Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 38.369742] ================================================================== [ 38.380138] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.388122] Free of addr ffff000802ca6c01 by task kunit_try_catch/288 [ 38.394544] [ 38.396030] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 38.396086] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.396103] Hardware name: WinLink E850-96 board (DT) [ 38.396126] Call trace: [ 38.396140] show_stack+0x20/0x38 (C) [ 38.396176] dump_stack_lvl+0x8c/0xd0 [ 38.396215] print_report+0x118/0x608 [ 38.396250] kasan_report_invalid_free+0xc0/0xe8 [ 38.396286] check_slab_allocation+0xfc/0x108 [ 38.396322] __kasan_mempool_poison_object+0x78/0x150 [ 38.396359] mempool_free+0x28c/0x328 [ 38.396393] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.396428] mempool_kmalloc_invalid_free+0xc0/0x118 [ 38.396459] kunit_try_run_case+0x170/0x3f0 [ 38.396496] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.396536] kthread+0x328/0x630 [ 38.396565] ret_from_fork+0x10/0x20 [ 38.396603] [ 38.474579] Allocated by task 288: [ 38.477964] kasan_save_stack+0x3c/0x68 [ 38.481782] kasan_save_track+0x20/0x40 [ 38.485601] kasan_save_alloc_info+0x40/0x58 [ 38.489855] __kasan_mempool_unpoison_object+0x11c/0x180 [ 38.495150] remove_element+0x130/0x1f8 [ 38.498969] mempool_alloc_preallocated+0x58/0xc0 [ 38.503658] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 38.509212] mempool_kmalloc_invalid_free+0xc0/0x118 [ 38.514160] kunit_try_run_case+0x170/0x3f0 [ 38.518327] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.523795] kthread+0x328/0x630 [ 38.527007] ret_from_fork+0x10/0x20 [ 38.530567] [ 38.532043] The buggy address belongs to the object at ffff000802ca6c00 [ 38.532043] which belongs to the cache kmalloc-128 of size 128 [ 38.544545] The buggy address is located 1 bytes inside of [ 38.544545] 128-byte region [ffff000802ca6c00, ffff000802ca6c80) [ 38.556086] [ 38.557566] The buggy address belongs to the physical page: [ 38.563123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882ca6 [ 38.571107] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.578744] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.585688] page_type: f5(slab) [ 38.588823] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 38.596544] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 38.604272] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 38.612082] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 38.619895] head: 0bfffe0000000001 fffffdffe00b2981 00000000ffffffff 00000000ffffffff [ 38.627707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 38.635512] page dumped because: kasan: bad access detected [ 38.641068] [ 38.642544] Memory state around the buggy address: [ 38.647325] ffff000802ca6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.654526] ffff000802ca6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.661731] >ffff000802ca6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.668932] ^ [ 38.672148] ffff000802ca6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.679352] ffff000802ca6d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.686555] ================================================================== [ 38.695692] ================================================================== [ 38.705740] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.713723] Free of addr ffff000800e14001 by task kunit_try_catch/290 [ 38.720146] [ 38.721634] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 38.721691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.721707] Hardware name: WinLink E850-96 board (DT) [ 38.721730] Call trace: [ 38.721745] show_stack+0x20/0x38 (C) [ 38.721782] dump_stack_lvl+0x8c/0xd0 [ 38.721821] print_report+0x118/0x608 [ 38.721860] kasan_report_invalid_free+0xc0/0xe8 [ 38.721897] __kasan_mempool_poison_object+0xfc/0x150 [ 38.721936] mempool_free+0x28c/0x328 [ 38.721967] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.722005] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 38.722042] kunit_try_run_case+0x170/0x3f0 [ 38.722080] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.722120] kthread+0x328/0x630 [ 38.722147] ret_from_fork+0x10/0x20 [ 38.722185] [ 38.796364] The buggy address belongs to the physical page: [ 38.801920] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880e14 [ 38.809905] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.817543] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.824486] page_type: f8(unknown) [ 38.827884] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.835603] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.843331] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.851140] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.858954] head: 0bfffe0000000002 fffffdffe0038501 00000000ffffffff 00000000ffffffff [ 38.866766] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 38.874571] page dumped because: kasan: bad access detected [ 38.880126] [ 38.881602] Memory state around the buggy address: [ 38.886383] ffff000800e13f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.893585] ffff000800e13f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.900791] >ffff000800e14000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.907991] ^ [ 38.911207] ffff000800e14080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.918411] ffff000800e14100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.925613] ==================================================================
[ 28.707709] ================================================================== [ 28.707877] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.708247] Free of addr fff00000c7874001 by task kunit_try_catch/243 [ 28.708397] [ 28.708490] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.708694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.709173] Hardware name: linux,dummy-virt (DT) [ 28.709273] Call trace: [ 28.709410] show_stack+0x20/0x38 (C) [ 28.709551] dump_stack_lvl+0x8c/0xd0 [ 28.709843] print_report+0x118/0x608 [ 28.710149] kasan_report_invalid_free+0xc0/0xe8 [ 28.710293] __kasan_mempool_poison_object+0xfc/0x150 [ 28.710434] mempool_free+0x28c/0x328 [ 28.710555] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.710705] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 28.711570] kunit_try_run_case+0x170/0x3f0 [ 28.712650] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.712927] kthread+0x328/0x630 [ 28.713150] ret_from_fork+0x10/0x20 [ 28.713282] [ 28.713333] The buggy address belongs to the physical page: [ 28.713416] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107874 [ 28.713551] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.713667] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.713862] page_type: f8(unknown) [ 28.714107] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.714249] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.714374] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.714608] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.714736] head: 0bfffe0000000002 ffffc1ffc31e1d01 00000000ffffffff 00000000ffffffff [ 28.715211] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.715337] page dumped because: kasan: bad access detected [ 28.715425] [ 28.715476] Memory state around the buggy address: [ 28.715567] fff00000c7873f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.715688] fff00000c7873f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.715919] >fff00000c7874000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.716109] ^ [ 28.716289] fff00000c7874080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.716473] fff00000c7874100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.716849] ================================================================== [ 28.672735] ================================================================== [ 28.672916] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.673102] Free of addr fff00000c6431901 by task kunit_try_catch/241 [ 28.673368] [ 28.673477] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.673707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.673780] Hardware name: linux,dummy-virt (DT) [ 28.673892] Call trace: [ 28.673967] show_stack+0x20/0x38 (C) [ 28.674100] dump_stack_lvl+0x8c/0xd0 [ 28.674219] print_report+0x118/0x608 [ 28.674340] kasan_report_invalid_free+0xc0/0xe8 [ 28.674460] check_slab_allocation+0xfc/0x108 [ 28.674586] __kasan_mempool_poison_object+0x78/0x150 [ 28.674717] mempool_free+0x28c/0x328 [ 28.674827] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.674983] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.675113] kunit_try_run_case+0x170/0x3f0 [ 28.675254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.675486] kthread+0x328/0x630 [ 28.675769] ret_from_fork+0x10/0x20 [ 28.675905] [ 28.675971] Allocated by task 241: [ 28.676046] kasan_save_stack+0x3c/0x68 [ 28.676161] kasan_save_track+0x20/0x40 [ 28.676274] kasan_save_alloc_info+0x40/0x58 [ 28.676454] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.676613] remove_element+0x130/0x1f8 [ 28.676722] mempool_alloc_preallocated+0x58/0xc0 [ 28.676832] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 28.676990] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.677135] kunit_try_run_case+0x170/0x3f0 [ 28.677232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.677340] kthread+0x328/0x630 [ 28.677442] ret_from_fork+0x10/0x20 [ 28.677853] [ 28.677955] The buggy address belongs to the object at fff00000c6431900 [ 28.677955] which belongs to the cache kmalloc-128 of size 128 [ 28.678110] The buggy address is located 1 bytes inside of [ 28.678110] 128-byte region [fff00000c6431900, fff00000c6431980) [ 28.678257] [ 28.678312] The buggy address belongs to the physical page: [ 28.678392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 28.678596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.678726] page_type: f5(slab) [ 28.678829] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.678989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.679104] page dumped because: kasan: bad access detected [ 28.679239] [ 28.679476] Memory state around the buggy address: [ 28.679905] fff00000c6431800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.680346] fff00000c6431880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.680479] >fff00000c6431900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.680854] ^ [ 28.681047] fff00000c6431980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.681190] fff00000c6431a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.681309] ==================================================================
[ 28.788256] ================================================================== [ 28.788702] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.788958] Free of addr fff00000c7772501 by task kunit_try_catch/241 [ 28.789073] [ 28.789167] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.789443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.789550] Hardware name: linux,dummy-virt (DT) [ 28.789818] Call trace: [ 28.790071] show_stack+0x20/0x38 (C) [ 28.790250] dump_stack_lvl+0x8c/0xd0 [ 28.790388] print_report+0x118/0x608 [ 28.790517] kasan_report_invalid_free+0xc0/0xe8 [ 28.790748] check_slab_allocation+0xfc/0x108 [ 28.790904] __kasan_mempool_poison_object+0x78/0x150 [ 28.791057] mempool_free+0x28c/0x328 [ 28.791317] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.791528] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.791670] kunit_try_run_case+0x170/0x3f0 [ 28.791888] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.792049] kthread+0x328/0x630 [ 28.792347] ret_from_fork+0x10/0x20 [ 28.792830] [ 28.793157] Allocated by task 241: [ 28.793236] kasan_save_stack+0x3c/0x68 [ 28.793816] kasan_save_track+0x20/0x40 [ 28.793932] kasan_save_alloc_info+0x40/0x58 [ 28.794035] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.794136] remove_element+0x130/0x1f8 [ 28.794224] mempool_alloc_preallocated+0x58/0xc0 [ 28.794318] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 28.794420] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.794519] kunit_try_run_case+0x170/0x3f0 [ 28.794609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.794725] kthread+0x328/0x630 [ 28.794805] ret_from_fork+0x10/0x20 [ 28.794915] [ 28.794963] The buggy address belongs to the object at fff00000c7772500 [ 28.794963] which belongs to the cache kmalloc-128 of size 128 [ 28.795105] The buggy address is located 1 bytes inside of [ 28.795105] 128-byte region [fff00000c7772500, fff00000c7772580) [ 28.795249] [ 28.795300] The buggy address belongs to the physical page: [ 28.795374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 28.795500] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.795621] page_type: f5(slab) [ 28.795717] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.799366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.799806] page dumped because: kasan: bad access detected [ 28.800055] [ 28.800327] Memory state around the buggy address: [ 28.800420] fff00000c7772400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.800822] fff00000c7772480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.801328] >fff00000c7772500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.801538] ^ [ 28.803886] fff00000c7772580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.804026] fff00000c7772600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.804185] ================================================================== [ 28.819967] ================================================================== [ 28.820196] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.820693] Free of addr fff00000c7730001 by task kunit_try_catch/243 [ 28.820820] [ 28.820989] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.821297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.821449] Hardware name: linux,dummy-virt (DT) [ 28.821584] Call trace: [ 28.821916] show_stack+0x20/0x38 (C) [ 28.822194] dump_stack_lvl+0x8c/0xd0 [ 28.822417] print_report+0x118/0x608 [ 28.823062] kasan_report_invalid_free+0xc0/0xe8 [ 28.823277] __kasan_mempool_poison_object+0xfc/0x150 [ 28.824019] mempool_free+0x28c/0x328 [ 28.824795] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.825474] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 28.826005] kunit_try_run_case+0x170/0x3f0 [ 28.826357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.826501] kthread+0x328/0x630 [ 28.826612] ret_from_fork+0x10/0x20 [ 28.826730] [ 28.826786] The buggy address belongs to the physical page: [ 28.826882] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107730 [ 28.827450] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.828402] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.828642] page_type: f8(unknown) [ 28.829256] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.829769] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.829917] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.830045] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.830170] head: 0bfffe0000000002 ffffc1ffc31dcc01 00000000ffffffff 00000000ffffffff [ 28.830873] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.831007] page dumped because: kasan: bad access detected [ 28.831434] [ 28.831810] Memory state around the buggy address: [ 28.832324] fff00000c772ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.832441] fff00000c772ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.832816] >fff00000c7730000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.833553] ^ [ 28.833691] fff00000c7730080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.834012] fff00000c7730100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.834145] ==================================================================
[ 21.702120] ================================================================== [ 21.703752] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.704522] Free of addr ffff888101b3e701 by task kunit_try_catch/259 [ 21.705796] [ 21.706271] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.706521] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.706609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.706672] Call Trace: [ 21.706711] <TASK> [ 21.706755] dump_stack_lvl+0x73/0xb0 [ 21.706824] print_report+0xd1/0x650 [ 21.706861] ? __virt_addr_valid+0x1db/0x2d0 [ 21.706898] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.706929] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.706965] kasan_report_invalid_free+0x10a/0x130 [ 21.707000] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.707039] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.707075] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.707110] check_slab_allocation+0x11f/0x130 [ 21.707139] __kasan_mempool_poison_object+0x91/0x1d0 [ 21.707173] mempool_free+0x2ec/0x380 [ 21.707203] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.707284] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 21.707332] ? kasan_save_track+0x18/0x40 [ 21.707359] ? kasan_save_alloc_info+0x3b/0x50 [ 21.707393] ? kasan_save_stack+0x45/0x70 [ 21.707422] ? mempool_alloc_preallocated+0x5b/0x90 [ 21.707454] mempool_kmalloc_invalid_free+0xed/0x140 [ 21.707488] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 21.707595] ? __pfx_mempool_kmalloc+0x10/0x10 [ 21.707670] ? __pfx_mempool_kfree+0x10/0x10 [ 21.707710] ? __pfx_read_tsc+0x10/0x10 [ 21.707742] ? ktime_get_ts64+0x86/0x230 [ 21.707777] kunit_try_run_case+0x1a5/0x480 [ 21.707818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.707853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.707890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.707923] ? __kthread_parkme+0x82/0x180 [ 21.707954] ? preempt_count_sub+0x50/0x80 [ 21.707988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.708023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.708058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.708093] kthread+0x337/0x6f0 [ 21.708119] ? trace_preempt_on+0x20/0xc0 [ 21.708153] ? __pfx_kthread+0x10/0x10 [ 21.708183] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.708215] ? calculate_sigpending+0x7b/0xa0 [ 21.708278] ? __pfx_kthread+0x10/0x10 [ 21.708310] ret_from_fork+0x116/0x1d0 [ 21.708337] ? __pfx_kthread+0x10/0x10 [ 21.708366] ret_from_fork_asm+0x1a/0x30 [ 21.708411] </TASK> [ 21.708428] [ 21.732691] Allocated by task 259: [ 21.733133] kasan_save_stack+0x45/0x70 [ 21.734642] kasan_save_track+0x18/0x40 [ 21.735351] kasan_save_alloc_info+0x3b/0x50 [ 21.736550] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 21.737486] remove_element+0x11e/0x190 [ 21.738216] mempool_alloc_preallocated+0x4d/0x90 [ 21.739117] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 21.739967] mempool_kmalloc_invalid_free+0xed/0x140 [ 21.740966] kunit_try_run_case+0x1a5/0x480 [ 21.741577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.742232] kthread+0x337/0x6f0 [ 21.742725] ret_from_fork+0x116/0x1d0 [ 21.743455] ret_from_fork_asm+0x1a/0x30 [ 21.744080] [ 21.744817] The buggy address belongs to the object at ffff888101b3e700 [ 21.744817] which belongs to the cache kmalloc-128 of size 128 [ 21.745821] The buggy address is located 1 bytes inside of [ 21.745821] 128-byte region [ffff888101b3e700, ffff888101b3e780) [ 21.747295] [ 21.747826] The buggy address belongs to the physical page: [ 21.748291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b3e [ 21.748913] flags: 0x200000000000000(node=0|zone=2) [ 21.750157] page_type: f5(slab) [ 21.750824] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.751667] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.752190] page dumped because: kasan: bad access detected [ 21.752883] [ 21.753541] Memory state around the buggy address: [ 21.754171] ffff888101b3e600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.755583] ffff888101b3e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.756293] >ffff888101b3e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.756894] ^ [ 21.757239] ffff888101b3e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.757981] ffff888101b3e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.758752] ================================================================== [ 21.766007] ================================================================== [ 21.767529] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.768270] Free of addr ffff888103ab8001 by task kunit_try_catch/261 [ 21.769529] [ 21.770464] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.770702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.770749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.770789] Call Trace: [ 21.770827] <TASK> [ 21.770881] dump_stack_lvl+0x73/0xb0 [ 21.770951] print_report+0xd1/0x650 [ 21.770992] ? __virt_addr_valid+0x1db/0x2d0 [ 21.771030] ? kasan_addr_to_slab+0x11/0xa0 [ 21.771060] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.771101] kasan_report_invalid_free+0x10a/0x130 [ 21.771137] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.771179] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.771216] __kasan_mempool_poison_object+0x102/0x1d0 [ 21.771294] mempool_free+0x2ec/0x380 [ 21.771330] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.771369] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 21.771408] ? __kasan_check_write+0x18/0x20 [ 21.771438] ? __pfx_sched_clock_cpu+0x10/0x10 [ 21.771470] ? finish_task_switch.isra.0+0x153/0x700 [ 21.771542] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 21.771652] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 21.771716] ? __pfx_mempool_kmalloc+0x10/0x10 [ 21.771755] ? __pfx_mempool_kfree+0x10/0x10 [ 21.771794] ? __pfx_read_tsc+0x10/0x10 [ 21.771826] ? ktime_get_ts64+0x86/0x230 [ 21.771860] kunit_try_run_case+0x1a5/0x480 [ 21.771901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.771935] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.771971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.772005] ? __kthread_parkme+0x82/0x180 [ 21.772033] ? preempt_count_sub+0x50/0x80 [ 21.772063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.772099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.772133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.772167] kthread+0x337/0x6f0 [ 21.772195] ? trace_preempt_on+0x20/0xc0 [ 21.772242] ? __pfx_kthread+0x10/0x10 [ 21.772292] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.772327] ? calculate_sigpending+0x7b/0xa0 [ 21.772364] ? __pfx_kthread+0x10/0x10 [ 21.772395] ret_from_fork+0x116/0x1d0 [ 21.772421] ? __pfx_kthread+0x10/0x10 [ 21.772451] ret_from_fork_asm+0x1a/0x30 [ 21.772514] </TASK> [ 21.772539] [ 21.796244] The buggy address belongs to the physical page: [ 21.797139] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab8 [ 21.798705] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.800126] flags: 0x200000000000040(head|node=0|zone=2) [ 21.800763] page_type: f8(unknown) [ 21.801239] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.802114] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.803689] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.804302] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.805199] head: 0200000000000002 ffffea00040eae01 00000000ffffffff 00000000ffffffff [ 21.806201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.807246] page dumped because: kasan: bad access detected [ 21.807827] [ 21.808016] Memory state around the buggy address: [ 21.808424] ffff888103ab7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.809148] ffff888103ab7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.809655] >ffff888103ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.810896] ^ [ 21.811189] ffff888103ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.812128] ffff888103ab8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.812618] ==================================================================
[ 20.561396] ================================================================== [ 20.562769] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.563563] Free of addr ffff888103990001 by task kunit_try_catch/261 [ 20.564748] [ 20.564945] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.565012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.565030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.565062] Call Trace: [ 20.565077] <TASK> [ 20.565098] dump_stack_lvl+0x73/0xb0 [ 20.565542] print_report+0xd1/0x650 [ 20.565803] ? __virt_addr_valid+0x1db/0x2d0 [ 20.565847] ? kasan_addr_to_slab+0x11/0xa0 [ 20.565906] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.565953] kasan_report_invalid_free+0x10a/0x130 [ 20.565992] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.566036] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.566075] __kasan_mempool_poison_object+0x102/0x1d0 [ 20.566151] mempool_free+0x2ec/0x380 [ 20.566192] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.566233] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.566286] ? __kasan_check_write+0x18/0x20 [ 20.566317] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.566351] ? finish_task_switch.isra.0+0x153/0x700 [ 20.566390] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 20.566430] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 20.566473] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.566509] ? __pfx_mempool_kfree+0x10/0x10 [ 20.566614] ? __pfx_read_tsc+0x10/0x10 [ 20.566669] ? ktime_get_ts64+0x86/0x230 [ 20.566707] kunit_try_run_case+0x1a5/0x480 [ 20.566750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.566788] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.566826] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.566864] ? __kthread_parkme+0x82/0x180 [ 20.566924] ? preempt_count_sub+0x50/0x80 [ 20.566961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.567000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.567038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.567078] kthread+0x337/0x6f0 [ 20.567142] ? trace_preempt_on+0x20/0xc0 [ 20.567185] ? __pfx_kthread+0x10/0x10 [ 20.567217] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.567251] ? calculate_sigpending+0x7b/0xa0 [ 20.567291] ? __pfx_kthread+0x10/0x10 [ 20.567323] ret_from_fork+0x116/0x1d0 [ 20.567350] ? __pfx_kthread+0x10/0x10 [ 20.567382] ret_from_fork_asm+0x1a/0x30 [ 20.567426] </TASK> [ 20.567441] [ 20.592448] The buggy address belongs to the physical page: [ 20.593086] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103990 [ 20.594033] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.594904] flags: 0x200000000000040(head|node=0|zone=2) [ 20.595461] page_type: f8(unknown) [ 20.595985] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.596836] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.597762] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.598392] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.599222] head: 0200000000000002 ffffea00040e6401 00000000ffffffff 00000000ffffffff [ 20.599936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.600788] page dumped because: kasan: bad access detected [ 20.601325] [ 20.601715] Memory state around the buggy address: [ 20.602216] ffff88810398ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.603021] ffff88810398ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.603806] >ffff888103990000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.604489] ^ [ 20.605028] ffff888103990080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.605857] ffff888103990100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.606565] ================================================================== [ 20.496028] ================================================================== [ 20.497260] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.498176] Free of addr ffff888103314001 by task kunit_try_catch/259 [ 20.499175] [ 20.499646] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.499773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.499815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.499899] Call Trace: [ 20.500099] <TASK> [ 20.500169] dump_stack_lvl+0x73/0xb0 [ 20.500231] print_report+0xd1/0x650 [ 20.500267] ? __virt_addr_valid+0x1db/0x2d0 [ 20.500304] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.500337] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.500374] kasan_report_invalid_free+0x10a/0x130 [ 20.500409] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.500447] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.500482] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.500527] check_slab_allocation+0x11f/0x130 [ 20.500653] __kasan_mempool_poison_object+0x91/0x1d0 [ 20.500693] mempool_free+0x2ec/0x380 [ 20.500728] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.500766] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.500807] ? __kasan_check_write+0x18/0x20 [ 20.500835] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.500866] ? finish_task_switch.isra.0+0x153/0x700 [ 20.500934] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.500970] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 20.501009] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.501044] ? __pfx_mempool_kfree+0x10/0x10 [ 20.501079] ? __pfx_read_tsc+0x10/0x10 [ 20.501117] ? ktime_get_ts64+0x86/0x230 [ 20.501175] kunit_try_run_case+0x1a5/0x480 [ 20.501216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.501250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.501285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.501320] ? __kthread_parkme+0x82/0x180 [ 20.501348] ? preempt_count_sub+0x50/0x80 [ 20.501379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.501414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.501448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.501483] kthread+0x337/0x6f0 [ 20.501519] ? trace_preempt_on+0x20/0xc0 [ 20.501602] ? __pfx_kthread+0x10/0x10 [ 20.501661] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.501694] ? calculate_sigpending+0x7b/0xa0 [ 20.501732] ? __pfx_kthread+0x10/0x10 [ 20.501762] ret_from_fork+0x116/0x1d0 [ 20.501790] ? __pfx_kthread+0x10/0x10 [ 20.501820] ret_from_fork_asm+0x1a/0x30 [ 20.501864] </TASK> [ 20.501900] [ 20.527250] Allocated by task 259: [ 20.527651] kasan_save_stack+0x45/0x70 [ 20.528109] kasan_save_track+0x18/0x40 [ 20.528550] kasan_save_alloc_info+0x3b/0x50 [ 20.530329] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.531325] remove_element+0x11e/0x190 [ 20.531634] mempool_alloc_preallocated+0x4d/0x90 [ 20.532014] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 20.532437] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.532818] kunit_try_run_case+0x1a5/0x480 [ 20.533540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.533905] kthread+0x337/0x6f0 [ 20.534188] ret_from_fork+0x116/0x1d0 [ 20.534511] ret_from_fork_asm+0x1a/0x30 [ 20.534804] [ 20.535111] The buggy address belongs to the object at ffff888103314000 [ 20.535111] which belongs to the cache kmalloc-128 of size 128 [ 20.536980] The buggy address is located 1 bytes inside of [ 20.536980] 128-byte region [ffff888103314000, ffff888103314080) [ 20.541130] [ 20.541469] The buggy address belongs to the physical page: [ 20.542007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103314 [ 20.542529] flags: 0x200000000000000(node=0|zone=2) [ 20.545249] page_type: f5(slab) [ 20.545616] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.546305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.547936] page dumped because: kasan: bad access detected [ 20.548292] [ 20.548441] Memory state around the buggy address: [ 20.550279] ffff888103313f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.551264] ffff888103313f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.552225] >ffff888103314000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.553460] ^ [ 20.553851] ffff888103314080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.554461] ffff888103314100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.555191] ==================================================================
[ 22.391264] ================================================================== [ 22.392441] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 22.393234] Free of addr ffff00000e1f8001 by task kunit_try_catch/296 [ 22.393861] [ 22.394044] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.394128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.394154] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.394182] Call trace: [ 22.394203] show_stack+0x20/0x38 (C) [ 22.394258] dump_stack_lvl+0x8c/0xd0 [ 22.394317] print_report+0x118/0x608 [ 22.394376] kasan_report_invalid_free+0xc0/0xe8 [ 22.394435] __kasan_mempool_poison_object+0xfc/0x150 [ 22.394497] mempool_free+0x28c/0x328 [ 22.394546] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 22.394606] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 22.394664] kunit_try_run_case+0x170/0x3f0 [ 22.394723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.394788] kthread+0x328/0x630 [ 22.394833] ret_from_fork+0x10/0x20 [ 22.394887] [ 22.401642] The buggy address belongs to the physical page: [ 22.402184] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe1f8 [ 22.402940] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.403676] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 22.404362] page_type: f8(unknown) [ 22.404725] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.405473] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.406222] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.406977] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.407734] head: 03fffe0000000002 fffffdffc0387e01 00000000ffffffff 00000000ffffffff [ 22.408490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.409234] page dumped because: kasan: bad access detected [ 22.409769] [ 22.409940] Memory state around the buggy address: [ 22.410411] ffff00000e1f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.411106] ffff00000e1f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.411801] >ffff00000e1f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.412489] ^ [ 22.412825] ffff00000e1f8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.413519] ffff00000e1f8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.414207] ================================================================== [ 22.361508] ================================================================== [ 22.362624] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 22.363362] Free of addr ffff00000c5d5201 by task kunit_try_catch/294 [ 22.363939] [ 22.364088] CPU: 5 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.364114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.364121] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.364130] Call trace: [ 22.364136] show_stack+0x20/0x38 (C) [ 22.364154] dump_stack_lvl+0x8c/0xd0 [ 22.364171] print_report+0x118/0x608 [ 22.364187] kasan_report_invalid_free+0xc0/0xe8 [ 22.364204] check_slab_allocation+0xfc/0x108 [ 22.364220] __kasan_mempool_poison_object+0x78/0x150 [ 22.364236] mempool_free+0x28c/0x328 [ 22.364250] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 22.364266] mempool_kmalloc_invalid_free+0xc0/0x118 [ 22.364279] kunit_try_run_case+0x170/0x3f0 [ 22.364296] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.364314] kthread+0x328/0x630 [ 22.364327] ret_from_fork+0x10/0x20 [ 22.364341] [ 22.371218] Allocated by task 294: [ 22.371528] kasan_save_stack+0x3c/0x68 [ 22.371883] kasan_save_track+0x20/0x40 [ 22.372234] kasan_save_alloc_info+0x40/0x58 [ 22.372627] __kasan_mempool_unpoison_object+0x11c/0x180 [ 22.373110] remove_element+0x130/0x1f8 [ 22.373460] mempool_alloc_preallocated+0x58/0xc0 [ 22.373886] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 22.374390] mempool_kmalloc_invalid_free+0xc0/0x118 [ 22.374840] kunit_try_run_case+0x170/0x3f0 [ 22.375222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.375719] kthread+0x328/0x630 [ 22.376016] ret_from_fork+0x10/0x20 [ 22.376344] [ 22.376486] The buggy address belongs to the object at ffff00000c5d5200 [ 22.376486] which belongs to the cache kmalloc-128 of size 128 [ 22.377592] The buggy address is located 1 bytes inside of [ 22.377592] 128-byte region [ffff00000c5d5200, ffff00000c5d5280) [ 22.378616] [ 22.378758] The buggy address belongs to the physical page: [ 22.379257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 22.379957] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.380545] page_type: f5(slab) [ 22.380838] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 22.381529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.382216] page dumped because: kasan: bad access detected [ 22.382713] [ 22.382854] Memory state around the buggy address: [ 22.383285] ffff00000c5d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.383928] ffff00000c5d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.384572] >ffff00000c5d5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.385214] ^ [ 22.385509] ffff00000c5d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.386152] ffff00000c5d5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.386794] ==================================================================