Date
July 10, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.108942] ================================================================== [ 19.109002] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.109145] Write of size 1 at addr fff00000c6454978 by task kunit_try_catch/285 [ 19.109236] [ 19.109432] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.109563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.109611] Hardware name: linux,dummy-virt (DT) [ 19.109668] Call trace: [ 19.109693] show_stack+0x20/0x38 (C) [ 19.109744] dump_stack_lvl+0x8c/0xd0 [ 19.109795] print_report+0x118/0x608 [ 19.109927] kasan_report+0xdc/0x128 [ 19.110191] __asan_report_store1_noabort+0x20/0x30 [ 19.110283] strncpy_from_user+0x270/0x2a0 [ 19.110540] copy_user_test_oob+0x5c0/0xec8 [ 19.110666] kunit_try_run_case+0x170/0x3f0 [ 19.110722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.110969] kthread+0x328/0x630 [ 19.111066] ret_from_fork+0x10/0x20 [ 19.111199] [ 19.111260] Allocated by task 285: [ 19.111315] kasan_save_stack+0x3c/0x68 [ 19.111426] kasan_save_track+0x20/0x40 [ 19.111513] kasan_save_alloc_info+0x40/0x58 [ 19.111705] __kasan_kmalloc+0xd4/0xd8 [ 19.111879] __kmalloc_noprof+0x198/0x4c8 [ 19.111964] kunit_kmalloc_array+0x34/0x88 [ 19.112056] copy_user_test_oob+0xac/0xec8 [ 19.112149] kunit_try_run_case+0x170/0x3f0 [ 19.112252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.112340] kthread+0x328/0x630 [ 19.112417] ret_from_fork+0x10/0x20 [ 19.112523] [ 19.112563] The buggy address belongs to the object at fff00000c6454900 [ 19.112563] which belongs to the cache kmalloc-128 of size 128 [ 19.112622] The buggy address is located 0 bytes to the right of [ 19.112622] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.112884] [ 19.112920] The buggy address belongs to the physical page: [ 19.112955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.113029] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.113093] page_type: f5(slab) [ 19.113131] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.113193] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.113243] page dumped because: kasan: bad access detected [ 19.113283] [ 19.113312] Memory state around the buggy address: [ 19.113355] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.113401] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.113448] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.113498] ^ [ 19.113540] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.113585] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.113626] ================================================================== [ 19.101589] ================================================================== [ 19.101791] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.101874] Write of size 121 at addr fff00000c6454900 by task kunit_try_catch/285 [ 19.101980] [ 19.102050] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.102356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.102453] Hardware name: linux,dummy-virt (DT) [ 19.102552] Call trace: [ 19.102614] show_stack+0x20/0x38 (C) [ 19.102745] dump_stack_lvl+0x8c/0xd0 [ 19.102832] print_report+0x118/0x608 [ 19.103092] kasan_report+0xdc/0x128 [ 19.103155] kasan_check_range+0x100/0x1a8 [ 19.103449] __kasan_check_write+0x20/0x30 [ 19.103568] strncpy_from_user+0x3c/0x2a0 [ 19.103645] copy_user_test_oob+0x5c0/0xec8 [ 19.103909] kunit_try_run_case+0x170/0x3f0 [ 19.104031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.104140] kthread+0x328/0x630 [ 19.104188] ret_from_fork+0x10/0x20 [ 19.104502] [ 19.104601] Allocated by task 285: [ 19.104674] kasan_save_stack+0x3c/0x68 [ 19.104776] kasan_save_track+0x20/0x40 [ 19.105031] kasan_save_alloc_info+0x40/0x58 [ 19.105147] __kasan_kmalloc+0xd4/0xd8 [ 19.105235] __kmalloc_noprof+0x198/0x4c8 [ 19.105319] kunit_kmalloc_array+0x34/0x88 [ 19.105393] copy_user_test_oob+0xac/0xec8 [ 19.105471] kunit_try_run_case+0x170/0x3f0 [ 19.105511] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.105830] kthread+0x328/0x630 [ 19.105949] ret_from_fork+0x10/0x20 [ 19.106016] [ 19.106048] The buggy address belongs to the object at fff00000c6454900 [ 19.106048] which belongs to the cache kmalloc-128 of size 128 [ 19.106150] The buggy address is located 0 bytes inside of [ 19.106150] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.106253] [ 19.106535] The buggy address belongs to the physical page: [ 19.106601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.106697] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.106777] page_type: f5(slab) [ 19.106890] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.106977] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.107039] page dumped because: kasan: bad access detected [ 19.107142] [ 19.107175] Memory state around the buggy address: [ 19.107209] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.107275] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.107326] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.107368] ^ [ 19.107582] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.107784] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.107879] ==================================================================
[ 16.740316] ================================================================== [ 16.740715] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.740942] Write of size 121 at addr ffff888103a2f000 by task kunit_try_catch/303 [ 16.741211] [ 16.741319] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.741373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.741387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.741408] Call Trace: [ 16.741422] <TASK> [ 16.741438] dump_stack_lvl+0x73/0xb0 [ 16.741467] print_report+0xd1/0x650 [ 16.741491] ? __virt_addr_valid+0x1db/0x2d0 [ 16.741515] ? strncpy_from_user+0x2e/0x1d0 [ 16.741579] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.741605] ? strncpy_from_user+0x2e/0x1d0 [ 16.741629] kasan_report+0x141/0x180 [ 16.741664] ? strncpy_from_user+0x2e/0x1d0 [ 16.741694] kasan_check_range+0x10c/0x1c0 [ 16.741718] __kasan_check_write+0x18/0x20 [ 16.741739] strncpy_from_user+0x2e/0x1d0 [ 16.741763] ? __kasan_check_read+0x15/0x20 [ 16.741786] copy_user_test_oob+0x760/0x10f0 [ 16.741814] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.741838] ? finish_task_switch.isra.0+0x153/0x700 [ 16.741863] ? __switch_to+0x47/0xf50 [ 16.741888] ? __schedule+0x10cc/0x2b60 [ 16.741912] ? __pfx_read_tsc+0x10/0x10 [ 16.741934] ? ktime_get_ts64+0x86/0x230 [ 16.741959] kunit_try_run_case+0x1a5/0x480 [ 16.741983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.742008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.742033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.742058] ? __kthread_parkme+0x82/0x180 [ 16.742080] ? preempt_count_sub+0x50/0x80 [ 16.742104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.742130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.742155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.742181] kthread+0x337/0x6f0 [ 16.742201] ? trace_preempt_on+0x20/0xc0 [ 16.742226] ? __pfx_kthread+0x10/0x10 [ 16.742248] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.742271] ? calculate_sigpending+0x7b/0xa0 [ 16.742296] ? __pfx_kthread+0x10/0x10 [ 16.742358] ret_from_fork+0x116/0x1d0 [ 16.742379] ? __pfx_kthread+0x10/0x10 [ 16.742400] ret_from_fork_asm+0x1a/0x30 [ 16.742454] </TASK> [ 16.742466] [ 16.750946] Allocated by task 303: [ 16.751134] kasan_save_stack+0x45/0x70 [ 16.751368] kasan_save_track+0x18/0x40 [ 16.751638] kasan_save_alloc_info+0x3b/0x50 [ 16.751890] __kasan_kmalloc+0xb7/0xc0 [ 16.752128] __kmalloc_noprof+0x1c9/0x500 [ 16.752386] kunit_kmalloc_array+0x25/0x60 [ 16.752609] copy_user_test_oob+0xab/0x10f0 [ 16.752822] kunit_try_run_case+0x1a5/0x480 [ 16.753061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.753278] kthread+0x337/0x6f0 [ 16.753579] ret_from_fork+0x116/0x1d0 [ 16.753957] ret_from_fork_asm+0x1a/0x30 [ 16.754271] [ 16.754394] The buggy address belongs to the object at ffff888103a2f000 [ 16.754394] which belongs to the cache kmalloc-128 of size 128 [ 16.754861] The buggy address is located 0 bytes inside of [ 16.754861] allocated 120-byte region [ffff888103a2f000, ffff888103a2f078) [ 16.755213] [ 16.755292] The buggy address belongs to the physical page: [ 16.755743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a2f [ 16.756505] flags: 0x200000000000000(node=0|zone=2) [ 16.756879] page_type: f5(slab) [ 16.757090] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.757420] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.757651] page dumped because: kasan: bad access detected [ 16.757820] [ 16.757914] Memory state around the buggy address: [ 16.758265] ffff888103a2ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.758848] ffff888103a2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.759295] >ffff888103a2f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.759732] ^ [ 16.760065] ffff888103a2f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.760292] ffff888103a2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.760559] ================================================================== [ 16.761187] ================================================================== [ 16.761549] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.761845] Write of size 1 at addr ffff888103a2f078 by task kunit_try_catch/303 [ 16.762142] [ 16.762249] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.762291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.762303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.762323] Call Trace: [ 16.762336] <TASK> [ 16.762413] dump_stack_lvl+0x73/0xb0 [ 16.762443] print_report+0xd1/0x650 [ 16.762477] ? __virt_addr_valid+0x1db/0x2d0 [ 16.762500] ? strncpy_from_user+0x1a5/0x1d0 [ 16.762522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.762545] ? strncpy_from_user+0x1a5/0x1d0 [ 16.762568] kasan_report+0x141/0x180 [ 16.762590] ? strncpy_from_user+0x1a5/0x1d0 [ 16.762618] __asan_report_store1_noabort+0x1b/0x30 [ 16.762644] strncpy_from_user+0x1a5/0x1d0 [ 16.762670] copy_user_test_oob+0x760/0x10f0 [ 16.762699] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.762722] ? finish_task_switch.isra.0+0x153/0x700 [ 16.762744] ? __switch_to+0x47/0xf50 [ 16.762768] ? __schedule+0x10cc/0x2b60 [ 16.762790] ? __pfx_read_tsc+0x10/0x10 [ 16.762811] ? ktime_get_ts64+0x86/0x230 [ 16.762834] kunit_try_run_case+0x1a5/0x480 [ 16.762859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.762883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.762907] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.762931] ? __kthread_parkme+0x82/0x180 [ 16.762952] ? preempt_count_sub+0x50/0x80 [ 16.762975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.763058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.763109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.763138] kthread+0x337/0x6f0 [ 16.763160] ? trace_preempt_on+0x20/0xc0 [ 16.763184] ? __pfx_kthread+0x10/0x10 [ 16.763206] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.763229] ? calculate_sigpending+0x7b/0xa0 [ 16.763253] ? __pfx_kthread+0x10/0x10 [ 16.763276] ret_from_fork+0x116/0x1d0 [ 16.763295] ? __pfx_kthread+0x10/0x10 [ 16.763315] ret_from_fork_asm+0x1a/0x30 [ 16.763357] </TASK> [ 16.763368] [ 16.772364] Allocated by task 303: [ 16.772540] kasan_save_stack+0x45/0x70 [ 16.772747] kasan_save_track+0x18/0x40 [ 16.773064] kasan_save_alloc_info+0x3b/0x50 [ 16.773269] __kasan_kmalloc+0xb7/0xc0 [ 16.773414] __kmalloc_noprof+0x1c9/0x500 [ 16.773552] kunit_kmalloc_array+0x25/0x60 [ 16.773870] copy_user_test_oob+0xab/0x10f0 [ 16.774245] kunit_try_run_case+0x1a5/0x480 [ 16.774701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.775004] kthread+0x337/0x6f0 [ 16.775134] ret_from_fork+0x116/0x1d0 [ 16.775393] ret_from_fork_asm+0x1a/0x30 [ 16.775651] [ 16.775749] The buggy address belongs to the object at ffff888103a2f000 [ 16.775749] which belongs to the cache kmalloc-128 of size 128 [ 16.776330] The buggy address is located 0 bytes to the right of [ 16.776330] allocated 120-byte region [ffff888103a2f000, ffff888103a2f078) [ 16.776966] [ 16.777108] The buggy address belongs to the physical page: [ 16.777462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a2f [ 16.777747] flags: 0x200000000000000(node=0|zone=2) [ 16.777979] page_type: f5(slab) [ 16.778263] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.778700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.779009] page dumped because: kasan: bad access detected [ 16.779233] [ 16.779316] Memory state around the buggy address: [ 16.779581] ffff888103a2ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.779944] ffff888103a2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.780217] >ffff888103a2f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.780636] ^ [ 16.781053] ffff888103a2f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.781416] ffff888103a2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.781727] ==================================================================