Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-x86_64 | |
| x86 |
[ 17.996213] ================================================================== [ 17.996944] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 17.997592] Write of size 121 at addr ffff88810254dc00 by task kunit_try_catch/303 [ 17.998242] [ 17.998477] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.998569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.998596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.998660] Call Trace: [ 17.998688] <TASK> [ 17.998737] dump_stack_lvl+0x73/0xb0 [ 17.998802] print_report+0xd1/0x650 [ 17.998836] ? __virt_addr_valid+0x1db/0x2d0 [ 17.998868] ? _copy_from_user+0x32/0x90 [ 17.998893] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.998925] ? _copy_from_user+0x32/0x90 [ 17.998950] kasan_report+0x141/0x180 [ 17.998977] ? _copy_from_user+0x32/0x90 [ 17.999008] kasan_check_range+0x10c/0x1c0 [ 17.999037] __kasan_check_write+0x18/0x20 [ 17.999061] _copy_from_user+0x32/0x90 [ 17.999088] copy_user_test_oob+0x2be/0x10f0 [ 17.999139] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.999160] ? finish_task_switch.isra.0+0x153/0x700 [ 17.999183] ? __switch_to+0x47/0xf50 [ 17.999209] ? __schedule+0x10cc/0x2b60 [ 17.999231] ? __pfx_read_tsc+0x10/0x10 [ 17.999252] ? ktime_get_ts64+0x86/0x230 [ 17.999276] kunit_try_run_case+0x1a5/0x480 [ 17.999298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.999319] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.999341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.999362] ? __kthread_parkme+0x82/0x180 [ 17.999382] ? preempt_count_sub+0x50/0x80 [ 17.999404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.999426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.999447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.999469] kthread+0x337/0x6f0 [ 17.999488] ? trace_preempt_on+0x20/0xc0 [ 17.999511] ? __pfx_kthread+0x10/0x10 [ 17.999530] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.999549] ? calculate_sigpending+0x7b/0xa0 [ 17.999572] ? __pfx_kthread+0x10/0x10 [ 17.999592] ret_from_fork+0x116/0x1d0 [ 17.999611] ? __pfx_kthread+0x10/0x10 [ 17.999648] ret_from_fork_asm+0x1a/0x30 [ 17.999678] </TASK> [ 17.999692] [ 18.010604] Allocated by task 303: [ 18.010916] kasan_save_stack+0x45/0x70 [ 18.011136] kasan_save_track+0x18/0x40 [ 18.011450] kasan_save_alloc_info+0x3b/0x50 [ 18.011740] __kasan_kmalloc+0xb7/0xc0 [ 18.011910] __kmalloc_noprof+0x1c9/0x500 [ 18.012085] kunit_kmalloc_array+0x25/0x60 [ 18.012323] copy_user_test_oob+0xab/0x10f0 [ 18.012969] kunit_try_run_case+0x1a5/0x480 [ 18.013371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.013777] kthread+0x337/0x6f0 [ 18.014038] ret_from_fork+0x116/0x1d0 [ 18.014337] ret_from_fork_asm+0x1a/0x30 [ 18.014720] [ 18.014905] The buggy address belongs to the object at ffff88810254dc00 [ 18.014905] which belongs to the cache kmalloc-128 of size 128 [ 18.015731] The buggy address is located 0 bytes inside of [ 18.015731] allocated 120-byte region [ffff88810254dc00, ffff88810254dc78) [ 18.016278] [ 18.016445] The buggy address belongs to the physical page: [ 18.016729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10254d [ 18.017152] flags: 0x200000000000000(node=0|zone=2) [ 18.017441] page_type: f5(slab) [ 18.017684] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.018060] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.018537] page dumped because: kasan: bad access detected [ 18.018767] [ 18.018924] Memory state around the buggy address: [ 18.019272] ffff88810254db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.019566] ffff88810254db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.020017] >ffff88810254dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.020348] ^ [ 18.020793] ffff88810254dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.021133] ffff88810254dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.021564] ==================================================================
[ 17.936498] ================================================================== [ 17.937222] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 17.937528] Write of size 121 at addr ffff8881031c0b00 by task kunit_try_catch/302 [ 17.937838] [ 17.937973] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.938024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.938038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.938073] Call Trace: [ 17.938090] <TASK> [ 17.938112] dump_stack_lvl+0x73/0xb0 [ 17.938149] print_report+0xd1/0x650 [ 17.938176] ? __virt_addr_valid+0x1db/0x2d0 [ 17.938205] ? _copy_from_user+0x32/0x90 [ 17.938227] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.938256] ? _copy_from_user+0x32/0x90 [ 17.938279] kasan_report+0x141/0x180 [ 17.938305] ? _copy_from_user+0x32/0x90 [ 17.938333] kasan_check_range+0x10c/0x1c0 [ 17.938359] __kasan_check_write+0x18/0x20 [ 17.938382] _copy_from_user+0x32/0x90 [ 17.938405] copy_user_test_oob+0x2be/0x10f0 [ 17.938435] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.938462] ? __kasan_check_write+0x18/0x20 [ 17.938485] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.938511] ? irqentry_exit+0x2a/0x60 [ 17.938538] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.938565] ? trace_hardirqs_on+0x37/0xe0 [ 17.938593] ? __pfx_read_tsc+0x10/0x10 [ 17.938620] ? ktime_get_ts64+0x86/0x230 [ 17.938649] kunit_try_run_case+0x1a5/0x480 [ 17.938676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.938704] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.938741] ? __kthread_parkme+0x82/0x180 [ 17.938766] ? preempt_count_sub+0x50/0x80 [ 17.938797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.938825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.938851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.938878] kthread+0x337/0x6f0 [ 17.938901] ? trace_preempt_on+0x20/0xc0 [ 17.938927] ? __pfx_kthread+0x10/0x10 [ 17.938951] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.938975] ? calculate_sigpending+0x7b/0xa0 [ 17.939003] ? __pfx_kthread+0x10/0x10 [ 17.939029] ret_from_fork+0x116/0x1d0 [ 17.939061] ? __pfx_kthread+0x10/0x10 [ 17.939085] ret_from_fork_asm+0x1a/0x30 [ 17.939121] </TASK> [ 17.939136] [ 17.946984] Allocated by task 302: [ 17.947163] kasan_save_stack+0x45/0x70 [ 17.947349] kasan_save_track+0x18/0x40 [ 17.947558] kasan_save_alloc_info+0x3b/0x50 [ 17.947779] __kasan_kmalloc+0xb7/0xc0 [ 17.947981] __kmalloc_noprof+0x1c9/0x500 [ 17.948176] kunit_kmalloc_array+0x25/0x60 [ 17.948398] copy_user_test_oob+0xab/0x10f0 [ 17.948618] kunit_try_run_case+0x1a5/0x480 [ 17.948806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.948995] kthread+0x337/0x6f0 [ 17.949221] ret_from_fork+0x116/0x1d0 [ 17.949477] ret_from_fork_asm+0x1a/0x30 [ 17.949637] [ 17.949717] The buggy address belongs to the object at ffff8881031c0b00 [ 17.949717] which belongs to the cache kmalloc-128 of size 128 [ 17.950267] The buggy address is located 0 bytes inside of [ 17.950267] allocated 120-byte region [ffff8881031c0b00, ffff8881031c0b78) [ 17.950652] [ 17.950734] The buggy address belongs to the physical page: [ 17.951020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c0 [ 17.951408] flags: 0x200000000000000(node=0|zone=2) [ 17.951661] page_type: f5(slab) [ 17.951841] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.952263] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.952512] page dumped because: kasan: bad access detected [ 17.952840] [ 17.952945] Memory state around the buggy address: [ 17.953202] ffff8881031c0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.953514] ffff8881031c0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.953871] >ffff8881031c0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.954157] ^ [ 17.954460] ffff8881031c0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.954796] ffff8881031c0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.955116] ==================================================================
[ 76.744116] ================================================================== [ 76.757444] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 76.764064] Write of size 121 at addr ffff8881066e9300 by task kunit_try_catch/326 [ 76.771632] [ 76.773131] CPU: 3 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 76.773140] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 76.773143] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 76.773147] Call Trace: [ 76.773149] <TASK> [ 76.773151] dump_stack_lvl+0x73/0xb0 [ 76.773156] print_report+0xd1/0x650 [ 76.773161] ? __virt_addr_valid+0x1db/0x2d0 [ 76.773165] ? _copy_from_user+0x32/0x90 [ 76.773168] ? kasan_complete_mode_report_info+0x2a/0x200 [ 76.773174] ? _copy_from_user+0x32/0x90 [ 76.773177] kasan_report+0x141/0x180 [ 76.773181] ? _copy_from_user+0x32/0x90 [ 76.773186] kasan_check_range+0x10c/0x1c0 [ 76.773190] __kasan_check_write+0x18/0x20 [ 76.773194] _copy_from_user+0x32/0x90 [ 76.773198] copy_user_test_oob+0x2be/0x10f0 [ 76.773203] ? __pfx_copy_user_test_oob+0x10/0x10 [ 76.773207] ? finish_task_switch.isra.0+0x153/0x700 [ 76.773212] ? __switch_to+0x544/0xf50 [ 76.773217] ? __schedule+0x10cc/0x2b60 [ 76.773221] ? ktime_get_ts64+0x83/0x230 [ 76.773225] kunit_try_run_case+0x1a2/0x480 [ 76.773230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 76.773235] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 76.773239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 76.773244] ? __kthread_parkme+0x82/0x180 [ 76.773247] ? preempt_count_sub+0x50/0x80 [ 76.773252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 76.773256] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 76.773261] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 76.773265] kthread+0x334/0x6f0 [ 76.773269] ? trace_preempt_on+0x20/0xc0 [ 76.773273] ? __pfx_kthread+0x10/0x10 [ 76.773277] ? _raw_spin_unlock_irq+0x47/0x80 [ 76.773281] ? calculate_sigpending+0x7b/0xa0 [ 76.773286] ? __pfx_kthread+0x10/0x10 [ 76.773290] ret_from_fork+0x113/0x1d0 [ 76.773294] ? __pfx_kthread+0x10/0x10 [ 76.773297] ret_from_fork_asm+0x1a/0x30 [ 76.773304] </TASK> [ 76.773305] [ 76.953301] Allocated by task 326: [ 76.956706] kasan_save_stack+0x45/0x70 [ 76.960547] kasan_save_track+0x18/0x40 [ 76.964392] kasan_save_alloc_info+0x3b/0x50 [ 76.968685] __kasan_kmalloc+0xb7/0xc0 [ 76.972437] __kmalloc_noprof+0x1c9/0x500 [ 76.976450] kunit_kmalloc_array+0x25/0x60 [ 76.980557] copy_user_test_oob+0xab/0x10f0 [ 76.984742] kunit_try_run_case+0x1a2/0x480 [ 76.988929] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 76.994346] kthread+0x334/0x6f0 [ 76.997613] ret_from_fork+0x113/0x1d0 [ 77.001365] ret_from_fork_asm+0x1a/0x30 [ 77.005362] [ 77.006903] The buggy address belongs to the object at ffff8881066e9300 [ 77.006903] which belongs to the cache kmalloc-128 of size 128 [ 77.019418] The buggy address is located 0 bytes inside of [ 77.019418] allocated 120-byte region [ffff8881066e9300, ffff8881066e9378) [ 77.031847] [ 77.033362] The buggy address belongs to the physical page: [ 77.038962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e9 [ 77.046970] flags: 0x200000000000000(node=0|zone=2) [ 77.051849] page_type: f5(slab) [ 77.054995] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 77.062743] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 77.070480] page dumped because: kasan: bad access detected [ 77.076054] [ 77.077553] Memory state around the buggy address: [ 77.082362] ffff8881066e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.089602] ffff8881066e9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.096828] >ffff8881066e9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.104047] ^ [ 77.111182] ffff8881066e9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.118432] ffff8881066e9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.125653] ==================================================================