Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 48.430801] ================================================================== [ 48.442730] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 48.450410] Read of size 1 at addr ffff00008553a001 by task kunit_try_catch/332 [ 48.457824] [ 48.459361] CPU: 3 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 48.459395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.459403] Hardware name: Thundercomm Dragonboard 845c (DT) [ 48.459417] Call trace: [ 48.459425] show_stack+0x20/0x38 (C) [ 48.459446] dump_stack_lvl+0x8c/0xd0 [ 48.459469] print_report+0x118/0x608 [ 48.459489] kasan_report+0xdc/0x128 [ 48.459507] __asan_report_load1_noabort+0x20/0x30 [ 48.459525] mempool_oob_right_helper+0x2ac/0x2f0 [ 48.459543] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 48.459563] kunit_try_run_case+0x170/0x3f0 [ 48.459585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.459607] kthread+0x328/0x630 [ 48.459623] ret_from_fork+0x10/0x20 [ 48.459640] [ 48.531140] The buggy address belongs to the physical page: [ 48.536789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff00008553e600 pfn:0x105538 [ 48.546214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.553974] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 48.561034] page_type: f8(unknown) [ 48.564504] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 48.572352] raw: ffff00008553e600 0000000000000000 00000000f8000000 0000000000000000 [ 48.580203] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 48.588136] head: ffff00008553e600 0000000000000000 00000000f8000000 0000000000000000 [ 48.596072] head: 0bfffe0000000002 fffffdffc2154e01 00000000ffffffff 00000000ffffffff [ 48.604006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 48.611934] page dumped because: kasan: bad access detected [ 48.617585] [ 48.619115] Memory state around the buggy address: [ 48.623975] ffff000085539f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.631295] ffff000085539f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.638611] >ffff00008553a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 48.645925] ^ [ 48.649213] ffff00008553a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 48.656528] ffff00008553a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 48.663842] ================================================================== [ 48.102457] ================================================================== [ 48.113501] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 48.121191] Read of size 1 at addr ffff00009068f473 by task kunit_try_catch/330 [ 48.128593] [ 48.130128] CPU: 5 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 48.130166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.130175] Hardware name: Thundercomm Dragonboard 845c (DT) [ 48.130191] Call trace: [ 48.130199] show_stack+0x20/0x38 (C) [ 48.130220] dump_stack_lvl+0x8c/0xd0 [ 48.130243] print_report+0x118/0x608 [ 48.130264] kasan_report+0xdc/0x128 [ 48.130282] __asan_report_load1_noabort+0x20/0x30 [ 48.130302] mempool_oob_right_helper+0x2ac/0x2f0 [ 48.130319] mempool_kmalloc_oob_right+0xc4/0x120 [ 48.130337] kunit_try_run_case+0x170/0x3f0 [ 48.130358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.130380] kthread+0x328/0x630 [ 48.130396] ret_from_fork+0x10/0x20 [ 48.130417] [ 48.201338] Allocated by task 330: [ 48.204796] kasan_save_stack+0x3c/0x68 [ 48.208696] kasan_save_track+0x20/0x40 [ 48.212595] kasan_save_alloc_info+0x40/0x58 [ 48.216932] __kasan_mempool_unpoison_object+0x11c/0x180 [ 48.222329] remove_element+0x130/0x1f8 [ 48.226227] mempool_alloc_preallocated+0x58/0xc0 [ 48.230998] mempool_oob_right_helper+0x98/0x2f0 [ 48.235684] mempool_kmalloc_oob_right+0xc4/0x120 [ 48.240459] kunit_try_run_case+0x170/0x3f0 [ 48.244712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.250280] kthread+0x328/0x630 [ 48.253564] ret_from_fork+0x10/0x20 [ 48.257199] [ 48.258723] The buggy address belongs to the object at ffff00009068f400 [ 48.258723] which belongs to the cache kmalloc-128 of size 128 [ 48.271383] The buggy address is located 0 bytes to the right of [ 48.271383] allocated 115-byte region [ffff00009068f400, ffff00009068f473) [ 48.284480] [ 48.286008] The buggy address belongs to the physical page: [ 48.291655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11068e [ 48.299761] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.307519] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 48.314578] page_type: f5(slab) [ 48.317781] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 48.325626] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.333471] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 48.341402] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.349333] head: 0bfffe0000000001 fffffdffc241a381 00000000ffffffff 00000000ffffffff [ 48.357262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 48.365183] page dumped because: kasan: bad access detected [ 48.370827] [ 48.372358] Memory state around the buggy address: [ 48.377215] ffff00009068f300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.384522] ffff00009068f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.391834] >ffff00009068f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 48.399141] ^ [ 48.406103] ffff00009068f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.413412] ffff00009068f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 48.420719] ================================================================== [ 48.676501] ================================================================== [ 48.688943] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 48.696618] Read of size 1 at addr ffff000097e1d2bb by task kunit_try_catch/334 [ 48.704030] [ 48.705566] CPU: 3 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 48.705599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.705607] Hardware name: Thundercomm Dragonboard 845c (DT) [ 48.705621] Call trace: [ 48.705628] show_stack+0x20/0x38 (C) [ 48.705647] dump_stack_lvl+0x8c/0xd0 [ 48.705671] print_report+0x118/0x608 [ 48.705690] kasan_report+0xdc/0x128 [ 48.705708] __asan_report_load1_noabort+0x20/0x30 [ 48.705726] mempool_oob_right_helper+0x2ac/0x2f0 [ 48.705745] mempool_slab_oob_right+0xc0/0x118 [ 48.705766] kunit_try_run_case+0x170/0x3f0 [ 48.705786] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.705807] kthread+0x328/0x630 [ 48.705822] ret_from_fork+0x10/0x20 [ 48.705842] [ 48.776582] Allocated by task 334: [ 48.780043] kasan_save_stack+0x3c/0x68 [ 48.783951] kasan_save_track+0x20/0x40 [ 48.787860] kasan_save_alloc_info+0x40/0x58 [ 48.792196] __kasan_mempool_unpoison_object+0xbc/0x180 [ 48.797509] remove_element+0x16c/0x1f8 [ 48.801419] mempool_alloc_preallocated+0x58/0xc0 [ 48.806201] mempool_oob_right_helper+0x98/0x2f0 [ 48.810896] mempool_slab_oob_right+0xc0/0x118 [ 48.815418] kunit_try_run_case+0x170/0x3f0 [ 48.819669] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.825238] kthread+0x328/0x630 [ 48.828529] ret_from_fork+0x10/0x20 [ 48.832177] [ 48.833708] The buggy address belongs to the object at ffff000097e1d240 [ 48.833708] which belongs to the cache test_cache of size 123 [ 48.846286] The buggy address is located 0 bytes to the right of [ 48.846286] allocated 123-byte region [ffff000097e1d240, ffff000097e1d2bb) [ 48.859391] [ 48.860929] The buggy address belongs to the physical page: [ 48.866578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117e1d [ 48.874691] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 48.881314] page_type: f5(slab) [ 48.884521] raw: 0bfffe0000000000 ffff000082242140 dead000000000122 0000000000000000 [ 48.892374] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 48.900216] page dumped because: kasan: bad access detected [ 48.905864] [ 48.907394] Memory state around the buggy address: [ 48.912260] ffff000097e1d180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.919576] ffff000097e1d200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 48.926891] >ffff000097e1d280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 48.934209] ^ [ 48.939331] ffff000097e1d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.946655] ffff000097e1d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.953972] ==================================================================
[ 32.975787] ================================================================== [ 32.976736] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.976877] Read of size 1 at addr fff00000c9b32001 by task kunit_try_catch/255 [ 32.976929] [ 32.976964] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 32.977054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.977082] Hardware name: linux,dummy-virt (DT) [ 32.977114] Call trace: [ 32.977229] show_stack+0x20/0x38 (C) [ 32.977314] dump_stack_lvl+0x8c/0xd0 [ 32.977945] print_report+0x118/0x608 [ 32.978093] kasan_report+0xdc/0x128 [ 32.978140] __asan_report_load1_noabort+0x20/0x30 [ 32.978189] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.978240] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 32.978291] kunit_try_run_case+0x170/0x3f0 [ 32.978341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.978394] kthread+0x328/0x630 [ 32.979441] ret_from_fork+0x10/0x20 [ 32.979681] [ 32.979710] The buggy address belongs to the physical page: [ 32.979747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b30 [ 32.979803] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.980070] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.980354] page_type: f8(unknown) [ 32.980407] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.980625] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.980825] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.981021] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.981081] head: 0bfffe0000000002 ffffc1ffc326cc01 00000000ffffffff 00000000ffffffff [ 32.981494] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.981919] page dumped because: kasan: bad access detected [ 32.982003] [ 32.982022] Memory state around the buggy address: [ 32.982058] fff00000c9b31f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.982104] fff00000c9b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.982552] >fff00000c9b32000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.982638] ^ [ 32.982671] fff00000c9b32080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.982975] fff00000c9b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.983352] ================================================================== [ 33.006855] ================================================================== [ 33.006926] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.006991] Read of size 1 at addr fff00000c92512bb by task kunit_try_catch/257 [ 33.007043] [ 33.007079] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.010819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.010956] Hardware name: linux,dummy-virt (DT) [ 33.011003] Call trace: [ 33.011216] show_stack+0x20/0x38 (C) [ 33.011278] dump_stack_lvl+0x8c/0xd0 [ 33.011486] print_report+0x118/0x608 [ 33.011579] kasan_report+0xdc/0x128 [ 33.011692] __asan_report_load1_noabort+0x20/0x30 [ 33.011743] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.012059] mempool_slab_oob_right+0xc0/0x118 [ 33.012380] kunit_try_run_case+0x170/0x3f0 [ 33.012722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.012785] kthread+0x328/0x630 [ 33.013236] ret_from_fork+0x10/0x20 [ 33.013424] [ 33.013567] Allocated by task 257: [ 33.013737] kasan_save_stack+0x3c/0x68 [ 33.013937] kasan_save_track+0x20/0x40 [ 33.014005] kasan_save_alloc_info+0x40/0x58 [ 33.014045] __kasan_mempool_unpoison_object+0xbc/0x180 [ 33.014091] remove_element+0x16c/0x1f8 [ 33.014131] mempool_alloc_preallocated+0x58/0xc0 [ 33.014181] mempool_oob_right_helper+0x98/0x2f0 [ 33.014439] mempool_slab_oob_right+0xc0/0x118 [ 33.014733] kunit_try_run_case+0x170/0x3f0 [ 33.015002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.015423] kthread+0x328/0x630 [ 33.015584] ret_from_fork+0x10/0x20 [ 33.015865] [ 33.015969] The buggy address belongs to the object at fff00000c9251240 [ 33.015969] which belongs to the cache test_cache of size 123 [ 33.016351] The buggy address is located 0 bytes to the right of [ 33.016351] allocated 123-byte region [fff00000c9251240, fff00000c92512bb) [ 33.016641] [ 33.016777] The buggy address belongs to the physical page: [ 33.016813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109251 [ 33.016930] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.017128] page_type: f5(slab) [ 33.017427] raw: 0bfffe0000000000 fff00000c593a3c0 dead000000000122 0000000000000000 [ 33.017542] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 33.017781] page dumped because: kasan: bad access detected [ 33.017869] [ 33.018002] Memory state around the buggy address: [ 33.018064] fff00000c9251180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.018414] fff00000c9251200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.018522] >fff00000c9251280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 33.018564] ^ [ 33.018619] fff00000c9251300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.018663] fff00000c9251380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.018712] ================================================================== [ 32.951387] ================================================================== [ 32.951472] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.951552] Read of size 1 at addr fff00000c3fa4c73 by task kunit_try_catch/253 [ 32.951601] [ 32.951646] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 32.951736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.951765] Hardware name: linux,dummy-virt (DT) [ 32.951798] Call trace: [ 32.951824] show_stack+0x20/0x38 (C) [ 32.951894] dump_stack_lvl+0x8c/0xd0 [ 32.951947] print_report+0x118/0x608 [ 32.951996] kasan_report+0xdc/0x128 [ 32.952043] __asan_report_load1_noabort+0x20/0x30 [ 32.952093] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.952143] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.952194] kunit_try_run_case+0x170/0x3f0 [ 32.952245] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.952308] kthread+0x328/0x630 [ 32.952365] ret_from_fork+0x10/0x20 [ 32.952414] [ 32.952433] Allocated by task 253: [ 32.952463] kasan_save_stack+0x3c/0x68 [ 32.952506] kasan_save_track+0x20/0x40 [ 32.952546] kasan_save_alloc_info+0x40/0x58 [ 32.952583] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.952629] remove_element+0x130/0x1f8 [ 32.952670] mempool_alloc_preallocated+0x58/0xc0 [ 32.952711] mempool_oob_right_helper+0x98/0x2f0 [ 32.952752] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.952794] kunit_try_run_case+0x170/0x3f0 [ 32.952843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.952891] kthread+0x328/0x630 [ 32.952923] ret_from_fork+0x10/0x20 [ 32.952961] [ 32.952982] The buggy address belongs to the object at fff00000c3fa4c00 [ 32.952982] which belongs to the cache kmalloc-128 of size 128 [ 32.953041] The buggy address is located 0 bytes to the right of [ 32.953041] allocated 115-byte region [fff00000c3fa4c00, fff00000c3fa4c73) [ 32.953111] [ 32.953133] The buggy address belongs to the physical page: [ 32.953175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fa4 [ 32.953233] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.953286] page_type: f5(slab) [ 32.953331] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 32.953384] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.953425] page dumped because: kasan: bad access detected [ 32.953460] [ 32.953478] Memory state around the buggy address: [ 32.953512] fff00000c3fa4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.953557] fff00000c3fa4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.953601] >fff00000c3fa4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.953642] ^ [ 32.953682] fff00000c3fa4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.953726] fff00000c3fa4d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.953765] ==================================================================
[ 24.615347] ================================================================== [ 24.615826] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.616135] Read of size 1 at addr ffff888106076001 by task kunit_try_catch/272 [ 24.616441] [ 24.616560] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.616609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.616622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.616644] Call Trace: [ 24.616658] <TASK> [ 24.616675] dump_stack_lvl+0x73/0xb0 [ 24.616706] print_report+0xd1/0x650 [ 24.616730] ? __virt_addr_valid+0x1db/0x2d0 [ 24.616753] ? mempool_oob_right_helper+0x318/0x380 [ 24.616777] ? kasan_addr_to_slab+0x11/0xa0 [ 24.617099] ? mempool_oob_right_helper+0x318/0x380 [ 24.617129] kasan_report+0x141/0x180 [ 24.617164] ? mempool_oob_right_helper+0x318/0x380 [ 24.617192] __asan_report_load1_noabort+0x18/0x20 [ 24.617230] mempool_oob_right_helper+0x318/0x380 [ 24.617255] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.617279] ? __kasan_check_write+0x18/0x20 [ 24.617317] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.617342] ? finish_task_switch.isra.0+0x153/0x700 [ 24.617368] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.617392] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.617419] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.617441] ? __pfx_mempool_kfree+0x10/0x10 [ 24.617477] ? __pfx_read_tsc+0x10/0x10 [ 24.617500] ? ktime_get_ts64+0x86/0x230 [ 24.617524] kunit_try_run_case+0x1a5/0x480 [ 24.617551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.617573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.617595] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.617620] ? __kthread_parkme+0x82/0x180 [ 24.617641] ? preempt_count_sub+0x50/0x80 [ 24.617663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.617691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.617716] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.617741] kthread+0x337/0x6f0 [ 24.617760] ? trace_preempt_on+0x20/0xc0 [ 24.617783] ? __pfx_kthread+0x10/0x10 [ 24.617804] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.617827] ? calculate_sigpending+0x7b/0xa0 [ 24.617859] ? __pfx_kthread+0x10/0x10 [ 24.617880] ret_from_fork+0x116/0x1d0 [ 24.617900] ? __pfx_kthread+0x10/0x10 [ 24.617921] ret_from_fork_asm+0x1a/0x30 [ 24.617951] </TASK> [ 24.617964] [ 24.627865] The buggy address belongs to the physical page: [ 24.628112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106074 [ 24.628677] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.628986] flags: 0x200000000000040(head|node=0|zone=2) [ 24.629192] page_type: f8(unknown) [ 24.629432] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.629747] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.630028] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.630426] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.630735] head: 0200000000000002 ffffea0004181d01 00000000ffffffff 00000000ffffffff [ 24.631076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.631380] page dumped because: kasan: bad access detected [ 24.631610] [ 24.631677] Memory state around the buggy address: [ 24.631868] ffff888106075f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.632179] ffff888106075f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.632631] >ffff888106076000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.632904] ^ [ 24.633050] ffff888106076080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.633466] ffff888106076100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.633730] ================================================================== [ 24.639443] ================================================================== [ 24.639944] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.640236] Read of size 1 at addr ffff888105ec12bb by task kunit_try_catch/274 [ 24.640530] [ 24.640635] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.640682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.640695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.640719] Call Trace: [ 24.640731] <TASK> [ 24.640746] dump_stack_lvl+0x73/0xb0 [ 24.640773] print_report+0xd1/0x650 [ 24.640797] ? __virt_addr_valid+0x1db/0x2d0 [ 24.640922] ? mempool_oob_right_helper+0x318/0x380 [ 24.640945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.640970] ? mempool_oob_right_helper+0x318/0x380 [ 24.640994] kasan_report+0x141/0x180 [ 24.641016] ? mempool_oob_right_helper+0x318/0x380 [ 24.641044] __asan_report_load1_noabort+0x18/0x20 [ 24.641067] mempool_oob_right_helper+0x318/0x380 [ 24.641092] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.641116] ? update_load_avg+0x1be/0x21b0 [ 24.641143] ? finish_task_switch.isra.0+0x153/0x700 [ 24.641180] mempool_slab_oob_right+0xed/0x140 [ 24.641203] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.641230] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.641254] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.641278] ? __pfx_read_tsc+0x10/0x10 [ 24.641299] ? ktime_get_ts64+0x86/0x230 [ 24.641322] kunit_try_run_case+0x1a5/0x480 [ 24.641348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.641371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.641392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.641417] ? __kthread_parkme+0x82/0x180 [ 24.641438] ? preempt_count_sub+0x50/0x80 [ 24.641470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.641495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.641518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.641542] kthread+0x337/0x6f0 [ 24.641562] ? trace_preempt_on+0x20/0xc0 [ 24.641584] ? __pfx_kthread+0x10/0x10 [ 24.641605] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.641629] ? calculate_sigpending+0x7b/0xa0 [ 24.641653] ? __pfx_kthread+0x10/0x10 [ 24.641674] ret_from_fork+0x116/0x1d0 [ 24.641692] ? __pfx_kthread+0x10/0x10 [ 24.641713] ret_from_fork_asm+0x1a/0x30 [ 24.641744] </TASK> [ 24.641755] [ 24.652545] Allocated by task 274: [ 24.652751] kasan_save_stack+0x45/0x70 [ 24.652924] kasan_save_track+0x18/0x40 [ 24.653094] kasan_save_alloc_info+0x3b/0x50 [ 24.653590] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.653947] remove_element+0x11e/0x190 [ 24.654410] mempool_alloc_preallocated+0x4d/0x90 [ 24.654648] mempool_oob_right_helper+0x8a/0x380 [ 24.654835] mempool_slab_oob_right+0xed/0x140 [ 24.655033] kunit_try_run_case+0x1a5/0x480 [ 24.655563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.655861] kthread+0x337/0x6f0 [ 24.656126] ret_from_fork+0x116/0x1d0 [ 24.656507] ret_from_fork_asm+0x1a/0x30 [ 24.656813] [ 24.657022] The buggy address belongs to the object at ffff888105ec1240 [ 24.657022] which belongs to the cache test_cache of size 123 [ 24.657855] The buggy address is located 0 bytes to the right of [ 24.657855] allocated 123-byte region [ffff888105ec1240, ffff888105ec12bb) [ 24.658804] [ 24.658903] The buggy address belongs to the physical page: [ 24.659135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec1 [ 24.659728] flags: 0x200000000000000(node=0|zone=2) [ 24.659948] page_type: f5(slab) [ 24.660100] raw: 0200000000000000 ffff8881055053c0 dead000000000122 0000000000000000 [ 24.660861] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.661537] page dumped because: kasan: bad access detected [ 24.661845] [ 24.662063] Memory state around the buggy address: [ 24.662808] ffff888105ec1180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.663094] ffff888105ec1200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.663926] >ffff888105ec1280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.664428] ^ [ 24.664865] ffff888105ec1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.665409] ffff888105ec1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.665710] ================================================================== [ 24.591489] ================================================================== [ 24.591957] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.592277] Read of size 1 at addr ffff888105540473 by task kunit_try_catch/270 [ 24.592602] [ 24.592722] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.592778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.592790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.592814] Call Trace: [ 24.592829] <TASK> [ 24.592849] dump_stack_lvl+0x73/0xb0 [ 24.592882] print_report+0xd1/0x650 [ 24.592905] ? __virt_addr_valid+0x1db/0x2d0 [ 24.592931] ? mempool_oob_right_helper+0x318/0x380 [ 24.592952] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.592978] ? mempool_oob_right_helper+0x318/0x380 [ 24.593001] kasan_report+0x141/0x180 [ 24.593024] ? mempool_oob_right_helper+0x318/0x380 [ 24.593050] __asan_report_load1_noabort+0x18/0x20 [ 24.593074] mempool_oob_right_helper+0x318/0x380 [ 24.593098] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.593124] ? finish_task_switch.isra.0+0x153/0x700 [ 24.593151] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.593174] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.593199] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.593225] ? __pfx_mempool_kfree+0x10/0x10 [ 24.593249] ? __pfx_read_tsc+0x10/0x10 [ 24.593272] ? ktime_get_ts64+0x86/0x230 [ 24.593297] kunit_try_run_case+0x1a5/0x480 [ 24.593324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.593348] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.593369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.593395] ? __kthread_parkme+0x82/0x180 [ 24.593416] ? preempt_count_sub+0x50/0x80 [ 24.593439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.593475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.593499] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.593523] kthread+0x337/0x6f0 [ 24.593542] ? trace_preempt_on+0x20/0xc0 [ 24.593566] ? __pfx_kthread+0x10/0x10 [ 24.593586] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.593610] ? calculate_sigpending+0x7b/0xa0 [ 24.593635] ? __pfx_kthread+0x10/0x10 [ 24.593656] ret_from_fork+0x116/0x1d0 [ 24.593676] ? __pfx_kthread+0x10/0x10 [ 24.593697] ret_from_fork_asm+0x1a/0x30 [ 24.593728] </TASK> [ 24.593741] [ 24.602192] Allocated by task 270: [ 24.602719] kasan_save_stack+0x45/0x70 [ 24.602915] kasan_save_track+0x18/0x40 [ 24.603049] kasan_save_alloc_info+0x3b/0x50 [ 24.603543] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.603865] remove_element+0x11e/0x190 [ 24.604063] mempool_alloc_preallocated+0x4d/0x90 [ 24.604575] mempool_oob_right_helper+0x8a/0x380 [ 24.604844] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.605022] kunit_try_run_case+0x1a5/0x480 [ 24.605228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.605481] kthread+0x337/0x6f0 [ 24.605636] ret_from_fork+0x116/0x1d0 [ 24.605763] ret_from_fork_asm+0x1a/0x30 [ 24.605962] [ 24.606039] The buggy address belongs to the object at ffff888105540400 [ 24.606039] which belongs to the cache kmalloc-128 of size 128 [ 24.606583] The buggy address is located 0 bytes to the right of [ 24.606583] allocated 115-byte region [ffff888105540400, ffff888105540473) [ 24.607037] [ 24.607128] The buggy address belongs to the physical page: [ 24.607344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 24.607688] flags: 0x200000000000000(node=0|zone=2) [ 24.607960] page_type: f5(slab) [ 24.608119] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.608415] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.608722] page dumped because: kasan: bad access detected [ 24.608924] [ 24.609008] Memory state around the buggy address: [ 24.609190] ffff888105540300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.609467] ffff888105540380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.609705] >ffff888105540400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.610006] ^ [ 24.610327] ffff888105540480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.610549] ffff888105540500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.610860] ==================================================================