Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.493648] ================================================================== [ 20.493724] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.493784] Free of addr fff00000c58a9101 by task kunit_try_catch/241 [ 20.493825] [ 20.493857] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 20.493944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.493970] Hardware name: linux,dummy-virt (DT) [ 20.494002] Call trace: [ 20.494025] show_stack+0x20/0x38 (C) [ 20.494074] dump_stack_lvl+0x8c/0xd0 [ 20.494124] print_report+0x118/0x608 [ 20.494172] kasan_report_invalid_free+0xc0/0xe8 [ 20.494222] check_slab_allocation+0xfc/0x108 [ 20.494271] __kasan_mempool_poison_object+0x78/0x150 [ 20.494322] mempool_free+0x28c/0x328 [ 20.494367] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.494419] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.494591] kunit_try_run_case+0x170/0x3f0 [ 20.494739] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.495032] kthread+0x328/0x630 [ 20.495260] ret_from_fork+0x10/0x20 [ 20.495443] [ 20.495464] Allocated by task 241: [ 20.495493] kasan_save_stack+0x3c/0x68 [ 20.495534] kasan_save_track+0x20/0x40 [ 20.495570] kasan_save_alloc_info+0x40/0x58 [ 20.495609] __kasan_mempool_unpoison_object+0x11c/0x180 [ 20.495653] remove_element+0x130/0x1f8 [ 20.495689] mempool_alloc_preallocated+0x58/0xc0 [ 20.495726] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 20.495768] mempool_kmalloc_invalid_free+0xc0/0x118 [ 20.495806] kunit_try_run_case+0x170/0x3f0 [ 20.495843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.495904] kthread+0x328/0x630 [ 20.495958] ret_from_fork+0x10/0x20 [ 20.496055] [ 20.496198] The buggy address belongs to the object at fff00000c58a9100 [ 20.496198] which belongs to the cache kmalloc-128 of size 128 [ 20.496290] The buggy address is located 1 bytes inside of [ 20.496290] 128-byte region [fff00000c58a9100, fff00000c58a9180) [ 20.496349] [ 20.496369] The buggy address belongs to the physical page: [ 20.496400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 20.496464] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.496515] page_type: f5(slab) [ 20.496556] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.496606] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.496645] page dumped because: kasan: bad access detected [ 20.496702] [ 20.496719] Memory state around the buggy address: [ 20.496752] fff00000c58a9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.496794] fff00000c58a9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.496842] >fff00000c58a9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.496879] ^ [ 20.496930] fff00000c58a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.496979] fff00000c58a9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.497019] ================================================================== [ 20.511314] ================================================================== [ 20.511395] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.511483] Free of addr fff00000c79b0001 by task kunit_try_catch/243 [ 20.511528] [ 20.511566] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 20.511654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.511682] Hardware name: linux,dummy-virt (DT) [ 20.514128] Call trace: [ 20.514175] show_stack+0x20/0x38 (C) [ 20.514378] dump_stack_lvl+0x8c/0xd0 [ 20.514451] print_report+0x118/0x608 [ 20.514501] kasan_report_invalid_free+0xc0/0xe8 [ 20.514552] __kasan_mempool_poison_object+0xfc/0x150 [ 20.514603] mempool_free+0x28c/0x328 [ 20.514650] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 20.516682] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 20.517463] kunit_try_run_case+0x170/0x3f0 [ 20.517637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.518204] kthread+0x328/0x630 [ 20.518822] ret_from_fork+0x10/0x20 [ 20.519027] [ 20.519052] The buggy address belongs to the physical page: [ 20.519664] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079b0 [ 20.520293] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.520374] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.520449] page_type: f8(unknown) [ 20.520495] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.520547] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.521913] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.522766] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.522842] head: 0bfffe0000000002 ffffc1ffc31e6c01 00000000ffffffff 00000000ffffffff [ 20.522892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.523530] page dumped because: kasan: bad access detected [ 20.524131] [ 20.524406] Memory state around the buggy address: [ 20.524697] fff00000c79aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.524776] fff00000c79aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.525372] >fff00000c79b0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.525996] ^ [ 20.526273] fff00000c79b0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.526667] fff00000c79b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.526713] ==================================================================
[ 16.646633] ================================================================== [ 16.647184] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.647479] Free of addr ffff888103964001 by task kunit_try_catch/260 [ 16.648219] [ 16.648505] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 16.648568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.648583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.648607] Call Trace: [ 16.648628] <TASK> [ 16.648654] dump_stack_lvl+0x73/0xb0 [ 16.648690] print_report+0xd1/0x650 [ 16.648717] ? __virt_addr_valid+0x1db/0x2d0 [ 16.648744] ? kasan_addr_to_slab+0x11/0xa0 [ 16.648767] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.648794] kasan_report_invalid_free+0x10a/0x130 [ 16.648821] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.648851] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.648879] __kasan_mempool_poison_object+0x102/0x1d0 [ 16.648905] mempool_free+0x2ec/0x380 [ 16.648931] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.648959] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 16.649019] ? __pfx_sched_clock_cpu+0x10/0x10 [ 16.649046] ? finish_task_switch.isra.0+0x153/0x700 [ 16.649090] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 16.649120] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 16.649151] ? __pfx_mempool_kmalloc+0x10/0x10 [ 16.649204] ? __pfx_mempool_kfree+0x10/0x10 [ 16.649488] ? __pfx_read_tsc+0x10/0x10 [ 16.649531] ? ktime_get_ts64+0x86/0x230 [ 16.649561] kunit_try_run_case+0x1a5/0x480 [ 16.649593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.649616] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.649646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.649674] ? __kthread_parkme+0x82/0x180 [ 16.649716] ? preempt_count_sub+0x50/0x80 [ 16.649746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.649773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.649805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.649833] kthread+0x337/0x6f0 [ 16.649856] ? trace_preempt_on+0x20/0xc0 [ 16.649884] ? __pfx_kthread+0x10/0x10 [ 16.649908] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.649935] ? calculate_sigpending+0x7b/0xa0 [ 16.649964] ? __pfx_kthread+0x10/0x10 [ 16.649989] ret_from_fork+0x116/0x1d0 [ 16.650154] ? __pfx_kthread+0x10/0x10 [ 16.650185] ret_from_fork_asm+0x1a/0x30 [ 16.650225] </TASK> [ 16.650240] [ 16.660319] The buggy address belongs to the physical page: [ 16.660621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103964 [ 16.661354] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.661897] flags: 0x200000000000040(head|node=0|zone=2) [ 16.662257] page_type: f8(unknown) [ 16.662583] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.663131] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.663469] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.663778] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.664255] head: 0200000000000002 ffffea00040e5901 00000000ffffffff 00000000ffffffff [ 16.664589] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.664954] page dumped because: kasan: bad access detected [ 16.665180] [ 16.665285] Memory state around the buggy address: [ 16.665509] ffff888103963f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.666001] ffff888103963f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.666227] >ffff888103964000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.666378] ^ [ 16.666611] ffff888103964080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.667166] ffff888103964100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.667492] ================================================================== [ 16.604415] ================================================================== [ 16.605410] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.606062] Free of addr ffff888103341801 by task kunit_try_catch/258 [ 16.606882] [ 16.607386] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 16.607481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.607500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.607525] Call Trace: [ 16.607547] <TASK> [ 16.607573] dump_stack_lvl+0x73/0xb0 [ 16.607782] print_report+0xd1/0x650 [ 16.607823] ? __virt_addr_valid+0x1db/0x2d0 [ 16.607858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.607883] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.607912] kasan_report_invalid_free+0x10a/0x130 [ 16.607941] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.607970] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.607997] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.608024] check_slab_allocation+0x11f/0x130 [ 16.608048] __kasan_mempool_poison_object+0x91/0x1d0 [ 16.608075] mempool_free+0x2ec/0x380 [ 16.608105] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.608134] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 16.608162] ? update_load_avg+0x1be/0x21b0 [ 16.608202] ? dequeue_entities+0x27e/0x1740 [ 16.608233] ? finish_task_switch.isra.0+0x153/0x700 [ 16.608267] mempool_kmalloc_invalid_free+0xed/0x140 [ 16.608296] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 16.608326] ? __pfx_mempool_kmalloc+0x10/0x10 [ 16.608347] ? __pfx_mempool_kfree+0x10/0x10 [ 16.608371] ? __pfx_read_tsc+0x10/0x10 [ 16.608396] ? ktime_get_ts64+0x86/0x230 [ 16.608423] kunit_try_run_case+0x1a5/0x480 [ 16.608450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.608491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.608523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.608552] ? __kthread_parkme+0x82/0x180 [ 16.608578] ? preempt_count_sub+0x50/0x80 [ 16.608604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.608628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.608762] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.608790] kthread+0x337/0x6f0 [ 16.608813] ? trace_preempt_on+0x20/0xc0 [ 16.608841] ? __pfx_kthread+0x10/0x10 [ 16.608863] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.608888] ? calculate_sigpending+0x7b/0xa0 [ 16.608916] ? __pfx_kthread+0x10/0x10 [ 16.608940] ret_from_fork+0x116/0x1d0 [ 16.608960] ? __pfx_kthread+0x10/0x10 [ 16.608982] ret_from_fork_asm+0x1a/0x30 [ 16.609019] </TASK> [ 16.609034] [ 16.625055] Allocated by task 258: [ 16.625358] kasan_save_stack+0x45/0x70 [ 16.625625] kasan_save_track+0x18/0x40 [ 16.625909] kasan_save_alloc_info+0x3b/0x50 [ 16.626158] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 16.626625] remove_element+0x11e/0x190 [ 16.626916] mempool_alloc_preallocated+0x4d/0x90 [ 16.627184] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 16.627487] mempool_kmalloc_invalid_free+0xed/0x140 [ 16.628102] kunit_try_run_case+0x1a5/0x480 [ 16.628525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.629005] kthread+0x337/0x6f0 [ 16.629500] ret_from_fork+0x116/0x1d0 [ 16.630085] ret_from_fork_asm+0x1a/0x30 [ 16.630370] [ 16.630617] The buggy address belongs to the object at ffff888103341800 [ 16.630617] which belongs to the cache kmalloc-128 of size 128 [ 16.631485] The buggy address is located 1 bytes inside of [ 16.631485] 128-byte region [ffff888103341800, ffff888103341880) [ 16.632547] [ 16.633081] The buggy address belongs to the physical page: [ 16.633546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103341 [ 16.634061] flags: 0x200000000000000(node=0|zone=2) [ 16.634439] page_type: f5(slab) [ 16.634585] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.635102] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.635413] page dumped because: kasan: bad access detected [ 16.636155] [ 16.636418] Memory state around the buggy address: [ 16.636940] ffff888103341700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.637197] ffff888103341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.637369] >ffff888103341800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.638014] ^ [ 16.638254] ffff888103341880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.639181] ffff888103341900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.639488] ==================================================================