Hay
Date
July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   33.957867] ==================================================================
[   33.957999] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250
[   33.958056] Write of size 8 at addr fff00000c8dc5878 by task kunit_try_catch/314
[   33.958110] 
[   33.958147] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.958447] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.959149] Hardware name: linux,dummy-virt (DT)
[   33.959204] Call trace:
[   33.959231]  show_stack+0x20/0x38 (C)
[   33.959287]  dump_stack_lvl+0x8c/0xd0
[   33.959348]  print_report+0x118/0x608
[   33.959408]  kasan_report+0xdc/0x128
[   33.959598]  kasan_check_range+0x100/0x1a8
[   33.959955]  __kasan_check_write+0x20/0x30
[   33.960025]  copy_to_kernel_nofault+0x8c/0x250
[   33.960077]  copy_to_kernel_nofault_oob+0x1bc/0x418
[   33.960540]  kunit_try_run_case+0x170/0x3f0
[   33.960658]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.960747]  kthread+0x328/0x630
[   33.960867]  ret_from_fork+0x10/0x20
[   33.961008] 
[   33.961052] Allocated by task 314:
[   33.961084]  kasan_save_stack+0x3c/0x68
[   33.961285]  kasan_save_track+0x20/0x40
[   33.961336]  kasan_save_alloc_info+0x40/0x58
[   33.961652]  __kasan_kmalloc+0xd4/0xd8
[   33.961857]  __kmalloc_cache_noprof+0x16c/0x3c0
[   33.961917]  copy_to_kernel_nofault_oob+0xc8/0x418
[   33.962062]  kunit_try_run_case+0x170/0x3f0
[   33.962122]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.962234]  kthread+0x328/0x630
[   33.962294]  ret_from_fork+0x10/0x20
[   33.962362] 
[   33.962463] The buggy address belongs to the object at fff00000c8dc5800
[   33.962463]  which belongs to the cache kmalloc-128 of size 128
[   33.962577] The buggy address is located 0 bytes to the right of
[   33.962577]  allocated 120-byte region [fff00000c8dc5800, fff00000c8dc5878)
[   33.962700] 
[   33.962727] The buggy address belongs to the physical page:
[   33.962915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5
[   33.963241] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.963575] page_type: f5(slab)
[   33.963778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   33.964057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.964125] page dumped because: kasan: bad access detected
[   33.964324] 
[   33.964397] Memory state around the buggy address:
[   33.964607]  fff00000c8dc5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.964676]  fff00000c8dc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.964729] >fff00000c8dc5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   33.964802]                                                                 ^
[   33.964859]  fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.964906]  fff00000c8dc5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.964957] ==================================================================
[   33.950237] ==================================================================
[   33.950406] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250
[   33.950479] Read of size 8 at addr fff00000c8dc5878 by task kunit_try_catch/314
[   33.950551] 
[   33.950776] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.951069] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.951108] Hardware name: linux,dummy-virt (DT)
[   33.951170] Call trace:
[   33.951197]  show_stack+0x20/0x38 (C)
[   33.951313]  dump_stack_lvl+0x8c/0xd0
[   33.951386]  print_report+0x118/0x608
[   33.951633]  kasan_report+0xdc/0x128
[   33.951872]  __asan_report_load8_noabort+0x20/0x30
[   33.952135]  copy_to_kernel_nofault+0x204/0x250
[   33.952225]  copy_to_kernel_nofault_oob+0x158/0x418
[   33.952305]  kunit_try_run_case+0x170/0x3f0
[   33.952360]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.952417]  kthread+0x328/0x630
[   33.952668]  ret_from_fork+0x10/0x20
[   33.952971] 
[   33.953008] Allocated by task 314:
[   33.953045]  kasan_save_stack+0x3c/0x68
[   33.953100]  kasan_save_track+0x20/0x40
[   33.953142]  kasan_save_alloc_info+0x40/0x58
[   33.953182]  __kasan_kmalloc+0xd4/0xd8
[   33.953224]  __kmalloc_cache_noprof+0x16c/0x3c0
[   33.953326]  copy_to_kernel_nofault_oob+0xc8/0x418
[   33.953385]  kunit_try_run_case+0x170/0x3f0
[   33.953428]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.953489]  kthread+0x328/0x630
[   33.953527]  ret_from_fork+0x10/0x20
[   33.953566] 
[   33.953591] The buggy address belongs to the object at fff00000c8dc5800
[   33.953591]  which belongs to the cache kmalloc-128 of size 128
[   33.953653] The buggy address is located 0 bytes to the right of
[   33.953653]  allocated 120-byte region [fff00000c8dc5800, fff00000c8dc5878)
[   33.953735] 
[   33.953763] The buggy address belongs to the physical page:
[   33.953808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5
[   33.953875] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.954326] page_type: f5(slab)
[   33.954696] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   33.954837] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.954896] page dumped because: kasan: bad access detected
[   33.955102] 
[   33.955157] Memory state around the buggy address:
[   33.955295]  fff00000c8dc5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.955498]  fff00000c8dc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.955623] >fff00000c8dc5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   33.955748]                                                                 ^
[   33.955843]  fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.955914]  fff00000c8dc5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.956112] ==================================================================

[   35.493027] ==================================================================
[   35.493093] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250
[   35.493376] Read of size 8 at addr fff00000c988b078 by task kunit_try_catch/312
[   35.493499] 
[   35.493551] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   35.493654] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.493692] Hardware name: linux,dummy-virt (DT)
[   35.493755] Call trace:
[   35.493781]  show_stack+0x20/0x38 (C)
[   35.493833]  dump_stack_lvl+0x8c/0xd0
[   35.493913]  print_report+0x118/0x608
[   35.494043]  kasan_report+0xdc/0x128
[   35.494107]  __asan_report_load8_noabort+0x20/0x30
[   35.494304]  copy_to_kernel_nofault+0x204/0x250
[   35.494369]  copy_to_kernel_nofault_oob+0x158/0x418
[   35.494434]  kunit_try_run_case+0x170/0x3f0
[   35.494566]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.494721]  kthread+0x328/0x630
[   35.494807]  ret_from_fork+0x10/0x20
[   35.494879] 
[   35.494901] Allocated by task 312:
[   35.494933]  kasan_save_stack+0x3c/0x68
[   35.494979]  kasan_save_track+0x20/0x40
[   35.495118]  kasan_save_alloc_info+0x40/0x58
[   35.495310]  __kasan_kmalloc+0xd4/0xd8
[   35.495400]  __kmalloc_cache_noprof+0x16c/0x3c0
[   35.495538]  copy_to_kernel_nofault_oob+0xc8/0x418
[   35.495585]  kunit_try_run_case+0x170/0x3f0
[   35.495625]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.495672]  kthread+0x328/0x630
[   35.495938]  ret_from_fork+0x10/0x20
[   35.496058] 
[   35.496108] The buggy address belongs to the object at fff00000c988b000
[   35.496108]  which belongs to the cache kmalloc-128 of size 128
[   35.496221] The buggy address is located 0 bytes to the right of
[   35.496221]  allocated 120-byte region [fff00000c988b000, fff00000c988b078)
[   35.496319] 
[   35.496403] The buggy address belongs to the physical page:
[   35.496438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b
[   35.496510] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   35.496788] page_type: f5(slab)
[   35.497188] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   35.497287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   35.497367] page dumped because: kasan: bad access detected
[   35.497415] 
[   35.497441] Memory state around the buggy address:
[   35.497478]  fff00000c988af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.497528]  fff00000c988af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.497589] >fff00000c988b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   35.497650]                                                                 ^
[   35.497724]  fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.497770]  fff00000c988b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.497821] ==================================================================
[   35.498256] ==================================================================
[   35.498312] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250
[   35.498365] Write of size 8 at addr fff00000c988b078 by task kunit_try_catch/312
[   35.498418] 
[   35.498692] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   35.499004] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.499105] Hardware name: linux,dummy-virt (DT)
[   35.499146] Call trace:
[   35.499180]  show_stack+0x20/0x38 (C)
[   35.499234]  dump_stack_lvl+0x8c/0xd0
[   35.499783]  print_report+0x118/0x608
[   35.500052]  kasan_report+0xdc/0x128
[   35.500142]  kasan_check_range+0x100/0x1a8
[   35.500255]  __kasan_check_write+0x20/0x30
[   35.500342]  copy_to_kernel_nofault+0x8c/0x250
[   35.500461]  copy_to_kernel_nofault_oob+0x1bc/0x418
[   35.500515]  kunit_try_run_case+0x170/0x3f0
[   35.500568]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.500626]  kthread+0x328/0x630
[   35.500898]  ret_from_fork+0x10/0x20
[   35.501057] 
[   35.501121] Allocated by task 312:
[   35.501375]  kasan_save_stack+0x3c/0x68
[   35.501488]  kasan_save_track+0x20/0x40
[   35.501610]  kasan_save_alloc_info+0x40/0x58
[   35.501688]  __kasan_kmalloc+0xd4/0xd8
[   35.501779]  __kmalloc_cache_noprof+0x16c/0x3c0
[   35.501858]  copy_to_kernel_nofault_oob+0xc8/0x418
[   35.501954]  kunit_try_run_case+0x170/0x3f0
[   35.502057]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.502135]  kthread+0x328/0x630
[   35.502222]  ret_from_fork+0x10/0x20
[   35.502279] 
[   35.502301] The buggy address belongs to the object at fff00000c988b000
[   35.502301]  which belongs to the cache kmalloc-128 of size 128
[   35.502497] The buggy address is located 0 bytes to the right of
[   35.502497]  allocated 120-byte region [fff00000c988b000, fff00000c988b078)
[   35.502570] 
[   35.502700] The buggy address belongs to the physical page:
[   35.502770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b
[   35.502828] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   35.502880] page_type: f5(slab)
[   35.502923] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   35.502976] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   35.503038] page dumped because: kasan: bad access detected
[   35.503089] 
[   35.503109] Memory state around the buggy address:
[   35.503170]  fff00000c988af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.503217]  fff00000c988af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.503262] >fff00000c988b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   35.503304]                                                                 ^
[   35.503606]  fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.503725]  fff00000c988b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.503790] ==================================================================

[   27.127622] ==================================================================
[   27.128151] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260
[   27.128462] Write of size 8 at addr ffff88810255ee78 by task kunit_try_catch/330
[   27.128797] 
[   27.128932] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   27.128990] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.129006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.129032] Call Trace:
[   27.129050]  <TASK>
[   27.129084]  dump_stack_lvl+0x73/0xb0
[   27.129119]  print_report+0xd1/0x650
[   27.129145]  ? __virt_addr_valid+0x1db/0x2d0
[   27.129172]  ? copy_to_kernel_nofault+0x99/0x260
[   27.129200]  ? kasan_complete_mode_report_info+0x2a/0x200
[   27.129229]  ? copy_to_kernel_nofault+0x99/0x260
[   27.129256]  kasan_report+0x141/0x180
[   27.129280]  ? copy_to_kernel_nofault+0x99/0x260
[   27.129310]  kasan_check_range+0x10c/0x1c0
[   27.129336]  __kasan_check_write+0x18/0x20
[   27.129362]  copy_to_kernel_nofault+0x99/0x260
[   27.129389]  copy_to_kernel_nofault_oob+0x288/0x560
[   27.129415]  ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10
[   27.129440]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   27.129467]  ? trace_hardirqs_on+0x37/0xe0
[   27.129500]  ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10
[   27.129530]  kunit_try_run_case+0x1a5/0x480
[   27.129560]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.129586]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   27.129610]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.129635]  ? __kthread_parkme+0x82/0x180
[   27.129659]  ? preempt_count_sub+0x50/0x80
[   27.129686]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.129714]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.129740]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.129769]  kthread+0x337/0x6f0
[   27.129792]  ? trace_preempt_on+0x20/0xc0
[   27.129816]  ? __pfx_kthread+0x10/0x10
[   27.129848]  ? _raw_spin_unlock_irq+0x47/0x80
[   27.129875]  ? calculate_sigpending+0x7b/0xa0
[   27.129902]  ? __pfx_kthread+0x10/0x10
[   27.129938]  ret_from_fork+0x116/0x1d0
[   27.129962]  ? __pfx_kthread+0x10/0x10
[   27.129985]  ret_from_fork_asm+0x1a/0x30
[   27.130019]  </TASK>
[   27.130034] 
[   27.138349] Allocated by task 330:
[   27.138581]  kasan_save_stack+0x45/0x70
[   27.138822]  kasan_save_track+0x18/0x40
[   27.139196]  kasan_save_alloc_info+0x3b/0x50
[   27.139437]  __kasan_kmalloc+0xb7/0xc0
[   27.139631]  __kmalloc_cache_noprof+0x189/0x420
[   27.139878]  copy_to_kernel_nofault_oob+0x12f/0x560
[   27.140125]  kunit_try_run_case+0x1a5/0x480
[   27.140319]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.140574]  kthread+0x337/0x6f0
[   27.140694]  ret_from_fork+0x116/0x1d0
[   27.140825]  ret_from_fork_asm+0x1a/0x30
[   27.140963] 
[   27.141031] The buggy address belongs to the object at ffff88810255ee00
[   27.141031]  which belongs to the cache kmalloc-128 of size 128
[   27.141585] The buggy address is located 0 bytes to the right of
[   27.141585]  allocated 120-byte region [ffff88810255ee00, ffff88810255ee78)
[   27.142224] 
[   27.142351] The buggy address belongs to the physical page:
[   27.142625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e
[   27.143002] flags: 0x200000000000000(node=0|zone=2)
[   27.143309] page_type: f5(slab)
[   27.143501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   27.143853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.144371] page dumped because: kasan: bad access detected
[   27.144541] 
[   27.144611] Memory state around the buggy address:
[   27.144765]  ffff88810255ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.144982]  ffff88810255ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.145595] >ffff88810255ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   27.145947]                                                                 ^
[   27.146305]  ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.146649]  ffff88810255ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.147090] ==================================================================
[   27.097371] ==================================================================
[   27.098109] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260
[   27.099104] Read of size 8 at addr ffff88810255ee78 by task kunit_try_catch/330
[   27.099547] 
[   27.099851] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   27.099917] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.099945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.099973] Call Trace:
[   27.099994]  <TASK>
[   27.100017]  dump_stack_lvl+0x73/0xb0
[   27.100057]  print_report+0xd1/0x650
[   27.100101]  ? __virt_addr_valid+0x1db/0x2d0
[   27.100130]  ? copy_to_kernel_nofault+0x225/0x260
[   27.100158]  ? kasan_complete_mode_report_info+0x2a/0x200
[   27.100198]  ? copy_to_kernel_nofault+0x225/0x260
[   27.100226]  kasan_report+0x141/0x180
[   27.100250]  ? copy_to_kernel_nofault+0x225/0x260
[   27.100281]  __asan_report_load8_noabort+0x18/0x20
[   27.100308]  copy_to_kernel_nofault+0x225/0x260
[   27.100335]  copy_to_kernel_nofault_oob+0x1ed/0x560
[   27.100362]  ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10
[   27.100387]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   27.100413]  ? trace_hardirqs_on+0x37/0xe0
[   27.100449]  ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10
[   27.100479]  kunit_try_run_case+0x1a5/0x480
[   27.100509]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.100536]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   27.100561]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.100586]  ? __kthread_parkme+0x82/0x180
[   27.100612]  ? preempt_count_sub+0x50/0x80
[   27.100640]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.100668]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.100696]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.100724]  kthread+0x337/0x6f0
[   27.100746]  ? trace_preempt_on+0x20/0xc0
[   27.100771]  ? __pfx_kthread+0x10/0x10
[   27.100794]  ? _raw_spin_unlock_irq+0x47/0x80
[   27.100821]  ? calculate_sigpending+0x7b/0xa0
[   27.100849]  ? __pfx_kthread+0x10/0x10
[   27.100874]  ret_from_fork+0x116/0x1d0
[   27.100898]  ? __pfx_kthread+0x10/0x10
[   27.100921]  ret_from_fork_asm+0x1a/0x30
[   27.100956]  </TASK>
[   27.100971] 
[   27.113388] Allocated by task 330:
[   27.113787]  kasan_save_stack+0x45/0x70
[   27.114177]  kasan_save_track+0x18/0x40
[   27.114644]  kasan_save_alloc_info+0x3b/0x50
[   27.115046]  __kasan_kmalloc+0xb7/0xc0
[   27.115258]  __kmalloc_cache_noprof+0x189/0x420
[   27.115610]  copy_to_kernel_nofault_oob+0x12f/0x560
[   27.115844]  kunit_try_run_case+0x1a5/0x480
[   27.116351]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.116586]  kthread+0x337/0x6f0
[   27.116751]  ret_from_fork+0x116/0x1d0
[   27.117094]  ret_from_fork_asm+0x1a/0x30
[   27.117435] 
[   27.117654] The buggy address belongs to the object at ffff88810255ee00
[   27.117654]  which belongs to the cache kmalloc-128 of size 128
[   27.118386] The buggy address is located 0 bytes to the right of
[   27.118386]  allocated 120-byte region [ffff88810255ee00, ffff88810255ee78)
[   27.119162] 
[   27.119264] The buggy address belongs to the physical page:
[   27.119524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e
[   27.120186] flags: 0x200000000000000(node=0|zone=2)
[   27.120594] page_type: f5(slab)
[   27.120795] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   27.121368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.121785] page dumped because: kasan: bad access detected
[   27.122040] 
[   27.122146] Memory state around the buggy address:
[   27.122623]  ffff88810255ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.123015]  ffff88810255ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.123826] >ffff88810255ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   27.124551]                                                                 ^
[   27.124846]  ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.125550]  ffff88810255ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.125927] ==================================================================

[   26.904098] ==================================================================
[   26.905004] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260
[   26.905293] Write of size 8 at addr ffff888104915078 by task kunit_try_catch/329
[   26.905615] 
[   26.905727] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   26.905787] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.905802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.905826] Call Trace:
[   26.905841]  <TASK>
[   26.905872]  dump_stack_lvl+0x73/0xb0
[   26.905903]  print_report+0xd1/0x650
[   26.905927]  ? __virt_addr_valid+0x1db/0x2d0
[   26.905952]  ? copy_to_kernel_nofault+0x99/0x260
[   26.905976]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.906004]  ? copy_to_kernel_nofault+0x99/0x260
[   26.906028]  kasan_report+0x141/0x180
[   26.906050]  ? copy_to_kernel_nofault+0x99/0x260
[   26.906079]  kasan_check_range+0x10c/0x1c0
[   26.906104]  __kasan_check_write+0x18/0x20
[   26.906127]  copy_to_kernel_nofault+0x99/0x260
[   26.906153]  copy_to_kernel_nofault_oob+0x288/0x560
[   26.906177]  ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10
[   26.906200]  ? finish_task_switch.isra.0+0x153/0x700
[   26.906224]  ? __schedule+0x10cc/0x2b60
[   26.906247]  ? trace_hardirqs_on+0x37/0xe0
[   26.906279]  ? __pfx_read_tsc+0x10/0x10
[   26.906302]  ? ktime_get_ts64+0x86/0x230
[   26.906340]  kunit_try_run_case+0x1a5/0x480
[   26.906367]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.906392]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.906415]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.906438]  ? __kthread_parkme+0x82/0x180
[   26.906460]  ? preempt_count_sub+0x50/0x80
[   26.906483]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.906782]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.906811]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.906837]  kthread+0x337/0x6f0
[   26.906860]  ? trace_preempt_on+0x20/0xc0
[   26.906883]  ? __pfx_kthread+0x10/0x10
[   26.906905]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.906931]  ? calculate_sigpending+0x7b/0xa0
[   26.906957]  ? __pfx_kthread+0x10/0x10
[   26.906980]  ret_from_fork+0x116/0x1d0
[   26.907001]  ? __pfx_kthread+0x10/0x10
[   26.907024]  ret_from_fork_asm+0x1a/0x30
[   26.907056]  </TASK>
[   26.907069] 
[   26.915113] Allocated by task 329:
[   26.915296]  kasan_save_stack+0x45/0x70
[   26.915451]  kasan_save_track+0x18/0x40
[   26.915582]  kasan_save_alloc_info+0x3b/0x50
[   26.915784]  __kasan_kmalloc+0xb7/0xc0
[   26.915962]  __kmalloc_cache_noprof+0x189/0x420
[   26.916237]  copy_to_kernel_nofault_oob+0x12f/0x560
[   26.916446]  kunit_try_run_case+0x1a5/0x480
[   26.917009]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.917244]  kthread+0x337/0x6f0
[   26.917399]  ret_from_fork+0x116/0x1d0
[   26.917538]  ret_from_fork_asm+0x1a/0x30
[   26.917803] 
[   26.917886] The buggy address belongs to the object at ffff888104915000
[   26.917886]  which belongs to the cache kmalloc-128 of size 128
[   26.918434] The buggy address is located 0 bytes to the right of
[   26.918434]  allocated 120-byte region [ffff888104915000, ffff888104915078)
[   26.919157] 
[   26.919242] The buggy address belongs to the physical page:
[   26.919499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104915
[   26.919878] flags: 0x200000000000000(node=0|zone=2)
[   26.920046] page_type: f5(slab)
[   26.920168] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.920407] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.920931] page dumped because: kasan: bad access detected
[   26.921190] 
[   26.921282] Memory state around the buggy address:
[   26.921522]  ffff888104914f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.922122]  ffff888104914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.922439] >ffff888104915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   26.922767]                                                                 ^
[   26.923059]  ffff888104915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.923299]  ffff888104915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.923544] ==================================================================
[   26.878407] ==================================================================
[   26.879957] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260
[   26.880218] Read of size 8 at addr ffff888104915078 by task kunit_try_catch/329
[   26.880453] 
[   26.880589] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   26.880647] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.880662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.880688] Call Trace:
[   26.880703]  <TASK>
[   26.880726]  dump_stack_lvl+0x73/0xb0
[   26.880761]  print_report+0xd1/0x650
[   26.880788]  ? __virt_addr_valid+0x1db/0x2d0
[   26.880841]  ? copy_to_kernel_nofault+0x225/0x260
[   26.880867]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.880895]  ? copy_to_kernel_nofault+0x225/0x260
[   26.880920]  kasan_report+0x141/0x180
[   26.880942]  ? copy_to_kernel_nofault+0x225/0x260
[   26.880971]  __asan_report_load8_noabort+0x18/0x20
[   26.880997]  copy_to_kernel_nofault+0x225/0x260
[   26.881042]  copy_to_kernel_nofault_oob+0x1ed/0x560
[   26.881066]  ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10
[   26.881090]  ? finish_task_switch.isra.0+0x153/0x700
[   26.881116]  ? __schedule+0x10cc/0x2b60
[   26.881138]  ? trace_hardirqs_on+0x37/0xe0
[   26.881171]  ? __pfx_read_tsc+0x10/0x10
[   26.881196]  ? ktime_get_ts64+0x86/0x230
[   26.881240]  kunit_try_run_case+0x1a5/0x480
[   26.881269]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.881294]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.881329]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.881352]  ? __kthread_parkme+0x82/0x180
[   26.881374]  ? preempt_count_sub+0x50/0x80
[   26.881399]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.881425]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.881450]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.881476]  kthread+0x337/0x6f0
[   26.881497]  ? trace_preempt_on+0x20/0xc0
[   26.881519]  ? __pfx_kthread+0x10/0x10
[   26.881541]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.881580]  ? calculate_sigpending+0x7b/0xa0
[   26.881607]  ? __pfx_kthread+0x10/0x10
[   26.881630]  ret_from_fork+0x116/0x1d0
[   26.881652]  ? __pfx_kthread+0x10/0x10
[   26.881688]  ret_from_fork_asm+0x1a/0x30
[   26.881722]  </TASK>
[   26.881741] 
[   26.891953] Allocated by task 329:
[   26.892125]  kasan_save_stack+0x45/0x70
[   26.892331]  kasan_save_track+0x18/0x40
[   26.892685]  kasan_save_alloc_info+0x3b/0x50
[   26.893156]  __kasan_kmalloc+0xb7/0xc0
[   26.893369]  __kmalloc_cache_noprof+0x189/0x420
[   26.893877]  copy_to_kernel_nofault_oob+0x12f/0x560
[   26.894161]  kunit_try_run_case+0x1a5/0x480
[   26.894508]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.894929]  kthread+0x337/0x6f0
[   26.895109]  ret_from_fork+0x116/0x1d0
[   26.895284]  ret_from_fork_asm+0x1a/0x30
[   26.895473] 
[   26.896001] The buggy address belongs to the object at ffff888104915000
[   26.896001]  which belongs to the cache kmalloc-128 of size 128
[   26.896734] The buggy address is located 0 bytes to the right of
[   26.896734]  allocated 120-byte region [ffff888104915000, ffff888104915078)
[   26.897323] 
[   26.897398] The buggy address belongs to the physical page:
[   26.897666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104915
[   26.898049] flags: 0x200000000000000(node=0|zone=2)
[   26.898314] page_type: f5(slab)
[   26.898455] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.899296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.899817] page dumped because: kasan: bad access detected
[   26.900138] 
[   26.900213] Memory state around the buggy address:
[   26.900527]  ffff888104914f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.900992]  ffff888104914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.901318] >ffff888104915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   26.901884]                                                                 ^
[   26.902217]  ffff888104915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.902668]  ffff888104915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.903165] ==================================================================