Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.964722] ================================================================== [ 18.964787] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.964842] Read of size 1 at addr fff00000c78fe001 by task kunit_try_catch/224 [ 18.964891] [ 18.964928] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.965030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.966734] Hardware name: linux,dummy-virt (DT) [ 18.966848] Call trace: [ 18.967376] show_stack+0x20/0x38 (C) [ 18.967729] dump_stack_lvl+0x8c/0xd0 [ 18.968039] print_report+0x118/0x608 [ 18.968245] kasan_report+0xdc/0x128 [ 18.968505] __asan_report_load1_noabort+0x20/0x30 [ 18.968772] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.968827] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.968878] kunit_try_run_case+0x170/0x3f0 [ 18.969128] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.969260] kthread+0x328/0x630 [ 18.969360] ret_from_fork+0x10/0x20 [ 18.969606] [ 18.969901] The buggy address belongs to the physical page: [ 18.970124] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078fc [ 18.970362] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.970591] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.970737] page_type: f8(unknown) [ 18.970988] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.971051] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.971234] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.971320] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.971556] head: 0bfffe0000000002 ffffc1ffc31e3f01 00000000ffffffff 00000000ffffffff [ 18.971605] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.971645] page dumped because: kasan: bad access detected [ 18.971679] [ 18.971765] Memory state around the buggy address: [ 18.971801] fff00000c78fdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.972341] fff00000c78fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.972411] >fff00000c78fe000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.972816] ^ [ 18.972881] fff00000c78fe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.972930] fff00000c78fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.972972] ================================================================== [ 18.987641] ================================================================== [ 18.987712] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.988137] Read of size 1 at addr fff00000c77ab2bb by task kunit_try_catch/226 [ 18.988207] [ 18.988287] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.988399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.988456] Hardware name: linux,dummy-virt (DT) [ 18.988503] Call trace: [ 18.988529] show_stack+0x20/0x38 (C) [ 18.988578] dump_stack_lvl+0x8c/0xd0 [ 18.988636] print_report+0x118/0x608 [ 18.988868] kasan_report+0xdc/0x128 [ 18.988927] __asan_report_load1_noabort+0x20/0x30 [ 18.989032] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.989108] mempool_slab_oob_right+0xc0/0x118 [ 18.989156] kunit_try_run_case+0x170/0x3f0 [ 18.989205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.989430] kthread+0x328/0x630 [ 18.989487] ret_from_fork+0x10/0x20 [ 18.989592] [ 18.989654] Allocated by task 226: [ 18.989703] kasan_save_stack+0x3c/0x68 [ 18.989746] kasan_save_track+0x20/0x40 [ 18.989791] kasan_save_alloc_info+0x40/0x58 [ 18.989830] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.990090] remove_element+0x16c/0x1f8 [ 18.990187] mempool_alloc_preallocated+0x58/0xc0 [ 18.990229] mempool_oob_right_helper+0x98/0x2f0 [ 18.990285] mempool_slab_oob_right+0xc0/0x118 [ 18.990325] kunit_try_run_case+0x170/0x3f0 [ 18.990371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.990424] kthread+0x328/0x630 [ 18.990464] ret_from_fork+0x10/0x20 [ 18.990501] [ 18.990520] The buggy address belongs to the object at fff00000c77ab240 [ 18.990520] which belongs to the cache test_cache of size 123 [ 18.990581] The buggy address is located 0 bytes to the right of [ 18.990581] allocated 123-byte region [fff00000c77ab240, fff00000c77ab2bb) [ 18.990659] [ 18.990679] The buggy address belongs to the physical page: [ 18.990712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ab [ 18.990880] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.990936] page_type: f5(slab) [ 18.991099] raw: 0bfffe0000000000 fff00000c1aa5b40 dead000000000122 0000000000000000 [ 18.991155] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.991196] page dumped because: kasan: bad access detected [ 18.991278] [ 18.991355] Memory state around the buggy address: [ 18.991498] fff00000c77ab180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.991571] fff00000c77ab200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.991611] >fff00000c77ab280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.991722] ^ [ 18.991807] fff00000c77ab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.991885] fff00000c77ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.992010] ================================================================== [ 18.945431] ================================================================== [ 18.945509] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.945581] Read of size 1 at addr fff00000c69b6273 by task kunit_try_catch/222 [ 18.945638] [ 18.945682] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.945770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.945797] Hardware name: linux,dummy-virt (DT) [ 18.945831] Call trace: [ 18.945855] show_stack+0x20/0x38 (C) [ 18.945906] dump_stack_lvl+0x8c/0xd0 [ 18.945956] print_report+0x118/0x608 [ 18.946017] kasan_report+0xdc/0x128 [ 18.946060] __asan_report_load1_noabort+0x20/0x30 [ 18.946110] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.946159] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.946206] kunit_try_run_case+0x170/0x3f0 [ 18.946255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.946307] kthread+0x328/0x630 [ 18.946348] ret_from_fork+0x10/0x20 [ 18.946397] [ 18.946416] Allocated by task 222: [ 18.946447] kasan_save_stack+0x3c/0x68 [ 18.946488] kasan_save_track+0x20/0x40 [ 18.946524] kasan_save_alloc_info+0x40/0x58 [ 18.946564] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.946616] remove_element+0x130/0x1f8 [ 18.947083] mempool_alloc_preallocated+0x58/0xc0 [ 18.947124] mempool_oob_right_helper+0x98/0x2f0 [ 18.947162] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.947202] kunit_try_run_case+0x170/0x3f0 [ 18.947238] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.947280] kthread+0x328/0x630 [ 18.947314] ret_from_fork+0x10/0x20 [ 18.947348] [ 18.947369] The buggy address belongs to the object at fff00000c69b6200 [ 18.947369] which belongs to the cache kmalloc-128 of size 128 [ 18.947429] The buggy address is located 0 bytes to the right of [ 18.947429] allocated 115-byte region [fff00000c69b6200, fff00000c69b6273) [ 18.947492] [ 18.947515] The buggy address belongs to the physical page: [ 18.947547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069b6 [ 18.947603] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.947654] page_type: f5(slab) [ 18.947695] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.947744] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.947784] page dumped because: kasan: bad access detected [ 18.947816] [ 18.947834] Memory state around the buggy address: [ 18.947868] fff00000c69b6100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.947913] fff00000c69b6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.947954] >fff00000c69b6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.948003] ^ [ 18.948044] fff00000c69b6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.948085] fff00000c69b6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.948124] ==================================================================
[ 18.617814] ================================================================== [ 18.618623] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.618749] Read of size 1 at addr fff00000c62332bb by task kunit_try_catch/226 [ 18.619021] [ 18.619057] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.619139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.619787] Hardware name: linux,dummy-virt (DT) [ 18.619826] Call trace: [ 18.619862] show_stack+0x20/0x38 (C) [ 18.620084] dump_stack_lvl+0x8c/0xd0 [ 18.620179] print_report+0x118/0x608 [ 18.620351] kasan_report+0xdc/0x128 [ 18.620584] __asan_report_load1_noabort+0x20/0x30 [ 18.620874] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.621019] mempool_slab_oob_right+0xc0/0x118 [ 18.621076] kunit_try_run_case+0x170/0x3f0 [ 18.621132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.621545] kthread+0x328/0x630 [ 18.621676] ret_from_fork+0x10/0x20 [ 18.621751] [ 18.622067] Allocated by task 226: [ 18.622343] kasan_save_stack+0x3c/0x68 [ 18.622395] kasan_save_track+0x20/0x40 [ 18.622485] kasan_save_alloc_info+0x40/0x58 [ 18.622529] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.622572] remove_element+0x16c/0x1f8 [ 18.622608] mempool_alloc_preallocated+0x58/0xc0 [ 18.622649] mempool_oob_right_helper+0x98/0x2f0 [ 18.622688] mempool_slab_oob_right+0xc0/0x118 [ 18.622725] kunit_try_run_case+0x170/0x3f0 [ 18.622764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.622806] kthread+0x328/0x630 [ 18.622837] ret_from_fork+0x10/0x20 [ 18.622874] [ 18.623147] The buggy address belongs to the object at fff00000c6233240 [ 18.623147] which belongs to the cache test_cache of size 123 [ 18.623242] The buggy address is located 0 bytes to the right of [ 18.623242] allocated 123-byte region [fff00000c6233240, fff00000c62332bb) [ 18.623598] [ 18.624114] The buggy address belongs to the physical page: [ 18.624349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106233 [ 18.624697] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.625149] page_type: f5(slab) [ 18.625340] raw: 0bfffe0000000000 fff00000c77d98c0 dead000000000122 0000000000000000 [ 18.625401] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.625753] page dumped because: kasan: bad access detected [ 18.625786] [ 18.625804] Memory state around the buggy address: [ 18.626058] fff00000c6233180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.626245] fff00000c6233200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.626317] >fff00000c6233280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.626362] ^ [ 18.626489] fff00000c6233300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.626553] fff00000c6233380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.626591] ================================================================== [ 18.598275] ================================================================== [ 18.598339] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.598394] Read of size 1 at addr fff00000c7836001 by task kunit_try_catch/224 [ 18.598444] [ 18.598477] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.598560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.600030] Hardware name: linux,dummy-virt (DT) [ 18.600082] Call trace: [ 18.600168] show_stack+0x20/0x38 (C) [ 18.600224] dump_stack_lvl+0x8c/0xd0 [ 18.600296] print_report+0x118/0x608 [ 18.600343] kasan_report+0xdc/0x128 [ 18.600387] __asan_report_load1_noabort+0x20/0x30 [ 18.600436] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.600483] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.600613] kunit_try_run_case+0x170/0x3f0 [ 18.600686] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.600831] kthread+0x328/0x630 [ 18.601347] ret_from_fork+0x10/0x20 [ 18.601402] [ 18.601425] The buggy address belongs to the physical page: [ 18.601659] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 18.601849] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.602039] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.602308] page_type: f8(unknown) [ 18.602417] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.602531] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.602631] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.602680] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.602801] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 18.603165] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.603372] page dumped because: kasan: bad access detected [ 18.603495] [ 18.603513] Memory state around the buggy address: [ 18.603899] fff00000c7835f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.603960] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.604446] >fff00000c7836000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.604487] ^ [ 18.604784] fff00000c7836080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.604830] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.605237] ================================================================== [ 18.577211] ================================================================== [ 18.577288] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.577362] Read of size 1 at addr fff00000c7729273 by task kunit_try_catch/222 [ 18.577415] [ 18.577456] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.577543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.577569] Hardware name: linux,dummy-virt (DT) [ 18.577601] Call trace: [ 18.577627] show_stack+0x20/0x38 (C) [ 18.577680] dump_stack_lvl+0x8c/0xd0 [ 18.577730] print_report+0x118/0x608 [ 18.577776] kasan_report+0xdc/0x128 [ 18.577819] __asan_report_load1_noabort+0x20/0x30 [ 18.577870] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.577931] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.577979] kunit_try_run_case+0x170/0x3f0 [ 18.578146] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.578199] kthread+0x328/0x630 [ 18.578242] ret_from_fork+0x10/0x20 [ 18.578291] [ 18.578310] Allocated by task 222: [ 18.578341] kasan_save_stack+0x3c/0x68 [ 18.578382] kasan_save_track+0x20/0x40 [ 18.578420] kasan_save_alloc_info+0x40/0x58 [ 18.578459] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.578502] remove_element+0x130/0x1f8 [ 18.578539] mempool_alloc_preallocated+0x58/0xc0 [ 18.578578] mempool_oob_right_helper+0x98/0x2f0 [ 18.578616] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.578655] kunit_try_run_case+0x170/0x3f0 [ 18.578695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.578739] kthread+0x328/0x630 [ 18.578770] ret_from_fork+0x10/0x20 [ 18.578807] [ 18.578826] The buggy address belongs to the object at fff00000c7729200 [ 18.578826] which belongs to the cache kmalloc-128 of size 128 [ 18.578884] The buggy address is located 0 bytes to the right of [ 18.578884] allocated 115-byte region [fff00000c7729200, fff00000c7729273) [ 18.578963] [ 18.578984] The buggy address belongs to the physical page: [ 18.579017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107729 [ 18.579073] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.579126] page_type: f5(slab) [ 18.579168] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.579218] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.579259] page dumped because: kasan: bad access detected [ 18.579292] [ 18.579310] Memory state around the buggy address: [ 18.579344] fff00000c7729100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.579387] fff00000c7729180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.579432] >fff00000c7729200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.579470] ^ [ 18.579511] fff00000c7729280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.579553] fff00000c7729300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.579594] ==================================================================
[ 14.940467] ================================================================== [ 14.940968] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.941537] Read of size 1 at addr ffff888103a76001 by task kunit_try_catch/241 [ 14.942149] [ 14.942449] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.942568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.942600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.942650] Call Trace: [ 14.942674] <TASK> [ 14.942703] dump_stack_lvl+0x73/0xb0 [ 14.942756] print_report+0xd1/0x650 [ 14.942788] ? __virt_addr_valid+0x1db/0x2d0 [ 14.942823] ? mempool_oob_right_helper+0x318/0x380 [ 14.942856] ? kasan_addr_to_slab+0x11/0xa0 [ 14.942887] ? mempool_oob_right_helper+0x318/0x380 [ 14.942959] kasan_report+0x141/0x180 [ 14.942994] ? mempool_oob_right_helper+0x318/0x380 [ 14.943059] __asan_report_load1_noabort+0x18/0x20 [ 14.943101] mempool_oob_right_helper+0x318/0x380 [ 14.943170] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.943214] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.943289] ? finish_task_switch.isra.0+0x153/0x700 [ 14.943354] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 14.943399] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 14.943430] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.943454] ? __pfx_mempool_kfree+0x10/0x10 [ 14.943477] ? __pfx_read_tsc+0x10/0x10 [ 14.943497] ? ktime_get_ts64+0x86/0x230 [ 14.943854] kunit_try_run_case+0x1a5/0x480 [ 14.943936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.943972] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.943997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.944023] ? __kthread_parkme+0x82/0x180 [ 14.944044] ? preempt_count_sub+0x50/0x80 [ 14.944067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.944088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.944138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.944164] kthread+0x337/0x6f0 [ 14.944184] ? trace_preempt_on+0x20/0xc0 [ 14.944205] ? __pfx_kthread+0x10/0x10 [ 14.944224] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.944243] ? calculate_sigpending+0x7b/0xa0 [ 14.944267] ? __pfx_kthread+0x10/0x10 [ 14.944287] ret_from_fork+0x116/0x1d0 [ 14.944304] ? __pfx_kthread+0x10/0x10 [ 14.944323] ret_from_fork_asm+0x1a/0x30 [ 14.944352] </TASK> [ 14.944365] [ 14.955280] The buggy address belongs to the physical page: [ 14.955839] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a74 [ 14.956385] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.957239] flags: 0x200000000000040(head|node=0|zone=2) [ 14.957738] page_type: f8(unknown) [ 14.958027] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.958650] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.958931] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.959177] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.959877] head: 0200000000000002 ffffea00040e9d01 00000000ffffffff 00000000ffffffff [ 14.960413] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.961149] page dumped because: kasan: bad access detected [ 14.961402] [ 14.961749] Memory state around the buggy address: [ 14.962084] ffff888103a75f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.962465] ffff888103a75f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.963032] >ffff888103a76000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.963311] ^ [ 14.963581] ffff888103a76080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.963912] ffff888103a76100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.964276] ================================================================== [ 14.905358] ================================================================== [ 14.905877] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.906217] Read of size 1 at addr ffff888102aa0a73 by task kunit_try_catch/239 [ 14.906444] [ 14.906584] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.906681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.906701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.906741] Call Trace: [ 14.906762] <TASK> [ 14.906797] dump_stack_lvl+0x73/0xb0 [ 14.907738] print_report+0xd1/0x650 [ 14.907814] ? __virt_addr_valid+0x1db/0x2d0 [ 14.907844] ? mempool_oob_right_helper+0x318/0x380 [ 14.907867] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.907892] ? mempool_oob_right_helper+0x318/0x380 [ 14.907914] kasan_report+0x141/0x180 [ 14.907934] ? mempool_oob_right_helper+0x318/0x380 [ 14.907961] __asan_report_load1_noabort+0x18/0x20 [ 14.907983] mempool_oob_right_helper+0x318/0x380 [ 14.908005] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.908034] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.908056] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 14.908079] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.908107] ? __pfx_mempool_kfree+0x10/0x10 [ 14.908153] ? __pfx_read_tsc+0x10/0x10 [ 14.908175] ? ktime_get_ts64+0x86/0x230 [ 14.908200] kunit_try_run_case+0x1a5/0x480 [ 14.908226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.908246] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.908272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.908293] ? __kthread_parkme+0x82/0x180 [ 14.908315] ? preempt_count_sub+0x50/0x80 [ 14.908338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.908360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.908381] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.908402] kthread+0x337/0x6f0 [ 14.908419] ? trace_preempt_on+0x20/0xc0 [ 14.908442] ? __pfx_kthread+0x10/0x10 [ 14.908461] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.908481] ? calculate_sigpending+0x7b/0xa0 [ 14.908508] ? __pfx_kthread+0x10/0x10 [ 14.908540] ret_from_fork+0x116/0x1d0 [ 14.908567] ? __pfx_kthread+0x10/0x10 [ 14.908597] ret_from_fork_asm+0x1a/0x30 [ 14.908658] </TASK> [ 14.908677] [ 14.919543] Allocated by task 239: [ 14.919928] kasan_save_stack+0x45/0x70 [ 14.920306] kasan_save_track+0x18/0x40 [ 14.920659] kasan_save_alloc_info+0x3b/0x50 [ 14.921038] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.921524] remove_element+0x11e/0x190 [ 14.921947] mempool_alloc_preallocated+0x4d/0x90 [ 14.922434] mempool_oob_right_helper+0x8a/0x380 [ 14.922999] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.923436] kunit_try_run_case+0x1a5/0x480 [ 14.923864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.924301] kthread+0x337/0x6f0 [ 14.924585] ret_from_fork+0x116/0x1d0 [ 14.924935] ret_from_fork_asm+0x1a/0x30 [ 14.925421] [ 14.925835] The buggy address belongs to the object at ffff888102aa0a00 [ 14.925835] which belongs to the cache kmalloc-128 of size 128 [ 14.926942] The buggy address is located 0 bytes to the right of [ 14.926942] allocated 115-byte region [ffff888102aa0a00, ffff888102aa0a73) [ 14.927659] [ 14.927999] The buggy address belongs to the physical page: [ 14.928410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0 [ 14.928726] flags: 0x200000000000000(node=0|zone=2) [ 14.929310] page_type: f5(slab) [ 14.929472] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.930305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.930642] page dumped because: kasan: bad access detected [ 14.931035] [ 14.931195] Memory state around the buggy address: [ 14.931473] ffff888102aa0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.931862] ffff888102aa0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.932372] >ffff888102aa0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.933197] ^ [ 14.933765] ffff888102aa0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.934225] ffff888102aa0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.934632] ================================================================== [ 14.970964] ================================================================== [ 14.971602] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.972477] Read of size 1 at addr ffff8881025722bb by task kunit_try_catch/243 [ 14.973001] [ 14.973190] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.973282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.973302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.973337] Call Trace: [ 14.973364] <TASK> [ 14.973392] dump_stack_lvl+0x73/0xb0 [ 14.973450] print_report+0xd1/0x650 [ 14.973488] ? __virt_addr_valid+0x1db/0x2d0 [ 14.973565] ? mempool_oob_right_helper+0x318/0x380 [ 14.973604] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.973655] ? mempool_oob_right_helper+0x318/0x380 [ 14.973686] kasan_report+0x141/0x180 [ 14.973720] ? mempool_oob_right_helper+0x318/0x380 [ 14.973749] __asan_report_load1_noabort+0x18/0x20 [ 14.973770] mempool_oob_right_helper+0x318/0x380 [ 14.973793] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.973820] mempool_slab_oob_right+0xed/0x140 [ 14.973841] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 14.973865] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.973888] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.973910] ? __pfx_read_tsc+0x10/0x10 [ 14.973942] ? ktime_get_ts64+0x86/0x230 [ 14.973966] kunit_try_run_case+0x1a5/0x480 [ 14.973990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.974009] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.974031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.974050] ? __kthread_parkme+0x82/0x180 [ 14.974070] ? preempt_count_sub+0x50/0x80 [ 14.974093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.974132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.974153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.974173] kthread+0x337/0x6f0 [ 14.974192] ? trace_preempt_on+0x20/0xc0 [ 14.974213] ? __pfx_kthread+0x10/0x10 [ 14.974232] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.974250] ? calculate_sigpending+0x7b/0xa0 [ 14.974273] ? __pfx_kthread+0x10/0x10 [ 14.974292] ret_from_fork+0x116/0x1d0 [ 14.974309] ? __pfx_kthread+0x10/0x10 [ 14.974328] ret_from_fork_asm+0x1a/0x30 [ 14.974356] </TASK> [ 14.974368] [ 14.987643] Allocated by task 243: [ 14.987898] kasan_save_stack+0x45/0x70 [ 14.988278] kasan_save_track+0x18/0x40 [ 14.988813] kasan_save_alloc_info+0x3b/0x50 [ 14.989052] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.990184] remove_element+0x11e/0x190 [ 14.990409] mempool_alloc_preallocated+0x4d/0x90 [ 14.990652] mempool_oob_right_helper+0x8a/0x380 [ 14.991374] mempool_slab_oob_right+0xed/0x140 [ 14.991704] kunit_try_run_case+0x1a5/0x480 [ 14.991883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.992535] kthread+0x337/0x6f0 [ 14.992887] ret_from_fork+0x116/0x1d0 [ 14.993095] ret_from_fork_asm+0x1a/0x30 [ 14.993449] [ 14.993759] The buggy address belongs to the object at ffff888102572240 [ 14.993759] which belongs to the cache test_cache of size 123 [ 14.994290] The buggy address is located 0 bytes to the right of [ 14.994290] allocated 123-byte region [ffff888102572240, ffff8881025722bb) [ 14.995097] [ 14.995328] The buggy address belongs to the physical page: [ 14.995866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102572 [ 14.996431] flags: 0x200000000000000(node=0|zone=2) [ 14.996833] page_type: f5(slab) [ 14.996990] raw: 0200000000000000 ffff888102568280 dead000000000122 0000000000000000 [ 14.997493] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.998027] page dumped because: kasan: bad access detected [ 14.998441] [ 14.998787] Memory state around the buggy address: [ 14.998975] ffff888102572180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.999676] ffff888102572200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 15.000151] >ffff888102572280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 15.000544] ^ [ 15.001072] ffff888102572300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.001410] ffff888102572380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.001962] ==================================================================
[ 15.078036] ================================================================== [ 15.078608] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 15.079219] Read of size 1 at addr ffff8881039f02bb by task kunit_try_catch/242 [ 15.079508] [ 15.079652] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.079700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.079713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.079736] Call Trace: [ 15.079750] <TASK> [ 15.079769] dump_stack_lvl+0x73/0xb0 [ 15.079804] print_report+0xd1/0x650 [ 15.079831] ? __virt_addr_valid+0x1db/0x2d0 [ 15.079860] ? mempool_oob_right_helper+0x318/0x380 [ 15.080000] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.080030] ? mempool_oob_right_helper+0x318/0x380 [ 15.080067] kasan_report+0x141/0x180 [ 15.080091] ? mempool_oob_right_helper+0x318/0x380 [ 15.080122] __asan_report_load1_noabort+0x18/0x20 [ 15.080147] mempool_oob_right_helper+0x318/0x380 [ 15.080174] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 15.080198] ? update_load_avg+0x1be/0x21b0 [ 15.080226] ? enqueue_entity+0x215/0x1080 [ 15.080253] ? finish_task_switch.isra.0+0x153/0x700 [ 15.080280] mempool_slab_oob_right+0xed/0x140 [ 15.080306] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 15.080335] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 15.080363] ? __pfx_mempool_free_slab+0x10/0x10 [ 15.080390] ? __pfx_read_tsc+0x10/0x10 [ 15.080413] ? ktime_get_ts64+0x86/0x230 [ 15.080440] kunit_try_run_case+0x1a5/0x480 [ 15.080468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.080492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.080517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.080542] ? __kthread_parkme+0x82/0x180 [ 15.080565] ? preempt_count_sub+0x50/0x80 [ 15.080591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.080617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.080641] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.080667] kthread+0x337/0x6f0 [ 15.080689] ? trace_preempt_on+0x20/0xc0 [ 15.080741] ? __pfx_kthread+0x10/0x10 [ 15.080764] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.080788] ? calculate_sigpending+0x7b/0xa0 [ 15.080824] ? __pfx_kthread+0x10/0x10 [ 15.080847] ret_from_fork+0x116/0x1d0 [ 15.080869] ? __pfx_kthread+0x10/0x10 [ 15.080892] ret_from_fork_asm+0x1a/0x30 [ 15.080926] </TASK> [ 15.080939] [ 15.089767] Allocated by task 242: [ 15.089909] kasan_save_stack+0x45/0x70 [ 15.090139] kasan_save_track+0x18/0x40 [ 15.090343] kasan_save_alloc_info+0x3b/0x50 [ 15.090570] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 15.090801] remove_element+0x11e/0x190 [ 15.090947] mempool_alloc_preallocated+0x4d/0x90 [ 15.091392] mempool_oob_right_helper+0x8a/0x380 [ 15.091639] mempool_slab_oob_right+0xed/0x140 [ 15.092139] kunit_try_run_case+0x1a5/0x480 [ 15.092336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.092559] kthread+0x337/0x6f0 [ 15.092825] ret_from_fork+0x116/0x1d0 [ 15.093008] ret_from_fork_asm+0x1a/0x30 [ 15.093188] [ 15.093288] The buggy address belongs to the object at ffff8881039f0240 [ 15.093288] which belongs to the cache test_cache of size 123 [ 15.093869] The buggy address is located 0 bytes to the right of [ 15.093869] allocated 123-byte region [ffff8881039f0240, ffff8881039f02bb) [ 15.094420] [ 15.094500] The buggy address belongs to the physical page: [ 15.094679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f0 [ 15.094924] flags: 0x200000000000000(node=0|zone=2) [ 15.095408] page_type: f5(slab) [ 15.095872] raw: 0200000000000000 ffff8881016018c0 dead000000000122 0000000000000000 [ 15.096239] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 15.096634] page dumped because: kasan: bad access detected [ 15.096874] [ 15.097031] Memory state around the buggy address: [ 15.097310] ffff8881039f0180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.097660] ffff8881039f0200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 15.098031] >ffff8881039f0280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 15.098322] ^ [ 15.098588] ffff8881039f0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.098930] ffff8881039f0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.099172] ================================================================== [ 15.026120] ================================================================== [ 15.026651] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 15.027438] Read of size 1 at addr ffff8881031c0373 by task kunit_try_catch/238 [ 15.027965] [ 15.028225] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.028282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.028294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.028318] Call Trace: [ 15.028332] <TASK> [ 15.028350] dump_stack_lvl+0x73/0xb0 [ 15.028383] print_report+0xd1/0x650 [ 15.028407] ? __virt_addr_valid+0x1db/0x2d0 [ 15.028430] ? mempool_oob_right_helper+0x318/0x380 [ 15.028454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.028480] ? mempool_oob_right_helper+0x318/0x380 [ 15.028503] kasan_report+0x141/0x180 [ 15.028525] ? mempool_oob_right_helper+0x318/0x380 [ 15.028554] __asan_report_load1_noabort+0x18/0x20 [ 15.028577] mempool_oob_right_helper+0x318/0x380 [ 15.028602] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 15.028627] ? __kasan_check_write+0x18/0x20 [ 15.028646] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.028669] ? finish_task_switch.isra.0+0x153/0x700 [ 15.028696] mempool_kmalloc_oob_right+0xf2/0x150 [ 15.028825] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 15.028854] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.028881] ? __pfx_mempool_kfree+0x10/0x10 [ 15.028905] ? __pfx_read_tsc+0x10/0x10 [ 15.028934] ? ktime_get_ts64+0x86/0x230 [ 15.028959] kunit_try_run_case+0x1a5/0x480 [ 15.028985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.029007] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.029031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.029063] ? __kthread_parkme+0x82/0x180 [ 15.029085] ? preempt_count_sub+0x50/0x80 [ 15.029108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.029134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.029158] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.029181] kthread+0x337/0x6f0 [ 15.029201] ? trace_preempt_on+0x20/0xc0 [ 15.029225] ? __pfx_kthread+0x10/0x10 [ 15.029246] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.029266] ? calculate_sigpending+0x7b/0xa0 [ 15.029291] ? __pfx_kthread+0x10/0x10 [ 15.029312] ret_from_fork+0x116/0x1d0 [ 15.029330] ? __pfx_kthread+0x10/0x10 [ 15.029351] ret_from_fork_asm+0x1a/0x30 [ 15.029384] </TASK> [ 15.029398] [ 15.038394] Allocated by task 238: [ 15.038561] kasan_save_stack+0x45/0x70 [ 15.038943] kasan_save_track+0x18/0x40 [ 15.039182] kasan_save_alloc_info+0x3b/0x50 [ 15.039419] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.039684] remove_element+0x11e/0x190 [ 15.039894] mempool_alloc_preallocated+0x4d/0x90 [ 15.040104] mempool_oob_right_helper+0x8a/0x380 [ 15.040264] mempool_kmalloc_oob_right+0xf2/0x150 [ 15.040457] kunit_try_run_case+0x1a5/0x480 [ 15.040680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.040943] kthread+0x337/0x6f0 [ 15.041194] ret_from_fork+0x116/0x1d0 [ 15.041447] ret_from_fork_asm+0x1a/0x30 [ 15.041604] [ 15.041682] The buggy address belongs to the object at ffff8881031c0300 [ 15.041682] which belongs to the cache kmalloc-128 of size 128 [ 15.042240] The buggy address is located 0 bytes to the right of [ 15.042240] allocated 115-byte region [ffff8881031c0300, ffff8881031c0373) [ 15.042976] [ 15.043091] The buggy address belongs to the physical page: [ 15.043608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c0 [ 15.044012] flags: 0x200000000000000(node=0|zone=2) [ 15.044209] page_type: f5(slab) [ 15.044357] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.044800] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.045269] page dumped because: kasan: bad access detected [ 15.045573] [ 15.045677] Memory state around the buggy address: [ 15.045963] ffff8881031c0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.046319] ffff8881031c0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.046692] >ffff8881031c0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 15.046968] ^ [ 15.047505] ffff8881031c0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.047958] ffff8881031c0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 15.048335] ================================================================== [ 15.052678] ================================================================== [ 15.053300] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 15.053690] Read of size 1 at addr ffff888102a0a001 by task kunit_try_catch/240 [ 15.054625] [ 15.054962] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.055072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.055087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.055109] Call Trace: [ 15.055123] <TASK> [ 15.055139] dump_stack_lvl+0x73/0xb0 [ 15.055169] print_report+0xd1/0x650 [ 15.055193] ? __virt_addr_valid+0x1db/0x2d0 [ 15.055215] ? mempool_oob_right_helper+0x318/0x380 [ 15.055239] ? kasan_addr_to_slab+0x11/0xa0 [ 15.055260] ? mempool_oob_right_helper+0x318/0x380 [ 15.055283] kasan_report+0x141/0x180 [ 15.055306] ? mempool_oob_right_helper+0x318/0x380 [ 15.055336] __asan_report_load1_noabort+0x18/0x20 [ 15.055359] mempool_oob_right_helper+0x318/0x380 [ 15.055385] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 15.055410] ? __kasan_check_write+0x18/0x20 [ 15.055430] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.055453] ? finish_task_switch.isra.0+0x153/0x700 [ 15.055479] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 15.055504] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 15.055532] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.055557] ? __pfx_mempool_kfree+0x10/0x10 [ 15.055583] ? __pfx_read_tsc+0x10/0x10 [ 15.055604] ? ktime_get_ts64+0x86/0x230 [ 15.055628] kunit_try_run_case+0x1a5/0x480 [ 15.055654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.055677] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.055701] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.055723] ? __kthread_parkme+0x82/0x180 [ 15.055744] ? preempt_count_sub+0x50/0x80 [ 15.055768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.055808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.055831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.055854] kthread+0x337/0x6f0 [ 15.055874] ? trace_preempt_on+0x20/0xc0 [ 15.055898] ? __pfx_kthread+0x10/0x10 [ 15.055920] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.055941] ? calculate_sigpending+0x7b/0xa0 [ 15.055965] ? __pfx_kthread+0x10/0x10 [ 15.055989] ret_from_fork+0x116/0x1d0 [ 15.056008] ? __pfx_kthread+0x10/0x10 [ 15.056030] ret_from_fork_asm+0x1a/0x30 [ 15.056073] </TASK> [ 15.056085] [ 15.065685] The buggy address belongs to the physical page: [ 15.066103] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a08 [ 15.066514] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.066933] flags: 0x200000000000040(head|node=0|zone=2) [ 15.067174] page_type: f8(unknown) [ 15.067371] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.067782] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.068090] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.068490] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.068844] head: 0200000000000002 ffffea00040a8201 00000000ffffffff 00000000ffffffff [ 15.069276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.069560] page dumped because: kasan: bad access detected [ 15.069797] [ 15.069902] Memory state around the buggy address: [ 15.070151] ffff888102a09f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.070511] ffff888102a09f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.070880] >ffff888102a0a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.071232] ^ [ 15.071378] ffff888102a0a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.071693] ffff888102a0a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.072139] ==================================================================
[ 35.685931] ================================================================== [ 35.696828] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 35.704410] Read of size 1 at addr ffff8881066f8773 by task kunit_try_catch/262 [ 35.711723] [ 35.713228] CPU: 3 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 35.713238] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 35.713241] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 35.713245] Call Trace: [ 35.713246] <TASK> [ 35.713249] dump_stack_lvl+0x73/0xb0 [ 35.713254] print_report+0xd1/0x650 [ 35.713259] ? __virt_addr_valid+0x1db/0x2d0 [ 35.713263] ? mempool_oob_right_helper+0x318/0x380 [ 35.713268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.713273] ? mempool_oob_right_helper+0x318/0x380 [ 35.713278] kasan_report+0x141/0x180 [ 35.713282] ? mempool_oob_right_helper+0x318/0x380 [ 35.713287] __asan_report_load1_noabort+0x18/0x20 [ 35.713292] mempool_oob_right_helper+0x318/0x380 [ 35.713296] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 35.713301] ? __pfx_sched_clock_cpu+0x10/0x10 [ 35.713305] ? finish_task_switch.isra.0+0x153/0x700 [ 35.713310] mempool_kmalloc_oob_right+0xf2/0x150 [ 35.713315] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 35.713320] ? __pfx_mempool_kmalloc+0x10/0x10 [ 35.713325] ? __pfx_mempool_kfree+0x10/0x10 [ 35.713347] ? ktime_get_ts64+0x83/0x230 [ 35.713352] kunit_try_run_case+0x1a2/0x480 [ 35.713357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.713361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.713366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.713371] ? __kthread_parkme+0x82/0x180 [ 35.713387] ? preempt_count_sub+0x50/0x80 [ 35.713391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.713396] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 35.713400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.713404] kthread+0x334/0x6f0 [ 35.713408] ? trace_preempt_on+0x20/0xc0 [ 35.713412] ? __pfx_kthread+0x10/0x10 [ 35.713416] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.713420] ? calculate_sigpending+0x7b/0xa0 [ 35.713425] ? __pfx_kthread+0x10/0x10 [ 35.713429] ret_from_fork+0x113/0x1d0 [ 35.713433] ? __pfx_kthread+0x10/0x10 [ 35.713436] ret_from_fork_asm+0x1a/0x30 [ 35.713443] </TASK> [ 35.713444] [ 35.905512] Allocated by task 262: [ 35.908918] kasan_save_stack+0x45/0x70 [ 35.912763] kasan_save_track+0x18/0x40 [ 35.916603] kasan_save_alloc_info+0x3b/0x50 [ 35.920877] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 35.926190] remove_element+0x11e/0x190 [ 35.930038] mempool_alloc_preallocated+0x4d/0x90 [ 35.934751] mempool_oob_right_helper+0x8a/0x380 [ 35.939370] mempool_kmalloc_oob_right+0xf2/0x150 [ 35.944104] kunit_try_run_case+0x1a2/0x480 [ 35.948297] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 35.953698] kthread+0x334/0x6f0 [ 35.956930] ret_from_fork+0x113/0x1d0 [ 35.960682] ret_from_fork_asm+0x1a/0x30 [ 35.964610] [ 35.966107] The buggy address belongs to the object at ffff8881066f8700 [ 35.966107] which belongs to the cache kmalloc-128 of size 128 [ 35.978622] The buggy address is located 0 bytes to the right of [ 35.978622] allocated 115-byte region [ffff8881066f8700, ffff8881066f8773) [ 35.991578] [ 35.993079] The buggy address belongs to the physical page: [ 35.998652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066f8 [ 36.006658] flags: 0x200000000000000(node=0|zone=2) [ 36.011537] page_type: f5(slab) [ 36.014685] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 36.022425] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.030173] page dumped because: kasan: bad access detected [ 36.035743] [ 36.037242] Memory state around the buggy address: [ 36.042037] ffff8881066f8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.049255] ffff8881066f8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.056474] >ffff8881066f8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.063693] ^ [ 36.070566] ffff8881066f8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.077787] ffff8881066f8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.085005] ================================================================== [ 36.092766] ================================================================== [ 36.104576] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 36.112156] Read of size 1 at addr ffff8881081fa001 by task kunit_try_catch/264 [ 36.119465] [ 36.120964] CPU: 3 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 36.120973] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 36.120976] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 36.120980] Call Trace: [ 36.120981] <TASK> [ 36.120983] dump_stack_lvl+0x73/0xb0 [ 36.120989] print_report+0xd1/0x650 [ 36.120993] ? __virt_addr_valid+0x1db/0x2d0 [ 36.120997] ? mempool_oob_right_helper+0x318/0x380 [ 36.121001] ? kasan_addr_to_slab+0x11/0xa0 [ 36.121005] ? mempool_oob_right_helper+0x318/0x380 [ 36.121009] kasan_report+0x141/0x180 [ 36.121013] ? mempool_oob_right_helper+0x318/0x380 [ 36.121019] __asan_report_load1_noabort+0x18/0x20 [ 36.121023] mempool_oob_right_helper+0x318/0x380 [ 36.121028] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 36.121033] ? __kasan_check_write+0x18/0x20 [ 36.121036] ? __pfx_sched_clock_cpu+0x10/0x10 [ 36.121040] ? finish_task_switch.isra.0+0x153/0x700 [ 36.121045] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 36.121049] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 36.121055] ? __pfx_mempool_kmalloc+0x10/0x10 [ 36.121059] ? __pfx_mempool_kfree+0x10/0x10 [ 36.121064] ? ktime_get_ts64+0x83/0x230 [ 36.121068] kunit_try_run_case+0x1a2/0x480 [ 36.121073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.121077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 36.121082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 36.121086] ? __kthread_parkme+0x82/0x180 [ 36.121090] ? preempt_count_sub+0x50/0x80 [ 36.121094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.121099] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 36.121103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 36.121107] kthread+0x334/0x6f0 [ 36.121111] ? trace_preempt_on+0x20/0xc0 [ 36.121115] ? __pfx_kthread+0x10/0x10 [ 36.121119] ? _raw_spin_unlock_irq+0x47/0x80 [ 36.121123] ? calculate_sigpending+0x7b/0xa0 [ 36.121127] ? __pfx_kthread+0x10/0x10 [ 36.121131] ret_from_fork+0x113/0x1d0 [ 36.121135] ? __pfx_kthread+0x10/0x10 [ 36.121138] ret_from_fork_asm+0x1a/0x30 [ 36.121144] </TASK> [ 36.121146] [ 36.317412] The buggy address belongs to the physical page: [ 36.322991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081f8 [ 36.330998] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.338651] flags: 0x200000000000040(head|node=0|zone=2) [ 36.343965] page_type: f8(unknown) [ 36.347372] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.355137] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.362883] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.370709] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.378537] head: 0200000000000002 ffffea0004207e01 00000000ffffffff 00000000ffffffff [ 36.386369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 36.394222] page dumped because: kasan: bad access detected [ 36.399795] [ 36.401293] Memory state around the buggy address: [ 36.406085] ffff8881081f9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.413307] ffff8881081f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.420525] >ffff8881081fa000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.427745] ^ [ 36.430977] ffff8881081fa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.438197] ffff8881081fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.445416] ================================================================== [ 36.453058] ================================================================== [ 36.465360] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 36.472932] Read of size 1 at addr ffff8881066eb2bb by task kunit_try_catch/266 [ 36.480247] [ 36.481748] CPU: 3 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 36.481757] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 36.481760] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 36.481763] Call Trace: [ 36.481765] <TASK> [ 36.481767] dump_stack_lvl+0x73/0xb0 [ 36.481771] print_report+0xd1/0x650 [ 36.481775] ? __virt_addr_valid+0x1db/0x2d0 [ 36.481779] ? mempool_oob_right_helper+0x318/0x380 [ 36.481784] ? kasan_complete_mode_report_info+0x2a/0x200 [ 36.481789] ? mempool_oob_right_helper+0x318/0x380 [ 36.481793] kasan_report+0x141/0x180 [ 36.481797] ? mempool_oob_right_helper+0x318/0x380 [ 36.481803] __asan_report_load1_noabort+0x18/0x20 [ 36.481807] mempool_oob_right_helper+0x318/0x380 [ 36.481812] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 36.481817] ? __pfx_sched_clock_cpu+0x10/0x10 [ 36.481820] ? finish_task_switch.isra.0+0x153/0x700 [ 36.481825] mempool_slab_oob_right+0xed/0x140 [ 36.481830] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 36.481835] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 36.481840] ? __pfx_mempool_free_slab+0x10/0x10 [ 36.481845] ? ktime_get_ts64+0x83/0x230 [ 36.481849] kunit_try_run_case+0x1a2/0x480 [ 36.481853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.481858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 36.481862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 36.481866] ? __kthread_parkme+0x82/0x180 [ 36.481870] ? preempt_count_sub+0x50/0x80 [ 36.481874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 36.481878] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 36.481882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 36.481887] kthread+0x334/0x6f0 [ 36.481890] ? trace_preempt_on+0x20/0xc0 [ 36.481894] ? __pfx_kthread+0x10/0x10 [ 36.481898] ? _raw_spin_unlock_irq+0x47/0x80 [ 36.481902] ? calculate_sigpending+0x7b/0xa0 [ 36.481907] ? __pfx_kthread+0x10/0x10 [ 36.481910] ret_from_fork+0x113/0x1d0 [ 36.481914] ? __pfx_kthread+0x10/0x10 [ 36.481917] ret_from_fork_asm+0x1a/0x30 [ 36.481923] </TASK> [ 36.481925] [ 36.674137] Allocated by task 266: [ 36.677544] kasan_save_stack+0x45/0x70 [ 36.681403] kasan_save_track+0x18/0x40 [ 36.685248] kasan_save_alloc_info+0x3b/0x50 [ 36.689528] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 36.694840] remove_element+0x11e/0x190 [ 36.698679] mempool_alloc_preallocated+0x4d/0x90 [ 36.703406] mempool_oob_right_helper+0x8a/0x380 [ 36.708030] mempool_slab_oob_right+0xed/0x140 [ 36.712478] kunit_try_run_case+0x1a2/0x480 [ 36.716664] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 36.722061] kthread+0x334/0x6f0 [ 36.725295] ret_from_fork+0x113/0x1d0 [ 36.729047] ret_from_fork_asm+0x1a/0x30 [ 36.732974] [ 36.734473] The buggy address belongs to the object at ffff8881066eb240 [ 36.734473] which belongs to the cache test_cache of size 123 [ 36.746902] The buggy address is located 0 bytes to the right of [ 36.746902] allocated 123-byte region [ffff8881066eb240, ffff8881066eb2bb) [ 36.759849] [ 36.761364] The buggy address belongs to the physical page: [ 36.766937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066eb [ 36.774937] flags: 0x200000000000000(node=0|zone=2) [ 36.779818] page_type: f5(slab) [ 36.782964] raw: 0200000000000000 ffff8881038052c0 dead000000000122 0000000000000000 [ 36.790712] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 36.798450] page dumped because: kasan: bad access detected [ 36.804024] [ 36.805523] Memory state around the buggy address: [ 36.810316] ffff8881066eb180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.817561] ffff8881066eb200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 36.824781] >ffff8881066eb280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 36.831999] ^ [ 36.837051] ffff8881066eb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.844270] ffff8881066eb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.851492] ==================================================================