Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.399435] ================================================================== [ 30.400403] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 30.401328] Write of size 8 at addr fff00000c1313078 by task kunit_try_catch/269 [ 30.402250] [ 30.402731] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.404187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.404994] Hardware name: linux,dummy-virt (DT) [ 30.405669] Call trace: [ 30.406145] show_stack+0x20/0x38 (C) [ 30.406793] dump_stack_lvl+0x8c/0xd0 [ 30.407488] print_report+0x118/0x5e0 [ 30.408338] kasan_report+0xc8/0x118 [ 30.408765] kasan_check_range+0x100/0x1a8 [ 30.409395] __kasan_check_write+0x20/0x30 [ 30.410041] copy_to_kernel_nofault+0x8c/0x250 [ 30.410734] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 30.411521] kunit_try_run_case+0x14c/0x3d0 [ 30.412230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.413027] kthread+0x24c/0x2d0 [ 30.413572] ret_from_fork+0x10/0x20 [ 30.414219] [ 30.414599] Allocated by task 269: [ 30.415184] kasan_save_stack+0x3c/0x68 [ 30.415795] kasan_save_track+0x20/0x40 [ 30.416393] kasan_save_alloc_info+0x40/0x58 [ 30.416938] __kasan_kmalloc+0xd4/0xd8 [ 30.417588] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.418254] copy_to_kernel_nofault_oob+0xc8/0x418 [ 30.418903] kunit_try_run_case+0x14c/0x3d0 [ 30.419646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.420312] kthread+0x24c/0x2d0 [ 30.420997] ret_from_fork+0x10/0x20 [ 30.421450] [ 30.421815] The buggy address belongs to the object at fff00000c1313000 [ 30.421815] which belongs to the cache kmalloc-128 of size 128 [ 30.423470] The buggy address is located 0 bytes to the right of [ 30.423470] allocated 120-byte region [fff00000c1313000, fff00000c1313078) [ 30.424970] [ 30.425635] The buggy address belongs to the physical page: [ 30.426479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.427559] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.428439] page_type: f5(slab) [ 30.428936] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.429834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.430652] page dumped because: kasan: bad access detected [ 30.431304] [ 30.431623] Memory state around the buggy address: [ 30.432364] fff00000c1312f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.433241] fff00000c1312f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.434116] >fff00000c1313000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.435113] ^ [ 30.436011] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.436827] fff00000c1313100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.437578] ================================================================== [ 30.356946] ================================================================== [ 30.358446] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 30.359296] Read of size 8 at addr fff00000c1313078 by task kunit_try_catch/269 [ 30.360062] [ 30.360410] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.362631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.363751] Hardware name: linux,dummy-virt (DT) [ 30.364632] Call trace: [ 30.365277] show_stack+0x20/0x38 (C) [ 30.365930] dump_stack_lvl+0x8c/0xd0 [ 30.366612] print_report+0x118/0x5e0 [ 30.367613] kasan_report+0xc8/0x118 [ 30.368106] __asan_report_load8_noabort+0x20/0x30 [ 30.368776] copy_to_kernel_nofault+0x204/0x250 [ 30.369486] copy_to_kernel_nofault_oob+0x158/0x418 [ 30.370198] kunit_try_run_case+0x14c/0x3d0 [ 30.371152] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.371861] kthread+0x24c/0x2d0 [ 30.372433] ret_from_fork+0x10/0x20 [ 30.373023] [ 30.373393] Allocated by task 269: [ 30.373908] kasan_save_stack+0x3c/0x68 [ 30.374730] kasan_save_track+0x20/0x40 [ 30.375315] kasan_save_alloc_info+0x40/0x58 [ 30.376030] __kasan_kmalloc+0xd4/0xd8 [ 30.376696] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.377359] copy_to_kernel_nofault_oob+0xc8/0x418 [ 30.378117] kunit_try_run_case+0x14c/0x3d0 [ 30.378775] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.379597] kthread+0x24c/0x2d0 [ 30.380052] ret_from_fork+0x10/0x20 [ 30.380722] [ 30.381100] The buggy address belongs to the object at fff00000c1313000 [ 30.381100] which belongs to the cache kmalloc-128 of size 128 [ 30.382465] The buggy address is located 0 bytes to the right of [ 30.382465] allocated 120-byte region [fff00000c1313000, fff00000c1313078) [ 30.384379] [ 30.384618] The buggy address belongs to the physical page: [ 30.385965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.386750] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.387536] page_type: f5(slab) [ 30.388366] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.389234] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.390185] page dumped because: kasan: bad access detected [ 30.390848] [ 30.391530] Memory state around the buggy address: [ 30.392294] fff00000c1312f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.393278] fff00000c1312f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.394210] >fff00000c1313000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.395368] ^ [ 30.396024] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.396900] fff00000c1313100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.397834] ==================================================================
[ 31.928075] ================================================================== [ 31.929101] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 31.929861] Write of size 8 at addr ffff88810296da78 by task kunit_try_catch/288 [ 31.930945] [ 31.931377] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 31.931936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.932507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.933467] Call Trace: [ 31.934115] <TASK> [ 31.934634] dump_stack_lvl+0x73/0xb0 [ 31.935363] print_report+0xd1/0x640 [ 31.935985] ? __virt_addr_valid+0x1db/0x2d0 [ 31.937539] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.938553] kasan_report+0x102/0x140 [ 31.939162] ? copy_to_kernel_nofault+0x99/0x260 [ 31.939841] ? copy_to_kernel_nofault+0x99/0x260 [ 31.940659] kasan_check_range+0x10c/0x1c0 [ 31.941526] __kasan_check_write+0x18/0x20 [ 31.942173] copy_to_kernel_nofault+0x99/0x260 [ 31.943630] copy_to_kernel_nofault_oob+0x214/0x4e0 [ 31.944888] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 31.945962] ? finish_task_switch.isra.0+0x153/0x700 [ 31.946748] ? __schedule+0xc70/0x27e0 [ 31.947072] ? trace_hardirqs_on+0x37/0xe0 [ 31.948348] ? __pfx_read_tsc+0x10/0x10 [ 31.949386] ? ktime_get_ts64+0x86/0x230 [ 31.949830] kunit_try_run_case+0x1b3/0x490 [ 31.950775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.951527] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 31.952709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.953021] ? __kthread_parkme+0x82/0x160 [ 31.953402] ? preempt_count_sub+0x50/0x80 [ 31.954488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.955078] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.956311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.957083] kthread+0x257/0x310 [ 31.958032] ? __pfx_kthread+0x10/0x10 [ 31.958634] ret_from_fork+0x41/0x80 [ 31.959293] ? __pfx_kthread+0x10/0x10 [ 31.959856] ret_from_fork_asm+0x1a/0x30 [ 31.961146] </TASK> [ 31.961675] [ 31.962420] Allocated by task 288: [ 31.962772] kasan_save_stack+0x3d/0x60 [ 31.963182] kasan_save_track+0x18/0x40 [ 31.964180] kasan_save_alloc_info+0x3b/0x50 [ 31.964515] __kasan_kmalloc+0xb7/0xc0 [ 31.964794] __kmalloc_cache_noprof+0x184/0x410 [ 31.965103] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 31.965432] kunit_try_run_case+0x1b3/0x490 [ 31.965723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.966555] kthread+0x257/0x310 [ 31.967942] ret_from_fork+0x41/0x80 [ 31.968414] ret_from_fork_asm+0x1a/0x30 [ 31.968766] [ 31.968930] The buggy address belongs to the object at ffff88810296da00 [ 31.968930] which belongs to the cache kmalloc-128 of size 128 [ 31.969913] The buggy address is located 0 bytes to the right of [ 31.969913] allocated 120-byte region [ffff88810296da00, ffff88810296da78) [ 31.972831] [ 31.973028] The buggy address belongs to the physical page: [ 31.973830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 31.975822] flags: 0x200000000000000(node=0|zone=2) [ 31.976453] page_type: f5(slab) [ 31.977291] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.979087] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.980178] page dumped because: kasan: bad access detected [ 31.980641] [ 31.981492] Memory state around the buggy address: [ 31.982300] ffff88810296d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.983530] ffff88810296d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.984930] >ffff88810296da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.985413] ^ [ 31.986555] ffff88810296da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.987229] ffff88810296db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.987897] ================================================================== [ 31.876159] ================================================================== [ 31.878146] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 31.878949] Read of size 8 at addr ffff88810296da78 by task kunit_try_catch/288 [ 31.880531] [ 31.880959] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 31.882045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.882619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.883500] Call Trace: [ 31.883958] <TASK> [ 31.884435] dump_stack_lvl+0x73/0xb0 [ 31.884985] print_report+0xd1/0x640 [ 31.885340] ? __virt_addr_valid+0x1db/0x2d0 [ 31.885873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.886376] kasan_report+0x102/0x140 [ 31.886732] ? copy_to_kernel_nofault+0x225/0x260 [ 31.887347] ? copy_to_kernel_nofault+0x225/0x260 [ 31.888581] __asan_report_load8_noabort+0x18/0x20 [ 31.889135] copy_to_kernel_nofault+0x225/0x260 [ 31.890056] copy_to_kernel_nofault_oob+0x179/0x4e0 [ 31.890691] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 31.891037] ? finish_task_switch.isra.0+0x153/0x700 [ 31.892092] ? __schedule+0xc70/0x27e0 [ 31.892914] ? trace_hardirqs_on+0x37/0xe0 [ 31.893625] ? __pfx_read_tsc+0x10/0x10 [ 31.894095] ? ktime_get_ts64+0x86/0x230 [ 31.894877] kunit_try_run_case+0x1b3/0x490 [ 31.895401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.895957] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 31.896540] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.897845] ? __kthread_parkme+0x82/0x160 [ 31.898674] ? preempt_count_sub+0x50/0x80 [ 31.899880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.900440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.901060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.901571] kthread+0x257/0x310 [ 31.902338] ? __pfx_kthread+0x10/0x10 [ 31.902917] ret_from_fork+0x41/0x80 [ 31.903388] ? __pfx_kthread+0x10/0x10 [ 31.903696] ret_from_fork_asm+0x1a/0x30 [ 31.904400] </TASK> [ 31.904725] [ 31.904966] Allocated by task 288: [ 31.905622] kasan_save_stack+0x3d/0x60 [ 31.906037] kasan_save_track+0x18/0x40 [ 31.906653] kasan_save_alloc_info+0x3b/0x50 [ 31.907204] __kasan_kmalloc+0xb7/0xc0 [ 31.907697] __kmalloc_cache_noprof+0x184/0x410 [ 31.908158] copy_to_kernel_nofault_oob+0xc5/0x4e0 [ 31.908848] kunit_try_run_case+0x1b3/0x490 [ 31.909226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.910017] kthread+0x257/0x310 [ 31.910301] ret_from_fork+0x41/0x80 [ 31.910961] ret_from_fork_asm+0x1a/0x30 [ 31.911657] [ 31.912024] The buggy address belongs to the object at ffff88810296da00 [ 31.912024] which belongs to the cache kmalloc-128 of size 128 [ 31.913417] The buggy address is located 0 bytes to the right of [ 31.913417] allocated 120-byte region [ffff88810296da00, ffff88810296da78) [ 31.914770] [ 31.914940] The buggy address belongs to the physical page: [ 31.915594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 31.916328] flags: 0x200000000000000(node=0|zone=2) [ 31.917152] page_type: f5(slab) [ 31.917470] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.918313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.919442] page dumped because: kasan: bad access detected [ 31.920035] [ 31.920359] Memory state around the buggy address: [ 31.921156] ffff88810296d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.921684] ffff88810296d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.922913] >ffff88810296da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.923861] ^ [ 31.924311] ffff88810296da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.925339] ffff88810296db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.925811] ==================================================================