Date
July 2, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.457992] ================================================================== [ 21.458115] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 21.458174] Write of size 121 at addr fff00000c7041900 by task kunit_try_catch/285 [ 21.458304] [ 21.458338] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.458606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.458636] Hardware name: linux,dummy-virt (DT) [ 21.458675] Call trace: [ 21.458728] show_stack+0x20/0x38 (C) [ 21.458780] dump_stack_lvl+0x8c/0xd0 [ 21.458832] print_report+0x118/0x608 [ 21.458921] kasan_report+0xdc/0x128 [ 21.459154] kasan_check_range+0x100/0x1a8 [ 21.459215] __kasan_check_write+0x20/0x30 [ 21.459270] strncpy_from_user+0x3c/0x2a0 [ 21.459322] copy_user_test_oob+0x5c0/0xec8 [ 21.459380] kunit_try_run_case+0x170/0x3f0 [ 21.459430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.459485] kthread+0x328/0x630 [ 21.459685] ret_from_fork+0x10/0x20 [ 21.459959] [ 21.459979] Allocated by task 285: [ 21.460098] kasan_save_stack+0x3c/0x68 [ 21.460141] kasan_save_track+0x20/0x40 [ 21.460181] kasan_save_alloc_info+0x40/0x58 [ 21.460221] __kasan_kmalloc+0xd4/0xd8 [ 21.460260] __kmalloc_noprof+0x198/0x4c8 [ 21.460298] kunit_kmalloc_array+0x34/0x88 [ 21.460338] copy_user_test_oob+0xac/0xec8 [ 21.460546] kunit_try_run_case+0x170/0x3f0 [ 21.460687] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.460778] kthread+0x328/0x630 [ 21.460812] ret_from_fork+0x10/0x20 [ 21.461000] [ 21.461026] The buggy address belongs to the object at fff00000c7041900 [ 21.461026] which belongs to the cache kmalloc-128 of size 128 [ 21.461088] The buggy address is located 0 bytes inside of [ 21.461088] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.461152] [ 21.461173] The buggy address belongs to the physical page: [ 21.461207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.461284] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.461334] page_type: f5(slab) [ 21.461375] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.461429] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.461473] page dumped because: kasan: bad access detected [ 21.461506] [ 21.461526] Memory state around the buggy address: [ 21.461791] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.461927] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.461973] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.462014] ^ [ 21.462167] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.462370] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.462412] ================================================================== [ 21.463047] ================================================================== [ 21.463103] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 21.463157] Write of size 1 at addr fff00000c7041978 by task kunit_try_catch/285 [ 21.463207] [ 21.463239] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.463339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.463371] Hardware name: linux,dummy-virt (DT) [ 21.463404] Call trace: [ 21.463427] show_stack+0x20/0x38 (C) [ 21.463475] dump_stack_lvl+0x8c/0xd0 [ 21.463587] print_report+0x118/0x608 [ 21.463637] kasan_report+0xdc/0x128 [ 21.463686] __asan_report_store1_noabort+0x20/0x30 [ 21.464112] strncpy_from_user+0x270/0x2a0 [ 21.464364] copy_user_test_oob+0x5c0/0xec8 [ 21.464414] kunit_try_run_case+0x170/0x3f0 [ 21.464481] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.464749] kthread+0x328/0x630 [ 21.464997] ret_from_fork+0x10/0x20 [ 21.465219] [ 21.465241] Allocated by task 285: [ 21.465271] kasan_save_stack+0x3c/0x68 [ 21.465316] kasan_save_track+0x20/0x40 [ 21.465374] kasan_save_alloc_info+0x40/0x58 [ 21.465417] __kasan_kmalloc+0xd4/0xd8 [ 21.465458] __kmalloc_noprof+0x198/0x4c8 [ 21.465500] kunit_kmalloc_array+0x34/0x88 [ 21.465599] copy_user_test_oob+0xac/0xec8 [ 21.465639] kunit_try_run_case+0x170/0x3f0 [ 21.465681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.465747] kthread+0x328/0x630 [ 21.465902] ret_from_fork+0x10/0x20 [ 21.466013] [ 21.466035] The buggy address belongs to the object at fff00000c7041900 [ 21.466035] which belongs to the cache kmalloc-128 of size 128 [ 21.466184] The buggy address is located 0 bytes to the right of [ 21.466184] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.466285] [ 21.466393] The buggy address belongs to the physical page: [ 21.466456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.466587] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.466637] page_type: f5(slab) [ 21.466677] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.466729] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.466771] page dumped because: kasan: bad access detected [ 21.466805] [ 21.466826] Memory state around the buggy address: [ 21.467008] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.467356] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.467407] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.467448] ^ [ 21.467492] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.467537] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.467785] ==================================================================
[ 15.526251] ================================================================== [ 15.526659] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.526933] Write of size 1 at addr ffff888102c8ba78 by task kunit_try_catch/304 [ 15.527278] [ 15.527401] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.527454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.527468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.527490] Call Trace: [ 15.527505] <TASK> [ 15.527532] dump_stack_lvl+0x73/0xb0 [ 15.527558] print_report+0xd1/0x650 [ 15.527581] ? __virt_addr_valid+0x1db/0x2d0 [ 15.527604] ? strncpy_from_user+0x1a5/0x1d0 [ 15.527628] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.527656] ? strncpy_from_user+0x1a5/0x1d0 [ 15.527679] kasan_report+0x141/0x180 [ 15.527702] ? strncpy_from_user+0x1a5/0x1d0 [ 15.527730] __asan_report_store1_noabort+0x1b/0x30 [ 15.527752] strncpy_from_user+0x1a5/0x1d0 [ 15.527778] copy_user_test_oob+0x760/0x10f0 [ 15.527804] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.527828] ? finish_task_switch.isra.0+0x153/0x700 [ 15.527871] ? __switch_to+0x47/0xf50 [ 15.527897] ? __schedule+0x10cc/0x2b60 [ 15.527925] ? __pfx_read_tsc+0x10/0x10 [ 15.527947] ? ktime_get_ts64+0x86/0x230 [ 15.527971] kunit_try_run_case+0x1a5/0x480 [ 15.527997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.528020] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.528044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.528068] ? __kthread_parkme+0x82/0x180 [ 15.528091] ? preempt_count_sub+0x50/0x80 [ 15.528117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.528143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.528170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.528195] kthread+0x337/0x6f0 [ 15.528216] ? trace_preempt_on+0x20/0xc0 [ 15.528241] ? __pfx_kthread+0x10/0x10 [ 15.528263] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.528284] ? calculate_sigpending+0x7b/0xa0 [ 15.528309] ? __pfx_kthread+0x10/0x10 [ 15.528331] ret_from_fork+0x116/0x1d0 [ 15.528359] ? __pfx_kthread+0x10/0x10 [ 15.528380] ret_from_fork_asm+0x1a/0x30 [ 15.528413] </TASK> [ 15.528425] [ 15.536137] Allocated by task 304: [ 15.536320] kasan_save_stack+0x45/0x70 [ 15.536581] kasan_save_track+0x18/0x40 [ 15.536782] kasan_save_alloc_info+0x3b/0x50 [ 15.537090] __kasan_kmalloc+0xb7/0xc0 [ 15.537258] __kmalloc_noprof+0x1c9/0x500 [ 15.537411] kunit_kmalloc_array+0x25/0x60 [ 15.537622] copy_user_test_oob+0xab/0x10f0 [ 15.537885] kunit_try_run_case+0x1a5/0x480 [ 15.538136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.538314] kthread+0x337/0x6f0 [ 15.538447] ret_from_fork+0x116/0x1d0 [ 15.538581] ret_from_fork_asm+0x1a/0x30 [ 15.538719] [ 15.538862] The buggy address belongs to the object at ffff888102c8ba00 [ 15.538862] which belongs to the cache kmalloc-128 of size 128 [ 15.539406] The buggy address is located 0 bytes to the right of [ 15.539406] allocated 120-byte region [ffff888102c8ba00, ffff888102c8ba78) [ 15.540096] [ 15.540171] The buggy address belongs to the physical page: [ 15.540368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.540803] flags: 0x200000000000000(node=0|zone=2) [ 15.541094] page_type: f5(slab) [ 15.541269] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.541630] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.542209] page dumped because: kasan: bad access detected [ 15.542518] [ 15.542663] Memory state around the buggy address: [ 15.542918] ffff888102c8b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.543232] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.543461] >ffff888102c8ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.543680] ^ [ 15.544333] ffff888102c8ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.544706] ffff888102c8bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.545018] ================================================================== [ 15.506961] ================================================================== [ 15.507294] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.507635] Write of size 121 at addr ffff888102c8ba00 by task kunit_try_catch/304 [ 15.508128] [ 15.508275] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.508318] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.508331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.508364] Call Trace: [ 15.508379] <TASK> [ 15.508394] dump_stack_lvl+0x73/0xb0 [ 15.508422] print_report+0xd1/0x650 [ 15.508446] ? __virt_addr_valid+0x1db/0x2d0 [ 15.508469] ? strncpy_from_user+0x2e/0x1d0 [ 15.508494] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.508517] ? strncpy_from_user+0x2e/0x1d0 [ 15.508541] kasan_report+0x141/0x180 [ 15.508564] ? strncpy_from_user+0x2e/0x1d0 [ 15.508593] kasan_check_range+0x10c/0x1c0 [ 15.508618] __kasan_check_write+0x18/0x20 [ 15.508639] strncpy_from_user+0x2e/0x1d0 [ 15.508661] ? __kasan_check_read+0x15/0x20 [ 15.508684] copy_user_test_oob+0x760/0x10f0 [ 15.508710] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.508734] ? finish_task_switch.isra.0+0x153/0x700 [ 15.508757] ? __switch_to+0x47/0xf50 [ 15.508783] ? __schedule+0x10cc/0x2b60 [ 15.508806] ? __pfx_read_tsc+0x10/0x10 [ 15.508827] ? ktime_get_ts64+0x86/0x230 [ 15.508852] kunit_try_run_case+0x1a5/0x480 [ 15.508876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.508900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.508925] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.508949] ? __kthread_parkme+0x82/0x180 [ 15.508984] ? preempt_count_sub+0x50/0x80 [ 15.509008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.509032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.509068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.509093] kthread+0x337/0x6f0 [ 15.509113] ? trace_preempt_on+0x20/0xc0 [ 15.509138] ? __pfx_kthread+0x10/0x10 [ 15.509160] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.509181] ? calculate_sigpending+0x7b/0xa0 [ 15.509205] ? __pfx_kthread+0x10/0x10 [ 15.509228] ret_from_fork+0x116/0x1d0 [ 15.509246] ? __pfx_kthread+0x10/0x10 [ 15.509267] ret_from_fork_asm+0x1a/0x30 [ 15.509298] </TASK> [ 15.509310] [ 15.517378] Allocated by task 304: [ 15.517516] kasan_save_stack+0x45/0x70 [ 15.517729] kasan_save_track+0x18/0x40 [ 15.517939] kasan_save_alloc_info+0x3b/0x50 [ 15.518161] __kasan_kmalloc+0xb7/0xc0 [ 15.518357] __kmalloc_noprof+0x1c9/0x500 [ 15.518558] kunit_kmalloc_array+0x25/0x60 [ 15.518794] copy_user_test_oob+0xab/0x10f0 [ 15.518974] kunit_try_run_case+0x1a5/0x480 [ 15.519210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.519417] kthread+0x337/0x6f0 [ 15.519540] ret_from_fork+0x116/0x1d0 [ 15.519677] ret_from_fork_asm+0x1a/0x30 [ 15.519860] [ 15.520047] The buggy address belongs to the object at ffff888102c8ba00 [ 15.520047] which belongs to the cache kmalloc-128 of size 128 [ 15.520644] The buggy address is located 0 bytes inside of [ 15.520644] allocated 120-byte region [ffff888102c8ba00, ffff888102c8ba78) [ 15.521254] [ 15.521347] The buggy address belongs to the physical page: [ 15.521708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.522105] flags: 0x200000000000000(node=0|zone=2) [ 15.522333] page_type: f5(slab) [ 15.522511] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.522829] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.523170] page dumped because: kasan: bad access detected [ 15.523416] [ 15.523525] Memory state around the buggy address: [ 15.523736] ffff888102c8b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.524065] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.524398] >ffff888102c8ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.524707] ^ [ 15.525024] ffff888102c8ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.525318] ffff888102c8bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.525637] ==================================================================