Date
July 5, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.551515] ================================================================== [ 20.551940] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 20.552528] Read of size 8 at addr fff00000c59fcc48 by task kunit_try_catch/261 [ 20.552797] [ 20.553319] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.553796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.554005] Hardware name: linux,dummy-virt (DT) [ 20.554629] Call trace: [ 20.571973] ================================================================== [ 20.490594] ================================================================== [ 20.491074] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 20.491136] Write of size 8 at addr fff00000c59fcc48 by task kunit_try_catch/261 [ 20.491199] [ 20.491234] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.491317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.491346] Hardware name: linux,dummy-virt (DT) [ 20.491377] Call trace: [ 20.491413] show_stack+0x20/0x38 (C) [ 20.491463] dump_stack_lvl+0x8c/0xd0 [ 20.491684] print_report+0x118/0x608 [ 20.492201] kasan_report+0xdc/0x128 [ 20.492284] kasan_check_range+0x100/0x1a8 [ 20.492335] __kasan_check_write+0x20/0x30 [ 20.492380] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 20.492432] kasan_bitops_generic+0x110/0x1c8 [ 20.492758] kunit_try_run_case+0x170/0x3f0 [ 20.492816] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.493027] kthread+0x328/0x630 [ 20.493497] ret_from_fork+0x10/0x20 [ 20.493687] [ 20.493761] Allocated by task 261: [ 20.493799] kasan_save_stack+0x3c/0x68 [ 20.493861] kasan_save_track+0x20/0x40 [ 20.494033] kasan_save_alloc_info+0x40/0x58 [ 20.494081] __kasan_kmalloc+0xd4/0xd8 [ 20.494119] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.494303] kasan_bitops_generic+0xa0/0x1c8 [ 20.494375] kunit_try_run_case+0x170/0x3f0 [ 20.494469] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.494560] kthread+0x328/0x630 [ 20.494637] ret_from_fork+0x10/0x20 [ 20.494674] [ 20.494740] The buggy address belongs to the object at fff00000c59fcc40 [ 20.494740] which belongs to the cache kmalloc-16 of size 16 [ 20.494859] The buggy address is located 8 bytes inside of [ 20.494859] allocated 9-byte region [fff00000c59fcc40, fff00000c59fcc49) [ 20.495001] [ 20.495028] The buggy address belongs to the physical page: [ 20.495172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059fc [ 20.495225] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.495682] page_type: f5(slab) [ 20.495867] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.495991] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.496034] page dumped because: kasan: bad access detected [ 20.496069] [ 20.496401] Memory state around the buggy address: [ 20.496619] fff00000c59fcb00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 20.496860] fff00000c59fcb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.496942] >fff00000c59fcc00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 20.497049] ^ [ 20.497134] fff00000c59fcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.497199] fff00000c59fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.497238] ================================================================== [ 20.525971] ================================================================== [ 20.527205] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 20.527462] Write of size 8 at addr fff00000c59fcc48 by task kunit_try_catch/261 [ 20.527519] [ 20.527553] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.527636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.527664] Hardware name: linux,dummy-virt (DT) [ 20.527697] Call trace: [ 20.527720] show_stack+0x20/0x38 (C) [ 20.527771] dump_stack_lvl+0x8c/0xd0 [ 20.527818] print_report+0x118/0x608 [ 20.527866] kasan_report+0xdc/0x128 [ 20.531177] kasan_check_range+0x100/0x1a8 [ 20.531702] __kasan_check_write+0x20/0x30 [ 20.532366] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 20.532512] kasan_bitops_generic+0x110/0x1c8 [ 20.532929] kunit_try_run_case+0x170/0x3f0 [ 20.534271] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.534650] kthread+0x328/0x630 [ 20.534758] ret_from_fork+0x10/0x20 [ 20.535387] [ 20.535497] Allocated by task 261: [ 20.535604] kasan_save_stack+0x3c/0x68 [ 20.535658] kasan_save_track+0x20/0x40 [ 20.535698] kasan_save_alloc_info+0x40/0x58 [ 20.536569] __kasan_kmalloc+0xd4/0xd8 [ 20.537024] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.537505] kasan_bitops_generic+0xa0/0x1c8 [ 20.537560] kunit_try_run_case+0x170/0x3f0 [ 20.537602] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.537646] kthread+0x328/0x630 [ 20.537683] ret_from_fork+0x10/0x20 [ 20.537721] [ 20.538918] The buggy address belongs to the object at fff00000c59fcc40 [ 20.538918] which belongs to the cache kmalloc-16 of size 16 [ 20.539567] The buggy address is located 8 bytes inside of [ 20.539567] allocated 9-byte region [fff00000c59fcc40, fff00000c59fcc49) [ 20.539697] [ 20.539721] The buggy address belongs to the physical page: [ 20.539756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059fc [ 20.541070] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.541506] page_type: f5(slab) [ 20.541814] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.541868] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.541911] page dumped because: kasan: bad access detected [ 20.542605] [ 20.542920] Memory state around the buggy address: [ 20.543346] fff00000c59fcb00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 20.544229] fff00000c59fcb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.544307] >fff00000c59fcc00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 20.545174] ^ [ 20.545413] fff00000c59fcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.546135] fff00000c59fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.546287] ================================================================== [ 20.501135] ================================================================== [ 20.501549] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 20.502021] Read of size 8 at addr fff00000c59fcc48 by task kunit_try_catch/261 [ 20.502095] [ 20.502248] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.502610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.502650] Hardware name: linux,dummy-virt (DT) [ 20.502684] Call trace: [ 20.502708] show_stack+0x20/0x38 (C) [ 20.502770] dump_stack_lvl+0x8c/0xd0 [ 20.502820] print_report+0x118/0x608 [ 20.503251] kasan_report+0xdc/0x128 [ 20.503330] __asan_report_load8_noabort+0x20/0x30 [ 20.503380] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 20.503481] kasan_bitops_generic+0x110/0x1c8 [ 20.503904] kunit_try_run_case+0x170/0x3f0 [ 20.503959] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.504470] kthread+0x328/0x630 [ 20.504916] ret_from_fork+0x10/0x20 [ 20.505408] [ 20.505713] Allocated by task 261: [ 20.506022] kasan_save_stack+0x3c/0x68 [ 20.507011] kasan_save_track+0x20/0x40 [ 20.507057] kasan_save_alloc_info+0x40/0x58 [ 20.507298] __kasan_kmalloc+0xd4/0xd8 [ 20.507344] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.507385] kasan_bitops_generic+0xa0/0x1c8 [ 20.507426] kunit_try_run_case+0x170/0x3f0 [ 20.507465] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.508475] kthread+0x328/0x630 [ 20.508630] ret_from_fork+0x10/0x20 [ 20.508678] [ 20.508701] The buggy address belongs to the object at fff00000c59fcc40 [ 20.508701] which belongs to the cache kmalloc-16 of size 16 [ 20.510001] The buggy address is located 8 bytes inside of [ 20.510001] allocated 9-byte region [fff00000c59fcc40, fff00000c59fcc49) [ 20.510704] [ 20.510808] The buggy address belongs to the physical page: [ 20.511331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059fc [ 20.511702] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.512305] page_type: f5(slab) [ 20.512357] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.512961] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.513543] page dumped because: kasan: bad access detected [ 20.513646] [ 20.513668] Memory state around the buggy address: [ 20.514128] fff00000c59fcb00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 20.514299] fff00000c59fcb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.515078] >fff00000c59fcc00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 20.515410] ^ [ 20.515786] fff00000c59fcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.516456] fff00000c59fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.516504] ==================================================================
[ 15.849092] ================================================================== [ 15.849520] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.850341] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.850731] [ 15.850874] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.850926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.850941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.850968] Call Trace: [ 15.850985] <TASK> [ 15.851005] dump_stack_lvl+0x73/0xb0 [ 15.851041] print_report+0xd1/0x650 [ 15.851068] ? __virt_addr_valid+0x1db/0x2d0 [ 15.851095] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851125] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.851150] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851180] kasan_report+0x141/0x180 [ 15.851205] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851240] kasan_check_range+0x10c/0x1c0 [ 15.851267] __kasan_check_write+0x18/0x20 [ 15.851291] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851322] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.851352] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.851382] ? trace_hardirqs_on+0x37/0xe0 [ 15.851409] ? kasan_bitops_generic+0x92/0x1c0 [ 15.851441] kasan_bitops_generic+0x116/0x1c0 [ 15.851484] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.851514] ? __pfx_read_tsc+0x10/0x10 [ 15.851538] ? ktime_get_ts64+0x86/0x230 [ 15.851566] kunit_try_run_case+0x1a5/0x480 [ 15.851597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.851622] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.851651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.851678] ? __kthread_parkme+0x82/0x180 [ 15.851702] ? preempt_count_sub+0x50/0x80 [ 15.851730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.851757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.851784] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.851822] kthread+0x337/0x6f0 [ 15.851845] ? trace_preempt_on+0x20/0xc0 [ 15.851870] ? __pfx_kthread+0x10/0x10 [ 15.851895] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.851920] ? calculate_sigpending+0x7b/0xa0 [ 15.851948] ? __pfx_kthread+0x10/0x10 [ 15.851973] ret_from_fork+0x116/0x1d0 [ 15.851996] ? __pfx_kthread+0x10/0x10 [ 15.852020] ret_from_fork_asm+0x1a/0x30 [ 15.852055] </TASK> [ 15.852069] [ 15.861863] Allocated by task 279: [ 15.862067] kasan_save_stack+0x45/0x70 [ 15.862505] kasan_save_track+0x18/0x40 [ 15.862719] kasan_save_alloc_info+0x3b/0x50 [ 15.862975] __kasan_kmalloc+0xb7/0xc0 [ 15.863238] __kmalloc_cache_noprof+0x189/0x420 [ 15.863450] kasan_bitops_generic+0x92/0x1c0 [ 15.863713] kunit_try_run_case+0x1a5/0x480 [ 15.863948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.864196] kthread+0x337/0x6f0 [ 15.864335] ret_from_fork+0x116/0x1d0 [ 15.867377] ret_from_fork_asm+0x1a/0x30 [ 15.868644] [ 15.868797] The buggy address belongs to the object at ffff88810216f120 [ 15.868797] which belongs to the cache kmalloc-16 of size 16 [ 15.870561] The buggy address is located 8 bytes inside of [ 15.870561] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.871899] [ 15.872001] The buggy address belongs to the physical page: [ 15.872213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.872497] flags: 0x200000000000000(node=0|zone=2) [ 15.872692] page_type: f5(slab) [ 15.873914] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.874393] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.874820] page dumped because: kasan: bad access detected [ 15.875691] [ 15.875827] Memory state around the buggy address: [ 15.876289] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.876912] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.877221] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.877667] ^ [ 15.877921] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.878322] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.878747] ================================================================== [ 15.902118] ================================================================== [ 15.902526] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.902968] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.903341] [ 15.903521] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.903572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.903586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.903612] Call Trace: [ 15.903629] <TASK> [ 15.903647] dump_stack_lvl+0x73/0xb0 [ 15.903681] print_report+0xd1/0x650 [ 15.903707] ? __virt_addr_valid+0x1db/0x2d0 [ 15.903733] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.903803] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903834] kasan_report+0x141/0x180 [ 15.903860] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903894] kasan_check_range+0x10c/0x1c0 [ 15.903927] __kasan_check_write+0x18/0x20 [ 15.903952] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903981] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.904012] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.904040] ? trace_hardirqs_on+0x37/0xe0 [ 15.904067] ? kasan_bitops_generic+0x92/0x1c0 [ 15.904115] kasan_bitops_generic+0x116/0x1c0 [ 15.904143] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.904173] ? __pfx_read_tsc+0x10/0x10 [ 15.904198] ? ktime_get_ts64+0x86/0x230 [ 15.904225] kunit_try_run_case+0x1a5/0x480 [ 15.904255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.904281] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.904309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.904336] ? __kthread_parkme+0x82/0x180 [ 15.904360] ? preempt_count_sub+0x50/0x80 [ 15.904388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.904415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.904441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.904468] kthread+0x337/0x6f0 [ 15.904489] ? trace_preempt_on+0x20/0xc0 [ 15.904514] ? __pfx_kthread+0x10/0x10 [ 15.904538] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.904562] ? calculate_sigpending+0x7b/0xa0 [ 15.904590] ? __pfx_kthread+0x10/0x10 [ 15.904613] ret_from_fork+0x116/0x1d0 [ 15.904635] ? __pfx_kthread+0x10/0x10 [ 15.904659] ret_from_fork_asm+0x1a/0x30 [ 15.904694] </TASK> [ 15.904708] [ 15.913619] Allocated by task 279: [ 15.913841] kasan_save_stack+0x45/0x70 [ 15.914066] kasan_save_track+0x18/0x40 [ 15.914281] kasan_save_alloc_info+0x3b/0x50 [ 15.914697] __kasan_kmalloc+0xb7/0xc0 [ 15.914858] __kmalloc_cache_noprof+0x189/0x420 [ 15.915032] kasan_bitops_generic+0x92/0x1c0 [ 15.915197] kunit_try_run_case+0x1a5/0x480 [ 15.915392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.915834] kthread+0x337/0x6f0 [ 15.916193] ret_from_fork+0x116/0x1d0 [ 15.916439] ret_from_fork_asm+0x1a/0x30 [ 15.916678] [ 15.916823] The buggy address belongs to the object at ffff88810216f120 [ 15.916823] which belongs to the cache kmalloc-16 of size 16 [ 15.917464] The buggy address is located 8 bytes inside of [ 15.917464] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.918016] [ 15.918159] The buggy address belongs to the physical page: [ 15.918448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.918814] flags: 0x200000000000000(node=0|zone=2) [ 15.919009] page_type: f5(slab) [ 15.919147] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.919403] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.919916] page dumped because: kasan: bad access detected [ 15.920346] [ 15.920428] Memory state around the buggy address: [ 15.920604] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.920863] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.921103] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.921340] ^ [ 15.921654] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.922038] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.922620] ================================================================== [ 15.825834] ================================================================== [ 15.826390] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.827035] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.827686] [ 15.827841] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.827900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.827915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.827942] Call Trace: [ 15.827957] <TASK> [ 15.827979] dump_stack_lvl+0x73/0xb0 [ 15.828020] print_report+0xd1/0x650 [ 15.828048] ? __virt_addr_valid+0x1db/0x2d0 [ 15.828075] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.828130] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828160] kasan_report+0x141/0x180 [ 15.828185] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828392] kasan_check_range+0x10c/0x1c0 [ 15.828430] __kasan_check_write+0x18/0x20 [ 15.828453] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828483] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.828514] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.828543] ? trace_hardirqs_on+0x37/0xe0 [ 15.828570] ? kasan_bitops_generic+0x92/0x1c0 [ 15.828601] kasan_bitops_generic+0x116/0x1c0 [ 15.828630] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.828659] ? __pfx_read_tsc+0x10/0x10 [ 15.828684] ? ktime_get_ts64+0x86/0x230 [ 15.828714] kunit_try_run_case+0x1a5/0x480 [ 15.828743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.828769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.828815] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.828842] ? __kthread_parkme+0x82/0x180 [ 15.828867] ? preempt_count_sub+0x50/0x80 [ 15.828898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.828925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.828953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.828979] kthread+0x337/0x6f0 [ 15.829001] ? trace_preempt_on+0x20/0xc0 [ 15.829026] ? __pfx_kthread+0x10/0x10 [ 15.829050] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.829075] ? calculate_sigpending+0x7b/0xa0 [ 15.829117] ? __pfx_kthread+0x10/0x10 [ 15.829161] ret_from_fork+0x116/0x1d0 [ 15.829184] ? __pfx_kthread+0x10/0x10 [ 15.829208] ret_from_fork_asm+0x1a/0x30 [ 15.829245] </TASK> [ 15.829261] [ 15.839254] Allocated by task 279: [ 15.839424] kasan_save_stack+0x45/0x70 [ 15.839594] kasan_save_track+0x18/0x40 [ 15.839748] kasan_save_alloc_info+0x3b/0x50 [ 15.840005] __kasan_kmalloc+0xb7/0xc0 [ 15.840421] __kmalloc_cache_noprof+0x189/0x420 [ 15.840692] kasan_bitops_generic+0x92/0x1c0 [ 15.840958] kunit_try_run_case+0x1a5/0x480 [ 15.841165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.841374] kthread+0x337/0x6f0 [ 15.841515] ret_from_fork+0x116/0x1d0 [ 15.841691] ret_from_fork_asm+0x1a/0x30 [ 15.841988] [ 15.842113] The buggy address belongs to the object at ffff88810216f120 [ 15.842113] which belongs to the cache kmalloc-16 of size 16 [ 15.842726] The buggy address is located 8 bytes inside of [ 15.842726] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.843629] [ 15.843751] The buggy address belongs to the physical page: [ 15.844027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.844429] flags: 0x200000000000000(node=0|zone=2) [ 15.844628] page_type: f5(slab) [ 15.844772] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.845250] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.845657] page dumped because: kasan: bad access detected [ 15.845970] [ 15.846097] Memory state around the buggy address: [ 15.846482] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.846890] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.847146] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.847537] ^ [ 15.847771] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.848177] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.848503] ================================================================== [ 15.972154] ================================================================== [ 15.972744] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.973133] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.973683] [ 15.973808] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.973863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.973878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.973905] Call Trace: [ 15.973926] <TASK> [ 15.973948] dump_stack_lvl+0x73/0xb0 [ 15.973983] print_report+0xd1/0x650 [ 15.974233] ? __virt_addr_valid+0x1db/0x2d0 [ 15.974267] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.974323] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974353] kasan_report+0x141/0x180 [ 15.974379] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974414] kasan_check_range+0x10c/0x1c0 [ 15.974442] __kasan_check_write+0x18/0x20 [ 15.974465] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974494] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.974525] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.974554] ? trace_hardirqs_on+0x37/0xe0 [ 15.974581] ? kasan_bitops_generic+0x92/0x1c0 [ 15.974613] kasan_bitops_generic+0x116/0x1c0 [ 15.974639] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.974668] ? __pfx_read_tsc+0x10/0x10 [ 15.974693] ? ktime_get_ts64+0x86/0x230 [ 15.974721] kunit_try_run_case+0x1a5/0x480 [ 15.974750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.974776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.974817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.974843] ? __kthread_parkme+0x82/0x180 [ 15.974868] ? preempt_count_sub+0x50/0x80 [ 15.974895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.974921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.974947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.974973] kthread+0x337/0x6f0 [ 15.974997] ? trace_preempt_on+0x20/0xc0 [ 15.975021] ? __pfx_kthread+0x10/0x10 [ 15.975045] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.975070] ? calculate_sigpending+0x7b/0xa0 [ 15.975112] ? __pfx_kthread+0x10/0x10 [ 15.975137] ret_from_fork+0x116/0x1d0 [ 15.975158] ? __pfx_kthread+0x10/0x10 [ 15.975182] ret_from_fork_asm+0x1a/0x30 [ 15.975218] </TASK> [ 15.975234] [ 15.986569] Allocated by task 279: [ 15.986767] kasan_save_stack+0x45/0x70 [ 15.987139] kasan_save_track+0x18/0x40 [ 15.987359] kasan_save_alloc_info+0x3b/0x50 [ 15.987727] __kasan_kmalloc+0xb7/0xc0 [ 15.988047] __kmalloc_cache_noprof+0x189/0x420 [ 15.988378] kasan_bitops_generic+0x92/0x1c0 [ 15.988633] kunit_try_run_case+0x1a5/0x480 [ 15.988864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.989118] kthread+0x337/0x6f0 [ 15.989545] ret_from_fork+0x116/0x1d0 [ 15.989757] ret_from_fork_asm+0x1a/0x30 [ 15.990101] [ 15.990286] The buggy address belongs to the object at ffff88810216f120 [ 15.990286] which belongs to the cache kmalloc-16 of size 16 [ 15.990955] The buggy address is located 8 bytes inside of [ 15.990955] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.991746] [ 15.991883] The buggy address belongs to the physical page: [ 15.992138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.992519] flags: 0x200000000000000(node=0|zone=2) [ 15.992776] page_type: f5(slab) [ 15.992983] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.993742] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.994211] page dumped because: kasan: bad access detected [ 15.994444] [ 15.994726] Memory state around the buggy address: [ 15.994965] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.995634] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.996059] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.996517] ^ [ 15.996708] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.997305] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.997673] ================================================================== [ 15.923885] ================================================================== [ 15.924622] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925085] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.925447] [ 15.925582] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.925635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.925650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.925676] Call Trace: [ 15.925696] <TASK> [ 15.925715] dump_stack_lvl+0x73/0xb0 [ 15.925750] print_report+0xd1/0x650 [ 15.925776] ? __virt_addr_valid+0x1db/0x2d0 [ 15.925816] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925846] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.925872] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925903] kasan_report+0x141/0x180 [ 15.925929] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925964] kasan_check_range+0x10c/0x1c0 [ 15.925992] __kasan_check_write+0x18/0x20 [ 15.926015] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.926069] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.926102] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.926132] ? trace_hardirqs_on+0x37/0xe0 [ 15.926158] ? kasan_bitops_generic+0x92/0x1c0 [ 15.926189] kasan_bitops_generic+0x116/0x1c0 [ 15.926217] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.926246] ? __pfx_read_tsc+0x10/0x10 [ 15.926271] ? ktime_get_ts64+0x86/0x230 [ 15.926299] kunit_try_run_case+0x1a5/0x480 [ 15.926326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.926352] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.926381] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.926408] ? __kthread_parkme+0x82/0x180 [ 15.926431] ? preempt_count_sub+0x50/0x80 [ 15.926459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.926486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.926513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.926540] kthread+0x337/0x6f0 [ 15.926564] ? trace_preempt_on+0x20/0xc0 [ 15.926590] ? __pfx_kthread+0x10/0x10 [ 15.926614] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.926638] ? calculate_sigpending+0x7b/0xa0 [ 15.926667] ? __pfx_kthread+0x10/0x10 [ 15.926693] ret_from_fork+0x116/0x1d0 [ 15.926714] ? __pfx_kthread+0x10/0x10 [ 15.926739] ret_from_fork_asm+0x1a/0x30 [ 15.926774] </TASK> [ 15.926797] [ 15.936033] Allocated by task 279: [ 15.936270] kasan_save_stack+0x45/0x70 [ 15.936521] kasan_save_track+0x18/0x40 [ 15.936741] kasan_save_alloc_info+0x3b/0x50 [ 15.936944] __kasan_kmalloc+0xb7/0xc0 [ 15.937120] __kmalloc_cache_noprof+0x189/0x420 [ 15.937400] kasan_bitops_generic+0x92/0x1c0 [ 15.937642] kunit_try_run_case+0x1a5/0x480 [ 15.937900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.938205] kthread+0x337/0x6f0 [ 15.938364] ret_from_fork+0x116/0x1d0 [ 15.938517] ret_from_fork_asm+0x1a/0x30 [ 15.938729] [ 15.938852] The buggy address belongs to the object at ffff88810216f120 [ 15.938852] which belongs to the cache kmalloc-16 of size 16 [ 15.939405] The buggy address is located 8 bytes inside of [ 15.939405] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.940149] [ 15.940263] The buggy address belongs to the physical page: [ 15.940548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.940832] flags: 0x200000000000000(node=0|zone=2) [ 15.941097] page_type: f5(slab) [ 15.941359] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.941708] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.941977] page dumped because: kasan: bad access detected [ 15.942173] [ 15.942252] Memory state around the buggy address: [ 15.942497] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.942881] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.943441] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.943847] ^ [ 15.944101] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.944461] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.944783] ================================================================== [ 15.945408] ================================================================== [ 15.946293] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.946700] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.946979] [ 15.947085] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.947137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.947152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.947178] Call Trace: [ 15.947198] <TASK> [ 15.947217] dump_stack_lvl+0x73/0xb0 [ 15.947251] print_report+0xd1/0x650 [ 15.947278] ? __virt_addr_valid+0x1db/0x2d0 [ 15.947335] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.947392] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947422] kasan_report+0x141/0x180 [ 15.947447] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947483] kasan_check_range+0x10c/0x1c0 [ 15.947510] __kasan_check_write+0x18/0x20 [ 15.947532] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947562] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.947592] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.947638] ? trace_hardirqs_on+0x37/0xe0 [ 15.947664] ? kasan_bitops_generic+0x92/0x1c0 [ 15.947696] kasan_bitops_generic+0x116/0x1c0 [ 15.947723] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.947751] ? __pfx_read_tsc+0x10/0x10 [ 15.947775] ? ktime_get_ts64+0x86/0x230 [ 15.947815] kunit_try_run_case+0x1a5/0x480 [ 15.947842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.947867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.947896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.947923] ? __kthread_parkme+0x82/0x180 [ 15.947947] ? preempt_count_sub+0x50/0x80 [ 15.947974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.948001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.948027] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.948052] kthread+0x337/0x6f0 [ 15.948074] ? trace_preempt_on+0x20/0xc0 [ 15.948099] ? __pfx_kthread+0x10/0x10 [ 15.948123] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.948146] ? calculate_sigpending+0x7b/0xa0 [ 15.948174] ? __pfx_kthread+0x10/0x10 [ 15.948197] ret_from_fork+0x116/0x1d0 [ 15.948219] ? __pfx_kthread+0x10/0x10 [ 15.948242] ret_from_fork_asm+0x1a/0x30 [ 15.948278] </TASK> [ 15.948291] [ 15.960925] Allocated by task 279: [ 15.961151] kasan_save_stack+0x45/0x70 [ 15.961387] kasan_save_track+0x18/0x40 [ 15.961546] kasan_save_alloc_info+0x3b/0x50 [ 15.961810] __kasan_kmalloc+0xb7/0xc0 [ 15.962055] __kmalloc_cache_noprof+0x189/0x420 [ 15.962306] kasan_bitops_generic+0x92/0x1c0 [ 15.962563] kunit_try_run_case+0x1a5/0x480 [ 15.962818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.963068] kthread+0x337/0x6f0 [ 15.963381] ret_from_fork+0x116/0x1d0 [ 15.963594] ret_from_fork_asm+0x1a/0x30 [ 15.963809] [ 15.963893] The buggy address belongs to the object at ffff88810216f120 [ 15.963893] which belongs to the cache kmalloc-16 of size 16 [ 15.964407] The buggy address is located 8 bytes inside of [ 15.964407] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.965104] [ 15.965190] The buggy address belongs to the physical page: [ 15.965399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.966027] flags: 0x200000000000000(node=0|zone=2) [ 15.966653] page_type: f5(slab) [ 15.966842] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.967111] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.967594] page dumped because: kasan: bad access detected [ 15.968290] [ 15.968414] Memory state around the buggy address: [ 15.968651] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.969024] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.969647] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.970117] ^ [ 15.970332] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.970686] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.971039] ================================================================== [ 15.998705] ================================================================== [ 15.999088] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000124] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.000402] [ 16.000523] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.000579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.000595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.000621] Call Trace: [ 16.000643] <TASK> [ 16.000664] dump_stack_lvl+0x73/0xb0 [ 16.000701] print_report+0xd1/0x650 [ 16.000728] ? __virt_addr_valid+0x1db/0x2d0 [ 16.000755] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000799] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.000827] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000857] kasan_report+0x141/0x180 [ 16.000883] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000918] kasan_check_range+0x10c/0x1c0 [ 16.000946] __kasan_check_write+0x18/0x20 [ 16.000968] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000997] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 16.001028] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.001057] ? trace_hardirqs_on+0x37/0xe0 [ 16.001082] ? kasan_bitops_generic+0x92/0x1c0 [ 16.001115] kasan_bitops_generic+0x116/0x1c0 [ 16.001142] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.001172] ? __pfx_read_tsc+0x10/0x10 [ 16.001197] ? ktime_get_ts64+0x86/0x230 [ 16.001225] kunit_try_run_case+0x1a5/0x480 [ 16.001252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.001277] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.001305] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.001339] ? __kthread_parkme+0x82/0x180 [ 16.001363] ? preempt_count_sub+0x50/0x80 [ 16.001391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.001478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.001506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.001547] kthread+0x337/0x6f0 [ 16.001570] ? trace_preempt_on+0x20/0xc0 [ 16.001595] ? __pfx_kthread+0x10/0x10 [ 16.001619] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.001645] ? calculate_sigpending+0x7b/0xa0 [ 16.001672] ? __pfx_kthread+0x10/0x10 [ 16.001697] ret_from_fork+0x116/0x1d0 [ 16.001719] ? __pfx_kthread+0x10/0x10 [ 16.001744] ret_from_fork_asm+0x1a/0x30 [ 16.001806] </TASK> [ 16.001820] [ 16.016180] Allocated by task 279: [ 16.016435] kasan_save_stack+0x45/0x70 [ 16.016694] kasan_save_track+0x18/0x40 [ 16.016869] kasan_save_alloc_info+0x3b/0x50 [ 16.017126] __kasan_kmalloc+0xb7/0xc0 [ 16.017411] __kmalloc_cache_noprof+0x189/0x420 [ 16.017762] kasan_bitops_generic+0x92/0x1c0 [ 16.018076] kunit_try_run_case+0x1a5/0x480 [ 16.018367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.018615] kthread+0x337/0x6f0 [ 16.018878] ret_from_fork+0x116/0x1d0 [ 16.019157] ret_from_fork_asm+0x1a/0x30 [ 16.019455] [ 16.019546] The buggy address belongs to the object at ffff88810216f120 [ 16.019546] which belongs to the cache kmalloc-16 of size 16 [ 16.020124] The buggy address is located 8 bytes inside of [ 16.020124] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.020886] [ 16.020977] The buggy address belongs to the physical page: [ 16.021233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.021760] flags: 0x200000000000000(node=0|zone=2) [ 16.022054] page_type: f5(slab) [ 16.022266] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.022759] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.023117] page dumped because: kasan: bad access detected [ 16.023482] [ 16.023612] Memory state around the buggy address: [ 16.023862] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.024291] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.024668] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.025054] ^ [ 16.025347] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.025688] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.026078] ================================================================== [ 15.880424] ================================================================== [ 15.881115] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.881754] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.882094] [ 15.882238] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.882292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.882307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.882333] Call Trace: [ 15.882350] <TASK> [ 15.882371] dump_stack_lvl+0x73/0xb0 [ 15.882406] print_report+0xd1/0x650 [ 15.882434] ? __virt_addr_valid+0x1db/0x2d0 [ 15.882459] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882489] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.882515] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882546] kasan_report+0x141/0x180 [ 15.882573] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882608] kasan_check_range+0x10c/0x1c0 [ 15.882635] __kasan_check_write+0x18/0x20 [ 15.882657] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882686] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.882715] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.882744] ? trace_hardirqs_on+0x37/0xe0 [ 15.882770] ? kasan_bitops_generic+0x92/0x1c0 [ 15.882814] kasan_bitops_generic+0x116/0x1c0 [ 15.882841] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.882870] ? __pfx_read_tsc+0x10/0x10 [ 15.882895] ? ktime_get_ts64+0x86/0x230 [ 15.882923] kunit_try_run_case+0x1a5/0x480 [ 15.882951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.882977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.883004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.883031] ? __kthread_parkme+0x82/0x180 [ 15.883055] ? preempt_count_sub+0x50/0x80 [ 15.883082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.883126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.883152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.883178] kthread+0x337/0x6f0 [ 15.883201] ? trace_preempt_on+0x20/0xc0 [ 15.883226] ? __pfx_kthread+0x10/0x10 [ 15.883250] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.883274] ? calculate_sigpending+0x7b/0xa0 [ 15.883302] ? __pfx_kthread+0x10/0x10 [ 15.883327] ret_from_fork+0x116/0x1d0 [ 15.883349] ? __pfx_kthread+0x10/0x10 [ 15.883372] ret_from_fork_asm+0x1a/0x30 [ 15.883408] </TASK> [ 15.883422] [ 15.892472] Allocated by task 279: [ 15.892679] kasan_save_stack+0x45/0x70 [ 15.892918] kasan_save_track+0x18/0x40 [ 15.893075] kasan_save_alloc_info+0x3b/0x50 [ 15.893338] __kasan_kmalloc+0xb7/0xc0 [ 15.893556] __kmalloc_cache_noprof+0x189/0x420 [ 15.893781] kasan_bitops_generic+0x92/0x1c0 [ 15.894021] kunit_try_run_case+0x1a5/0x480 [ 15.894347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.894566] kthread+0x337/0x6f0 [ 15.894711] ret_from_fork+0x116/0x1d0 [ 15.894941] ret_from_fork_asm+0x1a/0x30 [ 15.895166] [ 15.895286] The buggy address belongs to the object at ffff88810216f120 [ 15.895286] which belongs to the cache kmalloc-16 of size 16 [ 15.895853] The buggy address is located 8 bytes inside of [ 15.895853] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.896402] [ 15.896608] The buggy address belongs to the physical page: [ 15.896874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.897346] flags: 0x200000000000000(node=0|zone=2) [ 15.897545] page_type: f5(slab) [ 15.897685] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.898042] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.898434] page dumped because: kasan: bad access detected [ 15.898833] [ 15.898931] Memory state around the buggy address: [ 15.899116] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.899481] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.899977] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.900351] ^ [ 15.900563] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.900899] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.901208] ==================================================================