Date
July 9, 2025, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.984665] ================================================================== [ 19.984729] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.985173] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.985261] [ 19.985305] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.985442] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.985477] Hardware name: linux,dummy-virt (DT) [ 19.985522] Call trace: [ 19.985551] show_stack+0x20/0x38 (C) [ 19.985968] dump_stack_lvl+0x8c/0xd0 [ 19.986195] print_report+0x118/0x608 [ 19.986292] kasan_report+0xdc/0x128 [ 19.986350] kasan_check_range+0x100/0x1a8 [ 19.986402] __kasan_check_write+0x20/0x30 [ 19.986449] strncpy_from_user+0x3c/0x2a0 [ 19.986938] copy_user_test_oob+0x5c0/0xec8 [ 19.987112] kunit_try_run_case+0x170/0x3f0 [ 19.987232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.987319] kthread+0x328/0x630 [ 19.987751] ret_from_fork+0x10/0x20 [ 19.987985] [ 19.988161] Allocated by task 285: [ 19.988252] kasan_save_stack+0x3c/0x68 [ 19.988297] kasan_save_track+0x20/0x40 [ 19.988366] kasan_save_alloc_info+0x40/0x58 [ 19.988835] __kasan_kmalloc+0xd4/0xd8 [ 19.988997] __kmalloc_noprof+0x198/0x4c8 [ 19.989159] kunit_kmalloc_array+0x34/0x88 [ 19.989201] copy_user_test_oob+0xac/0xec8 [ 19.989244] kunit_try_run_case+0x170/0x3f0 [ 19.989340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.989389] kthread+0x328/0x630 [ 19.989426] ret_from_fork+0x10/0x20 [ 19.989464] [ 19.989487] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.989487] which belongs to the cache kmalloc-128 of size 128 [ 19.989549] The buggy address is located 0 bytes inside of [ 19.989549] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.989778] [ 19.989912] The buggy address belongs to the physical page: [ 19.990462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.990561] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.991241] page_type: f5(slab) [ 19.991329] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.991659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.992004] page dumped because: kasan: bad access detected [ 19.992063] [ 19.992329] Memory state around the buggy address: [ 19.992400] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.992528] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.992595] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.992756] ^ [ 19.992823] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.992877] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.993180] ================================================================== [ 19.996080] ================================================================== [ 19.997104] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.997166] Write of size 1 at addr fff00000c6c2cc78 by task kunit_try_catch/285 [ 19.997416] [ 19.997547] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.997681] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.997750] Hardware name: linux,dummy-virt (DT) [ 19.997797] Call trace: [ 19.997856] show_stack+0x20/0x38 (C) [ 19.998001] dump_stack_lvl+0x8c/0xd0 [ 19.998074] print_report+0x118/0x608 [ 19.998136] kasan_report+0xdc/0x128 [ 19.998185] __asan_report_store1_noabort+0x20/0x30 [ 19.998241] strncpy_from_user+0x270/0x2a0 [ 19.998292] copy_user_test_oob+0x5c0/0xec8 [ 19.998531] kunit_try_run_case+0x170/0x3f0 [ 19.998640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.998725] kthread+0x328/0x630 [ 19.998823] ret_from_fork+0x10/0x20 [ 19.998910] [ 19.998987] Allocated by task 285: [ 19.999032] kasan_save_stack+0x3c/0x68 [ 19.999075] kasan_save_track+0x20/0x40 [ 19.999128] kasan_save_alloc_info+0x40/0x58 [ 19.999316] __kasan_kmalloc+0xd4/0xd8 [ 19.999411] __kmalloc_noprof+0x198/0x4c8 [ 19.999501] kunit_kmalloc_array+0x34/0x88 [ 19.999638] copy_user_test_oob+0xac/0xec8 [ 19.999733] kunit_try_run_case+0x170/0x3f0 [ 19.999808] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.999854] kthread+0x328/0x630 [ 19.999889] ret_from_fork+0x10/0x20 [ 19.999928] [ 20.000133] The buggy address belongs to the object at fff00000c6c2cc00 [ 20.000133] which belongs to the cache kmalloc-128 of size 128 [ 20.000258] The buggy address is located 0 bytes to the right of [ 20.000258] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 20.000366] [ 20.000436] The buggy address belongs to the physical page: [ 20.000563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 20.000678] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.000765] page_type: f5(slab) [ 20.000807] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.000862] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.001054] page dumped because: kasan: bad access detected [ 20.001155] [ 20.001216] Memory state around the buggy address: [ 20.001251] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.001329] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.001636] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.001720] ^ [ 20.001838] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.001915] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.001966] ==================================================================
[ 16.788753] ================================================================== [ 16.789209] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.789459] Write of size 1 at addr ffff8881029c7e78 by task kunit_try_catch/302 [ 16.789703] [ 16.789790] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.789833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.789846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.789867] Call Trace: [ 16.789883] <TASK> [ 16.789899] dump_stack_lvl+0x73/0xb0 [ 16.789926] print_report+0xd1/0x650 [ 16.789949] ? __virt_addr_valid+0x1db/0x2d0 [ 16.789972] ? strncpy_from_user+0x1a5/0x1d0 [ 16.789997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.790021] ? strncpy_from_user+0x1a5/0x1d0 [ 16.790045] kasan_report+0x141/0x180 [ 16.790068] ? strncpy_from_user+0x1a5/0x1d0 [ 16.790096] __asan_report_store1_noabort+0x1b/0x30 [ 16.790123] strncpy_from_user+0x1a5/0x1d0 [ 16.790149] copy_user_test_oob+0x760/0x10f0 [ 16.790176] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.790200] ? finish_task_switch.isra.0+0x153/0x700 [ 16.790224] ? __switch_to+0x47/0xf50 [ 16.790251] ? __schedule+0x10cc/0x2b60 [ 16.790273] ? __pfx_read_tsc+0x10/0x10 [ 16.790296] ? ktime_get_ts64+0x86/0x230 [ 16.790321] kunit_try_run_case+0x1a5/0x480 [ 16.790346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.790370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.790395] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.790420] ? __kthread_parkme+0x82/0x180 [ 16.790441] ? preempt_count_sub+0x50/0x80 [ 16.790465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.790491] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.790516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.790543] kthread+0x337/0x6f0 [ 16.790562] ? trace_preempt_on+0x20/0xc0 [ 16.790587] ? __pfx_kthread+0x10/0x10 [ 16.790618] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.790640] ? calculate_sigpending+0x7b/0xa0 [ 16.790665] ? __pfx_kthread+0x10/0x10 [ 16.790687] ret_from_fork+0x116/0x1d0 [ 16.790706] ? __pfx_kthread+0x10/0x10 [ 16.790728] ret_from_fork_asm+0x1a/0x30 [ 16.790760] </TASK> [ 16.790771] [ 16.798642] Allocated by task 302: [ 16.798775] kasan_save_stack+0x45/0x70 [ 16.798990] kasan_save_track+0x18/0x40 [ 16.799181] kasan_save_alloc_info+0x3b/0x50 [ 16.799393] __kasan_kmalloc+0xb7/0xc0 [ 16.799581] __kmalloc_noprof+0x1c9/0x500 [ 16.799937] kunit_kmalloc_array+0x25/0x60 [ 16.800204] copy_user_test_oob+0xab/0x10f0 [ 16.800537] kunit_try_run_case+0x1a5/0x480 [ 16.800694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.800872] kthread+0x337/0x6f0 [ 16.800994] ret_from_fork+0x116/0x1d0 [ 16.801127] ret_from_fork_asm+0x1a/0x30 [ 16.801267] [ 16.801339] The buggy address belongs to the object at ffff8881029c7e00 [ 16.801339] which belongs to the cache kmalloc-128 of size 128 [ 16.802044] The buggy address is located 0 bytes to the right of [ 16.802044] allocated 120-byte region [ffff8881029c7e00, ffff8881029c7e78) [ 16.802605] [ 16.802701] The buggy address belongs to the physical page: [ 16.803114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.803356] flags: 0x200000000000000(node=0|zone=2) [ 16.803519] page_type: f5(slab) [ 16.803648] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.804145] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.804488] page dumped because: kasan: bad access detected [ 16.804753] [ 16.804847] Memory state around the buggy address: [ 16.805124] ffff8881029c7d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.805402] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.805706] >ffff8881029c7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.806013] ^ [ 16.806287] ffff8881029c7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.806505] ffff8881029c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.806731] ================================================================== [ 16.770495] ================================================================== [ 16.771086] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.771419] Write of size 121 at addr ffff8881029c7e00 by task kunit_try_catch/302 [ 16.771773] [ 16.771882] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.771924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.771951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.771972] Call Trace: [ 16.771989] <TASK> [ 16.772005] dump_stack_lvl+0x73/0xb0 [ 16.772033] print_report+0xd1/0x650 [ 16.772056] ? __virt_addr_valid+0x1db/0x2d0 [ 16.772079] ? strncpy_from_user+0x2e/0x1d0 [ 16.772103] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.772128] ? strncpy_from_user+0x2e/0x1d0 [ 16.772152] kasan_report+0x141/0x180 [ 16.772175] ? strncpy_from_user+0x2e/0x1d0 [ 16.772202] kasan_check_range+0x10c/0x1c0 [ 16.772227] __kasan_check_write+0x18/0x20 [ 16.772248] strncpy_from_user+0x2e/0x1d0 [ 16.772271] ? __kasan_check_read+0x15/0x20 [ 16.772293] copy_user_test_oob+0x760/0x10f0 [ 16.772320] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.772344] ? finish_task_switch.isra.0+0x153/0x700 [ 16.772368] ? __switch_to+0x47/0xf50 [ 16.772395] ? __schedule+0x10cc/0x2b60 [ 16.772417] ? __pfx_read_tsc+0x10/0x10 [ 16.772439] ? ktime_get_ts64+0x86/0x230 [ 16.772464] kunit_try_run_case+0x1a5/0x480 [ 16.772490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.772514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.772539] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.772565] ? __kthread_parkme+0x82/0x180 [ 16.772588] ? preempt_count_sub+0x50/0x80 [ 16.772623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.772648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.772674] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.772701] kthread+0x337/0x6f0 [ 16.772721] ? trace_preempt_on+0x20/0xc0 [ 16.772746] ? __pfx_kthread+0x10/0x10 [ 16.772767] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.772789] ? calculate_sigpending+0x7b/0xa0 [ 16.772814] ? __pfx_kthread+0x10/0x10 [ 16.772835] ret_from_fork+0x116/0x1d0 [ 16.772854] ? __pfx_kthread+0x10/0x10 [ 16.772875] ret_from_fork_asm+0x1a/0x30 [ 16.772906] </TASK> [ 16.772917] [ 16.780580] Allocated by task 302: [ 16.780782] kasan_save_stack+0x45/0x70 [ 16.780986] kasan_save_track+0x18/0x40 [ 16.781184] kasan_save_alloc_info+0x3b/0x50 [ 16.781392] __kasan_kmalloc+0xb7/0xc0 [ 16.781580] __kmalloc_noprof+0x1c9/0x500 [ 16.781801] kunit_kmalloc_array+0x25/0x60 [ 16.782011] copy_user_test_oob+0xab/0x10f0 [ 16.782219] kunit_try_run_case+0x1a5/0x480 [ 16.782430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.782676] kthread+0x337/0x6f0 [ 16.782871] ret_from_fork+0x116/0x1d0 [ 16.783033] ret_from_fork_asm+0x1a/0x30 [ 16.783205] [ 16.783288] The buggy address belongs to the object at ffff8881029c7e00 [ 16.783288] which belongs to the cache kmalloc-128 of size 128 [ 16.783678] The buggy address is located 0 bytes inside of [ 16.783678] allocated 120-byte region [ffff8881029c7e00, ffff8881029c7e78) [ 16.784034] [ 16.784105] The buggy address belongs to the physical page: [ 16.784278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.784517] flags: 0x200000000000000(node=0|zone=2) [ 16.784786] page_type: f5(slab) [ 16.784962] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.785309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.785662] page dumped because: kasan: bad access detected [ 16.785919] [ 16.786013] Memory state around the buggy address: [ 16.786233] ffff8881029c7d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.786447] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.786671] >ffff8881029c7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.787029] ^ [ 16.787352] ffff8881029c7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.787693] ffff8881029c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.788121] ==================================================================