Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.009937] ================================================================== [ 18.010032] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.010085] Free of addr fff00000c58c3601 by task kunit_try_catch/242 [ 18.010133] [ 18.010179] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.010280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.010306] Hardware name: linux,dummy-virt (DT) [ 18.010355] Call trace: [ 18.010429] show_stack+0x20/0x38 (C) [ 18.010536] dump_stack_lvl+0x8c/0xd0 [ 18.010583] print_report+0x118/0x5d0 [ 18.010648] kasan_report_invalid_free+0xc0/0xe8 [ 18.010714] check_slab_allocation+0xfc/0x108 [ 18.010797] __kasan_mempool_poison_object+0x78/0x150 [ 18.010849] mempool_free+0x28c/0x328 [ 18.010891] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.011156] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.011270] kunit_try_run_case+0x170/0x3f0 [ 18.011323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.011377] kthread+0x328/0x630 [ 18.011418] ret_from_fork+0x10/0x20 [ 18.011483] [ 18.011511] Allocated by task 242: [ 18.011557] kasan_save_stack+0x3c/0x68 [ 18.011614] kasan_save_track+0x20/0x40 [ 18.011671] kasan_save_alloc_info+0x40/0x58 [ 18.011727] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.011809] remove_element+0x130/0x1f8 [ 18.011846] mempool_alloc_preallocated+0x58/0xc0 [ 18.011903] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.011946] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.011986] kunit_try_run_case+0x170/0x3f0 [ 18.012022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.012261] kthread+0x328/0x630 [ 18.012314] ret_from_fork+0x10/0x20 [ 18.012363] [ 18.012382] The buggy address belongs to the object at fff00000c58c3600 [ 18.012382] which belongs to the cache kmalloc-128 of size 128 [ 18.012443] The buggy address is located 1 bytes inside of [ 18.012443] 128-byte region [fff00000c58c3600, fff00000c58c3680) [ 18.012503] [ 18.012523] The buggy address belongs to the physical page: [ 18.012745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 18.012808] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.012856] page_type: f5(slab) [ 18.012896] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.012948] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.012989] page dumped because: kasan: bad access detected [ 18.013021] [ 18.013037] Memory state around the buggy address: [ 18.013068] fff00000c58c3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.013113] fff00000c58c3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.013157] >fff00000c58c3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.013210] ^ [ 18.013236] fff00000c58c3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.013278] fff00000c58c3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.013318] ================================================================== [ 18.018718] ================================================================== [ 18.018802] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.018852] Free of addr fff00000c79a0001 by task kunit_try_catch/244 [ 18.018894] [ 18.018923] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.019213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.019353] Hardware name: linux,dummy-virt (DT) [ 18.019388] Call trace: [ 18.019447] show_stack+0x20/0x38 (C) [ 18.019635] dump_stack_lvl+0x8c/0xd0 [ 18.019751] print_report+0x118/0x5d0 [ 18.019855] kasan_report_invalid_free+0xc0/0xe8 [ 18.019975] __kasan_mempool_poison_object+0xfc/0x150 [ 18.020029] mempool_free+0x28c/0x328 [ 18.020073] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.020125] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.020214] kunit_try_run_case+0x170/0x3f0 [ 18.020323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.020487] kthread+0x328/0x630 [ 18.020567] ret_from_fork+0x10/0x20 [ 18.020752] [ 18.020782] The buggy address belongs to the physical page: [ 18.020812] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079a0 [ 18.020867] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.020917] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.020968] page_type: f8(unknown) [ 18.021344] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.021464] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.021646] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.021796] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.021881] head: 0bfffe0000000002 ffffc1ffc31e6801 00000000ffffffff 00000000ffffffff [ 18.022043] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.022151] page dumped because: kasan: bad access detected [ 18.022216] [ 18.022236] Memory state around the buggy address: [ 18.022280] fff00000c799ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.022333] fff00000c799ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.022386] >fff00000c79a0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.022425] ^ [ 18.022451] fff00000c79a0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.022504] fff00000c79a0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.022543] ==================================================================
[ 18.778410] ================================================================== [ 18.778497] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.778548] Free of addr fff00000c78ec001 by task kunit_try_catch/244 [ 18.778812] [ 18.778846] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.778927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.778955] Hardware name: linux,dummy-virt (DT) [ 18.778987] Call trace: [ 18.779009] show_stack+0x20/0x38 (C) [ 18.779292] dump_stack_lvl+0x8c/0xd0 [ 18.779358] print_report+0x118/0x5d0 [ 18.779760] kasan_report_invalid_free+0xc0/0xe8 [ 18.779812] __kasan_mempool_poison_object+0xfc/0x150 [ 18.779879] mempool_free+0x28c/0x328 [ 18.779924] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.780128] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.780285] kunit_try_run_case+0x170/0x3f0 [ 18.780332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.780386] kthread+0x328/0x630 [ 18.780431] ret_from_fork+0x10/0x20 [ 18.780490] [ 18.780510] The buggy address belongs to the physical page: [ 18.780543] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078ec [ 18.780878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.780929] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.780983] page_type: f8(unknown) [ 18.781154] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.781501] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.781576] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.781760] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.781920] head: 0bfffe0000000002 ffffc1ffc31e3b01 00000000ffffffff 00000000ffffffff [ 18.782043] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.782086] page dumped because: kasan: bad access detected [ 18.782119] [ 18.782138] Memory state around the buggy address: [ 18.782169] fff00000c78ebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.782471] fff00000c78ebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.782580] >fff00000c78ec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.782619] ^ [ 18.782677] fff00000c78ec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.782721] fff00000c78ec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.782806] ================================================================== [ 18.764619] ================================================================== [ 18.764681] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.764994] Free of addr fff00000c5ae0601 by task kunit_try_catch/242 [ 18.765212] [ 18.765250] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.765333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.765360] Hardware name: linux,dummy-virt (DT) [ 18.765390] Call trace: [ 18.765412] show_stack+0x20/0x38 (C) [ 18.765462] dump_stack_lvl+0x8c/0xd0 [ 18.765509] print_report+0x118/0x5d0 [ 18.765555] kasan_report_invalid_free+0xc0/0xe8 [ 18.765605] check_slab_allocation+0xfc/0x108 [ 18.765652] __kasan_mempool_poison_object+0x78/0x150 [ 18.765716] mempool_free+0x28c/0x328 [ 18.765761] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.766070] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.766142] kunit_try_run_case+0x170/0x3f0 [ 18.766201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.766461] kthread+0x328/0x630 [ 18.766585] ret_from_fork+0x10/0x20 [ 18.766635] [ 18.766652] Allocated by task 242: [ 18.766811] kasan_save_stack+0x3c/0x68 [ 18.766947] kasan_save_track+0x20/0x40 [ 18.766992] kasan_save_alloc_info+0x40/0x58 [ 18.767065] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.767142] remove_element+0x130/0x1f8 [ 18.767177] mempool_alloc_preallocated+0x58/0xc0 [ 18.767496] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.767643] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.767752] kunit_try_run_case+0x170/0x3f0 [ 18.767848] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.767968] kthread+0x328/0x630 [ 18.767999] ret_from_fork+0x10/0x20 [ 18.768036] [ 18.768055] The buggy address belongs to the object at fff00000c5ae0600 [ 18.768055] which belongs to the cache kmalloc-128 of size 128 [ 18.768116] The buggy address is located 1 bytes inside of [ 18.768116] 128-byte region [fff00000c5ae0600, fff00000c5ae0680) [ 18.768190] [ 18.768234] The buggy address belongs to the physical page: [ 18.768266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 18.768362] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.768723] page_type: f5(slab) [ 18.769039] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.769127] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.769191] page dumped because: kasan: bad access detected [ 18.769224] [ 18.769280] Memory state around the buggy address: [ 18.769413] fff00000c5ae0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.769486] fff00000c5ae0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.769565] >fff00000c5ae0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.769643] ^ [ 18.769683] fff00000c5ae0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.769762] fff00000c5ae0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.769871] ==================================================================
[ 14.394635] ================================================================== [ 14.395105] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.395613] Free of addr ffff888103a24001 by task kunit_try_catch/261 [ 14.396095] [ 14.396193] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.396240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.396252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.396275] Call Trace: [ 14.396290] <TASK> [ 14.396306] dump_stack_lvl+0x73/0xb0 [ 14.396371] print_report+0xd1/0x610 [ 14.396396] ? __virt_addr_valid+0x1db/0x2d0 [ 14.396422] ? kasan_addr_to_slab+0x11/0xa0 [ 14.396443] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.396483] kasan_report_invalid_free+0x10a/0x130 [ 14.396521] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.396551] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.396593] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.396620] mempool_free+0x2ec/0x380 [ 14.396648] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.396676] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.396704] ? update_curr+0x5c1/0x810 [ 14.396734] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.396761] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.396788] ? schedule+0x7c/0x2e0 [ 14.396811] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.396835] ? __pfx_mempool_kfree+0x10/0x10 [ 14.396861] ? __pfx_read_tsc+0x10/0x10 [ 14.396882] ? ktime_get_ts64+0x86/0x230 [ 14.396908] kunit_try_run_case+0x1a5/0x480 [ 14.396935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.396959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.396985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.397010] ? __kthread_parkme+0x82/0x180 [ 14.397032] ? preempt_count_sub+0x50/0x80 [ 14.397057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.397082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.397109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.397135] kthread+0x337/0x6f0 [ 14.397154] ? trace_preempt_on+0x20/0xc0 [ 14.397178] ? __pfx_kthread+0x10/0x10 [ 14.397199] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.397221] ? calculate_sigpending+0x7b/0xa0 [ 14.397247] ? __pfx_kthread+0x10/0x10 [ 14.397269] ret_from_fork+0x116/0x1d0 [ 14.397288] ? __pfx_kthread+0x10/0x10 [ 14.397309] ret_from_fork_asm+0x1a/0x30 [ 14.397342] </TASK> [ 14.397353] [ 14.407023] The buggy address belongs to the physical page: [ 14.407323] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a24 [ 14.407815] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.408069] flags: 0x200000000000040(head|node=0|zone=2) [ 14.408327] page_type: f8(unknown) [ 14.408635] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.408887] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.409185] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.409597] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.409908] head: 0200000000000002 ffffea00040e8901 00000000ffffffff 00000000ffffffff [ 14.410138] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.410620] page dumped because: kasan: bad access detected [ 14.410888] [ 14.410983] Memory state around the buggy address: [ 14.411492] ffff888103a23f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.411877] ffff888103a23f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.412150] >ffff888103a24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.412545] ^ [ 14.412792] ffff888103a24080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.413122] ffff888103a24100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.413417] ================================================================== [ 14.370712] ================================================================== [ 14.371344] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.371791] Free of addr ffff888103434701 by task kunit_try_catch/259 [ 14.372150] [ 14.372263] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.372313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.372324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.372346] Call Trace: [ 14.372359] <TASK> [ 14.372376] dump_stack_lvl+0x73/0xb0 [ 14.372408] print_report+0xd1/0x610 [ 14.372594] ? __virt_addr_valid+0x1db/0x2d0 [ 14.372620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.372644] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.372672] kasan_report_invalid_free+0x10a/0x130 [ 14.372697] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.372742] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.372770] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.372796] check_slab_allocation+0x11f/0x130 [ 14.372820] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.372846] mempool_free+0x2ec/0x380 [ 14.372874] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.372922] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.372951] ? kasan_save_track+0x18/0x40 [ 14.372971] ? kasan_save_alloc_info+0x3b/0x50 [ 14.372995] ? kasan_save_stack+0x45/0x70 [ 14.373020] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.373045] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.373074] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.373097] ? __pfx_mempool_kfree+0x10/0x10 [ 14.373123] ? __pfx_read_tsc+0x10/0x10 [ 14.373146] ? ktime_get_ts64+0x86/0x230 [ 14.373171] kunit_try_run_case+0x1a5/0x480 [ 14.373197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.373221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.373246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.373271] ? __kthread_parkme+0x82/0x180 [ 14.373293] ? preempt_count_sub+0x50/0x80 [ 14.373317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.373342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.373367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.373393] kthread+0x337/0x6f0 [ 14.373423] ? trace_preempt_on+0x20/0xc0 [ 14.373457] ? __pfx_kthread+0x10/0x10 [ 14.373479] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.373501] ? calculate_sigpending+0x7b/0xa0 [ 14.373527] ? __pfx_kthread+0x10/0x10 [ 14.373549] ret_from_fork+0x116/0x1d0 [ 14.373569] ? __pfx_kthread+0x10/0x10 [ 14.373590] ret_from_fork_asm+0x1a/0x30 [ 14.373622] </TASK> [ 14.373632] [ 14.382328] Allocated by task 259: [ 14.382555] kasan_save_stack+0x45/0x70 [ 14.382750] kasan_save_track+0x18/0x40 [ 14.382918] kasan_save_alloc_info+0x3b/0x50 [ 14.383109] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.383339] remove_element+0x11e/0x190 [ 14.383562] mempool_alloc_preallocated+0x4d/0x90 [ 14.383773] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.384032] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.384241] kunit_try_run_case+0x1a5/0x480 [ 14.384388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.384567] kthread+0x337/0x6f0 [ 14.384684] ret_from_fork+0x116/0x1d0 [ 14.384813] ret_from_fork_asm+0x1a/0x30 [ 14.385164] [ 14.385263] The buggy address belongs to the object at ffff888103434700 [ 14.385263] which belongs to the cache kmalloc-128 of size 128 [ 14.385792] The buggy address is located 1 bytes inside of [ 14.385792] 128-byte region [ffff888103434700, ffff888103434780) [ 14.386170] [ 14.386240] The buggy address belongs to the physical page: [ 14.386408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103434 [ 14.386774] flags: 0x200000000000000(node=0|zone=2) [ 14.387046] page_type: f5(slab) [ 14.387221] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.387614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.387953] page dumped because: kasan: bad access detected [ 14.388180] [ 14.388248] Memory state around the buggy address: [ 14.388406] ffff888103434600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.388830] ffff888103434680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.389134] >ffff888103434700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.389358] ^ [ 14.389478] ffff888103434780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.389685] ffff888103434800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.389999] ==================================================================
[ 14.577524] ================================================================== [ 14.578337] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.578791] Free of addr ffff888102b2ee01 by task kunit_try_catch/259 [ 14.579043] [ 14.579429] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.579476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.579488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.579510] Call Trace: [ 14.579521] <TASK> [ 14.579547] dump_stack_lvl+0x73/0xb0 [ 14.579579] print_report+0xd1/0x610 [ 14.579614] ? __virt_addr_valid+0x1db/0x2d0 [ 14.579692] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.579730] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.579760] kasan_report_invalid_free+0x10a/0x130 [ 14.579786] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.579828] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.579864] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.579891] check_slab_allocation+0x11f/0x130 [ 14.579924] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.579951] mempool_free+0x2ec/0x380 [ 14.579979] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.580007] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.580035] ? update_load_avg+0x1be/0x21b0 [ 14.580072] ? finish_task_switch.isra.0+0x153/0x700 [ 14.580100] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.580137] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.580165] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.580189] ? __pfx_mempool_kfree+0x10/0x10 [ 14.580215] ? __pfx_read_tsc+0x10/0x10 [ 14.580238] ? ktime_get_ts64+0x86/0x230 [ 14.580263] kunit_try_run_case+0x1a5/0x480 [ 14.580289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.580313] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.580338] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.580363] ? __kthread_parkme+0x82/0x180 [ 14.580384] ? preempt_count_sub+0x50/0x80 [ 14.580408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.580433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.580459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.580486] kthread+0x337/0x6f0 [ 14.580504] ? trace_preempt_on+0x20/0xc0 [ 14.580530] ? __pfx_kthread+0x10/0x10 [ 14.580551] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.580573] ? calculate_sigpending+0x7b/0xa0 [ 14.580600] ? __pfx_kthread+0x10/0x10 [ 14.580622] ret_from_fork+0x116/0x1d0 [ 14.580687] ? __pfx_kthread+0x10/0x10 [ 14.580711] ret_from_fork_asm+0x1a/0x30 [ 14.580744] </TASK> [ 14.580754] [ 14.596809] Allocated by task 259: [ 14.597244] kasan_save_stack+0x45/0x70 [ 14.597640] kasan_save_track+0x18/0x40 [ 14.598234] kasan_save_alloc_info+0x3b/0x50 [ 14.598789] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.599200] remove_element+0x11e/0x190 [ 14.599347] mempool_alloc_preallocated+0x4d/0x90 [ 14.599505] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.599749] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.600226] kunit_try_run_case+0x1a5/0x480 [ 14.600683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.601225] kthread+0x337/0x6f0 [ 14.601535] ret_from_fork+0x116/0x1d0 [ 14.602103] ret_from_fork_asm+0x1a/0x30 [ 14.602498] [ 14.602683] The buggy address belongs to the object at ffff888102b2ee00 [ 14.602683] which belongs to the cache kmalloc-128 of size 128 [ 14.603782] The buggy address is located 1 bytes inside of [ 14.603782] 128-byte region [ffff888102b2ee00, ffff888102b2ee80) [ 14.604818] [ 14.604897] The buggy address belongs to the physical page: [ 14.605088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2e [ 14.605942] flags: 0x200000000000000(node=0|zone=2) [ 14.606471] page_type: f5(slab) [ 14.606843] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.607599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.608130] page dumped because: kasan: bad access detected [ 14.608633] [ 14.608883] Memory state around the buggy address: [ 14.609102] ffff888102b2ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.609527] ffff888102b2ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.610174] >ffff888102b2ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.610485] ^ [ 14.610629] ffff888102b2ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.611006] ffff888102b2ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.611381] ================================================================== [ 14.615881] ================================================================== [ 14.616495] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.616835] Free of addr ffff888102cc0001 by task kunit_try_catch/261 [ 14.617353] [ 14.617455] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.617515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.617528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.617550] Call Trace: [ 14.617575] <TASK> [ 14.617593] dump_stack_lvl+0x73/0xb0 [ 14.617626] print_report+0xd1/0x610 [ 14.617707] ? __virt_addr_valid+0x1db/0x2d0 [ 14.617734] ? kasan_addr_to_slab+0x11/0xa0 [ 14.617782] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.617812] kasan_report_invalid_free+0x10a/0x130 [ 14.617838] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.617868] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.617897] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.617933] mempool_free+0x2ec/0x380 [ 14.617963] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.618002] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.618031] ? update_curr+0x5c1/0x810 [ 14.618072] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.618099] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.618137] ? schedule+0x7c/0x2e0 [ 14.618161] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.618185] ? __pfx_mempool_kfree+0x10/0x10 [ 14.618212] ? __pfx_read_tsc+0x10/0x10 [ 14.618235] ? ktime_get_ts64+0x86/0x230 [ 14.618260] kunit_try_run_case+0x1a5/0x480 [ 14.618286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.618310] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.618336] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.618362] ? __kthread_parkme+0x82/0x180 [ 14.618385] ? preempt_count_sub+0x50/0x80 [ 14.618410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.618436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.618461] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.618488] kthread+0x337/0x6f0 [ 14.618508] ? trace_preempt_on+0x20/0xc0 [ 14.618533] ? __pfx_kthread+0x10/0x10 [ 14.618555] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.618577] ? calculate_sigpending+0x7b/0xa0 [ 14.618604] ? __pfx_kthread+0x10/0x10 [ 14.618627] ret_from_fork+0x116/0x1d0 [ 14.618646] ? __pfx_kthread+0x10/0x10 [ 14.618713] ret_from_fork_asm+0x1a/0x30 [ 14.618746] </TASK> [ 14.618756] [ 14.628327] The buggy address belongs to the physical page: [ 14.628637] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cc0 [ 14.629466] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.630598] flags: 0x200000000000040(head|node=0|zone=2) [ 14.631303] page_type: f8(unknown) [ 14.631481] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.632094] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.632558] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.633093] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.633542] head: 0200000000000002 ffffea00040b3001 00000000ffffffff 00000000ffffffff [ 14.634068] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.634517] page dumped because: kasan: bad access detected [ 14.634958] [ 14.635078] Memory state around the buggy address: [ 14.635334] ffff888102cbff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.635847] ffff888102cbff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.636143] >ffff888102cc0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.636658] ^ [ 14.636907] ffff888102cc0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.637666] ffff888102cc0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.637915] ==================================================================