Date
July 1, 2025, 3:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.321545] ================================================================== [ 19.321646] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 19.321703] Write of size 8 at addr fff00000c659b2e8 by task kunit_try_catch/262 [ 19.321755] [ 19.321903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.321933] Hardware name: linux,dummy-virt (DT) [ 19.322159] Call trace: [ 19.322239] dump_stack_lvl+0x8c/0xd0 [ 19.322413] kasan_check_range+0x100/0x1a8 [ 19.322604] kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 19.322874] kunit_try_run_case+0x170/0x3f0 [ 19.323063] kthread+0x328/0x630 [ 19.323549] kasan_save_track+0x20/0x40 [ 19.324490] [ 19.324602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659b [ 19.325593] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.325724] fff00000c659b180: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.325770] fff00000c659b200: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.325815] >fff00000c659b280: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.325857] ^ [ 19.325899] fff00000c659b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.325943] fff00000c659b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.325986] ================================================================== [ 19.277802] ================================================================== [ 19.277852] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 19.277918] Write of size 8 at addr fff00000c659b2e8 by task kunit_try_catch/262 [ 19.277981] [ 19.278012] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.278149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.278297] Hardware name: linux,dummy-virt (DT) [ 19.278330] Call trace: [ 19.278353] show_stack+0x20/0x38 (C) [ 19.278402] dump_stack_lvl+0x8c/0xd0 [ 19.278449] print_report+0x118/0x608 [ 19.278498] kasan_report+0xdc/0x128 [ 19.278701] kasan_bitops_generic+0x110/0x1c8 [ 19.279333] kunit_try_run_case+0x170/0x3f0 [ 19.279768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659b [ 19.281082] fff00000c659b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.281305] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 19.282517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.283368] kasan_report+0xdc/0x128 [ 19.286914] [ 19.289166] kthread+0x328/0x630 [ 19.292718] The buggy address is located 8 bytes inside of [ 19.292718] allocated 9-byte region [fff00000c659b2e0, fff00000c659b2e9) [ 19.293896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659b [ 19.294795] fff00000c659b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.294891] ================================================================== [ 19.273807] ================================================================== [ 19.273864] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 19.273916] Read of size 8 at addr fff00000c659b2e8 by task kunit_try_catch/262 [ 19.273969] [ 19.274002] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.274085] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.274113] Hardware name: linux,dummy-virt (DT) [ 19.274147] Call trace: [ 19.274169] show_stack+0x20/0x38 (C) [ 19.274219] dump_stack_lvl+0x8c/0xd0 [ 19.274270] print_report+0x118/0x608 [ 19.274318] kasan_report+0xdc/0x128 [ 19.274364] __asan_report_load8_noabort+0x20/0x30 [ 19.274414] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 19.274468] kasan_bitops_generic+0x110/0x1c8 [ 19.274516] kunit_try_run_case+0x170/0x3f0 [ 19.274579] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.275597] kthread+0x328/0x630 [ 19.275695] ret_from_fork+0x10/0x20 [ 19.275796] [ 19.275823] Allocated by task 262: [ 19.275852] kasan_save_stack+0x3c/0x68 [ 19.276007] kasan_save_track+0x20/0x40 [ 19.276051] kasan_save_alloc_info+0x40/0x58 [ 19.276093] __kasan_kmalloc+0xd4/0xd8 [ 19.276131] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.276177] kasan_bitops_generic+0xa0/0x1c8 [ 19.276373] kunit_try_run_case+0x170/0x3f0 [ 19.276413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.276458] kthread+0x328/0x630 [ 19.276492] ret_from_fork+0x10/0x20 [ 19.276530] [ 19.276556] The buggy address belongs to the object at fff00000c659b2e0 [ 19.276556] which belongs to the cache kmalloc-16 of size 16 [ 19.276631] The buggy address is located 8 bytes inside of [ 19.276631] allocated 9-byte region [fff00000c659b2e0, fff00000c659b2e9) [ 19.276699] [ 19.276722] The buggy address belongs to the physical page: [ 19.276755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659b [ 19.276811] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.276863] page_type: f5(slab) [ 19.276903] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.276967] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.277023] page dumped because: kasan: bad access detected [ 19.277058] [ 19.277077] Memory state around the buggy address: [ 19.277111] fff00000c659b180: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.277157] fff00000c659b200: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.277204] >fff00000c659b280: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.277245] ^ [ 19.277291] fff00000c659b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.277347] fff00000c659b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.277466] ================================================================== [ 19.268972] ================================================================== [ 19.269054] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 19.269124] Write of size 8 at addr fff00000c659b2e8 by task kunit_try_catch/262 [ 19.269177] [ 19.269218] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.269320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.269350] Hardware name: linux,dummy-virt (DT) [ 19.269386] Call trace: [ 19.269411] show_stack+0x20/0x38 (C) [ 19.269463] dump_stack_lvl+0x8c/0xd0 [ 19.269556] print_report+0x118/0x608 [ 19.269791] kasan_report+0xdc/0x128 [ 19.269837] kasan_check_range+0x100/0x1a8 [ 19.269887] __kasan_check_write+0x20/0x30 [ 19.269933] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 19.269986] kasan_bitops_generic+0x110/0x1c8 [ 19.270034] kunit_try_run_case+0x170/0x3f0 [ 19.270083] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.270138] kthread+0x328/0x630 [ 19.270181] ret_from_fork+0x10/0x20 [ 19.270233] [ 19.270253] Allocated by task 262: [ 19.270284] kasan_save_stack+0x3c/0x68 [ 19.270326] kasan_save_track+0x20/0x40 [ 19.270366] kasan_save_alloc_info+0x40/0x58 [ 19.270408] __kasan_kmalloc+0xd4/0xd8 [ 19.270446] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.270489] kasan_bitops_generic+0xa0/0x1c8 [ 19.270527] kunit_try_run_case+0x170/0x3f0 [ 19.270577] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.270622] kthread+0x328/0x630 [ 19.270657] ret_from_fork+0x10/0x20 [ 19.270694] [ 19.270715] The buggy address belongs to the object at fff00000c659b2e0 [ 19.270715] which belongs to the cache kmalloc-16 of size 16 [ 19.270777] The buggy address is located 8 bytes inside of [ 19.270777] allocated 9-byte region [fff00000c659b2e0, fff00000c659b2e9) [ 19.270843] [ 19.270867] The buggy address belongs to the physical page: [ 19.270904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659b [ 19.270965] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.271019] page_type: f5(slab) [ 19.271062] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.271116] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.271162] page dumped because: kasan: bad access detected [ 19.271196] [ 19.271218] Memory state around the buggy address: [ 19.271254] fff00000c659b180: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.271302] fff00000c659b200: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.271347] >fff00000c659b280: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.271390] ^ [ 19.271431] fff00000c659b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.271476] fff00000c659b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.271518] ================================================================== [ 19.310490] ================================================================== [ 19.310656] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 19.311844] dump_stack_lvl+0x8c/0xd0 [ 19.311963] print_report+0x118/0x608 [ 19.312072] kasan_report+0xdc/0x128 [ 19.312450] kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 19.312684] kthread+0x328/0x630 [ 19.312728] ret_from_fork+0x10/0x20 [ 19.312798] Allocated by task 262: [ 19.312966] kasan_save_alloc_info+0x40/0x58 [ 19.313720] The buggy address is located 8 bytes inside of [ 19.313720] allocated 9-byte region [fff00000c659b2e0, fff00000c659b2e9) [ 19.313905] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.314087] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.314615] >fff00000c659b280: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.314738] ^ [ 19.314815] fff00000c659b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.316999] [ 19.317020] Allocated by task 262: [ 19.317520] __kasan_kmalloc+0xd4/0xd8 [ 19.318013] kthread+0x328/0x630 [ 19.318256] The buggy address is located 8 bytes inside of [ 19.318256] allocated 9-byte region [fff00000c659b2e0, fff00000c659b2e9) [ 19.318376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659b [ 19.319323] >fff00000c659b280: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.319472] ^ [ 19.319532] fff00000c659b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.319630] fff00000c659b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.319710] ==================================================================
[ 13.710500] ================================================================== [ 13.710808] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.711423] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.711828] [ 13.711935] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.711986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.711999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.712039] Call Trace: [ 13.712058] <TASK> [ 13.712075] dump_stack_lvl+0x73/0xb0 [ 13.712104] print_report+0xd1/0x650 [ 13.712128] ? __virt_addr_valid+0x1db/0x2d0 [ 13.712156] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.712183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.712207] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.712234] kasan_report+0x141/0x180 [ 13.712257] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.712289] kasan_check_range+0x10c/0x1c0 [ 13.712313] __kasan_check_write+0x18/0x20 [ 13.712333] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.712360] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.712388] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.712414] ? trace_hardirqs_on+0x37/0xe0 [ 13.712439] ? kasan_bitops_generic+0x92/0x1c0 [ 13.712468] kasan_bitops_generic+0x116/0x1c0 [ 13.712492] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.712518] ? __pfx_read_tsc+0x10/0x10 [ 13.712540] ? ktime_get_ts64+0x86/0x230 [ 13.712564] kunit_try_run_case+0x1a5/0x480 [ 13.712588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.712611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.712637] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.712661] ? __kthread_parkme+0x82/0x180 [ 13.712683] ? preempt_count_sub+0x50/0x80 [ 13.712706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.712744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.712768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.712793] kthread+0x337/0x6f0 [ 13.712813] ? trace_preempt_on+0x20/0xc0 [ 13.712835] ? __pfx_kthread+0x10/0x10 [ 13.712855] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.712877] ? calculate_sigpending+0x7b/0xa0 [ 13.712901] ? __pfx_kthread+0x10/0x10 [ 13.712923] ret_from_fork+0x116/0x1d0 [ 13.712942] ? __pfx_kthread+0x10/0x10 [ 13.712962] ret_from_fork_asm+0x1a/0x30 [ 13.712994] </TASK> [ 13.713006] [ 13.721543] Allocated by task 278: [ 13.721735] kasan_save_stack+0x45/0x70 [ 13.721883] kasan_save_track+0x18/0x40 [ 13.722018] kasan_save_alloc_info+0x3b/0x50 [ 13.722245] __kasan_kmalloc+0xb7/0xc0 [ 13.722435] __kmalloc_cache_noprof+0x189/0x420 [ 13.722870] kasan_bitops_generic+0x92/0x1c0 [ 13.723108] kunit_try_run_case+0x1a5/0x480 [ 13.723301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.723526] kthread+0x337/0x6f0 [ 13.723775] ret_from_fork+0x116/0x1d0 [ 13.723963] ret_from_fork_asm+0x1a/0x30 [ 13.724135] [ 13.724212] The buggy address belongs to the object at ffff88810191e8e0 [ 13.724212] which belongs to the cache kmalloc-16 of size 16 [ 13.724573] The buggy address is located 8 bytes inside of [ 13.724573] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.725106] [ 13.725202] The buggy address belongs to the physical page: [ 13.725589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.725848] flags: 0x200000000000000(node=0|zone=2) [ 13.726012] page_type: f5(slab) [ 13.726295] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.726649] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.727001] page dumped because: kasan: bad access detected [ 13.727256] [ 13.727348] Memory state around the buggy address: [ 13.727544] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.728090] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.728373] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.728817] ^ [ 13.729124] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.729383] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.729614] ================================================================== [ 13.775640] ================================================================== [ 13.775985] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.776550] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.776962] [ 13.777088] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.777142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.777156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.777184] Call Trace: [ 13.777203] <TASK> [ 13.777222] dump_stack_lvl+0x73/0xb0 [ 13.777252] print_report+0xd1/0x650 [ 13.777276] ? __virt_addr_valid+0x1db/0x2d0 [ 13.777300] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.777327] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.777351] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.777378] kasan_report+0x141/0x180 [ 13.777400] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.777432] kasan_check_range+0x10c/0x1c0 [ 13.777456] __kasan_check_write+0x18/0x20 [ 13.777476] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.777503] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.777531] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.777557] ? trace_hardirqs_on+0x37/0xe0 [ 13.777581] ? kasan_bitops_generic+0x92/0x1c0 [ 13.777609] kasan_bitops_generic+0x116/0x1c0 [ 13.777633] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.777689] ? __pfx_read_tsc+0x10/0x10 [ 13.777711] ? ktime_get_ts64+0x86/0x230 [ 13.777736] kunit_try_run_case+0x1a5/0x480 [ 13.777761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.777784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.777810] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.777835] ? __kthread_parkme+0x82/0x180 [ 13.777856] ? preempt_count_sub+0x50/0x80 [ 13.777880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.777905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.777929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.777955] kthread+0x337/0x6f0 [ 13.777974] ? trace_preempt_on+0x20/0xc0 [ 13.777996] ? __pfx_kthread+0x10/0x10 [ 13.778017] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.778048] ? calculate_sigpending+0x7b/0xa0 [ 13.778073] ? __pfx_kthread+0x10/0x10 [ 13.778094] ret_from_fork+0x116/0x1d0 [ 13.778113] ? __pfx_kthread+0x10/0x10 [ 13.778133] ret_from_fork_asm+0x1a/0x30 [ 13.778163] </TASK> [ 13.778175] [ 13.786746] Allocated by task 278: [ 13.786933] kasan_save_stack+0x45/0x70 [ 13.787204] kasan_save_track+0x18/0x40 [ 13.787353] kasan_save_alloc_info+0x3b/0x50 [ 13.787502] __kasan_kmalloc+0xb7/0xc0 [ 13.787634] __kmalloc_cache_noprof+0x189/0x420 [ 13.787825] kasan_bitops_generic+0x92/0x1c0 [ 13.788042] kunit_try_run_case+0x1a5/0x480 [ 13.788258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.788651] kthread+0x337/0x6f0 [ 13.788817] ret_from_fork+0x116/0x1d0 [ 13.788972] ret_from_fork_asm+0x1a/0x30 [ 13.789351] [ 13.789459] The buggy address belongs to the object at ffff88810191e8e0 [ 13.789459] which belongs to the cache kmalloc-16 of size 16 [ 13.790086] The buggy address is located 8 bytes inside of [ 13.790086] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.790461] [ 13.790555] The buggy address belongs to the physical page: [ 13.790973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.791350] flags: 0x200000000000000(node=0|zone=2) [ 13.791557] page_type: f5(slab) [ 13.791788] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.792075] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.792313] page dumped because: kasan: bad access detected [ 13.792526] [ 13.792620] Memory state around the buggy address: [ 13.792845] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.793228] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.793602] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.794013] ^ [ 13.794223] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.794900] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.795626] ================================================================== [ 13.796562] ================================================================== [ 13.797439] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.798050] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.798563] [ 13.798789] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.798846] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.798860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.798897] Call Trace: [ 13.798915] <TASK> [ 13.798932] dump_stack_lvl+0x73/0xb0 [ 13.798964] print_report+0xd1/0x650 [ 13.798987] ? __virt_addr_valid+0x1db/0x2d0 [ 13.799012] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.799049] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.799075] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.799102] kasan_report+0x141/0x180 [ 13.799124] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.799156] kasan_check_range+0x10c/0x1c0 [ 13.799180] __kasan_check_write+0x18/0x20 [ 13.799200] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.799227] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.799255] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.799282] ? trace_hardirqs_on+0x37/0xe0 [ 13.799307] ? kasan_bitops_generic+0x92/0x1c0 [ 13.799335] kasan_bitops_generic+0x116/0x1c0 [ 13.799359] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.799386] ? __pfx_read_tsc+0x10/0x10 [ 13.799407] ? ktime_get_ts64+0x86/0x230 [ 13.799431] kunit_try_run_case+0x1a5/0x480 [ 13.799456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.799479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.799504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.799528] ? __kthread_parkme+0x82/0x180 [ 13.799549] ? preempt_count_sub+0x50/0x80 [ 13.799573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.799598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.799622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.799648] kthread+0x337/0x6f0 [ 13.799667] ? trace_preempt_on+0x20/0xc0 [ 13.799799] ? __pfx_kthread+0x10/0x10 [ 13.799828] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.799852] ? calculate_sigpending+0x7b/0xa0 [ 13.799876] ? __pfx_kthread+0x10/0x10 [ 13.799898] ret_from_fork+0x116/0x1d0 [ 13.799917] ? __pfx_kthread+0x10/0x10 [ 13.799979] ret_from_fork_asm+0x1a/0x30 [ 13.800012] </TASK> [ 13.800036] [ 13.813249] Allocated by task 278: [ 13.813425] kasan_save_stack+0x45/0x70 [ 13.813585] kasan_save_track+0x18/0x40 [ 13.813802] kasan_save_alloc_info+0x3b/0x50 [ 13.813952] __kasan_kmalloc+0xb7/0xc0 [ 13.814276] __kmalloc_cache_noprof+0x189/0x420 [ 13.814565] kasan_bitops_generic+0x92/0x1c0 [ 13.814911] kunit_try_run_case+0x1a5/0x480 [ 13.815157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.815380] kthread+0x337/0x6f0 [ 13.815551] ret_from_fork+0x116/0x1d0 [ 13.815706] ret_from_fork_asm+0x1a/0x30 [ 13.816014] [ 13.816147] The buggy address belongs to the object at ffff88810191e8e0 [ 13.816147] which belongs to the cache kmalloc-16 of size 16 [ 13.816619] The buggy address is located 8 bytes inside of [ 13.816619] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.817131] [ 13.817204] The buggy address belongs to the physical page: [ 13.817379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.817817] flags: 0x200000000000000(node=0|zone=2) [ 13.817991] page_type: f5(slab) [ 13.818121] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.818584] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.819280] page dumped because: kasan: bad access detected [ 13.819511] [ 13.819611] Memory state around the buggy address: [ 13.819905] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.820371] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.820738] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.821131] ^ [ 13.821405] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.821685] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.821980] ================================================================== [ 13.669296] ================================================================== [ 13.669889] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.670417] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.671017] [ 13.671147] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.671203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.671217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.671245] Call Trace: [ 13.671258] <TASK> [ 13.671279] dump_stack_lvl+0x73/0xb0 [ 13.671312] print_report+0xd1/0x650 [ 13.671336] ? __virt_addr_valid+0x1db/0x2d0 [ 13.671362] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.671389] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.671413] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.671440] kasan_report+0x141/0x180 [ 13.671462] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.671493] kasan_check_range+0x10c/0x1c0 [ 13.671518] __kasan_check_write+0x18/0x20 [ 13.671538] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.671565] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.671593] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.671620] ? trace_hardirqs_on+0x37/0xe0 [ 13.671747] ? kasan_bitops_generic+0x92/0x1c0 [ 13.671781] kasan_bitops_generic+0x116/0x1c0 [ 13.671807] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.671833] ? __pfx_read_tsc+0x10/0x10 [ 13.671856] ? ktime_get_ts64+0x86/0x230 [ 13.671882] kunit_try_run_case+0x1a5/0x480 [ 13.671908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.671932] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.671958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.671982] ? __kthread_parkme+0x82/0x180 [ 13.672002] ? preempt_count_sub+0x50/0x80 [ 13.672039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.672064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.672089] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.672115] kthread+0x337/0x6f0 [ 13.672135] ? trace_preempt_on+0x20/0xc0 [ 13.672161] ? __pfx_kthread+0x10/0x10 [ 13.672182] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.672204] ? calculate_sigpending+0x7b/0xa0 [ 13.672229] ? __pfx_kthread+0x10/0x10 [ 13.672251] ret_from_fork+0x116/0x1d0 [ 13.672270] ? __pfx_kthread+0x10/0x10 [ 13.672290] ret_from_fork_asm+0x1a/0x30 [ 13.672322] </TASK> [ 13.672334] [ 13.680787] Allocated by task 278: [ 13.680968] kasan_save_stack+0x45/0x70 [ 13.681129] kasan_save_track+0x18/0x40 [ 13.681283] kasan_save_alloc_info+0x3b/0x50 [ 13.681488] __kasan_kmalloc+0xb7/0xc0 [ 13.681668] __kmalloc_cache_noprof+0x189/0x420 [ 13.681887] kasan_bitops_generic+0x92/0x1c0 [ 13.682042] kunit_try_run_case+0x1a5/0x480 [ 13.682507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.682840] kthread+0x337/0x6f0 [ 13.682968] ret_from_fork+0x116/0x1d0 [ 13.683111] ret_from_fork_asm+0x1a/0x30 [ 13.683247] [ 13.683316] The buggy address belongs to the object at ffff88810191e8e0 [ 13.683316] which belongs to the cache kmalloc-16 of size 16 [ 13.683774] The buggy address is located 8 bytes inside of [ 13.683774] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.684364] [ 13.684437] The buggy address belongs to the physical page: [ 13.684606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.684841] flags: 0x200000000000000(node=0|zone=2) [ 13.684999] page_type: f5(slab) [ 13.685198] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.685544] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.685882] page dumped because: kasan: bad access detected [ 13.686152] [ 13.686246] Memory state around the buggy address: [ 13.686473] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.686823] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.687132] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.687346] ^ [ 13.687541] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.688019] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.688421] ================================================================== [ 13.822418] ================================================================== [ 13.822749] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.823356] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.823688] [ 13.823881] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.823936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.823950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.823978] Call Trace: [ 13.823996] <TASK> [ 13.824014] dump_stack_lvl+0x73/0xb0 [ 13.824061] print_report+0xd1/0x650 [ 13.824085] ? __virt_addr_valid+0x1db/0x2d0 [ 13.824109] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.824137] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.824165] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.824193] kasan_report+0x141/0x180 [ 13.824217] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.824248] kasan_check_range+0x10c/0x1c0 [ 13.824272] __kasan_check_write+0x18/0x20 [ 13.824291] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.824320] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.824350] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.824378] ? trace_hardirqs_on+0x37/0xe0 [ 13.824401] ? kasan_bitops_generic+0x92/0x1c0 [ 13.824429] kasan_bitops_generic+0x116/0x1c0 [ 13.824454] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.824479] ? __pfx_read_tsc+0x10/0x10 [ 13.824501] ? ktime_get_ts64+0x86/0x230 [ 13.824525] kunit_try_run_case+0x1a5/0x480 [ 13.824550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.824573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.824600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.824626] ? __kthread_parkme+0x82/0x180 [ 13.824750] ? preempt_count_sub+0x50/0x80 [ 13.824782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.824808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.824832] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.824858] kthread+0x337/0x6f0 [ 13.824877] ? trace_preempt_on+0x20/0xc0 [ 13.824899] ? __pfx_kthread+0x10/0x10 [ 13.824919] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.824942] ? calculate_sigpending+0x7b/0xa0 [ 13.824967] ? __pfx_kthread+0x10/0x10 [ 13.824987] ret_from_fork+0x116/0x1d0 [ 13.825007] ? __pfx_kthread+0x10/0x10 [ 13.825039] ret_from_fork_asm+0x1a/0x30 [ 13.825070] </TASK> [ 13.825081] [ 13.833273] Allocated by task 278: [ 13.833459] kasan_save_stack+0x45/0x70 [ 13.833742] kasan_save_track+0x18/0x40 [ 13.833949] kasan_save_alloc_info+0x3b/0x50 [ 13.834184] __kasan_kmalloc+0xb7/0xc0 [ 13.834366] __kmalloc_cache_noprof+0x189/0x420 [ 13.834574] kasan_bitops_generic+0x92/0x1c0 [ 13.834891] kunit_try_run_case+0x1a5/0x480 [ 13.835085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.835326] kthread+0x337/0x6f0 [ 13.835482] ret_from_fork+0x116/0x1d0 [ 13.835685] ret_from_fork_asm+0x1a/0x30 [ 13.835862] [ 13.835941] The buggy address belongs to the object at ffff88810191e8e0 [ 13.835941] which belongs to the cache kmalloc-16 of size 16 [ 13.836434] The buggy address is located 8 bytes inside of [ 13.836434] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.837094] [ 13.837196] The buggy address belongs to the physical page: [ 13.837422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.837674] flags: 0x200000000000000(node=0|zone=2) [ 13.837840] page_type: f5(slab) [ 13.837961] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.838206] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.838551] page dumped because: kasan: bad access detected [ 13.838919] [ 13.839032] Memory state around the buggy address: [ 13.839259] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.839485] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.839922] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.840279] ^ [ 13.840548] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.841003] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.841500] ================================================================== [ 13.730223] ================================================================== [ 13.730578] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.730978] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.731267] [ 13.731388] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.731440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.731453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.731482] Call Trace: [ 13.731500] <TASK> [ 13.731518] dump_stack_lvl+0x73/0xb0 [ 13.731547] print_report+0xd1/0x650 [ 13.731569] ? __virt_addr_valid+0x1db/0x2d0 [ 13.731594] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.731621] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.731644] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.731672] kasan_report+0x141/0x180 [ 13.731693] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.731725] kasan_check_range+0x10c/0x1c0 [ 13.731748] __kasan_check_write+0x18/0x20 [ 13.731767] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.731795] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.731822] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.731848] ? trace_hardirqs_on+0x37/0xe0 [ 13.731873] ? kasan_bitops_generic+0x92/0x1c0 [ 13.731901] kasan_bitops_generic+0x116/0x1c0 [ 13.731937] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.731963] ? __pfx_read_tsc+0x10/0x10 [ 13.731989] ? ktime_get_ts64+0x86/0x230 [ 13.732017] kunit_try_run_case+0x1a5/0x480 [ 13.732053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.732077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.732102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.732126] ? __kthread_parkme+0x82/0x180 [ 13.732152] ? preempt_count_sub+0x50/0x80 [ 13.732177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.732202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.732227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.732254] kthread+0x337/0x6f0 [ 13.732274] ? trace_preempt_on+0x20/0xc0 [ 13.732296] ? __pfx_kthread+0x10/0x10 [ 13.732317] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.732338] ? calculate_sigpending+0x7b/0xa0 [ 13.732363] ? __pfx_kthread+0x10/0x10 [ 13.732385] ret_from_fork+0x116/0x1d0 [ 13.732403] ? __pfx_kthread+0x10/0x10 [ 13.732424] ret_from_fork_asm+0x1a/0x30 [ 13.732455] </TASK> [ 13.732467] [ 13.741435] Allocated by task 278: [ 13.741572] kasan_save_stack+0x45/0x70 [ 13.741772] kasan_save_track+0x18/0x40 [ 13.741964] kasan_save_alloc_info+0x3b/0x50 [ 13.742564] __kasan_kmalloc+0xb7/0xc0 [ 13.743054] __kmalloc_cache_noprof+0x189/0x420 [ 13.743224] kasan_bitops_generic+0x92/0x1c0 [ 13.743397] kunit_try_run_case+0x1a5/0x480 [ 13.743605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.743895] kthread+0x337/0x6f0 [ 13.744067] ret_from_fork+0x116/0x1d0 [ 13.744240] ret_from_fork_asm+0x1a/0x30 [ 13.744408] [ 13.744501] The buggy address belongs to the object at ffff88810191e8e0 [ 13.744501] which belongs to the cache kmalloc-16 of size 16 [ 13.745035] The buggy address is located 8 bytes inside of [ 13.745035] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.745534] [ 13.745631] The buggy address belongs to the physical page: [ 13.746035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.746306] flags: 0x200000000000000(node=0|zone=2) [ 13.746476] page_type: f5(slab) [ 13.746598] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.747051] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.747387] page dumped because: kasan: bad access detected [ 13.747880] [ 13.747979] Memory state around the buggy address: [ 13.748171] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.748406] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.748726] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.749160] ^ [ 13.749445] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.749740] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.750260] ================================================================== [ 13.688856] ================================================================== [ 13.689453] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.690160] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.690488] [ 13.690606] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.690707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.690721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.690749] Call Trace: [ 13.690768] <TASK> [ 13.690784] dump_stack_lvl+0x73/0xb0 [ 13.690813] print_report+0xd1/0x650 [ 13.690836] ? __virt_addr_valid+0x1db/0x2d0 [ 13.690861] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.690887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.690912] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.690939] kasan_report+0x141/0x180 [ 13.690961] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.690993] kasan_check_range+0x10c/0x1c0 [ 13.691017] __kasan_check_write+0x18/0x20 [ 13.691048] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.691075] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.691104] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.691130] ? trace_hardirqs_on+0x37/0xe0 [ 13.691154] ? kasan_bitops_generic+0x92/0x1c0 [ 13.691182] kasan_bitops_generic+0x116/0x1c0 [ 13.691206] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.691232] ? __pfx_read_tsc+0x10/0x10 [ 13.691254] ? ktime_get_ts64+0x86/0x230 [ 13.691280] kunit_try_run_case+0x1a5/0x480 [ 13.691304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.691327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.691352] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.691376] ? __kthread_parkme+0x82/0x180 [ 13.691397] ? preempt_count_sub+0x50/0x80 [ 13.691422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.691446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.691470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.691495] kthread+0x337/0x6f0 [ 13.691515] ? trace_preempt_on+0x20/0xc0 [ 13.691538] ? __pfx_kthread+0x10/0x10 [ 13.691559] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.691580] ? calculate_sigpending+0x7b/0xa0 [ 13.691605] ? __pfx_kthread+0x10/0x10 [ 13.691627] ret_from_fork+0x116/0x1d0 [ 13.691645] ? __pfx_kthread+0x10/0x10 [ 13.691666] ret_from_fork_asm+0x1a/0x30 [ 13.691697] </TASK> [ 13.691709] [ 13.700229] Allocated by task 278: [ 13.700366] kasan_save_stack+0x45/0x70 [ 13.700514] kasan_save_track+0x18/0x40 [ 13.701188] kasan_save_alloc_info+0x3b/0x50 [ 13.701432] __kasan_kmalloc+0xb7/0xc0 [ 13.701622] __kmalloc_cache_noprof+0x189/0x420 [ 13.702355] kasan_bitops_generic+0x92/0x1c0 [ 13.702573] kunit_try_run_case+0x1a5/0x480 [ 13.703062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.703493] kthread+0x337/0x6f0 [ 13.703815] ret_from_fork+0x116/0x1d0 [ 13.704219] ret_from_fork_asm+0x1a/0x30 [ 13.704480] [ 13.704707] The buggy address belongs to the object at ffff88810191e8e0 [ 13.704707] which belongs to the cache kmalloc-16 of size 16 [ 13.705436] The buggy address is located 8 bytes inside of [ 13.705436] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.705873] [ 13.705975] The buggy address belongs to the physical page: [ 13.706244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.706583] flags: 0x200000000000000(node=0|zone=2) [ 13.706867] page_type: f5(slab) [ 13.707061] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.707345] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.707663] page dumped because: kasan: bad access detected [ 13.707959] [ 13.708062] Memory state around the buggy address: [ 13.708228] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.708550] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.708869] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.709140] ^ [ 13.709435] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.709741] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.710033] ================================================================== [ 13.751791] ================================================================== [ 13.752089] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.752414] Write of size 8 at addr ffff88810191e8e8 by task kunit_try_catch/278 [ 13.753063] [ 13.753194] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.753247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.753260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.753288] Call Trace: [ 13.753307] <TASK> [ 13.753325] dump_stack_lvl+0x73/0xb0 [ 13.753354] print_report+0xd1/0x650 [ 13.753377] ? __virt_addr_valid+0x1db/0x2d0 [ 13.753401] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.753428] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.753453] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.753480] kasan_report+0x141/0x180 [ 13.753503] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.753534] kasan_check_range+0x10c/0x1c0 [ 13.753558] __kasan_check_write+0x18/0x20 [ 13.753578] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.753606] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.753634] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.753848] ? trace_hardirqs_on+0x37/0xe0 [ 13.753881] ? kasan_bitops_generic+0x92/0x1c0 [ 13.753909] kasan_bitops_generic+0x116/0x1c0 [ 13.753935] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.753962] ? __pfx_read_tsc+0x10/0x10 [ 13.753984] ? ktime_get_ts64+0x86/0x230 [ 13.754008] kunit_try_run_case+0x1a5/0x480 [ 13.754047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.754070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.754096] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.754120] ? __kthread_parkme+0x82/0x180 [ 13.754142] ? preempt_count_sub+0x50/0x80 [ 13.754166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.754191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.754215] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.754240] kthread+0x337/0x6f0 [ 13.754259] ? trace_preempt_on+0x20/0xc0 [ 13.754282] ? __pfx_kthread+0x10/0x10 [ 13.754302] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.754324] ? calculate_sigpending+0x7b/0xa0 [ 13.754349] ? __pfx_kthread+0x10/0x10 [ 13.754370] ret_from_fork+0x116/0x1d0 [ 13.754389] ? __pfx_kthread+0x10/0x10 [ 13.754410] ret_from_fork_asm+0x1a/0x30 [ 13.754441] </TASK> [ 13.754453] [ 13.762748] Allocated by task 278: [ 13.762928] kasan_save_stack+0x45/0x70 [ 13.764269] kasan_save_track+0x18/0x40 [ 13.764852] kasan_save_alloc_info+0x3b/0x50 [ 13.765101] __kasan_kmalloc+0xb7/0xc0 [ 13.765285] __kmalloc_cache_noprof+0x189/0x420 [ 13.765491] kasan_bitops_generic+0x92/0x1c0 [ 13.766117] kunit_try_run_case+0x1a5/0x480 [ 13.766401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.767098] kthread+0x337/0x6f0 [ 13.767332] ret_from_fork+0x116/0x1d0 [ 13.768095] ret_from_fork_asm+0x1a/0x30 [ 13.768506] [ 13.768600] The buggy address belongs to the object at ffff88810191e8e0 [ 13.768600] which belongs to the cache kmalloc-16 of size 16 [ 13.769542] The buggy address is located 8 bytes inside of [ 13.769542] allocated 9-byte region [ffff88810191e8e0, ffff88810191e8e9) [ 13.770836] [ 13.770945] The buggy address belongs to the physical page: [ 13.771198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10191e [ 13.771462] flags: 0x200000000000000(node=0|zone=2) [ 13.771916] page_type: f5(slab) [ 13.772148] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.772449] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.772876] page dumped because: kasan: bad access detected [ 13.773096] [ 13.773194] Memory state around the buggy address: [ 13.773424] ffff88810191e780: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.773754] ffff88810191e800: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.774041] >ffff88810191e880: 00 05 fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.774356] ^ [ 13.774637] ffff88810191e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.774912] ffff88810191e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.775210] ==================================================================