lkft/linux-next-master - next-20250626 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user

Date

June 26, 2025, 9:10 a.m.

Environment
dragonboard-845c
juno-r2
qemu-arm64
qemu-x86_64

[   78.929293] ==================================================================
[   78.936627] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0
[   78.943600] Write of size 121 at addr ffff00008039fd00 by task kunit_try_catch/371
[   78.951262] 
[   78.952798] CPU: 6 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   78.952830] Tainted: [B]=BAD_PAGE, [N]=TEST
[   78.952839] Hardware name: Thundercomm Dragonboard 845c (DT)
[   78.952851] Call trace:
[   78.952858]  show_stack+0x20/0x38 (C)
[   78.952877]  dump_stack_lvl+0x8c/0xd0
[   78.952897]  print_report+0x118/0x608
[   78.952915]  kasan_report+0xdc/0x128
[   78.952935]  kasan_check_range+0x100/0x1a8
[   78.952956]  __kasan_check_write+0x20/0x30
[   78.952971]  strncpy_from_user+0x3c/0x2a0
[   78.952988]  copy_user_test_oob+0x5c0/0xec8
[   78.953005]  kunit_try_run_case+0x170/0x3f0
[   78.953023]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   78.953043]  kthread+0x328/0x630
[   78.953056]  ret_from_fork+0x10/0x20
[   78.953073] 
[   79.026246] Allocated by task 371:
[   79.029699]  kasan_save_stack+0x3c/0x68
[   79.033607]  kasan_save_track+0x20/0x40
[   79.037512]  kasan_save_alloc_info+0x40/0x58
[   79.041847]  __kasan_kmalloc+0xd4/0xd8
[   79.045664]  __kmalloc_noprof+0x198/0x4c8
[   79.049741]  kunit_kmalloc_array+0x34/0x88
[   79.053904]  copy_user_test_oob+0xac/0xec8
[   79.058066]  kunit_try_run_case+0x170/0x3f0
[   79.062316]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   79.067877]  kthread+0x328/0x630
[   79.071163]  ret_from_fork+0x10/0x20
[   79.074793] 
[   79.076324] The buggy address belongs to the object at ffff00008039fd00
[   79.076324]  which belongs to the cache kmalloc-128 of size 128
[   79.088979] The buggy address is located 0 bytes inside of
[   79.088979]  allocated 120-byte region [ffff00008039fd00, ffff00008039fd78)
[   79.101549] 
[   79.103074] The buggy address belongs to the physical page:
[   79.108712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e
[   79.116813] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   79.124564] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   79.131611] page_type: f5(slab)
[   79.134812] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000
[   79.142655] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   79.150495] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000
[   79.158421] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   79.166347] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff
[   79.174272] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   79.182194] page dumped because: kasan: bad access detected
[   79.187834] 
[   79.189357] Memory state around the buggy address:
[   79.194208]  ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.201515]  ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.208821] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   79.216136]                                                                 ^
[   79.223354]  ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.230659]  ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.237974] ==================================================================
[   79.245580] ==================================================================
[   79.252913] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0
[   79.259973] Write of size 1 at addr ffff00008039fd78 by task kunit_try_catch/371
[   79.267474] 
[   79.269007] CPU: 1 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   79.269038] Tainted: [B]=BAD_PAGE, [N]=TEST
[   79.269047] Hardware name: Thundercomm Dragonboard 845c (DT)
[   79.269058] Call trace:
[   79.269065]  show_stack+0x20/0x38 (C)
[   79.269083]  dump_stack_lvl+0x8c/0xd0
[   79.269102]  print_report+0x118/0x608
[   79.269124]  kasan_report+0xdc/0x128
[   79.269145]  __asan_report_store1_noabort+0x20/0x30
[   79.269164]  strncpy_from_user+0x270/0x2a0
[   79.269183]  copy_user_test_oob+0x5c0/0xec8
[   79.269202]  kunit_try_run_case+0x170/0x3f0
[   79.269223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   79.269244]  kthread+0x328/0x630
[   79.269260]  ret_from_fork+0x10/0x20
[   79.269278] 
[   79.339217] Allocated by task 371:
[   79.342684]  kasan_save_stack+0x3c/0x68
[   79.346590]  kasan_save_track+0x20/0x40
[   79.350498]  kasan_save_alloc_info+0x40/0x58
[   79.354845]  __kasan_kmalloc+0xd4/0xd8
[   79.358662]  __kmalloc_noprof+0x198/0x4c8
[   79.362740]  kunit_kmalloc_array+0x34/0x88
[   79.366904]  copy_user_test_oob+0xac/0xec8
[   79.371068]  kunit_try_run_case+0x170/0x3f0
[   79.375329]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   79.380899]  kthread+0x328/0x630
[   79.384185]  ret_from_fork+0x10/0x20
[   79.387830] 
[   79.389359] The buggy address belongs to the object at ffff00008039fd00
[   79.389359]  which belongs to the cache kmalloc-128 of size 128
[   79.402021] The buggy address is located 0 bytes to the right of
[   79.402021]  allocated 120-byte region [ffff00008039fd00, ffff00008039fd78)
[   79.415128] 
[   79.416660] The buggy address belongs to the physical page:
[   79.422305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e
[   79.430410] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   79.438168] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   79.445225] page_type: f5(slab)
[   79.448425] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000
[   79.456275] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   79.464124] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000
[   79.472059] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   79.479993] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff
[   79.487927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   79.495857] page dumped because: kasan: bad access detected
[   79.501503] 
[   79.503034] Memory state around the buggy address:
[   79.507892]  ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.515209]  ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.522525] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   79.529839]                                                                 ^
[   79.537066]  ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.544383]  ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.551698] ==================================================================

Metadata Full log Test run details

[ 1525.470259] ==================================================================
[ 1525.470283] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0
[ 1525.470317] Write of size 121 at addr ffff000827f2f500 by task kunit_try_catch/356
[ 1525.470352] 
[ 1525.470367] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1525.470429] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1525.470449] Hardware name: ARM Juno development board (r2) (DT)
[ 1525.470471] Call trace:
[ 1525.470483]  show_stack+0x20/0x38 (C)
[ 1525.470520]  dump_stack_lvl+0x8c/0xd0
[ 1525.470560]  print_report+0x118/0x608
[ 1525.470601]  kasan_report+0xdc/0x128
[ 1525.470642]  kasan_check_range+0x100/0x1a8
[ 1525.470684]  __kasan_check_write+0x20/0x30
[ 1525.470721]  strncpy_from_user+0x3c/0x2a0
[ 1525.470758]  copy_user_test_oob+0x5c0/0xec8
[ 1525.470800]  kunit_try_run_case+0x170/0x3f0
[ 1525.470839]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1525.470885]  kthread+0x328/0x630
[ 1525.470917]  ret_from_fork+0x10/0x20
[ 1525.470955] 
[ 1525.470965] Allocated by task 356:
[ 1525.470983]  kasan_save_stack+0x3c/0x68
[ 1525.471017]  kasan_save_track+0x20/0x40
[ 1525.471050]  kasan_save_alloc_info+0x40/0x58
[ 1525.471079]  __kasan_kmalloc+0xd4/0xd8
[ 1525.471112]  __kmalloc_noprof+0x198/0x4c8
[ 1525.471145]  kunit_kmalloc_array+0x34/0x88
[ 1525.471177]  copy_user_test_oob+0xac/0xec8
[ 1525.471209]  kunit_try_run_case+0x170/0x3f0
[ 1525.471242]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1525.471280]  kthread+0x328/0x630
[ 1525.471304]  ret_from_fork+0x10/0x20
[ 1525.471335] 
[ 1525.471346] The buggy address belongs to the object at ffff000827f2f500
[ 1525.471346]  which belongs to the cache kmalloc-128 of size 128
[ 1525.471385] The buggy address is located 0 bytes inside of
[ 1525.471385]  allocated 120-byte region [ffff000827f2f500, ffff000827f2f578)
[ 1525.471430] 
[ 1525.471440] The buggy address belongs to the physical page:
[ 1525.471458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f
[ 1525.471493] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 1525.471525] page_type: f5(slab)
[ 1525.471552] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000
[ 1525.471588] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 1525.471615] page dumped because: kasan: bad access detected
[ 1525.471635] 
[ 1525.471644] Memory state around the buggy address:
[ 1525.471665]  ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1525.471695]  ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1525.471726] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 1525.471751]                                                                 ^
[ 1525.471779]  ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1525.471809]  ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1525.471835] ==================================================================
[ 1525.471864] ==================================================================
[ 1525.471886] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0
[ 1525.471920] Write of size 1 at addr ffff000827f2f578 by task kunit_try_catch/356
[ 1525.471955] 
[ 1525.471970] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1525.472031] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1525.472051] Hardware name: ARM Juno development board (r2) (DT)
[ 1525.472073] Call trace:
[ 1525.472085]  show_stack+0x20/0x38 (C)
[ 1525.472122]  dump_stack_lvl+0x8c/0xd0
[ 1525.472162]  print_report+0x118/0x608
[ 1525.472204]  kasan_report+0xdc/0x128
[ 1525.472244]  __asan_report_store1_noabort+0x20/0x30
[ 1525.472282]  strncpy_from_user+0x270/0x2a0
[ 1525.472320]  copy_user_test_oob+0x5c0/0xec8
[ 1525.472361]  kunit_try_run_case+0x170/0x3f0
[ 1525.472400]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1525.472447]  kthread+0x328/0x630
[ 1525.472479]  ret_from_fork+0x10/0x20
[ 1525.472516] 
[ 1525.472527] Allocated by task 356:
[ 1525.472545]  kasan_save_stack+0x3c/0x68
[ 1525.472579]  kasan_save_track+0x20/0x40
[ 1525.472612]  kasan_save_alloc_info+0x40/0x58
[ 1525.472641]  __kasan_kmalloc+0xd4/0xd8
[ 1525.472674]  __kmalloc_noprof+0x198/0x4c8
[ 1525.472707]  kunit_kmalloc_array+0x34/0x88
[ 1525.472738]  copy_user_test_oob+0xac/0xec8
[ 1525.472771]  kunit_try_run_case+0x170/0x3f0
[ 1525.472803]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1525.472841]  kthread+0x328/0x630
[ 1525.472865]  ret_from_fork+0x10/0x20
[ 1525.472896] 
[ 1525.472906] The buggy address belongs to the object at ffff000827f2f500
[ 1525.472906]  which belongs to the cache kmalloc-128 of size 128
[ 1525.472946] The buggy address is located 0 bytes to the right of
[ 1525.472946]  allocated 120-byte region [ffff000827f2f500, ffff000827f2f578)
[ 1525.472992] 
[ 1525.473002] The buggy address belongs to the physical page:
[ 1525.473021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f
[ 1525.473056] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 1525.473088] page_type: f5(slab)
[ 1525.473114] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000
[ 1525.473150] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 1525.473178] page dumped because: kasan: bad access detected
[ 1525.473197] 
[ 1525.473207] Memory state around the buggy address:
[ 1525.473228]  ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1525.473258]  ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1525.473289] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 1525.473314]                                                                 ^
[ 1525.473341]  ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1525.473372]  ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1525.473398] ==================================================================

Metadata Full log Test run details

[   30.089091] ==================================================================
[   30.089283] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0
[   30.089463] Write of size 121 at addr fff00000c5773e00 by task kunit_try_catch/297
[   30.089621] 
[   30.089661] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   30.089751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.089780] Hardware name: linux,dummy-virt (DT)
[   30.089841] Call trace:
[   30.089867]  show_stack+0x20/0x38 (C)
[   30.089918]  dump_stack_lvl+0x8c/0xd0
[   30.089995]  print_report+0x118/0x608
[   30.090046]  kasan_report+0xdc/0x128
[   30.090105]  kasan_check_range+0x100/0x1a8
[   30.090163]  __kasan_check_write+0x20/0x30
[   30.090210]  strncpy_from_user+0x3c/0x2a0
[   30.090258]  copy_user_test_oob+0x5c0/0xec8
[   30.090309]  kunit_try_run_case+0x170/0x3f0
[   30.090361]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.090425]  kthread+0x328/0x630
[   30.090471]  ret_from_fork+0x10/0x20
[   30.090530] 
[   30.090550] Allocated by task 297:
[   30.090579]  kasan_save_stack+0x3c/0x68
[   30.090632]  kasan_save_track+0x20/0x40
[   30.090679]  kasan_save_alloc_info+0x40/0x58
[   30.090716]  __kasan_kmalloc+0xd4/0xd8
[   30.090762]  __kmalloc_noprof+0x198/0x4c8
[   30.090810]  kunit_kmalloc_array+0x34/0x88
[   30.090859]  copy_user_test_oob+0xac/0xec8
[   30.090899]  kunit_try_run_case+0x170/0x3f0
[   30.090938]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.090984]  kthread+0x328/0x630
[   30.091017]  ret_from_fork+0x10/0x20
[   30.091366] 
[   30.091424] The buggy address belongs to the object at fff00000c5773e00
[   30.091424]  which belongs to the cache kmalloc-128 of size 128
[   30.091756] The buggy address is located 0 bytes inside of
[   30.091756]  allocated 120-byte region [fff00000c5773e00, fff00000c5773e78)
[   30.091864] 
[   30.091914] The buggy address belongs to the physical page:
[   30.092164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773
[   30.092240] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.092549] page_type: f5(slab)
[   30.092676] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   30.093017] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.093695] page dumped because: kasan: bad access detected
[   30.094150] 
[   30.094218] Memory state around the buggy address:
[   30.094255]  fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.094309]  fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.094512] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   30.094845]                                                                 ^
[   30.095159]  fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.095499]  fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.095585] ==================================================================
[   30.096977] ==================================================================
[   30.097155] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0
[   30.097217] Write of size 1 at addr fff00000c5773e78 by task kunit_try_catch/297
[   30.097270] 
[   30.097334] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   30.097454] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.097482] Hardware name: linux,dummy-virt (DT)
[   30.097514] Call trace:
[   30.097538]  show_stack+0x20/0x38 (C)
[   30.097588]  dump_stack_lvl+0x8c/0xd0
[   30.097635]  print_report+0x118/0x608
[   30.097684]  kasan_report+0xdc/0x128
[   30.097754]  __asan_report_store1_noabort+0x20/0x30
[   30.097814]  strncpy_from_user+0x270/0x2a0
[   30.097863]  copy_user_test_oob+0x5c0/0xec8
[   30.097920]  kunit_try_run_case+0x170/0x3f0
[   30.097970]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.098025]  kthread+0x328/0x630
[   30.098526]  ret_from_fork+0x10/0x20
[   30.098888] 
[   30.098925] Allocated by task 297:
[   30.098956]  kasan_save_stack+0x3c/0x68
[   30.099009]  kasan_save_track+0x20/0x40
[   30.099546]  kasan_save_alloc_info+0x40/0x58
[   30.099612]  __kasan_kmalloc+0xd4/0xd8
[   30.099844]  __kmalloc_noprof+0x198/0x4c8
[   30.099928]  kunit_kmalloc_array+0x34/0x88
[   30.099981]  copy_user_test_oob+0xac/0xec8
[   30.100034]  kunit_try_run_case+0x170/0x3f0
[   30.100246]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.100382]  kthread+0x328/0x630
[   30.100587]  ret_from_fork+0x10/0x20
[   30.100779] 
[   30.100969] The buggy address belongs to the object at fff00000c5773e00
[   30.100969]  which belongs to the cache kmalloc-128 of size 128
[   30.101094] The buggy address is located 0 bytes to the right of
[   30.101094]  allocated 120-byte region [fff00000c5773e00, fff00000c5773e78)
[   30.101344] 
[   30.101776] The buggy address belongs to the physical page:
[   30.101814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773
[   30.102209] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.102390] page_type: f5(slab)
[   30.102501] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   30.102653] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.102883] page dumped because: kasan: bad access detected
[   30.102990] 
[   30.103410] Memory state around the buggy address:
[   30.103812]  fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.104031]  fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.104183] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   30.104352]                                                                 ^
[   30.104443]  fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.104577]  fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.104781] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VBWOwNE7tln7ibBWNJtNgCdd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VBWOwNE7tln7ibBWNJtNgCdd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/Image.gz
sha256sum	42e36f6e4a060d5f9a1060b857a02a69294fe7d2a27b0731adb370bcbc85f1e6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/modules.tar.xz
sha256sum	890b3fa8e09fb90f169b09d75de24714d8b16adf2b500a29a27124602d4970e9

durations

tests

boot	0
kunit	167.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   26.204719] ==================================================================
[   26.205316] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0
[   26.205685] Write of size 1 at addr ffff8881024e1b78 by task kunit_try_catch/314
[   26.206028] 
[   26.206337] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   26.206396] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.206410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.206434] Call Trace:
[   26.206455]  <TASK>
[   26.206649]  dump_stack_lvl+0x73/0xb0
[   26.206686]  print_report+0xd1/0x650
[   26.206712]  ? __virt_addr_valid+0x1db/0x2d0
[   26.206738]  ? strncpy_from_user+0x1a5/0x1d0
[   26.206763]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.206791]  ? strncpy_from_user+0x1a5/0x1d0
[   26.206816]  kasan_report+0x141/0x180
[   26.206840]  ? strncpy_from_user+0x1a5/0x1d0
[   26.206868]  __asan_report_store1_noabort+0x1b/0x30
[   26.206892]  strncpy_from_user+0x1a5/0x1d0
[   26.206919]  copy_user_test_oob+0x760/0x10f0
[   26.206944]  ? __pfx_copy_user_test_oob+0x10/0x10
[   26.206969]  ? finish_task_switch.isra.0+0x153/0x700
[   26.206993]  ? __switch_to+0x47/0xf50
[   26.207021]  ? __schedule+0x10cc/0x2b60
[   26.207054]  ? __pfx_read_tsc+0x10/0x10
[   26.207077]  ? ktime_get_ts64+0x86/0x230
[   26.207103]  kunit_try_run_case+0x1a5/0x480
[   26.207129]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.207152]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.207178]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.207204]  ? __kthread_parkme+0x82/0x180
[   26.207235]  ? preempt_count_sub+0x50/0x80
[   26.207260]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.207285]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.207310]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.207333]  kthread+0x337/0x6f0
[   26.207354]  ? trace_preempt_on+0x20/0xc0
[   26.207378]  ? __pfx_kthread+0x10/0x10
[   26.207400]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.207424]  ? calculate_sigpending+0x7b/0xa0
[   26.207449]  ? __pfx_kthread+0x10/0x10
[   26.207471]  ret_from_fork+0x116/0x1d0
[   26.207491]  ? __pfx_kthread+0x10/0x10
[   26.207512]  ret_from_fork_asm+0x1a/0x30
[   26.207543]  </TASK>
[   26.207556] 
[   26.216526] Allocated by task 314:
[   26.216984]  kasan_save_stack+0x45/0x70
[   26.217187]  kasan_save_track+0x18/0x40
[   26.217393]  kasan_save_alloc_info+0x3b/0x50
[   26.217544]  __kasan_kmalloc+0xb7/0xc0
[   26.217749]  __kmalloc_noprof+0x1c9/0x500
[   26.217925]  kunit_kmalloc_array+0x25/0x60
[   26.218161]  copy_user_test_oob+0xab/0x10f0
[   26.218395]  kunit_try_run_case+0x1a5/0x480
[   26.218608]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.218846]  kthread+0x337/0x6f0
[   26.218960]  ret_from_fork+0x116/0x1d0
[   26.219105]  ret_from_fork_asm+0x1a/0x30
[   26.219344] 
[   26.219457] The buggy address belongs to the object at ffff8881024e1b00
[   26.219457]  which belongs to the cache kmalloc-128 of size 128
[   26.219982] The buggy address is located 0 bytes to the right of
[   26.219982]  allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78)
[   26.220530] 
[   26.220626] The buggy address belongs to the physical page:
[   26.220857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1
[   26.221125] flags: 0x200000000000000(node=0|zone=2)
[   26.221368] page_type: f5(slab)
[   26.221554] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.221927] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.222470] page dumped because: kasan: bad access detected
[   26.222642] 
[   26.222706] Memory state around the buggy address:
[   26.222852]  ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.223358]  ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.223676] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   26.223979]                                                                 ^
[   26.224370]  ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.224623]  ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.224838] ==================================================================
[   26.177695] ==================================================================
[   26.178344] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0
[   26.178781] Write of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314
[   26.179440] 
[   26.179771] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   26.179831] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.179846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.179873] Call Trace:
[   26.179897]  <TASK>
[   26.179919]  dump_stack_lvl+0x73/0xb0
[   26.179952]  print_report+0xd1/0x650
[   26.179977]  ? __virt_addr_valid+0x1db/0x2d0
[   26.180003]  ? strncpy_from_user+0x2e/0x1d0
[   26.180027]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.180054]  ? strncpy_from_user+0x2e/0x1d0
[   26.180079]  kasan_report+0x141/0x180
[   26.180102]  ? strncpy_from_user+0x2e/0x1d0
[   26.180131]  kasan_check_range+0x10c/0x1c0
[   26.180155]  __kasan_check_write+0x18/0x20
[   26.180179]  strncpy_from_user+0x2e/0x1d0
[   26.180202]  ? __kasan_check_read+0x15/0x20
[   26.180244]  copy_user_test_oob+0x760/0x10f0
[   26.180269]  ? __pfx_copy_user_test_oob+0x10/0x10
[   26.180292]  ? finish_task_switch.isra.0+0x153/0x700
[   26.180316]  ? __switch_to+0x47/0xf50
[   26.180343]  ? __schedule+0x10cc/0x2b60
[   26.180368]  ? __pfx_read_tsc+0x10/0x10
[   26.180391]  ? ktime_get_ts64+0x86/0x230
[   26.180418]  kunit_try_run_case+0x1a5/0x480
[   26.180443]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.180467]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.180493]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.180518]  ? __kthread_parkme+0x82/0x180
[   26.180540]  ? preempt_count_sub+0x50/0x80
[   26.180563]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.180588]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.180613]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.180638]  kthread+0x337/0x6f0
[   26.180659]  ? trace_preempt_on+0x20/0xc0
[   26.180683]  ? __pfx_kthread+0x10/0x10
[   26.180704]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.180728]  ? calculate_sigpending+0x7b/0xa0
[   26.180753]  ? __pfx_kthread+0x10/0x10
[   26.180775]  ret_from_fork+0x116/0x1d0
[   26.180795]  ? __pfx_kthread+0x10/0x10
[   26.180816]  ret_from_fork_asm+0x1a/0x30
[   26.180848]  </TASK>
[   26.180861] 
[   26.192716] Allocated by task 314:
[   26.192890]  kasan_save_stack+0x45/0x70
[   26.193140]  kasan_save_track+0x18/0x40
[   26.193339]  kasan_save_alloc_info+0x3b/0x50
[   26.193546]  __kasan_kmalloc+0xb7/0xc0
[   26.193726]  __kmalloc_noprof+0x1c9/0x500
[   26.193920]  kunit_kmalloc_array+0x25/0x60
[   26.194592]  copy_user_test_oob+0xab/0x10f0
[   26.194787]  kunit_try_run_case+0x1a5/0x480
[   26.195307]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.195703]  kthread+0x337/0x6f0
[   26.195970]  ret_from_fork+0x116/0x1d0
[   26.196366]  ret_from_fork_asm+0x1a/0x30
[   26.196623] 
[   26.196702] The buggy address belongs to the object at ffff8881024e1b00
[   26.196702]  which belongs to the cache kmalloc-128 of size 128
[   26.197565] The buggy address is located 0 bytes inside of
[   26.197565]  allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78)
[   26.198210] 
[   26.198305] The buggy address belongs to the physical page:
[   26.198706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1
[   26.199163] flags: 0x200000000000000(node=0|zone=2)
[   26.199511] page_type: f5(slab)
[   26.199774] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.200303] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.200729] page dumped because: kasan: bad access detected
[   26.201083] 
[   26.201300] Memory state around the buggy address:
[   26.201585]  ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.201893]  ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.202321] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   26.202716]                                                                 ^
[   26.203165]  ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.203603]  ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.203998] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VCWzEgPcUDHhhw0N7L6OuTsi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VCWzEgPcUDHhhw0N7L6OuTsi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/bzImage
sha256sum	af9e113be0609efaece1c192f6aceee5e71a8c7326695ad181171f155187f3ab

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/modules.tar.xz
sha256sum	eb3bf6ab4822a4ffbb4c6a0a8f2b0db2418a278c2192667f80b6a1aac6efaa14

durations

tests

boot	0
kunit	146.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - juno-r2 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit