Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 56.742582] ================================================================== [ 56.749893] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 56.758958] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 56.766361] [ 56.767887] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 56.767917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.767924] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.767936] Call trace: [ 56.767943] show_stack+0x20/0x38 (C) [ 56.767961] dump_stack_lvl+0x8c/0xd0 [ 56.767978] print_report+0x118/0x608 [ 56.767997] kasan_report+0xdc/0x128 [ 56.768016] __asan_report_load8_noabort+0x20/0x30 [ 56.768032] kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 56.768053] kasan_bitops_generic+0x11c/0x1c8 [ 56.768072] kunit_try_run_case+0x170/0x3f0 [ 56.768090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.768113] kthread+0x328/0x630 [ 56.768127] ret_from_fork+0x10/0x20 [ 56.768144] [ 56.840129] Allocated by task 359: [ 56.843585] kasan_save_stack+0x3c/0x68 [ 56.847483] kasan_save_track+0x20/0x40 [ 56.851379] kasan_save_alloc_info+0x40/0x58 [ 56.855718] __kasan_kmalloc+0xd4/0xd8 [ 56.859527] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.864128] kasan_bitops_generic+0xa0/0x1c8 [ 56.868469] kunit_try_run_case+0x170/0x3f0 [ 56.872724] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.878292] kthread+0x328/0x630 [ 56.881577] ret_from_fork+0x10/0x20 [ 56.885211] [ 56.886735] The buggy address belongs to the object at ffff000080b08100 [ 56.886735] which belongs to the cache kmalloc-16 of size 16 [ 56.899213] The buggy address is located 8 bytes inside of [ 56.899213] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 56.911607] [ 56.913131] The buggy address belongs to the physical page: [ 56.918776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 56.926881] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.933489] page_type: f5(slab) [ 56.936688] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.944523] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.952356] page dumped because: kasan: bad access detected [ 56.958001] [ 56.959525] Memory state around the buggy address: [ 56.964381] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 56.971692] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.979004] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.986313] ^ [ 56.989855] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.997167] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.004477] ================================================================== [ 54.847139] ================================================================== [ 54.854449] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 54.863514] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 54.870915] [ 54.872440] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 54.872468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.872476] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.872485] Call trace: [ 54.872491] show_stack+0x20/0x38 (C) [ 54.872508] dump_stack_lvl+0x8c/0xd0 [ 54.872525] print_report+0x118/0x608 [ 54.872543] kasan_report+0xdc/0x128 [ 54.872561] __asan_report_load8_noabort+0x20/0x30 [ 54.872578] kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 54.872599] kasan_bitops_generic+0x11c/0x1c8 [ 54.872616] kunit_try_run_case+0x170/0x3f0 [ 54.872634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.872653] kthread+0x328/0x630 [ 54.872667] ret_from_fork+0x10/0x20 [ 54.872684] [ 54.944671] Allocated by task 359: [ 54.948126] kasan_save_stack+0x3c/0x68 [ 54.952025] kasan_save_track+0x20/0x40 [ 54.955922] kasan_save_alloc_info+0x40/0x58 [ 54.960260] __kasan_kmalloc+0xd4/0xd8 [ 54.964068] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.968671] kasan_bitops_generic+0xa0/0x1c8 [ 54.973011] kunit_try_run_case+0x170/0x3f0 [ 54.977263] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.982833] kthread+0x328/0x630 [ 54.986118] ret_from_fork+0x10/0x20 [ 54.989754] [ 54.991277] The buggy address belongs to the object at ffff000080b08100 [ 54.991277] which belongs to the cache kmalloc-16 of size 16 [ 55.003754] The buggy address is located 8 bytes inside of [ 55.003754] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 55.016149] [ 55.017672] The buggy address belongs to the physical page: [ 55.023317] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 55.031422] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.038029] page_type: f5(slab) [ 55.041228] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.049065] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.056896] page dumped because: kasan: bad access detected [ 55.062542] [ 55.064066] Memory state around the buggy address: [ 55.068921] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 55.076232] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.083545] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.090855] ^ [ 55.094398] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.101710] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.109018] ================================================================== [ 55.116380] ================================================================== [ 55.123692] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 55.132758] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 55.140249] [ 55.141775] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 55.141804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.141813] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.141822] Call trace: [ 55.141829] show_stack+0x20/0x38 (C) [ 55.141846] dump_stack_lvl+0x8c/0xd0 [ 55.141863] print_report+0x118/0x608 [ 55.141882] kasan_report+0xdc/0x128 [ 55.141900] kasan_check_range+0x100/0x1a8 [ 55.141919] __kasan_check_write+0x20/0x30 [ 55.141934] kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 55.141956] kasan_bitops_generic+0x11c/0x1c8 [ 55.141973] kunit_try_run_case+0x170/0x3f0 [ 55.141990] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.142011] kthread+0x328/0x630 [ 55.142024] ret_from_fork+0x10/0x20 [ 55.142041] [ 55.217482] Allocated by task 359: [ 55.220938] kasan_save_stack+0x3c/0x68 [ 55.224838] kasan_save_track+0x20/0x40 [ 55.228734] kasan_save_alloc_info+0x40/0x58 [ 55.233074] __kasan_kmalloc+0xd4/0xd8 [ 55.236882] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.241484] kasan_bitops_generic+0xa0/0x1c8 [ 55.245824] kunit_try_run_case+0x170/0x3f0 [ 55.250077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.255646] kthread+0x328/0x630 [ 55.258932] ret_from_fork+0x10/0x20 [ 55.262566] [ 55.264089] The buggy address belongs to the object at ffff000080b08100 [ 55.264089] which belongs to the cache kmalloc-16 of size 16 [ 55.276566] The buggy address is located 8 bytes inside of [ 55.276566] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 55.288959] [ 55.290483] The buggy address belongs to the physical page: [ 55.296128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 55.304235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.310841] page_type: f5(slab) [ 55.314040] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.321875] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.329706] page dumped because: kasan: bad access detected [ 55.335352] [ 55.336875] Memory state around the buggy address: [ 55.341731] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 55.349042] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.356353] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.363662] ^ [ 55.367205] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.374515] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.381824] ================================================================== [ 55.389199] ================================================================== [ 55.396508] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 55.405573] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 55.412973] [ 55.414500] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 55.414530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.414537] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.414548] Call trace: [ 55.414554] show_stack+0x20/0x38 (C) [ 55.414572] dump_stack_lvl+0x8c/0xd0 [ 55.414591] print_report+0x118/0x608 [ 55.414609] kasan_report+0xdc/0x128 [ 55.414627] __asan_report_load8_noabort+0x20/0x30 [ 55.414644] kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 55.414665] kasan_bitops_generic+0x11c/0x1c8 [ 55.414683] kunit_try_run_case+0x170/0x3f0 [ 55.414702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.414724] kthread+0x328/0x630 [ 55.414737] ret_from_fork+0x10/0x20 [ 55.414754] [ 55.486741] Allocated by task 359: [ 55.490197] kasan_save_stack+0x3c/0x68 [ 55.494096] kasan_save_track+0x20/0x40 [ 55.497993] kasan_save_alloc_info+0x40/0x58 [ 55.502331] __kasan_kmalloc+0xd4/0xd8 [ 55.506139] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.510739] kasan_bitops_generic+0xa0/0x1c8 [ 55.515081] kunit_try_run_case+0x170/0x3f0 [ 55.519334] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.524902] kthread+0x328/0x630 [ 55.528188] ret_from_fork+0x10/0x20 [ 55.531822] [ 55.533346] The buggy address belongs to the object at ffff000080b08100 [ 55.533346] which belongs to the cache kmalloc-16 of size 16 [ 55.545824] The buggy address is located 8 bytes inside of [ 55.545824] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 55.558218] [ 55.559741] The buggy address belongs to the physical page: [ 55.565386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 55.573491] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.580099] page_type: f5(slab) [ 55.583298] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.591135] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.598966] page dumped because: kasan: bad access detected [ 55.604612] [ 55.606135] Memory state around the buggy address: [ 55.610990] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 55.618303] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.625615] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.632924] ^ [ 55.636468] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.643779] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.651089] ================================================================== [ 55.658452] ================================================================== [ 55.665763] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 55.674829] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 55.682316] [ 55.683842] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 55.683871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.683879] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.683891] Call trace: [ 55.683897] show_stack+0x20/0x38 (C) [ 55.683915] dump_stack_lvl+0x8c/0xd0 [ 55.683934] print_report+0x118/0x608 [ 55.683952] kasan_report+0xdc/0x128 [ 55.683970] kasan_check_range+0x100/0x1a8 [ 55.683990] __kasan_check_write+0x20/0x30 [ 55.684006] kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 55.684028] kasan_bitops_generic+0x11c/0x1c8 [ 55.684047] kunit_try_run_case+0x170/0x3f0 [ 55.684064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.684086] kthread+0x328/0x630 [ 55.684100] ret_from_fork+0x10/0x20 [ 55.684117] [ 55.759555] Allocated by task 359: [ 55.763011] kasan_save_stack+0x3c/0x68 [ 55.766910] kasan_save_track+0x20/0x40 [ 55.770809] kasan_save_alloc_info+0x40/0x58 [ 55.775147] __kasan_kmalloc+0xd4/0xd8 [ 55.778956] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.783557] kasan_bitops_generic+0xa0/0x1c8 [ 55.787897] kunit_try_run_case+0x170/0x3f0 [ 55.792150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.797719] kthread+0x328/0x630 [ 55.801004] ret_from_fork+0x10/0x20 [ 55.804638] [ 55.806161] The buggy address belongs to the object at ffff000080b08100 [ 55.806161] which belongs to the cache kmalloc-16 of size 16 [ 55.818639] The buggy address is located 8 bytes inside of [ 55.818639] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 55.831032] [ 55.832555] The buggy address belongs to the physical page: [ 55.838200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 55.846305] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.852911] page_type: f5(slab) [ 55.856110] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.863945] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.871776] page dumped because: kasan: bad access detected [ 55.877421] [ 55.878943] Memory state around the buggy address: [ 55.883796] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 55.891108] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.898420] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.905729] ^ [ 55.909272] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.916583] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.923892] ================================================================== [ 56.200509] ================================================================== [ 56.207821] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 56.216885] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 56.224374] [ 56.225898] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 56.225927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.225936] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.225945] Call trace: [ 56.225953] show_stack+0x20/0x38 (C) [ 56.225970] dump_stack_lvl+0x8c/0xd0 [ 56.225988] print_report+0x118/0x608 [ 56.226006] kasan_report+0xdc/0x128 [ 56.226024] kasan_check_range+0x100/0x1a8 [ 56.226043] __kasan_check_write+0x20/0x30 [ 56.226060] kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 56.226080] kasan_bitops_generic+0x11c/0x1c8 [ 56.226099] kunit_try_run_case+0x170/0x3f0 [ 56.226116] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.226136] kthread+0x328/0x630 [ 56.226150] ret_from_fork+0x10/0x20 [ 56.226166] [ 56.301605] Allocated by task 359: [ 56.305061] kasan_save_stack+0x3c/0x68 [ 56.308961] kasan_save_track+0x20/0x40 [ 56.312859] kasan_save_alloc_info+0x40/0x58 [ 56.317196] __kasan_kmalloc+0xd4/0xd8 [ 56.321005] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.325605] kasan_bitops_generic+0xa0/0x1c8 [ 56.329947] kunit_try_run_case+0x170/0x3f0 [ 56.334200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.339770] kthread+0x328/0x630 [ 56.343055] ret_from_fork+0x10/0x20 [ 56.346690] [ 56.348212] The buggy address belongs to the object at ffff000080b08100 [ 56.348212] which belongs to the cache kmalloc-16 of size 16 [ 56.360689] The buggy address is located 8 bytes inside of [ 56.360689] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 56.373084] [ 56.374607] The buggy address belongs to the physical page: [ 56.380251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 56.388359] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.394966] page_type: f5(slab) [ 56.398166] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.406002] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.413834] page dumped because: kasan: bad access detected [ 56.419481] [ 56.421003] Memory state around the buggy address: [ 56.425858] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 56.433171] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.440482] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.447793] ^ [ 56.451335] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.458645] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.465956] ================================================================== [ 56.473329] ================================================================== [ 56.480638] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 56.489704] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 56.497104] [ 56.498629] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 56.498657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.498666] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.498677] Call trace: [ 56.498684] show_stack+0x20/0x38 (C) [ 56.498700] dump_stack_lvl+0x8c/0xd0 [ 56.498719] print_report+0x118/0x608 [ 56.498737] kasan_report+0xdc/0x128 [ 56.498755] __asan_report_load8_noabort+0x20/0x30 [ 56.498771] kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 56.498793] kasan_bitops_generic+0x11c/0x1c8 [ 56.498811] kunit_try_run_case+0x170/0x3f0 [ 56.498829] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.498849] kthread+0x328/0x630 [ 56.498863] ret_from_fork+0x10/0x20 [ 56.498880] [ 56.570868] Allocated by task 359: [ 56.574323] kasan_save_stack+0x3c/0x68 [ 56.578221] kasan_save_track+0x20/0x40 [ 56.582120] kasan_save_alloc_info+0x40/0x58 [ 56.586459] __kasan_kmalloc+0xd4/0xd8 [ 56.590268] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.594870] kasan_bitops_generic+0xa0/0x1c8 [ 56.599210] kunit_try_run_case+0x170/0x3f0 [ 56.603463] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.609032] kthread+0x328/0x630 [ 56.612317] ret_from_fork+0x10/0x20 [ 56.615952] [ 56.617475] The buggy address belongs to the object at ffff000080b08100 [ 56.617475] which belongs to the cache kmalloc-16 of size 16 [ 56.629953] The buggy address is located 8 bytes inside of [ 56.629953] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 56.642347] [ 56.643870] The buggy address belongs to the physical page: [ 56.649516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 56.657623] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.664230] page_type: f5(slab) [ 56.667428] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.675265] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.683096] page dumped because: kasan: bad access detected [ 56.688742] [ 56.690265] Memory state around the buggy address: [ 56.695122] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 56.702434] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.709747] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.717057] ^ [ 56.720600] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.727912] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.735221] ================================================================== [ 54.574492] ================================================================== [ 54.581803] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 54.590783] Write of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 54.598270] [ 54.599796] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 54.599826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.599833] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.599843] Call trace: [ 54.599850] show_stack+0x20/0x38 (C) [ 54.599866] dump_stack_lvl+0x8c/0xd0 [ 54.599884] print_report+0x118/0x608 [ 54.599902] kasan_report+0xdc/0x128 [ 54.599921] kasan_check_range+0x100/0x1a8 [ 54.599942] __kasan_check_write+0x20/0x30 [ 54.599958] kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 54.599979] kasan_bitops_generic+0x11c/0x1c8 [ 54.599998] kunit_try_run_case+0x170/0x3f0 [ 54.600016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.600037] kthread+0x328/0x630 [ 54.600051] ret_from_fork+0x10/0x20 [ 54.600069] [ 54.675422] Allocated by task 359: [ 54.678877] kasan_save_stack+0x3c/0x68 [ 54.682776] kasan_save_track+0x20/0x40 [ 54.686674] kasan_save_alloc_info+0x40/0x58 [ 54.691012] __kasan_kmalloc+0xd4/0xd8 [ 54.694822] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.699424] kasan_bitops_generic+0xa0/0x1c8 [ 54.703764] kunit_try_run_case+0x170/0x3f0 [ 54.708016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.713585] kthread+0x328/0x630 [ 54.716871] ret_from_fork+0x10/0x20 [ 54.720506] [ 54.722029] The buggy address belongs to the object at ffff000080b08100 [ 54.722029] which belongs to the cache kmalloc-16 of size 16 [ 54.734506] The buggy address is located 8 bytes inside of [ 54.734506] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 54.746900] [ 54.748423] The buggy address belongs to the physical page: [ 54.754068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 54.762173] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.768780] page_type: f5(slab) [ 54.771979] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.779814] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.787645] page dumped because: kasan: bad access detected [ 54.793292] [ 54.794814] Memory state around the buggy address: [ 54.799669] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 54.806980] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.814292] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.821602] ^ [ 54.825147] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.832457] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.839765] ================================================================== [ 55.931265] ================================================================== [ 55.938574] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 55.947638] Read of size 8 at addr ffff000080b08108 by task kunit_try_catch/359 [ 55.955040] [ 55.956565] CPU: 4 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 55.956594] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.956602] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.956612] Call trace: [ 55.956618] show_stack+0x20/0x38 (C) [ 55.956635] dump_stack_lvl+0x8c/0xd0 [ 55.956652] print_report+0x118/0x608 [ 55.956670] kasan_report+0xdc/0x128 [ 55.956688] __asan_report_load8_noabort+0x20/0x30 [ 55.956704] kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 55.956725] kasan_bitops_generic+0x11c/0x1c8 [ 55.956743] kunit_try_run_case+0x170/0x3f0 [ 55.956761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.956781] kthread+0x328/0x630 [ 55.956796] ret_from_fork+0x10/0x20 [ 55.956812] [ 56.028796] Allocated by task 359: [ 56.032252] kasan_save_stack+0x3c/0x68 [ 56.036150] kasan_save_track+0x20/0x40 [ 56.040047] kasan_save_alloc_info+0x40/0x58 [ 56.044386] __kasan_kmalloc+0xd4/0xd8 [ 56.048195] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.052796] kasan_bitops_generic+0xa0/0x1c8 [ 56.057137] kunit_try_run_case+0x170/0x3f0 [ 56.061390] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.066960] kthread+0x328/0x630 [ 56.070247] ret_from_fork+0x10/0x20 [ 56.073881] [ 56.075404] The buggy address belongs to the object at ffff000080b08100 [ 56.075404] which belongs to the cache kmalloc-16 of size 16 [ 56.087884] The buggy address is located 8 bytes inside of [ 56.087884] allocated 9-byte region [ffff000080b08100, ffff000080b08109) [ 56.100278] [ 56.101802] The buggy address belongs to the physical page: [ 56.107447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b08 [ 56.115553] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.122162] page_type: f5(slab) [ 56.125362] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.133198] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.141031] page dumped because: kasan: bad access detected [ 56.146677] [ 56.148199] Memory state around the buggy address: [ 56.153054] ffff000080b08000: 00 06 fc fc 00 06 fc fc 00 04 fc fc fa fb fc fc [ 56.160365] ffff000080b08080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.167675] >ffff000080b08100: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.174984] ^ [ 56.178527] ffff000080b08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.185840] ffff000080b08200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.193149] ==================================================================
[ 36.505933] ================================================================== [ 36.506000] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 36.506064] Write of size 8 at addr fff00000c5757348 by task kunit_try_catch/272 [ 36.506128] [ 36.506166] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 36.506347] Call trace: [ 36.506696] __kasan_check_write+0x20/0x30 [ 36.506755] kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 36.506826] kasan_bitops_generic+0x11c/0x1c8 [ 36.506912] kunit_try_run_case+0x170/0x3f0 [ 36.507186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.507597] kthread+0x328/0x630 [ 36.507714] ret_from_fork+0x10/0x20 [ 36.507851] [ 36.507925] Allocated by task 272: [ 36.508004] kasan_save_stack+0x3c/0x68 [ 36.508109] kasan_save_track+0x20/0x40 [ 36.508267] kasan_save_alloc_info+0x40/0x58 [ 36.508375] __kasan_kmalloc+0xd4/0xd8 [ 36.508637] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.508747] kasan_bitops_generic+0xa0/0x1c8 [ 36.508847] kunit_try_run_case+0x170/0x3f0 [ 36.508993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.509124] kthread+0x328/0x630 [ 36.509535] The buggy address belongs to the object at fff00000c5757340 [ 36.509535] which belongs to the cache kmalloc-16 of size 16 [ 36.511569] fff00000c5757280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 36.513334] ==================================================================
[ 32.209220] ================================================================== [ 32.209771] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.210899] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.211498] [ 32.212304] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.212374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.212391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.212416] Call Trace: [ 32.212438] <TASK> [ 32.212460] dump_stack_lvl+0x73/0xb0 [ 32.212508] print_report+0xd1/0x650 [ 32.212564] ? __virt_addr_valid+0x1db/0x2d0 [ 32.212599] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.212702] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212738] kasan_report+0x141/0x180 [ 32.212768] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212808] kasan_check_range+0x10c/0x1c0 [ 32.212839] __kasan_check_write+0x18/0x20 [ 32.212870] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212906] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.212942] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.212974] ? trace_hardirqs_on+0x37/0xe0 [ 32.213004] ? kasan_bitops_generic+0x92/0x1c0 [ 32.213039] kasan_bitops_generic+0x121/0x1c0 [ 32.213069] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.213101] ? __pfx_read_tsc+0x10/0x10 [ 32.213130] ? ktime_get_ts64+0x86/0x230 [ 32.213162] kunit_try_run_case+0x1a5/0x480 [ 32.213195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.213224] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.213257] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.213291] ? __kthread_parkme+0x82/0x180 [ 32.213319] ? preempt_count_sub+0x50/0x80 [ 32.213351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.213382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.213413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.213443] kthread+0x337/0x6f0 [ 32.213469] ? trace_preempt_on+0x20/0xc0 [ 32.213498] ? __pfx_kthread+0x10/0x10 [ 32.213525] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.213574] ? calculate_sigpending+0x7b/0xa0 [ 32.213605] ? __pfx_kthread+0x10/0x10 [ 32.213643] ret_from_fork+0x116/0x1d0 [ 32.213683] ? __pfx_kthread+0x10/0x10 [ 32.213712] ret_from_fork_asm+0x1a/0x30 [ 32.213752] </TASK> [ 32.213767] [ 32.229375] Allocated by task 291: [ 32.229759] kasan_save_stack+0x45/0x70 [ 32.230282] kasan_save_track+0x18/0x40 [ 32.230765] kasan_save_alloc_info+0x3b/0x50 [ 32.231188] __kasan_kmalloc+0xb7/0xc0 [ 32.231601] __kmalloc_cache_noprof+0x189/0x420 [ 32.232312] kasan_bitops_generic+0x92/0x1c0 [ 32.232689] kunit_try_run_case+0x1a5/0x480 [ 32.233007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.233525] kthread+0x337/0x6f0 [ 32.233969] ret_from_fork+0x116/0x1d0 [ 32.234509] ret_from_fork_asm+0x1a/0x30 [ 32.234947] [ 32.235178] The buggy address belongs to the object at ffff8881010ffca0 [ 32.235178] which belongs to the cache kmalloc-16 of size 16 [ 32.236173] The buggy address is located 8 bytes inside of [ 32.236173] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.236901] [ 32.237044] The buggy address belongs to the physical page: [ 32.237321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.238152] flags: 0x200000000000000(node=0|zone=2) [ 32.238763] page_type: f5(slab) [ 32.239108] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.239883] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.240572] page dumped because: kasan: bad access detected [ 32.241047] [ 32.241212] Memory state around the buggy address: [ 32.241674] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.242264] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.242903] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.243250] ^ [ 32.243878] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.245049] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.245573] ================================================================== [ 32.246801] ================================================================== [ 32.247385] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.248214] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.248987] [ 32.249294] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.249452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.249489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.249573] Call Trace: [ 32.249619] <TASK> [ 32.249693] dump_stack_lvl+0x73/0xb0 [ 32.249829] print_report+0xd1/0x650 [ 32.249896] ? __virt_addr_valid+0x1db/0x2d0 [ 32.249959] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250069] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.250165] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250253] kasan_report+0x141/0x180 [ 32.250305] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250348] kasan_check_range+0x10c/0x1c0 [ 32.250380] __kasan_check_write+0x18/0x20 [ 32.250412] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250447] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.250484] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.250517] ? trace_hardirqs_on+0x37/0xe0 [ 32.250567] ? kasan_bitops_generic+0x92/0x1c0 [ 32.250603] kasan_bitops_generic+0x121/0x1c0 [ 32.250653] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.250691] ? __pfx_read_tsc+0x10/0x10 [ 32.250721] ? ktime_get_ts64+0x86/0x230 [ 32.250753] kunit_try_run_case+0x1a5/0x480 [ 32.250787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.250818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.250852] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.250887] ? __kthread_parkme+0x82/0x180 [ 32.250915] ? preempt_count_sub+0x50/0x80 [ 32.250946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.250979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.251011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.251043] kthread+0x337/0x6f0 [ 32.251069] ? trace_preempt_on+0x20/0xc0 [ 32.251098] ? __pfx_kthread+0x10/0x10 [ 32.251125] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.251155] ? calculate_sigpending+0x7b/0xa0 [ 32.251186] ? __pfx_kthread+0x10/0x10 [ 32.251214] ret_from_fork+0x116/0x1d0 [ 32.251240] ? __pfx_kthread+0x10/0x10 [ 32.251267] ret_from_fork_asm+0x1a/0x30 [ 32.251306] </TASK> [ 32.251320] [ 32.268244] Allocated by task 291: [ 32.268709] kasan_save_stack+0x45/0x70 [ 32.269189] kasan_save_track+0x18/0x40 [ 32.269618] kasan_save_alloc_info+0x3b/0x50 [ 32.270079] __kasan_kmalloc+0xb7/0xc0 [ 32.270500] __kmalloc_cache_noprof+0x189/0x420 [ 32.271064] kasan_bitops_generic+0x92/0x1c0 [ 32.271459] kunit_try_run_case+0x1a5/0x480 [ 32.271806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.272295] kthread+0x337/0x6f0 [ 32.273095] ret_from_fork+0x116/0x1d0 [ 32.273317] ret_from_fork_asm+0x1a/0x30 [ 32.274033] [ 32.274247] The buggy address belongs to the object at ffff8881010ffca0 [ 32.274247] which belongs to the cache kmalloc-16 of size 16 [ 32.275191] The buggy address is located 8 bytes inside of [ 32.275191] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.275948] [ 32.276158] The buggy address belongs to the physical page: [ 32.276842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.277301] flags: 0x200000000000000(node=0|zone=2) [ 32.277655] page_type: f5(slab) [ 32.277879] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.278452] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.279161] page dumped because: kasan: bad access detected [ 32.279587] [ 32.279802] Memory state around the buggy address: [ 32.280290] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.280664] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.281295] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.281811] ^ [ 32.282671] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.283371] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.283727] ================================================================== [ 32.285083] ================================================================== [ 32.286167] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.286701] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.287077] [ 32.287266] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.287607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.287711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.287793] Call Trace: [ 32.287845] <TASK> [ 32.287886] dump_stack_lvl+0x73/0xb0 [ 32.287959] print_report+0xd1/0x650 [ 32.288016] ? __virt_addr_valid+0x1db/0x2d0 [ 32.288078] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.288214] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288304] kasan_report+0x141/0x180 [ 32.288368] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288455] kasan_check_range+0x10c/0x1c0 [ 32.288522] __kasan_check_write+0x18/0x20 [ 32.288595] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288661] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.288704] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.288738] ? trace_hardirqs_on+0x37/0xe0 [ 32.288771] ? kasan_bitops_generic+0x92/0x1c0 [ 32.288806] kasan_bitops_generic+0x121/0x1c0 [ 32.288838] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.288870] ? __pfx_read_tsc+0x10/0x10 [ 32.288900] ? ktime_get_ts64+0x86/0x230 [ 32.288932] kunit_try_run_case+0x1a5/0x480 [ 32.288966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.288996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.289029] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.289061] ? __kthread_parkme+0x82/0x180 [ 32.289089] ? preempt_count_sub+0x50/0x80 [ 32.289119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.289151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.289183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.289215] kthread+0x337/0x6f0 [ 32.289240] ? trace_preempt_on+0x20/0xc0 [ 32.289269] ? __pfx_kthread+0x10/0x10 [ 32.289297] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.289326] ? calculate_sigpending+0x7b/0xa0 [ 32.289357] ? __pfx_kthread+0x10/0x10 [ 32.289385] ret_from_fork+0x116/0x1d0 [ 32.289411] ? __pfx_kthread+0x10/0x10 [ 32.289438] ret_from_fork_asm+0x1a/0x30 [ 32.289478] </TASK> [ 32.289492] [ 32.303561] Allocated by task 291: [ 32.304052] kasan_save_stack+0x45/0x70 [ 32.304373] kasan_save_track+0x18/0x40 [ 32.304846] kasan_save_alloc_info+0x3b/0x50 [ 32.305297] __kasan_kmalloc+0xb7/0xc0 [ 32.305750] __kmalloc_cache_noprof+0x189/0x420 [ 32.306097] kasan_bitops_generic+0x92/0x1c0 [ 32.306580] kunit_try_run_case+0x1a5/0x480 [ 32.306991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.307437] kthread+0x337/0x6f0 [ 32.307763] ret_from_fork+0x116/0x1d0 [ 32.308202] ret_from_fork_asm+0x1a/0x30 [ 32.308611] [ 32.308857] The buggy address belongs to the object at ffff8881010ffca0 [ 32.308857] which belongs to the cache kmalloc-16 of size 16 [ 32.309529] The buggy address is located 8 bytes inside of [ 32.309529] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.310099] [ 32.310233] The buggy address belongs to the physical page: [ 32.310681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.311390] flags: 0x200000000000000(node=0|zone=2) [ 32.311914] page_type: f5(slab) [ 32.312251] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.312970] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.313689] page dumped because: kasan: bad access detected [ 32.314214] [ 32.314441] Memory state around the buggy address: [ 32.314963] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.315470] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.315953] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.316621] ^ [ 32.317121] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.317606] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.318149] ================================================================== [ 32.161306] ================================================================== [ 32.162973] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.163964] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.165457] [ 32.165922] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.166042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.166072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.166118] Call Trace: [ 32.166148] <TASK> [ 32.166181] dump_stack_lvl+0x73/0xb0 [ 32.166252] print_report+0xd1/0x650 [ 32.166286] ? __virt_addr_valid+0x1db/0x2d0 [ 32.166319] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166355] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.166390] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166425] kasan_report+0x141/0x180 [ 32.166454] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166496] kasan_check_range+0x10c/0x1c0 [ 32.166527] __kasan_check_write+0x18/0x20 [ 32.166585] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166622] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.166674] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.166708] ? trace_hardirqs_on+0x37/0xe0 [ 32.166739] ? kasan_bitops_generic+0x92/0x1c0 [ 32.166774] kasan_bitops_generic+0x121/0x1c0 [ 32.166805] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.166837] ? __pfx_read_tsc+0x10/0x10 [ 32.166867] ? ktime_get_ts64+0x86/0x230 [ 32.166899] kunit_try_run_case+0x1a5/0x480 [ 32.166931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.166961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.166993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.167027] ? __kthread_parkme+0x82/0x180 [ 32.167091] ? preempt_count_sub+0x50/0x80 [ 32.167160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.167202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.167237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.167270] kthread+0x337/0x6f0 [ 32.167297] ? trace_preempt_on+0x20/0xc0 [ 32.167328] ? __pfx_kthread+0x10/0x10 [ 32.167356] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.167387] ? calculate_sigpending+0x7b/0xa0 [ 32.167418] ? __pfx_kthread+0x10/0x10 [ 32.167447] ret_from_fork+0x116/0x1d0 [ 32.167473] ? __pfx_kthread+0x10/0x10 [ 32.167501] ret_from_fork_asm+0x1a/0x30 [ 32.167563] </TASK> [ 32.167580] [ 32.188180] Allocated by task 291: [ 32.188321] kasan_save_stack+0x45/0x70 [ 32.188469] kasan_save_track+0x18/0x40 [ 32.188992] kasan_save_alloc_info+0x3b/0x50 [ 32.189687] __kasan_kmalloc+0xb7/0xc0 [ 32.190530] __kmalloc_cache_noprof+0x189/0x420 [ 32.191079] kasan_bitops_generic+0x92/0x1c0 [ 32.191419] kunit_try_run_case+0x1a5/0x480 [ 32.192043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.192691] kthread+0x337/0x6f0 [ 32.192899] ret_from_fork+0x116/0x1d0 [ 32.193327] ret_from_fork_asm+0x1a/0x30 [ 32.193966] [ 32.194419] The buggy address belongs to the object at ffff8881010ffca0 [ 32.194419] which belongs to the cache kmalloc-16 of size 16 [ 32.195677] The buggy address is located 8 bytes inside of [ 32.195677] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.196881] [ 32.197123] The buggy address belongs to the physical page: [ 32.197435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.198159] flags: 0x200000000000000(node=0|zone=2) [ 32.199071] page_type: f5(slab) [ 32.199661] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.200391] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.201215] page dumped because: kasan: bad access detected [ 32.201696] [ 32.202342] Memory state around the buggy address: [ 32.202790] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.203496] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.204160] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.205097] ^ [ 32.205649] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.206204] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.206609] ================================================================== [ 32.355081] ================================================================== [ 32.355765] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.356351] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.357095] [ 32.357348] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.357488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.357525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.357587] Call Trace: [ 32.357658] <TASK> [ 32.357701] dump_stack_lvl+0x73/0xb0 [ 32.357788] print_report+0xd1/0x650 [ 32.357866] ? __virt_addr_valid+0x1db/0x2d0 [ 32.357929] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.357996] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.358060] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.358160] kasan_report+0x141/0x180 [ 32.358224] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.358299] kasan_check_range+0x10c/0x1c0 [ 32.358360] __kasan_check_write+0x18/0x20 [ 32.358433] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.358524] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.358609] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.358706] ? trace_hardirqs_on+0x37/0xe0 [ 32.358776] ? kasan_bitops_generic+0x92/0x1c0 [ 32.358864] kasan_bitops_generic+0x121/0x1c0 [ 32.358929] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.358988] ? __pfx_read_tsc+0x10/0x10 [ 32.359036] ? ktime_get_ts64+0x86/0x230 [ 32.359092] kunit_try_run_case+0x1a5/0x480 [ 32.359158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.359219] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.359284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.359351] ? __kthread_parkme+0x82/0x180 [ 32.359411] ? preempt_count_sub+0x50/0x80 [ 32.359470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.359536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.359657] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.359728] kthread+0x337/0x6f0 [ 32.359791] ? trace_preempt_on+0x20/0xc0 [ 32.359879] ? __pfx_kthread+0x10/0x10 [ 32.359939] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.360004] ? calculate_sigpending+0x7b/0xa0 [ 32.360070] ? __pfx_kthread+0x10/0x10 [ 32.360131] ret_from_fork+0x116/0x1d0 [ 32.360188] ? __pfx_kthread+0x10/0x10 [ 32.360248] ret_from_fork_asm+0x1a/0x30 [ 32.360332] </TASK> [ 32.360362] [ 32.378903] Allocated by task 291: [ 32.379266] kasan_save_stack+0x45/0x70 [ 32.379653] kasan_save_track+0x18/0x40 [ 32.380470] kasan_save_alloc_info+0x3b/0x50 [ 32.381660] __kasan_kmalloc+0xb7/0xc0 [ 32.381871] __kmalloc_cache_noprof+0x189/0x420 [ 32.382351] kasan_bitops_generic+0x92/0x1c0 [ 32.382841] kunit_try_run_case+0x1a5/0x480 [ 32.383256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.383741] kthread+0x337/0x6f0 [ 32.384361] ret_from_fork+0x116/0x1d0 [ 32.384780] ret_from_fork_asm+0x1a/0x30 [ 32.385456] [ 32.385610] The buggy address belongs to the object at ffff8881010ffca0 [ 32.385610] which belongs to the cache kmalloc-16 of size 16 [ 32.386945] The buggy address is located 8 bytes inside of [ 32.386945] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.387843] [ 32.388054] The buggy address belongs to the physical page: [ 32.388457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.388800] flags: 0x200000000000000(node=0|zone=2) [ 32.389478] page_type: f5(slab) [ 32.390241] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.390964] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.391353] page dumped because: kasan: bad access detected [ 32.392073] [ 32.392289] Memory state around the buggy address: [ 32.392657] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.393160] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.394244] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.394796] ^ [ 32.395202] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395575] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.396219] ================================================================== [ 32.473406] ================================================================== [ 32.473876] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.474648] Read of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.475120] [ 32.475378] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.475492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.475524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.475594] Call Trace: [ 32.475667] <TASK> [ 32.475711] dump_stack_lvl+0x73/0xb0 [ 32.475787] print_report+0xd1/0x650 [ 32.475861] ? __virt_addr_valid+0x1db/0x2d0 [ 32.475927] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.475998] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.476078] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.476170] kasan_report+0x141/0x180 [ 32.476235] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.476323] __asan_report_load8_noabort+0x18/0x20 [ 32.476394] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.476469] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.476561] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.476663] ? trace_hardirqs_on+0x37/0xe0 [ 32.476732] ? kasan_bitops_generic+0x92/0x1c0 [ 32.476807] kasan_bitops_generic+0x121/0x1c0 [ 32.476876] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.476945] ? __pfx_read_tsc+0x10/0x10 [ 32.476997] ? ktime_get_ts64+0x86/0x230 [ 32.477042] kunit_try_run_case+0x1a5/0x480 [ 32.477077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.477109] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.477144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.477179] ? __kthread_parkme+0x82/0x180 [ 32.477207] ? preempt_count_sub+0x50/0x80 [ 32.477238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.477270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.477302] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.477334] kthread+0x337/0x6f0 [ 32.477360] ? trace_preempt_on+0x20/0xc0 [ 32.477390] ? __pfx_kthread+0x10/0x10 [ 32.477418] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.477447] ? calculate_sigpending+0x7b/0xa0 [ 32.477480] ? __pfx_kthread+0x10/0x10 [ 32.477508] ret_from_fork+0x116/0x1d0 [ 32.477533] ? __pfx_kthread+0x10/0x10 [ 32.477585] ret_from_fork_asm+0x1a/0x30 [ 32.477642] </TASK> [ 32.477679] [ 32.491119] Allocated by task 291: [ 32.491371] kasan_save_stack+0x45/0x70 [ 32.491832] kasan_save_track+0x18/0x40 [ 32.492194] kasan_save_alloc_info+0x3b/0x50 [ 32.492516] __kasan_kmalloc+0xb7/0xc0 [ 32.492875] __kmalloc_cache_noprof+0x189/0x420 [ 32.493308] kasan_bitops_generic+0x92/0x1c0 [ 32.493747] kunit_try_run_case+0x1a5/0x480 [ 32.494077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.494505] kthread+0x337/0x6f0 [ 32.494833] ret_from_fork+0x116/0x1d0 [ 32.495137] ret_from_fork_asm+0x1a/0x30 [ 32.495533] [ 32.495734] The buggy address belongs to the object at ffff8881010ffca0 [ 32.495734] which belongs to the cache kmalloc-16 of size 16 [ 32.496661] The buggy address is located 8 bytes inside of [ 32.496661] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.497437] [ 32.497692] The buggy address belongs to the physical page: [ 32.497973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.498354] flags: 0x200000000000000(node=0|zone=2) [ 32.498872] page_type: f5(slab) [ 32.499229] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.499961] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.500454] page dumped because: kasan: bad access detected [ 32.500785] [ 32.500919] Memory state around the buggy address: [ 32.501167] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.501501] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.502177] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.502851] ^ [ 32.503277] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.503959] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.504514] ================================================================== [ 32.397628] ================================================================== [ 32.398387] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.399913] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.400286] [ 32.400435] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.400535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.400586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.400638] Call Trace: [ 32.400680] <TASK> [ 32.400716] dump_stack_lvl+0x73/0xb0 [ 32.400763] print_report+0xd1/0x650 [ 32.400794] ? __virt_addr_valid+0x1db/0x2d0 [ 32.400827] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.400864] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.400898] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.400934] kasan_report+0x141/0x180 [ 32.400962] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.401003] kasan_check_range+0x10c/0x1c0 [ 32.401034] __kasan_check_write+0x18/0x20 [ 32.401064] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.401099] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.401135] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.401166] ? trace_hardirqs_on+0x37/0xe0 [ 32.401196] ? kasan_bitops_generic+0x92/0x1c0 [ 32.401231] kasan_bitops_generic+0x121/0x1c0 [ 32.401261] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.401293] ? __pfx_read_tsc+0x10/0x10 [ 32.401321] ? ktime_get_ts64+0x86/0x230 [ 32.401352] kunit_try_run_case+0x1a5/0x480 [ 32.401386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.401416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.401448] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.401480] ? __kthread_parkme+0x82/0x180 [ 32.401507] ? preempt_count_sub+0x50/0x80 [ 32.401570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.401653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.401719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.401877] kthread+0x337/0x6f0 [ 32.402148] ? trace_preempt_on+0x20/0xc0 [ 32.402252] ? __pfx_kthread+0x10/0x10 [ 32.402314] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.402379] ? calculate_sigpending+0x7b/0xa0 [ 32.402444] ? __pfx_kthread+0x10/0x10 [ 32.402504] ret_from_fork+0x116/0x1d0 [ 32.402570] ? __pfx_kthread+0x10/0x10 [ 32.402671] ret_from_fork_asm+0x1a/0x30 [ 32.402749] </TASK> [ 32.402768] [ 32.416704] Allocated by task 291: [ 32.417101] kasan_save_stack+0x45/0x70 [ 32.417516] kasan_save_track+0x18/0x40 [ 32.417977] kasan_save_alloc_info+0x3b/0x50 [ 32.418338] __kasan_kmalloc+0xb7/0xc0 [ 32.418598] __kmalloc_cache_noprof+0x189/0x420 [ 32.418909] kasan_bitops_generic+0x92/0x1c0 [ 32.419164] kunit_try_run_case+0x1a5/0x480 [ 32.419610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.420195] kthread+0x337/0x6f0 [ 32.420576] ret_from_fork+0x116/0x1d0 [ 32.421006] ret_from_fork_asm+0x1a/0x30 [ 32.421411] [ 32.421657] The buggy address belongs to the object at ffff8881010ffca0 [ 32.421657] which belongs to the cache kmalloc-16 of size 16 [ 32.422767] The buggy address is located 8 bytes inside of [ 32.422767] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.423521] [ 32.423788] The buggy address belongs to the physical page: [ 32.424175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.424574] flags: 0x200000000000000(node=0|zone=2) [ 32.425082] page_type: f5(slab) [ 32.425485] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.426234] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.426847] page dumped because: kasan: bad access detected [ 32.427134] [ 32.427261] Memory state around the buggy address: [ 32.427708] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.428382] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.429045] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.429507] ^ [ 32.429981] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.430444] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.431011] ================================================================== [ 32.434081] ================================================================== [ 32.434667] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.435355] Read of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.435950] [ 32.436224] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.436336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.436370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.436421] Call Trace: [ 32.436462] <TASK> [ 32.436502] dump_stack_lvl+0x73/0xb0 [ 32.436621] print_report+0xd1/0x650 [ 32.436723] ? __virt_addr_valid+0x1db/0x2d0 [ 32.436790] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.436858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.436923] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.436991] kasan_report+0x141/0x180 [ 32.437053] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.437130] kasan_check_range+0x10c/0x1c0 [ 32.437203] __kasan_check_read+0x15/0x20 [ 32.437284] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.437363] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.437437] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.437474] ? trace_hardirqs_on+0x37/0xe0 [ 32.437508] ? kasan_bitops_generic+0x92/0x1c0 [ 32.437563] kasan_bitops_generic+0x121/0x1c0 [ 32.437597] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.437662] ? __pfx_read_tsc+0x10/0x10 [ 32.437698] ? ktime_get_ts64+0x86/0x230 [ 32.437732] kunit_try_run_case+0x1a5/0x480 [ 32.437767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.437797] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.437830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.437863] ? __kthread_parkme+0x82/0x180 [ 32.437890] ? preempt_count_sub+0x50/0x80 [ 32.437922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.437954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.437986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.438018] kthread+0x337/0x6f0 [ 32.438044] ? trace_preempt_on+0x20/0xc0 [ 32.438074] ? __pfx_kthread+0x10/0x10 [ 32.438101] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.438131] ? calculate_sigpending+0x7b/0xa0 [ 32.438162] ? __pfx_kthread+0x10/0x10 [ 32.438190] ret_from_fork+0x116/0x1d0 [ 32.438215] ? __pfx_kthread+0x10/0x10 [ 32.438242] ret_from_fork_asm+0x1a/0x30 [ 32.438282] </TASK> [ 32.438297] [ 32.456609] Allocated by task 291: [ 32.456860] kasan_save_stack+0x45/0x70 [ 32.457331] kasan_save_track+0x18/0x40 [ 32.458285] kasan_save_alloc_info+0x3b/0x50 [ 32.458798] __kasan_kmalloc+0xb7/0xc0 [ 32.459077] __kmalloc_cache_noprof+0x189/0x420 [ 32.459569] kasan_bitops_generic+0x92/0x1c0 [ 32.460038] kunit_try_run_case+0x1a5/0x480 [ 32.460586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.460937] kthread+0x337/0x6f0 [ 32.461296] ret_from_fork+0x116/0x1d0 [ 32.461760] ret_from_fork_asm+0x1a/0x30 [ 32.462214] [ 32.462480] The buggy address belongs to the object at ffff8881010ffca0 [ 32.462480] which belongs to the cache kmalloc-16 of size 16 [ 32.463659] The buggy address is located 8 bytes inside of [ 32.463659] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.464378] [ 32.464636] The buggy address belongs to the physical page: [ 32.465145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.465669] flags: 0x200000000000000(node=0|zone=2) [ 32.466184] page_type: f5(slab) [ 32.466502] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.467453] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.467940] page dumped because: kasan: bad access detected [ 32.468488] [ 32.468732] Memory state around the buggy address: [ 32.469028] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.469721] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.470297] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.470809] ^ [ 32.471255] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.471838] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.472328] ================================================================== [ 32.319745] ================================================================== [ 32.320448] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.321316] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.322046] [ 32.322282] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.322395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.322425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.322485] Call Trace: [ 32.322556] <TASK> [ 32.322597] dump_stack_lvl+0x73/0xb0 [ 32.322716] print_report+0xd1/0x650 [ 32.322782] ? __virt_addr_valid+0x1db/0x2d0 [ 32.322842] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.322922] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.323008] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.323081] kasan_report+0x141/0x180 [ 32.323145] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.323225] kasan_check_range+0x10c/0x1c0 [ 32.323282] __kasan_check_write+0x18/0x20 [ 32.323331] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.323397] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.323466] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.323534] ? trace_hardirqs_on+0x37/0xe0 [ 32.323620] ? kasan_bitops_generic+0x92/0x1c0 [ 32.323722] kasan_bitops_generic+0x121/0x1c0 [ 32.323785] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.323869] ? __pfx_read_tsc+0x10/0x10 [ 32.323950] ? ktime_get_ts64+0x86/0x230 [ 32.324012] kunit_try_run_case+0x1a5/0x480 [ 32.324078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.324148] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.324231] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.324292] ? __kthread_parkme+0x82/0x180 [ 32.324347] ? preempt_count_sub+0x50/0x80 [ 32.324405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.324469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.324562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.324658] kthread+0x337/0x6f0 [ 32.324715] ? trace_preempt_on+0x20/0xc0 [ 32.324771] ? __pfx_kthread+0x10/0x10 [ 32.324829] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.324900] ? calculate_sigpending+0x7b/0xa0 [ 32.324980] ? __pfx_kthread+0x10/0x10 [ 32.325039] ret_from_fork+0x116/0x1d0 [ 32.325090] ? __pfx_kthread+0x10/0x10 [ 32.325145] ret_from_fork_asm+0x1a/0x30 [ 32.325233] </TASK> [ 32.325280] [ 32.338786] Allocated by task 291: [ 32.339163] kasan_save_stack+0x45/0x70 [ 32.339598] kasan_save_track+0x18/0x40 [ 32.340032] kasan_save_alloc_info+0x3b/0x50 [ 32.340491] __kasan_kmalloc+0xb7/0xc0 [ 32.340963] __kmalloc_cache_noprof+0x189/0x420 [ 32.341402] kasan_bitops_generic+0x92/0x1c0 [ 32.341750] kunit_try_run_case+0x1a5/0x480 [ 32.342173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.342788] kthread+0x337/0x6f0 [ 32.343153] ret_from_fork+0x116/0x1d0 [ 32.343523] ret_from_fork_asm+0x1a/0x30 [ 32.343981] [ 32.344137] The buggy address belongs to the object at ffff8881010ffca0 [ 32.344137] which belongs to the cache kmalloc-16 of size 16 [ 32.344986] The buggy address is located 8 bytes inside of [ 32.344986] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.345902] [ 32.346125] The buggy address belongs to the physical page: [ 32.346567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.347152] flags: 0x200000000000000(node=0|zone=2) [ 32.347595] page_type: f5(slab) [ 32.347863] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.348226] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.348610] page dumped because: kasan: bad access detected [ 32.349176] [ 32.349381] Memory state around the buggy address: [ 32.349884] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.350512] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.351201] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.351901] ^ [ 32.352304] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.352958] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.353432] ==================================================================