Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.155089] ================================================================== [ 19.155166] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.155232] Free of addr fff00000c78e9801 by task kunit_try_catch/241 [ 19.155286] [ 19.155394] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.155511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.155558] Hardware name: linux,dummy-virt (DT) [ 19.155591] Call trace: [ 19.155615] show_stack+0x20/0x38 (C) [ 19.155686] dump_stack_lvl+0x8c/0xd0 [ 19.155736] print_report+0x118/0x5d0 [ 19.155786] kasan_report_invalid_free+0xc0/0xe8 [ 19.156042] check_slab_allocation+0xfc/0x108 [ 19.156155] __kasan_mempool_poison_object+0x78/0x150 [ 19.156360] mempool_free+0x28c/0x328 [ 19.156447] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.156586] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.156721] kunit_try_run_case+0x170/0x3f0 [ 19.156792] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.157120] kthread+0x328/0x630 [ 19.157178] ret_from_fork+0x10/0x20 [ 19.157499] [ 19.157642] Allocated by task 241: [ 19.157773] kasan_save_stack+0x3c/0x68 [ 19.157823] kasan_save_track+0x20/0x40 [ 19.157871] kasan_save_alloc_info+0x40/0x58 [ 19.157913] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.157965] remove_element+0x130/0x1f8 [ 19.158002] mempool_alloc_preallocated+0x58/0xc0 [ 19.158039] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.158081] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.158121] kunit_try_run_case+0x170/0x3f0 [ 19.158159] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.158211] kthread+0x328/0x630 [ 19.158264] ret_from_fork+0x10/0x20 [ 19.158306] [ 19.158351] The buggy address belongs to the object at fff00000c78e9800 [ 19.158351] which belongs to the cache kmalloc-128 of size 128 [ 19.158416] The buggy address is located 1 bytes inside of [ 19.158416] 128-byte region [fff00000c78e9800, fff00000c78e9880) [ 19.158487] [ 19.158508] The buggy address belongs to the physical page: [ 19.158541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 19.158614] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.158669] page_type: f5(slab) [ 19.158723] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.158797] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.158855] page dumped because: kasan: bad access detected [ 19.158889] [ 19.158907] Memory state around the buggy address: [ 19.158939] fff00000c78e9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.158984] fff00000c78e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.159028] >fff00000c78e9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.159067] ^ [ 19.159095] fff00000c78e9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.159464] fff00000c78e9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.159649] ================================================================== [ 19.170319] ================================================================== [ 19.170422] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.170496] Free of addr fff00000c7a04001 by task kunit_try_catch/243 [ 19.170551] [ 19.170593] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.170676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.170704] Hardware name: linux,dummy-virt (DT) [ 19.170737] Call trace: [ 19.170760] show_stack+0x20/0x38 (C) [ 19.170811] dump_stack_lvl+0x8c/0xd0 [ 19.170876] print_report+0x118/0x5d0 [ 19.170924] kasan_report_invalid_free+0xc0/0xe8 [ 19.170974] __kasan_mempool_poison_object+0xfc/0x150 [ 19.171199] mempool_free+0x28c/0x328 [ 19.171262] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.171358] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.171410] kunit_try_run_case+0x170/0x3f0 [ 19.171585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.171733] kthread+0x328/0x630 [ 19.171888] ret_from_fork+0x10/0x20 [ 19.172020] [ 19.172051] The buggy address belongs to the physical page: [ 19.172088] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a04 [ 19.172145] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.172193] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.172319] page_type: f8(unknown) [ 19.172365] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.172416] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.172741] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.172952] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.173070] head: 0bfffe0000000002 ffffc1ffc31e8101 00000000ffffffff 00000000ffffffff [ 19.173208] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.173250] page dumped because: kasan: bad access detected [ 19.173482] [ 19.173685] Memory state around the buggy address: [ 19.173723] fff00000c7a03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.174030] fff00000c7a03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.174120] >fff00000c7a04000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.174235] ^ [ 19.174296] fff00000c7a04080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.174589] fff00000c7a04100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.174665] ==================================================================
[ 18.821432] ================================================================== [ 18.821578] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.821642] Free of addr fff00000c7a74001 by task kunit_try_catch/243 [ 18.821836] [ 18.821875] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.821957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.821984] Hardware name: linux,dummy-virt (DT) [ 18.822042] Call trace: [ 18.822175] show_stack+0x20/0x38 (C) [ 18.822301] dump_stack_lvl+0x8c/0xd0 [ 18.822443] print_report+0x118/0x5d0 [ 18.822491] kasan_report_invalid_free+0xc0/0xe8 [ 18.822541] __kasan_mempool_poison_object+0xfc/0x150 [ 18.822594] mempool_free+0x28c/0x328 [ 18.822842] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.822898] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.822950] kunit_try_run_case+0x170/0x3f0 [ 18.822997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.823060] kthread+0x328/0x630 [ 18.823183] ret_from_fork+0x10/0x20 [ 18.823232] [ 18.823252] The buggy address belongs to the physical page: [ 18.823286] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a74 [ 18.823350] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.823594] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.823712] page_type: f8(unknown) [ 18.823858] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.824024] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.824098] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.824159] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.824483] head: 0bfffe0000000002 ffffc1ffc31e9d01 00000000ffffffff 00000000ffffffff [ 18.824573] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.824672] page dumped because: kasan: bad access detected [ 18.824704] [ 18.824753] Memory state around the buggy address: [ 18.824931] fff00000c7a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.824975] fff00000c7a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.825161] >fff00000c7a74000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.825200] ^ [ 18.825228] fff00000c7a74080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.826654] fff00000c7a74100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.826816] ================================================================== [ 18.809210] ================================================================== [ 18.809290] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.809495] Free of addr fff00000c7a4e901 by task kunit_try_catch/241 [ 18.809538] [ 18.809577] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.809687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.809714] Hardware name: linux,dummy-virt (DT) [ 18.809746] Call trace: [ 18.809770] show_stack+0x20/0x38 (C) [ 18.809822] dump_stack_lvl+0x8c/0xd0 [ 18.809891] print_report+0x118/0x5d0 [ 18.809967] kasan_report_invalid_free+0xc0/0xe8 [ 18.810128] check_slab_allocation+0xfc/0x108 [ 18.810189] __kasan_mempool_poison_object+0x78/0x150 [ 18.810240] mempool_free+0x28c/0x328 [ 18.810287] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.810348] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.810398] kunit_try_run_case+0x170/0x3f0 [ 18.810447] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.810500] kthread+0x328/0x630 [ 18.810545] ret_from_fork+0x10/0x20 [ 18.810595] [ 18.810613] Allocated by task 241: [ 18.810643] kasan_save_stack+0x3c/0x68 [ 18.810695] kasan_save_track+0x20/0x40 [ 18.810734] kasan_save_alloc_info+0x40/0x58 [ 18.810772] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.810836] remove_element+0x130/0x1f8 [ 18.810884] mempool_alloc_preallocated+0x58/0xc0 [ 18.810923] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.810966] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.811008] kunit_try_run_case+0x170/0x3f0 [ 18.811044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.811115] kthread+0x328/0x630 [ 18.811148] ret_from_fork+0x10/0x20 [ 18.811184] [ 18.811203] The buggy address belongs to the object at fff00000c7a4e900 [ 18.811203] which belongs to the cache kmalloc-128 of size 128 [ 18.811262] The buggy address is located 1 bytes inside of [ 18.811262] 128-byte region [fff00000c7a4e900, fff00000c7a4e980) [ 18.811331] [ 18.811353] The buggy address belongs to the physical page: [ 18.811383] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 18.811437] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.811487] page_type: f5(slab) [ 18.811529] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.811579] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.811619] page dumped because: kasan: bad access detected [ 18.811662] [ 18.811681] Memory state around the buggy address: [ 18.811714] fff00000c7a4e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.811776] fff00000c7a4e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.811819] >fff00000c7a4e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.811858] ^ [ 18.811884] fff00000c7a4e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.811953] fff00000c7a4ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.812026] ==================================================================
[ 18.709462] ================================================================== [ 18.709803] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.709872] Free of addr fff00000c7804001 by task kunit_try_catch/243 [ 18.709948] [ 18.709983] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.710063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.710090] Hardware name: linux,dummy-virt (DT) [ 18.710123] Call trace: [ 18.710169] show_stack+0x20/0x38 (C) [ 18.710256] dump_stack_lvl+0x8c/0xd0 [ 18.710312] print_report+0x118/0x5d0 [ 18.710371] kasan_report_invalid_free+0xc0/0xe8 [ 18.710447] __kasan_mempool_poison_object+0xfc/0x150 [ 18.710527] mempool_free+0x28c/0x328 [ 18.710587] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.710641] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.710693] kunit_try_run_case+0x170/0x3f0 [ 18.710885] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.711226] kthread+0x328/0x630 [ 18.711340] ret_from_fork+0x10/0x20 [ 18.711503] [ 18.711572] The buggy address belongs to the physical page: [ 18.711662] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107804 [ 18.711756] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.711811] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.711863] page_type: f8(unknown) [ 18.711914] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.711963] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.712013] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.712063] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.712483] head: 0bfffe0000000002 ffffc1ffc31e0101 00000000ffffffff 00000000ffffffff [ 18.712659] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.712793] page dumped because: kasan: bad access detected [ 18.712825] [ 18.712843] Memory state around the buggy address: [ 18.712912] fff00000c7803f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.712954] fff00000c7803f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.712997] >fff00000c7804000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.713226] ^ [ 18.713332] fff00000c7804080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.713494] fff00000c7804100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.713590] ================================================================== [ 18.697692] ================================================================== [ 18.697807] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.697881] Free of addr fff00000c7716701 by task kunit_try_catch/241 [ 18.697939] [ 18.698005] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.698086] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.698114] Hardware name: linux,dummy-virt (DT) [ 18.698144] Call trace: [ 18.698167] show_stack+0x20/0x38 (C) [ 18.698225] dump_stack_lvl+0x8c/0xd0 [ 18.698272] print_report+0x118/0x5d0 [ 18.698319] kasan_report_invalid_free+0xc0/0xe8 [ 18.698370] check_slab_allocation+0xfc/0x108 [ 18.698417] __kasan_mempool_poison_object+0x78/0x150 [ 18.698469] mempool_free+0x28c/0x328 [ 18.698522] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.698583] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.698633] kunit_try_run_case+0x170/0x3f0 [ 18.698681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.698947] kthread+0x328/0x630 [ 18.699007] ret_from_fork+0x10/0x20 [ 18.699222] [ 18.699249] Allocated by task 241: [ 18.699281] kasan_save_stack+0x3c/0x68 [ 18.699373] kasan_save_track+0x20/0x40 [ 18.699413] kasan_save_alloc_info+0x40/0x58 [ 18.699452] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.699495] remove_element+0x130/0x1f8 [ 18.699532] mempool_alloc_preallocated+0x58/0xc0 [ 18.699689] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.699801] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.699865] kunit_try_run_case+0x170/0x3f0 [ 18.699947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.700025] kthread+0x328/0x630 [ 18.700099] ret_from_fork+0x10/0x20 [ 18.700135] [ 18.700157] The buggy address belongs to the object at fff00000c7716700 [ 18.700157] which belongs to the cache kmalloc-128 of size 128 [ 18.700240] The buggy address is located 1 bytes inside of [ 18.700240] 128-byte region [fff00000c7716700, fff00000c7716780) [ 18.700299] [ 18.700450] The buggy address belongs to the physical page: [ 18.700531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 18.700638] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.700773] page_type: f5(slab) [ 18.700887] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.700938] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.700999] page dumped because: kasan: bad access detected [ 18.701292] [ 18.701375] Memory state around the buggy address: [ 18.701467] fff00000c7716600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.701552] fff00000c7716680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.701605] >fff00000c7716700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.701644] ^ [ 18.701945] fff00000c7716780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.702071] fff00000c7716800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.702178] ==================================================================
[ 13.924785] ================================================================== [ 13.925414] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.925873] Free of addr ffff888102988f01 by task kunit_try_catch/258 [ 13.926174] [ 13.926304] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.926351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.926363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.926396] Call Trace: [ 13.926407] <TASK> [ 13.926423] dump_stack_lvl+0x73/0xb0 [ 13.926453] print_report+0xd1/0x610 [ 13.926488] ? __virt_addr_valid+0x1db/0x2d0 [ 13.926513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.926536] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.926563] kasan_report_invalid_free+0x10a/0x130 [ 13.926629] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.926659] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.926713] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.926740] check_slab_allocation+0x11f/0x130 [ 13.926778] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.926804] mempool_free+0x2ec/0x380 [ 13.926831] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.926858] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.926885] ? kasan_save_track+0x18/0x40 [ 13.926915] ? kasan_save_alloc_info+0x3b/0x50 [ 13.926938] ? kasan_save_stack+0x45/0x70 [ 13.926972] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.927008] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.927046] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.927069] ? __pfx_mempool_kfree+0x10/0x10 [ 13.927095] ? __pfx_read_tsc+0x10/0x10 [ 13.927116] ? ktime_get_ts64+0x86/0x230 [ 13.927142] kunit_try_run_case+0x1a5/0x480 [ 13.927168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.927191] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.927217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.927241] ? __kthread_parkme+0x82/0x180 [ 13.927262] ? preempt_count_sub+0x50/0x80 [ 13.927286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.927311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.927334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.927359] kthread+0x337/0x6f0 [ 13.927378] ? trace_preempt_on+0x20/0xc0 [ 13.927402] ? __pfx_kthread+0x10/0x10 [ 13.927423] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.927444] ? calculate_sigpending+0x7b/0xa0 [ 13.927469] ? __pfx_kthread+0x10/0x10 [ 13.927490] ret_from_fork+0x116/0x1d0 [ 13.927508] ? __pfx_kthread+0x10/0x10 [ 13.927560] ret_from_fork_asm+0x1a/0x30 [ 13.927598] </TASK> [ 13.927609] [ 13.938218] Allocated by task 258: [ 13.938473] kasan_save_stack+0x45/0x70 [ 13.938839] kasan_save_track+0x18/0x40 [ 13.939007] kasan_save_alloc_info+0x3b/0x50 [ 13.939258] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.939491] remove_element+0x11e/0x190 [ 13.939793] mempool_alloc_preallocated+0x4d/0x90 [ 13.940089] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.940278] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.940581] kunit_try_run_case+0x1a5/0x480 [ 13.940797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.941062] kthread+0x337/0x6f0 [ 13.941218] ret_from_fork+0x116/0x1d0 [ 13.941429] ret_from_fork_asm+0x1a/0x30 [ 13.941786] [ 13.941902] The buggy address belongs to the object at ffff888102988f00 [ 13.941902] which belongs to the cache kmalloc-128 of size 128 [ 13.942511] The buggy address is located 1 bytes inside of [ 13.942511] 128-byte region [ffff888102988f00, ffff888102988f80) [ 13.943092] [ 13.943183] The buggy address belongs to the physical page: [ 13.943444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102988 [ 13.943925] flags: 0x200000000000000(node=0|zone=2) [ 13.944194] page_type: f5(slab) [ 13.944315] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.944545] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 13.944774] page dumped because: kasan: bad access detected [ 13.945132] [ 13.945291] Memory state around the buggy address: [ 13.945518] ffff888102988e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.945880] ffff888102988e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.946354] >ffff888102988f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.946963] ^ [ 13.947108] ffff888102988f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.947420] ffff888102989000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.947636] ================================================================== [ 13.951385] ================================================================== [ 13.952046] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.952409] Free of addr ffff8881039fc001 by task kunit_try_catch/260 [ 13.952703] [ 13.952819] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.952865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.952937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.952973] Call Trace: [ 13.952985] <TASK> [ 13.953001] dump_stack_lvl+0x73/0xb0 [ 13.953031] print_report+0xd1/0x610 [ 13.953054] ? __virt_addr_valid+0x1db/0x2d0 [ 13.953078] ? kasan_addr_to_slab+0x11/0xa0 [ 13.953108] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.953136] kasan_report_invalid_free+0x10a/0x130 [ 13.953161] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.953200] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.953226] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.953251] mempool_free+0x2ec/0x380 [ 13.953278] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.953313] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.953344] ? finish_task_switch.isra.0+0x153/0x700 [ 13.953373] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.953409] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.953438] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.953461] ? __pfx_mempool_kfree+0x10/0x10 [ 13.953486] ? __pfx_read_tsc+0x10/0x10 [ 13.953507] ? ktime_get_ts64+0x86/0x230 [ 13.953568] kunit_try_run_case+0x1a5/0x480 [ 13.953596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.953618] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.953643] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.953667] ? __kthread_parkme+0x82/0x180 [ 13.953699] ? preempt_count_sub+0x50/0x80 [ 13.953723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.953759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.953782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.953807] kthread+0x337/0x6f0 [ 13.953826] ? trace_preempt_on+0x20/0xc0 [ 13.953850] ? __pfx_kthread+0x10/0x10 [ 13.953871] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.953901] ? calculate_sigpending+0x7b/0xa0 [ 13.953926] ? __pfx_kthread+0x10/0x10 [ 13.953947] ret_from_fork+0x116/0x1d0 [ 13.953966] ? __pfx_kthread+0x10/0x10 [ 13.953987] ret_from_fork_asm+0x1a/0x30 [ 13.954019] </TASK> [ 13.954029] [ 13.963340] The buggy address belongs to the physical page: [ 13.963638] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039fc [ 13.964184] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.964528] flags: 0x200000000000040(head|node=0|zone=2) [ 13.964807] page_type: f8(unknown) [ 13.964982] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.965218] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.965450] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.966031] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.966772] head: 0200000000000002 ffffea00040e7f01 00000000ffffffff 00000000ffffffff [ 13.967157] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.967392] page dumped because: kasan: bad access detected [ 13.967684] [ 13.967779] Memory state around the buggy address: [ 13.968207] ffff8881039fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.968636] ffff8881039fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.968949] >ffff8881039fc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.969374] ^ [ 13.969598] ffff8881039fc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.969916] ffff8881039fc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.970290] ==================================================================
[ 13.819286] ================================================================== [ 13.820131] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.820498] Free of addr ffff888102bf8001 by task kunit_try_catch/261 [ 13.820739] [ 13.820844] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.820891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.820903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.820924] Call Trace: [ 13.820937] <TASK> [ 13.820955] dump_stack_lvl+0x73/0xb0 [ 13.820983] print_report+0xd1/0x610 [ 13.821005] ? __virt_addr_valid+0x1db/0x2d0 [ 13.821029] ? kasan_addr_to_slab+0x11/0xa0 [ 13.821050] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.821077] kasan_report_invalid_free+0x10a/0x130 [ 13.821102] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.821136] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.821160] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.821185] mempool_free+0x2ec/0x380 [ 13.821213] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.821238] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.821266] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.821287] ? finish_task_switch.isra.0+0x153/0x700 [ 13.821314] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.821339] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.821367] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.821389] ? __pfx_mempool_kfree+0x10/0x10 [ 13.821414] ? __pfx_read_tsc+0x10/0x10 [ 13.821768] ? ktime_get_ts64+0x86/0x230 [ 13.821810] kunit_try_run_case+0x1a5/0x480 [ 13.822069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.822101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.822129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.822152] ? __kthread_parkme+0x82/0x180 [ 13.822173] ? preempt_count_sub+0x50/0x80 [ 13.822196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.822220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.822244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.822268] kthread+0x337/0x6f0 [ 13.822287] ? trace_preempt_on+0x20/0xc0 [ 13.822311] ? __pfx_kthread+0x10/0x10 [ 13.822331] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.822352] ? calculate_sigpending+0x7b/0xa0 [ 13.822376] ? __pfx_kthread+0x10/0x10 [ 13.822397] ret_from_fork+0x116/0x1d0 [ 13.822416] ? __pfx_kthread+0x10/0x10 [ 13.822449] ret_from_fork_asm+0x1a/0x30 [ 13.822482] </TASK> [ 13.822492] [ 13.837254] The buggy address belongs to the physical page: [ 13.837842] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bf8 [ 13.838454] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.839067] flags: 0x200000000000040(head|node=0|zone=2) [ 13.839547] page_type: f8(unknown) [ 13.839971] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.840300] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.840999] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.841415] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.841988] head: 0200000000000002 ffffea00040afe01 00000000ffffffff 00000000ffffffff [ 13.842557] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.842876] page dumped because: kasan: bad access detected [ 13.843109] [ 13.843196] Memory state around the buggy address: [ 13.843407] ffff888102bf7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.843637] ffff888102bf7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.843968] >ffff888102bf8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.844360] ^ [ 13.844554] ffff888102bf8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.844782] ffff888102bf8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.845092] ================================================================== [ 13.784320] ================================================================== [ 13.784949] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.785229] Free of addr ffff8881026ef901 by task kunit_try_catch/259 [ 13.785450] [ 13.785542] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.785588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.785600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.785623] Call Trace: [ 13.785635] <TASK> [ 13.785653] dump_stack_lvl+0x73/0xb0 [ 13.785683] print_report+0xd1/0x610 [ 13.785706] ? __virt_addr_valid+0x1db/0x2d0 [ 13.785733] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.785756] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.785785] kasan_report_invalid_free+0x10a/0x130 [ 13.785813] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.785841] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.785866] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.785891] check_slab_allocation+0x11f/0x130 [ 13.785912] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.785937] mempool_free+0x2ec/0x380 [ 13.785964] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.785990] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.786021] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.786042] ? finish_task_switch.isra.0+0x153/0x700 [ 13.786069] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.786093] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.786120] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.786141] ? __pfx_mempool_kfree+0x10/0x10 [ 13.786166] ? __pfx_read_tsc+0x10/0x10 [ 13.786187] ? ktime_get_ts64+0x86/0x230 [ 13.786211] kunit_try_run_case+0x1a5/0x480 [ 13.786236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.786258] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.786282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.786305] ? __kthread_parkme+0x82/0x180 [ 13.786326] ? preempt_count_sub+0x50/0x80 [ 13.786349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.786373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.786397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.786420] kthread+0x337/0x6f0 [ 13.786473] ? trace_preempt_on+0x20/0xc0 [ 13.786497] ? __pfx_kthread+0x10/0x10 [ 13.786533] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.786555] ? calculate_sigpending+0x7b/0xa0 [ 13.786579] ? __pfx_kthread+0x10/0x10 [ 13.786600] ret_from_fork+0x116/0x1d0 [ 13.786618] ? __pfx_kthread+0x10/0x10 [ 13.786638] ret_from_fork_asm+0x1a/0x30 [ 13.786671] </TASK> [ 13.786681] [ 13.800420] Allocated by task 259: [ 13.800735] kasan_save_stack+0x45/0x70 [ 13.801675] kasan_save_track+0x18/0x40 [ 13.802066] kasan_save_alloc_info+0x3b/0x50 [ 13.802554] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.803064] remove_element+0x11e/0x190 [ 13.803697] mempool_alloc_preallocated+0x4d/0x90 [ 13.804168] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.804789] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.805259] kunit_try_run_case+0x1a5/0x480 [ 13.805731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.805917] kthread+0x337/0x6f0 [ 13.806038] ret_from_fork+0x116/0x1d0 [ 13.806172] ret_from_fork_asm+0x1a/0x30 [ 13.806314] [ 13.806387] The buggy address belongs to the object at ffff8881026ef900 [ 13.806387] which belongs to the cache kmalloc-128 of size 128 [ 13.807866] The buggy address is located 1 bytes inside of [ 13.807866] 128-byte region [ffff8881026ef900, ffff8881026ef980) [ 13.809039] [ 13.809248] The buggy address belongs to the physical page: [ 13.809868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ef [ 13.810386] flags: 0x200000000000000(node=0|zone=2) [ 13.810986] page_type: f5(slab) [ 13.811193] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.811900] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.812138] page dumped because: kasan: bad access detected [ 13.812311] [ 13.812379] Memory state around the buggy address: [ 13.812965] ffff8881026ef800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.813728] ffff8881026ef880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.814380] >ffff8881026ef900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.815118] ^ [ 13.815452] ffff8881026ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.815976] ffff8881026efa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.816190] ==================================================================
[ 14.032464] ================================================================== [ 14.033645] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.033932] Free of addr ffff8881029c5401 by task kunit_try_catch/258 [ 14.035255] [ 14.035802] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.035880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.035893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.035918] Call Trace: [ 14.035934] <TASK> [ 14.035957] dump_stack_lvl+0x73/0xb0 [ 14.036053] print_report+0xd1/0x610 [ 14.036083] ? __virt_addr_valid+0x1db/0x2d0 [ 14.036108] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.036132] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.036159] kasan_report_invalid_free+0x10a/0x130 [ 14.036184] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.036254] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.036280] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.036304] check_slab_allocation+0x11f/0x130 [ 14.036326] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.036351] mempool_free+0x2ec/0x380 [ 14.036380] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.036426] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.036458] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.036480] ? finish_task_switch.isra.0+0x153/0x700 [ 14.036506] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.036530] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.036557] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.036579] ? __pfx_mempool_kfree+0x10/0x10 [ 14.036604] ? __pfx_read_tsc+0x10/0x10 [ 14.036625] ? ktime_get_ts64+0x86/0x230 [ 14.036649] kunit_try_run_case+0x1a5/0x480 [ 14.036674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.036696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.036721] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.036745] ? __kthread_parkme+0x82/0x180 [ 14.036766] ? preempt_count_sub+0x50/0x80 [ 14.036789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.036812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.036836] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.036866] kthread+0x337/0x6f0 [ 14.036885] ? trace_preempt_on+0x20/0xc0 [ 14.036907] ? __pfx_kthread+0x10/0x10 [ 14.036927] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.036949] ? calculate_sigpending+0x7b/0xa0 [ 14.036973] ? __pfx_kthread+0x10/0x10 [ 14.037019] ret_from_fork+0x116/0x1d0 [ 14.037039] ? __pfx_kthread+0x10/0x10 [ 14.037059] ret_from_fork_asm+0x1a/0x30 [ 14.037090] </TASK> [ 14.037100] [ 14.054385] Allocated by task 258: [ 14.054648] kasan_save_stack+0x45/0x70 [ 14.055366] kasan_save_track+0x18/0x40 [ 14.055638] kasan_save_alloc_info+0x3b/0x50 [ 14.055995] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.056489] remove_element+0x11e/0x190 [ 14.056641] mempool_alloc_preallocated+0x4d/0x90 [ 14.056800] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.056995] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.057581] kunit_try_run_case+0x1a5/0x480 [ 14.058387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.058970] kthread+0x337/0x6f0 [ 14.059335] ret_from_fork+0x116/0x1d0 [ 14.059822] ret_from_fork_asm+0x1a/0x30 [ 14.060295] [ 14.060511] The buggy address belongs to the object at ffff8881029c5400 [ 14.060511] which belongs to the cache kmalloc-128 of size 128 [ 14.061122] The buggy address is located 1 bytes inside of [ 14.061122] 128-byte region [ffff8881029c5400, ffff8881029c5480) [ 14.062379] [ 14.062678] The buggy address belongs to the physical page: [ 14.063026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 14.063278] flags: 0x200000000000000(node=0|zone=2) [ 14.063923] page_type: f5(slab) [ 14.064342] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.065481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.066196] page dumped because: kasan: bad access detected [ 14.066836] [ 14.066911] Memory state around the buggy address: [ 14.067239] ffff8881029c5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.067930] ffff8881029c5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.068683] >ffff8881029c5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.068917] ^ [ 14.069187] ffff8881029c5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.069922] ffff8881029c5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.070776] ================================================================== [ 14.075868] ================================================================== [ 14.076892] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.077560] Free of addr ffff8881039c4001 by task kunit_try_catch/260 [ 14.077802] [ 14.077995] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.078056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.078068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.078091] Call Trace: [ 14.078106] <TASK> [ 14.078127] dump_stack_lvl+0x73/0xb0 [ 14.078161] print_report+0xd1/0x610 [ 14.078231] ? __virt_addr_valid+0x1db/0x2d0 [ 14.078256] ? kasan_addr_to_slab+0x11/0xa0 [ 14.078320] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.078351] kasan_report_invalid_free+0x10a/0x130 [ 14.078375] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.078404] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.078430] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.078455] mempool_free+0x2ec/0x380 [ 14.078482] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.078508] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.078533] ? update_load_avg+0x1be/0x21b0 [ 14.078556] ? update_load_avg+0x1be/0x21b0 [ 14.078577] ? update_curr+0x80/0x810 [ 14.078596] ? enqueue_entity+0x215/0x1080 [ 14.078620] ? finish_task_switch.isra.0+0x153/0x700 [ 14.078646] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.078671] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.078700] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.078722] ? __pfx_mempool_kfree+0x10/0x10 [ 14.078746] ? __pfx_read_tsc+0x10/0x10 [ 14.078768] ? ktime_get_ts64+0x86/0x230 [ 14.078791] kunit_try_run_case+0x1a5/0x480 [ 14.078817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.078839] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.078864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.078888] ? __kthread_parkme+0x82/0x180 [ 14.078909] ? preempt_count_sub+0x50/0x80 [ 14.078932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.078955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.078979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.079003] kthread+0x337/0x6f0 [ 14.079379] ? trace_preempt_on+0x20/0xc0 [ 14.079406] ? __pfx_kthread+0x10/0x10 [ 14.079426] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.079450] ? calculate_sigpending+0x7b/0xa0 [ 14.079474] ? __pfx_kthread+0x10/0x10 [ 14.079495] ret_from_fork+0x116/0x1d0 [ 14.079514] ? __pfx_kthread+0x10/0x10 [ 14.079535] ret_from_fork_asm+0x1a/0x30 [ 14.079567] </TASK> [ 14.079579] [ 14.097534] The buggy address belongs to the physical page: [ 14.097954] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c4 [ 14.098567] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.099356] flags: 0x200000000000040(head|node=0|zone=2) [ 14.099729] page_type: f8(unknown) [ 14.099861] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.100239] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.101127] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.102262] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.102936] head: 0200000000000002 ffffea00040e7101 00000000ffffffff 00000000ffffffff [ 14.103594] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.104319] page dumped because: kasan: bad access detected [ 14.104716] [ 14.104791] Memory state around the buggy address: [ 14.104960] ffff8881039c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.105860] ffff8881039c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.106749] >ffff8881039c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.107699] ^ [ 14.107824] ffff8881039c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.108072] ffff8881039c4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.108796] ==================================================================