Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.906478] ================================================================== [ 18.906571] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.906652] Read of size 1 at addr fff00000c3ea7c73 by task kunit_try_catch/221 [ 18.906702] [ 18.906747] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.906834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.906877] Hardware name: linux,dummy-virt (DT) [ 18.906911] Call trace: [ 18.906936] show_stack+0x20/0x38 (C) [ 18.906991] dump_stack_lvl+0x8c/0xd0 [ 18.907044] print_report+0x118/0x5d0 [ 18.907094] kasan_report+0xdc/0x128 [ 18.907140] __asan_report_load1_noabort+0x20/0x30 [ 18.907189] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.907237] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.907284] kunit_try_run_case+0x170/0x3f0 [ 18.907356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.907410] kthread+0x328/0x630 [ 18.907452] ret_from_fork+0x10/0x20 [ 18.907502] [ 18.907523] Allocated by task 221: [ 18.907552] kasan_save_stack+0x3c/0x68 [ 18.907596] kasan_save_track+0x20/0x40 [ 18.907634] kasan_save_alloc_info+0x40/0x58 [ 18.907674] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.907717] remove_element+0x130/0x1f8 [ 18.907756] mempool_alloc_preallocated+0x58/0xc0 [ 18.907795] mempool_oob_right_helper+0x98/0x2f0 [ 18.907835] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.907885] kunit_try_run_case+0x170/0x3f0 [ 18.907923] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.907967] kthread+0x328/0x630 [ 18.907999] ret_from_fork+0x10/0x20 [ 18.908035] [ 18.908056] The buggy address belongs to the object at fff00000c3ea7c00 [ 18.908056] which belongs to the cache kmalloc-128 of size 128 [ 18.908116] The buggy address is located 0 bytes to the right of [ 18.908116] allocated 115-byte region [fff00000c3ea7c00, fff00000c3ea7c73) [ 18.908179] [ 18.908203] The buggy address belongs to the physical page: [ 18.908235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ea7 [ 18.908288] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.908339] page_type: f5(slab) [ 18.908383] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.908434] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.908475] page dumped because: kasan: bad access detected [ 18.908505] [ 18.908525] Memory state around the buggy address: [ 18.908557] fff00000c3ea7b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.908601] fff00000c3ea7b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.908643] >fff00000c3ea7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.908681] ^ [ 18.908720] fff00000c3ea7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.908759] fff00000c3ea7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.908797] ================================================================== [ 18.971204] ================================================================== [ 18.971348] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.971894] Read of size 1 at addr fff00000c78e92bb by task kunit_try_catch/225 [ 18.972074] [ 18.972120] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.972205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.972232] Hardware name: linux,dummy-virt (DT) [ 18.972551] Call trace: [ 18.972861] show_stack+0x20/0x38 (C) [ 18.973173] dump_stack_lvl+0x8c/0xd0 [ 18.973481] print_report+0x118/0x5d0 [ 18.973647] kasan_report+0xdc/0x128 [ 18.973700] __asan_report_load1_noabort+0x20/0x30 [ 18.974030] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.974281] mempool_slab_oob_right+0xc0/0x118 [ 18.974335] kunit_try_run_case+0x170/0x3f0 [ 18.974389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.975042] kthread+0x328/0x630 [ 18.975103] ret_from_fork+0x10/0x20 [ 18.975489] [ 18.975513] Allocated by task 225: [ 18.975572] kasan_save_stack+0x3c/0x68 [ 18.975680] kasan_save_track+0x20/0x40 [ 18.975823] kasan_save_alloc_info+0x40/0x58 [ 18.975916] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.975960] remove_element+0x16c/0x1f8 [ 18.975997] mempool_alloc_preallocated+0x58/0xc0 [ 18.976319] mempool_oob_right_helper+0x98/0x2f0 [ 18.976369] mempool_slab_oob_right+0xc0/0x118 [ 18.976438] kunit_try_run_case+0x170/0x3f0 [ 18.976489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.976675] kthread+0x328/0x630 [ 18.976892] ret_from_fork+0x10/0x20 [ 18.976933] [ 18.977320] The buggy address belongs to the object at fff00000c78e9240 [ 18.977320] which belongs to the cache test_cache of size 123 [ 18.977425] The buggy address is located 0 bytes to the right of [ 18.977425] allocated 123-byte region [fff00000c78e9240, fff00000c78e92bb) [ 18.977840] [ 18.977935] The buggy address belongs to the physical page: [ 18.977982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 18.978060] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.978414] page_type: f5(slab) [ 18.978479] raw: 0bfffe0000000000 fff00000c78af280 dead000000000122 0000000000000000 [ 18.978553] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.978873] page dumped because: kasan: bad access detected [ 18.978935] [ 18.979032] Memory state around the buggy address: [ 18.979100] fff00000c78e9180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.979465] fff00000c78e9200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.979549] >fff00000c78e9280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.979839] ^ [ 18.980031] fff00000c78e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.980180] fff00000c78e9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.980244] ================================================================== [ 18.937723] ================================================================== [ 18.937829] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.937940] Read of size 1 at addr fff00000c616e001 by task kunit_try_catch/223 [ 18.937991] [ 18.938033] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.938139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.938164] Hardware name: linux,dummy-virt (DT) [ 18.938197] Call trace: [ 18.938221] show_stack+0x20/0x38 (C) [ 18.938273] dump_stack_lvl+0x8c/0xd0 [ 18.938323] print_report+0x118/0x5d0 [ 18.938372] kasan_report+0xdc/0x128 [ 18.938416] __asan_report_load1_noabort+0x20/0x30 [ 18.938469] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.938515] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.938567] kunit_try_run_case+0x170/0x3f0 [ 18.938615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.938668] kthread+0x328/0x630 [ 18.938712] ret_from_fork+0x10/0x20 [ 18.938762] [ 18.938784] The buggy address belongs to the physical page: [ 18.938820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 18.938888] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.938937] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.938996] page_type: f8(unknown) [ 18.939041] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.939092] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.939142] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.939191] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.939243] head: 0bfffe0000000002 ffffc1ffc3185b01 00000000ffffffff 00000000ffffffff [ 18.939301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.939346] page dumped because: kasan: bad access detected [ 18.939379] [ 18.939397] Memory state around the buggy address: [ 18.939433] fff00000c616df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.939479] fff00000c616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.939524] >fff00000c616e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.939563] ^ [ 18.939591] fff00000c616e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.939632] fff00000c616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.939671] ==================================================================
[ 18.619380] ================================================================== [ 18.619488] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.619564] Read of size 1 at addr fff00000c7a4e2bb by task kunit_try_catch/225 [ 18.619615] [ 18.619662] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.619754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.619782] Hardware name: linux,dummy-virt (DT) [ 18.619817] Call trace: [ 18.619845] show_stack+0x20/0x38 (C) [ 18.619898] dump_stack_lvl+0x8c/0xd0 [ 18.619958] print_report+0x118/0x5d0 [ 18.620009] kasan_report+0xdc/0x128 [ 18.620055] __asan_report_load1_noabort+0x20/0x30 [ 18.620108] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.620162] mempool_slab_oob_right+0xc0/0x118 [ 18.620211] kunit_try_run_case+0x170/0x3f0 [ 18.620261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.620315] kthread+0x328/0x630 [ 18.620371] ret_from_fork+0x10/0x20 [ 18.620422] [ 18.620440] Allocated by task 225: [ 18.620472] kasan_save_stack+0x3c/0x68 [ 18.620882] kasan_save_track+0x20/0x40 [ 18.620930] kasan_save_alloc_info+0x40/0x58 [ 18.620971] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.621014] remove_element+0x16c/0x1f8 [ 18.621053] mempool_alloc_preallocated+0x58/0xc0 [ 18.621094] mempool_oob_right_helper+0x98/0x2f0 [ 18.621132] mempool_slab_oob_right+0xc0/0x118 [ 18.621169] kunit_try_run_case+0x170/0x3f0 [ 18.621208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.621250] kthread+0x328/0x630 [ 18.621282] ret_from_fork+0x10/0x20 [ 18.621335] [ 18.621356] The buggy address belongs to the object at fff00000c7a4e240 [ 18.621356] which belongs to the cache test_cache of size 123 [ 18.621415] The buggy address is located 0 bytes to the right of [ 18.621415] allocated 123-byte region [fff00000c7a4e240, fff00000c7a4e2bb) [ 18.621478] [ 18.621499] The buggy address belongs to the physical page: [ 18.621533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 18.621588] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.621637] page_type: f5(slab) [ 18.621682] raw: 0bfffe0000000000 fff00000ffe8ef00 dead000000000122 0000000000000000 [ 18.621731] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.621772] page dumped because: kasan: bad access detected [ 18.621804] [ 18.621822] Memory state around the buggy address: [ 18.621854] fff00000c7a4e180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.621898] fff00000c7a4e200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.621941] >fff00000c7a4e280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.621978] ^ [ 18.622010] fff00000c7a4e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.622051] fff00000c7a4e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.622090] ================================================================== [ 18.571979] ================================================================== [ 18.572059] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.572126] Read of size 1 at addr fff00000c65ce001 by task kunit_try_catch/223 [ 18.572183] [ 18.572223] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.572316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.572436] Hardware name: linux,dummy-virt (DT) [ 18.572605] Call trace: [ 18.572749] show_stack+0x20/0x38 (C) [ 18.572812] dump_stack_lvl+0x8c/0xd0 [ 18.572866] print_report+0x118/0x5d0 [ 18.572913] kasan_report+0xdc/0x128 [ 18.572957] __asan_report_load1_noabort+0x20/0x30 [ 18.575195] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.575284] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.575530] kunit_try_run_case+0x170/0x3f0 [ 18.576182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.576546] kthread+0x328/0x630 [ 18.577273] ret_from_fork+0x10/0x20 [ 18.577538] [ 18.577755] The buggy address belongs to the physical page: [ 18.578402] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065cc [ 18.578481] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.578531] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.578588] page_type: f8(unknown) [ 18.578632] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.578682] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.578732] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.578780] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.578829] head: 0bfffe0000000002 ffffc1ffc3197301 00000000ffffffff 00000000ffffffff [ 18.578878] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.578921] page dumped because: kasan: bad access detected [ 18.578954] [ 18.578973] Memory state around the buggy address: [ 18.579008] fff00000c65cdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.579050] fff00000c65cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.579093] >fff00000c65ce000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.579129] ^ [ 18.581811] fff00000c65ce080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.581925] fff00000c65ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.582493] ================================================================== [ 18.555840] ================================================================== [ 18.555940] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.556022] Read of size 1 at addr fff00000c790a273 by task kunit_try_catch/221 [ 18.556074] [ 18.556125] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.556220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.556246] Hardware name: linux,dummy-virt (DT) [ 18.556281] Call trace: [ 18.556307] show_stack+0x20/0x38 (C) [ 18.556372] dump_stack_lvl+0x8c/0xd0 [ 18.556424] print_report+0x118/0x5d0 [ 18.556470] kasan_report+0xdc/0x128 [ 18.556630] __asan_report_load1_noabort+0x20/0x30 [ 18.556686] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.556735] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.556783] kunit_try_run_case+0x170/0x3f0 [ 18.556843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.556897] kthread+0x328/0x630 [ 18.556940] ret_from_fork+0x10/0x20 [ 18.556989] [ 18.557010] Allocated by task 221: [ 18.557039] kasan_save_stack+0x3c/0x68 [ 18.557083] kasan_save_track+0x20/0x40 [ 18.557120] kasan_save_alloc_info+0x40/0x58 [ 18.557160] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.557202] remove_element+0x130/0x1f8 [ 18.557247] mempool_alloc_preallocated+0x58/0xc0 [ 18.557285] mempool_oob_right_helper+0x98/0x2f0 [ 18.557336] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.557376] kunit_try_run_case+0x170/0x3f0 [ 18.557415] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.557459] kthread+0x328/0x630 [ 18.557491] ret_from_fork+0x10/0x20 [ 18.557528] [ 18.557548] The buggy address belongs to the object at fff00000c790a200 [ 18.557548] which belongs to the cache kmalloc-128 of size 128 [ 18.557614] The buggy address is located 0 bytes to the right of [ 18.557614] allocated 115-byte region [fff00000c790a200, fff00000c790a273) [ 18.557678] [ 18.557700] The buggy address belongs to the physical page: [ 18.557733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790a [ 18.557788] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.557842] page_type: f5(slab) [ 18.557886] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.557935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.557975] page dumped because: kasan: bad access detected [ 18.558009] [ 18.558027] Memory state around the buggy address: [ 18.558060] fff00000c790a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.558103] fff00000c790a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.558146] >fff00000c790a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.558185] ^ [ 18.558225] fff00000c790a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.558266] fff00000c790a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.558305] ==================================================================
[ 18.526292] ================================================================== [ 18.526365] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.526444] Read of size 1 at addr fff00000c472cb73 by task kunit_try_catch/221 [ 18.526495] [ 18.526539] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.526625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.526652] Hardware name: linux,dummy-virt (DT) [ 18.526689] Call trace: [ 18.526727] show_stack+0x20/0x38 (C) [ 18.526781] dump_stack_lvl+0x8c/0xd0 [ 18.526832] print_report+0x118/0x5d0 [ 18.526999] kasan_report+0xdc/0x128 [ 18.527044] __asan_report_load1_noabort+0x20/0x30 [ 18.527095] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.527143] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.527191] kunit_try_run_case+0x170/0x3f0 [ 18.527241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.527293] kthread+0x328/0x630 [ 18.527335] ret_from_fork+0x10/0x20 [ 18.527385] [ 18.527404] Allocated by task 221: [ 18.527436] kasan_save_stack+0x3c/0x68 [ 18.527477] kasan_save_track+0x20/0x40 [ 18.527514] kasan_save_alloc_info+0x40/0x58 [ 18.527554] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.527598] remove_element+0x130/0x1f8 [ 18.527635] mempool_alloc_preallocated+0x58/0xc0 [ 18.527674] mempool_oob_right_helper+0x98/0x2f0 [ 18.527727] mempool_kmalloc_oob_right+0xc4/0x120 [ 18.527769] kunit_try_run_case+0x170/0x3f0 [ 18.527808] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.527850] kthread+0x328/0x630 [ 18.527883] ret_from_fork+0x10/0x20 [ 18.527918] [ 18.527939] The buggy address belongs to the object at fff00000c472cb00 [ 18.527939] which belongs to the cache kmalloc-128 of size 128 [ 18.527998] The buggy address is located 0 bytes to the right of [ 18.527998] allocated 115-byte region [fff00000c472cb00, fff00000c472cb73) [ 18.528060] [ 18.528082] The buggy address belongs to the physical page: [ 18.528116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10472c [ 18.528171] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.528224] page_type: f5(slab) [ 18.528268] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.528317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.528358] page dumped because: kasan: bad access detected [ 18.528388] [ 18.528406] Memory state around the buggy address: [ 18.528440] fff00000c472ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.528484] fff00000c472ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.528527] >fff00000c472cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.528566] ^ [ 18.528606] fff00000c472cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.528648] fff00000c472cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.528686] ================================================================== [ 18.542302] ================================================================== [ 18.542366] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.543007] Read of size 1 at addr fff00000c646e001 by task kunit_try_catch/223 [ 18.543090] [ 18.543130] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.543736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.543786] Hardware name: linux,dummy-virt (DT) [ 18.543821] Call trace: [ 18.544016] show_stack+0x20/0x38 (C) [ 18.544604] dump_stack_lvl+0x8c/0xd0 [ 18.544676] print_report+0x118/0x5d0 [ 18.544733] kasan_report+0xdc/0x128 [ 18.545191] __asan_report_load1_noabort+0x20/0x30 [ 18.545259] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.545371] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 18.545425] kunit_try_run_case+0x170/0x3f0 [ 18.545474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.546229] kthread+0x328/0x630 [ 18.546675] ret_from_fork+0x10/0x20 [ 18.546862] [ 18.546884] The buggy address belongs to the physical page: [ 18.546920] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10646c [ 18.546978] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.547567] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.547936] page_type: f8(unknown) [ 18.547981] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.548294] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.548415] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.548467] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.548517] head: 0bfffe0000000002 ffffc1ffc3191b01 00000000ffffffff 00000000ffffffff [ 18.548985] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.549047] page dumped because: kasan: bad access detected [ 18.549082] [ 18.549121] Memory state around the buggy address: [ 18.549200] fff00000c646df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.549245] fff00000c646df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.549288] >fff00000c646e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.549814] ^ [ 18.549850] fff00000c646e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.549894] fff00000c646e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.550189] ================================================================== [ 18.565469] ================================================================== [ 18.565763] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 18.566146] Read of size 1 at addr fff00000c64182bb by task kunit_try_catch/225 [ 18.566227] [ 18.566930] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.567106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.567457] Hardware name: linux,dummy-virt (DT) [ 18.567500] Call trace: [ 18.567524] show_stack+0x20/0x38 (C) [ 18.567844] dump_stack_lvl+0x8c/0xd0 [ 18.568014] print_report+0x118/0x5d0 [ 18.568210] kasan_report+0xdc/0x128 [ 18.568489] __asan_report_load1_noabort+0x20/0x30 [ 18.568962] mempool_oob_right_helper+0x2ac/0x2f0 [ 18.569061] mempool_slab_oob_right+0xc0/0x118 [ 18.569110] kunit_try_run_case+0x170/0x3f0 [ 18.569159] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.569682] kthread+0x328/0x630 [ 18.570487] ret_from_fork+0x10/0x20 [ 18.570806] [ 18.570949] Allocated by task 225: [ 18.570990] kasan_save_stack+0x3c/0x68 [ 18.571037] kasan_save_track+0x20/0x40 [ 18.571120] kasan_save_alloc_info+0x40/0x58 [ 18.571171] __kasan_mempool_unpoison_object+0xbc/0x180 [ 18.571216] remove_element+0x16c/0x1f8 [ 18.571258] mempool_alloc_preallocated+0x58/0xc0 [ 18.571296] mempool_oob_right_helper+0x98/0x2f0 [ 18.571598] mempool_slab_oob_right+0xc0/0x118 [ 18.571817] kunit_try_run_case+0x170/0x3f0 [ 18.571924] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.572125] kthread+0x328/0x630 [ 18.572161] ret_from_fork+0x10/0x20 [ 18.572197] [ 18.572843] The buggy address belongs to the object at fff00000c6418240 [ 18.572843] which belongs to the cache test_cache of size 123 [ 18.573009] The buggy address is located 0 bytes to the right of [ 18.573009] allocated 123-byte region [fff00000c6418240, fff00000c64182bb) [ 18.573159] [ 18.573181] The buggy address belongs to the physical page: [ 18.573751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418 [ 18.574001] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.574460] page_type: f5(slab) [ 18.574671] raw: 0bfffe0000000000 fff00000c1bfc500 dead000000000122 0000000000000000 [ 18.575006] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 18.575287] page dumped because: kasan: bad access detected [ 18.575367] [ 18.575589] Memory state around the buggy address: [ 18.575632] fff00000c6418180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.575679] fff00000c6418200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 18.575736] >fff00000c6418280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 18.575776] ^ [ 18.575813] fff00000c6418300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.575855] fff00000c6418380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.575895] ==================================================================
[ 13.674734] ================================================================== [ 13.675180] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.675429] Read of size 1 at addr ffff888103a1e001 by task kunit_try_catch/240 [ 13.676185] [ 13.676695] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.676745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.676757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.676781] Call Trace: [ 13.676793] <TASK> [ 13.676809] dump_stack_lvl+0x73/0xb0 [ 13.676840] print_report+0xd1/0x610 [ 13.676862] ? __virt_addr_valid+0x1db/0x2d0 [ 13.676884] ? mempool_oob_right_helper+0x318/0x380 [ 13.676922] ? kasan_addr_to_slab+0x11/0xa0 [ 13.676942] ? mempool_oob_right_helper+0x318/0x380 [ 13.676966] kasan_report+0x141/0x180 [ 13.676988] ? mempool_oob_right_helper+0x318/0x380 [ 13.677017] __asan_report_load1_noabort+0x18/0x20 [ 13.677041] mempool_oob_right_helper+0x318/0x380 [ 13.677066] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.677092] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.677114] ? finish_task_switch.isra.0+0x153/0x700 [ 13.677141] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.677166] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.677194] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.677218] ? __pfx_mempool_kfree+0x10/0x10 [ 13.677242] ? __pfx_read_tsc+0x10/0x10 [ 13.677262] ? ktime_get_ts64+0x86/0x230 [ 13.677288] kunit_try_run_case+0x1a5/0x480 [ 13.677313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.677335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.677359] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.677383] ? __kthread_parkme+0x82/0x180 [ 13.677403] ? preempt_count_sub+0x50/0x80 [ 13.677452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.677476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.677500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.677524] kthread+0x337/0x6f0 [ 13.677543] ? trace_preempt_on+0x20/0xc0 [ 13.677579] ? __pfx_kthread+0x10/0x10 [ 13.677599] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.677622] ? calculate_sigpending+0x7b/0xa0 [ 13.677646] ? __pfx_kthread+0x10/0x10 [ 13.677667] ret_from_fork+0x116/0x1d0 [ 13.677685] ? __pfx_kthread+0x10/0x10 [ 13.677705] ret_from_fork_asm+0x1a/0x30 [ 13.677738] </TASK> [ 13.677749] [ 13.688677] The buggy address belongs to the physical page: [ 13.688970] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a1c [ 13.689314] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.689711] flags: 0x200000000000040(head|node=0|zone=2) [ 13.689975] page_type: f8(unknown) [ 13.690177] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.690493] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.691085] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.691401] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.691698] head: 0200000000000002 ffffea00040e8701 00000000ffffffff 00000000ffffffff [ 13.692073] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.692467] page dumped because: kasan: bad access detected [ 13.692723] [ 13.692816] Memory state around the buggy address: [ 13.693131] ffff888103a1df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.693422] ffff888103a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.693788] >ffff888103a1e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.694134] ^ [ 13.694299] ffff888103a1e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.694694] ffff888103a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.695142] ================================================================== [ 13.649927] ================================================================== [ 13.650387] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.650826] Read of size 1 at addr ffff888102e24973 by task kunit_try_catch/238 [ 13.651175] [ 13.651328] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.651378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.651389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.651413] Call Trace: [ 13.651426] <TASK> [ 13.651444] dump_stack_lvl+0x73/0xb0 [ 13.651478] print_report+0xd1/0x610 [ 13.651501] ? __virt_addr_valid+0x1db/0x2d0 [ 13.651526] ? mempool_oob_right_helper+0x318/0x380 [ 13.651550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.651572] ? mempool_oob_right_helper+0x318/0x380 [ 13.651596] kasan_report+0x141/0x180 [ 13.651617] ? mempool_oob_right_helper+0x318/0x380 [ 13.651646] __asan_report_load1_noabort+0x18/0x20 [ 13.651670] mempool_oob_right_helper+0x318/0x380 [ 13.651695] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.651721] ? __kasan_check_write+0x18/0x20 [ 13.651740] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.651763] ? finish_task_switch.isra.0+0x153/0x700 [ 13.651790] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.651813] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.651841] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.651865] ? __pfx_mempool_kfree+0x10/0x10 [ 13.651890] ? __pfx_read_tsc+0x10/0x10 [ 13.651923] ? ktime_get_ts64+0x86/0x230 [ 13.651949] kunit_try_run_case+0x1a5/0x480 [ 13.651975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.651997] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.652050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.652075] ? __kthread_parkme+0x82/0x180 [ 13.652096] ? preempt_count_sub+0x50/0x80 [ 13.652163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.652186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.652211] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.652246] kthread+0x337/0x6f0 [ 13.652265] ? trace_preempt_on+0x20/0xc0 [ 13.652288] ? __pfx_kthread+0x10/0x10 [ 13.652308] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.652330] ? calculate_sigpending+0x7b/0xa0 [ 13.652355] ? __pfx_kthread+0x10/0x10 [ 13.652376] ret_from_fork+0x116/0x1d0 [ 13.652395] ? __pfx_kthread+0x10/0x10 [ 13.652415] ret_from_fork_asm+0x1a/0x30 [ 13.652448] </TASK> [ 13.652458] [ 13.660928] Allocated by task 238: [ 13.661092] kasan_save_stack+0x45/0x70 [ 13.661617] kasan_save_track+0x18/0x40 [ 13.661830] kasan_save_alloc_info+0x3b/0x50 [ 13.662123] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.662303] remove_element+0x11e/0x190 [ 13.662443] mempool_alloc_preallocated+0x4d/0x90 [ 13.662848] mempool_oob_right_helper+0x8a/0x380 [ 13.663182] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.663463] kunit_try_run_case+0x1a5/0x480 [ 13.663796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.664105] kthread+0x337/0x6f0 [ 13.664237] ret_from_fork+0x116/0x1d0 [ 13.664372] ret_from_fork_asm+0x1a/0x30 [ 13.664832] [ 13.664981] The buggy address belongs to the object at ffff888102e24900 [ 13.664981] which belongs to the cache kmalloc-128 of size 128 [ 13.665499] The buggy address is located 0 bytes to the right of [ 13.665499] allocated 115-byte region [ffff888102e24900, ffff888102e24973) [ 13.666248] [ 13.666356] The buggy address belongs to the physical page: [ 13.666687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102e24 [ 13.667166] flags: 0x200000000000000(node=0|zone=2) [ 13.667442] page_type: f5(slab) [ 13.667747] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.668179] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.668423] page dumped because: kasan: bad access detected [ 13.668873] [ 13.669004] Memory state around the buggy address: [ 13.669234] ffff888102e24800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.669662] ffff888102e24880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.669924] >ffff888102e24900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.670251] ^ [ 13.670623] ffff888102e24980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.670933] ffff888102e24a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.671260] ================================================================== [ 13.699566] ================================================================== [ 13.701102] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.701987] Read of size 1 at addr ffff8881029ac2bb by task kunit_try_catch/242 [ 13.702214] [ 13.702313] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.702665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.702680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.702705] Call Trace: [ 13.702719] <TASK> [ 13.702750] dump_stack_lvl+0x73/0xb0 [ 13.702795] print_report+0xd1/0x610 [ 13.702818] ? __virt_addr_valid+0x1db/0x2d0 [ 13.702845] ? mempool_oob_right_helper+0x318/0x380 [ 13.702869] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.703120] ? mempool_oob_right_helper+0x318/0x380 [ 13.703160] kasan_report+0x141/0x180 [ 13.703184] ? mempool_oob_right_helper+0x318/0x380 [ 13.703215] __asan_report_load1_noabort+0x18/0x20 [ 13.703241] mempool_oob_right_helper+0x318/0x380 [ 13.703266] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.703296] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.703322] ? finish_task_switch.isra.0+0x153/0x700 [ 13.703349] mempool_slab_oob_right+0xed/0x140 [ 13.703374] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.703402] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.703428] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.703453] ? __pfx_read_tsc+0x10/0x10 [ 13.703475] ? ktime_get_ts64+0x86/0x230 [ 13.703500] kunit_try_run_case+0x1a5/0x480 [ 13.703537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.703561] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.703588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.703612] ? __kthread_parkme+0x82/0x180 [ 13.703633] ? preempt_count_sub+0x50/0x80 [ 13.703657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.703681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.703705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.703730] kthread+0x337/0x6f0 [ 13.703749] ? trace_preempt_on+0x20/0xc0 [ 13.703773] ? __pfx_kthread+0x10/0x10 [ 13.703793] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.703814] ? calculate_sigpending+0x7b/0xa0 [ 13.703839] ? __pfx_kthread+0x10/0x10 [ 13.703860] ret_from_fork+0x116/0x1d0 [ 13.703880] ? __pfx_kthread+0x10/0x10 [ 13.703908] ret_from_fork_asm+0x1a/0x30 [ 13.703942] </TASK> [ 13.703954] [ 13.718563] Allocated by task 242: [ 13.718988] kasan_save_stack+0x45/0x70 [ 13.719527] kasan_save_track+0x18/0x40 [ 13.720164] kasan_save_alloc_info+0x3b/0x50 [ 13.720630] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.721285] remove_element+0x11e/0x190 [ 13.721703] mempool_alloc_preallocated+0x4d/0x90 [ 13.722237] mempool_oob_right_helper+0x8a/0x380 [ 13.722670] mempool_slab_oob_right+0xed/0x140 [ 13.722849] kunit_try_run_case+0x1a5/0x480 [ 13.723078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.723704] kthread+0x337/0x6f0 [ 13.724124] ret_from_fork+0x116/0x1d0 [ 13.724562] ret_from_fork_asm+0x1a/0x30 [ 13.725005] [ 13.725183] The buggy address belongs to the object at ffff8881029ac240 [ 13.725183] which belongs to the cache test_cache of size 123 [ 13.725861] The buggy address is located 0 bytes to the right of [ 13.725861] allocated 123-byte region [ffff8881029ac240, ffff8881029ac2bb) [ 13.726541] [ 13.726617] The buggy address belongs to the physical page: [ 13.727371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ac [ 13.727874] flags: 0x200000000000000(node=0|zone=2) [ 13.728135] page_type: f5(slab) [ 13.728293] raw: 0200000000000000 ffff888100fb8dc0 dead000000000122 0000000000000000 [ 13.728580] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.728876] page dumped because: kasan: bad access detected [ 13.729112] [ 13.729199] Memory state around the buggy address: [ 13.729404] ffff8881029ac180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.729688] ffff8881029ac200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.730061] >ffff8881029ac280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.730385] ^ [ 13.730609] ffff8881029ac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.730887] ffff8881029ac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.731266] ==================================================================
[ 13.509795] ================================================================== [ 13.510300] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.510966] Read of size 1 at addr ffff888102bf6001 by task kunit_try_catch/241 [ 13.511322] [ 13.511428] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.511490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.511501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.511524] Call Trace: [ 13.511536] <TASK> [ 13.511554] dump_stack_lvl+0x73/0xb0 [ 13.511586] print_report+0xd1/0x610 [ 13.511610] ? __virt_addr_valid+0x1db/0x2d0 [ 13.511633] ? mempool_oob_right_helper+0x318/0x380 [ 13.511657] ? kasan_addr_to_slab+0x11/0xa0 [ 13.511677] ? mempool_oob_right_helper+0x318/0x380 [ 13.511701] kasan_report+0x141/0x180 [ 13.511723] ? mempool_oob_right_helper+0x318/0x380 [ 13.511753] __asan_report_load1_noabort+0x18/0x20 [ 13.511777] mempool_oob_right_helper+0x318/0x380 [ 13.511802] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.511827] ? __kasan_check_write+0x18/0x20 [ 13.511847] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.511869] ? finish_task_switch.isra.0+0x153/0x700 [ 13.511897] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.511923] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.511951] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.511975] ? __pfx_mempool_kfree+0x10/0x10 [ 13.512000] ? __pfx_read_tsc+0x10/0x10 [ 13.512021] ? ktime_get_ts64+0x86/0x230 [ 13.512060] kunit_try_run_case+0x1a5/0x480 [ 13.512097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.512121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.512146] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.512169] ? __kthread_parkme+0x82/0x180 [ 13.512191] ? preempt_count_sub+0x50/0x80 [ 13.512214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.512237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.512261] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.512285] kthread+0x337/0x6f0 [ 13.512303] ? trace_preempt_on+0x20/0xc0 [ 13.512326] ? __pfx_kthread+0x10/0x10 [ 13.512346] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.512368] ? calculate_sigpending+0x7b/0xa0 [ 13.512393] ? __pfx_kthread+0x10/0x10 [ 13.512424] ret_from_fork+0x116/0x1d0 [ 13.512452] ? __pfx_kthread+0x10/0x10 [ 13.512472] ret_from_fork_asm+0x1a/0x30 [ 13.512507] </TASK> [ 13.512518] [ 13.521235] The buggy address belongs to the physical page: [ 13.521547] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bf4 [ 13.521882] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.522199] flags: 0x200000000000040(head|node=0|zone=2) [ 13.522516] page_type: f8(unknown) [ 13.522721] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.522991] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.523220] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.523460] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.523820] head: 0200000000000002 ffffea00040afd01 00000000ffffffff 00000000ffffffff [ 13.524156] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.524498] page dumped because: kasan: bad access detected [ 13.525207] [ 13.525288] Memory state around the buggy address: [ 13.525588] ffff888102bf5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.526359] ffff888102bf5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.527086] >ffff888102bf6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.527481] ^ [ 13.527670] ffff888102bf6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.527958] ffff888102bf6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.528293] ================================================================== [ 13.533169] ================================================================== [ 13.533856] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.534241] Read of size 1 at addr ffff8881026ef2bb by task kunit_try_catch/243 [ 13.535209] [ 13.535309] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.535357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.535369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.535391] Call Trace: [ 13.535403] <TASK> [ 13.535420] dump_stack_lvl+0x73/0xb0 [ 13.535466] print_report+0xd1/0x610 [ 13.535490] ? __virt_addr_valid+0x1db/0x2d0 [ 13.535513] ? mempool_oob_right_helper+0x318/0x380 [ 13.535589] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.535613] ? mempool_oob_right_helper+0x318/0x380 [ 13.535851] kasan_report+0x141/0x180 [ 13.535883] ? mempool_oob_right_helper+0x318/0x380 [ 13.535915] __asan_report_load1_noabort+0x18/0x20 [ 13.535941] mempool_oob_right_helper+0x318/0x380 [ 13.535966] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.535993] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.536018] ? finish_task_switch.isra.0+0x153/0x700 [ 13.536045] mempool_slab_oob_right+0xed/0x140 [ 13.536070] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.536099] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.536123] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.536150] ? __pfx_read_tsc+0x10/0x10 [ 13.536171] ? ktime_get_ts64+0x86/0x230 [ 13.536197] kunit_try_run_case+0x1a5/0x480 [ 13.536222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.536244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.536269] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.536293] ? __kthread_parkme+0x82/0x180 [ 13.536313] ? preempt_count_sub+0x50/0x80 [ 13.536337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.536361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.536384] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.536473] kthread+0x337/0x6f0 [ 13.536496] ? trace_preempt_on+0x20/0xc0 [ 13.536519] ? __pfx_kthread+0x10/0x10 [ 13.536540] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.536561] ? calculate_sigpending+0x7b/0xa0 [ 13.536587] ? __pfx_kthread+0x10/0x10 [ 13.536608] ret_from_fork+0x116/0x1d0 [ 13.536627] ? __pfx_kthread+0x10/0x10 [ 13.536646] ret_from_fork_asm+0x1a/0x30 [ 13.536680] </TASK> [ 13.536689] [ 13.550905] Allocated by task 243: [ 13.551060] kasan_save_stack+0x45/0x70 [ 13.551281] kasan_save_track+0x18/0x40 [ 13.551515] kasan_save_alloc_info+0x3b/0x50 [ 13.551883] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.552104] remove_element+0x11e/0x190 [ 13.552418] mempool_alloc_preallocated+0x4d/0x90 [ 13.552656] mempool_oob_right_helper+0x8a/0x380 [ 13.552844] mempool_slab_oob_right+0xed/0x140 [ 13.553057] kunit_try_run_case+0x1a5/0x480 [ 13.553211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.553388] kthread+0x337/0x6f0 [ 13.553665] ret_from_fork+0x116/0x1d0 [ 13.553862] ret_from_fork_asm+0x1a/0x30 [ 13.554060] [ 13.554156] The buggy address belongs to the object at ffff8881026ef240 [ 13.554156] which belongs to the cache test_cache of size 123 [ 13.554758] The buggy address is located 0 bytes to the right of [ 13.554758] allocated 123-byte region [ffff8881026ef240, ffff8881026ef2bb) [ 13.555255] [ 13.555330] The buggy address belongs to the physical page: [ 13.556228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ef [ 13.556875] flags: 0x200000000000000(node=0|zone=2) [ 13.557121] page_type: f5(slab) [ 13.557292] raw: 0200000000000000 ffff8881015eaa00 dead000000000122 0000000000000000 [ 13.557689] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.557918] page dumped because: kasan: bad access detected [ 13.558448] [ 13.558556] Memory state around the buggy address: [ 13.558778] ffff8881026ef180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.559004] ffff8881026ef200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.559310] >ffff8881026ef280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.559633] ^ [ 13.559857] ffff8881026ef300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.560326] ffff8881026ef380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.560705] ================================================================== [ 13.481240] ================================================================== [ 13.482114] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.482531] Read of size 1 at addr ffff8881026ced73 by task kunit_try_catch/239 [ 13.482887] [ 13.482987] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.483038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.483050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.483072] Call Trace: [ 13.483084] <TASK> [ 13.483103] dump_stack_lvl+0x73/0xb0 [ 13.483136] print_report+0xd1/0x610 [ 13.483161] ? __virt_addr_valid+0x1db/0x2d0 [ 13.483187] ? mempool_oob_right_helper+0x318/0x380 [ 13.483211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.483234] ? mempool_oob_right_helper+0x318/0x380 [ 13.483258] kasan_report+0x141/0x180 [ 13.483280] ? mempool_oob_right_helper+0x318/0x380 [ 13.483309] __asan_report_load1_noabort+0x18/0x20 [ 13.483334] mempool_oob_right_helper+0x318/0x380 [ 13.483359] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.483382] ? update_load_avg+0x1be/0x21b0 [ 13.483473] ? dequeue_entities+0x27e/0x1740 [ 13.483501] ? finish_task_switch.isra.0+0x153/0x700 [ 13.483530] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.483555] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.483583] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.483608] ? __pfx_mempool_kfree+0x10/0x10 [ 13.483634] ? __pfx_read_tsc+0x10/0x10 [ 13.483655] ? ktime_get_ts64+0x86/0x230 [ 13.483681] kunit_try_run_case+0x1a5/0x480 [ 13.483708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.483730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.483772] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.483796] ? __kthread_parkme+0x82/0x180 [ 13.483819] ? preempt_count_sub+0x50/0x80 [ 13.483843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.483866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.483890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.483915] kthread+0x337/0x6f0 [ 13.483935] ? trace_preempt_on+0x20/0xc0 [ 13.483959] ? __pfx_kthread+0x10/0x10 [ 13.483980] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.484001] ? calculate_sigpending+0x7b/0xa0 [ 13.484027] ? __pfx_kthread+0x10/0x10 [ 13.484048] ret_from_fork+0x116/0x1d0 [ 13.484066] ? __pfx_kthread+0x10/0x10 [ 13.484087] ret_from_fork_asm+0x1a/0x30 [ 13.484121] </TASK> [ 13.484131] [ 13.494944] Allocated by task 239: [ 13.495202] kasan_save_stack+0x45/0x70 [ 13.495369] kasan_save_track+0x18/0x40 [ 13.495612] kasan_save_alloc_info+0x3b/0x50 [ 13.496098] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.496413] remove_element+0x11e/0x190 [ 13.496747] mempool_alloc_preallocated+0x4d/0x90 [ 13.496973] mempool_oob_right_helper+0x8a/0x380 [ 13.497192] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.497404] kunit_try_run_case+0x1a5/0x480 [ 13.498030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.498241] kthread+0x337/0x6f0 [ 13.498637] ret_from_fork+0x116/0x1d0 [ 13.498936] ret_from_fork_asm+0x1a/0x30 [ 13.499101] [ 13.499305] The buggy address belongs to the object at ffff8881026ced00 [ 13.499305] which belongs to the cache kmalloc-128 of size 128 [ 13.499851] The buggy address is located 0 bytes to the right of [ 13.499851] allocated 115-byte region [ffff8881026ced00, ffff8881026ced73) [ 13.500355] [ 13.500468] The buggy address belongs to the physical page: [ 13.500772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ce [ 13.501094] flags: 0x200000000000000(node=0|zone=2) [ 13.501333] page_type: f5(slab) [ 13.501515] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.501816] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.502190] page dumped because: kasan: bad access detected [ 13.502482] [ 13.502611] Memory state around the buggy address: [ 13.503183] ffff8881026cec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.503668] ffff8881026cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.503978] >ffff8881026ced00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.504522] ^ [ 13.504992] ffff8881026ced80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.505458] ffff8881026cee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.505950] ==================================================================
[ 13.738197] ================================================================== [ 13.738755] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.739545] Read of size 1 at addr ffff8881029c52bb by task kunit_try_catch/242 [ 13.740249] [ 13.740442] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.740498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.740511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.740536] Call Trace: [ 13.740550] <TASK> [ 13.740759] dump_stack_lvl+0x73/0xb0 [ 13.740805] print_report+0xd1/0x610 [ 13.740830] ? __virt_addr_valid+0x1db/0x2d0 [ 13.740864] ? mempool_oob_right_helper+0x318/0x380 [ 13.740889] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.740913] ? mempool_oob_right_helper+0x318/0x380 [ 13.740937] kasan_report+0x141/0x180 [ 13.740959] ? mempool_oob_right_helper+0x318/0x380 [ 13.740987] __asan_report_load1_noabort+0x18/0x20 [ 13.741074] mempool_oob_right_helper+0x318/0x380 [ 13.741102] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.741135] mempool_slab_oob_right+0xed/0x140 [ 13.741159] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.741187] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.741212] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.741238] ? __pfx_read_tsc+0x10/0x10 [ 13.741261] ? ktime_get_ts64+0x86/0x230 [ 13.741287] kunit_try_run_case+0x1a5/0x480 [ 13.741314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.741337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.741362] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.741385] ? __kthread_parkme+0x82/0x180 [ 13.741407] ? preempt_count_sub+0x50/0x80 [ 13.741445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.741469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.741492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.741516] kthread+0x337/0x6f0 [ 13.741536] ? trace_preempt_on+0x20/0xc0 [ 13.741560] ? __pfx_kthread+0x10/0x10 [ 13.741580] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.741604] ? calculate_sigpending+0x7b/0xa0 [ 13.741631] ? __pfx_kthread+0x10/0x10 [ 13.741652] ret_from_fork+0x116/0x1d0 [ 13.741672] ? __pfx_kthread+0x10/0x10 [ 13.741691] ret_from_fork_asm+0x1a/0x30 [ 13.741724] </TASK> [ 13.741735] [ 13.760512] Allocated by task 242: [ 13.760974] kasan_save_stack+0x45/0x70 [ 13.761168] kasan_save_track+0x18/0x40 [ 13.761306] kasan_save_alloc_info+0x3b/0x50 [ 13.761670] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.762435] remove_element+0x11e/0x190 [ 13.763359] mempool_alloc_preallocated+0x4d/0x90 [ 13.763965] mempool_oob_right_helper+0x8a/0x380 [ 13.764591] mempool_slab_oob_right+0xed/0x140 [ 13.765057] kunit_try_run_case+0x1a5/0x480 [ 13.765683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.765869] kthread+0x337/0x6f0 [ 13.765994] ret_from_fork+0x116/0x1d0 [ 13.766305] ret_from_fork_asm+0x1a/0x30 [ 13.766960] [ 13.767284] The buggy address belongs to the object at ffff8881029c5240 [ 13.767284] which belongs to the cache test_cache of size 123 [ 13.769188] The buggy address is located 0 bytes to the right of [ 13.769188] allocated 123-byte region [ffff8881029c5240, ffff8881029c52bb) [ 13.769921] [ 13.770005] The buggy address belongs to the physical page: [ 13.771034] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 13.771713] flags: 0x200000000000000(node=0|zone=2) [ 13.771887] page_type: f5(slab) [ 13.772037] raw: 0200000000000000 ffff888103419280 dead000000000122 0000000000000000 [ 13.773134] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.773965] page dumped because: kasan: bad access detected [ 13.774597] [ 13.774748] Memory state around the buggy address: [ 13.775362] ffff8881029c5180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.776120] ffff8881029c5200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.776526] >ffff8881029c5280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.776747] ^ [ 13.776920] ffff8881029c5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.777894] ffff8881029c5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.778689] ================================================================== [ 13.706297] ================================================================== [ 13.706868] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.707717] Read of size 1 at addr ffff8881039c2001 by task kunit_try_catch/240 [ 13.708480] [ 13.708766] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.708823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.708835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.708865] Call Trace: [ 13.708880] <TASK> [ 13.708900] dump_stack_lvl+0x73/0xb0 [ 13.708937] print_report+0xd1/0x610 [ 13.708962] ? __virt_addr_valid+0x1db/0x2d0 [ 13.708987] ? mempool_oob_right_helper+0x318/0x380 [ 13.709024] ? kasan_addr_to_slab+0x11/0xa0 [ 13.709045] ? mempool_oob_right_helper+0x318/0x380 [ 13.709069] kasan_report+0x141/0x180 [ 13.709090] ? mempool_oob_right_helper+0x318/0x380 [ 13.709118] __asan_report_load1_noabort+0x18/0x20 [ 13.709143] mempool_oob_right_helper+0x318/0x380 [ 13.709167] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.709192] ? __kasan_check_write+0x18/0x20 [ 13.709211] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.709235] ? finish_task_switch.isra.0+0x153/0x700 [ 13.709261] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.709287] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.709315] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.709340] ? __pfx_mempool_kfree+0x10/0x10 [ 13.709365] ? __pfx_read_tsc+0x10/0x10 [ 13.709386] ? ktime_get_ts64+0x86/0x230 [ 13.709412] kunit_try_run_case+0x1a5/0x480 [ 13.709559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.709585] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.709612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.709636] ? __kthread_parkme+0x82/0x180 [ 13.709658] ? preempt_count_sub+0x50/0x80 [ 13.709682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.709706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.709730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.709754] kthread+0x337/0x6f0 [ 13.709774] ? trace_preempt_on+0x20/0xc0 [ 13.709797] ? __pfx_kthread+0x10/0x10 [ 13.709818] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.709839] ? calculate_sigpending+0x7b/0xa0 [ 13.709864] ? __pfx_kthread+0x10/0x10 [ 13.709885] ret_from_fork+0x116/0x1d0 [ 13.709904] ? __pfx_kthread+0x10/0x10 [ 13.709924] ret_from_fork_asm+0x1a/0x30 [ 13.709957] </TASK> [ 13.709967] [ 13.722694] The buggy address belongs to the physical page: [ 13.723372] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 13.723888] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.724361] flags: 0x200000000000040(head|node=0|zone=2) [ 13.724787] page_type: f8(unknown) [ 13.725026] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.725641] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.726108] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.726856] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.727467] head: 0200000000000002 ffffea00040e7001 00000000ffffffff 00000000ffffffff [ 13.727908] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.728490] page dumped because: kasan: bad access detected [ 13.728743] [ 13.728842] Memory state around the buggy address: [ 13.729337] ffff8881039c1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.729739] ffff8881039c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.730585] >ffff8881039c2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.730869] ^ [ 13.731004] ffff8881039c2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.731697] ffff8881039c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.732046] ================================================================== [ 13.676877] ================================================================== [ 13.677580] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.677948] Read of size 1 at addr ffff8881029a6c73 by task kunit_try_catch/238 [ 13.678322] [ 13.678475] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.678543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.678556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.678580] Call Trace: [ 13.678595] <TASK> [ 13.678652] dump_stack_lvl+0x73/0xb0 [ 13.678726] print_report+0xd1/0x610 [ 13.678752] ? __virt_addr_valid+0x1db/0x2d0 [ 13.678776] ? mempool_oob_right_helper+0x318/0x380 [ 13.678801] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.678824] ? mempool_oob_right_helper+0x318/0x380 [ 13.678849] kasan_report+0x141/0x180 [ 13.678871] ? mempool_oob_right_helper+0x318/0x380 [ 13.678899] __asan_report_load1_noabort+0x18/0x20 [ 13.678923] mempool_oob_right_helper+0x318/0x380 [ 13.678980] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.679005] ? update_load_avg+0x1be/0x21b0 [ 13.679046] ? dequeue_entities+0x27e/0x1740 [ 13.679071] ? irqentry_exit+0x2a/0x60 [ 13.679094] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.679135] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.679160] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.679223] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.679251] ? __pfx_mempool_kfree+0x10/0x10 [ 13.679275] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.679313] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.679339] kunit_try_run_case+0x1a5/0x480 [ 13.679367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.679390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.679415] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.679452] ? __kthread_parkme+0x82/0x180 [ 13.679476] ? preempt_count_sub+0x50/0x80 [ 13.679500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.679523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.679547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.679570] kthread+0x337/0x6f0 [ 13.679589] ? trace_preempt_on+0x20/0xc0 [ 13.679613] ? __pfx_kthread+0x10/0x10 [ 13.679633] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.679655] ? calculate_sigpending+0x7b/0xa0 [ 13.679681] ? __pfx_kthread+0x10/0x10 [ 13.679702] ret_from_fork+0x116/0x1d0 [ 13.679723] ? __pfx_kthread+0x10/0x10 [ 13.679743] ret_from_fork_asm+0x1a/0x30 [ 13.679775] </TASK> [ 13.679785] [ 13.690994] Allocated by task 238: [ 13.691206] kasan_save_stack+0x45/0x70 [ 13.691374] kasan_save_track+0x18/0x40 [ 13.691741] kasan_save_alloc_info+0x3b/0x50 [ 13.692024] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.692372] remove_element+0x11e/0x190 [ 13.692520] mempool_alloc_preallocated+0x4d/0x90 [ 13.692677] mempool_oob_right_helper+0x8a/0x380 [ 13.692912] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.693586] kunit_try_run_case+0x1a5/0x480 [ 13.693868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.694193] kthread+0x337/0x6f0 [ 13.694406] ret_from_fork+0x116/0x1d0 [ 13.694596] ret_from_fork_asm+0x1a/0x30 [ 13.694830] [ 13.694931] The buggy address belongs to the object at ffff8881029a6c00 [ 13.694931] which belongs to the cache kmalloc-128 of size 128 [ 13.695597] The buggy address is located 0 bytes to the right of [ 13.695597] allocated 115-byte region [ffff8881029a6c00, ffff8881029a6c73) [ 13.696361] [ 13.696505] The buggy address belongs to the physical page: [ 13.696731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a6 [ 13.697314] flags: 0x200000000000000(node=0|zone=2) [ 13.698025] page_type: f5(slab) [ 13.698206] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.698613] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.698954] page dumped because: kasan: bad access detected [ 13.699382] [ 13.699509] Memory state around the buggy address: [ 13.699767] ffff8881029a6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.700277] ffff8881029a6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.700648] >ffff8881029a6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.700992] ^ [ 13.701365] ffff8881029a6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.701746] ffff8881029a6d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.702069] ==================================================================