Date
July 8, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 25.618516] ================================================================== [ 25.619255] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.619747] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.620670] [ 25.620883] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.620938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.620950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.620973] Call Trace: [ 25.620995] <TASK> [ 25.621015] dump_stack_lvl+0x73/0xb0 [ 25.621048] print_report+0xd1/0x610 [ 25.621073] ? __virt_addr_valid+0x1db/0x2d0 [ 25.621099] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.621159] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621187] kasan_report+0x141/0x180 [ 25.621217] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621260] kasan_check_range+0x10c/0x1c0 [ 25.621287] __kasan_check_write+0x18/0x20 [ 25.621315] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621344] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.621373] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.621402] ? trace_hardirqs_on+0x37/0xe0 [ 25.621427] ? kasan_bitops_generic+0x92/0x1c0 [ 25.621457] kasan_bitops_generic+0x116/0x1c0 [ 25.621484] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.621512] ? __pfx_read_tsc+0x10/0x10 [ 25.621539] ? ktime_get_ts64+0x86/0x230 [ 25.621566] kunit_try_run_case+0x1a5/0x480 [ 25.621590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.621612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.621637] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.621669] ? __kthread_parkme+0x82/0x180 [ 25.621692] ? preempt_count_sub+0x50/0x80 [ 25.621718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.621741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.621770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.621799] kthread+0x337/0x6f0 [ 25.621976] ? trace_preempt_on+0x20/0xc0 [ 25.622004] ? __pfx_kthread+0x10/0x10 [ 25.622029] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.622057] ? calculate_sigpending+0x7b/0xa0 [ 25.622086] ? __pfx_kthread+0x10/0x10 [ 25.622111] ret_from_fork+0x116/0x1d0 [ 25.622132] ? __pfx_kthread+0x10/0x10 [ 25.622156] ret_from_fork_asm+0x1a/0x30 [ 25.622192] </TASK> [ 25.622204] [ 25.637441] Allocated by task 309: [ 25.637782] kasan_save_stack+0x45/0x70 [ 25.638214] kasan_save_track+0x18/0x40 [ 25.638655] kasan_save_alloc_info+0x3b/0x50 [ 25.639192] __kasan_kmalloc+0xb7/0xc0 [ 25.639564] __kmalloc_cache_noprof+0x189/0x420 [ 25.640048] kasan_bitops_generic+0x92/0x1c0 [ 25.640378] kunit_try_run_case+0x1a5/0x480 [ 25.640526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.640698] kthread+0x337/0x6f0 [ 25.641070] ret_from_fork+0x116/0x1d0 [ 25.641442] ret_from_fork_asm+0x1a/0x30 [ 25.641911] [ 25.642094] The buggy address belongs to the object at ffff88810598a260 [ 25.642094] which belongs to the cache kmalloc-16 of size 16 [ 25.643343] The buggy address is located 8 bytes inside of [ 25.643343] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.644136] [ 25.644331] The buggy address belongs to the physical page: [ 25.644991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.645629] flags: 0x200000000000000(node=0|zone=2) [ 25.645994] page_type: f5(slab) [ 25.646323] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.647029] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.647274] page dumped because: kasan: bad access detected [ 25.647450] [ 25.647516] Memory state around the buggy address: [ 25.647667] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.648031] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.648284] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.648568] ^ [ 25.648873] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.649203] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.649709] ================================================================== [ 25.509032] ================================================================== [ 25.509391] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.509711] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.510093] [ 25.510192] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.510254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.510267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.510290] Call Trace: [ 25.510310] <TASK> [ 25.510328] dump_stack_lvl+0x73/0xb0 [ 25.510361] print_report+0xd1/0x610 [ 25.510386] ? __virt_addr_valid+0x1db/0x2d0 [ 25.510411] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.510471] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510500] kasan_report+0x141/0x180 [ 25.510525] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510558] kasan_check_range+0x10c/0x1c0 [ 25.510585] __kasan_check_write+0x18/0x20 [ 25.510613] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510642] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.510672] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.510698] ? trace_hardirqs_on+0x37/0xe0 [ 25.510722] ? kasan_bitops_generic+0x92/0x1c0 [ 25.510753] kasan_bitops_generic+0x116/0x1c0 [ 25.510779] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.510808] ? __pfx_read_tsc+0x10/0x10 [ 25.510890] ? ktime_get_ts64+0x86/0x230 [ 25.510921] kunit_try_run_case+0x1a5/0x480 [ 25.510945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.510967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.510989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.511020] ? __kthread_parkme+0x82/0x180 [ 25.511043] ? preempt_count_sub+0x50/0x80 [ 25.511069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.511093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.511120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.511149] kthread+0x337/0x6f0 [ 25.511172] ? trace_preempt_on+0x20/0xc0 [ 25.511196] ? __pfx_kthread+0x10/0x10 [ 25.511220] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.511260] ? calculate_sigpending+0x7b/0xa0 [ 25.511288] ? __pfx_kthread+0x10/0x10 [ 25.511313] ret_from_fork+0x116/0x1d0 [ 25.511334] ? __pfx_kthread+0x10/0x10 [ 25.511358] ret_from_fork_asm+0x1a/0x30 [ 25.511394] </TASK> [ 25.511405] [ 25.519245] Allocated by task 309: [ 25.519652] kasan_save_stack+0x45/0x70 [ 25.520012] kasan_save_track+0x18/0x40 [ 25.520170] kasan_save_alloc_info+0x3b/0x50 [ 25.520328] __kasan_kmalloc+0xb7/0xc0 [ 25.520454] __kmalloc_cache_noprof+0x189/0x420 [ 25.520770] kasan_bitops_generic+0x92/0x1c0 [ 25.521229] kunit_try_run_case+0x1a5/0x480 [ 25.521445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.521666] kthread+0x337/0x6f0 [ 25.521783] ret_from_fork+0x116/0x1d0 [ 25.521909] ret_from_fork_asm+0x1a/0x30 [ 25.522046] [ 25.522110] The buggy address belongs to the object at ffff88810598a260 [ 25.522110] which belongs to the cache kmalloc-16 of size 16 [ 25.522982] The buggy address is located 8 bytes inside of [ 25.522982] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.523336] [ 25.523401] The buggy address belongs to the physical page: [ 25.523567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.523979] flags: 0x200000000000000(node=0|zone=2) [ 25.524217] page_type: f5(slab) [ 25.524396] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.524738] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.525078] page dumped because: kasan: bad access detected [ 25.525342] [ 25.525432] Memory state around the buggy address: [ 25.525654] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.525947] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.526223] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.526555] ^ [ 25.527130] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.527394] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.527604] ================================================================== [ 25.566719] ================================================================== [ 25.567174] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.567523] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.567904] [ 25.568018] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.568069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.568082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.568104] Call Trace: [ 25.568126] <TASK> [ 25.568146] dump_stack_lvl+0x73/0xb0 [ 25.568179] print_report+0xd1/0x610 [ 25.568202] ? __virt_addr_valid+0x1db/0x2d0 [ 25.568228] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.568298] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568327] kasan_report+0x141/0x180 [ 25.568351] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568385] kasan_check_range+0x10c/0x1c0 [ 25.568413] __kasan_check_write+0x18/0x20 [ 25.568440] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568469] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.568498] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.568526] ? trace_hardirqs_on+0x37/0xe0 [ 25.568551] ? kasan_bitops_generic+0x92/0x1c0 [ 25.568581] kasan_bitops_generic+0x116/0x1c0 [ 25.568608] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.568636] ? __pfx_read_tsc+0x10/0x10 [ 25.568662] ? ktime_get_ts64+0x86/0x230 [ 25.568690] kunit_try_run_case+0x1a5/0x480 [ 25.568714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.568736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.568806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.568839] ? __kthread_parkme+0x82/0x180 [ 25.568863] ? preempt_count_sub+0x50/0x80 [ 25.568888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.568914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.568942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.568971] kthread+0x337/0x6f0 [ 25.568995] ? trace_preempt_on+0x20/0xc0 [ 25.569020] ? __pfx_kthread+0x10/0x10 [ 25.569044] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.569073] ? calculate_sigpending+0x7b/0xa0 [ 25.569103] ? __pfx_kthread+0x10/0x10 [ 25.569130] ret_from_fork+0x116/0x1d0 [ 25.569152] ? __pfx_kthread+0x10/0x10 [ 25.569177] ret_from_fork_asm+0x1a/0x30 [ 25.569221] </TASK> [ 25.569233] [ 25.578295] Allocated by task 309: [ 25.578551] kasan_save_stack+0x45/0x70 [ 25.579043] kasan_save_track+0x18/0x40 [ 25.579399] kasan_save_alloc_info+0x3b/0x50 [ 25.579621] __kasan_kmalloc+0xb7/0xc0 [ 25.580311] __kmalloc_cache_noprof+0x189/0x420 [ 25.580623] kasan_bitops_generic+0x92/0x1c0 [ 25.581068] kunit_try_run_case+0x1a5/0x480 [ 25.581292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.581523] kthread+0x337/0x6f0 [ 25.581677] ret_from_fork+0x116/0x1d0 [ 25.582334] ret_from_fork_asm+0x1a/0x30 [ 25.582513] [ 25.582598] The buggy address belongs to the object at ffff88810598a260 [ 25.582598] which belongs to the cache kmalloc-16 of size 16 [ 25.583671] The buggy address is located 8 bytes inside of [ 25.583671] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.584346] [ 25.584442] The buggy address belongs to the physical page: [ 25.584669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.585512] flags: 0x200000000000000(node=0|zone=2) [ 25.585740] page_type: f5(slab) [ 25.586214] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.586664] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.587034] page dumped because: kasan: bad access detected [ 25.587274] [ 25.587356] Memory state around the buggy address: [ 25.587546] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.588175] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.588457] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.588738] ^ [ 25.589068] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.589370] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.589647] ================================================================== [ 25.482832] ================================================================== [ 25.483288] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.483650] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.483943] [ 25.484056] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.484110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.484124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.484147] Call Trace: [ 25.484162] <TASK> [ 25.484182] dump_stack_lvl+0x73/0xb0 [ 25.484215] print_report+0xd1/0x610 [ 25.484260] ? __virt_addr_valid+0x1db/0x2d0 [ 25.484286] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484325] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.484357] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484394] kasan_report+0x141/0x180 [ 25.484439] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484482] kasan_check_range+0x10c/0x1c0 [ 25.484510] __kasan_check_write+0x18/0x20 [ 25.484548] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484576] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.484606] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.484634] ? trace_hardirqs_on+0x37/0xe0 [ 25.484658] ? kasan_bitops_generic+0x92/0x1c0 [ 25.484689] kasan_bitops_generic+0x116/0x1c0 [ 25.484716] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.484744] ? __pfx_read_tsc+0x10/0x10 [ 25.484786] ? ktime_get_ts64+0x86/0x230 [ 25.484821] kunit_try_run_case+0x1a5/0x480 [ 25.484845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.484867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.484891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.484930] ? __kthread_parkme+0x82/0x180 [ 25.484953] ? preempt_count_sub+0x50/0x80 [ 25.484984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.485008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.485036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.485064] kthread+0x337/0x6f0 [ 25.485087] ? trace_preempt_on+0x20/0xc0 [ 25.485113] ? __pfx_kthread+0x10/0x10 [ 25.485137] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.485165] ? calculate_sigpending+0x7b/0xa0 [ 25.485199] ? __pfx_kthread+0x10/0x10 [ 25.485224] ret_from_fork+0x116/0x1d0 [ 25.485253] ? __pfx_kthread+0x10/0x10 [ 25.485277] ret_from_fork_asm+0x1a/0x30 [ 25.485314] </TASK> [ 25.485326] [ 25.499787] Allocated by task 309: [ 25.500111] kasan_save_stack+0x45/0x70 [ 25.500476] kasan_save_track+0x18/0x40 [ 25.500857] kasan_save_alloc_info+0x3b/0x50 [ 25.501265] __kasan_kmalloc+0xb7/0xc0 [ 25.501406] __kmalloc_cache_noprof+0x189/0x420 [ 25.501559] kasan_bitops_generic+0x92/0x1c0 [ 25.501705] kunit_try_run_case+0x1a5/0x480 [ 25.501920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.502210] kthread+0x337/0x6f0 [ 25.502386] ret_from_fork+0x116/0x1d0 [ 25.502516] ret_from_fork_asm+0x1a/0x30 [ 25.502709] [ 25.502999] The buggy address belongs to the object at ffff88810598a260 [ 25.502999] which belongs to the cache kmalloc-16 of size 16 [ 25.503461] The buggy address is located 8 bytes inside of [ 25.503461] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.504037] [ 25.504117] The buggy address belongs to the physical page: [ 25.504361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.504676] flags: 0x200000000000000(node=0|zone=2) [ 25.504961] page_type: f5(slab) [ 25.505123] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.505457] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.505725] page dumped because: kasan: bad access detected [ 25.505967] [ 25.506040] Memory state around the buggy address: [ 25.506189] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.506554] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.506978] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.507189] ^ [ 25.507928] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.508294] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.508554] ================================================================== [ 25.546827] ================================================================== [ 25.547503] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548199] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.548445] [ 25.548527] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.548578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.548590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.548613] Call Trace: [ 25.548631] <TASK> [ 25.548649] dump_stack_lvl+0x73/0xb0 [ 25.548681] print_report+0xd1/0x610 [ 25.548705] ? __virt_addr_valid+0x1db/0x2d0 [ 25.548731] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.548789] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548819] kasan_report+0x141/0x180 [ 25.548916] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548951] kasan_check_range+0x10c/0x1c0 [ 25.548978] __kasan_check_write+0x18/0x20 [ 25.549005] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.549035] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.549065] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.549092] ? trace_hardirqs_on+0x37/0xe0 [ 25.549116] ? kasan_bitops_generic+0x92/0x1c0 [ 25.549146] kasan_bitops_generic+0x116/0x1c0 [ 25.549173] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.549207] ? __pfx_read_tsc+0x10/0x10 [ 25.549232] ? ktime_get_ts64+0x86/0x230 [ 25.549272] kunit_try_run_case+0x1a5/0x480 [ 25.549295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.549317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.549341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.549372] ? __kthread_parkme+0x82/0x180 [ 25.549394] ? preempt_count_sub+0x50/0x80 [ 25.549419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.549443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.549471] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.549500] kthread+0x337/0x6f0 [ 25.549523] ? trace_preempt_on+0x20/0xc0 [ 25.549548] ? __pfx_kthread+0x10/0x10 [ 25.549572] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.549601] ? calculate_sigpending+0x7b/0xa0 [ 25.549629] ? __pfx_kthread+0x10/0x10 [ 25.549654] ret_from_fork+0x116/0x1d0 [ 25.549675] ? __pfx_kthread+0x10/0x10 [ 25.549699] ret_from_fork_asm+0x1a/0x30 [ 25.549734] </TASK> [ 25.549746] [ 25.557664] Allocated by task 309: [ 25.557849] kasan_save_stack+0x45/0x70 [ 25.558076] kasan_save_track+0x18/0x40 [ 25.558577] kasan_save_alloc_info+0x3b/0x50 [ 25.558825] __kasan_kmalloc+0xb7/0xc0 [ 25.559012] __kmalloc_cache_noprof+0x189/0x420 [ 25.559197] kasan_bitops_generic+0x92/0x1c0 [ 25.559399] kunit_try_run_case+0x1a5/0x480 [ 25.559586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.559761] kthread+0x337/0x6f0 [ 25.559880] ret_from_fork+0x116/0x1d0 [ 25.560007] ret_from_fork_asm+0x1a/0x30 [ 25.560144] [ 25.560210] The buggy address belongs to the object at ffff88810598a260 [ 25.560210] which belongs to the cache kmalloc-16 of size 16 [ 25.560599] The buggy address is located 8 bytes inside of [ 25.560599] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.561107] [ 25.561201] The buggy address belongs to the physical page: [ 25.561507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.562033] flags: 0x200000000000000(node=0|zone=2) [ 25.562380] page_type: f5(slab) [ 25.562545] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.562888] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.563190] page dumped because: kasan: bad access detected [ 25.563449] [ 25.563521] Memory state around the buggy address: [ 25.563672] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.564463] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.564729] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.565180] ^ [ 25.565400] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.565608] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.566226] ================================================================== [ 25.528116] ================================================================== [ 25.528467] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.528840] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.529163] [ 25.529489] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.529545] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.529559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.529582] Call Trace: [ 25.529610] <TASK> [ 25.529630] dump_stack_lvl+0x73/0xb0 [ 25.529663] print_report+0xd1/0x610 [ 25.529688] ? __virt_addr_valid+0x1db/0x2d0 [ 25.529714] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.529773] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529803] kasan_report+0x141/0x180 [ 25.529828] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529863] kasan_check_range+0x10c/0x1c0 [ 25.529890] __kasan_check_write+0x18/0x20 [ 25.529918] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529948] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.529978] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.530006] ? trace_hardirqs_on+0x37/0xe0 [ 25.530030] ? kasan_bitops_generic+0x92/0x1c0 [ 25.530062] kasan_bitops_generic+0x116/0x1c0 [ 25.530157] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.530186] ? __pfx_read_tsc+0x10/0x10 [ 25.530213] ? ktime_get_ts64+0x86/0x230 [ 25.530255] kunit_try_run_case+0x1a5/0x480 [ 25.530280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.530301] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.530325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.530356] ? __kthread_parkme+0x82/0x180 [ 25.530378] ? preempt_count_sub+0x50/0x80 [ 25.530403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.530427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.530455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.530484] kthread+0x337/0x6f0 [ 25.530508] ? trace_preempt_on+0x20/0xc0 [ 25.530533] ? __pfx_kthread+0x10/0x10 [ 25.530557] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.530585] ? calculate_sigpending+0x7b/0xa0 [ 25.530614] ? __pfx_kthread+0x10/0x10 [ 25.530639] ret_from_fork+0x116/0x1d0 [ 25.530660] ? __pfx_kthread+0x10/0x10 [ 25.530684] ret_from_fork_asm+0x1a/0x30 [ 25.530720] </TASK> [ 25.530731] [ 25.538762] Allocated by task 309: [ 25.538926] kasan_save_stack+0x45/0x70 [ 25.539127] kasan_save_track+0x18/0x40 [ 25.539372] kasan_save_alloc_info+0x3b/0x50 [ 25.539692] __kasan_kmalloc+0xb7/0xc0 [ 25.539895] __kmalloc_cache_noprof+0x189/0x420 [ 25.540057] kasan_bitops_generic+0x92/0x1c0 [ 25.540318] kunit_try_run_case+0x1a5/0x480 [ 25.540566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.540965] kthread+0x337/0x6f0 [ 25.541128] ret_from_fork+0x116/0x1d0 [ 25.541304] ret_from_fork_asm+0x1a/0x30 [ 25.541499] [ 25.541588] The buggy address belongs to the object at ffff88810598a260 [ 25.541588] which belongs to the cache kmalloc-16 of size 16 [ 25.542081] The buggy address is located 8 bytes inside of [ 25.542081] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.542549] [ 25.542640] The buggy address belongs to the physical page: [ 25.542886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.543249] flags: 0x200000000000000(node=0|zone=2) [ 25.543442] page_type: f5(slab) [ 25.543558] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.543906] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.544254] page dumped because: kasan: bad access detected [ 25.544456] [ 25.544544] Memory state around the buggy address: [ 25.544737] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.545069] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.545380] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.545665] ^ [ 25.545962] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.546174] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.546393] ================================================================== [ 25.590622] ================================================================== [ 25.590855] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591109] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.591342] [ 25.591426] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.591474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.591487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.591509] Call Trace: [ 25.591529] <TASK> [ 25.591547] dump_stack_lvl+0x73/0xb0 [ 25.591578] print_report+0xd1/0x610 [ 25.591601] ? __virt_addr_valid+0x1db/0x2d0 [ 25.591626] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591654] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.591684] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591712] kasan_report+0x141/0x180 [ 25.591736] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591769] kasan_check_range+0x10c/0x1c0 [ 25.591795] __kasan_check_write+0x18/0x20 [ 25.591822] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591850] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.591879] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.591906] ? trace_hardirqs_on+0x37/0xe0 [ 25.591929] ? kasan_bitops_generic+0x92/0x1c0 [ 25.591959] kasan_bitops_generic+0x116/0x1c0 [ 25.591987] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.592013] ? __pfx_read_tsc+0x10/0x10 [ 25.592039] ? ktime_get_ts64+0x86/0x230 [ 25.592230] kunit_try_run_case+0x1a5/0x480 [ 25.592272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.592319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.592350] ? __kthread_parkme+0x82/0x180 [ 25.592373] ? preempt_count_sub+0x50/0x80 [ 25.592399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.592452] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.592481] kthread+0x337/0x6f0 [ 25.592505] ? trace_preempt_on+0x20/0xc0 [ 25.592531] ? __pfx_kthread+0x10/0x10 [ 25.592555] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.592584] ? calculate_sigpending+0x7b/0xa0 [ 25.592613] ? __pfx_kthread+0x10/0x10 [ 25.592638] ret_from_fork+0x116/0x1d0 [ 25.592660] ? __pfx_kthread+0x10/0x10 [ 25.592685] ret_from_fork_asm+0x1a/0x30 [ 25.592722] </TASK> [ 25.592734] [ 25.605909] Allocated by task 309: [ 25.606121] kasan_save_stack+0x45/0x70 [ 25.606356] kasan_save_track+0x18/0x40 [ 25.606557] kasan_save_alloc_info+0x3b/0x50 [ 25.606777] __kasan_kmalloc+0xb7/0xc0 [ 25.607355] __kmalloc_cache_noprof+0x189/0x420 [ 25.607598] kasan_bitops_generic+0x92/0x1c0 [ 25.607802] kunit_try_run_case+0x1a5/0x480 [ 25.608001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.608222] kthread+0x337/0x6f0 [ 25.608455] ret_from_fork+0x116/0x1d0 [ 25.608652] ret_from_fork_asm+0x1a/0x30 [ 25.608947] [ 25.609033] The buggy address belongs to the object at ffff88810598a260 [ 25.609033] which belongs to the cache kmalloc-16 of size 16 [ 25.609496] The buggy address is located 8 bytes inside of [ 25.609496] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.610083] [ 25.610323] The buggy address belongs to the physical page: [ 25.610582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.611015] flags: 0x200000000000000(node=0|zone=2) [ 25.611460] page_type: f5(slab) [ 25.611744] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.612710] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.613345] page dumped because: kasan: bad access detected [ 25.613667] [ 25.613734] Memory state around the buggy address: [ 25.614327] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.615037] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.615553] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.616162] ^ [ 25.616539] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.616952] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.617567] ================================================================== [ 25.450698] ================================================================== [ 25.451617] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.452345] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.453001] [ 25.453145] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.453208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.453222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.453255] Call Trace: [ 25.453283] <TASK> [ 25.453304] dump_stack_lvl+0x73/0xb0 [ 25.453350] print_report+0xd1/0x610 [ 25.453377] ? __virt_addr_valid+0x1db/0x2d0 [ 25.453404] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453433] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.453473] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453503] kasan_report+0x141/0x180 [ 25.453528] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453571] kasan_check_range+0x10c/0x1c0 [ 25.453599] __kasan_check_write+0x18/0x20 [ 25.453628] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453657] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.453686] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.453714] ? trace_hardirqs_on+0x37/0xe0 [ 25.453804] ? kasan_bitops_generic+0x92/0x1c0 [ 25.453847] kasan_bitops_generic+0x116/0x1c0 [ 25.453876] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.453904] ? __pfx_read_tsc+0x10/0x10 [ 25.453931] ? ktime_get_ts64+0x86/0x230 [ 25.453958] kunit_try_run_case+0x1a5/0x480 [ 25.453983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.454004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.454028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.454058] ? __kthread_parkme+0x82/0x180 [ 25.454081] ? preempt_count_sub+0x50/0x80 [ 25.454108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.454132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.454160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.454189] kthread+0x337/0x6f0 [ 25.454234] ? trace_preempt_on+0x20/0xc0 [ 25.454275] ? __pfx_kthread+0x10/0x10 [ 25.454299] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.454340] ? calculate_sigpending+0x7b/0xa0 [ 25.454368] ? __pfx_kthread+0x10/0x10 [ 25.454393] ret_from_fork+0x116/0x1d0 [ 25.454426] ? __pfx_kthread+0x10/0x10 [ 25.454450] ret_from_fork_asm+0x1a/0x30 [ 25.454497] </TASK> [ 25.454510] [ 25.468570] Allocated by task 309: [ 25.468997] kasan_save_stack+0x45/0x70 [ 25.469395] kasan_save_track+0x18/0x40 [ 25.469755] kasan_save_alloc_info+0x3b/0x50 [ 25.470208] __kasan_kmalloc+0xb7/0xc0 [ 25.470613] __kmalloc_cache_noprof+0x189/0x420 [ 25.470997] kasan_bitops_generic+0x92/0x1c0 [ 25.471657] kunit_try_run_case+0x1a5/0x480 [ 25.472072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.472480] kthread+0x337/0x6f0 [ 25.472696] ret_from_fork+0x116/0x1d0 [ 25.473084] ret_from_fork_asm+0x1a/0x30 [ 25.473420] [ 25.473601] The buggy address belongs to the object at ffff88810598a260 [ 25.473601] which belongs to the cache kmalloc-16 of size 16 [ 25.474316] The buggy address is located 8 bytes inside of [ 25.474316] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.475485] [ 25.475561] The buggy address belongs to the physical page: [ 25.475731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.476585] flags: 0x200000000000000(node=0|zone=2) [ 25.477127] page_type: f5(slab) [ 25.477464] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.477705] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.478347] page dumped because: kasan: bad access detected [ 25.478900] [ 25.479079] Memory state around the buggy address: [ 25.479467] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.479688] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.480348] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.481075] ^ [ 25.481744] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.482072] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.482297] ==================================================================