Date
June 19, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.788186] ================================================================== [ 34.788321] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 34.789499] Write of size 121 at addr fff00000c7741400 by task kunit_try_catch/296 [ 34.789741] [ 34.790361] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.790791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.790982] Hardware name: linux,dummy-virt (DT) [ 34.791097] Call trace: [ 34.791233] show_stack+0x20/0x38 (C) [ 34.791621] dump_stack_lvl+0x8c/0xd0 [ 34.792011] print_report+0x118/0x608 [ 34.792178] kasan_report+0xdc/0x128 [ 34.792492] kasan_check_range+0x100/0x1a8 [ 34.792626] __kasan_check_write+0x20/0x30 [ 34.793161] strncpy_from_user+0x3c/0x2a0 [ 34.793523] copy_user_test_oob+0x5c0/0xec8 [ 34.793714] kunit_try_run_case+0x170/0x3f0 [ 34.794150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.794290] kthread+0x328/0x630 [ 34.794382] ret_from_fork+0x10/0x20 [ 34.794499] [ 34.794547] Allocated by task 296: [ 34.794621] kasan_save_stack+0x3c/0x68 [ 34.794734] kasan_save_track+0x20/0x40 [ 34.795935] kasan_save_alloc_info+0x40/0x58 [ 34.796083] __kasan_kmalloc+0xd4/0xd8 [ 34.796186] __kmalloc_noprof+0x198/0x4c8 [ 34.796282] kunit_kmalloc_array+0x34/0x88 [ 34.796378] copy_user_test_oob+0xac/0xec8 [ 34.796481] kunit_try_run_case+0x170/0x3f0 [ 34.796583] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.797335] kthread+0x328/0x630 [ 34.797990] ret_from_fork+0x10/0x20 [ 34.798416] [ 34.798480] The buggy address belongs to the object at fff00000c7741400 [ 34.798480] which belongs to the cache kmalloc-128 of size 128 [ 34.798642] The buggy address is located 0 bytes inside of [ 34.798642] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.798775] [ 34.798818] The buggy address belongs to the physical page: [ 34.799841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.800378] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.800599] page_type: f5(slab) [ 34.800734] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.800893] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.801011] page dumped because: kasan: bad access detected [ 34.801098] [ 34.801891] Memory state around the buggy address: [ 34.802369] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.802682] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.803039] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.803176] ^ [ 34.803485] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.803671] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.803833] ================================================================== [ 34.807008] ================================================================== [ 34.807139] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 34.807551] Write of size 1 at addr fff00000c7741478 by task kunit_try_catch/296 [ 34.808005] [ 34.808166] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.808819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.808918] Hardware name: linux,dummy-virt (DT) [ 34.809010] Call trace: [ 34.809072] show_stack+0x20/0x38 (C) [ 34.809213] dump_stack_lvl+0x8c/0xd0 [ 34.809728] print_report+0x118/0x608 [ 34.809911] kasan_report+0xdc/0x128 [ 34.810036] __asan_report_store1_noabort+0x20/0x30 [ 34.810915] strncpy_from_user+0x270/0x2a0 [ 34.811153] copy_user_test_oob+0x5c0/0xec8 [ 34.811350] kunit_try_run_case+0x170/0x3f0 [ 34.811800] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.812088] kthread+0x328/0x630 [ 34.812208] ret_from_fork+0x10/0x20 [ 34.812762] [ 34.812888] Allocated by task 296: [ 34.813054] kasan_save_stack+0x3c/0x68 [ 34.813369] kasan_save_track+0x20/0x40 [ 34.813532] kasan_save_alloc_info+0x40/0x58 [ 34.813808] __kasan_kmalloc+0xd4/0xd8 [ 34.814437] __kmalloc_noprof+0x198/0x4c8 [ 34.814743] kunit_kmalloc_array+0x34/0x88 [ 34.814849] copy_user_test_oob+0xac/0xec8 [ 34.814961] kunit_try_run_case+0x170/0x3f0 [ 34.815293] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.815829] kthread+0x328/0x630 [ 34.815942] ret_from_fork+0x10/0x20 [ 34.816057] [ 34.816114] The buggy address belongs to the object at fff00000c7741400 [ 34.816114] which belongs to the cache kmalloc-128 of size 128 [ 34.816723] The buggy address is located 0 bytes to the right of [ 34.816723] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.817497] [ 34.817996] The buggy address belongs to the physical page: [ 34.818356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.818850] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.819051] page_type: f5(slab) [ 34.819156] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.819292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.819404] page dumped because: kasan: bad access detected [ 34.819493] [ 34.819543] Memory state around the buggy address: [ 34.821425] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.821896] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.822428] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.822908] ^ [ 34.823033] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.823145] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.823585] ==================================================================
[ 30.599296] ================================================================== [ 30.599897] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 30.600746] Write of size 1 at addr ffff888103782f78 by task kunit_try_catch/314 [ 30.601435] [ 30.601602] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.601725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.601754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.601801] Call Trace: [ 30.601850] <TASK> [ 30.601894] dump_stack_lvl+0x73/0xb0 [ 30.601967] print_report+0xd1/0x650 [ 30.602017] ? __virt_addr_valid+0x1db/0x2d0 [ 30.602070] ? strncpy_from_user+0x1a5/0x1d0 [ 30.602141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.602200] ? strncpy_from_user+0x1a5/0x1d0 [ 30.602256] kasan_report+0x141/0x180 [ 30.602309] ? strncpy_from_user+0x1a5/0x1d0 [ 30.602374] __asan_report_store1_noabort+0x1b/0x30 [ 30.602433] strncpy_from_user+0x1a5/0x1d0 [ 30.602493] copy_user_test_oob+0x760/0x10f0 [ 30.602555] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.602609] ? finish_task_switch.isra.0+0x153/0x700 [ 30.602663] ? __switch_to+0x47/0xf50 [ 30.602723] ? __schedule+0x10cc/0x2b60 [ 30.602779] ? __pfx_read_tsc+0x10/0x10 [ 30.602830] ? ktime_get_ts64+0x86/0x230 [ 30.602893] kunit_try_run_case+0x1a5/0x480 [ 30.602951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.603003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.603058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.603120] ? __kthread_parkme+0x82/0x180 [ 30.603169] ? preempt_count_sub+0x50/0x80 [ 30.603223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.603277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.603332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.603405] kthread+0x337/0x6f0 [ 30.603451] ? trace_preempt_on+0x20/0xc0 [ 30.603507] ? __pfx_kthread+0x10/0x10 [ 30.603558] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.603613] ? calculate_sigpending+0x7b/0xa0 [ 30.603670] ? __pfx_kthread+0x10/0x10 [ 30.603726] ret_from_fork+0x116/0x1d0 [ 30.603774] ? __pfx_kthread+0x10/0x10 [ 30.603826] ret_from_fork_asm+0x1a/0x30 [ 30.603903] </TASK> [ 30.603931] [ 30.617353] Allocated by task 314: [ 30.617838] kasan_save_stack+0x45/0x70 [ 30.618269] kasan_save_track+0x18/0x40 [ 30.618469] kasan_save_alloc_info+0x3b/0x50 [ 30.618667] __kasan_kmalloc+0xb7/0xc0 [ 30.618875] __kmalloc_noprof+0x1c9/0x500 [ 30.619241] kunit_kmalloc_array+0x25/0x60 [ 30.619594] copy_user_test_oob+0xab/0x10f0 [ 30.619953] kunit_try_run_case+0x1a5/0x480 [ 30.620433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.620965] kthread+0x337/0x6f0 [ 30.621299] ret_from_fork+0x116/0x1d0 [ 30.621665] ret_from_fork_asm+0x1a/0x30 [ 30.621895] [ 30.622168] The buggy address belongs to the object at ffff888103782f00 [ 30.622168] which belongs to the cache kmalloc-128 of size 128 [ 30.622939] The buggy address is located 0 bytes to the right of [ 30.622939] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.624146] [ 30.625135] The buggy address belongs to the physical page: [ 30.625374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.625965] flags: 0x200000000000000(node=0|zone=2) [ 30.626253] page_type: f5(slab) [ 30.626545] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.627338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.627963] page dumped because: kasan: bad access detected [ 30.628492] [ 30.628602] Memory state around the buggy address: [ 30.629067] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.629717] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.630520] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.630886] ^ [ 30.631825] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.632053] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.632268] ================================================================== [ 30.574398] ================================================================== [ 30.574762] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 30.575742] Write of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.576293] [ 30.576559] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.576685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.576717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.576766] Call Trace: [ 30.576813] <TASK> [ 30.576863] dump_stack_lvl+0x73/0xb0 [ 30.576954] print_report+0xd1/0x650 [ 30.577006] ? __virt_addr_valid+0x1db/0x2d0 [ 30.577054] ? strncpy_from_user+0x2e/0x1d0 [ 30.577115] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.577176] ? strncpy_from_user+0x2e/0x1d0 [ 30.577233] kasan_report+0x141/0x180 [ 30.577277] ? strncpy_from_user+0x2e/0x1d0 [ 30.577315] kasan_check_range+0x10c/0x1c0 [ 30.577343] __kasan_check_write+0x18/0x20 [ 30.577369] strncpy_from_user+0x2e/0x1d0 [ 30.577393] ? __kasan_check_read+0x15/0x20 [ 30.577420] copy_user_test_oob+0x760/0x10f0 [ 30.577449] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.577474] ? finish_task_switch.isra.0+0x153/0x700 [ 30.577501] ? __switch_to+0x47/0xf50 [ 30.577530] ? __schedule+0x10cc/0x2b60 [ 30.577556] ? __pfx_read_tsc+0x10/0x10 [ 30.577580] ? ktime_get_ts64+0x86/0x230 [ 30.577608] kunit_try_run_case+0x1a5/0x480 [ 30.577638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.577663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.577690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.577716] ? __kthread_parkme+0x82/0x180 [ 30.577741] ? preempt_count_sub+0x50/0x80 [ 30.577767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.577793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.577819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.577845] kthread+0x337/0x6f0 [ 30.577867] ? trace_preempt_on+0x20/0xc0 [ 30.577893] ? __pfx_kthread+0x10/0x10 [ 30.577932] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.577961] ? calculate_sigpending+0x7b/0xa0 [ 30.577989] ? __pfx_kthread+0x10/0x10 [ 30.578013] ret_from_fork+0x116/0x1d0 [ 30.578035] ? __pfx_kthread+0x10/0x10 [ 30.578058] ret_from_fork_asm+0x1a/0x30 [ 30.578092] </TASK> [ 30.578125] [ 30.587529] Allocated by task 314: [ 30.587805] kasan_save_stack+0x45/0x70 [ 30.588128] kasan_save_track+0x18/0x40 [ 30.588439] kasan_save_alloc_info+0x3b/0x50 [ 30.588660] __kasan_kmalloc+0xb7/0xc0 [ 30.588954] __kmalloc_noprof+0x1c9/0x500 [ 30.589215] kunit_kmalloc_array+0x25/0x60 [ 30.589537] copy_user_test_oob+0xab/0x10f0 [ 30.589728] kunit_try_run_case+0x1a5/0x480 [ 30.589911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.590346] kthread+0x337/0x6f0 [ 30.590613] ret_from_fork+0x116/0x1d0 [ 30.590944] ret_from_fork_asm+0x1a/0x30 [ 30.591223] [ 30.591343] The buggy address belongs to the object at ffff888103782f00 [ 30.591343] which belongs to the cache kmalloc-128 of size 128 [ 30.591945] The buggy address is located 0 bytes inside of [ 30.591945] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.592537] [ 30.592659] The buggy address belongs to the physical page: [ 30.593097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.593587] flags: 0x200000000000000(node=0|zone=2) [ 30.593810] page_type: f5(slab) [ 30.594147] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.594587] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.595121] page dumped because: kasan: bad access detected [ 30.595341] [ 30.595504] Memory state around the buggy address: [ 30.595756] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.596272] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.596641] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.596979] ^ [ 30.597344] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.597617] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.597876] ==================================================================