Date
June 20, 2025, 12:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.656125] ================================================================== [ 36.656285] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 36.656445] Write of size 1 at addr fff00000c6515878 by task kunit_try_catch/296 [ 36.656585] [ 36.657387] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.658135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.658443] Hardware name: linux,dummy-virt (DT) [ 36.658522] Call trace: [ 36.658929] show_stack+0x20/0x38 (C) [ 36.659809] dump_stack_lvl+0x8c/0xd0 [ 36.660030] print_report+0x118/0x608 [ 36.660242] kasan_report+0xdc/0x128 [ 36.660467] __asan_report_store1_noabort+0x20/0x30 [ 36.660662] strncpy_from_user+0x270/0x2a0 [ 36.661028] copy_user_test_oob+0x5c0/0xec8 [ 36.661231] kunit_try_run_case+0x170/0x3f0 [ 36.661360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.661562] kthread+0x328/0x630 [ 36.661839] ret_from_fork+0x10/0x20 [ 36.662207] [ 36.662266] Allocated by task 296: [ 36.662350] kasan_save_stack+0x3c/0x68 [ 36.662583] kasan_save_track+0x20/0x40 [ 36.662812] kasan_save_alloc_info+0x40/0x58 [ 36.663009] __kasan_kmalloc+0xd4/0xd8 [ 36.663284] __kmalloc_noprof+0x198/0x4c8 [ 36.663403] kunit_kmalloc_array+0x34/0x88 [ 36.663502] copy_user_test_oob+0xac/0xec8 [ 36.664132] kunit_try_run_case+0x170/0x3f0 [ 36.664258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.664385] kthread+0x328/0x630 [ 36.664492] ret_from_fork+0x10/0x20 [ 36.664598] [ 36.664676] The buggy address belongs to the object at fff00000c6515800 [ 36.664676] which belongs to the cache kmalloc-128 of size 128 [ 36.664838] The buggy address is located 0 bytes to the right of [ 36.664838] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.665089] [ 36.665182] The buggy address belongs to the physical page: [ 36.665318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.665562] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.665975] page_type: f5(slab) [ 36.666075] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.666369] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.666500] page dumped because: kasan: bad access detected [ 36.666656] [ 36.666711] Memory state around the buggy address: [ 36.666800] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.666995] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.667241] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.667469] ^ [ 36.668016] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.668166] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.670888] ================================================================== [ 36.635360] ================================================================== [ 36.635521] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 36.637148] Write of size 121 at addr fff00000c6515800 by task kunit_try_catch/296 [ 36.637891] [ 36.638082] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.639017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.639559] Hardware name: linux,dummy-virt (DT) [ 36.639680] Call trace: [ 36.640159] show_stack+0x20/0x38 (C) [ 36.640422] dump_stack_lvl+0x8c/0xd0 [ 36.640605] print_report+0x118/0x608 [ 36.640756] kasan_report+0xdc/0x128 [ 36.640914] kasan_check_range+0x100/0x1a8 [ 36.641073] __kasan_check_write+0x20/0x30 [ 36.641171] strncpy_from_user+0x3c/0x2a0 [ 36.641263] copy_user_test_oob+0x5c0/0xec8 [ 36.641355] kunit_try_run_case+0x170/0x3f0 [ 36.641472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.641660] kthread+0x328/0x630 [ 36.641774] ret_from_fork+0x10/0x20 [ 36.641906] [ 36.641958] Allocated by task 296: [ 36.642033] kasan_save_stack+0x3c/0x68 [ 36.642145] kasan_save_track+0x20/0x40 [ 36.642240] kasan_save_alloc_info+0x40/0x58 [ 36.642350] __kasan_kmalloc+0xd4/0xd8 [ 36.642480] __kmalloc_noprof+0x198/0x4c8 [ 36.643243] kunit_kmalloc_array+0x34/0x88 [ 36.643638] copy_user_test_oob+0xac/0xec8 [ 36.643753] kunit_try_run_case+0x170/0x3f0 [ 36.644537] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.645105] kthread+0x328/0x630 [ 36.645566] ret_from_fork+0x10/0x20 [ 36.645722] [ 36.645784] The buggy address belongs to the object at fff00000c6515800 [ 36.645784] which belongs to the cache kmalloc-128 of size 128 [ 36.646223] The buggy address is located 0 bytes inside of [ 36.646223] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.646701] [ 36.647214] The buggy address belongs to the physical page: [ 36.647364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.648071] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.648231] page_type: f5(slab) [ 36.648774] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.648896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.648983] page dumped because: kasan: bad access detected [ 36.649504] [ 36.649814] Memory state around the buggy address: [ 36.650329] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.650858] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.651156] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.651471] ^ [ 36.651836] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.652052] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.652284] ==================================================================
[ 30.817923] ================================================================== [ 30.818950] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 30.819586] Write of size 1 at addr ffff888102337178 by task kunit_try_catch/314 [ 30.820128] [ 30.820384] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.820506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.820539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.820588] Call Trace: [ 30.820634] <TASK> [ 30.820681] dump_stack_lvl+0x73/0xb0 [ 30.820751] print_report+0xd1/0x650 [ 30.820805] ? __virt_addr_valid+0x1db/0x2d0 [ 30.820853] ? strncpy_from_user+0x1a5/0x1d0 [ 30.820899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.820949] ? strncpy_from_user+0x1a5/0x1d0 [ 30.821003] kasan_report+0x141/0x180 [ 30.821057] ? strncpy_from_user+0x1a5/0x1d0 [ 30.821117] __asan_report_store1_noabort+0x1b/0x30 [ 30.821208] strncpy_from_user+0x1a5/0x1d0 [ 30.821269] copy_user_test_oob+0x760/0x10f0 [ 30.821320] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.821368] ? finish_task_switch.isra.0+0x153/0x700 [ 30.821420] ? __switch_to+0x47/0xf50 [ 30.821490] ? __schedule+0x10cc/0x2b60 [ 30.821540] ? __pfx_read_tsc+0x10/0x10 [ 30.821581] ? ktime_get_ts64+0x86/0x230 [ 30.821638] kunit_try_run_case+0x1a5/0x480 [ 30.821698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.821739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.821767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.821793] ? __kthread_parkme+0x82/0x180 [ 30.821819] ? preempt_count_sub+0x50/0x80 [ 30.821845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.821873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.821900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.821926] kthread+0x337/0x6f0 [ 30.821949] ? trace_preempt_on+0x20/0xc0 [ 30.821975] ? __pfx_kthread+0x10/0x10 [ 30.821999] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.822032] ? calculate_sigpending+0x7b/0xa0 [ 30.822066] ? __pfx_kthread+0x10/0x10 [ 30.822091] ret_from_fork+0x116/0x1d0 [ 30.822112] ? __pfx_kthread+0x10/0x10 [ 30.822136] ret_from_fork_asm+0x1a/0x30 [ 30.822206] </TASK> [ 30.822223] [ 30.834781] Allocated by task 314: [ 30.835147] kasan_save_stack+0x45/0x70 [ 30.836063] kasan_save_track+0x18/0x40 [ 30.836273] kasan_save_alloc_info+0x3b/0x50 [ 30.836700] __kasan_kmalloc+0xb7/0xc0 [ 30.837017] __kmalloc_noprof+0x1c9/0x500 [ 30.837248] kunit_kmalloc_array+0x25/0x60 [ 30.837587] copy_user_test_oob+0xab/0x10f0 [ 30.837820] kunit_try_run_case+0x1a5/0x480 [ 30.838384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.838681] kthread+0x337/0x6f0 [ 30.838860] ret_from_fork+0x116/0x1d0 [ 30.839025] ret_from_fork_asm+0x1a/0x30 [ 30.839297] [ 30.839485] The buggy address belongs to the object at ffff888102337100 [ 30.839485] which belongs to the cache kmalloc-128 of size 128 [ 30.840388] The buggy address is located 0 bytes to the right of [ 30.840388] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.840963] [ 30.841211] The buggy address belongs to the physical page: [ 30.841777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.842500] flags: 0x200000000000000(node=0|zone=2) [ 30.842886] page_type: f5(slab) [ 30.843074] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.843677] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.844341] page dumped because: kasan: bad access detected [ 30.844559] [ 30.844744] Memory state around the buggy address: [ 30.845150] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.845659] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.846043] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.846699] ^ [ 30.847308] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.847572] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.848083] ================================================================== [ 30.788161] ================================================================== [ 30.788786] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 30.789103] Write of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.789546] [ 30.789797] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.789883] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.789907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.789945] Call Trace: [ 30.789984] <TASK> [ 30.790019] dump_stack_lvl+0x73/0xb0 [ 30.790082] print_report+0xd1/0x650 [ 30.790131] ? __virt_addr_valid+0x1db/0x2d0 [ 30.790175] ? strncpy_from_user+0x2e/0x1d0 [ 30.790216] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.790264] ? strncpy_from_user+0x2e/0x1d0 [ 30.790312] kasan_report+0x141/0x180 [ 30.790358] ? strncpy_from_user+0x2e/0x1d0 [ 30.790490] kasan_check_range+0x10c/0x1c0 [ 30.790571] __kasan_check_write+0x18/0x20 [ 30.790648] strncpy_from_user+0x2e/0x1d0 [ 30.790718] ? __kasan_check_read+0x15/0x20 [ 30.790771] copy_user_test_oob+0x760/0x10f0 [ 30.790831] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.790903] ? finish_task_switch.isra.0+0x153/0x700 [ 30.790979] ? __switch_to+0x47/0xf50 [ 30.791061] ? __schedule+0x10cc/0x2b60 [ 30.791129] ? __pfx_read_tsc+0x10/0x10 [ 30.791170] ? ktime_get_ts64+0x86/0x230 [ 30.791224] kunit_try_run_case+0x1a5/0x480 [ 30.791278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.791329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.791382] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.791438] ? __kthread_parkme+0x82/0x180 [ 30.791503] ? preempt_count_sub+0x50/0x80 [ 30.791560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.791620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.791676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.791732] kthread+0x337/0x6f0 [ 30.791779] ? trace_preempt_on+0x20/0xc0 [ 30.791830] ? __pfx_kthread+0x10/0x10 [ 30.791881] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.791935] ? calculate_sigpending+0x7b/0xa0 [ 30.791990] ? __pfx_kthread+0x10/0x10 [ 30.792031] ret_from_fork+0x116/0x1d0 [ 30.792072] ? __pfx_kthread+0x10/0x10 [ 30.792116] ret_from_fork_asm+0x1a/0x30 [ 30.792230] </TASK> [ 30.792259] [ 30.803111] Allocated by task 314: [ 30.803346] kasan_save_stack+0x45/0x70 [ 30.803699] kasan_save_track+0x18/0x40 [ 30.804029] kasan_save_alloc_info+0x3b/0x50 [ 30.804526] __kasan_kmalloc+0xb7/0xc0 [ 30.804863] __kmalloc_noprof+0x1c9/0x500 [ 30.805245] kunit_kmalloc_array+0x25/0x60 [ 30.805469] copy_user_test_oob+0xab/0x10f0 [ 30.805866] kunit_try_run_case+0x1a5/0x480 [ 30.806153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.806517] kthread+0x337/0x6f0 [ 30.806690] ret_from_fork+0x116/0x1d0 [ 30.806868] ret_from_fork_asm+0x1a/0x30 [ 30.807058] [ 30.807252] The buggy address belongs to the object at ffff888102337100 [ 30.807252] which belongs to the cache kmalloc-128 of size 128 [ 30.807766] The buggy address is located 0 bytes inside of [ 30.807766] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.808152] [ 30.808255] The buggy address belongs to the physical page: [ 30.808451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.808819] flags: 0x200000000000000(node=0|zone=2) [ 30.809068] page_type: f5(slab) [ 30.811675] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.812002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.812292] page dumped because: kasan: bad access detected [ 30.812517] [ 30.812619] Memory state around the buggy address: [ 30.812823] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.813092] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.813358] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.814586] ^ [ 30.815117] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.816081] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.816657] ==================================================================