Date
July 4, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 27.251428] ================================================================== [ 27.251770] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.252197] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.252626] [ 27.252755] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.252811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.252825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.252850] Call Trace: [ 27.252871] <TASK> [ 27.252893] dump_stack_lvl+0x73/0xb0 [ 27.252924] print_report+0xd1/0x650 [ 27.252949] ? __virt_addr_valid+0x1db/0x2d0 [ 27.252975] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253002] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.253029] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253056] kasan_report+0x141/0x180 [ 27.253079] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253111] kasan_check_range+0x10c/0x1c0 [ 27.253136] __kasan_check_write+0x18/0x20 [ 27.253161] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253188] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.253216] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.253243] ? kasan_bitops_generic+0x92/0x1c0 [ 27.253272] kasan_bitops_generic+0x116/0x1c0 [ 27.253297] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.253323] ? __pfx_read_tsc+0x10/0x10 [ 27.253346] ? ktime_get_ts64+0x86/0x230 [ 27.253373] kunit_try_run_case+0x1a5/0x480 [ 27.253412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.253437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.253464] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.253490] ? __kthread_parkme+0x82/0x180 [ 27.253513] ? preempt_count_sub+0x50/0x80 [ 27.253539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.253567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.253592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.253619] kthread+0x337/0x6f0 [ 27.253639] ? trace_preempt_on+0x20/0xc0 [ 27.253665] ? __pfx_kthread+0x10/0x10 [ 27.253687] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.253711] ? calculate_sigpending+0x7b/0xa0 [ 27.253737] ? __pfx_kthread+0x10/0x10 [ 27.253761] ret_from_fork+0x116/0x1d0 [ 27.253781] ? __pfx_kthread+0x10/0x10 [ 27.253804] ret_from_fork_asm+0x1a/0x30 [ 27.253837] </TASK> [ 27.253850] [ 27.262535] Allocated by task 310: [ 27.262683] kasan_save_stack+0x45/0x70 [ 27.262834] kasan_save_track+0x18/0x40 [ 27.262995] kasan_save_alloc_info+0x3b/0x50 [ 27.263212] __kasan_kmalloc+0xb7/0xc0 [ 27.263484] __kmalloc_cache_noprof+0x189/0x420 [ 27.263808] kasan_bitops_generic+0x92/0x1c0 [ 27.264042] kunit_try_run_case+0x1a5/0x480 [ 27.264208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.264484] kthread+0x337/0x6f0 [ 27.264642] ret_from_fork+0x116/0x1d0 [ 27.264828] ret_from_fork_asm+0x1a/0x30 [ 27.265103] [ 27.265239] The buggy address belongs to the object at ffff88810527f2e0 [ 27.265239] which belongs to the cache kmalloc-16 of size 16 [ 27.266011] The buggy address is located 8 bytes inside of [ 27.266011] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.266543] [ 27.266624] The buggy address belongs to the physical page: [ 27.266806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.267144] flags: 0x200000000000000(node=0|zone=2) [ 27.267387] page_type: f5(slab) [ 27.267738] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.268011] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.268256] page dumped because: kasan: bad access detected [ 27.268446] [ 27.268515] Memory state around the buggy address: [ 27.268766] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.269368] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.269960] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.270502] ^ [ 27.270776] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.271071] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.271571] ================================================================== [ 27.292504] ================================================================== [ 27.292871] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.293371] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.293714] [ 27.293835] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.293889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.293903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.293949] Call Trace: [ 27.293969] <TASK> [ 27.293990] dump_stack_lvl+0x73/0xb0 [ 27.294019] print_report+0xd1/0x650 [ 27.294043] ? __virt_addr_valid+0x1db/0x2d0 [ 27.294070] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.294125] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294368] kasan_report+0x141/0x180 [ 27.294408] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294441] kasan_check_range+0x10c/0x1c0 [ 27.294468] __kasan_check_write+0x18/0x20 [ 27.294493] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294521] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.294550] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.294576] ? kasan_bitops_generic+0x92/0x1c0 [ 27.294606] kasan_bitops_generic+0x116/0x1c0 [ 27.294632] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.294658] ? __pfx_read_tsc+0x10/0x10 [ 27.294682] ? ktime_get_ts64+0x86/0x230 [ 27.294709] kunit_try_run_case+0x1a5/0x480 [ 27.294737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.294762] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.294789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.294816] ? __kthread_parkme+0x82/0x180 [ 27.294838] ? preempt_count_sub+0x50/0x80 [ 27.294865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.294895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.294924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.294950] kthread+0x337/0x6f0 [ 27.294971] ? trace_preempt_on+0x20/0xc0 [ 27.294998] ? __pfx_kthread+0x10/0x10 [ 27.295021] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.295069] ? calculate_sigpending+0x7b/0xa0 [ 27.295096] ? __pfx_kthread+0x10/0x10 [ 27.295119] ret_from_fork+0x116/0x1d0 [ 27.295215] ? __pfx_kthread+0x10/0x10 [ 27.295241] ret_from_fork_asm+0x1a/0x30 [ 27.295277] </TASK> [ 27.295290] [ 27.303850] Allocated by task 310: [ 27.304027] kasan_save_stack+0x45/0x70 [ 27.304346] kasan_save_track+0x18/0x40 [ 27.304539] kasan_save_alloc_info+0x3b/0x50 [ 27.304695] __kasan_kmalloc+0xb7/0xc0 [ 27.304832] __kmalloc_cache_noprof+0x189/0x420 [ 27.305092] kasan_bitops_generic+0x92/0x1c0 [ 27.305383] kunit_try_run_case+0x1a5/0x480 [ 27.305615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.305876] kthread+0x337/0x6f0 [ 27.306064] ret_from_fork+0x116/0x1d0 [ 27.306314] ret_from_fork_asm+0x1a/0x30 [ 27.306543] [ 27.306641] The buggy address belongs to the object at ffff88810527f2e0 [ 27.306641] which belongs to the cache kmalloc-16 of size 16 [ 27.307114] The buggy address is located 8 bytes inside of [ 27.307114] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.307616] [ 27.307710] The buggy address belongs to the physical page: [ 27.307934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.308257] flags: 0x200000000000000(node=0|zone=2) [ 27.308445] page_type: f5(slab) [ 27.308572] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.308810] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.309082] page dumped because: kasan: bad access detected [ 27.309575] [ 27.309678] Memory state around the buggy address: [ 27.309935] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.310333] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.310677] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.311003] ^ [ 27.311342] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.311590] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.311804] ================================================================== [ 27.331513] ================================================================== [ 27.331849] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.332497] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.332834] [ 27.332949] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.333003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.333016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.333040] Call Trace: [ 27.333061] <TASK> [ 27.333083] dump_stack_lvl+0x73/0xb0 [ 27.333208] print_report+0xd1/0x650 [ 27.333238] ? __virt_addr_valid+0x1db/0x2d0 [ 27.333263] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333289] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.333317] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333343] kasan_report+0x141/0x180 [ 27.333366] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333406] kasan_check_range+0x10c/0x1c0 [ 27.333431] __kasan_check_write+0x18/0x20 [ 27.333455] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333480] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.333507] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.333534] ? kasan_bitops_generic+0x92/0x1c0 [ 27.333562] kasan_bitops_generic+0x116/0x1c0 [ 27.333585] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.333610] ? __pfx_read_tsc+0x10/0x10 [ 27.333632] ? ktime_get_ts64+0x86/0x230 [ 27.333659] kunit_try_run_case+0x1a5/0x480 [ 27.333685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.333737] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.333764] ? __kthread_parkme+0x82/0x180 [ 27.333785] ? preempt_count_sub+0x50/0x80 [ 27.333810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.333861] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.333887] kthread+0x337/0x6f0 [ 27.333908] ? trace_preempt_on+0x20/0xc0 [ 27.333953] ? __pfx_kthread+0x10/0x10 [ 27.333975] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.333998] ? calculate_sigpending+0x7b/0xa0 [ 27.334023] ? __pfx_kthread+0x10/0x10 [ 27.334045] ret_from_fork+0x116/0x1d0 [ 27.334066] ? __pfx_kthread+0x10/0x10 [ 27.334088] ret_from_fork_asm+0x1a/0x30 [ 27.334121] </TASK> [ 27.334193] [ 27.342547] Allocated by task 310: [ 27.342755] kasan_save_stack+0x45/0x70 [ 27.342969] kasan_save_track+0x18/0x40 [ 27.343234] kasan_save_alloc_info+0x3b/0x50 [ 27.343436] __kasan_kmalloc+0xb7/0xc0 [ 27.343593] __kmalloc_cache_noprof+0x189/0x420 [ 27.343817] kasan_bitops_generic+0x92/0x1c0 [ 27.344043] kunit_try_run_case+0x1a5/0x480 [ 27.344302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.344504] kthread+0x337/0x6f0 [ 27.344629] ret_from_fork+0x116/0x1d0 [ 27.344765] ret_from_fork_asm+0x1a/0x30 [ 27.344934] [ 27.345006] The buggy address belongs to the object at ffff88810527f2e0 [ 27.345006] which belongs to the cache kmalloc-16 of size 16 [ 27.345750] The buggy address is located 8 bytes inside of [ 27.345750] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.346474] [ 27.346582] The buggy address belongs to the physical page: [ 27.346842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.347314] flags: 0x200000000000000(node=0|zone=2) [ 27.347579] page_type: f5(slab) [ 27.347759] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.348111] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.348512] page dumped because: kasan: bad access detected [ 27.348759] [ 27.348831] Memory state around the buggy address: [ 27.349076] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.349691] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.349990] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.350281] ^ [ 27.350551] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.350889] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.351144] ================================================================== [ 27.312333] ================================================================== [ 27.312692] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.313099] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.313633] [ 27.313759] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.313812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.313825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.313849] Call Trace: [ 27.313869] <TASK> [ 27.313888] dump_stack_lvl+0x73/0xb0 [ 27.313917] print_report+0xd1/0x650 [ 27.313940] ? __virt_addr_valid+0x1db/0x2d0 [ 27.313966] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.313991] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.314017] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.314068] kasan_report+0x141/0x180 [ 27.314091] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.314120] kasan_check_range+0x10c/0x1c0 [ 27.314218] __kasan_check_write+0x18/0x20 [ 27.314244] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.314270] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.314296] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.314320] ? kasan_bitops_generic+0x92/0x1c0 [ 27.314348] kasan_bitops_generic+0x116/0x1c0 [ 27.314370] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.314405] ? __pfx_read_tsc+0x10/0x10 [ 27.314427] ? ktime_get_ts64+0x86/0x230 [ 27.314453] kunit_try_run_case+0x1a5/0x480 [ 27.314479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.314503] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.314529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.314554] ? __kthread_parkme+0x82/0x180 [ 27.314576] ? preempt_count_sub+0x50/0x80 [ 27.314600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.314626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.314650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.314675] kthread+0x337/0x6f0 [ 27.314696] ? trace_preempt_on+0x20/0xc0 [ 27.314720] ? __pfx_kthread+0x10/0x10 [ 27.314743] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.314766] ? calculate_sigpending+0x7b/0xa0 [ 27.314790] ? __pfx_kthread+0x10/0x10 [ 27.314812] ret_from_fork+0x116/0x1d0 [ 27.314831] ? __pfx_kthread+0x10/0x10 [ 27.314852] ret_from_fork_asm+0x1a/0x30 [ 27.314884] </TASK> [ 27.314896] [ 27.322751] Allocated by task 310: [ 27.322943] kasan_save_stack+0x45/0x70 [ 27.323250] kasan_save_track+0x18/0x40 [ 27.323461] kasan_save_alloc_info+0x3b/0x50 [ 27.323667] __kasan_kmalloc+0xb7/0xc0 [ 27.323858] __kmalloc_cache_noprof+0x189/0x420 [ 27.324095] kasan_bitops_generic+0x92/0x1c0 [ 27.324378] kunit_try_run_case+0x1a5/0x480 [ 27.324603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.324859] kthread+0x337/0x6f0 [ 27.325042] ret_from_fork+0x116/0x1d0 [ 27.325472] ret_from_fork_asm+0x1a/0x30 [ 27.325662] [ 27.325749] The buggy address belongs to the object at ffff88810527f2e0 [ 27.325749] which belongs to the cache kmalloc-16 of size 16 [ 27.326272] The buggy address is located 8 bytes inside of [ 27.326272] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.326743] [ 27.326820] The buggy address belongs to the physical page: [ 27.327050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.327356] flags: 0x200000000000000(node=0|zone=2) [ 27.327581] page_type: f5(slab) [ 27.327746] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.328037] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.328357] page dumped because: kasan: bad access detected [ 27.328822] [ 27.328962] Memory state around the buggy address: [ 27.329131] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.329434] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.329650] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.329860] ^ [ 27.330240] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.330567] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.330902] ================================================================== [ 27.225194] ================================================================== [ 27.225535] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.226111] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.226590] [ 27.226713] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.226773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.226788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.226814] Call Trace: [ 27.226837] <TASK> [ 27.226860] dump_stack_lvl+0x73/0xb0 [ 27.226893] print_report+0xd1/0x650 [ 27.226918] ? __virt_addr_valid+0x1db/0x2d0 [ 27.226945] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.226973] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.227002] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.227031] kasan_report+0x141/0x180 [ 27.227055] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.227088] kasan_check_range+0x10c/0x1c0 [ 27.227113] __kasan_check_write+0x18/0x20 [ 27.227139] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.227166] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.227195] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.227223] ? kasan_bitops_generic+0x92/0x1c0 [ 27.227252] kasan_bitops_generic+0x116/0x1c0 [ 27.227279] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.227307] ? __pfx_read_tsc+0x10/0x10 [ 27.227331] ? ktime_get_ts64+0x86/0x230 [ 27.227359] kunit_try_run_case+0x1a5/0x480 [ 27.227387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.227426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.227453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.227479] ? __kthread_parkme+0x82/0x180 [ 27.227503] ? preempt_count_sub+0x50/0x80 [ 27.227529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.227557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.227584] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.227611] kthread+0x337/0x6f0 [ 27.227633] ? trace_preempt_on+0x20/0xc0 [ 27.227662] ? __pfx_kthread+0x10/0x10 [ 27.227686] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.227710] ? calculate_sigpending+0x7b/0xa0 [ 27.227737] ? __pfx_kthread+0x10/0x10 [ 27.227760] ret_from_fork+0x116/0x1d0 [ 27.227782] ? __pfx_kthread+0x10/0x10 [ 27.227804] ret_from_fork_asm+0x1a/0x30 [ 27.227839] </TASK> [ 27.227852] [ 27.236863] Allocated by task 310: [ 27.237078] kasan_save_stack+0x45/0x70 [ 27.237563] kasan_save_track+0x18/0x40 [ 27.237921] kasan_save_alloc_info+0x3b/0x50 [ 27.238089] __kasan_kmalloc+0xb7/0xc0 [ 27.238234] __kmalloc_cache_noprof+0x189/0x420 [ 27.239175] kasan_bitops_generic+0x92/0x1c0 [ 27.239715] kunit_try_run_case+0x1a5/0x480 [ 27.240339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.240553] kthread+0x337/0x6f0 [ 27.240683] ret_from_fork+0x116/0x1d0 [ 27.240821] ret_from_fork_asm+0x1a/0x30 [ 27.240968] [ 27.241041] The buggy address belongs to the object at ffff88810527f2e0 [ 27.241041] which belongs to the cache kmalloc-16 of size 16 [ 27.241985] The buggy address is located 8 bytes inside of [ 27.241985] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.243996] [ 27.244133] The buggy address belongs to the physical page: [ 27.244748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.245205] flags: 0x200000000000000(node=0|zone=2) [ 27.245657] page_type: f5(slab) [ 27.245952] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.246773] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.247303] page dumped because: kasan: bad access detected [ 27.247568] [ 27.247655] Memory state around the buggy address: [ 27.247875] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.248595] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.248958] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.249447] ^ [ 27.249835] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.250360] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.250669] ================================================================== [ 27.272000] ================================================================== [ 27.272599] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.272880] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.273199] [ 27.273317] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.273371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.273385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.273454] Call Trace: [ 27.273474] <TASK> [ 27.273497] dump_stack_lvl+0x73/0xb0 [ 27.273528] print_report+0xd1/0x650 [ 27.273552] ? __virt_addr_valid+0x1db/0x2d0 [ 27.273578] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.273633] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273661] kasan_report+0x141/0x180 [ 27.273684] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273716] kasan_check_range+0x10c/0x1c0 [ 27.273741] __kasan_check_write+0x18/0x20 [ 27.273766] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273793] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.273821] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.273848] ? kasan_bitops_generic+0x92/0x1c0 [ 27.273884] kasan_bitops_generic+0x116/0x1c0 [ 27.273909] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.273935] ? __pfx_read_tsc+0x10/0x10 [ 27.273959] ? ktime_get_ts64+0x86/0x230 [ 27.273986] kunit_try_run_case+0x1a5/0x480 [ 27.274014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.274040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.274068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.274094] ? __kthread_parkme+0x82/0x180 [ 27.274116] ? preempt_count_sub+0x50/0x80 [ 27.274142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.274169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.274195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.274222] kthread+0x337/0x6f0 [ 27.274242] ? trace_preempt_on+0x20/0xc0 [ 27.274268] ? __pfx_kthread+0x10/0x10 [ 27.274290] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.274315] ? calculate_sigpending+0x7b/0xa0 [ 27.274340] ? __pfx_kthread+0x10/0x10 [ 27.274364] ret_from_fork+0x116/0x1d0 [ 27.274384] ? __pfx_kthread+0x10/0x10 [ 27.274642] ret_from_fork_asm+0x1a/0x30 [ 27.274679] </TASK> [ 27.274692] [ 27.283282] Allocated by task 310: [ 27.283494] kasan_save_stack+0x45/0x70 [ 27.283703] kasan_save_track+0x18/0x40 [ 27.283910] kasan_save_alloc_info+0x3b/0x50 [ 27.284123] __kasan_kmalloc+0xb7/0xc0 [ 27.284320] __kmalloc_cache_noprof+0x189/0x420 [ 27.284623] kasan_bitops_generic+0x92/0x1c0 [ 27.284832] kunit_try_run_case+0x1a5/0x480 [ 27.284993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.285265] kthread+0x337/0x6f0 [ 27.285448] ret_from_fork+0x116/0x1d0 [ 27.285643] ret_from_fork_asm+0x1a/0x30 [ 27.285837] [ 27.285917] The buggy address belongs to the object at ffff88810527f2e0 [ 27.285917] which belongs to the cache kmalloc-16 of size 16 [ 27.286640] The buggy address is located 8 bytes inside of [ 27.286640] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.287254] [ 27.287350] The buggy address belongs to the physical page: [ 27.287589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.287950] flags: 0x200000000000000(node=0|zone=2) [ 27.288270] page_type: f5(slab) [ 27.288437] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.288791] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.289127] page dumped because: kasan: bad access detected [ 27.289478] [ 27.289576] Memory state around the buggy address: [ 27.289782] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.290064] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.290574] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.290913] ^ [ 27.291331] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.291679] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.291970] ================================================================== [ 27.351575] ================================================================== [ 27.352054] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.352529] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.352848] [ 27.352970] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.353024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.353037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.353063] Call Trace: [ 27.353085] <TASK> [ 27.353106] dump_stack_lvl+0x73/0xb0 [ 27.353329] print_report+0xd1/0x650 [ 27.353366] ? __virt_addr_valid+0x1db/0x2d0 [ 27.353410] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353437] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.353465] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353492] kasan_report+0x141/0x180 [ 27.353516] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353547] kasan_check_range+0x10c/0x1c0 [ 27.353571] __kasan_check_write+0x18/0x20 [ 27.353596] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353621] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.353649] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.353676] ? kasan_bitops_generic+0x92/0x1c0 [ 27.353703] kasan_bitops_generic+0x116/0x1c0 [ 27.353728] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.353754] ? __pfx_read_tsc+0x10/0x10 [ 27.353778] ? ktime_get_ts64+0x86/0x230 [ 27.353804] kunit_try_run_case+0x1a5/0x480 [ 27.353831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.353856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.353912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.353940] ? __kthread_parkme+0x82/0x180 [ 27.353963] ? preempt_count_sub+0x50/0x80 [ 27.353989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.354016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.354042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.354070] kthread+0x337/0x6f0 [ 27.354092] ? trace_preempt_on+0x20/0xc0 [ 27.354119] ? __pfx_kthread+0x10/0x10 [ 27.354222] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.354249] ? calculate_sigpending+0x7b/0xa0 [ 27.354276] ? __pfx_kthread+0x10/0x10 [ 27.354300] ret_from_fork+0x116/0x1d0 [ 27.354322] ? __pfx_kthread+0x10/0x10 [ 27.354345] ret_from_fork_asm+0x1a/0x30 [ 27.354379] </TASK> [ 27.354402] [ 27.363216] Allocated by task 310: [ 27.363427] kasan_save_stack+0x45/0x70 [ 27.363640] kasan_save_track+0x18/0x40 [ 27.363833] kasan_save_alloc_info+0x3b/0x50 [ 27.364066] __kasan_kmalloc+0xb7/0xc0 [ 27.364332] __kmalloc_cache_noprof+0x189/0x420 [ 27.364512] kasan_bitops_generic+0x92/0x1c0 [ 27.364665] kunit_try_run_case+0x1a5/0x480 [ 27.364835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.365119] kthread+0x337/0x6f0 [ 27.365499] ret_from_fork+0x116/0x1d0 [ 27.365694] ret_from_fork_asm+0x1a/0x30 [ 27.365899] [ 27.365996] The buggy address belongs to the object at ffff88810527f2e0 [ 27.365996] which belongs to the cache kmalloc-16 of size 16 [ 27.366605] The buggy address is located 8 bytes inside of [ 27.366605] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.367113] [ 27.367285] The buggy address belongs to the physical page: [ 27.367499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.367749] flags: 0x200000000000000(node=0|zone=2) [ 27.367948] page_type: f5(slab) [ 27.368077] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.368450] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.368791] page dumped because: kasan: bad access detected [ 27.369046] [ 27.369141] Memory state around the buggy address: [ 27.369368] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.369928] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.370232] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.370540] ^ [ 27.370845] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.371256] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.371563] ================================================================== [ 27.185415] ================================================================== [ 27.185848] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.187230] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.188471] [ 27.188590] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.188652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.188668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.188725] Call Trace: [ 27.188743] <TASK> [ 27.188768] dump_stack_lvl+0x73/0xb0 [ 27.188928] print_report+0xd1/0x650 [ 27.188957] ? __virt_addr_valid+0x1db/0x2d0 [ 27.188985] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189012] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.189042] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189070] kasan_report+0x141/0x180 [ 27.189094] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189127] kasan_check_range+0x10c/0x1c0 [ 27.189328] __kasan_check_write+0x18/0x20 [ 27.189355] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189384] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.189426] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.189455] ? kasan_bitops_generic+0x92/0x1c0 [ 27.189486] kasan_bitops_generic+0x116/0x1c0 [ 27.189512] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.189540] ? __pfx_read_tsc+0x10/0x10 [ 27.189566] ? ktime_get_ts64+0x86/0x230 [ 27.189595] kunit_try_run_case+0x1a5/0x480 [ 27.189625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.189652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.189681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.189709] ? __kthread_parkme+0x82/0x180 [ 27.189734] ? preempt_count_sub+0x50/0x80 [ 27.189760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.189788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.189816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.189842] kthread+0x337/0x6f0 [ 27.189889] ? trace_preempt_on+0x20/0xc0 [ 27.189916] ? __pfx_kthread+0x10/0x10 [ 27.189940] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.189965] ? calculate_sigpending+0x7b/0xa0 [ 27.189992] ? __pfx_kthread+0x10/0x10 [ 27.190016] ret_from_fork+0x116/0x1d0 [ 27.190037] ? __pfx_kthread+0x10/0x10 [ 27.190062] ret_from_fork_asm+0x1a/0x30 [ 27.190099] </TASK> [ 27.190114] [ 27.210201] Allocated by task 310: [ 27.210871] kasan_save_stack+0x45/0x70 [ 27.211452] kasan_save_track+0x18/0x40 [ 27.212097] kasan_save_alloc_info+0x3b/0x50 [ 27.212448] __kasan_kmalloc+0xb7/0xc0 [ 27.212603] __kmalloc_cache_noprof+0x189/0x420 [ 27.212769] kasan_bitops_generic+0x92/0x1c0 [ 27.212946] kunit_try_run_case+0x1a5/0x480 [ 27.213286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.213812] kthread+0x337/0x6f0 [ 27.214244] ret_from_fork+0x116/0x1d0 [ 27.214644] ret_from_fork_asm+0x1a/0x30 [ 27.215144] [ 27.215477] The buggy address belongs to the object at ffff88810527f2e0 [ 27.215477] which belongs to the cache kmalloc-16 of size 16 [ 27.216304] The buggy address is located 8 bytes inside of [ 27.216304] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.217081] [ 27.217295] The buggy address belongs to the physical page: [ 27.217912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.218602] flags: 0x200000000000000(node=0|zone=2) [ 27.218793] page_type: f5(slab) [ 27.219045] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.219866] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.220773] page dumped because: kasan: bad access detected [ 27.221372] [ 27.221464] Memory state around the buggy address: [ 27.221634] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.221867] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.222102] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.222854] ^ [ 27.223144] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.223518] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.224404] ==================================================================