Date
July 1, 2025, 12:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.596569] ================================================================== [ 19.596835] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.597075] Free of addr fff00000c79f0501 by task kunit_try_catch/241 [ 19.597118] [ 19.597155] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.597239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.597267] Hardware name: linux,dummy-virt (DT) [ 19.597309] Call trace: [ 19.597429] show_stack+0x20/0x38 (C) [ 19.597494] dump_stack_lvl+0x8c/0xd0 [ 19.597545] print_report+0x118/0x608 [ 19.597593] kasan_report_invalid_free+0xc0/0xe8 [ 19.597641] check_slab_allocation+0xfc/0x108 [ 19.597690] __kasan_mempool_poison_object+0x78/0x150 [ 19.597741] mempool_free+0x28c/0x328 [ 19.597785] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.597837] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.597885] kunit_try_run_case+0x170/0x3f0 [ 19.597935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.597986] kthread+0x328/0x630 [ 19.598028] ret_from_fork+0x10/0x20 [ 19.598074] [ 19.598092] Allocated by task 241: [ 19.598121] kasan_save_stack+0x3c/0x68 [ 19.598160] kasan_save_track+0x20/0x40 [ 19.598198] kasan_save_alloc_info+0x40/0x58 [ 19.598236] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.598279] remove_element+0x130/0x1f8 [ 19.598313] mempool_alloc_preallocated+0x58/0xc0 [ 19.598352] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.598395] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.598441] kunit_try_run_case+0x170/0x3f0 [ 19.598489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.598532] kthread+0x328/0x630 [ 19.598562] ret_from_fork+0x10/0x20 [ 19.598599] [ 19.598617] The buggy address belongs to the object at fff00000c79f0500 [ 19.598617] which belongs to the cache kmalloc-128 of size 128 [ 19.598697] The buggy address is located 1 bytes inside of [ 19.598697] 128-byte region [fff00000c79f0500, fff00000c79f0580) [ 19.598760] [ 19.598792] The buggy address belongs to the physical page: [ 19.598825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 19.598889] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.598952] page_type: f5(slab) [ 19.598993] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.599053] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.599109] page dumped because: kasan: bad access detected [ 19.599232] [ 19.599250] Memory state around the buggy address: [ 19.599285] fff00000c79f0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.599331] fff00000c79f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.599376] >fff00000c79f0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.599417] ^ [ 19.599672] fff00000c79f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.599723] fff00000c79f0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.599764] ================================================================== [ 19.606836] ================================================================== [ 19.606897] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.606960] Free of addr fff00000c79b8001 by task kunit_try_catch/243 [ 19.607021] [ 19.607053] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.607134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.607163] Hardware name: linux,dummy-virt (DT) [ 19.607206] Call trace: [ 19.607228] show_stack+0x20/0x38 (C) [ 19.607291] dump_stack_lvl+0x8c/0xd0 [ 19.607339] print_report+0x118/0x608 [ 19.607386] kasan_report_invalid_free+0xc0/0xe8 [ 19.607621] __kasan_mempool_poison_object+0xfc/0x150 [ 19.607675] mempool_free+0x28c/0x328 [ 19.607719] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.607771] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.607823] kunit_try_run_case+0x170/0x3f0 [ 19.607880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.608043] kthread+0x328/0x630 [ 19.608086] ret_from_fork+0x10/0x20 [ 19.608132] [ 19.608154] The buggy address belongs to the physical page: [ 19.608195] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079b8 [ 19.608264] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.608314] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.608368] page_type: f8(unknown) [ 19.608407] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.608474] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.608524] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.608688] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.608792] head: 0bfffe0000000002 ffffc1ffc31e6e01 00000000ffffffff 00000000ffffffff [ 19.608922] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.609078] page dumped because: kasan: bad access detected [ 19.609110] [ 19.609127] Memory state around the buggy address: [ 19.609166] fff00000c79b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.609217] fff00000c79b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.609399] >fff00000c79b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.609441] ^ [ 19.609477] fff00000c79b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.609522] fff00000c79b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.609589] ==================================================================
[ 13.139268] ================================================================== [ 13.139772] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.140173] Free of addr ffff888103917201 by task kunit_try_catch/258 [ 13.140609] [ 13.140722] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.140766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.140778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.140799] Call Trace: [ 13.140810] <TASK> [ 13.140826] dump_stack_lvl+0x73/0xb0 [ 13.140854] print_report+0xd1/0x650 [ 13.140876] ? __virt_addr_valid+0x1db/0x2d0 [ 13.140901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.140923] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.140948] kasan_report_invalid_free+0x10a/0x130 [ 13.140972] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.140998] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.141021] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.141099] check_slab_allocation+0x11f/0x130 [ 13.141120] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.141144] mempool_free+0x2ec/0x380 [ 13.141167] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.141192] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.141216] ? update_load_avg+0x1be/0x21b0 [ 13.141240] ? update_load_avg+0x1be/0x21b0 [ 13.141261] ? update_curr+0x80/0x810 [ 13.141283] ? finish_task_switch.isra.0+0x153/0x700 [ 13.141307] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.141329] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.141355] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.141377] ? __pfx_mempool_kfree+0x10/0x10 [ 13.141401] ? __pfx_read_tsc+0x10/0x10 [ 13.141422] ? ktime_get_ts64+0x86/0x230 [ 13.141445] kunit_try_run_case+0x1a5/0x480 [ 13.141469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.141491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.141513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.141535] ? __kthread_parkme+0x82/0x180 [ 13.141556] ? preempt_count_sub+0x50/0x80 [ 13.141578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.141602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.141626] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.141650] kthread+0x337/0x6f0 [ 13.141670] ? trace_preempt_on+0x20/0xc0 [ 13.141694] ? __pfx_kthread+0x10/0x10 [ 13.141714] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.141734] ? calculate_sigpending+0x7b/0xa0 [ 13.141758] ? __pfx_kthread+0x10/0x10 [ 13.141779] ret_from_fork+0x116/0x1d0 [ 13.141797] ? __pfx_kthread+0x10/0x10 [ 13.141816] ret_from_fork_asm+0x1a/0x30 [ 13.141846] </TASK> [ 13.141858] [ 13.154278] Allocated by task 258: [ 13.154481] kasan_save_stack+0x45/0x70 [ 13.154684] kasan_save_track+0x18/0x40 [ 13.154904] kasan_save_alloc_info+0x3b/0x50 [ 13.155163] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.155334] remove_element+0x11e/0x190 [ 13.155469] mempool_alloc_preallocated+0x4d/0x90 [ 13.155802] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.156205] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.156521] kunit_try_run_case+0x1a5/0x480 [ 13.156695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.156871] kthread+0x337/0x6f0 [ 13.157099] ret_from_fork+0x116/0x1d0 [ 13.157620] ret_from_fork_asm+0x1a/0x30 [ 13.157829] [ 13.157926] The buggy address belongs to the object at ffff888103917200 [ 13.157926] which belongs to the cache kmalloc-128 of size 128 [ 13.158527] The buggy address is located 1 bytes inside of [ 13.158527] 128-byte region [ffff888103917200, ffff888103917280) [ 13.159079] [ 13.159231] The buggy address belongs to the physical page: [ 13.159478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103917 [ 13.159823] flags: 0x200000000000000(node=0|zone=2) [ 13.160098] page_type: f5(slab) [ 13.160301] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.160622] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.160983] page dumped because: kasan: bad access detected [ 13.161289] [ 13.161392] Memory state around the buggy address: [ 13.161548] ffff888103917100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.161762] ffff888103917180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.162376] >ffff888103917200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.162956] ^ [ 13.163154] ffff888103917280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.163752] ffff888103917300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.164227] ================================================================== [ 13.167590] ================================================================== [ 13.168103] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.168630] Free of addr ffff8881029d4001 by task kunit_try_catch/260 [ 13.168905] [ 13.169000] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.169076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.169089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.169111] Call Trace: [ 13.169122] <TASK> [ 13.169138] dump_stack_lvl+0x73/0xb0 [ 13.169165] print_report+0xd1/0x650 [ 13.169186] ? __virt_addr_valid+0x1db/0x2d0 [ 13.169208] ? kasan_addr_to_slab+0x11/0xa0 [ 13.169227] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.169253] kasan_report_invalid_free+0x10a/0x130 [ 13.169276] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.169303] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.169327] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.169350] mempool_free+0x2ec/0x380 [ 13.169371] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.169396] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.169421] ? __kasan_check_write+0x18/0x20 [ 13.169440] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.169461] ? finish_task_switch.isra.0+0x153/0x700 [ 13.169486] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.169510] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.169537] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.169560] ? __pfx_mempool_kfree+0x10/0x10 [ 13.169584] ? __pfx_read_tsc+0x10/0x10 [ 13.169604] ? ktime_get_ts64+0x86/0x230 [ 13.169626] kunit_try_run_case+0x1a5/0x480 [ 13.169650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.169672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.169694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.169716] ? __kthread_parkme+0x82/0x180 [ 13.169735] ? preempt_count_sub+0x50/0x80 [ 13.169757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.169780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.169802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.169825] kthread+0x337/0x6f0 [ 13.169843] ? trace_preempt_on+0x20/0xc0 [ 13.169865] ? __pfx_kthread+0x10/0x10 [ 13.169885] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.169905] ? calculate_sigpending+0x7b/0xa0 [ 13.169928] ? __pfx_kthread+0x10/0x10 [ 13.169947] ret_from_fork+0x116/0x1d0 [ 13.169964] ? __pfx_kthread+0x10/0x10 [ 13.169983] ret_from_fork_asm+0x1a/0x30 [ 13.170013] </TASK> [ 13.170023] [ 13.179270] The buggy address belongs to the physical page: [ 13.179510] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d4 [ 13.179844] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.180336] flags: 0x200000000000040(head|node=0|zone=2) [ 13.180548] page_type: f8(unknown) [ 13.180675] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.180907] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.181260] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.181672] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.182234] head: 0200000000000002 ffffea00040a7501 00000000ffffffff 00000000ffffffff [ 13.182487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.182757] page dumped because: kasan: bad access detected [ 13.183009] [ 13.183161] Memory state around the buggy address: [ 13.183391] ffff8881029d3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183682] ffff8881029d3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183963] >ffff8881029d4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.184350] ^ [ 13.184496] ffff8881029d4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.184756] ffff8881029d4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.185056] ==================================================================