Date
July 9, 2025, 1:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.536702] ================================================================== [ 31.536764] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.536893] Free of addr fff00000c9ad4001 by task kunit_try_catch/275 [ 31.536972] [ 31.537015] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.537119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.537167] Hardware name: linux,dummy-virt (DT) [ 31.537204] Call trace: [ 31.537236] show_stack+0x20/0x38 (C) [ 31.537286] dump_stack_lvl+0x8c/0xd0 [ 31.537335] print_report+0x118/0x5d0 [ 31.537388] kasan_report_invalid_free+0xc0/0xe8 [ 31.537625] __kasan_mempool_poison_object+0xfc/0x150 [ 31.537686] mempool_free+0x28c/0x328 [ 31.537786] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.537871] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 31.537925] kunit_try_run_case+0x170/0x3f0 [ 31.537976] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.538096] kthread+0x328/0x630 [ 31.538141] ret_from_fork+0x10/0x20 [ 31.538453] [ 31.538510] The buggy address belongs to the physical page: [ 31.538545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ad4 [ 31.538654] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.538704] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.538756] page_type: f8(unknown) [ 31.538807] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.538860] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.538910] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.538959] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.539008] head: 0bfffe0000000002 ffffc1ffc326b501 00000000ffffffff 00000000ffffffff [ 31.539344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.539394] page dumped because: kasan: bad access detected [ 31.539483] [ 31.539577] Memory state around the buggy address: [ 31.539640] fff00000c9ad3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.539712] fff00000c9ad3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.539806] >fff00000c9ad4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.539885] ^ [ 31.539913] fff00000c9ad4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.539986] fff00000c9ad4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.540106] ================================================================== [ 31.523041] ================================================================== [ 31.524977] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.525083] Free of addr fff00000c7d40e01 by task kunit_try_catch/273 [ 31.525136] [ 31.525167] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.525397] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.525439] Hardware name: linux,dummy-virt (DT) [ 31.525470] Call trace: [ 31.525494] show_stack+0x20/0x38 (C) [ 31.526066] dump_stack_lvl+0x8c/0xd0 [ 31.526122] print_report+0x118/0x5d0 [ 31.526166] kasan_report_invalid_free+0xc0/0xe8 [ 31.526214] check_slab_allocation+0xfc/0x108 [ 31.526263] __kasan_mempool_poison_object+0x78/0x150 [ 31.526317] mempool_free+0x28c/0x328 [ 31.526363] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.526417] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.526467] kunit_try_run_case+0x170/0x3f0 [ 31.526517] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.526571] kthread+0x328/0x630 [ 31.526612] ret_from_fork+0x10/0x20 [ 31.526661] [ 31.526679] Allocated by task 273: [ 31.526708] kasan_save_stack+0x3c/0x68 [ 31.526750] kasan_save_track+0x20/0x40 [ 31.526787] kasan_save_alloc_info+0x40/0x58 [ 31.526826] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.526868] remove_element+0x130/0x1f8 [ 31.526903] mempool_alloc_preallocated+0x58/0xc0 [ 31.526942] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 31.526985] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.527027] kunit_try_run_case+0x170/0x3f0 [ 31.527077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.527163] kthread+0x328/0x630 [ 31.527279] ret_from_fork+0x10/0x20 [ 31.527314] [ 31.527334] The buggy address belongs to the object at fff00000c7d40e00 [ 31.527334] which belongs to the cache kmalloc-128 of size 128 [ 31.527631] The buggy address is located 1 bytes inside of [ 31.527631] 128-byte region [fff00000c7d40e00, fff00000c7d40e80) [ 31.527694] [ 31.527715] The buggy address belongs to the physical page: [ 31.527758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d40 [ 31.527812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.527872] page_type: f5(slab) [ 31.528162] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.528245] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.528287] page dumped because: kasan: bad access detected [ 31.528560] [ 31.528578] Memory state around the buggy address: [ 31.528608] fff00000c7d40d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.528651] fff00000c7d40d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.528754] >fff00000c7d40e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.528851] ^ [ 31.528888] fff00000c7d40e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.529010] fff00000c7d40f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.529061] ==================================================================
[ 25.840441] ================================================================== [ 25.841171] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.841527] Free of addr ffff8881058d8301 by task kunit_try_catch/291 [ 25.842159] [ 25.842274] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.842501] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.842521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.842545] Call Trace: [ 25.842560] <TASK> [ 25.842579] dump_stack_lvl+0x73/0xb0 [ 25.842612] print_report+0xd1/0x610 [ 25.842635] ? __virt_addr_valid+0x1db/0x2d0 [ 25.842662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.842688] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842727] kasan_report_invalid_free+0x10a/0x130 [ 25.842752] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842789] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842814] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842838] check_slab_allocation+0x11f/0x130 [ 25.842859] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.842883] mempool_free+0x2ec/0x380 [ 25.842908] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842933] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.842962] ? finish_task_switch.isra.0+0x153/0x700 [ 25.842989] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.843012] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.843041] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.843065] ? __pfx_mempool_kfree+0x10/0x10 [ 25.843090] ? __pfx_read_tsc+0x10/0x10 [ 25.843113] ? ktime_get_ts64+0x86/0x230 [ 25.843138] kunit_try_run_case+0x1a5/0x480 [ 25.843162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.843183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.843208] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.843231] ? __kthread_parkme+0x82/0x180 [ 25.843253] ? preempt_count_sub+0x50/0x80 [ 25.843275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.843297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.843322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.843346] kthread+0x337/0x6f0 [ 25.843366] ? trace_preempt_on+0x20/0xc0 [ 25.843389] ? __pfx_kthread+0x10/0x10 [ 25.843409] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.843431] ? calculate_sigpending+0x7b/0xa0 [ 25.843455] ? __pfx_kthread+0x10/0x10 [ 25.843477] ret_from_fork+0x116/0x1d0 [ 25.843496] ? __pfx_kthread+0x10/0x10 [ 25.843516] ret_from_fork_asm+0x1a/0x30 [ 25.843547] </TASK> [ 25.843559] [ 25.855297] Allocated by task 291: [ 25.855661] kasan_save_stack+0x45/0x70 [ 25.855984] kasan_save_track+0x18/0x40 [ 25.856225] kasan_save_alloc_info+0x3b/0x50 [ 25.856639] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.857160] remove_element+0x11e/0x190 [ 25.857294] mempool_alloc_preallocated+0x4d/0x90 [ 25.857441] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.857607] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.857779] kunit_try_run_case+0x1a5/0x480 [ 25.858251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.858745] kthread+0x337/0x6f0 [ 25.859122] ret_from_fork+0x116/0x1d0 [ 25.859559] ret_from_fork_asm+0x1a/0x30 [ 25.860010] [ 25.860203] The buggy address belongs to the object at ffff8881058d8300 [ 25.860203] which belongs to the cache kmalloc-128 of size 128 [ 25.861310] The buggy address is located 1 bytes inside of [ 25.861310] 128-byte region [ffff8881058d8300, ffff8881058d8380) [ 25.861897] [ 25.862085] The buggy address belongs to the physical page: [ 25.862593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d8 [ 25.863302] flags: 0x200000000000000(node=0|zone=2) [ 25.863461] page_type: f5(slab) [ 25.863576] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.864002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.864826] page dumped because: kasan: bad access detected [ 25.865323] [ 25.865496] Memory state around the buggy address: [ 25.865930] ffff8881058d8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.866134] ffff8881058d8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.866334] >ffff8881058d8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.866532] ^ [ 25.866638] ffff8881058d8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.866853] ffff8881058d8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.867259] ================================================================== [ 25.870010] ================================================================== [ 25.870499] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.870786] Free of addr ffff888106234001 by task kunit_try_catch/293 [ 25.871955] [ 25.872084] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.872141] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.872156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.872179] Call Trace: [ 25.872193] <TASK> [ 25.872212] dump_stack_lvl+0x73/0xb0 [ 25.872245] print_report+0xd1/0x610 [ 25.872268] ? __virt_addr_valid+0x1db/0x2d0 [ 25.872293] ? kasan_addr_to_slab+0x11/0xa0 [ 25.872313] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872339] kasan_report_invalid_free+0x10a/0x130 [ 25.872363] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872392] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872416] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.872440] mempool_free+0x2ec/0x380 [ 25.872465] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872489] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.872517] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.872539] ? finish_task_switch.isra.0+0x153/0x700 [ 25.872565] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.872590] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.872618] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.872640] ? __pfx_mempool_kfree+0x10/0x10 [ 25.872663] ? __pfx_read_tsc+0x10/0x10 [ 25.872685] ? ktime_get_ts64+0x86/0x230 [ 25.872723] kunit_try_run_case+0x1a5/0x480 [ 25.872746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.872767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.872791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.872815] ? __kthread_parkme+0x82/0x180 [ 25.872835] ? preempt_count_sub+0x50/0x80 [ 25.872858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.872879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.872956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.872982] kthread+0x337/0x6f0 [ 25.873002] ? trace_preempt_on+0x20/0xc0 [ 25.873026] ? __pfx_kthread+0x10/0x10 [ 25.873046] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.873069] ? calculate_sigpending+0x7b/0xa0 [ 25.873093] ? __pfx_kthread+0x10/0x10 [ 25.873114] ret_from_fork+0x116/0x1d0 [ 25.873133] ? __pfx_kthread+0x10/0x10 [ 25.873153] ret_from_fork_asm+0x1a/0x30 [ 25.873184] </TASK> [ 25.873196] [ 25.881802] The buggy address belongs to the physical page: [ 25.881996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106234 [ 25.882341] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.882583] flags: 0x200000000000040(head|node=0|zone=2) [ 25.882770] page_type: f8(unknown) [ 25.882893] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.883211] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.883537] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.884002] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.884326] head: 0200000000000002 ffffea0004188d01 00000000ffffffff 00000000ffffffff [ 25.884566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.885001] page dumped because: kasan: bad access detected [ 25.885259] [ 25.885349] Memory state around the buggy address: [ 25.885563] ffff888106233f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.885853] ffff888106233f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.886196] >ffff888106234000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.886449] ^ [ 25.886562] ffff888106234080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.886852] ffff888106234100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.887165] ==================================================================