Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.647525] ================================================================== [ 16.647826] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 16.648296] Free of addr fff00000c7045001 by task kunit_try_catch/212 [ 16.648551] [ 16.648667] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.648758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.648786] Hardware name: linux,dummy-virt (DT) [ 16.649246] Call trace: [ 16.649304] show_stack+0x20/0x38 (C) [ 16.649437] dump_stack_lvl+0x8c/0xd0 [ 16.649549] print_report+0x118/0x5d0 [ 16.649691] kasan_report_invalid_free+0xc0/0xe8 [ 16.649752] check_slab_allocation+0xfc/0x108 [ 16.649988] __kasan_slab_pre_free+0x2c/0x48 [ 16.650186] kmem_cache_free+0xf0/0x468 [ 16.650331] kmem_cache_invalid_free+0x184/0x3c8 [ 16.650411] kunit_try_run_case+0x170/0x3f0 [ 16.650560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.650781] kthread+0x328/0x630 [ 16.650913] ret_from_fork+0x10/0x20 [ 16.651170] [ 16.651262] Allocated by task 212: [ 16.651311] kasan_save_stack+0x3c/0x68 [ 16.651486] kasan_save_track+0x20/0x40 [ 16.651553] kasan_save_alloc_info+0x40/0x58 [ 16.651602] __kasan_slab_alloc+0xa8/0xb0 [ 16.651871] kmem_cache_alloc_noprof+0x10c/0x398 [ 16.651987] kmem_cache_invalid_free+0x12c/0x3c8 [ 16.652124] kunit_try_run_case+0x170/0x3f0 [ 16.652256] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.652323] kthread+0x328/0x630 [ 16.652384] ret_from_fork+0x10/0x20 [ 16.652448] [ 16.652565] The buggy address belongs to the object at fff00000c7045000 [ 16.652565] which belongs to the cache test_cache of size 200 [ 16.652651] The buggy address is located 1 bytes inside of [ 16.652651] 200-byte region [fff00000c7045000, fff00000c70450c8) [ 16.653078] [ 16.653139] The buggy address belongs to the physical page: [ 16.653235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107045 [ 16.653371] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.653458] page_type: f5(slab) [ 16.653613] raw: 0bfffe0000000000 fff00000c708c280 dead000000000122 0000000000000000 [ 16.653672] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 16.654051] page dumped because: kasan: bad access detected [ 16.654109] [ 16.654168] Memory state around the buggy address: [ 16.654891] fff00000c7044f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.654978] fff00000c7044f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.655069] >fff00000c7045000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.655115] ^ [ 16.655142] fff00000c7045080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 16.655216] fff00000c7045100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.655294] ==================================================================
[ 17.321687] ================================================================== [ 17.321752] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 17.321815] Free of addr fff00000c5ad1001 by task kunit_try_catch/212 [ 17.321869] [ 17.322053] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.322534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.322799] Hardware name: linux,dummy-virt (DT) [ 17.323098] Call trace: [ 17.323536] show_stack+0x20/0x38 (C) [ 17.323602] dump_stack_lvl+0x8c/0xd0 [ 17.323651] print_report+0x118/0x5d0 [ 17.323698] kasan_report_invalid_free+0xc0/0xe8 [ 17.323921] check_slab_allocation+0xfc/0x108 [ 17.324136] __kasan_slab_pre_free+0x2c/0x48 [ 17.324193] kmem_cache_free+0xf0/0x468 [ 17.324244] kmem_cache_invalid_free+0x184/0x3c8 [ 17.324291] kunit_try_run_case+0x170/0x3f0 [ 17.324627] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.324737] kthread+0x328/0x630 [ 17.324872] ret_from_fork+0x10/0x20 [ 17.325093] [ 17.325113] Allocated by task 212: [ 17.325153] kasan_save_stack+0x3c/0x68 [ 17.325258] kasan_save_track+0x20/0x40 [ 17.325399] kasan_save_alloc_info+0x40/0x58 [ 17.325438] __kasan_slab_alloc+0xa8/0xb0 [ 17.325476] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.325522] kmem_cache_invalid_free+0x12c/0x3c8 [ 17.325702] kunit_try_run_case+0x170/0x3f0 [ 17.325760] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.325837] kthread+0x328/0x630 [ 17.325907] ret_from_fork+0x10/0x20 [ 17.325986] [ 17.326096] The buggy address belongs to the object at fff00000c5ad1000 [ 17.326096] which belongs to the cache test_cache of size 200 [ 17.326199] The buggy address is located 1 bytes inside of [ 17.326199] 200-byte region [fff00000c5ad1000, fff00000c5ad10c8) [ 17.326260] [ 17.326281] The buggy address belongs to the physical page: [ 17.326314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ad1 [ 17.326372] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.326421] page_type: f5(slab) [ 17.326649] raw: 0bfffe0000000000 fff00000c472aa00 dead000000000122 0000000000000000 [ 17.326880] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.326933] page dumped because: kasan: bad access detected [ 17.326967] [ 17.327229] Memory state around the buggy address: [ 17.327336] fff00000c5ad0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.327482] fff00000c5ad0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.327527] >fff00000c5ad1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.327566] ^ [ 17.327595] fff00000c5ad1080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 17.327638] fff00000c5ad1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.327805] ==================================================================
[ 13.396292] ================================================================== [ 13.397915] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.398167] Free of addr ffff88810343c001 by task kunit_try_catch/228 [ 13.398367] [ 13.398493] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.398541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.398552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.398575] Call Trace: [ 13.398588] <TASK> [ 13.398605] dump_stack_lvl+0x73/0xb0 [ 13.398636] print_report+0xd1/0x610 [ 13.398659] ? __virt_addr_valid+0x1db/0x2d0 [ 13.398684] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.398708] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.398734] kasan_report_invalid_free+0x10a/0x130 [ 13.398771] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.398799] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.398824] check_slab_allocation+0x11f/0x130 [ 13.398846] __kasan_slab_pre_free+0x28/0x40 [ 13.398868] kmem_cache_free+0xed/0x420 [ 13.398889] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.398910] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.398937] kmem_cache_invalid_free+0x1d8/0x460 [ 13.398962] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.398987] ? finish_task_switch.isra.0+0x153/0x700 [ 13.399012] ? __switch_to+0x47/0xf50 [ 13.399040] ? __pfx_read_tsc+0x10/0x10 [ 13.399062] ? ktime_get_ts64+0x86/0x230 [ 13.399088] kunit_try_run_case+0x1a5/0x480 [ 13.399115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.399138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.399163] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.399187] ? __kthread_parkme+0x82/0x180 [ 13.399209] ? preempt_count_sub+0x50/0x80 [ 13.399232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.399256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.399281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.399306] kthread+0x337/0x6f0 [ 13.399325] ? trace_preempt_on+0x20/0xc0 [ 13.399349] ? __pfx_kthread+0x10/0x10 [ 13.399370] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.399391] ? calculate_sigpending+0x7b/0xa0 [ 13.399808] ? __pfx_kthread+0x10/0x10 [ 13.399837] ret_from_fork+0x116/0x1d0 [ 13.399859] ? __pfx_kthread+0x10/0x10 [ 13.399879] ret_from_fork_asm+0x1a/0x30 [ 13.399912] </TASK> [ 13.399923] [ 13.416006] Allocated by task 228: [ 13.416208] kasan_save_stack+0x45/0x70 [ 13.416418] kasan_save_track+0x18/0x40 [ 13.417203] kasan_save_alloc_info+0x3b/0x50 [ 13.417381] __kasan_slab_alloc+0x91/0xa0 [ 13.417859] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.418195] kmem_cache_invalid_free+0x157/0x460 [ 13.418570] kunit_try_run_case+0x1a5/0x480 [ 13.418963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.419309] kthread+0x337/0x6f0 [ 13.419645] ret_from_fork+0x116/0x1d0 [ 13.419831] ret_from_fork_asm+0x1a/0x30 [ 13.420024] [ 13.420103] The buggy address belongs to the object at ffff88810343c000 [ 13.420103] which belongs to the cache test_cache of size 200 [ 13.421221] The buggy address is located 1 bytes inside of [ 13.421221] 200-byte region [ffff88810343c000, ffff88810343c0c8) [ 13.421949] [ 13.422044] The buggy address belongs to the physical page: [ 13.422437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10343c [ 13.423017] flags: 0x200000000000000(node=0|zone=2) [ 13.423416] page_type: f5(slab) [ 13.423584] raw: 0200000000000000 ffff888101a22280 dead000000000122 0000000000000000 [ 13.423973] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.424314] page dumped because: kasan: bad access detected [ 13.424904] [ 13.424989] Memory state around the buggy address: [ 13.425373] ffff88810343bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.425876] ffff88810343bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.426289] >ffff88810343c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.426846] ^ [ 13.426972] ffff88810343c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.427331] ffff88810343c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.427885] ==================================================================
[ 13.587335] ================================================================== [ 13.588008] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.588846] Free of addr ffff888102b4a001 by task kunit_try_catch/229 [ 13.589335] [ 13.589428] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.589473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.589484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.589505] Call Trace: [ 13.589517] <TASK> [ 13.589533] dump_stack_lvl+0x73/0xb0 [ 13.589566] print_report+0xd1/0x610 [ 13.589590] ? __virt_addr_valid+0x1db/0x2d0 [ 13.589616] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.589649] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.589676] kasan_report_invalid_free+0x10a/0x130 [ 13.589702] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.589729] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.589755] check_slab_allocation+0x11f/0x130 [ 13.589777] __kasan_slab_pre_free+0x28/0x40 [ 13.589832] kmem_cache_free+0xed/0x420 [ 13.589853] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.589875] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.589910] kmem_cache_invalid_free+0x1d8/0x460 [ 13.589936] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.589961] ? finish_task_switch.isra.0+0x153/0x700 [ 13.589986] ? __switch_to+0x47/0xf50 [ 13.590015] ? __pfx_read_tsc+0x10/0x10 [ 13.590036] ? ktime_get_ts64+0x86/0x230 [ 13.590072] kunit_try_run_case+0x1a5/0x480 [ 13.590097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.590136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.590160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.590184] ? __kthread_parkme+0x82/0x180 [ 13.590205] ? preempt_count_sub+0x50/0x80 [ 13.590229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.590253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.590277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.590303] kthread+0x337/0x6f0 [ 13.590322] ? trace_preempt_on+0x20/0xc0 [ 13.590346] ? __pfx_kthread+0x10/0x10 [ 13.590367] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.590389] ? calculate_sigpending+0x7b/0xa0 [ 13.590414] ? __pfx_kthread+0x10/0x10 [ 13.590435] ret_from_fork+0x116/0x1d0 [ 13.590454] ? __pfx_kthread+0x10/0x10 [ 13.590475] ret_from_fork_asm+0x1a/0x30 [ 13.590505] </TASK> [ 13.590515] [ 13.605784] Allocated by task 229: [ 13.606213] kasan_save_stack+0x45/0x70 [ 13.606614] kasan_save_track+0x18/0x40 [ 13.607036] kasan_save_alloc_info+0x3b/0x50 [ 13.607514] __kasan_slab_alloc+0x91/0xa0 [ 13.607713] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.608251] kmem_cache_invalid_free+0x157/0x460 [ 13.608664] kunit_try_run_case+0x1a5/0x480 [ 13.608948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.609208] kthread+0x337/0x6f0 [ 13.609329] ret_from_fork+0x116/0x1d0 [ 13.609461] ret_from_fork_asm+0x1a/0x30 [ 13.609598] [ 13.609734] The buggy address belongs to the object at ffff888102b4a000 [ 13.609734] which belongs to the cache test_cache of size 200 [ 13.611082] The buggy address is located 1 bytes inside of [ 13.611082] 200-byte region [ffff888102b4a000, ffff888102b4a0c8) [ 13.612220] [ 13.612422] The buggy address belongs to the physical page: [ 13.612730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4a [ 13.614035] flags: 0x200000000000000(node=0|zone=2) [ 13.614230] page_type: f5(slab) [ 13.614351] raw: 0200000000000000 ffff888101b19a00 dead000000000122 0000000000000000 [ 13.614572] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.614792] page dumped because: kasan: bad access detected [ 13.614958] [ 13.615028] Memory state around the buggy address: [ 13.615387] ffff888102b49f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.616092] ffff888102b49f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.617877] >ffff888102b4a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.619021] ^ [ 13.619394] ffff888102b4a080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.620296] ffff888102b4a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.620530] ==================================================================