Date
June 5, 2025, 7:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.664587] ================================================================== [ 30.665524] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 30.667176] Write of size 121 at addr fff00000c7719c00 by task kunit_try_catch/285 [ 30.667312] [ 30.669060] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.669854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.670360] Hardware name: linux,dummy-virt (DT) [ 30.670474] Call trace: [ 30.670548] show_stack+0x20/0x38 (C) [ 30.670685] dump_stack_lvl+0x8c/0xd0 [ 30.670827] print_report+0x118/0x608 [ 30.670961] kasan_report+0xdc/0x128 [ 30.671093] kasan_check_range+0x100/0x1a8 [ 30.671216] __kasan_check_write+0x20/0x30 [ 30.671354] strncpy_from_user+0x3c/0x2a0 [ 30.671474] copy_user_test_oob+0x5c0/0xec8 [ 30.671598] kunit_try_run_case+0x170/0x3f0 [ 30.671733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.671884] kthread+0x328/0x630 [ 30.672001] ret_from_fork+0x10/0x20 [ 30.680541] [ 30.680581] Allocated by task 285: [ 30.680626] kasan_save_stack+0x3c/0x68 [ 30.680749] kasan_save_track+0x20/0x40 [ 30.680871] kasan_save_alloc_info+0x40/0x58 [ 30.680989] __kasan_kmalloc+0xd4/0xd8 [ 30.681048] __kmalloc_noprof+0x198/0x4c8 [ 30.681099] kunit_kmalloc_array+0x34/0x88 [ 30.681153] copy_user_test_oob+0xac/0xec8 [ 30.681203] kunit_try_run_case+0x170/0x3f0 [ 30.681253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.681322] kthread+0x328/0x630 [ 30.681501] ret_from_fork+0x10/0x20 [ 30.681618] [ 30.681678] The buggy address belongs to the object at fff00000c7719c00 [ 30.681678] which belongs to the cache kmalloc-128 of size 128 [ 30.681847] The buggy address is located 0 bytes inside of [ 30.681847] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.682015] [ 30.682091] The buggy address belongs to the physical page: [ 30.682177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.682310] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.682508] page_type: f5(slab) [ 30.682610] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.682739] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.682867] page dumped because: kasan: bad access detected [ 30.683003] [ 30.683053] Memory state around the buggy address: [ 30.683149] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.683409] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.683542] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.683698] ^ [ 30.683864] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.684016] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.684174] ================================================================== [ 30.688189] ================================================================== [ 30.688345] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 30.688484] Write of size 1 at addr fff00000c7719c78 by task kunit_try_catch/285 [ 30.688730] [ 30.688909] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 30.689132] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.689255] Hardware name: linux,dummy-virt (DT) [ 30.689386] Call trace: [ 30.689498] show_stack+0x20/0x38 (C) [ 30.689645] dump_stack_lvl+0x8c/0xd0 [ 30.689779] print_report+0x118/0x608 [ 30.690028] kasan_report+0xdc/0x128 [ 30.690250] __asan_report_store1_noabort+0x20/0x30 [ 30.690548] strncpy_from_user+0x270/0x2a0 [ 30.690679] copy_user_test_oob+0x5c0/0xec8 [ 30.690869] kunit_try_run_case+0x170/0x3f0 [ 30.691022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.691374] kthread+0x328/0x630 [ 30.691495] ret_from_fork+0x10/0x20 [ 30.691648] [ 30.691763] Allocated by task 285: [ 30.691975] kasan_save_stack+0x3c/0x68 [ 30.692160] kasan_save_track+0x20/0x40 [ 30.692364] kasan_save_alloc_info+0x40/0x58 [ 30.692492] __kasan_kmalloc+0xd4/0xd8 [ 30.692626] __kmalloc_noprof+0x198/0x4c8 [ 30.692758] kunit_kmalloc_array+0x34/0x88 [ 30.693008] copy_user_test_oob+0xac/0xec8 [ 30.693188] kunit_try_run_case+0x170/0x3f0 [ 30.693527] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.693726] kthread+0x328/0x630 [ 30.693812] ret_from_fork+0x10/0x20 [ 30.693904] [ 30.693992] The buggy address belongs to the object at fff00000c7719c00 [ 30.693992] which belongs to the cache kmalloc-128 of size 128 [ 30.694270] The buggy address is located 0 bytes to the right of [ 30.694270] allocated 120-byte region [fff00000c7719c00, fff00000c7719c78) [ 30.694460] [ 30.694532] The buggy address belongs to the physical page: [ 30.694626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 30.694815] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.694956] page_type: f5(slab) [ 30.695075] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.695219] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.695457] page dumped because: kasan: bad access detected [ 30.695636] [ 30.695699] Memory state around the buggy address: [ 30.696218] fff00000c7719b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.696407] fff00000c7719b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.696860] >fff00000c7719c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.696974] ^ [ 30.697121] fff00000c7719c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.697241] fff00000c7719d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.697387] ==================================================================
[ 15.654463] ================================================================== [ 15.655132] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.655433] Write of size 1 at addr ffff888102b2dc78 by task kunit_try_catch/302 [ 15.655793] [ 15.655913] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 15.655967] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.655980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.656001] Call Trace: [ 15.656016] <TASK> [ 15.656040] dump_stack_lvl+0x73/0xb0 [ 15.656066] print_report+0xd1/0x650 [ 15.656089] ? __virt_addr_valid+0x1db/0x2d0 [ 15.656123] ? strncpy_from_user+0x1a5/0x1d0 [ 15.656145] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.656172] ? strncpy_from_user+0x1a5/0x1d0 [ 15.656204] kasan_report+0x141/0x180 [ 15.656229] ? strncpy_from_user+0x1a5/0x1d0 [ 15.656256] __asan_report_store1_noabort+0x1b/0x30 [ 15.656280] strncpy_from_user+0x1a5/0x1d0 [ 15.656305] copy_user_test_oob+0x760/0x10f0 [ 15.656334] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.656360] ? finish_task_switch.isra.0+0x153/0x700 [ 15.656385] ? __switch_to+0x47/0xf50 [ 15.656413] ? __schedule+0x10cc/0x2b60 [ 15.656438] ? __pfx_read_tsc+0x10/0x10 [ 15.656461] ? ktime_get_ts64+0x86/0x230 [ 15.656486] kunit_try_run_case+0x1a5/0x480 [ 15.656510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.656532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.656560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.656587] ? __kthread_parkme+0x82/0x180 [ 15.656609] ? preempt_count_sub+0x50/0x80 [ 15.656645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.656677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.656705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.656744] kthread+0x337/0x6f0 [ 15.656766] ? trace_preempt_on+0x20/0xc0 [ 15.656791] ? __pfx_kthread+0x10/0x10 [ 15.656824] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.656849] ? calculate_sigpending+0x7b/0xa0 [ 15.656876] ? __pfx_kthread+0x10/0x10 [ 15.656915] ret_from_fork+0x116/0x1d0 [ 15.656936] ? __pfx_kthread+0x10/0x10 [ 15.656959] ret_from_fork_asm+0x1a/0x30 [ 15.657003] </TASK> [ 15.657014] [ 15.667096] Allocated by task 302: [ 15.667266] kasan_save_stack+0x45/0x70 [ 15.667437] kasan_save_track+0x18/0x40 [ 15.667616] kasan_save_alloc_info+0x3b/0x50 [ 15.668163] __kasan_kmalloc+0xb7/0xc0 [ 15.668471] __kmalloc_noprof+0x1c9/0x500 [ 15.668796] kunit_kmalloc_array+0x25/0x60 [ 15.669017] copy_user_test_oob+0xab/0x10f0 [ 15.669208] kunit_try_run_case+0x1a5/0x480 [ 15.669393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.669874] kthread+0x337/0x6f0 [ 15.670115] ret_from_fork+0x116/0x1d0 [ 15.670441] ret_from_fork_asm+0x1a/0x30 [ 15.670832] [ 15.670939] The buggy address belongs to the object at ffff888102b2dc00 [ 15.670939] which belongs to the cache kmalloc-128 of size 128 [ 15.671607] The buggy address is located 0 bytes to the right of [ 15.671607] allocated 120-byte region [ffff888102b2dc00, ffff888102b2dc78) [ 15.672109] [ 15.672198] The buggy address belongs to the physical page: [ 15.672413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2d [ 15.673122] flags: 0x200000000000000(node=0|zone=2) [ 15.673560] page_type: f5(slab) [ 15.673970] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.674491] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.675039] page dumped because: kasan: bad access detected [ 15.675277] [ 15.675367] Memory state around the buggy address: [ 15.675575] ffff888102b2db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.676513] ffff888102b2db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.677203] >ffff888102b2dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.677658] ^ [ 15.678116] ffff888102b2dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.678390] ffff888102b2dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.678944] ================================================================== [ 15.634802] ================================================================== [ 15.635198] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.635511] Write of size 121 at addr ffff888102b2dc00 by task kunit_try_catch/302 [ 15.636157] [ 15.636262] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 15.636303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.636314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.636335] Call Trace: [ 15.636350] <TASK> [ 15.636364] dump_stack_lvl+0x73/0xb0 [ 15.636388] print_report+0xd1/0x650 [ 15.636413] ? __virt_addr_valid+0x1db/0x2d0 [ 15.636438] ? strncpy_from_user+0x2e/0x1d0 [ 15.636460] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.636486] ? strncpy_from_user+0x2e/0x1d0 [ 15.636508] kasan_report+0x141/0x180 [ 15.636532] ? strncpy_from_user+0x2e/0x1d0 [ 15.636570] kasan_check_range+0x10c/0x1c0 [ 15.636596] __kasan_check_write+0x18/0x20 [ 15.636617] strncpy_from_user+0x2e/0x1d0 [ 15.636650] ? __kasan_check_read+0x15/0x20 [ 15.636682] copy_user_test_oob+0x760/0x10f0 [ 15.636710] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.636735] ? finish_task_switch.isra.0+0x153/0x700 [ 15.636760] ? __switch_to+0x47/0xf50 [ 15.636795] ? __schedule+0x10cc/0x2b60 [ 15.636821] ? __pfx_read_tsc+0x10/0x10 [ 15.636852] ? ktime_get_ts64+0x86/0x230 [ 15.636878] kunit_try_run_case+0x1a5/0x480 [ 15.636910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.636932] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.636967] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.636995] ? __kthread_parkme+0x82/0x180 [ 15.637027] ? preempt_count_sub+0x50/0x80 [ 15.637055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.637079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.637106] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.637143] kthread+0x337/0x6f0 [ 15.637164] ? trace_preempt_on+0x20/0xc0 [ 15.637198] ? __pfx_kthread+0x10/0x10 [ 15.637220] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.637245] ? calculate_sigpending+0x7b/0xa0 [ 15.637279] ? __pfx_kthread+0x10/0x10 [ 15.637302] ret_from_fork+0x116/0x1d0 [ 15.637323] ? __pfx_kthread+0x10/0x10 [ 15.637355] ret_from_fork_asm+0x1a/0x30 [ 15.637387] </TASK> [ 15.637398] [ 15.645393] Allocated by task 302: [ 15.645598] kasan_save_stack+0x45/0x70 [ 15.645763] kasan_save_track+0x18/0x40 [ 15.645913] kasan_save_alloc_info+0x3b/0x50 [ 15.646082] __kasan_kmalloc+0xb7/0xc0 [ 15.646243] __kmalloc_noprof+0x1c9/0x500 [ 15.646422] kunit_kmalloc_array+0x25/0x60 [ 15.646595] copy_user_test_oob+0xab/0x10f0 [ 15.646796] kunit_try_run_case+0x1a5/0x480 [ 15.647190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.647494] kthread+0x337/0x6f0 [ 15.647731] ret_from_fork+0x116/0x1d0 [ 15.648065] ret_from_fork_asm+0x1a/0x30 [ 15.648243] [ 15.648331] The buggy address belongs to the object at ffff888102b2dc00 [ 15.648331] which belongs to the cache kmalloc-128 of size 128 [ 15.648764] The buggy address is located 0 bytes inside of [ 15.648764] allocated 120-byte region [ffff888102b2dc00, ffff888102b2dc78) [ 15.649292] [ 15.649391] The buggy address belongs to the physical page: [ 15.649664] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2d [ 15.650036] flags: 0x200000000000000(node=0|zone=2) [ 15.650300] page_type: f5(slab) [ 15.650499] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.651116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.651356] page dumped because: kasan: bad access detected [ 15.651643] [ 15.651737] Memory state around the buggy address: [ 15.651938] ffff888102b2db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.652156] ffff888102b2db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.652374] >ffff888102b2dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.652718] ^ [ 15.653047] ffff888102b2dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.653389] ffff888102b2dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.653775] ==================================================================