Date
Dec. 5, 2024, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.142773] ================================================================== [ 37.144546] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 37.145363] Write of size 121 at addr fff00000c669bf00 by task kunit_try_catch/274 [ 37.146170] [ 37.146554] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 37.147751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.148318] Hardware name: linux,dummy-virt (DT) [ 37.149152] Call trace: [ 37.149687] show_stack+0x20/0x38 (C) [ 37.150317] dump_stack_lvl+0x8c/0xd0 [ 37.150858] print_report+0x118/0x5e0 [ 37.151631] kasan_report+0xc8/0x118 [ 37.152197] kasan_check_range+0x100/0x1a8 [ 37.152893] __kasan_check_write+0x20/0x30 [ 37.153517] strncpy_from_user+0x3c/0x2a0 [ 37.154103] copy_user_test_oob+0x5c0/0xec0 [ 37.154660] kunit_try_run_case+0x14c/0x3d0 [ 37.155474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.156418] kthread+0x24c/0x2d0 [ 37.156914] ret_from_fork+0x10/0x20 [ 37.157415] [ 37.157745] Allocated by task 274: [ 37.158175] kasan_save_stack+0x3c/0x68 [ 37.158892] kasan_save_track+0x20/0x40 [ 37.159365] kasan_save_alloc_info+0x40/0x58 [ 37.159958] __kasan_kmalloc+0xd4/0xd8 [ 37.160597] __kmalloc_noprof+0x188/0x4c8 [ 37.161190] kunit_kmalloc_array+0x34/0x88 [ 37.161829] copy_user_test_oob+0xac/0xec0 [ 37.162363] kunit_try_run_case+0x14c/0x3d0 [ 37.163105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.163690] kthread+0x24c/0x2d0 [ 37.164344] ret_from_fork+0x10/0x20 [ 37.164972] [ 37.165266] The buggy address belongs to the object at fff00000c669bf00 [ 37.165266] which belongs to the cache kmalloc-128 of size 128 [ 37.166756] The buggy address is located 0 bytes inside of [ 37.166756] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 37.168151] [ 37.168453] The buggy address belongs to the physical page: [ 37.169103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 37.170288] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.171286] page_type: f5(slab) [ 37.171768] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.172731] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.173724] page dumped because: kasan: bad access detected [ 37.174484] [ 37.174800] Memory state around the buggy address: [ 37.175443] fff00000c669be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.176358] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.177380] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.178652] ^ [ 37.179657] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.180550] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.181456] ================================================================== [ 37.183268] ================================================================== [ 37.184027] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 37.185098] Write of size 1 at addr fff00000c669bf78 by task kunit_try_catch/274 [ 37.186162] [ 37.186522] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 37.187938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.188527] Hardware name: linux,dummy-virt (DT) [ 37.189172] Call trace: [ 37.189532] show_stack+0x20/0x38 (C) [ 37.190000] dump_stack_lvl+0x8c/0xd0 [ 37.190739] print_report+0x118/0x5e0 [ 37.191519] kasan_report+0xc8/0x118 [ 37.192264] __asan_report_store1_noabort+0x20/0x30 [ 37.193051] strncpy_from_user+0x270/0x2a0 [ 37.193688] copy_user_test_oob+0x5c0/0xec0 [ 37.194416] kunit_try_run_case+0x14c/0x3d0 [ 37.195154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.195819] kthread+0x24c/0x2d0 [ 37.196498] ret_from_fork+0x10/0x20 [ 37.197050] [ 37.197431] Allocated by task 274: [ 37.197972] kasan_save_stack+0x3c/0x68 [ 37.198709] kasan_save_track+0x20/0x40 [ 37.199281] kasan_save_alloc_info+0x40/0x58 [ 37.200069] __kasan_kmalloc+0xd4/0xd8 [ 37.200595] __kmalloc_noprof+0x188/0x4c8 [ 37.201246] kunit_kmalloc_array+0x34/0x88 [ 37.201974] copy_user_test_oob+0xac/0xec0 [ 37.202677] kunit_try_run_case+0x14c/0x3d0 [ 37.203362] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.204110] kthread+0x24c/0x2d0 [ 37.204604] ret_from_fork+0x10/0x20 [ 37.205211] [ 37.205526] The buggy address belongs to the object at fff00000c669bf00 [ 37.205526] which belongs to the cache kmalloc-128 of size 128 [ 37.207028] The buggy address is located 0 bytes to the right of [ 37.207028] allocated 120-byte region [fff00000c669bf00, fff00000c669bf78) [ 37.208485] [ 37.208788] The buggy address belongs to the physical page: [ 37.209439] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10669b [ 37.210570] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.211476] page_type: f5(slab) [ 37.212002] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.213040] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.214013] page dumped because: kasan: bad access detected [ 37.214694] [ 37.215033] Memory state around the buggy address: [ 37.215597] fff00000c669be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.216452] fff00000c669be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.217387] >fff00000c669bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.218275] ^ [ 37.219134] fff00000c669bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.220009] fff00000c669c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.220813] ==================================================================
[ 35.434596] ================================================================== [ 35.435369] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 35.436040] Write of size 121 at addr ffff888101ac8600 by task kunit_try_catch/292 [ 35.436744] [ 35.437065] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 35.438164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.438638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.439530] Call Trace: [ 35.439844] <TASK> [ 35.440228] dump_stack_lvl+0x73/0xb0 [ 35.440750] print_report+0xd1/0x640 [ 35.441183] ? __virt_addr_valid+0x1db/0x2d0 [ 35.441633] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.442239] kasan_report+0x102/0x140 [ 35.442908] ? strncpy_from_user+0x2e/0x1e0 [ 35.443404] ? strncpy_from_user+0x2e/0x1e0 [ 35.443918] kasan_check_range+0x10c/0x1c0 [ 35.444256] __kasan_check_write+0x18/0x20 [ 35.444563] strncpy_from_user+0x2e/0x1e0 [ 35.444938] ? __kasan_check_read+0x15/0x20 [ 35.445510] copy_user_test_oob+0x761/0x10f0 [ 35.446304] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.446983] ? finish_task_switch.isra.0+0x153/0x700 [ 35.447643] ? __switch_to+0x5d9/0xf60 [ 35.448154] ? irqentry_exit+0x2a/0x60 [ 35.448555] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 35.449121] ? trace_hardirqs_on+0x37/0xe0 [ 35.449428] ? __pfx_read_tsc+0x10/0x10 [ 35.449738] ? ktime_get_ts64+0x86/0x230 [ 35.450399] kunit_try_run_case+0x1b3/0x490 [ 35.451065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.451654] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.452374] ? __kthread_parkme+0x82/0x160 [ 35.452934] ? preempt_count_sub+0x50/0x80 [ 35.453346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.453945] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.454355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.454748] kthread+0x257/0x310 [ 35.455355] ? __pfx_kthread+0x10/0x10 [ 35.455976] ret_from_fork+0x41/0x80 [ 35.456440] ? __pfx_kthread+0x10/0x10 [ 35.456758] ret_from_fork_asm+0x1a/0x30 [ 35.457420] </TASK> [ 35.457776] [ 35.458044] Allocated by task 292: [ 35.458471] kasan_save_stack+0x3d/0x60 [ 35.458955] kasan_save_track+0x18/0x40 [ 35.459244] kasan_save_alloc_info+0x3b/0x50 [ 35.459879] __kasan_kmalloc+0xb7/0xc0 [ 35.460424] __kmalloc_noprof+0x1c4/0x500 [ 35.461026] kunit_kmalloc_array+0x25/0x60 [ 35.461554] copy_user_test_oob+0xac/0x10f0 [ 35.462054] kunit_try_run_case+0x1b3/0x490 [ 35.462556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.463186] kthread+0x257/0x310 [ 35.463592] ret_from_fork+0x41/0x80 [ 35.464130] ret_from_fork_asm+0x1a/0x30 [ 35.464613] [ 35.464945] The buggy address belongs to the object at ffff888101ac8600 [ 35.464945] which belongs to the cache kmalloc-128 of size 128 [ 35.466184] The buggy address is located 0 bytes inside of [ 35.466184] allocated 120-byte region [ffff888101ac8600, ffff888101ac8678) [ 35.467240] [ 35.467409] The buggy address belongs to the physical page: [ 35.468188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac8 [ 35.468990] flags: 0x200000000000000(node=0|zone=2) [ 35.469322] page_type: f5(slab) [ 35.469859] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.470642] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.471314] page dumped because: kasan: bad access detected [ 35.471982] [ 35.472148] Memory state around the buggy address: [ 35.472448] ffff888101ac8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.472834] ffff888101ac8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.473635] >ffff888101ac8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.474406] ^ [ 35.475065] ffff888101ac8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.475906] ffff888101ac8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.476573] ================================================================== [ 35.477879] ================================================================== [ 35.478633] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 35.479315] Write of size 1 at addr ffff888101ac8678 by task kunit_try_catch/292 [ 35.480157] [ 35.480441] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 35.481469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.482038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.482911] Call Trace: [ 35.483190] <TASK> [ 35.483543] dump_stack_lvl+0x73/0xb0 [ 35.483975] print_report+0xd1/0x640 [ 35.484503] ? __virt_addr_valid+0x1db/0x2d0 [ 35.485047] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.485606] kasan_report+0x102/0x140 [ 35.486178] ? strncpy_from_user+0x1a7/0x1e0 [ 35.486591] ? strncpy_from_user+0x1a7/0x1e0 [ 35.487281] __asan_report_store1_noabort+0x1b/0x30 [ 35.487897] strncpy_from_user+0x1a7/0x1e0 [ 35.488501] copy_user_test_oob+0x761/0x10f0 [ 35.489247] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.489912] ? finish_task_switch.isra.0+0x153/0x700 [ 35.490819] ? __switch_to+0x5d9/0xf60 [ 35.491446] ? irqentry_exit+0x2a/0x60 [ 35.491958] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 35.492409] ? trace_hardirqs_on+0x37/0xe0 [ 35.493034] ? __pfx_read_tsc+0x10/0x10 [ 35.493891] ? ktime_get_ts64+0x86/0x230 [ 35.494427] kunit_try_run_case+0x1b3/0x490 [ 35.495060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.495787] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 35.496245] ? __kthread_parkme+0x82/0x160 [ 35.497108] ? preempt_count_sub+0x50/0x80 [ 35.497731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.498486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.498783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.499269] kthread+0x257/0x310 [ 35.499668] ? __pfx_kthread+0x10/0x10 [ 35.500423] ret_from_fork+0x41/0x80 [ 35.500970] ? __pfx_kthread+0x10/0x10 [ 35.501307] ret_from_fork_asm+0x1a/0x30 [ 35.501714] </TASK> [ 35.502006] [ 35.502195] Allocated by task 292: [ 35.502594] kasan_save_stack+0x3d/0x60 [ 35.503137] kasan_save_track+0x18/0x40 [ 35.503497] kasan_save_alloc_info+0x3b/0x50 [ 35.504019] __kasan_kmalloc+0xb7/0xc0 [ 35.504484] __kmalloc_noprof+0x1c4/0x500 [ 35.504843] kunit_kmalloc_array+0x25/0x60 [ 35.505426] copy_user_test_oob+0xac/0x10f0 [ 35.506150] kunit_try_run_case+0x1b3/0x490 [ 35.506821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.507248] kthread+0x257/0x310 [ 35.507754] ret_from_fork+0x41/0x80 [ 35.508223] ret_from_fork_asm+0x1a/0x30 [ 35.508863] [ 35.509200] The buggy address belongs to the object at ffff888101ac8600 [ 35.509200] which belongs to the cache kmalloc-128 of size 128 [ 35.510310] The buggy address is located 0 bytes to the right of [ 35.510310] allocated 120-byte region [ffff888101ac8600, ffff888101ac8678) [ 35.511552] [ 35.511935] The buggy address belongs to the physical page: [ 35.512471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac8 [ 35.513261] flags: 0x200000000000000(node=0|zone=2) [ 35.513969] page_type: f5(slab) [ 35.514298] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.515213] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.516027] page dumped because: kasan: bad access detected [ 35.516599] [ 35.516948] Memory state around the buggy address: [ 35.517258] ffff888101ac8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.518066] ffff888101ac8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.518988] >ffff888101ac8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.519745] ^ [ 35.520495] ffff888101ac8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.521267] ffff888101ac8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.521882] ==================================================================