Date
June 2, 2025, 2:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.660585] ================================================================== [ 20.661223] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.661778] Free of addr fff00000c66e8001 by task kunit_try_catch/233 [ 20.662088] [ 20.662910] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 20.663038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.663072] Hardware name: linux,dummy-virt (DT) [ 20.663110] Call trace: [ 20.663137] show_stack+0x20/0x38 (C) [ 20.663228] dump_stack_lvl+0x8c/0xd0 [ 20.663284] print_report+0x118/0x608 [ 20.663341] kasan_report_invalid_free+0xc0/0xe8 [ 20.663396] __kasan_mempool_poison_object+0xfc/0x150 [ 20.663453] mempool_free+0x28c/0x328 [ 20.663509] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.663566] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.663623] kunit_try_run_case+0x170/0x3f0 [ 20.663678] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.663736] kthread+0x318/0x620 [ 20.663787] ret_from_fork+0x10/0x20 [ 20.663844] [ 20.668750] The buggy address belongs to the physical page: [ 20.669183] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e8 [ 20.669674] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.670091] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.671004] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.671410] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.671844] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.672235] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.672616] head: 0bfffe0000000002 ffffc1ffc319ba01 ffffffffffffffff 0000000000000000 [ 20.673006] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 20.673801] page dumped because: kasan: bad access detected [ 20.674461] [ 20.674645] Memory state around the buggy address: [ 20.674861] fff00000c66e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.675349] fff00000c66e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.675765] >fff00000c66e8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.676187] ^ [ 20.676384] fff00000c66e8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.676753] fff00000c66e8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.677065] ================================================================== [ 20.631689] ================================================================== [ 20.632287] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.632902] Free of addr fff00000c3f2db01 by task kunit_try_catch/231 [ 20.633397] [ 20.633617] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 20.633742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.633777] Hardware name: linux,dummy-virt (DT) [ 20.633817] Call trace: [ 20.633845] show_stack+0x20/0x38 (C) [ 20.633904] dump_stack_lvl+0x8c/0xd0 [ 20.633961] print_report+0x118/0x608 [ 20.634009] kasan_report_invalid_free+0xc0/0xe8 [ 20.634534] check_slab_allocation+0xfc/0x108 [ 20.634604] __kasan_mempool_poison_object+0x78/0x150 [ 20.634661] mempool_free+0x28c/0x328 [ 20.634718] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 20.634777] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.634832] kunit_try_run_case+0x170/0x3f0 [ 20.634883] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.634940] kthread+0x318/0x620 [ 20.634991] ret_from_fork+0x10/0x20 [ 20.635046] [ 20.639362] Allocated by task 231: [ 20.639621] kasan_save_stack+0x3c/0x68 [ 20.639838] kasan_save_track+0x20/0x40 [ 20.640217] kasan_save_alloc_info+0x40/0x58 [ 20.640626] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.641004] remove_element+0x130/0x1f8 [ 20.641361] mempool_alloc_preallocated+0x58/0xc0 [ 20.641666] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 20.642035] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.642536] kunit_try_run_case+0x170/0x3f0 [ 20.642796] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.643139] kthread+0x318/0x620 [ 20.643389] ret_from_fork+0x10/0x20 [ 20.643623] [ 20.643814] The buggy address belongs to the object at fff00000c3f2db00 [ 20.643814] which belongs to the cache kmalloc-128 of size 128 [ 20.644378] The buggy address is located 1 bytes inside of [ 20.644378] 128-byte region [fff00000c3f2db00, fff00000c3f2db80) [ 20.644970] [ 20.645190] The buggy address belongs to the physical page: [ 20.645462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f2d [ 20.645903] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.646474] page_type: f5(slab) [ 20.647098] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.647621] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.647991] page dumped because: kasan: bad access detected [ 20.648364] [ 20.648471] Memory state around the buggy address: [ 20.648811] fff00000c3f2da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.649212] fff00000c3f2da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.649722] >fff00000c3f2db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.650095] ^ [ 20.650561] fff00000c3f2db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.650851] fff00000c3f2dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.651183] ==================================================================
[ 14.423729] ================================================================== [ 14.424351] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.424752] Free of addr ffff888102cdc001 by task kunit_try_catch/251 [ 14.425144] [ 14.425290] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 14.425332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.425343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.425365] Call Trace: [ 14.425377] <TASK> [ 14.425393] dump_stack_lvl+0x73/0xb0 [ 14.425423] print_report+0xd1/0x650 [ 14.425447] ? __virt_addr_valid+0x1db/0x2d0 [ 14.425473] ? kasan_addr_to_slab+0x11/0xa0 [ 14.425495] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.425523] kasan_report_invalid_free+0xfc/0x120 [ 14.425549] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.425580] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.425606] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.425632] mempool_free+0x2ec/0x380 [ 14.425659] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.425687] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.425718] ? finish_task_switch.isra.0+0x153/0x700 [ 14.425755] mempool_kmalloc_large_invalid_free+0xee/0x140 [ 14.425781] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.425809] ? __kasan_check_write+0x18/0x20 [ 14.425836] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.425858] ? __pfx_mempool_kfree+0x10/0x10 [ 14.425882] ? __pfx_read_tsc+0x10/0x10 [ 14.425906] ? ktime_get_ts64+0x86/0x230 [ 14.425931] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.425962] kunit_try_run_case+0x1a6/0x480 [ 14.425987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.426026] ? queued_spin_lock_slowpath+0x117/0xb40 [ 14.426073] ? __kthread_parkme+0x82/0x160 [ 14.426101] ? preempt_count_sub+0x50/0x80 [ 14.426129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.426157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.426187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.426216] kthread+0x324/0x6e0 [ 14.426240] ? trace_preempt_on+0x20/0xc0 [ 14.426268] ? __pfx_kthread+0x10/0x10 [ 14.426294] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.426320] ? calculate_sigpending+0x7b/0xa0 [ 14.426345] ? __pfx_kthread+0x10/0x10 [ 14.426371] ret_from_fork+0x41/0x80 [ 14.426393] ? __pfx_kthread+0x10/0x10 [ 14.426419] ret_from_fork_asm+0x1a/0x30 [ 14.426454] </TASK> [ 14.426465] [ 14.435361] The buggy address belongs to the physical page: [ 14.435569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cdc [ 14.435891] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.436126] flags: 0x200000000000040(head|node=0|zone=2) [ 14.437317] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.437643] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.437883] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.439012] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.440423] head: 0200000000000002 ffffea00040b3701 ffffffffffffffff 0000000000000000 [ 14.440659] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 14.442991] page dumped because: kasan: bad access detected [ 14.443457] [ 14.443537] Memory state around the buggy address: [ 14.443700] ffff888102cdbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.444102] ffff888102cdbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.444322] >ffff888102cdc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.444533] ^ [ 14.444848] ffff888102cdc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.445471] ffff888102cdc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.446310] ================================================================== [ 14.395920] ================================================================== [ 14.396430] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.396762] Free of addr ffff888101bd1f01 by task kunit_try_catch/249 [ 14.397131] [ 14.397246] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 14.397287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.397298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.397318] Call Trace: [ 14.397330] <TASK> [ 14.397345] dump_stack_lvl+0x73/0xb0 [ 14.397370] print_report+0xd1/0x650 [ 14.397393] ? __virt_addr_valid+0x1db/0x2d0 [ 14.397415] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.397440] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.397465] kasan_report_invalid_free+0xfc/0x120 [ 14.397487] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.397514] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.397537] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.397560] check_slab_allocation+0x11f/0x130 [ 14.397580] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.397603] mempool_free+0x2ec/0x380 [ 14.397625] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 14.397650] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.397678] ? finish_task_switch.isra.0+0x153/0x700 [ 14.397703] mempool_kmalloc_invalid_free+0xee/0x140 [ 14.397727] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.397761] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.397779] ? __pfx_mempool_kfree+0x10/0x10 [ 14.397800] ? __pfx_read_tsc+0x10/0x10 [ 14.397822] ? ktime_get_ts64+0x86/0x230 [ 14.397846] kunit_try_run_case+0x1a6/0x480 [ 14.397869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.397892] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 14.397915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.397939] ? __kthread_parkme+0x82/0x160 [ 14.397960] ? preempt_count_sub+0x50/0x80 [ 14.397983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.398005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.398041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.398067] kthread+0x324/0x6e0 [ 14.398087] ? trace_preempt_on+0x20/0xc0 [ 14.398110] ? __pfx_kthread+0x10/0x10 [ 14.398132] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.398154] ? calculate_sigpending+0x7b/0xa0 [ 14.398175] ? __pfx_kthread+0x10/0x10 [ 14.398197] ret_from_fork+0x41/0x80 [ 14.398216] ? __pfx_kthread+0x10/0x10 [ 14.398237] ret_from_fork_asm+0x1a/0x30 [ 14.398268] </TASK> [ 14.398277] [ 14.407356] Allocated by task 249: [ 14.407630] kasan_save_stack+0x45/0x70 [ 14.408134] kasan_save_track+0x18/0x40 [ 14.408285] kasan_save_alloc_info+0x3b/0x50 [ 14.408438] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.408722] remove_element+0x11e/0x190 [ 14.409196] mempool_alloc_preallocated+0x4d/0x90 [ 14.409421] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 14.409816] mempool_kmalloc_invalid_free+0xee/0x140 [ 14.410126] kunit_try_run_case+0x1a6/0x480 [ 14.410348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.410604] kthread+0x324/0x6e0 [ 14.410900] ret_from_fork+0x41/0x80 [ 14.411137] ret_from_fork_asm+0x1a/0x30 [ 14.411343] [ 14.411416] The buggy address belongs to the object at ffff888101bd1f00 [ 14.411416] which belongs to the cache kmalloc-128 of size 128 [ 14.411816] The buggy address is located 1 bytes inside of [ 14.411816] 128-byte region [ffff888101bd1f00, ffff888101bd1f80) [ 14.412596] [ 14.412939] The buggy address belongs to the physical page: [ 14.413281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bd1 [ 14.413547] flags: 0x200000000000000(node=0|zone=2) [ 14.413805] page_type: f5(slab) [ 14.414094] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.414501] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 14.414878] page dumped because: kasan: bad access detected [ 14.415304] [ 14.415376] Memory state around the buggy address: [ 14.415562] ffff888101bd1e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.415881] ffff888101bd1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.416190] >ffff888101bd1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.416478] ^ [ 14.416836] ffff888101bd1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.417176] ffff888101bd2000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.417398] ==================================================================