Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.551583] ================================================================== [ 32.552624] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3b8 [ 32.553502] Free of addr fff00000c5912001 by task kunit_try_catch/200 [ 32.555066] [ 32.555444] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.557084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.557742] Hardware name: linux,dummy-virt (DT) [ 32.558493] Call trace: [ 32.558980] show_stack+0x20/0x38 (C) [ 32.559639] dump_stack_lvl+0x8c/0xd0 [ 32.560180] print_report+0x118/0x5e0 [ 32.561083] kasan_report_invalid_free+0xb0/0xd8 [ 32.561695] check_slab_allocation+0xfc/0x108 [ 32.562330] __kasan_slab_pre_free+0x2c/0x48 [ 32.563003] kmem_cache_free+0xf0/0x470 [ 32.563582] kmem_cache_invalid_free+0x184/0x3b8 [ 32.564182] kunit_try_run_case+0x14c/0x3d0 [ 32.565162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.565800] kthread+0x24c/0x2d0 [ 32.566400] ret_from_fork+0x10/0x20 [ 32.567025] [ 32.567347] Allocated by task 200: [ 32.567893] kasan_save_stack+0x3c/0x68 [ 32.569166] kasan_save_track+0x20/0x40 [ 32.569730] kasan_save_alloc_info+0x40/0x58 [ 32.570347] __kasan_slab_alloc+0xa8/0xb0 [ 32.570937] kmem_cache_alloc_noprof+0x108/0x3a0 [ 32.571475] kmem_cache_invalid_free+0x12c/0x3b8 [ 32.572521] kunit_try_run_case+0x14c/0x3d0 [ 32.573191] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.573887] kthread+0x24c/0x2d0 [ 32.574481] ret_from_fork+0x10/0x20 [ 32.575099] [ 32.575418] The buggy address belongs to the object at fff00000c5912000 [ 32.575418] which belongs to the cache test_cache of size 200 [ 32.576941] The buggy address is located 1 bytes inside of [ 32.576941] 200-byte region [fff00000c5912000, fff00000c59120c8) [ 32.578022] [ 32.578388] The buggy address belongs to the physical page: [ 32.579144] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105912 [ 32.580015] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.581097] page_type: f5(slab) [ 32.581667] raw: 0bfffe0000000000 fff00000c5925000 dead000000000122 0000000000000000 [ 32.582553] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 32.583488] page dumped because: kasan: bad access detected [ 32.584148] [ 32.584762] Memory state around the buggy address: [ 32.585311] fff00000c5911f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.586120] fff00000c5911f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.587010] >fff00000c5912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.587881] ^ [ 32.588995] fff00000c5912080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 32.589656] fff00000c5912100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.590413] ==================================================================
[ 32.538881] ================================================================== [ 32.540119] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3b8 [ 32.540838] Free of addr fff00000c5e65001 by task kunit_try_catch/200 [ 32.541662] [ 32.542427] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.543682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.544149] Hardware name: linux,dummy-virt (DT) [ 32.544921] Call trace: [ 32.545395] show_stack+0x20/0x38 (C) [ 32.546873] dump_stack_lvl+0x8c/0xd0 [ 32.547516] print_report+0x118/0x5e0 [ 32.548163] kasan_report_invalid_free+0xb0/0xd8 [ 32.549274] check_slab_allocation+0xfc/0x108 [ 32.550330] __kasan_slab_pre_free+0x2c/0x48 [ 32.551089] kmem_cache_free+0xf0/0x470 [ 32.551487] kmem_cache_invalid_free+0x184/0x3b8 [ 32.552371] kunit_try_run_case+0x14c/0x3d0 [ 32.553029] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.553856] kthread+0x24c/0x2d0 [ 32.554432] ret_from_fork+0x10/0x20 [ 32.555168] [ 32.555520] Allocated by task 200: [ 32.556270] kasan_save_stack+0x3c/0x68 [ 32.556905] kasan_save_track+0x20/0x40 [ 32.557574] kasan_save_alloc_info+0x40/0x58 [ 32.558294] __kasan_slab_alloc+0xa8/0xb0 [ 32.559595] kmem_cache_alloc_noprof+0x108/0x3a0 [ 32.560323] kmem_cache_invalid_free+0x12c/0x3b8 [ 32.561029] kunit_try_run_case+0x14c/0x3d0 [ 32.561785] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.562454] kthread+0x24c/0x2d0 [ 32.563092] ret_from_fork+0x10/0x20 [ 32.563774] [ 32.564139] The buggy address belongs to the object at fff00000c5e65000 [ 32.564139] which belongs to the cache test_cache of size 200 [ 32.565545] The buggy address is located 1 bytes inside of [ 32.565545] 200-byte region [fff00000c5e65000, fff00000c5e650c8) [ 32.566689] [ 32.567079] The buggy address belongs to the physical page: [ 32.568134] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e65 [ 32.569182] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.570342] page_type: f5(slab) [ 32.570907] raw: 0bfffe0000000000 fff00000c5d7e8c0 dead000000000122 0000000000000000 [ 32.571799] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 32.572747] page dumped because: kasan: bad access detected [ 32.573430] [ 32.574126] Memory state around the buggy address: [ 32.574790] fff00000c5e64f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.575681] fff00000c5e64f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.576593] >fff00000c5e65000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.577381] ^ [ 32.578283] fff00000c5e65080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 32.579765] fff00000c5e65100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.580576] ==================================================================
[ 26.719371] ================================================================== [ 26.720040] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d9/0x470 [ 26.720150] Free of addr ffff888102944001 by task kunit_try_catch/220 [ 26.720150] [ 26.720150] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 26.720150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.720150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.720150] Call Trace: [ 26.720150] <TASK> [ 26.720150] dump_stack_lvl+0x73/0xb0 [ 26.720150] print_report+0xd1/0x640 [ 26.720150] ? __virt_addr_valid+0x1db/0x2d0 [ 26.720150] ? kmem_cache_invalid_free+0x1d9/0x470 [ 26.720150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.720150] ? kmem_cache_invalid_free+0x1d9/0x470 [ 26.720150] kasan_report_invalid_free+0xc0/0xf0 [ 26.720150] ? kmem_cache_invalid_free+0x1d9/0x470 [ 26.720150] ? kmem_cache_invalid_free+0x1d9/0x470 [ 26.720150] check_slab_allocation+0x11f/0x130 [ 26.720150] __kasan_slab_pre_free+0x28/0x40 [ 26.720150] kmem_cache_free+0xee/0x420 [ 26.720150] ? kmem_cache_alloc_noprof+0x11e/0x3f0 [ 26.720150] ? kmem_cache_invalid_free+0x1d9/0x470 [ 26.720150] kmem_cache_invalid_free+0x1d9/0x470 [ 26.720150] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 26.720150] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.720150] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 26.720150] kunit_try_run_case+0x1b3/0x490 [ 26.720150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.720150] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.720150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.720150] ? __kthread_parkme+0x82/0x160 [ 26.720150] ? preempt_count_sub+0x50/0x80 [ 26.720150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.720150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.720150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.720150] kthread+0x257/0x310 [ 26.720150] ? __pfx_kthread+0x10/0x10 [ 26.720150] ret_from_fork+0x41/0x80 [ 26.720150] ? __pfx_kthread+0x10/0x10 [ 26.720150] ret_from_fork_asm+0x1a/0x30 [ 26.720150] </TASK> [ 26.720150] [ 26.720150] Allocated by task 220: [ 26.720150] kasan_save_stack+0x3d/0x60 [ 26.720150] kasan_save_track+0x18/0x40 [ 26.720150] kasan_save_alloc_info+0x3b/0x50 [ 26.720150] __kasan_slab_alloc+0x91/0xa0 [ 26.720150] kmem_cache_alloc_noprof+0x11e/0x3f0 [ 26.720150] kmem_cache_invalid_free+0x158/0x470 [ 26.720150] kunit_try_run_case+0x1b3/0x490 [ 26.720150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.720150] kthread+0x257/0x310 [ 26.720150] ret_from_fork+0x41/0x80 [ 26.720150] ret_from_fork_asm+0x1a/0x30 [ 26.720150] [ 26.720150] The buggy address belongs to the object at ffff888102944000 [ 26.720150] which belongs to the cache test_cache of size 200 [ 26.720150] The buggy address is located 1 bytes inside of [ 26.720150] 200-byte region [ffff888102944000, ffff8881029440c8) [ 26.720150] [ 26.720150] The buggy address belongs to the physical page: [ 26.720150] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102944 [ 26.720150] flags: 0x200000000000000(node=0|zone=2) [ 26.720150] page_type: f5(slab) [ 26.720150] raw: 0200000000000000 ffff888101c70b40 dead000000000122 0000000000000000 [ 26.720150] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 26.720150] page dumped because: kasan: bad access detected [ 26.720150] [ 26.720150] Memory state around the buggy address: [ 26.720150] ffff888102943f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.720150] ffff888102943f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.720150] >ffff888102944000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.720150] ^ [ 26.720150] ffff888102944080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.720150] ffff888102944100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.720150] ==================================================================
[ 21.670122] ================================================================== [ 21.671450] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d9/0x470 [ 21.672691] Free of addr ffff8881028c2001 by task kunit_try_catch/218 [ 21.673533] [ 21.673774] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 21.675141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.675408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.676166] Call Trace: [ 21.676426] <TASK> [ 21.677456] dump_stack_lvl+0x73/0xb0 [ 21.678517] print_report+0xd1/0x640 [ 21.678931] ? __virt_addr_valid+0x1db/0x2d0 [ 21.679527] ? kmem_cache_invalid_free+0x1d9/0x470 [ 21.679971] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.680620] ? kmem_cache_invalid_free+0x1d9/0x470 [ 21.681470] kasan_report_invalid_free+0xc0/0xf0 [ 21.682466] ? kmem_cache_invalid_free+0x1d9/0x470 [ 21.683004] ? kmem_cache_invalid_free+0x1d9/0x470 [ 21.683521] check_slab_allocation+0x11f/0x130 [ 21.684481] __kasan_slab_pre_free+0x28/0x40 [ 21.684983] kmem_cache_free+0xee/0x420 [ 21.685342] ? kmem_cache_alloc_noprof+0x11e/0x3f0 [ 21.685888] ? kmem_cache_invalid_free+0x1d9/0x470 [ 21.686281] kmem_cache_invalid_free+0x1d9/0x470 [ 21.686978] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 21.687805] ? finish_task_switch.isra.0+0x153/0x700 [ 21.688843] ? __switch_to+0x5d9/0xf60 [ 21.689222] ? __pfx_read_tsc+0x10/0x10 [ 21.689832] ? ktime_get_ts64+0x84/0x230 [ 21.690540] kunit_try_run_case+0x1b3/0x490 [ 21.691099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.691573] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.692179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.692850] ? __kthread_parkme+0x82/0x160 [ 21.693510] ? preempt_count_sub+0x50/0x80 [ 21.693821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.694894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.695700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.696547] kthread+0x257/0x310 [ 21.697028] ? __pfx_kthread+0x10/0x10 [ 21.697813] ret_from_fork+0x41/0x80 [ 21.698145] ? __pfx_kthread+0x10/0x10 [ 21.698614] ret_from_fork_asm+0x1a/0x30 [ 21.699152] </TASK> [ 21.699478] [ 21.699737] Allocated by task 218: [ 21.700569] kasan_save_stack+0x3d/0x60 [ 21.700900] kasan_save_track+0x18/0x40 [ 21.701728] kasan_save_alloc_info+0x3b/0x50 [ 21.702025] __kasan_slab_alloc+0x91/0xa0 [ 21.702278] kmem_cache_alloc_noprof+0x11e/0x3f0 [ 21.702596] kmem_cache_invalid_free+0x158/0x470 [ 21.703074] kunit_try_run_case+0x1b3/0x490 [ 21.703640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.704225] kthread+0x257/0x310 [ 21.704745] ret_from_fork+0x41/0x80 [ 21.705151] ret_from_fork_asm+0x1a/0x30 [ 21.705835] [ 21.706137] The buggy address belongs to the object at ffff8881028c2000 [ 21.706137] which belongs to the cache test_cache of size 200 [ 21.706926] The buggy address is located 1 bytes inside of [ 21.706926] 200-byte region [ffff8881028c2000, ffff8881028c20c8) [ 21.708299] [ 21.708534] The buggy address belongs to the physical page: [ 21.709021] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c2 [ 21.709803] flags: 0x200000000000000(node=0|zone=2) [ 21.710460] page_type: f5(slab) [ 21.710874] raw: 0200000000000000 ffff888101b1e780 dead000000000122 0000000000000000 [ 21.711370] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 21.712056] page dumped because: kasan: bad access detected [ 21.712707] [ 21.712863] Memory state around the buggy address: [ 21.713141] ffff8881028c1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.713525] ffff8881028c1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.714357] >ffff8881028c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.715101] ^ [ 21.715526] ffff8881028c2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 21.716273] ffff8881028c2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.716886] ==================================================================