Date
June 2, 2025, 2:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.695054] ================================================================== [ 21.695482] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 21.695843] Write of size 121 at addr fff00000c65b6300 by task kunit_try_catch/275 [ 21.696202] [ 21.696413] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.696512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.696546] Hardware name: linux,dummy-virt (DT) [ 21.696604] Call trace: [ 21.696634] show_stack+0x20/0x38 (C) [ 21.696695] dump_stack_lvl+0x8c/0xd0 [ 21.696763] print_report+0x118/0x608 [ 21.696822] kasan_report+0xdc/0x128 [ 21.696874] kasan_check_range+0x100/0x1a8 [ 21.696930] __kasan_check_write+0x20/0x30 [ 21.696981] strncpy_from_user+0x3c/0x2a0 [ 21.697035] copy_user_test_oob+0x5c0/0xec0 [ 21.697089] kunit_try_run_case+0x170/0x3f0 [ 21.697144] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.697225] kthread+0x318/0x620 [ 21.697278] ret_from_fork+0x10/0x20 [ 21.697333] [ 21.700841] Allocated by task 275: [ 21.701057] kasan_save_stack+0x3c/0x68 [ 21.701447] kasan_save_track+0x20/0x40 [ 21.701704] kasan_save_alloc_info+0x40/0x58 [ 21.701999] __kasan_kmalloc+0xd4/0xd8 [ 21.702261] __kmalloc_noprof+0x198/0x4c8 [ 21.702442] kunit_kmalloc_array+0x34/0x88 [ 21.702619] copy_user_test_oob+0xac/0xec0 [ 21.702792] kunit_try_run_case+0x170/0x3f0 [ 21.703187] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.703710] kthread+0x318/0x620 [ 21.704001] ret_from_fork+0x10/0x20 [ 21.704165] [ 21.704356] The buggy address belongs to the object at fff00000c65b6300 [ 21.704356] which belongs to the cache kmalloc-128 of size 128 [ 21.705098] The buggy address is located 0 bytes inside of [ 21.705098] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.705809] [ 21.705957] The buggy address belongs to the physical page: [ 21.706356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.706788] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.707197] page_type: f5(slab) [ 21.707488] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.707968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.708423] page dumped because: kasan: bad access detected [ 21.708690] [ 21.708825] Memory state around the buggy address: [ 21.709102] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.709570] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.709975] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.710391] ^ [ 21.710760] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.711111] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.711443] ================================================================== [ 21.712428] ================================================================== [ 21.712694] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 21.713296] Write of size 1 at addr fff00000c65b6378 by task kunit_try_catch/275 [ 21.713649] [ 21.713857] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 21.713964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.714010] Hardware name: linux,dummy-virt (DT) [ 21.714048] Call trace: [ 21.714076] show_stack+0x20/0x38 (C) [ 21.714137] dump_stack_lvl+0x8c/0xd0 [ 21.714206] print_report+0x118/0x608 [ 21.714275] kasan_report+0xdc/0x128 [ 21.714329] __asan_report_store1_noabort+0x20/0x30 [ 21.714383] strncpy_from_user+0x270/0x2a0 [ 21.714437] copy_user_test_oob+0x5c0/0xec0 [ 21.714491] kunit_try_run_case+0x170/0x3f0 [ 21.714542] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.714601] kthread+0x318/0x620 [ 21.714649] ret_from_fork+0x10/0x20 [ 21.714703] [ 21.717989] Allocated by task 275: [ 21.718326] kasan_save_stack+0x3c/0x68 [ 21.718611] kasan_save_track+0x20/0x40 [ 21.718927] kasan_save_alloc_info+0x40/0x58 [ 21.719196] __kasan_kmalloc+0xd4/0xd8 [ 21.719515] __kmalloc_noprof+0x198/0x4c8 [ 21.719782] kunit_kmalloc_array+0x34/0x88 [ 21.719997] copy_user_test_oob+0xac/0xec0 [ 21.720348] kunit_try_run_case+0x170/0x3f0 [ 21.720596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.720922] kthread+0x318/0x620 [ 21.721213] ret_from_fork+0x10/0x20 [ 21.721517] [ 21.721727] The buggy address belongs to the object at fff00000c65b6300 [ 21.721727] which belongs to the cache kmalloc-128 of size 128 [ 21.722330] The buggy address is located 0 bytes to the right of [ 21.722330] allocated 120-byte region [fff00000c65b6300, fff00000c65b6378) [ 21.722900] [ 21.723109] The buggy address belongs to the physical page: [ 21.723686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b6 [ 21.724030] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.724262] page_type: f5(slab) [ 21.724443] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.724686] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.724933] page dumped because: kasan: bad access detected [ 21.725563] [ 21.725790] Memory state around the buggy address: [ 21.726105] fff00000c65b6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.726410] fff00000c65b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.726782] >fff00000c65b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.727522] ^ [ 21.727776] fff00000c65b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.728005] fff00000c65b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.728552] ==================================================================
[ 16.858219] ================================================================== [ 16.858548] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.858904] Write of size 121 at addr ffff888102a2cf00 by task kunit_try_catch/293 [ 16.859228] [ 16.859314] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 16.859354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.859367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.859389] Call Trace: [ 16.859408] <TASK> [ 16.859425] dump_stack_lvl+0x73/0xb0 [ 16.859455] print_report+0xd1/0x650 [ 16.859482] ? __virt_addr_valid+0x1db/0x2d0 [ 16.859511] ? strncpy_from_user+0x2e/0x1d0 [ 16.859536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.859568] ? strncpy_from_user+0x2e/0x1d0 [ 16.859593] kasan_report+0x140/0x180 [ 16.859633] ? strncpy_from_user+0x2e/0x1d0 [ 16.859662] kasan_check_range+0x10c/0x1c0 [ 16.859703] __kasan_check_write+0x18/0x20 [ 16.859730] strncpy_from_user+0x2e/0x1d0 [ 16.859753] ? __kasan_check_read+0x15/0x20 [ 16.859784] copy_user_test_oob+0x761/0x10f0 [ 16.859814] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.859841] ? finish_task_switch.isra.0+0x153/0x700 [ 16.859869] ? __switch_to+0x5d9/0xf60 [ 16.859900] ? __schedule+0xce8/0x2840 [ 16.859927] ? __pfx_read_tsc+0x10/0x10 [ 16.859954] ? ktime_get_ts64+0x86/0x230 [ 16.859984] kunit_try_run_case+0x1a6/0x480 [ 16.860020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.860047] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.860076] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.860104] ? __kthread_parkme+0x82/0x160 [ 16.860132] ? preempt_count_sub+0x50/0x80 [ 16.860161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.860189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.860220] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.860260] kthread+0x324/0x6e0 [ 16.860286] ? trace_preempt_on+0x20/0xc0 [ 16.860334] ? __pfx_kthread+0x10/0x10 [ 16.860361] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.860389] ? calculate_sigpending+0x7b/0xa0 [ 16.860426] ? __pfx_kthread+0x10/0x10 [ 16.860454] ret_from_fork+0x41/0x80 [ 16.860478] ? __pfx_kthread+0x10/0x10 [ 16.860505] ret_from_fork_asm+0x1a/0x30 [ 16.860541] </TASK> [ 16.860552] [ 16.868487] Allocated by task 293: [ 16.868699] kasan_save_stack+0x45/0x70 [ 16.868895] kasan_save_track+0x18/0x40 [ 16.869108] kasan_save_alloc_info+0x3b/0x50 [ 16.869307] __kasan_kmalloc+0xb7/0xc0 [ 16.869490] __kmalloc_noprof+0x1ca/0x500 [ 16.869790] kunit_kmalloc_array+0x25/0x60 [ 16.869967] copy_user_test_oob+0xac/0x10f0 [ 16.870194] kunit_try_run_case+0x1a6/0x480 [ 16.870383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.870575] kthread+0x324/0x6e0 [ 16.870769] ret_from_fork+0x41/0x80 [ 16.870968] ret_from_fork_asm+0x1a/0x30 [ 16.871180] [ 16.871276] The buggy address belongs to the object at ffff888102a2cf00 [ 16.871276] which belongs to the cache kmalloc-128 of size 128 [ 16.871907] The buggy address is located 0 bytes inside of [ 16.871907] allocated 120-byte region [ffff888102a2cf00, ffff888102a2cf78) [ 16.872396] [ 16.872494] The buggy address belongs to the physical page: [ 16.872805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 16.873169] flags: 0x200000000000000(node=0|zone=2) [ 16.873394] page_type: f5(slab) [ 16.873572] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.873894] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.874138] page dumped because: kasan: bad access detected [ 16.874309] [ 16.874380] Memory state around the buggy address: [ 16.874619] ffff888102a2ce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.874935] ffff888102a2ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.875336] >ffff888102a2cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.875547] ^ [ 16.875755] ffff888102a2cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.876076] ffff888102a2d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.876421] ================================================================== [ 16.877025] ================================================================== [ 16.877302] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.877529] Write of size 1 at addr ffff888102a2cf78 by task kunit_try_catch/293 [ 16.877768] [ 16.877847] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 16.877884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.877898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.877919] Call Trace: [ 16.877933] <TASK> [ 16.877948] dump_stack_lvl+0x73/0xb0 [ 16.877976] print_report+0xd1/0x650 [ 16.878004] ? __virt_addr_valid+0x1db/0x2d0 [ 16.878104] ? strncpy_from_user+0x1a5/0x1d0 [ 16.878129] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.878172] ? strncpy_from_user+0x1a5/0x1d0 [ 16.878198] kasan_report+0x140/0x180 [ 16.878226] ? strncpy_from_user+0x1a5/0x1d0 [ 16.878267] __asan_report_store1_noabort+0x1b/0x30 [ 16.878298] strncpy_from_user+0x1a5/0x1d0 [ 16.878326] copy_user_test_oob+0x761/0x10f0 [ 16.878357] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.878384] ? finish_task_switch.isra.0+0x153/0x700 [ 16.878412] ? __switch_to+0x5d9/0xf60 [ 16.878443] ? __schedule+0xce8/0x2840 [ 16.878471] ? __pfx_read_tsc+0x10/0x10 [ 16.878497] ? ktime_get_ts64+0x86/0x230 [ 16.878527] kunit_try_run_case+0x1a6/0x480 [ 16.878574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.878601] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.878629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.878658] ? __kthread_parkme+0x82/0x160 [ 16.878686] ? preempt_count_sub+0x50/0x80 [ 16.878716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.878744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.878776] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.878807] kthread+0x324/0x6e0 [ 16.878833] ? trace_preempt_on+0x20/0xc0 [ 16.878861] ? __pfx_kthread+0x10/0x10 [ 16.878889] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.878917] ? calculate_sigpending+0x7b/0xa0 [ 16.878943] ? __pfx_kthread+0x10/0x10 [ 16.878971] ret_from_fork+0x41/0x80 [ 16.878995] ? __pfx_kthread+0x10/0x10 [ 16.879031] ret_from_fork_asm+0x1a/0x30 [ 16.879066] </TASK> [ 16.879078] [ 16.887323] Allocated by task 293: [ 16.887470] kasan_save_stack+0x45/0x70 [ 16.887641] kasan_save_track+0x18/0x40 [ 16.887780] kasan_save_alloc_info+0x3b/0x50 [ 16.887986] __kasan_kmalloc+0xb7/0xc0 [ 16.888228] __kmalloc_noprof+0x1ca/0x500 [ 16.888488] kunit_kmalloc_array+0x25/0x60 [ 16.888757] copy_user_test_oob+0xac/0x10f0 [ 16.888976] kunit_try_run_case+0x1a6/0x480 [ 16.889187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.889464] kthread+0x324/0x6e0 [ 16.889700] ret_from_fork+0x41/0x80 [ 16.889897] ret_from_fork_asm+0x1a/0x30 [ 16.890131] [ 16.890270] The buggy address belongs to the object at ffff888102a2cf00 [ 16.890270] which belongs to the cache kmalloc-128 of size 128 [ 16.890825] The buggy address is located 0 bytes to the right of [ 16.890825] allocated 120-byte region [ffff888102a2cf00, ffff888102a2cf78) [ 16.891438] [ 16.891510] The buggy address belongs to the physical page: [ 16.891814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 16.892168] flags: 0x200000000000000(node=0|zone=2) [ 16.892400] page_type: f5(slab) [ 16.892589] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.892936] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.893283] page dumped because: kasan: bad access detected [ 16.893593] [ 16.893717] Memory state around the buggy address: [ 16.893961] ffff888102a2ce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.894225] ffff888102a2ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.894434] >ffff888102a2cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.894675] ^ [ 16.895047] ffff888102a2cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.895370] ffff888102a2d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.895738] ==================================================================