Date
June 25, 2025, 8:08 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 25.819244] ================================================================== [ 25.819563] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 25.820037] Write of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.820482] [ 25.820610] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.820665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.820679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.820704] Call Trace: [ 25.820726] <TASK> [ 25.820747] dump_stack_lvl+0x73/0xb0 [ 25.820778] print_report+0xd1/0x650 [ 25.820800] ? __virt_addr_valid+0x1db/0x2d0 [ 25.820824] ? copy_user_test_oob+0x557/0x10f0 [ 25.820848] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.820874] ? copy_user_test_oob+0x557/0x10f0 [ 25.820897] kasan_report+0x141/0x180 [ 25.820919] ? copy_user_test_oob+0x557/0x10f0 [ 25.820980] kasan_check_range+0x10c/0x1c0 [ 25.821005] __kasan_check_write+0x18/0x20 [ 25.821028] copy_user_test_oob+0x557/0x10f0 [ 25.821053] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.821076] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.821103] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.821130] kunit_try_run_case+0x1a5/0x480 [ 25.821157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.821180] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.821201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.821227] ? __kthread_parkme+0x82/0x180 [ 25.821248] ? preempt_count_sub+0x50/0x80 [ 25.821272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.821296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.821319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.821344] kthread+0x337/0x6f0 [ 25.821364] ? trace_preempt_on+0x20/0xc0 [ 25.821388] ? __pfx_kthread+0x10/0x10 [ 25.821408] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.821431] ? calculate_sigpending+0x7b/0xa0 [ 25.821456] ? __pfx_kthread+0x10/0x10 [ 25.821478] ret_from_fork+0x116/0x1d0 [ 25.821499] ? __pfx_kthread+0x10/0x10 [ 25.821520] ret_from_fork_asm+0x1a/0x30 [ 25.821551] </TASK> [ 25.821565] [ 25.828165] Allocated by task 314: [ 25.828350] kasan_save_stack+0x45/0x70 [ 25.828568] kasan_save_track+0x18/0x40 [ 25.828711] kasan_save_alloc_info+0x3b/0x50 [ 25.828852] __kasan_kmalloc+0xb7/0xc0 [ 25.828990] __kmalloc_noprof+0x1c9/0x500 [ 25.829266] kunit_kmalloc_array+0x25/0x60 [ 25.829491] copy_user_test_oob+0xab/0x10f0 [ 25.829711] kunit_try_run_case+0x1a5/0x480 [ 25.829912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.830177] kthread+0x337/0x6f0 [ 25.830321] ret_from_fork+0x116/0x1d0 [ 25.830494] ret_from_fork_asm+0x1a/0x30 [ 25.830637] [ 25.830702] The buggy address belongs to the object at ffff888102597c00 [ 25.830702] which belongs to the cache kmalloc-128 of size 128 [ 25.831124] The buggy address is located 0 bytes inside of [ 25.831124] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.831661] [ 25.831733] The buggy address belongs to the physical page: [ 25.831900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.832521] flags: 0x200000000000000(node=0|zone=2) [ 25.832756] page_type: f5(slab) [ 25.832946] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.833258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.833521] page dumped because: kasan: bad access detected [ 25.833684] [ 25.833747] Memory state around the buggy address: [ 25.833899] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.834237] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.834540] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.835107] ^ [ 25.835380] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.835587] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.835789] ================================================================== [ 25.771657] ================================================================== [ 25.772184] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 25.772683] Write of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.773202] [ 25.773469] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.773550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.773566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.773590] Call Trace: [ 25.773610] <TASK> [ 25.773630] dump_stack_lvl+0x73/0xb0 [ 25.773661] print_report+0xd1/0x650 [ 25.773684] ? __virt_addr_valid+0x1db/0x2d0 [ 25.773708] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.773732] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.773758] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.773781] kasan_report+0x141/0x180 [ 25.773803] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.773830] kasan_check_range+0x10c/0x1c0 [ 25.773853] __kasan_check_write+0x18/0x20 [ 25.773876] copy_user_test_oob+0x3fd/0x10f0 [ 25.773900] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.773923] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.773962] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.773989] kunit_try_run_case+0x1a5/0x480 [ 25.774017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.774040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.774061] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.774087] ? __kthread_parkme+0x82/0x180 [ 25.774108] ? preempt_count_sub+0x50/0x80 [ 25.774133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.774157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.774181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.774205] kthread+0x337/0x6f0 [ 25.774225] ? trace_preempt_on+0x20/0xc0 [ 25.774250] ? __pfx_kthread+0x10/0x10 [ 25.774271] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.774294] ? calculate_sigpending+0x7b/0xa0 [ 25.774320] ? __pfx_kthread+0x10/0x10 [ 25.774342] ret_from_fork+0x116/0x1d0 [ 25.774362] ? __pfx_kthread+0x10/0x10 [ 25.774383] ret_from_fork_asm+0x1a/0x30 [ 25.774414] </TASK> [ 25.774426] [ 25.783138] Allocated by task 314: [ 25.783504] kasan_save_stack+0x45/0x70 [ 25.783771] kasan_save_track+0x18/0x40 [ 25.783949] kasan_save_alloc_info+0x3b/0x50 [ 25.784352] __kasan_kmalloc+0xb7/0xc0 [ 25.784526] __kmalloc_noprof+0x1c9/0x500 [ 25.784709] kunit_kmalloc_array+0x25/0x60 [ 25.784900] copy_user_test_oob+0xab/0x10f0 [ 25.785102] kunit_try_run_case+0x1a5/0x480 [ 25.785581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.785774] kthread+0x337/0x6f0 [ 25.786091] ret_from_fork+0x116/0x1d0 [ 25.786399] ret_from_fork_asm+0x1a/0x30 [ 25.786558] [ 25.786784] The buggy address belongs to the object at ffff888102597c00 [ 25.786784] which belongs to the cache kmalloc-128 of size 128 [ 25.787555] The buggy address is located 0 bytes inside of [ 25.787555] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.788210] [ 25.788300] The buggy address belongs to the physical page: [ 25.788674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.789088] flags: 0x200000000000000(node=0|zone=2) [ 25.789435] page_type: f5(slab) [ 25.789572] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.790043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.790516] page dumped because: kasan: bad access detected [ 25.790835] [ 25.790915] Memory state around the buggy address: [ 25.791264] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.791551] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.791854] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.792394] ^ [ 25.792692] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.793043] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.793432] ================================================================== [ 25.794370] ================================================================== [ 25.795069] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 25.795421] Read of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.795714] [ 25.796133] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.796192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.796379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.796407] Call Trace: [ 25.796431] <TASK> [ 25.796453] dump_stack_lvl+0x73/0xb0 [ 25.796483] print_report+0xd1/0x650 [ 25.796507] ? __virt_addr_valid+0x1db/0x2d0 [ 25.796532] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.796555] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.796581] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.796604] kasan_report+0x141/0x180 [ 25.796627] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.796654] kasan_check_range+0x10c/0x1c0 [ 25.796677] __kasan_check_read+0x15/0x20 [ 25.796699] copy_user_test_oob+0x4aa/0x10f0 [ 25.796724] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.796746] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.796775] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.796802] kunit_try_run_case+0x1a5/0x480 [ 25.796830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.796853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.796874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.796900] ? __kthread_parkme+0x82/0x180 [ 25.796921] ? preempt_count_sub+0x50/0x80 [ 25.796956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.796981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.797004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.797029] kthread+0x337/0x6f0 [ 25.797049] ? trace_preempt_on+0x20/0xc0 [ 25.797073] ? __pfx_kthread+0x10/0x10 [ 25.797094] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.797126] ? calculate_sigpending+0x7b/0xa0 [ 25.797151] ? __pfx_kthread+0x10/0x10 [ 25.797172] ret_from_fork+0x116/0x1d0 [ 25.797192] ? __pfx_kthread+0x10/0x10 [ 25.797213] ret_from_fork_asm+0x1a/0x30 [ 25.797244] </TASK> [ 25.797256] [ 25.806783] Allocated by task 314: [ 25.807168] kasan_save_stack+0x45/0x70 [ 25.807495] kasan_save_track+0x18/0x40 [ 25.807768] kasan_save_alloc_info+0x3b/0x50 [ 25.808074] __kasan_kmalloc+0xb7/0xc0 [ 25.808464] __kmalloc_noprof+0x1c9/0x500 [ 25.808621] kunit_kmalloc_array+0x25/0x60 [ 25.809022] copy_user_test_oob+0xab/0x10f0 [ 25.809448] kunit_try_run_case+0x1a5/0x480 [ 25.809660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.809893] kthread+0x337/0x6f0 [ 25.810066] ret_from_fork+0x116/0x1d0 [ 25.810484] ret_from_fork_asm+0x1a/0x30 [ 25.810659] [ 25.810918] The buggy address belongs to the object at ffff888102597c00 [ 25.810918] which belongs to the cache kmalloc-128 of size 128 [ 25.811665] The buggy address is located 0 bytes inside of [ 25.811665] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.812411] [ 25.812503] The buggy address belongs to the physical page: [ 25.812923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.813436] flags: 0x200000000000000(node=0|zone=2) [ 25.813676] page_type: f5(slab) [ 25.813844] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.814436] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.814738] page dumped because: kasan: bad access detected [ 25.815072] [ 25.815168] Memory state around the buggy address: [ 25.815583] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.815990] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.816393] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.816792] ^ [ 25.817190] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.817690] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.818085] ================================================================== [ 25.837040] ================================================================== [ 25.837766] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 25.838636] Read of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.839239] [ 25.839502] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.839556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.839571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.839680] Call Trace: [ 25.839706] <TASK> [ 25.839843] dump_stack_lvl+0x73/0xb0 [ 25.839878] print_report+0xd1/0x650 [ 25.839901] ? __virt_addr_valid+0x1db/0x2d0 [ 25.839926] ? copy_user_test_oob+0x604/0x10f0 [ 25.839963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.839989] ? copy_user_test_oob+0x604/0x10f0 [ 25.840012] kasan_report+0x141/0x180 [ 25.840034] ? copy_user_test_oob+0x604/0x10f0 [ 25.840061] kasan_check_range+0x10c/0x1c0 [ 25.840084] __kasan_check_read+0x15/0x20 [ 25.840107] copy_user_test_oob+0x604/0x10f0 [ 25.840142] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.840165] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.840192] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.840219] kunit_try_run_case+0x1a5/0x480 [ 25.840247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.840270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.840291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.840317] ? __kthread_parkme+0x82/0x180 [ 25.840345] ? preempt_count_sub+0x50/0x80 [ 25.840368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.840392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.840416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.840439] kthread+0x337/0x6f0 [ 25.840459] ? trace_preempt_on+0x20/0xc0 [ 25.840484] ? __pfx_kthread+0x10/0x10 [ 25.840504] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.840527] ? calculate_sigpending+0x7b/0xa0 [ 25.840551] ? __pfx_kthread+0x10/0x10 [ 25.840573] ret_from_fork+0x116/0x1d0 [ 25.840593] ? __pfx_kthread+0x10/0x10 [ 25.840613] ret_from_fork_asm+0x1a/0x30 [ 25.840644] </TASK> [ 25.840655] [ 25.849713] Allocated by task 314: [ 25.850055] kasan_save_stack+0x45/0x70 [ 25.850417] kasan_save_track+0x18/0x40 [ 25.850670] kasan_save_alloc_info+0x3b/0x50 [ 25.850958] __kasan_kmalloc+0xb7/0xc0 [ 25.851232] __kmalloc_noprof+0x1c9/0x500 [ 25.851435] kunit_kmalloc_array+0x25/0x60 [ 25.851631] copy_user_test_oob+0xab/0x10f0 [ 25.851831] kunit_try_run_case+0x1a5/0x480 [ 25.852032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.852561] kthread+0x337/0x6f0 [ 25.852718] ret_from_fork+0x116/0x1d0 [ 25.853084] ret_from_fork_asm+0x1a/0x30 [ 25.853484] [ 25.853594] The buggy address belongs to the object at ffff888102597c00 [ 25.853594] which belongs to the cache kmalloc-128 of size 128 [ 25.854426] The buggy address is located 0 bytes inside of [ 25.854426] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.855018] [ 25.855118] The buggy address belongs to the physical page: [ 25.855580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.855963] flags: 0x200000000000000(node=0|zone=2) [ 25.856321] page_type: f5(slab) [ 25.856680] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.857023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.857546] page dumped because: kasan: bad access detected [ 25.857785] [ 25.857865] Memory state around the buggy address: [ 25.858098] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.858396] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.858672] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.859002] ^ [ 25.859389] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.859625] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.859971] ==================================================================