Date
July 9, 2025, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.335463] ================================================================== [ 19.335624] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.335714] Free of addr fff00000c78b8001 by task kunit_try_catch/243 [ 19.335782] [ 19.335848] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.336046] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.336438] Hardware name: linux,dummy-virt (DT) [ 19.336543] Call trace: [ 19.336621] show_stack+0x20/0x38 (C) [ 19.336717] dump_stack_lvl+0x8c/0xd0 [ 19.336916] print_report+0x118/0x608 [ 19.336976] kasan_report_invalid_free+0xc0/0xe8 [ 19.337031] __kasan_mempool_poison_object+0xfc/0x150 [ 19.337102] mempool_free+0x28c/0x328 [ 19.337292] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.337607] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.337735] kunit_try_run_case+0x170/0x3f0 [ 19.337951] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.338066] kthread+0x328/0x630 [ 19.338411] ret_from_fork+0x10/0x20 [ 19.338564] [ 19.338612] The buggy address belongs to the physical page: [ 19.338649] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078b8 [ 19.338725] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.338790] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.338859] page_type: f8(unknown) [ 19.338909] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.338968] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.339025] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.339114] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.339426] head: 0bfffe0000000002 ffffc1ffc31e2e01 00000000ffffffff 00000000ffffffff [ 19.339882] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.339983] page dumped because: kasan: bad access detected [ 19.340042] [ 19.340110] Memory state around the buggy address: [ 19.340269] fff00000c78b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.340322] fff00000c78b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.340537] >fff00000c78b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.340648] ^ [ 19.340818] fff00000c78b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.340904] fff00000c78b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.341116] ================================================================== [ 19.317549] ================================================================== [ 19.317890] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.317978] Free of addr fff00000c5a52501 by task kunit_try_catch/241 [ 19.318177] [ 19.318247] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.318513] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.318707] Hardware name: linux,dummy-virt (DT) [ 19.318930] Call trace: [ 19.318985] show_stack+0x20/0x38 (C) [ 19.319048] dump_stack_lvl+0x8c/0xd0 [ 19.319243] print_report+0x118/0x608 [ 19.319417] kasan_report_invalid_free+0xc0/0xe8 [ 19.319481] check_slab_allocation+0xfc/0x108 [ 19.319555] __kasan_mempool_poison_object+0x78/0x150 [ 19.319619] mempool_free+0x28c/0x328 [ 19.319678] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.319737] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.319797] kunit_try_run_case+0x170/0x3f0 [ 19.319851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.319907] kthread+0x328/0x630 [ 19.319955] ret_from_fork+0x10/0x20 [ 19.320009] [ 19.320034] Allocated by task 241: [ 19.320069] kasan_save_stack+0x3c/0x68 [ 19.320128] kasan_save_track+0x20/0x40 [ 19.320169] kasan_save_alloc_info+0x40/0x58 [ 19.320224] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.320286] remove_element+0x130/0x1f8 [ 19.320325] mempool_alloc_preallocated+0x58/0xc0 [ 19.320368] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.320422] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.320475] kunit_try_run_case+0x170/0x3f0 [ 19.320517] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.320564] kthread+0x328/0x630 [ 19.320599] ret_from_fork+0x10/0x20 [ 19.320638] [ 19.320659] The buggy address belongs to the object at fff00000c5a52500 [ 19.320659] which belongs to the cache kmalloc-128 of size 128 [ 19.320724] The buggy address is located 1 bytes inside of [ 19.320724] 128-byte region [fff00000c5a52500, fff00000c5a52580) [ 19.320788] [ 19.320822] The buggy address belongs to the physical page: [ 19.320869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a52 [ 19.320958] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.321014] page_type: f5(slab) [ 19.321064] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.321832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.321908] page dumped because: kasan: bad access detected [ 19.321961] [ 19.322005] Memory state around the buggy address: [ 19.322065] fff00000c5a52400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.322290] fff00000c5a52480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.322586] >fff00000c5a52500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.322657] ^ [ 19.322887] fff00000c5a52580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.323144] fff00000c5a52600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.323255] ==================================================================
[ 14.518109] ================================================================== [ 14.518612] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.518931] Free of addr ffff888103a40001 by task kunit_try_catch/260 [ 14.519359] [ 14.519476] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.519522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.519534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.519554] Call Trace: [ 14.519564] <TASK> [ 14.519580] dump_stack_lvl+0x73/0xb0 [ 14.519622] print_report+0xd1/0x650 [ 14.519645] ? __virt_addr_valid+0x1db/0x2d0 [ 14.519670] ? kasan_addr_to_slab+0x11/0xa0 [ 14.519690] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519717] kasan_report_invalid_free+0x10a/0x130 [ 14.519742] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519771] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519810] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.519835] mempool_free+0x2ec/0x380 [ 14.519862] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.519889] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.519917] ? __kasan_check_write+0x18/0x20 [ 14.519937] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.519960] ? finish_task_switch.isra.0+0x153/0x700 [ 14.519987] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.520013] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.520043] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.520065] ? __pfx_mempool_kfree+0x10/0x10 [ 14.520090] ? __pfx_read_tsc+0x10/0x10 [ 14.520112] ? ktime_get_ts64+0x86/0x230 [ 14.520136] kunit_try_run_case+0x1a5/0x480 [ 14.520160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.520183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.520207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.520231] ? __kthread_parkme+0x82/0x180 [ 14.520253] ? preempt_count_sub+0x50/0x80 [ 14.520276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.520301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.520325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.520350] kthread+0x337/0x6f0 [ 14.520368] ? trace_preempt_on+0x20/0xc0 [ 14.520392] ? __pfx_kthread+0x10/0x10 [ 14.520413] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.520435] ? calculate_sigpending+0x7b/0xa0 [ 14.520459] ? __pfx_kthread+0x10/0x10 [ 14.520481] ret_from_fork+0x116/0x1d0 [ 14.520499] ? __pfx_kthread+0x10/0x10 [ 14.520520] ret_from_fork_asm+0x1a/0x30 [ 14.520551] </TASK> [ 14.520561] [ 14.529087] The buggy address belongs to the physical page: [ 14.529303] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a40 [ 14.529832] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.530118] flags: 0x200000000000040(head|node=0|zone=2) [ 14.530300] page_type: f8(unknown) [ 14.530430] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.530779] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.531128] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.531472] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.532023] head: 0200000000000002 ffffea00040e9001 00000000ffffffff 00000000ffffffff [ 14.532320] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.532624] page dumped because: kasan: bad access detected [ 14.532915] [ 14.533004] Memory state around the buggy address: [ 14.533199] ffff888103a3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.533418] ffff888103a3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.533648] >ffff888103a40000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.533884] ^ [ 14.534049] ffff888103a40080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.534369] ffff888103a40100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.534744] ================================================================== [ 14.492718] ================================================================== [ 14.493515] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.494074] Free of addr ffff8881029c7901 by task kunit_try_catch/258 [ 14.494343] [ 14.494463] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.494512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.494524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.494546] Call Trace: [ 14.494559] <TASK> [ 14.494577] dump_stack_lvl+0x73/0xb0 [ 14.494622] print_report+0xd1/0x650 [ 14.494646] ? __virt_addr_valid+0x1db/0x2d0 [ 14.494672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.494695] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.494723] kasan_report_invalid_free+0x10a/0x130 [ 14.494747] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.494776] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.494816] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.494864] check_slab_allocation+0x11f/0x130 [ 14.494887] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.494911] mempool_free+0x2ec/0x380 [ 14.494939] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.494965] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.494994] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.495017] ? finish_task_switch.isra.0+0x153/0x700 [ 14.495043] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.495068] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.495096] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.495119] ? __pfx_mempool_kfree+0x10/0x10 [ 14.495144] ? __pfx_read_tsc+0x10/0x10 [ 14.495165] ? ktime_get_ts64+0x86/0x230 [ 14.495190] kunit_try_run_case+0x1a5/0x480 [ 14.495216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.495239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.495263] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.495287] ? __kthread_parkme+0x82/0x180 [ 14.495310] ? preempt_count_sub+0x50/0x80 [ 14.495332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.495356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.495382] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.495407] kthread+0x337/0x6f0 [ 14.495426] ? trace_preempt_on+0x20/0xc0 [ 14.495451] ? __pfx_kthread+0x10/0x10 [ 14.495471] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.495493] ? calculate_sigpending+0x7b/0xa0 [ 14.495518] ? __pfx_kthread+0x10/0x10 [ 14.495539] ret_from_fork+0x116/0x1d0 [ 14.495557] ? __pfx_kthread+0x10/0x10 [ 14.495578] ret_from_fork_asm+0x1a/0x30 [ 14.495620] </TASK> [ 14.495630] [ 14.504574] Allocated by task 258: [ 14.504777] kasan_save_stack+0x45/0x70 [ 14.504996] kasan_save_track+0x18/0x40 [ 14.505197] kasan_save_alloc_info+0x3b/0x50 [ 14.505413] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.505678] remove_element+0x11e/0x190 [ 14.505926] mempool_alloc_preallocated+0x4d/0x90 [ 14.506086] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.506318] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.506554] kunit_try_run_case+0x1a5/0x480 [ 14.506779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.507077] kthread+0x337/0x6f0 [ 14.507221] ret_from_fork+0x116/0x1d0 [ 14.507387] ret_from_fork_asm+0x1a/0x30 [ 14.507588] [ 14.507679] The buggy address belongs to the object at ffff8881029c7900 [ 14.507679] which belongs to the cache kmalloc-128 of size 128 [ 14.508246] The buggy address is located 1 bytes inside of [ 14.508246] 128-byte region [ffff8881029c7900, ffff8881029c7980) [ 14.508693] [ 14.508776] The buggy address belongs to the physical page: [ 14.509263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 14.509575] flags: 0x200000000000000(node=0|zone=2) [ 14.509790] page_type: f5(slab) [ 14.510010] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.510309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.510573] page dumped because: kasan: bad access detected [ 14.510757] [ 14.510977] Memory state around the buggy address: [ 14.511210] ffff8881029c7800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.511527] ffff8881029c7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.511762] >ffff8881029c7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.512347] ^ [ 14.512481] ffff8881029c7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.512753] ffff8881029c7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.513062] ==================================================================