Date
Dec. 4, 2024, 3:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.557692] ================================================================== [ 39.559525] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 39.560747] Write of size 121 at addr fff00000c6766e00 by task kunit_try_catch/273 [ 39.561597] [ 39.562498] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.563895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.564452] Hardware name: linux,dummy-virt (DT) [ 39.565089] Call trace: [ 39.565483] show_stack+0x20/0x38 (C) [ 39.566504] dump_stack_lvl+0x8c/0xd0 [ 39.567352] print_report+0x118/0x5e0 [ 39.567913] kasan_report+0xc8/0x118 [ 39.568443] kasan_check_range+0x100/0x1a8 [ 39.569101] __kasan_check_write+0x20/0x30 [ 39.569759] strncpy_from_user+0x3c/0x2a0 [ 39.570525] copy_user_test_oob+0x5c0/0xec0 [ 39.571356] kunit_try_run_case+0x14c/0x3d0 [ 39.572172] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.572899] kthread+0x24c/0x2d0 [ 39.573392] ret_from_fork+0x10/0x20 [ 39.574216] [ 39.574731] Allocated by task 273: [ 39.575382] kasan_save_stack+0x3c/0x68 [ 39.576093] kasan_save_track+0x20/0x40 [ 39.576868] kasan_save_alloc_info+0x40/0x58 [ 39.577705] __kasan_kmalloc+0xd4/0xd8 [ 39.578415] __kmalloc_noprof+0x188/0x4c8 [ 39.579269] kunit_kmalloc_array+0x34/0x88 [ 39.579980] copy_user_test_oob+0xac/0xec0 [ 39.580512] kunit_try_run_case+0x14c/0x3d0 [ 39.581047] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.581760] kthread+0x24c/0x2d0 [ 39.582272] ret_from_fork+0x10/0x20 [ 39.582967] [ 39.583224] The buggy address belongs to the object at fff00000c6766e00 [ 39.583224] which belongs to the cache kmalloc-128 of size 128 [ 39.584832] The buggy address is located 0 bytes inside of [ 39.584832] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.586246] [ 39.586566] The buggy address belongs to the physical page: [ 39.587515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.588366] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.589357] page_type: f5(slab) [ 39.589847] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.590990] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.591883] page dumped because: kasan: bad access detected [ 39.592593] [ 39.593013] Memory state around the buggy address: [ 39.593601] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.594817] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.595730] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.596845] ^ [ 39.597562] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.598412] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.599353] ================================================================== [ 39.601182] ================================================================== [ 39.602447] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 39.603466] Write of size 1 at addr fff00000c6766e78 by task kunit_try_catch/273 [ 39.604585] [ 39.605086] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 39.606371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.607066] Hardware name: linux,dummy-virt (DT) [ 39.607792] Call trace: [ 39.608358] show_stack+0x20/0x38 (C) [ 39.608953] dump_stack_lvl+0x8c/0xd0 [ 39.609573] print_report+0x118/0x5e0 [ 39.610157] kasan_report+0xc8/0x118 [ 39.610666] __asan_report_store1_noabort+0x20/0x30 [ 39.611562] strncpy_from_user+0x270/0x2a0 [ 39.612250] copy_user_test_oob+0x5c0/0xec0 [ 39.612888] kunit_try_run_case+0x14c/0x3d0 [ 39.613569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.614329] kthread+0x24c/0x2d0 [ 39.614999] ret_from_fork+0x10/0x20 [ 39.615589] [ 39.616034] Allocated by task 273: [ 39.616543] kasan_save_stack+0x3c/0x68 [ 39.617152] kasan_save_track+0x20/0x40 [ 39.617744] kasan_save_alloc_info+0x40/0x58 [ 39.618441] __kasan_kmalloc+0xd4/0xd8 [ 39.619030] __kmalloc_noprof+0x188/0x4c8 [ 39.619727] kunit_kmalloc_array+0x34/0x88 [ 39.620344] copy_user_test_oob+0xac/0xec0 [ 39.621049] kunit_try_run_case+0x14c/0x3d0 [ 39.621568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.622385] kthread+0x24c/0x2d0 [ 39.623028] ret_from_fork+0x10/0x20 [ 39.623577] [ 39.623947] The buggy address belongs to the object at fff00000c6766e00 [ 39.623947] which belongs to the cache kmalloc-128 of size 128 [ 39.625330] The buggy address is located 0 bytes to the right of [ 39.625330] allocated 120-byte region [fff00000c6766e00, fff00000c6766e78) [ 39.626824] [ 39.627184] The buggy address belongs to the physical page: [ 39.627893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106766 [ 39.628884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.629721] page_type: f5(slab) [ 39.630190] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.631274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.632153] page dumped because: kasan: bad access detected [ 39.632958] [ 39.633386] Memory state around the buggy address: [ 39.633934] fff00000c6766d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.634752] fff00000c6766d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.635762] >fff00000c6766e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.636734] ^ [ 39.637675] fff00000c6766e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.638694] fff00000c6766f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.639556] ==================================================================
[ 30.883439] ================================================================== [ 30.883966] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 30.884474] Write of size 1 at addr ffff8881029a4b78 by task kunit_try_catch/293 [ 30.884890] [ 30.885110] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.885721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.886001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.886825] Call Trace: [ 30.887035] <TASK> [ 30.887279] dump_stack_lvl+0x73/0xb0 [ 30.887572] print_report+0xd1/0x640 [ 30.887862] ? __virt_addr_valid+0x1db/0x2d0 [ 30.888200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.888561] kasan_report+0x102/0x140 [ 30.888870] ? strncpy_from_user+0x1a7/0x1e0 [ 30.889239] ? strncpy_from_user+0x1a7/0x1e0 [ 30.889553] __asan_report_store1_noabort+0x1b/0x30 [ 30.890239] strncpy_from_user+0x1a7/0x1e0 [ 30.890789] copy_user_test_oob+0x761/0x10f0 [ 30.891376] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.891971] ? finish_task_switch.isra.0+0x153/0x700 [ 30.892620] ? __switch_to+0x5d9/0xf60 [ 30.893276] ? __schedule+0xc3e/0x2790 [ 30.893800] ? __pfx_read_tsc+0x10/0x10 [ 30.894132] ? ktime_get_ts64+0x86/0x230 [ 30.894702] kunit_try_run_case+0x1b3/0x490 [ 30.895349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.895866] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.896387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.896960] ? __kthread_parkme+0x82/0x160 [ 30.897467] ? preempt_count_sub+0x50/0x80 [ 30.897977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.898535] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.899221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.899873] kthread+0x257/0x310 [ 30.900203] ? __pfx_kthread+0x10/0x10 [ 30.900493] ret_from_fork+0x41/0x80 [ 30.900798] ? __pfx_kthread+0x10/0x10 [ 30.901127] ret_from_fork_asm+0x1a/0x30 [ 30.901997] </TASK> [ 30.903017] [ 30.903575] Allocated by task 293: [ 30.904147] kasan_save_stack+0x3d/0x60 [ 30.904690] kasan_save_track+0x18/0x40 [ 30.905327] kasan_save_alloc_info+0x3b/0x50 [ 30.905986] __kasan_kmalloc+0xb7/0xc0 [ 30.906498] __kmalloc_noprof+0x1c4/0x500 [ 30.906988] kunit_kmalloc_array+0x25/0x60 [ 30.907507] copy_user_test_oob+0xac/0x10f0 [ 30.908111] kunit_try_run_case+0x1b3/0x490 [ 30.908426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.908906] kthread+0x257/0x310 [ 30.909663] ret_from_fork+0x41/0x80 [ 30.910270] ret_from_fork_asm+0x1a/0x30 [ 30.910847] [ 30.911287] The buggy address belongs to the object at ffff8881029a4b00 [ 30.911287] which belongs to the cache kmalloc-128 of size 128 [ 30.912060] The buggy address is located 0 bytes to the right of [ 30.912060] allocated 120-byte region [ffff8881029a4b00, ffff8881029a4b78) [ 30.912935] [ 30.913261] The buggy address belongs to the physical page: [ 30.913958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a4 [ 30.915477] flags: 0x200000000000000(node=0|zone=2) [ 30.915995] page_type: f5(slab) [ 30.916532] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.917167] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.917716] page dumped because: kasan: bad access detected [ 30.918289] [ 30.918521] Memory state around the buggy address: [ 30.919334] ffff8881029a4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.920325] ffff8881029a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.920820] >ffff8881029a4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.921393] ^ [ 30.921980] ffff8881029a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.922585] ffff8881029a4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.923185] ================================================================== [ 30.839567] ================================================================== [ 30.840541] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 30.841315] Write of size 121 at addr ffff8881029a4b00 by task kunit_try_catch/293 [ 30.842168] [ 30.842474] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.843506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.844107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.844829] Call Trace: [ 30.845291] <TASK> [ 30.845666] dump_stack_lvl+0x73/0xb0 [ 30.846020] print_report+0xd1/0x640 [ 30.846547] ? __virt_addr_valid+0x1db/0x2d0 [ 30.847043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.847709] kasan_report+0x102/0x140 [ 30.848299] ? strncpy_from_user+0x2e/0x1e0 [ 30.848747] ? strncpy_from_user+0x2e/0x1e0 [ 30.849378] kasan_check_range+0x10c/0x1c0 [ 30.849902] __kasan_check_write+0x18/0x20 [ 30.850370] strncpy_from_user+0x2e/0x1e0 [ 30.850936] copy_user_test_oob+0x761/0x10f0 [ 30.851525] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.852044] ? finish_task_switch.isra.0+0x153/0x700 [ 30.852674] ? __switch_to+0x5d9/0xf60 [ 30.853183] ? __schedule+0xc3e/0x2790 [ 30.853712] ? __pfx_read_tsc+0x10/0x10 [ 30.854296] ? ktime_get_ts64+0x86/0x230 [ 30.854779] kunit_try_run_case+0x1b3/0x490 [ 30.855264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.855921] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.856417] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.856948] ? __kthread_parkme+0x82/0x160 [ 30.857562] ? preempt_count_sub+0x50/0x80 [ 30.858206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.858753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.859472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.860197] kthread+0x257/0x310 [ 30.860691] ? __pfx_kthread+0x10/0x10 [ 30.861035] ret_from_fork+0x41/0x80 [ 30.861541] ? __pfx_kthread+0x10/0x10 [ 30.861971] ret_from_fork_asm+0x1a/0x30 [ 30.862593] </TASK> [ 30.862912] [ 30.863260] Allocated by task 293: [ 30.863695] kasan_save_stack+0x3d/0x60 [ 30.864294] kasan_save_track+0x18/0x40 [ 30.864764] kasan_save_alloc_info+0x3b/0x50 [ 30.865406] __kasan_kmalloc+0xb7/0xc0 [ 30.865890] __kmalloc_noprof+0x1c4/0x500 [ 30.866514] kunit_kmalloc_array+0x25/0x60 [ 30.866907] copy_user_test_oob+0xac/0x10f0 [ 30.867444] kunit_try_run_case+0x1b3/0x490 [ 30.867925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.868605] kthread+0x257/0x310 [ 30.868983] ret_from_fork+0x41/0x80 [ 30.869304] ret_from_fork_asm+0x1a/0x30 [ 30.869914] [ 30.870270] The buggy address belongs to the object at ffff8881029a4b00 [ 30.870270] which belongs to the cache kmalloc-128 of size 128 [ 30.871236] The buggy address is located 0 bytes inside of [ 30.871236] allocated 120-byte region [ffff8881029a4b00, ffff8881029a4b78) [ 30.872535] [ 30.872833] The buggy address belongs to the physical page: [ 30.873385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a4 [ 30.874282] flags: 0x200000000000000(node=0|zone=2) [ 30.874840] page_type: f5(slab) [ 30.875290] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.876015] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.876825] page dumped because: kasan: bad access detected [ 30.877338] [ 30.877603] Memory state around the buggy address: [ 30.878047] ffff8881029a4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.878788] ffff8881029a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.879510] >ffff8881029a4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.880183] ^ [ 30.880607] ffff8881029a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881316] ffff8881029a4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881983] ==================================================================