Date
July 15, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.279733] ================================================================== [ 20.279788] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 20.279843] Write of size 8 at addr fff00000c45d8b88 by task kunit_try_catch/263 [ 20.279896] [ 20.279929] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 20.280012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.280040] Hardware name: linux,dummy-virt (DT) [ 20.280073] Call trace: [ 20.280098] show_stack+0x20/0x38 (C) [ 20.280145] dump_stack_lvl+0x8c/0xd0 [ 20.280196] print_report+0x118/0x5d0 [ 20.280259] kasan_report+0xdc/0x128 [ 20.280306] kasan_check_range+0x100/0x1a8 [ 20.280355] __kasan_check_write+0x20/0x30 [ 20.281818] kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 20.281948] kasan_bitops_generic+0x11c/0x1c8 [ 20.282002] kunit_try_run_case+0x170/0x3f0 [ 20.282053] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.285947] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.295648] Read of size 8 at addr fff00000c45d8b88 by task kunit_try_catch/263 [ 20.303678] The buggy address is located 8 bytes inside of [ 20.303678] allocated 9-byte region [fff00000c45d8b80, fff00000c45d8b89) [ 20.316020] ret_from_fork+0x10/0x20 [ 20.322718] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 20.327042] kasan_save_stack+0x3c/0x68 [ 20.328924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045d8 [ 20.330427] ^ [ 20.332177] Read of size 8 at addr fff00000c45d8b88 by task kunit_try_catch/263 [ 20.333027] kunit_try_run_case+0x170/0x3f0 [ 20.333249] [ 20.333853] __kasan_kmalloc+0xd4/0xd8 [ 20.334157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.335507] [ 20.335669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045d8 [ 20.336530] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.337531] fff00000c45d8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.352809] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 20.358487] kasan_save_track+0x20/0x40 [ 20.361964] ret_from_fork+0x10/0x20 [ 20.363194] [ 20.363272] The buggy address belongs to the physical page: [ 20.363750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c9 [ 20.364514] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 20.364715] [ 20.365109] Memory state around the buggy address: [ 20.365158] fff00000c59c9d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 20.365453] fff00000c59c9d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 20.365509] >fff00000c59c9e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 20.365553] ^ [ 20.365835] fff00000c59c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.369482] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f7c/0x4858 [ 20.372340] __asan_report_store4_noabort+0x20/0x30 [ 20.373361] kthread+0x328/0x630 [ 20.374986] kthread+0x328/0x630 [ 20.375912] The buggy address belongs to the physical page: [ 20.376453] page_type: f5(slab) [ 20.376693] page dumped because: kasan: bad access detected [ 20.377532] fff00000c59c9d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 20.377762] fff00000c59c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.378854] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ec/0x4858 [ 20.379574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.380958] print_report+0x118/0x5d0 [ 20.381888] kthread+0x328/0x630 [ 20.382449] kasan_save_alloc_info+0x40/0x58 [ 20.383482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.384700] The buggy address belongs to the physical page: [ 20.384864] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c9 [ 20.386544] page dumped because: kasan: bad access detected [ 20.386813] [ 20.387300] fff00000c59c9d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 20.388486] fff00000c59c9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.389229] ================================================================== [ 20.270828] ================================================================== [ 20.270882] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 20.270934] Read of size 8 at addr fff00000c45d8b88 by task kunit_try_catch/263 [ 20.270987] [ 20.271019] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 20.271101] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.271135] Hardware name: linux,dummy-virt (DT) [ 20.271167] Call trace: [ 20.271190] show_stack+0x20/0x38 (C) [ 20.272123] dump_stack_lvl+0x8c/0xd0 [ 20.272220] print_report+0x118/0x5d0 [ 20.272530] kasan_report+0xdc/0x128 [ 20.272751] __asan_report_load8_noabort+0x20/0x30 [ 20.272808] kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 20.272864] kasan_bitops_generic+0x11c/0x1c8 [ 20.272914] kunit_try_run_case+0x170/0x3f0 [ 20.272964] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.273540] kthread+0x328/0x630 [ 20.273844] ret_from_fork+0x10/0x20 [ 20.273899] [ 20.273920] Allocated by task 263: [ 20.273949] kasan_save_stack+0x3c/0x68 [ 20.273999] kasan_save_track+0x20/0x40 [ 20.274037] kasan_save_alloc_info+0x40/0x58 [ 20.274079] __kasan_kmalloc+0xd4/0xd8 [ 20.274386] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.274615] kasan_bitops_generic+0xa0/0x1c8 [ 20.274658] kunit_try_run_case+0x170/0x3f0 [ 20.274698] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.274746] kthread+0x328/0x630 [ 20.274784] ret_from_fork+0x10/0x20 [ 20.274821] [ 20.275676] The buggy address is located 8 bytes inside of [ 20.275676] allocated 9-byte region [fff00000c45d8b80, fff00000c45d8b89) [ 20.276306] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.276513] page_type: f5(slab) [ 20.276826] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 20.277121] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.277273] page dumped because: kasan: bad access detected [ 20.277310] [ 20.277583] Memory state around the buggy address: [ 20.277740] fff00000c45d8a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.277792] fff00000c45d8b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.277980] >fff00000c45d8b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.278636] fff00000c45d8c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.278772] fff00000c45d8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.278815] ==================================================================
[ 13.317781] ================================================================== [ 13.318432] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.319248] Read of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.319478] [ 13.319564] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.319608] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.319619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.319639] Call Trace: [ 13.319652] <TASK> [ 13.319666] dump_stack_lvl+0x73/0xb0 [ 13.319689] print_report+0xd1/0x610 [ 13.319712] ? __virt_addr_valid+0x1db/0x2d0 [ 13.319731] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.319753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.319776] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.319863] kasan_report+0x141/0x180 [ 13.319958] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.320036] kasan_check_range+0x10c/0x1c0 [ 13.320055] __kasan_check_read+0x15/0x20 [ 13.320085] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.320109] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.320133] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.320153] ? trace_hardirqs_on+0x37/0xe0 [ 13.320174] ? kasan_bitops_generic+0x92/0x1c0 [ 13.320198] kasan_bitops_generic+0x121/0x1c0 [ 13.320218] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.320238] ? __pfx_read_tsc+0x10/0x10 [ 13.320257] ? ktime_get_ts64+0x86/0x230 [ 13.320280] kunit_try_run_case+0x1a5/0x480 [ 13.320301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.320354] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.320378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.320401] ? __kthread_parkme+0x82/0x180 [ 13.320432] ? preempt_count_sub+0x50/0x80 [ 13.320493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.320512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.320580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.320604] kthread+0x337/0x6f0 [ 13.320620] ? trace_preempt_on+0x20/0xc0 [ 13.320651] ? __pfx_kthread+0x10/0x10 [ 13.320669] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.320690] ? calculate_sigpending+0x7b/0xa0 [ 13.320710] ? __pfx_kthread+0x10/0x10 [ 13.320728] ret_from_fork+0x41/0x80 [ 13.320748] ? __pfx_kthread+0x10/0x10 [ 13.320765] ret_from_fork_asm+0x1a/0x30 [ 13.320813] </TASK> [ 13.320824] [ 13.334911] Allocated by task 280: [ 13.335253] kasan_save_stack+0x45/0x70 [ 13.335556] kasan_save_track+0x18/0x40 [ 13.335921] kasan_save_alloc_info+0x3b/0x50 [ 13.336066] __kasan_kmalloc+0xb7/0xc0 [ 13.336198] __kmalloc_cache_noprof+0x189/0x420 [ 13.336348] kasan_bitops_generic+0x92/0x1c0 [ 13.336491] kunit_try_run_case+0x1a5/0x480 [ 13.336631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.336825] kthread+0x337/0x6f0 [ 13.337144] ret_from_fork+0x41/0x80 [ 13.337471] ret_from_fork_asm+0x1a/0x30 [ 13.337860] [ 13.338027] The buggy address belongs to the object at ffff8881027e74e0 [ 13.338027] which belongs to the cache kmalloc-16 of size 16 [ 13.339104] The buggy address is located 8 bytes inside of [ 13.339104] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.340155] [ 13.340320] The buggy address belongs to the physical page: [ 13.340819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.341505] flags: 0x200000000000000(node=0|zone=2) [ 13.341981] page_type: f5(slab) [ 13.342255] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.342653] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.343092] page dumped because: kasan: bad access detected [ 13.343582] [ 13.343743] Memory state around the buggy address: [ 13.344200] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.344667] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.345183] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.345395] ^ [ 13.345591] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.345823] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.346436] ================================================================== [ 13.289283] ================================================================== [ 13.289566] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.290047] Write of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.290328] [ 13.290434] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.290473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.290484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.290503] Call Trace: [ 13.290515] <TASK> [ 13.290528] dump_stack_lvl+0x73/0xb0 [ 13.290550] print_report+0xd1/0x610 [ 13.290571] ? __virt_addr_valid+0x1db/0x2d0 [ 13.290591] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.290613] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.290635] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.290658] kasan_report+0x141/0x180 [ 13.290679] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.290707] kasan_check_range+0x10c/0x1c0 [ 13.290727] __kasan_check_write+0x18/0x20 [ 13.290746] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.290768] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.290792] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.290811] ? trace_hardirqs_on+0x37/0xe0 [ 13.290832] ? kasan_bitops_generic+0x92/0x1c0 [ 13.290857] kasan_bitops_generic+0x121/0x1c0 [ 13.290877] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.290910] ? __pfx_read_tsc+0x10/0x10 [ 13.290929] ? ktime_get_ts64+0x86/0x230 [ 13.290952] kunit_try_run_case+0x1a5/0x480 [ 13.290972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.290990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.291014] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.291037] ? __kthread_parkme+0x82/0x180 [ 13.291058] ? preempt_count_sub+0x50/0x80 [ 13.291082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.291101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.291123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.291146] kthread+0x337/0x6f0 [ 13.291162] ? trace_preempt_on+0x20/0xc0 [ 13.291183] ? __pfx_kthread+0x10/0x10 [ 13.291200] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.291221] ? calculate_sigpending+0x7b/0xa0 [ 13.291241] ? __pfx_kthread+0x10/0x10 [ 13.291259] ret_from_fork+0x41/0x80 [ 13.291278] ? __pfx_kthread+0x10/0x10 [ 13.291295] ret_from_fork_asm+0x1a/0x30 [ 13.291324] </TASK> [ 13.291334] [ 13.299316] Allocated by task 280: [ 13.299447] kasan_save_stack+0x45/0x70 [ 13.299590] kasan_save_track+0x18/0x40 [ 13.299725] kasan_save_alloc_info+0x3b/0x50 [ 13.299868] __kasan_kmalloc+0xb7/0xc0 [ 13.300012] __kmalloc_cache_noprof+0x189/0x420 [ 13.300162] kasan_bitops_generic+0x92/0x1c0 [ 13.301393] kunit_try_run_case+0x1a5/0x480 [ 13.302168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.303177] kthread+0x337/0x6f0 [ 13.303628] ret_from_fork+0x41/0x80 [ 13.304258] ret_from_fork_asm+0x1a/0x30 [ 13.304989] [ 13.305368] The buggy address belongs to the object at ffff8881027e74e0 [ 13.305368] which belongs to the cache kmalloc-16 of size 16 [ 13.306449] The buggy address is located 8 bytes inside of [ 13.306449] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.307354] [ 13.307432] The buggy address belongs to the physical page: [ 13.307602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.308322] flags: 0x200000000000000(node=0|zone=2) [ 13.309082] page_type: f5(slab) [ 13.309591] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.310548] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.311165] page dumped because: kasan: bad access detected [ 13.311342] [ 13.311411] Memory state around the buggy address: [ 13.311565] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.311778] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.312984] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.314062] ^ [ 13.315016] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.315768] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.316523] ================================================================== [ 13.193719] ================================================================== [ 13.194435] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.194810] Write of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.195130] [ 13.195226] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.195267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.195279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.195297] Call Trace: [ 13.195310] <TASK> [ 13.195323] dump_stack_lvl+0x73/0xb0 [ 13.195345] print_report+0xd1/0x610 [ 13.195367] ? __virt_addr_valid+0x1db/0x2d0 [ 13.195387] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.195410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.195432] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.195455] kasan_report+0x141/0x180 [ 13.195477] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.195505] kasan_check_range+0x10c/0x1c0 [ 13.195525] __kasan_check_write+0x18/0x20 [ 13.195544] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.195567] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.195590] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.195610] ? trace_hardirqs_on+0x37/0xe0 [ 13.195631] ? kasan_bitops_generic+0x92/0x1c0 [ 13.195654] kasan_bitops_generic+0x121/0x1c0 [ 13.195674] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.195694] ? __pfx_read_tsc+0x10/0x10 [ 13.195713] ? ktime_get_ts64+0x86/0x230 [ 13.195737] kunit_try_run_case+0x1a5/0x480 [ 13.195757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.195775] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.195797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.195820] ? __kthread_parkme+0x82/0x180 [ 13.195841] ? preempt_count_sub+0x50/0x80 [ 13.195864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.195894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.195916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.195938] kthread+0x337/0x6f0 [ 13.195954] ? trace_preempt_on+0x20/0xc0 [ 13.195975] ? __pfx_kthread+0x10/0x10 [ 13.195993] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.196014] ? calculate_sigpending+0x7b/0xa0 [ 13.196034] ? __pfx_kthread+0x10/0x10 [ 13.196052] ret_from_fork+0x41/0x80 [ 13.196071] ? __pfx_kthread+0x10/0x10 [ 13.196088] ret_from_fork_asm+0x1a/0x30 [ 13.196117] </TASK> [ 13.196128] [ 13.206320] Allocated by task 280: [ 13.206570] kasan_save_stack+0x45/0x70 [ 13.206960] kasan_save_track+0x18/0x40 [ 13.207134] kasan_save_alloc_info+0x3b/0x50 [ 13.207334] __kasan_kmalloc+0xb7/0xc0 [ 13.207506] __kmalloc_cache_noprof+0x189/0x420 [ 13.207698] kasan_bitops_generic+0x92/0x1c0 [ 13.207897] kunit_try_run_case+0x1a5/0x480 [ 13.208407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.208617] kthread+0x337/0x6f0 [ 13.209056] ret_from_fork+0x41/0x80 [ 13.209316] ret_from_fork_asm+0x1a/0x30 [ 13.209546] [ 13.209645] The buggy address belongs to the object at ffff8881027e74e0 [ 13.209645] which belongs to the cache kmalloc-16 of size 16 [ 13.210343] The buggy address is located 8 bytes inside of [ 13.210343] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.210960] [ 13.211144] The buggy address belongs to the physical page: [ 13.211488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.211949] flags: 0x200000000000000(node=0|zone=2) [ 13.212265] page_type: f5(slab) [ 13.212419] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.212730] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.213214] page dumped because: kasan: bad access detected [ 13.213535] [ 13.213683] Memory state around the buggy address: [ 13.213909] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.214352] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.214623] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.215160] ^ [ 13.215499] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.215804] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.216247] ================================================================== [ 13.253266] ================================================================== [ 13.253519] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.254275] Write of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.254508] [ 13.254666] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.254710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.254722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.254742] Call Trace: [ 13.254755] <TASK> [ 13.254769] dump_stack_lvl+0x73/0xb0 [ 13.254792] print_report+0xd1/0x610 [ 13.254814] ? __virt_addr_valid+0x1db/0x2d0 [ 13.254837] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.254860] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.254894] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.254917] kasan_report+0x141/0x180 [ 13.254939] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.254968] kasan_check_range+0x10c/0x1c0 [ 13.254988] __kasan_check_write+0x18/0x20 [ 13.255007] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.255030] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.255054] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.255074] ? trace_hardirqs_on+0x37/0xe0 [ 13.255095] ? kasan_bitops_generic+0x92/0x1c0 [ 13.255118] kasan_bitops_generic+0x121/0x1c0 [ 13.255138] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.255159] ? __pfx_read_tsc+0x10/0x10 [ 13.255177] ? ktime_get_ts64+0x86/0x230 [ 13.255202] kunit_try_run_case+0x1a5/0x480 [ 13.255222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.255240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.255264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.255287] ? __kthread_parkme+0x82/0x180 [ 13.255307] ? preempt_count_sub+0x50/0x80 [ 13.255331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.255351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.255373] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.255396] kthread+0x337/0x6f0 [ 13.255412] ? trace_preempt_on+0x20/0xc0 [ 13.255433] ? __pfx_kthread+0x10/0x10 [ 13.255451] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.255472] ? calculate_sigpending+0x7b/0xa0 [ 13.255492] ? __pfx_kthread+0x10/0x10 [ 13.255510] ret_from_fork+0x41/0x80 [ 13.255530] ? __pfx_kthread+0x10/0x10 [ 13.255547] ret_from_fork_asm+0x1a/0x30 [ 13.255576] </TASK> [ 13.255586] [ 13.263683] Allocated by task 280: [ 13.263805] kasan_save_stack+0x45/0x70 [ 13.264143] kasan_save_track+0x18/0x40 [ 13.264332] kasan_save_alloc_info+0x3b/0x50 [ 13.264475] __kasan_kmalloc+0xb7/0xc0 [ 13.264610] __kmalloc_cache_noprof+0x189/0x420 [ 13.264762] kasan_bitops_generic+0x92/0x1c0 [ 13.264954] kunit_try_run_case+0x1a5/0x480 [ 13.265172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.265678] kthread+0x337/0x6f0 [ 13.265866] ret_from_fork+0x41/0x80 [ 13.266035] ret_from_fork_asm+0x1a/0x30 [ 13.266219] [ 13.266308] The buggy address belongs to the object at ffff8881027e74e0 [ 13.266308] which belongs to the cache kmalloc-16 of size 16 [ 13.266748] The buggy address is located 8 bytes inside of [ 13.266748] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.267219] [ 13.267314] The buggy address belongs to the physical page: [ 13.267566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.267801] flags: 0x200000000000000(node=0|zone=2) [ 13.267971] page_type: f5(slab) [ 13.268090] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.268328] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.268655] page dumped because: kasan: bad access detected [ 13.268907] [ 13.269001] Memory state around the buggy address: [ 13.269227] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.269545] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.269897] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.270176] ^ [ 13.270420] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.270696] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.270997] ================================================================== [ 13.216986] ================================================================== [ 13.217543] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.218190] Write of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.218507] [ 13.218607] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.218650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.218661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.218679] Call Trace: [ 13.218693] <TASK> [ 13.218707] dump_stack_lvl+0x73/0xb0 [ 13.218731] print_report+0xd1/0x610 [ 13.218752] ? __virt_addr_valid+0x1db/0x2d0 [ 13.218772] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.218794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.218817] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.218840] kasan_report+0x141/0x180 [ 13.218862] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.218901] kasan_check_range+0x10c/0x1c0 [ 13.218920] __kasan_check_write+0x18/0x20 [ 13.218940] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.218962] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.218986] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.219006] ? trace_hardirqs_on+0x37/0xe0 [ 13.219027] ? kasan_bitops_generic+0x92/0x1c0 [ 13.219051] kasan_bitops_generic+0x121/0x1c0 [ 13.219071] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.219092] ? __pfx_read_tsc+0x10/0x10 [ 13.219110] ? ktime_get_ts64+0x86/0x230 [ 13.219134] kunit_try_run_case+0x1a5/0x480 [ 13.219153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.219171] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.219195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.219217] ? __kthread_parkme+0x82/0x180 [ 13.219238] ? preempt_count_sub+0x50/0x80 [ 13.219262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.219282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.219304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.219326] kthread+0x337/0x6f0 [ 13.219342] ? trace_preempt_on+0x20/0xc0 [ 13.219364] ? __pfx_kthread+0x10/0x10 [ 13.219381] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.219402] ? calculate_sigpending+0x7b/0xa0 [ 13.219422] ? __pfx_kthread+0x10/0x10 [ 13.219440] ret_from_fork+0x41/0x80 [ 13.219460] ? __pfx_kthread+0x10/0x10 [ 13.219476] ret_from_fork_asm+0x1a/0x30 [ 13.219506] </TASK> [ 13.219516] [ 13.227147] Allocated by task 280: [ 13.227331] kasan_save_stack+0x45/0x70 [ 13.227523] kasan_save_track+0x18/0x40 [ 13.227713] kasan_save_alloc_info+0x3b/0x50 [ 13.228097] __kasan_kmalloc+0xb7/0xc0 [ 13.228241] __kmalloc_cache_noprof+0x189/0x420 [ 13.228390] kasan_bitops_generic+0x92/0x1c0 [ 13.228566] kunit_try_run_case+0x1a5/0x480 [ 13.228770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.229197] kthread+0x337/0x6f0 [ 13.229339] ret_from_fork+0x41/0x80 [ 13.229485] ret_from_fork_asm+0x1a/0x30 [ 13.229621] [ 13.229689] The buggy address belongs to the object at ffff8881027e74e0 [ 13.229689] which belongs to the cache kmalloc-16 of size 16 [ 13.230079] The buggy address is located 8 bytes inside of [ 13.230079] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.230595] [ 13.230689] The buggy address belongs to the physical page: [ 13.231085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.231416] flags: 0x200000000000000(node=0|zone=2) [ 13.231577] page_type: f5(slab) [ 13.231695] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.232225] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.232560] page dumped because: kasan: bad access detected [ 13.232818] [ 13.232920] Memory state around the buggy address: [ 13.233155] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.233440] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.233650] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.234154] ^ [ 13.234408] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.234686] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.234923] ================================================================== [ 13.347389] ================================================================== [ 13.347714] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.348094] Read of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.348363] [ 13.348474] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.348519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.348530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.348550] Call Trace: [ 13.348562] <TASK> [ 13.348577] dump_stack_lvl+0x73/0xb0 [ 13.348599] print_report+0xd1/0x610 [ 13.348622] ? __virt_addr_valid+0x1db/0x2d0 [ 13.348642] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.348663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.348686] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.348710] kasan_report+0x141/0x180 [ 13.348732] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.348759] __asan_report_load8_noabort+0x18/0x20 [ 13.348780] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.348802] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.348826] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.348846] ? trace_hardirqs_on+0x37/0xe0 [ 13.348867] ? kasan_bitops_generic+0x92/0x1c0 [ 13.348929] kasan_bitops_generic+0x121/0x1c0 [ 13.348950] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.348970] ? __pfx_read_tsc+0x10/0x10 [ 13.349001] ? ktime_get_ts64+0x86/0x230 [ 13.349025] kunit_try_run_case+0x1a5/0x480 [ 13.349045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.349063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.349097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.349120] ? __kthread_parkme+0x82/0x180 [ 13.349148] ? preempt_count_sub+0x50/0x80 [ 13.349183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.349203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.349226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.349250] kthread+0x337/0x6f0 [ 13.349265] ? trace_preempt_on+0x20/0xc0 [ 13.349288] ? __pfx_kthread+0x10/0x10 [ 13.349305] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.349326] ? calculate_sigpending+0x7b/0xa0 [ 13.349347] ? __pfx_kthread+0x10/0x10 [ 13.349365] ret_from_fork+0x41/0x80 [ 13.349384] ? __pfx_kthread+0x10/0x10 [ 13.349402] ret_from_fork_asm+0x1a/0x30 [ 13.349432] </TASK> [ 13.349443] [ 13.357257] Allocated by task 280: [ 13.357418] kasan_save_stack+0x45/0x70 [ 13.357638] kasan_save_track+0x18/0x40 [ 13.357874] kasan_save_alloc_info+0x3b/0x50 [ 13.358092] __kasan_kmalloc+0xb7/0xc0 [ 13.358278] __kmalloc_cache_noprof+0x189/0x420 [ 13.358429] kasan_bitops_generic+0x92/0x1c0 [ 13.358606] kunit_try_run_case+0x1a5/0x480 [ 13.358827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.359100] kthread+0x337/0x6f0 [ 13.359260] ret_from_fork+0x41/0x80 [ 13.359433] ret_from_fork_asm+0x1a/0x30 [ 13.359640] [ 13.359727] The buggy address belongs to the object at ffff8881027e74e0 [ 13.359727] which belongs to the cache kmalloc-16 of size 16 [ 13.360265] The buggy address is located 8 bytes inside of [ 13.360265] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.360635] [ 13.360705] The buggy address belongs to the physical page: [ 13.360905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.361281] flags: 0x200000000000000(node=0|zone=2) [ 13.361510] page_type: f5(slab) [ 13.361673] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.362057] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.362391] page dumped because: kasan: bad access detected [ 13.362633] [ 13.362735] Memory state around the buggy address: [ 13.362940] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.363153] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.363385] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.363724] ^ [ 13.364087] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.364447] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.364745] ================================================================== [ 13.172089] ================================================================== [ 13.172415] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.172713] Write of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.173083] [ 13.173197] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.173239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.173250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.173269] Call Trace: [ 13.173283] <TASK> [ 13.173297] dump_stack_lvl+0x73/0xb0 [ 13.173320] print_report+0xd1/0x610 [ 13.173342] ? __virt_addr_valid+0x1db/0x2d0 [ 13.173362] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.173385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.173408] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.173431] kasan_report+0x141/0x180 [ 13.173453] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.173480] kasan_check_range+0x10c/0x1c0 [ 13.173499] __kasan_check_write+0x18/0x20 [ 13.173519] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.173541] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.173566] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.173586] ? trace_hardirqs_on+0x37/0xe0 [ 13.173608] ? kasan_bitops_generic+0x92/0x1c0 [ 13.173632] kasan_bitops_generic+0x121/0x1c0 [ 13.173650] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.173672] ? __pfx_read_tsc+0x10/0x10 [ 13.173689] ? ktime_get_ts64+0x86/0x230 [ 13.173713] kunit_try_run_case+0x1a5/0x480 [ 13.173733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.173751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.173774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.173797] ? __kthread_parkme+0x82/0x180 [ 13.173818] ? preempt_count_sub+0x50/0x80 [ 13.173842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.173861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.173894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.173916] kthread+0x337/0x6f0 [ 13.173932] ? trace_preempt_on+0x20/0xc0 [ 13.173954] ? __pfx_kthread+0x10/0x10 [ 13.173983] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.174004] ? calculate_sigpending+0x7b/0xa0 [ 13.174025] ? __pfx_kthread+0x10/0x10 [ 13.174042] ret_from_fork+0x41/0x80 [ 13.174062] ? __pfx_kthread+0x10/0x10 [ 13.174079] ret_from_fork_asm+0x1a/0x30 [ 13.174110] </TASK> [ 13.174119] [ 13.183586] Allocated by task 280: [ 13.183903] kasan_save_stack+0x45/0x70 [ 13.184161] kasan_save_track+0x18/0x40 [ 13.184394] kasan_save_alloc_info+0x3b/0x50 [ 13.184591] __kasan_kmalloc+0xb7/0xc0 [ 13.184766] __kmalloc_cache_noprof+0x189/0x420 [ 13.185196] kasan_bitops_generic+0x92/0x1c0 [ 13.185410] kunit_try_run_case+0x1a5/0x480 [ 13.185697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.186063] kthread+0x337/0x6f0 [ 13.186190] ret_from_fork+0x41/0x80 [ 13.186444] ret_from_fork_asm+0x1a/0x30 [ 13.186638] [ 13.186728] The buggy address belongs to the object at ffff8881027e74e0 [ 13.186728] which belongs to the cache kmalloc-16 of size 16 [ 13.187498] The buggy address is located 8 bytes inside of [ 13.187498] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.188087] [ 13.188322] The buggy address belongs to the physical page: [ 13.188526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.189009] flags: 0x200000000000000(node=0|zone=2) [ 13.189306] page_type: f5(slab) [ 13.189433] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.189753] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.190240] page dumped because: kasan: bad access detected [ 13.190493] [ 13.190568] Memory state around the buggy address: [ 13.190792] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.191307] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.191692] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.192037] ^ [ 13.192465] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.192825] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.193149] ================================================================== [ 13.235615] ================================================================== [ 13.235975] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.236242] Write of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.236527] [ 13.236632] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.236672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.236682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.236701] Call Trace: [ 13.236713] <TASK> [ 13.236725] dump_stack_lvl+0x73/0xb0 [ 13.236746] print_report+0xd1/0x610 [ 13.236768] ? __virt_addr_valid+0x1db/0x2d0 [ 13.236786] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.236808] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.236830] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.236853] kasan_report+0x141/0x180 [ 13.236875] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.236915] kasan_check_range+0x10c/0x1c0 [ 13.236934] __kasan_check_write+0x18/0x20 [ 13.236953] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.236976] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.237000] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.237019] ? trace_hardirqs_on+0x37/0xe0 [ 13.237040] ? kasan_bitops_generic+0x92/0x1c0 [ 13.237063] kasan_bitops_generic+0x121/0x1c0 [ 13.237083] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.237104] ? __pfx_read_tsc+0x10/0x10 [ 13.237121] ? ktime_get_ts64+0x86/0x230 [ 13.237151] kunit_try_run_case+0x1a5/0x480 [ 13.237182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.237199] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.237222] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.237245] ? __kthread_parkme+0x82/0x180 [ 13.237265] ? preempt_count_sub+0x50/0x80 [ 13.237288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.237307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.237329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.237352] kthread+0x337/0x6f0 [ 13.237369] ? trace_preempt_on+0x20/0xc0 [ 13.237390] ? __pfx_kthread+0x10/0x10 [ 13.237407] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.237428] ? calculate_sigpending+0x7b/0xa0 [ 13.237449] ? __pfx_kthread+0x10/0x10 [ 13.237466] ret_from_fork+0x41/0x80 [ 13.237485] ? __pfx_kthread+0x10/0x10 [ 13.237502] ret_from_fork_asm+0x1a/0x30 [ 13.237532] </TASK> [ 13.237541] [ 13.245319] Allocated by task 280: [ 13.245497] kasan_save_stack+0x45/0x70 [ 13.245696] kasan_save_track+0x18/0x40 [ 13.245962] kasan_save_alloc_info+0x3b/0x50 [ 13.246144] __kasan_kmalloc+0xb7/0xc0 [ 13.246291] __kmalloc_cache_noprof+0x189/0x420 [ 13.246488] kasan_bitops_generic+0x92/0x1c0 [ 13.246664] kunit_try_run_case+0x1a5/0x480 [ 13.246805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.247068] kthread+0x337/0x6f0 [ 13.247220] ret_from_fork+0x41/0x80 [ 13.247348] ret_from_fork_asm+0x1a/0x30 [ 13.247485] [ 13.247555] The buggy address belongs to the object at ffff8881027e74e0 [ 13.247555] which belongs to the cache kmalloc-16 of size 16 [ 13.248163] The buggy address is located 8 bytes inside of [ 13.248163] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.248599] [ 13.248682] The buggy address belongs to the physical page: [ 13.249093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.249451] flags: 0x200000000000000(node=0|zone=2) [ 13.249664] page_type: f5(slab) [ 13.249805] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.250096] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.250322] page dumped because: kasan: bad access detected [ 13.250527] [ 13.250617] Memory state around the buggy address: [ 13.250837] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.251162] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.251374] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.251583] ^ [ 13.251873] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.252210] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.252646] ================================================================== [ 13.271565] ================================================================== [ 13.271943] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.272223] Write of size 8 at addr ffff8881027e74e8 by task kunit_try_catch/280 [ 13.272464] [ 13.272569] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 13.272607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.272618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.272636] Call Trace: [ 13.272649] <TASK> [ 13.272662] dump_stack_lvl+0x73/0xb0 [ 13.272684] print_report+0xd1/0x610 [ 13.272705] ? __virt_addr_valid+0x1db/0x2d0 [ 13.272725] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.272747] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.272769] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.272792] kasan_report+0x141/0x180 [ 13.272823] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.272851] kasan_check_range+0x10c/0x1c0 [ 13.272870] __kasan_check_write+0x18/0x20 [ 13.272902] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.272925] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.272948] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.272968] ? trace_hardirqs_on+0x37/0xe0 [ 13.272989] ? kasan_bitops_generic+0x92/0x1c0 [ 13.273013] kasan_bitops_generic+0x121/0x1c0 [ 13.273032] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.273052] ? __pfx_read_tsc+0x10/0x10 [ 13.273070] ? ktime_get_ts64+0x86/0x230 [ 13.273094] kunit_try_run_case+0x1a5/0x480 [ 13.273113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.273136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.273159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.273182] ? __kthread_parkme+0x82/0x180 [ 13.273203] ? preempt_count_sub+0x50/0x80 [ 13.273226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.273245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.273268] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.273290] kthread+0x337/0x6f0 [ 13.273306] ? trace_preempt_on+0x20/0xc0 [ 13.273327] ? __pfx_kthread+0x10/0x10 [ 13.273344] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.273365] ? calculate_sigpending+0x7b/0xa0 [ 13.273385] ? __pfx_kthread+0x10/0x10 [ 13.273403] ret_from_fork+0x41/0x80 [ 13.273423] ? __pfx_kthread+0x10/0x10 [ 13.273440] ret_from_fork_asm+0x1a/0x30 [ 13.273470] </TASK> [ 13.273479] [ 13.281446] Allocated by task 280: [ 13.281581] kasan_save_stack+0x45/0x70 [ 13.281774] kasan_save_track+0x18/0x40 [ 13.281975] kasan_save_alloc_info+0x3b/0x50 [ 13.282167] __kasan_kmalloc+0xb7/0xc0 [ 13.282327] __kmalloc_cache_noprof+0x189/0x420 [ 13.282476] kasan_bitops_generic+0x92/0x1c0 [ 13.282618] kunit_try_run_case+0x1a5/0x480 [ 13.282757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.283007] kthread+0x337/0x6f0 [ 13.283179] ret_from_fork+0x41/0x80 [ 13.283356] ret_from_fork_asm+0x1a/0x30 [ 13.283550] [ 13.283638] The buggy address belongs to the object at ffff8881027e74e0 [ 13.283638] which belongs to the cache kmalloc-16 of size 16 [ 13.284237] The buggy address is located 8 bytes inside of [ 13.284237] allocated 9-byte region [ffff8881027e74e0, ffff8881027e74e9) [ 13.284726] [ 13.284814] The buggy address belongs to the physical page: [ 13.285042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e7 [ 13.285380] flags: 0x200000000000000(node=0|zone=2) [ 13.285570] page_type: f5(slab) [ 13.285734] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.286112] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.286390] page dumped because: kasan: bad access detected [ 13.286559] [ 13.286626] Memory state around the buggy address: [ 13.286778] ffff8881027e7380: 00 04 fc fc 00 04 fc fc 00 01 fc fc 00 01 fc fc [ 13.287102] ffff8881027e7400: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 13.287416] >ffff8881027e7480: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.287729] ^ [ 13.287986] ffff8881027e7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.288197] ffff8881027e7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.288654] ==================================================================