Date
July 5, 2025, 5:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.315675] ================================================================== [ 21.315763] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 21.315887] Write of size 1 at addr fff00000c6398d78 by task kunit_try_catch/285 [ 21.315940] [ 21.315969] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.316286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.316318] Hardware name: linux,dummy-virt (DT) [ 21.316389] Call trace: [ 21.316469] show_stack+0x20/0x38 (C) [ 21.316553] dump_stack_lvl+0x8c/0xd0 [ 21.316621] print_report+0x118/0x608 [ 21.316669] kasan_report+0xdc/0x128 [ 21.316834] __asan_report_store1_noabort+0x20/0x30 [ 21.316894] strncpy_from_user+0x270/0x2a0 [ 21.316944] copy_user_test_oob+0x5c0/0xec8 [ 21.316990] kunit_try_run_case+0x170/0x3f0 [ 21.317137] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.317223] kthread+0x328/0x630 [ 21.317304] ret_from_fork+0x10/0x20 [ 21.317403] [ 21.317423] Allocated by task 285: [ 21.317485] kasan_save_stack+0x3c/0x68 [ 21.317583] kasan_save_track+0x20/0x40 [ 21.317897] kasan_save_alloc_info+0x40/0x58 [ 21.318041] __kasan_kmalloc+0xd4/0xd8 [ 21.318128] __kmalloc_noprof+0x198/0x4c8 [ 21.318197] kunit_kmalloc_array+0x34/0x88 [ 21.318272] copy_user_test_oob+0xac/0xec8 [ 21.318369] kunit_try_run_case+0x170/0x3f0 [ 21.318445] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.318502] kthread+0x328/0x630 [ 21.318536] ret_from_fork+0x10/0x20 [ 21.318574] [ 21.318594] The buggy address belongs to the object at fff00000c6398d00 [ 21.318594] which belongs to the cache kmalloc-128 of size 128 [ 21.318653] The buggy address is located 0 bytes to the right of [ 21.318653] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.318855] [ 21.318948] The buggy address belongs to the physical page: [ 21.319018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.319101] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.319285] page_type: f5(slab) [ 21.319378] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.319504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.319632] page dumped because: kasan: bad access detected [ 21.319719] [ 21.319844] Memory state around the buggy address: [ 21.319940] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.320018] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.320119] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.320223] ^ [ 21.320312] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.320386] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.320435] ================================================================== [ 21.312153] ================================================================== [ 21.312207] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 21.312371] Write of size 121 at addr fff00000c6398d00 by task kunit_try_catch/285 [ 21.312433] [ 21.312527] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.312607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.312634] Hardware name: linux,dummy-virt (DT) [ 21.312730] Call trace: [ 21.312755] show_stack+0x20/0x38 (C) [ 21.312832] dump_stack_lvl+0x8c/0xd0 [ 21.313029] print_report+0x118/0x608 [ 21.313170] kasan_report+0xdc/0x128 [ 21.313256] kasan_check_range+0x100/0x1a8 [ 21.313327] __kasan_check_write+0x20/0x30 [ 21.313375] strncpy_from_user+0x3c/0x2a0 [ 21.313536] copy_user_test_oob+0x5c0/0xec8 [ 21.313588] kunit_try_run_case+0x170/0x3f0 [ 21.313709] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.313787] kthread+0x328/0x630 [ 21.313878] ret_from_fork+0x10/0x20 [ 21.313946] [ 21.313975] Allocated by task 285: [ 21.314007] kasan_save_stack+0x3c/0x68 [ 21.314048] kasan_save_track+0x20/0x40 [ 21.314087] kasan_save_alloc_info+0x40/0x58 [ 21.314129] __kasan_kmalloc+0xd4/0xd8 [ 21.314166] __kmalloc_noprof+0x198/0x4c8 [ 21.314237] kunit_kmalloc_array+0x34/0x88 [ 21.314358] copy_user_test_oob+0xac/0xec8 [ 21.314437] kunit_try_run_case+0x170/0x3f0 [ 21.314494] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.314540] kthread+0x328/0x630 [ 21.314575] ret_from_fork+0x10/0x20 [ 21.314611] [ 21.314631] The buggy address belongs to the object at fff00000c6398d00 [ 21.314631] which belongs to the cache kmalloc-128 of size 128 [ 21.314690] The buggy address is located 0 bytes inside of [ 21.314690] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.314752] [ 21.314774] The buggy address belongs to the physical page: [ 21.314805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.314870] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.314930] page_type: f5(slab) [ 21.314977] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.315034] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.315086] page dumped because: kasan: bad access detected [ 21.315119] [ 21.315148] Memory state around the buggy address: [ 21.315181] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.315234] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.315280] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.315320] ^ [ 21.315366] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.315414] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.315460] ==================================================================
[ 15.748159] ================================================================== [ 15.748633] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.748953] Write of size 1 at addr ffff8881031c1978 by task kunit_try_catch/304 [ 15.749232] [ 15.749346] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.749417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.749445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.749492] Call Trace: [ 15.749522] <TASK> [ 15.749540] dump_stack_lvl+0x73/0xb0 [ 15.749595] print_report+0xd1/0x650 [ 15.749634] ? __virt_addr_valid+0x1db/0x2d0 [ 15.749672] ? strncpy_from_user+0x1a5/0x1d0 [ 15.749706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.749730] ? strncpy_from_user+0x1a5/0x1d0 [ 15.749754] kasan_report+0x141/0x180 [ 15.749778] ? strncpy_from_user+0x1a5/0x1d0 [ 15.749807] __asan_report_store1_noabort+0x1b/0x30 [ 15.749829] strncpy_from_user+0x1a5/0x1d0 [ 15.749856] copy_user_test_oob+0x760/0x10f0 [ 15.749883] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.749907] ? finish_task_switch.isra.0+0x153/0x700 [ 15.749930] ? __switch_to+0x47/0xf50 [ 15.749957] ? __schedule+0x10cc/0x2b60 [ 15.749981] ? __pfx_read_tsc+0x10/0x10 [ 15.750003] ? ktime_get_ts64+0x86/0x230 [ 15.750028] kunit_try_run_case+0x1a5/0x480 [ 15.750055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.750079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.750104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.750128] ? __kthread_parkme+0x82/0x180 [ 15.750150] ? preempt_count_sub+0x50/0x80 [ 15.750174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.750199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.750223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.750248] kthread+0x337/0x6f0 [ 15.750269] ? trace_preempt_on+0x20/0xc0 [ 15.750294] ? __pfx_kthread+0x10/0x10 [ 15.750316] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.750337] ? calculate_sigpending+0x7b/0xa0 [ 15.750361] ? __pfx_kthread+0x10/0x10 [ 15.750384] ret_from_fork+0x116/0x1d0 [ 15.750403] ? __pfx_kthread+0x10/0x10 [ 15.750425] ret_from_fork_asm+0x1a/0x30 [ 15.750466] </TASK> [ 15.750479] [ 15.757863] Allocated by task 304: [ 15.758023] kasan_save_stack+0x45/0x70 [ 15.758170] kasan_save_track+0x18/0x40 [ 15.758310] kasan_save_alloc_info+0x3b/0x50 [ 15.758535] __kasan_kmalloc+0xb7/0xc0 [ 15.758750] __kmalloc_noprof+0x1c9/0x500 [ 15.758952] kunit_kmalloc_array+0x25/0x60 [ 15.759160] copy_user_test_oob+0xab/0x10f0 [ 15.759375] kunit_try_run_case+0x1a5/0x480 [ 15.759540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.759927] kthread+0x337/0x6f0 [ 15.760063] ret_from_fork+0x116/0x1d0 [ 15.760237] ret_from_fork_asm+0x1a/0x30 [ 15.760429] [ 15.760534] The buggy address belongs to the object at ffff8881031c1900 [ 15.760534] which belongs to the cache kmalloc-128 of size 128 [ 15.761020] The buggy address is located 0 bytes to the right of [ 15.761020] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.761527] [ 15.761615] The buggy address belongs to the physical page: [ 15.761864] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.762177] flags: 0x200000000000000(node=0|zone=2) [ 15.762344] page_type: f5(slab) [ 15.762478] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.762834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.763169] page dumped because: kasan: bad access detected [ 15.763378] [ 15.763461] Memory state around the buggy address: [ 15.763657] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.763997] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.764309] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.764600] ^ [ 15.764908] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.765173] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.765479] ================================================================== [ 15.728188] ================================================================== [ 15.728561] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.728932] Write of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.729575] [ 15.729733] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.729793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.729821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.729857] Call Trace: [ 15.729875] <TASK> [ 15.729891] dump_stack_lvl+0x73/0xb0 [ 15.729921] print_report+0xd1/0x650 [ 15.729945] ? __virt_addr_valid+0x1db/0x2d0 [ 15.729972] ? strncpy_from_user+0x2e/0x1d0 [ 15.729997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.730020] ? strncpy_from_user+0x2e/0x1d0 [ 15.730045] kasan_report+0x141/0x180 [ 15.730069] ? strncpy_from_user+0x2e/0x1d0 [ 15.730098] kasan_check_range+0x10c/0x1c0 [ 15.730123] __kasan_check_write+0x18/0x20 [ 15.730144] strncpy_from_user+0x2e/0x1d0 [ 15.730167] ? __kasan_check_read+0x15/0x20 [ 15.730190] copy_user_test_oob+0x760/0x10f0 [ 15.730217] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.730242] ? finish_task_switch.isra.0+0x153/0x700 [ 15.730265] ? __switch_to+0x47/0xf50 [ 15.730291] ? __schedule+0x10cc/0x2b60 [ 15.730314] ? __pfx_read_tsc+0x10/0x10 [ 15.730336] ? ktime_get_ts64+0x86/0x230 [ 15.730361] kunit_try_run_case+0x1a5/0x480 [ 15.730387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.730412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.730437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.730473] ? __kthread_parkme+0x82/0x180 [ 15.730495] ? preempt_count_sub+0x50/0x80 [ 15.730519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.730544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.730569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.730614] kthread+0x337/0x6f0 [ 15.730636] ? trace_preempt_on+0x20/0xc0 [ 15.730662] ? __pfx_kthread+0x10/0x10 [ 15.730712] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.730734] ? calculate_sigpending+0x7b/0xa0 [ 15.730759] ? __pfx_kthread+0x10/0x10 [ 15.730800] ret_from_fork+0x116/0x1d0 [ 15.730820] ? __pfx_kthread+0x10/0x10 [ 15.730841] ret_from_fork_asm+0x1a/0x30 [ 15.730874] </TASK> [ 15.730887] [ 15.739126] Allocated by task 304: [ 15.739299] kasan_save_stack+0x45/0x70 [ 15.739498] kasan_save_track+0x18/0x40 [ 15.739697] kasan_save_alloc_info+0x3b/0x50 [ 15.739887] __kasan_kmalloc+0xb7/0xc0 [ 15.740090] __kmalloc_noprof+0x1c9/0x500 [ 15.740269] kunit_kmalloc_array+0x25/0x60 [ 15.740480] copy_user_test_oob+0xab/0x10f0 [ 15.740704] kunit_try_run_case+0x1a5/0x480 [ 15.740902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.741148] kthread+0x337/0x6f0 [ 15.741319] ret_from_fork+0x116/0x1d0 [ 15.741504] ret_from_fork_asm+0x1a/0x30 [ 15.741757] [ 15.741845] The buggy address belongs to the object at ffff8881031c1900 [ 15.741845] which belongs to the cache kmalloc-128 of size 128 [ 15.742341] The buggy address is located 0 bytes inside of [ 15.742341] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.742910] [ 15.743026] The buggy address belongs to the physical page: [ 15.743241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.743664] flags: 0x200000000000000(node=0|zone=2) [ 15.743975] page_type: f5(slab) [ 15.744191] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.744591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.744939] page dumped because: kasan: bad access detected [ 15.745192] [ 15.745286] Memory state around the buggy address: [ 15.745489] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.745713] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.745931] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.746149] ^ [ 15.746564] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.747150] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.747508] ==================================================================