Date
July 9, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.709319] ================================================================== [ 19.710106] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.710315] Write of size 1 at addr fff00000c76aff78 by task kunit_try_catch/285 [ 19.710638] [ 19.710776] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.710866] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.710893] Hardware name: linux,dummy-virt (DT) [ 19.710929] Call trace: [ 19.711180] show_stack+0x20/0x38 (C) [ 19.711248] dump_stack_lvl+0x8c/0xd0 [ 19.711300] print_report+0x118/0x608 [ 19.711715] kasan_report+0xdc/0x128 [ 19.711772] __asan_report_store1_noabort+0x20/0x30 [ 19.711824] strncpy_from_user+0x270/0x2a0 [ 19.712321] copy_user_test_oob+0x5c0/0xec8 [ 19.712513] kunit_try_run_case+0x170/0x3f0 [ 19.712713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.713042] kthread+0x328/0x630 [ 19.713393] ret_from_fork+0x10/0x20 [ 19.713459] [ 19.713788] Allocated by task 285: [ 19.713919] kasan_save_stack+0x3c/0x68 [ 19.714040] kasan_save_track+0x20/0x40 [ 19.714081] kasan_save_alloc_info+0x40/0x58 [ 19.714134] __kasan_kmalloc+0xd4/0xd8 [ 19.714172] __kmalloc_noprof+0x198/0x4c8 [ 19.714212] kunit_kmalloc_array+0x34/0x88 [ 19.714251] copy_user_test_oob+0xac/0xec8 [ 19.714291] kunit_try_run_case+0x170/0x3f0 [ 19.714330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.714376] kthread+0x328/0x630 [ 19.714699] ret_from_fork+0x10/0x20 [ 19.714750] [ 19.715480] The buggy address belongs to the object at fff00000c76aff00 [ 19.715480] which belongs to the cache kmalloc-128 of size 128 [ 19.715676] The buggy address is located 0 bytes to the right of [ 19.715676] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.715743] [ 19.716181] The buggy address belongs to the physical page: [ 19.716231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.716676] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.716741] page_type: f5(slab) [ 19.717188] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.717263] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.717307] page dumped because: kasan: bad access detected [ 19.717343] [ 19.717363] Memory state around the buggy address: [ 19.717581] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.717855] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.717942] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.718062] ^ [ 19.718337] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.718404] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.718678] ================================================================== [ 19.697270] ================================================================== [ 19.697325] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.697386] Write of size 121 at addr fff00000c76aff00 by task kunit_try_catch/285 [ 19.697438] [ 19.697472] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.698062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.698107] Hardware name: linux,dummy-virt (DT) [ 19.698152] Call trace: [ 19.698178] show_stack+0x20/0x38 (C) [ 19.698933] dump_stack_lvl+0x8c/0xd0 [ 19.698987] print_report+0x118/0x608 [ 19.699384] kasan_report+0xdc/0x128 [ 19.699844] kasan_check_range+0x100/0x1a8 [ 19.699899] __kasan_check_write+0x20/0x30 [ 19.699974] strncpy_from_user+0x3c/0x2a0 [ 19.700278] copy_user_test_oob+0x5c0/0xec8 [ 19.700875] kunit_try_run_case+0x170/0x3f0 [ 19.701182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.701250] kthread+0x328/0x630 [ 19.701296] ret_from_fork+0x10/0x20 [ 19.701382] [ 19.701422] Allocated by task 285: [ 19.701832] kasan_save_stack+0x3c/0x68 [ 19.702180] kasan_save_track+0x20/0x40 [ 19.702228] kasan_save_alloc_info+0x40/0x58 [ 19.702268] __kasan_kmalloc+0xd4/0xd8 [ 19.702308] __kmalloc_noprof+0x198/0x4c8 [ 19.702349] kunit_kmalloc_array+0x34/0x88 [ 19.703003] copy_user_test_oob+0xac/0xec8 [ 19.703053] kunit_try_run_case+0x170/0x3f0 [ 19.703092] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.703152] kthread+0x328/0x630 [ 19.703186] ret_from_fork+0x10/0x20 [ 19.703227] [ 19.703745] The buggy address belongs to the object at fff00000c76aff00 [ 19.703745] which belongs to the cache kmalloc-128 of size 128 [ 19.704111] The buggy address is located 0 bytes inside of [ 19.704111] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.704188] [ 19.704318] The buggy address belongs to the physical page: [ 19.704357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.704414] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.704503] page_type: f5(slab) [ 19.704544] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.704896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.704942] page dumped because: kasan: bad access detected [ 19.704976] [ 19.704995] Memory state around the buggy address: [ 19.705504] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.705564] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.705611] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.705680] ^ [ 19.705932] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.705981] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.706288] ==================================================================
[ 16.710068] ================================================================== [ 16.710423] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.710862] Write of size 121 at addr ffff8881031fd400 by task kunit_try_catch/302 [ 16.711141] [ 16.711225] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.711276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.711298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.711318] Call Trace: [ 16.711334] <TASK> [ 16.711361] dump_stack_lvl+0x73/0xb0 [ 16.711391] print_report+0xd1/0x650 [ 16.711414] ? __virt_addr_valid+0x1db/0x2d0 [ 16.711438] ? strncpy_from_user+0x2e/0x1d0 [ 16.711462] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.711487] ? strncpy_from_user+0x2e/0x1d0 [ 16.711511] kasan_report+0x141/0x180 [ 16.711533] ? strncpy_from_user+0x2e/0x1d0 [ 16.711562] kasan_check_range+0x10c/0x1c0 [ 16.711586] __kasan_check_write+0x18/0x20 [ 16.711607] strncpy_from_user+0x2e/0x1d0 [ 16.711630] ? __kasan_check_read+0x15/0x20 [ 16.711652] copy_user_test_oob+0x760/0x10f0 [ 16.711680] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.711714] ? finish_task_switch.isra.0+0x153/0x700 [ 16.711737] ? __switch_to+0x47/0xf50 [ 16.711763] ? __schedule+0x10cc/0x2b60 [ 16.711785] ? __pfx_read_tsc+0x10/0x10 [ 16.711816] ? ktime_get_ts64+0x86/0x230 [ 16.711841] kunit_try_run_case+0x1a5/0x480 [ 16.711866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.711901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.711928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.711954] ? __kthread_parkme+0x82/0x180 [ 16.711975] ? preempt_count_sub+0x50/0x80 [ 16.712008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.712033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.712079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.712106] kthread+0x337/0x6f0 [ 16.712126] ? trace_preempt_on+0x20/0xc0 [ 16.712150] ? __pfx_kthread+0x10/0x10 [ 16.712172] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.712195] ? calculate_sigpending+0x7b/0xa0 [ 16.712220] ? __pfx_kthread+0x10/0x10 [ 16.712242] ret_from_fork+0x116/0x1d0 [ 16.712261] ? __pfx_kthread+0x10/0x10 [ 16.712282] ret_from_fork_asm+0x1a/0x30 [ 16.712324] </TASK> [ 16.712335] [ 16.720479] Allocated by task 302: [ 16.720654] kasan_save_stack+0x45/0x70 [ 16.720809] kasan_save_track+0x18/0x40 [ 16.720997] kasan_save_alloc_info+0x3b/0x50 [ 16.721248] __kasan_kmalloc+0xb7/0xc0 [ 16.721408] __kmalloc_noprof+0x1c9/0x500 [ 16.721622] kunit_kmalloc_array+0x25/0x60 [ 16.721818] copy_user_test_oob+0xab/0x10f0 [ 16.722030] kunit_try_run_case+0x1a5/0x480 [ 16.722223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.722479] kthread+0x337/0x6f0 [ 16.722627] ret_from_fork+0x116/0x1d0 [ 16.722810] ret_from_fork_asm+0x1a/0x30 [ 16.723018] [ 16.723113] The buggy address belongs to the object at ffff8881031fd400 [ 16.723113] which belongs to the cache kmalloc-128 of size 128 [ 16.723580] The buggy address is located 0 bytes inside of [ 16.723580] allocated 120-byte region [ffff8881031fd400, ffff8881031fd478) [ 16.724115] [ 16.724215] The buggy address belongs to the physical page: [ 16.724456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.724806] flags: 0x200000000000000(node=0|zone=2) [ 16.725036] page_type: f5(slab) [ 16.725159] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.725390] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.725616] page dumped because: kasan: bad access detected [ 16.725840] [ 16.725962] Memory state around the buggy address: [ 16.726400] ffff8881031fd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.726724] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.726948] >ffff8881031fd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.727459] ^ [ 16.727722] ffff8881031fd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.727936] ffff8881031fd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.728177] ================================================================== [ 16.728753] ================================================================== [ 16.729413] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.729792] Write of size 1 at addr ffff8881031fd478 by task kunit_try_catch/302 [ 16.730065] [ 16.730175] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.730225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.730238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.730259] Call Trace: [ 16.730272] <TASK> [ 16.730298] dump_stack_lvl+0x73/0xb0 [ 16.730327] print_report+0xd1/0x650 [ 16.730351] ? __virt_addr_valid+0x1db/0x2d0 [ 16.730374] ? strncpy_from_user+0x1a5/0x1d0 [ 16.730397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.730422] ? strncpy_from_user+0x1a5/0x1d0 [ 16.730446] kasan_report+0x141/0x180 [ 16.730468] ? strncpy_from_user+0x1a5/0x1d0 [ 16.730498] __asan_report_store1_noabort+0x1b/0x30 [ 16.730524] strncpy_from_user+0x1a5/0x1d0 [ 16.730551] copy_user_test_oob+0x760/0x10f0 [ 16.730578] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.730602] ? finish_task_switch.isra.0+0x153/0x700 [ 16.730627] ? __switch_to+0x47/0xf50 [ 16.730652] ? __schedule+0x10cc/0x2b60 [ 16.730675] ? __pfx_read_tsc+0x10/0x10 [ 16.730697] ? ktime_get_ts64+0x86/0x230 [ 16.730733] kunit_try_run_case+0x1a5/0x480 [ 16.730758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.730783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.730808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.730835] ? __kthread_parkme+0x82/0x180 [ 16.730859] ? preempt_count_sub+0x50/0x80 [ 16.730895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.730921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.730958] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.730986] kthread+0x337/0x6f0 [ 16.731006] ? trace_preempt_on+0x20/0xc0 [ 16.731031] ? __pfx_kthread+0x10/0x10 [ 16.731066] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.731088] ? calculate_sigpending+0x7b/0xa0 [ 16.731112] ? __pfx_kthread+0x10/0x10 [ 16.731135] ret_from_fork+0x116/0x1d0 [ 16.731154] ? __pfx_kthread+0x10/0x10 [ 16.731175] ret_from_fork_asm+0x1a/0x30 [ 16.731207] </TASK> [ 16.731218] [ 16.738663] Allocated by task 302: [ 16.738852] kasan_save_stack+0x45/0x70 [ 16.739031] kasan_save_track+0x18/0x40 [ 16.739167] kasan_save_alloc_info+0x3b/0x50 [ 16.739399] __kasan_kmalloc+0xb7/0xc0 [ 16.739587] __kmalloc_noprof+0x1c9/0x500 [ 16.739749] kunit_kmalloc_array+0x25/0x60 [ 16.739892] copy_user_test_oob+0xab/0x10f0 [ 16.740040] kunit_try_run_case+0x1a5/0x480 [ 16.740186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.740367] kthread+0x337/0x6f0 [ 16.740488] ret_from_fork+0x116/0x1d0 [ 16.740621] ret_from_fork_asm+0x1a/0x30 [ 16.740809] [ 16.740903] The buggy address belongs to the object at ffff8881031fd400 [ 16.740903] which belongs to the cache kmalloc-128 of size 128 [ 16.741808] The buggy address is located 0 bytes to the right of [ 16.741808] allocated 120-byte region [ffff8881031fd400, ffff8881031fd478) [ 16.742345] [ 16.742438] The buggy address belongs to the physical page: [ 16.742683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.743014] flags: 0x200000000000000(node=0|zone=2) [ 16.743174] page_type: f5(slab) [ 16.743294] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.743520] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.743752] page dumped because: kasan: bad access detected [ 16.744136] [ 16.744230] Memory state around the buggy address: [ 16.744466] ffff8881031fd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.744820] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.745199] >ffff8881031fd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.745413] ^ [ 16.745749] ffff8881031fd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.746073] ffff8881031fd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.746304] ==================================================================