Date
June 17, 2025, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.132124] ================================================================== [ 19.132237] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.132322] Free of addr fff00000c4fd8b01 by task kunit_try_catch/250 [ 19.132386] [ 19.132433] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 19.132526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.132563] Hardware name: linux,dummy-virt (DT) [ 19.132692] Call trace: [ 19.132718] show_stack+0x20/0x38 (C) [ 19.132880] dump_stack_lvl+0x8c/0xd0 [ 19.132970] print_report+0x118/0x608 [ 19.133023] kasan_report_invalid_free+0xc0/0xe8 [ 19.133075] check_slab_allocation+0xfc/0x108 [ 19.133125] __kasan_mempool_poison_object+0x78/0x150 [ 19.133258] mempool_free+0x28c/0x328 [ 19.133401] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.133510] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.133565] kunit_try_run_case+0x170/0x3f0 [ 19.133648] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.133724] kthread+0x328/0x630 [ 19.133768] ret_from_fork+0x10/0x20 [ 19.133820] [ 19.133837] Allocated by task 250: [ 19.133878] kasan_save_stack+0x3c/0x68 [ 19.134005] kasan_save_track+0x20/0x40 [ 19.134143] kasan_save_alloc_info+0x40/0x58 [ 19.134320] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.134409] remove_element+0x130/0x1f8 [ 19.134516] mempool_alloc_preallocated+0x58/0xc0 [ 19.134591] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.134637] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.134677] kunit_try_run_case+0x170/0x3f0 [ 19.134852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.134900] kthread+0x328/0x630 [ 19.135084] ret_from_fork+0x10/0x20 [ 19.135167] [ 19.135244] The buggy address belongs to the object at fff00000c4fd8b00 [ 19.135244] which belongs to the cache kmalloc-128 of size 128 [ 19.135333] The buggy address is located 1 bytes inside of [ 19.135333] 128-byte region [fff00000c4fd8b00, fff00000c4fd8b80) [ 19.135410] [ 19.135480] The buggy address belongs to the physical page: [ 19.135541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104fd8 [ 19.135641] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.135729] page_type: f5(slab) [ 19.135772] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.136148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.136270] page dumped because: kasan: bad access detected [ 19.136332] [ 19.136389] Memory state around the buggy address: [ 19.136441] fff00000c4fd8a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.136603] fff00000c4fd8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.136880] >fff00000c4fd8b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.137011] ^ [ 19.137081] fff00000c4fd8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.137196] fff00000c4fd8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.137263] ================================================================== [ 19.143713] ================================================================== [ 19.143811] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.143872] Free of addr fff00000c5254001 by task kunit_try_catch/252 [ 19.143947] [ 19.143993] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 19.144104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.144148] Hardware name: linux,dummy-virt (DT) [ 19.144202] Call trace: [ 19.144225] show_stack+0x20/0x38 (C) [ 19.144293] dump_stack_lvl+0x8c/0xd0 [ 19.144346] print_report+0x118/0x608 [ 19.144590] kasan_report_invalid_free+0xc0/0xe8 [ 19.144710] __kasan_mempool_poison_object+0xfc/0x150 [ 19.144794] mempool_free+0x28c/0x328 [ 19.144852] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.144917] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.145178] kunit_try_run_case+0x170/0x3f0 [ 19.145278] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.145374] kthread+0x328/0x630 [ 19.145419] ret_from_fork+0x10/0x20 [ 19.145486] [ 19.145531] The buggy address belongs to the physical page: [ 19.145592] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105254 [ 19.145652] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.145701] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.145756] page_type: f8(unknown) [ 19.146013] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.146208] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.146294] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.146353] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.146462] head: 0bfffe0000000002 ffffc1ffc3149501 00000000ffffffff 00000000ffffffff [ 19.146513] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.146555] page dumped because: kasan: bad access detected [ 19.146587] [ 19.146605] Memory state around the buggy address: [ 19.146638] fff00000c5253f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.146683] fff00000c5253f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.146725] >fff00000c5254000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.146803] ^ [ 19.147016] fff00000c5254080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.147088] fff00000c5254100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.147157] ==================================================================
[ 20.523417] ================================================================== [ 20.524281] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.524921] Free of addr ffff888103970001 by task kunit_try_catch/270 [ 20.525643] [ 20.525882] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.525961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.525981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.526011] Call Trace: [ 20.526030] <TASK> [ 20.526053] dump_stack_lvl+0x73/0xb0 [ 20.526096] print_report+0xd1/0x650 [ 20.526127] ? __virt_addr_valid+0x1db/0x2d0 [ 20.526162] ? kasan_addr_to_slab+0x11/0xa0 [ 20.526191] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526237] kasan_report_invalid_free+0x10a/0x130 [ 20.526321] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526409] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526487] __kasan_mempool_poison_object+0x102/0x1d0 [ 20.526563] mempool_free+0x2ec/0x380 [ 20.526646] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526725] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.526810] ? __kasan_check_write+0x18/0x20 [ 20.526903] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.526974] ? finish_task_switch.isra.0+0x153/0x700 [ 20.527058] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 20.527137] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 20.527226] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.527302] ? __pfx_mempool_kfree+0x10/0x10 [ 20.527381] ? __pfx_read_tsc+0x10/0x10 [ 20.527450] ? ktime_get_ts64+0x86/0x230 [ 20.527531] kunit_try_run_case+0x1a5/0x480 [ 20.527625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.527696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.527767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.527864] ? __kthread_parkme+0x82/0x180 [ 20.527936] ? preempt_count_sub+0x50/0x80 [ 20.528016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.528070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.528105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.528140] kthread+0x337/0x6f0 [ 20.528167] ? trace_preempt_on+0x20/0xc0 [ 20.528205] ? __pfx_kthread+0x10/0x10 [ 20.528265] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.528345] ? calculate_sigpending+0x7b/0xa0 [ 20.528385] ? __pfx_kthread+0x10/0x10 [ 20.528415] ret_from_fork+0x116/0x1d0 [ 20.528443] ? __pfx_kthread+0x10/0x10 [ 20.528471] ret_from_fork_asm+0x1a/0x30 [ 20.528513] </TASK> [ 20.528529] [ 20.552133] The buggy address belongs to the physical page: [ 20.553354] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103970 [ 20.554147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.554890] flags: 0x200000000000040(head|node=0|zone=2) [ 20.555547] page_type: f8(unknown) [ 20.555849] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.556499] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.557678] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.558325] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.559118] head: 0200000000000002 ffffea00040e5c01 00000000ffffffff 00000000ffffffff [ 20.559904] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.560884] page dumped because: kasan: bad access detected [ 20.561389] [ 20.561774] Memory state around the buggy address: [ 20.562163] ffff88810396ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.562791] ffff88810396ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.563871] >ffff888103970000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.564386] ^ [ 20.565337] ffff888103970080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.566070] ffff888103970100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.566886] ================================================================== [ 20.471723] ================================================================== [ 20.472962] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.474250] Free of addr ffff888100ab0001 by task kunit_try_catch/268 [ 20.475009] [ 20.475246] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.475380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.475420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.475477] Call Trace: [ 20.475518] <TASK> [ 20.475580] dump_stack_lvl+0x73/0xb0 [ 20.475664] print_report+0xd1/0x650 [ 20.475739] ? __virt_addr_valid+0x1db/0x2d0 [ 20.475822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.475912] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.475985] kasan_report_invalid_free+0x10a/0x130 [ 20.476065] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476155] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476232] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476313] check_slab_allocation+0x11f/0x130 [ 20.476364] __kasan_mempool_poison_object+0x91/0x1d0 [ 20.476402] mempool_free+0x2ec/0x380 [ 20.476442] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476480] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.476522] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.476553] ? finish_task_switch.isra.0+0x153/0x700 [ 20.476589] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.476622] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 20.476660] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.476691] ? __pfx_mempool_kfree+0x10/0x10 [ 20.476724] ? __pfx_read_tsc+0x10/0x10 [ 20.476755] ? ktime_get_ts64+0x86/0x230 [ 20.476790] kunit_try_run_case+0x1a5/0x480 [ 20.476826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.476884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.476917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.476954] ? __kthread_parkme+0x82/0x180 [ 20.476983] ? preempt_count_sub+0x50/0x80 [ 20.477014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.477048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.477079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.477112] kthread+0x337/0x6f0 [ 20.477139] ? trace_preempt_on+0x20/0xc0 [ 20.477173] ? __pfx_kthread+0x10/0x10 [ 20.477202] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.477263] ? calculate_sigpending+0x7b/0xa0 [ 20.477345] ? __pfx_kthread+0x10/0x10 [ 20.477380] ret_from_fork+0x116/0x1d0 [ 20.477410] ? __pfx_kthread+0x10/0x10 [ 20.477440] ret_from_fork_asm+0x1a/0x30 [ 20.477483] </TASK> [ 20.477498] [ 20.498069] Allocated by task 268: [ 20.498575] kasan_save_stack+0x45/0x70 [ 20.498991] kasan_save_track+0x18/0x40 [ 20.499561] kasan_save_alloc_info+0x3b/0x50 [ 20.499924] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.500459] remove_element+0x11e/0x190 [ 20.500895] mempool_alloc_preallocated+0x4d/0x90 [ 20.501493] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 20.501976] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.502484] kunit_try_run_case+0x1a5/0x480 [ 20.502912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.503612] kthread+0x337/0x6f0 [ 20.503982] ret_from_fork+0x116/0x1d0 [ 20.504317] ret_from_fork_asm+0x1a/0x30 [ 20.504815] [ 20.504993] The buggy address belongs to the object at ffff888100ab0000 [ 20.504993] which belongs to the cache kmalloc-128 of size 128 [ 20.506078] The buggy address is located 1 bytes inside of [ 20.506078] 128-byte region [ffff888100ab0000, ffff888100ab0080) [ 20.507043] [ 20.507255] The buggy address belongs to the physical page: [ 20.507878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 20.508539] flags: 0x200000000000000(node=0|zone=2) [ 20.508973] page_type: f5(slab) [ 20.509462] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.510107] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.510695] page dumped because: kasan: bad access detected [ 20.511445] [ 20.511658] Memory state around the buggy address: [ 20.512066] ffff888100aaff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.512787] ffff888100aaff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.513501] >ffff888100ab0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.514035] ^ [ 20.514508] ffff888100ab0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.515085] ffff888100ab0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.515513] ==================================================================