Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 46.485348] ================================================================== [ 46.497787] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 46.505466] Read of size 1 at addr ffff0000875a32bb by task kunit_try_catch/323 [ 46.512880] [ 46.514419] CPU: 2 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 46.514450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.514459] Hardware name: Thundercomm Dragonboard 845c (DT) [ 46.514470] Call trace: [ 46.514478] show_stack+0x20/0x38 (C) [ 46.514498] dump_stack_lvl+0x8c/0xd0 [ 46.514521] print_report+0x118/0x608 [ 46.514542] kasan_report+0xdc/0x128 [ 46.514562] __asan_report_load1_noabort+0x20/0x30 [ 46.514579] mempool_oob_right_helper+0x2ac/0x2f0 [ 46.514599] mempool_slab_oob_right+0xc0/0x118 [ 46.514620] kunit_try_run_case+0x170/0x3f0 [ 46.514642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.514665] kthread+0x328/0x630 [ 46.514680] ret_from_fork+0x10/0x20 [ 46.514700] [ 46.585419] Allocated by task 323: [ 46.588888] kasan_save_stack+0x3c/0x68 [ 46.592794] kasan_save_track+0x20/0x40 [ 46.596700] kasan_save_alloc_info+0x40/0x58 [ 46.601045] __kasan_mempool_unpoison_object+0xbc/0x180 [ 46.606357] remove_element+0x16c/0x1f8 [ 46.610264] mempool_alloc_preallocated+0x58/0xc0 [ 46.615044] mempool_oob_right_helper+0x98/0x2f0 [ 46.619738] mempool_slab_oob_right+0xc0/0x118 [ 46.624259] kunit_try_run_case+0x170/0x3f0 [ 46.628519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.634088] kthread+0x328/0x630 [ 46.637375] ret_from_fork+0x10/0x20 [ 46.641019] [ 46.642551] The buggy address belongs to the object at ffff0000875a3240 [ 46.642551] which belongs to the cache test_cache of size 123 [ 46.655129] The buggy address is located 0 bytes to the right of [ 46.655129] allocated 123-byte region [ffff0000875a3240, ffff0000875a32bb) [ 46.668235] [ 46.669766] The buggy address belongs to the physical page: [ 46.675412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1075a3 [ 46.683517] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 46.690134] page_type: f5(slab) [ 46.693336] raw: 0bfffe0000000000 ffff000080e24280 dead000000000122 0000000000000000 [ 46.701184] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 46.709027] page dumped because: kasan: bad access detected [ 46.714673] [ 46.716204] Memory state around the buggy address: [ 46.721064] ffff0000875a3180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.728379] ffff0000875a3200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 46.735694] >ffff0000875a3280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 46.743005] ^ [ 46.748136] ffff0000875a3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.755452] ffff0000875a3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.762766] ================================================================== [ 46.241737] ================================================================== [ 46.253661] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 46.261341] Read of size 1 at addr ffff0000967ea001 by task kunit_try_catch/321 [ 46.268753] [ 46.270292] CPU: 1 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 46.270325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.270335] Hardware name: Thundercomm Dragonboard 845c (DT) [ 46.270350] Call trace: [ 46.270359] show_stack+0x20/0x38 (C) [ 46.270380] dump_stack_lvl+0x8c/0xd0 [ 46.270401] print_report+0x118/0x608 [ 46.270422] kasan_report+0xdc/0x128 [ 46.270442] __asan_report_load1_noabort+0x20/0x30 [ 46.270461] mempool_oob_right_helper+0x2ac/0x2f0 [ 46.270481] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 46.270501] kunit_try_run_case+0x170/0x3f0 [ 46.270523] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.270547] kthread+0x328/0x630 [ 46.270565] ret_from_fork+0x10/0x20 [ 46.270584] [ 46.342104] The buggy address belongs to the physical page: [ 46.347752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1167e8 [ 46.355866] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 46.363625] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 46.370687] page_type: f8(unknown) [ 46.374155] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 46.382002] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 46.389847] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 46.397780] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 46.405713] head: 0bfffe0000000002 fffffdffc259fa01 00000000ffffffff 00000000ffffffff [ 46.413644] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 46.421570] page dumped because: kasan: bad access detected [ 46.427217] [ 46.428745] Memory state around the buggy address: [ 46.433611] ffff0000967e9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.440934] ffff0000967e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.448248] >ffff0000967ea000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 46.455562] ^ [ 46.458842] ffff0000967ea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 46.466166] ffff0000967ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 46.473488] ================================================================== [ 45.912743] ================================================================== [ 45.923800] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 45.931486] Read of size 1 at addr ffff000094709b73 by task kunit_try_catch/319 [ 45.938887] [ 45.940428] CPU: 5 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 45.940464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 45.940472] Hardware name: Thundercomm Dragonboard 845c (DT) [ 45.940489] Call trace: [ 45.940497] show_stack+0x20/0x38 (C) [ 45.940520] dump_stack_lvl+0x8c/0xd0 [ 45.940541] print_report+0x118/0x608 [ 45.940562] kasan_report+0xdc/0x128 [ 45.940580] __asan_report_load1_noabort+0x20/0x30 [ 45.940598] mempool_oob_right_helper+0x2ac/0x2f0 [ 45.940615] mempool_kmalloc_oob_right+0xc4/0x120 [ 45.940633] kunit_try_run_case+0x170/0x3f0 [ 45.940705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.940726] kthread+0x328/0x630 [ 45.940741] ret_from_fork+0x10/0x20 [ 45.940759] [ 46.011698] Allocated by task 319: [ 46.015156] kasan_save_stack+0x3c/0x68 [ 46.019053] kasan_save_track+0x20/0x40 [ 46.022958] kasan_save_alloc_info+0x40/0x58 [ 46.027291] __kasan_mempool_unpoison_object+0x11c/0x180 [ 46.032683] remove_element+0x130/0x1f8 [ 46.036586] mempool_alloc_preallocated+0x58/0xc0 [ 46.041358] mempool_oob_right_helper+0x98/0x2f0 [ 46.046043] mempool_kmalloc_oob_right+0xc4/0x120 [ 46.050816] kunit_try_run_case+0x170/0x3f0 [ 46.055063] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.060624] kthread+0x328/0x630 [ 46.063907] ret_from_fork+0x10/0x20 [ 46.067549] [ 46.069074] The buggy address belongs to the object at ffff000094709b00 [ 46.069074] which belongs to the cache kmalloc-128 of size 128 [ 46.081728] The buggy address is located 0 bytes to the right of [ 46.081728] allocated 115-byte region [ffff000094709b00, ffff000094709b73) [ 46.094818] [ 46.096352] The buggy address belongs to the physical page: [ 46.101994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114708 [ 46.110097] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 46.117850] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 46.124903] page_type: f5(slab) [ 46.128106] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 46.135947] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 46.143786] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 46.151710] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 46.159632] head: 0bfffe0000000001 fffffdffc251c201 00000000ffffffff 00000000ffffffff [ 46.167556] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 46.175478] page dumped because: kasan: bad access detected [ 46.181120] [ 46.182643] Memory state around the buggy address: [ 46.187503] ffff000094709a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.194812] ffff000094709a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.202127] >ffff000094709b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 46.209438] ^ [ 46.216393] ffff000094709b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.223707] ffff000094709c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 46.231012] ==================================================================
[ 35.607068] ================================================================== [ 35.607242] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.607401] Read of size 1 at addr fff00000c7732973 by task kunit_try_catch/232 [ 35.608560] [ 35.608678] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.608913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.609000] Hardware name: linux,dummy-virt (DT) [ 35.609125] Call trace: [ 35.609490] show_stack+0x20/0x38 (C) [ 35.609625] dump_stack_lvl+0x8c/0xd0 [ 35.609752] print_report+0x118/0x608 [ 35.610211] kasan_report+0xdc/0x128 [ 35.611782] __asan_report_load1_noabort+0x20/0x30 [ 35.612442] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.612570] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.612695] kunit_try_run_case+0x170/0x3f0 [ 35.614640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.615366] kthread+0x328/0x630 [ 35.616224] ret_from_fork+0x10/0x20 [ 35.617075] [ 35.617155] Allocated by task 232: [ 35.617239] kasan_save_stack+0x3c/0x68 [ 35.617342] kasan_save_track+0x20/0x40 [ 35.617435] kasan_save_alloc_info+0x40/0x58 [ 35.618762] __kasan_mempool_unpoison_object+0x11c/0x180 [ 35.618994] remove_element+0x130/0x1f8 [ 35.619100] mempool_alloc_preallocated+0x58/0xc0 [ 35.619215] mempool_oob_right_helper+0x98/0x2f0 [ 35.619317] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.619427] kunit_try_run_case+0x170/0x3f0 [ 35.620485] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.622689] kthread+0x328/0x630 [ 35.622910] ret_from_fork+0x10/0x20 [ 35.623768] [ 35.624220] The buggy address belongs to the object at fff00000c7732900 [ 35.624220] which belongs to the cache kmalloc-128 of size 128 [ 35.624584] The buggy address is located 0 bytes to the right of [ 35.624584] allocated 115-byte region [fff00000c7732900, fff00000c7732973) [ 35.625065] [ 35.625591] The buggy address belongs to the physical page: [ 35.625678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 35.625812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.625954] page_type: f5(slab) [ 35.626056] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.628796] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.629540] page dumped because: kasan: bad access detected [ 35.630173] [ 35.630227] Memory state around the buggy address: [ 35.630770] fff00000c7732800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.630899] fff00000c7732880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.631013] >fff00000c7732900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.632696] ^ [ 35.633194] fff00000c7732980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.634098] fff00000c7732a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.634286] ================================================================== [ 35.700462] ================================================================== [ 35.700623] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.700767] Read of size 1 at addr fff00000c77e22bb by task kunit_try_catch/236 [ 35.700913] [ 35.701034] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.701272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.701725] Hardware name: linux,dummy-virt (DT) [ 35.701820] Call trace: [ 35.701881] show_stack+0x20/0x38 (C) [ 35.702033] dump_stack_lvl+0x8c/0xd0 [ 35.702232] print_report+0x118/0x608 [ 35.702419] kasan_report+0xdc/0x128 [ 35.702641] __asan_report_load1_noabort+0x20/0x30 [ 35.703051] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.703291] mempool_slab_oob_right+0xc0/0x118 [ 35.703428] kunit_try_run_case+0x170/0x3f0 [ 35.703728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.703809] kthread+0x328/0x630 [ 35.703916] ret_from_fork+0x10/0x20 [ 35.704002] [ 35.704026] Allocated by task 236: [ 35.704060] kasan_save_stack+0x3c/0x68 [ 35.704115] kasan_save_track+0x20/0x40 [ 35.704160] kasan_save_alloc_info+0x40/0x58 [ 35.704206] __kasan_mempool_unpoison_object+0xbc/0x180 [ 35.704257] remove_element+0x16c/0x1f8 [ 35.704304] mempool_alloc_preallocated+0x58/0xc0 [ 35.704349] mempool_oob_right_helper+0x98/0x2f0 [ 35.704397] mempool_slab_oob_right+0xc0/0x118 [ 35.704442] kunit_try_run_case+0x170/0x3f0 [ 35.704489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.704539] kthread+0x328/0x630 [ 35.704578] ret_from_fork+0x10/0x20 [ 35.704620] [ 35.704642] The buggy address belongs to the object at fff00000c77e2240 [ 35.704642] which belongs to the cache test_cache of size 123 [ 35.704709] The buggy address is located 0 bytes to the right of [ 35.704709] allocated 123-byte region [fff00000c77e2240, fff00000c77e22bb) [ 35.704783] [ 35.704806] The buggy address belongs to the physical page: [ 35.704846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e2 [ 35.707264] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.707339] page_type: f5(slab) [ 35.707390] raw: 0bfffe0000000000 fff00000c77d6500 dead000000000122 0000000000000000 [ 35.707456] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 35.707505] page dumped because: kasan: bad access detected [ 35.707541] [ 35.707566] Memory state around the buggy address: [ 35.707604] fff00000c77e2180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.707657] fff00000c77e2200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 35.707707] >fff00000c77e2280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 35.707753] ^ [ 35.707795] fff00000c77e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.707846] fff00000c77e2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.707967] ================================================================== [ 35.653412] ================================================================== [ 35.653898] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.654040] Read of size 1 at addr fff00000c781a001 by task kunit_try_catch/234 [ 35.654516] [ 35.654679] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.654970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.655044] Hardware name: linux,dummy-virt (DT) [ 35.655132] Call trace: [ 35.655619] show_stack+0x20/0x38 (C) [ 35.656114] dump_stack_lvl+0x8c/0xd0 [ 35.656374] print_report+0x118/0x608 [ 35.656877] kasan_report+0xdc/0x128 [ 35.657052] __asan_report_load1_noabort+0x20/0x30 [ 35.657270] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.657466] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 35.657610] kunit_try_run_case+0x170/0x3f0 [ 35.657915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.658069] kthread+0x328/0x630 [ 35.658176] ret_from_fork+0x10/0x20 [ 35.658289] [ 35.658341] The buggy address belongs to the physical page: [ 35.658437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818 [ 35.658566] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.658673] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 35.658800] page_type: f8(unknown) [ 35.659100] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.659515] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.659682] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.659997] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.660130] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff [ 35.660267] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 35.660372] page dumped because: kasan: bad access detected [ 35.660455] [ 35.660509] Memory state around the buggy address: [ 35.660814] fff00000c7819f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.661000] fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.661138] >fff00000c781a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 35.661232] ^ [ 35.661310] fff00000c781a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 35.661412] fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 35.661505] ==================================================================
[ 30.953510] ================================================================== [ 30.954286] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 30.955092] Read of size 1 at addr ffff888102df02bb by task kunit_try_catch/255 [ 30.955938] [ 30.956307] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.956416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.956445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.956490] Call Trace: [ 30.956518] <TASK> [ 30.956574] dump_stack_lvl+0x73/0xb0 [ 30.956691] print_report+0xd1/0x650 [ 30.956756] ? __virt_addr_valid+0x1db/0x2d0 [ 30.956827] ? mempool_oob_right_helper+0x318/0x380 [ 30.956887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.956955] ? mempool_oob_right_helper+0x318/0x380 [ 30.957019] kasan_report+0x141/0x180 [ 30.957124] ? mempool_oob_right_helper+0x318/0x380 [ 30.957225] __asan_report_load1_noabort+0x18/0x20 [ 30.957297] mempool_oob_right_helper+0x318/0x380 [ 30.957367] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.957438] ? __pfx_sched_clock_cpu+0x10/0x10 [ 30.957593] ? finish_task_switch.isra.0+0x153/0x700 [ 30.957661] mempool_slab_oob_right+0xed/0x140 [ 30.957701] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 30.957737] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 30.957772] ? __pfx_mempool_free_slab+0x10/0x10 [ 30.957806] ? __pfx_read_tsc+0x10/0x10 [ 30.957837] ? ktime_get_ts64+0x86/0x230 [ 30.957872] kunit_try_run_case+0x1a5/0x480 [ 30.957909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.957940] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.957975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.958007] ? __kthread_parkme+0x82/0x180 [ 30.958035] ? preempt_count_sub+0x50/0x80 [ 30.958081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.958138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.958179] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.958213] kthread+0x337/0x6f0 [ 30.958240] ? trace_preempt_on+0x20/0xc0 [ 30.958274] ? __pfx_kthread+0x10/0x10 [ 30.958303] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.958334] ? calculate_sigpending+0x7b/0xa0 [ 30.958365] ? __pfx_kthread+0x10/0x10 [ 30.958393] ret_from_fork+0x116/0x1d0 [ 30.958420] ? __pfx_kthread+0x10/0x10 [ 30.958448] ret_from_fork_asm+0x1a/0x30 [ 30.958490] </TASK> [ 30.958506] [ 30.976525] Allocated by task 255: [ 30.976906] kasan_save_stack+0x45/0x70 [ 30.977370] kasan_save_track+0x18/0x40 [ 30.977709] kasan_save_alloc_info+0x3b/0x50 [ 30.978535] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 30.979280] remove_element+0x11e/0x190 [ 30.980049] mempool_alloc_preallocated+0x4d/0x90 [ 30.980574] mempool_oob_right_helper+0x8a/0x380 [ 30.981259] mempool_slab_oob_right+0xed/0x140 [ 30.981795] kunit_try_run_case+0x1a5/0x480 [ 30.982454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.982743] kthread+0x337/0x6f0 [ 30.983144] ret_from_fork+0x116/0x1d0 [ 30.983722] ret_from_fork_asm+0x1a/0x30 [ 30.983992] [ 30.984190] The buggy address belongs to the object at ffff888102df0240 [ 30.984190] which belongs to the cache test_cache of size 123 [ 30.985961] The buggy address is located 0 bytes to the right of [ 30.985961] allocated 123-byte region [ffff888102df0240, ffff888102df02bb) [ 30.987141] [ 30.987359] The buggy address belongs to the physical page: [ 30.987984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df0 [ 30.988635] flags: 0x200000000000000(node=0|zone=2) [ 30.989098] page_type: f5(slab) [ 30.989443] raw: 0200000000000000 ffff888102de73c0 dead000000000122 0000000000000000 [ 30.990150] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 30.991171] page dumped because: kasan: bad access detected [ 30.991662] [ 30.991877] Memory state around the buggy address: [ 30.992367] ffff888102df0180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.992873] ffff888102df0200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 30.993787] >ffff888102df0280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 30.994754] ^ [ 30.995319] ffff888102df0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.995984] ffff888102df0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.996673] ================================================================== [ 30.869021] ================================================================== [ 30.869724] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 30.870479] Read of size 1 at addr ffff888100aaed73 by task kunit_try_catch/251 [ 30.871044] [ 30.871341] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.871465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.871497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.871565] Call Trace: [ 30.871599] <TASK> [ 30.871682] dump_stack_lvl+0x73/0xb0 [ 30.871783] print_report+0xd1/0x650 [ 30.871852] ? __virt_addr_valid+0x1db/0x2d0 [ 30.871918] ? mempool_oob_right_helper+0x318/0x380 [ 30.871981] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.872047] ? mempool_oob_right_helper+0x318/0x380 [ 30.872097] kasan_report+0x141/0x180 [ 30.872138] ? mempool_oob_right_helper+0x318/0x380 [ 30.872174] __asan_report_load1_noabort+0x18/0x20 [ 30.872204] mempool_oob_right_helper+0x318/0x380 [ 30.872234] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.872261] ? update_load_avg+0x1be/0x21b0 [ 30.872292] ? dequeue_entities+0x27e/0x1740 [ 30.872322] ? finish_task_switch.isra.0+0x153/0x700 [ 30.872354] mempool_kmalloc_oob_right+0xf2/0x150 [ 30.872382] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 30.872413] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.872442] ? __pfx_mempool_kfree+0x10/0x10 [ 30.872471] ? __pfx_read_tsc+0x10/0x10 [ 30.872497] ? ktime_get_ts64+0x86/0x230 [ 30.872527] kunit_try_run_case+0x1a5/0x480 [ 30.872584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.872612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.872681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.872713] ? __kthread_parkme+0x82/0x180 [ 30.872739] ? preempt_count_sub+0x50/0x80 [ 30.872766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.872796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.872825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.872854] kthread+0x337/0x6f0 [ 30.872878] ? trace_preempt_on+0x20/0xc0 [ 30.872907] ? __pfx_kthread+0x10/0x10 [ 30.872932] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.872959] ? calculate_sigpending+0x7b/0xa0 [ 30.872988] ? __pfx_kthread+0x10/0x10 [ 30.873014] ret_from_fork+0x116/0x1d0 [ 30.873038] ? __pfx_kthread+0x10/0x10 [ 30.873062] ret_from_fork_asm+0x1a/0x30 [ 30.873099] </TASK> [ 30.873115] [ 30.891946] Allocated by task 251: [ 30.892191] kasan_save_stack+0x45/0x70 [ 30.892924] kasan_save_track+0x18/0x40 [ 30.893261] kasan_save_alloc_info+0x3b/0x50 [ 30.894157] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 30.894582] remove_element+0x11e/0x190 [ 30.894968] mempool_alloc_preallocated+0x4d/0x90 [ 30.895295] mempool_oob_right_helper+0x8a/0x380 [ 30.895702] mempool_kmalloc_oob_right+0xf2/0x150 [ 30.896036] kunit_try_run_case+0x1a5/0x480 [ 30.896446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.896827] kthread+0x337/0x6f0 [ 30.897059] ret_from_fork+0x116/0x1d0 [ 30.897282] ret_from_fork_asm+0x1a/0x30 [ 30.897665] [ 30.897806] The buggy address belongs to the object at ffff888100aaed00 [ 30.897806] which belongs to the cache kmalloc-128 of size 128 [ 30.898859] The buggy address is located 0 bytes to the right of [ 30.898859] allocated 115-byte region [ffff888100aaed00, ffff888100aaed73) [ 30.900002] [ 30.900217] The buggy address belongs to the physical page: [ 30.900892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 30.901372] flags: 0x200000000000000(node=0|zone=2) [ 30.901974] page_type: f5(slab) [ 30.902200] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.902957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.903593] page dumped because: kasan: bad access detected [ 30.904200] [ 30.904328] Memory state around the buggy address: [ 30.904948] ffff888100aaec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.905409] ffff888100aaec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.905954] >ffff888100aaed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.906429] ^ [ 30.907266] ffff888100aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.907829] ffff888100aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.908398] ================================================================== [ 30.915790] ================================================================== [ 30.916396] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 30.917103] Read of size 1 at addr ffff888103bde001 by task kunit_try_catch/253 [ 30.917693] [ 30.917872] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.917982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.918015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.918062] Call Trace: [ 30.918091] <TASK> [ 30.918125] dump_stack_lvl+0x73/0xb0 [ 30.918193] print_report+0xd1/0x650 [ 30.918246] ? __virt_addr_valid+0x1db/0x2d0 [ 30.918298] ? mempool_oob_right_helper+0x318/0x380 [ 30.918350] ? kasan_addr_to_slab+0x11/0xa0 [ 30.918396] ? mempool_oob_right_helper+0x318/0x380 [ 30.918449] kasan_report+0x141/0x180 [ 30.918498] ? mempool_oob_right_helper+0x318/0x380 [ 30.918583] __asan_report_load1_noabort+0x18/0x20 [ 30.918643] mempool_oob_right_helper+0x318/0x380 [ 30.918707] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.918775] ? __pfx_sched_clock_cpu+0x10/0x10 [ 30.918833] ? finish_task_switch.isra.0+0x153/0x700 [ 30.918900] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 30.918951] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 30.919013] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.919067] ? __pfx_mempool_kfree+0x10/0x10 [ 30.919126] ? __pfx_read_tsc+0x10/0x10 [ 30.919174] ? ktime_get_ts64+0x86/0x230 [ 30.919227] kunit_try_run_case+0x1a5/0x480 [ 30.919337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.919390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.919452] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.919515] ? __kthread_parkme+0x82/0x180 [ 30.919585] ? preempt_count_sub+0x50/0x80 [ 30.919630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.919673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.919706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.919735] kthread+0x337/0x6f0 [ 30.919760] ? trace_preempt_on+0x20/0xc0 [ 30.919790] ? __pfx_kthread+0x10/0x10 [ 30.919815] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.919856] ? calculate_sigpending+0x7b/0xa0 [ 30.919887] ? __pfx_kthread+0x10/0x10 [ 30.919912] ret_from_fork+0x116/0x1d0 [ 30.919936] ? __pfx_kthread+0x10/0x10 [ 30.919961] ret_from_fork_asm+0x1a/0x30 [ 30.920000] </TASK> [ 30.920015] [ 30.934377] The buggy address belongs to the physical page: [ 30.934964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bdc [ 30.935661] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.936211] flags: 0x200000000000040(head|node=0|zone=2) [ 30.936528] page_type: f8(unknown) [ 30.936940] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.937679] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.938273] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.938910] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.939380] head: 0200000000000002 ffffea00040ef701 00000000ffffffff 00000000ffffffff [ 30.939978] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.940562] page dumped because: kasan: bad access detected [ 30.941061] [ 30.941293] Memory state around the buggy address: [ 30.941691] ffff888103bddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.942250] ffff888103bddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.942827] >ffff888103bde000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.943316] ^ [ 30.943726] ffff888103bde080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.944238] ffff888103bde100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.944836] ==================================================================