Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 26.640420] ================================================================== [ 26.641655] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 26.642878] Write of size 121 at addr ffff8881039c8700 by task kunit_try_catch/303 [ 26.643521] [ 26.643777] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.643944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.644016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.644090] Call Trace: [ 26.644141] <TASK> [ 26.644204] dump_stack_lvl+0x73/0xb0 [ 26.644382] print_report+0xd1/0x650 [ 26.644518] ? __virt_addr_valid+0x1db/0x2d0 [ 26.644611] ? _copy_from_user+0x32/0x90 [ 26.644702] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.644818] ? _copy_from_user+0x32/0x90 [ 26.644901] kasan_report+0x141/0x180 [ 26.644950] ? _copy_from_user+0x32/0x90 [ 26.644988] kasan_check_range+0x10c/0x1c0 [ 26.645025] __kasan_check_write+0x18/0x20 [ 26.645094] _copy_from_user+0x32/0x90 [ 26.645144] copy_user_test_oob+0x2be/0x10f0 [ 26.645189] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.645282] ? finish_task_switch.isra.0+0x153/0x700 [ 26.645326] ? __switch_to+0x47/0xf50 [ 26.645366] ? __schedule+0x10cc/0x2b60 [ 26.645401] ? __pfx_read_tsc+0x10/0x10 [ 26.645434] ? ktime_get_ts64+0x86/0x230 [ 26.645470] kunit_try_run_case+0x1a5/0x480 [ 26.645538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.645577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.645633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.645672] ? __kthread_parkme+0x82/0x180 [ 26.645703] ? preempt_count_sub+0x50/0x80 [ 26.645735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.645772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.645807] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.645845] kthread+0x337/0x6f0 [ 26.645874] ? trace_preempt_on+0x20/0xc0 [ 26.645910] ? __pfx_kthread+0x10/0x10 [ 26.645941] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.645973] ? calculate_sigpending+0x7b/0xa0 [ 26.646009] ? __pfx_kthread+0x10/0x10 [ 26.646040] ret_from_fork+0x116/0x1d0 [ 26.646068] ? __pfx_kthread+0x10/0x10 [ 26.646097] ret_from_fork_asm+0x1a/0x30 [ 26.646142] </TASK> [ 26.646162] [ 26.663533] Allocated by task 303: [ 26.663904] kasan_save_stack+0x45/0x70 [ 26.664464] kasan_save_track+0x18/0x40 [ 26.664965] kasan_save_alloc_info+0x3b/0x50 [ 26.665519] __kasan_kmalloc+0xb7/0xc0 [ 26.665938] __kmalloc_noprof+0x1c9/0x500 [ 26.666464] kunit_kmalloc_array+0x25/0x60 [ 26.666832] copy_user_test_oob+0xab/0x10f0 [ 26.667171] kunit_try_run_case+0x1a5/0x480 [ 26.667687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.668306] kthread+0x337/0x6f0 [ 26.668724] ret_from_fork+0x116/0x1d0 [ 26.669166] ret_from_fork_asm+0x1a/0x30 [ 26.669662] [ 26.669915] The buggy address belongs to the object at ffff8881039c8700 [ 26.669915] which belongs to the cache kmalloc-128 of size 128 [ 26.670965] The buggy address is located 0 bytes inside of [ 26.670965] allocated 120-byte region [ffff8881039c8700, ffff8881039c8778) [ 26.671871] [ 26.672164] The buggy address belongs to the physical page: [ 26.672772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 26.673608] flags: 0x200000000000000(node=0|zone=2) [ 26.674163] page_type: f5(slab) [ 26.674649] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.675307] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.675999] page dumped because: kasan: bad access detected [ 26.676468] [ 26.676923] Memory state around the buggy address: [ 26.677908] ffff8881039c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.679030] ffff8881039c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.680600] >ffff8881039c8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.681253] ^ [ 26.681902] ffff8881039c8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.682554] ffff8881039c8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.683118] ==================================================================
[ 25.034355] ================================================================== [ 25.035662] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 25.036377] Write of size 121 at addr ffff8881038d5f00 by task kunit_try_catch/303 [ 25.037117] [ 25.037403] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 25.037528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.037569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.037635] Call Trace: [ 25.037678] <TASK> [ 25.037727] dump_stack_lvl+0x73/0xb0 [ 25.037823] print_report+0xd1/0x650 [ 25.037866] ? __virt_addr_valid+0x1db/0x2d0 [ 25.037993] ? _copy_from_user+0x32/0x90 [ 25.038068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.038306] ? _copy_from_user+0x32/0x90 [ 25.038346] kasan_report+0x141/0x180 [ 25.038383] ? _copy_from_user+0x32/0x90 [ 25.038419] kasan_check_range+0x10c/0x1c0 [ 25.038457] __kasan_check_write+0x18/0x20 [ 25.038486] _copy_from_user+0x32/0x90 [ 25.038517] copy_user_test_oob+0x2be/0x10f0 [ 25.038558] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.038593] ? finish_task_switch.isra.0+0x153/0x700 [ 25.038626] ? __switch_to+0x47/0xf50 [ 25.038663] ? __schedule+0x10cc/0x2b60 [ 25.038697] ? __pfx_read_tsc+0x10/0x10 [ 25.038728] ? ktime_get_ts64+0x86/0x230 [ 25.038763] kunit_try_run_case+0x1a5/0x480 [ 25.038801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.038836] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.038892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.038935] ? __kthread_parkme+0x82/0x180 [ 25.038967] ? preempt_count_sub+0x50/0x80 [ 25.038999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.039036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.039072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.039145] kthread+0x337/0x6f0 [ 25.039186] ? trace_preempt_on+0x20/0xc0 [ 25.039221] ? __pfx_kthread+0x10/0x10 [ 25.039252] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.039286] ? calculate_sigpending+0x7b/0xa0 [ 25.039324] ? __pfx_kthread+0x10/0x10 [ 25.039354] ret_from_fork+0x116/0x1d0 [ 25.039382] ? __pfx_kthread+0x10/0x10 [ 25.039414] ret_from_fork_asm+0x1a/0x30 [ 25.039458] </TASK> [ 25.039476] [ 25.061928] Allocated by task 303: [ 25.063327] kasan_save_stack+0x45/0x70 [ 25.063925] kasan_save_track+0x18/0x40 [ 25.065009] kasan_save_alloc_info+0x3b/0x50 [ 25.065686] __kasan_kmalloc+0xb7/0xc0 [ 25.065983] __kmalloc_noprof+0x1c9/0x500 [ 25.066555] kunit_kmalloc_array+0x25/0x60 [ 25.067227] copy_user_test_oob+0xab/0x10f0 [ 25.068614] kunit_try_run_case+0x1a5/0x480 [ 25.069082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.069553] kthread+0x337/0x6f0 [ 25.070443] ret_from_fork+0x116/0x1d0 [ 25.070778] ret_from_fork_asm+0x1a/0x30 [ 25.071398] [ 25.071665] The buggy address belongs to the object at ffff8881038d5f00 [ 25.071665] which belongs to the cache kmalloc-128 of size 128 [ 25.073084] The buggy address is located 0 bytes inside of [ 25.073084] allocated 120-byte region [ffff8881038d5f00, ffff8881038d5f78) [ 25.074146] [ 25.074421] The buggy address belongs to the physical page: [ 25.074912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.076039] flags: 0x200000000000000(node=0|zone=2) [ 25.076890] page_type: f5(slab) [ 25.077476] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.078625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.079462] page dumped because: kasan: bad access detected [ 25.079924] [ 25.080151] Memory state around the buggy address: [ 25.080549] ffff8881038d5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.081535] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.082244] >ffff8881038d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.082839] ^ [ 25.083559] ffff8881038d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.084221] ffff8881038d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.084773] ==================================================================