Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.853182] ================================================================== [ 19.853299] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.853358] Write of size 121 at addr fff00000c780aa00 by task kunit_try_catch/285 [ 19.853414] [ 19.853445] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.854085] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.854345] Hardware name: linux,dummy-virt (DT) [ 19.854422] Call trace: [ 19.854446] show_stack+0x20/0x38 (C) [ 19.854545] dump_stack_lvl+0x8c/0xd0 [ 19.854595] print_report+0x118/0x5d0 [ 19.854648] kasan_report+0xdc/0x128 [ 19.854698] kasan_check_range+0x100/0x1a8 [ 19.854748] __kasan_check_write+0x20/0x30 [ 19.854796] strncpy_from_user+0x3c/0x2a0 [ 19.854845] copy_user_test_oob+0x5c0/0xec8 [ 19.854906] kunit_try_run_case+0x170/0x3f0 [ 19.854956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.855011] kthread+0x328/0x630 [ 19.855054] ret_from_fork+0x10/0x20 [ 19.855332] [ 19.855369] Allocated by task 285: [ 19.855402] kasan_save_stack+0x3c/0x68 [ 19.855457] kasan_save_track+0x20/0x40 [ 19.855498] kasan_save_alloc_info+0x40/0x58 [ 19.855540] __kasan_kmalloc+0xd4/0xd8 [ 19.855779] __kmalloc_noprof+0x198/0x4c8 [ 19.855840] kunit_kmalloc_array+0x34/0x88 [ 19.855881] copy_user_test_oob+0xac/0xec8 [ 19.855930] kunit_try_run_case+0x170/0x3f0 [ 19.855970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.856016] kthread+0x328/0x630 [ 19.856060] ret_from_fork+0x10/0x20 [ 19.856165] [ 19.856186] The buggy address belongs to the object at fff00000c780aa00 [ 19.856186] which belongs to the cache kmalloc-128 of size 128 [ 19.856254] The buggy address is located 0 bytes inside of [ 19.856254] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.856319] [ 19.856341] The buggy address belongs to the physical page: [ 19.856609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.856699] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.857036] page_type: f5(slab) [ 19.857083] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.857139] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.857228] page dumped because: kasan: bad access detected [ 19.857399] [ 19.857448] Memory state around the buggy address: [ 19.857484] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.857531] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.857649] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.857745] ^ [ 19.858087] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.858183] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.858226] ================================================================== [ 19.861470] ================================================================== [ 19.862182] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.862531] Write of size 1 at addr fff00000c780aa78 by task kunit_try_catch/285 [ 19.862588] [ 19.862772] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.863313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.863636] Hardware name: linux,dummy-virt (DT) [ 19.863835] Call trace: [ 19.864179] show_stack+0x20/0x38 (C) [ 19.864244] dump_stack_lvl+0x8c/0xd0 [ 19.864371] print_report+0x118/0x5d0 [ 19.864832] kasan_report+0xdc/0x128 [ 19.864891] __asan_report_store1_noabort+0x20/0x30 [ 19.865114] strncpy_from_user+0x270/0x2a0 [ 19.865565] copy_user_test_oob+0x5c0/0xec8 [ 19.865632] kunit_try_run_case+0x170/0x3f0 [ 19.865689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.865745] kthread+0x328/0x630 [ 19.866425] ret_from_fork+0x10/0x20 [ 19.866530] [ 19.866916] Allocated by task 285: [ 19.866957] kasan_save_stack+0x3c/0x68 [ 19.867009] kasan_save_track+0x20/0x40 [ 19.867194] kasan_save_alloc_info+0x40/0x58 [ 19.867249] __kasan_kmalloc+0xd4/0xd8 [ 19.867798] __kmalloc_noprof+0x198/0x4c8 [ 19.867857] kunit_kmalloc_array+0x34/0x88 [ 19.867914] copy_user_test_oob+0xac/0xec8 [ 19.867953] kunit_try_run_case+0x170/0x3f0 [ 19.867997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.868625] kthread+0x328/0x630 [ 19.868941] ret_from_fork+0x10/0x20 [ 19.869081] [ 19.869157] The buggy address belongs to the object at fff00000c780aa00 [ 19.869157] which belongs to the cache kmalloc-128 of size 128 [ 19.869237] The buggy address is located 0 bytes to the right of [ 19.869237] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.869894] [ 19.870026] The buggy address belongs to the physical page: [ 19.870114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.870203] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.870490] page_type: f5(slab) [ 19.870536] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.872126] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.872625] page dumped because: kasan: bad access detected [ 19.872675] [ 19.873084] Memory state around the buggy address: [ 19.873132] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.873181] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.873506] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.873551] ^ [ 19.873977] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874031] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874431] ==================================================================
[ 20.194086] ================================================================== [ 20.194143] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 20.194786] Write of size 1 at addr fff00000c5b3e278 by task kunit_try_catch/285 [ 20.194896] [ 20.194931] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.195019] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.195498] Hardware name: linux,dummy-virt (DT) [ 20.195654] Call trace: [ 20.195898] show_stack+0x20/0x38 (C) [ 20.196110] dump_stack_lvl+0x8c/0xd0 [ 20.196273] print_report+0x118/0x5d0 [ 20.196335] kasan_report+0xdc/0x128 [ 20.196563] __asan_report_store1_noabort+0x20/0x30 [ 20.196741] strncpy_from_user+0x270/0x2a0 [ 20.196801] copy_user_test_oob+0x5c0/0xec8 [ 20.196866] kunit_try_run_case+0x170/0x3f0 [ 20.197118] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.197515] kthread+0x328/0x630 [ 20.197745] ret_from_fork+0x10/0x20 [ 20.197980] [ 20.198202] Allocated by task 285: [ 20.198243] kasan_save_stack+0x3c/0x68 [ 20.198477] kasan_save_track+0x20/0x40 [ 20.198560] kasan_save_alloc_info+0x40/0x58 [ 20.198886] __kasan_kmalloc+0xd4/0xd8 [ 20.199205] __kmalloc_noprof+0x198/0x4c8 [ 20.199413] kunit_kmalloc_array+0x34/0x88 [ 20.199508] copy_user_test_oob+0xac/0xec8 [ 20.199562] kunit_try_run_case+0x170/0x3f0 [ 20.199821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.200058] kthread+0x328/0x630 [ 20.200127] ret_from_fork+0x10/0x20 [ 20.200496] [ 20.200750] The buggy address belongs to the object at fff00000c5b3e200 [ 20.200750] which belongs to the cache kmalloc-128 of size 128 [ 20.200913] The buggy address is located 0 bytes to the right of [ 20.200913] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.201641] [ 20.201805] The buggy address belongs to the physical page: [ 20.201873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.202045] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.202100] page_type: f5(slab) [ 20.202140] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.202550] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.202998] page dumped because: kasan: bad access detected [ 20.203282] [ 20.203478] Memory state around the buggy address: [ 20.203660] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.203742] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.204169] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.204455] ^ [ 20.204727] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.204789] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.205455] ================================================================== [ 20.184387] ================================================================== [ 20.185080] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 20.185246] Write of size 121 at addr fff00000c5b3e200 by task kunit_try_catch/285 [ 20.185316] [ 20.185348] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.185442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.185772] Hardware name: linux,dummy-virt (DT) [ 20.185999] Call trace: [ 20.186043] show_stack+0x20/0x38 (C) [ 20.186233] dump_stack_lvl+0x8c/0xd0 [ 20.186299] print_report+0x118/0x5d0 [ 20.186385] kasan_report+0xdc/0x128 [ 20.186445] kasan_check_range+0x100/0x1a8 [ 20.186502] __kasan_check_write+0x20/0x30 [ 20.186557] strncpy_from_user+0x3c/0x2a0 [ 20.186639] copy_user_test_oob+0x5c0/0xec8 [ 20.186701] kunit_try_run_case+0x170/0x3f0 [ 20.186766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.186822] kthread+0x328/0x630 [ 20.186882] ret_from_fork+0x10/0x20 [ 20.186939] [ 20.186961] Allocated by task 285: [ 20.186990] kasan_save_stack+0x3c/0x68 [ 20.187036] kasan_save_track+0x20/0x40 [ 20.187096] kasan_save_alloc_info+0x40/0x58 [ 20.187149] __kasan_kmalloc+0xd4/0xd8 [ 20.187199] __kmalloc_noprof+0x198/0x4c8 [ 20.187239] kunit_kmalloc_array+0x34/0x88 [ 20.187293] copy_user_test_oob+0xac/0xec8 [ 20.187333] kunit_try_run_case+0x170/0x3f0 [ 20.187373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.187419] kthread+0x328/0x630 [ 20.187465] ret_from_fork+0x10/0x20 [ 20.187511] [ 20.187539] The buggy address belongs to the object at fff00000c5b3e200 [ 20.187539] which belongs to the cache kmalloc-128 of size 128 [ 20.187599] The buggy address is located 0 bytes inside of [ 20.187599] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.188272] [ 20.188342] The buggy address belongs to the physical page: [ 20.188378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.188887] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.189034] page_type: f5(slab) [ 20.189706] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.189776] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.189822] page dumped because: kasan: bad access detected [ 20.189858] [ 20.189878] Memory state around the buggy address: [ 20.189921] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.189969] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.190769] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.190822] ^ [ 20.190906] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.190973] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.191530] ==================================================================
[ 16.803603] ================================================================== [ 16.803951] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.804555] Write of size 1 at addr ffff88810315a278 by task kunit_try_catch/303 [ 16.804896] [ 16.805032] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.805077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.805090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.805114] Call Trace: [ 16.805128] <TASK> [ 16.805144] dump_stack_lvl+0x73/0xb0 [ 16.805173] print_report+0xd1/0x610 [ 16.805197] ? __virt_addr_valid+0x1db/0x2d0 [ 16.805222] ? strncpy_from_user+0x1a5/0x1d0 [ 16.805246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.805270] ? strncpy_from_user+0x1a5/0x1d0 [ 16.805295] kasan_report+0x141/0x180 [ 16.805318] ? strncpy_from_user+0x1a5/0x1d0 [ 16.805349] __asan_report_store1_noabort+0x1b/0x30 [ 16.805406] strncpy_from_user+0x1a5/0x1d0 [ 16.805435] copy_user_test_oob+0x760/0x10f0 [ 16.805463] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.805486] ? finish_task_switch.isra.0+0x153/0x700 [ 16.805512] ? __switch_to+0x47/0xf50 [ 16.805541] ? __schedule+0x10c6/0x2b60 [ 16.805565] ? __pfx_read_tsc+0x10/0x10 [ 16.805605] ? ktime_get_ts64+0x86/0x230 [ 16.805632] kunit_try_run_case+0x1a5/0x480 [ 16.805658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.805682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.805708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.805732] ? __kthread_parkme+0x82/0x180 [ 16.805754] ? preempt_count_sub+0x50/0x80 [ 16.805779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.805805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.805830] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.805854] kthread+0x337/0x6f0 [ 16.805876] ? trace_preempt_on+0x20/0xc0 [ 16.805901] ? __pfx_kthread+0x10/0x10 [ 16.805924] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.805946] ? calculate_sigpending+0x7b/0xa0 [ 16.805971] ? __pfx_kthread+0x10/0x10 [ 16.805996] ret_from_fork+0x116/0x1d0 [ 16.806020] ? __pfx_kthread+0x10/0x10 [ 16.806043] ret_from_fork_asm+0x1a/0x30 [ 16.806078] </TASK> [ 16.806089] [ 16.813698] Allocated by task 303: [ 16.813854] kasan_save_stack+0x45/0x70 [ 16.813999] kasan_save_track+0x18/0x40 [ 16.814137] kasan_save_alloc_info+0x3b/0x50 [ 16.814288] __kasan_kmalloc+0xb7/0xc0 [ 16.814443] __kmalloc_noprof+0x1c9/0x500 [ 16.814643] kunit_kmalloc_array+0x25/0x60 [ 16.814884] copy_user_test_oob+0xab/0x10f0 [ 16.815094] kunit_try_run_case+0x1a5/0x480 [ 16.815291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.815481] kthread+0x337/0x6f0 [ 16.815607] ret_from_fork+0x116/0x1d0 [ 16.815742] ret_from_fork_asm+0x1a/0x30 [ 16.816086] [ 16.816185] The buggy address belongs to the object at ffff88810315a200 [ 16.816185] which belongs to the cache kmalloc-128 of size 128 [ 16.816758] The buggy address is located 0 bytes to the right of [ 16.816758] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.817224] [ 16.817303] The buggy address belongs to the physical page: [ 16.817612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.817975] flags: 0x200000000000000(node=0|zone=2) [ 16.818212] page_type: f5(slab) [ 16.818378] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.818750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.818983] page dumped because: kasan: bad access detected [ 16.819176] [ 16.819294] Memory state around the buggy address: [ 16.819533] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.820136] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.820453] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.820793] ^ [ 16.821097] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.821412] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.821741] ================================================================== [ 16.785330] ================================================================== [ 16.785760] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.786247] Write of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.786576] [ 16.786697] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.786771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.786786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.786809] Call Trace: [ 16.786827] <TASK> [ 16.786842] dump_stack_lvl+0x73/0xb0 [ 16.786872] print_report+0xd1/0x610 [ 16.786896] ? __virt_addr_valid+0x1db/0x2d0 [ 16.786919] ? strncpy_from_user+0x2e/0x1d0 [ 16.786944] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.786967] ? strncpy_from_user+0x2e/0x1d0 [ 16.786992] kasan_report+0x141/0x180 [ 16.787015] ? strncpy_from_user+0x2e/0x1d0 [ 16.787045] kasan_check_range+0x10c/0x1c0 [ 16.787070] __kasan_check_write+0x18/0x20 [ 16.787089] strncpy_from_user+0x2e/0x1d0 [ 16.787113] ? __kasan_check_read+0x15/0x20 [ 16.787135] copy_user_test_oob+0x760/0x10f0 [ 16.787163] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.787187] ? finish_task_switch.isra.0+0x153/0x700 [ 16.787211] ? __switch_to+0x47/0xf50 [ 16.787239] ? __schedule+0x10c6/0x2b60 [ 16.787263] ? __pfx_read_tsc+0x10/0x10 [ 16.787285] ? ktime_get_ts64+0x86/0x230 [ 16.787310] kunit_try_run_case+0x1a5/0x480 [ 16.787335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.787359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.787384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.787421] ? __kthread_parkme+0x82/0x180 [ 16.787462] ? preempt_count_sub+0x50/0x80 [ 16.787487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.787512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.787537] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.787562] kthread+0x337/0x6f0 [ 16.787584] ? trace_preempt_on+0x20/0xc0 [ 16.787619] ? __pfx_kthread+0x10/0x10 [ 16.787642] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.787664] ? calculate_sigpending+0x7b/0xa0 [ 16.787688] ? __pfx_kthread+0x10/0x10 [ 16.787711] ret_from_fork+0x116/0x1d0 [ 16.787730] ? __pfx_kthread+0x10/0x10 [ 16.787752] ret_from_fork_asm+0x1a/0x30 [ 16.787786] </TASK> [ 16.787797] [ 16.795317] Allocated by task 303: [ 16.795462] kasan_save_stack+0x45/0x70 [ 16.795656] kasan_save_track+0x18/0x40 [ 16.795861] kasan_save_alloc_info+0x3b/0x50 [ 16.796071] __kasan_kmalloc+0xb7/0xc0 [ 16.796282] __kmalloc_noprof+0x1c9/0x500 [ 16.796492] kunit_kmalloc_array+0x25/0x60 [ 16.796706] copy_user_test_oob+0xab/0x10f0 [ 16.796859] kunit_try_run_case+0x1a5/0x480 [ 16.797009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.797185] kthread+0x337/0x6f0 [ 16.797341] ret_from_fork+0x116/0x1d0 [ 16.797538] ret_from_fork_asm+0x1a/0x30 [ 16.797753] [ 16.797854] The buggy address belongs to the object at ffff88810315a200 [ 16.797854] which belongs to the cache kmalloc-128 of size 128 [ 16.798562] The buggy address is located 0 bytes inside of [ 16.798562] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.798926] [ 16.799002] The buggy address belongs to the physical page: [ 16.799177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.799706] flags: 0x200000000000000(node=0|zone=2) [ 16.799942] page_type: f5(slab) [ 16.800133] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.800498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.801040] page dumped because: kasan: bad access detected [ 16.801213] [ 16.801284] Memory state around the buggy address: [ 16.801448] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.801674] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.802004] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.802313] ^ [ 16.802674] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.802962] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.803173] ==================================================================
[ 16.895268] ================================================================== [ 16.895931] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.896334] Write of size 121 at addr ffff8881027bcb00 by task kunit_try_catch/303 [ 16.896948] [ 16.897213] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.897263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.897278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.897301] Call Trace: [ 16.897320] <TASK> [ 16.897338] dump_stack_lvl+0x73/0xb0 [ 16.897368] print_report+0xd1/0x610 [ 16.897392] ? __virt_addr_valid+0x1db/0x2d0 [ 16.897416] ? strncpy_from_user+0x2e/0x1d0 [ 16.897440] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.897464] ? strncpy_from_user+0x2e/0x1d0 [ 16.897488] kasan_report+0x141/0x180 [ 16.897511] ? strncpy_from_user+0x2e/0x1d0 [ 16.897538] kasan_check_range+0x10c/0x1c0 [ 16.897563] __kasan_check_write+0x18/0x20 [ 16.897585] strncpy_from_user+0x2e/0x1d0 [ 16.897608] ? __kasan_check_read+0x15/0x20 [ 16.897630] copy_user_test_oob+0x760/0x10f0 [ 16.897656] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.897679] ? finish_task_switch.isra.0+0x153/0x700 [ 16.897702] ? __switch_to+0x47/0xf50 [ 16.897728] ? __schedule+0x10c6/0x2b60 [ 16.897751] ? __pfx_read_tsc+0x10/0x10 [ 16.897773] ? ktime_get_ts64+0x86/0x230 [ 16.897798] kunit_try_run_case+0x1a5/0x480 [ 16.897824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.897847] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.897871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.897896] ? __kthread_parkme+0x82/0x180 [ 16.897918] ? preempt_count_sub+0x50/0x80 [ 16.897941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.897966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.897990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.898015] kthread+0x337/0x6f0 [ 16.898036] ? trace_preempt_on+0x20/0xc0 [ 16.898060] ? __pfx_kthread+0x10/0x10 [ 16.898082] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.898104] ? calculate_sigpending+0x7b/0xa0 [ 16.898129] ? __pfx_kthread+0x10/0x10 [ 16.898162] ret_from_fork+0x116/0x1d0 [ 16.898181] ? __pfx_kthread+0x10/0x10 [ 16.898202] ret_from_fork_asm+0x1a/0x30 [ 16.898234] </TASK> [ 16.898245] [ 16.908904] Allocated by task 303: [ 16.909199] kasan_save_stack+0x45/0x70 [ 16.909417] kasan_save_track+0x18/0x40 [ 16.909594] kasan_save_alloc_info+0x3b/0x50 [ 16.909804] __kasan_kmalloc+0xb7/0xc0 [ 16.909978] __kmalloc_noprof+0x1c9/0x500 [ 16.910171] kunit_kmalloc_array+0x25/0x60 [ 16.910691] copy_user_test_oob+0xab/0x10f0 [ 16.910967] kunit_try_run_case+0x1a5/0x480 [ 16.911274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.911704] kthread+0x337/0x6f0 [ 16.911843] ret_from_fork+0x116/0x1d0 [ 16.912175] ret_from_fork_asm+0x1a/0x30 [ 16.912481] [ 16.912581] The buggy address belongs to the object at ffff8881027bcb00 [ 16.912581] which belongs to the cache kmalloc-128 of size 128 [ 16.913190] The buggy address is located 0 bytes inside of [ 16.913190] allocated 120-byte region [ffff8881027bcb00, ffff8881027bcb78) [ 16.913860] [ 16.913942] The buggy address belongs to the physical page: [ 16.914270] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.914807] flags: 0x200000000000000(node=0|zone=2) [ 16.915103] page_type: f5(slab) [ 16.915248] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.915738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.916129] page dumped because: kasan: bad access detected [ 16.916534] [ 16.916636] Memory state around the buggy address: [ 16.916962] ffff8881027bca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.917359] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.917676] >ffff8881027bcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.917979] ^ [ 16.918296] ffff8881027bcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.918599] ffff8881027bcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.918906] ================================================================== [ 16.919999] ================================================================== [ 16.920598] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.920919] Write of size 1 at addr ffff8881027bcb78 by task kunit_try_catch/303 [ 16.921472] [ 16.921813] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.921863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.921877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.921900] Call Trace: [ 16.921916] <TASK> [ 16.921931] dump_stack_lvl+0x73/0xb0 [ 16.921960] print_report+0xd1/0x610 [ 16.921983] ? __virt_addr_valid+0x1db/0x2d0 [ 16.922006] ? strncpy_from_user+0x1a5/0x1d0 [ 16.922030] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.922053] ? strncpy_from_user+0x1a5/0x1d0 [ 16.922077] kasan_report+0x141/0x180 [ 16.922100] ? strncpy_from_user+0x1a5/0x1d0 [ 16.922128] __asan_report_store1_noabort+0x1b/0x30 [ 16.922166] strncpy_from_user+0x1a5/0x1d0 [ 16.922193] copy_user_test_oob+0x760/0x10f0 [ 16.922219] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.922243] ? finish_task_switch.isra.0+0x153/0x700 [ 16.922266] ? __switch_to+0x47/0xf50 [ 16.922292] ? __schedule+0x10c6/0x2b60 [ 16.922326] ? __pfx_read_tsc+0x10/0x10 [ 16.922348] ? ktime_get_ts64+0x86/0x230 [ 16.922372] kunit_try_run_case+0x1a5/0x480 [ 16.922397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.922421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.922445] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.922469] ? __kthread_parkme+0x82/0x180 [ 16.922490] ? preempt_count_sub+0x50/0x80 [ 16.922514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.922539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.922563] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.922589] kthread+0x337/0x6f0 [ 16.922608] ? trace_preempt_on+0x20/0xc0 [ 16.922633] ? __pfx_kthread+0x10/0x10 [ 16.922654] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.922676] ? calculate_sigpending+0x7b/0xa0 [ 16.922701] ? __pfx_kthread+0x10/0x10 [ 16.922723] ret_from_fork+0x116/0x1d0 [ 16.922741] ? __pfx_kthread+0x10/0x10 [ 16.922764] ret_from_fork_asm+0x1a/0x30 [ 16.922794] </TASK> [ 16.922806] [ 16.932985] Allocated by task 303: [ 16.933177] kasan_save_stack+0x45/0x70 [ 16.933453] kasan_save_track+0x18/0x40 [ 16.933719] kasan_save_alloc_info+0x3b/0x50 [ 16.934013] __kasan_kmalloc+0xb7/0xc0 [ 16.934346] __kmalloc_noprof+0x1c9/0x500 [ 16.934551] kunit_kmalloc_array+0x25/0x60 [ 16.934835] copy_user_test_oob+0xab/0x10f0 [ 16.935118] kunit_try_run_case+0x1a5/0x480 [ 16.935313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.935796] kthread+0x337/0x6f0 [ 16.936061] ret_from_fork+0x116/0x1d0 [ 16.936372] ret_from_fork_asm+0x1a/0x30 [ 16.936630] [ 16.936732] The buggy address belongs to the object at ffff8881027bcb00 [ 16.936732] which belongs to the cache kmalloc-128 of size 128 [ 16.937235] The buggy address is located 0 bytes to the right of [ 16.937235] allocated 120-byte region [ffff8881027bcb00, ffff8881027bcb78) [ 16.937974] [ 16.938223] The buggy address belongs to the physical page: [ 16.938589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.939032] flags: 0x200000000000000(node=0|zone=2) [ 16.939417] page_type: f5(slab) [ 16.939650] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.939973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.940322] page dumped because: kasan: bad access detected [ 16.940767] [ 16.940873] Memory state around the buggy address: [ 16.941232] ffff8881027bca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.941725] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.942110] >ffff8881027bcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.942656] ^ [ 16.943040] ffff8881027bcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.943474] ffff8881027bcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.943848] ==================================================================