Date
May 12, 2025, 6:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.672938] ================================================================== [ 22.673254] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 22.673847] Write of size 1 at addr fff00000c6649478 by task kunit_try_catch/274 [ 22.674152] [ 22.674280] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.674385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.674424] Hardware name: linux,dummy-virt (DT) [ 22.674498] Call trace: [ 22.674533] show_stack+0x20/0x38 (C) [ 22.674595] dump_stack_lvl+0x8c/0xd0 [ 22.674684] print_report+0x118/0x608 [ 22.674768] kasan_report+0xdc/0x128 [ 22.674824] __asan_report_store1_noabort+0x20/0x30 [ 22.674909] strncpy_from_user+0x270/0x2a0 [ 22.674995] copy_user_test_oob+0x5c0/0xec0 [ 22.675054] kunit_try_run_case+0x170/0x3f0 [ 22.675110] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.675177] kthread+0x318/0x620 [ 22.675230] ret_from_fork+0x10/0x20 [ 22.675290] [ 22.678233] Allocated by task 274: [ 22.678387] kasan_save_stack+0x3c/0x68 [ 22.678787] kasan_save_track+0x20/0x40 [ 22.679135] kasan_save_alloc_info+0x40/0x58 [ 22.679307] __kasan_kmalloc+0xd4/0xd8 [ 22.679688] __kmalloc_noprof+0x190/0x4d0 [ 22.679972] kunit_kmalloc_array+0x34/0x88 [ 22.680255] copy_user_test_oob+0xac/0xec0 [ 22.680482] kunit_try_run_case+0x170/0x3f0 [ 22.680702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.681024] kthread+0x318/0x620 [ 22.681231] ret_from_fork+0x10/0x20 [ 22.681458] [ 22.681585] The buggy address belongs to the object at fff00000c6649400 [ 22.681585] which belongs to the cache kmalloc-128 of size 128 [ 22.681976] The buggy address is located 0 bytes to the right of [ 22.681976] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.682314] [ 22.682419] The buggy address belongs to the physical page: [ 22.682873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.683563] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.683987] page_type: f5(slab) [ 22.684148] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.684774] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.685309] page dumped because: kasan: bad access detected [ 22.685607] [ 22.685721] Memory state around the buggy address: [ 22.686171] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.686530] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.686810] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.687143] ^ [ 22.687467] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.687819] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.688086] ================================================================== [ 22.654983] ================================================================== [ 22.655661] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 22.656149] Write of size 121 at addr fff00000c6649400 by task kunit_try_catch/274 [ 22.656748] [ 22.656930] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 22.657030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.657082] Hardware name: linux,dummy-virt (DT) [ 22.657131] Call trace: [ 22.657166] show_stack+0x20/0x38 (C) [ 22.657227] dump_stack_lvl+0x8c/0xd0 [ 22.657283] print_report+0x118/0x608 [ 22.657336] kasan_report+0xdc/0x128 [ 22.657416] kasan_check_range+0x100/0x1a8 [ 22.657507] __kasan_check_write+0x20/0x30 [ 22.657572] strncpy_from_user+0x3c/0x2a0 [ 22.657631] copy_user_test_oob+0x5c0/0xec0 [ 22.657685] kunit_try_run_case+0x170/0x3f0 [ 22.657753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.657821] kthread+0x318/0x620 [ 22.657874] ret_from_fork+0x10/0x20 [ 22.657934] [ 22.661320] Allocated by task 274: [ 22.661576] kasan_save_stack+0x3c/0x68 [ 22.661758] kasan_save_track+0x20/0x40 [ 22.662140] kasan_save_alloc_info+0x40/0x58 [ 22.662556] __kasan_kmalloc+0xd4/0xd8 [ 22.662805] __kmalloc_noprof+0x190/0x4d0 [ 22.663059] kunit_kmalloc_array+0x34/0x88 [ 22.663308] copy_user_test_oob+0xac/0xec0 [ 22.663558] kunit_try_run_case+0x170/0x3f0 [ 22.663772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.664036] kthread+0x318/0x620 [ 22.664267] ret_from_fork+0x10/0x20 [ 22.664487] [ 22.664593] The buggy address belongs to the object at fff00000c6649400 [ 22.664593] which belongs to the cache kmalloc-128 of size 128 [ 22.665178] The buggy address is located 0 bytes inside of [ 22.665178] allocated 120-byte region [fff00000c6649400, fff00000c6649478) [ 22.665580] [ 22.665790] The buggy address belongs to the physical page: [ 22.666271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 22.666666] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.667071] page_type: f5(slab) [ 22.667238] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.667478] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.668050] page dumped because: kasan: bad access detected [ 22.668518] [ 22.668733] Memory state around the buggy address: [ 22.669085] fff00000c6649300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.669514] fff00000c6649380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.669752] >fff00000c6649400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.670424] ^ [ 22.670795] fff00000c6649480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.671266] fff00000c6649500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.671701] ==================================================================
[ 16.362892] ================================================================== [ 16.364133] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.364524] Write of size 121 at addr ffff888102adde00 by task kunit_try_catch/293 [ 16.365217] [ 16.365439] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.365497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.365511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.365535] Call Trace: [ 16.365558] <TASK> [ 16.365624] dump_stack_lvl+0x73/0xb0 [ 16.365657] print_report+0xd1/0x650 [ 16.365683] ? __virt_addr_valid+0x1db/0x2d0 [ 16.365708] ? strncpy_from_user+0x2e/0x1d0 [ 16.365728] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.365762] ? strncpy_from_user+0x2e/0x1d0 [ 16.365783] kasan_report+0x140/0x180 [ 16.365806] ? strncpy_from_user+0x2e/0x1d0 [ 16.365832] kasan_check_range+0x10c/0x1c0 [ 16.365867] __kasan_check_write+0x18/0x20 [ 16.365890] strncpy_from_user+0x2e/0x1d0 [ 16.365910] ? __kasan_check_read+0x15/0x20 [ 16.365935] copy_user_test_oob+0x761/0x10f0 [ 16.365962] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.365985] ? finish_task_switch.isra.0+0x153/0x700 [ 16.366010] ? __switch_to+0x5d9/0xf60 [ 16.366038] ? __schedule+0xce8/0x2840 [ 16.366065] ? __pfx_read_tsc+0x10/0x10 [ 16.366088] ? ktime_get_ts64+0x86/0x230 [ 16.366114] kunit_try_run_case+0x1a6/0x480 [ 16.366139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.366161] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.366183] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.366210] ? __kthread_parkme+0x82/0x160 [ 16.366233] ? preempt_count_sub+0x50/0x80 [ 16.366258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.366281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.366309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.366336] kthread+0x324/0x6e0 [ 16.366358] ? trace_preempt_on+0x20/0xc0 [ 16.366383] ? __pfx_kthread+0x10/0x10 [ 16.366405] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.366430] ? calculate_sigpending+0x7b/0xa0 [ 16.366453] ? __pfx_kthread+0x10/0x10 [ 16.366476] ret_from_fork+0x41/0x80 [ 16.366496] ? __pfx_kthread+0x10/0x10 [ 16.366519] ret_from_fork_asm+0x1a/0x30 [ 16.366552] </TASK> [ 16.366564] [ 16.377712] Allocated by task 293: [ 16.377955] kasan_save_stack+0x45/0x70 [ 16.378345] kasan_save_track+0x18/0x40 [ 16.378648] kasan_save_alloc_info+0x3b/0x50 [ 16.378866] __kasan_kmalloc+0xb7/0xc0 [ 16.379229] __kmalloc_noprof+0x1ca/0x500 [ 16.379476] kunit_kmalloc_array+0x25/0x60 [ 16.379787] copy_user_test_oob+0xac/0x10f0 [ 16.380133] kunit_try_run_case+0x1a6/0x480 [ 16.380473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.380711] kthread+0x324/0x6e0 [ 16.380882] ret_from_fork+0x41/0x80 [ 16.381253] ret_from_fork_asm+0x1a/0x30 [ 16.381495] [ 16.381592] The buggy address belongs to the object at ffff888102adde00 [ 16.381592] which belongs to the cache kmalloc-128 of size 128 [ 16.382627] The buggy address is located 0 bytes inside of [ 16.382627] allocated 120-byte region [ffff888102adde00, ffff888102adde78) [ 16.383327] [ 16.383560] The buggy address belongs to the physical page: [ 16.383937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.384460] flags: 0x200000000000000(node=0|zone=2) [ 16.384806] page_type: f5(slab) [ 16.384996] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.385655] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.386180] page dumped because: kasan: bad access detected [ 16.386441] [ 16.386534] Memory state around the buggy address: [ 16.386743] ffff888102addd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.387035] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.387323] >ffff888102adde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.387610] ^ [ 16.388252] ffff888102adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.388756] ffff888102addf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.389251] ================================================================== [ 16.390631] ================================================================== [ 16.391163] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.391522] Write of size 1 at addr ffff888102adde78 by task kunit_try_catch/293 [ 16.391828] [ 16.391929] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 16.391975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.391990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.392013] Call Trace: [ 16.392036] <TASK> [ 16.392059] dump_stack_lvl+0x73/0xb0 [ 16.392087] print_report+0xd1/0x650 [ 16.392110] ? __virt_addr_valid+0x1db/0x2d0 [ 16.392135] ? strncpy_from_user+0x1a5/0x1d0 [ 16.392156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.392183] ? strncpy_from_user+0x1a5/0x1d0 [ 16.392204] kasan_report+0x140/0x180 [ 16.392226] ? strncpy_from_user+0x1a5/0x1d0 [ 16.392252] __asan_report_store1_noabort+0x1b/0x30 [ 16.392276] strncpy_from_user+0x1a5/0x1d0 [ 16.392299] copy_user_test_oob+0x761/0x10f0 [ 16.392325] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.392348] ? finish_task_switch.isra.0+0x153/0x700 [ 16.392373] ? __switch_to+0x5d9/0xf60 [ 16.392401] ? __schedule+0xce8/0x2840 [ 16.392427] ? __pfx_read_tsc+0x10/0x10 [ 16.392451] ? ktime_get_ts64+0x86/0x230 [ 16.392479] kunit_try_run_case+0x1a6/0x480 [ 16.392505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.392528] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.392550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.392576] ? __kthread_parkme+0x82/0x160 [ 16.392600] ? preempt_count_sub+0x50/0x80 [ 16.392626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.392650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.392677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.392704] kthread+0x324/0x6e0 [ 16.392727] ? trace_preempt_on+0x20/0xc0 [ 16.392751] ? __pfx_kthread+0x10/0x10 [ 16.392775] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.392798] ? calculate_sigpending+0x7b/0xa0 [ 16.392821] ? __pfx_kthread+0x10/0x10 [ 16.392855] ret_from_fork+0x41/0x80 [ 16.392875] ? __pfx_kthread+0x10/0x10 [ 16.392897] ret_from_fork_asm+0x1a/0x30 [ 16.392930] </TASK> [ 16.392942] [ 16.400175] Allocated by task 293: [ 16.400320] kasan_save_stack+0x45/0x70 [ 16.400525] kasan_save_track+0x18/0x40 [ 16.400715] kasan_save_alloc_info+0x3b/0x50 [ 16.400933] __kasan_kmalloc+0xb7/0xc0 [ 16.401118] __kmalloc_noprof+0x1ca/0x500 [ 16.401361] kunit_kmalloc_array+0x25/0x60 [ 16.401507] copy_user_test_oob+0xac/0x10f0 [ 16.401654] kunit_try_run_case+0x1a6/0x480 [ 16.401806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.402087] kthread+0x324/0x6e0 [ 16.402262] ret_from_fork+0x41/0x80 [ 16.402448] ret_from_fork_asm+0x1a/0x30 [ 16.402649] [ 16.402746] The buggy address belongs to the object at ffff888102adde00 [ 16.402746] which belongs to the cache kmalloc-128 of size 128 [ 16.403289] The buggy address is located 0 bytes to the right of [ 16.403289] allocated 120-byte region [ffff888102adde00, ffff888102adde78) [ 16.403658] [ 16.403733] The buggy address belongs to the physical page: [ 16.403995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 16.404351] flags: 0x200000000000000(node=0|zone=2) [ 16.404601] page_type: f5(slab) [ 16.404771] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.405183] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.405471] page dumped because: kasan: bad access detected [ 16.405642] [ 16.405713] Memory state around the buggy address: [ 16.405888] ffff888102addd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.406342] ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.406661] >ffff888102adde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.406990] ^ [ 16.407466] ffff888102adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.407752] ffff888102addf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.408044] ==================================================================