Date
Dec. 6, 2024, 3:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.258944] ================================================================== [ 33.260043] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.261111] Read of size 1 at addr fff00000c69c6773 by task kunit_try_catch/210 [ 33.261800] [ 33.262139] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.263272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.264121] Hardware name: linux,dummy-virt (DT) [ 33.265419] Call trace: [ 33.265946] show_stack+0x20/0x38 (C) [ 33.266899] dump_stack_lvl+0x8c/0xd0 [ 33.267404] print_report+0x118/0x5e0 [ 33.268463] kasan_report+0xc8/0x118 [ 33.269465] __asan_report_load1_noabort+0x20/0x30 [ 33.270563] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.271234] mempool_kmalloc_oob_right+0xbc/0x118 [ 33.271841] kunit_try_run_case+0x14c/0x3d0 [ 33.272620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.273370] kthread+0x24c/0x2d0 [ 33.274042] ret_from_fork+0x10/0x20 [ 33.274952] [ 33.275270] Allocated by task 210: [ 33.275711] kasan_save_stack+0x3c/0x68 [ 33.276339] kasan_save_track+0x20/0x40 [ 33.277081] kasan_save_alloc_info+0x40/0x58 [ 33.278084] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.278924] remove_element+0x130/0x1f8 [ 33.279917] mempool_alloc_preallocated+0x58/0xc0 [ 33.280659] mempool_oob_right_helper+0x98/0x2f0 [ 33.281367] mempool_kmalloc_oob_right+0xbc/0x118 [ 33.282085] kunit_try_run_case+0x14c/0x3d0 [ 33.282876] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.284112] kthread+0x24c/0x2d0 [ 33.284813] ret_from_fork+0x10/0x20 [ 33.285412] [ 33.285909] The buggy address belongs to the object at fff00000c69c6700 [ 33.285909] which belongs to the cache kmalloc-128 of size 128 [ 33.287716] The buggy address is located 0 bytes to the right of [ 33.287716] allocated 115-byte region [fff00000c69c6700, fff00000c69c6773) [ 33.289179] [ 33.289617] The buggy address belongs to the physical page: [ 33.290237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069c6 [ 33.291717] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.292877] page_type: f5(slab) [ 33.293767] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.295426] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.296371] page dumped because: kasan: bad access detected [ 33.296963] [ 33.297284] Memory state around the buggy address: [ 33.297868] fff00000c69c6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.299106] fff00000c69c6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.299884] >fff00000c69c6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.300619] ^ [ 33.301384] fff00000c69c6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.302238] fff00000c69c6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.303045] ================================================================== [ 33.364970] ================================================================== [ 33.366213] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.367060] Read of size 1 at addr fff00000c69e42bb by task kunit_try_catch/214 [ 33.368302] [ 33.368755] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.370129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.371108] Hardware name: linux,dummy-virt (DT) [ 33.371755] Call trace: [ 33.372152] show_stack+0x20/0x38 (C) [ 33.372678] dump_stack_lvl+0x8c/0xd0 [ 33.373333] print_report+0x118/0x5e0 [ 33.374032] kasan_report+0xc8/0x118 [ 33.374962] __asan_report_load1_noabort+0x20/0x30 [ 33.375805] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.376665] mempool_slab_oob_right+0xb8/0x110 [ 33.377474] kunit_try_run_case+0x14c/0x3d0 [ 33.378560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.379348] kthread+0x24c/0x2d0 [ 33.379870] ret_from_fork+0x10/0x20 [ 33.380373] [ 33.380802] Allocated by task 214: [ 33.381409] kasan_save_stack+0x3c/0x68 [ 33.382066] kasan_save_track+0x20/0x40 [ 33.383060] kasan_save_alloc_info+0x40/0x58 [ 33.383804] __kasan_mempool_unpoison_object+0xbc/0x180 [ 33.384543] remove_element+0x16c/0x1f8 [ 33.385165] mempool_alloc_preallocated+0x58/0xc0 [ 33.385856] mempool_oob_right_helper+0x98/0x2f0 [ 33.386872] mempool_slab_oob_right+0xb8/0x110 [ 33.387761] kunit_try_run_case+0x14c/0x3d0 [ 33.388528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.389322] kthread+0x24c/0x2d0 [ 33.389875] ret_from_fork+0x10/0x20 [ 33.390378] [ 33.390773] The buggy address belongs to the object at fff00000c69e4240 [ 33.390773] which belongs to the cache test_cache of size 123 [ 33.392068] The buggy address is located 0 bytes to the right of [ 33.392068] allocated 123-byte region [fff00000c69e4240, fff00000c69e42bb) [ 33.393754] [ 33.394233] The buggy address belongs to the physical page: [ 33.394959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069e4 [ 33.396282] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.397152] page_type: f5(slab) [ 33.397656] raw: 0bfffe0000000000 fff00000c13fa8c0 dead000000000122 0000000000000000 [ 33.398920] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 33.399909] page dumped because: kasan: bad access detected [ 33.400800] [ 33.401342] Memory state around the buggy address: [ 33.402135] fff00000c69e4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.403196] fff00000c69e4200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.403645] >fff00000c69e4280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 33.404624] ^ [ 33.405262] fff00000c69e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.406134] fff00000c69e4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.406972] ================================================================== [ 33.315480] ================================================================== [ 33.316636] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.317527] Read of size 1 at addr fff00000c6a8e001 by task kunit_try_catch/212 [ 33.319476] [ 33.319904] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.320993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.321621] Hardware name: linux,dummy-virt (DT) [ 33.322145] Call trace: [ 33.323180] show_stack+0x20/0x38 (C) [ 33.323887] dump_stack_lvl+0x8c/0xd0 [ 33.324450] print_report+0x118/0x5e0 [ 33.325113] kasan_report+0xc8/0x118 [ 33.325724] __asan_report_load1_noabort+0x20/0x30 [ 33.326526] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.327751] mempool_kmalloc_large_oob_right+0xbc/0x118 [ 33.328423] kunit_try_run_case+0x14c/0x3d0 [ 33.329009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.329704] kthread+0x24c/0x2d0 [ 33.330550] ret_from_fork+0x10/0x20 [ 33.331457] [ 33.331991] The buggy address belongs to the physical page: [ 33.332599] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106a8c [ 33.333467] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.334363] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.335833] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.336901] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.337780] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.338821] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.339725] head: 0bfffe0000000002 ffffc1ffc31aa301 ffffffffffffffff 0000000000000000 [ 33.340705] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 33.341682] page dumped because: kasan: bad access detected [ 33.342630] [ 33.343241] Memory state around the buggy address: [ 33.344208] fff00000c6a8df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.345120] fff00000c6a8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.346048] >fff00000c6a8e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.346984] ^ [ 33.347666] fff00000c6a8e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.348416] fff00000c6a8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.349355] ==================================================================
[ 26.046106] ================================================================== [ 26.047512] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 26.048134] Read of size 1 at addr ffff888102996001 by task kunit_try_catch/231 [ 26.049312] [ 26.050007] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 26.051066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.051690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.052862] Call Trace: [ 26.053115] <TASK> [ 26.053436] dump_stack_lvl+0x73/0xb0 [ 26.053858] print_report+0xd1/0x640 [ 26.054192] ? __virt_addr_valid+0x1db/0x2d0 [ 26.054844] ? kasan_addr_to_slab+0x11/0xa0 [ 26.055469] kasan_report+0x102/0x140 [ 26.055851] ? mempool_oob_right_helper+0x31a/0x380 [ 26.056558] ? mempool_oob_right_helper+0x31a/0x380 [ 26.057118] __asan_report_load1_noabort+0x18/0x20 [ 26.057627] mempool_oob_right_helper+0x31a/0x380 [ 26.058962] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.059763] ? finish_task_switch.isra.0+0x153/0x700 [ 26.060638] mempool_kmalloc_large_oob_right+0xb6/0x100 [ 26.061181] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 26.061726] ? __switch_to+0x5d9/0xf60 [ 26.062329] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.062889] ? __pfx_mempool_kfree+0x10/0x10 [ 26.063568] ? __pfx_read_tsc+0x10/0x10 [ 26.064048] ? ktime_get_ts64+0x86/0x230 [ 26.064640] kunit_try_run_case+0x1b3/0x490 [ 26.065240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.065764] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.066507] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.067011] ? __kthread_parkme+0x82/0x160 [ 26.067321] ? preempt_count_sub+0x50/0x80 [ 26.068821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.069432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.070058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.071003] kthread+0x257/0x310 [ 26.071575] ? __pfx_kthread+0x10/0x10 [ 26.072030] ret_from_fork+0x41/0x80 [ 26.072577] ? __pfx_kthread+0x10/0x10 [ 26.073201] ret_from_fork_asm+0x1a/0x30 [ 26.073559] </TASK> [ 26.074045] [ 26.074463] The buggy address belongs to the physical page: [ 26.074829] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994 [ 26.075765] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.076548] flags: 0x200000000000040(head|node=0|zone=2) [ 26.077228] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.078095] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.078824] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.079515] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.080429] head: 0200000000000002 ffffea00040a6501 ffffffffffffffff 0000000000000000 [ 26.081288] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 26.081794] page dumped because: kasan: bad access detected [ 26.082575] [ 26.082755] Memory state around the buggy address: [ 26.083333] ffff888102995f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.084138] ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.084568] >ffff888102996000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.085597] ^ [ 26.085953] ffff888102996080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.086681] ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.087453] ================================================================== [ 26.097900] ================================================================== [ 26.099596] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 26.100398] Read of size 1 at addr ffff8881024802bb by task kunit_try_catch/233 [ 26.102165] [ 26.102405] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 26.104270] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.104710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.105619] Call Trace: [ 26.105868] <TASK> [ 26.106296] dump_stack_lvl+0x73/0xb0 [ 26.106828] print_report+0xd1/0x640 [ 26.107208] ? __virt_addr_valid+0x1db/0x2d0 [ 26.107806] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.109115] kasan_report+0x102/0x140 [ 26.109959] ? mempool_oob_right_helper+0x31a/0x380 [ 26.110394] ? mempool_oob_right_helper+0x31a/0x380 [ 26.111025] __asan_report_load1_noabort+0x18/0x20 [ 26.111481] mempool_oob_right_helper+0x31a/0x380 [ 26.111844] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.112669] ? finish_task_switch.isra.0+0x153/0x700 [ 26.113176] mempool_slab_oob_right+0xb1/0x100 [ 26.114015] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 26.115063] ? __switch_to+0x5d9/0xf60 [ 26.115903] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.116346] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.117314] ? __pfx_read_tsc+0x10/0x10 [ 26.117716] ? ktime_get_ts64+0x86/0x230 [ 26.118136] kunit_try_run_case+0x1b3/0x490 [ 26.118888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.119242] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.119898] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.120669] ? __kthread_parkme+0x82/0x160 [ 26.121651] ? preempt_count_sub+0x50/0x80 [ 26.122187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.122782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.123601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.124100] kthread+0x257/0x310 [ 26.124870] ? __pfx_kthread+0x10/0x10 [ 26.125155] ret_from_fork+0x41/0x80 [ 26.125684] ? __pfx_kthread+0x10/0x10 [ 26.126356] ret_from_fork_asm+0x1a/0x30 [ 26.127096] </TASK> [ 26.127301] [ 26.127460] Allocated by task 233: [ 26.127904] kasan_save_stack+0x3d/0x60 [ 26.128769] kasan_save_track+0x18/0x40 [ 26.129840] kasan_save_alloc_info+0x3b/0x50 [ 26.130508] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.131289] remove_element+0x11e/0x190 [ 26.131601] mempool_alloc_preallocated+0x4d/0x90 [ 26.132269] mempool_oob_right_helper+0x8b/0x380 [ 26.132681] mempool_slab_oob_right+0xb1/0x100 [ 26.133375] kunit_try_run_case+0x1b3/0x490 [ 26.133859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.134599] kthread+0x257/0x310 [ 26.135265] ret_from_fork+0x41/0x80 [ 26.135852] ret_from_fork_asm+0x1a/0x30 [ 26.136482] [ 26.136675] The buggy address belongs to the object at ffff888102480240 [ 26.136675] which belongs to the cache test_cache of size 123 [ 26.139003] The buggy address is located 0 bytes to the right of [ 26.139003] allocated 123-byte region [ffff888102480240, ffff8881024802bb) [ 26.140706] [ 26.141031] The buggy address belongs to the physical page: [ 26.141696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102480 [ 26.143694] flags: 0x200000000000000(node=0|zone=2) [ 26.144306] page_type: f5(slab) [ 26.144822] raw: 0200000000000000 ffff888101116a00 dead000000000122 0000000000000000 [ 26.145465] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.146276] page dumped because: kasan: bad access detected [ 26.146688] [ 26.146999] Memory state around the buggy address: [ 26.147726] ffff888102480180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.148875] ffff888102480200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 26.149373] >ffff888102480280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 26.150260] ^ [ 26.151390] ffff888102480300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.152205] ffff888102480380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.152799] ================================================================== [ 25.973276] ================================================================== [ 25.975199] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x31a/0x380 [ 25.976145] Read of size 1 at addr ffff888102922f73 by task kunit_try_catch/229 [ 25.977182] [ 25.977470] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 25.979082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.980511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.981545] Call Trace: [ 25.981818] <TASK> [ 25.982224] dump_stack_lvl+0x73/0xb0 [ 25.982811] print_report+0xd1/0x640 [ 25.983501] ? __virt_addr_valid+0x1db/0x2d0 [ 25.984307] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.985395] kasan_report+0x102/0x140 [ 25.985765] ? mempool_oob_right_helper+0x31a/0x380 [ 25.987498] ? mempool_oob_right_helper+0x31a/0x380 [ 25.988354] __asan_report_load1_noabort+0x18/0x20 [ 25.988803] mempool_oob_right_helper+0x31a/0x380 [ 25.989117] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.990063] ? finish_task_switch.isra.0+0x153/0x700 [ 25.990605] mempool_kmalloc_oob_right+0xb6/0x100 [ 25.991891] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 25.992887] ? __switch_to+0x5d9/0xf60 [ 25.993487] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.994114] ? __pfx_mempool_kfree+0x10/0x10 [ 25.994575] ? __pfx_read_tsc+0x10/0x10 [ 25.995573] ? ktime_get_ts64+0x86/0x230 [ 25.995975] kunit_try_run_case+0x1b3/0x490 [ 25.996875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.997310] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.998615] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.999144] ? __kthread_parkme+0x82/0x160 [ 26.000473] ? preempt_count_sub+0x50/0x80 [ 26.001403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.002284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.002984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.004715] kthread+0x257/0x310 [ 26.004958] ? __pfx_kthread+0x10/0x10 [ 26.005831] ret_from_fork+0x41/0x80 [ 26.006245] ? __pfx_kthread+0x10/0x10 [ 26.007411] ret_from_fork_asm+0x1a/0x30 [ 26.008147] </TASK> [ 26.008419] [ 26.008630] Allocated by task 229: [ 26.010370] kasan_save_stack+0x3d/0x60 [ 26.010757] kasan_save_track+0x18/0x40 [ 26.011825] kasan_save_alloc_info+0x3b/0x50 [ 26.012516] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.013469] remove_element+0x11e/0x190 [ 26.014021] mempool_alloc_preallocated+0x4d/0x90 [ 26.015085] mempool_oob_right_helper+0x8b/0x380 [ 26.016465] mempool_kmalloc_oob_right+0xb6/0x100 [ 26.017723] kunit_try_run_case+0x1b3/0x490 [ 26.018349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.018841] kthread+0x257/0x310 [ 26.019218] ret_from_fork+0x41/0x80 [ 26.019557] ret_from_fork_asm+0x1a/0x30 [ 26.019917] [ 26.021037] The buggy address belongs to the object at ffff888102922f00 [ 26.021037] which belongs to the cache kmalloc-128 of size 128 [ 26.022317] The buggy address is located 0 bytes to the right of [ 26.022317] allocated 115-byte region [ffff888102922f00, ffff888102922f73) [ 26.024356] [ 26.024578] The buggy address belongs to the physical page: [ 26.026321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102922 [ 26.027804] flags: 0x200000000000000(node=0|zone=2) [ 26.029209] page_type: f5(slab) [ 26.030505] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.031307] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 26.032345] page dumped because: kasan: bad access detected [ 26.032838] [ 26.033038] Memory state around the buggy address: [ 26.033768] ffff888102922e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.034596] ffff888102922e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.035501] >ffff888102922f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.036104] ^ [ 26.036713] ffff888102922f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.037253] ffff888102923000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.037745] ==================================================================