Date
July 9, 2025, 1:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.617931] ================================================================== [ 32.617993] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 32.618218] Write of size 1 at addr fff00000c9c2a378 by task kunit_try_catch/317 [ 32.618287] [ 32.618322] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.618411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.618439] Hardware name: linux,dummy-virt (DT) [ 32.618606] Call trace: [ 32.618640] show_stack+0x20/0x38 (C) [ 32.618774] dump_stack_lvl+0x8c/0xd0 [ 32.618838] print_report+0x118/0x5d0 [ 32.618885] kasan_report+0xdc/0x128 [ 32.619198] __asan_report_store1_noabort+0x20/0x30 [ 32.619404] strncpy_from_user+0x270/0x2a0 [ 32.619622] copy_user_test_oob+0x5c0/0xec8 [ 32.619799] kunit_try_run_case+0x170/0x3f0 [ 32.619977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.620161] kthread+0x328/0x630 [ 32.620204] ret_from_fork+0x10/0x20 [ 32.620633] [ 32.620689] Allocated by task 317: [ 32.620909] kasan_save_stack+0x3c/0x68 [ 32.621071] kasan_save_track+0x20/0x40 [ 32.621199] kasan_save_alloc_info+0x40/0x58 [ 32.621332] __kasan_kmalloc+0xd4/0xd8 [ 32.621551] __kmalloc_noprof+0x198/0x4c8 [ 32.621741] kunit_kmalloc_array+0x34/0x88 [ 32.621825] copy_user_test_oob+0xac/0xec8 [ 32.622175] kunit_try_run_case+0x170/0x3f0 [ 32.622254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.622368] kthread+0x328/0x630 [ 32.622532] ret_from_fork+0x10/0x20 [ 32.622973] [ 32.623035] The buggy address belongs to the object at fff00000c9c2a300 [ 32.623035] which belongs to the cache kmalloc-128 of size 128 [ 32.623203] The buggy address is located 0 bytes to the right of [ 32.623203] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.623273] [ 32.623296] The buggy address belongs to the physical page: [ 32.623665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.623902] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.624039] page_type: f5(slab) [ 32.624198] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.624305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.624350] page dumped because: kasan: bad access detected [ 32.624399] [ 32.624434] Memory state around the buggy address: [ 32.624468] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.624675] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.624724] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.624765] ^ [ 32.624807] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.624852] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.625015] ================================================================== [ 32.608465] ================================================================== [ 32.608525] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 32.608736] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.608798] [ 32.608855] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.609106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.609395] Hardware name: linux,dummy-virt (DT) [ 32.609572] Call trace: [ 32.609608] show_stack+0x20/0x38 (C) [ 32.609698] dump_stack_lvl+0x8c/0xd0 [ 32.609752] print_report+0x118/0x5d0 [ 32.609797] kasan_report+0xdc/0x128 [ 32.609876] kasan_check_range+0x100/0x1a8 [ 32.609952] __kasan_check_write+0x20/0x30 [ 32.610008] strncpy_from_user+0x3c/0x2a0 [ 32.610121] copy_user_test_oob+0x5c0/0xec8 [ 32.610172] kunit_try_run_case+0x170/0x3f0 [ 32.610460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.610614] kthread+0x328/0x630 [ 32.610667] ret_from_fork+0x10/0x20 [ 32.610875] [ 32.611003] Allocated by task 317: [ 32.611108] kasan_save_stack+0x3c/0x68 [ 32.611183] kasan_save_track+0x20/0x40 [ 32.611251] kasan_save_alloc_info+0x40/0x58 [ 32.611318] __kasan_kmalloc+0xd4/0xd8 [ 32.611656] __kmalloc_noprof+0x198/0x4c8 [ 32.611814] kunit_kmalloc_array+0x34/0x88 [ 32.612035] copy_user_test_oob+0xac/0xec8 [ 32.612103] kunit_try_run_case+0x170/0x3f0 [ 32.612323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.612416] kthread+0x328/0x630 [ 32.612750] ret_from_fork+0x10/0x20 [ 32.612822] [ 32.612942] The buggy address belongs to the object at fff00000c9c2a300 [ 32.612942] which belongs to the cache kmalloc-128 of size 128 [ 32.613030] The buggy address is located 0 bytes inside of [ 32.613030] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.613352] [ 32.613490] The buggy address belongs to the physical page: [ 32.613556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.613772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.614079] page_type: f5(slab) [ 32.614189] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.614282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.614600] page dumped because: kasan: bad access detected [ 32.614674] [ 32.614722] Memory state around the buggy address: [ 32.615007] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.615084] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.615279] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.615438] ^ [ 32.615660] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.615822] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.616027] ==================================================================
[ 28.174098] ================================================================== [ 28.174435] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 28.174764] Write of size 1 at addr ffff8881060ac678 by task kunit_try_catch/335 [ 28.175117] [ 28.175206] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.175279] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.175294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.175317] Call Trace: [ 28.175336] <TASK> [ 28.175356] dump_stack_lvl+0x73/0xb0 [ 28.175389] print_report+0xd1/0x610 [ 28.175412] ? __virt_addr_valid+0x1db/0x2d0 [ 28.175456] ? strncpy_from_user+0x1a5/0x1d0 [ 28.175480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.175507] ? strncpy_from_user+0x1a5/0x1d0 [ 28.175532] kasan_report+0x141/0x180 [ 28.175555] ? strncpy_from_user+0x1a5/0x1d0 [ 28.175607] __asan_report_store1_noabort+0x1b/0x30 [ 28.175633] strncpy_from_user+0x1a5/0x1d0 [ 28.175659] copy_user_test_oob+0x760/0x10f0 [ 28.175686] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.175721] ? finish_task_switch.isra.0+0x153/0x700 [ 28.175745] ? __switch_to+0x47/0xf80 [ 28.175801] ? __schedule+0x10cc/0x2b60 [ 28.175830] ? __pfx_read_tsc+0x10/0x10 [ 28.175853] ? ktime_get_ts64+0x86/0x230 [ 28.175880] kunit_try_run_case+0x1a5/0x480 [ 28.175904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.175925] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.175950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.175975] ? __kthread_parkme+0x82/0x180 [ 28.175997] ? preempt_count_sub+0x50/0x80 [ 28.176021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.176044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.176070] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.176096] kthread+0x337/0x6f0 [ 28.176117] ? trace_preempt_on+0x20/0xc0 [ 28.176142] ? __pfx_kthread+0x10/0x10 [ 28.176164] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.176207] ? calculate_sigpending+0x7b/0xa0 [ 28.176233] ? __pfx_kthread+0x10/0x10 [ 28.176270] ret_from_fork+0x116/0x1d0 [ 28.176290] ? __pfx_kthread+0x10/0x10 [ 28.176326] ret_from_fork_asm+0x1a/0x30 [ 28.176384] </TASK> [ 28.176396] [ 28.183462] Allocated by task 335: [ 28.183651] kasan_save_stack+0x45/0x70 [ 28.183991] kasan_save_track+0x18/0x40 [ 28.184204] kasan_save_alloc_info+0x3b/0x50 [ 28.184400] __kasan_kmalloc+0xb7/0xc0 [ 28.184566] __kmalloc_noprof+0x1c9/0x500 [ 28.184807] kunit_kmalloc_array+0x25/0x60 [ 28.184968] copy_user_test_oob+0xab/0x10f0 [ 28.185189] kunit_try_run_case+0x1a5/0x480 [ 28.185360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.185601] kthread+0x337/0x6f0 [ 28.185767] ret_from_fork+0x116/0x1d0 [ 28.185942] ret_from_fork_asm+0x1a/0x30 [ 28.186119] [ 28.186210] The buggy address belongs to the object at ffff8881060ac600 [ 28.186210] which belongs to the cache kmalloc-128 of size 128 [ 28.186673] The buggy address is located 0 bytes to the right of [ 28.186673] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.187286] [ 28.187368] The buggy address belongs to the physical page: [ 28.187601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.187969] flags: 0x200000000000000(node=0|zone=2) [ 28.188228] page_type: f5(slab) [ 28.188384] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.188712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.189197] page dumped because: kasan: bad access detected [ 28.189366] [ 28.189453] Memory state around the buggy address: [ 28.189705] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.190055] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.190371] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.190675] ^ [ 28.191031] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.191391] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.191713] ================================================================== [ 28.155366] ================================================================== [ 28.155611] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 28.156080] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.156429] [ 28.156557] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.156608] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.156622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.156645] Call Trace: [ 28.156662] <TASK> [ 28.156679] dump_stack_lvl+0x73/0xb0 [ 28.156722] print_report+0xd1/0x610 [ 28.156745] ? __virt_addr_valid+0x1db/0x2d0 [ 28.156770] ? strncpy_from_user+0x2e/0x1d0 [ 28.156794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.156821] ? strncpy_from_user+0x2e/0x1d0 [ 28.156846] kasan_report+0x141/0x180 [ 28.156868] ? strncpy_from_user+0x2e/0x1d0 [ 28.156897] kasan_check_range+0x10c/0x1c0 [ 28.156922] __kasan_check_write+0x18/0x20 [ 28.156979] strncpy_from_user+0x2e/0x1d0 [ 28.157003] ? __kasan_check_read+0x15/0x20 [ 28.157047] copy_user_test_oob+0x760/0x10f0 [ 28.157074] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.157097] ? finish_task_switch.isra.0+0x153/0x700 [ 28.157120] ? __switch_to+0x47/0xf80 [ 28.157148] ? __schedule+0x10cc/0x2b60 [ 28.157172] ? __pfx_read_tsc+0x10/0x10 [ 28.157194] ? ktime_get_ts64+0x86/0x230 [ 28.157237] kunit_try_run_case+0x1a5/0x480 [ 28.157260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.157295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.157320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.157345] ? __kthread_parkme+0x82/0x180 [ 28.157367] ? preempt_count_sub+0x50/0x80 [ 28.157391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.157414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.157440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.157467] kthread+0x337/0x6f0 [ 28.157487] ? trace_preempt_on+0x20/0xc0 [ 28.157511] ? __pfx_kthread+0x10/0x10 [ 28.157533] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.157557] ? calculate_sigpending+0x7b/0xa0 [ 28.157582] ? __pfx_kthread+0x10/0x10 [ 28.157605] ret_from_fork+0x116/0x1d0 [ 28.157625] ? __pfx_kthread+0x10/0x10 [ 28.157647] ret_from_fork_asm+0x1a/0x30 [ 28.157679] </TASK> [ 28.157701] [ 28.165543] Allocated by task 335: [ 28.165672] kasan_save_stack+0x45/0x70 [ 28.165822] kasan_save_track+0x18/0x40 [ 28.166018] kasan_save_alloc_info+0x3b/0x50 [ 28.166244] __kasan_kmalloc+0xb7/0xc0 [ 28.166452] __kmalloc_noprof+0x1c9/0x500 [ 28.166666] kunit_kmalloc_array+0x25/0x60 [ 28.167011] copy_user_test_oob+0xab/0x10f0 [ 28.167213] kunit_try_run_case+0x1a5/0x480 [ 28.167398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.167595] kthread+0x337/0x6f0 [ 28.167787] ret_from_fork+0x116/0x1d0 [ 28.167984] ret_from_fork_asm+0x1a/0x30 [ 28.168173] [ 28.168262] The buggy address belongs to the object at ffff8881060ac600 [ 28.168262] which belongs to the cache kmalloc-128 of size 128 [ 28.168789] The buggy address is located 0 bytes inside of [ 28.168789] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.169293] [ 28.169403] The buggy address belongs to the physical page: [ 28.169628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.170011] flags: 0x200000000000000(node=0|zone=2) [ 28.170273] page_type: f5(slab) [ 28.170436] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.170884] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.171219] page dumped because: kasan: bad access detected [ 28.171446] [ 28.171510] Memory state around the buggy address: [ 28.171658] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.172011] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.172328] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.172638] ^ [ 28.172928] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.173138] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.173443] ==================================================================