Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 38.542376] ================================================================== [ 38.543180] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 38.543806] Write of size 1 at addr fff00000c596cb78 by task kunit_try_catch/274 [ 38.545107] [ 38.545556] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.546816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.547310] Hardware name: linux,dummy-virt (DT) [ 38.547987] Call trace: [ 38.548415] show_stack+0x20/0x38 (C) [ 38.549084] dump_stack_lvl+0x8c/0xd0 [ 38.549720] print_report+0x118/0x5e0 [ 38.550387] kasan_report+0xc8/0x118 [ 38.550996] __asan_report_store1_noabort+0x20/0x30 [ 38.551674] strncpy_from_user+0x270/0x2a0 [ 38.552320] copy_user_test_oob+0x5c0/0xec0 [ 38.552962] kunit_try_run_case+0x14c/0x3d0 [ 38.553519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.554339] kthread+0x24c/0x2d0 [ 38.554916] ret_from_fork+0x10/0x20 [ 38.555545] [ 38.555878] Allocated by task 274: [ 38.556458] kasan_save_stack+0x3c/0x68 [ 38.557099] kasan_save_track+0x20/0x40 [ 38.557656] kasan_save_alloc_info+0x40/0x58 [ 38.558329] __kasan_kmalloc+0xd4/0xd8 [ 38.558846] __kmalloc_noprof+0x188/0x4c8 [ 38.559649] kunit_kmalloc_array+0x34/0x88 [ 38.560282] copy_user_test_oob+0xac/0xec0 [ 38.561078] kunit_try_run_case+0x14c/0x3d0 [ 38.561930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.562975] kthread+0x24c/0x2d0 [ 38.563689] ret_from_fork+0x10/0x20 [ 38.564458] [ 38.564928] The buggy address belongs to the object at fff00000c596cb00 [ 38.564928] which belongs to the cache kmalloc-128 of size 128 [ 38.566162] The buggy address is located 0 bytes to the right of [ 38.566162] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.567347] [ 38.567659] The buggy address belongs to the physical page: [ 38.568935] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.570050] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.571049] page_type: f5(slab) [ 38.571803] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.572844] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.573649] page dumped because: kasan: bad access detected [ 38.574632] [ 38.575188] Memory state around the buggy address: [ 38.575973] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.577022] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.578071] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.579105] ^ [ 38.580137] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.581171] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.581960] ================================================================== [ 38.503499] ================================================================== [ 38.504405] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 38.505445] Write of size 121 at addr fff00000c596cb00 by task kunit_try_catch/274 [ 38.506300] [ 38.507095] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.508380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.509029] Hardware name: linux,dummy-virt (DT) [ 38.510204] Call trace: [ 38.510808] show_stack+0x20/0x38 (C) [ 38.511469] dump_stack_lvl+0x8c/0xd0 [ 38.512086] print_report+0x118/0x5e0 [ 38.512667] kasan_report+0xc8/0x118 [ 38.513208] kasan_check_range+0x100/0x1a8 [ 38.513724] __kasan_check_write+0x20/0x30 [ 38.514282] strncpy_from_user+0x3c/0x2a0 [ 38.514960] copy_user_test_oob+0x5c0/0xec0 [ 38.515569] kunit_try_run_case+0x14c/0x3d0 [ 38.516237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.516951] kthread+0x24c/0x2d0 [ 38.517491] ret_from_fork+0x10/0x20 [ 38.518064] [ 38.518433] Allocated by task 274: [ 38.518865] kasan_save_stack+0x3c/0x68 [ 38.519520] kasan_save_track+0x20/0x40 [ 38.520143] kasan_save_alloc_info+0x40/0x58 [ 38.520821] __kasan_kmalloc+0xd4/0xd8 [ 38.521444] __kmalloc_noprof+0x188/0x4c8 [ 38.522051] kunit_kmalloc_array+0x34/0x88 [ 38.522696] copy_user_test_oob+0xac/0xec0 [ 38.523360] kunit_try_run_case+0x14c/0x3d0 [ 38.523927] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.524638] kthread+0x24c/0x2d0 [ 38.525225] ret_from_fork+0x10/0x20 [ 38.525791] [ 38.526110] The buggy address belongs to the object at fff00000c596cb00 [ 38.526110] which belongs to the cache kmalloc-128 of size 128 [ 38.527512] The buggy address is located 0 bytes inside of [ 38.527512] allocated 120-byte region [fff00000c596cb00, fff00000c596cb78) [ 38.528781] [ 38.529172] The buggy address belongs to the physical page: [ 38.529706] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 38.530712] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.531467] page_type: f5(slab) [ 38.531925] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.532874] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.533775] page dumped because: kasan: bad access detected [ 38.534529] [ 38.534892] Memory state around the buggy address: [ 38.535620] fff00000c596ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.536361] fff00000c596ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.537191] >fff00000c596cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.537962] ^ [ 38.538786] fff00000c596cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.539600] fff00000c596cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.540388] ==================================================================
[ 38.579969] ================================================================== [ 38.580794] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 38.582079] Write of size 121 at addr fff00000c5f1be00 by task kunit_try_catch/274 [ 38.582976] [ 38.583392] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.584704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.585455] Hardware name: linux,dummy-virt (DT) [ 38.586091] Call trace: [ 38.586500] show_stack+0x20/0x38 (C) [ 38.587481] dump_stack_lvl+0x8c/0xd0 [ 38.588342] print_report+0x118/0x5e0 [ 38.588888] kasan_report+0xc8/0x118 [ 38.589456] kasan_check_range+0x100/0x1a8 [ 38.590212] __kasan_check_write+0x20/0x30 [ 38.590899] strncpy_from_user+0x3c/0x2a0 [ 38.591562] copy_user_test_oob+0x5c0/0xec0 [ 38.592230] kunit_try_run_case+0x14c/0x3d0 [ 38.592925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.593708] kthread+0x24c/0x2d0 [ 38.594284] ret_from_fork+0x10/0x20 [ 38.594875] [ 38.595293] Allocated by task 274: [ 38.596010] kasan_save_stack+0x3c/0x68 [ 38.596729] kasan_save_track+0x20/0x40 [ 38.597417] kasan_save_alloc_info+0x40/0x58 [ 38.598074] __kasan_kmalloc+0xd4/0xd8 [ 38.598689] __kmalloc_noprof+0x188/0x4c8 [ 38.599294] kunit_kmalloc_array+0x34/0x88 [ 38.599940] copy_user_test_oob+0xac/0xec0 [ 38.600626] kunit_try_run_case+0x14c/0x3d0 [ 38.601227] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.601964] kthread+0x24c/0x2d0 [ 38.602429] ret_from_fork+0x10/0x20 [ 38.603132] [ 38.603452] The buggy address belongs to the object at fff00000c5f1be00 [ 38.603452] which belongs to the cache kmalloc-128 of size 128 [ 38.604738] The buggy address is located 0 bytes inside of [ 38.604738] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.606192] [ 38.606548] The buggy address belongs to the physical page: [ 38.607321] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.608332] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.609282] page_type: f5(slab) [ 38.609939] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.610842] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.611660] page dumped because: kasan: bad access detected [ 38.612470] [ 38.612864] Memory state around the buggy address: [ 38.613487] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.614518] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.615285] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.616220] ^ [ 38.617064] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.617931] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.618797] ================================================================== [ 38.620791] ================================================================== [ 38.622372] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 38.623205] Write of size 1 at addr fff00000c5f1be78 by task kunit_try_catch/274 [ 38.623929] [ 38.624317] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 38.625389] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.626374] Hardware name: linux,dummy-virt (DT) [ 38.627122] Call trace: [ 38.627603] show_stack+0x20/0x38 (C) [ 38.628183] dump_stack_lvl+0x8c/0xd0 [ 38.628855] print_report+0x118/0x5e0 [ 38.629381] kasan_report+0xc8/0x118 [ 38.630040] __asan_report_store1_noabort+0x20/0x30 [ 38.630684] strncpy_from_user+0x270/0x2a0 [ 38.631361] copy_user_test_oob+0x5c0/0xec0 [ 38.632004] kunit_try_run_case+0x14c/0x3d0 [ 38.632596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.633420] kthread+0x24c/0x2d0 [ 38.633980] ret_from_fork+0x10/0x20 [ 38.634637] [ 38.634996] Allocated by task 274: [ 38.635577] kasan_save_stack+0x3c/0x68 [ 38.636139] kasan_save_track+0x20/0x40 [ 38.636692] kasan_save_alloc_info+0x40/0x58 [ 38.637380] __kasan_kmalloc+0xd4/0xd8 [ 38.637871] __kmalloc_noprof+0x188/0x4c8 [ 38.638520] kunit_kmalloc_array+0x34/0x88 [ 38.639178] copy_user_test_oob+0xac/0xec0 [ 38.639854] kunit_try_run_case+0x14c/0x3d0 [ 38.640442] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.641257] kthread+0x24c/0x2d0 [ 38.641832] ret_from_fork+0x10/0x20 [ 38.642441] [ 38.642791] The buggy address belongs to the object at fff00000c5f1be00 [ 38.642791] which belongs to the cache kmalloc-128 of size 128 [ 38.644072] The buggy address is located 0 bytes to the right of [ 38.644072] allocated 120-byte region [fff00000c5f1be00, fff00000c5f1be78) [ 38.645427] [ 38.645830] The buggy address belongs to the physical page: [ 38.646594] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f1b [ 38.647434] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.648262] page_type: f5(slab) [ 38.648861] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.649692] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.650570] page dumped because: kasan: bad access detected [ 38.651166] [ 38.651571] Memory state around the buggy address: [ 38.652270] fff00000c5f1bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.653143] fff00000c5f1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.654105] >fff00000c5f1be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.654998] ^ [ 38.655949] fff00000c5f1be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.656752] fff00000c5f1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.657679] ==================================================================
[ 32.951293] ================================================================== [ 32.951902] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 32.952167] Write of size 1 at addr ffff8881028f6c78 by task kunit_try_catch/294 [ 32.952167] [ 32.952167] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.952167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.952167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.952167] Call Trace: [ 32.952167] <TASK> [ 32.952167] dump_stack_lvl+0x73/0xb0 [ 32.952167] print_report+0xd1/0x640 [ 32.952167] ? __virt_addr_valid+0x1db/0x2d0 [ 32.952167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.952167] kasan_report+0x102/0x140 [ 32.952167] ? strncpy_from_user+0x1a7/0x1e0 [ 32.952167] ? strncpy_from_user+0x1a7/0x1e0 [ 32.952167] __asan_report_store1_noabort+0x1b/0x30 [ 32.952167] strncpy_from_user+0x1a7/0x1e0 [ 32.952167] copy_user_test_oob+0x761/0x10f0 [ 32.952167] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.952167] ? __switch_to+0x5d9/0xf60 [ 32.952167] ? __schedule+0xc3e/0x2790 [ 32.952167] ? ktime_get_ts64+0x84/0x230 [ 32.952167] kunit_try_run_case+0x1b3/0x490 [ 32.952167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.952167] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.952167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.952167] ? __kthread_parkme+0x82/0x160 [ 32.952167] ? preempt_count_sub+0x50/0x80 [ 32.952167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.952167] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.952167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.952167] kthread+0x257/0x310 [ 32.952167] ? __pfx_kthread+0x10/0x10 [ 32.952167] ret_from_fork+0x41/0x80 [ 32.952167] ? __pfx_kthread+0x10/0x10 [ 32.952167] ret_from_fork_asm+0x1a/0x30 [ 32.952167] </TASK> [ 32.952167] [ 32.952167] Allocated by task 294: [ 32.952167] kasan_save_stack+0x3d/0x60 [ 32.952167] kasan_save_track+0x18/0x40 [ 32.952167] kasan_save_alloc_info+0x3b/0x50 [ 32.952167] __kasan_kmalloc+0xb7/0xc0 [ 32.952167] __kmalloc_noprof+0x1c4/0x500 [ 32.952167] kunit_kmalloc_array+0x25/0x60 [ 32.952167] copy_user_test_oob+0xac/0x10f0 [ 32.952167] kunit_try_run_case+0x1b3/0x490 [ 32.952167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.952167] kthread+0x257/0x310 [ 32.952167] ret_from_fork+0x41/0x80 [ 32.952167] ret_from_fork_asm+0x1a/0x30 [ 32.952167] [ 32.952167] The buggy address belongs to the object at ffff8881028f6c00 [ 32.952167] which belongs to the cache kmalloc-128 of size 128 [ 32.952167] The buggy address is located 0 bytes to the right of [ 32.952167] allocated 120-byte region [ffff8881028f6c00, ffff8881028f6c78) [ 32.952167] [ 32.952167] The buggy address belongs to the physical page: [ 32.952167] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f6 [ 32.952167] flags: 0x200000000000000(node=0|zone=2) [ 32.952167] page_type: f5(slab) [ 32.952167] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.952167] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.952167] page dumped because: kasan: bad access detected [ 32.952167] [ 32.952167] Memory state around the buggy address: [ 32.952167] ffff8881028f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.952167] ffff8881028f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.952167] >ffff8881028f6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.952167] ^ [ 32.952167] ffff8881028f6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.952167] ffff8881028f6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.952167] ================================================================== [ 32.909163] ================================================================== [ 32.909263] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 32.909263] Write of size 121 at addr ffff8881028f6c00 by task kunit_try_catch/294 [ 32.909263] [ 32.910304] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.913537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.913537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.913537] Call Trace: [ 32.913537] <TASK> [ 32.913537] dump_stack_lvl+0x73/0xb0 [ 32.913537] print_report+0xd1/0x640 [ 32.913537] ? __virt_addr_valid+0x1db/0x2d0 [ 32.913537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.913537] kasan_report+0x102/0x140 [ 32.913537] ? strncpy_from_user+0x2e/0x1e0 [ 32.913537] ? strncpy_from_user+0x2e/0x1e0 [ 32.913537] kasan_check_range+0x10c/0x1c0 [ 32.913537] __kasan_check_write+0x18/0x20 [ 32.913537] strncpy_from_user+0x2e/0x1e0 [ 32.913537] ? __kasan_check_read+0x15/0x20 [ 32.913537] copy_user_test_oob+0x761/0x10f0 [ 32.913537] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.913537] ? __switch_to+0x5d9/0xf60 [ 32.913537] ? __schedule+0xc3e/0x2790 [ 32.913537] ? ktime_get_ts64+0x84/0x230 [ 32.913537] kunit_try_run_case+0x1b3/0x490 [ 32.913537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.913537] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.913537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.913537] ? __kthread_parkme+0x82/0x160 [ 32.913537] ? preempt_count_sub+0x50/0x80 [ 32.913537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.913537] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.913537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.913537] kthread+0x257/0x310 [ 32.913537] ? __pfx_kthread+0x10/0x10 [ 32.913537] ret_from_fork+0x41/0x80 [ 32.913537] ? __pfx_kthread+0x10/0x10 [ 32.913537] ret_from_fork_asm+0x1a/0x30 [ 32.913537] </TASK> [ 32.913537] [ 32.913537] Allocated by task 294: [ 32.913537] kasan_save_stack+0x3d/0x60 [ 32.913537] kasan_save_track+0x18/0x40 [ 32.913537] kasan_save_alloc_info+0x3b/0x50 [ 32.913537] __kasan_kmalloc+0xb7/0xc0 [ 32.913537] __kmalloc_noprof+0x1c4/0x500 [ 32.913537] kunit_kmalloc_array+0x25/0x60 [ 32.913537] copy_user_test_oob+0xac/0x10f0 [ 32.913537] kunit_try_run_case+0x1b3/0x490 [ 32.913537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.913537] kthread+0x257/0x310 [ 32.913537] ret_from_fork+0x41/0x80 [ 32.913537] ret_from_fork_asm+0x1a/0x30 [ 32.913537] [ 32.913537] The buggy address belongs to the object at ffff8881028f6c00 [ 32.913537] which belongs to the cache kmalloc-128 of size 128 [ 32.913537] The buggy address is located 0 bytes inside of [ 32.913537] allocated 120-byte region [ffff8881028f6c00, ffff8881028f6c78) [ 32.913537] [ 32.913537] The buggy address belongs to the physical page: [ 32.913537] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f6 [ 32.913537] flags: 0x200000000000000(node=0|zone=2) [ 32.913537] page_type: f5(slab) [ 32.913537] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.913537] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.913537] page dumped because: kasan: bad access detected [ 32.913537] [ 32.913537] Memory state around the buggy address: [ 32.913537] ffff8881028f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.913537] ffff8881028f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.913537] >ffff8881028f6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.913537] ^ [ 32.913537] ffff8881028f6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.913537] ffff8881028f6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.913537] ==================================================================
[ 27.643820] ================================================================== [ 27.644758] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 27.645370] Write of size 121 at addr ffff8881028cc000 by task kunit_try_catch/292 [ 27.646896] [ 27.647619] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.649286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.649723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.651271] Call Trace: [ 27.651522] <TASK> [ 27.652391] dump_stack_lvl+0x73/0xb0 [ 27.652943] print_report+0xd1/0x640 [ 27.653518] ? __virt_addr_valid+0x1db/0x2d0 [ 27.653967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.654543] kasan_report+0x102/0x140 [ 27.654928] ? strncpy_from_user+0x2e/0x1e0 [ 27.655317] ? strncpy_from_user+0x2e/0x1e0 [ 27.656658] kasan_check_range+0x10c/0x1c0 [ 27.656961] __kasan_check_write+0x18/0x20 [ 27.657415] strncpy_from_user+0x2e/0x1e0 [ 27.657945] ? __kasan_check_read+0x15/0x20 [ 27.658399] copy_user_test_oob+0x761/0x10f0 [ 27.659429] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.660041] ? finish_task_switch.isra.0+0x153/0x700 [ 27.660565] ? __switch_to+0x5d9/0xf60 [ 27.661368] ? __schedule+0xc3e/0x2790 [ 27.661869] ? __pfx_read_tsc+0x10/0x10 [ 27.662617] ? ktime_get_ts64+0x84/0x230 [ 27.663105] kunit_try_run_case+0x1b3/0x490 [ 27.663911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.664311] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.665067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.665559] ? __kthread_parkme+0x82/0x160 [ 27.666349] ? preempt_count_sub+0x50/0x80 [ 27.666978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.667410] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.668257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.669028] kthread+0x257/0x310 [ 27.669452] ? __pfx_kthread+0x10/0x10 [ 27.670248] ret_from_fork+0x41/0x80 [ 27.671014] ? __pfx_kthread+0x10/0x10 [ 27.671387] ret_from_fork_asm+0x1a/0x30 [ 27.671821] </TASK> [ 27.672078] [ 27.672254] Allocated by task 292: [ 27.673257] kasan_save_stack+0x3d/0x60 [ 27.673526] kasan_save_track+0x18/0x40 [ 27.674202] kasan_save_alloc_info+0x3b/0x50 [ 27.674921] __kasan_kmalloc+0xb7/0xc0 [ 27.675257] __kmalloc_noprof+0x1c4/0x500 [ 27.675583] kunit_kmalloc_array+0x25/0x60 [ 27.676466] copy_user_test_oob+0xac/0x10f0 [ 27.676924] kunit_try_run_case+0x1b3/0x490 [ 27.677384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.678313] kthread+0x257/0x310 [ 27.678958] ret_from_fork+0x41/0x80 [ 27.679387] ret_from_fork_asm+0x1a/0x30 [ 27.679719] [ 27.680474] The buggy address belongs to the object at ffff8881028cc000 [ 27.680474] which belongs to the cache kmalloc-128 of size 128 [ 27.681339] The buggy address is located 0 bytes inside of [ 27.681339] allocated 120-byte region [ffff8881028cc000, ffff8881028cc078) [ 27.682849] [ 27.683169] The buggy address belongs to the physical page: [ 27.684109] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc [ 27.684719] flags: 0x200000000000000(node=0|zone=2) [ 27.685310] page_type: f5(slab) [ 27.686107] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.686939] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.687736] page dumped because: kasan: bad access detected [ 27.688032] [ 27.688794] Memory state around the buggy address: [ 27.689129] ffff8881028cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.689655] ffff8881028cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.690589] >ffff8881028cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.691214] ^ [ 27.692151] ffff8881028cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.692861] ffff8881028cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.693403] ================================================================== [ 27.695614] ================================================================== [ 27.696850] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 27.697869] Write of size 1 at addr ffff8881028cc078 by task kunit_try_catch/292 [ 27.698396] [ 27.699024] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.700317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.700709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.701377] Call Trace: [ 27.702130] <TASK> [ 27.702497] dump_stack_lvl+0x73/0xb0 [ 27.703365] print_report+0xd1/0x640 [ 27.704188] ? __virt_addr_valid+0x1db/0x2d0 [ 27.705215] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.705674] kasan_report+0x102/0x140 [ 27.706289] ? strncpy_from_user+0x1a7/0x1e0 [ 27.706883] ? strncpy_from_user+0x1a7/0x1e0 [ 27.707383] __asan_report_store1_noabort+0x1b/0x30 [ 27.707923] strncpy_from_user+0x1a7/0x1e0 [ 27.708640] copy_user_test_oob+0x761/0x10f0 [ 27.709087] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.709462] ? finish_task_switch.isra.0+0x153/0x700 [ 27.709810] ? __switch_to+0x5d9/0xf60 [ 27.710137] ? __schedule+0xc3e/0x2790 [ 27.711079] ? __pfx_read_tsc+0x10/0x10 [ 27.711570] ? ktime_get_ts64+0x84/0x230 [ 27.712047] kunit_try_run_case+0x1b3/0x490 [ 27.712542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.713305] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.713936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.714453] ? __kthread_parkme+0x82/0x160 [ 27.715366] ? preempt_count_sub+0x50/0x80 [ 27.716052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.716528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.717223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.717825] kthread+0x257/0x310 [ 27.718171] ? __pfx_kthread+0x10/0x10 [ 27.719382] ret_from_fork+0x41/0x80 [ 27.720124] ? __pfx_kthread+0x10/0x10 [ 27.720503] ret_from_fork_asm+0x1a/0x30 [ 27.720842] </TASK> [ 27.721133] [ 27.721347] Allocated by task 292: [ 27.721733] kasan_save_stack+0x3d/0x60 [ 27.722128] kasan_save_track+0x18/0x40 [ 27.722517] kasan_save_alloc_info+0x3b/0x50 [ 27.722833] __kasan_kmalloc+0xb7/0xc0 [ 27.723107] __kmalloc_noprof+0x1c4/0x500 [ 27.724626] kunit_kmalloc_array+0x25/0x60 [ 27.725085] copy_user_test_oob+0xac/0x10f0 [ 27.725701] kunit_try_run_case+0x1b3/0x490 [ 27.725970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.726836] kthread+0x257/0x310 [ 27.727175] ret_from_fork+0x41/0x80 [ 27.727645] ret_from_fork_asm+0x1a/0x30 [ 27.728034] [ 27.728271] The buggy address belongs to the object at ffff8881028cc000 [ 27.728271] which belongs to the cache kmalloc-128 of size 128 [ 27.729210] The buggy address is located 0 bytes to the right of [ 27.729210] allocated 120-byte region [ffff8881028cc000, ffff8881028cc078) [ 27.730345] [ 27.730538] The buggy address belongs to the physical page: [ 27.731233] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc [ 27.731952] flags: 0x200000000000000(node=0|zone=2) [ 27.732394] page_type: f5(slab) [ 27.733003] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.733689] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.734332] page dumped because: kasan: bad access detected [ 27.734930] [ 27.735099] Memory state around the buggy address: [ 27.735423] ffff8881028cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.736263] ffff8881028cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.737219] >ffff8881028cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.737871] ^ [ 27.738428] ffff8881028cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.739341] ffff8881028cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.740308] ==================================================================