Date
Nov. 22, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.227325] ================================================================== [ 39.228942] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 39.231053] Write of size 121 at addr fff00000c63a3f00 by task kunit_try_catch/274 [ 39.232115] [ 39.232690] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 39.234039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.234885] Hardware name: linux,dummy-virt (DT) [ 39.235696] Call trace: [ 39.236207] show_stack+0x20/0x38 (C) [ 39.236910] dump_stack_lvl+0x8c/0xd0 [ 39.237522] print_report+0x118/0x5e0 [ 39.238022] kasan_report+0xc8/0x118 [ 39.238867] kasan_check_range+0x100/0x1a8 [ 39.240259] __kasan_check_write+0x20/0x30 [ 39.241377] strncpy_from_user+0x3c/0x2a0 [ 39.242773] copy_user_test_oob+0x5c0/0xec0 [ 39.243906] kunit_try_run_case+0x14c/0x3d0 [ 39.245223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.245834] kthread+0x24c/0x2d0 [ 39.246324] ret_from_fork+0x10/0x20 [ 39.247092] [ 39.247372] Allocated by task 274: [ 39.249306] kasan_save_stack+0x3c/0x68 [ 39.249834] kasan_save_track+0x20/0x40 [ 39.250252] kasan_save_alloc_info+0x40/0x58 [ 39.250716] __kasan_kmalloc+0xd4/0xd8 [ 39.251128] __kmalloc_noprof+0x188/0x4c8 [ 39.251608] kunit_kmalloc_array+0x34/0x88 [ 39.252056] copy_user_test_oob+0xac/0xec0 [ 39.253204] kunit_try_run_case+0x14c/0x3d0 [ 39.254696] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.255899] kthread+0x24c/0x2d0 [ 39.256424] ret_from_fork+0x10/0x20 [ 39.256855] [ 39.257117] The buggy address belongs to the object at fff00000c63a3f00 [ 39.257117] which belongs to the cache kmalloc-128 of size 128 [ 39.258008] The buggy address is located 0 bytes inside of [ 39.258008] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 39.261583] [ 39.262064] The buggy address belongs to the physical page: [ 39.262736] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 39.263788] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.264776] page_type: f5(slab) [ 39.265212] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.266249] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.267244] page dumped because: kasan: bad access detected [ 39.268351] [ 39.268752] Memory state around the buggy address: [ 39.269482] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.270430] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.271293] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.272324] ^ [ 39.273186] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.274054] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.275072] ================================================================== [ 39.276949] ================================================================== [ 39.277793] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 39.278587] Write of size 1 at addr fff00000c63a3f78 by task kunit_try_catch/274 [ 39.279593] [ 39.279868] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 39.281971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.282649] Hardware name: linux,dummy-virt (DT) [ 39.283496] Call trace: [ 39.283936] show_stack+0x20/0x38 (C) [ 39.284567] dump_stack_lvl+0x8c/0xd0 [ 39.285214] print_report+0x118/0x5e0 [ 39.285824] kasan_report+0xc8/0x118 [ 39.286353] __asan_report_store1_noabort+0x20/0x30 [ 39.287187] strncpy_from_user+0x270/0x2a0 [ 39.287946] copy_user_test_oob+0x5c0/0xec0 [ 39.288509] kunit_try_run_case+0x14c/0x3d0 [ 39.289264] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.290194] kthread+0x24c/0x2d0 [ 39.290747] ret_from_fork+0x10/0x20 [ 39.291557] [ 39.291924] Allocated by task 274: [ 39.292485] kasan_save_stack+0x3c/0x68 [ 39.293028] kasan_save_track+0x20/0x40 [ 39.293822] kasan_save_alloc_info+0x40/0x58 [ 39.294384] __kasan_kmalloc+0xd4/0xd8 [ 39.295082] __kmalloc_noprof+0x188/0x4c8 [ 39.295807] kunit_kmalloc_array+0x34/0x88 [ 39.296585] copy_user_test_oob+0xac/0xec0 [ 39.297147] kunit_try_run_case+0x14c/0x3d0 [ 39.298049] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.298832] kthread+0x24c/0x2d0 [ 39.299281] ret_from_fork+0x10/0x20 [ 39.300009] [ 39.300516] The buggy address belongs to the object at fff00000c63a3f00 [ 39.300516] which belongs to the cache kmalloc-128 of size 128 [ 39.301860] The buggy address is located 0 bytes to the right of [ 39.301860] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 39.303502] [ 39.303924] The buggy address belongs to the physical page: [ 39.304819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 39.305810] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.306654] page_type: f5(slab) [ 39.307258] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.308183] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.309202] page dumped because: kasan: bad access detected [ 39.310033] [ 39.310387] Memory state around the buggy address: [ 39.310954] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.311976] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.312845] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.313722] ^ [ 39.314715] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.315603] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.316521] ==================================================================
[ 32.472426] ================================================================== [ 32.473222] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 32.473994] Write of size 1 at addr ffff888101ac2878 by task kunit_try_catch/293 [ 32.474615] [ 32.474934] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 32.475849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.476374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.477092] Call Trace: [ 32.477490] <TASK> [ 32.477806] dump_stack_lvl+0x73/0xb0 [ 32.478292] print_report+0xd1/0x640 [ 32.478873] ? __virt_addr_valid+0x1db/0x2d0 [ 32.479496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.480139] kasan_report+0x102/0x140 [ 32.480577] ? strncpy_from_user+0x1a7/0x1e0 [ 32.481071] ? strncpy_from_user+0x1a7/0x1e0 [ 32.481548] __asan_report_store1_noabort+0x1b/0x30 [ 32.482138] strncpy_from_user+0x1a7/0x1e0 [ 32.482697] copy_user_test_oob+0x761/0x10f0 [ 32.483282] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.483834] ? finish_task_switch.isra.0+0x153/0x700 [ 32.484305] ? __switch_to+0x5d9/0xf60 [ 32.484595] ? irqentry_exit+0x2a/0x60 [ 32.485023] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.485590] ? trace_hardirqs_on+0x37/0xe0 [ 32.486071] ? __pfx_read_tsc+0x10/0x10 [ 32.486527] ? ktime_get_ts64+0x84/0x230 [ 32.486980] kunit_try_run_case+0x1b3/0x490 [ 32.487537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.487936] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.488354] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.488781] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.489405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.489975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.490623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.491191] kthread+0x257/0x310 [ 32.491614] ? __pfx_kthread+0x10/0x10 [ 32.492118] ret_from_fork+0x41/0x80 [ 32.492581] ? __pfx_kthread+0x10/0x10 [ 32.493103] ret_from_fork_asm+0x1a/0x30 [ 32.493660] </TASK> [ 32.493979] [ 32.494314] Allocated by task 293: [ 32.494649] kasan_save_stack+0x3d/0x60 [ 32.495276] kasan_save_track+0x18/0x40 [ 32.495613] kasan_save_alloc_info+0x3b/0x50 [ 32.496122] __kasan_kmalloc+0xb7/0xc0 [ 32.496584] __kmalloc_noprof+0x1c4/0x500 [ 32.497054] kunit_kmalloc_array+0x25/0x60 [ 32.497472] copy_user_test_oob+0xac/0x10f0 [ 32.497980] kunit_try_run_case+0x1b3/0x490 [ 32.498461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.498983] kthread+0x257/0x310 [ 32.499440] ret_from_fork+0x41/0x80 [ 32.499767] ret_from_fork_asm+0x1a/0x30 [ 32.500281] [ 32.500568] The buggy address belongs to the object at ffff888101ac2800 [ 32.500568] which belongs to the cache kmalloc-128 of size 128 [ 32.501501] The buggy address is located 0 bytes to the right of [ 32.501501] allocated 120-byte region [ffff888101ac2800, ffff888101ac2878) [ 32.502537] [ 32.502771] The buggy address belongs to the physical page: [ 32.503216] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac2 [ 32.503991] flags: 0x200000000000000(node=0|zone=2) [ 32.504543] page_type: f5(slab) [ 32.504963] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.505658] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.506377] page dumped because: kasan: bad access detected [ 32.506942] [ 32.507195] Memory state around the buggy address: [ 32.507685] ffff888101ac2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.508373] ffff888101ac2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.508982] >ffff888101ac2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.509657] ^ [ 32.510370] ffff888101ac2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.510910] ffff888101ac2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.511479] ================================================================== [ 32.431602] ================================================================== [ 32.432299] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 32.433285] Write of size 121 at addr ffff888101ac2800 by task kunit_try_catch/293 [ 32.433809] [ 32.434026] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 32.434757] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.435219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.436022] Call Trace: [ 32.436234] <TASK> [ 32.436558] dump_stack_lvl+0x73/0xb0 [ 32.437038] print_report+0xd1/0x640 [ 32.437507] ? __virt_addr_valid+0x1db/0x2d0 [ 32.438026] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.438547] kasan_report+0x102/0x140 [ 32.439059] ? strncpy_from_user+0x2e/0x1e0 [ 32.439455] ? strncpy_from_user+0x2e/0x1e0 [ 32.439974] kasan_check_range+0x10c/0x1c0 [ 32.440415] __kasan_check_write+0x18/0x20 [ 32.440940] strncpy_from_user+0x2e/0x1e0 [ 32.441370] ? __kasan_check_read+0x15/0x20 [ 32.441897] copy_user_test_oob+0x761/0x10f0 [ 32.442361] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.442904] ? finish_task_switch.isra.0+0x153/0x700 [ 32.443484] ? __switch_to+0x5d9/0xf60 [ 32.443968] ? irqentry_exit+0x2a/0x60 [ 32.444426] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.444875] ? trace_hardirqs_on+0x37/0xe0 [ 32.445286] ? __pfx_read_tsc+0x10/0x10 [ 32.445766] ? ktime_get_ts64+0x84/0x230 [ 32.446309] kunit_try_run_case+0x1b3/0x490 [ 32.446780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.447343] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.447853] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.448467] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.448991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.449566] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.450129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.450779] kthread+0x257/0x310 [ 32.451174] ? __pfx_kthread+0x10/0x10 [ 32.451706] ret_from_fork+0x41/0x80 [ 32.452138] ? __pfx_kthread+0x10/0x10 [ 32.452541] ret_from_fork_asm+0x1a/0x30 [ 32.453016] </TASK> [ 32.453458] [ 32.453714] Allocated by task 293: [ 32.454133] kasan_save_stack+0x3d/0x60 [ 32.454539] kasan_save_track+0x18/0x40 [ 32.454972] kasan_save_alloc_info+0x3b/0x50 [ 32.455581] __kasan_kmalloc+0xb7/0xc0 [ 32.456035] __kmalloc_noprof+0x1c4/0x500 [ 32.456470] kunit_kmalloc_array+0x25/0x60 [ 32.456852] copy_user_test_oob+0xac/0x10f0 [ 32.457353] kunit_try_run_case+0x1b3/0x490 [ 32.457855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.458445] kthread+0x257/0x310 [ 32.458886] ret_from_fork+0x41/0x80 [ 32.459365] ret_from_fork_asm+0x1a/0x30 [ 32.459882] [ 32.460185] The buggy address belongs to the object at ffff888101ac2800 [ 32.460185] which belongs to the cache kmalloc-128 of size 128 [ 32.460926] The buggy address is located 0 bytes inside of [ 32.460926] allocated 120-byte region [ffff888101ac2800, ffff888101ac2878) [ 32.461512] [ 32.461674] The buggy address belongs to the physical page: [ 32.462267] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac2 [ 32.463000] flags: 0x200000000000000(node=0|zone=2) [ 32.463538] page_type: f5(slab) [ 32.463930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.464710] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.465458] page dumped because: kasan: bad access detected [ 32.466066] [ 32.466402] Memory state around the buggy address: [ 32.466806] ffff888101ac2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.467548] ffff888101ac2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.467945] >ffff888101ac2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.468357] ^ [ 32.468859] ffff888101ac2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.469674] ffff888101ac2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.470493] ==================================================================