Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.214244] ================================================================== [ 36.224136] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 36.231687] Read of size 1 at addr ffff00080659a2bb by task kunit_try_catch/274 [ 36.238975] [ 36.240464] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 36.240523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.240539] Hardware name: WinLink E850-96 board (DT) [ 36.240561] Call trace: [ 36.240577] show_stack+0x20/0x38 (C) [ 36.240613] dump_stack_lvl+0x8c/0xd0 [ 36.240651] print_report+0x118/0x608 [ 36.240681] kasan_report+0xdc/0x128 [ 36.240712] __asan_report_load1_noabort+0x20/0x30 [ 36.240750] mempool_oob_right_helper+0x2ac/0x2f0 [ 36.240786] mempool_slab_oob_right+0xc0/0x118 [ 36.240819] kunit_try_run_case+0x170/0x3f0 [ 36.240857] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.240897] kthread+0x328/0x630 [ 36.240931] ret_from_fork+0x10/0x20 [ 36.240964] [ 36.308247] Allocated by task 274: [ 36.311635] kasan_save_stack+0x3c/0x68 [ 36.315450] kasan_save_track+0x20/0x40 [ 36.319270] kasan_save_alloc_info+0x40/0x58 [ 36.323523] __kasan_mempool_unpoison_object+0xbc/0x180 [ 36.328733] remove_element+0x16c/0x1f8 [ 36.332550] mempool_alloc_preallocated+0x58/0xc0 [ 36.337238] mempool_oob_right_helper+0x98/0x2f0 [ 36.341839] mempool_slab_oob_right+0xc0/0x118 [ 36.346266] kunit_try_run_case+0x170/0x3f0 [ 36.350432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.355901] kthread+0x328/0x630 [ 36.359113] ret_from_fork+0x10/0x20 [ 36.362672] [ 36.364149] The buggy address belongs to the object at ffff00080659a240 [ 36.364149] which belongs to the cache test_cache of size 123 [ 36.376562] The buggy address is located 0 bytes to the right of [ 36.376562] allocated 123-byte region [ffff00080659a240, ffff00080659a2bb) [ 36.389494] [ 36.390974] The buggy address belongs to the physical page: [ 36.396530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88659a [ 36.404514] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.411025] page_type: f5(slab) [ 36.414162] raw: 0bfffe0000000000 ffff000800dbe3c0 dead000000000122 0000000000000000 [ 36.421879] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 36.429598] page dumped because: kasan: bad access detected [ 36.435155] [ 36.436630] Memory state around the buggy address: [ 36.441411] ffff00080659a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.448612] ffff00080659a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 36.455817] >ffff00080659a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 36.463017] ^ [ 36.468056] ffff00080659a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.475261] ffff00080659a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.482463] ================================================================== [ 35.980585] ================================================================== [ 35.990549] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.998094] Read of size 1 at addr ffff00080315a001 by task kunit_try_catch/272 [ 36.005385] [ 36.006874] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 36.006933] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.006953] Hardware name: WinLink E850-96 board (DT) [ 36.006975] Call trace: [ 36.006990] show_stack+0x20/0x38 (C) [ 36.007024] dump_stack_lvl+0x8c/0xd0 [ 36.007067] print_report+0x118/0x608 [ 36.007099] kasan_report+0xdc/0x128 [ 36.007130] __asan_report_load1_noabort+0x20/0x30 [ 36.007168] mempool_oob_right_helper+0x2ac/0x2f0 [ 36.007205] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 36.007245] kunit_try_run_case+0x170/0x3f0 [ 36.007284] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.007323] kthread+0x328/0x630 [ 36.007360] ret_from_fork+0x10/0x20 [ 36.007397] [ 36.075439] The buggy address belongs to the physical page: [ 36.080997] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883158 [ 36.088980] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.096621] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.103562] page_type: f8(unknown) [ 36.106962] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.114679] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.122405] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.130216] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.138030] head: 0bfffe0000000002 fffffdffe00c5601 00000000ffffffff 00000000ffffffff [ 36.145842] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 36.153647] page dumped because: kasan: bad access detected [ 36.159204] [ 36.160680] Memory state around the buggy address: [ 36.165460] ffff000803159f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.172661] ffff000803159f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.179869] >ffff00080315a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.187067] ^ [ 36.190282] ffff00080315a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.197487] ffff00080315a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.204689] ================================================================== [ 35.679590] ================================================================== [ 35.679768] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.679902] Read of size 1 at addr ffff000801e72b73 by task kunit_try_catch/270 [ 35.686293] [ 35.687781] CPU: 5 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 35.687835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.687853] Hardware name: WinLink E850-96 board (DT) [ 35.687876] Call trace: [ 35.687889] show_stack+0x20/0x38 (C) [ 35.687924] dump_stack_lvl+0x8c/0xd0 [ 35.687961] print_report+0x118/0x608 [ 35.687990] kasan_report+0xdc/0x128 [ 35.688021] __asan_report_load1_noabort+0x20/0x30 [ 35.688063] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.688096] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.688132] kunit_try_run_case+0x170/0x3f0 [ 35.688172] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.688211] kthread+0x328/0x630 [ 35.688249] ret_from_fork+0x10/0x20 [ 35.688285] [ 35.755825] Allocated by task 270: [ 35.759212] kasan_save_stack+0x3c/0x68 [ 35.763030] kasan_save_track+0x20/0x40 [ 35.766849] kasan_save_alloc_info+0x40/0x58 [ 35.771101] __kasan_mempool_unpoison_object+0x11c/0x180 [ 35.776396] remove_element+0x130/0x1f8 [ 35.780215] mempool_alloc_preallocated+0x58/0xc0 [ 35.784903] mempool_oob_right_helper+0x98/0x2f0 [ 35.789503] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.794191] kunit_try_run_case+0x170/0x3f0 [ 35.798357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.803827] kthread+0x328/0x630 [ 35.807038] ret_from_fork+0x10/0x20 [ 35.810597] [ 35.812074] The buggy address belongs to the object at ffff000801e72b00 [ 35.812074] which belongs to the cache kmalloc-128 of size 128 [ 35.824574] The buggy address is located 0 bytes to the right of [ 35.824574] allocated 115-byte region [ffff000801e72b00, ffff000801e72b73) [ 35.837506] [ 35.838986] The buggy address belongs to the physical page: [ 35.844542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881e72 [ 35.852526] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.860166] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 35.867108] page_type: f5(slab) [ 35.870247] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 35.877964] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.885690] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 35.893501] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.901315] head: 0bfffe0000000001 fffffdffe0079c81 00000000ffffffff 00000000ffffffff [ 35.909126] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 35.916931] page dumped because: kasan: bad access detected [ 35.922489] [ 35.923964] Memory state around the buggy address: [ 35.928743] ffff000801e72a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.935946] ffff000801e72a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.943152] >ffff000801e72b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.950352] ^ [ 35.957213] ffff000801e72b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.964419] ffff000801e72c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.971620] ==================================================================
[ 19.933393] ================================================================== [ 19.933451] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.933510] Read of size 1 at addr fff00000c7a6e001 by task kunit_try_catch/225 [ 19.933559] [ 19.933591] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 19.933676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.933703] Hardware name: linux,dummy-virt (DT) [ 19.933735] Call trace: [ 19.933757] show_stack+0x20/0x38 (C) [ 19.935894] dump_stack_lvl+0x8c/0xd0 [ 19.936288] print_report+0x118/0x608 [ 19.936333] kasan_report+0xdc/0x128 [ 19.936378] __asan_report_load1_noabort+0x20/0x30 [ 19.936426] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.936477] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 19.936530] kunit_try_run_case+0x170/0x3f0 [ 19.936577] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.936630] kthread+0x328/0x630 [ 19.936675] ret_from_fork+0x10/0x20 [ 19.936723] [ 19.936743] The buggy address belongs to the physical page: [ 19.936779] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a6c [ 19.936833] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.936959] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.937019] page_type: f8(unknown) [ 19.937061] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.937121] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.937242] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.937303] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.937357] head: 0bfffe0000000002 ffffc1ffc31e9b01 00000000ffffffff 00000000ffffffff [ 19.937409] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.937876] page dumped because: kasan: bad access detected [ 19.938280] [ 19.938338] Memory state around the buggy address: [ 19.938393] fff00000c7a6df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.938474] fff00000c7a6df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.938698] >fff00000c7a6e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.939037] ^ [ 19.939099] fff00000c7a6e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.939155] fff00000c7a6e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.939244] ================================================================== [ 19.911022] ================================================================== [ 19.911092] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.911170] Read of size 1 at addr fff00000c7a5f173 by task kunit_try_catch/223 [ 19.911220] [ 19.911261] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 19.911350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.911377] Hardware name: linux,dummy-virt (DT) [ 19.911413] Call trace: [ 19.911437] show_stack+0x20/0x38 (C) [ 19.911487] dump_stack_lvl+0x8c/0xd0 [ 19.911536] print_report+0x118/0x608 [ 19.911582] kasan_report+0xdc/0x128 [ 19.911625] __asan_report_load1_noabort+0x20/0x30 [ 19.911676] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.911728] mempool_kmalloc_oob_right+0xc4/0x120 [ 19.911779] kunit_try_run_case+0x170/0x3f0 [ 19.911830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.911915] kthread+0x328/0x630 [ 19.911962] ret_from_fork+0x10/0x20 [ 19.912012] [ 19.912031] Allocated by task 223: [ 19.912059] kasan_save_stack+0x3c/0x68 [ 19.912100] kasan_save_track+0x20/0x40 [ 19.912139] kasan_save_alloc_info+0x40/0x58 [ 19.912177] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.912221] remove_element+0x130/0x1f8 [ 19.912261] mempool_alloc_preallocated+0x58/0xc0 [ 19.912303] mempool_oob_right_helper+0x98/0x2f0 [ 19.912346] mempool_kmalloc_oob_right+0xc4/0x120 [ 19.912386] kunit_try_run_case+0x170/0x3f0 [ 19.912427] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.912471] kthread+0x328/0x630 [ 19.912527] ret_from_fork+0x10/0x20 [ 19.912563] [ 19.912583] The buggy address belongs to the object at fff00000c7a5f100 [ 19.912583] which belongs to the cache kmalloc-128 of size 128 [ 19.912642] The buggy address is located 0 bytes to the right of [ 19.912642] allocated 115-byte region [fff00000c7a5f100, fff00000c7a5f173) [ 19.912710] [ 19.912731] The buggy address belongs to the physical page: [ 19.912764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a5f [ 19.912819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.912882] page_type: f5(slab) [ 19.912927] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.912980] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.913023] page dumped because: kasan: bad access detected [ 19.913059] [ 19.913077] Memory state around the buggy address: [ 19.913111] fff00000c7a5f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.913158] fff00000c7a5f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.913205] >fff00000c7a5f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.913249] ^ [ 19.913293] fff00000c7a5f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.913341] fff00000c7a5f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.913382] ================================================================== [ 19.952297] ================================================================== [ 19.952418] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.952484] Read of size 1 at addr fff00000c5c432bb by task kunit_try_catch/227 [ 19.952538] [ 19.952571] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 19.953355] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.954038] Hardware name: linux,dummy-virt (DT) [ 19.954738] Call trace: [ 19.954802] show_stack+0x20/0x38 (C) [ 19.955068] dump_stack_lvl+0x8c/0xd0 [ 19.955325] print_report+0x118/0x608 [ 19.955504] kasan_report+0xdc/0x128 [ 19.955668] __asan_report_load1_noabort+0x20/0x30 [ 19.955727] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.956083] mempool_slab_oob_right+0xc0/0x118 [ 19.956238] kunit_try_run_case+0x170/0x3f0 [ 19.956401] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.956532] kthread+0x328/0x630 [ 19.956758] ret_from_fork+0x10/0x20 [ 19.956869] [ 19.956889] Allocated by task 227: [ 19.956917] kasan_save_stack+0x3c/0x68 [ 19.956957] kasan_save_track+0x20/0x40 [ 19.957049] kasan_save_alloc_info+0x40/0x58 [ 19.957090] __kasan_mempool_unpoison_object+0xbc/0x180 [ 19.957299] remove_element+0x16c/0x1f8 [ 19.957562] mempool_alloc_preallocated+0x58/0xc0 [ 19.957697] mempool_oob_right_helper+0x98/0x2f0 [ 19.957902] mempool_slab_oob_right+0xc0/0x118 [ 19.957960] kunit_try_run_case+0x170/0x3f0 [ 19.958086] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.958338] kthread+0x328/0x630 [ 19.958377] ret_from_fork+0x10/0x20 [ 19.958614] [ 19.958661] The buggy address belongs to the object at fff00000c5c43240 [ 19.958661] which belongs to the cache test_cache of size 123 [ 19.959103] The buggy address is located 0 bytes to the right of [ 19.959103] allocated 123-byte region [fff00000c5c43240, fff00000c5c432bb) [ 19.959178] [ 19.959516] The buggy address belongs to the physical page: [ 19.959750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c43 [ 19.959825] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.960086] page_type: f5(slab) [ 19.960217] raw: 0bfffe0000000000 fff00000c59d6a00 dead000000000122 0000000000000000 [ 19.960415] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 19.960461] page dumped because: kasan: bad access detected [ 19.960751] [ 19.960779] Memory state around the buggy address: [ 19.960878] fff00000c5c43180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.960925] fff00000c5c43200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 19.960970] >fff00000c5c43280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 19.961086] ^ [ 19.961123] fff00000c5c43300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.961352] fff00000c5c43380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.961396] ==================================================================
[ 12.373991] ================================================================== [ 12.374454] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.375120] Read of size 1 at addr ffff8881029f9573 by task kunit_try_catch/240 [ 12.375350] [ 12.375444] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 12.375495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.375508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.375531] Call Trace: [ 12.375544] <TASK> [ 12.375565] dump_stack_lvl+0x73/0xb0 [ 12.375595] print_report+0xd1/0x650 [ 12.375619] ? __virt_addr_valid+0x1db/0x2d0 [ 12.375641] ? mempool_oob_right_helper+0x318/0x380 [ 12.375664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.375687] ? mempool_oob_right_helper+0x318/0x380 [ 12.375711] kasan_report+0x141/0x180 [ 12.375733] ? mempool_oob_right_helper+0x318/0x380 [ 12.375761] __asan_report_load1_noabort+0x18/0x20 [ 12.375782] mempool_oob_right_helper+0x318/0x380 [ 12.375806] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.375831] ? dequeue_entities+0x852/0x1740 [ 12.375857] ? finish_task_switch.isra.0+0x153/0x700 [ 12.375884] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.375908] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 12.375941] ? dequeue_task_fair+0x166/0x4e0 [ 12.375963] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.375985] ? __pfx_mempool_kfree+0x10/0x10 [ 12.376008] ? __pfx_read_tsc+0x10/0x10 [ 12.376029] ? ktime_get_ts64+0x86/0x230 [ 12.376056] kunit_try_run_case+0x1a5/0x480 [ 12.376083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.376105] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.376130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.376154] ? __kthread_parkme+0x82/0x180 [ 12.376177] ? preempt_count_sub+0x50/0x80 [ 12.376202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.376226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.376255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.376278] kthread+0x337/0x6f0 [ 12.376295] ? trace_preempt_on+0x20/0xc0 [ 12.376318] ? __pfx_kthread+0x10/0x10 [ 12.376336] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.376358] ? calculate_sigpending+0x7b/0xa0 [ 12.376379] ? __pfx_kthread+0x10/0x10 [ 12.376398] ret_from_fork+0x41/0x80 [ 12.376418] ? __pfx_kthread+0x10/0x10 [ 12.376436] ret_from_fork_asm+0x1a/0x30 [ 12.376467] </TASK> [ 12.376479] [ 12.387392] Allocated by task 240: [ 12.387603] kasan_save_stack+0x45/0x70 [ 12.388271] kasan_save_track+0x18/0x40 [ 12.388440] kasan_save_alloc_info+0x3b/0x50 [ 12.388678] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.389154] remove_element+0x11e/0x190 [ 12.389356] mempool_alloc_preallocated+0x4d/0x90 [ 12.389585] mempool_oob_right_helper+0x8a/0x380 [ 12.389935] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.390098] kunit_try_run_case+0x1a5/0x480 [ 12.390382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.390872] kthread+0x337/0x6f0 [ 12.391157] ret_from_fork+0x41/0x80 [ 12.391485] ret_from_fork_asm+0x1a/0x30 [ 12.391780] [ 12.392045] The buggy address belongs to the object at ffff8881029f9500 [ 12.392045] which belongs to the cache kmalloc-128 of size 128 [ 12.392548] The buggy address is located 0 bytes to the right of [ 12.392548] allocated 115-byte region [ffff8881029f9500, ffff8881029f9573) [ 12.393441] [ 12.393662] The buggy address belongs to the physical page: [ 12.394101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 12.394514] flags: 0x200000000000000(node=0|zone=2) [ 12.395232] page_type: f5(slab) [ 12.395474] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.396011] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.396515] page dumped because: kasan: bad access detected [ 12.396949] [ 12.397026] Memory state around the buggy address: [ 12.397325] ffff8881029f9400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.397632] ffff8881029f9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.398267] >ffff8881029f9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.398740] ^ [ 12.399234] ffff8881029f9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.399792] ffff8881029f9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.400196] ================================================================== [ 12.404078] ================================================================== [ 12.404542] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.404955] Read of size 1 at addr ffff888102f7e001 by task kunit_try_catch/242 [ 12.405273] [ 12.405732] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 12.405820] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.405833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.405896] Call Trace: [ 12.405910] <TASK> [ 12.405948] dump_stack_lvl+0x73/0xb0 [ 12.405980] print_report+0xd1/0x650 [ 12.406004] ? __virt_addr_valid+0x1db/0x2d0 [ 12.406029] ? mempool_oob_right_helper+0x318/0x380 [ 12.406052] ? kasan_addr_to_slab+0x11/0xa0 [ 12.406074] ? mempool_oob_right_helper+0x318/0x380 [ 12.406098] kasan_report+0x141/0x180 [ 12.406121] ? mempool_oob_right_helper+0x318/0x380 [ 12.406150] __asan_report_load1_noabort+0x18/0x20 [ 12.406171] mempool_oob_right_helper+0x318/0x380 [ 12.406196] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.406219] ? dequeue_entities+0x852/0x1740 [ 12.406246] ? irqentry_exit+0x2a/0x60 [ 12.406265] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.406292] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 12.406342] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.406371] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.406393] ? __pfx_mempool_kfree+0x10/0x10 [ 12.406426] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.406452] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.406479] kunit_try_run_case+0x1a5/0x480 [ 12.406506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.406528] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.406552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.406575] ? __kthread_parkme+0x82/0x180 [ 12.406598] ? preempt_count_sub+0x50/0x80 [ 12.406624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.406649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.406672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.406695] kthread+0x337/0x6f0 [ 12.406712] ? trace_preempt_on+0x20/0xc0 [ 12.406736] ? __pfx_kthread+0x10/0x10 [ 12.406753] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.406775] ? calculate_sigpending+0x7b/0xa0 [ 12.406797] ? __pfx_kthread+0x10/0x10 [ 12.406815] ret_from_fork+0x41/0x80 [ 12.406837] ? __pfx_kthread+0x10/0x10 [ 12.406854] ret_from_fork_asm+0x1a/0x30 [ 12.406887] </TASK> [ 12.406898] [ 12.416521] The buggy address belongs to the physical page: [ 12.416900] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f7c [ 12.417313] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.417706] flags: 0x200000000000040(head|node=0|zone=2) [ 12.418011] page_type: f8(unknown) [ 12.418197] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.418431] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.419077] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.419449] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.420022] head: 0200000000000002 ffffea00040bdf01 00000000ffffffff 00000000ffffffff [ 12.420337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.420782] page dumped because: kasan: bad access detected [ 12.421214] [ 12.421325] Memory state around the buggy address: [ 12.421505] ffff888102f7df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.421962] ffff888102f7df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.422341] >ffff888102f7e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.422707] ^ [ 12.422904] ffff888102f7e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.423272] ffff888102f7e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.423564] ================================================================== [ 12.428041] ================================================================== [ 12.428538] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.428964] Read of size 1 at addr ffff888102a0b2bb by task kunit_try_catch/244 [ 12.429527] [ 12.429746] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 12.429818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.429832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.429857] Call Trace: [ 12.429870] <TASK> [ 12.429891] dump_stack_lvl+0x73/0xb0 [ 12.429963] print_report+0xd1/0x650 [ 12.429989] ? __virt_addr_valid+0x1db/0x2d0 [ 12.430039] ? mempool_oob_right_helper+0x318/0x380 [ 12.430064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.430098] ? mempool_oob_right_helper+0x318/0x380 [ 12.430122] kasan_report+0x141/0x180 [ 12.430145] ? mempool_oob_right_helper+0x318/0x380 [ 12.430173] __asan_report_load1_noabort+0x18/0x20 [ 12.430194] mempool_oob_right_helper+0x318/0x380 [ 12.430216] ? call_rcu+0x12/0x20 [ 12.430240] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.430265] ? __pfx_task_dead_fair+0x10/0x10 [ 12.430293] mempool_slab_oob_right+0xed/0x140 [ 12.430317] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 12.430338] ? dequeue_task_fair+0x156/0x4e0 [ 12.430360] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.430383] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.430405] ? __pfx_read_tsc+0x10/0x10 [ 12.430427] ? ktime_get_ts64+0x86/0x230 [ 12.430453] kunit_try_run_case+0x1a5/0x480 [ 12.430479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.430502] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.430527] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.430551] ? __kthread_parkme+0x82/0x180 [ 12.430572] ? preempt_count_sub+0x50/0x80 [ 12.430599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.430624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.430648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.430671] kthread+0x337/0x6f0 [ 12.430688] ? trace_preempt_on+0x20/0xc0 [ 12.430711] ? __pfx_kthread+0x10/0x10 [ 12.430729] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.430750] ? calculate_sigpending+0x7b/0xa0 [ 12.430771] ? __pfx_kthread+0x10/0x10 [ 12.430790] ret_from_fork+0x41/0x80 [ 12.430810] ? __pfx_kthread+0x10/0x10 [ 12.430828] ret_from_fork_asm+0x1a/0x30 [ 12.430859] </TASK> [ 12.430871] [ 12.440674] Allocated by task 244: [ 12.440995] kasan_save_stack+0x45/0x70 [ 12.441399] kasan_save_track+0x18/0x40 [ 12.441559] kasan_save_alloc_info+0x3b/0x50 [ 12.442039] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 12.442303] remove_element+0x11e/0x190 [ 12.442501] mempool_alloc_preallocated+0x4d/0x90 [ 12.442856] mempool_oob_right_helper+0x8a/0x380 [ 12.443104] mempool_slab_oob_right+0xed/0x140 [ 12.443263] kunit_try_run_case+0x1a5/0x480 [ 12.443522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.443756] kthread+0x337/0x6f0 [ 12.444047] ret_from_fork+0x41/0x80 [ 12.444269] ret_from_fork_asm+0x1a/0x30 [ 12.444411] [ 12.444497] The buggy address belongs to the object at ffff888102a0b240 [ 12.444497] which belongs to the cache test_cache of size 123 [ 12.445128] The buggy address is located 0 bytes to the right of [ 12.445128] allocated 123-byte region [ffff888102a0b240, ffff888102a0b2bb) [ 12.445910] [ 12.446000] The buggy address belongs to the physical page: [ 12.446221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a0b [ 12.446578] flags: 0x200000000000000(node=0|zone=2) [ 12.447172] page_type: f5(slab) [ 12.447388] raw: 0200000000000000 ffff888102109500 dead000000000122 0000000000000000 [ 12.447691] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 12.448176] page dumped because: kasan: bad access detected [ 12.448359] [ 12.448455] Memory state around the buggy address: [ 12.448870] ffff888102a0b180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.449202] ffff888102a0b200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 12.449476] >ffff888102a0b280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 12.449956] ^ [ 12.450125] ffff888102a0b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.450433] ffff888102a0b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.450800] ==================================================================