Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.879456] ================================================================== [ 32.879537] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.880092] Read of size 1 at addr fff00000c9aca2bb by task kunit_try_catch/258 [ 32.880151] [ 32.880365] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.880725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.880967] Hardware name: linux,dummy-virt (DT) [ 32.881002] Call trace: [ 32.881237] show_stack+0x20/0x38 (C) [ 32.881458] dump_stack_lvl+0x8c/0xd0 [ 32.881510] print_report+0x118/0x608 [ 32.881828] kasan_report+0xdc/0x128 [ 32.882365] __asan_report_load1_noabort+0x20/0x30 [ 32.882428] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.882484] mempool_slab_oob_right+0xc0/0x118 [ 32.882540] kunit_try_run_case+0x170/0x3f0 [ 32.882589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.882645] kthread+0x328/0x630 [ 32.882688] ret_from_fork+0x10/0x20 [ 32.883401] [ 32.883425] Allocated by task 258: [ 32.883479] kasan_save_stack+0x3c/0x68 [ 32.883599] kasan_save_track+0x20/0x40 [ 32.883696] kasan_save_alloc_info+0x40/0x58 [ 32.883739] __kasan_mempool_unpoison_object+0xbc/0x180 [ 32.883782] remove_element+0x16c/0x1f8 [ 32.883981] mempool_alloc_preallocated+0x58/0xc0 [ 32.884391] mempool_oob_right_helper+0x98/0x2f0 [ 32.884502] mempool_slab_oob_right+0xc0/0x118 [ 32.884588] kunit_try_run_case+0x170/0x3f0 [ 32.884959] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.885101] kthread+0x328/0x630 [ 32.885263] ret_from_fork+0x10/0x20 [ 32.885300] [ 32.885323] The buggy address belongs to the object at fff00000c9aca240 [ 32.885323] which belongs to the cache test_cache of size 123 [ 32.885380] The buggy address is located 0 bytes to the right of [ 32.885380] allocated 123-byte region [fff00000c9aca240, fff00000c9aca2bb) [ 32.885446] [ 32.885467] The buggy address belongs to the physical page: [ 32.886176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aca [ 32.886254] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.886764] page_type: f5(slab) [ 32.887005] raw: 0bfffe0000000000 fff00000c3fa28c0 dead000000000122 0000000000000000 [ 32.887061] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 32.887102] page dumped because: kasan: bad access detected [ 32.887134] [ 32.887316] Memory state around the buggy address: [ 32.887398] fff00000c9aca180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.887619] fff00000c9aca200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 32.888037] >fff00000c9aca280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 32.888082] ^ [ 32.888315] fff00000c9aca300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.888399] fff00000c9aca380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.888440] ================================================================== [ 32.859669] ================================================================== [ 32.859727] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.859781] Read of size 1 at addr fff00000c9aea001 by task kunit_try_catch/256 [ 32.859831] [ 32.859861] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.860238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.860289] Hardware name: linux,dummy-virt (DT) [ 32.860504] Call trace: [ 32.860530] show_stack+0x20/0x38 (C) [ 32.860606] dump_stack_lvl+0x8c/0xd0 [ 32.860653] print_report+0x118/0x608 [ 32.860701] kasan_report+0xdc/0x128 [ 32.860745] __asan_report_load1_noabort+0x20/0x30 [ 32.860795] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.860843] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 32.860894] kunit_try_run_case+0x170/0x3f0 [ 32.860955] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.861007] kthread+0x328/0x630 [ 32.861246] ret_from_fork+0x10/0x20 [ 32.861416] [ 32.861479] The buggy address belongs to the physical page: [ 32.861527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8 [ 32.861581] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.861640] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.861694] page_type: f8(unknown) [ 32.861753] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.862130] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.862195] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.862243] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.862320] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff [ 32.862369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.862409] page dumped because: kasan: bad access detected [ 32.862479] [ 32.862562] Memory state around the buggy address: [ 32.862635] fff00000c9ae9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.862737] fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.862782] >fff00000c9aea000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.862841] ^ [ 32.862945] fff00000c9aea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.862988] fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.863052] ================================================================== [ 32.850156] ================================================================== [ 32.850228] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.850302] Read of size 1 at addr fff00000c91f0573 by task kunit_try_catch/254 [ 32.850354] [ 32.850398] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.850492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.850522] Hardware name: linux,dummy-virt (DT) [ 32.850556] Call trace: [ 32.850581] show_stack+0x20/0x38 (C) [ 32.850635] dump_stack_lvl+0x8c/0xd0 [ 32.850687] print_report+0x118/0x608 [ 32.850736] kasan_report+0xdc/0x128 [ 32.850782] __asan_report_load1_noabort+0x20/0x30 [ 32.850832] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.850882] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.850947] kunit_try_run_case+0x170/0x3f0 [ 32.850997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.851051] kthread+0x328/0x630 [ 32.851095] ret_from_fork+0x10/0x20 [ 32.851145] [ 32.851164] Allocated by task 254: [ 32.851195] kasan_save_stack+0x3c/0x68 [ 32.851236] kasan_save_track+0x20/0x40 [ 32.851276] kasan_save_alloc_info+0x40/0x58 [ 32.851312] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.851356] remove_element+0x130/0x1f8 [ 32.851394] mempool_alloc_preallocated+0x58/0xc0 [ 32.851435] mempool_oob_right_helper+0x98/0x2f0 [ 32.851474] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.851515] kunit_try_run_case+0x170/0x3f0 [ 32.851590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.851637] kthread+0x328/0x630 [ 32.851669] ret_from_fork+0x10/0x20 [ 32.851708] [ 32.851728] The buggy address belongs to the object at fff00000c91f0500 [ 32.851728] which belongs to the cache kmalloc-128 of size 128 [ 32.851787] The buggy address is located 0 bytes to the right of [ 32.851787] allocated 115-byte region [fff00000c91f0500, fff00000c91f0573) [ 32.851852] [ 32.851877] The buggy address belongs to the physical page: [ 32.851911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 32.851979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.852032] page_type: f5(slab) [ 32.852074] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.852125] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.852167] page dumped because: kasan: bad access detected [ 32.852217] [ 32.852251] Memory state around the buggy address: [ 32.852285] fff00000c91f0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.852329] fff00000c91f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.852374] >fff00000c91f0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.852414] ^ [ 32.852455] fff00000c91f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.852498] fff00000c91f0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.852538] ==================================================================
[ 34.738571] ================================================================== [ 34.738661] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 34.738737] Read of size 1 at addr fff00000c90ba2bb by task kunit_try_catch/256 [ 34.738796] [ 34.738832] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.738922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.738950] Hardware name: linux,dummy-virt (DT) [ 34.738984] Call trace: [ 34.739008] show_stack+0x20/0x38 (C) [ 34.739069] dump_stack_lvl+0x8c/0xd0 [ 34.739123] print_report+0x118/0x608 [ 34.739500] kasan_report+0xdc/0x128 [ 34.739953] __asan_report_load1_noabort+0x20/0x30 [ 34.740034] mempool_oob_right_helper+0x2ac/0x2f0 [ 34.740113] mempool_slab_oob_right+0xc0/0x118 [ 34.740211] kunit_try_run_case+0x170/0x3f0 [ 34.740286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.740340] kthread+0x328/0x630 [ 34.740382] ret_from_fork+0x10/0x20 [ 34.740450] [ 34.740634] Allocated by task 256: [ 34.740705] kasan_save_stack+0x3c/0x68 [ 34.740790] kasan_save_track+0x20/0x40 [ 34.740948] kasan_save_alloc_info+0x40/0x58 [ 34.741043] __kasan_mempool_unpoison_object+0xbc/0x180 [ 34.741109] remove_element+0x16c/0x1f8 [ 34.741225] mempool_alloc_preallocated+0x58/0xc0 [ 34.741292] mempool_oob_right_helper+0x98/0x2f0 [ 34.741370] mempool_slab_oob_right+0xc0/0x118 [ 34.741409] kunit_try_run_case+0x170/0x3f0 [ 34.741582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.741763] kthread+0x328/0x630 [ 34.741866] ret_from_fork+0x10/0x20 [ 34.741935] [ 34.741984] The buggy address belongs to the object at fff00000c90ba240 [ 34.741984] which belongs to the cache test_cache of size 123 [ 34.742084] The buggy address is located 0 bytes to the right of [ 34.742084] allocated 123-byte region [fff00000c90ba240, fff00000c90ba2bb) [ 34.742182] [ 34.742268] The buggy address belongs to the physical page: [ 34.742329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1090ba [ 34.742402] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.742702] page_type: f5(slab) [ 34.742752] raw: 0bfffe0000000000 fff00000c5711c80 dead000000000122 0000000000000000 [ 34.742833] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 34.742945] page dumped because: kasan: bad access detected [ 34.743024] [ 34.743073] Memory state around the buggy address: [ 34.743127] fff00000c90ba180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.743197] fff00000c90ba200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 34.743276] >fff00000c90ba280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 34.743369] ^ [ 34.743403] fff00000c90ba300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.743490] fff00000c90ba380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.743655] ================================================================== [ 34.714291] ================================================================== [ 34.714362] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 34.714425] Read of size 1 at addr fff00000c9aee001 by task kunit_try_catch/254 [ 34.714818] [ 34.714861] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.715082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.715272] Hardware name: linux,dummy-virt (DT) [ 34.715384] Call trace: [ 34.715411] show_stack+0x20/0x38 (C) [ 34.715819] dump_stack_lvl+0x8c/0xd0 [ 34.715917] print_report+0x118/0x608 [ 34.715964] kasan_report+0xdc/0x128 [ 34.716013] __asan_report_load1_noabort+0x20/0x30 [ 34.716062] mempool_oob_right_helper+0x2ac/0x2f0 [ 34.716112] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 34.716174] kunit_try_run_case+0x170/0x3f0 [ 34.716223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.716277] kthread+0x328/0x630 [ 34.717933] ret_from_fork+0x10/0x20 [ 34.718422] [ 34.718492] The buggy address belongs to the physical page: [ 34.719040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aec [ 34.719685] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.719765] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.720088] page_type: f8(unknown) [ 34.720232] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.720286] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.720699] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.721064] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.721242] head: 0bfffe0000000002 ffffc1ffc326bb01 00000000ffffffff 00000000ffffffff [ 34.721294] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.721334] page dumped because: kasan: bad access detected [ 34.721369] [ 34.721388] Memory state around the buggy address: [ 34.722420] fff00000c9aedf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.722775] fff00000c9aedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.723231] >fff00000c9aee000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.723372] ^ [ 34.723457] fff00000c9aee080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.723612] fff00000c9aee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.723654] ================================================================== [ 34.699197] ================================================================== [ 34.699277] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 34.699353] Read of size 1 at addr fff00000c8dbd073 by task kunit_try_catch/252 [ 34.699405] [ 34.699469] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.699571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.699598] Hardware name: linux,dummy-virt (DT) [ 34.699633] Call trace: [ 34.699660] show_stack+0x20/0x38 (C) [ 34.699716] dump_stack_lvl+0x8c/0xd0 [ 34.699770] print_report+0x118/0x608 [ 34.699818] kasan_report+0xdc/0x128 [ 34.699865] __asan_report_load1_noabort+0x20/0x30 [ 34.699915] mempool_oob_right_helper+0x2ac/0x2f0 [ 34.699966] mempool_kmalloc_oob_right+0xc4/0x120 [ 34.700016] kunit_try_run_case+0x170/0x3f0 [ 34.700069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.700123] kthread+0x328/0x630 [ 34.700181] ret_from_fork+0x10/0x20 [ 34.700232] [ 34.700251] Allocated by task 252: [ 34.700281] kasan_save_stack+0x3c/0x68 [ 34.700324] kasan_save_track+0x20/0x40 [ 34.700362] kasan_save_alloc_info+0x40/0x58 [ 34.700400] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.700445] remove_element+0x130/0x1f8 [ 34.700484] mempool_alloc_preallocated+0x58/0xc0 [ 34.700524] mempool_oob_right_helper+0x98/0x2f0 [ 34.700564] mempool_kmalloc_oob_right+0xc4/0x120 [ 34.700603] kunit_try_run_case+0x170/0x3f0 [ 34.700642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.700687] kthread+0x328/0x630 [ 34.700719] ret_from_fork+0x10/0x20 [ 34.700756] [ 34.700778] The buggy address belongs to the object at fff00000c8dbd000 [ 34.700778] which belongs to the cache kmalloc-128 of size 128 [ 34.700837] The buggy address is located 0 bytes to the right of [ 34.700837] allocated 115-byte region [fff00000c8dbd000, fff00000c8dbd073) [ 34.700902] [ 34.700924] The buggy address belongs to the physical page: [ 34.700960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd [ 34.701017] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.701070] page_type: f5(slab) [ 34.701114] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.701176] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.701219] page dumped because: kasan: bad access detected [ 34.701252] [ 34.701271] Memory state around the buggy address: [ 34.701307] fff00000c8dbcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.701351] fff00000c8dbcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.701396] >fff00000c8dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 34.701436] ^ [ 34.701477] fff00000c8dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.701528] fff00000c8dbd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 34.701569] ==================================================================
[ 24.780092] ================================================================== [ 24.780727] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.781127] Read of size 1 at addr ffff8881060c6001 by task kunit_try_catch/272 [ 24.781460] [ 24.781556] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.781614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.781626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.781651] Call Trace: [ 24.781666] <TASK> [ 24.781686] dump_stack_lvl+0x73/0xb0 [ 24.781719] print_report+0xd1/0x650 [ 24.781743] ? __virt_addr_valid+0x1db/0x2d0 [ 24.781768] ? mempool_oob_right_helper+0x318/0x380 [ 24.781792] ? kasan_addr_to_slab+0x11/0xa0 [ 24.781812] ? mempool_oob_right_helper+0x318/0x380 [ 24.781847] kasan_report+0x141/0x180 [ 24.781870] ? mempool_oob_right_helper+0x318/0x380 [ 24.781898] __asan_report_load1_noabort+0x18/0x20 [ 24.781923] mempool_oob_right_helper+0x318/0x380 [ 24.781957] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.781980] ? update_load_avg+0x1be/0x21b0 [ 24.782009] ? finish_task_switch.isra.0+0x153/0x700 [ 24.782035] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.782072] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.782099] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.782124] ? __pfx_mempool_kfree+0x10/0x10 [ 24.782149] ? __pfx_read_tsc+0x10/0x10 [ 24.782171] ? ktime_get_ts64+0x86/0x230 [ 24.782396] kunit_try_run_case+0x1a5/0x480 [ 24.782428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.782453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.782476] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.782499] ? __kthread_parkme+0x82/0x180 [ 24.782520] ? preempt_count_sub+0x50/0x80 [ 24.782544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.782570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.782594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.782619] kthread+0x337/0x6f0 [ 24.782639] ? trace_preempt_on+0x20/0xc0 [ 24.782663] ? __pfx_kthread+0x10/0x10 [ 24.782684] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.782709] ? calculate_sigpending+0x7b/0xa0 [ 24.782732] ? __pfx_kthread+0x10/0x10 [ 24.782755] ret_from_fork+0x116/0x1d0 [ 24.782775] ? __pfx_kthread+0x10/0x10 [ 24.782795] ret_from_fork_asm+0x1a/0x30 [ 24.782827] </TASK> [ 24.782841] [ 24.791390] The buggy address belongs to the physical page: [ 24.791831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 24.792163] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.792476] flags: 0x200000000000040(head|node=0|zone=2) [ 24.792656] page_type: f8(unknown) [ 24.792834] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.793421] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.793719] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.794084] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.794395] head: 0200000000000002 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 24.794691] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.794978] page dumped because: kasan: bad access detected [ 24.795304] [ 24.795866] Memory state around the buggy address: [ 24.796095] ffff8881060c5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.796496] ffff8881060c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.796778] >ffff8881060c6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.797004] ^ [ 24.797263] ffff8881060c6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.797565] ffff8881060c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.797764] ================================================================== [ 24.749484] ================================================================== [ 24.749936] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.750557] Read of size 1 at addr ffff888103b7e073 by task kunit_try_catch/270 [ 24.750853] [ 24.750951] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.751008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.751026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.751088] Call Trace: [ 24.751104] <TASK> [ 24.751125] dump_stack_lvl+0x73/0xb0 [ 24.751161] print_report+0xd1/0x650 [ 24.751186] ? __virt_addr_valid+0x1db/0x2d0 [ 24.751213] ? mempool_oob_right_helper+0x318/0x380 [ 24.751236] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.751262] ? mempool_oob_right_helper+0x318/0x380 [ 24.751286] kasan_report+0x141/0x180 [ 24.751307] ? mempool_oob_right_helper+0x318/0x380 [ 24.751334] __asan_report_load1_noabort+0x18/0x20 [ 24.751359] mempool_oob_right_helper+0x318/0x380 [ 24.751685] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.751712] ? __kasan_check_write+0x18/0x20 [ 24.751737] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.751762] ? finish_task_switch.isra.0+0x153/0x700 [ 24.751792] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.751817] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.751842] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.751868] ? __pfx_mempool_kfree+0x10/0x10 [ 24.751893] ? __pfx_read_tsc+0x10/0x10 [ 24.751916] ? ktime_get_ts64+0x86/0x230 [ 24.752073] kunit_try_run_case+0x1a5/0x480 [ 24.752104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.752127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.752150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.752172] ? __kthread_parkme+0x82/0x180 [ 24.752204] ? preempt_count_sub+0x50/0x80 [ 24.752227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.752252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.752277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.752301] kthread+0x337/0x6f0 [ 24.752321] ? trace_preempt_on+0x20/0xc0 [ 24.752346] ? __pfx_kthread+0x10/0x10 [ 24.752367] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.752391] ? calculate_sigpending+0x7b/0xa0 [ 24.752417] ? __pfx_kthread+0x10/0x10 [ 24.752438] ret_from_fork+0x116/0x1d0 [ 24.752458] ? __pfx_kthread+0x10/0x10 [ 24.752479] ret_from_fork_asm+0x1a/0x30 [ 24.752511] </TASK> [ 24.752525] [ 24.764650] Allocated by task 270: [ 24.765162] kasan_save_stack+0x45/0x70 [ 24.765454] kasan_save_track+0x18/0x40 [ 24.765651] kasan_save_alloc_info+0x3b/0x50 [ 24.765890] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.766407] remove_element+0x11e/0x190 [ 24.766600] mempool_alloc_preallocated+0x4d/0x90 [ 24.766792] mempool_oob_right_helper+0x8a/0x380 [ 24.767165] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.767516] kunit_try_run_case+0x1a5/0x480 [ 24.767786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.768115] kthread+0x337/0x6f0 [ 24.768267] ret_from_fork+0x116/0x1d0 [ 24.768698] ret_from_fork_asm+0x1a/0x30 [ 24.768901] [ 24.769119] The buggy address belongs to the object at ffff888103b7e000 [ 24.769119] which belongs to the cache kmalloc-128 of size 128 [ 24.769777] The buggy address is located 0 bytes to the right of [ 24.769777] allocated 115-byte region [ffff888103b7e000, ffff888103b7e073) [ 24.770784] [ 24.770878] The buggy address belongs to the physical page: [ 24.771251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b7e [ 24.771695] flags: 0x200000000000000(node=0|zone=2) [ 24.771958] page_type: f5(slab) [ 24.772298] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.772833] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.773243] page dumped because: kasan: bad access detected [ 24.773616] [ 24.773836] Memory state around the buggy address: [ 24.773989] ffff888103b7df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.774426] ffff888103b7df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.775084] >ffff888103b7e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.775368] ^ [ 24.775878] ffff888103b7e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.776300] ffff888103b7e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.776742] ================================================================== [ 24.802549] ================================================================== [ 24.803956] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.804261] Read of size 1 at addr ffff888105a1e2bb by task kunit_try_catch/274 [ 24.805440] [ 24.805663] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.805737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.805778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.805813] Call Trace: [ 24.805836] <TASK> [ 24.805858] dump_stack_lvl+0x73/0xb0 [ 24.805907] print_report+0xd1/0x650 [ 24.805931] ? __virt_addr_valid+0x1db/0x2d0 [ 24.805970] ? mempool_oob_right_helper+0x318/0x380 [ 24.805993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.806019] ? mempool_oob_right_helper+0x318/0x380 [ 24.806043] kasan_report+0x141/0x180 [ 24.806075] ? mempool_oob_right_helper+0x318/0x380 [ 24.806101] __asan_report_load1_noabort+0x18/0x20 [ 24.806126] mempool_oob_right_helper+0x318/0x380 [ 24.806150] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.806175] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.806217] ? irqentry_exit+0x2a/0x60 [ 24.806239] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.806265] mempool_slab_oob_right+0xed/0x140 [ 24.806289] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.806314] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.806340] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.806364] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.806390] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.806415] kunit_try_run_case+0x1a5/0x480 [ 24.806443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.806467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.806489] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.806511] ? __kthread_parkme+0x82/0x180 [ 24.806532] ? preempt_count_sub+0x50/0x80 [ 24.806556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.806582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.806606] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.806631] kthread+0x337/0x6f0 [ 24.806651] ? trace_preempt_on+0x20/0xc0 [ 24.806675] ? __pfx_kthread+0x10/0x10 [ 24.806696] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.806721] ? calculate_sigpending+0x7b/0xa0 [ 24.806746] ? __pfx_kthread+0x10/0x10 [ 24.806767] ret_from_fork+0x116/0x1d0 [ 24.806788] ? __pfx_kthread+0x10/0x10 [ 24.806809] ret_from_fork_asm+0x1a/0x30 [ 24.806841] </TASK> [ 24.806855] [ 24.820964] Allocated by task 274: [ 24.821433] kasan_save_stack+0x45/0x70 [ 24.821746] kasan_save_track+0x18/0x40 [ 24.821884] kasan_save_alloc_info+0x3b/0x50 [ 24.822164] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.822732] remove_element+0x11e/0x190 [ 24.823175] mempool_alloc_preallocated+0x4d/0x90 [ 24.823544] mempool_oob_right_helper+0x8a/0x380 [ 24.823695] mempool_slab_oob_right+0xed/0x140 [ 24.823837] kunit_try_run_case+0x1a5/0x480 [ 24.824005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.824469] kthread+0x337/0x6f0 [ 24.824994] ret_from_fork+0x116/0x1d0 [ 24.825441] ret_from_fork_asm+0x1a/0x30 [ 24.825812] [ 24.825973] The buggy address belongs to the object at ffff888105a1e240 [ 24.825973] which belongs to the cache test_cache of size 123 [ 24.827104] The buggy address is located 0 bytes to the right of [ 24.827104] allocated 123-byte region [ffff888105a1e240, ffff888105a1e2bb) [ 24.827722] [ 24.827795] The buggy address belongs to the physical page: [ 24.828011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 24.828772] flags: 0x200000000000000(node=0|zone=2) [ 24.829322] page_type: f5(slab) [ 24.829874] raw: 0200000000000000 ffff888101095a00 dead000000000122 0000000000000000 [ 24.830661] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.831115] page dumped because: kasan: bad access detected [ 24.831538] [ 24.831694] Memory state around the buggy address: [ 24.832076] ffff888105a1e180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.832557] ffff888105a1e200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.833268] >ffff888105a1e280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.833552] ^ [ 24.833711] ffff888105a1e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833926] ffff888105a1e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.834792] ==================================================================
[ 24.483883] ================================================================== [ 24.484358] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.484700] Read of size 1 at addr ffff888104950973 by task kunit_try_catch/269 [ 24.485008] [ 24.485138] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.485195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.485209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.485233] Call Trace: [ 24.485248] <TASK> [ 24.485270] dump_stack_lvl+0x73/0xb0 [ 24.485316] print_report+0xd1/0x650 [ 24.485341] ? __virt_addr_valid+0x1db/0x2d0 [ 24.485367] ? mempool_oob_right_helper+0x318/0x380 [ 24.485391] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.485417] ? mempool_oob_right_helper+0x318/0x380 [ 24.485441] kasan_report+0x141/0x180 [ 24.485463] ? mempool_oob_right_helper+0x318/0x380 [ 24.485491] __asan_report_load1_noabort+0x18/0x20 [ 24.485515] mempool_oob_right_helper+0x318/0x380 [ 24.485539] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.485563] ? ret_from_fork+0x116/0x1d0 [ 24.485584] ? kthread+0x337/0x6f0 [ 24.485607] ? ret_from_fork_asm+0x1a/0x30 [ 24.485631] ? mempool_alloc_preallocated+0x5b/0x90 [ 24.485702] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.485727] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.485759] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.485783] ? __pfx_mempool_kfree+0x10/0x10 [ 24.485808] ? __pfx_read_tsc+0x10/0x10 [ 24.485830] ? ktime_get_ts64+0x86/0x230 [ 24.485857] kunit_try_run_case+0x1a5/0x480 [ 24.485887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.485912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.485936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.485958] ? __kthread_parkme+0x82/0x180 [ 24.485979] ? preempt_count_sub+0x50/0x80 [ 24.486004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.486029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.486053] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.486078] kthread+0x337/0x6f0 [ 24.486098] ? trace_preempt_on+0x20/0xc0 [ 24.486123] ? __pfx_kthread+0x10/0x10 [ 24.486143] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.486168] ? calculate_sigpending+0x7b/0xa0 [ 24.486193] ? __pfx_kthread+0x10/0x10 [ 24.486215] ret_from_fork+0x116/0x1d0 [ 24.486234] ? __pfx_kthread+0x10/0x10 [ 24.486255] ret_from_fork_asm+0x1a/0x30 [ 24.486287] </TASK> [ 24.486300] [ 24.497060] Allocated by task 269: [ 24.497407] kasan_save_stack+0x45/0x70 [ 24.497736] kasan_save_track+0x18/0x40 [ 24.498136] kasan_save_alloc_info+0x3b/0x50 [ 24.498350] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.498818] remove_element+0x11e/0x190 [ 24.499135] mempool_alloc_preallocated+0x4d/0x90 [ 24.499561] mempool_oob_right_helper+0x8a/0x380 [ 24.499951] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.500182] kunit_try_run_case+0x1a5/0x480 [ 24.500380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.500817] kthread+0x337/0x6f0 [ 24.501130] ret_from_fork+0x116/0x1d0 [ 24.501480] ret_from_fork_asm+0x1a/0x30 [ 24.501797] [ 24.501942] The buggy address belongs to the object at ffff888104950900 [ 24.501942] which belongs to the cache kmalloc-128 of size 128 [ 24.502432] The buggy address is located 0 bytes to the right of [ 24.502432] allocated 115-byte region [ffff888104950900, ffff888104950973) [ 24.503690] [ 24.503780] The buggy address belongs to the physical page: [ 24.503978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 24.504375] flags: 0x200000000000000(node=0|zone=2) [ 24.504544] page_type: f5(slab) [ 24.504817] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.505084] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.505419] page dumped because: kasan: bad access detected [ 24.505651] [ 24.505719] Memory state around the buggy address: [ 24.505971] ffff888104950800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.506266] ffff888104950880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.506680] >ffff888104950900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.506897] ^ [ 24.507183] ffff888104950980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.507413] ffff888104950a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.507922] ================================================================== [ 24.511987] ================================================================== [ 24.512466] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.512996] Read of size 1 at addr ffff888106156001 by task kunit_try_catch/271 [ 24.513225] [ 24.513350] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.513408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.513423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.513448] Call Trace: [ 24.513462] <TASK> [ 24.513483] dump_stack_lvl+0x73/0xb0 [ 24.513797] print_report+0xd1/0x650 [ 24.513824] ? __virt_addr_valid+0x1db/0x2d0 [ 24.513848] ? mempool_oob_right_helper+0x318/0x380 [ 24.513873] ? kasan_addr_to_slab+0x11/0xa0 [ 24.513894] ? mempool_oob_right_helper+0x318/0x380 [ 24.513918] kasan_report+0x141/0x180 [ 24.513941] ? mempool_oob_right_helper+0x318/0x380 [ 24.513970] __asan_report_load1_noabort+0x18/0x20 [ 24.513994] mempool_oob_right_helper+0x318/0x380 [ 24.514019] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.514043] ? __kasan_check_write+0x18/0x20 [ 24.514067] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.514090] ? irqentry_exit+0x2a/0x60 [ 24.514112] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.514137] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.514161] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.514188] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.514213] ? __pfx_mempool_kfree+0x10/0x10 [ 24.514236] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.514263] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.514289] kunit_try_run_case+0x1a5/0x480 [ 24.514329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.514353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.514375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.514398] ? __kthread_parkme+0x82/0x180 [ 24.514419] ? preempt_count_sub+0x50/0x80 [ 24.514443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.514469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.514507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.514531] kthread+0x337/0x6f0 [ 24.514552] ? trace_preempt_on+0x20/0xc0 [ 24.514577] ? __pfx_kthread+0x10/0x10 [ 24.514598] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.514622] ? calculate_sigpending+0x7b/0xa0 [ 24.514647] ? __pfx_kthread+0x10/0x10 [ 24.514668] ret_from_fork+0x116/0x1d0 [ 24.514700] ? __pfx_kthread+0x10/0x10 [ 24.514720] ret_from_fork_asm+0x1a/0x30 [ 24.514752] </TASK> [ 24.514766] [ 24.526606] The buggy address belongs to the physical page: [ 24.527136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106154 [ 24.527497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.527805] flags: 0x200000000000040(head|node=0|zone=2) [ 24.528042] page_type: f8(unknown) [ 24.528197] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.528519] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.528838] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.529147] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.529959] head: 0200000000000002 ffffea0004185501 00000000ffffffff 00000000ffffffff [ 24.530607] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.531098] page dumped because: kasan: bad access detected [ 24.531443] [ 24.531577] Memory state around the buggy address: [ 24.531943] ffff888106155f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.532230] ffff888106155f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.532647] >ffff888106156000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.533021] ^ [ 24.533164] ffff888106156080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.533591] ffff888106156100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.534061] ================================================================== [ 24.538651] ================================================================== [ 24.539154] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.539719] Read of size 1 at addr ffff8881049092bb by task kunit_try_catch/273 [ 24.540067] [ 24.540337] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.540455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.540470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.540495] Call Trace: [ 24.540510] <TASK> [ 24.540531] dump_stack_lvl+0x73/0xb0 [ 24.540566] print_report+0xd1/0x650 [ 24.540589] ? __virt_addr_valid+0x1db/0x2d0 [ 24.540614] ? mempool_oob_right_helper+0x318/0x380 [ 24.540637] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.540664] ? mempool_oob_right_helper+0x318/0x380 [ 24.540689] kasan_report+0x141/0x180 [ 24.540773] ? mempool_oob_right_helper+0x318/0x380 [ 24.540802] __asan_report_load1_noabort+0x18/0x20 [ 24.540827] mempool_oob_right_helper+0x318/0x380 [ 24.540851] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.540877] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.540900] ? finish_task_switch.isra.0+0x153/0x700 [ 24.540927] mempool_slab_oob_right+0xed/0x140 [ 24.540952] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.540980] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.541005] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.541031] ? __pfx_read_tsc+0x10/0x10 [ 24.541053] ? ktime_get_ts64+0x86/0x230 [ 24.541079] kunit_try_run_case+0x1a5/0x480 [ 24.541106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.541152] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.541175] ? __kthread_parkme+0x82/0x180 [ 24.541196] ? preempt_count_sub+0x50/0x80 [ 24.541218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.541267] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.541292] kthread+0x337/0x6f0 [ 24.541322] ? trace_preempt_on+0x20/0xc0 [ 24.541348] ? __pfx_kthread+0x10/0x10 [ 24.541369] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.541393] ? calculate_sigpending+0x7b/0xa0 [ 24.541417] ? __pfx_kthread+0x10/0x10 [ 24.541439] ret_from_fork+0x116/0x1d0 [ 24.541459] ? __pfx_kthread+0x10/0x10 [ 24.541479] ret_from_fork_asm+0x1a/0x30 [ 24.541521] </TASK> [ 24.541533] [ 24.552998] Allocated by task 273: [ 24.553169] kasan_save_stack+0x45/0x70 [ 24.553826] kasan_save_track+0x18/0x40 [ 24.554051] kasan_save_alloc_info+0x3b/0x50 [ 24.554276] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.554560] remove_element+0x11e/0x190 [ 24.554877] mempool_alloc_preallocated+0x4d/0x90 [ 24.555113] mempool_oob_right_helper+0x8a/0x380 [ 24.555299] mempool_slab_oob_right+0xed/0x140 [ 24.555512] kunit_try_run_case+0x1a5/0x480 [ 24.555836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.556009] kthread+0x337/0x6f0 [ 24.556155] ret_from_fork+0x116/0x1d0 [ 24.556349] ret_from_fork_asm+0x1a/0x30 [ 24.556579] [ 24.556702] The buggy address belongs to the object at ffff888104909240 [ 24.556702] which belongs to the cache test_cache of size 123 [ 24.557242] The buggy address is located 0 bytes to the right of [ 24.557242] allocated 123-byte region [ffff888104909240, ffff8881049092bb) [ 24.557842] [ 24.558029] The buggy address belongs to the physical page: [ 24.558284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104909 [ 24.558819] flags: 0x200000000000000(node=0|zone=2) [ 24.559162] page_type: f5(slab) [ 24.559304] raw: 0200000000000000 ffff8881057ff000 dead000000000122 0000000000000000 [ 24.559636] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.560159] page dumped because: kasan: bad access detected [ 24.560384] [ 24.560475] Memory state around the buggy address: [ 24.560882] ffff888104909180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.561295] ffff888104909200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.561585] >ffff888104909280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.562024] ^ [ 24.562382] ffff888104909300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.562671] ffff888104909380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563128] ==================================================================