Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 53.785737] ================================================================== [ 53.793056] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 53.801330] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 53.808821] [ 53.810347] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 53.810375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 53.810383] Hardware name: Thundercomm Dragonboard 845c (DT) [ 53.810393] Call trace: [ 53.810399] show_stack+0x20/0x38 (C) [ 53.810416] dump_stack_lvl+0x8c/0xd0 [ 53.810434] print_report+0x118/0x608 [ 53.810453] kasan_report+0xdc/0x128 [ 53.810472] kasan_check_range+0x100/0x1a8 [ 53.810492] __kasan_check_write+0x20/0x30 [ 53.810507] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 53.810527] kasan_bitops_generic+0x110/0x1c8 [ 53.810545] kunit_try_run_case+0x170/0x3f0 [ 53.810562] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.810582] kthread+0x328/0x630 [ 53.810596] ret_from_fork+0x10/0x20 [ 53.810613] [ 53.885238] Allocated by task 347: [ 53.888688] kasan_save_stack+0x3c/0x68 [ 53.892590] kasan_save_track+0x20/0x40 [ 53.896493] kasan_save_alloc_info+0x40/0x58 [ 53.900827] __kasan_kmalloc+0xd4/0xd8 [ 53.904640] __kmalloc_cache_noprof+0x16c/0x3c0 [ 53.909236] kasan_bitops_generic+0xa0/0x1c8 [ 53.913572] kunit_try_run_case+0x170/0x3f0 [ 53.917820] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.923383] kthread+0x328/0x630 [ 53.926667] ret_from_fork+0x10/0x20 [ 53.930307] [ 53.931836] The buggy address belongs to the object at ffff000093276b80 [ 53.931836] which belongs to the cache kmalloc-16 of size 16 [ 53.944311] The buggy address is located 8 bytes inside of [ 53.944311] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 53.956704] [ 53.958226] The buggy address belongs to the physical page: [ 53.963872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 53.971979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 53.978594] page_type: f5(slab) [ 53.981788] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 53.989625] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 53.997456] page dumped because: kasan: bad access detected [ 54.003099] [ 54.004628] Memory state around the buggy address: [ 54.009488] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 54.016801] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.024115] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.031428] ^ [ 54.034968] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.042282] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.049594] ================================================================== [ 54.056995] ================================================================== [ 54.064310] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 54.072589] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 54.079994] [ 54.081519] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 54.081548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.081556] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.081566] Call trace: [ 54.081573] show_stack+0x20/0x38 (C) [ 54.081591] dump_stack_lvl+0x8c/0xd0 [ 54.081610] print_report+0x118/0x608 [ 54.081628] kasan_report+0xdc/0x128 [ 54.081646] __asan_report_load8_noabort+0x20/0x30 [ 54.081663] kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 54.081682] kasan_bitops_generic+0x110/0x1c8 [ 54.081700] kunit_try_run_case+0x170/0x3f0 [ 54.081718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.081738] kthread+0x328/0x630 [ 54.081753] ret_from_fork+0x10/0x20 [ 54.081770] [ 54.152985] Allocated by task 347: [ 54.156436] kasan_save_stack+0x3c/0x68 [ 54.160341] kasan_save_track+0x20/0x40 [ 54.164244] kasan_save_alloc_info+0x40/0x58 [ 54.168578] __kasan_kmalloc+0xd4/0xd8 [ 54.172393] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.176990] kasan_bitops_generic+0xa0/0x1c8 [ 54.181326] kunit_try_run_case+0x170/0x3f0 [ 54.185575] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.191140] kthread+0x328/0x630 [ 54.194421] ret_from_fork+0x10/0x20 [ 54.198051] [ 54.199581] The buggy address belongs to the object at ffff000093276b80 [ 54.199581] which belongs to the cache kmalloc-16 of size 16 [ 54.212055] The buggy address is located 8 bytes inside of [ 54.212055] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 54.224446] [ 54.225970] The buggy address belongs to the physical page: [ 54.231616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 54.239715] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.246329] page_type: f5(slab) [ 54.249524] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.257362] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.265195] page dumped because: kasan: bad access detected [ 54.270837] [ 54.272365] Memory state around the buggy address: [ 54.277225] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 54.284541] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.291854] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.299160] ^ [ 54.302698] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.310009] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.317323] ================================================================== [ 55.134835] ================================================================== [ 55.142146] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 55.150421] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 55.157910] [ 55.159436] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 55.159464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.159471] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.159481] Call trace: [ 55.159487] show_stack+0x20/0x38 (C) [ 55.159503] dump_stack_lvl+0x8c/0xd0 [ 55.159520] print_report+0x118/0x608 [ 55.159538] kasan_report+0xdc/0x128 [ 55.159556] kasan_check_range+0x100/0x1a8 [ 55.159575] __kasan_check_write+0x20/0x30 [ 55.159590] kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 55.159609] kasan_bitops_generic+0x110/0x1c8 [ 55.159626] kunit_try_run_case+0x170/0x3f0 [ 55.159643] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.159664] kthread+0x328/0x630 [ 55.159677] ret_from_fork+0x10/0x20 [ 55.159693] [ 55.234326] Allocated by task 347: [ 55.237782] kasan_save_stack+0x3c/0x68 [ 55.241680] kasan_save_track+0x20/0x40 [ 55.245577] kasan_save_alloc_info+0x40/0x58 [ 55.249915] __kasan_kmalloc+0xd4/0xd8 [ 55.253724] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.258325] kasan_bitops_generic+0xa0/0x1c8 [ 55.262666] kunit_try_run_case+0x170/0x3f0 [ 55.266919] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.272478] kthread+0x328/0x630 [ 55.275764] ret_from_fork+0x10/0x20 [ 55.279398] [ 55.280921] The buggy address belongs to the object at ffff000093276b80 [ 55.280921] which belongs to the cache kmalloc-16 of size 16 [ 55.293400] The buggy address is located 8 bytes inside of [ 55.293400] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 55.305796] [ 55.307319] The buggy address belongs to the physical page: [ 55.312965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 55.321062] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.327670] page_type: f5(slab) [ 55.330869] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.338707] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.346539] page dumped because: kasan: bad access detected [ 55.352185] [ 55.353707] Memory state around the buggy address: [ 55.358562] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 55.365875] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.373188] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.380499] ^ [ 55.384042] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.391354] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.398664] ================================================================== [ 54.324681] ================================================================== [ 54.331995] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 54.340271] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 54.347760] [ 54.349285] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 54.349313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.349321] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.349331] Call trace: [ 54.349337] show_stack+0x20/0x38 (C) [ 54.349354] dump_stack_lvl+0x8c/0xd0 [ 54.349372] print_report+0x118/0x608 [ 54.349391] kasan_report+0xdc/0x128 [ 54.349409] kasan_check_range+0x100/0x1a8 [ 54.349429] __kasan_check_write+0x20/0x30 [ 54.349444] kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 54.349463] kasan_bitops_generic+0x110/0x1c8 [ 54.349480] kunit_try_run_case+0x170/0x3f0 [ 54.349497] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.349518] kthread+0x328/0x630 [ 54.349531] ret_from_fork+0x10/0x20 [ 54.349547] [ 54.424212] Allocated by task 347: [ 54.427663] kasan_save_stack+0x3c/0x68 [ 54.431567] kasan_save_track+0x20/0x40 [ 54.435461] kasan_save_alloc_info+0x40/0x58 [ 54.439792] __kasan_kmalloc+0xd4/0xd8 [ 54.443609] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.448206] kasan_bitops_generic+0xa0/0x1c8 [ 54.452542] kunit_try_run_case+0x170/0x3f0 [ 54.456791] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.462357] kthread+0x328/0x630 [ 54.465637] ret_from_fork+0x10/0x20 [ 54.469268] [ 54.470791] The buggy address belongs to the object at ffff000093276b80 [ 54.470791] which belongs to the cache kmalloc-16 of size 16 [ 54.483267] The buggy address is located 8 bytes inside of [ 54.483267] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 54.495656] [ 54.497180] The buggy address belongs to the physical page: [ 54.502820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 54.510917] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.517529] page_type: f5(slab) [ 54.520723] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.528562] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.536395] page dumped because: kasan: bad access detected [ 54.542037] [ 54.543567] Memory state around the buggy address: [ 54.548417] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 54.555731] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.563037] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.570349] ^ [ 54.573887] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.581202] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.588515] ================================================================== [ 54.595873] ================================================================== [ 54.603190] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 54.611464] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 54.618947] [ 54.620473] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 54.620502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.620511] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.620521] Call trace: [ 54.620527] show_stack+0x20/0x38 (C) [ 54.620544] dump_stack_lvl+0x8c/0xd0 [ 54.620561] print_report+0x118/0x608 [ 54.620581] kasan_report+0xdc/0x128 [ 54.620599] kasan_check_range+0x100/0x1a8 [ 54.620617] __kasan_check_write+0x20/0x30 [ 54.620634] kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 54.620653] kasan_bitops_generic+0x110/0x1c8 [ 54.620671] kunit_try_run_case+0x170/0x3f0 [ 54.620688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.620707] kthread+0x328/0x630 [ 54.620721] ret_from_fork+0x10/0x20 [ 54.620738] [ 54.695380] Allocated by task 347: [ 54.698837] kasan_save_stack+0x3c/0x68 [ 54.702736] kasan_save_track+0x20/0x40 [ 54.706633] kasan_save_alloc_info+0x40/0x58 [ 54.710970] __kasan_kmalloc+0xd4/0xd8 [ 54.714779] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.719381] kasan_bitops_generic+0xa0/0x1c8 [ 54.723721] kunit_try_run_case+0x170/0x3f0 [ 54.727975] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.733544] kthread+0x328/0x630 [ 54.736830] ret_from_fork+0x10/0x20 [ 54.740466] [ 54.741989] The buggy address belongs to the object at ffff000093276b80 [ 54.741989] which belongs to the cache kmalloc-16 of size 16 [ 54.754469] The buggy address is located 8 bytes inside of [ 54.754469] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 54.766865] [ 54.768388] The buggy address belongs to the physical page: [ 54.774034] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 54.782132] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.788740] page_type: f5(slab) [ 54.791940] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.799777] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.807611] page dumped because: kasan: bad access detected [ 54.813258] [ 54.814781] Memory state around the buggy address: [ 54.819637] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 54.826950] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.834263] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.841573] ^ [ 54.845116] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.852428] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.859739] ================================================================== [ 54.867113] ================================================================== [ 54.874428] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 54.882703] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 54.890107] [ 54.891634] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 54.891662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.891669] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.891680] Call trace: [ 54.891686] show_stack+0x20/0x38 (C) [ 54.891704] dump_stack_lvl+0x8c/0xd0 [ 54.891722] print_report+0x118/0x608 [ 54.891741] kasan_report+0xdc/0x128 [ 54.891760] __asan_report_load8_noabort+0x20/0x30 [ 54.891776] kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 54.891796] kasan_bitops_generic+0x110/0x1c8 [ 54.891815] kunit_try_run_case+0x170/0x3f0 [ 54.891832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.891853] kthread+0x328/0x630 [ 54.891867] ret_from_fork+0x10/0x20 [ 54.891883] [ 54.963094] Allocated by task 347: [ 54.966550] kasan_save_stack+0x3c/0x68 [ 54.970448] kasan_save_track+0x20/0x40 [ 54.974347] kasan_save_alloc_info+0x40/0x58 [ 54.978685] __kasan_kmalloc+0xd4/0xd8 [ 54.982493] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.987096] kasan_bitops_generic+0xa0/0x1c8 [ 54.991438] kunit_try_run_case+0x170/0x3f0 [ 54.995692] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.001250] kthread+0x328/0x630 [ 55.004536] ret_from_fork+0x10/0x20 [ 55.008171] [ 55.009693] The buggy address belongs to the object at ffff000093276b80 [ 55.009693] which belongs to the cache kmalloc-16 of size 16 [ 55.022174] The buggy address is located 8 bytes inside of [ 55.022174] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 55.034571] [ 55.036095] The buggy address belongs to the physical page: [ 55.041740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 55.049838] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.056447] page_type: f5(slab) [ 55.059648] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.067485] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.075320] page dumped because: kasan: bad access detected [ 55.080969] [ 55.082491] Memory state around the buggy address: [ 55.087347] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 55.094661] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.101975] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.109287] ^ [ 55.112830] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.120143] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.127454] ================================================================== [ 55.406033] ================================================================== [ 55.413346] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 55.421621] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 55.429111] [ 55.430636] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 55.430665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.430672] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.430682] Call trace: [ 55.430687] show_stack+0x20/0x38 (C) [ 55.430704] dump_stack_lvl+0x8c/0xd0 [ 55.430722] print_report+0x118/0x608 [ 55.430740] kasan_report+0xdc/0x128 [ 55.430757] kasan_check_range+0x100/0x1a8 [ 55.430777] __kasan_check_write+0x20/0x30 [ 55.430793] kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 55.430811] kasan_bitops_generic+0x110/0x1c8 [ 55.430829] kunit_try_run_case+0x170/0x3f0 [ 55.430846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.430867] kthread+0x328/0x630 [ 55.430880] ret_from_fork+0x10/0x20 [ 55.430896] [ 55.505530] Allocated by task 347: [ 55.508986] kasan_save_stack+0x3c/0x68 [ 55.512884] kasan_save_track+0x20/0x40 [ 55.516781] kasan_save_alloc_info+0x40/0x58 [ 55.521119] __kasan_kmalloc+0xd4/0xd8 [ 55.524928] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.529530] kasan_bitops_generic+0xa0/0x1c8 [ 55.533871] kunit_try_run_case+0x170/0x3f0 [ 55.538124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.543693] kthread+0x328/0x630 [ 55.546979] ret_from_fork+0x10/0x20 [ 55.550614] [ 55.552136] The buggy address belongs to the object at ffff000093276b80 [ 55.552136] which belongs to the cache kmalloc-16 of size 16 [ 55.564617] The buggy address is located 8 bytes inside of [ 55.564617] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 55.577013] [ 55.578536] The buggy address belongs to the physical page: [ 55.584184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 55.592280] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.598889] page_type: f5(slab) [ 55.602088] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.609925] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.617759] page dumped because: kasan: bad access detected [ 55.623407] [ 55.624930] Memory state around the buggy address: [ 55.629785] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 55.637097] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.644412] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.651723] ^ [ 55.655267] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.662579] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.669892] ================================================================== [ 53.242874] ================================================================== [ 53.254084] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 53.262377] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 53.269869] [ 53.271406] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 53.271437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 53.271445] Hardware name: Thundercomm Dragonboard 845c (DT) [ 53.271457] Call trace: [ 53.271464] show_stack+0x20/0x38 (C) [ 53.271482] dump_stack_lvl+0x8c/0xd0 [ 53.271500] print_report+0x118/0x608 [ 53.271519] kasan_report+0xdc/0x128 [ 53.271537] kasan_check_range+0x100/0x1a8 [ 53.271557] __kasan_check_write+0x20/0x30 [ 53.271573] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 53.271591] kasan_bitops_generic+0x110/0x1c8 [ 53.271609] kunit_try_run_case+0x170/0x3f0 [ 53.271628] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.271649] kthread+0x328/0x630 [ 53.271663] ret_from_fork+0x10/0x20 [ 53.271680] [ 53.346306] Allocated by task 347: [ 53.349768] kasan_save_stack+0x3c/0x68 [ 53.353675] kasan_save_track+0x20/0x40 [ 53.357580] kasan_save_alloc_info+0x40/0x58 [ 53.361914] __kasan_kmalloc+0xd4/0xd8 [ 53.365729] __kmalloc_cache_noprof+0x16c/0x3c0 [ 53.370327] kasan_bitops_generic+0xa0/0x1c8 [ 53.374662] kunit_try_run_case+0x170/0x3f0 [ 53.378911] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.384479] kthread+0x328/0x630 [ 53.387760] ret_from_fork+0x10/0x20 [ 53.391401] [ 53.392933] The buggy address belongs to the object at ffff000093276b80 [ 53.392933] which belongs to the cache kmalloc-16 of size 16 [ 53.405411] The buggy address is located 8 bytes inside of [ 53.405411] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 53.417804] [ 53.419337] The buggy address belongs to the physical page: [ 53.424977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 53.433076] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 53.439688] page_type: f5(slab) [ 53.442890] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 53.450729] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 53.458563] page dumped because: kasan: bad access detected [ 53.464211] [ 53.465734] Memory state around the buggy address: [ 53.470597] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 53.477912] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 53.485226] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.492540] ^ [ 53.496079] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.503395] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.510698] ================================================================== [ 55.677270] ================================================================== [ 55.684582] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 55.692858] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 55.700261] [ 55.701786] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 55.701815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.701823] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.701834] Call trace: [ 55.701839] show_stack+0x20/0x38 (C) [ 55.701856] dump_stack_lvl+0x8c/0xd0 [ 55.701874] print_report+0x118/0x608 [ 55.701893] kasan_report+0xdc/0x128 [ 55.701911] __asan_report_load8_noabort+0x20/0x30 [ 55.701926] kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 55.701946] kasan_bitops_generic+0x110/0x1c8 [ 55.701964] kunit_try_run_case+0x170/0x3f0 [ 55.701980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.702000] kthread+0x328/0x630 [ 55.702013] ret_from_fork+0x10/0x20 [ 55.702030] [ 55.773220] Allocated by task 347: [ 55.776677] kasan_save_stack+0x3c/0x68 [ 55.780575] kasan_save_track+0x20/0x40 [ 55.784472] kasan_save_alloc_info+0x40/0x58 [ 55.788810] __kasan_kmalloc+0xd4/0xd8 [ 55.792619] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.797220] kasan_bitops_generic+0xa0/0x1c8 [ 55.801561] kunit_try_run_case+0x170/0x3f0 [ 55.805814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.811384] kthread+0x328/0x630 [ 55.814669] ret_from_fork+0x10/0x20 [ 55.818303] [ 55.819826] The buggy address belongs to the object at ffff000093276b80 [ 55.819826] which belongs to the cache kmalloc-16 of size 16 [ 55.832305] The buggy address is located 8 bytes inside of [ 55.832305] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 55.844701] [ 55.846224] The buggy address belongs to the physical page: [ 55.851871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 55.859968] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.866577] page_type: f5(slab) [ 55.869776] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.877614] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.885447] page dumped because: kasan: bad access detected [ 55.891093] [ 55.892615] Memory state around the buggy address: [ 55.897471] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 55.904783] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.912096] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.919407] ^ [ 55.922950] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.930263] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.937574] ================================================================== [ 53.518067] ================================================================== [ 53.525384] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 53.533662] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 53.541065] [ 53.542592] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 53.542621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 53.542630] Hardware name: Thundercomm Dragonboard 845c (DT) [ 53.542640] Call trace: [ 53.542647] show_stack+0x20/0x38 (C) [ 53.542665] dump_stack_lvl+0x8c/0xd0 [ 53.542683] print_report+0x118/0x608 [ 53.542703] kasan_report+0xdc/0x128 [ 53.542722] __asan_report_load8_noabort+0x20/0x30 [ 53.542740] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 53.542760] kasan_bitops_generic+0x110/0x1c8 [ 53.542779] kunit_try_run_case+0x170/0x3f0 [ 53.542797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.542818] kthread+0x328/0x630 [ 53.542832] ret_from_fork+0x10/0x20 [ 53.542849] [ 53.614034] Allocated by task 347: [ 53.617485] kasan_save_stack+0x3c/0x68 [ 53.621389] kasan_save_track+0x20/0x40 [ 53.625293] kasan_save_alloc_info+0x40/0x58 [ 53.629627] __kasan_kmalloc+0xd4/0xd8 [ 53.633441] __kmalloc_cache_noprof+0x16c/0x3c0 [ 53.638038] kasan_bitops_generic+0xa0/0x1c8 [ 53.642375] kunit_try_run_case+0x170/0x3f0 [ 53.646623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 53.652182] kthread+0x328/0x630 [ 53.655466] ret_from_fork+0x10/0x20 [ 53.659097] [ 53.660626] The buggy address belongs to the object at ffff000093276b80 [ 53.660626] which belongs to the cache kmalloc-16 of size 16 [ 53.673102] The buggy address is located 8 bytes inside of [ 53.673102] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 53.685494] [ 53.687017] The buggy address belongs to the physical page: [ 53.692665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 53.700765] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 53.707376] page_type: f5(slab) [ 53.710575] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 53.718413] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 53.726249] page dumped because: kasan: bad access detected [ 53.731896] [ 53.733419] Memory state around the buggy address: [ 53.738271] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 53.745584] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 53.752898] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.760210] ^ [ 53.763757] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.771066] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.778375] ==================================================================
[ 29.119433] ================================================================== [ 29.119826] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 29.119907] Write of size 8 at addr fff00000c16b9cc8 by task kunit_try_catch/273 [ 29.119960] [ 29.119995] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 29.120473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.120667] Hardware name: linux,dummy-virt (DT) [ 29.120731] Call trace: [ 29.120791] show_stack+0x20/0x38 (C) [ 29.120949] dump_stack_lvl+0x8c/0xd0 [ 29.121343] print_report+0x118/0x608 [ 29.121415] kasan_report+0xdc/0x128 [ 29.121831] kasan_check_range+0x100/0x1a8 [ 29.121992] __kasan_check_write+0x20/0x30 [ 29.122105] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 29.122351] kasan_bitops_generic+0x110/0x1c8 [ 29.122630] kunit_try_run_case+0x170/0x3f0 [ 29.122705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.122910] kthread+0x328/0x630 [ 29.123114] ret_from_fork+0x10/0x20 [ 29.123293] [ 29.123609] Allocated by task 273: [ 29.123839] kasan_save_stack+0x3c/0x68 [ 29.124039] kasan_save_track+0x20/0x40 [ 29.124097] kasan_save_alloc_info+0x40/0x58 [ 29.124477] __kasan_kmalloc+0xd4/0xd8 [ 29.124740] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.124963] kasan_bitops_generic+0xa0/0x1c8 [ 29.125022] kunit_try_run_case+0x170/0x3f0 [ 29.125224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.125279] kthread+0x328/0x630 [ 29.125533] ret_from_fork+0x10/0x20 [ 29.125734] [ 29.125853] The buggy address belongs to the object at fff00000c16b9cc0 [ 29.125853] which belongs to the cache kmalloc-16 of size 16 [ 29.126250] The buggy address is located 8 bytes inside of [ 29.126250] allocated 9-byte region [fff00000c16b9cc0, fff00000c16b9cc9) [ 29.126426] [ 29.126468] The buggy address belongs to the physical page: [ 29.126509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c16b9ba0 pfn:0x1016b9 [ 29.126580] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.126642] page_type: f5(slab) [ 29.126683] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.126737] raw: fff00000c16b9ba0 000000008080007f 00000000f5000000 0000000000000000 [ 29.126790] page dumped because: kasan: bad access detected [ 29.126824] [ 29.126853] Memory state around the buggy address: [ 29.126887] fff00000c16b9b80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.126939] fff00000c16b9c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.126985] >fff00000c16b9c80: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 29.127040] ^ [ 29.127090] fff00000c16b9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.127152] fff00000c16b9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.127192] ================================================================== [ 29.132673] ================================================================== [ 29.133132] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 29.133354] Read of size 8 at addr fff00000c16b9cc8 by task kunit_try_catch/273 [ 29.133541] [ 29.133585] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 29.133767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.133801] Hardware name: linux,dummy-virt (DT) [ 29.133870] Call trace: [ 29.133897] show_stack+0x20/0x38 (C) [ 29.134014] dump_stack_lvl+0x8c/0xd0 [ 29.134078] print_report+0x118/0x608 [ 29.134274] kasan_report+0xdc/0x128 [ 29.134534] __asan_report_load8_noabort+0x20/0x30 [ 29.134605] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 29.134858] kasan_bitops_generic+0x110/0x1c8 [ 29.135018] kunit_try_run_case+0x170/0x3f0 [ 29.135276] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.135494] kthread+0x328/0x630 [ 29.135611] ret_from_fork+0x10/0x20 [ 29.135675] [ 29.135696] Allocated by task 273: [ 29.135729] kasan_save_stack+0x3c/0x68 [ 29.135783] kasan_save_track+0x20/0x40 [ 29.135990] kasan_save_alloc_info+0x40/0x58 [ 29.136124] __kasan_kmalloc+0xd4/0xd8 [ 29.136428] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.136594] kasan_bitops_generic+0xa0/0x1c8 [ 29.136694] kunit_try_run_case+0x170/0x3f0 [ 29.136735] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.136801] kthread+0x328/0x630 [ 29.137015] ret_from_fork+0x10/0x20 [ 29.137220] [ 29.137398] The buggy address belongs to the object at fff00000c16b9cc0 [ 29.137398] which belongs to the cache kmalloc-16 of size 16 [ 29.137535] The buggy address is located 8 bytes inside of [ 29.137535] allocated 9-byte region [fff00000c16b9cc0, fff00000c16b9cc9) [ 29.137640] [ 29.137662] The buggy address belongs to the physical page: [ 29.137743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c16b9ba0 pfn:0x1016b9 [ 29.137959] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.138080] page_type: f5(slab) [ 29.138237] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.138695] raw: fff00000c16b9ba0 000000008080007f 00000000f5000000 0000000000000000 [ 29.138781] page dumped because: kasan: bad access detected [ 29.138914] [ 29.138957] Memory state around the buggy address: [ 29.139192] fff00000c16b9b80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.139415] fff00000c16b9c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.139526] >fff00000c16b9c80: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 29.139656] ^ [ 29.139713] fff00000c16b9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.139892] fff00000c16b9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.139981] ================================================================== [ 29.141753] ================================================================== [ 29.141809] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 29.141865] Write of size 8 at addr fff00000c16b9cc8 by task kunit_try_catch/273 [ 29.141918] [ 29.142309] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 29.142519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.142553] Hardware name: linux,dummy-virt (DT) [ 29.142633] Call trace: [ 29.142661] show_stack+0x20/0x38 (C) [ 29.142982] dump_stack_lvl+0x8c/0xd0 [ 29.143043] print_report+0x118/0x608 [ 29.143103] kasan_report+0xdc/0x128 [ 29.143151] kasan_check_range+0x100/0x1a8 [ 29.143201] __kasan_check_write+0x20/0x30 [ 29.143268] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 29.143323] kasan_bitops_generic+0x110/0x1c8 [ 29.144584] kasan_bitops_generic+0xa0/0x1c8 [ 29.145344] [ 29.145949] The buggy address belongs to the physical page: [ 29.148153] fff00000c16b9c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.150463] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 29.151411] Call trace: [ 29.151662] __asan_report_load8_noabort+0x20/0x30 [ 29.151939] kthread+0x328/0x630 [ 29.152985] kasan_save_alloc_info+0x40/0x58 [ 29.153813] kunit_try_run_case+0x170/0x3f0 [ 29.154484] [ 29.154993] [ 29.155199] The buggy address belongs to the physical page: [ 29.155352] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.155497] raw: fff00000c16b9ba0 000000008080007f 00000000f5000000 0000000000000000 [ 29.156154] fff00000c16b9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.158597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.159476] kasan_report+0xdc/0x128 [ 29.159674] kasan_check_range+0x100/0x1a8 [ 29.159877] __kasan_check_write+0x20/0x30 [ 29.160764] ret_from_fork+0x10/0x20 [ 29.161658] kasan_save_alloc_info+0x40/0x58 [ 29.161867] kunit_try_run_case+0x170/0x3f0 [ 29.162015] ret_from_fork+0x10/0x20 [ 29.162249] [ 29.162284] The buggy address belongs to the physical page: [ 29.162435] page_type: f5(slab) [ 29.162709] fff00000c16b9c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.165980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.166260] dump_stack_lvl+0x8c/0xd0 [ 29.166615] print_report+0x118/0x608 [ 29.166731] kasan_report+0xdc/0x128 [ 29.167093] kasan_bitops_generic+0x110/0x1c8 [ 29.168153] kasan_save_stack+0x3c/0x68 [ 29.168540] kasan_save_alloc_info+0x40/0x58 [ 29.169814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.170919] The buggy address is located 8 bytes inside of [ 29.170919] allocated 9-byte region [fff00000c16b9cc0, fff00000c16b9cc9) [ 29.172122] page_type: f5(slab) [ 29.173221] fff00000c16b9b80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.174167] ==================================================================
[ 24.354080] ================================================================== [ 24.354743] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355070] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.355304] [ 24.355484] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.355531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.355543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.355564] Call Trace: [ 24.355585] <TASK> [ 24.355602] dump_stack_lvl+0x73/0xb0 [ 24.355630] print_report+0xd1/0x650 [ 24.355651] ? __virt_addr_valid+0x1db/0x2d0 [ 24.355675] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.355725] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355750] kasan_report+0x141/0x180 [ 24.355771] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355799] kasan_check_range+0x10c/0x1c0 [ 24.355823] __kasan_check_write+0x18/0x20 [ 24.355847] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355872] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.355898] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.355921] ? trace_hardirqs_on+0x37/0xe0 [ 24.355943] ? kasan_bitops_generic+0x92/0x1c0 [ 24.355969] kasan_bitops_generic+0x116/0x1c0 [ 24.355992] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.356016] ? __pfx_read_tsc+0x10/0x10 [ 24.356093] ? ktime_get_ts64+0x86/0x230 [ 24.356118] kunit_try_run_case+0x1a5/0x480 [ 24.356143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.356165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.356190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.356215] ? __kthread_parkme+0x82/0x180 [ 24.356245] ? preempt_count_sub+0x50/0x80 [ 24.356269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.356292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.356316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.356339] kthread+0x337/0x6f0 [ 24.356358] ? trace_preempt_on+0x20/0xc0 [ 24.356380] ? __pfx_kthread+0x10/0x10 [ 24.356400] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.356423] ? calculate_sigpending+0x7b/0xa0 [ 24.356446] ? __pfx_kthread+0x10/0x10 [ 24.356467] ret_from_fork+0x116/0x1d0 [ 24.356485] ? __pfx_kthread+0x10/0x10 [ 24.356506] ret_from_fork_asm+0x1a/0x30 [ 24.356536] </TASK> [ 24.356548] [ 24.365001] Allocated by task 290: [ 24.365185] kasan_save_stack+0x45/0x70 [ 24.365398] kasan_save_track+0x18/0x40 [ 24.365583] kasan_save_alloc_info+0x3b/0x50 [ 24.365956] __kasan_kmalloc+0xb7/0xc0 [ 24.366327] __kmalloc_cache_noprof+0x189/0x420 [ 24.366546] kasan_bitops_generic+0x92/0x1c0 [ 24.366736] kunit_try_run_case+0x1a5/0x480 [ 24.367072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.367289] kthread+0x337/0x6f0 [ 24.367404] ret_from_fork+0x116/0x1d0 [ 24.367529] ret_from_fork_asm+0x1a/0x30 [ 24.367660] [ 24.367724] The buggy address belongs to the object at ffff88810278b720 [ 24.367724] which belongs to the cache kmalloc-16 of size 16 [ 24.368239] The buggy address is located 8 bytes inside of [ 24.368239] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.368764] [ 24.368858] The buggy address belongs to the physical page: [ 24.369173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.369500] flags: 0x200000000000000(node=0|zone=2) [ 24.369707] page_type: f5(slab) [ 24.369843] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.370065] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.370595] page dumped because: kasan: bad access detected [ 24.370914] [ 24.370986] Memory state around the buggy address: [ 24.371143] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.371469] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.371680] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.372245] ^ [ 24.372671] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.372974] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.373179] ================================================================== [ 24.158339] ================================================================== [ 24.158796] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159077] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.159310] [ 24.159399] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.159452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.159465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.159490] Call Trace: [ 24.159504] <TASK> [ 24.159524] dump_stack_lvl+0x73/0xb0 [ 24.159554] print_report+0xd1/0x650 [ 24.159578] ? __virt_addr_valid+0x1db/0x2d0 [ 24.159602] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159626] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.159652] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159676] kasan_report+0x141/0x180 [ 24.159697] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159725] kasan_check_range+0x10c/0x1c0 [ 24.159748] __kasan_check_write+0x18/0x20 [ 24.159770] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159795] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.159820] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.159844] ? trace_hardirqs_on+0x37/0xe0 [ 24.159866] ? kasan_bitops_generic+0x92/0x1c0 [ 24.159891] kasan_bitops_generic+0x116/0x1c0 [ 24.159914] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.159937] ? __pfx_read_tsc+0x10/0x10 [ 24.159960] ? ktime_get_ts64+0x86/0x230 [ 24.159983] kunit_try_run_case+0x1a5/0x480 [ 24.160007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.160029] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.160054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.160079] ? __kthread_parkme+0x82/0x180 [ 24.160099] ? preempt_count_sub+0x50/0x80 [ 24.160122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.160145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.160169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.160192] kthread+0x337/0x6f0 [ 24.160211] ? trace_preempt_on+0x20/0xc0 [ 24.160659] ? __pfx_kthread+0x10/0x10 [ 24.160698] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.160725] ? calculate_sigpending+0x7b/0xa0 [ 24.160749] ? __pfx_kthread+0x10/0x10 [ 24.160771] ret_from_fork+0x116/0x1d0 [ 24.160790] ? __pfx_kthread+0x10/0x10 [ 24.160820] ret_from_fork_asm+0x1a/0x30 [ 24.160851] </TASK> [ 24.160863] [ 24.179906] Allocated by task 290: [ 24.180421] kasan_save_stack+0x45/0x70 [ 24.180680] kasan_save_track+0x18/0x40 [ 24.180861] kasan_save_alloc_info+0x3b/0x50 [ 24.181284] __kasan_kmalloc+0xb7/0xc0 [ 24.181548] __kmalloc_cache_noprof+0x189/0x420 [ 24.181876] kasan_bitops_generic+0x92/0x1c0 [ 24.182211] kunit_try_run_case+0x1a5/0x480 [ 24.182569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.182987] kthread+0x337/0x6f0 [ 24.183238] ret_from_fork+0x116/0x1d0 [ 24.183531] ret_from_fork_asm+0x1a/0x30 [ 24.183727] [ 24.183965] The buggy address belongs to the object at ffff88810278b720 [ 24.183965] which belongs to the cache kmalloc-16 of size 16 [ 24.184627] The buggy address is located 8 bytes inside of [ 24.184627] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.185437] [ 24.185664] The buggy address belongs to the physical page: [ 24.186215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.186684] flags: 0x200000000000000(node=0|zone=2) [ 24.187211] page_type: f5(slab) [ 24.187530] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.187889] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.188511] page dumped because: kasan: bad access detected [ 24.188889] [ 24.189104] Memory state around the buggy address: [ 24.189462] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.190055] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.190508] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.191044] ^ [ 24.191323] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.191738] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.192264] ================================================================== [ 24.309961] ================================================================== [ 24.310478] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311010] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.311281] [ 24.311392] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.311442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.311454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.311553] Call Trace: [ 24.311577] <TASK> [ 24.311597] dump_stack_lvl+0x73/0xb0 [ 24.311625] print_report+0xd1/0x650 [ 24.311647] ? __virt_addr_valid+0x1db/0x2d0 [ 24.311670] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311696] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.311898] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311926] kasan_report+0x141/0x180 [ 24.311947] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311976] kasan_check_range+0x10c/0x1c0 [ 24.311999] __kasan_check_write+0x18/0x20 [ 24.312021] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.312047] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.312073] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.312096] ? trace_hardirqs_on+0x37/0xe0 [ 24.312118] ? kasan_bitops_generic+0x92/0x1c0 [ 24.312144] kasan_bitops_generic+0x116/0x1c0 [ 24.312167] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.312190] ? __pfx_read_tsc+0x10/0x10 [ 24.312212] ? ktime_get_ts64+0x86/0x230 [ 24.312250] kunit_try_run_case+0x1a5/0x480 [ 24.312274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.312297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.312322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.312347] ? __kthread_parkme+0x82/0x180 [ 24.312367] ? preempt_count_sub+0x50/0x80 [ 24.312390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.312414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.312437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.312459] kthread+0x337/0x6f0 [ 24.312479] ? trace_preempt_on+0x20/0xc0 [ 24.312501] ? __pfx_kthread+0x10/0x10 [ 24.312521] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.312544] ? calculate_sigpending+0x7b/0xa0 [ 24.312567] ? __pfx_kthread+0x10/0x10 [ 24.312588] ret_from_fork+0x116/0x1d0 [ 24.312607] ? __pfx_kthread+0x10/0x10 [ 24.312627] ret_from_fork_asm+0x1a/0x30 [ 24.312658] </TASK> [ 24.312669] [ 24.323930] Allocated by task 290: [ 24.324295] kasan_save_stack+0x45/0x70 [ 24.324578] kasan_save_track+0x18/0x40 [ 24.324768] kasan_save_alloc_info+0x3b/0x50 [ 24.324950] __kasan_kmalloc+0xb7/0xc0 [ 24.325102] __kmalloc_cache_noprof+0x189/0x420 [ 24.325312] kasan_bitops_generic+0x92/0x1c0 [ 24.325525] kunit_try_run_case+0x1a5/0x480 [ 24.325724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.325941] kthread+0x337/0x6f0 [ 24.326097] ret_from_fork+0x116/0x1d0 [ 24.326708] ret_from_fork_asm+0x1a/0x30 [ 24.326892] [ 24.327002] The buggy address belongs to the object at ffff88810278b720 [ 24.327002] which belongs to the cache kmalloc-16 of size 16 [ 24.327590] The buggy address is located 8 bytes inside of [ 24.327590] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.328204] [ 24.328312] The buggy address belongs to the physical page: [ 24.328573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.328822] flags: 0x200000000000000(node=0|zone=2) [ 24.329106] page_type: f5(slab) [ 24.329732] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.330018] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.330503] page dumped because: kasan: bad access detected [ 24.330802] [ 24.330886] Memory state around the buggy address: [ 24.331264] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.331695] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.332119] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.332434] ^ [ 24.332641] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.333430] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.333702] ================================================================== [ 24.222682] ================================================================== [ 24.223518] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.224816] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.225575] [ 24.225825] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.225881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.225895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.225918] Call Trace: [ 24.225952] <TASK> [ 24.225972] dump_stack_lvl+0x73/0xb0 [ 24.226004] print_report+0xd1/0x650 [ 24.226042] ? __virt_addr_valid+0x1db/0x2d0 [ 24.226066] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.226116] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226140] kasan_report+0x141/0x180 [ 24.226161] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226190] kasan_check_range+0x10c/0x1c0 [ 24.226212] __kasan_check_write+0x18/0x20 [ 24.226245] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226269] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.226295] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.226318] ? trace_hardirqs_on+0x37/0xe0 [ 24.226340] ? kasan_bitops_generic+0x92/0x1c0 [ 24.226366] kasan_bitops_generic+0x116/0x1c0 [ 24.226389] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.226412] ? __pfx_read_tsc+0x10/0x10 [ 24.226434] ? ktime_get_ts64+0x86/0x230 [ 24.226460] kunit_try_run_case+0x1a5/0x480 [ 24.226486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.226507] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.226533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.226557] ? __kthread_parkme+0x82/0x180 [ 24.226577] ? preempt_count_sub+0x50/0x80 [ 24.226600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.226623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.226646] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.226669] kthread+0x337/0x6f0 [ 24.226689] ? trace_preempt_on+0x20/0xc0 [ 24.226710] ? __pfx_kthread+0x10/0x10 [ 24.226730] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.226752] ? calculate_sigpending+0x7b/0xa0 [ 24.226776] ? __pfx_kthread+0x10/0x10 [ 24.226796] ret_from_fork+0x116/0x1d0 [ 24.226814] ? __pfx_kthread+0x10/0x10 [ 24.226834] ret_from_fork_asm+0x1a/0x30 [ 24.226868] </TASK> [ 24.226880] [ 24.242642] Allocated by task 290: [ 24.242995] kasan_save_stack+0x45/0x70 [ 24.243569] kasan_save_track+0x18/0x40 [ 24.243916] kasan_save_alloc_info+0x3b/0x50 [ 24.244085] __kasan_kmalloc+0xb7/0xc0 [ 24.244452] __kmalloc_cache_noprof+0x189/0x420 [ 24.244918] kasan_bitops_generic+0x92/0x1c0 [ 24.245378] kunit_try_run_case+0x1a5/0x480 [ 24.245522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.245688] kthread+0x337/0x6f0 [ 24.245801] ret_from_fork+0x116/0x1d0 [ 24.245926] ret_from_fork_asm+0x1a/0x30 [ 24.246185] [ 24.246392] The buggy address belongs to the object at ffff88810278b720 [ 24.246392] which belongs to the cache kmalloc-16 of size 16 [ 24.247561] The buggy address is located 8 bytes inside of [ 24.247561] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.249026] [ 24.249307] The buggy address belongs to the physical page: [ 24.249851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.250307] flags: 0x200000000000000(node=0|zone=2) [ 24.250478] page_type: f5(slab) [ 24.250595] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.250921] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.251649] page dumped because: kasan: bad access detected [ 24.252215] [ 24.252421] Memory state around the buggy address: [ 24.252890] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.253654] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.254347] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.255149] ^ [ 24.255323] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.255539] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.255747] ================================================================== [ 24.334590] ================================================================== [ 24.334847] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.335533] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.335924] [ 24.336034] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.336087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.336099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.336123] Call Trace: [ 24.336143] <TASK> [ 24.336165] dump_stack_lvl+0x73/0xb0 [ 24.336195] print_report+0xd1/0x650 [ 24.336217] ? __virt_addr_valid+0x1db/0x2d0 [ 24.336251] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.336302] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336326] kasan_report+0x141/0x180 [ 24.336348] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336376] kasan_check_range+0x10c/0x1c0 [ 24.336399] __kasan_check_write+0x18/0x20 [ 24.336422] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336446] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.336472] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.336496] ? trace_hardirqs_on+0x37/0xe0 [ 24.336518] ? kasan_bitops_generic+0x92/0x1c0 [ 24.336544] kasan_bitops_generic+0x116/0x1c0 [ 24.336567] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.336591] ? __pfx_read_tsc+0x10/0x10 [ 24.336613] ? ktime_get_ts64+0x86/0x230 [ 24.336637] kunit_try_run_case+0x1a5/0x480 [ 24.336662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.336684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.336709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.336734] ? __kthread_parkme+0x82/0x180 [ 24.336754] ? preempt_count_sub+0x50/0x80 [ 24.336778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.336852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.336877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.336900] kthread+0x337/0x6f0 [ 24.336920] ? trace_preempt_on+0x20/0xc0 [ 24.336943] ? __pfx_kthread+0x10/0x10 [ 24.336963] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.336988] ? calculate_sigpending+0x7b/0xa0 [ 24.337011] ? __pfx_kthread+0x10/0x10 [ 24.337032] ret_from_fork+0x116/0x1d0 [ 24.337051] ? __pfx_kthread+0x10/0x10 [ 24.337071] ret_from_fork_asm+0x1a/0x30 [ 24.337101] </TASK> [ 24.337111] [ 24.345387] Allocated by task 290: [ 24.345629] kasan_save_stack+0x45/0x70 [ 24.345836] kasan_save_track+0x18/0x40 [ 24.346025] kasan_save_alloc_info+0x3b/0x50 [ 24.346287] __kasan_kmalloc+0xb7/0xc0 [ 24.346536] __kmalloc_cache_noprof+0x189/0x420 [ 24.346703] kasan_bitops_generic+0x92/0x1c0 [ 24.346844] kunit_try_run_case+0x1a5/0x480 [ 24.347030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.347304] kthread+0x337/0x6f0 [ 24.347480] ret_from_fork+0x116/0x1d0 [ 24.347672] ret_from_fork_asm+0x1a/0x30 [ 24.348129] [ 24.348209] The buggy address belongs to the object at ffff88810278b720 [ 24.348209] which belongs to the cache kmalloc-16 of size 16 [ 24.348673] The buggy address is located 8 bytes inside of [ 24.348673] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.349372] [ 24.349489] The buggy address belongs to the physical page: [ 24.349702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.349960] flags: 0x200000000000000(node=0|zone=2) [ 24.350118] page_type: f5(slab) [ 24.350241] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.350516] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.350909] page dumped because: kasan: bad access detected [ 24.351367] [ 24.351456] Memory state around the buggy address: [ 24.351605] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.351913] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.352532] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.352924] ^ [ 24.353126] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.353418] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.353657] ================================================================== [ 24.256195] ================================================================== [ 24.256504] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.256951] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.257325] [ 24.257413] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.257462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.257474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.257496] Call Trace: [ 24.257517] <TASK> [ 24.257537] dump_stack_lvl+0x73/0xb0 [ 24.257564] print_report+0xd1/0x650 [ 24.257586] ? __virt_addr_valid+0x1db/0x2d0 [ 24.257611] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.257661] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257685] kasan_report+0x141/0x180 [ 24.257706] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257734] kasan_check_range+0x10c/0x1c0 [ 24.257756] __kasan_check_write+0x18/0x20 [ 24.257779] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257803] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.257828] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.257852] ? trace_hardirqs_on+0x37/0xe0 [ 24.257873] ? kasan_bitops_generic+0x92/0x1c0 [ 24.257899] kasan_bitops_generic+0x116/0x1c0 [ 24.257921] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.257944] ? __pfx_read_tsc+0x10/0x10 [ 24.257965] ? ktime_get_ts64+0x86/0x230 [ 24.257990] kunit_try_run_case+0x1a5/0x480 [ 24.258014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.258100] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.258126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.258151] ? __kthread_parkme+0x82/0x180 [ 24.258171] ? preempt_count_sub+0x50/0x80 [ 24.258193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.258217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.258252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.258276] kthread+0x337/0x6f0 [ 24.258294] ? trace_preempt_on+0x20/0xc0 [ 24.258316] ? __pfx_kthread+0x10/0x10 [ 24.258336] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.258360] ? calculate_sigpending+0x7b/0xa0 [ 24.258383] ? __pfx_kthread+0x10/0x10 [ 24.258404] ret_from_fork+0x116/0x1d0 [ 24.258423] ? __pfx_kthread+0x10/0x10 [ 24.258442] ret_from_fork_asm+0x1a/0x30 [ 24.258473] </TASK> [ 24.258483] [ 24.270589] Allocated by task 290: [ 24.270977] kasan_save_stack+0x45/0x70 [ 24.271206] kasan_save_track+0x18/0x40 [ 24.271377] kasan_save_alloc_info+0x3b/0x50 [ 24.271585] __kasan_kmalloc+0xb7/0xc0 [ 24.271733] __kmalloc_cache_noprof+0x189/0x420 [ 24.272259] kasan_bitops_generic+0x92/0x1c0 [ 24.272490] kunit_try_run_case+0x1a5/0x480 [ 24.272953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.273543] kthread+0x337/0x6f0 [ 24.273681] ret_from_fork+0x116/0x1d0 [ 24.274070] ret_from_fork_asm+0x1a/0x30 [ 24.274506] [ 24.274722] The buggy address belongs to the object at ffff88810278b720 [ 24.274722] which belongs to the cache kmalloc-16 of size 16 [ 24.276129] The buggy address is located 8 bytes inside of [ 24.276129] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.276500] [ 24.276572] The buggy address belongs to the physical page: [ 24.276743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.277799] flags: 0x200000000000000(node=0|zone=2) [ 24.278368] page_type: f5(slab) [ 24.278805] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.279773] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.280529] page dumped because: kasan: bad access detected [ 24.280961] [ 24.281236] Memory state around the buggy address: [ 24.281608] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.281870] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.282525] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.283178] ^ [ 24.283481] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.283692] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.284406] ================================================================== [ 24.193282] ================================================================== [ 24.194003] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.194609] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.194979] [ 24.195356] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.195450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.195464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.195488] Call Trace: [ 24.195502] <TASK> [ 24.195523] dump_stack_lvl+0x73/0xb0 [ 24.195552] print_report+0xd1/0x650 [ 24.195574] ? __virt_addr_valid+0x1db/0x2d0 [ 24.195598] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.195648] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195672] kasan_report+0x141/0x180 [ 24.195694] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195723] kasan_check_range+0x10c/0x1c0 [ 24.195745] __kasan_check_write+0x18/0x20 [ 24.195767] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195792] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.195818] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.195842] ? trace_hardirqs_on+0x37/0xe0 [ 24.195865] ? kasan_bitops_generic+0x92/0x1c0 [ 24.195891] kasan_bitops_generic+0x116/0x1c0 [ 24.195914] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.195937] ? __pfx_read_tsc+0x10/0x10 [ 24.195959] ? ktime_get_ts64+0x86/0x230 [ 24.195983] kunit_try_run_case+0x1a5/0x480 [ 24.196007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.196029] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.196055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.196080] ? __kthread_parkme+0x82/0x180 [ 24.196100] ? preempt_count_sub+0x50/0x80 [ 24.196124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.196147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.196170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.196194] kthread+0x337/0x6f0 [ 24.196213] ? trace_preempt_on+0x20/0xc0 [ 24.196247] ? __pfx_kthread+0x10/0x10 [ 24.196267] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.196289] ? calculate_sigpending+0x7b/0xa0 [ 24.196313] ? __pfx_kthread+0x10/0x10 [ 24.196334] ret_from_fork+0x116/0x1d0 [ 24.196352] ? __pfx_kthread+0x10/0x10 [ 24.196372] ret_from_fork_asm+0x1a/0x30 [ 24.196402] </TASK> [ 24.196415] [ 24.207682] Allocated by task 290: [ 24.208291] kasan_save_stack+0x45/0x70 [ 24.208609] kasan_save_track+0x18/0x40 [ 24.209322] kasan_save_alloc_info+0x3b/0x50 [ 24.209772] __kasan_kmalloc+0xb7/0xc0 [ 24.210198] __kmalloc_cache_noprof+0x189/0x420 [ 24.210419] kasan_bitops_generic+0x92/0x1c0 [ 24.210606] kunit_try_run_case+0x1a5/0x480 [ 24.211090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.211593] kthread+0x337/0x6f0 [ 24.212208] ret_from_fork+0x116/0x1d0 [ 24.212641] ret_from_fork_asm+0x1a/0x30 [ 24.213103] [ 24.213201] The buggy address belongs to the object at ffff88810278b720 [ 24.213201] which belongs to the cache kmalloc-16 of size 16 [ 24.213690] The buggy address is located 8 bytes inside of [ 24.213690] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.215229] [ 24.215350] The buggy address belongs to the physical page: [ 24.215525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.215763] flags: 0x200000000000000(node=0|zone=2) [ 24.215933] page_type: f5(slab) [ 24.216053] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.216289] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.216510] page dumped because: kasan: bad access detected [ 24.216673] [ 24.216738] Memory state around the buggy address: [ 24.216890] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.217098] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.217675] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.219115] ^ [ 24.219805] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.220534] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.221549] ================================================================== [ 24.285394] ================================================================== [ 24.286082] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287005] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.287487] [ 24.287574] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.287623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.287635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.287658] Call Trace: [ 24.287678] <TASK> [ 24.287698] dump_stack_lvl+0x73/0xb0 [ 24.287726] print_report+0xd1/0x650 [ 24.287748] ? __virt_addr_valid+0x1db/0x2d0 [ 24.287772] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.287824] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287851] kasan_report+0x141/0x180 [ 24.287872] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287901] kasan_check_range+0x10c/0x1c0 [ 24.287923] __kasan_check_write+0x18/0x20 [ 24.287945] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287970] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.287995] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.288019] ? trace_hardirqs_on+0x37/0xe0 [ 24.288042] ? kasan_bitops_generic+0x92/0x1c0 [ 24.288068] kasan_bitops_generic+0x116/0x1c0 [ 24.288091] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.288115] ? __pfx_read_tsc+0x10/0x10 [ 24.288136] ? ktime_get_ts64+0x86/0x230 [ 24.288161] kunit_try_run_case+0x1a5/0x480 [ 24.288185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.288207] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.288244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.288269] ? __kthread_parkme+0x82/0x180 [ 24.288289] ? preempt_count_sub+0x50/0x80 [ 24.288312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.288335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.288358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.288382] kthread+0x337/0x6f0 [ 24.288403] ? trace_preempt_on+0x20/0xc0 [ 24.288424] ? __pfx_kthread+0x10/0x10 [ 24.288443] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.288466] ? calculate_sigpending+0x7b/0xa0 [ 24.288490] ? __pfx_kthread+0x10/0x10 [ 24.288511] ret_from_fork+0x116/0x1d0 [ 24.288529] ? __pfx_kthread+0x10/0x10 [ 24.288549] ret_from_fork_asm+0x1a/0x30 [ 24.288579] </TASK> [ 24.288590] [ 24.299056] Allocated by task 290: [ 24.299368] kasan_save_stack+0x45/0x70 [ 24.299562] kasan_save_track+0x18/0x40 [ 24.299732] kasan_save_alloc_info+0x3b/0x50 [ 24.300173] __kasan_kmalloc+0xb7/0xc0 [ 24.300361] __kmalloc_cache_noprof+0x189/0x420 [ 24.300556] kasan_bitops_generic+0x92/0x1c0 [ 24.300741] kunit_try_run_case+0x1a5/0x480 [ 24.301379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.301590] kthread+0x337/0x6f0 [ 24.301759] ret_from_fork+0x116/0x1d0 [ 24.301979] ret_from_fork_asm+0x1a/0x30 [ 24.302400] [ 24.302486] The buggy address belongs to the object at ffff88810278b720 [ 24.302486] which belongs to the cache kmalloc-16 of size 16 [ 24.303065] The buggy address is located 8 bytes inside of [ 24.303065] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.303775] [ 24.303908] The buggy address belongs to the physical page: [ 24.304191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.304725] flags: 0x200000000000000(node=0|zone=2) [ 24.305020] page_type: f5(slab) [ 24.305153] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.305479] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.305787] page dumped because: kasan: bad access detected [ 24.306598] [ 24.306681] Memory state around the buggy address: [ 24.306910] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.307500] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.307934] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.308325] ^ [ 24.308508] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.308805] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.309294] ==================================================================