Date
June 5, 2025, 7:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 28.527052] ================================================================== [ 28.527189] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.527322] Free of addr fff00000c7719701 by task kunit_try_catch/241 [ 28.527476] [ 28.527583] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 28.528165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.528240] Hardware name: linux,dummy-virt (DT) [ 28.528323] Call trace: [ 28.529307] show_stack+0x20/0x38 (C) [ 28.529473] dump_stack_lvl+0x8c/0xd0 [ 28.531134] print_report+0x118/0x608 [ 28.531285] kasan_report_invalid_free+0xc0/0xe8 [ 28.532593] check_slab_allocation+0xfc/0x108 [ 28.532756] __kasan_mempool_poison_object+0x78/0x150 [ 28.532889] mempool_free+0x28c/0x328 [ 28.533006] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.533138] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.533258] kunit_try_run_case+0x170/0x3f0 [ 28.533476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.533616] kthread+0x328/0x630 [ 28.533712] ret_from_fork+0x10/0x20 [ 28.533823] [ 28.533869] Allocated by task 241: [ 28.534048] kasan_save_stack+0x3c/0x68 [ 28.535889] kasan_save_track+0x20/0x40 [ 28.536210] kasan_save_alloc_info+0x40/0x58 [ 28.536409] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.536527] remove_element+0x130/0x1f8 [ 28.537464] mempool_alloc_preallocated+0x58/0xc0 [ 28.537587] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 28.537707] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.537914] kunit_try_run_case+0x170/0x3f0 [ 28.538476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.538840] kthread+0x328/0x630 [ 28.539132] ret_from_fork+0x10/0x20 [ 28.539229] [ 28.539663] The buggy address belongs to the object at fff00000c7719700 [ 28.539663] which belongs to the cache kmalloc-128 of size 128 [ 28.540062] The buggy address is located 1 bytes inside of [ 28.540062] 128-byte region [fff00000c7719700, fff00000c7719780) [ 28.540758] [ 28.540877] The buggy address belongs to the physical page: [ 28.540954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719 [ 28.541569] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.541684] page_type: f5(slab) [ 28.541735] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.541820] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.541904] page dumped because: kasan: bad access detected [ 28.541944] [ 28.541968] Memory state around the buggy address: [ 28.542009] fff00000c7719600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.542065] fff00000c7719680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.542119] >fff00000c7719700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.542166] ^ [ 28.542200] fff00000c7719780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.542254] fff00000c7719800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.542302] ================================================================== [ 28.558459] ================================================================== [ 28.558573] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.558689] Free of addr fff00000c78b0001 by task kunit_try_catch/243 [ 28.558808] [ 28.558892] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 28.560000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.560109] Hardware name: linux,dummy-virt (DT) [ 28.560197] Call trace: [ 28.560257] show_stack+0x20/0x38 (C) [ 28.560403] dump_stack_lvl+0x8c/0xd0 [ 28.560535] print_report+0x118/0x608 [ 28.560848] kasan_report_invalid_free+0xc0/0xe8 [ 28.561001] __kasan_mempool_poison_object+0xfc/0x150 [ 28.561194] mempool_free+0x28c/0x328 [ 28.561488] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.561683] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 28.562305] kunit_try_run_case+0x170/0x3f0 [ 28.562506] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.563040] kthread+0x328/0x630 [ 28.563595] ret_from_fork+0x10/0x20 [ 28.564139] [ 28.564202] The buggy address belongs to the physical page: [ 28.564278] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078b0 [ 28.564433] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.564553] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.564731] page_type: f8(unknown) [ 28.565007] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.565376] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.566159] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.566316] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.566632] head: 0bfffe0000000002 ffffc1ffc31e2c01 00000000ffffffff 00000000ffffffff [ 28.566773] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.566876] page dumped because: kasan: bad access detected [ 28.566948] [ 28.566993] Memory state around the buggy address: [ 28.567147] fff00000c78aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.567422] fff00000c78aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.567555] >fff00000c78b0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.567823] ^ [ 28.567899] fff00000c78b0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.568034] fff00000c78b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.568146] ==================================================================
[ 13.142432] ================================================================== [ 13.142951] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.143408] Free of addr ffff888102793201 by task kunit_try_catch/258 [ 13.143692] [ 13.143794] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 13.143837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.143848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.143868] Call Trace: [ 13.143879] <TASK> [ 13.143905] dump_stack_lvl+0x73/0xb0 [ 13.143930] print_report+0xd1/0x650 [ 13.143952] ? __virt_addr_valid+0x1db/0x2d0 [ 13.143977] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.143999] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144024] kasan_report_invalid_free+0x10a/0x130 [ 13.144132] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144160] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144185] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144211] check_slab_allocation+0x11f/0x130 [ 13.144233] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.144257] mempool_free+0x2ec/0x380 [ 13.144278] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.144304] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.144328] ? update_load_avg+0x1be/0x21b0 [ 13.144351] ? dequeue_entities+0x27e/0x1740 [ 13.144376] ? finish_task_switch.isra.0+0x153/0x700 [ 13.144402] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.144425] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.144452] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.144470] ? __pfx_mempool_kfree+0x10/0x10 [ 13.144491] ? __pfx_read_tsc+0x10/0x10 [ 13.144512] ? ktime_get_ts64+0x86/0x230 [ 13.144534] kunit_try_run_case+0x1a5/0x480 [ 13.144554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.144574] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.144600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.144624] ? __kthread_parkme+0x82/0x180 [ 13.144644] ? preempt_count_sub+0x50/0x80 [ 13.144680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.144700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.144724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.144749] kthread+0x337/0x6f0 [ 13.144768] ? trace_preempt_on+0x20/0xc0 [ 13.144791] ? __pfx_kthread+0x10/0x10 [ 13.144812] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.144835] ? calculate_sigpending+0x7b/0xa0 [ 13.144858] ? __pfx_kthread+0x10/0x10 [ 13.144880] ret_from_fork+0x116/0x1d0 [ 13.144909] ? __pfx_kthread+0x10/0x10 [ 13.144930] ret_from_fork_asm+0x1a/0x30 [ 13.144975] </TASK> [ 13.144986] [ 13.160755] Allocated by task 258: [ 13.161048] kasan_save_stack+0x45/0x70 [ 13.161202] kasan_save_track+0x18/0x40 [ 13.161337] kasan_save_alloc_info+0x3b/0x50 [ 13.161487] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.161674] remove_element+0x11e/0x190 [ 13.161845] mempool_alloc_preallocated+0x4d/0x90 [ 13.162272] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.162483] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.162726] kunit_try_run_case+0x1a5/0x480 [ 13.162870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.163373] kthread+0x337/0x6f0 [ 13.163545] ret_from_fork+0x116/0x1d0 [ 13.163759] ret_from_fork_asm+0x1a/0x30 [ 13.163925] [ 13.164000] The buggy address belongs to the object at ffff888102793200 [ 13.164000] which belongs to the cache kmalloc-128 of size 128 [ 13.164522] The buggy address is located 1 bytes inside of [ 13.164522] 128-byte region [ffff888102793200, ffff888102793280) [ 13.165230] [ 13.165307] The buggy address belongs to the physical page: [ 13.165553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102793 [ 13.165923] flags: 0x200000000000000(node=0|zone=2) [ 13.166086] page_type: f5(slab) [ 13.166395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.166746] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.167167] page dumped because: kasan: bad access detected [ 13.167415] [ 13.167507] Memory state around the buggy address: [ 13.167668] ffff888102793100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.167991] ffff888102793180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.168303] >ffff888102793200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.168522] ^ [ 13.168746] ffff888102793280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.169374] ffff888102793300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.169638] ================================================================== [ 13.173582] ================================================================== [ 13.174120] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.174567] Free of addr ffff888102c48001 by task kunit_try_catch/260 [ 13.174910] [ 13.175012] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 13.175114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.175128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.175149] Call Trace: [ 13.175163] <TASK> [ 13.175176] dump_stack_lvl+0x73/0xb0 [ 13.175201] print_report+0xd1/0x650 [ 13.175224] ? __virt_addr_valid+0x1db/0x2d0 [ 13.175247] ? kasan_addr_to_slab+0x11/0xa0 [ 13.175267] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.175293] kasan_report_invalid_free+0x10a/0x130 [ 13.175317] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.175346] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.175371] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.175395] mempool_free+0x2ec/0x380 [ 13.175416] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.175442] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.175471] ? finish_task_switch.isra.0+0x153/0x700 [ 13.175497] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.175522] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.175550] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.175569] ? __pfx_mempool_kfree+0x10/0x10 [ 13.175591] ? __pfx_read_tsc+0x10/0x10 [ 13.175611] ? ktime_get_ts64+0x86/0x230 [ 13.175645] kunit_try_run_case+0x1a5/0x480 [ 13.175666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.175686] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.175711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.175735] ? __kthread_parkme+0x82/0x180 [ 13.175755] ? preempt_count_sub+0x50/0x80 [ 13.175777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.175798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.175822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.175847] kthread+0x337/0x6f0 [ 13.175865] ? trace_preempt_on+0x20/0xc0 [ 13.175887] ? __pfx_kthread+0x10/0x10 [ 13.175921] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.175943] ? calculate_sigpending+0x7b/0xa0 [ 13.175976] ? __pfx_kthread+0x10/0x10 [ 13.175999] ret_from_fork+0x116/0x1d0 [ 13.176016] ? __pfx_kthread+0x10/0x10 [ 13.176037] ret_from_fork_asm+0x1a/0x30 [ 13.176067] </TASK> [ 13.176076] [ 13.184727] The buggy address belongs to the physical page: [ 13.184975] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c48 [ 13.185240] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.185469] flags: 0x200000000000040(head|node=0|zone=2) [ 13.185844] page_type: f8(unknown) [ 13.186157] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.186475] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.186809] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.187347] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.187643] head: 0200000000000002 ffffea00040b1201 00000000ffffffff 00000000ffffffff [ 13.188060] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.188349] page dumped because: kasan: bad access detected [ 13.188526] [ 13.188597] Memory state around the buggy address: [ 13.188820] ffff888102c47f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.189154] ffff888102c47f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.189470] >ffff888102c48000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.189829] ^ [ 13.190106] ffff888102c48080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.190409] ffff888102c48100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.190696] ==================================================================