Date
July 12, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.948656] ================================================================== [ 18.949002] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 18.949134] Read of size 8 at addr fff00000c45d1b08 by task kunit_try_catch/261 [ 18.949199] [ 18.949588] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.949696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.949853] Hardware name: linux,dummy-virt (DT) [ 18.949897] Call trace: [ 18.949940] show_stack+0x20/0x38 (C) [ 18.950140] dump_stack_lvl+0x8c/0xd0 [ 18.950376] print_report+0x118/0x5d0 [ 18.950466] kasan_report+0xdc/0x128 [ 18.950561] __asan_report_load8_noabort+0x20/0x30 [ 18.950619] kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 18.950683] kasan_bitops_generic+0x11c/0x1c8 [ 18.950754] kunit_try_run_case+0x170/0x3f0 [ 18.950805] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.950861] kthread+0x328/0x630 [ 18.950958] [ 18.950978] Allocated by task 261: [ 18.951054] kasan_save_track+0x20/0x40 [ 18.951104] kasan_save_alloc_info+0x40/0x58 [ 18.951148] __kasan_kmalloc+0xd4/0xd8 [ 18.951413] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.951689] kasan_bitops_generic+0xa0/0x1c8 [ 18.951992] kthread+0x328/0x630 [ 18.952157] [ 18.952416] The buggy address is located 8 bytes inside of [ 18.952416] allocated 9-byte region [fff00000c45d1b00, fff00000c45d1b09) [ 18.952997] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.953393] page_type: f5(slab) [ 18.953459] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 18.953590] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.953705] page dumped because: kasan: bad access detected [ 18.953808] [ 18.953908] Memory state around the buggy address: [ 18.953948] fff00000c45d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.954146] fff00000c45d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.954393] >fff00000c45d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.954457] ^ [ 18.954600] fff00000c45d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.960290] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.960543] page_type: f5(slab) [ 18.960709] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 18.961108] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.961227] page dumped because: kasan: bad access detected [ 18.985818] dump_stack_lvl+0x8c/0xd0 [ 18.986139] __asan_report_load4_noabort+0x20/0x30 [ 18.986209] kasan_atomics_helper+0x40a8/0x4858 [ 18.986283] kasan_atomics+0x198/0x2e0 [ 18.986331] kunit_try_run_case+0x170/0x3f0 [ 18.986609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.986780] kthread+0x328/0x630 [ 18.986854] ret_from_fork+0x10/0x20 [ 18.986971] [ 18.988703] The buggy address is located 0 bytes to the right of [ 18.988703] allocated 48-byte region [fff00000c65b1c00, fff00000c65b1c30) [ 18.989455] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.990587] fff00000c65b1b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.991067] fff00000c65b1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.992537] Write of size 4 at addr fff00000c65b1c30 by task kunit_try_catch/265 [ 18.993084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.993961] kasan_atomics+0x198/0x2e0 [ 18.994623] kasan_save_alloc_info+0x40/0x58 [ 18.994918] ret_from_fork+0x10/0x20 [ 18.995052] The buggy address is located 0 bytes to the right of [ 18.995052] allocated 48-byte region [fff00000c65b1c00, fff00000c65b1c30) [ 18.995564] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1 [ 18.996872] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 18.997879] fff00000c65b1b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.998426] fff00000c65b1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.001615] CPU: 1 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.004600] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.006187] The buggy address is located 0 bytes to the right of [ 19.006187] allocated 48-byte region [fff00000c65b1c00, fff00000c65b1c30) [ 19.006626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1 [ 19.007776] fff00000c65b1b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 19.008207] ^ [ 19.008664] fff00000c65b1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.010059] ==================================================================
[ 15.197478] ================================================================== [ 15.197715] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 15.198043] Write of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.198390] [ 15.198500] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.198539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.198550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.198569] Call Trace: [ 15.198580] <TASK> [ 15.198593] dump_stack_lvl+0x73/0xb0 [ 15.198619] print_report+0xd1/0x610 [ 15.198641] ? __virt_addr_valid+0x1db/0x2d0 [ 15.198664] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 15.198694] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.198724] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 15.198753] kasan_report+0x141/0x180 [ 15.198775] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 15.198808] kasan_check_range+0x10c/0x1c0 [ 15.198832] __kasan_check_write+0x18/0x20 [ 15.198852] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 15.198881] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.198912] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.198937] ? trace_hardirqs_on+0x37/0xe0 [ 15.198959] ? kasan_bitops_generic+0x92/0x1c0 [ 15.198986] kasan_bitops_generic+0x121/0x1c0 [ 15.199011] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.199037] ? __pfx_read_tsc+0x10/0x10 [ 15.199058] ? ktime_get_ts64+0x86/0x230 [ 15.199082] kunit_try_run_case+0x1a5/0x480 [ 15.199106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.199129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.199153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.199178] ? __kthread_parkme+0x82/0x180 [ 15.199198] ? preempt_count_sub+0x50/0x80 [ 15.199222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.199247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.199282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.199308] kthread+0x337/0x6f0 [ 15.199327] ? trace_preempt_on+0x20/0xc0 [ 15.199350] ? __pfx_kthread+0x10/0x10 [ 15.199370] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.199392] ? calculate_sigpending+0x7b/0xa0 [ 15.199416] ? __pfx_kthread+0x10/0x10 [ 15.199437] ret_from_fork+0x116/0x1d0 [ 15.199456] ? __pfx_kthread+0x10/0x10 [ 15.199476] ret_from_fork_asm+0x1a/0x30 [ 15.199506] </TASK> [ 15.199516] [ 15.208559] Allocated by task 278: [ 15.208728] kasan_save_stack+0x45/0x70 [ 15.208903] kasan_save_track+0x18/0x40 [ 15.209163] kasan_save_alloc_info+0x3b/0x50 [ 15.209359] __kasan_kmalloc+0xb7/0xc0 [ 15.209525] __kmalloc_cache_noprof+0x189/0x420 [ 15.209749] kasan_bitops_generic+0x92/0x1c0 [ 15.209917] kunit_try_run_case+0x1a5/0x480 [ 15.210299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.210542] kthread+0x337/0x6f0 [ 15.210695] ret_from_fork+0x116/0x1d0 [ 15.210884] ret_from_fork_asm+0x1a/0x30 [ 15.211025] [ 15.211098] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.211098] which belongs to the cache kmalloc-16 of size 16 [ 15.213300] The buggy address is located 8 bytes inside of [ 15.213300] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.213662] [ 15.213736] The buggy address belongs to the physical page: [ 15.213910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.214287] flags: 0x200000000000000(node=0|zone=2) [ 15.214451] page_type: f5(slab) [ 15.214569] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.214806] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.215026] page dumped because: kasan: bad access detected [ 15.215190] [ 15.215258] Memory state around the buggy address: [ 15.217882] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.218216] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.218545] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.218769] ^ [ 15.218920] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.219688] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.219926] ================================================================== [ 15.285497] ================================================================== [ 15.285733] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.286144] Write of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.286961] [ 15.287195] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.287239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.287252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.287287] Call Trace: [ 15.287304] <TASK> [ 15.287319] dump_stack_lvl+0x73/0xb0 [ 15.287348] print_report+0xd1/0x610 [ 15.287369] ? __virt_addr_valid+0x1db/0x2d0 [ 15.287392] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.287421] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.287445] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.287475] kasan_report+0x141/0x180 [ 15.287507] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.287540] kasan_check_range+0x10c/0x1c0 [ 15.287564] __kasan_check_write+0x18/0x20 [ 15.287583] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.287612] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.287643] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.287668] ? trace_hardirqs_on+0x37/0xe0 [ 15.287690] ? kasan_bitops_generic+0x92/0x1c0 [ 15.287717] kasan_bitops_generic+0x121/0x1c0 [ 15.287741] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.287767] ? __pfx_read_tsc+0x10/0x10 [ 15.287787] ? ktime_get_ts64+0x86/0x230 [ 15.287811] kunit_try_run_case+0x1a5/0x480 [ 15.287834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.287858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.287882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.287905] ? __kthread_parkme+0x82/0x180 [ 15.287926] ? preempt_count_sub+0x50/0x80 [ 15.287949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.287974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.288010] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.288035] kthread+0x337/0x6f0 [ 15.288055] ? trace_preempt_on+0x20/0xc0 [ 15.288076] ? __pfx_kthread+0x10/0x10 [ 15.288098] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.288118] ? calculate_sigpending+0x7b/0xa0 [ 15.288142] ? __pfx_kthread+0x10/0x10 [ 15.288164] ret_from_fork+0x116/0x1d0 [ 15.288182] ? __pfx_kthread+0x10/0x10 [ 15.288202] ret_from_fork_asm+0x1a/0x30 [ 15.288232] </TASK> [ 15.288242] [ 15.303229] Allocated by task 278: [ 15.303554] kasan_save_stack+0x45/0x70 [ 15.303906] kasan_save_track+0x18/0x40 [ 15.304327] kasan_save_alloc_info+0x3b/0x50 [ 15.304720] __kasan_kmalloc+0xb7/0xc0 [ 15.305115] __kmalloc_cache_noprof+0x189/0x420 [ 15.305535] kasan_bitops_generic+0x92/0x1c0 [ 15.305916] kunit_try_run_case+0x1a5/0x480 [ 15.306353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.306547] kthread+0x337/0x6f0 [ 15.306669] ret_from_fork+0x116/0x1d0 [ 15.306806] ret_from_fork_asm+0x1a/0x30 [ 15.306945] [ 15.307135] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.307135] which belongs to the cache kmalloc-16 of size 16 [ 15.308339] The buggy address is located 8 bytes inside of [ 15.308339] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.309572] [ 15.309730] The buggy address belongs to the physical page: [ 15.310369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.311047] flags: 0x200000000000000(node=0|zone=2) [ 15.311529] page_type: f5(slab) [ 15.311818] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.312346] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.312581] page dumped because: kasan: bad access detected [ 15.312753] [ 15.312821] Memory state around the buggy address: [ 15.313024] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.313682] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.314462] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.315083] ^ [ 15.315592] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.316426] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.317209] ================================================================== [ 15.241233] ================================================================== [ 15.241561] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 15.241858] Write of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.242160] [ 15.242273] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.242313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.242325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.242344] Call Trace: [ 15.242359] <TASK> [ 15.242372] dump_stack_lvl+0x73/0xb0 [ 15.242458] print_report+0xd1/0x610 [ 15.242481] ? __virt_addr_valid+0x1db/0x2d0 [ 15.242503] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 15.242532] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.242556] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 15.242586] kasan_report+0x141/0x180 [ 15.242608] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 15.242645] kasan_check_range+0x10c/0x1c0 [ 15.242668] __kasan_check_write+0x18/0x20 [ 15.242689] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 15.242726] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.242757] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.242782] ? trace_hardirqs_on+0x37/0xe0 [ 15.242804] ? kasan_bitops_generic+0x92/0x1c0 [ 15.242831] kasan_bitops_generic+0x121/0x1c0 [ 15.242855] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.242881] ? __pfx_read_tsc+0x10/0x10 [ 15.242903] ? ktime_get_ts64+0x86/0x230 [ 15.242927] kunit_try_run_case+0x1a5/0x480 [ 15.242950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.242973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.243044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.243068] ? __kthread_parkme+0x82/0x180 [ 15.243088] ? preempt_count_sub+0x50/0x80 [ 15.243111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.243136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.243161] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.243186] kthread+0x337/0x6f0 [ 15.243205] ? trace_preempt_on+0x20/0xc0 [ 15.243227] ? __pfx_kthread+0x10/0x10 [ 15.243248] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.243281] ? calculate_sigpending+0x7b/0xa0 [ 15.243313] ? __pfx_kthread+0x10/0x10 [ 15.243334] ret_from_fork+0x116/0x1d0 [ 15.243352] ? __pfx_kthread+0x10/0x10 [ 15.243373] ret_from_fork_asm+0x1a/0x30 [ 15.243402] </TASK> [ 15.243411] [ 15.251807] Allocated by task 278: [ 15.251937] kasan_save_stack+0x45/0x70 [ 15.252104] kasan_save_track+0x18/0x40 [ 15.252302] kasan_save_alloc_info+0x3b/0x50 [ 15.252510] __kasan_kmalloc+0xb7/0xc0 [ 15.252823] __kmalloc_cache_noprof+0x189/0x420 [ 15.253050] kasan_bitops_generic+0x92/0x1c0 [ 15.253373] kunit_try_run_case+0x1a5/0x480 [ 15.253526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.253702] kthread+0x337/0x6f0 [ 15.253871] ret_from_fork+0x116/0x1d0 [ 15.254316] ret_from_fork_asm+0x1a/0x30 [ 15.254539] [ 15.254634] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.254634] which belongs to the cache kmalloc-16 of size 16 [ 15.255211] The buggy address is located 8 bytes inside of [ 15.255211] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.255717] [ 15.255789] The buggy address belongs to the physical page: [ 15.255960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.256197] flags: 0x200000000000000(node=0|zone=2) [ 15.256763] page_type: f5(slab) [ 15.256935] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.257478] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.257710] page dumped because: kasan: bad access detected [ 15.257881] [ 15.257950] Memory state around the buggy address: [ 15.258399] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.258738] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.259275] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.259562] ^ [ 15.259760] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.260027] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.260391] ================================================================== [ 15.357547] ================================================================== [ 15.358086] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.358479] Read of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.358747] [ 15.358829] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.358868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.358881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.358903] Call Trace: [ 15.358917] <TASK> [ 15.358932] dump_stack_lvl+0x73/0xb0 [ 15.358959] print_report+0xd1/0x610 [ 15.358980] ? __virt_addr_valid+0x1db/0x2d0 [ 15.359003] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.359033] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.359056] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.359086] kasan_report+0x141/0x180 [ 15.359108] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.359142] __asan_report_load8_noabort+0x18/0x20 [ 15.359168] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.359198] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.359229] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.359253] ? trace_hardirqs_on+0x37/0xe0 [ 15.359285] ? kasan_bitops_generic+0x92/0x1c0 [ 15.359313] kasan_bitops_generic+0x121/0x1c0 [ 15.359338] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.359363] ? __pfx_read_tsc+0x10/0x10 [ 15.359384] ? ktime_get_ts64+0x86/0x230 [ 15.359408] kunit_try_run_case+0x1a5/0x480 [ 15.359432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.359455] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.359480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.359504] ? __kthread_parkme+0x82/0x180 [ 15.359525] ? preempt_count_sub+0x50/0x80 [ 15.359549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.359573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.359600] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.359626] kthread+0x337/0x6f0 [ 15.359645] ? trace_preempt_on+0x20/0xc0 [ 15.359667] ? __pfx_kthread+0x10/0x10 [ 15.359688] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.359710] ? calculate_sigpending+0x7b/0xa0 [ 15.359733] ? __pfx_kthread+0x10/0x10 [ 15.359755] ret_from_fork+0x116/0x1d0 [ 15.359774] ? __pfx_kthread+0x10/0x10 [ 15.359794] ret_from_fork_asm+0x1a/0x30 [ 15.359825] </TASK> [ 15.359834] [ 15.367976] Allocated by task 278: [ 15.368145] kasan_save_stack+0x45/0x70 [ 15.368341] kasan_save_track+0x18/0x40 [ 15.368481] kasan_save_alloc_info+0x3b/0x50 [ 15.368631] __kasan_kmalloc+0xb7/0xc0 [ 15.368763] __kmalloc_cache_noprof+0x189/0x420 [ 15.368943] kasan_bitops_generic+0x92/0x1c0 [ 15.369148] kunit_try_run_case+0x1a5/0x480 [ 15.369444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.369705] kthread+0x337/0x6f0 [ 15.369872] ret_from_fork+0x116/0x1d0 [ 15.370088] ret_from_fork_asm+0x1a/0x30 [ 15.370283] [ 15.370377] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.370377] which belongs to the cache kmalloc-16 of size 16 [ 15.370777] The buggy address is located 8 bytes inside of [ 15.370777] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.371207] [ 15.371309] The buggy address belongs to the physical page: [ 15.371598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.372044] flags: 0x200000000000000(node=0|zone=2) [ 15.372206] page_type: f5(slab) [ 15.372378] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.372725] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.373025] page dumped because: kasan: bad access detected [ 15.373196] [ 15.373272] Memory state around the buggy address: [ 15.373424] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.373706] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.374023] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.374389] ^ [ 15.374799] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.375017] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.375229] ================================================================== [ 15.220387] ================================================================== [ 15.221180] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 15.221836] Write of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.222507] [ 15.222622] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.222665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.222677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.222700] Call Trace: [ 15.222720] <TASK> [ 15.222734] dump_stack_lvl+0x73/0xb0 [ 15.222764] print_report+0xd1/0x610 [ 15.222786] ? __virt_addr_valid+0x1db/0x2d0 [ 15.222808] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 15.222837] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.222860] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 15.222890] kasan_report+0x141/0x180 [ 15.222912] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 15.222946] kasan_check_range+0x10c/0x1c0 [ 15.222969] __kasan_check_write+0x18/0x20 [ 15.222989] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 15.223018] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.223061] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.223087] ? trace_hardirqs_on+0x37/0xe0 [ 15.223109] ? kasan_bitops_generic+0x92/0x1c0 [ 15.223136] kasan_bitops_generic+0x121/0x1c0 [ 15.223160] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.223185] ? __pfx_read_tsc+0x10/0x10 [ 15.223205] ? ktime_get_ts64+0x86/0x230 [ 15.223228] kunit_try_run_case+0x1a5/0x480 [ 15.223253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.223349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.223375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.223399] ? __kthread_parkme+0x82/0x180 [ 15.223419] ? preempt_count_sub+0x50/0x80 [ 15.223443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.223468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.223492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.223519] kthread+0x337/0x6f0 [ 15.223538] ? trace_preempt_on+0x20/0xc0 [ 15.223561] ? __pfx_kthread+0x10/0x10 [ 15.223581] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.223603] ? calculate_sigpending+0x7b/0xa0 [ 15.223627] ? __pfx_kthread+0x10/0x10 [ 15.223648] ret_from_fork+0x116/0x1d0 [ 15.223667] ? __pfx_kthread+0x10/0x10 [ 15.223687] ret_from_fork_asm+0x1a/0x30 [ 15.223718] </TASK> [ 15.223727] [ 15.232786] Allocated by task 278: [ 15.232973] kasan_save_stack+0x45/0x70 [ 15.233141] kasan_save_track+0x18/0x40 [ 15.233404] kasan_save_alloc_info+0x3b/0x50 [ 15.233596] __kasan_kmalloc+0xb7/0xc0 [ 15.233761] __kmalloc_cache_noprof+0x189/0x420 [ 15.233951] kasan_bitops_generic+0x92/0x1c0 [ 15.234376] kunit_try_run_case+0x1a5/0x480 [ 15.234535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.234773] kthread+0x337/0x6f0 [ 15.234941] ret_from_fork+0x116/0x1d0 [ 15.235305] ret_from_fork_asm+0x1a/0x30 [ 15.235495] [ 15.235572] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.235572] which belongs to the cache kmalloc-16 of size 16 [ 15.236044] The buggy address is located 8 bytes inside of [ 15.236044] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.236514] [ 15.236586] The buggy address belongs to the physical page: [ 15.236758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.237068] flags: 0x200000000000000(node=0|zone=2) [ 15.237391] page_type: f5(slab) [ 15.237553] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.237947] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.238227] page dumped because: kasan: bad access detected [ 15.238412] [ 15.238481] Memory state around the buggy address: [ 15.238639] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.238964] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.239651] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.240043] ^ [ 15.240289] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.240517] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.240782] ================================================================== [ 15.337547] ================================================================== [ 15.337865] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.338457] Read of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.338754] [ 15.338854] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.338895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.338906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.338926] Call Trace: [ 15.338937] <TASK> [ 15.338950] dump_stack_lvl+0x73/0xb0 [ 15.339034] print_report+0xd1/0x610 [ 15.339061] ? __virt_addr_valid+0x1db/0x2d0 [ 15.339084] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.339115] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.339138] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.339168] kasan_report+0x141/0x180 [ 15.339189] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.339223] kasan_check_range+0x10c/0x1c0 [ 15.339247] __kasan_check_read+0x15/0x20 [ 15.339277] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.339306] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.339338] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.339362] ? trace_hardirqs_on+0x37/0xe0 [ 15.339384] ? kasan_bitops_generic+0x92/0x1c0 [ 15.339411] kasan_bitops_generic+0x121/0x1c0 [ 15.339435] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.339461] ? __pfx_read_tsc+0x10/0x10 [ 15.339481] ? ktime_get_ts64+0x86/0x230 [ 15.339504] kunit_try_run_case+0x1a5/0x480 [ 15.339529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.339552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.339576] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.339600] ? __kthread_parkme+0x82/0x180 [ 15.339620] ? preempt_count_sub+0x50/0x80 [ 15.339643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.339668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.339693] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.339719] kthread+0x337/0x6f0 [ 15.339738] ? trace_preempt_on+0x20/0xc0 [ 15.339760] ? __pfx_kthread+0x10/0x10 [ 15.339780] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.339803] ? calculate_sigpending+0x7b/0xa0 [ 15.339827] ? __pfx_kthread+0x10/0x10 [ 15.339848] ret_from_fork+0x116/0x1d0 [ 15.339866] ? __pfx_kthread+0x10/0x10 [ 15.339887] ret_from_fork_asm+0x1a/0x30 [ 15.339917] </TASK> [ 15.339928] [ 15.348849] Allocated by task 278: [ 15.349038] kasan_save_stack+0x45/0x70 [ 15.349191] kasan_save_track+0x18/0x40 [ 15.349339] kasan_save_alloc_info+0x3b/0x50 [ 15.349489] __kasan_kmalloc+0xb7/0xc0 [ 15.349682] __kmalloc_cache_noprof+0x189/0x420 [ 15.349902] kasan_bitops_generic+0x92/0x1c0 [ 15.350119] kunit_try_run_case+0x1a5/0x480 [ 15.350420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.350669] kthread+0x337/0x6f0 [ 15.350819] ret_from_fork+0x116/0x1d0 [ 15.350989] ret_from_fork_asm+0x1a/0x30 [ 15.351335] [ 15.351408] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.351408] which belongs to the cache kmalloc-16 of size 16 [ 15.351761] The buggy address is located 8 bytes inside of [ 15.351761] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.352292] [ 15.352385] The buggy address belongs to the physical page: [ 15.352835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.353258] flags: 0x200000000000000(node=0|zone=2) [ 15.353439] page_type: f5(slab) [ 15.353559] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.353885] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.354505] page dumped because: kasan: bad access detected [ 15.354780] [ 15.354872] Memory state around the buggy address: [ 15.355160] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.355412] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.355627] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.355935] ^ [ 15.356145] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.356734] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.357162] ================================================================== [ 15.318102] ================================================================== [ 15.318944] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.319623] Write of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.319854] [ 15.319940] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.319981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.319992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.320012] Call Trace: [ 15.320027] <TASK> [ 15.320041] dump_stack_lvl+0x73/0xb0 [ 15.320070] print_report+0xd1/0x610 [ 15.320092] ? __virt_addr_valid+0x1db/0x2d0 [ 15.320114] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.320144] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.320166] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.320196] kasan_report+0x141/0x180 [ 15.320218] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.320252] kasan_check_range+0x10c/0x1c0 [ 15.320291] __kasan_check_write+0x18/0x20 [ 15.320310] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.320340] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.320370] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.320395] ? trace_hardirqs_on+0x37/0xe0 [ 15.320416] ? kasan_bitops_generic+0x92/0x1c0 [ 15.320444] kasan_bitops_generic+0x121/0x1c0 [ 15.320467] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.320493] ? __pfx_read_tsc+0x10/0x10 [ 15.320514] ? ktime_get_ts64+0x86/0x230 [ 15.320537] kunit_try_run_case+0x1a5/0x480 [ 15.320561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.320584] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.320608] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.320632] ? __kthread_parkme+0x82/0x180 [ 15.320652] ? preempt_count_sub+0x50/0x80 [ 15.320675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.320700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.320724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.320749] kthread+0x337/0x6f0 [ 15.320768] ? trace_preempt_on+0x20/0xc0 [ 15.320790] ? __pfx_kthread+0x10/0x10 [ 15.320810] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.320832] ? calculate_sigpending+0x7b/0xa0 [ 15.320856] ? __pfx_kthread+0x10/0x10 [ 15.320878] ret_from_fork+0x116/0x1d0 [ 15.320897] ? __pfx_kthread+0x10/0x10 [ 15.320917] ret_from_fork_asm+0x1a/0x30 [ 15.320947] </TASK> [ 15.320956] [ 15.329313] Allocated by task 278: [ 15.329454] kasan_save_stack+0x45/0x70 [ 15.329657] kasan_save_track+0x18/0x40 [ 15.329823] kasan_save_alloc_info+0x3b/0x50 [ 15.329972] __kasan_kmalloc+0xb7/0xc0 [ 15.330207] __kmalloc_cache_noprof+0x189/0x420 [ 15.330449] kasan_bitops_generic+0x92/0x1c0 [ 15.330614] kunit_try_run_case+0x1a5/0x480 [ 15.330801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.331229] kthread+0x337/0x6f0 [ 15.331392] ret_from_fork+0x116/0x1d0 [ 15.331559] ret_from_fork_asm+0x1a/0x30 [ 15.331699] [ 15.331770] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.331770] which belongs to the cache kmalloc-16 of size 16 [ 15.332121] The buggy address is located 8 bytes inside of [ 15.332121] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.332646] [ 15.332739] The buggy address belongs to the physical page: [ 15.332987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.333407] flags: 0x200000000000000(node=0|zone=2) [ 15.333659] page_type: f5(slab) [ 15.333779] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.334010] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.334359] page dumped because: kasan: bad access detected [ 15.334623] [ 15.334717] Memory state around the buggy address: [ 15.334953] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.335429] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.335725] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.336081] ^ [ 15.336300] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.336579] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.336839] ================================================================== [ 15.178181] ================================================================== [ 15.178503] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 15.178867] Write of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.179475] [ 15.179578] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.179621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.179634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.179653] Call Trace: [ 15.179665] <TASK> [ 15.179679] dump_stack_lvl+0x73/0xb0 [ 15.179707] print_report+0xd1/0x610 [ 15.179730] ? __virt_addr_valid+0x1db/0x2d0 [ 15.179752] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 15.179781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.179805] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 15.179835] kasan_report+0x141/0x180 [ 15.179857] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 15.179890] kasan_check_range+0x10c/0x1c0 [ 15.179914] __kasan_check_write+0x18/0x20 [ 15.179934] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 15.179963] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.180283] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.180308] ? trace_hardirqs_on+0x37/0xe0 [ 15.180331] ? kasan_bitops_generic+0x92/0x1c0 [ 15.180358] kasan_bitops_generic+0x121/0x1c0 [ 15.180382] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.180408] ? __pfx_read_tsc+0x10/0x10 [ 15.180429] ? ktime_get_ts64+0x86/0x230 [ 15.180453] kunit_try_run_case+0x1a5/0x480 [ 15.180476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.180500] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.180524] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.180548] ? __kthread_parkme+0x82/0x180 [ 15.180568] ? preempt_count_sub+0x50/0x80 [ 15.180591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.180616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.180641] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.180667] kthread+0x337/0x6f0 [ 15.180686] ? trace_preempt_on+0x20/0xc0 [ 15.180708] ? __pfx_kthread+0x10/0x10 [ 15.180729] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.180751] ? calculate_sigpending+0x7b/0xa0 [ 15.180775] ? __pfx_kthread+0x10/0x10 [ 15.180797] ret_from_fork+0x116/0x1d0 [ 15.180815] ? __pfx_kthread+0x10/0x10 [ 15.180836] ret_from_fork_asm+0x1a/0x30 [ 15.180866] </TASK> [ 15.180876] [ 15.189403] Allocated by task 278: [ 15.189539] kasan_save_stack+0x45/0x70 [ 15.189685] kasan_save_track+0x18/0x40 [ 15.189820] kasan_save_alloc_info+0x3b/0x50 [ 15.189969] __kasan_kmalloc+0xb7/0xc0 [ 15.190137] __kmalloc_cache_noprof+0x189/0x420 [ 15.190416] kasan_bitops_generic+0x92/0x1c0 [ 15.190637] kunit_try_run_case+0x1a5/0x480 [ 15.190844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.191096] kthread+0x337/0x6f0 [ 15.191260] ret_from_fork+0x116/0x1d0 [ 15.191455] ret_from_fork_asm+0x1a/0x30 [ 15.191733] [ 15.191829] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.191829] which belongs to the cache kmalloc-16 of size 16 [ 15.192306] The buggy address is located 8 bytes inside of [ 15.192306] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.192662] [ 15.192757] The buggy address belongs to the physical page: [ 15.193184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.193566] flags: 0x200000000000000(node=0|zone=2) [ 15.193798] page_type: f5(slab) [ 15.193963] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.194330] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.194668] page dumped because: kasan: bad access detected [ 15.194895] [ 15.194979] Memory state around the buggy address: [ 15.195168] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.195474] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.195711] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.196025] ^ [ 15.196207] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.196532] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.196838] ================================================================== [ 15.260818] ================================================================== [ 15.261254] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 15.261653] Write of size 8 at addr ffff888101c9b4a8 by task kunit_try_catch/278 [ 15.261953] [ 15.262190] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.262233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.262245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.262279] Call Trace: [ 15.262291] <TASK> [ 15.262302] dump_stack_lvl+0x73/0xb0 [ 15.262329] print_report+0xd1/0x610 [ 15.262352] ? __virt_addr_valid+0x1db/0x2d0 [ 15.262374] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 15.262403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.262427] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 15.262457] kasan_report+0x141/0x180 [ 15.262478] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 15.262512] kasan_check_range+0x10c/0x1c0 [ 15.262536] __kasan_check_write+0x18/0x20 [ 15.262555] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 15.262585] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.262616] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.262640] ? trace_hardirqs_on+0x37/0xe0 [ 15.262662] ? kasan_bitops_generic+0x92/0x1c0 [ 15.262689] kasan_bitops_generic+0x121/0x1c0 [ 15.262720] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.262746] ? __pfx_read_tsc+0x10/0x10 [ 15.262767] ? ktime_get_ts64+0x86/0x230 [ 15.262791] kunit_try_run_case+0x1a5/0x480 [ 15.262815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.262838] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.262862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.262886] ? __kthread_parkme+0x82/0x180 [ 15.262905] ? preempt_count_sub+0x50/0x80 [ 15.262929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.262954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.262978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.263060] kthread+0x337/0x6f0 [ 15.263079] ? trace_preempt_on+0x20/0xc0 [ 15.263101] ? __pfx_kthread+0x10/0x10 [ 15.263122] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.263143] ? calculate_sigpending+0x7b/0xa0 [ 15.263167] ? __pfx_kthread+0x10/0x10 [ 15.263189] ret_from_fork+0x116/0x1d0 [ 15.263208] ? __pfx_kthread+0x10/0x10 [ 15.263229] ret_from_fork_asm+0x1a/0x30 [ 15.263259] </TASK> [ 15.263281] [ 15.271857] Allocated by task 278: [ 15.272018] kasan_save_stack+0x45/0x70 [ 15.272219] kasan_save_track+0x18/0x40 [ 15.273567] kasan_save_alloc_info+0x3b/0x50 [ 15.274250] __kasan_kmalloc+0xb7/0xc0 [ 15.274720] __kmalloc_cache_noprof+0x189/0x420 [ 15.275294] kasan_bitops_generic+0x92/0x1c0 [ 15.275549] kunit_try_run_case+0x1a5/0x480 [ 15.275748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.275998] kthread+0x337/0x6f0 [ 15.276150] ret_from_fork+0x116/0x1d0 [ 15.276332] ret_from_fork_asm+0x1a/0x30 [ 15.276511] [ 15.276607] The buggy address belongs to the object at ffff888101c9b4a0 [ 15.276607] which belongs to the cache kmalloc-16 of size 16 [ 15.277067] The buggy address is located 8 bytes inside of [ 15.277067] allocated 9-byte region [ffff888101c9b4a0, ffff888101c9b4a9) [ 15.278061] [ 15.278394] The buggy address belongs to the physical page: [ 15.278612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c9b [ 15.279142] flags: 0x200000000000000(node=0|zone=2) [ 15.279486] page_type: f5(slab) [ 15.279627] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.280150] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.280496] page dumped because: kasan: bad access detected [ 15.280820] [ 15.280972] Memory state around the buggy address: [ 15.281314] ffff888101c9b380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 15.282010] ffff888101c9b400: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 15.282518] >ffff888101c9b480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.282821] ^ [ 15.283182] ffff888101c9b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.283677] ffff888101c9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.284506] ==================================================================