Date
July 20, 2025, 11:12 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.450975] ================================================================== [ 17.451258] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.451456] Free of addr fff00000c7025901 by task kunit_try_catch/241 [ 17.451523] [ 17.451557] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.451638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.451678] Hardware name: linux,dummy-virt (DT) [ 17.451709] Call trace: [ 17.451733] show_stack+0x20/0x38 (C) [ 17.451782] dump_stack_lvl+0x8c/0xd0 [ 17.451829] print_report+0x118/0x5d0 [ 17.452155] kasan_report_invalid_free+0xc0/0xe8 [ 17.452215] check_slab_allocation+0xfc/0x108 [ 17.452262] __kasan_mempool_poison_object+0x78/0x150 [ 17.452325] mempool_free+0x28c/0x328 [ 17.452392] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.452498] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.452547] kunit_try_run_case+0x170/0x3f0 [ 17.452893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.452965] kthread+0x328/0x630 [ 17.453008] ret_from_fork+0x10/0x20 [ 17.453327] [ 17.453347] Allocated by task 241: [ 17.453376] kasan_save_stack+0x3c/0x68 [ 17.453419] kasan_save_track+0x20/0x40 [ 17.453454] kasan_save_alloc_info+0x40/0x58 [ 17.453509] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.453552] remove_element+0x130/0x1f8 [ 17.453892] mempool_alloc_preallocated+0x58/0xc0 [ 17.453954] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 17.453997] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.454122] kunit_try_run_case+0x170/0x3f0 [ 17.454160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.454203] kthread+0x328/0x630 [ 17.454236] ret_from_fork+0x10/0x20 [ 17.454270] [ 17.454292] The buggy address belongs to the object at fff00000c7025900 [ 17.454292] which belongs to the cache kmalloc-128 of size 128 [ 17.454404] The buggy address is located 1 bytes inside of [ 17.454404] 128-byte region [fff00000c7025900, fff00000c7025980) [ 17.454627] [ 17.454648] The buggy address belongs to the physical page: [ 17.455255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 17.455478] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.455551] page_type: f5(slab) [ 17.455623] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.455761] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.455892] page dumped because: kasan: bad access detected [ 17.455958] [ 17.455975] Memory state around the buggy address: [ 17.456007] fff00000c7025800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.456059] fff00000c7025880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.456217] >fff00000c7025900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.456275] ^ [ 17.456315] fff00000c7025980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.456357] fff00000c7025a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.456617] ================================================================== [ 17.469487] ================================================================== [ 17.469546] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.469767] Free of addr fff00000c78a0001 by task kunit_try_catch/243 [ 17.470145] [ 17.470260] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.470342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.470716] Hardware name: linux,dummy-virt (DT) [ 17.470795] Call trace: [ 17.470818] show_stack+0x20/0x38 (C) [ 17.470868] dump_stack_lvl+0x8c/0xd0 [ 17.470915] print_report+0x118/0x5d0 [ 17.470961] kasan_report_invalid_free+0xc0/0xe8 [ 17.471025] __kasan_mempool_poison_object+0xfc/0x150 [ 17.471077] mempool_free+0x28c/0x328 [ 17.471122] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.471315] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 17.471367] kunit_try_run_case+0x170/0x3f0 [ 17.471416] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.471470] kthread+0x328/0x630 [ 17.471513] ret_from_fork+0x10/0x20 [ 17.471722] [ 17.471973] The buggy address belongs to the physical page: [ 17.472020] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a0 [ 17.472084] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.472297] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.472350] page_type: f8(unknown) [ 17.472399] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.472452] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.472535] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.472583] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.472631] head: 0bfffe0000000002 ffffc1ffc31e2801 00000000ffffffff 00000000ffffffff [ 17.473118] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.473231] page dumped because: kasan: bad access detected [ 17.473363] [ 17.473382] Memory state around the buggy address: [ 17.473414] fff00000c789ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.473458] fff00000c789ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.473541] >fff00000c78a0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.473806] ^ [ 17.473904] fff00000c78a0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.473949] fff00000c78a0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.474022] ==================================================================
[ 14.017001] ================================================================== [ 14.017505] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.018006] Free of addr ffff888102ad4b01 by task kunit_try_catch/258 [ 14.018253] [ 14.018377] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.018420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.018431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.018452] Call Trace: [ 14.018464] <TASK> [ 14.018476] dump_stack_lvl+0x73/0xb0 [ 14.018503] print_report+0xd1/0x610 [ 14.018524] ? __virt_addr_valid+0x1db/0x2d0 [ 14.018547] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.018567] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.018592] kasan_report_invalid_free+0x10a/0x130 [ 14.018616] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.018642] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.018666] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.018690] check_slab_allocation+0x11f/0x130 [ 14.018711] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.018734] mempool_free+0x2ec/0x380 [ 14.018760] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.018784] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.018808] ? update_curr+0x5c1/0x810 [ 14.018835] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.018858] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.018880] ? schedule+0x7c/0x2e0 [ 14.018902] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.018934] ? __pfx_mempool_kfree+0x10/0x10 [ 14.018958] ? __pfx_read_tsc+0x10/0x10 [ 14.018979] ? ktime_get_ts64+0x86/0x230 [ 14.019002] kunit_try_run_case+0x1a5/0x480 [ 14.019025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.019047] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.019073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.019095] ? __kthread_parkme+0x82/0x180 [ 14.019114] ? preempt_count_sub+0x50/0x80 [ 14.019136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.019160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.019194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.019217] kthread+0x337/0x6f0 [ 14.019236] ? trace_preempt_on+0x20/0xc0 [ 14.019257] ? __pfx_kthread+0x10/0x10 [ 14.019277] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.019298] ? calculate_sigpending+0x7b/0xa0 [ 14.019320] ? __pfx_kthread+0x10/0x10 [ 14.019341] ret_from_fork+0x116/0x1d0 [ 14.019367] ? __pfx_kthread+0x10/0x10 [ 14.019387] ret_from_fork_asm+0x1a/0x30 [ 14.019417] </TASK> [ 14.019428] [ 14.029037] Allocated by task 258: [ 14.029204] kasan_save_stack+0x45/0x70 [ 14.029359] kasan_save_track+0x18/0x40 [ 14.029566] kasan_save_alloc_info+0x3b/0x50 [ 14.029777] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.030056] remove_element+0x11e/0x190 [ 14.030227] mempool_alloc_preallocated+0x4d/0x90 [ 14.030383] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.030644] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.030938] kunit_try_run_case+0x1a5/0x480 [ 14.031231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.031407] kthread+0x337/0x6f0 [ 14.031528] ret_from_fork+0x116/0x1d0 [ 14.031659] ret_from_fork_asm+0x1a/0x30 [ 14.031797] [ 14.031866] The buggy address belongs to the object at ffff888102ad4b00 [ 14.031866] which belongs to the cache kmalloc-128 of size 128 [ 14.032416] The buggy address is located 1 bytes inside of [ 14.032416] 128-byte region [ffff888102ad4b00, ffff888102ad4b80) [ 14.033089] [ 14.033164] The buggy address belongs to the physical page: [ 14.033338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 14.033786] flags: 0x200000000000000(node=0|zone=2) [ 14.034030] page_type: f5(slab) [ 14.034197] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.034575] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.035011] page dumped because: kasan: bad access detected [ 14.035190] [ 14.035260] Memory state around the buggy address: [ 14.035423] ffff888102ad4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.035776] ffff888102ad4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.036110] >ffff888102ad4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.036420] ^ [ 14.036580] ffff888102ad4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.036986] ffff888102ad4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.037664] ================================================================== [ 14.045621] ================================================================== [ 14.046713] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.048047] Free of addr ffff888102b8c001 by task kunit_try_catch/260 [ 14.048544] [ 14.048896] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.048954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.048967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.048988] Call Trace: [ 14.049001] <TASK> [ 14.049015] dump_stack_lvl+0x73/0xb0 [ 14.049045] print_report+0xd1/0x610 [ 14.049066] ? __virt_addr_valid+0x1db/0x2d0 [ 14.049088] ? kasan_addr_to_slab+0x11/0xa0 [ 14.049108] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.049133] kasan_report_invalid_free+0x10a/0x130 [ 14.049156] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.049183] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.049206] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.049229] mempool_free+0x2ec/0x380 [ 14.049255] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.049279] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.049306] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.049326] ? finish_task_switch.isra.0+0x153/0x700 [ 14.049489] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.049521] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.049548] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.049571] ? __pfx_mempool_kfree+0x10/0x10 [ 14.049647] ? __pfx_read_tsc+0x10/0x10 [ 14.049670] ? ktime_get_ts64+0x86/0x230 [ 14.049695] kunit_try_run_case+0x1a5/0x480 [ 14.049754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.049776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.049798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.049821] ? __kthread_parkme+0x82/0x180 [ 14.049841] ? preempt_count_sub+0x50/0x80 [ 14.049863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.049886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.049918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.049941] kthread+0x337/0x6f0 [ 14.049959] ? trace_preempt_on+0x20/0xc0 [ 14.049981] ? __pfx_kthread+0x10/0x10 [ 14.050000] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.050020] ? calculate_sigpending+0x7b/0xa0 [ 14.050042] ? __pfx_kthread+0x10/0x10 [ 14.050063] ret_from_fork+0x116/0x1d0 [ 14.050080] ? __pfx_kthread+0x10/0x10 [ 14.050100] ret_from_fork_asm+0x1a/0x30 [ 14.050129] </TASK> [ 14.050140] [ 14.063996] The buggy address belongs to the physical page: [ 14.064219] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b8c [ 14.064589] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.064993] flags: 0x200000000000040(head|node=0|zone=2) [ 14.065273] page_type: f8(unknown) [ 14.065552] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.065848] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.066225] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.066638] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.066994] head: 0200000000000002 ffffea00040ae301 00000000ffffffff 00000000ffffffff [ 14.067545] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.067919] page dumped because: kasan: bad access detected [ 14.068132] [ 14.068252] Memory state around the buggy address: [ 14.068578] ffff888102b8bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.068884] ffff888102b8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.069230] >ffff888102b8c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.069614] ^ [ 14.069798] ffff888102b8c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.070105] ffff888102b8c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.070428] ==================================================================