Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.029790] ================================================================== [ 29.029894] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 29.030000] Write of size 1 at addr fff00000c5a7bb78 by task kunit_try_catch/287 [ 29.030121] [ 29.030191] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 29.030414] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.030639] Hardware name: linux,dummy-virt (DT) [ 29.030862] Call trace: [ 29.031033] show_stack+0x20/0x38 (C) [ 29.031160] dump_stack_lvl+0x8c/0xd0 [ 29.031281] print_report+0x118/0x608 [ 29.031411] kasan_report+0xdc/0x128 [ 29.031535] __asan_report_store1_noabort+0x20/0x30 [ 29.031687] strncpy_from_user+0x270/0x2a0 [ 29.031933] copy_user_test_oob+0x5c0/0xec8 [ 29.032083] kunit_try_run_case+0x170/0x3f0 [ 29.032338] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.032631] kthread+0x328/0x630 [ 29.032770] ret_from_fork+0x10/0x20 [ 29.032892] [ 29.033330] Allocated by task 287: [ 29.033441] kasan_save_stack+0x3c/0x68 [ 29.033555] kasan_save_track+0x20/0x40 [ 29.034599] kasan_save_alloc_info+0x40/0x58 [ 29.035090] __kasan_kmalloc+0xd4/0xd8 [ 29.035339] __kmalloc_noprof+0x198/0x4c8 [ 29.035908] kunit_kmalloc_array+0x34/0x88 [ 29.036620] copy_user_test_oob+0xac/0xec8 [ 29.036891] kunit_try_run_case+0x170/0x3f0 [ 29.037000] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.037115] kthread+0x328/0x630 [ 29.037206] ret_from_fork+0x10/0x20 [ 29.037306] [ 29.037365] The buggy address belongs to the object at fff00000c5a7bb00 [ 29.037365] which belongs to the cache kmalloc-128 of size 128 [ 29.037680] The buggy address is located 0 bytes to the right of [ 29.037680] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 29.038456] [ 29.038514] The buggy address belongs to the physical page: [ 29.038599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 29.038746] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.039464] page_type: f5(slab) [ 29.039560] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.039833] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.040123] page dumped because: kasan: bad access detected [ 29.040210] [ 29.040268] Memory state around the buggy address: [ 29.040487] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.040779] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.040894] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.040997] ^ [ 29.041237] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.041407] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.041514] ================================================================== [ 29.016222] ================================================================== [ 29.016332] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 29.016509] Write of size 121 at addr fff00000c5a7bb00 by task kunit_try_catch/287 [ 29.016767] [ 29.016898] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 29.017126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.017208] Hardware name: linux,dummy-virt (DT) [ 29.017289] Call trace: [ 29.017373] show_stack+0x20/0x38 (C) [ 29.017605] dump_stack_lvl+0x8c/0xd0 [ 29.017752] print_report+0x118/0x608 [ 29.017880] kasan_report+0xdc/0x128 [ 29.018079] kasan_check_range+0x100/0x1a8 [ 29.018215] __kasan_check_write+0x20/0x30 [ 29.018400] strncpy_from_user+0x3c/0x2a0 [ 29.018529] copy_user_test_oob+0x5c0/0xec8 [ 29.018778] kunit_try_run_case+0x170/0x3f0 [ 29.018938] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.019214] kthread+0x328/0x630 [ 29.019418] ret_from_fork+0x10/0x20 [ 29.019555] [ 29.019605] Allocated by task 287: [ 29.019695] kasan_save_stack+0x3c/0x68 [ 29.020169] kasan_save_track+0x20/0x40 [ 29.020306] kasan_save_alloc_info+0x40/0x58 [ 29.021010] __kasan_kmalloc+0xd4/0xd8 [ 29.021119] __kmalloc_noprof+0x198/0x4c8 [ 29.021228] kunit_kmalloc_array+0x34/0x88 [ 29.021335] copy_user_test_oob+0xac/0xec8 [ 29.021455] kunit_try_run_case+0x170/0x3f0 [ 29.023019] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.023686] kthread+0x328/0x630 [ 29.023981] ret_from_fork+0x10/0x20 [ 29.024576] [ 29.024637] The buggy address belongs to the object at fff00000c5a7bb00 [ 29.024637] which belongs to the cache kmalloc-128 of size 128 [ 29.024785] The buggy address is located 0 bytes inside of [ 29.024785] allocated 120-byte region [fff00000c5a7bb00, fff00000c5a7bb78) [ 29.024950] [ 29.025003] The buggy address belongs to the physical page: [ 29.026023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7b [ 29.026179] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.026318] page_type: f5(slab) [ 29.026439] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.026710] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.027039] page dumped because: kasan: bad access detected [ 29.027201] [ 29.027281] Memory state around the buggy address: [ 29.027367] fff00000c5a7ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.027536] fff00000c5a7ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.027670] >fff00000c5a7bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.027787] ^ [ 29.028058] fff00000c5a7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.028485] fff00000c5a7bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.028608] ==================================================================
[ 16.669647] ================================================================== [ 16.670037] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.670548] Write of size 121 at addr ffff8881029ed100 by task kunit_try_catch/305 [ 16.671032] [ 16.671216] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.671353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.671379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.671424] Call Trace: [ 16.671486] <TASK> [ 16.671528] dump_stack_lvl+0x73/0xb0 [ 16.671583] print_report+0xd1/0x650 [ 16.671647] ? __virt_addr_valid+0x1db/0x2d0 [ 16.671706] ? strncpy_from_user+0x2e/0x1d0 [ 16.671750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.671798] ? strncpy_from_user+0x2e/0x1d0 [ 16.671843] kasan_report+0x141/0x180 [ 16.671892] ? strncpy_from_user+0x2e/0x1d0 [ 16.671950] kasan_check_range+0x10c/0x1c0 [ 16.671996] __kasan_check_write+0x18/0x20 [ 16.672037] strncpy_from_user+0x2e/0x1d0 [ 16.672080] ? __kasan_check_read+0x15/0x20 [ 16.672127] copy_user_test_oob+0x760/0x10f0 [ 16.672177] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.672219] ? finish_task_switch.isra.0+0x153/0x700 [ 16.672270] ? __switch_to+0x5d9/0xf60 [ 16.672311] ? dequeue_task_fair+0x166/0x4e0 [ 16.672363] ? __schedule+0x10cc/0x2b60 [ 16.672411] ? __pfx_read_tsc+0x10/0x10 [ 16.672452] ? ktime_get_ts64+0x86/0x230 [ 16.672495] kunit_try_run_case+0x1a5/0x480 [ 16.672536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.672570] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.672599] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.672640] ? __kthread_parkme+0x82/0x180 [ 16.672666] ? preempt_count_sub+0x50/0x80 [ 16.672689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.672712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.672734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.672756] kthread+0x337/0x6f0 [ 16.672773] ? trace_preempt_on+0x20/0xc0 [ 16.672798] ? __pfx_kthread+0x10/0x10 [ 16.672816] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.672837] ? calculate_sigpending+0x7b/0xa0 [ 16.672858] ? __pfx_kthread+0x10/0x10 [ 16.672877] ret_from_fork+0x41/0x80 [ 16.672896] ? __pfx_kthread+0x10/0x10 [ 16.672914] ret_from_fork_asm+0x1a/0x30 [ 16.672944] </TASK> [ 16.672957] [ 16.683199] Allocated by task 305: [ 16.683613] kasan_save_stack+0x45/0x70 [ 16.683983] kasan_save_track+0x18/0x40 [ 16.684292] kasan_save_alloc_info+0x3b/0x50 [ 16.684701] __kasan_kmalloc+0xb7/0xc0 [ 16.685027] __kmalloc_noprof+0x1c9/0x500 [ 16.685393] kunit_kmalloc_array+0x25/0x60 [ 16.685750] copy_user_test_oob+0xab/0x10f0 [ 16.685985] kunit_try_run_case+0x1a5/0x480 [ 16.686167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.686377] kthread+0x337/0x6f0 [ 16.686699] ret_from_fork+0x41/0x80 [ 16.687000] ret_from_fork_asm+0x1a/0x30 [ 16.687318] [ 16.687488] The buggy address belongs to the object at ffff8881029ed100 [ 16.687488] which belongs to the cache kmalloc-128 of size 128 [ 16.688291] The buggy address is located 0 bytes inside of [ 16.688291] allocated 120-byte region [ffff8881029ed100, ffff8881029ed178) [ 16.688877] [ 16.688999] The buggy address belongs to the physical page: [ 16.689197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ed [ 16.689471] flags: 0x200000000000000(node=0|zone=2) [ 16.689924] page_type: f5(slab) [ 16.690271] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.690858] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.691389] page dumped because: kasan: bad access detected [ 16.691644] [ 16.691754] Memory state around the buggy address: [ 16.691945] ffff8881029ed000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.692328] ffff8881029ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.692874] >ffff8881029ed100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.693368] ^ [ 16.693892] ffff8881029ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.694389] ffff8881029ed200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.694752] ================================================================== [ 16.695764] ================================================================== [ 16.696650] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.697337] Write of size 1 at addr ffff8881029ed178 by task kunit_try_catch/305 [ 16.698533] [ 16.698840] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 16.698951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.699004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.699055] Call Trace: [ 16.699101] <TASK> [ 16.699141] dump_stack_lvl+0x73/0xb0 [ 16.699239] print_report+0xd1/0x650 [ 16.699290] ? __virt_addr_valid+0x1db/0x2d0 [ 16.699333] ? strncpy_from_user+0x1a5/0x1d0 [ 16.699364] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.699402] ? strncpy_from_user+0x1a5/0x1d0 [ 16.699425] kasan_report+0x141/0x180 [ 16.699448] ? strncpy_from_user+0x1a5/0x1d0 [ 16.699474] __asan_report_store1_noabort+0x1b/0x30 [ 16.699494] strncpy_from_user+0x1a5/0x1d0 [ 16.699518] copy_user_test_oob+0x760/0x10f0 [ 16.699572] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.699595] ? finish_task_switch.isra.0+0x153/0x700 [ 16.699634] ? __switch_to+0x5d9/0xf60 [ 16.699659] ? dequeue_task_fair+0x166/0x4e0 [ 16.699683] ? __schedule+0x10cc/0x2b60 [ 16.699707] ? __pfx_read_tsc+0x10/0x10 [ 16.699726] ? ktime_get_ts64+0x86/0x230 [ 16.699751] kunit_try_run_case+0x1a5/0x480 [ 16.699776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.699797] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.699821] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.699843] ? __kthread_parkme+0x82/0x180 [ 16.699865] ? preempt_count_sub+0x50/0x80 [ 16.699887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.699908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.699930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.699952] kthread+0x337/0x6f0 [ 16.699969] ? trace_preempt_on+0x20/0xc0 [ 16.699992] ? __pfx_kthread+0x10/0x10 [ 16.700010] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.700030] ? calculate_sigpending+0x7b/0xa0 [ 16.700050] ? __pfx_kthread+0x10/0x10 [ 16.700069] ret_from_fork+0x41/0x80 [ 16.700089] ? __pfx_kthread+0x10/0x10 [ 16.700107] ret_from_fork_asm+0x1a/0x30 [ 16.700139] </TASK> [ 16.700153] [ 16.710190] Allocated by task 305: [ 16.710592] kasan_save_stack+0x45/0x70 [ 16.710956] kasan_save_track+0x18/0x40 [ 16.711248] kasan_save_alloc_info+0x3b/0x50 [ 16.711576] __kasan_kmalloc+0xb7/0xc0 [ 16.711901] __kmalloc_noprof+0x1c9/0x500 [ 16.712229] kunit_kmalloc_array+0x25/0x60 [ 16.712454] copy_user_test_oob+0xab/0x10f0 [ 16.712827] kunit_try_run_case+0x1a5/0x480 [ 16.713060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.713470] kthread+0x337/0x6f0 [ 16.713712] ret_from_fork+0x41/0x80 [ 16.713921] ret_from_fork_asm+0x1a/0x30 [ 16.714212] [ 16.714326] The buggy address belongs to the object at ffff8881029ed100 [ 16.714326] which belongs to the cache kmalloc-128 of size 128 [ 16.714951] The buggy address is located 0 bytes to the right of [ 16.714951] allocated 120-byte region [ffff8881029ed100, ffff8881029ed178) [ 16.715862] [ 16.715994] The buggy address belongs to the physical page: [ 16.716324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ed [ 16.716753] flags: 0x200000000000000(node=0|zone=2) [ 16.717027] page_type: f5(slab) [ 16.717329] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.717846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.718230] page dumped because: kasan: bad access detected [ 16.718524] [ 16.718731] Memory state around the buggy address: [ 16.719003] ffff8881029ed000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.719373] ffff8881029ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.719669] >ffff8881029ed100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.719905] ^ [ 16.720347] ffff8881029ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720889] ffff8881029ed200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.721378] ==================================================================