Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.518580] ================================================================== [ 18.518659] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.519334] Read of size 1 at addr fff00000c78702bb by task kunit_try_catch/225 [ 18.519389] [ 18.519839] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.520469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.520500] Hardware name: linux,dummy-virt (DT) [ 18.521001] Call trace: [ 18.521072] show_stack+0x20/0x38 (C) [ 18.521129] dump_stack_lvl+0x8c/0xd0 [ 18.521180] print_report+0x118/0x5d0 [ 18.521227] kasan_report+0xdc/0x128 [ 18.521273] __asan_report_load1_noabort+0x20/0x30 [ 18.521324] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.521373] mempool_slab_oob_right+0xc0/0x118 [ 18.521421] kunit_try_run_case+0x170/0x3f0 [ 18.521470] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.521523] kthread+0x328/0x630 [ 18.521566] ret_from_fork+0x10/0x20 [ 18.521614] [ 18.521632] Allocated by task 225: [ 18.521662] kasan_save_stack+0x3c/0x68 [ 18.522394] kasan_save_track+0x20/0x40 [ 18.523832] kasan_save_alloc_info+0x40/0x58 [ 18.524418] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.524768] remove_element+0x16c/0x1f8 [ 18.525012] mempool_alloc_preallocated+0x58/0xc0 [ 18.525242] mempool_oob_right_helper+0x98/0x2f0 [ 18.525560] mempool_slab_oob_right+0xc0/0x118 [ 18.525838] kunit_try_run_case+0x170/0x3f0 [ 18.525878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.526223] kthread+0x328/0x630 [ 18.526918] ret_from_fork+0x10/0x20 [ 18.527090] [ 18.527114] The buggy address belongs to the object at fff00000c7870240 [ 18.527114] which belongs to the cache test_cache of size 123 [ 18.527542] The buggy address is located 0 bytes to the right of [ 18.527542] allocated 123-byte region [fff00000c7870240, fff00000c78702bb) [ 18.528160] [ 18.528274] The buggy address belongs to the physical page: [ 18.528312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107870 [ 18.528706] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.529125] page_type: f5(slab) [ 18.529392] raw: 0bfffe0000000000 fff00000c7867140 dead000000000122 0000000000000000 [ 18.529446] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.529489] page dumped because: kasan: bad access detected [ 18.529522] [ 18.529540] Memory state around the buggy address: [ 18.530583] fff00000c7870180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.530803] fff00000c7870200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.531433] >fff00000c7870280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.531578] ^ [ 18.531793] fff00000c7870300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.531965] fff00000c7870380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.532320] ================================================================== [ 18.485296] ================================================================== [ 18.485365] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.485427] Read of size 1 at addr fff00000c7972001 by task kunit_try_catch/223 [ 18.485479] [ 18.485512] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.485598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.485623] Hardware name: linux,dummy-virt (DT) [ 18.485657] Call trace: [ 18.485679] show_stack+0x20/0x38 (C) [ 18.485729] dump_stack_lvl+0x8c/0xd0 [ 18.485776] print_report+0x118/0x5d0 [ 18.486501] kasan_report+0xdc/0x128 [ 18.486609] __asan_report_load1_noabort+0x20/0x30 [ 18.486666] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.486713] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.486765] kunit_try_run_case+0x170/0x3f0 [ 18.486817] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.486868] kthread+0x328/0x630 [ 18.486923] ret_from_fork+0x10/0x20 [ 18.486971] [ 18.486993] The buggy address belongs to the physical page: [ 18.487026] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107970 [ 18.487083] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.487130] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.487184] page_type: f8(unknown) [ 18.487225] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.487276] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.487326] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.487375] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.487425] head: 0bfffe0000000002 ffffc1ffc31e5c01 00000000ffffffff 00000000ffffffff [ 18.487476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.487518] page dumped because: kasan: bad access detected [ 18.487550] [ 18.487568] Memory state around the buggy address: [ 18.487600] fff00000c7971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.488124] fff00000c7971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.488450] >fff00000c7972000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.488817] ^ [ 18.488855] fff00000c7972080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.489019] fff00000c7972100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.489345] ================================================================== [ 18.472235] ================================================================== [ 18.472310] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.472385] Read of size 1 at addr fff00000c3ef4673 by task kunit_try_catch/221 [ 18.472436] [ 18.472476] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.472563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.472591] Hardware name: linux,dummy-virt (DT) [ 18.472625] Call trace: [ 18.472651] show_stack+0x20/0x38 (C) [ 18.472704] dump_stack_lvl+0x8c/0xd0 [ 18.472753] print_report+0x118/0x5d0 [ 18.472801] kasan_report+0xdc/0x128 [ 18.472845] __asan_report_load1_noabort+0x20/0x30 [ 18.472909] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.472958] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.473007] kunit_try_run_case+0x170/0x3f0 [ 18.473057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.473110] kthread+0x328/0x630 [ 18.473154] ret_from_fork+0x10/0x20 [ 18.473202] [ 18.473220] Allocated by task 221: [ 18.473251] kasan_save_stack+0x3c/0x68 [ 18.473292] kasan_save_track+0x20/0x40 [ 18.473331] kasan_save_alloc_info+0x40/0x58 [ 18.473371] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.473415] remove_element+0x130/0x1f8 [ 18.473453] mempool_alloc_preallocated+0x58/0xc0 [ 18.473492] mempool_oob_right_helper+0x98/0x2f0 [ 18.473532] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.473572] kunit_try_run_case+0x170/0x3f0 [ 18.473612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.473657] kthread+0x328/0x630 [ 18.473689] ret_from_fork+0x10/0x20 [ 18.473725] [ 18.473745] The buggy address belongs to the object at fff00000c3ef4600 [ 18.473745] which belongs to the cache kmalloc-128 of size 128 [ 18.473830] The buggy address is located 0 bytes to the right of [ 18.473830] allocated 115-byte region [fff00000c3ef4600, fff00000c3ef4673) [ 18.473904] [ 18.473927] The buggy address belongs to the physical page: [ 18.473961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ef4 [ 18.474016] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.474069] page_type: f5(slab) [ 18.474113] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.474163] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.474206] page dumped because: kasan: bad access detected [ 18.474236] [ 18.474254] Memory state around the buggy address: [ 18.474288] fff00000c3ef4500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.474332] fff00000c3ef4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.474376] >fff00000c3ef4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.474416] ^ [ 18.474457] fff00000c3ef4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.474500] fff00000c3ef4700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.474541] ==================================================================
[ 18.616744] ================================================================== [ 18.616821] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.616887] Read of size 1 at addr fff00000c79ba001 by task kunit_try_catch/223 [ 18.616959] [ 18.616997] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.617084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.617114] Hardware name: linux,dummy-virt (DT) [ 18.617148] Call trace: [ 18.617172] show_stack+0x20/0x38 (C) [ 18.617223] dump_stack_lvl+0x8c/0xd0 [ 18.617272] print_report+0x118/0x5d0 [ 18.617321] kasan_report+0xdc/0x128 [ 18.617365] __asan_report_load1_noabort+0x20/0x30 [ 18.617415] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.617464] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.617514] kunit_try_run_case+0x170/0x3f0 [ 18.617563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.617631] kthread+0x328/0x630 [ 18.617676] ret_from_fork+0x10/0x20 [ 18.617724] [ 18.617746] The buggy address belongs to the physical page: [ 18.617781] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079b8 [ 18.617837] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.617886] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.617955] page_type: f8(unknown) [ 18.617997] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.618048] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.618099] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.618151] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.618201] head: 0bfffe0000000002 ffffc1ffc31e6e01 00000000ffffffff 00000000ffffffff [ 18.618251] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.618294] page dumped because: kasan: bad access detected [ 18.618325] [ 18.618345] Memory state around the buggy address: [ 18.618377] fff00000c79b9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.618421] fff00000c79b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.618465] >fff00000c79ba000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.618504] ^ [ 18.618531] fff00000c79ba080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.618574] fff00000c79ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.618613] ================================================================== [ 18.584021] ================================================================== [ 18.584102] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.584175] Read of size 1 at addr fff00000c5b4c173 by task kunit_try_catch/221 [ 18.584230] [ 18.584273] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.584360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.584388] Hardware name: linux,dummy-virt (DT) [ 18.584421] Call trace: [ 18.584447] show_stack+0x20/0x38 (C) [ 18.584500] dump_stack_lvl+0x8c/0xd0 [ 18.584551] print_report+0x118/0x5d0 [ 18.584599] kasan_report+0xdc/0x128 [ 18.584658] __asan_report_load1_noabort+0x20/0x30 [ 18.584709] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.584757] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.584806] kunit_try_run_case+0x170/0x3f0 [ 18.584856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.584909] kthread+0x328/0x630 [ 18.585073] ret_from_fork+0x10/0x20 [ 18.585128] [ 18.585147] Allocated by task 221: [ 18.585180] kasan_save_stack+0x3c/0x68 [ 18.585222] kasan_save_track+0x20/0x40 [ 18.585259] kasan_save_alloc_info+0x40/0x58 [ 18.585300] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.585345] remove_element+0x130/0x1f8 [ 18.585383] mempool_alloc_preallocated+0x58/0xc0 [ 18.585423] mempool_oob_right_helper+0x98/0x2f0 [ 18.585461] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.585502] kunit_try_run_case+0x170/0x3f0 [ 18.585541] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.585586] kthread+0x328/0x630 [ 18.585633] ret_from_fork+0x10/0x20 [ 18.585669] [ 18.585689] The buggy address belongs to the object at fff00000c5b4c100 [ 18.585689] which belongs to the cache kmalloc-128 of size 128 [ 18.585749] The buggy address is located 0 bytes to the right of [ 18.585749] allocated 115-byte region [fff00000c5b4c100, fff00000c5b4c173) [ 18.585814] [ 18.585836] The buggy address belongs to the physical page: [ 18.585870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4c [ 18.585931] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.585985] page_type: f5(slab) [ 18.586029] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.586080] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.586122] page dumped because: kasan: bad access detected [ 18.586153] [ 18.586173] Memory state around the buggy address: [ 18.586207] fff00000c5b4c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.586250] fff00000c5b4c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.586295] >fff00000c5b4c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.586334] ^ [ 18.586375] fff00000c5b4c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.586419] fff00000c5b4c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.586458] ================================================================== [ 18.644142] ================================================================== [ 18.644226] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.644292] Read of size 1 at addr fff00000c5b482bb by task kunit_try_catch/225 [ 18.644344] [ 18.644381] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.644469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.644496] Hardware name: linux,dummy-virt (DT) [ 18.644530] Call trace: [ 18.644556] show_stack+0x20/0x38 (C) [ 18.644604] dump_stack_lvl+0x8c/0xd0 [ 18.644670] print_report+0x118/0x5d0 [ 18.644718] kasan_report+0xdc/0x128 [ 18.644764] __asan_report_load1_noabort+0x20/0x30 [ 18.644816] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.644865] mempool_slab_oob_right+0xc0/0x118 [ 18.644913] kunit_try_run_case+0x170/0x3f0 [ 18.644969] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.645023] kthread+0x328/0x630 [ 18.645067] ret_from_fork+0x10/0x20 [ 18.645130] [ 18.645152] Allocated by task 225: [ 18.645183] kasan_save_stack+0x3c/0x68 [ 18.645227] kasan_save_track+0x20/0x40 [ 18.645266] kasan_save_alloc_info+0x40/0x58 [ 18.645306] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.645350] remove_element+0x16c/0x1f8 [ 18.645388] mempool_alloc_preallocated+0x58/0xc0 [ 18.645428] mempool_oob_right_helper+0x98/0x2f0 [ 18.645469] mempool_slab_oob_right+0xc0/0x118 [ 18.645507] kunit_try_run_case+0x170/0x3f0 [ 18.645544] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.645588] kthread+0x328/0x630 [ 18.645632] ret_from_fork+0x10/0x20 [ 18.645669] [ 18.645688] The buggy address belongs to the object at fff00000c5b48240 [ 18.645688] which belongs to the cache test_cache of size 123 [ 18.645748] The buggy address is located 0 bytes to the right of [ 18.645748] allocated 123-byte region [fff00000c5b48240, fff00000c5b482bb) [ 18.645811] [ 18.645835] The buggy address belongs to the physical page: [ 18.645866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b48 [ 18.646665] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.646730] page_type: f5(slab) [ 18.646774] raw: 0bfffe0000000000 fff00000c6670640 dead000000000122 0000000000000000 [ 18.646826] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.646867] page dumped because: kasan: bad access detected [ 18.646900] [ 18.646919] Memory state around the buggy address: [ 18.646954] fff00000c5b48180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.646999] fff00000c5b48200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.647043] >fff00000c5b48280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.647082] ^ [ 18.647117] fff00000c5b48300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.647160] fff00000c5b48380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.647199] ==================================================================
[ 14.090244] ================================================================== [ 14.090729] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.091531] Read of size 1 at addr ffff88810313ab73 by task kunit_try_catch/239 [ 14.092335] [ 14.092497] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.092551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.092564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.092587] Call Trace: [ 14.092602] <TASK> [ 14.092623] dump_stack_lvl+0x73/0xb0 [ 14.092659] print_report+0xd1/0x610 [ 14.092847] ? __virt_addr_valid+0x1db/0x2d0 [ 14.092878] ? mempool_oob_right_helper+0x318/0x380 [ 14.092902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.092925] ? mempool_oob_right_helper+0x318/0x380 [ 14.092949] kasan_report+0x141/0x180 [ 14.092971] ? mempool_oob_right_helper+0x318/0x380 [ 14.093000] __asan_report_load1_noabort+0x18/0x20 [ 14.093024] mempool_oob_right_helper+0x318/0x380 [ 14.093049] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.093076] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.093100] ? finish_task_switch.isra.0+0x153/0x700 [ 14.093128] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.093155] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 14.093183] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.093209] ? __pfx_mempool_kfree+0x10/0x10 [ 14.093234] ? __pfx_read_tsc+0x10/0x10 [ 14.093257] ? ktime_get_ts64+0x86/0x230 [ 14.093285] kunit_try_run_case+0x1a5/0x480 [ 14.093311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.093334] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.093359] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.093383] ? __kthread_parkme+0x82/0x180 [ 14.093475] ? preempt_count_sub+0x50/0x80 [ 14.093500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.093524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.093549] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.093571] kthread+0x337/0x6f0 [ 14.093604] ? trace_preempt_on+0x20/0xc0 [ 14.093629] ? __pfx_kthread+0x10/0x10 [ 14.093650] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.093671] ? calculate_sigpending+0x7b/0xa0 [ 14.093696] ? __pfx_kthread+0x10/0x10 [ 14.093717] ret_from_fork+0x116/0x1d0 [ 14.093737] ? __pfx_kthread+0x10/0x10 [ 14.093757] ret_from_fork_asm+0x1a/0x30 [ 14.093792] </TASK> [ 14.093803] [ 14.106723] Allocated by task 239: [ 14.106871] kasan_save_stack+0x45/0x70 [ 14.107061] kasan_save_track+0x18/0x40 [ 14.107589] kasan_save_alloc_info+0x3b/0x50 [ 14.107892] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.108295] remove_element+0x11e/0x190 [ 14.108508] mempool_alloc_preallocated+0x4d/0x90 [ 14.108935] mempool_oob_right_helper+0x8a/0x380 [ 14.109357] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.109740] kunit_try_run_case+0x1a5/0x480 [ 14.109986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.110617] kthread+0x337/0x6f0 [ 14.110777] ret_from_fork+0x116/0x1d0 [ 14.110981] ret_from_fork_asm+0x1a/0x30 [ 14.111477] [ 14.111560] The buggy address belongs to the object at ffff88810313ab00 [ 14.111560] which belongs to the cache kmalloc-128 of size 128 [ 14.112466] The buggy address is located 0 bytes to the right of [ 14.112466] allocated 115-byte region [ffff88810313ab00, ffff88810313ab73) [ 14.113288] [ 14.113390] The buggy address belongs to the physical page: [ 14.113635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 14.114370] flags: 0x200000000000000(node=0|zone=2) [ 14.114682] page_type: f5(slab) [ 14.114870] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.115530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.115960] page dumped because: kasan: bad access detected [ 14.116355] [ 14.116622] Memory state around the buggy address: [ 14.116963] ffff88810313aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.117394] ffff88810313aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.117949] >ffff88810313ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.118521] ^ [ 14.118980] ffff88810313ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.119539] ffff88810313ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.120001] ================================================================== [ 14.123898] ================================================================== [ 14.124585] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.125219] Read of size 1 at addr ffff88810391e001 by task kunit_try_catch/241 [ 14.125514] [ 14.125633] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.125683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.125696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.125719] Call Trace: [ 14.125733] <TASK> [ 14.125750] dump_stack_lvl+0x73/0xb0 [ 14.125782] print_report+0xd1/0x610 [ 14.125805] ? __virt_addr_valid+0x1db/0x2d0 [ 14.125829] ? mempool_oob_right_helper+0x318/0x380 [ 14.125853] ? kasan_addr_to_slab+0x11/0xa0 [ 14.125874] ? mempool_oob_right_helper+0x318/0x380 [ 14.125898] kasan_report+0x141/0x180 [ 14.125919] ? mempool_oob_right_helper+0x318/0x380 [ 14.125948] __asan_report_load1_noabort+0x18/0x20 [ 14.125972] mempool_oob_right_helper+0x318/0x380 [ 14.125997] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.126022] ? __kasan_check_write+0x18/0x20 [ 14.126041] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.126131] ? finish_task_switch.isra.0+0x153/0x700 [ 14.126170] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 14.126195] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 14.126224] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.126249] ? __pfx_mempool_kfree+0x10/0x10 [ 14.126274] ? __pfx_read_tsc+0x10/0x10 [ 14.126296] ? ktime_get_ts64+0x86/0x230 [ 14.126322] kunit_try_run_case+0x1a5/0x480 [ 14.126348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.126370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.126404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.126428] ? __kthread_parkme+0x82/0x180 [ 14.126450] ? preempt_count_sub+0x50/0x80 [ 14.126473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.126497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.126520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.126544] kthread+0x337/0x6f0 [ 14.126563] ? trace_preempt_on+0x20/0xc0 [ 14.126588] ? __pfx_kthread+0x10/0x10 [ 14.126609] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.126630] ? calculate_sigpending+0x7b/0xa0 [ 14.126656] ? __pfx_kthread+0x10/0x10 [ 14.126678] ret_from_fork+0x116/0x1d0 [ 14.126696] ? __pfx_kthread+0x10/0x10 [ 14.126717] ret_from_fork_asm+0x1a/0x30 [ 14.126751] </TASK> [ 14.126762] [ 14.136295] The buggy address belongs to the physical page: [ 14.136570] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10391c [ 14.136917] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.137148] flags: 0x200000000000040(head|node=0|zone=2) [ 14.137446] page_type: f8(unknown) [ 14.137678] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.138136] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.138478] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.138742] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.138979] head: 0200000000000002 ffffea00040e4701 00000000ffffffff 00000000ffffffff [ 14.139391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.139748] page dumped because: kasan: bad access detected [ 14.140010] [ 14.140302] Memory state around the buggy address: [ 14.140493] ffff88810391df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.140902] ffff88810391df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.141123] >ffff88810391e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.142176] ^ [ 14.142363] ffff88810391e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.142664] ffff88810391e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.142944] ================================================================== [ 14.147064] ================================================================== [ 14.148420] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.149261] Read of size 1 at addr ffff88810315a2bb by task kunit_try_catch/243 [ 14.149768] [ 14.149869] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.149916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.149930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.149952] Call Trace: [ 14.149965] <TASK> [ 14.149981] dump_stack_lvl+0x73/0xb0 [ 14.150094] print_report+0xd1/0x610 [ 14.150133] ? __virt_addr_valid+0x1db/0x2d0 [ 14.150157] ? mempool_oob_right_helper+0x318/0x380 [ 14.150182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.150205] ? mempool_oob_right_helper+0x318/0x380 [ 14.150229] kasan_report+0x141/0x180 [ 14.150251] ? mempool_oob_right_helper+0x318/0x380 [ 14.150280] __asan_report_load1_noabort+0x18/0x20 [ 14.150304] mempool_oob_right_helper+0x318/0x380 [ 14.150331] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.150360] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.150382] ? finish_task_switch.isra.0+0x153/0x700 [ 14.150419] mempool_slab_oob_right+0xed/0x140 [ 14.150738] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 14.150769] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.150795] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.150820] ? __pfx_read_tsc+0x10/0x10 [ 14.150842] ? ktime_get_ts64+0x86/0x230 [ 14.150866] kunit_try_run_case+0x1a5/0x480 [ 14.150892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.150914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.150938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.150962] ? __kthread_parkme+0x82/0x180 [ 14.150982] ? preempt_count_sub+0x50/0x80 [ 14.151006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.151078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.151103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.151127] kthread+0x337/0x6f0 [ 14.151147] ? trace_preempt_on+0x20/0xc0 [ 14.151171] ? __pfx_kthread+0x10/0x10 [ 14.151192] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.151213] ? calculate_sigpending+0x7b/0xa0 [ 14.151237] ? __pfx_kthread+0x10/0x10 [ 14.151258] ret_from_fork+0x116/0x1d0 [ 14.151277] ? __pfx_kthread+0x10/0x10 [ 14.151298] ret_from_fork_asm+0x1a/0x30 [ 14.151330] </TASK> [ 14.151341] [ 14.163752] Allocated by task 243: [ 14.164073] kasan_save_stack+0x45/0x70 [ 14.164493] kasan_save_track+0x18/0x40 [ 14.164859] kasan_save_alloc_info+0x3b/0x50 [ 14.165288] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.165497] remove_element+0x11e/0x190 [ 14.165794] mempool_alloc_preallocated+0x4d/0x90 [ 14.166306] mempool_oob_right_helper+0x8a/0x380 [ 14.166774] mempool_slab_oob_right+0xed/0x140 [ 14.167421] kunit_try_run_case+0x1a5/0x480 [ 14.167618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.168103] kthread+0x337/0x6f0 [ 14.168466] ret_from_fork+0x116/0x1d0 [ 14.168735] ret_from_fork_asm+0x1a/0x30 [ 14.169082] [ 14.169201] The buggy address belongs to the object at ffff88810315a240 [ 14.169201] which belongs to the cache test_cache of size 123 [ 14.169799] The buggy address is located 0 bytes to the right of [ 14.169799] allocated 123-byte region [ffff88810315a240, ffff88810315a2bb) [ 14.170220] [ 14.170296] The buggy address belongs to the physical page: [ 14.170692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 14.170996] flags: 0x200000000000000(node=0|zone=2) [ 14.171257] page_type: f5(slab) [ 14.171421] raw: 0200000000000000 ffff888103153280 dead000000000122 0000000000000000 [ 14.171658] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.172061] page dumped because: kasan: bad access detected [ 14.172284] [ 14.172356] Memory state around the buggy address: [ 14.172604] ffff88810315a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.172911] ffff88810315a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 14.173434] >ffff88810315a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 14.173712] ^ [ 14.174101] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.174378] ffff88810315a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.174712] ==================================================================
[ 14.215760] ================================================================== [ 14.216365] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.217046] Read of size 1 at addr ffff88810395a001 by task kunit_try_catch/240 [ 14.217453] [ 14.217587] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.217655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.217668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.217691] Call Trace: [ 14.217703] <TASK> [ 14.217721] dump_stack_lvl+0x73/0xb0 [ 14.217766] print_report+0xd1/0x610 [ 14.217802] ? __virt_addr_valid+0x1db/0x2d0 [ 14.217838] ? mempool_oob_right_helper+0x318/0x380 [ 14.217931] ? kasan_addr_to_slab+0x11/0xa0 [ 14.217952] ? mempool_oob_right_helper+0x318/0x380 [ 14.217975] kasan_report+0x141/0x180 [ 14.217997] ? mempool_oob_right_helper+0x318/0x380 [ 14.218025] __asan_report_load1_noabort+0x18/0x20 [ 14.218048] mempool_oob_right_helper+0x318/0x380 [ 14.218072] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.218099] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.218121] ? finish_task_switch.isra.0+0x153/0x700 [ 14.218160] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 14.218183] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 14.218210] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.218235] ? __pfx_mempool_kfree+0x10/0x10 [ 14.218259] ? __pfx_read_tsc+0x10/0x10 [ 14.218303] ? ktime_get_ts64+0x86/0x230 [ 14.218342] kunit_try_run_case+0x1a5/0x480 [ 14.218367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.218389] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.218432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.218455] ? __kthread_parkme+0x82/0x180 [ 14.218490] ? preempt_count_sub+0x50/0x80 [ 14.218513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.218550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.218573] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.218597] kthread+0x337/0x6f0 [ 14.218615] ? trace_preempt_on+0x20/0xc0 [ 14.218638] ? __pfx_kthread+0x10/0x10 [ 14.218658] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.218679] ? calculate_sigpending+0x7b/0xa0 [ 14.218704] ? __pfx_kthread+0x10/0x10 [ 14.218724] ret_from_fork+0x116/0x1d0 [ 14.218742] ? __pfx_kthread+0x10/0x10 [ 14.218763] ret_from_fork_asm+0x1a/0x30 [ 14.218792] </TASK> [ 14.218803] [ 14.229850] The buggy address belongs to the physical page: [ 14.230216] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 14.230596] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.230974] flags: 0x200000000000040(head|node=0|zone=2) [ 14.231278] page_type: f8(unknown) [ 14.231467] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.231831] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.232164] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.232483] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.232723] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 14.233062] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.233374] page dumped because: kasan: bad access detected [ 14.233550] [ 14.233621] Memory state around the buggy address: [ 14.234135] ffff888103959f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.234472] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.234788] >ffff88810395a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.235079] ^ [ 14.235215] ffff88810395a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.235536] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.235955] ================================================================== [ 14.183474] ================================================================== [ 14.183949] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.184285] Read of size 1 at addr ffff8881027a1e73 by task kunit_try_catch/238 [ 14.185058] [ 14.185199] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.185251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.185263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.185285] Call Trace: [ 14.185299] <TASK> [ 14.185316] dump_stack_lvl+0x73/0xb0 [ 14.185346] print_report+0xd1/0x610 [ 14.185369] ? __virt_addr_valid+0x1db/0x2d0 [ 14.185522] ? mempool_oob_right_helper+0x318/0x380 [ 14.185552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.185575] ? mempool_oob_right_helper+0x318/0x380 [ 14.185598] kasan_report+0x141/0x180 [ 14.185722] ? mempool_oob_right_helper+0x318/0x380 [ 14.185750] __asan_report_load1_noabort+0x18/0x20 [ 14.185774] mempool_oob_right_helper+0x318/0x380 [ 14.185798] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.185829] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.185868] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 14.185893] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.185920] ? __pfx_mempool_kfree+0x10/0x10 [ 14.185945] ? __pfx_read_tsc+0x10/0x10 [ 14.185966] ? ktime_get_ts64+0x86/0x230 [ 14.185991] kunit_try_run_case+0x1a5/0x480 [ 14.186017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.186038] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.186062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.186085] ? __kthread_parkme+0x82/0x180 [ 14.186106] ? preempt_count_sub+0x50/0x80 [ 14.186130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.186167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.186190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.186213] kthread+0x337/0x6f0 [ 14.186232] ? trace_preempt_on+0x20/0xc0 [ 14.186255] ? __pfx_kthread+0x10/0x10 [ 14.186275] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.186296] ? calculate_sigpending+0x7b/0xa0 [ 14.186320] ? __pfx_kthread+0x10/0x10 [ 14.186340] ret_from_fork+0x116/0x1d0 [ 14.186358] ? __pfx_kthread+0x10/0x10 [ 14.186378] ret_from_fork_asm+0x1a/0x30 [ 14.186407] </TASK> [ 14.186418] [ 14.198410] Allocated by task 238: [ 14.198608] kasan_save_stack+0x45/0x70 [ 14.199211] kasan_save_track+0x18/0x40 [ 14.199470] kasan_save_alloc_info+0x3b/0x50 [ 14.199694] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.200260] remove_element+0x11e/0x190 [ 14.200468] mempool_alloc_preallocated+0x4d/0x90 [ 14.200789] mempool_oob_right_helper+0x8a/0x380 [ 14.201309] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.201712] kunit_try_run_case+0x1a5/0x480 [ 14.202115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.202455] kthread+0x337/0x6f0 [ 14.202664] ret_from_fork+0x116/0x1d0 [ 14.203120] ret_from_fork_asm+0x1a/0x30 [ 14.203328] [ 14.203405] The buggy address belongs to the object at ffff8881027a1e00 [ 14.203405] which belongs to the cache kmalloc-128 of size 128 [ 14.204283] The buggy address is located 0 bytes to the right of [ 14.204283] allocated 115-byte region [ffff8881027a1e00, ffff8881027a1e73) [ 14.204801] [ 14.205083] The buggy address belongs to the physical page: [ 14.205531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a1 [ 14.206131] flags: 0x200000000000000(node=0|zone=2) [ 14.206392] page_type: f5(slab) [ 14.206554] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.206895] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.207555] page dumped because: kasan: bad access detected [ 14.207880] [ 14.208157] Memory state around the buggy address: [ 14.208440] ffff8881027a1d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.208869] ffff8881027a1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.209588] >ffff8881027a1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.210108] ^ [ 14.210593] ffff8881027a1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.211243] ffff8881027a1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.211691] ================================================================== [ 14.239685] ================================================================== [ 14.241620] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.242076] Read of size 1 at addr ffff8881039b82bb by task kunit_try_catch/242 [ 14.242411] [ 14.242514] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.242600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.242613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.242666] Call Trace: [ 14.242680] <TASK> [ 14.242699] dump_stack_lvl+0x73/0xb0 [ 14.242755] print_report+0xd1/0x610 [ 14.242780] ? __virt_addr_valid+0x1db/0x2d0 [ 14.242805] ? mempool_oob_right_helper+0x318/0x380 [ 14.242839] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.242861] ? mempool_oob_right_helper+0x318/0x380 [ 14.242936] kasan_report+0x141/0x180 [ 14.242959] ? mempool_oob_right_helper+0x318/0x380 [ 14.243022] __asan_report_load1_noabort+0x18/0x20 [ 14.243046] mempool_oob_right_helper+0x318/0x380 [ 14.243082] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.243108] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.243133] ? finish_task_switch.isra.0+0x153/0x700 [ 14.243169] mempool_slab_oob_right+0xed/0x140 [ 14.243193] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 14.243219] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.243244] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.243269] ? __pfx_read_tsc+0x10/0x10 [ 14.243291] ? ktime_get_ts64+0x86/0x230 [ 14.243315] kunit_try_run_case+0x1a5/0x480 [ 14.243341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.243364] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.243388] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.243411] ? __kthread_parkme+0x82/0x180 [ 14.243432] ? preempt_count_sub+0x50/0x80 [ 14.243455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.243479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.243502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.243526] kthread+0x337/0x6f0 [ 14.243545] ? trace_preempt_on+0x20/0xc0 [ 14.243568] ? __pfx_kthread+0x10/0x10 [ 14.243589] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.243610] ? calculate_sigpending+0x7b/0xa0 [ 14.243635] ? __pfx_kthread+0x10/0x10 [ 14.243656] ret_from_fork+0x116/0x1d0 [ 14.243674] ? __pfx_kthread+0x10/0x10 [ 14.243694] ret_from_fork_asm+0x1a/0x30 [ 14.243726] </TASK> [ 14.243738] [ 14.253751] Allocated by task 242: [ 14.253973] kasan_save_stack+0x45/0x70 [ 14.254130] kasan_save_track+0x18/0x40 [ 14.254284] kasan_save_alloc_info+0x3b/0x50 [ 14.254562] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.255089] remove_element+0x11e/0x190 [ 14.255377] mempool_alloc_preallocated+0x4d/0x90 [ 14.255671] mempool_oob_right_helper+0x8a/0x380 [ 14.255837] mempool_slab_oob_right+0xed/0x140 [ 14.256187] kunit_try_run_case+0x1a5/0x480 [ 14.256462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.256670] kthread+0x337/0x6f0 [ 14.256795] ret_from_fork+0x116/0x1d0 [ 14.257117] ret_from_fork_asm+0x1a/0x30 [ 14.257362] [ 14.257479] The buggy address belongs to the object at ffff8881039b8240 [ 14.257479] which belongs to the cache test_cache of size 123 [ 14.257871] The buggy address is located 0 bytes to the right of [ 14.257871] allocated 123-byte region [ffff8881039b8240, ffff8881039b82bb) [ 14.258695] [ 14.258813] The buggy address belongs to the physical page: [ 14.259081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b8 [ 14.259409] flags: 0x200000000000000(node=0|zone=2) [ 14.259828] page_type: f5(slab) [ 14.260130] raw: 0200000000000000 ffff888102a5a280 dead000000000122 0000000000000000 [ 14.260531] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.260788] page dumped because: kasan: bad access detected [ 14.260965] [ 14.261037] Memory state around the buggy address: [ 14.261434] ffff8881039b8180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.263401] ffff8881039b8200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 14.263746] >ffff8881039b8280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 14.264698] ^ [ 14.264889] ffff8881039b8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.265116] ffff8881039b8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.265443] ==================================================================