[linux-next:master] [ACPICA] 1f5f181b9b: BUG:KASAN:global-out-of-bounds_in_acpi_ut_safe_strncpy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hello,

kernel test robot noticed "BUG:KASAN:global-out-of-bounds_in_acpi_ut_safe_strncpy" on:

commit: 1f5f181b9bdfd4d55a058aaec0b6d17f18084e75 ("ACPICA: Replace strncpy() with memcpy()")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

[test failed on linux-next/master 37ff6e9a2ce321b7932d3987701757fb4d87b0e6]

in testcase: boot

config: x86_64-randconfig-r051-20250501
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+--------------------------------------------------------+------------+------------+
|                                                        | 9d57241663 | 1f5f181b9b |
+--------------------------------------------------------+------------+------------+
| BUG:KASAN:global-out-of-bounds_in_acpi_ut_safe_strncpy | 0          | 12         |
+--------------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202505081033.50e45ff4-lkp@xxxxxxxxx


[ 16.282972][ T1] BUG: KASAN: global-out-of-bounds in acpi_ut_safe_strncpy (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utnonansi.c:172) 
[   16.283199][    T1] Read of size 16 at addr ffffffff88301f40 by task swapper/0/1
[   16.283199][    T1]
[   16.283199][    T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.15.0-rc3-00029-g1f5f181b9bdf #1 VOLUNTARY
[   16.283199][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   16.283199][    T1] Call Trace:
[   16.283199][    T1]  <TASK>
[ 16.283199][ T1] __dump_stack (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/lib/dump_stack.c:95) 
[ 16.283199][ T1] dump_stack_lvl (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/lib/dump_stack.c:123) 
[ 16.283199][ T1] ? show_regs_print_info (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/lib/dump_stack.c:104) 
[ 16.283199][ T1] ? lock_acquire (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/locking/lockdep.c:118 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/locking/lockdep.c:5842) 
[ 16.283199][ T1] ? load_image (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/printk/printk.c:2470) 
[ 16.283199][ T1] ? lock_release (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/trace/events/lock.h:69) 
[ 16.283199][ T1] ? __virt_addr_valid (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/include/asm/preempt.h:85 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/linux/rcupdate.h:955 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/linux/mmzone.h:2127 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/mm/physaddr.c:65) 
[ 16.283199][ T1] ? acpi_ut_safe_strncpy (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utnonansi.c:172) 
[ 16.283199][ T1] print_report (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/kasan/report.c:409) 
[ 16.283199][ T1] ? acpi_ut_safe_strncpy (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utnonansi.c:172) 
[ 16.283199][ T1] kasan_report (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/kasan/report.c:636) 
[ 16.283199][ T1] ? acpi_ut_safe_strncpy (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utnonansi.c:172) 
[ 16.283199][ T1] kasan_check_range (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/kasan/generic.c:?) 
[ 16.283199][ T1] ? acpi_ut_safe_strncpy (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utnonansi.c:172) 
[ 16.283199][ T1] __asan_memcpy (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/kasan/shadow.c:105) 
[ 16.283199][ T1] acpi_ut_safe_strncpy (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utnonansi.c:172) 
[ 16.283199][ T1] acpi_ps_init_op (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/psutils.c:68) 
[ 16.283199][ T1] acpi_ps_alloc_op (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/psutils.c:122) 
[ 16.283199][ T1] ? acpi_ns_get_normalized_pathname (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/nsnames.c:307) 
[ 16.283199][ T1] ? acpi_ps_create_scope_op (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/psutils.c:86) 
[ 16.283199][ T1] ? acpi_debug_print_raw (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utdebug.c:266) 
[ 16.283199][ T1] acpi_ps_create_scope_op (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/psutils.c:34) 
[ 16.283199][ T1] acpi_ps_execute_table (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/psxface.c:?) 
[ 16.283199][ T1] ? __kmalloc_cache_noprof (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/slub.c:4373) 
[ 16.283199][ T1] acpi_ns_execute_table (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/nsparse.c:?) 
[ 16.283199][ T1] ? acpi_ns_get_attached_data (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/nsparse.c:45) 
[ 16.283199][ T1] ? acpi_debug_print_raw (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utdebug.c:266) 
[ 16.283199][ T1] ? acpi_os_signal_semaphore (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/osl.c:?) 
[ 16.283199][ T1] ? acpi_ut_release_mutex (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/utmutex.c:?) 
[ 16.283199][ T1] acpi_ns_parse_table (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/nsparse.c:268) 
[ 16.283199][ T1] acpi_ns_load_table (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/nsload.c:72) 
[ 16.283199][ T1] acpi_tb_load_namespace (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/tbxfload.c:158) 
[ 16.283199][ T1] ? acpi_ev_install_region_handlers (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/evhandler.c:101) 
[ 16.283199][ T1] acpi_load_tables (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/acpica/tbxfload.c:67) 
[ 16.283199][ T1] acpi_bus_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/bus.c:?) 
[ 16.283199][ T1] ? acpi_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/bus.c:1337) 
[ 16.283199][ T1] ? kasan_save_alloc_info (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/kasan/generic.c:563) 
[ 16.283199][ T1] ? __kasan_kmalloc (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/kasan/common.c:398) 
[ 16.283199][ T1] ? __kasan_check_write (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/mm/kasan/shadow.c:37) 
[ 16.283199][ T1] ? kobject_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/include/asm/atomic.h:28) 
[ 16.283199][ T1] acpi_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/drivers/acpi/bus.c:1455) 
[ 16.283199][ T1] do_one_initcall (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1257) 
[ 16.283199][ T1] ? acpi_arch_init+0x10/0x10 
[ 16.283199][ T1] ? IS_ERR_OR_NULL (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1248) 
[ 16.283199][ T1] ? _raw_spin_unlock_irqrestore (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/linux/spinlock_api_smp.h:? kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/locking/spinlock.c:194) 
[ 16.283199][ T1] ? _raw_spin_unlock_irqrestore (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/include/asm/irqflags.h:146 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/locking/spinlock.c:194) 
[ 16.283199][ T1] ? _raw_spin_unlock (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/locking/spinlock.c:193) 
[ 16.283199][ T1] ? t_show (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/linux/ucopysize.h:57 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/linux/uaccess.h:207 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/trace/trace.c:6336) 
[ 16.283199][ T1] ? irqentry_exit (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/entry/common.c:?) 
[ 16.283199][ T1] ? sysvec_apic_timer_interrupt (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/kernel/apic/apic.c:1049) 
[ 16.283199][ T1] ? stop_critical_timings (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/trace/trace_irqsoff.c:633) 
[ 16.283199][ T1] ? sysvec_apic_timer_interrupt (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/kernel/apic/apic.c:1049) 
[ 16.283199][ T1] ? irqentry_exit (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/entry/common.c:?) 
[ 16.283199][ T1] ? sysvec_apic_timer_interrupt (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/kernel/apic/apic.c:1049) 
[ 16.283199][ T1] ? trace_hardirqs_on (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/trace/trace_preemptirq.c:80) 
[ 16.283199][ T1] ? irqentry_exit (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/entry/common.c:?) 
[ 16.283199][ T1] ? sysvec_apic_timer_interrupt (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/kernel/apic/apic.c:1049) 
[ 16.283199][ T1] ? asm_sysvec_apic_timer_interrupt (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/include/asm/idtentry.h:702) 
[ 16.283199][ T1] ? do_initcall_level (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1303) 
[ 16.283199][ T1] ? next_arg (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/lib/cmdline.c:273) 
[ 16.283199][ T1] ? parameq (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/params.c:90 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/params.c:99) 
[ 16.283199][ T1] ? parse_args (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/params.c:153) 
[ 16.283199][ T1] ? parameq (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/params.c:168) 
[ 16.283199][ T1] ? t_show (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/linux/ucopysize.h:57 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/include/linux/uaccess.h:207 kbuild/obj/consumer/x86_64-randconfig-r051-20250501/kernel/trace/trace.c:6336) 
[ 16.283199][ T1] ? do_initcalls (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1329) 
[ 16.283199][ T1] do_initcall_level (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1318) 
[ 16.283199][ T1] do_initcalls (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1332) 
[ 16.283199][ T1] do_basic_setup (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1355) 
[ 16.283199][ T1] kernel_init_freeable (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1571) 
[ 16.283199][ T1] ? rest_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1449) 
[ 16.283199][ T1] kernel_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1459) 
[ 16.283199][ T1] ? rest_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1449) 
[ 16.283199][ T1] ret_from_fork (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/kernel/process.c:159) 
[ 16.283199][ T1] ? rest_init (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/init/main.c:1449) 
[ 16.283199][ T1] ret_from_fork_asm (kbuild/obj/consumer/x86_64-randconfig-r051-20250501/arch/x86/entry/entry_64.S:258) 
[   16.283199][    T1]  </TASK>
[   16.283199][    T1]
[   16.283199][    T1] The buggy address belongs to the variable:
[ 16.283199][ T1] .str.8+0x0/0x20 
[   16.283199][    T1]
[   16.283199][    T1] The buggy address belongs to the physical page:
[   16.283199][    T1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8301
[   16.283199][    T1] flags: 0x4000000000002000(reserved|zone=1)
[   16.283199][    T1] raw: 4000000000002000 ffffea000020c048 ffffea000020c048 0000000000000000
[   16.283199][    T1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   16.283199][    T1] page dumped because: kasan: bad access detected
[   16.283199][    T1] page_owner info is not present (never set?)
[   16.283199][    T1]
[   16.283199][    T1] Memory state around the buggy address:
[   16.283199][    T1]  ffffffff88301e00: 00 00 00 00 00 00 00 00 05 f9 f9 f9 04 f9 f9 f9
[   16.283199][    T1]  ffffffff88301e80: 06 f9 f9 f9 05 f9 f9 f9 00 02 f9 f9 00 02 f9 f9
[   16.283199][    T1] >ffffffff88301f00: 00 03 f9 f9 07 f9 f9 f9 06 f9 f9 f9 07 f9 f9 f9
[   16.283199][    T1]                                            ^
[   16.283199][    T1]  ffffffff88301f80: 00 f9 f9 f9 07 f9 f9 f9 07 f9 f9 f9 07 f9 f9 f9


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250508/202505081033.50e45ff4-lkp@xxxxxxxxx



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
[Index of Archives]     [Linux IBM ACPI]     [Linux Power Management]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]
  Powered by Linux