Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.847046] ================================================================== [ 17.847813] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 17.847884] Read of size 1 at addr fff00000c7996001 by task kunit_try_catch/224 [ 17.847936] [ 17.848426] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.848521] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.848549] Hardware name: linux,dummy-virt (DT) [ 17.848579] Call trace: [ 17.848602] show_stack+0x20/0x38 (C) [ 17.848652] dump_stack_lvl+0x8c/0xd0 [ 17.848699] print_report+0x118/0x5d0 [ 17.848746] kasan_report+0xdc/0x128 [ 17.848790] __asan_report_load1_noabort+0x20/0x30 [ 17.848840] mempool_oob_right_helper+0x2ac/0x2f0 [ 17.848888] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 17.848942] kunit_try_run_case+0x170/0x3f0 [ 17.848994] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.849047] kthread+0x328/0x630 [ 17.849086] ret_from_fork+0x10/0x20 [ 17.849133] [ 17.849153] The buggy address belongs to the physical page: [ 17.849186] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107994 [ 17.849258] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.849305] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.849358] page_type: f8(unknown) [ 17.849397] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.849448] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.849498] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.849549] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.849600] head: 0bfffe0000000002 ffffc1ffc31e6501 00000000ffffffff 00000000ffffffff [ 17.850295] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.850393] page dumped because: kasan: bad access detected [ 17.850427] [ 17.850494] Memory state around the buggy address: [ 17.850526] fff00000c7995f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.850946] fff00000c7995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.851235] >fff00000c7996000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.851279] ^ [ 17.851308] fff00000c7996080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.851933] fff00000c7996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.852243] ================================================================== [ 17.834174] ================================================================== [ 17.834271] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 17.834339] Read of size 1 at addr fff00000c5866a73 by task kunit_try_catch/222 [ 17.834391] [ 17.834433] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.834519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.834547] Hardware name: linux,dummy-virt (DT) [ 17.834578] Call trace: [ 17.834603] show_stack+0x20/0x38 (C) [ 17.834654] dump_stack_lvl+0x8c/0xd0 [ 17.834704] print_report+0x118/0x5d0 [ 17.834749] kasan_report+0xdc/0x128 [ 17.834794] __asan_report_load1_noabort+0x20/0x30 [ 17.834844] mempool_oob_right_helper+0x2ac/0x2f0 [ 17.834894] mempool_kmalloc_oob_right+0xc4/0x120 [ 17.834942] kunit_try_run_case+0x170/0x3f0 [ 17.834991] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.835044] kthread+0x328/0x630 [ 17.835086] ret_from_fork+0x10/0x20 [ 17.835135] [ 17.835156] Allocated by task 222: [ 17.835183] kasan_save_stack+0x3c/0x68 [ 17.835236] kasan_save_track+0x20/0x40 [ 17.835274] kasan_save_alloc_info+0x40/0x58 [ 17.835315] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.835360] remove_element+0x130/0x1f8 [ 17.835399] mempool_alloc_preallocated+0x58/0xc0 [ 17.835438] mempool_oob_right_helper+0x98/0x2f0 [ 17.835476] mempool_kmalloc_oob_right+0xc4/0x120 [ 17.835516] kunit_try_run_case+0x170/0x3f0 [ 17.835553] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.835595] kthread+0x328/0x630 [ 17.835628] ret_from_fork+0x10/0x20 [ 17.835664] [ 17.835683] The buggy address belongs to the object at fff00000c5866a00 [ 17.835683] which belongs to the cache kmalloc-128 of size 128 [ 17.835744] The buggy address is located 0 bytes to the right of [ 17.835744] allocated 115-byte region [fff00000c5866a00, fff00000c5866a73) [ 17.835809] [ 17.835831] The buggy address belongs to the physical page: [ 17.835865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105866 [ 17.835920] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.835972] page_type: f5(slab) [ 17.836013] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.836064] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.836106] page dumped because: kasan: bad access detected [ 17.836139] [ 17.836375] Memory state around the buggy address: [ 17.836422] fff00000c5866900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.836468] fff00000c5866980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.836512] >fff00000c5866a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.836551] ^ [ 17.836592] fff00000c5866a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.836635] fff00000c5866b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.836673] ================================================================== [ 17.865312] ================================================================== [ 17.865791] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 17.866130] Read of size 1 at addr fff00000c58c02bb by task kunit_try_catch/226 [ 17.867229] [ 17.867268] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.867353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.867379] Hardware name: linux,dummy-virt (DT) [ 17.868357] Call trace: [ 17.868494] show_stack+0x20/0x38 (C) [ 17.868550] dump_stack_lvl+0x8c/0xd0 [ 17.868599] print_report+0x118/0x5d0 [ 17.868645] kasan_report+0xdc/0x128 [ 17.868690] __asan_report_load1_noabort+0x20/0x30 [ 17.869108] mempool_oob_right_helper+0x2ac/0x2f0 [ 17.870160] mempool_slab_oob_right+0xc0/0x118 [ 17.870370] kunit_try_run_case+0x170/0x3f0 [ 17.870422] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.870476] kthread+0x328/0x630 [ 17.870956] ret_from_fork+0x10/0x20 [ 17.871714] [ 17.872009] Allocated by task 226: [ 17.872105] kasan_save_stack+0x3c/0x68 [ 17.872429] kasan_save_track+0x20/0x40 [ 17.872552] kasan_save_alloc_info+0x40/0x58 [ 17.872591] __kasan_mempool_unpoison_object+0xbc/0x180 [ 17.872748] remove_element+0x16c/0x1f8 [ 17.872791] mempool_alloc_preallocated+0x58/0xc0 [ 17.872831] mempool_oob_right_helper+0x98/0x2f0 [ 17.873697] mempool_slab_oob_right+0xc0/0x118 [ 17.873872] kunit_try_run_case+0x170/0x3f0 [ 17.873962] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.874256] kthread+0x328/0x630 [ 17.874673] ret_from_fork+0x10/0x20 [ 17.874718] [ 17.874787] The buggy address belongs to the object at fff00000c58c0240 [ 17.874787] which belongs to the cache test_cache of size 123 [ 17.875074] The buggy address is located 0 bytes to the right of [ 17.875074] allocated 123-byte region [fff00000c58c0240, fff00000c58c02bb) [ 17.875981] [ 17.876070] The buggy address belongs to the physical page: [ 17.876210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c0 [ 17.876427] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.876480] page_type: f5(slab) [ 17.876891] raw: 0bfffe0000000000 fff00000c708c500 dead000000000122 0000000000000000 [ 17.877104] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 17.877482] page dumped because: kasan: bad access detected [ 17.877632] [ 17.877652] Memory state around the buggy address: [ 17.877869] fff00000c58c0180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.878130] fff00000c58c0200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 17.878243] >fff00000c58c0280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 17.878478] ^ [ 17.878518] fff00000c58c0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.879013] fff00000c58c0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.879509] ==================================================================
[ 18.566525] ================================================================== [ 18.566598] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.566668] Read of size 1 at addr fff00000c5aaea73 by task kunit_try_catch/222 [ 18.566722] [ 18.566761] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.566847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.566873] Hardware name: linux,dummy-virt (DT) [ 18.566906] Call trace: [ 18.566931] show_stack+0x20/0x38 (C) [ 18.566982] dump_stack_lvl+0x8c/0xd0 [ 18.567032] print_report+0x118/0x5d0 [ 18.567077] kasan_report+0xdc/0x128 [ 18.567121] __asan_report_load1_noabort+0x20/0x30 [ 18.567172] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.567234] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.567281] kunit_try_run_case+0x170/0x3f0 [ 18.567332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.567383] kthread+0x328/0x630 [ 18.567942] ret_from_fork+0x10/0x20 [ 18.567992] [ 18.568011] Allocated by task 222: [ 18.568041] kasan_save_stack+0x3c/0x68 [ 18.568081] kasan_save_track+0x20/0x40 [ 18.568120] kasan_save_alloc_info+0x40/0x58 [ 18.568160] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.568221] remove_element+0x130/0x1f8 [ 18.568260] mempool_alloc_preallocated+0x58/0xc0 [ 18.568299] mempool_oob_right_helper+0x98/0x2f0 [ 18.568337] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.568377] kunit_try_run_case+0x170/0x3f0 [ 18.568417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.568461] kthread+0x328/0x630 [ 18.568493] ret_from_fork+0x10/0x20 [ 18.568530] [ 18.568549] The buggy address belongs to the object at fff00000c5aaea00 [ 18.568549] which belongs to the cache kmalloc-128 of size 128 [ 18.568608] The buggy address is located 0 bytes to the right of [ 18.568608] allocated 115-byte region [fff00000c5aaea00, fff00000c5aaea73) [ 18.568674] [ 18.568695] The buggy address belongs to the physical page: [ 18.568729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aae [ 18.568783] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.568835] page_type: f5(slab) [ 18.568878] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.568929] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.568971] page dumped because: kasan: bad access detected [ 18.569004] [ 18.569022] Memory state around the buggy address: [ 18.569054] fff00000c5aae900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.569099] fff00000c5aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.569144] >fff00000c5aaea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.569197] ^ [ 18.569238] fff00000c5aaea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.569281] fff00000c5aaeb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.569321] ================================================================== [ 18.622290] ================================================================== [ 18.622373] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.622431] Read of size 1 at addr fff00000c5ada2bb by task kunit_try_catch/226 [ 18.622483] [ 18.622519] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.622605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.622634] Hardware name: linux,dummy-virt (DT) [ 18.622666] Call trace: [ 18.622688] show_stack+0x20/0x38 (C) [ 18.622736] dump_stack_lvl+0x8c/0xd0 [ 18.622783] print_report+0x118/0x5d0 [ 18.622829] kasan_report+0xdc/0x128 [ 18.622872] __asan_report_load1_noabort+0x20/0x30 [ 18.622923] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.622972] mempool_slab_oob_right+0xc0/0x118 [ 18.623020] kunit_try_run_case+0x170/0x3f0 [ 18.623070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.623124] kthread+0x328/0x630 [ 18.623167] ret_from_fork+0x10/0x20 [ 18.623231] [ 18.623249] Allocated by task 226: [ 18.623278] kasan_save_stack+0x3c/0x68 [ 18.623319] kasan_save_track+0x20/0x40 [ 18.623357] kasan_save_alloc_info+0x40/0x58 [ 18.623612] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.623666] remove_element+0x16c/0x1f8 [ 18.623704] mempool_alloc_preallocated+0x58/0xc0 [ 18.623744] mempool_oob_right_helper+0x98/0x2f0 [ 18.623784] mempool_slab_oob_right+0xc0/0x118 [ 18.623821] kunit_try_run_case+0x170/0x3f0 [ 18.623859] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.623902] kthread+0x328/0x630 [ 18.623933] ret_from_fork+0x10/0x20 [ 18.624261] [ 18.624283] The buggy address belongs to the object at fff00000c5ada240 [ 18.624283] which belongs to the cache test_cache of size 123 [ 18.624345] The buggy address is located 0 bytes to the right of [ 18.624345] allocated 123-byte region [fff00000c5ada240, fff00000c5ada2bb) [ 18.624410] [ 18.624431] The buggy address belongs to the physical page: [ 18.624464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ada [ 18.624520] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.624570] page_type: f5(slab) [ 18.624610] raw: 0bfffe0000000000 fff00000ffe8cf00 dead000000000122 0000000000000000 [ 18.624661] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.624702] page dumped because: kasan: bad access detected [ 18.624733] [ 18.624750] Memory state around the buggy address: [ 18.624783] fff00000c5ada180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.624828] fff00000c5ada200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.624873] >fff00000c5ada280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.624913] ^ [ 18.624947] fff00000c5ada300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.624991] fff00000c5ada380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.625030] ================================================================== [ 18.582596] ================================================================== [ 18.582661] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.582714] Read of size 1 at addr fff00000c78e2001 by task kunit_try_catch/224 [ 18.582765] [ 18.582797] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.582881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.582908] Hardware name: linux,dummy-virt (DT) [ 18.582939] Call trace: [ 18.582960] show_stack+0x20/0x38 (C) [ 18.583008] dump_stack_lvl+0x8c/0xd0 [ 18.583053] print_report+0x118/0x5d0 [ 18.583099] kasan_report+0xdc/0x128 [ 18.583143] __asan_report_load1_noabort+0x20/0x30 [ 18.586005] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.586122] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.586441] kunit_try_run_case+0x170/0x3f0 [ 18.586500] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.586553] kthread+0x328/0x630 [ 18.586593] ret_from_fork+0x10/0x20 [ 18.586642] [ 18.586664] The buggy address belongs to the physical page: [ 18.586697] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0 [ 18.587068] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.587130] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.587251] page_type: f8(unknown) [ 18.587377] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.587573] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.587669] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.587719] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.588006] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff [ 18.588109] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.588227] page dumped because: kasan: bad access detected [ 18.588278] [ 18.588296] Memory state around the buggy address: [ 18.588329] fff00000c78e1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.588373] fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.588452] >fff00000c78e2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.588598] ^ [ 18.588624] fff00000c78e2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.588667] fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.588755] ==================================================================
[ 14.155571] ================================================================== [ 14.156346] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.156736] Read of size 1 at addr ffff8881034452bb by task kunit_try_catch/242 [ 14.157046] [ 14.157215] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.157281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.157293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.157316] Call Trace: [ 14.157330] <TASK> [ 14.157347] dump_stack_lvl+0x73/0xb0 [ 14.157380] print_report+0xd1/0x610 [ 14.157420] ? __virt_addr_valid+0x1db/0x2d0 [ 14.157444] ? mempool_oob_right_helper+0x318/0x380 [ 14.157487] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.157530] ? mempool_oob_right_helper+0x318/0x380 [ 14.157555] kasan_report+0x141/0x180 [ 14.157593] ? mempool_oob_right_helper+0x318/0x380 [ 14.157629] __asan_report_load1_noabort+0x18/0x20 [ 14.157665] mempool_oob_right_helper+0x318/0x380 [ 14.157690] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.157718] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.157741] ? finish_task_switch.isra.0+0x153/0x700 [ 14.157768] mempool_slab_oob_right+0xed/0x140 [ 14.157793] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 14.157822] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.157867] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.157903] ? __pfx_read_tsc+0x10/0x10 [ 14.157925] ? ktime_get_ts64+0x86/0x230 [ 14.157961] kunit_try_run_case+0x1a5/0x480 [ 14.157987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.158025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.158051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.158084] ? __kthread_parkme+0x82/0x180 [ 14.158106] ? preempt_count_sub+0x50/0x80 [ 14.158130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.158165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.158190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.158216] kthread+0x337/0x6f0 [ 14.158235] ? trace_preempt_on+0x20/0xc0 [ 14.158260] ? __pfx_kthread+0x10/0x10 [ 14.158280] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.158302] ? calculate_sigpending+0x7b/0xa0 [ 14.158327] ? __pfx_kthread+0x10/0x10 [ 14.158349] ret_from_fork+0x116/0x1d0 [ 14.158368] ? __pfx_kthread+0x10/0x10 [ 14.158388] ret_from_fork_asm+0x1a/0x30 [ 14.158428] </TASK> [ 14.158438] [ 14.168111] Allocated by task 242: [ 14.168286] kasan_save_stack+0x45/0x70 [ 14.168509] kasan_save_track+0x18/0x40 [ 14.168646] kasan_save_alloc_info+0x3b/0x50 [ 14.168797] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.169132] remove_element+0x11e/0x190 [ 14.169295] mempool_alloc_preallocated+0x4d/0x90 [ 14.169629] mempool_oob_right_helper+0x8a/0x380 [ 14.169836] mempool_slab_oob_right+0xed/0x140 [ 14.169989] kunit_try_run_case+0x1a5/0x480 [ 14.170137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.170340] kthread+0x337/0x6f0 [ 14.170654] ret_from_fork+0x116/0x1d0 [ 14.170854] ret_from_fork_asm+0x1a/0x30 [ 14.171054] [ 14.171152] The buggy address belongs to the object at ffff888103445240 [ 14.171152] which belongs to the cache test_cache of size 123 [ 14.171531] The buggy address is located 0 bytes to the right of [ 14.171531] allocated 123-byte region [ffff888103445240, ffff8881034452bb) [ 14.172176] [ 14.172277] The buggy address belongs to the physical page: [ 14.172593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103445 [ 14.172897] flags: 0x200000000000000(node=0|zone=2) [ 14.173104] page_type: f5(slab) [ 14.173265] raw: 0200000000000000 ffff888101a22780 dead000000000122 0000000000000000 [ 14.173569] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.173900] page dumped because: kasan: bad access detected [ 14.174079] [ 14.174149] Memory state around the buggy address: [ 14.174376] ffff888103445180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.174704] ffff888103445200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 14.174985] >ffff888103445280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 14.175197] ^ [ 14.175368] ffff888103445300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.175696] ffff888103445380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.175952] ================================================================== [ 14.099987] ================================================================== [ 14.100437] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.101097] Read of size 1 at addr ffff8881026ce173 by task kunit_try_catch/238 [ 14.101403] [ 14.101537] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.101586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.101598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.101621] Call Trace: [ 14.101634] <TASK> [ 14.101654] dump_stack_lvl+0x73/0xb0 [ 14.101687] print_report+0xd1/0x610 [ 14.101711] ? __virt_addr_valid+0x1db/0x2d0 [ 14.101737] ? mempool_oob_right_helper+0x318/0x380 [ 14.101762] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.101786] ? mempool_oob_right_helper+0x318/0x380 [ 14.101811] kasan_report+0x141/0x180 [ 14.101832] ? mempool_oob_right_helper+0x318/0x380 [ 14.102343] __asan_report_load1_noabort+0x18/0x20 [ 14.102372] mempool_oob_right_helper+0x318/0x380 [ 14.102398] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.102440] ? __kasan_check_write+0x18/0x20 [ 14.102472] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.102497] ? finish_task_switch.isra.0+0x153/0x700 [ 14.102525] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.102549] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 14.102587] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.102614] ? __pfx_mempool_kfree+0x10/0x10 [ 14.102639] ? __pfx_read_tsc+0x10/0x10 [ 14.102662] ? ktime_get_ts64+0x86/0x230 [ 14.102687] kunit_try_run_case+0x1a5/0x480 [ 14.102715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.102740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.102767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.102791] ? __kthread_parkme+0x82/0x180 [ 14.102813] ? preempt_count_sub+0x50/0x80 [ 14.102836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.102861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.102886] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.102911] kthread+0x337/0x6f0 [ 14.102931] ? trace_preempt_on+0x20/0xc0 [ 14.102954] ? __pfx_kthread+0x10/0x10 [ 14.102975] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.102997] ? calculate_sigpending+0x7b/0xa0 [ 14.103023] ? __pfx_kthread+0x10/0x10 [ 14.103044] ret_from_fork+0x116/0x1d0 [ 14.103064] ? __pfx_kthread+0x10/0x10 [ 14.103084] ret_from_fork_asm+0x1a/0x30 [ 14.103116] </TASK> [ 14.103127] [ 14.115127] Allocated by task 238: [ 14.115310] kasan_save_stack+0x45/0x70 [ 14.115565] kasan_save_track+0x18/0x40 [ 14.115950] kasan_save_alloc_info+0x3b/0x50 [ 14.116306] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.116568] remove_element+0x11e/0x190 [ 14.116916] mempool_alloc_preallocated+0x4d/0x90 [ 14.117223] mempool_oob_right_helper+0x8a/0x380 [ 14.117430] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.117770] kunit_try_run_case+0x1a5/0x480 [ 14.117978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.118217] kthread+0x337/0x6f0 [ 14.118389] ret_from_fork+0x116/0x1d0 [ 14.118712] ret_from_fork_asm+0x1a/0x30 [ 14.118920] [ 14.119018] The buggy address belongs to the object at ffff8881026ce100 [ 14.119018] which belongs to the cache kmalloc-128 of size 128 [ 14.119444] The buggy address is located 0 bytes to the right of [ 14.119444] allocated 115-byte region [ffff8881026ce100, ffff8881026ce173) [ 14.120336] [ 14.120461] The buggy address belongs to the physical page: [ 14.120915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ce [ 14.121369] flags: 0x200000000000000(node=0|zone=2) [ 14.121825] page_type: f5(slab) [ 14.121993] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.122317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.122661] page dumped because: kasan: bad access detected [ 14.123049] [ 14.123280] Memory state around the buggy address: [ 14.123558] ffff8881026ce000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.124117] ffff8881026ce080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.124507] >ffff8881026ce100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.124909] ^ [ 14.125272] ffff8881026ce180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.125673] ffff8881026ce200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.126019] ================================================================== [ 14.131182] ================================================================== [ 14.132009] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.132398] Read of size 1 at addr ffff888103a5e001 by task kunit_try_catch/240 [ 14.132883] [ 14.133011] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.133093] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.133129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.133153] Call Trace: [ 14.133166] <TASK> [ 14.133184] dump_stack_lvl+0x73/0xb0 [ 14.133230] print_report+0xd1/0x610 [ 14.133254] ? __virt_addr_valid+0x1db/0x2d0 [ 14.133281] ? mempool_oob_right_helper+0x318/0x380 [ 14.133306] ? kasan_addr_to_slab+0x11/0xa0 [ 14.133328] ? mempool_oob_right_helper+0x318/0x380 [ 14.133380] kasan_report+0x141/0x180 [ 14.133402] ? mempool_oob_right_helper+0x318/0x380 [ 14.133431] __asan_report_load1_noabort+0x18/0x20 [ 14.133479] mempool_oob_right_helper+0x318/0x380 [ 14.133505] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.133548] ? __kasan_check_write+0x18/0x20 [ 14.133600] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.133624] ? finish_task_switch.isra.0+0x153/0x700 [ 14.133652] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 14.133684] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 14.133714] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.133740] ? __pfx_mempool_kfree+0x10/0x10 [ 14.133766] ? __pfx_read_tsc+0x10/0x10 [ 14.133787] ? ktime_get_ts64+0x86/0x230 [ 14.133813] kunit_try_run_case+0x1a5/0x480 [ 14.133840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.133863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.133889] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.133913] ? __kthread_parkme+0x82/0x180 [ 14.133935] ? preempt_count_sub+0x50/0x80 [ 14.133958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.133983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.134008] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.134034] kthread+0x337/0x6f0 [ 14.134053] ? trace_preempt_on+0x20/0xc0 [ 14.134078] ? __pfx_kthread+0x10/0x10 [ 14.134098] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.134120] ? calculate_sigpending+0x7b/0xa0 [ 14.134146] ? __pfx_kthread+0x10/0x10 [ 14.134167] ret_from_fork+0x116/0x1d0 [ 14.134186] ? __pfx_kthread+0x10/0x10 [ 14.134207] ret_from_fork_asm+0x1a/0x30 [ 14.134238] </TASK> [ 14.134248] [ 14.144105] The buggy address belongs to the physical page: [ 14.144416] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a5c [ 14.144871] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.145198] flags: 0x200000000000040(head|node=0|zone=2) [ 14.145508] page_type: f8(unknown) [ 14.145789] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.146154] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.146544] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.147004] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.147353] head: 0200000000000002 ffffea00040e9701 00000000ffffffff 00000000ffffffff [ 14.147835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.148159] page dumped because: kasan: bad access detected [ 14.148431] [ 14.148647] Memory state around the buggy address: [ 14.148832] ffff888103a5df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.149088] ffff888103a5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.149300] >ffff888103a5e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.149520] ^ [ 14.149636] ffff888103a5e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.149843] ffff888103a5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.150050] ==================================================================
[ 14.296533] ================================================================== [ 14.297424] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.298258] Read of size 1 at addr ffff888102b2ea73 by task kunit_try_catch/239 [ 14.298880] [ 14.299015] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.299078] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.299091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.299114] Call Trace: [ 14.299127] <TASK> [ 14.299145] dump_stack_lvl+0x73/0xb0 [ 14.299280] print_report+0xd1/0x610 [ 14.299304] ? __virt_addr_valid+0x1db/0x2d0 [ 14.299330] ? mempool_oob_right_helper+0x318/0x380 [ 14.299353] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.299378] ? mempool_oob_right_helper+0x318/0x380 [ 14.299403] kasan_report+0x141/0x180 [ 14.299425] ? mempool_oob_right_helper+0x318/0x380 [ 14.299454] __asan_report_load1_noabort+0x18/0x20 [ 14.299479] mempool_oob_right_helper+0x318/0x380 [ 14.299505] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.299532] ? __kasan_check_write+0x18/0x20 [ 14.299552] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.299576] ? finish_task_switch.isra.0+0x153/0x700 [ 14.299603] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.299628] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 14.299723] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.299749] ? __pfx_mempool_kfree+0x10/0x10 [ 14.299775] ? __pfx_read_tsc+0x10/0x10 [ 14.299801] ? ktime_get_ts64+0x86/0x230 [ 14.299826] kunit_try_run_case+0x1a5/0x480 [ 14.299853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.299877] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.299902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.299926] ? __kthread_parkme+0x82/0x180 [ 14.299948] ? preempt_count_sub+0x50/0x80 [ 14.299971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.299996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.300022] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.300048] kthread+0x337/0x6f0 [ 14.300081] ? trace_preempt_on+0x20/0xc0 [ 14.300105] ? __pfx_kthread+0x10/0x10 [ 14.300126] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.300148] ? calculate_sigpending+0x7b/0xa0 [ 14.300174] ? __pfx_kthread+0x10/0x10 [ 14.300196] ret_from_fork+0x116/0x1d0 [ 14.300216] ? __pfx_kthread+0x10/0x10 [ 14.300237] ret_from_fork_asm+0x1a/0x30 [ 14.300268] </TASK> [ 14.300278] [ 14.310367] Allocated by task 239: [ 14.310533] kasan_save_stack+0x45/0x70 [ 14.310683] kasan_save_track+0x18/0x40 [ 14.310848] kasan_save_alloc_info+0x3b/0x50 [ 14.311073] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.311390] remove_element+0x11e/0x190 [ 14.311788] mempool_alloc_preallocated+0x4d/0x90 [ 14.312048] mempool_oob_right_helper+0x8a/0x380 [ 14.312336] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.312698] kunit_try_run_case+0x1a5/0x480 [ 14.312972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.313311] kthread+0x337/0x6f0 [ 14.313475] ret_from_fork+0x116/0x1d0 [ 14.313743] ret_from_fork_asm+0x1a/0x30 [ 14.313901] [ 14.313976] The buggy address belongs to the object at ffff888102b2ea00 [ 14.313976] which belongs to the cache kmalloc-128 of size 128 [ 14.314468] The buggy address is located 0 bytes to the right of [ 14.314468] allocated 115-byte region [ffff888102b2ea00, ffff888102b2ea73) [ 14.315075] [ 14.315156] The buggy address belongs to the physical page: [ 14.315420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2e [ 14.315837] flags: 0x200000000000000(node=0|zone=2) [ 14.316073] page_type: f5(slab) [ 14.316383] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.316766] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.317181] page dumped because: kasan: bad access detected [ 14.317357] [ 14.317427] Memory state around the buggy address: [ 14.317614] ffff888102b2e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.318045] ffff888102b2e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.318396] >ffff888102b2ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.318805] ^ [ 14.319141] ffff888102b2ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.319457] ffff888102b2eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.319757] ================================================================== [ 14.322643] ================================================================== [ 14.323948] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.324587] Read of size 1 at addr ffff888103bba001 by task kunit_try_catch/241 [ 14.325067] [ 14.325187] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.325233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.325246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.325267] Call Trace: [ 14.325279] <TASK> [ 14.325293] dump_stack_lvl+0x73/0xb0 [ 14.325323] print_report+0xd1/0x610 [ 14.325346] ? __virt_addr_valid+0x1db/0x2d0 [ 14.325370] ? mempool_oob_right_helper+0x318/0x380 [ 14.325395] ? kasan_addr_to_slab+0x11/0xa0 [ 14.325417] ? mempool_oob_right_helper+0x318/0x380 [ 14.325444] kasan_report+0x141/0x180 [ 14.325465] ? mempool_oob_right_helper+0x318/0x380 [ 14.325495] __asan_report_load1_noabort+0x18/0x20 [ 14.325521] mempool_oob_right_helper+0x318/0x380 [ 14.325548] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.325575] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.325598] ? finish_task_switch.isra.0+0x153/0x700 [ 14.325625] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 14.325652] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 14.325682] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.325707] ? __pfx_mempool_kfree+0x10/0x10 [ 14.325732] ? __pfx_read_tsc+0x10/0x10 [ 14.325757] ? ktime_get_ts64+0x86/0x230 [ 14.325782] kunit_try_run_case+0x1a5/0x480 [ 14.325807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.325831] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.325854] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.325880] ? __kthread_parkme+0x82/0x180 [ 14.325900] ? preempt_count_sub+0x50/0x80 [ 14.325924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.325950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.325975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.326001] kthread+0x337/0x6f0 [ 14.326020] ? trace_preempt_on+0x20/0xc0 [ 14.326045] ? __pfx_kthread+0x10/0x10 [ 14.326077] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.326099] ? calculate_sigpending+0x7b/0xa0 [ 14.326150] ? __pfx_kthread+0x10/0x10 [ 14.326172] ret_from_fork+0x116/0x1d0 [ 14.326322] ? __pfx_kthread+0x10/0x10 [ 14.326344] ret_from_fork_asm+0x1a/0x30 [ 14.326375] </TASK> [ 14.326385] [ 14.339071] The buggy address belongs to the physical page: [ 14.339570] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bb8 [ 14.340112] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.340481] flags: 0x200000000000040(head|node=0|zone=2) [ 14.341116] page_type: f8(unknown) [ 14.341392] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.341953] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.342369] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.342933] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.343407] head: 0200000000000002 ffffea00040eee01 00000000ffffffff 00000000ffffffff [ 14.343961] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.344437] page dumped because: kasan: bad access detected [ 14.344859] [ 14.344959] Memory state around the buggy address: [ 14.345389] ffff888103bb9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.345688] ffff888103bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.346141] >ffff888103bba000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.346470] ^ [ 14.346809] ffff888103bba080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.347276] ffff888103bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.347712] ================================================================== [ 14.354006] ================================================================== [ 14.354643] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.355178] Read of size 1 at addr ffff888102b4d2bb by task kunit_try_catch/243 [ 14.355769] [ 14.355956] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.356004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.356017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.356037] Call Trace: [ 14.356049] <TASK> [ 14.356077] dump_stack_lvl+0x73/0xb0 [ 14.356143] print_report+0xd1/0x610 [ 14.356168] ? __virt_addr_valid+0x1db/0x2d0 [ 14.356191] ? mempool_oob_right_helper+0x318/0x380 [ 14.356217] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.356240] ? mempool_oob_right_helper+0x318/0x380 [ 14.356265] kasan_report+0x141/0x180 [ 14.356288] ? mempool_oob_right_helper+0x318/0x380 [ 14.356318] __asan_report_load1_noabort+0x18/0x20 [ 14.356344] mempool_oob_right_helper+0x318/0x380 [ 14.356369] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.356393] ? update_load_avg+0x1be/0x21b0 [ 14.356422] ? finish_task_switch.isra.0+0x153/0x700 [ 14.356449] mempool_slab_oob_right+0xed/0x140 [ 14.356474] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 14.356502] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.356529] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.356556] ? __pfx_read_tsc+0x10/0x10 [ 14.356579] ? ktime_get_ts64+0x86/0x230 [ 14.356604] kunit_try_run_case+0x1a5/0x480 [ 14.356631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.356719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.356747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.356771] ? __kthread_parkme+0x82/0x180 [ 14.356793] ? preempt_count_sub+0x50/0x80 [ 14.356817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.356842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.356868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.356896] kthread+0x337/0x6f0 [ 14.356914] ? trace_preempt_on+0x20/0xc0 [ 14.356938] ? __pfx_kthread+0x10/0x10 [ 14.356960] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.356982] ? calculate_sigpending+0x7b/0xa0 [ 14.357007] ? __pfx_kthread+0x10/0x10 [ 14.357029] ret_from_fork+0x116/0x1d0 [ 14.357049] ? __pfx_kthread+0x10/0x10 [ 14.357083] ret_from_fork_asm+0x1a/0x30 [ 14.357114] </TASK> [ 14.357124] [ 14.371149] Allocated by task 243: [ 14.371483] kasan_save_stack+0x45/0x70 [ 14.371890] kasan_save_track+0x18/0x40 [ 14.372369] kasan_save_alloc_info+0x3b/0x50 [ 14.372825] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.373007] remove_element+0x11e/0x190 [ 14.373195] mempool_alloc_preallocated+0x4d/0x90 [ 14.373600] mempool_oob_right_helper+0x8a/0x380 [ 14.374200] mempool_slab_oob_right+0xed/0x140 [ 14.374622] kunit_try_run_case+0x1a5/0x480 [ 14.375094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.375526] kthread+0x337/0x6f0 [ 14.375703] ret_from_fork+0x116/0x1d0 [ 14.376071] ret_from_fork_asm+0x1a/0x30 [ 14.376349] [ 14.376424] The buggy address belongs to the object at ffff888102b4d240 [ 14.376424] which belongs to the cache test_cache of size 123 [ 14.377110] The buggy address is located 0 bytes to the right of [ 14.377110] allocated 123-byte region [ffff888102b4d240, ffff888102b4d2bb) [ 14.378463] [ 14.378636] The buggy address belongs to the physical page: [ 14.379027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4d [ 14.379688] flags: 0x200000000000000(node=0|zone=2) [ 14.380136] page_type: f5(slab) [ 14.380261] raw: 0200000000000000 ffff888101b19c80 dead000000000122 0000000000000000 [ 14.380494] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.381003] page dumped because: kasan: bad access detected [ 14.381534] [ 14.381851] Memory state around the buggy address: [ 14.382328] ffff888102b4d180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.382982] ffff888102b4d200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 14.383676] >ffff888102b4d280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 14.384262] ^ [ 14.384432] ffff888102b4d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.384651] ffff888102b4d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.385397] ==================================================================