lkft/linux-next-master - next-20250515 - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault

Date
May 15, 2025, 10:38 a.m.
Environment
e850-96
[   64.143983] ==================================================================
[   64.158190] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250
[   64.165563] Read of size 8 at addr ffff000801adc978 by task kunit_try_catch/326
[   64.172854] 
[   64.174339] CPU: 3 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   64.174398] Tainted: [B]=BAD_PAGE, [N]=TEST
[   64.174416] Hardware name: WinLink E850-96 board (DT)
[   64.174438] Call trace:
[   64.174453]  show_stack+0x20/0x38 (C)
[   64.174491]  dump_stack_lvl+0x8c/0xd0
[   64.174524]  print_report+0x118/0x608
[   64.174556]  kasan_report+0xdc/0x128
[   64.174588]  __asan_report_load8_noabort+0x20/0x30
[   64.174627]  copy_to_kernel_nofault+0x204/0x250
[   64.174662]  copy_to_kernel_nofault_oob+0x158/0x418
[   64.174696]  kunit_try_run_case+0x170/0x3f0
[   64.174728]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.174767]  kthread+0x328/0x630
[   64.174805]  ret_from_fork+0x10/0x20
[   64.174841] 
[   64.243599] Allocated by task 326:
[   64.246988]  kasan_save_stack+0x3c/0x68
[   64.250803]  kasan_save_track+0x20/0x40
[   64.254622]  kasan_save_alloc_info+0x40/0x58
[   64.258876]  __kasan_kmalloc+0xd4/0xd8
[   64.262609]  __kmalloc_cache_noprof+0x15c/0x3c0
[   64.267122]  copy_to_kernel_nofault_oob+0xc8/0x418
[   64.271897]  kunit_try_run_case+0x170/0x3f0
[   64.276062]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.281532]  kthread+0x328/0x630
[   64.284743]  ret_from_fork+0x10/0x20
[   64.288303] 
[   64.289780] The buggy address belongs to the object at ffff000801adc900
[   64.289780]  which belongs to the cache kmalloc-128 of size 128
[   64.302281] The buggy address is located 0 bytes to the right of
[   64.302281]  allocated 120-byte region [ffff000801adc900, ffff000801adc978)
[   64.315212] 
[   64.316691] The buggy address belongs to the physical page:
[   64.322247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881adc
[   64.330230] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   64.337870] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   64.344813] page_type: f5(slab)
[   64.347952] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   64.355669] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   64.363395] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   64.371207] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   64.379020] head: 0bfffe0000000001 fffffdffe006b701 00000000ffffffff 00000000ffffffff
[   64.386832] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   64.394637] page dumped because: kasan: bad access detected
[   64.400193] 
[   64.401668] Memory state around the buggy address:
[   64.406452]  ffff000801adc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.413651]  ffff000801adc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.420857] >ffff000801adc900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   64.428057]                                                                 ^
[   64.435179]  ffff000801adc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.442385]  ffff000801adca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.449586] ==================================================================
[   64.456927] ==================================================================
[   64.463998] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250
[   64.471286] Write of size 8 at addr ffff000801adc978 by task kunit_try_catch/326
[   64.478664] 
[   64.480149] CPU: 3 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   64.480209] Tainted: [B]=BAD_PAGE, [N]=TEST
[   64.480227] Hardware name: WinLink E850-96 board (DT)
[   64.480247] Call trace:
[   64.480260]  show_stack+0x20/0x38 (C)
[   64.480296]  dump_stack_lvl+0x8c/0xd0
[   64.480330]  print_report+0x118/0x608
[   64.480367]  kasan_report+0xdc/0x128
[   64.480397]  kasan_check_range+0x100/0x1a8
[   64.480434]  __kasan_check_write+0x20/0x30
[   64.480468]  copy_to_kernel_nofault+0x8c/0x250
[   64.480502]  copy_to_kernel_nofault_oob+0x1bc/0x418
[   64.480535]  kunit_try_run_case+0x170/0x3f0
[   64.480569]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.480605]  kthread+0x328/0x630
[   64.480640]  ret_from_fork+0x10/0x20
[   64.480677] 
[   64.552709] Allocated by task 326:
[   64.556096]  kasan_save_stack+0x3c/0x68
[   64.559913]  kasan_save_track+0x20/0x40
[   64.563732]  kasan_save_alloc_info+0x40/0x58
[   64.567986]  __kasan_kmalloc+0xd4/0xd8
[   64.571720]  __kmalloc_cache_noprof+0x15c/0x3c0
[   64.576232]  copy_to_kernel_nofault_oob+0xc8/0x418
[   64.581006]  kunit_try_run_case+0x170/0x3f0
[   64.585173]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.590642]  kthread+0x328/0x630
[   64.593853]  ret_from_fork+0x10/0x20
[   64.597412] 
[   64.598890] The buggy address belongs to the object at ffff000801adc900
[   64.598890]  which belongs to the cache kmalloc-128 of size 128
[   64.611390] The buggy address is located 0 bytes to the right of
[   64.611390]  allocated 120-byte region [ffff000801adc900, ffff000801adc978)
[   64.624321] 
[   64.625800] The buggy address belongs to the physical page:
[   64.631357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881adc
[   64.639340] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   64.646979] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   64.653922] page_type: f5(slab)
[   64.657057] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   64.664779] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   64.672506] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   64.680317] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   64.688129] head: 0bfffe0000000001 fffffdffe006b701 00000000ffffffff 00000000ffffffff
[   64.695942] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   64.703749] page dumped because: kasan: bad access detected
[   64.709303] 
[   64.710778] Memory state around the buggy address:
[   64.715558]  ffff000801adc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.722761]  ffff000801adc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.729968] >ffff000801adc900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   64.737167]                                                                 ^
[   64.744289]  ffff000801adc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.751494]  ffff000801adca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.758695] ==================================================================
KNOWN ISSUE - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault: Failure
Metadata Full log Test run details
Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit KNOWN ISSUE
