Date
July 20, 2025, 8:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.401112] ================================================================== [ 18.401671] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 18.401750] Write of size 121 at addr fff00000c64df100 by task kunit_try_catch/286 [ 18.401824] [ 18.402173] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.402653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.402763] Hardware name: linux,dummy-virt (DT) [ 18.402845] Call trace: [ 18.402873] show_stack+0x20/0x38 (C) [ 18.403343] dump_stack_lvl+0x8c/0xd0 [ 18.403419] print_report+0x118/0x5d0 [ 18.403807] kasan_report+0xdc/0x128 [ 18.404067] kasan_check_range+0x100/0x1a8 [ 18.404156] __kasan_check_write+0x20/0x30 [ 18.404490] strncpy_from_user+0x3c/0x2a0 [ 18.404719] copy_user_test_oob+0x5c0/0xec8 [ 18.404792] kunit_try_run_case+0x170/0x3f0 [ 18.405112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.405338] kthread+0x328/0x630 [ 18.405661] ret_from_fork+0x10/0x20 [ 18.405919] [ 18.405974] Allocated by task 286: [ 18.406293] kasan_save_stack+0x3c/0x68 [ 18.406435] kasan_save_track+0x20/0x40 [ 18.406523] kasan_save_alloc_info+0x40/0x58 [ 18.406586] __kasan_kmalloc+0xd4/0xd8 [ 18.406913] __kmalloc_noprof+0x198/0x4c8 [ 18.407272] kunit_kmalloc_array+0x34/0x88 [ 18.407450] copy_user_test_oob+0xac/0xec8 [ 18.407588] kunit_try_run_case+0x170/0x3f0 [ 18.407713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.407787] kthread+0x328/0x630 [ 18.408207] ret_from_fork+0x10/0x20 [ 18.408486] [ 18.408555] The buggy address belongs to the object at fff00000c64df100 [ 18.408555] which belongs to the cache kmalloc-128 of size 128 [ 18.408716] The buggy address is located 0 bytes inside of [ 18.408716] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.408964] [ 18.409081] The buggy address belongs to the physical page: [ 18.409178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.409247] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.409296] page_type: f5(slab) [ 18.409738] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.410421] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.410678] page dumped because: kasan: bad access detected [ 18.410896] [ 18.410922] Memory state around the buggy address: [ 18.410959] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.411009] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.411196] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.411677] ^ [ 18.411767] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.411847] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.411889] ================================================================== [ 18.414432] ================================================================== [ 18.414495] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 18.414548] Write of size 1 at addr fff00000c64df178 by task kunit_try_catch/286 [ 18.414601] [ 18.414992] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.415110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.415529] Hardware name: linux,dummy-virt (DT) [ 18.415808] Call trace: [ 18.415862] show_stack+0x20/0x38 (C) [ 18.416018] dump_stack_lvl+0x8c/0xd0 [ 18.416264] print_report+0x118/0x5d0 [ 18.416331] kasan_report+0xdc/0x128 [ 18.416514] __asan_report_store1_noabort+0x20/0x30 [ 18.416594] strncpy_from_user+0x270/0x2a0 [ 18.416647] copy_user_test_oob+0x5c0/0xec8 [ 18.416696] kunit_try_run_case+0x170/0x3f0 [ 18.416744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.416798] kthread+0x328/0x630 [ 18.416840] ret_from_fork+0x10/0x20 [ 18.417450] [ 18.417488] Allocated by task 286: [ 18.417524] kasan_save_stack+0x3c/0x68 [ 18.417598] kasan_save_track+0x20/0x40 [ 18.417837] kasan_save_alloc_info+0x40/0x58 [ 18.417969] __kasan_kmalloc+0xd4/0xd8 [ 18.418342] __kmalloc_noprof+0x198/0x4c8 [ 18.418479] kunit_kmalloc_array+0x34/0x88 [ 18.418698] copy_user_test_oob+0xac/0xec8 [ 18.418769] kunit_try_run_case+0x170/0x3f0 [ 18.418810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.418866] kthread+0x328/0x630 [ 18.418902] ret_from_fork+0x10/0x20 [ 18.418945] [ 18.418988] The buggy address belongs to the object at fff00000c64df100 [ 18.418988] which belongs to the cache kmalloc-128 of size 128 [ 18.419058] The buggy address is located 0 bytes to the right of [ 18.419058] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.419125] [ 18.419156] The buggy address belongs to the physical page: [ 18.419219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.419284] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.419334] page_type: f5(slab) [ 18.419383] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.419436] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.419479] page dumped because: kasan: bad access detected [ 18.419515] [ 18.419545] Memory state around the buggy address: [ 18.419597] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.419645] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.419690] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.419732] ^ [ 18.419775] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.419827] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.419867] ==================================================================
[ 17.150798] ================================================================== [ 17.151218] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 17.151567] Write of size 121 at addr ffff8881029dff00 by task kunit_try_catch/303 [ 17.151923] [ 17.152041] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.152090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.152104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.152127] Call Trace: [ 17.152147] <TASK> [ 17.152165] dump_stack_lvl+0x73/0xb0 [ 17.152216] print_report+0xd1/0x610 [ 17.152255] ? __virt_addr_valid+0x1db/0x2d0 [ 17.152279] ? strncpy_from_user+0x2e/0x1d0 [ 17.152319] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.152343] ? strncpy_from_user+0x2e/0x1d0 [ 17.152382] kasan_report+0x141/0x180 [ 17.152421] ? strncpy_from_user+0x2e/0x1d0 [ 17.152451] kasan_check_range+0x10c/0x1c0 [ 17.152488] __kasan_check_write+0x18/0x20 [ 17.152509] strncpy_from_user+0x2e/0x1d0 [ 17.152532] ? __kasan_check_read+0x15/0x20 [ 17.152557] copy_user_test_oob+0x760/0x10f0 [ 17.152585] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.152611] ? finish_task_switch.isra.0+0x153/0x700 [ 17.152639] ? __switch_to+0x47/0xf50 [ 17.152669] ? __schedule+0x10c6/0x2b60 [ 17.152695] ? __pfx_read_tsc+0x10/0x10 [ 17.152720] ? ktime_get_ts64+0x86/0x230 [ 17.152747] kunit_try_run_case+0x1a5/0x480 [ 17.152773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.152798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.152825] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.152850] ? __kthread_parkme+0x82/0x180 [ 17.152874] ? preempt_count_sub+0x50/0x80 [ 17.152899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.152925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.152951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.152993] kthread+0x337/0x6f0 [ 17.153016] ? trace_preempt_on+0x20/0xc0 [ 17.153056] ? __pfx_kthread+0x10/0x10 [ 17.153079] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.153103] ? calculate_sigpending+0x7b/0xa0 [ 17.153128] ? __pfx_kthread+0x10/0x10 [ 17.153151] ret_from_fork+0x116/0x1d0 [ 17.153172] ? __pfx_kthread+0x10/0x10 [ 17.153194] ret_from_fork_asm+0x1a/0x30 [ 17.153227] </TASK> [ 17.153239] [ 17.161258] Allocated by task 303: [ 17.161451] kasan_save_stack+0x45/0x70 [ 17.161665] kasan_save_track+0x18/0x40 [ 17.162235] kasan_save_alloc_info+0x3b/0x50 [ 17.162434] __kasan_kmalloc+0xb7/0xc0 [ 17.162585] __kmalloc_noprof+0x1c9/0x500 [ 17.162731] kunit_kmalloc_array+0x25/0x60 [ 17.163890] copy_user_test_oob+0xab/0x10f0 [ 17.165133] kunit_try_run_case+0x1a5/0x480 [ 17.165788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.166625] kthread+0x337/0x6f0 [ 17.167072] ret_from_fork+0x116/0x1d0 [ 17.167695] ret_from_fork_asm+0x1a/0x30 [ 17.168202] [ 17.168617] The buggy address belongs to the object at ffff8881029dff00 [ 17.168617] which belongs to the cache kmalloc-128 of size 128 [ 17.169921] The buggy address is located 0 bytes inside of [ 17.169921] allocated 120-byte region [ffff8881029dff00, ffff8881029dff78) [ 17.171241] [ 17.171450] The buggy address belongs to the physical page: [ 17.172142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 17.172975] flags: 0x200000000000000(node=0|zone=2) [ 17.173433] page_type: f5(slab) [ 17.173583] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.173838] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.174080] page dumped because: kasan: bad access detected [ 17.174268] [ 17.174345] Memory state around the buggy address: [ 17.175122] ffff8881029dfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.175943] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.176890] >ffff8881029dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.177751] ^ [ 17.178641] ffff8881029dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.179823] ffff8881029e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.180607] ================================================================== [ 17.182192] ================================================================== [ 17.183083] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 17.184076] Write of size 1 at addr ffff8881029dff78 by task kunit_try_catch/303 [ 17.184930] [ 17.185251] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.185307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.185432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.185491] Call Trace: [ 17.185514] <TASK> [ 17.185536] dump_stack_lvl+0x73/0xb0 [ 17.185617] print_report+0xd1/0x610 [ 17.185644] ? __virt_addr_valid+0x1db/0x2d0 [ 17.185670] ? strncpy_from_user+0x1a5/0x1d0 [ 17.185698] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.185723] ? strncpy_from_user+0x1a5/0x1d0 [ 17.185747] kasan_report+0x141/0x180 [ 17.185795] ? strncpy_from_user+0x1a5/0x1d0 [ 17.185825] __asan_report_store1_noabort+0x1b/0x30 [ 17.185851] strncpy_from_user+0x1a5/0x1d0 [ 17.185879] copy_user_test_oob+0x760/0x10f0 [ 17.185907] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.185932] ? finish_task_switch.isra.0+0x153/0x700 [ 17.185958] ? __switch_to+0x47/0xf50 [ 17.185986] ? __schedule+0x10c6/0x2b60 [ 17.186012] ? __pfx_read_tsc+0x10/0x10 [ 17.186036] ? ktime_get_ts64+0x86/0x230 [ 17.186062] kunit_try_run_case+0x1a5/0x480 [ 17.186091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.186121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.186148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.186173] ? __kthread_parkme+0x82/0x180 [ 17.186196] ? preempt_count_sub+0x50/0x80 [ 17.186221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.186247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.186272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.186298] kthread+0x337/0x6f0 [ 17.186319] ? trace_preempt_on+0x20/0xc0 [ 17.186347] ? __pfx_kthread+0x10/0x10 [ 17.186370] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.186395] ? calculate_sigpending+0x7b/0xa0 [ 17.186421] ? __pfx_kthread+0x10/0x10 [ 17.186444] ret_from_fork+0x116/0x1d0 [ 17.186465] ? __pfx_kthread+0x10/0x10 [ 17.186499] ret_from_fork_asm+0x1a/0x30 [ 17.186534] </TASK> [ 17.186546] [ 17.200317] Allocated by task 303: [ 17.200751] kasan_save_stack+0x45/0x70 [ 17.201283] kasan_save_track+0x18/0x40 [ 17.201690] kasan_save_alloc_info+0x3b/0x50 [ 17.202198] __kasan_kmalloc+0xb7/0xc0 [ 17.202572] __kmalloc_noprof+0x1c9/0x500 [ 17.202962] kunit_kmalloc_array+0x25/0x60 [ 17.203420] copy_user_test_oob+0xab/0x10f0 [ 17.203848] kunit_try_run_case+0x1a5/0x480 [ 17.204252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.204758] kthread+0x337/0x6f0 [ 17.205105] ret_from_fork+0x116/0x1d0 [ 17.205482] ret_from_fork_asm+0x1a/0x30 [ 17.205875] [ 17.206054] The buggy address belongs to the object at ffff8881029dff00 [ 17.206054] which belongs to the cache kmalloc-128 of size 128 [ 17.206958] The buggy address is located 0 bytes to the right of [ 17.206958] allocated 120-byte region [ffff8881029dff00, ffff8881029dff78) [ 17.207901] [ 17.208108] The buggy address belongs to the physical page: [ 17.208588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 17.209009] flags: 0x200000000000000(node=0|zone=2) [ 17.209466] page_type: f5(slab) [ 17.209825] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.210357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.210608] page dumped because: kasan: bad access detected [ 17.210824] [ 17.211005] Memory state around the buggy address: [ 17.211451] ffff8881029dfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.212158] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.212809] >ffff8881029dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.213433] ^ [ 17.214052] ffff8881029dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.214282] ffff8881029e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.214515] ==================================================================