Date
July 8, 2025, 4:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.645885] ================================================================== [ 20.645935] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 20.645988] Write of size 8 at addr fff00000c6e6c978 by task kunit_try_catch/283 [ 20.646043] [ 20.646076] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.646157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.646329] Hardware name: linux,dummy-virt (DT) [ 20.646407] Call trace: [ 20.646432] show_stack+0x20/0x38 (C) [ 20.646483] dump_stack_lvl+0x8c/0xd0 [ 20.646570] print_report+0x118/0x608 [ 20.646623] kasan_report+0xdc/0x128 [ 20.646689] kasan_check_range+0x100/0x1a8 [ 20.646764] __kasan_check_write+0x20/0x30 [ 20.647036] copy_to_kernel_nofault+0x8c/0x250 [ 20.647151] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 20.647207] kunit_try_run_case+0x170/0x3f0 [ 20.647258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.647314] kthread+0x328/0x630 [ 20.647571] ret_from_fork+0x10/0x20 [ 20.647629] [ 20.647671] Allocated by task 283: [ 20.647721] kasan_save_stack+0x3c/0x68 [ 20.647764] kasan_save_track+0x20/0x40 [ 20.647803] kasan_save_alloc_info+0x40/0x58 [ 20.647842] __kasan_kmalloc+0xd4/0xd8 [ 20.647890] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.647931] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.647975] kunit_try_run_case+0x170/0x3f0 [ 20.648016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.648070] kthread+0x328/0x630 [ 20.648109] ret_from_fork+0x10/0x20 [ 20.648146] [ 20.648168] The buggy address belongs to the object at fff00000c6e6c900 [ 20.648168] which belongs to the cache kmalloc-128 of size 128 [ 20.648226] The buggy address is located 0 bytes to the right of [ 20.648226] allocated 120-byte region [fff00000c6e6c900, fff00000c6e6c978) [ 20.648291] [ 20.648324] The buggy address belongs to the physical page: [ 20.648579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.648842] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.648977] page_type: f5(slab) [ 20.649179] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.649356] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.649432] page dumped because: kasan: bad access detected [ 20.649507] [ 20.649654] Memory state around the buggy address: [ 20.649754] fff00000c6e6c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.649838] fff00000c6e6c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.649952] >fff00000c6e6c900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.650020] ^ [ 20.650124] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.650238] fff00000c6e6ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.650278] ================================================================== [ 20.641068] ================================================================== [ 20.641144] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 20.641234] Read of size 8 at addr fff00000c6e6c978 by task kunit_try_catch/283 [ 20.641287] [ 20.641361] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.641466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.641504] Hardware name: linux,dummy-virt (DT) [ 20.641538] Call trace: [ 20.641588] show_stack+0x20/0x38 (C) [ 20.641639] dump_stack_lvl+0x8c/0xd0 [ 20.641732] print_report+0x118/0x608 [ 20.641809] kasan_report+0xdc/0x128 [ 20.641876] __asan_report_load8_noabort+0x20/0x30 [ 20.641927] copy_to_kernel_nofault+0x204/0x250 [ 20.642134] copy_to_kernel_nofault_oob+0x158/0x418 [ 20.642272] kunit_try_run_case+0x170/0x3f0 [ 20.642364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.642425] kthread+0x328/0x630 [ 20.642474] ret_from_fork+0x10/0x20 [ 20.642524] [ 20.642545] Allocated by task 283: [ 20.642581] kasan_save_stack+0x3c/0x68 [ 20.642780] kasan_save_track+0x20/0x40 [ 20.642826] kasan_save_alloc_info+0x40/0x58 [ 20.642886] __kasan_kmalloc+0xd4/0xd8 [ 20.642924] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.642966] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.643009] kunit_try_run_case+0x170/0x3f0 [ 20.643050] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.643104] kthread+0x328/0x630 [ 20.643280] ret_from_fork+0x10/0x20 [ 20.643561] [ 20.643728] The buggy address belongs to the object at fff00000c6e6c900 [ 20.643728] which belongs to the cache kmalloc-128 of size 128 [ 20.644033] The buggy address is located 0 bytes to the right of [ 20.644033] allocated 120-byte region [fff00000c6e6c900, fff00000c6e6c978) [ 20.644109] [ 20.644133] The buggy address belongs to the physical page: [ 20.644166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.644311] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.644496] page_type: f5(slab) [ 20.644621] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.644673] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.644783] page dumped because: kasan: bad access detected [ 20.645097] [ 20.645230] Memory state around the buggy address: [ 20.645310] fff00000c6e6c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.645369] fff00000c6e6c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.645415] >fff00000c6e6c900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.645492] ^ [ 20.645535] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.645579] fff00000c6e6ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.645620] ==================================================================
[ 15.329687] ================================================================== [ 15.331379] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.332189] Read of size 8 at addr ffff8881029e8578 by task kunit_try_catch/301 [ 15.332776] [ 15.332984] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.333040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.333054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.333081] Call Trace: [ 15.333097] <TASK> [ 15.333119] dump_stack_lvl+0x73/0xb0 [ 15.333150] print_report+0xd1/0x650 [ 15.333179] ? __virt_addr_valid+0x1db/0x2d0 [ 15.333206] ? copy_to_kernel_nofault+0x225/0x260 [ 15.333229] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.333255] ? copy_to_kernel_nofault+0x225/0x260 [ 15.333277] kasan_report+0x141/0x180 [ 15.333302] ? copy_to_kernel_nofault+0x225/0x260 [ 15.333329] __asan_report_load8_noabort+0x18/0x20 [ 15.333353] copy_to_kernel_nofault+0x225/0x260 [ 15.333377] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.333404] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.333430] ? finish_task_switch.isra.0+0x153/0x700 [ 15.333458] ? __schedule+0x10cc/0x2b60 [ 15.333483] ? trace_hardirqs_on+0x37/0xe0 [ 15.333541] ? __pfx_read_tsc+0x10/0x10 [ 15.333564] ? ktime_get_ts64+0x86/0x230 [ 15.333593] kunit_try_run_case+0x1a5/0x480 [ 15.333618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.333639] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.333665] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.333692] ? __kthread_parkme+0x82/0x180 [ 15.333717] ? preempt_count_sub+0x50/0x80 [ 15.333743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.333765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.333791] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.333820] kthread+0x337/0x6f0 [ 15.333840] ? trace_preempt_on+0x20/0xc0 [ 15.333866] ? __pfx_kthread+0x10/0x10 [ 15.333919] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.333944] ? calculate_sigpending+0x7b/0xa0 [ 15.333969] ? __pfx_kthread+0x10/0x10 [ 15.333990] ret_from_fork+0x41/0x80 [ 15.334013] ? __pfx_kthread+0x10/0x10 [ 15.334033] ret_from_fork_asm+0x1a/0x30 [ 15.334066] </TASK> [ 15.334079] [ 15.344713] Allocated by task 301: [ 15.344986] kasan_save_stack+0x45/0x70 [ 15.345196] kasan_save_track+0x18/0x40 [ 15.345366] kasan_save_alloc_info+0x3b/0x50 [ 15.345536] __kasan_kmalloc+0xb7/0xc0 [ 15.345753] __kmalloc_cache_noprof+0x189/0x420 [ 15.346113] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.346343] kunit_try_run_case+0x1a5/0x480 [ 15.346574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.346853] kthread+0x337/0x6f0 [ 15.347042] ret_from_fork+0x41/0x80 [ 15.347258] ret_from_fork_asm+0x1a/0x30 [ 15.347447] [ 15.347525] The buggy address belongs to the object at ffff8881029e8500 [ 15.347525] which belongs to the cache kmalloc-128 of size 128 [ 15.348094] The buggy address is located 0 bytes to the right of [ 15.348094] allocated 120-byte region [ffff8881029e8500, ffff8881029e8578) [ 15.348581] [ 15.348662] The buggy address belongs to the physical page: [ 15.348945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 15.349304] flags: 0x200000000000000(node=0|zone=2) [ 15.349631] page_type: f5(slab) [ 15.349818] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.350261] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.350597] page dumped because: kasan: bad access detected [ 15.350849] [ 15.351045] Memory state around the buggy address: [ 15.351302] ffff8881029e8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.351598] ffff8881029e8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.351902] >ffff8881029e8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.352196] ^ [ 15.352436] ffff8881029e8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.352981] ffff8881029e8600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.353303] ================================================================== [ 15.354305] ================================================================== [ 15.354767] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.355162] Write of size 8 at addr ffff8881029e8578 by task kunit_try_catch/301 [ 15.355507] [ 15.355625] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.355671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.355685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.355709] Call Trace: [ 15.355724] <TASK> [ 15.355740] dump_stack_lvl+0x73/0xb0 [ 15.355768] print_report+0xd1/0x650 [ 15.355794] ? __virt_addr_valid+0x1db/0x2d0 [ 15.355818] ? copy_to_kernel_nofault+0x99/0x260 [ 15.355862] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.355900] ? copy_to_kernel_nofault+0x99/0x260 [ 15.355922] kasan_report+0x141/0x180 [ 15.355966] ? copy_to_kernel_nofault+0x99/0x260 [ 15.355993] kasan_check_range+0x10c/0x1c0 [ 15.356029] __kasan_check_write+0x18/0x20 [ 15.356065] copy_to_kernel_nofault+0x99/0x260 [ 15.356089] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.356116] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.356164] ? finish_task_switch.isra.0+0x153/0x700 [ 15.356191] ? __schedule+0x10cc/0x2b60 [ 15.356215] ? trace_hardirqs_on+0x37/0xe0 [ 15.356248] ? __pfx_read_tsc+0x10/0x10 [ 15.356270] ? ktime_get_ts64+0x86/0x230 [ 15.356297] kunit_try_run_case+0x1a5/0x480 [ 15.356320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.356341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.356367] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.356394] ? __kthread_parkme+0x82/0x180 [ 15.356418] ? preempt_count_sub+0x50/0x80 [ 15.356444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.356466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.356492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.356528] kthread+0x337/0x6f0 [ 15.356565] ? trace_preempt_on+0x20/0xc0 [ 15.356590] ? __pfx_kthread+0x10/0x10 [ 15.356611] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.356652] ? calculate_sigpending+0x7b/0xa0 [ 15.356676] ? __pfx_kthread+0x10/0x10 [ 15.356696] ret_from_fork+0x41/0x80 [ 15.356719] ? __pfx_kthread+0x10/0x10 [ 15.356738] ret_from_fork_asm+0x1a/0x30 [ 15.356772] </TASK> [ 15.356785] [ 15.365286] Allocated by task 301: [ 15.365494] kasan_save_stack+0x45/0x70 [ 15.365714] kasan_save_track+0x18/0x40 [ 15.365915] kasan_save_alloc_info+0x3b/0x50 [ 15.366153] __kasan_kmalloc+0xb7/0xc0 [ 15.366345] __kmalloc_cache_noprof+0x189/0x420 [ 15.366662] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.367078] kunit_try_run_case+0x1a5/0x480 [ 15.367306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.367500] kthread+0x337/0x6f0 [ 15.367682] ret_from_fork+0x41/0x80 [ 15.367820] ret_from_fork_asm+0x1a/0x30 [ 15.367971] [ 15.368066] The buggy address belongs to the object at ffff8881029e8500 [ 15.368066] which belongs to the cache kmalloc-128 of size 128 [ 15.368598] The buggy address is located 0 bytes to the right of [ 15.368598] allocated 120-byte region [ffff8881029e8500, ffff8881029e8578) [ 15.369201] [ 15.369302] The buggy address belongs to the physical page: [ 15.369772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 15.370083] flags: 0x200000000000000(node=0|zone=2) [ 15.370247] page_type: f5(slab) [ 15.370370] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.371319] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.371748] page dumped because: kasan: bad access detected [ 15.372258] [ 15.372462] Memory state around the buggy address: [ 15.373060] ffff8881029e8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.374100] ffff8881029e8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.374418] >ffff8881029e8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.374757] ^ [ 15.375323] ffff8881029e8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.375764] ffff8881029e8600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.376245] ==================================================================