Date
June 23, 2025, 7:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.400880] ================================================================== [ 37.400981] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 37.401116] Write of size 1 at addr fff00000c7801378 by task kunit_try_catch/297 [ 37.401233] [ 37.401302] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.403649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.403736] Hardware name: linux,dummy-virt (DT) [ 37.403908] Call trace: [ 37.403971] show_stack+0x20/0x38 (C) [ 37.404504] dump_stack_lvl+0x8c/0xd0 [ 37.404750] print_report+0x118/0x608 [ 37.404886] kasan_report+0xdc/0x128 [ 37.405836] __asan_report_store1_noabort+0x20/0x30 [ 37.406227] strncpy_from_user+0x270/0x2a0 [ 37.407103] copy_user_test_oob+0x5c0/0xec8 [ 37.407654] kunit_try_run_case+0x170/0x3f0 [ 37.407789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.407934] kthread+0x328/0x630 [ 37.408065] ret_from_fork+0x10/0x20 [ 37.408201] [ 37.409307] Allocated by task 297: [ 37.409582] kasan_save_stack+0x3c/0x68 [ 37.410850] kasan_save_track+0x20/0x40 [ 37.410968] kasan_save_alloc_info+0x40/0x58 [ 37.411102] __kasan_kmalloc+0xd4/0xd8 [ 37.411205] __kmalloc_noprof+0x198/0x4c8 [ 37.411309] kunit_kmalloc_array+0x34/0x88 [ 37.413197] copy_user_test_oob+0xac/0xec8 [ 37.413362] kunit_try_run_case+0x170/0x3f0 [ 37.414497] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.415130] kthread+0x328/0x630 [ 37.415231] ret_from_fork+0x10/0x20 [ 37.416169] [ 37.416747] The buggy address belongs to the object at fff00000c7801300 [ 37.416747] which belongs to the cache kmalloc-128 of size 128 [ 37.417473] The buggy address is located 0 bytes to the right of [ 37.417473] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.417678] [ 37.418799] The buggy address belongs to the physical page: [ 37.419222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.419761] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.420394] page_type: f5(slab) [ 37.420500] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.421146] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.421281] page dumped because: kasan: bad access detected [ 37.421363] [ 37.421745] Memory state around the buggy address: [ 37.422272] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.422707] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.423812] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.424096] ^ [ 37.424207] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.425147] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.426156] ================================================================== [ 37.388687] ================================================================== [ 37.388866] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 37.388996] Write of size 121 at addr fff00000c7801300 by task kunit_try_catch/297 [ 37.389140] [ 37.389212] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.389414] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.389555] Hardware name: linux,dummy-virt (DT) [ 37.389640] Call trace: [ 37.389730] show_stack+0x20/0x38 (C) [ 37.389881] dump_stack_lvl+0x8c/0xd0 [ 37.390121] print_report+0x118/0x608 [ 37.390348] kasan_report+0xdc/0x128 [ 37.390535] kasan_check_range+0x100/0x1a8 [ 37.390779] __kasan_check_write+0x20/0x30 [ 37.390919] strncpy_from_user+0x3c/0x2a0 [ 37.391274] copy_user_test_oob+0x5c0/0xec8 [ 37.391459] kunit_try_run_case+0x170/0x3f0 [ 37.391725] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.391966] kthread+0x328/0x630 [ 37.392194] ret_from_fork+0x10/0x20 [ 37.392390] [ 37.392466] Allocated by task 297: [ 37.392553] kasan_save_stack+0x3c/0x68 [ 37.392663] kasan_save_track+0x20/0x40 [ 37.392766] kasan_save_alloc_info+0x40/0x58 [ 37.392937] __kasan_kmalloc+0xd4/0xd8 [ 37.393165] __kmalloc_noprof+0x198/0x4c8 [ 37.393304] kunit_kmalloc_array+0x34/0x88 [ 37.393428] copy_user_test_oob+0xac/0xec8 [ 37.393553] kunit_try_run_case+0x170/0x3f0 [ 37.393768] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.393949] kthread+0x328/0x630 [ 37.394163] ret_from_fork+0x10/0x20 [ 37.394281] [ 37.394335] The buggy address belongs to the object at fff00000c7801300 [ 37.394335] which belongs to the cache kmalloc-128 of size 128 [ 37.394491] The buggy address is located 0 bytes inside of [ 37.394491] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.394720] [ 37.394796] The buggy address belongs to the physical page: [ 37.394879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.395139] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.395310] page_type: f5(slab) [ 37.395585] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.396065] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.396250] page dumped because: kasan: bad access detected [ 37.396331] [ 37.396379] Memory state around the buggy address: [ 37.396450] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.396561] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.396662] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.396757] ^ [ 37.396967] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.397862] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.398090] ==================================================================
[ 26.313098] ================================================================== [ 26.313632] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 26.314161] Write of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.314450] [ 26.314564] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.314644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.314688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.314723] Call Trace: [ 26.314750] <TASK> [ 26.314775] dump_stack_lvl+0x73/0xb0 [ 26.314871] print_report+0xd1/0x650 [ 26.314924] ? __virt_addr_valid+0x1db/0x2d0 [ 26.314963] ? strncpy_from_user+0x2e/0x1d0 [ 26.315004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.315065] ? strncpy_from_user+0x2e/0x1d0 [ 26.315106] kasan_report+0x141/0x180 [ 26.315146] ? strncpy_from_user+0x2e/0x1d0 [ 26.315194] kasan_check_range+0x10c/0x1c0 [ 26.315253] __kasan_check_write+0x18/0x20 [ 26.315293] strncpy_from_user+0x2e/0x1d0 [ 26.315332] ? __kasan_check_read+0x15/0x20 [ 26.315771] copy_user_test_oob+0x760/0x10f0 [ 26.315858] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.315903] ? finish_task_switch.isra.0+0x153/0x700 [ 26.315948] ? __switch_to+0x47/0xf50 [ 26.315996] ? __schedule+0x10cc/0x2b60 [ 26.316039] ? __pfx_read_tsc+0x10/0x10 [ 26.316079] ? ktime_get_ts64+0x86/0x230 [ 26.316143] kunit_try_run_case+0x1a5/0x480 [ 26.316183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.316218] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.316254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.316290] ? __kthread_parkme+0x82/0x180 [ 26.316319] ? preempt_count_sub+0x50/0x80 [ 26.316356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.316412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.316472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.316525] kthread+0x337/0x6f0 [ 26.316573] ? trace_preempt_on+0x20/0xc0 [ 26.316616] ? __pfx_kthread+0x10/0x10 [ 26.316664] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.316713] ? calculate_sigpending+0x7b/0xa0 [ 26.316766] ? __pfx_kthread+0x10/0x10 [ 26.316807] ret_from_fork+0x116/0x1d0 [ 26.316851] ? __pfx_kthread+0x10/0x10 [ 26.316891] ret_from_fork_asm+0x1a/0x30 [ 26.316968] </TASK> [ 26.316993] [ 26.329180] Allocated by task 314: [ 26.329510] kasan_save_stack+0x45/0x70 [ 26.329970] kasan_save_track+0x18/0x40 [ 26.330177] kasan_save_alloc_info+0x3b/0x50 [ 26.330513] __kasan_kmalloc+0xb7/0xc0 [ 26.330734] __kmalloc_noprof+0x1c9/0x500 [ 26.331013] kunit_kmalloc_array+0x25/0x60 [ 26.331628] copy_user_test_oob+0xab/0x10f0 [ 26.331775] kunit_try_run_case+0x1a5/0x480 [ 26.332237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.332677] kthread+0x337/0x6f0 [ 26.332802] ret_from_fork+0x116/0x1d0 [ 26.333139] ret_from_fork_asm+0x1a/0x30 [ 26.333548] [ 26.333694] The buggy address belongs to the object at ffff888102c14900 [ 26.333694] which belongs to the cache kmalloc-128 of size 128 [ 26.334218] The buggy address is located 0 bytes inside of [ 26.334218] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.334738] [ 26.334839] The buggy address belongs to the physical page: [ 26.335027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.335633] flags: 0x200000000000000(node=0|zone=2) [ 26.335814] page_type: f5(slab) [ 26.336065] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.336541] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.336876] page dumped because: kasan: bad access detected [ 26.337097] [ 26.337231] Memory state around the buggy address: [ 26.337547] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.337796] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.338023] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.338570] ^ [ 26.338953] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.339173] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.339493] ================================================================== [ 26.340357] ================================================================== [ 26.341038] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 26.341285] Write of size 1 at addr ffff888102c14978 by task kunit_try_catch/314 [ 26.341527] [ 26.341737] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.341813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.341851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.341882] Call Trace: [ 26.341907] <TASK> [ 26.341933] dump_stack_lvl+0x73/0xb0 [ 26.341980] print_report+0xd1/0x650 [ 26.342019] ? __virt_addr_valid+0x1db/0x2d0 [ 26.342058] ? strncpy_from_user+0x1a5/0x1d0 [ 26.342094] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.342142] ? strncpy_from_user+0x1a5/0x1d0 [ 26.342186] kasan_report+0x141/0x180 [ 26.342232] ? strncpy_from_user+0x1a5/0x1d0 [ 26.342283] __asan_report_store1_noabort+0x1b/0x30 [ 26.342330] strncpy_from_user+0x1a5/0x1d0 [ 26.342400] copy_user_test_oob+0x760/0x10f0 [ 26.342452] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.342489] ? finish_task_switch.isra.0+0x153/0x700 [ 26.342522] ? __switch_to+0x47/0xf50 [ 26.342564] ? __schedule+0x10cc/0x2b60 [ 26.342604] ? __pfx_read_tsc+0x10/0x10 [ 26.342642] ? ktime_get_ts64+0x86/0x230 [ 26.342691] kunit_try_run_case+0x1a5/0x480 [ 26.342742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.342788] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.342832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.342893] ? __kthread_parkme+0x82/0x180 [ 26.342928] ? preempt_count_sub+0x50/0x80 [ 26.342966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.343007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.343052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.343094] kthread+0x337/0x6f0 [ 26.343132] ? trace_preempt_on+0x20/0xc0 [ 26.343172] ? __pfx_kthread+0x10/0x10 [ 26.343209] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.343250] ? calculate_sigpending+0x7b/0xa0 [ 26.343293] ? __pfx_kthread+0x10/0x10 [ 26.343332] ret_from_fork+0x116/0x1d0 [ 26.343367] ? __pfx_kthread+0x10/0x10 [ 26.343423] ret_from_fork_asm+0x1a/0x30 [ 26.343481] </TASK> [ 26.343503] [ 26.353141] Allocated by task 314: [ 26.353392] kasan_save_stack+0x45/0x70 [ 26.353667] kasan_save_track+0x18/0x40 [ 26.353936] kasan_save_alloc_info+0x3b/0x50 [ 26.354353] __kasan_kmalloc+0xb7/0xc0 [ 26.354598] __kmalloc_noprof+0x1c9/0x500 [ 26.354774] kunit_kmalloc_array+0x25/0x60 [ 26.355058] copy_user_test_oob+0xab/0x10f0 [ 26.355340] kunit_try_run_case+0x1a5/0x480 [ 26.355645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.355932] kthread+0x337/0x6f0 [ 26.356071] ret_from_fork+0x116/0x1d0 [ 26.356251] ret_from_fork_asm+0x1a/0x30 [ 26.356509] [ 26.356646] The buggy address belongs to the object at ffff888102c14900 [ 26.356646] which belongs to the cache kmalloc-128 of size 128 [ 26.357240] The buggy address is located 0 bytes to the right of [ 26.357240] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.357612] [ 26.357703] The buggy address belongs to the physical page: [ 26.357876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.358300] flags: 0x200000000000000(node=0|zone=2) [ 26.358721] page_type: f5(slab) [ 26.359040] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.359500] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.359720] page dumped because: kasan: bad access detected [ 26.360030] [ 26.360196] Memory state around the buggy address: [ 26.360553] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.361062] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.361292] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.361622] ^ [ 26.362182] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.362450] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.362675] ==================================================================