Date
May 12, 2025, 11:48 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.933357] ================================================================== [ 18.933434] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.933578] Free of addr fff00000c79f0001 by task kunit_try_catch/243 [ 18.933631] [ 18.933663] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 18.933746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.933774] Hardware name: linux,dummy-virt (DT) [ 18.933949] Call trace: [ 18.934127] show_stack+0x20/0x38 (C) [ 18.934193] dump_stack_lvl+0x8c/0xd0 [ 18.934241] print_report+0x118/0x608 [ 18.934316] kasan_report_invalid_free+0xc0/0xe8 [ 18.934552] __kasan_mempool_poison_object+0xfc/0x150 [ 18.934695] mempool_free+0x28c/0x328 [ 18.934892] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.935063] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 18.935306] kunit_try_run_case+0x170/0x3f0 [ 18.935357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.935409] kthread+0x328/0x630 [ 18.935452] ret_from_fork+0x10/0x20 [ 18.935499] [ 18.936100] The buggy address belongs to the physical page: [ 18.936140] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 18.936197] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.936250] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.936307] page_type: f8(unknown) [ 18.936348] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.936397] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.936784] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.936842] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.936925] head: 0bfffe0000000002 ffffc1ffc31e7c01 00000000ffffffff 00000000ffffffff [ 18.937231] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.937336] page dumped because: kasan: bad access detected [ 18.937435] [ 18.937495] Memory state around the buggy address: [ 18.937614] fff00000c79eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.937658] fff00000c79eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.937700] >fff00000c79f0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.937735] ^ [ 18.937763] fff00000c79f0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.937804] fff00000c79f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.937861] ================================================================== [ 18.922806] ================================================================== [ 18.923029] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.923104] Free of addr fff00000c78d3701 by task kunit_try_catch/241 [ 18.923147] [ 18.923260] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 18.923378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.923416] Hardware name: linux,dummy-virt (DT) [ 18.923566] Call trace: [ 18.923724] show_stack+0x20/0x38 (C) [ 18.923901] dump_stack_lvl+0x8c/0xd0 [ 18.924062] print_report+0x118/0x608 [ 18.924247] kasan_report_invalid_free+0xc0/0xe8 [ 18.924300] check_slab_allocation+0xfc/0x108 [ 18.924345] __kasan_mempool_poison_object+0x78/0x150 [ 18.924394] mempool_free+0x28c/0x328 [ 18.924443] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 18.924492] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.925148] kunit_try_run_case+0x170/0x3f0 [ 18.925210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.925262] kthread+0x328/0x630 [ 18.925319] ret_from_fork+0x10/0x20 [ 18.925367] [ 18.925385] Allocated by task 241: [ 18.925416] kasan_save_stack+0x3c/0x68 [ 18.925456] kasan_save_track+0x20/0x40 [ 18.925536] kasan_save_alloc_info+0x40/0x58 [ 18.925612] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.925696] remove_element+0x130/0x1f8 [ 18.925850] mempool_alloc_preallocated+0x58/0xc0 [ 18.925891] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 18.926244] mempool_kmalloc_invalid_free+0xc0/0x118 [ 18.926289] kunit_try_run_case+0x170/0x3f0 [ 18.926325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.926365] kthread+0x328/0x630 [ 18.926399] ret_from_fork+0x10/0x20 [ 18.926607] [ 18.926668] The buggy address belongs to the object at fff00000c78d3700 [ 18.926668] which belongs to the cache kmalloc-128 of size 128 [ 18.926732] The buggy address is located 1 bytes inside of [ 18.926732] 128-byte region [fff00000c78d3700, fff00000c78d3780) [ 18.926865] [ 18.926888] The buggy address belongs to the physical page: [ 18.926939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 18.927021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.927079] page_type: f5(slab) [ 18.927140] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.927459] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.927694] page dumped because: kasan: bad access detected [ 18.927752] [ 18.927781] Memory state around the buggy address: [ 18.927823] fff00000c78d3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.928050] fff00000c78d3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.928109] >fff00000c78d3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.928156] ^ [ 18.928199] fff00000c78d3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.928258] fff00000c78d3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.928296] ==================================================================
[ 18.673656] ================================================================== [ 18.674616] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.675072] Free of addr ffff888102306c01 by task kunit_try_catch/258 [ 18.675926] [ 18.676124] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 18.676234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.676273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.676319] Call Trace: [ 18.676349] <TASK> [ 18.676384] dump_stack_lvl+0x73/0xb0 [ 18.676453] print_report+0xd1/0x650 [ 18.676500] ? __virt_addr_valid+0x1db/0x2d0 [ 18.676550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.676593] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.676639] kasan_report_invalid_free+0x10a/0x130 [ 18.676674] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.676740] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.676767] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.676796] check_slab_allocation+0x11f/0x130 [ 18.676821] __kasan_mempool_poison_object+0x91/0x1d0 [ 18.676848] mempool_free+0x2ec/0x380 [ 18.676875] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.676903] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 18.676933] ? __pfx_sched_clock_cpu+0x10/0x10 [ 18.676957] ? irqentry_exit+0x2a/0x60 [ 18.676981] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 18.677008] mempool_kmalloc_invalid_free+0xed/0x140 [ 18.677034] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 18.677062] ? __pfx_mempool_kmalloc+0x10/0x10 [ 18.677083] ? __pfx_mempool_kfree+0x10/0x10 [ 18.677106] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 18.677134] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 18.677162] kunit_try_run_case+0x1a5/0x480 [ 18.677191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.677216] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.677241] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.677288] ? __kthread_parkme+0x82/0x180 [ 18.677314] ? preempt_count_sub+0x50/0x80 [ 18.677340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.677367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.677392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.677417] kthread+0x337/0x6f0 [ 18.677438] ? trace_preempt_on+0x20/0xc0 [ 18.677465] ? __pfx_kthread+0x10/0x10 [ 18.677486] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.677510] ? calculate_sigpending+0x7b/0xa0 [ 18.677537] ? __pfx_kthread+0x10/0x10 [ 18.677560] ret_from_fork+0x116/0x1d0 [ 18.677581] ? __pfx_kthread+0x10/0x10 [ 18.677604] ret_from_fork_asm+0x1a/0x30 [ 18.677636] </TASK> [ 18.677650] [ 18.689481] Allocated by task 258: [ 18.689724] kasan_save_stack+0x45/0x70 [ 18.690091] kasan_save_track+0x18/0x40 [ 18.690416] kasan_save_alloc_info+0x3b/0x50 [ 18.690738] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 18.691195] remove_element+0x11e/0x190 [ 18.691473] mempool_alloc_preallocated+0x4d/0x90 [ 18.691867] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 18.692199] mempool_kmalloc_invalid_free+0xed/0x140 [ 18.692556] kunit_try_run_case+0x1a5/0x480 [ 18.693006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.693271] kthread+0x337/0x6f0 [ 18.693565] ret_from_fork+0x116/0x1d0 [ 18.693807] ret_from_fork_asm+0x1a/0x30 [ 18.694122] [ 18.694246] The buggy address belongs to the object at ffff888102306c00 [ 18.694246] which belongs to the cache kmalloc-128 of size 128 [ 18.695130] The buggy address is located 1 bytes inside of [ 18.695130] 128-byte region [ffff888102306c00, ffff888102306c80) [ 18.695954] [ 18.696081] The buggy address belongs to the physical page: [ 18.696499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102306 [ 18.697045] flags: 0x200000000000000(node=0|zone=2) [ 18.697468] page_type: f5(slab) [ 18.697690] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.698049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.698390] page dumped because: kasan: bad access detected [ 18.698810] [ 18.699003] Memory state around the buggy address: [ 18.699399] ffff888102306b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.699946] ffff888102306b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.700278] >ffff888102306c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.700668] ^ [ 18.700835] ffff888102306c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.701104] ffff888102306d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.701482] ================================================================== [ 18.712784] ================================================================== [ 18.713679] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.714367] Free of addr ffff888103cd0001 by task kunit_try_catch/260 [ 18.715387] [ 18.715745] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 18.715880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.715901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.715927] Call Trace: [ 18.715945] <TASK> [ 18.715968] dump_stack_lvl+0x73/0xb0 [ 18.716012] print_report+0xd1/0x650 [ 18.716045] ? __virt_addr_valid+0x1db/0x2d0 [ 18.716142] ? kasan_addr_to_slab+0x11/0xa0 [ 18.716179] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.716211] kasan_report_invalid_free+0x10a/0x130 [ 18.716238] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.716289] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.716319] __kasan_mempool_poison_object+0x102/0x1d0 [ 18.716346] mempool_free+0x2ec/0x380 [ 18.716374] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 18.716403] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 18.716433] ? __pfx_sched_clock_cpu+0x10/0x10 [ 18.716458] ? finish_task_switch.isra.0+0x153/0x700 [ 18.716486] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 18.716513] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 18.716543] ? __pfx_mempool_kmalloc+0x10/0x10 [ 18.716564] ? __pfx_mempool_kfree+0x10/0x10 [ 18.716588] ? __pfx_read_tsc+0x10/0x10 [ 18.716612] ? ktime_get_ts64+0x86/0x230 [ 18.716639] kunit_try_run_case+0x1a5/0x480 [ 18.716677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.716710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.716736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.716760] ? __kthread_parkme+0x82/0x180 [ 18.716783] ? preempt_count_sub+0x50/0x80 [ 18.716806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.716831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.716856] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.716881] kthread+0x337/0x6f0 [ 18.716904] ? __pfx_kthread+0x10/0x10 [ 18.716927] ? recalc_sigpending+0x168/0x1f0 [ 18.716954] ? calculate_sigpending+0x7b/0xa0 [ 18.716980] ? __pfx_kthread+0x10/0x10 [ 18.717004] ret_from_fork+0x116/0x1d0 [ 18.717024] ? __pfx_kthread+0x10/0x10 [ 18.717057] ret_from_fork_asm+0x1a/0x30 [ 18.717110] </TASK> [ 18.717130] [ 18.731821] The buggy address belongs to the physical page: [ 18.732457] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cd0 [ 18.732996] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.733686] flags: 0x200000000000040(head|node=0|zone=2) [ 18.734559] page_type: f8(unknown) [ 18.734944] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.735711] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.736314] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.736954] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.737500] head: 0200000000000002 ffffea00040f3401 00000000ffffffff 00000000ffffffff [ 18.737900] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.738293] page dumped because: kasan: bad access detected [ 18.738709] [ 18.738890] Memory state around the buggy address: [ 18.739172] ffff888103ccff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.739786] ffff888103ccff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.740620] >ffff888103cd0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.741308] ^ [ 18.741618] ffff888103cd0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.741969] ffff888103cd0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.742634] ==================================================================