Hay
Date
April 20, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   25.827279] ==================================================================
[   25.827404] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   25.827522] Read of size 1 at addr fff00000c42b32bb by task kunit_try_catch/227
[   25.827999] 
[   25.828197] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   25.828531] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.828635] Hardware name: linux,dummy-virt (DT)
[   25.828717] Call trace:
[   25.828780]  show_stack+0x20/0x38 (C)
[   25.828904]  dump_stack_lvl+0x8c/0xd0
[   25.829159]  print_report+0x118/0x608
[   25.829486]  kasan_report+0xdc/0x128
[   25.829675]  __asan_report_load1_noabort+0x20/0x30
[   25.829808]  mempool_oob_right_helper+0x2ac/0x2f0
[   25.830145]  mempool_slab_oob_right+0xc0/0x118
[   25.830305]  kunit_try_run_case+0x170/0x3f0
[   25.830438]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.830807]  kthread+0x328/0x630
[   25.831043]  ret_from_fork+0x10/0x20
[   25.831202] 
[   25.831277] Allocated by task 227:
[   25.831379]  kasan_save_stack+0x3c/0x68
[   25.831488]  kasan_save_track+0x20/0x40
[   25.831629]  kasan_save_alloc_info+0x40/0x58
[   25.831842]  __kasan_mempool_unpoison_object+0xbc/0x180
[   25.831979]  remove_element+0x16c/0x1f8
[   25.832257]  mempool_alloc_preallocated+0x58/0xc0
[   25.832465]  mempool_oob_right_helper+0x98/0x2f0
[   25.832577]  mempool_slab_oob_right+0xc0/0x118
[   25.832686]  kunit_try_run_case+0x170/0x3f0
[   25.833183]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.833339]  kthread+0x328/0x630
[   25.833608]  ret_from_fork+0x10/0x20
[   25.833736] 
[   25.833846] The buggy address belongs to the object at fff00000c42b3240
[   25.833846]  which belongs to the cache test_cache of size 123
[   25.834003] The buggy address is located 0 bytes to the right of
[   25.834003]  allocated 123-byte region [fff00000c42b3240, fff00000c42b32bb)
[   25.834191] 
[   25.834318] The buggy address belongs to the physical page:
[   25.834395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042b3
[   25.834719] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   25.835058] page_type: f5(slab)
[   25.835210] raw: 0bfffe0000000000 fff00000c7617000 dead000000000122 0000000000000000
[   25.835334] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   25.835434] page dumped because: kasan: bad access detected
[   25.835512] 
[   25.835624] Memory state around the buggy address:
[   25.835728]  fff00000c42b3180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.835845]  fff00000c42b3200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   25.835984] >fff00000c42b3280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   25.836104]                                         ^
[   25.836230]  fff00000c42b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.836346]  fff00000c42b3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.836448] ==================================================================
[   25.805558] ==================================================================
[   25.805863] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   25.806220] Read of size 1 at addr fff00000c7786001 by task kunit_try_catch/225
[   25.806364] 
[   25.806438] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   25.806646] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.806715] Hardware name: linux,dummy-virt (DT)
[   25.806797] Call trace:
[   25.806851]  show_stack+0x20/0x38 (C)
[   25.806991]  dump_stack_lvl+0x8c/0xd0
[   25.807102]  print_report+0x118/0x608
[   25.807207]  kasan_report+0xdc/0x128
[   25.807314]  __asan_report_load1_noabort+0x20/0x30
[   25.807484]  mempool_oob_right_helper+0x2ac/0x2f0
[   25.807736]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   25.807989]  kunit_try_run_case+0x170/0x3f0
[   25.808123]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.808304]  kthread+0x328/0x630
[   25.808459]  ret_from_fork+0x10/0x20
[   25.808618] 
[   25.808744] The buggy address belongs to the physical page:
[   25.808977] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107784
[   25.809148] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.809353] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   25.809586] page_type: f8(unknown)
[   25.809679] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.809796] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.809972] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.810129] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.810296] head: 0bfffe0000000002 ffffc1ffc31de101 00000000ffffffff 00000000ffffffff
[   25.810423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.810538] page dumped because: kasan: bad access detected
[   25.810647] 
[   25.810726] Memory state around the buggy address:
[   25.810816]  fff00000c7785f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.810951]  fff00000c7785f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.811105] >fff00000c7786000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.811271]                    ^
[   25.811390]  fff00000c7786080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.811498]  fff00000c7786100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.811642] ==================================================================
[   25.768313] ==================================================================
[   25.768455] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   25.768907] Read of size 1 at addr fff00000c6600873 by task kunit_try_catch/223
[   25.769187] 
[   25.769339] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   25.770182] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.770251] Hardware name: linux,dummy-virt (DT)
[   25.770297] Call trace:
[   25.770330]  show_stack+0x20/0x38 (C)
[   25.770539]  dump_stack_lvl+0x8c/0xd0
[   25.771211]  print_report+0x118/0x608
[   25.771434]  kasan_report+0xdc/0x128
[   25.771568]  __asan_report_load1_noabort+0x20/0x30
[   25.771717]  mempool_oob_right_helper+0x2ac/0x2f0
[   25.771877]  mempool_kmalloc_oob_right+0xc4/0x120
[   25.772095]  kunit_try_run_case+0x170/0x3f0
[   25.772296]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.772760]  kthread+0x328/0x630
[   25.773153]  ret_from_fork+0x10/0x20
[   25.773377] 
[   25.773621] Allocated by task 223:
[   25.773811]  kasan_save_stack+0x3c/0x68
[   25.773970]  kasan_save_track+0x20/0x40
[   25.774161]  kasan_save_alloc_info+0x40/0x58
[   25.774362]  __kasan_mempool_unpoison_object+0x11c/0x180
[   25.774502]  remove_element+0x130/0x1f8
[   25.774656]  mempool_alloc_preallocated+0x58/0xc0
[   25.774858]  mempool_oob_right_helper+0x98/0x2f0
[   25.774984]  mempool_kmalloc_oob_right+0xc4/0x120
[   25.775092]  kunit_try_run_case+0x170/0x3f0
[   25.775185]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.775309]  kthread+0x328/0x630
[   25.775445]  ret_from_fork+0x10/0x20
[   25.775553] 
[   25.775609] The buggy address belongs to the object at fff00000c6600800
[   25.775609]  which belongs to the cache kmalloc-128 of size 128
[   25.775852] The buggy address is located 0 bytes to the right of
[   25.775852]  allocated 115-byte region [fff00000c6600800, fff00000c6600873)
[   25.776075] 
[   25.776145] The buggy address belongs to the physical page:
[   25.776276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106600
[   25.776469] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   25.776670] page_type: f5(slab)
[   25.776776] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   25.776979] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.777089] page dumped because: kasan: bad access detected
[   25.777166] 
[   25.777228] Memory state around the buggy address:
[   25.777343]  fff00000c6600700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.777462]  fff00000c6600780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.777584] >fff00000c6600800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.777684]                                                              ^
[   25.777789]  fff00000c6600880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.778367]  fff00000c6600900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.778614] ==================================================================

[   12.928975] ==================================================================
[   12.929690] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.930089] Read of size 1 at addr ffff888102a1e001 by task kunit_try_catch/243
[   12.930711] 
[   12.930906] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   12.930956] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.930969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.930991] Call Trace:
[   12.931002]  <TASK>
[   12.931018]  dump_stack_lvl+0x73/0xb0
[   12.931045]  print_report+0xd1/0x650
[   12.931068]  ? __virt_addr_valid+0x1db/0x2d0
[   12.931091]  ? mempool_oob_right_helper+0x318/0x380
[   12.931114]  ? kasan_addr_to_slab+0x11/0xa0
[   12.931135]  ? mempool_oob_right_helper+0x318/0x380
[   12.931158]  kasan_report+0x141/0x180
[   12.931267]  ? mempool_oob_right_helper+0x318/0x380
[   12.931301]  __asan_report_load1_noabort+0x18/0x20
[   12.931335]  mempool_oob_right_helper+0x318/0x380
[   12.931362]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.931385]  ? dequeue_entities+0xa24/0x1790
[   12.931427]  ? finish_task_switch.isra.0+0x153/0x700
[   12.931454]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   12.931479]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   12.931503]  ? dequeue_task_fair+0x166/0x4e0
[   12.931525]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.931544]  ? __pfx_mempool_kfree+0x10/0x10
[   12.931566]  ? __pfx_read_tsc+0x10/0x10
[   12.931586]  ? ktime_get_ts64+0x86/0x230
[   12.931612]  kunit_try_run_case+0x1a5/0x480
[   12.931637]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.931659]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.931684]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.931707]  ? __kthread_parkme+0x82/0x180
[   12.931728]  ? preempt_count_sub+0x50/0x80
[   12.931752]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.931775]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.931797]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.931819]  kthread+0x337/0x6f0
[   12.931840]  ? trace_preempt_on+0x20/0xc0
[   12.931864]  ? __pfx_kthread+0x10/0x10
[   12.931886]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.931907]  ? calculate_sigpending+0x7b/0xa0
[   12.931928]  ? __pfx_kthread+0x10/0x10
[   12.931950]  ret_from_fork+0x41/0x80
[   12.931971]  ? __pfx_kthread+0x10/0x10
[   12.931992]  ret_from_fork_asm+0x1a/0x30
[   12.932024]  </TASK>
[   12.932034] 
[   12.943942] The buggy address belongs to the physical page:
[   12.944300] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c
[   12.944932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.945563] flags: 0x200000000000040(head|node=0|zone=2)
[   12.945854] page_type: f8(unknown)
[   12.946369] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.946705] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.947024] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.947451] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.947819] head: 0200000000000002 ffffea00040a8701 00000000ffffffff 00000000ffffffff
[   12.948387] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.948703] page dumped because: kasan: bad access detected
[   12.948966] 
[   12.949115] Memory state around the buggy address:
[   12.949313]  ffff888102a1df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.949792]  ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.950084] >ffff888102a1e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.950462]                    ^
[   12.950625]  ffff888102a1e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.950909]  ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.951195] ==================================================================
[   12.902649] ==================================================================
[   12.903112] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.903517] Read of size 1 at addr ffff888102b49173 by task kunit_try_catch/241
[   12.904012] 
[   12.904136] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   12.904188] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.904200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.904223] Call Trace:
[   12.904235]  <TASK>
[   12.904255]  dump_stack_lvl+0x73/0xb0
[   12.904285]  print_report+0xd1/0x650
[   12.904310]  ? __virt_addr_valid+0x1db/0x2d0
[   12.904347]  ? mempool_oob_right_helper+0x318/0x380
[   12.904371]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.904394]  ? mempool_oob_right_helper+0x318/0x380
[   12.904577]  kasan_report+0x141/0x180
[   12.904601]  ? mempool_oob_right_helper+0x318/0x380
[   12.904643]  __asan_report_load1_noabort+0x18/0x20
[   12.904664]  mempool_oob_right_helper+0x318/0x380
[   12.904702]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.904726]  ? dequeue_entities+0xa24/0x1790
[   12.904753]  ? finish_task_switch.isra.0+0x153/0x700
[   12.904782]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.904807]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   12.904831]  ? dequeue_task_fair+0x166/0x4e0
[   12.904855]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.904876]  ? __pfx_mempool_kfree+0x10/0x10
[   12.904898]  ? __pfx_read_tsc+0x10/0x10
[   12.904919]  ? ktime_get_ts64+0x86/0x230
[   12.904946]  kunit_try_run_case+0x1a5/0x480
[   12.904972]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.904994]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.905020]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.905044]  ? __kthread_parkme+0x82/0x180
[   12.905066]  ? preempt_count_sub+0x50/0x80
[   12.905091]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.905114]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.905153]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.905176]  kthread+0x337/0x6f0
[   12.905197]  ? trace_preempt_on+0x20/0xc0
[   12.905221]  ? __pfx_kthread+0x10/0x10
[   12.905243]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.905265]  ? calculate_sigpending+0x7b/0xa0
[   12.905288]  ? __pfx_kthread+0x10/0x10
[   12.905311]  ret_from_fork+0x41/0x80
[   12.905341]  ? __pfx_kthread+0x10/0x10
[   12.905364]  ret_from_fork_asm+0x1a/0x30
[   12.905442]  </TASK>
[   12.905467] 
[   12.915357] Allocated by task 241:
[   12.915543]  kasan_save_stack+0x45/0x70
[   12.915766]  kasan_save_track+0x18/0x40
[   12.915916]  kasan_save_alloc_info+0x3b/0x50
[   12.916365]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.916671]  remove_element+0x11e/0x190
[   12.916837]  mempool_alloc_preallocated+0x4d/0x90
[   12.917047]  mempool_oob_right_helper+0x8a/0x380
[   12.917348]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.917608]  kunit_try_run_case+0x1a5/0x480
[   12.917758]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.918013]  kthread+0x337/0x6f0
[   12.918199]  ret_from_fork+0x41/0x80
[   12.918401]  ret_from_fork_asm+0x1a/0x30
[   12.918541] 
[   12.918852] The buggy address belongs to the object at ffff888102b49100
[   12.918852]  which belongs to the cache kmalloc-128 of size 128
[   12.919752] The buggy address is located 0 bytes to the right of
[   12.919752]  allocated 115-byte region [ffff888102b49100, ffff888102b49173)
[   12.920675] 
[   12.920768] The buggy address belongs to the physical page:
[   12.921042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b49
[   12.921416] flags: 0x200000000000000(node=0|zone=2)
[   12.921706] page_type: f5(slab)
[   12.921905] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.922344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.922749] page dumped because: kasan: bad access detected
[   12.923007] 
[   12.923121] Memory state around the buggy address:
[   12.923360]  ffff888102b49000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.923717]  ffff888102b49080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.924033] >ffff888102b49100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.924345]                                                              ^
[   12.924624]  ffff888102b49180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.925035]  ffff888102b49200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.925521] ==================================================================
[   12.955301] ==================================================================
[   12.955964] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.956256] Read of size 1 at addr ffff8881027542bb by task kunit_try_catch/245
[   12.956842] 
[   12.957117] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   12.957165] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.957384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.957419] Call Trace:
[   12.957432]  <TASK>
[   12.957446]  dump_stack_lvl+0x73/0xb0
[   12.957471]  print_report+0xd1/0x650
[   12.957494]  ? __virt_addr_valid+0x1db/0x2d0
[   12.957516]  ? mempool_oob_right_helper+0x318/0x380
[   12.957539]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.957562]  ? mempool_oob_right_helper+0x318/0x380
[   12.957586]  kasan_report+0x141/0x180
[   12.957608]  ? mempool_oob_right_helper+0x318/0x380
[   12.957637]  __asan_report_load1_noabort+0x18/0x20
[   12.957657]  mempool_oob_right_helper+0x318/0x380
[   12.957682]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.957710]  ? finish_task_switch.isra.0+0x153/0x700
[   12.957737]  mempool_slab_oob_right+0xed/0x140
[   12.957757]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   12.957782]  ? dequeue_task_fair+0x166/0x4e0
[   12.957804]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   12.957824]  ? __pfx_mempool_free_slab+0x10/0x10
[   12.957846]  ? __pfx_read_tsc+0x10/0x10
[   12.957865]  ? ktime_get_ts64+0x86/0x230
[   12.957889]  kunit_try_run_case+0x1a5/0x480
[   12.957912]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.957933]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.957955]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.957979]  ? __kthread_parkme+0x82/0x180
[   12.957999]  ? preempt_count_sub+0x50/0x80
[   12.958023]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.958045]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.958068]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.958090]  kthread+0x337/0x6f0
[   12.958110]  ? trace_preempt_on+0x20/0xc0
[   12.958223]  ? __pfx_kthread+0x10/0x10
[   12.958250]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.958273]  ? calculate_sigpending+0x7b/0xa0
[   12.958294]  ? __pfx_kthread+0x10/0x10
[   12.958316]  ret_from_fork+0x41/0x80
[   12.958360]  ? __pfx_kthread+0x10/0x10
[   12.958382]  ret_from_fork_asm+0x1a/0x30
[   12.958428]  </TASK>
[   12.958439] 
[   12.974150] Allocated by task 245:
[   12.974574]  kasan_save_stack+0x45/0x70
[   12.975016]  kasan_save_track+0x18/0x40
[   12.975162]  kasan_save_alloc_info+0x3b/0x50
[   12.975303]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   12.975577]  remove_element+0x11e/0x190
[   12.975928]  mempool_alloc_preallocated+0x4d/0x90
[   12.976539]  mempool_oob_right_helper+0x8a/0x380
[   12.976969]  mempool_slab_oob_right+0xed/0x140
[   12.977542]  kunit_try_run_case+0x1a5/0x480
[   12.977943]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.978440]  kthread+0x337/0x6f0
[   12.978629]  ret_from_fork+0x41/0x80
[   12.978755]  ret_from_fork_asm+0x1a/0x30
[   12.978888] 
[   12.978958] The buggy address belongs to the object at ffff888102754240
[   12.978958]  which belongs to the cache test_cache of size 123
[   12.979306] The buggy address is located 0 bytes to the right of
[   12.979306]  allocated 123-byte region [ffff888102754240, ffff8881027542bb)
[   12.980057] 
[   12.980167] The buggy address belongs to the physical page:
[   12.980594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102754
[   12.980882] flags: 0x200000000000000(node=0|zone=2)
[   12.981109] page_type: f5(slab)
[   12.981243] raw: 0200000000000000 ffff888101a70640 dead000000000122 0000000000000000
[   12.981560] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   12.981994] page dumped because: kasan: bad access detected
[   12.982219] 
[   12.982310] Memory state around the buggy address:
[   12.982639]  ffff888102754180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.982921]  ffff888102754200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   12.983178] >ffff888102754280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   12.983498]                                         ^
[   12.983653]  ffff888102754300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.984097]  ffff888102754380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.984303] ==================================================================

[   23.027135] ==================================================================
[   23.028245] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   23.028967] Read of size 1 at addr ffff00000d73e001 by task kunit_try_catch/277
[   23.029644] 
[   23.029810] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   23.029859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.029873] Hardware name: Radxa ROCK Pi 4B (DT)
[   23.029891] Call trace:
[   23.029903]  show_stack+0x20/0x38 (C)
[   23.029937]  dump_stack_lvl+0x8c/0xd0
[   23.029968]  print_report+0x118/0x608
[   23.029999]  kasan_report+0xdc/0x128
[   23.030027]  __asan_report_load1_noabort+0x20/0x30
[   23.030062]  mempool_oob_right_helper+0x2ac/0x2f0
[   23.030098]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   23.030136]  kunit_try_run_case+0x170/0x3f0
[   23.030171]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.030211]  kthread+0x328/0x630
[   23.030245]  ret_from_fork+0x10/0x20
[   23.030279] 
[   23.036369] The buggy address belongs to the physical page:
[   23.036885] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd73c
[   23.037610] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.038317] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   23.038969] page_type: f8(unknown)
[   23.039304] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.040020] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.040735] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.041459] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.042183] head: 03fffe0000000002 fffffdffc035cf01 00000000ffffffff 00000000ffffffff
[   23.042905] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.043621] page dumped because: kasan: bad access detected
[   23.044136] 
[   23.044288] Memory state around the buggy address:
[   23.044737]  ffff00000d73df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.045403]  ffff00000d73df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.046069] >ffff00000d73e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.046730]                    ^
[   23.047041]  ffff00000d73e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.047707]  ffff00000d73e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.048369] ==================================================================
[   23.053074] ==================================================================
[   23.054235] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   23.054959] Read of size 1 at addr ffff0000101e72bb by task kunit_try_catch/279
[   23.055638] 
[   23.055804] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   23.055854] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.055869] Hardware name: Radxa ROCK Pi 4B (DT)
[   23.055886] Call trace:
[   23.055898]  show_stack+0x20/0x38 (C)
[   23.055930]  dump_stack_lvl+0x8c/0xd0
[   23.055962]  print_report+0x118/0x608
[   23.055991]  kasan_report+0xdc/0x128
[   23.056020]  __asan_report_load1_noabort+0x20/0x30
[   23.056053]  mempool_oob_right_helper+0x2ac/0x2f0
[   23.056088]  mempool_slab_oob_right+0xc0/0x118
[   23.056118]  kunit_try_run_case+0x170/0x3f0
[   23.056153]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.056193]  kthread+0x328/0x630
[   23.056226]  ret_from_fork+0x10/0x20
[   23.056260] 
[   23.062284] Allocated by task 279:
[   23.062612]  kasan_save_stack+0x3c/0x68
[   23.062988]  kasan_save_track+0x20/0x40
[   23.063359]  kasan_save_alloc_info+0x40/0x58
[   23.063771]  __kasan_mempool_unpoison_object+0xbc/0x180
[   23.064269]  remove_element+0x16c/0x1f8
[   23.064648]  mempool_alloc_preallocated+0x58/0xc0
[   23.065101]  mempool_oob_right_helper+0x98/0x2f0
[   23.065549]  mempool_slab_oob_right+0xc0/0x118
[   23.065976]  kunit_try_run_case+0x170/0x3f0
[   23.066384]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.066909]  kthread+0x328/0x630
[   23.067232]  ret_from_fork+0x10/0x20
[   23.067582] 
[   23.067736] The buggy address belongs to the object at ffff0000101e7240
[   23.067736]  which belongs to the cache test_cache of size 123
[   23.068863] The buggy address is located 0 bytes to the right of
[   23.068863]  allocated 123-byte region [ffff0000101e7240, ffff0000101e72bb)
[   23.070038] 
[   23.070192] The buggy address belongs to the physical page:
[   23.070709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e7
[   23.071441] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff)
[   23.072054] page_type: f5(slab)
[   23.072367] raw: 03fffe0000000000 ffff000000d1ba40 dead000000000122 0000000000000000
[   23.073083] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   23.073791] page dumped because: kasan: bad access detected
[   23.074307] 
[   23.074460] Memory state around the buggy address:
[   23.074908]  ffff0000101e7180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.075575]  ffff0000101e7200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   23.076241] >ffff0000101e7280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   23.076903]                                         ^
[   23.077376]  ffff0000101e7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.078043]  ffff0000101e7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.078705] ==================================================================
[   22.997841] ==================================================================
[   22.998889] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   22.999615] Read of size 1 at addr ffff00001019f173 by task kunit_try_catch/275
[   23.000295] 
[   23.000461] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   23.000512] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.000526] Hardware name: Radxa ROCK Pi 4B (DT)
[   23.000545] Call trace:
[   23.000556]  show_stack+0x20/0x38 (C)
[   23.000589]  dump_stack_lvl+0x8c/0xd0
[   23.000621]  print_report+0x118/0x608
[   23.000650]  kasan_report+0xdc/0x128
[   23.000679]  __asan_report_load1_noabort+0x20/0x30
[   23.000713]  mempool_oob_right_helper+0x2ac/0x2f0
[   23.000750]  mempool_kmalloc_oob_right+0xc4/0x120
[   23.000786]  kunit_try_run_case+0x170/0x3f0
[   23.000822]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.000862]  kthread+0x328/0x630
[   23.000896]  ret_from_fork+0x10/0x20
[   23.000929] 
[   23.006973] Allocated by task 275:
[   23.007300]  kasan_save_stack+0x3c/0x68
[   23.007675]  kasan_save_track+0x20/0x40
[   23.008046]  kasan_save_alloc_info+0x40/0x58
[   23.008459]  __kasan_mempool_unpoison_object+0x11c/0x180
[   23.008964]  remove_element+0x130/0x1f8
[   23.009343]  mempool_alloc_preallocated+0x58/0xc0
[   23.009797]  mempool_oob_right_helper+0x98/0x2f0
[   23.010245]  mempool_kmalloc_oob_right+0xc4/0x120
[   23.010699]  kunit_try_run_case+0x170/0x3f0
[   23.011106]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.011630]  kthread+0x328/0x630
[   23.011954]  ret_from_fork+0x10/0x20
[   23.012304] 
[   23.012458] The buggy address belongs to the object at ffff00001019f100
[   23.012458]  which belongs to the cache kmalloc-128 of size 128
[   23.013591] The buggy address is located 0 bytes to the right of
[   23.013591]  allocated 115-byte region [ffff00001019f100, ffff00001019f173)
[   23.014766] 
[   23.014921] The buggy address belongs to the physical page:
[   23.015438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019f
[   23.016171] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff)
[   23.016783] page_type: f5(slab)
[   23.017096] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000
[   23.017813] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.018521] page dumped because: kasan: bad access detected
[   23.019036] 
[   23.019188] Memory state around the buggy address:
[   23.019637]  ffff00001019f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.020304]  ffff00001019f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.020971] >ffff00001019f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   23.021633]                                                              ^
[   23.022266]  ffff00001019f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.022931]  ffff00001019f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   23.023592] ==================================================================