Date
May 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.060808] ================================================================== [ 20.060982] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.061166] Free of addr fff00000c78c2e01 by task kunit_try_catch/241 [ 20.061298] [ 20.061394] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 20.061678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.061766] Hardware name: linux,dummy-virt (DT) [ 20.061876] Call trace: [ 20.061937] show_stack+0x20/0x38 (C) [ 20.062071] dump_stack_lvl+0x8c/0xd0 [ 20.062215] print_report+0x118/0x608 [ 20.062356] kasan_report_invalid_free+0xc0/0xe8 [ 20.062458] check_slab_allocation+0xfc/0x108 [ 20.062659] __kasan_mempool_poison_object+0x78/0x150 [ 20.062850] mempool_free+0x28c/0x328 [ 20.062966] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.063089] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.063203] kunit_try_run_case+0x170/0x3f0 [ 20.063356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.063489] kthread+0x328/0x630 [ 20.063577] ret_from_fork+0x10/0x20 [ 20.063677] [ 20.063716] Allocated by task 241: [ 20.063769] kasan_save_stack+0x3c/0x68 [ 20.064073] kasan_save_track+0x20/0x40 [ 20.064204] kasan_save_alloc_info+0x40/0x58 [ 20.064375] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.064495] remove_element+0x130/0x1f8 [ 20.064595] mempool_alloc_preallocated+0x58/0xc0 [ 20.064888] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 20.065000] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.065381] kunit_try_run_case+0x170/0x3f0 [ 20.065552] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.065654] kthread+0x328/0x630 [ 20.065735] ret_from_fork+0x10/0x20 [ 20.066066] [ 20.066264] The buggy address belongs to the object at fff00000c78c2e00 [ 20.066264] which belongs to the cache kmalloc-128 of size 128 [ 20.066426] The buggy address is located 1 bytes inside of [ 20.066426] 128-byte region [fff00000c78c2e00, fff00000c78c2e80) [ 20.066573] [ 20.066849] The buggy address belongs to the physical page: [ 20.066928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c2 [ 20.067496] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.067630] page_type: f5(slab) [ 20.068055] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.068181] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.068280] page dumped because: kasan: bad access detected [ 20.068892] [ 20.068946] Memory state around the buggy address: [ 20.069111] fff00000c78c2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.069294] fff00000c78c2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.069443] >fff00000c78c2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.069533] ^ [ 20.069602] fff00000c78c2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.069710] fff00000c78c2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.070281] ================================================================== [ 20.096617] ================================================================== [ 20.096781] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.097404] Free of addr fff00000c79cc001 by task kunit_try_catch/243 [ 20.097527] [ 20.097609] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT [ 20.098184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.098273] Hardware name: linux,dummy-virt (DT) [ 20.098358] Call trace: [ 20.098435] show_stack+0x20/0x38 (C) [ 20.098570] dump_stack_lvl+0x8c/0xd0 [ 20.098890] print_report+0x118/0x608 [ 20.098987] kasan_report_invalid_free+0xc0/0xe8 [ 20.099111] __kasan_mempool_poison_object+0xfc/0x150 [ 20.099270] mempool_free+0x28c/0x328 [ 20.099368] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.099588] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.099745] kunit_try_run_case+0x170/0x3f0 [ 20.099860] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.100174] kthread+0x328/0x630 [ 20.100496] ret_from_fork+0x10/0x20 [ 20.100668] [ 20.100730] The buggy address belongs to the physical page: [ 20.100893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079cc [ 20.101061] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.101569] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.102064] page_type: f8(unknown) [ 20.102189] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.102328] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.102746] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.102917] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.103024] head: 0bfffe0000000002 ffffc1ffc31e7301 00000000ffffffff 00000000ffffffff [ 20.103120] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.103208] page dumped because: kasan: bad access detected [ 20.103271] [ 20.103340] Memory state around the buggy address: [ 20.103418] fff00000c79cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.103695] fff00000c79cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.103836] >fff00000c79cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.103924] ^ [ 20.104030] fff00000c79cc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.104127] fff00000c79cc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.104375] ==================================================================
[ 12.765442] ================================================================== [ 12.766141] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.766489] Free of addr ffff888103a6c001 by task kunit_try_catch/261 [ 12.766865] [ 12.766957] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 12.767157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.767171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.767192] Call Trace: [ 12.767204] <TASK> [ 12.767218] dump_stack_lvl+0x73/0xb0 [ 12.767246] print_report+0xd1/0x650 [ 12.767269] ? __virt_addr_valid+0x1db/0x2d0 [ 12.767293] ? kasan_addr_to_slab+0x11/0xa0 [ 12.767314] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.767340] kasan_report_invalid_free+0x10a/0x130 [ 12.767365] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.767535] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.767561] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.767586] mempool_free+0x2ec/0x380 [ 12.767609] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.767634] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.767662] ? __kasan_check_write+0x18/0x20 [ 12.767682] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.767728] ? finish_task_switch.isra.0+0x153/0x700 [ 12.767753] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.767778] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.767805] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.767823] ? __pfx_mempool_kfree+0x10/0x10 [ 12.767845] ? __pfx_read_tsc+0x10/0x10 [ 12.767866] ? ktime_get_ts64+0x86/0x230 [ 12.767889] kunit_try_run_case+0x1a5/0x480 [ 12.767909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.767929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.767953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.767977] ? __kthread_parkme+0x82/0x180 [ 12.768012] ? preempt_count_sub+0x50/0x80 [ 12.768035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.768056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.768080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.768103] kthread+0x337/0x6f0 [ 12.768123] ? trace_preempt_on+0x20/0xc0 [ 12.768146] ? __pfx_kthread+0x10/0x10 [ 12.768167] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.768188] ? calculate_sigpending+0x7b/0xa0 [ 12.768213] ? __pfx_kthread+0x10/0x10 [ 12.768234] ret_from_fork+0x116/0x1d0 [ 12.768253] ? __pfx_kthread+0x10/0x10 [ 12.768273] ret_from_fork_asm+0x1a/0x30 [ 12.768303] </TASK> [ 12.768313] [ 12.780225] The buggy address belongs to the physical page: [ 12.781145] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a6c [ 12.781592] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.782118] flags: 0x200000000000040(head|node=0|zone=2) [ 12.782544] page_type: f8(unknown) [ 12.782765] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.783224] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.783720] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.784366] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.784856] head: 0200000000000002 ffffea00040e9b01 00000000ffffffff 00000000ffffffff [ 12.785276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.785577] page dumped because: kasan: bad access detected [ 12.785976] [ 12.786174] Memory state around the buggy address: [ 12.786360] ffff888103a6bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.786924] ffff888103a6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.787293] >ffff888103a6c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.787644] ^ [ 12.787952] ffff888103a6c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.788564] ffff888103a6c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.789081] ================================================================== [ 12.731861] ================================================================== [ 12.732614] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.733223] Free of addr ffff888102826801 by task kunit_try_catch/259 [ 12.733717] [ 12.733887] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) [ 12.733935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.733969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.733992] Call Trace: [ 12.734132] <TASK> [ 12.734151] dump_stack_lvl+0x73/0xb0 [ 12.734180] print_report+0xd1/0x650 [ 12.734202] ? __virt_addr_valid+0x1db/0x2d0 [ 12.734225] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.734247] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.734273] kasan_report_invalid_free+0x10a/0x130 [ 12.734298] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.734325] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.734349] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.734374] check_slab_allocation+0x11f/0x130 [ 12.734409] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.734433] mempool_free+0x2ec/0x380 [ 12.734456] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.734481] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.734508] ? __kasan_check_write+0x18/0x20 [ 12.734529] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.734550] ? finish_task_switch.isra.0+0x153/0x700 [ 12.734576] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.734600] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.734626] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.734645] ? __pfx_mempool_kfree+0x10/0x10 [ 12.734666] ? __pfx_read_tsc+0x10/0x10 [ 12.734685] ? ktime_get_ts64+0x86/0x230 [ 12.734708] kunit_try_run_case+0x1a5/0x480 [ 12.734730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.734749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.734773] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.734796] ? __kthread_parkme+0x82/0x180 [ 12.734816] ? preempt_count_sub+0x50/0x80 [ 12.734838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.734858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.734883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.734907] kthread+0x337/0x6f0 [ 12.734925] ? trace_preempt_on+0x20/0xc0 [ 12.734947] ? __pfx_kthread+0x10/0x10 [ 12.734966] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.734989] ? calculate_sigpending+0x7b/0xa0 [ 12.735025] ? __pfx_kthread+0x10/0x10 [ 12.735047] ret_from_fork+0x116/0x1d0 [ 12.735064] ? __pfx_kthread+0x10/0x10 [ 12.735084] ret_from_fork_asm+0x1a/0x30 [ 12.735114] </TASK> [ 12.735124] [ 12.748870] Allocated by task 259: [ 12.749292] kasan_save_stack+0x45/0x70 [ 12.749599] kasan_save_track+0x18/0x40 [ 12.749923] kasan_save_alloc_info+0x3b/0x50 [ 12.750301] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.750544] remove_element+0x11e/0x190 [ 12.751003] mempool_alloc_preallocated+0x4d/0x90 [ 12.751290] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.751647] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.751989] kunit_try_run_case+0x1a5/0x480 [ 12.752274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.752621] kthread+0x337/0x6f0 [ 12.752838] ret_from_fork+0x116/0x1d0 [ 12.753281] ret_from_fork_asm+0x1a/0x30 [ 12.753584] [ 12.753667] The buggy address belongs to the object at ffff888102826800 [ 12.753667] which belongs to the cache kmalloc-128 of size 128 [ 12.754667] The buggy address is located 1 bytes inside of [ 12.754667] 128-byte region [ffff888102826800, ffff888102826880) [ 12.755358] [ 12.755608] The buggy address belongs to the physical page: [ 12.755834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102826 [ 12.756509] flags: 0x200000000000000(node=0|zone=2) [ 12.756739] page_type: f5(slab) [ 12.757009] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.757647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.758197] page dumped because: kasan: bad access detected [ 12.758672] [ 12.758810] Memory state around the buggy address: [ 12.759231] ffff888102826700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.759581] ffff888102826780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.759987] >ffff888102826800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.760432] ^ [ 12.760616] ffff888102826880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.761237] ffff888102826900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.761675] ==================================================================