Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 25.233205] ================================================================== [ 25.233395] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 25.233587] Free of addr fff00000c76c5e01 by task kunit_try_catch/245 [ 25.233673] [ 25.233726] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 25.233868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.233919] Hardware name: linux,dummy-virt (DT) [ 25.233983] Call trace: [ 25.234013] show_stack+0x20/0x38 (C) [ 25.234109] dump_stack_lvl+0x8c/0xd0 [ 25.234215] print_report+0x118/0x608 [ 25.234343] kasan_report_invalid_free+0xc0/0xe8 [ 25.234430] check_slab_allocation+0xfc/0x108 [ 25.234536] __kasan_mempool_poison_object+0x78/0x150 [ 25.234643] mempool_free+0x28c/0x328 [ 25.234751] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 25.234864] mempool_kmalloc_invalid_free+0xc0/0x118 [ 25.234929] kunit_try_run_case+0x170/0x3f0 [ 25.235039] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.235099] kthread+0x328/0x630 [ 25.235154] ret_from_fork+0x10/0x20 [ 25.235209] [ 25.235230] Allocated by task 245: [ 25.235264] kasan_save_stack+0x3c/0x68 [ 25.235317] kasan_save_track+0x20/0x40 [ 25.235362] kasan_save_alloc_info+0x40/0x58 [ 25.235422] __kasan_mempool_unpoison_object+0x11c/0x180 [ 25.235476] remove_element+0x130/0x1f8 [ 25.235519] mempool_alloc_preallocated+0x58/0xc0 [ 25.235635] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 25.235832] mempool_kmalloc_invalid_free+0xc0/0x118 [ 25.235902] kunit_try_run_case+0x170/0x3f0 [ 25.235949] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.236002] kthread+0x328/0x630 [ 25.236042] ret_from_fork+0x10/0x20 [ 25.236084] [ 25.236108] The buggy address belongs to the object at fff00000c76c5e00 [ 25.236108] which belongs to the cache kmalloc-128 of size 128 [ 25.236178] The buggy address is located 1 bytes inside of [ 25.236178] 128-byte region [fff00000c76c5e00, fff00000c76c5e80) [ 25.236278] [ 25.236305] The buggy address belongs to the physical page: [ 25.236358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c5 [ 25.236435] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.236499] page_type: f5(slab) [ 25.236584] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.236779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.236853] page dumped because: kasan: bad access detected [ 25.236891] [ 25.236913] Memory state around the buggy address: [ 25.236958] fff00000c76c5d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.237008] fff00000c76c5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.237087] >fff00000c76c5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.237181] ^ [ 25.237220] fff00000c76c5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.237501] fff00000c76c5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.237554] ================================================================== [ 25.252390] ================================================================== [ 25.252517] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 25.252626] Free of addr fff00000c7850001 by task kunit_try_catch/247 [ 25.252679] [ 25.252738] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 25.252845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.252878] Hardware name: linux,dummy-virt (DT) [ 25.252917] Call trace: [ 25.252952] show_stack+0x20/0x38 (C) [ 25.253022] dump_stack_lvl+0x8c/0xd0 [ 25.253081] print_report+0x118/0x608 [ 25.253135] kasan_report_invalid_free+0xc0/0xe8 [ 25.253195] __kasan_mempool_poison_object+0xfc/0x150 [ 25.253256] mempool_free+0x28c/0x328 [ 25.253314] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 25.253378] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 25.253983] kunit_try_run_case+0x170/0x3f0 [ 25.254074] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.254159] kthread+0x328/0x630 [ 25.254217] ret_from_fork+0x10/0x20 [ 25.254373] [ 25.254430] The buggy address belongs to the physical page: [ 25.254475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850 [ 25.254912] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.254998] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.255085] page_type: f8(unknown) [ 25.255364] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.255569] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.255726] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.255995] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.256065] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff [ 25.256234] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.256340] page dumped because: kasan: bad access detected [ 25.256436] [ 25.256516] Memory state around the buggy address: [ 25.256566] fff00000c784ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.256620] fff00000c784ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.256671] >fff00000c7850000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.256716] ^ [ 25.256757] fff00000c7850080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.256806] fff00000c7850100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.256852] ==================================================================
[ 15.668478] ================================================================== [ 15.668931] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.669113] Free of addr ffff8881033b1a01 by task kunit_try_catch/261 [ 15.669831] [ 15.670092] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 15.670152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.670166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.670190] Call Trace: [ 15.670207] <TASK> [ 15.670229] dump_stack_lvl+0x73/0xb0 [ 15.670265] print_report+0xd1/0x650 [ 15.670291] ? __virt_addr_valid+0x1db/0x2d0 [ 15.670316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.670339] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.670364] kasan_report_invalid_free+0x10a/0x130 [ 15.670389] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.670415] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.670439] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.670463] check_slab_allocation+0x11f/0x130 [ 15.670485] __kasan_mempool_poison_object+0x91/0x1d0 [ 15.670508] mempool_free+0x2ec/0x380 [ 15.670533] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.670576] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.670604] ? update_load_avg+0x1be/0x21b0 [ 15.670627] ? dequeue_entities+0x27e/0x1740 [ 15.670650] ? finish_task_switch.isra.0+0x153/0x700 [ 15.670677] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.670701] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 15.670725] ? dequeue_task_fair+0x166/0x4e0 [ 15.670746] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.670765] ? __pfx_mempool_kfree+0x10/0x10 [ 15.670786] ? __pfx_read_tsc+0x10/0x10 [ 15.670808] ? ktime_get_ts64+0x86/0x230 [ 15.670836] kunit_try_run_case+0x1a5/0x480 [ 15.670863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.670885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.670911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.670934] ? __kthread_parkme+0x82/0x180 [ 15.670957] ? preempt_count_sub+0x50/0x80 [ 15.670982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.671008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.671030] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.671053] kthread+0x337/0x6f0 [ 15.671070] ? trace_preempt_on+0x20/0xc0 [ 15.671095] ? __pfx_kthread+0x10/0x10 [ 15.671113] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.671147] ? calculate_sigpending+0x7b/0xa0 [ 15.671174] ? __pfx_kthread+0x10/0x10 [ 15.671194] ret_from_fork+0x41/0x80 [ 15.671218] ? __pfx_kthread+0x10/0x10 [ 15.671238] ret_from_fork_asm+0x1a/0x30 [ 15.671272] </TASK> [ 15.671287] [ 15.681678] Allocated by task 261: [ 15.682306] kasan_save_stack+0x45/0x70 [ 15.682475] kasan_save_track+0x18/0x40 [ 15.682813] kasan_save_alloc_info+0x3b/0x50 [ 15.682995] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.683197] remove_element+0x11e/0x190 [ 15.683337] mempool_alloc_preallocated+0x4d/0x90 [ 15.683475] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 15.684139] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.684826] kunit_try_run_case+0x1a5/0x480 [ 15.685002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.685372] kthread+0x337/0x6f0 [ 15.685518] ret_from_fork+0x41/0x80 [ 15.685633] ret_from_fork_asm+0x1a/0x30 [ 15.685870] [ 15.686011] The buggy address belongs to the object at ffff8881033b1a00 [ 15.686011] which belongs to the cache kmalloc-128 of size 128 [ 15.686372] The buggy address is located 1 bytes inside of [ 15.686372] 128-byte region [ffff8881033b1a00, ffff8881033b1a80) [ 15.687449] [ 15.687798] The buggy address belongs to the physical page: [ 15.688063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b1 [ 15.688312] flags: 0x200000000000000(node=0|zone=2) [ 15.688605] page_type: f5(slab) [ 15.689067] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.689335] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.689737] page dumped because: kasan: bad access detected [ 15.689901] [ 15.690153] Memory state around the buggy address: [ 15.690418] ffff8881033b1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.690650] ffff8881033b1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.690891] >ffff8881033b1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.691433] ^ [ 15.691754] ffff8881033b1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.692082] ffff8881033b1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.692459] ================================================================== [ 15.698104] ================================================================== [ 15.698613] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.698904] Free of addr ffff8881029d8001 by task kunit_try_catch/263 [ 15.699333] [ 15.699479] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 15.699536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.699550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.699584] Call Trace: [ 15.699601] <TASK> [ 15.699623] dump_stack_lvl+0x73/0xb0 [ 15.699654] print_report+0xd1/0x650 [ 15.699678] ? __virt_addr_valid+0x1db/0x2d0 [ 15.699701] ? kasan_addr_to_slab+0x11/0xa0 [ 15.699721] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.699746] kasan_report_invalid_free+0x10a/0x130 [ 15.699770] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.700226] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.700256] __kasan_mempool_poison_object+0x102/0x1d0 [ 15.700283] mempool_free+0x2ec/0x380 [ 15.700310] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.700335] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.700360] ? update_load_avg+0x1be/0x21b0 [ 15.700380] ? dequeue_entities+0x27e/0x1740 [ 15.700403] ? finish_task_switch.isra.0+0x153/0x700 [ 15.700432] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 15.700457] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 15.700480] ? dequeue_task_fair+0x166/0x4e0 [ 15.700503] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.700522] ? __pfx_mempool_kfree+0x10/0x10 [ 15.700543] ? __pfx_read_tsc+0x10/0x10 [ 15.700583] ? ktime_get_ts64+0x86/0x230 [ 15.700610] kunit_try_run_case+0x1a5/0x480 [ 15.700635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.700658] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.700682] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.700757] ? __kthread_parkme+0x82/0x180 [ 15.700781] ? preempt_count_sub+0x50/0x80 [ 15.700805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.700828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.700851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.700874] kthread+0x337/0x6f0 [ 15.700892] ? trace_preempt_on+0x20/0xc0 [ 15.700917] ? __pfx_kthread+0x10/0x10 [ 15.700935] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.700955] ? calculate_sigpending+0x7b/0xa0 [ 15.700978] ? __pfx_kthread+0x10/0x10 [ 15.700995] ret_from_fork+0x41/0x80 [ 15.701015] ? __pfx_kthread+0x10/0x10 [ 15.701032] ret_from_fork_asm+0x1a/0x30 [ 15.701061] </TASK> [ 15.701074] [ 15.711181] The buggy address belongs to the physical page: [ 15.711355] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d8 [ 15.711798] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.712023] flags: 0x200000000000040(head|node=0|zone=2) [ 15.712434] page_type: f8(unknown) [ 15.712554] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.712917] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.713277] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.713424] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.714047] head: 0200000000000002 ffffea00040a7601 00000000ffffffff 00000000ffffffff [ 15.714807] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.715012] page dumped because: kasan: bad access detected [ 15.715177] [ 15.715252] Memory state around the buggy address: [ 15.715381] ffff8881029d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.715589] ffff8881029d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.715726] >ffff8881029d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.715851] ^ [ 15.716347] ffff8881029d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.717442] ffff8881029d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.717939] ==================================================================