Date
July 3, 2025, 6:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.070842] ================================================================== [ 20.070936] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 20.071008] Write of size 1 at addr fff00000c7834578 by task kunit_try_catch/285 [ 20.071141] [ 20.071173] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.071256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.071411] Hardware name: linux,dummy-virt (DT) [ 20.071458] Call trace: [ 20.071481] show_stack+0x20/0x38 (C) [ 20.071532] dump_stack_lvl+0x8c/0xd0 [ 20.071792] print_report+0x118/0x608 [ 20.071852] kasan_report+0xdc/0x128 [ 20.071936] __asan_report_store1_noabort+0x20/0x30 [ 20.071988] strncpy_from_user+0x270/0x2a0 [ 20.072111] copy_user_test_oob+0x5c0/0xec8 [ 20.072252] kunit_try_run_case+0x170/0x3f0 [ 20.072431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.072512] kthread+0x328/0x630 [ 20.072565] ret_from_fork+0x10/0x20 [ 20.072674] [ 20.072695] Allocated by task 285: [ 20.072725] kasan_save_stack+0x3c/0x68 [ 20.072767] kasan_save_track+0x20/0x40 [ 20.072806] kasan_save_alloc_info+0x40/0x58 [ 20.072848] __kasan_kmalloc+0xd4/0xd8 [ 20.072885] __kmalloc_noprof+0x198/0x4c8 [ 20.073009] kunit_kmalloc_array+0x34/0x88 [ 20.073067] copy_user_test_oob+0xac/0xec8 [ 20.073153] kunit_try_run_case+0x170/0x3f0 [ 20.073268] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.073471] kthread+0x328/0x630 [ 20.073672] ret_from_fork+0x10/0x20 [ 20.073848] [ 20.073938] The buggy address belongs to the object at fff00000c7834500 [ 20.073938] which belongs to the cache kmalloc-128 of size 128 [ 20.074109] The buggy address is located 0 bytes to the right of [ 20.074109] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.074189] [ 20.074210] The buggy address belongs to the physical page: [ 20.074243] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.074305] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.074354] page_type: f5(slab) [ 20.074393] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.074445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.074488] page dumped because: kasan: bad access detected [ 20.074530] [ 20.074565] Memory state around the buggy address: [ 20.074600] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.074645] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.074699] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.074739] ^ [ 20.074781] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.074826] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.074867] ================================================================== [ 20.065514] ================================================================== [ 20.065582] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 20.065685] Write of size 121 at addr fff00000c7834500 by task kunit_try_catch/285 [ 20.065739] [ 20.065768] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.066001] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.066051] Hardware name: linux,dummy-virt (DT) [ 20.066086] Call trace: [ 20.066108] show_stack+0x20/0x38 (C) [ 20.066161] dump_stack_lvl+0x8c/0xd0 [ 20.066208] print_report+0x118/0x608 [ 20.066282] kasan_report+0xdc/0x128 [ 20.066350] kasan_check_range+0x100/0x1a8 [ 20.066401] __kasan_check_write+0x20/0x30 [ 20.066477] strncpy_from_user+0x3c/0x2a0 [ 20.066530] copy_user_test_oob+0x5c0/0xec8 [ 20.066596] kunit_try_run_case+0x170/0x3f0 [ 20.066780] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.066839] kthread+0x328/0x630 [ 20.066884] ret_from_fork+0x10/0x20 [ 20.067148] [ 20.067202] Allocated by task 285: [ 20.067249] kasan_save_stack+0x3c/0x68 [ 20.067331] kasan_save_track+0x20/0x40 [ 20.067390] kasan_save_alloc_info+0x40/0x58 [ 20.067433] __kasan_kmalloc+0xd4/0xd8 [ 20.067469] __kmalloc_noprof+0x198/0x4c8 [ 20.067524] kunit_kmalloc_array+0x34/0x88 [ 20.067646] copy_user_test_oob+0xac/0xec8 [ 20.067820] kunit_try_run_case+0x170/0x3f0 [ 20.067871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.067957] kthread+0x328/0x630 [ 20.068023] ret_from_fork+0x10/0x20 [ 20.068108] [ 20.068147] The buggy address belongs to the object at fff00000c7834500 [ 20.068147] which belongs to the cache kmalloc-128 of size 128 [ 20.068207] The buggy address is located 0 bytes inside of [ 20.068207] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.068269] [ 20.068317] The buggy address belongs to the physical page: [ 20.068366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.068428] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.068527] page_type: f5(slab) [ 20.068591] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.068647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.068859] page dumped because: kasan: bad access detected [ 20.068896] [ 20.068915] Memory state around the buggy address: [ 20.068948] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.068993] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.069051] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.069195] ^ [ 20.069252] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.069353] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.069451] ==================================================================
[ 15.559210] ================================================================== [ 15.559536] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.559808] Write of size 1 at addr ffff8881029dbd78 by task kunit_try_catch/303 [ 15.560125] [ 15.560264] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.560308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.560321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.560350] Call Trace: [ 15.560366] <TASK> [ 15.560384] dump_stack_lvl+0x73/0xb0 [ 15.560410] print_report+0xd1/0x650 [ 15.560434] ? __virt_addr_valid+0x1db/0x2d0 [ 15.560457] ? strncpy_from_user+0x1a5/0x1d0 [ 15.560480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.560502] ? strncpy_from_user+0x1a5/0x1d0 [ 15.560526] kasan_report+0x141/0x180 [ 15.560549] ? strncpy_from_user+0x1a5/0x1d0 [ 15.560576] __asan_report_store1_noabort+0x1b/0x30 [ 15.560598] strncpy_from_user+0x1a5/0x1d0 [ 15.560624] copy_user_test_oob+0x760/0x10f0 [ 15.560650] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.560674] ? finish_task_switch.isra.0+0x153/0x700 [ 15.560695] ? __switch_to+0x47/0xf50 [ 15.560721] ? __schedule+0x10cc/0x2b60 [ 15.560743] ? __pfx_read_tsc+0x10/0x10 [ 15.560764] ? ktime_get_ts64+0x86/0x230 [ 15.560788] kunit_try_run_case+0x1a5/0x480 [ 15.560812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.560836] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.560860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.560884] ? __kthread_parkme+0x82/0x180 [ 15.560904] ? preempt_count_sub+0x50/0x80 [ 15.560928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.560954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.560980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.561004] kthread+0x337/0x6f0 [ 15.561025] ? trace_preempt_on+0x20/0xc0 [ 15.561048] ? __pfx_kthread+0x10/0x10 [ 15.561072] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.561092] ? calculate_sigpending+0x7b/0xa0 [ 15.561129] ? __pfx_kthread+0x10/0x10 [ 15.561152] ret_from_fork+0x116/0x1d0 [ 15.561170] ? __pfx_kthread+0x10/0x10 [ 15.561191] ret_from_fork_asm+0x1a/0x30 [ 15.561223] </TASK> [ 15.561234] [ 15.572366] Allocated by task 303: [ 15.572562] kasan_save_stack+0x45/0x70 [ 15.572746] kasan_save_track+0x18/0x40 [ 15.572925] kasan_save_alloc_info+0x3b/0x50 [ 15.573131] __kasan_kmalloc+0xb7/0xc0 [ 15.573316] __kmalloc_noprof+0x1c9/0x500 [ 15.573502] kunit_kmalloc_array+0x25/0x60 [ 15.573693] copy_user_test_oob+0xab/0x10f0 [ 15.573887] kunit_try_run_case+0x1a5/0x480 [ 15.574081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.574292] kthread+0x337/0x6f0 [ 15.574436] ret_from_fork+0x116/0x1d0 [ 15.574577] ret_from_fork_asm+0x1a/0x30 [ 15.574776] [ 15.574873] The buggy address belongs to the object at ffff8881029dbd00 [ 15.574873] which belongs to the cache kmalloc-128 of size 128 [ 15.575385] The buggy address is located 0 bytes to the right of [ 15.575385] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.575879] [ 15.575977] The buggy address belongs to the physical page: [ 15.576248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.576626] flags: 0x200000000000000(node=0|zone=2) [ 15.576835] page_type: f5(slab) [ 15.576974] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.577292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.577545] page dumped because: kasan: bad access detected [ 15.577796] [ 15.577893] Memory state around the buggy address: [ 15.578121] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.578439] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.578658] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.578981] ^ [ 15.579325] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579585] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579899] ================================================================== [ 15.541027] ================================================================== [ 15.541681] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.542011] Write of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.542424] [ 15.542519] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.542561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.542574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.542596] Call Trace: [ 15.542610] <TASK> [ 15.542626] dump_stack_lvl+0x73/0xb0 [ 15.542651] print_report+0xd1/0x650 [ 15.542674] ? __virt_addr_valid+0x1db/0x2d0 [ 15.542696] ? strncpy_from_user+0x2e/0x1d0 [ 15.542719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.542741] ? strncpy_from_user+0x2e/0x1d0 [ 15.542765] kasan_report+0x141/0x180 [ 15.542788] ? strncpy_from_user+0x2e/0x1d0 [ 15.542815] kasan_check_range+0x10c/0x1c0 [ 15.542838] __kasan_check_write+0x18/0x20 [ 15.542859] strncpy_from_user+0x2e/0x1d0 [ 15.542881] ? __kasan_check_read+0x15/0x20 [ 15.542903] copy_user_test_oob+0x760/0x10f0 [ 15.542929] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.542952] ? finish_task_switch.isra.0+0x153/0x700 [ 15.542975] ? __switch_to+0x47/0xf50 [ 15.543000] ? __schedule+0x10cc/0x2b60 [ 15.543023] ? __pfx_read_tsc+0x10/0x10 [ 15.543044] ? ktime_get_ts64+0x86/0x230 [ 15.543068] kunit_try_run_case+0x1a5/0x480 [ 15.543092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.543128] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.543151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.543174] ? __kthread_parkme+0x82/0x180 [ 15.543195] ? preempt_count_sub+0x50/0x80 [ 15.543224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.543249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.543272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.543296] kthread+0x337/0x6f0 [ 15.543316] ? trace_preempt_on+0x20/0xc0 [ 15.543340] ? __pfx_kthread+0x10/0x10 [ 15.543361] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.543382] ? calculate_sigpending+0x7b/0xa0 [ 15.543405] ? __pfx_kthread+0x10/0x10 [ 15.543428] ret_from_fork+0x116/0x1d0 [ 15.543449] ? __pfx_kthread+0x10/0x10 [ 15.543471] ret_from_fork_asm+0x1a/0x30 [ 15.543502] </TASK> [ 15.543515] [ 15.550911] Allocated by task 303: [ 15.551110] kasan_save_stack+0x45/0x70 [ 15.551333] kasan_save_track+0x18/0x40 [ 15.551536] kasan_save_alloc_info+0x3b/0x50 [ 15.551751] __kasan_kmalloc+0xb7/0xc0 [ 15.551942] __kmalloc_noprof+0x1c9/0x500 [ 15.552162] kunit_kmalloc_array+0x25/0x60 [ 15.552403] copy_user_test_oob+0xab/0x10f0 [ 15.552579] kunit_try_run_case+0x1a5/0x480 [ 15.552727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.552904] kthread+0x337/0x6f0 [ 15.553027] ret_from_fork+0x116/0x1d0 [ 15.553172] ret_from_fork_asm+0x1a/0x30 [ 15.553418] [ 15.553516] The buggy address belongs to the object at ffff8881029dbd00 [ 15.553516] which belongs to the cache kmalloc-128 of size 128 [ 15.554061] The buggy address is located 0 bytes inside of [ 15.554061] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.554570] [ 15.554645] The buggy address belongs to the physical page: [ 15.554819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.555064] flags: 0x200000000000000(node=0|zone=2) [ 15.555329] page_type: f5(slab) [ 15.555501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.555839] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.556187] page dumped because: kasan: bad access detected [ 15.556436] [ 15.556534] Memory state around the buggy address: [ 15.556728] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.556946] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.557175] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.557540] ^ [ 15.557859] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.558193] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.558668] ==================================================================