Date
July 17, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.829569] ================================================================== [ 18.829725] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.829788] Free of addr fff00000c79b8001 by task kunit_try_catch/243 [ 18.829975] [ 18.830042] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.832289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.832342] Hardware name: linux,dummy-virt (DT) [ 18.832377] Call trace: [ 18.832400] show_stack+0x20/0x38 (C) [ 18.832459] dump_stack_lvl+0x8c/0xd0 [ 18.832510] print_report+0x118/0x5d0 [ 18.832559] kasan_report_invalid_free+0xc0/0xe8 [ 18.832608] __kasan_mempool_poison_object+0xfc/0x150 [ 18.832659] mempool_free+0x28c/0x328 [ 18.832703] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.832754] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.832805] kunit_try_run_case+0x170/0x3f0 [ 18.832855] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.832922] kthread+0x328/0x630 [ 18.832965] ret_from_fork+0x10/0x20 [ 18.833012] [ 18.833033] The buggy address belongs to the physical page: [ 18.833067] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079b8 [ 18.833122] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.833170] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.833224] page_type: f8(unknown) [ 18.833264] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.833312] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.833361] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.833429] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.833489] head: 0bfffe0000000002 ffffc1ffc31e6e01 00000000ffffffff 00000000ffffffff [ 18.833536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.833578] page dumped because: kasan: bad access detected [ 18.833607] [ 18.833626] Memory state around the buggy address: [ 18.833658] fff00000c79b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.833720] fff00000c79b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.833771] >fff00000c79b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.833820] ^ [ 18.833858] fff00000c79b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.833910] fff00000c79b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.833949] ================================================================== [ 18.814732] ================================================================== [ 18.814881] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.814946] Free of addr fff00000c656ae01 by task kunit_try_catch/241 [ 18.815289] [ 18.815389] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.815477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.815505] Hardware name: linux,dummy-virt (DT) [ 18.815674] Call trace: [ 18.815708] show_stack+0x20/0x38 (C) [ 18.815764] dump_stack_lvl+0x8c/0xd0 [ 18.815979] print_report+0x118/0x5d0 [ 18.816033] kasan_report_invalid_free+0xc0/0xe8 [ 18.816202] check_slab_allocation+0xfc/0x108 [ 18.816293] __kasan_mempool_poison_object+0x78/0x150 [ 18.816586] mempool_free+0x28c/0x328 [ 18.816639] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.816952] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.817228] kunit_try_run_case+0x170/0x3f0 [ 18.817359] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.817423] kthread+0x328/0x630 [ 18.817517] ret_from_fork+0x10/0x20 [ 18.817573] [ 18.817591] Allocated by task 241: [ 18.817621] kasan_save_stack+0x3c/0x68 [ 18.817663] kasan_save_track+0x20/0x40 [ 18.817706] kasan_save_alloc_info+0x40/0x58 [ 18.817746] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.817788] remove_element+0x130/0x1f8 [ 18.817831] mempool_alloc_preallocated+0x58/0xc0 [ 18.817890] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.817933] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.817972] kunit_try_run_case+0x170/0x3f0 [ 18.818009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.818051] kthread+0x328/0x630 [ 18.818082] ret_from_fork+0x10/0x20 [ 18.818127] [ 18.818146] The buggy address belongs to the object at fff00000c656ae00 [ 18.818146] which belongs to the cache kmalloc-128 of size 128 [ 18.818220] The buggy address is located 1 bytes inside of [ 18.818220] 128-byte region [fff00000c656ae00, fff00000c656ae80) [ 18.818278] [ 18.818303] The buggy address belongs to the physical page: [ 18.818352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656a [ 18.818406] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.818473] page_type: f5(slab) [ 18.818511] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.818561] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.818600] page dumped because: kasan: bad access detected [ 18.818632] [ 18.818652] Memory state around the buggy address: [ 18.818681] fff00000c656ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.818734] fff00000c656ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.818785] >fff00000c656ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.818823] ^ [ 18.819138] fff00000c656ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.819413] fff00000c656af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.819494] ==================================================================
[ 14.084880] ================================================================== [ 14.085441] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.085795] Free of addr ffff888103abc001 by task kunit_try_catch/260 [ 14.086173] [ 14.086305] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.086366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.086382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.086406] Call Trace: [ 14.086430] <TASK> [ 14.086448] dump_stack_lvl+0x73/0xb0 [ 14.086480] print_report+0xd1/0x610 [ 14.086503] ? __virt_addr_valid+0x1db/0x2d0 [ 14.086536] ? kasan_addr_to_slab+0x11/0xa0 [ 14.086555] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.086582] kasan_report_invalid_free+0x10a/0x130 [ 14.086629] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.086657] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.086682] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.086707] mempool_free+0x2ec/0x380 [ 14.086743] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.086770] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.086803] ? finish_task_switch.isra.0+0x153/0x700 [ 14.086850] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.086877] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.086920] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.086944] ? __pfx_mempool_kfree+0x10/0x10 [ 14.086971] ? __pfx_read_tsc+0x10/0x10 [ 14.086991] ? ktime_get_ts64+0x86/0x230 [ 14.087016] kunit_try_run_case+0x1a5/0x480 [ 14.087042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.087073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.087098] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.087122] ? __kthread_parkme+0x82/0x180 [ 14.087144] ? preempt_count_sub+0x50/0x80 [ 14.087166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.087190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.087214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.087238] kthread+0x337/0x6f0 [ 14.087257] ? trace_preempt_on+0x20/0xc0 [ 14.087281] ? __pfx_kthread+0x10/0x10 [ 14.087301] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.087322] ? calculate_sigpending+0x7b/0xa0 [ 14.087346] ? __pfx_kthread+0x10/0x10 [ 14.087369] ret_from_fork+0x116/0x1d0 [ 14.087387] ? __pfx_kthread+0x10/0x10 [ 14.087407] ret_from_fork_asm+0x1a/0x30 [ 14.087440] </TASK> [ 14.087452] [ 14.096771] The buggy address belongs to the physical page: [ 14.097277] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103abc [ 14.097720] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.098135] flags: 0x200000000000040(head|node=0|zone=2) [ 14.098425] page_type: f8(unknown) [ 14.098598] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.099027] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.099367] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.099699] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.100126] head: 0200000000000002 ffffea00040eaf01 00000000ffffffff 00000000ffffffff [ 14.100464] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.100875] page dumped because: kasan: bad access detected [ 14.101249] [ 14.101327] Memory state around the buggy address: [ 14.101541] ffff888103abbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.101856] ffff888103abbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.102190] >ffff888103abc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.102427] ^ [ 14.102594] ffff888103abc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.103103] ffff888103abc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.103424] ================================================================== [ 14.051487] ================================================================== [ 14.051913] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.052453] Free of addr ffff888102f42c01 by task kunit_try_catch/258 [ 14.052875] [ 14.053306] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.053356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.053369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.053391] Call Trace: [ 14.053402] <TASK> [ 14.053419] dump_stack_lvl+0x73/0xb0 [ 14.053453] print_report+0xd1/0x610 [ 14.053475] ? __virt_addr_valid+0x1db/0x2d0 [ 14.053501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.053523] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.053550] kasan_report_invalid_free+0x10a/0x130 [ 14.053575] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.053720] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.053746] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.053770] check_slab_allocation+0x11f/0x130 [ 14.053792] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.053817] mempool_free+0x2ec/0x380 [ 14.053892] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.053920] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.053947] ? __kasan_check_write+0x18/0x20 [ 14.053966] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.053989] ? finish_task_switch.isra.0+0x153/0x700 [ 14.054016] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.054040] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.054131] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.054153] ? __pfx_mempool_kfree+0x10/0x10 [ 14.054177] ? __pfx_read_tsc+0x10/0x10 [ 14.054199] ? ktime_get_ts64+0x86/0x230 [ 14.054228] kunit_try_run_case+0x1a5/0x480 [ 14.054254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.054276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.054301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.054324] ? __kthread_parkme+0x82/0x180 [ 14.054346] ? preempt_count_sub+0x50/0x80 [ 14.054368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.054392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.054416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.054439] kthread+0x337/0x6f0 [ 14.054457] ? trace_preempt_on+0x20/0xc0 [ 14.054481] ? __pfx_kthread+0x10/0x10 [ 14.054501] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.054522] ? calculate_sigpending+0x7b/0xa0 [ 14.054547] ? __pfx_kthread+0x10/0x10 [ 14.054568] ret_from_fork+0x116/0x1d0 [ 14.054587] ? __pfx_kthread+0x10/0x10 [ 14.054607] ret_from_fork_asm+0x1a/0x30 [ 14.054640] </TASK> [ 14.054650] [ 14.070618] Allocated by task 258: [ 14.070813] kasan_save_stack+0x45/0x70 [ 14.070983] kasan_save_track+0x18/0x40 [ 14.071273] kasan_save_alloc_info+0x3b/0x50 [ 14.071488] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.071835] remove_element+0x11e/0x190 [ 14.072077] mempool_alloc_preallocated+0x4d/0x90 [ 14.072430] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.072686] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.072937] kunit_try_run_case+0x1a5/0x480 [ 14.073204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.073491] kthread+0x337/0x6f0 [ 14.073725] ret_from_fork+0x116/0x1d0 [ 14.073989] ret_from_fork_asm+0x1a/0x30 [ 14.074168] [ 14.074248] The buggy address belongs to the object at ffff888102f42c00 [ 14.074248] which belongs to the cache kmalloc-128 of size 128 [ 14.074850] The buggy address is located 1 bytes inside of [ 14.074850] 128-byte region [ffff888102f42c00, ffff888102f42c80) [ 14.075373] [ 14.075448] The buggy address belongs to the physical page: [ 14.075690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f42 [ 14.076132] flags: 0x200000000000000(node=0|zone=2) [ 14.076301] page_type: f5(slab) [ 14.077010] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.077558] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.078011] page dumped because: kasan: bad access detected [ 14.078271] [ 14.078384] Memory state around the buggy address: [ 14.078564] ffff888102f42b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.078983] ffff888102f42b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.079299] >ffff888102f42c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.079624] ^ [ 14.079781] ffff888102f42c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.080309] ffff888102f42d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.080626] ==================================================================