Date
July 8, 2025, 4:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.906264] ================================================================== [ 19.906351] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.906409] Free of addr fff00000c6e6c501 by task kunit_try_catch/243 [ 19.906451] [ 19.906481] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 19.906561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.906589] Hardware name: linux,dummy-virt (DT) [ 19.906620] Call trace: [ 19.906641] show_stack+0x20/0x38 (C) [ 19.906689] dump_stack_lvl+0x8c/0xd0 [ 19.906738] print_report+0x118/0x608 [ 19.906785] kasan_report_invalid_free+0xc0/0xe8 [ 19.906831] check_slab_allocation+0xfc/0x108 [ 19.906886] __kasan_mempool_poison_object+0x78/0x150 [ 19.906935] mempool_free+0x28c/0x328 [ 19.906981] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.907052] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.907103] kunit_try_run_case+0x170/0x3f0 [ 19.907152] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.907204] kthread+0x328/0x630 [ 19.907250] ret_from_fork+0x10/0x20 [ 19.907296] [ 19.907314] Allocated by task 243: [ 19.907859] kasan_save_stack+0x3c/0x68 [ 19.907920] kasan_save_track+0x20/0x40 [ 19.907958] kasan_save_alloc_info+0x40/0x58 [ 19.908151] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.908205] remove_element+0x130/0x1f8 [ 19.908245] mempool_alloc_preallocated+0x58/0xc0 [ 19.908300] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.908434] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.908478] kunit_try_run_case+0x170/0x3f0 [ 19.908518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.908585] kthread+0x328/0x630 [ 19.908635] ret_from_fork+0x10/0x20 [ 19.908671] [ 19.908692] The buggy address belongs to the object at fff00000c6e6c500 [ 19.908692] which belongs to the cache kmalloc-128 of size 128 [ 19.908751] The buggy address is located 1 bytes inside of [ 19.908751] 128-byte region [fff00000c6e6c500, fff00000c6e6c580) [ 19.908853] [ 19.908874] The buggy address belongs to the physical page: [ 19.908908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c [ 19.908962] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.909010] page_type: f5(slab) [ 19.909051] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.909218] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.909343] page dumped because: kasan: bad access detected [ 19.909424] [ 19.909533] Memory state around the buggy address: [ 19.909600] fff00000c6e6c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.909763] fff00000c6e6c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.909836] >fff00000c6e6c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.909881] ^ [ 19.909908] fff00000c6e6c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.910010] fff00000c6e6c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.910087] ================================================================== [ 19.915818] ================================================================== [ 19.915923] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.915991] Free of addr fff00000c78e4001 by task kunit_try_catch/245 [ 19.916034] [ 19.916195] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 19.916346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.916421] Hardware name: linux,dummy-virt (DT) [ 19.916508] Call trace: [ 19.916568] show_stack+0x20/0x38 (C) [ 19.916684] dump_stack_lvl+0x8c/0xd0 [ 19.916774] print_report+0x118/0x608 [ 19.916838] kasan_report_invalid_free+0xc0/0xe8 [ 19.916964] __kasan_mempool_poison_object+0xfc/0x150 [ 19.917052] mempool_free+0x28c/0x328 [ 19.917197] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.917273] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.917383] kunit_try_run_case+0x170/0x3f0 [ 19.917482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.917540] kthread+0x328/0x630 [ 19.917592] ret_from_fork+0x10/0x20 [ 19.917641] [ 19.917665] The buggy address belongs to the physical page: [ 19.917738] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e4 [ 19.917795] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.918006] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.918119] page_type: f8(unknown) [ 19.918187] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.918287] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.918401] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.918468] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.918724] head: 0bfffe0000000002 ffffc1ffc31e3901 00000000ffffffff 00000000ffffffff [ 19.918790] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.918907] page dumped because: kasan: bad access detected [ 19.918986] [ 19.919045] Memory state around the buggy address: [ 19.919125] fff00000c78e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.919198] fff00000c78e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.919272] >fff00000c78e4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.919310] ^ [ 19.919372] fff00000c78e4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.919668] fff00000c78e4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.919754] ==================================================================
[ 13.034071] ================================================================== [ 13.034552] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.034920] Free of addr ffff888103606601 by task kunit_try_catch/261 [ 13.035260] [ 13.035382] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 13.035428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.035441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.035463] Call Trace: [ 13.035475] <TASK> [ 13.035491] dump_stack_lvl+0x73/0xb0 [ 13.035529] print_report+0xd1/0x650 [ 13.035554] ? __virt_addr_valid+0x1db/0x2d0 [ 13.035586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.035611] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.035638] kasan_report_invalid_free+0x10a/0x130 [ 13.035665] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.035694] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.035719] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.035745] check_slab_allocation+0x11f/0x130 [ 13.035769] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.035795] mempool_free+0x2ec/0x380 [ 13.035820] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.035847] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.035885] ? update_load_avg+0x1be/0x21b0 [ 13.035905] ? update_load_avg+0x1be/0x21b0 [ 13.035925] ? update_curr+0x80/0x810 [ 13.035946] ? finish_task_switch.isra.0+0x153/0x700 [ 13.035990] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.036015] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.036040] ? dequeue_task_fair+0x156/0x4e0 [ 13.036063] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.036084] ? __pfx_mempool_kfree+0x10/0x10 [ 13.036107] ? __pfx_read_tsc+0x10/0x10 [ 13.036128] ? ktime_get_ts64+0x86/0x230 [ 13.036154] kunit_try_run_case+0x1a5/0x480 [ 13.036176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.036196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.036222] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.036247] ? __kthread_parkme+0x82/0x180 [ 13.036270] ? preempt_count_sub+0x50/0x80 [ 13.036295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.036316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.036341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.036365] kthread+0x337/0x6f0 [ 13.036384] ? trace_preempt_on+0x20/0xc0 [ 13.036409] ? __pfx_kthread+0x10/0x10 [ 13.036427] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.036451] ? calculate_sigpending+0x7b/0xa0 [ 13.036473] ? __pfx_kthread+0x10/0x10 [ 13.036493] ret_from_fork+0x41/0x80 [ 13.036555] ? __pfx_kthread+0x10/0x10 [ 13.036578] ret_from_fork_asm+0x1a/0x30 [ 13.036609] </TASK> [ 13.036620] [ 13.046766] Allocated by task 261: [ 13.046921] kasan_save_stack+0x45/0x70 [ 13.047196] kasan_save_track+0x18/0x40 [ 13.047405] kasan_save_alloc_info+0x3b/0x50 [ 13.047699] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.047990] remove_element+0x11e/0x190 [ 13.048138] mempool_alloc_preallocated+0x4d/0x90 [ 13.048299] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.048611] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.048857] kunit_try_run_case+0x1a5/0x480 [ 13.049158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.049427] kthread+0x337/0x6f0 [ 13.049663] ret_from_fork+0x41/0x80 [ 13.049836] ret_from_fork_asm+0x1a/0x30 [ 13.050185] [ 13.050285] The buggy address belongs to the object at ffff888103606600 [ 13.050285] which belongs to the cache kmalloc-128 of size 128 [ 13.050733] The buggy address is located 1 bytes inside of [ 13.050733] 128-byte region [ffff888103606600, ffff888103606680) [ 13.051129] [ 13.051348] The buggy address belongs to the physical page: [ 13.051621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103606 [ 13.052017] flags: 0x200000000000000(node=0|zone=2) [ 13.052198] page_type: f5(slab) [ 13.052334] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.052744] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.053120] page dumped because: kasan: bad access detected [ 13.053333] [ 13.053432] Memory state around the buggy address: [ 13.053667] ffff888103606500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.054083] ffff888103606580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.054382] >ffff888103606600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.054697] ^ [ 13.055035] ffff888103606680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.055323] ffff888103606700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.055607] ================================================================== [ 13.058824] ================================================================== [ 13.059360] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.059753] Free of addr ffff888103cec001 by task kunit_try_catch/263 [ 13.060195] [ 13.060315] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 13.060360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.060372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.060394] Call Trace: [ 13.060405] <TASK> [ 13.060419] dump_stack_lvl+0x73/0xb0 [ 13.060446] print_report+0xd1/0x650 [ 13.060470] ? __virt_addr_valid+0x1db/0x2d0 [ 13.060495] ? kasan_addr_to_slab+0x11/0xa0 [ 13.060517] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.060559] kasan_report_invalid_free+0x10a/0x130 [ 13.060584] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.060615] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.060640] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.060667] mempool_free+0x2ec/0x380 [ 13.060692] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.060719] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.060745] ? update_load_avg+0x1be/0x21b0 [ 13.060770] ? finish_task_switch.isra.0+0x153/0x700 [ 13.060798] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.060825] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.060851] ? dequeue_task_fair+0x166/0x4e0 [ 13.060887] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.060924] ? __pfx_mempool_kfree+0x10/0x10 [ 13.060947] ? __pfx_read_tsc+0x10/0x10 [ 13.060968] ? ktime_get_ts64+0x86/0x230 [ 13.060995] kunit_try_run_case+0x1a5/0x480 [ 13.061018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.061038] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.061064] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.061089] ? __kthread_parkme+0x82/0x180 [ 13.061111] ? preempt_count_sub+0x50/0x80 [ 13.061137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.061159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.061185] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.061210] kthread+0x337/0x6f0 [ 13.061227] ? trace_preempt_on+0x20/0xc0 [ 13.061252] ? __pfx_kthread+0x10/0x10 [ 13.061271] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.061295] ? calculate_sigpending+0x7b/0xa0 [ 13.061317] ? __pfx_kthread+0x10/0x10 [ 13.061337] ret_from_fork+0x41/0x80 [ 13.061358] ? __pfx_kthread+0x10/0x10 [ 13.061378] ret_from_fork_asm+0x1a/0x30 [ 13.061410] </TASK> [ 13.061421] [ 13.070596] The buggy address belongs to the physical page: [ 13.070870] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cec [ 13.071241] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.071472] flags: 0x200000000000040(head|node=0|zone=2) [ 13.071669] page_type: f8(unknown) [ 13.072086] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.072443] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.073102] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.073400] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.073635] head: 0200000000000002 ffffea00040f3b01 00000000ffffffff 00000000ffffffff [ 13.073996] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.074346] page dumped because: kasan: bad access detected [ 13.074645] [ 13.074723] Memory state around the buggy address: [ 13.074975] ffff888103cebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.075313] ffff888103cebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.075625] >ffff888103cec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.076140] ^ [ 13.076320] ffff888103cec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.076639] ffff888103cec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.076982] ==================================================================