Date
July 23, 2025, 2:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.568682] ================================================================== [ 17.568739] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.568795] Free of addr fff00000c77b0001 by task kunit_try_catch/243 [ 17.568838] [ 17.568883] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 17.568966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.568995] Hardware name: linux,dummy-virt (DT) [ 17.569027] Call trace: [ 17.569048] show_stack+0x20/0x38 (C) [ 17.569097] dump_stack_lvl+0x8c/0xd0 [ 17.569942] print_report+0x118/0x5d0 [ 17.570011] kasan_report_invalid_free+0xc0/0xe8 [ 17.570063] __kasan_mempool_poison_object+0xfc/0x150 [ 17.570172] mempool_free+0x28c/0x328 [ 17.570296] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.570798] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 17.571123] kunit_try_run_case+0x170/0x3f0 [ 17.571184] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.571341] kthread+0x328/0x630 [ 17.571385] ret_from_fork+0x10/0x20 [ 17.571486] [ 17.571506] The buggy address belongs to the physical page: [ 17.571816] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077b0 [ 17.571891] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.572198] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.572268] page_type: f8(unknown) [ 17.572503] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.572567] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.572627] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.572685] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.572909] head: 0bfffe0000000002 ffffc1ffc31dec01 00000000ffffffff 00000000ffffffff [ 17.573349] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.573437] page dumped because: kasan: bad access detected [ 17.573701] [ 17.573772] Memory state around the buggy address: [ 17.573806] fff00000c77aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.574175] fff00000c77aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.574233] >fff00000c77b0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.574273] ^ [ 17.574388] fff00000c77b0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.574477] fff00000c77b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.574737] ================================================================== [ 17.553216] ================================================================== [ 17.553275] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.553330] Free of addr fff00000c648f001 by task kunit_try_catch/241 [ 17.553373] [ 17.553404] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 17.553488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.553517] Hardware name: linux,dummy-virt (DT) [ 17.553548] Call trace: [ 17.553569] show_stack+0x20/0x38 (C) [ 17.553620] dump_stack_lvl+0x8c/0xd0 [ 17.553671] print_report+0x118/0x5d0 [ 17.554001] kasan_report_invalid_free+0xc0/0xe8 [ 17.554079] check_slab_allocation+0xfc/0x108 [ 17.554130] __kasan_mempool_poison_object+0x78/0x150 [ 17.554208] mempool_free+0x28c/0x328 [ 17.554254] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.554314] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.554364] kunit_try_run_case+0x170/0x3f0 [ 17.554413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.554477] kthread+0x328/0x630 [ 17.554520] ret_from_fork+0x10/0x20 [ 17.554569] [ 17.554591] Allocated by task 241: [ 17.554620] kasan_save_stack+0x3c/0x68 [ 17.554662] kasan_save_track+0x20/0x40 [ 17.554699] kasan_save_alloc_info+0x40/0x58 [ 17.554739] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.554783] remove_element+0x130/0x1f8 [ 17.554817] mempool_alloc_preallocated+0x58/0xc0 [ 17.554867] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 17.554911] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.554952] kunit_try_run_case+0x170/0x3f0 [ 17.554989] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.555032] kthread+0x328/0x630 [ 17.555063] ret_from_fork+0x10/0x20 [ 17.555099] [ 17.555118] The buggy address belongs to the object at fff00000c648f000 [ 17.555118] which belongs to the cache kmalloc-128 of size 128 [ 17.555181] The buggy address is located 1 bytes inside of [ 17.555181] 128-byte region [fff00000c648f000, fff00000c648f080) [ 17.555243] [ 17.555264] The buggy address belongs to the physical page: [ 17.555295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 17.555351] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.555403] page_type: f5(slab) [ 17.555443] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.555494] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.555536] page dumped because: kasan: bad access detected [ 17.555568] [ 17.555587] Memory state around the buggy address: [ 17.555617] fff00000c648ef00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 17.555661] fff00000c648ef80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 17.555704] >fff00000c648f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.555742] ^ [ 17.555770] fff00000c648f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.555812] fff00000c648f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.555861] ==================================================================
[ 14.298556] ================================================================== [ 14.299090] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.299733] Free of addr ffff8881025cca01 by task kunit_try_catch/258 [ 14.300026] [ 14.300148] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.300195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.300208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.300231] Call Trace: [ 14.300244] <TASK> [ 14.300259] dump_stack_lvl+0x73/0xb0 [ 14.300288] print_report+0xd1/0x610 [ 14.300309] ? __virt_addr_valid+0x1db/0x2d0 [ 14.300331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.300352] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300378] kasan_report_invalid_free+0x10a/0x130 [ 14.300402] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300429] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300453] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300476] check_slab_allocation+0x11f/0x130 [ 14.300498] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.300522] mempool_free+0x2ec/0x380 [ 14.300548] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300573] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.300597] ? update_load_avg+0x1be/0x21b0 [ 14.300619] ? native_smp_send_reschedule+0x43/0x70 [ 14.300642] ? finish_task_switch.isra.0+0x153/0x700 [ 14.300666] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.300690] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.300717] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.300739] ? __pfx_mempool_kfree+0x10/0x10 [ 14.300763] ? __pfx_read_tsc+0x10/0x10 [ 14.300784] ? ktime_get_ts64+0x86/0x230 [ 14.300832] kunit_try_run_case+0x1a5/0x480 [ 14.300863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.300886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.300909] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.300933] ? __kthread_parkme+0x82/0x180 [ 14.300953] ? preempt_count_sub+0x50/0x80 [ 14.300976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.300999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.301022] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.301045] kthread+0x337/0x6f0 [ 14.301064] ? trace_preempt_on+0x20/0xc0 [ 14.301087] ? __pfx_kthread+0x10/0x10 [ 14.301107] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.301129] ? calculate_sigpending+0x7b/0xa0 [ 14.301151] ? __pfx_kthread+0x10/0x10 [ 14.301173] ret_from_fork+0x116/0x1d0 [ 14.301190] ? __pfx_kthread+0x10/0x10 [ 14.301211] ret_from_fork_asm+0x1a/0x30 [ 14.301241] </TASK> [ 14.301250] [ 14.311096] Allocated by task 258: [ 14.311461] kasan_save_stack+0x45/0x70 [ 14.311656] kasan_save_track+0x18/0x40 [ 14.311808] kasan_save_alloc_info+0x3b/0x50 [ 14.312026] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.312367] remove_element+0x11e/0x190 [ 14.312531] mempool_alloc_preallocated+0x4d/0x90 [ 14.312747] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.312985] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.313365] kunit_try_run_case+0x1a5/0x480 [ 14.313524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.313702] kthread+0x337/0x6f0 [ 14.313837] ret_from_fork+0x116/0x1d0 [ 14.313972] ret_from_fork_asm+0x1a/0x30 [ 14.314122] [ 14.314371] The buggy address belongs to the object at ffff8881025cca00 [ 14.314371] which belongs to the cache kmalloc-128 of size 128 [ 14.314936] The buggy address is located 1 bytes inside of [ 14.314936] 128-byte region [ffff8881025cca00, ffff8881025cca80) [ 14.315782] [ 14.315878] The buggy address belongs to the physical page: [ 14.316058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 14.316688] flags: 0x200000000000000(node=0|zone=2) [ 14.316950] page_type: f5(slab) [ 14.317118] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.317517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.317828] page dumped because: kasan: bad access detected [ 14.318077] [ 14.318329] Memory state around the buggy address: [ 14.318544] ffff8881025cc900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.318842] ffff8881025cc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.319137] >ffff8881025cca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.319437] ^ [ 14.319665] ffff8881025cca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.319969] ffff8881025ccb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.320281] ================================================================== [ 14.326565] ================================================================== [ 14.327080] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.327534] Free of addr ffff888103a74001 by task kunit_try_catch/260 [ 14.327796] [ 14.327897] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.327942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.327955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.327974] Call Trace: [ 14.327987] <TASK> [ 14.328000] dump_stack_lvl+0x73/0xb0 [ 14.328029] print_report+0xd1/0x610 [ 14.328051] ? __virt_addr_valid+0x1db/0x2d0 [ 14.328075] ? kasan_addr_to_slab+0x11/0xa0 [ 14.328104] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328130] kasan_report_invalid_free+0x10a/0x130 [ 14.328154] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328183] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328206] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.328230] mempool_free+0x2ec/0x380 [ 14.328257] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328282] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.328310] ? __kasan_check_write+0x18/0x20 [ 14.328329] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.328351] ? finish_task_switch.isra.0+0x153/0x700 [ 14.328376] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.328401] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.328426] ? __kasan_check_write+0x18/0x20 [ 14.328447] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.328469] ? __pfx_mempool_kfree+0x10/0x10 [ 14.328494] ? __pfx_read_tsc+0x10/0x10 [ 14.328514] ? ktime_get_ts64+0x86/0x230 [ 14.328546] kunit_try_run_case+0x1a5/0x480 [ 14.328571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.328597] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.328621] ? __kthread_parkme+0x82/0x180 [ 14.328639] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 14.328664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.328689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.328711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.328735] kthread+0x337/0x6f0 [ 14.328754] ? trace_preempt_on+0x20/0xc0 [ 14.328778] ? __pfx_kthread+0x10/0x10 [ 14.328798] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.328830] ? calculate_sigpending+0x7b/0xa0 [ 14.328860] ? __pfx_kthread+0x10/0x10 [ 14.328882] ret_from_fork+0x116/0x1d0 [ 14.328901] ? __pfx_kthread+0x10/0x10 [ 14.328922] ret_from_fork_asm+0x1a/0x30 [ 14.328951] </TASK> [ 14.328961] [ 14.338324] The buggy address belongs to the physical page: [ 14.338576] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a74 [ 14.338907] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.339212] flags: 0x200000000000040(head|node=0|zone=2) [ 14.339391] page_type: f8(unknown) [ 14.339519] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.339751] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.340152] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.340698] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.341295] head: 0200000000000002 ffffea00040e9d01 00000000ffffffff 00000000ffffffff [ 14.341530] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.342071] page dumped because: kasan: bad access detected [ 14.342489] [ 14.342587] Memory state around the buggy address: [ 14.342823] ffff888103a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.343126] ffff888103a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.343346] >ffff888103a74000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.343605] ^ [ 14.343905] ffff888103a74080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.344324] ffff888103a74100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.344632] ==================================================================