Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 43.779742] ================================================================== [ 43.780294] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 43.781183] Write of size 1 at addr fff00000c65d5278 by task kunit_try_catch/274 [ 43.782112] [ 43.782519] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.783686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.784221] Hardware name: linux,dummy-virt (DT) [ 43.784843] Call trace: [ 43.785214] show_stack+0x20/0x38 (C) [ 43.785838] dump_stack_lvl+0x8c/0xd0 [ 43.786490] print_report+0x118/0x5e0 [ 43.787083] kasan_report+0xc8/0x118 [ 43.787700] __asan_report_store1_noabort+0x20/0x30 [ 43.788415] strncpy_from_user+0x270/0x2a0 [ 43.788997] copy_user_test_oob+0x5c0/0xec0 [ 43.789611] kunit_try_run_case+0x14c/0x3d0 [ 43.790126] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.790903] kthread+0x24c/0x2d0 [ 43.791477] ret_from_fork+0x10/0x20 [ 43.792056] [ 43.792376] Allocated by task 274: [ 43.792817] kasan_save_stack+0x3c/0x68 [ 43.793408] kasan_save_track+0x20/0x40 [ 43.794007] kasan_save_alloc_info+0x40/0x58 [ 43.794643] __kasan_kmalloc+0xd4/0xd8 [ 43.795134] __kmalloc_noprof+0x188/0x4c8 [ 43.795701] kunit_kmalloc_array+0x34/0x88 [ 43.796340] copy_user_test_oob+0xac/0xec0 [ 43.796949] kunit_try_run_case+0x14c/0x3d0 [ 43.797601] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.798238] kthread+0x24c/0x2d0 [ 43.798759] ret_from_fork+0x10/0x20 [ 43.799231] [ 43.799593] The buggy address belongs to the object at fff00000c65d5200 [ 43.799593] which belongs to the cache kmalloc-128 of size 128 [ 43.800833] The buggy address is located 0 bytes to the right of [ 43.800833] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.801908] [ 43.802259] The buggy address belongs to the physical page: [ 43.802953] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.803740] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.804601] page_type: f5(slab) [ 43.805121] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.805942] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.806695] page dumped because: kasan: bad access detected [ 43.807389] [ 43.807726] Memory state around the buggy address: [ 43.808406] fff00000c65d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.809285] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.810156] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.811018] ^ [ 43.811752] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.812545] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.813288] ================================================================== [ 43.740244] ================================================================== [ 43.740905] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 43.742332] Write of size 121 at addr fff00000c65d5200 by task kunit_try_catch/274 [ 43.743594] [ 43.744341] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 43.745812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.746436] Hardware name: linux,dummy-virt (DT) [ 43.747124] Call trace: [ 43.747531] show_stack+0x20/0x38 (C) [ 43.748190] dump_stack_lvl+0x8c/0xd0 [ 43.748901] print_report+0x118/0x5e0 [ 43.749407] kasan_report+0xc8/0x118 [ 43.749912] kasan_check_range+0x100/0x1a8 [ 43.750519] __kasan_check_write+0x20/0x30 [ 43.751080] strncpy_from_user+0x3c/0x2a0 [ 43.751801] copy_user_test_oob+0x5c0/0xec0 [ 43.752493] kunit_try_run_case+0x14c/0x3d0 [ 43.753182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.753985] kthread+0x24c/0x2d0 [ 43.754612] ret_from_fork+0x10/0x20 [ 43.755185] [ 43.755542] Allocated by task 274: [ 43.756080] kasan_save_stack+0x3c/0x68 [ 43.756765] kasan_save_track+0x20/0x40 [ 43.757367] kasan_save_alloc_info+0x40/0x58 [ 43.758003] __kasan_kmalloc+0xd4/0xd8 [ 43.758558] __kmalloc_noprof+0x188/0x4c8 [ 43.759118] kunit_kmalloc_array+0x34/0x88 [ 43.759780] copy_user_test_oob+0xac/0xec0 [ 43.760410] kunit_try_run_case+0x14c/0x3d0 [ 43.760995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.761813] kthread+0x24c/0x2d0 [ 43.762395] ret_from_fork+0x10/0x20 [ 43.762969] [ 43.763359] The buggy address belongs to the object at fff00000c65d5200 [ 43.763359] which belongs to the cache kmalloc-128 of size 128 [ 43.764618] The buggy address is located 0 bytes inside of [ 43.764618] allocated 120-byte region [fff00000c65d5200, fff00000c65d5278) [ 43.765784] [ 43.766209] The buggy address belongs to the physical page: [ 43.766940] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d5 [ 43.767824] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 43.768578] page_type: f5(slab) [ 43.769145] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 43.770034] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 43.770913] page dumped because: kasan: bad access detected [ 43.771523] [ 43.771899] Memory state around the buggy address: [ 43.772542] fff00000c65d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.773317] fff00000c65d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.774113] >fff00000c65d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.774942] ^ [ 43.775802] fff00000c65d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.776662] fff00000c65d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.777425] ==================================================================
[ 36.128250] ================================================================== [ 36.129317] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 36.130120] Write of size 1 at addr ffff888101adc778 by task kunit_try_catch/292 [ 36.130843] [ 36.131080] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 36.132034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.132402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.133160] Call Trace: [ 36.133520] <TASK> [ 36.133918] dump_stack_lvl+0x73/0xb0 [ 36.134233] print_report+0xd1/0x640 [ 36.134811] ? __virt_addr_valid+0x1db/0x2d0 [ 36.135306] ? kasan_complete_mode_report_info+0x2a/0x200 [ 36.135916] kasan_report+0x102/0x140 [ 36.136204] ? strncpy_from_user+0x1a7/0x1e0 [ 36.136617] ? strncpy_from_user+0x1a7/0x1e0 [ 36.137276] __asan_report_store1_noabort+0x1b/0x30 [ 36.137934] strncpy_from_user+0x1a7/0x1e0 [ 36.138345] copy_user_test_oob+0x761/0x10f0 [ 36.139025] ? __pfx_copy_user_test_oob+0x10/0x10 [ 36.139502] ? finish_task_switch.isra.0+0x153/0x700 [ 36.140107] ? __switch_to+0x5d9/0xf60 [ 36.140653] ? __schedule+0xc3e/0x2790 [ 36.141316] ? __pfx_read_tsc+0x10/0x10 [ 36.141604] ? ktime_get_ts64+0x84/0x230 [ 36.142222] kunit_try_run_case+0x1b3/0x490 [ 36.142946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.143387] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 36.143917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 36.144499] ? __kthread_parkme+0x82/0x160 [ 36.145056] ? preempt_count_sub+0x50/0x80 [ 36.145536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.146196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 36.146837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.147541] kthread+0x257/0x310 [ 36.147992] ? __pfx_kthread+0x10/0x10 [ 36.148341] ret_from_fork+0x41/0x80 [ 36.148891] ? __pfx_kthread+0x10/0x10 [ 36.149310] ret_from_fork_asm+0x1a/0x30 [ 36.149732] </TASK> [ 36.150071] [ 36.150333] Allocated by task 292: [ 36.150626] kasan_save_stack+0x3d/0x60 [ 36.151154] kasan_save_track+0x18/0x40 [ 36.151587] kasan_save_alloc_info+0x3b/0x50 [ 36.152085] __kasan_kmalloc+0xb7/0xc0 [ 36.152448] __kmalloc_noprof+0x1c4/0x500 [ 36.152940] kunit_kmalloc_array+0x25/0x60 [ 36.153271] copy_user_test_oob+0xac/0x10f0 [ 36.153575] kunit_try_run_case+0x1b3/0x490 [ 36.153892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.154666] kthread+0x257/0x310 [ 36.155263] ret_from_fork+0x41/0x80 [ 36.155811] ret_from_fork_asm+0x1a/0x30 [ 36.156357] [ 36.156578] The buggy address belongs to the object at ffff888101adc700 [ 36.156578] which belongs to the cache kmalloc-128 of size 128 [ 36.158823] The buggy address is located 0 bytes to the right of [ 36.158823] allocated 120-byte region [ffff888101adc700, ffff888101adc778) [ 36.161419] [ 36.161852] The buggy address belongs to the physical page: [ 36.162471] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 36.163393] flags: 0x200000000000000(node=0|zone=2) [ 36.163691] page_type: f5(slab) [ 36.164191] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 36.164933] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.165551] page dumped because: kasan: bad access detected [ 36.166102] [ 36.166465] Memory state around the buggy address: [ 36.166944] ffff888101adc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.168194] ffff888101adc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.169449] >ffff888101adc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.170155] ^ [ 36.170824] ffff888101adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.171296] ffff888101adc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.172133] ================================================================== [ 36.078765] ================================================================== [ 36.079592] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 36.080822] Write of size 121 at addr ffff888101adc700 by task kunit_try_catch/292 [ 36.081464] [ 36.081730] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 36.082769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.083286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.084113] Call Trace: [ 36.084449] <TASK> [ 36.084792] dump_stack_lvl+0x73/0xb0 [ 36.085182] print_report+0xd1/0x640 [ 36.085815] ? __virt_addr_valid+0x1db/0x2d0 [ 36.086203] ? kasan_complete_mode_report_info+0x2a/0x200 [ 36.086916] kasan_report+0x102/0x140 [ 36.087278] ? strncpy_from_user+0x2e/0x1e0 [ 36.087780] ? strncpy_from_user+0x2e/0x1e0 [ 36.088289] kasan_check_range+0x10c/0x1c0 [ 36.088840] __kasan_check_write+0x18/0x20 [ 36.089363] strncpy_from_user+0x2e/0x1e0 [ 36.089912] ? __kasan_check_read+0x15/0x20 [ 36.090429] copy_user_test_oob+0x761/0x10f0 [ 36.090995] ? __pfx_copy_user_test_oob+0x10/0x10 [ 36.091513] ? finish_task_switch.isra.0+0x153/0x700 [ 36.092150] ? __switch_to+0x5d9/0xf60 [ 36.092669] ? __schedule+0xc3e/0x2790 [ 36.093216] ? __pfx_read_tsc+0x10/0x10 [ 36.093745] ? ktime_get_ts64+0x84/0x230 [ 36.094305] kunit_try_run_case+0x1b3/0x490 [ 36.094844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.095334] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 36.096190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 36.096786] ? __kthread_parkme+0x82/0x160 [ 36.097102] ? preempt_count_sub+0x50/0x80 [ 36.097607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.098498] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 36.099231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.099722] kthread+0x257/0x310 [ 36.100186] ? __pfx_kthread+0x10/0x10 [ 36.100826] ret_from_fork+0x41/0x80 [ 36.101277] ? __pfx_kthread+0x10/0x10 [ 36.102121] ret_from_fork_asm+0x1a/0x30 [ 36.102805] </TASK> [ 36.103272] [ 36.103729] Allocated by task 292: [ 36.104138] kasan_save_stack+0x3d/0x60 [ 36.104908] kasan_save_track+0x18/0x40 [ 36.105313] kasan_save_alloc_info+0x3b/0x50 [ 36.105973] __kasan_kmalloc+0xb7/0xc0 [ 36.106606] __kmalloc_noprof+0x1c4/0x500 [ 36.107336] kunit_kmalloc_array+0x25/0x60 [ 36.107830] copy_user_test_oob+0xac/0x10f0 [ 36.108224] kunit_try_run_case+0x1b3/0x490 [ 36.109039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.109567] kthread+0x257/0x310 [ 36.110089] ret_from_fork+0x41/0x80 [ 36.110835] ret_from_fork_asm+0x1a/0x30 [ 36.111462] [ 36.111617] The buggy address belongs to the object at ffff888101adc700 [ 36.111617] which belongs to the cache kmalloc-128 of size 128 [ 36.113649] The buggy address is located 0 bytes inside of [ 36.113649] allocated 120-byte region [ffff888101adc700, ffff888101adc778) [ 36.114952] [ 36.115400] The buggy address belongs to the physical page: [ 36.116208] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101adc [ 36.117017] flags: 0x200000000000000(node=0|zone=2) [ 36.117525] page_type: f5(slab) [ 36.118008] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 36.118793] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.119690] page dumped because: kasan: bad access detected [ 36.120460] [ 36.120632] Memory state around the buggy address: [ 36.121321] ffff888101adc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.122167] ffff888101adc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.123017] >ffff888101adc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.123602] ^ [ 36.124274] ffff888101adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.124555] ffff888101adc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.125775] ==================================================================