Date
July 9, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.702060] ================================================================== [ 18.702368] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.702560] Free of addr fff00000c640c001 by task kunit_try_catch/243 [ 18.702683] [ 18.702985] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.703172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.703249] Hardware name: linux,dummy-virt (DT) [ 18.703283] Call trace: [ 18.703309] show_stack+0x20/0x38 (C) [ 18.703625] dump_stack_lvl+0x8c/0xd0 [ 18.703816] print_report+0x118/0x608 [ 18.703985] kasan_report_invalid_free+0xc0/0xe8 [ 18.704218] __kasan_mempool_poison_object+0xfc/0x150 [ 18.704396] mempool_free+0x28c/0x328 [ 18.704597] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.705024] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.705254] kunit_try_run_case+0x170/0x3f0 [ 18.705364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.705855] kthread+0x328/0x630 [ 18.706052] ret_from_fork+0x10/0x20 [ 18.706538] [ 18.706592] The buggy address belongs to the physical page: [ 18.707001] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10640c [ 18.707197] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.707360] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.707449] page_type: f8(unknown) [ 18.707509] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.707989] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.708312] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.708391] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.708522] head: 0bfffe0000000002 ffffc1ffc3190301 00000000ffffffff 00000000ffffffff [ 18.708601] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.708803] page dumped because: kasan: bad access detected [ 18.708842] [ 18.708963] Memory state around the buggy address: [ 18.709470] fff00000c640bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.709538] fff00000c640bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.709779] >fff00000c640c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.709979] ^ [ 18.710162] fff00000c640c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.710311] fff00000c640c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.710494] ================================================================== [ 18.682730] ================================================================== [ 18.682790] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.682844] Free of addr fff00000c76afa01 by task kunit_try_catch/241 [ 18.683083] [ 18.683140] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.683228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.683255] Hardware name: linux,dummy-virt (DT) [ 18.683286] Call trace: [ 18.683310] show_stack+0x20/0x38 (C) [ 18.683361] dump_stack_lvl+0x8c/0xd0 [ 18.683412] print_report+0x118/0x608 [ 18.683458] kasan_report_invalid_free+0xc0/0xe8 [ 18.683509] check_slab_allocation+0xfc/0x108 [ 18.683556] __kasan_mempool_poison_object+0x78/0x150 [ 18.683610] mempool_free+0x28c/0x328 [ 18.683658] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.684272] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.684657] kunit_try_run_case+0x170/0x3f0 [ 18.684882] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.685215] kthread+0x328/0x630 [ 18.685425] ret_from_fork+0x10/0x20 [ 18.685483] [ 18.685545] Allocated by task 241: [ 18.685759] kasan_save_stack+0x3c/0x68 [ 18.685952] kasan_save_track+0x20/0x40 [ 18.686062] kasan_save_alloc_info+0x40/0x58 [ 18.686254] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.686361] remove_element+0x130/0x1f8 [ 18.686630] mempool_alloc_preallocated+0x58/0xc0 [ 18.686828] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.687005] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.687319] kunit_try_run_case+0x170/0x3f0 [ 18.687483] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.687537] kthread+0x328/0x630 [ 18.687771] ret_from_fork+0x10/0x20 [ 18.687908] [ 18.688008] The buggy address belongs to the object at fff00000c76afa00 [ 18.688008] which belongs to the cache kmalloc-128 of size 128 [ 18.688074] The buggy address is located 1 bytes inside of [ 18.688074] 128-byte region [fff00000c76afa00, fff00000c76afa80) [ 18.688145] [ 18.688166] The buggy address belongs to the physical page: [ 18.688198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 18.688485] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.688659] page_type: f5(slab) [ 18.688759] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.689150] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.689282] page dumped because: kasan: bad access detected [ 18.689416] [ 18.689437] Memory state around the buggy address: [ 18.689502] fff00000c76af900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.689906] fff00000c76af980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.690093] >fff00000c76afa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.690528] ^ [ 18.690626] fff00000c76afa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.690682] fff00000c76afb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.691024] ==================================================================
[ 14.268749] ================================================================== [ 14.269508] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.269783] Free of addr ffff88810291dd01 by task kunit_try_catch/258 [ 14.269985] [ 14.270076] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.270120] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.270131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.270152] Call Trace: [ 14.270164] <TASK> [ 14.270179] dump_stack_lvl+0x73/0xb0 [ 14.270206] print_report+0xd1/0x650 [ 14.270227] ? __virt_addr_valid+0x1db/0x2d0 [ 14.270250] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.270272] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.270298] kasan_report_invalid_free+0x10a/0x130 [ 14.270322] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.270348] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.270372] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.270395] check_slab_allocation+0x11f/0x130 [ 14.270416] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.270440] mempool_free+0x2ec/0x380 [ 14.270465] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.270489] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.270516] ? __kasan_check_write+0x18/0x20 [ 14.270534] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.270554] ? finish_task_switch.isra.0+0x153/0x700 [ 14.270580] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.270602] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.270628] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.270650] ? __pfx_mempool_kfree+0x10/0x10 [ 14.270673] ? __pfx_read_tsc+0x10/0x10 [ 14.270694] ? ktime_get_ts64+0x86/0x230 [ 14.271762] kunit_try_run_case+0x1a5/0x480 [ 14.271793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.271816] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.271842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.271865] ? __kthread_parkme+0x82/0x180 [ 14.271887] ? preempt_count_sub+0x50/0x80 [ 14.271912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.271936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.271961] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.271986] kthread+0x337/0x6f0 [ 14.272005] ? trace_preempt_on+0x20/0xc0 [ 14.272080] ? __pfx_kthread+0x10/0x10 [ 14.272104] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.272126] ? calculate_sigpending+0x7b/0xa0 [ 14.272151] ? __pfx_kthread+0x10/0x10 [ 14.272171] ret_from_fork+0x116/0x1d0 [ 14.272191] ? __pfx_kthread+0x10/0x10 [ 14.272211] ret_from_fork_asm+0x1a/0x30 [ 14.272243] </TASK> [ 14.272253] [ 14.285601] Allocated by task 258: [ 14.285795] kasan_save_stack+0x45/0x70 [ 14.285975] kasan_save_track+0x18/0x40 [ 14.286343] kasan_save_alloc_info+0x3b/0x50 [ 14.286507] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.286836] remove_element+0x11e/0x190 [ 14.287307] mempool_alloc_preallocated+0x4d/0x90 [ 14.287788] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.288098] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.288382] kunit_try_run_case+0x1a5/0x480 [ 14.288712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.289029] kthread+0x337/0x6f0 [ 14.289315] ret_from_fork+0x116/0x1d0 [ 14.289516] ret_from_fork_asm+0x1a/0x30 [ 14.289813] [ 14.289914] The buggy address belongs to the object at ffff88810291dd00 [ 14.289914] which belongs to the cache kmalloc-128 of size 128 [ 14.290558] The buggy address is located 1 bytes inside of [ 14.290558] 128-byte region [ffff88810291dd00, ffff88810291dd80) [ 14.291024] [ 14.291453] The buggy address belongs to the physical page: [ 14.291698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291d [ 14.292092] flags: 0x200000000000000(node=0|zone=2) [ 14.292488] page_type: f5(slab) [ 14.292622] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.293061] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.293417] page dumped because: kasan: bad access detected [ 14.293648] [ 14.293749] Memory state around the buggy address: [ 14.293947] ffff88810291dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.294659] ffff88810291dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.295112] >ffff88810291dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.295491] ^ [ 14.295653] ffff88810291dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.296186] ffff88810291de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.296584] ================================================================== [ 14.302934] ================================================================== [ 14.303725] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.304048] Free of addr ffff888103990001 by task kunit_try_catch/260 [ 14.304322] [ 14.304440] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.304486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.304498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.304520] Call Trace: [ 14.304532] <TASK> [ 14.304547] dump_stack_lvl+0x73/0xb0 [ 14.304576] print_report+0xd1/0x650 [ 14.304598] ? __virt_addr_valid+0x1db/0x2d0 [ 14.304623] ? kasan_addr_to_slab+0x11/0xa0 [ 14.304644] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.304671] kasan_report_invalid_free+0x10a/0x130 [ 14.304696] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.304735] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.304761] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.304788] mempool_free+0x2ec/0x380 [ 14.304815] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.304842] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.304872] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.304895] ? finish_task_switch.isra.0+0x153/0x700 [ 14.304922] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.304948] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.304977] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.305002] ? __pfx_mempool_kfree+0x10/0x10 [ 14.305029] ? __pfx_read_tsc+0x10/0x10 [ 14.305052] ? ktime_get_ts64+0x86/0x230 [ 14.305077] kunit_try_run_case+0x1a5/0x480 [ 14.305102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.305125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.305150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.305232] ? __kthread_parkme+0x82/0x180 [ 14.305257] ? preempt_count_sub+0x50/0x80 [ 14.305280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.305305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.305330] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.305356] kthread+0x337/0x6f0 [ 14.305374] ? trace_preempt_on+0x20/0xc0 [ 14.305397] ? __pfx_kthread+0x10/0x10 [ 14.305417] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.305439] ? calculate_sigpending+0x7b/0xa0 [ 14.305463] ? __pfx_kthread+0x10/0x10 [ 14.305486] ret_from_fork+0x116/0x1d0 [ 14.305504] ? __pfx_kthread+0x10/0x10 [ 14.305525] ret_from_fork_asm+0x1a/0x30 [ 14.305556] </TASK> [ 14.305566] [ 14.314193] The buggy address belongs to the physical page: [ 14.314505] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103990 [ 14.314932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.315317] flags: 0x200000000000040(head|node=0|zone=2) [ 14.315539] page_type: f8(unknown) [ 14.315722] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.315970] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.316200] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.316497] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.317121] head: 0200000000000002 ffffea00040e6401 00000000ffffffff 00000000ffffffff [ 14.317426] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.317650] page dumped because: kasan: bad access detected [ 14.317926] [ 14.318020] Memory state around the buggy address: [ 14.318294] ffff88810398ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.318620] ffff88810398ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.318955] >ffff888103990000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.319302] ^ [ 14.319423] ffff888103990080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.319748] ffff888103990100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.320128] ==================================================================