Date
June 17, 2025, 3:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 24.424530] ================================================================== [ 24.424644] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.424769] Free of addr fff00000c7a4c001 by task kunit_try_catch/245 [ 24.424889] [ 24.425017] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 24.425711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.426026] Hardware name: linux,dummy-virt (DT) [ 24.426198] Call trace: [ 24.426246] show_stack+0x20/0x38 (C) [ 24.426363] dump_stack_lvl+0x8c/0xd0 [ 24.426475] print_report+0x118/0x608 [ 24.427840] kasan_report_invalid_free+0xc0/0xe8 [ 24.427986] __kasan_mempool_poison_object+0xfc/0x150 [ 24.428964] mempool_free+0x28c/0x328 [ 24.429899] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.430044] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 24.430170] kunit_try_run_case+0x170/0x3f0 [ 24.430986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.431567] kthread+0x328/0x630 [ 24.431930] ret_from_fork+0x10/0x20 [ 24.432555] [ 24.432721] The buggy address belongs to the physical page: [ 24.433135] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4c [ 24.433783] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.433948] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.434179] page_type: f8(unknown) [ 24.434275] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.434367] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.434852] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.435030] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.435282] head: 0bfffe0000000002 ffffc1ffc31e9301 00000000ffffffff 00000000ffffffff [ 24.435806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.436015] page dumped because: kasan: bad access detected [ 24.436125] [ 24.436170] Memory state around the buggy address: [ 24.436252] fff00000c7a4bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.436370] fff00000c7a4bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.436811] >fff00000c7a4c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.436975] ^ [ 24.437148] fff00000c7a4c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.437447] fff00000c7a4c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.437756] ================================================================== [ 24.397489] ================================================================== [ 24.397679] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.397865] Free of addr fff00000c73ad401 by task kunit_try_catch/243 [ 24.397980] [ 24.398065] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 24.398280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.398382] Hardware name: linux,dummy-virt (DT) [ 24.398471] Call trace: [ 24.398564] show_stack+0x20/0x38 (C) [ 24.398714] dump_stack_lvl+0x8c/0xd0 [ 24.398863] print_report+0x118/0x608 [ 24.399110] kasan_report_invalid_free+0xc0/0xe8 [ 24.399254] check_slab_allocation+0xfc/0x108 [ 24.399369] __kasan_mempool_poison_object+0x78/0x150 [ 24.399471] mempool_free+0x28c/0x328 [ 24.399558] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.399681] mempool_kmalloc_invalid_free+0xc0/0x118 [ 24.399825] kunit_try_run_case+0x170/0x3f0 [ 24.399957] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.400175] kthread+0x328/0x630 [ 24.400343] ret_from_fork+0x10/0x20 [ 24.400471] [ 24.400516] Allocated by task 243: [ 24.400592] kasan_save_stack+0x3c/0x68 [ 24.400705] kasan_save_track+0x20/0x40 [ 24.400799] kasan_save_alloc_info+0x40/0x58 [ 24.400889] __kasan_mempool_unpoison_object+0x11c/0x180 [ 24.400995] remove_element+0x130/0x1f8 [ 24.401080] mempool_alloc_preallocated+0x58/0xc0 [ 24.401166] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 24.401263] mempool_kmalloc_invalid_free+0xc0/0x118 [ 24.401359] kunit_try_run_case+0x170/0x3f0 [ 24.401457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.401570] kthread+0x328/0x630 [ 24.401692] ret_from_fork+0x10/0x20 [ 24.401803] [ 24.401875] The buggy address belongs to the object at fff00000c73ad400 [ 24.401875] which belongs to the cache kmalloc-128 of size 128 [ 24.402060] The buggy address is located 1 bytes inside of [ 24.402060] 128-byte region [fff00000c73ad400, fff00000c73ad480) [ 24.402233] [ 24.402304] The buggy address belongs to the physical page: [ 24.402483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ad [ 24.402654] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.402802] page_type: f5(slab) [ 24.402904] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.403032] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.403136] page dumped because: kasan: bad access detected [ 24.403209] [ 24.403250] Memory state around the buggy address: [ 24.403327] fff00000c73ad300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.403428] fff00000c73ad380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.403535] >fff00000c73ad400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.403609] ^ [ 24.403663] fff00000c73ad480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.403779] fff00000c73ad500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.403869] ==================================================================
[ 21.990849] ================================================================== [ 21.993390] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.994459] Free of addr ffff8881030b5601 by task kunit_try_catch/261 [ 21.994814] [ 21.995014] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 21.995121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.995149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.995195] Call Trace: [ 21.995224] <TASK> [ 21.995262] dump_stack_lvl+0x73/0xb0 [ 21.996609] print_report+0xd1/0x650 [ 21.996692] ? __virt_addr_valid+0x1db/0x2d0 [ 21.996779] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.996853] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.996937] kasan_report_invalid_free+0x10a/0x130 [ 21.997241] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.997363] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.997414] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.997460] check_slab_allocation+0x11f/0x130 [ 21.997500] __kasan_mempool_poison_object+0x91/0x1d0 [ 21.997546] mempool_free+0x2ec/0x380 [ 21.997590] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 21.997638] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 21.997683] ? update_load_avg+0x1be/0x21b0 [ 21.997716] ? dequeue_entities+0x27e/0x1740 [ 21.997756] ? finish_task_switch.isra.0+0x153/0x700 [ 21.997802] mempool_kmalloc_invalid_free+0xed/0x140 [ 21.997844] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 21.997884] ? dequeue_task_fair+0x166/0x4e0 [ 21.997921] ? __pfx_mempool_kmalloc+0x10/0x10 [ 21.998019] ? __pfx_mempool_kfree+0x10/0x10 [ 21.998117] ? __pfx_read_tsc+0x10/0x10 [ 21.998155] ? ktime_get_ts64+0x86/0x230 [ 21.998197] kunit_try_run_case+0x1a5/0x480 [ 21.998242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.998280] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.998352] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.998395] ? __kthread_parkme+0x82/0x180 [ 21.998433] ? preempt_count_sub+0x50/0x80 [ 21.998473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.998513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.998552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.998592] kthread+0x337/0x6f0 [ 21.998620] ? trace_preempt_on+0x20/0xc0 [ 21.998659] ? __pfx_kthread+0x10/0x10 [ 21.998687] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.998722] ? calculate_sigpending+0x7b/0xa0 [ 21.998759] ? __pfx_kthread+0x10/0x10 [ 21.998787] ret_from_fork+0x41/0x80 [ 21.998823] ? __pfx_kthread+0x10/0x10 [ 21.998853] ret_from_fork_asm+0x1a/0x30 [ 21.998901] </TASK> [ 21.998919] [ 22.021004] Allocated by task 261: [ 22.021637] kasan_save_stack+0x45/0x70 [ 22.022393] kasan_save_track+0x18/0x40 [ 22.022880] kasan_save_alloc_info+0x3b/0x50 [ 22.023539] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 22.023928] remove_element+0x11e/0x190 [ 22.024551] mempool_alloc_preallocated+0x4d/0x90 [ 22.025224] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 22.025865] mempool_kmalloc_invalid_free+0xed/0x140 [ 22.026562] kunit_try_run_case+0x1a5/0x480 [ 22.027095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.027642] kthread+0x337/0x6f0 [ 22.028227] ret_from_fork+0x41/0x80 [ 22.028692] ret_from_fork_asm+0x1a/0x30 [ 22.029334] [ 22.029577] The buggy address belongs to the object at ffff8881030b5600 [ 22.029577] which belongs to the cache kmalloc-128 of size 128 [ 22.031259] The buggy address is located 1 bytes inside of [ 22.031259] 128-byte region [ffff8881030b5600, ffff8881030b5680) [ 22.032415] [ 22.032669] The buggy address belongs to the physical page: [ 22.033381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030b5 [ 22.034120] flags: 0x200000000000000(node=0|zone=2) [ 22.034602] page_type: f5(slab) [ 22.035275] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.036263] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.037221] page dumped because: kasan: bad access detected [ 22.037745] [ 22.038093] Memory state around the buggy address: [ 22.038603] ffff8881030b5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.039461] ffff8881030b5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.040026] >ffff8881030b5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.040770] ^ [ 22.041319] ffff8881030b5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.041862] ffff8881030b5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.042764] ================================================================== [ 22.050223] ================================================================== [ 22.051192] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 22.051912] Free of addr ffff888102a08001 by task kunit_try_catch/263 [ 22.052568] [ 22.052806] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT(voluntary) [ 22.052948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.053051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.053166] Call Trace: [ 22.053222] <TASK> [ 22.053273] dump_stack_lvl+0x73/0xb0 [ 22.053382] print_report+0xd1/0x650 [ 22.053520] ? __virt_addr_valid+0x1db/0x2d0 [ 22.053600] ? kasan_addr_to_slab+0x11/0xa0 [ 22.053672] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 22.053752] kasan_report_invalid_free+0x10a/0x130 [ 22.053834] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 22.053924] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 22.054069] __kasan_mempool_poison_object+0x102/0x1d0 [ 22.054283] mempool_free+0x2ec/0x380 [ 22.054356] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 22.054399] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 22.054441] ? dequeue_entities+0x852/0x1740 [ 22.054482] ? finish_task_switch.isra.0+0x153/0x700 [ 22.054523] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 22.054562] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 22.054603] ? dequeue_task_fair+0x166/0x4e0 [ 22.054638] ? __pfx_mempool_kmalloc+0x10/0x10 [ 22.054670] ? __pfx_mempool_kfree+0x10/0x10 [ 22.054702] ? __pfx_read_tsc+0x10/0x10 [ 22.054733] ? ktime_get_ts64+0x86/0x230 [ 22.054773] kunit_try_run_case+0x1a5/0x480 [ 22.054812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.054848] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.054887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.054923] ? __kthread_parkme+0x82/0x180 [ 22.054959] ? preempt_count_sub+0x50/0x80 [ 22.054997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.055042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.055110] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.055148] kthread+0x337/0x6f0 [ 22.055175] ? trace_preempt_on+0x20/0xc0 [ 22.055212] ? __pfx_kthread+0x10/0x10 [ 22.055240] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.055275] ? calculate_sigpending+0x7b/0xa0 [ 22.055335] ? __pfx_kthread+0x10/0x10 [ 22.055365] ret_from_fork+0x41/0x80 [ 22.055399] ? __pfx_kthread+0x10/0x10 [ 22.055429] ret_from_fork_asm+0x1a/0x30 [ 22.055477] </TASK> [ 22.055493] [ 22.078236] The buggy address belongs to the physical page: [ 22.079378] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a08 [ 22.080167] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.080944] flags: 0x200000000000040(head|node=0|zone=2) [ 22.081624] page_type: f8(unknown) [ 22.082163] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.082889] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.083763] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.084548] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.085141] head: 0200000000000002 ffffea00040a8201 00000000ffffffff 00000000ffffffff [ 22.086040] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.086810] page dumped because: kasan: bad access detected [ 22.087520] [ 22.087854] Memory state around the buggy address: [ 22.088190] ffff888102a07f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.088841] ffff888102a07f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.089473] >ffff888102a08000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.090545] ^ [ 22.090798] ffff888102a08080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.091823] ffff888102a08100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.092620] ==================================================================