Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 93.214752] ================================================================== [ 93.222015] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x248/0x260 [ 93.229034] Write of size 1 at addr cc23f278 by task kunit_try_catch/341 [ 93.235778] [ 93.237274] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 93.237304] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 93.237304] Hardware name: Generic DRA74X (Flattened Device Tree) [ 93.237335] Call trace: [ 93.237335] unwind_backtrace from show_stack+0x18/0x1c [ 93.237365] show_stack from dump_stack_lvl+0x70/0x90 [ 93.237396] dump_stack_lvl from print_report+0x158/0x528 [ 93.237426] print_report from kasan_report+0xdc/0x118 [ 93.237426] kasan_report from strncpy_from_user+0x248/0x260 [ 93.237457] strncpy_from_user from copy_user_test_oob+0x7a4/0x12b0 [ 93.237487] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 93.237518] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 93.237548] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 93.237548] kthread from ret_from_fork+0x14/0x20 [ 93.237579] Exception stack(0xf277bfb0 to 0xf277bff8) [ 93.237609] bfa0: 00000000 00000000 00000000 00000000 [ 93.237609] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 93.237640] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 93.237640] [ 93.348907] Allocated by task 341: [ 93.352325] kasan_save_track+0x30/0x5c [ 93.356201] __kasan_kmalloc+0x8c/0x94 [ 93.359985] __kmalloc_noprof+0x20c/0x488 [ 93.364013] kunit_kmalloc_array+0x28/0x60 [ 93.368133] copy_user_test_oob+0xac/0x12b0 [ 93.372375] kunit_try_run_case+0x22c/0x5a8 [ 93.376586] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 93.382110] kthread+0x464/0x810 [ 93.385375] ret_from_fork+0x14/0x20 [ 93.388977] [ 93.390472] The buggy address belongs to the object at cc23f200 [ 93.390472] which belongs to the cache kmalloc-128 of size 128 [ 93.402374] The buggy address is located 0 bytes to the right of [ 93.402374] allocated 120-byte region [cc23f200, cc23f278) [ 93.414001] [ 93.415527] The buggy address belongs to the physical page: [ 93.421112] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23f [ 93.428405] flags: 0x0(zone=0) [ 93.431488] page_type: f5(slab) [ 93.434661] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 93.442779] raw: 00000000 [ 93.445434] page dumped because: kasan: bad access detected [ 93.451049] [ 93.452545] Memory state around the buggy address: [ 93.457366] cc23f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.463928] cc23f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.470520] >cc23f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 93.477081] ^ [ 93.483581] cc23f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.490142] cc23f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.496704] ================================================================== [ 92.919830] ================================================================== [ 92.927093] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x20/0x260 [ 92.934020] Write of size 121 at addr cc23f200 by task kunit_try_catch/341 [ 92.940948] [ 92.942474] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 92.942504] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 92.942504] Hardware name: Generic DRA74X (Flattened Device Tree) [ 92.942504] Call trace: [ 92.942535] unwind_backtrace from show_stack+0x18/0x1c [ 92.942535] show_stack from dump_stack_lvl+0x70/0x90 [ 92.942565] dump_stack_lvl from print_report+0x158/0x528 [ 92.942596] print_report from kasan_report+0xdc/0x118 [ 92.942626] kasan_report from kasan_check_range+0x14c/0x198 [ 92.942626] kasan_check_range from strncpy_from_user+0x20/0x260 [ 92.942657] strncpy_from_user from copy_user_test_oob+0x7a4/0x12b0 [ 92.942687] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 92.942718] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.942749] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 92.942779] kthread from ret_from_fork+0x14/0x20 [ 92.942779] Exception stack(0xf277bfb0 to 0xf277bff8) [ 92.942810] bfa0: 00000000 00000000 00000000 00000000 [ 92.942810] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 92.942840] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 92.942840] [ 93.060119] Allocated by task 341: [ 93.063568] kasan_save_track+0x30/0x5c [ 93.067413] __kasan_kmalloc+0x8c/0x94 [ 93.071197] __kmalloc_noprof+0x20c/0x488 [ 93.075256] kunit_kmalloc_array+0x28/0x60 [ 93.079376] copy_user_test_oob+0xac/0x12b0 [ 93.083618] kunit_try_run_case+0x22c/0x5a8 [ 93.087829] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 93.093353] kthread+0x464/0x810 [ 93.096618] ret_from_fork+0x14/0x20 [ 93.100219] [ 93.101715] The buggy address belongs to the object at cc23f200 [ 93.101715] which belongs to the cache kmalloc-128 of size 128 [ 93.113616] The buggy address is located 0 bytes inside of [ 93.113616] allocated 120-byte region [cc23f200, cc23f278) [ 93.124725] [ 93.126220] The buggy address belongs to the physical page: [ 93.131835] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23f [ 93.139099] flags: 0x0(zone=0) [ 93.142181] page_type: f5(slab) [ 93.145355] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 93.153503] raw: 00000000 [ 93.156158] page dumped because: kasan: bad access detected [ 93.161743] [ 93.163269] Memory state around the buggy address: [ 93.168090] cc23f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.174652] cc23f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.181213] >cc23f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 93.187805] ^ [ 93.194274] cc23f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.200866] cc23f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.207427] ==================================================================
[ 79.026243] ================================================================== [ 79.033483] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 79.040444] Write of size 1 at addr ffff888104ee9778 by task kunit_try_catch/328 [ 79.047835] [ 79.049336] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 79.049344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 79.049346] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 79.049350] Call Trace: [ 79.049351] <TASK> [ 79.049353] dump_stack_lvl+0x73/0xb0 [ 79.049357] print_report+0xd1/0x650 [ 79.049361] ? __virt_addr_valid+0x1db/0x2d0 [ 79.049365] ? strncpy_from_user+0x1a5/0x1d0 [ 79.049369] ? kasan_complete_mode_report_info+0x2a/0x200 [ 79.049373] ? strncpy_from_user+0x1a5/0x1d0 [ 79.049378] kasan_report+0x141/0x180 [ 79.049382] ? strncpy_from_user+0x1a5/0x1d0 [ 79.049387] __asan_report_store1_noabort+0x1b/0x30 [ 79.049391] strncpy_from_user+0x1a5/0x1d0 [ 79.049396] copy_user_test_oob+0x760/0x10f0 [ 79.049400] ? __pfx_copy_user_test_oob+0x10/0x10 [ 79.049403] ? finish_task_switch.isra.0+0x153/0x700 [ 79.049408] ? __switch_to+0x5d9/0xf60 [ 79.049412] ? dequeue_task_fair+0x166/0x4e0 [ 79.049417] ? __schedule+0x10cc/0x2b30 [ 79.049421] ? ktime_get_ts64+0x83/0x230 [ 79.049426] kunit_try_run_case+0x1a2/0x480 [ 79.049431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 79.049435] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 79.049440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 79.049445] ? __kthread_parkme+0x82/0x180 [ 79.049449] ? preempt_count_sub+0x50/0x80 [ 79.049454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 79.049458] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 79.049462] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 79.049466] kthread+0x334/0x6f0 [ 79.049471] ? trace_preempt_on+0x20/0xc0 [ 79.049475] ? __pfx_kthread+0x10/0x10 [ 79.049480] ? _raw_spin_unlock_irq+0x47/0x80 [ 79.049484] ? calculate_sigpending+0x7b/0xa0 [ 79.049488] ? __pfx_kthread+0x10/0x10 [ 79.049492] ret_from_fork+0x3e/0x80 [ 79.049497] ? __pfx_kthread+0x10/0x10 [ 79.049501] ret_from_fork_asm+0x1a/0x30 [ 79.049507] </TASK> [ 79.049509] [ 79.229764] Allocated by task 328: [ 79.233172] kasan_save_stack+0x45/0x70 [ 79.237011] kasan_save_track+0x18/0x40 [ 79.240851] kasan_save_alloc_info+0x3b/0x50 [ 79.245121] __kasan_kmalloc+0xb7/0xc0 [ 79.248874] __kmalloc_noprof+0x1c9/0x500 [ 79.252887] kunit_kmalloc_array+0x25/0x60 [ 79.256985] copy_user_test_oob+0xab/0x10f0 [ 79.261174] kunit_try_run_case+0x1a2/0x480 [ 79.265366] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 79.270766] kthread+0x334/0x6f0 [ 79.273998] ret_from_fork+0x3e/0x80 [ 79.277576] ret_from_fork_asm+0x1a/0x30 [ 79.281503] [ 79.283001] The buggy address belongs to the object at ffff888104ee9700 [ 79.283001] which belongs to the cache kmalloc-128 of size 128 [ 79.295509] The buggy address is located 0 bytes to the right of [ 79.295509] allocated 120-byte region [ffff888104ee9700, ffff888104ee9778) [ 79.308464] [ 79.309964] The buggy address belongs to the physical page: [ 79.315535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ee9 [ 79.323535] flags: 0x200000000000000(node=0|zone=2) [ 79.328414] page_type: f5(slab) [ 79.331562] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 79.339309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 79.347056] page dumped because: kasan: bad access detected [ 79.352628] [ 79.354126] Memory state around the buggy address: [ 79.358918] ffff888104ee9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.366139] ffff888104ee9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.373358] >ffff888104ee9700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 79.380576] ^ [ 79.387708] ffff888104ee9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.394929] ffff888104ee9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.402156] ================================================================== [ 78.636281] ================================================================== [ 78.643529] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 78.650408] Write of size 121 at addr ffff888104ee9700 by task kunit_try_catch/328 [ 78.657975] [ 78.659476] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 78.659484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 78.659486] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 78.659489] Call Trace: [ 78.659491] <TASK> [ 78.659493] dump_stack_lvl+0x73/0xb0 [ 78.659497] print_report+0xd1/0x650 [ 78.659501] ? __virt_addr_valid+0x1db/0x2d0 [ 78.659505] ? strncpy_from_user+0x2e/0x1d0 [ 78.659509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 78.659514] ? strncpy_from_user+0x2e/0x1d0 [ 78.659518] kasan_report+0x141/0x180 [ 78.659522] ? strncpy_from_user+0x2e/0x1d0 [ 78.659527] kasan_check_range+0x10c/0x1c0 [ 78.659532] __kasan_check_write+0x18/0x20 [ 78.659536] strncpy_from_user+0x2e/0x1d0 [ 78.659540] ? __kasan_check_read+0x15/0x20 [ 78.659544] copy_user_test_oob+0x760/0x10f0 [ 78.659548] ? __pfx_copy_user_test_oob+0x10/0x10 [ 78.659552] ? finish_task_switch.isra.0+0x153/0x700 [ 78.659556] ? __switch_to+0x5d9/0xf60 [ 78.659560] ? dequeue_task_fair+0x166/0x4e0 [ 78.659565] ? __schedule+0x10cc/0x2b30 [ 78.659569] ? ktime_get_ts64+0x83/0x230 [ 78.659574] kunit_try_run_case+0x1a2/0x480 [ 78.659579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 78.659583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 78.659588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 78.659593] ? __kthread_parkme+0x82/0x180 [ 78.659597] ? preempt_count_sub+0x50/0x80 [ 78.659602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 78.659606] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 78.659611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 78.659615] kthread+0x334/0x6f0 [ 78.659619] ? trace_preempt_on+0x20/0xc0 [ 78.659623] ? __pfx_kthread+0x10/0x10 [ 78.659628] ? _raw_spin_unlock_irq+0x47/0x80 [ 78.659632] ? calculate_sigpending+0x7b/0xa0 [ 78.659636] ? __pfx_kthread+0x10/0x10 [ 78.659641] ret_from_fork+0x3e/0x80 [ 78.659645] ? __pfx_kthread+0x10/0x10 [ 78.659649] ret_from_fork_asm+0x1a/0x30 [ 78.659655] </TASK> [ 78.659657] [ 78.847088] Allocated by task 328: [ 78.850495] kasan_save_stack+0x45/0x70 [ 78.854335] kasan_save_track+0x18/0x40 [ 78.858174] kasan_save_alloc_info+0x3b/0x50 [ 78.862446] __kasan_kmalloc+0xb7/0xc0 [ 78.866198] __kmalloc_noprof+0x1c9/0x500 [ 78.870210] kunit_kmalloc_array+0x25/0x60 [ 78.874310] copy_user_test_oob+0xab/0x10f0 [ 78.878495] kunit_try_run_case+0x1a2/0x480 [ 78.882705] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 78.888123] kthread+0x334/0x6f0 [ 78.891358] ret_from_fork+0x3e/0x80 [ 78.894946] ret_from_fork_asm+0x1a/0x30 [ 78.898880] [ 78.900377] The buggy address belongs to the object at ffff888104ee9700 [ 78.900377] which belongs to the cache kmalloc-128 of size 128 [ 78.912885] The buggy address is located 0 bytes inside of [ 78.912885] allocated 120-byte region [ffff888104ee9700, ffff888104ee9778) [ 78.925320] [ 78.926819] The buggy address belongs to the physical page: [ 78.932392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ee9 [ 78.940399] flags: 0x200000000000000(node=0|zone=2) [ 78.945277] page_type: f5(slab) [ 78.948424] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 78.956165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 78.963912] page dumped because: kasan: bad access detected [ 78.969482] [ 78.970981] Memory state around the buggy address: [ 78.975775] ffff888104ee9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.982994] ffff888104ee9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.990212] >ffff888104ee9700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 78.997430] ^ [ 79.004566] ffff888104ee9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.011794] ffff888104ee9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 79.019019] ==================================================================