Date
May 13, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.349574] ================================================================== [ 22.349645] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 22.349724] Write of size 121 at addr fff00000c6620c00 by task kunit_try_catch/285 [ 22.349787] [ 22.349849] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.349952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.350000] Hardware name: linux,dummy-virt (DT) [ 22.350040] Call trace: [ 22.350070] show_stack+0x20/0x38 (C) [ 22.350269] dump_stack_lvl+0x8c/0xd0 [ 22.350351] print_report+0x118/0x608 [ 22.350408] kasan_report+0xdc/0x128 [ 22.350472] kasan_check_range+0x100/0x1a8 [ 22.350532] __kasan_check_write+0x20/0x30 [ 22.350593] strncpy_from_user+0x3c/0x2a0 [ 22.350647] copy_user_test_oob+0x5c0/0xec8 [ 22.350760] kunit_try_run_case+0x170/0x3f0 [ 22.350819] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.350894] kthread+0x328/0x630 [ 22.350948] ret_from_fork+0x10/0x20 [ 22.351095] [ 22.351122] Allocated by task 285: [ 22.351159] kasan_save_stack+0x3c/0x68 [ 22.351207] kasan_save_track+0x20/0x40 [ 22.351248] kasan_save_alloc_info+0x40/0x58 [ 22.351420] __kasan_kmalloc+0xd4/0xd8 [ 22.351466] __kmalloc_noprof+0x190/0x4d0 [ 22.351510] kunit_kmalloc_array+0x34/0x88 [ 22.351568] copy_user_test_oob+0xac/0xec8 [ 22.351667] kunit_try_run_case+0x170/0x3f0 [ 22.351824] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.351880] kthread+0x328/0x630 [ 22.351923] ret_from_fork+0x10/0x20 [ 22.351964] [ 22.351998] The buggy address belongs to the object at fff00000c6620c00 [ 22.351998] which belongs to the cache kmalloc-128 of size 128 [ 22.352086] The buggy address is located 0 bytes inside of [ 22.352086] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.352188] [ 22.352224] The buggy address belongs to the physical page: [ 22.352263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.352322] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.352376] page_type: f5(slab) [ 22.352424] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.352509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.352628] page dumped because: kasan: bad access detected [ 22.352670] [ 22.352691] Memory state around the buggy address: [ 22.352728] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.352823] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.352876] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.352920] ^ [ 22.353116] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.353192] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.353289] ================================================================== [ 22.353663] ================================================================== [ 22.353720] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 22.353785] Write of size 1 at addr fff00000c6620c78 by task kunit_try_catch/285 [ 22.353865] [ 22.353904] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 22.354019] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.354054] Hardware name: linux,dummy-virt (DT) [ 22.354094] Call trace: [ 22.354126] show_stack+0x20/0x38 (C) [ 22.354185] dump_stack_lvl+0x8c/0xd0 [ 22.354239] print_report+0x118/0x608 [ 22.354291] kasan_report+0xdc/0x128 [ 22.354344] __asan_report_store1_noabort+0x20/0x30 [ 22.354402] strncpy_from_user+0x270/0x2a0 [ 22.354998] copy_user_test_oob+0x5c0/0xec8 [ 22.355163] kunit_try_run_case+0x170/0x3f0 [ 22.355279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.355341] kthread+0x328/0x630 [ 22.355555] ret_from_fork+0x10/0x20 [ 22.355626] [ 22.355654] Allocated by task 285: [ 22.355689] kasan_save_stack+0x3c/0x68 [ 22.355738] kasan_save_track+0x20/0x40 [ 22.355783] kasan_save_alloc_info+0x40/0x58 [ 22.355865] __kasan_kmalloc+0xd4/0xd8 [ 22.355965] __kmalloc_noprof+0x190/0x4d0 [ 22.356021] kunit_kmalloc_array+0x34/0x88 [ 22.356076] copy_user_test_oob+0xac/0xec8 [ 22.356182] kunit_try_run_case+0x170/0x3f0 [ 22.356248] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.356299] kthread+0x328/0x630 [ 22.356338] ret_from_fork+0x10/0x20 [ 22.356468] [ 22.356538] The buggy address belongs to the object at fff00000c6620c00 [ 22.356538] which belongs to the cache kmalloc-128 of size 128 [ 22.356612] The buggy address is located 0 bytes to the right of [ 22.356612] allocated 120-byte region [fff00000c6620c00, fff00000c6620c78) [ 22.356682] [ 22.356707] The buggy address belongs to the physical page: [ 22.356743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 22.356799] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.356851] page_type: f5(slab) [ 22.356897] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.356954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.357850] page dumped because: kasan: bad access detected [ 22.358421] [ 22.358770] Memory state around the buggy address: [ 22.358835] fff00000c6620b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.358906] fff00000c6620b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.358961] >fff00000c6620c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.359023] ^ [ 22.359076] fff00000c6620c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.359128] fff00000c6620d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.359174] ==================================================================
[ 15.311280] ================================================================== [ 15.311914] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.312341] Write of size 1 at addr ffff8881029cec78 by task kunit_try_catch/302 [ 15.312681] [ 15.312946] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.312996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.313010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.313032] Call Trace: [ 15.313048] <TASK> [ 15.313064] dump_stack_lvl+0x73/0xb0 [ 15.313163] print_report+0xd1/0x650 [ 15.313196] ? __virt_addr_valid+0x1db/0x2d0 [ 15.313221] ? strncpy_from_user+0x1a5/0x1d0 [ 15.313245] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.313269] ? strncpy_from_user+0x1a5/0x1d0 [ 15.313293] kasan_report+0x141/0x180 [ 15.313317] ? strncpy_from_user+0x1a5/0x1d0 [ 15.313348] __asan_report_store1_noabort+0x1b/0x30 [ 15.313371] strncpy_from_user+0x1a5/0x1d0 [ 15.313398] copy_user_test_oob+0x760/0x10f0 [ 15.313422] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.313442] ? finish_task_switch.isra.0+0x153/0x700 [ 15.313465] ? __switch_to+0x47/0xf50 [ 15.313491] ? __schedule+0x10cc/0x2b60 [ 15.313513] ? __pfx_read_tsc+0x10/0x10 [ 15.313534] ? ktime_get_ts64+0x86/0x230 [ 15.313559] kunit_try_run_case+0x1a5/0x480 [ 15.313583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.313606] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.313642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.313667] ? __kthread_parkme+0x82/0x180 [ 15.313690] ? preempt_count_sub+0x50/0x80 [ 15.313714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.313739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.313763] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.313787] kthread+0x337/0x6f0 [ 15.313807] ? trace_preempt_on+0x20/0xc0 [ 15.313832] ? __pfx_kthread+0x10/0x10 [ 15.313853] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.313875] ? calculate_sigpending+0x7b/0xa0 [ 15.313899] ? __pfx_kthread+0x10/0x10 [ 15.313921] ret_from_fork+0x116/0x1d0 [ 15.313940] ? __pfx_kthread+0x10/0x10 [ 15.313962] ret_from_fork_asm+0x1a/0x30 [ 15.313994] </TASK> [ 15.314005] [ 15.323580] Allocated by task 302: [ 15.323888] kasan_save_stack+0x45/0x70 [ 15.324047] kasan_save_track+0x18/0x40 [ 15.324365] kasan_save_alloc_info+0x3b/0x50 [ 15.324696] __kasan_kmalloc+0xb7/0xc0 [ 15.324842] __kmalloc_noprof+0x1c9/0x500 [ 15.325163] kunit_kmalloc_array+0x25/0x60 [ 15.325413] copy_user_test_oob+0xab/0x10f0 [ 15.325756] kunit_try_run_case+0x1a5/0x480 [ 15.325968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.326297] kthread+0x337/0x6f0 [ 15.326450] ret_from_fork+0x116/0x1d0 [ 15.326648] ret_from_fork_asm+0x1a/0x30 [ 15.326840] [ 15.326932] The buggy address belongs to the object at ffff8881029cec00 [ 15.326932] which belongs to the cache kmalloc-128 of size 128 [ 15.327710] The buggy address is located 0 bytes to the right of [ 15.327710] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.328270] [ 15.328498] The buggy address belongs to the physical page: [ 15.328720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.329165] flags: 0x200000000000000(node=0|zone=2) [ 15.329472] page_type: f5(slab) [ 15.329606] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.330040] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.330574] page dumped because: kasan: bad access detected [ 15.330888] [ 15.330969] Memory state around the buggy address: [ 15.331339] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.331670] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.331981] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.332508] ^ [ 15.332804] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.333182] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.333554] ================================================================== [ 15.287119] ================================================================== [ 15.287730] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.288131] Write of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.288534] [ 15.288843] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.288977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.288994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.289017] Call Trace: [ 15.289031] <TASK> [ 15.289047] dump_stack_lvl+0x73/0xb0 [ 15.289076] print_report+0xd1/0x650 [ 15.289101] ? __virt_addr_valid+0x1db/0x2d0 [ 15.289125] ? strncpy_from_user+0x2e/0x1d0 [ 15.289149] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.289173] ? strncpy_from_user+0x2e/0x1d0 [ 15.289199] kasan_report+0x141/0x180 [ 15.289223] ? strncpy_from_user+0x2e/0x1d0 [ 15.289251] kasan_check_range+0x10c/0x1c0 [ 15.289277] __kasan_check_write+0x18/0x20 [ 15.289297] strncpy_from_user+0x2e/0x1d0 [ 15.289320] ? __kasan_check_read+0x15/0x20 [ 15.289343] copy_user_test_oob+0x760/0x10f0 [ 15.289366] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.289387] ? finish_task_switch.isra.0+0x153/0x700 [ 15.289410] ? __switch_to+0x47/0xf50 [ 15.289436] ? __schedule+0x10cc/0x2b60 [ 15.289458] ? __pfx_read_tsc+0x10/0x10 [ 15.289479] ? ktime_get_ts64+0x86/0x230 [ 15.289504] kunit_try_run_case+0x1a5/0x480 [ 15.289529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.289551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.289573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.289596] ? __kthread_parkme+0x82/0x180 [ 15.289631] ? preempt_count_sub+0x50/0x80 [ 15.289655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.289680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.289704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.289727] kthread+0x337/0x6f0 [ 15.289749] ? trace_preempt_on+0x20/0xc0 [ 15.289773] ? __pfx_kthread+0x10/0x10 [ 15.289795] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.289816] ? calculate_sigpending+0x7b/0xa0 [ 15.289841] ? __pfx_kthread+0x10/0x10 [ 15.289864] ret_from_fork+0x116/0x1d0 [ 15.289883] ? __pfx_kthread+0x10/0x10 [ 15.289905] ret_from_fork_asm+0x1a/0x30 [ 15.289936] </TASK> [ 15.289948] [ 15.299982] Allocated by task 302: [ 15.300153] kasan_save_stack+0x45/0x70 [ 15.300691] kasan_save_track+0x18/0x40 [ 15.300860] kasan_save_alloc_info+0x3b/0x50 [ 15.301200] __kasan_kmalloc+0xb7/0xc0 [ 15.301479] __kmalloc_noprof+0x1c9/0x500 [ 15.301681] kunit_kmalloc_array+0x25/0x60 [ 15.301979] copy_user_test_oob+0xab/0x10f0 [ 15.302324] kunit_try_run_case+0x1a5/0x480 [ 15.302684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.302998] kthread+0x337/0x6f0 [ 15.303169] ret_from_fork+0x116/0x1d0 [ 15.303496] ret_from_fork_asm+0x1a/0x30 [ 15.303779] [ 15.303859] The buggy address belongs to the object at ffff8881029cec00 [ 15.303859] which belongs to the cache kmalloc-128 of size 128 [ 15.304599] The buggy address is located 0 bytes inside of [ 15.304599] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.305165] [ 15.305271] The buggy address belongs to the physical page: [ 15.305496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.305855] flags: 0x200000000000000(node=0|zone=2) [ 15.306071] page_type: f5(slab) [ 15.306245] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.306568] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.307310] page dumped because: kasan: bad access detected [ 15.307638] [ 15.307742] Memory state around the buggy address: [ 15.308089] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.308551] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.308970] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.309455] ^ [ 15.309835] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.310253] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.310638] ==================================================================