Date
June 19, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.165859] ================================================================== [ 33.166045] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.166194] Free of addr fff00000c63f4001 by task kunit_try_catch/254 [ 33.166295] [ 33.166384] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 33.166612] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.166679] Hardware name: linux,dummy-virt (DT) [ 33.166756] Call trace: [ 33.166809] show_stack+0x20/0x38 (C) [ 33.167681] dump_stack_lvl+0x8c/0xd0 [ 33.167857] print_report+0x118/0x608 [ 33.168042] kasan_report_invalid_free+0xc0/0xe8 [ 33.168211] __kasan_mempool_poison_object+0xfc/0x150 [ 33.168396] mempool_free+0x28c/0x328 [ 33.168550] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.168735] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 33.168934] kunit_try_run_case+0x170/0x3f0 [ 33.169079] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.169252] kthread+0x328/0x630 [ 33.169404] ret_from_fork+0x10/0x20 [ 33.169517] [ 33.169570] The buggy address belongs to the physical page: [ 33.169654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063f4 [ 33.170118] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.170468] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.170622] page_type: f8(unknown) [ 33.170736] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.170913] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.171045] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.171265] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.171374] head: 0bfffe0000000002 ffffc1ffc318fd01 00000000ffffffff 00000000ffffffff [ 33.171484] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.171584] page dumped because: kasan: bad access detected [ 33.171901] [ 33.171953] Memory state around the buggy address: [ 33.172042] fff00000c63f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.172159] fff00000c63f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.172266] >fff00000c63f4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.172365] ^ [ 33.172440] fff00000c63f4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.172555] fff00000c63f4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.172657] ================================================================== [ 33.138228] ================================================================== [ 33.138513] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.138727] Free of addr fff00000c649df01 by task kunit_try_catch/252 [ 33.138891] [ 33.139573] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 33.139793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.139868] Hardware name: linux,dummy-virt (DT) [ 33.139972] Call trace: [ 33.140030] show_stack+0x20/0x38 (C) [ 33.140497] dump_stack_lvl+0x8c/0xd0 [ 33.140622] print_report+0x118/0x608 [ 33.141021] kasan_report_invalid_free+0xc0/0xe8 [ 33.141171] check_slab_allocation+0xfc/0x108 [ 33.141359] __kasan_mempool_poison_object+0x78/0x150 [ 33.141524] mempool_free+0x28c/0x328 [ 33.141639] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.142025] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.142088] kunit_try_run_case+0x170/0x3f0 [ 33.142145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.142203] kthread+0x328/0x630 [ 33.142252] ret_from_fork+0x10/0x20 [ 33.142309] [ 33.142330] Allocated by task 252: [ 33.142366] kasan_save_stack+0x3c/0x68 [ 33.142415] kasan_save_track+0x20/0x40 [ 33.142458] kasan_save_alloc_info+0x40/0x58 [ 33.142503] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.142551] remove_element+0x130/0x1f8 [ 33.142589] mempool_alloc_preallocated+0x58/0xc0 [ 33.142632] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 33.142681] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.142724] kunit_try_run_case+0x170/0x3f0 [ 33.142765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.142810] kthread+0x328/0x630 [ 33.142846] ret_from_fork+0x10/0x20 [ 33.142924] [ 33.142990] The buggy address belongs to the object at fff00000c649df00 [ 33.142990] which belongs to the cache kmalloc-128 of size 128 [ 33.143172] The buggy address is located 1 bytes inside of [ 33.143172] 128-byte region [fff00000c649df00, fff00000c649df80) [ 33.143391] [ 33.143453] The buggy address belongs to the physical page: [ 33.143561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10649d [ 33.143721] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.143920] page_type: f5(slab) [ 33.144043] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.144175] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 33.144282] page dumped because: kasan: bad access detected [ 33.144366] [ 33.144411] Memory state around the buggy address: [ 33.144522] fff00000c649de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.144641] fff00000c649de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.144802] >fff00000c649df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.145146] ^ [ 33.145223] fff00000c649df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.145333] fff00000c649e000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.145435] ==================================================================
[ 29.078765] ================================================================== [ 29.079827] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.080616] Free of addr ffff888103777801 by task kunit_try_catch/270 [ 29.081160] [ 29.081296] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.081364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.081379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.081405] Call Trace: [ 29.081423] <TASK> [ 29.081448] dump_stack_lvl+0x73/0xb0 [ 29.081494] print_report+0xd1/0x650 [ 29.081520] ? __virt_addr_valid+0x1db/0x2d0 [ 29.081547] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.081574] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081602] kasan_report_invalid_free+0x10a/0x130 [ 29.081628] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081657] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081682] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081708] check_slab_allocation+0x11f/0x130 [ 29.081731] __kasan_mempool_poison_object+0x91/0x1d0 [ 29.081756] mempool_free+0x2ec/0x380 [ 29.081785] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081811] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 29.081839] ? pick_eevdf+0x3c9/0x590 [ 29.081864] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.081889] ? finish_task_switch.isra.0+0x153/0x700 [ 29.081931] mempool_kmalloc_invalid_free+0xed/0x140 [ 29.081956] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 29.081985] ? __pfx_mempool_kmalloc+0x10/0x10 [ 29.082008] ? __pfx_mempool_kfree+0x10/0x10 [ 29.082033] ? __pfx_read_tsc+0x10/0x10 [ 29.082056] ? ktime_get_ts64+0x86/0x230 [ 29.082082] kunit_try_run_case+0x1a5/0x480 [ 29.082132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.082172] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.082216] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.082262] ? __kthread_parkme+0x82/0x180 [ 29.082304] ? preempt_count_sub+0x50/0x80 [ 29.082352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.082404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.082441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.082466] kthread+0x337/0x6f0 [ 29.082488] ? trace_preempt_on+0x20/0xc0 [ 29.082513] ? __pfx_kthread+0x10/0x10 [ 29.082535] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.082563] ? calculate_sigpending+0x7b/0xa0 [ 29.082605] ? __pfx_kthread+0x10/0x10 [ 29.082646] ret_from_fork+0x116/0x1d0 [ 29.082688] ? __pfx_kthread+0x10/0x10 [ 29.082731] ret_from_fork_asm+0x1a/0x30 [ 29.082798] </TASK> [ 29.082824] [ 29.098704] Allocated by task 270: [ 29.098933] kasan_save_stack+0x45/0x70 [ 29.100161] kasan_save_track+0x18/0x40 [ 29.100406] kasan_save_alloc_info+0x3b/0x50 [ 29.100636] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 29.100891] remove_element+0x11e/0x190 [ 29.101081] mempool_alloc_preallocated+0x4d/0x90 [ 29.101261] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 29.101482] mempool_kmalloc_invalid_free+0xed/0x140 [ 29.101688] kunit_try_run_case+0x1a5/0x480 [ 29.101877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.102083] kthread+0x337/0x6f0 [ 29.102256] ret_from_fork+0x116/0x1d0 [ 29.102432] ret_from_fork_asm+0x1a/0x30 [ 29.103716] [ 29.103855] The buggy address belongs to the object at ffff888103777800 [ 29.103855] which belongs to the cache kmalloc-128 of size 128 [ 29.104343] The buggy address is located 1 bytes inside of [ 29.104343] 128-byte region [ffff888103777800, ffff888103777880) [ 29.104820] [ 29.104926] The buggy address belongs to the physical page: [ 29.105124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 29.106077] flags: 0x200000000000000(node=0|zone=2) [ 29.106605] page_type: f5(slab) [ 29.106892] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.107543] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.107820] page dumped because: kasan: bad access detected [ 29.108479] [ 29.108665] Memory state around the buggy address: [ 29.109202] ffff888103777700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.109788] ffff888103777780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.110429] >ffff888103777800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.110908] ^ [ 29.111073] ffff888103777880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.112726] ffff888103777900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.112974] ================================================================== [ 29.119888] ================================================================== [ 29.120894] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121271] Free of addr ffff888102afc001 by task kunit_try_catch/272 [ 29.121486] [ 29.121594] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.121658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.121673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.121698] Call Trace: [ 29.121716] <TASK> [ 29.121741] dump_stack_lvl+0x73/0xb0 [ 29.121778] print_report+0xd1/0x650 [ 29.121803] ? __virt_addr_valid+0x1db/0x2d0 [ 29.121830] ? kasan_addr_to_slab+0x11/0xa0 [ 29.121853] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121881] kasan_report_invalid_free+0x10a/0x130 [ 29.121907] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121937] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121963] __kasan_mempool_poison_object+0x102/0x1d0 [ 29.121989] mempool_free+0x2ec/0x380 [ 29.122017] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.122044] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 29.122073] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.122113] ? finish_task_switch.isra.0+0x153/0x700 [ 29.122148] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 29.122175] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 29.122204] ? __pfx_mempool_kmalloc+0x10/0x10 [ 29.122227] ? __pfx_mempool_kfree+0x10/0x10 [ 29.122253] ? __pfx_read_tsc+0x10/0x10 [ 29.122275] ? ktime_get_ts64+0x86/0x230 [ 29.122301] kunit_try_run_case+0x1a5/0x480 [ 29.122327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.122350] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.122375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.122399] ? __kthread_parkme+0x82/0x180 [ 29.122421] ? preempt_count_sub+0x50/0x80 [ 29.122445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.122469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.122493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.122517] kthread+0x337/0x6f0 [ 29.122539] ? trace_preempt_on+0x20/0xc0 [ 29.122563] ? __pfx_kthread+0x10/0x10 [ 29.122585] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.122607] ? calculate_sigpending+0x7b/0xa0 [ 29.122633] ? __pfx_kthread+0x10/0x10 [ 29.122656] ret_from_fork+0x116/0x1d0 [ 29.122676] ? __pfx_kthread+0x10/0x10 [ 29.122698] ret_from_fork_asm+0x1a/0x30 [ 29.122729] </TASK> [ 29.122741] [ 29.136810] The buggy address belongs to the physical page: [ 29.137293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 29.137731] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.138349] flags: 0x200000000000040(head|node=0|zone=2) [ 29.138696] page_type: f8(unknown) [ 29.139183] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.139587] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.139989] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.140318] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.140603] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 29.140878] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.141383] page dumped because: kasan: bad access detected [ 29.141793] [ 29.141962] Memory state around the buggy address: [ 29.142498] ffff888102afbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.142844] ffff888102afbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.143435] >ffff888102afc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.143712] ^ [ 29.143869] ffff888102afc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.145503] ffff888102afc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.146181] ==================================================================