Date
July 12, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.625990] ================================================================== [ 23.626100] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 23.626223] Write of size 121 at addr fff00000c5942a00 by task kunit_try_catch/286 [ 23.626370] [ 23.627069] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.627262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.627371] Hardware name: linux,dummy-virt (DT) [ 23.627529] Call trace: [ 23.627599] show_stack+0x20/0x38 (C) [ 23.627714] dump_stack_lvl+0x8c/0xd0 [ 23.627818] print_report+0x118/0x608 [ 23.628134] kasan_report+0xdc/0x128 [ 23.628240] kasan_check_range+0x100/0x1a8 [ 23.628350] __kasan_check_write+0x20/0x30 [ 23.628465] strncpy_from_user+0x3c/0x2a0 [ 23.628586] copy_user_test_oob+0x5c0/0xec8 [ 23.628722] kunit_try_run_case+0x170/0x3f0 [ 23.628885] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.629069] kthread+0x328/0x630 [ 23.629232] ret_from_fork+0x10/0x20 [ 23.629339] [ 23.629593] Allocated by task 286: [ 23.629702] kasan_save_stack+0x3c/0x68 [ 23.629803] kasan_save_track+0x20/0x40 [ 23.629914] kasan_save_alloc_info+0x40/0x58 [ 23.630056] __kasan_kmalloc+0xd4/0xd8 [ 23.630138] __kmalloc_noprof+0x198/0x4c8 [ 23.630251] kunit_kmalloc_array+0x34/0x88 [ 23.630436] copy_user_test_oob+0xac/0xec8 [ 23.630538] kunit_try_run_case+0x170/0x3f0 [ 23.630621] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.630724] kthread+0x328/0x630 [ 23.630810] ret_from_fork+0x10/0x20 [ 23.631350] [ 23.631404] The buggy address belongs to the object at fff00000c5942a00 [ 23.631404] which belongs to the cache kmalloc-128 of size 128 [ 23.631547] The buggy address is located 0 bytes inside of [ 23.631547] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.631696] [ 23.631747] The buggy address belongs to the physical page: [ 23.631817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.631957] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.632076] page_type: f5(slab) [ 23.632168] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.632287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.632387] page dumped because: kasan: bad access detected [ 23.632469] [ 23.632526] Memory state around the buggy address: [ 23.632635] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.632793] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.632935] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.633034] ^ [ 23.633174] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.633277] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.633376] ================================================================== [ 23.634589] ================================================================== [ 23.634717] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 23.634865] Write of size 1 at addr fff00000c5942a78 by task kunit_try_catch/286 [ 23.635048] [ 23.635151] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.635427] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.635519] Hardware name: linux,dummy-virt (DT) [ 23.635625] Call trace: [ 23.635698] show_stack+0x20/0x38 (C) [ 23.635806] dump_stack_lvl+0x8c/0xd0 [ 23.635949] print_report+0x118/0x608 [ 23.636110] kasan_report+0xdc/0x128 [ 23.636268] __asan_report_store1_noabort+0x20/0x30 [ 23.636445] strncpy_from_user+0x270/0x2a0 [ 23.636606] copy_user_test_oob+0x5c0/0xec8 [ 23.636750] kunit_try_run_case+0x170/0x3f0 [ 23.636867] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.636979] kthread+0x328/0x630 [ 23.637079] ret_from_fork+0x10/0x20 [ 23.637236] [ 23.637286] Allocated by task 286: [ 23.637361] kasan_save_stack+0x3c/0x68 [ 23.637467] kasan_save_track+0x20/0x40 [ 23.637552] kasan_save_alloc_info+0x40/0x58 [ 23.637657] __kasan_kmalloc+0xd4/0xd8 [ 23.637760] __kmalloc_noprof+0x198/0x4c8 [ 23.637878] kunit_kmalloc_array+0x34/0x88 [ 23.637973] copy_user_test_oob+0xac/0xec8 [ 23.638119] kunit_try_run_case+0x170/0x3f0 [ 23.638218] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.638344] kthread+0x328/0x630 [ 23.638441] ret_from_fork+0x10/0x20 [ 23.638522] [ 23.638599] The buggy address belongs to the object at fff00000c5942a00 [ 23.638599] which belongs to the cache kmalloc-128 of size 128 [ 23.638745] The buggy address is located 0 bytes to the right of [ 23.638745] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.638912] [ 23.638968] The buggy address belongs to the physical page: [ 23.639045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.639168] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.639302] page_type: f5(slab) [ 23.639400] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.639515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.639601] page dumped because: kasan: bad access detected [ 23.639666] [ 23.639705] Memory state around the buggy address: [ 23.639799] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.639896] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.639999] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.640092] ^ [ 23.640192] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.640338] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.640435] ==================================================================
[ 16.930614] ================================================================== [ 16.930946] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.931279] Write of size 121 at addr ffff888103ad9000 by task kunit_try_catch/303 [ 16.931617] [ 16.931762] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.931807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.931818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.931840] Call Trace: [ 16.931857] <TASK> [ 16.931873] dump_stack_lvl+0x73/0xb0 [ 16.931903] print_report+0xd1/0x650 [ 16.931927] ? __virt_addr_valid+0x1db/0x2d0 [ 16.931950] ? strncpy_from_user+0x2e/0x1d0 [ 16.931975] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.931999] ? strncpy_from_user+0x2e/0x1d0 [ 16.932024] kasan_report+0x141/0x180 [ 16.932047] ? strncpy_from_user+0x2e/0x1d0 [ 16.932076] kasan_check_range+0x10c/0x1c0 [ 16.932101] __kasan_check_write+0x18/0x20 [ 16.932121] strncpy_from_user+0x2e/0x1d0 [ 16.932145] ? __kasan_check_read+0x15/0x20 [ 16.932167] copy_user_test_oob+0x760/0x10f0 [ 16.932195] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.932219] ? finish_task_switch.isra.0+0x153/0x700 [ 16.932244] ? __switch_to+0x47/0xf50 [ 16.932270] ? __schedule+0x10cc/0x2b60 [ 16.932293] ? __pfx_read_tsc+0x10/0x10 [ 16.932314] ? ktime_get_ts64+0x86/0x230 [ 16.932339] kunit_try_run_case+0x1a5/0x480 [ 16.932364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.932389] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.932414] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.932440] ? __kthread_parkme+0x82/0x180 [ 16.932461] ? preempt_count_sub+0x50/0x80 [ 16.932486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.932512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.932537] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.932565] kthread+0x337/0x6f0 [ 16.932585] ? trace_preempt_on+0x20/0xc0 [ 16.932609] ? __pfx_kthread+0x10/0x10 [ 16.932632] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.932676] ? calculate_sigpending+0x7b/0xa0 [ 16.932700] ? __pfx_kthread+0x10/0x10 [ 16.932723] ret_from_fork+0x116/0x1d0 [ 16.932742] ? __pfx_kthread+0x10/0x10 [ 16.932771] ret_from_fork_asm+0x1a/0x30 [ 16.932803] </TASK> [ 16.932815] [ 16.939906] Allocated by task 303: [ 16.940084] kasan_save_stack+0x45/0x70 [ 16.940276] kasan_save_track+0x18/0x40 [ 16.940463] kasan_save_alloc_info+0x3b/0x50 [ 16.940692] __kasan_kmalloc+0xb7/0xc0 [ 16.940881] __kmalloc_noprof+0x1c9/0x500 [ 16.941057] kunit_kmalloc_array+0x25/0x60 [ 16.941199] copy_user_test_oob+0xab/0x10f0 [ 16.941343] kunit_try_run_case+0x1a5/0x480 [ 16.941486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.941729] kthread+0x337/0x6f0 [ 16.941912] ret_from_fork+0x116/0x1d0 [ 16.942092] ret_from_fork_asm+0x1a/0x30 [ 16.942293] [ 16.942391] The buggy address belongs to the object at ffff888103ad9000 [ 16.942391] which belongs to the cache kmalloc-128 of size 128 [ 16.942846] The buggy address is located 0 bytes inside of [ 16.942846] allocated 120-byte region [ffff888103ad9000, ffff888103ad9078) [ 16.943190] [ 16.943275] The buggy address belongs to the physical page: [ 16.943518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad9 [ 16.943895] flags: 0x200000000000000(node=0|zone=2) [ 16.944123] page_type: f5(slab) [ 16.944291] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.944626] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.944879] page dumped because: kasan: bad access detected [ 16.945049] [ 16.945116] Memory state around the buggy address: [ 16.945313] ffff888103ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.945628] ffff888103ad8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.945976] >ffff888103ad9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.946296] ^ [ 16.946599] ffff888103ad9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.946867] ffff888103ad9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.947086] ================================================================== [ 16.947736] ================================================================== [ 16.948088] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.948474] Write of size 1 at addr ffff888103ad9078 by task kunit_try_catch/303 [ 16.948854] [ 16.948950] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.948991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.949003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.949024] Call Trace: [ 16.949040] <TASK> [ 16.949056] dump_stack_lvl+0x73/0xb0 [ 16.949084] print_report+0xd1/0x650 [ 16.949107] ? __virt_addr_valid+0x1db/0x2d0 [ 16.949133] ? strncpy_from_user+0x1a5/0x1d0 [ 16.949158] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.949182] ? strncpy_from_user+0x1a5/0x1d0 [ 16.949207] kasan_report+0x141/0x180 [ 16.949230] ? strncpy_from_user+0x1a5/0x1d0 [ 16.949259] __asan_report_store1_noabort+0x1b/0x30 [ 16.949285] strncpy_from_user+0x1a5/0x1d0 [ 16.949312] copy_user_test_oob+0x760/0x10f0 [ 16.949339] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.949364] ? finish_task_switch.isra.0+0x153/0x700 [ 16.949388] ? __switch_to+0x47/0xf50 [ 16.949414] ? __schedule+0x10cc/0x2b60 [ 16.949437] ? __pfx_read_tsc+0x10/0x10 [ 16.949458] ? ktime_get_ts64+0x86/0x230 [ 16.949483] kunit_try_run_case+0x1a5/0x480 [ 16.949509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.949533] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.949559] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.949584] ? __kthread_parkme+0x82/0x180 [ 16.949605] ? preempt_count_sub+0x50/0x80 [ 16.949630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.949679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.949705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.949732] kthread+0x337/0x6f0 [ 16.949762] ? trace_preempt_on+0x20/0xc0 [ 16.949787] ? __pfx_kthread+0x10/0x10 [ 16.949809] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.949832] ? calculate_sigpending+0x7b/0xa0 [ 16.949857] ? __pfx_kthread+0x10/0x10 [ 16.949879] ret_from_fork+0x116/0x1d0 [ 16.949899] ? __pfx_kthread+0x10/0x10 [ 16.949920] ret_from_fork_asm+0x1a/0x30 [ 16.949952] </TASK> [ 16.949963] [ 16.956825] Allocated by task 303: [ 16.956952] kasan_save_stack+0x45/0x70 [ 16.957093] kasan_save_track+0x18/0x40 [ 16.957227] kasan_save_alloc_info+0x3b/0x50 [ 16.957374] __kasan_kmalloc+0xb7/0xc0 [ 16.957505] __kmalloc_noprof+0x1c9/0x500 [ 16.957663] kunit_kmalloc_array+0x25/0x60 [ 16.957913] copy_user_test_oob+0xab/0x10f0 [ 16.958114] kunit_try_run_case+0x1a5/0x480 [ 16.958308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.958548] kthread+0x337/0x6f0 [ 16.958735] ret_from_fork+0x116/0x1d0 [ 16.958926] ret_from_fork_asm+0x1a/0x30 [ 16.959113] [ 16.959209] The buggy address belongs to the object at ffff888103ad9000 [ 16.959209] which belongs to the cache kmalloc-128 of size 128 [ 16.959756] The buggy address is located 0 bytes to the right of [ 16.959756] allocated 120-byte region [ffff888103ad9000, ffff888103ad9078) [ 16.960307] [ 16.960400] The buggy address belongs to the physical page: [ 16.960674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad9 [ 16.961068] flags: 0x200000000000000(node=0|zone=2) [ 16.961302] page_type: f5(slab) [ 16.961472] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.961696] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.961918] page dumped because: kasan: bad access detected [ 16.962078] [ 16.962143] Memory state around the buggy address: [ 16.962286] ffff888103ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.962512] ffff888103ad8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.962869] >ffff888103ad9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.963211] ^ [ 16.963559] ffff888103ad9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.963933] ffff888103ad9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.964284] ==================================================================