Hay
Date
July 9, 2025, 12:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.275449] ==================================================================
[   22.275503] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8
[   22.275583] Write of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286
[   22.275655] 
[   22.275743] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   22.275845] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.275899] Hardware name: linux,dummy-virt (DT)
[   22.275973] Call trace:
[   22.275999]  show_stack+0x20/0x38 (C)
[   22.276147]  dump_stack_lvl+0x8c/0xd0
[   22.276243]  print_report+0x118/0x608
[   22.276311]  kasan_report+0xdc/0x128
[   22.276359]  kasan_check_range+0x100/0x1a8
[   22.276420]  __kasan_check_write+0x20/0x30
[   22.276467]  copy_user_test_oob+0x434/0xec8
[   22.276517]  kunit_try_run_case+0x170/0x3f0
[   22.276721]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.276880]  kthread+0x328/0x630
[   22.276976]  ret_from_fork+0x10/0x20
[   22.277077] 
[   22.277156] Allocated by task 286:
[   22.277224]  kasan_save_stack+0x3c/0x68
[   22.277321]  kasan_save_track+0x20/0x40
[   22.277429]  kasan_save_alloc_info+0x40/0x58
[   22.277486]  __kasan_kmalloc+0xd4/0xd8
[   22.277525]  __kmalloc_noprof+0x198/0x4c8
[   22.277705]  kunit_kmalloc_array+0x34/0x88
[   22.277836]  copy_user_test_oob+0xac/0xec8
[   22.278080]  kunit_try_run_case+0x170/0x3f0
[   22.278148]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.278234]  kthread+0x328/0x630
[   22.278514]  ret_from_fork+0x10/0x20
[   22.278584] 
[   22.278606] The buggy address belongs to the object at fff00000c6e98900
[   22.278606]  which belongs to the cache kmalloc-128 of size 128
[   22.278678] The buggy address is located 0 bytes inside of
[   22.278678]  allocated 120-byte region [fff00000c6e98900, fff00000c6e98978)
[   22.278744] 
[   22.278780] The buggy address belongs to the physical page:
[   22.278814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98
[   22.278868] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.278933] page_type: f5(slab)
[   22.278974] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.279026] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.279068] page dumped because: kasan: bad access detected
[   22.279112] 
[   22.279141] Memory state around the buggy address:
[   22.279175]  fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.279221]  fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.279271] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   22.279322]                                                                 ^
[   22.279365]  fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.279769]  fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.279868] ==================================================================
[   22.280427] ==================================================================
[   22.280477] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8
[   22.280527] Read of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286
[   22.280579] 
[   22.280610] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   22.280695] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.280765] Hardware name: linux,dummy-virt (DT)
[   22.280802] Call trace:
[   22.280825]  show_stack+0x20/0x38 (C)
[   22.280887]  dump_stack_lvl+0x8c/0xd0
[   22.281037]  print_report+0x118/0x608
[   22.281096]  kasan_report+0xdc/0x128
[   22.281142]  kasan_check_range+0x100/0x1a8
[   22.281193]  __kasan_check_read+0x20/0x30
[   22.281240]  copy_user_test_oob+0x4a0/0xec8
[   22.281475]  kunit_try_run_case+0x170/0x3f0
[   22.281559]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.281663]  kthread+0x328/0x630
[   22.281709]  ret_from_fork+0x10/0x20
[   22.281777] 
[   22.281853] Allocated by task 286:
[   22.281903]  kasan_save_stack+0x3c/0x68
[   22.281958]  kasan_save_track+0x20/0x40
[   22.282000]  kasan_save_alloc_info+0x40/0x58
[   22.282043]  __kasan_kmalloc+0xd4/0xd8
[   22.282083]  __kmalloc_noprof+0x198/0x4c8
[   22.282147]  kunit_kmalloc_array+0x34/0x88
[   22.282189]  copy_user_test_oob+0xac/0xec8
[   22.282387]  kunit_try_run_case+0x170/0x3f0
[   22.282474]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.282541]  kthread+0x328/0x630
[   22.282598]  ret_from_fork+0x10/0x20
[   22.282638] 
[   22.282721] The buggy address belongs to the object at fff00000c6e98900
[   22.282721]  which belongs to the cache kmalloc-128 of size 128
[   22.282798] The buggy address is located 0 bytes inside of
[   22.282798]  allocated 120-byte region [fff00000c6e98900, fff00000c6e98978)
[   22.282888] 
[   22.282927] The buggy address belongs to the physical page:
[   22.282979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98
[   22.283032] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.283081] page_type: f5(slab)
[   22.283146] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.283199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.283366] page dumped because: kasan: bad access detected
[   22.283551] 
[   22.283638] Memory state around the buggy address:
[   22.283694]  fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.283760]  fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.283835] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   22.283897]                                                                 ^
[   22.283942]  fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.283987]  fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.284076] ==================================================================
[   22.270186] ==================================================================
[   22.270241] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8
[   22.270502] Read of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286
[   22.270558] 
[   22.270592] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   22.270677] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.270707] Hardware name: linux,dummy-virt (DT)
[   22.270741] Call trace:
[   22.270766]  show_stack+0x20/0x38 (C)
[   22.270816]  dump_stack_lvl+0x8c/0xd0
[   22.270865]  print_report+0x118/0x608
[   22.270913]  kasan_report+0xdc/0x128
[   22.270961]  kasan_check_range+0x100/0x1a8
[   22.271012]  __kasan_check_read+0x20/0x30
[   22.271058]  copy_user_test_oob+0x3c8/0xec8
[   22.271108]  kunit_try_run_case+0x170/0x3f0
[   22.271158]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.271213]  kthread+0x328/0x630
[   22.271257]  ret_from_fork+0x10/0x20
[   22.271306] 
[   22.271328] Allocated by task 286:
[   22.271358]  kasan_save_stack+0x3c/0x68
[   22.271415]  kasan_save_track+0x20/0x40
[   22.271456]  kasan_save_alloc_info+0x40/0x58
[   22.271500]  __kasan_kmalloc+0xd4/0xd8
[   22.271539]  __kmalloc_noprof+0x198/0x4c8
[   22.271618]  kunit_kmalloc_array+0x34/0x88
[   22.271678]  copy_user_test_oob+0xac/0xec8
[   22.271746]  kunit_try_run_case+0x170/0x3f0
[   22.271834]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.271901]  kthread+0x328/0x630
[   22.271961]  ret_from_fork+0x10/0x20
[   22.272076] 
[   22.272117] The buggy address belongs to the object at fff00000c6e98900
[   22.272117]  which belongs to the cache kmalloc-128 of size 128
[   22.272207] The buggy address is located 0 bytes inside of
[   22.272207]  allocated 120-byte region [fff00000c6e98900, fff00000c6e98978)
[   22.272356] 
[   22.272436] The buggy address belongs to the physical page:
[   22.272498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98
[   22.272853] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.272987] page_type: f5(slab)
[   22.273046] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.273131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.273264] page dumped because: kasan: bad access detected
[   22.273313] 
[   22.273353] Memory state around the buggy address:
[   22.273676]  fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.273795]  fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.273909] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   22.273972]                                                                 ^
[   22.274018]  fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.274377]  fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.274530] ==================================================================
[   22.223260] ==================================================================
[   22.223373] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8
[   22.224887] Write of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286
[   22.224995] 
[   22.225071] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   22.225551] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.225613] Hardware name: linux,dummy-virt (DT)
[   22.226013] Call trace:
[   22.226054]  show_stack+0x20/0x38 (C)
[   22.226480]  dump_stack_lvl+0x8c/0xd0
[   22.226540]  print_report+0x118/0x608
[   22.226596]  kasan_report+0xdc/0x128
[   22.226646]  kasan_check_range+0x100/0x1a8
[   22.226697]  __kasan_check_write+0x20/0x30
[   22.226781]  copy_user_test_oob+0x234/0xec8
[   22.226842]  kunit_try_run_case+0x170/0x3f0
[   22.226897]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.226951]  kthread+0x328/0x630
[   22.227006]  ret_from_fork+0x10/0x20
[   22.227068] 
[   22.227089] Allocated by task 286:
[   22.227122]  kasan_save_stack+0x3c/0x68
[   22.227180]  kasan_save_track+0x20/0x40
[   22.227221]  kasan_save_alloc_info+0x40/0x58
[   22.227264]  __kasan_kmalloc+0xd4/0xd8
[   22.227314]  __kmalloc_noprof+0x198/0x4c8
[   22.227367]  kunit_kmalloc_array+0x34/0x88
[   22.227432]  copy_user_test_oob+0xac/0xec8
[   22.227488]  kunit_try_run_case+0x170/0x3f0
[   22.227536]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.227588]  kthread+0x328/0x630
[   22.227623]  ret_from_fork+0x10/0x20
[   22.227683] 
[   22.227713] The buggy address belongs to the object at fff00000c6e98900
[   22.227713]  which belongs to the cache kmalloc-128 of size 128
[   22.227785] The buggy address is located 0 bytes inside of
[   22.227785]  allocated 120-byte region [fff00000c6e98900, fff00000c6e98978)
[   22.227865] 
[   22.227900] The buggy address belongs to the physical page:
[   22.227945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98
[   22.228012] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.229368] page_type: f5(slab)
[   22.229480] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.229572] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.229636] page dumped because: kasan: bad access detected
[   22.229669] 
[   22.229719] Memory state around the buggy address:
[   22.229757]  fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.229823]  fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.229885] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   22.229949]                                                                 ^
[   22.229995]  fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.230058]  fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.230126] ==================================================================
[   22.238930] ==================================================================
[   22.239028] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8
[   22.239168] Read of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286
[   22.239234] 
[   22.239271] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   22.239790] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.239832] Hardware name: linux,dummy-virt (DT)
[   22.239867] Call trace:
[   22.239894]  show_stack+0x20/0x38 (C)
[   22.240233]  dump_stack_lvl+0x8c/0xd0
[   22.240327]  print_report+0x118/0x608
[   22.240465]  kasan_report+0xdc/0x128
[   22.240555]  kasan_check_range+0x100/0x1a8
[   22.240643]  __kasan_check_read+0x20/0x30
[   22.240786]  copy_user_test_oob+0x728/0xec8
[   22.240837]  kunit_try_run_case+0x170/0x3f0
[   22.241303]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.241691]  kthread+0x328/0x630
[   22.241871]  ret_from_fork+0x10/0x20
[   22.241930] 
[   22.241981] Allocated by task 286:
[   22.242230]  kasan_save_stack+0x3c/0x68
[   22.242420]  kasan_save_track+0x20/0x40
[   22.242644]  kasan_save_alloc_info+0x40/0x58
[   22.242891]  __kasan_kmalloc+0xd4/0xd8
[   22.243068]  __kmalloc_noprof+0x198/0x4c8
[   22.243861]  kunit_kmalloc_array+0x34/0x88
[   22.243948]  copy_user_test_oob+0xac/0xec8
[   22.244009]  kunit_try_run_case+0x170/0x3f0
[   22.244106]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.244299]  kthread+0x328/0x630
[   22.244583]  ret_from_fork+0x10/0x20
[   22.244905] 
[   22.244946] The buggy address belongs to the object at fff00000c6e98900
[   22.244946]  which belongs to the cache kmalloc-128 of size 128
[   22.245435] The buggy address is located 0 bytes inside of
[   22.245435]  allocated 120-byte region [fff00000c6e98900, fff00000c6e98978)
[   22.245555] 
[   22.245597] The buggy address belongs to the physical page:
[   22.245632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98
[   22.245688] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.245748] page_type: f5(slab)
[   22.245804] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.245859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.245915] page dumped because: kasan: bad access detected
[   22.245958] 
[   22.245979] Memory state around the buggy address:
[   22.246022]  fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.246069]  fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.246123] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   22.246164]                                                                 ^
[   22.246208]  fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.246254]  fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.246304] ==================================================================
[   22.254932] ==================================================================
[   22.254999] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8
[   22.255300] Write of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286
[   22.255482] 
[   22.255525] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   22.255784] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.255827] Hardware name: linux,dummy-virt (DT)
[   22.255992] Call trace:
[   22.256019]  show_stack+0x20/0x38 (C)
[   22.256214]  dump_stack_lvl+0x8c/0xd0
[   22.256474]  print_report+0x118/0x608
[   22.256641]  kasan_report+0xdc/0x128
[   22.256997]  kasan_check_range+0x100/0x1a8
[   22.257109]  __kasan_check_write+0x20/0x30
[   22.257332]  copy_user_test_oob+0x35c/0xec8
[   22.257391]  kunit_try_run_case+0x170/0x3f0
[   22.257837]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.258445]  kthread+0x328/0x630
[   22.258511]  ret_from_fork+0x10/0x20
[   22.260097] 
[   22.260145] Allocated by task 286:
[   22.260440]  kasan_save_stack+0x3c/0x68
[   22.260510]  kasan_save_track+0x20/0x40
[   22.263819]  kasan_save_alloc_info+0x40/0x58
[   22.263990]  __kasan_kmalloc+0xd4/0xd8
[   22.264967]  __kmalloc_noprof+0x198/0x4c8
[   22.265606]  kunit_kmalloc_array+0x34/0x88
[   22.265689]  copy_user_test_oob+0xac/0xec8
[   22.266444]  kunit_try_run_case+0x170/0x3f0
[   22.266503]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.266550]  kthread+0x328/0x630
[   22.266589]  ret_from_fork+0x10/0x20
[   22.266628] 
[   22.266651] The buggy address belongs to the object at fff00000c6e98900
[   22.266651]  which belongs to the cache kmalloc-128 of size 128
[   22.266714] The buggy address is located 0 bytes inside of
[   22.266714]  allocated 120-byte region [fff00000c6e98900, fff00000c6e98978)
[   22.266779] 
[   22.266803] The buggy address belongs to the physical page:
[   22.266843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98
[   22.266900] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.266952] page_type: f5(slab)
[   22.266995] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.267049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.267093] page dumped because: kasan: bad access detected
[   22.267127] 
[   22.267148] Memory state around the buggy address:
[   22.267183]  fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.267229]  fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.267274] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   22.267316]                                                                 ^
[   22.267359]  fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.267415]  fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.267458] ==================================================================

[   16.679088] ==================================================================
[   16.679405] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0
[   16.679853] Read of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302
[   16.680173] 
[   16.680301] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   16.680347] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.680360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.680382] Call Trace:
[   16.680401]  <TASK>
[   16.680420]  dump_stack_lvl+0x73/0xb0
[   16.680478]  print_report+0xd1/0x650
[   16.680504]  ? __virt_addr_valid+0x1db/0x2d0
[   16.680528]  ? copy_user_test_oob+0x4aa/0x10f0
[   16.680593]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.680631]  ? copy_user_test_oob+0x4aa/0x10f0
[   16.680668]  kasan_report+0x141/0x180
[   16.680718]  ? copy_user_test_oob+0x4aa/0x10f0
[   16.680747]  kasan_check_range+0x10c/0x1c0
[   16.680797]  __kasan_check_read+0x15/0x20
[   16.680818]  copy_user_test_oob+0x4aa/0x10f0
[   16.680844]  ? __pfx_copy_user_test_oob+0x10/0x10
[   16.680880]  ? finish_task_switch.isra.0+0x153/0x700
[   16.680904]  ? __switch_to+0x47/0xf50
[   16.680930]  ? __schedule+0x10cc/0x2b60
[   16.680968]  ? __pfx_read_tsc+0x10/0x10
[   16.680990]  ? ktime_get_ts64+0x86/0x230
[   16.681015]  kunit_try_run_case+0x1a5/0x480
[   16.681041]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.681065]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.681091]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.681147]  ? __kthread_parkme+0x82/0x180
[   16.681170]  ? preempt_count_sub+0x50/0x80
[   16.681205]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.681230]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.681257]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.681314]  kthread+0x337/0x6f0
[   16.681335]  ? trace_preempt_on+0x20/0xc0
[   16.681359]  ? __pfx_kthread+0x10/0x10
[   16.681401]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.681424]  ? calculate_sigpending+0x7b/0xa0
[   16.681450]  ? __pfx_kthread+0x10/0x10
[   16.681483]  ret_from_fork+0x116/0x1d0
[   16.681502]  ? __pfx_kthread+0x10/0x10
[   16.681524]  ret_from_fork_asm+0x1a/0x30
[   16.681557]  </TASK>
[   16.681569] 
[   16.688952] Allocated by task 302:
[   16.689130]  kasan_save_stack+0x45/0x70
[   16.689373]  kasan_save_track+0x18/0x40
[   16.689622]  kasan_save_alloc_info+0x3b/0x50
[   16.689840]  __kasan_kmalloc+0xb7/0xc0
[   16.690057]  __kmalloc_noprof+0x1c9/0x500
[   16.690234]  kunit_kmalloc_array+0x25/0x60
[   16.690515]  copy_user_test_oob+0xab/0x10f0
[   16.690743]  kunit_try_run_case+0x1a5/0x480
[   16.690888]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.691074]  kthread+0x337/0x6f0
[   16.691195]  ret_from_fork+0x116/0x1d0
[   16.691338]  ret_from_fork_asm+0x1a/0x30
[   16.691585] 
[   16.691684] The buggy address belongs to the object at ffff888102ab9c00
[   16.691684]  which belongs to the cache kmalloc-128 of size 128
[   16.692235] The buggy address is located 0 bytes inside of
[   16.692235]  allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78)
[   16.692893] 
[   16.693027] The buggy address belongs to the physical page:
[   16.693338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9
[   16.693580] flags: 0x200000000000000(node=0|zone=2)
[   16.693742] page_type: f5(slab)
[   16.693864] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.694184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.694921] page dumped because: kasan: bad access detected
[   16.695206] 
[   16.695307] Memory state around the buggy address:
[   16.695464]  ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.695862]  ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.696142] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.696583]                                                                 ^
[   16.696795]  ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.697021]  ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.697435] ==================================================================
[   16.698253] ==================================================================
[   16.698620] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0
[   16.698979] Write of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302
[   16.699381] 
[   16.699487] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   16.699532] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.699545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.699566] Call Trace:
[   16.699585]  <TASK>
[   16.699602]  dump_stack_lvl+0x73/0xb0
[   16.699633]  print_report+0xd1/0x650
[   16.699658]  ? __virt_addr_valid+0x1db/0x2d0
[   16.699698]  ? copy_user_test_oob+0x557/0x10f0
[   16.699723]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.699748]  ? copy_user_test_oob+0x557/0x10f0
[   16.699773]  kasan_report+0x141/0x180
[   16.699796]  ? copy_user_test_oob+0x557/0x10f0
[   16.699860]  kasan_check_range+0x10c/0x1c0
[   16.699885]  __kasan_check_write+0x18/0x20
[   16.699917]  copy_user_test_oob+0x557/0x10f0
[   16.699954]  ? __pfx_copy_user_test_oob+0x10/0x10
[   16.699978]  ? finish_task_switch.isra.0+0x153/0x700
[   16.700002]  ? __switch_to+0x47/0xf50
[   16.700028]  ? __schedule+0x10cc/0x2b60
[   16.700052]  ? __pfx_read_tsc+0x10/0x10
[   16.700075]  ? ktime_get_ts64+0x86/0x230
[   16.700100]  kunit_try_run_case+0x1a5/0x480
[   16.700126]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.700150]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.700176]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.700202]  ? __kthread_parkme+0x82/0x180
[   16.700224]  ? preempt_count_sub+0x50/0x80
[   16.700248]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.700275]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.700329]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.700356]  kthread+0x337/0x6f0
[   16.700387]  ? trace_preempt_on+0x20/0xc0
[   16.700412]  ? __pfx_kthread+0x10/0x10
[   16.700463]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.700485]  ? calculate_sigpending+0x7b/0xa0
[   16.700522]  ? __pfx_kthread+0x10/0x10
[   16.700544]  ret_from_fork+0x116/0x1d0
[   16.700564]  ? __pfx_kthread+0x10/0x10
[   16.700586]  ret_from_fork_asm+0x1a/0x30
[   16.700618]  </TASK>
[   16.700631] 
[   16.708312] Allocated by task 302:
[   16.708539]  kasan_save_stack+0x45/0x70
[   16.708743]  kasan_save_track+0x18/0x40
[   16.708956]  kasan_save_alloc_info+0x3b/0x50
[   16.709140]  __kasan_kmalloc+0xb7/0xc0
[   16.709270]  __kmalloc_noprof+0x1c9/0x500
[   16.709535]  kunit_kmalloc_array+0x25/0x60
[   16.709819]  copy_user_test_oob+0xab/0x10f0
[   16.710084]  kunit_try_run_case+0x1a5/0x480
[   16.710305]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.710560]  kthread+0x337/0x6f0
[   16.710718]  ret_from_fork+0x116/0x1d0
[   16.710878]  ret_from_fork_asm+0x1a/0x30
[   16.711023] 
[   16.711093] The buggy address belongs to the object at ffff888102ab9c00
[   16.711093]  which belongs to the cache kmalloc-128 of size 128
[   16.711542] The buggy address is located 0 bytes inside of
[   16.711542]  allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78)
[   16.713177] 
[   16.713287] The buggy address belongs to the physical page:
[   16.713584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9
[   16.714152] flags: 0x200000000000000(node=0|zone=2)
[   16.714504] page_type: f5(slab)
[   16.714805] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.715243] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.715828] page dumped because: kasan: bad access detected
[   16.716195] 
[   16.716410] Memory state around the buggy address:
[   16.716708]  ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.717131]  ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.717643] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.717987]                                                                 ^
[   16.718303]  ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.718677]  ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.718963] ==================================================================
[   16.719569] ==================================================================
[   16.719813] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0
[   16.720993] Read of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302
[   16.721874] 
[   16.722002] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   16.722050] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.722325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.722350] Call Trace:
[   16.722371]  <TASK>
[   16.722392]  dump_stack_lvl+0x73/0xb0
[   16.722427]  print_report+0xd1/0x650
[   16.722453]  ? __virt_addr_valid+0x1db/0x2d0
[   16.722478]  ? copy_user_test_oob+0x604/0x10f0
[   16.722503]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.722528]  ? copy_user_test_oob+0x604/0x10f0
[   16.722553]  kasan_report+0x141/0x180
[   16.722576]  ? copy_user_test_oob+0x604/0x10f0
[   16.722605]  kasan_check_range+0x10c/0x1c0
[   16.722630]  __kasan_check_read+0x15/0x20
[   16.722650]  copy_user_test_oob+0x604/0x10f0
[   16.722677]  ? __pfx_copy_user_test_oob+0x10/0x10
[   16.722701]  ? finish_task_switch.isra.0+0x153/0x700
[   16.722732]  ? __switch_to+0x47/0xf50
[   16.722758]  ? __schedule+0x10cc/0x2b60
[   16.722781]  ? __pfx_read_tsc+0x10/0x10
[   16.722804]  ? ktime_get_ts64+0x86/0x230
[   16.722829]  kunit_try_run_case+0x1a5/0x480
[   16.722854]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.722879]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.722904]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.722929]  ? __kthread_parkme+0x82/0x180
[   16.722963]  ? preempt_count_sub+0x50/0x80
[   16.722988]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.723014]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.723040]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.723066]  kthread+0x337/0x6f0
[   16.723086]  ? trace_preempt_on+0x20/0xc0
[   16.723111]  ? __pfx_kthread+0x10/0x10
[   16.723132]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.723155]  ? calculate_sigpending+0x7b/0xa0
[   16.723181]  ? __pfx_kthread+0x10/0x10
[   16.723203]  ret_from_fork+0x116/0x1d0
[   16.723223]  ? __pfx_kthread+0x10/0x10
[   16.723244]  ret_from_fork_asm+0x1a/0x30
[   16.723288]  </TASK>
[   16.723300] 
[   16.733240] Allocated by task 302:
[   16.733440]  kasan_save_stack+0x45/0x70
[   16.733651]  kasan_save_track+0x18/0x40
[   16.733833]  kasan_save_alloc_info+0x3b/0x50
[   16.734800]  __kasan_kmalloc+0xb7/0xc0
[   16.734972]  __kmalloc_noprof+0x1c9/0x500
[   16.735449]  kunit_kmalloc_array+0x25/0x60
[   16.735770]  copy_user_test_oob+0xab/0x10f0
[   16.736118]  kunit_try_run_case+0x1a5/0x480
[   16.736359]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.736595]  kthread+0x337/0x6f0
[   16.736771]  ret_from_fork+0x116/0x1d0
[   16.736967]  ret_from_fork_asm+0x1a/0x30
[   16.737160] 
[   16.737247] The buggy address belongs to the object at ffff888102ab9c00
[   16.737247]  which belongs to the cache kmalloc-128 of size 128
[   16.738173] The buggy address is located 0 bytes inside of
[   16.738173]  allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78)
[   16.739000] 
[   16.739111] The buggy address belongs to the physical page:
[   16.739522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9
[   16.739998] flags: 0x200000000000000(node=0|zone=2)
[   16.740347] page_type: f5(slab)
[   16.740533] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.740812] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.741157] page dumped because: kasan: bad access detected
[   16.741656] 
[   16.741752] Memory state around the buggy address:
[   16.742140]  ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.742618]  ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.743038] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.743553]                                                                 ^
[   16.743975]  ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.744515]  ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.744826] ==================================================================
[   16.659661] ==================================================================
[   16.660066] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0
[   16.660442] Write of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302
[   16.660715] 
[   16.660845] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   16.660915] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.660929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.660964] Call Trace:
[   16.660980]  <TASK>
[   16.660999]  dump_stack_lvl+0x73/0xb0
[   16.661033]  print_report+0xd1/0x650
[   16.661057]  ? __virt_addr_valid+0x1db/0x2d0
[   16.661081]  ? copy_user_test_oob+0x3fd/0x10f0
[   16.661106]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.661131]  ? copy_user_test_oob+0x3fd/0x10f0
[   16.661157]  kasan_report+0x141/0x180
[   16.661179]  ? copy_user_test_oob+0x3fd/0x10f0
[   16.661241]  kasan_check_range+0x10c/0x1c0
[   16.661266]  __kasan_check_write+0x18/0x20
[   16.661310]  copy_user_test_oob+0x3fd/0x10f0
[   16.661337]  ? __pfx_copy_user_test_oob+0x10/0x10
[   16.661362]  ? finish_task_switch.isra.0+0x153/0x700
[   16.661386]  ? __switch_to+0x47/0xf50
[   16.661413]  ? __schedule+0x10cc/0x2b60
[   16.661437]  ? __pfx_read_tsc+0x10/0x10
[   16.661459]  ? ktime_get_ts64+0x86/0x230
[   16.661484]  kunit_try_run_case+0x1a5/0x480
[   16.661510]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.661534]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.661559]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.661585]  ? __kthread_parkme+0x82/0x180
[   16.661607]  ? preempt_count_sub+0x50/0x80
[   16.661631]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.661656]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.661683]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.661710]  kthread+0x337/0x6f0
[   16.661730]  ? trace_preempt_on+0x20/0xc0
[   16.661754]  ? __pfx_kthread+0x10/0x10
[   16.661776]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.661799]  ? calculate_sigpending+0x7b/0xa0
[   16.661824]  ? __pfx_kthread+0x10/0x10
[   16.661846]  ret_from_fork+0x116/0x1d0
[   16.661865]  ? __pfx_kthread+0x10/0x10
[   16.661887]  ret_from_fork_asm+0x1a/0x30
[   16.661919]  </TASK>
[   16.661931] 
[   16.669551] Allocated by task 302:
[   16.669799]  kasan_save_stack+0x45/0x70
[   16.670019]  kasan_save_track+0x18/0x40
[   16.670218]  kasan_save_alloc_info+0x3b/0x50
[   16.670499]  __kasan_kmalloc+0xb7/0xc0
[   16.670686]  __kmalloc_noprof+0x1c9/0x500
[   16.670910]  kunit_kmalloc_array+0x25/0x60
[   16.671139]  copy_user_test_oob+0xab/0x10f0
[   16.671379]  kunit_try_run_case+0x1a5/0x480
[   16.671528]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.671704]  kthread+0x337/0x6f0
[   16.671879]  ret_from_fork+0x116/0x1d0
[   16.672084]  ret_from_fork_asm+0x1a/0x30
[   16.672286] 
[   16.672424] The buggy address belongs to the object at ffff888102ab9c00
[   16.672424]  which belongs to the cache kmalloc-128 of size 128
[   16.672924] The buggy address is located 0 bytes inside of
[   16.672924]  allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78)
[   16.673531] 
[   16.673607] The buggy address belongs to the physical page:
[   16.673781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9
[   16.674192] flags: 0x200000000000000(node=0|zone=2)
[   16.674647] page_type: f5(slab)
[   16.674825] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.675195] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.675609] page dumped because: kasan: bad access detected
[   16.675843] 
[   16.675913] Memory state around the buggy address:
[   16.676149]  ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.676624]  ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.676955] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.677169]                                                                 ^
[   16.677710]  ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.678068]  ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.678397] ==================================================================