Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 66.442063] ================================================================== [ 66.449163] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 66.456015] Write of size 121 at addr ffff000800db1a00 by task kunit_try_catch/332 [ 66.463567] [ 66.465051] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 66.465107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.465123] Hardware name: WinLink E850-96 board (DT) [ 66.465145] Call trace: [ 66.465159] show_stack+0x20/0x38 (C) [ 66.465195] dump_stack_lvl+0x8c/0xd0 [ 66.465230] print_report+0x118/0x608 [ 66.465267] kasan_report+0xdc/0x128 [ 66.465299] kasan_check_range+0x100/0x1a8 [ 66.465337] __kasan_check_write+0x20/0x30 [ 66.465368] strncpy_from_user+0x3c/0x2a0 [ 66.465405] copy_user_test_oob+0x5c0/0xec8 [ 66.465438] kunit_try_run_case+0x170/0x3f0 [ 66.465473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.465511] kthread+0x328/0x630 [ 66.465539] ret_from_fork+0x10/0x20 [ 66.465575] [ 66.535267] Allocated by task 332: [ 66.538653] kasan_save_stack+0x3c/0x68 [ 66.542472] kasan_save_track+0x20/0x40 [ 66.546291] kasan_save_alloc_info+0x40/0x58 [ 66.550545] __kasan_kmalloc+0xd4/0xd8 [ 66.554277] __kmalloc_noprof+0x198/0x4c8 [ 66.558270] kunit_kmalloc_array+0x34/0x88 [ 66.562350] copy_user_test_oob+0xac/0xec8 [ 66.566430] kunit_try_run_case+0x170/0x3f0 [ 66.570596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.576065] kthread+0x328/0x630 [ 66.579277] ret_from_fork+0x10/0x20 [ 66.582836] [ 66.584312] The buggy address belongs to the object at ffff000800db1a00 [ 66.584312] which belongs to the cache kmalloc-128 of size 128 [ 66.596812] The buggy address is located 0 bytes inside of [ 66.596812] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 66.609224] [ 66.610700] The buggy address belongs to the physical page: [ 66.616257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 66.624243] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.631882] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.638825] page_type: f5(slab) [ 66.641961] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.649682] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.657408] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.665220] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.673033] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 66.680845] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.688650] page dumped because: kasan: bad access detected [ 66.694206] [ 66.695681] Memory state around the buggy address: [ 66.700461] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.707665] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.714869] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.722070] ^ [ 66.729192] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.736396] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.743598] ================================================================== [ 66.750997] ================================================================== [ 66.758013] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 66.764952] Write of size 1 at addr ffff000800db1a78 by task kunit_try_catch/332 [ 66.772330] [ 66.773812] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 66.773865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.773883] Hardware name: WinLink E850-96 board (DT) [ 66.773906] Call trace: [ 66.773923] show_stack+0x20/0x38 (C) [ 66.773962] dump_stack_lvl+0x8c/0xd0 [ 66.774000] print_report+0x118/0x608 [ 66.774035] kasan_report+0xdc/0x128 [ 66.774069] __asan_report_store1_noabort+0x20/0x30 [ 66.774102] strncpy_from_user+0x270/0x2a0 [ 66.774139] copy_user_test_oob+0x5c0/0xec8 [ 66.774174] kunit_try_run_case+0x170/0x3f0 [ 66.774211] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.774250] kthread+0x328/0x630 [ 66.774276] ret_from_fork+0x10/0x20 [ 66.774313] [ 66.840818] Allocated by task 332: [ 66.844204] kasan_save_stack+0x3c/0x68 [ 66.848023] kasan_save_track+0x20/0x40 [ 66.851842] kasan_save_alloc_info+0x40/0x58 [ 66.856096] __kasan_kmalloc+0xd4/0xd8 [ 66.859828] __kmalloc_noprof+0x198/0x4c8 [ 66.863821] kunit_kmalloc_array+0x34/0x88 [ 66.867901] copy_user_test_oob+0xac/0xec8 [ 66.871981] kunit_try_run_case+0x170/0x3f0 [ 66.876147] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.881616] kthread+0x328/0x630 [ 66.884828] ret_from_fork+0x10/0x20 [ 66.888387] [ 66.889862] The buggy address belongs to the object at ffff000800db1a00 [ 66.889862] which belongs to the cache kmalloc-128 of size 128 [ 66.902363] The buggy address is located 0 bytes to the right of [ 66.902363] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 66.915296] [ 66.916774] The buggy address belongs to the physical page: [ 66.922328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 66.930313] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.937954] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.944898] page_type: f5(slab) [ 66.948030] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.955754] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.963480] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.971291] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.979105] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 66.986917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.994722] page dumped because: kasan: bad access detected [ 67.000277] [ 67.001753] Memory state around the buggy address: [ 67.006533] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.013736] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.020941] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 67.028142] ^ [ 67.035263] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.042468] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.049669] ==================================================================
[ 30.757086] ================================================================== [ 30.757242] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 30.757366] Write of size 1 at addr fff00000c6431d78 by task kunit_try_catch/285 [ 30.757741] [ 30.757905] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.758278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.758487] Hardware name: linux,dummy-virt (DT) [ 30.758570] Call trace: [ 30.758626] show_stack+0x20/0x38 (C) [ 30.758753] dump_stack_lvl+0x8c/0xd0 [ 30.758884] print_report+0x118/0x608 [ 30.759033] kasan_report+0xdc/0x128 [ 30.759227] __asan_report_store1_noabort+0x20/0x30 [ 30.759416] strncpy_from_user+0x270/0x2a0 [ 30.760054] copy_user_test_oob+0x5c0/0xec8 [ 30.760439] kunit_try_run_case+0x170/0x3f0 [ 30.760611] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.760763] kthread+0x328/0x630 [ 30.760965] ret_from_fork+0x10/0x20 [ 30.761113] [ 30.761259] Allocated by task 285: [ 30.761487] kasan_save_stack+0x3c/0x68 [ 30.761799] kasan_save_track+0x20/0x40 [ 30.762142] kasan_save_alloc_info+0x40/0x58 [ 30.762296] __kasan_kmalloc+0xd4/0xd8 [ 30.762399] __kmalloc_noprof+0x198/0x4c8 [ 30.762542] kunit_kmalloc_array+0x34/0x88 [ 30.762704] copy_user_test_oob+0xac/0xec8 [ 30.762877] kunit_try_run_case+0x170/0x3f0 [ 30.763042] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.763275] kthread+0x328/0x630 [ 30.763429] ret_from_fork+0x10/0x20 [ 30.763856] [ 30.763944] The buggy address belongs to the object at fff00000c6431d00 [ 30.763944] which belongs to the cache kmalloc-128 of size 128 [ 30.764140] The buggy address is located 0 bytes to the right of [ 30.764140] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.764322] [ 30.764395] The buggy address belongs to the physical page: [ 30.764485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.764638] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.764894] page_type: f5(slab) [ 30.765080] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.765221] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.765352] page dumped because: kasan: bad access detected [ 30.765528] [ 30.765575] Memory state around the buggy address: [ 30.765803] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.766072] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.766327] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.766424] ^ [ 30.766562] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.766683] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.766830] ================================================================== [ 30.743605] ================================================================== [ 30.743710] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 30.743830] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.743979] [ 30.744060] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.744257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.744330] Hardware name: linux,dummy-virt (DT) [ 30.744408] Call trace: [ 30.744460] show_stack+0x20/0x38 (C) [ 30.744589] dump_stack_lvl+0x8c/0xd0 [ 30.744710] print_report+0x118/0x608 [ 30.744828] kasan_report+0xdc/0x128 [ 30.745013] kasan_check_range+0x100/0x1a8 [ 30.745176] __kasan_check_write+0x20/0x30 [ 30.745321] strncpy_from_user+0x3c/0x2a0 [ 30.745475] copy_user_test_oob+0x5c0/0xec8 [ 30.746697] kunit_try_run_case+0x170/0x3f0 [ 30.747174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.747365] kthread+0x328/0x630 [ 30.747506] ret_from_fork+0x10/0x20 [ 30.747639] [ 30.747689] Allocated by task 285: [ 30.747817] kasan_save_stack+0x3c/0x68 [ 30.748509] kasan_save_track+0x20/0x40 [ 30.748617] kasan_save_alloc_info+0x40/0x58 [ 30.748756] __kasan_kmalloc+0xd4/0xd8 [ 30.749057] __kmalloc_noprof+0x198/0x4c8 [ 30.749238] kunit_kmalloc_array+0x34/0x88 [ 30.749428] copy_user_test_oob+0xac/0xec8 [ 30.749582] kunit_try_run_case+0x170/0x3f0 [ 30.749721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.749987] kthread+0x328/0x630 [ 30.750096] ret_from_fork+0x10/0x20 [ 30.750281] [ 30.750828] The buggy address belongs to the object at fff00000c6431d00 [ 30.750828] which belongs to the cache kmalloc-128 of size 128 [ 30.751167] The buggy address is located 0 bytes inside of [ 30.751167] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.751435] [ 30.751541] The buggy address belongs to the physical page: [ 30.751622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.751759] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.751888] page_type: f5(slab) [ 30.752034] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.752206] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.752328] page dumped because: kasan: bad access detected [ 30.752437] [ 30.752498] Memory state around the buggy address: [ 30.752616] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.752734] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.752848] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.753675] ^ [ 30.753914] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.754330] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.754458] ==================================================================
[ 30.867696] ================================================================== [ 30.867787] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 30.867925] Write of size 121 at addr fff00000c7772a00 by task kunit_try_catch/285 [ 30.868061] [ 30.868134] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.868328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.868396] Hardware name: linux,dummy-virt (DT) [ 30.868479] Call trace: [ 30.869138] show_stack+0x20/0x38 (C) [ 30.869395] dump_stack_lvl+0x8c/0xd0 [ 30.869616] print_report+0x118/0x608 [ 30.870059] kasan_report+0xdc/0x128 [ 30.870489] kasan_check_range+0x100/0x1a8 [ 30.870647] __kasan_check_write+0x20/0x30 [ 30.870873] strncpy_from_user+0x3c/0x2a0 [ 30.871003] copy_user_test_oob+0x5c0/0xec8 [ 30.871184] kunit_try_run_case+0x170/0x3f0 [ 30.871342] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.871503] kthread+0x328/0x630 [ 30.871629] ret_from_fork+0x10/0x20 [ 30.871810] [ 30.871932] Allocated by task 285: [ 30.872002] kasan_save_stack+0x3c/0x68 [ 30.872187] kasan_save_track+0x20/0x40 [ 30.872352] kasan_save_alloc_info+0x40/0x58 [ 30.872615] __kasan_kmalloc+0xd4/0xd8 [ 30.872754] __kmalloc_noprof+0x198/0x4c8 [ 30.872889] kunit_kmalloc_array+0x34/0x88 [ 30.872988] copy_user_test_oob+0xac/0xec8 [ 30.873181] kunit_try_run_case+0x170/0x3f0 [ 30.873279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.873481] kthread+0x328/0x630 [ 30.873567] ret_from_fork+0x10/0x20 [ 30.873677] [ 30.873777] The buggy address belongs to the object at fff00000c7772a00 [ 30.873777] which belongs to the cache kmalloc-128 of size 128 [ 30.873928] The buggy address is located 0 bytes inside of [ 30.873928] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.874093] [ 30.874145] The buggy address belongs to the physical page: [ 30.874489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.874649] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.874920] page_type: f5(slab) [ 30.875039] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.875173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.875283] page dumped because: kasan: bad access detected [ 30.875395] [ 30.875524] Memory state around the buggy address: [ 30.875642] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.875756] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.875899] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.876003] ^ [ 30.876116] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.876853] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.876963] ================================================================== [ 30.879852] ================================================================== [ 30.880132] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 30.880243] Write of size 1 at addr fff00000c7772a78 by task kunit_try_catch/285 [ 30.880552] [ 30.880637] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.880854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.880927] Hardware name: linux,dummy-virt (DT) [ 30.881003] Call trace: [ 30.881577] show_stack+0x20/0x38 (C) [ 30.881737] dump_stack_lvl+0x8c/0xd0 [ 30.882269] print_report+0x118/0x608 [ 30.882404] kasan_report+0xdc/0x128 [ 30.882529] __asan_report_store1_noabort+0x20/0x30 [ 30.882667] strncpy_from_user+0x270/0x2a0 [ 30.883181] copy_user_test_oob+0x5c0/0xec8 [ 30.884079] kunit_try_run_case+0x170/0x3f0 [ 30.884328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.884479] kthread+0x328/0x630 [ 30.884602] ret_from_fork+0x10/0x20 [ 30.884742] [ 30.884819] Allocated by task 285: [ 30.884911] kasan_save_stack+0x3c/0x68 [ 30.885017] kasan_save_track+0x20/0x40 [ 30.885191] kasan_save_alloc_info+0x40/0x58 [ 30.885360] __kasan_kmalloc+0xd4/0xd8 [ 30.885466] __kmalloc_noprof+0x198/0x4c8 [ 30.885581] kunit_kmalloc_array+0x34/0x88 [ 30.885729] copy_user_test_oob+0xac/0xec8 [ 30.885872] kunit_try_run_case+0x170/0x3f0 [ 30.885996] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.886128] kthread+0x328/0x630 [ 30.886363] ret_from_fork+0x10/0x20 [ 30.886469] [ 30.886642] The buggy address belongs to the object at fff00000c7772a00 [ 30.886642] which belongs to the cache kmalloc-128 of size 128 [ 30.886790] The buggy address is located 0 bytes to the right of [ 30.886790] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.886968] [ 30.887024] The buggy address belongs to the physical page: [ 30.887139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.887276] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.887415] page_type: f5(slab) [ 30.887534] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.887664] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.887772] page dumped because: kasan: bad access detected [ 30.887882] [ 30.887931] Memory state around the buggy address: [ 30.888147] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.888265] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.888383] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.888482] ^ [ 30.888587] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.888696] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.888795] ==================================================================
[ 26.932329] ================================================================== [ 26.933322] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 26.933915] Write of size 121 at addr ffff8881039c8700 by task kunit_try_catch/303 [ 26.935371] [ 26.935928] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.936067] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.936111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.936179] Call Trace: [ 26.936232] <TASK> [ 26.936315] dump_stack_lvl+0x73/0xb0 [ 26.936420] print_report+0xd1/0x650 [ 26.936465] ? __virt_addr_valid+0x1db/0x2d0 [ 26.936530] ? strncpy_from_user+0x2e/0x1d0 [ 26.936569] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.936605] ? strncpy_from_user+0x2e/0x1d0 [ 26.936635] kasan_report+0x141/0x180 [ 26.936668] ? strncpy_from_user+0x2e/0x1d0 [ 26.936703] kasan_check_range+0x10c/0x1c0 [ 26.936739] __kasan_check_write+0x18/0x20 [ 26.936769] strncpy_from_user+0x2e/0x1d0 [ 26.936797] ? __kasan_check_read+0x15/0x20 [ 26.936829] copy_user_test_oob+0x760/0x10f0 [ 26.936866] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.936904] ? finish_task_switch.isra.0+0x153/0x700 [ 26.936939] ? __switch_to+0x47/0xf50 [ 26.936978] ? __schedule+0x10cc/0x2b60 [ 26.937013] ? __pfx_read_tsc+0x10/0x10 [ 26.937046] ? ktime_get_ts64+0x86/0x230 [ 26.937083] kunit_try_run_case+0x1a5/0x480 [ 26.937124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.937161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.937199] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.937255] ? __kthread_parkme+0x82/0x180 [ 26.937302] ? preempt_count_sub+0x50/0x80 [ 26.937340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.937385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.937424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.937463] kthread+0x337/0x6f0 [ 26.937511] ? trace_preempt_on+0x20/0xc0 [ 26.937560] ? __pfx_kthread+0x10/0x10 [ 26.937593] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.937644] ? calculate_sigpending+0x7b/0xa0 [ 26.937683] ? __pfx_kthread+0x10/0x10 [ 26.937717] ret_from_fork+0x116/0x1d0 [ 26.937747] ? __pfx_kthread+0x10/0x10 [ 26.937780] ret_from_fork_asm+0x1a/0x30 [ 26.937826] </TASK> [ 26.937844] [ 26.956703] Allocated by task 303: [ 26.957177] kasan_save_stack+0x45/0x70 [ 26.957715] kasan_save_track+0x18/0x40 [ 26.958155] kasan_save_alloc_info+0x3b/0x50 [ 26.958706] __kasan_kmalloc+0xb7/0xc0 [ 26.959125] __kmalloc_noprof+0x1c9/0x500 [ 26.959626] kunit_kmalloc_array+0x25/0x60 [ 26.960125] copy_user_test_oob+0xab/0x10f0 [ 26.960605] kunit_try_run_case+0x1a5/0x480 [ 26.960975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.961637] kthread+0x337/0x6f0 [ 26.962066] ret_from_fork+0x116/0x1d0 [ 26.962597] ret_from_fork_asm+0x1a/0x30 [ 26.963064] [ 26.963283] The buggy address belongs to the object at ffff8881039c8700 [ 26.963283] which belongs to the cache kmalloc-128 of size 128 [ 26.964340] The buggy address is located 0 bytes inside of [ 26.964340] allocated 120-byte region [ffff8881039c8700, ffff8881039c8778) [ 26.965376] [ 26.965595] The buggy address belongs to the physical page: [ 26.966211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 26.967029] flags: 0x200000000000000(node=0|zone=2) [ 26.967664] page_type: f5(slab) [ 26.968056] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.968835] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.969413] page dumped because: kasan: bad access detected [ 26.969985] [ 26.970317] Memory state around the buggy address: [ 26.970843] ffff8881039c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.971340] ffff8881039c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.974679] >ffff8881039c8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.975765] ^ [ 26.976178] ffff8881039c8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.978834] ffff8881039c8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.980379] ================================================================== [ 26.983258] ================================================================== [ 26.984979] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 26.986858] Write of size 1 at addr ffff8881039c8778 by task kunit_try_catch/303 [ 26.988679] [ 26.989714] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.989861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.989889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.989941] Call Trace: [ 26.989968] <TASK> [ 26.989995] dump_stack_lvl+0x73/0xb0 [ 26.990057] print_report+0xd1/0x650 [ 26.990099] ? __virt_addr_valid+0x1db/0x2d0 [ 26.990138] ? strncpy_from_user+0x1a5/0x1d0 [ 26.990175] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.990216] ? strncpy_from_user+0x1a5/0x1d0 [ 26.990286] kasan_report+0x141/0x180 [ 26.990326] ? strncpy_from_user+0x1a5/0x1d0 [ 26.990368] __asan_report_store1_noabort+0x1b/0x30 [ 26.990411] strncpy_from_user+0x1a5/0x1d0 [ 26.990447] copy_user_test_oob+0x760/0x10f0 [ 26.990489] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.990567] ? finish_task_switch.isra.0+0x153/0x700 [ 26.990609] ? __switch_to+0x47/0xf50 [ 26.990651] ? __schedule+0x10cc/0x2b60 [ 26.990688] ? __pfx_read_tsc+0x10/0x10 [ 26.990724] ? ktime_get_ts64+0x86/0x230 [ 26.990763] kunit_try_run_case+0x1a5/0x480 [ 26.990808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.990849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.990889] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.990932] ? __kthread_parkme+0x82/0x180 [ 26.990965] ? preempt_count_sub+0x50/0x80 [ 26.991002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.991044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.991086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.991130] kthread+0x337/0x6f0 [ 26.991161] ? trace_preempt_on+0x20/0xc0 [ 26.991200] ? __pfx_kthread+0x10/0x10 [ 26.991269] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.991312] ? calculate_sigpending+0x7b/0xa0 [ 26.991353] ? __pfx_kthread+0x10/0x10 [ 26.991389] ret_from_fork+0x116/0x1d0 [ 26.991419] ? __pfx_kthread+0x10/0x10 [ 26.991451] ret_from_fork_asm+0x1a/0x30 [ 26.991519] </TASK> [ 26.991558] [ 27.011515] Allocated by task 303: [ 27.012003] kasan_save_stack+0x45/0x70 [ 27.012643] kasan_save_track+0x18/0x40 [ 27.013146] kasan_save_alloc_info+0x3b/0x50 [ 27.013648] __kasan_kmalloc+0xb7/0xc0 [ 27.014074] __kmalloc_noprof+0x1c9/0x500 [ 27.014520] kunit_kmalloc_array+0x25/0x60 [ 27.014882] copy_user_test_oob+0xab/0x10f0 [ 27.015334] kunit_try_run_case+0x1a5/0x480 [ 27.015803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.016362] kthread+0x337/0x6f0 [ 27.016698] ret_from_fork+0x116/0x1d0 [ 27.017108] ret_from_fork_asm+0x1a/0x30 [ 27.017599] [ 27.017837] The buggy address belongs to the object at ffff8881039c8700 [ 27.017837] which belongs to the cache kmalloc-128 of size 128 [ 27.018869] The buggy address is located 0 bytes to the right of [ 27.018869] allocated 120-byte region [ffff8881039c8700, ffff8881039c8778) [ 27.019816] [ 27.020064] The buggy address belongs to the physical page: [ 27.020619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 27.021306] flags: 0x200000000000000(node=0|zone=2) [ 27.021853] page_type: f5(slab) [ 27.023172] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.023842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.024362] page dumped because: kasan: bad access detected [ 27.024751] [ 27.024989] Memory state around the buggy address: [ 27.025457] ffff8881039c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.026899] ffff8881039c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.027407] >ffff8881039c8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.027935] ^ [ 27.028459] ffff8881039c8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.029071] ffff8881039c8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.029828] ==================================================================
[ 25.380216] ================================================================== [ 25.381431] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 25.382280] Write of size 1 at addr ffff8881038d5f78 by task kunit_try_catch/303 [ 25.382969] [ 25.383160] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 25.383225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.383245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.383276] Call Trace: [ 25.383294] <TASK> [ 25.383314] dump_stack_lvl+0x73/0xb0 [ 25.383357] print_report+0xd1/0x650 [ 25.383392] ? __virt_addr_valid+0x1db/0x2d0 [ 25.383425] ? strncpy_from_user+0x1a5/0x1d0 [ 25.383455] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.383488] ? strncpy_from_user+0x1a5/0x1d0 [ 25.383516] kasan_report+0x141/0x180 [ 25.383548] ? strncpy_from_user+0x1a5/0x1d0 [ 25.383582] __asan_report_store1_noabort+0x1b/0x30 [ 25.383619] strncpy_from_user+0x1a5/0x1d0 [ 25.383651] copy_user_test_oob+0x760/0x10f0 [ 25.383690] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.383723] ? finish_task_switch.isra.0+0x153/0x700 [ 25.383755] ? __switch_to+0x47/0xf50 [ 25.383791] ? __schedule+0x10cc/0x2b60 [ 25.383823] ? __pfx_read_tsc+0x10/0x10 [ 25.383852] ? ktime_get_ts64+0x86/0x230 [ 25.383951] kunit_try_run_case+0x1a5/0x480 [ 25.384042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.384142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.384221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.384303] ? __kthread_parkme+0x82/0x180 [ 25.384375] ? preempt_count_sub+0x50/0x80 [ 25.384459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.384545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.384630] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.384742] kthread+0x337/0x6f0 [ 25.384836] ? trace_preempt_on+0x20/0xc0 [ 25.384939] ? __pfx_kthread+0x10/0x10 [ 25.385017] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.385111] ? calculate_sigpending+0x7b/0xa0 [ 25.385199] ? __pfx_kthread+0x10/0x10 [ 25.385279] ret_from_fork+0x116/0x1d0 [ 25.385352] ? __pfx_kthread+0x10/0x10 [ 25.385428] ret_from_fork_asm+0x1a/0x30 [ 25.385531] </TASK> [ 25.385572] [ 25.406318] Allocated by task 303: [ 25.406662] kasan_save_stack+0x45/0x70 [ 25.407106] kasan_save_track+0x18/0x40 [ 25.408015] kasan_save_alloc_info+0x3b/0x50 [ 25.408676] __kasan_kmalloc+0xb7/0xc0 [ 25.409007] __kmalloc_noprof+0x1c9/0x500 [ 25.409314] kunit_kmalloc_array+0x25/0x60 [ 25.410578] copy_user_test_oob+0xab/0x10f0 [ 25.410962] kunit_try_run_case+0x1a5/0x480 [ 25.411521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.412068] kthread+0x337/0x6f0 [ 25.412755] ret_from_fork+0x116/0x1d0 [ 25.413694] ret_from_fork_asm+0x1a/0x30 [ 25.414061] [ 25.414395] The buggy address belongs to the object at ffff8881038d5f00 [ 25.414395] which belongs to the cache kmalloc-128 of size 128 [ 25.415763] The buggy address is located 0 bytes to the right of [ 25.415763] allocated 120-byte region [ffff8881038d5f00, ffff8881038d5f78) [ 25.417433] [ 25.417843] The buggy address belongs to the physical page: [ 25.418424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.419305] flags: 0x200000000000000(node=0|zone=2) [ 25.419928] page_type: f5(slab) [ 25.420448] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.421043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.421972] page dumped because: kasan: bad access detected [ 25.422629] [ 25.423026] Memory state around the buggy address: [ 25.423531] ffff8881038d5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.424072] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.425140] >ffff8881038d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.425965] ^ [ 25.426663] ffff8881038d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.427247] ffff8881038d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.428092] ================================================================== [ 25.322700] ================================================================== [ 25.326285] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 25.328026] Write of size 121 at addr ffff8881038d5f00 by task kunit_try_catch/303 [ 25.330157] [ 25.330699] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 25.330803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.330835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.330902] Call Trace: [ 25.330938] <TASK> [ 25.330978] dump_stack_lvl+0x73/0xb0 [ 25.331052] print_report+0xd1/0x650 [ 25.331540] ? __virt_addr_valid+0x1db/0x2d0 [ 25.331621] ? strncpy_from_user+0x2e/0x1d0 [ 25.331682] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.331751] ? strncpy_from_user+0x2e/0x1d0 [ 25.331806] kasan_report+0x141/0x180 [ 25.331861] ? strncpy_from_user+0x2e/0x1d0 [ 25.331953] kasan_check_range+0x10c/0x1c0 [ 25.332032] __kasan_check_write+0x18/0x20 [ 25.332090] strncpy_from_user+0x2e/0x1d0 [ 25.332194] ? __kasan_check_read+0x15/0x20 [ 25.332267] copy_user_test_oob+0x760/0x10f0 [ 25.332350] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.332409] ? finish_task_switch.isra.0+0x153/0x700 [ 25.332466] ? __switch_to+0x47/0xf50 [ 25.332526] ? __schedule+0x10cc/0x2b60 [ 25.332580] ? __pfx_read_tsc+0x10/0x10 [ 25.332633] ? ktime_get_ts64+0x86/0x230 [ 25.332695] kunit_try_run_case+0x1a5/0x480 [ 25.332756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.332823] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.332898] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.332962] ? __kthread_parkme+0x82/0x180 [ 25.333016] ? preempt_count_sub+0x50/0x80 [ 25.333077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.333193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.333267] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.333340] kthread+0x337/0x6f0 [ 25.333406] ? trace_preempt_on+0x20/0xc0 [ 25.333477] ? __pfx_kthread+0x10/0x10 [ 25.333544] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.333618] ? calculate_sigpending+0x7b/0xa0 [ 25.333686] ? __pfx_kthread+0x10/0x10 [ 25.333737] ret_from_fork+0x116/0x1d0 [ 25.333785] ? __pfx_kthread+0x10/0x10 [ 25.333838] ret_from_fork_asm+0x1a/0x30 [ 25.333944] </TASK> [ 25.333981] [ 25.358466] Allocated by task 303: [ 25.358946] kasan_save_stack+0x45/0x70 [ 25.359418] kasan_save_track+0x18/0x40 [ 25.359895] kasan_save_alloc_info+0x3b/0x50 [ 25.360637] __kasan_kmalloc+0xb7/0xc0 [ 25.360975] __kmalloc_noprof+0x1c9/0x500 [ 25.362203] kunit_kmalloc_array+0x25/0x60 [ 25.362442] copy_user_test_oob+0xab/0x10f0 [ 25.362624] kunit_try_run_case+0x1a5/0x480 [ 25.362799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.363156] kthread+0x337/0x6f0 [ 25.363871] ret_from_fork+0x116/0x1d0 [ 25.364686] ret_from_fork_asm+0x1a/0x30 [ 25.365033] [ 25.365590] The buggy address belongs to the object at ffff8881038d5f00 [ 25.365590] which belongs to the cache kmalloc-128 of size 128 [ 25.367037] The buggy address is located 0 bytes inside of [ 25.367037] allocated 120-byte region [ffff8881038d5f00, ffff8881038d5f78) [ 25.368132] [ 25.368489] The buggy address belongs to the physical page: [ 25.369521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.370514] flags: 0x200000000000000(node=0|zone=2) [ 25.370950] page_type: f5(slab) [ 25.371359] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.372237] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.372837] page dumped because: kasan: bad access detected [ 25.373672] [ 25.373846] Memory state around the buggy address: [ 25.374386] ffff8881038d5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.374922] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.375978] >ffff8881038d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.376860] ^ [ 25.377604] ffff8881038d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.378332] ffff8881038d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.379088] ==================================================================
[ 23.495943] ================================================================== [ 23.496582] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 23.497199] Write of size 121 at addr ffff00000c5d5400 by task kunit_try_catch/338 [ 23.497867] [ 23.498005] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.498020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.498024] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.498029] Call trace: [ 23.498033] show_stack+0x20/0x38 (C) [ 23.498042] dump_stack_lvl+0x8c/0xd0 [ 23.498052] print_report+0x118/0x608 [ 23.498062] kasan_report+0xdc/0x128 [ 23.498072] kasan_check_range+0x100/0x1a8 [ 23.498083] __kasan_check_write+0x20/0x30 [ 23.498091] strncpy_from_user+0x3c/0x2a0 [ 23.498102] copy_user_test_oob+0x5c0/0xec8 [ 23.498112] kunit_try_run_case+0x170/0x3f0 [ 23.498122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.498134] kthread+0x328/0x630 [ 23.498141] ret_from_fork+0x10/0x20 [ 23.498150] [ 23.504271] Allocated by task 338: [ 23.504576] kasan_save_stack+0x3c/0x68 [ 23.504921] kasan_save_track+0x20/0x40 [ 23.505267] kasan_save_alloc_info+0x40/0x58 [ 23.505651] __kasan_kmalloc+0xd4/0xd8 [ 23.505990] __kmalloc_noprof+0x198/0x4c8 [ 23.506351] kunit_kmalloc_array+0x34/0x88 [ 23.506720] copy_user_test_oob+0xac/0xec8 [ 23.507089] kunit_try_run_case+0x170/0x3f0 [ 23.507465] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.507954] kthread+0x328/0x630 [ 23.508245] ret_from_fork+0x10/0x20 [ 23.508567] [ 23.508704] The buggy address belongs to the object at ffff00000c5d5400 [ 23.508704] which belongs to the cache kmalloc-128 of size 128 [ 23.509802] The buggy address is located 0 bytes inside of [ 23.509802] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.510893] [ 23.511031] The buggy address belongs to the physical page: [ 23.511523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.512215] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.512794] page_type: f5(slab) [ 23.513077] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.513762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.514444] page dumped because: kasan: bad access detected [ 23.514936] [ 23.515074] Memory state around the buggy address: [ 23.515499] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.516136] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.516773] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.517409] ^ [ 23.518039] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.518676] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.519311] ================================================================== [ 23.519967] ================================================================== [ 23.520604] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 23.521222] Write of size 1 at addr ffff00000c5d5478 by task kunit_try_catch/338 [ 23.521875] [ 23.522014] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.522028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.522033] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.522038] Call trace: [ 23.522041] show_stack+0x20/0x38 (C) [ 23.522050] dump_stack_lvl+0x8c/0xd0 [ 23.522060] print_report+0x118/0x608 [ 23.522071] kasan_report+0xdc/0x128 [ 23.522080] __asan_report_store1_noabort+0x20/0x30 [ 23.522089] strncpy_from_user+0x270/0x2a0 [ 23.522100] copy_user_test_oob+0x5c0/0xec8 [ 23.522110] kunit_try_run_case+0x170/0x3f0 [ 23.522120] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.522132] kthread+0x328/0x630 [ 23.522139] ret_from_fork+0x10/0x20 [ 23.522149] [ 23.527985] Allocated by task 338: [ 23.528289] kasan_save_stack+0x3c/0x68 [ 23.528636] kasan_save_track+0x20/0x40 [ 23.528981] kasan_save_alloc_info+0x40/0x58 [ 23.529366] __kasan_kmalloc+0xd4/0xd8 [ 23.529704] __kmalloc_noprof+0x198/0x4c8 [ 23.530065] kunit_kmalloc_array+0x34/0x88 [ 23.530434] copy_user_test_oob+0xac/0xec8 [ 23.530802] kunit_try_run_case+0x170/0x3f0 [ 23.531178] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.531669] kthread+0x328/0x630 [ 23.531959] ret_from_fork+0x10/0x20 [ 23.532281] [ 23.532418] The buggy address belongs to the object at ffff00000c5d5400 [ 23.532418] which belongs to the cache kmalloc-128 of size 128 [ 23.533516] The buggy address is located 0 bytes to the right of [ 23.533516] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.534653] [ 23.534790] The buggy address belongs to the physical page: [ 23.535282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.535974] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.536551] page_type: f5(slab) [ 23.536834] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.537518] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.538199] page dumped because: kasan: bad access detected [ 23.538691] [ 23.538827] Memory state around the buggy address: [ 23.539253] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.539890] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.540528] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.541164] ^ [ 23.541792] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.542429] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.543065] ==================================================================