Date
July 5, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.303856] ================================================================== [ 21.303921] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 21.304027] Write of size 121 at addr fff00000c78d3b00 by task kunit_try_catch/285 [ 21.304082] [ 21.304383] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.304513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.304555] Hardware name: linux,dummy-virt (DT) [ 21.304813] Call trace: [ 21.304904] show_stack+0x20/0x38 (C) [ 21.305026] dump_stack_lvl+0x8c/0xd0 [ 21.305146] print_report+0x118/0x608 [ 21.305534] kasan_report+0xdc/0x128 [ 21.305649] kasan_check_range+0x100/0x1a8 [ 21.305720] __kasan_check_write+0x20/0x30 [ 21.305769] strncpy_from_user+0x3c/0x2a0 [ 21.305832] copy_user_test_oob+0x5c0/0xec8 [ 21.305882] kunit_try_run_case+0x170/0x3f0 [ 21.305929] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.305983] kthread+0x328/0x630 [ 21.306037] ret_from_fork+0x10/0x20 [ 21.306095] [ 21.306125] Allocated by task 285: [ 21.306180] kasan_save_stack+0x3c/0x68 [ 21.306223] kasan_save_track+0x20/0x40 [ 21.306279] kasan_save_alloc_info+0x40/0x58 [ 21.306330] __kasan_kmalloc+0xd4/0xd8 [ 21.306367] __kmalloc_noprof+0x198/0x4c8 [ 21.306415] kunit_kmalloc_array+0x34/0x88 [ 21.306453] copy_user_test_oob+0xac/0xec8 [ 21.306494] kunit_try_run_case+0x170/0x3f0 [ 21.306541] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.306594] kthread+0x328/0x630 [ 21.306645] ret_from_fork+0x10/0x20 [ 21.306682] [ 21.306711] The buggy address belongs to the object at fff00000c78d3b00 [ 21.306711] which belongs to the cache kmalloc-128 of size 128 [ 21.306770] The buggy address is located 0 bytes inside of [ 21.306770] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.306847] [ 21.306888] The buggy address belongs to the physical page: [ 21.306951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.307017] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.307067] page_type: f5(slab) [ 21.307107] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.307346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.307580] page dumped because: kasan: bad access detected [ 21.307893] [ 21.308190] Memory state around the buggy address: [ 21.308235] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.308283] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.308653] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.308768] ^ [ 21.308963] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.309124] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.309181] ================================================================== [ 21.310392] ================================================================== [ 21.310703] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 21.311048] Write of size 1 at addr fff00000c78d3b78 by task kunit_try_catch/285 [ 21.311105] [ 21.311146] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.311243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.311514] Hardware name: linux,dummy-virt (DT) [ 21.311683] Call trace: [ 21.311870] show_stack+0x20/0x38 (C) [ 21.312302] dump_stack_lvl+0x8c/0xd0 [ 21.312486] print_report+0x118/0x608 [ 21.312572] kasan_report+0xdc/0x128 [ 21.312768] __asan_report_store1_noabort+0x20/0x30 [ 21.312817] strncpy_from_user+0x270/0x2a0 [ 21.312867] copy_user_test_oob+0x5c0/0xec8 [ 21.312915] kunit_try_run_case+0x170/0x3f0 [ 21.313662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.313782] kthread+0x328/0x630 [ 21.313969] ret_from_fork+0x10/0x20 [ 21.314343] [ 21.314393] Allocated by task 285: [ 21.314550] kasan_save_stack+0x3c/0x68 [ 21.314749] kasan_save_track+0x20/0x40 [ 21.314852] kasan_save_alloc_info+0x40/0x58 [ 21.314949] __kasan_kmalloc+0xd4/0xd8 [ 21.315025] __kmalloc_noprof+0x198/0x4c8 [ 21.315220] kunit_kmalloc_array+0x34/0x88 [ 21.315472] copy_user_test_oob+0xac/0xec8 [ 21.315639] kunit_try_run_case+0x170/0x3f0 [ 21.315716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.316091] kthread+0x328/0x630 [ 21.316177] ret_from_fork+0x10/0x20 [ 21.316303] [ 21.316393] The buggy address belongs to the object at fff00000c78d3b00 [ 21.316393] which belongs to the cache kmalloc-128 of size 128 [ 21.316512] The buggy address is located 0 bytes to the right of [ 21.316512] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.316577] [ 21.316599] The buggy address belongs to the physical page: [ 21.316726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.316921] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.317082] page_type: f5(slab) [ 21.317138] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.317241] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.317770] page dumped because: kasan: bad access detected [ 21.318835] [ 21.318940] Memory state around the buggy address: [ 21.319215] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.319374] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.319585] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.319742] ^ [ 21.319813] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.319989] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.320179] ==================================================================
[ 18.266261] ================================================================== [ 18.266741] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 18.267371] Write of size 1 at addr ffff888103929778 by task kunit_try_catch/303 [ 18.267772] [ 18.268211] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.268271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.268288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.268319] Call Trace: [ 18.268344] <TASK> [ 18.268367] dump_stack_lvl+0x73/0xb0 [ 18.268406] print_report+0xd1/0x650 [ 18.268435] ? __virt_addr_valid+0x1db/0x2d0 [ 18.268463] ? strncpy_from_user+0x1a5/0x1d0 [ 18.268492] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.268519] ? strncpy_from_user+0x1a5/0x1d0 [ 18.268548] kasan_report+0x141/0x180 [ 18.268575] ? strncpy_from_user+0x1a5/0x1d0 [ 18.268608] __asan_report_store1_noabort+0x1b/0x30 [ 18.268634] strncpy_from_user+0x1a5/0x1d0 [ 18.268665] copy_user_test_oob+0x760/0x10f0 [ 18.268697] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.268725] ? finish_task_switch.isra.0+0x153/0x700 [ 18.268752] ? __switch_to+0x47/0xf50 [ 18.268784] ? __schedule+0x10cc/0x2b60 [ 18.268826] ? __pfx_read_tsc+0x10/0x10 [ 18.268852] ? ktime_get_ts64+0x86/0x230 [ 18.268882] kunit_try_run_case+0x1a5/0x480 [ 18.268911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.268940] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.268969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.268997] ? __kthread_parkme+0x82/0x180 [ 18.269023] ? preempt_count_sub+0x50/0x80 [ 18.269052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.269081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.269109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.269137] kthread+0x337/0x6f0 [ 18.269162] ? trace_preempt_on+0x20/0xc0 [ 18.269191] ? __pfx_kthread+0x10/0x10 [ 18.269218] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.269244] ? calculate_sigpending+0x7b/0xa0 [ 18.269273] ? __pfx_kthread+0x10/0x10 [ 18.269300] ret_from_fork+0x116/0x1d0 [ 18.269324] ? __pfx_kthread+0x10/0x10 [ 18.269354] ret_from_fork_asm+0x1a/0x30 [ 18.269392] </TASK> [ 18.269408] [ 18.281590] Allocated by task 303: [ 18.281959] kasan_save_stack+0x45/0x70 [ 18.282349] kasan_save_track+0x18/0x40 [ 18.282665] kasan_save_alloc_info+0x3b/0x50 [ 18.283055] __kasan_kmalloc+0xb7/0xc0 [ 18.283382] __kmalloc_noprof+0x1c9/0x500 [ 18.283569] kunit_kmalloc_array+0x25/0x60 [ 18.283979] copy_user_test_oob+0xab/0x10f0 [ 18.284384] kunit_try_run_case+0x1a5/0x480 [ 18.284718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.285019] kthread+0x337/0x6f0 [ 18.285408] ret_from_fork+0x116/0x1d0 [ 18.285759] ret_from_fork_asm+0x1a/0x30 [ 18.285976] [ 18.286295] The buggy address belongs to the object at ffff888103929700 [ 18.286295] which belongs to the cache kmalloc-128 of size 128 [ 18.286936] The buggy address is located 0 bytes to the right of [ 18.286936] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.287844] [ 18.288043] The buggy address belongs to the physical page: [ 18.288572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.289004] flags: 0x200000000000000(node=0|zone=2) [ 18.289388] page_type: f5(slab) [ 18.289595] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.290114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.290645] page dumped because: kasan: bad access detected [ 18.291049] [ 18.291156] Memory state around the buggy address: [ 18.291688] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.292148] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.292486] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.292999] ^ [ 18.293665] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.294035] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.294535] ================================================================== [ 18.239186] ================================================================== [ 18.239548] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 18.240237] Write of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.240678] [ 18.240811] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.240865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.240883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.240912] Call Trace: [ 18.240937] <TASK> [ 18.240960] dump_stack_lvl+0x73/0xb0 [ 18.240999] print_report+0xd1/0x650 [ 18.241029] ? __virt_addr_valid+0x1db/0x2d0 [ 18.241058] ? strncpy_from_user+0x2e/0x1d0 [ 18.241103] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.241131] ? strncpy_from_user+0x2e/0x1d0 [ 18.241159] kasan_report+0x141/0x180 [ 18.241186] ? strncpy_from_user+0x2e/0x1d0 [ 18.241219] kasan_check_range+0x10c/0x1c0 [ 18.241247] __kasan_check_write+0x18/0x20 [ 18.241271] strncpy_from_user+0x2e/0x1d0 [ 18.241298] ? __kasan_check_read+0x15/0x20 [ 18.241325] copy_user_test_oob+0x760/0x10f0 [ 18.241362] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.241391] ? finish_task_switch.isra.0+0x153/0x700 [ 18.241419] ? __switch_to+0x47/0xf50 [ 18.241451] ? __schedule+0x10cc/0x2b60 [ 18.241479] ? __pfx_read_tsc+0x10/0x10 [ 18.241506] ? ktime_get_ts64+0x86/0x230 [ 18.241535] kunit_try_run_case+0x1a5/0x480 [ 18.241565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.241593] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.241621] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.241650] ? __kthread_parkme+0x82/0x180 [ 18.241675] ? preempt_count_sub+0x50/0x80 [ 18.241703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.241732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.241759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.241798] kthread+0x337/0x6f0 [ 18.241823] ? trace_preempt_on+0x20/0xc0 [ 18.241852] ? __pfx_kthread+0x10/0x10 [ 18.241877] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.241903] ? calculate_sigpending+0x7b/0xa0 [ 18.241932] ? __pfx_kthread+0x10/0x10 [ 18.241958] ret_from_fork+0x116/0x1d0 [ 18.241981] ? __pfx_kthread+0x10/0x10 [ 18.242005] ret_from_fork_asm+0x1a/0x30 [ 18.242041] </TASK> [ 18.242059] [ 18.252582] Allocated by task 303: [ 18.252767] kasan_save_stack+0x45/0x70 [ 18.253107] kasan_save_track+0x18/0x40 [ 18.253344] kasan_save_alloc_info+0x3b/0x50 [ 18.253611] __kasan_kmalloc+0xb7/0xc0 [ 18.253812] __kmalloc_noprof+0x1c9/0x500 [ 18.254123] kunit_kmalloc_array+0x25/0x60 [ 18.254355] copy_user_test_oob+0xab/0x10f0 [ 18.254576] kunit_try_run_case+0x1a5/0x480 [ 18.254867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.255227] kthread+0x337/0x6f0 [ 18.255408] ret_from_fork+0x116/0x1d0 [ 18.255632] ret_from_fork_asm+0x1a/0x30 [ 18.255922] [ 18.256039] The buggy address belongs to the object at ffff888103929700 [ 18.256039] which belongs to the cache kmalloc-128 of size 128 [ 18.256660] The buggy address is located 0 bytes inside of [ 18.256660] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.257188] [ 18.257276] The buggy address belongs to the physical page: [ 18.257568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.257970] flags: 0x200000000000000(node=0|zone=2) [ 18.258346] page_type: f5(slab) [ 18.258542] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.259085] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.259659] page dumped because: kasan: bad access detected [ 18.260048] [ 18.260422] Memory state around the buggy address: [ 18.261000] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.261913] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.262665] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.263436] ^ [ 18.263984] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.264934] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.265532] ==================================================================