Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 57.861538] ================================================================== [ 57.868853] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 57.877922] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 57.885413] [ 57.886939] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 57.886969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.886979] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.886990] Call trace: [ 57.886996] show_stack+0x20/0x38 (C) [ 57.887013] dump_stack_lvl+0x8c/0xd0 [ 57.887032] print_report+0x118/0x608 [ 57.887051] kasan_report+0xdc/0x128 [ 57.887070] kasan_check_range+0x100/0x1a8 [ 57.887090] __kasan_check_write+0x20/0x30 [ 57.887106] kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 57.887129] kasan_bitops_generic+0x11c/0x1c8 [ 57.887146] kunit_try_run_case+0x170/0x3f0 [ 57.887164] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.887187] kthread+0x328/0x630 [ 57.887200] ret_from_fork+0x10/0x20 [ 57.887217] [ 57.962658] Allocated by task 370: [ 57.966115] kasan_save_stack+0x3c/0x68 [ 57.970014] kasan_save_track+0x20/0x40 [ 57.973912] kasan_save_alloc_info+0x40/0x58 [ 57.978251] __kasan_kmalloc+0xd4/0xd8 [ 57.982061] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.986664] kasan_bitops_generic+0xa0/0x1c8 [ 57.991008] kunit_try_run_case+0x170/0x3f0 [ 57.995266] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.000828] kthread+0x328/0x630 [ 58.004115] ret_from_fork+0x10/0x20 [ 58.007752] [ 58.009276] The buggy address belongs to the object at ffff000098190200 [ 58.009276] which belongs to the cache kmalloc-16 of size 16 [ 58.021758] The buggy address is located 8 bytes inside of [ 58.021758] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 58.034159] [ 58.035684] The buggy address belongs to the physical page: [ 58.041333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 58.049431] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 58.056041] page_type: f5(slab) [ 58.059242] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 58.067084] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 58.074920] page dumped because: kasan: bad access detected [ 58.080569] [ 58.082093] Memory state around the buggy address: [ 58.086950] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.094266] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.101581] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.108894] ^ [ 58.112438] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.119753] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.127066] ================================================================== [ 57.319272] ================================================================== [ 57.326589] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 57.335658] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 57.343149] [ 57.344675] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 57.344703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.344712] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.344724] Call trace: [ 57.344729] show_stack+0x20/0x38 (C) [ 57.344747] dump_stack_lvl+0x8c/0xd0 [ 57.344767] print_report+0x118/0x608 [ 57.344787] kasan_report+0xdc/0x128 [ 57.344805] kasan_check_range+0x100/0x1a8 [ 57.344824] __kasan_check_write+0x20/0x30 [ 57.344840] kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 57.344860] kasan_bitops_generic+0x11c/0x1c8 [ 57.344879] kunit_try_run_case+0x170/0x3f0 [ 57.344896] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.344917] kthread+0x328/0x630 [ 57.344931] ret_from_fork+0x10/0x20 [ 57.344947] [ 57.420392] Allocated by task 370: [ 57.423852] kasan_save_stack+0x3c/0x68 [ 57.427751] kasan_save_track+0x20/0x40 [ 57.431651] kasan_save_alloc_info+0x40/0x58 [ 57.435991] __kasan_kmalloc+0xd4/0xd8 [ 57.439801] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.444405] kasan_bitops_generic+0xa0/0x1c8 [ 57.448748] kunit_try_run_case+0x170/0x3f0 [ 57.453003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.458575] kthread+0x328/0x630 [ 57.461862] ret_from_fork+0x10/0x20 [ 57.465499] [ 57.467024] The buggy address belongs to the object at ffff000098190200 [ 57.467024] which belongs to the cache kmalloc-16 of size 16 [ 57.479507] The buggy address is located 8 bytes inside of [ 57.479507] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 57.491906] [ 57.493430] The buggy address belongs to the physical page: [ 57.499080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 57.507180] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 57.513791] page_type: f5(slab) [ 57.516991] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 57.524831] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 57.532665] page dumped because: kasan: bad access detected [ 57.538315] [ 57.539838] Memory state around the buggy address: [ 57.544696] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.552013] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.559328] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.566640] ^ [ 57.570185] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.577499] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.584811] ================================================================== [ 57.592191] ================================================================== [ 57.599505] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 57.608576] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 57.615982] [ 57.617508] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 57.617538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.617546] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.617557] Call trace: [ 57.617562] show_stack+0x20/0x38 (C) [ 57.617580] dump_stack_lvl+0x8c/0xd0 [ 57.617598] print_report+0x118/0x608 [ 57.617616] kasan_report+0xdc/0x128 [ 57.617635] __asan_report_load8_noabort+0x20/0x30 [ 57.617650] kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 57.617672] kasan_bitops_generic+0x11c/0x1c8 [ 57.617689] kunit_try_run_case+0x170/0x3f0 [ 57.617707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.617727] kthread+0x328/0x630 [ 57.617740] ret_from_fork+0x10/0x20 [ 57.617757] [ 57.689768] Allocated by task 370: [ 57.693225] kasan_save_stack+0x3c/0x68 [ 57.697126] kasan_save_track+0x20/0x40 [ 57.701027] kasan_save_alloc_info+0x40/0x58 [ 57.705368] __kasan_kmalloc+0xd4/0xd8 [ 57.709179] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.713783] kasan_bitops_generic+0xa0/0x1c8 [ 57.718126] kunit_try_run_case+0x170/0x3f0 [ 57.722383] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.727943] kthread+0x328/0x630 [ 57.731230] ret_from_fork+0x10/0x20 [ 57.734865] [ 57.736390] The buggy address belongs to the object at ffff000098190200 [ 57.736390] which belongs to the cache kmalloc-16 of size 16 [ 57.748873] The buggy address is located 8 bytes inside of [ 57.748873] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 57.761271] [ 57.762795] The buggy address belongs to the physical page: [ 57.768443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 57.776542] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 57.783153] page_type: f5(slab) [ 57.786355] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 57.794195] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 57.802033] page dumped because: kasan: bad access detected [ 57.807681] [ 57.809204] Memory state around the buggy address: [ 57.814061] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.821375] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.828688] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.835999] ^ [ 57.839543] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.846858] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.854170] ================================================================== [ 56.777168] ================================================================== [ 56.784483] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 56.793464] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 56.800956] [ 56.802481] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 56.802513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.802521] Hardware name: Thundercomm Dragonboard 845c (DT) [ 56.802533] Call trace: [ 56.802540] show_stack+0x20/0x38 (C) [ 56.802558] dump_stack_lvl+0x8c/0xd0 [ 56.802577] print_report+0x118/0x608 [ 56.802596] kasan_report+0xdc/0x128 [ 56.802614] kasan_check_range+0x100/0x1a8 [ 56.802635] __kasan_check_write+0x20/0x30 [ 56.802651] kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 56.802675] kasan_bitops_generic+0x11c/0x1c8 [ 56.802694] kunit_try_run_case+0x170/0x3f0 [ 56.802713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.802733] kthread+0x328/0x630 [ 56.802748] ret_from_fork+0x10/0x20 [ 56.802766] [ 56.878134] Allocated by task 370: [ 56.881592] kasan_save_stack+0x3c/0x68 [ 56.885493] kasan_save_track+0x20/0x40 [ 56.889392] kasan_save_alloc_info+0x40/0x58 [ 56.893733] __kasan_kmalloc+0xd4/0xd8 [ 56.897545] __kmalloc_cache_noprof+0x16c/0x3c0 [ 56.902146] kasan_bitops_generic+0xa0/0x1c8 [ 56.906488] kunit_try_run_case+0x170/0x3f0 [ 56.910745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.916306] kthread+0x328/0x630 [ 56.919593] ret_from_fork+0x10/0x20 [ 56.923231] [ 56.924755] The buggy address belongs to the object at ffff000098190200 [ 56.924755] which belongs to the cache kmalloc-16 of size 16 [ 56.937236] The buggy address is located 8 bytes inside of [ 56.937236] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 56.949636] [ 56.951161] The buggy address belongs to the physical page: [ 56.956809] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 56.964910] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 56.971520] page_type: f5(slab) [ 56.974720] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 56.982560] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 56.990394] page dumped because: kasan: bad access detected [ 56.996043] [ 56.997567] Memory state around the buggy address: [ 57.002427] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.009743] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.017056] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.024370] ^ [ 57.027914] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.035230] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.042543] ================================================================== [ 58.134445] ================================================================== [ 58.141761] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 58.150830] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 58.158236] [ 58.159762] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 58.159792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.159801] Hardware name: Thundercomm Dragonboard 845c (DT) [ 58.159812] Call trace: [ 58.159817] show_stack+0x20/0x38 (C) [ 58.159834] dump_stack_lvl+0x8c/0xd0 [ 58.159853] print_report+0x118/0x608 [ 58.159872] kasan_report+0xdc/0x128 [ 58.159890] __asan_report_load8_noabort+0x20/0x30 [ 58.159907] kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 58.159929] kasan_bitops_generic+0x11c/0x1c8 [ 58.159948] kunit_try_run_case+0x170/0x3f0 [ 58.159965] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.159986] kthread+0x328/0x630 [ 58.160000] ret_from_fork+0x10/0x20 [ 58.160017] [ 58.232025] Allocated by task 370: [ 58.235484] kasan_save_stack+0x3c/0x68 [ 58.239385] kasan_save_track+0x20/0x40 [ 58.243284] kasan_save_alloc_info+0x40/0x58 [ 58.247624] __kasan_kmalloc+0xd4/0xd8 [ 58.251435] __kmalloc_cache_noprof+0x16c/0x3c0 [ 58.256039] kasan_bitops_generic+0xa0/0x1c8 [ 58.260383] kunit_try_run_case+0x170/0x3f0 [ 58.264640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.270213] kthread+0x328/0x630 [ 58.273502] ret_from_fork+0x10/0x20 [ 58.277139] [ 58.278662] The buggy address belongs to the object at ffff000098190200 [ 58.278662] which belongs to the cache kmalloc-16 of size 16 [ 58.291144] The buggy address is located 8 bytes inside of [ 58.291144] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 58.303544] [ 58.305069] The buggy address belongs to the physical page: [ 58.310718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 58.318817] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 58.325427] page_type: f5(slab) [ 58.328627] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 58.336464] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 58.344300] page dumped because: kasan: bad access detected [ 58.349950] [ 58.351474] Memory state around the buggy address: [ 58.356333] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.363649] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.370963] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.378275] ^ [ 58.381819] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.389134] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.396447] ================================================================== [ 57.049920] ================================================================== [ 57.057237] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 57.066305] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 57.073712] [ 57.075239] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 57.075269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.075278] Hardware name: Thundercomm Dragonboard 845c (DT) [ 57.075288] Call trace: [ 57.075294] show_stack+0x20/0x38 (C) [ 57.075314] dump_stack_lvl+0x8c/0xd0 [ 57.075333] print_report+0x118/0x608 [ 57.075352] kasan_report+0xdc/0x128 [ 57.075370] __asan_report_load8_noabort+0x20/0x30 [ 57.075386] kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 57.075408] kasan_bitops_generic+0x11c/0x1c8 [ 57.075427] kunit_try_run_case+0x170/0x3f0 [ 57.075446] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.075468] kthread+0x328/0x630 [ 57.075481] ret_from_fork+0x10/0x20 [ 57.075498] [ 57.147496] Allocated by task 370: [ 57.150954] kasan_save_stack+0x3c/0x68 [ 57.154856] kasan_save_track+0x20/0x40 [ 57.158756] kasan_save_alloc_info+0x40/0x58 [ 57.163097] __kasan_kmalloc+0xd4/0xd8 [ 57.166907] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.171510] kasan_bitops_generic+0xa0/0x1c8 [ 57.175855] kunit_try_run_case+0x170/0x3f0 [ 57.180110] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.185674] kthread+0x328/0x630 [ 57.188961] ret_from_fork+0x10/0x20 [ 57.192598] [ 57.194122] The buggy address belongs to the object at ffff000098190200 [ 57.194122] which belongs to the cache kmalloc-16 of size 16 [ 57.206606] The buggy address is located 8 bytes inside of [ 57.206606] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 57.219004] [ 57.220528] The buggy address belongs to the physical page: [ 57.226178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 57.234276] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 57.240886] page_type: f5(slab) [ 57.244087] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 57.251925] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 57.259762] page dumped because: kasan: bad access detected [ 57.265410] [ 57.266933] Memory state around the buggy address: [ 57.271791] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.279105] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 57.286421] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.293733] ^ [ 57.297278] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.304592] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.311906] ================================================================== [ 58.403814] ================================================================== [ 58.411129] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 58.420195] Write of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 58.427686] [ 58.429212] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 58.429239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.429248] Hardware name: Thundercomm Dragonboard 845c (DT) [ 58.429258] Call trace: [ 58.429264] show_stack+0x20/0x38 (C) [ 58.429282] dump_stack_lvl+0x8c/0xd0 [ 58.429301] print_report+0x118/0x608 [ 58.429320] kasan_report+0xdc/0x128 [ 58.429337] kasan_check_range+0x100/0x1a8 [ 58.429357] __kasan_check_write+0x20/0x30 [ 58.429373] kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 58.429395] kasan_bitops_generic+0x11c/0x1c8 [ 58.429413] kunit_try_run_case+0x170/0x3f0 [ 58.429431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.429452] kthread+0x328/0x630 [ 58.429466] ret_from_fork+0x10/0x20 [ 58.429485] [ 58.504918] Allocated by task 370: [ 58.508375] kasan_save_stack+0x3c/0x68 [ 58.512274] kasan_save_track+0x20/0x40 [ 58.516174] kasan_save_alloc_info+0x40/0x58 [ 58.520514] __kasan_kmalloc+0xd4/0xd8 [ 58.524325] __kmalloc_cache_noprof+0x16c/0x3c0 [ 58.528928] kasan_bitops_generic+0xa0/0x1c8 [ 58.533272] kunit_try_run_case+0x170/0x3f0 [ 58.537528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.543100] kthread+0x328/0x630 [ 58.546388] ret_from_fork+0x10/0x20 [ 58.550024] [ 58.551548] The buggy address belongs to the object at ffff000098190200 [ 58.551548] which belongs to the cache kmalloc-16 of size 16 [ 58.564032] The buggy address is located 8 bytes inside of [ 58.564032] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 58.576431] [ 58.577955] The buggy address belongs to the physical page: [ 58.583603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 58.591702] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 58.598313] page_type: f5(slab) [ 58.601514] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 58.609354] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 58.617188] page dumped because: kasan: bad access detected [ 58.622837] [ 58.624361] Memory state around the buggy address: [ 58.629218] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.636533] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.643847] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.651160] ^ [ 58.654706] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.662021] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.669334] ================================================================== [ 58.676712] ================================================================== [ 58.684026] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 58.693094] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 58.700499] [ 58.702026] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 58.702056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.702064] Hardware name: Thundercomm Dragonboard 845c (DT) [ 58.702075] Call trace: [ 58.702081] show_stack+0x20/0x38 (C) [ 58.702098] dump_stack_lvl+0x8c/0xd0 [ 58.702118] print_report+0x118/0x608 [ 58.702137] kasan_report+0xdc/0x128 [ 58.702155] __asan_report_load8_noabort+0x20/0x30 [ 58.702171] kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 58.702193] kasan_bitops_generic+0x11c/0x1c8 [ 58.702211] kunit_try_run_case+0x170/0x3f0 [ 58.702229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.702250] kthread+0x328/0x630 [ 58.702263] ret_from_fork+0x10/0x20 [ 58.702280] [ 58.774303] Allocated by task 370: [ 58.777760] kasan_save_stack+0x3c/0x68 [ 58.781659] kasan_save_track+0x20/0x40 [ 58.785559] kasan_save_alloc_info+0x40/0x58 [ 58.789898] __kasan_kmalloc+0xd4/0xd8 [ 58.793711] __kmalloc_cache_noprof+0x16c/0x3c0 [ 58.798316] kasan_bitops_generic+0xa0/0x1c8 [ 58.802659] kunit_try_run_case+0x170/0x3f0 [ 58.806916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.812476] kthread+0x328/0x630 [ 58.815764] ret_from_fork+0x10/0x20 [ 58.819402] [ 58.820927] The buggy address belongs to the object at ffff000098190200 [ 58.820927] which belongs to the cache kmalloc-16 of size 16 [ 58.833408] The buggy address is located 8 bytes inside of [ 58.833408] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 58.845806] [ 58.847332] The buggy address belongs to the physical page: [ 58.852979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 58.861078] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 58.867688] page_type: f5(slab) [ 58.870891] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 58.878729] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 58.886563] page dumped because: kasan: bad access detected [ 58.892212] [ 58.893737] Memory state around the buggy address: [ 58.898594] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.905909] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 58.913226] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.920539] ^ [ 58.924084] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.931400] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.938711] ================================================================== [ 58.946076] ================================================================== [ 58.953391] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 58.962460] Read of size 8 at addr ffff000098190208 by task kunit_try_catch/370 [ 58.969862] [ 58.971390] CPU: 5 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 58.971419] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.971427] Hardware name: Thundercomm Dragonboard 845c (DT) [ 58.971437] Call trace: [ 58.971444] show_stack+0x20/0x38 (C) [ 58.971462] dump_stack_lvl+0x8c/0xd0 [ 58.971480] print_report+0x118/0x608 [ 58.971499] kasan_report+0xdc/0x128 [ 58.971516] __asan_report_load8_noabort+0x20/0x30 [ 58.971533] kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 58.971555] kasan_bitops_generic+0x11c/0x1c8 [ 58.971572] kunit_try_run_case+0x170/0x3f0 [ 58.971589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 58.971610] kthread+0x328/0x630 [ 58.971623] ret_from_fork+0x10/0x20 [ 58.971640] [ 59.043645] Allocated by task 370: [ 59.047103] kasan_save_stack+0x3c/0x68 [ 59.051003] kasan_save_track+0x20/0x40 [ 59.054901] kasan_save_alloc_info+0x40/0x58 [ 59.059241] __kasan_kmalloc+0xd4/0xd8 [ 59.063053] __kmalloc_cache_noprof+0x16c/0x3c0 [ 59.067656] kasan_bitops_generic+0xa0/0x1c8 [ 59.071998] kunit_try_run_case+0x170/0x3f0 [ 59.076252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 59.081822] kthread+0x328/0x630 [ 59.085108] ret_from_fork+0x10/0x20 [ 59.088744] [ 59.090268] The buggy address belongs to the object at ffff000098190200 [ 59.090268] which belongs to the cache kmalloc-16 of size 16 [ 59.102752] The buggy address is located 8 bytes inside of [ 59.102752] allocated 9-byte region [ffff000098190200, ffff000098190209) [ 59.115149] [ 59.116674] The buggy address belongs to the physical page: [ 59.122323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118190 [ 59.130422] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 59.137031] page_type: f5(slab) [ 59.140233] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 59.148073] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 59.155909] page dumped because: kasan: bad access detected [ 59.161558] [ 59.163082] Memory state around the buggy address: [ 59.167940] ffff000098190100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 59.175256] ffff000098190180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 59.182572] >ffff000098190200: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.189884] ^ [ 59.193429] ffff000098190280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.200743] ffff000098190300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.208057] ==================================================================
[ 33.441756] ================================================================== [ 33.443092] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 33.443153] Read of size 8 at addr fff00000c5a30ce8 by task kunit_try_catch/293 [ 33.443206] [ 33.443399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.444640] kasan_bitops_generic+0x11c/0x1c8 [ 33.446228] kasan_save_track+0x20/0x40 [ 33.447483] [ 33.448573] page_type: f5(slab) [ 33.449445] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.450225] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.451940] ==================================================================
[ 25.433334] ================================================================== [ 25.433772] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434245] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.434496] [ 25.434576] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.434621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.434634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.434655] Call Trace: [ 25.434666] <TASK> [ 25.434680] dump_stack_lvl+0x73/0xb0 [ 25.434707] print_report+0xd1/0x650 [ 25.434728] ? __virt_addr_valid+0x1db/0x2d0 [ 25.434751] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434777] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.434802] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434829] kasan_report+0x141/0x180 [ 25.434850] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434881] kasan_check_range+0x10c/0x1c0 [ 25.434905] __kasan_check_write+0x18/0x20 [ 25.434927] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434954] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.434982] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.435005] ? trace_hardirqs_on+0x37/0xe0 [ 25.435026] ? kasan_bitops_generic+0x92/0x1c0 [ 25.435052] kasan_bitops_generic+0x121/0x1c0 [ 25.435076] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.435100] ? __pfx_read_tsc+0x10/0x10 [ 25.435121] ? ktime_get_ts64+0x86/0x230 [ 25.435145] kunit_try_run_case+0x1a5/0x480 [ 25.435302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.435326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.435347] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.435374] ? __kthread_parkme+0x82/0x180 [ 25.435395] ? preempt_count_sub+0x50/0x80 [ 25.435419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.435444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.435483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.435507] kthread+0x337/0x6f0 [ 25.435527] ? trace_preempt_on+0x20/0xc0 [ 25.435549] ? __pfx_kthread+0x10/0x10 [ 25.435571] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.435593] ? calculate_sigpending+0x7b/0xa0 [ 25.435618] ? __pfx_kthread+0x10/0x10 [ 25.435640] ret_from_fork+0x116/0x1d0 [ 25.435659] ? __pfx_kthread+0x10/0x10 [ 25.435681] ret_from_fork_asm+0x1a/0x30 [ 25.435711] </TASK> [ 25.435722] [ 25.444100] Allocated by task 310: [ 25.444223] kasan_save_stack+0x45/0x70 [ 25.444364] kasan_save_track+0x18/0x40 [ 25.444685] kasan_save_alloc_info+0x3b/0x50 [ 25.444891] __kasan_kmalloc+0xb7/0xc0 [ 25.445074] __kmalloc_cache_noprof+0x189/0x420 [ 25.445285] kasan_bitops_generic+0x92/0x1c0 [ 25.445512] kunit_try_run_case+0x1a5/0x480 [ 25.445719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.445979] kthread+0x337/0x6f0 [ 25.446145] ret_from_fork+0x116/0x1d0 [ 25.446328] ret_from_fork_asm+0x1a/0x30 [ 25.447737] [ 25.448142] The buggy address belongs to the object at ffff888104b06e60 [ 25.448142] which belongs to the cache kmalloc-16 of size 16 [ 25.449575] The buggy address is located 8 bytes inside of [ 25.449575] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.450911] [ 25.451220] The buggy address belongs to the physical page: [ 25.451832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.452630] flags: 0x200000000000000(node=0|zone=2) [ 25.452811] page_type: f5(slab) [ 25.452930] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.453162] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.453386] page dumped because: kasan: bad access detected [ 25.453708] [ 25.453879] Memory state around the buggy address: [ 25.454092] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.455010] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.455502] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.456104] ^ [ 25.456511] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.456731] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.456940] ================================================================== [ 25.373361] ================================================================== [ 25.373747] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.374033] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.374686] [ 25.374807] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.374853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.374866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.374886] Call Trace: [ 25.374900] <TASK> [ 25.374916] dump_stack_lvl+0x73/0xb0 [ 25.374943] print_report+0xd1/0x650 [ 25.374965] ? __virt_addr_valid+0x1db/0x2d0 [ 25.374989] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375015] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.375041] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375068] kasan_report+0x141/0x180 [ 25.375089] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375121] kasan_check_range+0x10c/0x1c0 [ 25.375144] __kasan_check_write+0x18/0x20 [ 25.375167] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375194] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.375222] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.375245] ? trace_hardirqs_on+0x37/0xe0 [ 25.375265] ? kasan_bitops_generic+0x92/0x1c0 [ 25.375293] kasan_bitops_generic+0x121/0x1c0 [ 25.375316] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.375340] ? __pfx_read_tsc+0x10/0x10 [ 25.375362] ? ktime_get_ts64+0x86/0x230 [ 25.375385] kunit_try_run_case+0x1a5/0x480 [ 25.375410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.375434] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.375469] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.375496] ? __kthread_parkme+0x82/0x180 [ 25.375516] ? preempt_count_sub+0x50/0x80 [ 25.375539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.375564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.375588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.375677] kthread+0x337/0x6f0 [ 25.375703] ? trace_preempt_on+0x20/0xc0 [ 25.375726] ? __pfx_kthread+0x10/0x10 [ 25.375747] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.375771] ? calculate_sigpending+0x7b/0xa0 [ 25.375795] ? __pfx_kthread+0x10/0x10 [ 25.375817] ret_from_fork+0x116/0x1d0 [ 25.375836] ? __pfx_kthread+0x10/0x10 [ 25.375857] ret_from_fork_asm+0x1a/0x30 [ 25.375887] </TASK> [ 25.375899] [ 25.385729] Allocated by task 310: [ 25.385913] kasan_save_stack+0x45/0x70 [ 25.386074] kasan_save_track+0x18/0x40 [ 25.386300] kasan_save_alloc_info+0x3b/0x50 [ 25.386514] __kasan_kmalloc+0xb7/0xc0 [ 25.386685] __kmalloc_cache_noprof+0x189/0x420 [ 25.386885] kasan_bitops_generic+0x92/0x1c0 [ 25.387065] kunit_try_run_case+0x1a5/0x480 [ 25.387266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.387502] kthread+0x337/0x6f0 [ 25.387641] ret_from_fork+0x116/0x1d0 [ 25.387803] ret_from_fork_asm+0x1a/0x30 [ 25.387970] [ 25.388050] The buggy address belongs to the object at ffff888104b06e60 [ 25.388050] which belongs to the cache kmalloc-16 of size 16 [ 25.388487] The buggy address is located 8 bytes inside of [ 25.388487] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.388881] [ 25.388968] The buggy address belongs to the physical page: [ 25.389207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.389560] flags: 0x200000000000000(node=0|zone=2) [ 25.390067] page_type: f5(slab) [ 25.390426] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.390720] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.390999] page dumped because: kasan: bad access detected [ 25.391390] [ 25.391484] Memory state around the buggy address: [ 25.391687] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.391955] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.392261] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.392520] ^ [ 25.392785] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.393047] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.393353] ================================================================== [ 25.354357] ================================================================== [ 25.354702] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355003] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.355414] [ 25.355505] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.355549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.355561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.355582] Call Trace: [ 25.355595] <TASK> [ 25.355610] dump_stack_lvl+0x73/0xb0 [ 25.355636] print_report+0xd1/0x650 [ 25.355657] ? __virt_addr_valid+0x1db/0x2d0 [ 25.355679] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355705] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.355730] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355757] kasan_report+0x141/0x180 [ 25.355778] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355809] kasan_check_range+0x10c/0x1c0 [ 25.355832] __kasan_check_write+0x18/0x20 [ 25.355854] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355882] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.355909] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.355932] ? trace_hardirqs_on+0x37/0xe0 [ 25.355952] ? kasan_bitops_generic+0x92/0x1c0 [ 25.355979] kasan_bitops_generic+0x121/0x1c0 [ 25.356001] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.356026] ? __pfx_read_tsc+0x10/0x10 [ 25.356047] ? ktime_get_ts64+0x86/0x230 [ 25.356070] kunit_try_run_case+0x1a5/0x480 [ 25.356095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.356139] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.356164] ? __kthread_parkme+0x82/0x180 [ 25.356185] ? preempt_count_sub+0x50/0x80 [ 25.356208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.356256] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.356280] kthread+0x337/0x6f0 [ 25.356299] ? trace_preempt_on+0x20/0xc0 [ 25.356321] ? __pfx_kthread+0x10/0x10 [ 25.356342] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.356365] ? calculate_sigpending+0x7b/0xa0 [ 25.356389] ? __pfx_kthread+0x10/0x10 [ 25.356411] ret_from_fork+0x116/0x1d0 [ 25.356430] ? __pfx_kthread+0x10/0x10 [ 25.356450] ret_from_fork_asm+0x1a/0x30 [ 25.356491] </TASK> [ 25.356502] [ 25.364982] Allocated by task 310: [ 25.365156] kasan_save_stack+0x45/0x70 [ 25.365352] kasan_save_track+0x18/0x40 [ 25.365544] kasan_save_alloc_info+0x3b/0x50 [ 25.365746] __kasan_kmalloc+0xb7/0xc0 [ 25.366254] __kmalloc_cache_noprof+0x189/0x420 [ 25.366496] kasan_bitops_generic+0x92/0x1c0 [ 25.366643] kunit_try_run_case+0x1a5/0x480 [ 25.366784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.366951] kthread+0x337/0x6f0 [ 25.367108] ret_from_fork+0x116/0x1d0 [ 25.367554] ret_from_fork_asm+0x1a/0x30 [ 25.367763] [ 25.367853] The buggy address belongs to the object at ffff888104b06e60 [ 25.367853] which belongs to the cache kmalloc-16 of size 16 [ 25.368623] The buggy address is located 8 bytes inside of [ 25.368623] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.369080] [ 25.369156] The buggy address belongs to the physical page: [ 25.369474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.369782] flags: 0x200000000000000(node=0|zone=2) [ 25.369982] page_type: f5(slab) [ 25.370148] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.370620] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.370902] page dumped because: kasan: bad access detected [ 25.371066] [ 25.371215] Memory state around the buggy address: [ 25.371443] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.371736] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.371945] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.372151] ^ [ 25.372344] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.372617] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.372924] ================================================================== [ 25.488530] ================================================================== [ 25.488892] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.489490] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.489795] [ 25.489907] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.489963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.489975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.489996] Call Trace: [ 25.490014] <TASK> [ 25.490040] dump_stack_lvl+0x73/0xb0 [ 25.490069] print_report+0xd1/0x650 [ 25.490091] ? __virt_addr_valid+0x1db/0x2d0 [ 25.490114] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.490178] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490219] kasan_report+0x141/0x180 [ 25.490245] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490279] kasan_check_range+0x10c/0x1c0 [ 25.490303] __kasan_check_write+0x18/0x20 [ 25.490327] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490354] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.490382] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.490494] ? trace_hardirqs_on+0x37/0xe0 [ 25.490517] ? kasan_bitops_generic+0x92/0x1c0 [ 25.490546] kasan_bitops_generic+0x121/0x1c0 [ 25.490570] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.490594] ? __pfx_read_tsc+0x10/0x10 [ 25.490616] ? ktime_get_ts64+0x86/0x230 [ 25.490641] kunit_try_run_case+0x1a5/0x480 [ 25.490667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.490690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.490712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.490738] ? __kthread_parkme+0x82/0x180 [ 25.490759] ? preempt_count_sub+0x50/0x80 [ 25.490782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.490807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.490831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.490855] kthread+0x337/0x6f0 [ 25.490885] ? trace_preempt_on+0x20/0xc0 [ 25.490907] ? __pfx_kthread+0x10/0x10 [ 25.490928] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.490962] ? calculate_sigpending+0x7b/0xa0 [ 25.490987] ? __pfx_kthread+0x10/0x10 [ 25.491009] ret_from_fork+0x116/0x1d0 [ 25.491028] ? __pfx_kthread+0x10/0x10 [ 25.491050] ret_from_fork_asm+0x1a/0x30 [ 25.491082] </TASK> [ 25.491093] [ 25.506207] Allocated by task 310: [ 25.506344] kasan_save_stack+0x45/0x70 [ 25.506614] kasan_save_track+0x18/0x40 [ 25.506891] kasan_save_alloc_info+0x3b/0x50 [ 25.507100] __kasan_kmalloc+0xb7/0xc0 [ 25.507287] __kmalloc_cache_noprof+0x189/0x420 [ 25.507470] kasan_bitops_generic+0x92/0x1c0 [ 25.507778] kunit_try_run_case+0x1a5/0x480 [ 25.508013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.508471] kthread+0x337/0x6f0 [ 25.508684] ret_from_fork+0x116/0x1d0 [ 25.508838] ret_from_fork_asm+0x1a/0x30 [ 25.508971] [ 25.509038] The buggy address belongs to the object at ffff888104b06e60 [ 25.509038] which belongs to the cache kmalloc-16 of size 16 [ 25.509632] The buggy address is located 8 bytes inside of [ 25.509632] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.510152] [ 25.510243] The buggy address belongs to the physical page: [ 25.510477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.510781] flags: 0x200000000000000(node=0|zone=2) [ 25.511000] page_type: f5(slab) [ 25.511143] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.511443] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.511913] page dumped because: kasan: bad access detected [ 25.512087] [ 25.512379] Memory state around the buggy address: [ 25.512620] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.512935] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.513341] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.513676] ^ [ 25.513955] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.514366] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.514672] ================================================================== [ 25.414228] ================================================================== [ 25.414586] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.414939] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.415482] [ 25.415572] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.415618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.415630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.415650] Call Trace: [ 25.415666] <TASK> [ 25.415681] dump_stack_lvl+0x73/0xb0 [ 25.415710] print_report+0xd1/0x650 [ 25.415732] ? __virt_addr_valid+0x1db/0x2d0 [ 25.415754] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.415806] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415833] kasan_report+0x141/0x180 [ 25.415855] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415887] kasan_check_range+0x10c/0x1c0 [ 25.415910] __kasan_check_write+0x18/0x20 [ 25.415933] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415960] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.415987] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.416011] ? trace_hardirqs_on+0x37/0xe0 [ 25.416032] ? kasan_bitops_generic+0x92/0x1c0 [ 25.416059] kasan_bitops_generic+0x121/0x1c0 [ 25.416082] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.416107] ? __pfx_read_tsc+0x10/0x10 [ 25.416128] ? ktime_get_ts64+0x86/0x230 [ 25.416420] kunit_try_run_case+0x1a5/0x480 [ 25.416448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416486] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.416508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.416534] ? __kthread_parkme+0x82/0x180 [ 25.416555] ? preempt_count_sub+0x50/0x80 [ 25.416580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.416629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.416653] kthread+0x337/0x6f0 [ 25.416673] ? trace_preempt_on+0x20/0xc0 [ 25.416695] ? __pfx_kthread+0x10/0x10 [ 25.416716] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.416740] ? calculate_sigpending+0x7b/0xa0 [ 25.416765] ? __pfx_kthread+0x10/0x10 [ 25.416787] ret_from_fork+0x116/0x1d0 [ 25.416806] ? __pfx_kthread+0x10/0x10 [ 25.416827] ret_from_fork_asm+0x1a/0x30 [ 25.416857] </TASK> [ 25.416869] [ 25.425098] Allocated by task 310: [ 25.425335] kasan_save_stack+0x45/0x70 [ 25.425516] kasan_save_track+0x18/0x40 [ 25.425694] kasan_save_alloc_info+0x3b/0x50 [ 25.425899] __kasan_kmalloc+0xb7/0xc0 [ 25.426074] __kmalloc_cache_noprof+0x189/0x420 [ 25.426394] kasan_bitops_generic+0x92/0x1c0 [ 25.426573] kunit_try_run_case+0x1a5/0x480 [ 25.426752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.426920] kthread+0x337/0x6f0 [ 25.427040] ret_from_fork+0x116/0x1d0 [ 25.427263] ret_from_fork_asm+0x1a/0x30 [ 25.427728] [ 25.427834] The buggy address belongs to the object at ffff888104b06e60 [ 25.427834] which belongs to the cache kmalloc-16 of size 16 [ 25.428272] The buggy address is located 8 bytes inside of [ 25.428272] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.428623] [ 25.428688] The buggy address belongs to the physical page: [ 25.428872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.429213] flags: 0x200000000000000(node=0|zone=2) [ 25.429430] page_type: f5(slab) [ 25.429690] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.430042] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.430309] page dumped because: kasan: bad access detected [ 25.430484] [ 25.430547] Memory state around the buggy address: [ 25.430692] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.430898] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.431103] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.431920] ^ [ 25.432227] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.432561] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.432876] ================================================================== [ 25.393758] ================================================================== [ 25.394056] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.394493] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.395372] [ 25.395642] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.395692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.395705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.395727] Call Trace: [ 25.395740] <TASK> [ 25.395754] dump_stack_lvl+0x73/0xb0 [ 25.395782] print_report+0xd1/0x650 [ 25.395804] ? __virt_addr_valid+0x1db/0x2d0 [ 25.395826] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.395853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.395878] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.395905] kasan_report+0x141/0x180 [ 25.395928] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.396346] kasan_check_range+0x10c/0x1c0 [ 25.396379] __kasan_check_write+0x18/0x20 [ 25.396403] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.396430] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.396537] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.396562] ? trace_hardirqs_on+0x37/0xe0 [ 25.396638] ? kasan_bitops_generic+0x92/0x1c0 [ 25.396713] kasan_bitops_generic+0x121/0x1c0 [ 25.396739] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.396765] ? __pfx_read_tsc+0x10/0x10 [ 25.396836] ? ktime_get_ts64+0x86/0x230 [ 25.396861] kunit_try_run_case+0x1a5/0x480 [ 25.396886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.396910] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.396931] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.396958] ? __kthread_parkme+0x82/0x180 [ 25.396979] ? preempt_count_sub+0x50/0x80 [ 25.397002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.397027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.397051] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.397076] kthread+0x337/0x6f0 [ 25.397099] ? trace_preempt_on+0x20/0xc0 [ 25.397125] ? __pfx_kthread+0x10/0x10 [ 25.397151] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.397177] ? calculate_sigpending+0x7b/0xa0 [ 25.397201] ? __pfx_kthread+0x10/0x10 [ 25.397247] ret_from_fork+0x116/0x1d0 [ 25.397275] ? __pfx_kthread+0x10/0x10 [ 25.397297] ret_from_fork_asm+0x1a/0x30 [ 25.397328] </TASK> [ 25.397340] [ 25.406124] Allocated by task 310: [ 25.406300] kasan_save_stack+0x45/0x70 [ 25.406517] kasan_save_track+0x18/0x40 [ 25.406697] kasan_save_alloc_info+0x3b/0x50 [ 25.406865] __kasan_kmalloc+0xb7/0xc0 [ 25.406994] __kmalloc_cache_noprof+0x189/0x420 [ 25.407221] kasan_bitops_generic+0x92/0x1c0 [ 25.407427] kunit_try_run_case+0x1a5/0x480 [ 25.407632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.407829] kthread+0x337/0x6f0 [ 25.407989] ret_from_fork+0x116/0x1d0 [ 25.408141] ret_from_fork_asm+0x1a/0x30 [ 25.408407] [ 25.408500] The buggy address belongs to the object at ffff888104b06e60 [ 25.408500] which belongs to the cache kmalloc-16 of size 16 [ 25.409084] The buggy address is located 8 bytes inside of [ 25.409084] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.409516] [ 25.409585] The buggy address belongs to the physical page: [ 25.409750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.409989] flags: 0x200000000000000(node=0|zone=2) [ 25.410207] page_type: f5(slab) [ 25.410367] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.410871] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.411147] page dumped because: kasan: bad access detected [ 25.411308] [ 25.411370] Memory state around the buggy address: [ 25.411806] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.412133] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.412521] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.412805] ^ [ 25.412999] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.413330] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.413665] ================================================================== [ 25.537556] ================================================================== [ 25.537885] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.538390] Read of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.538717] [ 25.538816] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.538863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.538876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.538897] Call Trace: [ 25.538910] <TASK> [ 25.538925] dump_stack_lvl+0x73/0xb0 [ 25.538962] print_report+0xd1/0x650 [ 25.538985] ? __virt_addr_valid+0x1db/0x2d0 [ 25.539007] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539045] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.539072] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539099] kasan_report+0x141/0x180 [ 25.539121] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539265] __asan_report_load8_noabort+0x18/0x20 [ 25.539302] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539330] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.539370] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.539394] ? trace_hardirqs_on+0x37/0xe0 [ 25.539415] ? kasan_bitops_generic+0x92/0x1c0 [ 25.539443] kasan_bitops_generic+0x121/0x1c0 [ 25.539483] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.539508] ? __pfx_read_tsc+0x10/0x10 [ 25.539540] ? ktime_get_ts64+0x86/0x230 [ 25.539564] kunit_try_run_case+0x1a5/0x480 [ 25.539589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.539612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.539642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.539669] ? __kthread_parkme+0x82/0x180 [ 25.539690] ? preempt_count_sub+0x50/0x80 [ 25.539724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.539748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.539773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.539798] kthread+0x337/0x6f0 [ 25.539818] ? trace_preempt_on+0x20/0xc0 [ 25.539840] ? __pfx_kthread+0x10/0x10 [ 25.539862] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.539885] ? calculate_sigpending+0x7b/0xa0 [ 25.539909] ? __pfx_kthread+0x10/0x10 [ 25.539940] ret_from_fork+0x116/0x1d0 [ 25.539960] ? __pfx_kthread+0x10/0x10 [ 25.539981] ret_from_fork_asm+0x1a/0x30 [ 25.540023] </TASK> [ 25.540035] [ 25.548635] Allocated by task 310: [ 25.548839] kasan_save_stack+0x45/0x70 [ 25.549024] kasan_save_track+0x18/0x40 [ 25.549308] kasan_save_alloc_info+0x3b/0x50 [ 25.549508] __kasan_kmalloc+0xb7/0xc0 [ 25.549703] __kmalloc_cache_noprof+0x189/0x420 [ 25.549926] kasan_bitops_generic+0x92/0x1c0 [ 25.550120] kunit_try_run_case+0x1a5/0x480 [ 25.550476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.550756] kthread+0x337/0x6f0 [ 25.550920] ret_from_fork+0x116/0x1d0 [ 25.551099] ret_from_fork_asm+0x1a/0x30 [ 25.551406] [ 25.551523] The buggy address belongs to the object at ffff888104b06e60 [ 25.551523] which belongs to the cache kmalloc-16 of size 16 [ 25.552056] The buggy address is located 8 bytes inside of [ 25.552056] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.552583] [ 25.552686] The buggy address belongs to the physical page: [ 25.552963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.553383] flags: 0x200000000000000(node=0|zone=2) [ 25.553557] page_type: f5(slab) [ 25.553720] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.554079] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.554592] page dumped because: kasan: bad access detected [ 25.554833] [ 25.554900] Memory state around the buggy address: [ 25.555097] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.555528] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.555834] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.556252] ^ [ 25.556550] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.556847] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.557231] ================================================================== [ 25.516261] ================================================================== [ 25.516576] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.517470] Read of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.517764] [ 25.517872] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.517918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.517930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.517951] Call Trace: [ 25.517963] <TASK> [ 25.517988] dump_stack_lvl+0x73/0xb0 [ 25.518016] print_report+0xd1/0x650 [ 25.518038] ? __virt_addr_valid+0x1db/0x2d0 [ 25.518075] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518102] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.518216] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518249] kasan_report+0x141/0x180 [ 25.518272] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518304] kasan_check_range+0x10c/0x1c0 [ 25.518327] __kasan_check_read+0x15/0x20 [ 25.518351] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518378] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.518406] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.518429] ? trace_hardirqs_on+0x37/0xe0 [ 25.518450] ? kasan_bitops_generic+0x92/0x1c0 [ 25.518488] kasan_bitops_generic+0x121/0x1c0 [ 25.518511] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.518536] ? __pfx_read_tsc+0x10/0x10 [ 25.518557] ? ktime_get_ts64+0x86/0x230 [ 25.518581] kunit_try_run_case+0x1a5/0x480 [ 25.518605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.518628] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.518651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.518678] ? __kthread_parkme+0x82/0x180 [ 25.518698] ? preempt_count_sub+0x50/0x80 [ 25.518722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.518746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.518771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.518796] kthread+0x337/0x6f0 [ 25.518816] ? trace_preempt_on+0x20/0xc0 [ 25.518838] ? __pfx_kthread+0x10/0x10 [ 25.518859] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.518884] ? calculate_sigpending+0x7b/0xa0 [ 25.518908] ? __pfx_kthread+0x10/0x10 [ 25.518931] ret_from_fork+0x116/0x1d0 [ 25.518950] ? __pfx_kthread+0x10/0x10 [ 25.518971] ret_from_fork_asm+0x1a/0x30 [ 25.519002] </TASK> [ 25.519013] [ 25.527998] Allocated by task 310: [ 25.528419] kasan_save_stack+0x45/0x70 [ 25.528635] kasan_save_track+0x18/0x40 [ 25.528823] kasan_save_alloc_info+0x3b/0x50 [ 25.529028] __kasan_kmalloc+0xb7/0xc0 [ 25.529369] __kmalloc_cache_noprof+0x189/0x420 [ 25.529595] kasan_bitops_generic+0x92/0x1c0 [ 25.529806] kunit_try_run_case+0x1a5/0x480 [ 25.530025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.530363] kthread+0x337/0x6f0 [ 25.530500] ret_from_fork+0x116/0x1d0 [ 25.530627] ret_from_fork_asm+0x1a/0x30 [ 25.530803] [ 25.530890] The buggy address belongs to the object at ffff888104b06e60 [ 25.530890] which belongs to the cache kmalloc-16 of size 16 [ 25.531538] The buggy address is located 8 bytes inside of [ 25.531538] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.531956] [ 25.532047] The buggy address belongs to the physical page: [ 25.532524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.532877] flags: 0x200000000000000(node=0|zone=2) [ 25.533091] page_type: f5(slab) [ 25.533406] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.533751] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.534067] page dumped because: kasan: bad access detected [ 25.534412] [ 25.534520] Memory state around the buggy address: [ 25.534751] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.534998] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.535393] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.535773] ^ [ 25.536065] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.536591] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.536933] ================================================================== [ 25.457353] ================================================================== [ 25.458020] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.459163] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.459952] [ 25.460127] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.460261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.460276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.460297] Call Trace: [ 25.460311] <TASK> [ 25.460327] dump_stack_lvl+0x73/0xb0 [ 25.460355] print_report+0xd1/0x650 [ 25.460378] ? __virt_addr_valid+0x1db/0x2d0 [ 25.460412] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.460486] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460512] kasan_report+0x141/0x180 [ 25.460534] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460567] kasan_check_range+0x10c/0x1c0 [ 25.460589] __kasan_check_write+0x18/0x20 [ 25.460613] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460640] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.460668] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.460691] ? trace_hardirqs_on+0x37/0xe0 [ 25.460713] ? kasan_bitops_generic+0x92/0x1c0 [ 25.460739] kasan_bitops_generic+0x121/0x1c0 [ 25.460762] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.460786] ? __pfx_read_tsc+0x10/0x10 [ 25.460808] ? ktime_get_ts64+0x86/0x230 [ 25.460832] kunit_try_run_case+0x1a5/0x480 [ 25.460856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.460901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.460927] ? __kthread_parkme+0x82/0x180 [ 25.460947] ? preempt_count_sub+0x50/0x80 [ 25.460970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.461018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.461042] kthread+0x337/0x6f0 [ 25.461061] ? trace_preempt_on+0x20/0xc0 [ 25.461083] ? __pfx_kthread+0x10/0x10 [ 25.461104] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.461128] ? calculate_sigpending+0x7b/0xa0 [ 25.461152] ? __pfx_kthread+0x10/0x10 [ 25.461233] ret_from_fork+0x116/0x1d0 [ 25.461253] ? __pfx_kthread+0x10/0x10 [ 25.461274] ret_from_fork_asm+0x1a/0x30 [ 25.461308] </TASK> [ 25.461319] [ 25.476723] Allocated by task 310: [ 25.476848] kasan_save_stack+0x45/0x70 [ 25.476993] kasan_save_track+0x18/0x40 [ 25.477122] kasan_save_alloc_info+0x3b/0x50 [ 25.477477] __kasan_kmalloc+0xb7/0xc0 [ 25.477941] __kmalloc_cache_noprof+0x189/0x420 [ 25.478374] kasan_bitops_generic+0x92/0x1c0 [ 25.478909] kunit_try_run_case+0x1a5/0x480 [ 25.479363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.480015] kthread+0x337/0x6f0 [ 25.480377] ret_from_fork+0x116/0x1d0 [ 25.480838] ret_from_fork_asm+0x1a/0x30 [ 25.481275] [ 25.481555] The buggy address belongs to the object at ffff888104b06e60 [ 25.481555] which belongs to the cache kmalloc-16 of size 16 [ 25.482729] The buggy address is located 8 bytes inside of [ 25.482729] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.483639] [ 25.483719] The buggy address belongs to the physical page: [ 25.483890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.484127] flags: 0x200000000000000(node=0|zone=2) [ 25.484289] page_type: f5(slab) [ 25.484543] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.484897] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.485150] page dumped because: kasan: bad access detected [ 25.485538] [ 25.485627] Memory state around the buggy address: [ 25.485779] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.486088] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.486537] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.486899] ^ [ 25.487104] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.487381] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.487690] ==================================================================