Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 50.518412] ================================================================== [ 50.519648] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 50.520503] Free of addr fff00000c615aa01 by task kunit_try_catch/230 [ 50.521206] [ 50.521967] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 50.523171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.523682] Hardware name: linux,dummy-virt (DT) [ 50.524369] Call trace: [ 50.524905] show_stack+0x20/0x38 (C) [ 50.525560] dump_stack_lvl+0x8c/0xd0 [ 50.526477] print_report+0x118/0x5e0 [ 50.527253] kasan_report_invalid_free+0xb0/0xd8 [ 50.527958] check_slab_allocation+0xfc/0x108 [ 50.528654] __kasan_mempool_poison_object+0x78/0x150 [ 50.530176] mempool_free+0x28c/0x328 [ 50.530782] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 50.531514] mempool_kmalloc_invalid_free+0xb8/0x110 [ 50.532199] kunit_try_run_case+0x14c/0x3d0 [ 50.532813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.533718] kthread+0x24c/0x2d0 [ 50.534262] ret_from_fork+0x10/0x20 [ 50.534888] [ 50.535249] Allocated by task 230: [ 50.536707] kasan_save_stack+0x3c/0x68 [ 50.537122] kasan_save_track+0x20/0x40 [ 50.537807] kasan_save_alloc_info+0x40/0x58 [ 50.539071] __kasan_mempool_unpoison_object+0x11c/0x180 [ 50.539931] remove_element+0x130/0x1f8 [ 50.540663] mempool_alloc_preallocated+0x58/0xc0 [ 50.541697] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 50.542321] mempool_kmalloc_invalid_free+0xb8/0x110 [ 50.542912] kunit_try_run_case+0x14c/0x3d0 [ 50.543659] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.544379] kthread+0x24c/0x2d0 [ 50.545026] ret_from_fork+0x10/0x20 [ 50.545932] [ 50.546477] The buggy address belongs to the object at fff00000c615aa00 [ 50.546477] which belongs to the cache kmalloc-128 of size 128 [ 50.548412] The buggy address is located 1 bytes inside of [ 50.548412] 128-byte region [fff00000c615aa00, fff00000c615aa80) [ 50.550394] [ 50.550652] The buggy address belongs to the physical page: [ 50.551663] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10615a [ 50.552586] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 50.553609] page_type: f5(slab) [ 50.554158] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 50.554957] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 50.556364] page dumped because: kasan: bad access detected [ 50.556913] [ 50.557239] Memory state around the buggy address: [ 50.558162] fff00000c615a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.558876] fff00000c615a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.559698] >fff00000c615aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.560436] ^ [ 50.560992] fff00000c615aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.561934] fff00000c615ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.562916] ================================================================== [ 50.573913] ================================================================== [ 50.575104] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 50.576073] Free of addr fff00000c66e4001 by task kunit_try_catch/232 [ 50.576681] [ 50.577376] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 50.578715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.579418] Hardware name: linux,dummy-virt (DT) [ 50.580275] Call trace: [ 50.580694] show_stack+0x20/0x38 (C) [ 50.581585] dump_stack_lvl+0x8c/0xd0 [ 50.582566] print_report+0x118/0x5e0 [ 50.583434] kasan_report_invalid_free+0xb0/0xd8 [ 50.584211] __kasan_mempool_poison_object+0xfc/0x150 [ 50.585491] mempool_free+0x28c/0x328 [ 50.586254] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 50.587186] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 50.587920] kunit_try_run_case+0x14c/0x3d0 [ 50.588583] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.589202] kthread+0x24c/0x2d0 [ 50.590024] ret_from_fork+0x10/0x20 [ 50.590518] [ 50.591454] The buggy address belongs to the physical page: [ 50.592192] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e4 [ 50.593166] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.594066] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 50.594922] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 50.596087] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 50.596968] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 50.597983] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 50.598600] head: 0bfffe0000000002 ffffc1ffc319b901 ffffffffffffffff 0000000000000000 [ 50.599039] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 50.599652] page dumped because: kasan: bad access detected [ 50.600255] [ 50.600572] Memory state around the buggy address: [ 50.601426] fff00000c66e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.602992] fff00000c66e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.603930] >fff00000c66e4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.604944] ^ [ 50.605335] fff00000c66e4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.606710] fff00000c66e4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.607528] ==================================================================
[ 27.875603] ================================================================== [ 27.876586] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.878184] Free of addr ffff888102a55101 by task kunit_try_catch/249 [ 27.878872] [ 27.879512] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.880772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.881536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.883371] Call Trace: [ 27.883665] <TASK> [ 27.884731] dump_stack_lvl+0x73/0xb0 [ 27.885287] print_report+0xd1/0x640 [ 27.885876] ? __virt_addr_valid+0x1db/0x2d0 [ 27.886691] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.887531] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.888396] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.889217] kasan_report_invalid_free+0xc0/0xf0 [ 27.890244] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.890793] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.891790] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.892735] check_slab_allocation+0x11f/0x130 [ 27.893493] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.894205] mempool_free+0x2ec/0x380 [ 27.894585] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.895664] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.896364] ? finish_task_switch.isra.0+0x153/0x700 [ 27.897127] mempool_kmalloc_invalid_free+0xb1/0x100 [ 27.897809] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 27.898755] ? __switch_to+0x5d9/0xf60 [ 27.899494] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.900192] ? __pfx_mempool_kfree+0x10/0x10 [ 27.900485] ? __pfx_read_tsc+0x10/0x10 [ 27.901304] ? ktime_get_ts64+0x84/0x230 [ 27.901943] kunit_try_run_case+0x1b3/0x490 [ 27.903196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.904091] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.904667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.905525] ? __kthread_parkme+0x82/0x160 [ 27.906591] ? preempt_count_sub+0x50/0x80 [ 27.907322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.907826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.908496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.909199] kthread+0x257/0x310 [ 27.909652] ? __pfx_kthread+0x10/0x10 [ 27.910563] ret_from_fork+0x41/0x80 [ 27.910975] ? __pfx_kthread+0x10/0x10 [ 27.911628] ret_from_fork_asm+0x1a/0x30 [ 27.912100] </TASK> [ 27.912539] [ 27.912858] Allocated by task 249: [ 27.913308] kasan_save_stack+0x3d/0x60 [ 27.913910] kasan_save_track+0x18/0x40 [ 27.914496] kasan_save_alloc_info+0x3b/0x50 [ 27.914909] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.915926] remove_element+0x11e/0x190 [ 27.916559] mempool_alloc_preallocated+0x4d/0x90 [ 27.916921] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 27.917791] mempool_kmalloc_invalid_free+0xb1/0x100 [ 27.918191] kunit_try_run_case+0x1b3/0x490 [ 27.918908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.919715] kthread+0x257/0x310 [ 27.920229] ret_from_fork+0x41/0x80 [ 27.920669] ret_from_fork_asm+0x1a/0x30 [ 27.921331] [ 27.921631] The buggy address belongs to the object at ffff888102a55100 [ 27.921631] which belongs to the cache kmalloc-128 of size 128 [ 27.922722] The buggy address is located 1 bytes inside of [ 27.922722] 128-byte region [ffff888102a55100, ffff888102a55180) [ 27.923946] [ 27.924404] The buggy address belongs to the physical page: [ 27.925305] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a55 [ 27.925897] flags: 0x200000000000000(node=0|zone=2) [ 27.926752] page_type: f5(slab) [ 27.927036] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.927774] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.928644] page dumped because: kasan: bad access detected [ 27.929023] [ 27.929321] Memory state around the buggy address: [ 27.930478] ffff888102a55000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.930964] ffff888102a55080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.931685] >ffff888102a55100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.932678] ^ [ 27.933228] ffff888102a55180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.934468] ffff888102a55200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.935219] ================================================================== [ 27.941175] ================================================================== [ 27.942559] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.943450] Free of addr ffff888102ce0001 by task kunit_try_catch/251 [ 27.944105] [ 27.945195] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.946717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.947199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.948253] Call Trace: [ 27.948558] <TASK> [ 27.948820] dump_stack_lvl+0x73/0xb0 [ 27.950268] print_report+0xd1/0x640 [ 27.950649] ? __virt_addr_valid+0x1db/0x2d0 [ 27.951536] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.952090] ? kasan_addr_to_slab+0x11/0xa0 [ 27.952607] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.953567] kasan_report_invalid_free+0xc0/0xf0 [ 27.954417] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.955319] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.955918] __kasan_mempool_poison_object+0x102/0x1d0 [ 27.957092] mempool_free+0x2ec/0x380 [ 27.958328] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.958832] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.959564] ? finish_task_switch.isra.0+0x153/0x700 [ 27.960571] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 27.961170] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.961755] ? __switch_to+0x5d9/0xf60 [ 27.962788] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.963291] ? __pfx_mempool_kfree+0x10/0x10 [ 27.963927] ? __pfx_read_tsc+0x10/0x10 [ 27.964847] ? ktime_get_ts64+0x84/0x230 [ 27.965581] kunit_try_run_case+0x1b3/0x490 [ 27.966677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.967198] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.967674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.968429] ? __kthread_parkme+0x82/0x160 [ 27.969291] ? preempt_count_sub+0x50/0x80 [ 27.969916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.971073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.971666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.972415] kthread+0x257/0x310 [ 27.972755] ? __pfx_kthread+0x10/0x10 [ 27.973480] ret_from_fork+0x41/0x80 [ 27.973866] ? __pfx_kthread+0x10/0x10 [ 27.974737] ret_from_fork_asm+0x1a/0x30 [ 27.975354] </TASK> [ 27.975713] [ 27.975872] The buggy address belongs to the physical page: [ 27.976603] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ce0 [ 27.977631] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.978323] flags: 0x200000000000040(head|node=0|zone=2) [ 27.979468] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.979773] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.980796] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.982585] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.983859] head: 0200000000000002 ffffea00040b3801 ffffffffffffffff 0000000000000000 [ 27.985432] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 27.985732] page dumped because: kasan: bad access detected [ 27.985947] [ 27.986263] Memory state around the buggy address: [ 27.986567] ffff888102cdff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.986841] ffff888102cdff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.988110] >ffff888102ce0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.989415] ^ [ 27.989761] ffff888102ce0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.991220] ffff888102ce0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.991852] ==================================================================