Date
July 24, 2025, 4:41 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 29.059938] ================================================================== [ 29.060270] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.060644] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.061162] [ 29.061277] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.061329] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.061342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.061364] Call Trace: [ 29.061385] <TASK> [ 29.061404] dump_stack_lvl+0x73/0xb0 [ 29.061433] print_report+0xd1/0x640 [ 29.061457] ? __virt_addr_valid+0x1db/0x2d0 [ 29.061482] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061506] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.061532] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061557] kasan_report+0x141/0x180 [ 29.061591] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061660] kasan_check_range+0x10c/0x1c0 [ 29.061686] __kasan_check_write+0x18/0x20 [ 29.061709] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061735] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.061760] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.062006] ? trace_hardirqs_on+0x37/0xe0 [ 29.062032] ? kasan_bitops_generic+0x92/0x1c0 [ 29.062059] kasan_bitops_generic+0x116/0x1c0 [ 29.062085] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.062145] ? __pfx_read_tsc+0x10/0x10 [ 29.062168] ? ktime_get_ts64+0x86/0x230 [ 29.062193] kunit_try_run_case+0x1a5/0x480 [ 29.062218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.062240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.062297] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.062322] ? __kthread_parkme+0x82/0x180 [ 29.062342] ? preempt_count_sub+0x50/0x80 [ 29.062365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.062388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.062441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.062465] kthread+0x337/0x6f0 [ 29.062485] ? trace_preempt_on+0x20/0xc0 [ 29.062508] ? __pfx_kthread+0x10/0x10 [ 29.062527] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.062550] ? calculate_sigpending+0x7b/0xa0 [ 29.062615] ? __pfx_kthread+0x10/0x10 [ 29.062636] ret_from_fork+0x116/0x1d0 [ 29.062656] ? __pfx_kthread+0x10/0x10 [ 29.062676] ret_from_fork_asm+0x1a/0x30 [ 29.062708] </TASK> [ 29.062719] [ 29.071387] Allocated by task 309: [ 29.071568] kasan_save_stack+0x45/0x70 [ 29.071846] kasan_save_track+0x18/0x40 [ 29.072095] kasan_save_alloc_info+0x3b/0x50 [ 29.072305] __kasan_kmalloc+0xb7/0xc0 [ 29.072493] __kmalloc_cache_noprof+0x189/0x420 [ 29.072730] kasan_bitops_generic+0x92/0x1c0 [ 29.073003] kunit_try_run_case+0x1a5/0x480 [ 29.073236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.073474] kthread+0x337/0x6f0 [ 29.073642] ret_from_fork+0x116/0x1d0 [ 29.073846] ret_from_fork_asm+0x1a/0x30 [ 29.074115] [ 29.074199] The buggy address belongs to the object at ffff888104625b80 [ 29.074199] which belongs to the cache kmalloc-16 of size 16 [ 29.074709] The buggy address is located 8 bytes inside of [ 29.074709] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.075439] [ 29.075585] The buggy address belongs to the physical page: [ 29.075882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.076361] flags: 0x200000000000000(node=0|zone=2) [ 29.076602] page_type: f5(slab) [ 29.076850] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.077263] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.077604] page dumped because: kasan: bad access detected [ 29.077905] [ 29.078045] Memory state around the buggy address: [ 29.078328] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.078659] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.079172] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.079411] ^ [ 29.079593] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.080264] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.080568] ================================================================== [ 29.038660] ================================================================== [ 29.039315] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.039735] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.040140] [ 29.040251] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.040339] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.040354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.040376] Call Trace: [ 29.040396] <TASK> [ 29.040416] dump_stack_lvl+0x73/0xb0 [ 29.040446] print_report+0xd1/0x640 [ 29.040469] ? __virt_addr_valid+0x1db/0x2d0 [ 29.040512] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040538] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.040563] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040601] kasan_report+0x141/0x180 [ 29.040623] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040653] kasan_check_range+0x10c/0x1c0 [ 29.040675] __kasan_check_write+0x18/0x20 [ 29.040716] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040741] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.040767] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.040954] ? trace_hardirqs_on+0x37/0xe0 [ 29.040986] ? kasan_bitops_generic+0x92/0x1c0 [ 29.041014] kasan_bitops_generic+0x116/0x1c0 [ 29.041067] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.041091] ? __pfx_read_tsc+0x10/0x10 [ 29.041114] ? ktime_get_ts64+0x86/0x230 [ 29.041156] kunit_try_run_case+0x1a5/0x480 [ 29.041182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.041205] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.041231] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.041257] ? __kthread_parkme+0x82/0x180 [ 29.041277] ? preempt_count_sub+0x50/0x80 [ 29.041301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.041343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.041366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.041390] kthread+0x337/0x6f0 [ 29.041409] ? trace_preempt_on+0x20/0xc0 [ 29.041431] ? __pfx_kthread+0x10/0x10 [ 29.041452] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.041476] ? calculate_sigpending+0x7b/0xa0 [ 29.041516] ? __pfx_kthread+0x10/0x10 [ 29.041537] ret_from_fork+0x116/0x1d0 [ 29.041570] ? __pfx_kthread+0x10/0x10 [ 29.041601] ret_from_fork_asm+0x1a/0x30 [ 29.041648] </TASK> [ 29.041671] [ 29.050458] Allocated by task 309: [ 29.050685] kasan_save_stack+0x45/0x70 [ 29.050958] kasan_save_track+0x18/0x40 [ 29.051131] kasan_save_alloc_info+0x3b/0x50 [ 29.051275] __kasan_kmalloc+0xb7/0xc0 [ 29.051397] __kmalloc_cache_noprof+0x189/0x420 [ 29.051625] kasan_bitops_generic+0x92/0x1c0 [ 29.051835] kunit_try_run_case+0x1a5/0x480 [ 29.052253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.052525] kthread+0x337/0x6f0 [ 29.052705] ret_from_fork+0x116/0x1d0 [ 29.052960] ret_from_fork_asm+0x1a/0x30 [ 29.053197] [ 29.053286] The buggy address belongs to the object at ffff888104625b80 [ 29.053286] which belongs to the cache kmalloc-16 of size 16 [ 29.053731] The buggy address is located 8 bytes inside of [ 29.053731] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.054310] [ 29.054566] The buggy address belongs to the physical page: [ 29.055012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.055402] flags: 0x200000000000000(node=0|zone=2) [ 29.055673] page_type: f5(slab) [ 29.055861] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.056246] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.056584] page dumped because: kasan: bad access detected [ 29.056906] [ 29.057041] Memory state around the buggy address: [ 29.057251] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.057558] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.057893] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.058427] ^ [ 29.058648] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.059098] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.059445] ================================================================== [ 28.924766] ================================================================== [ 28.925290] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.925986] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.926415] [ 28.926751] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.926950] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.926969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.926993] Call Trace: [ 28.927007] <TASK> [ 28.927027] dump_stack_lvl+0x73/0xb0 [ 28.927056] print_report+0xd1/0x640 [ 28.927080] ? __virt_addr_valid+0x1db/0x2d0 [ 28.927104] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.927155] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927180] kasan_report+0x141/0x180 [ 28.927202] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927232] kasan_check_range+0x10c/0x1c0 [ 28.927262] __kasan_check_write+0x18/0x20 [ 28.927286] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927311] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.927336] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.927361] ? trace_hardirqs_on+0x37/0xe0 [ 28.927383] ? kasan_bitops_generic+0x92/0x1c0 [ 28.927409] kasan_bitops_generic+0x116/0x1c0 [ 28.927432] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.927456] ? __pfx_read_tsc+0x10/0x10 [ 28.927477] ? ktime_get_ts64+0x86/0x230 [ 28.927501] kunit_try_run_case+0x1a5/0x480 [ 28.927526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.927548] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.927583] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.927607] ? __kthread_parkme+0x82/0x180 [ 28.927627] ? preempt_count_sub+0x50/0x80 [ 28.927650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.927673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.927697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.927719] kthread+0x337/0x6f0 [ 28.927738] ? trace_preempt_on+0x20/0xc0 [ 28.927760] ? __pfx_kthread+0x10/0x10 [ 28.927797] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.927820] ? calculate_sigpending+0x7b/0xa0 [ 28.927844] ? __pfx_kthread+0x10/0x10 [ 28.927866] ret_from_fork+0x116/0x1d0 [ 28.927885] ? __pfx_kthread+0x10/0x10 [ 28.927905] ret_from_fork_asm+0x1a/0x30 [ 28.927936] </TASK> [ 28.927948] [ 28.939882] Allocated by task 309: [ 28.940110] kasan_save_stack+0x45/0x70 [ 28.940477] kasan_save_track+0x18/0x40 [ 28.940676] kasan_save_alloc_info+0x3b/0x50 [ 28.941239] __kasan_kmalloc+0xb7/0xc0 [ 28.941476] __kmalloc_cache_noprof+0x189/0x420 [ 28.941659] kasan_bitops_generic+0x92/0x1c0 [ 28.942106] kunit_try_run_case+0x1a5/0x480 [ 28.942465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.942687] kthread+0x337/0x6f0 [ 28.942885] ret_from_fork+0x116/0x1d0 [ 28.943210] ret_from_fork_asm+0x1a/0x30 [ 28.943501] [ 28.943703] The buggy address belongs to the object at ffff888104625b80 [ 28.943703] which belongs to the cache kmalloc-16 of size 16 [ 28.944660] The buggy address is located 8 bytes inside of [ 28.944660] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 28.945407] [ 28.945482] The buggy address belongs to the physical page: [ 28.945753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 28.946263] flags: 0x200000000000000(node=0|zone=2) [ 28.946505] page_type: f5(slab) [ 28.946737] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 28.947025] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.947466] page dumped because: kasan: bad access detected [ 28.948009] [ 28.948091] Memory state around the buggy address: [ 28.948288] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.948602] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 28.949034] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.949358] ^ [ 28.949530] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.949876] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.950407] ================================================================== [ 28.972591] ================================================================== [ 28.973156] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.973540] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.973823] [ 28.973910] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.974198] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.974215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.974238] Call Trace: [ 28.974252] <TASK> [ 28.974271] dump_stack_lvl+0x73/0xb0 [ 28.974323] print_report+0xd1/0x640 [ 28.974347] ? __virt_addr_valid+0x1db/0x2d0 [ 28.974371] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974394] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.974420] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974445] kasan_report+0x141/0x180 [ 28.974484] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974514] kasan_check_range+0x10c/0x1c0 [ 28.974538] __kasan_check_write+0x18/0x20 [ 28.974561] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974596] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.974622] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.974646] ? trace_hardirqs_on+0x37/0xe0 [ 28.974684] ? kasan_bitops_generic+0x92/0x1c0 [ 28.974723] kasan_bitops_generic+0x116/0x1c0 [ 28.974759] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.974842] ? __pfx_read_tsc+0x10/0x10 [ 28.974868] ? ktime_get_ts64+0x86/0x230 [ 28.974892] kunit_try_run_case+0x1a5/0x480 [ 28.974929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.974953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.974978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.975005] ? __kthread_parkme+0x82/0x180 [ 28.975026] ? preempt_count_sub+0x50/0x80 [ 28.975048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.975072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.975117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.975141] kthread+0x337/0x6f0 [ 28.975160] ? trace_preempt_on+0x20/0xc0 [ 28.975182] ? __pfx_kthread+0x10/0x10 [ 28.975201] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.975224] ? calculate_sigpending+0x7b/0xa0 [ 28.975248] ? __pfx_kthread+0x10/0x10 [ 28.975292] ret_from_fork+0x116/0x1d0 [ 28.975311] ? __pfx_kthread+0x10/0x10 [ 28.975332] ret_from_fork_asm+0x1a/0x30 [ 28.975363] </TASK> [ 28.975374] [ 28.984728] Allocated by task 309: [ 28.984924] kasan_save_stack+0x45/0x70 [ 28.985135] kasan_save_track+0x18/0x40 [ 28.985316] kasan_save_alloc_info+0x3b/0x50 [ 28.985647] __kasan_kmalloc+0xb7/0xc0 [ 28.986235] __kmalloc_cache_noprof+0x189/0x420 [ 28.986601] kasan_bitops_generic+0x92/0x1c0 [ 28.986827] kunit_try_run_case+0x1a5/0x480 [ 28.987128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.987392] kthread+0x337/0x6f0 [ 28.987585] ret_from_fork+0x116/0x1d0 [ 28.987763] ret_from_fork_asm+0x1a/0x30 [ 28.988123] [ 28.988212] The buggy address belongs to the object at ffff888104625b80 [ 28.988212] which belongs to the cache kmalloc-16 of size 16 [ 28.988708] The buggy address is located 8 bytes inside of [ 28.988708] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 28.989298] [ 28.989393] The buggy address belongs to the physical page: [ 28.989626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 28.990129] flags: 0x200000000000000(node=0|zone=2) [ 28.990456] page_type: f5(slab) [ 28.990606] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 28.991127] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.991510] page dumped because: kasan: bad access detected [ 28.991759] [ 28.991887] Memory state around the buggy address: [ 28.992148] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.992489] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 28.992810] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.993192] ^ [ 28.993378] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.993728] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.994024] ================================================================== [ 29.015975] ================================================================== [ 29.016288] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.017505] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.019036] [ 29.019143] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.019201] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.019216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.019239] Call Trace: [ 29.019271] <TASK> [ 29.019290] dump_stack_lvl+0x73/0xb0 [ 29.019320] print_report+0xd1/0x640 [ 29.019345] ? __virt_addr_valid+0x1db/0x2d0 [ 29.019368] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.019420] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019446] kasan_report+0x141/0x180 [ 29.019469] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019498] kasan_check_range+0x10c/0x1c0 [ 29.019523] __kasan_check_write+0x18/0x20 [ 29.019546] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019589] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.019618] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.019642] ? trace_hardirqs_on+0x37/0xe0 [ 29.019665] ? kasan_bitops_generic+0x92/0x1c0 [ 29.019721] kasan_bitops_generic+0x116/0x1c0 [ 29.019759] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.019801] ? __pfx_read_tsc+0x10/0x10 [ 29.019823] ? ktime_get_ts64+0x86/0x230 [ 29.019848] kunit_try_run_case+0x1a5/0x480 [ 29.019873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.019896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.019922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.019964] ? __kthread_parkme+0x82/0x180 [ 29.019984] ? preempt_count_sub+0x50/0x80 [ 29.020008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.020031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.020055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.020079] kthread+0x337/0x6f0 [ 29.020099] ? trace_preempt_on+0x20/0xc0 [ 29.020121] ? __pfx_kthread+0x10/0x10 [ 29.020142] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.020165] ? calculate_sigpending+0x7b/0xa0 [ 29.020189] ? __pfx_kthread+0x10/0x10 [ 29.020210] ret_from_fork+0x116/0x1d0 [ 29.020228] ? __pfx_kthread+0x10/0x10 [ 29.020248] ret_from_fork_asm+0x1a/0x30 [ 29.020280] </TASK> [ 29.020291] [ 29.029314] Allocated by task 309: [ 29.029516] kasan_save_stack+0x45/0x70 [ 29.029743] kasan_save_track+0x18/0x40 [ 29.030033] kasan_save_alloc_info+0x3b/0x50 [ 29.030179] __kasan_kmalloc+0xb7/0xc0 [ 29.030351] __kmalloc_cache_noprof+0x189/0x420 [ 29.030605] kasan_bitops_generic+0x92/0x1c0 [ 29.030876] kunit_try_run_case+0x1a5/0x480 [ 29.031072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.031340] kthread+0x337/0x6f0 [ 29.031497] ret_from_fork+0x116/0x1d0 [ 29.031700] ret_from_fork_asm+0x1a/0x30 [ 29.031971] [ 29.032164] The buggy address belongs to the object at ffff888104625b80 [ 29.032164] which belongs to the cache kmalloc-16 of size 16 [ 29.032759] The buggy address is located 8 bytes inside of [ 29.032759] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.033568] [ 29.033730] The buggy address belongs to the physical page: [ 29.034019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.034311] flags: 0x200000000000000(node=0|zone=2) [ 29.034566] page_type: f5(slab) [ 29.034766] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.035178] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.035477] page dumped because: kasan: bad access detected [ 29.035718] [ 29.035811] Memory state around the buggy address: [ 29.036010] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.036291] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.036604] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.037164] ^ [ 29.037355] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.037673] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.038098] ================================================================== [ 28.994519] ================================================================== [ 28.994798] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.995303] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.995644] [ 28.995729] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.995784] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.995800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.995823] Call Trace: [ 28.995842] <TASK> [ 28.995864] dump_stack_lvl+0x73/0xb0 [ 28.995891] print_report+0xd1/0x640 [ 28.995915] ? __virt_addr_valid+0x1db/0x2d0 [ 28.996201] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.996279] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996304] kasan_report+0x141/0x180 [ 28.996345] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996374] kasan_check_range+0x10c/0x1c0 [ 28.996398] __kasan_check_write+0x18/0x20 [ 28.996420] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996445] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.996471] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.996513] ? trace_hardirqs_on+0x37/0xe0 [ 28.996536] ? kasan_bitops_generic+0x92/0x1c0 [ 28.996563] kasan_bitops_generic+0x116/0x1c0 [ 28.996597] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.996621] ? __pfx_read_tsc+0x10/0x10 [ 28.996643] ? ktime_get_ts64+0x86/0x230 [ 28.996683] kunit_try_run_case+0x1a5/0x480 [ 28.996707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.996743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.996782] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.996807] ? __kthread_parkme+0x82/0x180 [ 28.996840] ? preempt_count_sub+0x50/0x80 [ 28.996875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.996912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.996948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.996984] kthread+0x337/0x6f0 [ 28.997004] ? trace_preempt_on+0x20/0xc0 [ 28.997038] ? __pfx_kthread+0x10/0x10 [ 28.997059] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.997095] ? calculate_sigpending+0x7b/0xa0 [ 28.997197] ? __pfx_kthread+0x10/0x10 [ 28.997222] ret_from_fork+0x116/0x1d0 [ 28.997242] ? __pfx_kthread+0x10/0x10 [ 28.997263] ret_from_fork_asm+0x1a/0x30 [ 28.997294] </TASK> [ 28.997306] [ 29.006617] Allocated by task 309: [ 29.006760] kasan_save_stack+0x45/0x70 [ 29.007217] kasan_save_track+0x18/0x40 [ 29.007438] kasan_save_alloc_info+0x3b/0x50 [ 29.007658] __kasan_kmalloc+0xb7/0xc0 [ 29.007978] __kmalloc_cache_noprof+0x189/0x420 [ 29.008202] kasan_bitops_generic+0x92/0x1c0 [ 29.008416] kunit_try_run_case+0x1a5/0x480 [ 29.008624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.008991] kthread+0x337/0x6f0 [ 29.009179] ret_from_fork+0x116/0x1d0 [ 29.009341] ret_from_fork_asm+0x1a/0x30 [ 29.009523] [ 29.009632] The buggy address belongs to the object at ffff888104625b80 [ 29.009632] which belongs to the cache kmalloc-16 of size 16 [ 29.010162] The buggy address is located 8 bytes inside of [ 29.010162] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.010704] [ 29.010796] The buggy address belongs to the physical page: [ 29.011041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.011611] flags: 0x200000000000000(node=0|zone=2) [ 29.011973] page_type: f5(slab) [ 29.012095] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.012312] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.012523] page dumped because: kasan: bad access detected [ 29.012820] [ 29.012907] Memory state around the buggy address: [ 29.013127] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.013440] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.013761] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.014432] ^ [ 29.014654] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015060] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015405] ================================================================== [ 28.950991] ================================================================== [ 28.951279] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.951662] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.952217] [ 28.952342] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.952395] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.952408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.952430] Call Trace: [ 28.952451] <TASK> [ 28.952470] dump_stack_lvl+0x73/0xb0 [ 28.952498] print_report+0xd1/0x640 [ 28.952521] ? __virt_addr_valid+0x1db/0x2d0 [ 28.952545] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952569] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.952608] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952632] kasan_report+0x141/0x180 [ 28.952654] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952683] kasan_check_range+0x10c/0x1c0 [ 28.952706] __kasan_check_write+0x18/0x20 [ 28.952729] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952755] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.952780] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.952804] ? trace_hardirqs_on+0x37/0xe0 [ 28.952826] ? kasan_bitops_generic+0x92/0x1c0 [ 28.952853] kasan_bitops_generic+0x116/0x1c0 [ 28.952897] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.952923] ? __pfx_read_tsc+0x10/0x10 [ 28.952958] ? ktime_get_ts64+0x86/0x230 [ 28.952983] kunit_try_run_case+0x1a5/0x480 [ 28.953008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.953043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.953355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.953384] ? __kthread_parkme+0x82/0x180 [ 28.953405] ? preempt_count_sub+0x50/0x80 [ 28.953429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.953453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.953477] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.953500] kthread+0x337/0x6f0 [ 28.953519] ? trace_preempt_on+0x20/0xc0 [ 28.953542] ? __pfx_kthread+0x10/0x10 [ 28.953561] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.953596] ? calculate_sigpending+0x7b/0xa0 [ 28.953620] ? __pfx_kthread+0x10/0x10 [ 28.953641] ret_from_fork+0x116/0x1d0 [ 28.953660] ? __pfx_kthread+0x10/0x10 [ 28.953680] ret_from_fork_asm+0x1a/0x30 [ 28.953711] </TASK> [ 28.953722] [ 28.962766] Allocated by task 309: [ 28.963032] kasan_save_stack+0x45/0x70 [ 28.963242] kasan_save_track+0x18/0x40 [ 28.963436] kasan_save_alloc_info+0x3b/0x50 [ 28.963595] __kasan_kmalloc+0xb7/0xc0 [ 28.963716] __kmalloc_cache_noprof+0x189/0x420 [ 28.963877] kasan_bitops_generic+0x92/0x1c0 [ 28.964499] kunit_try_run_case+0x1a5/0x480 [ 28.964742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.965089] kthread+0x337/0x6f0 [ 28.965286] ret_from_fork+0x116/0x1d0 [ 28.965454] ret_from_fork_asm+0x1a/0x30 [ 28.965671] [ 28.965764] The buggy address belongs to the object at ffff888104625b80 [ 28.965764] which belongs to the cache kmalloc-16 of size 16 [ 28.966417] The buggy address is located 8 bytes inside of [ 28.966417] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 28.967179] [ 28.967285] The buggy address belongs to the physical page: [ 28.967555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 28.967942] flags: 0x200000000000000(node=0|zone=2) [ 28.968171] page_type: f5(slab) [ 28.968330] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 28.968664] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.969071] page dumped because: kasan: bad access detected [ 28.969284] [ 28.969344] Memory state around the buggy address: [ 28.969487] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.970220] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 28.970601] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.971108] ^ [ 28.971271] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.971629] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.972004] ================================================================== [ 29.081167] ================================================================== [ 29.081497] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.081937] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.082372] [ 29.082503] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.082553] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.082566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.082603] Call Trace: [ 29.082621] <TASK> [ 29.082638] dump_stack_lvl+0x73/0xb0 [ 29.082665] print_report+0xd1/0x640 [ 29.082688] ? __virt_addr_valid+0x1db/0x2d0 [ 29.082713] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082740] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.082766] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082795] kasan_report+0x141/0x180 [ 29.082818] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082847] kasan_check_range+0x10c/0x1c0 [ 29.082871] __kasan_check_write+0x18/0x20 [ 29.082894] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082922] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.082948] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.082973] ? trace_hardirqs_on+0x37/0xe0 [ 29.082995] ? kasan_bitops_generic+0x92/0x1c0 [ 29.083023] kasan_bitops_generic+0x116/0x1c0 [ 29.083049] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.083073] ? __pfx_read_tsc+0x10/0x10 [ 29.083095] ? ktime_get_ts64+0x86/0x230 [ 29.083120] kunit_try_run_case+0x1a5/0x480 [ 29.083144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.083166] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.083191] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.083216] ? __kthread_parkme+0x82/0x180 [ 29.083236] ? preempt_count_sub+0x50/0x80 [ 29.083265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.083288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.083312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.083335] kthread+0x337/0x6f0 [ 29.083355] ? trace_preempt_on+0x20/0xc0 [ 29.083377] ? __pfx_kthread+0x10/0x10 [ 29.083398] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.083421] ? calculate_sigpending+0x7b/0xa0 [ 29.083444] ? __pfx_kthread+0x10/0x10 [ 29.083561] ret_from_fork+0x116/0x1d0 [ 29.083595] ? __pfx_kthread+0x10/0x10 [ 29.083615] ret_from_fork_asm+0x1a/0x30 [ 29.083648] </TASK> [ 29.083658] [ 29.093098] Allocated by task 309: [ 29.093284] kasan_save_stack+0x45/0x70 [ 29.093481] kasan_save_track+0x18/0x40 [ 29.093685] kasan_save_alloc_info+0x3b/0x50 [ 29.093979] __kasan_kmalloc+0xb7/0xc0 [ 29.094619] __kmalloc_cache_noprof+0x189/0x420 [ 29.095074] kasan_bitops_generic+0x92/0x1c0 [ 29.095297] kunit_try_run_case+0x1a5/0x480 [ 29.095474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.095692] kthread+0x337/0x6f0 [ 29.095994] ret_from_fork+0x116/0x1d0 [ 29.096130] ret_from_fork_asm+0x1a/0x30 [ 29.096256] [ 29.096319] The buggy address belongs to the object at ffff888104625b80 [ 29.096319] which belongs to the cache kmalloc-16 of size 16 [ 29.096704] The buggy address is located 8 bytes inside of [ 29.096704] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.097204] [ 29.097291] The buggy address belongs to the physical page: [ 29.097536] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.098376] flags: 0x200000000000000(node=0|zone=2) [ 29.098669] page_type: f5(slab) [ 29.098843] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.099312] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.099527] page dumped because: kasan: bad access detected [ 29.099697] [ 29.099760] Memory state around the buggy address: [ 29.099983] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.100362] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.100764] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.101313] ^ [ 29.101491] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.101750] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.102226] ==================================================================