Date
June 18, 2025, 6:43 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.361257] ================================================================== [ 23.361688] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 23.362430] Write of size 8 at addr fff00000c60581a8 by task kunit_try_catch/271 [ 23.362603] [ 23.362698] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 23.362899] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.362965] Hardware name: linux,dummy-virt (DT) [ 23.363055] Call trace: [ 23.363112] show_stack+0x20/0x38 (C) [ 23.363513] dump_stack_lvl+0x8c/0xd0 [ 23.364329] print_report+0x118/0x608 [ 23.364881] kasan_report+0xdc/0x128 [ 23.365109] kasan_check_range+0x100/0x1a8 [ 23.365447] __kasan_check_write+0x20/0x30 [ 23.365950] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 23.366637] kasan_bitops_generic+0x110/0x1c8 [ 23.366995] kunit_try_run_case+0x170/0x3f0 [ 23.367174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.367714] kthread+0x328/0x630 [ 23.368215] ret_from_fork+0x10/0x20 [ 23.368371] [ 23.368739] Allocated by task 271: [ 23.368889] kasan_save_stack+0x3c/0x68 [ 23.369714] kasan_save_track+0x20/0x40 [ 23.369985] kasan_save_alloc_info+0x40/0x58 [ 23.370486] __kasan_kmalloc+0xd4/0xd8 [ 23.370884] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.371237] kasan_bitops_generic+0xa0/0x1c8 [ 23.371361] kunit_try_run_case+0x170/0x3f0 [ 23.371905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.372467] kthread+0x328/0x630 [ 23.372659] ret_from_fork+0x10/0x20 [ 23.372976] [ 23.373199] The buggy address belongs to the object at fff00000c60581a0 [ 23.373199] which belongs to the cache kmalloc-16 of size 16 [ 23.373750] The buggy address is located 8 bytes inside of [ 23.373750] allocated 9-byte region [fff00000c60581a0, fff00000c60581a9) [ 23.374000] [ 23.375110] The buggy address belongs to the physical page: [ 23.375217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106058 [ 23.375333] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.375397] page_type: f5(slab) [ 23.375452] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 23.375512] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.375560] page dumped because: kasan: bad access detected [ 23.375598] [ 23.375621] Memory state around the buggy address: [ 23.375664] fff00000c6058080: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 23.375716] fff00000c6058100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.375764] >fff00000c6058180: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.375808] ^ [ 23.375848] fff00000c6058200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.375896] fff00000c6058280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.375940] ================================================================== [ 23.377153] ================================================================== [ 23.377279] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 23.377414] Read of size 8 at addr fff00000c60581a8 by task kunit_try_catch/271 [ 23.377544] [ 23.377631] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 23.377856] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.377935] Hardware name: linux,dummy-virt (DT) [ 23.378028] Call trace: [ 23.378082] show_stack+0x20/0x38 (C) [ 23.378191] dump_stack_lvl+0x8c/0xd0 [ 23.378316] print_report+0x118/0x608 [ 23.378474] kasan_report+0xdc/0x128 [ 23.378623] __asan_report_load8_noabort+0x20/0x30 [ 23.378875] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 23.379249] kasan_bitops_generic+0x110/0x1c8 [ 23.379545] kunit_try_run_case+0x170/0x3f0 [ 23.379701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.379861] kthread+0x328/0x630 [ 23.379990] ret_from_fork+0x10/0x20 [ 23.380157] [ 23.380217] Allocated by task 271: [ 23.380294] kasan_save_stack+0x3c/0x68 [ 23.380382] kasan_save_track+0x20/0x40 [ 23.380473] kasan_save_alloc_info+0x40/0x58 [ 23.380786] __kasan_kmalloc+0xd4/0xd8 [ 23.380883] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.380992] kasan_bitops_generic+0xa0/0x1c8 [ 23.381110] kunit_try_run_case+0x170/0x3f0 [ 23.381205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.381324] kthread+0x328/0x630 [ 23.381427] ret_from_fork+0x10/0x20 [ 23.381559] [ 23.381638] The buggy address belongs to the object at fff00000c60581a0 [ 23.381638] which belongs to the cache kmalloc-16 of size 16 [ 23.381826] The buggy address is located 8 bytes inside of [ 23.381826] allocated 9-byte region [fff00000c60581a0, fff00000c60581a9) [ 23.382039] [ 23.382095] The buggy address belongs to the physical page: [ 23.382180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106058 [ 23.382320] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.382454] page_type: f5(slab) [ 23.382551] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 23.382682] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.382788] page dumped because: kasan: bad access detected [ 23.382873] [ 23.382932] Memory state around the buggy address: [ 23.383075] fff00000c6058080: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 23.383184] fff00000c6058100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.383299] >fff00000c6058180: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.383958] ^ [ 23.384121] fff00000c6058200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.384246] fff00000c6058280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.384366] ================================================================== [ 23.386913] ================================================================== [ 23.387058] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 23.387179] Write of size 8 at addr fff00000c60581a8 by task kunit_try_catch/271 [ 23.387308] [ 23.387397] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 23.387633] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.387716] Hardware name: linux,dummy-virt (DT) [ 23.387802] Call trace: [ 23.387863] show_stack+0x20/0x38 (C) [ 23.387987] dump_stack_lvl+0x8c/0xd0 [ 23.388159] print_report+0x118/0x608 [ 23.388271] kasan_report+0xdc/0x128 [ 23.388396] kasan_check_range+0x100/0x1a8 [ 23.388751] __kasan_check_write+0x20/0x30 [ 23.389194] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 23.389554] kasan_bitops_generic+0x110/0x1c8 [ 23.389676] kunit_try_run_case+0x170/0x3f0 [ 23.389943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.390136] kthread+0x328/0x630 [ 23.390246] ret_from_fork+0x10/0x20 [ 23.390702] [ 23.390758] Allocated by task 271: [ 23.390836] kasan_save_stack+0x3c/0x68 [ 23.390945] kasan_save_track+0x20/0x40 [ 23.391058] kasan_save_alloc_info+0x40/0x58 [ 23.391165] __kasan_kmalloc+0xd4/0xd8 [ 23.391244] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.391360] kasan_bitops_generic+0xa0/0x1c8 [ 23.391460] kunit_try_run_case+0x170/0x3f0 [ 23.391858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.392067] kthread+0x328/0x630 [ 23.392164] ret_from_fork+0x10/0x20 [ 23.392302] [ 23.392355] The buggy address belongs to the object at fff00000c60581a0 [ 23.392355] which belongs to the cache kmalloc-16 of size 16 [ 23.392555] The buggy address is located 8 bytes inside of [ 23.392555] allocated 9-byte region [fff00000c60581a0, fff00000c60581a9) [ 23.392760] [ 23.392838] The buggy address belongs to the physical page: [ 23.392956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106058 [ 23.393151] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.393276] page_type: f5(slab) [ 23.393431] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 23.393584] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.393736] page dumped because: kasan: bad access detected [ 23.393837] [ 23.393884] Memory state around the buggy address: [ 23.393966] fff00000c6058080: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 23.394131] fff00000c6058100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.394234] >fff00000c6058180: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.394331] ^ [ 23.394517] fff00000c6058200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.394623] fff00000c6058280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.394721] ================================================================== [ 23.397371] ================================================================== [ 23.397505] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 23.397633] Read of size 8 at addr fff00000c60581a8 by task kunit_try_catch/271 [ 23.397762] [ 23.397849] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 23.398120] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.398199] Hardware name: linux,dummy-virt (DT) [ 23.398339] show_stack+0x20/0x38 (C) [ 23.399678] kasan_bitops_generic+0x110/0x1c8 [ 23.400594] Allocated by task 271: [ 23.400985] __kasan_kmalloc+0xd4/0xd8 [ 23.401415] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.401966] The buggy address is located 8 bytes inside of [ 23.401966] allocated 9-byte region [fff00000c60581a0, fff00000c60581a9) [ 23.402743] page_type: f5(slab) [ 23.403313] page dumped because: kasan: bad access detected [ 23.404303] >fff00000c6058180: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.407214] Write of size 8 at addr fff00000c60581a8 by task kunit_try_catch/271 [ 23.408227] dump_stack_lvl+0x8c/0xd0 [ 23.408466] kasan_report+0xdc/0x128 [ 23.409003] kasan_bitops_generic+0x110/0x1c8 [ 23.409542] ret_from_fork+0x10/0x20 [ 23.410401] __kasan_kmalloc+0xd4/0xd8 [ 23.410838] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.411200] [ 23.411434] The buggy address is located 8 bytes inside of [ 23.411434] allocated 9-byte region [fff00000c60581a0, fff00000c60581a9) [ 23.412314] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.413057] >fff00000c6058180: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.414207] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 23.414857] Call trace: [ 23.414916] show_stack+0x20/0x38 (C) [ 23.415990] kunit_try_run_case+0x170/0x3f0 [ 23.416309] kthread+0x328/0x630 [ 23.417272] kasan_save_stack+0x3c/0x68 [ 23.417943] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.418362] kthread+0x328/0x630 [ 23.418705] ret_from_fork+0x10/0x20 [ 23.419015] The buggy address is located 8 bytes inside of [ 23.419015] allocated 9-byte region [fff00000c60581a0, fff00000c60581a9) [ 23.420717] [ 23.420763] Memory state around the buggy address: [ 23.421183] >fff00000c6058180: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.424272] ==================================================================
[ 13.218387] ================================================================== [ 13.218743] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.219104] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.219780] [ 13.219897] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.219944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.219955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.219976] Call Trace: [ 13.219988] <TASK> [ 13.220002] dump_stack_lvl+0x73/0xb0 [ 13.220027] print_report+0xd1/0x650 [ 13.220048] ? __virt_addr_valid+0x1db/0x2d0 [ 13.220069] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220093] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.220118] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220142] kasan_report+0x141/0x180 [ 13.220163] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220225] kasan_check_range+0x10c/0x1c0 [ 13.220248] __kasan_check_write+0x18/0x20 [ 13.220270] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220294] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.220319] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.220342] ? trace_hardirqs_on+0x37/0xe0 [ 13.220364] ? kasan_bitops_generic+0x92/0x1c0 [ 13.220390] kasan_bitops_generic+0x116/0x1c0 [ 13.220412] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.220499] ? __pfx_read_tsc+0x10/0x10 [ 13.220520] ? ktime_get_ts64+0x86/0x230 [ 13.220545] kunit_try_run_case+0x1a5/0x480 [ 13.220567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.220588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.220609] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.220631] ? __kthread_parkme+0x82/0x180 [ 13.220653] ? preempt_count_sub+0x50/0x80 [ 13.220676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.220699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.220720] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.220742] kthread+0x337/0x6f0 [ 13.220761] ? trace_preempt_on+0x20/0xc0 [ 13.220782] ? __pfx_kthread+0x10/0x10 [ 13.220801] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.220820] ? calculate_sigpending+0x7b/0xa0 [ 13.220843] ? __pfx_kthread+0x10/0x10 [ 13.220863] ret_from_fork+0x116/0x1d0 [ 13.220881] ? __pfx_kthread+0x10/0x10 [ 13.220900] ret_from_fork_asm+0x1a/0x30 [ 13.220929] </TASK> [ 13.220939] [ 13.229087] Allocated by task 287: [ 13.229289] kasan_save_stack+0x45/0x70 [ 13.229576] kasan_save_track+0x18/0x40 [ 13.229768] kasan_save_alloc_info+0x3b/0x50 [ 13.229971] __kasan_kmalloc+0xb7/0xc0 [ 13.230107] __kmalloc_cache_noprof+0x189/0x420 [ 13.230358] kasan_bitops_generic+0x92/0x1c0 [ 13.230753] kunit_try_run_case+0x1a5/0x480 [ 13.230950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.231184] kthread+0x337/0x6f0 [ 13.231341] ret_from_fork+0x116/0x1d0 [ 13.231561] ret_from_fork_asm+0x1a/0x30 [ 13.231739] [ 13.231825] The buggy address belongs to the object at ffff8881028596c0 [ 13.231825] which belongs to the cache kmalloc-16 of size 16 [ 13.232364] The buggy address is located 8 bytes inside of [ 13.232364] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.232873] [ 13.232941] The buggy address belongs to the physical page: [ 13.233105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.233585] flags: 0x200000000000000(node=0|zone=2) [ 13.233821] page_type: f5(slab) [ 13.233977] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.234289] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.234768] page dumped because: kasan: bad access detected [ 13.235028] [ 13.235114] Memory state around the buggy address: [ 13.235367] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.235772] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.236027] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.236372] ^ [ 13.236689] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.236973] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.237230] ================================================================== [ 13.287569] ================================================================== [ 13.287915] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.288165] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.288640] [ 13.288779] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.288826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.288838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.288858] Call Trace: [ 13.288871] <TASK> [ 13.288884] dump_stack_lvl+0x73/0xb0 [ 13.288909] print_report+0xd1/0x650 [ 13.288930] ? __virt_addr_valid+0x1db/0x2d0 [ 13.288951] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.288974] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.288998] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.289022] kasan_report+0x141/0x180 [ 13.289043] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.289072] kasan_check_range+0x10c/0x1c0 [ 13.289104] __kasan_check_write+0x18/0x20 [ 13.289125] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.289149] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.289184] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.289215] ? trace_hardirqs_on+0x37/0xe0 [ 13.289235] ? kasan_bitops_generic+0x92/0x1c0 [ 13.289261] kasan_bitops_generic+0x116/0x1c0 [ 13.289282] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.289305] ? __pfx_read_tsc+0x10/0x10 [ 13.289326] ? ktime_get_ts64+0x86/0x230 [ 13.289349] kunit_try_run_case+0x1a5/0x480 [ 13.289371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.289392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.289412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.289435] ? __kthread_parkme+0x82/0x180 [ 13.289455] ? preempt_count_sub+0x50/0x80 [ 13.289476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.289498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.289519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.289541] kthread+0x337/0x6f0 [ 13.289559] ? trace_preempt_on+0x20/0xc0 [ 13.289579] ? __pfx_kthread+0x10/0x10 [ 13.289644] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.289666] ? calculate_sigpending+0x7b/0xa0 [ 13.289688] ? __pfx_kthread+0x10/0x10 [ 13.289709] ret_from_fork+0x116/0x1d0 [ 13.289727] ? __pfx_kthread+0x10/0x10 [ 13.289746] ret_from_fork_asm+0x1a/0x30 [ 13.289774] </TASK> [ 13.289783] [ 13.298610] Allocated by task 287: [ 13.298771] kasan_save_stack+0x45/0x70 [ 13.298964] kasan_save_track+0x18/0x40 [ 13.299147] kasan_save_alloc_info+0x3b/0x50 [ 13.299353] __kasan_kmalloc+0xb7/0xc0 [ 13.299715] __kmalloc_cache_noprof+0x189/0x420 [ 13.300045] kasan_bitops_generic+0x92/0x1c0 [ 13.300218] kunit_try_run_case+0x1a5/0x480 [ 13.300518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.300870] kthread+0x337/0x6f0 [ 13.301079] ret_from_fork+0x116/0x1d0 [ 13.301328] ret_from_fork_asm+0x1a/0x30 [ 13.301465] [ 13.301528] The buggy address belongs to the object at ffff8881028596c0 [ 13.301528] which belongs to the cache kmalloc-16 of size 16 [ 13.301873] The buggy address is located 8 bytes inside of [ 13.301873] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.302748] [ 13.302902] The buggy address belongs to the physical page: [ 13.303295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.303607] flags: 0x200000000000000(node=0|zone=2) [ 13.303794] page_type: f5(slab) [ 13.303956] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.304524] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.304876] page dumped because: kasan: bad access detected [ 13.305113] [ 13.305177] Memory state around the buggy address: [ 13.305405] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.305816] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.306145] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.306378] ^ [ 13.306546] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.306979] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.307358] ================================================================== [ 13.198017] ================================================================== [ 13.198387] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.198907] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.199175] [ 13.199285] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.199354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.199366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.199388] Call Trace: [ 13.199401] <TASK> [ 13.199415] dump_stack_lvl+0x73/0xb0 [ 13.199520] print_report+0xd1/0x650 [ 13.199545] ? __virt_addr_valid+0x1db/0x2d0 [ 13.199569] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.199619] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199643] kasan_report+0x141/0x180 [ 13.199665] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199694] kasan_check_range+0x10c/0x1c0 [ 13.199716] __kasan_check_write+0x18/0x20 [ 13.199739] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199763] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.199791] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.199814] ? trace_hardirqs_on+0x37/0xe0 [ 13.199834] ? kasan_bitops_generic+0x92/0x1c0 [ 13.199859] kasan_bitops_generic+0x116/0x1c0 [ 13.199881] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.199904] ? __pfx_read_tsc+0x10/0x10 [ 13.199923] ? ktime_get_ts64+0x86/0x230 [ 13.199947] kunit_try_run_case+0x1a5/0x480 [ 13.199970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.199990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.200011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.200032] ? __kthread_parkme+0x82/0x180 [ 13.200051] ? preempt_count_sub+0x50/0x80 [ 13.200073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.200095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.200117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.200138] kthread+0x337/0x6f0 [ 13.200156] ? trace_preempt_on+0x20/0xc0 [ 13.200177] ? __pfx_kthread+0x10/0x10 [ 13.200197] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.200245] ? calculate_sigpending+0x7b/0xa0 [ 13.200267] ? __pfx_kthread+0x10/0x10 [ 13.200287] ret_from_fork+0x116/0x1d0 [ 13.200304] ? __pfx_kthread+0x10/0x10 [ 13.200324] ret_from_fork_asm+0x1a/0x30 [ 13.200353] </TASK> [ 13.200363] [ 13.208576] Allocated by task 287: [ 13.208711] kasan_save_stack+0x45/0x70 [ 13.208847] kasan_save_track+0x18/0x40 [ 13.209021] kasan_save_alloc_info+0x3b/0x50 [ 13.209253] __kasan_kmalloc+0xb7/0xc0 [ 13.209497] __kmalloc_cache_noprof+0x189/0x420 [ 13.209702] kasan_bitops_generic+0x92/0x1c0 [ 13.209842] kunit_try_run_case+0x1a5/0x480 [ 13.209980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.210194] kthread+0x337/0x6f0 [ 13.210377] ret_from_fork+0x116/0x1d0 [ 13.210758] ret_from_fork_asm+0x1a/0x30 [ 13.210958] [ 13.211046] The buggy address belongs to the object at ffff8881028596c0 [ 13.211046] which belongs to the cache kmalloc-16 of size 16 [ 13.211605] The buggy address is located 8 bytes inside of [ 13.211605] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.212058] [ 13.212140] The buggy address belongs to the physical page: [ 13.212367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.212671] flags: 0x200000000000000(node=0|zone=2) [ 13.212860] page_type: f5(slab) [ 13.213019] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.213414] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.213766] page dumped because: kasan: bad access detected [ 13.213932] [ 13.213993] Memory state around the buggy address: [ 13.214142] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.214378] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.214845] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.215156] ^ [ 13.215483] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.215800] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.216106] ================================================================== [ 13.331265] ================================================================== [ 13.331753] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.332111] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.332626] [ 13.332912] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.332961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.332974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.332994] Call Trace: [ 13.333005] <TASK> [ 13.333018] dump_stack_lvl+0x73/0xb0 [ 13.333045] print_report+0xd1/0x650 [ 13.333064] ? __virt_addr_valid+0x1db/0x2d0 [ 13.333086] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333109] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.333133] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333157] kasan_report+0x141/0x180 [ 13.333177] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333216] kasan_check_range+0x10c/0x1c0 [ 13.333239] __kasan_check_write+0x18/0x20 [ 13.333260] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333284] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.333309] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.333331] ? trace_hardirqs_on+0x37/0xe0 [ 13.333351] ? kasan_bitops_generic+0x92/0x1c0 [ 13.333377] kasan_bitops_generic+0x116/0x1c0 [ 13.333400] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.333423] ? __pfx_read_tsc+0x10/0x10 [ 13.333443] ? ktime_get_ts64+0x86/0x230 [ 13.333467] kunit_try_run_case+0x1a5/0x480 [ 13.333489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.333510] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.333531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.333553] ? __kthread_parkme+0x82/0x180 [ 13.333572] ? preempt_count_sub+0x50/0x80 [ 13.333595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.333627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.333649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.333671] kthread+0x337/0x6f0 [ 13.333702] ? trace_preempt_on+0x20/0xc0 [ 13.333722] ? __pfx_kthread+0x10/0x10 [ 13.333742] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.333762] ? calculate_sigpending+0x7b/0xa0 [ 13.333785] ? __pfx_kthread+0x10/0x10 [ 13.333806] ret_from_fork+0x116/0x1d0 [ 13.333823] ? __pfx_kthread+0x10/0x10 [ 13.333843] ret_from_fork_asm+0x1a/0x30 [ 13.333872] </TASK> [ 13.333881] [ 13.342852] Allocated by task 287: [ 13.343009] kasan_save_stack+0x45/0x70 [ 13.343149] kasan_save_track+0x18/0x40 [ 13.343547] kasan_save_alloc_info+0x3b/0x50 [ 13.343948] __kasan_kmalloc+0xb7/0xc0 [ 13.344135] __kmalloc_cache_noprof+0x189/0x420 [ 13.344292] kasan_bitops_generic+0x92/0x1c0 [ 13.344430] kunit_try_run_case+0x1a5/0x480 [ 13.344622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.344859] kthread+0x337/0x6f0 [ 13.345254] ret_from_fork+0x116/0x1d0 [ 13.345467] ret_from_fork_asm+0x1a/0x30 [ 13.345697] [ 13.345764] The buggy address belongs to the object at ffff8881028596c0 [ 13.345764] which belongs to the cache kmalloc-16 of size 16 [ 13.346267] The buggy address is located 8 bytes inside of [ 13.346267] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.346765] [ 13.346835] The buggy address belongs to the physical page: [ 13.347027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.347389] flags: 0x200000000000000(node=0|zone=2) [ 13.347610] page_type: f5(slab) [ 13.347765] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.348400] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.349404] page dumped because: kasan: bad access detected [ 13.349777] [ 13.349875] Memory state around the buggy address: [ 13.350245] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.350578] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.351121] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.351721] ^ [ 13.351914] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.352375] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.352848] ================================================================== [ 13.178747] ================================================================== [ 13.179713] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180084] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.180492] [ 13.180593] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.180640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.180658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.180679] Call Trace: [ 13.180690] <TASK> [ 13.180705] dump_stack_lvl+0x73/0xb0 [ 13.180731] print_report+0xd1/0x650 [ 13.180751] ? __virt_addr_valid+0x1db/0x2d0 [ 13.180773] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180797] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.180821] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180845] kasan_report+0x141/0x180 [ 13.180866] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180894] kasan_check_range+0x10c/0x1c0 [ 13.180916] __kasan_check_write+0x18/0x20 [ 13.180937] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180961] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.180985] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.181008] ? trace_hardirqs_on+0x37/0xe0 [ 13.181030] ? kasan_bitops_generic+0x92/0x1c0 [ 13.181054] kasan_bitops_generic+0x116/0x1c0 [ 13.181076] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.181099] ? __pfx_read_tsc+0x10/0x10 [ 13.181119] ? ktime_get_ts64+0x86/0x230 [ 13.181141] kunit_try_run_case+0x1a5/0x480 [ 13.181164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.181214] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.181235] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.181257] ? __kthread_parkme+0x82/0x180 [ 13.181275] ? preempt_count_sub+0x50/0x80 [ 13.181298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.181319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.181341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.181363] kthread+0x337/0x6f0 [ 13.181381] ? trace_preempt_on+0x20/0xc0 [ 13.181402] ? __pfx_kthread+0x10/0x10 [ 13.181495] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.181518] ? calculate_sigpending+0x7b/0xa0 [ 13.181540] ? __pfx_kthread+0x10/0x10 [ 13.181561] ret_from_fork+0x116/0x1d0 [ 13.181580] ? __pfx_kthread+0x10/0x10 [ 13.181599] ret_from_fork_asm+0x1a/0x30 [ 13.181628] </TASK> [ 13.181637] [ 13.189907] Allocated by task 287: [ 13.190036] kasan_save_stack+0x45/0x70 [ 13.190172] kasan_save_track+0x18/0x40 [ 13.190380] kasan_save_alloc_info+0x3b/0x50 [ 13.190767] __kasan_kmalloc+0xb7/0xc0 [ 13.190956] __kmalloc_cache_noprof+0x189/0x420 [ 13.191147] kasan_bitops_generic+0x92/0x1c0 [ 13.191360] kunit_try_run_case+0x1a5/0x480 [ 13.191616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.191842] kthread+0x337/0x6f0 [ 13.191993] ret_from_fork+0x116/0x1d0 [ 13.192143] ret_from_fork_asm+0x1a/0x30 [ 13.192341] [ 13.192499] The buggy address belongs to the object at ffff8881028596c0 [ 13.192499] which belongs to the cache kmalloc-16 of size 16 [ 13.192956] The buggy address is located 8 bytes inside of [ 13.192956] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.193511] [ 13.193596] The buggy address belongs to the physical page: [ 13.193821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.194119] flags: 0x200000000000000(node=0|zone=2) [ 13.194355] page_type: f5(slab) [ 13.194720] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.195014] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.195310] page dumped because: kasan: bad access detected [ 13.195658] [ 13.195750] Memory state around the buggy address: [ 13.195903] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.196181] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.196562] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.196780] ^ [ 13.196947] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.197154] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.197541] ================================================================== [ 13.267747] ================================================================== [ 13.267984] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.268418] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.268722] [ 13.268911] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.268961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.269034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.269069] Call Trace: [ 13.269087] <TASK> [ 13.269101] dump_stack_lvl+0x73/0xb0 [ 13.269128] print_report+0xd1/0x650 [ 13.269156] ? __virt_addr_valid+0x1db/0x2d0 [ 13.269178] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269202] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.269241] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269265] kasan_report+0x141/0x180 [ 13.269286] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269314] kasan_check_range+0x10c/0x1c0 [ 13.269335] __kasan_check_write+0x18/0x20 [ 13.269357] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269381] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.269405] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.269427] ? trace_hardirqs_on+0x37/0xe0 [ 13.269448] ? kasan_bitops_generic+0x92/0x1c0 [ 13.269473] kasan_bitops_generic+0x116/0x1c0 [ 13.269495] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.269601] ? __pfx_read_tsc+0x10/0x10 [ 13.269632] ? ktime_get_ts64+0x86/0x230 [ 13.269656] kunit_try_run_case+0x1a5/0x480 [ 13.269678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.269709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.269731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.269752] ? __kthread_parkme+0x82/0x180 [ 13.269771] ? preempt_count_sub+0x50/0x80 [ 13.269794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.269815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.269837] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.269858] kthread+0x337/0x6f0 [ 13.269877] ? trace_preempt_on+0x20/0xc0 [ 13.269897] ? __pfx_kthread+0x10/0x10 [ 13.269917] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.269936] ? calculate_sigpending+0x7b/0xa0 [ 13.269958] ? __pfx_kthread+0x10/0x10 [ 13.269978] ret_from_fork+0x116/0x1d0 [ 13.269996] ? __pfx_kthread+0x10/0x10 [ 13.270015] ret_from_fork_asm+0x1a/0x30 [ 13.270044] </TASK> [ 13.270054] [ 13.278630] Allocated by task 287: [ 13.278977] kasan_save_stack+0x45/0x70 [ 13.279177] kasan_save_track+0x18/0x40 [ 13.279515] kasan_save_alloc_info+0x3b/0x50 [ 13.279702] __kasan_kmalloc+0xb7/0xc0 [ 13.279893] __kmalloc_cache_noprof+0x189/0x420 [ 13.280087] kasan_bitops_generic+0x92/0x1c0 [ 13.280274] kunit_try_run_case+0x1a5/0x480 [ 13.280495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.280663] kthread+0x337/0x6f0 [ 13.280775] ret_from_fork+0x116/0x1d0 [ 13.280896] ret_from_fork_asm+0x1a/0x30 [ 13.281074] [ 13.281158] The buggy address belongs to the object at ffff8881028596c0 [ 13.281158] which belongs to the cache kmalloc-16 of size 16 [ 13.281682] The buggy address is located 8 bytes inside of [ 13.281682] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.282025] [ 13.282088] The buggy address belongs to the physical page: [ 13.282684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.283076] flags: 0x200000000000000(node=0|zone=2) [ 13.283429] page_type: f5(slab) [ 13.283595] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.284043] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.284484] page dumped because: kasan: bad access detected [ 13.284727] [ 13.284813] Memory state around the buggy address: [ 13.285019] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.285356] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.285820] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.286135] ^ [ 13.286402] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.286678] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.286956] ================================================================== [ 13.239242] ================================================================== [ 13.239973] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.240488] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.241649] [ 13.241734] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.241781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.241794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.241814] Call Trace: [ 13.241828] <TASK> [ 13.241842] dump_stack_lvl+0x73/0xb0 [ 13.241870] print_report+0xd1/0x650 [ 13.241890] ? __virt_addr_valid+0x1db/0x2d0 [ 13.241912] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.241936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.241960] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.241984] kasan_report+0x141/0x180 [ 13.242005] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.242033] kasan_check_range+0x10c/0x1c0 [ 13.242055] __kasan_check_write+0x18/0x20 [ 13.242077] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.242101] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.242126] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.242148] ? trace_hardirqs_on+0x37/0xe0 [ 13.242169] ? kasan_bitops_generic+0x92/0x1c0 [ 13.242195] kasan_bitops_generic+0x116/0x1c0 [ 13.242228] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.242250] ? __pfx_read_tsc+0x10/0x10 [ 13.242270] ? ktime_get_ts64+0x86/0x230 [ 13.242349] kunit_try_run_case+0x1a5/0x480 [ 13.242373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.242440] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.242463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.242483] ? __kthread_parkme+0x82/0x180 [ 13.242514] ? preempt_count_sub+0x50/0x80 [ 13.242536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.242558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.242580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.242602] kthread+0x337/0x6f0 [ 13.242621] ? trace_preempt_on+0x20/0xc0 [ 13.242641] ? __pfx_kthread+0x10/0x10 [ 13.242660] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.242680] ? calculate_sigpending+0x7b/0xa0 [ 13.242702] ? __pfx_kthread+0x10/0x10 [ 13.242722] ret_from_fork+0x116/0x1d0 [ 13.242739] ? __pfx_kthread+0x10/0x10 [ 13.242759] ret_from_fork_asm+0x1a/0x30 [ 13.242787] </TASK> [ 13.242796] [ 13.255810] Allocated by task 287: [ 13.256548] kasan_save_stack+0x45/0x70 [ 13.256766] kasan_save_track+0x18/0x40 [ 13.257045] kasan_save_alloc_info+0x3b/0x50 [ 13.257195] __kasan_kmalloc+0xb7/0xc0 [ 13.257645] __kmalloc_cache_noprof+0x189/0x420 [ 13.257807] kasan_bitops_generic+0x92/0x1c0 [ 13.258078] kunit_try_run_case+0x1a5/0x480 [ 13.258465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.258978] kthread+0x337/0x6f0 [ 13.259126] ret_from_fork+0x116/0x1d0 [ 13.259317] ret_from_fork_asm+0x1a/0x30 [ 13.259841] [ 13.259925] The buggy address belongs to the object at ffff8881028596c0 [ 13.259925] which belongs to the cache kmalloc-16 of size 16 [ 13.260612] The buggy address is located 8 bytes inside of [ 13.260612] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.261407] [ 13.261646] The buggy address belongs to the physical page: [ 13.261976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.262289] flags: 0x200000000000000(node=0|zone=2) [ 13.262823] page_type: f5(slab) [ 13.263106] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.263525] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.264041] page dumped because: kasan: bad access detected [ 13.264563] [ 13.264634] Memory state around the buggy address: [ 13.264784] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.264988] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.265190] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.265448] ^ [ 13.266060] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.266677] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.266921] ================================================================== [ 13.308015] ================================================================== [ 13.308580] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.308936] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.309343] [ 13.309494] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.309539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.309616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.309666] Call Trace: [ 13.309680] <TASK> [ 13.309694] dump_stack_lvl+0x73/0xb0 [ 13.309720] print_report+0xd1/0x650 [ 13.309753] ? __virt_addr_valid+0x1db/0x2d0 [ 13.309774] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.309798] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.309823] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.309847] kasan_report+0x141/0x180 [ 13.309867] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.309896] kasan_check_range+0x10c/0x1c0 [ 13.309918] __kasan_check_write+0x18/0x20 [ 13.309970] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.310006] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.310044] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.310067] ? trace_hardirqs_on+0x37/0xe0 [ 13.310087] ? kasan_bitops_generic+0x92/0x1c0 [ 13.310113] kasan_bitops_generic+0x116/0x1c0 [ 13.310136] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.310160] ? __pfx_read_tsc+0x10/0x10 [ 13.310180] ? ktime_get_ts64+0x86/0x230 [ 13.310213] kunit_try_run_case+0x1a5/0x480 [ 13.310239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.310259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.310310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.310331] ? __kthread_parkme+0x82/0x180 [ 13.310373] ? preempt_count_sub+0x50/0x80 [ 13.310395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.310417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.310510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.310537] kthread+0x337/0x6f0 [ 13.310556] ? trace_preempt_on+0x20/0xc0 [ 13.310578] ? __pfx_kthread+0x10/0x10 [ 13.310598] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.310618] ? calculate_sigpending+0x7b/0xa0 [ 13.310641] ? __pfx_kthread+0x10/0x10 [ 13.310661] ret_from_fork+0x116/0x1d0 [ 13.310679] ? __pfx_kthread+0x10/0x10 [ 13.310699] ret_from_fork_asm+0x1a/0x30 [ 13.310728] </TASK> [ 13.310737] [ 13.319963] Allocated by task 287: [ 13.320158] kasan_save_stack+0x45/0x70 [ 13.320305] kasan_save_track+0x18/0x40 [ 13.320433] kasan_save_alloc_info+0x3b/0x50 [ 13.320573] __kasan_kmalloc+0xb7/0xc0 [ 13.320861] __kmalloc_cache_noprof+0x189/0x420 [ 13.321118] kasan_bitops_generic+0x92/0x1c0 [ 13.321335] kunit_try_run_case+0x1a5/0x480 [ 13.321533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.321742] kthread+0x337/0x6f0 [ 13.321942] ret_from_fork+0x116/0x1d0 [ 13.322426] ret_from_fork_asm+0x1a/0x30 [ 13.322653] [ 13.322805] The buggy address belongs to the object at ffff8881028596c0 [ 13.322805] which belongs to the cache kmalloc-16 of size 16 [ 13.323358] The buggy address is located 8 bytes inside of [ 13.323358] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.323999] [ 13.324074] The buggy address belongs to the physical page: [ 13.324289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.324646] flags: 0x200000000000000(node=0|zone=2) [ 13.325020] page_type: f5(slab) [ 13.325374] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.325716] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.326156] page dumped because: kasan: bad access detected [ 13.326489] [ 13.326619] Memory state around the buggy address: [ 13.326817] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.327121] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.327679] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.328032] ^ [ 13.328215] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.328570] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.328868] ==================================================================