Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 47.618858] ================================================================== [ 47.630776] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 47.638455] Read of size 1 at addr ffff000095372001 by task kunit_try_catch/309 [ 47.645865] [ 47.647401] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 47.647433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.647442] Hardware name: Thundercomm Dragonboard 845c (DT) [ 47.647455] Call trace: [ 47.647462] show_stack+0x20/0x38 (C) [ 47.647484] dump_stack_lvl+0x8c/0xd0 [ 47.647507] print_report+0x118/0x608 [ 47.647530] kasan_report+0xdc/0x128 [ 47.647550] __asan_report_load1_noabort+0x20/0x30 [ 47.647568] mempool_oob_right_helper+0x2ac/0x2f0 [ 47.647588] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 47.647610] kunit_try_run_case+0x170/0x3f0 [ 47.647630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.647652] kthread+0x328/0x630 [ 47.647671] ret_from_fork+0x10/0x20 [ 47.647691] [ 47.719191] The buggy address belongs to the physical page: [ 47.724838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115370 [ 47.732943] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.740702] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 47.747767] page_type: f8(unknown) [ 47.751234] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 47.759080] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 47.766925] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 47.774856] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 47.782789] head: 0bfffe0000000002 fffffdffc254dc01 00000000ffffffff 00000000ffffffff [ 47.790721] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 47.798647] page dumped because: kasan: bad access detected [ 47.804291] [ 47.805821] Memory state around the buggy address: [ 47.810685] ffff000095371f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.818000] ffff000095371f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.825324] >ffff000095372000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.832644] ^ [ 47.835935] ffff000095372080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.843250] ffff000095372100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.850562] ================================================================== [ 47.862534] ================================================================== [ 47.874986] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 47.882667] Read of size 1 at addr ffff000096c812bb by task kunit_try_catch/311 [ 47.890079] [ 47.891614] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 47.891649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.891658] Hardware name: Thundercomm Dragonboard 845c (DT) [ 47.891674] Call trace: [ 47.891682] show_stack+0x20/0x38 (C) [ 47.891703] dump_stack_lvl+0x8c/0xd0 [ 47.891724] print_report+0x118/0x608 [ 47.891744] kasan_report+0xdc/0x128 [ 47.891761] __asan_report_load1_noabort+0x20/0x30 [ 47.891778] mempool_oob_right_helper+0x2ac/0x2f0 [ 47.891797] mempool_slab_oob_right+0xc0/0x118 [ 47.891818] kunit_try_run_case+0x170/0x3f0 [ 47.891837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.891859] kthread+0x328/0x630 [ 47.891873] ret_from_fork+0x10/0x20 [ 47.891891] [ 47.962604] Allocated by task 311: [ 47.966064] kasan_save_stack+0x3c/0x68 [ 47.969976] kasan_save_track+0x20/0x40 [ 47.973885] kasan_save_alloc_info+0x40/0x58 [ 47.978224] __kasan_mempool_unpoison_object+0xbc/0x180 [ 47.983537] remove_element+0x16c/0x1f8 [ 47.987447] mempool_alloc_preallocated+0x58/0xc0 [ 47.992226] mempool_oob_right_helper+0x98/0x2f0 [ 47.996924] mempool_slab_oob_right+0xc0/0x118 [ 48.001441] kunit_try_run_case+0x170/0x3f0 [ 48.005694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.011267] kthread+0x328/0x630 [ 48.014559] ret_from_fork+0x10/0x20 [ 48.018197] [ 48.019725] The buggy address belongs to the object at ffff000096c81240 [ 48.019725] which belongs to the cache test_cache of size 123 [ 48.032302] The buggy address is located 0 bytes to the right of [ 48.032302] allocated 123-byte region [ffff000096c81240, ffff000096c812bb) [ 48.045400] [ 48.046931] The buggy address belongs to the physical page: [ 48.052577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116c81 [ 48.060684] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 48.067304] page_type: f5(slab) [ 48.070512] raw: 0bfffe0000000000 ffff000096528140 dead000000000122 0000000000000000 [ 48.078359] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 48.086201] page dumped because: kasan: bad access detected [ 48.091849] [ 48.093376] Memory state around the buggy address: [ 48.098240] ffff000096c81180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.105554] ffff000096c81200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 48.112869] >ffff000096c81280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 48.120180] ^ [ 48.125304] ffff000096c81300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.132619] ffff000096c81380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.139933] ================================================================== [ 47.289918] ================================================================== [ 47.300978] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 47.308674] Read of size 1 at addr ffff000080dbc573 by task kunit_try_catch/307 [ 47.316087] [ 47.317630] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 47.317668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.317680] Hardware name: Thundercomm Dragonboard 845c (DT) [ 47.317695] Call trace: [ 47.317703] show_stack+0x20/0x38 (C) [ 47.317728] dump_stack_lvl+0x8c/0xd0 [ 47.317751] print_report+0x118/0x608 [ 47.317773] kasan_report+0xdc/0x128 [ 47.317793] __asan_report_load1_noabort+0x20/0x30 [ 47.317812] mempool_oob_right_helper+0x2ac/0x2f0 [ 47.317833] mempool_kmalloc_oob_right+0xc4/0x120 [ 47.317852] kunit_try_run_case+0x170/0x3f0 [ 47.317876] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.317899] kthread+0x328/0x630 [ 47.317917] ret_from_fork+0x10/0x20 [ 47.317939] [ 47.388930] Allocated by task 307: [ 47.392392] kasan_save_stack+0x3c/0x68 [ 47.396303] kasan_save_track+0x20/0x40 [ 47.400215] kasan_save_alloc_info+0x40/0x58 [ 47.404555] __kasan_mempool_unpoison_object+0x11c/0x180 [ 47.409950] remove_element+0x130/0x1f8 [ 47.413863] mempool_alloc_preallocated+0x58/0xc0 [ 47.418648] mempool_oob_right_helper+0x98/0x2f0 [ 47.423345] mempool_kmalloc_oob_right+0xc4/0x120 [ 47.428126] kunit_try_run_case+0x170/0x3f0 [ 47.432382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.437957] kthread+0x328/0x630 [ 47.441249] ret_from_fork+0x10/0x20 [ 47.444888] [ 47.446419] The buggy address belongs to the object at ffff000080dbc500 [ 47.446419] which belongs to the cache kmalloc-128 of size 128 [ 47.459077] The buggy address is located 0 bytes to the right of [ 47.459077] allocated 115-byte region [ffff000080dbc500, ffff000080dbc573) [ 47.472176] [ 47.473709] The buggy address belongs to the physical page: [ 47.479361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100dbc [ 47.487470] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.495233] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 47.502300] page_type: f5(slab) [ 47.505512] raw: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 47.513360] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 47.521210] head: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 47.529143] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 47.537078] head: 0bfffe0000000001 fffffdffc2036f01 00000000ffffffff 00000000ffffffff [ 47.545010] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 47.552940] page dumped because: kasan: bad access detected [ 47.558591] [ 47.560125] Memory state around the buggy address: [ 47.564989] ffff000080dbc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.572304] ffff000080dbc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.579623] >ffff000080dbc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 47.586941] ^ [ 47.593907] ffff000080dbc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.601224] ffff000080dbc600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 47.608537] ==================================================================
[ 28.793208] ================================================================== [ 28.793310] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.793398] Read of size 1 at addr fff00000c654a001 by task kunit_try_catch/235 [ 28.793448] [ 28.793522] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 28.793612] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.793640] Hardware name: linux,dummy-virt (DT) [ 28.793672] Call trace: [ 28.793693] show_stack+0x20/0x38 (C) [ 28.793759] dump_stack_lvl+0x8c/0xd0 [ 28.793809] print_report+0x118/0x608 [ 28.793857] kasan_report+0xdc/0x128 [ 28.793903] __asan_report_load1_noabort+0x20/0x30 [ 28.793960] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.794010] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 28.794071] kunit_try_run_case+0x170/0x3f0 [ 28.794120] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.794179] kthread+0x328/0x630 [ 28.794228] ret_from_fork+0x10/0x20 [ 28.794276] [ 28.794297] The buggy address belongs to the physical page: [ 28.794331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106548 [ 28.794384] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.794433] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.794487] page_type: f8(unknown) [ 28.794528] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.794575] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.794625] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.794682] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.794732] head: 0bfffe0000000002 ffffc1ffc3195201 00000000ffffffff 00000000ffffffff [ 28.794780] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.794819] page dumped because: kasan: bad access detected [ 28.794850] [ 28.794910] Memory state around the buggy address: [ 28.794951] fff00000c6549f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.795049] fff00000c6549f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.795101] >fff00000c654a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.795138] ^ [ 28.795164] fff00000c654a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.795205] fff00000c654a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.795242] ================================================================== [ 28.806368] ================================================================== [ 28.806433] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.807864] Read of size 1 at addr fff00000c57732bb by task kunit_try_catch/237 [ 28.810076] [ 28.810126] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 28.810258] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.810288] Hardware name: linux,dummy-virt (DT) [ 28.810321] Call trace: [ 28.810343] show_stack+0x20/0x38 (C) [ 28.810396] dump_stack_lvl+0x8c/0xd0 [ 28.810443] print_report+0x118/0x608 [ 28.810535] kasan_report+0xdc/0x128 [ 28.810631] __asan_report_load1_noabort+0x20/0x30 [ 28.811029] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.811619] mempool_slab_oob_right+0xc0/0x118 [ 28.811806] kunit_try_run_case+0x170/0x3f0 [ 28.811961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.812229] kthread+0x328/0x630 [ 28.812330] ret_from_fork+0x10/0x20 [ 28.812697] [ 28.812716] Allocated by task 237: [ 28.812745] kasan_save_stack+0x3c/0x68 [ 28.813170] kasan_save_track+0x20/0x40 [ 28.813210] kasan_save_alloc_info+0x40/0x58 [ 28.813485] __kasan_mempool_unpoison_object+0xbc/0x180 [ 28.813679] remove_element+0x16c/0x1f8 [ 28.813915] mempool_alloc_preallocated+0x58/0xc0 [ 28.814367] mempool_oob_right_helper+0x98/0x2f0 [ 28.814446] mempool_slab_oob_right+0xc0/0x118 [ 28.814487] kunit_try_run_case+0x170/0x3f0 [ 28.815064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.815122] kthread+0x328/0x630 [ 28.815158] ret_from_fork+0x10/0x20 [ 28.815195] [ 28.815216] The buggy address belongs to the object at fff00000c5773240 [ 28.815216] which belongs to the cache test_cache of size 123 [ 28.815613] The buggy address is located 0 bytes to the right of [ 28.815613] allocated 123-byte region [fff00000c5773240, fff00000c57732bb) [ 28.815918] [ 28.816117] The buggy address belongs to the physical page: [ 28.816243] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 28.816303] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.816356] page_type: f5(slab) [ 28.817111] raw: 0bfffe0000000000 fff00000c56d4640 dead000000000122 0000000000000000 [ 28.817162] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.817697] page dumped because: kasan: bad access detected [ 28.817796] [ 28.818013] Memory state around the buggy address: [ 28.818243] fff00000c5773180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.818292] fff00000c5773200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 28.818335] >fff00000c5773280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 28.818769] ^ [ 28.818846] fff00000c5773300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.818966] fff00000c5773380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.819170] ================================================================== [ 28.774450] ================================================================== [ 28.774522] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.774595] Read of size 1 at addr fff00000c643fd73 by task kunit_try_catch/233 [ 28.774646] [ 28.774686] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 28.774780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.774808] Hardware name: linux,dummy-virt (DT) [ 28.774841] Call trace: [ 28.774866] show_stack+0x20/0x38 (C) [ 28.774918] dump_stack_lvl+0x8c/0xd0 [ 28.774969] print_report+0x118/0x608 [ 28.775017] kasan_report+0xdc/0x128 [ 28.775079] __asan_report_load1_noabort+0x20/0x30 [ 28.775128] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.775177] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.775226] kunit_try_run_case+0x170/0x3f0 [ 28.775275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.775328] kthread+0x328/0x630 [ 28.775372] ret_from_fork+0x10/0x20 [ 28.775421] [ 28.775440] Allocated by task 233: [ 28.775469] kasan_save_stack+0x3c/0x68 [ 28.775510] kasan_save_track+0x20/0x40 [ 28.775546] kasan_save_alloc_info+0x40/0x58 [ 28.775583] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.775626] remove_element+0x130/0x1f8 [ 28.775667] mempool_alloc_preallocated+0x58/0xc0 [ 28.775706] mempool_oob_right_helper+0x98/0x2f0 [ 28.775746] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.775920] kunit_try_run_case+0x170/0x3f0 [ 28.775970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.776013] kthread+0x328/0x630 [ 28.776046] ret_from_fork+0x10/0x20 [ 28.776095] [ 28.776116] The buggy address belongs to the object at fff00000c643fd00 [ 28.776116] which belongs to the cache kmalloc-128 of size 128 [ 28.776177] The buggy address is located 0 bytes to the right of [ 28.776177] allocated 115-byte region [fff00000c643fd00, fff00000c643fd73) [ 28.776239] [ 28.776259] The buggy address belongs to the physical page: [ 28.776292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 28.776346] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.776398] page_type: f5(slab) [ 28.776438] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 28.776488] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.776530] page dumped because: kasan: bad access detected [ 28.776559] [ 28.776578] Memory state around the buggy address: [ 28.776610] fff00000c643fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.776652] fff00000c643fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.776693] >fff00000c643fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.776731] ^ [ 28.776769] fff00000c643fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.776810] fff00000c643fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.776850] ==================================================================
[ 23.576116] ================================================================== [ 23.577081] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.577931] Read of size 1 at addr ffff888102ca2001 by task kunit_try_catch/252 [ 23.578466] [ 23.578618] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.578676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.578689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.578716] Call Trace: [ 23.578752] <TASK> [ 23.578775] dump_stack_lvl+0x73/0xb0 [ 23.578825] print_report+0xd1/0x650 [ 23.578864] ? __virt_addr_valid+0x1db/0x2d0 [ 23.578889] ? mempool_oob_right_helper+0x318/0x380 [ 23.578912] ? kasan_addr_to_slab+0x11/0xa0 [ 23.578947] ? mempool_oob_right_helper+0x318/0x380 [ 23.578969] kasan_report+0x141/0x180 [ 23.579004] ? mempool_oob_right_helper+0x318/0x380 [ 23.579037] __asan_report_load1_noabort+0x18/0x20 [ 23.579061] mempool_oob_right_helper+0x318/0x380 [ 23.579085] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.579108] ? __kasan_check_write+0x18/0x20 [ 23.579131] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.579156] ? finish_task_switch.isra.0+0x153/0x700 [ 23.579182] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 23.579205] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 23.579241] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.579265] ? __pfx_mempool_kfree+0x10/0x10 [ 23.579288] ? __pfx_read_tsc+0x10/0x10 [ 23.579311] ? ktime_get_ts64+0x86/0x230 [ 23.579336] kunit_try_run_case+0x1a5/0x480 [ 23.579364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.579386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.579412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.579437] ? __kthread_parkme+0x82/0x180 [ 23.579458] ? preempt_count_sub+0x50/0x80 [ 23.579479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.579503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.579526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.579550] kthread+0x337/0x6f0 [ 23.579569] ? trace_preempt_on+0x20/0xc0 [ 23.579593] ? __pfx_kthread+0x10/0x10 [ 23.579614] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.579637] ? calculate_sigpending+0x7b/0xa0 [ 23.579662] ? __pfx_kthread+0x10/0x10 [ 23.579684] ret_from_fork+0x116/0x1d0 [ 23.579703] ? __pfx_kthread+0x10/0x10 [ 23.579722] ret_from_fork_asm+0x1a/0x30 [ 23.579755] </TASK> [ 23.579767] [ 23.588862] The buggy address belongs to the physical page: [ 23.589228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca0 [ 23.589659] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.590179] flags: 0x200000000000040(head|node=0|zone=2) [ 23.590414] page_type: f8(unknown) [ 23.590632] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.591120] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.591489] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.591964] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.592354] head: 0200000000000002 ffffea00040b2801 00000000ffffffff 00000000ffffffff [ 23.592716] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.593148] page dumped because: kasan: bad access detected [ 23.593404] [ 23.593497] Memory state around the buggy address: [ 23.593735] ffff888102ca1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.594170] ffff888102ca1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.594500] >ffff888102ca2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.594880] ^ [ 23.595056] ffff888102ca2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.595305] ffff888102ca2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.595594] ================================================================== [ 23.549461] ================================================================== [ 23.549904] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.550675] Read of size 1 at addr ffff8881024c9f73 by task kunit_try_catch/250 [ 23.551177] [ 23.551291] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.551346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.551358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.551383] Call Trace: [ 23.551397] <TASK> [ 23.551419] dump_stack_lvl+0x73/0xb0 [ 23.551450] print_report+0xd1/0x650 [ 23.551473] ? __virt_addr_valid+0x1db/0x2d0 [ 23.551499] ? mempool_oob_right_helper+0x318/0x380 [ 23.551522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.551547] ? mempool_oob_right_helper+0x318/0x380 [ 23.551570] kasan_report+0x141/0x180 [ 23.551591] ? mempool_oob_right_helper+0x318/0x380 [ 23.551618] __asan_report_load1_noabort+0x18/0x20 [ 23.551641] mempool_oob_right_helper+0x318/0x380 [ 23.551664] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.551689] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.551711] ? finish_task_switch.isra.0+0x153/0x700 [ 23.551738] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.551761] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 23.551786] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.551812] ? __pfx_mempool_kfree+0x10/0x10 [ 23.551835] ? __pfx_read_tsc+0x10/0x10 [ 23.551857] ? ktime_get_ts64+0x86/0x230 [ 23.551882] kunit_try_run_case+0x1a5/0x480 [ 23.551910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.551931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.551958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.551981] ? __kthread_parkme+0x82/0x180 [ 23.552002] ? preempt_count_sub+0x50/0x80 [ 23.552024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.552048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.552072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.552094] kthread+0x337/0x6f0 [ 23.552114] ? trace_preempt_on+0x20/0xc0 [ 23.552138] ? __pfx_kthread+0x10/0x10 [ 23.552158] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.552181] ? calculate_sigpending+0x7b/0xa0 [ 23.552205] ? __pfx_kthread+0x10/0x10 [ 23.552236] ret_from_fork+0x116/0x1d0 [ 23.552255] ? __pfx_kthread+0x10/0x10 [ 23.552274] ret_from_fork_asm+0x1a/0x30 [ 23.552307] </TASK> [ 23.552318] [ 23.561669] Allocated by task 250: [ 23.561850] kasan_save_stack+0x45/0x70 [ 23.562031] kasan_save_track+0x18/0x40 [ 23.562625] kasan_save_alloc_info+0x3b/0x50 [ 23.562831] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.563048] remove_element+0x11e/0x190 [ 23.563375] mempool_alloc_preallocated+0x4d/0x90 [ 23.563587] mempool_oob_right_helper+0x8a/0x380 [ 23.563914] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.564245] kunit_try_run_case+0x1a5/0x480 [ 23.564463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.564809] kthread+0x337/0x6f0 [ 23.565043] ret_from_fork+0x116/0x1d0 [ 23.565192] ret_from_fork_asm+0x1a/0x30 [ 23.565477] [ 23.565577] The buggy address belongs to the object at ffff8881024c9f00 [ 23.565577] which belongs to the cache kmalloc-128 of size 128 [ 23.566248] The buggy address is located 0 bytes to the right of [ 23.566248] allocated 115-byte region [ffff8881024c9f00, ffff8881024c9f73) [ 23.566744] [ 23.566827] The buggy address belongs to the physical page: [ 23.567068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 23.567709] flags: 0x200000000000000(node=0|zone=2) [ 23.567936] page_type: f5(slab) [ 23.568170] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.568574] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 23.568940] page dumped because: kasan: bad access detected [ 23.569233] [ 23.569445] Memory state around the buggy address: [ 23.569617] ffff8881024c9e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.570045] ffff8881024c9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.570350] >ffff8881024c9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.570643] ^ [ 23.570908] ffff8881024c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.571404] ffff8881024ca000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.571766] ================================================================== [ 23.600543] ================================================================== [ 23.601345] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.601726] Read of size 1 at addr ffff8881024e42bb by task kunit_try_catch/254 [ 23.602031] [ 23.602121] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.602176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.602189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.602214] Call Trace: [ 23.602239] <TASK> [ 23.602259] dump_stack_lvl+0x73/0xb0 [ 23.602290] print_report+0xd1/0x650 [ 23.602360] ? __virt_addr_valid+0x1db/0x2d0 [ 23.602388] ? mempool_oob_right_helper+0x318/0x380 [ 23.602411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.602437] ? mempool_oob_right_helper+0x318/0x380 [ 23.602460] kasan_report+0x141/0x180 [ 23.602482] ? mempool_oob_right_helper+0x318/0x380 [ 23.602508] __asan_report_load1_noabort+0x18/0x20 [ 23.602533] mempool_oob_right_helper+0x318/0x380 [ 23.602556] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.602580] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.602602] ? irqentry_exit+0x2a/0x60 [ 23.602622] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.602645] mempool_slab_oob_right+0xed/0x140 [ 23.602667] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.602693] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 23.602718] ? __pfx_mempool_free_slab+0x10/0x10 [ 23.602741] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.602766] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.602790] kunit_try_run_case+0x1a5/0x480 [ 23.602815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.602837] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.602862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.602886] ? __kthread_parkme+0x82/0x180 [ 23.602907] ? preempt_count_sub+0x50/0x80 [ 23.602930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.602954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.602978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.603001] kthread+0x337/0x6f0 [ 23.603046] ? trace_preempt_on+0x20/0xc0 [ 23.603070] ? __pfx_kthread+0x10/0x10 [ 23.603090] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.603131] ? calculate_sigpending+0x7b/0xa0 [ 23.603155] ? __pfx_kthread+0x10/0x10 [ 23.603177] ret_from_fork+0x116/0x1d0 [ 23.603197] ? __pfx_kthread+0x10/0x10 [ 23.603217] ret_from_fork_asm+0x1a/0x30 [ 23.603259] </TASK> [ 23.603271] [ 23.614771] Allocated by task 254: [ 23.615230] kasan_save_stack+0x45/0x70 [ 23.615536] kasan_save_track+0x18/0x40 [ 23.616062] kasan_save_alloc_info+0x3b/0x50 [ 23.616443] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 23.616881] remove_element+0x11e/0x190 [ 23.617197] mempool_alloc_preallocated+0x4d/0x90 [ 23.617530] mempool_oob_right_helper+0x8a/0x380 [ 23.617869] mempool_slab_oob_right+0xed/0x140 [ 23.618210] kunit_try_run_case+0x1a5/0x480 [ 23.618520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.619014] kthread+0x337/0x6f0 [ 23.619303] ret_from_fork+0x116/0x1d0 [ 23.619600] ret_from_fork_asm+0x1a/0x30 [ 23.619985] [ 23.620066] The buggy address belongs to the object at ffff8881024e4240 [ 23.620066] which belongs to the cache test_cache of size 123 [ 23.620904] The buggy address is located 0 bytes to the right of [ 23.620904] allocated 123-byte region [ffff8881024e4240, ffff8881024e42bb) [ 23.621908] [ 23.622050] The buggy address belongs to the physical page: [ 23.622472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e4 [ 23.622936] flags: 0x200000000000000(node=0|zone=2) [ 23.623271] page_type: f5(slab) [ 23.623728] raw: 0200000000000000 ffff888101106780 dead000000000122 0000000000000000 [ 23.624285] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 23.624739] page dumped because: kasan: bad access detected [ 23.625160] [ 23.625277] Memory state around the buggy address: [ 23.625596] ffff8881024e4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.626118] ffff8881024e4200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 23.626770] >ffff8881024e4280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 23.627330] ^ [ 23.627664] ffff8881024e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.628145] ffff8881024e4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.628551] ==================================================================