Date
July 18, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.642385] ================================================================== [ 18.642440] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 18.643301] Write of size 121 at addr fff00000c771e200 by task kunit_try_catch/285 [ 18.643392] [ 18.643635] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.643734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.643870] Hardware name: linux,dummy-virt (DT) [ 18.644129] Call trace: [ 18.644172] show_stack+0x20/0x38 (C) [ 18.644311] dump_stack_lvl+0x8c/0xd0 [ 18.644395] print_report+0x118/0x5d0 [ 18.644561] kasan_report+0xdc/0x128 [ 18.644616] kasan_check_range+0x100/0x1a8 [ 18.644685] __kasan_check_write+0x20/0x30 [ 18.644737] strncpy_from_user+0x3c/0x2a0 [ 18.645084] copy_user_test_oob+0x5c0/0xec8 [ 18.645261] kunit_try_run_case+0x170/0x3f0 [ 18.645433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.645493] kthread+0x328/0x630 [ 18.645537] ret_from_fork+0x10/0x20 [ 18.645590] [ 18.645611] Allocated by task 285: [ 18.645989] kasan_save_stack+0x3c/0x68 [ 18.646226] kasan_save_track+0x20/0x40 [ 18.646424] kasan_save_alloc_info+0x40/0x58 [ 18.646520] __kasan_kmalloc+0xd4/0xd8 [ 18.646698] __kmalloc_noprof+0x198/0x4c8 [ 18.646777] kunit_kmalloc_array+0x34/0x88 [ 18.646858] copy_user_test_oob+0xac/0xec8 [ 18.646922] kunit_try_run_case+0x170/0x3f0 [ 18.647193] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.647526] kthread+0x328/0x630 [ 18.647659] ret_from_fork+0x10/0x20 [ 18.647747] [ 18.647924] The buggy address belongs to the object at fff00000c771e200 [ 18.647924] which belongs to the cache kmalloc-128 of size 128 [ 18.648028] The buggy address is located 0 bytes inside of [ 18.648028] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.648307] [ 18.648503] The buggy address belongs to the physical page: [ 18.648556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.648797] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.648871] page_type: f5(slab) [ 18.649059] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.649151] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.649700] page dumped because: kasan: bad access detected [ 18.649743] [ 18.649764] Memory state around the buggy address: [ 18.649832] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.649889] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.650262] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.650355] ^ [ 18.650683] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.650745] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.651030] ================================================================== [ 18.652253] ================================================================== [ 18.652857] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 18.652936] Write of size 1 at addr fff00000c771e278 by task kunit_try_catch/285 [ 18.653183] [ 18.653228] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.653313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.654019] Hardware name: linux,dummy-virt (DT) [ 18.654068] Call trace: [ 18.654112] show_stack+0x20/0x38 (C) [ 18.654195] dump_stack_lvl+0x8c/0xd0 [ 18.654462] print_report+0x118/0x5d0 [ 18.654673] kasan_report+0xdc/0x128 [ 18.654766] __asan_report_store1_noabort+0x20/0x30 [ 18.654846] strncpy_from_user+0x270/0x2a0 [ 18.655057] copy_user_test_oob+0x5c0/0xec8 [ 18.655131] kunit_try_run_case+0x170/0x3f0 [ 18.655202] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.655258] kthread+0x328/0x630 [ 18.655686] ret_from_fork+0x10/0x20 [ 18.655779] [ 18.655984] Allocated by task 285: [ 18.656051] kasan_save_stack+0x3c/0x68 [ 18.656250] kasan_save_track+0x20/0x40 [ 18.656298] kasan_save_alloc_info+0x40/0x58 [ 18.656889] __kasan_kmalloc+0xd4/0xd8 [ 18.657116] __kmalloc_noprof+0x198/0x4c8 [ 18.657186] kunit_kmalloc_array+0x34/0x88 [ 18.657340] copy_user_test_oob+0xac/0xec8 [ 18.657432] kunit_try_run_case+0x170/0x3f0 [ 18.657513] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.657903] kthread+0x328/0x630 [ 18.657971] ret_from_fork+0x10/0x20 [ 18.658049] [ 18.658342] The buggy address belongs to the object at fff00000c771e200 [ 18.658342] which belongs to the cache kmalloc-128 of size 128 [ 18.658490] The buggy address is located 0 bytes to the right of [ 18.658490] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.658677] [ 18.658713] The buggy address belongs to the physical page: [ 18.658751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.658821] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.658872] page_type: f5(slab) [ 18.658923] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.658975] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.659028] page dumped because: kasan: bad access detected [ 18.659062] [ 18.659092] Memory state around the buggy address: [ 18.659135] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.659182] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.659235] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.659276] ^ [ 18.659321] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.659387] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.659428] ==================================================================
[ 16.386835] ================================================================== [ 16.387402] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.387824] Write of size 121 at addr ffff8881039ee400 by task kunit_try_catch/304 [ 16.388092] [ 16.388213] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.388257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.388270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.388292] Call Trace: [ 16.388308] <TASK> [ 16.388335] dump_stack_lvl+0x73/0xb0 [ 16.388363] print_report+0xd1/0x610 [ 16.388385] ? __virt_addr_valid+0x1db/0x2d0 [ 16.388407] ? strncpy_from_user+0x2e/0x1d0 [ 16.388431] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.388454] ? strncpy_from_user+0x2e/0x1d0 [ 16.388489] kasan_report+0x141/0x180 [ 16.388512] ? strncpy_from_user+0x2e/0x1d0 [ 16.388541] kasan_check_range+0x10c/0x1c0 [ 16.388585] __kasan_check_write+0x18/0x20 [ 16.388614] strncpy_from_user+0x2e/0x1d0 [ 16.388637] ? __kasan_check_read+0x15/0x20 [ 16.388658] copy_user_test_oob+0x760/0x10f0 [ 16.388695] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.388720] ? __kasan_check_write+0x18/0x20 [ 16.388739] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.388767] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 16.388792] ? __pfx_read_tsc+0x10/0x10 [ 16.388812] ? ktime_get_ts64+0x86/0x230 [ 16.388846] kunit_try_run_case+0x1a5/0x480 [ 16.388870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.388893] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 16.388926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.388951] ? __kthread_parkme+0x82/0x180 [ 16.388971] ? preempt_count_sub+0x50/0x80 [ 16.389001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.389034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.389059] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.389084] kthread+0x337/0x6f0 [ 16.389114] ? trace_preempt_on+0x20/0xc0 [ 16.389137] ? __pfx_kthread+0x10/0x10 [ 16.389157] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.389179] ? calculate_sigpending+0x7b/0xa0 [ 16.389203] ? __pfx_kthread+0x10/0x10 [ 16.389224] ret_from_fork+0x116/0x1d0 [ 16.389244] ? __pfx_kthread+0x10/0x10 [ 16.389264] ret_from_fork_asm+0x1a/0x30 [ 16.389295] </TASK> [ 16.389305] [ 16.397170] Allocated by task 304: [ 16.397363] kasan_save_stack+0x45/0x70 [ 16.397555] kasan_save_track+0x18/0x40 [ 16.397819] kasan_save_alloc_info+0x3b/0x50 [ 16.398032] __kasan_kmalloc+0xb7/0xc0 [ 16.398223] __kmalloc_noprof+0x1c9/0x500 [ 16.398415] kunit_kmalloc_array+0x25/0x60 [ 16.398654] copy_user_test_oob+0xab/0x10f0 [ 16.398847] kunit_try_run_case+0x1a5/0x480 [ 16.399074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.399299] kthread+0x337/0x6f0 [ 16.399461] ret_from_fork+0x116/0x1d0 [ 16.399695] ret_from_fork_asm+0x1a/0x30 [ 16.400010] [ 16.400110] The buggy address belongs to the object at ffff8881039ee400 [ 16.400110] which belongs to the cache kmalloc-128 of size 128 [ 16.400640] The buggy address is located 0 bytes inside of [ 16.400640] allocated 120-byte region [ffff8881039ee400, ffff8881039ee478) [ 16.401133] [ 16.401206] The buggy address belongs to the physical page: [ 16.401491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ee [ 16.401856] flags: 0x200000000000000(node=0|zone=2) [ 16.402022] page_type: f5(slab) [ 16.402145] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.402392] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.402623] page dumped because: kasan: bad access detected [ 16.402798] [ 16.402892] Memory state around the buggy address: [ 16.403113] ffff8881039ee300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.403469] ffff8881039ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.403794] >ffff8881039ee400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.404109] ^ [ 16.404429] ffff8881039ee480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.405205] ffff8881039ee500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.405447] ================================================================== [ 16.407177] ================================================================== [ 16.407518] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.407823] Write of size 1 at addr ffff8881039ee478 by task kunit_try_catch/304 [ 16.408680] [ 16.408840] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.408887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.408901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.409041] Call Trace: [ 16.409061] <TASK> [ 16.409077] dump_stack_lvl+0x73/0xb0 [ 16.409121] print_report+0xd1/0x610 [ 16.409145] ? __virt_addr_valid+0x1db/0x2d0 [ 16.409201] ? strncpy_from_user+0x1a5/0x1d0 [ 16.409227] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.409252] ? strncpy_from_user+0x1a5/0x1d0 [ 16.409276] kasan_report+0x141/0x180 [ 16.409299] ? strncpy_from_user+0x1a5/0x1d0 [ 16.409338] __asan_report_store1_noabort+0x1b/0x30 [ 16.409363] strncpy_from_user+0x1a5/0x1d0 [ 16.409390] copy_user_test_oob+0x760/0x10f0 [ 16.409416] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.409440] ? __kasan_check_write+0x18/0x20 [ 16.409461] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.409487] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 16.409523] ? __pfx_read_tsc+0x10/0x10 [ 16.409544] ? ktime_get_ts64+0x86/0x230 [ 16.409568] kunit_try_run_case+0x1a5/0x480 [ 16.409593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.409616] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 16.409639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.409663] ? __kthread_parkme+0x82/0x180 [ 16.409683] ? preempt_count_sub+0x50/0x80 [ 16.409709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.409733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.409757] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.409781] kthread+0x337/0x6f0 [ 16.409801] ? trace_preempt_on+0x20/0xc0 [ 16.409824] ? __pfx_kthread+0x10/0x10 [ 16.409845] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.409867] ? calculate_sigpending+0x7b/0xa0 [ 16.409891] ? __pfx_kthread+0x10/0x10 [ 16.409913] ret_from_fork+0x116/0x1d0 [ 16.409932] ? __pfx_kthread+0x10/0x10 [ 16.409954] ret_from_fork_asm+0x1a/0x30 [ 16.409986] </TASK> [ 16.409999] [ 16.421410] Allocated by task 304: [ 16.421742] kasan_save_stack+0x45/0x70 [ 16.421932] kasan_save_track+0x18/0x40 [ 16.422100] kasan_save_alloc_info+0x3b/0x50 [ 16.422292] __kasan_kmalloc+0xb7/0xc0 [ 16.422472] __kmalloc_noprof+0x1c9/0x500 [ 16.422659] kunit_kmalloc_array+0x25/0x60 [ 16.422846] copy_user_test_oob+0xab/0x10f0 [ 16.423035] kunit_try_run_case+0x1a5/0x480 [ 16.423213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.423947] kthread+0x337/0x6f0 [ 16.424343] ret_from_fork+0x116/0x1d0 [ 16.424750] ret_from_fork_asm+0x1a/0x30 [ 16.425032] [ 16.425260] The buggy address belongs to the object at ffff8881039ee400 [ 16.425260] which belongs to the cache kmalloc-128 of size 128 [ 16.426372] The buggy address is located 0 bytes to the right of [ 16.426372] allocated 120-byte region [ffff8881039ee400, ffff8881039ee478) [ 16.427258] [ 16.427371] The buggy address belongs to the physical page: [ 16.427964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ee [ 16.428441] flags: 0x200000000000000(node=0|zone=2) [ 16.428886] page_type: f5(slab) [ 16.429188] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.429838] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.430155] page dumped because: kasan: bad access detected [ 16.430393] [ 16.430481] Memory state around the buggy address: [ 16.431015] ffff8881039ee300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.431482] ffff8881039ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.431768] >ffff8881039ee400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.432058] ^ [ 16.432355] ffff8881039ee480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.433074] ffff8881039ee500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.433533] ==================================================================