Date
June 23, 2025, 1:39 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.560118] ================================================================== [ 29.560293] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 29.560464] Read of size 8 at addr fff00000c7065778 by task kunit_try_catch/283 [ 29.560586] [ 29.560674] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.560875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.560947] Hardware name: linux,dummy-virt (DT) [ 29.561026] Call trace: [ 29.561085] show_stack+0x20/0x38 (C) [ 29.561228] dump_stack_lvl+0x8c/0xd0 [ 29.561352] print_report+0x118/0x608 [ 29.561494] kasan_report+0xdc/0x128 [ 29.561605] __asan_report_load8_noabort+0x20/0x30 [ 29.561726] copy_to_kernel_nofault+0x204/0x250 [ 29.561872] copy_to_kernel_nofault_oob+0x158/0x418 [ 29.562004] kunit_try_run_case+0x170/0x3f0 [ 29.562131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.562263] kthread+0x328/0x630 [ 29.562379] ret_from_fork+0x10/0x20 [ 29.562519] [ 29.562580] Allocated by task 283: [ 29.563180] kasan_save_stack+0x3c/0x68 [ 29.563624] kasan_save_track+0x20/0x40 [ 29.565364] kasan_save_alloc_info+0x40/0x58 [ 29.565622] __kasan_kmalloc+0xd4/0xd8 [ 29.565743] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.566603] copy_to_kernel_nofault_oob+0xc8/0x418 [ 29.566996] kunit_try_run_case+0x170/0x3f0 [ 29.567100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.567220] kthread+0x328/0x630 [ 29.567513] ret_from_fork+0x10/0x20 [ 29.567752] [ 29.567810] The buggy address belongs to the object at fff00000c7065700 [ 29.567810] which belongs to the cache kmalloc-128 of size 128 [ 29.568006] The buggy address is located 0 bytes to the right of [ 29.568006] allocated 120-byte region [fff00000c7065700, fff00000c7065778) [ 29.568181] [ 29.568248] The buggy address belongs to the physical page: [ 29.568344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.568497] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.568625] page_type: f5(slab) [ 29.568985] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.569646] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.569772] page dumped because: kasan: bad access detected [ 29.570305] [ 29.570406] Memory state around the buggy address: [ 29.570854] fff00000c7065600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.571435] fff00000c7065680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.571659] >fff00000c7065700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.571779] ^ [ 29.571891] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.572566] fff00000c7065800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.572872] ================================================================== [ 29.574467] ================================================================== [ 29.574593] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 29.575282] Write of size 8 at addr fff00000c7065778 by task kunit_try_catch/283 [ 29.575516] [ 29.575665] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 29.575926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.576340] Hardware name: linux,dummy-virt (DT) [ 29.576602] Call trace: [ 29.576770] show_stack+0x20/0x38 (C) [ 29.576987] dump_stack_lvl+0x8c/0xd0 [ 29.577533] print_report+0x118/0x608 [ 29.577675] kasan_report+0xdc/0x128 [ 29.577797] kasan_check_range+0x100/0x1a8 [ 29.578176] __kasan_check_write+0x20/0x30 [ 29.578880] copy_to_kernel_nofault+0x8c/0x250 [ 29.579298] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 29.579509] kunit_try_run_case+0x170/0x3f0 [ 29.579715] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.580246] kthread+0x328/0x630 [ 29.581196] ret_from_fork+0x10/0x20 [ 29.581336] [ 29.582205] Allocated by task 283: [ 29.582706] kasan_save_stack+0x3c/0x68 [ 29.582815] kasan_save_track+0x20/0x40 [ 29.583555] kasan_save_alloc_info+0x40/0x58 [ 29.583848] __kasan_kmalloc+0xd4/0xd8 [ 29.583963] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.585381] copy_to_kernel_nofault_oob+0xc8/0x418 [ 29.585551] kunit_try_run_case+0x170/0x3f0 [ 29.586475] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.586761] kthread+0x328/0x630 [ 29.586855] ret_from_fork+0x10/0x20 [ 29.588781] [ 29.588894] The buggy address belongs to the object at fff00000c7065700 [ 29.588894] which belongs to the cache kmalloc-128 of size 128 [ 29.589407] The buggy address is located 0 bytes to the right of [ 29.589407] allocated 120-byte region [fff00000c7065700, fff00000c7065778) [ 29.589894] [ 29.589951] The buggy address belongs to the physical page: [ 29.590039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 29.590181] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.590947] page_type: f5(slab) [ 29.591052] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.591249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.591715] page dumped because: kasan: bad access detected [ 29.591823] [ 29.591931] Memory state around the buggy address: [ 29.592025] fff00000c7065600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.592139] fff00000c7065680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.592261] >fff00000c7065700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.592379] ^ [ 29.592914] fff00000c7065780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.593136] fff00000c7065800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.593364] ==================================================================
[ 24.034586] ================================================================== [ 24.035239] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 24.036061] Write of size 8 at addr ffff88810a090178 by task kunit_try_catch/302 [ 24.037006] [ 24.037284] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 24.037451] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.037494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.037552] Call Trace: [ 24.037617] <TASK> [ 24.037663] dump_stack_lvl+0x73/0xb0 [ 24.037744] print_report+0xd1/0x650 [ 24.037842] ? __virt_addr_valid+0x1db/0x2d0 [ 24.037924] ? copy_to_kernel_nofault+0x99/0x260 [ 24.038000] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.038081] ? copy_to_kernel_nofault+0x99/0x260 [ 24.038157] kasan_report+0x141/0x180 [ 24.038326] ? copy_to_kernel_nofault+0x99/0x260 [ 24.038422] kasan_check_range+0x10c/0x1c0 [ 24.038499] __kasan_check_write+0x18/0x20 [ 24.038573] copy_to_kernel_nofault+0x99/0x260 [ 24.038758] copy_to_kernel_nofault_oob+0x288/0x560 [ 24.038845] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 24.038929] ? finish_task_switch.isra.0+0x153/0x700 [ 24.039009] ? __schedule+0x10cc/0x2b60 [ 24.039079] ? trace_hardirqs_on+0x37/0xe0 [ 24.039175] ? __pfx_read_tsc+0x10/0x10 [ 24.039239] ? ktime_get_ts64+0x86/0x230 [ 24.039324] kunit_try_run_case+0x1a5/0x480 [ 24.039409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.039484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.039558] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.039677] ? __kthread_parkme+0x82/0x180 [ 24.039761] ? preempt_count_sub+0x50/0x80 [ 24.039847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.039933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.039976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.040013] kthread+0x337/0x6f0 [ 24.040040] ? trace_preempt_on+0x20/0xc0 [ 24.040075] ? __pfx_kthread+0x10/0x10 [ 24.040102] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.040138] ? calculate_sigpending+0x7b/0xa0 [ 24.040168] ? __pfx_kthread+0x10/0x10 [ 24.040195] ret_from_fork+0x41/0x80 [ 24.040270] ? __pfx_kthread+0x10/0x10 [ 24.040301] ret_from_fork_asm+0x1a/0x30 [ 24.040346] </TASK> [ 24.040362] [ 24.058483] Allocated by task 302: [ 24.059937] kasan_save_stack+0x45/0x70 [ 24.060802] kasan_save_track+0x18/0x40 [ 24.061649] kasan_save_alloc_info+0x3b/0x50 [ 24.062804] __kasan_kmalloc+0xb7/0xc0 [ 24.063905] __kmalloc_cache_noprof+0x189/0x420 [ 24.064256] copy_to_kernel_nofault_oob+0x12f/0x560 [ 24.064761] kunit_try_run_case+0x1a5/0x480 [ 24.065175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.065769] kthread+0x337/0x6f0 [ 24.066145] ret_from_fork+0x41/0x80 [ 24.066485] ret_from_fork_asm+0x1a/0x30 [ 24.066956] [ 24.067283] The buggy address belongs to the object at ffff88810a090100 [ 24.067283] which belongs to the cache kmalloc-128 of size 128 [ 24.068175] The buggy address is located 0 bytes to the right of [ 24.068175] allocated 120-byte region [ffff88810a090100, ffff88810a090178) [ 24.070060] [ 24.070577] The buggy address belongs to the physical page: [ 24.071520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a090 [ 24.072489] flags: 0x200000000000000(node=0|zone=2) [ 24.072829] page_type: f5(slab) [ 24.073251] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.074164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.075380] page dumped because: kasan: bad access detected [ 24.075912] [ 24.076126] Memory state around the buggy address: [ 24.076588] ffff88810a090000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.077935] ffff88810a090080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.078727] >ffff88810a090100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.079327] ^ [ 24.079840] ffff88810a090180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.080992] ffff88810a090200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.081416] ================================================================== [ 23.986018] ================================================================== [ 23.987232] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 23.987544] Read of size 8 at addr ffff88810a090178 by task kunit_try_catch/302 [ 23.988591] [ 23.988877] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 23.989010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.989051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.989112] Call Trace: [ 23.989155] <TASK> [ 23.989207] dump_stack_lvl+0x73/0xb0 [ 23.989294] print_report+0xd1/0x650 [ 23.989385] ? __virt_addr_valid+0x1db/0x2d0 [ 23.989465] ? copy_to_kernel_nofault+0x225/0x260 [ 23.989540] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.989744] ? copy_to_kernel_nofault+0x225/0x260 [ 23.989840] kasan_report+0x141/0x180 [ 23.989922] ? copy_to_kernel_nofault+0x225/0x260 [ 23.990013] __asan_report_load8_noabort+0x18/0x20 [ 23.990092] copy_to_kernel_nofault+0x225/0x260 [ 23.990173] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 23.990302] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 23.990356] ? finish_task_switch.isra.0+0x153/0x700 [ 23.990400] ? __schedule+0x10cc/0x2b60 [ 23.990437] ? trace_hardirqs_on+0x37/0xe0 [ 23.990484] ? __pfx_read_tsc+0x10/0x10 [ 23.990515] ? ktime_get_ts64+0x86/0x230 [ 23.990555] kunit_try_run_case+0x1a5/0x480 [ 23.990594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.990722] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.990775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.990814] ? __kthread_parkme+0x82/0x180 [ 23.990851] ? preempt_count_sub+0x50/0x80 [ 23.990890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.990930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.990967] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.991003] kthread+0x337/0x6f0 [ 23.991029] ? trace_preempt_on+0x20/0xc0 [ 23.991066] ? __pfx_kthread+0x10/0x10 [ 23.991093] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.991127] ? calculate_sigpending+0x7b/0xa0 [ 23.991161] ? __pfx_kthread+0x10/0x10 [ 23.991189] ret_from_fork+0x41/0x80 [ 23.991255] ? __pfx_kthread+0x10/0x10 [ 23.991290] ret_from_fork_asm+0x1a/0x30 [ 23.991338] </TASK> [ 23.991354] [ 24.010797] Allocated by task 302: [ 24.011090] kasan_save_stack+0x45/0x70 [ 24.011413] kasan_save_track+0x18/0x40 [ 24.013075] kasan_save_alloc_info+0x3b/0x50 [ 24.014018] __kasan_kmalloc+0xb7/0xc0 [ 24.014425] __kmalloc_cache_noprof+0x189/0x420 [ 24.014847] copy_to_kernel_nofault_oob+0x12f/0x560 [ 24.015323] kunit_try_run_case+0x1a5/0x480 [ 24.015773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.016247] kthread+0x337/0x6f0 [ 24.016674] ret_from_fork+0x41/0x80 [ 24.017122] ret_from_fork_asm+0x1a/0x30 [ 24.018063] [ 24.018912] The buggy address belongs to the object at ffff88810a090100 [ 24.018912] which belongs to the cache kmalloc-128 of size 128 [ 24.020122] The buggy address is located 0 bytes to the right of [ 24.020122] allocated 120-byte region [ffff88810a090100, ffff88810a090178) [ 24.021247] [ 24.021491] The buggy address belongs to the physical page: [ 24.022165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a090 [ 24.023012] flags: 0x200000000000000(node=0|zone=2) [ 24.023783] page_type: f5(slab) [ 24.024183] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.025143] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.026033] page dumped because: kasan: bad access detected [ 24.026673] [ 24.026995] Memory state around the buggy address: [ 24.027526] ffff88810a090000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.028592] ffff88810a090080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.029922] >ffff88810a090100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.031307] ^ [ 24.031889] ffff88810a090180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.032532] ffff88810a090200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.033257] ==================================================================