Date
July 22, 2025, 2:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.416784] ================================================================== [ 20.416846] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 20.417296] Write of size 121 at addr fff00000c6fc5700 by task kunit_try_catch/287 [ 20.417723] [ 20.417777] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.418392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.418646] Hardware name: linux,dummy-virt (DT) [ 20.418702] Call trace: [ 20.418740] show_stack+0x20/0x38 (C) [ 20.418813] dump_stack_lvl+0x8c/0xd0 [ 20.419096] print_report+0x118/0x5d0 [ 20.419323] kasan_report+0xdc/0x128 [ 20.419591] kasan_check_range+0x100/0x1a8 [ 20.419735] __kasan_check_write+0x20/0x30 [ 20.419938] strncpy_from_user+0x3c/0x2a0 [ 20.420131] copy_user_test_oob+0x5c0/0xec8 [ 20.420200] kunit_try_run_case+0x170/0x3f0 [ 20.420251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.420320] kthread+0x328/0x630 [ 20.420369] ret_from_fork+0x10/0x20 [ 20.420974] [ 20.421061] Allocated by task 287: [ 20.421141] kasan_save_stack+0x3c/0x68 [ 20.421192] kasan_save_track+0x20/0x40 [ 20.421698] kasan_save_alloc_info+0x40/0x58 [ 20.422004] __kasan_kmalloc+0xd4/0xd8 [ 20.422219] __kmalloc_noprof+0x198/0x4c8 [ 20.422736] kunit_kmalloc_array+0x34/0x88 [ 20.422811] copy_user_test_oob+0xac/0xec8 [ 20.423060] kunit_try_run_case+0x170/0x3f0 [ 20.423225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.423393] kthread+0x328/0x630 [ 20.423672] ret_from_fork+0x10/0x20 [ 20.423733] [ 20.423756] The buggy address belongs to the object at fff00000c6fc5700 [ 20.423756] which belongs to the cache kmalloc-128 of size 128 [ 20.423836] The buggy address is located 0 bytes inside of [ 20.423836] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.424199] [ 20.424455] The buggy address belongs to the physical page: [ 20.424562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.424732] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.424929] page_type: f5(slab) [ 20.424995] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.425471] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.425567] page dumped because: kasan: bad access detected [ 20.425811] [ 20.425865] Memory state around the buggy address: [ 20.425905] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.426086] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.426180] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.426223] ^ [ 20.426278] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.426336] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.426378] ================================================================== [ 20.428775] ================================================================== [ 20.428838] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 20.428892] Write of size 1 at addr fff00000c6fc5778 by task kunit_try_catch/287 [ 20.429102] [ 20.429148] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 20.429630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.429903] Hardware name: linux,dummy-virt (DT) [ 20.430161] Call trace: [ 20.430403] show_stack+0x20/0x38 (C) [ 20.430667] dump_stack_lvl+0x8c/0xd0 [ 20.430737] print_report+0x118/0x5d0 [ 20.430819] kasan_report+0xdc/0x128 [ 20.430998] __asan_report_store1_noabort+0x20/0x30 [ 20.431084] strncpy_from_user+0x270/0x2a0 [ 20.431142] copy_user_test_oob+0x5c0/0xec8 [ 20.431189] kunit_try_run_case+0x170/0x3f0 [ 20.431240] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.431554] kthread+0x328/0x630 [ 20.431931] ret_from_fork+0x10/0x20 [ 20.432116] [ 20.432220] Allocated by task 287: [ 20.432265] kasan_save_stack+0x3c/0x68 [ 20.432337] kasan_save_track+0x20/0x40 [ 20.432474] kasan_save_alloc_info+0x40/0x58 [ 20.432521] __kasan_kmalloc+0xd4/0xd8 [ 20.432562] __kmalloc_noprof+0x198/0x4c8 [ 20.432604] kunit_kmalloc_array+0x34/0x88 [ 20.432662] copy_user_test_oob+0xac/0xec8 [ 20.432726] kunit_try_run_case+0x170/0x3f0 [ 20.432784] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.432836] kthread+0x328/0x630 [ 20.432892] ret_from_fork+0x10/0x20 [ 20.432934] [ 20.432957] The buggy address belongs to the object at fff00000c6fc5700 [ 20.432957] which belongs to the cache kmalloc-128 of size 128 [ 20.433034] The buggy address is located 0 bytes to the right of [ 20.433034] allocated 120-byte region [fff00000c6fc5700, fff00000c6fc5778) [ 20.433127] [ 20.433170] The buggy address belongs to the physical page: [ 20.433208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 20.433261] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.433461] page_type: f5(slab) [ 20.433601] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.434346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.434417] page dumped because: kasan: bad access detected [ 20.434477] [ 20.434520] Memory state around the buggy address: [ 20.435163] fff00000c6fc5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.435589] fff00000c6fc5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.435685] >fff00000c6fc5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.435772] ^ [ 20.435838] fff00000c6fc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.435926] fff00000c6fc5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.436174] ==================================================================
[ 15.168553] ================================================================== [ 15.168951] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.169286] Write of size 121 at addr ffff888103cfcc00 by task kunit_try_catch/305 [ 15.169678] [ 15.169801] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 15.169856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.169869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.169891] Call Trace: [ 15.169908] <TASK> [ 15.169935] dump_stack_lvl+0x73/0xb0 [ 15.169962] print_report+0xd1/0x610 [ 15.169985] ? __virt_addr_valid+0x1db/0x2d0 [ 15.170007] ? strncpy_from_user+0x2e/0x1d0 [ 15.170027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.170051] ? strncpy_from_user+0x2e/0x1d0 [ 15.170080] kasan_report+0x141/0x180 [ 15.170103] ? strncpy_from_user+0x2e/0x1d0 [ 15.170128] kasan_check_range+0x10c/0x1c0 [ 15.170160] __kasan_check_write+0x18/0x20 [ 15.170180] strncpy_from_user+0x2e/0x1d0 [ 15.170199] ? __kasan_check_read+0x15/0x20 [ 15.170231] copy_user_test_oob+0x760/0x10f0 [ 15.170264] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.170284] ? finish_task_switch.isra.0+0x153/0x700 [ 15.170310] ? __switch_to+0x5d9/0xf60 [ 15.170362] ? dequeue_task_fair+0x166/0x4e0 [ 15.170387] ? __schedule+0x10c6/0x2b60 [ 15.170412] ? __pfx_read_tsc+0x10/0x10 [ 15.170442] ? ktime_get_ts64+0x86/0x230 [ 15.170469] kunit_try_run_case+0x1a5/0x480 [ 15.170491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.170521] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.170543] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.170567] ? __kthread_parkme+0x82/0x180 [ 15.170598] ? preempt_count_sub+0x50/0x80 [ 15.170624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.170645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.170679] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.170703] kthread+0x337/0x6f0 [ 15.170720] ? trace_preempt_on+0x20/0xc0 [ 15.170744] ? __pfx_kthread+0x10/0x10 [ 15.170763] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.170787] ? calculate_sigpending+0x7b/0xa0 [ 15.170809] ? __pfx_kthread+0x10/0x10 [ 15.170828] ret_from_fork+0x41/0x80 [ 15.170850] ? __pfx_kthread+0x10/0x10 [ 15.170868] ret_from_fork_asm+0x1a/0x30 [ 15.170899] </TASK> [ 15.170910] [ 15.178578] Allocated by task 305: [ 15.178780] kasan_save_stack+0x45/0x70 [ 15.178982] kasan_save_track+0x18/0x40 [ 15.179165] kasan_save_alloc_info+0x3b/0x50 [ 15.179407] __kasan_kmalloc+0xb7/0xc0 [ 15.179587] __kmalloc_noprof+0x1c9/0x500 [ 15.179771] kunit_kmalloc_array+0x25/0x60 [ 15.179975] copy_user_test_oob+0xab/0x10f0 [ 15.180159] kunit_try_run_case+0x1a5/0x480 [ 15.180394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.180641] kthread+0x337/0x6f0 [ 15.180794] ret_from_fork+0x41/0x80 [ 15.180997] ret_from_fork_asm+0x1a/0x30 [ 15.181166] [ 15.181282] The buggy address belongs to the object at ffff888103cfcc00 [ 15.181282] which belongs to the cache kmalloc-128 of size 128 [ 15.181698] The buggy address is located 0 bytes inside of [ 15.181698] allocated 120-byte region [ffff888103cfcc00, ffff888103cfcc78) [ 15.182055] [ 15.182126] The buggy address belongs to the physical page: [ 15.182364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cfc [ 15.182724] flags: 0x200000000000000(node=0|zone=2) [ 15.182958] page_type: f5(slab) [ 15.183124] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.183495] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.183831] page dumped because: kasan: bad access detected [ 15.184050] [ 15.184120] Memory state around the buggy address: [ 15.184285] ffff888103cfcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.184572] ffff888103cfcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.184912] >ffff888103cfcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.185245] ^ [ 15.185591] ffff888103cfcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.185885] ffff888103cfcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.186170] ================================================================== [ 15.186823] ================================================================== [ 15.187162] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.187488] Write of size 1 at addr ffff888103cfcc78 by task kunit_try_catch/305 [ 15.187837] [ 15.187956] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 15.188012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.188024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.188046] Call Trace: [ 15.188062] <TASK> [ 15.188076] dump_stack_lvl+0x73/0xb0 [ 15.188112] print_report+0xd1/0x610 [ 15.188135] ? __virt_addr_valid+0x1db/0x2d0 [ 15.188166] ? strncpy_from_user+0x1a5/0x1d0 [ 15.188187] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.188211] ? strncpy_from_user+0x1a5/0x1d0 [ 15.188239] kasan_report+0x141/0x180 [ 15.188263] ? strncpy_from_user+0x1a5/0x1d0 [ 15.188295] __asan_report_store1_noabort+0x1b/0x30 [ 15.188316] strncpy_from_user+0x1a5/0x1d0 [ 15.188339] copy_user_test_oob+0x760/0x10f0 [ 15.188387] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.188408] ? finish_task_switch.isra.0+0x153/0x700 [ 15.188444] ? __switch_to+0x5d9/0xf60 [ 15.188465] ? dequeue_task_fair+0x166/0x4e0 [ 15.188490] ? __schedule+0x10c6/0x2b60 [ 15.188523] ? __pfx_read_tsc+0x10/0x10 [ 15.188543] ? ktime_get_ts64+0x86/0x230 [ 15.188568] kunit_try_run_case+0x1a5/0x480 [ 15.188601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.188620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.188643] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.188680] ? __kthread_parkme+0x82/0x180 [ 15.188702] ? preempt_count_sub+0x50/0x80 [ 15.188726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.188758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.188782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.188816] kthread+0x337/0x6f0 [ 15.188833] ? trace_preempt_on+0x20/0xc0 [ 15.188857] ? __pfx_kthread+0x10/0x10 [ 15.188877] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.188900] ? calculate_sigpending+0x7b/0xa0 [ 15.188927] ? __pfx_kthread+0x10/0x10 [ 15.188946] ret_from_fork+0x41/0x80 [ 15.188967] ? __pfx_kthread+0x10/0x10 [ 15.188985] ret_from_fork_asm+0x1a/0x30 [ 15.189017] </TASK> [ 15.189027] [ 15.196610] Allocated by task 305: [ 15.196801] kasan_save_stack+0x45/0x70 [ 15.197008] kasan_save_track+0x18/0x40 [ 15.197193] kasan_save_alloc_info+0x3b/0x50 [ 15.197434] __kasan_kmalloc+0xb7/0xc0 [ 15.197635] __kmalloc_noprof+0x1c9/0x500 [ 15.197823] kunit_kmalloc_array+0x25/0x60 [ 15.198019] copy_user_test_oob+0xab/0x10f0 [ 15.198165] kunit_try_run_case+0x1a5/0x480 [ 15.198386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.198677] kthread+0x337/0x6f0 [ 15.198798] ret_from_fork+0x41/0x80 [ 15.198955] ret_from_fork_asm+0x1a/0x30 [ 15.199178] [ 15.199281] The buggy address belongs to the object at ffff888103cfcc00 [ 15.199281] which belongs to the cache kmalloc-128 of size 128 [ 15.199818] The buggy address is located 0 bytes to the right of [ 15.199818] allocated 120-byte region [ffff888103cfcc00, ffff888103cfcc78) [ 15.200300] [ 15.200425] The buggy address belongs to the physical page: [ 15.200681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cfc [ 15.201005] flags: 0x200000000000000(node=0|zone=2) [ 15.201242] page_type: f5(slab) [ 15.201414] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.201748] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.202033] page dumped because: kasan: bad access detected [ 15.202206] [ 15.202283] Memory state around the buggy address: [ 15.202464] ffff888103cfcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.202722] ffff888103cfcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.203059] >ffff888103cfcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.203408] ^ [ 15.203719] ffff888103cfcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.203957] ffff888103cfcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.204169] ==================================================================