Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.332997] ================================================================== [ 16.334637] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 16.334998] Free of addr fff00000c65a0001 by task kunit_try_catch/150 [ 16.335361] [ 16.335690] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.335781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.336321] Hardware name: linux,dummy-virt (DT) [ 16.336363] Call trace: [ 16.336773] show_stack+0x20/0x38 (C) [ 16.337019] dump_stack_lvl+0x8c/0xd0 [ 16.337117] print_report+0x118/0x5d0 [ 16.337164] kasan_report_invalid_free+0xc0/0xe8 [ 16.337220] __kasan_kfree_large+0x5c/0xa8 [ 16.337351] free_large_kmalloc+0x64/0x190 [ 16.337396] kfree+0x270/0x3c8 [ 16.337438] kmalloc_large_invalid_free+0x108/0x270 [ 16.337485] kunit_try_run_case+0x170/0x3f0 [ 16.337532] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.337583] kthread+0x328/0x630 [ 16.337625] ret_from_fork+0x10/0x20 [ 16.338494] [ 16.338526] The buggy address belongs to the physical page: [ 16.338571] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0 [ 16.338856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.338977] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.339117] page_type: f8(unknown) [ 16.339342] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.339778] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.340089] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.340369] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.340498] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff [ 16.340713] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.340798] page dumped because: kasan: bad access detected [ 16.341068] [ 16.341094] Memory state around the buggy address: [ 16.341225] fff00000c659ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.341356] fff00000c659ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.341633] >fff00000c65a0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.341812] ^ [ 16.342136] fff00000c65a0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.342367] fff00000c65a0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.342419] ==================================================================
[ 16.390269] ================================================================== [ 16.390372] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 16.390455] Free of addr fff00000c5fd8001 by task kunit_try_catch/150 [ 16.390536] [ 16.390582] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.390676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.390702] Hardware name: linux,dummy-virt (DT) [ 16.390732] Call trace: [ 16.390755] show_stack+0x20/0x38 (C) [ 16.390803] dump_stack_lvl+0x8c/0xd0 [ 16.390850] print_report+0x118/0x5d0 [ 16.391166] kasan_report_invalid_free+0xc0/0xe8 [ 16.391284] __kasan_kfree_large+0x5c/0xa8 [ 16.391393] free_large_kmalloc+0x64/0x190 [ 16.391487] kfree+0x270/0x3c8 [ 16.391540] kmalloc_large_invalid_free+0x108/0x270 [ 16.391721] kunit_try_run_case+0x170/0x3f0 [ 16.391871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.392035] kthread+0x328/0x630 [ 16.392179] ret_from_fork+0x10/0x20 [ 16.392256] [ 16.392277] The buggy address belongs to the physical page: [ 16.392315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fd8 [ 16.392368] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.392418] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.392468] page_type: f8(unknown) [ 16.392522] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.392580] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.392941] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.393167] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.393260] head: 0bfffe0000000002 ffffc1ffc317f601 00000000ffffffff 00000000ffffffff [ 16.393342] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.393468] page dumped because: kasan: bad access detected [ 16.393556] [ 16.393607] Memory state around the buggy address: [ 16.393898] fff00000c5fd7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.393940] fff00000c5fd7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.393982] >fff00000c5fd8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.394019] ^ [ 16.394046] fff00000c5fd8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.394087] fff00000c5fd8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.394135] ==================================================================
[ 12.218914] ================================================================== [ 12.219752] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 12.220122] Free of addr ffff8881038cc001 by task kunit_try_catch/168 [ 12.220376] [ 12.220504] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.220547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.220558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.220578] Call Trace: [ 12.220590] <TASK> [ 12.220605] dump_stack_lvl+0x73/0xb0 [ 12.220634] print_report+0xd1/0x610 [ 12.220657] ? __virt_addr_valid+0x1db/0x2d0 [ 12.220684] ? kasan_addr_to_slab+0x11/0xa0 [ 12.220705] ? kfree+0x274/0x3f0 [ 12.220726] kasan_report_invalid_free+0x10a/0x130 [ 12.220750] ? kfree+0x274/0x3f0 [ 12.220773] ? kfree+0x274/0x3f0 [ 12.220793] __kasan_kfree_large+0x86/0xd0 [ 12.220814] free_large_kmalloc+0x4b/0x110 [ 12.220837] kfree+0x274/0x3f0 [ 12.220862] kmalloc_large_invalid_free+0x120/0x2b0 [ 12.220884] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 12.220907] ? __schedule+0x10c6/0x2b60 [ 12.220929] ? __pfx_read_tsc+0x10/0x10 [ 12.220949] ? ktime_get_ts64+0x86/0x230 [ 12.220973] kunit_try_run_case+0x1a5/0x480 [ 12.220996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.221018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.221054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.221076] ? __kthread_parkme+0x82/0x180 [ 12.221096] ? preempt_count_sub+0x50/0x80 [ 12.221119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.221143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.221165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.221188] kthread+0x337/0x6f0 [ 12.221206] ? trace_preempt_on+0x20/0xc0 [ 12.221229] ? __pfx_kthread+0x10/0x10 [ 12.221249] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.221270] ? calculate_sigpending+0x7b/0xa0 [ 12.221292] ? __pfx_kthread+0x10/0x10 [ 12.221313] ret_from_fork+0x116/0x1d0 [ 12.221331] ? __pfx_kthread+0x10/0x10 [ 12.221351] ret_from_fork_asm+0x1a/0x30 [ 12.221382] </TASK> [ 12.221392] [ 12.228859] The buggy address belongs to the physical page: [ 12.229219] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038cc [ 12.229550] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.229895] flags: 0x200000000000040(head|node=0|zone=2) [ 12.230190] page_type: f8(unknown) [ 12.230382] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.230790] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.231046] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.231433] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.231791] head: 0200000000000002 ffffea00040e3301 00000000ffffffff 00000000ffffffff [ 12.232262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.232616] page dumped because: kasan: bad access detected [ 12.232829] [ 12.232901] Memory state around the buggy address: [ 12.233196] ffff8881038cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.233538] ffff8881038cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.233882] >ffff8881038cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.234216] ^ [ 12.234338] ffff8881038cc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.234570] ffff8881038cc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.234809] ==================================================================
[ 12.321100] ================================================================== [ 12.321606] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 12.321926] Free of addr ffff8881038a4001 by task kunit_try_catch/167 [ 12.322304] [ 12.322412] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.322460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.322472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.322495] Call Trace: [ 12.322508] <TASK> [ 12.322526] dump_stack_lvl+0x73/0xb0 [ 12.322558] print_report+0xd1/0x610 [ 12.322580] ? __virt_addr_valid+0x1db/0x2d0 [ 12.322605] ? kasan_addr_to_slab+0x11/0xa0 [ 12.322624] ? kfree+0x274/0x3f0 [ 12.322648] kasan_report_invalid_free+0x10a/0x130 [ 12.322671] ? kfree+0x274/0x3f0 [ 12.322693] ? kfree+0x274/0x3f0 [ 12.322713] __kasan_kfree_large+0x86/0xd0 [ 12.322733] free_large_kmalloc+0x4b/0x110 [ 12.322755] kfree+0x274/0x3f0 [ 12.322779] kmalloc_large_invalid_free+0x120/0x2b0 [ 12.322801] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 12.322825] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 12.322851] kunit_try_run_case+0x1a5/0x480 [ 12.322877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.322898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.322923] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.322945] ? __kthread_parkme+0x82/0x180 [ 12.322966] ? preempt_count_sub+0x50/0x80 [ 12.322991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.323014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.323048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.323070] kthread+0x337/0x6f0 [ 12.323089] ? trace_preempt_on+0x20/0xc0 [ 12.323112] ? __pfx_kthread+0x10/0x10 [ 12.323132] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.323165] ? calculate_sigpending+0x7b/0xa0 [ 12.323189] ? __pfx_kthread+0x10/0x10 [ 12.323209] ret_from_fork+0x116/0x1d0 [ 12.323229] ? __pfx_kthread+0x10/0x10 [ 12.323248] ret_from_fork_asm+0x1a/0x30 [ 12.323279] </TASK> [ 12.323289] [ 12.330765] The buggy address belongs to the physical page: [ 12.331031] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a4 [ 12.331318] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.331551] flags: 0x200000000000040(head|node=0|zone=2) [ 12.331735] page_type: f8(unknown) [ 12.331929] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.332178] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.332569] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.333038] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.334263] head: 0200000000000002 ffffea00040e2901 00000000ffffffff 00000000ffffffff [ 12.334645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.336074] page dumped because: kasan: bad access detected [ 12.336277] [ 12.336378] Memory state around the buggy address: [ 12.336950] ffff8881038a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.337639] ffff8881038a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.338422] >ffff8881038a4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.338647] ^ [ 12.338770] ffff8881038a4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.339503] ffff8881038a4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.339747] ==================================================================