Date
July 12, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.615320] ================================================================== [ 18.615384] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.615438] Free of addr fff00000c5942501 by task kunit_try_catch/241 [ 18.615481] [ 18.615859] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.616300] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.616349] Hardware name: linux,dummy-virt (DT) [ 18.616380] Call trace: [ 18.616716] show_stack+0x20/0x38 (C) [ 18.616834] dump_stack_lvl+0x8c/0xd0 [ 18.616886] print_report+0x118/0x5d0 [ 18.617259] kasan_report_invalid_free+0xc0/0xe8 [ 18.617409] check_slab_allocation+0xfc/0x108 [ 18.617509] __kasan_mempool_poison_object+0x78/0x150 [ 18.617832] mempool_free+0x28c/0x328 [ 18.618141] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.618365] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.618442] kunit_try_run_case+0x170/0x3f0 [ 18.618594] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.618892] kthread+0x328/0x630 [ 18.618978] ret_from_fork+0x10/0x20 [ 18.619125] [ 18.619281] Allocated by task 241: [ 18.619315] kasan_save_stack+0x3c/0x68 [ 18.619359] kasan_save_track+0x20/0x40 [ 18.619771] kasan_save_alloc_info+0x40/0x58 [ 18.619875] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.619940] remove_element+0x130/0x1f8 [ 18.620345] mempool_alloc_preallocated+0x58/0xc0 [ 18.620438] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.620543] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.620599] kunit_try_run_case+0x170/0x3f0 [ 18.620675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.620839] kthread+0x328/0x630 [ 18.621036] ret_from_fork+0x10/0x20 [ 18.621198] [ 18.621269] The buggy address belongs to the object at fff00000c5942500 [ 18.621269] which belongs to the cache kmalloc-128 of size 128 [ 18.621608] The buggy address is located 1 bytes inside of [ 18.621608] 128-byte region [fff00000c5942500, fff00000c5942580) [ 18.621779] [ 18.621828] The buggy address belongs to the physical page: [ 18.622305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 18.622407] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.622522] page_type: f5(slab) [ 18.622625] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.622981] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.623102] page dumped because: kasan: bad access detected [ 18.623148] [ 18.623165] Memory state around the buggy address: [ 18.623476] fff00000c5942400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.623669] fff00000c5942480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.623716] >fff00000c5942500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.623784] ^ [ 18.624097] fff00000c5942580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.624280] fff00000c5942600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.624344] ================================================================== [ 18.630578] ================================================================== [ 18.630824] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.630903] Free of addr fff00000c7918001 by task kunit_try_catch/243 [ 18.630949] [ 18.630988] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.631082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.631110] Hardware name: linux,dummy-virt (DT) [ 18.631246] Call trace: [ 18.631464] show_stack+0x20/0x38 (C) [ 18.631553] dump_stack_lvl+0x8c/0xd0 [ 18.631686] print_report+0x118/0x5d0 [ 18.631775] kasan_report_invalid_free+0xc0/0xe8 [ 18.631941] __kasan_mempool_poison_object+0xfc/0x150 [ 18.632101] mempool_free+0x28c/0x328 [ 18.632210] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.632272] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.632325] kunit_try_run_case+0x170/0x3f0 [ 18.632375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.632838] kthread+0x328/0x630 [ 18.632934] ret_from_fork+0x10/0x20 [ 18.633079] [ 18.633119] The buggy address belongs to the physical page: [ 18.633158] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107918 [ 18.633388] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.633814] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.634009] page_type: f8(unknown) [ 18.634066] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.634453] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.634615] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.634712] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.634863] head: 0bfffe0000000002 ffffc1ffc31e4601 00000000ffffffff 00000000ffffffff [ 18.634969] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.635315] page dumped because: kasan: bad access detected [ 18.635383] [ 18.635471] Memory state around the buggy address: [ 18.635585] fff00000c7917f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.635734] fff00000c7917f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.635851] >fff00000c7918000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.635990] ^ [ 18.636030] fff00000c7918080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.636094] fff00000c7918100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.636535] ==================================================================
[ 14.769499] ================================================================== [ 14.770101] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.770609] Free of addr ffff888102c04001 by task kunit_try_catch/260 [ 14.771305] [ 14.771490] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.771535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.771719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.771744] Call Trace: [ 14.771756] <TASK> [ 14.771771] dump_stack_lvl+0x73/0xb0 [ 14.771802] print_report+0xd1/0x610 [ 14.771825] ? __virt_addr_valid+0x1db/0x2d0 [ 14.771849] ? kasan_addr_to_slab+0x11/0xa0 [ 14.771871] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.771899] kasan_report_invalid_free+0x10a/0x130 [ 14.771925] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.771955] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.772219] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.772248] mempool_free+0x2ec/0x380 [ 14.772288] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.772316] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.772347] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.772370] ? finish_task_switch.isra.0+0x153/0x700 [ 14.772398] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.772424] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.772454] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.772477] ? __pfx_mempool_kfree+0x10/0x10 [ 14.772502] ? __pfx_read_tsc+0x10/0x10 [ 14.772524] ? ktime_get_ts64+0x86/0x230 [ 14.772549] kunit_try_run_case+0x1a5/0x480 [ 14.772574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.772598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.772624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.772648] ? __kthread_parkme+0x82/0x180 [ 14.772669] ? preempt_count_sub+0x50/0x80 [ 14.772692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.772717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.772741] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.772767] kthread+0x337/0x6f0 [ 14.772786] ? trace_preempt_on+0x20/0xc0 [ 14.772809] ? __pfx_kthread+0x10/0x10 [ 14.772830] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.772852] ? calculate_sigpending+0x7b/0xa0 [ 14.772877] ? __pfx_kthread+0x10/0x10 [ 14.772899] ret_from_fork+0x116/0x1d0 [ 14.772917] ? __pfx_kthread+0x10/0x10 [ 14.772937] ret_from_fork_asm+0x1a/0x30 [ 14.772968] </TASK> [ 14.773027] [ 14.786867] The buggy address belongs to the physical page: [ 14.787516] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c04 [ 14.787861] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.788434] flags: 0x200000000000040(head|node=0|zone=2) [ 14.788927] page_type: f8(unknown) [ 14.789321] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.789914] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.790276] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.790949] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.791780] head: 0200000000000002 ffffea00040b0101 00000000ffffffff 00000000ffffffff [ 14.792412] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.792648] page dumped because: kasan: bad access detected [ 14.792819] [ 14.792887] Memory state around the buggy address: [ 14.793089] ffff888102c03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.793458] ffff888102c03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.793789] >ffff888102c04000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.794179] ^ [ 14.794338] ffff888102c04080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.794553] ffff888102c04100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.794867] ================================================================== [ 14.731666] ================================================================== [ 14.733017] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.734022] Free of addr ffff888103a67001 by task kunit_try_catch/258 [ 14.734673] [ 14.734881] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.734928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.734941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.734965] Call Trace: [ 14.734977] <TASK> [ 14.734994] dump_stack_lvl+0x73/0xb0 [ 14.735026] print_report+0xd1/0x610 [ 14.735051] ? __virt_addr_valid+0x1db/0x2d0 [ 14.735076] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.735101] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.735130] kasan_report_invalid_free+0x10a/0x130 [ 14.735218] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.735251] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.735296] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.735323] check_slab_allocation+0x11f/0x130 [ 14.735347] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.735373] mempool_free+0x2ec/0x380 [ 14.735403] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.735431] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.735461] ? __kasan_check_write+0x18/0x20 [ 14.735482] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.735507] ? finish_task_switch.isra.0+0x153/0x700 [ 14.735535] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.735561] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.735590] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.735614] ? __pfx_mempool_kfree+0x10/0x10 [ 14.735640] ? __pfx_read_tsc+0x10/0x10 [ 14.735662] ? ktime_get_ts64+0x86/0x230 [ 14.735688] kunit_try_run_case+0x1a5/0x480 [ 14.735715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.735738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.735764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.735789] ? __kthread_parkme+0x82/0x180 [ 14.735813] ? preempt_count_sub+0x50/0x80 [ 14.735838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.735863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.735889] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.735916] kthread+0x337/0x6f0 [ 14.735937] ? trace_preempt_on+0x20/0xc0 [ 14.735961] ? __pfx_kthread+0x10/0x10 [ 14.735999] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.736022] ? calculate_sigpending+0x7b/0xa0 [ 14.736068] ? __pfx_kthread+0x10/0x10 [ 14.736091] ret_from_fork+0x116/0x1d0 [ 14.736112] ? __pfx_kthread+0x10/0x10 [ 14.736133] ret_from_fork_asm+0x1a/0x30 [ 14.736166] </TASK> [ 14.736178] [ 14.753690] Allocated by task 258: [ 14.754001] kasan_save_stack+0x45/0x70 [ 14.754254] kasan_save_track+0x18/0x40 [ 14.754652] kasan_save_alloc_info+0x3b/0x50 [ 14.754815] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.755229] remove_element+0x11e/0x190 [ 14.755784] mempool_alloc_preallocated+0x4d/0x90 [ 14.756313] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.756644] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.756992] kunit_try_run_case+0x1a5/0x480 [ 14.757467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.757662] kthread+0x337/0x6f0 [ 14.757780] ret_from_fork+0x116/0x1d0 [ 14.757911] ret_from_fork_asm+0x1a/0x30 [ 14.758276] [ 14.758450] The buggy address belongs to the object at ffff888103a67000 [ 14.758450] which belongs to the cache kmalloc-128 of size 128 [ 14.759762] The buggy address is located 1 bytes inside of [ 14.759762] 128-byte region [ffff888103a67000, ffff888103a67080) [ 14.760571] [ 14.760755] The buggy address belongs to the physical page: [ 14.761381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 14.761635] flags: 0x200000000000000(node=0|zone=2) [ 14.761810] page_type: f5(slab) [ 14.761938] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.762709] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.763555] page dumped because: kasan: bad access detected [ 14.764123] [ 14.764303] Memory state around the buggy address: [ 14.764746] ffff888103a66f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.765498] ffff888103a66f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.765716] >ffff888103a67000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.765925] ^ [ 14.766071] ffff888103a67080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.766472] ffff888103a67100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.766765] ==================================================================