Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.020022] ================================================================== [ 20.020213] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.020278] Free of addr fff00000c1729501 by task kunit_try_catch/241 [ 20.020377] [ 20.020411] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.020495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.020520] Hardware name: linux,dummy-virt (DT) [ 20.020647] Call trace: [ 20.020689] show_stack+0x20/0x38 (C) [ 20.020812] dump_stack_lvl+0x8c/0xd0 [ 20.020898] print_report+0x118/0x608 [ 20.021008] kasan_report_invalid_free+0xc0/0xe8 [ 20.021087] check_slab_allocation+0xfc/0x108 [ 20.021140] __kasan_mempool_poison_object+0x78/0x150 [ 20.021229] mempool_free+0x28c/0x328 [ 20.021294] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.021346] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.021421] kunit_try_run_case+0x170/0x3f0 [ 20.021530] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.021625] kthread+0x328/0x630 [ 20.021776] ret_from_fork+0x10/0x20 [ 20.021915] [ 20.022034] Allocated by task 241: [ 20.022129] kasan_save_stack+0x3c/0x68 [ 20.022182] kasan_save_track+0x20/0x40 [ 20.022248] kasan_save_alloc_info+0x40/0x58 [ 20.022287] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.022330] remove_element+0x130/0x1f8 [ 20.022363] mempool_alloc_preallocated+0x58/0xc0 [ 20.022625] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 20.022718] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.022816] kunit_try_run_case+0x170/0x3f0 [ 20.022943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.023008] kthread+0x328/0x630 [ 20.023104] ret_from_fork+0x10/0x20 [ 20.023231] [ 20.023336] The buggy address belongs to the object at fff00000c1729500 [ 20.023336] which belongs to the cache kmalloc-128 of size 128 [ 20.023414] The buggy address is located 1 bytes inside of [ 20.023414] 128-byte region [fff00000c1729500, fff00000c1729580) [ 20.023619] [ 20.023775] The buggy address belongs to the physical page: [ 20.023824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729 [ 20.023908] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.024014] page_type: f5(slab) [ 20.024092] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.024142] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.024210] page dumped because: kasan: bad access detected [ 20.024243] [ 20.024261] Memory state around the buggy address: [ 20.024290] fff00000c1729400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.024344] fff00000c1729480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.024386] >fff00000c1729500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.024423] ^ [ 20.024450] fff00000c1729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.024497] fff00000c1729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.024536] ================================================================== [ 20.031077] ================================================================== [ 20.031172] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.031261] Free of addr fff00000c786c001 by task kunit_try_catch/243 [ 20.031358] [ 20.031396] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 20.031482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.031742] Hardware name: linux,dummy-virt (DT) [ 20.031779] Call trace: [ 20.031809] show_stack+0x20/0x38 (C) [ 20.031901] dump_stack_lvl+0x8c/0xd0 [ 20.031978] print_report+0x118/0x608 [ 20.032044] kasan_report_invalid_free+0xc0/0xe8 [ 20.032124] __kasan_mempool_poison_object+0xfc/0x150 [ 20.032187] mempool_free+0x28c/0x328 [ 20.032233] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.032285] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.032377] kunit_try_run_case+0x170/0x3f0 [ 20.032423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.032475] kthread+0x328/0x630 [ 20.032551] ret_from_fork+0x10/0x20 [ 20.032796] [ 20.032834] The buggy address belongs to the physical page: [ 20.032893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c [ 20.032966] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.033433] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.033513] page_type: f8(unknown) [ 20.033558] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.033633] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.033683] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.034043] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.034145] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff [ 20.034279] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.034424] page dumped because: kasan: bad access detected [ 20.034497] [ 20.034539] Memory state around the buggy address: [ 20.034605] fff00000c786bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.034646] fff00000c786bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.034844] >fff00000c786c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.034887] ^ [ 20.034914] fff00000c786c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.034954] fff00000c786c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.035146] ==================================================================
[ 16.017860] ================================================================== [ 16.018378] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.019161] Free of addr ffff888103c60001 by task kunit_try_catch/261 [ 16.019512] [ 16.019697] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 16.019810] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.019837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.019887] Call Trace: [ 16.019913] <TASK> [ 16.019948] dump_stack_lvl+0x73/0xb0 [ 16.020004] print_report+0xd1/0x650 [ 16.020044] ? __virt_addr_valid+0x1db/0x2d0 [ 16.020433] ? kasan_addr_to_slab+0x11/0xa0 [ 16.020470] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.020606] kasan_report_invalid_free+0x10a/0x130 [ 16.020636] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.020665] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.020689] __kasan_mempool_poison_object+0x102/0x1d0 [ 16.020714] mempool_free+0x2ec/0x380 [ 16.020738] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.020763] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 16.020791] ? __pfx_sched_clock_cpu+0x10/0x10 [ 16.020813] ? finish_task_switch.isra.0+0x153/0x700 [ 16.020839] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 16.020863] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 16.020890] ? __pfx_mempool_kmalloc+0x10/0x10 [ 16.020908] ? __pfx_mempool_kfree+0x10/0x10 [ 16.020929] ? __pfx_read_tsc+0x10/0x10 [ 16.020950] ? ktime_get_ts64+0x86/0x230 [ 16.020971] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.020997] kunit_try_run_case+0x1a5/0x480 [ 16.021022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.021045] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.021068] ? __kthread_parkme+0x82/0x180 [ 16.021089] ? preempt_count_sub+0x50/0x80 [ 16.021110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.021133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.021154] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.021176] kthread+0x337/0x6f0 [ 16.021195] ? trace_preempt_on+0x20/0xc0 [ 16.021217] ? __pfx_kthread+0x10/0x10 [ 16.021258] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.021280] ? calculate_sigpending+0x7b/0xa0 [ 16.021304] ? __pfx_kthread+0x10/0x10 [ 16.021326] ret_from_fork+0x116/0x1d0 [ 16.021344] ? __pfx_kthread+0x10/0x10 [ 16.021364] ret_from_fork_asm+0x1a/0x30 [ 16.021396] </TASK> [ 16.021409] [ 16.034603] The buggy address belongs to the physical page: [ 16.035138] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c60 [ 16.035751] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.036097] flags: 0x200000000000040(head|node=0|zone=2) [ 16.036416] page_type: f8(unknown) [ 16.036704] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.036967] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.037506] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.037911] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.038318] head: 0200000000000002 ffffea00040f1801 00000000ffffffff 00000000ffffffff [ 16.038692] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.039040] page dumped because: kasan: bad access detected [ 16.039640] [ 16.039817] Memory state around the buggy address: [ 16.040147] ffff888103c5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.040388] ffff888103c5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.041010] >ffff888103c60000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.041274] ^ [ 16.041664] ffff888103c60080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.042101] ffff888103c60100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.042677] ================================================================== [ 15.983067] ================================================================== [ 15.983563] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.984494] Free of addr ffff88810231aa01 by task kunit_try_catch/259 [ 15.984727] [ 15.984875] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 15.985175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.985205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.985262] Call Trace: [ 15.985292] <TASK> [ 15.985328] dump_stack_lvl+0x73/0xb0 [ 15.985394] print_report+0xd1/0x650 [ 15.985445] ? __virt_addr_valid+0x1db/0x2d0 [ 15.985495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.985537] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.985577] kasan_report_invalid_free+0x10a/0x130 [ 15.985617] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.985660] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.985697] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.985730] check_slab_allocation+0x11f/0x130 [ 15.985752] __kasan_mempool_poison_object+0x91/0x1d0 [ 15.985776] mempool_free+0x2ec/0x380 [ 15.985801] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.985825] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.985851] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.985874] ? finish_task_switch.isra.0+0x153/0x700 [ 15.985899] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.985922] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 15.985947] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.985966] ? __pfx_mempool_kfree+0x10/0x10 [ 15.985987] ? __pfx_read_tsc+0x10/0x10 [ 15.986007] ? ktime_get_ts64+0x86/0x230 [ 15.986031] kunit_try_run_case+0x1a5/0x480 [ 15.986055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.986076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.986099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.986121] ? __kthread_parkme+0x82/0x180 [ 15.986141] ? preempt_count_sub+0x50/0x80 [ 15.986164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.986186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.986208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.986252] kthread+0x337/0x6f0 [ 15.986273] ? trace_preempt_on+0x20/0xc0 [ 15.986297] ? __pfx_kthread+0x10/0x10 [ 15.986318] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.986349] ? calculate_sigpending+0x7b/0xa0 [ 15.986376] ? __pfx_kthread+0x10/0x10 [ 15.986397] ret_from_fork+0x116/0x1d0 [ 15.986416] ? __pfx_kthread+0x10/0x10 [ 15.986436] ret_from_fork_asm+0x1a/0x30 [ 15.986483] </TASK> [ 15.986503] [ 15.998698] Allocated by task 259: [ 15.998900] kasan_save_stack+0x45/0x70 [ 15.999214] kasan_save_track+0x18/0x40 [ 15.999522] kasan_save_alloc_info+0x3b/0x50 [ 15.999799] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 16.000011] remove_element+0x11e/0x190 [ 16.000187] mempool_alloc_preallocated+0x4d/0x90 [ 16.000395] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 16.000606] mempool_kmalloc_invalid_free+0xed/0x140 [ 16.001204] kunit_try_run_case+0x1a5/0x480 [ 16.001655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.002273] kthread+0x337/0x6f0 [ 16.002769] ret_from_fork+0x116/0x1d0 [ 16.003128] ret_from_fork_asm+0x1a/0x30 [ 16.003452] [ 16.003620] The buggy address belongs to the object at ffff88810231aa00 [ 16.003620] which belongs to the cache kmalloc-128 of size 128 [ 16.004308] The buggy address is located 1 bytes inside of [ 16.004308] 128-byte region [ffff88810231aa00, ffff88810231aa80) [ 16.004653] [ 16.004759] The buggy address belongs to the physical page: [ 16.004955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10231a [ 16.005228] flags: 0x200000000000000(node=0|zone=2) [ 16.005570] page_type: f5(slab) [ 16.006017] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.006961] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.007636] page dumped because: kasan: bad access detected [ 16.008090] [ 16.008322] Memory state around the buggy address: [ 16.008904] ffff88810231a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.009461] ffff88810231a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.009960] >ffff88810231aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.010207] ^ [ 16.010487] ffff88810231aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.010931] ffff88810231ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.011173] ==================================================================