Date
July 22, 2025, 2:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.305601] ================================================================== [ 19.305789] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.305850] Free of addr fff00000c6fc5201 by task kunit_try_catch/243 [ 19.305918] [ 19.305972] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 19.306054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.306079] Hardware name: linux,dummy-virt (DT) [ 19.306128] Call trace: [ 19.306156] show_stack+0x20/0x38 (C) [ 19.306206] dump_stack_lvl+0x8c/0xd0 [ 19.306316] print_report+0x118/0x5d0 [ 19.306371] kasan_report_invalid_free+0xc0/0xe8 [ 19.306425] check_slab_allocation+0xfc/0x108 [ 19.306473] __kasan_mempool_poison_object+0x78/0x150 [ 19.307004] mempool_free+0x28c/0x328 [ 19.307133] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.307198] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.307259] kunit_try_run_case+0x170/0x3f0 [ 19.307328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.307380] kthread+0x328/0x630 [ 19.307438] ret_from_fork+0x10/0x20 [ 19.307487] [ 19.307505] Allocated by task 243: [ 19.307559] kasan_save_stack+0x3c/0x68 [ 19.307602] kasan_save_track+0x20/0x40 [ 19.307850] kasan_save_alloc_info+0x40/0x58 [ 19.308016] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.308091] remove_element+0x130/0x1f8 [ 19.308468] mempool_alloc_preallocated+0x58/0xc0 [ 19.308680] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.308755] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.308880] kunit_try_run_case+0x170/0x3f0 [ 19.309614] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.309700] kthread+0x328/0x630 [ 19.309818] ret_from_fork+0x10/0x20 [ 19.309869] [ 19.309913] The buggy address belongs to the object at fff00000c6fc5200 [ 19.309913] which belongs to the cache kmalloc-128 of size 128 [ 19.310458] The buggy address is located 1 bytes inside of [ 19.310458] 128-byte region [fff00000c6fc5200, fff00000c6fc5280) [ 19.310618] [ 19.310690] The buggy address belongs to the physical page: [ 19.310760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc5 [ 19.310836] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.310889] page_type: f5(slab) [ 19.310950] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.311028] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.311241] page dumped because: kasan: bad access detected [ 19.311915] [ 19.312051] Memory state around the buggy address: [ 19.312182] fff00000c6fc5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.312480] fff00000c6fc5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.312551] >fff00000c6fc5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.312612] ^ [ 19.312669] fff00000c6fc5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.312725] fff00000c6fc5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.312781] ================================================================== [ 19.328318] ================================================================== [ 19.328402] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.328519] Free of addr fff00000c78e4001 by task kunit_try_catch/245 [ 19.328565] [ 19.328605] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 19.328882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.329020] Hardware name: linux,dummy-virt (DT) [ 19.329074] Call trace: [ 19.329140] show_stack+0x20/0x38 (C) [ 19.329216] dump_stack_lvl+0x8c/0xd0 [ 19.329277] print_report+0x118/0x5d0 [ 19.329335] kasan_report_invalid_free+0xc0/0xe8 [ 19.329435] __kasan_mempool_poison_object+0xfc/0x150 [ 19.329489] mempool_free+0x28c/0x328 [ 19.329537] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.329591] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.329650] kunit_try_run_case+0x170/0x3f0 [ 19.329701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.329751] kthread+0x328/0x630 [ 19.329805] ret_from_fork+0x10/0x20 [ 19.329864] [ 19.329891] The buggy address belongs to the physical page: [ 19.329929] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e4 [ 19.329985] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.330031] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.330091] page_type: f8(unknown) [ 19.330132] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.330195] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.330244] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.330486] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.330726] head: 0bfffe0000000002 ffffc1ffc31e3901 00000000ffffffff 00000000ffffffff [ 19.330916] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.330966] page dumped because: kasan: bad access detected [ 19.331308] [ 19.331348] Memory state around the buggy address: [ 19.331451] fff00000c78e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.331531] fff00000c78e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.331613] >fff00000c78e4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.331711] ^ [ 19.331771] fff00000c78e4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.331885] fff00000c78e4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.331941] ==================================================================
[ 12.875341] ================================================================== [ 12.876088] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.876448] Free of addr ffff888103cfc901 by task kunit_try_catch/261 [ 12.877029] [ 12.877462] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 12.877515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.877527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.877550] Call Trace: [ 12.877563] <TASK> [ 12.877581] dump_stack_lvl+0x73/0xb0 [ 12.877612] print_report+0xd1/0x610 [ 12.877635] ? __virt_addr_valid+0x1db/0x2d0 [ 12.877660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.877682] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.877708] kasan_report_invalid_free+0x10a/0x130 [ 12.877732] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.877760] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.877784] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.877821] check_slab_allocation+0x11f/0x130 [ 12.877844] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.877871] mempool_free+0x2ec/0x380 [ 12.877898] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.877923] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.877948] ? dequeue_entities+0x852/0x1740 [ 12.877973] ? finish_task_switch.isra.0+0x153/0x700 [ 12.878001] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.878024] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.878047] ? dequeue_task_fair+0x166/0x4e0 [ 12.878069] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.878087] ? __pfx_mempool_kfree+0x10/0x10 [ 12.878108] ? __pfx_read_tsc+0x10/0x10 [ 12.878129] ? ktime_get_ts64+0x86/0x230 [ 12.878154] kunit_try_run_case+0x1a5/0x480 [ 12.878177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.878194] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.878216] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.878250] ? __kthread_parkme+0x82/0x180 [ 12.878273] ? preempt_count_sub+0x50/0x80 [ 12.878297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.878316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.878338] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.878362] kthread+0x337/0x6f0 [ 12.878379] ? trace_preempt_on+0x20/0xc0 [ 12.878403] ? __pfx_kthread+0x10/0x10 [ 12.878421] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.878443] ? calculate_sigpending+0x7b/0xa0 [ 12.878479] ? __pfx_kthread+0x10/0x10 [ 12.878496] ret_from_fork+0x41/0x80 [ 12.878516] ? __pfx_kthread+0x10/0x10 [ 12.878533] ret_from_fork_asm+0x1a/0x30 [ 12.878565] </TASK> [ 12.878575] [ 12.892241] Allocated by task 261: [ 12.892615] kasan_save_stack+0x45/0x70 [ 12.893053] kasan_save_track+0x18/0x40 [ 12.893266] kasan_save_alloc_info+0x3b/0x50 [ 12.893485] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.893924] remove_element+0x11e/0x190 [ 12.894211] mempool_alloc_preallocated+0x4d/0x90 [ 12.894485] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.894937] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.895166] kunit_try_run_case+0x1a5/0x480 [ 12.895520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.896007] kthread+0x337/0x6f0 [ 12.896318] ret_from_fork+0x41/0x80 [ 12.896462] ret_from_fork_asm+0x1a/0x30 [ 12.896669] [ 12.896766] The buggy address belongs to the object at ffff888103cfc900 [ 12.896766] which belongs to the cache kmalloc-128 of size 128 [ 12.897261] The buggy address is located 1 bytes inside of [ 12.897261] 128-byte region [ffff888103cfc900, ffff888103cfc980) [ 12.897733] [ 12.897811] The buggy address belongs to the physical page: [ 12.898170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cfc [ 12.899119] flags: 0x200000000000000(node=0|zone=2) [ 12.899374] page_type: f5(slab) [ 12.899547] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.900217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.900746] page dumped because: kasan: bad access detected [ 12.901192] [ 12.901286] Memory state around the buggy address: [ 12.901554] ffff888103cfc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.902133] ffff888103cfc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.902563] >ffff888103cfc900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.903091] ^ [ 12.903390] ffff888103cfc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.903664] ffff888103cfca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.904237] ================================================================== [ 12.908287] ================================================================== [ 12.908791] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.909062] Free of addr ffff888103ca0001 by task kunit_try_catch/263 [ 12.909303] [ 12.909419] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 12.909468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.909480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.909515] Call Trace: [ 12.909528] <TASK> [ 12.909544] dump_stack_lvl+0x73/0xb0 [ 12.909571] print_report+0xd1/0x610 [ 12.909594] ? __virt_addr_valid+0x1db/0x2d0 [ 12.909617] ? kasan_addr_to_slab+0x11/0xa0 [ 12.909637] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.909678] kasan_report_invalid_free+0x10a/0x130 [ 12.909702] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.909730] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.909754] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.909778] mempool_free+0x2ec/0x380 [ 12.909802] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.909826] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.909852] ? dequeue_entities+0x852/0x1740 [ 12.909877] ? finish_task_switch.isra.0+0x153/0x700 [ 12.909903] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.909928] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.909952] ? dequeue_task_fair+0x166/0x4e0 [ 12.909974] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.909993] ? __pfx_mempool_kfree+0x10/0x10 [ 12.910014] ? __pfx_read_tsc+0x10/0x10 [ 12.910035] ? ktime_get_ts64+0x86/0x230 [ 12.910060] kunit_try_run_case+0x1a5/0x480 [ 12.910082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.910101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.910123] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.910147] ? __kthread_parkme+0x82/0x180 [ 12.910168] ? preempt_count_sub+0x50/0x80 [ 12.910192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.910212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.910246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.910269] kthread+0x337/0x6f0 [ 12.910285] ? trace_preempt_on+0x20/0xc0 [ 12.910308] ? __pfx_kthread+0x10/0x10 [ 12.910325] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.910347] ? calculate_sigpending+0x7b/0xa0 [ 12.910380] ? __pfx_kthread+0x10/0x10 [ 12.910398] ret_from_fork+0x41/0x80 [ 12.910418] ? __pfx_kthread+0x10/0x10 [ 12.910447] ret_from_fork_asm+0x1a/0x30 [ 12.910479] </TASK> [ 12.910490] [ 12.921606] The buggy address belongs to the physical page: [ 12.921797] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ca0 [ 12.922259] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.922826] flags: 0x200000000000040(head|node=0|zone=2) [ 12.923088] page_type: f8(unknown) [ 12.923282] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.923626] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.924178] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.924627] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.925062] head: 0200000000000002 ffffea00040f2801 00000000ffffffff 00000000ffffffff [ 12.925391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.925788] page dumped because: kasan: bad access detected [ 12.926011] [ 12.926079] Memory state around the buggy address: [ 12.926293] ffff888103c9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.926648] ffff888103c9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.926941] >ffff888103ca0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.927596] ^ [ 12.927888] ffff888103ca0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.928166] ffff888103ca0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.928488] ==================================================================