Date
July 20, 2025, 8:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.318806] ================================================================== [ 17.319181] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.319268] Free of addr fff00000c64d8c01 by task kunit_try_catch/242 [ 17.319497] [ 17.319554] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.319648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.319677] Hardware name: linux,dummy-virt (DT) [ 17.319718] Call trace: [ 17.319744] show_stack+0x20/0x38 (C) [ 17.320092] dump_stack_lvl+0x8c/0xd0 [ 17.320258] print_report+0x118/0x5d0 [ 17.320319] kasan_report_invalid_free+0xc0/0xe8 [ 17.320580] check_slab_allocation+0xfc/0x108 [ 17.320733] __kasan_mempool_poison_object+0x78/0x150 [ 17.320884] mempool_free+0x28c/0x328 [ 17.321123] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.321205] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.321259] kunit_try_run_case+0x170/0x3f0 [ 17.321309] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.321363] kthread+0x328/0x630 [ 17.321754] ret_from_fork+0x10/0x20 [ 17.321918] [ 17.321941] Allocated by task 242: [ 17.322135] kasan_save_stack+0x3c/0x68 [ 17.322246] kasan_save_track+0x20/0x40 [ 17.322344] kasan_save_alloc_info+0x40/0x58 [ 17.322417] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.322501] remove_element+0x130/0x1f8 [ 17.322571] mempool_alloc_preallocated+0x58/0xc0 [ 17.322732] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 17.323257] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.323369] kunit_try_run_case+0x170/0x3f0 [ 17.323468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.323560] kthread+0x328/0x630 [ 17.324080] ret_from_fork+0x10/0x20 [ 17.324230] [ 17.324300] The buggy address belongs to the object at fff00000c64d8c00 [ 17.324300] which belongs to the cache kmalloc-128 of size 128 [ 17.324452] The buggy address is located 1 bytes inside of [ 17.324452] 128-byte region [fff00000c64d8c00, fff00000c64d8c80) [ 17.324520] [ 17.324542] The buggy address belongs to the physical page: [ 17.324575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064d8 [ 17.324631] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.324681] page_type: f5(slab) [ 17.324721] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.324800] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.324842] page dumped because: kasan: bad access detected [ 17.324878] [ 17.324898] Memory state around the buggy address: [ 17.324929] fff00000c64d8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.324987] fff00000c64d8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.325050] >fff00000c64d8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.325586] ^ [ 17.325651] fff00000c64d8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.325719] fff00000c64d8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.325760] ================================================================== [ 17.336146] ================================================================== [ 17.336226] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.336277] Free of addr fff00000c77e0001 by task kunit_try_catch/244 [ 17.336321] [ 17.336375] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.336459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.336486] Hardware name: linux,dummy-virt (DT) [ 17.336518] Call trace: [ 17.336546] show_stack+0x20/0x38 (C) [ 17.336606] dump_stack_lvl+0x8c/0xd0 [ 17.336654] print_report+0x118/0x5d0 [ 17.336707] kasan_report_invalid_free+0xc0/0xe8 [ 17.336758] __kasan_mempool_poison_object+0xfc/0x150 [ 17.336811] mempool_free+0x28c/0x328 [ 17.336862] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.337718] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 17.337791] kunit_try_run_case+0x170/0x3f0 [ 17.338065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.338517] kthread+0x328/0x630 [ 17.338688] ret_from_fork+0x10/0x20 [ 17.338783] [ 17.338828] The buggy address belongs to the physical page: [ 17.339022] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 17.339285] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.339510] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.339650] page_type: f8(unknown) [ 17.339887] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.340096] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.340337] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.340431] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.340778] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 17.340986] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.341247] page dumped because: kasan: bad access detected [ 17.341325] [ 17.341709] Memory state around the buggy address: [ 17.341863] fff00000c77dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.341941] fff00000c77dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.342231] >fff00000c77e0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.342411] ^ [ 17.342510] fff00000c77e0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.342638] fff00000c77e0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.342691] ==================================================================
[ 14.664683] ================================================================== [ 14.665729] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.666176] Free of addr ffff88810326c201 by task kunit_try_catch/259 [ 14.666695] [ 14.666806] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.666858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.666870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.666895] Call Trace: [ 14.666908] <TASK> [ 14.666925] dump_stack_lvl+0x73/0xb0 [ 14.666957] print_report+0xd1/0x610 [ 14.666981] ? __virt_addr_valid+0x1db/0x2d0 [ 14.667018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.667093] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.667125] kasan_report_invalid_free+0x10a/0x130 [ 14.667151] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.667178] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.667205] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.667230] check_slab_allocation+0x11f/0x130 [ 14.667254] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.667281] mempool_free+0x2ec/0x380 [ 14.667310] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.667336] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.667364] ? __call_rcu_common.constprop.0+0x455/0x9e0 [ 14.667391] ? __pfx_task_dead_fair+0x10/0x10 [ 14.667421] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.667446] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.667486] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.667512] ? __pfx_mempool_kfree+0x10/0x10 [ 14.667538] ? __pfx_read_tsc+0x10/0x10 [ 14.667559] ? ktime_get_ts64+0x86/0x230 [ 14.667585] kunit_try_run_case+0x1a5/0x480 [ 14.667611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.667635] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.667660] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.667685] ? __kthread_parkme+0x82/0x180 [ 14.667706] ? preempt_count_sub+0x50/0x80 [ 14.667730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.667755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.667779] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.667803] kthread+0x337/0x6f0 [ 14.667823] ? trace_preempt_on+0x20/0xc0 [ 14.667848] ? __pfx_kthread+0x10/0x10 [ 14.667869] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.667891] ? calculate_sigpending+0x7b/0xa0 [ 14.667917] ? __pfx_kthread+0x10/0x10 [ 14.667939] ret_from_fork+0x116/0x1d0 [ 14.667958] ? __pfx_kthread+0x10/0x10 [ 14.667981] ret_from_fork_asm+0x1a/0x30 [ 14.668014] </TASK> [ 14.668025] [ 14.678651] Allocated by task 259: [ 14.678858] kasan_save_stack+0x45/0x70 [ 14.679111] kasan_save_track+0x18/0x40 [ 14.679297] kasan_save_alloc_info+0x3b/0x50 [ 14.679519] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.679740] remove_element+0x11e/0x190 [ 14.680002] mempool_alloc_preallocated+0x4d/0x90 [ 14.680305] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.680850] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.681039] kunit_try_run_case+0x1a5/0x480 [ 14.681195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.681382] kthread+0x337/0x6f0 [ 14.681524] ret_from_fork+0x116/0x1d0 [ 14.681665] ret_from_fork_asm+0x1a/0x30 [ 14.682012] [ 14.682116] The buggy address belongs to the object at ffff88810326c200 [ 14.682116] which belongs to the cache kmalloc-128 of size 128 [ 14.682686] The buggy address is located 1 bytes inside of [ 14.682686] 128-byte region [ffff88810326c200, ffff88810326c280) [ 14.683106] [ 14.683180] The buggy address belongs to the physical page: [ 14.683360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10326c [ 14.683836] flags: 0x200000000000000(node=0|zone=2) [ 14.684170] page_type: f5(slab) [ 14.684351] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.684723] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.685335] page dumped because: kasan: bad access detected [ 14.685576] [ 14.685676] Memory state around the buggy address: [ 14.685917] ffff88810326c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.686251] ffff88810326c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.686545] >ffff88810326c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.686999] ^ [ 14.687318] ffff88810326c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.687619] ffff88810326c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.688021] ================================================================== [ 14.690844] ================================================================== [ 14.691680] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.692256] Free of addr ffff8881039f4001 by task kunit_try_catch/261 [ 14.692530] [ 14.692648] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.692696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.692709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.692733] Call Trace: [ 14.692745] <TASK> [ 14.692762] dump_stack_lvl+0x73/0xb0 [ 14.692793] print_report+0xd1/0x610 [ 14.692816] ? __virt_addr_valid+0x1db/0x2d0 [ 14.692840] ? kasan_addr_to_slab+0x11/0xa0 [ 14.692860] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.692887] kasan_report_invalid_free+0x10a/0x130 [ 14.692913] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.692941] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.692966] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.692991] mempool_free+0x2ec/0x380 [ 14.693018] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.693056] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.693081] ? update_load_avg+0x1be/0x21b0 [ 14.693105] ? update_load_avg+0x1be/0x21b0 [ 14.693126] ? update_curr+0x80/0x810 [ 14.693149] ? irqentry_exit+0x2a/0x60 [ 14.693171] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.693198] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.693223] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.693250] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.693273] ? __pfx_mempool_kfree+0x10/0x10 [ 14.693297] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.693324] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.693352] kunit_try_run_case+0x1a5/0x480 [ 14.693377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.693400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.693424] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.693447] ? __kthread_parkme+0x82/0x180 [ 14.693478] ? preempt_count_sub+0x50/0x80 [ 14.693502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.693527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.693550] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.693574] kthread+0x337/0x6f0 [ 14.693594] ? trace_preempt_on+0x20/0xc0 [ 14.693617] ? __pfx_kthread+0x10/0x10 [ 14.693639] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.693661] ? calculate_sigpending+0x7b/0xa0 [ 14.693685] ? __pfx_kthread+0x10/0x10 [ 14.693706] ret_from_fork+0x116/0x1d0 [ 14.693726] ? __pfx_kthread+0x10/0x10 [ 14.693746] ret_from_fork_asm+0x1a/0x30 [ 14.693776] </TASK> [ 14.693787] [ 14.703624] The buggy address belongs to the physical page: [ 14.703972] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f4 [ 14.704424] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.704739] flags: 0x200000000000040(head|node=0|zone=2) [ 14.704986] page_type: f8(unknown) [ 14.705302] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.705609] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.706130] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.706465] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.706726] head: 0200000000000002 ffffea00040e7d01 00000000ffffffff 00000000ffffffff [ 14.707049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.707408] page dumped because: kasan: bad access detected [ 14.707737] [ 14.707855] Memory state around the buggy address: [ 14.708068] ffff8881039f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.708334] ffff8881039f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.708617] >ffff8881039f4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.708944] ^ [ 14.709271] ffff8881039f4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.709606] ffff8881039f4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.709879] ==================================================================