Date
Dec. 3, 2024, 11:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.178739] ================================================================== [ 33.180512] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.181184] Free of addr fff00000c58ffb01 by task kunit_try_catch/230 [ 33.182348] [ 33.183414] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 33.185375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.186008] Hardware name: linux,dummy-virt (DT) [ 33.186595] Call trace: [ 33.186991] show_stack+0x20/0x38 (C) [ 33.187839] dump_stack_lvl+0x8c/0xd0 [ 33.188464] print_report+0x118/0x5e0 [ 33.189432] kasan_report_invalid_free+0xb0/0xd8 [ 33.190145] check_slab_allocation+0xfc/0x108 [ 33.191385] __kasan_mempool_poison_object+0x78/0x150 [ 33.192298] mempool_free+0x28c/0x328 [ 33.193029] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.193941] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.194786] kunit_try_run_case+0x14c/0x3d0 [ 33.195762] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.196965] kthread+0x24c/0x2d0 [ 33.197495] ret_from_fork+0x10/0x20 [ 33.198024] [ 33.198296] Allocated by task 230: [ 33.198729] kasan_save_stack+0x3c/0x68 [ 33.199892] kasan_save_track+0x20/0x40 [ 33.200714] kasan_save_alloc_info+0x40/0x58 [ 33.201365] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.202100] remove_element+0x130/0x1f8 [ 33.202794] mempool_alloc_preallocated+0x58/0xc0 [ 33.203970] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 33.205206] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.205875] kunit_try_run_case+0x14c/0x3d0 [ 33.206461] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.207509] kthread+0x24c/0x2d0 [ 33.207916] ret_from_fork+0x10/0x20 [ 33.208513] [ 33.208851] The buggy address belongs to the object at fff00000c58ffb00 [ 33.208851] which belongs to the cache kmalloc-128 of size 128 [ 33.210460] The buggy address is located 1 bytes inside of [ 33.210460] 128-byte region [fff00000c58ffb00, fff00000c58ffb80) [ 33.212424] [ 33.212895] The buggy address belongs to the physical page: [ 33.213749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ff [ 33.214847] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.215685] page_type: f5(slab) [ 33.216189] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.217778] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.218647] page dumped because: kasan: bad access detected [ 33.219259] [ 33.219857] Memory state around the buggy address: [ 33.221304] fff00000c58ffa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.222179] fff00000c58ffa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.223375] >fff00000c58ffb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.224310] ^ [ 33.225261] fff00000c58ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.226412] fff00000c58ffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.227461] ================================================================== [ 33.238187] ================================================================== [ 33.239663] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.241120] Free of addr fff00000c6620001 by task kunit_try_catch/232 [ 33.242108] [ 33.242499] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 33.243987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.244540] Hardware name: linux,dummy-virt (DT) [ 33.245126] Call trace: [ 33.245590] show_stack+0x20/0x38 (C) [ 33.246219] dump_stack_lvl+0x8c/0xd0 [ 33.246797] print_report+0x118/0x5e0 [ 33.247500] kasan_report_invalid_free+0xb0/0xd8 [ 33.248169] __kasan_mempool_poison_object+0xfc/0x150 [ 33.249190] mempool_free+0x28c/0x328 [ 33.249762] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.250605] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 33.251621] kunit_try_run_case+0x14c/0x3d0 [ 33.252202] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.253012] kthread+0x24c/0x2d0 [ 33.253507] ret_from_fork+0x10/0x20 [ 33.254106] [ 33.254511] The buggy address belongs to the physical page: [ 33.255217] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 33.256535] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.257453] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.258392] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.259510] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.260437] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.261503] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.262476] head: 0bfffe0000000002 ffffc1ffc3198801 ffffffffffffffff 0000000000000000 [ 33.263909] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 33.264853] page dumped because: kasan: bad access detected [ 33.265569] [ 33.265902] Memory state around the buggy address: [ 33.266661] fff00000c661ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.267822] fff00000c661ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.268587] >fff00000c6620000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.269599] ^ [ 33.270068] fff00000c6620080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.270908] fff00000c6620100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.271936] ==================================================================
[ 28.542364] ================================================================== [ 28.543713] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.544336] Free of addr ffff888102ba0001 by task kunit_try_catch/252 [ 28.544792] [ 28.545030] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 28.546752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.547856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.548638] Call Trace: [ 28.549478] <TASK> [ 28.549882] dump_stack_lvl+0x73/0xb0 [ 28.550436] print_report+0xd1/0x640 [ 28.551419] ? __virt_addr_valid+0x1db/0x2d0 [ 28.552039] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.552554] ? kasan_addr_to_slab+0x11/0xa0 [ 28.553516] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.554322] kasan_report_invalid_free+0xc0/0xf0 [ 28.554700] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.555794] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.556213] __kasan_mempool_poison_object+0x102/0x1d0 [ 28.557166] mempool_free+0x2ec/0x380 [ 28.557491] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.558094] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.558524] ? finish_task_switch.isra.0+0x153/0x700 [ 28.559244] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 28.559613] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 28.560992] ? __switch_to+0x5d9/0xf60 [ 28.561339] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.562115] ? __pfx_mempool_kfree+0x10/0x10 [ 28.562717] ? __pfx_read_tsc+0x10/0x10 [ 28.563305] ? ktime_get_ts64+0x86/0x230 [ 28.563543] kunit_try_run_case+0x1b3/0x490 [ 28.563798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.564815] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.565461] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.565947] ? __kthread_parkme+0x82/0x160 [ 28.566296] ? preempt_count_sub+0x50/0x80 [ 28.566812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.568005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.568265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.568486] kthread+0x257/0x310 [ 28.568764] ? __pfx_kthread+0x10/0x10 [ 28.569326] ret_from_fork+0x41/0x80 [ 28.570318] ? __pfx_kthread+0x10/0x10 [ 28.570811] ret_from_fork_asm+0x1a/0x30 [ 28.571843] </TASK> [ 28.572005] [ 28.572270] The buggy address belongs to the physical page: [ 28.573335] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba0 [ 28.574190] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.574978] flags: 0x200000000000040(head|node=0|zone=2) [ 28.575379] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.575823] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.577098] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.578145] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.579199] head: 0200000000000002 ffffea00040ae801 ffffffffffffffff 0000000000000000 [ 28.580287] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 28.580862] page dumped because: kasan: bad access detected [ 28.581399] [ 28.582229] Memory state around the buggy address: [ 28.582684] ffff888102b9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.583483] ffff888102b9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.584273] >ffff888102ba0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.585073] ^ [ 28.585390] ffff888102ba0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.586972] ffff888102ba0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.587420] ================================================================== [ 28.486490] ================================================================== [ 28.487624] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.488613] Free of addr ffff888102996601 by task kunit_try_catch/250 [ 28.489754] [ 28.489942] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 28.490462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.490830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.492520] Call Trace: [ 28.492993] <TASK> [ 28.493319] dump_stack_lvl+0x73/0xb0 [ 28.493843] print_report+0xd1/0x640 [ 28.494379] ? __virt_addr_valid+0x1db/0x2d0 [ 28.495042] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.496314] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.496815] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.497366] kasan_report_invalid_free+0xc0/0xf0 [ 28.498199] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.499340] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.500154] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.501044] check_slab_allocation+0x11f/0x130 [ 28.501478] __kasan_mempool_poison_object+0x91/0x1d0 [ 28.501899] mempool_free+0x2ec/0x380 [ 28.502464] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 28.503535] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.504157] ? finish_task_switch.isra.0+0x153/0x700 [ 28.504861] mempool_kmalloc_invalid_free+0xb1/0x100 [ 28.505354] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 28.506355] ? __switch_to+0x5d9/0xf60 [ 28.506907] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.507169] ? __pfx_mempool_kfree+0x10/0x10 [ 28.507406] ? __pfx_read_tsc+0x10/0x10 [ 28.507683] ? ktime_get_ts64+0x86/0x230 [ 28.508213] kunit_try_run_case+0x1b3/0x490 [ 28.508829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.509406] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.510111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.510524] ? __kthread_parkme+0x82/0x160 [ 28.511220] ? preempt_count_sub+0x50/0x80 [ 28.511763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.512113] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.512732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.513185] kthread+0x257/0x310 [ 28.513650] ? __pfx_kthread+0x10/0x10 [ 28.514001] ret_from_fork+0x41/0x80 [ 28.514516] ? __pfx_kthread+0x10/0x10 [ 28.515007] ret_from_fork_asm+0x1a/0x30 [ 28.515542] </TASK> [ 28.515937] [ 28.516153] Allocated by task 250: [ 28.516475] kasan_save_stack+0x3d/0x60 [ 28.516980] kasan_save_track+0x18/0x40 [ 28.517393] kasan_save_alloc_info+0x3b/0x50 [ 28.517776] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.518102] remove_element+0x11e/0x190 [ 28.518497] mempool_alloc_preallocated+0x4d/0x90 [ 28.518957] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 28.519606] mempool_kmalloc_invalid_free+0xb1/0x100 [ 28.520213] kunit_try_run_case+0x1b3/0x490 [ 28.520690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.521299] kthread+0x257/0x310 [ 28.521587] ret_from_fork+0x41/0x80 [ 28.521838] ret_from_fork_asm+0x1a/0x30 [ 28.522130] [ 28.522332] The buggy address belongs to the object at ffff888102996600 [ 28.522332] which belongs to the cache kmalloc-128 of size 128 [ 28.523729] The buggy address is located 1 bytes inside of [ 28.523729] 128-byte region [ffff888102996600, ffff888102996680) [ 28.524495] [ 28.524715] The buggy address belongs to the physical page: [ 28.525012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102996 [ 28.525838] flags: 0x200000000000000(node=0|zone=2) [ 28.526605] page_type: f5(slab) [ 28.526932] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.527591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.528499] page dumped because: kasan: bad access detected [ 28.528951] [ 28.529115] Memory state around the buggy address: [ 28.529384] ffff888102996500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.529861] ffff888102996580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.530548] >ffff888102996600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.531208] ^ [ 28.531558] ffff888102996680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.532283] ffff888102996700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.532806] ==================================================================