Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 18.602643] ================================================================== [ 18.602740] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 18.602823] Free of addr fff00000c62b6001 by task kunit_try_catch/213 [ 18.602885] [ 18.602951] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 18.603041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.603068] Hardware name: linux,dummy-virt (DT) [ 18.603103] Call trace: [ 18.603132] show_stack+0x20/0x38 (C) [ 18.603239] dump_stack_lvl+0x8c/0xd0 [ 18.603319] print_report+0x118/0x608 [ 18.603422] kasan_report_invalid_free+0xc0/0xe8 [ 18.603472] check_slab_allocation+0xfc/0x108 [ 18.603517] __kasan_slab_pre_free+0x2c/0x48 [ 18.603578] kmem_cache_free+0xf0/0x470 [ 18.603635] kmem_cache_invalid_free+0x184/0x3c8 [ 18.603699] kunit_try_run_case+0x170/0x3f0 [ 18.603752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.603806] kthread+0x328/0x630 [ 18.603878] ret_from_fork+0x10/0x20 [ 18.603931] [ 18.603949] Allocated by task 213: [ 18.604060] kasan_save_stack+0x3c/0x68 [ 18.604121] kasan_save_track+0x20/0x40 [ 18.604174] kasan_save_alloc_info+0x40/0x58 [ 18.604318] __kasan_slab_alloc+0xa8/0xb0 [ 18.604358] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 18.604409] kmem_cache_invalid_free+0x12c/0x3c8 [ 18.604501] kunit_try_run_case+0x170/0x3f0 [ 18.604564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.604609] kthread+0x328/0x630 [ 18.604643] ret_from_fork+0x10/0x20 [ 18.604678] [ 18.604709] The buggy address belongs to the object at fff00000c62b6000 [ 18.604709] which belongs to the cache test_cache of size 200 [ 18.604779] The buggy address is located 1 bytes inside of [ 18.604779] 200-byte region [fff00000c62b6000, fff00000c62b60c8) [ 18.604918] [ 18.604951] The buggy address belongs to the physical page: [ 18.605011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062b6 [ 18.605157] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.605214] page_type: f5(slab) [ 18.605259] raw: 0bfffe0000000000 fff00000c1288640 dead000000000122 0000000000000000 [ 18.605308] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.605349] page dumped because: kasan: bad access detected [ 18.605378] [ 18.605410] Memory state around the buggy address: [ 18.605446] fff00000c62b5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.605500] fff00000c62b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.605565] >fff00000c62b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.605606] ^ [ 18.605709] fff00000c62b6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 18.605753] fff00000c62b6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.605813] ==================================================================
[ 19.365994] ================================================================== [ 19.366817] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 19.367884] Free of addr ffff8881031b3001 by task kunit_try_catch/231 [ 19.368340] [ 19.369454] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 19.369670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.369707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.369768] Call Trace: [ 19.369805] <TASK> [ 19.369855] dump_stack_lvl+0x73/0xb0 [ 19.369939] print_report+0xd1/0x650 [ 19.370010] ? __virt_addr_valid+0x1db/0x2d0 [ 19.370064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.370098] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.370129] kasan_report_invalid_free+0x10a/0x130 [ 19.370164] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.370197] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.370225] check_slab_allocation+0x11f/0x130 [ 19.370257] __kasan_slab_pre_free+0x28/0x40 [ 19.370288] kmem_cache_free+0xed/0x420 [ 19.370318] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.370349] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.370382] kmem_cache_invalid_free+0x1d8/0x460 [ 19.370411] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 19.370456] ? finish_task_switch.isra.0+0x153/0x700 [ 19.370550] ? __switch_to+0x5d9/0xf60 [ 19.370616] ? dequeue_task_fair+0x166/0x4e0 [ 19.370701] ? __pfx_read_tsc+0x10/0x10 [ 19.370765] ? ktime_get_ts64+0x86/0x230 [ 19.370805] kunit_try_run_case+0x1a5/0x480 [ 19.370844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.370875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.370911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.370946] ? __kthread_parkme+0x82/0x180 [ 19.370977] ? preempt_count_sub+0x50/0x80 [ 19.371011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.371043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.371074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.371107] kthread+0x337/0x6f0 [ 19.371137] ? trace_preempt_on+0x20/0xc0 [ 19.371171] ? __pfx_kthread+0x10/0x10 [ 19.371203] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.371234] ? calculate_sigpending+0x7b/0xa0 [ 19.371264] ? __pfx_kthread+0x10/0x10 [ 19.371296] ret_from_fork+0x41/0x80 [ 19.371325] ? __pfx_kthread+0x10/0x10 [ 19.371356] ret_from_fork_asm+0x1a/0x30 [ 19.371400] </TASK> [ 19.371414] [ 19.394749] Allocated by task 231: [ 19.394965] kasan_save_stack+0x45/0x70 [ 19.395148] kasan_save_track+0x18/0x40 [ 19.395301] kasan_save_alloc_info+0x3b/0x50 [ 19.395548] __kasan_slab_alloc+0x91/0xa0 [ 19.396211] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.397209] kmem_cache_invalid_free+0x157/0x460 [ 19.398062] kunit_try_run_case+0x1a5/0x480 [ 19.398921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.399863] kthread+0x337/0x6f0 [ 19.400182] ret_from_fork+0x41/0x80 [ 19.400905] ret_from_fork_asm+0x1a/0x30 [ 19.401294] [ 19.402018] The buggy address belongs to the object at ffff8881031b3000 [ 19.402018] which belongs to the cache test_cache of size 200 [ 19.403702] The buggy address is located 1 bytes inside of [ 19.403702] 200-byte region [ffff8881031b3000, ffff8881031b30c8) [ 19.405088] [ 19.405250] The buggy address belongs to the physical page: [ 19.405637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031b3 [ 19.406541] flags: 0x200000000000000(node=0|zone=2) [ 19.407418] page_type: f5(slab) [ 19.408646] raw: 0200000000000000 ffff8881016928c0 dead000000000122 0000000000000000 [ 19.409215] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.410996] page dumped because: kasan: bad access detected [ 19.411295] [ 19.411871] Memory state around the buggy address: [ 19.412192] ffff8881031b2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.412666] ffff8881031b2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.413121] >ffff8881031b3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.413481] ^ [ 19.416050] ffff8881031b3080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 19.417080] ffff8881031b3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.417571] ==================================================================
[ 20.511270] ================================================================== [ 20.512366] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 20.513036] Free of addr ffff00000c882001 by task kunit_try_catch/269 [ 20.513633] [ 20.513799] CPU: 3 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.513849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.513864] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.513882] Call trace: [ 20.513894] show_stack+0x20/0x38 (C) [ 20.513927] dump_stack_lvl+0x8c/0xd0 [ 20.513958] print_report+0x118/0x608 [ 20.513988] kasan_report_invalid_free+0xc0/0xe8 [ 20.514020] check_slab_allocation+0xfc/0x108 [ 20.514049] __kasan_slab_pre_free+0x2c/0x48 [ 20.514079] kmem_cache_free+0xf0/0x470 [ 20.514108] kmem_cache_invalid_free+0x184/0x3c8 [ 20.514144] kunit_try_run_case+0x170/0x3f0 [ 20.514181] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.514220] kthread+0x328/0x630 [ 20.514254] ret_from_fork+0x10/0x20 [ 20.514287] [ 20.520683] Allocated by task 269: [ 20.521008] kasan_save_stack+0x3c/0x68 [ 20.521381] kasan_save_track+0x20/0x40 [ 20.521752] kasan_save_alloc_info+0x40/0x58 [ 20.522165] __kasan_slab_alloc+0xa8/0xb0 [ 20.522551] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 20.522994] kmem_cache_invalid_free+0x12c/0x3c8 [ 20.523440] kunit_try_run_case+0x170/0x3f0 [ 20.523847] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.524371] kthread+0x328/0x630 [ 20.524694] ret_from_fork+0x10/0x20 [ 20.525044] [ 20.525197] The buggy address belongs to the object at ffff00000c882000 [ 20.525197] which belongs to the cache test_cache of size 200 [ 20.526322] The buggy address is located 1 bytes inside of [ 20.526322] 200-byte region [ffff00000c882000, ffff00000c8820c8) [ 20.527373] [ 20.527526] The buggy address belongs to the physical page: [ 20.528043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc882 [ 20.528768] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.529474] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.530128] page_type: f5(slab) [ 20.530442] raw: 03fffe0000000040 ffff00000ca9e140 dead000000000122 0000000000000000 [ 20.531158] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 20.531874] head: 03fffe0000000040 ffff00000ca9e140 dead000000000122 0000000000000000 [ 20.532598] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 20.533322] head: 03fffe0000000001 fffffdffc0322081 00000000ffffffff 00000000ffffffff [ 20.534045] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.534760] page dumped because: kasan: bad access detected [ 20.535275] [ 20.535428] Memory state around the buggy address: [ 20.535877] ffff00000c881f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.536544] ffff00000c881f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.537210] >ffff00000c882000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.537872] ^ [ 20.538182] ffff00000c882080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 20.538849] ffff00000c882100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.539510] ==================================================================