Date
July 3, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.897054] ================================================================== [ 23.897187] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 23.897295] Write of size 1 at addr fff00000c638a078 by task kunit_try_catch/285 [ 23.897394] [ 23.897459] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.897726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.897809] Hardware name: linux,dummy-virt (DT) [ 23.897933] Call trace: [ 23.897987] show_stack+0x20/0x38 (C) [ 23.898175] dump_stack_lvl+0x8c/0xd0 [ 23.898463] print_report+0x118/0x608 [ 23.898608] kasan_report+0xdc/0x128 [ 23.898711] __asan_report_store1_noabort+0x20/0x30 [ 23.898815] strncpy_from_user+0x270/0x2a0 [ 23.898927] copy_user_test_oob+0x5c0/0xec8 [ 23.899102] kunit_try_run_case+0x170/0x3f0 [ 23.899270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.899404] kthread+0x328/0x630 [ 23.899501] ret_from_fork+0x10/0x20 [ 23.899612] [ 23.899658] Allocated by task 285: [ 23.899722] kasan_save_stack+0x3c/0x68 [ 23.899814] kasan_save_track+0x20/0x40 [ 23.899899] kasan_save_alloc_info+0x40/0x58 [ 23.899996] __kasan_kmalloc+0xd4/0xd8 [ 23.900119] __kmalloc_noprof+0x198/0x4c8 [ 23.900241] kunit_kmalloc_array+0x34/0x88 [ 23.900364] copy_user_test_oob+0xac/0xec8 [ 23.900489] kunit_try_run_case+0x170/0x3f0 [ 23.900635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.900761] kthread+0x328/0x630 [ 23.900836] ret_from_fork+0x10/0x20 [ 23.900922] [ 23.900970] The buggy address belongs to the object at fff00000c638a000 [ 23.900970] which belongs to the cache kmalloc-128 of size 128 [ 23.901102] The buggy address is located 0 bytes to the right of [ 23.901102] allocated 120-byte region [fff00000c638a000, fff00000c638a078) [ 23.901268] [ 23.901334] The buggy address belongs to the physical page: [ 23.901429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a [ 23.901548] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.901650] page_type: f5(slab) [ 23.901778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.901905] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.902011] page dumped because: kasan: bad access detected [ 23.902095] [ 23.902136] Memory state around the buggy address: [ 23.902221] fff00000c6389f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.902448] fff00000c6389f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.902582] >fff00000c638a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.902661] ^ [ 23.902775] fff00000c638a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.902868] fff00000c638a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.902958] ================================================================== [ 23.890146] ================================================================== [ 23.890312] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 23.890491] Write of size 121 at addr fff00000c638a000 by task kunit_try_catch/285 [ 23.890652] [ 23.890758] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.890942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.891001] Hardware name: linux,dummy-virt (DT) [ 23.891080] Call trace: [ 23.891125] show_stack+0x20/0x38 (C) [ 23.891241] dump_stack_lvl+0x8c/0xd0 [ 23.891331] print_report+0x118/0x608 [ 23.891463] kasan_report+0xdc/0x128 [ 23.891573] kasan_check_range+0x100/0x1a8 [ 23.891671] __kasan_check_write+0x20/0x30 [ 23.891764] strncpy_from_user+0x3c/0x2a0 [ 23.891878] copy_user_test_oob+0x5c0/0xec8 [ 23.891979] kunit_try_run_case+0x170/0x3f0 [ 23.892105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.892250] kthread+0x328/0x630 [ 23.892401] ret_from_fork+0x10/0x20 [ 23.892549] [ 23.892617] Allocated by task 285: [ 23.892726] kasan_save_stack+0x3c/0x68 [ 23.892871] kasan_save_track+0x20/0x40 [ 23.892963] kasan_save_alloc_info+0x40/0x58 [ 23.893075] __kasan_kmalloc+0xd4/0xd8 [ 23.893175] __kmalloc_noprof+0x198/0x4c8 [ 23.893276] kunit_kmalloc_array+0x34/0x88 [ 23.893368] copy_user_test_oob+0xac/0xec8 [ 23.893454] kunit_try_run_case+0x170/0x3f0 [ 23.893538] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.893637] kthread+0x328/0x630 [ 23.893769] ret_from_fork+0x10/0x20 [ 23.894041] [ 23.894114] The buggy address belongs to the object at fff00000c638a000 [ 23.894114] which belongs to the cache kmalloc-128 of size 128 [ 23.894276] The buggy address is located 0 bytes inside of [ 23.894276] allocated 120-byte region [fff00000c638a000, fff00000c638a078) [ 23.894415] [ 23.894453] The buggy address belongs to the physical page: [ 23.894518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a [ 23.894632] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.894752] page_type: f5(slab) [ 23.894837] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.894966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.895123] page dumped because: kasan: bad access detected [ 23.895232] [ 23.895273] Memory state around the buggy address: [ 23.895347] fff00000c6389f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.895455] fff00000c6389f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.895562] >fff00000c638a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.895656] ^ [ 23.895750] fff00000c638a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.895853] fff00000c638a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.895946] ==================================================================
[ 15.741162] ================================================================== [ 15.741961] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.742553] Write of size 1 at addr ffff8881039bf778 by task kunit_try_catch/303 [ 15.742878] [ 15.742987] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.743032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.743046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.743068] Call Trace: [ 15.743084] <TASK> [ 15.743100] dump_stack_lvl+0x73/0xb0 [ 15.743334] print_report+0xd1/0x650 [ 15.743367] ? __virt_addr_valid+0x1db/0x2d0 [ 15.743393] ? strncpy_from_user+0x1a5/0x1d0 [ 15.743418] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.743442] ? strncpy_from_user+0x1a5/0x1d0 [ 15.743691] kasan_report+0x141/0x180 [ 15.743724] ? strncpy_from_user+0x1a5/0x1d0 [ 15.743754] __asan_report_store1_noabort+0x1b/0x30 [ 15.743777] strncpy_from_user+0x1a5/0x1d0 [ 15.743802] copy_user_test_oob+0x760/0x10f0 [ 15.743830] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.743855] ? finish_task_switch.isra.0+0x153/0x700 [ 15.743878] ? __switch_to+0x47/0xf50 [ 15.743906] ? __schedule+0x10cc/0x2b60 [ 15.743928] ? __pfx_read_tsc+0x10/0x10 [ 15.743950] ? ktime_get_ts64+0x86/0x230 [ 15.743975] kunit_try_run_case+0x1a5/0x480 [ 15.744000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.744024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.744047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.744071] ? __kthread_parkme+0x82/0x180 [ 15.744092] ? preempt_count_sub+0x50/0x80 [ 15.744117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.744154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.744178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.744216] kthread+0x337/0x6f0 [ 15.744237] ? trace_preempt_on+0x20/0xc0 [ 15.744260] ? __pfx_kthread+0x10/0x10 [ 15.744283] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.744304] ? calculate_sigpending+0x7b/0xa0 [ 15.744329] ? __pfx_kthread+0x10/0x10 [ 15.744350] ret_from_fork+0x116/0x1d0 [ 15.744369] ? __pfx_kthread+0x10/0x10 [ 15.744389] ret_from_fork_asm+0x1a/0x30 [ 15.744421] </TASK> [ 15.744432] [ 15.755688] Allocated by task 303: [ 15.755868] kasan_save_stack+0x45/0x70 [ 15.756073] kasan_save_track+0x18/0x40 [ 15.756365] kasan_save_alloc_info+0x3b/0x50 [ 15.756567] __kasan_kmalloc+0xb7/0xc0 [ 15.756742] __kmalloc_noprof+0x1c9/0x500 [ 15.756932] kunit_kmalloc_array+0x25/0x60 [ 15.757595] copy_user_test_oob+0xab/0x10f0 [ 15.757876] kunit_try_run_case+0x1a5/0x480 [ 15.758224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.758872] kthread+0x337/0x6f0 [ 15.759428] ret_from_fork+0x116/0x1d0 [ 15.760025] ret_from_fork_asm+0x1a/0x30 [ 15.760727] [ 15.760972] The buggy address belongs to the object at ffff8881039bf700 [ 15.760972] which belongs to the cache kmalloc-128 of size 128 [ 15.762306] The buggy address is located 0 bytes to the right of [ 15.762306] allocated 120-byte region [ffff8881039bf700, ffff8881039bf778) [ 15.763001] [ 15.763087] The buggy address belongs to the physical page: [ 15.763330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039bf [ 15.763621] flags: 0x200000000000000(node=0|zone=2) [ 15.763865] page_type: f5(slab) [ 15.763997] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.764364] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.764600] page dumped because: kasan: bad access detected [ 15.764856] [ 15.764953] Memory state around the buggy address: [ 15.765247] ffff8881039bf600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.765536] ffff8881039bf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.765789] >ffff8881039bf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.766114] ^ [ 15.766388] ffff8881039bf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.766708] ffff8881039bf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.767004] ================================================================== [ 15.714119] ================================================================== [ 15.714680] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.715233] Write of size 121 at addr ffff8881039bf700 by task kunit_try_catch/303 [ 15.715939] [ 15.716051] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.716207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.716222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.716245] Call Trace: [ 15.716261] <TASK> [ 15.716277] dump_stack_lvl+0x73/0xb0 [ 15.716339] print_report+0xd1/0x650 [ 15.716367] ? __virt_addr_valid+0x1db/0x2d0 [ 15.716392] ? strncpy_from_user+0x2e/0x1d0 [ 15.716416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.716440] ? strncpy_from_user+0x2e/0x1d0 [ 15.716463] kasan_report+0x141/0x180 [ 15.716485] ? strncpy_from_user+0x2e/0x1d0 [ 15.716513] kasan_check_range+0x10c/0x1c0 [ 15.716537] __kasan_check_write+0x18/0x20 [ 15.716558] strncpy_from_user+0x2e/0x1d0 [ 15.716580] ? __kasan_check_read+0x15/0x20 [ 15.716602] copy_user_test_oob+0x760/0x10f0 [ 15.716630] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.716653] ? finish_task_switch.isra.0+0x153/0x700 [ 15.716677] ? __switch_to+0x47/0xf50 [ 15.716702] ? __schedule+0x10cc/0x2b60 [ 15.716725] ? __pfx_read_tsc+0x10/0x10 [ 15.716746] ? ktime_get_ts64+0x86/0x230 [ 15.716770] kunit_try_run_case+0x1a5/0x480 [ 15.716795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.716818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.716841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.716866] ? __kthread_parkme+0x82/0x180 [ 15.716887] ? preempt_count_sub+0x50/0x80 [ 15.716911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.716935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.716958] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.716982] kthread+0x337/0x6f0 [ 15.717002] ? trace_preempt_on+0x20/0xc0 [ 15.717026] ? __pfx_kthread+0x10/0x10 [ 15.717047] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.717069] ? calculate_sigpending+0x7b/0xa0 [ 15.717093] ? __pfx_kthread+0x10/0x10 [ 15.717116] ret_from_fork+0x116/0x1d0 [ 15.717156] ? __pfx_kthread+0x10/0x10 [ 15.717177] ret_from_fork_asm+0x1a/0x30 [ 15.717207] </TASK> [ 15.717219] [ 15.728631] Allocated by task 303: [ 15.728826] kasan_save_stack+0x45/0x70 [ 15.729021] kasan_save_track+0x18/0x40 [ 15.729534] kasan_save_alloc_info+0x3b/0x50 [ 15.729796] __kasan_kmalloc+0xb7/0xc0 [ 15.730089] __kmalloc_noprof+0x1c9/0x500 [ 15.730479] kunit_kmalloc_array+0x25/0x60 [ 15.730802] copy_user_test_oob+0xab/0x10f0 [ 15.731015] kunit_try_run_case+0x1a5/0x480 [ 15.731483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.731762] kthread+0x337/0x6f0 [ 15.732038] ret_from_fork+0x116/0x1d0 [ 15.732383] ret_from_fork_asm+0x1a/0x30 [ 15.732574] [ 15.732666] The buggy address belongs to the object at ffff8881039bf700 [ 15.732666] which belongs to the cache kmalloc-128 of size 128 [ 15.733431] The buggy address is located 0 bytes inside of [ 15.733431] allocated 120-byte region [ffff8881039bf700, ffff8881039bf778) [ 15.734164] [ 15.734436] The buggy address belongs to the physical page: [ 15.734730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039bf [ 15.735349] flags: 0x200000000000000(node=0|zone=2) [ 15.735649] page_type: f5(slab) [ 15.735927] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.736446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.736883] page dumped because: kasan: bad access detected [ 15.737296] [ 15.737400] Memory state around the buggy address: [ 15.737833] ffff8881039bf600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.738280] ffff8881039bf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.738662] >ffff8881039bf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.738961] ^ [ 15.739458] ffff8881039bf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.739943] ffff8881039bf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.740459] ==================================================================