Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.498947] ================================================================== [ 33.500188] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.501384] Read of size 1 at addr fff00000c58e62bb by task kunit_try_catch/214 [ 33.502015] [ 33.502418] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.504107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.504952] Hardware name: linux,dummy-virt (DT) [ 33.505761] Call trace: [ 33.506407] show_stack+0x20/0x38 (C) [ 33.507213] dump_stack_lvl+0x8c/0xd0 [ 33.508022] print_report+0x118/0x5e0 [ 33.508812] kasan_report+0xc8/0x118 [ 33.509380] __asan_report_load1_noabort+0x20/0x30 [ 33.509996] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.511221] mempool_slab_oob_right+0xb8/0x110 [ 33.511958] kunit_try_run_case+0x14c/0x3d0 [ 33.512970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.513696] kthread+0x24c/0x2d0 [ 33.514329] ret_from_fork+0x10/0x20 [ 33.514864] [ 33.515221] Allocated by task 214: [ 33.515720] kasan_save_stack+0x3c/0x68 [ 33.516260] kasan_save_track+0x20/0x40 [ 33.517429] kasan_save_alloc_info+0x40/0x58 [ 33.518088] __kasan_mempool_unpoison_object+0xbc/0x180 [ 33.518798] remove_element+0x16c/0x1f8 [ 33.519372] mempool_alloc_preallocated+0x58/0xc0 [ 33.520109] mempool_oob_right_helper+0x98/0x2f0 [ 33.521556] mempool_slab_oob_right+0xb8/0x110 [ 33.522520] kunit_try_run_case+0x14c/0x3d0 [ 33.523173] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.523964] kthread+0x24c/0x2d0 [ 33.524817] ret_from_fork+0x10/0x20 [ 33.525550] [ 33.525971] The buggy address belongs to the object at fff00000c58e6240 [ 33.525971] which belongs to the cache test_cache of size 123 [ 33.527267] The buggy address is located 0 bytes to the right of [ 33.527267] allocated 123-byte region [fff00000c58e6240, fff00000c58e62bb) [ 33.528793] [ 33.529280] The buggy address belongs to the physical page: [ 33.529892] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058e6 [ 33.530918] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.531696] page_type: f5(slab) [ 33.532178] raw: 0bfffe0000000000 fff00000c5925280 dead000000000122 0000000000000000 [ 33.533156] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 33.534041] page dumped because: kasan: bad access detected [ 33.534643] [ 33.535336] Memory state around the buggy address: [ 33.535972] fff00000c58e6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.537106] fff00000c58e6200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.538006] >fff00000c58e6280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 33.538834] ^ [ 33.539488] fff00000c58e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.540682] fff00000c58e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.541508] ================================================================== [ 33.451850] ================================================================== [ 33.453554] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.454813] Read of size 1 at addr fff00000c65b6001 by task kunit_try_catch/212 [ 33.455597] [ 33.456026] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.457953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.459080] Hardware name: linux,dummy-virt (DT) [ 33.459744] Call trace: [ 33.460613] show_stack+0x20/0x38 (C) [ 33.461279] dump_stack_lvl+0x8c/0xd0 [ 33.461985] print_report+0x118/0x5e0 [ 33.462633] kasan_report+0xc8/0x118 [ 33.463268] __asan_report_load1_noabort+0x20/0x30 [ 33.464051] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.464634] mempool_kmalloc_large_oob_right+0xbc/0x118 [ 33.465468] kunit_try_run_case+0x14c/0x3d0 [ 33.466178] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.466877] kthread+0x24c/0x2d0 [ 33.467377] ret_from_fork+0x10/0x20 [ 33.468022] [ 33.468518] The buggy address belongs to the physical page: [ 33.469353] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4 [ 33.470211] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.471130] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.472032] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.473228] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.474206] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.475395] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.476202] head: 0bfffe0000000002 ffffc1ffc3196d01 ffffffffffffffff 0000000000000000 [ 33.477393] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 33.478289] page dumped because: kasan: bad access detected [ 33.478970] [ 33.479387] Memory state around the buggy address: [ 33.480001] fff00000c65b5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.481040] fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.482060] >fff00000c65b6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.482809] ^ [ 33.483408] fff00000c65b6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.484208] fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.485369] ================================================================== [ 33.398545] ================================================================== [ 33.399584] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.400786] Read of size 1 at addr fff00000c58fc173 by task kunit_try_catch/210 [ 33.401731] [ 33.402090] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.402741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.403098] Hardware name: linux,dummy-virt (DT) [ 33.403551] Call trace: [ 33.403918] show_stack+0x20/0x38 (C) [ 33.404976] dump_stack_lvl+0x8c/0xd0 [ 33.405527] print_report+0x118/0x5e0 [ 33.406870] kasan_report+0xc8/0x118 [ 33.407604] __asan_report_load1_noabort+0x20/0x30 [ 33.408714] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.409333] mempool_kmalloc_oob_right+0xbc/0x118 [ 33.409943] kunit_try_run_case+0x14c/0x3d0 [ 33.410598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.411366] kthread+0x24c/0x2d0 [ 33.411977] ret_from_fork+0x10/0x20 [ 33.412800] [ 33.413384] Allocated by task 210: [ 33.413788] kasan_save_stack+0x3c/0x68 [ 33.414274] kasan_save_track+0x20/0x40 [ 33.414878] kasan_save_alloc_info+0x40/0x58 [ 33.415462] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.416137] remove_element+0x130/0x1f8 [ 33.416774] mempool_alloc_preallocated+0x58/0xc0 [ 33.417866] mempool_oob_right_helper+0x98/0x2f0 [ 33.418587] mempool_kmalloc_oob_right+0xbc/0x118 [ 33.419352] kunit_try_run_case+0x14c/0x3d0 [ 33.420031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.421072] kthread+0x24c/0x2d0 [ 33.421570] ret_from_fork+0x10/0x20 [ 33.422004] [ 33.422270] The buggy address belongs to the object at fff00000c58fc100 [ 33.422270] which belongs to the cache kmalloc-128 of size 128 [ 33.424877] The buggy address is located 0 bytes to the right of [ 33.424877] allocated 115-byte region [fff00000c58fc100, fff00000c58fc173) [ 33.426295] [ 33.426571] The buggy address belongs to the physical page: [ 33.427141] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058fc [ 33.428099] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.429358] page_type: f5(slab) [ 33.429782] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.430754] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.431759] page dumped because: kasan: bad access detected [ 33.432543] [ 33.432886] Memory state around the buggy address: [ 33.433728] fff00000c58fc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.434305] fff00000c58fc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.435223] >fff00000c58fc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.436006] ^ [ 33.437162] fff00000c58fc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.438313] fff00000c58fc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.439652] ==================================================================
[ 33.480956] ================================================================== [ 33.482496] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.483298] Read of size 1 at addr fff00000c662e001 by task kunit_try_catch/212 [ 33.484336] [ 33.484855] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.486971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.487633] Hardware name: linux,dummy-virt (DT) [ 33.488194] Call trace: [ 33.488684] show_stack+0x20/0x38 (C) [ 33.489290] dump_stack_lvl+0x8c/0xd0 [ 33.489862] print_report+0x118/0x5e0 [ 33.490512] kasan_report+0xc8/0x118 [ 33.491163] __asan_report_load1_noabort+0x20/0x30 [ 33.492428] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.493010] mempool_kmalloc_large_oob_right+0xbc/0x118 [ 33.493854] kunit_try_run_case+0x14c/0x3d0 [ 33.495003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.495731] kthread+0x24c/0x2d0 [ 33.496300] ret_from_fork+0x10/0x20 [ 33.496898] [ 33.497273] The buggy address belongs to the physical page: [ 33.498922] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10662c [ 33.499793] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.500728] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.502095] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.503029] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.503844] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.504771] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.506564] head: 0bfffe0000000002 ffffc1ffc3198b01 ffffffffffffffff 0000000000000000 [ 33.507396] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 33.508245] page dumped because: kasan: bad access detected [ 33.508866] [ 33.509236] Memory state around the buggy address: [ 33.510377] fff00000c662df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.511161] fff00000c662df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.512045] >fff00000c662e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.512819] ^ [ 33.513367] fff00000c662e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.515111] fff00000c662e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.515900] ================================================================== [ 33.528781] ================================================================== [ 33.530150] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.531232] Read of size 1 at addr fff00000c65992bb by task kunit_try_catch/214 [ 33.532038] [ 33.532446] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.533519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.534958] Hardware name: linux,dummy-virt (DT) [ 33.535921] Call trace: [ 33.536365] show_stack+0x20/0x38 (C) [ 33.536931] dump_stack_lvl+0x8c/0xd0 [ 33.537607] print_report+0x118/0x5e0 [ 33.538263] kasan_report+0xc8/0x118 [ 33.538894] __asan_report_load1_noabort+0x20/0x30 [ 33.539505] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.540360] mempool_slab_oob_right+0xb8/0x110 [ 33.541083] kunit_try_run_case+0x14c/0x3d0 [ 33.541780] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.542418] kthread+0x24c/0x2d0 [ 33.543041] ret_from_fork+0x10/0x20 [ 33.544656] [ 33.544931] Allocated by task 214: [ 33.545404] kasan_save_stack+0x3c/0x68 [ 33.545972] kasan_save_track+0x20/0x40 [ 33.546996] kasan_save_alloc_info+0x40/0x58 [ 33.547622] __kasan_mempool_unpoison_object+0xbc/0x180 [ 33.548300] remove_element+0x16c/0x1f8 [ 33.548953] mempool_alloc_preallocated+0x58/0xc0 [ 33.550640] mempool_oob_right_helper+0x98/0x2f0 [ 33.551189] mempool_slab_oob_right+0xb8/0x110 [ 33.552055] kunit_try_run_case+0x14c/0x3d0 [ 33.552931] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.553976] kthread+0x24c/0x2d0 [ 33.554559] ret_from_fork+0x10/0x20 [ 33.555176] [ 33.555516] The buggy address belongs to the object at fff00000c6599240 [ 33.555516] which belongs to the cache test_cache of size 123 [ 33.557034] The buggy address is located 0 bytes to the right of [ 33.557034] allocated 123-byte region [fff00000c6599240, fff00000c65992bb) [ 33.558833] [ 33.559244] The buggy address belongs to the physical page: [ 33.559969] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106599 [ 33.560878] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.562086] page_type: f5(slab) [ 33.562728] raw: 0bfffe0000000000 fff00000c46cadc0 dead000000000122 0000000000000000 [ 33.563649] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 33.564729] page dumped because: kasan: bad access detected [ 33.565388] [ 33.566289] Memory state around the buggy address: [ 33.566922] fff00000c6599180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.567599] fff00000c6599200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.568554] >fff00000c6599280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 33.569377] ^ [ 33.570074] fff00000c6599300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.571028] fff00000c6599380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.572370] ================================================================== [ 33.428291] ================================================================== [ 33.429544] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.430803] Read of size 1 at addr fff00000c5e99d73 by task kunit_try_catch/210 [ 33.431191] [ 33.431375] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.432343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.432839] Hardware name: linux,dummy-virt (DT) [ 33.433516] Call trace: [ 33.433892] show_stack+0x20/0x38 (C) [ 33.435259] dump_stack_lvl+0x8c/0xd0 [ 33.435810] print_report+0x118/0x5e0 [ 33.436421] kasan_report+0xc8/0x118 [ 33.437039] __asan_report_load1_noabort+0x20/0x30 [ 33.437774] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.439020] mempool_kmalloc_oob_right+0xbc/0x118 [ 33.439778] kunit_try_run_case+0x14c/0x3d0 [ 33.440415] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.441078] kthread+0x24c/0x2d0 [ 33.442019] ret_from_fork+0x10/0x20 [ 33.442604] [ 33.442971] Allocated by task 210: [ 33.443555] kasan_save_stack+0x3c/0x68 [ 33.444077] kasan_save_track+0x20/0x40 [ 33.444727] kasan_save_alloc_info+0x40/0x58 [ 33.445301] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.446359] remove_element+0x130/0x1f8 [ 33.447030] mempool_alloc_preallocated+0x58/0xc0 [ 33.447694] mempool_oob_right_helper+0x98/0x2f0 [ 33.448263] mempool_kmalloc_oob_right+0xbc/0x118 [ 33.449031] kunit_try_run_case+0x14c/0x3d0 [ 33.449794] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.451156] kthread+0x24c/0x2d0 [ 33.451870] ret_from_fork+0x10/0x20 [ 33.452458] [ 33.453032] The buggy address belongs to the object at fff00000c5e99d00 [ 33.453032] which belongs to the cache kmalloc-128 of size 128 [ 33.454221] The buggy address is located 0 bytes to the right of [ 33.454221] allocated 115-byte region [fff00000c5e99d00, fff00000c5e99d73) [ 33.455494] [ 33.455891] The buggy address belongs to the physical page: [ 33.456479] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e99 [ 33.457477] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.458226] page_type: f5(slab) [ 33.458805] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.459845] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.460665] page dumped because: kasan: bad access detected [ 33.461409] [ 33.461773] Memory state around the buggy address: [ 33.462379] fff00000c5e99c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.463219] fff00000c5e99c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.464071] >fff00000c5e99d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.464912] ^ [ 33.465691] fff00000c5e99d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.466450] fff00000c5e99e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.467279] ==================================================================
[ 27.620239] ================================================================== [ 27.621183] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 27.621183] Read of size 1 at addr ffff8881028ee2bb by task kunit_try_catch/234 [ 27.621183] [ 27.621183] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.621183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.621183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.621183] Call Trace: [ 27.621183] <TASK> [ 27.621183] dump_stack_lvl+0x73/0xb0 [ 27.621183] print_report+0xd1/0x640 [ 27.621183] ? __virt_addr_valid+0x1db/0x2d0 [ 27.621183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.621183] kasan_report+0x102/0x140 [ 27.621183] ? mempool_oob_right_helper+0x31a/0x380 [ 27.621183] ? mempool_oob_right_helper+0x31a/0x380 [ 27.621183] __asan_report_load1_noabort+0x18/0x20 [ 27.621183] mempool_oob_right_helper+0x31a/0x380 [ 27.621183] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.621183] ? ktime_get_ts64+0x84/0x230 [ 27.621183] ? trace_hardirqs_on+0x37/0xe0 [ 27.621183] mempool_slab_oob_right+0xb1/0x100 [ 27.621183] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 27.621183] ? __switch_to+0x5d9/0xf60 [ 27.621183] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.621183] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.621183] ? ktime_get_ts64+0x84/0x230 [ 27.621183] kunit_try_run_case+0x1b3/0x490 [ 27.621183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.621183] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.621183] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.621183] ? __kthread_parkme+0x82/0x160 [ 27.621183] ? preempt_count_sub+0x50/0x80 [ 27.621183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.621183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.621183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.621183] kthread+0x257/0x310 [ 27.621183] ? __pfx_kthread+0x10/0x10 [ 27.621183] ret_from_fork+0x41/0x80 [ 27.621183] ? __pfx_kthread+0x10/0x10 [ 27.621183] ret_from_fork_asm+0x1a/0x30 [ 27.621183] </TASK> [ 27.621183] [ 27.621183] Allocated by task 234: [ 27.621183] kasan_save_stack+0x3d/0x60 [ 27.621183] kasan_save_track+0x18/0x40 [ 27.621183] kasan_save_alloc_info+0x3b/0x50 [ 27.621183] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.621183] remove_element+0x11e/0x190 [ 27.621183] mempool_alloc_preallocated+0x4d/0x90 [ 27.621183] mempool_oob_right_helper+0x8b/0x380 [ 27.621183] mempool_slab_oob_right+0xb1/0x100 [ 27.621183] kunit_try_run_case+0x1b3/0x490 [ 27.621183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.621183] kthread+0x257/0x310 [ 27.621183] ret_from_fork+0x41/0x80 [ 27.621183] ret_from_fork_asm+0x1a/0x30 [ 27.621183] [ 27.621183] The buggy address belongs to the object at ffff8881028ee240 [ 27.621183] which belongs to the cache test_cache of size 123 [ 27.621183] The buggy address is located 0 bytes to the right of [ 27.621183] allocated 123-byte region [ffff8881028ee240, ffff8881028ee2bb) [ 27.621183] [ 27.621183] The buggy address belongs to the physical page: [ 27.621183] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ee [ 27.621183] flags: 0x200000000000000(node=0|zone=2) [ 27.621183] page_type: f5(slab) [ 27.621183] raw: 0200000000000000 ffff888100a2bdc0 dead000000000122 0000000000000000 [ 27.621183] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 27.621183] page dumped because: kasan: bad access detected [ 27.621183] [ 27.621183] Memory state around the buggy address: [ 27.621183] ffff8881028ee180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.621183] ffff8881028ee200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 27.621183] >ffff8881028ee280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 27.621183] ^ [ 27.621183] ffff8881028ee300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.621183] ffff8881028ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.621183] ================================================================== [ 27.517373] ================================================================== [ 27.518065] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 27.518173] Read of size 1 at addr ffff888102945873 by task kunit_try_catch/230 [ 27.518173] [ 27.518173] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.518173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.518173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.518173] Call Trace: [ 27.518173] <TASK> [ 27.518173] dump_stack_lvl+0x73/0xb0 [ 27.518173] print_report+0xd1/0x640 [ 27.518173] ? __virt_addr_valid+0x1db/0x2d0 [ 27.518173] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.518173] kasan_report+0x102/0x140 [ 27.518173] ? mempool_oob_right_helper+0x31a/0x380 [ 27.518173] ? mempool_oob_right_helper+0x31a/0x380 [ 27.518173] __asan_report_load1_noabort+0x18/0x20 [ 27.518173] mempool_oob_right_helper+0x31a/0x380 [ 27.518173] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.518173] mempool_kmalloc_oob_right+0xb6/0x100 [ 27.518173] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 27.518173] ? __switch_to+0x5d9/0xf60 [ 27.518173] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.518173] ? __pfx_mempool_kfree+0x10/0x10 [ 27.518173] ? ktime_get_ts64+0x84/0x230 [ 27.518173] kunit_try_run_case+0x1b3/0x490 [ 27.518173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.518173] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.518173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.518173] ? __kthread_parkme+0x82/0x160 [ 27.518173] ? preempt_count_sub+0x50/0x80 [ 27.518173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.518173] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.518173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.518173] kthread+0x257/0x310 [ 27.518173] ? __pfx_kthread+0x10/0x10 [ 27.518173] ret_from_fork+0x41/0x80 [ 27.518173] ? __pfx_kthread+0x10/0x10 [ 27.518173] ret_from_fork_asm+0x1a/0x30 [ 27.518173] </TASK> [ 27.518173] [ 27.518173] Allocated by task 230: [ 27.518173] kasan_save_stack+0x3d/0x60 [ 27.518173] kasan_save_track+0x18/0x40 [ 27.518173] kasan_save_alloc_info+0x3b/0x50 [ 27.518173] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.518173] remove_element+0x11e/0x190 [ 27.518173] mempool_alloc_preallocated+0x4d/0x90 [ 27.518173] mempool_oob_right_helper+0x8b/0x380 [ 27.518173] mempool_kmalloc_oob_right+0xb6/0x100 [ 27.518173] kunit_try_run_case+0x1b3/0x490 [ 27.518173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.518173] kthread+0x257/0x310 [ 27.518173] ret_from_fork+0x41/0x80 [ 27.518173] ret_from_fork_asm+0x1a/0x30 [ 27.518173] [ 27.518173] The buggy address belongs to the object at ffff888102945800 [ 27.518173] which belongs to the cache kmalloc-128 of size 128 [ 27.518173] The buggy address is located 0 bytes to the right of [ 27.518173] allocated 115-byte region [ffff888102945800, ffff888102945873) [ 27.518173] [ 27.518173] The buggy address belongs to the physical page: [ 27.518173] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102945 [ 27.518173] flags: 0x200000000000000(node=0|zone=2) [ 27.518173] page_type: f5(slab) [ 27.518173] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.518173] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.518173] page dumped because: kasan: bad access detected [ 27.518173] [ 27.518173] Memory state around the buggy address: [ 27.518173] ffff888102945700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.518173] ffff888102945780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.518173] >ffff888102945800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.518173] ^ [ 27.518173] ffff888102945880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.518173] ffff888102945900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.518173] ================================================================== [ 27.571610] ================================================================== [ 27.572173] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 27.572173] Read of size 1 at addr ffff888102b22001 by task kunit_try_catch/232 [ 27.572173] [ 27.572173] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 27.572173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.572173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.572173] Call Trace: [ 27.572173] <TASK> [ 27.572173] dump_stack_lvl+0x73/0xb0 [ 27.572173] print_report+0xd1/0x640 [ 27.572173] ? __virt_addr_valid+0x1db/0x2d0 [ 27.572173] ? kasan_addr_to_slab+0x11/0xa0 [ 27.572173] kasan_report+0x102/0x140 [ 27.572173] ? mempool_oob_right_helper+0x31a/0x380 [ 27.572173] ? mempool_oob_right_helper+0x31a/0x380 [ 27.572173] __asan_report_load1_noabort+0x18/0x20 [ 27.572173] mempool_oob_right_helper+0x31a/0x380 [ 27.572173] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.572173] ? read_hpet+0x1f0/0x230 [ 27.572173] ? ktime_get_ts64+0x84/0x230 [ 27.572173] ? trace_hardirqs_on+0x37/0xe0 [ 27.572173] mempool_kmalloc_large_oob_right+0xb6/0x100 [ 27.572173] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 27.572173] ? __switch_to+0x5d9/0xf60 [ 27.572173] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.572173] ? __pfx_mempool_kfree+0x10/0x10 [ 27.572173] ? ktime_get_ts64+0x84/0x230 [ 27.572173] kunit_try_run_case+0x1b3/0x490 [ 27.572173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.572173] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.572173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.572173] ? __kthread_parkme+0x82/0x160 [ 27.572173] ? preempt_count_sub+0x50/0x80 [ 27.572173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.572173] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.572173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.572173] kthread+0x257/0x310 [ 27.572173] ? __pfx_kthread+0x10/0x10 [ 27.572173] ret_from_fork+0x41/0x80 [ 27.572173] ? __pfx_kthread+0x10/0x10 [ 27.572173] ret_from_fork_asm+0x1a/0x30 [ 27.572173] </TASK> [ 27.572173] [ 27.572173] The buggy address belongs to the physical page: [ 27.572173] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b20 [ 27.572173] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.572173] flags: 0x200000000000040(head|node=0|zone=2) [ 27.572173] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.572173] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.572173] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.572173] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.572173] head: 0200000000000002 ffffea00040ac801 ffffffffffffffff 0000000000000000 [ 27.572173] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 27.572173] page dumped because: kasan: bad access detected [ 27.572173] [ 27.572173] Memory state around the buggy address: [ 27.572173] ffff888102b21f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.572173] ffff888102b21f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.572173] >ffff888102b22000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.572173] ^ [ 27.572173] ffff888102b22080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.572173] ffff888102b22100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.572173] ==================================================================
[ 22.512667] ================================================================== [ 22.513782] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 22.514793] Read of size 1 at addr ffff888102a32001 by task kunit_try_catch/230 [ 22.515403] [ 22.515745] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 22.517279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.517876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.518415] Call Trace: [ 22.519361] <TASK> [ 22.520030] dump_stack_lvl+0x73/0xb0 [ 22.520732] print_report+0xd1/0x640 [ 22.521341] ? __virt_addr_valid+0x1db/0x2d0 [ 22.521868] ? kasan_addr_to_slab+0x11/0xa0 [ 22.522767] kasan_report+0x102/0x140 [ 22.523382] ? mempool_oob_right_helper+0x31a/0x380 [ 22.523774] ? mempool_oob_right_helper+0x31a/0x380 [ 22.524312] __asan_report_load1_noabort+0x18/0x20 [ 22.524763] mempool_oob_right_helper+0x31a/0x380 [ 22.525420] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 22.526444] ? finish_task_switch.isra.0+0x153/0x700 [ 22.527161] mempool_kmalloc_large_oob_right+0xb6/0x100 [ 22.527992] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 22.528656] ? __switch_to+0x5d9/0xf60 [ 22.529036] ? __pfx_mempool_kmalloc+0x10/0x10 [ 22.529431] ? __pfx_mempool_kfree+0x10/0x10 [ 22.529855] ? __pfx_read_tsc+0x10/0x10 [ 22.530216] ? ktime_get_ts64+0x84/0x230 [ 22.531148] kunit_try_run_case+0x1b3/0x490 [ 22.531828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.532479] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.533243] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.533863] ? __kthread_parkme+0x82/0x160 [ 22.534655] ? preempt_count_sub+0x50/0x80 [ 22.535318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.535821] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.536515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.537092] kthread+0x257/0x310 [ 22.537445] ? __pfx_kthread+0x10/0x10 [ 22.537871] ret_from_fork+0x41/0x80 [ 22.538309] ? __pfx_kthread+0x10/0x10 [ 22.539080] ret_from_fork_asm+0x1a/0x30 [ 22.539427] </TASK> [ 22.539738] [ 22.539957] The buggy address belongs to the physical page: [ 22.540378] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 22.541359] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.541888] flags: 0x200000000000040(head|node=0|zone=2) [ 22.542916] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.543793] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 22.544669] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.545692] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 22.546415] head: 0200000000000002 ffffea00040a8c01 ffffffffffffffff 0000000000000000 [ 22.547236] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 22.547942] page dumped because: kasan: bad access detected [ 22.548263] [ 22.548517] Memory state around the buggy address: [ 22.549146] ffff888102a31f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.549829] ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.550238] >ffff888102a32000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.551566] ^ [ 22.552160] ffff888102a32080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.553403] ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.554308] ================================================================== [ 22.455915] ================================================================== [ 22.456801] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 22.458338] Read of size 1 at addr ffff8881028bfb73 by task kunit_try_catch/228 [ 22.458882] [ 22.459397] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 22.460139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.460550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.461508] Call Trace: [ 22.462103] <TASK> [ 22.462529] dump_stack_lvl+0x73/0xb0 [ 22.463315] print_report+0xd1/0x640 [ 22.463924] ? __virt_addr_valid+0x1db/0x2d0 [ 22.464511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.465034] kasan_report+0x102/0x140 [ 22.465397] ? mempool_oob_right_helper+0x31a/0x380 [ 22.466069] ? mempool_oob_right_helper+0x31a/0x380 [ 22.466717] __asan_report_load1_noabort+0x18/0x20 [ 22.467131] mempool_oob_right_helper+0x31a/0x380 [ 22.467722] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 22.468710] ? finish_task_switch.isra.0+0x153/0x700 [ 22.469828] mempool_kmalloc_oob_right+0xb6/0x100 [ 22.470594] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 22.471097] ? __switch_to+0x5d9/0xf60 [ 22.471996] ? __pfx_mempool_kmalloc+0x10/0x10 [ 22.472512] ? __pfx_mempool_kfree+0x10/0x10 [ 22.472999] ? __pfx_read_tsc+0x10/0x10 [ 22.473429] ? ktime_get_ts64+0x84/0x230 [ 22.474285] kunit_try_run_case+0x1b3/0x490 [ 22.474878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.475578] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.476371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.477227] ? __kthread_parkme+0x82/0x160 [ 22.477744] ? preempt_count_sub+0x50/0x80 [ 22.478480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.478924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.479780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.480425] kthread+0x257/0x310 [ 22.480891] ? __pfx_kthread+0x10/0x10 [ 22.481167] ret_from_fork+0x41/0x80 [ 22.481821] ? __pfx_kthread+0x10/0x10 [ 22.482420] ret_from_fork_asm+0x1a/0x30 [ 22.482936] </TASK> [ 22.483465] [ 22.483786] Allocated by task 228: [ 22.484287] kasan_save_stack+0x3d/0x60 [ 22.484772] kasan_save_track+0x18/0x40 [ 22.485362] kasan_save_alloc_info+0x3b/0x50 [ 22.485882] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 22.486535] remove_element+0x11e/0x190 [ 22.486984] mempool_alloc_preallocated+0x4d/0x90 [ 22.487787] mempool_oob_right_helper+0x8b/0x380 [ 22.488202] mempool_kmalloc_oob_right+0xb6/0x100 [ 22.488897] kunit_try_run_case+0x1b3/0x490 [ 22.489549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.490262] kthread+0x257/0x310 [ 22.490543] ret_from_fork+0x41/0x80 [ 22.491012] ret_from_fork_asm+0x1a/0x30 [ 22.491692] [ 22.491934] The buggy address belongs to the object at ffff8881028bfb00 [ 22.491934] which belongs to the cache kmalloc-128 of size 128 [ 22.493101] The buggy address is located 0 bytes to the right of [ 22.493101] allocated 115-byte region [ffff8881028bfb00, ffff8881028bfb73) [ 22.494324] [ 22.494568] The buggy address belongs to the physical page: [ 22.495151] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028bf [ 22.496236] flags: 0x200000000000000(node=0|zone=2) [ 22.496704] page_type: f5(slab) [ 22.497290] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.497804] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 22.498747] page dumped because: kasan: bad access detected [ 22.499437] [ 22.499687] Memory state around the buggy address: [ 22.500358] ffff8881028bfa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.500959] ffff8881028bfa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.501835] >ffff8881028bfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.502625] ^ [ 22.503468] ffff8881028bfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.504185] ffff8881028bfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.504919] ================================================================== [ 22.564184] ================================================================== [ 22.565262] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 22.565919] Read of size 1 at addr ffff888102bab2bb by task kunit_try_catch/232 [ 22.567307] [ 22.567717] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 22.569108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.569632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.570306] Call Trace: [ 22.570600] <TASK> [ 22.570918] dump_stack_lvl+0x73/0xb0 [ 22.571371] print_report+0xd1/0x640 [ 22.571772] ? __virt_addr_valid+0x1db/0x2d0 [ 22.572139] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.572797] kasan_report+0x102/0x140 [ 22.573088] ? mempool_oob_right_helper+0x31a/0x380 [ 22.573413] ? mempool_oob_right_helper+0x31a/0x380 [ 22.574609] __asan_report_load1_noabort+0x18/0x20 [ 22.575476] mempool_oob_right_helper+0x31a/0x380 [ 22.576027] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 22.576737] ? finish_task_switch.isra.0+0x153/0x700 [ 22.577894] mempool_slab_oob_right+0xb1/0x100 [ 22.578511] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 22.579077] ? __switch_to+0x5d9/0xf60 [ 22.579372] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 22.579910] ? __pfx_mempool_free_slab+0x10/0x10 [ 22.580397] ? __pfx_read_tsc+0x10/0x10 [ 22.580811] ? ktime_get_ts64+0x84/0x230 [ 22.581400] kunit_try_run_case+0x1b3/0x490 [ 22.581800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.582324] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.582996] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.583513] ? __kthread_parkme+0x82/0x160 [ 22.583989] ? preempt_count_sub+0x50/0x80 [ 22.584772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.585261] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.585667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.586033] kthread+0x257/0x310 [ 22.586447] ? __pfx_kthread+0x10/0x10 [ 22.586956] ret_from_fork+0x41/0x80 [ 22.587238] ? __pfx_kthread+0x10/0x10 [ 22.587798] ret_from_fork_asm+0x1a/0x30 [ 22.588333] </TASK> [ 22.588726] [ 22.589043] Allocated by task 232: [ 22.589402] kasan_save_stack+0x3d/0x60 [ 22.589892] kasan_save_track+0x18/0x40 [ 22.590244] kasan_save_alloc_info+0x3b/0x50 [ 22.590568] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 22.591219] remove_element+0x11e/0x190 [ 22.591789] mempool_alloc_preallocated+0x4d/0x90 [ 22.593138] mempool_oob_right_helper+0x8b/0x380 [ 22.594539] mempool_slab_oob_right+0xb1/0x100 [ 22.595268] kunit_try_run_case+0x1b3/0x490 [ 22.595959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.596330] kthread+0x257/0x310 [ 22.596792] ret_from_fork+0x41/0x80 [ 22.597785] ret_from_fork_asm+0x1a/0x30 [ 22.598435] [ 22.598619] The buggy address belongs to the object at ffff888102bab240 [ 22.598619] which belongs to the cache test_cache of size 123 [ 22.600296] The buggy address is located 0 bytes to the right of [ 22.600296] allocated 123-byte region [ffff888102bab240, ffff888102bab2bb) [ 22.601544] [ 22.601817] The buggy address belongs to the physical page: [ 22.602782] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bab [ 22.603445] flags: 0x200000000000000(node=0|zone=2) [ 22.604172] page_type: f5(slab) [ 22.604832] raw: 0200000000000000 ffff888102ba5280 dead000000000122 0000000000000000 [ 22.605866] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 22.606694] page dumped because: kasan: bad access detected [ 22.607192] [ 22.607411] Memory state around the buggy address: [ 22.607762] ffff888102bab180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.608370] ffff888102bab200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 22.609294] >ffff888102bab280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 22.610115] ^ [ 22.610603] ffff888102bab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.611076] ffff888102bab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.611684] ==================================================================