Date
July 6, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.351279] ================================================================== [ 20.351430] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.351751] Free of addr fff00000c78e0001 by task kunit_try_catch/243 [ 20.351803] [ 20.351929] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.352277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.352466] Hardware name: linux,dummy-virt (DT) [ 20.352544] Call trace: [ 20.352570] show_stack+0x20/0x38 (C) [ 20.352624] dump_stack_lvl+0x8c/0xd0 [ 20.352687] print_report+0x118/0x608 [ 20.352745] kasan_report_invalid_free+0xc0/0xe8 [ 20.352846] __kasan_mempool_poison_object+0xfc/0x150 [ 20.352901] mempool_free+0x28c/0x328 [ 20.352945] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.352996] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.353056] kunit_try_run_case+0x170/0x3f0 [ 20.353115] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.353176] kthread+0x328/0x630 [ 20.353238] ret_from_fork+0x10/0x20 [ 20.353286] [ 20.353307] The buggy address belongs to the physical page: [ 20.353338] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0 [ 20.353392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.353456] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.353843] page_type: f8(unknown) [ 20.354036] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.354225] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.354278] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.354350] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.354672] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff [ 20.354780] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.355358] page dumped because: kasan: bad access detected [ 20.355649] [ 20.355768] Memory state around the buggy address: [ 20.356066] fff00000c78dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.356152] fff00000c78dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.356229] >fff00000c78e0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.356269] ^ [ 20.356297] fff00000c78e0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.356582] fff00000c78e0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.356710] ================================================================== [ 20.323811] ================================================================== [ 20.324090] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.324247] Free of addr fff00000c56edf01 by task kunit_try_catch/241 [ 20.324335] [ 20.324400] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.324481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.324506] Hardware name: linux,dummy-virt (DT) [ 20.324537] Call trace: [ 20.324773] show_stack+0x20/0x38 (C) [ 20.324840] dump_stack_lvl+0x8c/0xd0 [ 20.325019] print_report+0x118/0x608 [ 20.325072] kasan_report_invalid_free+0xc0/0xe8 [ 20.325166] check_slab_allocation+0xfc/0x108 [ 20.325231] __kasan_mempool_poison_object+0x78/0x150 [ 20.325494] mempool_free+0x28c/0x328 [ 20.325614] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.325799] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.326011] kunit_try_run_case+0x170/0x3f0 [ 20.326069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.326335] kthread+0x328/0x630 [ 20.326473] ret_from_fork+0x10/0x20 [ 20.326625] [ 20.326702] Allocated by task 241: [ 20.326737] kasan_save_stack+0x3c/0x68 [ 20.326965] kasan_save_track+0x20/0x40 [ 20.327174] kasan_save_alloc_info+0x40/0x58 [ 20.327263] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.327350] remove_element+0x130/0x1f8 [ 20.327388] mempool_alloc_preallocated+0x58/0xc0 [ 20.327499] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 20.327661] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.327945] kunit_try_run_case+0x170/0x3f0 [ 20.328031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.328325] kthread+0x328/0x630 [ 20.328564] ret_from_fork+0x10/0x20 [ 20.328768] [ 20.328928] The buggy address belongs to the object at fff00000c56edf00 [ 20.328928] which belongs to the cache kmalloc-128 of size 128 [ 20.329059] The buggy address is located 1 bytes inside of [ 20.329059] 128-byte region [fff00000c56edf00, fff00000c56edf80) [ 20.329290] [ 20.329359] The buggy address belongs to the physical page: [ 20.329559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056ed [ 20.329835] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.329965] page_type: f5(slab) [ 20.330058] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.330183] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 20.330236] page dumped because: kasan: bad access detected [ 20.330268] [ 20.330285] Memory state around the buggy address: [ 20.330324] fff00000c56ede00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.330518] fff00000c56ede80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.330655] >fff00000c56edf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.330855] ^ [ 20.330910] fff00000c56edf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.331180] fff00000c56ee000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.331344] ==================================================================
[ 13.348578] ================================================================== [ 13.349128] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.349614] Free of addr ffff888102794f01 by task kunit_try_catch/258 [ 13.349891] [ 13.350315] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.350369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.350382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.350404] Call Trace: [ 13.350421] <TASK> [ 13.350440] dump_stack_lvl+0x73/0xb0 [ 13.350672] print_report+0xd1/0x650 [ 13.350698] ? __virt_addr_valid+0x1db/0x2d0 [ 13.350724] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.350747] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350774] kasan_report_invalid_free+0x10a/0x130 [ 13.350799] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350827] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350851] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350874] check_slab_allocation+0x11f/0x130 [ 13.350897] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.350922] mempool_free+0x2ec/0x380 [ 13.350954] ? mempool_alloc_preallocated+0x5b/0x90 [ 13.350977] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.351002] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.351030] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.351073] ? finish_task_switch.isra.0+0x153/0x700 [ 13.351099] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.351129] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.351155] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.351178] ? __pfx_mempool_kfree+0x10/0x10 [ 13.351202] ? __pfx_read_tsc+0x10/0x10 [ 13.351224] ? ktime_get_ts64+0x86/0x230 [ 13.351249] kunit_try_run_case+0x1a5/0x480 [ 13.351275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.351297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.351322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.351345] ? __kthread_parkme+0x82/0x180 [ 13.351367] ? preempt_count_sub+0x50/0x80 [ 13.351390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.351414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.351437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.351477] kthread+0x337/0x6f0 [ 13.351497] ? trace_preempt_on+0x20/0xc0 [ 13.351522] ? __pfx_kthread+0x10/0x10 [ 13.351543] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.351565] ? calculate_sigpending+0x7b/0xa0 [ 13.351590] ? __pfx_kthread+0x10/0x10 [ 13.351612] ret_from_fork+0x116/0x1d0 [ 13.351631] ? __pfx_kthread+0x10/0x10 [ 13.351652] ret_from_fork_asm+0x1a/0x30 [ 13.351683] </TASK> [ 13.351695] [ 13.364916] Allocated by task 258: [ 13.365365] kasan_save_stack+0x45/0x70 [ 13.365680] kasan_save_track+0x18/0x40 [ 13.365973] kasan_save_alloc_info+0x3b/0x50 [ 13.366362] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.366663] remove_element+0x11e/0x190 [ 13.366988] mempool_alloc_preallocated+0x4d/0x90 [ 13.367414] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.367758] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.368008] kunit_try_run_case+0x1a5/0x480 [ 13.368377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.368824] kthread+0x337/0x6f0 [ 13.369004] ret_from_fork+0x116/0x1d0 [ 13.369594] ret_from_fork_asm+0x1a/0x30 [ 13.369892] [ 13.370017] The buggy address belongs to the object at ffff888102794f00 [ 13.370017] which belongs to the cache kmalloc-128 of size 128 [ 13.370799] The buggy address is located 1 bytes inside of [ 13.370799] 128-byte region [ffff888102794f00, ffff888102794f80) [ 13.371614] [ 13.371838] The buggy address belongs to the physical page: [ 13.372301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 13.372655] flags: 0x200000000000000(node=0|zone=2) [ 13.372986] page_type: f5(slab) [ 13.373257] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.373579] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 13.373906] page dumped because: kasan: bad access detected [ 13.374511] [ 13.374606] Memory state around the buggy address: [ 13.374774] ffff888102794e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.375430] ffff888102794e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.376045] >ffff888102794f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.376460] ^ [ 13.376595] ffff888102794f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.377125] ffff888102795000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.377683] ================================================================== [ 13.381193] ================================================================== [ 13.382153] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.382729] Free of addr ffff888103b24001 by task kunit_try_catch/260 [ 13.383244] [ 13.383478] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.383529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.383542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.383565] Call Trace: [ 13.383578] <TASK> [ 13.383598] dump_stack_lvl+0x73/0xb0 [ 13.383665] print_report+0xd1/0x650 [ 13.383689] ? __virt_addr_valid+0x1db/0x2d0 [ 13.383713] ? kasan_addr_to_slab+0x11/0xa0 [ 13.383733] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383761] kasan_report_invalid_free+0x10a/0x130 [ 13.383785] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383814] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383838] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.383862] mempool_free+0x2ec/0x380 [ 13.383885] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383910] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.383950] ? __kasan_check_write+0x18/0x20 [ 13.383971] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.383993] ? finish_task_switch.isra.0+0x153/0x700 [ 13.384019] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.384043] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.384089] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.384112] ? __pfx_mempool_kfree+0x10/0x10 [ 13.384137] ? __pfx_read_tsc+0x10/0x10 [ 13.384158] ? ktime_get_ts64+0x86/0x230 [ 13.384182] kunit_try_run_case+0x1a5/0x480 [ 13.384207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.384229] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.384253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.384276] ? __kthread_parkme+0x82/0x180 [ 13.384297] ? preempt_count_sub+0x50/0x80 [ 13.384320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.384344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.384367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.384390] kthread+0x337/0x6f0 [ 13.384410] ? trace_preempt_on+0x20/0xc0 [ 13.384434] ? __pfx_kthread+0x10/0x10 [ 13.384471] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.384492] ? calculate_sigpending+0x7b/0xa0 [ 13.384516] ? __pfx_kthread+0x10/0x10 [ 13.384538] ret_from_fork+0x116/0x1d0 [ 13.384557] ? __pfx_kthread+0x10/0x10 [ 13.384577] ret_from_fork_asm+0x1a/0x30 [ 13.384608] </TASK> [ 13.384621] [ 13.396264] The buggy address belongs to the physical page: [ 13.396968] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b24 [ 13.397772] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.398613] flags: 0x200000000000040(head|node=0|zone=2) [ 13.399266] page_type: f8(unknown) [ 13.399683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.400558] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.401317] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.402132] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.402859] head: 0200000000000002 ffffea00040ec901 00000000ffffffff 00000000ffffffff [ 13.403629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.404334] page dumped because: kasan: bad access detected [ 13.404930] [ 13.405117] Memory state around the buggy address: [ 13.405580] ffff888103b23f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.406205] ffff888103b23f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.406871] >ffff888103b24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.407505] ^ [ 13.407866] ffff888103b24080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.408580] ffff888103b24100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.409314] ==================================================================