Date
Dec. 4, 2024, 3:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.813255] ================================================================== [ 34.814924] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.815895] Free of addr fff00000c667b301 by task kunit_try_catch/229 [ 34.816965] [ 34.817359] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 34.818848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.820006] Hardware name: linux,dummy-virt (DT) [ 34.820680] Call trace: [ 34.821125] show_stack+0x20/0x38 (C) [ 34.821890] dump_stack_lvl+0x8c/0xd0 [ 34.822611] print_report+0x118/0x5e0 [ 34.823251] kasan_report_invalid_free+0xb0/0xd8 [ 34.824253] check_slab_allocation+0xfc/0x108 [ 34.825345] __kasan_mempool_poison_object+0x78/0x150 [ 34.826584] mempool_free+0x28c/0x328 [ 34.827388] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.828230] mempool_kmalloc_invalid_free+0xb8/0x110 [ 34.828938] kunit_try_run_case+0x14c/0x3d0 [ 34.829539] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.830715] kthread+0x24c/0x2d0 [ 34.831023] ret_from_fork+0x10/0x20 [ 34.831315] [ 34.831482] Allocated by task 229: [ 34.831829] kasan_save_stack+0x3c/0x68 [ 34.832455] kasan_save_track+0x20/0x40 [ 34.833394] kasan_save_alloc_info+0x40/0x58 [ 34.834015] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.835135] remove_element+0x130/0x1f8 [ 34.836007] mempool_alloc_preallocated+0x58/0xc0 [ 34.836688] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 34.837556] mempool_kmalloc_invalid_free+0xb8/0x110 [ 34.838579] kunit_try_run_case+0x14c/0x3d0 [ 34.839113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.840291] kthread+0x24c/0x2d0 [ 34.840945] ret_from_fork+0x10/0x20 [ 34.841584] [ 34.842106] The buggy address belongs to the object at fff00000c667b300 [ 34.842106] which belongs to the cache kmalloc-128 of size 128 [ 34.844050] The buggy address is located 1 bytes inside of [ 34.844050] 128-byte region [fff00000c667b300, fff00000c667b380) [ 34.845985] [ 34.846700] The buggy address belongs to the physical page: [ 34.847452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10667b [ 34.848500] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.849425] page_type: f5(slab) [ 34.850507] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.851726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.852848] page dumped because: kasan: bad access detected [ 34.853554] [ 34.854260] Memory state around the buggy address: [ 34.854596] fff00000c667b200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.855529] fff00000c667b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.856379] >fff00000c667b300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.857422] ^ [ 34.857923] fff00000c667b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.859674] fff00000c667b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.861098] ================================================================== [ 34.873224] ================================================================== [ 34.874746] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.875510] Free of addr fff00000c6848001 by task kunit_try_catch/231 [ 34.876555] [ 34.877027] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 34.879216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.880020] Hardware name: linux,dummy-virt (DT) [ 34.880907] Call trace: [ 34.881270] show_stack+0x20/0x38 (C) [ 34.881901] dump_stack_lvl+0x8c/0xd0 [ 34.882551] print_report+0x118/0x5e0 [ 34.883791] kasan_report_invalid_free+0xb0/0xd8 [ 34.884345] __kasan_mempool_poison_object+0xfc/0x150 [ 34.885451] mempool_free+0x28c/0x328 [ 34.887269] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 34.888144] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 34.889186] kunit_try_run_case+0x14c/0x3d0 [ 34.889894] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.890826] kthread+0x24c/0x2d0 [ 34.891349] ret_from_fork+0x10/0x20 [ 34.892776] [ 34.893056] The buggy address belongs to the physical page: [ 34.894237] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106848 [ 34.895306] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.896386] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.897309] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.898536] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.900278] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.901192] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.902294] head: 0bfffe0000000002 ffffc1ffc31a1201 ffffffffffffffff 0000000000000000 [ 34.903237] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 34.904373] page dumped because: kasan: bad access detected [ 34.905004] [ 34.905378] Memory state around the buggy address: [ 34.906474] fff00000c6847f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.907122] fff00000c6847f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.907812] >fff00000c6848000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.908646] ^ [ 34.909080] fff00000c6848080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.910514] fff00000c6848100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.911439] ==================================================================
[ 25.664771] ================================================================== [ 25.665776] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.666528] Free of addr ffff888102c58001 by task kunit_try_catch/251 [ 25.667071] [ 25.668327] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 25.669611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.670172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.671301] Call Trace: [ 25.671597] <TASK> [ 25.671875] dump_stack_lvl+0x73/0xb0 [ 25.672302] print_report+0xd1/0x640 [ 25.673710] ? __virt_addr_valid+0x1db/0x2d0 [ 25.673995] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.674415] ? kasan_addr_to_slab+0x11/0xa0 [ 25.675401] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.676403] kasan_report_invalid_free+0xc0/0xf0 [ 25.677329] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.678135] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.678664] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.680233] mempool_free+0x2ec/0x380 [ 25.681054] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.681891] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.682794] ? finish_task_switch.isra.0+0x153/0x700 [ 25.683794] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 25.684307] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.685330] ? __switch_to+0x5d9/0xf60 [ 25.686028] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.686785] ? __pfx_mempool_kfree+0x10/0x10 [ 25.687547] ? __pfx_read_tsc+0x10/0x10 [ 25.688177] ? ktime_get_ts64+0x86/0x230 [ 25.688572] kunit_try_run_case+0x1b3/0x490 [ 25.689042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.689531] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.691002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.691473] ? __kthread_parkme+0x82/0x160 [ 25.691772] ? preempt_count_sub+0x50/0x80 [ 25.692255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.692669] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.693271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.694376] kthread+0x257/0x310 [ 25.695205] ? __pfx_kthread+0x10/0x10 [ 25.696644] ret_from_fork+0x41/0x80 [ 25.697014] ? __pfx_kthread+0x10/0x10 [ 25.697930] ret_from_fork_asm+0x1a/0x30 [ 25.698535] </TASK> [ 25.698980] [ 25.699354] The buggy address belongs to the physical page: [ 25.700015] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c58 [ 25.701133] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.701988] flags: 0x200000000000040(head|node=0|zone=2) [ 25.702823] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.703456] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.704364] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.705652] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.706268] head: 0200000000000002 ffffea00040b1601 ffffffffffffffff 0000000000000000 [ 25.707121] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 25.708398] page dumped because: kasan: bad access detected [ 25.709107] [ 25.709303] Memory state around the buggy address: [ 25.709867] ffff888102c57f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.710960] ffff888102c57f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.712175] >ffff888102c58000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.713162] ^ [ 25.713438] ffff888102c58080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.714288] ffff888102c58100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.715172] ================================================================== [ 25.591105] ================================================================== [ 25.593088] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.593979] Free of addr ffff888101af9d01 by task kunit_try_catch/249 [ 25.594554] [ 25.594780] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 25.596635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.597324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.599421] Call Trace: [ 25.599691] <TASK> [ 25.600112] dump_stack_lvl+0x73/0xb0 [ 25.600649] print_report+0xd1/0x640 [ 25.601196] ? __virt_addr_valid+0x1db/0x2d0 [ 25.602165] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.602680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.604095] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.605025] kasan_report_invalid_free+0xc0/0xf0 [ 25.605341] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.606484] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.607526] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.608617] check_slab_allocation+0x11f/0x130 [ 25.609335] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.610216] mempool_free+0x2ec/0x380 [ 25.611164] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 25.611982] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.612583] ? finish_task_switch.isra.0+0x153/0x700 [ 25.614095] mempool_kmalloc_invalid_free+0xb1/0x100 [ 25.614952] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.615903] ? __switch_to+0x5d9/0xf60 [ 25.616502] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.617098] ? __pfx_mempool_kfree+0x10/0x10 [ 25.618044] ? __pfx_read_tsc+0x10/0x10 [ 25.619127] ? ktime_get_ts64+0x86/0x230 [ 25.620263] kunit_try_run_case+0x1b3/0x490 [ 25.621232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.622006] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.622832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.623382] ? __kthread_parkme+0x82/0x160 [ 25.623769] ? preempt_count_sub+0x50/0x80 [ 25.624500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.624943] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.625948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.626897] kthread+0x257/0x310 [ 25.627494] ? __pfx_kthread+0x10/0x10 [ 25.627983] ret_from_fork+0x41/0x80 [ 25.628718] ? __pfx_kthread+0x10/0x10 [ 25.629035] ret_from_fork_asm+0x1a/0x30 [ 25.629876] </TASK> [ 25.630624] [ 25.630837] Allocated by task 249: [ 25.631381] kasan_save_stack+0x3d/0x60 [ 25.631955] kasan_save_track+0x18/0x40 [ 25.632697] kasan_save_alloc_info+0x3b/0x50 [ 25.633157] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.633950] remove_element+0x11e/0x190 [ 25.634387] mempool_alloc_preallocated+0x4d/0x90 [ 25.634775] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 25.635614] mempool_kmalloc_invalid_free+0xb1/0x100 [ 25.635961] kunit_try_run_case+0x1b3/0x490 [ 25.636852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.637647] kthread+0x257/0x310 [ 25.638086] ret_from_fork+0x41/0x80 [ 25.638821] ret_from_fork_asm+0x1a/0x30 [ 25.639748] [ 25.639935] The buggy address belongs to the object at ffff888101af9d00 [ 25.639935] which belongs to the cache kmalloc-128 of size 128 [ 25.641739] The buggy address is located 1 bytes inside of [ 25.641739] 128-byte region [ffff888101af9d00, ffff888101af9d80) [ 25.643132] [ 25.644121] The buggy address belongs to the physical page: [ 25.644802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101af9 [ 25.645847] flags: 0x200000000000000(node=0|zone=2) [ 25.646462] page_type: f5(slab) [ 25.647233] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.648240] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.649259] page dumped because: kasan: bad access detected [ 25.650935] [ 25.651124] Memory state around the buggy address: [ 25.651517] ffff888101af9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.653088] ffff888101af9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.653777] >ffff888101af9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.654857] ^ [ 25.655213] ffff888101af9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.656708] ffff888101af9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.658033] ==================================================================