Date
July 22, 2025, 2:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.292521] ================================================================== [ 20.292792] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 20.292854] Write of size 8 at addr fff00000c6fc5678 by task kunit_try_catch/283 [ 20.292909] [ 20.292943] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.293026] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.293055] Hardware name: linux,dummy-virt (DT) [ 20.293357] Call trace: [ 20.293438] show_stack+0x20/0x38 (C) [ 20.293638] dump_stack_lvl+0x8c/0xd0 [ 20.293851] print_report+0x118/0x5d0 [ 20.294057] kasan_report+0xdc/0x128 [ 20.294169] kasan_check_range+0x100/0x1a8 [ 20.294395] __kasan_check_write+0x20/0x30 [ 20.294487] copy_to_kernel_nofault+0x8c/0x250 [ 20.294541] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 20.295005] kunit_try_run_case+0x170/0x3f0 [ 20.295065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.295130] kthread+0x328/0x630 [ 20.295561] ret_from_fork+0x10/0x20 [ 20.295970] [ 20.296082] Allocated by task 283: [ 20.296142] kasan_save_stack+0x3c/0x68 [ 20.296330] kasan_save_track+0x20/0x40 [ 20.296590] kasan_save_alloc_info+0x40/0x58 [ 20.296641] __kasan_kmalloc+0xd4/0xd8 [ 20.296867] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.297073] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.297126] kunit_try_run_case+0x170/0x3f0 [ 20.297180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.297226] kthread+0x328/0x630 [ 20.297262] ret_from_fork+0x10/0x20 [ 20.297313] [ 20.297354] The buggy address belongs to the object at fff00000c6fc5600 [ 20.297354] which belongs to the cache kmalloc-128 of size 128 [ 20.297442] The buggy address is located 0 bytes to the right of [ 20.297442] allocated 120-byte region [fff00000c6fc5600, fff00000c6fc5678) [ 20.297530] [ 20.297554] The buggy address belongs to the physical page: [ 20.297597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.297664] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.297723] page_type: f5(slab) [ 20.297764] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.297815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.297864] page dumped because: kasan: bad access detected [ 20.297898] [ 20.297935] Memory state around the buggy address: [ 20.297967] fff00000c6fc5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.298022] fff00000c6fc5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.298080] >fff00000c6fc5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.298146] ^ [ 20.298199] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.298243] fff00000c6fc5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.298633] ================================================================== [ 20.283450] ================================================================== [ 20.283528] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 20.283745] Read of size 8 at addr fff00000c6fc5678 by task kunit_try_catch/283 [ 20.284048] [ 20.284183] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.284357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.284391] Hardware name: linux,dummy-virt (DT) [ 20.284427] Call trace: [ 20.284454] show_stack+0x20/0x38 (C) [ 20.284875] dump_stack_lvl+0x8c/0xd0 [ 20.285002] print_report+0x118/0x5d0 [ 20.285096] kasan_report+0xdc/0x128 [ 20.285206] __asan_report_load8_noabort+0x20/0x30 [ 20.285270] copy_to_kernel_nofault+0x204/0x250 [ 20.285330] copy_to_kernel_nofault_oob+0x158/0x418 [ 20.285390] kunit_try_run_case+0x170/0x3f0 [ 20.285647] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.285939] kthread+0x328/0x630 [ 20.286036] ret_from_fork+0x10/0x20 [ 20.286096] [ 20.286319] Allocated by task 283: [ 20.286365] kasan_save_stack+0x3c/0x68 [ 20.286410] kasan_save_track+0x20/0x40 [ 20.286449] kasan_save_alloc_info+0x40/0x58 [ 20.286634] __kasan_kmalloc+0xd4/0xd8 [ 20.286688] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.287044] copy_to_kernel_nofault_oob+0xc8/0x418 [ 20.287184] kunit_try_run_case+0x170/0x3f0 [ 20.287365] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.287429] kthread+0x328/0x630 [ 20.287609] ret_from_fork+0x10/0x20 [ 20.287832] [ 20.287880] The buggy address belongs to the object at fff00000c6fc5600 [ 20.287880] which belongs to the cache kmalloc-128 of size 128 [ 20.288008] The buggy address is located 0 bytes to the right of [ 20.288008] allocated 120-byte region [fff00000c6fc5600, fff00000c6fc5678) [ 20.288136] [ 20.288180] The buggy address belongs to the physical page: [ 20.288311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.288397] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.288662] page_type: f5(slab) [ 20.288887] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.288966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.289104] page dumped because: kasan: bad access detected [ 20.289205] [ 20.289348] Memory state around the buggy address: [ 20.289411] fff00000c6fc5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.289663] fff00000c6fc5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.289724] >fff00000c6fc5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.289767] ^ [ 20.289823] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.290261] fff00000c6fc5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.290656] ==================================================================
[ 14.986576] ================================================================== [ 14.986906] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 14.987643] Write of size 8 at addr ffff8881028ba478 by task kunit_try_catch/301 [ 14.988166] [ 14.988379] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 14.988441] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.988453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.988475] Call Trace: [ 14.988488] <TASK> [ 14.988504] dump_stack_lvl+0x73/0xb0 [ 14.988532] print_report+0xd1/0x610 [ 14.988557] ? __virt_addr_valid+0x1db/0x2d0 [ 14.988580] ? copy_to_kernel_nofault+0x99/0x260 [ 14.988601] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.988626] ? copy_to_kernel_nofault+0x99/0x260 [ 14.988647] kasan_report+0x141/0x180 [ 14.988681] ? copy_to_kernel_nofault+0x99/0x260 [ 14.988707] kasan_check_range+0x10c/0x1c0 [ 14.988728] __kasan_check_write+0x18/0x20 [ 14.988749] copy_to_kernel_nofault+0x99/0x260 [ 14.988771] copy_to_kernel_nofault_oob+0x288/0x560 [ 14.988797] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.988821] ? finish_task_switch.isra.0+0x153/0x700 [ 14.988845] ? __schedule+0x10c6/0x2b60 [ 14.988868] ? trace_hardirqs_on+0x37/0xe0 [ 14.988901] ? __pfx_read_tsc+0x10/0x10 [ 14.988928] ? ktime_get_ts64+0x86/0x230 [ 14.988953] kunit_try_run_case+0x1a5/0x480 [ 14.988975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.988994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.989023] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.989048] ? __kthread_parkme+0x82/0x180 [ 14.989070] ? preempt_count_sub+0x50/0x80 [ 14.989095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.989116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.989141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.989165] kthread+0x337/0x6f0 [ 14.989183] ? trace_preempt_on+0x20/0xc0 [ 14.989206] ? __pfx_kthread+0x10/0x10 [ 14.989235] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.989258] ? calculate_sigpending+0x7b/0xa0 [ 14.989280] ? __pfx_kthread+0x10/0x10 [ 14.989299] ret_from_fork+0x41/0x80 [ 14.989320] ? __pfx_kthread+0x10/0x10 [ 14.989339] ret_from_fork_asm+0x1a/0x30 [ 14.989371] </TASK> [ 14.989383] [ 15.003121] Allocated by task 301: [ 15.003377] kasan_save_stack+0x45/0x70 [ 15.003526] kasan_save_track+0x18/0x40 [ 15.003955] kasan_save_alloc_info+0x3b/0x50 [ 15.004435] __kasan_kmalloc+0xb7/0xc0 [ 15.004691] __kmalloc_cache_noprof+0x189/0x420 [ 15.005146] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.005366] kunit_try_run_case+0x1a5/0x480 [ 15.005796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.006382] kthread+0x337/0x6f0 [ 15.006745] ret_from_fork+0x41/0x80 [ 15.006879] ret_from_fork_asm+0x1a/0x30 [ 15.007014] [ 15.007083] The buggy address belongs to the object at ffff8881028ba400 [ 15.007083] which belongs to the cache kmalloc-128 of size 128 [ 15.007579] The buggy address is located 0 bytes to the right of [ 15.007579] allocated 120-byte region [ffff8881028ba400, ffff8881028ba478) [ 15.008250] [ 15.008394] The buggy address belongs to the physical page: [ 15.008639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ba [ 15.008919] flags: 0x200000000000000(node=0|zone=2) [ 15.009217] page_type: f5(slab) [ 15.009533] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.009860] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.010446] page dumped because: kasan: bad access detected [ 15.011247] [ 15.011517] Memory state around the buggy address: [ 15.012088] ffff8881028ba300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.012400] ffff8881028ba380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.012878] >ffff8881028ba400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.013500] ^ [ 15.014127] ffff8881028ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.014567] ffff8881028ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.015087] ================================================================== [ 14.952395] ================================================================== [ 14.952891] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 14.953153] Read of size 8 at addr ffff8881028ba478 by task kunit_try_catch/301 [ 14.953395] [ 14.953492] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 14.953541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.953554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.953578] Call Trace: [ 14.953592] <TASK> [ 14.953610] dump_stack_lvl+0x73/0xb0 [ 14.953639] print_report+0xd1/0x610 [ 14.953666] ? __virt_addr_valid+0x1db/0x2d0 [ 14.953690] ? copy_to_kernel_nofault+0x225/0x260 [ 14.953711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.953734] ? copy_to_kernel_nofault+0x225/0x260 [ 14.953756] kasan_report+0x141/0x180 [ 14.953779] ? copy_to_kernel_nofault+0x225/0x260 [ 14.953805] __asan_report_load8_noabort+0x18/0x20 [ 14.953827] copy_to_kernel_nofault+0x225/0x260 [ 14.953850] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 14.953875] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.953899] ? finish_task_switch.isra.0+0x153/0x700 [ 14.953925] ? __schedule+0x10c6/0x2b60 [ 14.953949] ? trace_hardirqs_on+0x37/0xe0 [ 14.953982] ? __pfx_read_tsc+0x10/0x10 [ 14.954008] ? ktime_get_ts64+0x86/0x230 [ 14.954040] kunit_try_run_case+0x1a5/0x480 [ 14.954067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.954086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.954108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.954133] ? __kthread_parkme+0x82/0x180 [ 14.954157] ? preempt_count_sub+0x50/0x80 [ 14.954181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.954204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.954255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.954643] kthread+0x337/0x6f0 [ 14.954682] ? trace_preempt_on+0x20/0xc0 [ 14.954708] ? __pfx_kthread+0x10/0x10 [ 14.954727] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.954759] ? calculate_sigpending+0x7b/0xa0 [ 14.954783] ? __pfx_kthread+0x10/0x10 [ 14.954802] ret_from_fork+0x41/0x80 [ 14.954825] ? __pfx_kthread+0x10/0x10 [ 14.954843] ret_from_fork_asm+0x1a/0x30 [ 14.954876] </TASK> [ 14.954889] [ 14.970025] Allocated by task 301: [ 14.970162] kasan_save_stack+0x45/0x70 [ 14.970500] kasan_save_track+0x18/0x40 [ 14.970838] kasan_save_alloc_info+0x3b/0x50 [ 14.971203] __kasan_kmalloc+0xb7/0xc0 [ 14.971539] __kmalloc_cache_noprof+0x189/0x420 [ 14.972145] copy_to_kernel_nofault_oob+0x12f/0x560 [ 14.972637] kunit_try_run_case+0x1a5/0x480 [ 14.973055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.973663] kthread+0x337/0x6f0 [ 14.974012] ret_from_fork+0x41/0x80 [ 14.974369] ret_from_fork_asm+0x1a/0x30 [ 14.974752] [ 14.974953] The buggy address belongs to the object at ffff8881028ba400 [ 14.974953] which belongs to the cache kmalloc-128 of size 128 [ 14.976188] The buggy address is located 0 bytes to the right of [ 14.976188] allocated 120-byte region [ffff8881028ba400, ffff8881028ba478) [ 14.977495] [ 14.977664] The buggy address belongs to the physical page: [ 14.978268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ba [ 14.979048] flags: 0x200000000000000(node=0|zone=2) [ 14.979595] page_type: f5(slab) [ 14.979984] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.980952] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.981261] page dumped because: kasan: bad access detected [ 14.981528] [ 14.981712] Memory state around the buggy address: [ 14.982272] ffff8881028ba300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.982971] ffff8881028ba380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.983635] >ffff8881028ba400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.983858] ^ [ 14.984072] ffff8881028ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.984589] ffff8881028ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.985377] ==================================================================