Date
Dec. 6, 2024, 3:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.795149] ================================================================== [ 33.796753] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.797610] Free of addr fff00000c6711b01 by task kunit_try_catch/230 [ 33.798286] [ 33.798780] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.800116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.801195] Hardware name: linux,dummy-virt (DT) [ 33.801809] Call trace: [ 33.802470] show_stack+0x20/0x38 (C) [ 33.803249] dump_stack_lvl+0x8c/0xd0 [ 33.803947] print_report+0x118/0x5e0 [ 33.804577] kasan_report_invalid_free+0xb0/0xd8 [ 33.805118] check_slab_allocation+0xfc/0x108 [ 33.805901] __kasan_mempool_poison_object+0x78/0x150 [ 33.806731] mempool_free+0x28c/0x328 [ 33.807469] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.808185] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.808936] kunit_try_run_case+0x14c/0x3d0 [ 33.809650] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.810403] kthread+0x24c/0x2d0 [ 33.811073] ret_from_fork+0x10/0x20 [ 33.811690] [ 33.812090] Allocated by task 230: [ 33.812675] kasan_save_stack+0x3c/0x68 [ 33.813234] kasan_save_track+0x20/0x40 [ 33.813754] kasan_save_alloc_info+0x40/0x58 [ 33.814356] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.815053] remove_element+0x130/0x1f8 [ 33.815732] mempool_alloc_preallocated+0x58/0xc0 [ 33.816404] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 33.817086] mempool_kmalloc_invalid_free+0xb8/0x110 [ 33.817840] kunit_try_run_case+0x14c/0x3d0 [ 33.818503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.819233] kthread+0x24c/0x2d0 [ 33.819836] ret_from_fork+0x10/0x20 [ 33.820435] [ 33.820812] The buggy address belongs to the object at fff00000c6711b00 [ 33.820812] which belongs to the cache kmalloc-128 of size 128 [ 33.822045] The buggy address is located 1 bytes inside of [ 33.822045] 128-byte region [fff00000c6711b00, fff00000c6711b80) [ 33.823265] [ 33.823668] The buggy address belongs to the physical page: [ 33.824323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106711 [ 33.825295] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.826157] page_type: f5(slab) [ 33.826681] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.827619] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.828412] page dumped because: kasan: bad access detected [ 33.829030] [ 33.829394] Memory state around the buggy address: [ 33.830057] fff00000c6711a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.830876] fff00000c6711a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.831820] >fff00000c6711b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.832658] ^ [ 33.833108] fff00000c6711b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.833962] fff00000c6711c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.834764] ================================================================== [ 33.849127] ================================================================== [ 33.850219] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.851408] Free of addr fff00000c6b20001 by task kunit_try_catch/232 [ 33.852291] [ 33.852726] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.853710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.854483] Hardware name: linux,dummy-virt (DT) [ 33.855489] Call trace: [ 33.856005] show_stack+0x20/0x38 (C) [ 33.856667] dump_stack_lvl+0x8c/0xd0 [ 33.857246] print_report+0x118/0x5e0 [ 33.857830] kasan_report_invalid_free+0xb0/0xd8 [ 33.858853] __kasan_mempool_poison_object+0xfc/0x150 [ 33.859989] mempool_free+0x28c/0x328 [ 33.860542] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 33.861315] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 33.862042] kunit_try_run_case+0x14c/0x3d0 [ 33.862703] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.863451] kthread+0x24c/0x2d0 [ 33.864672] ret_from_fork+0x10/0x20 [ 33.865223] [ 33.865625] The buggy address belongs to the physical page: [ 33.866424] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106b20 [ 33.867725] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.868673] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.869644] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.870468] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.871921] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.872834] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.873917] head: 0bfffe0000000002 ffffc1ffc31ac801 ffffffffffffffff 0000000000000000 [ 33.875389] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 33.876268] page dumped because: kasan: bad access detected [ 33.877005] [ 33.877411] Memory state around the buggy address: [ 33.878052] fff00000c6b1ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.879290] fff00000c6b1ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.880128] >fff00000c6b20000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.881584] ^ [ 33.882111] fff00000c6b20080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.883400] fff00000c6b20100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.884246] ==================================================================
[ 26.611840] ================================================================== [ 26.613495] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.615708] Free of addr ffff888102930201 by task kunit_try_catch/249 [ 26.616129] [ 26.617077] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 26.618560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.619108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.620887] Call Trace: [ 26.621143] <TASK> [ 26.621512] dump_stack_lvl+0x73/0xb0 [ 26.622390] print_report+0xd1/0x640 [ 26.623461] ? __virt_addr_valid+0x1db/0x2d0 [ 26.623919] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.624540] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.625797] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.626171] kasan_report_invalid_free+0xc0/0xf0 [ 26.627518] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.628746] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.630024] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.630871] check_slab_allocation+0x11f/0x130 [ 26.631956] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.632392] mempool_free+0x2ec/0x380 [ 26.633256] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.634391] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.635280] ? ret_from_fork+0x41/0x80 [ 26.635718] ? kthread+0x257/0x310 [ 26.636584] ? ret_from_fork_asm+0x1a/0x30 [ 26.637000] ? ret_from_fork_asm+0x1a/0x30 [ 26.638375] mempool_kmalloc_invalid_free+0xb1/0x100 [ 26.638754] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.639799] ? __switch_to+0x5d9/0xf60 [ 26.640234] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.640696] ? __pfx_mempool_kfree+0x10/0x10 [ 26.642178] ? __pfx_read_tsc+0x10/0x10 [ 26.642743] ? ktime_get_ts64+0x86/0x230 [ 26.643194] kunit_try_run_case+0x1b3/0x490 [ 26.643644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.644130] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.644623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.646712] ? __kthread_parkme+0x82/0x160 [ 26.648136] ? preempt_count_sub+0x50/0x80 [ 26.648619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.649248] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.650556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.652044] kthread+0x257/0x310 [ 26.652417] ? __pfx_kthread+0x10/0x10 [ 26.652826] ret_from_fork+0x41/0x80 [ 26.653291] ? __pfx_kthread+0x10/0x10 [ 26.653698] ret_from_fork_asm+0x1a/0x30 [ 26.654835] </TASK> [ 26.655074] [ 26.656281] Allocated by task 249: [ 26.656527] kasan_save_stack+0x3d/0x60 [ 26.657724] kasan_save_track+0x18/0x40 [ 26.658241] kasan_save_alloc_info+0x3b/0x50 [ 26.658457] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.659343] remove_element+0x11e/0x190 [ 26.660039] mempool_alloc_preallocated+0x4d/0x90 [ 26.660554] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 26.661062] mempool_kmalloc_invalid_free+0xb1/0x100 [ 26.662089] kunit_try_run_case+0x1b3/0x490 [ 26.662586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.664207] kthread+0x257/0x310 [ 26.664906] ret_from_fork+0x41/0x80 [ 26.665245] ret_from_fork_asm+0x1a/0x30 [ 26.666518] [ 26.666715] The buggy address belongs to the object at ffff888102930200 [ 26.666715] which belongs to the cache kmalloc-128 of size 128 [ 26.669728] The buggy address is located 1 bytes inside of [ 26.669728] 128-byte region [ffff888102930200, ffff888102930280) [ 26.670768] [ 26.671329] The buggy address belongs to the physical page: [ 26.673099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102930 [ 26.673826] flags: 0x200000000000000(node=0|zone=2) [ 26.674404] page_type: f5(slab) [ 26.674812] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.675772] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.678495] page dumped because: kasan: bad access detected [ 26.679564] [ 26.679761] Memory state around the buggy address: [ 26.681141] ffff888102930100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.682609] ffff888102930180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.683112] >ffff888102930200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.684144] ^ [ 26.684498] ffff888102930280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.686187] ffff888102930300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.686855] ================================================================== [ 26.696273] ================================================================== [ 26.697622] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.698436] Free of addr ffff888102994001 by task kunit_try_catch/251 [ 26.700241] [ 26.701890] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 26.703644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.704060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.705024] Call Trace: [ 26.706149] <TASK> [ 26.706371] dump_stack_lvl+0x73/0xb0 [ 26.706785] print_report+0xd1/0x640 [ 26.707095] ? __virt_addr_valid+0x1db/0x2d0 [ 26.707697] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.708688] ? kasan_addr_to_slab+0x11/0xa0 [ 26.709228] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.710975] kasan_report_invalid_free+0xc0/0xf0 [ 26.711553] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.712470] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.712907] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.713428] mempool_free+0x2ec/0x380 [ 26.713763] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.715311] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.716185] ? finish_task_switch.isra.0+0x153/0x700 [ 26.717112] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 26.717652] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.719151] ? __switch_to+0x5d9/0xf60 [ 26.719548] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.719832] ? __pfx_mempool_kfree+0x10/0x10 [ 26.720314] ? __pfx_read_tsc+0x10/0x10 [ 26.721918] ? ktime_get_ts64+0x86/0x230 [ 26.722553] kunit_try_run_case+0x1b3/0x490 [ 26.723073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.724013] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.724979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.725817] ? __kthread_parkme+0x82/0x160 [ 26.726754] ? preempt_count_sub+0x50/0x80 [ 26.728038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.728559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.729244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.729957] kthread+0x257/0x310 [ 26.731137] ? __pfx_kthread+0x10/0x10 [ 26.731690] ret_from_fork+0x41/0x80 [ 26.732175] ? __pfx_kthread+0x10/0x10 [ 26.732594] ret_from_fork_asm+0x1a/0x30 [ 26.734436] </TASK> [ 26.734743] [ 26.734948] The buggy address belongs to the physical page: [ 26.735721] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994 [ 26.736260] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.737651] flags: 0x200000000000040(head|node=0|zone=2) [ 26.739039] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.740094] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.740827] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.743103] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.744088] head: 0200000000000002 ffffea00040a6501 ffffffffffffffff 0000000000000000 [ 26.744830] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 26.745258] page dumped because: kasan: bad access detected [ 26.746908] [ 26.747171] Memory state around the buggy address: [ 26.748269] ffff888102993f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.749277] ffff888102993f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.750655] >ffff888102994000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.751448] ^ [ 26.752794] ffff888102994080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.753810] ffff888102994100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.754988] ==================================================================