Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 54.887139] ================================================================== [ 54.894452] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 54.902736] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 54.910144] [ 54.911677] CPU: 6 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 54.911707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.911717] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.911727] Call trace: [ 54.911733] show_stack+0x20/0x38 (C) [ 54.911751] dump_stack_lvl+0x8c/0xd0 [ 54.911770] print_report+0x118/0x608 [ 54.911790] kasan_report+0xdc/0x128 [ 54.911809] __asan_report_load8_noabort+0x20/0x30 [ 54.911828] kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 54.911848] kasan_bitops_generic+0x110/0x1c8 [ 54.911866] kunit_try_run_case+0x170/0x3f0 [ 54.911885] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.911907] kthread+0x328/0x630 [ 54.911920] ret_from_fork+0x10/0x20 [ 54.911937] [ 54.983160] Allocated by task 370: [ 54.986616] kasan_save_stack+0x3c/0x68 [ 54.990516] kasan_save_track+0x20/0x40 [ 54.994421] kasan_save_alloc_info+0x40/0x58 [ 54.998762] __kasan_kmalloc+0xd4/0xd8 [ 55.002581] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.007181] kasan_bitops_generic+0xa0/0x1c8 [ 55.011519] kunit_try_run_case+0x170/0x3f0 [ 55.015771] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.021340] kthread+0x328/0x630 [ 55.024624] ret_from_fork+0x10/0x20 [ 55.028260] [ 55.029783] The buggy address belongs to the object at ffff000098190200 [ 55.029783] which belongs to the cache kmalloc-16 of size 16 [ 55.042267] The buggy address is located 8 bytes inside of [ 55.042267] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 55.054657] [ 55.056188] The buggy address belongs to the physical page: [ 55.061836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 55.069936] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.076552] page_type: f5(slab) [ 55.079749] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.087594] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.095433] page dumped because: kasan: bad access detected [ 55.101080] [ 55.102603] Memory state around the buggy address: [ 55.107454] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.114765] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.122074] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.129382] ^ [ 55.132922] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.140232] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.147541] ================================================================== [ 55.154969] ================================================================== [ 55.162283] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 55.170565] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 55.178049] [ 55.179585] CPU: 6 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 55.179615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.179625] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.179636] Call trace: [ 55.179643] show_stack+0x20/0x38 (C) [ 55.179660] dump_stack_lvl+0x8c/0xd0 [ 55.179679] print_report+0x118/0x608 [ 55.179698] kasan_report+0xdc/0x128 [ 55.179716] kasan_check_range+0x100/0x1a8 [ 55.179736] __kasan_check_write+0x20/0x30 [ 55.179752] kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 55.179773] kasan_bitops_generic+0x110/0x1c8 [ 55.179790] kunit_try_run_case+0x170/0x3f0 [ 55.179809] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.179829] kthread+0x328/0x630 [ 55.179842] ret_from_fork+0x10/0x20 [ 55.179860] [ 55.254493] Allocated by task 370: [ 55.257946] kasan_save_stack+0x3c/0x68 [ 55.261845] kasan_save_track+0x20/0x40 [ 55.265751] kasan_save_alloc_info+0x40/0x58 [ 55.270089] __kasan_kmalloc+0xd4/0xd8 [ 55.273907] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.278509] kasan_bitops_generic+0xa0/0x1c8 [ 55.282847] kunit_try_run_case+0x170/0x3f0 [ 55.287100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.292668] kthread+0x328/0x630 [ 55.295951] ret_from_fork+0x10/0x20 [ 55.299587] [ 55.301110] The buggy address belongs to the object at ffff000098190200 [ 55.301110] which belongs to the cache kmalloc-16 of size 16 [ 55.313593] The buggy address is located 8 bytes inside of [ 55.313593] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 55.325983] [ 55.327514] The buggy address belongs to the physical page: [ 55.333159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 55.341261] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.347876] page_type: f5(slab) [ 55.351077] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.358921] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.366760] page dumped because: kasan: bad access detected [ 55.372403] [ 55.373925] Memory state around the buggy address: [ 55.378780] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.386089] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.393397] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.400702] ^ [ 55.404244] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.411554] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.418863] ================================================================== [ 56.238014] ================================================================== [ 56.245335] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 56.253618] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 56.261106] [ 56.262634] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 56.262663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.262672] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.262685] Call trace: [ 56.262691] show_stack+0x20/0x38 (C) [ 56.262709] dump_stack_lvl+0x8c/0xd0 [ 56.262728] print_report+0x118/0x608 [ 56.262746] kasan_report+0xdc/0x128 [ 56.262765] kasan_check_range+0x100/0x1a8 [ 56.262785] __kasan_check_write+0x20/0x30 [ 56.262801] kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 56.262823] kasan_bitops_generic+0x110/0x1c8 [ 56.262840] kunit_try_run_case+0x170/0x3f0 [ 56.262858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.262878] kthread+0x328/0x630 [ 56.262892] ret_from_fork+0x10/0x20 [ 56.262911] [ 56.337562] Allocated by task 370: [ 56.341019] kasan_save_stack+0x3c/0x68 [ 56.344919] kasan_save_track+0x20/0x40 [ 56.348818] kasan_save_alloc_info+0x40/0x58 [ 56.353158] __kasan_kmalloc+0xd4/0xd8 [ 56.356969] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.361572] kasan_bitops_generic+0xa0/0x1c8 [ 56.365915] kunit_try_run_case+0x170/0x3f0 [ 56.370172] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.375743] kthread+0x328/0x630 [ 56.379030] ret_from_fork+0x10/0x20 [ 56.382667] [ 56.384190] The buggy address belongs to the object at ffff000098190200 [ 56.384190] which belongs to the cache kmalloc-16 of size 16 [ 56.396673] The buggy address is located 8 bytes inside of [ 56.396673] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 56.409072] [ 56.410598] The buggy address belongs to the physical page: [ 56.416246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 56.424343] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.430954] page_type: f5(slab) [ 56.434155] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.441993] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.449830] page dumped because: kasan: bad access detected [ 56.455478] [ 56.457002] Memory state around the buggy address: [ 56.461858] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.469173] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.476489] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.483803] ^ [ 56.487346] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.494662] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.501976] ================================================================== [ 55.698846] ================================================================== [ 55.706168] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 55.714455] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 55.721865] [ 55.723402] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 55.723433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.723442] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.723454] Call trace: [ 55.723460] show_stack+0x20/0x38 (C) [ 55.723480] dump_stack_lvl+0x8c/0xd0 [ 55.723500] print_report+0x118/0x608 [ 55.723520] kasan_report+0xdc/0x128 [ 55.723538] __asan_report_load8_noabort+0x20/0x30 [ 55.723555] kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 55.723577] kasan_bitops_generic+0x110/0x1c8 [ 55.723595] kunit_try_run_case+0x170/0x3f0 [ 55.723614] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.723636] kthread+0x328/0x630 [ 55.723650] ret_from_fork+0x10/0x20 [ 55.723668] [ 55.794876] Allocated by task 370: [ 55.798330] kasan_save_stack+0x3c/0x68 [ 55.802237] kasan_save_track+0x20/0x40 [ 55.806142] kasan_save_alloc_info+0x40/0x58 [ 55.810480] __kasan_kmalloc+0xd4/0xd8 [ 55.814298] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.818899] kasan_bitops_generic+0xa0/0x1c8 [ 55.823235] kunit_try_run_case+0x170/0x3f0 [ 55.827484] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.833052] kthread+0x328/0x630 [ 55.836335] ret_from_fork+0x10/0x20 [ 55.839968] [ 55.841493] The buggy address belongs to the object at ffff000098190200 [ 55.841493] which belongs to the cache kmalloc-16 of size 16 [ 55.853975] The buggy address is located 8 bytes inside of [ 55.853975] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 55.866376] [ 55.867906] The buggy address belongs to the physical page: [ 55.873552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 55.881653] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.888269] page_type: f5(slab) [ 55.891464] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.899310] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.907147] page dumped because: kasan: bad access detected [ 55.912790] [ 55.914315] Memory state around the buggy address: [ 55.919175] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.926485] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.933806] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.941121] ^ [ 55.944665] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.951983] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.959290] ================================================================== [ 55.426466] ================================================================== [ 55.433799] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 55.442093] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 55.449593] [ 55.451127] CPU: 2 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 55.451158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.451166] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.451179] Call trace: [ 55.451185] show_stack+0x20/0x38 (C) [ 55.451203] dump_stack_lvl+0x8c/0xd0 [ 55.451224] print_report+0x118/0x608 [ 55.451244] kasan_report+0xdc/0x128 [ 55.451264] kasan_check_range+0x100/0x1a8 [ 55.451286] __kasan_check_write+0x20/0x30 [ 55.451304] kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 55.451326] kasan_bitops_generic+0x110/0x1c8 [ 55.451345] kunit_try_run_case+0x170/0x3f0 [ 55.451365] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.451388] kthread+0x328/0x630 [ 55.451404] ret_from_fork+0x10/0x20 [ 55.451422] [ 55.526115] Allocated by task 370: [ 55.529583] kasan_save_stack+0x3c/0x68 [ 55.533492] kasan_save_track+0x20/0x40 [ 55.537397] kasan_save_alloc_info+0x40/0x58 [ 55.541743] __kasan_kmalloc+0xd4/0xd8 [ 55.545561] __kmalloc_cache_noprof+0x16c/0x3c0 [ 55.550168] kasan_bitops_generic+0xa0/0x1c8 [ 55.554517] kunit_try_run_case+0x170/0x3f0 [ 55.558778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.564349] kthread+0x328/0x630 [ 55.567639] ret_from_fork+0x10/0x20 [ 55.571283] [ 55.572814] The buggy address belongs to the object at ffff000098190200 [ 55.572814] which belongs to the cache kmalloc-16 of size 16 [ 55.585305] The buggy address is located 8 bytes inside of [ 55.585305] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 55.597712] [ 55.599243] The buggy address belongs to the physical page: [ 55.604889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 55.612997] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 55.619613] page_type: f5(slab) [ 55.622814] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 55.630663] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 55.638507] page dumped because: kasan: bad access detected [ 55.644155] [ 55.645686] Memory state around the buggy address: [ 55.650545] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.657862] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.665179] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.672492] ^ [ 55.676046] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.683363] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.690676] ================================================================== [ 54.071719] ================================================================== [ 54.082931] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 54.091226] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 54.098720] [ 54.100261] CPU: 3 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 54.100294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.100305] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.100318] Call trace: [ 54.100326] show_stack+0x20/0x38 (C) [ 54.100345] dump_stack_lvl+0x8c/0xd0 [ 54.100366] print_report+0x118/0x608 [ 54.100388] kasan_report+0xdc/0x128 [ 54.100408] kasan_check_range+0x100/0x1a8 [ 54.100430] __kasan_check_write+0x20/0x30 [ 54.100447] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 54.100468] kasan_bitops_generic+0x110/0x1c8 [ 54.100488] kunit_try_run_case+0x170/0x3f0 [ 54.100507] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.100529] kthread+0x328/0x630 [ 54.100545] ret_from_fork+0x10/0x20 [ 54.100566] [ 54.175268] Allocated by task 370: [ 54.178732] kasan_save_stack+0x3c/0x68 [ 54.182645] kasan_save_track+0x20/0x40 [ 54.186558] kasan_save_alloc_info+0x40/0x58 [ 54.190898] __kasan_kmalloc+0xd4/0xd8 [ 54.194713] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.199325] kasan_bitops_generic+0xa0/0x1c8 [ 54.203667] kunit_try_run_case+0x170/0x3f0 [ 54.207923] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.213502] kthread+0x328/0x630 [ 54.216797] ret_from_fork+0x10/0x20 [ 54.220437] [ 54.221971] The buggy address belongs to the object at ffff000098190200 [ 54.221971] which belongs to the cache kmalloc-16 of size 16 [ 54.234457] The buggy address is located 8 bytes inside of [ 54.234457] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 54.246860] [ 54.248397] The buggy address belongs to the physical page: [ 54.254048] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 54.262155] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.268772] page_type: f5(slab) [ 54.271980] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.279828] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.287674] page dumped because: kasan: bad access detected [ 54.293326] [ 54.294857] Memory state around the buggy address: [ 54.299719] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.307037] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.314355] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.321672] ^ [ 54.325222] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.332540] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.339855] ================================================================== [ 54.347272] ================================================================== [ 54.354590] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 54.362875] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 54.370280] [ 54.371822] CPU: 3 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 54.371854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.371863] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.371875] Call trace: [ 54.371884] show_stack+0x20/0x38 (C) [ 54.371904] dump_stack_lvl+0x8c/0xd0 [ 54.371924] print_report+0x118/0x608 [ 54.371944] kasan_report+0xdc/0x128 [ 54.371965] __asan_report_load8_noabort+0x20/0x30 [ 54.371984] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 54.372006] kasan_bitops_generic+0x110/0x1c8 [ 54.372027] kunit_try_run_case+0x170/0x3f0 [ 54.372047] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.372072] kthread+0x328/0x630 [ 54.372087] ret_from_fork+0x10/0x20 [ 54.372106] [ 54.443352] Allocated by task 370: [ 54.446819] kasan_save_stack+0x3c/0x68 [ 54.450731] kasan_save_track+0x20/0x40 [ 54.454644] kasan_save_alloc_info+0x40/0x58 [ 54.458984] __kasan_kmalloc+0xd4/0xd8 [ 54.462798] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.467411] kasan_bitops_generic+0xa0/0x1c8 [ 54.471751] kunit_try_run_case+0x170/0x3f0 [ 54.476007] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.481586] kthread+0x328/0x630 [ 54.484879] ret_from_fork+0x10/0x20 [ 54.488519] [ 54.490051] The buggy address belongs to the object at ffff000098190200 [ 54.490051] which belongs to the cache kmalloc-16 of size 16 [ 54.502539] The buggy address is located 8 bytes inside of [ 54.502539] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 54.514941] [ 54.516479] The buggy address belongs to the physical page: [ 54.522130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 54.530239] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.536853] page_type: f5(slab) [ 54.540059] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.547909] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.555753] page dumped because: kasan: bad access detected [ 54.561404] [ 54.562934] Memory state around the buggy address: [ 54.567795] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.575115] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.582434] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.589749] ^ [ 54.593299] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.600616] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.607931] ================================================================== [ 55.966700] ================================================================== [ 55.974024] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 55.982306] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 55.989801] [ 55.991334] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 55.991363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 55.991371] Hardware name: Thundercomm Dragonboard 845c (DT) [ 55.991382] Call trace: [ 55.991389] show_stack+0x20/0x38 (C) [ 55.991407] dump_stack_lvl+0x8c/0xd0 [ 55.991426] print_report+0x118/0x608 [ 55.991445] kasan_report+0xdc/0x128 [ 55.991462] kasan_check_range+0x100/0x1a8 [ 55.991482] __kasan_check_write+0x20/0x30 [ 55.991497] kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 55.991516] kasan_bitops_generic+0x110/0x1c8 [ 55.991535] kunit_try_run_case+0x170/0x3f0 [ 55.991554] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 55.991576] kthread+0x328/0x630 [ 55.991590] ret_from_fork+0x10/0x20 [ 55.991606] [ 56.066247] Allocated by task 370: [ 56.069700] kasan_save_stack+0x3c/0x68 [ 56.073597] kasan_save_track+0x20/0x40 [ 56.077503] kasan_save_alloc_info+0x40/0x58 [ 56.081840] __kasan_kmalloc+0xd4/0xd8 [ 56.085657] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.090260] kasan_bitops_generic+0xa0/0x1c8 [ 56.094598] kunit_try_run_case+0x170/0x3f0 [ 56.098851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.104413] kthread+0x328/0x630 [ 56.107694] ret_from_fork+0x10/0x20 [ 56.111325] [ 56.112859] The buggy address belongs to the object at ffff000098190200 [ 56.112859] which belongs to the cache kmalloc-16 of size 16 [ 56.125340] The buggy address is located 8 bytes inside of [ 56.125340] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 56.137737] [ 56.139270] The buggy address belongs to the physical page: [ 56.144913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 56.153014] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.159626] page_type: f5(slab) [ 56.162829] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.170669] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.178506] page dumped because: kasan: bad access detected [ 56.184149] [ 56.185672] Memory state around the buggy address: [ 56.190524] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.197842] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.205160] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.212467] ^ [ 56.216017] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.223335] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.230642] ================================================================== [ 56.509370] ================================================================== [ 56.516685] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 56.524962] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 56.532369] [ 56.533896] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 56.533926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.533934] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.533947] Call trace: [ 56.533954] show_stack+0x20/0x38 (C) [ 56.533971] dump_stack_lvl+0x8c/0xd0 [ 56.533990] print_report+0x118/0x608 [ 56.534009] kasan_report+0xdc/0x128 [ 56.534028] __asan_report_load8_noabort+0x20/0x30 [ 56.534045] kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 56.534065] kasan_bitops_generic+0x110/0x1c8 [ 56.534082] kunit_try_run_case+0x170/0x3f0 [ 56.534101] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.534121] kthread+0x328/0x630 [ 56.534135] ret_from_fork+0x10/0x20 [ 56.534151] [ 56.605378] Allocated by task 370: [ 56.608836] kasan_save_stack+0x3c/0x68 [ 56.612735] kasan_save_track+0x20/0x40 [ 56.616634] kasan_save_alloc_info+0x40/0x58 [ 56.620976] __kasan_kmalloc+0xd4/0xd8 [ 56.624788] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.629391] kasan_bitops_generic+0xa0/0x1c8 [ 56.633736] kunit_try_run_case+0x170/0x3f0 [ 56.637992] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.643562] kthread+0x328/0x630 [ 56.646849] ret_from_fork+0x10/0x20 [ 56.650487] [ 56.652019] The buggy address belongs to the object at ffff000098190200 [ 56.652019] which belongs to the cache kmalloc-16 of size 16 [ 56.664500] The buggy address is located 8 bytes inside of [ 56.664500] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 56.676899] [ 56.678424] The buggy address belongs to the physical page: [ 56.684071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 56.692169] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.698779] page_type: f5(slab) [ 56.701979] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.709819] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.717656] page dumped because: kasan: bad access detected [ 56.723303] [ 56.724827] Memory state around the buggy address: [ 56.729685] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.737000] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 56.744316] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.751629] ^ [ 56.755174] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.762488] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.769799] ================================================================== [ 54.615771] ================================================================== [ 54.623096] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 54.631379] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 54.638871] [ 54.640407] CPU: 6 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 54.640440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 54.640449] Hardware name: Thundercomm Dragonboard 845c (DT) [ 54.640461] Call trace: [ 54.640468] show_stack+0x20/0x38 (C) [ 54.640487] dump_stack_lvl+0x8c/0xd0 [ 54.640508] print_report+0x118/0x608 [ 54.640528] kasan_report+0xdc/0x128 [ 54.640547] kasan_check_range+0x100/0x1a8 [ 54.640569] __kasan_check_write+0x20/0x30 [ 54.640584] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 54.640605] kasan_bitops_generic+0x110/0x1c8 [ 54.640622] kunit_try_run_case+0x170/0x3f0 [ 54.640640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.640661] kthread+0x328/0x630 [ 54.640674] ret_from_fork+0x10/0x20 [ 54.640692] [ 54.715367] Allocated by task 370: [ 54.718829] kasan_save_stack+0x3c/0x68 [ 54.722737] kasan_save_track+0x20/0x40 [ 54.726634] kasan_save_alloc_info+0x40/0x58 [ 54.730970] __kasan_kmalloc+0xd4/0xd8 [ 54.734780] __kmalloc_cache_noprof+0x16c/0x3c0 [ 54.739378] kasan_bitops_generic+0xa0/0x1c8 [ 54.743717] kunit_try_run_case+0x170/0x3f0 [ 54.747973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 54.753541] kthread+0x328/0x630 [ 54.756827] ret_from_fork+0x10/0x20 [ 54.760461] [ 54.761986] The buggy address belongs to the object at ffff000098190200 [ 54.761986] which belongs to the cache kmalloc-16 of size 16 [ 54.774463] The buggy address is located 8 bytes inside of [ 54.774463] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 54.786862] [ 54.788397] The buggy address belongs to the physical page: [ 54.794042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 54.802145] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 54.808758] page_type: f5(slab) [ 54.811960] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 54.819807] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 54.827650] page dumped because: kasan: bad access detected [ 54.833295] [ 54.834818] Memory state around the buggy address: [ 54.839683] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.846995] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 54.854305] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.861611] ^ [ 54.865152] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.872464] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.879770] ==================================================================
[ 33.342897] ================================================================== [ 33.342972] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 33.343517] Write of size 8 at addr fff00000c5a30ce8 by task kunit_try_catch/293 [ 33.343888] [ 33.343952] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.344338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.344368] Hardware name: linux,dummy-virt (DT) [ 33.344406] Call trace: [ 33.344431] show_stack+0x20/0x38 (C) [ 33.344557] dump_stack_lvl+0x8c/0xd0 [ 33.345093] __kasan_check_write+0x20/0x30 [ 33.346322] ret_from_fork+0x10/0x20 [ 33.346377] [ 33.346425] Allocated by task 293: [ 33.346772] kasan_save_alloc_info+0x40/0x58 [ 33.347538] ret_from_fork+0x10/0x20 [ 33.347864] The buggy address is located 8 bytes inside of [ 33.347864] allocated 9-byte region [fff00000c5a30ce0, fff00000c5a30ce9) [ 33.348403] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.349137] page dumped because: kasan: bad access detected [ 33.349389] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.349871] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.352567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.353724] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.353965] kthread+0x328/0x630 [ 33.354014] ret_from_fork+0x10/0x20 [ 33.354133] [ 33.354153] Allocated by task 293: [ 33.354184] kasan_save_stack+0x3c/0x68 [ 33.354569] kasan_save_alloc_info+0x40/0x58 [ 33.355269] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.355802] [ 33.356268] page_type: f5(slab) [ 33.356501] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 33.356642] page dumped because: kasan: bad access detected [ 33.356849] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.358924] [ 33.359512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.360418] kasan_report+0xdc/0x128 [ 33.360569] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 33.361029] kunit_try_run_case+0x170/0x3f0 [ 33.362346] __kasan_kmalloc+0xd4/0xd8 [ 33.363694] The buggy address is located 8 bytes inside of [ 33.363694] allocated 9-byte region [fff00000c5a30ce0, fff00000c5a30ce9) [ 33.364235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.364664] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 33.364884] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.365661] ==================================================================
[ 25.181267] ================================================================== [ 25.182156] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183221] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.183497] [ 25.183585] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.183636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.183650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.183672] Call Trace: [ 25.183685] <TASK> [ 25.183703] dump_stack_lvl+0x73/0xb0 [ 25.183733] print_report+0xd1/0x650 [ 25.183755] ? __virt_addr_valid+0x1db/0x2d0 [ 25.183780] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.183829] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183854] kasan_report+0x141/0x180 [ 25.183875] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183904] kasan_check_range+0x10c/0x1c0 [ 25.183927] __kasan_check_write+0x18/0x20 [ 25.183950] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183974] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.184000] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.184024] ? trace_hardirqs_on+0x37/0xe0 [ 25.184045] ? kasan_bitops_generic+0x92/0x1c0 [ 25.184072] kasan_bitops_generic+0x116/0x1c0 [ 25.184094] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.184118] ? __pfx_read_tsc+0x10/0x10 [ 25.184250] ? ktime_get_ts64+0x86/0x230 [ 25.184323] kunit_try_run_case+0x1a5/0x480 [ 25.184350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184373] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.184395] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.184421] ? __kthread_parkme+0x82/0x180 [ 25.184442] ? preempt_count_sub+0x50/0x80 [ 25.184476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.184523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.184547] kthread+0x337/0x6f0 [ 25.184567] ? trace_preempt_on+0x20/0xc0 [ 25.184588] ? __pfx_kthread+0x10/0x10 [ 25.184609] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.184632] ? calculate_sigpending+0x7b/0xa0 [ 25.184655] ? __pfx_kthread+0x10/0x10 [ 25.184677] ret_from_fork+0x116/0x1d0 [ 25.184696] ? __pfx_kthread+0x10/0x10 [ 25.184717] ret_from_fork_asm+0x1a/0x30 [ 25.184747] </TASK> [ 25.184759] [ 25.199910] Allocated by task 310: [ 25.200104] kasan_save_stack+0x45/0x70 [ 25.200681] kasan_save_track+0x18/0x40 [ 25.200827] kasan_save_alloc_info+0x3b/0x50 [ 25.200972] __kasan_kmalloc+0xb7/0xc0 [ 25.201103] __kmalloc_cache_noprof+0x189/0x420 [ 25.201261] kasan_bitops_generic+0x92/0x1c0 [ 25.201402] kunit_try_run_case+0x1a5/0x480 [ 25.201745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.202220] kthread+0x337/0x6f0 [ 25.202658] ret_from_fork+0x116/0x1d0 [ 25.203017] ret_from_fork_asm+0x1a/0x30 [ 25.203491] [ 25.203688] The buggy address belongs to the object at ffff888104b06e60 [ 25.203688] which belongs to the cache kmalloc-16 of size 16 [ 25.205043] The buggy address is located 8 bytes inside of [ 25.205043] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.206038] [ 25.206118] The buggy address belongs to the physical page: [ 25.206579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.207328] flags: 0x200000000000000(node=0|zone=2) [ 25.207788] page_type: f5(slab) [ 25.207987] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.208281] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.209040] page dumped because: kasan: bad access detected [ 25.209586] [ 25.209742] Memory state around the buggy address: [ 25.210205] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.210434] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.210662] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.210869] ^ [ 25.211062] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.211582] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.212228] ================================================================== [ 25.291637] ================================================================== [ 25.291975] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.292355] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.292663] [ 25.292761] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.292808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.292821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.292842] Call Trace: [ 25.292856] <TASK> [ 25.292872] dump_stack_lvl+0x73/0xb0 [ 25.292898] print_report+0xd1/0x650 [ 25.292920] ? __virt_addr_valid+0x1db/0x2d0 [ 25.292943] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.292968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.292992] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.293018] kasan_report+0x141/0x180 [ 25.293040] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.293069] kasan_check_range+0x10c/0x1c0 [ 25.293093] __kasan_check_write+0x18/0x20 [ 25.293116] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.293141] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.293167] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.293189] ? trace_hardirqs_on+0x37/0xe0 [ 25.293212] ? kasan_bitops_generic+0x92/0x1c0 [ 25.293238] kasan_bitops_generic+0x116/0x1c0 [ 25.293261] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.293286] ? __pfx_read_tsc+0x10/0x10 [ 25.293306] ? ktime_get_ts64+0x86/0x230 [ 25.293330] kunit_try_run_case+0x1a5/0x480 [ 25.293354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293378] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.293399] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.293424] ? __kthread_parkme+0x82/0x180 [ 25.293445] ? preempt_count_sub+0x50/0x80 [ 25.293479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.293527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.293551] kthread+0x337/0x6f0 [ 25.293570] ? trace_preempt_on+0x20/0xc0 [ 25.293592] ? __pfx_kthread+0x10/0x10 [ 25.293613] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.293636] ? calculate_sigpending+0x7b/0xa0 [ 25.293660] ? __pfx_kthread+0x10/0x10 [ 25.293682] ret_from_fork+0x116/0x1d0 [ 25.293701] ? __pfx_kthread+0x10/0x10 [ 25.293722] ret_from_fork_asm+0x1a/0x30 [ 25.293753] </TASK> [ 25.293764] [ 25.302260] Allocated by task 310: [ 25.302438] kasan_save_stack+0x45/0x70 [ 25.302709] kasan_save_track+0x18/0x40 [ 25.302904] kasan_save_alloc_info+0x3b/0x50 [ 25.303117] __kasan_kmalloc+0xb7/0xc0 [ 25.303402] __kmalloc_cache_noprof+0x189/0x420 [ 25.303637] kasan_bitops_generic+0x92/0x1c0 [ 25.303810] kunit_try_run_case+0x1a5/0x480 [ 25.303986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.304157] kthread+0x337/0x6f0 [ 25.304271] ret_from_fork+0x116/0x1d0 [ 25.304398] ret_from_fork_asm+0x1a/0x30 [ 25.304541] [ 25.304606] The buggy address belongs to the object at ffff888104b06e60 [ 25.304606] which belongs to the cache kmalloc-16 of size 16 [ 25.305427] The buggy address is located 8 bytes inside of [ 25.305427] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.305966] [ 25.306052] The buggy address belongs to the physical page: [ 25.306310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.306598] flags: 0x200000000000000(node=0|zone=2) [ 25.306755] page_type: f5(slab) [ 25.306869] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.307094] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.307662] page dumped because: kasan: bad access detected [ 25.307918] [ 25.308006] Memory state around the buggy address: [ 25.308352] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.308692] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.308971] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.309176] ^ [ 25.309368] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.309588] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.309793] ================================================================== [ 25.329339] ================================================================== [ 25.329689] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330067] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.330586] [ 25.330677] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.330721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.330733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.330754] Call Trace: [ 25.330771] <TASK> [ 25.330786] dump_stack_lvl+0x73/0xb0 [ 25.330813] print_report+0xd1/0x650 [ 25.330834] ? __virt_addr_valid+0x1db/0x2d0 [ 25.330858] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330882] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.330907] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330932] kasan_report+0x141/0x180 [ 25.330954] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330984] kasan_check_range+0x10c/0x1c0 [ 25.331007] __kasan_check_write+0x18/0x20 [ 25.331030] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.331056] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.331084] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.331108] ? trace_hardirqs_on+0x37/0xe0 [ 25.331141] ? kasan_bitops_generic+0x92/0x1c0 [ 25.331169] kasan_bitops_generic+0x116/0x1c0 [ 25.331192] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.331218] ? __pfx_read_tsc+0x10/0x10 [ 25.331238] ? ktime_get_ts64+0x86/0x230 [ 25.331262] kunit_try_run_case+0x1a5/0x480 [ 25.331286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.331309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.331331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.331357] ? __kthread_parkme+0x82/0x180 [ 25.331378] ? preempt_count_sub+0x50/0x80 [ 25.331401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.331426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.331449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.331485] kthread+0x337/0x6f0 [ 25.331504] ? trace_preempt_on+0x20/0xc0 [ 25.331526] ? __pfx_kthread+0x10/0x10 [ 25.331547] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.331571] ? calculate_sigpending+0x7b/0xa0 [ 25.331595] ? __pfx_kthread+0x10/0x10 [ 25.331616] ret_from_fork+0x116/0x1d0 [ 25.331636] ? __pfx_kthread+0x10/0x10 [ 25.331657] ret_from_fork_asm+0x1a/0x30 [ 25.331688] </TASK> [ 25.331700] [ 25.346003] Allocated by task 310: [ 25.346239] kasan_save_stack+0x45/0x70 [ 25.346405] kasan_save_track+0x18/0x40 [ 25.346599] kasan_save_alloc_info+0x3b/0x50 [ 25.346741] __kasan_kmalloc+0xb7/0xc0 [ 25.346871] __kmalloc_cache_noprof+0x189/0x420 [ 25.347033] kasan_bitops_generic+0x92/0x1c0 [ 25.347236] kunit_try_run_case+0x1a5/0x480 [ 25.347434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.347664] kthread+0x337/0x6f0 [ 25.347974] ret_from_fork+0x116/0x1d0 [ 25.348129] ret_from_fork_asm+0x1a/0x30 [ 25.348448] [ 25.348532] The buggy address belongs to the object at ffff888104b06e60 [ 25.348532] which belongs to the cache kmalloc-16 of size 16 [ 25.348962] The buggy address is located 8 bytes inside of [ 25.348962] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.349807] [ 25.349899] The buggy address belongs to the physical page: [ 25.350092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.350435] flags: 0x200000000000000(node=0|zone=2) [ 25.350680] page_type: f5(slab) [ 25.350827] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.351134] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.351614] page dumped because: kasan: bad access detected [ 25.351837] [ 25.351918] Memory state around the buggy address: [ 25.352090] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.352491] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.352780] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.353011] ^ [ 25.353298] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.353620] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.353923] ================================================================== [ 25.310385] ================================================================== [ 25.310731] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.311100] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.311833] [ 25.311937] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.311981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.311994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.312015] Call Trace: [ 25.312027] <TASK> [ 25.312041] dump_stack_lvl+0x73/0xb0 [ 25.312067] print_report+0xd1/0x650 [ 25.312088] ? __virt_addr_valid+0x1db/0x2d0 [ 25.312111] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312136] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.312163] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312188] kasan_report+0x141/0x180 [ 25.312378] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312409] kasan_check_range+0x10c/0x1c0 [ 25.312433] __kasan_check_write+0x18/0x20 [ 25.312471] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312497] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.312523] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.312546] ? trace_hardirqs_on+0x37/0xe0 [ 25.312567] ? kasan_bitops_generic+0x92/0x1c0 [ 25.312594] kasan_bitops_generic+0x116/0x1c0 [ 25.312616] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.312641] ? __pfx_read_tsc+0x10/0x10 [ 25.312662] ? ktime_get_ts64+0x86/0x230 [ 25.312685] kunit_try_run_case+0x1a5/0x480 [ 25.312710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.312733] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.312754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.312781] ? __kthread_parkme+0x82/0x180 [ 25.312802] ? preempt_count_sub+0x50/0x80 [ 25.312824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.312849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.312874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.312898] kthread+0x337/0x6f0 [ 25.312918] ? trace_preempt_on+0x20/0xc0 [ 25.312941] ? __pfx_kthread+0x10/0x10 [ 25.312961] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.312985] ? calculate_sigpending+0x7b/0xa0 [ 25.313008] ? __pfx_kthread+0x10/0x10 [ 25.313031] ret_from_fork+0x116/0x1d0 [ 25.313050] ? __pfx_kthread+0x10/0x10 [ 25.313071] ret_from_fork_asm+0x1a/0x30 [ 25.313102] </TASK> [ 25.313113] [ 25.321064] Allocated by task 310: [ 25.321188] kasan_save_stack+0x45/0x70 [ 25.321390] kasan_save_track+0x18/0x40 [ 25.321814] kasan_save_alloc_info+0x3b/0x50 [ 25.322024] __kasan_kmalloc+0xb7/0xc0 [ 25.322342] __kmalloc_cache_noprof+0x189/0x420 [ 25.322585] kasan_bitops_generic+0x92/0x1c0 [ 25.322782] kunit_try_run_case+0x1a5/0x480 [ 25.322922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.323090] kthread+0x337/0x6f0 [ 25.323413] ret_from_fork+0x116/0x1d0 [ 25.323631] ret_from_fork_asm+0x1a/0x30 [ 25.323829] [ 25.323984] The buggy address belongs to the object at ffff888104b06e60 [ 25.323984] which belongs to the cache kmalloc-16 of size 16 [ 25.324547] The buggy address is located 8 bytes inside of [ 25.324547] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.324993] [ 25.325060] The buggy address belongs to the physical page: [ 25.325224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.325466] flags: 0x200000000000000(node=0|zone=2) [ 25.325622] page_type: f5(slab) [ 25.325734] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.326061] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.326386] page dumped because: kasan: bad access detected [ 25.326638] [ 25.326963] Memory state around the buggy address: [ 25.327269] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.327598] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.327909] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.328204] ^ [ 25.328396] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.328616] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.328821] ================================================================== [ 25.234762] ================================================================== [ 25.235059] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.235441] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.235682] [ 25.235760] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.235805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.235817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.235839] Call Trace: [ 25.235855] <TASK> [ 25.235871] dump_stack_lvl+0x73/0xb0 [ 25.235897] print_report+0xd1/0x650 [ 25.235919] ? __virt_addr_valid+0x1db/0x2d0 [ 25.235942] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.235967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.235993] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.236018] kasan_report+0x141/0x180 [ 25.236040] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.236069] kasan_check_range+0x10c/0x1c0 [ 25.236093] __kasan_check_write+0x18/0x20 [ 25.236116] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.236141] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.236166] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.236189] ? trace_hardirqs_on+0x37/0xe0 [ 25.236209] ? kasan_bitops_generic+0x92/0x1c0 [ 25.236235] kasan_bitops_generic+0x116/0x1c0 [ 25.236259] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.236283] ? __pfx_read_tsc+0x10/0x10 [ 25.236305] ? ktime_get_ts64+0x86/0x230 [ 25.236329] kunit_try_run_case+0x1a5/0x480 [ 25.236353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.236376] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.236399] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.236424] ? __kthread_parkme+0x82/0x180 [ 25.236444] ? preempt_count_sub+0x50/0x80 [ 25.236481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.236506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.236529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.236554] kthread+0x337/0x6f0 [ 25.236574] ? trace_preempt_on+0x20/0xc0 [ 25.236596] ? __pfx_kthread+0x10/0x10 [ 25.236616] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.236639] ? calculate_sigpending+0x7b/0xa0 [ 25.236664] ? __pfx_kthread+0x10/0x10 [ 25.236685] ret_from_fork+0x116/0x1d0 [ 25.236705] ? __pfx_kthread+0x10/0x10 [ 25.236726] ret_from_fork_asm+0x1a/0x30 [ 25.236757] </TASK> [ 25.236768] [ 25.245779] Allocated by task 310: [ 25.245951] kasan_save_stack+0x45/0x70 [ 25.246147] kasan_save_track+0x18/0x40 [ 25.246398] kasan_save_alloc_info+0x3b/0x50 [ 25.246600] __kasan_kmalloc+0xb7/0xc0 [ 25.246762] __kmalloc_cache_noprof+0x189/0x420 [ 25.246938] kasan_bitops_generic+0x92/0x1c0 [ 25.247147] kunit_try_run_case+0x1a5/0x480 [ 25.247403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.247602] kthread+0x337/0x6f0 [ 25.247725] ret_from_fork+0x116/0x1d0 [ 25.247853] ret_from_fork_asm+0x1a/0x30 [ 25.247995] [ 25.248085] The buggy address belongs to the object at ffff888104b06e60 [ 25.248085] which belongs to the cache kmalloc-16 of size 16 [ 25.248604] The buggy address is located 8 bytes inside of [ 25.248604] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.249368] [ 25.249490] The buggy address belongs to the physical page: [ 25.249739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.250084] flags: 0x200000000000000(node=0|zone=2) [ 25.250425] page_type: f5(slab) [ 25.250559] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.250789] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.251010] page dumped because: kasan: bad access detected [ 25.251177] [ 25.251266] Memory state around the buggy address: [ 25.251494] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.251841] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.252151] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.252448] ^ [ 25.252648] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.252858] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.253061] ================================================================== [ 25.213488] ================================================================== [ 25.214102] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.215051] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.215893] [ 25.216068] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.216116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.216129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.216150] Call Trace: [ 25.216181] <TASK> [ 25.216197] dump_stack_lvl+0x73/0xb0 [ 25.216225] print_report+0xd1/0x650 [ 25.216248] ? __virt_addr_valid+0x1db/0x2d0 [ 25.216271] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.216322] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216347] kasan_report+0x141/0x180 [ 25.216368] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216398] kasan_check_range+0x10c/0x1c0 [ 25.216421] __kasan_check_write+0x18/0x20 [ 25.216443] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216483] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.216509] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.216532] ? trace_hardirqs_on+0x37/0xe0 [ 25.216553] ? kasan_bitops_generic+0x92/0x1c0 [ 25.216580] kasan_bitops_generic+0x116/0x1c0 [ 25.216603] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.216627] ? __pfx_read_tsc+0x10/0x10 [ 25.216648] ? ktime_get_ts64+0x86/0x230 [ 25.216672] kunit_try_run_case+0x1a5/0x480 [ 25.216696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.216719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.216740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.216766] ? __kthread_parkme+0x82/0x180 [ 25.216787] ? preempt_count_sub+0x50/0x80 [ 25.216810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.216834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.216858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.216882] kthread+0x337/0x6f0 [ 25.216901] ? trace_preempt_on+0x20/0xc0 [ 25.216923] ? __pfx_kthread+0x10/0x10 [ 25.216944] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.216967] ? calculate_sigpending+0x7b/0xa0 [ 25.216991] ? __pfx_kthread+0x10/0x10 [ 25.217013] ret_from_fork+0x116/0x1d0 [ 25.217033] ? __pfx_kthread+0x10/0x10 [ 25.217054] ret_from_fork_asm+0x1a/0x30 [ 25.217085] </TASK> [ 25.217096] [ 25.225812] Allocated by task 310: [ 25.225974] kasan_save_stack+0x45/0x70 [ 25.226172] kasan_save_track+0x18/0x40 [ 25.226362] kasan_save_alloc_info+0x3b/0x50 [ 25.226652] __kasan_kmalloc+0xb7/0xc0 [ 25.226853] __kmalloc_cache_noprof+0x189/0x420 [ 25.227072] kasan_bitops_generic+0x92/0x1c0 [ 25.227281] kunit_try_run_case+0x1a5/0x480 [ 25.227563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.227846] kthread+0x337/0x6f0 [ 25.227980] ret_from_fork+0x116/0x1d0 [ 25.228282] ret_from_fork_asm+0x1a/0x30 [ 25.228517] [ 25.228586] The buggy address belongs to the object at ffff888104b06e60 [ 25.228586] which belongs to the cache kmalloc-16 of size 16 [ 25.229070] The buggy address is located 8 bytes inside of [ 25.229070] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.229631] [ 25.229724] The buggy address belongs to the physical page: [ 25.229940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.230262] flags: 0x200000000000000(node=0|zone=2) [ 25.230607] page_type: f5(slab) [ 25.230768] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.231048] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.231268] page dumped because: kasan: bad access detected [ 25.231433] [ 25.231508] Memory state around the buggy address: [ 25.231656] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.232030] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.232719] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.233040] ^ [ 25.233563] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.233899] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.234340] ================================================================== [ 25.253429] ================================================================== [ 25.253775] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.254312] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.254668] [ 25.254773] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.254818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.254830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.254852] Call Trace: [ 25.254868] <TASK> [ 25.254883] dump_stack_lvl+0x73/0xb0 [ 25.254912] print_report+0xd1/0x650 [ 25.254933] ? __virt_addr_valid+0x1db/0x2d0 [ 25.254957] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.254982] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.255008] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.255034] kasan_report+0x141/0x180 [ 25.255055] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.255085] kasan_check_range+0x10c/0x1c0 [ 25.255108] __kasan_check_write+0x18/0x20 [ 25.255132] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.255221] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.255249] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.255273] ? trace_hardirqs_on+0x37/0xe0 [ 25.255295] ? kasan_bitops_generic+0x92/0x1c0 [ 25.255322] kasan_bitops_generic+0x116/0x1c0 [ 25.255345] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.255369] ? __pfx_read_tsc+0x10/0x10 [ 25.255391] ? ktime_get_ts64+0x86/0x230 [ 25.255416] kunit_try_run_case+0x1a5/0x480 [ 25.255440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.255476] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.255500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.255526] ? __kthread_parkme+0x82/0x180 [ 25.255546] ? preempt_count_sub+0x50/0x80 [ 25.255570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.255594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.255618] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.255643] kthread+0x337/0x6f0 [ 25.255662] ? trace_preempt_on+0x20/0xc0 [ 25.255684] ? __pfx_kthread+0x10/0x10 [ 25.255705] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.255728] ? calculate_sigpending+0x7b/0xa0 [ 25.255753] ? __pfx_kthread+0x10/0x10 [ 25.255776] ret_from_fork+0x116/0x1d0 [ 25.255795] ? __pfx_kthread+0x10/0x10 [ 25.255817] ret_from_fork_asm+0x1a/0x30 [ 25.255847] </TASK> [ 25.255858] [ 25.264123] Allocated by task 310: [ 25.264348] kasan_save_stack+0x45/0x70 [ 25.264553] kasan_save_track+0x18/0x40 [ 25.264704] kasan_save_alloc_info+0x3b/0x50 [ 25.264848] __kasan_kmalloc+0xb7/0xc0 [ 25.264984] __kmalloc_cache_noprof+0x189/0x420 [ 25.265414] kasan_bitops_generic+0x92/0x1c0 [ 25.265665] kunit_try_run_case+0x1a5/0x480 [ 25.265878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.266093] kthread+0x337/0x6f0 [ 25.266347] ret_from_fork+0x116/0x1d0 [ 25.266495] ret_from_fork_asm+0x1a/0x30 [ 25.266677] [ 25.266766] The buggy address belongs to the object at ffff888104b06e60 [ 25.266766] which belongs to the cache kmalloc-16 of size 16 [ 25.267308] The buggy address is located 8 bytes inside of [ 25.267308] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.267806] [ 25.267899] The buggy address belongs to the physical page: [ 25.268109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.268489] flags: 0x200000000000000(node=0|zone=2) [ 25.268713] page_type: f5(slab) [ 25.268850] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.269113] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.269333] page dumped because: kasan: bad access detected [ 25.269507] [ 25.269570] Memory state around the buggy address: [ 25.269717] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.270036] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.270547] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.270854] ^ [ 25.271129] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.271338] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.271555] ================================================================== [ 25.271894] ================================================================== [ 25.272115] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.272837] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.273177] [ 25.273281] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.273392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.273407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.273428] Call Trace: [ 25.273441] <TASK> [ 25.273466] dump_stack_lvl+0x73/0xb0 [ 25.273494] print_report+0xd1/0x650 [ 25.273516] ? __virt_addr_valid+0x1db/0x2d0 [ 25.273538] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273563] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.273588] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273613] kasan_report+0x141/0x180 [ 25.273635] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273664] kasan_check_range+0x10c/0x1c0 [ 25.273688] __kasan_check_write+0x18/0x20 [ 25.273711] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273736] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.273763] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.273786] ? trace_hardirqs_on+0x37/0xe0 [ 25.273807] ? kasan_bitops_generic+0x92/0x1c0 [ 25.273834] kasan_bitops_generic+0x116/0x1c0 [ 25.273864] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.273889] ? __pfx_read_tsc+0x10/0x10 [ 25.273910] ? ktime_get_ts64+0x86/0x230 [ 25.273934] kunit_try_run_case+0x1a5/0x480 [ 25.273958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.273984] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.274005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.274032] ? __kthread_parkme+0x82/0x180 [ 25.274053] ? preempt_count_sub+0x50/0x80 [ 25.274075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.274100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.274124] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.274148] kthread+0x337/0x6f0 [ 25.274168] ? trace_preempt_on+0x20/0xc0 [ 25.274190] ? __pfx_kthread+0x10/0x10 [ 25.274211] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.274235] ? calculate_sigpending+0x7b/0xa0 [ 25.274315] ? __pfx_kthread+0x10/0x10 [ 25.274339] ret_from_fork+0x116/0x1d0 [ 25.274358] ? __pfx_kthread+0x10/0x10 [ 25.274380] ret_from_fork_asm+0x1a/0x30 [ 25.274410] </TASK> [ 25.274422] [ 25.282778] Allocated by task 310: [ 25.282903] kasan_save_stack+0x45/0x70 [ 25.283044] kasan_save_track+0x18/0x40 [ 25.283274] kasan_save_alloc_info+0x3b/0x50 [ 25.283670] __kasan_kmalloc+0xb7/0xc0 [ 25.283854] __kmalloc_cache_noprof+0x189/0x420 [ 25.284067] kasan_bitops_generic+0x92/0x1c0 [ 25.284302] kunit_try_run_case+0x1a5/0x480 [ 25.284509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.284862] kthread+0x337/0x6f0 [ 25.285178] ret_from_fork+0x116/0x1d0 [ 25.285541] ret_from_fork_asm+0x1a/0x30 [ 25.285678] [ 25.285743] The buggy address belongs to the object at ffff888104b06e60 [ 25.285743] which belongs to the cache kmalloc-16 of size 16 [ 25.286258] The buggy address is located 8 bytes inside of [ 25.286258] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.286799] [ 25.286891] The buggy address belongs to the physical page: [ 25.287137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.287532] flags: 0x200000000000000(node=0|zone=2) [ 25.287716] page_type: f5(slab) [ 25.287833] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.288208] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.288506] page dumped because: kasan: bad access detected [ 25.288673] [ 25.288736] Memory state around the buggy address: [ 25.288885] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.289097] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.289468] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.289985] ^ [ 25.290269] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.290767] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.291001] ==================================================================