Date
July 3, 2025, 3:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.380630] ================================================================== [ 18.380984] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 18.381074] Read of size 8 at addr fff00000c77fa978 by task kunit_try_catch/284 [ 18.381270] [ 18.381387] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.381519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.381600] Hardware name: linux,dummy-virt (DT) [ 18.381665] Call trace: [ 18.381720] show_stack+0x20/0x38 (C) [ 18.381781] dump_stack_lvl+0x8c/0xd0 [ 18.381835] print_report+0x118/0x608 [ 18.382095] kasan_report+0xdc/0x128 [ 18.382188] __asan_report_load8_noabort+0x20/0x30 [ 18.382326] copy_to_kernel_nofault+0x204/0x250 [ 18.382400] copy_to_kernel_nofault_oob+0x158/0x418 [ 18.382878] kunit_try_run_case+0x170/0x3f0 [ 18.383040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.383127] kthread+0x328/0x630 [ 18.383497] ret_from_fork+0x10/0x20 [ 18.383658] [ 18.383757] Allocated by task 284: [ 18.383793] kasan_save_stack+0x3c/0x68 [ 18.383981] kasan_save_track+0x20/0x40 [ 18.384120] kasan_save_alloc_info+0x40/0x58 [ 18.384336] __kasan_kmalloc+0xd4/0xd8 [ 18.384492] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.384537] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.384578] kunit_try_run_case+0x170/0x3f0 [ 18.384671] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.384721] kthread+0x328/0x630 [ 18.384757] ret_from_fork+0x10/0x20 [ 18.384796] [ 18.384838] The buggy address belongs to the object at fff00000c77fa900 [ 18.384838] which belongs to the cache kmalloc-128 of size 128 [ 18.384899] The buggy address is located 0 bytes to the right of [ 18.384899] allocated 120-byte region [fff00000c77fa900, fff00000c77fa978) [ 18.384981] [ 18.385015] The buggy address belongs to the physical page: [ 18.385051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.385108] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.385159] page_type: f5(slab) [ 18.385207] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.385275] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.385316] page dumped because: kasan: bad access detected [ 18.385360] [ 18.385389] Memory state around the buggy address: [ 18.385432] fff00000c77fa800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.385487] fff00000c77fa880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.385532] >fff00000c77fa900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.385590] ^ [ 18.385633] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.385692] fff00000c77faa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.385737] ================================================================== [ 18.386319] ================================================================== [ 18.386741] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 18.386847] Write of size 8 at addr fff00000c77fa978 by task kunit_try_catch/284 [ 18.387021] [ 18.387070] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.387418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.387474] Hardware name: linux,dummy-virt (DT) [ 18.387587] Call trace: [ 18.387691] show_stack+0x20/0x38 (C) [ 18.387863] dump_stack_lvl+0x8c/0xd0 [ 18.387922] print_report+0x118/0x608 [ 18.387978] kasan_report+0xdc/0x128 [ 18.388024] kasan_check_range+0x100/0x1a8 [ 18.388071] __kasan_check_write+0x20/0x30 [ 18.388300] copy_to_kernel_nofault+0x8c/0x250 [ 18.388519] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 18.388713] kunit_try_run_case+0x170/0x3f0 [ 18.388923] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.389095] kthread+0x328/0x630 [ 18.389321] ret_from_fork+0x10/0x20 [ 18.389513] [ 18.389697] Allocated by task 284: [ 18.389757] kasan_save_stack+0x3c/0x68 [ 18.390134] kasan_save_track+0x20/0x40 [ 18.390376] kasan_save_alloc_info+0x40/0x58 [ 18.390620] __kasan_kmalloc+0xd4/0xd8 [ 18.390788] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.390991] copy_to_kernel_nofault_oob+0xc8/0x418 [ 18.391111] kunit_try_run_case+0x170/0x3f0 [ 18.391311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.391587] kthread+0x328/0x630 [ 18.391767] ret_from_fork+0x10/0x20 [ 18.391896] [ 18.391992] The buggy address belongs to the object at fff00000c77fa900 [ 18.391992] which belongs to the cache kmalloc-128 of size 128 [ 18.392162] The buggy address is located 0 bytes to the right of [ 18.392162] allocated 120-byte region [fff00000c77fa900, fff00000c77fa978) [ 18.392231] [ 18.392421] The buggy address belongs to the physical page: [ 18.392657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.392874] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.393037] page_type: f5(slab) [ 18.393136] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.393250] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.393364] page dumped because: kasan: bad access detected [ 18.393482] [ 18.393535] Memory state around the buggy address: [ 18.393570] fff00000c77fa800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.393863] fff00000c77fa880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.394129] >fff00000c77fa900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.394389] ^ [ 18.394584] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.394670] fff00000c77faa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.394710] ==================================================================
[ 15.095266] ================================================================== [ 15.095808] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.096384] Write of size 8 at addr ffff888103151d78 by task kunit_try_catch/301 [ 15.096843] [ 15.096967] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.097020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.097034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.097059] Call Trace: [ 15.097073] <TASK> [ 15.097095] dump_stack_lvl+0x73/0xb0 [ 15.097127] print_report+0xd1/0x650 [ 15.097154] ? __virt_addr_valid+0x1db/0x2d0 [ 15.097178] ? copy_to_kernel_nofault+0x99/0x260 [ 15.097200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.097237] ? copy_to_kernel_nofault+0x99/0x260 [ 15.097260] kasan_report+0x141/0x180 [ 15.097434] ? copy_to_kernel_nofault+0x99/0x260 [ 15.097478] kasan_check_range+0x10c/0x1c0 [ 15.097503] __kasan_check_write+0x18/0x20 [ 15.097525] copy_to_kernel_nofault+0x99/0x260 [ 15.097555] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.097620] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.097656] ? finish_task_switch.isra.0+0x153/0x700 [ 15.097683] ? __schedule+0x10cc/0x2b60 [ 15.097707] ? trace_hardirqs_on+0x37/0xe0 [ 15.097740] ? __pfx_read_tsc+0x10/0x10 [ 15.097764] ? ktime_get_ts64+0x86/0x230 [ 15.097791] kunit_try_run_case+0x1a5/0x480 [ 15.097817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.097841] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.097868] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.097893] ? __kthread_parkme+0x82/0x180 [ 15.097916] ? preempt_count_sub+0x50/0x80 [ 15.097942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.097968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.097992] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.098018] kthread+0x337/0x6f0 [ 15.098038] ? trace_preempt_on+0x20/0xc0 [ 15.098062] ? __pfx_kthread+0x10/0x10 [ 15.098082] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.098106] ? calculate_sigpending+0x7b/0xa0 [ 15.098130] ? __pfx_kthread+0x10/0x10 [ 15.098150] ret_from_fork+0x41/0x80 [ 15.098172] ? __pfx_kthread+0x10/0x10 [ 15.098191] ret_from_fork_asm+0x1a/0x30 [ 15.098236] </TASK> [ 15.098249] [ 15.110578] Allocated by task 301: [ 15.110930] kasan_save_stack+0x45/0x70 [ 15.111248] kasan_save_track+0x18/0x40 [ 15.111549] kasan_save_alloc_info+0x3b/0x50 [ 15.111859] __kasan_kmalloc+0xb7/0xc0 [ 15.112059] __kmalloc_cache_noprof+0x189/0x420 [ 15.112463] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.112769] kunit_try_run_case+0x1a5/0x480 [ 15.113088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.113392] kthread+0x337/0x6f0 [ 15.113564] ret_from_fork+0x41/0x80 [ 15.113941] ret_from_fork_asm+0x1a/0x30 [ 15.114352] [ 15.114463] The buggy address belongs to the object at ffff888103151d00 [ 15.114463] which belongs to the cache kmalloc-128 of size 128 [ 15.115561] The buggy address is located 0 bytes to the right of [ 15.115561] allocated 120-byte region [ffff888103151d00, ffff888103151d78) [ 15.116218] [ 15.116497] The buggy address belongs to the physical page: [ 15.116902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.117255] flags: 0x200000000000000(node=0|zone=2) [ 15.117650] page_type: f5(slab) [ 15.117816] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.118130] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.118764] page dumped because: kasan: bad access detected [ 15.119236] [ 15.119501] Memory state around the buggy address: [ 15.120001] ffff888103151c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.120484] ffff888103151c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.121152] >ffff888103151d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.121974] ^ [ 15.122448] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.122922] ffff888103151e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.123568] ================================================================== [ 15.055700] ================================================================== [ 15.057275] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.058459] Read of size 8 at addr ffff888103151d78 by task kunit_try_catch/301 [ 15.058715] [ 15.058818] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.058873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.058887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.058912] Call Trace: [ 15.058927] <TASK> [ 15.058950] dump_stack_lvl+0x73/0xb0 [ 15.058983] print_report+0xd1/0x650 [ 15.059011] ? __virt_addr_valid+0x1db/0x2d0 [ 15.059037] ? copy_to_kernel_nofault+0x225/0x260 [ 15.059060] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.059085] ? copy_to_kernel_nofault+0x225/0x260 [ 15.059107] kasan_report+0x141/0x180 [ 15.059131] ? copy_to_kernel_nofault+0x225/0x260 [ 15.059158] __asan_report_load8_noabort+0x18/0x20 [ 15.059181] copy_to_kernel_nofault+0x225/0x260 [ 15.059204] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.059491] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.059526] ? finish_task_switch.isra.0+0x153/0x700 [ 15.059569] ? __schedule+0x10cc/0x2b60 [ 15.059595] ? trace_hardirqs_on+0x37/0xe0 [ 15.059662] ? __pfx_read_tsc+0x10/0x10 [ 15.059687] ? ktime_get_ts64+0x86/0x230 [ 15.059715] kunit_try_run_case+0x1a5/0x480 [ 15.059742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.059766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.059793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.059818] ? __kthread_parkme+0x82/0x180 [ 15.059843] ? preempt_count_sub+0x50/0x80 [ 15.059869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.059894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.059919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.059944] kthread+0x337/0x6f0 [ 15.059962] ? trace_preempt_on+0x20/0xc0 [ 15.059987] ? __pfx_kthread+0x10/0x10 [ 15.060007] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.060030] ? calculate_sigpending+0x7b/0xa0 [ 15.060055] ? __pfx_kthread+0x10/0x10 [ 15.060075] ret_from_fork+0x41/0x80 [ 15.060097] ? __pfx_kthread+0x10/0x10 [ 15.060117] ret_from_fork_asm+0x1a/0x30 [ 15.060150] </TASK> [ 15.060164] [ 15.079522] Allocated by task 301: [ 15.079952] kasan_save_stack+0x45/0x70 [ 15.080548] kasan_save_track+0x18/0x40 [ 15.081152] kasan_save_alloc_info+0x3b/0x50 [ 15.081751] __kasan_kmalloc+0xb7/0xc0 [ 15.082129] __kmalloc_cache_noprof+0x189/0x420 [ 15.082806] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.082994] kunit_try_run_case+0x1a5/0x480 [ 15.083145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.083590] kthread+0x337/0x6f0 [ 15.083924] ret_from_fork+0x41/0x80 [ 15.084111] ret_from_fork_asm+0x1a/0x30 [ 15.084532] [ 15.084640] The buggy address belongs to the object at ffff888103151d00 [ 15.084640] which belongs to the cache kmalloc-128 of size 128 [ 15.085517] The buggy address is located 0 bytes to the right of [ 15.085517] allocated 120-byte region [ffff888103151d00, ffff888103151d78) [ 15.086231] [ 15.086509] The buggy address belongs to the physical page: [ 15.087114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.087990] flags: 0x200000000000000(node=0|zone=2) [ 15.088416] page_type: f5(slab) [ 15.088741] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.089214] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.089789] page dumped because: kasan: bad access detected [ 15.090171] [ 15.090437] Memory state around the buggy address: [ 15.090662] ffff888103151c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.090966] ffff888103151c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.091268] >ffff888103151d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.091583] ^ [ 15.092513] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.093070] ffff888103151e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.093745] ==================================================================