Date
May 23, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.662672] ================================================================== [ 30.663111] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 30.663333] Free of addr fff00000c775ac01 by task kunit_try_catch/243 [ 30.663473] [ 30.663606] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 30.663825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.664232] Hardware name: linux,dummy-virt (DT) [ 30.664337] Call trace: [ 30.664411] show_stack+0x20/0x38 (C) [ 30.664584] dump_stack_lvl+0x8c/0xd0 [ 30.664744] print_report+0x118/0x608 [ 30.664928] kasan_report_invalid_free+0xc0/0xe8 [ 30.665126] check_slab_allocation+0xfc/0x108 [ 30.665248] __kasan_mempool_poison_object+0x78/0x150 [ 30.665398] mempool_free+0x28c/0x328 [ 30.665542] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 30.665715] mempool_kmalloc_invalid_free+0xc0/0x118 [ 30.665849] kunit_try_run_case+0x170/0x3f0 [ 30.665973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.666109] kthread+0x328/0x630 [ 30.666528] ret_from_fork+0x10/0x20 [ 30.666740] [ 30.666794] Allocated by task 243: [ 30.666907] kasan_save_stack+0x3c/0x68 [ 30.667024] kasan_save_track+0x20/0x40 [ 30.667156] kasan_save_alloc_info+0x40/0x58 [ 30.667264] __kasan_mempool_unpoison_object+0x11c/0x180 [ 30.667406] remove_element+0x130/0x1f8 [ 30.667570] mempool_alloc_preallocated+0x58/0xc0 [ 30.667700] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 30.667836] mempool_kmalloc_invalid_free+0xc0/0x118 [ 30.668020] kunit_try_run_case+0x170/0x3f0 [ 30.668154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.668313] kthread+0x328/0x630 [ 30.668415] ret_from_fork+0x10/0x20 [ 30.668522] [ 30.668582] The buggy address belongs to the object at fff00000c775ac00 [ 30.668582] which belongs to the cache kmalloc-128 of size 128 [ 30.669031] The buggy address is located 1 bytes inside of [ 30.669031] 128-byte region [fff00000c775ac00, fff00000c775ac80) [ 30.669215] [ 30.669278] The buggy address belongs to the physical page: [ 30.669393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775a [ 30.669621] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.669772] page_type: f5(slab) [ 30.669940] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.670125] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.670271] page dumped because: kasan: bad access detected [ 30.670378] [ 30.670433] Memory state around the buggy address: [ 30.670576] fff00000c775ab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.670766] fff00000c775ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.670942] >fff00000c775ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.671064] ^ [ 30.671150] fff00000c775ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.671281] fff00000c775ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.671425] ================================================================== [ 30.699313] ================================================================== [ 30.699790] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 30.700683] Free of addr fff00000c7898001 by task kunit_try_catch/245 [ 30.701193] [ 30.701378] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 30.701787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.701877] Hardware name: linux,dummy-virt (DT) [ 30.701982] Call trace: [ 30.702052] show_stack+0x20/0x38 (C) [ 30.702209] dump_stack_lvl+0x8c/0xd0 [ 30.702356] print_report+0x118/0x608 [ 30.702506] kasan_report_invalid_free+0xc0/0xe8 [ 30.703169] __kasan_mempool_poison_object+0xfc/0x150 [ 30.703627] mempool_free+0x28c/0x328 [ 30.704478] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 30.704663] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 30.704802] kunit_try_run_case+0x170/0x3f0 [ 30.705183] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.705774] kthread+0x328/0x630 [ 30.705945] ret_from_fork+0x10/0x20 [ 30.706097] [ 30.706299] The buggy address belongs to the physical page: [ 30.706396] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107898 [ 30.707033] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.707265] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.707567] page_type: f8(unknown) [ 30.707906] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.708301] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 30.708573] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.708779] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 30.709005] head: 0bfffe0000000002 ffffc1ffc31e2601 00000000ffffffff 00000000ffffffff [ 30.709245] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.709615] page dumped because: kasan: bad access detected [ 30.709983] [ 30.710056] Memory state around the buggy address: [ 30.710263] fff00000c7897f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.710406] fff00000c7897f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.710829] >fff00000c7898000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.711230] ^ [ 30.711439] fff00000c7898080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.711709] fff00000c7898100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.711838] ==================================================================
[ 14.373229] ================================================================== [ 14.373800] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.374548] Free of addr ffff888103928001 by task kunit_try_catch/262 [ 14.374923] [ 14.375020] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 14.375406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.375421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.375444] Call Trace: [ 14.375457] <TASK> [ 14.375473] dump_stack_lvl+0x73/0xb0 [ 14.375503] print_report+0xd1/0x650 [ 14.375525] ? __virt_addr_valid+0x1db/0x2d0 [ 14.375548] ? kasan_addr_to_slab+0x11/0xa0 [ 14.375568] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.375594] kasan_report_invalid_free+0x10a/0x130 [ 14.375619] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.375647] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.375672] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.375696] mempool_free+0x2ec/0x380 [ 14.375720] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.375745] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.375770] ? update_load_avg+0x1be/0x21b0 [ 14.375793] ? finish_task_switch.isra.0+0x153/0x700 [ 14.375820] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.375844] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.375868] ? dequeue_task_fair+0x166/0x4e0 [ 14.375948] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.375969] ? __pfx_mempool_kfree+0x10/0x10 [ 14.375991] ? __pfx_read_tsc+0x10/0x10 [ 14.376011] ? ktime_get_ts64+0x86/0x230 [ 14.376036] kunit_try_run_case+0x1a5/0x480 [ 14.376061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.376083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.376106] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.376129] ? __kthread_parkme+0x82/0x180 [ 14.376151] ? preempt_count_sub+0x50/0x80 [ 14.376175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.376199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.376221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.376244] kthread+0x337/0x6f0 [ 14.376260] ? trace_preempt_on+0x20/0xc0 [ 14.376283] ? __pfx_kthread+0x10/0x10 [ 14.376316] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.376337] ? calculate_sigpending+0x7b/0xa0 [ 14.376358] ? __pfx_kthread+0x10/0x10 [ 14.376377] ret_from_fork+0x41/0x80 [ 14.376398] ? __pfx_kthread+0x10/0x10 [ 14.376415] ret_from_fork_asm+0x1a/0x30 [ 14.376447] </TASK> [ 14.376458] [ 14.386166] The buggy address belongs to the physical page: [ 14.386562] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103928 [ 14.387068] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.387358] flags: 0x200000000000040(head|node=0|zone=2) [ 14.387538] page_type: f8(unknown) [ 14.387718] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.388065] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.388483] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.388958] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.389238] head: 0200000000000002 ffffea00040e4a01 00000000ffffffff 00000000ffffffff [ 14.389508] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.389853] page dumped because: kasan: bad access detected [ 14.390152] [ 14.390225] Memory state around the buggy address: [ 14.390391] ffff888103927f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.391091] ffff888103927f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.391398] >ffff888103928000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.391933] ^ [ 14.392167] ffff888103928080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.392407] ffff888103928100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.392728] ================================================================== [ 14.344255] ================================================================== [ 14.344832] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.345250] Free of addr ffff8881026f5a01 by task kunit_try_catch/260 [ 14.345583] [ 14.345706] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 14.345754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.345767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.345788] Call Trace: [ 14.345801] <TASK> [ 14.345816] dump_stack_lvl+0x73/0xb0 [ 14.345844] print_report+0xd1/0x650 [ 14.345866] ? __virt_addr_valid+0x1db/0x2d0 [ 14.345932] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.345958] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.345984] kasan_report_invalid_free+0x10a/0x130 [ 14.346009] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.346036] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.346060] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.346084] check_slab_allocation+0x11f/0x130 [ 14.346106] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.346130] mempool_free+0x2ec/0x380 [ 14.346153] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.346179] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.346204] ? dequeue_entities+0x852/0x1740 [ 14.346228] ? irqentry_exit+0x2a/0x60 [ 14.346250] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.346276] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.346310] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.346337] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.346357] ? __pfx_mempool_kfree+0x10/0x10 [ 14.346377] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.346403] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.346429] kunit_try_run_case+0x1a5/0x480 [ 14.346454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.346475] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.346497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.346520] ? __kthread_parkme+0x82/0x180 [ 14.346541] ? preempt_count_sub+0x50/0x80 [ 14.346565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.346589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.346610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.346633] kthread+0x337/0x6f0 [ 14.346649] ? trace_preempt_on+0x20/0xc0 [ 14.346679] ? __pfx_kthread+0x10/0x10 [ 14.346697] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.346718] ? calculate_sigpending+0x7b/0xa0 [ 14.346740] ? __pfx_kthread+0x10/0x10 [ 14.346758] ret_from_fork+0x41/0x80 [ 14.346780] ? __pfx_kthread+0x10/0x10 [ 14.346797] ret_from_fork_asm+0x1a/0x30 [ 14.346829] </TASK> [ 14.346840] [ 14.357814] Allocated by task 260: [ 14.358107] kasan_save_stack+0x45/0x70 [ 14.358329] kasan_save_track+0x18/0x40 [ 14.358567] kasan_save_alloc_info+0x3b/0x50 [ 14.358764] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.359137] remove_element+0x11e/0x190 [ 14.359341] mempool_alloc_preallocated+0x4d/0x90 [ 14.359682] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.359990] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.360294] kunit_try_run_case+0x1a5/0x480 [ 14.360522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.360697] kthread+0x337/0x6f0 [ 14.360814] ret_from_fork+0x41/0x80 [ 14.360957] ret_from_fork_asm+0x1a/0x30 [ 14.361152] [ 14.361247] The buggy address belongs to the object at ffff8881026f5a00 [ 14.361247] which belongs to the cache kmalloc-128 of size 128 [ 14.362216] The buggy address is located 1 bytes inside of [ 14.362216] 128-byte region [ffff8881026f5a00, ffff8881026f5a80) [ 14.362574] [ 14.362705] The buggy address belongs to the physical page: [ 14.362997] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f5 [ 14.363728] flags: 0x200000000000000(node=0|zone=2) [ 14.364152] page_type: f5(slab) [ 14.364335] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.364665] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.364887] page dumped because: kasan: bad access detected [ 14.365089] [ 14.365205] Memory state around the buggy address: [ 14.365443] ffff8881026f5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.366017] ffff8881026f5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.366466] >ffff8881026f5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.366820] ^ [ 14.367129] ffff8881026f5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.367524] ffff8881026f5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.367845] ==================================================================