Date
July 11, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.823591] ================================================================== [ 19.823644] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.823701] Write of size 121 at addr fff00000c5903800 by task kunit_try_catch/286 [ 19.823754] [ 19.823785] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.823881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.823909] Hardware name: linux,dummy-virt (DT) [ 19.824862] Call trace: [ 19.824903] show_stack+0x20/0x38 (C) [ 19.825014] dump_stack_lvl+0x8c/0xd0 [ 19.825065] print_report+0x118/0x608 [ 19.825528] kasan_report+0xdc/0x128 [ 19.826000] kasan_check_range+0x100/0x1a8 [ 19.826074] __kasan_check_write+0x20/0x30 [ 19.826124] strncpy_from_user+0x3c/0x2a0 [ 19.826697] copy_user_test_oob+0x5c0/0xec8 [ 19.826945] kunit_try_run_case+0x170/0x3f0 [ 19.827018] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.827074] kthread+0x328/0x630 [ 19.827389] ret_from_fork+0x10/0x20 [ 19.827614] [ 19.827806] Allocated by task 286: [ 19.827973] kasan_save_stack+0x3c/0x68 [ 19.828093] kasan_save_track+0x20/0x40 [ 19.828565] kasan_save_alloc_info+0x40/0x58 [ 19.828711] __kasan_kmalloc+0xd4/0xd8 [ 19.828750] __kmalloc_noprof+0x198/0x4c8 [ 19.828995] kunit_kmalloc_array+0x34/0x88 [ 19.829070] copy_user_test_oob+0xac/0xec8 [ 19.829884] kunit_try_run_case+0x170/0x3f0 [ 19.829935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.829982] kthread+0x328/0x630 [ 19.830020] ret_from_fork+0x10/0x20 [ 19.830057] [ 19.830078] The buggy address belongs to the object at fff00000c5903800 [ 19.830078] which belongs to the cache kmalloc-128 of size 128 [ 19.830138] The buggy address is located 0 bytes inside of [ 19.830138] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.830201] [ 19.830223] The buggy address belongs to the physical page: [ 19.830256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.830310] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.830362] page_type: f5(slab) [ 19.830402] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.830454] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.830497] page dumped because: kasan: bad access detected [ 19.830530] [ 19.830551] Memory state around the buggy address: [ 19.830584] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.830629] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.830675] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.830716] ^ [ 19.830800] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.830942] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.830983] ================================================================== [ 19.832239] ================================================================== [ 19.833880] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.834061] Write of size 1 at addr fff00000c5903878 by task kunit_try_catch/286 [ 19.834776] [ 19.835577] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.835872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.836101] Hardware name: linux,dummy-virt (DT) [ 19.836563] Call trace: [ 19.836688] show_stack+0x20/0x38 (C) [ 19.837396] dump_stack_lvl+0x8c/0xd0 [ 19.837711] print_report+0x118/0x608 [ 19.837773] kasan_report+0xdc/0x128 [ 19.837822] __asan_report_store1_noabort+0x20/0x30 [ 19.838873] strncpy_from_user+0x270/0x2a0 [ 19.838958] copy_user_test_oob+0x5c0/0xec8 [ 19.839006] kunit_try_run_case+0x170/0x3f0 [ 19.840140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.840712] kthread+0x328/0x630 [ 19.841097] ret_from_fork+0x10/0x20 [ 19.841147] [ 19.841701] Allocated by task 286: [ 19.841981] kasan_save_stack+0x3c/0x68 [ 19.842523] kasan_save_track+0x20/0x40 [ 19.842888] kasan_save_alloc_info+0x40/0x58 [ 19.842938] __kasan_kmalloc+0xd4/0xd8 [ 19.843381] __kmalloc_noprof+0x198/0x4c8 [ 19.843651] kunit_kmalloc_array+0x34/0x88 [ 19.844161] copy_user_test_oob+0xac/0xec8 [ 19.844961] kunit_try_run_case+0x170/0x3f0 [ 19.846115] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.846363] kthread+0x328/0x630 [ 19.846481] ret_from_fork+0x10/0x20 [ 19.846548] [ 19.846669] The buggy address belongs to the object at fff00000c5903800 [ 19.846669] which belongs to the cache kmalloc-128 of size 128 [ 19.846896] The buggy address is located 0 bytes to the right of [ 19.846896] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.846975] [ 19.846997] The buggy address belongs to the physical page: [ 19.847577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.847979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.848607] page_type: f5(slab) [ 19.848688] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.848957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.849071] page dumped because: kasan: bad access detected [ 19.849379] [ 19.849415] Memory state around the buggy address: [ 19.849492] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.849855] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.849967] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.850015] ^ [ 19.850568] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.851668] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.851865] ==================================================================
[ 16.553156] ================================================================== [ 16.553411] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.553631] Write of size 1 at addr ffff888103953e78 by task kunit_try_catch/302 [ 16.553853] [ 16.553946] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.553987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.553999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.554019] Call Trace: [ 16.554034] <TASK> [ 16.554050] dump_stack_lvl+0x73/0xb0 [ 16.554075] print_report+0xd1/0x650 [ 16.554097] ? __virt_addr_valid+0x1db/0x2d0 [ 16.554119] ? strncpy_from_user+0x1a5/0x1d0 [ 16.554141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.554164] ? strncpy_from_user+0x1a5/0x1d0 [ 16.554188] kasan_report+0x141/0x180 [ 16.554210] ? strncpy_from_user+0x1a5/0x1d0 [ 16.554238] __asan_report_store1_noabort+0x1b/0x30 [ 16.554262] strncpy_from_user+0x1a5/0x1d0 [ 16.554288] copy_user_test_oob+0x760/0x10f0 [ 16.554315] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.554337] ? finish_task_switch.isra.0+0x153/0x700 [ 16.554359] ? __switch_to+0x47/0xf50 [ 16.554384] ? irqentry_exit+0x2a/0x60 [ 16.554404] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.554442] ? __pfx_read_tsc+0x10/0x10 [ 16.554464] ? ktime_get_ts64+0x86/0x230 [ 16.554489] kunit_try_run_case+0x1a5/0x480 [ 16.554520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.554548] ? __kthread_parkme+0x8f/0x180 [ 16.554570] ? __kthread_parkme+0xfa/0x180 [ 16.554593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.554619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.554644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.554672] kthread+0x337/0x6f0 [ 16.554691] ? trace_preempt_on+0x20/0xc0 [ 16.554715] ? __pfx_kthread+0x10/0x10 [ 16.554738] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.554761] ? calculate_sigpending+0x7b/0xa0 [ 16.554786] ? __pfx_kthread+0x10/0x10 [ 16.554808] ret_from_fork+0x116/0x1d0 [ 16.554827] ? __pfx_kthread+0x10/0x10 [ 16.554849] ret_from_fork_asm+0x1a/0x30 [ 16.554883] </TASK> [ 16.554893] [ 16.563195] Allocated by task 302: [ 16.563326] kasan_save_stack+0x45/0x70 [ 16.564668] kasan_save_track+0x18/0x40 [ 16.564996] kasan_save_alloc_info+0x3b/0x50 [ 16.565184] __kasan_kmalloc+0xb7/0xc0 [ 16.565360] __kmalloc_noprof+0x1c9/0x500 [ 16.565543] kunit_kmalloc_array+0x25/0x60 [ 16.565739] copy_user_test_oob+0xab/0x10f0 [ 16.566319] kunit_try_run_case+0x1a5/0x480 [ 16.566525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.567513] kthread+0x337/0x6f0 [ 16.567686] ret_from_fork+0x116/0x1d0 [ 16.567853] ret_from_fork_asm+0x1a/0x30 [ 16.568016] [ 16.568097] The buggy address belongs to the object at ffff888103953e00 [ 16.568097] which belongs to the cache kmalloc-128 of size 128 [ 16.568645] The buggy address is located 0 bytes to the right of [ 16.568645] allocated 120-byte region [ffff888103953e00, ffff888103953e78) [ 16.569471] [ 16.569640] The buggy address belongs to the physical page: [ 16.569878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103953 [ 16.570349] flags: 0x200000000000000(node=0|zone=2) [ 16.570537] page_type: f5(slab) [ 16.570707] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.571268] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.571605] page dumped because: kasan: bad access detected [ 16.572063] [ 16.572158] Memory state around the buggy address: [ 16.572377] ffff888103953d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.572802] ffff888103953d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.573222] >ffff888103953e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.573601] ^ [ 16.573869] ffff888103953e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.574272] ffff888103953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.574582] ================================================================== [ 16.534916] ================================================================== [ 16.535270] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.535592] Write of size 121 at addr ffff888103953e00 by task kunit_try_catch/302 [ 16.535995] [ 16.536079] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.536118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.536130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.536151] Call Trace: [ 16.536165] <TASK> [ 16.536178] dump_stack_lvl+0x73/0xb0 [ 16.536206] print_report+0xd1/0x650 [ 16.536228] ? __virt_addr_valid+0x1db/0x2d0 [ 16.536252] ? strncpy_from_user+0x2e/0x1d0 [ 16.536275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.536300] ? strncpy_from_user+0x2e/0x1d0 [ 16.536324] kasan_report+0x141/0x180 [ 16.536347] ? strncpy_from_user+0x2e/0x1d0 [ 16.536377] kasan_check_range+0x10c/0x1c0 [ 16.536401] __kasan_check_write+0x18/0x20 [ 16.536421] strncpy_from_user+0x2e/0x1d0 [ 16.536444] ? __kasan_check_read+0x15/0x20 [ 16.536467] copy_user_test_oob+0x760/0x10f0 [ 16.536494] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.536518] ? finish_task_switch.isra.0+0x153/0x700 [ 16.536543] ? __switch_to+0x47/0xf50 [ 16.536569] ? irqentry_exit+0x2a/0x60 [ 16.536591] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.536616] ? __pfx_read_tsc+0x10/0x10 [ 16.536638] ? ktime_get_ts64+0x86/0x230 [ 16.536663] kunit_try_run_case+0x1a5/0x480 [ 16.536688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.536716] ? __kthread_parkme+0x8f/0x180 [ 16.536739] ? __kthread_parkme+0xfa/0x180 [ 16.536772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.536797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.536823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.536851] kthread+0x337/0x6f0 [ 16.536870] ? trace_preempt_on+0x20/0xc0 [ 16.536894] ? __pfx_kthread+0x10/0x10 [ 16.536916] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.536950] ? calculate_sigpending+0x7b/0xa0 [ 16.536974] ? __pfx_kthread+0x10/0x10 [ 16.536997] ret_from_fork+0x116/0x1d0 [ 16.537017] ? __pfx_kthread+0x10/0x10 [ 16.537038] ret_from_fork_asm+0x1a/0x30 [ 16.537070] </TASK> [ 16.537081] [ 16.544767] Allocated by task 302: [ 16.544962] kasan_save_stack+0x45/0x70 [ 16.545167] kasan_save_track+0x18/0x40 [ 16.545332] kasan_save_alloc_info+0x3b/0x50 [ 16.545544] __kasan_kmalloc+0xb7/0xc0 [ 16.545696] __kmalloc_noprof+0x1c9/0x500 [ 16.545947] kunit_kmalloc_array+0x25/0x60 [ 16.546121] copy_user_test_oob+0xab/0x10f0 [ 16.546319] kunit_try_run_case+0x1a5/0x480 [ 16.546516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.546767] kthread+0x337/0x6f0 [ 16.546928] ret_from_fork+0x116/0x1d0 [ 16.547092] ret_from_fork_asm+0x1a/0x30 [ 16.547271] [ 16.547347] The buggy address belongs to the object at ffff888103953e00 [ 16.547347] which belongs to the cache kmalloc-128 of size 128 [ 16.547835] The buggy address is located 0 bytes inside of [ 16.547835] allocated 120-byte region [ffff888103953e00, ffff888103953e78) [ 16.548271] [ 16.548344] The buggy address belongs to the physical page: [ 16.548517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103953 [ 16.548754] flags: 0x200000000000000(node=0|zone=2) [ 16.548995] page_type: f5(slab) [ 16.549162] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.549511] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.549843] page dumped because: kasan: bad access detected [ 16.550179] [ 16.550248] Memory state around the buggy address: [ 16.550401] ffff888103953d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.550626] ffff888103953d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.551197] >ffff888103953e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.551518] ^ [ 16.551808] ffff888103953e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.552250] ffff888103953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.552500] ==================================================================