Date
July 16, 2025, 12:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.857013] ================================================================== [ 32.857071] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.857128] Free of addr fff00000c9bfc001 by task kunit_try_catch/274 [ 32.857705] [ 32.857739] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 32.857826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.857855] Hardware name: linux,dummy-virt (DT) [ 32.857889] Call trace: [ 32.857911] show_stack+0x20/0x38 (C) [ 32.857961] dump_stack_lvl+0x8c/0xd0 [ 32.858009] print_report+0x118/0x5d0 [ 32.858061] kasan_report_invalid_free+0xc0/0xe8 [ 32.858246] __kasan_mempool_poison_object+0xfc/0x150 [ 32.858394] mempool_free+0x28c/0x328 [ 32.858537] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.858592] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 32.858985] kunit_try_run_case+0x170/0x3f0 [ 32.859040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.859650] kthread+0x328/0x630 [ 32.859807] ret_from_fork+0x10/0x20 [ 32.859858] [ 32.859879] The buggy address belongs to the physical page: [ 32.859913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bfc [ 32.860298] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.860397] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.860513] page_type: f8(unknown) [ 32.860733] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.860821] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.861104] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.861182] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.861233] head: 0bfffe0000000002 ffffc1ffc326ff01 00000000ffffffff 00000000ffffffff [ 32.861285] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.861328] page dumped because: kasan: bad access detected [ 32.861360] [ 32.861388] Memory state around the buggy address: [ 32.861426] fff00000c9bfbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.861878] fff00000c9bfbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.861976] >fff00000c9bfc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.862016] ^ [ 32.862043] fff00000c9bfc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.862438] fff00000c9bfc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.862582] ================================================================== [ 32.839229] ================================================================== [ 32.839288] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.839341] Free of addr fff00000c9ba2e01 by task kunit_try_catch/272 [ 32.839738] [ 32.839802] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 32.840119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.840336] Hardware name: linux,dummy-virt (DT) [ 32.840500] Call trace: [ 32.840532] show_stack+0x20/0x38 (C) [ 32.840582] dump_stack_lvl+0x8c/0xd0 [ 32.840649] print_report+0x118/0x5d0 [ 32.840864] kasan_report_invalid_free+0xc0/0xe8 [ 32.841035] check_slab_allocation+0xfc/0x108 [ 32.841161] __kasan_mempool_poison_object+0x78/0x150 [ 32.841261] mempool_free+0x28c/0x328 [ 32.841385] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.841440] mempool_kmalloc_invalid_free+0xc0/0x118 [ 32.841492] kunit_try_run_case+0x170/0x3f0 [ 32.841548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.841647] kthread+0x328/0x630 [ 32.841767] ret_from_fork+0x10/0x20 [ 32.841922] [ 32.841943] Allocated by task 272: [ 32.841997] kasan_save_stack+0x3c/0x68 [ 32.842105] kasan_save_track+0x20/0x40 [ 32.842186] kasan_save_alloc_info+0x40/0x58 [ 32.842297] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.842394] remove_element+0x130/0x1f8 [ 32.842432] mempool_alloc_preallocated+0x58/0xc0 [ 32.842473] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 32.843073] mempool_kmalloc_invalid_free+0xc0/0x118 [ 32.843128] kunit_try_run_case+0x170/0x3f0 [ 32.843403] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.843540] kthread+0x328/0x630 [ 32.843879] ret_from_fork+0x10/0x20 [ 32.843965] [ 32.843990] The buggy address belongs to the object at fff00000c9ba2e00 [ 32.843990] which belongs to the cache kmalloc-128 of size 128 [ 32.844050] The buggy address is located 1 bytes inside of [ 32.844050] 128-byte region [fff00000c9ba2e00, fff00000c9ba2e80) [ 32.844270] [ 32.844318] The buggy address belongs to the physical page: [ 32.844371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ba2 [ 32.844516] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.844567] page_type: f5(slab) [ 32.844604] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.844656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.844698] page dumped because: kasan: bad access detected [ 32.844730] [ 32.844748] Memory state around the buggy address: [ 32.844810] fff00000c9ba2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.844856] fff00000c9ba2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.844936] >fff00000c9ba2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.844979] ^ [ 32.845007] fff00000c9ba2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.845251] fff00000c9ba2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.845459] ==================================================================
[ 25.059442] ================================================================== [ 25.060687] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.061199] Free of addr ffff88810627c001 by task kunit_try_catch/292 [ 25.061493] [ 25.061886] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.062224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.062239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.062262] Call Trace: [ 25.062277] <TASK> [ 25.062311] dump_stack_lvl+0x73/0xb0 [ 25.062346] print_report+0xd1/0x610 [ 25.062370] ? __virt_addr_valid+0x1db/0x2d0 [ 25.062396] ? kasan_addr_to_slab+0x11/0xa0 [ 25.062416] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062441] kasan_report_invalid_free+0x10a/0x130 [ 25.062465] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062493] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062517] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.062541] mempool_free+0x2ec/0x380 [ 25.062566] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062600] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.062626] ? dequeue_entities+0x23f/0x1630 [ 25.062651] ? __kasan_check_write+0x18/0x20 [ 25.062674] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.062695] ? finish_task_switch.isra.0+0x153/0x700 [ 25.062721] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.062746] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.062772] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.062795] ? __pfx_mempool_kfree+0x10/0x10 [ 25.062818] ? __pfx_read_tsc+0x10/0x10 [ 25.062840] ? ktime_get_ts64+0x86/0x230 [ 25.062926] kunit_try_run_case+0x1a5/0x480 [ 25.062958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.062980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.063004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.063027] ? __kthread_parkme+0x82/0x180 [ 25.063048] ? preempt_count_sub+0x50/0x80 [ 25.063070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.063093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.063120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.063147] kthread+0x337/0x6f0 [ 25.063166] ? trace_preempt_on+0x20/0xc0 [ 25.063190] ? __pfx_kthread+0x10/0x10 [ 25.063210] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.063230] ? calculate_sigpending+0x7b/0xa0 [ 25.063255] ? __pfx_kthread+0x10/0x10 [ 25.063275] ret_from_fork+0x116/0x1d0 [ 25.063308] ? __pfx_kthread+0x10/0x10 [ 25.063328] ret_from_fork_asm+0x1a/0x30 [ 25.063360] </TASK> [ 25.063371] [ 25.077664] The buggy address belongs to the physical page: [ 25.078011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10627c [ 25.078374] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.079042] flags: 0x200000000000040(head|node=0|zone=2) [ 25.079484] page_type: f8(unknown) [ 25.079804] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.080505] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.081014] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.081460] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.082016] head: 0200000000000002 ffffea0004189f01 00000000ffffffff 00000000ffffffff [ 25.082592] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.083015] page dumped because: kasan: bad access detected [ 25.083435] [ 25.083525] Memory state around the buggy address: [ 25.084223] ffff88810627bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.084843] ffff88810627bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.085334] >ffff88810627c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.085725] ^ [ 25.086103] ffff88810627c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.086405] ffff88810627c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.086844] ================================================================== [ 25.031602] ================================================================== [ 25.032372] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.033146] Free of addr ffff88810611d601 by task kunit_try_catch/290 [ 25.033446] [ 25.033560] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.033803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.033818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.033842] Call Trace: [ 25.033857] <TASK> [ 25.033889] dump_stack_lvl+0x73/0xb0 [ 25.033928] print_report+0xd1/0x610 [ 25.033996] ? __virt_addr_valid+0x1db/0x2d0 [ 25.034023] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.034048] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034074] kasan_report_invalid_free+0x10a/0x130 [ 25.034099] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034125] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034149] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034172] check_slab_allocation+0x11f/0x130 [ 25.034194] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.034219] mempool_free+0x2ec/0x380 [ 25.034248] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034272] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.034308] ? dequeue_entities+0x23f/0x1630 [ 25.034332] ? __kasan_check_write+0x18/0x20 [ 25.034356] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.034377] ? finish_task_switch.isra.0+0x153/0x700 [ 25.034404] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.034427] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.034453] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.034475] ? __pfx_mempool_kfree+0x10/0x10 [ 25.034499] ? __pfx_read_tsc+0x10/0x10 [ 25.034524] ? ktime_get_ts64+0x86/0x230 [ 25.034550] kunit_try_run_case+0x1a5/0x480 [ 25.034577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034599] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.034623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.034646] ? __kthread_parkme+0x82/0x180 [ 25.034668] ? preempt_count_sub+0x50/0x80 [ 25.034689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.034738] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.034765] kthread+0x337/0x6f0 [ 25.034785] ? trace_preempt_on+0x20/0xc0 [ 25.034808] ? __pfx_kthread+0x10/0x10 [ 25.034828] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.034848] ? calculate_sigpending+0x7b/0xa0 [ 25.034888] ? __pfx_kthread+0x10/0x10 [ 25.034910] ret_from_fork+0x116/0x1d0 [ 25.034930] ? __pfx_kthread+0x10/0x10 [ 25.034950] ret_from_fork_asm+0x1a/0x30 [ 25.034982] </TASK> [ 25.034993] [ 25.045779] Allocated by task 290: [ 25.046113] kasan_save_stack+0x45/0x70 [ 25.046433] kasan_save_track+0x18/0x40 [ 25.046587] kasan_save_alloc_info+0x3b/0x50 [ 25.046817] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.047078] remove_element+0x11e/0x190 [ 25.047386] mempool_alloc_preallocated+0x4d/0x90 [ 25.047672] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.048067] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.048328] kunit_try_run_case+0x1a5/0x480 [ 25.048562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.048808] kthread+0x337/0x6f0 [ 25.048974] ret_from_fork+0x116/0x1d0 [ 25.049185] ret_from_fork_asm+0x1a/0x30 [ 25.049339] [ 25.049407] The buggy address belongs to the object at ffff88810611d600 [ 25.049407] which belongs to the cache kmalloc-128 of size 128 [ 25.049948] The buggy address is located 1 bytes inside of [ 25.049948] 128-byte region [ffff88810611d600, ffff88810611d680) [ 25.050450] [ 25.050519] The buggy address belongs to the physical page: [ 25.050762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 25.051729] flags: 0x200000000000000(node=0|zone=2) [ 25.052099] page_type: f5(slab) [ 25.052227] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.052467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.052758] page dumped because: kasan: bad access detected [ 25.053030] [ 25.053167] Memory state around the buggy address: [ 25.053408] ffff88810611d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.053865] ffff88810611d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.054281] >ffff88810611d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.054633] ^ [ 25.054756] ffff88810611d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.055054] ffff88810611d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.055563] ==================================================================