Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.698031] ================================================================== [ 18.698102] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.698233] Free of addr fff00000c780a501 by task kunit_try_catch/241 [ 18.698303] [ 18.698487] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.698595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.698951] Hardware name: linux,dummy-virt (DT) [ 18.699002] Call trace: [ 18.699098] show_stack+0x20/0x38 (C) [ 18.699248] dump_stack_lvl+0x8c/0xd0 [ 18.699397] print_report+0x118/0x5d0 [ 18.699486] kasan_report_invalid_free+0xc0/0xe8 [ 18.699557] check_slab_allocation+0xfc/0x108 [ 18.700424] __kasan_mempool_poison_object+0x78/0x150 [ 18.700739] mempool_free+0x28c/0x328 [ 18.700823] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.700956] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.701102] kunit_try_run_case+0x170/0x3f0 [ 18.701197] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.701530] kthread+0x328/0x630 [ 18.701608] ret_from_fork+0x10/0x20 [ 18.701728] [ 18.702176] Allocated by task 241: [ 18.702255] kasan_save_stack+0x3c/0x68 [ 18.702309] kasan_save_track+0x20/0x40 [ 18.702346] kasan_save_alloc_info+0x40/0x58 [ 18.702414] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.702568] remove_element+0x130/0x1f8 [ 18.702720] mempool_alloc_preallocated+0x58/0xc0 [ 18.702840] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.703025] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.703171] kunit_try_run_case+0x170/0x3f0 [ 18.703219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.703460] kthread+0x328/0x630 [ 18.703569] ret_from_fork+0x10/0x20 [ 18.703608] [ 18.703758] The buggy address belongs to the object at fff00000c780a500 [ 18.703758] which belongs to the cache kmalloc-128 of size 128 [ 18.703888] The buggy address is located 1 bytes inside of [ 18.703888] 128-byte region [fff00000c780a500, fff00000c780a580) [ 18.704096] [ 18.704167] The buggy address belongs to the physical page: [ 18.704257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 18.704364] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.704487] page_type: f5(slab) [ 18.704641] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.704726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.704817] page dumped because: kasan: bad access detected [ 18.704850] [ 18.704867] Memory state around the buggy address: [ 18.704916] fff00000c780a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.704966] fff00000c780a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.705018] >fff00000c780a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.705068] ^ [ 18.705139] fff00000c780a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.705182] fff00000c780a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.705221] ================================================================== [ 18.713895] ================================================================== [ 18.713966] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.714018] Free of addr fff00000c7994001 by task kunit_try_catch/243 [ 18.714062] [ 18.714180] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.714589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.714651] Hardware name: linux,dummy-virt (DT) [ 18.714684] Call trace: [ 18.714776] show_stack+0x20/0x38 (C) [ 18.714850] dump_stack_lvl+0x8c/0xd0 [ 18.714916] print_report+0x118/0x5d0 [ 18.715004] kasan_report_invalid_free+0xc0/0xe8 [ 18.715267] __kasan_mempool_poison_object+0xfc/0x150 [ 18.715543] mempool_free+0x28c/0x328 [ 18.715589] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.715643] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.715696] kunit_try_run_case+0x170/0x3f0 [ 18.715852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.716053] kthread+0x328/0x630 [ 18.716214] ret_from_fork+0x10/0x20 [ 18.716397] [ 18.716417] The buggy address belongs to the physical page: [ 18.716541] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107994 [ 18.716684] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.716777] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.716884] page_type: f8(unknown) [ 18.717616] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.717818] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.718146] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.718205] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.718256] head: 0bfffe0000000002 ffffc1ffc31e6501 00000000ffffffff 00000000ffffffff [ 18.718305] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.718348] page dumped because: kasan: bad access detected [ 18.718390] [ 18.718407] Memory state around the buggy address: [ 18.718440] fff00000c7993f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.718609] fff00000c7993f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.718683] >fff00000c7994000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.718769] ^ [ 18.718804] fff00000c7994080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.718896] fff00000c7994100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.718944] ==================================================================
[ 18.870405] ================================================================== [ 18.870893] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.870957] Free of addr fff00000c79ec001 by task kunit_try_catch/243 [ 18.871001] [ 18.871561] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.871902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.871943] Hardware name: linux,dummy-virt (DT) [ 18.871979] Call trace: [ 18.872003] show_stack+0x20/0x38 (C) [ 18.872261] dump_stack_lvl+0x8c/0xd0 [ 18.872434] print_report+0x118/0x5d0 [ 18.872482] kasan_report_invalid_free+0xc0/0xe8 [ 18.872673] __kasan_mempool_poison_object+0xfc/0x150 [ 18.872729] mempool_free+0x28c/0x328 [ 18.872774] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.873025] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.873402] kunit_try_run_case+0x170/0x3f0 [ 18.873453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.873515] kthread+0x328/0x630 [ 18.873561] ret_from_fork+0x10/0x20 [ 18.873611] [ 18.873643] The buggy address belongs to the physical page: [ 18.873677] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079ec [ 18.873733] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.874232] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.874348] page_type: f8(unknown) [ 18.874514] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.874788] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.874993] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.875497] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.875707] head: 0bfffe0000000002 ffffc1ffc31e7b01 00000000ffffffff 00000000ffffffff [ 18.875881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.875956] page dumped because: kasan: bad access detected [ 18.876205] [ 18.876227] Memory state around the buggy address: [ 18.876480] fff00000c79ebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.876636] fff00000c79ebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.876684] >fff00000c79ec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.876723] ^ [ 18.876751] fff00000c79ec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.876848] fff00000c79ec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.876905] ================================================================== [ 18.842458] ================================================================== [ 18.842516] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.842571] Free of addr fff00000c5b4cd01 by task kunit_try_catch/241 [ 18.842613] [ 18.842656] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.842752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.842781] Hardware name: linux,dummy-virt (DT) [ 18.842812] Call trace: [ 18.842835] show_stack+0x20/0x38 (C) [ 18.842884] dump_stack_lvl+0x8c/0xd0 [ 18.842974] print_report+0x118/0x5d0 [ 18.843022] kasan_report_invalid_free+0xc0/0xe8 [ 18.843426] check_slab_allocation+0xfc/0x108 [ 18.843539] __kasan_mempool_poison_object+0x78/0x150 [ 18.843759] mempool_free+0x28c/0x328 [ 18.843969] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.844109] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.844160] kunit_try_run_case+0x170/0x3f0 [ 18.844214] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.844285] kthread+0x328/0x630 [ 18.844330] ret_from_fork+0x10/0x20 [ 18.844560] [ 18.844586] Allocated by task 241: [ 18.844902] kasan_save_stack+0x3c/0x68 [ 18.845160] kasan_save_track+0x20/0x40 [ 18.845200] kasan_save_alloc_info+0x40/0x58 [ 18.845241] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.845284] remove_element+0x130/0x1f8 [ 18.845442] mempool_alloc_preallocated+0x58/0xc0 [ 18.845715] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.845764] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.845817] kunit_try_run_case+0x170/0x3f0 [ 18.845863] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.845971] kthread+0x328/0x630 [ 18.846004] ret_from_fork+0x10/0x20 [ 18.846039] [ 18.846061] The buggy address belongs to the object at fff00000c5b4cd00 [ 18.846061] which belongs to the cache kmalloc-128 of size 128 [ 18.846122] The buggy address is located 1 bytes inside of [ 18.846122] 128-byte region [fff00000c5b4cd00, fff00000c5b4cd80) [ 18.846384] [ 18.846435] The buggy address belongs to the physical page: [ 18.846492] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4c [ 18.846570] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.846644] page_type: f5(slab) [ 18.846682] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.846739] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.846780] page dumped because: kasan: bad access detected [ 18.846939] [ 18.846961] Memory state around the buggy address: [ 18.847209] fff00000c5b4cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.847527] fff00000c5b4cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.847766] >fff00000c5b4cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.847823] ^ [ 18.847850] fff00000c5b4cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.847954] fff00000c5b4ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.848133] ==================================================================
[ 14.427626] ================================================================== [ 14.428546] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.429508] Free of addr ffff888101bc1d01 by task kunit_try_catch/259 [ 14.430025] [ 14.430231] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.430279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.430292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.430314] Call Trace: [ 14.430330] <TASK> [ 14.430348] dump_stack_lvl+0x73/0xb0 [ 14.430413] print_report+0xd1/0x610 [ 14.430437] ? __virt_addr_valid+0x1db/0x2d0 [ 14.430463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.430485] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430511] kasan_report_invalid_free+0x10a/0x130 [ 14.430536] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430563] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430594] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430619] check_slab_allocation+0x11f/0x130 [ 14.430642] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.430667] mempool_free+0x2ec/0x380 [ 14.430695] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430721] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.430750] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.430774] ? finish_task_switch.isra.0+0x153/0x700 [ 14.430801] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.430825] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.430852] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.430875] ? __pfx_mempool_kfree+0x10/0x10 [ 14.430901] ? __pfx_read_tsc+0x10/0x10 [ 14.430924] ? ktime_get_ts64+0x86/0x230 [ 14.430949] kunit_try_run_case+0x1a5/0x480 [ 14.430974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.430998] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.431022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.431046] ? __kthread_parkme+0x82/0x180 [ 14.431068] ? preempt_count_sub+0x50/0x80 [ 14.431092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.431117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.431140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.431164] kthread+0x337/0x6f0 [ 14.431184] ? trace_preempt_on+0x20/0xc0 [ 14.431208] ? __pfx_kthread+0x10/0x10 [ 14.431229] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.431253] ? calculate_sigpending+0x7b/0xa0 [ 14.431278] ? __pfx_kthread+0x10/0x10 [ 14.431301] ret_from_fork+0x116/0x1d0 [ 14.431319] ? __pfx_kthread+0x10/0x10 [ 14.431340] ret_from_fork_asm+0x1a/0x30 [ 14.431373] </TASK> [ 14.431385] [ 14.445589] Allocated by task 259: [ 14.445733] kasan_save_stack+0x45/0x70 [ 14.445887] kasan_save_track+0x18/0x40 [ 14.446122] kasan_save_alloc_info+0x3b/0x50 [ 14.446519] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.447054] remove_element+0x11e/0x190 [ 14.447422] mempool_alloc_preallocated+0x4d/0x90 [ 14.447870] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.448502] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.449189] kunit_try_run_case+0x1a5/0x480 [ 14.449594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.449988] kthread+0x337/0x6f0 [ 14.450257] ret_from_fork+0x116/0x1d0 [ 14.450622] ret_from_fork_asm+0x1a/0x30 [ 14.450935] [ 14.451012] The buggy address belongs to the object at ffff888101bc1d00 [ 14.451012] which belongs to the cache kmalloc-128 of size 128 [ 14.451877] The buggy address is located 1 bytes inside of [ 14.451877] 128-byte region [ffff888101bc1d00, ffff888101bc1d80) [ 14.452615] [ 14.452790] The buggy address belongs to the physical page: [ 14.453436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 14.454205] flags: 0x200000000000000(node=0|zone=2) [ 14.454382] page_type: f5(slab) [ 14.454520] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.455031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.455760] page dumped because: kasan: bad access detected [ 14.456316] [ 14.456488] Memory state around the buggy address: [ 14.456939] ffff888101bc1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.457384] ffff888101bc1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.457884] >ffff888101bc1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.458368] ^ [ 14.458696] ffff888101bc1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.459473] ffff888101bc1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.459985] ================================================================== [ 14.465650] ================================================================== [ 14.466166] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.466451] Free of addr ffff888103920001 by task kunit_try_catch/261 [ 14.466700] [ 14.466793] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.466841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.466853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.466876] Call Trace: [ 14.466890] <TASK> [ 14.466911] dump_stack_lvl+0x73/0xb0 [ 14.466945] print_report+0xd1/0x610 [ 14.466969] ? __virt_addr_valid+0x1db/0x2d0 [ 14.466995] ? kasan_addr_to_slab+0x11/0xa0 [ 14.467016] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467044] kasan_report_invalid_free+0x10a/0x130 [ 14.467069] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467098] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467123] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.467148] mempool_free+0x2ec/0x380 [ 14.467176] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467202] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.467227] ? update_load_avg+0x1be/0x21b0 [ 14.467252] ? dequeue_entities+0x27e/0x1740 [ 14.467279] ? finish_task_switch.isra.0+0x153/0x700 [ 14.467305] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.467331] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.467359] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.467382] ? __pfx_mempool_kfree+0x10/0x10 [ 14.467421] ? __pfx_read_tsc+0x10/0x10 [ 14.467444] ? ktime_get_ts64+0x86/0x230 [ 14.467470] kunit_try_run_case+0x1a5/0x480 [ 14.467496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.467546] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.467569] ? __kthread_parkme+0x82/0x180 [ 14.467591] ? preempt_count_sub+0x50/0x80 [ 14.467616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.467666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.467690] kthread+0x337/0x6f0 [ 14.467711] ? trace_preempt_on+0x20/0xc0 [ 14.467737] ? __pfx_kthread+0x10/0x10 [ 14.467759] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.467780] ? calculate_sigpending+0x7b/0xa0 [ 14.467805] ? __pfx_kthread+0x10/0x10 [ 14.467828] ret_from_fork+0x116/0x1d0 [ 14.467847] ? __pfx_kthread+0x10/0x10 [ 14.467868] ret_from_fork_asm+0x1a/0x30 [ 14.467900] </TASK> [ 14.467912] [ 14.477087] The buggy address belongs to the physical page: [ 14.477366] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103920 [ 14.477775] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.478176] flags: 0x200000000000040(head|node=0|zone=2) [ 14.478367] page_type: f8(unknown) [ 14.478509] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.478744] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.479050] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.479392] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.479995] head: 0200000000000002 ffffea00040e4801 00000000ffffffff 00000000ffffffff [ 14.480301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.480545] page dumped because: kasan: bad access detected [ 14.480940] [ 14.481040] Memory state around the buggy address: [ 14.481499] ffff88810391ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.481872] ffff88810391ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.482142] >ffff888103920000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.482548] ^ [ 14.482670] ffff888103920080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.482885] ffff888103920100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.483364] ==================================================================
[ 14.517632] ================================================================== [ 14.518232] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.518564] Free of addr ffff8881027bc601 by task kunit_try_catch/259 [ 14.518910] [ 14.519033] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.519082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.519095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.519118] Call Trace: [ 14.519131] <TASK> [ 14.519159] dump_stack_lvl+0x73/0xb0 [ 14.519190] print_report+0xd1/0x610 [ 14.519213] ? __virt_addr_valid+0x1db/0x2d0 [ 14.519238] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.519260] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519286] kasan_report_invalid_free+0x10a/0x130 [ 14.519311] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519338] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519362] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519386] check_slab_allocation+0x11f/0x130 [ 14.519408] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.519432] mempool_free+0x2ec/0x380 [ 14.519459] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519484] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.519509] ? update_curr+0x5c1/0x810 [ 14.519538] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.519561] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.519583] ? schedule+0x7c/0x2e0 [ 14.519606] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.519627] ? __pfx_mempool_kfree+0x10/0x10 [ 14.519651] ? __pfx_read_tsc+0x10/0x10 [ 14.519672] ? ktime_get_ts64+0x86/0x230 [ 14.519695] kunit_try_run_case+0x1a5/0x480 [ 14.519721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.519743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.519767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.519790] ? __kthread_parkme+0x82/0x180 [ 14.519810] ? preempt_count_sub+0x50/0x80 [ 14.519833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.520041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.520071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.520095] kthread+0x337/0x6f0 [ 14.520114] ? trace_preempt_on+0x20/0xc0 [ 14.520138] ? __pfx_kthread+0x10/0x10 [ 14.520174] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.520195] ? calculate_sigpending+0x7b/0xa0 [ 14.520218] ? __pfx_kthread+0x10/0x10 [ 14.520240] ret_from_fork+0x116/0x1d0 [ 14.520258] ? __pfx_kthread+0x10/0x10 [ 14.520279] ret_from_fork_asm+0x1a/0x30 [ 14.520309] </TASK> [ 14.520324] [ 14.530319] Allocated by task 259: [ 14.530475] kasan_save_stack+0x45/0x70 [ 14.530706] kasan_save_track+0x18/0x40 [ 14.530842] kasan_save_alloc_info+0x3b/0x50 [ 14.531155] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.531433] remove_element+0x11e/0x190 [ 14.531586] mempool_alloc_preallocated+0x4d/0x90 [ 14.531820] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.532262] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.532548] kunit_try_run_case+0x1a5/0x480 [ 14.532729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.533092] kthread+0x337/0x6f0 [ 14.533295] ret_from_fork+0x116/0x1d0 [ 14.533489] ret_from_fork_asm+0x1a/0x30 [ 14.533702] [ 14.533782] The buggy address belongs to the object at ffff8881027bc600 [ 14.533782] which belongs to the cache kmalloc-128 of size 128 [ 14.534556] The buggy address is located 1 bytes inside of [ 14.534556] 128-byte region [ffff8881027bc600, ffff8881027bc680) [ 14.534997] [ 14.535075] The buggy address belongs to the physical page: [ 14.535317] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 14.535862] flags: 0x200000000000000(node=0|zone=2) [ 14.536096] page_type: f5(slab) [ 14.536238] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.536539] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.536885] page dumped because: kasan: bad access detected [ 14.537462] [ 14.537569] Memory state around the buggy address: [ 14.537805] ffff8881027bc500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.538124] ffff8881027bc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.538644] >ffff8881027bc600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.538914] ^ [ 14.539083] ffff8881027bc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.539457] ffff8881027bc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.539679] ================================================================== [ 14.544030] ================================================================== [ 14.544794] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.545205] Free of addr ffff8881038c4001 by task kunit_try_catch/261 [ 14.545851] [ 14.545979] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.546029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.546042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.546065] Call Trace: [ 14.546079] <TASK> [ 14.546096] dump_stack_lvl+0x73/0xb0 [ 14.546129] print_report+0xd1/0x610 [ 14.546236] ? __virt_addr_valid+0x1db/0x2d0 [ 14.546262] ? kasan_addr_to_slab+0x11/0xa0 [ 14.546282] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.546308] kasan_report_invalid_free+0x10a/0x130 [ 14.546347] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.546375] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.546400] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.546424] mempool_free+0x2ec/0x380 [ 14.546451] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.546476] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.546501] ? update_load_avg+0x1be/0x21b0 [ 14.546527] ? irqentry_exit+0x2a/0x60 [ 14.546549] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.546576] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.546600] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.546627] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.546649] ? __pfx_mempool_kfree+0x10/0x10 [ 14.546673] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.546700] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.546725] kunit_try_run_case+0x1a5/0x480 [ 14.546751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.546774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.546798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.546822] ? __kthread_parkme+0x82/0x180 [ 14.546842] ? preempt_count_sub+0x50/0x80 [ 14.546907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.546931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.546955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.546978] kthread+0x337/0x6f0 [ 14.546997] ? trace_preempt_on+0x20/0xc0 [ 14.547022] ? __pfx_kthread+0x10/0x10 [ 14.547042] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.547063] ? calculate_sigpending+0x7b/0xa0 [ 14.547087] ? __pfx_kthread+0x10/0x10 [ 14.547108] ret_from_fork+0x116/0x1d0 [ 14.547126] ? __pfx_kthread+0x10/0x10 [ 14.547159] ret_from_fork_asm+0x1a/0x30 [ 14.547188] </TASK> [ 14.547199] [ 14.557281] The buggy address belongs to the physical page: [ 14.557553] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038c4 [ 14.557829] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.558055] flags: 0x200000000000040(head|node=0|zone=2) [ 14.558304] page_type: f8(unknown) [ 14.558683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.559171] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.559729] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.560164] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.560581] head: 0200000000000002 ffffea00040e3101 00000000ffffffff 00000000ffffffff [ 14.560980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.561247] page dumped because: kasan: bad access detected [ 14.561447] [ 14.561542] Memory state around the buggy address: [ 14.561793] ffff8881038c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.562264] ffff8881038c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.562762] >ffff8881038c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.563013] ^ [ 14.563198] ffff8881038c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.563772] ffff8881038c4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.564137] ==================================================================