Date
June 23, 2025, 1:39 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 27.803096] ================================================================== [ 27.803266] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 27.803512] Free of addr fff00000c7065301 by task kunit_try_catch/243 [ 27.803622] [ 27.803733] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 27.803964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.804034] Hardware name: linux,dummy-virt (DT) [ 27.804115] Call trace: [ 27.804177] show_stack+0x20/0x38 (C) [ 27.804341] dump_stack_lvl+0x8c/0xd0 [ 27.804707] print_report+0x118/0x608 [ 27.804944] kasan_report_invalid_free+0xc0/0xe8 [ 27.805213] check_slab_allocation+0xfc/0x108 [ 27.805339] __kasan_mempool_poison_object+0x78/0x150 [ 27.805486] mempool_free+0x28c/0x328 [ 27.805596] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 27.805731] mempool_kmalloc_invalid_free+0xc0/0x118 [ 27.805851] kunit_try_run_case+0x170/0x3f0 [ 27.805970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.806105] kthread+0x328/0x630 [ 27.806226] ret_from_fork+0x10/0x20 [ 27.806482] [ 27.806534] Allocated by task 243: [ 27.806620] kasan_save_stack+0x3c/0x68 [ 27.806727] kasan_save_track+0x20/0x40 [ 27.806876] kasan_save_alloc_info+0x40/0x58 [ 27.807013] __kasan_mempool_unpoison_object+0x11c/0x180 [ 27.807132] remove_element+0x130/0x1f8 [ 27.807240] mempool_alloc_preallocated+0x58/0xc0 [ 27.807410] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 27.807540] mempool_kmalloc_invalid_free+0xc0/0x118 [ 27.808175] kunit_try_run_case+0x170/0x3f0 [ 27.808772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.809139] kthread+0x328/0x630 [ 27.809710] ret_from_fork+0x10/0x20 [ 27.809874] [ 27.809956] The buggy address belongs to the object at fff00000c7065300 [ 27.809956] which belongs to the cache kmalloc-128 of size 128 [ 27.810141] The buggy address is located 1 bytes inside of [ 27.810141] 128-byte region [fff00000c7065300, fff00000c7065380) [ 27.810479] [ 27.810535] The buggy address belongs to the physical page: [ 27.810614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107065 [ 27.810760] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.810943] page_type: f5(slab) [ 27.811052] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.811244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.811361] page dumped because: kasan: bad access detected [ 27.811457] [ 27.812300] Memory state around the buggy address: [ 27.812550] fff00000c7065200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.812683] fff00000c7065280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.813698] >fff00000c7065300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.813846] ^ [ 27.813915] fff00000c7065380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.814019] fff00000c7065400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.815680] ================================================================== [ 27.833782] ================================================================== [ 27.833929] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 27.834060] Free of addr fff00000c77f0001 by task kunit_try_catch/245 [ 27.834157] [ 27.834234] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 27.834461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.834710] Hardware name: linux,dummy-virt (DT) [ 27.834969] Call trace: [ 27.835382] show_stack+0x20/0x38 (C) [ 27.835535] dump_stack_lvl+0x8c/0xd0 [ 27.835661] print_report+0x118/0x608 [ 27.836794] kasan_report_invalid_free+0xc0/0xe8 [ 27.836939] __kasan_mempool_poison_object+0xfc/0x150 [ 27.837089] mempool_free+0x28c/0x328 [ 27.837368] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 27.837585] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 27.837726] kunit_try_run_case+0x170/0x3f0 [ 27.837854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.838045] kthread+0x328/0x630 [ 27.838404] ret_from_fork+0x10/0x20 [ 27.838537] [ 27.838660] The buggy address belongs to the physical page: [ 27.838743] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077f0 [ 27.838914] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.839050] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 27.839197] page_type: f8(unknown) [ 27.839310] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.839495] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 27.839663] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.839804] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 27.839970] head: 0bfffe0000000002 ffffc1ffc31dfc01 00000000ffffffff 00000000ffffffff [ 27.840127] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.840244] page dumped because: kasan: bad access detected [ 27.840373] [ 27.840444] Memory state around the buggy address: [ 27.840533] fff00000c77eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.840642] fff00000c77eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.840815] >fff00000c77f0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.841096] ^ [ 27.841322] fff00000c77f0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.841462] fff00000c77f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.841589] ==================================================================
[ 19.773214] ================================================================== [ 19.774816] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.775490] Free of addr ffff88810a06fe01 by task kunit_try_catch/262 [ 19.776026] [ 19.776285] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 19.776388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.776406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.776437] Call Trace: [ 19.776454] <TASK> [ 19.776475] dump_stack_lvl+0x73/0xb0 [ 19.776546] print_report+0xd1/0x650 [ 19.776790] ? __virt_addr_valid+0x1db/0x2d0 [ 19.776877] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.776950] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.777027] kasan_report_invalid_free+0x10a/0x130 [ 19.777108] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.777190] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.777317] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.777437] check_slab_allocation+0x11f/0x130 [ 19.777518] __kasan_mempool_poison_object+0x91/0x1d0 [ 19.777620] mempool_free+0x2ec/0x380 [ 19.777741] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.777834] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 19.777878] ? dequeue_entities+0x852/0x1740 [ 19.777916] ? irqentry_exit+0x2a/0x60 [ 19.777945] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.777986] mempool_kmalloc_invalid_free+0xed/0x140 [ 19.778023] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 19.778062] ? __pfx_mempool_kmalloc+0x10/0x10 [ 19.778089] ? __pfx_mempool_kfree+0x10/0x10 [ 19.778119] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 19.778159] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 19.778199] kunit_try_run_case+0x1a5/0x480 [ 19.778274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.778310] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.778346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.778381] ? __kthread_parkme+0x82/0x180 [ 19.778431] ? preempt_count_sub+0x50/0x80 [ 19.778473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.778512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.778546] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.778582] kthread+0x337/0x6f0 [ 19.778653] ? trace_preempt_on+0x20/0xc0 [ 19.778751] ? __pfx_kthread+0x10/0x10 [ 19.778781] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.778843] ? calculate_sigpending+0x7b/0xa0 [ 19.778876] ? __pfx_kthread+0x10/0x10 [ 19.778924] ret_from_fork+0x41/0x80 [ 19.778960] ? __pfx_kthread+0x10/0x10 [ 19.779005] ret_from_fork_asm+0x1a/0x30 [ 19.779053] </TASK> [ 19.779076] [ 19.801877] Allocated by task 262: [ 19.802436] kasan_save_stack+0x45/0x70 [ 19.802970] kasan_save_track+0x18/0x40 [ 19.803475] kasan_save_alloc_info+0x3b/0x50 [ 19.804140] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 19.804803] remove_element+0x11e/0x190 [ 19.805199] mempool_alloc_preallocated+0x4d/0x90 [ 19.805951] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 19.806506] mempool_kmalloc_invalid_free+0xed/0x140 [ 19.807134] kunit_try_run_case+0x1a5/0x480 [ 19.807798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.808298] kthread+0x337/0x6f0 [ 19.808859] ret_from_fork+0x41/0x80 [ 19.809298] ret_from_fork_asm+0x1a/0x30 [ 19.809853] [ 19.810091] The buggy address belongs to the object at ffff88810a06fe00 [ 19.810091] which belongs to the cache kmalloc-128 of size 128 [ 19.811286] The buggy address is located 1 bytes inside of [ 19.811286] 128-byte region [ffff88810a06fe00, ffff88810a06fe80) [ 19.812397] [ 19.812730] The buggy address belongs to the physical page: [ 19.813356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a06f [ 19.814203] flags: 0x200000000000000(node=0|zone=2) [ 19.814858] page_type: f5(slab) [ 19.815234] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.816161] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.816826] page dumped because: kasan: bad access detected [ 19.817487] [ 19.817893] Memory state around the buggy address: [ 19.818357] ffff88810a06fd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.819277] ffff88810a06fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.819816] >ffff88810a06fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.820382] ^ [ 19.820742] ffff88810a06fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.821307] ffff88810a06ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.821995] ================================================================== [ 19.829115] ================================================================== [ 19.830189] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.831978] Free of addr ffff888102c08001 by task kunit_try_catch/264 [ 19.832540] [ 19.832873] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 19.833004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.833044] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.833105] Call Trace: [ 19.833145] <TASK> [ 19.833194] dump_stack_lvl+0x73/0xb0 [ 19.833275] print_report+0xd1/0x650 [ 19.833354] ? __virt_addr_valid+0x1db/0x2d0 [ 19.833432] ? kasan_addr_to_slab+0x11/0xa0 [ 19.833497] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.833577] kasan_report_invalid_free+0x10a/0x130 [ 19.833684] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.833749] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.833799] __kasan_mempool_poison_object+0x102/0x1d0 [ 19.833838] mempool_free+0x2ec/0x380 [ 19.833874] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 19.833914] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 19.833952] ? dequeue_entities+0x852/0x1740 [ 19.833987] ? finish_task_switch.isra.0+0x153/0x700 [ 19.834026] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 19.834063] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 19.834100] ? dequeue_task_fair+0x166/0x4e0 [ 19.834131] ? __pfx_mempool_kmalloc+0x10/0x10 [ 19.834157] ? __pfx_mempool_kfree+0x10/0x10 [ 19.834186] ? __pfx_read_tsc+0x10/0x10 [ 19.834227] ? ktime_get_ts64+0x86/0x230 [ 19.834285] kunit_try_run_case+0x1a5/0x480 [ 19.834324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.834357] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.834392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.834426] ? __kthread_parkme+0x82/0x180 [ 19.834458] ? preempt_count_sub+0x50/0x80 [ 19.834492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.834527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.834560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.834596] kthread+0x337/0x6f0 [ 19.834674] ? trace_preempt_on+0x20/0xc0 [ 19.834740] ? __pfx_kthread+0x10/0x10 [ 19.834768] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.834798] ? calculate_sigpending+0x7b/0xa0 [ 19.834830] ? __pfx_kthread+0x10/0x10 [ 19.834854] ret_from_fork+0x41/0x80 [ 19.834885] ? __pfx_kthread+0x10/0x10 [ 19.834909] ret_from_fork_asm+0x1a/0x30 [ 19.834952] </TASK> [ 19.834967] [ 19.856400] The buggy address belongs to the physical page: [ 19.856997] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c08 [ 19.857558] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.858492] flags: 0x200000000000040(head|node=0|zone=2) [ 19.859390] page_type: f8(unknown) [ 19.859961] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.860779] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.861479] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.862388] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.863055] head: 0200000000000002 ffffea00040b0201 00000000ffffffff 00000000ffffffff [ 19.864107] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.864661] page dumped because: kasan: bad access detected [ 19.865158] [ 19.865527] Memory state around the buggy address: [ 19.866151] ffff888102c07f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.866964] ffff888102c07f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.867742] >ffff888102c08000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.868365] ^ [ 19.868923] ffff888102c08080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.869714] ffff888102c08100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.870746] ==================================================================