Date
May 23, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.692850] ================================================================== [ 32.693003] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 32.693146] Write of size 1 at addr fff00000c78a6178 by task kunit_try_catch/287 [ 32.693307] [ 32.693404] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.693829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.693932] Hardware name: linux,dummy-virt (DT) [ 32.694068] Call trace: [ 32.694158] show_stack+0x20/0x38 (C) [ 32.694315] dump_stack_lvl+0x8c/0xd0 [ 32.694539] print_report+0x118/0x608 [ 32.694740] kasan_report+0xdc/0x128 [ 32.694859] __asan_report_store1_noabort+0x20/0x30 [ 32.694978] strncpy_from_user+0x270/0x2a0 [ 32.695135] copy_user_test_oob+0x5c0/0xec8 [ 32.695329] kunit_try_run_case+0x170/0x3f0 [ 32.695563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.695751] kthread+0x328/0x630 [ 32.695883] ret_from_fork+0x10/0x20 [ 32.696079] [ 32.696142] Allocated by task 287: [ 32.696226] kasan_save_stack+0x3c/0x68 [ 32.696337] kasan_save_track+0x20/0x40 [ 32.696486] kasan_save_alloc_info+0x40/0x58 [ 32.696621] __kasan_kmalloc+0xd4/0xd8 [ 32.696777] __kmalloc_noprof+0x190/0x4d0 [ 32.696897] kunit_kmalloc_array+0x34/0x88 [ 32.697142] copy_user_test_oob+0xac/0xec8 [ 32.697287] kunit_try_run_case+0x170/0x3f0 [ 32.697416] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.697569] kthread+0x328/0x630 [ 32.697688] ret_from_fork+0x10/0x20 [ 32.697801] [ 32.698396] The buggy address belongs to the object at fff00000c78a6100 [ 32.698396] which belongs to the cache kmalloc-128 of size 128 [ 32.698608] The buggy address is located 0 bytes to the right of [ 32.698608] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.699657] [ 32.700084] The buggy address belongs to the physical page: [ 32.700404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.700762] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.701072] page_type: f5(slab) [ 32.701197] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.701894] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.702175] page dumped because: kasan: bad access detected [ 32.702300] [ 32.702386] Memory state around the buggy address: [ 32.702549] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.702972] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.703120] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.703622] ^ [ 32.703969] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.704482] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.704668] ================================================================== [ 32.678315] ================================================================== [ 32.678603] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 32.679105] Write of size 121 at addr fff00000c78a6100 by task kunit_try_catch/287 [ 32.679688] [ 32.679842] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 32.680695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.680790] Hardware name: linux,dummy-virt (DT) [ 32.680856] Call trace: [ 32.680892] show_stack+0x20/0x38 (C) [ 32.681009] dump_stack_lvl+0x8c/0xd0 [ 32.681097] print_report+0x118/0x608 [ 32.681170] kasan_report+0xdc/0x128 [ 32.681235] kasan_check_range+0x100/0x1a8 [ 32.681308] __kasan_check_write+0x20/0x30 [ 32.681377] strncpy_from_user+0x3c/0x2a0 [ 32.681464] copy_user_test_oob+0x5c0/0xec8 [ 32.681664] kunit_try_run_case+0x170/0x3f0 [ 32.681821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.681993] kthread+0x328/0x630 [ 32.682130] ret_from_fork+0x10/0x20 [ 32.682310] [ 32.682392] Allocated by task 287: [ 32.682533] kasan_save_stack+0x3c/0x68 [ 32.682707] kasan_save_track+0x20/0x40 [ 32.682869] kasan_save_alloc_info+0x40/0x58 [ 32.682999] __kasan_kmalloc+0xd4/0xd8 [ 32.683091] __kmalloc_noprof+0x190/0x4d0 [ 32.683175] kunit_kmalloc_array+0x34/0x88 [ 32.683305] copy_user_test_oob+0xac/0xec8 [ 32.683470] kunit_try_run_case+0x170/0x3f0 [ 32.683646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.683797] kthread+0x328/0x630 [ 32.683905] ret_from_fork+0x10/0x20 [ 32.684046] [ 32.684101] The buggy address belongs to the object at fff00000c78a6100 [ 32.684101] which belongs to the cache kmalloc-128 of size 128 [ 32.684241] The buggy address is located 0 bytes inside of [ 32.684241] allocated 120-byte region [fff00000c78a6100, fff00000c78a6178) [ 32.684340] [ 32.684373] The buggy address belongs to the physical page: [ 32.684418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a6 [ 32.684568] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.684725] page_type: f5(slab) [ 32.684895] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.685234] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.687111] page dumped because: kasan: bad access detected [ 32.687313] [ 32.687523] Memory state around the buggy address: [ 32.688178] fff00000c78a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.688428] fff00000c78a6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.688671] >fff00000c78a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.688802] ^ [ 32.689291] fff00000c78a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.690280] fff00000c78a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.690795] ==================================================================
[ 16.547969] ================================================================== [ 16.548365] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.548752] Write of size 121 at addr ffff888102a4e100 by task kunit_try_catch/304 [ 16.549183] [ 16.549331] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.549400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.549414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.549435] Call Trace: [ 16.549454] <TASK> [ 16.549471] dump_stack_lvl+0x73/0xb0 [ 16.549500] print_report+0xd1/0x650 [ 16.549525] ? __virt_addr_valid+0x1db/0x2d0 [ 16.549546] ? strncpy_from_user+0x2e/0x1d0 [ 16.549569] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.549594] ? strncpy_from_user+0x2e/0x1d0 [ 16.549618] kasan_report+0x141/0x180 [ 16.549642] ? strncpy_from_user+0x2e/0x1d0 [ 16.549670] kasan_check_range+0x10c/0x1c0 [ 16.549692] __kasan_check_write+0x18/0x20 [ 16.549713] strncpy_from_user+0x2e/0x1d0 [ 16.549739] copy_user_test_oob+0x760/0x10f0 [ 16.549763] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.549784] ? finish_task_switch.isra.0+0x153/0x700 [ 16.549808] ? __switch_to+0x5d9/0xf60 [ 16.549829] ? dequeue_task_fair+0x166/0x4e0 [ 16.549855] ? __schedule+0x10cc/0x2b30 [ 16.549878] ? __pfx_read_tsc+0x10/0x10 [ 16.549898] ? ktime_get_ts64+0x86/0x230 [ 16.549924] kunit_try_run_case+0x1a5/0x480 [ 16.549950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.549973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.549997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.550022] ? __kthread_parkme+0x82/0x180 [ 16.550044] ? preempt_count_sub+0x50/0x80 [ 16.550070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.550095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.550118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.550141] kthread+0x337/0x6f0 [ 16.550159] ? trace_preempt_on+0x20/0xc0 [ 16.550183] ? __pfx_kthread+0x10/0x10 [ 16.550203] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.550225] ? calculate_sigpending+0x7b/0xa0 [ 16.550248] ? __pfx_kthread+0x10/0x10 [ 16.550268] ret_from_fork+0x41/0x80 [ 16.550290] ? __pfx_kthread+0x10/0x10 [ 16.550319] ret_from_fork_asm+0x1a/0x30 [ 16.550352] </TASK> [ 16.550364] [ 16.558650] Allocated by task 304: [ 16.558859] kasan_save_stack+0x45/0x70 [ 16.559080] kasan_save_track+0x18/0x40 [ 16.559271] kasan_save_alloc_info+0x3b/0x50 [ 16.559541] __kasan_kmalloc+0xb7/0xc0 [ 16.559740] __kmalloc_noprof+0x1c9/0x500 [ 16.559976] kunit_kmalloc_array+0x25/0x60 [ 16.560212] copy_user_test_oob+0xab/0x10f0 [ 16.560452] kunit_try_run_case+0x1a5/0x480 [ 16.560668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.560949] kthread+0x337/0x6f0 [ 16.561096] ret_from_fork+0x41/0x80 [ 16.561231] ret_from_fork_asm+0x1a/0x30 [ 16.561385] [ 16.561529] The buggy address belongs to the object at ffff888102a4e100 [ 16.561529] which belongs to the cache kmalloc-128 of size 128 [ 16.562064] The buggy address is located 0 bytes inside of [ 16.562064] allocated 120-byte region [ffff888102a4e100, ffff888102a4e178) [ 16.562823] [ 16.562955] The buggy address belongs to the physical page: [ 16.563220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4e [ 16.563649] flags: 0x200000000000000(node=0|zone=2) [ 16.563820] page_type: f5(slab) [ 16.563944] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.564289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.564775] page dumped because: kasan: bad access detected [ 16.565026] [ 16.565100] Memory state around the buggy address: [ 16.565275] ffff888102a4e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.565809] ffff888102a4e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.566064] >ffff888102a4e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.566426] ^ [ 16.566763] ffff888102a4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.567084] ffff888102a4e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.567405] ================================================================== [ 16.568424] ================================================================== [ 16.568677] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.568901] Write of size 1 at addr ffff888102a4e178 by task kunit_try_catch/304 [ 16.569379] [ 16.569564] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 16.569610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.569624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.569646] Call Trace: [ 16.569660] <TASK> [ 16.569675] dump_stack_lvl+0x73/0xb0 [ 16.569703] print_report+0xd1/0x650 [ 16.569726] ? __virt_addr_valid+0x1db/0x2d0 [ 16.569750] ? strncpy_from_user+0x1a5/0x1d0 [ 16.569816] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.569865] ? strncpy_from_user+0x1a5/0x1d0 [ 16.569916] kasan_report+0x141/0x180 [ 16.569964] ? strncpy_from_user+0x1a5/0x1d0 [ 16.569993] __asan_report_store1_noabort+0x1b/0x30 [ 16.570016] strncpy_from_user+0x1a5/0x1d0 [ 16.570069] copy_user_test_oob+0x760/0x10f0 [ 16.570093] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.570115] ? finish_task_switch.isra.0+0x153/0x700 [ 16.570139] ? __switch_to+0x5d9/0xf60 [ 16.570161] ? dequeue_task_fair+0x166/0x4e0 [ 16.570185] ? __schedule+0x10cc/0x2b30 [ 16.570209] ? __pfx_read_tsc+0x10/0x10 [ 16.570230] ? ktime_get_ts64+0x86/0x230 [ 16.570256] kunit_try_run_case+0x1a5/0x480 [ 16.570280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.570303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.570339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.570364] ? __kthread_parkme+0x82/0x180 [ 16.570387] ? preempt_count_sub+0x50/0x80 [ 16.570412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.570435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.570460] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.570483] kthread+0x337/0x6f0 [ 16.570502] ? trace_preempt_on+0x20/0xc0 [ 16.570525] ? __pfx_kthread+0x10/0x10 [ 16.570545] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.570567] ? calculate_sigpending+0x7b/0xa0 [ 16.570590] ? __pfx_kthread+0x10/0x10 [ 16.570610] ret_from_fork+0x41/0x80 [ 16.570632] ? __pfx_kthread+0x10/0x10 [ 16.570650] ret_from_fork_asm+0x1a/0x30 [ 16.570687] </TASK> [ 16.570699] [ 16.578396] Allocated by task 304: [ 16.578698] kasan_save_stack+0x45/0x70 [ 16.578844] kasan_save_track+0x18/0x40 [ 16.578983] kasan_save_alloc_info+0x3b/0x50 [ 16.579267] __kasan_kmalloc+0xb7/0xc0 [ 16.579494] __kmalloc_noprof+0x1c9/0x500 [ 16.579741] kunit_kmalloc_array+0x25/0x60 [ 16.579891] copy_user_test_oob+0xab/0x10f0 [ 16.580037] kunit_try_run_case+0x1a5/0x480 [ 16.580263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.580521] kthread+0x337/0x6f0 [ 16.580791] ret_from_fork+0x41/0x80 [ 16.580977] ret_from_fork_asm+0x1a/0x30 [ 16.581181] [ 16.581277] The buggy address belongs to the object at ffff888102a4e100 [ 16.581277] which belongs to the cache kmalloc-128 of size 128 [ 16.581818] The buggy address is located 0 bytes to the right of [ 16.581818] allocated 120-byte region [ffff888102a4e100, ffff888102a4e178) [ 16.582330] [ 16.582408] The buggy address belongs to the physical page: [ 16.582584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4e [ 16.582983] flags: 0x200000000000000(node=0|zone=2) [ 16.583301] page_type: f5(slab) [ 16.583508] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.583967] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.584302] page dumped because: kasan: bad access detected [ 16.584579] [ 16.584653] Memory state around the buggy address: [ 16.584840] ffff888102a4e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.585162] ffff888102a4e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.585492] >ffff888102a4e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.585788] ^ [ 16.586040] ffff888102a4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.586257] ffff888102a4e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.586802] ==================================================================