Date
July 5, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.772937] ================================================================== [ 21.773111] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.773239] Free of addr fff00000c7938e01 by task kunit_try_catch/242 [ 21.773398] [ 21.773464] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.773718] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.773809] Hardware name: linux,dummy-virt (DT) [ 21.773910] Call trace: [ 21.773976] show_stack+0x20/0x38 (C) [ 21.774114] dump_stack_lvl+0x8c/0xd0 [ 21.774215] print_report+0x118/0x608 [ 21.774328] kasan_report_invalid_free+0xc0/0xe8 [ 21.775036] check_slab_allocation+0xfc/0x108 [ 21.775194] __kasan_mempool_poison_object+0x78/0x150 [ 21.775298] mempool_free+0x28c/0x328 [ 21.775658] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.775930] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.776185] kunit_try_run_case+0x170/0x3f0 [ 21.776609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.776868] kthread+0x328/0x630 [ 21.777037] ret_from_fork+0x10/0x20 [ 21.777151] [ 21.777488] Allocated by task 242: [ 21.777631] kasan_save_stack+0x3c/0x68 [ 21.777739] kasan_save_track+0x20/0x40 [ 21.777819] kasan_save_alloc_info+0x40/0x58 [ 21.777905] __kasan_mempool_unpoison_object+0x11c/0x180 [ 21.777999] remove_element+0x130/0x1f8 [ 21.778079] mempool_alloc_preallocated+0x58/0xc0 [ 21.778162] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 21.778256] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.778343] kunit_try_run_case+0x170/0x3f0 [ 21.778430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.778539] kthread+0x328/0x630 [ 21.778617] ret_from_fork+0x10/0x20 [ 21.778695] [ 21.778742] The buggy address belongs to the object at fff00000c7938e00 [ 21.778742] which belongs to the cache kmalloc-128 of size 128 [ 21.778880] The buggy address is located 1 bytes inside of [ 21.778880] 128-byte region [fff00000c7938e00, fff00000c7938e80) [ 21.779015] [ 21.779058] The buggy address belongs to the physical page: [ 21.779125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107938 [ 21.779221] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.780020] page_type: f5(slab) [ 21.780197] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.780325] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.780436] page dumped because: kasan: bad access detected [ 21.780504] [ 21.780541] Memory state around the buggy address: [ 21.780612] fff00000c7938d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.780700] fff00000c7938d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.780792] >fff00000c7938e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.781026] ^ [ 21.781105] fff00000c7938e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.781207] fff00000c7938f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.781298] ================================================================== [ 21.793040] ================================================================== [ 21.793312] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.793561] Free of addr fff00000c79b0001 by task kunit_try_catch/244 [ 21.793674] [ 21.793741] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.793910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.793965] Hardware name: linux,dummy-virt (DT) [ 21.794216] Call trace: [ 21.794991] show_stack+0x20/0x38 (C) [ 21.795249] dump_stack_lvl+0x8c/0xd0 [ 21.795440] print_report+0x118/0x608 [ 21.795546] kasan_report_invalid_free+0xc0/0xe8 [ 21.795654] __kasan_mempool_poison_object+0xfc/0x150 [ 21.795782] mempool_free+0x28c/0x328 [ 21.795891] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.796013] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 21.796131] kunit_try_run_case+0x170/0x3f0 [ 21.796236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.796370] kthread+0x328/0x630 [ 21.796470] ret_from_fork+0x10/0x20 [ 21.796574] [ 21.796622] The buggy address belongs to the physical page: [ 21.796689] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079b0 [ 21.796812] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.796921] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.797034] page_type: f8(unknown) [ 21.797118] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.797233] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.797348] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.798314] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.798558] head: 0bfffe0000000002 ffffc1ffc31e6c01 00000000ffffffff 00000000ffffffff [ 21.798749] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.798854] page dumped because: kasan: bad access detected [ 21.799126] [ 21.799171] Memory state around the buggy address: [ 21.799261] fff00000c79aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.799461] fff00000c79aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.799638] >fff00000c79b0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.799733] ^ [ 21.799804] fff00000c79b0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.799885] fff00000c79b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.800180] ==================================================================
[ 15.572269] ================================================================== [ 15.573171] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.573516] Free of addr ffff8881039f8001 by task kunit_try_catch/261 [ 15.574492] [ 15.574953] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.575018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.575178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.575213] Call Trace: [ 15.575230] <TASK> [ 15.575254] dump_stack_lvl+0x73/0xb0 [ 15.575293] print_report+0xd1/0x650 [ 15.575321] ? __virt_addr_valid+0x1db/0x2d0 [ 15.575351] ? kasan_addr_to_slab+0x11/0xa0 [ 15.575375] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.575407] kasan_report_invalid_free+0x10a/0x130 [ 15.575436] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.575468] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.575498] __kasan_mempool_poison_object+0x102/0x1d0 [ 15.575526] mempool_free+0x2ec/0x380 [ 15.575554] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.575584] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.575613] ? update_load_avg+0x1be/0x21b0 [ 15.575641] ? update_load_avg+0x1be/0x21b0 [ 15.575680] ? update_curr+0x80/0x810 [ 15.575706] ? finish_task_switch.isra.0+0x153/0x700 [ 15.575736] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 15.575810] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 15.575846] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.575873] ? __pfx_mempool_kfree+0x10/0x10 [ 15.575902] ? __pfx_read_tsc+0x10/0x10 [ 15.575927] ? ktime_get_ts64+0x86/0x230 [ 15.575957] kunit_try_run_case+0x1a5/0x480 [ 15.575988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.576014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.576042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.576071] ? __kthread_parkme+0x82/0x180 [ 15.576095] ? preempt_count_sub+0x50/0x80 [ 15.576122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.576150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.576177] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.576204] kthread+0x337/0x6f0 [ 15.576228] ? trace_preempt_on+0x20/0xc0 [ 15.576257] ? __pfx_kthread+0x10/0x10 [ 15.576281] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.576307] ? calculate_sigpending+0x7b/0xa0 [ 15.576336] ? __pfx_kthread+0x10/0x10 [ 15.576361] ret_from_fork+0x116/0x1d0 [ 15.576383] ? __pfx_kthread+0x10/0x10 [ 15.576407] ret_from_fork_asm+0x1a/0x30 [ 15.576443] </TASK> [ 15.576458] [ 15.594720] The buggy address belongs to the physical page: [ 15.595288] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f8 [ 15.595894] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.596500] flags: 0x200000000000040(head|node=0|zone=2) [ 15.596822] page_type: f8(unknown) [ 15.597096] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.597605] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.598119] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.598499] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.599225] head: 0200000000000002 ffffea00040e7e01 00000000ffffffff 00000000ffffffff [ 15.599608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.600068] page dumped because: kasan: bad access detected [ 15.600421] [ 15.600555] Memory state around the buggy address: [ 15.600813] ffff8881039f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.601339] ffff8881039f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.601699] >ffff8881039f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.602097] ^ [ 15.602439] ffff8881039f8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.602771] ffff8881039f8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.603222] ================================================================== [ 15.535007] ================================================================== [ 15.536285] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.536765] Free of addr ffff8881038e9001 by task kunit_try_catch/259 [ 15.537087] [ 15.537509] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.537571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.537586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.537612] Call Trace: [ 15.537626] <TASK> [ 15.537664] dump_stack_lvl+0x73/0xb0 [ 15.537701] print_report+0xd1/0x650 [ 15.537728] ? __virt_addr_valid+0x1db/0x2d0 [ 15.537758] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.537784] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.537868] kasan_report_invalid_free+0x10a/0x130 [ 15.537902] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.537934] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.537963] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.537991] check_slab_allocation+0x11f/0x130 [ 15.538017] __kasan_mempool_poison_object+0x91/0x1d0 [ 15.538046] mempool_free+0x2ec/0x380 [ 15.538075] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.538105] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.538136] ? kasan_save_track+0x18/0x40 [ 15.538158] ? kasan_save_alloc_info+0x3b/0x50 [ 15.538185] ? kasan_save_stack+0x45/0x70 [ 15.538214] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.538242] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 15.538274] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.538302] ? __pfx_mempool_kfree+0x10/0x10 [ 15.538331] ? __pfx_read_tsc+0x10/0x10 [ 15.538357] ? ktime_get_ts64+0x86/0x230 [ 15.538387] kunit_try_run_case+0x1a5/0x480 [ 15.538417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.538450] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.538478] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.538505] ? __kthread_parkme+0x82/0x180 [ 15.538530] ? preempt_count_sub+0x50/0x80 [ 15.538557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.538586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.538613] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.538640] kthread+0x337/0x6f0 [ 15.538678] ? trace_preempt_on+0x20/0xc0 [ 15.538706] ? __pfx_kthread+0x10/0x10 [ 15.538730] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.538755] ? calculate_sigpending+0x7b/0xa0 [ 15.538784] ? __pfx_kthread+0x10/0x10 [ 15.538831] ret_from_fork+0x116/0x1d0 [ 15.538853] ? __pfx_kthread+0x10/0x10 [ 15.538877] ret_from_fork_asm+0x1a/0x30 [ 15.538916] </TASK> [ 15.538930] [ 15.552664] Allocated by task 259: [ 15.553423] kasan_save_stack+0x45/0x70 [ 15.553682] kasan_save_track+0x18/0x40 [ 15.553879] kasan_save_alloc_info+0x3b/0x50 [ 15.554255] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.554527] remove_element+0x11e/0x190 [ 15.554729] mempool_alloc_preallocated+0x4d/0x90 [ 15.555443] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 15.555734] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.556313] kunit_try_run_case+0x1a5/0x480 [ 15.556682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.557303] kthread+0x337/0x6f0 [ 15.557627] ret_from_fork+0x116/0x1d0 [ 15.558154] ret_from_fork_asm+0x1a/0x30 [ 15.558393] [ 15.558491] The buggy address belongs to the object at ffff8881038e9000 [ 15.558491] which belongs to the cache kmalloc-128 of size 128 [ 15.559451] The buggy address is located 1 bytes inside of [ 15.559451] 128-byte region [ffff8881038e9000, ffff8881038e9080) [ 15.560404] [ 15.560510] The buggy address belongs to the physical page: [ 15.560834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e9 [ 15.562088] flags: 0x200000000000000(node=0|zone=2) [ 15.562382] page_type: f5(slab) [ 15.562801] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.563262] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.563776] page dumped because: kasan: bad access detected [ 15.564194] [ 15.564317] Memory state around the buggy address: [ 15.564580] ffff8881038e8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.565458] ffff8881038e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.566056] >ffff8881038e9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.566497] ^ [ 15.566905] ffff8881038e9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.567269] ffff8881038e9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.567738] ==================================================================