Date
July 24, 2025, 4:41 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.697603] ================================================================== [ 34.697681] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 34.697770] Free of addr fff00000c9bc8001 by task kunit_try_catch/274 [ 34.697814] [ 34.697958] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 34.698140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.698175] Hardware name: linux,dummy-virt (DT) [ 34.698226] Call trace: [ 34.698271] show_stack+0x20/0x38 (C) [ 34.698354] dump_stack_lvl+0x8c/0xd0 [ 34.698421] print_report+0x118/0x5e8 [ 34.698467] kasan_report_invalid_free+0xc0/0xe8 [ 34.698531] __kasan_mempool_poison_object+0xfc/0x150 [ 34.698786] mempool_free+0x3f4/0x5f0 [ 34.698902] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 34.698959] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 34.699080] kunit_try_run_case+0x170/0x3f0 [ 34.699128] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.699195] kthread+0x328/0x630 [ 34.699238] ret_from_fork+0x10/0x20 [ 34.699287] [ 34.699309] The buggy address belongs to the physical page: [ 34.699390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc8 [ 34.699448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.699612] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.699715] page_type: f8(unknown) [ 34.699854] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.699981] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.700082] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.700215] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.700294] head: 0bfffe0000000002 ffffc1ffc326f201 00000000ffffffff 00000000ffffffff [ 34.700343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.700664] page dumped because: kasan: bad access detected [ 34.700801] [ 34.700905] Memory state around the buggy address: [ 34.700984] fff00000c9bc7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.701057] fff00000c9bc7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.701204] >fff00000c9bc8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.701291] ^ [ 34.701356] fff00000c9bc8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.701445] fff00000c9bc8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.701534] ================================================================== [ 34.684942] ================================================================== [ 34.685028] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 34.685115] Free of addr fff00000c4564f01 by task kunit_try_catch/272 [ 34.685167] [ 34.685208] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 34.685298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.685327] Hardware name: linux,dummy-virt (DT) [ 34.685366] Call trace: [ 34.685391] show_stack+0x20/0x38 (C) [ 34.685454] dump_stack_lvl+0x8c/0xd0 [ 34.685503] print_report+0x118/0x5e8 [ 34.685547] kasan_report_invalid_free+0xc0/0xe8 [ 34.685604] check_slab_allocation+0xfc/0x108 [ 34.685654] __kasan_mempool_poison_object+0x78/0x150 [ 34.685701] mempool_free+0x3f4/0x5f0 [ 34.686593] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 34.686679] mempool_kmalloc_invalid_free+0xc0/0x118 [ 34.686989] kunit_try_run_case+0x170/0x3f0 [ 34.687063] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.687118] kthread+0x328/0x630 [ 34.687160] ret_from_fork+0x10/0x20 [ 34.687211] [ 34.687230] Allocated by task 272: [ 34.687258] kasan_save_stack+0x3c/0x68 [ 34.687298] kasan_save_track+0x20/0x40 [ 34.687334] kasan_save_alloc_info+0x40/0x58 [ 34.687371] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.687412] remove_element+0x130/0x1f8 [ 34.687449] mempool_alloc_preallocated+0x58/0xc0 [ 34.687489] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 34.687533] mempool_kmalloc_invalid_free+0xc0/0x118 [ 34.687576] kunit_try_run_case+0x170/0x3f0 [ 34.687614] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.687656] kthread+0x328/0x630 [ 34.687688] ret_from_fork+0x10/0x20 [ 34.687723] [ 34.687744] The buggy address belongs to the object at fff00000c4564f00 [ 34.687744] which belongs to the cache kmalloc-128 of size 128 [ 34.687823] The buggy address is located 1 bytes inside of [ 34.687823] 128-byte region [fff00000c4564f00, fff00000c4564f80) [ 34.687883] [ 34.687905] The buggy address belongs to the physical page: [ 34.687946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104564 [ 34.688001] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.688054] page_type: f5(slab) [ 34.688095] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 34.688511] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 34.688617] page dumped because: kasan: bad access detected [ 34.688677] [ 34.688699] Memory state around the buggy address: [ 34.688733] fff00000c4564e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.688793] fff00000c4564e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.688838] >fff00000c4564f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.688875] ^ [ 34.688905] fff00000c4564f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.689344] fff00000c4565000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.689499] ==================================================================
[ 28.624110] ================================================================== [ 28.624502] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.624779] Free of addr ffff888105635001 by task kunit_try_catch/289 [ 28.625117] [ 28.625403] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.625460] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.625475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.625498] Call Trace: [ 28.625510] <TASK> [ 28.625529] dump_stack_lvl+0x73/0xb0 [ 28.625558] print_report+0xd1/0x640 [ 28.625594] ? __virt_addr_valid+0x1db/0x2d0 [ 28.625622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.625648] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625674] kasan_report_invalid_free+0x10a/0x130 [ 28.625699] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625726] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625752] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625776] check_slab_allocation+0x11f/0x130 [ 28.625798] __kasan_mempool_poison_object+0x91/0x1d0 [ 28.625821] mempool_free+0x490/0x640 [ 28.625848] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625872] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.625898] ? ret_from_fork+0x116/0x1d0 [ 28.625972] ? kthread+0x337/0x6f0 [ 28.626005] ? ret_from_fork_asm+0x1a/0x30 [ 28.626053] ? mempool_alloc_preallocated+0x5b/0x90 [ 28.626080] mempool_kmalloc_invalid_free+0xed/0x140 [ 28.626106] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 28.626131] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.626153] ? __pfx_mempool_kfree+0x10/0x10 [ 28.626177] ? __pfx_read_tsc+0x10/0x10 [ 28.626200] ? ktime_get_ts64+0x86/0x230 [ 28.626226] kunit_try_run_case+0x1a5/0x480 [ 28.626252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.626274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.626300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.626324] ? __kthread_parkme+0x82/0x180 [ 28.626343] ? preempt_count_sub+0x50/0x80 [ 28.626366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.626390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.626413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.626436] kthread+0x337/0x6f0 [ 28.626455] ? trace_preempt_on+0x20/0xc0 [ 28.626478] ? __pfx_kthread+0x10/0x10 [ 28.626497] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.626521] ? calculate_sigpending+0x7b/0xa0 [ 28.626544] ? __pfx_kthread+0x10/0x10 [ 28.626565] ret_from_fork+0x116/0x1d0 [ 28.626592] ? __pfx_kthread+0x10/0x10 [ 28.626613] ret_from_fork_asm+0x1a/0x30 [ 28.626642] </TASK> [ 28.626654] [ 28.639420] Allocated by task 289: [ 28.639601] kasan_save_stack+0x45/0x70 [ 28.639748] kasan_save_track+0x18/0x40 [ 28.639881] kasan_save_alloc_info+0x3b/0x50 [ 28.640027] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.640209] remove_element+0x11e/0x190 [ 28.640488] mempool_alloc_preallocated+0x4d/0x90 [ 28.640793] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 28.641053] mempool_kmalloc_invalid_free+0xed/0x140 [ 28.641503] kunit_try_run_case+0x1a5/0x480 [ 28.641896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.642564] kthread+0x337/0x6f0 [ 28.643079] ret_from_fork+0x116/0x1d0 [ 28.643267] ret_from_fork_asm+0x1a/0x30 [ 28.643445] [ 28.643532] The buggy address belongs to the object at ffff888105635000 [ 28.643532] which belongs to the cache kmalloc-128 of size 128 [ 28.644778] The buggy address is located 1 bytes inside of [ 28.644778] 128-byte region [ffff888105635000, ffff888105635080) [ 28.645762] [ 28.645924] The buggy address belongs to the physical page: [ 28.646404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 28.646758] flags: 0x200000000000000(node=0|zone=2) [ 28.647361] page_type: f5(slab) [ 28.647692] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.648771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.649228] page dumped because: kasan: bad access detected [ 28.649465] [ 28.649551] Memory state around the buggy address: [ 28.649721] ffff888105634f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.650052] ffff888105634f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.650587] >ffff888105635000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.650869] ^ [ 28.651500] ffff888105635080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.651985] ffff888105635100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.652285] ================================================================== [ 28.655468] ================================================================== [ 28.655940] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.656624] Free of addr ffff888104980001 by task kunit_try_catch/291 [ 28.657294] [ 28.657535] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.657616] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.657630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.657653] Call Trace: [ 28.657665] <TASK> [ 28.657684] dump_stack_lvl+0x73/0xb0 [ 28.657744] print_report+0xd1/0x640 [ 28.657769] ? __virt_addr_valid+0x1db/0x2d0 [ 28.657806] ? kasan_addr_to_slab+0x11/0xa0 [ 28.657827] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.657852] kasan_report_invalid_free+0x10a/0x130 [ 28.657876] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.657905] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.657928] __kasan_mempool_poison_object+0x102/0x1d0 [ 28.657952] mempool_free+0x490/0x640 [ 28.657980] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.658004] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.658030] ? dequeue_entities+0x23f/0x1630 [ 28.658054] ? __kasan_check_write+0x18/0x20 [ 28.658077] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.658097] ? finish_task_switch.isra.0+0x153/0x700 [ 28.658122] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 28.658146] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 28.658173] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.658195] ? __pfx_mempool_kfree+0x10/0x10 [ 28.658218] ? __pfx_read_tsc+0x10/0x10 [ 28.658240] ? ktime_get_ts64+0x86/0x230 [ 28.658264] kunit_try_run_case+0x1a5/0x480 [ 28.658290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.658313] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.658339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.658363] ? __kthread_parkme+0x82/0x180 [ 28.658383] ? preempt_count_sub+0x50/0x80 [ 28.658404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.658429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.658453] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.658475] kthread+0x337/0x6f0 [ 28.658495] ? trace_preempt_on+0x20/0xc0 [ 28.658519] ? __pfx_kthread+0x10/0x10 [ 28.658539] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.658562] ? calculate_sigpending+0x7b/0xa0 [ 28.658598] ? __pfx_kthread+0x10/0x10 [ 28.658620] ret_from_fork+0x116/0x1d0 [ 28.658640] ? __pfx_kthread+0x10/0x10 [ 28.658661] ret_from_fork_asm+0x1a/0x30 [ 28.658694] </TASK> [ 28.658706] [ 28.672749] The buggy address belongs to the physical page: [ 28.673437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104980 [ 28.673735] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.674478] flags: 0x200000000000040(head|node=0|zone=2) [ 28.674993] page_type: f8(unknown) [ 28.675407] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.676007] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.676237] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.676464] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.676719] head: 0200000000000002 ffffea0004126001 00000000ffffffff 00000000ffffffff [ 28.677026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.677391] page dumped because: kasan: bad access detected [ 28.677651] [ 28.677740] Memory state around the buggy address: [ 28.677986] ffff88810497ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.678265] ffff88810497ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.678514] >ffff888104980000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.678827] ^ [ 28.679031] ffff888104980080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.679285] ffff888104980100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.679553] ==================================================================