Date
July 19, 2025, 11:11 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.403555] ================================================================== [ 17.403612] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.403666] Free of addr fff00000c77d3001 by task kunit_try_catch/242 [ 17.403710] [ 17.403742] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.403820] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.403848] Hardware name: linux,dummy-virt (DT) [ 17.403879] Call trace: [ 17.403902] show_stack+0x20/0x38 (C) [ 17.403949] dump_stack_lvl+0x8c/0xd0 [ 17.403996] print_report+0x118/0x5d0 [ 17.404056] kasan_report_invalid_free+0xc0/0xe8 [ 17.404108] check_slab_allocation+0xfc/0x108 [ 17.404154] __kasan_mempool_poison_object+0x78/0x150 [ 17.404207] mempool_free+0x28c/0x328 [ 17.404744] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.404818] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.404868] kunit_try_run_case+0x170/0x3f0 [ 17.405276] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.405335] kthread+0x328/0x630 [ 17.405389] ret_from_fork+0x10/0x20 [ 17.405554] [ 17.405621] Allocated by task 242: [ 17.405652] kasan_save_stack+0x3c/0x68 [ 17.405696] kasan_save_track+0x20/0x40 [ 17.405765] kasan_save_alloc_info+0x40/0x58 [ 17.406002] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.406224] remove_element+0x130/0x1f8 [ 17.406318] mempool_alloc_preallocated+0x58/0xc0 [ 17.406359] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 17.406448] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.406572] kunit_try_run_case+0x170/0x3f0 [ 17.406612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.406655] kthread+0x328/0x630 [ 17.406687] ret_from_fork+0x10/0x20 [ 17.406747] [ 17.406769] The buggy address belongs to the object at fff00000c77d3000 [ 17.406769] which belongs to the cache kmalloc-128 of size 128 [ 17.406828] The buggy address is located 1 bytes inside of [ 17.406828] 128-byte region [fff00000c77d3000, fff00000c77d3080) [ 17.407037] [ 17.407058] The buggy address belongs to the physical page: [ 17.407249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d3 [ 17.407485] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.407575] page_type: f5(slab) [ 17.407627] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.407754] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.407845] page dumped because: kasan: bad access detected [ 17.407930] [ 17.407954] Memory state around the buggy address: [ 17.408030] fff00000c77d2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.408106] fff00000c77d2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.408149] >fff00000c77d3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.408187] ^ [ 17.408216] fff00000c77d3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.408295] fff00000c77d3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.408426] ================================================================== [ 17.415329] ================================================================== [ 17.415384] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.415438] Free of addr fff00000c77b8001 by task kunit_try_catch/244 [ 17.415498] [ 17.415542] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.415663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.415692] Hardware name: linux,dummy-virt (DT) [ 17.415723] Call trace: [ 17.415746] show_stack+0x20/0x38 (C) [ 17.415882] dump_stack_lvl+0x8c/0xd0 [ 17.416138] print_report+0x118/0x5d0 [ 17.416379] kasan_report_invalid_free+0xc0/0xe8 [ 17.416450] __kasan_mempool_poison_object+0xfc/0x150 [ 17.416857] mempool_free+0x28c/0x328 [ 17.416912] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.417099] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 17.417193] kunit_try_run_case+0x170/0x3f0 [ 17.417340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.417396] kthread+0x328/0x630 [ 17.417441] ret_from_fork+0x10/0x20 [ 17.417486] [ 17.417506] The buggy address belongs to the physical page: [ 17.417549] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077b8 [ 17.417613] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.417661] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.417811] page_type: f8(unknown) [ 17.417852] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.417915] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.418052] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.418160] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.418210] head: 0bfffe0000000002 ffffc1ffc31dee01 00000000ffffffff 00000000ffffffff [ 17.418258] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.418455] page dumped because: kasan: bad access detected [ 17.418489] [ 17.418507] Memory state around the buggy address: [ 17.418554] fff00000c77b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.418598] fff00000c77b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.418640] >fff00000c77b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.418678] ^ [ 17.418706] fff00000c77b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.418890] fff00000c77b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.418929] ==================================================================
[ 13.775380] ================================================================== [ 13.776671] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.777578] Free of addr ffff888103938001 by task kunit_try_catch/261 [ 13.777935] [ 13.778039] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.778087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.778099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.778122] Call Trace: [ 13.778136] <TASK> [ 13.778153] dump_stack_lvl+0x73/0xb0 [ 13.778185] print_report+0xd1/0x610 [ 13.778214] ? __virt_addr_valid+0x1db/0x2d0 [ 13.778240] ? kasan_addr_to_slab+0x11/0xa0 [ 13.778260] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.778286] kasan_report_invalid_free+0x10a/0x130 [ 13.778310] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.778338] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.778363] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.778389] mempool_free+0x2ec/0x380 [ 13.778415] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.778441] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.778468] ? __kasan_check_write+0x18/0x20 [ 13.778488] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.778519] ? finish_task_switch.isra.0+0x153/0x700 [ 13.778545] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.778570] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.778598] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.778620] ? __pfx_mempool_kfree+0x10/0x10 [ 13.778644] ? __pfx_read_tsc+0x10/0x10 [ 13.778666] ? ktime_get_ts64+0x86/0x230 [ 13.778691] kunit_try_run_case+0x1a5/0x480 [ 13.778889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.778915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.778941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.778964] ? __kthread_parkme+0x82/0x180 [ 13.778985] ? preempt_count_sub+0x50/0x80 [ 13.779008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.779031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.779072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.779096] kthread+0x337/0x6f0 [ 13.779115] ? trace_preempt_on+0x20/0xc0 [ 13.779138] ? __pfx_kthread+0x10/0x10 [ 13.779157] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.779178] ? calculate_sigpending+0x7b/0xa0 [ 13.779202] ? __pfx_kthread+0x10/0x10 [ 13.779222] ret_from_fork+0x116/0x1d0 [ 13.779241] ? __pfx_kthread+0x10/0x10 [ 13.779261] ret_from_fork_asm+0x1a/0x30 [ 13.779292] </TASK> [ 13.779302] [ 13.791960] The buggy address belongs to the physical page: [ 13.792648] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103938 [ 13.792997] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.793590] flags: 0x200000000000040(head|node=0|zone=2) [ 13.793959] page_type: f8(unknown) [ 13.794275] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.794738] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.795266] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.795686] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.795988] head: 0200000000000002 ffffea00040e4e01 00000000ffffffff 00000000ffffffff [ 13.796623] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.797060] page dumped because: kasan: bad access detected [ 13.797571] [ 13.797648] Memory state around the buggy address: [ 13.797952] ffff888103937f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.798550] ffff888103937f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.798883] >ffff888103938000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.799465] ^ [ 13.799745] ffff888103938080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.800114] ffff888103938100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.800704] ================================================================== [ 13.737135] ================================================================== [ 13.737666] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.737936] Free of addr ffff8881027f9401 by task kunit_try_catch/259 [ 13.738601] [ 13.738853] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.738903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.738914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.738936] Call Trace: [ 13.738950] <TASK> [ 13.739006] dump_stack_lvl+0x73/0xb0 [ 13.739074] print_report+0xd1/0x610 [ 13.739098] ? __virt_addr_valid+0x1db/0x2d0 [ 13.739158] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.739234] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.739260] kasan_report_invalid_free+0x10a/0x130 [ 13.739285] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.739312] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.739337] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.739361] check_slab_allocation+0x11f/0x130 [ 13.739382] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.739406] mempool_free+0x2ec/0x380 [ 13.739430] ? mempool_alloc_preallocated+0x5b/0x90 [ 13.739473] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.739508] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.739535] ? __kasan_check_write+0x18/0x20 [ 13.739554] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.739576] ? finish_task_switch.isra.0+0x153/0x700 [ 13.739602] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.739626] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.739653] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.739674] ? __pfx_mempool_kfree+0x10/0x10 [ 13.739698] ? __pfx_read_tsc+0x10/0x10 [ 13.739718] ? ktime_get_ts64+0x86/0x230 [ 13.739742] kunit_try_run_case+0x1a5/0x480 [ 13.739767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.739790] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.739814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.739838] ? __kthread_parkme+0x82/0x180 [ 13.739859] ? preempt_count_sub+0x50/0x80 [ 13.739882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.739905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.739929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.739953] kthread+0x337/0x6f0 [ 13.739971] ? trace_preempt_on+0x20/0xc0 [ 13.739994] ? __pfx_kthread+0x10/0x10 [ 13.740013] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.740035] ? calculate_sigpending+0x7b/0xa0 [ 13.740058] ? __pfx_kthread+0x10/0x10 [ 13.740079] ret_from_fork+0x116/0x1d0 [ 13.740097] ? __pfx_kthread+0x10/0x10 [ 13.740116] ret_from_fork_asm+0x1a/0x30 [ 13.740147] </TASK> [ 13.740158] [ 13.756961] Allocated by task 259: [ 13.757436] kasan_save_stack+0x45/0x70 [ 13.757817] kasan_save_track+0x18/0x40 [ 13.757957] kasan_save_alloc_info+0x3b/0x50 [ 13.758382] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.758865] remove_element+0x11e/0x190 [ 13.759318] mempool_alloc_preallocated+0x4d/0x90 [ 13.759483] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.759676] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.759841] kunit_try_run_case+0x1a5/0x480 [ 13.759987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.760563] kthread+0x337/0x6f0 [ 13.760907] ret_from_fork+0x116/0x1d0 [ 13.761423] ret_from_fork_asm+0x1a/0x30 [ 13.761810] [ 13.761988] The buggy address belongs to the object at ffff8881027f9400 [ 13.761988] which belongs to the cache kmalloc-128 of size 128 [ 13.763249] The buggy address is located 1 bytes inside of [ 13.763249] 128-byte region [ffff8881027f9400, ffff8881027f9480) [ 13.764124] [ 13.764309] The buggy address belongs to the physical page: [ 13.764729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027f9 [ 13.764975] flags: 0x200000000000000(node=0|zone=2) [ 13.765597] page_type: f5(slab) [ 13.765918] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.766684] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.767175] page dumped because: kasan: bad access detected [ 13.767349] [ 13.767419] Memory state around the buggy address: [ 13.767828] ffff8881027f9300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.768540] ffff8881027f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.769313] >ffff8881027f9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.769758] ^ [ 13.770129] ffff8881027f9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.770648] ffff8881027f9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.770865] ==================================================================