Date
July 2, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.471315] ================================================================== [ 20.471385] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 20.472100] Write of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.472270] [ 20.472390] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.472510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.472618] Hardware name: linux,dummy-virt (DT) [ 20.472853] Call trace: [ 20.472949] show_stack+0x20/0x38 (C) [ 20.473056] dump_stack_lvl+0x8c/0xd0 [ 20.473229] print_report+0x118/0x608 [ 20.473333] kasan_report+0xdc/0x128 [ 20.473476] kasan_check_range+0x100/0x1a8 [ 20.473560] __kasan_check_write+0x20/0x30 [ 20.473623] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 20.473676] kasan_bitops_generic+0x110/0x1c8 [ 20.473724] kunit_try_run_case+0x170/0x3f0 [ 20.474142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.474303] kthread+0x328/0x630 [ 20.474422] ret_from_fork+0x10/0x20 [ 20.474703] [ 20.474857] Allocated by task 261: [ 20.474988] kasan_save_stack+0x3c/0x68 [ 20.475056] kasan_save_track+0x20/0x40 [ 20.475198] kasan_save_alloc_info+0x40/0x58 [ 20.475284] __kasan_kmalloc+0xd4/0xd8 [ 20.475513] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.475688] kasan_bitops_generic+0xa0/0x1c8 [ 20.475833] kunit_try_run_case+0x170/0x3f0 [ 20.475984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.476113] kthread+0x328/0x630 [ 20.476199] ret_from_fork+0x10/0x20 [ 20.476433] [ 20.476703] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.476703] which belongs to the cache kmalloc-16 of size 16 [ 20.476874] The buggy address is located 8 bytes inside of [ 20.476874] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.476979] [ 20.477047] The buggy address belongs to the physical page: [ 20.477146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.477207] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.477439] page_type: f5(slab) [ 20.477676] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.477791] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.477936] page dumped because: kasan: bad access detected [ 20.477984] [ 20.478051] Memory state around the buggy address: [ 20.478522] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.479302] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.479382] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.479454] ^ [ 20.479556] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.479630] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.480010] ================================================================== [ 20.501875] ================================================================== [ 20.501995] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 20.502079] Read of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.502214] [ 20.502250] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.502663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.502723] Hardware name: linux,dummy-virt (DT) [ 20.502759] Call trace: [ 20.502867] show_stack+0x20/0x38 (C) [ 20.502928] dump_stack_lvl+0x8c/0xd0 [ 20.502994] print_report+0x118/0x608 [ 20.503099] kasan_report+0xdc/0x128 [ 20.503164] __asan_report_load8_noabort+0x20/0x30 [ 20.503231] kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 20.503436] kasan_bitops_generic+0x110/0x1c8 [ 20.503630] kunit_try_run_case+0x170/0x3f0 [ 20.503751] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.503871] kthread+0x328/0x630 [ 20.503947] ret_from_fork+0x10/0x20 [ 20.503999] [ 20.504026] Allocated by task 261: [ 20.504057] kasan_save_stack+0x3c/0x68 [ 20.504225] kasan_save_track+0x20/0x40 [ 20.504278] kasan_save_alloc_info+0x40/0x58 [ 20.504448] __kasan_kmalloc+0xd4/0xd8 [ 20.504501] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.504541] kasan_bitops_generic+0xa0/0x1c8 [ 20.505294] kunit_try_run_case+0x170/0x3f0 [ 20.505373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.505443] kthread+0x328/0x630 [ 20.505501] ret_from_fork+0x10/0x20 [ 20.505550] [ 20.505598] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.505598] which belongs to the cache kmalloc-16 of size 16 [ 20.505674] The buggy address is located 8 bytes inside of [ 20.505674] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.505739] [ 20.505769] The buggy address belongs to the physical page: [ 20.505819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.505888] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.505940] page_type: f5(slab) [ 20.505989] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.506042] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.506244] page dumped because: kasan: bad access detected [ 20.506330] [ 20.506634] Memory state around the buggy address: [ 20.506686] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.507081] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.507149] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.507280] ^ [ 20.507346] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.507475] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.507541] ================================================================== [ 20.508466] ================================================================== [ 20.508549] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 20.508830] Write of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.508956] [ 20.509036] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.509286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.509469] Hardware name: linux,dummy-virt (DT) [ 20.509684] Call trace: [ 20.509774] show_stack+0x20/0x38 (C) [ 20.509994] dump_stack_lvl+0x8c/0xd0 [ 20.510105] print_report+0x118/0x608 [ 20.510242] kasan_report+0xdc/0x128 [ 20.510377] kasan_check_range+0x100/0x1a8 [ 20.510512] __kasan_check_write+0x20/0x30 [ 20.510621] kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 20.510703] kasan_bitops_generic+0x110/0x1c8 [ 20.510933] kunit_try_run_case+0x170/0x3f0 [ 20.511160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.511559] kthread+0x328/0x630 [ 20.511704] ret_from_fork+0x10/0x20 [ 20.511804] [ 20.511852] Allocated by task 261: [ 20.511883] kasan_save_stack+0x3c/0x68 [ 20.512161] kasan_save_track+0x20/0x40 [ 20.512218] kasan_save_alloc_info+0x40/0x58 [ 20.512747] __kasan_kmalloc+0xd4/0xd8 [ 20.512802] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.512846] kasan_bitops_generic+0xa0/0x1c8 [ 20.513210] kunit_try_run_case+0x170/0x3f0 [ 20.513612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.513677] kthread+0x328/0x630 [ 20.513715] ret_from_fork+0x10/0x20 [ 20.513753] [ 20.513801] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.513801] which belongs to the cache kmalloc-16 of size 16 [ 20.513867] The buggy address is located 8 bytes inside of [ 20.513867] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.513931] [ 20.513978] The buggy address belongs to the physical page: [ 20.514014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.514079] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.514148] page_type: f5(slab) [ 20.514195] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.514247] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.514295] page dumped because: kasan: bad access detected [ 20.514340] [ 20.514369] Memory state around the buggy address: [ 20.514409] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.514465] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.514510] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.514560] ^ [ 20.514607] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.514663] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.514705] ================================================================== [ 20.493966] ================================================================== [ 20.494101] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 20.494203] Write of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.494276] [ 20.494310] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.494529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.494725] Hardware name: linux,dummy-virt (DT) [ 20.494774] Call trace: [ 20.494852] show_stack+0x20/0x38 (C) [ 20.494929] dump_stack_lvl+0x8c/0xd0 [ 20.494985] print_report+0x118/0x608 [ 20.495110] kasan_report+0xdc/0x128 [ 20.495162] kasan_check_range+0x100/0x1a8 [ 20.495214] __kasan_check_write+0x20/0x30 [ 20.495445] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 20.495703] kasan_bitops_generic+0x110/0x1c8 [ 20.495776] kunit_try_run_case+0x170/0x3f0 [ 20.495875] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.495961] kthread+0x328/0x630 [ 20.496068] ret_from_fork+0x10/0x20 [ 20.496124] [ 20.496145] Allocated by task 261: [ 20.496176] kasan_save_stack+0x3c/0x68 [ 20.496236] kasan_save_track+0x20/0x40 [ 20.496423] kasan_save_alloc_info+0x40/0x58 [ 20.496707] __kasan_kmalloc+0xd4/0xd8 [ 20.496879] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.496936] kasan_bitops_generic+0xa0/0x1c8 [ 20.496996] kunit_try_run_case+0x170/0x3f0 [ 20.497185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.497239] kthread+0x328/0x630 [ 20.497408] ret_from_fork+0x10/0x20 [ 20.497635] [ 20.497810] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.497810] which belongs to the cache kmalloc-16 of size 16 [ 20.498202] The buggy address is located 8 bytes inside of [ 20.498202] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.498346] [ 20.498425] The buggy address belongs to the physical page: [ 20.498503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.498672] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.498726] page_type: f5(slab) [ 20.498812] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.499069] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.499146] page dumped because: kasan: bad access detected [ 20.499447] [ 20.499494] Memory state around the buggy address: [ 20.499569] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.499973] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.500099] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.500226] ^ [ 20.500323] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.500475] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.500530] ================================================================== [ 20.515527] ================================================================== [ 20.515597] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 20.516523] Write of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.516766] [ 20.516862] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.516956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.516987] Hardware name: linux,dummy-virt (DT) [ 20.517391] Call trace: [ 20.517446] show_stack+0x20/0x38 (C) [ 20.517532] dump_stack_lvl+0x8c/0xd0 [ 20.517870] print_report+0x118/0x608 [ 20.518196] kasan_report+0xdc/0x128 [ 20.518357] kasan_check_range+0x100/0x1a8 [ 20.518598] __kasan_check_write+0x20/0x30 [ 20.518827] kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 20.518932] kasan_bitops_generic+0x110/0x1c8 [ 20.518995] kunit_try_run_case+0x170/0x3f0 [ 20.519264] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.519455] kthread+0x328/0x630 [ 20.519509] ret_from_fork+0x10/0x20 [ 20.519931] [ 20.520036] Allocated by task 261: [ 20.520081] kasan_save_stack+0x3c/0x68 [ 20.520313] kasan_save_track+0x20/0x40 [ 20.520704] kasan_save_alloc_info+0x40/0x58 [ 20.521057] __kasan_kmalloc+0xd4/0xd8 [ 20.521143] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.521214] kasan_bitops_generic+0xa0/0x1c8 [ 20.521254] kunit_try_run_case+0x170/0x3f0 [ 20.521295] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.521743] kthread+0x328/0x630 [ 20.521914] ret_from_fork+0x10/0x20 [ 20.521987] [ 20.522012] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.522012] which belongs to the cache kmalloc-16 of size 16 [ 20.522311] The buggy address is located 8 bytes inside of [ 20.522311] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.522601] [ 20.523024] The buggy address belongs to the physical page: [ 20.523104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.523430] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.523755] page_type: f5(slab) [ 20.523845] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.523959] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.524027] page dumped because: kasan: bad access detected [ 20.524210] [ 20.524311] Memory state around the buggy address: [ 20.524473] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.524593] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.524842] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.525040] ^ [ 20.525142] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.525258] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.525338] ================================================================== [ 20.542502] ================================================================== [ 20.542554] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 20.542624] Write of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.542676] [ 20.542709] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.542794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.542822] Hardware name: linux,dummy-virt (DT) [ 20.543169] Call trace: [ 20.543212] show_stack+0x20/0x38 (C) [ 20.543268] dump_stack_lvl+0x8c/0xd0 [ 20.543318] print_report+0x118/0x608 [ 20.543368] kasan_report+0xdc/0x128 [ 20.543415] kasan_check_range+0x100/0x1a8 [ 20.543467] __kasan_check_write+0x20/0x30 [ 20.543514] kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 20.543567] kasan_bitops_generic+0x110/0x1c8 [ 20.543630] kunit_try_run_case+0x170/0x3f0 [ 20.543680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.543749] kthread+0x328/0x630 [ 20.543795] ret_from_fork+0x10/0x20 [ 20.543847] [ 20.543878] Allocated by task 261: [ 20.543909] kasan_save_stack+0x3c/0x68 [ 20.543961] kasan_save_track+0x20/0x40 [ 20.544003] kasan_save_alloc_info+0x40/0x58 [ 20.544047] __kasan_kmalloc+0xd4/0xd8 [ 20.544092] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.544134] kasan_bitops_generic+0xa0/0x1c8 [ 20.544174] kunit_try_run_case+0x170/0x3f0 [ 20.544213] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.544259] kthread+0x328/0x630 [ 20.544301] ret_from_fork+0x10/0x20 [ 20.544340] [ 20.544366] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.544366] which belongs to the cache kmalloc-16 of size 16 [ 20.544426] The buggy address is located 8 bytes inside of [ 20.544426] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.544490] [ 20.544520] The buggy address belongs to the physical page: [ 20.544554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.545352] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.545920] page_type: f5(slab) [ 20.546215] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.546540] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.546640] page dumped because: kasan: bad access detected [ 20.546773] [ 20.546826] Memory state around the buggy address: [ 20.546961] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.547046] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.547129] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.547205] ^ [ 20.547270] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.547688] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.547878] ================================================================== [ 20.534196] ================================================================== [ 20.534322] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 20.534398] Write of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.534451] [ 20.534490] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.534717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.534800] Hardware name: linux,dummy-virt (DT) [ 20.534966] Call trace: [ 20.535000] show_stack+0x20/0x38 (C) [ 20.535055] dump_stack_lvl+0x8c/0xd0 [ 20.535156] print_report+0x118/0x608 [ 20.535208] kasan_report+0xdc/0x128 [ 20.535285] kasan_check_range+0x100/0x1a8 [ 20.535480] __kasan_check_write+0x20/0x30 [ 20.535736] kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 20.535866] kasan_bitops_generic+0x110/0x1c8 [ 20.535944] kunit_try_run_case+0x170/0x3f0 [ 20.536259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.536338] kthread+0x328/0x630 [ 20.536385] ret_from_fork+0x10/0x20 [ 20.536436] [ 20.536456] Allocated by task 261: [ 20.536604] kasan_save_stack+0x3c/0x68 [ 20.536677] kasan_save_track+0x20/0x40 [ 20.536731] kasan_save_alloc_info+0x40/0x58 [ 20.537164] __kasan_kmalloc+0xd4/0xd8 [ 20.537313] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.537420] kasan_bitops_generic+0xa0/0x1c8 [ 20.537583] kunit_try_run_case+0x170/0x3f0 [ 20.537670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.537879] kthread+0x328/0x630 [ 20.538160] ret_from_fork+0x10/0x20 [ 20.538280] [ 20.538361] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.538361] which belongs to the cache kmalloc-16 of size 16 [ 20.538543] The buggy address is located 8 bytes inside of [ 20.538543] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.538942] [ 20.539104] The buggy address belongs to the physical page: [ 20.539281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.539863] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.540206] page_type: f5(slab) [ 20.540263] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.540347] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.540626] page dumped because: kasan: bad access detected [ 20.540670] [ 20.540707] Memory state around the buggy address: [ 20.540814] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.541012] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.541066] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.541154] ^ [ 20.541466] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.541658] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.541733] ================================================================== [ 20.483546] ================================================================== [ 20.484114] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 20.484455] Read of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.484626] [ 20.484681] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.484800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.484831] Hardware name: linux,dummy-virt (DT) [ 20.485027] Call trace: [ 20.485236] show_stack+0x20/0x38 (C) [ 20.485299] dump_stack_lvl+0x8c/0xd0 [ 20.485523] print_report+0x118/0x608 [ 20.485888] kasan_report+0xdc/0x128 [ 20.486094] __asan_report_load8_noabort+0x20/0x30 [ 20.486288] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 20.486606] kasan_bitops_generic+0x110/0x1c8 [ 20.486859] kunit_try_run_case+0x170/0x3f0 [ 20.487222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.487362] kthread+0x328/0x630 [ 20.487458] ret_from_fork+0x10/0x20 [ 20.487529] [ 20.487681] Allocated by task 261: [ 20.487879] kasan_save_stack+0x3c/0x68 [ 20.488071] kasan_save_track+0x20/0x40 [ 20.488180] kasan_save_alloc_info+0x40/0x58 [ 20.488550] __kasan_kmalloc+0xd4/0xd8 [ 20.488654] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.488699] kasan_bitops_generic+0xa0/0x1c8 [ 20.489139] kunit_try_run_case+0x170/0x3f0 [ 20.489198] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.489252] kthread+0x328/0x630 [ 20.489512] ret_from_fork+0x10/0x20 [ 20.489681] [ 20.489931] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.489931] which belongs to the cache kmalloc-16 of size 16 [ 20.490121] The buggy address is located 8 bytes inside of [ 20.490121] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.490226] [ 20.490350] The buggy address belongs to the physical page: [ 20.490403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.490601] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.490835] page_type: f5(slab) [ 20.490894] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.490992] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.491037] page dumped because: kasan: bad access detected [ 20.491094] [ 20.491124] Memory state around the buggy address: [ 20.491173] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.491222] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.491268] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.491311] ^ [ 20.491346] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.491399] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.491441] ================================================================== [ 20.526420] ================================================================== [ 20.526473] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 20.526781] Read of size 8 at addr fff00000c3f3eca8 by task kunit_try_catch/261 [ 20.527054] [ 20.527101] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.527197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.527497] Hardware name: linux,dummy-virt (DT) [ 20.527586] Call trace: [ 20.527615] show_stack+0x20/0x38 (C) [ 20.527718] dump_stack_lvl+0x8c/0xd0 [ 20.527837] print_report+0x118/0x608 [ 20.527903] kasan_report+0xdc/0x128 [ 20.528040] __asan_report_load8_noabort+0x20/0x30 [ 20.528114] kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 20.528305] kasan_bitops_generic+0x110/0x1c8 [ 20.528565] kunit_try_run_case+0x170/0x3f0 [ 20.528645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.528752] kthread+0x328/0x630 [ 20.528839] ret_from_fork+0x10/0x20 [ 20.528993] [ 20.529122] Allocated by task 261: [ 20.529372] kasan_save_stack+0x3c/0x68 [ 20.529545] kasan_save_track+0x20/0x40 [ 20.529647] kasan_save_alloc_info+0x40/0x58 [ 20.529870] __kasan_kmalloc+0xd4/0xd8 [ 20.530176] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.530313] kasan_bitops_generic+0xa0/0x1c8 [ 20.530410] kunit_try_run_case+0x170/0x3f0 [ 20.530543] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.530934] kthread+0x328/0x630 [ 20.531066] ret_from_fork+0x10/0x20 [ 20.531238] [ 20.531318] The buggy address belongs to the object at fff00000c3f3eca0 [ 20.531318] which belongs to the cache kmalloc-16 of size 16 [ 20.531415] The buggy address is located 8 bytes inside of [ 20.531415] allocated 9-byte region [fff00000c3f3eca0, fff00000c3f3eca9) [ 20.531492] [ 20.531513] The buggy address belongs to the physical page: [ 20.531892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f3e [ 20.532063] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.532161] page_type: f5(slab) [ 20.532254] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.532329] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.532380] page dumped because: kasan: bad access detected [ 20.532423] [ 20.532453] Memory state around the buggy address: [ 20.532487] fff00000c3f3eb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.532533] fff00000c3f3ec00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.532607] >fff00000c3f3ec80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 20.532656] ^ [ 20.532692] fff00000c3f3ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.532745] fff00000c3f3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.532785] ==================================================================
[ 13.515062] ================================================================== [ 13.515400] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.516005] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.516347] [ 13.516501] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.516546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.516557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.516589] Call Trace: [ 13.516607] <TASK> [ 13.516625] dump_stack_lvl+0x73/0xb0 [ 13.516655] print_report+0xd1/0x650 [ 13.516677] ? __virt_addr_valid+0x1db/0x2d0 [ 13.516700] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.516725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.516746] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.516770] kasan_report+0x141/0x180 [ 13.516791] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.516888] kasan_check_range+0x10c/0x1c0 [ 13.516912] __kasan_check_write+0x18/0x20 [ 13.516942] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.516968] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.516993] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.517018] ? trace_hardirqs_on+0x37/0xe0 [ 13.517040] ? kasan_bitops_generic+0x92/0x1c0 [ 13.517065] kasan_bitops_generic+0x116/0x1c0 [ 13.517088] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.517112] ? __pfx_read_tsc+0x10/0x10 [ 13.517162] ? ktime_get_ts64+0x86/0x230 [ 13.517186] kunit_try_run_case+0x1a5/0x480 [ 13.517237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.517259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.517282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.517303] ? __kthread_parkme+0x82/0x180 [ 13.517323] ? preempt_count_sub+0x50/0x80 [ 13.517346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.517378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.517400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.517427] kthread+0x337/0x6f0 [ 13.517446] ? trace_preempt_on+0x20/0xc0 [ 13.517467] ? __pfx_kthread+0x10/0x10 [ 13.517487] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.517507] ? calculate_sigpending+0x7b/0xa0 [ 13.517530] ? __pfx_kthread+0x10/0x10 [ 13.517551] ret_from_fork+0x116/0x1d0 [ 13.517609] ? __pfx_kthread+0x10/0x10 [ 13.517631] ret_from_fork_asm+0x1a/0x30 [ 13.517661] </TASK> [ 13.517672] [ 13.528231] Allocated by task 280: [ 13.528469] kasan_save_stack+0x45/0x70 [ 13.528934] kasan_save_track+0x18/0x40 [ 13.529199] kasan_save_alloc_info+0x3b/0x50 [ 13.529442] __kasan_kmalloc+0xb7/0xc0 [ 13.529574] __kmalloc_cache_noprof+0x189/0x420 [ 13.529728] kasan_bitops_generic+0x92/0x1c0 [ 13.530156] kunit_try_run_case+0x1a5/0x480 [ 13.530626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.530939] kthread+0x337/0x6f0 [ 13.531087] ret_from_fork+0x116/0x1d0 [ 13.531244] ret_from_fork_asm+0x1a/0x30 [ 13.531396] [ 13.531490] The buggy address belongs to the object at ffff8881027960e0 [ 13.531490] which belongs to the cache kmalloc-16 of size 16 [ 13.532374] The buggy address is located 8 bytes inside of [ 13.532374] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.533001] [ 13.533352] The buggy address belongs to the physical page: [ 13.533762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.534216] flags: 0x200000000000000(node=0|zone=2) [ 13.534420] page_type: f5(slab) [ 13.534651] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.535054] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.535427] page dumped because: kasan: bad access detected [ 13.535816] [ 13.535965] Memory state around the buggy address: [ 13.536258] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.536591] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.537272] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.537714] ^ [ 13.538012] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.538347] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.538751] ================================================================== [ 13.492177] ================================================================== [ 13.492556] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.493082] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.493458] [ 13.493612] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.493765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.493777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.493809] Call Trace: [ 13.493821] <TASK> [ 13.493839] dump_stack_lvl+0x73/0xb0 [ 13.493869] print_report+0xd1/0x650 [ 13.493892] ? __virt_addr_valid+0x1db/0x2d0 [ 13.493916] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.493940] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.493962] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.493986] kasan_report+0x141/0x180 [ 13.494009] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.494069] kasan_check_range+0x10c/0x1c0 [ 13.494094] __kasan_check_write+0x18/0x20 [ 13.494129] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.494166] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.494191] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.494215] ? trace_hardirqs_on+0x37/0xe0 [ 13.494238] ? kasan_bitops_generic+0x92/0x1c0 [ 13.494265] kasan_bitops_generic+0x116/0x1c0 [ 13.494289] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.494313] ? __pfx_read_tsc+0x10/0x10 [ 13.494334] ? ktime_get_ts64+0x86/0x230 [ 13.494369] kunit_try_run_case+0x1a5/0x480 [ 13.494394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.494416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.494439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.494461] ? __kthread_parkme+0x82/0x180 [ 13.494481] ? preempt_count_sub+0x50/0x80 [ 13.494506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.494528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.494550] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.494618] kthread+0x337/0x6f0 [ 13.494640] ? trace_preempt_on+0x20/0xc0 [ 13.494661] ? __pfx_kthread+0x10/0x10 [ 13.494681] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.494701] ? calculate_sigpending+0x7b/0xa0 [ 13.494725] ? __pfx_kthread+0x10/0x10 [ 13.494746] ret_from_fork+0x116/0x1d0 [ 13.494764] ? __pfx_kthread+0x10/0x10 [ 13.494783] ret_from_fork_asm+0x1a/0x30 [ 13.494814] </TASK> [ 13.494824] [ 13.504797] Allocated by task 280: [ 13.505054] kasan_save_stack+0x45/0x70 [ 13.505257] kasan_save_track+0x18/0x40 [ 13.505472] kasan_save_alloc_info+0x3b/0x50 [ 13.505779] __kasan_kmalloc+0xb7/0xc0 [ 13.505988] __kmalloc_cache_noprof+0x189/0x420 [ 13.506417] kasan_bitops_generic+0x92/0x1c0 [ 13.506707] kunit_try_run_case+0x1a5/0x480 [ 13.506948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.507227] kthread+0x337/0x6f0 [ 13.507454] ret_from_fork+0x116/0x1d0 [ 13.507643] ret_from_fork_asm+0x1a/0x30 [ 13.507844] [ 13.508211] The buggy address belongs to the object at ffff8881027960e0 [ 13.508211] which belongs to the cache kmalloc-16 of size 16 [ 13.508759] The buggy address is located 8 bytes inside of [ 13.508759] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.509334] [ 13.509476] The buggy address belongs to the physical page: [ 13.509788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.510197] flags: 0x200000000000000(node=0|zone=2) [ 13.510457] page_type: f5(slab) [ 13.510715] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.511131] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.511412] page dumped because: kasan: bad access detected [ 13.511613] [ 13.511784] Memory state around the buggy address: [ 13.512013] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.512327] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.512843] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.513384] ^ [ 13.513688] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.514045] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.514406] ================================================================== [ 13.467271] ================================================================== [ 13.467976] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.468341] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.468613] [ 13.468841] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.468890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.468902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.468924] Call Trace: [ 13.468936] <TASK> [ 13.468954] dump_stack_lvl+0x73/0xb0 [ 13.468984] print_report+0xd1/0x650 [ 13.469036] ? __virt_addr_valid+0x1db/0x2d0 [ 13.469058] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.469083] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.469121] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.469145] kasan_report+0x141/0x180 [ 13.469166] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.469195] kasan_check_range+0x10c/0x1c0 [ 13.469218] __kasan_check_write+0x18/0x20 [ 13.469236] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.469261] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.469286] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.469310] ? trace_hardirqs_on+0x37/0xe0 [ 13.469334] ? kasan_bitops_generic+0x92/0x1c0 [ 13.469372] kasan_bitops_generic+0x116/0x1c0 [ 13.469395] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.469418] ? __pfx_read_tsc+0x10/0x10 [ 13.469440] ? ktime_get_ts64+0x86/0x230 [ 13.469482] kunit_try_run_case+0x1a5/0x480 [ 13.469508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.469529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.469552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.469573] ? __kthread_parkme+0x82/0x180 [ 13.469594] ? preempt_count_sub+0x50/0x80 [ 13.469617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.469656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.469677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.469740] kthread+0x337/0x6f0 [ 13.469760] ? trace_preempt_on+0x20/0xc0 [ 13.469781] ? __pfx_kthread+0x10/0x10 [ 13.469801] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.469821] ? calculate_sigpending+0x7b/0xa0 [ 13.469843] ? __pfx_kthread+0x10/0x10 [ 13.469863] ret_from_fork+0x116/0x1d0 [ 13.469880] ? __pfx_kthread+0x10/0x10 [ 13.469901] ret_from_fork_asm+0x1a/0x30 [ 13.469930] </TASK> [ 13.469942] [ 13.480895] Allocated by task 280: [ 13.481189] kasan_save_stack+0x45/0x70 [ 13.481468] kasan_save_track+0x18/0x40 [ 13.481684] kasan_save_alloc_info+0x3b/0x50 [ 13.481975] __kasan_kmalloc+0xb7/0xc0 [ 13.482205] __kmalloc_cache_noprof+0x189/0x420 [ 13.482418] kasan_bitops_generic+0x92/0x1c0 [ 13.482885] kunit_try_run_case+0x1a5/0x480 [ 13.483161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.483479] kthread+0x337/0x6f0 [ 13.483689] ret_from_fork+0x116/0x1d0 [ 13.483923] ret_from_fork_asm+0x1a/0x30 [ 13.484131] [ 13.484256] The buggy address belongs to the object at ffff8881027960e0 [ 13.484256] which belongs to the cache kmalloc-16 of size 16 [ 13.484909] The buggy address is located 8 bytes inside of [ 13.484909] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.485464] [ 13.485574] The buggy address belongs to the physical page: [ 13.485963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.486339] flags: 0x200000000000000(node=0|zone=2) [ 13.486591] page_type: f5(slab) [ 13.486877] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.487432] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.487694] page dumped because: kasan: bad access detected [ 13.488084] [ 13.488267] Memory state around the buggy address: [ 13.488750] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.489117] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.489446] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.489888] ^ [ 13.490190] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.490522] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.491025] ================================================================== [ 13.604791] ================================================================== [ 13.605725] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.606059] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.606381] [ 13.606491] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.606545] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.606556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.606576] Call Trace: [ 13.606637] <TASK> [ 13.606654] dump_stack_lvl+0x73/0xb0 [ 13.606683] print_report+0xd1/0x650 [ 13.606716] ? __virt_addr_valid+0x1db/0x2d0 [ 13.606738] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.606763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.606795] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.606823] kasan_report+0x141/0x180 [ 13.606845] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.606874] kasan_check_range+0x10c/0x1c0 [ 13.606905] __kasan_check_write+0x18/0x20 [ 13.606925] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.606949] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.606985] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.607010] ? trace_hardirqs_on+0x37/0xe0 [ 13.607030] ? kasan_bitops_generic+0x92/0x1c0 [ 13.607057] kasan_bitops_generic+0x116/0x1c0 [ 13.607079] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.607112] ? __pfx_read_tsc+0x10/0x10 [ 13.607132] ? ktime_get_ts64+0x86/0x230 [ 13.607155] kunit_try_run_case+0x1a5/0x480 [ 13.607188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.607210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.607232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.607253] ? __kthread_parkme+0x82/0x180 [ 13.607274] ? preempt_count_sub+0x50/0x80 [ 13.607296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.607319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.607341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.607380] kthread+0x337/0x6f0 [ 13.607398] ? trace_preempt_on+0x20/0xc0 [ 13.607419] ? __pfx_kthread+0x10/0x10 [ 13.607449] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.607469] ? calculate_sigpending+0x7b/0xa0 [ 13.607491] ? __pfx_kthread+0x10/0x10 [ 13.607512] ret_from_fork+0x116/0x1d0 [ 13.607530] ? __pfx_kthread+0x10/0x10 [ 13.607549] ret_from_fork_asm+0x1a/0x30 [ 13.607613] </TASK> [ 13.607624] [ 13.616562] Allocated by task 280: [ 13.616777] kasan_save_stack+0x45/0x70 [ 13.616979] kasan_save_track+0x18/0x40 [ 13.617341] kasan_save_alloc_info+0x3b/0x50 [ 13.617518] __kasan_kmalloc+0xb7/0xc0 [ 13.617654] __kmalloc_cache_noprof+0x189/0x420 [ 13.617809] kasan_bitops_generic+0x92/0x1c0 [ 13.617982] kunit_try_run_case+0x1a5/0x480 [ 13.618184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.618517] kthread+0x337/0x6f0 [ 13.618715] ret_from_fork+0x116/0x1d0 [ 13.618955] ret_from_fork_asm+0x1a/0x30 [ 13.619099] [ 13.619170] The buggy address belongs to the object at ffff8881027960e0 [ 13.619170] which belongs to the cache kmalloc-16 of size 16 [ 13.619793] The buggy address is located 8 bytes inside of [ 13.619793] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.620348] [ 13.620437] The buggy address belongs to the physical page: [ 13.620807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.621155] flags: 0x200000000000000(node=0|zone=2) [ 13.621386] page_type: f5(slab) [ 13.621549] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.622103] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.622403] page dumped because: kasan: bad access detected [ 13.622575] [ 13.622646] Memory state around the buggy address: [ 13.622833] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.623232] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.623721] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.624198] ^ [ 13.624411] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.624964] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.625284] ================================================================== [ 13.562506] ================================================================== [ 13.562744] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.563286] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.563786] [ 13.563927] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.564009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.564021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.564064] Call Trace: [ 13.564083] <TASK> [ 13.564101] dump_stack_lvl+0x73/0xb0 [ 13.564131] print_report+0xd1/0x650 [ 13.564155] ? __virt_addr_valid+0x1db/0x2d0 [ 13.564178] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.564204] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.564226] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.564250] kasan_report+0x141/0x180 [ 13.564272] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.564301] kasan_check_range+0x10c/0x1c0 [ 13.564324] __kasan_check_write+0x18/0x20 [ 13.564342] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.564409] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.564435] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.564471] ? trace_hardirqs_on+0x37/0xe0 [ 13.564494] ? kasan_bitops_generic+0x92/0x1c0 [ 13.564519] kasan_bitops_generic+0x116/0x1c0 [ 13.564542] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.564615] ? __pfx_read_tsc+0x10/0x10 [ 13.564639] ? ktime_get_ts64+0x86/0x230 [ 13.564663] kunit_try_run_case+0x1a5/0x480 [ 13.564687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.564709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.564732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.564755] ? __kthread_parkme+0x82/0x180 [ 13.564775] ? preempt_count_sub+0x50/0x80 [ 13.564799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.564822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.564844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.564866] kthread+0x337/0x6f0 [ 13.564884] ? trace_preempt_on+0x20/0xc0 [ 13.564905] ? __pfx_kthread+0x10/0x10 [ 13.564925] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.564946] ? calculate_sigpending+0x7b/0xa0 [ 13.564969] ? __pfx_kthread+0x10/0x10 [ 13.564990] ret_from_fork+0x116/0x1d0 [ 13.565007] ? __pfx_kthread+0x10/0x10 [ 13.565028] ret_from_fork_asm+0x1a/0x30 [ 13.565058] </TASK> [ 13.565069] [ 13.574425] Allocated by task 280: [ 13.574571] kasan_save_stack+0x45/0x70 [ 13.574815] kasan_save_track+0x18/0x40 [ 13.575047] kasan_save_alloc_info+0x3b/0x50 [ 13.575286] __kasan_kmalloc+0xb7/0xc0 [ 13.575495] __kmalloc_cache_noprof+0x189/0x420 [ 13.575746] kasan_bitops_generic+0x92/0x1c0 [ 13.575900] kunit_try_run_case+0x1a5/0x480 [ 13.576188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.576474] kthread+0x337/0x6f0 [ 13.576665] ret_from_fork+0x116/0x1d0 [ 13.576973] ret_from_fork_asm+0x1a/0x30 [ 13.577124] [ 13.577234] The buggy address belongs to the object at ffff8881027960e0 [ 13.577234] which belongs to the cache kmalloc-16 of size 16 [ 13.577759] The buggy address is located 8 bytes inside of [ 13.577759] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.578625] [ 13.578748] The buggy address belongs to the physical page: [ 13.578998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.579343] flags: 0x200000000000000(node=0|zone=2) [ 13.579653] page_type: f5(slab) [ 13.579849] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.580133] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.580484] page dumped because: kasan: bad access detected [ 13.580833] [ 13.580930] Memory state around the buggy address: [ 13.581115] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.581332] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.581575] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.582123] ^ [ 13.582555] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.583090] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.583439] ================================================================== [ 13.583821] ================================================================== [ 13.584087] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.584502] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.584885] [ 13.585060] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.585126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.585138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.585159] Call Trace: [ 13.585185] <TASK> [ 13.585202] dump_stack_lvl+0x73/0xb0 [ 13.585229] print_report+0xd1/0x650 [ 13.585251] ? __virt_addr_valid+0x1db/0x2d0 [ 13.585283] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.585307] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.585329] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.585373] kasan_report+0x141/0x180 [ 13.585393] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.585422] kasan_check_range+0x10c/0x1c0 [ 13.585446] __kasan_check_write+0x18/0x20 [ 13.585465] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.585491] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.585516] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.585541] ? trace_hardirqs_on+0x37/0xe0 [ 13.585564] ? kasan_bitops_generic+0x92/0x1c0 [ 13.585625] kasan_bitops_generic+0x116/0x1c0 [ 13.585650] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.585674] ? __pfx_read_tsc+0x10/0x10 [ 13.585695] ? ktime_get_ts64+0x86/0x230 [ 13.585718] kunit_try_run_case+0x1a5/0x480 [ 13.585742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.585763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.585786] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.585808] ? __kthread_parkme+0x82/0x180 [ 13.585828] ? preempt_count_sub+0x50/0x80 [ 13.585851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.585873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.585895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.585917] kthread+0x337/0x6f0 [ 13.585936] ? trace_preempt_on+0x20/0xc0 [ 13.585957] ? __pfx_kthread+0x10/0x10 [ 13.585987] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.586007] ? calculate_sigpending+0x7b/0xa0 [ 13.586030] ? __pfx_kthread+0x10/0x10 [ 13.586061] ret_from_fork+0x116/0x1d0 [ 13.586079] ? __pfx_kthread+0x10/0x10 [ 13.586099] ret_from_fork_asm+0x1a/0x30 [ 13.586136] </TASK> [ 13.586147] [ 13.595226] Allocated by task 280: [ 13.595370] kasan_save_stack+0x45/0x70 [ 13.595576] kasan_save_track+0x18/0x40 [ 13.596032] kasan_save_alloc_info+0x3b/0x50 [ 13.596283] __kasan_kmalloc+0xb7/0xc0 [ 13.596503] __kmalloc_cache_noprof+0x189/0x420 [ 13.596947] kasan_bitops_generic+0x92/0x1c0 [ 13.597102] kunit_try_run_case+0x1a5/0x480 [ 13.597262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.597522] kthread+0x337/0x6f0 [ 13.597895] ret_from_fork+0x116/0x1d0 [ 13.598101] ret_from_fork_asm+0x1a/0x30 [ 13.598257] [ 13.598327] The buggy address belongs to the object at ffff8881027960e0 [ 13.598327] which belongs to the cache kmalloc-16 of size 16 [ 13.598990] The buggy address is located 8 bytes inside of [ 13.598990] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.599628] [ 13.599710] The buggy address belongs to the physical page: [ 13.599883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.600317] flags: 0x200000000000000(node=0|zone=2) [ 13.600733] page_type: f5(slab) [ 13.600915] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.601213] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.601538] page dumped because: kasan: bad access detected [ 13.601901] [ 13.601974] Memory state around the buggy address: [ 13.602130] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.602386] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.602901] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.603250] ^ [ 13.603625] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.603964] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.604220] ================================================================== [ 13.625827] ================================================================== [ 13.626251] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.626652] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.626877] [ 13.626982] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.627087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.627101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.627133] Call Trace: [ 13.627148] <TASK> [ 13.627164] dump_stack_lvl+0x73/0xb0 [ 13.627190] print_report+0xd1/0x650 [ 13.627212] ? __virt_addr_valid+0x1db/0x2d0 [ 13.627234] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.627259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.627279] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.627316] kasan_report+0x141/0x180 [ 13.627338] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.627383] kasan_check_range+0x10c/0x1c0 [ 13.627406] __kasan_check_write+0x18/0x20 [ 13.627424] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.627460] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.627485] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.627508] ? trace_hardirqs_on+0x37/0xe0 [ 13.627540] ? kasan_bitops_generic+0x92/0x1c0 [ 13.627567] kasan_bitops_generic+0x116/0x1c0 [ 13.627589] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.627612] ? __pfx_read_tsc+0x10/0x10 [ 13.627632] ? ktime_get_ts64+0x86/0x230 [ 13.627655] kunit_try_run_case+0x1a5/0x480 [ 13.627682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.627703] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.627726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.627748] ? __kthread_parkme+0x82/0x180 [ 13.627767] ? preempt_count_sub+0x50/0x80 [ 13.627799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.627822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.627844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.627911] kthread+0x337/0x6f0 [ 13.627941] ? trace_preempt_on+0x20/0xc0 [ 13.627962] ? __pfx_kthread+0x10/0x10 [ 13.627982] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.628003] ? calculate_sigpending+0x7b/0xa0 [ 13.628027] ? __pfx_kthread+0x10/0x10 [ 13.628047] ret_from_fork+0x116/0x1d0 [ 13.628064] ? __pfx_kthread+0x10/0x10 [ 13.628097] ret_from_fork_asm+0x1a/0x30 [ 13.628127] </TASK> [ 13.628140] [ 13.637046] Allocated by task 280: [ 13.637230] kasan_save_stack+0x45/0x70 [ 13.637646] kasan_save_track+0x18/0x40 [ 13.637877] kasan_save_alloc_info+0x3b/0x50 [ 13.638032] __kasan_kmalloc+0xb7/0xc0 [ 13.638192] __kmalloc_cache_noprof+0x189/0x420 [ 13.638442] kasan_bitops_generic+0x92/0x1c0 [ 13.638716] kunit_try_run_case+0x1a5/0x480 [ 13.639075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.639248] kthread+0x337/0x6f0 [ 13.639377] ret_from_fork+0x116/0x1d0 [ 13.639506] ret_from_fork_asm+0x1a/0x30 [ 13.639775] [ 13.639905] The buggy address belongs to the object at ffff8881027960e0 [ 13.639905] which belongs to the cache kmalloc-16 of size 16 [ 13.640441] The buggy address is located 8 bytes inside of [ 13.640441] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.640973] [ 13.641049] The buggy address belongs to the physical page: [ 13.641220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.641549] flags: 0x200000000000000(node=0|zone=2) [ 13.642035] page_type: f5(slab) [ 13.642233] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.642680] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.643057] page dumped because: kasan: bad access detected [ 13.643236] [ 13.643316] Memory state around the buggy address: [ 13.643549] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.644161] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.644412] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.644821] ^ [ 13.645212] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.645555] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.645899] ================================================================== [ 13.539387] ================================================================== [ 13.539723] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.540391] Write of size 8 at addr ffff8881027960e8 by task kunit_try_catch/280 [ 13.540870] [ 13.541079] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.541125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.541136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.541177] Call Trace: [ 13.541195] <TASK> [ 13.541214] dump_stack_lvl+0x73/0xb0 [ 13.541255] print_report+0xd1/0x650 [ 13.541278] ? __virt_addr_valid+0x1db/0x2d0 [ 13.541301] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.541325] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.541346] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.541382] kasan_report+0x141/0x180 [ 13.541402] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.541432] kasan_check_range+0x10c/0x1c0 [ 13.541454] __kasan_check_write+0x18/0x20 [ 13.541472] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.541496] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.541522] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.541546] ? trace_hardirqs_on+0x37/0xe0 [ 13.541569] ? kasan_bitops_generic+0x92/0x1c0 [ 13.541595] kasan_bitops_generic+0x116/0x1c0 [ 13.541618] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.541666] ? __pfx_read_tsc+0x10/0x10 [ 13.541688] ? ktime_get_ts64+0x86/0x230 [ 13.541712] kunit_try_run_case+0x1a5/0x480 [ 13.541746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.541768] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.541791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.541814] ? __kthread_parkme+0x82/0x180 [ 13.541835] ? preempt_count_sub+0x50/0x80 [ 13.541858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.541880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.541903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.541925] kthread+0x337/0x6f0 [ 13.541944] ? trace_preempt_on+0x20/0xc0 [ 13.541965] ? __pfx_kthread+0x10/0x10 [ 13.541984] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.542004] ? calculate_sigpending+0x7b/0xa0 [ 13.542028] ? __pfx_kthread+0x10/0x10 [ 13.542048] ret_from_fork+0x116/0x1d0 [ 13.542066] ? __pfx_kthread+0x10/0x10 [ 13.542086] ret_from_fork_asm+0x1a/0x30 [ 13.542116] </TASK> [ 13.542126] [ 13.551986] Allocated by task 280: [ 13.552254] kasan_save_stack+0x45/0x70 [ 13.552584] kasan_save_track+0x18/0x40 [ 13.552916] kasan_save_alloc_info+0x3b/0x50 [ 13.553159] __kasan_kmalloc+0xb7/0xc0 [ 13.553322] __kmalloc_cache_noprof+0x189/0x420 [ 13.553486] kasan_bitops_generic+0x92/0x1c0 [ 13.553673] kunit_try_run_case+0x1a5/0x480 [ 13.553888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.554149] kthread+0x337/0x6f0 [ 13.554391] ret_from_fork+0x116/0x1d0 [ 13.554599] ret_from_fork_asm+0x1a/0x30 [ 13.554961] [ 13.555094] The buggy address belongs to the object at ffff8881027960e0 [ 13.555094] which belongs to the cache kmalloc-16 of size 16 [ 13.555526] The buggy address is located 8 bytes inside of [ 13.555526] allocated 9-byte region [ffff8881027960e0, ffff8881027960e9) [ 13.556315] [ 13.556729] The buggy address belongs to the physical page: [ 13.557001] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102796 [ 13.557382] flags: 0x200000000000000(node=0|zone=2) [ 13.557722] page_type: f5(slab) [ 13.557950] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.558305] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.558674] page dumped because: kasan: bad access detected [ 13.559055] [ 13.559132] Memory state around the buggy address: [ 13.559412] ffff888102795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.559844] ffff888102796000: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.560054] >ffff888102796080: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.560431] ^ [ 13.561154] ffff888102796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.561494] ffff888102796180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.562015] ==================================================================