Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.484869] ================================================================== [ 32.485140] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.485205] Free of addr fff00000c9a95f01 by task kunit_try_catch/272 [ 32.485276] [ 32.485315] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 32.485683] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.485767] Hardware name: linux,dummy-virt (DT) [ 32.485809] Call trace: [ 32.485978] show_stack+0x20/0x38 (C) [ 32.486041] dump_stack_lvl+0x8c/0xd0 [ 32.486232] print_report+0x118/0x5e8 [ 32.486432] kasan_report_invalid_free+0xc0/0xe8 [ 32.486621] check_slab_allocation+0xfc/0x108 [ 32.486697] __kasan_mempool_poison_object+0x78/0x150 [ 32.487058] mempool_free+0x3f4/0x5f0 [ 32.487138] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.487295] mempool_kmalloc_invalid_free+0xc0/0x118 [ 32.487440] kunit_try_run_case+0x170/0x3f0 [ 32.487550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.487627] kthread+0x328/0x630 [ 32.487763] ret_from_fork+0x10/0x20 [ 32.487832] [ 32.487852] Allocated by task 272: [ 32.488024] kasan_save_stack+0x3c/0x68 [ 32.488220] kasan_save_track+0x20/0x40 [ 32.488283] kasan_save_alloc_info+0x40/0x58 [ 32.488421] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.488560] remove_element+0x130/0x1f8 [ 32.488665] mempool_alloc_preallocated+0x58/0xc0 [ 32.488708] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 32.488776] mempool_kmalloc_invalid_free+0xc0/0x118 [ 32.489160] kunit_try_run_case+0x170/0x3f0 [ 32.489222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.489350] kthread+0x328/0x630 [ 32.489430] ret_from_fork+0x10/0x20 [ 32.489583] [ 32.489652] The buggy address belongs to the object at fff00000c9a95f00 [ 32.489652] which belongs to the cache kmalloc-128 of size 128 [ 32.489891] The buggy address is located 1 bytes inside of [ 32.489891] 128-byte region [fff00000c9a95f00, fff00000c9a95f80) [ 32.489958] [ 32.489978] The buggy address belongs to the physical page: [ 32.490023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a95 [ 32.490223] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.490310] page_type: f5(slab) [ 32.490433] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.490538] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 32.490653] page dumped because: kasan: bad access detected [ 32.490735] [ 32.490802] Memory state around the buggy address: [ 32.490943] fff00000c9a95e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.490988] fff00000c9a95e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.491201] >fff00000c9a95f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.491372] ^ [ 32.491460] fff00000c9a95f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.491594] fff00000c9a96000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.491734] ================================================================== [ 32.499323] ================================================================== [ 32.499389] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.499444] Free of addr fff00000c9ba4001 by task kunit_try_catch/274 [ 32.499652] [ 32.500126] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 32.500241] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.500308] Hardware name: linux,dummy-virt (DT) [ 32.500345] Call trace: [ 32.500578] show_stack+0x20/0x38 (C) [ 32.500663] dump_stack_lvl+0x8c/0xd0 [ 32.500889] print_report+0x118/0x5e8 [ 32.500997] kasan_report_invalid_free+0xc0/0xe8 [ 32.501311] __kasan_mempool_poison_object+0xfc/0x150 [ 32.501636] mempool_free+0x3f4/0x5f0 [ 32.502125] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 32.502257] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 32.502351] kunit_try_run_case+0x170/0x3f0 [ 32.502501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.502635] kthread+0x328/0x630 [ 32.502704] ret_from_fork+0x10/0x20 [ 32.502839] [ 32.502895] The buggy address belongs to the physical page: [ 32.502999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ba4 [ 32.503079] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.503422] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.503520] page_type: f8(unknown) [ 32.503596] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.503706] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.503922] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.504119] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.504234] head: 0bfffe0000000002 ffffc1ffc326e901 00000000ffffffff 00000000ffffffff [ 32.504468] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.504653] page dumped because: kasan: bad access detected [ 32.504729] [ 32.504752] Memory state around the buggy address: [ 32.504822] fff00000c9ba3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.505001] fff00000c9ba3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.505227] >fff00000c9ba4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.505293] ^ [ 32.505324] fff00000c9ba4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.505376] fff00000c9ba4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.505417] ==================================================================
[ 26.837416] ================================================================== [ 26.837922] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.838294] Free of addr ffff888105890001 by task kunit_try_catch/291 [ 26.838586] [ 26.838692] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.838743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.838756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.838778] Call Trace: [ 26.838792] <TASK> [ 26.838809] dump_stack_lvl+0x73/0xb0 [ 26.838984] print_report+0xd1/0x640 [ 26.839017] ? __virt_addr_valid+0x1db/0x2d0 [ 26.839043] ? kasan_addr_to_slab+0x11/0xa0 [ 26.839063] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839090] kasan_report_invalid_free+0x10a/0x130 [ 26.839115] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839401] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839438] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.839494] mempool_free+0x490/0x640 [ 26.839522] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839548] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.839578] ? finish_task_switch.isra.0+0x153/0x700 [ 26.839603] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 26.839629] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.839657] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.839680] ? __pfx_mempool_kfree+0x10/0x10 [ 26.839705] ? __pfx_read_tsc+0x10/0x10 [ 26.839727] ? ktime_get_ts64+0x86/0x230 [ 26.839752] kunit_try_run_case+0x1a5/0x480 [ 26.839777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.839800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.839827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.839861] ? __kthread_parkme+0x82/0x180 [ 26.839881] ? preempt_count_sub+0x50/0x80 [ 26.839904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.839928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.839952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.839976] kthread+0x337/0x6f0 [ 26.839996] ? trace_preempt_on+0x20/0xc0 [ 26.840020] ? __pfx_kthread+0x10/0x10 [ 26.840041] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.840065] ? calculate_sigpending+0x7b/0xa0 [ 26.840089] ? __pfx_kthread+0x10/0x10 [ 26.840111] ret_from_fork+0x116/0x1d0 [ 26.840132] ? __pfx_kthread+0x10/0x10 [ 26.840291] ret_from_fork_asm+0x1a/0x30 [ 26.840326] </TASK> [ 26.840338] [ 26.853361] The buggy address belongs to the physical page: [ 26.853769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105890 [ 26.854251] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.854748] flags: 0x200000000000040(head|node=0|zone=2) [ 26.855101] page_type: f8(unknown) [ 26.855366] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.855923] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.856271] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.857053] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.857606] head: 0200000000000002 ffffea0004162401 00000000ffffffff 00000000ffffffff [ 26.858075] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.858717] page dumped because: kasan: bad access detected [ 26.859121] [ 26.859244] Memory state around the buggy address: [ 26.859687] ffff88810588ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.860366] ffff88810588ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.860952] >ffff888105890000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.861515] ^ [ 26.861861] ffff888105890080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.862194] ffff888105890100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.862798] ================================================================== [ 26.804631] ================================================================== [ 26.805135] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.805718] Free of addr ffff888106002101 by task kunit_try_catch/289 [ 26.806356] [ 26.806471] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.806522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.806536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.806672] Call Trace: [ 26.806688] <TASK> [ 26.806704] dump_stack_lvl+0x73/0xb0 [ 26.806735] print_report+0xd1/0x640 [ 26.806757] ? __virt_addr_valid+0x1db/0x2d0 [ 26.806783] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.806810] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.806851] kasan_report_invalid_free+0x10a/0x130 [ 26.807098] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807128] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807155] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807193] check_slab_allocation+0x11f/0x130 [ 26.807216] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.807241] mempool_free+0x490/0x640 [ 26.807268] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807293] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.807320] ? kasan_save_track+0x18/0x40 [ 26.807341] ? kasan_save_alloc_info+0x3b/0x50 [ 26.807365] ? kasan_save_stack+0x45/0x70 [ 26.807389] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.807413] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.807441] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.807510] ? __pfx_mempool_kfree+0x10/0x10 [ 26.807538] ? __pfx_read_tsc+0x10/0x10 [ 26.807560] ? ktime_get_ts64+0x86/0x230 [ 26.807585] kunit_try_run_case+0x1a5/0x480 [ 26.807610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.807633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.807659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.807686] ? __kthread_parkme+0x82/0x180 [ 26.807706] ? preempt_count_sub+0x50/0x80 [ 26.807729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.807753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.807778] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.807802] kthread+0x337/0x6f0 [ 26.807823] ? trace_preempt_on+0x20/0xc0 [ 26.807858] ? __pfx_kthread+0x10/0x10 [ 26.807878] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.807902] ? calculate_sigpending+0x7b/0xa0 [ 26.807925] ? __pfx_kthread+0x10/0x10 [ 26.807947] ret_from_fork+0x116/0x1d0 [ 26.807967] ? __pfx_kthread+0x10/0x10 [ 26.807988] ret_from_fork_asm+0x1a/0x30 [ 26.808019] </TASK> [ 26.808030] [ 26.820514] Allocated by task 289: [ 26.820709] kasan_save_stack+0x45/0x70 [ 26.820915] kasan_save_track+0x18/0x40 [ 26.821075] kasan_save_alloc_info+0x3b/0x50 [ 26.821613] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.821949] remove_element+0x11e/0x190 [ 26.822136] mempool_alloc_preallocated+0x4d/0x90 [ 26.822375] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 26.822923] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.823254] kunit_try_run_case+0x1a5/0x480 [ 26.823455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.823923] kthread+0x337/0x6f0 [ 26.824066] ret_from_fork+0x116/0x1d0 [ 26.824453] ret_from_fork_asm+0x1a/0x30 [ 26.824642] [ 26.824931] The buggy address belongs to the object at ffff888106002100 [ 26.824931] which belongs to the cache kmalloc-128 of size 128 [ 26.825666] The buggy address is located 1 bytes inside of [ 26.825666] 128-byte region [ffff888106002100, ffff888106002180) [ 26.826150] [ 26.826363] The buggy address belongs to the physical page: [ 26.826628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106002 [ 26.827356] flags: 0x200000000000000(node=0|zone=2) [ 26.827954] page_type: f5(slab) [ 26.828384] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.829311] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.830176] page dumped because: kasan: bad access detected [ 26.830362] [ 26.830429] Memory state around the buggy address: [ 26.830882] ffff888106002000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.831558] ffff888106002080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.832132] >ffff888106002100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.832361] ^ [ 26.832638] ffff888106002180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.833325] ffff888106002200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.834077] ==================================================================