Date
May 29, 2025, 7:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 24.440377] ================================================================== [ 24.440579] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.440778] Free of addr fff00000c7988001 by task kunit_try_catch/243 [ 24.440889] [ 24.440983] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 24.441201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.441271] Hardware name: linux,dummy-virt (DT) [ 24.441352] Call trace: [ 24.441432] show_stack+0x20/0x38 (C) [ 24.441553] dump_stack_lvl+0x8c/0xd0 [ 24.441990] print_report+0x118/0x608 [ 24.442110] kasan_report_invalid_free+0xc0/0xe8 [ 24.442294] __kasan_mempool_poison_object+0xfc/0x150 [ 24.442525] mempool_free+0x28c/0x328 [ 24.442649] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.442790] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 24.442996] kunit_try_run_case+0x170/0x3f0 [ 24.443166] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.443351] kthread+0x328/0x630 [ 24.443480] ret_from_fork+0x10/0x20 [ 24.443612] [ 24.443869] The buggy address belongs to the physical page: [ 24.443951] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107988 [ 24.444084] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.444179] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.444297] page_type: f8(unknown) [ 24.444676] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.444810] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.444920] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.445035] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.445196] head: 0bfffe0000000002 ffffc1ffc31e6201 00000000ffffffff 00000000ffffffff [ 24.445353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.445513] page dumped because: kasan: bad access detected [ 24.445687] [ 24.445760] Memory state around the buggy address: [ 24.445868] fff00000c7987f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.445976] fff00000c7987f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.446082] >fff00000c7988000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.446421] ^ [ 24.446539] fff00000c7988080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.446691] fff00000c7988100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.446864] ================================================================== [ 24.411546] ================================================================== [ 24.411734] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.411958] Free of addr fff00000c66adb01 by task kunit_try_catch/241 [ 24.412052] [ 24.412136] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 24.412309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.412371] Hardware name: linux,dummy-virt (DT) [ 24.412471] Call trace: [ 24.412529] show_stack+0x20/0x38 (C) [ 24.412669] dump_stack_lvl+0x8c/0xd0 [ 24.412847] print_report+0x118/0x608 [ 24.412968] kasan_report_invalid_free+0xc0/0xe8 [ 24.413095] check_slab_allocation+0xfc/0x108 [ 24.413219] __kasan_mempool_poison_object+0x78/0x150 [ 24.413345] mempool_free+0x28c/0x328 [ 24.413460] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 24.413580] mempool_kmalloc_invalid_free+0xc0/0x118 [ 24.414415] kunit_try_run_case+0x170/0x3f0 [ 24.414594] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.414710] kthread+0x328/0x630 [ 24.414805] ret_from_fork+0x10/0x20 [ 24.414979] [ 24.415017] Allocated by task 241: [ 24.415082] kasan_save_stack+0x3c/0x68 [ 24.415237] kasan_save_track+0x20/0x40 [ 24.415351] kasan_save_alloc_info+0x40/0x58 [ 24.415447] __kasan_mempool_unpoison_object+0x11c/0x180 [ 24.415578] remove_element+0x130/0x1f8 [ 24.415677] mempool_alloc_preallocated+0x58/0xc0 [ 24.415838] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 24.415942] mempool_kmalloc_invalid_free+0xc0/0x118 [ 24.416084] kunit_try_run_case+0x170/0x3f0 [ 24.416167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.416270] kthread+0x328/0x630 [ 24.416361] ret_from_fork+0x10/0x20 [ 24.416504] [ 24.416579] The buggy address belongs to the object at fff00000c66adb00 [ 24.416579] which belongs to the cache kmalloc-128 of size 128 [ 24.416784] The buggy address is located 1 bytes inside of [ 24.416784] 128-byte region [fff00000c66adb00, fff00000c66adb80) [ 24.416948] [ 24.416996] The buggy address belongs to the physical page: [ 24.417074] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066ad [ 24.417257] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.417397] page_type: f5(slab) [ 24.417498] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.417616] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.417769] page dumped because: kasan: bad access detected [ 24.417861] [ 24.417904] Memory state around the buggy address: [ 24.418018] fff00000c66ada00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.418154] fff00000c66ada80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.418319] >fff00000c66adb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.418457] ^ [ 24.418560] fff00000c66adb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.418736] fff00000c66adc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.418849] ==================================================================
[ 12.608664] ================================================================== [ 12.609446] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.610139] Free of addr ffff888102a8c001 by task kunit_try_catch/260 [ 12.610427] [ 12.610627] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 12.610678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.610691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.610713] Call Trace: [ 12.610727] <TASK> [ 12.610742] dump_stack_lvl+0x73/0xb0 [ 12.610770] print_report+0xd1/0x650 [ 12.610792] ? __virt_addr_valid+0x1db/0x2d0 [ 12.610815] ? kasan_addr_to_slab+0x11/0xa0 [ 12.610835] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.610862] kasan_report_invalid_free+0x10a/0x130 [ 12.610887] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.610970] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.610995] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.611102] mempool_free+0x2ec/0x380 [ 12.611128] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.611153] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.611179] ? update_load_avg+0x1be/0x21b0 [ 12.611202] ? update_load_avg+0x1be/0x21b0 [ 12.611225] ? update_curr+0x80/0x810 [ 12.611250] ? finish_task_switch.isra.0+0x153/0x700 [ 12.611276] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.611303] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.611330] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.611350] ? __pfx_mempool_kfree+0x10/0x10 [ 12.611371] ? __pfx_read_tsc+0x10/0x10 [ 12.611392] ? ktime_get_ts64+0x86/0x230 [ 12.611416] kunit_try_run_case+0x1a5/0x480 [ 12.611437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.611457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.611482] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.611507] ? __kthread_parkme+0x82/0x180 [ 12.611528] ? preempt_count_sub+0x50/0x80 [ 12.611551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.611571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.611595] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.611631] kthread+0x337/0x6f0 [ 12.611650] ? trace_preempt_on+0x20/0xc0 [ 12.611673] ? __pfx_kthread+0x10/0x10 [ 12.611694] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.611717] ? calculate_sigpending+0x7b/0xa0 [ 12.611741] ? __pfx_kthread+0x10/0x10 [ 12.611762] ret_from_fork+0x116/0x1d0 [ 12.611780] ? __pfx_kthread+0x10/0x10 [ 12.611801] ret_from_fork_asm+0x1a/0x30 [ 12.611831] </TASK> [ 12.611841] [ 12.625021] The buggy address belongs to the physical page: [ 12.625297] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a8c [ 12.625737] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.626245] flags: 0x200000000000040(head|node=0|zone=2) [ 12.626625] page_type: f8(unknown) [ 12.626825] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.627232] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.627589] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.628182] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.628575] head: 0200000000000002 ffffea00040aa301 00000000ffffffff 00000000ffffffff [ 12.628978] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.629473] page dumped because: kasan: bad access detected [ 12.629698] [ 12.629920] Memory state around the buggy address: [ 12.630220] ffff888102a8bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.630566] ffff888102a8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.631114] >ffff888102a8c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.631451] ^ [ 12.631626] ffff888102a8c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.632168] ffff888102a8c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.632510] ================================================================== [ 12.576995] ================================================================== [ 12.577914] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.578184] Free of addr ffff8881028b1801 by task kunit_try_catch/258 [ 12.578392] [ 12.578480] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 12.578525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.578541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.578562] Call Trace: [ 12.578573] <TASK> [ 12.578588] dump_stack_lvl+0x73/0xb0 [ 12.578623] print_report+0xd1/0x650 [ 12.578934] ? __virt_addr_valid+0x1db/0x2d0 [ 12.578965] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.578990] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.579017] kasan_report_invalid_free+0x10a/0x130 [ 12.579043] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.579232] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.579262] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.579289] check_slab_allocation+0x11f/0x130 [ 12.579313] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.579338] mempool_free+0x2ec/0x380 [ 12.579361] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.579386] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.579415] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.579437] ? finish_task_switch.isra.0+0x153/0x700 [ 12.579463] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.579487] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.579514] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.579532] ? __pfx_mempool_kfree+0x10/0x10 [ 12.579555] ? __pfx_read_tsc+0x10/0x10 [ 12.579575] ? ktime_get_ts64+0x86/0x230 [ 12.579598] kunit_try_run_case+0x1a5/0x480 [ 12.579632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.579652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.579675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.579700] ? __kthread_parkme+0x82/0x180 [ 12.579721] ? preempt_count_sub+0x50/0x80 [ 12.579744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.579778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.579804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.579831] kthread+0x337/0x6f0 [ 12.579851] ? trace_preempt_on+0x20/0xc0 [ 12.579874] ? __pfx_kthread+0x10/0x10 [ 12.579895] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.579918] ? calculate_sigpending+0x7b/0xa0 [ 12.579943] ? __pfx_kthread+0x10/0x10 [ 12.579965] ret_from_fork+0x116/0x1d0 [ 12.579983] ? __pfx_kthread+0x10/0x10 [ 12.580003] ret_from_fork_asm+0x1a/0x30 [ 12.580034] </TASK> [ 12.580046] [ 12.593719] Allocated by task 258: [ 12.594090] kasan_save_stack+0x45/0x70 [ 12.594250] kasan_save_track+0x18/0x40 [ 12.594455] kasan_save_alloc_info+0x3b/0x50 [ 12.594688] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.595053] remove_element+0x11e/0x190 [ 12.595792] mempool_alloc_preallocated+0x4d/0x90 [ 12.595965] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.596156] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.596331] kunit_try_run_case+0x1a5/0x480 [ 12.596482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.596678] kthread+0x337/0x6f0 [ 12.596807] ret_from_fork+0x116/0x1d0 [ 12.597034] ret_from_fork_asm+0x1a/0x30 [ 12.597229] [ 12.597465] The buggy address belongs to the object at ffff8881028b1800 [ 12.597465] which belongs to the cache kmalloc-128 of size 128 [ 12.598315] The buggy address is located 1 bytes inside of [ 12.598315] 128-byte region [ffff8881028b1800, ffff8881028b1880) [ 12.599055] [ 12.599234] The buggy address belongs to the physical page: [ 12.599700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028b1 [ 12.600230] flags: 0x200000000000000(node=0|zone=2) [ 12.600407] page_type: f5(slab) [ 12.600533] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.600872] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.601182] page dumped because: kasan: bad access detected [ 12.601406] [ 12.601494] Memory state around the buggy address: [ 12.601715] ffff8881028b1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.602430] ffff8881028b1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.602717] >ffff8881028b1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.603261] ^ [ 12.603595] ffff8881028b1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.603994] ffff8881028b1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.604455] ==================================================================