Date
July 2, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.276503] ================================================================== [ 20.276591] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.276722] Free of addr fff00000c793c001 by task kunit_try_catch/243 [ 20.276895] [ 20.276960] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.277069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.277099] Hardware name: linux,dummy-virt (DT) [ 20.277418] Call trace: [ 20.277471] show_stack+0x20/0x38 (C) [ 20.277651] dump_stack_lvl+0x8c/0xd0 [ 20.277875] print_report+0x118/0x608 [ 20.278064] kasan_report_invalid_free+0xc0/0xe8 [ 20.278123] __kasan_mempool_poison_object+0xfc/0x150 [ 20.278474] mempool_free+0x28c/0x328 [ 20.278681] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.278853] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.278955] kunit_try_run_case+0x170/0x3f0 [ 20.279022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.279247] kthread+0x328/0x630 [ 20.279473] ret_from_fork+0x10/0x20 [ 20.279676] [ 20.280045] The buggy address belongs to the physical page: [ 20.280310] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793c [ 20.280422] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.280501] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.280912] page_type: f8(unknown) [ 20.281363] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.281498] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.281857] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.281936] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.282043] head: 0bfffe0000000002 ffffc1ffc31e4f01 00000000ffffffff 00000000ffffffff [ 20.282139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.282195] page dumped because: kasan: bad access detected [ 20.282237] [ 20.282277] Memory state around the buggy address: [ 20.282311] fff00000c793bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.282365] fff00000c793bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.282430] >fff00000c793c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.282478] ^ [ 20.282517] fff00000c793c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.282570] fff00000c793c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.282735] ================================================================== [ 20.251700] ================================================================== [ 20.251766] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.251829] Free of addr fff00000c7041401 by task kunit_try_catch/241 [ 20.251872] [ 20.251910] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.251995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.252023] Hardware name: linux,dummy-virt (DT) [ 20.252058] Call trace: [ 20.252100] show_stack+0x20/0x38 (C) [ 20.252173] dump_stack_lvl+0x8c/0xd0 [ 20.252224] print_report+0x118/0x608 [ 20.252271] kasan_report_invalid_free+0xc0/0xe8 [ 20.252320] check_slab_allocation+0xfc/0x108 [ 20.252377] __kasan_mempool_poison_object+0x78/0x150 [ 20.252438] mempool_free+0x28c/0x328 [ 20.252491] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.252545] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.252900] kunit_try_run_case+0x170/0x3f0 [ 20.253190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.253788] kthread+0x328/0x630 [ 20.253853] ret_from_fork+0x10/0x20 [ 20.254442] [ 20.254507] Allocated by task 241: [ 20.254664] kasan_save_stack+0x3c/0x68 [ 20.254986] kasan_save_track+0x20/0x40 [ 20.255478] kasan_save_alloc_info+0x40/0x58 [ 20.255591] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.255849] remove_element+0x130/0x1f8 [ 20.255910] mempool_alloc_preallocated+0x58/0xc0 [ 20.256276] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 20.256610] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.256671] kunit_try_run_case+0x170/0x3f0 [ 20.257027] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.257174] kthread+0x328/0x630 [ 20.257312] ret_from_fork+0x10/0x20 [ 20.257493] [ 20.257517] The buggy address belongs to the object at fff00000c7041400 [ 20.257517] which belongs to the cache kmalloc-128 of size 128 [ 20.257731] The buggy address is located 1 bytes inside of [ 20.257731] 128-byte region [fff00000c7041400, fff00000c7041480) [ 20.257910] [ 20.257933] The buggy address belongs to the physical page: [ 20.258169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 20.258270] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.258565] page_type: f5(slab) [ 20.258635] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.259017] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.259350] page dumped because: kasan: bad access detected [ 20.259470] [ 20.259866] Memory state around the buggy address: [ 20.259921] fff00000c7041300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.260291] fff00000c7041380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.260564] >fff00000c7041400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.260640] ^ [ 20.260867] fff00000c7041480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.261086] fff00000c7041500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.261179] ==================================================================
[ 13.179080] ================================================================== [ 13.179561] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.180634] Free of addr ffff8881039c0001 by task kunit_try_catch/262 [ 13.181318] [ 13.181653] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.181706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.181719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.181744] Call Trace: [ 13.181757] <TASK> [ 13.181776] dump_stack_lvl+0x73/0xb0 [ 13.181908] print_report+0xd1/0x650 [ 13.181946] ? __virt_addr_valid+0x1db/0x2d0 [ 13.181972] ? kasan_addr_to_slab+0x11/0xa0 [ 13.181993] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.182020] kasan_report_invalid_free+0x10a/0x130 [ 13.182044] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.182071] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.182096] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.182121] mempool_free+0x2ec/0x380 [ 13.182144] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.182169] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.182197] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.182219] ? finish_task_switch.isra.0+0x153/0x700 [ 13.182245] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.182270] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.182298] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.182320] ? __pfx_mempool_kfree+0x10/0x10 [ 13.182345] ? __pfx_read_tsc+0x10/0x10 [ 13.182376] ? ktime_get_ts64+0x86/0x230 [ 13.182401] kunit_try_run_case+0x1a5/0x480 [ 13.182427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.182449] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.182473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.182496] ? __kthread_parkme+0x82/0x180 [ 13.182517] ? preempt_count_sub+0x50/0x80 [ 13.182540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.182564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.182587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.182610] kthread+0x337/0x6f0 [ 13.182629] ? trace_preempt_on+0x20/0xc0 [ 13.182653] ? __pfx_kthread+0x10/0x10 [ 13.182672] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.182693] ? calculate_sigpending+0x7b/0xa0 [ 13.182717] ? __pfx_kthread+0x10/0x10 [ 13.182738] ret_from_fork+0x116/0x1d0 [ 13.182756] ? __pfx_kthread+0x10/0x10 [ 13.182776] ret_from_fork_asm+0x1a/0x30 [ 13.182807] </TASK> [ 13.182819] [ 13.200179] The buggy address belongs to the physical page: [ 13.200553] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 13.200951] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.201810] flags: 0x200000000000040(head|node=0|zone=2) [ 13.202483] page_type: f8(unknown) [ 13.202969] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.203737] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.204234] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.204477] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.205053] head: 0200000000000002 ffffea00040e7001 00000000ffffffff 00000000ffffffff [ 13.205922] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.206617] page dumped because: kasan: bad access detected [ 13.207198] [ 13.207273] Memory state around the buggy address: [ 13.207435] ffff8881039bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.207645] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.207916] >ffff8881039c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.208749] ^ [ 13.208934] ffff8881039c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.209323] ffff8881039c0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.209798] ================================================================== [ 13.143468] ================================================================== [ 13.143908] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144173] Free of addr ffff888103124601 by task kunit_try_catch/260 [ 13.144382] [ 13.144471] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.144520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.144533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.144554] Call Trace: [ 13.144566] <TASK> [ 13.144582] dump_stack_lvl+0x73/0xb0 [ 13.144610] print_report+0xd1/0x650 [ 13.144632] ? __virt_addr_valid+0x1db/0x2d0 [ 13.144655] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.144676] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144700] kasan_report_invalid_free+0x10a/0x130 [ 13.144724] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144751] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144775] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144799] check_slab_allocation+0x11f/0x130 [ 13.144820] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.144843] mempool_free+0x2ec/0x380 [ 13.144865] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144888] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.144915] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.144937] ? finish_task_switch.isra.0+0x153/0x700 [ 13.144961] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.144984] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.145009] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.145031] ? __pfx_mempool_kfree+0x10/0x10 [ 13.145056] ? __pfx_read_tsc+0x10/0x10 [ 13.145077] ? ktime_get_ts64+0x86/0x230 [ 13.145100] kunit_try_run_case+0x1a5/0x480 [ 13.145124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.145145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.145168] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.145189] ? __kthread_parkme+0x82/0x180 [ 13.145210] ? preempt_count_sub+0x50/0x80 [ 13.145231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.145254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.145275] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.145298] kthread+0x337/0x6f0 [ 13.145315] ? trace_preempt_on+0x20/0xc0 [ 13.145338] ? __pfx_kthread+0x10/0x10 [ 13.145710] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.145768] ? calculate_sigpending+0x7b/0xa0 [ 13.145795] ? __pfx_kthread+0x10/0x10 [ 13.145818] ret_from_fork+0x116/0x1d0 [ 13.146043] ? __pfx_kthread+0x10/0x10 [ 13.146068] ret_from_fork_asm+0x1a/0x30 [ 13.146103] </TASK> [ 13.146114] [ 13.163048] Allocated by task 260: [ 13.163207] kasan_save_stack+0x45/0x70 [ 13.163407] kasan_save_track+0x18/0x40 [ 13.163600] kasan_save_alloc_info+0x3b/0x50 [ 13.164231] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.164488] remove_element+0x11e/0x190 [ 13.164934] mempool_alloc_preallocated+0x4d/0x90 [ 13.165170] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.165495] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.166118] kunit_try_run_case+0x1a5/0x480 [ 13.166335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.166597] kthread+0x337/0x6f0 [ 13.167159] ret_from_fork+0x116/0x1d0 [ 13.167324] ret_from_fork_asm+0x1a/0x30 [ 13.167787] [ 13.167999] The buggy address belongs to the object at ffff888103124600 [ 13.167999] which belongs to the cache kmalloc-128 of size 128 [ 13.168808] The buggy address is located 1 bytes inside of [ 13.168808] 128-byte region [ffff888103124600, ffff888103124680) [ 13.169259] [ 13.169370] The buggy address belongs to the physical page: [ 13.169966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103124 [ 13.170299] flags: 0x200000000000000(node=0|zone=2) [ 13.170818] page_type: f5(slab) [ 13.170989] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.171332] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.172054] page dumped because: kasan: bad access detected [ 13.172265] [ 13.172541] Memory state around the buggy address: [ 13.172991] ffff888103124500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.173442] ffff888103124580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.174030] >ffff888103124600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.174348] ^ [ 13.174677] ffff888103124680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.175089] ffff888103124700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.175492] ==================================================================