Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 35.950272] ================================================================== [ 35.960126] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.967670] Read of size 1 at addr ffff000800e16001 by task kunit_try_catch/270 [ 35.974962] [ 35.976450] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 35.976503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.976519] Hardware name: WinLink E850-96 board (DT) [ 35.976540] Call trace: [ 35.976556] show_stack+0x20/0x38 (C) [ 35.976594] dump_stack_lvl+0x8c/0xd0 [ 35.976635] print_report+0x118/0x608 [ 35.976672] kasan_report+0xdc/0x128 [ 35.976706] __asan_report_load1_noabort+0x20/0x30 [ 35.976747] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.976780] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 35.976814] kunit_try_run_case+0x170/0x3f0 [ 35.976853] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.976892] kthread+0x328/0x630 [ 35.976923] ret_from_fork+0x10/0x20 [ 35.976961] [ 36.045015] The buggy address belongs to the physical page: [ 36.050573] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880e14 [ 36.058558] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.066196] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.073139] page_type: f8(unknown) [ 36.076538] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.084256] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.091983] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.099793] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.107607] head: 0bfffe0000000002 fffffdffe0038501 00000000ffffffff 00000000ffffffff [ 36.115418] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 36.123223] page dumped because: kasan: bad access detected [ 36.128779] [ 36.130255] Memory state around the buggy address: [ 36.135036] ffff000800e15f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.142237] ffff000800e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.149442] >ffff000800e16000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.156644] ^ [ 36.159859] ffff000800e16080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.167063] ffff000800e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.174266] ================================================================== [ 35.649105] ================================================================== [ 35.649284] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.649421] Read of size 1 at addr ffff000801e28873 by task kunit_try_catch/268 [ 35.655870] [ 35.657357] CPU: 7 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 35.657421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.657437] Hardware name: WinLink E850-96 board (DT) [ 35.657458] Call trace: [ 35.657471] show_stack+0x20/0x38 (C) [ 35.657508] dump_stack_lvl+0x8c/0xd0 [ 35.657547] print_report+0x118/0x608 [ 35.657581] kasan_report+0xdc/0x128 [ 35.657617] __asan_report_load1_noabort+0x20/0x30 [ 35.657659] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.657693] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.657724] kunit_try_run_case+0x170/0x3f0 [ 35.657764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.657800] kthread+0x328/0x630 [ 35.657831] ret_from_fork+0x10/0x20 [ 35.657867] [ 35.725402] Allocated by task 268: [ 35.728788] kasan_save_stack+0x3c/0x68 [ 35.732605] kasan_save_track+0x20/0x40 [ 35.736424] kasan_save_alloc_info+0x40/0x58 [ 35.740677] __kasan_mempool_unpoison_object+0x11c/0x180 [ 35.745974] remove_element+0x130/0x1f8 [ 35.749792] mempool_alloc_preallocated+0x58/0xc0 [ 35.754479] mempool_oob_right_helper+0x98/0x2f0 [ 35.759080] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.763767] kunit_try_run_case+0x170/0x3f0 [ 35.767934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.773403] kthread+0x328/0x630 [ 35.776614] ret_from_fork+0x10/0x20 [ 35.780174] [ 35.781650] The buggy address belongs to the object at ffff000801e28800 [ 35.781650] which belongs to the cache kmalloc-128 of size 128 [ 35.794151] The buggy address is located 0 bytes to the right of [ 35.794151] allocated 115-byte region [ffff000801e28800, ffff000801e28873) [ 35.807082] [ 35.808562] The buggy address belongs to the physical page: [ 35.814119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881e28 [ 35.822102] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.829742] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 35.836684] page_type: f5(slab) [ 35.839822] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 35.847541] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.855268] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 35.863079] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.870892] head: 0bfffe0000000001 fffffdffe0078a01 00000000ffffffff 00000000ffffffff [ 35.878703] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 35.886510] page dumped because: kasan: bad access detected [ 35.892064] [ 35.893539] Memory state around the buggy address: [ 35.898322] ffff000801e28700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.905522] ffff000801e28780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.912729] >ffff000801e28800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.919928] ^ [ 35.926789] ffff000801e28880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.933994] ffff000801e28900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.941197] ================================================================== [ 36.183778] ================================================================== [ 36.193713] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 36.201263] Read of size 1 at addr ffff00080631c2bb by task kunit_try_catch/272 [ 36.208554] [ 36.210040] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 36.210100] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.210116] Hardware name: WinLink E850-96 board (DT) [ 36.210140] Call trace: [ 36.210157] show_stack+0x20/0x38 (C) [ 36.210197] dump_stack_lvl+0x8c/0xd0 [ 36.210234] print_report+0x118/0x608 [ 36.210270] kasan_report+0xdc/0x128 [ 36.210303] __asan_report_load1_noabort+0x20/0x30 [ 36.210343] mempool_oob_right_helper+0x2ac/0x2f0 [ 36.210377] mempool_slab_oob_right+0xc0/0x118 [ 36.210413] kunit_try_run_case+0x170/0x3f0 [ 36.210450] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.210488] kthread+0x328/0x630 [ 36.210517] ret_from_fork+0x10/0x20 [ 36.210553] [ 36.277824] Allocated by task 272: [ 36.281211] kasan_save_stack+0x3c/0x68 [ 36.285027] kasan_save_track+0x20/0x40 [ 36.288847] kasan_save_alloc_info+0x40/0x58 [ 36.293099] __kasan_mempool_unpoison_object+0xbc/0x180 [ 36.298308] remove_element+0x16c/0x1f8 [ 36.302127] mempool_alloc_preallocated+0x58/0xc0 [ 36.306815] mempool_oob_right_helper+0x98/0x2f0 [ 36.311415] mempool_slab_oob_right+0xc0/0x118 [ 36.315842] kunit_try_run_case+0x170/0x3f0 [ 36.320009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.325479] kthread+0x328/0x630 [ 36.328689] ret_from_fork+0x10/0x20 [ 36.332248] [ 36.333725] The buggy address belongs to the object at ffff00080631c240 [ 36.333725] which belongs to the cache test_cache of size 123 [ 36.346139] The buggy address is located 0 bytes to the right of [ 36.346139] allocated 123-byte region [ffff00080631c240, ffff00080631c2bb) [ 36.359071] [ 36.360550] The buggy address belongs to the physical page: [ 36.366107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88631c [ 36.374091] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.380600] page_type: f5(slab) [ 36.383736] raw: 0bfffe0000000000 ffff00080179fcc0 dead000000000122 0000000000000000 [ 36.391456] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 36.399176] page dumped because: kasan: bad access detected [ 36.404729] [ 36.406205] Memory state around the buggy address: [ 36.410986] ffff00080631c180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.418190] ffff00080631c200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 36.425394] >ffff00080631c280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 36.432594] ^ [ 36.437633] ffff00080631c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.444837] ffff00080631c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.452040] ==================================================================
[ 28.323633] ================================================================== [ 28.323790] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.323970] Read of size 1 at addr fff00000c6507d73 by task kunit_try_catch/221 [ 28.324123] [ 28.324179] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.324290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.324322] Hardware name: linux,dummy-virt (DT) [ 28.324365] Call trace: [ 28.324396] show_stack+0x20/0x38 (C) [ 28.324466] dump_stack_lvl+0x8c/0xd0 [ 28.324536] print_report+0x118/0x608 [ 28.324606] kasan_report+0xdc/0x128 [ 28.324665] __asan_report_load1_noabort+0x20/0x30 [ 28.324733] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.324795] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.324862] kunit_try_run_case+0x170/0x3f0 [ 28.324928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.325032] kthread+0x328/0x630 [ 28.325089] ret_from_fork+0x10/0x20 [ 28.325155] [ 28.325178] Allocated by task 221: [ 28.325215] kasan_save_stack+0x3c/0x68 [ 28.325273] kasan_save_track+0x20/0x40 [ 28.325322] kasan_save_alloc_info+0x40/0x58 [ 28.325376] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.325435] remove_element+0x130/0x1f8 [ 28.325482] mempool_alloc_preallocated+0x58/0xc0 [ 28.325535] mempool_oob_right_helper+0x98/0x2f0 [ 28.325586] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.325639] kunit_try_run_case+0x170/0x3f0 [ 28.325690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.325745] kthread+0x328/0x630 [ 28.325791] ret_from_fork+0x10/0x20 [ 28.325838] [ 28.325863] The buggy address belongs to the object at fff00000c6507d00 [ 28.325863] which belongs to the cache kmalloc-128 of size 128 [ 28.325960] The buggy address is located 0 bytes to the right of [ 28.325960] allocated 115-byte region [fff00000c6507d00, fff00000c6507d73) [ 28.326045] [ 28.326071] The buggy address belongs to the physical page: [ 28.326113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 28.326185] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.326252] page_type: f5(slab) [ 28.326304] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.326367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.326418] page dumped because: kasan: bad access detected [ 28.326456] [ 28.326479] Memory state around the buggy address: [ 28.326519] fff00000c6507c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.326578] fff00000c6507c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.326633] >fff00000c6507d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.326682] ^ [ 28.326732] fff00000c6507d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.326784] fff00000c6507e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.326834] ================================================================== [ 28.341202] ================================================================== [ 28.341321] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.341434] Read of size 1 at addr fff00000c786a001 by task kunit_try_catch/223 [ 28.341552] [ 28.341622] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.341818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.341884] Hardware name: linux,dummy-virt (DT) [ 28.342002] Call trace: [ 28.342074] show_stack+0x20/0x38 (C) [ 28.342334] dump_stack_lvl+0x8c/0xd0 [ 28.342476] print_report+0x118/0x608 [ 28.342617] kasan_report+0xdc/0x128 [ 28.342739] __asan_report_load1_noabort+0x20/0x30 [ 28.343081] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.343338] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 28.343490] kunit_try_run_case+0x170/0x3f0 [ 28.343745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.343914] kthread+0x328/0x630 [ 28.344070] ret_from_fork+0x10/0x20 [ 28.344274] [ 28.344332] The buggy address belongs to the physical page: [ 28.344450] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107868 [ 28.344638] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.344852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.344960] page_type: f8(unknown) [ 28.345163] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.345293] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.345414] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.345536] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.345667] head: 0bfffe0000000002 ffffc1ffc31e1a01 00000000ffffffff 00000000ffffffff [ 28.346008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.346126] page dumped because: kasan: bad access detected [ 28.346365] [ 28.346447] Memory state around the buggy address: [ 28.346614] fff00000c7869f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.346798] fff00000c7869f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.346973] >fff00000c786a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.347084] ^ [ 28.347278] fff00000c786a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.347453] fff00000c786a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.347565] ================================================================== [ 28.384127] ================================================================== [ 28.384267] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.385378] Read of size 1 at addr fff00000c64302bb by task kunit_try_catch/225 [ 28.385529] [ 28.385620] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.386284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.386402] Hardware name: linux,dummy-virt (DT) [ 28.386503] Call trace: [ 28.386684] show_stack+0x20/0x38 (C) [ 28.386815] dump_stack_lvl+0x8c/0xd0 [ 28.386987] print_report+0x118/0x608 [ 28.387266] kasan_report+0xdc/0x128 [ 28.387441] __asan_report_load1_noabort+0x20/0x30 [ 28.387593] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.387974] mempool_slab_oob_right+0xc0/0x118 [ 28.388219] kunit_try_run_case+0x170/0x3f0 [ 28.388357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.388509] kthread+0x328/0x630 [ 28.388718] ret_from_fork+0x10/0x20 [ 28.388999] [ 28.389054] Allocated by task 225: [ 28.389154] kasan_save_stack+0x3c/0x68 [ 28.389407] kasan_save_track+0x20/0x40 [ 28.389537] kasan_save_alloc_info+0x40/0x58 [ 28.389705] __kasan_mempool_unpoison_object+0xbc/0x180 [ 28.389851] remove_element+0x16c/0x1f8 [ 28.390023] mempool_alloc_preallocated+0x58/0xc0 [ 28.390141] mempool_oob_right_helper+0x98/0x2f0 [ 28.390627] mempool_slab_oob_right+0xc0/0x118 [ 28.390881] kunit_try_run_case+0x170/0x3f0 [ 28.391011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.391208] kthread+0x328/0x630 [ 28.391322] ret_from_fork+0x10/0x20 [ 28.391666] [ 28.391813] The buggy address belongs to the object at fff00000c6430240 [ 28.391813] which belongs to the cache test_cache of size 123 [ 28.391974] The buggy address is located 0 bytes to the right of [ 28.391974] allocated 123-byte region [fff00000c6430240, fff00000c64302bb) [ 28.392125] [ 28.392178] The buggy address belongs to the physical page: [ 28.392250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106430 [ 28.392380] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.392500] page_type: f5(slab) [ 28.392607] raw: 0bfffe0000000000 fff00000c569fdc0 dead000000000122 0000000000000000 [ 28.392736] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.392870] page dumped because: kasan: bad access detected [ 28.392986] [ 28.393041] Memory state around the buggy address: [ 28.393452] fff00000c6430180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.393626] fff00000c6430200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 28.393909] >fff00000c6430280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 28.394052] ^ [ 28.394252] fff00000c6430300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394358] fff00000c6430380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394484] ==================================================================
[ 28.404095] ================================================================== [ 28.404276] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.404432] Read of size 1 at addr fff00000c77642bb by task kunit_try_catch/225 [ 28.404572] [ 28.404966] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.405354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.405481] Hardware name: linux,dummy-virt (DT) [ 28.405567] Call trace: [ 28.405633] show_stack+0x20/0x38 (C) [ 28.405763] dump_stack_lvl+0x8c/0xd0 [ 28.405914] print_report+0x118/0x608 [ 28.406042] kasan_report+0xdc/0x128 [ 28.406165] __asan_report_load1_noabort+0x20/0x30 [ 28.406386] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.406548] mempool_slab_oob_right+0xc0/0x118 [ 28.406918] kunit_try_run_case+0x170/0x3f0 [ 28.407066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.407198] kthread+0x328/0x630 [ 28.407341] ret_from_fork+0x10/0x20 [ 28.407651] [ 28.407805] Allocated by task 225: [ 28.407908] kasan_save_stack+0x3c/0x68 [ 28.408023] kasan_save_track+0x20/0x40 [ 28.408136] kasan_save_alloc_info+0x40/0x58 [ 28.408240] __kasan_mempool_unpoison_object+0xbc/0x180 [ 28.408346] remove_element+0x16c/0x1f8 [ 28.408505] mempool_alloc_preallocated+0x58/0xc0 [ 28.408649] mempool_oob_right_helper+0x98/0x2f0 [ 28.408757] mempool_slab_oob_right+0xc0/0x118 [ 28.408886] kunit_try_run_case+0x170/0x3f0 [ 28.409099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.409233] kthread+0x328/0x630 [ 28.409331] ret_from_fork+0x10/0x20 [ 28.409597] [ 28.409648] The buggy address belongs to the object at fff00000c7764240 [ 28.409648] which belongs to the cache test_cache of size 123 [ 28.409975] The buggy address is located 0 bytes to the right of [ 28.409975] allocated 123-byte region [fff00000c7764240, fff00000c77642bb) [ 28.410475] [ 28.410606] The buggy address belongs to the physical page: [ 28.410727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107764 [ 28.410912] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.411094] page_type: f5(slab) [ 28.411219] raw: 0bfffe0000000000 fff00000c59addc0 dead000000000122 0000000000000000 [ 28.411463] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.411569] page dumped because: kasan: bad access detected [ 28.411695] [ 28.411860] Memory state around the buggy address: [ 28.411976] fff00000c7764180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.412088] fff00000c7764200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 28.412195] >fff00000c7764280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 28.412288] ^ [ 28.412366] fff00000c7764300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.412477] fff00000c7764380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.412736] ================================================================== [ 28.365782] ================================================================== [ 28.366663] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.366820] Read of size 1 at addr fff00000c772a001 by task kunit_try_catch/223 [ 28.366958] [ 28.367042] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.367243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.367915] Hardware name: linux,dummy-virt (DT) [ 28.368022] Call trace: [ 28.368176] show_stack+0x20/0x38 (C) [ 28.368321] dump_stack_lvl+0x8c/0xd0 [ 28.368875] print_report+0x118/0x608 [ 28.369410] kasan_report+0xdc/0x128 [ 28.369597] __asan_report_load1_noabort+0x20/0x30 [ 28.369733] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.369889] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 28.370052] kunit_try_run_case+0x170/0x3f0 [ 28.370185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.370317] kthread+0x328/0x630 [ 28.370473] ret_from_fork+0x10/0x20 [ 28.370636] [ 28.370689] The buggy address belongs to the physical page: [ 28.370779] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107728 [ 28.371031] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.371322] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.371459] page_type: f8(unknown) [ 28.371565] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.372710] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.372874] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.372999] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.373976] head: 0bfffe0000000002 ffffc1ffc31dca01 00000000ffffffff 00000000ffffffff [ 28.374120] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.374334] page dumped because: kasan: bad access detected [ 28.374419] [ 28.374464] Memory state around the buggy address: [ 28.374633] fff00000c7729f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.374998] fff00000c7729f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.375231] >fff00000c772a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.375452] ^ [ 28.375523] fff00000c772a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.376109] fff00000c772a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.376314] ================================================================== [ 28.335414] ================================================================== [ 28.335503] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.335596] Read of size 1 at addr fff00000c60a5973 by task kunit_try_catch/221 [ 28.335657] [ 28.335706] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.335827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.335891] Hardware name: linux,dummy-virt (DT) [ 28.335935] Call trace: [ 28.335967] show_stack+0x20/0x38 (C) [ 28.336035] dump_stack_lvl+0x8c/0xd0 [ 28.336101] print_report+0x118/0x608 [ 28.336160] kasan_report+0xdc/0x128 [ 28.336217] __asan_report_load1_noabort+0x20/0x30 [ 28.336279] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.336340] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.336400] kunit_try_run_case+0x170/0x3f0 [ 28.336464] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.336527] kthread+0x328/0x630 [ 28.336583] ret_from_fork+0x10/0x20 [ 28.336644] [ 28.336667] Allocated by task 221: [ 28.336704] kasan_save_stack+0x3c/0x68 [ 28.336758] kasan_save_track+0x20/0x40 [ 28.336806] kasan_save_alloc_info+0x40/0x58 [ 28.336880] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.336939] remove_element+0x130/0x1f8 [ 28.336987] mempool_alloc_preallocated+0x58/0xc0 [ 28.337037] mempool_oob_right_helper+0x98/0x2f0 [ 28.337172] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.337278] kunit_try_run_case+0x170/0x3f0 [ 28.337380] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.337497] kthread+0x328/0x630 [ 28.337585] ret_from_fork+0x10/0x20 [ 28.337677] [ 28.337728] The buggy address belongs to the object at fff00000c60a5900 [ 28.337728] which belongs to the cache kmalloc-128 of size 128 [ 28.337886] The buggy address is located 0 bytes to the right of [ 28.337886] allocated 115-byte region [fff00000c60a5900, fff00000c60a5973) [ 28.337975] [ 28.338001] The buggy address belongs to the physical page: [ 28.338041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a5 [ 28.338111] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.338179] page_type: f5(slab) [ 28.338231] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.338293] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.338344] page dumped because: kasan: bad access detected [ 28.338380] [ 28.338403] Memory state around the buggy address: [ 28.338444] fff00000c60a5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.338500] fff00000c60a5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.338555] >fff00000c60a5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.338605] ^ [ 28.338655] fff00000c60a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.338709] fff00000c60a5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.338757] ==================================================================
[ 21.154065] ================================================================== [ 21.155316] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 21.156568] Read of size 1 at addr ffff888103a06001 by task kunit_try_catch/241 [ 21.157346] [ 21.157921] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.158061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.158103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.158168] Call Trace: [ 21.158216] <TASK> [ 21.158312] dump_stack_lvl+0x73/0xb0 [ 21.158421] print_report+0xd1/0x650 [ 21.158517] ? __virt_addr_valid+0x1db/0x2d0 [ 21.158855] ? mempool_oob_right_helper+0x318/0x380 [ 21.158934] ? kasan_addr_to_slab+0x11/0xa0 [ 21.159004] ? mempool_oob_right_helper+0x318/0x380 [ 21.159084] kasan_report+0x141/0x180 [ 21.159162] ? mempool_oob_right_helper+0x318/0x380 [ 21.159295] __asan_report_load1_noabort+0x18/0x20 [ 21.159381] mempool_oob_right_helper+0x318/0x380 [ 21.159458] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 21.159573] ? __kasan_check_write+0x18/0x20 [ 21.159643] ? __pfx_sched_clock_cpu+0x10/0x10 [ 21.159723] ? finish_task_switch.isra.0+0x153/0x700 [ 21.159768] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 21.159808] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 21.159850] ? __pfx_mempool_kmalloc+0x10/0x10 [ 21.159887] ? __pfx_mempool_kfree+0x10/0x10 [ 21.159924] ? __pfx_read_tsc+0x10/0x10 [ 21.159957] ? ktime_get_ts64+0x86/0x230 [ 21.159991] kunit_try_run_case+0x1a5/0x480 [ 21.160030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.160066] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.160102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.160136] ? __kthread_parkme+0x82/0x180 [ 21.160164] ? preempt_count_sub+0x50/0x80 [ 21.160196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.160247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.160299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.160335] kthread+0x337/0x6f0 [ 21.160363] ? trace_preempt_on+0x20/0xc0 [ 21.160397] ? __pfx_kthread+0x10/0x10 [ 21.160427] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.160458] ? calculate_sigpending+0x7b/0xa0 [ 21.160493] ? __pfx_kthread+0x10/0x10 [ 21.160591] ret_from_fork+0x116/0x1d0 [ 21.160671] ? __pfx_kthread+0x10/0x10 [ 21.160705] ret_from_fork_asm+0x1a/0x30 [ 21.160750] </TASK> [ 21.160766] [ 21.184123] The buggy address belongs to the physical page: [ 21.184647] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a04 [ 21.185172] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.186092] flags: 0x200000000000040(head|node=0|zone=2) [ 21.187450] page_type: f8(unknown) [ 21.187909] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.188718] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.189210] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.190141] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.190871] head: 0200000000000002 ffffea00040e8101 00000000ffffffff 00000000ffffffff [ 21.191867] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.192549] page dumped because: kasan: bad access detected [ 21.193055] [ 21.193514] Memory state around the buggy address: [ 21.194187] ffff888103a05f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.194776] ffff888103a05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.195451] >ffff888103a06000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.195907] ^ [ 21.196466] ffff888103a06080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.197713] ffff888103a06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.198192] ================================================================== [ 21.208017] ================================================================== [ 21.209934] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 21.211397] Read of size 1 at addr ffff8881039d72bb by task kunit_try_catch/243 [ 21.212391] [ 21.212673] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.212813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.212858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.212918] Call Trace: [ 21.212962] <TASK> [ 21.213014] dump_stack_lvl+0x73/0xb0 [ 21.213109] print_report+0xd1/0x650 [ 21.213173] ? __virt_addr_valid+0x1db/0x2d0 [ 21.213236] ? mempool_oob_right_helper+0x318/0x380 [ 21.213313] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.213376] ? mempool_oob_right_helper+0x318/0x380 [ 21.213439] kasan_report+0x141/0x180 [ 21.213518] ? mempool_oob_right_helper+0x318/0x380 [ 21.213597] __asan_report_load1_noabort+0x18/0x20 [ 21.213680] mempool_oob_right_helper+0x318/0x380 [ 21.213761] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 21.213887] ? __pfx_sched_clock_cpu+0x10/0x10 [ 21.213972] ? irqentry_exit+0x2a/0x60 [ 21.214048] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.214133] mempool_slab_oob_right+0xed/0x140 [ 21.214210] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 21.214324] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 21.214361] ? __pfx_mempool_free_slab+0x10/0x10 [ 21.214392] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 21.214433] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 21.214471] kunit_try_run_case+0x1a5/0x480 [ 21.214547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.214666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.214711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.214746] ? __kthread_parkme+0x82/0x180 [ 21.214777] ? preempt_count_sub+0x50/0x80 [ 21.214810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.214846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.214881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.214916] kthread+0x337/0x6f0 [ 21.214944] ? trace_preempt_on+0x20/0xc0 [ 21.214978] ? __pfx_kthread+0x10/0x10 [ 21.215006] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.215037] ? calculate_sigpending+0x7b/0xa0 [ 21.215073] ? __pfx_kthread+0x10/0x10 [ 21.215103] ret_from_fork+0x116/0x1d0 [ 21.215129] ? __pfx_kthread+0x10/0x10 [ 21.215157] ret_from_fork_asm+0x1a/0x30 [ 21.215199] </TASK> [ 21.215214] [ 21.242527] Allocated by task 243: [ 21.242908] kasan_save_stack+0x45/0x70 [ 21.243907] kasan_save_track+0x18/0x40 [ 21.244195] kasan_save_alloc_info+0x3b/0x50 [ 21.245145] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 21.245816] remove_element+0x11e/0x190 [ 21.246407] mempool_alloc_preallocated+0x4d/0x90 [ 21.247417] mempool_oob_right_helper+0x8a/0x380 [ 21.248295] mempool_slab_oob_right+0xed/0x140 [ 21.248849] kunit_try_run_case+0x1a5/0x480 [ 21.249355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.250593] kthread+0x337/0x6f0 [ 21.250974] ret_from_fork+0x116/0x1d0 [ 21.251384] ret_from_fork_asm+0x1a/0x30 [ 21.251750] [ 21.251985] The buggy address belongs to the object at ffff8881039d7240 [ 21.251985] which belongs to the cache test_cache of size 123 [ 21.253102] The buggy address is located 0 bytes to the right of [ 21.253102] allocated 123-byte region [ffff8881039d7240, ffff8881039d72bb) [ 21.254304] [ 21.254713] The buggy address belongs to the physical page: [ 21.255190] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039d7 [ 21.256027] flags: 0x200000000000000(node=0|zone=2) [ 21.257352] page_type: f5(slab) [ 21.257732] raw: 0200000000000000 ffff888101678a00 dead000000000122 0000000000000000 [ 21.258523] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 21.259189] page dumped because: kasan: bad access detected [ 21.259883] [ 21.260087] Memory state around the buggy address: [ 21.260735] ffff8881039d7180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.261290] ffff8881039d7200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 21.262662] >ffff8881039d7280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 21.263289] ^ [ 21.263788] ffff8881039d7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.264719] ffff8881039d7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.265358] ================================================================== [ 21.078523] ================================================================== [ 21.079447] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 21.080089] Read of size 1 at addr ffff888101b20f73 by task kunit_try_catch/239 [ 21.081444] [ 21.082156] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.082476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.082533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.082923] Call Trace: [ 21.082972] <TASK> [ 21.083031] dump_stack_lvl+0x73/0xb0 [ 21.083096] print_report+0xd1/0x650 [ 21.083131] ? __virt_addr_valid+0x1db/0x2d0 [ 21.083167] ? mempool_oob_right_helper+0x318/0x380 [ 21.083202] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.083248] ? mempool_oob_right_helper+0x318/0x380 [ 21.083303] kasan_report+0x141/0x180 [ 21.083340] ? mempool_oob_right_helper+0x318/0x380 [ 21.083381] __asan_report_load1_noabort+0x18/0x20 [ 21.083416] mempool_oob_right_helper+0x318/0x380 [ 21.083452] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 21.083486] ? update_load_avg+0x1be/0x21b0 [ 21.083601] ? pick_eevdf+0x3c9/0x590 [ 21.083683] ? irqentry_exit+0x2a/0x60 [ 21.083727] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.083768] mempool_kmalloc_oob_right+0xf2/0x150 [ 21.083804] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 21.083843] ? __pfx_mempool_kmalloc+0x10/0x10 [ 21.083881] ? __pfx_mempool_kfree+0x10/0x10 [ 21.083916] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 21.083954] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 21.083990] kunit_try_run_case+0x1a5/0x480 [ 21.084029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.084064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.084099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.084133] ? __kthread_parkme+0x82/0x180 [ 21.084162] ? preempt_count_sub+0x50/0x80 [ 21.084194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.084238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.084303] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.084341] kthread+0x337/0x6f0 [ 21.084370] ? trace_preempt_on+0x20/0xc0 [ 21.084405] ? __pfx_kthread+0x10/0x10 [ 21.084435] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.084468] ? calculate_sigpending+0x7b/0xa0 [ 21.084527] ? __pfx_kthread+0x10/0x10 [ 21.084610] ret_from_fork+0x116/0x1d0 [ 21.084679] ? __pfx_kthread+0x10/0x10 [ 21.084714] ret_from_fork_asm+0x1a/0x30 [ 21.084759] </TASK> [ 21.084776] [ 21.120379] Allocated by task 239: [ 21.120830] kasan_save_stack+0x45/0x70 [ 21.121529] kasan_save_track+0x18/0x40 [ 21.122819] kasan_save_alloc_info+0x3b/0x50 [ 21.123158] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 21.124018] remove_element+0x11e/0x190 [ 21.125019] mempool_alloc_preallocated+0x4d/0x90 [ 21.126044] mempool_oob_right_helper+0x8a/0x380 [ 21.127099] mempool_kmalloc_oob_right+0xf2/0x150 [ 21.128092] kunit_try_run_case+0x1a5/0x480 [ 21.128895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.129864] kthread+0x337/0x6f0 [ 21.130037] ret_from_fork+0x116/0x1d0 [ 21.130196] ret_from_fork_asm+0x1a/0x30 [ 21.131686] [ 21.132054] The buggy address belongs to the object at ffff888101b20f00 [ 21.132054] which belongs to the cache kmalloc-128 of size 128 [ 21.133643] The buggy address is located 0 bytes to the right of [ 21.133643] allocated 115-byte region [ffff888101b20f00, ffff888101b20f73) [ 21.134533] [ 21.135474] The buggy address belongs to the physical page: [ 21.136060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b20 [ 21.136928] flags: 0x200000000000000(node=0|zone=2) [ 21.137422] page_type: f5(slab) [ 21.137939] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.138555] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 21.139331] page dumped because: kasan: bad access detected [ 21.140132] [ 21.140349] Memory state around the buggy address: [ 21.140928] ffff888101b20e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.142612] ffff888101b20e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.143316] >ffff888101b20f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.143903] ^ [ 21.144785] ffff888101b20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.145359] ffff888101b21000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.146748] ==================================================================
[ 20.039856] ================================================================== [ 20.040837] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 20.041721] Read of size 1 at addr ffff8881038eb2bb by task kunit_try_catch/243 [ 20.042802] [ 20.043018] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.043084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.043109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.043583] Call Trace: [ 20.043626] <TASK> [ 20.043670] dump_stack_lvl+0x73/0xb0 [ 20.043733] print_report+0xd1/0x650 [ 20.043770] ? __virt_addr_valid+0x1db/0x2d0 [ 20.043804] ? mempool_oob_right_helper+0x318/0x380 [ 20.043838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.043870] ? mempool_oob_right_helper+0x318/0x380 [ 20.043963] kasan_report+0x141/0x180 [ 20.044268] ? mempool_oob_right_helper+0x318/0x380 [ 20.044316] __asan_report_load1_noabort+0x18/0x20 [ 20.044353] mempool_oob_right_helper+0x318/0x380 [ 20.044388] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 20.044426] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.044459] ? finish_task_switch.isra.0+0x153/0x700 [ 20.044497] mempool_slab_oob_right+0xed/0x140 [ 20.044592] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 20.044669] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 20.044704] ? __pfx_mempool_free_slab+0x10/0x10 [ 20.044735] ? __pfx_read_tsc+0x10/0x10 [ 20.044765] ? ktime_get_ts64+0x86/0x230 [ 20.044799] kunit_try_run_case+0x1a5/0x480 [ 20.044839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.044874] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.044941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.044977] ? __kthread_parkme+0x82/0x180 [ 20.045006] ? preempt_count_sub+0x50/0x80 [ 20.045037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.045073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.045130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.045181] kthread+0x337/0x6f0 [ 20.045213] ? trace_preempt_on+0x20/0xc0 [ 20.045247] ? __pfx_kthread+0x10/0x10 [ 20.045277] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.045309] ? calculate_sigpending+0x7b/0xa0 [ 20.045343] ? __pfx_kthread+0x10/0x10 [ 20.045373] ret_from_fork+0x116/0x1d0 [ 20.045399] ? __pfx_kthread+0x10/0x10 [ 20.045428] ret_from_fork_asm+0x1a/0x30 [ 20.045470] </TASK> [ 20.045486] [ 20.068032] Allocated by task 243: [ 20.068467] kasan_save_stack+0x45/0x70 [ 20.069440] kasan_save_track+0x18/0x40 [ 20.070038] kasan_save_alloc_info+0x3b/0x50 [ 20.070768] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 20.071321] remove_element+0x11e/0x190 [ 20.072037] mempool_alloc_preallocated+0x4d/0x90 [ 20.072889] mempool_oob_right_helper+0x8a/0x380 [ 20.073486] mempool_slab_oob_right+0xed/0x140 [ 20.074084] kunit_try_run_case+0x1a5/0x480 [ 20.074864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.075670] kthread+0x337/0x6f0 [ 20.076118] ret_from_fork+0x116/0x1d0 [ 20.076488] ret_from_fork_asm+0x1a/0x30 [ 20.076934] [ 20.077171] The buggy address belongs to the object at ffff8881038eb240 [ 20.077171] which belongs to the cache test_cache of size 123 [ 20.078456] The buggy address is located 0 bytes to the right of [ 20.078456] allocated 123-byte region [ffff8881038eb240, ffff8881038eb2bb) [ 20.079676] [ 20.080156] The buggy address belongs to the physical page: [ 20.080855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 20.081836] flags: 0x200000000000000(node=0|zone=2) [ 20.082451] page_type: f5(slab) [ 20.083050] raw: 0200000000000000 ffff88810111b500 dead000000000122 0000000000000000 [ 20.083969] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 20.084638] page dumped because: kasan: bad access detected [ 20.085377] [ 20.085855] Memory state around the buggy address: [ 20.086336] ffff8881038eb180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.087425] ffff8881038eb200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 20.088192] >ffff8881038eb280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 20.088794] ^ [ 20.089383] ffff8881038eb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.090343] ffff8881038eb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.091152] ================================================================== [ 19.930039] ================================================================== [ 19.931271] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 19.931931] Read of size 1 at addr ffff8881038d5673 by task kunit_try_catch/239 [ 19.932774] [ 19.933110] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 19.933245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.933282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.933346] Call Trace: [ 19.933384] <TASK> [ 19.933437] dump_stack_lvl+0x73/0xb0 [ 19.933530] print_report+0xd1/0x650 [ 19.933686] ? __virt_addr_valid+0x1db/0x2d0 [ 19.933733] ? mempool_oob_right_helper+0x318/0x380 [ 19.933810] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.933933] ? mempool_oob_right_helper+0x318/0x380 [ 19.934012] kasan_report+0x141/0x180 [ 19.934082] ? mempool_oob_right_helper+0x318/0x380 [ 19.934173] __asan_report_load1_noabort+0x18/0x20 [ 19.934251] mempool_oob_right_helper+0x318/0x380 [ 19.934334] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 19.934376] ? __kasan_check_write+0x18/0x20 [ 19.934406] ? __pfx_sched_clock_cpu+0x10/0x10 [ 19.934439] ? finish_task_switch.isra.0+0x153/0x700 [ 19.934476] mempool_kmalloc_oob_right+0xf2/0x150 [ 19.934518] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 19.934643] ? __pfx_mempool_kmalloc+0x10/0x10 [ 19.934688] ? __pfx_mempool_kfree+0x10/0x10 [ 19.934724] ? __pfx_read_tsc+0x10/0x10 [ 19.934754] ? ktime_get_ts64+0x86/0x230 [ 19.934790] kunit_try_run_case+0x1a5/0x480 [ 19.934830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.934865] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.934932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.934969] ? __kthread_parkme+0x82/0x180 [ 19.935000] ? preempt_count_sub+0x50/0x80 [ 19.935034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.935070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.935123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.935179] kthread+0x337/0x6f0 [ 19.935211] ? trace_preempt_on+0x20/0xc0 [ 19.935246] ? __pfx_kthread+0x10/0x10 [ 19.935276] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.935307] ? calculate_sigpending+0x7b/0xa0 [ 19.935343] ? __pfx_kthread+0x10/0x10 [ 19.935373] ret_from_fork+0x116/0x1d0 [ 19.935398] ? __pfx_kthread+0x10/0x10 [ 19.935427] ret_from_fork_asm+0x1a/0x30 [ 19.935470] </TASK> [ 19.935486] [ 19.957416] Allocated by task 239: [ 19.958052] kasan_save_stack+0x45/0x70 [ 19.958906] kasan_save_track+0x18/0x40 [ 19.959319] kasan_save_alloc_info+0x3b/0x50 [ 19.959814] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 19.960436] remove_element+0x11e/0x190 [ 19.961058] mempool_alloc_preallocated+0x4d/0x90 [ 19.961526] mempool_oob_right_helper+0x8a/0x380 [ 19.961998] mempool_kmalloc_oob_right+0xf2/0x150 [ 19.962750] kunit_try_run_case+0x1a5/0x480 [ 19.963183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.963901] kthread+0x337/0x6f0 [ 19.964446] ret_from_fork+0x116/0x1d0 [ 19.965200] ret_from_fork_asm+0x1a/0x30 [ 19.966397] [ 19.966863] The buggy address belongs to the object at ffff8881038d5600 [ 19.966863] which belongs to the cache kmalloc-128 of size 128 [ 19.968297] The buggy address is located 0 bytes to the right of [ 19.968297] allocated 115-byte region [ffff8881038d5600, ffff8881038d5673) [ 19.969902] [ 19.970108] The buggy address belongs to the physical page: [ 19.970802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 19.971916] flags: 0x200000000000000(node=0|zone=2) [ 19.972339] page_type: f5(slab) [ 19.972496] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.972752] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.973196] page dumped because: kasan: bad access detected [ 19.974335] [ 19.974973] Memory state around the buggy address: [ 19.975575] ffff8881038d5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.976370] ffff8881038d5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.976942] >ffff8881038d5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.977601] ^ [ 19.978496] ffff8881038d5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.979291] ffff8881038d5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.979893] ================================================================== [ 19.986444] ================================================================== [ 19.988171] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 19.989437] Read of size 1 at addr ffff88810398e001 by task kunit_try_catch/241 [ 19.990226] [ 19.990559] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 19.990834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.990941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.991035] Call Trace: [ 19.991075] <TASK> [ 19.991123] dump_stack_lvl+0x73/0xb0 [ 19.991189] print_report+0xd1/0x650 [ 19.991226] ? __virt_addr_valid+0x1db/0x2d0 [ 19.991260] ? mempool_oob_right_helper+0x318/0x380 [ 19.991293] ? kasan_addr_to_slab+0x11/0xa0 [ 19.991322] ? mempool_oob_right_helper+0x318/0x380 [ 19.991358] kasan_report+0x141/0x180 [ 19.991390] ? mempool_oob_right_helper+0x318/0x380 [ 19.991429] __asan_report_load1_noabort+0x18/0x20 [ 19.991464] mempool_oob_right_helper+0x318/0x380 [ 19.991499] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 19.991619] ? __pfx_sched_clock_cpu+0x10/0x10 [ 19.991680] ? finish_task_switch.isra.0+0x153/0x700 [ 19.991719] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 19.991756] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 19.991796] ? __pfx_mempool_kmalloc+0x10/0x10 [ 19.991830] ? __pfx_mempool_kfree+0x10/0x10 [ 19.991866] ? __pfx_read_tsc+0x10/0x10 [ 19.991925] ? ktime_get_ts64+0x86/0x230 [ 19.991961] kunit_try_run_case+0x1a5/0x480 [ 19.991998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.992033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.992069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.992121] ? __kthread_parkme+0x82/0x180 [ 19.992172] ? preempt_count_sub+0x50/0x80 [ 19.992205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.992241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.992276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.992311] kthread+0x337/0x6f0 [ 19.992339] ? trace_preempt_on+0x20/0xc0 [ 19.992372] ? __pfx_kthread+0x10/0x10 [ 19.992400] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.992431] ? calculate_sigpending+0x7b/0xa0 [ 19.992466] ? __pfx_kthread+0x10/0x10 [ 19.992496] ret_from_fork+0x116/0x1d0 [ 19.992571] ? __pfx_kthread+0x10/0x10 [ 19.992652] ret_from_fork_asm+0x1a/0x30 [ 19.992753] </TASK> [ 19.992792] [ 20.015533] The buggy address belongs to the physical page: [ 20.017564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398c [ 20.018297] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.018691] flags: 0x200000000000040(head|node=0|zone=2) [ 20.019038] page_type: f8(unknown) [ 20.019276] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.020452] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.022275] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.023150] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.023721] head: 0200000000000002 ffffea00040e6301 00000000ffffffff 00000000ffffffff [ 20.024668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.025282] page dumped because: kasan: bad access detected [ 20.026031] [ 20.026328] Memory state around the buggy address: [ 20.027259] ffff88810398df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.028341] ffff88810398df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.029471] >ffff88810398e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.030402] ^ [ 20.030811] ffff88810398e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.031681] ffff88810398e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.032379] ==================================================================
[ 22.075038] ================================================================== [ 22.076147] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 22.076863] Read of size 1 at addr ffff00000dbe2001 by task kunit_try_catch/276 [ 22.077541] [ 22.077705] CPU: 2 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.077756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.077771] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.077788] Call trace: [ 22.077799] show_stack+0x20/0x38 (C) [ 22.077834] dump_stack_lvl+0x8c/0xd0 [ 22.077870] print_report+0x118/0x608 [ 22.077903] kasan_report+0xdc/0x128 [ 22.077935] __asan_report_load1_noabort+0x20/0x30 [ 22.077973] mempool_oob_right_helper+0x2ac/0x2f0 [ 22.078005] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 22.078039] kunit_try_run_case+0x170/0x3f0 [ 22.078073] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.078111] kthread+0x328/0x630 [ 22.078138] ret_from_fork+0x10/0x20 [ 22.078170] [ 22.084256] The buggy address belongs to the physical page: [ 22.084771] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdbe0 [ 22.085497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.086202] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 22.086855] page_type: f8(unknown) [ 22.087190] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.087905] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.088621] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.089344] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.090067] head: 03fffe0000000002 fffffdffc036f801 00000000ffffffff 00000000ffffffff [ 22.090790] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.091504] page dumped because: kasan: bad access detected [ 22.092018] [ 22.092170] Memory state around the buggy address: [ 22.092617] ffff00000dbe1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.093283] ffff00000dbe1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.093948] >ffff00000dbe2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.094609] ^ [ 22.094920] ffff00000dbe2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.095585] ffff00000dbe2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.096246] ================================================================== [ 22.100996] ================================================================== [ 22.102160] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 22.102876] Read of size 1 at addr ffff00000f5c82bb by task kunit_try_catch/278 [ 22.103553] [ 22.103717] CPU: 2 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.103768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.103782] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.103800] Call trace: [ 22.103811] show_stack+0x20/0x38 (C) [ 22.103845] dump_stack_lvl+0x8c/0xd0 [ 22.103880] print_report+0x118/0x608 [ 22.103915] kasan_report+0xdc/0x128 [ 22.103947] __asan_report_load1_noabort+0x20/0x30 [ 22.103983] mempool_oob_right_helper+0x2ac/0x2f0 [ 22.104015] mempool_slab_oob_right+0xc0/0x118 [ 22.104048] kunit_try_run_case+0x170/0x3f0 [ 22.104082] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.104120] kthread+0x328/0x630 [ 22.104146] ret_from_fork+0x10/0x20 [ 22.104179] [ 22.110198] Allocated by task 278: [ 22.110522] kasan_save_stack+0x3c/0x68 [ 22.110899] kasan_save_track+0x20/0x40 [ 22.111274] kasan_save_alloc_info+0x40/0x58 [ 22.111692] __kasan_mempool_unpoison_object+0xbc/0x180 [ 22.112191] remove_element+0x16c/0x1f8 [ 22.112564] mempool_alloc_preallocated+0x58/0xc0 [ 22.113013] mempool_oob_right_helper+0x98/0x2f0 [ 22.113456] mempool_slab_oob_right+0xc0/0x118 [ 22.113885] kunit_try_run_case+0x170/0x3f0 [ 22.114291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.114814] kthread+0x328/0x630 [ 22.115130] ret_from_fork+0x10/0x20 [ 22.115479] [ 22.115633] The buggy address belongs to the object at ffff00000f5c8240 [ 22.115633] which belongs to the cache test_cache of size 123 [ 22.116756] The buggy address is located 0 bytes to the right of [ 22.116756] allocated 123-byte region [ffff00000f5c8240, ffff00000f5c82bb) [ 22.117930] [ 22.118084] The buggy address belongs to the physical page: [ 22.118600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf5c8 [ 22.119324] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.119935] page_type: f5(slab) [ 22.120249] raw: 03fffe0000000000 ffff00000e042280 dead000000000122 0000000000000000 [ 22.120964] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 22.121673] page dumped because: kasan: bad access detected [ 22.122187] [ 22.122339] Memory state around the buggy address: [ 22.122788] ffff00000f5c8180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.123452] ffff00000f5c8200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 22.124117] >ffff00000f5c8280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 22.124778] ^ [ 22.125251] ffff00000f5c8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.125917] ffff00000f5c8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.126579] ================================================================== [ 22.045244] ================================================================== [ 22.046274] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 22.046990] Read of size 1 at addr ffff00000e2f8673 by task kunit_try_catch/274 [ 22.047668] [ 22.047831] CPU: 2 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.047882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.047897] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.047915] Call trace: [ 22.047926] show_stack+0x20/0x38 (C) [ 22.047960] dump_stack_lvl+0x8c/0xd0 [ 22.047996] print_report+0x118/0x608 [ 22.048031] kasan_report+0xdc/0x128 [ 22.048063] __asan_report_load1_noabort+0x20/0x30 [ 22.048101] mempool_oob_right_helper+0x2ac/0x2f0 [ 22.048133] mempool_kmalloc_oob_right+0xc4/0x120 [ 22.048165] kunit_try_run_case+0x170/0x3f0 [ 22.048200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.048238] kthread+0x328/0x630 [ 22.048265] ret_from_fork+0x10/0x20 [ 22.048298] [ 22.054344] Allocated by task 274: [ 22.054676] kasan_save_stack+0x3c/0x68 [ 22.055058] kasan_save_track+0x20/0x40 [ 22.055432] kasan_save_alloc_info+0x40/0x58 [ 22.055850] __kasan_mempool_unpoison_object+0x11c/0x180 [ 22.056359] remove_element+0x130/0x1f8 [ 22.056731] mempool_alloc_preallocated+0x58/0xc0 [ 22.057181] mempool_oob_right_helper+0x98/0x2f0 [ 22.057625] mempool_kmalloc_oob_right+0xc4/0x120 [ 22.058075] kunit_try_run_case+0x170/0x3f0 [ 22.058481] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.059005] kthread+0x328/0x630 [ 22.059321] ret_from_fork+0x10/0x20 [ 22.059670] [ 22.059823] The buggy address belongs to the object at ffff00000e2f8600 [ 22.059823] which belongs to the cache kmalloc-128 of size 128 [ 22.060957] The buggy address is located 0 bytes to the right of [ 22.060957] allocated 115-byte region [ffff00000e2f8600, ffff00000e2f8673) [ 22.062130] [ 22.062285] The buggy address belongs to the physical page: [ 22.062799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe2f8 [ 22.063523] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.064134] page_type: f5(slab) [ 22.064449] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 22.065167] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.065875] page dumped because: kasan: bad access detected [ 22.066391] [ 22.066543] Memory state around the buggy address: [ 22.066992] ffff00000e2f8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.067658] ffff00000e2f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.068324] >ffff00000e2f8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.068985] ^ [ 22.069618] ffff00000e2f8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.070283] ffff00000e2f8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.070945] ==================================================================