Date
July 20, 2025, 11:12 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.644359] ================================================================== [ 18.644420] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 18.644480] Write of size 121 at addr fff00000c7025e00 by task kunit_try_catch/285 [ 18.644534] [ 18.644565] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.644648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.644688] Hardware name: linux,dummy-virt (DT) [ 18.644719] Call trace: [ 18.644743] show_stack+0x20/0x38 (C) [ 18.644804] dump_stack_lvl+0x8c/0xd0 [ 18.644852] print_report+0x118/0x5d0 [ 18.644899] kasan_report+0xdc/0x128 [ 18.644947] kasan_check_range+0x100/0x1a8 [ 18.644996] __kasan_check_write+0x20/0x30 [ 18.645084] strncpy_from_user+0x3c/0x2a0 [ 18.645383] copy_user_test_oob+0x5c0/0xec8 [ 18.645431] kunit_try_run_case+0x170/0x3f0 [ 18.645480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.645716] kthread+0x328/0x630 [ 18.645768] ret_from_fork+0x10/0x20 [ 18.645816] [ 18.645837] Allocated by task 285: [ 18.645878] kasan_save_stack+0x3c/0x68 [ 18.645920] kasan_save_track+0x20/0x40 [ 18.645961] kasan_save_alloc_info+0x40/0x58 [ 18.646003] __kasan_kmalloc+0xd4/0xd8 [ 18.646099] __kmalloc_noprof+0x198/0x4c8 [ 18.646397] kunit_kmalloc_array+0x34/0x88 [ 18.646493] copy_user_test_oob+0xac/0xec8 [ 18.646621] kunit_try_run_case+0x170/0x3f0 [ 18.646679] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.646744] kthread+0x328/0x630 [ 18.646779] ret_from_fork+0x10/0x20 [ 18.646850] [ 18.646870] The buggy address belongs to the object at fff00000c7025e00 [ 18.646870] which belongs to the cache kmalloc-128 of size 128 [ 18.646930] The buggy address is located 0 bytes inside of [ 18.646930] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.647192] [ 18.647234] The buggy address belongs to the physical page: [ 18.647267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.647672] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.647729] page_type: f5(slab) [ 18.647768] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.647822] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.647864] page dumped because: kasan: bad access detected [ 18.647900] [ 18.647931] Memory state around the buggy address: [ 18.648063] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.648108] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.648153] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.648192] ^ [ 18.648236] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.648282] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.648323] ================================================================== [ 18.648809] ================================================================== [ 18.648870] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 18.649038] Write of size 1 at addr fff00000c7025e78 by task kunit_try_catch/285 [ 18.649116] [ 18.649156] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.649237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.649265] Hardware name: linux,dummy-virt (DT) [ 18.649296] Call trace: [ 18.649319] show_stack+0x20/0x38 (C) [ 18.649368] dump_stack_lvl+0x8c/0xd0 [ 18.649422] print_report+0x118/0x5d0 [ 18.649656] kasan_report+0xdc/0x128 [ 18.649907] __asan_report_store1_noabort+0x20/0x30 [ 18.650103] strncpy_from_user+0x270/0x2a0 [ 18.650187] copy_user_test_oob+0x5c0/0xec8 [ 18.650428] kunit_try_run_case+0x170/0x3f0 [ 18.650592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.650645] kthread+0x328/0x630 [ 18.650694] ret_from_fork+0x10/0x20 [ 18.650742] [ 18.650763] Allocated by task 285: [ 18.650792] kasan_save_stack+0x3c/0x68 [ 18.650835] kasan_save_track+0x20/0x40 [ 18.650875] kasan_save_alloc_info+0x40/0x58 [ 18.650915] __kasan_kmalloc+0xd4/0xd8 [ 18.650954] __kmalloc_noprof+0x198/0x4c8 [ 18.650992] kunit_kmalloc_array+0x34/0x88 [ 18.651042] copy_user_test_oob+0xac/0xec8 [ 18.651823] kunit_try_run_case+0x170/0x3f0 [ 18.652027] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.652166] kthread+0x328/0x630 [ 18.652201] ret_from_fork+0x10/0x20 [ 18.652249] [ 18.652272] The buggy address belongs to the object at fff00000c7025e00 [ 18.652272] which belongs to the cache kmalloc-128 of size 128 [ 18.652332] The buggy address is located 0 bytes to the right of [ 18.652332] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.652469] [ 18.652492] The buggy address belongs to the physical page: [ 18.652524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.652577] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.652626] page_type: f5(slab) [ 18.652688] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.652922] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.652984] page dumped because: kasan: bad access detected [ 18.653043] [ 18.653064] Memory state around the buggy address: [ 18.653097] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.653142] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.653186] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.653460] ^ [ 18.653538] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.653688] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.653729] ==================================================================
[ 16.490049] ================================================================== [ 16.490768] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.491146] Write of size 1 at addr ffff888102ad4e78 by task kunit_try_catch/303 [ 16.491457] [ 16.491545] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.491588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.491601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.491623] Call Trace: [ 16.491638] <TASK> [ 16.491653] dump_stack_lvl+0x73/0xb0 [ 16.491681] print_report+0xd1/0x610 [ 16.491704] ? __virt_addr_valid+0x1db/0x2d0 [ 16.491726] ? strncpy_from_user+0x1a5/0x1d0 [ 16.491960] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.492104] ? strncpy_from_user+0x1a5/0x1d0 [ 16.492130] kasan_report+0x141/0x180 [ 16.492153] ? strncpy_from_user+0x1a5/0x1d0 [ 16.492181] __asan_report_store1_noabort+0x1b/0x30 [ 16.492206] strncpy_from_user+0x1a5/0x1d0 [ 16.492231] copy_user_test_oob+0x760/0x10f0 [ 16.492258] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.492281] ? finish_task_switch.isra.0+0x153/0x700 [ 16.492304] ? __switch_to+0x47/0xf50 [ 16.492329] ? __schedule+0x10cc/0x2b60 [ 16.492352] ? __pfx_read_tsc+0x10/0x10 [ 16.492373] ? ktime_get_ts64+0x86/0x230 [ 16.492397] kunit_try_run_case+0x1a5/0x480 [ 16.492421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.492443] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.492466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.492489] ? __kthread_parkme+0x82/0x180 [ 16.492509] ? preempt_count_sub+0x50/0x80 [ 16.492532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.492556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.492579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.492602] kthread+0x337/0x6f0 [ 16.492622] ? trace_preempt_on+0x20/0xc0 [ 16.492644] ? __pfx_kthread+0x10/0x10 [ 16.492665] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.492696] ? calculate_sigpending+0x7b/0xa0 [ 16.492719] ? __pfx_kthread+0x10/0x10 [ 16.492741] ret_from_fork+0x116/0x1d0 [ 16.492759] ? __pfx_kthread+0x10/0x10 [ 16.492779] ret_from_fork_asm+0x1a/0x30 [ 16.492809] </TASK> [ 16.492819] [ 16.502599] Allocated by task 303: [ 16.502766] kasan_save_stack+0x45/0x70 [ 16.502979] kasan_save_track+0x18/0x40 [ 16.503161] kasan_save_alloc_info+0x3b/0x50 [ 16.503368] __kasan_kmalloc+0xb7/0xc0 [ 16.503551] __kmalloc_noprof+0x1c9/0x500 [ 16.504353] kunit_kmalloc_array+0x25/0x60 [ 16.504531] copy_user_test_oob+0xab/0x10f0 [ 16.504823] kunit_try_run_case+0x1a5/0x480 [ 16.505275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.505755] kthread+0x337/0x6f0 [ 16.505888] ret_from_fork+0x116/0x1d0 [ 16.506033] ret_from_fork_asm+0x1a/0x30 [ 16.506174] [ 16.506246] The buggy address belongs to the object at ffff888102ad4e00 [ 16.506246] which belongs to the cache kmalloc-128 of size 128 [ 16.506604] The buggy address is located 0 bytes to the right of [ 16.506604] allocated 120-byte region [ffff888102ad4e00, ffff888102ad4e78) [ 16.507761] [ 16.507933] The buggy address belongs to the physical page: [ 16.508400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 16.509082] flags: 0x200000000000000(node=0|zone=2) [ 16.509522] page_type: f5(slab) [ 16.509850] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.510494] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.511178] page dumped because: kasan: bad access detected [ 16.511633] [ 16.511709] Memory state around the buggy address: [ 16.511920] ffff888102ad4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.512141] ffff888102ad4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.512358] >ffff888102ad4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.512570] ^ [ 16.513185] ffff888102ad4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.513416] ffff888102ad4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.513632] ================================================================== [ 16.465698] ================================================================== [ 16.466371] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.466815] Write of size 121 at addr ffff888102ad4e00 by task kunit_try_catch/303 [ 16.467229] [ 16.467576] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.467626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.467639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.467661] Call Trace: [ 16.467678] <TASK> [ 16.467694] dump_stack_lvl+0x73/0xb0 [ 16.467723] print_report+0xd1/0x610 [ 16.467746] ? __virt_addr_valid+0x1db/0x2d0 [ 16.467772] ? strncpy_from_user+0x2e/0x1d0 [ 16.467797] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.467820] ? strncpy_from_user+0x2e/0x1d0 [ 16.467844] kasan_report+0x141/0x180 [ 16.467867] ? strncpy_from_user+0x2e/0x1d0 [ 16.467895] kasan_check_range+0x10c/0x1c0 [ 16.467933] __kasan_check_write+0x18/0x20 [ 16.467953] strncpy_from_user+0x2e/0x1d0 [ 16.467979] copy_user_test_oob+0x760/0x10f0 [ 16.468007] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.468032] ? finish_task_switch.isra.0+0x153/0x700 [ 16.468055] ? __switch_to+0x47/0xf50 [ 16.468081] ? __schedule+0x10cc/0x2b60 [ 16.468104] ? __pfx_read_tsc+0x10/0x10 [ 16.468125] ? ktime_get_ts64+0x86/0x230 [ 16.468150] kunit_try_run_case+0x1a5/0x480 [ 16.468175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.468198] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.468223] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.468247] ? __kthread_parkme+0x82/0x180 [ 16.468266] ? preempt_count_sub+0x50/0x80 [ 16.468289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.468314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.468336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.468360] kthread+0x337/0x6f0 [ 16.468379] ? trace_preempt_on+0x20/0xc0 [ 16.468402] ? __pfx_kthread+0x10/0x10 [ 16.468423] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.468444] ? calculate_sigpending+0x7b/0xa0 [ 16.468467] ? __pfx_kthread+0x10/0x10 [ 16.468489] ret_from_fork+0x116/0x1d0 [ 16.468507] ? __pfx_kthread+0x10/0x10 [ 16.468527] ret_from_fork_asm+0x1a/0x30 [ 16.468558] </TASK> [ 16.468569] [ 16.478702] Allocated by task 303: [ 16.479027] kasan_save_stack+0x45/0x70 [ 16.479248] kasan_save_track+0x18/0x40 [ 16.479546] kasan_save_alloc_info+0x3b/0x50 [ 16.479874] __kasan_kmalloc+0xb7/0xc0 [ 16.480039] __kmalloc_noprof+0x1c9/0x500 [ 16.480370] kunit_kmalloc_array+0x25/0x60 [ 16.480657] copy_user_test_oob+0xab/0x10f0 [ 16.481017] kunit_try_run_case+0x1a5/0x480 [ 16.481220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.481538] kthread+0x337/0x6f0 [ 16.481731] ret_from_fork+0x116/0x1d0 [ 16.482018] ret_from_fork_asm+0x1a/0x30 [ 16.482203] [ 16.482281] The buggy address belongs to the object at ffff888102ad4e00 [ 16.482281] which belongs to the cache kmalloc-128 of size 128 [ 16.483135] The buggy address is located 0 bytes inside of [ 16.483135] allocated 120-byte region [ffff888102ad4e00, ffff888102ad4e78) [ 16.483695] [ 16.483802] The buggy address belongs to the physical page: [ 16.484219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 16.484629] flags: 0x200000000000000(node=0|zone=2) [ 16.485012] page_type: f5(slab) [ 16.485181] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.485665] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.486109] page dumped because: kasan: bad access detected [ 16.486420] [ 16.486519] Memory state around the buggy address: [ 16.486730] ffff888102ad4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.487222] ffff888102ad4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.487742] >ffff888102ad4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.488256] ^ [ 16.488558] ffff888102ad4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.488887] ffff888102ad4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.489410] ==================================================================