Date
July 8, 2025, 4:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.711325] ================================================================== [ 20.711389] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 20.711677] Write of size 121 at addr fff00000c6e6ca00 by task kunit_try_catch/287 [ 20.711783] [ 20.711833] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.711941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.712026] Hardware name: linux,dummy-virt (DT) [ 20.712086] Call trace: [ 20.712112] show_stack+0x20/0x38 (C) [ 20.712163] dump_stack_lvl+0x8c/0xd0 [ 20.712221] print_report+0x118/0x608 [ 20.712573] kasan_report+0xdc/0x128 [ 20.712669] kasan_check_range+0x100/0x1a8 [ 20.712746] __kasan_check_write+0x20/0x30 [ 20.712847] strncpy_from_user+0x3c/0x2a0 [ 20.713201] copy_user_test_oob+0x5c0/0xec8 [ 20.713310] kunit_try_run_case+0x170/0x3f0 [ 20.713485] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.713598] kthread+0x328/0x630 [ 20.713771] ret_from_fork+0x10/0x20 [ 20.713912] [ 20.714046] Allocated by task 287: [ 20.714115] kasan_save_stack+0x3c/0x68 [ 20.714158] kasan_save_track+0x20/0x40 [ 20.714222] kasan_save_alloc_info+0x40/0x58 [ 20.714264] __kasan_kmalloc+0xd4/0xd8 [ 20.714301] __kmalloc_noprof+0x198/0x4c8 [ 20.714637] kunit_kmalloc_array+0x34/0x88 [ 20.714755] copy_user_test_oob+0xac/0xec8 [ 20.714814] kunit_try_run_case+0x170/0x3f0 [ 20.714939] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.715008] kthread+0x328/0x630 [ 20.715076] ret_from_fork+0x10/0x20 [ 20.715115] [ 20.715136] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.715136] which belongs to the cache kmalloc-128 of size 128 [ 20.715206] The buggy address is located 0 bytes inside of [ 20.715206] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.715271] [ 20.715293] The buggy address belongs to the physical page: [ 20.715324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.715406] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.715466] page_type: f5(slab) [ 20.715507] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.715575] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.715618] page dumped because: kasan: bad access detected [ 20.715661] [ 20.715682] Memory state around the buggy address: [ 20.715715] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.715760] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.715806] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.715856] ^ [ 20.715898] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.715944] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.715985] ================================================================== [ 20.716929] ================================================================== [ 20.716983] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 20.717032] Write of size 1 at addr fff00000c6e6ca78 by task kunit_try_catch/287 [ 20.717084] [ 20.717114] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 20.717473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.717552] Hardware name: linux,dummy-virt (DT) [ 20.717586] Call trace: [ 20.717610] show_stack+0x20/0x38 (C) [ 20.717702] dump_stack_lvl+0x8c/0xd0 [ 20.717803] print_report+0x118/0x608 [ 20.718050] kasan_report+0xdc/0x128 [ 20.718151] __asan_report_store1_noabort+0x20/0x30 [ 20.718243] strncpy_from_user+0x270/0x2a0 [ 20.718317] copy_user_test_oob+0x5c0/0xec8 [ 20.718455] kunit_try_run_case+0x170/0x3f0 [ 20.718554] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.718648] kthread+0x328/0x630 [ 20.718788] ret_from_fork+0x10/0x20 [ 20.718905] [ 20.719017] Allocated by task 287: [ 20.719085] kasan_save_stack+0x3c/0x68 [ 20.719177] kasan_save_track+0x20/0x40 [ 20.719219] kasan_save_alloc_info+0x40/0x58 [ 20.719260] __kasan_kmalloc+0xd4/0xd8 [ 20.719553] __kmalloc_noprof+0x198/0x4c8 [ 20.719635] kunit_kmalloc_array+0x34/0x88 [ 20.719725] copy_user_test_oob+0xac/0xec8 [ 20.719858] kunit_try_run_case+0x170/0x3f0 [ 20.719942] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.720047] kthread+0x328/0x630 [ 20.720215] ret_from_fork+0x10/0x20 [ 20.720421] [ 20.720492] The buggy address belongs to the object at fff00000c6e6ca00 [ 20.720492] which belongs to the cache kmalloc-128 of size 128 [ 20.720684] The buggy address is located 0 bytes to the right of [ 20.720684] allocated 120-byte region [fff00000c6e6ca00, fff00000c6e6ca78) [ 20.720769] [ 20.720791] The buggy address belongs to the physical page: [ 20.720833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 20.720892] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.721065] page_type: f5(slab) [ 20.721215] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.721501] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.721588] page dumped because: kasan: bad access detected [ 20.721656] [ 20.721679] Memory state around the buggy address: [ 20.721713] fff00000c6e6c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.721758] fff00000c6e6c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.722005] >fff00000c6e6ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.722083] ^ [ 20.722192] fff00000c6e6ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.722256] fff00000c6e6cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.722326] ==================================================================
[ 15.561054] ================================================================== [ 15.561443] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.561783] Write of size 1 at addr ffff888103606978 by task kunit_try_catch/305 [ 15.562136] [ 15.562252] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.562299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.562314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.562336] Call Trace: [ 15.562352] <TASK> [ 15.562368] dump_stack_lvl+0x73/0xb0 [ 15.562393] print_report+0xd1/0x650 [ 15.562420] ? __virt_addr_valid+0x1db/0x2d0 [ 15.562443] ? strncpy_from_user+0x1a5/0x1d0 [ 15.562467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.562492] ? strncpy_from_user+0x1a5/0x1d0 [ 15.562528] kasan_report+0x141/0x180 [ 15.562552] ? strncpy_from_user+0x1a5/0x1d0 [ 15.562582] __asan_report_store1_noabort+0x1b/0x30 [ 15.562605] strncpy_from_user+0x1a5/0x1d0 [ 15.562633] copy_user_test_oob+0x760/0x10f0 [ 15.562657] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.562679] ? finish_task_switch.isra.0+0x153/0x700 [ 15.562705] ? __switch_to+0x5d9/0xf60 [ 15.562726] ? dequeue_task_fair+0x156/0x4e0 [ 15.562752] ? __schedule+0x10cc/0x2b60 [ 15.562777] ? __pfx_read_tsc+0x10/0x10 [ 15.562798] ? ktime_get_ts64+0x86/0x230 [ 15.562827] kunit_try_run_case+0x1a5/0x480 [ 15.562853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.562886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.562912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.562938] ? __kthread_parkme+0x82/0x180 [ 15.562962] ? preempt_count_sub+0x50/0x80 [ 15.562988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.563011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.563035] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.563061] kthread+0x337/0x6f0 [ 15.563079] ? trace_preempt_on+0x20/0xc0 [ 15.563105] ? __pfx_kthread+0x10/0x10 [ 15.563124] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.563148] ? calculate_sigpending+0x7b/0xa0 [ 15.563171] ? __pfx_kthread+0x10/0x10 [ 15.563192] ret_from_fork+0x41/0x80 [ 15.563213] ? __pfx_kthread+0x10/0x10 [ 15.563233] ret_from_fork_asm+0x1a/0x30 [ 15.563265] </TASK> [ 15.563276] [ 15.574172] Allocated by task 305: [ 15.574351] kasan_save_stack+0x45/0x70 [ 15.574516] kasan_save_track+0x18/0x40 [ 15.574661] kasan_save_alloc_info+0x3b/0x50 [ 15.574970] __kasan_kmalloc+0xb7/0xc0 [ 15.575166] __kmalloc_noprof+0x1c9/0x500 [ 15.575355] kunit_kmalloc_array+0x25/0x60 [ 15.575501] copy_user_test_oob+0xab/0x10f0 [ 15.575717] kunit_try_run_case+0x1a5/0x480 [ 15.576001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.576194] kthread+0x337/0x6f0 [ 15.576345] ret_from_fork+0x41/0x80 [ 15.576551] ret_from_fork_asm+0x1a/0x30 [ 15.576757] [ 15.576858] The buggy address belongs to the object at ffff888103606900 [ 15.576858] which belongs to the cache kmalloc-128 of size 128 [ 15.577338] The buggy address is located 0 bytes to the right of [ 15.577338] allocated 120-byte region [ffff888103606900, ffff888103606978) [ 15.577919] [ 15.577996] The buggy address belongs to the physical page: [ 15.578213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103606 [ 15.578586] flags: 0x200000000000000(node=0|zone=2) [ 15.578783] page_type: f5(slab) [ 15.578915] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.579238] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.579592] page dumped because: kasan: bad access detected [ 15.579863] [ 15.579951] Memory state around the buggy address: [ 15.580151] ffff888103606800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.580424] ffff888103606880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.580692] >ffff888103606900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.581029] ^ [ 15.581282] ffff888103606980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.581664] ffff888103606a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.582004] ================================================================== [ 15.539519] ================================================================== [ 15.539782] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.540109] Write of size 121 at addr ffff888103606900 by task kunit_try_catch/305 [ 15.540851] [ 15.540975] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 15.541024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.541040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.541063] Call Trace: [ 15.541079] <TASK> [ 15.541095] dump_stack_lvl+0x73/0xb0 [ 15.541123] print_report+0xd1/0x650 [ 15.541149] ? __virt_addr_valid+0x1db/0x2d0 [ 15.541172] ? strncpy_from_user+0x2e/0x1d0 [ 15.541196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.541221] ? strncpy_from_user+0x2e/0x1d0 [ 15.541246] kasan_report+0x141/0x180 [ 15.541271] ? strncpy_from_user+0x2e/0x1d0 [ 15.541301] kasan_check_range+0x10c/0x1c0 [ 15.541323] __kasan_check_write+0x18/0x20 [ 15.541345] strncpy_from_user+0x2e/0x1d0 [ 15.541369] ? __kasan_check_read+0x15/0x20 [ 15.541393] copy_user_test_oob+0x760/0x10f0 [ 15.541417] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.541439] ? finish_task_switch.isra.0+0x153/0x700 [ 15.541465] ? __switch_to+0x5d9/0xf60 [ 15.541486] ? dequeue_task_fair+0x156/0x4e0 [ 15.541512] ? __schedule+0x10cc/0x2b60 [ 15.541550] ? __pfx_read_tsc+0x10/0x10 [ 15.541572] ? ktime_get_ts64+0x86/0x230 [ 15.541598] kunit_try_run_case+0x1a5/0x480 [ 15.541621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.541642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.541668] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.541694] ? __kthread_parkme+0x82/0x180 [ 15.541717] ? preempt_count_sub+0x50/0x80 [ 15.541744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.541765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.541790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.541815] kthread+0x337/0x6f0 [ 15.541834] ? trace_preempt_on+0x20/0xc0 [ 15.541859] ? __pfx_kthread+0x10/0x10 [ 15.541889] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.541913] ? calculate_sigpending+0x7b/0xa0 [ 15.541935] ? __pfx_kthread+0x10/0x10 [ 15.541955] ret_from_fork+0x41/0x80 [ 15.541978] ? __pfx_kthread+0x10/0x10 [ 15.541998] ret_from_fork_asm+0x1a/0x30 [ 15.542029] </TASK> [ 15.542040] [ 15.552404] Allocated by task 305: [ 15.552595] kasan_save_stack+0x45/0x70 [ 15.552779] kasan_save_track+0x18/0x40 [ 15.552990] kasan_save_alloc_info+0x3b/0x50 [ 15.553165] __kasan_kmalloc+0xb7/0xc0 [ 15.553302] __kmalloc_noprof+0x1c9/0x500 [ 15.553446] kunit_kmalloc_array+0x25/0x60 [ 15.553632] copy_user_test_oob+0xab/0x10f0 [ 15.553855] kunit_try_run_case+0x1a5/0x480 [ 15.554077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.554332] kthread+0x337/0x6f0 [ 15.554493] ret_from_fork+0x41/0x80 [ 15.554666] ret_from_fork_asm+0x1a/0x30 [ 15.554849] [ 15.554935] The buggy address belongs to the object at ffff888103606900 [ 15.554935] which belongs to the cache kmalloc-128 of size 128 [ 15.555430] The buggy address is located 0 bytes inside of [ 15.555430] allocated 120-byte region [ffff888103606900, ffff888103606978) [ 15.555998] [ 15.556106] The buggy address belongs to the physical page: [ 15.556307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103606 [ 15.556734] flags: 0x200000000000000(node=0|zone=2) [ 15.557042] page_type: f5(slab) [ 15.557425] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.557806] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.558118] page dumped because: kasan: bad access detected [ 15.558296] [ 15.558399] Memory state around the buggy address: [ 15.558625] ffff888103606800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.558869] ffff888103606880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.559377] >ffff888103606900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.559743] ^ [ 15.559993] ffff888103606980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.560214] ffff888103606a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.560539] ==================================================================