Date
July 17, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.723201] ================================================================== [ 17.723314] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.723674] Free of addr fff00000c7974001 by task kunit_try_catch/244 [ 17.723719] [ 17.723994] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.724328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.724362] Hardware name: linux,dummy-virt (DT) [ 17.724394] Call trace: [ 17.724417] show_stack+0x20/0x38 (C) [ 17.724473] dump_stack_lvl+0x8c/0xd0 [ 17.724522] print_report+0x118/0x5d0 [ 17.724568] kasan_report_invalid_free+0xc0/0xe8 [ 17.724617] __kasan_mempool_poison_object+0xfc/0x150 [ 17.724669] mempool_free+0x28c/0x328 [ 17.724737] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.724858] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 17.725268] kunit_try_run_case+0x170/0x3f0 [ 17.725765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.726138] kthread+0x328/0x630 [ 17.726295] ret_from_fork+0x10/0x20 [ 17.726396] [ 17.726514] The buggy address belongs to the physical page: [ 17.726930] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107974 [ 17.727234] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.727453] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.727622] page_type: f8(unknown) [ 17.727663] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.727714] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.728281] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.728343] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.728395] head: 0bfffe0000000002 ffffc1ffc31e5d01 00000000ffffffff 00000000ffffffff [ 17.728446] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.728488] page dumped because: kasan: bad access detected [ 17.728520] [ 17.728539] Memory state around the buggy address: [ 17.729333] fff00000c7973f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.729501] fff00000c7973f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.729805] >fff00000c7974000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.729848] ^ [ 17.729876] fff00000c7974080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.729919] fff00000c7974100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.729959] ================================================================== [ 17.690149] ================================================================== [ 17.690211] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.690269] Free of addr fff00000c65ee701 by task kunit_try_catch/242 [ 17.690312] [ 17.692554] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.692705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.692812] Hardware name: linux,dummy-virt (DT) [ 17.693237] Call trace: [ 17.693288] show_stack+0x20/0x38 (C) [ 17.693348] dump_stack_lvl+0x8c/0xd0 [ 17.693394] print_report+0x118/0x5d0 [ 17.693589] kasan_report_invalid_free+0xc0/0xe8 [ 17.693640] check_slab_allocation+0xfc/0x108 [ 17.694102] __kasan_mempool_poison_object+0x78/0x150 [ 17.694165] mempool_free+0x28c/0x328 [ 17.694336] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.694821] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.694916] kunit_try_run_case+0x170/0x3f0 [ 17.695270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.695492] kthread+0x328/0x630 [ 17.695540] ret_from_fork+0x10/0x20 [ 17.696000] [ 17.696049] Allocated by task 242: [ 17.696091] kasan_save_stack+0x3c/0x68 [ 17.696369] kasan_save_track+0x20/0x40 [ 17.696409] kasan_save_alloc_info+0x40/0x58 [ 17.696870] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.696925] remove_element+0x130/0x1f8 [ 17.696971] mempool_alloc_preallocated+0x58/0xc0 [ 17.697179] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 17.697356] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.697402] kunit_try_run_case+0x170/0x3f0 [ 17.698119] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.698174] kthread+0x328/0x630 [ 17.698206] ret_from_fork+0x10/0x20 [ 17.698242] [ 17.698262] The buggy address belongs to the object at fff00000c65ee700 [ 17.698262] which belongs to the cache kmalloc-128 of size 128 [ 17.698743] The buggy address is located 1 bytes inside of [ 17.698743] 128-byte region [fff00000c65ee700, fff00000c65ee780) [ 17.699199] [ 17.699226] The buggy address belongs to the physical page: [ 17.699501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ee [ 17.699892] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.700342] page_type: f5(slab) [ 17.700654] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.700712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.700878] page dumped because: kasan: bad access detected [ 17.700916] [ 17.700933] Memory state around the buggy address: [ 17.700967] fff00000c65ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.701377] fff00000c65ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.701531] >fff00000c65ee700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.701576] ^ [ 17.701778] fff00000c65ee780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.701885] fff00000c65ee800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.702227] ==================================================================
[ 14.793695] ================================================================== [ 14.794534] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.794920] Free of addr ffff8881039b9301 by task kunit_try_catch/258 [ 14.795198] [ 14.795370] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.795416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.795428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.795449] Call Trace: [ 14.795461] <TASK> [ 14.795496] dump_stack_lvl+0x73/0xb0 [ 14.795526] print_report+0xd1/0x610 [ 14.795561] ? __virt_addr_valid+0x1db/0x2d0 [ 14.795586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.795609] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.795637] kasan_report_invalid_free+0x10a/0x130 [ 14.795663] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.795692] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.795718] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.795745] check_slab_allocation+0x11f/0x130 [ 14.795767] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.795793] mempool_free+0x2ec/0x380 [ 14.795840] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.795867] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.795895] ? update_load_avg+0x1be/0x21b0 [ 14.795923] ? finish_task_switch.isra.0+0x153/0x700 [ 14.795949] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.795992] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.796021] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.796046] ? __pfx_mempool_kfree+0x10/0x10 [ 14.796076] ? __pfx_read_tsc+0x10/0x10 [ 14.796098] ? ktime_get_ts64+0x86/0x230 [ 14.796122] kunit_try_run_case+0x1a5/0x480 [ 14.796148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.796171] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.796197] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.796222] ? __kthread_parkme+0x82/0x180 [ 14.796302] ? preempt_count_sub+0x50/0x80 [ 14.796328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.796354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.796380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.796416] kthread+0x337/0x6f0 [ 14.796436] ? trace_preempt_on+0x20/0xc0 [ 14.796460] ? __pfx_kthread+0x10/0x10 [ 14.796481] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.796504] ? calculate_sigpending+0x7b/0xa0 [ 14.796528] ? __pfx_kthread+0x10/0x10 [ 14.796560] ret_from_fork+0x116/0x1d0 [ 14.796579] ? __pfx_kthread+0x10/0x10 [ 14.796600] ret_from_fork_asm+0x1a/0x30 [ 14.796632] </TASK> [ 14.796642] [ 14.806401] Allocated by task 258: [ 14.806649] kasan_save_stack+0x45/0x70 [ 14.806891] kasan_save_track+0x18/0x40 [ 14.807109] kasan_save_alloc_info+0x3b/0x50 [ 14.807318] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.807589] remove_element+0x11e/0x190 [ 14.807853] mempool_alloc_preallocated+0x4d/0x90 [ 14.808218] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.808677] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.808953] kunit_try_run_case+0x1a5/0x480 [ 14.809167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.809380] kthread+0x337/0x6f0 [ 14.809711] ret_from_fork+0x116/0x1d0 [ 14.809912] ret_from_fork_asm+0x1a/0x30 [ 14.810082] [ 14.810153] The buggy address belongs to the object at ffff8881039b9300 [ 14.810153] which belongs to the cache kmalloc-128 of size 128 [ 14.810942] The buggy address is located 1 bytes inside of [ 14.810942] 128-byte region [ffff8881039b9300, ffff8881039b9380) [ 14.811531] [ 14.811619] The buggy address belongs to the physical page: [ 14.811790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b9 [ 14.812121] flags: 0x200000000000000(node=0|zone=2) [ 14.812371] page_type: f5(slab) [ 14.812661] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.813085] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.813643] page dumped because: kasan: bad access detected [ 14.813907] [ 14.813988] Memory state around the buggy address: [ 14.814203] ffff8881039b9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.814747] ffff8881039b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.815127] >ffff8881039b9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.815468] ^ [ 14.815640] ffff8881039b9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.815984] ffff8881039b9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.816201] ================================================================== [ 14.820007] ================================================================== [ 14.820477] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.821031] Free of addr ffff888103a30001 by task kunit_try_catch/260 [ 14.821352] [ 14.821501] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.821547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.821572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.821594] Call Trace: [ 14.821685] <TASK> [ 14.821702] dump_stack_lvl+0x73/0xb0 [ 14.821763] print_report+0xd1/0x610 [ 14.821786] ? __virt_addr_valid+0x1db/0x2d0 [ 14.821810] ? kasan_addr_to_slab+0x11/0xa0 [ 14.821830] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.821859] kasan_report_invalid_free+0x10a/0x130 [ 14.821885] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.821915] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.821941] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.821967] mempool_free+0x2ec/0x380 [ 14.821994] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.822022] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.822049] ? update_load_avg+0x1be/0x21b0 [ 14.822075] ? finish_task_switch.isra.0+0x153/0x700 [ 14.822102] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.822148] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.822179] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.822203] ? __pfx_mempool_kfree+0x10/0x10 [ 14.822228] ? __pfx_read_tsc+0x10/0x10 [ 14.822250] ? ktime_get_ts64+0x86/0x230 [ 14.822274] kunit_try_run_case+0x1a5/0x480 [ 14.822316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.822339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.822365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.822390] ? __kthread_parkme+0x82/0x180 [ 14.822412] ? preempt_count_sub+0x50/0x80 [ 14.822435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.822510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.822536] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.822576] kthread+0x337/0x6f0 [ 14.822595] ? trace_preempt_on+0x20/0xc0 [ 14.822619] ? __pfx_kthread+0x10/0x10 [ 14.822640] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.822663] ? calculate_sigpending+0x7b/0xa0 [ 14.822689] ? __pfx_kthread+0x10/0x10 [ 14.822711] ret_from_fork+0x116/0x1d0 [ 14.822731] ? __pfx_kthread+0x10/0x10 [ 14.822752] ret_from_fork_asm+0x1a/0x30 [ 14.822783] </TASK> [ 14.822794] [ 14.831768] The buggy address belongs to the physical page: [ 14.831951] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a30 [ 14.832312] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.833059] flags: 0x200000000000040(head|node=0|zone=2) [ 14.833717] page_type: f8(unknown) [ 14.834030] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.834800] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.835377] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.835831] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.836064] head: 0200000000000002 ffffea00040e8c01 00000000ffffffff 00000000ffffffff [ 14.836526] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.837185] page dumped because: kasan: bad access detected [ 14.837794] [ 14.837954] Memory state around the buggy address: [ 14.838491] ffff888103a2ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.839107] ffff888103a2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.839622] >ffff888103a30000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.840081] ^ [ 14.840196] ffff888103a30080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.840921] ffff888103a30100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.841507] ==================================================================