Date
July 8, 2025, 7:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.457514] ================================================================== [ 21.457599] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.457834] Free of addr fff00000c5713a01 by task kunit_try_catch/241 [ 21.458063] [ 21.458110] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 21.458351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.458408] Hardware name: linux,dummy-virt (DT) [ 21.458521] Call trace: [ 21.458550] show_stack+0x20/0x38 (C) [ 21.458621] dump_stack_lvl+0x8c/0xd0 [ 21.458688] print_report+0x118/0x608 [ 21.458746] kasan_report_invalid_free+0xc0/0xe8 [ 21.459141] check_slab_allocation+0xfc/0x108 [ 21.459215] __kasan_mempool_poison_object+0x78/0x150 [ 21.459269] mempool_free+0x28c/0x328 [ 21.459762] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.459896] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.459971] kunit_try_run_case+0x170/0x3f0 [ 21.460023] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.460075] kthread+0x328/0x630 [ 21.460467] ret_from_fork+0x10/0x20 [ 21.460598] [ 21.460637] Allocated by task 241: [ 21.460665] kasan_save_stack+0x3c/0x68 [ 21.460720] kasan_save_track+0x20/0x40 [ 21.460772] kasan_save_alloc_info+0x40/0x58 [ 21.460813] __kasan_mempool_unpoison_object+0x11c/0x180 [ 21.460855] remove_element+0x130/0x1f8 [ 21.460894] mempool_alloc_preallocated+0x58/0xc0 [ 21.460936] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 21.460992] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.461034] kunit_try_run_case+0x170/0x3f0 [ 21.461084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.461125] kthread+0x328/0x630 [ 21.461178] ret_from_fork+0x10/0x20 [ 21.461242] [ 21.461261] The buggy address belongs to the object at fff00000c5713a00 [ 21.461261] which belongs to the cache kmalloc-128 of size 128 [ 21.461414] The buggy address is located 1 bytes inside of [ 21.461414] 128-byte region [fff00000c5713a00, fff00000c5713a80) [ 21.461918] [ 21.462001] The buggy address belongs to the physical page: [ 21.462082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 21.462256] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.462394] page_type: f5(slab) [ 21.462436] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.462508] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.463323] page dumped because: kasan: bad access detected [ 21.463816] [ 21.463890] Memory state around the buggy address: [ 21.463991] fff00000c5713900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.464135] fff00000c5713980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.464202] >fff00000c5713a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.464396] ^ [ 21.464439] fff00000c5713a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.464662] fff00000c5713b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.464851] ================================================================== [ 21.480865] ================================================================== [ 21.480928] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.480983] Free of addr fff00000c78dc001 by task kunit_try_catch/243 [ 21.481320] [ 21.481366] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 21.481571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.481608] Hardware name: linux,dummy-virt (DT) [ 21.481765] Call trace: [ 21.481992] show_stack+0x20/0x38 (C) [ 21.482089] dump_stack_lvl+0x8c/0xd0 [ 21.482448] print_report+0x118/0x608 [ 21.482516] kasan_report_invalid_free+0xc0/0xe8 [ 21.482567] __kasan_mempool_poison_object+0xfc/0x150 [ 21.482763] mempool_free+0x28c/0x328 [ 21.482943] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.483004] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 21.483232] kunit_try_run_case+0x170/0x3f0 [ 21.483304] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.483357] kthread+0x328/0x630 [ 21.483541] ret_from_fork+0x10/0x20 [ 21.483995] [ 21.484037] The buggy address belongs to the physical page: [ 21.484081] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078dc [ 21.484564] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.484693] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.484824] page_type: f8(unknown) [ 21.485191] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.485277] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.485426] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.485514] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.485879] head: 0bfffe0000000002 ffffc1ffc31e3701 00000000ffffffff 00000000ffffffff [ 21.486058] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.486103] page dumped because: kasan: bad access detected [ 21.486314] [ 21.486436] Memory state around the buggy address: [ 21.486728] fff00000c78dbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.486783] fff00000c78dbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.487229] >fff00000c78dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.487323] ^ [ 21.487353] fff00000c78dc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.487417] fff00000c78dc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.487820] ==================================================================
[ 14.744324] ================================================================== [ 14.744975] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.745715] Free of addr ffff888103a50001 by task kunit_try_catch/260 [ 14.746086] [ 14.746229] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.746279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.746291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.746314] Call Trace: [ 14.746328] <TASK> [ 14.746347] dump_stack_lvl+0x73/0xb0 [ 14.746378] print_report+0xd1/0x650 [ 14.746401] ? __virt_addr_valid+0x1db/0x2d0 [ 14.746426] ? kasan_addr_to_slab+0x11/0xa0 [ 14.746526] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.746557] kasan_report_invalid_free+0x10a/0x130 [ 14.746581] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.746622] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.746646] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.746670] mempool_free+0x2ec/0x380 [ 14.746698] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.746723] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.746746] ? update_load_avg+0x1be/0x21b0 [ 14.746774] ? finish_task_switch.isra.0+0x153/0x700 [ 14.746799] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.746823] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.746849] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.746872] ? __pfx_mempool_kfree+0x10/0x10 [ 14.746896] ? __pfx_read_tsc+0x10/0x10 [ 14.746917] ? ktime_get_ts64+0x86/0x230 [ 14.746942] kunit_try_run_case+0x1a5/0x480 [ 14.746967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.746989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.747014] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.747036] ? __kthread_parkme+0x82/0x180 [ 14.747110] ? preempt_count_sub+0x50/0x80 [ 14.747135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.747158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.747181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.747203] kthread+0x337/0x6f0 [ 14.747222] ? trace_preempt_on+0x20/0xc0 [ 14.747246] ? __pfx_kthread+0x10/0x10 [ 14.747266] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.747287] ? calculate_sigpending+0x7b/0xa0 [ 14.747311] ? __pfx_kthread+0x10/0x10 [ 14.747332] ret_from_fork+0x116/0x1d0 [ 14.747351] ? __pfx_kthread+0x10/0x10 [ 14.747371] ret_from_fork_asm+0x1a/0x30 [ 14.747402] </TASK> [ 14.747415] [ 14.763299] The buggy address belongs to the physical page: [ 14.763952] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a50 [ 14.764945] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.765406] flags: 0x200000000000040(head|node=0|zone=2) [ 14.765814] page_type: f8(unknown) [ 14.766221] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.767008] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.767624] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.768027] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.768686] head: 0200000000000002 ffffea00040e9401 00000000ffffffff 00000000ffffffff [ 14.769569] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.770237] page dumped because: kasan: bad access detected [ 14.770618] [ 14.770692] Memory state around the buggy address: [ 14.770852] ffff888103a4ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.771134] ffff888103a4ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.771866] >ffff888103a50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.772744] ^ [ 14.773118] ffff888103a50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.773916] ffff888103a50100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.774354] ================================================================== [ 14.705339] ================================================================== [ 14.705888] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.706651] Free of addr ffff888102602e01 by task kunit_try_catch/258 [ 14.706859] [ 14.706956] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.707002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.707014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.707036] Call Trace: [ 14.707086] <TASK> [ 14.707105] dump_stack_lvl+0x73/0xb0 [ 14.707133] print_report+0xd1/0x650 [ 14.707157] ? __virt_addr_valid+0x1db/0x2d0 [ 14.707181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.707206] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.707230] kasan_report_invalid_free+0x10a/0x130 [ 14.707254] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.707280] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.707303] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.707326] check_slab_allocation+0x11f/0x130 [ 14.707347] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.707370] mempool_free+0x2ec/0x380 [ 14.707398] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.707422] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.707447] ? __kasan_check_write+0x18/0x20 [ 14.707466] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.707487] ? finish_task_switch.isra.0+0x153/0x700 [ 14.707523] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.707547] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.707573] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.707594] ? __pfx_mempool_kfree+0x10/0x10 [ 14.707618] ? __pfx_read_tsc+0x10/0x10 [ 14.707639] ? ktime_get_ts64+0x86/0x230 [ 14.707663] kunit_try_run_case+0x1a5/0x480 [ 14.707688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.707710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.707732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.707755] ? __kthread_parkme+0x82/0x180 [ 14.707776] ? preempt_count_sub+0x50/0x80 [ 14.707798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.707821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.707844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.707865] kthread+0x337/0x6f0 [ 14.707884] ? trace_preempt_on+0x20/0xc0 [ 14.707907] ? __pfx_kthread+0x10/0x10 [ 14.707927] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.707947] ? calculate_sigpending+0x7b/0xa0 [ 14.707970] ? __pfx_kthread+0x10/0x10 [ 14.707991] ret_from_fork+0x116/0x1d0 [ 14.708009] ? __pfx_kthread+0x10/0x10 [ 14.708029] ret_from_fork_asm+0x1a/0x30 [ 14.708071] </TASK> [ 14.708084] [ 14.725738] Allocated by task 258: [ 14.726175] kasan_save_stack+0x45/0x70 [ 14.726667] kasan_save_track+0x18/0x40 [ 14.726808] kasan_save_alloc_info+0x3b/0x50 [ 14.726959] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.727146] remove_element+0x11e/0x190 [ 14.727298] mempool_alloc_preallocated+0x4d/0x90 [ 14.727459] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.727642] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.727806] kunit_try_run_case+0x1a5/0x480 [ 14.727954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.728137] kthread+0x337/0x6f0 [ 14.728260] ret_from_fork+0x116/0x1d0 [ 14.728392] ret_from_fork_asm+0x1a/0x30 [ 14.728534] [ 14.728605] The buggy address belongs to the object at ffff888102602e00 [ 14.728605] which belongs to the cache kmalloc-128 of size 128 [ 14.728967] The buggy address is located 1 bytes inside of [ 14.728967] 128-byte region [ffff888102602e00, ffff888102602e80) [ 14.729683] [ 14.729886] The buggy address belongs to the physical page: [ 14.730354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102602 [ 14.731299] flags: 0x200000000000000(node=0|zone=2) [ 14.731998] page_type: f5(slab) [ 14.732406] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.733296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.734180] page dumped because: kasan: bad access detected [ 14.734879] [ 14.735057] Memory state around the buggy address: [ 14.735432] ffff888102602d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.736025] ffff888102602d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.736791] >ffff888102602e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.737012] ^ [ 14.737469] ffff888102602e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.738244] ffff888102602f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.738809] ==================================================================