Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 54.699715] ================================================================== [ 54.700608] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 54.701889] Write of size 8 at addr fff00000c61a5378 by task kunit_try_catch/270 [ 54.703515] [ 54.704065] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.705072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.705997] Hardware name: linux,dummy-virt (DT) [ 54.706850] Call trace: [ 54.707278] show_stack+0x20/0x38 (C) [ 54.708010] dump_stack_lvl+0x8c/0xd0 [ 54.708679] print_report+0x118/0x5e0 [ 54.709486] kasan_report+0xc8/0x118 [ 54.710344] kasan_check_range+0x100/0x1a8 [ 54.710977] __kasan_check_write+0x20/0x30 [ 54.711677] copy_to_kernel_nofault+0x8c/0x250 [ 54.712347] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 54.713010] kunit_try_run_case+0x14c/0x3d0 [ 54.713837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.714826] kthread+0x24c/0x2d0 [ 54.715124] ret_from_fork+0x10/0x20 [ 54.715437] [ 54.715611] Allocated by task 270: [ 54.715861] kasan_save_stack+0x3c/0x68 [ 54.716155] kasan_save_track+0x20/0x40 [ 54.716544] kasan_save_alloc_info+0x40/0x58 [ 54.717171] __kasan_kmalloc+0xd4/0xd8 [ 54.717789] __kmalloc_cache_noprof+0x15c/0x3c0 [ 54.718485] copy_to_kernel_nofault_oob+0xc8/0x418 [ 54.719144] kunit_try_run_case+0x14c/0x3d0 [ 54.719685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.720246] kthread+0x24c/0x2d0 [ 54.721019] ret_from_fork+0x10/0x20 [ 54.721900] [ 54.722498] The buggy address belongs to the object at fff00000c61a5300 [ 54.722498] which belongs to the cache kmalloc-128 of size 128 [ 54.723876] The buggy address is located 0 bytes to the right of [ 54.723876] allocated 120-byte region [fff00000c61a5300, fff00000c61a5378) [ 54.725327] [ 54.725894] The buggy address belongs to the physical page: [ 54.727175] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 54.728272] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.729145] page_type: f5(slab) [ 54.729699] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 54.730727] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 54.731691] page dumped because: kasan: bad access detected [ 54.732606] [ 54.733061] Memory state around the buggy address: [ 54.733920] fff00000c61a5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 54.734791] fff00000c61a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.735707] >fff00000c61a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.736670] ^ [ 54.737641] fff00000c61a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.739058] fff00000c61a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.739931] ================================================================== [ 54.654062] ================================================================== [ 54.655660] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 54.656394] Read of size 8 at addr fff00000c61a5378 by task kunit_try_catch/270 [ 54.657388] [ 54.657762] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 54.659330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.659788] Hardware name: linux,dummy-virt (DT) [ 54.660464] Call trace: [ 54.660923] show_stack+0x20/0x38 (C) [ 54.661477] dump_stack_lvl+0x8c/0xd0 [ 54.662127] print_report+0x118/0x5e0 [ 54.662899] kasan_report+0xc8/0x118 [ 54.663428] __asan_report_load8_noabort+0x20/0x30 [ 54.664194] copy_to_kernel_nofault+0x204/0x250 [ 54.665216] copy_to_kernel_nofault_oob+0x158/0x418 [ 54.666411] kunit_try_run_case+0x14c/0x3d0 [ 54.667156] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.668216] kthread+0x24c/0x2d0 [ 54.668880] ret_from_fork+0x10/0x20 [ 54.669843] [ 54.670415] Allocated by task 270: [ 54.670952] kasan_save_stack+0x3c/0x68 [ 54.671633] kasan_save_track+0x20/0x40 [ 54.672163] kasan_save_alloc_info+0x40/0x58 [ 54.672890] __kasan_kmalloc+0xd4/0xd8 [ 54.673717] __kmalloc_cache_noprof+0x15c/0x3c0 [ 54.674573] copy_to_kernel_nofault_oob+0xc8/0x418 [ 54.675399] kunit_try_run_case+0x14c/0x3d0 [ 54.675978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.677212] kthread+0x24c/0x2d0 [ 54.677943] ret_from_fork+0x10/0x20 [ 54.678676] [ 54.679691] The buggy address belongs to the object at fff00000c61a5300 [ 54.679691] which belongs to the cache kmalloc-128 of size 128 [ 54.681460] The buggy address is located 0 bytes to the right of [ 54.681460] allocated 120-byte region [fff00000c61a5300, fff00000c61a5378) [ 54.683187] [ 54.683521] The buggy address belongs to the physical page: [ 54.684309] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 54.685329] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.686213] page_type: f5(slab) [ 54.687053] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 54.687925] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 54.688751] page dumped because: kasan: bad access detected [ 54.689618] [ 54.690083] Memory state around the buggy address: [ 54.690984] fff00000c61a5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 54.691964] fff00000c61a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.692902] >fff00000c61a5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.693831] ^ [ 54.695233] fff00000c61a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.696122] fff00000c61a5400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.697196] ==================================================================
[ 32.665522] ================================================================== [ 32.666485] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 32.667439] Write of size 8 at addr ffff888101ac1178 by task kunit_try_catch/289 [ 32.668112] [ 32.668446] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 32.669527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.669969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.670883] Call Trace: [ 32.671158] <TASK> [ 32.671356] dump_stack_lvl+0x73/0xb0 [ 32.671868] print_report+0xd1/0x640 [ 32.672476] ? __virt_addr_valid+0x1db/0x2d0 [ 32.673447] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.674376] kasan_report+0x102/0x140 [ 32.674892] ? copy_to_kernel_nofault+0x99/0x260 [ 32.675358] ? copy_to_kernel_nofault+0x99/0x260 [ 32.675926] kasan_check_range+0x10c/0x1c0 [ 32.676674] __kasan_check_write+0x18/0x20 [ 32.677112] copy_to_kernel_nofault+0x99/0x260 [ 32.677767] copy_to_kernel_nofault_oob+0x214/0x4e0 [ 32.678189] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 32.678568] ? finish_task_switch.isra.0+0x153/0x700 [ 32.679217] ? __schedule+0xc3e/0x2790 [ 32.679760] ? trace_hardirqs_on+0x37/0xe0 [ 32.680440] ? __pfx_read_tsc+0x10/0x10 [ 32.680893] ? ktime_get_ts64+0x84/0x230 [ 32.681478] kunit_try_run_case+0x1b3/0x490 [ 32.682184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.682534] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.682861] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.683394] ? __kthread_parkme+0x82/0x160 [ 32.683822] ? preempt_count_sub+0x50/0x80 [ 32.685416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.687207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.688260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.688797] kthread+0x257/0x310 [ 32.689756] ? __pfx_kthread+0x10/0x10 [ 32.690296] ret_from_fork+0x41/0x80 [ 32.690702] ? __pfx_kthread+0x10/0x10 [ 32.691205] ret_from_fork_asm+0x1a/0x30 [ 32.691572] </TASK> [ 32.691886] [ 32.692296] Allocated by task 289: [ 32.692779] kasan_save_stack+0x3d/0x60 [ 32.693152] kasan_save_track+0x18/0x40 [ 32.693761] kasan_save_alloc_info+0x3b/0x50 [ 32.694654] __kasan_kmalloc+0xb7/0xc0 [ 32.695237] __kmalloc_cache_noprof+0x184/0x410 [ 32.695604] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 32.696401] kunit_try_run_case+0x1b3/0x490 [ 32.696781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.697546] kthread+0x257/0x310 [ 32.698331] ret_from_fork+0x41/0x80 [ 32.698789] ret_from_fork_asm+0x1a/0x30 [ 32.699100] [ 32.699287] The buggy address belongs to the object at ffff888101ac1100 [ 32.699287] which belongs to the cache kmalloc-128 of size 128 [ 32.700634] The buggy address is located 0 bytes to the right of [ 32.700634] allocated 120-byte region [ffff888101ac1100, ffff888101ac1178) [ 32.702944] [ 32.703301] The buggy address belongs to the physical page: [ 32.703876] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac1 [ 32.704354] flags: 0x200000000000000(node=0|zone=2) [ 32.705060] page_type: f5(slab) [ 32.705609] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.706738] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.707214] page dumped because: kasan: bad access detected [ 32.708070] [ 32.708549] Memory state around the buggy address: [ 32.709139] ffff888101ac1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.709762] ffff888101ac1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.710557] >ffff888101ac1100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.711592] ^ [ 32.712077] ffff888101ac1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.712859] ffff888101ac1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.713612] ================================================================== [ 32.618398] ================================================================== [ 32.619835] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 32.620718] Read of size 8 at addr ffff888101ac1178 by task kunit_try_catch/289 [ 32.621503] [ 32.621786] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 32.623554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.623978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.625341] Call Trace: [ 32.625627] <TASK> [ 32.625893] dump_stack_lvl+0x73/0xb0 [ 32.626317] print_report+0xd1/0x640 [ 32.626727] ? __virt_addr_valid+0x1db/0x2d0 [ 32.627930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.628862] kasan_report+0x102/0x140 [ 32.629716] ? copy_to_kernel_nofault+0x225/0x260 [ 32.630299] ? copy_to_kernel_nofault+0x225/0x260 [ 32.630871] __asan_report_load8_noabort+0x18/0x20 [ 32.631479] copy_to_kernel_nofault+0x225/0x260 [ 32.632008] copy_to_kernel_nofault_oob+0x179/0x4e0 [ 32.632458] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 32.633283] ? finish_task_switch.isra.0+0x153/0x700 [ 32.633752] ? __schedule+0xc3e/0x2790 [ 32.634179] ? trace_hardirqs_on+0x37/0xe0 [ 32.634699] ? __pfx_read_tsc+0x10/0x10 [ 32.635173] ? ktime_get_ts64+0x84/0x230 [ 32.635896] kunit_try_run_case+0x1b3/0x490 [ 32.636600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.637199] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.637794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.638288] ? __kthread_parkme+0x82/0x160 [ 32.638827] ? preempt_count_sub+0x50/0x80 [ 32.639305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.640073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.640797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.641529] kthread+0x257/0x310 [ 32.642151] ? __pfx_kthread+0x10/0x10 [ 32.642845] ret_from_fork+0x41/0x80 [ 32.643184] ? __pfx_kthread+0x10/0x10 [ 32.643741] ret_from_fork_asm+0x1a/0x30 [ 32.644165] </TASK> [ 32.644477] [ 32.644700] Allocated by task 289: [ 32.645276] kasan_save_stack+0x3d/0x60 [ 32.645585] kasan_save_track+0x18/0x40 [ 32.645869] kasan_save_alloc_info+0x3b/0x50 [ 32.646391] __kasan_kmalloc+0xb7/0xc0 [ 32.647110] __kmalloc_cache_noprof+0x184/0x410 [ 32.647933] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 32.648549] kunit_try_run_case+0x1b3/0x490 [ 32.649200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.649555] kthread+0x257/0x310 [ 32.649844] ret_from_fork+0x41/0x80 [ 32.650467] ret_from_fork_asm+0x1a/0x30 [ 32.651115] [ 32.651421] The buggy address belongs to the object at ffff888101ac1100 [ 32.651421] which belongs to the cache kmalloc-128 of size 128 [ 32.652952] The buggy address is located 0 bytes to the right of [ 32.652952] allocated 120-byte region [ffff888101ac1100, ffff888101ac1178) [ 32.653934] [ 32.654257] The buggy address belongs to the physical page: [ 32.655121] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac1 [ 32.655932] flags: 0x200000000000000(node=0|zone=2) [ 32.656448] page_type: f5(slab) [ 32.656708] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.657547] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.658743] page dumped because: kasan: bad access detected [ 32.659394] [ 32.659551] Memory state around the buggy address: [ 32.659868] ffff888101ac1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.661065] ffff888101ac1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.661735] >ffff888101ac1100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.662280] ^ [ 32.663031] ffff888101ac1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.663720] ffff888101ac1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.664370] ==================================================================