Date
May 13, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.245762] ================================================================== [ 21.245870] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.245963] Free of addr fff00000c6620701 by task kunit_try_catch/241 [ 21.246930] [ 21.247063] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 21.247232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.247640] Hardware name: linux,dummy-virt (DT) [ 21.247996] Call trace: [ 21.248050] show_stack+0x20/0x38 (C) [ 21.248439] dump_stack_lvl+0x8c/0xd0 [ 21.248522] print_report+0x118/0x608 [ 21.248874] kasan_report_invalid_free+0xc0/0xe8 [ 21.248945] check_slab_allocation+0xfc/0x108 [ 21.249023] __kasan_mempool_poison_object+0x78/0x150 [ 21.249085] mempool_free+0x28c/0x328 [ 21.249148] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.249212] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.249733] kunit_try_run_case+0x170/0x3f0 [ 21.250150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.250319] kthread+0x328/0x630 [ 21.250383] ret_from_fork+0x10/0x20 [ 21.250959] [ 21.251030] Allocated by task 241: [ 21.251081] kasan_save_stack+0x3c/0x68 [ 21.251148] kasan_save_track+0x20/0x40 [ 21.251191] kasan_save_alloc_info+0x40/0x58 [ 21.251235] __kasan_mempool_unpoison_object+0x11c/0x180 [ 21.251283] remove_element+0x130/0x1f8 [ 21.251376] mempool_alloc_preallocated+0x58/0xc0 [ 21.251431] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 21.251478] mempool_kmalloc_invalid_free+0xc0/0x118 [ 21.251749] kunit_try_run_case+0x170/0x3f0 [ 21.251802] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.251847] kthread+0x328/0x630 [ 21.252342] ret_from_fork+0x10/0x20 [ 21.252680] [ 21.252710] The buggy address belongs to the object at fff00000c6620700 [ 21.252710] which belongs to the cache kmalloc-128 of size 128 [ 21.253164] The buggy address is located 1 bytes inside of [ 21.253164] 128-byte region [fff00000c6620700, fff00000c6620780) [ 21.253534] [ 21.253620] The buggy address belongs to the physical page: [ 21.253992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 21.254092] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.254158] page_type: f5(slab) [ 21.254373] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.254556] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.254609] page dumped because: kasan: bad access detected [ 21.254647] [ 21.254668] Memory state around the buggy address: [ 21.254710] fff00000c6620600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.254763] fff00000c6620680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.255114] >fff00000c6620700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.255174] ^ [ 21.255380] fff00000c6620780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.255544] fff00000c6620800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.255594] ================================================================== [ 21.274514] ================================================================== [ 21.274628] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.274731] Free of addr fff00000c78b8001 by task kunit_try_catch/243 [ 21.275204] [ 21.275301] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT [ 21.275452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.275490] Hardware name: linux,dummy-virt (DT) [ 21.275529] Call trace: [ 21.275576] show_stack+0x20/0x38 (C) [ 21.275927] dump_stack_lvl+0x8c/0xd0 [ 21.276010] print_report+0x118/0x608 [ 21.276230] kasan_report_invalid_free+0xc0/0xe8 [ 21.276303] __kasan_mempool_poison_object+0xfc/0x150 [ 21.276378] mempool_free+0x28c/0x328 [ 21.276437] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 21.276496] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 21.276876] kunit_try_run_case+0x170/0x3f0 [ 21.277244] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.277590] kthread+0x328/0x630 [ 21.277724] ret_from_fork+0x10/0x20 [ 21.277857] [ 21.278045] The buggy address belongs to the physical page: [ 21.278143] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078b8 [ 21.278225] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.278390] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.278463] page_type: f8(unknown) [ 21.278770] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.278845] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.279053] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.279166] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.279467] head: 0bfffe0000000002 ffffc1ffc31e2e01 00000000ffffffff 00000000ffffffff [ 21.279537] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.279585] page dumped because: kasan: bad access detected [ 21.279903] [ 21.279932] Memory state around the buggy address: [ 21.279994] fff00000c78b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.280055] fff00000c78b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.280145] >fff00000c78b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.280202] ^ [ 21.280399] fff00000c78b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.280459] fff00000c78b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.280506] ==================================================================
[ 12.881718] ================================================================== [ 12.882206] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.882907] Free of addr ffff888102ab8001 by task kunit_try_catch/260 [ 12.883208] [ 12.883305] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.883356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.883369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.883390] Call Trace: [ 12.883402] <TASK> [ 12.883418] dump_stack_lvl+0x73/0xb0 [ 12.883449] print_report+0xd1/0x650 [ 12.883472] ? __virt_addr_valid+0x1db/0x2d0 [ 12.883499] ? kasan_addr_to_slab+0x11/0xa0 [ 12.883520] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883547] kasan_report_invalid_free+0x10a/0x130 [ 12.883573] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883602] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883640] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.883664] mempool_free+0x2ec/0x380 [ 12.883689] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883716] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.883746] ? finish_task_switch.isra.0+0x153/0x700 [ 12.883774] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.883799] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.883826] ? __kasan_check_write+0x18/0x20 [ 12.883847] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.883867] ? __pfx_mempool_kfree+0x10/0x10 [ 12.883890] ? __pfx_read_tsc+0x10/0x10 [ 12.883912] ? ktime_get_ts64+0x86/0x230 [ 12.883934] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.883960] kunit_try_run_case+0x1a5/0x480 [ 12.883987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.884010] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.884034] ? __kthread_parkme+0x82/0x180 [ 12.884057] ? preempt_count_sub+0x50/0x80 [ 12.884082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.884107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.884131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.884154] kthread+0x337/0x6f0 [ 12.884175] ? trace_preempt_on+0x20/0xc0 [ 12.884208] ? __pfx_kthread+0x10/0x10 [ 12.884229] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.884251] ? calculate_sigpending+0x7b/0xa0 [ 12.884277] ? __pfx_kthread+0x10/0x10 [ 12.884300] ret_from_fork+0x116/0x1d0 [ 12.884319] ? __pfx_kthread+0x10/0x10 [ 12.884340] ret_from_fork_asm+0x1a/0x30 [ 12.884374] </TASK> [ 12.884385] [ 12.892511] The buggy address belongs to the physical page: [ 12.892728] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8 [ 12.893076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.893306] flags: 0x200000000000040(head|node=0|zone=2) [ 12.893482] page_type: f8(unknown) [ 12.893673] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.894026] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.894565] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.894826] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.895057] head: 0200000000000002 ffffea00040aae01 00000000ffffffff 00000000ffffffff [ 12.895609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.895957] page dumped because: kasan: bad access detected [ 12.896241] [ 12.896337] Memory state around the buggy address: [ 12.896537] ffff888102ab7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.896816] ffff888102ab7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.897108] >ffff888102ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.897430] ^ [ 12.897577] ffff888102ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.897867] ffff888102ab8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.898150] ================================================================== [ 12.845001] ================================================================== [ 12.846242] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.846512] Free of addr ffff8881029ce701 by task kunit_try_catch/258 [ 12.847121] [ 12.847313] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.847364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.847376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.847397] Call Trace: [ 12.847409] <TASK> [ 12.847424] dump_stack_lvl+0x73/0xb0 [ 12.847452] print_report+0xd1/0x650 [ 12.847475] ? __virt_addr_valid+0x1db/0x2d0 [ 12.847500] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.847572] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847602] kasan_report_invalid_free+0x10a/0x130 [ 12.847639] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847667] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847691] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847715] check_slab_allocation+0x11f/0x130 [ 12.847738] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.847762] mempool_free+0x2ec/0x380 [ 12.847787] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847812] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.847841] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.847864] ? finish_task_switch.isra.0+0x153/0x700 [ 12.847889] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.847914] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.847938] ? __kasan_check_write+0x18/0x20 [ 12.847959] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.847978] ? __pfx_mempool_kfree+0x10/0x10 [ 12.848000] ? __pfx_read_tsc+0x10/0x10 [ 12.848021] ? ktime_get_ts64+0x86/0x230 [ 12.848042] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.848068] kunit_try_run_case+0x1a5/0x480 [ 12.848092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.848116] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.848139] ? __kthread_parkme+0x82/0x180 [ 12.848160] ? preempt_count_sub+0x50/0x80 [ 12.848185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.848208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.848231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.848254] kthread+0x337/0x6f0 [ 12.848273] ? trace_preempt_on+0x20/0xc0 [ 12.848297] ? __pfx_kthread+0x10/0x10 [ 12.848318] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.848340] ? calculate_sigpending+0x7b/0xa0 [ 12.848363] ? __pfx_kthread+0x10/0x10 [ 12.848387] ret_from_fork+0x116/0x1d0 [ 12.848405] ? __pfx_kthread+0x10/0x10 [ 12.848426] ret_from_fork_asm+0x1a/0x30 [ 12.848458] </TASK> [ 12.848469] [ 12.864212] Allocated by task 258: [ 12.864683] kasan_save_stack+0x45/0x70 [ 12.865006] kasan_save_track+0x18/0x40 [ 12.865146] kasan_save_alloc_info+0x3b/0x50 [ 12.865530] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.866061] remove_element+0x11e/0x190 [ 12.866374] mempool_alloc_preallocated+0x4d/0x90 [ 12.866832] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.867338] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.867837] kunit_try_run_case+0x1a5/0x480 [ 12.868090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.868349] kthread+0x337/0x6f0 [ 12.868691] ret_from_fork+0x116/0x1d0 [ 12.869195] ret_from_fork_asm+0x1a/0x30 [ 12.869628] [ 12.869711] The buggy address belongs to the object at ffff8881029ce700 [ 12.869711] which belongs to the cache kmalloc-128 of size 128 [ 12.870070] The buggy address is located 1 bytes inside of [ 12.870070] 128-byte region [ffff8881029ce700, ffff8881029ce780) [ 12.870514] [ 12.870588] The buggy address belongs to the physical page: [ 12.870856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 12.871190] flags: 0x200000000000000(node=0|zone=2) [ 12.871432] page_type: f5(slab) [ 12.871707] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.872021] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.872275] page dumped because: kasan: bad access detected [ 12.872487] [ 12.872719] Memory state around the buggy address: [ 12.872959] ffff8881029ce600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.873265] ffff8881029ce680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.873557] >ffff8881029ce700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.873840] ^ [ 12.874006] ffff8881029ce780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.874332] ffff8881029ce800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.874639] ==================================================================