Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 60.927276] ================================================================== [ 60.938873] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x200/0x4c0 [ 60.945892] Free of addr cc234001 by task kunit_try_catch/267 [ 60.951660] [ 60.953186] CPU: 1 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 60.953216] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 60.953216] Hardware name: Generic DRA74X (Flattened Device Tree) [ 60.953216] Call trace: [ 60.953247] unwind_backtrace from show_stack+0x18/0x1c [ 60.953277] show_stack from dump_stack_lvl+0x70/0x90 [ 60.953308] dump_stack_lvl from print_report+0x158/0x528 [ 60.953308] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 60.953338] kasan_report_invalid_free from check_slab_allocation+0xd0/0xd8 [ 60.953369] check_slab_allocation from kmem_cache_free+0x1c0/0x470 [ 60.953399] kmem_cache_free from kmem_cache_invalid_free+0x200/0x4c0 [ 60.953430] kmem_cache_invalid_free from kunit_try_run_case+0x22c/0x5a8 [ 60.953460] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.953491] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 60.953491] kthread from ret_from_fork+0x14/0x20 [ 60.953521] Exception stack(0xf256bfb0 to 0xf256bff8) [ 60.953552] bfa0: 00000000 00000000 00000000 00000000 [ 60.953552] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 60.953582] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 60.953582] [ 61.074096] Allocated by task 267: [ 61.077545] kasan_save_track+0x30/0x5c [ 61.081390] __kasan_slab_alloc+0x60/0x68 [ 61.085449] kmem_cache_alloc_noprof+0x17c/0x36c [ 61.090087] kmem_cache_invalid_free+0x16c/0x4c0 [ 61.094757] kunit_try_run_case+0x22c/0x5a8 [ 61.098968] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 61.104492] kthread+0x464/0x810 [ 61.107757] ret_from_fork+0x14/0x20 [ 61.111358] [ 61.112854] The buggy address belongs to the object at cc234000 [ 61.112854] which belongs to the cache test_cache of size 200 [ 61.124694] The buggy address is located 1 bytes inside of [ 61.124694] 200-byte region [cc234000, cc2340c8) [ 61.134918] [ 61.136413] The buggy address belongs to the physical page: [ 61.142028] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c234 [ 61.149291] flags: 0x0(zone=0) [ 61.152374] page_type: f5(slab) [ 61.155548] raw: 00000000 cc22f200 00000122 00000000 00000000 800f000f f5000000 00000000 [ 61.163696] raw: 00000000 [ 61.166351] page dumped because: kasan: bad access detected [ 61.171936] [ 61.173461] Memory state around the buggy address: [ 61.178283] cc233f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.184844] cc233f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.191406] >cc234000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.197998] ^ [ 61.200531] cc234080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 61.207122] cc234100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.213684] ==================================================================
[ 33.393413] ================================================================== [ 33.404943] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 33.411930] Free of addr ffff888106ce4001 by task kunit_try_catch/254 [ 33.418370] [ 33.419871] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 33.419879] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.419882] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 33.419885] Call Trace: [ 33.419887] <TASK> [ 33.419889] dump_stack_lvl+0x73/0xb0 [ 33.419893] print_report+0xd1/0x650 [ 33.419898] ? __virt_addr_valid+0x1db/0x2d0 [ 33.419902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.419907] ? kmem_cache_invalid_free+0x1d8/0x460 [ 33.419910] kasan_report_invalid_free+0x10a/0x130 [ 33.419915] ? kmem_cache_invalid_free+0x1d8/0x460 [ 33.419919] ? kmem_cache_invalid_free+0x1d8/0x460 [ 33.419923] check_slab_allocation+0x11f/0x130 [ 33.419927] __kasan_slab_pre_free+0x28/0x40 [ 33.419931] kmem_cache_free+0xed/0x420 [ 33.419935] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 33.419939] ? kmem_cache_invalid_free+0x1d8/0x460 [ 33.419943] kmem_cache_invalid_free+0x1d8/0x460 [ 33.419947] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 33.419950] ? finish_task_switch.isra.0+0x153/0x700 [ 33.419955] ? __switch_to+0x5d9/0xf60 [ 33.419960] ? dequeue_task_fair+0x166/0x4e0 [ 33.419965] ? ktime_get_ts64+0x83/0x230 [ 33.419970] kunit_try_run_case+0x1a2/0x480 [ 33.419974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.419978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.419984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.419988] ? __kthread_parkme+0x82/0x180 [ 33.419993] ? preempt_count_sub+0x50/0x80 [ 33.419997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.420002] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 33.420006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.420010] kthread+0x334/0x6f0 [ 33.420014] ? trace_preempt_on+0x20/0xc0 [ 33.420019] ? __pfx_kthread+0x10/0x10 [ 33.420023] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.420027] ? calculate_sigpending+0x7b/0xa0 [ 33.420031] ? __pfx_kthread+0x10/0x10 [ 33.420035] ret_from_fork+0x3e/0x80 [ 33.420040] ? __pfx_kthread+0x10/0x10 [ 33.420044] ret_from_fork_asm+0x1a/0x30 [ 33.420050] </TASK> [ 33.420052] [ 33.613109] Allocated by task 254: [ 33.616515] kasan_save_stack+0x45/0x70 [ 33.620362] kasan_save_track+0x18/0x40 [ 33.624201] kasan_save_alloc_info+0x3b/0x50 [ 33.628475] __kasan_slab_alloc+0x91/0xa0 [ 33.632494] kmem_cache_alloc_noprof+0x123/0x3f0 [ 33.637115] kmem_cache_invalid_free+0x157/0x460 [ 33.641761] kunit_try_run_case+0x1a2/0x480 [ 33.645954] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 33.651360] kthread+0x334/0x6f0 [ 33.654594] ret_from_fork+0x3e/0x80 [ 33.658174] ret_from_fork_asm+0x1a/0x30 [ 33.662099] [ 33.663598] The buggy address belongs to the object at ffff888106ce4000 [ 33.663598] which belongs to the cache test_cache of size 200 [ 33.676025] The buggy address is located 1 bytes inside of [ 33.676025] 200-byte region [ffff888106ce4000, ffff888106ce40c8) [ 33.687586] [ 33.689084] The buggy address belongs to the physical page: [ 33.694657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106ce4 [ 33.702707] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.710378] flags: 0x200000000000040(head|node=0|zone=2) [ 33.715704] page_type: f5(slab) [ 33.718898] raw: 0200000000000040 ffff888100ac7400 dead000000000122 0000000000000000 [ 33.726637] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.734377] head: 0200000000000040 ffff888100ac7400 dead000000000122 0000000000000000 [ 33.742210] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.750038] head: 0200000000000001 ffffea00041b3901 00000000ffffffff 00000000ffffffff [ 33.757871] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 33.765717] page dumped because: kasan: bad access detected [ 33.771319] [ 33.772819] Memory state around the buggy address: [ 33.777613] ffff888106ce3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.784832] ffff888106ce3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.792049] >ffff888106ce4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.799269] ^ [ 33.802503] ffff888106ce4080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 33.809760] ffff888106ce4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.816981] ==================================================================