Date
May 12, 2025, 6:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.616054] ================================================================== [ 20.616701] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.617232] Free of addr fff00000c65fc001 by task kunit_try_catch/232 [ 20.617489] [ 20.617714] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 20.617827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.617861] Hardware name: linux,dummy-virt (DT) [ 20.617897] Call trace: [ 20.617925] show_stack+0x20/0x38 (C) [ 20.617985] dump_stack_lvl+0x8c/0xd0 [ 20.618055] print_report+0x118/0x608 [ 20.618154] kasan_report_invalid_free+0xc0/0xe8 [ 20.618227] __kasan_mempool_poison_object+0xfc/0x150 [ 20.618288] mempool_free+0x28c/0x328 [ 20.618355] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.618427] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.618499] kunit_try_run_case+0x170/0x3f0 [ 20.618559] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.618618] kthread+0x318/0x620 [ 20.618670] ret_from_fork+0x10/0x20 [ 20.618725] [ 20.623051] The buggy address belongs to the physical page: [ 20.623398] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065fc [ 20.623914] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.624408] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.624860] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.625268] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.625680] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.626014] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.626508] head: 0bfffe0000000002 ffffc1ffc3197f01 ffffffffffffffff 0000000000000000 [ 20.626950] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 20.627512] page dumped because: kasan: bad access detected [ 20.627812] [ 20.627969] Memory state around the buggy address: [ 20.628226] fff00000c65fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.628658] fff00000c65fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.629063] >fff00000c65fc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.629464] ^ [ 20.629650] fff00000c65fc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.630002] fff00000c65fc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.630374] ================================================================== [ 20.590434] ================================================================== [ 20.591012] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.591332] Free of addr fff00000c6649101 by task kunit_try_catch/230 [ 20.591611] [ 20.591836] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 20.591940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.591974] Hardware name: linux,dummy-virt (DT) [ 20.592016] Call trace: [ 20.592057] show_stack+0x20/0x38 (C) [ 20.592136] dump_stack_lvl+0x8c/0xd0 [ 20.592207] print_report+0x118/0x608 [ 20.592280] kasan_report_invalid_free+0xc0/0xe8 [ 20.592339] check_slab_allocation+0xfc/0x108 [ 20.592395] __kasan_mempool_poison_object+0x78/0x150 [ 20.592454] mempool_free+0x28c/0x328 [ 20.592507] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.592579] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.592653] kunit_try_run_case+0x170/0x3f0 [ 20.592712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.592802] kthread+0x318/0x620 [ 20.592861] ret_from_fork+0x10/0x20 [ 20.592917] [ 20.596456] Allocated by task 230: [ 20.596650] kasan_save_stack+0x3c/0x68 [ 20.596949] kasan_save_track+0x20/0x40 [ 20.597200] kasan_save_alloc_info+0x40/0x58 [ 20.597555] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.597969] remove_element+0x130/0x1f8 [ 20.598252] mempool_alloc_preallocated+0x58/0xc0 [ 20.598728] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 20.599009] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.599392] kunit_try_run_case+0x170/0x3f0 [ 20.599712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.600060] kthread+0x318/0x620 [ 20.600270] ret_from_fork+0x10/0x20 [ 20.600470] [ 20.600689] The buggy address belongs to the object at fff00000c6649100 [ 20.600689] which belongs to the cache kmalloc-128 of size 128 [ 20.601359] The buggy address is located 1 bytes inside of [ 20.601359] 128-byte region [fff00000c6649100, fff00000c6649180) [ 20.601938] [ 20.602117] The buggy address belongs to the physical page: [ 20.602357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106649 [ 20.603082] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.603493] page_type: f5(slab) [ 20.603696] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.604135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.604591] page dumped because: kasan: bad access detected [ 20.604917] [ 20.605037] Memory state around the buggy address: [ 20.605389] fff00000c6649000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.605817] fff00000c6649080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.606260] >fff00000c6649100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.607425] ^ [ 20.607611] fff00000c6649180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.608059] fff00000c6649200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.608463] ==================================================================
[ 14.122864] ================================================================== [ 14.124238] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.124876] Free of addr ffff888102addb01 by task kunit_try_catch/249 [ 14.125471] [ 14.125695] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 14.125753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.125766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.125788] Call Trace: [ 14.125804] <TASK> [ 14.125826] dump_stack_lvl+0x73/0xb0 [ 14.125873] print_report+0xd1/0x650 [ 14.125917] ? __virt_addr_valid+0x1db/0x2d0 [ 14.125943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.125969] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.125993] kasan_report_invalid_free+0xfc/0x120 [ 14.126017] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.126064] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.126100] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.126125] check_slab_allocation+0x11f/0x130 [ 14.126146] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.126169] mempool_free+0x2ec/0x380 [ 14.126194] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.126219] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.126246] ? finish_task_switch.isra.0+0x153/0x700 [ 14.126274] mempool_kmalloc_invalid_free+0xee/0x140 [ 14.126297] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.126322] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.126341] ? __pfx_mempool_kfree+0x10/0x10 [ 14.126363] ? __pfx_read_tsc+0x10/0x10 [ 14.126386] ? ktime_get_ts64+0x86/0x230 [ 14.126411] kunit_try_run_case+0x1a6/0x480 [ 14.126436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.126458] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 14.126482] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.126508] ? __kthread_parkme+0x82/0x160 [ 14.126532] ? preempt_count_sub+0x50/0x80 [ 14.126555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.126578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.126604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.126630] kthread+0x324/0x6e0 [ 14.126652] ? trace_preempt_on+0x20/0xc0 [ 14.126677] ? __pfx_kthread+0x10/0x10 [ 14.126700] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.126723] ? calculate_sigpending+0x7b/0xa0 [ 14.126745] ? __pfx_kthread+0x10/0x10 [ 14.126768] ret_from_fork+0x41/0x80 [ 14.126786] ? __pfx_kthread+0x10/0x10 [ 14.126808] ret_from_fork_asm+0x1a/0x30 [ 14.126850] </TASK> [ 14.126862] [ 14.138121] Allocated by task 249: [ 14.138343] kasan_save_stack+0x45/0x70 [ 14.138570] kasan_save_track+0x18/0x40 [ 14.138759] kasan_save_alloc_info+0x3b/0x50 [ 14.138972] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.139346] remove_element+0x11e/0x190 [ 14.139526] mempool_alloc_preallocated+0x4d/0x90 [ 14.139729] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 14.139935] mempool_kmalloc_invalid_free+0xee/0x140 [ 14.140234] kunit_try_run_case+0x1a6/0x480 [ 14.140445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.140695] kthread+0x324/0x6e0 [ 14.140908] ret_from_fork+0x41/0x80 [ 14.141139] ret_from_fork_asm+0x1a/0x30 [ 14.141288] [ 14.141387] The buggy address belongs to the object at ffff888102addb00 [ 14.141387] which belongs to the cache kmalloc-128 of size 128 [ 14.141934] The buggy address is located 1 bytes inside of [ 14.141934] 128-byte region [ffff888102addb00, ffff888102addb80) [ 14.142409] [ 14.142513] The buggy address belongs to the physical page: [ 14.142784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add [ 14.143188] flags: 0x200000000000000(node=0|zone=2) [ 14.143402] page_type: f5(slab) [ 14.143578] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.143892] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.144407] page dumped because: kasan: bad access detected [ 14.144629] [ 14.144724] Memory state around the buggy address: [ 14.144946] ffff888102adda00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.145247] ffff888102adda80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.145521] >ffff888102addb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.145850] ^ [ 14.146085] ffff888102addb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.146404] ffff888102addc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.146714] ================================================================== [ 14.152441] ================================================================== [ 14.152947] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.153539] Free of addr ffff888102d20001 by task kunit_try_catch/251 [ 14.153761] [ 14.153863] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 14.153915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.153928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.153952] Call Trace: [ 14.153966] <TASK> [ 14.153986] dump_stack_lvl+0x73/0xb0 [ 14.154312] print_report+0xd1/0x650 [ 14.154343] ? __virt_addr_valid+0x1db/0x2d0 [ 14.154368] ? kasan_addr_to_slab+0x11/0xa0 [ 14.154387] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.154413] kasan_report_invalid_free+0xfc/0x120 [ 14.154437] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.154464] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.154488] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.154512] mempool_free+0x2ec/0x380 [ 14.154536] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.154560] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.154589] ? finish_task_switch.isra.0+0x153/0x700 [ 14.154617] mempool_kmalloc_large_invalid_free+0xee/0x140 [ 14.154642] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.154669] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.154689] ? __pfx_mempool_kfree+0x10/0x10 [ 14.154709] ? __pfx_read_tsc+0x10/0x10 [ 14.154732] ? ktime_get_ts64+0x86/0x230 [ 14.154758] kunit_try_run_case+0x1a6/0x480 [ 14.154781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.154803] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 14.154825] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.154865] ? __kthread_parkme+0x82/0x160 [ 14.154889] ? preempt_count_sub+0x50/0x80 [ 14.154913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.154937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.154962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.154989] kthread+0x324/0x6e0 [ 14.155026] ? trace_preempt_on+0x20/0xc0 [ 14.155057] ? __pfx_kthread+0x10/0x10 [ 14.155079] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.155103] ? calculate_sigpending+0x7b/0xa0 [ 14.155125] ? __pfx_kthread+0x10/0x10 [ 14.155148] ret_from_fork+0x41/0x80 [ 14.155166] ? __pfx_kthread+0x10/0x10 [ 14.155188] ret_from_fork_asm+0x1a/0x30 [ 14.155220] </TASK> [ 14.155231] [ 14.164637] The buggy address belongs to the physical page: [ 14.164895] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d20 [ 14.165382] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.165658] flags: 0x200000000000040(head|node=0|zone=2) [ 14.165953] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.166306] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.166566] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.166792] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.167097] head: 0200000000000002 ffffea00040b4801 ffffffffffffffff 0000000000000000 [ 14.167582] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 14.167814] page dumped because: kasan: bad access detected [ 14.167988] [ 14.168058] Memory state around the buggy address: [ 14.168523] ffff888102d1ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.168876] ffff888102d1ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.169405] >ffff888102d20000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.169715] ^ [ 14.169902] ffff888102d20080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.170254] ffff888102d20100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.170501] ==================================================================