Date
July 18, 2025, 2:09 p.m.
Environment | |
---|---|
qemu-x86_64 |
[ 15.948282] ================================================================== [ 15.949811] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 15.950317] Write of size 121 at addr ffff888102ae1400 by task kunit_try_catch/303 [ 15.951227] [ 15.951585] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 15.951649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.951662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.951687] Call Trace: [ 15.951703] <TASK> [ 15.951726] dump_stack_lvl+0x73/0xb0 [ 15.951761] print_report+0xd1/0x610 [ 15.951787] ? __virt_addr_valid+0x1db/0x2d0 [ 15.951814] ? _copy_from_user+0x32/0x90 [ 15.951833] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.951858] ? _copy_from_user+0x32/0x90 [ 15.951878] kasan_report+0x141/0x180 [ 15.951900] ? _copy_from_user+0x32/0x90 [ 15.951926] kasan_check_range+0x10c/0x1c0 [ 15.951952] __kasan_check_write+0x18/0x20 [ 15.951972] _copy_from_user+0x32/0x90 [ 15.951993] copy_user_test_oob+0x2be/0x10f0 [ 15.952022] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.952045] ? finish_task_switch.isra.0+0x153/0x700 [ 15.952071] ? __switch_to+0x47/0xf50 [ 15.952100] ? __schedule+0x10cc/0x2b60 [ 15.952125] ? __pfx_read_tsc+0x10/0x10 [ 15.952147] ? ktime_get_ts64+0x86/0x230 [ 15.952174] kunit_try_run_case+0x1a5/0x480 [ 15.952199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.952222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.952248] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.952273] ? __kthread_parkme+0x82/0x180 [ 15.952296] ? preempt_count_sub+0x50/0x80 [ 15.952320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.952345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.952370] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.952395] kthread+0x337/0x6f0 [ 15.952415] ? trace_preempt_on+0x20/0xc0 [ 15.952451] ? __pfx_kthread+0x10/0x10 [ 15.952474] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.952497] ? calculate_sigpending+0x7b/0xa0 [ 15.952523] ? __pfx_kthread+0x10/0x10 [ 15.952683] ret_from_fork+0x116/0x1d0 [ 15.952706] ? __pfx_kthread+0x10/0x10 [ 15.952741] ret_from_fork_asm+0x1a/0x30 [ 15.952777] </TASK> [ 15.952828] [ 15.964463] Allocated by task 303: [ 15.964661] kasan_save_stack+0x45/0x70 [ 15.964936] kasan_save_track+0x18/0x40 [ 15.965079] kasan_save_alloc_info+0x3b/0x50 [ 15.965261] __kasan_kmalloc+0xb7/0xc0 [ 15.965457] __kmalloc_noprof+0x1c9/0x500 [ 15.965693] kunit_kmalloc_array+0x25/0x60 [ 15.966036] copy_user_test_oob+0xab/0x10f0 [ 15.966186] kunit_try_run_case+0x1a5/0x480 [ 15.966366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.966752] kthread+0x337/0x6f0 [ 15.966955] ret_from_fork+0x116/0x1d0 [ 15.967104] ret_from_fork_asm+0x1a/0x30 [ 15.967309] [ 15.967395] The buggy address belongs to the object at ffff888102ae1400 [ 15.967395] which belongs to the cache kmalloc-128 of size 128 [ 15.967915] The buggy address is located 0 bytes inside of [ 15.967915] allocated 120-byte region [ffff888102ae1400, ffff888102ae1478) [ 15.968421] [ 15.968542] The buggy address belongs to the physical page: [ 15.968798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 15.969112] flags: 0x200000000000000(node=0|zone=2) [ 15.969369] page_type: f5(slab) [ 15.969556] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.969824] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.970053] page dumped because: kasan: bad access detected [ 15.970225] [ 15.970334] Memory state around the buggy address: [ 15.970575] ffff888102ae1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.970892] ffff888102ae1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.971150] >ffff888102ae1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.971366] ^ [ 15.971921] ffff888102ae1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.972215] ffff888102ae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.972538] ==================================================================
[ 16.445166] ================================================================== [ 16.445943] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 16.446502] Write of size 121 at addr ffff8881029c5700 by task kunit_try_catch/302 [ 16.446909] [ 16.447033] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.447089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.447102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.447128] Call Trace: [ 16.447145] <TASK> [ 16.447170] dump_stack_lvl+0x73/0xb0 [ 16.447207] print_report+0xd1/0x610 [ 16.447234] ? __virt_addr_valid+0x1db/0x2d0 [ 16.447260] ? _copy_from_user+0x32/0x90 [ 16.447281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.447305] ? _copy_from_user+0x32/0x90 [ 16.447326] kasan_report+0x141/0x180 [ 16.447349] ? _copy_from_user+0x32/0x90 [ 16.447402] kasan_check_range+0x10c/0x1c0 [ 16.447427] __kasan_check_write+0x18/0x20 [ 16.447447] _copy_from_user+0x32/0x90 [ 16.447469] copy_user_test_oob+0x2be/0x10f0 [ 16.447496] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.447540] ? finish_task_switch.isra.0+0x153/0x700 [ 16.447566] ? __switch_to+0x47/0xf50 [ 16.447594] ? __schedule+0x10cc/0x2b60 [ 16.447618] ? __pfx_read_tsc+0x10/0x10 [ 16.447641] ? ktime_get_ts64+0x86/0x230 [ 16.447667] kunit_try_run_case+0x1a5/0x480 [ 16.447693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.447716] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.447742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.447766] ? __kthread_parkme+0x82/0x180 [ 16.447789] ? preempt_count_sub+0x50/0x80 [ 16.447814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.447839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.447864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.447889] kthread+0x337/0x6f0 [ 16.447909] ? trace_preempt_on+0x20/0xc0 [ 16.447934] ? __pfx_kthread+0x10/0x10 [ 16.447955] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.447977] ? calculate_sigpending+0x7b/0xa0 [ 16.448004] ? __pfx_kthread+0x10/0x10 [ 16.448035] ret_from_fork+0x116/0x1d0 [ 16.448055] ? __pfx_kthread+0x10/0x10 [ 16.448076] ret_from_fork_asm+0x1a/0x30 [ 16.448109] </TASK> [ 16.448121] [ 16.455394] Allocated by task 302: [ 16.455621] kasan_save_stack+0x45/0x70 [ 16.455840] kasan_save_track+0x18/0x40 [ 16.456042] kasan_save_alloc_info+0x3b/0x50 [ 16.456238] __kasan_kmalloc+0xb7/0xc0 [ 16.456416] __kmalloc_noprof+0x1c9/0x500 [ 16.456615] kunit_kmalloc_array+0x25/0x60 [ 16.456791] copy_user_test_oob+0xab/0x10f0 [ 16.456947] kunit_try_run_case+0x1a5/0x480 [ 16.457150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.457394] kthread+0x337/0x6f0 [ 16.457518] ret_from_fork+0x116/0x1d0 [ 16.457720] ret_from_fork_asm+0x1a/0x30 [ 16.457925] [ 16.458033] The buggy address belongs to the object at ffff8881029c5700 [ 16.458033] which belongs to the cache kmalloc-128 of size 128 [ 16.458564] The buggy address is located 0 bytes inside of [ 16.458564] allocated 120-byte region [ffff8881029c5700, ffff8881029c5778) [ 16.458983] [ 16.459093] The buggy address belongs to the physical page: [ 16.459302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 16.459546] flags: 0x200000000000000(node=0|zone=2) [ 16.459715] page_type: f5(slab) [ 16.459842] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.460116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.460450] page dumped because: kasan: bad access detected [ 16.460729] [ 16.460836] Memory state around the buggy address: [ 16.461055] ffff8881029c5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.461273] ffff8881029c5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.461632] >ffff8881029c5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.461946] ^ [ 16.462271] ffff8881029c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.462626] ffff8881029c5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.462878] ==================================================================
[ 16.154024] ================================================================== [ 16.154617] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 16.155120] Write of size 121 at addr ffff8881029b2200 by task kunit_try_catch/302 [ 16.156142] [ 16.156259] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.156314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.156327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.156352] Call Trace: [ 16.156367] <TASK> [ 16.156388] dump_stack_lvl+0x73/0xb0 [ 16.156425] print_report+0xd1/0x610 [ 16.156451] ? __virt_addr_valid+0x1db/0x2d0 [ 16.156478] ? _copy_from_user+0x32/0x90 [ 16.156499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.156522] ? _copy_from_user+0x32/0x90 [ 16.156544] kasan_report+0x141/0x180 [ 16.156567] ? _copy_from_user+0x32/0x90 [ 16.156593] kasan_check_range+0x10c/0x1c0 [ 16.156618] __kasan_check_write+0x18/0x20 [ 16.156638] _copy_from_user+0x32/0x90 [ 16.156659] copy_user_test_oob+0x2be/0x10f0 [ 16.156687] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.156709] ? finish_task_switch.isra.0+0x153/0x700 [ 16.156735] ? __switch_to+0x47/0xf50 [ 16.156763] ? __schedule+0x10cc/0x2b60 [ 16.156788] ? __pfx_read_tsc+0x10/0x10 [ 16.156811] ? ktime_get_ts64+0x86/0x230 [ 16.156838] kunit_try_run_case+0x1a5/0x480 [ 16.156863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.156886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.156925] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.156950] ? __kthread_parkme+0x82/0x180 [ 16.156972] ? preempt_count_sub+0x50/0x80 [ 16.156997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.157023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.157048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.157073] kthread+0x337/0x6f0 [ 16.157092] ? trace_preempt_on+0x20/0xc0 [ 16.157117] ? __pfx_kthread+0x10/0x10 [ 16.157138] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.157161] ? calculate_sigpending+0x7b/0xa0 [ 16.157187] ? __pfx_kthread+0x10/0x10 [ 16.157209] ret_from_fork+0x116/0x1d0 [ 16.157229] ? __pfx_kthread+0x10/0x10 [ 16.157249] ret_from_fork_asm+0x1a/0x30 [ 16.157284] </TASK> [ 16.157296] [ 16.165532] Allocated by task 302: [ 16.165717] kasan_save_stack+0x45/0x70 [ 16.165914] kasan_save_track+0x18/0x40 [ 16.166340] kasan_save_alloc_info+0x3b/0x50 [ 16.166519] __kasan_kmalloc+0xb7/0xc0 [ 16.166703] __kmalloc_noprof+0x1c9/0x500 [ 16.166968] kunit_kmalloc_array+0x25/0x60 [ 16.167227] copy_user_test_oob+0xab/0x10f0 [ 16.167406] kunit_try_run_case+0x1a5/0x480 [ 16.167679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.167960] kthread+0x337/0x6f0 [ 16.168168] ret_from_fork+0x116/0x1d0 [ 16.168336] ret_from_fork_asm+0x1a/0x30 [ 16.168486] [ 16.168562] The buggy address belongs to the object at ffff8881029b2200 [ 16.168562] which belongs to the cache kmalloc-128 of size 128 [ 16.169092] The buggy address is located 0 bytes inside of [ 16.169092] allocated 120-byte region [ffff8881029b2200, ffff8881029b2278) [ 16.169621] [ 16.169805] The buggy address belongs to the physical page: [ 16.170343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b2 [ 16.170751] flags: 0x200000000000000(node=0|zone=2) [ 16.170972] page_type: f5(slab) [ 16.171146] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.171477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.171832] page dumped because: kasan: bad access detected [ 16.172081] [ 16.172152] Memory state around the buggy address: [ 16.172311] ffff8881029b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.172529] ffff8881029b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.172746] >ffff8881029b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.172971] ^ [ 16.173285] ffff8881029b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.173665] ffff8881029b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.174121] ==================================================================