Date
July 3, 2025, 3:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.483374] ================================================================== [ 18.483608] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 18.483809] Write of size 121 at addr fff00000c77faa00 by task kunit_try_catch/288 [ 18.484004] [ 18.484051] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.484175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.484208] Hardware name: linux,dummy-virt (DT) [ 18.484242] Call trace: [ 18.484268] show_stack+0x20/0x38 (C) [ 18.484318] dump_stack_lvl+0x8c/0xd0 [ 18.484494] print_report+0x118/0x608 [ 18.484595] kasan_report+0xdc/0x128 [ 18.484786] kasan_check_range+0x100/0x1a8 [ 18.484899] __kasan_check_write+0x20/0x30 [ 18.485008] strncpy_from_user+0x3c/0x2a0 [ 18.485106] copy_user_test_oob+0x5c0/0xec8 [ 18.485181] kunit_try_run_case+0x170/0x3f0 [ 18.485232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.485295] kthread+0x328/0x630 [ 18.485420] ret_from_fork+0x10/0x20 [ 18.485473] [ 18.485493] Allocated by task 288: [ 18.485527] kasan_save_stack+0x3c/0x68 [ 18.485566] kasan_save_track+0x20/0x40 [ 18.485792] kasan_save_alloc_info+0x40/0x58 [ 18.485841] __kasan_kmalloc+0xd4/0xd8 [ 18.486006] __kmalloc_noprof+0x198/0x4c8 [ 18.486213] kunit_kmalloc_array+0x34/0x88 [ 18.486305] copy_user_test_oob+0xac/0xec8 [ 18.486565] kunit_try_run_case+0x170/0x3f0 [ 18.486697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.486877] kthread+0x328/0x630 [ 18.487071] ret_from_fork+0x10/0x20 [ 18.487118] [ 18.487233] The buggy address belongs to the object at fff00000c77faa00 [ 18.487233] which belongs to the cache kmalloc-128 of size 128 [ 18.487371] The buggy address is located 0 bytes inside of [ 18.487371] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.487731] [ 18.487910] The buggy address belongs to the physical page: [ 18.488053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.488284] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.488404] page_type: f5(slab) [ 18.488512] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.488566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.488758] page dumped because: kasan: bad access detected [ 18.488884] [ 18.488909] Memory state around the buggy address: [ 18.488965] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.489012] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.489058] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.489118] ^ [ 18.489170] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.489214] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.489271] ================================================================== [ 18.489972] ================================================================== [ 18.490026] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 18.490205] Write of size 1 at addr fff00000c77faa78 by task kunit_try_catch/288 [ 18.490263] [ 18.490481] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 18.490778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.490991] Hardware name: linux,dummy-virt (DT) [ 18.491058] Call trace: [ 18.491177] show_stack+0x20/0x38 (C) [ 18.491469] dump_stack_lvl+0x8c/0xd0 [ 18.491730] print_report+0x118/0x608 [ 18.491828] kasan_report+0xdc/0x128 [ 18.491988] __asan_report_store1_noabort+0x20/0x30 [ 18.492162] strncpy_from_user+0x270/0x2a0 [ 18.492281] copy_user_test_oob+0x5c0/0xec8 [ 18.492390] kunit_try_run_case+0x170/0x3f0 [ 18.492444] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.492688] kthread+0x328/0x630 [ 18.492898] ret_from_fork+0x10/0x20 [ 18.493308] [ 18.493376] Allocated by task 288: [ 18.493415] kasan_save_stack+0x3c/0x68 [ 18.493474] kasan_save_track+0x20/0x40 [ 18.493510] kasan_save_alloc_info+0x40/0x58 [ 18.493551] __kasan_kmalloc+0xd4/0xd8 [ 18.493588] __kmalloc_noprof+0x198/0x4c8 [ 18.493683] kunit_kmalloc_array+0x34/0x88 [ 18.493735] copy_user_test_oob+0xac/0xec8 [ 18.493777] kunit_try_run_case+0x170/0x3f0 [ 18.493818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.493864] kthread+0x328/0x630 [ 18.493900] ret_from_fork+0x10/0x20 [ 18.493937] [ 18.494606] The buggy address belongs to the object at fff00000c77faa00 [ 18.494606] which belongs to the cache kmalloc-128 of size 128 [ 18.494675] The buggy address is located 0 bytes to the right of [ 18.494675] allocated 120-byte region [fff00000c77faa00, fff00000c77faa78) [ 18.494741] [ 18.494765] The buggy address belongs to the physical page: [ 18.494967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 18.495201] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.495422] page_type: f5(slab) [ 18.495504] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.495833] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.495882] page dumped because: kasan: bad access detected [ 18.495937] [ 18.496255] Memory state around the buggy address: [ 18.496533] fff00000c77fa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.496756] fff00000c77fa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.496905] >fff00000c77faa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.496960] ^ [ 18.497139] fff00000c77faa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.497192] fff00000c77fab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.497575] ==================================================================
[ 15.308500] ================================================================== [ 15.308934] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.309254] Write of size 1 at addr ffff888103151e78 by task kunit_try_catch/305 [ 15.310191] [ 15.310333] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.310386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.310400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.310424] Call Trace: [ 15.310446] <TASK> [ 15.310468] dump_stack_lvl+0x73/0xb0 [ 15.310497] print_report+0xd1/0x650 [ 15.310522] ? __virt_addr_valid+0x1db/0x2d0 [ 15.310545] ? strncpy_from_user+0x1a5/0x1d0 [ 15.310570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.310595] ? strncpy_from_user+0x1a5/0x1d0 [ 15.310619] kasan_report+0x141/0x180 [ 15.310785] ? strncpy_from_user+0x1a5/0x1d0 [ 15.310826] __asan_report_store1_noabort+0x1b/0x30 [ 15.310850] strncpy_from_user+0x1a5/0x1d0 [ 15.310876] copy_user_test_oob+0x760/0x10f0 [ 15.310942] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.310963] ? finish_task_switch.isra.0+0x153/0x700 [ 15.310989] ? __switch_to+0x5d9/0xf60 [ 15.311013] ? dequeue_task_fair+0x166/0x4e0 [ 15.311039] ? __schedule+0x10cc/0x2b60 [ 15.311064] ? __pfx_read_tsc+0x10/0x10 [ 15.311085] ? ktime_get_ts64+0x86/0x230 [ 15.311112] kunit_try_run_case+0x1a5/0x480 [ 15.311137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.311161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.311187] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.311213] ? __kthread_parkme+0x82/0x180 [ 15.311246] ? preempt_count_sub+0x50/0x80 [ 15.311271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.311296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.311319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.311344] kthread+0x337/0x6f0 [ 15.311362] ? trace_preempt_on+0x20/0xc0 [ 15.311387] ? __pfx_kthread+0x10/0x10 [ 15.311406] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.311429] ? calculate_sigpending+0x7b/0xa0 [ 15.311452] ? __pfx_kthread+0x10/0x10 [ 15.311472] ret_from_fork+0x41/0x80 [ 15.311493] ? __pfx_kthread+0x10/0x10 [ 15.311512] ret_from_fork_asm+0x1a/0x30 [ 15.311543] </TASK> [ 15.311556] [ 15.320040] Allocated by task 305: [ 15.320240] kasan_save_stack+0x45/0x70 [ 15.320487] kasan_save_track+0x18/0x40 [ 15.320674] kasan_save_alloc_info+0x3b/0x50 [ 15.320880] __kasan_kmalloc+0xb7/0xc0 [ 15.321099] __kmalloc_noprof+0x1c9/0x500 [ 15.321330] kunit_kmalloc_array+0x25/0x60 [ 15.321565] copy_user_test_oob+0xab/0x10f0 [ 15.321836] kunit_try_run_case+0x1a5/0x480 [ 15.322043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.322296] kthread+0x337/0x6f0 [ 15.322476] ret_from_fork+0x41/0x80 [ 15.322637] ret_from_fork_asm+0x1a/0x30 [ 15.322839] [ 15.322941] The buggy address belongs to the object at ffff888103151e00 [ 15.322941] which belongs to the cache kmalloc-128 of size 128 [ 15.323503] The buggy address is located 0 bytes to the right of [ 15.323503] allocated 120-byte region [ffff888103151e00, ffff888103151e78) [ 15.324092] [ 15.324191] The buggy address belongs to the physical page: [ 15.324462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.324887] flags: 0x200000000000000(node=0|zone=2) [ 15.325169] page_type: f5(slab) [ 15.325356] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.325699] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.326068] page dumped because: kasan: bad access detected [ 15.326334] [ 15.326405] Memory state around the buggy address: [ 15.326665] ffff888103151d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.327080] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.327433] >ffff888103151e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.327743] ^ [ 15.328065] ffff888103151e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.328404] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.328721] ================================================================== [ 15.279987] ================================================================== [ 15.280680] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.281119] Write of size 121 at addr ffff888103151e00 by task kunit_try_catch/305 [ 15.281391] [ 15.281515] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 15.281571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.281584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.281609] Call Trace: [ 15.281629] <TASK> [ 15.281681] dump_stack_lvl+0x73/0xb0 [ 15.281711] print_report+0xd1/0x650 [ 15.281736] ? __virt_addr_valid+0x1db/0x2d0 [ 15.281759] ? strncpy_from_user+0x2e/0x1d0 [ 15.281785] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.281809] ? strncpy_from_user+0x2e/0x1d0 [ 15.281832] kasan_report+0x141/0x180 [ 15.281857] ? strncpy_from_user+0x2e/0x1d0 [ 15.281885] kasan_check_range+0x10c/0x1c0 [ 15.281907] __kasan_check_write+0x18/0x20 [ 15.281928] strncpy_from_user+0x2e/0x1d0 [ 15.281950] ? __kasan_check_read+0x15/0x20 [ 15.281974] copy_user_test_oob+0x760/0x10f0 [ 15.281998] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.282019] ? finish_task_switch.isra.0+0x153/0x700 [ 15.282045] ? __switch_to+0x5d9/0xf60 [ 15.282069] ? dequeue_task_fair+0x166/0x4e0 [ 15.282094] ? __schedule+0x10cc/0x2b60 [ 15.282119] ? __pfx_read_tsc+0x10/0x10 [ 15.282140] ? ktime_get_ts64+0x86/0x230 [ 15.282166] kunit_try_run_case+0x1a5/0x480 [ 15.282193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.282217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.282254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.282279] ? __kthread_parkme+0x82/0x180 [ 15.282303] ? preempt_count_sub+0x50/0x80 [ 15.282330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.282354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.282379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.282402] kthread+0x337/0x6f0 [ 15.282420] ? trace_preempt_on+0x20/0xc0 [ 15.282446] ? __pfx_kthread+0x10/0x10 [ 15.282465] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.282487] ? calculate_sigpending+0x7b/0xa0 [ 15.282511] ? __pfx_kthread+0x10/0x10 [ 15.282530] ret_from_fork+0x41/0x80 [ 15.282552] ? __pfx_kthread+0x10/0x10 [ 15.282570] ret_from_fork_asm+0x1a/0x30 [ 15.282602] </TASK> [ 15.282615] [ 15.294918] Allocated by task 305: [ 15.295165] kasan_save_stack+0x45/0x70 [ 15.295400] kasan_save_track+0x18/0x40 [ 15.295596] kasan_save_alloc_info+0x3b/0x50 [ 15.295925] __kasan_kmalloc+0xb7/0xc0 [ 15.296143] __kmalloc_noprof+0x1c9/0x500 [ 15.296422] kunit_kmalloc_array+0x25/0x60 [ 15.296705] copy_user_test_oob+0xab/0x10f0 [ 15.297256] kunit_try_run_case+0x1a5/0x480 [ 15.297427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.297925] kthread+0x337/0x6f0 [ 15.298189] ret_from_fork+0x41/0x80 [ 15.298573] ret_from_fork_asm+0x1a/0x30 [ 15.298780] [ 15.298880] The buggy address belongs to the object at ffff888103151e00 [ 15.298880] which belongs to the cache kmalloc-128 of size 128 [ 15.299406] The buggy address is located 0 bytes inside of [ 15.299406] allocated 120-byte region [ffff888103151e00, ffff888103151e78) [ 15.300187] [ 15.300679] The buggy address belongs to the physical page: [ 15.301096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 15.301597] flags: 0x200000000000000(node=0|zone=2) [ 15.302064] page_type: f5(slab) [ 15.302431] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.302898] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.303419] page dumped because: kasan: bad access detected [ 15.303878] [ 15.304143] Memory state around the buggy address: [ 15.304449] ffff888103151d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.304898] ffff888103151d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.305418] >ffff888103151e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.305814] ^ [ 15.306103] ffff888103151e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.306396] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.306982] ==================================================================