Date
July 1, 2025, 3:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.078637] ================================================================== [ 19.078716] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.078783] Free of addr fff00000c7bc8001 by task kunit_try_catch/244 [ 19.078826] [ 19.079057] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.079217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.079261] Hardware name: linux,dummy-virt (DT) [ 19.079330] Call trace: [ 19.079368] show_stack+0x20/0x38 (C) [ 19.079656] dump_stack_lvl+0x8c/0xd0 [ 19.079726] print_report+0x118/0x608 [ 19.079785] kasan_report_invalid_free+0xc0/0xe8 [ 19.079838] __kasan_mempool_poison_object+0xfc/0x150 [ 19.079930] mempool_free+0x28c/0x328 [ 19.079995] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.080050] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.080245] kunit_try_run_case+0x170/0x3f0 [ 19.080299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.080361] kthread+0x328/0x630 [ 19.080730] ret_from_fork+0x10/0x20 [ 19.080831] [ 19.080862] The buggy address belongs to the physical page: [ 19.080935] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107bc8 [ 19.081032] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.081133] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.081199] page_type: f8(unknown) [ 19.081242] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.081297] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.081716] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.081884] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.082041] head: 0bfffe0000000002 ffffc1ffc31ef201 00000000ffffffff 00000000ffffffff [ 19.082117] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.082334] page dumped because: kasan: bad access detected [ 19.082401] [ 19.082419] Memory state around the buggy address: [ 19.082700] fff00000c7bc7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.082793] fff00000c7bc7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.082868] >fff00000c7bc8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.083040] ^ [ 19.083217] fff00000c7bc8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.083305] fff00000c7bc8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.083622] ================================================================== [ 19.059682] ================================================================== [ 19.059753] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.059902] Free of addr fff00000c57ee201 by task kunit_try_catch/242 [ 19.059958] [ 19.060022] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.060106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.060393] Hardware name: linux,dummy-virt (DT) [ 19.060498] Call trace: [ 19.060523] show_stack+0x20/0x38 (C) [ 19.060648] dump_stack_lvl+0x8c/0xd0 [ 19.060703] print_report+0x118/0x608 [ 19.060810] kasan_report_invalid_free+0xc0/0xe8 [ 19.060867] check_slab_allocation+0xfc/0x108 [ 19.061014] __kasan_mempool_poison_object+0x78/0x150 [ 19.061073] mempool_free+0x28c/0x328 [ 19.061117] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.061528] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.061622] kunit_try_run_case+0x170/0x3f0 [ 19.061772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.061860] kthread+0x328/0x630 [ 19.062043] ret_from_fork+0x10/0x20 [ 19.062358] [ 19.062430] Allocated by task 242: [ 19.062677] kasan_save_stack+0x3c/0x68 [ 19.062891] kasan_save_track+0x20/0x40 [ 19.062951] kasan_save_alloc_info+0x40/0x58 [ 19.063261] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.063343] remove_element+0x130/0x1f8 [ 19.063521] mempool_alloc_preallocated+0x58/0xc0 [ 19.063613] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.063717] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.063785] kunit_try_run_case+0x170/0x3f0 [ 19.064120] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.064247] kthread+0x328/0x630 [ 19.064420] ret_from_fork+0x10/0x20 [ 19.064630] [ 19.064719] The buggy address belongs to the object at fff00000c57ee200 [ 19.064719] which belongs to the cache kmalloc-128 of size 128 [ 19.064785] The buggy address is located 1 bytes inside of [ 19.064785] 128-byte region [fff00000c57ee200, fff00000c57ee280) [ 19.065113] [ 19.065205] The buggy address belongs to the physical page: [ 19.065339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 19.065537] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.065641] page_type: f5(slab) [ 19.065874] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.066076] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.066229] page dumped because: kasan: bad access detected [ 19.066290] [ 19.066309] Memory state around the buggy address: [ 19.066509] fff00000c57ee100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.066718] fff00000c57ee180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.066783] >fff00000c57ee200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.066919] ^ [ 19.067030] fff00000c57ee280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.067255] fff00000c57ee300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.067315] ==================================================================
[ 13.394238] ================================================================== [ 13.394933] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.395539] Free of addr ffff8881039c8001 by task kunit_try_catch/260 [ 13.395848] [ 13.396129] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.396189] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.396202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.396224] Call Trace: [ 13.396237] <TASK> [ 13.396256] dump_stack_lvl+0x73/0xb0 [ 13.396287] print_report+0xd1/0x650 [ 13.396310] ? __virt_addr_valid+0x1db/0x2d0 [ 13.396470] ? kasan_addr_to_slab+0x11/0xa0 [ 13.396499] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.396552] kasan_report_invalid_free+0x10a/0x130 [ 13.396576] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.396605] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.396629] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.396711] mempool_free+0x2ec/0x380 [ 13.396759] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.396786] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.396810] ? update_load_avg+0x1be/0x21b0 [ 13.396836] ? finish_task_switch.isra.0+0x153/0x700 [ 13.396861] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.396885] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.396911] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.396935] ? __pfx_mempool_kfree+0x10/0x10 [ 13.396959] ? __pfx_read_tsc+0x10/0x10 [ 13.396980] ? ktime_get_ts64+0x86/0x230 [ 13.397003] kunit_try_run_case+0x1a5/0x480 [ 13.397041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.397063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.397087] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.397110] ? __kthread_parkme+0x82/0x180 [ 13.397131] ? preempt_count_sub+0x50/0x80 [ 13.397153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.397176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.397199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.397221] kthread+0x337/0x6f0 [ 13.397240] ? trace_preempt_on+0x20/0xc0 [ 13.397264] ? __pfx_kthread+0x10/0x10 [ 13.397283] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.397304] ? calculate_sigpending+0x7b/0xa0 [ 13.397327] ? __pfx_kthread+0x10/0x10 [ 13.397348] ret_from_fork+0x116/0x1d0 [ 13.397366] ? __pfx_kthread+0x10/0x10 [ 13.397385] ret_from_fork_asm+0x1a/0x30 [ 13.397416] </TASK> [ 13.397428] [ 13.407186] The buggy address belongs to the physical page: [ 13.407478] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 13.407927] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.408320] flags: 0x200000000000040(head|node=0|zone=2) [ 13.408579] page_type: f8(unknown) [ 13.408750] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.409098] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.409321] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.409833] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.410221] head: 0200000000000002 ffffea00040e7201 00000000ffffffff 00000000ffffffff [ 13.410588] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.411075] page dumped because: kasan: bad access detected [ 13.411312] [ 13.411411] Memory state around the buggy address: [ 13.411627] ffff8881039c7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.411954] ffff8881039c7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.412301] >ffff8881039c8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.412769] ^ [ 13.413055] ffff8881039c8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.413333] ffff8881039c8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.413670] ================================================================== [ 13.367056] ================================================================== [ 13.367593] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.368040] Free of addr ffff8881027e1501 by task kunit_try_catch/258 [ 13.368537] [ 13.368638] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.368703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.368715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.368738] Call Trace: [ 13.368765] <TASK> [ 13.368963] dump_stack_lvl+0x73/0xb0 [ 13.368998] print_report+0xd1/0x650 [ 13.369035] ? __virt_addr_valid+0x1db/0x2d0 [ 13.369084] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.369107] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.369132] kasan_report_invalid_free+0x10a/0x130 [ 13.369157] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.369183] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.369206] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.369229] check_slab_allocation+0x11f/0x130 [ 13.369268] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.369291] mempool_free+0x2ec/0x380 [ 13.369313] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.369337] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.369360] ? update_load_avg+0x1be/0x21b0 [ 13.369388] ? finish_task_switch.isra.0+0x153/0x700 [ 13.369413] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.369436] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.369460] ? __kasan_check_write+0x18/0x20 [ 13.369480] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.369501] ? __pfx_mempool_kfree+0x10/0x10 [ 13.369526] ? __pfx_read_tsc+0x10/0x10 [ 13.369547] ? ktime_get_ts64+0x86/0x230 [ 13.369567] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.369593] kunit_try_run_case+0x1a5/0x480 [ 13.369617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.369777] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.369810] ? __kthread_parkme+0x82/0x180 [ 13.369831] ? preempt_count_sub+0x50/0x80 [ 13.369854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.369877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.369899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.369921] kthread+0x337/0x6f0 [ 13.369940] ? trace_preempt_on+0x20/0xc0 [ 13.369963] ? __pfx_kthread+0x10/0x10 [ 13.369983] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.370004] ? calculate_sigpending+0x7b/0xa0 [ 13.370041] ? __pfx_kthread+0x10/0x10 [ 13.370062] ret_from_fork+0x116/0x1d0 [ 13.370081] ? __pfx_kthread+0x10/0x10 [ 13.370100] ret_from_fork_asm+0x1a/0x30 [ 13.370132] </TASK> [ 13.370144] [ 13.380286] Allocated by task 258: [ 13.380450] kasan_save_stack+0x45/0x70 [ 13.380675] kasan_save_track+0x18/0x40 [ 13.380918] kasan_save_alloc_info+0x3b/0x50 [ 13.381164] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.381794] remove_element+0x11e/0x190 [ 13.382125] mempool_alloc_preallocated+0x4d/0x90 [ 13.382284] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.382456] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.382613] kunit_try_run_case+0x1a5/0x480 [ 13.383197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.383471] kthread+0x337/0x6f0 [ 13.383707] ret_from_fork+0x116/0x1d0 [ 13.383947] ret_from_fork_asm+0x1a/0x30 [ 13.384271] [ 13.384373] The buggy address belongs to the object at ffff8881027e1500 [ 13.384373] which belongs to the cache kmalloc-128 of size 128 [ 13.384940] The buggy address is located 1 bytes inside of [ 13.384940] 128-byte region [ffff8881027e1500, ffff8881027e1580) [ 13.385269] [ 13.385342] The buggy address belongs to the physical page: [ 13.385617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e1 [ 13.386369] flags: 0x200000000000000(node=0|zone=2) [ 13.386641] page_type: f5(slab) [ 13.386922] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.387270] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.387503] page dumped because: kasan: bad access detected [ 13.387727] [ 13.387819] Memory state around the buggy address: [ 13.388057] ffff8881027e1400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.388384] ffff8881027e1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.388612] >ffff8881027e1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.388976] ^ [ 13.389162] ffff8881027e1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.389422] ffff8881027e1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.389629] ==================================================================