630 [ 28.812463] ret_from_fork+0x10/0x20 [ 28.812719] [ 28.812811] The buggy address belongs to the object at fff00000c5a7ba00 [ 28.812811] which belongs to the cache kmalloc-128 of size 128 [ 28.812985] The buggy address is located 0 bytes to the right of [ 28.812985] allocated 120-byte region [fff00000c5a7ba00, fff00000c5a7ba78) [ 28.813181] [ 28.813236] The buggy address belongs to the physical page: [ 28.813312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 28.813456] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.813625] page_type: f5(slab) [ 28.814833] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.815572] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.815711] page dumped because: kasan: bad access detected [ 28.815807] [ 28.815865] Memory state around the buggy address: [ 28.816271] fff00000c5a7b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.816501] fff00000c5a7b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.816630] >fff00000c5a7ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.816859] ^ [ 28.817257] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.818090] fff00000c5a7bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.818307] ================================================================== [ 28.819362] ================================================================== [ 28.819495] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 28.820195] Write of size 8 at addr fff00000c5a7ba78 by task kunit_try_catch/283 [ 28.820716] [ 28.820799] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 28.821284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.821360] Hardware name: linux,dummy-virt (DT) [ 28.821460] Call trace: [ 28.821519] show_stack+0x20/0x38 (C) [ 28.821646] dump_stack_lvl+0x8c/0xd0 [ 28.821817] print_report+0x118/0x608 [ 28.823202] kasan_report+0xdc/0x128 [ 28.823346] kasan_check_range+0x100/0x1a8 [ 28.823508] __kasan_check_write+0x20/0x30 [ 28.823648] copy_to_kernel_nofault+0x8c/0x250 [ 28.824113] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 28.824270] kunit_try_run_case+0x170/0x3f0 [ 28.824656] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.824872] kthread+0x328/0x630 [ 28.825052] ret_from_fork+0x10/0x20 [ 28.825362] [ 28.825459] Allocated by task 283: [ 28.825629] kasan_save_stack+0x3c/0x68 [ 28.825741] kasan_save_track+0x20/0x40 [ 28.825870] kasan_save_alloc_info+0x40/0x58 [ 28.826057] __kasan_kmalloc+0xd4/0xd8 [ 28.826183] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.826432] copy_to_kernel_nofault_oob+0xc8/0x418 [ 28.826562] kunit_try_run_case+0x170/0x3f0 [ 28.827056] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.827183] kthread+0x328/0x630 [ 28.827662] ret_from_fork+0x10/0x20 [ 28.827813] [ 28.828217] The buggy address belongs to the object at fff00000c5a7ba00 [ 28.828217] which belongs to the cache kmalloc-128 of size 128 [ 28.828370] The buggy address is located 0 bytes to the right of [ 28.828370] allocated 120-byte region [fff00000c5a7ba00, fff00000c5a7ba78) [ 28.828566] [ 28.828617] The buggy address belongs to the physical page: [ 28.828694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 28.828819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.828981] page_type: f5(slab) [ 28.829355] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.830194] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.830557] page dumped because: kasan: bad access detected [ 28.830656] [ 28.830709] Memory state around the buggy address: [ 28.830789] fff00000c5a7b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.831882] fff00000c5a7b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.832218] >fff00000c5a7ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.832358] ^ [ 28.832507] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.833505] fff00000c5a7bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.833652] ==================================================================
[ 16.452017] ================================================================== [ 16.452645] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.452981] Write of size 8 at addr ffff888102d97d78 by task kunit_try_catch/301 [ 16.453779] [ 16.453909] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.453993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.454007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.454033] Call Trace: [ 16.454055] <TASK> [ 16.454080] dump_stack_lvl+0x73/0xb0 [ 16.454115] print_report+0xd1/0x650 [ 16.454143] ? __virt_addr_valid+0x1db/0x2d0 [ 16.454166] ? copy_to_kernel_nofault+0x99/0x260 [ 16.454188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.454213] ? copy_to_kernel_nofault+0x99/0x260 [ 16.454233] kasan_report+0x141/0x180 [ 16.454256] ? copy_to_kernel_nofault+0x99/0x260 [ 16.454283] kasan_check_range+0x10c/0x1c0 [ 16.454318] __kasan_check_write+0x18/0x20 [ 16.454350] copy_to_kernel_nofault+0x99/0x260 [ 16.454387] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.454426] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.454467] ? finish_task_switch.isra.0+0x153/0x700 [ 16.454512] ? __schedule+0x10cc/0x2b60 [ 16.454562] ? trace_hardirqs_on+0x37/0xe0 [ 16.454823] ? __pfx_read_tsc+0x10/0x10 [ 16.454908] ? ktime_get_ts64+0x86/0x230 [ 16.454980] kunit_try_run_case+0x1a5/0x480 [ 16.455042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.455084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.455120] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.455146] ? __kthread_parkme+0x82/0x180 [ 16.455171] ? preempt_count_sub+0x50/0x80 [ 16.455196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.455221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.455245] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.455269] kthread+0x337/0x6f0 [ 16.455332] ? trace_preempt_on+0x20/0xc0 [ 16.455370] ? __pfx_kthread+0x10/0x10 [ 16.455399] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.455430] ? calculate_sigpending+0x7b/0xa0 [ 16.455454] ? __pfx_kthread+0x10/0x10 [ 16.455472] ret_from_fork+0x41/0x80 [ 16.455494] ? __pfx_kthread+0x10/0x10 [ 16.455513] ret_from_fork_asm+0x1a/0x30 [ 16.455551] </TASK> [ 16.455569] [ 16.464241] Allocated by task 301: [ 16.464567] kasan_save_stack+0x45/0x70 [ 16.464865] kasan_save_track+0x18/0x40 [ 16.465066] kasan_save_alloc_info+0x3b/0x50 [ 16.465390] __kasan_kmalloc+0xb7/0xc0 [ 16.465575] __kmalloc_cache_noprof+0x189/0x420 [ 16.465782] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.465996] kunit_try_run_case+0x1a5/0x480 [ 16.466310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.466729] kthread+0x337/0x6f0 [ 16.466998] ret_from_fork+0x41/0x80 [ 16.467323] ret_from_fork_asm+0x1a/0x30 [ 16.467665] [ 16.468447] The buggy address belongs to the object at ffff888102d97d00 [ 16.468447] which belongs to the cache kmalloc-128 of size 128 [ 16.469342] The buggy address is located 0 bytes to the right of [ 16.469342] allocated 120-byte region [ffff888102d97d00, ffff888102d97d78) [ 16.470435] [ 16.470569] The buggy address belongs to the physical page: [ 16.471005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d97 [ 16.471706] flags: 0x200000000000000(node=0|zone=2) [ 16.471928] page_type: f5(slab) [ 16.472095] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.472344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.472806] page dumped because: kasan: bad access detected [ 16.473178] [ 16.473334] Memory state around the buggy address: [ 16.473904] ffff888102d97c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.475309] ffff888102d97c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.475676] >ffff888102d97d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.475920] ^ [ 16.476144] ffff888102d97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.476380] ffff888102d97e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.477156] ================================================================== [ 16.419589] ================================================================== [ 16.420247] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.420968] Read of size 8 at addr ffff888102d97d78 by task kunit_try_catch/301 [ 16.421392] [ 16.421601] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.421698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.421722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.421764] Call Trace: [ 16.421792] <TASK> [ 16.421828] dump_stack_lvl+0x73/0xb0 [ 16.421951] print_report+0xd1/0x650 [ 16.422003] ? __virt_addr_valid+0x1db/0x2d0 [ 16.422051] ? copy_to_kernel_nofault+0x225/0x260 [ 16.422090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.422171] ? copy_to_kernel_nofault+0x225/0x260 [ 16.422218] kasan_report+0x141/0x180 [ 16.422261] ? copy_to_kernel_nofault+0x225/0x260 [ 16.422313] __asan_report_load8_noabort+0x18/0x20 [ 16.422356] copy_to_kernel_nofault+0x225/0x260 [ 16.422463] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.422516] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.422564] ? finish_task_switch.isra.0+0x153/0x700 [ 16.422607] ? __schedule+0x10cc/0x2b60 [ 16.422665] ? trace_hardirqs_on+0x37/0xe0 [ 16.422708] ? __pfx_read_tsc+0x10/0x10 [ 16.422732] ? ktime_get_ts64+0x86/0x230 [ 16.422762] kunit_try_run_case+0x1a5/0x480 [ 16.422791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.422814] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.422840] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.422864] ? __kthread_parkme+0x82/0x180 [ 16.422889] ? preempt_count_sub+0x50/0x80 [ 16.422915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.422940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.422965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.422988] kthread+0x337/0x6f0 [ 16.423006] ? trace_preempt_on+0x20/0xc0 [ 16.423030] ? __pfx_kthread+0x10/0x10 [ 16.423048] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.423070] ? calculate_sigpending+0x7b/0xa0 [ 16.423093] ? __pfx_kthread+0x10/0x10 [ 16.423111] ret_from_fork+0x41/0x80 [ 16.423132] ? __pfx_kthread+0x10/0x10 [ 16.423150] ret_from_fork_asm+0x1a/0x30 [ 16.423181] </TASK> [ 16.423195] [ 16.434965] Allocated by task 301: [ 16.435540] kasan_save_stack+0x45/0x70 [ 16.436107] kasan_save_track+0x18/0x40 [ 16.436265] kasan_save_alloc_info+0x3b/0x50 [ 16.437274] __kasan_kmalloc+0xb7/0xc0 [ 16.437446] __kmalloc_cache_noprof+0x189/0x420 [ 16.437754] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.438716] kunit_try_run_case+0x1a5/0x480 [ 16.438940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.439118] kthread+0x337/0x6f0 [ 16.439721] ret_from_fork+0x41/0x80 [ 16.440118] ret_from_fork_asm+0x1a/0x30 [ 16.440525] [ 16.440666] The buggy address belongs to the object at ffff888102d97d00 [ 16.440666] which belongs to the cache kmalloc-128 of size 128 [ 16.441596] The buggy address is located 0 bytes to the right of [ 16.441596] allocated 120-byte region [ffff888102d97d00, ffff888102d97d78) [ 16.442612] [ 16.442741] The buggy address belongs to the physical page: [ 16.443817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d97 [ 16.444520] flags: 0x200000000000000(node=0|zone=2) [ 16.445045] page_type: f5(slab) [ 16.445726] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.445987] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.446283] page dumped because: kasan: bad access detected [ 16.446565] [ 16.446674] Memory state around the buggy address: [ 16.446844] ffff888102d97c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.447480] ffff888102d97c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.448405] >ffff888102d97d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.448610] ^ [ 16.448802] ffff888102d97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.449707] ffff888102d97e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.449957] ==================================================================