Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 25.518816] ================================================================== [ 25.519525] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.520033] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.520567] [ 25.520939] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.521002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.521018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.521043] Call Trace: [ 25.521078] <TASK> [ 25.521101] dump_stack_lvl+0x73/0xb0 [ 25.521135] print_report+0xd1/0x650 [ 25.521160] ? __virt_addr_valid+0x1db/0x2d0 [ 25.521197] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521223] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.521249] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521274] kasan_report+0x141/0x180 [ 25.521295] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521325] kasan_check_range+0x10c/0x1c0 [ 25.521348] __kasan_check_write+0x18/0x20 [ 25.521371] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521396] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.521421] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.521446] ? trace_hardirqs_on+0x37/0xe0 [ 25.521469] ? kasan_bitops_generic+0x92/0x1c0 [ 25.521496] kasan_bitops_generic+0x116/0x1c0 [ 25.521519] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.521543] ? __pfx_read_tsc+0x10/0x10 [ 25.521565] ? ktime_get_ts64+0x86/0x230 [ 25.521591] kunit_try_run_case+0x1a5/0x480 [ 25.521618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.521642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.521664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.521686] ? __kthread_parkme+0x82/0x180 [ 25.521708] ? preempt_count_sub+0x50/0x80 [ 25.521731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.521756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.521780] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.521806] kthread+0x337/0x6f0 [ 25.521835] ? trace_preempt_on+0x20/0xc0 [ 25.521858] ? __pfx_kthread+0x10/0x10 [ 25.521878] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.521903] ? calculate_sigpending+0x7b/0xa0 [ 25.522292] ? __pfx_kthread+0x10/0x10 [ 25.522336] ret_from_fork+0x116/0x1d0 [ 25.522361] ? __pfx_kthread+0x10/0x10 [ 25.522382] ret_from_fork_asm+0x1a/0x30 [ 25.522414] </TASK> [ 25.522428] [ 25.531782] Allocated by task 310: [ 25.532056] kasan_save_stack+0x45/0x70 [ 25.532436] kasan_save_track+0x18/0x40 [ 25.532616] kasan_save_alloc_info+0x3b/0x50 [ 25.532827] __kasan_kmalloc+0xb7/0xc0 [ 25.533081] __kmalloc_cache_noprof+0x189/0x420 [ 25.533234] kasan_bitops_generic+0x92/0x1c0 [ 25.533377] kunit_try_run_case+0x1a5/0x480 [ 25.533522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.533774] kthread+0x337/0x6f0 [ 25.534092] ret_from_fork+0x116/0x1d0 [ 25.534278] ret_from_fork_asm+0x1a/0x30 [ 25.534471] [ 25.534983] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.534983] which belongs to the cache kmalloc-16 of size 16 [ 25.535523] The buggy address is located 8 bytes inside of [ 25.535523] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.536257] [ 25.536370] The buggy address belongs to the physical page: [ 25.536591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.536943] flags: 0x200000000000000(node=0|zone=2) [ 25.537137] page_type: f5(slab) [ 25.537358] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.537660] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.537892] page dumped because: kasan: bad access detected [ 25.538087] [ 25.538239] Memory state around the buggy address: [ 25.538465] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.538757] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.538968] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.539562] ^ [ 25.539846] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.540629] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.540854] ================================================================== [ 25.431855] ================================================================== [ 25.432327] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.432695] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.433017] [ 25.433116] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.433381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.433403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.433428] Call Trace: [ 25.433451] <TASK> [ 25.433471] dump_stack_lvl+0x73/0xb0 [ 25.433504] print_report+0xd1/0x650 [ 25.433541] ? __virt_addr_valid+0x1db/0x2d0 [ 25.433566] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433603] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.433629] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433656] kasan_report+0x141/0x180 [ 25.433678] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433707] kasan_check_range+0x10c/0x1c0 [ 25.433730] __kasan_check_write+0x18/0x20 [ 25.433754] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433779] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.433806] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.433836] ? trace_hardirqs_on+0x37/0xe0 [ 25.433860] ? kasan_bitops_generic+0x92/0x1c0 [ 25.433887] kasan_bitops_generic+0x116/0x1c0 [ 25.433910] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.433936] ? __pfx_read_tsc+0x10/0x10 [ 25.433959] ? ktime_get_ts64+0x86/0x230 [ 25.433985] kunit_try_run_case+0x1a5/0x480 [ 25.434013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.434073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.434097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.434129] ? __kthread_parkme+0x82/0x180 [ 25.434151] ? preempt_count_sub+0x50/0x80 [ 25.434195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.434221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.434246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.434271] kthread+0x337/0x6f0 [ 25.434291] ? trace_preempt_on+0x20/0xc0 [ 25.434313] ? __pfx_kthread+0x10/0x10 [ 25.434334] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.434358] ? calculate_sigpending+0x7b/0xa0 [ 25.434488] ? __pfx_kthread+0x10/0x10 [ 25.434513] ret_from_fork+0x116/0x1d0 [ 25.434534] ? __pfx_kthread+0x10/0x10 [ 25.434555] ret_from_fork_asm+0x1a/0x30 [ 25.434588] </TASK> [ 25.434600] [ 25.443477] Allocated by task 310: [ 25.443652] kasan_save_stack+0x45/0x70 [ 25.443883] kasan_save_track+0x18/0x40 [ 25.444119] kasan_save_alloc_info+0x3b/0x50 [ 25.444390] __kasan_kmalloc+0xb7/0xc0 [ 25.444571] __kmalloc_cache_noprof+0x189/0x420 [ 25.444806] kasan_bitops_generic+0x92/0x1c0 [ 25.445040] kunit_try_run_case+0x1a5/0x480 [ 25.445477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.445709] kthread+0x337/0x6f0 [ 25.445908] ret_from_fork+0x116/0x1d0 [ 25.446140] ret_from_fork_asm+0x1a/0x30 [ 25.446430] [ 25.446527] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.446527] which belongs to the cache kmalloc-16 of size 16 [ 25.447016] The buggy address is located 8 bytes inside of [ 25.447016] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.447718] [ 25.447839] The buggy address belongs to the physical page: [ 25.448084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.448508] flags: 0x200000000000000(node=0|zone=2) [ 25.448768] page_type: f5(slab) [ 25.448988] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.449606] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.449963] page dumped because: kasan: bad access detected [ 25.450303] [ 25.450420] Memory state around the buggy address: [ 25.450607] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.450828] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.451305] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.451640] ^ [ 25.451897] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.452284] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.452628] ================================================================== [ 25.410676] ================================================================== [ 25.410996] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.411412] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.411695] [ 25.411822] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.411875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.411889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.411913] Call Trace: [ 25.411934] <TASK> [ 25.411956] dump_stack_lvl+0x73/0xb0 [ 25.411986] print_report+0xd1/0x650 [ 25.412010] ? __virt_addr_valid+0x1db/0x2d0 [ 25.412035] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412070] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.412096] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412122] kasan_report+0x141/0x180 [ 25.412154] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412200] kasan_check_range+0x10c/0x1c0 [ 25.412224] __kasan_check_write+0x18/0x20 [ 25.412248] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412365] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.412399] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.412426] ? trace_hardirqs_on+0x37/0xe0 [ 25.412539] ? kasan_bitops_generic+0x92/0x1c0 [ 25.412573] kasan_bitops_generic+0x116/0x1c0 [ 25.412597] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.412684] ? __pfx_read_tsc+0x10/0x10 [ 25.412723] ? ktime_get_ts64+0x86/0x230 [ 25.412748] kunit_try_run_case+0x1a5/0x480 [ 25.412776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.412801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.412824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.412847] ? __kthread_parkme+0x82/0x180 [ 25.412868] ? preempt_count_sub+0x50/0x80 [ 25.412892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.412918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.412953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.412979] kthread+0x337/0x6f0 [ 25.412998] ? trace_preempt_on+0x20/0xc0 [ 25.413021] ? __pfx_kthread+0x10/0x10 [ 25.413043] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.413085] ? calculate_sigpending+0x7b/0xa0 [ 25.413110] ? __pfx_kthread+0x10/0x10 [ 25.413142] ret_from_fork+0x116/0x1d0 [ 25.413162] ? __pfx_kthread+0x10/0x10 [ 25.413231] ret_from_fork_asm+0x1a/0x30 [ 25.413267] </TASK> [ 25.413291] [ 25.422264] Allocated by task 310: [ 25.422481] kasan_save_stack+0x45/0x70 [ 25.422686] kasan_save_track+0x18/0x40 [ 25.422864] kasan_save_alloc_info+0x3b/0x50 [ 25.423078] __kasan_kmalloc+0xb7/0xc0 [ 25.423302] __kmalloc_cache_noprof+0x189/0x420 [ 25.423552] kasan_bitops_generic+0x92/0x1c0 [ 25.423784] kunit_try_run_case+0x1a5/0x480 [ 25.423981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.424192] kthread+0x337/0x6f0 [ 25.424361] ret_from_fork+0x116/0x1d0 [ 25.424540] ret_from_fork_asm+0x1a/0x30 [ 25.424706] [ 25.424789] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.424789] which belongs to the cache kmalloc-16 of size 16 [ 25.425586] The buggy address is located 8 bytes inside of [ 25.425586] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.426002] [ 25.426084] The buggy address belongs to the physical page: [ 25.426437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.426793] flags: 0x200000000000000(node=0|zone=2) [ 25.427081] page_type: f5(slab) [ 25.427321] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.427640] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.427875] page dumped because: kasan: bad access detected [ 25.428257] [ 25.428369] Memory state around the buggy address: [ 25.428595] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.428875] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.429129] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.429632] ^ [ 25.429903] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.430348] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.430666] ================================================================== [ 25.367149] ================================================================== [ 25.368018] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.368549] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.368844] [ 25.368976] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.369043] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.369057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.369099] Call Trace: [ 25.369114] <TASK> [ 25.369145] dump_stack_lvl+0x73/0xb0 [ 25.369181] print_report+0xd1/0x650 [ 25.369217] ? __virt_addr_valid+0x1db/0x2d0 [ 25.369245] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.369369] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369399] kasan_report+0x141/0x180 [ 25.369434] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369463] kasan_check_range+0x10c/0x1c0 [ 25.369499] __kasan_check_write+0x18/0x20 [ 25.369523] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369557] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.369583] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.369609] ? trace_hardirqs_on+0x37/0xe0 [ 25.369644] ? kasan_bitops_generic+0x92/0x1c0 [ 25.369670] kasan_bitops_generic+0x116/0x1c0 [ 25.369694] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.369718] ? __pfx_read_tsc+0x10/0x10 [ 25.369742] ? ktime_get_ts64+0x86/0x230 [ 25.369768] kunit_try_run_case+0x1a5/0x480 [ 25.369796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.369826] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.369849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.369872] ? __kthread_parkme+0x82/0x180 [ 25.369894] ? preempt_count_sub+0x50/0x80 [ 25.369919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.369956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.369981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.370006] kthread+0x337/0x6f0 [ 25.370025] ? trace_preempt_on+0x20/0xc0 [ 25.370048] ? __pfx_kthread+0x10/0x10 [ 25.370077] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.370102] ? calculate_sigpending+0x7b/0xa0 [ 25.370126] ? __pfx_kthread+0x10/0x10 [ 25.370148] ret_from_fork+0x116/0x1d0 [ 25.370167] ? __pfx_kthread+0x10/0x10 [ 25.370333] ret_from_fork_asm+0x1a/0x30 [ 25.370374] </TASK> [ 25.370387] [ 25.378792] Allocated by task 310: [ 25.379022] kasan_save_stack+0x45/0x70 [ 25.379443] kasan_save_track+0x18/0x40 [ 25.379666] kasan_save_alloc_info+0x3b/0x50 [ 25.379837] __kasan_kmalloc+0xb7/0xc0 [ 25.380093] __kmalloc_cache_noprof+0x189/0x420 [ 25.380419] kasan_bitops_generic+0x92/0x1c0 [ 25.380626] kunit_try_run_case+0x1a5/0x480 [ 25.380834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.381160] kthread+0x337/0x6f0 [ 25.381367] ret_from_fork+0x116/0x1d0 [ 25.381566] ret_from_fork_asm+0x1a/0x30 [ 25.381756] [ 25.381855] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.381855] which belongs to the cache kmalloc-16 of size 16 [ 25.382482] The buggy address is located 8 bytes inside of [ 25.382482] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.382840] [ 25.382910] The buggy address belongs to the physical page: [ 25.383261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.383617] flags: 0x200000000000000(node=0|zone=2) [ 25.383854] page_type: f5(slab) [ 25.384382] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.384749] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.384978] page dumped because: kasan: bad access detected [ 25.385157] [ 25.385224] Memory state around the buggy address: [ 25.385618] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.385976] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.386353] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.386732] ^ [ 25.387104] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.388551] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.388858] ================================================================== [ 25.389427] ================================================================== [ 25.389711] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.390079] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.390536] [ 25.390645] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.390700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.390714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.390738] Call Trace: [ 25.390761] <TASK> [ 25.390782] dump_stack_lvl+0x73/0xb0 [ 25.390814] print_report+0xd1/0x650 [ 25.390838] ? __virt_addr_valid+0x1db/0x2d0 [ 25.390874] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.390901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.390927] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.390966] kasan_report+0x141/0x180 [ 25.390989] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.391019] kasan_check_range+0x10c/0x1c0 [ 25.391043] __kasan_check_write+0x18/0x20 [ 25.391076] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.391102] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.391129] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.391154] ? trace_hardirqs_on+0x37/0xe0 [ 25.391191] ? kasan_bitops_generic+0x92/0x1c0 [ 25.391218] kasan_bitops_generic+0x116/0x1c0 [ 25.391242] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.391267] ? __pfx_read_tsc+0x10/0x10 [ 25.391289] ? ktime_get_ts64+0x86/0x230 [ 25.391385] kunit_try_run_case+0x1a5/0x480 [ 25.391414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.391437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.391460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.391483] ? __kthread_parkme+0x82/0x180 [ 25.391505] ? preempt_count_sub+0x50/0x80 [ 25.391529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.391554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.391579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.391604] kthread+0x337/0x6f0 [ 25.391624] ? trace_preempt_on+0x20/0xc0 [ 25.391646] ? __pfx_kthread+0x10/0x10 [ 25.391677] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.391701] ? calculate_sigpending+0x7b/0xa0 [ 25.391726] ? __pfx_kthread+0x10/0x10 [ 25.391757] ret_from_fork+0x116/0x1d0 [ 25.391778] ? __pfx_kthread+0x10/0x10 [ 25.391798] ret_from_fork_asm+0x1a/0x30 [ 25.391830] </TASK> [ 25.391852] [ 25.401086] Allocated by task 310: [ 25.401481] kasan_save_stack+0x45/0x70 [ 25.401636] kasan_save_track+0x18/0x40 [ 25.401768] kasan_save_alloc_info+0x3b/0x50 [ 25.401923] __kasan_kmalloc+0xb7/0xc0 [ 25.402135] __kmalloc_cache_noprof+0x189/0x420 [ 25.402643] kasan_bitops_generic+0x92/0x1c0 [ 25.402846] kunit_try_run_case+0x1a5/0x480 [ 25.402995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.403178] kthread+0x337/0x6f0 [ 25.403413] ret_from_fork+0x116/0x1d0 [ 25.403608] ret_from_fork_asm+0x1a/0x30 [ 25.403800] [ 25.403888] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.403888] which belongs to the cache kmalloc-16 of size 16 [ 25.404678] The buggy address is located 8 bytes inside of [ 25.404678] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.405043] [ 25.405243] The buggy address belongs to the physical page: [ 25.405550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.406179] flags: 0x200000000000000(node=0|zone=2) [ 25.406470] page_type: f5(slab) [ 25.406592] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.406880] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.407247] page dumped because: kasan: bad access detected [ 25.407601] [ 25.407664] Memory state around the buggy address: [ 25.407813] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.408169] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.408494] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.409264] ^ [ 25.409450] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.409790] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.410077] ================================================================== [ 25.453162] ================================================================== [ 25.453774] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.454212] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.454489] [ 25.454699] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.454756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.454770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.454795] Call Trace: [ 25.454818] <TASK> [ 25.454839] dump_stack_lvl+0x73/0xb0 [ 25.454872] print_report+0xd1/0x650 [ 25.454896] ? __virt_addr_valid+0x1db/0x2d0 [ 25.454942] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.454979] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.455006] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.455033] kasan_report+0x141/0x180 [ 25.455074] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.455106] kasan_check_range+0x10c/0x1c0 [ 25.455131] __kasan_check_write+0x18/0x20 [ 25.455155] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.455273] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.455305] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.455332] ? trace_hardirqs_on+0x37/0xe0 [ 25.455355] ? kasan_bitops_generic+0x92/0x1c0 [ 25.455383] kasan_bitops_generic+0x116/0x1c0 [ 25.455407] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.455432] ? __pfx_read_tsc+0x10/0x10 [ 25.455455] ? ktime_get_ts64+0x86/0x230 [ 25.455482] kunit_try_run_case+0x1a5/0x480 [ 25.455509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.455533] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.455556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.455592] ? __kthread_parkme+0x82/0x180 [ 25.455614] ? preempt_count_sub+0x50/0x80 [ 25.455650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.455676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.455702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.455727] kthread+0x337/0x6f0 [ 25.455748] ? trace_preempt_on+0x20/0xc0 [ 25.455771] ? __pfx_kthread+0x10/0x10 [ 25.455792] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.455817] ? calculate_sigpending+0x7b/0xa0 [ 25.455842] ? __pfx_kthread+0x10/0x10 [ 25.455864] ret_from_fork+0x116/0x1d0 [ 25.455884] ? __pfx_kthread+0x10/0x10 [ 25.455906] ret_from_fork_asm+0x1a/0x30 [ 25.455956] </TASK> [ 25.455970] [ 25.464943] Allocated by task 310: [ 25.465439] kasan_save_stack+0x45/0x70 [ 25.465702] kasan_save_track+0x18/0x40 [ 25.465906] kasan_save_alloc_info+0x3b/0x50 [ 25.466148] __kasan_kmalloc+0xb7/0xc0 [ 25.466407] __kmalloc_cache_noprof+0x189/0x420 [ 25.466624] kasan_bitops_generic+0x92/0x1c0 [ 25.466830] kunit_try_run_case+0x1a5/0x480 [ 25.467072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.467426] kthread+0x337/0x6f0 [ 25.467556] ret_from_fork+0x116/0x1d0 [ 25.467685] ret_from_fork_asm+0x1a/0x30 [ 25.467821] [ 25.467923] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.467923] which belongs to the cache kmalloc-16 of size 16 [ 25.468504] The buggy address is located 8 bytes inside of [ 25.468504] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.468944] [ 25.469012] The buggy address belongs to the physical page: [ 25.469271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.469621] flags: 0x200000000000000(node=0|zone=2) [ 25.469845] page_type: f5(slab) [ 25.469972] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.470627] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.471011] page dumped because: kasan: bad access detected [ 25.471354] [ 25.471467] Memory state around the buggy address: [ 25.471687] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.472044] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.472445] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.472734] ^ [ 25.473025] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.473495] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.473854] ================================================================== [ 25.474465] ================================================================== [ 25.474812] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.475221] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.475662] [ 25.475804] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.475859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.475873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.475898] Call Trace: [ 25.475929] <TASK> [ 25.475950] dump_stack_lvl+0x73/0xb0 [ 25.475983] print_report+0xd1/0x650 [ 25.476031] ? __virt_addr_valid+0x1db/0x2d0 [ 25.476056] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.476118] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476152] kasan_report+0x141/0x180 [ 25.476250] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476287] kasan_check_range+0x10c/0x1c0 [ 25.476311] __kasan_check_write+0x18/0x20 [ 25.476334] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476371] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.476398] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.476426] ? trace_hardirqs_on+0x37/0xe0 [ 25.476462] ? kasan_bitops_generic+0x92/0x1c0 [ 25.476489] kasan_bitops_generic+0x116/0x1c0 [ 25.476513] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.476538] ? __pfx_read_tsc+0x10/0x10 [ 25.476562] ? ktime_get_ts64+0x86/0x230 [ 25.476588] kunit_try_run_case+0x1a5/0x480 [ 25.476615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.476640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.476664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.476686] ? __kthread_parkme+0x82/0x180 [ 25.476717] ? preempt_count_sub+0x50/0x80 [ 25.476742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.476778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.476803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.476829] kthread+0x337/0x6f0 [ 25.476850] ? trace_preempt_on+0x20/0xc0 [ 25.476872] ? __pfx_kthread+0x10/0x10 [ 25.476893] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.476917] ? calculate_sigpending+0x7b/0xa0 [ 25.476943] ? __pfx_kthread+0x10/0x10 [ 25.476982] ret_from_fork+0x116/0x1d0 [ 25.477004] ? __pfx_kthread+0x10/0x10 [ 25.477026] ret_from_fork_asm+0x1a/0x30 [ 25.477067] </TASK> [ 25.477080] [ 25.486115] Allocated by task 310: [ 25.486393] kasan_save_stack+0x45/0x70 [ 25.486578] kasan_save_track+0x18/0x40 [ 25.486733] kasan_save_alloc_info+0x3b/0x50 [ 25.486946] __kasan_kmalloc+0xb7/0xc0 [ 25.487164] __kmalloc_cache_noprof+0x189/0x420 [ 25.487498] kasan_bitops_generic+0x92/0x1c0 [ 25.487708] kunit_try_run_case+0x1a5/0x480 [ 25.487846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.488008] kthread+0x337/0x6f0 [ 25.488249] ret_from_fork+0x116/0x1d0 [ 25.488461] ret_from_fork_asm+0x1a/0x30 [ 25.488657] [ 25.488745] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.488745] which belongs to the cache kmalloc-16 of size 16 [ 25.489572] The buggy address is located 8 bytes inside of [ 25.489572] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.490011] [ 25.490115] The buggy address belongs to the physical page: [ 25.490472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.490807] flags: 0x200000000000000(node=0|zone=2) [ 25.491055] page_type: f5(slab) [ 25.491346] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.491673] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.492014] page dumped because: kasan: bad access detected [ 25.492330] [ 25.492415] Memory state around the buggy address: [ 25.492644] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.492965] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.493512] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.493808] ^ [ 25.494105] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.494438] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.494762] ================================================================== [ 25.495433] ================================================================== [ 25.495766] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.496144] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.496549] [ 25.496689] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.496743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.496757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.496782] Call Trace: [ 25.496804] <TASK> [ 25.496826] dump_stack_lvl+0x73/0xb0 [ 25.496857] print_report+0xd1/0x650 [ 25.496879] ? __virt_addr_valid+0x1db/0x2d0 [ 25.496904] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.496930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.496955] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.497009] kasan_report+0x141/0x180 [ 25.497032] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.497078] kasan_check_range+0x10c/0x1c0 [ 25.497101] __kasan_check_write+0x18/0x20 [ 25.497125] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.497150] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.497481] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.497532] ? trace_hardirqs_on+0x37/0xe0 [ 25.497558] ? kasan_bitops_generic+0x92/0x1c0 [ 25.497586] kasan_bitops_generic+0x116/0x1c0 [ 25.497610] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.497635] ? __pfx_read_tsc+0x10/0x10 [ 25.497658] ? ktime_get_ts64+0x86/0x230 [ 25.497683] kunit_try_run_case+0x1a5/0x480 [ 25.497710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.497735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.497759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.497781] ? __kthread_parkme+0x82/0x180 [ 25.497803] ? preempt_count_sub+0x50/0x80 [ 25.497832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.497857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.497882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.497907] kthread+0x337/0x6f0 [ 25.497982] ? trace_preempt_on+0x20/0xc0 [ 25.498006] ? __pfx_kthread+0x10/0x10 [ 25.498028] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.498053] ? calculate_sigpending+0x7b/0xa0 [ 25.498088] ? __pfx_kthread+0x10/0x10 [ 25.498121] ret_from_fork+0x116/0x1d0 [ 25.498140] ? __pfx_kthread+0x10/0x10 [ 25.498163] ret_from_fork_asm+0x1a/0x30 [ 25.498268] </TASK> [ 25.498282] [ 25.507103] Allocated by task 310: [ 25.507286] kasan_save_stack+0x45/0x70 [ 25.507446] kasan_save_track+0x18/0x40 [ 25.507625] kasan_save_alloc_info+0x3b/0x50 [ 25.507814] __kasan_kmalloc+0xb7/0xc0 [ 25.507961] __kmalloc_cache_noprof+0x189/0x420 [ 25.508195] kasan_bitops_generic+0x92/0x1c0 [ 25.508402] kunit_try_run_case+0x1a5/0x480 [ 25.508599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.508988] kthread+0x337/0x6f0 [ 25.509163] ret_from_fork+0x116/0x1d0 [ 25.509573] ret_from_fork_asm+0x1a/0x30 [ 25.509778] [ 25.509874] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.509874] which belongs to the cache kmalloc-16 of size 16 [ 25.510515] The buggy address is located 8 bytes inside of [ 25.510515] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.511036] [ 25.511455] The buggy address belongs to the physical page: [ 25.511717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.511977] flags: 0x200000000000000(node=0|zone=2) [ 25.513118] page_type: f5(slab) [ 25.513497] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.513912] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.514236] page dumped because: kasan: bad access detected [ 25.514494] [ 25.514705] Memory state around the buggy address: [ 25.515139] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.515655] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.516073] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.516593] ^ [ 25.516979] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.517674] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.517974] ==================================================================
[ 25.248820] ================================================================== [ 25.249137] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.249610] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.250053] [ 25.250182] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.250249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.250262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.250284] Call Trace: [ 25.250297] <TASK> [ 25.250324] dump_stack_lvl+0x73/0xb0 [ 25.250352] print_report+0xd1/0x650 [ 25.250392] ? __virt_addr_valid+0x1db/0x2d0 [ 25.250414] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.250464] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250489] kasan_report+0x141/0x180 [ 25.250510] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250539] kasan_check_range+0x10c/0x1c0 [ 25.250577] __kasan_check_write+0x18/0x20 [ 25.250610] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250634] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.250726] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.250755] ? trace_hardirqs_on+0x37/0xe0 [ 25.250776] ? kasan_bitops_generic+0x92/0x1c0 [ 25.250805] kasan_bitops_generic+0x116/0x1c0 [ 25.250828] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.250852] ? __pfx_read_tsc+0x10/0x10 [ 25.250873] ? ktime_get_ts64+0x86/0x230 [ 25.250919] kunit_try_run_case+0x1a5/0x480 [ 25.250945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.250983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.251005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.251027] ? __kthread_parkme+0x82/0x180 [ 25.251046] ? preempt_count_sub+0x50/0x80 [ 25.251069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.251094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.251118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.251142] kthread+0x337/0x6f0 [ 25.251163] ? trace_preempt_on+0x20/0xc0 [ 25.251202] ? __pfx_kthread+0x10/0x10 [ 25.251222] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.251262] ? calculate_sigpending+0x7b/0xa0 [ 25.251285] ? __pfx_kthread+0x10/0x10 [ 25.251317] ret_from_fork+0x116/0x1d0 [ 25.251335] ? __pfx_kthread+0x10/0x10 [ 25.251356] ret_from_fork_asm+0x1a/0x30 [ 25.251401] </TASK> [ 25.251413] [ 25.259931] Allocated by task 309: [ 25.260109] kasan_save_stack+0x45/0x70 [ 25.260461] kasan_save_track+0x18/0x40 [ 25.260604] kasan_save_alloc_info+0x3b/0x50 [ 25.261017] __kasan_kmalloc+0xb7/0xc0 [ 25.261155] __kmalloc_cache_noprof+0x189/0x420 [ 25.261299] kasan_bitops_generic+0x92/0x1c0 [ 25.261594] kunit_try_run_case+0x1a5/0x480 [ 25.261940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.262236] kthread+0x337/0x6f0 [ 25.262413] ret_from_fork+0x116/0x1d0 [ 25.262588] ret_from_fork_asm+0x1a/0x30 [ 25.262935] [ 25.263096] The buggy address belongs to the object at ffff88810586d4c0 [ 25.263096] which belongs to the cache kmalloc-16 of size 16 [ 25.263596] The buggy address is located 8 bytes inside of [ 25.263596] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.264193] [ 25.264319] The buggy address belongs to the physical page: [ 25.264566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.264959] flags: 0x200000000000000(node=0|zone=2) [ 25.265180] page_type: f5(slab) [ 25.265344] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.265684] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.265967] page dumped because: kasan: bad access detected [ 25.266125] [ 25.266186] Memory state around the buggy address: [ 25.266425] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.267223] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.267549] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.267931] ^ [ 25.268221] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.268560] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.269058] ================================================================== [ 25.165142] ================================================================== [ 25.165927] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.166334] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.166958] [ 25.167068] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.167114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.167127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.167147] Call Trace: [ 25.167180] <TASK> [ 25.167194] dump_stack_lvl+0x73/0xb0 [ 25.167222] print_report+0xd1/0x650 [ 25.167258] ? __virt_addr_valid+0x1db/0x2d0 [ 25.167294] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167344] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.167383] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167408] kasan_report+0x141/0x180 [ 25.167430] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167460] kasan_check_range+0x10c/0x1c0 [ 25.167483] __kasan_check_write+0x18/0x20 [ 25.167520] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167545] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.167571] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.167595] ? trace_hardirqs_on+0x37/0xe0 [ 25.167617] ? kasan_bitops_generic+0x92/0x1c0 [ 25.167643] kasan_bitops_generic+0x116/0x1c0 [ 25.167666] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.167706] ? __pfx_read_tsc+0x10/0x10 [ 25.167727] ? ktime_get_ts64+0x86/0x230 [ 25.167751] kunit_try_run_case+0x1a5/0x480 [ 25.167776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.167800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.167822] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.167844] ? __kthread_parkme+0x82/0x180 [ 25.167864] ? preempt_count_sub+0x50/0x80 [ 25.167888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.167913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.167937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.167961] kthread+0x337/0x6f0 [ 25.167981] ? trace_preempt_on+0x20/0xc0 [ 25.168003] ? __pfx_kthread+0x10/0x10 [ 25.168023] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.168047] ? calculate_sigpending+0x7b/0xa0 [ 25.168071] ? __pfx_kthread+0x10/0x10 [ 25.168092] ret_from_fork+0x116/0x1d0 [ 25.168111] ? __pfx_kthread+0x10/0x10 [ 25.168131] ret_from_fork_asm+0x1a/0x30 [ 25.168162] </TASK> [ 25.168173] [ 25.177104] Allocated by task 309: [ 25.177229] kasan_save_stack+0x45/0x70 [ 25.177406] kasan_save_track+0x18/0x40 [ 25.177727] kasan_save_alloc_info+0x3b/0x50 [ 25.178004] __kasan_kmalloc+0xb7/0xc0 [ 25.178208] __kmalloc_cache_noprof+0x189/0x420 [ 25.178404] kasan_bitops_generic+0x92/0x1c0 [ 25.178567] kunit_try_run_case+0x1a5/0x480 [ 25.178794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.179106] kthread+0x337/0x6f0 [ 25.179317] ret_from_fork+0x116/0x1d0 [ 25.179527] ret_from_fork_asm+0x1a/0x30 [ 25.179731] [ 25.179834] The buggy address belongs to the object at ffff88810586d4c0 [ 25.179834] which belongs to the cache kmalloc-16 of size 16 [ 25.180317] The buggy address is located 8 bytes inside of [ 25.180317] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.180871] [ 25.180969] The buggy address belongs to the physical page: [ 25.181194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.181430] flags: 0x200000000000000(node=0|zone=2) [ 25.181581] page_type: f5(slab) [ 25.181692] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.181952] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.182560] page dumped because: kasan: bad access detected [ 25.183034] [ 25.183127] Memory state around the buggy address: [ 25.183352] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.183629] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.184141] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.184480] ^ [ 25.184926] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.185198] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.185413] ================================================================== [ 25.269476] ================================================================== [ 25.269945] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.270239] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.270462] [ 25.270622] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.270687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.270700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.270721] Call Trace: [ 25.270734] <TASK> [ 25.270765] dump_stack_lvl+0x73/0xb0 [ 25.270791] print_report+0xd1/0x650 [ 25.270828] ? __virt_addr_valid+0x1db/0x2d0 [ 25.270863] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.270900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.270925] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.270963] kasan_report+0x141/0x180 [ 25.270984] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.271013] kasan_check_range+0x10c/0x1c0 [ 25.271037] __kasan_check_write+0x18/0x20 [ 25.271224] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.271250] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.271276] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.271300] ? trace_hardirqs_on+0x37/0xe0 [ 25.271335] ? kasan_bitops_generic+0x92/0x1c0 [ 25.271362] kasan_bitops_generic+0x116/0x1c0 [ 25.271385] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.271408] ? __pfx_read_tsc+0x10/0x10 [ 25.271430] ? ktime_get_ts64+0x86/0x230 [ 25.271453] kunit_try_run_case+0x1a5/0x480 [ 25.271478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.271501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.271522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.271544] ? __kthread_parkme+0x82/0x180 [ 25.271564] ? preempt_count_sub+0x50/0x80 [ 25.271587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.271612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.271635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.271682] kthread+0x337/0x6f0 [ 25.271702] ? trace_preempt_on+0x20/0xc0 [ 25.271737] ? __pfx_kthread+0x10/0x10 [ 25.271770] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.271807] ? calculate_sigpending+0x7b/0xa0 [ 25.271831] ? __pfx_kthread+0x10/0x10 [ 25.271853] ret_from_fork+0x116/0x1d0 [ 25.271886] ? __pfx_kthread+0x10/0x10 [ 25.271920] ret_from_fork_asm+0x1a/0x30 [ 25.271950] </TASK> [ 25.271961] [ 25.280743] Allocated by task 309: [ 25.280927] kasan_save_stack+0x45/0x70 [ 25.281126] kasan_save_track+0x18/0x40 [ 25.281339] kasan_save_alloc_info+0x3b/0x50 [ 25.281550] __kasan_kmalloc+0xb7/0xc0 [ 25.281785] __kmalloc_cache_noprof+0x189/0x420 [ 25.281997] kasan_bitops_generic+0x92/0x1c0 [ 25.282192] kunit_try_run_case+0x1a5/0x480 [ 25.282474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.282685] kthread+0x337/0x6f0 [ 25.282801] ret_from_fork+0x116/0x1d0 [ 25.283032] ret_from_fork_asm+0x1a/0x30 [ 25.283232] [ 25.283363] The buggy address belongs to the object at ffff88810586d4c0 [ 25.283363] which belongs to the cache kmalloc-16 of size 16 [ 25.284235] The buggy address is located 8 bytes inside of [ 25.284235] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.284871] [ 25.284961] The buggy address belongs to the physical page: [ 25.285221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.285463] flags: 0x200000000000000(node=0|zone=2) [ 25.285682] page_type: f5(slab) [ 25.286105] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.286510] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.286951] page dumped because: kasan: bad access detected [ 25.287146] [ 25.287209] Memory state around the buggy address: [ 25.287393] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.287960] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.288207] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.288479] ^ [ 25.288806] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.289026] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.289224] ================================================================== [ 25.228030] ================================================================== [ 25.228480] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.228917] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.229134] [ 25.229209] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.229254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.229267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.229288] Call Trace: [ 25.229303] <TASK> [ 25.229332] dump_stack_lvl+0x73/0xb0 [ 25.229359] print_report+0xd1/0x650 [ 25.229380] ? __virt_addr_valid+0x1db/0x2d0 [ 25.229403] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229427] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.229453] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229478] kasan_report+0x141/0x180 [ 25.229500] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229529] kasan_check_range+0x10c/0x1c0 [ 25.229552] __kasan_check_write+0x18/0x20 [ 25.229575] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229600] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.229627] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.229649] ? trace_hardirqs_on+0x37/0xe0 [ 25.229670] ? kasan_bitops_generic+0x92/0x1c0 [ 25.229697] kasan_bitops_generic+0x116/0x1c0 [ 25.229720] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.229750] ? __pfx_read_tsc+0x10/0x10 [ 25.229770] ? ktime_get_ts64+0x86/0x230 [ 25.229794] kunit_try_run_case+0x1a5/0x480 [ 25.229818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.229842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.229980] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.230010] ? __kthread_parkme+0x82/0x180 [ 25.230030] ? preempt_count_sub+0x50/0x80 [ 25.230053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.230078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.230102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.230127] kthread+0x337/0x6f0 [ 25.230146] ? trace_preempt_on+0x20/0xc0 [ 25.230167] ? __pfx_kthread+0x10/0x10 [ 25.230189] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.230213] ? calculate_sigpending+0x7b/0xa0 [ 25.230235] ? __pfx_kthread+0x10/0x10 [ 25.230257] ret_from_fork+0x116/0x1d0 [ 25.230275] ? __pfx_kthread+0x10/0x10 [ 25.230296] ret_from_fork_asm+0x1a/0x30 [ 25.230337] </TASK> [ 25.230348] [ 25.239478] Allocated by task 309: [ 25.239743] kasan_save_stack+0x45/0x70 [ 25.239936] kasan_save_track+0x18/0x40 [ 25.240174] kasan_save_alloc_info+0x3b/0x50 [ 25.240375] __kasan_kmalloc+0xb7/0xc0 [ 25.240514] __kmalloc_cache_noprof+0x189/0x420 [ 25.240844] kasan_bitops_generic+0x92/0x1c0 [ 25.241075] kunit_try_run_case+0x1a5/0x480 [ 25.241224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.241479] kthread+0x337/0x6f0 [ 25.241628] ret_from_fork+0x116/0x1d0 [ 25.242003] ret_from_fork_asm+0x1a/0x30 [ 25.242148] [ 25.242211] The buggy address belongs to the object at ffff88810586d4c0 [ 25.242211] which belongs to the cache kmalloc-16 of size 16 [ 25.242595] The buggy address is located 8 bytes inside of [ 25.242595] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.243389] [ 25.243459] The buggy address belongs to the physical page: [ 25.243619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.243844] flags: 0x200000000000000(node=0|zone=2) [ 25.244199] page_type: f5(slab) [ 25.244407] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.244890] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.245441] page dumped because: kasan: bad access detected [ 25.245867] [ 25.245938] Memory state around the buggy address: [ 25.246083] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.246602] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.247111] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.247334] ^ [ 25.247680] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.248053] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.248355] ================================================================== [ 25.185810] ================================================================== [ 25.186048] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.186825] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.187296] [ 25.187441] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.187504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.187517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.187538] Call Trace: [ 25.187554] <TASK> [ 25.187568] dump_stack_lvl+0x73/0xb0 [ 25.187616] print_report+0xd1/0x650 [ 25.187638] ? __virt_addr_valid+0x1db/0x2d0 [ 25.187661] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187726] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.187755] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187780] kasan_report+0x141/0x180 [ 25.187802] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187831] kasan_check_range+0x10c/0x1c0 [ 25.187855] __kasan_check_write+0x18/0x20 [ 25.187900] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187926] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.187951] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.187975] ? trace_hardirqs_on+0x37/0xe0 [ 25.187998] ? kasan_bitops_generic+0x92/0x1c0 [ 25.188024] kasan_bitops_generic+0x116/0x1c0 [ 25.188064] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.188089] ? __pfx_read_tsc+0x10/0x10 [ 25.188110] ? ktime_get_ts64+0x86/0x230 [ 25.188134] kunit_try_run_case+0x1a5/0x480 [ 25.188159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.188183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.188204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.188243] ? __kthread_parkme+0x82/0x180 [ 25.188264] ? preempt_count_sub+0x50/0x80 [ 25.188287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.188322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.188347] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.188371] kthread+0x337/0x6f0 [ 25.188404] ? trace_preempt_on+0x20/0xc0 [ 25.188426] ? __pfx_kthread+0x10/0x10 [ 25.188447] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.188472] ? calculate_sigpending+0x7b/0xa0 [ 25.188496] ? __pfx_kthread+0x10/0x10 [ 25.188518] ret_from_fork+0x116/0x1d0 [ 25.188536] ? __pfx_kthread+0x10/0x10 [ 25.188558] ret_from_fork_asm+0x1a/0x30 [ 25.188604] </TASK> [ 25.188615] [ 25.197851] Allocated by task 309: [ 25.198049] kasan_save_stack+0x45/0x70 [ 25.198230] kasan_save_track+0x18/0x40 [ 25.198439] kasan_save_alloc_info+0x3b/0x50 [ 25.198645] __kasan_kmalloc+0xb7/0xc0 [ 25.198784] __kmalloc_cache_noprof+0x189/0x420 [ 25.198930] kasan_bitops_generic+0x92/0x1c0 [ 25.199440] kunit_try_run_case+0x1a5/0x480 [ 25.199705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.199868] kthread+0x337/0x6f0 [ 25.199977] ret_from_fork+0x116/0x1d0 [ 25.200097] ret_from_fork_asm+0x1a/0x30 [ 25.200222] [ 25.200300] The buggy address belongs to the object at ffff88810586d4c0 [ 25.200300] which belongs to the cache kmalloc-16 of size 16 [ 25.201397] The buggy address is located 8 bytes inside of [ 25.201397] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.202029] [ 25.202100] The buggy address belongs to the physical page: [ 25.202260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.202849] flags: 0x200000000000000(node=0|zone=2) [ 25.203122] page_type: f5(slab) [ 25.203271] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.203655] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.203961] page dumped because: kasan: bad access detected [ 25.204120] [ 25.204199] Memory state around the buggy address: [ 25.204501] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.204983] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.205386] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.205742] ^ [ 25.206001] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.206299] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.206673] ================================================================== [ 25.207023] ================================================================== [ 25.207299] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208014] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.208373] [ 25.208500] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.208548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.208560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.208599] Call Trace: [ 25.208614] <TASK> [ 25.208629] dump_stack_lvl+0x73/0xb0 [ 25.208656] print_report+0xd1/0x650 [ 25.208783] ? __virt_addr_valid+0x1db/0x2d0 [ 25.208830] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.208896] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208921] kasan_report+0x141/0x180 [ 25.208944] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208973] kasan_check_range+0x10c/0x1c0 [ 25.208997] __kasan_check_write+0x18/0x20 [ 25.209020] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.209045] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.209070] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.209094] ? trace_hardirqs_on+0x37/0xe0 [ 25.209115] ? kasan_bitops_generic+0x92/0x1c0 [ 25.209142] kasan_bitops_generic+0x116/0x1c0 [ 25.209165] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.209190] ? __pfx_read_tsc+0x10/0x10 [ 25.209212] ? ktime_get_ts64+0x86/0x230 [ 25.209236] kunit_try_run_case+0x1a5/0x480 [ 25.209261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.209319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.209341] ? __kthread_parkme+0x82/0x180 [ 25.209361] ? preempt_count_sub+0x50/0x80 [ 25.209384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.209434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.209459] kthread+0x337/0x6f0 [ 25.209478] ? trace_preempt_on+0x20/0xc0 [ 25.209577] ? __pfx_kthread+0x10/0x10 [ 25.209600] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.209642] ? calculate_sigpending+0x7b/0xa0 [ 25.209666] ? __pfx_kthread+0x10/0x10 [ 25.209748] ret_from_fork+0x116/0x1d0 [ 25.209769] ? __pfx_kthread+0x10/0x10 [ 25.209789] ret_from_fork_asm+0x1a/0x30 [ 25.209820] </TASK> [ 25.209831] [ 25.218738] Allocated by task 309: [ 25.218922] kasan_save_stack+0x45/0x70 [ 25.219174] kasan_save_track+0x18/0x40 [ 25.219340] kasan_save_alloc_info+0x3b/0x50 [ 25.219488] __kasan_kmalloc+0xb7/0xc0 [ 25.219768] __kmalloc_cache_noprof+0x189/0x420 [ 25.220086] kasan_bitops_generic+0x92/0x1c0 [ 25.220270] kunit_try_run_case+0x1a5/0x480 [ 25.220496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.220783] kthread+0x337/0x6f0 [ 25.220976] ret_from_fork+0x116/0x1d0 [ 25.221150] ret_from_fork_asm+0x1a/0x30 [ 25.221355] [ 25.221646] The buggy address belongs to the object at ffff88810586d4c0 [ 25.221646] which belongs to the cache kmalloc-16 of size 16 [ 25.222175] The buggy address is located 8 bytes inside of [ 25.222175] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.222853] [ 25.222923] The buggy address belongs to the physical page: [ 25.223084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.223445] flags: 0x200000000000000(node=0|zone=2) [ 25.223740] page_type: f5(slab) [ 25.223899] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.224130] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.224387] page dumped because: kasan: bad access detected [ 25.224968] [ 25.225073] Memory state around the buggy address: [ 25.225260] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.225478] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.226080] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.226578] ^ [ 25.226910] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.227215] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.227539] ================================================================== [ 25.144654] ================================================================== [ 25.144978] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.145340] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.146069] [ 25.146162] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.146212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.146225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.146247] Call Trace: [ 25.146258] <TASK> [ 25.146274] dump_stack_lvl+0x73/0xb0 [ 25.146302] print_report+0xd1/0x650 [ 25.146337] ? __virt_addr_valid+0x1db/0x2d0 [ 25.146381] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.146445] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146470] kasan_report+0x141/0x180 [ 25.146492] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146535] kasan_check_range+0x10c/0x1c0 [ 25.146558] __kasan_check_write+0x18/0x20 [ 25.146581] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146606] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.146632] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.146656] ? trace_hardirqs_on+0x37/0xe0 [ 25.146739] ? kasan_bitops_generic+0x92/0x1c0 [ 25.146769] kasan_bitops_generic+0x116/0x1c0 [ 25.146793] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.146817] ? __pfx_read_tsc+0x10/0x10 [ 25.146839] ? ktime_get_ts64+0x86/0x230 [ 25.146864] kunit_try_run_case+0x1a5/0x480 [ 25.146889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.146912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.146935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.146957] ? __kthread_parkme+0x82/0x180 [ 25.146978] ? preempt_count_sub+0x50/0x80 [ 25.147001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.147026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.147049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.147074] kthread+0x337/0x6f0 [ 25.147094] ? trace_preempt_on+0x20/0xc0 [ 25.147116] ? __pfx_kthread+0x10/0x10 [ 25.147135] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.147159] ? calculate_sigpending+0x7b/0xa0 [ 25.147182] ? __pfx_kthread+0x10/0x10 [ 25.147203] ret_from_fork+0x116/0x1d0 [ 25.147221] ? __pfx_kthread+0x10/0x10 [ 25.147241] ret_from_fork_asm+0x1a/0x30 [ 25.147319] </TASK> [ 25.147331] [ 25.156296] Allocated by task 309: [ 25.156506] kasan_save_stack+0x45/0x70 [ 25.156825] kasan_save_track+0x18/0x40 [ 25.157061] kasan_save_alloc_info+0x3b/0x50 [ 25.157284] __kasan_kmalloc+0xb7/0xc0 [ 25.157469] __kmalloc_cache_noprof+0x189/0x420 [ 25.157729] kasan_bitops_generic+0x92/0x1c0 [ 25.158014] kunit_try_run_case+0x1a5/0x480 [ 25.158195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.158398] kthread+0x337/0x6f0 [ 25.158659] ret_from_fork+0x116/0x1d0 [ 25.158919] ret_from_fork_asm+0x1a/0x30 [ 25.159122] [ 25.159232] The buggy address belongs to the object at ffff88810586d4c0 [ 25.159232] which belongs to the cache kmalloc-16 of size 16 [ 25.159717] The buggy address is located 8 bytes inside of [ 25.159717] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.160275] [ 25.160406] The buggy address belongs to the physical page: [ 25.160566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.160814] flags: 0x200000000000000(node=0|zone=2) [ 25.161261] page_type: f5(slab) [ 25.161446] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.162259] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.162613] page dumped because: kasan: bad access detected [ 25.162930] [ 25.163024] Memory state around the buggy address: [ 25.163236] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.163526] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.163859] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.164157] ^ [ 25.164398] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.164601] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.164802] ================================================================== [ 25.110702] ================================================================== [ 25.112015] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.112330] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.113502] [ 25.114184] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.114245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.114267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.114290] Call Trace: [ 25.114316] <TASK> [ 25.114337] dump_stack_lvl+0x73/0xb0 [ 25.114372] print_report+0xd1/0x650 [ 25.114396] ? __virt_addr_valid+0x1db/0x2d0 [ 25.114420] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.114470] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114503] kasan_report+0x141/0x180 [ 25.114525] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114554] kasan_check_range+0x10c/0x1c0 [ 25.114577] __kasan_check_write+0x18/0x20 [ 25.114600] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114625] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.114650] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.114676] ? trace_hardirqs_on+0x37/0xe0 [ 25.114699] ? kasan_bitops_generic+0x92/0x1c0 [ 25.114726] kasan_bitops_generic+0x116/0x1c0 [ 25.114749] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.114774] ? __pfx_read_tsc+0x10/0x10 [ 25.114795] ? ktime_get_ts64+0x86/0x230 [ 25.114819] kunit_try_run_case+0x1a5/0x480 [ 25.114847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.114871] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.114894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.114916] ? __kthread_parkme+0x82/0x180 [ 25.114937] ? preempt_count_sub+0x50/0x80 [ 25.114962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.114986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.115010] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.115033] kthread+0x337/0x6f0 [ 25.115052] ? trace_preempt_on+0x20/0xc0 [ 25.115074] ? __pfx_kthread+0x10/0x10 [ 25.115094] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.115118] ? calculate_sigpending+0x7b/0xa0 [ 25.115142] ? __pfx_kthread+0x10/0x10 [ 25.115164] ret_from_fork+0x116/0x1d0 [ 25.115182] ? __pfx_kthread+0x10/0x10 [ 25.115203] ret_from_fork_asm+0x1a/0x30 [ 25.115234] </TASK> [ 25.115248] [ 25.131402] Allocated by task 309: [ 25.131710] kasan_save_stack+0x45/0x70 [ 25.132227] kasan_save_track+0x18/0x40 [ 25.132434] kasan_save_alloc_info+0x3b/0x50 [ 25.132811] __kasan_kmalloc+0xb7/0xc0 [ 25.133110] __kmalloc_cache_noprof+0x189/0x420 [ 25.133452] kasan_bitops_generic+0x92/0x1c0 [ 25.133876] kunit_try_run_case+0x1a5/0x480 [ 25.134177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.134548] kthread+0x337/0x6f0 [ 25.134905] ret_from_fork+0x116/0x1d0 [ 25.135196] ret_from_fork_asm+0x1a/0x30 [ 25.135498] [ 25.135592] The buggy address belongs to the object at ffff88810586d4c0 [ 25.135592] which belongs to the cache kmalloc-16 of size 16 [ 25.136425] The buggy address is located 8 bytes inside of [ 25.136425] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.137126] [ 25.137228] The buggy address belongs to the physical page: [ 25.137670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.137984] flags: 0x200000000000000(node=0|zone=2) [ 25.138218] page_type: f5(slab) [ 25.138383] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.139025] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.139481] page dumped because: kasan: bad access detected [ 25.140153] [ 25.140259] Memory state around the buggy address: [ 25.140457] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.141057] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.141497] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.141973] ^ [ 25.142360] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.142859] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.143342] ==================================================================