Date
Dec. 3, 2024, 11:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.359989] ================================================================== [ 37.361063] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 37.361968] Write of size 8 at addr fff00000c594be78 by task kunit_try_catch/270 [ 37.362861] [ 37.364272] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.365722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.366276] Hardware name: linux,dummy-virt (DT) [ 37.367242] Call trace: [ 37.367692] show_stack+0x20/0x38 (C) [ 37.368391] dump_stack_lvl+0x8c/0xd0 [ 37.368933] print_report+0x118/0x5e0 [ 37.369546] kasan_report+0xc8/0x118 [ 37.370122] kasan_check_range+0x100/0x1a8 [ 37.370772] __kasan_check_write+0x20/0x30 [ 37.371739] copy_to_kernel_nofault+0x8c/0x250 [ 37.372401] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 37.373110] kunit_try_run_case+0x14c/0x3d0 [ 37.373785] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.374651] kthread+0x24c/0x2d0 [ 37.375445] ret_from_fork+0x10/0x20 [ 37.376018] [ 37.376428] Allocated by task 270: [ 37.376924] kasan_save_stack+0x3c/0x68 [ 37.377543] kasan_save_track+0x20/0x40 [ 37.378217] kasan_save_alloc_info+0x40/0x58 [ 37.378876] __kasan_kmalloc+0xd4/0xd8 [ 37.380430] __kmalloc_cache_noprof+0x15c/0x3c0 [ 37.381113] copy_to_kernel_nofault_oob+0xc8/0x418 [ 37.381878] kunit_try_run_case+0x14c/0x3d0 [ 37.382519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.383374] kthread+0x24c/0x2d0 [ 37.384167] ret_from_fork+0x10/0x20 [ 37.384918] [ 37.385253] The buggy address belongs to the object at fff00000c594be00 [ 37.385253] which belongs to the cache kmalloc-128 of size 128 [ 37.386729] The buggy address is located 0 bytes to the right of [ 37.386729] allocated 120-byte region [fff00000c594be00, fff00000c594be78) [ 37.388799] [ 37.389145] The buggy address belongs to the physical page: [ 37.389944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.390934] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.391936] page_type: f5(slab) [ 37.392614] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.393551] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.394515] page dumped because: kasan: bad access detected [ 37.395189] [ 37.395845] Memory state around the buggy address: [ 37.396790] fff00000c594bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 37.397785] fff00000c594bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.398719] >fff00000c594be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.399911] ^ [ 37.400984] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.402148] fff00000c594bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.402823] ================================================================== [ 37.314807] ================================================================== [ 37.316901] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 37.317766] Read of size 8 at addr fff00000c594be78 by task kunit_try_catch/270 [ 37.318636] [ 37.319077] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.320633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.321204] Hardware name: linux,dummy-virt (DT) [ 37.321848] Call trace: [ 37.322284] show_stack+0x20/0x38 (C) [ 37.322915] dump_stack_lvl+0x8c/0xd0 [ 37.323593] print_report+0x118/0x5e0 [ 37.324294] kasan_report+0xc8/0x118 [ 37.324832] __asan_report_load8_noabort+0x20/0x30 [ 37.325627] copy_to_kernel_nofault+0x204/0x250 [ 37.326355] copy_to_kernel_nofault_oob+0x158/0x418 [ 37.327159] kunit_try_run_case+0x14c/0x3d0 [ 37.327842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.328920] kthread+0x24c/0x2d0 [ 37.329429] ret_from_fork+0x10/0x20 [ 37.330029] [ 37.330399] Allocated by task 270: [ 37.330862] kasan_save_stack+0x3c/0x68 [ 37.331632] kasan_save_track+0x20/0x40 [ 37.332732] kasan_save_alloc_info+0x40/0x58 [ 37.333529] __kasan_kmalloc+0xd4/0xd8 [ 37.334293] __kmalloc_cache_noprof+0x15c/0x3c0 [ 37.335058] copy_to_kernel_nofault_oob+0xc8/0x418 [ 37.335980] kunit_try_run_case+0x14c/0x3d0 [ 37.336708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.337647] kthread+0x24c/0x2d0 [ 37.338399] ret_from_fork+0x10/0x20 [ 37.338893] [ 37.339073] The buggy address belongs to the object at fff00000c594be00 [ 37.339073] which belongs to the cache kmalloc-128 of size 128 [ 37.340943] The buggy address is located 0 bytes to the right of [ 37.340943] allocated 120-byte region [fff00000c594be00, fff00000c594be78) [ 37.342593] [ 37.343056] The buggy address belongs to the physical page: [ 37.344164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.345054] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.345860] page_type: f5(slab) [ 37.346478] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.347533] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.348762] page dumped because: kasan: bad access detected [ 37.349622] [ 37.349941] Memory state around the buggy address: [ 37.350576] fff00000c594bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 37.351630] fff00000c594bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.353243] >fff00000c594be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.354659] ^ [ 37.356107] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.357014] fff00000c594bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.358530] ==================================================================
[ 32.393789] ================================================================== [ 32.396092] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 32.396756] Read of size 8 at addr ffff88810299ad78 by task kunit_try_catch/290 [ 32.397205] [ 32.397449] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.398310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.399418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.400410] Call Trace: [ 32.400971] <TASK> [ 32.401182] dump_stack_lvl+0x73/0xb0 [ 32.401753] print_report+0xd1/0x640 [ 32.402540] ? __virt_addr_valid+0x1db/0x2d0 [ 32.403001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.403558] kasan_report+0x102/0x140 [ 32.404180] ? copy_to_kernel_nofault+0x225/0x260 [ 32.404821] ? copy_to_kernel_nofault+0x225/0x260 [ 32.405335] __asan_report_load8_noabort+0x18/0x20 [ 32.406153] copy_to_kernel_nofault+0x225/0x260 [ 32.406570] copy_to_kernel_nofault_oob+0x179/0x4e0 [ 32.407351] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 32.408031] ? finish_task_switch.isra.0+0x153/0x700 [ 32.408835] ? __schedule+0xc3e/0x2790 [ 32.409542] ? trace_hardirqs_on+0x37/0xe0 [ 32.410283] ? __pfx_read_tsc+0x10/0x10 [ 32.410829] ? ktime_get_ts64+0x86/0x230 [ 32.411616] kunit_try_run_case+0x1b3/0x490 [ 32.412050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.412520] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.413338] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.414018] ? __kthread_parkme+0x82/0x160 [ 32.414588] ? preempt_count_sub+0x50/0x80 [ 32.415093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.415965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.416455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.416954] kthread+0x257/0x310 [ 32.417280] ? __pfx_kthread+0x10/0x10 [ 32.418132] ret_from_fork+0x41/0x80 [ 32.418489] ? __pfx_kthread+0x10/0x10 [ 32.419144] ret_from_fork_asm+0x1a/0x30 [ 32.419806] </TASK> [ 32.420011] [ 32.420174] Allocated by task 290: [ 32.421114] kasan_save_stack+0x3d/0x60 [ 32.421418] kasan_save_track+0x18/0x40 [ 32.421809] kasan_save_alloc_info+0x3b/0x50 [ 32.422551] __kasan_kmalloc+0xb7/0xc0 [ 32.423066] __kmalloc_cache_noprof+0x184/0x410 [ 32.423589] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 32.424228] kunit_try_run_case+0x1b3/0x490 [ 32.424755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.425257] kthread+0x257/0x310 [ 32.425736] ret_from_fork+0x41/0x80 [ 32.426118] ret_from_fork_asm+0x1a/0x30 [ 32.426392] [ 32.426682] The buggy address belongs to the object at ffff88810299ad00 [ 32.426682] which belongs to the cache kmalloc-128 of size 128 [ 32.427957] The buggy address is located 0 bytes to the right of [ 32.427957] allocated 120-byte region [ffff88810299ad00, ffff88810299ad78) [ 32.428766] [ 32.428986] The buggy address belongs to the physical page: [ 32.429727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10299a [ 32.430622] flags: 0x200000000000000(node=0|zone=2) [ 32.431234] page_type: f5(slab) [ 32.431793] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.432710] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.433494] page dumped because: kasan: bad access detected [ 32.434318] [ 32.434735] Memory state around the buggy address: [ 32.435121] ffff88810299ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.436025] ffff88810299ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.436963] >ffff88810299ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.438164] ^ [ 32.438623] ffff88810299ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.439287] ffff88810299ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.440128] ================================================================== [ 32.441745] ================================================================== [ 32.442971] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 32.443757] Write of size 8 at addr ffff88810299ad78 by task kunit_try_catch/290 [ 32.444732] [ 32.445421] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.446535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.446921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.447959] Call Trace: [ 32.448181] <TASK> [ 32.448643] dump_stack_lvl+0x73/0xb0 [ 32.449107] print_report+0xd1/0x640 [ 32.449545] ? __virt_addr_valid+0x1db/0x2d0 [ 32.450243] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.450647] kasan_report+0x102/0x140 [ 32.451917] ? copy_to_kernel_nofault+0x99/0x260 [ 32.452413] ? copy_to_kernel_nofault+0x99/0x260 [ 32.453076] kasan_check_range+0x10c/0x1c0 [ 32.453426] __kasan_check_write+0x18/0x20 [ 32.453970] copy_to_kernel_nofault+0x99/0x260 [ 32.454428] copy_to_kernel_nofault_oob+0x214/0x4e0 [ 32.455150] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 32.455599] ? finish_task_switch.isra.0+0x153/0x700 [ 32.455918] ? __schedule+0xc3e/0x2790 [ 32.456810] ? trace_hardirqs_on+0x37/0xe0 [ 32.457457] ? __pfx_read_tsc+0x10/0x10 [ 32.458247] ? ktime_get_ts64+0x86/0x230 [ 32.458812] kunit_try_run_case+0x1b3/0x490 [ 32.459257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.460104] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.460782] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.461154] ? __kthread_parkme+0x82/0x160 [ 32.461515] ? preempt_count_sub+0x50/0x80 [ 32.462608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.463294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.463985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.464766] kthread+0x257/0x310 [ 32.465152] ? __pfx_kthread+0x10/0x10 [ 32.465782] ret_from_fork+0x41/0x80 [ 32.466325] ? __pfx_kthread+0x10/0x10 [ 32.466560] ret_from_fork_asm+0x1a/0x30 [ 32.467511] </TASK> [ 32.468031] [ 32.468218] Allocated by task 290: [ 32.468580] kasan_save_stack+0x3d/0x60 [ 32.469737] kasan_save_track+0x18/0x40 [ 32.470072] kasan_save_alloc_info+0x3b/0x50 [ 32.470619] __kasan_kmalloc+0xb7/0xc0 [ 32.470883] __kmalloc_cache_noprof+0x184/0x410 [ 32.471299] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 32.472234] kunit_try_run_case+0x1b3/0x490 [ 32.472501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.472769] kthread+0x257/0x310 [ 32.473697] ret_from_fork+0x41/0x80 [ 32.474322] ret_from_fork_asm+0x1a/0x30 [ 32.474986] [ 32.475195] The buggy address belongs to the object at ffff88810299ad00 [ 32.475195] which belongs to the cache kmalloc-128 of size 128 [ 32.477270] The buggy address is located 0 bytes to the right of [ 32.477270] allocated 120-byte region [ffff88810299ad00, ffff88810299ad78) [ 32.478246] [ 32.478482] The buggy address belongs to the physical page: [ 32.479412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10299a [ 32.480270] flags: 0x200000000000000(node=0|zone=2) [ 32.481220] page_type: f5(slab) [ 32.481844] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.482913] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.483389] page dumped because: kasan: bad access detected [ 32.483771] [ 32.483981] Memory state around the buggy address: [ 32.484403] ffff88810299ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.484955] ffff88810299ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.485745] >ffff88810299ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.486686] ^ [ 32.487721] ffff88810299ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.488546] ffff88810299ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.489532] ==================================================================