Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-x86_64 |
[ 53.764262] ================================================================== [ 53.771573] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 53.779857] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 53.787345] [ 53.788870] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 53.788899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 53.788908] Hardware name: Thundercomm Dragonboard 845c (DT) [ 53.788918] Call trace: [ 53.788924] show_stack+0x20/0x38 (C) [ 53.788941] dump_stack_lvl+0x8c/0xd0 [ 53.788958] print_report+0x118/0x608 [ 53.788977] kasan_report+0xdc/0x128 [ 53.788995] kasan_check_range+0x100/0x1a8 [ 53.789015] __kasan_check_write+0x20/0x30 [ 53.789032] kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 53.789052] kasan_bitops_generic+0x110/0x1c8 [ 53.789071] kunit_try_run_case+0x170/0x3f0 [ 53.789090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.789110] kthread+0x328/0x630 [ 53.789125] ret_from_fork+0x10/0x20 [ 53.789142] [ 53.863792] Allocated by task 359: [ 53.867250] kasan_save_stack+0x3c/0x68 [ 53.871148] kasan_save_track+0x20/0x40 [ 53.875046] kasan_save_alloc_info+0x40/0x58 [ 53.879384] __kasan_kmalloc+0xd4/0xd8 [ 53.883193] __kmalloc_cache_noprof+0x16c/0x3c0 [ 53.887795] kasan_bitops_generic+0xa0/0x1c8 [ 53.892136] kunit_try_run_case+0x170/0x3f0 [ 53.896389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.901957] kthread+0x328/0x630 [ 53.905243] ret_from_fork+0x10/0x20 [ 53.908877] [ 53.910400] The buggy address belongs to the object at ffff000080b08100 [ 53.910400] which belongs to the cache kmalloc-16 of size 16 [ 53.922877] The buggy address is located 8 bytes inside of [ 53.922877] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 53.935272] [ 53.936795] The buggy address belongs to the physical page: [ 53.942440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 53.950546] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 53.957154] page_type: f5(slab) [ 53.960353] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 53.968189] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 53.976020] page dumped because: kasan: bad access detected [ 53.981667] [ 53.983190] Memory state around the buggy address: [ 53.988047] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 53.995359] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.002671] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.009981] ^ [ 54.013524] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.020837] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.028147] ================================================================== [ 52.415034] ================================================================== [ 52.422365] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 52.430648] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 52.438143] [ 52.439679] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 52.439711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 52.439720] Hardware name: Thundercomm Dragonboard 845c (DT) [ 52.439732] Call trace: [ 52.439739] show_stack+0x20/0x38 (C) [ 52.439758] dump_stack_lvl+0x8c/0xd0 [ 52.439779] print_report+0x118/0x608 [ 52.439800] kasan_report+0xdc/0x128 [ 52.439819] kasan_check_range+0x100/0x1a8 [ 52.439840] __kasan_check_write+0x20/0x30 [ 52.439856] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 52.439877] kasan_bitops_generic+0x110/0x1c8 [ 52.439896] kunit_try_run_case+0x170/0x3f0 [ 52.439914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.439935] kthread+0x328/0x630 [ 52.439949] ret_from_fork+0x10/0x20 [ 52.439966] [ 52.514598] Allocated by task 359: [ 52.518052] kasan_save_stack+0x3c/0x68 [ 52.521959] kasan_save_track+0x20/0x40 [ 52.525864] kasan_save_alloc_info+0x40/0x58 [ 52.530198] __kasan_kmalloc+0xd4/0xd8 [ 52.534014] __kmalloc_cache_noprof+0x16c/0x3c0 [ 52.538613] kasan_bitops_generic+0xa0/0x1c8 [ 52.542948] kunit_try_run_case+0x170/0x3f0 [ 52.547196] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.552758] kthread+0x328/0x630 [ 52.556038] ret_from_fork+0x10/0x20 [ 52.559670] [ 52.561194] The buggy address belongs to the object at ffff000080b08100 [ 52.561194] which belongs to the cache kmalloc-16 of size 16 [ 52.573670] The buggy address is located 8 bytes inside of [ 52.573670] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 52.586062] [ 52.587592] The buggy address belongs to the physical page: [ 52.593236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 52.601335] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 52.607945] page_type: f5(slab) [ 52.611145] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 52.618985] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 52.626819] page dumped because: kasan: bad access detected [ 52.632458] [ 52.633980] Memory state around the buggy address: [ 52.638843] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 52.646157] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 52.653472] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.660784] ^ [ 52.664325] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.671638] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.678943] ================================================================== [ 52.686360] ================================================================== [ 52.693678] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 52.701957] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 52.709362] [ 52.710890] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 52.710920] Tainted: [B]=BAD_PAGE, [N]=TEST [ 52.710929] Hardware name: Thundercomm Dragonboard 845c (DT) [ 52.710939] Call trace: [ 52.710945] show_stack+0x20/0x38 (C) [ 52.710962] dump_stack_lvl+0x8c/0xd0 [ 52.710980] print_report+0x118/0x608 [ 52.710999] kasan_report+0xdc/0x128 [ 52.711017] __asan_report_load8_noabort+0x20/0x30 [ 52.711034] kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 52.711055] kasan_bitops_generic+0x110/0x1c8 [ 52.711073] kunit_try_run_case+0x170/0x3f0 [ 52.711090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.711111] kthread+0x328/0x630 [ 52.711125] ret_from_fork+0x10/0x20 [ 52.711141] [ 52.782337] Allocated by task 359: [ 52.785791] kasan_save_stack+0x3c/0x68 [ 52.789697] kasan_save_track+0x20/0x40 [ 52.793602] kasan_save_alloc_info+0x40/0x58 [ 52.797935] __kasan_kmalloc+0xd4/0xd8 [ 52.801750] __kmalloc_cache_noprof+0x16c/0x3c0 [ 52.806347] kasan_bitops_generic+0xa0/0x1c8 [ 52.810684] kunit_try_run_case+0x170/0x3f0 [ 52.814933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.820492] kthread+0x328/0x630 [ 52.823775] ret_from_fork+0x10/0x20 [ 52.827406] [ 52.828928] The buggy address belongs to the object at ffff000080b08100 [ 52.828928] which belongs to the cache kmalloc-16 of size 16 [ 52.841407] The buggy address is located 8 bytes inside of [ 52.841407] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 52.853799] [ 52.855331] The buggy address belongs to the physical page: [ 52.860970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 52.869067] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 52.875675] page_type: f5(slab) [ 52.878874] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 52.886714] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 52.894545] page dumped because: kasan: bad access detected [ 52.900183] [ 52.901706] Memory state around the buggy address: [ 52.906557] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 52.913871] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 52.921184] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.928496] ^ [ 52.932044] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.939360] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.946665] ================================================================== [ 51.870733] ================================================================== [ 51.881940] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 51.890224] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 51.897725] [ 51.899263] CPU: 3 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 51.899293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.899305] Hardware name: Thundercomm Dragonboard 845c (DT) [ 51.899317] Call trace: [ 51.899324] show_stack+0x20/0x38 (C) [ 51.899343] dump_stack_lvl+0x8c/0xd0 [ 51.899364] print_report+0x118/0x608 [ 51.899385] kasan_report+0xdc/0x128 [ 51.899406] kasan_check_range+0x100/0x1a8 [ 51.899427] __kasan_check_write+0x20/0x30 [ 51.899444] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 51.899465] kasan_bitops_generic+0x110/0x1c8 [ 51.899485] kunit_try_run_case+0x170/0x3f0 [ 51.899505] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 51.899529] kthread+0x328/0x630 [ 51.899546] ret_from_fork+0x10/0x20 [ 51.899565] [ 51.974250] Allocated by task 359: [ 51.977716] kasan_save_stack+0x3c/0x68 [ 51.981625] kasan_save_track+0x20/0x40 [ 51.985531] kasan_save_alloc_info+0x40/0x58 [ 51.989878] __kasan_kmalloc+0xd4/0xd8 [ 51.993696] __kmalloc_cache_noprof+0x16c/0x3c0 [ 51.998306] kasan_bitops_generic+0xa0/0x1c8 [ 52.002654] kunit_try_run_case+0x170/0x3f0 [ 52.006915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.012485] kthread+0x328/0x630 [ 52.015773] ret_from_fork+0x10/0x20 [ 52.019417] [ 52.020948] The buggy address belongs to the object at ffff000080b08100 [ 52.020948] which belongs to the cache kmalloc-16 of size 16 [ 52.033439] The buggy address is located 8 bytes inside of [ 52.033439] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 52.045844] [ 52.047377] The buggy address belongs to the physical page: [ 52.053022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 52.061126] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 52.067742] page_type: f5(slab) [ 52.070944] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 52.078792] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 52.086634] page dumped because: kasan: bad access detected [ 52.092281] [ 52.093812] Memory state around the buggy address: [ 52.098672] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 52.105986] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 52.113303] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.120616] ^ [ 52.124169] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.131487] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.138801] ================================================================== [ 52.146197] ================================================================== [ 52.153518] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 52.161812] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 52.169225] [ 52.170760] CPU: 3 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 52.170792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 52.170802] Hardware name: Thundercomm Dragonboard 845c (DT) [ 52.170815] Call trace: [ 52.170823] show_stack+0x20/0x38 (C) [ 52.170841] dump_stack_lvl+0x8c/0xd0 [ 52.170862] print_report+0x118/0x608 [ 52.170882] kasan_report+0xdc/0x128 [ 52.170901] __asan_report_load8_noabort+0x20/0x30 [ 52.170922] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 52.170943] kasan_bitops_generic+0x110/0x1c8 [ 52.170963] kunit_try_run_case+0x170/0x3f0 [ 52.170982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.171005] kthread+0x328/0x630 [ 52.171021] ret_from_fork+0x10/0x20 [ 52.171039] [ 52.242280] Allocated by task 359: [ 52.245742] kasan_save_stack+0x3c/0x68 [ 52.249657] kasan_save_track+0x20/0x40 [ 52.253568] kasan_save_alloc_info+0x40/0x58 [ 52.257910] __kasan_kmalloc+0xd4/0xd8 [ 52.261733] __kmalloc_cache_noprof+0x16c/0x3c0 [ 52.266335] kasan_bitops_generic+0xa0/0x1c8 [ 52.270676] kunit_try_run_case+0x170/0x3f0 [ 52.274933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.280503] kthread+0x328/0x630 [ 52.283797] ret_from_fork+0x10/0x20 [ 52.287438] [ 52.288967] The buggy address belongs to the object at ffff000080b08100 [ 52.288967] which belongs to the cache kmalloc-16 of size 16 [ 52.301459] The buggy address is located 8 bytes inside of [ 52.301459] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 52.313858] [ 52.315389] The buggy address belongs to the physical page: [ 52.321036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 52.329152] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 52.335776] page_type: f5(slab) [ 52.338973] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 52.346821] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 52.354663] page dumped because: kasan: bad access detected [ 52.360317] [ 52.361847] Memory state around the buggy address: [ 52.366709] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 52.374027] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 52.381343] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.388656] ^ [ 52.392205] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.399523] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.406836] ================================================================== [ 52.954032] ================================================================== [ 52.961346] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 52.969624] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 52.977111] [ 52.978647] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 52.978676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 52.978685] Hardware name: Thundercomm Dragonboard 845c (DT) [ 52.978696] Call trace: [ 52.978702] show_stack+0x20/0x38 (C) [ 52.978720] dump_stack_lvl+0x8c/0xd0 [ 52.978737] print_report+0x118/0x608 [ 52.978756] kasan_report+0xdc/0x128 [ 52.978774] kasan_check_range+0x100/0x1a8 [ 52.978793] __kasan_check_write+0x20/0x30 [ 52.978810] kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 52.978830] kasan_bitops_generic+0x110/0x1c8 [ 52.978849] kunit_try_run_case+0x170/0x3f0 [ 52.978866] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.978887] kthread+0x328/0x630 [ 52.978901] ret_from_fork+0x10/0x20 [ 52.978918] [ 53.053565] Allocated by task 359: [ 53.057022] kasan_save_stack+0x3c/0x68 [ 53.060922] kasan_save_track+0x20/0x40 [ 53.064820] kasan_save_alloc_info+0x40/0x58 [ 53.069159] __kasan_kmalloc+0xd4/0xd8 [ 53.072968] __kmalloc_cache_noprof+0x16c/0x3c0 [ 53.077570] kasan_bitops_generic+0xa0/0x1c8 [ 53.081910] kunit_try_run_case+0x170/0x3f0 [ 53.086162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.091733] kthread+0x328/0x630 [ 53.095019] ret_from_fork+0x10/0x20 [ 53.098655] [ 53.100179] The buggy address belongs to the object at ffff000080b08100 [ 53.100179] which belongs to the cache kmalloc-16 of size 16 [ 53.112657] The buggy address is located 8 bytes inside of [ 53.112657] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 53.125052] [ 53.126575] The buggy address belongs to the physical page: [ 53.132222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 53.140329] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 53.146937] page_type: f5(slab) [ 53.150136] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 53.157973] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 53.165805] page dumped because: kasan: bad access detected [ 53.171453] [ 53.172986] Memory state around the buggy address: [ 53.177841] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 53.185155] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 53.192467] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.199776] ^ [ 53.203319] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.210630] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.217940] ================================================================== [ 54.306819] ================================================================== [ 54.314129] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 54.322414] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 54.329815] [ 54.331341] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 54.331369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.331377] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.331388] Call trace: [ 54.331393] show_stack+0x20/0x38 (C) [ 54.331410] dump_stack_lvl+0x8c/0xd0 [ 54.331428] print_report+0x118/0x608 [ 54.331446] kasan_report+0xdc/0x128 [ 54.331465] __asan_report_load8_noabort+0x20/0x30 [ 54.331482] kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 54.331500] kasan_bitops_generic+0x110/0x1c8 [ 54.331518] kunit_try_run_case+0x170/0x3f0 [ 54.331535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.331555] kthread+0x328/0x630 [ 54.331569] ret_from_fork+0x10/0x20 [ 54.331585] [ 54.402780] Allocated by task 359: [ 54.406236] kasan_save_stack+0x3c/0x68 [ 54.410135] kasan_save_track+0x20/0x40 [ 54.414034] kasan_save_alloc_info+0x40/0x58 [ 54.418374] __kasan_kmalloc+0xd4/0xd8 [ 54.422184] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.426785] kasan_bitops_generic+0xa0/0x1c8 [ 54.431126] kunit_try_run_case+0x170/0x3f0 [ 54.435379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.440947] kthread+0x328/0x630 [ 54.444233] ret_from_fork+0x10/0x20 [ 54.447869] [ 54.449392] The buggy address belongs to the object at ffff000080b08100 [ 54.449392] which belongs to the cache kmalloc-16 of size 16 [ 54.461869] The buggy address is located 8 bytes inside of [ 54.461869] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 54.474262] [ 54.475785] The buggy address belongs to the physical page: [ 54.481430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 54.489535] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.496142] page_type: f5(slab) [ 54.499341] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.507177] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.515008] page dumped because: kasan: bad access detected [ 54.520653] [ 54.522175] Memory state around the buggy address: [ 54.527031] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 54.534343] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.541654] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.548964] ^ [ 54.552508] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.559820] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.567129] ================================================================== [ 54.035551] ================================================================== [ 54.042865] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 54.051151] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 54.058640] [ 54.060166] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 54.060195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.060205] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.060216] Call trace: [ 54.060223] show_stack+0x20/0x38 (C) [ 54.060239] dump_stack_lvl+0x8c/0xd0 [ 54.060257] print_report+0x118/0x608 [ 54.060276] kasan_report+0xdc/0x128 [ 54.060295] kasan_check_range+0x100/0x1a8 [ 54.060315] __kasan_check_write+0x20/0x30 [ 54.060332] kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 54.060351] kasan_bitops_generic+0x110/0x1c8 [ 54.060369] kunit_try_run_case+0x170/0x3f0 [ 54.060388] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.060410] kthread+0x328/0x630 [ 54.060424] ret_from_fork+0x10/0x20 [ 54.060441] [ 54.135089] Allocated by task 359: [ 54.138545] kasan_save_stack+0x3c/0x68 [ 54.142444] kasan_save_track+0x20/0x40 [ 54.146342] kasan_save_alloc_info+0x40/0x58 [ 54.150680] __kasan_kmalloc+0xd4/0xd8 [ 54.154490] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.159091] kasan_bitops_generic+0xa0/0x1c8 [ 54.163433] kunit_try_run_case+0x170/0x3f0 [ 54.167687] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.173255] kthread+0x328/0x630 [ 54.176541] ret_from_fork+0x10/0x20 [ 54.180176] [ 54.181698] The buggy address belongs to the object at ffff000080b08100 [ 54.181698] which belongs to the cache kmalloc-16 of size 16 [ 54.194177] The buggy address is located 8 bytes inside of [ 54.194177] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 54.206572] [ 54.208096] The buggy address belongs to the physical page: [ 54.213741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 54.221846] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.228453] page_type: f5(slab) [ 54.231651] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.239488] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.247320] page dumped because: kasan: bad access detected [ 54.252965] [ 54.254487] Memory state around the buggy address: [ 54.259341] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 54.266654] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.273966] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.281276] ^ [ 54.284818] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.292129] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.299438] ================================================================== [ 53.225326] ================================================================== [ 53.232638] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 53.240924] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 53.248413] [ 53.249940] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 53.249971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 53.249980] Hardware name: Thundercomm Dragonboard 845c (DT) [ 53.249989] Call trace: [ 53.249995] show_stack+0x20/0x38 (C) [ 53.250013] dump_stack_lvl+0x8c/0xd0 [ 53.250032] print_report+0x118/0x608 [ 53.250051] kasan_report+0xdc/0x128 [ 53.250070] kasan_check_range+0x100/0x1a8 [ 53.250090] __kasan_check_write+0x20/0x30 [ 53.250106] kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 53.250125] kasan_bitops_generic+0x110/0x1c8 [ 53.250143] kunit_try_run_case+0x170/0x3f0 [ 53.250160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.250182] kthread+0x328/0x630 [ 53.250195] ret_from_fork+0x10/0x20 [ 53.250212] [ 53.324862] Allocated by task 359: [ 53.328318] kasan_save_stack+0x3c/0x68 [ 53.332218] kasan_save_track+0x20/0x40 [ 53.336115] kasan_save_alloc_info+0x40/0x58 [ 53.340452] __kasan_kmalloc+0xd4/0xd8 [ 53.344262] __kmalloc_cache_noprof+0x16c/0x3c0 [ 53.348863] kasan_bitops_generic+0xa0/0x1c8 [ 53.353204] kunit_try_run_case+0x170/0x3f0 [ 53.357458] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.363026] kthread+0x328/0x630 [ 53.366313] ret_from_fork+0x10/0x20 [ 53.369947] [ 53.371470] The buggy address belongs to the object at ffff000080b08100 [ 53.371470] which belongs to the cache kmalloc-16 of size 16 [ 53.383948] The buggy address is located 8 bytes inside of [ 53.383948] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 53.396336] [ 53.397858] The buggy address belongs to the physical page: [ 53.403504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 53.411610] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 53.418220] page_type: f5(slab) [ 53.421418] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 53.429254] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 53.437087] page dumped because: kasan: bad access detected [ 53.442733] [ 53.444256] Memory state around the buggy address: [ 53.449111] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 53.456422] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 53.463736] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.471045] ^ [ 53.474589] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.481902] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.489213] ================================================================== [ 53.496579] ================================================================== [ 53.503889] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 53.512175] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 53.519576] [ 53.521102] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 53.521131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 53.521140] Hardware name: Thundercomm Dragonboard 845c (DT) [ 53.521150] Call trace: [ 53.521156] show_stack+0x20/0x38 (C) [ 53.521174] dump_stack_lvl+0x8c/0xd0 [ 53.521192] print_report+0x118/0x608 [ 53.521212] kasan_report+0xdc/0x128 [ 53.521230] __asan_report_load8_noabort+0x20/0x30 [ 53.521248] kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 53.521267] kasan_bitops_generic+0x110/0x1c8 [ 53.521286] kunit_try_run_case+0x170/0x3f0 [ 53.521303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.521326] kthread+0x328/0x630 [ 53.521339] ret_from_fork+0x10/0x20 [ 53.521356] [ 53.592551] Allocated by task 359: [ 53.596006] kasan_save_stack+0x3c/0x68 [ 53.599905] kasan_save_track+0x20/0x40 [ 53.603801] kasan_save_alloc_info+0x40/0x58 [ 53.608139] __kasan_kmalloc+0xd4/0xd8 [ 53.611948] __kmalloc_cache_noprof+0x16c/0x3c0 [ 53.616549] kasan_bitops_generic+0xa0/0x1c8 [ 53.620890] kunit_try_run_case+0x170/0x3f0 [ 53.625142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.630710] kthread+0x328/0x630 [ 53.633995] ret_from_fork+0x10/0x20 [ 53.637629] [ 53.639151] The buggy address belongs to the object at ffff000080b08100 [ 53.639151] which belongs to the cache kmalloc-16 of size 16 [ 53.651627] The buggy address is located 8 bytes inside of [ 53.651627] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 53.664020] [ 53.665544] The buggy address belongs to the physical page: [ 53.671189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 53.679296] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 53.685903] page_type: f5(slab) [ 53.689101] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 53.696939] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 53.704771] page dumped because: kasan: bad access detected [ 53.710416] [ 53.711939] Memory state around the buggy address: [ 53.716793] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 53.724104] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 53.731415] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.738725] ^ [ 53.742268] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.749579] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.756888] ==================================================================
[ 31.904290] ================================================================== [ 31.905592] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.906534] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.907020] [ 31.907412] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.907534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.907582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.907683] Call Trace: [ 31.907728] <TASK> [ 31.907771] dump_stack_lvl+0x73/0xb0 [ 31.907896] print_report+0xd1/0x650 [ 31.907971] ? __virt_addr_valid+0x1db/0x2d0 [ 31.908036] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908253] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.908325] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908397] kasan_report+0x141/0x180 [ 31.908457] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908499] kasan_check_range+0x10c/0x1c0 [ 31.908532] __kasan_check_write+0x18/0x20 [ 31.908585] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908619] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.908681] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.908714] ? trace_hardirqs_on+0x37/0xe0 [ 31.908746] ? kasan_bitops_generic+0x92/0x1c0 [ 31.908781] kasan_bitops_generic+0x116/0x1c0 [ 31.908812] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.908845] ? __pfx_read_tsc+0x10/0x10 [ 31.908875] ? ktime_get_ts64+0x86/0x230 [ 31.908907] kunit_try_run_case+0x1a5/0x480 [ 31.908939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.908969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.909002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.909034] ? __kthread_parkme+0x82/0x180 [ 31.909089] ? preempt_count_sub+0x50/0x80 [ 31.909151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.909200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.909247] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.909295] kthread+0x337/0x6f0 [ 31.909333] ? trace_preempt_on+0x20/0xc0 [ 31.909378] ? __pfx_kthread+0x10/0x10 [ 31.909417] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.909465] ? calculate_sigpending+0x7b/0xa0 [ 31.909511] ? __pfx_kthread+0x10/0x10 [ 31.909573] ret_from_fork+0x116/0x1d0 [ 31.909617] ? __pfx_kthread+0x10/0x10 [ 31.909670] ret_from_fork_asm+0x1a/0x30 [ 31.909714] </TASK> [ 31.909729] [ 31.929789] Allocated by task 291: [ 31.930578] kasan_save_stack+0x45/0x70 [ 31.931197] kasan_save_track+0x18/0x40 [ 31.931674] kasan_save_alloc_info+0x3b/0x50 [ 31.932220] __kasan_kmalloc+0xb7/0xc0 [ 31.932485] __kmalloc_cache_noprof+0x189/0x420 [ 31.932823] kasan_bitops_generic+0x92/0x1c0 [ 31.933323] kunit_try_run_case+0x1a5/0x480 [ 31.933851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.934783] kthread+0x337/0x6f0 [ 31.935325] ret_from_fork+0x116/0x1d0 [ 31.935772] ret_from_fork_asm+0x1a/0x30 [ 31.936346] [ 31.936594] The buggy address belongs to the object at ffff8881010ffca0 [ 31.936594] which belongs to the cache kmalloc-16 of size 16 [ 31.937768] The buggy address is located 8 bytes inside of [ 31.937768] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.939245] [ 31.939455] The buggy address belongs to the physical page: [ 31.939976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.940757] flags: 0x200000000000000(node=0|zone=2) [ 31.941376] page_type: f5(slab) [ 31.941771] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.942702] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.943425] page dumped because: kasan: bad access detected [ 31.943857] [ 31.944198] Memory state around the buggy address: [ 31.944722] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.945498] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.946155] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.946832] ^ [ 31.947328] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.948086] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.948669] ================================================================== [ 31.815726] ================================================================== [ 31.816393] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.818007] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.818461] [ 31.818879] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.818999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.819033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.819081] Call Trace: [ 31.819234] <TASK> [ 31.819286] dump_stack_lvl+0x73/0xb0 [ 31.819372] print_report+0xd1/0x650 [ 31.819415] ? __virt_addr_valid+0x1db/0x2d0 [ 31.819453] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819487] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.819522] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819578] kasan_report+0x141/0x180 [ 31.819608] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819661] kasan_check_range+0x10c/0x1c0 [ 31.819695] __kasan_check_write+0x18/0x20 [ 31.819725] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819758] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.819793] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.819836] ? trace_hardirqs_on+0x37/0xe0 [ 31.819868] ? kasan_bitops_generic+0x92/0x1c0 [ 31.819903] kasan_bitops_generic+0x116/0x1c0 [ 31.819935] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.819966] ? __pfx_read_tsc+0x10/0x10 [ 31.819997] ? ktime_get_ts64+0x86/0x230 [ 31.820030] kunit_try_run_case+0x1a5/0x480 [ 31.820080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.820132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.820190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.820237] ? __kthread_parkme+0x82/0x180 [ 31.820268] ? preempt_count_sub+0x50/0x80 [ 31.820300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.820333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.820366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.820398] kthread+0x337/0x6f0 [ 31.820425] ? trace_preempt_on+0x20/0xc0 [ 31.820454] ? __pfx_kthread+0x10/0x10 [ 31.820481] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.820512] ? calculate_sigpending+0x7b/0xa0 [ 31.820564] ? __pfx_kthread+0x10/0x10 [ 31.820594] ret_from_fork+0x116/0x1d0 [ 31.820621] ? __pfx_kthread+0x10/0x10 [ 31.820683] ret_from_fork_asm+0x1a/0x30 [ 31.820727] </TASK> [ 31.820744] [ 31.840095] Allocated by task 291: [ 31.840490] kasan_save_stack+0x45/0x70 [ 31.840813] kasan_save_track+0x18/0x40 [ 31.841066] kasan_save_alloc_info+0x3b/0x50 [ 31.841486] __kasan_kmalloc+0xb7/0xc0 [ 31.842487] __kmalloc_cache_noprof+0x189/0x420 [ 31.843019] kasan_bitops_generic+0x92/0x1c0 [ 31.843571] kunit_try_run_case+0x1a5/0x480 [ 31.844190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.844576] kthread+0x337/0x6f0 [ 31.844993] ret_from_fork+0x116/0x1d0 [ 31.845435] ret_from_fork_asm+0x1a/0x30 [ 31.845972] [ 31.846484] The buggy address belongs to the object at ffff8881010ffca0 [ 31.846484] which belongs to the cache kmalloc-16 of size 16 [ 31.848293] The buggy address is located 8 bytes inside of [ 31.848293] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.849633] [ 31.849949] The buggy address belongs to the physical page: [ 31.850197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.851370] flags: 0x200000000000000(node=0|zone=2) [ 31.852096] page_type: f5(slab) [ 31.852361] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.853505] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.854474] page dumped because: kasan: bad access detected [ 31.855000] [ 31.855141] Memory state around the buggy address: [ 31.856025] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.856662] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.857516] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.858237] ^ [ 31.858989] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.859724] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.860431] ================================================================== [ 32.117234] ================================================================== [ 32.118046] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.119038] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.119693] [ 32.119999] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.120112] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.120143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.120194] Call Trace: [ 32.120227] <TASK> [ 32.120266] dump_stack_lvl+0x73/0xb0 [ 32.120342] print_report+0xd1/0x650 [ 32.120826] ? __virt_addr_valid+0x1db/0x2d0 [ 32.120916] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.120956] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.120993] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.121027] kasan_report+0x141/0x180 [ 32.121064] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.121164] kasan_check_range+0x10c/0x1c0 [ 32.121223] __kasan_check_write+0x18/0x20 [ 32.121259] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.121295] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 32.121330] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.121364] ? trace_hardirqs_on+0x37/0xe0 [ 32.121397] ? kasan_bitops_generic+0x92/0x1c0 [ 32.121431] kasan_bitops_generic+0x116/0x1c0 [ 32.121462] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.121495] ? __pfx_read_tsc+0x10/0x10 [ 32.121523] ? ktime_get_ts64+0x86/0x230 [ 32.121579] kunit_try_run_case+0x1a5/0x480 [ 32.121616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.121681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.121716] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.121749] ? __kthread_parkme+0x82/0x180 [ 32.121777] ? preempt_count_sub+0x50/0x80 [ 32.121808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.121839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.121870] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.121901] kthread+0x337/0x6f0 [ 32.121928] ? trace_preempt_on+0x20/0xc0 [ 32.121958] ? __pfx_kthread+0x10/0x10 [ 32.121985] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.122014] ? calculate_sigpending+0x7b/0xa0 [ 32.122045] ? __pfx_kthread+0x10/0x10 [ 32.122091] ret_from_fork+0x116/0x1d0 [ 32.122136] ? __pfx_kthread+0x10/0x10 [ 32.122178] ret_from_fork_asm+0x1a/0x30 [ 32.122220] </TASK> [ 32.122235] [ 32.141358] Allocated by task 291: [ 32.141824] kasan_save_stack+0x45/0x70 [ 32.142313] kasan_save_track+0x18/0x40 [ 32.142796] kasan_save_alloc_info+0x3b/0x50 [ 32.143321] __kasan_kmalloc+0xb7/0xc0 [ 32.143767] __kmalloc_cache_noprof+0x189/0x420 [ 32.144727] kasan_bitops_generic+0x92/0x1c0 [ 32.145189] kunit_try_run_case+0x1a5/0x480 [ 32.145530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.146416] kthread+0x337/0x6f0 [ 32.146822] ret_from_fork+0x116/0x1d0 [ 32.147300] ret_from_fork_asm+0x1a/0x30 [ 32.147808] [ 32.147990] The buggy address belongs to the object at ffff8881010ffca0 [ 32.147990] which belongs to the cache kmalloc-16 of size 16 [ 32.149491] The buggy address is located 8 bytes inside of [ 32.149491] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.150483] [ 32.150754] The buggy address belongs to the physical page: [ 32.151291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.151963] flags: 0x200000000000000(node=0|zone=2) [ 32.152782] page_type: f5(slab) [ 32.153305] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.153892] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.154453] page dumped because: kasan: bad access detected [ 32.154881] [ 32.155047] Memory state around the buggy address: [ 32.155401] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.156584] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.157334] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.158123] ^ [ 32.158861] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.159528] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.160298] ================================================================== [ 32.036411] ================================================================== [ 32.036935] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.037416] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.038009] [ 32.038263] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.038376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.038406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.038451] Call Trace: [ 32.038487] <TASK> [ 32.038551] dump_stack_lvl+0x73/0xb0 [ 32.038624] print_report+0xd1/0x650 [ 32.038683] ? __virt_addr_valid+0x1db/0x2d0 [ 32.038744] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.038805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.038866] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.038927] kasan_report+0x141/0x180 [ 32.038989] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.039069] kasan_check_range+0x10c/0x1c0 [ 32.039135] __kasan_check_write+0x18/0x20 [ 32.039200] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.039271] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 32.039342] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.039409] ? trace_hardirqs_on+0x37/0xe0 [ 32.039473] ? kasan_bitops_generic+0x92/0x1c0 [ 32.039584] kasan_bitops_generic+0x116/0x1c0 [ 32.039652] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.039710] ? __pfx_read_tsc+0x10/0x10 [ 32.039761] ? ktime_get_ts64+0x86/0x230 [ 32.039817] kunit_try_run_case+0x1a5/0x480 [ 32.039885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.039937] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.039996] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.040029] ? __kthread_parkme+0x82/0x180 [ 32.040063] ? preempt_count_sub+0x50/0x80 [ 32.040134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.040184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.040219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.040251] kthread+0x337/0x6f0 [ 32.040279] ? trace_preempt_on+0x20/0xc0 [ 32.040310] ? __pfx_kthread+0x10/0x10 [ 32.040337] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.040367] ? calculate_sigpending+0x7b/0xa0 [ 32.040400] ? __pfx_kthread+0x10/0x10 [ 32.040428] ret_from_fork+0x116/0x1d0 [ 32.040453] ? __pfx_kthread+0x10/0x10 [ 32.040480] ret_from_fork_asm+0x1a/0x30 [ 32.040520] </TASK> [ 32.040534] [ 32.055457] Allocated by task 291: [ 32.055888] kasan_save_stack+0x45/0x70 [ 32.056323] kasan_save_track+0x18/0x40 [ 32.056711] kasan_save_alloc_info+0x3b/0x50 [ 32.057021] __kasan_kmalloc+0xb7/0xc0 [ 32.057404] __kmalloc_cache_noprof+0x189/0x420 [ 32.058008] kasan_bitops_generic+0x92/0x1c0 [ 32.058285] kunit_try_run_case+0x1a5/0x480 [ 32.058560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.059060] kthread+0x337/0x6f0 [ 32.059463] ret_from_fork+0x116/0x1d0 [ 32.059905] ret_from_fork_asm+0x1a/0x30 [ 32.060266] [ 32.060455] The buggy address belongs to the object at ffff8881010ffca0 [ 32.060455] which belongs to the cache kmalloc-16 of size 16 [ 32.061220] The buggy address is located 8 bytes inside of [ 32.061220] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.061904] [ 32.062113] The buggy address belongs to the physical page: [ 32.062652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.063331] flags: 0x200000000000000(node=0|zone=2) [ 32.063919] page_type: f5(slab) [ 32.064141] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.064497] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.065165] page dumped because: kasan: bad access detected [ 32.066661] [ 32.066863] Memory state around the buggy address: [ 32.067420] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.068087] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.068629] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.068973] ^ [ 32.069253] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.070614] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.071351] ================================================================== [ 31.861898] ================================================================== [ 31.863117] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.863656] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.864734] [ 31.865562] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.865639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.865663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.865690] Call Trace: [ 31.865708] <TASK> [ 31.865732] dump_stack_lvl+0x73/0xb0 [ 31.865779] print_report+0xd1/0x650 [ 31.865812] ? __virt_addr_valid+0x1db/0x2d0 [ 31.865845] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.865878] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.865912] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.865946] kasan_report+0x141/0x180 [ 31.865974] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.866012] kasan_check_range+0x10c/0x1c0 [ 31.866041] __kasan_check_write+0x18/0x20 [ 31.866092] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.866148] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.866197] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.866246] ? trace_hardirqs_on+0x37/0xe0 [ 31.866294] ? kasan_bitops_generic+0x92/0x1c0 [ 31.866350] kasan_bitops_generic+0x116/0x1c0 [ 31.866401] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.866685] ? __pfx_read_tsc+0x10/0x10 [ 31.866779] ? ktime_get_ts64+0x86/0x230 [ 31.866841] kunit_try_run_case+0x1a5/0x480 [ 31.866883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.866915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.866949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.866993] ? __kthread_parkme+0x82/0x180 [ 31.867036] ? preempt_count_sub+0x50/0x80 [ 31.867103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.867137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.867170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.867202] kthread+0x337/0x6f0 [ 31.867228] ? trace_preempt_on+0x20/0xc0 [ 31.867259] ? __pfx_kthread+0x10/0x10 [ 31.867286] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.867316] ? calculate_sigpending+0x7b/0xa0 [ 31.867347] ? __pfx_kthread+0x10/0x10 [ 31.867375] ret_from_fork+0x116/0x1d0 [ 31.867401] ? __pfx_kthread+0x10/0x10 [ 31.867429] ret_from_fork_asm+0x1a/0x30 [ 31.867468] </TASK> [ 31.867482] [ 31.885040] Allocated by task 291: [ 31.885614] kasan_save_stack+0x45/0x70 [ 31.886255] kasan_save_track+0x18/0x40 [ 31.886607] kasan_save_alloc_info+0x3b/0x50 [ 31.886915] __kasan_kmalloc+0xb7/0xc0 [ 31.887673] __kmalloc_cache_noprof+0x189/0x420 [ 31.888294] kasan_bitops_generic+0x92/0x1c0 [ 31.888800] kunit_try_run_case+0x1a5/0x480 [ 31.889232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.889899] kthread+0x337/0x6f0 [ 31.890414] ret_from_fork+0x116/0x1d0 [ 31.891056] ret_from_fork_asm+0x1a/0x30 [ 31.891622] [ 31.891839] The buggy address belongs to the object at ffff8881010ffca0 [ 31.891839] which belongs to the cache kmalloc-16 of size 16 [ 31.893063] The buggy address is located 8 bytes inside of [ 31.893063] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.895006] [ 31.895272] The buggy address belongs to the physical page: [ 31.896151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.896905] flags: 0x200000000000000(node=0|zone=2) [ 31.897373] page_type: f5(slab) [ 31.897824] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.898393] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.899021] page dumped because: kasan: bad access detected [ 31.899288] [ 31.899491] Memory state around the buggy address: [ 31.899977] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.900450] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.901462] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.901758] ^ [ 31.901912] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.902313] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.902987] ================================================================== [ 31.949767] ================================================================== [ 31.950692] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.951294] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.952267] [ 31.952456] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.952589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.952655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.952735] Call Trace: [ 31.952777] <TASK> [ 31.952815] dump_stack_lvl+0x73/0xb0 [ 31.952920] print_report+0xd1/0x650 [ 31.952983] ? __virt_addr_valid+0x1db/0x2d0 [ 31.953261] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953357] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.953432] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953504] kasan_report+0x141/0x180 [ 31.953577] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953680] kasan_check_range+0x10c/0x1c0 [ 31.953750] __kasan_check_write+0x18/0x20 [ 31.953793] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953828] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.953864] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.953897] ? trace_hardirqs_on+0x37/0xe0 [ 31.953928] ? kasan_bitops_generic+0x92/0x1c0 [ 31.953963] kasan_bitops_generic+0x116/0x1c0 [ 31.953993] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.954025] ? __pfx_read_tsc+0x10/0x10 [ 31.954097] ? ktime_get_ts64+0x86/0x230 [ 31.954154] kunit_try_run_case+0x1a5/0x480 [ 31.954210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.954306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.954365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.954412] ? __kthread_parkme+0x82/0x180 [ 31.954442] ? preempt_count_sub+0x50/0x80 [ 31.954475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.954508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.954564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.954598] kthread+0x337/0x6f0 [ 31.954625] ? trace_preempt_on+0x20/0xc0 [ 31.954678] ? __pfx_kthread+0x10/0x10 [ 31.954706] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.954737] ? calculate_sigpending+0x7b/0xa0 [ 31.954769] ? __pfx_kthread+0x10/0x10 [ 31.954797] ret_from_fork+0x116/0x1d0 [ 31.954823] ? __pfx_kthread+0x10/0x10 [ 31.954852] ret_from_fork_asm+0x1a/0x30 [ 31.954892] </TASK> [ 31.954906] [ 31.973311] Allocated by task 291: [ 31.973705] kasan_save_stack+0x45/0x70 [ 31.974393] kasan_save_track+0x18/0x40 [ 31.974830] kasan_save_alloc_info+0x3b/0x50 [ 31.975491] __kasan_kmalloc+0xb7/0xc0 [ 31.975951] __kmalloc_cache_noprof+0x189/0x420 [ 31.976328] kasan_bitops_generic+0x92/0x1c0 [ 31.976791] kunit_try_run_case+0x1a5/0x480 [ 31.977497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.978327] kthread+0x337/0x6f0 [ 31.978585] ret_from_fork+0x116/0x1d0 [ 31.978978] ret_from_fork_asm+0x1a/0x30 [ 31.979557] [ 31.979759] The buggy address belongs to the object at ffff8881010ffca0 [ 31.979759] which belongs to the cache kmalloc-16 of size 16 [ 31.980533] The buggy address is located 8 bytes inside of [ 31.980533] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.981687] [ 31.981834] The buggy address belongs to the physical page: [ 31.982688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.983519] flags: 0x200000000000000(node=0|zone=2) [ 31.983890] page_type: f5(slab) [ 31.984111] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.985417] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.986043] page dumped because: kasan: bad access detected [ 31.986489] [ 31.986811] Memory state around the buggy address: [ 31.987562] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.988094] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.988678] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.989821] ^ [ 31.990135] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.990734] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.991399] ================================================================== [ 32.072279] ================================================================== [ 32.072929] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.073326] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.074490] [ 32.074759] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.074870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.074902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.074953] Call Trace: [ 32.074995] <TASK> [ 32.075035] dump_stack_lvl+0x73/0xb0 [ 32.075105] print_report+0xd1/0x650 [ 32.075160] ? __virt_addr_valid+0x1db/0x2d0 [ 32.075222] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.075346] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075406] kasan_report+0x141/0x180 [ 32.075465] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075535] kasan_check_range+0x10c/0x1c0 [ 32.075619] __kasan_check_write+0x18/0x20 [ 32.075804] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075895] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 32.075956] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.076007] ? trace_hardirqs_on+0x37/0xe0 [ 32.076064] ? kasan_bitops_generic+0x92/0x1c0 [ 32.076130] kasan_bitops_generic+0x116/0x1c0 [ 32.076188] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.076255] ? __pfx_read_tsc+0x10/0x10 [ 32.076314] ? ktime_get_ts64+0x86/0x230 [ 32.076386] kunit_try_run_case+0x1a5/0x480 [ 32.076452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.076514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.076603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.076672] ? __kthread_parkme+0x82/0x180 [ 32.076729] ? preempt_count_sub+0x50/0x80 [ 32.076795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.076864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.076934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.077000] kthread+0x337/0x6f0 [ 32.077425] ? trace_preempt_on+0x20/0xc0 [ 32.077514] ? __pfx_kthread+0x10/0x10 [ 32.077597] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.077660] ? calculate_sigpending+0x7b/0xa0 [ 32.077722] ? __pfx_kthread+0x10/0x10 [ 32.077775] ret_from_fork+0x116/0x1d0 [ 32.077832] ? __pfx_kthread+0x10/0x10 [ 32.077883] ret_from_fork_asm+0x1a/0x30 [ 32.077958] </TASK> [ 32.077988] [ 32.095655] Allocated by task 291: [ 32.095947] kasan_save_stack+0x45/0x70 [ 32.096389] kasan_save_track+0x18/0x40 [ 32.096978] kasan_save_alloc_info+0x3b/0x50 [ 32.097319] __kasan_kmalloc+0xb7/0xc0 [ 32.097939] __kmalloc_cache_noprof+0x189/0x420 [ 32.098271] kasan_bitops_generic+0x92/0x1c0 [ 32.099589] kunit_try_run_case+0x1a5/0x480 [ 32.100002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.100424] kthread+0x337/0x6f0 [ 32.100904] ret_from_fork+0x116/0x1d0 [ 32.101330] ret_from_fork_asm+0x1a/0x30 [ 32.101937] [ 32.102144] The buggy address belongs to the object at ffff8881010ffca0 [ 32.102144] which belongs to the cache kmalloc-16 of size 16 [ 32.103567] The buggy address is located 8 bytes inside of [ 32.103567] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.104955] [ 32.105203] The buggy address belongs to the physical page: [ 32.105747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.106781] flags: 0x200000000000000(node=0|zone=2) [ 32.107561] page_type: f5(slab) [ 32.107959] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.108792] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.109203] page dumped because: kasan: bad access detected [ 32.110045] [ 32.110248] Memory state around the buggy address: [ 32.110930] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.111855] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.112351] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.112995] ^ [ 32.113348] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.114027] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.114773] ================================================================== [ 31.992399] ================================================================== [ 31.992769] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.993205] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.994249] [ 31.994461] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.994597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.994644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.994697] Call Trace: [ 31.994737] <TASK> [ 31.994781] dump_stack_lvl+0x73/0xb0 [ 31.994857] print_report+0xd1/0x650 [ 31.994919] ? __virt_addr_valid+0x1db/0x2d0 [ 31.994987] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995057] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.995129] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995200] kasan_report+0x141/0x180 [ 31.995257] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995328] kasan_check_range+0x10c/0x1c0 [ 31.995390] __kasan_check_write+0x18/0x20 [ 31.995448] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995506] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.995584] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.995646] ? trace_hardirqs_on+0x37/0xe0 [ 31.995704] ? kasan_bitops_generic+0x92/0x1c0 [ 31.995792] kasan_bitops_generic+0x116/0x1c0 [ 31.995855] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.995889] ? __pfx_read_tsc+0x10/0x10 [ 31.995922] ? ktime_get_ts64+0x86/0x230 [ 31.995954] kunit_try_run_case+0x1a5/0x480 [ 31.995988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.996018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.996065] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.996190] ? __kthread_parkme+0x82/0x180 [ 31.996246] ? preempt_count_sub+0x50/0x80 [ 31.996309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.996379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.996445] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.996482] kthread+0x337/0x6f0 [ 31.996510] ? trace_preempt_on+0x20/0xc0 [ 31.996569] ? __pfx_kthread+0x10/0x10 [ 31.996598] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.996635] ? calculate_sigpending+0x7b/0xa0 [ 31.996693] ? __pfx_kthread+0x10/0x10 [ 31.996723] ret_from_fork+0x116/0x1d0 [ 31.996750] ? __pfx_kthread+0x10/0x10 [ 31.996779] ret_from_fork_asm+0x1a/0x30 [ 31.996820] </TASK> [ 31.996837] [ 32.016598] Allocated by task 291: [ 32.016902] kasan_save_stack+0x45/0x70 [ 32.017494] kasan_save_track+0x18/0x40 [ 32.017771] kasan_save_alloc_info+0x3b/0x50 [ 32.018417] __kasan_kmalloc+0xb7/0xc0 [ 32.018981] __kmalloc_cache_noprof+0x189/0x420 [ 32.019872] kasan_bitops_generic+0x92/0x1c0 [ 32.020375] kunit_try_run_case+0x1a5/0x480 [ 32.020967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.021736] kthread+0x337/0x6f0 [ 32.022115] ret_from_fork+0x116/0x1d0 [ 32.022874] ret_from_fork_asm+0x1a/0x30 [ 32.023435] [ 32.023596] The buggy address belongs to the object at ffff8881010ffca0 [ 32.023596] which belongs to the cache kmalloc-16 of size 16 [ 32.025178] The buggy address is located 8 bytes inside of [ 32.025178] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.026048] [ 32.026191] The buggy address belongs to the physical page: [ 32.027232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.027983] flags: 0x200000000000000(node=0|zone=2) [ 32.028394] page_type: f5(slab) [ 32.028834] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.029783] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.030527] page dumped because: kasan: bad access detected [ 32.031136] [ 32.031365] Memory state around the buggy address: [ 32.031933] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.032917] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.033617] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.033816] ^ [ 32.033946] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.034576] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.035071] ==================================================================