Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 38.101697] ================================================================== [ 38.103164] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 38.103994] Read of size 8 at addr fff00000c596c878 by task kunit_try_catch/270 [ 38.104847] [ 38.106099] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.107618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.108165] Hardware name: linux,dummy-virt (DT) [ 38.109371] Call trace: [ 38.109882] show_stack+0x20/0x38 (C) [ 38.110565] dump_stack_lvl+0x8c/0xd0 [ 38.111243] print_report+0x118/0x5e0 [ 38.111777] kasan_report+0xc8/0x118 [ 38.112716] __asan_report_load8_noabort+0x20/0x30 [ 38.113615] copy_to_kernel_nofault+0x204/0x250 [ 38.114235] copy_to_kernel_nofault_oob+0x158/0x418 [ 38.114578] kunit_try_run_case+0x14c/0x3d0 [ 38.114873] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.115228] kthread+0x24c/0x2d0 [ 38.115526] ret_from_fork+0x10/0x20 [ 38.115802] [ 38.116083] Allocated by task 270: [ 38.117331] kasan_save_stack+0x3c/0x68 [ 38.118330] kasan_save_track+0x20/0x40 [ 38.119003] kasan_save_alloc_info+0x40/0x58 [ 38.119475] __kasan_kmalloc+0xd4/0xd8 [ 38.119932] __kmalloc_cache_noprof+0x15c/0x3c8 [ 38.120566] copy_to_kernel_nofault_oob+0xc8/0x418 [ 38.121329] kunit_try_run_case+0x14c/0x3d0 [ 38.122547] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.123231] kthread+0x24c/0x2d0 [ 38.123795] ret_from_fork+0x10/0x20 [ 38.124359] [ 38.124978] The buggy address belongs to the object at fff00000c596c800 [ 38.124978] which belongs to the cache kmalloc-128 of size 128 [ 38.126221] The buggy address is located 0 bytes to the right of [ 38.126221] allocated 120-byte region [fff00000c596c800, fff00000c596c878) [ 38.128211] [ 38.128842] The buggy address belongs to the physical page: [ 38.129620] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.130629] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.131397] page_type: f5(slab) [ 38.131917] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.132983] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.134106] page dumped because: kasan: bad access detected [ 38.134771] [ 38.135540] Memory state around the buggy address: [ 38.136142] fff00000c596c700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 38.137001] fff00000c596c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.138287] >fff00000c596c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.139049] ^ [ 38.139845] fff00000c596c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.140943] fff00000c596c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.141865] ================================================================== [ 38.144723] ================================================================== [ 38.145622] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 38.146635] Write of size 8 at addr fff00000c596c878 by task kunit_try_catch/270 [ 38.147422] [ 38.147790] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.148819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.149439] Hardware name: linux,dummy-virt (DT) [ 38.150695] Call trace: [ 38.151292] show_stack+0x20/0x38 (C) [ 38.151846] dump_stack_lvl+0x8c/0xd0 [ 38.152737] print_report+0x118/0x5e0 [ 38.153564] kasan_report+0xc8/0x118 [ 38.154152] kasan_check_range+0x100/0x1a8 [ 38.154824] __kasan_check_write+0x20/0x30 [ 38.155429] copy_to_kernel_nofault+0x8c/0x250 [ 38.156114] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 38.157484] kunit_try_run_case+0x14c/0x3d0 [ 38.158048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.158778] kthread+0x24c/0x2d0 [ 38.159329] ret_from_fork+0x10/0x20 [ 38.159897] [ 38.160287] Allocated by task 270: [ 38.160828] kasan_save_stack+0x3c/0x68 [ 38.161438] kasan_save_track+0x20/0x40 [ 38.162424] kasan_save_alloc_info+0x40/0x58 [ 38.163116] __kasan_kmalloc+0xd4/0xd8 [ 38.163658] __kmalloc_cache_noprof+0x15c/0x3c8 [ 38.165062] copy_to_kernel_nofault_oob+0xc8/0x418 [ 38.165785] kunit_try_run_case+0x14c/0x3d0 [ 38.166412] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.167292] kthread+0x24c/0x2d0 [ 38.167769] ret_from_fork+0x10/0x20 [ 38.168569] [ 38.168947] The buggy address belongs to the object at fff00000c596c800 [ 38.168947] which belongs to the cache kmalloc-128 of size 128 [ 38.170499] The buggy address is located 0 bytes to the right of [ 38.170499] allocated 120-byte region [fff00000c596c800, fff00000c596c878) [ 38.171746] [ 38.172234] The buggy address belongs to the physical page: [ 38.173850] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.174697] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.175470] page_type: f5(slab) [ 38.176049] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.177270] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.178093] page dumped because: kasan: bad access detected [ 38.178713] [ 38.179195] Memory state around the buggy address: [ 38.179764] fff00000c596c700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 38.180941] fff00000c596c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.181952] >fff00000c596c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.182776] ^ [ 38.183553] fff00000c596c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.184367] fff00000c596c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.185157] ==================================================================
[ 38.208399] ================================================================== [ 38.209788] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 38.210617] Read of size 8 at addr fff00000c5efa578 by task kunit_try_catch/270 [ 38.211387] [ 38.211853] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.213038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.213552] Hardware name: linux,dummy-virt (DT) [ 38.214507] Call trace: [ 38.215052] show_stack+0x20/0x38 (C) [ 38.216149] dump_stack_lvl+0x8c/0xd0 [ 38.216845] print_report+0x118/0x5e0 [ 38.217787] kasan_report+0xc8/0x118 [ 38.218628] __asan_report_load8_noabort+0x20/0x30 [ 38.219347] copy_to_kernel_nofault+0x204/0x250 [ 38.220172] copy_to_kernel_nofault_oob+0x158/0x418 [ 38.220926] kunit_try_run_case+0x14c/0x3d0 [ 38.221569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.222358] kthread+0x24c/0x2d0 [ 38.222890] ret_from_fork+0x10/0x20 [ 38.223505] [ 38.223860] Allocated by task 270: [ 38.224435] kasan_save_stack+0x3c/0x68 [ 38.225007] kasan_save_track+0x20/0x40 [ 38.225941] kasan_save_alloc_info+0x40/0x58 [ 38.226515] __kasan_kmalloc+0xd4/0xd8 [ 38.227343] __kmalloc_cache_noprof+0x15c/0x3c8 [ 38.228114] copy_to_kernel_nofault_oob+0xc8/0x418 [ 38.228909] kunit_try_run_case+0x14c/0x3d0 [ 38.229569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.230699] kthread+0x24c/0x2d0 [ 38.231261] ret_from_fork+0x10/0x20 [ 38.231850] [ 38.232225] The buggy address belongs to the object at fff00000c5efa500 [ 38.232225] which belongs to the cache kmalloc-128 of size 128 [ 38.233596] The buggy address is located 0 bytes to the right of [ 38.233596] allocated 120-byte region [fff00000c5efa500, fff00000c5efa578) [ 38.235665] [ 38.236050] The buggy address belongs to the physical page: [ 38.236720] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105efa [ 38.237577] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.238657] page_type: f5(slab) [ 38.239168] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.240049] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.241040] page dumped because: kasan: bad access detected [ 38.241996] [ 38.242401] Memory state around the buggy address: [ 38.242990] fff00000c5efa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 38.243861] fff00000c5efa480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.244653] >fff00000c5efa500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.245598] ^ [ 38.246615] fff00000c5efa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.247814] fff00000c5efa600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.248675] ================================================================== [ 38.250511] ================================================================== [ 38.251301] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 38.252250] Write of size 8 at addr fff00000c5efa578 by task kunit_try_catch/270 [ 38.254585] [ 38.255586] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.257470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.258402] Hardware name: linux,dummy-virt (DT) [ 38.258929] Call trace: [ 38.259319] show_stack+0x20/0x38 (C) [ 38.260426] dump_stack_lvl+0x8c/0xd0 [ 38.261123] print_report+0x118/0x5e0 [ 38.262118] kasan_report+0xc8/0x118 [ 38.262841] kasan_check_range+0x100/0x1a8 [ 38.263653] __kasan_check_write+0x20/0x30 [ 38.264461] copy_to_kernel_nofault+0x8c/0x250 [ 38.265150] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 38.266149] kunit_try_run_case+0x14c/0x3d0 [ 38.266712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.267357] kthread+0x24c/0x2d0 [ 38.267886] ret_from_fork+0x10/0x20 [ 38.268569] [ 38.268956] Allocated by task 270: [ 38.269617] kasan_save_stack+0x3c/0x68 [ 38.270287] kasan_save_track+0x20/0x40 [ 38.271028] kasan_save_alloc_info+0x40/0x58 [ 38.271689] __kasan_kmalloc+0xd4/0xd8 [ 38.272350] __kmalloc_cache_noprof+0x15c/0x3c8 [ 38.273106] copy_to_kernel_nofault_oob+0xc8/0x418 [ 38.273724] kunit_try_run_case+0x14c/0x3d0 [ 38.274448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.275303] kthread+0x24c/0x2d0 [ 38.275958] ret_from_fork+0x10/0x20 [ 38.276630] [ 38.277014] The buggy address belongs to the object at fff00000c5efa500 [ 38.277014] which belongs to the cache kmalloc-128 of size 128 [ 38.278563] The buggy address is located 0 bytes to the right of [ 38.278563] allocated 120-byte region [fff00000c5efa500, fff00000c5efa578) [ 38.279927] [ 38.280323] The buggy address belongs to the physical page: [ 38.280946] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105efa [ 38.281987] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.282900] page_type: f5(slab) [ 38.283356] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.284512] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.285342] page dumped because: kasan: bad access detected [ 38.286096] [ 38.286513] Memory state around the buggy address: [ 38.287119] fff00000c5efa400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.288070] fff00000c5efa480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.288774] >fff00000c5efa500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.289773] ^ [ 38.290689] fff00000c5efa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.291661] fff00000c5efa600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.292594] ==================================================================
[ 32.552991] ================================================================== [ 32.553258] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 32.553258] Read of size 8 at addr ffff88810294dd78 by task kunit_try_catch/290 [ 32.553258] [ 32.553258] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.553258] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.553258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.553258] Call Trace: [ 32.553258] <TASK> [ 32.553258] dump_stack_lvl+0x73/0xb0 [ 32.553258] print_report+0xd1/0x640 [ 32.553258] ? __virt_addr_valid+0x1db/0x2d0 [ 32.553258] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.553258] kasan_report+0x102/0x140 [ 32.553258] ? copy_to_kernel_nofault+0x225/0x260 [ 32.553258] ? copy_to_kernel_nofault+0x225/0x260 [ 32.553258] __asan_report_load8_noabort+0x18/0x20 [ 32.553258] copy_to_kernel_nofault+0x225/0x260 [ 32.553258] copy_to_kernel_nofault_oob+0x179/0x4e0 [ 32.553258] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 32.553258] ? trace_hardirqs_on+0x37/0xe0 [ 32.553258] ? read_hpet+0x1f0/0x230 [ 32.553258] ? __pfx_read_hpet+0x10/0x10 [ 32.553258] ? ktime_get_ts64+0x84/0x230 [ 32.553258] kunit_try_run_case+0x1b3/0x490 [ 32.553258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.553258] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.553258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.553258] ? __kthread_parkme+0x82/0x160 [ 32.553258] ? preempt_count_sub+0x50/0x80 [ 32.553258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.553258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.553258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.553258] kthread+0x257/0x310 [ 32.553258] ? __pfx_kthread+0x10/0x10 [ 32.553258] ret_from_fork+0x41/0x80 [ 32.553258] ? __pfx_kthread+0x10/0x10 [ 32.553258] ret_from_fork_asm+0x1a/0x30 [ 32.553258] </TASK> [ 32.553258] [ 32.553258] Allocated by task 290: [ 32.553258] kasan_save_stack+0x3d/0x60 [ 32.553258] kasan_save_track+0x18/0x40 [ 32.553258] kasan_save_alloc_info+0x3b/0x50 [ 32.553258] __kasan_kmalloc+0xb7/0xc0 [ 32.553258] __kmalloc_cache_noprof+0x184/0x410 [ 32.553258] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 32.553258] kunit_try_run_case+0x1b3/0x490 [ 32.553258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.553258] kthread+0x257/0x310 [ 32.553258] ret_from_fork+0x41/0x80 [ 32.553258] ret_from_fork_asm+0x1a/0x30 [ 32.553258] [ 32.553258] The buggy address belongs to the object at ffff88810294dd00 [ 32.553258] which belongs to the cache kmalloc-128 of size 128 [ 32.553258] The buggy address is located 0 bytes to the right of [ 32.553258] allocated 120-byte region [ffff88810294dd00, ffff88810294dd78) [ 32.553258] [ 32.553258] The buggy address belongs to the physical page: [ 32.553258] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294d [ 32.553258] flags: 0x200000000000000(node=0|zone=2) [ 32.553258] page_type: f5(slab) [ 32.553258] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.553258] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.553258] page dumped because: kasan: bad access detected [ 32.553258] [ 32.553258] Memory state around the buggy address: [ 32.553258] ffff88810294dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.553258] ffff88810294dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.553258] >ffff88810294dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.553258] ^ [ 32.553258] ffff88810294dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.553258] ffff88810294de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.553258] ================================================================== [ 32.592191] ================================================================== [ 32.592191] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 32.592191] Write of size 8 at addr ffff88810294dd78 by task kunit_try_catch/290 [ 32.592191] [ 32.592191] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.592191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.592191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.592191] Call Trace: [ 32.592191] <TASK> [ 32.592191] dump_stack_lvl+0x73/0xb0 [ 32.592191] print_report+0xd1/0x640 [ 32.592191] ? __virt_addr_valid+0x1db/0x2d0 [ 32.592191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.592191] kasan_report+0x102/0x140 [ 32.592191] ? copy_to_kernel_nofault+0x99/0x260 [ 32.592191] ? copy_to_kernel_nofault+0x99/0x260 [ 32.592191] kasan_check_range+0x10c/0x1c0 [ 32.592191] __kasan_check_write+0x18/0x20 [ 32.592191] copy_to_kernel_nofault+0x99/0x260 [ 32.592191] copy_to_kernel_nofault_oob+0x214/0x4e0 [ 32.592191] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 32.592191] ? trace_hardirqs_on+0x37/0xe0 [ 32.592191] ? read_hpet+0x1f0/0x230 [ 32.592191] ? __pfx_read_hpet+0x10/0x10 [ 32.592191] ? ktime_get_ts64+0x84/0x230 [ 32.592191] kunit_try_run_case+0x1b3/0x490 [ 32.592191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.592191] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.592191] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.592191] ? __kthread_parkme+0x82/0x160 [ 32.592191] ? preempt_count_sub+0x50/0x80 [ 32.592191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.592191] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.592191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.592191] kthread+0x257/0x310 [ 32.592191] ? __pfx_kthread+0x10/0x10 [ 32.592191] ret_from_fork+0x41/0x80 [ 32.592191] ? __pfx_kthread+0x10/0x10 [ 32.592191] ret_from_fork_asm+0x1a/0x30 [ 32.592191] </TASK> [ 32.592191] [ 32.592191] Allocated by task 290: [ 32.592191] kasan_save_stack+0x3d/0x60 [ 32.592191] kasan_save_track+0x18/0x40 [ 32.592191] kasan_save_alloc_info+0x3b/0x50 [ 32.592191] __kasan_kmalloc+0xb7/0xc0 [ 32.592191] __kmalloc_cache_noprof+0x184/0x410 [ 32.592191] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 32.592191] kunit_try_run_case+0x1b3/0x490 [ 32.592191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.592191] kthread+0x257/0x310 [ 32.592191] ret_from_fork+0x41/0x80 [ 32.592191] ret_from_fork_asm+0x1a/0x30 [ 32.592191] [ 32.592191] The buggy address belongs to the object at ffff88810294dd00 [ 32.592191] which belongs to the cache kmalloc-128 of size 128 [ 32.592191] The buggy address is located 0 bytes to the right of [ 32.592191] allocated 120-byte region [ffff88810294dd00, ffff88810294dd78) [ 32.592191] [ 32.592191] The buggy address belongs to the physical page: [ 32.592191] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294d [ 32.592191] flags: 0x200000000000000(node=0|zone=2) [ 32.592191] page_type: f5(slab) [ 32.592191] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.592191] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.592191] page dumped because: kasan: bad access detected [ 32.592191] [ 32.592191] Memory state around the buggy address: [ 32.592191] ffff88810294dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.592191] ffff88810294dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.592191] >ffff88810294dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.592191] ^ [ 32.592191] ffff88810294dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.592191] ffff88810294de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.592191] ==================================================================
[ 27.260785] ================================================================== [ 27.262570] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.263512] Read of size 8 at addr ffff8881028c8d78 by task kunit_try_catch/288 [ 27.264972] [ 27.265232] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.266318] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.266791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.267926] Call Trace: [ 27.268118] <TASK> [ 27.268390] dump_stack_lvl+0x73/0xb0 [ 27.269439] print_report+0xd1/0x640 [ 27.269878] ? __virt_addr_valid+0x1db/0x2d0 [ 27.270297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.270759] kasan_report+0x102/0x140 [ 27.271139] ? copy_to_kernel_nofault+0x225/0x260 [ 27.272143] ? copy_to_kernel_nofault+0x225/0x260 [ 27.272587] __asan_report_load8_noabort+0x18/0x20 [ 27.273622] copy_to_kernel_nofault+0x225/0x260 [ 27.274051] copy_to_kernel_nofault_oob+0x179/0x4e0 [ 27.274509] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.275292] ? finish_task_switch.isra.0+0x153/0x700 [ 27.275940] ? __schedule+0xc3e/0x2790 [ 27.276302] ? trace_hardirqs_on+0x37/0xe0 [ 27.276703] ? __pfx_read_tsc+0x10/0x10 [ 27.277017] ? ktime_get_ts64+0x84/0x230 [ 27.277464] kunit_try_run_case+0x1b3/0x490 [ 27.278551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.279308] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.279790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.280524] ? __kthread_parkme+0x82/0x160 [ 27.281089] ? preempt_count_sub+0x50/0x80 [ 27.281794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.282152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.282396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.282885] kthread+0x257/0x310 [ 27.283413] ? __pfx_kthread+0x10/0x10 [ 27.283887] ret_from_fork+0x41/0x80 [ 27.284305] ? __pfx_kthread+0x10/0x10 [ 27.284753] ret_from_fork_asm+0x1a/0x30 [ 27.285230] </TASK> [ 27.285677] [ 27.286249] Allocated by task 288: [ 27.287019] kasan_save_stack+0x3d/0x60 [ 27.287354] kasan_save_track+0x18/0x40 [ 27.287695] kasan_save_alloc_info+0x3b/0x50 [ 27.288064] __kasan_kmalloc+0xb7/0xc0 [ 27.288503] __kmalloc_cache_noprof+0x184/0x410 [ 27.288919] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 27.289414] kunit_try_run_case+0x1b3/0x490 [ 27.290076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.290506] kthread+0x257/0x310 [ 27.291141] ret_from_fork+0x41/0x80 [ 27.291465] ret_from_fork_asm+0x1a/0x30 [ 27.292421] [ 27.292623] The buggy address belongs to the object at ffff8881028c8d00 [ 27.292623] which belongs to the cache kmalloc-128 of size 128 [ 27.293999] The buggy address is located 0 bytes to the right of [ 27.293999] allocated 120-byte region [ffff8881028c8d00, ffff8881028c8d78) [ 27.295065] [ 27.295237] The buggy address belongs to the physical page: [ 27.295828] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c8 [ 27.296459] flags: 0x200000000000000(node=0|zone=2) [ 27.297096] page_type: f5(slab) [ 27.297418] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.298419] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.299576] page dumped because: kasan: bad access detected [ 27.300167] [ 27.300517] Memory state around the buggy address: [ 27.301018] ffff8881028c8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.301644] ffff8881028c8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.302085] >ffff8881028c8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.302836] ^ [ 27.303288] ffff8881028c8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.304014] ffff8881028c8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.304700] ================================================================== [ 27.308385] ================================================================== [ 27.309333] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.309803] Write of size 8 at addr ffff8881028c8d78 by task kunit_try_catch/288 [ 27.310466] [ 27.311743] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.312440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.313103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.314059] Call Trace: [ 27.314627] <TASK> [ 27.315220] dump_stack_lvl+0x73/0xb0 [ 27.315955] print_report+0xd1/0x640 [ 27.316329] ? __virt_addr_valid+0x1db/0x2d0 [ 27.316770] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.317265] kasan_report+0x102/0x140 [ 27.318520] ? copy_to_kernel_nofault+0x99/0x260 [ 27.318850] ? copy_to_kernel_nofault+0x99/0x260 [ 27.319627] kasan_check_range+0x10c/0x1c0 [ 27.320038] __kasan_check_write+0x18/0x20 [ 27.320426] copy_to_kernel_nofault+0x99/0x260 [ 27.320917] copy_to_kernel_nofault_oob+0x214/0x4e0 [ 27.321374] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.322356] ? finish_task_switch.isra.0+0x153/0x700 [ 27.322725] ? __schedule+0xc3e/0x2790 [ 27.323752] ? trace_hardirqs_on+0x37/0xe0 [ 27.324242] ? __pfx_read_tsc+0x10/0x10 [ 27.324960] ? ktime_get_ts64+0x84/0x230 [ 27.325566] kunit_try_run_case+0x1b3/0x490 [ 27.326284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.326718] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.327210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.328312] ? __kthread_parkme+0x82/0x160 [ 27.328885] ? preempt_count_sub+0x50/0x80 [ 27.329475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.330105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.330610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.331539] kthread+0x257/0x310 [ 27.332240] ? __pfx_kthread+0x10/0x10 [ 27.332845] ret_from_fork+0x41/0x80 [ 27.333458] ? __pfx_kthread+0x10/0x10 [ 27.334178] ret_from_fork_asm+0x1a/0x30 [ 27.334629] </TASK> [ 27.334861] [ 27.335092] Allocated by task 288: [ 27.335390] kasan_save_stack+0x3d/0x60 [ 27.336392] kasan_save_track+0x18/0x40 [ 27.336809] kasan_save_alloc_info+0x3b/0x50 [ 27.337515] __kasan_kmalloc+0xb7/0xc0 [ 27.337793] __kmalloc_cache_noprof+0x184/0x410 [ 27.338292] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 27.338797] kunit_try_run_case+0x1b3/0x490 [ 27.339992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.340385] kthread+0x257/0x310 [ 27.341039] ret_from_fork+0x41/0x80 [ 27.341625] ret_from_fork_asm+0x1a/0x30 [ 27.342060] [ 27.342783] The buggy address belongs to the object at ffff8881028c8d00 [ 27.342783] which belongs to the cache kmalloc-128 of size 128 [ 27.343861] The buggy address is located 0 bytes to the right of [ 27.343861] allocated 120-byte region [ffff8881028c8d00, ffff8881028c8d78) [ 27.345197] [ 27.345443] The buggy address belongs to the physical page: [ 27.347026] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c8 [ 27.347686] flags: 0x200000000000000(node=0|zone=2) [ 27.348256] page_type: f5(slab) [ 27.348755] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.349433] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.349915] page dumped because: kasan: bad access detected [ 27.350474] [ 27.350769] Memory state around the buggy address: [ 27.351153] ffff8881028c8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.351818] ffff8881028c8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.352374] >ffff8881028c8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.353074] ^ [ 27.353518] ffff8881028c8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.354255] ffff8881028c8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.354895] ==================================================================