Date
June 25, 2025, 8:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.018346] ================================================================== [ 29.021001] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 29.021261] Hardware name: linux,dummy-virt (DT) [ 29.021496] kasan_report+0xdc/0x128 [ 29.021710] kunit_try_run_case+0x170/0x3f0 [ 29.022034] kasan_save_track+0x20/0x40 [ 29.022194] kasan_bitops_generic+0xa0/0x1c8 [ 29.023218] [ 29.023407] page_type: f5(slab) [ 29.024151] [ 29.024760] >fff00000c454c800: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.024855] ^ [ 29.024961] fff00000c454c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.041626] ok 64 kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 29.044386] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x40a8/0x4858 [ 29.045534] Hardware name: linux,dummy-virt (DT) [ 29.045690] show_stack+0x20/0x38 (C) [ 29.046433] __asan_report_load4_noabort+0x20/0x30 [ 29.047089] kunit_try_run_case+0x170/0x3f0 [ 29.048571] __kasan_kmalloc+0xd4/0xd8 [ 29.049874] The buggy address is located 0 bytes to the right of [ 29.049874] allocated 48-byte region [fff00000c787d680, fff00000c787d6b0) [ 29.050544] page_type: f5(slab) [ 29.051016] [ 29.051416] fff00000c787d580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.052554] fff00000c787d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.054513] Write of size 4 at addr fff00000c787d6b0 by task kunit_try_catch/277 [ 29.054572] [ 29.054870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.055073] Hardware name: linux,dummy-virt (DT) [ 29.055586] print_report+0x118/0x608 [ 29.056902] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.057734] kasan_save_track+0x20/0x40 [ 29.059224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.060310] [ 29.060748] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.061455] [ 29.061931] >fff00000c787d680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.061976] ^ [ 29.062038] fff00000c787d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.062138] fff00000c787d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.062180] ================================================================== [ 28.989162] ================================================================== [ 28.989333] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 28.989485] Read of size 8 at addr fff00000c454c808 by task kunit_try_catch/273 [ 28.989539] [ 28.989587] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT [ 28.989729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.989786] Hardware name: linux,dummy-virt (DT) [ 28.989820] Call trace: [ 28.989871] show_stack+0x20/0x38 (C) [ 28.989931] dump_stack_lvl+0x8c/0xd0 [ 28.990005] print_report+0x118/0x608 [ 28.990120] kasan_report+0xdc/0x128 [ 28.990215] __asan_report_load8_noabort+0x20/0x30 [ 28.990318] kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 28.990377] kasan_bitops_generic+0x11c/0x1c8 [ 28.990437] kunit_try_run_case+0x170/0x3f0 [ 28.990606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.990773] kthread+0x328/0x630 [ 28.990899] ret_from_fork+0x10/0x20 [ 28.990989] [ 28.991087] Allocated by task 273: [ 28.991118] kasan_save_stack+0x3c/0x68 [ 28.991231] kasan_save_track+0x20/0x40 [ 28.991279] kasan_save_alloc_info+0x40/0x58 [ 28.991325] __kasan_kmalloc+0xd4/0xd8 [ 28.991484] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.991580] kasan_bitops_generic+0xa0/0x1c8 [ 28.991624] kunit_try_run_case+0x170/0x3f0 [ 28.991664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.991710] kthread+0x328/0x630 [ 28.991881] ret_from_fork+0x10/0x20 [ 28.992386] [ 28.992773] The buggy address belongs to the object at fff00000c454c800 [ 28.992773] which belongs to the cache kmalloc-16 of size 16 [ 28.992859] The buggy address is located 8 bytes inside of [ 28.992859] allocated 9-byte region [fff00000c454c800, fff00000c454c809) [ 28.992925] [ 28.992948] The buggy address belongs to the physical page: [ 28.992982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c [ 28.993257] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.993439] page_type: f5(slab) [ 28.993549] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 28.993676] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.993779] page dumped because: kasan: bad access detected [ 28.993847] [ 28.993931] Memory state around the buggy address: [ 28.994008] fff00000c454c700: fa fb fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 28.994107] fff00000c454c780: fa fb fc fc 00 01 fc fc fa fb fc fc 00 04 fc fc [ 28.994168] >fff00000c454c800: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.994209] ^ [ 28.994274] fff00000c454c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.994640] fff00000c454c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.994748] ================================================================== [ 29.005354] ================================================================== [ 29.005422] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 29.005479] Write of size 8 at addr fff00000c454c808 by task kunit_try_catch/273 [ 29.005530] [ 29.005560] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT [ 29.005649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.005727] Hardware name: linux,dummy-virt (DT) [ 29.005769] Call trace: [ 29.005795] show_stack+0x20/0x38 (C) [ 29.005845] dump_stack_lvl+0x8c/0xd0 [ 29.005894] print_report+0x118/0x608 [ 29.005941] kasan_report+0xdc/0x128 [ 29.005993] kasan_check_range+0x100/0x1a8 [ 29.006044] __kasan_check_write+0x20/0x30 [ 29.006090] kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 29.006147] kasan_bitops_generic+0x11c/0x1c8 [ 29.006196] kunit_try_run_case+0x170/0x3f0 [ 29.006246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.006309] kthread+0x328/0x630 [ 29.006351] ret_from_fork+0x10/0x20 [ 29.006842] [ 29.006876] Allocated by task 273: [ 29.006909] kasan_save_stack+0x3c/0x68 [ 29.006963] kasan_save_track+0x20/0x40 [ 29.007126] kasan_save_alloc_info+0x40/0x58 [ 29.007240] __kasan_kmalloc+0xd4/0xd8 [ 29.007330] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.007374] kasan_bitops_generic+0xa0/0x1c8 [ 29.007587] kunit_try_run_case+0x170/0x3f0 [ 29.007702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.007777] kthread+0x328/0x630 [ 29.007813] ret_from_fork+0x10/0x20 [ 29.007857] [ 29.008047] The buggy address belongs to the object at fff00000c454c800 [ 29.008047] which belongs to the cache kmalloc-16 of size 16 [ 29.008153] The buggy address is located 8 bytes inside of [ 29.008153] allocated 9-byte region [fff00000c454c800, fff00000c454c809) [ 29.008246] [ 29.008370] The buggy address belongs to the physical page: [ 29.008431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c [ 29.008612] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.008824] page_type: f5(slab) [ 29.008925] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.009037] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.009146] page dumped because: kasan: bad access detected [ 29.009509] [ 29.009607] Memory state around the buggy address: [ 29.009761] fff00000c454c700: fa fb fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 29.009846] fff00000c454c780: fa fb fc fc 00 01 fc fc fa fb fc fc 00 04 fc fc [ 29.009951] >fff00000c454c800: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.010139] ^ [ 29.010240] fff00000c454c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.010353] fff00000c454c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.010542] ================================================================== [ 29.000305] ================================================================== [ 29.000352] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 29.000447] Read of size 8 at addr fff00000c454c808 by task kunit_try_catch/273 [ 29.000500] [ 29.000590] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT [ 29.000674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.000703] Hardware name: linux,dummy-virt (DT) [ 29.000735] Call trace: [ 29.000776] show_stack+0x20/0x38 (C) [ 29.000827] dump_stack_lvl+0x8c/0xd0 [ 29.000970] print_report+0x118/0x608 [ 29.001022] kasan_report+0xdc/0x128 [ 29.001068] __asan_report_load8_noabort+0x20/0x30 [ 29.001118] kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 29.001175] kasan_bitops_generic+0x11c/0x1c8 [ 29.001234] kunit_try_run_case+0x170/0x3f0 [ 29.001285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.001340] kthread+0x328/0x630 [ 29.001381] ret_from_fork+0x10/0x20 [ 29.001442] [ 29.001511] Allocated by task 273: [ 29.001554] kasan_save_stack+0x3c/0x68 [ 29.001598] kasan_save_track+0x20/0x40 [ 29.001637] kasan_save_alloc_info+0x40/0x58 [ 29.001676] __kasan_kmalloc+0xd4/0xd8 [ 29.001712] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.001754] kasan_bitops_generic+0xa0/0x1c8 [ 29.001839] kunit_try_run_case+0x170/0x3f0 [ 29.001880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.001927] kthread+0x328/0x630 [ 29.002518] ret_from_fork+0x10/0x20 [ 29.002600] [ 29.002716] The buggy address belongs to the object at fff00000c454c800 [ 29.002716] which belongs to the cache kmalloc-16 of size 16 [ 29.003172] The buggy address is located 8 bytes inside of [ 29.003172] allocated 9-byte region [fff00000c454c800, fff00000c454c809) [ 29.003413] [ 29.003439] The buggy address belongs to the physical page: [ 29.003693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c [ 29.003758] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.003869] page_type: f5(slab) [ 29.003982] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.004110] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.004155] page dumped because: kasan: bad access detected [ 29.004221] [ 29.004242] Memory state around the buggy address: [ 29.004277] fff00000c454c700: fa fb fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 29.004343] fff00000c454c780: fa fb fc fc 00 01 fc fc fa fb fc fc 00 04 fc fc [ 29.004415] >fff00000c454c800: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.004606] ^ [ 29.004653] fff00000c454c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.004701] fff00000c454c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.004820] ================================================================== [ 28.995167] ================================================================== [ 28.995414] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 28.995478] Write of size 8 at addr fff00000c454c808 by task kunit_try_catch/273 [ 28.995529] [ 28.995561] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT [ 28.995682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.995847] Hardware name: linux,dummy-virt (DT) [ 28.995893] Call trace: [ 28.995925] show_stack+0x20/0x38 (C) [ 28.995977] dump_stack_lvl+0x8c/0xd0 [ 28.996024] print_report+0x118/0x608 [ 28.996336] kasan_report+0xdc/0x128 [ 28.996451] kasan_check_range+0x100/0x1a8 [ 28.996538] __kasan_check_write+0x20/0x30 [ 28.996654] kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 28.996715] kasan_bitops_generic+0x11c/0x1c8 [ 28.996789] kunit_try_run_case+0x170/0x3f0 [ 28.996840] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.997031] kthread+0x328/0x630 [ 28.997078] ret_from_fork+0x10/0x20 [ 28.997139] [ 28.997160] Allocated by task 273: [ 28.997190] kasan_save_stack+0x3c/0x68 [ 28.997274] kasan_save_track+0x20/0x40 [ 28.997457] kasan_save_alloc_info+0x40/0x58 [ 28.997514] __kasan_kmalloc+0xd4/0xd8 [ 28.997557] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.997745] kasan_bitops_generic+0xa0/0x1c8 [ 28.997789] kunit_try_run_case+0x170/0x3f0 [ 28.997829] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.997989] kthread+0x328/0x630 [ 28.998079] ret_from_fork+0x10/0x20 [ 28.998193] [ 28.998300] The buggy address belongs to the object at fff00000c454c800 [ 28.998300] which belongs to the cache kmalloc-16 of size 16 [ 28.998391] The buggy address is located 8 bytes inside of [ 28.998391] allocated 9-byte region [fff00000c454c800, fff00000c454c809) [ 28.998552] [ 28.998630] The buggy address belongs to the physical page: [ 28.998702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c [ 28.998790] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.998881] page_type: f5(slab) [ 28.998936] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 28.999058] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.999144] page dumped because: kasan: bad access detected [ 28.999247] [ 28.999315] Memory state around the buggy address: [ 28.999348] fff00000c454c700: fa fb fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 28.999515] fff00000c454c780: fa fb fc fc 00 01 fc fc fa fb fc fc 00 04 fc fc [ 28.999563] >fff00000c454c800: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.999603] ^ [ 28.999889] fff00000c454c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.999938] fff00000c454c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.999980] ==================================================================
[ 24.178116] ================================================================== [ 24.178421] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.178772] Read of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.179297] [ 24.179392] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.179439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.179452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.179473] Call Trace: [ 24.179493] <TASK> [ 24.179511] dump_stack_lvl+0x73/0xb0 [ 24.179538] print_report+0xd1/0x650 [ 24.179558] ? __virt_addr_valid+0x1db/0x2d0 [ 24.179580] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.179629] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179655] kasan_report+0x141/0x180 [ 24.179675] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179705] __asan_report_load8_noabort+0x18/0x20 [ 24.179728] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179753] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.179786] kasan_bitops_generic+0x121/0x1c0 [ 24.179807] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.179829] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.179855] kunit_try_run_case+0x1a5/0x480 [ 24.179880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.179901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.179922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.180014] ? __kthread_parkme+0x82/0x180 [ 24.180036] ? preempt_count_sub+0x50/0x80 [ 24.180059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.180082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.180104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.180126] kthread+0x337/0x6f0 [ 24.180145] ? trace_preempt_on+0x20/0xc0 [ 24.180168] ? __pfx_kthread+0x10/0x10 [ 24.180187] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.180209] ? calculate_sigpending+0x7b/0xa0 [ 24.180231] ? __pfx_kthread+0x10/0x10 [ 24.180252] ret_from_fork+0x116/0x1d0 [ 24.180269] ? __pfx_kthread+0x10/0x10 [ 24.180289] ret_from_fork_asm+0x1a/0x30 [ 24.180317] </TASK> [ 24.180338] [ 24.188187] Allocated by task 290: [ 24.188369] kasan_save_stack+0x45/0x70 [ 24.188544] kasan_save_track+0x18/0x40 [ 24.188704] kasan_save_alloc_info+0x3b/0x50 [ 24.188856] __kasan_kmalloc+0xb7/0xc0 [ 24.188993] __kmalloc_cache_noprof+0x189/0x420 [ 24.189254] kasan_bitops_generic+0x92/0x1c0 [ 24.189455] kunit_try_run_case+0x1a5/0x480 [ 24.189688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.190279] kthread+0x337/0x6f0 [ 24.190455] ret_from_fork+0x116/0x1d0 [ 24.190625] ret_from_fork_asm+0x1a/0x30 [ 24.190756] [ 24.190824] The buggy address belongs to the object at ffff888102797f40 [ 24.190824] which belongs to the cache kmalloc-16 of size 16 [ 24.191560] The buggy address is located 8 bytes inside of [ 24.191560] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.191893] [ 24.191966] The buggy address belongs to the physical page: [ 24.192127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.192840] flags: 0x200000000000000(node=0|zone=2) [ 24.193197] page_type: f5(slab) [ 24.193317] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.193540] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.193756] page dumped because: kasan: bad access detected [ 24.193997] [ 24.194085] Memory state around the buggy address: [ 24.194306] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.194948] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.195422] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.195706] ^ [ 24.196000] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.196218] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.196431] ================================================================== [ 24.002156] ================================================================== [ 24.002886] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003188] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.003405] [ 24.003491] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.003541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.003554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.003576] Call Trace: [ 24.003591] <TASK> [ 24.003609] dump_stack_lvl+0x73/0xb0 [ 24.003635] print_report+0xd1/0x650 [ 24.003656] ? __virt_addr_valid+0x1db/0x2d0 [ 24.003678] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003703] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.003728] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003753] kasan_report+0x141/0x180 [ 24.003773] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003802] kasan_check_range+0x10c/0x1c0 [ 24.003823] __kasan_check_write+0x18/0x20 [ 24.003845] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003870] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.003902] kasan_bitops_generic+0x121/0x1c0 [ 24.003923] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.004241] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.004275] kunit_try_run_case+0x1a5/0x480 [ 24.004303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.004325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.004351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.004567] ? __kthread_parkme+0x82/0x180 [ 24.004591] ? preempt_count_sub+0x50/0x80 [ 24.004615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.004639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.004662] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.004684] kthread+0x337/0x6f0 [ 24.004702] ? trace_preempt_on+0x20/0xc0 [ 24.004728] ? __pfx_kthread+0x10/0x10 [ 24.004747] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.004769] ? calculate_sigpending+0x7b/0xa0 [ 24.004792] ? __pfx_kthread+0x10/0x10 [ 24.004885] ret_from_fork+0x116/0x1d0 [ 24.004909] ? __pfx_kthread+0x10/0x10 [ 24.004929] ret_from_fork_asm+0x1a/0x30 [ 24.004971] </TASK> [ 24.004982] [ 24.016376] Allocated by task 290: [ 24.016549] kasan_save_stack+0x45/0x70 [ 24.016737] kasan_save_track+0x18/0x40 [ 24.017411] kasan_save_alloc_info+0x3b/0x50 [ 24.017677] __kasan_kmalloc+0xb7/0xc0 [ 24.018165] __kmalloc_cache_noprof+0x189/0x420 [ 24.018376] kasan_bitops_generic+0x92/0x1c0 [ 24.018556] kunit_try_run_case+0x1a5/0x480 [ 24.018731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.019476] kthread+0x337/0x6f0 [ 24.019708] ret_from_fork+0x116/0x1d0 [ 24.020150] ret_from_fork_asm+0x1a/0x30 [ 24.020428] [ 24.020638] The buggy address belongs to the object at ffff888102797f40 [ 24.020638] which belongs to the cache kmalloc-16 of size 16 [ 24.021552] The buggy address is located 8 bytes inside of [ 24.021552] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.022381] [ 24.022480] The buggy address belongs to the physical page: [ 24.022704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.023582] flags: 0x200000000000000(node=0|zone=2) [ 24.024021] page_type: f5(slab) [ 24.024346] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.024660] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.025187] page dumped because: kasan: bad access detected [ 24.025422] [ 24.025507] Memory state around the buggy address: [ 24.025708] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.026552] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.027109] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.027405] ^ [ 24.027638] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.028364] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.028637] ================================================================== [ 24.158759] ================================================================== [ 24.160022] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161093] Read of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.161362] [ 24.161450] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.161501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.161513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.161536] Call Trace: [ 24.161556] <TASK> [ 24.161575] dump_stack_lvl+0x73/0xb0 [ 24.161602] print_report+0xd1/0x650 [ 24.161623] ? __virt_addr_valid+0x1db/0x2d0 [ 24.161645] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161671] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.161695] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161720] kasan_report+0x141/0x180 [ 24.161740] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161769] kasan_check_range+0x10c/0x1c0 [ 24.161791] __kasan_check_read+0x15/0x20 [ 24.161812] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161837] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.161870] kasan_bitops_generic+0x121/0x1c0 [ 24.161892] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.161916] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.161952] kunit_try_run_case+0x1a5/0x480 [ 24.161978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.161999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.162020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.162044] ? __kthread_parkme+0x82/0x180 [ 24.162063] ? preempt_count_sub+0x50/0x80 [ 24.162086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.162108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.162130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.162153] kthread+0x337/0x6f0 [ 24.162171] ? trace_preempt_on+0x20/0xc0 [ 24.162193] ? __pfx_kthread+0x10/0x10 [ 24.162212] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.162234] ? calculate_sigpending+0x7b/0xa0 [ 24.162256] ? __pfx_kthread+0x10/0x10 [ 24.162277] ret_from_fork+0x116/0x1d0 [ 24.162295] ? __pfx_kthread+0x10/0x10 [ 24.162314] ret_from_fork_asm+0x1a/0x30 [ 24.162343] </TASK> [ 24.162353] [ 24.169800] Allocated by task 290: [ 24.170164] kasan_save_stack+0x45/0x70 [ 24.170370] kasan_save_track+0x18/0x40 [ 24.170558] kasan_save_alloc_info+0x3b/0x50 [ 24.170760] __kasan_kmalloc+0xb7/0xc0 [ 24.171090] __kmalloc_cache_noprof+0x189/0x420 [ 24.171309] kasan_bitops_generic+0x92/0x1c0 [ 24.171482] kunit_try_run_case+0x1a5/0x480 [ 24.171622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.171786] kthread+0x337/0x6f0 [ 24.171898] ret_from_fork+0x116/0x1d0 [ 24.172088] ret_from_fork_asm+0x1a/0x30 [ 24.172355] [ 24.172488] The buggy address belongs to the object at ffff888102797f40 [ 24.172488] which belongs to the cache kmalloc-16 of size 16 [ 24.172868] The buggy address is located 8 bytes inside of [ 24.172868] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.173265] [ 24.173350] The buggy address belongs to the physical page: [ 24.173597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.173961] flags: 0x200000000000000(node=0|zone=2) [ 24.174196] page_type: f5(slab) [ 24.174533] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.175175] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.175471] page dumped because: kasan: bad access detected [ 24.175697] [ 24.175777] Memory state around the buggy address: [ 24.176024] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.176237] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.176481] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.176790] ^ [ 24.177047] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177366] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177642] ================================================================== [ 24.102648] ================================================================== [ 24.103269] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.103649] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.103870] [ 24.104051] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.104103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.104115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.104136] Call Trace: [ 24.104157] <TASK> [ 24.104175] dump_stack_lvl+0x73/0xb0 [ 24.104202] print_report+0xd1/0x650 [ 24.104223] ? __virt_addr_valid+0x1db/0x2d0 [ 24.104245] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104271] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.104295] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104320] kasan_report+0x141/0x180 [ 24.104345] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104375] kasan_check_range+0x10c/0x1c0 [ 24.104397] __kasan_check_write+0x18/0x20 [ 24.104418] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104444] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.104476] kasan_bitops_generic+0x121/0x1c0 [ 24.104498] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.104520] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.104545] kunit_try_run_case+0x1a5/0x480 [ 24.104569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.104591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.104611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.104635] ? __kthread_parkme+0x82/0x180 [ 24.104654] ? preempt_count_sub+0x50/0x80 [ 24.104677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.104699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.104721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.104744] kthread+0x337/0x6f0 [ 24.104763] ? trace_preempt_on+0x20/0xc0 [ 24.104785] ? __pfx_kthread+0x10/0x10 [ 24.104804] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.104842] ? calculate_sigpending+0x7b/0xa0 [ 24.104865] ? __pfx_kthread+0x10/0x10 [ 24.104885] ret_from_fork+0x116/0x1d0 [ 24.104903] ? __pfx_kthread+0x10/0x10 [ 24.104922] ret_from_fork_asm+0x1a/0x30 [ 24.104960] </TASK> [ 24.104970] [ 24.112754] Allocated by task 290: [ 24.112878] kasan_save_stack+0x45/0x70 [ 24.113170] kasan_save_track+0x18/0x40 [ 24.113379] kasan_save_alloc_info+0x3b/0x50 [ 24.113587] __kasan_kmalloc+0xb7/0xc0 [ 24.113772] __kmalloc_cache_noprof+0x189/0x420 [ 24.114190] kasan_bitops_generic+0x92/0x1c0 [ 24.114341] kunit_try_run_case+0x1a5/0x480 [ 24.114541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.114751] kthread+0x337/0x6f0 [ 24.114999] ret_from_fork+0x116/0x1d0 [ 24.115205] ret_from_fork_asm+0x1a/0x30 [ 24.115370] [ 24.115461] The buggy address belongs to the object at ffff888102797f40 [ 24.115461] which belongs to the cache kmalloc-16 of size 16 [ 24.116007] The buggy address is located 8 bytes inside of [ 24.116007] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.116605] [ 24.116685] The buggy address belongs to the physical page: [ 24.117082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.117322] flags: 0x200000000000000(node=0|zone=2) [ 24.117476] page_type: f5(slab) [ 24.117591] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.117922] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.118275] page dumped because: kasan: bad access detected [ 24.118628] [ 24.118726] Memory state around the buggy address: [ 24.119066] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.119278] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.119482] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.119925] ^ [ 24.120284] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.120613] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.121186] ================================================================== [ 24.079191] ================================================================== [ 24.079431] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.079830] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.080587] [ 24.080694] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.080744] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.080757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.080779] Call Trace: [ 24.080799] <TASK> [ 24.081040] dump_stack_lvl+0x73/0xb0 [ 24.081079] print_report+0xd1/0x650 [ 24.081102] ? __virt_addr_valid+0x1db/0x2d0 [ 24.081125] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.081176] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081201] kasan_report+0x141/0x180 [ 24.081222] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081252] kasan_check_range+0x10c/0x1c0 [ 24.081274] __kasan_check_write+0x18/0x20 [ 24.081296] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081320] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.081353] kasan_bitops_generic+0x121/0x1c0 [ 24.081375] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.081397] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.081423] kunit_try_run_case+0x1a5/0x480 [ 24.081449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.081469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.081490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.081514] ? __kthread_parkme+0x82/0x180 [ 24.081534] ? preempt_count_sub+0x50/0x80 [ 24.081557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.081580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.081602] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.081624] kthread+0x337/0x6f0 [ 24.081643] ? trace_preempt_on+0x20/0xc0 [ 24.081665] ? __pfx_kthread+0x10/0x10 [ 24.081687] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.081709] ? calculate_sigpending+0x7b/0xa0 [ 24.081732] ? __pfx_kthread+0x10/0x10 [ 24.081751] ret_from_fork+0x116/0x1d0 [ 24.081770] ? __pfx_kthread+0x10/0x10 [ 24.081789] ret_from_fork_asm+0x1a/0x30 [ 24.081969] </TASK> [ 24.081986] [ 24.092160] Allocated by task 290: [ 24.092532] kasan_save_stack+0x45/0x70 [ 24.092739] kasan_save_track+0x18/0x40 [ 24.093087] kasan_save_alloc_info+0x3b/0x50 [ 24.093465] __kasan_kmalloc+0xb7/0xc0 [ 24.093618] __kmalloc_cache_noprof+0x189/0x420 [ 24.094115] kasan_bitops_generic+0x92/0x1c0 [ 24.094309] kunit_try_run_case+0x1a5/0x480 [ 24.094497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.094725] kthread+0x337/0x6f0 [ 24.094864] ret_from_fork+0x116/0x1d0 [ 24.095301] ret_from_fork_asm+0x1a/0x30 [ 24.095459] [ 24.095543] The buggy address belongs to the object at ffff888102797f40 [ 24.095543] which belongs to the cache kmalloc-16 of size 16 [ 24.096323] The buggy address is located 8 bytes inside of [ 24.096323] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.097038] [ 24.097290] The buggy address belongs to the physical page: [ 24.097523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.098199] flags: 0x200000000000000(node=0|zone=2) [ 24.098413] page_type: f5(slab) [ 24.098563] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.099149] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.099460] page dumped because: kasan: bad access detected [ 24.099690] [ 24.099762] Memory state around the buggy address: [ 24.099989] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.100653] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.101137] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.101446] ^ [ 24.101672] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.101966] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.102273] ================================================================== [ 24.140153] ================================================================== [ 24.140475] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141045] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.141360] [ 24.141466] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.141514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.141527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.141549] Call Trace: [ 24.141568] <TASK> [ 24.141585] dump_stack_lvl+0x73/0xb0 [ 24.141612] print_report+0xd1/0x650 [ 24.141633] ? __virt_addr_valid+0x1db/0x2d0 [ 24.141655] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.141705] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141730] kasan_report+0x141/0x180 [ 24.141750] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141780] kasan_check_range+0x10c/0x1c0 [ 24.141801] __kasan_check_write+0x18/0x20 [ 24.141821] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141847] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.141880] kasan_bitops_generic+0x121/0x1c0 [ 24.141903] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.141925] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.141964] kunit_try_run_case+0x1a5/0x480 [ 24.141988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.142013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.142033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.142057] ? __kthread_parkme+0x82/0x180 [ 24.142078] ? preempt_count_sub+0x50/0x80 [ 24.142100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.142123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.142145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.142168] kthread+0x337/0x6f0 [ 24.142217] ? trace_preempt_on+0x20/0xc0 [ 24.142241] ? __pfx_kthread+0x10/0x10 [ 24.142261] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.142284] ? calculate_sigpending+0x7b/0xa0 [ 24.142307] ? __pfx_kthread+0x10/0x10 [ 24.142328] ret_from_fork+0x116/0x1d0 [ 24.142347] ? __pfx_kthread+0x10/0x10 [ 24.142366] ret_from_fork_asm+0x1a/0x30 [ 24.142395] </TASK> [ 24.142406] [ 24.150348] Allocated by task 290: [ 24.150544] kasan_save_stack+0x45/0x70 [ 24.150762] kasan_save_track+0x18/0x40 [ 24.150889] kasan_save_alloc_info+0x3b/0x50 [ 24.151090] __kasan_kmalloc+0xb7/0xc0 [ 24.151274] __kmalloc_cache_noprof+0x189/0x420 [ 24.151606] kasan_bitops_generic+0x92/0x1c0 [ 24.151783] kunit_try_run_case+0x1a5/0x480 [ 24.152075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.152369] kthread+0x337/0x6f0 [ 24.152482] ret_from_fork+0x116/0x1d0 [ 24.152626] ret_from_fork_asm+0x1a/0x30 [ 24.152810] [ 24.152895] The buggy address belongs to the object at ffff888102797f40 [ 24.152895] which belongs to the cache kmalloc-16 of size 16 [ 24.153318] The buggy address is located 8 bytes inside of [ 24.153318] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.154085] [ 24.154287] The buggy address belongs to the physical page: [ 24.154562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.154791] flags: 0x200000000000000(node=0|zone=2) [ 24.155093] page_type: f5(slab) [ 24.155381] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.155693] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.156053] page dumped because: kasan: bad access detected [ 24.156278] [ 24.156346] Memory state around the buggy address: [ 24.156493] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.156699] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.156971] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.157272] ^ [ 24.157517] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.158163] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.158411] ================================================================== [ 24.121633] ================================================================== [ 24.122085] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.122427] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.122718] [ 24.122826] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.122873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.122886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.122906] Call Trace: [ 24.122927] <TASK> [ 24.122955] dump_stack_lvl+0x73/0xb0 [ 24.122981] print_report+0xd1/0x650 [ 24.123002] ? __virt_addr_valid+0x1db/0x2d0 [ 24.123024] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123050] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.123075] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123100] kasan_report+0x141/0x180 [ 24.123207] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123244] kasan_check_range+0x10c/0x1c0 [ 24.123267] __kasan_check_write+0x18/0x20 [ 24.123288] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123313] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.123345] kasan_bitops_generic+0x121/0x1c0 [ 24.123367] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.123389] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.123415] kunit_try_run_case+0x1a5/0x480 [ 24.123439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.123461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.123481] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.123505] ? __kthread_parkme+0x82/0x180 [ 24.123525] ? preempt_count_sub+0x50/0x80 [ 24.123547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.123570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.123592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.123614] kthread+0x337/0x6f0 [ 24.123633] ? trace_preempt_on+0x20/0xc0 [ 24.123656] ? __pfx_kthread+0x10/0x10 [ 24.123675] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.123696] ? calculate_sigpending+0x7b/0xa0 [ 24.123719] ? __pfx_kthread+0x10/0x10 [ 24.123739] ret_from_fork+0x116/0x1d0 [ 24.123757] ? __pfx_kthread+0x10/0x10 [ 24.123776] ret_from_fork_asm+0x1a/0x30 [ 24.123805] </TASK> [ 24.123854] [ 24.131577] Allocated by task 290: [ 24.131706] kasan_save_stack+0x45/0x70 [ 24.131868] kasan_save_track+0x18/0x40 [ 24.132057] kasan_save_alloc_info+0x3b/0x50 [ 24.132357] __kasan_kmalloc+0xb7/0xc0 [ 24.132582] __kmalloc_cache_noprof+0x189/0x420 [ 24.132782] kasan_bitops_generic+0x92/0x1c0 [ 24.133003] kunit_try_run_case+0x1a5/0x480 [ 24.133377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.133602] kthread+0x337/0x6f0 [ 24.133749] ret_from_fork+0x116/0x1d0 [ 24.133977] ret_from_fork_asm+0x1a/0x30 [ 24.134180] [ 24.134246] The buggy address belongs to the object at ffff888102797f40 [ 24.134246] which belongs to the cache kmalloc-16 of size 16 [ 24.134701] The buggy address is located 8 bytes inside of [ 24.134701] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.135046] [ 24.135110] The buggy address belongs to the physical page: [ 24.135274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.135503] flags: 0x200000000000000(node=0|zone=2) [ 24.135687] page_type: f5(slab) [ 24.135847] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.136345] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.137105] page dumped because: kasan: bad access detected [ 24.137328] [ 24.137392] Memory state around the buggy address: [ 24.137540] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.137746] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.138301] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.138610] ^ [ 24.138951] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.139404] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.139681] ================================================================== [ 24.054686] ================================================================== [ 24.054967] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.055505] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.056203] [ 24.056453] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.056507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.056520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.056601] Call Trace: [ 24.056675] <TASK> [ 24.056697] dump_stack_lvl+0x73/0xb0 [ 24.056727] print_report+0xd1/0x650 [ 24.056748] ? __virt_addr_valid+0x1db/0x2d0 [ 24.056772] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.056797] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.056893] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.056918] kasan_report+0x141/0x180 [ 24.056953] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.056982] kasan_check_range+0x10c/0x1c0 [ 24.057003] __kasan_check_write+0x18/0x20 [ 24.057026] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.057052] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.057084] kasan_bitops_generic+0x121/0x1c0 [ 24.057106] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.057128] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.057154] kunit_try_run_case+0x1a5/0x480 [ 24.057179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.057200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.057220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.057245] ? __kthread_parkme+0x82/0x180 [ 24.057266] ? preempt_count_sub+0x50/0x80 [ 24.057287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.057310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.057332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.057355] kthread+0x337/0x6f0 [ 24.057373] ? trace_preempt_on+0x20/0xc0 [ 24.057396] ? __pfx_kthread+0x10/0x10 [ 24.057415] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.057437] ? calculate_sigpending+0x7b/0xa0 [ 24.057459] ? __pfx_kthread+0x10/0x10 [ 24.057479] ret_from_fork+0x116/0x1d0 [ 24.057499] ? __pfx_kthread+0x10/0x10 [ 24.057518] ret_from_fork_asm+0x1a/0x30 [ 24.057548] </TASK> [ 24.057558] [ 24.067729] Allocated by task 290: [ 24.067890] kasan_save_stack+0x45/0x70 [ 24.068405] kasan_save_track+0x18/0x40 [ 24.068580] kasan_save_alloc_info+0x3b/0x50 [ 24.068893] __kasan_kmalloc+0xb7/0xc0 [ 24.069073] __kmalloc_cache_noprof+0x189/0x420 [ 24.069526] kasan_bitops_generic+0x92/0x1c0 [ 24.069764] kunit_try_run_case+0x1a5/0x480 [ 24.070129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.070569] kthread+0x337/0x6f0 [ 24.070899] ret_from_fork+0x116/0x1d0 [ 24.071098] ret_from_fork_asm+0x1a/0x30 [ 24.071433] [ 24.071530] The buggy address belongs to the object at ffff888102797f40 [ 24.071530] which belongs to the cache kmalloc-16 of size 16 [ 24.072277] The buggy address is located 8 bytes inside of [ 24.072277] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.072832] [ 24.072924] The buggy address belongs to the physical page: [ 24.073454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.073780] flags: 0x200000000000000(node=0|zone=2) [ 24.074249] page_type: f5(slab) [ 24.074388] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.074713] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.075328] page dumped because: kasan: bad access detected [ 24.075558] [ 24.075783] Memory state around the buggy address: [ 24.076114] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.076374] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.076678] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.077264] ^ [ 24.077482] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.078006] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.078323] ================================================================== [ 24.029459] ================================================================== [ 24.029758] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.030220] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.030540] [ 24.030637] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.030687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.030699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.030721] Call Trace: [ 24.030741] <TASK> [ 24.030759] dump_stack_lvl+0x73/0xb0 [ 24.030787] print_report+0xd1/0x650 [ 24.030808] ? __virt_addr_valid+0x1db/0x2d0 [ 24.030927] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.030967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.030991] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.031017] kasan_report+0x141/0x180 [ 24.031038] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.031067] kasan_check_range+0x10c/0x1c0 [ 24.031089] __kasan_check_write+0x18/0x20 [ 24.031110] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.031135] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.031168] kasan_bitops_generic+0x121/0x1c0 [ 24.031189] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.031211] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.031236] kunit_try_run_case+0x1a5/0x480 [ 24.031260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.031282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.031303] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.031327] ? __kthread_parkme+0x82/0x180 [ 24.031347] ? preempt_count_sub+0x50/0x80 [ 24.031370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.031393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.031415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.031437] kthread+0x337/0x6f0 [ 24.031456] ? trace_preempt_on+0x20/0xc0 [ 24.031479] ? __pfx_kthread+0x10/0x10 [ 24.031498] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.031519] ? calculate_sigpending+0x7b/0xa0 [ 24.031542] ? __pfx_kthread+0x10/0x10 [ 24.031563] ret_from_fork+0x116/0x1d0 [ 24.031581] ? __pfx_kthread+0x10/0x10 [ 24.031600] ret_from_fork_asm+0x1a/0x30 [ 24.031628] </TASK> [ 24.031639] [ 24.042283] Allocated by task 290: [ 24.042972] kasan_save_stack+0x45/0x70 [ 24.043349] kasan_save_track+0x18/0x40 [ 24.043522] kasan_save_alloc_info+0x3b/0x50 [ 24.043715] __kasan_kmalloc+0xb7/0xc0 [ 24.044296] __kmalloc_cache_noprof+0x189/0x420 [ 24.044680] kasan_bitops_generic+0x92/0x1c0 [ 24.045049] kunit_try_run_case+0x1a5/0x480 [ 24.045315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.045552] kthread+0x337/0x6f0 [ 24.045701] ret_from_fork+0x116/0x1d0 [ 24.045858] ret_from_fork_asm+0x1a/0x30 [ 24.046485] [ 24.046562] The buggy address belongs to the object at ffff888102797f40 [ 24.046562] which belongs to the cache kmalloc-16 of size 16 [ 24.047053] The buggy address is located 8 bytes inside of [ 24.047053] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.048025] [ 24.048112] The buggy address belongs to the physical page: [ 24.048549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.049063] flags: 0x200000000000000(node=0|zone=2) [ 24.049389] page_type: f5(slab) [ 24.049544] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.050231] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.050670] page dumped because: kasan: bad access detected [ 24.051083] [ 24.051167] Memory state around the buggy address: [ 24.051471] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.051779] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.052402] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.052805] ^ [ 24.053236] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.053526] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.053811] ==================================================================