Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.666005] ================================================================== [ 26.667024] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 26.667927] Free of addr fff00000c1244101 by task kunit_try_catch/229 [ 26.668618] [ 26.668983] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 26.670659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.671192] Hardware name: linux,dummy-virt (DT) [ 26.671801] Call trace: [ 26.672157] show_stack+0x20/0x38 (C) [ 26.672820] dump_stack_lvl+0x8c/0xd0 [ 26.673336] print_report+0x118/0x5e0 [ 26.673897] kasan_report_invalid_free+0xb0/0xd8 [ 26.674512] check_slab_allocation+0xfc/0x108 [ 26.675122] __kasan_mempool_poison_object+0x78/0x150 [ 26.675777] mempool_free+0x28c/0x328 [ 26.676396] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 26.677122] mempool_kmalloc_invalid_free+0xb8/0x110 [ 26.677790] kunit_try_run_case+0x14c/0x3d0 [ 26.678455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.679183] kthread+0x24c/0x2d0 [ 26.679768] ret_from_fork+0x10/0x20 [ 26.680248] [ 26.680574] Allocated by task 229: [ 26.681109] kasan_save_stack+0x3c/0x68 [ 26.681655] kasan_save_track+0x20/0x40 [ 26.682235] kasan_save_alloc_info+0x40/0x58 [ 26.682767] __kasan_mempool_unpoison_object+0x11c/0x180 [ 26.683466] remove_element+0x130/0x1f8 [ 26.684058] mempool_alloc_preallocated+0x58/0xc0 [ 26.684637] mempool_kmalloc_invalid_free_helper+0x94/0x2a0 [ 26.685300] mempool_kmalloc_invalid_free+0xb8/0x110 [ 26.685930] kunit_try_run_case+0x14c/0x3d0 [ 26.686567] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.687226] kthread+0x24c/0x2d0 [ 26.687742] ret_from_fork+0x10/0x20 [ 26.688232] [ 26.688599] The buggy address belongs to the object at fff00000c1244100 [ 26.688599] which belongs to the cache kmalloc-128 of size 128 [ 26.689889] The buggy address is located 1 bytes inside of [ 26.689889] 128-byte region [fff00000c1244100, fff00000c1244180) [ 26.691034] [ 26.691404] The buggy address belongs to the physical page: [ 26.692062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101244 [ 26.693004] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.693712] page_type: f5(slab) [ 26.694231] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.695049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.695930] page dumped because: kasan: bad access detected [ 26.696553] [ 26.696906] Memory state around the buggy address: [ 26.697468] fff00000c1244000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.698230] fff00000c1244080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.698995] >fff00000c1244100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.699785] ^ [ 26.700234] fff00000c1244180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.701007] fff00000c1244200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.701790] ================================================================== [ 26.712862] ================================================================== [ 26.713868] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 26.714659] Free of addr fff00000c658c001 by task kunit_try_catch/231 [ 26.715744] [ 26.716794] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 26.717873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.718457] Hardware name: linux,dummy-virt (DT) [ 26.719302] Call trace: [ 26.719671] show_stack+0x20/0x38 (C) [ 26.720279] dump_stack_lvl+0x8c/0xd0 [ 26.720886] print_report+0x118/0x5e0 [ 26.721562] kasan_report_invalid_free+0xb0/0xd8 [ 26.722282] __kasan_mempool_poison_object+0xfc/0x150 [ 26.723050] mempool_free+0x28c/0x328 [ 26.724095] mempool_kmalloc_invalid_free_helper+0x118/0x2a0 [ 26.725060] mempool_kmalloc_large_invalid_free+0xb8/0x110 [ 26.725791] kunit_try_run_case+0x14c/0x3d0 [ 26.726437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.727206] kthread+0x24c/0x2d0 [ 26.728195] ret_from_fork+0x10/0x20 [ 26.728793] [ 26.728943] The buggy address belongs to the physical page: [ 26.729209] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10658c [ 26.729569] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.730179] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 26.731195] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.732524] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.733217] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.733759] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.734922] head: 0bfffe0000000002 ffffc1ffc3196301 ffffffffffffffff 0000000000000000 [ 26.736538] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 26.737529] page dumped because: kasan: bad access detected [ 26.738322] [ 26.738687] Memory state around the buggy address: [ 26.739265] fff00000c658bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.740514] fff00000c658bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.741152] >fff00000c658c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.742184] ^ [ 26.742752] fff00000c658c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.743931] fff00000c658c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.744668] ==================================================================
[ 26.971548] ================================================================== [ 26.972820] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.973474] Free of addr ffff888102414b01 by task kunit_try_catch/248 [ 26.974391] [ 26.974823] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 26.975962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.976708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.977731] Call Trace: [ 26.978032] <TASK> [ 26.978330] dump_stack_lvl+0x73/0xb0 [ 26.978757] print_report+0xd1/0x640 [ 26.979155] ? __virt_addr_valid+0x1db/0x2d0 [ 26.980036] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.980842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.981595] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.982456] kasan_report_invalid_free+0xc0/0xf0 [ 26.983042] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.983891] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.984632] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.985457] check_slab_allocation+0x11f/0x130 [ 26.986052] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.986937] mempool_free+0x2ec/0x380 [ 26.987619] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 26.988374] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.989085] ? finish_task_switch.isra.0+0x153/0x700 [ 26.990107] mempool_kmalloc_invalid_free+0xb1/0x100 [ 26.990915] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.991707] ? __switch_to+0x5d9/0xf60 [ 26.992380] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.993208] ? __pfx_mempool_kfree+0x10/0x10 [ 26.993851] ? __pfx_read_tsc+0x10/0x10 [ 26.994765] ? ktime_get_ts64+0x86/0x230 [ 26.995268] kunit_try_run_case+0x1b3/0x490 [ 26.996502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.997142] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.998031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.998862] ? __kthread_parkme+0x82/0x160 [ 26.999609] ? preempt_count_sub+0x50/0x80 [ 27.000482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.000923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.001702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.003306] kthread+0x257/0x310 [ 27.003683] ? __pfx_kthread+0x10/0x10 [ 27.004662] ret_from_fork+0x41/0x80 [ 27.005121] ? __pfx_kthread+0x10/0x10 [ 27.005740] ret_from_fork_asm+0x1a/0x30 [ 27.006968] </TASK> [ 27.007307] [ 27.007502] Allocated by task 248: [ 27.008089] kasan_save_stack+0x3d/0x60 [ 27.008676] kasan_save_track+0x18/0x40 [ 27.009601] kasan_save_alloc_info+0x3b/0x50 [ 27.009886] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.011067] remove_element+0x11e/0x190 [ 27.011701] mempool_alloc_preallocated+0x4d/0x90 [ 27.012904] mempool_kmalloc_invalid_free_helper+0x84/0x2e0 [ 27.013784] mempool_kmalloc_invalid_free+0xb1/0x100 [ 27.014990] kunit_try_run_case+0x1b3/0x490 [ 27.015749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.017070] kthread+0x257/0x310 [ 27.017481] ret_from_fork+0x41/0x80 [ 27.018099] ret_from_fork_asm+0x1a/0x30 [ 27.019015] [ 27.019367] The buggy address belongs to the object at ffff888102414b00 [ 27.019367] which belongs to the cache kmalloc-128 of size 128 [ 27.020512] The buggy address is located 1 bytes inside of [ 27.020512] 128-byte region [ffff888102414b00, ffff888102414b80) [ 27.021720] [ 27.021983] The buggy address belongs to the physical page: [ 27.022752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102414 [ 27.024008] flags: 0x200000000000000(node=0|zone=2) [ 27.024577] page_type: f5(slab) [ 27.025444] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.026701] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.027552] page dumped because: kasan: bad access detected [ 27.027775] [ 27.028076] Memory state around the buggy address: [ 27.029420] ffff888102414a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.030711] ffff888102414a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.032202] >ffff888102414b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.033455] ^ [ 27.034424] ffff888102414b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.035169] ffff888102414c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.036106] ================================================================== [ 27.042651] ================================================================== [ 27.044791] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.045580] Free of addr ffff8881023b0001 by task kunit_try_catch/250 [ 27.046709] [ 27.047398] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 27.048158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.048411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.049454] Call Trace: [ 27.049747] <TASK> [ 27.050619] dump_stack_lvl+0x73/0xb0 [ 27.051117] print_report+0xd1/0x640 [ 27.051591] ? __virt_addr_valid+0x1db/0x2d0 [ 27.052588] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.053566] ? kasan_addr_to_slab+0x11/0xa0 [ 27.053960] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.054678] kasan_report_invalid_free+0xc0/0xf0 [ 27.055567] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.056455] ? mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.057366] __kasan_mempool_poison_object+0x102/0x1d0 [ 27.057828] mempool_free+0x2ec/0x380 [ 27.058342] mempool_kmalloc_invalid_free_helper+0x133/0x2e0 [ 27.059060] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.059551] ? irqentry_exit+0x2a/0x60 [ 27.059958] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.060547] mempool_kmalloc_large_invalid_free+0xb1/0x100 [ 27.061097] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.061626] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.062133] ? __pfx_mempool_kfree+0x10/0x10 [ 27.062567] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.063116] kunit_try_run_case+0x1b3/0x490 [ 27.063614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.064134] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.064561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.065089] ? __kthread_parkme+0x82/0x160 [ 27.065596] ? preempt_count_sub+0x50/0x80 [ 27.066102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.066515] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.067220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.067626] kthread+0x257/0x310 [ 27.068131] ? __pfx_kthread+0x10/0x10 [ 27.068554] ret_from_fork+0x41/0x80 [ 27.068873] ? __pfx_kthread+0x10/0x10 [ 27.069339] ret_from_fork_asm+0x1a/0x30 [ 27.069942] </TASK> [ 27.070216] [ 27.070426] The buggy address belongs to the physical page: [ 27.071047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023b0 [ 27.071825] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.072498] flags: 0x200000000000040(head|node=0|zone=2) [ 27.072942] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.073843] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.074404] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.075158] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.076067] head: 0200000000000002 ffffea000408ec01 ffffffffffffffff 0000000000000000 [ 27.076719] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 27.077310] page dumped because: kasan: bad access detected [ 27.077922] [ 27.078154] Memory state around the buggy address: [ 27.078576] ffff8881023aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.079165] ffff8881023aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.079944] >ffff8881023b0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.080605] ^ [ 27.080942] ffff8881023b0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.081504] ffff8881023b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.082218] ==================================================================