Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 66.610536] ================================================================== [ 66.617623] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 66.624476] Write of size 121 at addr ffff000800da9800 by task kunit_try_catch/329 [ 66.632027] [ 66.633510] CPU: 2 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 66.633558] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.633577] Hardware name: WinLink E850-96 board (DT) [ 66.633596] Call trace: [ 66.633607] show_stack+0x20/0x38 (C) [ 66.633640] dump_stack_lvl+0x8c/0xd0 [ 66.633677] print_report+0x118/0x608 [ 66.633711] kasan_report+0xdc/0x128 [ 66.633743] kasan_check_range+0x100/0x1a8 [ 66.633777] __kasan_check_write+0x20/0x30 [ 66.633806] strncpy_from_user+0x3c/0x2a0 [ 66.633839] copy_user_test_oob+0x5c0/0xec8 [ 66.633874] kunit_try_run_case+0x170/0x3f0 [ 66.633909] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.633950] kthread+0x328/0x630 [ 66.633976] ret_from_fork+0x10/0x20 [ 66.634008] [ 66.704595] Allocated by task 329: [ 66.707981] kasan_save_stack+0x3c/0x68 [ 66.711801] kasan_save_track+0x20/0x40 [ 66.715620] kasan_save_alloc_info+0x40/0x58 [ 66.719874] __kasan_kmalloc+0xd4/0xd8 [ 66.723606] __kmalloc_noprof+0x190/0x4d0 [ 66.727599] kunit_kmalloc_array+0x34/0x88 [ 66.731679] copy_user_test_oob+0xac/0xec8 [ 66.735759] kunit_try_run_case+0x170/0x3f0 [ 66.739925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.745394] kthread+0x328/0x630 [ 66.748606] ret_from_fork+0x10/0x20 [ 66.752165] [ 66.753640] The buggy address belongs to the object at ffff000800da9800 [ 66.753640] which belongs to the cache kmalloc-128 of size 128 [ 66.766140] The buggy address is located 0 bytes inside of [ 66.766140] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 66.778553] [ 66.780031] The buggy address belongs to the physical page: [ 66.785585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 66.793570] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.801211] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.808153] page_type: f5(slab) [ 66.811286] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.819010] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.826737] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.834548] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.842361] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 66.850173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.857979] page dumped because: kasan: bad access detected [ 66.863536] [ 66.865010] Memory state around the buggy address: [ 66.869790] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.876993] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.884197] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.891398] ^ [ 66.898520] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.905725] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.912926] ================================================================== [ 66.920336] ================================================================== [ 66.927341] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 66.934280] Write of size 1 at addr ffff000800da9878 by task kunit_try_catch/329 [ 66.941658] [ 66.943142] CPU: 2 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 66.943190] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.943209] Hardware name: WinLink E850-96 board (DT) [ 66.943229] Call trace: [ 66.943241] show_stack+0x20/0x38 (C) [ 66.943277] dump_stack_lvl+0x8c/0xd0 [ 66.943315] print_report+0x118/0x608 [ 66.943350] kasan_report+0xdc/0x128 [ 66.943384] __asan_report_store1_noabort+0x20/0x30 [ 66.943415] strncpy_from_user+0x270/0x2a0 [ 66.943444] copy_user_test_oob+0x5c0/0xec8 [ 66.943478] kunit_try_run_case+0x170/0x3f0 [ 66.943514] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.943554] kthread+0x328/0x630 [ 66.943580] ret_from_fork+0x10/0x20 [ 66.943614] [ 67.011015] Allocated by task 329: [ 67.014400] kasan_save_stack+0x3c/0x68 [ 67.018220] kasan_save_track+0x20/0x40 [ 67.022039] kasan_save_alloc_info+0x40/0x58 [ 67.026293] __kasan_kmalloc+0xd4/0xd8 [ 67.030025] __kmalloc_noprof+0x190/0x4d0 [ 67.034018] kunit_kmalloc_array+0x34/0x88 [ 67.038097] copy_user_test_oob+0xac/0xec8 [ 67.042177] kunit_try_run_case+0x170/0x3f0 [ 67.046345] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.051813] kthread+0x328/0x630 [ 67.055025] ret_from_fork+0x10/0x20 [ 67.058584] [ 67.060061] The buggy address belongs to the object at ffff000800da9800 [ 67.060061] which belongs to the cache kmalloc-128 of size 128 [ 67.072559] The buggy address is located 0 bytes to the right of [ 67.072559] allocated 120-byte region [ffff000800da9800, ffff000800da9878) [ 67.085493] [ 67.086970] The buggy address belongs to the physical page: [ 67.092527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880da8 [ 67.100511] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 67.108149] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 67.115093] page_type: f5(slab) [ 67.118229] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 67.125950] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 67.133677] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 67.141488] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 67.149301] head: 0bfffe0000000001 fffffdffe0036a01 00000000ffffffff 00000000ffffffff [ 67.157113] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 67.164919] page dumped because: kasan: bad access detected [ 67.170474] [ 67.171950] Memory state around the buggy address: [ 67.176730] ffff000800da9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.183932] ffff000800da9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.191137] >ffff000800da9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 67.198338] ^ [ 67.205460] ffff000800da9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.212665] ffff000800da9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.219866] ==================================================================
[ 30.088773] ================================================================== [ 30.089033] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 30.090696] Write of size 121 at addr fff00000c56e8f00 by task kunit_try_catch/286 [ 30.090840] [ 30.090973] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 30.091186] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.091550] Hardware name: linux,dummy-virt (DT) [ 30.091663] Call trace: [ 30.091739] show_stack+0x20/0x38 (C) [ 30.091869] dump_stack_lvl+0x8c/0xd0 [ 30.091992] print_report+0x118/0x608 [ 30.092117] kasan_report+0xdc/0x128 [ 30.092239] kasan_check_range+0x100/0x1a8 [ 30.093739] __kasan_check_write+0x20/0x30 [ 30.093942] strncpy_from_user+0x3c/0x2a0 [ 30.094077] copy_user_test_oob+0x5c0/0xec8 [ 30.094566] kunit_try_run_case+0x170/0x3f0 [ 30.094876] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.095016] kthread+0x328/0x630 [ 30.095131] ret_from_fork+0x10/0x20 [ 30.095241] [ 30.095286] Allocated by task 286: [ 30.095355] kasan_save_stack+0x3c/0x68 [ 30.095463] kasan_save_track+0x20/0x40 [ 30.095560] kasan_save_alloc_info+0x40/0x58 [ 30.095652] __kasan_kmalloc+0xd4/0xd8 [ 30.095764] __kmalloc_noprof+0x190/0x4d0 [ 30.095865] kunit_kmalloc_array+0x34/0x88 [ 30.095964] copy_user_test_oob+0xac/0xec8 [ 30.096062] kunit_try_run_case+0x170/0x3f0 [ 30.096162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.096359] kthread+0x328/0x630 [ 30.096668] ret_from_fork+0x10/0x20 [ 30.096788] [ 30.096842] The buggy address belongs to the object at fff00000c56e8f00 [ 30.096842] which belongs to the cache kmalloc-128 of size 128 [ 30.096981] The buggy address is located 0 bytes inside of [ 30.096981] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 30.097137] [ 30.097188] The buggy address belongs to the physical page: [ 30.097278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 30.098464] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.098778] page_type: f5(slab) [ 30.099117] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.099967] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.100121] page dumped because: kasan: bad access detected [ 30.100208] [ 30.100258] Memory state around the buggy address: [ 30.100344] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.100462] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.100573] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.101182] ^ [ 30.101664] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.101920] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.102461] ================================================================== [ 30.104744] ================================================================== [ 30.104853] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 30.104962] Write of size 1 at addr fff00000c56e8f78 by task kunit_try_catch/286 [ 30.105083] [ 30.105152] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 30.105379] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.105449] Hardware name: linux,dummy-virt (DT) [ 30.105522] Call trace: [ 30.105582] show_stack+0x20/0x38 (C) [ 30.105716] dump_stack_lvl+0x8c/0xd0 [ 30.105849] print_report+0x118/0x608 [ 30.107002] kasan_report+0xdc/0x128 [ 30.107432] __asan_report_store1_noabort+0x20/0x30 [ 30.107762] strncpy_from_user+0x270/0x2a0 [ 30.107894] copy_user_test_oob+0x5c0/0xec8 [ 30.108112] kunit_try_run_case+0x170/0x3f0 [ 30.108265] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.108402] kthread+0x328/0x630 [ 30.108533] ret_from_fork+0x10/0x20 [ 30.108760] [ 30.108817] Allocated by task 286: [ 30.108905] kasan_save_stack+0x3c/0x68 [ 30.109022] kasan_save_track+0x20/0x40 [ 30.109131] kasan_save_alloc_info+0x40/0x58 [ 30.109236] __kasan_kmalloc+0xd4/0xd8 [ 30.109395] __kmalloc_noprof+0x190/0x4d0 [ 30.109507] kunit_kmalloc_array+0x34/0x88 [ 30.109611] copy_user_test_oob+0xac/0xec8 [ 30.109767] kunit_try_run_case+0x170/0x3f0 [ 30.109936] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.110116] kthread+0x328/0x630 [ 30.110373] ret_from_fork+0x10/0x20 [ 30.110478] [ 30.110570] The buggy address belongs to the object at fff00000c56e8f00 [ 30.110570] which belongs to the cache kmalloc-128 of size 128 [ 30.110747] The buggy address is located 0 bytes to the right of [ 30.110747] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 30.110974] [ 30.111085] The buggy address belongs to the physical page: [ 30.111212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 30.111361] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.111496] page_type: f5(slab) [ 30.111672] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.111967] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.112359] page dumped because: kasan: bad access detected [ 30.112506] [ 30.112557] Memory state around the buggy address: [ 30.112659] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.112818] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.113130] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.113286] ^ [ 30.113390] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.113500] fff00000c56e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.113632] ==================================================================
[ 25.865559] ================================================================== [ 25.866131] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 25.867093] Write of size 121 at addr ffff8881022e0700 by task kunit_try_catch/302 [ 25.867775] [ 25.868418] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.868898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.868932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.868967] Call Trace: [ 25.868992] <TASK> [ 25.869018] dump_stack_lvl+0x73/0xb0 [ 25.869058] print_report+0xd1/0x650 [ 25.869096] ? __virt_addr_valid+0x1db/0x2d0 [ 25.869130] ? strncpy_from_user+0x2e/0x1d0 [ 25.869160] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.869195] ? strncpy_from_user+0x2e/0x1d0 [ 25.869225] kasan_report+0x141/0x180 [ 25.869259] ? strncpy_from_user+0x2e/0x1d0 [ 25.869295] kasan_check_range+0x10c/0x1c0 [ 25.869331] __kasan_check_write+0x18/0x20 [ 25.869361] strncpy_from_user+0x2e/0x1d0 [ 25.869394] copy_user_test_oob+0x760/0x10f0 [ 25.869426] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.869455] ? finish_task_switch.isra.0+0x153/0x700 [ 25.869489] ? __switch_to+0x47/0xf50 [ 25.869527] ? __schedule+0x10cc/0x2b60 [ 25.869620] ? __pfx_read_tsc+0x10/0x10 [ 25.869657] ? ktime_get_ts64+0x86/0x230 [ 25.869693] kunit_try_run_case+0x1a5/0x480 [ 25.869727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.869756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.869794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.869857] ? __kthread_parkme+0x82/0x180 [ 25.869892] ? preempt_count_sub+0x50/0x80 [ 25.869926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.869957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.869996] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.870035] kthread+0x337/0x6f0 [ 25.870065] ? trace_preempt_on+0x20/0xc0 [ 25.870098] ? __pfx_kthread+0x10/0x10 [ 25.870129] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.870163] ? calculate_sigpending+0x7b/0xa0 [ 25.870211] ? __pfx_kthread+0x10/0x10 [ 25.870246] ret_from_fork+0x116/0x1d0 [ 25.870273] ? __pfx_kthread+0x10/0x10 [ 25.870303] ret_from_fork_asm+0x1a/0x30 [ 25.870347] </TASK> [ 25.870364] [ 25.891619] Allocated by task 302: [ 25.892389] kasan_save_stack+0x45/0x70 [ 25.893052] kasan_save_track+0x18/0x40 [ 25.893404] kasan_save_alloc_info+0x3b/0x50 [ 25.893877] __kasan_kmalloc+0xb7/0xc0 [ 25.894814] __kmalloc_noprof+0x1c9/0x500 [ 25.895136] kunit_kmalloc_array+0x25/0x60 [ 25.895929] copy_user_test_oob+0xab/0x10f0 [ 25.896273] kunit_try_run_case+0x1a5/0x480 [ 25.896638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.897069] kthread+0x337/0x6f0 [ 25.897353] ret_from_fork+0x116/0x1d0 [ 25.898687] ret_from_fork_asm+0x1a/0x30 [ 25.899033] [ 25.899440] The buggy address belongs to the object at ffff8881022e0700 [ 25.899440] which belongs to the cache kmalloc-128 of size 128 [ 25.900747] The buggy address is located 0 bytes inside of [ 25.900747] allocated 120-byte region [ffff8881022e0700, ffff8881022e0778) [ 25.902375] [ 25.902569] The buggy address belongs to the physical page: [ 25.903250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e0 [ 25.903952] flags: 0x200000000000000(node=0|zone=2) [ 25.904150] page_type: f5(slab) [ 25.904297] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.904571] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.904856] page dumped because: kasan: bad access detected [ 25.905052] [ 25.905138] Memory state around the buggy address: [ 25.905311] ffff8881022e0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.905563] ffff8881022e0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.905816] >ffff8881022e0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.906326] ^ [ 25.906802] ffff8881022e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.907800] ffff8881022e0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.908862] ================================================================== [ 25.911070] ================================================================== [ 25.911632] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 25.912376] Write of size 1 at addr ffff8881022e0778 by task kunit_try_catch/302 [ 25.913598] [ 25.914287] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 25.914370] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.914418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.914488] Call Trace: [ 25.914548] <TASK> [ 25.914755] dump_stack_lvl+0x73/0xb0 [ 25.914803] print_report+0xd1/0x650 [ 25.914870] ? __virt_addr_valid+0x1db/0x2d0 [ 25.914907] ? strncpy_from_user+0x1a5/0x1d0 [ 25.914940] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.914977] ? strncpy_from_user+0x1a5/0x1d0 [ 25.915008] kasan_report+0x141/0x180 [ 25.915041] ? strncpy_from_user+0x1a5/0x1d0 [ 25.915079] __asan_report_store1_noabort+0x1b/0x30 [ 25.915110] strncpy_from_user+0x1a5/0x1d0 [ 25.915144] copy_user_test_oob+0x760/0x10f0 [ 25.915176] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.915204] ? finish_task_switch.isra.0+0x153/0x700 [ 25.915237] ? __switch_to+0x47/0xf50 [ 25.915275] ? __schedule+0x10cc/0x2b60 [ 25.915312] ? __pfx_read_tsc+0x10/0x10 [ 25.915344] ? ktime_get_ts64+0x86/0x230 [ 25.915380] kunit_try_run_case+0x1a5/0x480 [ 25.915411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.915441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.915477] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.915514] ? __kthread_parkme+0x82/0x180 [ 25.915557] ? preempt_count_sub+0x50/0x80 [ 25.915612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.915645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.915684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.915722] kthread+0x337/0x6f0 [ 25.915753] ? trace_preempt_on+0x20/0xc0 [ 25.915789] ? __pfx_kthread+0x10/0x10 [ 25.915839] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.915897] ? calculate_sigpending+0x7b/0xa0 [ 25.915934] ? __pfx_kthread+0x10/0x10 [ 25.915967] ret_from_fork+0x116/0x1d0 [ 25.915996] ? __pfx_kthread+0x10/0x10 [ 25.916061] ret_from_fork_asm+0x1a/0x30 [ 25.916119] </TASK> [ 25.916136] [ 25.932963] Allocated by task 302: [ 25.933440] kasan_save_stack+0x45/0x70 [ 25.934022] kasan_save_track+0x18/0x40 [ 25.934501] kasan_save_alloc_info+0x3b/0x50 [ 25.935086] __kasan_kmalloc+0xb7/0xc0 [ 25.935527] __kmalloc_noprof+0x1c9/0x500 [ 25.936091] kunit_kmalloc_array+0x25/0x60 [ 25.936644] copy_user_test_oob+0xab/0x10f0 [ 25.937136] kunit_try_run_case+0x1a5/0x480 [ 25.937661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.938229] kthread+0x337/0x6f0 [ 25.938719] ret_from_fork+0x116/0x1d0 [ 25.939224] ret_from_fork_asm+0x1a/0x30 [ 25.939780] [ 25.939993] The buggy address belongs to the object at ffff8881022e0700 [ 25.939993] which belongs to the cache kmalloc-128 of size 128 [ 25.941121] The buggy address is located 0 bytes to the right of [ 25.941121] allocated 120-byte region [ffff8881022e0700, ffff8881022e0778) [ 25.942335] [ 25.942615] The buggy address belongs to the physical page: [ 25.943271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e0 [ 25.944093] flags: 0x200000000000000(node=0|zone=2) [ 25.944490] page_type: f5(slab) [ 25.944813] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.945497] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.946183] page dumped because: kasan: bad access detected [ 25.946693] [ 25.946945] Memory state around the buggy address: [ 25.947372] ffff8881022e0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.947910] ffff8881022e0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.948368] >ffff8881022e0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.949017] ^ [ 25.949678] ffff8881022e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.951092] ffff8881022e0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.951595] ==================================================================
[ 92.975952] ================================================================== [ 92.983245] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x248/0x260 [ 92.990234] Write of size 1 at addr cc90cd78 by task kunit_try_catch/337 [ 92.996978] [ 92.998504] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 92.998535] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 92.998535] Hardware name: Generic DRA74X (Flattened Device Tree) [ 92.998535] Call trace: [ 92.998565] unwind_backtrace from show_stack+0x18/0x1c [ 92.998565] show_stack from dump_stack_lvl+0x70/0x90 [ 92.998596] dump_stack_lvl from print_report+0x158/0x528 [ 92.998626] print_report from kasan_report+0xdc/0x118 [ 92.998657] kasan_report from strncpy_from_user+0x248/0x260 [ 92.998687] strncpy_from_user from copy_user_test_oob+0x7a4/0x12b0 [ 92.998687] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 92.998718] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.998748] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 92.998779] kthread from ret_from_fork+0x14/0x20 [ 92.998809] Exception stack(0xf256bfb0 to 0xf256bff8) [ 92.998809] bfa0: 00000000 00000000 00000000 00000000 [ 92.998840] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 92.998840] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 92.998870] [ 93.110992] Allocated by task 337: [ 93.114410] kasan_save_track+0x30/0x5c [ 93.118286] __kasan_kmalloc+0x8c/0x94 [ 93.122039] __kmalloc_noprof+0x20c/0x488 [ 93.126098] kunit_kmalloc_array+0x28/0x60 [ 93.130218] copy_user_test_oob+0xac/0x12b0 [ 93.134429] kunit_try_run_case+0x22c/0x5a8 [ 93.138671] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 93.144195] kthread+0x464/0x810 [ 93.147460] ret_from_fork+0x14/0x20 [ 93.151062] [ 93.152557] The buggy address belongs to the object at cc90cd00 [ 93.152557] which belongs to the cache kmalloc-128 of size 128 [ 93.164459] The buggy address is located 0 bytes to the right of [ 93.164459] allocated 120-byte region [cc90cd00, cc90cd78) [ 93.176086] [ 93.177581] The buggy address belongs to the physical page: [ 93.183197] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 93.190460] flags: 0x0(zone=0) [ 93.193542] page_type: f5(slab) [ 93.196716] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 93.204864] raw: 00000000 [ 93.207489] page dumped because: kasan: bad access detected [ 93.213104] [ 93.214599] Memory state around the buggy address: [ 93.219421] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 93.226013] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.232574] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 93.239135] ^ [ 93.245635] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.252197] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.258758] ================================================================== [ 92.680206] ================================================================== [ 92.687469] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x20/0x260 [ 92.694427] Write of size 121 at addr cc90cd00 by task kunit_try_catch/337 [ 92.701324] [ 92.702850] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 92.702880] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 92.702880] Hardware name: Generic DRA74X (Flattened Device Tree) [ 92.702880] Call trace: [ 92.702911] unwind_backtrace from show_stack+0x18/0x1c [ 92.702911] show_stack from dump_stack_lvl+0x70/0x90 [ 92.702941] dump_stack_lvl from print_report+0x158/0x528 [ 92.702972] print_report from kasan_report+0xdc/0x118 [ 92.703002] kasan_report from kasan_check_range+0x14c/0x198 [ 92.703033] kasan_check_range from strncpy_from_user+0x20/0x260 [ 92.703033] strncpy_from_user from copy_user_test_oob+0x7a4/0x12b0 [ 92.703063] copy_user_test_oob from kunit_try_run_case+0x22c/0x5a8 [ 92.703094] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.703124] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 92.703155] kthread from ret_from_fork+0x14/0x20 [ 92.703186] Exception stack(0xf256bfb0 to 0xf256bff8) [ 92.703186] bfa0: 00000000 00000000 00000000 00000000 [ 92.703216] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 92.703216] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 92.703247] [ 92.821380] Allocated by task 337: [ 92.824829] kasan_save_track+0x30/0x5c [ 92.828674] __kasan_kmalloc+0x8c/0x94 [ 92.832458] __kmalloc_noprof+0x20c/0x488 [ 92.836486] kunit_kmalloc_array+0x28/0x60 [ 92.840637] copy_user_test_oob+0xac/0x12b0 [ 92.844848] kunit_try_run_case+0x22c/0x5a8 [ 92.849060] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 92.854583] kthread+0x464/0x810 [ 92.857849] ret_from_fork+0x14/0x20 [ 92.861450] [ 92.862945] The buggy address belongs to the object at cc90cd00 [ 92.862945] which belongs to the cache kmalloc-128 of size 128 [ 92.874847] The buggy address is located 0 bytes inside of [ 92.874847] allocated 120-byte region [cc90cd00, cc90cd78) [ 92.885955] [ 92.887481] The buggy address belongs to the physical page: [ 92.893066] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c90c [ 92.900360] flags: 0x0(zone=0) [ 92.903411] page_type: f5(slab) [ 92.906585] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 92.914733] raw: 00000000 [ 92.917358] page dumped because: kasan: bad access detected [ 92.922973] [ 92.924468] Memory state around the buggy address: [ 92.929290] cc90cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fc fc [ 92.935882] cc90cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.942443] >cc90cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 92.949005] ^ [ 92.955505] cc90cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.962066] cc90ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.968658] ==================================================================