Date
July 15, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.657374] ================================================================== [ 17.657433] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.657578] Free of addr fff00000c5962e01 by task kunit_try_catch/242 [ 17.657626] [ 17.657655] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.657765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.657833] Hardware name: linux,dummy-virt (DT) [ 17.657880] Call trace: [ 17.657934] show_stack+0x20/0x38 (C) [ 17.658001] dump_stack_lvl+0x8c/0xd0 [ 17.658076] print_report+0x118/0x5d0 [ 17.658123] kasan_report_invalid_free+0xc0/0xe8 [ 17.658200] check_slab_allocation+0xfc/0x108 [ 17.658368] __kasan_mempool_poison_object+0x78/0x150 [ 17.658446] mempool_free+0x28c/0x328 [ 17.658507] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.658613] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.658689] kunit_try_run_case+0x170/0x3f0 [ 17.658739] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.658812] kthread+0x328/0x630 [ 17.658858] ret_from_fork+0x10/0x20 [ 17.658932] [ 17.658969] Allocated by task 242: [ 17.659015] kasan_save_stack+0x3c/0x68 [ 17.659056] kasan_save_track+0x20/0x40 [ 17.659090] kasan_save_alloc_info+0x40/0x58 [ 17.659163] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.659281] remove_element+0x130/0x1f8 [ 17.659323] mempool_alloc_preallocated+0x58/0xc0 [ 17.659361] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 17.659403] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.659444] kunit_try_run_case+0x170/0x3f0 [ 17.659480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.659542] kthread+0x328/0x630 [ 17.659574] ret_from_fork+0x10/0x20 [ 17.659610] [ 17.659629] The buggy address belongs to the object at fff00000c5962e00 [ 17.659629] which belongs to the cache kmalloc-128 of size 128 [ 17.659693] The buggy address is located 1 bytes inside of [ 17.659693] 128-byte region [fff00000c5962e00, fff00000c5962e80) [ 17.659777] [ 17.659836] The buggy address belongs to the physical page: [ 17.659883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105962 [ 17.659968] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.660036] page_type: f5(slab) [ 17.660077] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.660129] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.660169] page dumped because: kasan: bad access detected [ 17.660211] [ 17.660229] Memory state around the buggy address: [ 17.660259] fff00000c5962d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.660301] fff00000c5962d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.660344] >fff00000c5962e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.660381] ^ [ 17.660408] fff00000c5962e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.660461] fff00000c5962f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.660506] ================================================================== [ 17.665836] ================================================================== [ 17.665966] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.666021] Free of addr fff00000c7928001 by task kunit_try_catch/244 [ 17.666089] [ 17.666172] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.666266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.666292] Hardware name: linux,dummy-virt (DT) [ 17.666323] Call trace: [ 17.666363] show_stack+0x20/0x38 (C) [ 17.666500] dump_stack_lvl+0x8c/0xd0 [ 17.666555] print_report+0x118/0x5d0 [ 17.666601] kasan_report_invalid_free+0xc0/0xe8 [ 17.666702] __kasan_mempool_poison_object+0xfc/0x150 [ 17.666776] mempool_free+0x28c/0x328 [ 17.666819] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.666872] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 17.666924] kunit_try_run_case+0x170/0x3f0 [ 17.666992] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.667045] kthread+0x328/0x630 [ 17.667120] ret_from_fork+0x10/0x20 [ 17.667168] [ 17.667198] The buggy address belongs to the physical page: [ 17.667313] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107928 [ 17.667370] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.667457] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.667512] page_type: f8(unknown) [ 17.667549] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.667635] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.667687] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.667762] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.667839] head: 0bfffe0000000002 ffffc1ffc31e4a01 00000000ffffffff 00000000ffffffff [ 17.667891] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.667934] page dumped because: kasan: bad access detected [ 17.667991] [ 17.668009] Memory state around the buggy address: [ 17.668038] fff00000c7927f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.668080] fff00000c7927f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.668128] >fff00000c7928000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.668250] ^ [ 17.668279] fff00000c7928080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.668322] fff00000c7928100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.668401] ==================================================================
[ 14.249483] ================================================================== [ 14.250031] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.250425] Free of addr ffff8881038e2401 by task kunit_try_catch/258 [ 14.250720] [ 14.250851] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.250895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.250907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.250927] Call Trace: [ 14.250939] <TASK> [ 14.250953] dump_stack_lvl+0x73/0xb0 [ 14.250984] print_report+0xd1/0x610 [ 14.251010] ? __virt_addr_valid+0x1db/0x2d0 [ 14.251035] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.251059] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.251098] kasan_report_invalid_free+0x10a/0x130 [ 14.251123] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.251153] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.251179] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.251205] check_slab_allocation+0x11f/0x130 [ 14.251229] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.251255] mempool_free+0x2ec/0x380 [ 14.251281] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.251308] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.251337] ? kasan_save_track+0x18/0x40 [ 14.251357] ? kasan_save_alloc_info+0x3b/0x50 [ 14.251381] ? kasan_save_stack+0x45/0x70 [ 14.251405] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.251431] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.251460] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.251497] ? __pfx_mempool_kfree+0x10/0x10 [ 14.251523] ? __pfx_read_tsc+0x10/0x10 [ 14.251544] ? ktime_get_ts64+0x86/0x230 [ 14.251569] kunit_try_run_case+0x1a5/0x480 [ 14.251636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.251661] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.251686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.251740] ? __kthread_parkme+0x82/0x180 [ 14.251773] ? preempt_count_sub+0x50/0x80 [ 14.251797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.251845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.251871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.251898] kthread+0x337/0x6f0 [ 14.251917] ? trace_preempt_on+0x20/0xc0 [ 14.251941] ? __pfx_kthread+0x10/0x10 [ 14.251963] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.251986] ? calculate_sigpending+0x7b/0xa0 [ 14.252010] ? __pfx_kthread+0x10/0x10 [ 14.252032] ret_from_fork+0x116/0x1d0 [ 14.252050] ? __pfx_kthread+0x10/0x10 [ 14.252072] ret_from_fork_asm+0x1a/0x30 [ 14.252103] </TASK> [ 14.252113] [ 14.262901] Allocated by task 258: [ 14.263091] kasan_save_stack+0x45/0x70 [ 14.263288] kasan_save_track+0x18/0x40 [ 14.263435] kasan_save_alloc_info+0x3b/0x50 [ 14.263590] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.263779] remove_element+0x11e/0x190 [ 14.264134] mempool_alloc_preallocated+0x4d/0x90 [ 14.264601] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.264896] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.265216] kunit_try_run_case+0x1a5/0x480 [ 14.265574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.265864] kthread+0x337/0x6f0 [ 14.266044] ret_from_fork+0x116/0x1d0 [ 14.266266] ret_from_fork_asm+0x1a/0x30 [ 14.266557] [ 14.266632] The buggy address belongs to the object at ffff8881038e2400 [ 14.266632] which belongs to the cache kmalloc-128 of size 128 [ 14.267005] The buggy address is located 1 bytes inside of [ 14.267005] 128-byte region [ffff8881038e2400, ffff8881038e2480) [ 14.267823] [ 14.267977] The buggy address belongs to the physical page: [ 14.268298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 14.268935] flags: 0x200000000000000(node=0|zone=2) [ 14.269097] page_type: f5(slab) [ 14.269322] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.269839] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.270291] page dumped because: kasan: bad access detected [ 14.270481] [ 14.270625] Memory state around the buggy address: [ 14.271117] ffff8881038e2300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.271480] ffff8881038e2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.271943] >ffff8881038e2400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.272311] ^ [ 14.272522] ffff8881038e2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.272853] ffff8881038e2500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.273208] ================================================================== [ 14.278808] ================================================================== [ 14.279421] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.279905] Free of addr ffff8881029d4001 by task kunit_try_catch/260 [ 14.280216] [ 14.280316] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.280395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.280407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.280429] Call Trace: [ 14.280502] <TASK> [ 14.280556] dump_stack_lvl+0x73/0xb0 [ 14.280591] print_report+0xd1/0x610 [ 14.280614] ? __virt_addr_valid+0x1db/0x2d0 [ 14.280641] ? kasan_addr_to_slab+0x11/0xa0 [ 14.280661] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.280690] kasan_report_invalid_free+0x10a/0x130 [ 14.280715] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.280745] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.280818] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.280847] mempool_free+0x2ec/0x380 [ 14.280875] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.280903] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.280961] ? __kasan_check_write+0x18/0x20 [ 14.280983] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.281006] ? finish_task_switch.isra.0+0x153/0x700 [ 14.281034] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.281061] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.281089] ? __kasan_check_write+0x18/0x20 [ 14.281110] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.281135] ? __pfx_mempool_kfree+0x10/0x10 [ 14.281161] ? __pfx_read_tsc+0x10/0x10 [ 14.281182] ? ktime_get_ts64+0x86/0x230 [ 14.281205] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.281233] kunit_try_run_case+0x1a5/0x480 [ 14.281260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.281285] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.281311] ? __kthread_parkme+0x82/0x180 [ 14.281472] ? preempt_count_sub+0x50/0x80 [ 14.281500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.281526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.281552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.281578] kthread+0x337/0x6f0 [ 14.281597] ? trace_preempt_on+0x20/0xc0 [ 14.281623] ? __pfx_kthread+0x10/0x10 [ 14.281643] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.281666] ? calculate_sigpending+0x7b/0xa0 [ 14.281691] ? __pfx_kthread+0x10/0x10 [ 14.281712] ret_from_fork+0x116/0x1d0 [ 14.281732] ? __pfx_kthread+0x10/0x10 [ 14.281768] ret_from_fork_asm+0x1a/0x30 [ 14.281800] </TASK> [ 14.281810] [ 14.292684] The buggy address belongs to the physical page: [ 14.292968] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d4 [ 14.293361] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.293835] flags: 0x200000000000040(head|node=0|zone=2) [ 14.294100] page_type: f8(unknown) [ 14.294296] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.294838] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.295080] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.295378] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.295960] head: 0200000000000002 ffffea00040a7501 00000000ffffffff 00000000ffffffff [ 14.296311] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.296835] page dumped because: kasan: bad access detected [ 14.297011] [ 14.297080] Memory state around the buggy address: [ 14.297321] ffff8881029d3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.297938] ffff8881029d3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.298462] >ffff8881029d4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.298769] ^ [ 14.298906] ffff8881029d4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.299145] ffff8881029d4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.299856] ==================================================================