Date
July 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.363611] ================================================================== [ 21.363773] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.363834] Free of addr fff00000c7706e01 by task kunit_try_catch/241 [ 21.364176] [ 21.364271] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 21.364395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.364441] Hardware name: linux,dummy-virt (DT) [ 21.364758] Call trace: [ 21.364823] show_stack+0x20/0x38 (C) [ 21.364960] dump_stack_lvl+0x8c/0xd0 [ 21.365076] print_report+0x118/0x608 [ 21.365521] kasan_report_invalid_free+0xc0/0xe8 [ 21.365595] check_slab_allocation+0xfc/0x108 [ 21.365734] __kasan_mempool_poison_object+0x78/0x150 [ 21.365846] mempool_free+0x28c/0x328 [ 21.365931] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.365993] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.366043] kunit_try_run_case+0x170/0x3f0 [ 21.366105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.366178] kthread+0x328/0x630 [ 21.366229] ret_from_fork+0x10/0x20 [ 21.366285] [ 21.366305] Allocated by task 241: [ 21.366333] kasan_save_stack+0x3c/0x68 [ 21.366384] kasan_save_track+0x20/0x40 [ 21.366422] kasan_save_alloc_info+0x40/0x58 [ 21.366472] __kasan_mempool_unpoison_object+0x11c/0x180 [ 21.366530] remove_element+0x130/0x1f8 [ 21.366579] mempool_alloc_preallocated+0x58/0xc0 [ 21.366627] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 21.366669] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.366709] kunit_try_run_case+0x170/0x3f0 [ 21.366746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.366798] kthread+0x328/0x630 [ 21.366831] ret_from_fork+0x10/0x20 [ 21.366879] [ 21.366902] The buggy address belongs to the object at fff00000c7706e00 [ 21.366902] which belongs to the cache kmalloc-128 of size 128 [ 21.366963] The buggy address is located 1 bytes inside of [ 21.366963] 128-byte region [fff00000c7706e00, fff00000c7706e80) [ 21.367034] [ 21.367053] The buggy address belongs to the physical page: [ 21.367085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107706 [ 21.367171] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.367687] page_type: f5(slab) [ 21.367736] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.367788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.368231] page dumped because: kasan: bad access detected [ 21.368295] [ 21.368314] Memory state around the buggy address: [ 21.368348] fff00000c7706d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.368717] fff00000c7706d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.368904] >fff00000c7706e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.369057] ^ [ 21.369148] fff00000c7706e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.369323] fff00000c7706f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.369383] ================================================================== [ 21.378602] ================================================================== [ 21.378664] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.378718] Free of addr fff00000c7818001 by task kunit_try_catch/243 [ 21.378760] [ 21.378803] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 21.378885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.378916] Hardware name: linux,dummy-virt (DT) [ 21.378947] Call trace: [ 21.378970] show_stack+0x20/0x38 (C) [ 21.379024] dump_stack_lvl+0x8c/0xd0 [ 21.379072] print_report+0x118/0x608 [ 21.379125] kasan_report_invalid_free+0xc0/0xe8 [ 21.379188] __kasan_mempool_poison_object+0xfc/0x150 [ 21.379657] mempool_free+0x28c/0x328 [ 21.379749] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.379821] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 21.379963] kunit_try_run_case+0x170/0x3f0 [ 21.380020] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.380074] kthread+0x328/0x630 [ 21.380434] ret_from_fork+0x10/0x20 [ 21.380530] [ 21.380610] The buggy address belongs to the physical page: [ 21.380676] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818 [ 21.380836] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.380941] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.381026] page_type: f8(unknown) [ 21.381355] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.381434] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.381568] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.381666] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.381856] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff [ 21.381970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.382019] page dumped because: kasan: bad access detected [ 21.382420] [ 21.382568] Memory state around the buggy address: [ 21.382646] fff00000c7817f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.383020] fff00000c7817f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.383173] >fff00000c7818000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.383296] ^ [ 21.383468] fff00000c7818080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.383546] fff00000c7818100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.383634] ==================================================================
[ 14.279906] ================================================================== [ 14.281717] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.282690] Free of addr ffff88810298c001 by task kunit_try_catch/261 [ 14.282889] [ 14.282980] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.283028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.283040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.283061] Call Trace: [ 14.283075] <TASK> [ 14.283092] dump_stack_lvl+0x73/0xb0 [ 14.283124] print_report+0xd1/0x650 [ 14.283147] ? __virt_addr_valid+0x1db/0x2d0 [ 14.283171] ? kasan_addr_to_slab+0x11/0xa0 [ 14.283192] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.283219] kasan_report_invalid_free+0x10a/0x130 [ 14.283244] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.283274] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.283300] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.283326] mempool_free+0x2ec/0x380 [ 14.283353] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.283380] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.283410] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.283432] ? finish_task_switch.isra.0+0x153/0x700 [ 14.283459] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.283485] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.283514] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.283537] ? __pfx_mempool_kfree+0x10/0x10 [ 14.283562] ? __pfx_read_tsc+0x10/0x10 [ 14.283583] ? ktime_get_ts64+0x86/0x230 [ 14.283647] kunit_try_run_case+0x1a5/0x480 [ 14.283851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.284127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.284160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.284186] ? __kthread_parkme+0x82/0x180 [ 14.284209] ? preempt_count_sub+0x50/0x80 [ 14.284233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.284267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.284293] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.284319] kthread+0x337/0x6f0 [ 14.284337] ? trace_preempt_on+0x20/0xc0 [ 14.284384] ? __pfx_kthread+0x10/0x10 [ 14.284405] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.284427] ? calculate_sigpending+0x7b/0xa0 [ 14.284452] ? __pfx_kthread+0x10/0x10 [ 14.284474] ret_from_fork+0x116/0x1d0 [ 14.284493] ? __pfx_kthread+0x10/0x10 [ 14.284530] ret_from_fork_asm+0x1a/0x30 [ 14.284563] </TASK> [ 14.284592] [ 14.297246] The buggy address belongs to the physical page: [ 14.297677] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298c [ 14.298096] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.298412] flags: 0x200000000000040(head|node=0|zone=2) [ 14.299150] page_type: f8(unknown) [ 14.299408] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.300197] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.300677] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.301393] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.302234] head: 0200000000000002 ffffea00040a6301 00000000ffffffff 00000000ffffffff [ 14.302779] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.303369] page dumped because: kasan: bad access detected [ 14.303755] [ 14.303858] Memory state around the buggy address: [ 14.304165] ffff88810298bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.304477] ffff88810298bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.305644] >ffff88810298c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.306088] ^ [ 14.306401] ffff88810298c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.307200] ffff88810298c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.307729] ================================================================== [ 14.255400] ================================================================== [ 14.256072] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.256418] Free of addr ffff888102b9f501 by task kunit_try_catch/259 [ 14.256732] [ 14.256846] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.256889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.256901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.256922] Call Trace: [ 14.256949] <TASK> [ 14.256966] dump_stack_lvl+0x73/0xb0 [ 14.256997] print_report+0xd1/0x650 [ 14.257019] ? __virt_addr_valid+0x1db/0x2d0 [ 14.257043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.257067] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.257094] kasan_report_invalid_free+0x10a/0x130 [ 14.257119] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.257148] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.257174] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.257200] check_slab_allocation+0x11f/0x130 [ 14.257222] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.257248] mempool_free+0x2ec/0x380 [ 14.257275] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.257303] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.257329] ? update_load_avg+0x1be/0x21b0 [ 14.257353] ? update_load_avg+0x1be/0x21b0 [ 14.257373] ? update_curr+0x80/0x810 [ 14.257396] ? finish_task_switch.isra.0+0x153/0x700 [ 14.257423] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.257448] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.257476] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.257499] ? __pfx_mempool_kfree+0x10/0x10 [ 14.257579] ? __pfx_read_tsc+0x10/0x10 [ 14.257614] ? ktime_get_ts64+0x86/0x230 [ 14.257639] kunit_try_run_case+0x1a5/0x480 [ 14.257663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.257687] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.257714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.257738] ? __kthread_parkme+0x82/0x180 [ 14.257760] ? preempt_count_sub+0x50/0x80 [ 14.257784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.257808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.257833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.257858] kthread+0x337/0x6f0 [ 14.257878] ? trace_preempt_on+0x20/0xc0 [ 14.257902] ? __pfx_kthread+0x10/0x10 [ 14.257987] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.258013] ? calculate_sigpending+0x7b/0xa0 [ 14.258040] ? __pfx_kthread+0x10/0x10 [ 14.258062] ret_from_fork+0x116/0x1d0 [ 14.258081] ? __pfx_kthread+0x10/0x10 [ 14.258102] ret_from_fork_asm+0x1a/0x30 [ 14.258134] </TASK> [ 14.258145] [ 14.267466] Allocated by task 259: [ 14.267646] kasan_save_stack+0x45/0x70 [ 14.267796] kasan_save_track+0x18/0x40 [ 14.267929] kasan_save_alloc_info+0x3b/0x50 [ 14.268076] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.268315] remove_element+0x11e/0x190 [ 14.268505] mempool_alloc_preallocated+0x4d/0x90 [ 14.268848] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.269112] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.269558] kunit_try_run_case+0x1a5/0x480 [ 14.269727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.269902] kthread+0x337/0x6f0 [ 14.270072] ret_from_fork+0x116/0x1d0 [ 14.270264] ret_from_fork_asm+0x1a/0x30 [ 14.270516] [ 14.270629] The buggy address belongs to the object at ffff888102b9f500 [ 14.270629] which belongs to the cache kmalloc-128 of size 128 [ 14.271192] The buggy address is located 1 bytes inside of [ 14.271192] 128-byte region [ffff888102b9f500, ffff888102b9f580) [ 14.271688] [ 14.271788] The buggy address belongs to the physical page: [ 14.272085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b9f [ 14.272418] flags: 0x200000000000000(node=0|zone=2) [ 14.272684] page_type: f5(slab) [ 14.272807] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.273101] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.273587] page dumped because: kasan: bad access detected [ 14.273808] [ 14.273879] Memory state around the buggy address: [ 14.274034] ffff888102b9f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.274584] ffff888102b9f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.274884] >ffff888102b9f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.275166] ^ [ 14.275299] ffff888102b9f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.275741] ffff888102b9f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.276131] ==================================================================