Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 43.371900] ================================================================== [ 43.373156] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 43.374003] Read of size 8 at addr fff00000c65cbf78 by task kunit_try_catch/270 [ 43.375129] [ 43.375514] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.376428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.377015] Hardware name: linux,dummy-virt (DT) [ 43.378281] Call trace: [ 43.378964] show_stack+0x20/0x38 (C) [ 43.380002] dump_stack_lvl+0x8c/0xd0 [ 43.380627] print_report+0x118/0x5e0 [ 43.381635] kasan_report+0xc8/0x118 [ 43.382145] __asan_report_load8_noabort+0x20/0x30 [ 43.383231] copy_to_kernel_nofault+0x204/0x250 [ 43.384011] copy_to_kernel_nofault_oob+0x158/0x418 [ 43.384765] kunit_try_run_case+0x14c/0x3d0 [ 43.385341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.386030] kthread+0x24c/0x2d0 [ 43.387048] ret_from_fork+0x10/0x20 [ 43.387542] [ 43.387902] Allocated by task 270: [ 43.388406] kasan_save_stack+0x3c/0x68 [ 43.388946] kasan_save_track+0x20/0x40 [ 43.390637] kasan_save_alloc_info+0x40/0x58 [ 43.391205] __kasan_kmalloc+0xd4/0xd8 [ 43.391790] __kmalloc_cache_noprof+0x15c/0x3c8 [ 43.392326] copy_to_kernel_nofault_oob+0xc8/0x418 [ 43.393004] kunit_try_run_case+0x14c/0x3d0 [ 43.394195] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.394880] kthread+0x24c/0x2d0 [ 43.395469] ret_from_fork+0x10/0x20 [ 43.395998] [ 43.396383] The buggy address belongs to the object at fff00000c65cbf00 [ 43.396383] which belongs to the cache kmalloc-128 of size 128 [ 43.397782] The buggy address is located 0 bytes to the right of [ 43.397782] allocated 120-byte region [fff00000c65cbf00, fff00000c65cbf78) [ 43.399385] [ 43.399737] The buggy address belongs to the physical page: [ 43.400437] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065cb [ 43.402306] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.402707] page_type: f5(slab) [ 43.402941] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.403310] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.404025] page dumped because: kasan: bad access detected [ 43.404604] [ 43.404836] Memory state around the buggy address: [ 43.407522] fff00000c65cbe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 43.408461] fff00000c65cbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.409123] >fff00000c65cbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.410395] ^ [ 43.411204] fff00000c65cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.412185] fff00000c65cc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.413174] ================================================================== [ 43.416815] ================================================================== [ 43.417593] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 43.418632] Write of size 8 at addr fff00000c65cbf78 by task kunit_try_catch/270 [ 43.419948] [ 43.420411] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.421633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.422184] Hardware name: linux,dummy-virt (DT) [ 43.422796] Call trace: [ 43.423197] show_stack+0x20/0x38 (C) [ 43.424138] dump_stack_lvl+0x8c/0xd0 [ 43.424719] print_report+0x118/0x5e0 [ 43.425372] kasan_report+0xc8/0x118 [ 43.425993] kasan_check_range+0x100/0x1a8 [ 43.426681] __kasan_check_write+0x20/0x30 [ 43.427395] copy_to_kernel_nofault+0x8c/0x250 [ 43.428053] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 43.428630] kunit_try_run_case+0x14c/0x3d0 [ 43.429398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.430227] kthread+0x24c/0x2d0 [ 43.430849] ret_from_fork+0x10/0x20 [ 43.431469] [ 43.431848] Allocated by task 270: [ 43.432342] kasan_save_stack+0x3c/0x68 [ 43.432793] kasan_save_track+0x20/0x40 [ 43.433199] kasan_save_alloc_info+0x40/0x58 [ 43.433909] __kasan_kmalloc+0xd4/0xd8 [ 43.434562] __kmalloc_cache_noprof+0x15c/0x3c8 [ 43.435393] copy_to_kernel_nofault_oob+0xc8/0x418 [ 43.436122] kunit_try_run_case+0x14c/0x3d0 [ 43.436849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.437581] kthread+0x24c/0x2d0 [ 43.438130] ret_from_fork+0x10/0x20 [ 43.438667] [ 43.439055] The buggy address belongs to the object at fff00000c65cbf00 [ 43.439055] which belongs to the cache kmalloc-128 of size 128 [ 43.440335] The buggy address is located 0 bytes to the right of [ 43.440335] allocated 120-byte region [fff00000c65cbf00, fff00000c65cbf78) [ 43.441670] [ 43.442020] The buggy address belongs to the physical page: [ 43.442780] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065cb [ 43.443792] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.444693] page_type: f5(slab) [ 43.445379] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.446214] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.447210] page dumped because: kasan: bad access detected [ 43.447861] [ 43.448213] Memory state around the buggy address: [ 43.448798] fff00000c65cbe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 43.449706] fff00000c65cbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.450605] >fff00000c65cbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.451228] ^ [ 43.452124] fff00000c65cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.453051] fff00000c65cc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.453960] ==================================================================
[ 35.715386] ================================================================== [ 35.716352] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 35.717276] Write of size 8 at addr ffff888101adc478 by task kunit_try_catch/288 [ 35.718298] [ 35.718794] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 35.720442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.720915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.721769] Call Trace: [ 35.722184] <TASK> [ 35.722514] dump_stack_lvl+0x73/0xb0 [ 35.723049] print_report+0xd1/0x640 [ 35.723696] ? __virt_addr_valid+0x1db/0x2d0 [ 35.724187] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.725016] kasan_report+0x102/0x140 [ 35.725576] ? copy_to_kernel_nofault+0x99/0x260 [ 35.726339] ? copy_to_kernel_nofault+0x99/0x260 [ 35.727002] kasan_check_range+0x10c/0x1c0 [ 35.727626] __kasan_check_write+0x18/0x20 [ 35.728451] copy_to_kernel_nofault+0x99/0x260 [ 35.729362] copy_to_kernel_nofault_oob+0x214/0x4e0 [ 35.730083] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 35.731418] ? finish_task_switch.isra.0+0x153/0x700 [ 35.732476] ? __schedule+0xc3e/0x2790 [ 35.732907] ? trace_hardirqs_on+0x37/0xe0 [ 35.733333] ? __pfx_read_tsc+0x10/0x10 [ 35.734219] ? ktime_get_ts64+0x84/0x230 [ 35.735065] kunit_try_run_case+0x1b3/0x490 [ 35.735656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.736901] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.737396] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.738553] ? __kthread_parkme+0x82/0x160 [ 35.739122] ? preempt_count_sub+0x50/0x80 [ 35.739587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.740614] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.741360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.742134] kthread+0x257/0x310 [ 35.742558] ? __pfx_kthread+0x10/0x10 [ 35.743485] ret_from_fork+0x41/0x80 [ 35.744187] ? __pfx_kthread+0x10/0x10 [ 35.744824] ret_from_fork_asm+0x1a/0x30 [ 35.745280] </TASK> [ 35.745521] [ 35.745762] Allocated by task 288: [ 35.746019] kasan_save_stack+0x3d/0x60 [ 35.746462] kasan_save_track+0x18/0x40 [ 35.747460] kasan_save_alloc_info+0x3b/0x50 [ 35.747837] __kasan_kmalloc+0xb7/0xc0 [ 35.748896] __kmalloc_cache_noprof+0x184/0x410 [ 35.749274] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 35.750427] kunit_try_run_case+0x1b3/0x490 [ 35.750668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.751507] kthread+0x257/0x310 [ 35.751951] ret_from_fork+0x41/0x80 [ 35.752325] ret_from_fork_asm+0x1a/0x30 [ 35.752833] [ 35.752993] The buggy address belongs to the object at ffff888101adc400 [ 35.752993] which belongs to the cache kmalloc-128 of size 128 [ 35.754600] The buggy address is located 0 bytes to the right of [ 35.754600] allocated 120-byte region [ffff888101adc400, ffff888101adc478) [ 35.756396] [ 35.756552] The buggy address belongs to the physical page: [ 35.757463] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 35.758389] flags: 0x200000000000000(node=0|zone=2) [ 35.759158] page_type: f5(slab) [ 35.759803] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.760583] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 35.761606] page dumped because: kasan: bad access detected [ 35.762097] [ 35.762408] Memory state around the buggy address: [ 35.762932] ffff888101adc300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.763890] ffff888101adc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.764679] >ffff888101adc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.765468] ^ [ 35.766014] ffff888101adc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.766613] ffff888101adc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.767847] ================================================================== [ 35.652556] ================================================================== [ 35.655008] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 35.655809] Read of size 8 at addr ffff888101adc478 by task kunit_try_catch/288 [ 35.657211] [ 35.657594] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 35.659013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.659590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.660759] Call Trace: [ 35.661418] <TASK> [ 35.661668] dump_stack_lvl+0x73/0xb0 [ 35.662078] print_report+0xd1/0x640 [ 35.663301] ? __virt_addr_valid+0x1db/0x2d0 [ 35.664060] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.664845] kasan_report+0x102/0x140 [ 35.665636] ? copy_to_kernel_nofault+0x225/0x260 [ 35.666362] ? copy_to_kernel_nofault+0x225/0x260 [ 35.667409] __asan_report_load8_noabort+0x18/0x20 [ 35.668644] copy_to_kernel_nofault+0x225/0x260 [ 35.669105] copy_to_kernel_nofault_oob+0x179/0x4e0 [ 35.670122] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 35.670947] ? finish_task_switch.isra.0+0x153/0x700 [ 35.671663] ? __schedule+0xc3e/0x2790 [ 35.672408] ? trace_hardirqs_on+0x37/0xe0 [ 35.673040] ? __pfx_read_tsc+0x10/0x10 [ 35.673418] ? ktime_get_ts64+0x84/0x230 [ 35.674431] kunit_try_run_case+0x1b3/0x490 [ 35.675061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.675902] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.676628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.677695] ? __kthread_parkme+0x82/0x160 [ 35.678153] ? preempt_count_sub+0x50/0x80 [ 35.678435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.680983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.681352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.681673] kthread+0x257/0x310 [ 35.682556] ? __pfx_kthread+0x10/0x10 [ 35.683271] ret_from_fork+0x41/0x80 [ 35.684054] ? __pfx_kthread+0x10/0x10 [ 35.684848] ret_from_fork_asm+0x1a/0x30 [ 35.685798] </TASK> [ 35.686285] [ 35.686552] Allocated by task 288: [ 35.687375] kasan_save_stack+0x3d/0x60 [ 35.688004] kasan_save_track+0x18/0x40 [ 35.688632] kasan_save_alloc_info+0x3b/0x50 [ 35.689814] __kasan_kmalloc+0xb7/0xc0 [ 35.690081] __kmalloc_cache_noprof+0x184/0x410 [ 35.690975] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 35.691372] kunit_try_run_case+0x1b3/0x490 [ 35.691789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.692802] kthread+0x257/0x310 [ 35.693439] ret_from_fork+0x41/0x80 [ 35.694008] ret_from_fork_asm+0x1a/0x30 [ 35.694600] [ 35.695062] The buggy address belongs to the object at ffff888101adc400 [ 35.695062] which belongs to the cache kmalloc-128 of size 128 [ 35.696050] The buggy address is located 0 bytes to the right of [ 35.696050] allocated 120-byte region [ffff888101adc400, ffff888101adc478) [ 35.696741] [ 35.696895] The buggy address belongs to the physical page: [ 35.698034] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 35.700480] flags: 0x200000000000000(node=0|zone=2) [ 35.701128] page_type: f5(slab) [ 35.701561] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.702862] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 35.703904] page dumped because: kasan: bad access detected [ 35.704516] [ 35.704920] Memory state around the buggy address: [ 35.705570] ffff888101adc300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.706960] ffff888101adc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.708454] >ffff888101adc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.709592] ^ [ 35.710981] ffff888101adc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.711813] ffff888101adc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.712861] ==================================================================