Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-x86_64 | |
| x86 |
[ 18.026353] ================================================================== [ 18.026899] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 18.027187] Read of size 121 at addr ffff88810254dc00 by task kunit_try_catch/303 [ 18.027646] [ 18.027783] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.027864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.027885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.027921] Call Trace: [ 18.027951] <TASK> [ 18.027981] dump_stack_lvl+0x73/0xb0 [ 18.028033] print_report+0xd1/0x650 [ 18.028069] ? __virt_addr_valid+0x1db/0x2d0 [ 18.028102] ? _copy_to_user+0x3c/0x70 [ 18.028131] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.028169] ? _copy_to_user+0x3c/0x70 [ 18.028199] kasan_report+0x141/0x180 [ 18.028234] ? _copy_to_user+0x3c/0x70 [ 18.028273] kasan_check_range+0x10c/0x1c0 [ 18.028310] __kasan_check_read+0x15/0x20 [ 18.028340] _copy_to_user+0x3c/0x70 [ 18.028371] copy_user_test_oob+0x364/0x10f0 [ 18.028411] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.028445] ? finish_task_switch.isra.0+0x153/0x700 [ 18.028481] ? __switch_to+0x47/0xf50 [ 18.028521] ? __schedule+0x10cc/0x2b60 [ 18.028558] ? __pfx_read_tsc+0x10/0x10 [ 18.028589] ? ktime_get_ts64+0x86/0x230 [ 18.028640] kunit_try_run_case+0x1a5/0x480 [ 18.028677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.028707] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.028744] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.028783] ? __kthread_parkme+0x82/0x180 [ 18.028818] ? preempt_count_sub+0x50/0x80 [ 18.028860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.029373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.029422] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.029502] kthread+0x337/0x6f0 [ 18.029540] ? trace_preempt_on+0x20/0xc0 [ 18.029577] ? __pfx_kthread+0x10/0x10 [ 18.029610] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.029660] ? calculate_sigpending+0x7b/0xa0 [ 18.029696] ? __pfx_kthread+0x10/0x10 [ 18.029729] ret_from_fork+0x116/0x1d0 [ 18.029756] ? __pfx_kthread+0x10/0x10 [ 18.029789] ret_from_fork_asm+0x1a/0x30 [ 18.029843] </TASK> [ 18.029868] [ 18.041954] Allocated by task 303: [ 18.042468] kasan_save_stack+0x45/0x70 [ 18.042697] kasan_save_track+0x18/0x40 [ 18.042990] kasan_save_alloc_info+0x3b/0x50 [ 18.043267] __kasan_kmalloc+0xb7/0xc0 [ 18.043424] __kmalloc_noprof+0x1c9/0x500 [ 18.043750] kunit_kmalloc_array+0x25/0x60 [ 18.043967] copy_user_test_oob+0xab/0x10f0 [ 18.044267] kunit_try_run_case+0x1a5/0x480 [ 18.044461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.044892] kthread+0x337/0x6f0 [ 18.045159] ret_from_fork+0x116/0x1d0 [ 18.045331] ret_from_fork_asm+0x1a/0x30 [ 18.045681] [ 18.045889] The buggy address belongs to the object at ffff88810254dc00 [ 18.045889] which belongs to the cache kmalloc-128 of size 128 [ 18.046657] The buggy address is located 0 bytes inside of [ 18.046657] allocated 120-byte region [ffff88810254dc00, ffff88810254dc78) [ 18.047286] [ 18.047405] The buggy address belongs to the physical page: [ 18.047852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10254d [ 18.048448] flags: 0x200000000000000(node=0|zone=2) [ 18.048836] page_type: f5(slab) [ 18.049176] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.049553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.049966] page dumped because: kasan: bad access detected [ 18.050252] [ 18.050390] Memory state around the buggy address: [ 18.050652] ffff88810254db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.051874] ffff88810254db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.052463] >ffff88810254dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.053299] ^ [ 18.053909] ffff88810254dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.054147] ffff88810254dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.054337] ==================================================================
[ 17.958456] ================================================================== [ 17.958838] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 17.959459] Read of size 121 at addr ffff8881031c0b00 by task kunit_try_catch/302 [ 17.959803] [ 17.959901] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.959949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.959963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.959985] Call Trace: [ 17.960003] <TASK> [ 17.960022] dump_stack_lvl+0x73/0xb0 [ 17.960068] print_report+0xd1/0x650 [ 17.960094] ? __virt_addr_valid+0x1db/0x2d0 [ 17.960122] ? _copy_to_user+0x3c/0x70 [ 17.960144] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.960175] ? _copy_to_user+0x3c/0x70 [ 17.960198] kasan_report+0x141/0x180 [ 17.960223] ? _copy_to_user+0x3c/0x70 [ 17.960252] kasan_check_range+0x10c/0x1c0 [ 17.960279] __kasan_check_read+0x15/0x20 [ 17.960302] _copy_to_user+0x3c/0x70 [ 17.960326] copy_user_test_oob+0x364/0x10f0 [ 17.960356] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.960386] ? __kasan_check_write+0x18/0x20 [ 17.960408] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.960435] ? irqentry_exit+0x2a/0x60 [ 17.960460] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.960488] ? trace_hardirqs_on+0x37/0xe0 [ 17.960515] ? __pfx_read_tsc+0x10/0x10 [ 17.960541] ? ktime_get_ts64+0x86/0x230 [ 17.960570] kunit_try_run_case+0x1a5/0x480 [ 17.960598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.960627] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.960655] ? __kthread_parkme+0x82/0x180 [ 17.960679] ? preempt_count_sub+0x50/0x80 [ 17.960707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.960747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.960775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.960802] kthread+0x337/0x6f0 [ 17.960827] ? trace_preempt_on+0x20/0xc0 [ 17.960853] ? __pfx_kthread+0x10/0x10 [ 17.960879] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.960904] ? calculate_sigpending+0x7b/0xa0 [ 17.960931] ? __pfx_kthread+0x10/0x10 [ 17.960958] ret_from_fork+0x116/0x1d0 [ 17.960980] ? __pfx_kthread+0x10/0x10 [ 17.961004] ret_from_fork_asm+0x1a/0x30 [ 17.961040] </TASK> [ 17.961063] [ 17.975857] Allocated by task 302: [ 17.976191] kasan_save_stack+0x45/0x70 [ 17.976554] kasan_save_track+0x18/0x40 [ 17.976998] kasan_save_alloc_info+0x3b/0x50 [ 17.977283] __kasan_kmalloc+0xb7/0xc0 [ 17.977422] __kmalloc_noprof+0x1c9/0x500 [ 17.977582] kunit_kmalloc_array+0x25/0x60 [ 17.977750] copy_user_test_oob+0xab/0x10f0 [ 17.978146] kunit_try_run_case+0x1a5/0x480 [ 17.978528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.979159] kthread+0x337/0x6f0 [ 17.979459] ret_from_fork+0x116/0x1d0 [ 17.979812] ret_from_fork_asm+0x1a/0x30 [ 17.980179] [ 17.980350] The buggy address belongs to the object at ffff8881031c0b00 [ 17.980350] which belongs to the cache kmalloc-128 of size 128 [ 17.981460] The buggy address is located 0 bytes inside of [ 17.981460] allocated 120-byte region [ffff8881031c0b00, ffff8881031c0b78) [ 17.981881] [ 17.981962] The buggy address belongs to the physical page: [ 17.982154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c0 [ 17.982405] flags: 0x200000000000000(node=0|zone=2) [ 17.982575] page_type: f5(slab) [ 17.982702] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.983355] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.984178] page dumped because: kasan: bad access detected [ 17.984730] [ 17.984889] Memory state around the buggy address: [ 17.985318] ffff8881031c0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.985938] ffff8881031c0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.986561] >ffff8881031c0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.987520] ^ [ 17.988205] ffff8881031c0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.988944] ffff8881031c0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.989590] ==================================================================
[ 77.132912] ================================================================== [ 77.140145] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 77.146592] Read of size 121 at addr ffff8881066e9300 by task kunit_try_catch/326 [ 77.154070] [ 77.155571] CPU: 3 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 77.155580] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 77.155583] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 77.155586] Call Trace: [ 77.155588] <TASK> [ 77.155590] dump_stack_lvl+0x73/0xb0 [ 77.155595] print_report+0xd1/0x650 [ 77.155599] ? __virt_addr_valid+0x1db/0x2d0 [ 77.155603] ? _copy_to_user+0x3c/0x70 [ 77.155607] ? kasan_complete_mode_report_info+0x2a/0x200 [ 77.155612] ? _copy_to_user+0x3c/0x70 [ 77.155615] kasan_report+0x141/0x180 [ 77.155620] ? _copy_to_user+0x3c/0x70 [ 77.155624] kasan_check_range+0x10c/0x1c0 [ 77.155629] __kasan_check_read+0x15/0x20 [ 77.155632] _copy_to_user+0x3c/0x70 [ 77.155635] copy_user_test_oob+0x364/0x10f0 [ 77.155641] ? __pfx_copy_user_test_oob+0x10/0x10 [ 77.155645] ? finish_task_switch.isra.0+0x153/0x700 [ 77.155650] ? __switch_to+0x544/0xf50 [ 77.155655] ? __schedule+0x10cc/0x2b60 [ 77.155659] ? ktime_get_ts64+0x83/0x230 [ 77.155663] kunit_try_run_case+0x1a2/0x480 [ 77.155668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 77.155672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 77.155677] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 77.155681] ? __kthread_parkme+0x82/0x180 [ 77.155685] ? preempt_count_sub+0x50/0x80 [ 77.155689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 77.155694] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 77.155698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 77.155703] kthread+0x334/0x6f0 [ 77.155707] ? trace_preempt_on+0x20/0xc0 [ 77.155711] ? __pfx_kthread+0x10/0x10 [ 77.155715] ? _raw_spin_unlock_irq+0x47/0x80 [ 77.155719] ? calculate_sigpending+0x7b/0xa0 [ 77.155724] ? __pfx_kthread+0x10/0x10 [ 77.155728] ret_from_fork+0x113/0x1d0 [ 77.155731] ? __pfx_kthread+0x10/0x10 [ 77.155735] ret_from_fork_asm+0x1a/0x30 [ 77.155741] </TASK> [ 77.155743] [ 77.335083] Allocated by task 326: [ 77.338489] kasan_save_stack+0x45/0x70 [ 77.342347] kasan_save_track+0x18/0x40 [ 77.346246] kasan_save_alloc_info+0x3b/0x50 [ 77.350525] __kasan_kmalloc+0xb7/0xc0 [ 77.354279] __kmalloc_noprof+0x1c9/0x500 [ 77.358292] kunit_kmalloc_array+0x25/0x60 [ 77.362394] copy_user_test_oob+0xab/0x10f0 [ 77.366584] kunit_try_run_case+0x1a2/0x480 [ 77.370771] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 77.376172] kthread+0x334/0x6f0 [ 77.379418] ret_from_fork+0x113/0x1d0 [ 77.383172] ret_from_fork_asm+0x1a/0x30 [ 77.387099] [ 77.388597] The buggy address belongs to the object at ffff8881066e9300 [ 77.388597] which belongs to the cache kmalloc-128 of size 128 [ 77.401107] The buggy address is located 0 bytes inside of [ 77.401107] allocated 120-byte region [ffff8881066e9300, ffff8881066e9378) [ 77.413540] [ 77.415042] The buggy address belongs to the physical page: [ 77.420613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e9 [ 77.428612] flags: 0x200000000000000(node=0|zone=2) [ 77.433492] page_type: f5(slab) [ 77.436641] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 77.444417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 77.452159] page dumped because: kasan: bad access detected [ 77.457734] [ 77.459232] Memory state around the buggy address: [ 77.464025] ffff8881066e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.471253] ffff8881066e9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.478471] >ffff8881066e9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.485691] ^ [ 77.492823] ffff8881066e9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.500043] ffff8881066e9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.507261] ==================================================================