Date
May 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.337614] ================================================================== [ 21.337739] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 21.337851] Write of size 1 at addr fff00000c7893378 by task kunit_try_catch/285 [ 21.338290] [ 21.338549] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.338808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.338866] Hardware name: linux,dummy-virt (DT) [ 21.338943] Call trace: [ 21.339152] show_stack+0x20/0x38 (C) [ 21.339395] dump_stack_lvl+0x8c/0xd0 [ 21.339551] print_report+0x118/0x608 [ 21.339656] kasan_report+0xdc/0x128 [ 21.339964] __asan_report_store1_noabort+0x20/0x30 [ 21.340091] strncpy_from_user+0x270/0x2a0 [ 21.340208] copy_user_test_oob+0x5c0/0xec8 [ 21.340316] kunit_try_run_case+0x170/0x3f0 [ 21.340463] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.340581] kthread+0x328/0x630 [ 21.340691] ret_from_fork+0x10/0x20 [ 21.340794] [ 21.340844] Allocated by task 285: [ 21.340906] kasan_save_stack+0x3c/0x68 [ 21.341006] kasan_save_track+0x20/0x40 [ 21.341269] kasan_save_alloc_info+0x40/0x58 [ 21.341473] __kasan_kmalloc+0xd4/0xd8 [ 21.341755] __kmalloc_noprof+0x190/0x4d0 [ 21.341987] kunit_kmalloc_array+0x34/0x88 [ 21.342074] copy_user_test_oob+0xac/0xec8 [ 21.342399] kunit_try_run_case+0x170/0x3f0 [ 21.342632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.342805] kthread+0x328/0x630 [ 21.342882] ret_from_fork+0x10/0x20 [ 21.342987] [ 21.343043] The buggy address belongs to the object at fff00000c7893300 [ 21.343043] which belongs to the cache kmalloc-128 of size 128 [ 21.343238] The buggy address is located 0 bytes to the right of [ 21.343238] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.343481] [ 21.343539] The buggy address belongs to the physical page: [ 21.343612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.343704] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.343833] page_type: f5(slab) [ 21.343922] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.344032] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.344129] page dumped because: kasan: bad access detected [ 21.344274] [ 21.344372] Memory state around the buggy address: [ 21.344478] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.344603] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.344739] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.344842] ^ [ 21.344979] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.345095] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.345197] ================================================================== [ 21.325635] ================================================================== [ 21.325747] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 21.325914] Write of size 121 at addr fff00000c7893300 by task kunit_try_catch/285 [ 21.326077] [ 21.326180] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 21.326404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.326466] Hardware name: linux,dummy-virt (DT) [ 21.326532] Call trace: [ 21.326807] show_stack+0x20/0x38 (C) [ 21.327147] dump_stack_lvl+0x8c/0xd0 [ 21.327375] print_report+0x118/0x608 [ 21.327515] kasan_report+0xdc/0x128 [ 21.327630] kasan_check_range+0x100/0x1a8 [ 21.328160] __kasan_check_write+0x20/0x30 [ 21.328288] strncpy_from_user+0x3c/0x2a0 [ 21.328751] copy_user_test_oob+0x5c0/0xec8 [ 21.328971] kunit_try_run_case+0x170/0x3f0 [ 21.329290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.329443] kthread+0x328/0x630 [ 21.329662] ret_from_fork+0x10/0x20 [ 21.329794] [ 21.329881] Allocated by task 285: [ 21.329948] kasan_save_stack+0x3c/0x68 [ 21.330036] kasan_save_track+0x20/0x40 [ 21.330113] kasan_save_alloc_info+0x40/0x58 [ 21.330201] __kasan_kmalloc+0xd4/0xd8 [ 21.330315] __kmalloc_noprof+0x190/0x4d0 [ 21.330707] kunit_kmalloc_array+0x34/0x88 [ 21.330982] copy_user_test_oob+0xac/0xec8 [ 21.331155] kunit_try_run_case+0x170/0x3f0 [ 21.331241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.331580] kthread+0x328/0x630 [ 21.331733] ret_from_fork+0x10/0x20 [ 21.331819] [ 21.332142] The buggy address belongs to the object at fff00000c7893300 [ 21.332142] which belongs to the cache kmalloc-128 of size 128 [ 21.332392] The buggy address is located 0 bytes inside of [ 21.332392] allocated 120-byte region [fff00000c7893300, fff00000c7893378) [ 21.332800] [ 21.332869] The buggy address belongs to the physical page: [ 21.333080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107893 [ 21.333833] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.333977] page_type: f5(slab) [ 21.334202] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.334383] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.334480] page dumped because: kasan: bad access detected [ 21.334813] [ 21.334859] Memory state around the buggy address: [ 21.334990] fff00000c7893200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.335256] fff00000c7893280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.335369] >fff00000c7893300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.335455] ^ [ 21.335531] fff00000c7893380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.335622] fff00000c7893400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.335711] ==================================================================
[ 15.175314] ================================================================== [ 15.175677] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.176135] Write of size 121 at addr ffff8881039b7800 by task kunit_try_catch/303 [ 15.176456] [ 15.176641] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 15.176687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.176699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.176722] Call Trace: [ 15.176737] <TASK> [ 15.176752] dump_stack_lvl+0x73/0xb0 [ 15.176779] print_report+0xd1/0x650 [ 15.176803] ? __virt_addr_valid+0x1db/0x2d0 [ 15.176826] ? strncpy_from_user+0x2e/0x1d0 [ 15.176848] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.176872] ? strncpy_from_user+0x2e/0x1d0 [ 15.176893] kasan_report+0x141/0x180 [ 15.176917] ? strncpy_from_user+0x2e/0x1d0 [ 15.176942] kasan_check_range+0x10c/0x1c0 [ 15.176967] __kasan_check_write+0x18/0x20 [ 15.176988] strncpy_from_user+0x2e/0x1d0 [ 15.177008] ? __kasan_check_read+0x15/0x20 [ 15.177054] copy_user_test_oob+0x760/0x10f0 [ 15.177082] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.177105] ? finish_task_switch.isra.0+0x153/0x700 [ 15.177128] ? __switch_to+0x47/0xf50 [ 15.177153] ? __schedule+0x10cc/0x2b60 [ 15.177178] ? __pfx_read_tsc+0x10/0x10 [ 15.177200] ? ktime_get_ts64+0x86/0x230 [ 15.177224] kunit_try_run_case+0x1a5/0x480 [ 15.177246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.177267] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.177292] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.177317] ? __kthread_parkme+0x82/0x180 [ 15.177338] ? preempt_count_sub+0x50/0x80 [ 15.177362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.177395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.177420] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.177446] kthread+0x337/0x6f0 [ 15.177466] ? trace_preempt_on+0x20/0xc0 [ 15.177490] ? __pfx_kthread+0x10/0x10 [ 15.177529] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.177554] ? calculate_sigpending+0x7b/0xa0 [ 15.177578] ? __pfx_kthread+0x10/0x10 [ 15.177600] ret_from_fork+0x116/0x1d0 [ 15.177620] ? __pfx_kthread+0x10/0x10 [ 15.177642] ret_from_fork_asm+0x1a/0x30 [ 15.177672] </TASK> [ 15.177684] [ 15.185403] Allocated by task 303: [ 15.185536] kasan_save_stack+0x45/0x70 [ 15.185866] kasan_save_track+0x18/0x40 [ 15.186075] kasan_save_alloc_info+0x3b/0x50 [ 15.186269] __kasan_kmalloc+0xb7/0xc0 [ 15.186474] __kmalloc_noprof+0x1c9/0x500 [ 15.186758] kunit_kmalloc_array+0x25/0x60 [ 15.187001] copy_user_test_oob+0xab/0x10f0 [ 15.187239] kunit_try_run_case+0x1a5/0x480 [ 15.187457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.187698] kthread+0x337/0x6f0 [ 15.187918] ret_from_fork+0x116/0x1d0 [ 15.188118] ret_from_fork_asm+0x1a/0x30 [ 15.188287] [ 15.188359] The buggy address belongs to the object at ffff8881039b7800 [ 15.188359] which belongs to the cache kmalloc-128 of size 128 [ 15.188735] The buggy address is located 0 bytes inside of [ 15.188735] allocated 120-byte region [ffff8881039b7800, ffff8881039b7878) [ 15.189339] [ 15.189515] The buggy address belongs to the physical page: [ 15.189923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7 [ 15.190338] flags: 0x200000000000000(node=0|zone=2) [ 15.190632] page_type: f5(slab) [ 15.190822] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.191057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.191286] page dumped because: kasan: bad access detected [ 15.191588] [ 15.191723] Memory state around the buggy address: [ 15.191952] ffff8881039b7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.192306] ffff8881039b7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.192603] >ffff8881039b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.192988] ^ [ 15.193263] ffff8881039b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.193573] ffff8881039b7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.194059] ================================================================== [ 15.194608] ================================================================== [ 15.194873] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.195510] Write of size 1 at addr ffff8881039b7878 by task kunit_try_catch/303 [ 15.195750] [ 15.195835] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 15.195879] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.195892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.195949] Call Trace: [ 15.195966] <TASK> [ 15.195983] dump_stack_lvl+0x73/0xb0 [ 15.196010] print_report+0xd1/0x650 [ 15.196036] ? __virt_addr_valid+0x1db/0x2d0 [ 15.196060] ? strncpy_from_user+0x1a5/0x1d0 [ 15.196082] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.196143] ? strncpy_from_user+0x1a5/0x1d0 [ 15.196167] kasan_report+0x141/0x180 [ 15.196191] ? strncpy_from_user+0x1a5/0x1d0 [ 15.196218] __asan_report_store1_noabort+0x1b/0x30 [ 15.196272] strncpy_from_user+0x1a5/0x1d0 [ 15.196296] copy_user_test_oob+0x760/0x10f0 [ 15.196323] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.196347] ? finish_task_switch.isra.0+0x153/0x700 [ 15.196371] ? __switch_to+0x47/0xf50 [ 15.196438] ? __schedule+0x10cc/0x2b60 [ 15.196463] ? __pfx_read_tsc+0x10/0x10 [ 15.196486] ? ktime_get_ts64+0x86/0x230 [ 15.196512] kunit_try_run_case+0x1a5/0x480 [ 15.196534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.196554] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.196579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.196605] ? __kthread_parkme+0x82/0x180 [ 15.196626] ? preempt_count_sub+0x50/0x80 [ 15.196649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.196673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.196727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.196754] kthread+0x337/0x6f0 [ 15.196775] ? trace_preempt_on+0x20/0xc0 [ 15.196814] ? __pfx_kthread+0x10/0x10 [ 15.196835] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.196892] ? calculate_sigpending+0x7b/0xa0 [ 15.196917] ? __pfx_kthread+0x10/0x10 [ 15.196940] ret_from_fork+0x116/0x1d0 [ 15.196960] ? __pfx_kthread+0x10/0x10 [ 15.196982] ret_from_fork_asm+0x1a/0x30 [ 15.197045] </TASK> [ 15.197056] [ 15.205252] Allocated by task 303: [ 15.205491] kasan_save_stack+0x45/0x70 [ 15.205827] kasan_save_track+0x18/0x40 [ 15.206033] kasan_save_alloc_info+0x3b/0x50 [ 15.206244] __kasan_kmalloc+0xb7/0xc0 [ 15.206445] __kmalloc_noprof+0x1c9/0x500 [ 15.206647] kunit_kmalloc_array+0x25/0x60 [ 15.206913] copy_user_test_oob+0xab/0x10f0 [ 15.207129] kunit_try_run_case+0x1a5/0x480 [ 15.207338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.207527] kthread+0x337/0x6f0 [ 15.207669] ret_from_fork+0x116/0x1d0 [ 15.208039] ret_from_fork_asm+0x1a/0x30 [ 15.208300] [ 15.208412] The buggy address belongs to the object at ffff8881039b7800 [ 15.208412] which belongs to the cache kmalloc-128 of size 128 [ 15.209065] The buggy address is located 0 bytes to the right of [ 15.209065] allocated 120-byte region [ffff8881039b7800, ffff8881039b7878) [ 15.209627] [ 15.209733] The buggy address belongs to the physical page: [ 15.209988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7 [ 15.210386] flags: 0x200000000000000(node=0|zone=2) [ 15.210641] page_type: f5(slab) [ 15.210813] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.211174] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.211513] page dumped because: kasan: bad access detected [ 15.211811] [ 15.211941] Memory state around the buggy address: [ 15.212174] ffff8881039b7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.212501] ffff8881039b7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.212858] >ffff8881039b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.213164] ^ [ 15.213526] ffff8881039b7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.213874] ffff8881039b7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.214202] ==================================================================