Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 25.552011] ================================================================== [ 25.553269] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 25.554149] Free of addr fff00000c6610001 by task kunit_try_catch/232 [ 25.554847] [ 25.555199] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 25.555330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.555363] Hardware name: linux,dummy-virt (DT) [ 25.555434] Call trace: [ 25.555501] show_stack+0x20/0x38 (C) [ 25.555646] dump_stack_lvl+0x8c/0xd0 [ 25.555850] print_report+0x118/0x608 [ 25.556021] kasan_report_invalid_free+0xc0/0xe8 [ 25.556160] __kasan_mempool_poison_object+0xfc/0x150 [ 25.556342] mempool_free+0x28c/0x328 [ 25.556485] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 25.556615] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 25.556747] kunit_try_run_case+0x170/0x3f0 [ 25.556898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.557092] kthread+0x318/0x620 [ 25.557225] ret_from_fork+0x10/0x20 [ 25.557349] [ 25.564192] The buggy address belongs to the physical page: [ 25.564765] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106610 [ 25.567227] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.568385] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.571595] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.572269] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.572851] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.574778] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.579104] head: 0bfffe0000000002 ffffc1ffc3198401 ffffffffffffffff 0000000000000000 [ 25.582343] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 25.585728] page dumped because: kasan: bad access detected [ 25.588147] [ 25.588385] Memory state around the buggy address: [ 25.588785] fff00000c660ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.591749] fff00000c660ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.595197] >fff00000c6610000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.598425] ^ [ 25.599053] fff00000c6610080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.602804] fff00000c6610100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.606140] ================================================================== [ 25.458980] ================================================================== [ 25.462650] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 25.464416] Free of addr fff00000c6414501 by task kunit_try_catch/230 [ 25.466711] [ 25.467470] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 25.467734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.467800] Hardware name: linux,dummy-virt (DT) [ 25.467872] Call trace: [ 25.467949] show_stack+0x20/0x38 (C) [ 25.468072] dump_stack_lvl+0x8c/0xd0 [ 25.468185] print_report+0x118/0x608 [ 25.468296] kasan_report_invalid_free+0xc0/0xe8 [ 25.468416] check_slab_allocation+0xfc/0x108 [ 25.468535] __kasan_mempool_poison_object+0x78/0x150 [ 25.468661] mempool_free+0x28c/0x328 [ 25.468775] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 25.468918] mempool_kmalloc_invalid_free+0xc0/0x118 [ 25.469389] kunit_try_run_case+0x170/0x3f0 [ 25.469522] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.469647] kthread+0x318/0x620 [ 25.469754] ret_from_fork+0x10/0x20 [ 25.469871] [ 25.488564] Allocated by task 230: [ 25.490708] kasan_save_stack+0x3c/0x68 [ 25.491686] kasan_save_track+0x20/0x40 [ 25.493611] kasan_save_alloc_info+0x40/0x58 [ 25.494961] __kasan_mempool_unpoison_object+0x11c/0x180 [ 25.495979] remove_element+0x130/0x1f8 [ 25.498094] mempool_alloc_preallocated+0x58/0xc0 [ 25.499409] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 25.500275] mempool_kmalloc_invalid_free+0xc0/0x118 [ 25.500718] kunit_try_run_case+0x170/0x3f0 [ 25.502479] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.504150] kthread+0x318/0x620 [ 25.506518] ret_from_fork+0x10/0x20 [ 25.507466] [ 25.508311] The buggy address belongs to the object at fff00000c6414500 [ 25.508311] which belongs to the cache kmalloc-128 of size 128 [ 25.511927] The buggy address is located 1 bytes inside of [ 25.511927] 128-byte region [fff00000c6414500, fff00000c6414580) [ 25.514640] [ 25.514902] The buggy address belongs to the physical page: [ 25.515343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414 [ 25.516548] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.518919] page_type: f5(slab) [ 25.519787] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.522669] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.524493] page dumped because: kasan: bad access detected [ 25.526621] [ 25.527231] Memory state around the buggy address: [ 25.528340] fff00000c6414400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.530173] fff00000c6414480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.532539] >fff00000c6414500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.534761] ^ [ 25.535807] fff00000c6414580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.536698] fff00000c6414600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.539439] ==================================================================
[ 19.949266] ================================================================== [ 19.950208] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.950954] Free of addr ffff888102d78001 by task kunit_try_catch/251 [ 19.951817] [ 19.952078] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 19.952141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.952158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.952184] Call Trace: [ 19.952202] <TASK> [ 19.952225] dump_stack_lvl+0x73/0xb0 [ 19.952263] print_report+0xd1/0x650 [ 19.952295] ? __virt_addr_valid+0x1db/0x2d0 [ 19.952339] ? kasan_addr_to_slab+0x11/0xa0 [ 19.952366] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.952398] kasan_report_invalid_free+0xfc/0x120 [ 19.952428] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.952462] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.952492] __kasan_mempool_poison_object+0x102/0x1d0 [ 19.952521] mempool_free+0x2ec/0x380 [ 19.952551] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.952582] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 19.952617] ? finish_task_switch.isra.0+0x153/0x700 [ 19.952651] mempool_kmalloc_large_invalid_free+0xee/0x140 [ 19.952681] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 19.952714] ? __pfx_mempool_kmalloc+0x10/0x10 [ 19.952738] ? __pfx_mempool_kfree+0x10/0x10 [ 19.952764] ? __pfx_read_tsc+0x10/0x10 [ 19.952791] ? ktime_get_ts64+0x86/0x230 [ 19.952823] kunit_try_run_case+0x1a6/0x480 [ 19.952871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.952921] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.952983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.953038] ? __kthread_parkme+0x82/0x160 [ 19.953071] ? preempt_count_sub+0x50/0x80 [ 19.953104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.953134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.953168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.953225] kthread+0x324/0x6e0 [ 19.953273] ? trace_preempt_on+0x20/0xc0 [ 19.953332] ? __pfx_kthread+0x10/0x10 [ 19.953389] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.953443] ? calculate_sigpending+0x7b/0xa0 [ 19.953498] ? __pfx_kthread+0x10/0x10 [ 19.953556] ret_from_fork+0x41/0x80 [ 19.953609] ? __pfx_kthread+0x10/0x10 [ 19.953643] ret_from_fork_asm+0x1a/0x30 [ 19.953687] </TASK> [ 19.953702] [ 19.971312] The buggy address belongs to the physical page: [ 19.971841] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d78 [ 19.972434] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.972839] flags: 0x200000000000040(head|node=0|zone=2) [ 19.973378] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.973918] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.974568] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.975045] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.975497] head: 0200000000000002 ffffea00040b5e01 ffffffffffffffff 0000000000000000 [ 19.976226] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 19.977141] page dumped because: kasan: bad access detected [ 19.977869] [ 19.978183] Memory state around the buggy address: [ 19.978657] ffff888102d77f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.979135] ffff888102d77f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.980156] >ffff888102d78000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.980871] ^ [ 19.981204] ffff888102d78080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.981648] ffff888102d78100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.982036] ================================================================== [ 19.900472] ================================================================== [ 19.901387] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.901830] Free of addr ffff88810298a901 by task kunit_try_catch/249 [ 19.902377] [ 19.902561] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 19.902665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.902695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.902743] Call Trace: [ 19.902775] <TASK> [ 19.902815] dump_stack_lvl+0x73/0xb0 [ 19.903034] print_report+0xd1/0x650 [ 19.903104] ? __virt_addr_valid+0x1db/0x2d0 [ 19.903165] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.903226] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.903287] kasan_report_invalid_free+0xfc/0x120 [ 19.903378] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.903543] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.903622] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.903692] check_slab_allocation+0x11f/0x130 [ 19.903752] __kasan_mempool_poison_object+0x91/0x1d0 [ 19.903808] mempool_free+0x2ec/0x380 [ 19.903885] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 19.903946] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 19.904010] ? finish_task_switch.isra.0+0x153/0x700 [ 19.904072] mempool_kmalloc_invalid_free+0xee/0x140 [ 19.904125] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 19.904189] ? __pfx_mempool_kmalloc+0x10/0x10 [ 19.904236] ? __pfx_mempool_kfree+0x10/0x10 [ 19.904266] ? __pfx_read_tsc+0x10/0x10 [ 19.904314] ? ktime_get_ts64+0x86/0x230 [ 19.904357] kunit_try_run_case+0x1a6/0x480 [ 19.904392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.904422] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.904534] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.904568] ? __kthread_parkme+0x82/0x160 [ 19.904599] ? preempt_count_sub+0x50/0x80 [ 19.904631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.904661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.904695] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.904727] kthread+0x324/0x6e0 [ 19.904755] ? trace_preempt_on+0x20/0xc0 [ 19.904785] ? __pfx_kthread+0x10/0x10 [ 19.904813] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.904841] ? calculate_sigpending+0x7b/0xa0 [ 19.904889] ? __pfx_kthread+0x10/0x10 [ 19.904919] ret_from_fork+0x41/0x80 [ 19.904944] ? __pfx_kthread+0x10/0x10 [ 19.904972] ret_from_fork_asm+0x1a/0x30 [ 19.905014] </TASK> [ 19.905029] [ 19.923174] Allocated by task 249: [ 19.923457] kasan_save_stack+0x45/0x70 [ 19.923897] kasan_save_track+0x18/0x40 [ 19.924550] kasan_save_alloc_info+0x3b/0x50 [ 19.924833] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 19.925119] remove_element+0x11e/0x190 [ 19.925446] mempool_alloc_preallocated+0x4d/0x90 [ 19.926053] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 19.926593] mempool_kmalloc_invalid_free+0xee/0x140 [ 19.927261] kunit_try_run_case+0x1a6/0x480 [ 19.927907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.928233] kthread+0x324/0x6e0 [ 19.928695] ret_from_fork+0x41/0x80 [ 19.929101] ret_from_fork_asm+0x1a/0x30 [ 19.929886] [ 19.930031] The buggy address belongs to the object at ffff88810298a900 [ 19.930031] which belongs to the cache kmalloc-128 of size 128 [ 19.931505] The buggy address is located 1 bytes inside of [ 19.931505] 128-byte region [ffff88810298a900, ffff88810298a980) [ 19.932376] [ 19.933097] The buggy address belongs to the physical page: [ 19.933514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298a [ 19.934036] flags: 0x200000000000000(node=0|zone=2) [ 19.934426] page_type: f5(slab) [ 19.934650] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.935908] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.936633] page dumped because: kasan: bad access detected [ 19.937248] [ 19.937688] Memory state around the buggy address: [ 19.938003] ffff88810298a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.939371] ffff88810298a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.939915] >ffff88810298a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.940565] ^ [ 19.940924] ffff88810298a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.941876] ffff88810298aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.942430] ==================================================================