Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.999981] ================================================================== [ 34.001034] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.001819] Free of addr fff00000c65e0001 by task kunit_try_catch/232 [ 34.002774] [ 34.003242] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 34.004587] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.005216] Hardware name: linux,dummy-virt (DT) [ 34.006004] Call trace: [ 34.006477] show_stack+0x20/0x38 (C) [ 34.007064] dump_stack_lvl+0x8c/0xd0 [ 34.007747] print_report+0x118/0x5e0 [ 34.008515] kasan_report_invalid_free+0xb0/0xd8 [ 34.009734] __kasan_mempool_poison_object+0xfc/0x150 [ 34.010474] mempool_free+0x28c/0x328 [ 34.011196] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.011987] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 34.013004] kunit_try_run_case+0x14c/0x3d0 [ 34.013581] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.014255] kthread+0x24c/0x2d0 [ 34.014743] ret_from_fork+0x10/0x20 [ 34.015835] [ 34.016702] The buggy address belongs to the physical page: [ 34.017525] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e0 [ 34.018637] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.019710] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.021088] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.022007] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.022807] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.024022] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.025335] head: 0bfffe0000000002 ffffc1ffc3197801 ffffffffffffffff 0000000000000000 [ 34.026462] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 34.027487] page dumped because: kasan: bad access detected [ 34.028321] [ 34.028552] Memory state around the buggy address: [ 34.029702] fff00000c65dff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.030804] fff00000c65dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.031744] >fff00000c65e0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.032921] ^ [ 34.033652] fff00000c65e0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.034727] fff00000c65e0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.035695] ================================================================== [ 33.942484] ================================================================== [ 33.943661] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.944583] Free of addr fff00000c6087a01 by task kunit_try_catch/230 [ 33.945637] [ 33.946297] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.947406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.948062] Hardware name: linux,dummy-virt (DT) [ 33.949042] Call trace: [ 33.949497] show_stack+0x20/0x38 (C) [ 33.950048] dump_stack_lvl+0x8c/0xd0 [ 33.950718] print_report+0x118/0x5e0 [ 33.951273] kasan_report_invalid_free+0xb0/0xd8 [ 33.952033] check_slab_allocation+0xfc/0x108 [ 33.952926] __kasan_mempool_poison_object+0x78/0x150 [ 33.953625] mempool_free+0x28c/0x328 [ 33.954254] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.955061] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.955744] kunit_try_run_case+0x14c/0x3d0 [ 33.956583] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.957556] kthread+0x24c/0x2d0 [ 33.958121] ret_from_fork+0x10/0x20 [ 33.958685] [ 33.959067] Allocated by task 230: [ 33.959596] kasan_save_stack+0x3c/0x68 [ 33.960182] kasan_save_track+0x20/0x40 [ 33.960962] kasan_save_alloc_info+0x40/0x58 [ 33.961566] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.962194] remove_element+0x130/0x1f8 [ 33.962685] mempool_alloc_preallocated+0x58/0xc0 [ 33.963189] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 33.964879] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.965505] kunit_try_run_case+0x14c/0x3d0 [ 33.966156] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.966839] kthread+0x24c/0x2d0 [ 33.967977] ret_from_fork+0x10/0x20 [ 33.968938] [ 33.969265] The buggy address belongs to the object at fff00000c6087a00 [ 33.969265] which belongs to the cache kmalloc-128 of size 128 [ 33.970358] The buggy address is located 1 bytes inside of [ 33.970358] 128-byte region [fff00000c6087a00, fff00000c6087a80) [ 33.971503] [ 33.971936] The buggy address belongs to the physical page: [ 33.972998] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106087 [ 33.974007] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.974751] page_type: f5(slab) [ 33.975406] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.976370] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.977467] page dumped because: kasan: bad access detected [ 33.978110] [ 33.978525] Memory state around the buggy address: [ 33.979171] fff00000c6087900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.979997] fff00000c6087980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.980946] >fff00000c6087a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.982187] ^ [ 33.982731] fff00000c6087a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.983553] fff00000c6087b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.984621] ==================================================================
[ 33.970863] ================================================================== [ 33.972154] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.973014] Free of addr fff00000c659b401 by task kunit_try_catch/230 [ 33.973640] [ 33.974035] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 33.975822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.976277] Hardware name: linux,dummy-virt (DT) [ 33.977245] Call trace: [ 33.977969] show_stack+0x20/0x38 (C) [ 33.978882] dump_stack_lvl+0x8c/0xd0 [ 33.979489] print_report+0x118/0x5e0 [ 33.980011] kasan_report_invalid_free+0xb0/0xd8 [ 33.980755] check_slab_allocation+0xfc/0x108 [ 33.981410] __kasan_mempool_poison_object+0x78/0x150 [ 33.982437] mempool_free+0x28c/0x328 [ 33.982987] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.983669] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.984430] kunit_try_run_case+0x14c/0x3d0 [ 33.985075] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.986130] kthread+0x24c/0x2d0 [ 33.986692] ret_from_fork+0x10/0x20 [ 33.987331] [ 33.987718] Allocated by task 230: [ 33.988186] kasan_save_stack+0x3c/0x68 [ 33.988854] kasan_save_track+0x20/0x40 [ 33.989405] kasan_save_alloc_info+0x40/0x58 [ 33.990352] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.991153] remove_element+0x130/0x1f8 [ 33.992566] mempool_alloc_preallocated+0x58/0xc0 [ 33.993292] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 33.994009] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.994695] kunit_try_run_case+0x14c/0x3d0 [ 33.995249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.996028] kthread+0x24c/0x2d0 [ 33.996481] ret_from_fork+0x10/0x20 [ 33.997116] [ 33.997478] The buggy address belongs to the object at fff00000c659b400 [ 33.997478] which belongs to the cache kmalloc-128 of size 128 [ 33.998713] The buggy address is located 1 bytes inside of [ 33.998713] 128-byte region [fff00000c659b400, fff00000c659b480) [ 34.000014] [ 34.000394] The buggy address belongs to the physical page: [ 34.001127] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10659b [ 34.002038] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.002765] page_type: f5(slab) [ 34.003323] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.004225] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 34.005037] page dumped because: kasan: bad access detected [ 34.005783] [ 34.006150] Memory state around the buggy address: [ 34.006849] fff00000c659b300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.007660] fff00000c659b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.008622] >fff00000c659b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.009505] ^ [ 34.010000] fff00000c659b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.010902] fff00000c659b500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.011721] ================================================================== [ 34.025011] ================================================================== [ 34.026102] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.027292] Free of addr fff00000c663c001 by task kunit_try_catch/232 [ 34.028129] [ 34.028497] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 34.031014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.033462] Hardware name: linux,dummy-virt (DT) [ 34.034073] Call trace: [ 34.034454] show_stack+0x20/0x38 (C) [ 34.034979] dump_stack_lvl+0x8c/0xd0 [ 34.035473] print_report+0x118/0x5e0 [ 34.036671] kasan_report_invalid_free+0xb0/0xd8 [ 34.037394] __kasan_mempool_poison_object+0xfc/0x150 [ 34.038583] mempool_free+0x28c/0x328 [ 34.039108] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.039939] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 34.040706] kunit_try_run_case+0x14c/0x3d0 [ 34.041327] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.042929] kthread+0x24c/0x2d0 [ 34.043402] ret_from_fork+0x10/0x20 [ 34.044047] [ 34.044436] The buggy address belongs to the physical page: [ 34.045138] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10663c [ 34.046461] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.047347] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.048221] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.049066] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.050793] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.051687] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.052577] head: 0bfffe0000000002 ffffc1ffc3198f01 ffffffffffffffff 0000000000000000 [ 34.053435] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 34.054742] page dumped because: kasan: bad access detected [ 34.055315] [ 34.055702] Memory state around the buggy address: [ 34.056377] fff00000c663bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.057310] fff00000c663bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.059057] >fff00000c663c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.059816] ^ [ 34.060368] fff00000c663c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.061183] fff00000c663c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.062491] ==================================================================
[ 28.094146] ================================================================== [ 28.094634] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.094634] Free of addr ffff888102949801 by task kunit_try_catch/250 [ 28.094634] [ 28.094634] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 28.094634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.094634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.094634] Call Trace: [ 28.094634] <TASK> [ 28.094634] dump_stack_lvl+0x73/0xb0 [ 28.094634] print_report+0xd1/0x640 [ 28.094634] ? __virt_addr_valid+0x1db/0x2d0 [ 28.094634] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.094634] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.094634] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.094634] kasan_report_invalid_free+0xc0/0xf0 [ 28.094634] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.094634] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.094634] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.094634] check_slab_allocation+0x11f/0x130 [ 28.094634] __kasan_mempool_poison_object+0x91/0x1d0 [ 28.094634] mempool_free+0x2ec/0x380 [ 28.094634] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.094634] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.094634] ? read_hpet+0x1f0/0x230 [ 28.094634] ? ktime_get_ts64+0x84/0x230 [ 28.094634] ? trace_hardirqs_on+0x37/0xe0 [ 28.094634] mempool_kmalloc_invalid_free+0xb1/0x100 [ 28.094634] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 28.094634] ? __switch_to+0x5d9/0xf60 [ 28.094634] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.094634] ? __pfx_mempool_kfree+0x10/0x10 [ 28.094634] ? ktime_get_ts64+0x84/0x230 [ 28.094634] kunit_try_run_case+0x1b3/0x490 [ 28.094634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.094634] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.094634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.094634] ? __kthread_parkme+0x82/0x160 [ 28.094634] ? preempt_count_sub+0x50/0x80 [ 28.094634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.094634] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.094634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.094634] kthread+0x257/0x310 [ 28.094634] ? __pfx_kthread+0x10/0x10 [ 28.094634] ret_from_fork+0x41/0x80 [ 28.094634] ? __pfx_kthread+0x10/0x10 [ 28.094634] ret_from_fork_asm+0x1a/0x30 [ 28.094634] </TASK> [ 28.094634] [ 28.094634] Allocated by task 250: [ 28.094634] kasan_save_stack+0x3d/0x60 [ 28.094634] kasan_save_track+0x18/0x40 [ 28.094634] kasan_save_alloc_info+0x3b/0x50 [ 28.094634] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.094634] remove_element+0x11e/0x190 [ 28.094634] mempool_alloc_preallocated+0x4d/0x90 [ 28.094634] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 28.094634] mempool_kmalloc_invalid_free+0xb1/0x100 [ 28.094634] kunit_try_run_case+0x1b3/0x490 [ 28.094634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.094634] kthread+0x257/0x310 [ 28.094634] ret_from_fork+0x41/0x80 [ 28.094634] ret_from_fork_asm+0x1a/0x30 [ 28.094634] [ 28.094634] The buggy address belongs to the object at ffff888102949800 [ 28.094634] which belongs to the cache kmalloc-128 of size 128 [ 28.094634] The buggy address is located 1 bytes inside of [ 28.094634] 128-byte region [ffff888102949800, ffff888102949880) [ 28.094634] [ 28.094634] The buggy address belongs to the physical page: [ 28.094634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102949 [ 28.094634] flags: 0x200000000000000(node=0|zone=2) [ 28.094634] page_type: f5(slab) [ 28.094634] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.094634] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.094634] page dumped because: kasan: bad access detected [ 28.094634] [ 28.094634] Memory state around the buggy address: [ 28.094634] ffff888102949700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.094634] ffff888102949780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.094634] >ffff888102949800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.094634] ^ [ 28.094634] ffff888102949880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.094634] ffff888102949900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.094634] ================================================================== [ 28.161745] ================================================================== [ 28.162147] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.162147] Free of addr ffff888102b24001 by task kunit_try_catch/252 [ 28.162147] [ 28.162147] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 28.162147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.162147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.162147] Call Trace: [ 28.162147] <TASK> [ 28.162147] dump_stack_lvl+0x73/0xb0 [ 28.162147] print_report+0xd1/0x640 [ 28.162147] ? __virt_addr_valid+0x1db/0x2d0 [ 28.162147] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.162147] ? kasan_addr_to_slab+0x11/0xa0 [ 28.162147] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.162147] kasan_report_invalid_free+0xc0/0xf0 [ 28.162147] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.162147] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.162147] __kasan_mempool_poison_object+0x102/0x1d0 [ 28.162147] mempool_free+0x2ec/0x380 [ 28.162147] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.162147] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.162147] ? read_hpet+0x1f0/0x230 [ 28.162147] ? ktime_get_ts64+0x84/0x230 [ 28.162147] ? trace_hardirqs_on+0x37/0xe0 [ 28.162147] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 28.162147] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 28.162147] ? __switch_to+0x5d9/0xf60 [ 28.162147] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.162147] ? __pfx_mempool_kfree+0x10/0x10 [ 28.162147] ? ktime_get_ts64+0x84/0x230 [ 28.162147] kunit_try_run_case+0x1b3/0x490 [ 28.162147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.162147] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.162147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.162147] ? __kthread_parkme+0x82/0x160 [ 28.162147] ? preempt_count_sub+0x50/0x80 [ 28.162147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.162147] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.162147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.162147] kthread+0x257/0x310 [ 28.162147] ? __pfx_kthread+0x10/0x10 [ 28.162147] ret_from_fork+0x41/0x80 [ 28.162147] ? __pfx_kthread+0x10/0x10 [ 28.162147] ret_from_fork_asm+0x1a/0x30 [ 28.162147] </TASK> [ 28.162147] [ 28.162147] The buggy address belongs to the physical page: [ 28.162147] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b24 [ 28.162147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.162147] flags: 0x200000000000040(head|node=0|zone=2) [ 28.162147] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.162147] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.162147] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.162147] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.162147] head: 0200000000000002 ffffea00040ac901 ffffffffffffffff 0000000000000000 [ 28.162147] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 28.162147] page dumped because: kasan: bad access detected [ 28.162147] [ 28.162147] Memory state around the buggy address: [ 28.162147] ffff888102b23f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.162147] ffff888102b23f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.162147] >ffff888102b24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.162147] ^ [ 28.162147] ffff888102b24080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.162147] ffff888102b24100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.162147] ==================================================================
[ 23.090257] ================================================================== [ 23.091112] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.091822] Free of addr ffff888102ad8001 by task kunit_try_catch/250 [ 23.092467] [ 23.092991] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 23.093977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.094535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.094939] Call Trace: [ 23.095250] <TASK> [ 23.095526] dump_stack_lvl+0x73/0xb0 [ 23.096176] print_report+0xd1/0x640 [ 23.096641] ? __virt_addr_valid+0x1db/0x2d0 [ 23.097161] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.097757] ? kasan_addr_to_slab+0x11/0xa0 [ 23.098443] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.099139] kasan_report_invalid_free+0xc0/0xf0 [ 23.099565] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.100034] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.100519] __kasan_mempool_poison_object+0x102/0x1d0 [ 23.101055] mempool_free+0x2ec/0x380 [ 23.101549] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.101989] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.102709] ? finish_task_switch.isra.0+0x153/0x700 [ 23.103229] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 23.103706] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 23.104340] ? __switch_to+0x5d9/0xf60 [ 23.104808] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.105221] ? __pfx_mempool_kfree+0x10/0x10 [ 23.105550] ? __pfx_read_tsc+0x10/0x10 [ 23.106074] ? ktime_get_ts64+0x84/0x230 [ 23.106540] kunit_try_run_case+0x1b3/0x490 [ 23.107051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.107639] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.108072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.108676] ? __kthread_parkme+0x82/0x160 [ 23.109057] ? preempt_count_sub+0x50/0x80 [ 23.109365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.109929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.110559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.111122] kthread+0x257/0x310 [ 23.111636] ? __pfx_kthread+0x10/0x10 [ 23.112009] ret_from_fork+0x41/0x80 [ 23.112404] ? __pfx_kthread+0x10/0x10 [ 23.112925] ret_from_fork_asm+0x1a/0x30 [ 23.113323] </TASK> [ 23.113677] [ 23.113887] The buggy address belongs to the physical page: [ 23.114342] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad8 [ 23.114943] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.115538] flags: 0x200000000000040(head|node=0|zone=2) [ 23.116172] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.116794] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.117381] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.118097] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.118756] head: 0200000000000002 ffffea00040ab601 ffffffffffffffff 0000000000000000 [ 23.119379] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 23.120127] page dumped because: kasan: bad access detected [ 23.120432] [ 23.120647] Memory state around the buggy address: [ 23.121111] ffff888102ad7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.121831] ffff888102ad7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.122525] >ffff888102ad8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.123102] ^ [ 23.123342] ffff888102ad8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.123789] ffff888102ad8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.124325] ================================================================== [ 23.025707] ================================================================== [ 23.026910] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.027839] Free of addr ffff8881028c3b01 by task kunit_try_catch/248 [ 23.028443] [ 23.028655] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 23.030054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.030473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.032056] Call Trace: [ 23.032638] <TASK> [ 23.032818] dump_stack_lvl+0x73/0xb0 [ 23.034131] print_report+0xd1/0x640 [ 23.034512] ? __virt_addr_valid+0x1db/0x2d0 [ 23.034992] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.035453] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.036071] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.037409] kasan_report_invalid_free+0xc0/0xf0 [ 23.037903] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.038638] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.039257] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.039826] check_slab_allocation+0x11f/0x130 [ 23.041302] __kasan_mempool_poison_object+0x91/0x1d0 [ 23.041730] mempool_free+0x2ec/0x380 [ 23.042076] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 23.042769] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.043461] ? irqentry_exit+0x2a/0x60 [ 23.044115] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.044478] ? trace_hardirqs_on+0x37/0xe0 [ 23.045041] mempool_kmalloc_invalid_free+0xb1/0x100 [ 23.045781] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 23.046505] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.047237] ? __pfx_mempool_kfree+0x10/0x10 [ 23.047466] ? ktime_get_ts64+0xf6/0x230 [ 23.047746] ? ktime_get_ts64+0x84/0x230 [ 23.048033] kunit_try_run_case+0x1b3/0x490 [ 23.048331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.048875] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.049539] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.051117] ? __kthread_parkme+0x82/0x160 [ 23.051607] ? preempt_count_sub+0x50/0x80 [ 23.052242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.052907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.053570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.054198] kthread+0x257/0x310 [ 23.054468] ? __pfx_kthread+0x10/0x10 [ 23.054998] ret_from_fork+0x41/0x80 [ 23.055374] ? __pfx_kthread+0x10/0x10 [ 23.056418] ret_from_fork_asm+0x1a/0x30 [ 23.057174] </TASK> [ 23.057406] [ 23.057664] Allocated by task 248: [ 23.058075] kasan_save_stack+0x3d/0x60 [ 23.058721] kasan_save_track+0x18/0x40 [ 23.059185] kasan_save_alloc_info+0x3b/0x50 [ 23.060100] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.060891] remove_element+0x11e/0x190 [ 23.061390] mempool_alloc_preallocated+0x4d/0x90 [ 23.062067] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 23.062643] mempool_kmalloc_invalid_free+0xb1/0x100 [ 23.063129] kunit_try_run_case+0x1b3/0x490 [ 23.063653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.064074] kthread+0x257/0x310 [ 23.064480] ret_from_fork+0x41/0x80 [ 23.064918] ret_from_fork_asm+0x1a/0x30 [ 23.065287] [ 23.065473] The buggy address belongs to the object at ffff8881028c3b00 [ 23.065473] which belongs to the cache kmalloc-128 of size 128 [ 23.066840] The buggy address is located 1 bytes inside of [ 23.066840] 128-byte region [ffff8881028c3b00, ffff8881028c3b80) [ 23.068438] [ 23.068759] The buggy address belongs to the physical page: [ 23.069657] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c3 [ 23.070649] flags: 0x200000000000000(node=0|zone=2) [ 23.071720] page_type: f5(slab) [ 23.072618] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.073976] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 23.075254] page dumped because: kasan: bad access detected [ 23.075826] [ 23.076775] Memory state around the buggy address: [ 23.077510] ffff8881028c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.078205] ffff8881028c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.078929] >ffff8881028c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.079458] ^ [ 23.080567] ffff8881028c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.081581] ffff8881028c3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.082153] ==================================================================