Date
March 19, 2025, 10:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.631733] ================================================================== [ 37.631965] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 37.632305] Free of addr fff00000c780c001 by task kunit_try_catch/245 [ 37.632743] [ 37.633166] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 37.634248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.634717] Hardware name: linux,dummy-virt (DT) [ 37.634835] Call trace: [ 37.634905] show_stack+0x20/0x38 (C) [ 37.635095] dump_stack_lvl+0x8c/0xd0 [ 37.635243] print_report+0x118/0x5f0 [ 37.635387] kasan_report_invalid_free+0xb0/0xd8 [ 37.637718] __kasan_mempool_poison_object+0xfc/0x150 [ 37.638300] mempool_free+0x28c/0x328 [ 37.639028] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 37.640661] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 37.641067] kunit_try_run_case+0x14c/0x3d0 [ 37.641657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.642266] kthread+0x318/0x618 [ 37.643324] ret_from_fork+0x10/0x20 [ 37.643914] [ 37.643983] The buggy address belongs to the physical page: [ 37.644104] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780c [ 37.644290] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 37.646180] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 37.646739] page_type: f8(unknown) [ 37.647993] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 37.648382] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 37.649075] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 37.649259] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 37.649427] head: 0bfffe0000000002 ffffc1ffc31e0301 00000000ffffffff 00000000ffffffff [ 37.649593] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 37.649714] page dumped because: kasan: bad access detected [ 37.651113] [ 37.651660] Memory state around the buggy address: [ 37.652114] fff00000c780bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.653210] fff00000c780bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.653691] >fff00000c780c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.654072] ^ [ 37.654759] fff00000c780c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.655120] fff00000c780c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.655237] ================================================================== [ 37.593705] ================================================================== [ 37.593919] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 37.594161] Free of addr fff00000c5da6c01 by task kunit_try_catch/243 [ 37.594311] [ 37.594439] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 37.594733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.594830] Hardware name: linux,dummy-virt (DT) [ 37.595159] Call trace: [ 37.595246] show_stack+0x20/0x38 (C) [ 37.595404] dump_stack_lvl+0x8c/0xd0 [ 37.595651] print_report+0x118/0x5f0 [ 37.595973] kasan_report_invalid_free+0xb0/0xd8 [ 37.596503] check_slab_allocation+0xfc/0x108 [ 37.596802] __kasan_mempool_poison_object+0x78/0x150 [ 37.596966] mempool_free+0x28c/0x328 [ 37.597128] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 37.597306] mempool_kmalloc_invalid_free+0xb8/0x110 [ 37.597479] kunit_try_run_case+0x14c/0x3d0 [ 37.598349] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.598674] kthread+0x318/0x618 [ 37.599336] ret_from_fork+0x10/0x20 [ 37.599816] [ 37.599883] Allocated by task 243: [ 37.600227] kasan_save_stack+0x3c/0x68 [ 37.600649] kasan_save_track+0x20/0x40 [ 37.601045] kasan_save_alloc_info+0x40/0x58 [ 37.601643] __kasan_mempool_unpoison_object+0x11c/0x180 [ 37.601793] remove_element+0x130/0x1f8 [ 37.601952] mempool_alloc_preallocated+0x58/0xc0 [ 37.602376] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 37.602809] mempool_kmalloc_invalid_free+0xb8/0x110 [ 37.603297] kunit_try_run_case+0x14c/0x3d0 [ 37.603439] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.603907] kthread+0x318/0x618 [ 37.604324] ret_from_fork+0x10/0x20 [ 37.604853] [ 37.604928] The buggy address belongs to the object at fff00000c5da6c00 [ 37.604928] which belongs to the cache kmalloc-128 of size 128 [ 37.605423] The buggy address is located 1 bytes inside of [ 37.605423] 128-byte region [fff00000c5da6c00, fff00000c5da6c80) [ 37.606178] [ 37.606650] The buggy address belongs to the physical page: [ 37.606762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105da6 [ 37.608127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.608300] page_type: f5(slab) [ 37.608689] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.608917] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.609079] page dumped because: kasan: bad access detected [ 37.609184] [ 37.609236] Memory state around the buggy address: [ 37.609329] fff00000c5da6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.609467] fff00000c5da6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.610387] >fff00000c5da6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.610492] ^ [ 37.610544] fff00000c5da6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.610654] fff00000c5da6d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.610832] ==================================================================
[ 24.533420] ================================================================== [ 24.535582] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.536278] Free of addr ffff888103920001 by task kunit_try_catch/264 [ 24.537597] [ 24.537838] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 24.537962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.537984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.538015] Call Trace: [ 24.538034] <TASK> [ 24.538056] dump_stack_lvl+0x73/0xb0 [ 24.538146] print_report+0xd1/0x660 [ 24.538185] ? __virt_addr_valid+0x1db/0x2d0 [ 24.538252] ? kasan_addr_to_slab+0x11/0xa0 [ 24.538285] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.538323] kasan_report_invalid_free+0xce/0x100 [ 24.538360] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.538402] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.538438] __kasan_mempool_poison_object+0x102/0x1d0 [ 24.538473] mempool_free+0x2ec/0x380 [ 24.538508] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.538546] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 24.538591] ? finish_task_switch.isra.0+0x153/0x730 [ 24.538629] mempool_kmalloc_large_invalid_free+0xb0/0x100 [ 24.538665] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 24.538700] ? __switch_to+0x5d9/0xf70 [ 24.538813] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.538871] ? __pfx_mempool_kfree+0x10/0x10 [ 24.538932] ? __pfx_read_tsc+0x10/0x10 [ 24.538989] ? ktime_get_ts64+0x86/0x240 [ 24.539055] kunit_try_run_case+0x1b2/0x490 [ 24.539146] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.539245] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.539314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.539379] ? __kthread_parkme+0x82/0x160 [ 24.539440] ? preempt_count_sub+0x50/0x80 [ 24.539497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.539535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.539571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.539634] kthread+0x323/0x710 [ 24.539666] ? trace_preempt_on+0x20/0xc0 [ 24.539778] ? __pfx_kthread+0x10/0x10 [ 24.539861] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.539895] ? calculate_sigpending+0x7b/0xa0 [ 24.539941] ? __pfx_kthread+0x10/0x10 [ 24.539973] ret_from_fork+0x41/0x80 [ 24.540007] ? __pfx_kthread+0x10/0x10 [ 24.540038] ret_from_fork_asm+0x1a/0x30 [ 24.540087] </TASK> [ 24.540103] [ 24.562671] The buggy address belongs to the physical page: [ 24.563684] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103920 [ 24.564802] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.565849] flags: 0x200000000000040(head|node=0|zone=2) [ 24.566364] page_type: f8(unknown) [ 24.566890] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.567976] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.568815] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.569318] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.570585] head: 0200000000000002 ffffea00040e4801 00000000ffffffff 00000000ffffffff [ 24.571737] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.573208] page dumped because: kasan: bad access detected [ 24.573620] [ 24.574041] Memory state around the buggy address: [ 24.574521] ffff88810391ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.575697] ffff88810391ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.576525] >ffff888103920000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.577430] ^ [ 24.577884] ffff888103920080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.578335] ffff888103920100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.579481] ================================================================== [ 24.470288] ================================================================== [ 24.471680] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.472560] Free of addr ffff888103210e01 by task kunit_try_catch/262 [ 24.473182] [ 24.473788] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 24.474472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.474502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.474537] Call Trace: [ 24.474556] <TASK> [ 24.474577] dump_stack_lvl+0x73/0xb0 [ 24.474624] print_report+0xd1/0x660 [ 24.474659] ? __virt_addr_valid+0x1db/0x2d0 [ 24.474835] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.474888] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.474927] kasan_report_invalid_free+0xce/0x100 [ 24.474965] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.475007] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.475043] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.475078] check_slab_allocation+0x11f/0x130 [ 24.475131] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.475171] mempool_free+0x2ec/0x380 [ 24.475207] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.475245] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 24.475291] ? finish_task_switch.isra.0+0x153/0x730 [ 24.475328] mempool_kmalloc_invalid_free+0xb0/0x100 [ 24.475363] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 24.475396] ? __switch_to+0x5d9/0xf70 [ 24.475433] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.475461] ? __pfx_mempool_kfree+0x10/0x10 [ 24.475494] ? __pfx_read_tsc+0x10/0x10 [ 24.475523] ? ktime_get_ts64+0x86/0x240 [ 24.475558] kunit_try_run_case+0x1b2/0x490 [ 24.475602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.475650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.475741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.475808] ? __kthread_parkme+0x82/0x160 [ 24.475873] ? preempt_count_sub+0x50/0x80 [ 24.475912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.475959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.475994] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.476028] kthread+0x323/0x710 [ 24.476058] ? trace_preempt_on+0x20/0xc0 [ 24.476092] ? __pfx_kthread+0x10/0x10 [ 24.476144] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.476174] ? calculate_sigpending+0x7b/0xa0 [ 24.476206] ? __pfx_kthread+0x10/0x10 [ 24.476238] ret_from_fork+0x41/0x80 [ 24.476269] ? __pfx_kthread+0x10/0x10 [ 24.476301] ret_from_fork_asm+0x1a/0x30 [ 24.476347] </TASK> [ 24.476364] [ 24.502408] Allocated by task 262: [ 24.503909] kasan_save_stack+0x3d/0x60 [ 24.504271] kasan_save_track+0x18/0x40 [ 24.504630] kasan_save_alloc_info+0x3b/0x50 [ 24.505594] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.506083] remove_element+0x11e/0x190 [ 24.506951] mempool_alloc_preallocated+0x4d/0x90 [ 24.507294] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 24.508797] mempool_kmalloc_invalid_free+0xb0/0x100 [ 24.509332] kunit_try_run_case+0x1b2/0x490 [ 24.509789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.510613] kthread+0x323/0x710 [ 24.511343] ret_from_fork+0x41/0x80 [ 24.511734] ret_from_fork_asm+0x1a/0x30 [ 24.512142] [ 24.513453] The buggy address belongs to the object at ffff888103210e00 [ 24.513453] which belongs to the cache kmalloc-128 of size 128 [ 24.515076] The buggy address is located 1 bytes inside of [ 24.515076] 128-byte region [ffff888103210e00, ffff888103210e80) [ 24.516069] [ 24.516445] The buggy address belongs to the physical page: [ 24.517035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103210 [ 24.517490] flags: 0x200000000000000(node=0|zone=2) [ 24.518488] page_type: f5(slab) [ 24.519032] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.519531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.520430] page dumped because: kasan: bad access detected [ 24.520875] [ 24.521101] Memory state around the buggy address: [ 24.521823] ffff888103210d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.522306] ffff888103210d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.523158] >ffff888103210e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.523960] ^ [ 24.524521] ffff888103210e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.525436] ffff888103210f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.526387] ==================================================================