Date
June 18, 2025, 6:43 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 23.045856] ================================================================== [ 23.046044] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 23.046213] Free of addr fff00000c77c4001 by task kunit_try_catch/253 [ 23.046305] [ 23.046535] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 23.046910] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.046994] Hardware name: linux,dummy-virt (DT) [ 23.047080] Call trace: [ 23.047128] show_stack+0x20/0x38 (C) [ 23.047247] dump_stack_lvl+0x8c/0xd0 [ 23.047361] print_report+0x118/0x608 [ 23.047529] kasan_report_invalid_free+0xc0/0xe8 [ 23.047696] __kasan_mempool_poison_object+0xfc/0x150 [ 23.047823] mempool_free+0x28c/0x328 [ 23.047971] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 23.048109] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 23.048231] kunit_try_run_case+0x170/0x3f0 [ 23.048362] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.048913] kthread+0x328/0x630 [ 23.049031] ret_from_fork+0x10/0x20 [ 23.049152] [ 23.049207] The buggy address belongs to the physical page: [ 23.049286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077c4 [ 23.049689] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.049807] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.049943] page_type: f8(unknown) [ 23.050055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.050172] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.050275] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.050377] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.050486] head: 0bfffe0000000002 ffffc1ffc31df101 00000000ffffffff 00000000ffffffff [ 23.050608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.050709] page dumped because: kasan: bad access detected [ 23.050791] [ 23.050837] Memory state around the buggy address: [ 23.050918] fff00000c77c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.051035] fff00000c77c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.051147] >fff00000c77c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.051241] ^ [ 23.051311] fff00000c77c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.051418] fff00000c77c4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.051518] ================================================================== [ 23.018295] ================================================================== [ 23.018571] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 23.018778] Free of addr fff00000c7791b01 by task kunit_try_catch/251 [ 23.018883] [ 23.018975] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 23.019210] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.019291] Hardware name: linux,dummy-virt (DT) [ 23.019372] Call trace: [ 23.019426] show_stack+0x20/0x38 (C) [ 23.019587] dump_stack_lvl+0x8c/0xd0 [ 23.019795] print_report+0x118/0x608 [ 23.019928] kasan_report_invalid_free+0xc0/0xe8 [ 23.020083] check_slab_allocation+0xfc/0x108 [ 23.020274] __kasan_mempool_poison_object+0x78/0x150 [ 23.020445] mempool_free+0x28c/0x328 [ 23.020569] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 23.020702] mempool_kmalloc_invalid_free+0xc0/0x118 [ 23.020827] kunit_try_run_case+0x170/0x3f0 [ 23.020954] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.021095] kthread+0x328/0x630 [ 23.021261] ret_from_fork+0x10/0x20 [ 23.021433] [ 23.021495] Allocated by task 251: [ 23.021591] kasan_save_stack+0x3c/0x68 [ 23.021741] kasan_save_track+0x20/0x40 [ 23.021885] kasan_save_alloc_info+0x40/0x58 [ 23.022025] __kasan_mempool_unpoison_object+0x11c/0x180 [ 23.022145] remove_element+0x130/0x1f8 [ 23.022232] mempool_alloc_preallocated+0x58/0xc0 [ 23.022319] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 23.022428] mempool_kmalloc_invalid_free+0xc0/0x118 [ 23.022528] kunit_try_run_case+0x170/0x3f0 [ 23.022683] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.022798] kthread+0x328/0x630 [ 23.022890] ret_from_fork+0x10/0x20 [ 23.023039] [ 23.023125] The buggy address belongs to the object at fff00000c7791b00 [ 23.023125] which belongs to the cache kmalloc-128 of size 128 [ 23.023304] The buggy address is located 1 bytes inside of [ 23.023304] 128-byte region [fff00000c7791b00, fff00000c7791b80) [ 23.023456] [ 23.023506] The buggy address belongs to the physical page: [ 23.023590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107791 [ 23.023714] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.023840] page_type: f5(slab) [ 23.023936] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.024071] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.024253] page dumped because: kasan: bad access detected [ 23.024366] [ 23.024417] Memory state around the buggy address: [ 23.024554] fff00000c7791a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.024676] fff00000c7791a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.024804] >fff00000c7791b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.025352] ^ [ 23.025452] fff00000c7791b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.025583] fff00000c7791c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.025691] ==================================================================
[ 12.892037] ================================================================== [ 12.893291] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894066] Free of addr ffff888103888001 by task kunit_try_catch/269 [ 12.894387] [ 12.894577] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.894627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.894641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.894662] Call Trace: [ 12.894674] <TASK> [ 12.894690] dump_stack_lvl+0x73/0xb0 [ 12.894717] print_report+0xd1/0x650 [ 12.894738] ? __virt_addr_valid+0x1db/0x2d0 [ 12.894762] ? kasan_addr_to_slab+0x11/0xa0 [ 12.894781] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894806] kasan_report_invalid_free+0x10a/0x130 [ 12.894829] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894856] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894879] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.894902] mempool_free+0x2ec/0x380 [ 12.894926] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894950] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.894975] ? __kasan_check_write+0x18/0x20 [ 12.894998] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.895020] ? finish_task_switch.isra.0+0x153/0x700 [ 12.895046] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.895068] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.895094] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.895115] ? __pfx_mempool_kfree+0x10/0x10 [ 12.895138] ? __pfx_read_tsc+0x10/0x10 [ 12.895160] ? ktime_get_ts64+0x86/0x230 [ 12.895183] kunit_try_run_case+0x1a5/0x480 [ 12.895227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.895250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.895271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.895293] ? __kthread_parkme+0x82/0x180 [ 12.895312] ? preempt_count_sub+0x50/0x80 [ 12.895334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.895356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.895378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.895400] kthread+0x337/0x6f0 [ 12.895418] ? trace_preempt_on+0x20/0xc0 [ 12.895441] ? __pfx_kthread+0x10/0x10 [ 12.895460] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.895480] ? calculate_sigpending+0x7b/0xa0 [ 12.895503] ? __pfx_kthread+0x10/0x10 [ 12.895523] ret_from_fork+0x116/0x1d0 [ 12.895541] ? __pfx_kthread+0x10/0x10 [ 12.895560] ret_from_fork_asm+0x1a/0x30 [ 12.895590] </TASK> [ 12.895601] [ 12.909626] The buggy address belongs to the physical page: [ 12.909833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810388e600 pfn:0x103888 [ 12.910316] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.910760] flags: 0x200000000000040(head|node=0|zone=2) [ 12.910995] page_type: f8(unknown) [ 12.911144] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.911739] raw: ffff88810388e600 0000000000000000 00000000f8000000 0000000000000000 [ 12.912057] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.912516] head: ffff88810388e600 0000000000000000 00000000f8000000 0000000000000000 [ 12.913059] head: 0200000000000002 ffffea00040e2201 00000000ffffffff 00000000ffffffff [ 12.913627] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.914103] page dumped because: kasan: bad access detected [ 12.914600] [ 12.914687] Memory state around the buggy address: [ 12.914899] ffff888103887f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.915431] ffff888103887f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.915770] >ffff888103888000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.916083] ^ [ 12.916259] ffff888103888080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.916555] ffff888103888100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.916860] ================================================================== [ 12.849657] ================================================================== [ 12.850973] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.851875] Free of addr ffff888101addb01 by task kunit_try_catch/267 [ 12.852082] [ 12.852165] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.852227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.852239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.852260] Call Trace: [ 12.852272] <TASK> [ 12.852290] dump_stack_lvl+0x73/0xb0 [ 12.852319] print_report+0xd1/0x650 [ 12.852340] ? __virt_addr_valid+0x1db/0x2d0 [ 12.852363] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.852387] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852412] kasan_report_invalid_free+0x10a/0x130 [ 12.852436] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852461] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852485] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852508] check_slab_allocation+0x11f/0x130 [ 12.852528] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.852551] mempool_free+0x2ec/0x380 [ 12.852577] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852601] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.852628] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.852648] ? finish_task_switch.isra.0+0x153/0x700 [ 12.852679] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.852701] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.852727] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.852772] ? __pfx_mempool_kfree+0x10/0x10 [ 12.852796] ? __pfx_read_tsc+0x10/0x10 [ 12.852817] ? ktime_get_ts64+0x86/0x230 [ 12.852840] kunit_try_run_case+0x1a5/0x480 [ 12.852864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.852885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.852908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.852930] ? __kthread_parkme+0x82/0x180 [ 12.852950] ? preempt_count_sub+0x50/0x80 [ 12.852973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.852994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.853015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.853038] kthread+0x337/0x6f0 [ 12.853056] ? trace_preempt_on+0x20/0xc0 [ 12.853078] ? __pfx_kthread+0x10/0x10 [ 12.853099] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.853120] ? calculate_sigpending+0x7b/0xa0 [ 12.853143] ? __pfx_kthread+0x10/0x10 [ 12.853164] ret_from_fork+0x116/0x1d0 [ 12.853182] ? __pfx_kthread+0x10/0x10 [ 12.853201] ret_from_fork_asm+0x1a/0x30 [ 12.853240] </TASK> [ 12.853250] [ 12.870021] Allocated by task 267: [ 12.870153] kasan_save_stack+0x45/0x70 [ 12.870549] kasan_save_track+0x18/0x40 [ 12.870925] kasan_save_alloc_info+0x3b/0x50 [ 12.871390] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.871979] remove_element+0x11e/0x190 [ 12.872239] mempool_alloc_preallocated+0x4d/0x90 [ 12.872683] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.873231] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.873386] kunit_try_run_case+0x1a5/0x480 [ 12.873520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.873679] kthread+0x337/0x6f0 [ 12.873791] ret_from_fork+0x116/0x1d0 [ 12.873928] ret_from_fork_asm+0x1a/0x30 [ 12.874057] [ 12.874120] The buggy address belongs to the object at ffff888101addb00 [ 12.874120] which belongs to the cache kmalloc-128 of size 128 [ 12.875187] The buggy address is located 1 bytes inside of [ 12.875187] 128-byte region [ffff888101addb00, ffff888101addb80) [ 12.876275] [ 12.876490] The buggy address belongs to the physical page: [ 12.877078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 12.877431] flags: 0x200000000000000(node=0|zone=2) [ 12.877592] page_type: f5(slab) [ 12.877704] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.877922] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.878134] page dumped because: kasan: bad access detected [ 12.878553] [ 12.878699] Memory state around the buggy address: [ 12.879119] ffff888101adda00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.879898] ffff888101adda80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.880597] >ffff888101addb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.881328] ^ [ 12.881792] ffff888101addb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.882537] ffff888101addc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.883153] ==================================================================