Date
July 5, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.313633] ================================================================== [ 20.313986] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.314102] Free of addr fff00000c78d3601 by task kunit_try_catch/241 [ 20.314144] [ 20.314192] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.314430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.314474] Hardware name: linux,dummy-virt (DT) [ 20.314505] Call trace: [ 20.314525] show_stack+0x20/0x38 (C) [ 20.314579] dump_stack_lvl+0x8c/0xd0 [ 20.314726] print_report+0x118/0x608 [ 20.314884] kasan_report_invalid_free+0xc0/0xe8 [ 20.314988] check_slab_allocation+0xfc/0x108 [ 20.315095] __kasan_mempool_poison_object+0x78/0x150 [ 20.315663] mempool_free+0x28c/0x328 [ 20.315767] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.315821] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.316401] kunit_try_run_case+0x170/0x3f0 [ 20.316479] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.316531] kthread+0x328/0x630 [ 20.316574] ret_from_fork+0x10/0x20 [ 20.316650] [ 20.316721] Allocated by task 241: [ 20.316752] kasan_save_stack+0x3c/0x68 [ 20.317038] kasan_save_track+0x20/0x40 [ 20.317167] kasan_save_alloc_info+0x40/0x58 [ 20.317221] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.317263] remove_element+0x130/0x1f8 [ 20.317301] mempool_alloc_preallocated+0x58/0xc0 [ 20.317365] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 20.317680] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.317729] kunit_try_run_case+0x170/0x3f0 [ 20.317765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.317810] kthread+0x328/0x630 [ 20.317942] ret_from_fork+0x10/0x20 [ 20.318361] [ 20.318613] The buggy address belongs to the object at fff00000c78d3600 [ 20.318613] which belongs to the cache kmalloc-128 of size 128 [ 20.318711] The buggy address is located 1 bytes inside of [ 20.318711] 128-byte region [fff00000c78d3600, fff00000c78d3680) [ 20.318846] [ 20.318910] The buggy address belongs to the physical page: [ 20.318959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 20.319015] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.319420] page_type: f5(slab) [ 20.319562] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.319773] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.320017] page dumped because: kasan: bad access detected [ 20.320209] [ 20.320233] Memory state around the buggy address: [ 20.320266] fff00000c78d3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.320322] fff00000c78d3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.320364] >fff00000c78d3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.320797] ^ [ 20.320940] fff00000c78d3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.320989] fff00000c78d3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.321057] ================================================================== [ 20.329814] ================================================================== [ 20.329870] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.329924] Free of addr fff00000c790c001 by task kunit_try_catch/243 [ 20.329966] [ 20.330000] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.330078] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.330105] Hardware name: linux,dummy-virt (DT) [ 20.330137] Call trace: [ 20.330488] show_stack+0x20/0x38 (C) [ 20.330725] dump_stack_lvl+0x8c/0xd0 [ 20.330832] print_report+0x118/0x608 [ 20.331180] kasan_report_invalid_free+0xc0/0xe8 [ 20.331732] __kasan_mempool_poison_object+0xfc/0x150 [ 20.331987] mempool_free+0x28c/0x328 [ 20.332033] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.332331] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.332563] kunit_try_run_case+0x170/0x3f0 [ 20.332612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.332664] kthread+0x328/0x630 [ 20.332709] ret_from_fork+0x10/0x20 [ 20.332756] [ 20.332777] The buggy address belongs to the physical page: [ 20.332809] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790c [ 20.333388] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.333445] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.333499] page_type: f8(unknown) [ 20.333978] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.334111] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.334259] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.334322] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.334425] head: 0bfffe0000000002 ffffc1ffc31e4301 00000000ffffffff 00000000ffffffff [ 20.334526] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.334623] page dumped because: kasan: bad access detected [ 20.334653] [ 20.334706] Memory state around the buggy address: [ 20.334878] fff00000c790bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.334923] fff00000c790bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.334967] >fff00000c790c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.335009] ^ [ 20.335082] fff00000c790c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.335461] fff00000c790c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.335503] ==================================================================
[ 15.516074] ================================================================== [ 15.517394] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.517699] Free of addr ffff888103aac001 by task kunit_try_catch/261 [ 15.517941] [ 15.518048] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.518110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.518125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.518152] Call Trace: [ 15.518169] <TASK> [ 15.518189] dump_stack_lvl+0x73/0xb0 [ 15.518224] print_report+0xd1/0x650 [ 15.518251] ? __virt_addr_valid+0x1db/0x2d0 [ 15.518279] ? kasan_addr_to_slab+0x11/0xa0 [ 15.518303] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518332] kasan_report_invalid_free+0x10a/0x130 [ 15.518360] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518391] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518419] __kasan_mempool_poison_object+0x102/0x1d0 [ 15.518447] mempool_free+0x2ec/0x380 [ 15.518475] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518532] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.518562] ? __kasan_check_write+0x18/0x20 [ 15.518584] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.518609] ? finish_task_switch.isra.0+0x153/0x700 [ 15.518639] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 15.518666] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 15.518697] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.518722] ? __pfx_mempool_kfree+0x10/0x10 [ 15.518751] ? __pfx_read_tsc+0x10/0x10 [ 15.518775] ? ktime_get_ts64+0x86/0x230 [ 15.518813] kunit_try_run_case+0x1a5/0x480 [ 15.518841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.518866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.518894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.518920] ? __kthread_parkme+0x82/0x180 [ 15.518944] ? preempt_count_sub+0x50/0x80 [ 15.518970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.518997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.519047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.519076] kthread+0x337/0x6f0 [ 15.519098] ? trace_preempt_on+0x20/0xc0 [ 15.519124] ? __pfx_kthread+0x10/0x10 [ 15.519150] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.519175] ? calculate_sigpending+0x7b/0xa0 [ 15.519204] ? __pfx_kthread+0x10/0x10 [ 15.519228] ret_from_fork+0x116/0x1d0 [ 15.519250] ? __pfx_kthread+0x10/0x10 [ 15.519273] ret_from_fork_asm+0x1a/0x30 [ 15.519308] </TASK> [ 15.519322] [ 15.537070] The buggy address belongs to the physical page: [ 15.537304] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aac [ 15.538007] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.538472] flags: 0x200000000000040(head|node=0|zone=2) [ 15.538765] page_type: f8(unknown) [ 15.538992] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.539433] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.539843] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.540247] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.540749] head: 0200000000000002 ffffea00040eab01 00000000ffffffff 00000000ffffffff [ 15.541122] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.541776] page dumped because: kasan: bad access detected [ 15.542049] [ 15.542158] Memory state around the buggy address: [ 15.542450] ffff888103aabf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.542779] ffff888103aabf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.543133] >ffff888103aac000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.543479] ^ [ 15.543679] ffff888103aac080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.543987] ffff888103aac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.544432] ================================================================== [ 15.482410] ================================================================== [ 15.483721] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.484289] Free of addr ffff888103929301 by task kunit_try_catch/259 [ 15.484972] [ 15.485235] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.485303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.485318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.485349] Call Trace: [ 15.485380] <TASK> [ 15.485401] dump_stack_lvl+0x73/0xb0 [ 15.485439] print_report+0xd1/0x650 [ 15.485480] ? __virt_addr_valid+0x1db/0x2d0 [ 15.485509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.485535] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485565] kasan_report_invalid_free+0x10a/0x130 [ 15.485593] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485624] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485651] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485679] check_slab_allocation+0x11f/0x130 [ 15.485704] __kasan_mempool_poison_object+0x91/0x1d0 [ 15.485731] mempool_free+0x2ec/0x380 [ 15.485754] ? mempool_alloc_preallocated+0x5b/0x90 [ 15.485782] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485821] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.485852] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.485876] ? finish_task_switch.isra.0+0x153/0x700 [ 15.485905] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.485932] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 15.485963] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.485989] ? __pfx_mempool_kfree+0x10/0x10 [ 15.486017] ? __pfx_read_tsc+0x10/0x10 [ 15.486043] ? ktime_get_ts64+0x86/0x230 [ 15.486092] kunit_try_run_case+0x1a5/0x480 [ 15.486123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.486147] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.486176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.486202] ? __kthread_parkme+0x82/0x180 [ 15.486227] ? preempt_count_sub+0x50/0x80 [ 15.486252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.486279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.486305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.486331] kthread+0x337/0x6f0 [ 15.486353] ? trace_preempt_on+0x20/0xc0 [ 15.486379] ? __pfx_kthread+0x10/0x10 [ 15.486402] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.486427] ? calculate_sigpending+0x7b/0xa0 [ 15.486457] ? __pfx_kthread+0x10/0x10 [ 15.486481] ret_from_fork+0x116/0x1d0 [ 15.486503] ? __pfx_kthread+0x10/0x10 [ 15.486525] ret_from_fork_asm+0x1a/0x30 [ 15.486561] </TASK> [ 15.486574] [ 15.502441] Allocated by task 259: [ 15.502646] kasan_save_stack+0x45/0x70 [ 15.502888] kasan_save_track+0x18/0x40 [ 15.503042] kasan_save_alloc_info+0x3b/0x50 [ 15.503266] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.503572] remove_element+0x11e/0x190 [ 15.503749] mempool_alloc_preallocated+0x4d/0x90 [ 15.503937] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 15.504268] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.504566] kunit_try_run_case+0x1a5/0x480 [ 15.504783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.505020] kthread+0x337/0x6f0 [ 15.505177] ret_from_fork+0x116/0x1d0 [ 15.505395] ret_from_fork_asm+0x1a/0x30 [ 15.505640] [ 15.505748] The buggy address belongs to the object at ffff888103929300 [ 15.505748] which belongs to the cache kmalloc-128 of size 128 [ 15.506296] The buggy address is located 1 bytes inside of [ 15.506296] 128-byte region [ffff888103929300, ffff888103929380) [ 15.506868] [ 15.506953] The buggy address belongs to the physical page: [ 15.507282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 15.507672] flags: 0x200000000000000(node=0|zone=2) [ 15.507939] page_type: f5(slab) [ 15.508169] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.508534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.508902] page dumped because: kasan: bad access detected [ 15.509201] [ 15.509320] Memory state around the buggy address: [ 15.509558] ffff888103929200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.509864] ffff888103929280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.510267] >ffff888103929300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.510651] ^ [ 15.510842] ffff888103929380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.511224] ffff888103929400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.511542] ==================================================================