Date
Dec. 5, 2024, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.268588] ================================================================== [ 32.269815] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.270808] Read of size 1 at addr fff00000c65d2001 by task kunit_try_catch/212 [ 32.271902] [ 32.272196] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 32.274060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.274568] Hardware name: linux,dummy-virt (DT) [ 32.275224] Call trace: [ 32.275839] show_stack+0x20/0x38 (C) [ 32.276640] dump_stack_lvl+0x8c/0xd0 [ 32.277195] print_report+0x118/0x5e0 [ 32.277919] kasan_report+0xc8/0x118 [ 32.278476] __asan_report_load1_noabort+0x20/0x30 [ 32.279772] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.280563] mempool_kmalloc_large_oob_right+0xbc/0x118 [ 32.281266] kunit_try_run_case+0x14c/0x3d0 [ 32.281982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.282711] kthread+0x24c/0x2d0 [ 32.283467] ret_from_fork+0x10/0x20 [ 32.284539] [ 32.284795] The buggy address belongs to the physical page: [ 32.285680] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065d0 [ 32.286687] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.287974] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.289033] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.289853] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.290854] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.292360] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.293429] head: 0bfffe0000000002 ffffc1ffc3197401 ffffffffffffffff 0000000000000000 [ 32.294448] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 32.295802] page dumped because: kasan: bad access detected [ 32.296948] [ 32.297440] Memory state around the buggy address: [ 32.298229] fff00000c65d1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.299785] fff00000c65d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.300559] >fff00000c65d2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.301519] ^ [ 32.302102] fff00000c65d2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.303124] fff00000c65d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.304249] ================================================================== [ 32.215794] ================================================================== [ 32.217323] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.218213] Read of size 1 at addr fff00000c64e2073 by task kunit_try_catch/210 [ 32.219140] [ 32.219807] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 32.220732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.221662] Hardware name: linux,dummy-virt (DT) [ 32.222940] Call trace: [ 32.223476] show_stack+0x20/0x38 (C) [ 32.224230] dump_stack_lvl+0x8c/0xd0 [ 32.224996] print_report+0x118/0x5e0 [ 32.225726] kasan_report+0xc8/0x118 [ 32.226445] __asan_report_load1_noabort+0x20/0x30 [ 32.227174] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.228040] mempool_kmalloc_oob_right+0xbc/0x118 [ 32.228691] kunit_try_run_case+0x14c/0x3d0 [ 32.229431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.230206] kthread+0x24c/0x2d0 [ 32.230776] ret_from_fork+0x10/0x20 [ 32.231386] [ 32.231805] Allocated by task 210: [ 32.232514] kasan_save_stack+0x3c/0x68 [ 32.233107] kasan_save_track+0x20/0x40 [ 32.233642] kasan_save_alloc_info+0x40/0x58 [ 32.234341] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.234961] remove_element+0x130/0x1f8 [ 32.235630] mempool_alloc_preallocated+0x58/0xc0 [ 32.236594] mempool_oob_right_helper+0x98/0x2f0 [ 32.237174] mempool_kmalloc_oob_right+0xbc/0x118 [ 32.238078] kunit_try_run_case+0x14c/0x3d0 [ 32.238830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.240264] kthread+0x24c/0x2d0 [ 32.240834] ret_from_fork+0x10/0x20 [ 32.241533] [ 32.242029] The buggy address belongs to the object at fff00000c64e2000 [ 32.242029] which belongs to the cache kmalloc-128 of size 128 [ 32.243083] The buggy address is located 0 bytes to the right of [ 32.243083] allocated 115-byte region [fff00000c64e2000, fff00000c64e2073) [ 32.244993] [ 32.245336] The buggy address belongs to the physical page: [ 32.246112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064e2 [ 32.247101] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.248244] page_type: f5(slab) [ 32.248842] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.249929] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.250870] page dumped because: kasan: bad access detected [ 32.251798] [ 32.252292] Memory state around the buggy address: [ 32.253095] fff00000c64e1f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.254098] fff00000c64e1f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.255136] >fff00000c64e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.256199] ^ [ 32.257346] fff00000c64e2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.258075] fff00000c64e2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.258501] ================================================================== [ 32.316764] ================================================================== [ 32.318053] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.318838] Read of size 1 at addr fff00000c63cf2bb by task kunit_try_catch/214 [ 32.319616] [ 32.320037] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 32.322093] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.322788] Hardware name: linux,dummy-virt (DT) [ 32.323684] Call trace: [ 32.324095] show_stack+0x20/0x38 (C) [ 32.324671] dump_stack_lvl+0x8c/0xd0 [ 32.325246] print_report+0x118/0x5e0 [ 32.326532] kasan_report+0xc8/0x118 [ 32.327123] __asan_report_load1_noabort+0x20/0x30 [ 32.327944] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.328720] mempool_slab_oob_right+0xb8/0x110 [ 32.329542] kunit_try_run_case+0x14c/0x3d0 [ 32.330219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.331028] kthread+0x24c/0x2d0 [ 32.331615] ret_from_fork+0x10/0x20 [ 32.332828] [ 32.333266] Allocated by task 214: [ 32.333734] kasan_save_stack+0x3c/0x68 [ 32.334477] kasan_save_track+0x20/0x40 [ 32.335146] kasan_save_alloc_info+0x40/0x58 [ 32.335707] __kasan_mempool_unpoison_object+0xbc/0x180 [ 32.336347] remove_element+0x16c/0x1f8 [ 32.337173] mempool_alloc_preallocated+0x58/0xc0 [ 32.337817] mempool_oob_right_helper+0x98/0x2f0 [ 32.338482] mempool_slab_oob_right+0xb8/0x110 [ 32.339200] kunit_try_run_case+0x14c/0x3d0 [ 32.340406] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.341102] kthread+0x24c/0x2d0 [ 32.341533] ret_from_fork+0x10/0x20 [ 32.342298] [ 32.342695] The buggy address belongs to the object at fff00000c63cf240 [ 32.342695] which belongs to the cache test_cache of size 123 [ 32.344716] The buggy address is located 0 bytes to the right of [ 32.344716] allocated 123-byte region [fff00000c63cf240, fff00000c63cf2bb) [ 32.346194] [ 32.346547] The buggy address belongs to the physical page: [ 32.347927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063cf [ 32.348921] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.349711] page_type: f5(slab) [ 32.350162] raw: 0bfffe0000000000 fff00000c63a8280 dead000000000122 0000000000000000 [ 32.351096] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 32.352110] page dumped because: kasan: bad access detected [ 32.352780] [ 32.353196] Memory state around the buggy address: [ 32.353770] fff00000c63cf180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.354618] fff00000c63cf200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 32.356186] >fff00000c63cf280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 32.357731] ^ [ 32.358427] fff00000c63cf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.359336] fff00000c63cf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.360432] ==================================================================
[ 30.078110] ================================================================== [ 30.079363] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 30.080343] Read of size 1 at addr ffff888101ac22bb by task kunit_try_catch/232 [ 30.081506] [ 30.081807] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.083202] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.083629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.084579] Call Trace: [ 30.085041] <TASK> [ 30.085377] dump_stack_lvl+0x73/0xb0 [ 30.085847] print_report+0xd1/0x640 [ 30.086228] ? __virt_addr_valid+0x1db/0x2d0 [ 30.086873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.087531] kasan_report+0x102/0x140 [ 30.087934] ? mempool_oob_right_helper+0x31a/0x380 [ 30.088844] ? mempool_oob_right_helper+0x31a/0x380 [ 30.089513] __asan_report_load1_noabort+0x18/0x20 [ 30.090315] mempool_oob_right_helper+0x31a/0x380 [ 30.091162] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.091743] mempool_slab_oob_right+0xb1/0x100 [ 30.092373] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 30.092956] ? __switch_to+0x5d9/0xf60 [ 30.093840] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 30.094473] ? __pfx_mempool_free_slab+0x10/0x10 [ 30.095195] ? __pfx_read_tsc+0x10/0x10 [ 30.095972] ? ktime_get_ts64+0x86/0x230 [ 30.096873] kunit_try_run_case+0x1b3/0x490 [ 30.097283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.097793] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.098320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.099321] ? __kthread_parkme+0x82/0x160 [ 30.099735] ? preempt_count_sub+0x50/0x80 [ 30.100426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.101355] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.102002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.102966] kthread+0x257/0x310 [ 30.103500] ? __pfx_kthread+0x10/0x10 [ 30.104097] ret_from_fork+0x41/0x80 [ 30.104601] ? __pfx_kthread+0x10/0x10 [ 30.105091] ret_from_fork_asm+0x1a/0x30 [ 30.105486] </TASK> [ 30.106409] [ 30.106590] Allocated by task 232: [ 30.107275] kasan_save_stack+0x3d/0x60 [ 30.107622] kasan_save_track+0x18/0x40 [ 30.108421] kasan_save_alloc_info+0x3b/0x50 [ 30.108908] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 30.109724] remove_element+0x11e/0x190 [ 30.110291] mempool_alloc_preallocated+0x4d/0x90 [ 30.111206] mempool_oob_right_helper+0x8b/0x380 [ 30.111705] mempool_slab_oob_right+0xb1/0x100 [ 30.112356] kunit_try_run_case+0x1b3/0x490 [ 30.113087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.113708] kthread+0x257/0x310 [ 30.114185] ret_from_fork+0x41/0x80 [ 30.114655] ret_from_fork_asm+0x1a/0x30 [ 30.115574] [ 30.116183] The buggy address belongs to the object at ffff888101ac2240 [ 30.116183] which belongs to the cache test_cache of size 123 [ 30.117494] The buggy address is located 0 bytes to the right of [ 30.117494] allocated 123-byte region [ffff888101ac2240, ffff888101ac22bb) [ 30.119207] [ 30.119382] The buggy address belongs to the physical page: [ 30.120412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac2 [ 30.121345] flags: 0x200000000000000(node=0|zone=2) [ 30.121910] page_type: f5(slab) [ 30.122663] raw: 0200000000000000 ffff888101abe140 dead000000000122 0000000000000000 [ 30.123420] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 30.124574] page dumped because: kasan: bad access detected [ 30.125334] [ 30.125571] Memory state around the buggy address: [ 30.126596] ffff888101ac2180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.127374] ffff888101ac2200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 30.128261] >ffff888101ac2280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 30.129064] ^ [ 30.129371] ffff888101ac2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.130192] ffff888101ac2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.131322] ================================================================== [ 30.024166] ================================================================== [ 30.025457] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 30.026496] Read of size 1 at addr ffff8881027be001 by task kunit_try_catch/230 [ 30.027227] [ 30.027554] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.028852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.029409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.030918] Call Trace: [ 30.031254] <TASK> [ 30.031627] dump_stack_lvl+0x73/0xb0 [ 30.032120] print_report+0xd1/0x640 [ 30.032612] ? __virt_addr_valid+0x1db/0x2d0 [ 30.033266] ? kasan_addr_to_slab+0x11/0xa0 [ 30.033760] kasan_report+0x102/0x140 [ 30.034371] ? mempool_oob_right_helper+0x31a/0x380 [ 30.035075] ? mempool_oob_right_helper+0x31a/0x380 [ 30.036072] __asan_report_load1_noabort+0x18/0x20 [ 30.036702] mempool_oob_right_helper+0x31a/0x380 [ 30.037283] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.037794] ? finish_task_switch.isra.0+0x153/0x700 [ 30.038719] mempool_kmalloc_large_oob_right+0xb6/0x100 [ 30.039313] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 30.040231] ? __switch_to+0x5d9/0xf60 [ 30.040637] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.041362] ? __pfx_mempool_kfree+0x10/0x10 [ 30.041996] ? __pfx_read_tsc+0x10/0x10 [ 30.042651] ? ktime_get_ts64+0x86/0x230 [ 30.043600] kunit_try_run_case+0x1b3/0x490 [ 30.044310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.044893] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.045563] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.046251] ? __kthread_parkme+0x82/0x160 [ 30.046737] ? preempt_count_sub+0x50/0x80 [ 30.047456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.048308] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.049050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.049769] kthread+0x257/0x310 [ 30.050379] ? __pfx_kthread+0x10/0x10 [ 30.051112] ret_from_fork+0x41/0x80 [ 30.051525] ? __pfx_kthread+0x10/0x10 [ 30.052070] ret_from_fork_asm+0x1a/0x30 [ 30.052895] </TASK> [ 30.053361] [ 30.053590] The buggy address belongs to the physical page: [ 30.054366] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 30.055155] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.056219] flags: 0x200000000000040(head|node=0|zone=2) [ 30.057040] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.057887] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.058911] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.059778] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.060709] head: 0200000000000002 ffffea000409ef01 ffffffffffffffff 0000000000000000 [ 30.061667] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.062548] page dumped because: kasan: bad access detected [ 30.063107] [ 30.063459] Memory state around the buggy address: [ 30.064281] ffff8881027bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.065247] ffff8881027bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.065893] >ffff8881027be000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.066973] ^ [ 30.067450] ffff8881027be080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.068557] ffff8881027be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.069321] ================================================================== [ 29.963737] ================================================================== [ 29.965015] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 29.965768] Read of size 1 at addr ffff888102a0c373 by task kunit_try_catch/228 [ 29.966389] [ 29.966713] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 29.967939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.968700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.969902] Call Trace: [ 29.970604] <TASK> [ 29.971285] dump_stack_lvl+0x73/0xb0 [ 29.971852] print_report+0xd1/0x640 [ 29.972286] ? __virt_addr_valid+0x1db/0x2d0 [ 29.973263] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.973779] kasan_report+0x102/0x140 [ 29.974484] ? mempool_oob_right_helper+0x31a/0x380 [ 29.975165] ? mempool_oob_right_helper+0x31a/0x380 [ 29.975649] __asan_report_load1_noabort+0x18/0x20 [ 29.976219] mempool_oob_right_helper+0x31a/0x380 [ 29.977235] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 29.977894] ? finish_task_switch.isra.0+0x153/0x700 [ 29.978635] mempool_kmalloc_oob_right+0xb6/0x100 [ 29.979315] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 29.980114] ? __switch_to+0x5d9/0xf60 [ 29.980613] ? __pfx_mempool_kmalloc+0x10/0x10 [ 29.981405] ? __pfx_mempool_kfree+0x10/0x10 [ 29.982113] ? __pfx_read_tsc+0x10/0x10 [ 29.982530] ? ktime_get_ts64+0x86/0x230 [ 29.983175] kunit_try_run_case+0x1b3/0x490 [ 29.983747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.984662] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 29.985367] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.986296] ? __kthread_parkme+0x82/0x160 [ 29.986750] ? preempt_count_sub+0x50/0x80 [ 29.987429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.988129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.988882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.989489] kthread+0x257/0x310 [ 29.990084] ? __pfx_kthread+0x10/0x10 [ 29.990454] ret_from_fork+0x41/0x80 [ 29.990940] ? __pfx_kthread+0x10/0x10 [ 29.991296] ret_from_fork_asm+0x1a/0x30 [ 29.991789] </TASK> [ 29.992071] [ 29.992332] Allocated by task 228: [ 29.992901] kasan_save_stack+0x3d/0x60 [ 29.993465] kasan_save_track+0x18/0x40 [ 29.993998] kasan_save_alloc_info+0x3b/0x50 [ 29.995623] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 29.996217] remove_element+0x11e/0x190 [ 29.996760] mempool_alloc_preallocated+0x4d/0x90 [ 29.997283] mempool_oob_right_helper+0x8b/0x380 [ 29.997977] mempool_kmalloc_oob_right+0xb6/0x100 [ 29.998756] kunit_try_run_case+0x1b3/0x490 [ 29.999639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.000587] kthread+0x257/0x310 [ 30.000930] ret_from_fork+0x41/0x80 [ 30.001377] ret_from_fork_asm+0x1a/0x30 [ 30.001762] [ 30.001964] The buggy address belongs to the object at ffff888102a0c300 [ 30.001964] which belongs to the cache kmalloc-128 of size 128 [ 30.003351] The buggy address is located 0 bytes to the right of [ 30.003351] allocated 115-byte region [ffff888102a0c300, ffff888102a0c373) [ 30.004515] [ 30.004907] The buggy address belongs to the physical page: [ 30.005907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a0c [ 30.006720] flags: 0x200000000000000(node=0|zone=2) [ 30.007467] page_type: f5(slab) [ 30.007898] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.008730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.009657] page dumped because: kasan: bad access detected [ 30.010485] [ 30.010774] Memory state around the buggy address: [ 30.011405] ffff888102a0c200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.012172] ffff888102a0c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.013038] >ffff888102a0c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.013786] ^ [ 30.014571] ffff888102a0c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.015824] ffff888102a0c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.017063] ==================================================================