Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.049884] ================================================================== [ 34.049952] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 34.050006] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.050061] [ 34.050092] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.050424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.050468] Hardware name: linux,dummy-virt (DT) [ 34.050500] Call trace: [ 34.050855] show_stack+0x20/0x38 (C) [ 34.051126] dump_stack_lvl+0x8c/0xd0 [ 34.051348] print_report+0x118/0x608 [ 34.051460] kasan_report+0xdc/0x128 [ 34.051596] kasan_check_range+0x100/0x1a8 [ 34.051647] __kasan_check_write+0x20/0x30 [ 34.052343] strncpy_from_user+0x3c/0x2a0 [ 34.052464] copy_user_test_oob+0x5c0/0xec8 [ 34.052515] kunit_try_run_case+0x170/0x3f0 [ 34.052569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.052638] kthread+0x328/0x630 [ 34.052729] ret_from_fork+0x10/0x20 [ 34.052806] [ 34.052831] Allocated by task 318: [ 34.052863] kasan_save_stack+0x3c/0x68 [ 34.052908] kasan_save_track+0x20/0x40 [ 34.052961] kasan_save_alloc_info+0x40/0x58 [ 34.053290] __kasan_kmalloc+0xd4/0xd8 [ 34.053869] __kmalloc_noprof+0x198/0x4c8 [ 34.053964] kunit_kmalloc_array+0x34/0x88 [ 34.054006] copy_user_test_oob+0xac/0xec8 [ 34.054060] kunit_try_run_case+0x170/0x3f0 [ 34.054102] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.054326] kthread+0x328/0x630 [ 34.054573] ret_from_fork+0x10/0x20 [ 34.054616] [ 34.054638] The buggy address belongs to the object at fff00000c8dc5900 [ 34.054638] which belongs to the cache kmalloc-128 of size 128 [ 34.054701] The buggy address is located 0 bytes inside of [ 34.054701] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.055053] [ 34.055143] The buggy address belongs to the physical page: [ 34.055178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.055236] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.055655] page_type: f5(slab) [ 34.055704] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.055759] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.055802] page dumped because: kasan: bad access detected [ 34.055837] [ 34.055858] Memory state around the buggy address: [ 34.055896] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.055984] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056031] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.056163] ^ [ 34.056213] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056650] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056891] ================================================================== [ 34.057809] ================================================================== [ 34.058005] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 34.058383] Write of size 1 at addr fff00000c8dc5978 by task kunit_try_catch/318 [ 34.058735] [ 34.058847] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.058997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.059027] Hardware name: linux,dummy-virt (DT) [ 34.059059] Call trace: [ 34.059085] show_stack+0x20/0x38 (C) [ 34.059179] dump_stack_lvl+0x8c/0xd0 [ 34.059453] print_report+0x118/0x608 [ 34.059504] kasan_report+0xdc/0x128 [ 34.059652] __asan_report_store1_noabort+0x20/0x30 [ 34.059938] strncpy_from_user+0x270/0x2a0 [ 34.060084] copy_user_test_oob+0x5c0/0xec8 [ 34.060145] kunit_try_run_case+0x170/0x3f0 [ 34.060210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.060321] kthread+0x328/0x630 [ 34.060367] ret_from_fork+0x10/0x20 [ 34.060416] [ 34.060437] Allocated by task 318: [ 34.060471] kasan_save_stack+0x3c/0x68 [ 34.060556] kasan_save_track+0x20/0x40 [ 34.060597] kasan_save_alloc_info+0x40/0x58 [ 34.060871] __kasan_kmalloc+0xd4/0xd8 [ 34.061113] __kmalloc_noprof+0x198/0x4c8 [ 34.061157] kunit_kmalloc_array+0x34/0x88 [ 34.061198] copy_user_test_oob+0xac/0xec8 [ 34.061240] kunit_try_run_case+0x170/0x3f0 [ 34.061282] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.061370] kthread+0x328/0x630 [ 34.061508] ret_from_fork+0x10/0x20 [ 34.061610] [ 34.061656] The buggy address belongs to the object at fff00000c8dc5900 [ 34.061656] which belongs to the cache kmalloc-128 of size 128 [ 34.061719] The buggy address is located 0 bytes to the right of [ 34.061719] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.061786] [ 34.061810] The buggy address belongs to the physical page: [ 34.061852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.061974] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.062024] page_type: f5(slab) [ 34.062090] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.062144] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.062188] page dumped because: kasan: bad access detected [ 34.062612] [ 34.062646] Memory state around the buggy address: [ 34.062682] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.062728] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.062771] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.062813] ^ [ 34.063406] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.063466] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.063509] ==================================================================
[ 35.561939] ================================================================== [ 35.561993] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 35.562058] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.562112] [ 35.562255] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.562385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.562435] Hardware name: linux,dummy-virt (DT) [ 35.562672] Call trace: [ 35.562711] show_stack+0x20/0x38 (C) [ 35.562793] dump_stack_lvl+0x8c/0xd0 [ 35.562846] print_report+0x118/0x608 [ 35.563062] kasan_report+0xdc/0x128 [ 35.563174] kasan_check_range+0x100/0x1a8 [ 35.563230] __kasan_check_write+0x20/0x30 [ 35.563298] strncpy_from_user+0x3c/0x2a0 [ 35.563354] copy_user_test_oob+0x5c0/0xec8 [ 35.563421] kunit_try_run_case+0x170/0x3f0 [ 35.563480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.563565] kthread+0x328/0x630 [ 35.563649] ret_from_fork+0x10/0x20 [ 35.563710] [ 35.563740] Allocated by task 316: [ 35.563771] kasan_save_stack+0x3c/0x68 [ 35.563817] kasan_save_track+0x20/0x40 [ 35.563872] kasan_save_alloc_info+0x40/0x58 [ 35.563912] __kasan_kmalloc+0xd4/0xd8 [ 35.563953] __kmalloc_noprof+0x198/0x4c8 [ 35.563993] kunit_kmalloc_array+0x34/0x88 [ 35.564045] copy_user_test_oob+0xac/0xec8 [ 35.564110] kunit_try_run_case+0x170/0x3f0 [ 35.564179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.564236] kthread+0x328/0x630 [ 35.564287] ret_from_fork+0x10/0x20 [ 35.564326] [ 35.564348] The buggy address belongs to the object at fff00000c988b100 [ 35.564348] which belongs to the cache kmalloc-128 of size 128 [ 35.564411] The buggy address is located 0 bytes inside of [ 35.564411] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.564478] [ 35.564500] The buggy address belongs to the physical page: [ 35.564533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.564593] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.564655] page_type: f5(slab) [ 35.564701] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.564765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.564817] page dumped because: kasan: bad access detected [ 35.564857] [ 35.564886] Memory state around the buggy address: [ 35.564921] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.564964] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.565009] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.565061] ^ [ 35.565111] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.565806] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.565868] ================================================================== [ 35.566147] ================================================================== [ 35.566465] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 35.566528] Write of size 1 at addr fff00000c988b178 by task kunit_try_catch/316 [ 35.566754] [ 35.566860] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.566963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.566996] Hardware name: linux,dummy-virt (DT) [ 35.567059] Call trace: [ 35.567084] show_stack+0x20/0x38 (C) [ 35.567152] dump_stack_lvl+0x8c/0xd0 [ 35.567221] print_report+0x118/0x608 [ 35.567277] kasan_report+0xdc/0x128 [ 35.567343] __asan_report_store1_noabort+0x20/0x30 [ 35.567415] strncpy_from_user+0x270/0x2a0 [ 35.567525] copy_user_test_oob+0x5c0/0xec8 [ 35.567649] kunit_try_run_case+0x170/0x3f0 [ 35.567739] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.567840] kthread+0x328/0x630 [ 35.567905] ret_from_fork+0x10/0x20 [ 35.567978] [ 35.568001] Allocated by task 316: [ 35.568032] kasan_save_stack+0x3c/0x68 [ 35.568074] kasan_save_track+0x20/0x40 [ 35.568114] kasan_save_alloc_info+0x40/0x58 [ 35.568167] __kasan_kmalloc+0xd4/0xd8 [ 35.568210] __kmalloc_noprof+0x198/0x4c8 [ 35.568420] kunit_kmalloc_array+0x34/0x88 [ 35.568486] copy_user_test_oob+0xac/0xec8 [ 35.568554] kunit_try_run_case+0x170/0x3f0 [ 35.568632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.568692] kthread+0x328/0x630 [ 35.568726] ret_from_fork+0x10/0x20 [ 35.568884] [ 35.568937] The buggy address belongs to the object at fff00000c988b100 [ 35.568937] which belongs to the cache kmalloc-128 of size 128 [ 35.569023] The buggy address is located 0 bytes to the right of [ 35.569023] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.569193] [ 35.569234] The buggy address belongs to the physical page: [ 35.569303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.569425] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.569512] page_type: f5(slab) [ 35.569552] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.569605] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.569851] page dumped because: kasan: bad access detected [ 35.569990] [ 35.570081] Memory state around the buggy address: [ 35.570151] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.570533] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.570621] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.570752] ^ [ 35.570815] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.570885] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.570997] ==================================================================
[ 27.073902] ================================================================== [ 27.074345] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 27.074694] Write of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.075248] [ 27.075353] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.075403] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.075417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.075441] Call Trace: [ 27.075457] <TASK> [ 27.075476] dump_stack_lvl+0x73/0xb0 [ 27.075702] print_report+0xd1/0x650 [ 27.075728] ? __virt_addr_valid+0x1db/0x2d0 [ 27.075751] ? strncpy_from_user+0x2e/0x1d0 [ 27.075775] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.075802] ? strncpy_from_user+0x2e/0x1d0 [ 27.075825] kasan_report+0x141/0x180 [ 27.075942] ? strncpy_from_user+0x2e/0x1d0 [ 27.075971] kasan_check_range+0x10c/0x1c0 [ 27.075996] __kasan_check_write+0x18/0x20 [ 27.076021] strncpy_from_user+0x2e/0x1d0 [ 27.076045] ? __kasan_check_read+0x15/0x20 [ 27.076071] copy_user_test_oob+0x760/0x10f0 [ 27.076097] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.076121] ? finish_task_switch.isra.0+0x153/0x700 [ 27.076143] ? __switch_to+0x47/0xf50 [ 27.076170] ? __schedule+0x10cc/0x2b60 [ 27.076193] ? __pfx_read_tsc+0x10/0x10 [ 27.076215] ? ktime_get_ts64+0x86/0x230 [ 27.076241] kunit_try_run_case+0x1a5/0x480 [ 27.076267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.076291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.076326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.076351] ? __kthread_parkme+0x82/0x180 [ 27.076372] ? preempt_count_sub+0x50/0x80 [ 27.076397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.076424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.076449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.076474] kthread+0x337/0x6f0 [ 27.076503] ? trace_preempt_on+0x20/0xc0 [ 27.076527] ? __pfx_kthread+0x10/0x10 [ 27.076549] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.076574] ? calculate_sigpending+0x7b/0xa0 [ 27.076598] ? __pfx_kthread+0x10/0x10 [ 27.076621] ret_from_fork+0x116/0x1d0 [ 27.076641] ? __pfx_kthread+0x10/0x10 [ 27.076663] ret_from_fork_asm+0x1a/0x30 [ 27.076694] </TASK> [ 27.076708] [ 27.086229] Allocated by task 333: [ 27.086405] kasan_save_stack+0x45/0x70 [ 27.086712] kasan_save_track+0x18/0x40 [ 27.087073] kasan_save_alloc_info+0x3b/0x50 [ 27.087275] __kasan_kmalloc+0xb7/0xc0 [ 27.087585] __kmalloc_noprof+0x1c9/0x500 [ 27.087858] kunit_kmalloc_array+0x25/0x60 [ 27.088037] copy_user_test_oob+0xab/0x10f0 [ 27.088212] kunit_try_run_case+0x1a5/0x480 [ 27.088430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.088945] kthread+0x337/0x6f0 [ 27.089128] ret_from_fork+0x116/0x1d0 [ 27.089382] ret_from_fork_asm+0x1a/0x30 [ 27.089593] [ 27.089674] The buggy address belongs to the object at ffff888105898a00 [ 27.089674] which belongs to the cache kmalloc-128 of size 128 [ 27.090375] The buggy address is located 0 bytes inside of [ 27.090375] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.091063] [ 27.091166] The buggy address belongs to the physical page: [ 27.091555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.091887] flags: 0x200000000000000(node=0|zone=2) [ 27.092098] page_type: f5(slab) [ 27.092250] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.092763] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.093143] page dumped because: kasan: bad access detected [ 27.093367] [ 27.093464] Memory state around the buggy address: [ 27.093873] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.094138] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.094561] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.094989] ^ [ 27.095267] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.095739] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.096047] ================================================================== [ 27.096555] ================================================================== [ 27.096829] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.097724] Write of size 1 at addr ffff888105898a78 by task kunit_try_catch/333 [ 27.098143] [ 27.098334] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.098494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.098511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.098533] Call Trace: [ 27.098548] <TASK> [ 27.098564] dump_stack_lvl+0x73/0xb0 [ 27.098593] print_report+0xd1/0x650 [ 27.098615] ? __virt_addr_valid+0x1db/0x2d0 [ 27.098638] ? strncpy_from_user+0x1a5/0x1d0 [ 27.098662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.098688] ? strncpy_from_user+0x1a5/0x1d0 [ 27.098712] kasan_report+0x141/0x180 [ 27.098735] ? strncpy_from_user+0x1a5/0x1d0 [ 27.098763] __asan_report_store1_noabort+0x1b/0x30 [ 27.098787] strncpy_from_user+0x1a5/0x1d0 [ 27.098813] copy_user_test_oob+0x760/0x10f0 [ 27.098840] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.098863] ? finish_task_switch.isra.0+0x153/0x700 [ 27.098886] ? __switch_to+0x47/0xf50 [ 27.098912] ? __schedule+0x10cc/0x2b60 [ 27.098935] ? __pfx_read_tsc+0x10/0x10 [ 27.098958] ? ktime_get_ts64+0x86/0x230 [ 27.098983] kunit_try_run_case+0x1a5/0x480 [ 27.099008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.099056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.099079] ? __kthread_parkme+0x82/0x180 [ 27.099101] ? preempt_count_sub+0x50/0x80 [ 27.099125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.099177] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.099203] kthread+0x337/0x6f0 [ 27.099224] ? trace_preempt_on+0x20/0xc0 [ 27.099248] ? __pfx_kthread+0x10/0x10 [ 27.099270] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.099295] ? calculate_sigpending+0x7b/0xa0 [ 27.099330] ? __pfx_kthread+0x10/0x10 [ 27.099352] ret_from_fork+0x116/0x1d0 [ 27.099372] ? __pfx_kthread+0x10/0x10 [ 27.099394] ret_from_fork_asm+0x1a/0x30 [ 27.099426] </TASK> [ 27.099438] [ 27.109351] Allocated by task 333: [ 27.109695] kasan_save_stack+0x45/0x70 [ 27.109899] kasan_save_track+0x18/0x40 [ 27.110067] kasan_save_alloc_info+0x3b/0x50 [ 27.110516] __kasan_kmalloc+0xb7/0xc0 [ 27.110778] __kmalloc_noprof+0x1c9/0x500 [ 27.110925] kunit_kmalloc_array+0x25/0x60 [ 27.111252] copy_user_test_oob+0xab/0x10f0 [ 27.111417] kunit_try_run_case+0x1a5/0x480 [ 27.111870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.112179] kthread+0x337/0x6f0 [ 27.112345] ret_from_fork+0x116/0x1d0 [ 27.112640] ret_from_fork_asm+0x1a/0x30 [ 27.112782] [ 27.112876] The buggy address belongs to the object at ffff888105898a00 [ 27.112876] which belongs to the cache kmalloc-128 of size 128 [ 27.113365] The buggy address is located 0 bytes to the right of [ 27.113365] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.114124] [ 27.114336] The buggy address belongs to the physical page: [ 27.114604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.115056] flags: 0x200000000000000(node=0|zone=2) [ 27.115347] page_type: f5(slab) [ 27.115544] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.115959] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.116360] page dumped because: kasan: bad access detected [ 27.116636] [ 27.116735] Memory state around the buggy address: [ 27.117111] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.117496] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.117883] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.118250] ^ [ 27.118636] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.119020] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.119284] ==================================================================
[ 27.293396] ================================================================== [ 27.294085] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 27.294781] Write of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.295474] [ 27.295660] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.295725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.295741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.295766] Call Trace: [ 27.295800] <TASK> [ 27.295823] dump_stack_lvl+0x73/0xb0 [ 27.295856] print_report+0xd1/0x650 [ 27.295881] ? __virt_addr_valid+0x1db/0x2d0 [ 27.295907] ? strncpy_from_user+0x2e/0x1d0 [ 27.295931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.295958] ? strncpy_from_user+0x2e/0x1d0 [ 27.295982] kasan_report+0x141/0x180 [ 27.296005] ? strncpy_from_user+0x2e/0x1d0 [ 27.296047] kasan_check_range+0x10c/0x1c0 [ 27.296082] __kasan_check_write+0x18/0x20 [ 27.296106] strncpy_from_user+0x2e/0x1d0 [ 27.296129] ? __kasan_check_read+0x15/0x20 [ 27.296155] copy_user_test_oob+0x760/0x10f0 [ 27.296182] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.296205] ? finish_task_switch.isra.0+0x153/0x700 [ 27.296230] ? __switch_to+0x47/0xf50 [ 27.296257] ? __schedule+0x10cc/0x2b60 [ 27.296280] ? __pfx_read_tsc+0x10/0x10 [ 27.296302] ? ktime_get_ts64+0x86/0x230 [ 27.296329] kunit_try_run_case+0x1a5/0x480 [ 27.296356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.296381] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.296403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.296427] ? __kthread_parkme+0x82/0x180 [ 27.296450] ? preempt_count_sub+0x50/0x80 [ 27.296475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.296501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.296527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.296553] kthread+0x337/0x6f0 [ 27.296575] ? trace_preempt_on+0x20/0xc0 [ 27.296599] ? __pfx_kthread+0x10/0x10 [ 27.296621] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.296647] ? calculate_sigpending+0x7b/0xa0 [ 27.296672] ? __pfx_kthread+0x10/0x10 [ 27.296695] ret_from_fork+0x116/0x1d0 [ 27.296716] ? __pfx_kthread+0x10/0x10 [ 27.296738] ret_from_fork_asm+0x1a/0x30 [ 27.296770] </TASK> [ 27.296783] [ 27.310362] Allocated by task 334: [ 27.310833] kasan_save_stack+0x45/0x70 [ 27.311335] kasan_save_track+0x18/0x40 [ 27.311619] kasan_save_alloc_info+0x3b/0x50 [ 27.311773] __kasan_kmalloc+0xb7/0xc0 [ 27.311895] __kmalloc_noprof+0x1c9/0x500 [ 27.312444] kunit_kmalloc_array+0x25/0x60 [ 27.312899] copy_user_test_oob+0xab/0x10f0 [ 27.313428] kunit_try_run_case+0x1a5/0x480 [ 27.313906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.314378] kthread+0x337/0x6f0 [ 27.314504] ret_from_fork+0x116/0x1d0 [ 27.314630] ret_from_fork_asm+0x1a/0x30 [ 27.314761] [ 27.314827] The buggy address belongs to the object at ffff88810255ef00 [ 27.314827] which belongs to the cache kmalloc-128 of size 128 [ 27.316092] The buggy address is located 0 bytes inside of [ 27.316092] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.316620] [ 27.316698] The buggy address belongs to the physical page: [ 27.316868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.317763] flags: 0x200000000000000(node=0|zone=2) [ 27.318342] page_type: f5(slab) [ 27.318732] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.319481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.320189] page dumped because: kasan: bad access detected [ 27.320672] [ 27.320746] Memory state around the buggy address: [ 27.320896] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.321672] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.322452] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.322809] ^ [ 27.323311] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.324018] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.324620] ================================================================== [ 27.325400] ================================================================== [ 27.325705] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.326161] Write of size 1 at addr ffff88810255ef78 by task kunit_try_catch/334 [ 27.326397] [ 27.326678] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.326743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.326758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.326783] Call Trace: [ 27.326807] <TASK> [ 27.326829] dump_stack_lvl+0x73/0xb0 [ 27.326861] print_report+0xd1/0x650 [ 27.326886] ? __virt_addr_valid+0x1db/0x2d0 [ 27.326912] ? strncpy_from_user+0x1a5/0x1d0 [ 27.327110] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.327142] ? strncpy_from_user+0x1a5/0x1d0 [ 27.327167] kasan_report+0x141/0x180 [ 27.327190] ? strncpy_from_user+0x1a5/0x1d0 [ 27.327219] __asan_report_store1_noabort+0x1b/0x30 [ 27.327245] strncpy_from_user+0x1a5/0x1d0 [ 27.327271] copy_user_test_oob+0x760/0x10f0 [ 27.327297] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.327321] ? finish_task_switch.isra.0+0x153/0x700 [ 27.327346] ? __switch_to+0x47/0xf50 [ 27.327374] ? __schedule+0x10cc/0x2b60 [ 27.327397] ? __pfx_read_tsc+0x10/0x10 [ 27.327420] ? ktime_get_ts64+0x86/0x230 [ 27.327447] kunit_try_run_case+0x1a5/0x480 [ 27.327473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.327499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.327522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.327545] ? __kthread_parkme+0x82/0x180 [ 27.327568] ? preempt_count_sub+0x50/0x80 [ 27.327591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.327617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.327642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.327669] kthread+0x337/0x6f0 [ 27.327690] ? trace_preempt_on+0x20/0xc0 [ 27.327716] ? __pfx_kthread+0x10/0x10 [ 27.327738] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.327763] ? calculate_sigpending+0x7b/0xa0 [ 27.327789] ? __pfx_kthread+0x10/0x10 [ 27.327812] ret_from_fork+0x116/0x1d0 [ 27.327833] ? __pfx_kthread+0x10/0x10 [ 27.327855] ret_from_fork_asm+0x1a/0x30 [ 27.327888] </TASK> [ 27.327903] [ 27.337725] Allocated by task 334: [ 27.338217] kasan_save_stack+0x45/0x70 [ 27.338487] kasan_save_track+0x18/0x40 [ 27.338673] kasan_save_alloc_info+0x3b/0x50 [ 27.338977] __kasan_kmalloc+0xb7/0xc0 [ 27.339257] __kmalloc_noprof+0x1c9/0x500 [ 27.339530] kunit_kmalloc_array+0x25/0x60 [ 27.339795] copy_user_test_oob+0xab/0x10f0 [ 27.339979] kunit_try_run_case+0x1a5/0x480 [ 27.340384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.340652] kthread+0x337/0x6f0 [ 27.340890] ret_from_fork+0x116/0x1d0 [ 27.341177] ret_from_fork_asm+0x1a/0x30 [ 27.341350] [ 27.341446] The buggy address belongs to the object at ffff88810255ef00 [ 27.341446] which belongs to the cache kmalloc-128 of size 128 [ 27.342238] The buggy address is located 0 bytes to the right of [ 27.342238] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.342713] [ 27.342884] The buggy address belongs to the physical page: [ 27.343174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.343636] flags: 0x200000000000000(node=0|zone=2) [ 27.343809] page_type: f5(slab) [ 27.344100] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.344552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.344864] page dumped because: kasan: bad access detected [ 27.345251] [ 27.345332] Memory state around the buggy address: [ 27.345521] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.345990] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.346322] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.347004] ^ [ 27.347280] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.347488] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.347688] ==================================================================