Hay
Date
July 9, 2025, 1:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   32.617931] ==================================================================
[   32.617993] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0
[   32.618218] Write of size 1 at addr fff00000c9c2a378 by task kunit_try_catch/317
[   32.618287] 
[   32.618322] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.618411] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.618439] Hardware name: linux,dummy-virt (DT)
[   32.618606] Call trace:
[   32.618640]  show_stack+0x20/0x38 (C)
[   32.618774]  dump_stack_lvl+0x8c/0xd0
[   32.618838]  print_report+0x118/0x5d0
[   32.618885]  kasan_report+0xdc/0x128
[   32.619198]  __asan_report_store1_noabort+0x20/0x30
[   32.619404]  strncpy_from_user+0x270/0x2a0
[   32.619622]  copy_user_test_oob+0x5c0/0xec8
[   32.619799]  kunit_try_run_case+0x170/0x3f0
[   32.619977]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.620161]  kthread+0x328/0x630
[   32.620204]  ret_from_fork+0x10/0x20
[   32.620633] 
[   32.620689] Allocated by task 317:
[   32.620909]  kasan_save_stack+0x3c/0x68
[   32.621071]  kasan_save_track+0x20/0x40
[   32.621199]  kasan_save_alloc_info+0x40/0x58
[   32.621332]  __kasan_kmalloc+0xd4/0xd8
[   32.621551]  __kmalloc_noprof+0x198/0x4c8
[   32.621741]  kunit_kmalloc_array+0x34/0x88
[   32.621825]  copy_user_test_oob+0xac/0xec8
[   32.622175]  kunit_try_run_case+0x170/0x3f0
[   32.622254]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.622368]  kthread+0x328/0x630
[   32.622532]  ret_from_fork+0x10/0x20
[   32.622973] 
[   32.623035] The buggy address belongs to the object at fff00000c9c2a300
[   32.623035]  which belongs to the cache kmalloc-128 of size 128
[   32.623203] The buggy address is located 0 bytes to the right of
[   32.623203]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.623273] 
[   32.623296] The buggy address belongs to the physical page:
[   32.623665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.623902] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.624039] page_type: f5(slab)
[   32.624198] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.624305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.624350] page dumped because: kasan: bad access detected
[   32.624399] 
[   32.624434] Memory state around the buggy address:
[   32.624468]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.624675]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.624724] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.624765]                                                                 ^
[   32.624807]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.624852]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.625015] ==================================================================
[   32.608465] ==================================================================
[   32.608525] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0
[   32.608736] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317
[   32.608798] 
[   32.608855] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.609106] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.609395] Hardware name: linux,dummy-virt (DT)
[   32.609572] Call trace:
[   32.609608]  show_stack+0x20/0x38 (C)
[   32.609698]  dump_stack_lvl+0x8c/0xd0
[   32.609752]  print_report+0x118/0x5d0
[   32.609797]  kasan_report+0xdc/0x128
[   32.609876]  kasan_check_range+0x100/0x1a8
[   32.609952]  __kasan_check_write+0x20/0x30
[   32.610008]  strncpy_from_user+0x3c/0x2a0
[   32.610121]  copy_user_test_oob+0x5c0/0xec8
[   32.610172]  kunit_try_run_case+0x170/0x3f0
[   32.610460]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.610614]  kthread+0x328/0x630
[   32.610667]  ret_from_fork+0x10/0x20
[   32.610875] 
[   32.611003] Allocated by task 317:
[   32.611108]  kasan_save_stack+0x3c/0x68
[   32.611183]  kasan_save_track+0x20/0x40
[   32.611251]  kasan_save_alloc_info+0x40/0x58
[   32.611318]  __kasan_kmalloc+0xd4/0xd8
[   32.611656]  __kmalloc_noprof+0x198/0x4c8
[   32.611814]  kunit_kmalloc_array+0x34/0x88
[   32.612035]  copy_user_test_oob+0xac/0xec8
[   32.612103]  kunit_try_run_case+0x170/0x3f0
[   32.612323]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.612416]  kthread+0x328/0x630
[   32.612750]  ret_from_fork+0x10/0x20
[   32.612822] 
[   32.612942] The buggy address belongs to the object at fff00000c9c2a300
[   32.612942]  which belongs to the cache kmalloc-128 of size 128
[   32.613030] The buggy address is located 0 bytes inside of
[   32.613030]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.613352] 
[   32.613490] The buggy address belongs to the physical page:
[   32.613556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.613772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.614079] page_type: f5(slab)
[   32.614189] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.614282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.614600] page dumped because: kasan: bad access detected
[   32.614674] 
[   32.614722] Memory state around the buggy address:
[   32.615007]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.615084]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.615279] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.615438]                                                                 ^
[   32.615660]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.615822]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.616027] ==================================================================

[   28.174098] ==================================================================
[   28.174435] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0
[   28.174764] Write of size 1 at addr ffff8881060ac678 by task kunit_try_catch/335
[   28.175117] 
[   28.175206] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   28.175279] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   28.175294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.175317] Call Trace:
[   28.175336]  <TASK>
[   28.175356]  dump_stack_lvl+0x73/0xb0
[   28.175389]  print_report+0xd1/0x610
[   28.175412]  ? __virt_addr_valid+0x1db/0x2d0
[   28.175456]  ? strncpy_from_user+0x1a5/0x1d0
[   28.175480]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.175507]  ? strncpy_from_user+0x1a5/0x1d0
[   28.175532]  kasan_report+0x141/0x180
[   28.175555]  ? strncpy_from_user+0x1a5/0x1d0
[   28.175607]  __asan_report_store1_noabort+0x1b/0x30
[   28.175633]  strncpy_from_user+0x1a5/0x1d0
[   28.175659]  copy_user_test_oob+0x760/0x10f0
[   28.175686]  ? __pfx_copy_user_test_oob+0x10/0x10
[   28.175721]  ? finish_task_switch.isra.0+0x153/0x700
[   28.175745]  ? __switch_to+0x47/0xf80
[   28.175801]  ? __schedule+0x10cc/0x2b60
[   28.175830]  ? __pfx_read_tsc+0x10/0x10
[   28.175853]  ? ktime_get_ts64+0x86/0x230
[   28.175880]  kunit_try_run_case+0x1a5/0x480
[   28.175904]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.175925]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.175950]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.175975]  ? __kthread_parkme+0x82/0x180
[   28.175997]  ? preempt_count_sub+0x50/0x80
[   28.176021]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.176044]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.176070]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.176096]  kthread+0x337/0x6f0
[   28.176117]  ? trace_preempt_on+0x20/0xc0
[   28.176142]  ? __pfx_kthread+0x10/0x10
[   28.176164]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.176207]  ? calculate_sigpending+0x7b/0xa0
[   28.176233]  ? __pfx_kthread+0x10/0x10
[   28.176270]  ret_from_fork+0x116/0x1d0
[   28.176290]  ? __pfx_kthread+0x10/0x10
[   28.176326]  ret_from_fork_asm+0x1a/0x30
[   28.176384]  </TASK>
[   28.176396] 
[   28.183462] Allocated by task 335:
[   28.183651]  kasan_save_stack+0x45/0x70
[   28.183991]  kasan_save_track+0x18/0x40
[   28.184204]  kasan_save_alloc_info+0x3b/0x50
[   28.184400]  __kasan_kmalloc+0xb7/0xc0
[   28.184566]  __kmalloc_noprof+0x1c9/0x500
[   28.184807]  kunit_kmalloc_array+0x25/0x60
[   28.184968]  copy_user_test_oob+0xab/0x10f0
[   28.185189]  kunit_try_run_case+0x1a5/0x480
[   28.185360]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.185601]  kthread+0x337/0x6f0
[   28.185767]  ret_from_fork+0x116/0x1d0
[   28.185942]  ret_from_fork_asm+0x1a/0x30
[   28.186119] 
[   28.186210] The buggy address belongs to the object at ffff8881060ac600
[   28.186210]  which belongs to the cache kmalloc-128 of size 128
[   28.186673] The buggy address is located 0 bytes to the right of
[   28.186673]  allocated 120-byte region [ffff8881060ac600, ffff8881060ac678)
[   28.187286] 
[   28.187368] The buggy address belongs to the physical page:
[   28.187601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac
[   28.187969] flags: 0x200000000000000(node=0|zone=2)
[   28.188228] page_type: f5(slab)
[   28.188384] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   28.188712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.189197] page dumped because: kasan: bad access detected
[   28.189366] 
[   28.189453] Memory state around the buggy address:
[   28.189705]  ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.190055]  ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.190371] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   28.190675]                                                                 ^
[   28.191031]  ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.191391]  ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.191713] ==================================================================
[   28.155366] ==================================================================
[   28.155611] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0
[   28.156080] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335
[   28.156429] 
[   28.156557] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   28.156608] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   28.156622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.156645] Call Trace:
[   28.156662]  <TASK>
[   28.156679]  dump_stack_lvl+0x73/0xb0
[   28.156722]  print_report+0xd1/0x610
[   28.156745]  ? __virt_addr_valid+0x1db/0x2d0
[   28.156770]  ? strncpy_from_user+0x2e/0x1d0
[   28.156794]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.156821]  ? strncpy_from_user+0x2e/0x1d0
[   28.156846]  kasan_report+0x141/0x180
[   28.156868]  ? strncpy_from_user+0x2e/0x1d0
[   28.156897]  kasan_check_range+0x10c/0x1c0
[   28.156922]  __kasan_check_write+0x18/0x20
[   28.156979]  strncpy_from_user+0x2e/0x1d0
[   28.157003]  ? __kasan_check_read+0x15/0x20
[   28.157047]  copy_user_test_oob+0x760/0x10f0
[   28.157074]  ? __pfx_copy_user_test_oob+0x10/0x10
[   28.157097]  ? finish_task_switch.isra.0+0x153/0x700
[   28.157120]  ? __switch_to+0x47/0xf80
[   28.157148]  ? __schedule+0x10cc/0x2b60
[   28.157172]  ? __pfx_read_tsc+0x10/0x10
[   28.157194]  ? ktime_get_ts64+0x86/0x230
[   28.157237]  kunit_try_run_case+0x1a5/0x480
[   28.157260]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.157295]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.157320]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.157345]  ? __kthread_parkme+0x82/0x180
[   28.157367]  ? preempt_count_sub+0x50/0x80
[   28.157391]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.157414]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.157440]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.157467]  kthread+0x337/0x6f0
[   28.157487]  ? trace_preempt_on+0x20/0xc0
[   28.157511]  ? __pfx_kthread+0x10/0x10
[   28.157533]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.157557]  ? calculate_sigpending+0x7b/0xa0
[   28.157582]  ? __pfx_kthread+0x10/0x10
[   28.157605]  ret_from_fork+0x116/0x1d0
[   28.157625]  ? __pfx_kthread+0x10/0x10
[   28.157647]  ret_from_fork_asm+0x1a/0x30
[   28.157679]  </TASK>
[   28.157701] 
[   28.165543] Allocated by task 335:
[   28.165672]  kasan_save_stack+0x45/0x70
[   28.165822]  kasan_save_track+0x18/0x40
[   28.166018]  kasan_save_alloc_info+0x3b/0x50
[   28.166244]  __kasan_kmalloc+0xb7/0xc0
[   28.166452]  __kmalloc_noprof+0x1c9/0x500
[   28.166666]  kunit_kmalloc_array+0x25/0x60
[   28.167011]  copy_user_test_oob+0xab/0x10f0
[   28.167213]  kunit_try_run_case+0x1a5/0x480
[   28.167398]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.167595]  kthread+0x337/0x6f0
[   28.167787]  ret_from_fork+0x116/0x1d0
[   28.167984]  ret_from_fork_asm+0x1a/0x30
[   28.168173] 
[   28.168262] The buggy address belongs to the object at ffff8881060ac600
[   28.168262]  which belongs to the cache kmalloc-128 of size 128
[   28.168789] The buggy address is located 0 bytes inside of
[   28.168789]  allocated 120-byte region [ffff8881060ac600, ffff8881060ac678)
[   28.169293] 
[   28.169403] The buggy address belongs to the physical page:
[   28.169628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac
[   28.170011] flags: 0x200000000000000(node=0|zone=2)
[   28.170273] page_type: f5(slab)
[   28.170436] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   28.170884] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.171219] page dumped because: kasan: bad access detected
[   28.171446] 
[   28.171510] Memory state around the buggy address:
[   28.171658]  ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.172011]  ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.172328] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   28.172638]                                                                 ^
[   28.172928]  ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.173138]  ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.173443] ==================================================================