Date
July 23, 2025, 2:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.646221] ================================================================== [ 18.646280] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 18.646366] Write of size 121 at addr fff00000c648f500 by task kunit_try_catch/285 [ 18.646425] [ 18.646473] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.646876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.647217] Hardware name: linux,dummy-virt (DT) [ 18.647517] Call trace: [ 18.647596] show_stack+0x20/0x38 (C) [ 18.647826] dump_stack_lvl+0x8c/0xd0 [ 18.647994] print_report+0x118/0x5d0 [ 18.648295] kasan_report+0xdc/0x128 [ 18.648396] kasan_check_range+0x100/0x1a8 [ 18.648486] __kasan_check_write+0x20/0x30 [ 18.648612] strncpy_from_user+0x3c/0x2a0 [ 18.648693] copy_user_test_oob+0x5c0/0xec8 [ 18.649014] kunit_try_run_case+0x170/0x3f0 [ 18.649116] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.649440] kthread+0x328/0x630 [ 18.649571] ret_from_fork+0x10/0x20 [ 18.649670] [ 18.649806] Allocated by task 285: [ 18.649886] kasan_save_stack+0x3c/0x68 [ 18.650001] kasan_save_track+0x20/0x40 [ 18.650053] kasan_save_alloc_info+0x40/0x58 [ 18.650115] __kasan_kmalloc+0xd4/0xd8 [ 18.650388] __kmalloc_noprof+0x198/0x4c8 [ 18.650813] kunit_kmalloc_array+0x34/0x88 [ 18.650944] copy_user_test_oob+0xac/0xec8 [ 18.651014] kunit_try_run_case+0x170/0x3f0 [ 18.651136] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.651212] kthread+0x328/0x630 [ 18.651254] ret_from_fork+0x10/0x20 [ 18.651293] [ 18.651315] The buggy address belongs to the object at fff00000c648f500 [ 18.651315] which belongs to the cache kmalloc-128 of size 128 [ 18.651378] The buggy address is located 0 bytes inside of [ 18.651378] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.651568] [ 18.651737] The buggy address belongs to the physical page: [ 18.651827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.652048] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.652235] page_type: f5(slab) [ 18.652311] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.652458] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.652560] page dumped because: kasan: bad access detected [ 18.652645] [ 18.652675] Memory state around the buggy address: [ 18.652711] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.652779] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.652976] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.653032] ^ [ 18.653094] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.653142] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.653216] ================================================================== [ 18.654423] ================================================================== [ 18.654500] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 18.654778] Write of size 1 at addr fff00000c648f578 by task kunit_try_catch/285 [ 18.654862] [ 18.655405] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.655520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.655738] Hardware name: linux,dummy-virt (DT) [ 18.656043] Call trace: [ 18.656121] show_stack+0x20/0x38 (C) [ 18.656406] dump_stack_lvl+0x8c/0xd0 [ 18.656817] print_report+0x118/0x5d0 [ 18.656950] kasan_report+0xdc/0x128 [ 18.657339] __asan_report_store1_noabort+0x20/0x30 [ 18.657434] strncpy_from_user+0x270/0x2a0 [ 18.657813] copy_user_test_oob+0x5c0/0xec8 [ 18.657966] kunit_try_run_case+0x170/0x3f0 [ 18.658043] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.658147] kthread+0x328/0x630 [ 18.658195] ret_from_fork+0x10/0x20 [ 18.658287] [ 18.658614] Allocated by task 285: [ 18.658675] kasan_save_stack+0x3c/0x68 [ 18.659039] kasan_save_track+0x20/0x40 [ 18.659195] kasan_save_alloc_info+0x40/0x58 [ 18.659267] __kasan_kmalloc+0xd4/0xd8 [ 18.659632] __kmalloc_noprof+0x198/0x4c8 [ 18.659814] kunit_kmalloc_array+0x34/0x88 [ 18.659947] copy_user_test_oob+0xac/0xec8 [ 18.660037] kunit_try_run_case+0x170/0x3f0 [ 18.660177] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.660279] kthread+0x328/0x630 [ 18.660319] ret_from_fork+0x10/0x20 [ 18.660683] [ 18.660742] The buggy address belongs to the object at fff00000c648f500 [ 18.660742] which belongs to the cache kmalloc-128 of size 128 [ 18.661115] The buggy address is located 0 bytes to the right of [ 18.661115] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.661354] [ 18.661474] The buggy address belongs to the physical page: [ 18.661550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.661617] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.661671] page_type: f5(slab) [ 18.662012] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.662582] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.662945] page dumped because: kasan: bad access detected [ 18.663008] [ 18.663064] Memory state around the buggy address: [ 18.663126] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.663193] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.663250] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.663399] ^ [ 18.663479] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.663529] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.663573] ==================================================================
[ 16.520137] ================================================================== [ 16.520679] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.521225] Write of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.521540] [ 16.521652] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.521741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.521800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.521845] Call Trace: [ 16.521859] <TASK> [ 16.521875] dump_stack_lvl+0x73/0xb0 [ 16.521905] print_report+0xd1/0x610 [ 16.521967] ? __virt_addr_valid+0x1db/0x2d0 [ 16.521991] ? strncpy_from_user+0x2e/0x1d0 [ 16.522034] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.522058] ? strncpy_from_user+0x2e/0x1d0 [ 16.522082] kasan_report+0x141/0x180 [ 16.522118] ? strncpy_from_user+0x2e/0x1d0 [ 16.522147] kasan_check_range+0x10c/0x1c0 [ 16.522171] __kasan_check_write+0x18/0x20 [ 16.522191] strncpy_from_user+0x2e/0x1d0 [ 16.522214] ? __kasan_check_read+0x15/0x20 [ 16.522279] copy_user_test_oob+0x760/0x10f0 [ 16.522343] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.522368] ? finish_task_switch.isra.0+0x153/0x700 [ 16.522392] ? __switch_to+0x47/0xf50 [ 16.522418] ? __schedule+0x10c6/0x2b60 [ 16.522441] ? __pfx_read_tsc+0x10/0x10 [ 16.522463] ? ktime_get_ts64+0x86/0x230 [ 16.522488] kunit_try_run_case+0x1a5/0x480 [ 16.522513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.522537] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.522562] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.522586] ? __kthread_parkme+0x82/0x180 [ 16.522608] ? preempt_count_sub+0x50/0x80 [ 16.522632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.522657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.522681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.522706] kthread+0x337/0x6f0 [ 16.522726] ? trace_preempt_on+0x20/0xc0 [ 16.522751] ? __pfx_kthread+0x10/0x10 [ 16.522772] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.522794] ? calculate_sigpending+0x7b/0xa0 [ 16.522832] ? __pfx_kthread+0x10/0x10 [ 16.522854] ret_from_fork+0x116/0x1d0 [ 16.522873] ? __pfx_kthread+0x10/0x10 [ 16.522894] ret_from_fork_asm+0x1a/0x30 [ 16.522924] </TASK> [ 16.522936] [ 16.532687] Allocated by task 302: [ 16.532890] kasan_save_stack+0x45/0x70 [ 16.533096] kasan_save_track+0x18/0x40 [ 16.533263] kasan_save_alloc_info+0x3b/0x50 [ 16.533417] __kasan_kmalloc+0xb7/0xc0 [ 16.533610] __kmalloc_noprof+0x1c9/0x500 [ 16.533825] kunit_kmalloc_array+0x25/0x60 [ 16.534033] copy_user_test_oob+0xab/0x10f0 [ 16.534437] kunit_try_run_case+0x1a5/0x480 [ 16.534739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.535003] kthread+0x337/0x6f0 [ 16.535242] ret_from_fork+0x116/0x1d0 [ 16.535383] ret_from_fork_asm+0x1a/0x30 [ 16.535526] [ 16.535600] The buggy address belongs to the object at ffff888102b16500 [ 16.535600] which belongs to the cache kmalloc-128 of size 128 [ 16.536330] The buggy address is located 0 bytes inside of [ 16.536330] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.537036] [ 16.537116] The buggy address belongs to the physical page: [ 16.537335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.537870] flags: 0x200000000000000(node=0|zone=2) [ 16.538104] page_type: f5(slab) [ 16.538274] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.539141] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.539498] page dumped because: kasan: bad access detected [ 16.540036] [ 16.540216] Memory state around the buggy address: [ 16.540961] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.541705] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.541947] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.542559] ^ [ 16.543456] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.544269] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.544812] ================================================================== [ 16.545745] ================================================================== [ 16.546230] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.547081] Write of size 1 at addr ffff888102b16578 by task kunit_try_catch/302 [ 16.548210] [ 16.548398] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.548486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.548501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.548523] Call Trace: [ 16.548553] <TASK> [ 16.548570] dump_stack_lvl+0x73/0xb0 [ 16.548600] print_report+0xd1/0x610 [ 16.548625] ? __virt_addr_valid+0x1db/0x2d0 [ 16.548648] ? strncpy_from_user+0x1a5/0x1d0 [ 16.548672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.548696] ? strncpy_from_user+0x1a5/0x1d0 [ 16.548721] kasan_report+0x141/0x180 [ 16.548744] ? strncpy_from_user+0x1a5/0x1d0 [ 16.548772] __asan_report_store1_noabort+0x1b/0x30 [ 16.548798] strncpy_from_user+0x1a5/0x1d0 [ 16.548836] copy_user_test_oob+0x760/0x10f0 [ 16.548869] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.548893] ? finish_task_switch.isra.0+0x153/0x700 [ 16.548916] ? __switch_to+0x47/0xf50 [ 16.548942] ? __schedule+0x10c6/0x2b60 [ 16.548965] ? __pfx_read_tsc+0x10/0x10 [ 16.548987] ? ktime_get_ts64+0x86/0x230 [ 16.549011] kunit_try_run_case+0x1a5/0x480 [ 16.549037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.549060] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.549086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.549129] ? __kthread_parkme+0x82/0x180 [ 16.549150] ? preempt_count_sub+0x50/0x80 [ 16.549174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.549199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.549224] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.549249] kthread+0x337/0x6f0 [ 16.549269] ? trace_preempt_on+0x20/0xc0 [ 16.549293] ? __pfx_kthread+0x10/0x10 [ 16.549315] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.549337] ? calculate_sigpending+0x7b/0xa0 [ 16.549361] ? __pfx_kthread+0x10/0x10 [ 16.549383] ret_from_fork+0x116/0x1d0 [ 16.549402] ? __pfx_kthread+0x10/0x10 [ 16.549423] ret_from_fork_asm+0x1a/0x30 [ 16.549455] </TASK> [ 16.549466] [ 16.557971] Allocated by task 302: [ 16.558137] kasan_save_stack+0x45/0x70 [ 16.558285] kasan_save_track+0x18/0x40 [ 16.558425] kasan_save_alloc_info+0x3b/0x50 [ 16.558727] __kasan_kmalloc+0xb7/0xc0 [ 16.558938] __kmalloc_noprof+0x1c9/0x500 [ 16.559153] kunit_kmalloc_array+0x25/0x60 [ 16.559361] copy_user_test_oob+0xab/0x10f0 [ 16.559549] kunit_try_run_case+0x1a5/0x480 [ 16.559700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.559890] kthread+0x337/0x6f0 [ 16.560015] ret_from_fork+0x116/0x1d0 [ 16.560199] ret_from_fork_asm+0x1a/0x30 [ 16.560395] [ 16.560514] The buggy address belongs to the object at ffff888102b16500 [ 16.560514] which belongs to the cache kmalloc-128 of size 128 [ 16.561020] The buggy address is located 0 bytes to the right of [ 16.561020] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.561599] [ 16.561700] The buggy address belongs to the physical page: [ 16.561992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.562450] flags: 0x200000000000000(node=0|zone=2) [ 16.562693] page_type: f5(slab) [ 16.562904] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.563255] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.563497] page dumped because: kasan: bad access detected [ 16.563777] [ 16.563886] Memory state around the buggy address: [ 16.564129] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.564438] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.564737] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.565054] ^ [ 16.565418] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.565733] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.566055] ==================================================================