Date
July 15, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.051113] ================================================================== [ 21.051189] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 21.051509] Read of size 8 at addr fff00000c59cb678 by task kunit_try_catch/283 [ 21.051641] [ 21.051737] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.051829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.051870] Hardware name: linux,dummy-virt (DT) [ 21.051906] Call trace: [ 21.051931] show_stack+0x20/0x38 (C) [ 21.051989] dump_stack_lvl+0x8c/0xd0 [ 21.052040] print_report+0x118/0x5d0 [ 21.052090] kasan_report+0xdc/0x128 [ 21.052138] __asan_report_load8_noabort+0x20/0x30 [ 21.052191] copy_to_kernel_nofault+0x204/0x250 [ 21.052260] copy_to_kernel_nofault_oob+0x158/0x418 [ 21.052311] kunit_try_run_case+0x170/0x3f0 [ 21.052361] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.052417] kthread+0x328/0x630 [ 21.052486] ret_from_fork+0x10/0x20 [ 21.052538] [ 21.052560] Allocated by task 283: [ 21.052588] kasan_save_stack+0x3c/0x68 [ 21.052640] kasan_save_track+0x20/0x40 [ 21.052678] kasan_save_alloc_info+0x40/0x58 [ 21.052720] __kasan_kmalloc+0xd4/0xd8 [ 21.052756] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.052799] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.052850] kunit_try_run_case+0x170/0x3f0 [ 21.052892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.052938] kthread+0x328/0x630 [ 21.052977] ret_from_fork+0x10/0x20 [ 21.053013] [ 21.053035] The buggy address belongs to the object at fff00000c59cb600 [ 21.053035] which belongs to the cache kmalloc-128 of size 128 [ 21.053098] The buggy address is located 0 bytes to the right of [ 21.053098] allocated 120-byte region [fff00000c59cb600, fff00000c59cb678) [ 21.053173] [ 21.053196] The buggy address belongs to the physical page: [ 21.053608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.053910] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.053968] page_type: f5(slab) [ 21.054314] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.054400] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.054591] page dumped because: kasan: bad access detected [ 21.054779] [ 21.055022] Memory state around the buggy address: [ 21.055083] fff00000c59cb500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.055250] fff00000c59cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.055433] >fff00000c59cb600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.055500] ^ [ 21.055874] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.056043] fff00000c59cb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.056133] ================================================================== [ 21.058712] ================================================================== [ 21.058816] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 21.058910] Write of size 8 at addr fff00000c59cb678 by task kunit_try_catch/283 [ 21.059104] [ 21.059142] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 21.059247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.059493] Hardware name: linux,dummy-virt (DT) [ 21.059547] Call trace: [ 21.059572] show_stack+0x20/0x38 (C) [ 21.059627] dump_stack_lvl+0x8c/0xd0 [ 21.059722] print_report+0x118/0x5d0 [ 21.059809] kasan_report+0xdc/0x128 [ 21.059858] kasan_check_range+0x100/0x1a8 [ 21.060344] __kasan_check_write+0x20/0x30 [ 21.060433] copy_to_kernel_nofault+0x8c/0x250 [ 21.060486] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 21.060539] kunit_try_run_case+0x170/0x3f0 [ 21.060687] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.060763] kthread+0x328/0x630 [ 21.060988] ret_from_fork+0x10/0x20 [ 21.061231] [ 21.061286] Allocated by task 283: [ 21.061540] kasan_save_stack+0x3c/0x68 [ 21.061610] kasan_save_track+0x20/0x40 [ 21.062034] kasan_save_alloc_info+0x40/0x58 [ 21.062358] __kasan_kmalloc+0xd4/0xd8 [ 21.062428] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.062496] copy_to_kernel_nofault_oob+0xc8/0x418 [ 21.062585] kunit_try_run_case+0x170/0x3f0 [ 21.062675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.063166] kthread+0x328/0x630 [ 21.063355] ret_from_fork+0x10/0x20 [ 21.063671] [ 21.063865] The buggy address belongs to the object at fff00000c59cb600 [ 21.063865] which belongs to the cache kmalloc-128 of size 128 [ 21.064198] The buggy address is located 0 bytes to the right of [ 21.064198] allocated 120-byte region [fff00000c59cb600, fff00000c59cb678) [ 21.064366] [ 21.064435] The buggy address belongs to the physical page: [ 21.064549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 21.064674] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.064820] page_type: f5(slab) [ 21.064910] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.065319] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.065445] page dumped because: kasan: bad access detected [ 21.065501] [ 21.065521] Memory state around the buggy address: [ 21.065558] fff00000c59cb500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.065895] fff00000c59cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.066068] >fff00000c59cb600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.066219] ^ [ 21.066269] fff00000c59cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.066615] fff00000c59cb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.067053] ==================================================================
[ 14.798060] ================================================================== [ 14.798632] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 14.799220] Write of size 8 at addr ffff888103a34478 by task kunit_try_catch/300 [ 14.799583] [ 14.799778] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 14.799826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.799839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.799859] Call Trace: [ 14.799874] <TASK> [ 14.799904] dump_stack_lvl+0x73/0xb0 [ 14.799929] print_report+0xd1/0x610 [ 14.799952] ? __virt_addr_valid+0x1db/0x2d0 [ 14.799974] ? copy_to_kernel_nofault+0x99/0x260 [ 14.799993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.800016] ? copy_to_kernel_nofault+0x99/0x260 [ 14.800207] kasan_report+0x141/0x180 [ 14.800232] ? copy_to_kernel_nofault+0x99/0x260 [ 14.800258] kasan_check_range+0x10c/0x1c0 [ 14.800279] __kasan_check_write+0x18/0x20 [ 14.800299] copy_to_kernel_nofault+0x99/0x260 [ 14.800321] copy_to_kernel_nofault_oob+0x288/0x560 [ 14.800345] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.800369] ? finish_task_switch.isra.0+0x153/0x700 [ 14.800392] ? __schedule+0x10cc/0x2b60 [ 14.800415] ? trace_hardirqs_on+0x37/0xe0 [ 14.800446] ? __pfx_read_tsc+0x10/0x10 [ 14.800465] ? ktime_get_ts64+0x86/0x230 [ 14.800490] kunit_try_run_case+0x1a5/0x480 [ 14.800512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.800532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.800556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.800581] ? __kthread_parkme+0x82/0x180 [ 14.800604] ? preempt_count_sub+0x50/0x80 [ 14.800627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.800649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.800672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.800696] kthread+0x337/0x6f0 [ 14.800713] ? trace_preempt_on+0x20/0xc0 [ 14.800735] ? __pfx_kthread+0x10/0x10 [ 14.800754] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.800776] ? calculate_sigpending+0x7b/0xa0 [ 14.800797] ? __pfx_kthread+0x10/0x10 [ 14.800816] ret_from_fork+0x41/0x80 [ 14.800837] ? __pfx_kthread+0x10/0x10 [ 14.800855] ret_from_fork_asm+0x1a/0x30 [ 14.800898] </TASK> [ 14.800910] [ 14.812183] Allocated by task 300: [ 14.812545] kasan_save_stack+0x45/0x70 [ 14.812945] kasan_save_track+0x18/0x40 [ 14.813254] kasan_save_alloc_info+0x3b/0x50 [ 14.813458] __kasan_kmalloc+0xb7/0xc0 [ 14.813630] __kmalloc_cache_noprof+0x189/0x420 [ 14.814123] copy_to_kernel_nofault_oob+0x12f/0x560 [ 14.814485] kunit_try_run_case+0x1a5/0x480 [ 14.814704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.815154] kthread+0x337/0x6f0 [ 14.815338] ret_from_fork+0x41/0x80 [ 14.815512] ret_from_fork_asm+0x1a/0x30 [ 14.815702] [ 14.815793] The buggy address belongs to the object at ffff888103a34400 [ 14.815793] which belongs to the cache kmalloc-128 of size 128 [ 14.816501] The buggy address is located 0 bytes to the right of [ 14.816501] allocated 120-byte region [ffff888103a34400, ffff888103a34478) [ 14.817181] [ 14.817400] The buggy address belongs to the physical page: [ 14.817740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a34 [ 14.818238] flags: 0x200000000000000(node=0|zone=2) [ 14.818412] page_type: f5(slab) [ 14.818615] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.819253] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.819556] page dumped because: kasan: bad access detected [ 14.819837] [ 14.820128] Memory state around the buggy address: [ 14.820427] ffff888103a34300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.820823] ffff888103a34380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.821308] >ffff888103a34400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.821621] ^ [ 14.822063] ffff888103a34480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.822452] ffff888103a34500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.822875] ================================================================== [ 14.771137] ================================================================== [ 14.771897] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 14.772200] Read of size 8 at addr ffff888103a34478 by task kunit_try_catch/300 [ 14.772490] [ 14.772581] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 14.772629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.772641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.772662] Call Trace: [ 14.772675] <TASK> [ 14.773005] dump_stack_lvl+0x73/0xb0 [ 14.773041] print_report+0xd1/0x610 [ 14.773082] ? __virt_addr_valid+0x1db/0x2d0 [ 14.773105] ? copy_to_kernel_nofault+0x225/0x260 [ 14.773284] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.773313] ? copy_to_kernel_nofault+0x225/0x260 [ 14.773335] kasan_report+0x141/0x180 [ 14.773358] ? copy_to_kernel_nofault+0x225/0x260 [ 14.773384] __asan_report_load8_noabort+0x18/0x20 [ 14.773406] copy_to_kernel_nofault+0x225/0x260 [ 14.773428] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 14.773453] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.773477] ? finish_task_switch.isra.0+0x153/0x700 [ 14.773503] ? __schedule+0x10cc/0x2b60 [ 14.773526] ? trace_hardirqs_on+0x37/0xe0 [ 14.773558] ? __pfx_read_tsc+0x10/0x10 [ 14.773579] ? ktime_get_ts64+0x86/0x230 [ 14.773605] kunit_try_run_case+0x1a5/0x480 [ 14.773626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.773646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.773671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.773695] ? __kthread_parkme+0x82/0x180 [ 14.773718] ? preempt_count_sub+0x50/0x80 [ 14.773742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.773764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.773787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.773811] kthread+0x337/0x6f0 [ 14.773828] ? trace_preempt_on+0x20/0xc0 [ 14.773851] ? __pfx_kthread+0x10/0x10 [ 14.773870] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.773902] ? calculate_sigpending+0x7b/0xa0 [ 14.773923] ? __pfx_kthread+0x10/0x10 [ 14.773942] ret_from_fork+0x41/0x80 [ 14.773963] ? __pfx_kthread+0x10/0x10 [ 14.773982] ret_from_fork_asm+0x1a/0x30 [ 14.774014] </TASK> [ 14.774027] [ 14.786073] Allocated by task 300: [ 14.786247] kasan_save_stack+0x45/0x70 [ 14.786461] kasan_save_track+0x18/0x40 [ 14.786648] kasan_save_alloc_info+0x3b/0x50 [ 14.787211] __kasan_kmalloc+0xb7/0xc0 [ 14.787395] __kmalloc_cache_noprof+0x189/0x420 [ 14.787765] copy_to_kernel_nofault_oob+0x12f/0x560 [ 14.787961] kunit_try_run_case+0x1a5/0x480 [ 14.788168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.788455] kthread+0x337/0x6f0 [ 14.788929] ret_from_fork+0x41/0x80 [ 14.789102] ret_from_fork_asm+0x1a/0x30 [ 14.789444] [ 14.789543] The buggy address belongs to the object at ffff888103a34400 [ 14.789543] which belongs to the cache kmalloc-128 of size 128 [ 14.790385] The buggy address is located 0 bytes to the right of [ 14.790385] allocated 120-byte region [ffff888103a34400, ffff888103a34478) [ 14.790897] [ 14.790999] The buggy address belongs to the physical page: [ 14.791239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a34 [ 14.791593] flags: 0x200000000000000(node=0|zone=2) [ 14.792227] page_type: f5(slab) [ 14.792409] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.792987] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.793620] page dumped because: kasan: bad access detected [ 14.794112] [ 14.794202] Memory state around the buggy address: [ 14.794656] ffff888103a34300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.795184] ffff888103a34380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.795635] >ffff888103a34400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.795985] ^ [ 14.796420] ffff888103a34480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.796698] ffff888103a34500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.797331] ==================================================================