Date
June 17, 2025, 3:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.276567] ================================================================== [ 26.276707] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 26.276841] Write of size 1 at addr fff00000c73ad978 by task kunit_try_catch/287 [ 26.276961] [ 26.277057] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.277266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.277380] Hardware name: linux,dummy-virt (DT) [ 26.277459] Call trace: [ 26.277517] show_stack+0x20/0x38 (C) [ 26.278135] dump_stack_lvl+0x8c/0xd0 [ 26.278454] print_report+0x118/0x608 [ 26.278613] kasan_report+0xdc/0x128 [ 26.278759] __asan_report_store1_noabort+0x20/0x30 [ 26.278940] strncpy_from_user+0x270/0x2a0 [ 26.279064] copy_user_test_oob+0x5c0/0xec8 [ 26.279169] kunit_try_run_case+0x170/0x3f0 [ 26.279597] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.279831] kthread+0x328/0x630 [ 26.279999] ret_from_fork+0x10/0x20 [ 26.280186] [ 26.280233] Allocated by task 287: [ 26.280297] kasan_save_stack+0x3c/0x68 [ 26.280399] kasan_save_track+0x20/0x40 [ 26.280509] kasan_save_alloc_info+0x40/0x58 [ 26.280596] __kasan_kmalloc+0xd4/0xd8 [ 26.280913] __kmalloc_noprof+0x198/0x4c8 [ 26.281012] kunit_kmalloc_array+0x34/0x88 [ 26.281173] copy_user_test_oob+0xac/0xec8 [ 26.281303] kunit_try_run_case+0x170/0x3f0 [ 26.281434] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.281567] kthread+0x328/0x630 [ 26.281664] ret_from_fork+0x10/0x20 [ 26.281829] [ 26.282140] The buggy address belongs to the object at fff00000c73ad900 [ 26.282140] which belongs to the cache kmalloc-128 of size 128 [ 26.282478] The buggy address is located 0 bytes to the right of [ 26.282478] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.282716] [ 26.282811] The buggy address belongs to the physical page: [ 26.282922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.283127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.283278] page_type: f5(slab) [ 26.283368] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.283471] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.283591] page dumped because: kasan: bad access detected [ 26.283672] [ 26.283718] Memory state around the buggy address: [ 26.283812] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.283924] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.284011] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.284122] ^ [ 26.284557] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.284697] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.284870] ================================================================== [ 26.266196] ================================================================== [ 26.266601] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 26.266748] Write of size 121 at addr fff00000c73ad900 by task kunit_try_catch/287 [ 26.266857] [ 26.266938] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 26.267135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.267209] Hardware name: linux,dummy-virt (DT) [ 26.267293] Call trace: [ 26.267356] show_stack+0x20/0x38 (C) [ 26.267482] dump_stack_lvl+0x8c/0xd0 [ 26.267603] print_report+0x118/0x608 [ 26.267720] kasan_report+0xdc/0x128 [ 26.267854] kasan_check_range+0x100/0x1a8 [ 26.268716] __kasan_check_write+0x20/0x30 [ 26.268966] strncpy_from_user+0x3c/0x2a0 [ 26.269099] copy_user_test_oob+0x5c0/0xec8 [ 26.269221] kunit_try_run_case+0x170/0x3f0 [ 26.269872] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.270034] kthread+0x328/0x630 [ 26.270149] ret_from_fork+0x10/0x20 [ 26.270327] [ 26.270383] Allocated by task 287: [ 26.270508] kasan_save_stack+0x3c/0x68 [ 26.270615] kasan_save_track+0x20/0x40 [ 26.270711] kasan_save_alloc_info+0x40/0x58 [ 26.270818] __kasan_kmalloc+0xd4/0xd8 [ 26.270913] __kmalloc_noprof+0x198/0x4c8 [ 26.271007] kunit_kmalloc_array+0x34/0x88 [ 26.271109] copy_user_test_oob+0xac/0xec8 [ 26.271204] kunit_try_run_case+0x170/0x3f0 [ 26.271300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.271413] kthread+0x328/0x630 [ 26.271513] ret_from_fork+0x10/0x20 [ 26.271646] [ 26.271722] The buggy address belongs to the object at fff00000c73ad900 [ 26.271722] which belongs to the cache kmalloc-128 of size 128 [ 26.271947] The buggy address is located 0 bytes inside of [ 26.271947] allocated 120-byte region [fff00000c73ad900, fff00000c73ad978) [ 26.272151] [ 26.272206] The buggy address belongs to the physical page: [ 26.272311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 26.272515] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.272650] page_type: f5(slab) [ 26.272764] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.272880] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.272986] page dumped because: kasan: bad access detected [ 26.273074] [ 26.273127] Memory state around the buggy address: [ 26.273218] fff00000c73ad800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.273934] fff00000c73ad880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.274086] >fff00000c73ad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.274212] ^ [ 26.274884] fff00000c73ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.275105] fff00000c73ada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.275223] ==================================================================
[ 26.971183] ================================================================== [ 26.971895] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 26.972643] Write of size 121 at addr ffff888102ed7700 by task kunit_try_catch/305 [ 26.973340] [ 26.973606] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 26.973742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.973784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.973846] Call Trace: [ 26.973904] <TASK> [ 26.973962] dump_stack_lvl+0x73/0xb0 [ 26.974056] print_report+0xd1/0x650 [ 26.974144] ? __virt_addr_valid+0x1db/0x2d0 [ 26.974229] ? strncpy_from_user+0x2e/0x1d0 [ 26.974329] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.974417] ? strncpy_from_user+0x2e/0x1d0 [ 26.974530] kasan_report+0x141/0x180 [ 26.974620] ? strncpy_from_user+0x2e/0x1d0 [ 26.974719] kasan_check_range+0x10c/0x1c0 [ 26.974799] __kasan_check_write+0x18/0x20 [ 26.974876] strncpy_from_user+0x2e/0x1d0 [ 26.974964] copy_user_test_oob+0x760/0x10f0 [ 26.975048] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.975107] ? finish_task_switch.isra.0+0x153/0x700 [ 26.975151] ? __switch_to+0x5d9/0xf60 [ 26.975185] ? dequeue_task_fair+0x166/0x4e0 [ 26.975224] ? __schedule+0x10cc/0x2b60 [ 26.975260] ? __pfx_read_tsc+0x10/0x10 [ 26.975317] ? ktime_get_ts64+0x86/0x230 [ 26.975364] kunit_try_run_case+0x1a5/0x480 [ 26.975406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.975442] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.975481] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.975518] ? __kthread_parkme+0x82/0x180 [ 26.975553] ? preempt_count_sub+0x50/0x80 [ 26.975591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.975629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.975664] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.975700] kthread+0x337/0x6f0 [ 26.975725] ? trace_preempt_on+0x20/0xc0 [ 26.975763] ? __pfx_kthread+0x10/0x10 [ 26.975792] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.975825] ? calculate_sigpending+0x7b/0xa0 [ 26.975858] ? __pfx_kthread+0x10/0x10 [ 26.975902] ret_from_fork+0x41/0x80 [ 26.975937] ? __pfx_kthread+0x10/0x10 [ 26.975966] ret_from_fork_asm+0x1a/0x30 [ 26.976012] </TASK> [ 26.976030] [ 26.993603] Allocated by task 305: [ 26.994044] kasan_save_stack+0x45/0x70 [ 26.994642] kasan_save_track+0x18/0x40 [ 26.995074] kasan_save_alloc_info+0x3b/0x50 [ 26.995479] __kasan_kmalloc+0xb7/0xc0 [ 26.995799] __kmalloc_noprof+0x1c9/0x500 [ 26.996470] kunit_kmalloc_array+0x25/0x60 [ 26.997179] copy_user_test_oob+0xab/0x10f0 [ 26.997923] kunit_try_run_case+0x1a5/0x480 [ 26.998485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.999055] kthread+0x337/0x6f0 [ 26.999517] ret_from_fork+0x41/0x80 [ 27.000033] ret_from_fork_asm+0x1a/0x30 [ 27.000518] [ 27.000714] The buggy address belongs to the object at ffff888102ed7700 [ 27.000714] which belongs to the cache kmalloc-128 of size 128 [ 27.001623] The buggy address is located 0 bytes inside of [ 27.001623] allocated 120-byte region [ffff888102ed7700, ffff888102ed7778) [ 27.002682] [ 27.002946] The buggy address belongs to the physical page: [ 27.003620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ed7 [ 27.004471] flags: 0x200000000000000(node=0|zone=2) [ 27.005003] page_type: f5(slab) [ 27.005396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.005909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.006598] page dumped because: kasan: bad access detected [ 27.007478] [ 27.007812] Memory state around the buggy address: [ 27.008463] ffff888102ed7600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.009190] ffff888102ed7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.009786] >ffff888102ed7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.010233] ^ [ 27.010793] ffff888102ed7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.011529] ffff888102ed7800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.012156] ================================================================== [ 27.013865] ================================================================== [ 27.014542] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.015025] Write of size 1 at addr ffff888102ed7778 by task kunit_try_catch/305 [ 27.015723] [ 27.016026] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 27.016157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.016202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.016264] Call Trace: [ 27.016337] <TASK> [ 27.016394] dump_stack_lvl+0x73/0xb0 [ 27.016486] print_report+0xd1/0x650 [ 27.016573] ? __virt_addr_valid+0x1db/0x2d0 [ 27.016676] ? strncpy_from_user+0x1a5/0x1d0 [ 27.016784] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.016867] ? strncpy_from_user+0x1a5/0x1d0 [ 27.016948] kasan_report+0x141/0x180 [ 27.017027] ? strncpy_from_user+0x1a5/0x1d0 [ 27.017121] __asan_report_store1_noabort+0x1b/0x30 [ 27.017202] strncpy_from_user+0x1a5/0x1d0 [ 27.017287] copy_user_test_oob+0x760/0x10f0 [ 27.017388] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.017461] ? finish_task_switch.isra.0+0x153/0x700 [ 27.017534] ? __switch_to+0x5d9/0xf60 [ 27.017571] ? dequeue_task_fair+0x166/0x4e0 [ 27.017610] ? __schedule+0x10cc/0x2b60 [ 27.017648] ? __pfx_read_tsc+0x10/0x10 [ 27.017683] ? ktime_get_ts64+0x86/0x230 [ 27.017724] kunit_try_run_case+0x1a5/0x480 [ 27.017764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.017800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.017837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.017874] ? __kthread_parkme+0x82/0x180 [ 27.017909] ? preempt_count_sub+0x50/0x80 [ 27.017946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.017981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.018016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.018068] kthread+0x337/0x6f0 [ 27.018116] ? trace_preempt_on+0x20/0xc0 [ 27.018154] ? __pfx_kthread+0x10/0x10 [ 27.018181] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.018214] ? calculate_sigpending+0x7b/0xa0 [ 27.018248] ? __pfx_kthread+0x10/0x10 [ 27.018276] ret_from_fork+0x41/0x80 [ 27.018341] ? __pfx_kthread+0x10/0x10 [ 27.018371] ret_from_fork_asm+0x1a/0x30 [ 27.018418] </TASK> [ 27.018435] [ 27.033794] Allocated by task 305: [ 27.034444] kasan_save_stack+0x45/0x70 [ 27.034961] kasan_save_track+0x18/0x40 [ 27.035474] kasan_save_alloc_info+0x3b/0x50 [ 27.035960] __kasan_kmalloc+0xb7/0xc0 [ 27.036449] __kmalloc_noprof+0x1c9/0x500 [ 27.036788] kunit_kmalloc_array+0x25/0x60 [ 27.037234] copy_user_test_oob+0xab/0x10f0 [ 27.037742] kunit_try_run_case+0x1a5/0x480 [ 27.038255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.038844] kthread+0x337/0x6f0 [ 27.039318] ret_from_fork+0x41/0x80 [ 27.039752] ret_from_fork_asm+0x1a/0x30 [ 27.040272] [ 27.040534] The buggy address belongs to the object at ffff888102ed7700 [ 27.040534] which belongs to the cache kmalloc-128 of size 128 [ 27.041592] The buggy address is located 0 bytes to the right of [ 27.041592] allocated 120-byte region [ffff888102ed7700, ffff888102ed7778) [ 27.042649] [ 27.042907] The buggy address belongs to the physical page: [ 27.043529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ed7 [ 27.044275] flags: 0x200000000000000(node=0|zone=2) [ 27.044758] page_type: f5(slab) [ 27.045217] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.045869] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.047278] page dumped because: kasan: bad access detected [ 27.047676] [ 27.047860] Memory state around the buggy address: [ 27.048213] ffff888102ed7600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.048661] ffff888102ed7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.048912] >ffff888102ed7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.049149] ^ [ 27.049830] ffff888102ed7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.050943] ffff888102ed7800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.052186] ==================================================================