Date
Nov. 28, 2024, 2:36 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.439091] ================================================================== [ 37.439834] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 37.440566] Write of size 1 at addr fff00000c6409278 by task kunit_try_catch/273 [ 37.441491] [ 37.441866] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.442967] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.443484] Hardware name: linux,dummy-virt (DT) [ 37.444017] Call trace: [ 37.444778] show_stack+0x20/0x38 (C) [ 37.445284] dump_stack_lvl+0x8c/0xd0 [ 37.445995] print_report+0x118/0x5e0 [ 37.446395] kasan_report+0xc8/0x118 [ 37.446910] __asan_report_store1_noabort+0x20/0x30 [ 37.447773] strncpy_from_user+0x270/0x2a0 [ 37.448412] copy_user_test_oob+0x5c0/0xec0 [ 37.449043] kunit_try_run_case+0x14c/0x3d0 [ 37.449747] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.450483] kthread+0x24c/0x2d0 [ 37.451038] ret_from_fork+0x10/0x20 [ 37.451640] [ 37.452015] Allocated by task 273: [ 37.452523] kasan_save_stack+0x3c/0x68 [ 37.453157] kasan_save_track+0x20/0x40 [ 37.453743] kasan_save_alloc_info+0x40/0x58 [ 37.454400] __kasan_kmalloc+0xd4/0xd8 [ 37.455017] __kmalloc_noprof+0x188/0x4c8 [ 37.455535] kunit_kmalloc_array+0x34/0x88 [ 37.456189] copy_user_test_oob+0xac/0xec0 [ 37.456803] kunit_try_run_case+0x14c/0x3d0 [ 37.457464] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.458238] kthread+0x24c/0x2d0 [ 37.458752] ret_from_fork+0x10/0x20 [ 37.459337] [ 37.459685] The buggy address belongs to the object at fff00000c6409200 [ 37.459685] which belongs to the cache kmalloc-128 of size 128 [ 37.460921] The buggy address is located 0 bytes to the right of [ 37.460921] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.462262] [ 37.462555] The buggy address belongs to the physical page: [ 37.463267] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.464140] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.464982] page_type: f5(slab) [ 37.465467] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.466376] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.467220] page dumped because: kasan: bad access detected [ 37.467907] [ 37.468271] Memory state around the buggy address: [ 37.468949] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.469782] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.470668] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.471456] ^ [ 37.472312] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.473165] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.473944] ================================================================== [ 37.401672] ================================================================== [ 37.402317] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 37.403105] Write of size 121 at addr fff00000c6409200 by task kunit_try_catch/273 [ 37.404066] [ 37.404477] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 37.405621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.406162] Hardware name: linux,dummy-virt (DT) [ 37.406823] Call trace: [ 37.407295] show_stack+0x20/0x38 (C) [ 37.407882] dump_stack_lvl+0x8c/0xd0 [ 37.408530] print_report+0x118/0x5e0 [ 37.409198] kasan_report+0xc8/0x118 [ 37.409829] kasan_check_range+0x100/0x1a8 [ 37.410410] __kasan_check_write+0x20/0x30 [ 37.411080] strncpy_from_user+0x3c/0x2a0 [ 37.411706] copy_user_test_oob+0x5c0/0xec0 [ 37.412361] kunit_try_run_case+0x14c/0x3d0 [ 37.412994] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.413743] kthread+0x24c/0x2d0 [ 37.414347] ret_from_fork+0x10/0x20 [ 37.414936] [ 37.415274] Allocated by task 273: [ 37.415823] kasan_save_stack+0x3c/0x68 [ 37.416373] kasan_save_track+0x20/0x40 [ 37.416985] kasan_save_alloc_info+0x40/0x58 [ 37.417619] __kasan_kmalloc+0xd4/0xd8 [ 37.418250] __kmalloc_noprof+0x188/0x4c8 [ 37.418837] kunit_kmalloc_array+0x34/0x88 [ 37.419470] copy_user_test_oob+0xac/0xec0 [ 37.420067] kunit_try_run_case+0x14c/0x3d0 [ 37.420689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.421425] kthread+0x24c/0x2d0 [ 37.421946] ret_from_fork+0x10/0x20 [ 37.422493] [ 37.422875] The buggy address belongs to the object at fff00000c6409200 [ 37.422875] which belongs to the cache kmalloc-128 of size 128 [ 37.424035] The buggy address is located 0 bytes inside of [ 37.424035] allocated 120-byte region [fff00000c6409200, fff00000c6409278) [ 37.425261] [ 37.425637] The buggy address belongs to the physical page: [ 37.426255] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106409 [ 37.427231] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.428036] page_type: f5(slab) [ 37.428574] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.429481] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 37.430324] page dumped because: kasan: bad access detected [ 37.430964] [ 37.431315] Memory state around the buggy address: [ 37.431945] fff00000c6409100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.432772] fff00000c6409180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.433613] >fff00000c6409200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.434426] ^ [ 37.435196] fff00000c6409280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.435939] fff00000c6409300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.436713] ==================================================================
[ 28.899916] ================================================================== [ 28.901069] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 28.901544] Write of size 1 at addr ffff888101b6b578 by task kunit_try_catch/293 [ 28.902353] [ 28.903082] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 28.903865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.904351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.905165] Call Trace: [ 28.905454] <TASK> [ 28.905748] dump_stack_lvl+0x73/0xb0 [ 28.906205] print_report+0xd1/0x640 [ 28.906637] ? __virt_addr_valid+0x1db/0x2d0 [ 28.907108] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.907614] kasan_report+0x102/0x140 [ 28.908538] ? strncpy_from_user+0x1a7/0x1e0 [ 28.908947] ? strncpy_from_user+0x1a7/0x1e0 [ 28.909730] __asan_report_store1_noabort+0x1b/0x30 [ 28.910286] strncpy_from_user+0x1a7/0x1e0 [ 28.911114] copy_user_test_oob+0x761/0x10f0 [ 28.911616] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.912394] ? finish_task_switch.isra.0+0x153/0x700 [ 28.912992] ? __switch_to+0x5d9/0xf60 [ 28.913512] ? __schedule+0xc3e/0x2790 [ 28.913885] ? __pfx_read_tsc+0x10/0x10 [ 28.914482] ? ktime_get_ts64+0x84/0x230 [ 28.914907] kunit_try_run_case+0x1b3/0x490 [ 28.915871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.916521] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.916933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.917677] ? __kthread_parkme+0x82/0x160 [ 28.918117] ? preempt_count_sub+0x50/0x80 [ 28.918487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.919031] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.919911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.920396] kthread+0x257/0x310 [ 28.921006] ? __pfx_kthread+0x10/0x10 [ 28.921416] ret_from_fork+0x41/0x80 [ 28.922167] ? __pfx_kthread+0x10/0x10 [ 28.922511] ret_from_fork_asm+0x1a/0x30 [ 28.923234] </TASK> [ 28.923636] [ 28.924043] Allocated by task 293: [ 28.924449] kasan_save_stack+0x3d/0x60 [ 28.925049] kasan_save_track+0x18/0x40 [ 28.925616] kasan_save_alloc_info+0x3b/0x50 [ 28.926015] __kasan_kmalloc+0xb7/0xc0 [ 28.926656] __kmalloc_noprof+0x1c4/0x500 [ 28.927022] kunit_kmalloc_array+0x25/0x60 [ 28.927608] copy_user_test_oob+0xac/0x10f0 [ 28.927960] kunit_try_run_case+0x1b3/0x490 [ 28.928624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.929157] kthread+0x257/0x310 [ 28.929422] ret_from_fork+0x41/0x80 [ 28.929697] ret_from_fork_asm+0x1a/0x30 [ 28.930152] [ 28.930718] The buggy address belongs to the object at ffff888101b6b500 [ 28.930718] which belongs to the cache kmalloc-128 of size 128 [ 28.932263] The buggy address is located 0 bytes to the right of [ 28.932263] allocated 120-byte region [ffff888101b6b500, ffff888101b6b578) [ 28.933640] [ 28.933884] The buggy address belongs to the physical page: [ 28.934257] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b6b [ 28.935484] flags: 0x200000000000000(node=0|zone=2) [ 28.935968] page_type: f5(slab) [ 28.936476] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.937324] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.937923] page dumped because: kasan: bad access detected [ 28.938520] [ 28.938759] Memory state around the buggy address: [ 28.939241] ffff888101b6b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.939942] ffff888101b6b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.940674] >ffff888101b6b500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.941299] ^ [ 28.941993] ffff888101b6b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.942716] ffff888101b6b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.943624] ================================================================== [ 28.853607] ================================================================== [ 28.854205] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 28.855133] Write of size 121 at addr ffff888101b6b500 by task kunit_try_catch/293 [ 28.855920] [ 28.856293] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 28.857450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.858109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.859010] Call Trace: [ 28.859388] <TASK> [ 28.859799] dump_stack_lvl+0x73/0xb0 [ 28.860433] print_report+0xd1/0x640 [ 28.860934] ? __virt_addr_valid+0x1db/0x2d0 [ 28.861651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.862296] kasan_report+0x102/0x140 [ 28.862776] ? strncpy_from_user+0x2e/0x1e0 [ 28.863421] ? strncpy_from_user+0x2e/0x1e0 [ 28.863969] kasan_check_range+0x10c/0x1c0 [ 28.864567] __kasan_check_write+0x18/0x20 [ 28.865015] strncpy_from_user+0x2e/0x1e0 [ 28.865503] ? __kasan_check_read+0x15/0x20 [ 28.866213] copy_user_test_oob+0x761/0x10f0 [ 28.866847] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.867540] ? finish_task_switch.isra.0+0x153/0x700 [ 28.868127] ? __switch_to+0x5d9/0xf60 [ 28.868628] ? __schedule+0xc3e/0x2790 [ 28.869316] ? __pfx_read_tsc+0x10/0x10 [ 28.869865] ? ktime_get_ts64+0x84/0x230 [ 28.870361] kunit_try_run_case+0x1b3/0x490 [ 28.870951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.871458] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.872089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.872768] ? __kthread_parkme+0x82/0x160 [ 28.873576] ? preempt_count_sub+0x50/0x80 [ 28.873923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.874363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.875087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.875706] kthread+0x257/0x310 [ 28.876104] ? __pfx_kthread+0x10/0x10 [ 28.876541] ret_from_fork+0x41/0x80 [ 28.876934] ? __pfx_kthread+0x10/0x10 [ 28.877995] ret_from_fork_asm+0x1a/0x30 [ 28.878672] </TASK> [ 28.879094] [ 28.879500] Allocated by task 293: [ 28.879786] kasan_save_stack+0x3d/0x60 [ 28.880374] kasan_save_track+0x18/0x40 [ 28.880804] kasan_save_alloc_info+0x3b/0x50 [ 28.881227] __kasan_kmalloc+0xb7/0xc0 [ 28.881933] __kmalloc_noprof+0x1c4/0x500 [ 28.882519] kunit_kmalloc_array+0x25/0x60 [ 28.883465] copy_user_test_oob+0xac/0x10f0 [ 28.883740] kunit_try_run_case+0x1b3/0x490 [ 28.884404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.884820] kthread+0x257/0x310 [ 28.885289] ret_from_fork+0x41/0x80 [ 28.885780] ret_from_fork_asm+0x1a/0x30 [ 28.886307] [ 28.886608] The buggy address belongs to the object at ffff888101b6b500 [ 28.886608] which belongs to the cache kmalloc-128 of size 128 [ 28.887570] The buggy address is located 0 bytes inside of [ 28.887570] allocated 120-byte region [ffff888101b6b500, ffff888101b6b578) [ 28.888713] [ 28.888870] The buggy address belongs to the physical page: [ 28.889418] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b6b [ 28.890408] flags: 0x200000000000000(node=0|zone=2) [ 28.890781] page_type: f5(slab) [ 28.891311] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.892028] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.892849] page dumped because: kasan: bad access detected [ 28.893444] [ 28.893655] Memory state around the buggy address: [ 28.894236] ffff888101b6b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.894887] ffff888101b6b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.895664] >ffff888101b6b500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.896351] ^ [ 28.897000] ffff888101b6b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.897686] ffff888101b6b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.898387] ==================================================================