Date
July 3, 2025, 6:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.023431] ================================================================== [ 19.024045] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.024353] Free of addr fff00000c79a0001 by task kunit_try_catch/243 [ 19.024430] [ 19.024496] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.024665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.024694] Hardware name: linux,dummy-virt (DT) [ 19.024726] Call trace: [ 19.025276] show_stack+0x20/0x38 (C) [ 19.025566] dump_stack_lvl+0x8c/0xd0 [ 19.025624] print_report+0x118/0x608 [ 19.026229] kasan_report_invalid_free+0xc0/0xe8 [ 19.026648] __kasan_mempool_poison_object+0xfc/0x150 [ 19.027109] mempool_free+0x28c/0x328 [ 19.027167] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.027220] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.027272] kunit_try_run_case+0x170/0x3f0 [ 19.028055] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.028128] kthread+0x328/0x630 [ 19.028450] ret_from_fork+0x10/0x20 [ 19.028581] [ 19.028603] The buggy address belongs to the physical page: [ 19.028841] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079a0 [ 19.028902] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.028949] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.029218] page_type: f8(unknown) [ 19.029259] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.029514] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.029736] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.029807] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.029860] head: 0bfffe0000000002 ffffc1ffc31e6801 00000000ffffffff 00000000ffffffff [ 19.029908] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.030434] page dumped because: kasan: bad access detected [ 19.030536] [ 19.030638] Memory state around the buggy address: [ 19.030885] fff00000c799ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.031045] fff00000c799ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.031514] >fff00000c79a0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.031596] ^ [ 19.031628] fff00000c79a0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.032021] fff00000c79a0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.032071] ================================================================== [ 18.988630] ================================================================== [ 18.989201] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.989970] Free of addr fff00000c7834001 by task kunit_try_catch/241 [ 18.990180] [ 18.990478] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.991444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.991503] Hardware name: linux,dummy-virt (DT) [ 18.991846] Call trace: [ 18.992052] show_stack+0x20/0x38 (C) [ 18.992112] dump_stack_lvl+0x8c/0xd0 [ 18.992161] print_report+0x118/0x608 [ 18.992206] kasan_report_invalid_free+0xc0/0xe8 [ 18.992255] check_slab_allocation+0xfc/0x108 [ 18.992369] __kasan_mempool_poison_object+0x78/0x150 [ 18.992557] mempool_free+0x28c/0x328 [ 18.992611] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.992680] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.993390] kunit_try_run_case+0x170/0x3f0 [ 18.993459] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.993875] kthread+0x328/0x630 [ 18.993967] ret_from_fork+0x10/0x20 [ 18.994334] [ 18.994366] Allocated by task 241: [ 18.994577] kasan_save_stack+0x3c/0x68 [ 18.994680] kasan_save_track+0x20/0x40 [ 18.994787] kasan_save_alloc_info+0x40/0x58 [ 18.994828] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.994870] remove_element+0x130/0x1f8 [ 18.994904] mempool_alloc_preallocated+0x58/0xc0 [ 18.995546] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.995752] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.996385] kunit_try_run_case+0x170/0x3f0 [ 18.996518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.996629] kthread+0x328/0x630 [ 18.996661] ret_from_fork+0x10/0x20 [ 18.996697] [ 18.996718] The buggy address belongs to the object at fff00000c7834000 [ 18.996718] which belongs to the cache kmalloc-128 of size 128 [ 18.997194] The buggy address is located 1 bytes inside of [ 18.997194] 128-byte region [fff00000c7834000, fff00000c7834080) [ 18.997374] [ 18.997498] The buggy address belongs to the physical page: [ 18.997717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 18.998070] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.998134] page_type: f5(slab) [ 18.998563] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.998800] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.998846] page dumped because: kasan: bad access detected [ 18.998877] [ 18.998896] Memory state around the buggy address: [ 18.999426] fff00000c7833f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.999668] fff00000c7833f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.999970] >fff00000c7834000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.000135] ^ [ 19.000167] fff00000c7834080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.000211] fff00000c7834100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.000249] ==================================================================
[ 13.165093] ================================================================== [ 13.166050] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.166565] Free of addr ffff888102a18001 by task kunit_try_catch/261 [ 13.166847] [ 13.166977] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.167022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.167034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.167056] Call Trace: [ 13.167069] <TASK> [ 13.167084] dump_stack_lvl+0x73/0xb0 [ 13.167127] print_report+0xd1/0x650 [ 13.167151] ? __virt_addr_valid+0x1db/0x2d0 [ 13.167176] ? kasan_addr_to_slab+0x11/0xa0 [ 13.167197] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167227] kasan_report_invalid_free+0x10a/0x130 [ 13.167251] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167290] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167315] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.167340] mempool_free+0x2ec/0x380 [ 13.167375] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167400] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.167423] ? update_load_avg+0x1be/0x21b0 [ 13.167452] ? finish_task_switch.isra.0+0x153/0x700 [ 13.167476] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.167529] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.167557] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.167579] ? __pfx_mempool_kfree+0x10/0x10 [ 13.167604] ? __pfx_read_tsc+0x10/0x10 [ 13.167625] ? ktime_get_ts64+0x86/0x230 [ 13.167650] kunit_try_run_case+0x1a5/0x480 [ 13.167674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.167696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.167719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.167742] ? __kthread_parkme+0x82/0x180 [ 13.167764] ? preempt_count_sub+0x50/0x80 [ 13.167786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.167808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.167831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.167853] kthread+0x337/0x6f0 [ 13.167871] ? trace_preempt_on+0x20/0xc0 [ 13.167896] ? __pfx_kthread+0x10/0x10 [ 13.167915] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.167936] ? calculate_sigpending+0x7b/0xa0 [ 13.167961] ? __pfx_kthread+0x10/0x10 [ 13.167981] ret_from_fork+0x116/0x1d0 [ 13.167999] ? __pfx_kthread+0x10/0x10 [ 13.168019] ret_from_fork_asm+0x1a/0x30 [ 13.168050] </TASK> [ 13.168061] [ 13.178290] The buggy address belongs to the physical page: [ 13.178596] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a18 [ 13.178946] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.179396] flags: 0x200000000000040(head|node=0|zone=2) [ 13.179605] page_type: f8(unknown) [ 13.179737] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.180076] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.180425] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.181068] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.181535] head: 0200000000000002 ffffea00040a8601 00000000ffffffff 00000000ffffffff [ 13.181914] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.182438] page dumped because: kasan: bad access detected [ 13.182710] [ 13.182812] Memory state around the buggy address: [ 13.183024] ffff888102a17f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183412] ffff888102a17f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183755] >ffff888102a18000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.184085] ^ [ 13.184457] ffff888102a18080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.184803] ffff888102a18100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.185116] ================================================================== [ 13.137181] ================================================================== [ 13.137868] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138150] Free of addr ffff8881029dba01 by task kunit_try_catch/259 [ 13.138360] [ 13.138451] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.138496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.138508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.138529] Call Trace: [ 13.138542] <TASK> [ 13.138559] dump_stack_lvl+0x73/0xb0 [ 13.138586] print_report+0xd1/0x650 [ 13.138609] ? __virt_addr_valid+0x1db/0x2d0 [ 13.138633] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.138655] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138680] kasan_report_invalid_free+0x10a/0x130 [ 13.138704] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138732] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138756] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138780] check_slab_allocation+0x11f/0x130 [ 13.138801] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.138825] mempool_free+0x2ec/0x380 [ 13.138847] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138871] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.138898] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.138918] ? finish_task_switch.isra.0+0x153/0x700 [ 13.138943] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.138966] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.138992] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.139013] ? __pfx_mempool_kfree+0x10/0x10 [ 13.139037] ? __pfx_read_tsc+0x10/0x10 [ 13.139057] ? ktime_get_ts64+0x86/0x230 [ 13.139080] kunit_try_run_case+0x1a5/0x480 [ 13.139764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.139799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.139830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.139853] ? __kthread_parkme+0x82/0x180 [ 13.139874] ? preempt_count_sub+0x50/0x80 [ 13.139895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.139918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.139940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.139962] kthread+0x337/0x6f0 [ 13.139981] ? trace_preempt_on+0x20/0xc0 [ 13.140004] ? __pfx_kthread+0x10/0x10 [ 13.140024] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.140044] ? calculate_sigpending+0x7b/0xa0 [ 13.140067] ? __pfx_kthread+0x10/0x10 [ 13.140088] ret_from_fork+0x116/0x1d0 [ 13.140115] ? __pfx_kthread+0x10/0x10 [ 13.140134] ret_from_fork_asm+0x1a/0x30 [ 13.140216] </TASK> [ 13.140229] [ 13.152638] Allocated by task 259: [ 13.152787] kasan_save_stack+0x45/0x70 [ 13.152939] kasan_save_track+0x18/0x40 [ 13.153255] kasan_save_alloc_info+0x3b/0x50 [ 13.153681] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.153935] remove_element+0x11e/0x190 [ 13.154108] mempool_alloc_preallocated+0x4d/0x90 [ 13.154418] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.154606] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.154862] kunit_try_run_case+0x1a5/0x480 [ 13.155068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.155331] kthread+0x337/0x6f0 [ 13.155557] ret_from_fork+0x116/0x1d0 [ 13.155701] ret_from_fork_asm+0x1a/0x30 [ 13.155845] [ 13.155932] The buggy address belongs to the object at ffff8881029dba00 [ 13.155932] which belongs to the cache kmalloc-128 of size 128 [ 13.156794] The buggy address is located 1 bytes inside of [ 13.156794] 128-byte region [ffff8881029dba00, ffff8881029dba80) [ 13.157371] [ 13.157485] The buggy address belongs to the physical page: [ 13.157688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 13.158070] flags: 0x200000000000000(node=0|zone=2) [ 13.158413] page_type: f5(slab) [ 13.158649] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.159116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.159527] page dumped because: kasan: bad access detected [ 13.159794] [ 13.159886] Memory state around the buggy address: [ 13.160110] ffff8881029db900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.160504] ffff8881029db980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.160725] >ffff8881029dba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.160958] ^ [ 13.161187] ffff8881029dba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.161679] ffff8881029dbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.161908] ==================================================================