Date
Nov. 22, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.777551] ================================================================== [ 36.779026] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 36.780153] Free of addr fff00000c6b94001 by task kunit_try_catch/232 [ 36.781487] [ 36.782010] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 36.782844] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.783428] Hardware name: linux,dummy-virt (DT) [ 36.783935] Call trace: [ 36.784249] show_stack+0x20/0x38 (C) [ 36.786428] dump_stack_lvl+0x8c/0xd0 [ 36.787278] print_report+0x118/0x5e0 [ 36.787949] kasan_report_invalid_free+0xb0/0xd8 [ 36.788291] __kasan_mempool_poison_object+0xfc/0x150 [ 36.789116] mempool_free+0x28c/0x328 [ 36.789595] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 36.790153] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 36.791351] kunit_try_run_case+0x14c/0x3d0 [ 36.792462] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.793608] kthread+0x24c/0x2d0 [ 36.794100] ret_from_fork+0x10/0x20 [ 36.794834] [ 36.795105] The buggy address belongs to the physical page: [ 36.796258] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106b94 [ 36.798459] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.799907] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.801588] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.803070] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 36.803840] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.806061] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 36.808051] head: 0bfffe0000000002 ffffc1ffc31ae501 ffffffffffffffff 0000000000000000 [ 36.809340] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 36.810348] page dumped because: kasan: bad access detected [ 36.811717] [ 36.812059] Memory state around the buggy address: [ 36.812375] fff00000c6b93f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.814343] fff00000c6b93f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.816138] >fff00000c6b94000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.817564] ^ [ 36.818669] fff00000c6b94080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.819799] fff00000c6b94100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.821511] ================================================================== [ 36.717060] ================================================================== [ 36.718683] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 36.719627] Free of addr fff00000c6122101 by task kunit_try_catch/230 [ 36.720660] [ 36.721659] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 36.723003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.723644] Hardware name: linux,dummy-virt (DT) [ 36.724353] Call trace: [ 36.724907] show_stack+0x20/0x38 (C) [ 36.725575] dump_stack_lvl+0x8c/0xd0 [ 36.726604] print_report+0x118/0x5e0 [ 36.727258] kasan_report_invalid_free+0xb0/0xd8 [ 36.728009] check_slab_allocation+0xfc/0x108 [ 36.728565] __kasan_mempool_poison_object+0x78/0x150 [ 36.729585] mempool_free+0x28c/0x328 [ 36.730222] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 36.731048] mempool_kmalloc_invalid_free+0xb8/0x110 [ 36.731811] kunit_try_run_case+0x14c/0x3d0 [ 36.732510] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.733273] kthread+0x24c/0x2d0 [ 36.734253] ret_from_fork+0x10/0x20 [ 36.734875] [ 36.735177] Allocated by task 230: [ 36.735622] kasan_save_stack+0x3c/0x68 [ 36.736365] kasan_save_track+0x20/0x40 [ 36.737000] kasan_save_alloc_info+0x40/0x58 [ 36.737712] __kasan_mempool_unpoison_object+0x11c/0x180 [ 36.738560] remove_element+0x130/0x1f8 [ 36.739120] mempool_alloc_preallocated+0x58/0xc0 [ 36.739799] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 36.740666] mempool_kmalloc_invalid_free+0xb8/0x110 [ 36.741633] kunit_try_run_case+0x14c/0x3d0 [ 36.742297] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.743173] kthread+0x24c/0x2d0 [ 36.743741] ret_from_fork+0x10/0x20 [ 36.744196] [ 36.744653] The buggy address belongs to the object at fff00000c6122100 [ 36.744653] which belongs to the cache kmalloc-128 of size 128 [ 36.746242] The buggy address is located 1 bytes inside of [ 36.746242] 128-byte region [fff00000c6122100, fff00000c6122180) [ 36.748962] [ 36.749838] The buggy address belongs to the physical page: [ 36.750333] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106122 [ 36.751560] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.752746] page_type: f5(slab) [ 36.753496] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.754561] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.755705] page dumped because: kasan: bad access detected [ 36.756407] [ 36.756893] Memory state around the buggy address: [ 36.758031] fff00000c6122000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.759372] fff00000c6122080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.760165] >fff00000c6122100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.762481] ^ [ 36.762944] fff00000c6122180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.763862] fff00000c6122200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.765240] ==================================================================
[ 27.694244] ================================================================== [ 27.695172] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.696107] Free of addr ffff888102a1b001 by task kunit_try_catch/249 [ 27.696600] [ 27.696780] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 27.697615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.698061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.698669] Call Trace: [ 27.699212] <TASK> [ 27.699466] dump_stack_lvl+0x73/0xb0 [ 27.699957] print_report+0xd1/0x640 [ 27.700447] ? __virt_addr_valid+0x1db/0x2d0 [ 27.700814] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.701398] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.701735] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.702118] kasan_report_invalid_free+0xc0/0xf0 [ 27.702677] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.703336] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.703955] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.704610] check_slab_allocation+0x11f/0x130 [ 27.705055] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.705435] mempool_free+0x2ec/0x380 [ 27.705933] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.706554] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.707207] ? irqentry_exit+0x2a/0x60 [ 27.707689] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.708051] mempool_kmalloc_invalid_free+0xb1/0x100 [ 27.708503] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 27.709052] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.709569] ? __pfx_mempool_kfree+0x10/0x10 [ 27.710060] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 27.710721] kunit_try_run_case+0x1b3/0x490 [ 27.711232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.711693] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.712193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.712556] ? __kthread_parkme+0x82/0x160 [ 27.713019] ? preempt_count_sub+0x50/0x80 [ 27.713549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.714064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.714621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.714987] kthread+0x257/0x310 [ 27.715241] ? __pfx_kthread+0x10/0x10 [ 27.715537] ret_from_fork+0x41/0x80 [ 27.715962] ? __pfx_kthread+0x10/0x10 [ 27.716430] ret_from_fork_asm+0x1a/0x30 [ 27.716896] </TASK> [ 27.717215] [ 27.717475] Allocated by task 249: [ 27.717791] kasan_save_stack+0x3d/0x60 [ 27.718284] kasan_save_track+0x18/0x40 [ 27.718709] kasan_save_alloc_info+0x3b/0x50 [ 27.719029] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.719601] remove_element+0x11e/0x190 [ 27.720045] mempool_alloc_preallocated+0x4d/0x90 [ 27.720520] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 27.720880] mempool_kmalloc_invalid_free+0xb1/0x100 [ 27.721188] kunit_try_run_case+0x1b3/0x490 [ 27.721692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.722279] kthread+0x257/0x310 [ 27.722689] ret_from_fork+0x41/0x80 [ 27.723116] ret_from_fork_asm+0x1a/0x30 [ 27.723591] [ 27.723870] The buggy address belongs to the object at ffff888102a1b000 [ 27.723870] which belongs to the cache kmalloc-128 of size 128 [ 27.726278] The buggy address is located 1 bytes inside of [ 27.726278] 128-byte region [ffff888102a1b000, ffff888102a1b080) [ 27.727245] [ 27.727915] The buggy address belongs to the physical page: [ 27.728371] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1b [ 27.729280] flags: 0x200000000000000(node=0|zone=2) [ 27.729589] page_type: f5(slab) [ 27.729847] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.730463] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.731237] page dumped because: kasan: bad access detected [ 27.731786] [ 27.732024] Memory state around the buggy address: [ 27.732596] ffff888102a1af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.733138] ffff888102a1af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.733839] >ffff888102a1b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.734461] ^ [ 27.734958] ffff888102a1b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.735649] ffff888102a1b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.736335] ================================================================== [ 27.744321] ================================================================== [ 27.745848] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.746783] Free of addr ffff888102d24001 by task kunit_try_catch/251 [ 27.747490] [ 27.748369] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 27.749136] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.749538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.750588] Call Trace: [ 27.750935] <TASK> [ 27.751160] dump_stack_lvl+0x73/0xb0 [ 27.751789] print_report+0xd1/0x640 [ 27.752225] ? __virt_addr_valid+0x1db/0x2d0 [ 27.752720] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.753799] ? kasan_addr_to_slab+0x11/0xa0 [ 27.754544] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.755365] kasan_report_invalid_free+0xc0/0xf0 [ 27.755725] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.756713] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.757753] __kasan_mempool_poison_object+0x102/0x1d0 [ 27.758423] mempool_free+0x2ec/0x380 [ 27.759252] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.759784] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.760751] ? finish_task_switch.isra.0+0x153/0x700 [ 27.761544] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 27.762588] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.763039] ? __switch_to+0x5d9/0xf60 [ 27.763564] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.764413] ? __pfx_mempool_kfree+0x10/0x10 [ 27.764783] ? __pfx_read_tsc+0x10/0x10 [ 27.765589] ? ktime_get_ts64+0x84/0x230 [ 27.766039] kunit_try_run_case+0x1b3/0x490 [ 27.766411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.767576] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.768019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.768560] ? __kthread_parkme+0x82/0x160 [ 27.769407] ? preempt_count_sub+0x50/0x80 [ 27.770310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.771576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.772042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.773161] kthread+0x257/0x310 [ 27.773474] ? __pfx_kthread+0x10/0x10 [ 27.773711] ret_from_fork+0x41/0x80 [ 27.774403] ? __pfx_kthread+0x10/0x10 [ 27.774812] ret_from_fork_asm+0x1a/0x30 [ 27.775201] </TASK> [ 27.775454] [ 27.775655] The buggy address belongs to the physical page: [ 27.777193] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d24 [ 27.777948] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.779099] flags: 0x200000000000040(head|node=0|zone=2) [ 27.779530] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.780915] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.781650] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.782616] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.783044] head: 0200000000000002 ffffea00040b4901 ffffffffffffffff 0000000000000000 [ 27.783910] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 27.785509] page dumped because: kasan: bad access detected [ 27.786011] [ 27.786556] Memory state around the buggy address: [ 27.787200] ffff888102d23f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.787638] ffff888102d23f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.788646] >ffff888102d24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.789304] ^ [ 27.790165] ffff888102d24080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.790580] ffff888102d24100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.791261] ==================================================================