Date
July 4, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.863105] ================================================================== [ 31.863385] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.863508] Free of addr fff00000c929ff01 by task kunit_try_catch/274 [ 31.863685] [ 31.863718] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.863805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.863833] Hardware name: linux,dummy-virt (DT) [ 31.863864] Call trace: [ 31.863887] show_stack+0x20/0x38 (C) [ 31.864156] dump_stack_lvl+0x8c/0xd0 [ 31.864375] print_report+0x118/0x608 [ 31.864522] kasan_report_invalid_free+0xc0/0xe8 [ 31.864588] check_slab_allocation+0xfc/0x108 [ 31.864715] __kasan_mempool_poison_object+0x78/0x150 [ 31.864832] mempool_free+0x28c/0x328 [ 31.865101] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.865399] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.865629] kunit_try_run_case+0x170/0x3f0 [ 31.865693] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.865806] kthread+0x328/0x630 [ 31.865850] ret_from_fork+0x10/0x20 [ 31.865908] [ 31.865928] Allocated by task 274: [ 31.865957] kasan_save_stack+0x3c/0x68 [ 31.866021] kasan_save_track+0x20/0x40 [ 31.866058] kasan_save_alloc_info+0x40/0x58 [ 31.866134] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.866352] remove_element+0x130/0x1f8 [ 31.866535] mempool_alloc_preallocated+0x58/0xc0 [ 31.866577] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 31.866619] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.866661] kunit_try_run_case+0x170/0x3f0 [ 31.866701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.866744] kthread+0x328/0x630 [ 31.866777] ret_from_fork+0x10/0x20 [ 31.866831] [ 31.866937] The buggy address belongs to the object at fff00000c929ff00 [ 31.866937] which belongs to the cache kmalloc-128 of size 128 [ 31.867205] The buggy address is located 1 bytes inside of [ 31.867205] 128-byte region [fff00000c929ff00, fff00000c929ff80) [ 31.867265] [ 31.867291] The buggy address belongs to the physical page: [ 31.867404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10929f [ 31.867544] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.867592] page_type: f5(slab) [ 31.867636] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.867797] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 31.867873] page dumped because: kasan: bad access detected [ 31.867915] [ 31.867934] Memory state around the buggy address: [ 31.867966] fff00000c929fe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.868010] fff00000c929fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.868051] >fff00000c929ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.868435] ^ [ 31.868566] fff00000c929ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.868779] fff00000c92a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.868825] ================================================================== [ 31.882328] ================================================================== [ 31.882390] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.882479] Free of addr fff00000c9c14001 by task kunit_try_catch/276 [ 31.882638] [ 31.882675] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.882955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.882988] Hardware name: linux,dummy-virt (DT) [ 31.883018] Call trace: [ 31.883041] show_stack+0x20/0x38 (C) [ 31.883094] dump_stack_lvl+0x8c/0xd0 [ 31.883138] print_report+0x118/0x608 [ 31.883186] kasan_report_invalid_free+0xc0/0xe8 [ 31.883236] __kasan_mempool_poison_object+0xfc/0x150 [ 31.883288] mempool_free+0x28c/0x328 [ 31.883332] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.883400] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 31.883454] kunit_try_run_case+0x170/0x3f0 [ 31.883501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.883555] kthread+0x328/0x630 [ 31.883597] ret_from_fork+0x10/0x20 [ 31.883646] [ 31.883674] The buggy address belongs to the physical page: [ 31.883808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c14 [ 31.884130] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.884431] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.884488] page_type: f8(unknown) [ 31.884528] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.884711] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.885075] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.885186] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.885286] head: 0bfffe0000000002 ffffc1ffc3270501 00000000ffffffff 00000000ffffffff [ 31.885359] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.885561] page dumped because: kasan: bad access detected [ 31.885610] [ 31.885628] Memory state around the buggy address: [ 31.885662] fff00000c9c13f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.886185] fff00000c9c13f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.886244] >fff00000c9c14000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.886286] ^ [ 31.886314] fff00000c9c14080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.886386] fff00000c9c14100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.886426] ==================================================================
[ 26.844794] ================================================================== [ 26.846224] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.847287] Free of addr ffff8881062d8001 by task kunit_try_catch/292 [ 26.847886] [ 26.848084] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.848150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.848165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.848194] Call Trace: [ 26.848210] <TASK> [ 26.848237] dump_stack_lvl+0x73/0xb0 [ 26.848270] print_report+0xd1/0x650 [ 26.848296] ? __virt_addr_valid+0x1db/0x2d0 [ 26.848327] ? kasan_addr_to_slab+0x11/0xa0 [ 26.848354] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848384] kasan_report_invalid_free+0x10a/0x130 [ 26.848427] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848460] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848489] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.848517] mempool_free+0x2ec/0x380 [ 26.848548] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848587] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.848617] ? __kasan_check_write+0x18/0x20 [ 26.848643] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.848670] ? finish_task_switch.isra.0+0x153/0x700 [ 26.848701] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 26.848730] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.848760] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.848787] ? __pfx_mempool_kfree+0x10/0x10 [ 26.848814] ? __pfx_read_tsc+0x10/0x10 [ 26.848839] ? ktime_get_ts64+0x86/0x230 [ 26.848868] kunit_try_run_case+0x1a5/0x480 [ 26.848909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.848938] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.848968] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.848997] ? __kthread_parkme+0x82/0x180 [ 26.849021] ? preempt_count_sub+0x50/0x80 [ 26.849046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.849075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.849104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.849134] kthread+0x337/0x6f0 [ 26.849156] ? trace_preempt_on+0x20/0xc0 [ 26.849184] ? __pfx_kthread+0x10/0x10 [ 26.849207] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.849233] ? calculate_sigpending+0x7b/0xa0 [ 26.849262] ? __pfx_kthread+0x10/0x10 [ 26.849286] ret_from_fork+0x116/0x1d0 [ 26.849308] ? __pfx_kthread+0x10/0x10 [ 26.849332] ret_from_fork_asm+0x1a/0x30 [ 26.849368] </TASK> [ 26.849382] [ 26.865608] The buggy address belongs to the physical page: [ 26.865847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d8 [ 26.866124] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.866376] flags: 0x200000000000040(head|node=0|zone=2) [ 26.867675] page_type: f8(unknown) [ 26.867831] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.868116] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.868481] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.869259] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.870029] head: 0200000000000002 ffffea000418b601 00000000ffffffff 00000000ffffffff [ 26.871724] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.872610] page dumped because: kasan: bad access detected [ 26.873506] [ 26.873628] Memory state around the buggy address: [ 26.874315] ffff8881062d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.874858] ffff8881062d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.875776] >ffff8881062d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.876666] ^ [ 26.876846] ffff8881062d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.877642] ffff8881062d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.878460] ================================================================== [ 26.805679] ================================================================== [ 26.806324] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807008] Free of addr ffff888106258601 by task kunit_try_catch/290 [ 26.807483] [ 26.807607] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.807722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.807736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.807763] Call Trace: [ 26.807779] <TASK> [ 26.807802] dump_stack_lvl+0x73/0xb0 [ 26.807837] print_report+0xd1/0x650 [ 26.807862] ? __virt_addr_valid+0x1db/0x2d0 [ 26.807890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.807918] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807974] kasan_report_invalid_free+0x10a/0x130 [ 26.808001] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808029] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808084] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808110] check_slab_allocation+0x11f/0x130 [ 26.808139] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.808164] mempool_free+0x2ec/0x380 [ 26.808195] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808226] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.808252] ? update_load_avg+0x1be/0x21b0 [ 26.808280] ? dequeue_entities+0x27e/0x1740 [ 26.808308] ? finish_task_switch.isra.0+0x153/0x700 [ 26.808337] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.808362] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.808401] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.808425] ? __pfx_mempool_kfree+0x10/0x10 [ 26.808451] ? __pfx_read_tsc+0x10/0x10 [ 26.808476] ? ktime_get_ts64+0x86/0x230 [ 26.808503] kunit_try_run_case+0x1a5/0x480 [ 26.808533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.808558] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.808586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.808612] ? __kthread_parkme+0x82/0x180 [ 26.808635] ? preempt_count_sub+0x50/0x80 [ 26.808659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.808686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.808712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.808738] kthread+0x337/0x6f0 [ 26.808759] ? trace_preempt_on+0x20/0xc0 [ 26.808786] ? __pfx_kthread+0x10/0x10 [ 26.808808] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.808831] ? calculate_sigpending+0x7b/0xa0 [ 26.808858] ? __pfx_kthread+0x10/0x10 [ 26.808896] ret_from_fork+0x116/0x1d0 [ 26.808917] ? __pfx_kthread+0x10/0x10 [ 26.808939] ret_from_fork_asm+0x1a/0x30 [ 26.808973] </TASK> [ 26.808987] [ 26.823812] Allocated by task 290: [ 26.824386] kasan_save_stack+0x45/0x70 [ 26.824854] kasan_save_track+0x18/0x40 [ 26.825325] kasan_save_alloc_info+0x3b/0x50 [ 26.825986] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.826199] remove_element+0x11e/0x190 [ 26.826346] mempool_alloc_preallocated+0x4d/0x90 [ 26.827104] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 26.827881] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.828399] kunit_try_run_case+0x1a5/0x480 [ 26.829203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.829595] kthread+0x337/0x6f0 [ 26.829744] ret_from_fork+0x116/0x1d0 [ 26.830116] ret_from_fork_asm+0x1a/0x30 [ 26.830693] [ 26.831057] The buggy address belongs to the object at ffff888106258600 [ 26.831057] which belongs to the cache kmalloc-128 of size 128 [ 26.832759] The buggy address is located 1 bytes inside of [ 26.832759] 128-byte region [ffff888106258600, ffff888106258680) [ 26.833942] [ 26.834592] The buggy address belongs to the physical page: [ 26.834817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 26.835231] flags: 0x200000000000000(node=0|zone=2) [ 26.835569] page_type: f5(slab) [ 26.835712] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.836109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.837025] page dumped because: kasan: bad access detected [ 26.837606] [ 26.837772] Memory state around the buggy address: [ 26.838282] ffff888106258500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.839177] ffff888106258580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.839728] >ffff888106258600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.839970] ^ [ 26.840094] ffff888106258680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.840336] ffff888106258700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.840581] ==================================================================