Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 27.218040] ================================================================== [ 27.218220] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 27.218688] Write of size 121 at addr fff00000c7732300 by task kunit_try_catch/289 [ 27.219107] [ 27.219458] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.219933] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.220074] Hardware name: linux,dummy-virt (DT) [ 27.220143] Call trace: [ 27.220207] show_stack+0x20/0x38 (C) [ 27.220389] dump_stack_lvl+0x8c/0xd0 [ 27.220632] print_report+0x118/0x608 [ 27.220910] kasan_report+0xdc/0x128 [ 27.221550] kasan_check_range+0x100/0x1a8 [ 27.221739] __kasan_check_write+0x20/0x30 [ 27.221874] strncpy_from_user+0x3c/0x2a0 [ 27.222507] copy_user_test_oob+0x5c0/0xec8 [ 27.222692] kunit_try_run_case+0x170/0x3f0 [ 27.224484] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.224641] kthread+0x328/0x630 [ 27.224754] ret_from_fork+0x10/0x20 [ 27.224872] [ 27.224916] Allocated by task 289: [ 27.225187] kasan_save_stack+0x3c/0x68 [ 27.225365] kasan_save_track+0x20/0x40 [ 27.225666] kasan_save_alloc_info+0x40/0x58 [ 27.225982] __kasan_kmalloc+0xd4/0xd8 [ 27.226203] __kmalloc_noprof+0x198/0x4c8 [ 27.226306] kunit_kmalloc_array+0x34/0x88 [ 27.226964] copy_user_test_oob+0xac/0xec8 [ 27.227554] kunit_try_run_case+0x170/0x3f0 [ 27.228064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.228191] kthread+0x328/0x630 [ 27.228591] ret_from_fork+0x10/0x20 [ 27.229223] [ 27.229420] The buggy address belongs to the object at fff00000c7732300 [ 27.229420] which belongs to the cache kmalloc-128 of size 128 [ 27.230011] The buggy address is located 0 bytes inside of [ 27.230011] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.230364] [ 27.230622] The buggy address belongs to the physical page: [ 27.231236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.231715] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.232134] page_type: f5(slab) [ 27.232631] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.232831] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.233258] page dumped because: kasan: bad access detected [ 27.234169] [ 27.234250] Memory state around the buggy address: [ 27.234373] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.234961] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.235432] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.235542] ^ [ 27.235653] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.236099] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.236216] ================================================================== [ 27.239082] ================================================================== [ 27.239156] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 27.239230] Write of size 1 at addr fff00000c7732378 by task kunit_try_catch/289 [ 27.239287] [ 27.239335] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 27.239453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.239486] Hardware name: linux,dummy-virt (DT) [ 27.239524] Call trace: [ 27.239553] show_stack+0x20/0x38 (C) [ 27.239611] dump_stack_lvl+0x8c/0xd0 [ 27.239664] print_report+0x118/0x608 [ 27.239716] kasan_report+0xdc/0x128 [ 27.239765] __asan_report_store1_noabort+0x20/0x30 [ 27.239819] strncpy_from_user+0x270/0x2a0 [ 27.239869] copy_user_test_oob+0x5c0/0xec8 [ 27.239917] kunit_try_run_case+0x170/0x3f0 [ 27.239970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.240030] kthread+0x328/0x630 [ 27.240080] ret_from_fork+0x10/0x20 [ 27.240136] [ 27.240157] Allocated by task 289: [ 27.240190] kasan_save_stack+0x3c/0x68 [ 27.240236] kasan_save_track+0x20/0x40 [ 27.240278] kasan_save_alloc_info+0x40/0x58 [ 27.240321] __kasan_kmalloc+0xd4/0xd8 [ 27.240361] __kmalloc_noprof+0x198/0x4c8 [ 27.240424] kunit_kmalloc_array+0x34/0x88 [ 27.240509] copy_user_test_oob+0xac/0xec8 [ 27.240599] kunit_try_run_case+0x170/0x3f0 [ 27.240692] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.240811] kthread+0x328/0x630 [ 27.240900] ret_from_fork+0x10/0x20 [ 27.240981] [ 27.241030] The buggy address belongs to the object at fff00000c7732300 [ 27.241030] which belongs to the cache kmalloc-128 of size 128 [ 27.241352] The buggy address is located 0 bytes to the right of [ 27.241352] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 27.241545] [ 27.241597] The buggy address belongs to the physical page: [ 27.241678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 27.241808] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.242119] page_type: f5(slab) [ 27.242223] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.242367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.242470] page dumped because: kasan: bad access detected [ 27.242551] [ 27.242779] Memory state around the buggy address: [ 27.242872] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.242990] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.243101] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.243193] ^ [ 27.243468] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.243641] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.243761] ==================================================================
[ 18.479380] ================================================================== [ 18.479661] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 18.480094] Write of size 121 at addr ffff8881039f5200 by task kunit_try_catch/305 [ 18.480239] [ 18.480315] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.480368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.480382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.480404] Call Trace: [ 18.480428] <TASK> [ 18.480448] dump_stack_lvl+0x73/0xb0 [ 18.480477] print_report+0xd1/0x650 [ 18.480502] ? __virt_addr_valid+0x1db/0x2d0 [ 18.480524] ? strncpy_from_user+0x2e/0x1d0 [ 18.480544] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.480581] ? strncpy_from_user+0x2e/0x1d0 [ 18.480605] kasan_report+0x141/0x180 [ 18.480627] ? strncpy_from_user+0x2e/0x1d0 [ 18.480652] kasan_check_range+0x10c/0x1c0 [ 18.480673] __kasan_check_write+0x18/0x20 [ 18.480736] strncpy_from_user+0x2e/0x1d0 [ 18.480757] ? __kasan_check_read+0x15/0x20 [ 18.480778] copy_user_test_oob+0x760/0x10f0 [ 18.480802] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.480823] ? finish_task_switch.isra.0+0x153/0x700 [ 18.481103] ? __switch_to+0x5d9/0xf60 [ 18.481127] ? dequeue_task_fair+0x166/0x4e0 [ 18.481151] ? __schedule+0x10cc/0x2b30 [ 18.481174] ? __pfx_read_tsc+0x10/0x10 [ 18.481194] ? ktime_get_ts64+0x86/0x230 [ 18.481219] kunit_try_run_case+0x1a5/0x480 [ 18.481243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.481266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.481289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.481311] ? __kthread_parkme+0x82/0x180 [ 18.481332] ? preempt_count_sub+0x50/0x80 [ 18.481355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.481378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.481401] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.481423] kthread+0x337/0x6f0 [ 18.481440] ? trace_preempt_on+0x20/0xc0 [ 18.481464] ? __pfx_kthread+0x10/0x10 [ 18.481482] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.481502] ? calculate_sigpending+0x7b/0xa0 [ 18.481524] ? __pfx_kthread+0x10/0x10 [ 18.481543] ret_from_fork+0x41/0x80 [ 18.481584] ? __pfx_kthread+0x10/0x10 [ 18.481606] ret_from_fork_asm+0x1a/0x30 [ 18.481636] </TASK> [ 18.481649] [ 18.490285] Allocated by task 305: [ 18.490431] kasan_save_stack+0x45/0x70 [ 18.490729] kasan_save_track+0x18/0x40 [ 18.490860] kasan_save_alloc_info+0x3b/0x50 [ 18.491102] __kasan_kmalloc+0xb7/0xc0 [ 18.491430] __kmalloc_noprof+0x1c9/0x500 [ 18.491583] kunit_kmalloc_array+0x25/0x60 [ 18.491867] copy_user_test_oob+0xab/0x10f0 [ 18.491972] kunit_try_run_case+0x1a5/0x480 [ 18.492196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.492388] kthread+0x337/0x6f0 [ 18.492524] ret_from_fork+0x41/0x80 [ 18.492672] ret_from_fork_asm+0x1a/0x30 [ 18.492838] [ 18.492915] The buggy address belongs to the object at ffff8881039f5200 [ 18.492915] which belongs to the cache kmalloc-128 of size 128 [ 18.493256] The buggy address is located 0 bytes inside of [ 18.493256] allocated 120-byte region [ffff8881039f5200, ffff8881039f5278) [ 18.494214] [ 18.494308] The buggy address belongs to the physical page: [ 18.494422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.494980] flags: 0x200000000000000(node=0|zone=2) [ 18.495439] page_type: f5(slab) [ 18.495585] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.496293] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.496606] page dumped because: kasan: bad access detected [ 18.496733] [ 18.497112] Memory state around the buggy address: [ 18.497351] ffff8881039f5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.497505] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.498167] >ffff8881039f5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.499036] ^ [ 18.499198] ffff8881039f5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.499342] ffff8881039f5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.499471] ================================================================== [ 18.501213] ================================================================== [ 18.501417] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 18.502132] Write of size 1 at addr ffff8881039f5278 by task kunit_try_catch/305 [ 18.502393] [ 18.502475] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 18.502530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.502545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.502783] Call Trace: [ 18.502814] <TASK> [ 18.502837] dump_stack_lvl+0x73/0xb0 [ 18.502873] print_report+0xd1/0x650 [ 18.502898] ? __virt_addr_valid+0x1db/0x2d0 [ 18.502932] ? strncpy_from_user+0x1a5/0x1d0 [ 18.502956] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.502979] ? strncpy_from_user+0x1a5/0x1d0 [ 18.503001] kasan_report+0x141/0x180 [ 18.503024] ? strncpy_from_user+0x1a5/0x1d0 [ 18.503050] __asan_report_store1_noabort+0x1b/0x30 [ 18.503071] strncpy_from_user+0x1a5/0x1d0 [ 18.503096] copy_user_test_oob+0x760/0x10f0 [ 18.503120] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.503152] ? finish_task_switch.isra.0+0x153/0x700 [ 18.503182] ? __switch_to+0x5d9/0xf60 [ 18.503206] ? dequeue_task_fair+0x166/0x4e0 [ 18.503235] ? __schedule+0x10cc/0x2b30 [ 18.503264] ? __pfx_read_tsc+0x10/0x10 [ 18.503287] ? ktime_get_ts64+0x86/0x230 [ 18.503316] kunit_try_run_case+0x1a5/0x480 [ 18.503344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.503366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.503390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.503413] ? __kthread_parkme+0x82/0x180 [ 18.503434] ? preempt_count_sub+0x50/0x80 [ 18.503459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.503482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.503505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.503528] kthread+0x337/0x6f0 [ 18.503546] ? trace_preempt_on+0x20/0xc0 [ 18.503583] ? __pfx_kthread+0x10/0x10 [ 18.503604] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.503626] ? calculate_sigpending+0x7b/0xa0 [ 18.503648] ? __pfx_kthread+0x10/0x10 [ 18.503667] ret_from_fork+0x41/0x80 [ 18.503689] ? __pfx_kthread+0x10/0x10 [ 18.503708] ret_from_fork_asm+0x1a/0x30 [ 18.503737] </TASK> [ 18.503750] [ 18.512868] Allocated by task 305: [ 18.513030] kasan_save_stack+0x45/0x70 [ 18.513191] kasan_save_track+0x18/0x40 [ 18.513336] kasan_save_alloc_info+0x3b/0x50 [ 18.513484] __kasan_kmalloc+0xb7/0xc0 [ 18.514408] __kmalloc_noprof+0x1c9/0x500 [ 18.514580] kunit_kmalloc_array+0x25/0x60 [ 18.514709] copy_user_test_oob+0xab/0x10f0 [ 18.514814] kunit_try_run_case+0x1a5/0x480 [ 18.514917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.515384] kthread+0x337/0x6f0 [ 18.515522] ret_from_fork+0x41/0x80 [ 18.515669] ret_from_fork_asm+0x1a/0x30 [ 18.515778] [ 18.515839] The buggy address belongs to the object at ffff8881039f5200 [ 18.515839] which belongs to the cache kmalloc-128 of size 128 [ 18.516296] The buggy address is located 0 bytes to the right of [ 18.516296] allocated 120-byte region [ffff8881039f5200, ffff8881039f5278) [ 18.517102] [ 18.517223] The buggy address belongs to the physical page: [ 18.517350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f5 [ 18.517722] flags: 0x200000000000000(node=0|zone=2) [ 18.518066] page_type: f5(slab) [ 18.518305] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.518501] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.518890] page dumped because: kasan: bad access detected [ 18.519188] [ 18.519327] Memory state around the buggy address: [ 18.519504] ffff8881039f5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.519880] ffff8881039f5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.520206] >ffff8881039f5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.520390] ^ [ 18.520647] ffff8881039f5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.520873] ffff8881039f5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.521327] ==================================================================