Date
July 10, 2025, 6:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.011462] ================================================================== [ 20.011545] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 20.011888] Write of size 121 at addr fff00000c5a57c00 by task kunit_try_catch/285 [ 20.011967] [ 20.012091] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 20.012474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.012552] Hardware name: linux,dummy-virt (DT) [ 20.012804] Call trace: [ 20.012934] show_stack+0x20/0x38 (C) [ 20.013244] dump_stack_lvl+0x8c/0xd0 [ 20.013491] print_report+0x118/0x608 [ 20.013707] kasan_report+0xdc/0x128 [ 20.013840] kasan_check_range+0x100/0x1a8 [ 20.014037] __kasan_check_write+0x20/0x30 [ 20.014142] strncpy_from_user+0x3c/0x2a0 [ 20.014302] copy_user_test_oob+0x5c0/0xec8 [ 20.014383] kunit_try_run_case+0x170/0x3f0 [ 20.014461] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.014832] kthread+0x328/0x630 [ 20.015202] ret_from_fork+0x10/0x20 [ 20.015384] [ 20.015426] Allocated by task 285: [ 20.015569] kasan_save_stack+0x3c/0x68 [ 20.015616] kasan_save_track+0x20/0x40 [ 20.015846] kasan_save_alloc_info+0x40/0x58 [ 20.016352] __kasan_kmalloc+0xd4/0xd8 [ 20.016515] __kmalloc_noprof+0x198/0x4c8 [ 20.016561] kunit_kmalloc_array+0x34/0x88 [ 20.016613] copy_user_test_oob+0xac/0xec8 [ 20.016655] kunit_try_run_case+0x170/0x3f0 [ 20.016694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.016743] kthread+0x328/0x630 [ 20.016788] ret_from_fork+0x10/0x20 [ 20.016837] [ 20.016869] The buggy address belongs to the object at fff00000c5a57c00 [ 20.016869] which belongs to the cache kmalloc-128 of size 128 [ 20.016950] The buggy address is located 0 bytes inside of [ 20.016950] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 20.017015] [ 20.017053] The buggy address belongs to the physical page: [ 20.017124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 20.017212] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.017270] page_type: f5(slab) [ 20.017313] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.017823] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.017891] page dumped because: kasan: bad access detected [ 20.018199] [ 20.018221] Memory state around the buggy address: [ 20.018348] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.018858] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.019036] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.019210] ^ [ 20.019518] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.019826] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.020078] ================================================================== [ 20.022471] ================================================================== [ 20.022604] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 20.023088] Write of size 1 at addr fff00000c5a57c78 by task kunit_try_catch/285 [ 20.023176] [ 20.023211] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 20.023544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.023787] Hardware name: linux,dummy-virt (DT) [ 20.024056] Call trace: [ 20.024206] show_stack+0x20/0x38 (C) [ 20.024349] dump_stack_lvl+0x8c/0xd0 [ 20.024407] print_report+0x118/0x608 [ 20.024697] kasan_report+0xdc/0x128 [ 20.024913] __asan_report_store1_noabort+0x20/0x30 [ 20.024992] strncpy_from_user+0x270/0x2a0 [ 20.025474] copy_user_test_oob+0x5c0/0xec8 [ 20.025549] kunit_try_run_case+0x170/0x3f0 [ 20.025801] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.026085] kthread+0x328/0x630 [ 20.026170] ret_from_fork+0x10/0x20 [ 20.026330] [ 20.026373] Allocated by task 285: [ 20.026701] kasan_save_stack+0x3c/0x68 [ 20.026769] kasan_save_track+0x20/0x40 [ 20.027021] kasan_save_alloc_info+0x40/0x58 [ 20.027248] __kasan_kmalloc+0xd4/0xd8 [ 20.027321] __kmalloc_noprof+0x198/0x4c8 [ 20.027388] kunit_kmalloc_array+0x34/0x88 [ 20.027434] copy_user_test_oob+0xac/0xec8 [ 20.027550] kunit_try_run_case+0x170/0x3f0 [ 20.027591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.027638] kthread+0x328/0x630 [ 20.027672] ret_from_fork+0x10/0x20 [ 20.027712] [ 20.027746] The buggy address belongs to the object at fff00000c5a57c00 [ 20.027746] which belongs to the cache kmalloc-128 of size 128 [ 20.027812] The buggy address is located 0 bytes to the right of [ 20.027812] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 20.027888] [ 20.027921] The buggy address belongs to the physical page: [ 20.027954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 20.028009] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.028066] page_type: f5(slab) [ 20.028108] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.028162] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.028204] page dumped because: kasan: bad access detected [ 20.028248] [ 20.028277] Memory state around the buggy address: [ 20.028312] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.028367] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.028429] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.028471] ^ [ 20.028514] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.028559] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.028600] ==================================================================
[ 16.651964] ================================================================== [ 16.652639] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.652933] Write of size 1 at addr ffff888102791f78 by task kunit_try_catch/302 [ 16.653276] [ 16.653386] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.653429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.653442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.653482] Call Trace: [ 16.653497] <TASK> [ 16.653514] dump_stack_lvl+0x73/0xb0 [ 16.653543] print_report+0xd1/0x650 [ 16.653566] ? __virt_addr_valid+0x1db/0x2d0 [ 16.653590] ? strncpy_from_user+0x1a5/0x1d0 [ 16.653614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.653638] ? strncpy_from_user+0x1a5/0x1d0 [ 16.653681] kasan_report+0x141/0x180 [ 16.653717] ? strncpy_from_user+0x1a5/0x1d0 [ 16.653747] __asan_report_store1_noabort+0x1b/0x30 [ 16.653787] strncpy_from_user+0x1a5/0x1d0 [ 16.653828] copy_user_test_oob+0x760/0x10f0 [ 16.653855] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.653879] ? finish_task_switch.isra.0+0x153/0x700 [ 16.653903] ? __switch_to+0x47/0xf50 [ 16.653928] ? __schedule+0x10cc/0x2b60 [ 16.653951] ? __pfx_read_tsc+0x10/0x10 [ 16.653973] ? ktime_get_ts64+0x86/0x230 [ 16.653997] kunit_try_run_case+0x1a5/0x480 [ 16.654023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.654057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.654082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.654107] ? __kthread_parkme+0x82/0x180 [ 16.654129] ? preempt_count_sub+0x50/0x80 [ 16.654153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.654179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.654205] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.654231] kthread+0x337/0x6f0 [ 16.654251] ? trace_preempt_on+0x20/0xc0 [ 16.654275] ? __pfx_kthread+0x10/0x10 [ 16.654296] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.654319] ? calculate_sigpending+0x7b/0xa0 [ 16.654344] ? __pfx_kthread+0x10/0x10 [ 16.654378] ret_from_fork+0x116/0x1d0 [ 16.654396] ? __pfx_kthread+0x10/0x10 [ 16.654417] ret_from_fork_asm+0x1a/0x30 [ 16.654448] </TASK> [ 16.654459] [ 16.667094] Allocated by task 302: [ 16.667431] kasan_save_stack+0x45/0x70 [ 16.667646] kasan_save_track+0x18/0x40 [ 16.667953] kasan_save_alloc_info+0x3b/0x50 [ 16.668340] __kasan_kmalloc+0xb7/0xc0 [ 16.668541] __kmalloc_noprof+0x1c9/0x500 [ 16.668852] kunit_kmalloc_array+0x25/0x60 [ 16.669144] copy_user_test_oob+0xab/0x10f0 [ 16.669485] kunit_try_run_case+0x1a5/0x480 [ 16.669696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.670124] kthread+0x337/0x6f0 [ 16.670412] ret_from_fork+0x116/0x1d0 [ 16.670687] ret_from_fork_asm+0x1a/0x30 [ 16.670890] [ 16.671068] The buggy address belongs to the object at ffff888102791f00 [ 16.671068] which belongs to the cache kmalloc-128 of size 128 [ 16.671756] The buggy address is located 0 bytes to the right of [ 16.671756] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.672391] [ 16.672476] The buggy address belongs to the physical page: [ 16.672859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.673345] flags: 0x200000000000000(node=0|zone=2) [ 16.673646] page_type: f5(slab) [ 16.673895] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.674418] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.674803] page dumped because: kasan: bad access detected [ 16.675182] [ 16.675394] Memory state around the buggy address: [ 16.675690] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.676067] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.676339] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.676716] ^ [ 16.677183] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.677518] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.677925] ================================================================== [ 16.628898] ================================================================== [ 16.629168] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.629495] Write of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.629800] [ 16.630489] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.630539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.630553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.630575] Call Trace: [ 16.630591] <TASK> [ 16.630608] dump_stack_lvl+0x73/0xb0 [ 16.630640] print_report+0xd1/0x650 [ 16.630664] ? __virt_addr_valid+0x1db/0x2d0 [ 16.630688] ? strncpy_from_user+0x2e/0x1d0 [ 16.630712] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.630737] ? strncpy_from_user+0x2e/0x1d0 [ 16.630762] kasan_report+0x141/0x180 [ 16.630786] ? strncpy_from_user+0x2e/0x1d0 [ 16.630815] kasan_check_range+0x10c/0x1c0 [ 16.630840] __kasan_check_write+0x18/0x20 [ 16.630861] strncpy_from_user+0x2e/0x1d0 [ 16.630887] copy_user_test_oob+0x760/0x10f0 [ 16.630924] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.630949] ? finish_task_switch.isra.0+0x153/0x700 [ 16.630972] ? __switch_to+0x47/0xf50 [ 16.630998] ? __schedule+0x10cc/0x2b60 [ 16.631021] ? __pfx_read_tsc+0x10/0x10 [ 16.631052] ? ktime_get_ts64+0x86/0x230 [ 16.631076] kunit_try_run_case+0x1a5/0x480 [ 16.631101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.631125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.631149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.631175] ? __kthread_parkme+0x82/0x180 [ 16.631196] ? preempt_count_sub+0x50/0x80 [ 16.631220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.631246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.631272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.631298] kthread+0x337/0x6f0 [ 16.631318] ? trace_preempt_on+0x20/0xc0 [ 16.631342] ? __pfx_kthread+0x10/0x10 [ 16.631388] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.631411] ? calculate_sigpending+0x7b/0xa0 [ 16.631436] ? __pfx_kthread+0x10/0x10 [ 16.631458] ret_from_fork+0x116/0x1d0 [ 16.631479] ? __pfx_kthread+0x10/0x10 [ 16.631500] ret_from_fork_asm+0x1a/0x30 [ 16.631531] </TASK> [ 16.631541] [ 16.641573] Allocated by task 302: [ 16.641734] kasan_save_stack+0x45/0x70 [ 16.642133] kasan_save_track+0x18/0x40 [ 16.642410] kasan_save_alloc_info+0x3b/0x50 [ 16.642697] __kasan_kmalloc+0xb7/0xc0 [ 16.642893] __kmalloc_noprof+0x1c9/0x500 [ 16.643279] kunit_kmalloc_array+0x25/0x60 [ 16.643587] copy_user_test_oob+0xab/0x10f0 [ 16.643835] kunit_try_run_case+0x1a5/0x480 [ 16.644132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.644403] kthread+0x337/0x6f0 [ 16.644739] ret_from_fork+0x116/0x1d0 [ 16.645068] ret_from_fork_asm+0x1a/0x30 [ 16.645296] [ 16.645399] The buggy address belongs to the object at ffff888102791f00 [ 16.645399] which belongs to the cache kmalloc-128 of size 128 [ 16.646177] The buggy address is located 0 bytes inside of [ 16.646177] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.646635] [ 16.646733] The buggy address belongs to the physical page: [ 16.646992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.647327] flags: 0x200000000000000(node=0|zone=2) [ 16.647742] page_type: f5(slab) [ 16.647917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.648328] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.648635] page dumped because: kasan: bad access detected [ 16.648845] [ 16.648914] Memory state around the buggy address: [ 16.649129] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.649467] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.649793] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.650082] ^ [ 16.650301] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.650799] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.651141] ==================================================================