Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 32.659303] ================================================================== [ 32.660130] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x33/0xa0 [ 32.660130] Write of size 121 at addr ffff8881028f6c00 by task kunit_try_catch/294 [ 32.660130] [ 32.660130] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.660130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.660130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.660130] Call Trace: [ 32.660130] <TASK> [ 32.660130] dump_stack_lvl+0x73/0xb0 [ 32.660130] print_report+0xd1/0x640 [ 32.660130] ? __virt_addr_valid+0x1db/0x2d0 [ 32.660130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.660130] kasan_report+0x102/0x140 [ 32.660130] ? _copy_from_user+0x33/0xa0 [ 32.660130] ? _copy_from_user+0x33/0xa0 [ 32.660130] kasan_check_range+0x10c/0x1c0 [ 32.660130] __kasan_check_write+0x18/0x20 [ 32.660130] _copy_from_user+0x33/0xa0 [ 32.660130] copy_user_test_oob+0x2bf/0x10f0 [ 32.660130] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.660130] ? __switch_to+0x5d9/0xf60 [ 32.660130] ? __schedule+0xc3e/0x2790 [ 32.660130] ? ktime_get_ts64+0x84/0x230 [ 32.660130] kunit_try_run_case+0x1b3/0x490 [ 32.660130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.660130] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.660130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.660130] ? __kthread_parkme+0x82/0x160 [ 32.660130] ? preempt_count_sub+0x50/0x80 [ 32.660130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.660130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.660130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.660130] kthread+0x257/0x310 [ 32.660130] ? __pfx_kthread+0x10/0x10 [ 32.660130] ret_from_fork+0x41/0x80 [ 32.660130] ? __pfx_kthread+0x10/0x10 [ 32.660130] ret_from_fork_asm+0x1a/0x30 [ 32.660130] </TASK> [ 32.660130] [ 32.660130] Allocated by task 294: [ 32.660130] kasan_save_stack+0x3d/0x60 [ 32.660130] kasan_save_track+0x18/0x40 [ 32.660130] kasan_save_alloc_info+0x3b/0x50 [ 32.660130] __kasan_kmalloc+0xb7/0xc0 [ 32.660130] __kmalloc_noprof+0x1c4/0x500 [ 32.660130] kunit_kmalloc_array+0x25/0x60 [ 32.660130] copy_user_test_oob+0xac/0x10f0 [ 32.660130] kunit_try_run_case+0x1b3/0x490 [ 32.660130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.660130] kthread+0x257/0x310 [ 32.660130] ret_from_fork+0x41/0x80 [ 32.660130] ret_from_fork_asm+0x1a/0x30 [ 32.660130] [ 32.660130] The buggy address belongs to the object at ffff8881028f6c00 [ 32.660130] which belongs to the cache kmalloc-128 of size 128 [ 32.660130] The buggy address is located 0 bytes inside of [ 32.660130] allocated 120-byte region [ffff8881028f6c00, ffff8881028f6c78) [ 32.660130] [ 32.660130] The buggy address belongs to the physical page: [ 32.660130] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f6 [ 32.660130] flags: 0x200000000000000(node=0|zone=2) [ 32.660130] page_type: f5(slab) [ 32.660130] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.660130] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.660130] page dumped because: kasan: bad access detected [ 32.660130] [ 32.660130] Memory state around the buggy address: [ 32.660130] ffff8881028f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.660130] ffff8881028f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.660130] >ffff8881028f6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.660130] ^ [ 32.660130] ffff8881028f6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.660130] ffff8881028f6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.660130] ==================================================================
[ 27.380322] ================================================================== [ 27.381534] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x33/0xa0 [ 27.382424] Write of size 121 at addr ffff8881028cc000 by task kunit_try_catch/292 [ 27.383020] [ 27.383222] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.384248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.384589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.385402] Call Trace: [ 27.385795] <TASK> [ 27.386121] dump_stack_lvl+0x73/0xb0 [ 27.386904] print_report+0xd1/0x640 [ 27.387372] ? __virt_addr_valid+0x1db/0x2d0 [ 27.387999] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.388531] kasan_report+0x102/0x140 [ 27.388979] ? _copy_from_user+0x33/0xa0 [ 27.389640] ? _copy_from_user+0x33/0xa0 [ 27.390346] kasan_check_range+0x10c/0x1c0 [ 27.390690] __kasan_check_write+0x18/0x20 [ 27.391411] _copy_from_user+0x33/0xa0 [ 27.391972] copy_user_test_oob+0x2bf/0x10f0 [ 27.392520] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.392957] ? finish_task_switch.isra.0+0x153/0x700 [ 27.393302] ? __switch_to+0x5d9/0xf60 [ 27.393780] ? __schedule+0xc3e/0x2790 [ 27.394236] ? __pfx_read_tsc+0x10/0x10 [ 27.394722] ? ktime_get_ts64+0x84/0x230 [ 27.395104] kunit_try_run_case+0x1b3/0x490 [ 27.395670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.396070] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.396547] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.397161] ? __kthread_parkme+0x82/0x160 [ 27.397726] ? preempt_count_sub+0x50/0x80 [ 27.398176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.398531] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.399206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.399851] kthread+0x257/0x310 [ 27.400276] ? __pfx_kthread+0x10/0x10 [ 27.400794] ret_from_fork+0x41/0x80 [ 27.401241] ? __pfx_kthread+0x10/0x10 [ 27.401765] ret_from_fork_asm+0x1a/0x30 [ 27.402292] </TASK> [ 27.402666] [ 27.402915] Allocated by task 292: [ 27.403234] kasan_save_stack+0x3d/0x60 [ 27.403550] kasan_save_track+0x18/0x40 [ 27.404057] kasan_save_alloc_info+0x3b/0x50 [ 27.404563] __kasan_kmalloc+0xb7/0xc0 [ 27.405071] __kmalloc_noprof+0x1c4/0x500 [ 27.405646] kunit_kmalloc_array+0x25/0x60 [ 27.406139] copy_user_test_oob+0xac/0x10f0 [ 27.406699] kunit_try_run_case+0x1b3/0x490 [ 27.407182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.407819] kthread+0x257/0x310 [ 27.408236] ret_from_fork+0x41/0x80 [ 27.408667] ret_from_fork_asm+0x1a/0x30 [ 27.409129] [ 27.409359] The buggy address belongs to the object at ffff8881028cc000 [ 27.409359] which belongs to the cache kmalloc-128 of size 128 [ 27.410460] The buggy address is located 0 bytes inside of [ 27.410460] allocated 120-byte region [ffff8881028cc000, ffff8881028cc078) [ 27.411668] [ 27.411931] The buggy address belongs to the physical page: [ 27.412306] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc [ 27.413054] flags: 0x200000000000000(node=0|zone=2) [ 27.413653] page_type: f5(slab) [ 27.414073] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.414868] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.415597] page dumped because: kasan: bad access detected [ 27.416366] [ 27.416713] Memory state around the buggy address: [ 27.417158] ffff8881028cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.418566] ffff8881028cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.419568] >ffff8881028cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.420202] ^ [ 27.421434] ffff8881028cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.422113] ffff8881028cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.423084] ==================================================================