Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 57.571103] ================================================================== [ 57.578416] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 57.587483] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 57.594973] [ 57.596498] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 57.596526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.596534] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.596544] Call trace: [ 57.596550] show_stack+0x20/0x38 (C) [ 57.596566] dump_stack_lvl+0x8c/0xd0 [ 57.596584] print_report+0x118/0x608 [ 57.596602] kasan_report+0xdc/0x128 [ 57.596619] kasan_check_range+0x100/0x1a8 [ 57.596639] __kasan_check_write+0x20/0x30 [ 57.596655] kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 57.596676] kasan_bitops_generic+0x11c/0x1c8 [ 57.596693] kunit_try_run_case+0x170/0x3f0 [ 57.596709] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.596730] kthread+0x328/0x630 [ 57.596743] ret_from_fork+0x10/0x20 [ 57.596759] [ 57.672171] Allocated by task 347: [ 57.675627] kasan_save_stack+0x3c/0x68 [ 57.679525] kasan_save_track+0x20/0x40 [ 57.683421] kasan_save_alloc_info+0x40/0x58 [ 57.687759] __kasan_kmalloc+0xd4/0xd8 [ 57.691568] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.696171] kasan_bitops_generic+0xa0/0x1c8 [ 57.700512] kunit_try_run_case+0x170/0x3f0 [ 57.704765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.710333] kthread+0x328/0x630 [ 57.713621] ret_from_fork+0x10/0x20 [ 57.717255] [ 57.718778] The buggy address belongs to the object at ffff000093276b80 [ 57.718778] which belongs to the cache kmalloc-16 of size 16 [ 57.731257] The buggy address is located 8 bytes inside of [ 57.731257] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 57.743653] [ 57.745175] The buggy address belongs to the physical page: [ 57.750821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 57.758919] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 57.765527] page_type: f5(slab) [ 57.768726] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 57.776563] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 57.784395] page dumped because: kasan: bad access detected [ 57.790043] [ 57.791566] Memory state around the buggy address: [ 57.796421] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 57.803735] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.811048] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.818360] ^ [ 57.821903] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.829216] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.836526] ================================================================== [ 57.843906] ================================================================== [ 57.851220] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 57.860286] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 57.867690] [ 57.869215] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 57.869243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.869251] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.869260] Call trace: [ 57.869268] show_stack+0x20/0x38 (C) [ 57.869285] dump_stack_lvl+0x8c/0xd0 [ 57.869302] print_report+0x118/0x608 [ 57.869322] kasan_report+0xdc/0x128 [ 57.869340] __asan_report_load8_noabort+0x20/0x30 [ 57.869357] kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 57.869377] kasan_bitops_generic+0x11c/0x1c8 [ 57.869395] kunit_try_run_case+0x170/0x3f0 [ 57.869412] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.869434] kthread+0x328/0x630 [ 57.869447] ret_from_fork+0x10/0x20 [ 57.869464] [ 57.941465] Allocated by task 347: [ 57.944922] kasan_save_stack+0x3c/0x68 [ 57.948819] kasan_save_track+0x20/0x40 [ 57.952716] kasan_save_alloc_info+0x40/0x58 [ 57.957054] __kasan_kmalloc+0xd4/0xd8 [ 57.960864] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.965466] kasan_bitops_generic+0xa0/0x1c8 [ 57.969807] kunit_try_run_case+0x170/0x3f0 [ 57.974061] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.979631] kthread+0x328/0x630 [ 57.982916] ret_from_fork+0x10/0x20 [ 57.986551] [ 57.988074] The buggy address belongs to the object at ffff000093276b80 [ 57.988074] which belongs to the cache kmalloc-16 of size 16 [ 58.000553] The buggy address is located 8 bytes inside of [ 58.000553] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 58.012949] [ 58.014473] The buggy address belongs to the physical page: [ 58.020119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 58.028216] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 58.034824] page_type: f5(slab) [ 58.038023] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 58.045859] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 58.053692] page dumped because: kasan: bad access detected [ 58.059339] [ 58.060862] Memory state around the buggy address: [ 58.065718] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 58.073032] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.080344] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.087655] ^ [ 58.091199] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.098511] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.105823] ================================================================== [ 56.759722] ================================================================== [ 56.767034] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 56.776100] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 56.783504] [ 56.785029] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 56.785057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.785065] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.785074] Call trace: [ 56.785080] show_stack+0x20/0x38 (C) [ 56.785097] dump_stack_lvl+0x8c/0xd0 [ 56.785114] print_report+0x118/0x608 [ 56.785133] kasan_report+0xdc/0x128 [ 56.785150] __asan_report_load8_noabort+0x20/0x30 [ 56.785167] kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 56.785187] kasan_bitops_generic+0x11c/0x1c8 [ 56.785204] kunit_try_run_case+0x170/0x3f0 [ 56.785221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.785243] kthread+0x328/0x630 [ 56.785257] ret_from_fork+0x10/0x20 [ 56.785273] [ 56.857275] Allocated by task 347: [ 56.860730] kasan_save_stack+0x3c/0x68 [ 56.864628] kasan_save_track+0x20/0x40 [ 56.868528] kasan_save_alloc_info+0x40/0x58 [ 56.872866] __kasan_kmalloc+0xd4/0xd8 [ 56.876674] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.881275] kasan_bitops_generic+0xa0/0x1c8 [ 56.885618] kunit_try_run_case+0x170/0x3f0 [ 56.889871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.895442] kthread+0x328/0x630 [ 56.898728] ret_from_fork+0x10/0x20 [ 56.902363] [ 56.903885] The buggy address belongs to the object at ffff000093276b80 [ 56.903885] which belongs to the cache kmalloc-16 of size 16 [ 56.916364] The buggy address is located 8 bytes inside of [ 56.916364] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 56.928760] [ 56.930284] The buggy address belongs to the physical page: [ 56.935930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 56.944026] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.950634] page_type: f5(slab) [ 56.953833] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.961671] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.969503] page dumped because: kasan: bad access detected [ 56.975150] [ 56.976673] Memory state around the buggy address: [ 56.981530] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 56.988842] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.996155] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.003467] ^ [ 57.007010] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.014323] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.021634] ================================================================== [ 57.301825] ================================================================== [ 57.309136] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 57.318202] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 57.325604] [ 57.327129] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 57.327156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.327164] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.327175] Call trace: [ 57.327181] show_stack+0x20/0x38 (C) [ 57.327199] dump_stack_lvl+0x8c/0xd0 [ 57.327216] print_report+0x118/0x608 [ 57.327235] kasan_report+0xdc/0x128 [ 57.327252] __asan_report_load8_noabort+0x20/0x30 [ 57.327268] kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 57.327290] kasan_bitops_generic+0x11c/0x1c8 [ 57.327307] kunit_try_run_case+0x170/0x3f0 [ 57.327324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.327344] kthread+0x328/0x630 [ 57.327357] ret_from_fork+0x10/0x20 [ 57.327373] [ 57.399375] Allocated by task 347: [ 57.402831] kasan_save_stack+0x3c/0x68 [ 57.406730] kasan_save_track+0x20/0x40 [ 57.410627] kasan_save_alloc_info+0x40/0x58 [ 57.414965] __kasan_kmalloc+0xd4/0xd8 [ 57.418774] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.423376] kasan_bitops_generic+0xa0/0x1c8 [ 57.427718] kunit_try_run_case+0x170/0x3f0 [ 57.431971] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.437540] kthread+0x328/0x630 [ 57.440826] ret_from_fork+0x10/0x20 [ 57.444461] [ 57.445983] The buggy address belongs to the object at ffff000093276b80 [ 57.445983] which belongs to the cache kmalloc-16 of size 16 [ 57.458462] The buggy address is located 8 bytes inside of [ 57.458462] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 57.470859] [ 57.472383] The buggy address belongs to the physical page: [ 57.478029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 57.486126] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 57.492734] page_type: f5(slab) [ 57.495933] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 57.503770] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 57.511604] page dumped because: kasan: bad access detected [ 57.517250] [ 57.518773] Memory state around the buggy address: [ 57.523628] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 57.530941] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.538253] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.545564] ^ [ 57.549107] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.556420] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.563730] ================================================================== [ 58.113188] ================================================================== [ 58.120501] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 58.129568] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 58.136971] [ 58.138497] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 58.138525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.138534] Hardware name: Thundercomm Dragonboard 845c (DT) [ 58.138545] Call trace: [ 58.138553] show_stack+0x20/0x38 (C) [ 58.138569] dump_stack_lvl+0x8c/0xd0 [ 58.138587] print_report+0x118/0x608 [ 58.138605] kasan_report+0xdc/0x128 [ 58.138622] __asan_report_load8_noabort+0x20/0x30 [ 58.138641] kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 58.138662] kasan_bitops_generic+0x11c/0x1c8 [ 58.138679] kunit_try_run_case+0x170/0x3f0 [ 58.138698] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.138718] kthread+0x328/0x630 [ 58.138731] ret_from_fork+0x10/0x20 [ 58.138747] [ 58.210737] Allocated by task 347: [ 58.214194] kasan_save_stack+0x3c/0x68 [ 58.218091] kasan_save_track+0x20/0x40 [ 58.221988] kasan_save_alloc_info+0x40/0x58 [ 58.226327] __kasan_kmalloc+0xd4/0xd8 [ 58.230136] __kmalloc_cache_noprof+0x16c/0x3c0 [ 58.234737] kasan_bitops_generic+0xa0/0x1c8 [ 58.239079] kunit_try_run_case+0x170/0x3f0 [ 58.243332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.248891] kthread+0x328/0x630 [ 58.252176] ret_from_fork+0x10/0x20 [ 58.255812] [ 58.257334] The buggy address belongs to the object at ffff000093276b80 [ 58.257334] which belongs to the cache kmalloc-16 of size 16 [ 58.269814] The buggy address is located 8 bytes inside of [ 58.269814] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 58.282211] [ 58.283734] The buggy address belongs to the physical page: [ 58.289381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 58.297477] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 58.304085] page_type: f5(slab) [ 58.307285] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 58.315123] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 58.322955] page dumped because: kasan: bad access detected [ 58.328602] [ 58.330124] Memory state around the buggy address: [ 58.334980] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 58.342293] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.349607] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.356919] ^ [ 58.360462] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.367774] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.375085] ================================================================== [ 55.944940] ================================================================== [ 55.952253] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 55.961234] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 55.968724] [ 55.970249] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 55.970278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.970285] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.970296] Call trace: [ 55.970302] show_stack+0x20/0x38 (C) [ 55.970319] dump_stack_lvl+0x8c/0xd0 [ 55.970336] print_report+0x118/0x608 [ 55.970355] kasan_report+0xdc/0x128 [ 55.970375] kasan_check_range+0x100/0x1a8 [ 55.970394] __kasan_check_write+0x20/0x30 [ 55.970409] kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 55.970429] kasan_bitops_generic+0x11c/0x1c8 [ 55.970446] kunit_try_run_case+0x170/0x3f0 [ 55.970465] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.970486] kthread+0x328/0x630 [ 55.970499] ret_from_fork+0x10/0x20 [ 55.970516] [ 56.045867] Allocated by task 347: [ 56.049323] kasan_save_stack+0x3c/0x68 [ 56.053221] kasan_save_track+0x20/0x40 [ 56.057119] kasan_save_alloc_info+0x40/0x58 [ 56.061458] __kasan_kmalloc+0xd4/0xd8 [ 56.065268] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.069870] kasan_bitops_generic+0xa0/0x1c8 [ 56.074212] kunit_try_run_case+0x170/0x3f0 [ 56.078466] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.084037] kthread+0x328/0x630 [ 56.087323] ret_from_fork+0x10/0x20 [ 56.090957] [ 56.092480] The buggy address belongs to the object at ffff000093276b80 [ 56.092480] which belongs to the cache kmalloc-16 of size 16 [ 56.104961] The buggy address is located 8 bytes inside of [ 56.104961] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 56.117358] [ 56.118881] The buggy address belongs to the physical page: [ 56.124528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 56.132625] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.139234] page_type: f5(slab) [ 56.142433] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.150269] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.158101] page dumped because: kasan: bad access detected [ 56.163749] [ 56.165272] Memory state around the buggy address: [ 56.170127] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 56.177441] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.184753] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.192065] ^ [ 56.195608] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.202921] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.210231] ================================================================== [ 56.486914] ================================================================== [ 56.494226] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 56.503293] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 56.510783] [ 56.512308] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 56.512336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.512344] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.512353] Call trace: [ 56.512360] show_stack+0x20/0x38 (C) [ 56.512376] dump_stack_lvl+0x8c/0xd0 [ 56.512394] print_report+0x118/0x608 [ 56.512412] kasan_report+0xdc/0x128 [ 56.512430] kasan_check_range+0x100/0x1a8 [ 56.512448] __kasan_check_write+0x20/0x30 [ 56.512464] kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 56.512487] kasan_bitops_generic+0x11c/0x1c8 [ 56.512504] kunit_try_run_case+0x170/0x3f0 [ 56.512521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.512541] kthread+0x328/0x630 [ 56.512555] ret_from_fork+0x10/0x20 [ 56.512571] [ 56.587996] Allocated by task 347: [ 56.591451] kasan_save_stack+0x3c/0x68 [ 56.595350] kasan_save_track+0x20/0x40 [ 56.599247] kasan_save_alloc_info+0x40/0x58 [ 56.603586] __kasan_kmalloc+0xd4/0xd8 [ 56.607395] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.611998] kasan_bitops_generic+0xa0/0x1c8 [ 56.616338] kunit_try_run_case+0x170/0x3f0 [ 56.620592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.626151] kthread+0x328/0x630 [ 56.629436] ret_from_fork+0x10/0x20 [ 56.633071] [ 56.634594] The buggy address belongs to the object at ffff000093276b80 [ 56.634594] which belongs to the cache kmalloc-16 of size 16 [ 56.647073] The buggy address is located 8 bytes inside of [ 56.647073] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 56.659469] [ 56.660992] The buggy address belongs to the physical page: [ 56.666638] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 56.674736] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.681345] page_type: f5(slab) [ 56.684545] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.692382] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.700215] page dumped because: kasan: bad access detected [ 56.705862] [ 56.707384] Memory state around the buggy address: [ 56.712241] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 56.719555] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.726868] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.734179] ^ [ 56.737721] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.745034] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.752345] ================================================================== [ 57.029005] ================================================================== [ 57.036316] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 57.045384] Write of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 57.052873] [ 57.054399] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 57.054429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.054438] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.054448] Call trace: [ 57.054454] show_stack+0x20/0x38 (C) [ 57.054470] dump_stack_lvl+0x8c/0xd0 [ 57.054488] print_report+0x118/0x608 [ 57.054507] kasan_report+0xdc/0x128 [ 57.054524] kasan_check_range+0x100/0x1a8 [ 57.054544] __kasan_check_write+0x20/0x30 [ 57.054561] kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 57.054582] kasan_bitops_generic+0x11c/0x1c8 [ 57.054601] kunit_try_run_case+0x170/0x3f0 [ 57.054618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.054638] kthread+0x328/0x630 [ 57.054652] ret_from_fork+0x10/0x20 [ 57.054669] [ 57.130102] Allocated by task 347: [ 57.133558] kasan_save_stack+0x3c/0x68 [ 57.137456] kasan_save_track+0x20/0x40 [ 57.141353] kasan_save_alloc_info+0x40/0x58 [ 57.145692] __kasan_kmalloc+0xd4/0xd8 [ 57.149501] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.154103] kasan_bitops_generic+0xa0/0x1c8 [ 57.158443] kunit_try_run_case+0x170/0x3f0 [ 57.162697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.168256] kthread+0x328/0x630 [ 57.171541] ret_from_fork+0x10/0x20 [ 57.175176] [ 57.176699] The buggy address belongs to the object at ffff000093276b80 [ 57.176699] which belongs to the cache kmalloc-16 of size 16 [ 57.189179] The buggy address is located 8 bytes inside of [ 57.189179] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 57.201575] [ 57.203097] The buggy address belongs to the physical page: [ 57.208744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 57.216841] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 57.223450] page_type: f5(slab) [ 57.226649] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 57.234486] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 57.242320] page dumped because: kasan: bad access detected [ 57.247966] [ 57.249488] Memory state around the buggy address: [ 57.254343] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 57.261656] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.268968] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.276280] ^ [ 57.279823] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.287136] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.294447] ================================================================== [ 56.217611] ================================================================== [ 56.224923] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 56.233991] Read of size 8 at addr ffff000093276b88 by task kunit_try_catch/347 [ 56.241394] [ 56.242920] CPU: 7 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 56.242949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.242957] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.242967] Call trace: [ 56.242974] show_stack+0x20/0x38 (C) [ 56.242990] dump_stack_lvl+0x8c/0xd0 [ 56.243009] print_report+0x118/0x608 [ 56.243026] kasan_report+0xdc/0x128 [ 56.243044] __asan_report_load8_noabort+0x20/0x30 [ 56.243062] kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 56.243083] kasan_bitops_generic+0x11c/0x1c8 [ 56.243103] kunit_try_run_case+0x170/0x3f0 [ 56.243121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.243141] kthread+0x328/0x630 [ 56.243154] ret_from_fork+0x10/0x20 [ 56.243170] [ 56.315173] Allocated by task 347: [ 56.318631] kasan_save_stack+0x3c/0x68 [ 56.322529] kasan_save_track+0x20/0x40 [ 56.326426] kasan_save_alloc_info+0x40/0x58 [ 56.330766] __kasan_kmalloc+0xd4/0xd8 [ 56.334576] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.339178] kasan_bitops_generic+0xa0/0x1c8 [ 56.343518] kunit_try_run_case+0x170/0x3f0 [ 56.347772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.353341] kthread+0x328/0x630 [ 56.356628] ret_from_fork+0x10/0x20 [ 56.360263] [ 56.361787] The buggy address belongs to the object at ffff000093276b80 [ 56.361787] which belongs to the cache kmalloc-16 of size 16 [ 56.374268] The buggy address is located 8 bytes inside of [ 56.374268] allocated 9-byte region [ffff000093276b80, ffff000093276b89) [ 56.386665] [ 56.388188] The buggy address belongs to the physical page: [ 56.393834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113276 [ 56.401934] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.408543] page_type: f5(slab) [ 56.411742] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.419580] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.427415] page dumped because: kasan: bad access detected [ 56.433062] [ 56.434585] Memory state around the buggy address: [ 56.439442] ffff000093276a80: 00 03 fc fc 00 03 fc fc 00 03 fc fc fa fb fc fc [ 56.446756] ffff000093276b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.454069] >ffff000093276b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.461381] ^ [ 56.464925] ffff000093276c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.472239] ffff000093276c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.479550] ==================================================================
[ 29.238800] ================================================================== [ 29.238852] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 29.238964] [ 29.239184] Call trace: [ 29.239318] print_report+0x118/0x608 [ 29.239474] kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 29.239647] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.241569] __kasan_kmalloc+0xd4/0xd8 [ 29.242106] kunit_try_run_case+0x170/0x3f0 [ 29.243455] The buggy address is located 8 bytes inside of [ 29.243455] allocated 9-byte region [fff00000c16b9cc0, fff00000c16b9cc9) [ 29.245147] fff00000c16b9b80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.247696] ==================================================================
[ 24.441761] ================================================================== [ 24.442348] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.442940] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.443511] [ 24.443959] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.444012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.444025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.444050] Call Trace: [ 24.444069] <TASK> [ 24.444089] dump_stack_lvl+0x73/0xb0 [ 24.444118] print_report+0xd1/0x650 [ 24.444139] ? __virt_addr_valid+0x1db/0x2d0 [ 24.444163] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444189] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.444214] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444252] kasan_report+0x141/0x180 [ 24.444274] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444304] kasan_check_range+0x10c/0x1c0 [ 24.444327] __kasan_check_write+0x18/0x20 [ 24.444350] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444376] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.444404] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.444429] ? trace_hardirqs_on+0x37/0xe0 [ 24.444452] ? kasan_bitops_generic+0x92/0x1c0 [ 24.444479] kasan_bitops_generic+0x121/0x1c0 [ 24.444501] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.444525] ? __pfx_read_tsc+0x10/0x10 [ 24.444546] ? ktime_get_ts64+0x86/0x230 [ 24.444571] kunit_try_run_case+0x1a5/0x480 [ 24.444595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.444616] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.444641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.444665] ? __kthread_parkme+0x82/0x180 [ 24.444686] ? preempt_count_sub+0x50/0x80 [ 24.444708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.444731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.444754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.444776] kthread+0x337/0x6f0 [ 24.444906] ? trace_preempt_on+0x20/0xc0 [ 24.444931] ? __pfx_kthread+0x10/0x10 [ 24.444952] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.444974] ? calculate_sigpending+0x7b/0xa0 [ 24.444998] ? __pfx_kthread+0x10/0x10 [ 24.445063] ret_from_fork+0x116/0x1d0 [ 24.445085] ? __pfx_kthread+0x10/0x10 [ 24.445104] ret_from_fork_asm+0x1a/0x30 [ 24.445135] </TASK> [ 24.445146] [ 24.457710] Allocated by task 290: [ 24.457934] kasan_save_stack+0x45/0x70 [ 24.458090] kasan_save_track+0x18/0x40 [ 24.458360] kasan_save_alloc_info+0x3b/0x50 [ 24.458611] __kasan_kmalloc+0xb7/0xc0 [ 24.458803] __kmalloc_cache_noprof+0x189/0x420 [ 24.458954] kasan_bitops_generic+0x92/0x1c0 [ 24.459242] kunit_try_run_case+0x1a5/0x480 [ 24.459469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.459687] kthread+0x337/0x6f0 [ 24.459852] ret_from_fork+0x116/0x1d0 [ 24.460055] ret_from_fork_asm+0x1a/0x30 [ 24.460268] [ 24.460374] The buggy address belongs to the object at ffff88810278b720 [ 24.460374] which belongs to the cache kmalloc-16 of size 16 [ 24.460742] The buggy address is located 8 bytes inside of [ 24.460742] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.461277] [ 24.461346] The buggy address belongs to the physical page: [ 24.461513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.461759] flags: 0x200000000000000(node=0|zone=2) [ 24.462101] page_type: f5(slab) [ 24.462310] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.462687] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.463451] page dumped because: kasan: bad access detected [ 24.463625] [ 24.463686] Memory state around the buggy address: [ 24.464320] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.464666] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.465076] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.465808] ^ [ 24.465967] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.466669] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.467587] ================================================================== [ 24.468765] ================================================================== [ 24.469382] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.469776] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.470642] [ 24.470764] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.470815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.470828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.470853] Call Trace: [ 24.470875] <TASK> [ 24.470896] dump_stack_lvl+0x73/0xb0 [ 24.470926] print_report+0xd1/0x650 [ 24.470950] ? __virt_addr_valid+0x1db/0x2d0 [ 24.470975] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.471035] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471062] kasan_report+0x141/0x180 [ 24.471083] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471114] kasan_check_range+0x10c/0x1c0 [ 24.471137] __kasan_check_write+0x18/0x20 [ 24.471159] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471186] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.471214] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.471247] ? trace_hardirqs_on+0x37/0xe0 [ 24.471269] ? kasan_bitops_generic+0x92/0x1c0 [ 24.471295] kasan_bitops_generic+0x121/0x1c0 [ 24.471318] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.471342] ? __pfx_read_tsc+0x10/0x10 [ 24.471364] ? ktime_get_ts64+0x86/0x230 [ 24.471389] kunit_try_run_case+0x1a5/0x480 [ 24.471413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.471560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.471585] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.471610] ? __kthread_parkme+0x82/0x180 [ 24.471632] ? preempt_count_sub+0x50/0x80 [ 24.471655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.471677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.471701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.471725] kthread+0x337/0x6f0 [ 24.471744] ? trace_preempt_on+0x20/0xc0 [ 24.471765] ? __pfx_kthread+0x10/0x10 [ 24.471796] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.471819] ? calculate_sigpending+0x7b/0xa0 [ 24.471843] ? __pfx_kthread+0x10/0x10 [ 24.471865] ret_from_fork+0x116/0x1d0 [ 24.471887] ? __pfx_kthread+0x10/0x10 [ 24.471908] ret_from_fork_asm+0x1a/0x30 [ 24.471942] </TASK> [ 24.471953] [ 24.483423] Allocated by task 290: [ 24.483688] kasan_save_stack+0x45/0x70 [ 24.484039] kasan_save_track+0x18/0x40 [ 24.484249] kasan_save_alloc_info+0x3b/0x50 [ 24.484677] __kasan_kmalloc+0xb7/0xc0 [ 24.484826] __kmalloc_cache_noprof+0x189/0x420 [ 24.485288] kasan_bitops_generic+0x92/0x1c0 [ 24.485552] kunit_try_run_case+0x1a5/0x480 [ 24.485738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.485988] kthread+0x337/0x6f0 [ 24.486447] ret_from_fork+0x116/0x1d0 [ 24.486708] ret_from_fork_asm+0x1a/0x30 [ 24.486911] [ 24.487012] The buggy address belongs to the object at ffff88810278b720 [ 24.487012] which belongs to the cache kmalloc-16 of size 16 [ 24.487620] The buggy address is located 8 bytes inside of [ 24.487620] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.488341] [ 24.488574] The buggy address belongs to the physical page: [ 24.488939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.489447] flags: 0x200000000000000(node=0|zone=2) [ 24.489807] page_type: f5(slab) [ 24.490055] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.490312] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.490756] page dumped because: kasan: bad access detected [ 24.491215] [ 24.491392] Memory state around the buggy address: [ 24.491574] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.492416] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.492836] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.493133] ^ [ 24.493516] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.493988] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.494393] ================================================================== [ 24.494978] ================================================================== [ 24.495247] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.495787] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.497036] [ 24.497350] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.497408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.497422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.497448] Call Trace: [ 24.497469] <TASK> [ 24.497491] dump_stack_lvl+0x73/0xb0 [ 24.497524] print_report+0xd1/0x650 [ 24.497548] ? __virt_addr_valid+0x1db/0x2d0 [ 24.497573] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497599] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.497625] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497652] kasan_report+0x141/0x180 [ 24.497672] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497703] kasan_check_range+0x10c/0x1c0 [ 24.497725] __kasan_check_write+0x18/0x20 [ 24.497748] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497783] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.497812] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.497836] ? trace_hardirqs_on+0x37/0xe0 [ 24.497858] ? kasan_bitops_generic+0x92/0x1c0 [ 24.497885] kasan_bitops_generic+0x121/0x1c0 [ 24.497907] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.497931] ? __pfx_read_tsc+0x10/0x10 [ 24.497953] ? ktime_get_ts64+0x86/0x230 [ 24.497978] kunit_try_run_case+0x1a5/0x480 [ 24.498003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.498025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.498051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.498075] ? __kthread_parkme+0x82/0x180 [ 24.498096] ? preempt_count_sub+0x50/0x80 [ 24.498118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.498140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.498164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.498187] kthread+0x337/0x6f0 [ 24.498207] ? trace_preempt_on+0x20/0xc0 [ 24.498238] ? __pfx_kthread+0x10/0x10 [ 24.498259] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.498281] ? calculate_sigpending+0x7b/0xa0 [ 24.498305] ? __pfx_kthread+0x10/0x10 [ 24.498325] ret_from_fork+0x116/0x1d0 [ 24.498344] ? __pfx_kthread+0x10/0x10 [ 24.498363] ret_from_fork_asm+0x1a/0x30 [ 24.498395] </TASK> [ 24.498407] [ 24.513352] Allocated by task 290: [ 24.513530] kasan_save_stack+0x45/0x70 [ 24.513855] kasan_save_track+0x18/0x40 [ 24.514324] kasan_save_alloc_info+0x3b/0x50 [ 24.514695] __kasan_kmalloc+0xb7/0xc0 [ 24.514874] __kmalloc_cache_noprof+0x189/0x420 [ 24.515439] kasan_bitops_generic+0x92/0x1c0 [ 24.515894] kunit_try_run_case+0x1a5/0x480 [ 24.516293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.516820] kthread+0x337/0x6f0 [ 24.517105] ret_from_fork+0x116/0x1d0 [ 24.517487] ret_from_fork_asm+0x1a/0x30 [ 24.517898] [ 24.517977] The buggy address belongs to the object at ffff88810278b720 [ 24.517977] which belongs to the cache kmalloc-16 of size 16 [ 24.518622] The buggy address is located 8 bytes inside of [ 24.518622] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.519605] [ 24.519781] The buggy address belongs to the physical page: [ 24.520406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.521139] flags: 0x200000000000000(node=0|zone=2) [ 24.521333] page_type: f5(slab) [ 24.521454] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.521674] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.521901] page dumped because: kasan: bad access detected [ 24.522067] [ 24.522129] Memory state around the buggy address: [ 24.522293] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.522504] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.522811] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.523125] ^ [ 24.523424] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.523768] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.523978] ================================================================== [ 24.417968] ================================================================== [ 24.418304] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.418970] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.419335] [ 24.419476] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.419565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.419578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.419615] Call Trace: [ 24.419660] <TASK> [ 24.419683] dump_stack_lvl+0x73/0xb0 [ 24.419713] print_report+0xd1/0x650 [ 24.419735] ? __virt_addr_valid+0x1db/0x2d0 [ 24.419760] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419786] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.419813] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419839] kasan_report+0x141/0x180 [ 24.419861] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419892] kasan_check_range+0x10c/0x1c0 [ 24.419914] __kasan_check_write+0x18/0x20 [ 24.419936] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419963] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.419991] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.420014] ? trace_hardirqs_on+0x37/0xe0 [ 24.420038] ? kasan_bitops_generic+0x92/0x1c0 [ 24.420063] kasan_bitops_generic+0x121/0x1c0 [ 24.420086] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.420110] ? __pfx_read_tsc+0x10/0x10 [ 24.420511] ? ktime_get_ts64+0x86/0x230 [ 24.420540] kunit_try_run_case+0x1a5/0x480 [ 24.420567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.420590] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.420616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.420640] ? __kthread_parkme+0x82/0x180 [ 24.420661] ? preempt_count_sub+0x50/0x80 [ 24.420684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.420708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.420730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.420754] kthread+0x337/0x6f0 [ 24.420773] ? trace_preempt_on+0x20/0xc0 [ 24.420859] ? __pfx_kthread+0x10/0x10 [ 24.420881] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.420904] ? calculate_sigpending+0x7b/0xa0 [ 24.420929] ? __pfx_kthread+0x10/0x10 [ 24.420976] ret_from_fork+0x116/0x1d0 [ 24.420996] ? __pfx_kthread+0x10/0x10 [ 24.421016] ret_from_fork_asm+0x1a/0x30 [ 24.421048] </TASK> [ 24.421059] [ 24.430334] Allocated by task 290: [ 24.430465] kasan_save_stack+0x45/0x70 [ 24.430666] kasan_save_track+0x18/0x40 [ 24.430982] kasan_save_alloc_info+0x3b/0x50 [ 24.431271] __kasan_kmalloc+0xb7/0xc0 [ 24.431459] __kmalloc_cache_noprof+0x189/0x420 [ 24.431657] kasan_bitops_generic+0x92/0x1c0 [ 24.432083] kunit_try_run_case+0x1a5/0x480 [ 24.432279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.432596] kthread+0x337/0x6f0 [ 24.432787] ret_from_fork+0x116/0x1d0 [ 24.433034] ret_from_fork_asm+0x1a/0x30 [ 24.433198] [ 24.433305] The buggy address belongs to the object at ffff88810278b720 [ 24.433305] which belongs to the cache kmalloc-16 of size 16 [ 24.433913] The buggy address is located 8 bytes inside of [ 24.433913] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.434564] [ 24.434668] The buggy address belongs to the physical page: [ 24.434923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.435384] flags: 0x200000000000000(node=0|zone=2) [ 24.435617] page_type: f5(slab) [ 24.435766] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.436092] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.436323] page dumped because: kasan: bad access detected [ 24.436547] [ 24.436639] Memory state around the buggy address: [ 24.436862] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.437363] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.437681] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.438508] ^ [ 24.438668] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.439665] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.440262] ================================================================== [ 24.373705] ================================================================== [ 24.374340] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.374775] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.375149] [ 24.375358] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.375410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.375423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.375447] Call Trace: [ 24.375468] <TASK> [ 24.375490] dump_stack_lvl+0x73/0xb0 [ 24.375519] print_report+0xd1/0x650 [ 24.375542] ? __virt_addr_valid+0x1db/0x2d0 [ 24.375565] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.375618] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375724] kasan_report+0x141/0x180 [ 24.375751] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375820] kasan_check_range+0x10c/0x1c0 [ 24.375846] __kasan_check_write+0x18/0x20 [ 24.375869] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375896] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.375922] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.375947] ? trace_hardirqs_on+0x37/0xe0 [ 24.375969] ? kasan_bitops_generic+0x92/0x1c0 [ 24.375994] kasan_bitops_generic+0x121/0x1c0 [ 24.376034] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.376058] ? __pfx_read_tsc+0x10/0x10 [ 24.376081] ? ktime_get_ts64+0x86/0x230 [ 24.376105] kunit_try_run_case+0x1a5/0x480 [ 24.376130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.376151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.376178] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.376202] ? __kthread_parkme+0x82/0x180 [ 24.376282] ? preempt_count_sub+0x50/0x80 [ 24.376310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.376334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.376357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.376381] kthread+0x337/0x6f0 [ 24.376401] ? trace_preempt_on+0x20/0xc0 [ 24.376422] ? __pfx_kthread+0x10/0x10 [ 24.376442] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.376465] ? calculate_sigpending+0x7b/0xa0 [ 24.376489] ? __pfx_kthread+0x10/0x10 [ 24.376510] ret_from_fork+0x116/0x1d0 [ 24.376529] ? __pfx_kthread+0x10/0x10 [ 24.376549] ret_from_fork_asm+0x1a/0x30 [ 24.376580] </TASK> [ 24.376591] [ 24.386591] Allocated by task 290: [ 24.386785] kasan_save_stack+0x45/0x70 [ 24.386995] kasan_save_track+0x18/0x40 [ 24.387263] kasan_save_alloc_info+0x3b/0x50 [ 24.387470] __kasan_kmalloc+0xb7/0xc0 [ 24.387823] __kmalloc_cache_noprof+0x189/0x420 [ 24.388148] kasan_bitops_generic+0x92/0x1c0 [ 24.388357] kunit_try_run_case+0x1a5/0x480 [ 24.388501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.388666] kthread+0x337/0x6f0 [ 24.388869] ret_from_fork+0x116/0x1d0 [ 24.389114] ret_from_fork_asm+0x1a/0x30 [ 24.389321] [ 24.389411] The buggy address belongs to the object at ffff88810278b720 [ 24.389411] which belongs to the cache kmalloc-16 of size 16 [ 24.390331] The buggy address is located 8 bytes inside of [ 24.390331] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.390849] [ 24.390945] The buggy address belongs to the physical page: [ 24.391233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.391695] flags: 0x200000000000000(node=0|zone=2) [ 24.391991] page_type: f5(slab) [ 24.392184] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.392560] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.392896] page dumped because: kasan: bad access detected [ 24.393147] [ 24.393368] Memory state around the buggy address: [ 24.393600] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.393933] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.394248] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.394463] ^ [ 24.394676] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.395481] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.395852] ================================================================== [ 24.564540] ================================================================== [ 24.565069] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.565434] Read of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.565710] [ 24.565865] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.565916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.565929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.565953] Call Trace: [ 24.565974] <TASK> [ 24.565996] dump_stack_lvl+0x73/0xb0 [ 24.566040] print_report+0xd1/0x650 [ 24.566062] ? __virt_addr_valid+0x1db/0x2d0 [ 24.566086] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566114] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.566139] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566166] kasan_report+0x141/0x180 [ 24.566187] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566217] __asan_report_load8_noabort+0x18/0x20 [ 24.566250] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566279] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.566306] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.566329] ? trace_hardirqs_on+0x37/0xe0 [ 24.566352] ? kasan_bitops_generic+0x92/0x1c0 [ 24.566378] kasan_bitops_generic+0x121/0x1c0 [ 24.566401] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.566425] ? __pfx_read_tsc+0x10/0x10 [ 24.566446] ? ktime_get_ts64+0x86/0x230 [ 24.566470] kunit_try_run_case+0x1a5/0x480 [ 24.566494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.566517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.566542] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.566566] ? __kthread_parkme+0x82/0x180 [ 24.566586] ? preempt_count_sub+0x50/0x80 [ 24.566609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.566632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.566655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.566706] kthread+0x337/0x6f0 [ 24.566727] ? trace_preempt_on+0x20/0xc0 [ 24.566748] ? __pfx_kthread+0x10/0x10 [ 24.566768] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.566825] ? calculate_sigpending+0x7b/0xa0 [ 24.566849] ? __pfx_kthread+0x10/0x10 [ 24.566870] ret_from_fork+0x116/0x1d0 [ 24.566890] ? __pfx_kthread+0x10/0x10 [ 24.566925] ret_from_fork_asm+0x1a/0x30 [ 24.566970] </TASK> [ 24.566995] [ 24.575506] Allocated by task 290: [ 24.575684] kasan_save_stack+0x45/0x70 [ 24.575994] kasan_save_track+0x18/0x40 [ 24.576240] kasan_save_alloc_info+0x3b/0x50 [ 24.576489] __kasan_kmalloc+0xb7/0xc0 [ 24.576649] __kmalloc_cache_noprof+0x189/0x420 [ 24.576884] kasan_bitops_generic+0x92/0x1c0 [ 24.577100] kunit_try_run_case+0x1a5/0x480 [ 24.577319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.577536] kthread+0x337/0x6f0 [ 24.577674] ret_from_fork+0x116/0x1d0 [ 24.577885] ret_from_fork_asm+0x1a/0x30 [ 24.578117] [ 24.578227] The buggy address belongs to the object at ffff88810278b720 [ 24.578227] which belongs to the cache kmalloc-16 of size 16 [ 24.578689] The buggy address is located 8 bytes inside of [ 24.578689] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.579300] [ 24.579395] The buggy address belongs to the physical page: [ 24.579617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.579983] flags: 0x200000000000000(node=0|zone=2) [ 24.580233] page_type: f5(slab) [ 24.580466] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.580841] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.581188] page dumped because: kasan: bad access detected [ 24.581514] [ 24.581600] Memory state around the buggy address: [ 24.581854] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.582278] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.582574] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.582887] ^ [ 24.583185] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.583461] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.583741] ================================================================== [ 24.396397] ================================================================== [ 24.396740] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.397252] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.397573] [ 24.397682] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.397731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.397743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.397766] Call Trace: [ 24.397843] <TASK> [ 24.397864] dump_stack_lvl+0x73/0xb0 [ 24.397893] print_report+0xd1/0x650 [ 24.397933] ? __virt_addr_valid+0x1db/0x2d0 [ 24.397957] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.397983] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.398008] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.398034] kasan_report+0x141/0x180 [ 24.398055] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.398085] kasan_check_range+0x10c/0x1c0 [ 24.398124] __kasan_check_write+0x18/0x20 [ 24.398159] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.398186] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.398213] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.398246] ? trace_hardirqs_on+0x37/0xe0 [ 24.398267] ? kasan_bitops_generic+0x92/0x1c0 [ 24.398293] kasan_bitops_generic+0x121/0x1c0 [ 24.398316] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.398339] ? __pfx_read_tsc+0x10/0x10 [ 24.398361] ? ktime_get_ts64+0x86/0x230 [ 24.398385] kunit_try_run_case+0x1a5/0x480 [ 24.398409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.398456] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.398480] ? __kthread_parkme+0x82/0x180 [ 24.398500] ? preempt_count_sub+0x50/0x80 [ 24.398541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.398588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.398611] kthread+0x337/0x6f0 [ 24.398629] ? trace_preempt_on+0x20/0xc0 [ 24.398650] ? __pfx_kthread+0x10/0x10 [ 24.398670] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.398709] ? calculate_sigpending+0x7b/0xa0 [ 24.398733] ? __pfx_kthread+0x10/0x10 [ 24.398753] ret_from_fork+0x116/0x1d0 [ 24.398773] ? __pfx_kthread+0x10/0x10 [ 24.398826] ret_from_fork_asm+0x1a/0x30 [ 24.398859] </TASK> [ 24.398869] [ 24.408474] Allocated by task 290: [ 24.408650] kasan_save_stack+0x45/0x70 [ 24.408844] kasan_save_track+0x18/0x40 [ 24.409080] kasan_save_alloc_info+0x3b/0x50 [ 24.409504] __kasan_kmalloc+0xb7/0xc0 [ 24.409689] __kmalloc_cache_noprof+0x189/0x420 [ 24.409951] kasan_bitops_generic+0x92/0x1c0 [ 24.410093] kunit_try_run_case+0x1a5/0x480 [ 24.410332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.410674] kthread+0x337/0x6f0 [ 24.410857] ret_from_fork+0x116/0x1d0 [ 24.411079] ret_from_fork_asm+0x1a/0x30 [ 24.411303] [ 24.411395] The buggy address belongs to the object at ffff88810278b720 [ 24.411395] which belongs to the cache kmalloc-16 of size 16 [ 24.412145] The buggy address is located 8 bytes inside of [ 24.412145] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.412728] [ 24.412813] The buggy address belongs to the physical page: [ 24.413066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.413432] flags: 0x200000000000000(node=0|zone=2) [ 24.413663] page_type: f5(slab) [ 24.413826] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.414157] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.414636] page dumped because: kasan: bad access detected [ 24.414832] [ 24.414895] Memory state around the buggy address: [ 24.415104] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.415564] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.415982] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.416303] ^ [ 24.416536] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.416855] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.417424] ================================================================== [ 24.524511] ================================================================== [ 24.524882] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.525480] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.525867] [ 24.525954] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.526024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.526056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.526080] Call Trace: [ 24.526102] <TASK> [ 24.526122] dump_stack_lvl+0x73/0xb0 [ 24.526164] print_report+0xd1/0x650 [ 24.526200] ? __virt_addr_valid+0x1db/0x2d0 [ 24.526235] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.526308] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526335] kasan_report+0x141/0x180 [ 24.526356] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526387] kasan_check_range+0x10c/0x1c0 [ 24.526410] __kasan_check_write+0x18/0x20 [ 24.526433] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526459] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.526503] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.526527] ? trace_hardirqs_on+0x37/0xe0 [ 24.526549] ? kasan_bitops_generic+0x92/0x1c0 [ 24.526576] kasan_bitops_generic+0x121/0x1c0 [ 24.526598] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.526621] ? __pfx_read_tsc+0x10/0x10 [ 24.526642] ? ktime_get_ts64+0x86/0x230 [ 24.526667] kunit_try_run_case+0x1a5/0x480 [ 24.526709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.526732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.526758] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.526805] ? __kthread_parkme+0x82/0x180 [ 24.526826] ? preempt_count_sub+0x50/0x80 [ 24.526849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.526873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.526896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.526920] kthread+0x337/0x6f0 [ 24.526938] ? trace_preempt_on+0x20/0xc0 [ 24.526977] ? __pfx_kthread+0x10/0x10 [ 24.526997] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.527067] ? calculate_sigpending+0x7b/0xa0 [ 24.527091] ? __pfx_kthread+0x10/0x10 [ 24.527111] ret_from_fork+0x116/0x1d0 [ 24.527131] ? __pfx_kthread+0x10/0x10 [ 24.527150] ret_from_fork_asm+0x1a/0x30 [ 24.527181] </TASK> [ 24.527192] [ 24.536129] Allocated by task 290: [ 24.536337] kasan_save_stack+0x45/0x70 [ 24.536536] kasan_save_track+0x18/0x40 [ 24.536717] kasan_save_alloc_info+0x3b/0x50 [ 24.536914] __kasan_kmalloc+0xb7/0xc0 [ 24.537035] __kmalloc_cache_noprof+0x189/0x420 [ 24.537177] kasan_bitops_generic+0x92/0x1c0 [ 24.537445] kunit_try_run_case+0x1a5/0x480 [ 24.537759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.538000] kthread+0x337/0x6f0 [ 24.538226] ret_from_fork+0x116/0x1d0 [ 24.538419] ret_from_fork_asm+0x1a/0x30 [ 24.538551] [ 24.538613] The buggy address belongs to the object at ffff88810278b720 [ 24.538613] which belongs to the cache kmalloc-16 of size 16 [ 24.538953] The buggy address is located 8 bytes inside of [ 24.538953] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.539399] [ 24.539492] The buggy address belongs to the physical page: [ 24.539890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.540298] flags: 0x200000000000000(node=0|zone=2) [ 24.540530] page_type: f5(slab) [ 24.540692] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.541097] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.541487] page dumped because: kasan: bad access detected [ 24.541667] [ 24.541745] Memory state around the buggy address: [ 24.542025] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.542366] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.542571] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.543033] ^ [ 24.543272] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.543595] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.543924] ================================================================== [ 24.544670] ================================================================== [ 24.545314] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.545640] Read of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.545956] [ 24.546093] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.546184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.546197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.546247] Call Trace: [ 24.546267] <TASK> [ 24.546289] dump_stack_lvl+0x73/0xb0 [ 24.546333] print_report+0xd1/0x650 [ 24.546370] ? __virt_addr_valid+0x1db/0x2d0 [ 24.546421] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.546473] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546500] kasan_report+0x141/0x180 [ 24.546521] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546551] kasan_check_range+0x10c/0x1c0 [ 24.546574] __kasan_check_read+0x15/0x20 [ 24.546596] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546623] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.546649] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.546672] ? trace_hardirqs_on+0x37/0xe0 [ 24.546694] ? kasan_bitops_generic+0x92/0x1c0 [ 24.546720] kasan_bitops_generic+0x121/0x1c0 [ 24.546745] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.546768] ? __pfx_read_tsc+0x10/0x10 [ 24.546790] ? ktime_get_ts64+0x86/0x230 [ 24.546814] kunit_try_run_case+0x1a5/0x480 [ 24.546839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.546861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.546886] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.546910] ? __kthread_parkme+0x82/0x180 [ 24.546931] ? preempt_count_sub+0x50/0x80 [ 24.546957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.546982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.547024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.547054] kthread+0x337/0x6f0 [ 24.547074] ? trace_preempt_on+0x20/0xc0 [ 24.547096] ? __pfx_kthread+0x10/0x10 [ 24.547116] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.547139] ? calculate_sigpending+0x7b/0xa0 [ 24.547163] ? __pfx_kthread+0x10/0x10 [ 24.547183] ret_from_fork+0x116/0x1d0 [ 24.547203] ? __pfx_kthread+0x10/0x10 [ 24.547231] ret_from_fork_asm+0x1a/0x30 [ 24.547263] </TASK> [ 24.547274] [ 24.555485] Allocated by task 290: [ 24.555701] kasan_save_stack+0x45/0x70 [ 24.555933] kasan_save_track+0x18/0x40 [ 24.556190] kasan_save_alloc_info+0x3b/0x50 [ 24.556410] __kasan_kmalloc+0xb7/0xc0 [ 24.556609] __kmalloc_cache_noprof+0x189/0x420 [ 24.556896] kasan_bitops_generic+0x92/0x1c0 [ 24.557177] kunit_try_run_case+0x1a5/0x480 [ 24.557404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.557630] kthread+0x337/0x6f0 [ 24.557742] ret_from_fork+0x116/0x1d0 [ 24.557864] ret_from_fork_asm+0x1a/0x30 [ 24.558119] [ 24.558265] The buggy address belongs to the object at ffff88810278b720 [ 24.558265] which belongs to the cache kmalloc-16 of size 16 [ 24.558826] The buggy address is located 8 bytes inside of [ 24.558826] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.559451] [ 24.559525] The buggy address belongs to the physical page: [ 24.559767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.560003] flags: 0x200000000000000(node=0|zone=2) [ 24.560243] page_type: f5(slab) [ 24.560407] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.560743] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.561077] page dumped because: kasan: bad access detected [ 24.561341] [ 24.561432] Memory state around the buggy address: [ 24.561597] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.561809] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.562164] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.562524] ^ [ 24.562760] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563142] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563675] ==================================================================