Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.098946] ================================================================== [ 19.099006] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.099063] Write of size 121 at addr fff00000c58c3b00 by task kunit_try_catch/286 [ 19.099124] [ 19.099309] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.099481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.099637] Hardware name: linux,dummy-virt (DT) [ 19.099808] Call trace: [ 19.099936] show_stack+0x20/0x38 (C) [ 19.100030] dump_stack_lvl+0x8c/0xd0 [ 19.100082] print_report+0x118/0x5d0 [ 19.100232] kasan_report+0xdc/0x128 [ 19.100322] kasan_check_range+0x100/0x1a8 [ 19.100374] __kasan_check_write+0x20/0x30 [ 19.100425] strncpy_from_user+0x3c/0x2a0 [ 19.100475] copy_user_test_oob+0x5c0/0xec8 [ 19.100524] kunit_try_run_case+0x170/0x3f0 [ 19.100572] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.101007] kthread+0x328/0x630 [ 19.101101] ret_from_fork+0x10/0x20 [ 19.101223] [ 19.101307] Allocated by task 286: [ 19.101340] kasan_save_stack+0x3c/0x68 [ 19.101401] kasan_save_track+0x20/0x40 [ 19.101458] kasan_save_alloc_info+0x40/0x58 [ 19.101564] __kasan_kmalloc+0xd4/0xd8 [ 19.101631] __kmalloc_noprof+0x198/0x4c8 [ 19.101727] kunit_kmalloc_array+0x34/0x88 [ 19.101783] copy_user_test_oob+0xac/0xec8 [ 19.101837] kunit_try_run_case+0x170/0x3f0 [ 19.101876] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.101921] kthread+0x328/0x630 [ 19.101956] ret_from_fork+0x10/0x20 [ 19.102042] [ 19.102066] The buggy address belongs to the object at fff00000c58c3b00 [ 19.102066] which belongs to the cache kmalloc-128 of size 128 [ 19.102127] The buggy address is located 0 bytes inside of [ 19.102127] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.102217] [ 19.102238] The buggy address belongs to the physical page: [ 19.102271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.102327] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.103248] page_type: f5(slab) [ 19.103293] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.103346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.103397] page dumped because: kasan: bad access detected [ 19.103431] [ 19.103451] Memory state around the buggy address: [ 19.103484] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.103531] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.103577] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.103618] ^ [ 19.103662] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.103712] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.103754] ================================================================== [ 19.104023] ================================================================== [ 19.104072] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.104122] Write of size 1 at addr fff00000c58c3b78 by task kunit_try_catch/286 [ 19.104194] [ 19.104316] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.104407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.104434] Hardware name: linux,dummy-virt (DT) [ 19.104619] Call trace: [ 19.104931] show_stack+0x20/0x38 (C) [ 19.105233] dump_stack_lvl+0x8c/0xd0 [ 19.105576] print_report+0x118/0x5d0 [ 19.105671] kasan_report+0xdc/0x128 [ 19.105728] __asan_report_store1_noabort+0x20/0x30 [ 19.105788] strncpy_from_user+0x270/0x2a0 [ 19.105838] copy_user_test_oob+0x5c0/0xec8 [ 19.105888] kunit_try_run_case+0x170/0x3f0 [ 19.105944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.106000] kthread+0x328/0x630 [ 19.106045] ret_from_fork+0x10/0x20 [ 19.106343] [ 19.106462] Allocated by task 286: [ 19.106496] kasan_save_stack+0x3c/0x68 [ 19.108114] kasan_save_track+0x20/0x40 [ 19.108755] kasan_save_alloc_info+0x40/0x58 [ 19.109457] __kasan_kmalloc+0xd4/0xd8 [ 19.109878] __kmalloc_noprof+0x198/0x4c8 [ 19.110139] kunit_kmalloc_array+0x34/0x88 [ 19.110213] copy_user_test_oob+0xac/0xec8 [ 19.110461] kunit_try_run_case+0x170/0x3f0 [ 19.110514] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.110560] kthread+0x328/0x630 [ 19.110598] ret_from_fork+0x10/0x20 [ 19.110636] [ 19.111418] The buggy address belongs to the object at fff00000c58c3b00 [ 19.111418] which belongs to the cache kmalloc-128 of size 128 [ 19.111772] The buggy address is located 0 bytes to the right of [ 19.111772] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.112854] [ 19.112936] The buggy address belongs to the physical page: [ 19.113022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.113318] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.113556] page_type: f5(slab) [ 19.113651] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.113735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.113968] page dumped because: kasan: bad access detected [ 19.114308] [ 19.114331] Memory state around the buggy address: [ 19.114367] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.114420] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.114466] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.116116] ^ [ 19.116763] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.117110] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.117156] ==================================================================
[ 19.770846] ================================================================== [ 19.770922] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.770980] Write of size 1 at addr fff00000c5ae0b78 by task kunit_try_catch/286 [ 19.771038] [ 19.771071] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.771156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.771197] Hardware name: linux,dummy-virt (DT) [ 19.771230] Call trace: [ 19.771254] show_stack+0x20/0x38 (C) [ 19.771311] dump_stack_lvl+0x8c/0xd0 [ 19.771358] print_report+0x118/0x5d0 [ 19.773250] kasan_report+0xdc/0x128 [ 19.773526] __asan_report_store1_noabort+0x20/0x30 [ 19.774466] strncpy_from_user+0x270/0x2a0 [ 19.774605] copy_user_test_oob+0x5c0/0xec8 [ 19.774731] kunit_try_run_case+0x170/0x3f0 [ 19.775324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.775841] kthread+0x328/0x630 [ 19.775890] ret_from_fork+0x10/0x20 [ 19.776216] [ 19.776241] Allocated by task 286: [ 19.776883] kasan_save_stack+0x3c/0x68 [ 19.777467] kasan_save_track+0x20/0x40 [ 19.777867] kasan_save_alloc_info+0x40/0x58 [ 19.778468] __kasan_kmalloc+0xd4/0xd8 [ 19.778614] __kmalloc_noprof+0x198/0x4c8 [ 19.778659] kunit_kmalloc_array+0x34/0x88 [ 19.778699] copy_user_test_oob+0xac/0xec8 [ 19.778742] kunit_try_run_case+0x170/0x3f0 [ 19.778783] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.778830] kthread+0x328/0x630 [ 19.778866] ret_from_fork+0x10/0x20 [ 19.778903] [ 19.780437] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.780437] which belongs to the cache kmalloc-128 of size 128 [ 19.781229] The buggy address is located 0 bytes to the right of [ 19.781229] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.781828] [ 19.782128] The buggy address belongs to the physical page: [ 19.782451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.783134] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.783750] page_type: f5(slab) [ 19.783986] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.784173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.784516] page dumped because: kasan: bad access detected [ 19.785486] [ 19.785537] Memory state around the buggy address: [ 19.785578] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.785627] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.785678] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.785721] ^ [ 19.787168] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.787605] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.787652] ================================================================== [ 19.758713] ================================================================== [ 19.758925] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.759120] Write of size 121 at addr fff00000c5ae0b00 by task kunit_try_catch/286 [ 19.759190] [ 19.759225] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.759310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.759375] Hardware name: linux,dummy-virt (DT) [ 19.759446] Call trace: [ 19.759479] show_stack+0x20/0x38 (C) [ 19.759529] dump_stack_lvl+0x8c/0xd0 [ 19.759839] print_report+0x118/0x5d0 [ 19.759892] kasan_report+0xdc/0x128 [ 19.759996] kasan_check_range+0x100/0x1a8 [ 19.760049] __kasan_check_write+0x20/0x30 [ 19.760095] strncpy_from_user+0x3c/0x2a0 [ 19.760286] copy_user_test_oob+0x5c0/0xec8 [ 19.760345] kunit_try_run_case+0x170/0x3f0 [ 19.760450] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.760609] kthread+0x328/0x630 [ 19.760705] ret_from_fork+0x10/0x20 [ 19.760889] [ 19.760909] Allocated by task 286: [ 19.760940] kasan_save_stack+0x3c/0x68 [ 19.761136] kasan_save_track+0x20/0x40 [ 19.761270] kasan_save_alloc_info+0x40/0x58 [ 19.761315] __kasan_kmalloc+0xd4/0xd8 [ 19.761353] __kmalloc_noprof+0x198/0x4c8 [ 19.761393] kunit_kmalloc_array+0x34/0x88 [ 19.761435] copy_user_test_oob+0xac/0xec8 [ 19.761550] kunit_try_run_case+0x170/0x3f0 [ 19.761763] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.761849] kthread+0x328/0x630 [ 19.762215] ret_from_fork+0x10/0x20 [ 19.762347] [ 19.762408] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.762408] which belongs to the cache kmalloc-128 of size 128 [ 19.762502] The buggy address is located 0 bytes inside of [ 19.762502] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.763537] [ 19.763630] The buggy address belongs to the physical page: [ 19.763691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.763852] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.763903] page_type: f5(slab) [ 19.764075] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.764218] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.764395] page dumped because: kasan: bad access detected [ 19.764569] [ 19.764683] Memory state around the buggy address: [ 19.764832] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.764904] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.764961] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.765003] ^ [ 19.765090] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.765225] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.765493] ==================================================================
[ 16.729074] ================================================================== [ 16.729420] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.729819] Write of size 1 at addr ffff888103434a78 by task kunit_try_catch/303 [ 16.730107] [ 16.730221] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.730265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.730278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.730301] Call Trace: [ 16.730316] <TASK> [ 16.730333] dump_stack_lvl+0x73/0xb0 [ 16.730362] print_report+0xd1/0x610 [ 16.730386] ? __virt_addr_valid+0x1db/0x2d0 [ 16.730422] ? strncpy_from_user+0x1a5/0x1d0 [ 16.730448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.730484] ? strncpy_from_user+0x1a5/0x1d0 [ 16.730508] kasan_report+0x141/0x180 [ 16.730532] ? strncpy_from_user+0x1a5/0x1d0 [ 16.730561] __asan_report_store1_noabort+0x1b/0x30 [ 16.730588] strncpy_from_user+0x1a5/0x1d0 [ 16.730616] copy_user_test_oob+0x760/0x10f0 [ 16.730644] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.730669] ? finish_task_switch.isra.0+0x153/0x700 [ 16.730694] ? __switch_to+0x47/0xf50 [ 16.730722] ? __schedule+0x10cc/0x2b60 [ 16.730745] ? __pfx_read_tsc+0x10/0x10 [ 16.730768] ? ktime_get_ts64+0x86/0x230 [ 16.730794] kunit_try_run_case+0x1a5/0x480 [ 16.730820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.730844] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.730871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.730897] ? __kthread_parkme+0x82/0x180 [ 16.730920] ? preempt_count_sub+0x50/0x80 [ 16.730944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.730970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.730996] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.731024] kthread+0x337/0x6f0 [ 16.731045] ? trace_preempt_on+0x20/0xc0 [ 16.731071] ? __pfx_kthread+0x10/0x10 [ 16.731094] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.731117] ? calculate_sigpending+0x7b/0xa0 [ 16.731143] ? __pfx_kthread+0x10/0x10 [ 16.731166] ret_from_fork+0x116/0x1d0 [ 16.731186] ? __pfx_kthread+0x10/0x10 [ 16.731209] ret_from_fork_asm+0x1a/0x30 [ 16.731241] </TASK> [ 16.731252] [ 16.738442] Allocated by task 303: [ 16.738630] kasan_save_stack+0x45/0x70 [ 16.738829] kasan_save_track+0x18/0x40 [ 16.739024] kasan_save_alloc_info+0x3b/0x50 [ 16.739236] __kasan_kmalloc+0xb7/0xc0 [ 16.739429] __kmalloc_noprof+0x1c9/0x500 [ 16.739619] kunit_kmalloc_array+0x25/0x60 [ 16.739824] copy_user_test_oob+0xab/0x10f0 [ 16.739987] kunit_try_run_case+0x1a5/0x480 [ 16.740137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.740318] kthread+0x337/0x6f0 [ 16.740550] ret_from_fork+0x116/0x1d0 [ 16.740744] ret_from_fork_asm+0x1a/0x30 [ 16.740946] [ 16.741046] The buggy address belongs to the object at ffff888103434a00 [ 16.741046] which belongs to the cache kmalloc-128 of size 128 [ 16.741533] The buggy address is located 0 bytes to the right of [ 16.741533] allocated 120-byte region [ffff888103434a00, ffff888103434a78) [ 16.742031] [ 16.742128] The buggy address belongs to the physical page: [ 16.742345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103434 [ 16.742708] flags: 0x200000000000000(node=0|zone=2) [ 16.742951] page_type: f5(slab) [ 16.743091] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.743395] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.743694] page dumped because: kasan: bad access detected [ 16.743881] [ 16.743951] Memory state around the buggy address: [ 16.744107] ffff888103434900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.744332] ffff888103434980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.744754] >ffff888103434a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.745080] ^ [ 16.745390] ffff888103434a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.745726] ffff888103434b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.746010] ================================================================== [ 16.710679] ================================================================== [ 16.711038] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.711544] Write of size 121 at addr ffff888103434a00 by task kunit_try_catch/303 [ 16.711808] [ 16.711902] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.711948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.711961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.711985] Call Trace: [ 16.712005] <TASK> [ 16.712024] dump_stack_lvl+0x73/0xb0 [ 16.712055] print_report+0xd1/0x610 [ 16.712081] ? __virt_addr_valid+0x1db/0x2d0 [ 16.712107] ? strncpy_from_user+0x2e/0x1d0 [ 16.712132] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.712157] ? strncpy_from_user+0x2e/0x1d0 [ 16.712181] kasan_report+0x141/0x180 [ 16.712205] ? strncpy_from_user+0x2e/0x1d0 [ 16.712235] kasan_check_range+0x10c/0x1c0 [ 16.712259] __kasan_check_write+0x18/0x20 [ 16.712286] strncpy_from_user+0x2e/0x1d0 [ 16.712309] ? __kasan_check_read+0x15/0x20 [ 16.712333] copy_user_test_oob+0x760/0x10f0 [ 16.712361] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.712394] ? finish_task_switch.isra.0+0x153/0x700 [ 16.712419] ? __switch_to+0x47/0xf50 [ 16.712448] ? __schedule+0x10cc/0x2b60 [ 16.712482] ? __pfx_read_tsc+0x10/0x10 [ 16.712505] ? ktime_get_ts64+0x86/0x230 [ 16.712530] kunit_try_run_case+0x1a5/0x480 [ 16.712557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.712581] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.712607] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.712633] ? __kthread_parkme+0x82/0x180 [ 16.712655] ? preempt_count_sub+0x50/0x80 [ 16.712681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.712707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.712734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.712761] kthread+0x337/0x6f0 [ 16.712781] ? trace_preempt_on+0x20/0xc0 [ 16.712807] ? __pfx_kthread+0x10/0x10 [ 16.712829] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.712853] ? calculate_sigpending+0x7b/0xa0 [ 16.712880] ? __pfx_kthread+0x10/0x10 [ 16.712903] ret_from_fork+0x116/0x1d0 [ 16.712923] ? __pfx_kthread+0x10/0x10 [ 16.712944] ret_from_fork_asm+0x1a/0x30 [ 16.712978] </TASK> [ 16.712989] [ 16.721028] Allocated by task 303: [ 16.721182] kasan_save_stack+0x45/0x70 [ 16.721333] kasan_save_track+0x18/0x40 [ 16.721480] kasan_save_alloc_info+0x3b/0x50 [ 16.721632] __kasan_kmalloc+0xb7/0xc0 [ 16.721766] __kmalloc_noprof+0x1c9/0x500 [ 16.721907] kunit_kmalloc_array+0x25/0x60 [ 16.722054] copy_user_test_oob+0xab/0x10f0 [ 16.722203] kunit_try_run_case+0x1a5/0x480 [ 16.722529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.722787] kthread+0x337/0x6f0 [ 16.722956] ret_from_fork+0x116/0x1d0 [ 16.723141] ret_from_fork_asm+0x1a/0x30 [ 16.723337] [ 16.723431] The buggy address belongs to the object at ffff888103434a00 [ 16.723431] which belongs to the cache kmalloc-128 of size 128 [ 16.723851] The buggy address is located 0 bytes inside of [ 16.723851] allocated 120-byte region [ffff888103434a00, ffff888103434a78) [ 16.724207] [ 16.724278] The buggy address belongs to the physical page: [ 16.724464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103434 [ 16.724849] flags: 0x200000000000000(node=0|zone=2) [ 16.725091] page_type: f5(slab) [ 16.725264] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.725845] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.726185] page dumped because: kasan: bad access detected [ 16.726441] [ 16.726555] Memory state around the buggy address: [ 16.726780] ffff888103434900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.727051] ffff888103434980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.727266] >ffff888103434a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.727651] ^ [ 16.727968] ffff888103434a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.728287] ffff888103434b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.728563] ==================================================================
[ 17.087628] ================================================================== [ 17.088023] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 17.088318] Write of size 121 at addr ffff8881025b8100 by task kunit_try_catch/304 [ 17.088690] [ 17.088803] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.088847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.088860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.088883] Call Trace: [ 17.088901] <TASK> [ 17.088918] dump_stack_lvl+0x73/0xb0 [ 17.088947] print_report+0xd1/0x610 [ 17.088971] ? __virt_addr_valid+0x1db/0x2d0 [ 17.088996] ? strncpy_from_user+0x2e/0x1d0 [ 17.089021] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.089047] ? strncpy_from_user+0x2e/0x1d0 [ 17.089279] kasan_report+0x141/0x180 [ 17.089307] ? strncpy_from_user+0x2e/0x1d0 [ 17.089337] kasan_check_range+0x10c/0x1c0 [ 17.089362] __kasan_check_write+0x18/0x20 [ 17.089384] strncpy_from_user+0x2e/0x1d0 [ 17.089408] ? __kasan_check_read+0x15/0x20 [ 17.089431] copy_user_test_oob+0x760/0x10f0 [ 17.089460] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.089486] ? finish_task_switch.isra.0+0x153/0x700 [ 17.089512] ? __switch_to+0x47/0xf50 [ 17.089539] ? __schedule+0x10cc/0x2b60 [ 17.089563] ? __pfx_read_tsc+0x10/0x10 [ 17.089586] ? ktime_get_ts64+0x86/0x230 [ 17.089612] kunit_try_run_case+0x1a5/0x480 [ 17.089638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.089664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.089691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.089717] ? __kthread_parkme+0x82/0x180 [ 17.089738] ? preempt_count_sub+0x50/0x80 [ 17.089763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.089789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.089816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.089843] kthread+0x337/0x6f0 [ 17.089864] ? trace_preempt_on+0x20/0xc0 [ 17.089891] ? __pfx_kthread+0x10/0x10 [ 17.089913] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.089937] ? calculate_sigpending+0x7b/0xa0 [ 17.089962] ? __pfx_kthread+0x10/0x10 [ 17.089984] ret_from_fork+0x116/0x1d0 [ 17.090006] ? __pfx_kthread+0x10/0x10 [ 17.090028] ret_from_fork_asm+0x1a/0x30 [ 17.090243] </TASK> [ 17.090264] [ 17.102979] Allocated by task 304: [ 17.103520] kasan_save_stack+0x45/0x70 [ 17.103726] kasan_save_track+0x18/0x40 [ 17.103909] kasan_save_alloc_info+0x3b/0x50 [ 17.104383] __kasan_kmalloc+0xb7/0xc0 [ 17.104637] __kmalloc_noprof+0x1c9/0x500 [ 17.104987] kunit_kmalloc_array+0x25/0x60 [ 17.105456] copy_user_test_oob+0xab/0x10f0 [ 17.105836] kunit_try_run_case+0x1a5/0x480 [ 17.106035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.106522] kthread+0x337/0x6f0 [ 17.106700] ret_from_fork+0x116/0x1d0 [ 17.106883] ret_from_fork_asm+0x1a/0x30 [ 17.107079] [ 17.107536] The buggy address belongs to the object at ffff8881025b8100 [ 17.107536] which belongs to the cache kmalloc-128 of size 128 [ 17.108225] The buggy address is located 0 bytes inside of [ 17.108225] allocated 120-byte region [ffff8881025b8100, ffff8881025b8178) [ 17.108605] [ 17.108684] The buggy address belongs to the physical page: [ 17.108863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 17.109572] flags: 0x200000000000000(node=0|zone=2) [ 17.109925] page_type: f5(slab) [ 17.110063] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.110856] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.111576] page dumped because: kasan: bad access detected [ 17.111761] [ 17.111836] Memory state around the buggy address: [ 17.111994] ffff8881025b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.112408] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.112872] >ffff8881025b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.113316] ^ [ 17.113653] ffff8881025b8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.113996] ffff8881025b8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.114365] ================================================================== [ 17.115232] ================================================================== [ 17.115591] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 17.116551] Write of size 1 at addr ffff8881025b8178 by task kunit_try_catch/304 [ 17.117033] [ 17.117271] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.117321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.117336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.117357] Call Trace: [ 17.117376] <TASK> [ 17.117394] dump_stack_lvl+0x73/0xb0 [ 17.117425] print_report+0xd1/0x610 [ 17.117450] ? __virt_addr_valid+0x1db/0x2d0 [ 17.117475] ? strncpy_from_user+0x1a5/0x1d0 [ 17.117500] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.117526] ? strncpy_from_user+0x1a5/0x1d0 [ 17.117551] kasan_report+0x141/0x180 [ 17.117574] ? strncpy_from_user+0x1a5/0x1d0 [ 17.117603] __asan_report_store1_noabort+0x1b/0x30 [ 17.117630] strncpy_from_user+0x1a5/0x1d0 [ 17.117658] copy_user_test_oob+0x760/0x10f0 [ 17.117687] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.117712] ? finish_task_switch.isra.0+0x153/0x700 [ 17.117738] ? __switch_to+0x47/0xf50 [ 17.117764] ? __schedule+0x10cc/0x2b60 [ 17.117788] ? __pfx_read_tsc+0x10/0x10 [ 17.117811] ? ktime_get_ts64+0x86/0x230 [ 17.117837] kunit_try_run_case+0x1a5/0x480 [ 17.117863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.117889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.117915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.117941] ? __kthread_parkme+0x82/0x180 [ 17.117963] ? preempt_count_sub+0x50/0x80 [ 17.117988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.118014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.118041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.118080] kthread+0x337/0x6f0 [ 17.118101] ? trace_preempt_on+0x20/0xc0 [ 17.118127] ? __pfx_kthread+0x10/0x10 [ 17.118150] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.118173] ? calculate_sigpending+0x7b/0xa0 [ 17.118198] ? __pfx_kthread+0x10/0x10 [ 17.118221] ret_from_fork+0x116/0x1d0 [ 17.118242] ? __pfx_kthread+0x10/0x10 [ 17.118274] ret_from_fork_asm+0x1a/0x30 [ 17.118307] </TASK> [ 17.118319] [ 17.126517] Allocated by task 304: [ 17.126650] kasan_save_stack+0x45/0x70 [ 17.126964] kasan_save_track+0x18/0x40 [ 17.127223] kasan_save_alloc_info+0x3b/0x50 [ 17.127446] __kasan_kmalloc+0xb7/0xc0 [ 17.127814] __kmalloc_noprof+0x1c9/0x500 [ 17.127971] kunit_kmalloc_array+0x25/0x60 [ 17.128128] copy_user_test_oob+0xab/0x10f0 [ 17.128292] kunit_try_run_case+0x1a5/0x480 [ 17.128512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.128771] kthread+0x337/0x6f0 [ 17.128944] ret_from_fork+0x116/0x1d0 [ 17.129151] ret_from_fork_asm+0x1a/0x30 [ 17.129337] [ 17.129415] The buggy address belongs to the object at ffff8881025b8100 [ 17.129415] which belongs to the cache kmalloc-128 of size 128 [ 17.129882] The buggy address is located 0 bytes to the right of [ 17.129882] allocated 120-byte region [ffff8881025b8100, ffff8881025b8178) [ 17.130360] [ 17.130434] The buggy address belongs to the physical page: [ 17.130609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 17.130911] flags: 0x200000000000000(node=0|zone=2) [ 17.131156] page_type: f5(slab) [ 17.131326] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.131888] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.132312] page dumped because: kasan: bad access detected [ 17.132539] [ 17.132624] Memory state around the buggy address: [ 17.132810] ffff8881025b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.133082] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.133631] >ffff8881025b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.133928] ^ [ 17.134194] ffff8881025b8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.134514] ffff8881025b8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.134959] ==================================================================