Date
March 19, 2025, 10:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.922603] ================================================================== [ 39.922752] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 39.924429] Write of size 1 at addr fff00000c5dbd078 by task kunit_try_catch/287 [ 39.925075] [ 39.925188] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.925893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.926012] Hardware name: linux,dummy-virt (DT) [ 39.926488] Call trace: [ 39.926649] show_stack+0x20/0x38 (C) [ 39.927132] dump_stack_lvl+0x8c/0xd0 [ 39.927353] print_report+0x118/0x5f0 [ 39.927534] kasan_report+0xc8/0x118 [ 39.927688] __asan_report_store1_noabort+0x20/0x30 [ 39.928419] strncpy_from_user+0x270/0x2a0 [ 39.928727] copy_user_test_oob+0x5c0/0xec0 [ 39.929434] kunit_try_run_case+0x14c/0x3d0 [ 39.929874] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.930205] kthread+0x318/0x618 [ 39.930454] ret_from_fork+0x10/0x20 [ 39.930636] [ 39.930703] Allocated by task 287: [ 39.930790] kasan_save_stack+0x3c/0x68 [ 39.930958] kasan_save_track+0x20/0x40 [ 39.931112] kasan_save_alloc_info+0x40/0x58 [ 39.931540] __kasan_kmalloc+0xd4/0xd8 [ 39.931693] __kmalloc_noprof+0x188/0x4c8 [ 39.931823] kunit_kmalloc_array+0x34/0x88 [ 39.931972] copy_user_test_oob+0xac/0xec0 [ 39.932131] kunit_try_run_case+0x14c/0x3d0 [ 39.932468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.932930] kthread+0x318/0x618 [ 39.933176] ret_from_fork+0x10/0x20 [ 39.933355] [ 39.933425] The buggy address belongs to the object at fff00000c5dbd000 [ 39.933425] which belongs to the cache kmalloc-128 of size 128 [ 39.933640] The buggy address is located 0 bytes to the right of [ 39.933640] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.933858] [ 39.933936] The buggy address belongs to the physical page: [ 39.934040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.934715] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.934960] page_type: f5(slab) [ 39.935137] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.935313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.935469] page dumped because: kasan: bad access detected [ 39.935603] [ 39.935667] Memory state around the buggy address: [ 39.935776] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.935982] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.936576] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.937180] ^ [ 39.937688] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.938008] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.938243] ================================================================== [ 39.900088] ================================================================== [ 39.900242] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 39.901186] Write of size 121 at addr fff00000c5dbd000 by task kunit_try_catch/287 [ 39.901752] [ 39.902088] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 39.902618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.903124] Hardware name: linux,dummy-virt (DT) [ 39.903267] Call trace: [ 39.903344] show_stack+0x20/0x38 (C) [ 39.903509] dump_stack_lvl+0x8c/0xd0 [ 39.903666] print_report+0x118/0x5f0 [ 39.905503] kasan_report+0xc8/0x118 [ 39.906266] kasan_check_range+0x100/0x1a8 [ 39.906456] __kasan_check_write+0x20/0x30 [ 39.906625] strncpy_from_user+0x3c/0x2a0 [ 39.906789] copy_user_test_oob+0x5c0/0xec0 [ 39.907273] kunit_try_run_case+0x14c/0x3d0 [ 39.908105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.908632] kthread+0x318/0x618 [ 39.909085] ret_from_fork+0x10/0x20 [ 39.909294] [ 39.909829] Allocated by task 287: [ 39.909957] kasan_save_stack+0x3c/0x68 [ 39.910379] kasan_save_track+0x20/0x40 [ 39.910772] kasan_save_alloc_info+0x40/0x58 [ 39.910960] __kasan_kmalloc+0xd4/0xd8 [ 39.911406] __kmalloc_noprof+0x188/0x4c8 [ 39.911553] kunit_kmalloc_array+0x34/0x88 [ 39.911977] copy_user_test_oob+0xac/0xec0 [ 39.912710] kunit_try_run_case+0x14c/0x3d0 [ 39.912920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.913097] kthread+0x318/0x618 [ 39.913218] ret_from_fork+0x10/0x20 [ 39.913342] [ 39.913410] The buggy address belongs to the object at fff00000c5dbd000 [ 39.913410] which belongs to the cache kmalloc-128 of size 128 [ 39.913615] The buggy address is located 0 bytes inside of [ 39.913615] allocated 120-byte region [fff00000c5dbd000, fff00000c5dbd078) [ 39.914817] [ 39.914898] The buggy address belongs to the physical page: [ 39.915595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105dbd [ 39.916067] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.916237] page_type: f5(slab) [ 39.917093] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.917717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.918175] page dumped because: kasan: bad access detected [ 39.918302] [ 39.918364] Memory state around the buggy address: [ 39.918729] fff00000c5dbcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.919384] fff00000c5dbcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.919553] >fff00000c5dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.919698] ^ [ 39.919838] fff00000c5dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.919994] fff00000c5dbd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.920419] ==================================================================
[ 29.162632] ================================================================== [ 29.164352] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 29.165023] Write of size 1 at addr ffff88810305ae78 by task kunit_try_catch/306 [ 29.165683] [ 29.166816] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 29.166909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.166932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.166963] Call Trace: [ 29.166985] <TASK> [ 29.167006] dump_stack_lvl+0x73/0xb0 [ 29.167048] print_report+0xd1/0x660 [ 29.167083] ? __virt_addr_valid+0x1db/0x2d0 [ 29.167174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.167215] kasan_report+0x104/0x140 [ 29.167247] ? strncpy_from_user+0x1a5/0x1d0 [ 29.167285] ? strncpy_from_user+0x1a5/0x1d0 [ 29.167328] __asan_report_store1_noabort+0x1b/0x30 [ 29.167362] strncpy_from_user+0x1a5/0x1d0 [ 29.167401] copy_user_test_oob+0x760/0x1130 [ 29.167442] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.167477] ? finish_task_switch.isra.0+0x153/0x730 [ 29.167511] ? __switch_to+0x5d9/0xf70 [ 29.167551] ? __schedule+0xd46/0x29c0 [ 29.167593] ? __pfx_read_tsc+0x10/0x10 [ 29.167642] ? ktime_get_ts64+0x86/0x240 [ 29.167681] kunit_try_run_case+0x1b2/0x490 [ 29.167748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.167789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.167823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.167859] ? __kthread_parkme+0x82/0x160 [ 29.167894] ? preempt_count_sub+0x50/0x80 [ 29.167943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.167979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.168015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.168051] kthread+0x323/0x710 [ 29.168083] ? trace_preempt_on+0x20/0xc0 [ 29.168140] ? __pfx_kthread+0x10/0x10 [ 29.168175] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.168207] ? calculate_sigpending+0x7b/0xa0 [ 29.168240] ? __pfx_kthread+0x10/0x10 [ 29.168274] ret_from_fork+0x41/0x80 [ 29.168308] ? __pfx_kthread+0x10/0x10 [ 29.168342] ret_from_fork_asm+0x1a/0x30 [ 29.168391] </TASK> [ 29.168408] [ 29.187261] Allocated by task 306: [ 29.187625] kasan_save_stack+0x3d/0x60 [ 29.188095] kasan_save_track+0x18/0x40 [ 29.188504] kasan_save_alloc_info+0x3b/0x50 [ 29.188886] __kasan_kmalloc+0xb7/0xc0 [ 29.189325] __kmalloc_noprof+0x1c3/0x500 [ 29.189676] kunit_kmalloc_array+0x25/0x60 [ 29.191170] copy_user_test_oob+0xab/0x1130 [ 29.191574] kunit_try_run_case+0x1b2/0x490 [ 29.192349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.193043] kthread+0x323/0x710 [ 29.193457] ret_from_fork+0x41/0x80 [ 29.194262] ret_from_fork_asm+0x1a/0x30 [ 29.194757] [ 29.195001] The buggy address belongs to the object at ffff88810305ae00 [ 29.195001] which belongs to the cache kmalloc-128 of size 128 [ 29.195877] The buggy address is located 0 bytes to the right of [ 29.195877] allocated 120-byte region [ffff88810305ae00, ffff88810305ae78) [ 29.197471] [ 29.197940] The buggy address belongs to the physical page: [ 29.198651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 29.199300] flags: 0x200000000000000(node=0|zone=2) [ 29.199707] page_type: f5(slab) [ 29.200571] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.201572] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.202201] page dumped because: kasan: bad access detected [ 29.202691] [ 29.202877] Memory state around the buggy address: [ 29.204003] ffff88810305ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.204439] ffff88810305ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.205295] >ffff88810305ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.206053] ^ [ 29.206675] ffff88810305ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.207638] ffff88810305af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.208357] ================================================================== [ 29.121476] ================================================================== [ 29.122198] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 29.123578] Write of size 121 at addr ffff88810305ae00 by task kunit_try_catch/306 [ 29.124794] [ 29.124969] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 29.125049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.125082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.125152] Call Trace: [ 29.125188] <TASK> [ 29.125228] dump_stack_lvl+0x73/0xb0 [ 29.125343] print_report+0xd1/0x660 [ 29.125395] ? __virt_addr_valid+0x1db/0x2d0 [ 29.125484] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.125526] kasan_report+0x104/0x140 [ 29.125559] ? strncpy_from_user+0x2e/0x1d0 [ 29.125597] ? strncpy_from_user+0x2e/0x1d0 [ 29.125640] kasan_check_range+0x10c/0x1c0 [ 29.125678] __kasan_check_write+0x18/0x20 [ 29.125717] strncpy_from_user+0x2e/0x1d0 [ 29.125829] ? __kasan_check_read+0x15/0x20 [ 29.125899] copy_user_test_oob+0x760/0x1130 [ 29.125954] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.125991] ? finish_task_switch.isra.0+0x153/0x730 [ 29.126027] ? __switch_to+0x5d9/0xf70 [ 29.126068] ? __schedule+0xd46/0x29c0 [ 29.126102] ? __pfx_read_tsc+0x10/0x10 [ 29.126163] ? ktime_get_ts64+0x86/0x240 [ 29.126202] kunit_try_run_case+0x1b2/0x490 [ 29.126240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.126274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.126307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.126341] ? __kthread_parkme+0x82/0x160 [ 29.126375] ? preempt_count_sub+0x50/0x80 [ 29.126413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.126448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.126483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.126519] kthread+0x323/0x710 [ 29.126551] ? trace_preempt_on+0x20/0xc0 [ 29.126586] ? __pfx_kthread+0x10/0x10 [ 29.126620] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.126652] ? calculate_sigpending+0x7b/0xa0 [ 29.126685] ? __pfx_kthread+0x10/0x10 [ 29.126767] ret_from_fork+0x41/0x80 [ 29.126805] ? __pfx_kthread+0x10/0x10 [ 29.126840] ret_from_fork_asm+0x1a/0x30 [ 29.126889] </TASK> [ 29.126909] [ 29.140304] Allocated by task 306: [ 29.140542] kasan_save_stack+0x3d/0x60 [ 29.140822] kasan_save_track+0x18/0x40 [ 29.141104] kasan_save_alloc_info+0x3b/0x50 [ 29.141619] __kasan_kmalloc+0xb7/0xc0 [ 29.142231] __kmalloc_noprof+0x1c3/0x500 [ 29.142861] kunit_kmalloc_array+0x25/0x60 [ 29.143489] copy_user_test_oob+0xab/0x1130 [ 29.144137] kunit_try_run_case+0x1b2/0x490 [ 29.144594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.145402] kthread+0x323/0x710 [ 29.145818] ret_from_fork+0x41/0x80 [ 29.146163] ret_from_fork_asm+0x1a/0x30 [ 29.146581] [ 29.146756] The buggy address belongs to the object at ffff88810305ae00 [ 29.146756] which belongs to the cache kmalloc-128 of size 128 [ 29.147800] The buggy address is located 0 bytes inside of [ 29.147800] allocated 120-byte region [ffff88810305ae00, ffff88810305ae78) [ 29.148561] [ 29.148725] The buggy address belongs to the physical page: [ 29.149309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 29.150239] flags: 0x200000000000000(node=0|zone=2) [ 29.150789] page_type: f5(slab) [ 29.151196] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.151771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.152471] page dumped because: kasan: bad access detected [ 29.153584] [ 29.153991] Memory state around the buggy address: [ 29.154472] ffff88810305ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.154886] ffff88810305ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.155304] >ffff88810305ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.155713] ^ [ 29.155978] ffff88810305ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.158642] ffff88810305af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.160348] ==================================================================