Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 55.056139] ================================================================== [ 55.057012] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 55.057837] Write of size 1 at addr fff00000c61a5678 by task kunit_try_catch/274 [ 55.058905] [ 55.059357] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 55.060502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.061149] Hardware name: linux,dummy-virt (DT) [ 55.061668] Call trace: [ 55.062281] show_stack+0x20/0x38 (C) [ 55.062832] dump_stack_lvl+0x8c/0xd0 [ 55.063410] print_report+0x118/0x5e0 [ 55.064068] kasan_report+0xc8/0x118 [ 55.064585] __asan_report_store1_noabort+0x20/0x30 [ 55.065435] strncpy_from_user+0x270/0x2a0 [ 55.066133] copy_user_test_oob+0x5c0/0xec0 [ 55.066784] kunit_try_run_case+0x14c/0x3d0 [ 55.067364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.068178] kthread+0x24c/0x2d0 [ 55.068687] ret_from_fork+0x10/0x20 [ 55.069321] [ 55.069637] Allocated by task 274: [ 55.070281] kasan_save_stack+0x3c/0x68 [ 55.071166] kasan_save_track+0x20/0x40 [ 55.071722] kasan_save_alloc_info+0x40/0x58 [ 55.072407] __kasan_kmalloc+0xd4/0xd8 [ 55.073048] __kmalloc_noprof+0x188/0x4c8 [ 55.073701] kunit_kmalloc_array+0x34/0x88 [ 55.074345] copy_user_test_oob+0xac/0xec0 [ 55.074969] kunit_try_run_case+0x14c/0x3d0 [ 55.075609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.076378] kthread+0x24c/0x2d0 [ 55.077007] ret_from_fork+0x10/0x20 [ 55.077605] [ 55.077948] The buggy address belongs to the object at fff00000c61a5600 [ 55.077948] which belongs to the cache kmalloc-128 of size 128 [ 55.079413] The buggy address is located 0 bytes to the right of [ 55.079413] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 55.080922] [ 55.081375] The buggy address belongs to the physical page: [ 55.082043] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 55.083157] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.084023] page_type: f5(slab) [ 55.084708] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 55.085667] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 55.086648] page dumped because: kasan: bad access detected [ 55.087413] [ 55.087773] Memory state around the buggy address: [ 55.088532] fff00000c61a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.089541] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.090525] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 55.091375] ^ [ 55.092261] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.093258] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.094148] ================================================================== [ 55.015728] ================================================================== [ 55.016876] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 55.017599] Write of size 121 at addr fff00000c61a5600 by task kunit_try_catch/274 [ 55.018606] [ 55.018960] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 55.020218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.020836] Hardware name: linux,dummy-virt (DT) [ 55.021635] Call trace: [ 55.022078] show_stack+0x20/0x38 (C) [ 55.022757] dump_stack_lvl+0x8c/0xd0 [ 55.023380] print_report+0x118/0x5e0 [ 55.024001] kasan_report+0xc8/0x118 [ 55.024581] kasan_check_range+0x100/0x1a8 [ 55.025168] __kasan_check_write+0x20/0x30 [ 55.025770] strncpy_from_user+0x3c/0x2a0 [ 55.026334] copy_user_test_oob+0x5c0/0xec0 [ 55.027071] kunit_try_run_case+0x14c/0x3d0 [ 55.027744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.028508] kthread+0x24c/0x2d0 [ 55.029066] ret_from_fork+0x10/0x20 [ 55.029677] [ 55.030055] Allocated by task 274: [ 55.030676] kasan_save_stack+0x3c/0x68 [ 55.031323] kasan_save_track+0x20/0x40 [ 55.032001] kasan_save_alloc_info+0x40/0x58 [ 55.032742] __kasan_kmalloc+0xd4/0xd8 [ 55.033412] __kmalloc_noprof+0x188/0x4c8 [ 55.034058] kunit_kmalloc_array+0x34/0x88 [ 55.034723] copy_user_test_oob+0xac/0xec0 [ 55.035388] kunit_try_run_case+0x14c/0x3d0 [ 55.036024] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.036762] kthread+0x24c/0x2d0 [ 55.037348] ret_from_fork+0x10/0x20 [ 55.037988] [ 55.038402] The buggy address belongs to the object at fff00000c61a5600 [ 55.038402] which belongs to the cache kmalloc-128 of size 128 [ 55.039893] The buggy address is located 0 bytes inside of [ 55.039893] allocated 120-byte region [fff00000c61a5600, fff00000c61a5678) [ 55.041447] [ 55.041863] The buggy address belongs to the physical page: [ 55.042587] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a5 [ 55.043674] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.044515] page_type: f5(slab) [ 55.045050] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 55.046064] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 55.047093] page dumped because: kasan: bad access detected [ 55.047870] [ 55.048213] Memory state around the buggy address: [ 55.048930] fff00000c61a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.049986] fff00000c61a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.050930] >fff00000c61a5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 55.051840] ^ [ 55.052702] fff00000c61a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.053671] fff00000c61a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.054533] ==================================================================
[ 33.015522] ================================================================== [ 33.017013] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 33.017677] Write of size 121 at addr ffff888102a58900 by task kunit_try_catch/293 [ 33.018943] [ 33.019270] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 33.020484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.020962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.022136] Call Trace: [ 33.022471] <TASK> [ 33.022900] dump_stack_lvl+0x73/0xb0 [ 33.023279] print_report+0xd1/0x640 [ 33.024003] ? __virt_addr_valid+0x1db/0x2d0 [ 33.024559] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.025001] kasan_report+0x102/0x140 [ 33.025485] ? strncpy_from_user+0x2e/0x1e0 [ 33.025927] ? strncpy_from_user+0x2e/0x1e0 [ 33.026467] kasan_check_range+0x10c/0x1c0 [ 33.027028] __kasan_check_write+0x18/0x20 [ 33.027560] strncpy_from_user+0x2e/0x1e0 [ 33.027864] ? __kasan_check_read+0x15/0x20 [ 33.028777] copy_user_test_oob+0x761/0x10f0 [ 33.030315] ? __pfx_copy_user_test_oob+0x10/0x10 [ 33.030771] ? finish_task_switch.isra.0+0x153/0x700 [ 33.031589] ? __switch_to+0x5d9/0xf60 [ 33.032008] ? __schedule+0xc3e/0x2790 [ 33.032736] ? __pfx_read_tsc+0x10/0x10 [ 33.033403] ? ktime_get_ts64+0x84/0x230 [ 33.033821] kunit_try_run_case+0x1b3/0x490 [ 33.034623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.035111] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 33.035969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.036692] ? __kthread_parkme+0x82/0x160 [ 33.037393] ? preempt_count_sub+0x50/0x80 [ 33.037817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.038582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.039126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.039620] kthread+0x257/0x310 [ 33.039959] ? __pfx_kthread+0x10/0x10 [ 33.040670] ret_from_fork+0x41/0x80 [ 33.040939] ? __pfx_kthread+0x10/0x10 [ 33.041598] ret_from_fork_asm+0x1a/0x30 [ 33.042156] </TASK> [ 33.042498] [ 33.042686] Allocated by task 293: [ 33.043321] kasan_save_stack+0x3d/0x60 [ 33.043820] kasan_save_track+0x18/0x40 [ 33.044455] kasan_save_alloc_info+0x3b/0x50 [ 33.044781] __kasan_kmalloc+0xb7/0xc0 [ 33.045406] __kmalloc_noprof+0x1c4/0x500 [ 33.045870] kunit_kmalloc_array+0x25/0x60 [ 33.046427] copy_user_test_oob+0xac/0x10f0 [ 33.046942] kunit_try_run_case+0x1b3/0x490 [ 33.047455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.047954] kthread+0x257/0x310 [ 33.048402] ret_from_fork+0x41/0x80 [ 33.049118] ret_from_fork_asm+0x1a/0x30 [ 33.049504] [ 33.049855] The buggy address belongs to the object at ffff888102a58900 [ 33.049855] which belongs to the cache kmalloc-128 of size 128 [ 33.051523] The buggy address is located 0 bytes inside of [ 33.051523] allocated 120-byte region [ffff888102a58900, ffff888102a58978) [ 33.051967] [ 33.052173] The buggy address belongs to the physical page: [ 33.052630] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 33.053504] flags: 0x200000000000000(node=0|zone=2) [ 33.053828] page_type: f5(slab) [ 33.054309] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 33.055288] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.055896] page dumped because: kasan: bad access detected [ 33.056651] [ 33.056906] Memory state around the buggy address: [ 33.057544] ffff888102a58800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.058363] ffff888102a58880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.059091] >ffff888102a58900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.059813] ^ [ 33.060620] ffff888102a58980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.061402] ffff888102a58a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.061677] ================================================================== [ 33.062656] ================================================================== [ 33.063631] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 33.064716] Write of size 1 at addr ffff888102a58978 by task kunit_try_catch/293 [ 33.065703] [ 33.065884] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 33.067227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.067915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.069021] Call Trace: [ 33.069390] <TASK> [ 33.069705] dump_stack_lvl+0x73/0xb0 [ 33.070039] print_report+0xd1/0x640 [ 33.070358] ? __virt_addr_valid+0x1db/0x2d0 [ 33.070851] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.071673] kasan_report+0x102/0x140 [ 33.072337] ? strncpy_from_user+0x1a7/0x1e0 [ 33.073102] ? strncpy_from_user+0x1a7/0x1e0 [ 33.073850] __asan_report_store1_noabort+0x1b/0x30 [ 33.074774] strncpy_from_user+0x1a7/0x1e0 [ 33.075341] copy_user_test_oob+0x761/0x10f0 [ 33.075773] ? __pfx_copy_user_test_oob+0x10/0x10 [ 33.076396] ? finish_task_switch.isra.0+0x153/0x700 [ 33.076783] ? __switch_to+0x5d9/0xf60 [ 33.077281] ? __schedule+0xc3e/0x2790 [ 33.077595] ? __pfx_read_tsc+0x10/0x10 [ 33.078070] ? ktime_get_ts64+0x84/0x230 [ 33.078513] kunit_try_run_case+0x1b3/0x490 [ 33.078978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.079463] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 33.079919] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.080402] ? __kthread_parkme+0x82/0x160 [ 33.080826] ? preempt_count_sub+0x50/0x80 [ 33.081289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.081836] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.082340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.082974] kthread+0x257/0x310 [ 33.083354] ? __pfx_kthread+0x10/0x10 [ 33.083802] ret_from_fork+0x41/0x80 [ 33.084229] ? __pfx_kthread+0x10/0x10 [ 33.084567] ret_from_fork_asm+0x1a/0x30 [ 33.085162] </TASK> [ 33.085407] [ 33.085569] Allocated by task 293: [ 33.086048] kasan_save_stack+0x3d/0x60 [ 33.086450] kasan_save_track+0x18/0x40 [ 33.086820] kasan_save_alloc_info+0x3b/0x50 [ 33.087296] __kasan_kmalloc+0xb7/0xc0 [ 33.087643] __kmalloc_noprof+0x1c4/0x500 [ 33.088137] kunit_kmalloc_array+0x25/0x60 [ 33.088607] copy_user_test_oob+0xac/0x10f0 [ 33.088920] kunit_try_run_case+0x1b3/0x490 [ 33.089308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.089922] kthread+0x257/0x310 [ 33.090331] ret_from_fork+0x41/0x80 [ 33.090618] ret_from_fork_asm+0x1a/0x30 [ 33.091265] [ 33.091499] The buggy address belongs to the object at ffff888102a58900 [ 33.091499] which belongs to the cache kmalloc-128 of size 128 [ 33.092631] The buggy address is located 0 bytes to the right of [ 33.092631] allocated 120-byte region [ffff888102a58900, ffff888102a58978) [ 33.093969] [ 33.094886] The buggy address belongs to the physical page: [ 33.095463] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 33.095897] flags: 0x200000000000000(node=0|zone=2) [ 33.096542] page_type: f5(slab) [ 33.097193] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 33.097935] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.098550] page dumped because: kasan: bad access detected [ 33.099155] [ 33.099332] Memory state around the buggy address: [ 33.099835] ffff888102a58800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.100490] ffff888102a58880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.101162] >ffff888102a58900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.101719] ^ [ 33.102404] ffff888102a58980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.102976] ffff888102a58a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.103762] ==================================================================