Date
Dec. 5, 2024, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.797290] ================================================================== [ 32.798829] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 32.800298] Free of addr fff00000c6610001 by task kunit_try_catch/232 [ 32.800922] [ 32.801392] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 32.803251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.803939] Hardware name: linux,dummy-virt (DT) [ 32.804927] Call trace: [ 32.805381] show_stack+0x20/0x38 (C) [ 32.806149] dump_stack_lvl+0x8c/0xd0 [ 32.806826] print_report+0x118/0x5e0 [ 32.807713] kasan_report_invalid_free+0xb0/0xd8 [ 32.808655] __kasan_mempool_poison_object+0xfc/0x150 [ 32.809370] mempool_free+0x28c/0x328 [ 32.809835] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 32.810675] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 32.811421] kunit_try_run_case+0x14c/0x3d0 [ 32.812045] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.812838] kthread+0x24c/0x2d0 [ 32.814198] ret_from_fork+0x10/0x20 [ 32.814991] [ 32.815353] The buggy address belongs to the physical page: [ 32.816495] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106610 [ 32.817398] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.818295] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.819163] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.820418] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.821180] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.822285] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.823365] head: 0bfffe0000000002 ffffc1ffc3198401 ffffffffffffffff 0000000000000000 [ 32.824357] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 32.825275] page dumped because: kasan: bad access detected [ 32.825954] [ 32.826260] Memory state around the buggy address: [ 32.826919] fff00000c660ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.828265] fff00000c660ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.829158] >fff00000c6610000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.829842] ^ [ 32.830926] fff00000c6610080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.831943] fff00000c6610100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.833115] ================================================================== [ 32.744352] ================================================================== [ 32.745519] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 32.746423] Free of addr fff00000c6567801 by task kunit_try_catch/230 [ 32.747073] [ 32.747537] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 32.749212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.749769] Hardware name: linux,dummy-virt (DT) [ 32.750615] Call trace: [ 32.751050] show_stack+0x20/0x38 (C) [ 32.751714] dump_stack_lvl+0x8c/0xd0 [ 32.752453] print_report+0x118/0x5e0 [ 32.752981] kasan_report_invalid_free+0xb0/0xd8 [ 32.753677] check_slab_allocation+0xfc/0x108 [ 32.754310] __kasan_mempool_poison_object+0x78/0x150 [ 32.755028] mempool_free+0x28c/0x328 [ 32.755822] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 32.756506] mempool_kmalloc_invalid_free+0xb8/0x110 [ 32.757294] kunit_try_run_case+0x14c/0x3d0 [ 32.757936] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.758706] kthread+0x24c/0x2d0 [ 32.759582] ret_from_fork+0x10/0x20 [ 32.760086] [ 32.760454] Allocated by task 230: [ 32.761018] kasan_save_stack+0x3c/0x68 [ 32.761525] kasan_save_track+0x20/0x40 [ 32.762236] kasan_save_alloc_info+0x40/0x58 [ 32.762794] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.763864] remove_element+0x130/0x1f8 [ 32.764866] mempool_alloc_preallocated+0x58/0xc0 [ 32.765373] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 32.766277] mempool_kmalloc_invalid_free+0xb8/0x110 [ 32.767120] kunit_try_run_case+0x14c/0x3d0 [ 32.767950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.768980] kthread+0x24c/0x2d0 [ 32.769685] ret_from_fork+0x10/0x20 [ 32.770535] [ 32.770967] The buggy address belongs to the object at fff00000c6567800 [ 32.770967] which belongs to the cache kmalloc-128 of size 128 [ 32.772440] The buggy address is located 1 bytes inside of [ 32.772440] 128-byte region [fff00000c6567800, fff00000c6567880) [ 32.773769] [ 32.774223] The buggy address belongs to the physical page: [ 32.775954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106567 [ 32.776840] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.777748] page_type: f5(slab) [ 32.778266] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.779342] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.780232] page dumped because: kasan: bad access detected [ 32.781028] [ 32.781336] Memory state around the buggy address: [ 32.781911] fff00000c6567700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.782772] fff00000c6567780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.784417] >fff00000c6567800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.785360] ^ [ 32.785780] fff00000c6567880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.786997] fff00000c6567900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.788250] ==================================================================
[ 30.612869] ================================================================== [ 30.614875] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.616118] Free of addr ffff888102d60001 by task kunit_try_catch/250 [ 30.617158] [ 30.617777] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.618996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.619418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.620254] Call Trace: [ 30.620538] <TASK> [ 30.621739] dump_stack_lvl+0x73/0xb0 [ 30.622332] print_report+0xd1/0x640 [ 30.622744] ? __virt_addr_valid+0x1db/0x2d0 [ 30.623432] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.624394] ? kasan_addr_to_slab+0x11/0xa0 [ 30.624940] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.625617] kasan_report_invalid_free+0xc0/0xf0 [ 30.626410] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.627003] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.627627] __kasan_mempool_poison_object+0x102/0x1d0 [ 30.628321] mempool_free+0x2ec/0x380 [ 30.628939] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.629519] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 30.630386] ? finish_task_switch.isra.0+0x153/0x700 [ 30.630756] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 30.631501] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 30.632196] ? __switch_to+0x5d9/0xf60 [ 30.632632] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.633167] ? __pfx_mempool_kfree+0x10/0x10 [ 30.633589] ? __pfx_read_tsc+0x10/0x10 [ 30.634234] ? ktime_get_ts64+0x86/0x230 [ 30.634572] kunit_try_run_case+0x1b3/0x490 [ 30.635191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.635764] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.636167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.636582] ? __kthread_parkme+0x82/0x160 [ 30.637461] ? preempt_count_sub+0x50/0x80 [ 30.637928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.638371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.639193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.639664] kthread+0x257/0x310 [ 30.640237] ? __pfx_kthread+0x10/0x10 [ 30.640702] ret_from_fork+0x41/0x80 [ 30.641423] ? __pfx_kthread+0x10/0x10 [ 30.641826] ret_from_fork_asm+0x1a/0x30 [ 30.642462] </TASK> [ 30.642773] [ 30.643207] The buggy address belongs to the physical page: [ 30.643645] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d60 [ 30.644548] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.645389] flags: 0x200000000000040(head|node=0|zone=2) [ 30.645894] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.646970] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.647802] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.648488] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.649425] head: 0200000000000002 ffffea00040b5801 ffffffffffffffff 0000000000000000 [ 30.650285] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.650901] page dumped because: kasan: bad access detected [ 30.651903] [ 30.652168] Memory state around the buggy address: [ 30.652629] ffff888102d5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.653501] ffff888102d5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.654053] >ffff888102d60000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.654861] ^ [ 30.655311] ffff888102d60080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.655878] ffff888102d60100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.657008] ================================================================== [ 30.550876] ================================================================== [ 30.552566] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.553545] Free of addr ffff888101ac5201 by task kunit_try_catch/248 [ 30.554142] [ 30.554427] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.555243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.556319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.558150] Call Trace: [ 30.558644] <TASK> [ 30.558877] dump_stack_lvl+0x73/0xb0 [ 30.559410] print_report+0xd1/0x640 [ 30.559807] ? __virt_addr_valid+0x1db/0x2d0 [ 30.560472] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.561108] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.562288] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.563142] kasan_report_invalid_free+0xc0/0xf0 [ 30.563932] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.564562] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.565265] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.565867] check_slab_allocation+0x11f/0x130 [ 30.566375] __kasan_mempool_poison_object+0x91/0x1d0 [ 30.566839] mempool_free+0x2ec/0x380 [ 30.567418] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 30.568330] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 30.569239] ? finish_task_switch.isra.0+0x153/0x700 [ 30.569840] mempool_kmalloc_invalid_free+0xb1/0x100 [ 30.570328] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 30.571332] ? __switch_to+0x5d9/0xf60 [ 30.571751] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.572294] ? __pfx_mempool_kfree+0x10/0x10 [ 30.572751] ? __pfx_read_tsc+0x10/0x10 [ 30.573229] ? ktime_get_ts64+0x86/0x230 [ 30.573830] kunit_try_run_case+0x1b3/0x490 [ 30.574246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.575108] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.575568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.576153] ? __kthread_parkme+0x82/0x160 [ 30.576981] ? preempt_count_sub+0x50/0x80 [ 30.577551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.578102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.578753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.579378] kthread+0x257/0x310 [ 30.579904] ? __pfx_kthread+0x10/0x10 [ 30.580263] ret_from_fork+0x41/0x80 [ 30.580944] ? __pfx_kthread+0x10/0x10 [ 30.581260] ret_from_fork_asm+0x1a/0x30 [ 30.581901] </TASK> [ 30.582181] [ 30.582342] Allocated by task 248: [ 30.582892] kasan_save_stack+0x3d/0x60 [ 30.583418] kasan_save_track+0x18/0x40 [ 30.584374] kasan_save_alloc_info+0x3b/0x50 [ 30.584741] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 30.585336] remove_element+0x11e/0x190 [ 30.586099] mempool_alloc_preallocated+0x4d/0x90 [ 30.586582] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 30.587641] mempool_kmalloc_invalid_free+0xb1/0x100 [ 30.588569] kunit_try_run_case+0x1b3/0x490 [ 30.589070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.590134] kthread+0x257/0x310 [ 30.590532] ret_from_fork+0x41/0x80 [ 30.590748] ret_from_fork_asm+0x1a/0x30 [ 30.591876] [ 30.592122] The buggy address belongs to the object at ffff888101ac5200 [ 30.592122] which belongs to the cache kmalloc-128 of size 128 [ 30.593867] The buggy address is located 1 bytes inside of [ 30.593867] 128-byte region [ffff888101ac5200, ffff888101ac5280) [ 30.595091] [ 30.595398] The buggy address belongs to the physical page: [ 30.595854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac5 [ 30.596848] flags: 0x200000000000000(node=0|zone=2) [ 30.597507] page_type: f5(slab) [ 30.597967] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.598696] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.599387] page dumped because: kasan: bad access detected [ 30.600359] [ 30.600605] Memory state around the buggy address: [ 30.601485] ffff888101ac5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.602165] ffff888101ac5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.603141] >ffff888101ac5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.603825] ^ [ 30.604533] ffff888101ac5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.605769] ffff888101ac5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.606937] ==================================================================