Date
July 10, 2025, 9:07 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 27.221766] ================================================================== [ 27.222113] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.222484] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.223021] [ 27.223141] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.223192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.223205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.223229] Call Trace: [ 27.223250] <TASK> [ 27.223268] dump_stack_lvl+0x73/0xb0 [ 27.223298] print_report+0xd1/0x610 [ 27.223320] ? __virt_addr_valid+0x1db/0x2d0 [ 27.223345] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223370] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.223396] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223422] kasan_report+0x141/0x180 [ 27.223444] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223474] kasan_check_range+0x10c/0x1c0 [ 27.223507] __kasan_check_write+0x18/0x20 [ 27.223531] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223556] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.223583] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.223608] ? trace_hardirqs_on+0x37/0xe0 [ 27.223632] ? kasan_bitops_generic+0x92/0x1c0 [ 27.223659] kasan_bitops_generic+0x116/0x1c0 [ 27.223684] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.223723] ? trace_hardirqs_on+0x37/0xe0 [ 27.223746] ? __pfx_read_tsc+0x10/0x10 [ 27.223767] ? ktime_get_ts64+0x86/0x230 [ 27.223853] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.223879] kunit_try_run_case+0x1a5/0x480 [ 27.223903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.223926] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.223950] ? __kthread_parkme+0x82/0x180 [ 27.223971] ? preempt_count_sub+0x50/0x80 [ 27.223995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.224017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.224042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.224067] kthread+0x337/0x6f0 [ 27.224087] ? trace_preempt_on+0x20/0xc0 [ 27.224109] ? __pfx_kthread+0x10/0x10 [ 27.224130] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.224151] ? calculate_sigpending+0x7b/0xa0 [ 27.224176] ? __pfx_kthread+0x10/0x10 [ 27.224197] ret_from_fork+0x116/0x1d0 [ 27.224217] ? __pfx_kthread+0x10/0x10 [ 27.224238] ret_from_fork_asm+0x1a/0x30 [ 27.224270] </TASK> [ 27.224281] [ 27.232768] Allocated by task 309: [ 27.232990] kasan_save_stack+0x45/0x70 [ 27.233160] kasan_save_track+0x18/0x40 [ 27.233289] kasan_save_alloc_info+0x3b/0x50 [ 27.233436] __kasan_kmalloc+0xb7/0xc0 [ 27.233821] __kmalloc_cache_noprof+0x189/0x420 [ 27.234056] kasan_bitops_generic+0x92/0x1c0 [ 27.234257] kunit_try_run_case+0x1a5/0x480 [ 27.234439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.234689] kthread+0x337/0x6f0 [ 27.234819] ret_from_fork+0x116/0x1d0 [ 27.234947] ret_from_fork_asm+0x1a/0x30 [ 27.235082] [ 27.235147] The buggy address belongs to the object at ffff888105807fa0 [ 27.235147] which belongs to the cache kmalloc-16 of size 16 [ 27.235651] The buggy address is located 8 bytes inside of [ 27.235651] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.236651] [ 27.236791] The buggy address belongs to the physical page: [ 27.237095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.237350] flags: 0x200000000000000(node=0|zone=2) [ 27.237716] page_type: f5(slab) [ 27.238061] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.238363] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.238645] page dumped because: kasan: bad access detected [ 27.239075] [ 27.239156] Memory state around the buggy address: [ 27.239359] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.239687] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.240121] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.240441] ^ [ 27.240713] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.241025] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.241255] ================================================================== [ 27.241848] ================================================================== [ 27.242404] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.242897] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.243144] [ 27.243228] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.243280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.243293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.243315] Call Trace: [ 27.243335] <TASK> [ 27.243355] dump_stack_lvl+0x73/0xb0 [ 27.243382] print_report+0xd1/0x610 [ 27.243405] ? __virt_addr_valid+0x1db/0x2d0 [ 27.243429] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.243454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.243480] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.243724] kasan_report+0x141/0x180 [ 27.243749] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.243930] kasan_check_range+0x10c/0x1c0 [ 27.243967] __kasan_check_write+0x18/0x20 [ 27.243993] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.244020] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.244046] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.244070] ? trace_hardirqs_on+0x37/0xe0 [ 27.244093] ? kasan_bitops_generic+0x92/0x1c0 [ 27.244119] kasan_bitops_generic+0x116/0x1c0 [ 27.244143] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.244166] ? trace_hardirqs_on+0x37/0xe0 [ 27.244187] ? __pfx_read_tsc+0x10/0x10 [ 27.244209] ? ktime_get_ts64+0x86/0x230 [ 27.244231] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.244258] kunit_try_run_case+0x1a5/0x480 [ 27.244279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244302] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.244326] ? __kthread_parkme+0x82/0x180 [ 27.244347] ? preempt_count_sub+0x50/0x80 [ 27.244372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.244419] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.244444] kthread+0x337/0x6f0 [ 27.244464] ? trace_preempt_on+0x20/0xc0 [ 27.244486] ? __pfx_kthread+0x10/0x10 [ 27.244507] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.244528] ? calculate_sigpending+0x7b/0xa0 [ 27.244553] ? __pfx_kthread+0x10/0x10 [ 27.244575] ret_from_fork+0x116/0x1d0 [ 27.244594] ? __pfx_kthread+0x10/0x10 [ 27.244615] ret_from_fork_asm+0x1a/0x30 [ 27.244645] </TASK> [ 27.244657] [ 27.253514] Allocated by task 309: [ 27.253658] kasan_save_stack+0x45/0x70 [ 27.253883] kasan_save_track+0x18/0x40 [ 27.254071] kasan_save_alloc_info+0x3b/0x50 [ 27.254418] __kasan_kmalloc+0xb7/0xc0 [ 27.254657] __kmalloc_cache_noprof+0x189/0x420 [ 27.254928] kasan_bitops_generic+0x92/0x1c0 [ 27.255105] kunit_try_run_case+0x1a5/0x480 [ 27.255271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.255535] kthread+0x337/0x6f0 [ 27.255692] ret_from_fork+0x116/0x1d0 [ 27.256054] ret_from_fork_asm+0x1a/0x30 [ 27.256252] [ 27.256345] The buggy address belongs to the object at ffff888105807fa0 [ 27.256345] which belongs to the cache kmalloc-16 of size 16 [ 27.256970] The buggy address is located 8 bytes inside of [ 27.256970] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.257387] [ 27.257459] The buggy address belongs to the physical page: [ 27.257630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.258004] flags: 0x200000000000000(node=0|zone=2) [ 27.258242] page_type: f5(slab) [ 27.258412] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.258845] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.259182] page dumped because: kasan: bad access detected [ 27.259430] [ 27.259538] Memory state around the buggy address: [ 27.259721] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.260167] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.260502] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.260862] ^ [ 27.261084] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.261404] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.261733] ================================================================== [ 27.181809] ================================================================== [ 27.182254] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.182835] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.183221] [ 27.183310] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.183360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.183372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.183395] Call Trace: [ 27.183415] <TASK> [ 27.183433] dump_stack_lvl+0x73/0xb0 [ 27.183463] print_report+0xd1/0x610 [ 27.183485] ? __virt_addr_valid+0x1db/0x2d0 [ 27.183509] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.183561] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183587] kasan_report+0x141/0x180 [ 27.183610] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183639] kasan_check_range+0x10c/0x1c0 [ 27.183663] __kasan_check_write+0x18/0x20 [ 27.183687] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183727] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.183753] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.183778] ? trace_hardirqs_on+0x37/0xe0 [ 27.183800] ? kasan_bitops_generic+0x92/0x1c0 [ 27.183827] kasan_bitops_generic+0x116/0x1c0 [ 27.183854] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.183876] ? trace_hardirqs_on+0x37/0xe0 [ 27.183899] ? __pfx_read_tsc+0x10/0x10 [ 27.183974] ? ktime_get_ts64+0x86/0x230 [ 27.184000] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.184027] kunit_try_run_case+0x1a5/0x480 [ 27.184048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.184071] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.184095] ? __kthread_parkme+0x82/0x180 [ 27.184116] ? preempt_count_sub+0x50/0x80 [ 27.184139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.184161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.184186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.184214] kthread+0x337/0x6f0 [ 27.184233] ? trace_preempt_on+0x20/0xc0 [ 27.184255] ? __pfx_kthread+0x10/0x10 [ 27.184276] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.184297] ? calculate_sigpending+0x7b/0xa0 [ 27.184322] ? __pfx_kthread+0x10/0x10 [ 27.184343] ret_from_fork+0x116/0x1d0 [ 27.184362] ? __pfx_kthread+0x10/0x10 [ 27.184383] ret_from_fork_asm+0x1a/0x30 [ 27.184415] </TASK> [ 27.184427] [ 27.193271] Allocated by task 309: [ 27.193441] kasan_save_stack+0x45/0x70 [ 27.193588] kasan_save_track+0x18/0x40 [ 27.193731] kasan_save_alloc_info+0x3b/0x50 [ 27.193920] __kasan_kmalloc+0xb7/0xc0 [ 27.194110] __kmalloc_cache_noprof+0x189/0x420 [ 27.194312] kasan_bitops_generic+0x92/0x1c0 [ 27.194454] kunit_try_run_case+0x1a5/0x480 [ 27.194594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.195150] kthread+0x337/0x6f0 [ 27.195337] ret_from_fork+0x116/0x1d0 [ 27.195576] ret_from_fork_asm+0x1a/0x30 [ 27.195857] [ 27.195944] The buggy address belongs to the object at ffff888105807fa0 [ 27.195944] which belongs to the cache kmalloc-16 of size 16 [ 27.196418] The buggy address is located 8 bytes inside of [ 27.196418] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.196826] [ 27.196965] The buggy address belongs to the physical page: [ 27.197223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.197575] flags: 0x200000000000000(node=0|zone=2) [ 27.197945] page_type: f5(slab) [ 27.198202] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.198542] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.199040] page dumped because: kasan: bad access detected [ 27.199218] [ 27.199283] Memory state around the buggy address: [ 27.199436] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.199650] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.199975] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.200295] ^ [ 27.200785] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.201118] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.201334] ================================================================== [ 27.302963] ================================================================== [ 27.303219] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.303590] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.304103] [ 27.304193] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.304241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.304254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.304274] Call Trace: [ 27.304291] <TASK> [ 27.304305] dump_stack_lvl+0x73/0xb0 [ 27.304334] print_report+0xd1/0x610 [ 27.304355] ? __virt_addr_valid+0x1db/0x2d0 [ 27.304379] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.304429] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304454] kasan_report+0x141/0x180 [ 27.304476] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304505] kasan_check_range+0x10c/0x1c0 [ 27.304529] __kasan_check_write+0x18/0x20 [ 27.304552] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304576] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.304602] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.304648] ? trace_hardirqs_on+0x37/0xe0 [ 27.304669] ? kasan_bitops_generic+0x92/0x1c0 [ 27.304706] kasan_bitops_generic+0x116/0x1c0 [ 27.304731] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.304753] ? trace_hardirqs_on+0x37/0xe0 [ 27.304844] ? __pfx_read_tsc+0x10/0x10 [ 27.304867] ? ktime_get_ts64+0x86/0x230 [ 27.304889] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.304915] kunit_try_run_case+0x1a5/0x480 [ 27.304939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.304962] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.304986] ? __kthread_parkme+0x82/0x180 [ 27.305006] ? preempt_count_sub+0x50/0x80 [ 27.305030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.305052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.305078] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.305104] kthread+0x337/0x6f0 [ 27.305123] ? trace_preempt_on+0x20/0xc0 [ 27.305146] ? __pfx_kthread+0x10/0x10 [ 27.305167] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.305189] ? calculate_sigpending+0x7b/0xa0 [ 27.305213] ? __pfx_kthread+0x10/0x10 [ 27.305235] ret_from_fork+0x116/0x1d0 [ 27.305254] ? __pfx_kthread+0x10/0x10 [ 27.305276] ret_from_fork_asm+0x1a/0x30 [ 27.305307] </TASK> [ 27.305317] [ 27.313457] Allocated by task 309: [ 27.313633] kasan_save_stack+0x45/0x70 [ 27.313836] kasan_save_track+0x18/0x40 [ 27.314021] kasan_save_alloc_info+0x3b/0x50 [ 27.314192] __kasan_kmalloc+0xb7/0xc0 [ 27.314318] __kmalloc_cache_noprof+0x189/0x420 [ 27.314471] kasan_bitops_generic+0x92/0x1c0 [ 27.314614] kunit_try_run_case+0x1a5/0x480 [ 27.317056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.318453] kthread+0x337/0x6f0 [ 27.319068] ret_from_fork+0x116/0x1d0 [ 27.319216] ret_from_fork_asm+0x1a/0x30 [ 27.320785] [ 27.320871] The buggy address belongs to the object at ffff888105807fa0 [ 27.320871] which belongs to the cache kmalloc-16 of size 16 [ 27.322090] The buggy address is located 8 bytes inside of [ 27.322090] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.323470] [ 27.323992] The buggy address belongs to the physical page: [ 27.324422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.324964] flags: 0x200000000000000(node=0|zone=2) [ 27.325141] page_type: f5(slab) [ 27.325259] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.325484] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.325732] page dumped because: kasan: bad access detected [ 27.326283] [ 27.326469] Memory state around the buggy address: [ 27.327158] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.327936] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.328620] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.329272] ^ [ 27.329430] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.330049] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.330955] ================================================================== [ 27.201952] ================================================================== [ 27.202303] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203147] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.203442] [ 27.203565] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.203616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.203629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.203653] Call Trace: [ 27.203673] <TASK> [ 27.203693] dump_stack_lvl+0x73/0xb0 [ 27.203738] print_report+0xd1/0x610 [ 27.203761] ? __virt_addr_valid+0x1db/0x2d0 [ 27.203785] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203810] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.203836] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203868] kasan_report+0x141/0x180 [ 27.203890] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203919] kasan_check_range+0x10c/0x1c0 [ 27.203943] __kasan_check_write+0x18/0x20 [ 27.203966] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203992] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.204019] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.204219] ? trace_hardirqs_on+0x37/0xe0 [ 27.204243] ? kasan_bitops_generic+0x92/0x1c0 [ 27.204270] kasan_bitops_generic+0x116/0x1c0 [ 27.204293] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.204316] ? trace_hardirqs_on+0x37/0xe0 [ 27.204339] ? __pfx_read_tsc+0x10/0x10 [ 27.204360] ? ktime_get_ts64+0x86/0x230 [ 27.204383] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.204410] kunit_try_run_case+0x1a5/0x480 [ 27.204433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.204459] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.204482] ? __kthread_parkme+0x82/0x180 [ 27.204515] ? preempt_count_sub+0x50/0x80 [ 27.204539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.204561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.204587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.204612] kthread+0x337/0x6f0 [ 27.204632] ? trace_preempt_on+0x20/0xc0 [ 27.204654] ? __pfx_kthread+0x10/0x10 [ 27.204675] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.204709] ? calculate_sigpending+0x7b/0xa0 [ 27.204733] ? __pfx_kthread+0x10/0x10 [ 27.204756] ret_from_fork+0x116/0x1d0 [ 27.204822] ? __pfx_kthread+0x10/0x10 [ 27.204848] ret_from_fork_asm+0x1a/0x30 [ 27.204882] </TASK> [ 27.204894] [ 27.213605] Allocated by task 309: [ 27.213772] kasan_save_stack+0x45/0x70 [ 27.214043] kasan_save_track+0x18/0x40 [ 27.214177] kasan_save_alloc_info+0x3b/0x50 [ 27.214323] __kasan_kmalloc+0xb7/0xc0 [ 27.214451] __kmalloc_cache_noprof+0x189/0x420 [ 27.214685] kasan_bitops_generic+0x92/0x1c0 [ 27.215102] kunit_try_run_case+0x1a5/0x480 [ 27.215311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.215559] kthread+0x337/0x6f0 [ 27.215737] ret_from_fork+0x116/0x1d0 [ 27.215970] ret_from_fork_asm+0x1a/0x30 [ 27.216113] [ 27.216179] The buggy address belongs to the object at ffff888105807fa0 [ 27.216179] which belongs to the cache kmalloc-16 of size 16 [ 27.216566] The buggy address is located 8 bytes inside of [ 27.216566] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.217147] [ 27.217241] The buggy address belongs to the physical page: [ 27.217489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.217850] flags: 0x200000000000000(node=0|zone=2) [ 27.218250] page_type: f5(slab) [ 27.218429] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.218694] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.218934] page dumped because: kasan: bad access detected [ 27.219263] [ 27.219356] Memory state around the buggy address: [ 27.219580] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.219920] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.220134] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.220366] ^ [ 27.220624] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.220954] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.221342] ================================================================== [ 27.281575] ================================================================== [ 27.281890] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.282216] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.282511] [ 27.282609] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.282656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.282670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.282692] Call Trace: [ 27.282826] <TASK> [ 27.282847] dump_stack_lvl+0x73/0xb0 [ 27.282877] print_report+0xd1/0x610 [ 27.282899] ? __virt_addr_valid+0x1db/0x2d0 [ 27.282923] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.282949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.282975] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.282999] kasan_report+0x141/0x180 [ 27.283022] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.283051] kasan_check_range+0x10c/0x1c0 [ 27.283074] __kasan_check_write+0x18/0x20 [ 27.283097] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.283123] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.283149] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.283172] ? trace_hardirqs_on+0x37/0xe0 [ 27.283194] ? kasan_bitops_generic+0x92/0x1c0 [ 27.283221] kasan_bitops_generic+0x116/0x1c0 [ 27.283244] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.283267] ? trace_hardirqs_on+0x37/0xe0 [ 27.283288] ? __pfx_read_tsc+0x10/0x10 [ 27.283311] ? ktime_get_ts64+0x86/0x230 [ 27.283332] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.283359] kunit_try_run_case+0x1a5/0x480 [ 27.283381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.283402] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.283427] ? __kthread_parkme+0x82/0x180 [ 27.283447] ? preempt_count_sub+0x50/0x80 [ 27.283470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.283512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.283538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.283564] kthread+0x337/0x6f0 [ 27.283583] ? trace_preempt_on+0x20/0xc0 [ 27.283606] ? __pfx_kthread+0x10/0x10 [ 27.283627] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.283649] ? calculate_sigpending+0x7b/0xa0 [ 27.283675] ? __pfx_kthread+0x10/0x10 [ 27.283705] ret_from_fork+0x116/0x1d0 [ 27.283724] ? __pfx_kthread+0x10/0x10 [ 27.283746] ret_from_fork_asm+0x1a/0x30 [ 27.283940] </TASK> [ 27.283954] [ 27.294384] Allocated by task 309: [ 27.294581] kasan_save_stack+0x45/0x70 [ 27.294759] kasan_save_track+0x18/0x40 [ 27.295015] kasan_save_alloc_info+0x3b/0x50 [ 27.295171] __kasan_kmalloc+0xb7/0xc0 [ 27.295354] __kmalloc_cache_noprof+0x189/0x420 [ 27.295597] kasan_bitops_generic+0x92/0x1c0 [ 27.295979] kunit_try_run_case+0x1a5/0x480 [ 27.296200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.296403] kthread+0x337/0x6f0 [ 27.296575] ret_from_fork+0x116/0x1d0 [ 27.296837] ret_from_fork_asm+0x1a/0x30 [ 27.297043] [ 27.297140] The buggy address belongs to the object at ffff888105807fa0 [ 27.297140] which belongs to the cache kmalloc-16 of size 16 [ 27.297586] The buggy address is located 8 bytes inside of [ 27.297586] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.298168] [ 27.298263] The buggy address belongs to the physical page: [ 27.298509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.298911] flags: 0x200000000000000(node=0|zone=2) [ 27.299139] page_type: f5(slab) [ 27.299284] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.299569] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.300065] page dumped because: kasan: bad access detected [ 27.300319] [ 27.300388] Memory state around the buggy address: [ 27.300597] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.300980] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.301270] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.301598] ^ [ 27.301856] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.302153] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.302404] ================================================================== [ 27.161344] ================================================================== [ 27.161954] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.162505] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.162827] [ 27.163233] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.163293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.163307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.163330] Call Trace: [ 27.163343] <TASK> [ 27.163363] dump_stack_lvl+0x73/0xb0 [ 27.163396] print_report+0xd1/0x610 [ 27.163420] ? __virt_addr_valid+0x1db/0x2d0 [ 27.163445] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163470] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.163496] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163538] kasan_report+0x141/0x180 [ 27.163560] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163590] kasan_check_range+0x10c/0x1c0 [ 27.163614] __kasan_check_write+0x18/0x20 [ 27.163637] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163663] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.163689] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.163729] ? trace_hardirqs_on+0x37/0xe0 [ 27.163751] ? kasan_bitops_generic+0x92/0x1c0 [ 27.163851] kasan_bitops_generic+0x116/0x1c0 [ 27.163880] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.163903] ? trace_hardirqs_on+0x37/0xe0 [ 27.163926] ? __pfx_read_tsc+0x10/0x10 [ 27.163948] ? ktime_get_ts64+0x86/0x230 [ 27.163971] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.163997] kunit_try_run_case+0x1a5/0x480 [ 27.164020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.164043] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.164067] ? __kthread_parkme+0x82/0x180 [ 27.164088] ? preempt_count_sub+0x50/0x80 [ 27.164112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.164134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.164160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.164185] kthread+0x337/0x6f0 [ 27.164206] ? trace_preempt_on+0x20/0xc0 [ 27.164227] ? __pfx_kthread+0x10/0x10 [ 27.164248] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.164269] ? calculate_sigpending+0x7b/0xa0 [ 27.164294] ? __pfx_kthread+0x10/0x10 [ 27.164315] ret_from_fork+0x116/0x1d0 [ 27.164334] ? __pfx_kthread+0x10/0x10 [ 27.164357] ret_from_fork_asm+0x1a/0x30 [ 27.164389] </TASK> [ 27.164401] [ 27.173118] Allocated by task 309: [ 27.173302] kasan_save_stack+0x45/0x70 [ 27.173544] kasan_save_track+0x18/0x40 [ 27.173721] kasan_save_alloc_info+0x3b/0x50 [ 27.173965] __kasan_kmalloc+0xb7/0xc0 [ 27.174138] __kmalloc_cache_noprof+0x189/0x420 [ 27.174355] kasan_bitops_generic+0x92/0x1c0 [ 27.174652] kunit_try_run_case+0x1a5/0x480 [ 27.174812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.174988] kthread+0x337/0x6f0 [ 27.175104] ret_from_fork+0x116/0x1d0 [ 27.175275] ret_from_fork_asm+0x1a/0x30 [ 27.175467] [ 27.175640] The buggy address belongs to the object at ffff888105807fa0 [ 27.175640] which belongs to the cache kmalloc-16 of size 16 [ 27.176188] The buggy address is located 8 bytes inside of [ 27.176188] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.176820] [ 27.176889] The buggy address belongs to the physical page: [ 27.177060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.177604] flags: 0x200000000000000(node=0|zone=2) [ 27.178093] page_type: f5(slab) [ 27.178279] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.178543] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.178825] page dumped because: kasan: bad access detected [ 27.179155] [ 27.179248] Memory state around the buggy address: [ 27.179468] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.179718] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.179935] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.180211] ^ [ 27.180424] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.180869] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.181398] ================================================================== [ 27.262217] ================================================================== [ 27.262484] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.262938] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.263212] [ 27.263324] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.263372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.263386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.263408] Call Trace: [ 27.263426] <TASK> [ 27.263444] dump_stack_lvl+0x73/0xb0 [ 27.263472] print_report+0xd1/0x610 [ 27.263515] ? __virt_addr_valid+0x1db/0x2d0 [ 27.263539] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.263593] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263618] kasan_report+0x141/0x180 [ 27.263641] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263669] kasan_check_range+0x10c/0x1c0 [ 27.263693] __kasan_check_write+0x18/0x20 [ 27.263725] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263750] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.263971] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.263998] ? trace_hardirqs_on+0x37/0xe0 [ 27.264022] ? kasan_bitops_generic+0x92/0x1c0 [ 27.264050] kasan_bitops_generic+0x116/0x1c0 [ 27.264074] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.264098] ? trace_hardirqs_on+0x37/0xe0 [ 27.264121] ? __pfx_read_tsc+0x10/0x10 [ 27.264142] ? ktime_get_ts64+0x86/0x230 [ 27.264165] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.264190] kunit_try_run_case+0x1a5/0x480 [ 27.264214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.264237] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.264261] ? __kthread_parkme+0x82/0x180 [ 27.264281] ? preempt_count_sub+0x50/0x80 [ 27.264305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.264328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.264352] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.264377] kthread+0x337/0x6f0 [ 27.264398] ? trace_preempt_on+0x20/0xc0 [ 27.264419] ? __pfx_kthread+0x10/0x10 [ 27.264441] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.264462] ? calculate_sigpending+0x7b/0xa0 [ 27.264511] ? __pfx_kthread+0x10/0x10 [ 27.264532] ret_from_fork+0x116/0x1d0 [ 27.264552] ? __pfx_kthread+0x10/0x10 [ 27.264573] ret_from_fork_asm+0x1a/0x30 [ 27.264604] </TASK> [ 27.264616] [ 27.273029] Allocated by task 309: [ 27.273215] kasan_save_stack+0x45/0x70 [ 27.273414] kasan_save_track+0x18/0x40 [ 27.273627] kasan_save_alloc_info+0x3b/0x50 [ 27.273893] __kasan_kmalloc+0xb7/0xc0 [ 27.274032] __kmalloc_cache_noprof+0x189/0x420 [ 27.274188] kasan_bitops_generic+0x92/0x1c0 [ 27.274396] kunit_try_run_case+0x1a5/0x480 [ 27.274619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.274950] kthread+0x337/0x6f0 [ 27.275124] ret_from_fork+0x116/0x1d0 [ 27.275277] ret_from_fork_asm+0x1a/0x30 [ 27.275450] [ 27.275562] The buggy address belongs to the object at ffff888105807fa0 [ 27.275562] which belongs to the cache kmalloc-16 of size 16 [ 27.276242] The buggy address is located 8 bytes inside of [ 27.276242] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.276873] [ 27.276971] The buggy address belongs to the physical page: [ 27.277157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.277399] flags: 0x200000000000000(node=0|zone=2) [ 27.277588] page_type: f5(slab) [ 27.277741] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.278154] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.278488] page dumped because: kasan: bad access detected [ 27.278843] [ 27.278936] Memory state around the buggy address: [ 27.279158] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.279438] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.279753] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.280252] ^ [ 27.280478] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.280847] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.281165] ==================================================================