Date
July 3, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.668048] ================================================================== [ 22.668194] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 22.672318] [ 22.672519] The buggy address is located 8 bytes inside of [ 22.672519] allocated 9-byte region [fff00000c6191580, fff00000c6191589) [ 22.673470] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.674490] fff00000c6191480: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.677868] [ 22.679414] kasan_report+0xdc/0x128 [ 22.682969] kasan_bitops_generic+0xa0/0x1c8 [ 22.685627] page_type: f5(slab) [ 22.686218] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.687679] fff00000c6191680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.692954] __asan_report_load8_noabort+0x20/0x30 [ 22.695302] [ 22.695779] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.702782] ================================================================== [ 22.652799] ================================================================== [ 22.652917] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 22.653105] Write of size 8 at addr fff00000c6191588 by task kunit_try_catch/261 [ 22.653248] [ 22.653318] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.653524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.653600] Hardware name: linux,dummy-virt (DT) [ 22.653674] Call trace: [ 22.653736] show_stack+0x20/0x38 (C) [ 22.653861] dump_stack_lvl+0x8c/0xd0 [ 22.654014] print_report+0x118/0x608 [ 22.654211] kasan_report+0xdc/0x128 [ 22.654356] kasan_check_range+0x100/0x1a8 [ 22.654510] __kasan_check_write+0x20/0x30 [ 22.654625] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 22.654727] kasan_bitops_generic+0x110/0x1c8 [ 22.654832] kunit_try_run_case+0x170/0x3f0 [ 22.654981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.655114] kthread+0x328/0x630 [ 22.655207] ret_from_fork+0x10/0x20 [ 22.655298] [ 22.655337] Allocated by task 261: [ 22.655395] kasan_save_stack+0x3c/0x68 [ 22.655481] kasan_save_track+0x20/0x40 [ 22.655583] kasan_save_alloc_info+0x40/0x58 [ 22.655700] __kasan_kmalloc+0xd4/0xd8 [ 22.655818] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.655935] kasan_bitops_generic+0xa0/0x1c8 [ 22.656037] kunit_try_run_case+0x170/0x3f0 [ 22.656119] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.656247] kthread+0x328/0x630 [ 22.656339] ret_from_fork+0x10/0x20 [ 22.656420] [ 22.656480] The buggy address belongs to the object at fff00000c6191580 [ 22.656480] which belongs to the cache kmalloc-16 of size 16 [ 22.656639] The buggy address is located 8 bytes inside of [ 22.656639] allocated 9-byte region [fff00000c6191580, fff00000c6191589) [ 22.656784] [ 22.656834] The buggy address belongs to the physical page: [ 22.656903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106191 [ 22.657046] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.657182] page_type: f5(slab) [ 22.657281] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 22.657423] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.657595] page dumped because: kasan: bad access detected [ 22.657683] [ 22.657734] Memory state around the buggy address: [ 22.657829] fff00000c6191480: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.657928] fff00000c6191500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.658012] >fff00000c6191580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.658110] ^ [ 22.658173] fff00000c6191600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.658256] fff00000c6191680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.658334] ================================================================== [ 22.659832] ================================================================== [ 22.659946] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 22.660100] Read of size 8 at addr fff00000c6191588 by task kunit_try_catch/261 [ 22.660257] [ 22.660363] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.660613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.660702] Hardware name: linux,dummy-virt (DT) [ 22.660778] Call trace: [ 22.660827] show_stack+0x20/0x38 (C) [ 22.660962] dump_stack_lvl+0x8c/0xd0 [ 22.661093] print_report+0x118/0x608 [ 22.661280] kasan_report+0xdc/0x128 [ 22.661403] __asan_report_load8_noabort+0x20/0x30 [ 22.661516] kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 22.661636] kasan_bitops_generic+0x110/0x1c8 [ 22.661754] kunit_try_run_case+0x170/0x3f0 [ 22.661869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.662394] kasan_save_stack+0x3c/0x68 [ 22.662892] kasan_bitops_generic+0xa0/0x1c8 [ 22.663005] kunit_try_run_case+0x170/0x3f0 [ 22.663282] kthread+0x328/0x630 [ 22.663371] ret_from_fork+0x10/0x20 [ 22.663863] The buggy address is located 8 bytes inside of [ 22.663863] allocated 9-byte region [fff00000c6191580, fff00000c6191589) [ 22.664087] The buggy address belongs to the physical page: [ 22.664401] page_type: f5(slab) [ 22.664744] page dumped because: kasan: bad access detected [ 22.664963] fff00000c6191480: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.666005] ^ [ 22.666105] fff00000c6191600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.666222] fff00000c6191680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.666310] ================================================================== [ 22.632050] ================================================================== [ 22.632197] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 22.632317] Write of size 8 at addr fff00000c6191588 by task kunit_try_catch/261 [ 22.632425] [ 22.632949] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.633685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.634034] Hardware name: linux,dummy-virt (DT) [ 22.634360] Call trace: [ 22.634423] show_stack+0x20/0x38 (C) [ 22.634925] dump_stack_lvl+0x8c/0xd0 [ 22.635126] print_report+0x118/0x608 [ 22.635271] kasan_report+0xdc/0x128 [ 22.635381] kasan_check_range+0x100/0x1a8 [ 22.635496] __kasan_check_write+0x20/0x30 [ 22.635601] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 22.635715] kasan_bitops_generic+0x110/0x1c8 [ 22.635821] kunit_try_run_case+0x170/0x3f0 [ 22.636663] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.637190] kthread+0x328/0x630 [ 22.637381] ret_from_fork+0x10/0x20 [ 22.637569] [ 22.637645] Allocated by task 261: [ 22.637719] kasan_save_stack+0x3c/0x68 [ 22.638226] kasan_save_track+0x20/0x40 [ 22.638373] kasan_save_alloc_info+0x40/0x58 [ 22.638472] __kasan_kmalloc+0xd4/0xd8 [ 22.638635] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.638737] kasan_bitops_generic+0xa0/0x1c8 [ 22.638890] kunit_try_run_case+0x170/0x3f0 [ 22.638984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.639487] kthread+0x328/0x630 [ 22.639608] ret_from_fork+0x10/0x20 [ 22.639696] [ 22.639746] The buggy address belongs to the object at fff00000c6191580 [ 22.639746] which belongs to the cache kmalloc-16 of size 16 [ 22.640259] The buggy address is located 8 bytes inside of [ 22.640259] allocated 9-byte region [fff00000c6191580, fff00000c6191589) [ 22.640465] [ 22.640549] The buggy address belongs to the physical page: [ 22.640721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106191 [ 22.641066] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.641187] page_type: f5(slab) [ 22.641272] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 22.641585] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.641776] page dumped because: kasan: bad access detected [ 22.641854] [ 22.642299] Memory state around the buggy address: [ 22.642394] fff00000c6191480: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.642557] fff00000c6191500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.642742] >fff00000c6191580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.642837] ^ [ 22.642979] fff00000c6191600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.643095] fff00000c6191680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.643597] ================================================================== [ 22.645267] ================================================================== [ 22.645696] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 22.645838] Read of size 8 at addr fff00000c6191588 by task kunit_try_catch/261 [ 22.645961] [ 22.646110] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.646263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.646327] Hardware name: linux,dummy-virt (DT) [ 22.646399] Call trace: [ 22.646455] show_stack+0x20/0x38 (C) [ 22.646569] dump_stack_lvl+0x8c/0xd0 [ 22.646706] print_report+0x118/0x608 [ 22.646812] kasan_report+0xdc/0x128 [ 22.646946] __asan_report_load8_noabort+0x20/0x30 [ 22.647090] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 22.647213] kasan_bitops_generic+0x110/0x1c8 [ 22.647329] kunit_try_run_case+0x170/0x3f0 [ 22.647452] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.647577] kthread+0x328/0x630 [ 22.647671] ret_from_fork+0x10/0x20 [ 22.647775] [ 22.647828] Allocated by task 261: [ 22.647893] kasan_save_stack+0x3c/0x68 [ 22.647989] kasan_save_track+0x20/0x40 [ 22.648090] kasan_save_alloc_info+0x40/0x58 [ 22.648185] __kasan_kmalloc+0xd4/0xd8 [ 22.648270] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.648357] kasan_bitops_generic+0xa0/0x1c8 [ 22.648445] kunit_try_run_case+0x170/0x3f0 [ 22.648550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.648662] kthread+0x328/0x630 [ 22.648741] ret_from_fork+0x10/0x20 [ 22.648860] [ 22.648934] The buggy address belongs to the object at fff00000c6191580 [ 22.648934] which belongs to the cache kmalloc-16 of size 16 [ 22.649120] The buggy address is located 8 bytes inside of [ 22.649120] allocated 9-byte region [fff00000c6191580, fff00000c6191589) [ 22.649523] [ 22.649654] The buggy address belongs to the physical page: [ 22.649719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106191 [ 22.649833] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.649963] page_type: f5(slab) [ 22.650059] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 22.650166] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.650243] page dumped because: kasan: bad access detected [ 22.650310] [ 22.650352] Memory state around the buggy address: [ 22.650469] fff00000c6191480: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.650613] fff00000c6191500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.650715] >fff00000c6191580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.650847] ^ [ 22.650942] fff00000c6191600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.651110] fff00000c6191680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.651205] ==================================================================
[ 13.657889] ================================================================== [ 13.658199] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.658768] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.659141] [ 13.659280] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.659400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.659413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.659433] Call Trace: [ 13.659447] <TASK> [ 13.659462] dump_stack_lvl+0x73/0xb0 [ 13.659490] print_report+0xd1/0x650 [ 13.659512] ? __virt_addr_valid+0x1db/0x2d0 [ 13.659535] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.659560] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.659582] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.659607] kasan_report+0x141/0x180 [ 13.659651] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.659682] kasan_check_range+0x10c/0x1c0 [ 13.659705] __kasan_check_write+0x18/0x20 [ 13.659724] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.659748] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.659774] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.659798] ? kasan_bitops_generic+0x92/0x1c0 [ 13.659825] kasan_bitops_generic+0x116/0x1c0 [ 13.659848] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.659873] ? __pfx_read_tsc+0x10/0x10 [ 13.659894] ? ktime_get_ts64+0x86/0x230 [ 13.659917] kunit_try_run_case+0x1a5/0x480 [ 13.659940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.659962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.659984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.660006] ? __kthread_parkme+0x82/0x180 [ 13.660025] ? preempt_count_sub+0x50/0x80 [ 13.660067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.660091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.660112] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.660160] kthread+0x337/0x6f0 [ 13.660179] ? trace_preempt_on+0x20/0xc0 [ 13.660202] ? __pfx_kthread+0x10/0x10 [ 13.660222] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.660244] ? calculate_sigpending+0x7b/0xa0 [ 13.660267] ? __pfx_kthread+0x10/0x10 [ 13.660288] ret_from_fork+0x116/0x1d0 [ 13.660391] ? __pfx_kthread+0x10/0x10 [ 13.660413] ret_from_fork_asm+0x1a/0x30 [ 13.660443] </TASK> [ 13.660453] [ 13.669272] Allocated by task 278: [ 13.669521] kasan_save_stack+0x45/0x70 [ 13.669702] kasan_save_track+0x18/0x40 [ 13.669871] kasan_save_alloc_info+0x3b/0x50 [ 13.670088] __kasan_kmalloc+0xb7/0xc0 [ 13.670557] __kmalloc_cache_noprof+0x189/0x420 [ 13.670792] kasan_bitops_generic+0x92/0x1c0 [ 13.670968] kunit_try_run_case+0x1a5/0x480 [ 13.671142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.671475] kthread+0x337/0x6f0 [ 13.671680] ret_from_fork+0x116/0x1d0 [ 13.671870] ret_from_fork_asm+0x1a/0x30 [ 13.672060] [ 13.672186] The buggy address belongs to the object at ffff8881023854e0 [ 13.672186] which belongs to the cache kmalloc-16 of size 16 [ 13.672725] The buggy address is located 8 bytes inside of [ 13.672725] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.673229] [ 13.673328] The buggy address belongs to the physical page: [ 13.673558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.673875] flags: 0x200000000000000(node=0|zone=2) [ 13.674104] page_type: f5(slab) [ 13.674306] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.674546] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.674780] page dumped because: kasan: bad access detected [ 13.675352] [ 13.675462] Memory state around the buggy address: [ 13.675702] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.676029] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.676453] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.676673] ^ [ 13.676970] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.677423] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.677707] ================================================================== [ 13.678214] ================================================================== [ 13.678692] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.679091] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.679517] [ 13.679617] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.679658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.679670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.679711] Call Trace: [ 13.679726] <TASK> [ 13.679740] dump_stack_lvl+0x73/0xb0 [ 13.679767] print_report+0xd1/0x650 [ 13.679788] ? __virt_addr_valid+0x1db/0x2d0 [ 13.679812] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.679837] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.679859] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.679904] kasan_report+0x141/0x180 [ 13.679925] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.679954] kasan_check_range+0x10c/0x1c0 [ 13.679978] __kasan_check_write+0x18/0x20 [ 13.679997] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.680022] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.680067] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.680092] ? kasan_bitops_generic+0x92/0x1c0 [ 13.680119] kasan_bitops_generic+0x116/0x1c0 [ 13.680152] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.680195] ? __pfx_read_tsc+0x10/0x10 [ 13.680216] ? ktime_get_ts64+0x86/0x230 [ 13.680240] kunit_try_run_case+0x1a5/0x480 [ 13.680264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.680285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.680419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.680443] ? __kthread_parkme+0x82/0x180 [ 13.680464] ? preempt_count_sub+0x50/0x80 [ 13.680488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.680511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.680535] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.680558] kthread+0x337/0x6f0 [ 13.680577] ? trace_preempt_on+0x20/0xc0 [ 13.680601] ? __pfx_kthread+0x10/0x10 [ 13.680621] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.680641] ? calculate_sigpending+0x7b/0xa0 [ 13.680664] ? __pfx_kthread+0x10/0x10 [ 13.680685] ret_from_fork+0x116/0x1d0 [ 13.680703] ? __pfx_kthread+0x10/0x10 [ 13.680723] ret_from_fork_asm+0x1a/0x30 [ 13.680753] </TASK> [ 13.680764] [ 13.689622] Allocated by task 278: [ 13.689803] kasan_save_stack+0x45/0x70 [ 13.690005] kasan_save_track+0x18/0x40 [ 13.690226] kasan_save_alloc_info+0x3b/0x50 [ 13.690609] __kasan_kmalloc+0xb7/0xc0 [ 13.690808] __kmalloc_cache_noprof+0x189/0x420 [ 13.691030] kasan_bitops_generic+0x92/0x1c0 [ 13.691228] kunit_try_run_case+0x1a5/0x480 [ 13.691510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.691745] kthread+0x337/0x6f0 [ 13.691913] ret_from_fork+0x116/0x1d0 [ 13.692093] ret_from_fork_asm+0x1a/0x30 [ 13.692301] [ 13.692377] The buggy address belongs to the object at ffff8881023854e0 [ 13.692377] which belongs to the cache kmalloc-16 of size 16 [ 13.692915] The buggy address is located 8 bytes inside of [ 13.692915] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.693521] [ 13.693620] The buggy address belongs to the physical page: [ 13.693863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.694230] flags: 0x200000000000000(node=0|zone=2) [ 13.694628] page_type: f5(slab) [ 13.694791] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.695133] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.695521] page dumped because: kasan: bad access detected [ 13.695743] [ 13.695836] Memory state around the buggy address: [ 13.696060] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.696503] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.696827] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.697095] ^ [ 13.697416] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.697770] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.698087] ================================================================== [ 13.773196] ================================================================== [ 13.773799] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.774301] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.774804] [ 13.774947] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.775002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.775014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.775036] Call Trace: [ 13.775074] <TASK> [ 13.775089] dump_stack_lvl+0x73/0xb0 [ 13.775116] print_report+0xd1/0x650 [ 13.775156] ? __virt_addr_valid+0x1db/0x2d0 [ 13.775180] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.775206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.775247] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.775280] kasan_report+0x141/0x180 [ 13.775302] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.775342] kasan_check_range+0x10c/0x1c0 [ 13.775365] __kasan_check_write+0x18/0x20 [ 13.775384] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.775409] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.775434] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.775458] ? kasan_bitops_generic+0x92/0x1c0 [ 13.775485] kasan_bitops_generic+0x116/0x1c0 [ 13.775508] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.775531] ? __pfx_read_tsc+0x10/0x10 [ 13.775552] ? ktime_get_ts64+0x86/0x230 [ 13.775575] kunit_try_run_case+0x1a5/0x480 [ 13.775597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.775618] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.775641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.775663] ? __kthread_parkme+0x82/0x180 [ 13.775682] ? preempt_count_sub+0x50/0x80 [ 13.775705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.775728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.775749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.775771] kthread+0x337/0x6f0 [ 13.775789] ? trace_preempt_on+0x20/0xc0 [ 13.775812] ? __pfx_kthread+0x10/0x10 [ 13.775831] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.775851] ? calculate_sigpending+0x7b/0xa0 [ 13.775873] ? __pfx_kthread+0x10/0x10 [ 13.775893] ret_from_fork+0x116/0x1d0 [ 13.775911] ? __pfx_kthread+0x10/0x10 [ 13.775931] ret_from_fork_asm+0x1a/0x30 [ 13.775959] </TASK> [ 13.775970] [ 13.786110] Allocated by task 278: [ 13.786367] kasan_save_stack+0x45/0x70 [ 13.786749] kasan_save_track+0x18/0x40 [ 13.786949] kasan_save_alloc_info+0x3b/0x50 [ 13.787189] __kasan_kmalloc+0xb7/0xc0 [ 13.787343] __kmalloc_cache_noprof+0x189/0x420 [ 13.787493] kasan_bitops_generic+0x92/0x1c0 [ 13.787637] kunit_try_run_case+0x1a5/0x480 [ 13.788088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.788484] kthread+0x337/0x6f0 [ 13.788708] ret_from_fork+0x116/0x1d0 [ 13.788905] ret_from_fork_asm+0x1a/0x30 [ 13.789096] [ 13.789249] The buggy address belongs to the object at ffff8881023854e0 [ 13.789249] which belongs to the cache kmalloc-16 of size 16 [ 13.789744] The buggy address is located 8 bytes inside of [ 13.789744] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.790210] [ 13.790310] The buggy address belongs to the physical page: [ 13.790577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.791543] flags: 0x200000000000000(node=0|zone=2) [ 13.791836] page_type: f5(slab) [ 13.791957] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.792599] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.793000] page dumped because: kasan: bad access detected [ 13.793415] [ 13.793552] Memory state around the buggy address: [ 13.793815] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.794116] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.794533] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.794865] ^ [ 13.795288] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.795753] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.796099] ================================================================== [ 13.751580] ================================================================== [ 13.751828] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.752257] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.752745] [ 13.752840] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.752884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.752895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.752916] Call Trace: [ 13.752933] <TASK> [ 13.752950] dump_stack_lvl+0x73/0xb0 [ 13.752979] print_report+0xd1/0x650 [ 13.753002] ? __virt_addr_valid+0x1db/0x2d0 [ 13.753037] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.753061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.753094] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.753119] kasan_report+0x141/0x180 [ 13.753149] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.753178] kasan_check_range+0x10c/0x1c0 [ 13.753209] __kasan_check_write+0x18/0x20 [ 13.753251] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.753276] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.753530] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.753565] ? kasan_bitops_generic+0x92/0x1c0 [ 13.753593] kasan_bitops_generic+0x116/0x1c0 [ 13.753618] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.753643] ? __pfx_read_tsc+0x10/0x10 [ 13.753665] ? ktime_get_ts64+0x86/0x230 [ 13.753688] kunit_try_run_case+0x1a5/0x480 [ 13.753711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.753732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.753755] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.753777] ? __kthread_parkme+0x82/0x180 [ 13.753796] ? preempt_count_sub+0x50/0x80 [ 13.753820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.753842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.753864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.753886] kthread+0x337/0x6f0 [ 13.753904] ? trace_preempt_on+0x20/0xc0 [ 13.753926] ? __pfx_kthread+0x10/0x10 [ 13.753946] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.753966] ? calculate_sigpending+0x7b/0xa0 [ 13.753988] ? __pfx_kthread+0x10/0x10 [ 13.754009] ret_from_fork+0x116/0x1d0 [ 13.754027] ? __pfx_kthread+0x10/0x10 [ 13.754046] ret_from_fork_asm+0x1a/0x30 [ 13.754076] </TASK> [ 13.754087] [ 13.763652] Allocated by task 278: [ 13.763826] kasan_save_stack+0x45/0x70 [ 13.764008] kasan_save_track+0x18/0x40 [ 13.764279] kasan_save_alloc_info+0x3b/0x50 [ 13.764510] __kasan_kmalloc+0xb7/0xc0 [ 13.764715] __kmalloc_cache_noprof+0x189/0x420 [ 13.764922] kasan_bitops_generic+0x92/0x1c0 [ 13.765117] kunit_try_run_case+0x1a5/0x480 [ 13.765473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.765811] kthread+0x337/0x6f0 [ 13.765993] ret_from_fork+0x116/0x1d0 [ 13.766254] ret_from_fork_asm+0x1a/0x30 [ 13.766525] [ 13.766624] The buggy address belongs to the object at ffff8881023854e0 [ 13.766624] which belongs to the cache kmalloc-16 of size 16 [ 13.767042] The buggy address is located 8 bytes inside of [ 13.767042] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.767575] [ 13.767677] The buggy address belongs to the physical page: [ 13.767926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.768284] flags: 0x200000000000000(node=0|zone=2) [ 13.768589] page_type: f5(slab) [ 13.768716] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.769031] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.769719] page dumped because: kasan: bad access detected [ 13.770015] [ 13.770088] Memory state around the buggy address: [ 13.770557] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.770884] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.771177] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.771557] ^ [ 13.771761] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.772191] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.772681] ================================================================== [ 13.726050] ================================================================== [ 13.726436] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.726991] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.727329] [ 13.727564] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.727610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.727635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.727656] Call Trace: [ 13.727673] <TASK> [ 13.727690] dump_stack_lvl+0x73/0xb0 [ 13.727718] print_report+0xd1/0x650 [ 13.727740] ? __virt_addr_valid+0x1db/0x2d0 [ 13.727764] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.727789] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.727811] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.727846] kasan_report+0x141/0x180 [ 13.727866] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.727907] kasan_check_range+0x10c/0x1c0 [ 13.727930] __kasan_check_write+0x18/0x20 [ 13.727957] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.727982] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.728008] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.728043] ? kasan_bitops_generic+0x92/0x1c0 [ 13.728070] kasan_bitops_generic+0x116/0x1c0 [ 13.728092] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.728117] ? __pfx_read_tsc+0x10/0x10 [ 13.728147] ? ktime_get_ts64+0x86/0x230 [ 13.728171] kunit_try_run_case+0x1a5/0x480 [ 13.728194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.728216] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.728239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.728269] ? __kthread_parkme+0x82/0x180 [ 13.728290] ? preempt_count_sub+0x50/0x80 [ 13.728314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.728356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.728378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.728400] kthread+0x337/0x6f0 [ 13.728418] ? trace_preempt_on+0x20/0xc0 [ 13.728440] ? __pfx_kthread+0x10/0x10 [ 13.728461] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.728480] ? calculate_sigpending+0x7b/0xa0 [ 13.728550] ? __pfx_kthread+0x10/0x10 [ 13.728584] ret_from_fork+0x116/0x1d0 [ 13.728602] ? __pfx_kthread+0x10/0x10 [ 13.728622] ret_from_fork_asm+0x1a/0x30 [ 13.728651] </TASK> [ 13.728662] [ 13.740407] Allocated by task 278: [ 13.740577] kasan_save_stack+0x45/0x70 [ 13.740779] kasan_save_track+0x18/0x40 [ 13.740972] kasan_save_alloc_info+0x3b/0x50 [ 13.741677] __kasan_kmalloc+0xb7/0xc0 [ 13.742021] __kmalloc_cache_noprof+0x189/0x420 [ 13.742418] kasan_bitops_generic+0x92/0x1c0 [ 13.742807] kunit_try_run_case+0x1a5/0x480 [ 13.743135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.743496] kthread+0x337/0x6f0 [ 13.743671] ret_from_fork+0x116/0x1d0 [ 13.744084] ret_from_fork_asm+0x1a/0x30 [ 13.744328] [ 13.744426] The buggy address belongs to the object at ffff8881023854e0 [ 13.744426] which belongs to the cache kmalloc-16 of size 16 [ 13.744930] The buggy address is located 8 bytes inside of [ 13.744930] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.746007] [ 13.746141] The buggy address belongs to the physical page: [ 13.746518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.746907] flags: 0x200000000000000(node=0|zone=2) [ 13.747174] page_type: f5(slab) [ 13.747326] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.747698] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.748007] page dumped because: kasan: bad access detected [ 13.748377] [ 13.748503] Memory state around the buggy address: [ 13.748731] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.748994] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.749344] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.749848] ^ [ 13.750148] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.750623] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.750933] ================================================================== [ 13.615488] ================================================================== [ 13.615952] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.616551] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.616875] [ 13.616968] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.617036] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.617048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.617070] Call Trace: [ 13.617082] <TASK> [ 13.617096] dump_stack_lvl+0x73/0xb0 [ 13.617138] print_report+0xd1/0x650 [ 13.617161] ? __virt_addr_valid+0x1db/0x2d0 [ 13.617186] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.617232] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617258] kasan_report+0x141/0x180 [ 13.617279] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617520] kasan_check_range+0x10c/0x1c0 [ 13.617554] __kasan_check_write+0x18/0x20 [ 13.617574] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617599] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.617625] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.617651] ? kasan_bitops_generic+0x92/0x1c0 [ 13.617679] kasan_bitops_generic+0x116/0x1c0 [ 13.617701] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.617726] ? __pfx_read_tsc+0x10/0x10 [ 13.617748] ? ktime_get_ts64+0x86/0x230 [ 13.617773] kunit_try_run_case+0x1a5/0x480 [ 13.617798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.617820] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.617844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.617866] ? __kthread_parkme+0x82/0x180 [ 13.617887] ? preempt_count_sub+0x50/0x80 [ 13.617910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.617934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.617956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.617978] kthread+0x337/0x6f0 [ 13.617997] ? trace_preempt_on+0x20/0xc0 [ 13.618021] ? __pfx_kthread+0x10/0x10 [ 13.618041] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.618062] ? calculate_sigpending+0x7b/0xa0 [ 13.618085] ? __pfx_kthread+0x10/0x10 [ 13.618106] ret_from_fork+0x116/0x1d0 [ 13.618135] ? __pfx_kthread+0x10/0x10 [ 13.618155] ret_from_fork_asm+0x1a/0x30 [ 13.618186] </TASK> [ 13.618197] [ 13.627587] Allocated by task 278: [ 13.627845] kasan_save_stack+0x45/0x70 [ 13.628114] kasan_save_track+0x18/0x40 [ 13.628375] kasan_save_alloc_info+0x3b/0x50 [ 13.628561] __kasan_kmalloc+0xb7/0xc0 [ 13.628746] __kmalloc_cache_noprof+0x189/0x420 [ 13.628903] kasan_bitops_generic+0x92/0x1c0 [ 13.629215] kunit_try_run_case+0x1a5/0x480 [ 13.629449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.629710] kthread+0x337/0x6f0 [ 13.630071] ret_from_fork+0x116/0x1d0 [ 13.630305] ret_from_fork_asm+0x1a/0x30 [ 13.630603] [ 13.630680] The buggy address belongs to the object at ffff8881023854e0 [ 13.630680] which belongs to the cache kmalloc-16 of size 16 [ 13.631230] The buggy address is located 8 bytes inside of [ 13.631230] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.631890] [ 13.632011] The buggy address belongs to the physical page: [ 13.632239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.632669] flags: 0x200000000000000(node=0|zone=2) [ 13.632831] page_type: f5(slab) [ 13.633055] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.633802] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.634100] page dumped because: kasan: bad access detected [ 13.634329] [ 13.634425] Memory state around the buggy address: [ 13.634748] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.635101] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.635487] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.635750] ^ [ 13.636070] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.636506] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.636758] ================================================================== [ 13.637301] ================================================================== [ 13.637782] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.638136] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.638366] [ 13.638682] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.638727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.638739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.638759] Call Trace: [ 13.638774] <TASK> [ 13.638789] dump_stack_lvl+0x73/0xb0 [ 13.638816] print_report+0xd1/0x650 [ 13.638839] ? __virt_addr_valid+0x1db/0x2d0 [ 13.638862] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.638886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.638908] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.638932] kasan_report+0x141/0x180 [ 13.638954] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.638984] kasan_check_range+0x10c/0x1c0 [ 13.639007] __kasan_check_write+0x18/0x20 [ 13.639052] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.639077] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.639104] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.639138] ? kasan_bitops_generic+0x92/0x1c0 [ 13.639166] kasan_bitops_generic+0x116/0x1c0 [ 13.639189] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.639213] ? __pfx_read_tsc+0x10/0x10 [ 13.639234] ? ktime_get_ts64+0x86/0x230 [ 13.639258] kunit_try_run_case+0x1a5/0x480 [ 13.639281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.639303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.639418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.639441] ? __kthread_parkme+0x82/0x180 [ 13.639462] ? preempt_count_sub+0x50/0x80 [ 13.639485] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.639528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.639552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.639575] kthread+0x337/0x6f0 [ 13.639594] ? trace_preempt_on+0x20/0xc0 [ 13.639617] ? __pfx_kthread+0x10/0x10 [ 13.639638] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.639659] ? calculate_sigpending+0x7b/0xa0 [ 13.639682] ? __pfx_kthread+0x10/0x10 [ 13.639703] ret_from_fork+0x116/0x1d0 [ 13.639721] ? __pfx_kthread+0x10/0x10 [ 13.639741] ret_from_fork_asm+0x1a/0x30 [ 13.639771] </TASK> [ 13.639783] [ 13.648698] Allocated by task 278: [ 13.648868] kasan_save_stack+0x45/0x70 [ 13.649089] kasan_save_track+0x18/0x40 [ 13.649377] kasan_save_alloc_info+0x3b/0x50 [ 13.649542] __kasan_kmalloc+0xb7/0xc0 [ 13.649754] __kmalloc_cache_noprof+0x189/0x420 [ 13.649949] kasan_bitops_generic+0x92/0x1c0 [ 13.650101] kunit_try_run_case+0x1a5/0x480 [ 13.650256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.650504] kthread+0x337/0x6f0 [ 13.650681] ret_from_fork+0x116/0x1d0 [ 13.651180] ret_from_fork_asm+0x1a/0x30 [ 13.651330] [ 13.651402] The buggy address belongs to the object at ffff8881023854e0 [ 13.651402] which belongs to the cache kmalloc-16 of size 16 [ 13.652011] The buggy address is located 8 bytes inside of [ 13.652011] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.652831] [ 13.652950] The buggy address belongs to the physical page: [ 13.653251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.653566] flags: 0x200000000000000(node=0|zone=2) [ 13.653733] page_type: f5(slab) [ 13.653923] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.654452] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.654838] page dumped because: kasan: bad access detected [ 13.655031] [ 13.655102] Memory state around the buggy address: [ 13.655445] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.655795] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.656147] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.656389] ^ [ 13.656672] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.656959] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.657432] ================================================================== [ 13.698738] ================================================================== [ 13.699026] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.699496] Write of size 8 at addr ffff8881023854e8 by task kunit_try_catch/278 [ 13.699840] [ 13.699930] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.699970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.699982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.700003] Call Trace: [ 13.700015] <TASK> [ 13.700029] dump_stack_lvl+0x73/0xb0 [ 13.700078] print_report+0xd1/0x650 [ 13.700099] ? __virt_addr_valid+0x1db/0x2d0 [ 13.700148] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.700174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.700196] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.700221] kasan_report+0x141/0x180 [ 13.700242] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.700271] kasan_check_range+0x10c/0x1c0 [ 13.700418] __kasan_check_write+0x18/0x20 [ 13.700447] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.700473] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.700499] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.700524] ? kasan_bitops_generic+0x92/0x1c0 [ 13.700551] kasan_bitops_generic+0x116/0x1c0 [ 13.700574] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.700599] ? __pfx_read_tsc+0x10/0x10 [ 13.700619] ? ktime_get_ts64+0x86/0x230 [ 13.700644] kunit_try_run_case+0x1a5/0x480 [ 13.700666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.700713] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.700736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.700759] ? __kthread_parkme+0x82/0x180 [ 13.700779] ? preempt_count_sub+0x50/0x80 [ 13.700801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.700824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.700847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.700889] kthread+0x337/0x6f0 [ 13.700908] ? trace_preempt_on+0x20/0xc0 [ 13.700931] ? __pfx_kthread+0x10/0x10 [ 13.700952] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.700972] ? calculate_sigpending+0x7b/0xa0 [ 13.700995] ? __pfx_kthread+0x10/0x10 [ 13.701017] ret_from_fork+0x116/0x1d0 [ 13.701035] ? __pfx_kthread+0x10/0x10 [ 13.701055] ret_from_fork_asm+0x1a/0x30 [ 13.701083] </TASK> [ 13.701094] [ 13.712935] Allocated by task 278: [ 13.713099] kasan_save_stack+0x45/0x70 [ 13.714637] kasan_save_track+0x18/0x40 [ 13.714799] kasan_save_alloc_info+0x3b/0x50 [ 13.715480] __kasan_kmalloc+0xb7/0xc0 [ 13.715668] __kmalloc_cache_noprof+0x189/0x420 [ 13.715830] kasan_bitops_generic+0x92/0x1c0 [ 13.716289] kunit_try_run_case+0x1a5/0x480 [ 13.716569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.716774] kthread+0x337/0x6f0 [ 13.716950] ret_from_fork+0x116/0x1d0 [ 13.717490] ret_from_fork_asm+0x1a/0x30 [ 13.717651] [ 13.717954] The buggy address belongs to the object at ffff8881023854e0 [ 13.717954] which belongs to the cache kmalloc-16 of size 16 [ 13.718858] The buggy address is located 8 bytes inside of [ 13.718858] allocated 9-byte region [ffff8881023854e0, ffff8881023854e9) [ 13.719705] [ 13.719805] The buggy address belongs to the physical page: [ 13.720443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102385 [ 13.720914] flags: 0x200000000000000(node=0|zone=2) [ 13.721310] page_type: f5(slab) [ 13.721665] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.722013] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.722389] page dumped because: kasan: bad access detected [ 13.722892] [ 13.723040] Memory state around the buggy address: [ 13.723296] ffff888102385380: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 13.723723] ffff888102385400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 13.724052] >ffff888102385480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.724540] ^ [ 13.724824] ffff888102385500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.725119] ffff888102385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.725588] ==================================================================