Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.667212] ================================================================== [ 32.667266] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 32.667399] Read of size 8 at addr fff00000c7b7a968 by task kunit_try_catch/292 [ 32.668624] __asan_report_load8_noabort+0x20/0x30 [ 32.669379] ret_from_fork+0x10/0x20 [ 32.669429] [ 32.670268] kasan_save_track+0x20/0x40 [ 32.670908] kunit_try_run_case+0x170/0x3f0 [ 32.671890] The buggy address is located 8 bytes inside of [ 32.671890] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.673208] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.675755] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 32.677249] kthread+0x328/0x630 [ 32.677292] ret_from_fork+0x10/0x20 [ 32.677341] [ 32.677380] Allocated by task 292: [ 32.677412] kasan_save_stack+0x3c/0x68 [ 32.677705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.678359] The buggy address is located 8 bytes inside of [ 32.678359] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.679412] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.680288] fff00000c7b7a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.682531] [ 32.683100] Call trace: [ 32.683928] kasan_bitops_generic+0x110/0x1c8 [ 32.684162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.684439] kthread+0x328/0x630 [ 32.684527] ret_from_fork+0x10/0x20 [ 32.684580] [ 32.684636] Allocated by task 292: [ 32.684672] kasan_save_stack+0x3c/0x68 [ 32.684717] kasan_save_track+0x20/0x40 [ 32.684885] kasan_save_alloc_info+0x40/0x58 [ 32.685403] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.686033] The buggy address belongs to the object at fff00000c7b7a960 [ 32.686033] which belongs to the cache kmalloc-16 of size 16 [ 32.686824] page_type: f5(slab) [ 32.687037] page dumped because: kasan: bad access detected [ 32.687192] fff00000c7b7a880: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 32.688572] Write of size 8 at addr fff00000c7b7a968 by task kunit_try_catch/292 [ 32.690426] kunit_try_run_case+0x170/0x3f0 [ 32.690770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.691178] kthread+0x328/0x630 [ 32.691546] kasan_save_stack+0x3c/0x68 [ 32.692450] kunit_try_run_case+0x170/0x3f0 [ 32.693396] The buggy address is located 8 bytes inside of [ 32.693396] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.694142] page_type: f5(slab) [ 32.694407] page dumped because: kasan: bad access detected [ 32.694696] ^ [ 32.698200] kasan_report+0xdc/0x128 [ 32.698723] kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 32.699166] kunit_try_run_case+0x170/0x3f0 [ 32.699773] ret_from_fork+0x10/0x20 [ 32.700310] kasan_bitops_generic+0xa0/0x1c8 [ 32.700454] kthread+0x328/0x630 [ 32.700632] The buggy address is located 8 bytes inside of [ 32.700632] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.701723] page dumped because: kasan: bad access detected [ 32.702515] ^ [ 32.703883] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 32.705262] kasan_report+0xdc/0x128 [ 32.705548] kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 32.706315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.707962] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.709050] [ 32.709212] The buggy address is located 8 bytes inside of [ 32.709212] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.709752] page dumped because: kasan: bad access detected [ 32.710120] fff00000c7b7aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.711897] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.712738] kasan_check_range+0x100/0x1a8 [ 32.712789] __kasan_check_write+0x20/0x30 [ 32.713166] kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 32.713453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.715405] kasan_bitops_generic+0xa0/0x1c8 [ 32.715843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.716553] The buggy address is located 8 bytes inside of [ 32.716553] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.717441] page dumped because: kasan: bad access detected [ 32.718169] >fff00000c7b7a900: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.719799] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 32.720543] kasan_report+0xdc/0x128 [ 32.720802] kunit_try_run_case+0x170/0x3f0 [ 32.721310] kasan_bitops_generic+0xa0/0x1c8 [ 32.721516] [ 32.721666] [ 32.721721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107b7a [ 32.723295] ^ [ 32.724697] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 32.725470] dump_stack_lvl+0x8c/0xd0 [ 32.725520] print_report+0x118/0x5e8 [ 32.725774] kasan_report+0xdc/0x128 [ 32.726125] kasan_bitops_generic+0x110/0x1c8 [ 32.727128] kasan_save_stack+0x3c/0x68 [ 32.727896] kasan_bitops_generic+0xa0/0x1c8 [ 32.728345] kthread+0x328/0x630 [ 32.728766] The buggy address is located 8 bytes inside of [ 32.728766] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.729895] page_type: f5(slab) [ 32.730417] page dumped because: kasan: bad access detected [ 32.730802] fff00000c7b7a880: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 32.734526] Write of size 8 at addr fff00000c7b7a968 by task kunit_try_catch/292 [ 32.735072] show_stack+0x20/0x38 (C) [ 32.735136] dump_stack_lvl+0x8c/0xd0 [ 32.735294] print_report+0x118/0x5e8 [ 32.735354] kasan_report+0xdc/0x128 [ 32.735428] kasan_check_range+0x100/0x1a8 [ 32.735531] kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 32.735921] kasan_save_stack+0x3c/0x68 [ 32.736056] __kasan_kmalloc+0xd4/0xd8 [ 32.736094] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.736264] kthread+0x328/0x630 [ 32.736357] The buggy address belongs to the object at fff00000c7b7a960 [ 32.736357] which belongs to the cache kmalloc-16 of size 16 [ 32.736593] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.736733] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.737954] ^ [ 32.739548] Read of size 8 at addr fff00000c7b7a968 by task kunit_try_catch/292 [ 32.739861] Hardware name: linux,dummy-virt (DT) [ 32.739899] Call trace: [ 32.740444] __asan_report_load8_noabort+0x20/0x30 [ 32.741301] kthread+0x328/0x630 [ 32.742198] __kasan_kmalloc+0xd4/0xd8 [ 32.743164] kthread+0x328/0x630 [ 32.743391] [ 32.743590] The buggy address is located 8 bytes inside of [ 32.743590] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.744782] [ 32.745498] ^ [ 32.746806] ================================================================== [ 32.660058] ================================================================== [ 32.660119] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 32.660178] Write of size 8 at addr fff00000c7b7a968 by task kunit_try_catch/292 [ 32.660229] [ 32.660265] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 32.660355] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.660387] Hardware name: linux,dummy-virt (DT) [ 32.660420] Call trace: [ 32.660444] show_stack+0x20/0x38 (C) [ 32.660494] dump_stack_lvl+0x8c/0xd0 [ 32.660541] print_report+0x118/0x5e8 [ 32.660586] kasan_report+0xdc/0x128 [ 32.660630] kasan_check_range+0x100/0x1a8 [ 32.660678] __kasan_check_write+0x20/0x30 [ 32.660725] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 32.660779] kasan_bitops_generic+0x110/0x1c8 [ 32.661201] kunit_try_run_case+0x170/0x3f0 [ 32.661565] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.661659] kthread+0x328/0x630 [ 32.661706] ret_from_fork+0x10/0x20 [ 32.662425] [ 32.662480] Allocated by task 292: [ 32.662589] kasan_save_stack+0x3c/0x68 [ 32.662676] kasan_save_track+0x20/0x40 [ 32.662822] kasan_save_alloc_info+0x40/0x58 [ 32.662879] __kasan_kmalloc+0xd4/0xd8 [ 32.663231] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.663311] kasan_bitops_generic+0xa0/0x1c8 [ 32.663411] kunit_try_run_case+0x170/0x3f0 [ 32.663482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.663616] kthread+0x328/0x630 [ 32.663794] ret_from_fork+0x10/0x20 [ 32.663860] [ 32.663882] The buggy address belongs to the object at fff00000c7b7a960 [ 32.663882] which belongs to the cache kmalloc-16 of size 16 [ 32.663961] The buggy address is located 8 bytes inside of [ 32.663961] allocated 9-byte region [fff00000c7b7a960, fff00000c7b7a969) [ 32.664313] [ 32.664372] The buggy address belongs to the physical page: [ 32.664465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107b7a [ 32.664580] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.664713] page_type: f5(slab) [ 32.664787] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.664990] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.665176] page dumped because: kasan: bad access detected [ 32.665231] [ 32.665311] Memory state around the buggy address: [ 32.665389] fff00000c7b7a800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.665499] fff00000c7b7a880: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 32.665632] >fff00000c7b7a900: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.665711] ^ [ 32.665820] fff00000c7b7a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.665893] fff00000c7b7aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.665948] ==================================================================
[ 27.213313] ================================================================== [ 27.214052] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.214670] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.215015] [ 27.215110] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.215159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.215182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.215204] Call Trace: [ 27.215218] <TASK> [ 27.215233] dump_stack_lvl+0x73/0xb0 [ 27.215262] print_report+0xd1/0x640 [ 27.215286] ? __virt_addr_valid+0x1db/0x2d0 [ 27.215309] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.215374] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215400] kasan_report+0x141/0x180 [ 27.215435] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215477] kasan_check_range+0x10c/0x1c0 [ 27.215503] __kasan_check_write+0x18/0x20 [ 27.215527] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215553] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.215628] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.215667] ? trace_hardirqs_on+0x37/0xe0 [ 27.215689] ? kasan_bitops_generic+0x92/0x1c0 [ 27.215718] kasan_bitops_generic+0x116/0x1c0 [ 27.215743] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.215768] ? __pfx_read_tsc+0x10/0x10 [ 27.215790] ? ktime_get_ts64+0x86/0x230 [ 27.215813] kunit_try_run_case+0x1a5/0x480 [ 27.215860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.215884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.215910] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.215947] ? __kthread_parkme+0x82/0x180 [ 27.215967] ? preempt_count_sub+0x50/0x80 [ 27.215990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.216015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.216048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.216072] kthread+0x337/0x6f0 [ 27.216092] ? trace_preempt_on+0x20/0xc0 [ 27.216127] ? __pfx_kthread+0x10/0x10 [ 27.216149] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.216183] ? calculate_sigpending+0x7b/0xa0 [ 27.216207] ? __pfx_kthread+0x10/0x10 [ 27.216237] ret_from_fork+0x116/0x1d0 [ 27.216257] ? __pfx_kthread+0x10/0x10 [ 27.216279] ret_from_fork_asm+0x1a/0x30 [ 27.216320] </TASK> [ 27.216331] [ 27.225125] Allocated by task 309: [ 27.225256] kasan_save_stack+0x45/0x70 [ 27.225541] kasan_save_track+0x18/0x40 [ 27.225943] kasan_save_alloc_info+0x3b/0x50 [ 27.226175] __kasan_kmalloc+0xb7/0xc0 [ 27.226363] __kmalloc_cache_noprof+0x189/0x420 [ 27.226799] kasan_bitops_generic+0x92/0x1c0 [ 27.227028] kunit_try_run_case+0x1a5/0x480 [ 27.227305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.227727] kthread+0x337/0x6f0 [ 27.227916] ret_from_fork+0x116/0x1d0 [ 27.228053] ret_from_fork_asm+0x1a/0x30 [ 27.228275] [ 27.228369] The buggy address belongs to the object at ffff888104919c80 [ 27.228369] which belongs to the cache kmalloc-16 of size 16 [ 27.229175] The buggy address is located 8 bytes inside of [ 27.229175] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.229796] [ 27.229890] The buggy address belongs to the physical page: [ 27.230070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.230792] flags: 0x200000000000000(node=0|zone=2) [ 27.231071] page_type: f5(slab) [ 27.231335] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.231816] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.232156] page dumped because: kasan: bad access detected [ 27.232358] [ 27.232427] Memory state around the buggy address: [ 27.232821] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.233226] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.233601] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.233877] ^ [ 27.234257] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.234625] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.235003] ================================================================== [ 27.235592] ================================================================== [ 27.236114] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.236507] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.236878] [ 27.237000] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.237048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.237073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.237094] Call Trace: [ 27.237108] <TASK> [ 27.237122] dump_stack_lvl+0x73/0xb0 [ 27.237162] print_report+0xd1/0x640 [ 27.237208] ? __virt_addr_valid+0x1db/0x2d0 [ 27.237232] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.237297] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237324] kasan_report+0x141/0x180 [ 27.237347] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237377] kasan_check_range+0x10c/0x1c0 [ 27.237402] __kasan_check_write+0x18/0x20 [ 27.237425] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237598] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.237638] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.237664] ? trace_hardirqs_on+0x37/0xe0 [ 27.237687] ? kasan_bitops_generic+0x92/0x1c0 [ 27.237715] kasan_bitops_generic+0x116/0x1c0 [ 27.237739] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.237765] ? __pfx_read_tsc+0x10/0x10 [ 27.237788] ? ktime_get_ts64+0x86/0x230 [ 27.237812] kunit_try_run_case+0x1a5/0x480 [ 27.237853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237878] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.237905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.237930] ? __kthread_parkme+0x82/0x180 [ 27.237950] ? preempt_count_sub+0x50/0x80 [ 27.237974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.238023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.238048] kthread+0x337/0x6f0 [ 27.238068] ? trace_preempt_on+0x20/0xc0 [ 27.238092] ? __pfx_kthread+0x10/0x10 [ 27.238113] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.238137] ? calculate_sigpending+0x7b/0xa0 [ 27.238161] ? __pfx_kthread+0x10/0x10 [ 27.238182] ret_from_fork+0x116/0x1d0 [ 27.238203] ? __pfx_kthread+0x10/0x10 [ 27.238224] ret_from_fork_asm+0x1a/0x30 [ 27.238256] </TASK> [ 27.238267] [ 27.247230] Allocated by task 309: [ 27.247416] kasan_save_stack+0x45/0x70 [ 27.247674] kasan_save_track+0x18/0x40 [ 27.247880] kasan_save_alloc_info+0x3b/0x50 [ 27.248030] __kasan_kmalloc+0xb7/0xc0 [ 27.248163] __kmalloc_cache_noprof+0x189/0x420 [ 27.248416] kasan_bitops_generic+0x92/0x1c0 [ 27.248921] kunit_try_run_case+0x1a5/0x480 [ 27.249119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.249297] kthread+0x337/0x6f0 [ 27.249520] ret_from_fork+0x116/0x1d0 [ 27.249746] ret_from_fork_asm+0x1a/0x30 [ 27.249973] [ 27.250074] The buggy address belongs to the object at ffff888104919c80 [ 27.250074] which belongs to the cache kmalloc-16 of size 16 [ 27.250739] The buggy address is located 8 bytes inside of [ 27.250739] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.251288] [ 27.251405] The buggy address belongs to the physical page: [ 27.251722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.252101] flags: 0x200000000000000(node=0|zone=2) [ 27.252398] page_type: f5(slab) [ 27.252586] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.252826] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.253199] page dumped because: kasan: bad access detected [ 27.253639] [ 27.253746] Memory state around the buggy address: [ 27.253988] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.254274] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.254661] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.255035] ^ [ 27.255261] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.255653] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.255967] ================================================================== [ 27.128450] ================================================================== [ 27.129256] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.129764] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.130086] [ 27.130173] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.130231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.130244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.130266] Call Trace: [ 27.130290] <TASK> [ 27.130303] dump_stack_lvl+0x73/0xb0 [ 27.130332] print_report+0xd1/0x640 [ 27.130356] ? __virt_addr_valid+0x1db/0x2d0 [ 27.130380] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130406] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.130442] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130469] kasan_report+0x141/0x180 [ 27.130492] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130542] kasan_check_range+0x10c/0x1c0 [ 27.130568] __kasan_check_write+0x18/0x20 [ 27.130593] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130620] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.130697] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.130737] ? trace_hardirqs_on+0x37/0xe0 [ 27.130759] ? kasan_bitops_generic+0x92/0x1c0 [ 27.130788] kasan_bitops_generic+0x116/0x1c0 [ 27.130821] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.130862] ? __pfx_read_tsc+0x10/0x10 [ 27.130885] ? ktime_get_ts64+0x86/0x230 [ 27.130910] kunit_try_run_case+0x1a5/0x480 [ 27.130935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.130959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.130987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.131014] ? __kthread_parkme+0x82/0x180 [ 27.131035] ? preempt_count_sub+0x50/0x80 [ 27.131059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.131084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.131108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.131133] kthread+0x337/0x6f0 [ 27.131154] ? trace_preempt_on+0x20/0xc0 [ 27.131186] ? __pfx_kthread+0x10/0x10 [ 27.131216] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.131240] ? calculate_sigpending+0x7b/0xa0 [ 27.131264] ? __pfx_kthread+0x10/0x10 [ 27.131296] ret_from_fork+0x116/0x1d0 [ 27.131318] ? __pfx_kthread+0x10/0x10 [ 27.131339] ret_from_fork_asm+0x1a/0x30 [ 27.131371] </TASK> [ 27.131383] [ 27.140116] Allocated by task 309: [ 27.140370] kasan_save_stack+0x45/0x70 [ 27.140841] kasan_save_track+0x18/0x40 [ 27.141057] kasan_save_alloc_info+0x3b/0x50 [ 27.141267] __kasan_kmalloc+0xb7/0xc0 [ 27.141593] __kmalloc_cache_noprof+0x189/0x420 [ 27.141959] kasan_bitops_generic+0x92/0x1c0 [ 27.142123] kunit_try_run_case+0x1a5/0x480 [ 27.142608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.142886] kthread+0x337/0x6f0 [ 27.143057] ret_from_fork+0x116/0x1d0 [ 27.143276] ret_from_fork_asm+0x1a/0x30 [ 27.143520] [ 27.143601] The buggy address belongs to the object at ffff888104919c80 [ 27.143601] which belongs to the cache kmalloc-16 of size 16 [ 27.144023] The buggy address is located 8 bytes inside of [ 27.144023] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.144757] [ 27.145070] The buggy address belongs to the physical page: [ 27.145300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.145858] flags: 0x200000000000000(node=0|zone=2) [ 27.146031] page_type: f5(slab) [ 27.146172] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.146609] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.146979] page dumped because: kasan: bad access detected [ 27.147216] [ 27.147382] Memory state around the buggy address: [ 27.147670] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.148003] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.148293] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.148742] ^ [ 27.148938] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.149275] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.149687] ================================================================== [ 27.086766] ================================================================== [ 27.087250] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.087938] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.088241] [ 27.088420] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.088473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.088486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.088508] Call Trace: [ 27.088521] <TASK> [ 27.088538] dump_stack_lvl+0x73/0xb0 [ 27.088608] print_report+0xd1/0x640 [ 27.088632] ? __virt_addr_valid+0x1db/0x2d0 [ 27.088699] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088728] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.088755] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088782] kasan_report+0x141/0x180 [ 27.088806] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088858] kasan_check_range+0x10c/0x1c0 [ 27.088891] __kasan_check_write+0x18/0x20 [ 27.088926] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088954] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.088982] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.089007] ? trace_hardirqs_on+0x37/0xe0 [ 27.089030] ? kasan_bitops_generic+0x92/0x1c0 [ 27.089067] kasan_bitops_generic+0x116/0x1c0 [ 27.089092] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.089129] ? __pfx_read_tsc+0x10/0x10 [ 27.089152] ? ktime_get_ts64+0x86/0x230 [ 27.089188] kunit_try_run_case+0x1a5/0x480 [ 27.089214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.089241] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.089268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.089295] ? __kthread_parkme+0x82/0x180 [ 27.089316] ? preempt_count_sub+0x50/0x80 [ 27.089340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.089366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.089390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.089415] kthread+0x337/0x6f0 [ 27.089436] ? trace_preempt_on+0x20/0xc0 [ 27.089505] ? __pfx_kthread+0x10/0x10 [ 27.089529] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.089554] ? calculate_sigpending+0x7b/0xa0 [ 27.089579] ? __pfx_kthread+0x10/0x10 [ 27.089602] ret_from_fork+0x116/0x1d0 [ 27.089623] ? __pfx_kthread+0x10/0x10 [ 27.089645] ret_from_fork_asm+0x1a/0x30 [ 27.089677] </TASK> [ 27.089689] [ 27.098201] Allocated by task 309: [ 27.098383] kasan_save_stack+0x45/0x70 [ 27.098599] kasan_save_track+0x18/0x40 [ 27.098791] kasan_save_alloc_info+0x3b/0x50 [ 27.099091] __kasan_kmalloc+0xb7/0xc0 [ 27.099333] __kmalloc_cache_noprof+0x189/0x420 [ 27.099622] kasan_bitops_generic+0x92/0x1c0 [ 27.099853] kunit_try_run_case+0x1a5/0x480 [ 27.100044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.100338] kthread+0x337/0x6f0 [ 27.100524] ret_from_fork+0x116/0x1d0 [ 27.100756] ret_from_fork_asm+0x1a/0x30 [ 27.100955] [ 27.101028] The buggy address belongs to the object at ffff888104919c80 [ 27.101028] which belongs to the cache kmalloc-16 of size 16 [ 27.101540] The buggy address is located 8 bytes inside of [ 27.101540] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.102175] [ 27.102362] The buggy address belongs to the physical page: [ 27.102699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.103078] flags: 0x200000000000000(node=0|zone=2) [ 27.103298] page_type: f5(slab) [ 27.103538] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.103890] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.104203] page dumped because: kasan: bad access detected [ 27.104445] [ 27.104612] Memory state around the buggy address: [ 27.104811] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.105141] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.105452] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.105670] ^ [ 27.105793] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.106118] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.106722] ================================================================== [ 27.150180] ================================================================== [ 27.150555] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.150961] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.151283] [ 27.151368] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.151416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.151429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.151450] Call Trace: [ 27.151514] <TASK> [ 27.151531] dump_stack_lvl+0x73/0xb0 [ 27.151560] print_report+0xd1/0x640 [ 27.151595] ? __virt_addr_valid+0x1db/0x2d0 [ 27.151619] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151658] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.151686] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151712] kasan_report+0x141/0x180 [ 27.151735] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151767] kasan_check_range+0x10c/0x1c0 [ 27.151791] __kasan_check_write+0x18/0x20 [ 27.151816] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151861] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.151889] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.151924] ? trace_hardirqs_on+0x37/0xe0 [ 27.151947] ? kasan_bitops_generic+0x92/0x1c0 [ 27.151976] kasan_bitops_generic+0x116/0x1c0 [ 27.152009] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.152036] ? __pfx_read_tsc+0x10/0x10 [ 27.152059] ? ktime_get_ts64+0x86/0x230 [ 27.152094] kunit_try_run_case+0x1a5/0x480 [ 27.152120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.152144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.152170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.152205] ? __kthread_parkme+0x82/0x180 [ 27.152226] ? preempt_count_sub+0x50/0x80 [ 27.152250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.152286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.152310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.152334] kthread+0x337/0x6f0 [ 27.152355] ? trace_preempt_on+0x20/0xc0 [ 27.152378] ? __pfx_kthread+0x10/0x10 [ 27.152400] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.152424] ? calculate_sigpending+0x7b/0xa0 [ 27.152448] ? __pfx_kthread+0x10/0x10 [ 27.152479] ret_from_fork+0x116/0x1d0 [ 27.152509] ? __pfx_kthread+0x10/0x10 [ 27.152531] ret_from_fork_asm+0x1a/0x30 [ 27.152668] </TASK> [ 27.152684] [ 27.161625] Allocated by task 309: [ 27.161814] kasan_save_stack+0x45/0x70 [ 27.162030] kasan_save_track+0x18/0x40 [ 27.162368] kasan_save_alloc_info+0x3b/0x50 [ 27.162703] __kasan_kmalloc+0xb7/0xc0 [ 27.162895] __kmalloc_cache_noprof+0x189/0x420 [ 27.163069] kasan_bitops_generic+0x92/0x1c0 [ 27.163369] kunit_try_run_case+0x1a5/0x480 [ 27.163772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.164062] kthread+0x337/0x6f0 [ 27.164260] ret_from_fork+0x116/0x1d0 [ 27.164443] ret_from_fork_asm+0x1a/0x30 [ 27.164734] [ 27.164806] The buggy address belongs to the object at ffff888104919c80 [ 27.164806] which belongs to the cache kmalloc-16 of size 16 [ 27.165401] The buggy address is located 8 bytes inside of [ 27.165401] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.166047] [ 27.166134] The buggy address belongs to the physical page: [ 27.166745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.167029] flags: 0x200000000000000(node=0|zone=2) [ 27.167197] page_type: f5(slab) [ 27.167319] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.167554] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.167783] page dumped because: kasan: bad access detected [ 27.168039] [ 27.168129] Memory state around the buggy address: [ 27.168510] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.168826] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.169152] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.169392] ^ [ 27.169513] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.169737] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.169962] ================================================================== [ 27.191923] ================================================================== [ 27.192562] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.192842] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.193269] [ 27.193386] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.193432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.193445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.193466] Call Trace: [ 27.193480] <TASK> [ 27.193508] dump_stack_lvl+0x73/0xb0 [ 27.193536] print_report+0xd1/0x640 [ 27.193561] ? __virt_addr_valid+0x1db/0x2d0 [ 27.193733] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193761] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.193803] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193842] kasan_report+0x141/0x180 [ 27.193868] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193908] kasan_check_range+0x10c/0x1c0 [ 27.193933] __kasan_check_write+0x18/0x20 [ 27.193968] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193994] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.194021] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.194045] ? trace_hardirqs_on+0x37/0xe0 [ 27.194077] ? kasan_bitops_generic+0x92/0x1c0 [ 27.194105] kasan_bitops_generic+0x116/0x1c0 [ 27.194140] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.194167] ? __pfx_read_tsc+0x10/0x10 [ 27.194189] ? ktime_get_ts64+0x86/0x230 [ 27.194213] kunit_try_run_case+0x1a5/0x480 [ 27.194238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.194271] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.194296] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.194322] ? __kthread_parkme+0x82/0x180 [ 27.194353] ? preempt_count_sub+0x50/0x80 [ 27.194377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.194402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.194435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.194460] kthread+0x337/0x6f0 [ 27.194480] ? trace_preempt_on+0x20/0xc0 [ 27.194525] ? __pfx_kthread+0x10/0x10 [ 27.194546] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.194570] ? calculate_sigpending+0x7b/0xa0 [ 27.194600] ? __pfx_kthread+0x10/0x10 [ 27.194622] ret_from_fork+0x116/0x1d0 [ 27.194643] ? __pfx_kthread+0x10/0x10 [ 27.194664] ret_from_fork_asm+0x1a/0x30 [ 27.194695] </TASK> [ 27.194706] [ 27.203894] Allocated by task 309: [ 27.204072] kasan_save_stack+0x45/0x70 [ 27.204370] kasan_save_track+0x18/0x40 [ 27.204815] kasan_save_alloc_info+0x3b/0x50 [ 27.205054] __kasan_kmalloc+0xb7/0xc0 [ 27.205316] __kmalloc_cache_noprof+0x189/0x420 [ 27.205739] kasan_bitops_generic+0x92/0x1c0 [ 27.205985] kunit_try_run_case+0x1a5/0x480 [ 27.206158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.206404] kthread+0x337/0x6f0 [ 27.206762] ret_from_fork+0x116/0x1d0 [ 27.206922] ret_from_fork_asm+0x1a/0x30 [ 27.207064] [ 27.207132] The buggy address belongs to the object at ffff888104919c80 [ 27.207132] which belongs to the cache kmalloc-16 of size 16 [ 27.208038] The buggy address is located 8 bytes inside of [ 27.208038] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.208708] [ 27.208787] The buggy address belongs to the physical page: [ 27.208987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.209232] flags: 0x200000000000000(node=0|zone=2) [ 27.209396] page_type: f5(slab) [ 27.209514] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.209850] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.210195] page dumped because: kasan: bad access detected [ 27.210490] [ 27.210580] Memory state around the buggy address: [ 27.210803] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.211131] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.211447] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.211761] ^ [ 27.212028] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.212549] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.212763] ================================================================== [ 27.170432] ================================================================== [ 27.171238] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.171821] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.172176] [ 27.172281] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.172328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.172341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.172361] Call Trace: [ 27.172378] <TASK> [ 27.172393] dump_stack_lvl+0x73/0xb0 [ 27.172420] print_report+0xd1/0x640 [ 27.172443] ? __virt_addr_valid+0x1db/0x2d0 [ 27.172466] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172493] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.172519] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172546] kasan_report+0x141/0x180 [ 27.172569] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172600] kasan_check_range+0x10c/0x1c0 [ 27.172625] __kasan_check_write+0x18/0x20 [ 27.172649] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172675] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.172703] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.172728] ? trace_hardirqs_on+0x37/0xe0 [ 27.172752] ? kasan_bitops_generic+0x92/0x1c0 [ 27.172780] kasan_bitops_generic+0x116/0x1c0 [ 27.172805] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.172840] ? __pfx_read_tsc+0x10/0x10 [ 27.172863] ? ktime_get_ts64+0x86/0x230 [ 27.172894] kunit_try_run_case+0x1a5/0x480 [ 27.172919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.172943] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.172969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.172996] ? __kthread_parkme+0x82/0x180 [ 27.173016] ? preempt_count_sub+0x50/0x80 [ 27.173040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.173065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.173091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.173118] kthread+0x337/0x6f0 [ 27.173141] ? trace_preempt_on+0x20/0xc0 [ 27.173165] ? __pfx_kthread+0x10/0x10 [ 27.173257] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.173282] ? calculate_sigpending+0x7b/0xa0 [ 27.173318] ? __pfx_kthread+0x10/0x10 [ 27.173342] ret_from_fork+0x116/0x1d0 [ 27.173364] ? __pfx_kthread+0x10/0x10 [ 27.173386] ret_from_fork_asm+0x1a/0x30 [ 27.173418] </TASK> [ 27.173429] [ 27.183003] Allocated by task 309: [ 27.183176] kasan_save_stack+0x45/0x70 [ 27.183390] kasan_save_track+0x18/0x40 [ 27.183616] kasan_save_alloc_info+0x3b/0x50 [ 27.183827] __kasan_kmalloc+0xb7/0xc0 [ 27.184049] __kmalloc_cache_noprof+0x189/0x420 [ 27.184262] kasan_bitops_generic+0x92/0x1c0 [ 27.184414] kunit_try_run_case+0x1a5/0x480 [ 27.184560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.184736] kthread+0x337/0x6f0 [ 27.184874] ret_from_fork+0x116/0x1d0 [ 27.185007] ret_from_fork_asm+0x1a/0x30 [ 27.185146] [ 27.185214] The buggy address belongs to the object at ffff888104919c80 [ 27.185214] which belongs to the cache kmalloc-16 of size 16 [ 27.185690] The buggy address is located 8 bytes inside of [ 27.185690] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.186646] [ 27.186748] The buggy address belongs to the physical page: [ 27.187019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.187417] flags: 0x200000000000000(node=0|zone=2) [ 27.187588] page_type: f5(slab) [ 27.187707] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.187949] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.188179] page dumped because: kasan: bad access detected [ 27.188349] [ 27.188415] Memory state around the buggy address: [ 27.188942] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.189417] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.189979] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.190598] ^ [ 27.190810] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.191186] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.191537] ================================================================== [ 27.107393] ================================================================== [ 27.108283] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.108874] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.109158] [ 27.109266] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.109313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.109326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.109349] Call Trace: [ 27.109363] <TASK> [ 27.109378] dump_stack_lvl+0x73/0xb0 [ 27.109408] print_report+0xd1/0x640 [ 27.109433] ? __virt_addr_valid+0x1db/0x2d0 [ 27.109457] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.109578] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109618] kasan_report+0x141/0x180 [ 27.109643] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109675] kasan_check_range+0x10c/0x1c0 [ 27.109710] __kasan_check_write+0x18/0x20 [ 27.109735] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109773] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.109802] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.109827] ? trace_hardirqs_on+0x37/0xe0 [ 27.109860] ? kasan_bitops_generic+0x92/0x1c0 [ 27.109897] kasan_bitops_generic+0x116/0x1c0 [ 27.109923] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.109949] ? __pfx_read_tsc+0x10/0x10 [ 27.109983] ? ktime_get_ts64+0x86/0x230 [ 27.110007] kunit_try_run_case+0x1a5/0x480 [ 27.110033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.110065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.110091] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.110118] ? __kthread_parkme+0x82/0x180 [ 27.110150] ? preempt_count_sub+0x50/0x80 [ 27.110184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.110209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.110233] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.110268] kthread+0x337/0x6f0 [ 27.110289] ? trace_preempt_on+0x20/0xc0 [ 27.110312] ? __pfx_kthread+0x10/0x10 [ 27.110344] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.110368] ? calculate_sigpending+0x7b/0xa0 [ 27.110392] ? __pfx_kthread+0x10/0x10 [ 27.110414] ret_from_fork+0x116/0x1d0 [ 27.110445] ? __pfx_kthread+0x10/0x10 [ 27.110467] ret_from_fork_asm+0x1a/0x30 [ 27.110508] </TASK> [ 27.110561] [ 27.119528] Allocated by task 309: [ 27.119866] kasan_save_stack+0x45/0x70 [ 27.120080] kasan_save_track+0x18/0x40 [ 27.120279] kasan_save_alloc_info+0x3b/0x50 [ 27.120577] __kasan_kmalloc+0xb7/0xc0 [ 27.120771] __kmalloc_cache_noprof+0x189/0x420 [ 27.121031] kasan_bitops_generic+0x92/0x1c0 [ 27.121252] kunit_try_run_case+0x1a5/0x480 [ 27.121455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.121822] kthread+0x337/0x6f0 [ 27.121960] ret_from_fork+0x116/0x1d0 [ 27.122097] ret_from_fork_asm+0x1a/0x30 [ 27.122263] [ 27.122358] The buggy address belongs to the object at ffff888104919c80 [ 27.122358] which belongs to the cache kmalloc-16 of size 16 [ 27.122863] The buggy address is located 8 bytes inside of [ 27.122863] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.123577] [ 27.123700] The buggy address belongs to the physical page: [ 27.123978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.124362] flags: 0x200000000000000(node=0|zone=2) [ 27.124621] page_type: f5(slab) [ 27.124842] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.125234] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.125568] page dumped because: kasan: bad access detected [ 27.125910] [ 27.126008] Memory state around the buggy address: [ 27.126234] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.126648] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.126973] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.127191] ^ [ 27.127313] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.127530] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.127876] ==================================================================