Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.454251] ================================================================== [ 20.454336] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 20.454511] Write of size 121 at addr fff00000c78e9d00 by task kunit_try_catch/285 [ 20.454661] [ 20.454712] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.454801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.455102] Hardware name: linux,dummy-virt (DT) [ 20.455148] Call trace: [ 20.455174] show_stack+0x20/0x38 (C) [ 20.455236] dump_stack_lvl+0x8c/0xd0 [ 20.455287] print_report+0x118/0x5d0 [ 20.455337] kasan_report+0xdc/0x128 [ 20.455388] kasan_check_range+0x100/0x1a8 [ 20.455437] __kasan_check_write+0x20/0x30 [ 20.455527] strncpy_from_user+0x3c/0x2a0 [ 20.455582] copy_user_test_oob+0x5c0/0xec8 [ 20.455664] kunit_try_run_case+0x170/0x3f0 [ 20.455724] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.455791] kthread+0x328/0x630 [ 20.455836] ret_from_fork+0x10/0x20 [ 20.455900] [ 20.455921] Allocated by task 285: [ 20.455966] kasan_save_stack+0x3c/0x68 [ 20.456015] kasan_save_track+0x20/0x40 [ 20.456059] kasan_save_alloc_info+0x40/0x58 [ 20.456109] __kasan_kmalloc+0xd4/0xd8 [ 20.456154] __kmalloc_noprof+0x198/0x4c8 [ 20.456194] kunit_kmalloc_array+0x34/0x88 [ 20.456244] copy_user_test_oob+0xac/0xec8 [ 20.456283] kunit_try_run_case+0x170/0x3f0 [ 20.456323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.456368] kthread+0x328/0x630 [ 20.456402] ret_from_fork+0x10/0x20 [ 20.456440] [ 20.456461] The buggy address belongs to the object at fff00000c78e9d00 [ 20.456461] which belongs to the cache kmalloc-128 of size 128 [ 20.456522] The buggy address is located 0 bytes inside of [ 20.456522] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.456591] [ 20.456624] The buggy address belongs to the physical page: [ 20.456662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.456717] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.456773] page_type: f5(slab) [ 20.456822] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.457968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.458033] page dumped because: kasan: bad access detected [ 20.458089] [ 20.458110] Memory state around the buggy address: [ 20.458149] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.458618] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.459021] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.459207] ^ [ 20.459289] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.459736] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.459974] ================================================================== [ 20.466564] ================================================================== [ 20.466634] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 20.467362] Write of size 1 at addr fff00000c78e9d78 by task kunit_try_catch/285 [ 20.467532] [ 20.467641] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.467808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.467853] Hardware name: linux,dummy-virt (DT) [ 20.467901] Call trace: [ 20.468592] show_stack+0x20/0x38 (C) [ 20.468830] dump_stack_lvl+0x8c/0xd0 [ 20.469092] print_report+0x118/0x5d0 [ 20.469480] kasan_report+0xdc/0x128 [ 20.469634] __asan_report_store1_noabort+0x20/0x30 [ 20.469819] strncpy_from_user+0x270/0x2a0 [ 20.470191] copy_user_test_oob+0x5c0/0xec8 [ 20.470364] kunit_try_run_case+0x170/0x3f0 [ 20.470540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.470759] kthread+0x328/0x630 [ 20.471099] ret_from_fork+0x10/0x20 [ 20.471207] [ 20.471262] Allocated by task 285: [ 20.471501] kasan_save_stack+0x3c/0x68 [ 20.471665] kasan_save_track+0x20/0x40 [ 20.471712] kasan_save_alloc_info+0x40/0x58 [ 20.471755] __kasan_kmalloc+0xd4/0xd8 [ 20.471797] __kmalloc_noprof+0x198/0x4c8 [ 20.472048] kunit_kmalloc_array+0x34/0x88 [ 20.472250] copy_user_test_oob+0xac/0xec8 [ 20.472326] kunit_try_run_case+0x170/0x3f0 [ 20.472510] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.472722] kthread+0x328/0x630 [ 20.472797] ret_from_fork+0x10/0x20 [ 20.472953] [ 20.473063] The buggy address belongs to the object at fff00000c78e9d00 [ 20.473063] which belongs to the cache kmalloc-128 of size 128 [ 20.473495] The buggy address is located 0 bytes to the right of [ 20.473495] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.473602] [ 20.474034] The buggy address belongs to the physical page: [ 20.474124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.474241] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.474523] page_type: f5(slab) [ 20.474630] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.474869] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.475065] page dumped because: kasan: bad access detected [ 20.475264] [ 20.475389] Memory state around the buggy address: [ 20.475430] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.475501] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.475548] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.475919] ^ [ 20.476015] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.476258] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.476443] ==================================================================
[ 19.925687] ================================================================== [ 19.926083] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.926387] Write of size 1 at addr fff00000c7a4ee78 by task kunit_try_catch/285 [ 19.926450] [ 19.926484] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.926576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.926604] Hardware name: linux,dummy-virt (DT) [ 19.926638] Call trace: [ 19.927178] show_stack+0x20/0x38 (C) [ 19.927518] dump_stack_lvl+0x8c/0xd0 [ 19.927919] print_report+0x118/0x5d0 [ 19.928000] kasan_report+0xdc/0x128 [ 19.928068] __asan_report_store1_noabort+0x20/0x30 [ 19.928206] strncpy_from_user+0x270/0x2a0 [ 19.928269] copy_user_test_oob+0x5c0/0xec8 [ 19.928328] kunit_try_run_case+0x170/0x3f0 [ 19.928433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.928493] kthread+0x328/0x630 [ 19.928560] ret_from_fork+0x10/0x20 [ 19.929096] [ 19.929129] Allocated by task 285: [ 19.929163] kasan_save_stack+0x3c/0x68 [ 19.929221] kasan_save_track+0x20/0x40 [ 19.929508] kasan_save_alloc_info+0x40/0x58 [ 19.929766] __kasan_kmalloc+0xd4/0xd8 [ 19.929975] __kmalloc_noprof+0x198/0x4c8 [ 19.930199] kunit_kmalloc_array+0x34/0x88 [ 19.930412] copy_user_test_oob+0xac/0xec8 [ 19.930498] kunit_try_run_case+0x170/0x3f0 [ 19.930740] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.930932] kthread+0x328/0x630 [ 19.931273] ret_from_fork+0x10/0x20 [ 19.931479] [ 19.931515] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.931515] which belongs to the cache kmalloc-128 of size 128 [ 19.931616] The buggy address is located 0 bytes to the right of [ 19.931616] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.931751] [ 19.931776] The buggy address belongs to the physical page: [ 19.931827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.931885] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.931943] page_type: f5(slab) [ 19.931988] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.932042] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.932084] page dumped because: kasan: bad access detected [ 19.932119] [ 19.932148] Memory state around the buggy address: [ 19.932197] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.932245] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.932299] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.932362] ^ [ 19.932407] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.932452] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.933160] ================================================================== [ 19.915869] ================================================================== [ 19.915923] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.915984] Write of size 121 at addr fff00000c7a4ee00 by task kunit_try_catch/285 [ 19.916038] [ 19.916749] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.917062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.917238] Hardware name: linux,dummy-virt (DT) [ 19.917519] Call trace: [ 19.917958] show_stack+0x20/0x38 (C) [ 19.918042] dump_stack_lvl+0x8c/0xd0 [ 19.918203] print_report+0x118/0x5d0 [ 19.918315] kasan_report+0xdc/0x128 [ 19.918704] kasan_check_range+0x100/0x1a8 [ 19.918791] __kasan_check_write+0x20/0x30 [ 19.918938] strncpy_from_user+0x3c/0x2a0 [ 19.919331] copy_user_test_oob+0x5c0/0xec8 [ 19.919517] kunit_try_run_case+0x170/0x3f0 [ 19.919599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.919662] kthread+0x328/0x630 [ 19.919706] ret_from_fork+0x10/0x20 [ 19.919769] [ 19.919800] Allocated by task 285: [ 19.919841] kasan_save_stack+0x3c/0x68 [ 19.919886] kasan_save_track+0x20/0x40 [ 19.919926] kasan_save_alloc_info+0x40/0x58 [ 19.919967] __kasan_kmalloc+0xd4/0xd8 [ 19.920006] __kmalloc_noprof+0x198/0x4c8 [ 19.920054] kunit_kmalloc_array+0x34/0x88 [ 19.920102] copy_user_test_oob+0xac/0xec8 [ 19.920140] kunit_try_run_case+0x170/0x3f0 [ 19.920186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.920233] kthread+0x328/0x630 [ 19.920267] ret_from_fork+0x10/0x20 [ 19.920337] [ 19.920368] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.920368] which belongs to the cache kmalloc-128 of size 128 [ 19.920439] The buggy address is located 0 bytes inside of [ 19.920439] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.920823] [ 19.920857] The buggy address belongs to the physical page: [ 19.920978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.921168] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.921468] page_type: f5(slab) [ 19.921544] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.921862] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.922237] page dumped because: kasan: bad access detected [ 19.922306] [ 19.922553] Memory state around the buggy address: [ 19.922702] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.922846] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.923207] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.923393] ^ [ 19.923589] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.923812] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.923897] ==================================================================
[ 19.534225] ================================================================== [ 19.534294] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.534354] Write of size 121 at addr fff00000c7716c00 by task kunit_try_catch/285 [ 19.534409] [ 19.534441] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.534524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.534554] Hardware name: linux,dummy-virt (DT) [ 19.534586] Call trace: [ 19.534618] show_stack+0x20/0x38 (C) [ 19.534669] dump_stack_lvl+0x8c/0xd0 [ 19.534728] print_report+0x118/0x5d0 [ 19.534775] kasan_report+0xdc/0x128 [ 19.534824] kasan_check_range+0x100/0x1a8 [ 19.534874] __kasan_check_write+0x20/0x30 [ 19.534921] strncpy_from_user+0x3c/0x2a0 [ 19.534969] copy_user_test_oob+0x5c0/0xec8 [ 19.535018] kunit_try_run_case+0x170/0x3f0 [ 19.535068] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.535125] kthread+0x328/0x630 [ 19.535180] ret_from_fork+0x10/0x20 [ 19.535231] [ 19.535259] Allocated by task 285: [ 19.535298] kasan_save_stack+0x3c/0x68 [ 19.535340] kasan_save_track+0x20/0x40 [ 19.535381] kasan_save_alloc_info+0x40/0x58 [ 19.535422] __kasan_kmalloc+0xd4/0xd8 [ 19.535461] __kmalloc_noprof+0x198/0x4c8 [ 19.535500] kunit_kmalloc_array+0x34/0x88 [ 19.535545] copy_user_test_oob+0xac/0xec8 [ 19.535583] kunit_try_run_case+0x170/0x3f0 [ 19.535628] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.535678] kthread+0x328/0x630 [ 19.535722] ret_from_fork+0x10/0x20 [ 19.535760] [ 19.535781] The buggy address belongs to the object at fff00000c7716c00 [ 19.535781] which belongs to the cache kmalloc-128 of size 128 [ 19.536682] The buggy address is located 0 bytes inside of [ 19.536682] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.536786] [ 19.536895] The buggy address belongs to the physical page: [ 19.536940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.537021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.537088] page_type: f5(slab) [ 19.537571] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.537763] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.537932] page dumped because: kasan: bad access detected [ 19.538009] [ 19.538129] Memory state around the buggy address: [ 19.538168] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.538214] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.538550] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.538800] ^ [ 19.538853] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.538937] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.539033] ================================================================== [ 19.539919] ================================================================== [ 19.539973] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.540025] Write of size 1 at addr fff00000c7716c78 by task kunit_try_catch/285 [ 19.540078] [ 19.540389] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.541585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.541840] Hardware name: linux,dummy-virt (DT) [ 19.541944] Call trace: [ 19.541981] show_stack+0x20/0x38 (C) [ 19.542045] dump_stack_lvl+0x8c/0xd0 [ 19.542111] print_report+0x118/0x5d0 [ 19.542182] kasan_report+0xdc/0x128 [ 19.542239] __asan_report_store1_noabort+0x20/0x30 [ 19.542306] strncpy_from_user+0x270/0x2a0 [ 19.542365] copy_user_test_oob+0x5c0/0xec8 [ 19.542416] kunit_try_run_case+0x170/0x3f0 [ 19.542464] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.542518] kthread+0x328/0x630 [ 19.542816] ret_from_fork+0x10/0x20 [ 19.543101] [ 19.543241] Allocated by task 285: [ 19.543377] kasan_save_stack+0x3c/0x68 [ 19.543465] kasan_save_track+0x20/0x40 [ 19.543542] kasan_save_alloc_info+0x40/0x58 [ 19.543678] __kasan_kmalloc+0xd4/0xd8 [ 19.543731] __kmalloc_noprof+0x198/0x4c8 [ 19.543769] kunit_kmalloc_array+0x34/0x88 [ 19.543809] copy_user_test_oob+0xac/0xec8 [ 19.543847] kunit_try_run_case+0x170/0x3f0 [ 19.543890] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.543937] kthread+0x328/0x630 [ 19.544136] ret_from_fork+0x10/0x20 [ 19.544210] [ 19.544346] The buggy address belongs to the object at fff00000c7716c00 [ 19.544346] which belongs to the cache kmalloc-128 of size 128 [ 19.544418] The buggy address is located 0 bytes to the right of [ 19.544418] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.544738] [ 19.544778] The buggy address belongs to the physical page: [ 19.544920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.545019] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.545115] page_type: f5(slab) [ 19.545269] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.545330] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.545610] page dumped because: kasan: bad access detected [ 19.545749] [ 19.545795] Memory state around the buggy address: [ 19.545858] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.545916] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.546183] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.546268] ^ [ 19.546341] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.546631] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.546704] ==================================================================
[ 16.086692] ================================================================== [ 16.087137] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.087558] Write of size 121 at addr ffff888102ae1400 by task kunit_try_catch/303 [ 16.087856] [ 16.087943] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.087991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.088003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.088025] Call Trace: [ 16.088041] <TASK> [ 16.088057] dump_stack_lvl+0x73/0xb0 [ 16.088086] print_report+0xd1/0x610 [ 16.088110] ? __virt_addr_valid+0x1db/0x2d0 [ 16.088134] ? strncpy_from_user+0x2e/0x1d0 [ 16.088158] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.088182] ? strncpy_from_user+0x2e/0x1d0 [ 16.088206] kasan_report+0x141/0x180 [ 16.088230] ? strncpy_from_user+0x2e/0x1d0 [ 16.088293] kasan_check_range+0x10c/0x1c0 [ 16.088318] __kasan_check_write+0x18/0x20 [ 16.088367] strncpy_from_user+0x2e/0x1d0 [ 16.088414] ? __kasan_check_read+0x15/0x20 [ 16.088454] copy_user_test_oob+0x760/0x10f0 [ 16.088510] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.088562] ? finish_task_switch.isra.0+0x153/0x700 [ 16.088589] ? __switch_to+0x47/0xf50 [ 16.088643] ? __schedule+0x10cc/0x2b60 [ 16.088671] ? __pfx_read_tsc+0x10/0x10 [ 16.088697] ? ktime_get_ts64+0x86/0x230 [ 16.088734] kunit_try_run_case+0x1a5/0x480 [ 16.088760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.088785] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.088812] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.088838] ? __kthread_parkme+0x82/0x180 [ 16.088859] ? preempt_count_sub+0x50/0x80 [ 16.088884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.088910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.088935] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.088960] kthread+0x337/0x6f0 [ 16.089007] ? trace_preempt_on+0x20/0xc0 [ 16.089032] ? __pfx_kthread+0x10/0x10 [ 16.089056] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.089090] ? calculate_sigpending+0x7b/0xa0 [ 16.089116] ? __pfx_kthread+0x10/0x10 [ 16.089169] ret_from_fork+0x116/0x1d0 [ 16.089191] ? __pfx_kthread+0x10/0x10 [ 16.089211] ret_from_fork_asm+0x1a/0x30 [ 16.089256] </TASK> [ 16.089268] [ 16.097658] Allocated by task 303: [ 16.097805] kasan_save_stack+0x45/0x70 [ 16.098086] kasan_save_track+0x18/0x40 [ 16.098327] kasan_save_alloc_info+0x3b/0x50 [ 16.098576] __kasan_kmalloc+0xb7/0xc0 [ 16.098795] __kmalloc_noprof+0x1c9/0x500 [ 16.099009] kunit_kmalloc_array+0x25/0x60 [ 16.099228] copy_user_test_oob+0xab/0x10f0 [ 16.099463] kunit_try_run_case+0x1a5/0x480 [ 16.099708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.099973] kthread+0x337/0x6f0 [ 16.100093] ret_from_fork+0x116/0x1d0 [ 16.100224] ret_from_fork_asm+0x1a/0x30 [ 16.100360] [ 16.100430] The buggy address belongs to the object at ffff888102ae1400 [ 16.100430] which belongs to the cache kmalloc-128 of size 128 [ 16.100972] The buggy address is located 0 bytes inside of [ 16.100972] allocated 120-byte region [ffff888102ae1400, ffff888102ae1478) [ 16.101561] [ 16.101657] The buggy address belongs to the physical page: [ 16.101862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 16.102097] flags: 0x200000000000000(node=0|zone=2) [ 16.102327] page_type: f5(slab) [ 16.102551] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.102982] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.103340] page dumped because: kasan: bad access detected [ 16.103635] [ 16.103709] Memory state around the buggy address: [ 16.103874] ffff888102ae1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.104233] ffff888102ae1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.104564] >ffff888102ae1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.104886] ^ [ 16.105201] ffff888102ae1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.105543] ffff888102ae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.105859] ================================================================== [ 16.106574] ================================================================== [ 16.107028] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.107349] Write of size 1 at addr ffff888102ae1478 by task kunit_try_catch/303 [ 16.107672] [ 16.107825] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.107896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.107908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.107940] Call Trace: [ 16.107956] <TASK> [ 16.107971] dump_stack_lvl+0x73/0xb0 [ 16.107999] print_report+0xd1/0x610 [ 16.108041] ? __virt_addr_valid+0x1db/0x2d0 [ 16.108075] ? strncpy_from_user+0x1a5/0x1d0 [ 16.108098] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.108133] ? strncpy_from_user+0x1a5/0x1d0 [ 16.108158] kasan_report+0x141/0x180 [ 16.108206] ? strncpy_from_user+0x1a5/0x1d0 [ 16.108236] __asan_report_store1_noabort+0x1b/0x30 [ 16.108289] strncpy_from_user+0x1a5/0x1d0 [ 16.108316] copy_user_test_oob+0x760/0x10f0 [ 16.108344] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.108367] ? finish_task_switch.isra.0+0x153/0x700 [ 16.108391] ? __switch_to+0x47/0xf50 [ 16.108417] ? __schedule+0x10cc/0x2b60 [ 16.108479] ? __pfx_read_tsc+0x10/0x10 [ 16.108501] ? ktime_get_ts64+0x86/0x230 [ 16.108527] kunit_try_run_case+0x1a5/0x480 [ 16.108575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.108598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.108624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.108675] ? __kthread_parkme+0x82/0x180 [ 16.108697] ? preempt_count_sub+0x50/0x80 [ 16.108721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.108757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.108782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.108832] kthread+0x337/0x6f0 [ 16.108853] ? trace_preempt_on+0x20/0xc0 [ 16.108877] ? __pfx_kthread+0x10/0x10 [ 16.108909] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.108931] ? calculate_sigpending+0x7b/0xa0 [ 16.108981] ? __pfx_kthread+0x10/0x10 [ 16.109004] ret_from_fork+0x116/0x1d0 [ 16.109023] ? __pfx_kthread+0x10/0x10 [ 16.109054] ret_from_fork_asm+0x1a/0x30 [ 16.109088] </TASK> [ 16.109124] [ 16.118542] Allocated by task 303: [ 16.118695] kasan_save_stack+0x45/0x70 [ 16.119406] kasan_save_track+0x18/0x40 [ 16.119718] kasan_save_alloc_info+0x3b/0x50 [ 16.119869] __kasan_kmalloc+0xb7/0xc0 [ 16.120002] __kmalloc_noprof+0x1c9/0x500 [ 16.120141] kunit_kmalloc_array+0x25/0x60 [ 16.120282] copy_user_test_oob+0xab/0x10f0 [ 16.120426] kunit_try_run_case+0x1a5/0x480 [ 16.120641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.121212] kthread+0x337/0x6f0 [ 16.121589] ret_from_fork+0x116/0x1d0 [ 16.121971] ret_from_fork_asm+0x1a/0x30 [ 16.122365] [ 16.122593] The buggy address belongs to the object at ffff888102ae1400 [ 16.122593] which belongs to the cache kmalloc-128 of size 128 [ 16.123780] The buggy address is located 0 bytes to the right of [ 16.123780] allocated 120-byte region [ffff888102ae1400, ffff888102ae1478) [ 16.124912] [ 16.125075] The buggy address belongs to the physical page: [ 16.125664] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 16.126244] flags: 0x200000000000000(node=0|zone=2) [ 16.126403] page_type: f5(slab) [ 16.126553] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.127219] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.127905] page dumped because: kasan: bad access detected [ 16.128392] [ 16.128594] Memory state around the buggy address: [ 16.129025] ffff888102ae1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.129244] ffff888102ae1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.129465] >ffff888102ae1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.130028] ^ [ 16.130684] ffff888102ae1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.131296] ffff888102ae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.132134] ==================================================================
[ 16.582811] ================================================================== [ 16.583499] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.583932] Write of size 1 at addr ffff8881029c5778 by task kunit_try_catch/302 [ 16.584173] [ 16.584268] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.584317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.584330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.584354] Call Trace: [ 16.584375] <TASK> [ 16.584397] dump_stack_lvl+0x73/0xb0 [ 16.584427] print_report+0xd1/0x610 [ 16.584452] ? __virt_addr_valid+0x1db/0x2d0 [ 16.584477] ? strncpy_from_user+0x1a5/0x1d0 [ 16.584501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.584526] ? strncpy_from_user+0x1a5/0x1d0 [ 16.584550] kasan_report+0x141/0x180 [ 16.584573] ? strncpy_from_user+0x1a5/0x1d0 [ 16.584602] __asan_report_store1_noabort+0x1b/0x30 [ 16.584627] strncpy_from_user+0x1a5/0x1d0 [ 16.584654] copy_user_test_oob+0x760/0x10f0 [ 16.584682] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.584705] ? finish_task_switch.isra.0+0x153/0x700 [ 16.584729] ? __switch_to+0x47/0xf50 [ 16.584757] ? __schedule+0x10cc/0x2b60 [ 16.584780] ? __pfx_read_tsc+0x10/0x10 [ 16.584802] ? ktime_get_ts64+0x86/0x230 [ 16.584828] kunit_try_run_case+0x1a5/0x480 [ 16.584861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.584884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.584912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.584939] ? __kthread_parkme+0x82/0x180 [ 16.584965] ? preempt_count_sub+0x50/0x80 [ 16.584990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.585024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.585050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.585075] kthread+0x337/0x6f0 [ 16.585096] ? trace_preempt_on+0x20/0xc0 [ 16.585121] ? __pfx_kthread+0x10/0x10 [ 16.585143] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.585165] ? calculate_sigpending+0x7b/0xa0 [ 16.585191] ? __pfx_kthread+0x10/0x10 [ 16.585213] ret_from_fork+0x116/0x1d0 [ 16.585231] ? __pfx_kthread+0x10/0x10 [ 16.585252] ret_from_fork_asm+0x1a/0x30 [ 16.585285] </TASK> [ 16.585296] [ 16.592908] Allocated by task 302: [ 16.593063] kasan_save_stack+0x45/0x70 [ 16.593218] kasan_save_track+0x18/0x40 [ 16.593354] kasan_save_alloc_info+0x3b/0x50 [ 16.593532] __kasan_kmalloc+0xb7/0xc0 [ 16.593693] __kmalloc_noprof+0x1c9/0x500 [ 16.593898] kunit_kmalloc_array+0x25/0x60 [ 16.594115] copy_user_test_oob+0xab/0x10f0 [ 16.594323] kunit_try_run_case+0x1a5/0x480 [ 16.594557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.594814] kthread+0x337/0x6f0 [ 16.594987] ret_from_fork+0x116/0x1d0 [ 16.595185] ret_from_fork_asm+0x1a/0x30 [ 16.595380] [ 16.595503] The buggy address belongs to the object at ffff8881029c5700 [ 16.595503] which belongs to the cache kmalloc-128 of size 128 [ 16.596044] The buggy address is located 0 bytes to the right of [ 16.596044] allocated 120-byte region [ffff8881029c5700, ffff8881029c5778) [ 16.596628] [ 16.596731] The buggy address belongs to the physical page: [ 16.596976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 16.597229] flags: 0x200000000000000(node=0|zone=2) [ 16.597397] page_type: f5(slab) [ 16.597542] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.597774] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.598001] page dumped because: kasan: bad access detected [ 16.598256] [ 16.598348] Memory state around the buggy address: [ 16.598589] ffff8881029c5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.598905] ffff8881029c5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599225] >ffff8881029c5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.599560] ^ [ 16.599866] ffff8881029c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.600147] ffff8881029c5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.600362] ================================================================== [ 16.561855] ================================================================== [ 16.564407] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.564777] Write of size 121 at addr ffff8881029c5700 by task kunit_try_catch/302 [ 16.565721] [ 16.565855] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.565909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.565923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.565946] Call Trace: [ 16.565969] <TASK> [ 16.565991] dump_stack_lvl+0x73/0xb0 [ 16.566039] print_report+0xd1/0x610 [ 16.566064] ? __virt_addr_valid+0x1db/0x2d0 [ 16.566089] ? strncpy_from_user+0x2e/0x1d0 [ 16.566115] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.566139] ? strncpy_from_user+0x2e/0x1d0 [ 16.566164] kasan_report+0x141/0x180 [ 16.566187] ? strncpy_from_user+0x2e/0x1d0 [ 16.566217] kasan_check_range+0x10c/0x1c0 [ 16.566243] __kasan_check_write+0x18/0x20 [ 16.566262] strncpy_from_user+0x2e/0x1d0 [ 16.566286] ? __kasan_check_read+0x15/0x20 [ 16.566308] copy_user_test_oob+0x760/0x10f0 [ 16.566336] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.566361] ? finish_task_switch.isra.0+0x153/0x700 [ 16.566385] ? __switch_to+0x47/0xf50 [ 16.566412] ? __schedule+0x10cc/0x2b60 [ 16.566437] ? __pfx_read_tsc+0x10/0x10 [ 16.566460] ? ktime_get_ts64+0x86/0x230 [ 16.566485] kunit_try_run_case+0x1a5/0x480 [ 16.566511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.566535] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.566560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.566585] ? __kthread_parkme+0x82/0x180 [ 16.566607] ? preempt_count_sub+0x50/0x80 [ 16.566631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.566656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.566682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.566706] kthread+0x337/0x6f0 [ 16.566727] ? trace_preempt_on+0x20/0xc0 [ 16.566752] ? __pfx_kthread+0x10/0x10 [ 16.566774] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.566795] ? calculate_sigpending+0x7b/0xa0 [ 16.566820] ? __pfx_kthread+0x10/0x10 [ 16.566842] ret_from_fork+0x116/0x1d0 [ 16.566861] ? __pfx_kthread+0x10/0x10 [ 16.566881] ret_from_fork_asm+0x1a/0x30 [ 16.566914] </TASK> [ 16.566925] [ 16.574384] Allocated by task 302: [ 16.574598] kasan_save_stack+0x45/0x70 [ 16.574789] kasan_save_track+0x18/0x40 [ 16.574965] kasan_save_alloc_info+0x3b/0x50 [ 16.575160] __kasan_kmalloc+0xb7/0xc0 [ 16.575336] __kmalloc_noprof+0x1c9/0x500 [ 16.575556] kunit_kmalloc_array+0x25/0x60 [ 16.575741] copy_user_test_oob+0xab/0x10f0 [ 16.575917] kunit_try_run_case+0x1a5/0x480 [ 16.576123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.576330] kthread+0x337/0x6f0 [ 16.576539] ret_from_fork+0x116/0x1d0 [ 16.576705] ret_from_fork_asm+0x1a/0x30 [ 16.576884] [ 16.576959] The buggy address belongs to the object at ffff8881029c5700 [ 16.576959] which belongs to the cache kmalloc-128 of size 128 [ 16.577498] The buggy address is located 0 bytes inside of [ 16.577498] allocated 120-byte region [ffff8881029c5700, ffff8881029c5778) [ 16.577950] [ 16.578060] The buggy address belongs to the physical page: [ 16.578282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 16.578701] flags: 0x200000000000000(node=0|zone=2) [ 16.578893] page_type: f5(slab) [ 16.579073] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.579380] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.579689] page dumped because: kasan: bad access detected [ 16.579922] [ 16.580017] Memory state around the buggy address: [ 16.580227] ffff8881029c5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.580528] ffff8881029c5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.580748] >ffff8881029c5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.580970] ^ [ 16.581194] ffff8881029c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.581412] ffff8881029c5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.581725] ==================================================================
[ 16.275195] ================================================================== [ 16.275945] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.276650] Write of size 121 at addr ffff8881029b2200 by task kunit_try_catch/302 [ 16.277079] [ 16.277178] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.277221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.277233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.277255] Call Trace: [ 16.277269] <TASK> [ 16.277286] dump_stack_lvl+0x73/0xb0 [ 16.277314] print_report+0xd1/0x610 [ 16.277337] ? __virt_addr_valid+0x1db/0x2d0 [ 16.277361] ? strncpy_from_user+0x2e/0x1d0 [ 16.277385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.277409] ? strncpy_from_user+0x2e/0x1d0 [ 16.277433] kasan_report+0x141/0x180 [ 16.277456] ? strncpy_from_user+0x2e/0x1d0 [ 16.277486] kasan_check_range+0x10c/0x1c0 [ 16.277511] __kasan_check_write+0x18/0x20 [ 16.277530] strncpy_from_user+0x2e/0x1d0 [ 16.277554] ? __kasan_check_read+0x15/0x20 [ 16.277576] copy_user_test_oob+0x760/0x10f0 [ 16.277616] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.277639] ? finish_task_switch.isra.0+0x153/0x700 [ 16.277663] ? __switch_to+0x47/0xf50 [ 16.277691] ? __schedule+0x10cc/0x2b60 [ 16.277714] ? __pfx_read_tsc+0x10/0x10 [ 16.277735] ? ktime_get_ts64+0x86/0x230 [ 16.277760] kunit_try_run_case+0x1a5/0x480 [ 16.277786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.277809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.277835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.277859] ? __kthread_parkme+0x82/0x180 [ 16.277881] ? preempt_count_sub+0x50/0x80 [ 16.277917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.277942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.277967] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.277992] kthread+0x337/0x6f0 [ 16.278011] ? trace_preempt_on+0x20/0xc0 [ 16.278036] ? __pfx_kthread+0x10/0x10 [ 16.278057] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.278081] ? calculate_sigpending+0x7b/0xa0 [ 16.278106] ? __pfx_kthread+0x10/0x10 [ 16.278139] ret_from_fork+0x116/0x1d0 [ 16.278158] ? __pfx_kthread+0x10/0x10 [ 16.278180] ret_from_fork_asm+0x1a/0x30 [ 16.278212] </TASK> [ 16.278222] [ 16.285733] Allocated by task 302: [ 16.285870] kasan_save_stack+0x45/0x70 [ 16.286135] kasan_save_track+0x18/0x40 [ 16.286336] kasan_save_alloc_info+0x3b/0x50 [ 16.286550] __kasan_kmalloc+0xb7/0xc0 [ 16.286742] __kmalloc_noprof+0x1c9/0x500 [ 16.286969] kunit_kmalloc_array+0x25/0x60 [ 16.287160] copy_user_test_oob+0xab/0x10f0 [ 16.287340] kunit_try_run_case+0x1a5/0x480 [ 16.287532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.287721] kthread+0x337/0x6f0 [ 16.287846] ret_from_fork+0x116/0x1d0 [ 16.288010] ret_from_fork_asm+0x1a/0x30 [ 16.288213] [ 16.288313] The buggy address belongs to the object at ffff8881029b2200 [ 16.288313] which belongs to the cache kmalloc-128 of size 128 [ 16.288841] The buggy address is located 0 bytes inside of [ 16.288841] allocated 120-byte region [ffff8881029b2200, ffff8881029b2278) [ 16.289354] [ 16.289430] The buggy address belongs to the physical page: [ 16.289660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b2 [ 16.290021] flags: 0x200000000000000(node=0|zone=2) [ 16.290213] page_type: f5(slab) [ 16.290383] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.290679] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.290996] page dumped because: kasan: bad access detected [ 16.291225] [ 16.291305] Memory state around the buggy address: [ 16.291463] ffff8881029b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.291680] ffff8881029b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.291908] >ffff8881029b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.292279] ^ [ 16.292596] ffff8881029b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.292923] ffff8881029b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.293490] ================================================================== [ 16.293948] ================================================================== [ 16.294307] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.294777] Write of size 1 at addr ffff8881029b2278 by task kunit_try_catch/302 [ 16.295034] [ 16.295121] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.295164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.295175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.295197] Call Trace: [ 16.295213] <TASK> [ 16.295229] dump_stack_lvl+0x73/0xb0 [ 16.295258] print_report+0xd1/0x610 [ 16.295280] ? __virt_addr_valid+0x1db/0x2d0 [ 16.295304] ? strncpy_from_user+0x1a5/0x1d0 [ 16.295328] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.295352] ? strncpy_from_user+0x1a5/0x1d0 [ 16.295376] kasan_report+0x141/0x180 [ 16.295399] ? strncpy_from_user+0x1a5/0x1d0 [ 16.295428] __asan_report_store1_noabort+0x1b/0x30 [ 16.295462] strncpy_from_user+0x1a5/0x1d0 [ 16.295501] copy_user_test_oob+0x760/0x10f0 [ 16.295530] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.295570] ? finish_task_switch.isra.0+0x153/0x700 [ 16.295593] ? __switch_to+0x47/0xf50 [ 16.295620] ? __schedule+0x10cc/0x2b60 [ 16.295643] ? __pfx_read_tsc+0x10/0x10 [ 16.295664] ? ktime_get_ts64+0x86/0x230 [ 16.295689] kunit_try_run_case+0x1a5/0x480 [ 16.295715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.295738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.295763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.295787] ? __kthread_parkme+0x82/0x180 [ 16.295809] ? preempt_count_sub+0x50/0x80 [ 16.295833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.295857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.295882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.295919] kthread+0x337/0x6f0 [ 16.295939] ? trace_preempt_on+0x20/0xc0 [ 16.295964] ? __pfx_kthread+0x10/0x10 [ 16.295993] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.296014] ? calculate_sigpending+0x7b/0xa0 [ 16.296039] ? __pfx_kthread+0x10/0x10 [ 16.296062] ret_from_fork+0x116/0x1d0 [ 16.296081] ? __pfx_kthread+0x10/0x10 [ 16.296101] ret_from_fork_asm+0x1a/0x30 [ 16.296135] </TASK> [ 16.296146] [ 16.303708] Allocated by task 302: [ 16.303890] kasan_save_stack+0x45/0x70 [ 16.304092] kasan_save_track+0x18/0x40 [ 16.304291] kasan_save_alloc_info+0x3b/0x50 [ 16.304476] __kasan_kmalloc+0xb7/0xc0 [ 16.304650] __kmalloc_noprof+0x1c9/0x500 [ 16.304826] kunit_kmalloc_array+0x25/0x60 [ 16.304983] copy_user_test_oob+0xab/0x10f0 [ 16.305133] kunit_try_run_case+0x1a5/0x480 [ 16.305378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.305728] kthread+0x337/0x6f0 [ 16.305851] ret_from_fork+0x116/0x1d0 [ 16.306040] ret_from_fork_asm+0x1a/0x30 [ 16.306243] [ 16.306339] The buggy address belongs to the object at ffff8881029b2200 [ 16.306339] which belongs to the cache kmalloc-128 of size 128 [ 16.306839] The buggy address is located 0 bytes to the right of [ 16.306839] allocated 120-byte region [ffff8881029b2200, ffff8881029b2278) [ 16.307372] [ 16.307464] The buggy address belongs to the physical page: [ 16.307690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b2 [ 16.308007] flags: 0x200000000000000(node=0|zone=2) [ 16.308220] page_type: f5(slab) [ 16.308376] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.308674] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.308911] page dumped because: kasan: bad access detected [ 16.309141] [ 16.309234] Memory state around the buggy address: [ 16.309612] ffff8881029b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.309946] ffff8881029b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.311680] >ffff8881029b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.311966] ^ [ 16.312285] ffff8881029b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.312570] ffff8881029b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.312881] ==================================================================