Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 50.046806] ================================================================== [ 50.048271] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 50.049471] Read of size 1 at addr fff00000c6612001 by task kunit_try_catch/212 [ 50.050724] [ 50.051114] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 50.052181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.052718] Hardware name: linux,dummy-virt (DT) [ 50.053412] Call trace: [ 50.053780] show_stack+0x20/0x38 (C) [ 50.054340] dump_stack_lvl+0x8c/0xd0 [ 50.054913] print_report+0x118/0x5e0 [ 50.055483] kasan_report+0xc8/0x118 [ 50.056059] __asan_report_load1_noabort+0x20/0x30 [ 50.056916] mempool_oob_right_helper+0x2ac/0x2f0 [ 50.057951] mempool_kmalloc_large_oob_right+0xbc/0x118 [ 50.058825] kunit_try_run_case+0x14c/0x3d0 [ 50.059438] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.059805] kthread+0x24c/0x2d0 [ 50.060094] ret_from_fork+0x10/0x20 [ 50.060750] [ 50.061687] The buggy address belongs to the physical page: [ 50.062493] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106610 [ 50.063535] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.064419] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 50.065786] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 50.066718] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 50.067640] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 50.068543] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 50.069590] head: 0bfffe0000000002 ffffc1ffc3198401 ffffffffffffffff 0000000000000000 [ 50.070903] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 50.071792] page dumped because: kasan: bad access detected [ 50.072495] [ 50.072797] Memory state around the buggy address: [ 50.073641] fff00000c6611f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.074838] fff00000c6611f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.075981] >fff00000c6612000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 50.076896] ^ [ 50.077690] fff00000c6612080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 50.078646] fff00000c6612100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 50.079617] ================================================================== [ 50.091971] ================================================================== [ 50.093558] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 50.094766] Read of size 1 at addr fff00000c61042bb by task kunit_try_catch/214 [ 50.095565] [ 50.096053] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 50.097499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.098020] Hardware name: linux,dummy-virt (DT) [ 50.098659] Call trace: [ 50.099072] show_stack+0x20/0x38 (C) [ 50.099637] dump_stack_lvl+0x8c/0xd0 [ 50.100354] print_report+0x118/0x5e0 [ 50.101001] kasan_report+0xc8/0x118 [ 50.101903] __asan_report_load1_noabort+0x20/0x30 [ 50.102539] mempool_oob_right_helper+0x2ac/0x2f0 [ 50.103422] mempool_slab_oob_right+0xb8/0x110 [ 50.104088] kunit_try_run_case+0x14c/0x3d0 [ 50.104705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.105628] kthread+0x24c/0x2d0 [ 50.106341] ret_from_fork+0x10/0x20 [ 50.106865] [ 50.107218] Allocated by task 214: [ 50.107717] kasan_save_stack+0x3c/0x68 [ 50.108232] kasan_save_track+0x20/0x40 [ 50.109008] kasan_save_alloc_info+0x40/0x58 [ 50.109558] __kasan_mempool_unpoison_object+0xbc/0x180 [ 50.110271] remove_element+0x16c/0x1f8 [ 50.111075] mempool_alloc_preallocated+0x58/0xc0 [ 50.111615] mempool_oob_right_helper+0x98/0x2f0 [ 50.112234] mempool_slab_oob_right+0xb8/0x110 [ 50.112765] kunit_try_run_case+0x14c/0x3d0 [ 50.113472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.115972] kthread+0x24c/0x2d0 [ 50.116407] ret_from_fork+0x10/0x20 [ 50.116794] [ 50.117038] The buggy address belongs to the object at fff00000c6104240 [ 50.117038] which belongs to the cache test_cache of size 123 [ 50.118700] The buggy address is located 0 bytes to the right of [ 50.118700] allocated 123-byte region [fff00000c6104240, fff00000c61042bb) [ 50.120181] [ 50.120601] The buggy address belongs to the physical page: [ 50.121835] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106104 [ 50.122926] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 50.123781] page_type: f5(slab) [ 50.124407] raw: 0bfffe0000000000 fff00000c61813c0 dead000000000122 0000000000000000 [ 50.125849] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 50.127063] page dumped because: kasan: bad access detected [ 50.127978] [ 50.128540] Memory state around the buggy address: [ 50.129380] fff00000c6104180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.130421] fff00000c6104200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 50.131266] >fff00000c6104280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 50.132233] ^ [ 50.132907] fff00000c6104300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.134023] fff00000c6104380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.134825] ================================================================== [ 49.990594] ================================================================== [ 49.991713] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 49.992492] Read of size 1 at addr fff00000c610a573 by task kunit_try_catch/210 [ 49.993813] [ 49.994167] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 49.995261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 49.996725] Hardware name: linux,dummy-virt (DT) [ 49.997483] Call trace: [ 49.998009] show_stack+0x20/0x38 (C) [ 49.998567] dump_stack_lvl+0x8c/0xd0 [ 49.999276] print_report+0x118/0x5e0 [ 49.999813] kasan_report+0xc8/0x118 [ 50.000505] __asan_report_load1_noabort+0x20/0x30 [ 50.001264] mempool_oob_right_helper+0x2ac/0x2f0 [ 50.001856] mempool_kmalloc_oob_right+0xbc/0x118 [ 50.003340] kunit_try_run_case+0x14c/0x3d0 [ 50.004157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.004949] kthread+0x24c/0x2d0 [ 50.005847] ret_from_fork+0x10/0x20 [ 50.006518] [ 50.006974] Allocated by task 210: [ 50.007543] kasan_save_stack+0x3c/0x68 [ 50.008152] kasan_save_track+0x20/0x40 [ 50.008721] kasan_save_alloc_info+0x40/0x58 [ 50.009618] __kasan_mempool_unpoison_object+0x11c/0x180 [ 50.010466] remove_element+0x130/0x1f8 [ 50.011207] mempool_alloc_preallocated+0x58/0xc0 [ 50.012000] mempool_oob_right_helper+0x98/0x2f0 [ 50.012804] mempool_kmalloc_oob_right+0xbc/0x118 [ 50.013958] kunit_try_run_case+0x14c/0x3d0 [ 50.015272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.015995] kthread+0x24c/0x2d0 [ 50.016540] ret_from_fork+0x10/0x20 [ 50.017343] [ 50.017841] The buggy address belongs to the object at fff00000c610a500 [ 50.017841] which belongs to the cache kmalloc-128 of size 128 [ 50.019366] The buggy address is located 0 bytes to the right of [ 50.019366] allocated 115-byte region [fff00000c610a500, fff00000c610a573) [ 50.020931] [ 50.021827] The buggy address belongs to the physical page: [ 50.022700] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10610a [ 50.024363] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 50.025430] page_type: f5(slab) [ 50.025977] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 50.026965] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 50.027913] page dumped because: kasan: bad access detected [ 50.028834] [ 50.029232] Memory state around the buggy address: [ 50.029930] fff00000c610a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.030847] fff00000c610a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.031733] >fff00000c610a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 50.033359] ^ [ 50.034585] fff00000c610a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.035733] fff00000c610a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 50.036636] ==================================================================
[ 27.240591] ================================================================== [ 27.241853] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 27.242593] Read of size 1 at addr ffff888101ab62bb by task kunit_try_catch/233 [ 27.243348] [ 27.243665] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.245508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.246019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.247246] Call Trace: [ 27.247601] <TASK> [ 27.248041] dump_stack_lvl+0x73/0xb0 [ 27.248464] print_report+0xd1/0x640 [ 27.248849] ? __virt_addr_valid+0x1db/0x2d0 [ 27.249324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.249835] kasan_report+0x102/0x140 [ 27.250702] ? mempool_oob_right_helper+0x31a/0x380 [ 27.251628] ? mempool_oob_right_helper+0x31a/0x380 [ 27.252668] __asan_report_load1_noabort+0x18/0x20 [ 27.253454] mempool_oob_right_helper+0x31a/0x380 [ 27.254426] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.254964] ? finish_task_switch.isra.0+0x153/0x700 [ 27.255826] mempool_slab_oob_right+0xb1/0x100 [ 27.256623] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 27.257526] ? __switch_to+0x5d9/0xf60 [ 27.257904] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.258616] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.259118] ? __pfx_read_tsc+0x10/0x10 [ 27.259497] ? ktime_get_ts64+0x84/0x230 [ 27.259897] kunit_try_run_case+0x1b3/0x490 [ 27.260353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.260792] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.261265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.261827] ? __kthread_parkme+0x82/0x160 [ 27.263336] ? preempt_count_sub+0x50/0x80 [ 27.264043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.264807] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.265829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.266786] kthread+0x257/0x310 [ 27.267646] ? __pfx_kthread+0x10/0x10 [ 27.268392] ret_from_fork+0x41/0x80 [ 27.268771] ? __pfx_kthread+0x10/0x10 [ 27.269502] ret_from_fork_asm+0x1a/0x30 [ 27.269949] </TASK> [ 27.270152] [ 27.270307] Allocated by task 233: [ 27.271916] kasan_save_stack+0x3d/0x60 [ 27.272859] kasan_save_track+0x18/0x40 [ 27.273416] kasan_save_alloc_info+0x3b/0x50 [ 27.273876] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.274759] remove_element+0x11e/0x190 [ 27.275579] mempool_alloc_preallocated+0x4d/0x90 [ 27.276544] mempool_oob_right_helper+0x8b/0x380 [ 27.277007] mempool_slab_oob_right+0xb1/0x100 [ 27.277668] kunit_try_run_case+0x1b3/0x490 [ 27.278566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.279455] kthread+0x257/0x310 [ 27.279851] ret_from_fork+0x41/0x80 [ 27.281319] ret_from_fork_asm+0x1a/0x30 [ 27.282659] [ 27.283034] The buggy address belongs to the object at ffff888101ab6240 [ 27.283034] which belongs to the cache test_cache of size 123 [ 27.283945] The buggy address is located 0 bytes to the right of [ 27.283945] allocated 123-byte region [ffff888101ab6240, ffff888101ab62bb) [ 27.287277] [ 27.287853] The buggy address belongs to the physical page: [ 27.289840] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ab6 [ 27.291745] flags: 0x200000000000000(node=0|zone=2) [ 27.292910] page_type: f5(slab) [ 27.295095] raw: 0200000000000000 ffff888101ab4000 dead000000000122 0000000000000000 [ 27.296687] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 27.299396] page dumped because: kasan: bad access detected [ 27.300353] [ 27.301431] Memory state around the buggy address: [ 27.302224] ffff888101ab6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.303920] ffff888101ab6200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 27.307123] >ffff888101ab6280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 27.308722] ^ [ 27.310709] ffff888101ab6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.312804] ffff888101ab6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.315486] ================================================================== [ 27.187683] ================================================================== [ 27.189012] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 27.189592] Read of size 1 at addr ffff888102cde001 by task kunit_try_catch/231 [ 27.190184] [ 27.190397] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.191706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.192911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.194705] Call Trace: [ 27.194959] <TASK> [ 27.195620] dump_stack_lvl+0x73/0xb0 [ 27.196272] print_report+0xd1/0x640 [ 27.197011] ? __virt_addr_valid+0x1db/0x2d0 [ 27.197944] ? kasan_addr_to_slab+0x11/0xa0 [ 27.198570] kasan_report+0x102/0x140 [ 27.199138] ? mempool_oob_right_helper+0x31a/0x380 [ 27.199819] ? mempool_oob_right_helper+0x31a/0x380 [ 27.200717] __asan_report_load1_noabort+0x18/0x20 [ 27.201684] mempool_oob_right_helper+0x31a/0x380 [ 27.202434] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.202685] ? finish_task_switch.isra.0+0x153/0x700 [ 27.202912] mempool_kmalloc_large_oob_right+0xb6/0x100 [ 27.204229] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 27.204766] ? __switch_to+0x5d9/0xf60 [ 27.205637] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.206579] ? __pfx_mempool_kfree+0x10/0x10 [ 27.206977] ? __pfx_read_tsc+0x10/0x10 [ 27.207711] ? ktime_get_ts64+0x84/0x230 [ 27.208393] kunit_try_run_case+0x1b3/0x490 [ 27.208739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.209789] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.210404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.211414] ? __kthread_parkme+0x82/0x160 [ 27.211852] ? preempt_count_sub+0x50/0x80 [ 27.212284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.212773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.213222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.214253] kthread+0x257/0x310 [ 27.214785] ? __pfx_kthread+0x10/0x10 [ 27.215172] ret_from_fork+0x41/0x80 [ 27.215774] ? __pfx_kthread+0x10/0x10 [ 27.216363] ret_from_fork_asm+0x1a/0x30 [ 27.216853] </TASK> [ 27.217313] [ 27.217505] The buggy address belongs to the physical page: [ 27.218442] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cdc [ 27.219717] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.220516] flags: 0x200000000000040(head|node=0|zone=2) [ 27.221059] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.222051] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.222360] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.222650] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.222938] head: 0200000000000002 ffffea00040b3701 ffffffffffffffff 0000000000000000 [ 27.224792] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 27.225787] page dumped because: kasan: bad access detected [ 27.226453] [ 27.226651] Memory state around the buggy address: [ 27.227633] ffff888102cddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.229004] ffff888102cddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.230287] >ffff888102cde000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.230914] ^ [ 27.231539] ffff888102cde080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.232433] ffff888102cde100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.233117] ================================================================== [ 27.130315] ================================================================== [ 27.131352] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 27.132842] Read of size 1 at addr ffff888102a4ef73 by task kunit_try_catch/229 [ 27.133332] [ 27.133519] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.134495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.134853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.135677] Call Trace: [ 27.136022] <TASK> [ 27.136369] dump_stack_lvl+0x73/0xb0 [ 27.136859] print_report+0xd1/0x640 [ 27.137529] ? __virt_addr_valid+0x1db/0x2d0 [ 27.138249] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.138763] kasan_report+0x102/0x140 [ 27.139340] ? mempool_oob_right_helper+0x31a/0x380 [ 27.140257] ? mempool_oob_right_helper+0x31a/0x380 [ 27.140779] __asan_report_load1_noabort+0x18/0x20 [ 27.141537] mempool_oob_right_helper+0x31a/0x380 [ 27.142050] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.142975] ? finish_task_switch.isra.0+0x153/0x700 [ 27.143831] mempool_kmalloc_oob_right+0xb6/0x100 [ 27.144496] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 27.145207] ? __switch_to+0x5d9/0xf60 [ 27.145764] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.146899] ? __pfx_mempool_kfree+0x10/0x10 [ 27.147311] ? __pfx_read_tsc+0x10/0x10 [ 27.147753] ? ktime_get_ts64+0x84/0x230 [ 27.148647] kunit_try_run_case+0x1b3/0x490 [ 27.149072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.149816] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.150624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.151074] ? __kthread_parkme+0x82/0x160 [ 27.151713] ? preempt_count_sub+0x50/0x80 [ 27.152186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.152633] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.153625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.154471] kthread+0x257/0x310 [ 27.154852] ? __pfx_kthread+0x10/0x10 [ 27.155685] ret_from_fork+0x41/0x80 [ 27.156050] ? __pfx_kthread+0x10/0x10 [ 27.156886] ret_from_fork_asm+0x1a/0x30 [ 27.157374] </TASK> [ 27.157854] [ 27.158093] Allocated by task 229: [ 27.159203] kasan_save_stack+0x3d/0x60 [ 27.159566] kasan_save_track+0x18/0x40 [ 27.160278] kasan_save_alloc_info+0x3b/0x50 [ 27.160742] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.161799] remove_element+0x11e/0x190 [ 27.162164] mempool_alloc_preallocated+0x4d/0x90 [ 27.162607] mempool_oob_right_helper+0x8b/0x380 [ 27.163313] mempool_kmalloc_oob_right+0xb6/0x100 [ 27.163961] kunit_try_run_case+0x1b3/0x490 [ 27.164499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.164752] kthread+0x257/0x310 [ 27.164912] ret_from_fork+0x41/0x80 [ 27.165166] ret_from_fork_asm+0x1a/0x30 [ 27.166291] [ 27.166560] The buggy address belongs to the object at ffff888102a4ef00 [ 27.166560] which belongs to the cache kmalloc-128 of size 128 [ 27.168609] The buggy address is located 0 bytes to the right of [ 27.168609] allocated 115-byte region [ffff888102a4ef00, ffff888102a4ef73) [ 27.169851] [ 27.170340] The buggy address belongs to the physical page: [ 27.170771] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4e [ 27.171800] flags: 0x200000000000000(node=0|zone=2) [ 27.172308] page_type: f5(slab) [ 27.172552] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.173886] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 27.174677] page dumped because: kasan: bad access detected [ 27.175020] [ 27.175497] Memory state around the buggy address: [ 27.175973] ffff888102a4ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.176971] ffff888102a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.177568] >ffff888102a4ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.178788] ^ [ 27.179971] ffff888102a4ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.180701] ffff888102a4f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.181344] ==================================================================