Date
July 18, 2025, 1:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.646179] ================================================================== [ 34.646330] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 34.646384] Write of size 1 at addr fff00000c970b278 by task kunit_try_catch/316 [ 34.646436] [ 34.646467] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.646706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.646790] Hardware name: linux,dummy-virt (DT) [ 34.646836] Call trace: [ 34.646904] show_stack+0x20/0x38 (C) [ 34.646959] dump_stack_lvl+0x8c/0xd0 [ 34.647009] print_report+0x118/0x5e8 [ 34.647265] kasan_report+0xdc/0x128 [ 34.647353] __asan_report_store1_noabort+0x20/0x30 [ 34.647406] strncpy_from_user+0x270/0x2a0 [ 34.647466] copy_user_test_oob+0x5c0/0xec8 [ 34.647523] kunit_try_run_case+0x170/0x3f0 [ 34.647588] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.647642] kthread+0x328/0x630 [ 34.647701] ret_from_fork+0x10/0x20 [ 34.647849] [ 34.647897] Allocated by task 316: [ 34.647946] kasan_save_stack+0x3c/0x68 [ 34.648143] kasan_save_track+0x20/0x40 [ 34.648183] kasan_save_alloc_info+0x40/0x58 [ 34.648228] __kasan_kmalloc+0xd4/0xd8 [ 34.648306] __kmalloc_noprof+0x198/0x4c8 [ 34.648450] kunit_kmalloc_array+0x34/0x88 [ 34.648530] copy_user_test_oob+0xac/0xec8 [ 34.648625] kunit_try_run_case+0x170/0x3f0 [ 34.648694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.648991] kthread+0x328/0x630 [ 34.649074] ret_from_fork+0x10/0x20 [ 34.649164] [ 34.649214] The buggy address belongs to the object at fff00000c970b200 [ 34.649214] which belongs to the cache kmalloc-128 of size 128 [ 34.649286] The buggy address is located 0 bytes to the right of [ 34.649286] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.649506] [ 34.649555] The buggy address belongs to the physical page: [ 34.649591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.649675] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.649792] page_type: f5(slab) [ 34.649859] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.650048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.650220] page dumped because: kasan: bad access detected [ 34.650289] [ 34.650347] Memory state around the buggy address: [ 34.650521] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.650572] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.650647] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.650750] ^ [ 34.650828] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.650917] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.651139] ================================================================== [ 34.641030] ================================================================== [ 34.641096] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 34.641323] Write of size 121 at addr fff00000c970b200 by task kunit_try_catch/316 [ 34.641387] [ 34.641421] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.641506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.641536] Hardware name: linux,dummy-virt (DT) [ 34.641606] Call trace: [ 34.641632] show_stack+0x20/0x38 (C) [ 34.641712] dump_stack_lvl+0x8c/0xd0 [ 34.641938] print_report+0x118/0x5e8 [ 34.642004] kasan_report+0xdc/0x128 [ 34.642167] kasan_check_range+0x100/0x1a8 [ 34.642218] __kasan_check_write+0x20/0x30 [ 34.642276] strncpy_from_user+0x3c/0x2a0 [ 34.642370] copy_user_test_oob+0x5c0/0xec8 [ 34.642427] kunit_try_run_case+0x170/0x3f0 [ 34.642474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.642527] kthread+0x328/0x630 [ 34.642579] ret_from_fork+0x10/0x20 [ 34.642637] [ 34.642657] Allocated by task 316: [ 34.642687] kasan_save_stack+0x3c/0x68 [ 34.642734] kasan_save_track+0x20/0x40 [ 34.642771] kasan_save_alloc_info+0x40/0x58 [ 34.642811] __kasan_kmalloc+0xd4/0xd8 [ 34.642845] __kmalloc_noprof+0x198/0x4c8 [ 34.642884] kunit_kmalloc_array+0x34/0x88 [ 34.642931] copy_user_test_oob+0xac/0xec8 [ 34.642972] kunit_try_run_case+0x170/0x3f0 [ 34.643011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.643055] kthread+0x328/0x630 [ 34.643099] ret_from_fork+0x10/0x20 [ 34.643136] [ 34.643156] The buggy address belongs to the object at fff00000c970b200 [ 34.643156] which belongs to the cache kmalloc-128 of size 128 [ 34.643216] The buggy address is located 0 bytes inside of [ 34.643216] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.643280] [ 34.643303] The buggy address belongs to the physical page: [ 34.643335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.643390] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.643441] page_type: f5(slab) [ 34.643482] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.643537] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.643580] page dumped because: kasan: bad access detected [ 34.643613] [ 34.643633] Memory state around the buggy address: [ 34.643666] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.643736] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.643938] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.643981] ^ [ 34.644142] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.644305] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.644539] ==================================================================
[ 28.732489] ================================================================== [ 28.732831] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 28.733255] Write of size 1 at addr ffff8881053b7a78 by task kunit_try_catch/333 [ 28.733590] [ 28.733673] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.733719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.733733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.733756] Call Trace: [ 28.733774] <TASK> [ 28.733789] dump_stack_lvl+0x73/0xb0 [ 28.733820] print_report+0xd1/0x640 [ 28.733843] ? __virt_addr_valid+0x1db/0x2d0 [ 28.733867] ? strncpy_from_user+0x1a5/0x1d0 [ 28.733890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.733917] ? strncpy_from_user+0x1a5/0x1d0 [ 28.733940] kasan_report+0x141/0x180 [ 28.733963] ? strncpy_from_user+0x1a5/0x1d0 [ 28.733990] __asan_report_store1_noabort+0x1b/0x30 [ 28.734015] strncpy_from_user+0x1a5/0x1d0 [ 28.734040] copy_user_test_oob+0x760/0x10f0 [ 28.734065] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.734088] ? finish_task_switch.isra.0+0x153/0x700 [ 28.734110] ? __switch_to+0x47/0xf80 [ 28.734136] ? __schedule+0x10da/0x2b60 [ 28.734159] ? __pfx_read_tsc+0x10/0x10 [ 28.734181] ? ktime_get_ts64+0x86/0x230 [ 28.734206] kunit_try_run_case+0x1a5/0x480 [ 28.734231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.734254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.734289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.734323] ? __kthread_parkme+0x82/0x180 [ 28.734353] ? preempt_count_sub+0x50/0x80 [ 28.734377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.734401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.734424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.734448] kthread+0x337/0x6f0 [ 28.734469] ? trace_preempt_on+0x20/0xc0 [ 28.734492] ? __pfx_kthread+0x10/0x10 [ 28.734514] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.734544] ? calculate_sigpending+0x7b/0xa0 [ 28.734569] ? __pfx_kthread+0x10/0x10 [ 28.734591] ret_from_fork+0x116/0x1d0 [ 28.734611] ? __pfx_kthread+0x10/0x10 [ 28.734632] ret_from_fork_asm+0x1a/0x30 [ 28.734663] </TASK> [ 28.734678] [ 28.741431] Allocated by task 333: [ 28.741579] kasan_save_stack+0x45/0x70 [ 28.741766] kasan_save_track+0x18/0x40 [ 28.741924] kasan_save_alloc_info+0x3b/0x50 [ 28.742110] __kasan_kmalloc+0xb7/0xc0 [ 28.742258] __kmalloc_noprof+0x1ca/0x510 [ 28.742441] kunit_kmalloc_array+0x25/0x60 [ 28.742608] copy_user_test_oob+0xab/0x10f0 [ 28.742801] kunit_try_run_case+0x1a5/0x480 [ 28.742969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.743188] kthread+0x337/0x6f0 [ 28.743321] ret_from_fork+0x116/0x1d0 [ 28.743512] ret_from_fork_asm+0x1a/0x30 [ 28.743683] [ 28.743764] The buggy address belongs to the object at ffff8881053b7a00 [ 28.743764] which belongs to the cache kmalloc-128 of size 128 [ 28.744114] The buggy address is located 0 bytes to the right of [ 28.744114] allocated 120-byte region [ffff8881053b7a00, ffff8881053b7a78) [ 28.744607] [ 28.744698] The buggy address belongs to the physical page: [ 28.744939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.745280] flags: 0x200000000000000(node=0|zone=2) [ 28.745455] page_type: f5(slab) [ 28.745571] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.745843] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.746171] page dumped because: kasan: bad access detected [ 28.746427] [ 28.746517] Memory state around the buggy address: [ 28.746725] ffff8881053b7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.746993] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.747239] >ffff8881053b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.747556] ^ [ 28.747896] ffff8881053b7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.748211] ffff8881053b7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.748648] ================================================================== [ 28.714181] ================================================================== [ 28.714528] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 28.714940] Write of size 121 at addr ffff8881053b7a00 by task kunit_try_catch/333 [ 28.715321] [ 28.715408] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.715453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.715486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.715509] Call Trace: [ 28.715524] <TASK> [ 28.715539] dump_stack_lvl+0x73/0xb0 [ 28.715568] print_report+0xd1/0x640 [ 28.715591] ? __virt_addr_valid+0x1db/0x2d0 [ 28.715614] ? strncpy_from_user+0x2e/0x1d0 [ 28.715636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.715662] ? strncpy_from_user+0x2e/0x1d0 [ 28.715686] kasan_report+0x141/0x180 [ 28.715708] ? strncpy_from_user+0x2e/0x1d0 [ 28.715734] kasan_check_range+0x10c/0x1c0 [ 28.715759] __kasan_check_write+0x18/0x20 [ 28.715783] strncpy_from_user+0x2e/0x1d0 [ 28.715805] ? __kasan_check_read+0x15/0x20 [ 28.715830] copy_user_test_oob+0x760/0x10f0 [ 28.715855] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.715878] ? finish_task_switch.isra.0+0x153/0x700 [ 28.715899] ? __switch_to+0x47/0xf80 [ 28.715925] ? __schedule+0x10da/0x2b60 [ 28.715950] ? __pfx_read_tsc+0x10/0x10 [ 28.715971] ? ktime_get_ts64+0x86/0x230 [ 28.715996] kunit_try_run_case+0x1a5/0x480 [ 28.716019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.716042] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.716078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.716111] ? __kthread_parkme+0x82/0x180 [ 28.716132] ? preempt_count_sub+0x50/0x80 [ 28.716154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.716178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.716202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.716226] kthread+0x337/0x6f0 [ 28.716246] ? trace_preempt_on+0x20/0xc0 [ 28.716270] ? __pfx_kthread+0x10/0x10 [ 28.716291] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.716321] ? calculate_sigpending+0x7b/0xa0 [ 28.716359] ? __pfx_kthread+0x10/0x10 [ 28.716381] ret_from_fork+0x116/0x1d0 [ 28.716401] ? __pfx_kthread+0x10/0x10 [ 28.716422] ret_from_fork_asm+0x1a/0x30 [ 28.716452] </TASK> [ 28.716463] [ 28.725094] Allocated by task 333: [ 28.725292] kasan_save_stack+0x45/0x70 [ 28.725452] kasan_save_track+0x18/0x40 [ 28.725585] kasan_save_alloc_info+0x3b/0x50 [ 28.725786] __kasan_kmalloc+0xb7/0xc0 [ 28.725962] __kmalloc_noprof+0x1ca/0x510 [ 28.726175] kunit_kmalloc_array+0x25/0x60 [ 28.726382] copy_user_test_oob+0xab/0x10f0 [ 28.726550] kunit_try_run_case+0x1a5/0x480 [ 28.726756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.726932] kthread+0x337/0x6f0 [ 28.727047] ret_from_fork+0x116/0x1d0 [ 28.727198] ret_from_fork_asm+0x1a/0x30 [ 28.727398] [ 28.727487] The buggy address belongs to the object at ffff8881053b7a00 [ 28.727487] which belongs to the cache kmalloc-128 of size 128 [ 28.727967] The buggy address is located 0 bytes inside of [ 28.727967] allocated 120-byte region [ffff8881053b7a00, ffff8881053b7a78) [ 28.728447] [ 28.728546] The buggy address belongs to the physical page: [ 28.728762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.729063] flags: 0x200000000000000(node=0|zone=2) [ 28.729239] page_type: f5(slab) [ 28.729412] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.729714] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.729984] page dumped because: kasan: bad access detected [ 28.730213] [ 28.730287] Memory state around the buggy address: [ 28.730494] ffff8881053b7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.730728] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.730938] >ffff8881053b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.731175] ^ [ 28.731487] ffff8881053b7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.731793] ffff8881053b7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.732003] ==================================================================