Hay
Date
July 9, 2025, 1:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   32.534808] ==================================================================
[   32.535852] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8
[   32.536118] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317
[   32.536189] 
[   32.536482] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.537140] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.537232] Hardware name: linux,dummy-virt (DT)
[   32.537382] Call trace:
[   32.537429]  show_stack+0x20/0x38 (C)
[   32.537861]  dump_stack_lvl+0x8c/0xd0
[   32.538279]  print_report+0x118/0x5d0
[   32.538459]  kasan_report+0xdc/0x128
[   32.538782]  kasan_check_range+0x100/0x1a8
[   32.539117]  __kasan_check_write+0x20/0x30
[   32.539277]  copy_user_test_oob+0x234/0xec8
[   32.539365]  kunit_try_run_case+0x170/0x3f0
[   32.539539]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.539657]  kthread+0x328/0x630
[   32.539971]  ret_from_fork+0x10/0x20
[   32.540095] 
[   32.540276] Allocated by task 317:
[   32.540328]  kasan_save_stack+0x3c/0x68
[   32.540379]  kasan_save_track+0x20/0x40
[   32.540425]  kasan_save_alloc_info+0x40/0x58
[   32.540715]  __kasan_kmalloc+0xd4/0xd8
[   32.540851]  __kmalloc_noprof+0x198/0x4c8
[   32.541003]  kunit_kmalloc_array+0x34/0x88
[   32.541142]  copy_user_test_oob+0xac/0xec8
[   32.541465]  kunit_try_run_case+0x170/0x3f0
[   32.541540]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.541679]  kthread+0x328/0x630
[   32.541857]  ret_from_fork+0x10/0x20
[   32.541941] 
[   32.541972] The buggy address belongs to the object at fff00000c9c2a300
[   32.541972]  which belongs to the cache kmalloc-128 of size 128
[   32.542044] The buggy address is located 0 bytes inside of
[   32.542044]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.542541] 
[   32.542685] The buggy address belongs to the physical page:
[   32.542769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.542979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.543202] page_type: f5(slab)
[   32.543265] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.543515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.543669] page dumped because: kasan: bad access detected
[   32.543767] 
[   32.543837] Memory state around the buggy address:
[   32.543973]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.544031]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.544270] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.544467]                                                                 ^
[   32.544641]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.544726]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.544871] ==================================================================
[   32.575094] ==================================================================
[   32.575148] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8
[   32.575202] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317
[   32.575254] 
[   32.575466] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.575998] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.576040] Hardware name: linux,dummy-virt (DT)
[   32.576096] Call trace:
[   32.576126]  show_stack+0x20/0x38 (C)
[   32.576187]  dump_stack_lvl+0x8c/0xd0
[   32.576236]  print_report+0x118/0x5d0
[   32.576285]  kasan_report+0xdc/0x128
[   32.576330]  kasan_check_range+0x100/0x1a8
[   32.576941]  __kasan_check_read+0x20/0x30
[   32.577018]  copy_user_test_oob+0x3c8/0xec8
[   32.577164]  kunit_try_run_case+0x170/0x3f0
[   32.577366]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.577524]  kthread+0x328/0x630
[   32.577572]  ret_from_fork+0x10/0x20
[   32.577911] 
[   32.578077] Allocated by task 317:
[   32.578129]  kasan_save_stack+0x3c/0x68
[   32.578350]  kasan_save_track+0x20/0x40
[   32.578527]  kasan_save_alloc_info+0x40/0x58
[   32.578667]  __kasan_kmalloc+0xd4/0xd8
[   32.578786]  __kmalloc_noprof+0x198/0x4c8
[   32.579186]  kunit_kmalloc_array+0x34/0x88
[   32.579272]  copy_user_test_oob+0xac/0xec8
[   32.579506]  kunit_try_run_case+0x170/0x3f0
[   32.579778]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.579914]  kthread+0x328/0x630
[   32.580012]  ret_from_fork+0x10/0x20
[   32.580177] 
[   32.580212] The buggy address belongs to the object at fff00000c9c2a300
[   32.580212]  which belongs to the cache kmalloc-128 of size 128
[   32.580290] The buggy address is located 0 bytes inside of
[   32.580290]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.580355] 
[   32.580714] The buggy address belongs to the physical page:
[   32.581090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.581228] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.581284] page_type: f5(slab)
[   32.581326] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.581832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.582146] page dumped because: kasan: bad access detected
[   32.582245] 
[   32.582326] Memory state around the buggy address:
[   32.582732]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.583086]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.583256] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.583300]                                                                 ^
[   32.583690]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.583743]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.583785] ==================================================================
[   32.568797] ==================================================================
[   32.569218] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8
[   32.569287] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317
[   32.569400] 
[   32.569456] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.569553] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.569581] Hardware name: linux,dummy-virt (DT)
[   32.569676] Call trace:
[   32.569703]  show_stack+0x20/0x38 (C)
[   32.569783]  dump_stack_lvl+0x8c/0xd0
[   32.570106]  print_report+0x118/0x5d0
[   32.570209]  kasan_report+0xdc/0x128
[   32.570260]  kasan_check_range+0x100/0x1a8
[   32.570307]  __kasan_check_write+0x20/0x30
[   32.570374]  copy_user_test_oob+0x35c/0xec8
[   32.570427]  kunit_try_run_case+0x170/0x3f0
[   32.570482]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.570832]  kthread+0x328/0x630
[   32.570902]  ret_from_fork+0x10/0x20
[   32.571086] 
[   32.571113] Allocated by task 317:
[   32.571319]  kasan_save_stack+0x3c/0x68
[   32.571455]  kasan_save_track+0x20/0x40
[   32.571544]  kasan_save_alloc_info+0x40/0x58
[   32.571584]  __kasan_kmalloc+0xd4/0xd8
[   32.571624]  __kmalloc_noprof+0x198/0x4c8
[   32.571779]  kunit_kmalloc_array+0x34/0x88
[   32.571825]  copy_user_test_oob+0xac/0xec8
[   32.571871]  kunit_try_run_case+0x170/0x3f0
[   32.571912]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.571959]  kthread+0x328/0x630
[   32.571995]  ret_from_fork+0x10/0x20
[   32.572032] 
[   32.572064] The buggy address belongs to the object at fff00000c9c2a300
[   32.572064]  which belongs to the cache kmalloc-128 of size 128
[   32.572367] The buggy address is located 0 bytes inside of
[   32.572367]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.572804] 
[   32.572840] The buggy address belongs to the physical page:
[   32.572876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.572931] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.573034] page_type: f5(slab)
[   32.573116] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.573170] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.573216] page dumped because: kasan: bad access detected
[   32.573260] 
[   32.573287] Memory state around the buggy address:
[   32.573326]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.573375]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.573421] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.573461]                                                                 ^
[   32.573515]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.573578]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.573628] ==================================================================
[   32.585334] ==================================================================
[   32.585389] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8
[   32.585440] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317
[   32.585496] 
[   32.585806] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.586158] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.586188] Hardware name: linux,dummy-virt (DT)
[   32.586365] Call trace:
[   32.586542]  show_stack+0x20/0x38 (C)
[   32.586626]  dump_stack_lvl+0x8c/0xd0
[   32.586830]  print_report+0x118/0x5d0
[   32.586995]  kasan_report+0xdc/0x128
[   32.587205]  kasan_check_range+0x100/0x1a8
[   32.587375]  __kasan_check_write+0x20/0x30
[   32.587436]  copy_user_test_oob+0x434/0xec8
[   32.587622]  kunit_try_run_case+0x170/0x3f0
[   32.587959]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.588018]  kthread+0x328/0x630
[   32.588074]  ret_from_fork+0x10/0x20
[   32.588174] 
[   32.588299] Allocated by task 317:
[   32.588506]  kasan_save_stack+0x3c/0x68
[   32.588641]  kasan_save_track+0x20/0x40
[   32.588794]  kasan_save_alloc_info+0x40/0x58
[   32.588992]  __kasan_kmalloc+0xd4/0xd8
[   32.589127]  __kmalloc_noprof+0x198/0x4c8
[   32.589230]  kunit_kmalloc_array+0x34/0x88
[   32.589327]  copy_user_test_oob+0xac/0xec8
[   32.589502]  kunit_try_run_case+0x170/0x3f0
[   32.589547]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.589592]  kthread+0x328/0x630
[   32.589803]  ret_from_fork+0x10/0x20
[   32.589973] 
[   32.590196] The buggy address belongs to the object at fff00000c9c2a300
[   32.590196]  which belongs to the cache kmalloc-128 of size 128
[   32.590411] The buggy address is located 0 bytes inside of
[   32.590411]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.590482] 
[   32.590504] The buggy address belongs to the physical page:
[   32.590985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.591378] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.591464] page_type: f5(slab)
[   32.591520] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.591597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.591879] page dumped because: kasan: bad access detected
[   32.592001] 
[   32.592064] Memory state around the buggy address:
[   32.592383]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.592452]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.592666] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.592779]                                                                 ^
[   32.593192]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.593275]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.593407] ==================================================================
[   32.598030] ==================================================================
[   32.598096] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8
[   32.598150] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317
[   32.598204] 
[   32.598236] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.598345] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.598376] Hardware name: linux,dummy-virt (DT)
[   32.598410] Call trace:
[   32.598434]  show_stack+0x20/0x38 (C)
[   32.598484]  dump_stack_lvl+0x8c/0xd0
[   32.598546]  print_report+0x118/0x5d0
[   32.598592]  kasan_report+0xdc/0x128
[   32.598636]  kasan_check_range+0x100/0x1a8
[   32.598683]  __kasan_check_read+0x20/0x30
[   32.598730]  copy_user_test_oob+0x4a0/0xec8
[   32.598782]  kunit_try_run_case+0x170/0x3f0
[   32.598832]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.598887]  kthread+0x328/0x630
[   32.598929]  ret_from_fork+0x10/0x20
[   32.598978] 
[   32.598998] Allocated by task 317:
[   32.599037]  kasan_save_stack+0x3c/0x68
[   32.600772]  kasan_save_track+0x20/0x40
[   32.600945]  kasan_save_alloc_info+0x40/0x58
[   32.601143]  __kasan_kmalloc+0xd4/0xd8
[   32.601658]  __kmalloc_noprof+0x198/0x4c8
[   32.601767]  kunit_kmalloc_array+0x34/0x88
[   32.602038]  copy_user_test_oob+0xac/0xec8
[   32.602384]  kunit_try_run_case+0x170/0x3f0
[   32.602490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.602648]  kthread+0x328/0x630
[   32.602761]  ret_from_fork+0x10/0x20
[   32.602849] 
[   32.602934] The buggy address belongs to the object at fff00000c9c2a300
[   32.602934]  which belongs to the cache kmalloc-128 of size 128
[   32.603097] The buggy address is located 0 bytes inside of
[   32.603097]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.603224] 
[   32.603302] The buggy address belongs to the physical page:
[   32.603427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.603492] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.603548] page_type: f5(slab)
[   32.603896] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.603989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.604317] page dumped because: kasan: bad access detected
[   32.604400] 
[   32.604424] Memory state around the buggy address:
[   32.604461]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.604532]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.604578] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.604889]                                                                 ^
[   32.605015]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.605339]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.605608] ==================================================================
[   32.551662] ==================================================================
[   32.551764] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8
[   32.552233] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317
[   32.552288] 
[   32.552796] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   32.553040] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.553121] Hardware name: linux,dummy-virt (DT)
[   32.553285] Call trace:
[   32.553347]  show_stack+0x20/0x38 (C)
[   32.553753]  dump_stack_lvl+0x8c/0xd0
[   32.553879]  print_report+0x118/0x5d0
[   32.553987]  kasan_report+0xdc/0x128
[   32.554089]  kasan_check_range+0x100/0x1a8
[   32.554267]  __kasan_check_read+0x20/0x30
[   32.554350]  copy_user_test_oob+0x728/0xec8
[   32.554727]  kunit_try_run_case+0x170/0x3f0
[   32.554843]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.555220]  kthread+0x328/0x630
[   32.555304]  ret_from_fork+0x10/0x20
[   32.555772] 
[   32.556144] Allocated by task 317:
[   32.556194]  kasan_save_stack+0x3c/0x68
[   32.556248]  kasan_save_track+0x20/0x40
[   32.556289]  kasan_save_alloc_info+0x40/0x58
[   32.556442]  __kasan_kmalloc+0xd4/0xd8
[   32.556692]  __kmalloc_noprof+0x198/0x4c8
[   32.557003]  kunit_kmalloc_array+0x34/0x88
[   32.557215]  copy_user_test_oob+0xac/0xec8
[   32.557289]  kunit_try_run_case+0x170/0x3f0
[   32.557556]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.557795]  kthread+0x328/0x630
[   32.557932]  ret_from_fork+0x10/0x20
[   32.558040] 
[   32.558160] The buggy address belongs to the object at fff00000c9c2a300
[   32.558160]  which belongs to the cache kmalloc-128 of size 128
[   32.558257] The buggy address is located 0 bytes inside of
[   32.558257]  allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378)
[   32.558428] 
[   32.558526] The buggy address belongs to the physical page:
[   32.558585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a
[   32.558702] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.558848] page_type: f5(slab)
[   32.559273] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.559634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.559736] page dumped because: kasan: bad access detected
[   32.559901] 
[   32.559934] Memory state around the buggy address:
[   32.559972]  fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.560164]  fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.560352] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.560425]                                                                 ^
[   32.560501]  fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.560737]  fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.560873] ==================================================================

[   28.082499] ==================================================================
[   28.082936] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0
[   28.083206] Read of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335
[   28.083465] 
[   28.083543] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   28.083593] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   28.083607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.083628] Call Trace:
[   28.083645]  <TASK>
[   28.083664]  dump_stack_lvl+0x73/0xb0
[   28.083704]  print_report+0xd1/0x610
[   28.083727]  ? __virt_addr_valid+0x1db/0x2d0
[   28.083752]  ? copy_user_test_oob+0x4aa/0x10f0
[   28.083776]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.083802]  ? copy_user_test_oob+0x4aa/0x10f0
[   28.083830]  kasan_report+0x141/0x180
[   28.083852]  ? copy_user_test_oob+0x4aa/0x10f0
[   28.083881]  kasan_check_range+0x10c/0x1c0
[   28.083906]  __kasan_check_read+0x15/0x20
[   28.083931]  copy_user_test_oob+0x4aa/0x10f0
[   28.083956]  ? __pfx_copy_user_test_oob+0x10/0x10
[   28.083980]  ? finish_task_switch.isra.0+0x153/0x700
[   28.084003]  ? __switch_to+0x47/0xf80
[   28.085774]  ? __schedule+0x10cc/0x2b60
[   28.085821]  ? __pfx_read_tsc+0x10/0x10
[   28.085847]  ? ktime_get_ts64+0x86/0x230
[   28.085877]  kunit_try_run_case+0x1a5/0x480
[   28.085902]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.085924]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.085950]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.085975]  ? __kthread_parkme+0x82/0x180
[   28.085998]  ? preempt_count_sub+0x50/0x80
[   28.086024]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.086047]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.086073]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.086100]  kthread+0x337/0x6f0
[   28.086121]  ? trace_preempt_on+0x20/0xc0
[   28.086145]  ? __pfx_kthread+0x10/0x10
[   28.086166]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.086190]  ? calculate_sigpending+0x7b/0xa0
[   28.086215]  ? __pfx_kthread+0x10/0x10
[   28.086237]  ret_from_fork+0x116/0x1d0
[   28.086258]  ? __pfx_kthread+0x10/0x10
[   28.086280]  ret_from_fork_asm+0x1a/0x30
[   28.086313]  </TASK>
[   28.086326] 
[   28.097347] Allocated by task 335:
[   28.097483]  kasan_save_stack+0x45/0x70
[   28.097634]  kasan_save_track+0x18/0x40
[   28.098246]  kasan_save_alloc_info+0x3b/0x50
[   28.098449]  __kasan_kmalloc+0xb7/0xc0
[   28.098630]  __kmalloc_noprof+0x1c9/0x500
[   28.098845]  kunit_kmalloc_array+0x25/0x60
[   28.099050]  copy_user_test_oob+0xab/0x10f0
[   28.099709]  kunit_try_run_case+0x1a5/0x480
[   28.100222]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.100592]  kthread+0x337/0x6f0
[   28.100823]  ret_from_fork+0x116/0x1d0
[   28.101235]  ret_from_fork_asm+0x1a/0x30
[   28.101380] 
[   28.101447] The buggy address belongs to the object at ffff8881060ac600
[   28.101447]  which belongs to the cache kmalloc-128 of size 128
[   28.101828] The buggy address is located 0 bytes inside of
[   28.101828]  allocated 120-byte region [ffff8881060ac600, ffff8881060ac678)
[   28.102643] 
[   28.102772] The buggy address belongs to the physical page:
[   28.103137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac
[   28.103468] flags: 0x200000000000000(node=0|zone=2)
[   28.103678] page_type: f5(slab)
[   28.103857] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   28.104390] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.104802] page dumped because: kasan: bad access detected
[   28.105024] 
[   28.105274] Memory state around the buggy address:
[   28.105461]  ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.105885]  ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.106247] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   28.106611]                                                                 ^
[   28.106959]  ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.107365]  ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.107690] ==================================================================
[   28.109473] ==================================================================
[   28.109797] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0
[   28.110163] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335
[   28.110526] 
[   28.110644] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   28.110728] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   28.110743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.110789] Call Trace:
[   28.110819]  <TASK>
[   28.110840]  dump_stack_lvl+0x73/0xb0
[   28.110908]  print_report+0xd1/0x610
[   28.110934]  ? __virt_addr_valid+0x1db/0x2d0
[   28.110959]  ? copy_user_test_oob+0x557/0x10f0
[   28.110994]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.111020]  ? copy_user_test_oob+0x557/0x10f0
[   28.111045]  kasan_report+0x141/0x180
[   28.111067]  ? copy_user_test_oob+0x557/0x10f0
[   28.111096]  kasan_check_range+0x10c/0x1c0
[   28.111120]  __kasan_check_write+0x18/0x20
[   28.111171]  copy_user_test_oob+0x557/0x10f0
[   28.111196]  ? __pfx_copy_user_test_oob+0x10/0x10
[   28.111220]  ? finish_task_switch.isra.0+0x153/0x700
[   28.111254]  ? __switch_to+0x47/0xf80
[   28.111280]  ? __schedule+0x10cc/0x2b60
[   28.111305]  ? __pfx_read_tsc+0x10/0x10
[   28.111327]  ? ktime_get_ts64+0x86/0x230
[   28.111353]  kunit_try_run_case+0x1a5/0x480
[   28.111375]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.111396]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.111421]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.111445]  ? __kthread_parkme+0x82/0x180
[   28.111467]  ? preempt_count_sub+0x50/0x80
[   28.111492]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.111514]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.111539]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.111566]  kthread+0x337/0x6f0
[   28.111586]  ? trace_preempt_on+0x20/0xc0
[   28.111609]  ? __pfx_kthread+0x10/0x10
[   28.111631]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.111654]  ? calculate_sigpending+0x7b/0xa0
[   28.111679]  ? __pfx_kthread+0x10/0x10
[   28.111710]  ret_from_fork+0x116/0x1d0
[   28.111730]  ? __pfx_kthread+0x10/0x10
[   28.111752]  ret_from_fork_asm+0x1a/0x30
[   28.111797]  </TASK>
[   28.111816] 
[   28.119548] Allocated by task 335:
[   28.119674]  kasan_save_stack+0x45/0x70
[   28.119826]  kasan_save_track+0x18/0x40
[   28.119952]  kasan_save_alloc_info+0x3b/0x50
[   28.120203]  __kasan_kmalloc+0xb7/0xc0
[   28.120383]  __kmalloc_noprof+0x1c9/0x500
[   28.120577]  kunit_kmalloc_array+0x25/0x60
[   28.120780]  copy_user_test_oob+0xab/0x10f0
[   28.120978]  kunit_try_run_case+0x1a5/0x480
[   28.121146]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.121424]  kthread+0x337/0x6f0
[   28.121622]  ret_from_fork+0x116/0x1d0
[   28.121826]  ret_from_fork_asm+0x1a/0x30
[   28.122051] 
[   28.122156] The buggy address belongs to the object at ffff8881060ac600
[   28.122156]  which belongs to the cache kmalloc-128 of size 128
[   28.122991] The buggy address is located 0 bytes inside of
[   28.122991]  allocated 120-byte region [ffff8881060ac600, ffff8881060ac678)
[   28.123344] 
[   28.123410] The buggy address belongs to the physical page:
[   28.123579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac
[   28.124668] flags: 0x200000000000000(node=0|zone=2)
[   28.125150] page_type: f5(slab)
[   28.125478] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   28.126088] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.126493] page dumped because: kasan: bad access detected
[   28.126731] 
[   28.127101] Memory state around the buggy address:
[   28.127553]  ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.128303]  ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.128751] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   28.129074]                                                                 ^
[   28.129348]  ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.129632]  ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.130331] ==================================================================
[   28.065398] ==================================================================
[   28.065740] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0
[   28.066097] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335
[   28.066394] 
[   28.066491] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   28.066545] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   28.066560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.066583] Call Trace:
[   28.066599]  <TASK>
[   28.066619]  dump_stack_lvl+0x73/0xb0
[   28.066652]  print_report+0xd1/0x610
[   28.066675]  ? __virt_addr_valid+0x1db/0x2d0
[   28.066714]  ? copy_user_test_oob+0x3fd/0x10f0
[   28.066738]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.066765]  ? copy_user_test_oob+0x3fd/0x10f0
[   28.066805]  kasan_report+0x141/0x180
[   28.066828]  ? copy_user_test_oob+0x3fd/0x10f0
[   28.066857]  kasan_check_range+0x10c/0x1c0
[   28.066880]  __kasan_check_write+0x18/0x20
[   28.066905]  copy_user_test_oob+0x3fd/0x10f0
[   28.066931]  ? __pfx_copy_user_test_oob+0x10/0x10
[   28.066954]  ? finish_task_switch.isra.0+0x153/0x700
[   28.066978]  ? __switch_to+0x47/0xf80
[   28.067006]  ? __schedule+0x10cc/0x2b60
[   28.067031]  ? __pfx_read_tsc+0x10/0x10
[   28.067053]  ? ktime_get_ts64+0x86/0x230
[   28.067079]  kunit_try_run_case+0x1a5/0x480
[   28.067102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.067124]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.067148]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.067173]  ? __kthread_parkme+0x82/0x180
[   28.067196]  ? preempt_count_sub+0x50/0x80
[   28.067219]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.067243]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.067269]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.067295]  kthread+0x337/0x6f0
[   28.067316]  ? trace_preempt_on+0x20/0xc0
[   28.067340]  ? __pfx_kthread+0x10/0x10
[   28.067362]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.067386]  ? calculate_sigpending+0x7b/0xa0
[   28.067411]  ? __pfx_kthread+0x10/0x10
[   28.067433]  ret_from_fork+0x116/0x1d0
[   28.067454]  ? __pfx_kthread+0x10/0x10
[   28.067476]  ret_from_fork_asm+0x1a/0x30
[   28.067509]  </TASK>
[   28.067522] 
[   28.074411] Allocated by task 335:
[   28.074584]  kasan_save_stack+0x45/0x70
[   28.074822]  kasan_save_track+0x18/0x40
[   28.075009]  kasan_save_alloc_info+0x3b/0x50
[   28.075211]  __kasan_kmalloc+0xb7/0xc0
[   28.075394]  __kmalloc_noprof+0x1c9/0x500
[   28.075593]  kunit_kmalloc_array+0x25/0x60
[   28.075828]  copy_user_test_oob+0xab/0x10f0
[   28.076021]  kunit_try_run_case+0x1a5/0x480
[   28.076193]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.076419]  kthread+0x337/0x6f0
[   28.076561]  ret_from_fork+0x116/0x1d0
[   28.076738]  ret_from_fork_asm+0x1a/0x30
[   28.076937] 
[   28.077033] The buggy address belongs to the object at ffff8881060ac600
[   28.077033]  which belongs to the cache kmalloc-128 of size 128
[   28.077478] The buggy address is located 0 bytes inside of
[   28.077478]  allocated 120-byte region [ffff8881060ac600, ffff8881060ac678)
[   28.077985] 
[   28.078080] The buggy address belongs to the physical page:
[   28.078309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac
[   28.078607] flags: 0x200000000000000(node=0|zone=2)
[   28.078850] page_type: f5(slab)
[   28.079002] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   28.079256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.079476] page dumped because: kasan: bad access detected
[   28.079643] 
[   28.079717] Memory state around the buggy address:
[   28.080049]  ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.080365]  ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.080641] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   28.080858]                                                                 ^
[   28.081066]  ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.081553]  ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.081885] ==================================================================
[   28.131442] ==================================================================
[   28.131785] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0
[   28.132467] Read of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335
[   28.133228] 
[   28.133356] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   28.133528] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   28.133544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.133568] Call Trace:
[   28.133587]  <TASK>
[   28.133606]  dump_stack_lvl+0x73/0xb0
[   28.133677]  print_report+0xd1/0x610
[   28.133710]  ? __virt_addr_valid+0x1db/0x2d0
[   28.133735]  ? copy_user_test_oob+0x604/0x10f0
[   28.133759]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.133796]  ? copy_user_test_oob+0x604/0x10f0
[   28.133821]  kasan_report+0x141/0x180
[   28.133845]  ? copy_user_test_oob+0x604/0x10f0
[   28.133873]  kasan_check_range+0x10c/0x1c0
[   28.133898]  __kasan_check_read+0x15/0x20
[   28.133922]  copy_user_test_oob+0x604/0x10f0
[   28.133948]  ? __pfx_copy_user_test_oob+0x10/0x10
[   28.133973]  ? finish_task_switch.isra.0+0x153/0x700
[   28.133997]  ? __switch_to+0x47/0xf80
[   28.134024]  ? __schedule+0x10cc/0x2b60
[   28.134049]  ? __pfx_read_tsc+0x10/0x10
[   28.134071]  ? ktime_get_ts64+0x86/0x230
[   28.134097]  kunit_try_run_case+0x1a5/0x480
[   28.134120]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.134141]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.134166]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.134191]  ? __kthread_parkme+0x82/0x180
[   28.134212]  ? preempt_count_sub+0x50/0x80
[   28.134237]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.134259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.134284]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.134311]  kthread+0x337/0x6f0
[   28.134331]  ? trace_preempt_on+0x20/0xc0
[   28.134354]  ? __pfx_kthread+0x10/0x10
[   28.134376]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.134400]  ? calculate_sigpending+0x7b/0xa0
[   28.134426]  ? __pfx_kthread+0x10/0x10
[   28.134449]  ret_from_fork+0x116/0x1d0
[   28.134469]  ? __pfx_kthread+0x10/0x10
[   28.134491]  ret_from_fork_asm+0x1a/0x30
[   28.134524]  </TASK>
[   28.134537] 
[   28.145199] Allocated by task 335:
[   28.145505]  kasan_save_stack+0x45/0x70
[   28.145896]  kasan_save_track+0x18/0x40
[   28.146182]  kasan_save_alloc_info+0x3b/0x50
[   28.146387]  __kasan_kmalloc+0xb7/0xc0
[   28.146553]  __kmalloc_noprof+0x1c9/0x500
[   28.146750]  kunit_kmalloc_array+0x25/0x60
[   28.147161]  copy_user_test_oob+0xab/0x10f0
[   28.147340]  kunit_try_run_case+0x1a5/0x480
[   28.147523]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.147765]  kthread+0x337/0x6f0
[   28.148352]  ret_from_fork+0x116/0x1d0
[   28.148607]  ret_from_fork_asm+0x1a/0x30
[   28.148946] 
[   28.149186] The buggy address belongs to the object at ffff8881060ac600
[   28.149186]  which belongs to the cache kmalloc-128 of size 128
[   28.149675] The buggy address is located 0 bytes inside of
[   28.149675]  allocated 120-byte region [ffff8881060ac600, ffff8881060ac678)
[   28.150286] 
[   28.150361] The buggy address belongs to the physical page:
[   28.150583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac
[   28.150999] flags: 0x200000000000000(node=0|zone=2)
[   28.151211] page_type: f5(slab)
[   28.151363] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   28.151730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.152131] page dumped because: kasan: bad access detected
[   28.152304] 
[   28.152398] Memory state around the buggy address:
[   28.152620]  ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.152961]  ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.153320] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   28.153583]                                                                 ^
[   28.154026]  ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.154352]  ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.154657] ==================================================================