Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.298239] ================================================================== [ 39.299612] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 39.300350] Free of addr fff00000c65ba801 by task kunit_try_catch/230 [ 39.301226] [ 39.301780] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 39.303571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.304152] Hardware name: linux,dummy-virt (DT) [ 39.305351] Call trace: [ 39.305771] show_stack+0x20/0x38 (C) [ 39.306216] dump_stack_lvl+0x8c/0xd0 [ 39.306647] print_report+0x118/0x5e0 [ 39.307064] kasan_report_invalid_free+0xb0/0xd8 [ 39.308212] check_slab_allocation+0xfc/0x108 [ 39.311114] __kasan_mempool_poison_object+0x78/0x150 [ 39.311796] mempool_free+0x28c/0x328 [ 39.312341] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 39.314705] mempool_kmalloc_invalid_free+0xb8/0x110 [ 39.315221] kunit_try_run_case+0x14c/0x3d0 [ 39.315705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.316265] kthread+0x24c/0x2d0 [ 39.319176] ret_from_fork+0x10/0x20 [ 39.319827] [ 39.320169] Allocated by task 230: [ 39.320951] kasan_save_stack+0x3c/0x68 [ 39.322133] kasan_save_track+0x20/0x40 [ 39.323162] kasan_save_alloc_info+0x40/0x58 [ 39.324269] __kasan_mempool_unpoison_object+0x11c/0x180 [ 39.324935] remove_element+0x130/0x1f8 [ 39.326676] mempool_alloc_preallocated+0x58/0xc0 [ 39.327332] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 39.328113] mempool_kmalloc_invalid_free+0xb8/0x110 [ 39.328895] kunit_try_run_case+0x14c/0x3d0 [ 39.329801] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.330725] kthread+0x24c/0x2d0 [ 39.331177] ret_from_fork+0x10/0x20 [ 39.331638] [ 39.331916] The buggy address belongs to the object at fff00000c65ba800 [ 39.331916] which belongs to the cache kmalloc-128 of size 128 [ 39.333206] The buggy address is located 1 bytes inside of [ 39.333206] 128-byte region [fff00000c65ba800, fff00000c65ba880) [ 39.335097] [ 39.335432] The buggy address belongs to the physical page: [ 39.336056] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ba [ 39.336759] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.337985] page_type: f5(slab) [ 39.338833] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.339758] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.340576] page dumped because: kasan: bad access detected [ 39.341242] [ 39.341586] Memory state around the buggy address: [ 39.342049] fff00000c65ba700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.342925] fff00000c65ba780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.344350] >fff00000c65ba800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.345702] ^ [ 39.346186] fff00000c65ba880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.346833] fff00000c65ba900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.347693] ================================================================== [ 39.359075] ================================================================== [ 39.360187] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 39.361046] Free of addr fff00000c6c18001 by task kunit_try_catch/232 [ 39.362284] [ 39.363118] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 39.364075] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.364633] Hardware name: linux,dummy-virt (DT) [ 39.365484] Call trace: [ 39.365861] show_stack+0x20/0x38 (C) [ 39.366831] dump_stack_lvl+0x8c/0xd0 [ 39.367423] print_report+0x118/0x5e0 [ 39.368311] kasan_report_invalid_free+0xb0/0xd8 [ 39.369048] __kasan_mempool_poison_object+0xfc/0x150 [ 39.369613] mempool_free+0x28c/0x328 [ 39.370264] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 39.371065] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 39.371927] kunit_try_run_case+0x14c/0x3d0 [ 39.372657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.373495] kthread+0x24c/0x2d0 [ 39.373996] ret_from_fork+0x10/0x20 [ 39.374536] [ 39.374929] The buggy address belongs to the physical page: [ 39.375619] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c18 [ 39.376342] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 39.377247] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 39.378052] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 39.378923] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.379783] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 39.380585] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.381383] head: 0bfffe0000000002 ffffc1ffc31b0601 ffffffffffffffff 0000000000000000 [ 39.382149] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 39.383011] page dumped because: kasan: bad access detected [ 39.383638] [ 39.383971] Memory state around the buggy address: [ 39.384594] fff00000c6c17f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.385413] fff00000c6c17f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.386156] >fff00000c6c18000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.386869] ^ [ 39.387374] fff00000c6c18080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.388182] fff00000c6c18100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.388804] ==================================================================
[ 30.944935] ================================================================== [ 30.946101] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.947037] Free of addr ffff888102ce8001 by task kunit_try_catch/250 [ 30.947523] [ 30.947947] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 30.949015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.949329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.950398] Call Trace: [ 30.950966] <TASK> [ 30.951442] dump_stack_lvl+0x73/0xb0 [ 30.951972] print_report+0xd1/0x640 [ 30.952411] ? __virt_addr_valid+0x1db/0x2d0 [ 30.952918] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.953502] ? kasan_addr_to_slab+0x11/0xa0 [ 30.954275] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.955018] kasan_report_invalid_free+0xc0/0xf0 [ 30.955536] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.956144] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.957225] __kasan_mempool_poison_object+0x102/0x1d0 [ 30.957800] mempool_free+0x2ec/0x380 [ 30.958195] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.958911] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 30.959537] ? finish_task_switch.isra.0+0x153/0x700 [ 30.960071] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 30.960923] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 30.961710] ? __switch_to+0x5d9/0xf60 [ 30.962305] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.962890] ? __pfx_mempool_kfree+0x10/0x10 [ 30.963403] ? __pfx_read_tsc+0x10/0x10 [ 30.963956] ? ktime_get_ts64+0x84/0x230 [ 30.964436] kunit_try_run_case+0x1b3/0x490 [ 30.965268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.965850] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.966481] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.967029] ? __kthread_parkme+0x82/0x160 [ 30.967831] ? preempt_count_sub+0x50/0x80 [ 30.968465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.969120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.969923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.970365] kthread+0x257/0x310 [ 30.970904] ? __pfx_kthread+0x10/0x10 [ 30.971456] ret_from_fork+0x41/0x80 [ 30.972169] ? __pfx_kthread+0x10/0x10 [ 30.972521] ret_from_fork_asm+0x1a/0x30 [ 30.973126] </TASK> [ 30.973567] [ 30.973868] The buggy address belongs to the physical page: [ 30.974212] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ce8 [ 30.974901] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.976435] flags: 0x200000000000040(head|node=0|zone=2) [ 30.976933] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.977893] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.978903] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.979906] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.980596] head: 0200000000000002 ffffea00040b3a01 ffffffffffffffff 0000000000000000 [ 30.981524] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.982259] page dumped because: kasan: bad access detected [ 30.982597] [ 30.982901] Memory state around the buggy address: [ 30.983794] ffff888102ce7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.984533] ffff888102ce7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.985501] >ffff888102ce8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.986303] ^ [ 30.986747] ffff888102ce8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.987361] ffff888102ce8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.988227] ================================================================== [ 30.890471] ================================================================== [ 30.891722] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.892585] Free of addr ffff8881029f5a01 by task kunit_try_catch/248 [ 30.894012] [ 30.894292] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 30.895504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.896046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.896956] Call Trace: [ 30.897361] <TASK> [ 30.897715] dump_stack_lvl+0x73/0xb0 [ 30.898430] print_report+0xd1/0x640 [ 30.898842] ? __virt_addr_valid+0x1db/0x2d0 [ 30.899465] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.900361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.901144] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.901614] kasan_report_invalid_free+0xc0/0xf0 [ 30.902370] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.903030] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.903774] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.904297] check_slab_allocation+0x11f/0x130 [ 30.904810] __kasan_mempool_poison_object+0x91/0x1d0 [ 30.905183] mempool_free+0x2ec/0x380 [ 30.905605] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.906382] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 30.907028] ? finish_task_switch.isra.0+0x153/0x700 [ 30.907570] mempool_kmalloc_invalid_free+0xb1/0x100 [ 30.908081] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 30.908622] ? __switch_to+0x5d9/0xf60 [ 30.909076] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.909607] ? __pfx_mempool_kfree+0x10/0x10 [ 30.910087] ? __pfx_read_tsc+0x10/0x10 [ 30.910529] ? ktime_get_ts64+0x84/0x230 [ 30.911040] kunit_try_run_case+0x1b3/0x490 [ 30.911529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.912091] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.913073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.913463] ? __kthread_parkme+0x82/0x160 [ 30.913800] ? preempt_count_sub+0x50/0x80 [ 30.914594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.915199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.915931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.916309] kthread+0x257/0x310 [ 30.916839] ? __pfx_kthread+0x10/0x10 [ 30.917514] ret_from_fork+0x41/0x80 [ 30.917845] ? __pfx_kthread+0x10/0x10 [ 30.918347] ret_from_fork_asm+0x1a/0x30 [ 30.918747] </TASK> [ 30.919152] [ 30.919396] Allocated by task 248: [ 30.919854] kasan_save_stack+0x3d/0x60 [ 30.920271] kasan_save_track+0x18/0x40 [ 30.920622] kasan_save_alloc_info+0x3b/0x50 [ 30.921233] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 30.921916] remove_element+0x11e/0x190 [ 30.922418] mempool_alloc_preallocated+0x4d/0x90 [ 30.923012] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 30.923733] mempool_kmalloc_invalid_free+0xb1/0x100 [ 30.924067] kunit_try_run_case+0x1b3/0x490 [ 30.924668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.925131] kthread+0x257/0x310 [ 30.925577] ret_from_fork+0x41/0x80 [ 30.926020] ret_from_fork_asm+0x1a/0x30 [ 30.926482] [ 30.926849] The buggy address belongs to the object at ffff8881029f5a00 [ 30.926849] which belongs to the cache kmalloc-128 of size 128 [ 30.927912] The buggy address is located 1 bytes inside of [ 30.927912] 128-byte region [ffff8881029f5a00, ffff8881029f5a80) [ 30.929011] [ 30.929169] The buggy address belongs to the physical page: [ 30.929920] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f5 [ 30.930551] flags: 0x200000000000000(node=0|zone=2) [ 30.931142] page_type: f5(slab) [ 30.931540] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.932349] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.933261] page dumped because: kasan: bad access detected [ 30.933877] [ 30.934181] Memory state around the buggy address: [ 30.934727] ffff8881029f5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.935328] ffff8881029f5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.936048] >ffff8881029f5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.937130] ^ [ 30.937464] ffff8881029f5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.938071] ffff8881029f5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.939031] ==================================================================