Date
July 15, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.834841] ================================================================== [ 18.834895] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 18.834946] Write of size 1 at addr fff00000c593d378 by task kunit_try_catch/286 [ 18.834999] [ 18.835030] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.835115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.835716] Hardware name: linux,dummy-virt (DT) [ 18.835935] Call trace: [ 18.836145] show_stack+0x20/0x38 (C) [ 18.836433] dump_stack_lvl+0x8c/0xd0 [ 18.836604] print_report+0x118/0x5d0 [ 18.836721] kasan_report+0xdc/0x128 [ 18.836947] __asan_report_store1_noabort+0x20/0x30 [ 18.837210] strncpy_from_user+0x270/0x2a0 [ 18.837516] copy_user_test_oob+0x5c0/0xec8 [ 18.838005] kunit_try_run_case+0x170/0x3f0 [ 18.838105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.838341] kthread+0x328/0x630 [ 18.838537] ret_from_fork+0x10/0x20 [ 18.838586] [ 18.838802] Allocated by task 286: [ 18.838944] kasan_save_stack+0x3c/0x68 [ 18.839055] kasan_save_track+0x20/0x40 [ 18.839152] kasan_save_alloc_info+0x40/0x58 [ 18.839226] __kasan_kmalloc+0xd4/0xd8 [ 18.839264] __kmalloc_noprof+0x198/0x4c8 [ 18.839304] kunit_kmalloc_array+0x34/0x88 [ 18.839343] copy_user_test_oob+0xac/0xec8 [ 18.839580] kunit_try_run_case+0x170/0x3f0 [ 18.839664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.839736] kthread+0x328/0x630 [ 18.839773] ret_from_fork+0x10/0x20 [ 18.840223] [ 18.840267] The buggy address belongs to the object at fff00000c593d300 [ 18.840267] which belongs to the cache kmalloc-128 of size 128 [ 18.840331] The buggy address is located 0 bytes to the right of [ 18.840331] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.840414] [ 18.840435] The buggy address belongs to the physical page: [ 18.840473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.840640] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.840877] page_type: f5(slab) [ 18.840924] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.841075] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.841119] page dumped because: kasan: bad access detected [ 18.841153] [ 18.841392] Memory state around the buggy address: [ 18.841543] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.841594] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.841668] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.841791] ^ [ 18.841869] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.841933] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.841975] ================================================================== [ 18.825766] ================================================================== [ 18.825822] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 18.825878] Write of size 121 at addr fff00000c593d300 by task kunit_try_catch/286 [ 18.826086] [ 18.826258] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.826839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.826995] Hardware name: linux,dummy-virt (DT) [ 18.827169] Call trace: [ 18.827226] show_stack+0x20/0x38 (C) [ 18.827276] dump_stack_lvl+0x8c/0xd0 [ 18.827322] print_report+0x118/0x5d0 [ 18.827373] kasan_report+0xdc/0x128 [ 18.827418] kasan_check_range+0x100/0x1a8 [ 18.827475] __kasan_check_write+0x20/0x30 [ 18.827540] strncpy_from_user+0x3c/0x2a0 [ 18.827720] copy_user_test_oob+0x5c0/0xec8 [ 18.827960] kunit_try_run_case+0x170/0x3f0 [ 18.828532] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.829038] kthread+0x328/0x630 [ 18.829416] ret_from_fork+0x10/0x20 [ 18.829593] [ 18.829626] Allocated by task 286: [ 18.829688] kasan_save_stack+0x3c/0x68 [ 18.829733] kasan_save_track+0x20/0x40 [ 18.829770] kasan_save_alloc_info+0x40/0x58 [ 18.829933] __kasan_kmalloc+0xd4/0xd8 [ 18.829981] __kmalloc_noprof+0x198/0x4c8 [ 18.830326] kunit_kmalloc_array+0x34/0x88 [ 18.830684] copy_user_test_oob+0xac/0xec8 [ 18.830894] kunit_try_run_case+0x170/0x3f0 [ 18.831017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.831068] kthread+0x328/0x630 [ 18.831102] ret_from_fork+0x10/0x20 [ 18.831140] [ 18.831161] The buggy address belongs to the object at fff00000c593d300 [ 18.831161] which belongs to the cache kmalloc-128 of size 128 [ 18.831234] The buggy address is located 0 bytes inside of [ 18.831234] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.831305] [ 18.831336] The buggy address belongs to the physical page: [ 18.831369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.831917] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.832165] page_type: f5(slab) [ 18.832241] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.832296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.833081] page dumped because: kasan: bad access detected [ 18.833312] [ 18.833400] Memory state around the buggy address: [ 18.833450] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.833560] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.833609] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.833830] ^ [ 18.833950] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.833997] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.834161] ==================================================================
[ 16.644081] ================================================================== [ 16.644503] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.644917] Write of size 1 at addr ffff8881038e2978 by task kunit_try_catch/302 [ 16.645227] [ 16.645419] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.645494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.645507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.645538] Call Trace: [ 16.645552] <TASK> [ 16.645566] dump_stack_lvl+0x73/0xb0 [ 16.645595] print_report+0xd1/0x610 [ 16.645618] ? __virt_addr_valid+0x1db/0x2d0 [ 16.645642] ? strncpy_from_user+0x1a5/0x1d0 [ 16.645667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.645775] ? strncpy_from_user+0x1a5/0x1d0 [ 16.645802] kasan_report+0x141/0x180 [ 16.645826] ? strncpy_from_user+0x1a5/0x1d0 [ 16.645856] __asan_report_store1_noabort+0x1b/0x30 [ 16.645882] strncpy_from_user+0x1a5/0x1d0 [ 16.645910] copy_user_test_oob+0x760/0x10f0 [ 16.645938] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.645964] ? finish_task_switch.isra.0+0x153/0x700 [ 16.645988] ? __switch_to+0x47/0xf50 [ 16.646014] ? __schedule+0x10cc/0x2b60 [ 16.646038] ? __pfx_read_tsc+0x10/0x10 [ 16.646060] ? ktime_get_ts64+0x86/0x230 [ 16.646085] kunit_try_run_case+0x1a5/0x480 [ 16.646112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.646137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.646162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.646188] ? __kthread_parkme+0x82/0x180 [ 16.646211] ? preempt_count_sub+0x50/0x80 [ 16.646236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.646263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.646291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.646319] kthread+0x337/0x6f0 [ 16.646340] ? trace_preempt_on+0x20/0xc0 [ 16.646365] ? __pfx_kthread+0x10/0x10 [ 16.646392] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.646415] ? calculate_sigpending+0x7b/0xa0 [ 16.646454] ? __pfx_kthread+0x10/0x10 [ 16.646478] ret_from_fork+0x116/0x1d0 [ 16.646497] ? __pfx_kthread+0x10/0x10 [ 16.646518] ret_from_fork_asm+0x1a/0x30 [ 16.646551] </TASK> [ 16.646561] [ 16.654983] Allocated by task 302: [ 16.655166] kasan_save_stack+0x45/0x70 [ 16.655370] kasan_save_track+0x18/0x40 [ 16.655694] kasan_save_alloc_info+0x3b/0x50 [ 16.656034] __kasan_kmalloc+0xb7/0xc0 [ 16.656217] __kmalloc_noprof+0x1c9/0x500 [ 16.656359] kunit_kmalloc_array+0x25/0x60 [ 16.656502] copy_user_test_oob+0xab/0x10f0 [ 16.656895] kunit_try_run_case+0x1a5/0x480 [ 16.657143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.657400] kthread+0x337/0x6f0 [ 16.657691] ret_from_fork+0x116/0x1d0 [ 16.657870] ret_from_fork_asm+0x1a/0x30 [ 16.658159] [ 16.658231] The buggy address belongs to the object at ffff8881038e2900 [ 16.658231] which belongs to the cache kmalloc-128 of size 128 [ 16.659079] The buggy address is located 0 bytes to the right of [ 16.659079] allocated 120-byte region [ffff8881038e2900, ffff8881038e2978) [ 16.659707] [ 16.659910] The buggy address belongs to the physical page: [ 16.660170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.660610] flags: 0x200000000000000(node=0|zone=2) [ 16.660781] page_type: f5(slab) [ 16.660950] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.661446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.661893] page dumped because: kasan: bad access detected [ 16.662089] [ 16.662185] Memory state around the buggy address: [ 16.662523] ffff8881038e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.662849] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.663172] >ffff8881038e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.663582] ^ [ 16.663883] ffff8881038e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.664210] ffff8881038e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.664594] ================================================================== [ 16.622819] ================================================================== [ 16.623205] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.623548] Write of size 121 at addr ffff8881038e2900 by task kunit_try_catch/302 [ 16.624035] [ 16.624213] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.624261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.624274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.624297] Call Trace: [ 16.624313] <TASK> [ 16.624331] dump_stack_lvl+0x73/0xb0 [ 16.624360] print_report+0xd1/0x610 [ 16.624384] ? __virt_addr_valid+0x1db/0x2d0 [ 16.624408] ? strncpy_from_user+0x2e/0x1d0 [ 16.624433] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.624517] ? strncpy_from_user+0x2e/0x1d0 [ 16.624545] kasan_report+0x141/0x180 [ 16.624568] ? strncpy_from_user+0x2e/0x1d0 [ 16.624610] kasan_check_range+0x10c/0x1c0 [ 16.624636] __kasan_check_write+0x18/0x20 [ 16.624657] strncpy_from_user+0x2e/0x1d0 [ 16.624681] ? __kasan_check_read+0x15/0x20 [ 16.624704] copy_user_test_oob+0x760/0x10f0 [ 16.624776] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.624837] ? finish_task_switch.isra.0+0x153/0x700 [ 16.624863] ? __switch_to+0x47/0xf50 [ 16.624890] ? __schedule+0x10cc/0x2b60 [ 16.624913] ? __pfx_read_tsc+0x10/0x10 [ 16.624935] ? ktime_get_ts64+0x86/0x230 [ 16.624960] kunit_try_run_case+0x1a5/0x480 [ 16.624988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.625013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.625039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.625065] ? __kthread_parkme+0x82/0x180 [ 16.625087] ? preempt_count_sub+0x50/0x80 [ 16.625112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.625138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.625165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.625193] kthread+0x337/0x6f0 [ 16.625214] ? trace_preempt_on+0x20/0xc0 [ 16.625239] ? __pfx_kthread+0x10/0x10 [ 16.625262] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.625284] ? calculate_sigpending+0x7b/0xa0 [ 16.625310] ? __pfx_kthread+0x10/0x10 [ 16.625333] ret_from_fork+0x116/0x1d0 [ 16.625352] ? __pfx_kthread+0x10/0x10 [ 16.625374] ret_from_fork_asm+0x1a/0x30 [ 16.625406] </TASK> [ 16.625418] [ 16.634270] Allocated by task 302: [ 16.634442] kasan_save_stack+0x45/0x70 [ 16.634857] kasan_save_track+0x18/0x40 [ 16.635215] kasan_save_alloc_info+0x3b/0x50 [ 16.635429] __kasan_kmalloc+0xb7/0xc0 [ 16.635687] __kmalloc_noprof+0x1c9/0x500 [ 16.635945] kunit_kmalloc_array+0x25/0x60 [ 16.636092] copy_user_test_oob+0xab/0x10f0 [ 16.636240] kunit_try_run_case+0x1a5/0x480 [ 16.636455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.636913] kthread+0x337/0x6f0 [ 16.637089] ret_from_fork+0x116/0x1d0 [ 16.637316] ret_from_fork_asm+0x1a/0x30 [ 16.637499] [ 16.637597] The buggy address belongs to the object at ffff8881038e2900 [ 16.637597] which belongs to the cache kmalloc-128 of size 128 [ 16.638081] The buggy address is located 0 bytes inside of [ 16.638081] allocated 120-byte region [ffff8881038e2900, ffff8881038e2978) [ 16.638799] [ 16.638899] The buggy address belongs to the physical page: [ 16.639199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.639525] flags: 0x200000000000000(node=0|zone=2) [ 16.639743] page_type: f5(slab) [ 16.639925] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.640391] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.640794] page dumped because: kasan: bad access detected [ 16.641018] [ 16.641152] Memory state around the buggy address: [ 16.641394] ffff8881038e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.641681] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.642012] >ffff8881038e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.642293] ^ [ 16.642839] ffff8881038e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.643104] ffff8881038e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.643474] ==================================================================