Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.558895] ================================================================== [ 33.559400] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 33.559503] Write of size 121 at addr fff00000c922a400 by task kunit_try_catch/316 [ 33.559725] [ 33.559920] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.560192] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.560267] Hardware name: linux,dummy-virt (DT) [ 33.560324] Call trace: [ 33.560412] show_stack+0x20/0x38 (C) [ 33.560469] dump_stack_lvl+0x8c/0xd0 [ 33.560904] print_report+0x118/0x5e8 [ 33.561407] kasan_report+0xdc/0x128 [ 33.561589] kasan_check_range+0x100/0x1a8 [ 33.561689] __kasan_check_write+0x20/0x30 [ 33.561745] strncpy_from_user+0x3c/0x2a0 [ 33.561997] copy_user_test_oob+0x5c0/0xec8 [ 33.562310] kunit_try_run_case+0x170/0x3f0 [ 33.562576] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.562825] kthread+0x328/0x630 [ 33.562884] ret_from_fork+0x10/0x20 [ 33.563294] [ 33.563349] Allocated by task 316: [ 33.563397] kasan_save_stack+0x3c/0x68 [ 33.563748] kasan_save_track+0x20/0x40 [ 33.563979] kasan_save_alloc_info+0x40/0x58 [ 33.564050] __kasan_kmalloc+0xd4/0xd8 [ 33.564271] __kmalloc_noprof+0x198/0x4c8 [ 33.564332] kunit_kmalloc_array+0x34/0x88 [ 33.564553] copy_user_test_oob+0xac/0xec8 [ 33.564926] kunit_try_run_case+0x170/0x3f0 [ 33.565173] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.565452] kthread+0x328/0x630 [ 33.565826] ret_from_fork+0x10/0x20 [ 33.565977] [ 33.566087] The buggy address belongs to the object at fff00000c922a400 [ 33.566087] which belongs to the cache kmalloc-128 of size 128 [ 33.566485] The buggy address is located 0 bytes inside of [ 33.566485] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.566842] [ 33.566961] The buggy address belongs to the physical page: [ 33.567238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.567563] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.567775] page_type: f5(slab) [ 33.568177] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.568267] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.568653] page dumped because: kasan: bad access detected [ 33.568799] [ 33.568845] Memory state around the buggy address: [ 33.568908] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.568974] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.569382] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.569482] ^ [ 33.569527] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.569573] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.569965] ================================================================== [ 33.571545] ================================================================== [ 33.571599] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 33.571658] Write of size 1 at addr fff00000c922a478 by task kunit_try_catch/316 [ 33.571719] [ 33.571752] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.571859] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.571897] Hardware name: linux,dummy-virt (DT) [ 33.571930] Call trace: [ 33.571954] show_stack+0x20/0x38 (C) [ 33.572006] dump_stack_lvl+0x8c/0xd0 [ 33.572053] print_report+0x118/0x5e8 [ 33.572101] kasan_report+0xdc/0x128 [ 33.572166] __asan_report_store1_noabort+0x20/0x30 [ 33.572219] strncpy_from_user+0x270/0x2a0 [ 33.572266] copy_user_test_oob+0x5c0/0xec8 [ 33.572323] kunit_try_run_case+0x170/0x3f0 [ 33.572372] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.572425] kthread+0x328/0x630 [ 33.572477] ret_from_fork+0x10/0x20 [ 33.572528] [ 33.572548] Allocated by task 316: [ 33.572579] kasan_save_stack+0x3c/0x68 [ 33.572623] kasan_save_track+0x20/0x40 [ 33.572661] kasan_save_alloc_info+0x40/0x58 [ 33.572701] __kasan_kmalloc+0xd4/0xd8 [ 33.572739] __kmalloc_noprof+0x198/0x4c8 [ 33.572780] kunit_kmalloc_array+0x34/0x88 [ 33.573278] copy_user_test_oob+0xac/0xec8 [ 33.573338] kunit_try_run_case+0x170/0x3f0 [ 33.573384] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.573431] kthread+0x328/0x630 [ 33.573466] ret_from_fork+0x10/0x20 [ 33.573507] [ 33.573529] The buggy address belongs to the object at fff00000c922a400 [ 33.573529] which belongs to the cache kmalloc-128 of size 128 [ 33.573590] The buggy address is located 0 bytes to the right of [ 33.573590] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.573656] [ 33.573679] The buggy address belongs to the physical page: [ 33.573715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.573771] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.573833] page_type: f5(slab) [ 33.573872] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.573924] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.573963] page dumped because: kasan: bad access detected [ 33.573996] [ 33.574016] Memory state around the buggy address: [ 33.574049] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.574094] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.574138] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.574180] ^ [ 33.574221] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.574282] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.574322] ==================================================================
[ 29.432001] ================================================================== [ 29.432344] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 29.432636] Write of size 1 at addr ffff888104975578 by task kunit_try_catch/333 [ 29.432963] [ 29.433055] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.433102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.433116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.433139] Call Trace: [ 29.433156] <TASK> [ 29.433183] dump_stack_lvl+0x73/0xb0 [ 29.433211] print_report+0xd1/0x640 [ 29.433236] ? __virt_addr_valid+0x1db/0x2d0 [ 29.433260] ? strncpy_from_user+0x1a5/0x1d0 [ 29.433284] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.433312] ? strncpy_from_user+0x1a5/0x1d0 [ 29.433337] kasan_report+0x141/0x180 [ 29.433361] ? strncpy_from_user+0x1a5/0x1d0 [ 29.433391] __asan_report_store1_noabort+0x1b/0x30 [ 29.433417] strncpy_from_user+0x1a5/0x1d0 [ 29.433444] copy_user_test_oob+0x760/0x10f0 [ 29.433471] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.433497] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.433532] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.433562] kunit_try_run_case+0x1a5/0x480 [ 29.433588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.433612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.433639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.433666] ? __kthread_parkme+0x82/0x180 [ 29.433688] ? preempt_count_sub+0x50/0x80 [ 29.433712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.433738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.433764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.433789] kthread+0x337/0x6f0 [ 29.433811] ? trace_preempt_on+0x20/0xc0 [ 29.433847] ? __pfx_kthread+0x10/0x10 [ 29.433869] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.433894] ? calculate_sigpending+0x7b/0xa0 [ 29.433920] ? __pfx_kthread+0x10/0x10 [ 29.433943] ret_from_fork+0x116/0x1d0 [ 29.433965] ? __pfx_kthread+0x10/0x10 [ 29.433988] ret_from_fork_asm+0x1a/0x30 [ 29.434021] </TASK> [ 29.434033] [ 29.440702] Allocated by task 333: [ 29.440880] kasan_save_stack+0x45/0x70 [ 29.441069] kasan_save_track+0x18/0x40 [ 29.441319] kasan_save_alloc_info+0x3b/0x50 [ 29.441511] __kasan_kmalloc+0xb7/0xc0 [ 29.441678] __kmalloc_noprof+0x1ca/0x510 [ 29.441862] kunit_kmalloc_array+0x25/0x60 [ 29.442035] copy_user_test_oob+0xab/0x10f0 [ 29.442270] kunit_try_run_case+0x1a5/0x480 [ 29.442449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.442686] kthread+0x337/0x6f0 [ 29.442843] ret_from_fork+0x116/0x1d0 [ 29.442980] ret_from_fork_asm+0x1a/0x30 [ 29.443120] [ 29.443205] The buggy address belongs to the object at ffff888104975500 [ 29.443205] which belongs to the cache kmalloc-128 of size 128 [ 29.443913] The buggy address is located 0 bytes to the right of [ 29.443913] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.444413] [ 29.444509] The buggy address belongs to the physical page: [ 29.444760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.445021] flags: 0x200000000000000(node=0|zone=2) [ 29.445316] page_type: f5(slab) [ 29.445483] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.445823] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.446144] page dumped because: kasan: bad access detected [ 29.446331] [ 29.446399] Memory state around the buggy address: [ 29.446555] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.446778] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.447091] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.447404] ^ [ 29.447716] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.448096] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.448546] ================================================================== [ 29.409613] ================================================================== [ 29.410029] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 29.410410] Write of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.411032] [ 29.411235] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.411288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.411303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.411327] Call Trace: [ 29.411343] <TASK> [ 29.411359] dump_stack_lvl+0x73/0xb0 [ 29.411390] print_report+0xd1/0x640 [ 29.411414] ? __virt_addr_valid+0x1db/0x2d0 [ 29.411440] ? strncpy_from_user+0x2e/0x1d0 [ 29.411466] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.411495] ? strncpy_from_user+0x2e/0x1d0 [ 29.411521] kasan_report+0x141/0x180 [ 29.411545] ? strncpy_from_user+0x2e/0x1d0 [ 29.411574] kasan_check_range+0x10c/0x1c0 [ 29.411601] __kasan_check_write+0x18/0x20 [ 29.411627] strncpy_from_user+0x2e/0x1d0 [ 29.411653] ? __kasan_check_read+0x15/0x20 [ 29.411680] copy_user_test_oob+0x760/0x10f0 [ 29.411708] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.411734] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.411767] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.411796] kunit_try_run_case+0x1a5/0x480 [ 29.411822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.411859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.411887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.411914] ? __kthread_parkme+0x82/0x180 [ 29.411936] ? preempt_count_sub+0x50/0x80 [ 29.411960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.411987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.412012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.412037] kthread+0x337/0x6f0 [ 29.412058] ? trace_preempt_on+0x20/0xc0 [ 29.412083] ? __pfx_kthread+0x10/0x10 [ 29.412106] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.412131] ? calculate_sigpending+0x7b/0xa0 [ 29.412156] ? __pfx_kthread+0x10/0x10 [ 29.412190] ret_from_fork+0x116/0x1d0 [ 29.412211] ? __pfx_kthread+0x10/0x10 [ 29.412233] ret_from_fork_asm+0x1a/0x30 [ 29.412265] </TASK> [ 29.412278] [ 29.423523] Allocated by task 333: [ 29.423780] kasan_save_stack+0x45/0x70 [ 29.423990] kasan_save_track+0x18/0x40 [ 29.424129] kasan_save_alloc_info+0x3b/0x50 [ 29.424352] __kasan_kmalloc+0xb7/0xc0 [ 29.424545] __kmalloc_noprof+0x1ca/0x510 [ 29.424726] kunit_kmalloc_array+0x25/0x60 [ 29.424927] copy_user_test_oob+0xab/0x10f0 [ 29.425120] kunit_try_run_case+0x1a5/0x480 [ 29.425370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.425626] kthread+0x337/0x6f0 [ 29.425762] ret_from_fork+0x116/0x1d0 [ 29.425911] ret_from_fork_asm+0x1a/0x30 [ 29.426054] [ 29.426123] The buggy address belongs to the object at ffff888104975500 [ 29.426123] which belongs to the cache kmalloc-128 of size 128 [ 29.426714] The buggy address is located 0 bytes inside of [ 29.426714] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.427258] [ 29.427330] The buggy address belongs to the physical page: [ 29.427508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.427847] flags: 0x200000000000000(node=0|zone=2) [ 29.428088] page_type: f5(slab) [ 29.428347] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.428657] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.428914] page dumped because: kasan: bad access detected [ 29.429091] [ 29.429159] Memory state around the buggy address: [ 29.429339] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.429860] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.430175] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.430454] ^ [ 29.430671] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.431276] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.431531] ==================================================================