Date
July 18, 2025, 1:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.714818] ================================================================== [ 33.715014] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.715185] Free of addr fff00000c3fedd01 by task kunit_try_catch/272 [ 33.715235] [ 33.715266] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 33.715350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.715601] Hardware name: linux,dummy-virt (DT) [ 33.715656] Call trace: [ 33.715934] show_stack+0x20/0x38 (C) [ 33.716026] dump_stack_lvl+0x8c/0xd0 [ 33.716147] print_report+0x118/0x5e8 [ 33.716234] kasan_report_invalid_free+0xc0/0xe8 [ 33.716311] check_slab_allocation+0xfc/0x108 [ 33.716610] __kasan_mempool_poison_object+0x78/0x150 [ 33.716782] mempool_free+0x28c/0x328 [ 33.716890] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.717263] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.717375] kunit_try_run_case+0x170/0x3f0 [ 33.717481] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.717607] kthread+0x328/0x630 [ 33.717795] ret_from_fork+0x10/0x20 [ 33.718025] [ 33.718114] Allocated by task 272: [ 33.718181] kasan_save_stack+0x3c/0x68 [ 33.718250] kasan_save_track+0x20/0x40 [ 33.718285] kasan_save_alloc_info+0x40/0x58 [ 33.718661] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.718754] remove_element+0x130/0x1f8 [ 33.718894] mempool_alloc_preallocated+0x58/0xc0 [ 33.718943] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 33.719269] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.719322] kunit_try_run_case+0x170/0x3f0 [ 33.719358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.719402] kthread+0x328/0x630 [ 33.719434] ret_from_fork+0x10/0x20 [ 33.719470] [ 33.719489] The buggy address belongs to the object at fff00000c3fedd00 [ 33.719489] which belongs to the cache kmalloc-128 of size 128 [ 33.719583] The buggy address is located 1 bytes inside of [ 33.719583] 128-byte region [fff00000c3fedd00, fff00000c3fedd80) [ 33.719643] [ 33.719662] The buggy address belongs to the physical page: [ 33.719704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fed [ 33.720179] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.720246] page_type: f5(slab) [ 33.720432] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.720531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.720884] page dumped because: kasan: bad access detected [ 33.721182] [ 33.721225] Memory state around the buggy address: [ 33.721261] fff00000c3fedc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.721507] fff00000c3fedc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.721656] >fff00000c3fedd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.721751] ^ [ 33.721864] fff00000c3fedd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.722247] fff00000c3fede00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.722333] ================================================================== [ 33.727634] ================================================================== [ 33.728153] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.728387] Free of addr fff00000c9bb8001 by task kunit_try_catch/274 [ 33.728460] [ 33.728500] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 33.728583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.728609] Hardware name: linux,dummy-virt (DT) [ 33.728641] Call trace: [ 33.728662] show_stack+0x20/0x38 (C) [ 33.728713] dump_stack_lvl+0x8c/0xd0 [ 33.728759] print_report+0x118/0x5e8 [ 33.728801] kasan_report_invalid_free+0xc0/0xe8 [ 33.729164] __kasan_mempool_poison_object+0xfc/0x150 [ 33.729262] mempool_free+0x28c/0x328 [ 33.729397] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.729554] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 33.729726] kunit_try_run_case+0x170/0x3f0 [ 33.729778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.730126] kthread+0x328/0x630 [ 33.730292] ret_from_fork+0x10/0x20 [ 33.730476] [ 33.730525] The buggy address belongs to the physical page: [ 33.730577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb8 [ 33.730933] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.731010] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.731420] page_type: f8(unknown) [ 33.731513] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.731583] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.731950] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.732035] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.732179] head: 0bfffe0000000002 ffffc1ffc326ee01 00000000ffffffff 00000000ffffffff [ 33.732275] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.732388] page dumped because: kasan: bad access detected [ 33.732449] [ 33.732504] Memory state around the buggy address: [ 33.732535] fff00000c9bb7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.732579] fff00000c9bb7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.732622] >fff00000c9bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.732912] ^ [ 33.733076] fff00000c9bb8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.733151] fff00000c9bb8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.733266] ==================================================================
[ 26.611513] ================================================================== [ 26.612158] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.612532] Free of addr ffff88810622c001 by task kunit_try_catch/291 [ 26.612802] [ 26.612912] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 26.612964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.612977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.613000] Call Trace: [ 26.613014] <TASK> [ 26.613031] dump_stack_lvl+0x73/0xb0 [ 26.613064] print_report+0xd1/0x640 [ 26.613088] ? __virt_addr_valid+0x1db/0x2d0 [ 26.613114] ? kasan_addr_to_slab+0x11/0xa0 [ 26.613134] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.613159] kasan_report_invalid_free+0x10a/0x130 [ 26.613182] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.613209] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.613232] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.613256] mempool_free+0x2ec/0x380 [ 26.613295] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.613321] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.613346] ? dequeue_entities+0x23f/0x1630 [ 26.613370] ? __kasan_check_write+0x18/0x20 [ 26.613394] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.613416] ? finish_task_switch.isra.0+0x153/0x700 [ 26.613442] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 26.613466] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.613493] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.613516] ? __pfx_mempool_kfree+0x10/0x10 [ 26.613540] ? __pfx_read_tsc+0x10/0x10 [ 26.613562] ? ktime_get_ts64+0x86/0x230 [ 26.613588] kunit_try_run_case+0x1a5/0x480 [ 26.613613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.613635] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.613671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.613703] ? __kthread_parkme+0x82/0x180 [ 26.613724] ? preempt_count_sub+0x50/0x80 [ 26.613745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.613768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.613791] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.613813] kthread+0x337/0x6f0 [ 26.613832] ? trace_preempt_on+0x20/0xc0 [ 26.613856] ? __pfx_kthread+0x10/0x10 [ 26.613876] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.613907] ? calculate_sigpending+0x7b/0xa0 [ 26.613930] ? __pfx_kthread+0x10/0x10 [ 26.613951] ret_from_fork+0x116/0x1d0 [ 26.613970] ? __pfx_kthread+0x10/0x10 [ 26.613989] ret_from_fork_asm+0x1a/0x30 [ 26.614020] </TASK> [ 26.614033] [ 26.623628] The buggy address belongs to the physical page: [ 26.624004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 26.625244] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.626161] flags: 0x200000000000040(head|node=0|zone=2) [ 26.626606] page_type: f8(unknown) [ 26.626749] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.627611] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.628539] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.629124] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.629370] head: 0200000000000002 ffffea0004188b01 00000000ffffffff 00000000ffffffff [ 26.629588] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.629800] page dumped because: kasan: bad access detected [ 26.629959] [ 26.630021] Memory state around the buggy address: [ 26.630167] ffff88810622bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.630381] ffff88810622bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.630584] >ffff88810622c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.630791] ^ [ 26.630900] ffff88810622c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.631101] ffff88810622c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.631699] ================================================================== [ 26.580592] ================================================================== [ 26.581201] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.581662] Free of addr ffff888102b06f01 by task kunit_try_catch/289 [ 26.581919] [ 26.582029] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 26.582081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.582093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.582117] Call Trace: [ 26.582129] <TASK> [ 26.582148] dump_stack_lvl+0x73/0xb0 [ 26.582181] print_report+0xd1/0x640 [ 26.582306] ? __virt_addr_valid+0x1db/0x2d0 [ 26.582337] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.582363] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.582387] kasan_report_invalid_free+0x10a/0x130 [ 26.582411] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.582438] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.582461] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.582484] check_slab_allocation+0x11f/0x130 [ 26.582506] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.582529] mempool_free+0x2ec/0x380 [ 26.582556] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.582580] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.582605] ? update_load_avg+0x1be/0x21b0 [ 26.582631] ? finish_task_switch.isra.0+0x153/0x700 [ 26.582663] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.582686] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.582712] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.582733] ? __pfx_mempool_kfree+0x10/0x10 [ 26.582757] ? __pfx_read_tsc+0x10/0x10 [ 26.582779] ? ktime_get_ts64+0x86/0x230 [ 26.582804] kunit_try_run_case+0x1a5/0x480 [ 26.582831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.582854] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.582879] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.582953] ? __kthread_parkme+0x82/0x180 [ 26.582989] ? preempt_count_sub+0x50/0x80 [ 26.583011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.583034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.583057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.583079] kthread+0x337/0x6f0 [ 26.583099] ? trace_preempt_on+0x20/0xc0 [ 26.583122] ? __pfx_kthread+0x10/0x10 [ 26.583142] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.583165] ? calculate_sigpending+0x7b/0xa0 [ 26.583188] ? __pfx_kthread+0x10/0x10 [ 26.583208] ret_from_fork+0x116/0x1d0 [ 26.583227] ? __pfx_kthread+0x10/0x10 [ 26.583247] ret_from_fork_asm+0x1a/0x30 [ 26.583296] </TASK> [ 26.583307] [ 26.594949] Allocated by task 289: [ 26.595140] kasan_save_stack+0x45/0x70 [ 26.595365] kasan_save_track+0x18/0x40 [ 26.595528] kasan_save_alloc_info+0x3b/0x50 [ 26.595725] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.595946] remove_element+0x11e/0x190 [ 26.596119] mempool_alloc_preallocated+0x4d/0x90 [ 26.596872] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 26.597095] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.597598] kunit_try_run_case+0x1a5/0x480 [ 26.598036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.598239] kthread+0x337/0x6f0 [ 26.598558] ret_from_fork+0x116/0x1d0 [ 26.598914] ret_from_fork_asm+0x1a/0x30 [ 26.599188] [ 26.599285] The buggy address belongs to the object at ffff888102b06f00 [ 26.599285] which belongs to the cache kmalloc-128 of size 128 [ 26.599933] The buggy address is located 1 bytes inside of [ 26.599933] 128-byte region [ffff888102b06f00, ffff888102b06f80) [ 26.600548] [ 26.600644] The buggy address belongs to the physical page: [ 26.600874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b06 [ 26.601220] flags: 0x200000000000000(node=0|zone=2) [ 26.602003] page_type: f5(slab) [ 26.602161] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.602674] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 26.603152] page dumped because: kasan: bad access detected [ 26.603521] [ 26.603606] Memory state around the buggy address: [ 26.604015] ffff888102b06e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.604330] ffff888102b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.604641] >ffff888102b06f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.604940] ^ [ 26.605092] ffff888102b06f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.605921] ffff888102b07000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.606415] ==================================================================