Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.707239] ================================================================== [ 30.708567] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 30.709753] Write of size 121 at addr fff00000c1313100 by task kunit_try_catch/273 [ 30.710796] [ 30.711208] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.712373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.712922] Hardware name: linux,dummy-virt (DT) [ 30.713465] Call trace: [ 30.713825] show_stack+0x20/0x38 (C) [ 30.714303] dump_stack_lvl+0x8c/0xd0 [ 30.714918] print_report+0x118/0x5e0 [ 30.715418] kasan_report+0xc8/0x118 [ 30.716083] kasan_check_range+0x100/0x1a8 [ 30.716654] __kasan_check_write+0x20/0x30 [ 30.717205] strncpy_from_user+0x3c/0x2a0 [ 30.717863] copy_user_test_oob+0x5c0/0xec0 [ 30.718554] kunit_try_run_case+0x14c/0x3d0 [ 30.719377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.720128] kthread+0x24c/0x2d0 [ 30.720662] ret_from_fork+0x10/0x20 [ 30.721215] [ 30.721533] Allocated by task 273: [ 30.721991] kasan_save_stack+0x3c/0x68 [ 30.722617] kasan_save_track+0x20/0x40 [ 30.723343] kasan_save_alloc_info+0x40/0x58 [ 30.723784] __kasan_kmalloc+0xd4/0xd8 [ 30.724358] __kmalloc_noprof+0x188/0x4c8 [ 30.725069] kunit_kmalloc_array+0x34/0x88 [ 30.725607] copy_user_test_oob+0xac/0xec0 [ 30.726152] kunit_try_run_case+0x14c/0x3d0 [ 30.726790] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.728099] kthread+0x24c/0x2d0 [ 30.728564] ret_from_fork+0x10/0x20 [ 30.729181] [ 30.729499] The buggy address belongs to the object at fff00000c1313100 [ 30.729499] which belongs to the cache kmalloc-128 of size 128 [ 30.731045] The buggy address is located 0 bytes inside of [ 30.731045] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.732479] [ 30.732868] The buggy address belongs to the physical page: [ 30.733479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.734326] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.735409] page_type: f5(slab) [ 30.735926] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.736725] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.737586] page dumped because: kasan: bad access detected [ 30.738222] [ 30.738572] Memory state around the buggy address: [ 30.739499] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.740330] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.741176] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.741963] ^ [ 30.742741] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.743673] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.744475] ================================================================== [ 30.747430] ================================================================== [ 30.748260] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 30.748972] Write of size 1 at addr fff00000c1313178 by task kunit_try_catch/273 [ 30.749575] [ 30.749934] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 30.751106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.751605] Hardware name: linux,dummy-virt (DT) [ 30.752390] Call trace: [ 30.752813] show_stack+0x20/0x38 (C) [ 30.753522] dump_stack_lvl+0x8c/0xd0 [ 30.754224] print_report+0x118/0x5e0 [ 30.754891] kasan_report+0xc8/0x118 [ 30.755516] __asan_report_store1_noabort+0x20/0x30 [ 30.756278] strncpy_from_user+0x270/0x2a0 [ 30.756972] copy_user_test_oob+0x5c0/0xec0 [ 30.757668] kunit_try_run_case+0x14c/0x3d0 [ 30.758352] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.759153] kthread+0x24c/0x2d0 [ 30.759840] ret_from_fork+0x10/0x20 [ 30.760333] [ 30.760613] Allocated by task 273: [ 30.761399] kasan_save_stack+0x3c/0x68 [ 30.762124] kasan_save_track+0x20/0x40 [ 30.762825] kasan_save_alloc_info+0x40/0x58 [ 30.763515] __kasan_kmalloc+0xd4/0xd8 [ 30.764201] __kmalloc_noprof+0x188/0x4c8 [ 30.764904] kunit_kmalloc_array+0x34/0x88 [ 30.765435] copy_user_test_oob+0xac/0xec0 [ 30.766238] kunit_try_run_case+0x14c/0x3d0 [ 30.766947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.767849] kthread+0x24c/0x2d0 [ 30.768268] ret_from_fork+0x10/0x20 [ 30.768995] [ 30.769375] The buggy address belongs to the object at fff00000c1313100 [ 30.769375] which belongs to the cache kmalloc-128 of size 128 [ 30.770913] The buggy address is located 0 bytes to the right of [ 30.770913] allocated 120-byte region [fff00000c1313100, fff00000c1313178) [ 30.772252] [ 30.772568] The buggy address belongs to the physical page: [ 30.773307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101313 [ 30.774204] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.774903] page_type: f5(slab) [ 30.775381] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.776264] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.777101] page dumped because: kasan: bad access detected [ 30.777742] [ 30.778064] Memory state around the buggy address: [ 30.778618] fff00000c1313000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.779375] fff00000c1313080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.780254] >fff00000c1313100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.781099] ^ [ 30.781885] fff00000c1313180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.782645] fff00000c1313200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.783448] ==================================================================
[ 32.320887] ================================================================== [ 32.322131] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1e0 [ 32.323227] Write of size 121 at addr ffff88810296dd00 by task kunit_try_catch/292 [ 32.324532] [ 32.324709] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 32.326401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.326923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.328002] Call Trace: [ 32.328239] <TASK> [ 32.328839] dump_stack_lvl+0x73/0xb0 [ 32.329244] print_report+0xd1/0x640 [ 32.329681] ? __virt_addr_valid+0x1db/0x2d0 [ 32.330499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.331050] kasan_report+0x102/0x140 [ 32.331795] ? strncpy_from_user+0x2e/0x1e0 [ 32.332415] ? strncpy_from_user+0x2e/0x1e0 [ 32.332835] kasan_check_range+0x10c/0x1c0 [ 32.333535] __kasan_check_write+0x18/0x20 [ 32.334208] strncpy_from_user+0x2e/0x1e0 [ 32.334631] ? __kasan_check_read+0x15/0x20 [ 32.335147] copy_user_test_oob+0x761/0x10f0 [ 32.336065] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.336677] ? finish_task_switch.isra.0+0x153/0x700 [ 32.337288] ? __switch_to+0x5d9/0xf60 [ 32.337670] ? __schedule+0xc70/0x27e0 [ 32.338553] ? __pfx_read_tsc+0x10/0x10 [ 32.339115] ? ktime_get_ts64+0x86/0x230 [ 32.339740] kunit_try_run_case+0x1b3/0x490 [ 32.340369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.340877] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.341613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.342189] ? __kthread_parkme+0x82/0x160 [ 32.342595] ? preempt_count_sub+0x50/0x80 [ 32.342979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.343390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.344131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.345129] kthread+0x257/0x310 [ 32.345788] ? __pfx_kthread+0x10/0x10 [ 32.346352] ret_from_fork+0x41/0x80 [ 32.347295] ? __pfx_kthread+0x10/0x10 [ 32.347585] ret_from_fork_asm+0x1a/0x30 [ 32.348164] </TASK> [ 32.348630] [ 32.348974] Allocated by task 292: [ 32.349315] kasan_save_stack+0x3d/0x60 [ 32.349842] kasan_save_track+0x18/0x40 [ 32.350315] kasan_save_alloc_info+0x3b/0x50 [ 32.351491] __kasan_kmalloc+0xb7/0xc0 [ 32.352099] __kmalloc_noprof+0x1c4/0x500 [ 32.352536] kunit_kmalloc_array+0x25/0x60 [ 32.353571] copy_user_test_oob+0xac/0x10f0 [ 32.353858] kunit_try_run_case+0x1b3/0x490 [ 32.354816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.355445] kthread+0x257/0x310 [ 32.355838] ret_from_fork+0x41/0x80 [ 32.356415] ret_from_fork_asm+0x1a/0x30 [ 32.357211] [ 32.357452] The buggy address belongs to the object at ffff88810296dd00 [ 32.357452] which belongs to the cache kmalloc-128 of size 128 [ 32.359381] The buggy address is located 0 bytes inside of [ 32.359381] allocated 120-byte region [ffff88810296dd00, ffff88810296dd78) [ 32.360563] [ 32.361119] The buggy address belongs to the physical page: [ 32.361740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 32.362498] flags: 0x200000000000000(node=0|zone=2) [ 32.363362] page_type: f5(slab) [ 32.363705] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.364701] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.365394] page dumped because: kasan: bad access detected [ 32.366304] [ 32.366780] Memory state around the buggy address: [ 32.367451] ffff88810296dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.368208] ffff88810296dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.369238] >ffff88810296dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.369852] ^ [ 32.371009] ffff88810296dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.371895] ffff88810296de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.372474] ================================================================== [ 32.374502] ================================================================== [ 32.375648] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a7/0x1e0 [ 32.376354] Write of size 1 at addr ffff88810296dd78 by task kunit_try_catch/292 [ 32.376867] [ 32.378055] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 32.378966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.379574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.380547] Call Trace: [ 32.381087] <TASK> [ 32.381329] dump_stack_lvl+0x73/0xb0 [ 32.382072] print_report+0xd1/0x640 [ 32.382534] ? __virt_addr_valid+0x1db/0x2d0 [ 32.383283] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.383849] kasan_report+0x102/0x140 [ 32.384538] ? strncpy_from_user+0x1a7/0x1e0 [ 32.385320] ? strncpy_from_user+0x1a7/0x1e0 [ 32.385929] __asan_report_store1_noabort+0x1b/0x30 [ 32.386480] strncpy_from_user+0x1a7/0x1e0 [ 32.387203] copy_user_test_oob+0x761/0x10f0 [ 32.387877] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.388566] ? finish_task_switch.isra.0+0x153/0x700 [ 32.389512] ? __switch_to+0x5d9/0xf60 [ 32.389954] ? __schedule+0xc70/0x27e0 [ 32.390418] ? __pfx_read_tsc+0x10/0x10 [ 32.391116] ? ktime_get_ts64+0x86/0x230 [ 32.391549] kunit_try_run_case+0x1b3/0x490 [ 32.392179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.393006] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.393532] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.394317] ? __kthread_parkme+0x82/0x160 [ 32.394973] ? preempt_count_sub+0x50/0x80 [ 32.395405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.396283] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.396791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.397477] kthread+0x257/0x310 [ 32.398140] ? __pfx_kthread+0x10/0x10 [ 32.398736] ret_from_fork+0x41/0x80 [ 32.399326] ? __pfx_kthread+0x10/0x10 [ 32.400081] ret_from_fork_asm+0x1a/0x30 [ 32.400557] </TASK> [ 32.401240] [ 32.401449] Allocated by task 292: [ 32.401950] kasan_save_stack+0x3d/0x60 [ 32.403220] kasan_save_track+0x18/0x40 [ 32.403617] kasan_save_alloc_info+0x3b/0x50 [ 32.404444] __kasan_kmalloc+0xb7/0xc0 [ 32.404864] __kmalloc_noprof+0x1c4/0x500 [ 32.405664] kunit_kmalloc_array+0x25/0x60 [ 32.406337] copy_user_test_oob+0xac/0x10f0 [ 32.407049] kunit_try_run_case+0x1b3/0x490 [ 32.407441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.408356] kthread+0x257/0x310 [ 32.408689] ret_from_fork+0x41/0x80 [ 32.409195] ret_from_fork_asm+0x1a/0x30 [ 32.409836] [ 32.410170] The buggy address belongs to the object at ffff88810296dd00 [ 32.410170] which belongs to the cache kmalloc-128 of size 128 [ 32.411787] The buggy address is located 0 bytes to the right of [ 32.411787] allocated 120-byte region [ffff88810296dd00, ffff88810296dd78) [ 32.413564] [ 32.413805] The buggy address belongs to the physical page: [ 32.414278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10296d [ 32.415093] flags: 0x200000000000000(node=0|zone=2) [ 32.416016] page_type: f5(slab) [ 32.416483] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.417614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.418640] page dumped because: kasan: bad access detected [ 32.419172] [ 32.419409] Memory state around the buggy address: [ 32.419815] ffff88810296dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.420955] ffff88810296dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.421684] >ffff88810296dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.422532] ^ [ 32.423432] ffff88810296dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.423988] ffff88810296de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.424800] ==================================================================