Date
July 3, 2025, 3:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.702267] ================================================================== [ 17.702348] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.702498] Free of addr fff00000c77fa501 by task kunit_try_catch/244 [ 17.702663] [ 17.702711] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 17.702793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.702845] Hardware name: linux,dummy-virt (DT) [ 17.702876] Call trace: [ 17.702899] show_stack+0x20/0x38 (C) [ 17.703116] dump_stack_lvl+0x8c/0xd0 [ 17.703191] print_report+0x118/0x608 [ 17.703296] kasan_report_invalid_free+0xc0/0xe8 [ 17.703384] check_slab_allocation+0xfc/0x108 [ 17.703450] __kasan_mempool_poison_object+0x78/0x150 [ 17.703522] mempool_free+0x28c/0x328 [ 17.703578] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.703775] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.703979] kunit_try_run_case+0x170/0x3f0 [ 17.704179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.704372] kthread+0x328/0x630 [ 17.704447] ret_from_fork+0x10/0x20 [ 17.704558] [ 17.704598] Allocated by task 244: [ 17.704655] kasan_save_stack+0x3c/0x68 [ 17.704734] kasan_save_track+0x20/0x40 [ 17.704814] kasan_save_alloc_info+0x40/0x58 [ 17.704890] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.704931] remove_element+0x130/0x1f8 [ 17.705195] mempool_alloc_preallocated+0x58/0xc0 [ 17.705312] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 17.705390] mempool_kmalloc_invalid_free+0xc0/0x118 [ 17.705446] kunit_try_run_case+0x170/0x3f0 [ 17.705523] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.705579] kthread+0x328/0x630 [ 17.705627] ret_from_fork+0x10/0x20 [ 17.705735] [ 17.705783] The buggy address belongs to the object at fff00000c77fa500 [ 17.705783] which belongs to the cache kmalloc-128 of size 128 [ 17.705872] The buggy address is located 1 bytes inside of [ 17.705872] 128-byte region [fff00000c77fa500, fff00000c77fa580) [ 17.705977] [ 17.706004] The buggy address belongs to the physical page: [ 17.706043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa [ 17.706230] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.706281] page_type: f5(slab) [ 17.706548] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.706624] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.706679] page dumped because: kasan: bad access detected [ 17.706734] [ 17.706765] Memory state around the buggy address: [ 17.706833] fff00000c77fa400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.706941] fff00000c77fa480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.707038] >fff00000c77fa500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.707093] ^ [ 17.707164] fff00000c77fa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.707673] fff00000c77fa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.707715] ================================================================== [ 17.712819] ================================================================== [ 17.712873] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.712928] Free of addr fff00000c7924001 by task kunit_try_catch/246 [ 17.712987] [ 17.713017] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 17.713111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.713138] Hardware name: linux,dummy-virt (DT) [ 17.713257] Call trace: [ 17.713303] show_stack+0x20/0x38 (C) [ 17.713355] dump_stack_lvl+0x8c/0xd0 [ 17.713432] print_report+0x118/0x608 [ 17.713485] kasan_report_invalid_free+0xc0/0xe8 [ 17.713542] __kasan_mempool_poison_object+0xfc/0x150 [ 17.713608] mempool_free+0x28c/0x328 [ 17.713663] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 17.713716] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 17.713914] kunit_try_run_case+0x170/0x3f0 [ 17.713976] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.714037] kthread+0x328/0x630 [ 17.714083] ret_from_fork+0x10/0x20 [ 17.714129] [ 17.714279] The buggy address belongs to the physical page: [ 17.714340] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107924 [ 17.714436] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.714519] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.714599] page_type: f8(unknown) [ 17.714655] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.714728] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.714825] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.714874] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.714935] head: 0bfffe0000000002 ffffc1ffc31e4901 00000000ffffffff 00000000ffffffff [ 17.714992] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.715032] page dumped because: kasan: bad access detected [ 17.715063] [ 17.715080] Memory state around the buggy address: [ 17.715111] fff00000c7923f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.715178] fff00000c7923f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.715220] >fff00000c7924000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.715266] ^ [ 17.715294] fff00000c7924080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.715335] fff00000c7924100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.715373] ==================================================================
[ 12.924570] ================================================================== [ 12.925263] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.926280] Free of addr ffff888102a3c001 by task kunit_try_catch/262 [ 12.927430] [ 12.927746] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 12.927912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.927927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.927951] Call Trace: [ 12.927963] <TASK> [ 12.927986] dump_stack_lvl+0x73/0xb0 [ 12.928017] print_report+0xd1/0x650 [ 12.928042] ? __virt_addr_valid+0x1db/0x2d0 [ 12.928066] ? kasan_addr_to_slab+0x11/0xa0 [ 12.928087] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.928114] kasan_report_invalid_free+0x10a/0x130 [ 12.928139] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.928168] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.928193] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.928218] mempool_free+0x2ec/0x380 [ 12.928255] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.928283] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.928309] ? dequeue_entities+0x852/0x1740 [ 12.928333] ? finish_task_switch.isra.0+0x153/0x700 [ 12.928361] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.928385] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.928412] ? dequeue_task_fair+0x166/0x4e0 [ 12.928434] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.928454] ? __pfx_mempool_kfree+0x10/0x10 [ 12.928477] ? __pfx_read_tsc+0x10/0x10 [ 12.928498] ? ktime_get_ts64+0x86/0x230 [ 12.928524] kunit_try_run_case+0x1a5/0x480 [ 12.928549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.928571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.928595] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.928619] ? __kthread_parkme+0x82/0x180 [ 12.928643] ? preempt_count_sub+0x50/0x80 [ 12.928667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.928690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.928714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.928737] kthread+0x337/0x6f0 [ 12.928753] ? trace_preempt_on+0x20/0xc0 [ 12.928777] ? __pfx_kthread+0x10/0x10 [ 12.928796] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.928817] ? calculate_sigpending+0x7b/0xa0 [ 12.928840] ? __pfx_kthread+0x10/0x10 [ 12.928858] ret_from_fork+0x41/0x80 [ 12.928879] ? __pfx_kthread+0x10/0x10 [ 12.928896] ret_from_fork_asm+0x1a/0x30 [ 12.928928] </TASK> [ 12.928939] [ 12.944403] The buggy address belongs to the physical page: [ 12.944898] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c [ 12.946069] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.946831] flags: 0x200000000000040(head|node=0|zone=2) [ 12.947357] page_type: f8(unknown) [ 12.947770] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.948140] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.948426] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.949287] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.950146] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff [ 12.950998] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.951741] page dumped because: kasan: bad access detected [ 12.951919] [ 12.951991] Memory state around the buggy address: [ 12.952152] ffff888102a3bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.952388] ffff888102a3bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.952881] >ffff888102a3c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.953130] ^ [ 12.953456] ffff888102a3c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.953873] ffff888102a3c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.954135] ================================================================== [ 12.894639] ================================================================== [ 12.895073] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.895417] Free of addr ffff888103151a01 by task kunit_try_catch/260 [ 12.895633] [ 12.895730] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 12.895779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.895791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.895814] Call Trace: [ 12.895827] <TASK> [ 12.895845] dump_stack_lvl+0x73/0xb0 [ 12.895873] print_report+0xd1/0x650 [ 12.895896] ? __virt_addr_valid+0x1db/0x2d0 [ 12.895920] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.895942] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.895969] kasan_report_invalid_free+0x10a/0x130 [ 12.895994] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.896022] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.896047] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.896071] check_slab_allocation+0x11f/0x130 [ 12.896094] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.896119] mempool_free+0x2ec/0x380 [ 12.896143] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.896171] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.896197] ? dequeue_entities+0x852/0x1740 [ 12.896221] ? irqentry_exit+0x2a/0x60 [ 12.896253] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.896294] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.896318] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.896346] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.896365] ? __pfx_mempool_kfree+0x10/0x10 [ 12.896386] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.896413] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.896440] kunit_try_run_case+0x1a5/0x480 [ 12.896465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.896487] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.896511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.896533] ? __kthread_parkme+0x82/0x180 [ 12.896557] ? preempt_count_sub+0x50/0x80 [ 12.896582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.896605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.896628] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.896652] kthread+0x337/0x6f0 [ 12.896668] ? trace_preempt_on+0x20/0xc0 [ 12.896692] ? __pfx_kthread+0x10/0x10 [ 12.896709] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.896731] ? calculate_sigpending+0x7b/0xa0 [ 12.896754] ? __pfx_kthread+0x10/0x10 [ 12.896772] ret_from_fork+0x41/0x80 [ 12.896795] ? __pfx_kthread+0x10/0x10 [ 12.896812] ret_from_fork_asm+0x1a/0x30 [ 12.896843] </TASK> [ 12.896853] [ 12.909188] Allocated by task 260: [ 12.909605] kasan_save_stack+0x45/0x70 [ 12.910085] kasan_save_track+0x18/0x40 [ 12.910370] kasan_save_alloc_info+0x3b/0x50 [ 12.910676] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.911087] remove_element+0x11e/0x190 [ 12.911515] mempool_alloc_preallocated+0x4d/0x90 [ 12.911896] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.912248] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.912581] kunit_try_run_case+0x1a5/0x480 [ 12.912805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.913050] kthread+0x337/0x6f0 [ 12.913208] ret_from_fork+0x41/0x80 [ 12.913789] ret_from_fork_asm+0x1a/0x30 [ 12.913987] [ 12.914065] The buggy address belongs to the object at ffff888103151a00 [ 12.914065] which belongs to the cache kmalloc-128 of size 128 [ 12.915067] The buggy address is located 1 bytes inside of [ 12.915067] 128-byte region [ffff888103151a00, ffff888103151a80) [ 12.915561] [ 12.915870] The buggy address belongs to the physical page: [ 12.916145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151 [ 12.916672] flags: 0x200000000000000(node=0|zone=2) [ 12.916960] page_type: f5(slab) [ 12.917130] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.917460] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.917974] page dumped because: kasan: bad access detected [ 12.918222] [ 12.918405] Memory state around the buggy address: [ 12.918644] ffff888103151900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.918980] ffff888103151980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.919352] >ffff888103151a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.919673] ^ [ 12.919840] ffff888103151a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.920143] ffff888103151b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.920577] ==================================================================