Date
Dec. 3, 2024, 11:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.725115] ================================================================== [ 37.725996] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 37.727237] Write of size 121 at addr fff00000c594bf00 by task kunit_try_catch/274 [ 37.729497] [ 37.730164] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.731944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.732234] Hardware name: linux,dummy-virt (DT) [ 37.733013] Call trace: [ 37.733511] show_stack+0x20/0x38 (C) [ 37.734342] dump_stack_lvl+0x8c/0xd0 [ 37.735095] print_report+0x118/0x5e0 [ 37.735821] kasan_report+0xc8/0x118 [ 37.736237] kasan_check_range+0x100/0x1a8 [ 37.736993] __kasan_check_write+0x20/0x30 [ 37.737820] strncpy_from_user+0x3c/0x2a0 [ 37.738647] copy_user_test_oob+0x5c0/0xec0 [ 37.739175] kunit_try_run_case+0x14c/0x3d0 [ 37.739808] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.740610] kthread+0x24c/0x2d0 [ 37.741198] ret_from_fork+0x10/0x20 [ 37.741847] [ 37.742234] Allocated by task 274: [ 37.742828] kasan_save_stack+0x3c/0x68 [ 37.743518] kasan_save_track+0x20/0x40 [ 37.744063] kasan_save_alloc_info+0x40/0x58 [ 37.744658] __kasan_kmalloc+0xd4/0xd8 [ 37.745340] __kmalloc_noprof+0x188/0x4c8 [ 37.745954] kunit_kmalloc_array+0x34/0x88 [ 37.746564] copy_user_test_oob+0xac/0xec0 [ 37.747177] kunit_try_run_case+0x14c/0x3d0 [ 37.747841] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.748600] kthread+0x24c/0x2d0 [ 37.749120] ret_from_fork+0x10/0x20 [ 37.749710] [ 37.750133] The buggy address belongs to the object at fff00000c594bf00 [ 37.750133] which belongs to the cache kmalloc-128 of size 128 [ 37.751571] The buggy address is located 0 bytes inside of [ 37.751571] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.752929] [ 37.753365] The buggy address belongs to the physical page: [ 37.754106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.755056] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.755945] page_type: f5(slab) [ 37.756420] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.757316] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.758321] page dumped because: kasan: bad access detected [ 37.759170] [ 37.759491] Memory state around the buggy address: [ 37.760139] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.760981] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.761959] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.762818] ^ [ 37.763807] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.764704] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.765524] ================================================================== [ 37.767670] ================================================================== [ 37.768558] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 37.769469] Write of size 1 at addr fff00000c594bf78 by task kunit_try_catch/274 [ 37.770280] [ 37.770742] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 37.771982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.772619] Hardware name: linux,dummy-virt (DT) [ 37.773314] Call trace: [ 37.773797] show_stack+0x20/0x38 (C) [ 37.774301] dump_stack_lvl+0x8c/0xd0 [ 37.775019] print_report+0x118/0x5e0 [ 37.775607] kasan_report+0xc8/0x118 [ 37.776180] __asan_report_store1_noabort+0x20/0x30 [ 37.776958] strncpy_from_user+0x270/0x2a0 [ 37.777613] copy_user_test_oob+0x5c0/0xec0 [ 37.778256] kunit_try_run_case+0x14c/0x3d0 [ 37.778804] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.779680] kthread+0x24c/0x2d0 [ 37.780224] ret_from_fork+0x10/0x20 [ 37.780841] [ 37.781169] Allocated by task 274: [ 37.781798] kasan_save_stack+0x3c/0x68 [ 37.782464] kasan_save_track+0x20/0x40 [ 37.783050] kasan_save_alloc_info+0x40/0x58 [ 37.783783] __kasan_kmalloc+0xd4/0xd8 [ 37.784377] __kmalloc_noprof+0x188/0x4c8 [ 37.784912] kunit_kmalloc_array+0x34/0x88 [ 37.785634] copy_user_test_oob+0xac/0xec0 [ 37.786250] kunit_try_run_case+0x14c/0x3d0 [ 37.786854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.787500] kthread+0x24c/0x2d0 [ 37.788147] ret_from_fork+0x10/0x20 [ 37.788653] [ 37.789059] The buggy address belongs to the object at fff00000c594bf00 [ 37.789059] which belongs to the cache kmalloc-128 of size 128 [ 37.790481] The buggy address is located 0 bytes to the right of [ 37.790481] allocated 120-byte region [fff00000c594bf00, fff00000c594bf78) [ 37.791904] [ 37.792246] The buggy address belongs to the physical page: [ 37.792930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10594b [ 37.793961] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.794933] page_type: f5(slab) [ 37.795413] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.796586] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.797434] page dumped because: kasan: bad access detected [ 37.798120] [ 37.798617] Memory state around the buggy address: [ 37.799220] fff00000c594be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.800040] fff00000c594be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.801049] >fff00000c594bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.801865] ^ [ 37.802875] fff00000c594bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.803891] fff00000c594c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.804794] ==================================================================
[ 32.791622] ================================================================== [ 32.792898] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 32.793394] Write of size 1 at addr ffff888102a99278 by task kunit_try_catch/294 [ 32.794071] [ 32.794318] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.795273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.798419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.799116] Call Trace: [ 32.799385] <TASK> [ 32.799663] dump_stack_lvl+0x73/0xb0 [ 32.800027] print_report+0xd1/0x640 [ 32.800376] ? __virt_addr_valid+0x1db/0x2d0 [ 32.800766] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.801340] kasan_report+0x102/0x140 [ 32.801814] ? strncpy_from_user+0x1a7/0x1e0 [ 32.802379] ? strncpy_from_user+0x1a7/0x1e0 [ 32.803007] __asan_report_store1_noabort+0x1b/0x30 [ 32.803651] strncpy_from_user+0x1a7/0x1e0 [ 32.804250] copy_user_test_oob+0x761/0x10f0 [ 32.804909] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.805402] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.806108] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.806712] kunit_try_run_case+0x1b3/0x490 [ 32.807008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.807509] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.807976] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.808472] ? __kthread_parkme+0x82/0x160 [ 32.808941] ? preempt_count_sub+0x50/0x80 [ 32.809394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.809887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.810478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.810929] kthread+0x257/0x310 [ 32.811300] ? __pfx_kthread+0x10/0x10 [ 32.811778] ret_from_fork+0x41/0x80 [ 32.812123] ? __pfx_kthread+0x10/0x10 [ 32.812588] ret_from_fork_asm+0x1a/0x30 [ 32.812969] </TASK> [ 32.813251] [ 32.813528] Allocated by task 294: [ 32.813895] kasan_save_stack+0x3d/0x60 [ 32.814242] kasan_save_track+0x18/0x40 [ 32.814783] kasan_save_alloc_info+0x3b/0x50 [ 32.815224] __kasan_kmalloc+0xb7/0xc0 [ 32.815658] __kmalloc_noprof+0x1c4/0x500 [ 32.816079] kunit_kmalloc_array+0x25/0x60 [ 32.816427] copy_user_test_oob+0xac/0x10f0 [ 32.816922] kunit_try_run_case+0x1b3/0x490 [ 32.817396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.817798] kthread+0x257/0x310 [ 32.818191] ret_from_fork+0x41/0x80 [ 32.818616] ret_from_fork_asm+0x1a/0x30 [ 32.819009] [ 32.819239] The buggy address belongs to the object at ffff888102a99200 [ 32.819239] which belongs to the cache kmalloc-128 of size 128 [ 32.820173] The buggy address is located 0 bytes to the right of [ 32.820173] allocated 120-byte region [ffff888102a99200, ffff888102a99278) [ 32.821246] [ 32.821504] The buggy address belongs to the physical page: [ 32.822020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a99 [ 32.822728] flags: 0x200000000000000(node=0|zone=2) [ 32.823094] page_type: f5(slab) [ 32.823510] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.824033] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.824517] page dumped because: kasan: bad access detected [ 32.825093] [ 32.825308] Memory state around the buggy address: [ 32.825827] ffff888102a99100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.826318] ffff888102a99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.826947] >ffff888102a99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.827520] ^ [ 32.828311] ffff888102a99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.828888] ffff888102a99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.829346] ================================================================== [ 32.754922] ================================================================== [ 32.755751] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 32.756691] Write of size 121 at addr ffff888102a99200 by task kunit_try_catch/294 [ 32.757210] [ 32.757473] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 32.758238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.758634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.759230] Call Trace: [ 32.759437] <TASK> [ 32.759634] dump_stack_lvl+0x73/0xb0 [ 32.760048] print_report+0xd1/0x640 [ 32.760669] ? __virt_addr_valid+0x1db/0x2d0 [ 32.761106] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.761675] kasan_report+0x102/0x140 [ 32.762135] ? strncpy_from_user+0x2e/0x1e0 [ 32.762513] ? strncpy_from_user+0x2e/0x1e0 [ 32.763162] kasan_check_range+0x10c/0x1c0 [ 32.763647] __kasan_check_write+0x18/0x20 [ 32.764041] strncpy_from_user+0x2e/0x1e0 [ 32.764541] copy_user_test_oob+0x761/0x10f0 [ 32.765038] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.765566] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.766108] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.766620] kunit_try_run_case+0x1b3/0x490 [ 32.767011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.767508] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.767975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.768461] ? __kthread_parkme+0x82/0x160 [ 32.768942] ? preempt_count_sub+0x50/0x80 [ 32.769429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.769895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.770525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.770869] kthread+0x257/0x310 [ 32.771254] ? __pfx_kthread+0x10/0x10 [ 32.771758] ret_from_fork+0x41/0x80 [ 32.772213] ? __pfx_kthread+0x10/0x10 [ 32.772708] ret_from_fork_asm+0x1a/0x30 [ 32.773130] </TASK> [ 32.773405] [ 32.773680] Allocated by task 294: [ 32.774014] kasan_save_stack+0x3d/0x60 [ 32.774311] kasan_save_track+0x18/0x40 [ 32.774565] kasan_save_alloc_info+0x3b/0x50 [ 32.775108] __kasan_kmalloc+0xb7/0xc0 [ 32.775643] __kmalloc_noprof+0x1c4/0x500 [ 32.776182] kunit_kmalloc_array+0x25/0x60 [ 32.776670] copy_user_test_oob+0xac/0x10f0 [ 32.777182] kunit_try_run_case+0x1b3/0x490 [ 32.777770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.778331] kthread+0x257/0x310 [ 32.778575] ret_from_fork+0x41/0x80 [ 32.778823] ret_from_fork_asm+0x1a/0x30 [ 32.779313] [ 32.779519] The buggy address belongs to the object at ffff888102a99200 [ 32.779519] which belongs to the cache kmalloc-128 of size 128 [ 32.780867] The buggy address is located 0 bytes inside of [ 32.780867] allocated 120-byte region [ffff888102a99200, ffff888102a99278) [ 32.781584] [ 32.781745] The buggy address belongs to the physical page: [ 32.782129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a99 [ 32.782949] flags: 0x200000000000000(node=0|zone=2) [ 32.783527] page_type: f5(slab) [ 32.783870] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.784532] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.785219] page dumped because: kasan: bad access detected [ 32.785813] [ 32.785968] Memory state around the buggy address: [ 32.786260] ffff888102a99100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.787112] ffff888102a99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.787746] >ffff888102a99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.788290] ^ [ 32.789047] ffff888102a99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.789717] ffff888102a99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.790398] ==================================================================