Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.372266] ================================================================== [ 17.372339] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 17.372407] Free of addr fff00000c787b001 by task kunit_try_catch/211 [ 17.372464] [ 17.372651] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 17.372913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.372943] Hardware name: linux,dummy-virt (DT) [ 17.372978] Call trace: [ 17.373002] show_stack+0x20/0x38 (C) [ 17.373053] dump_stack_lvl+0x8c/0xd0 [ 17.373191] print_report+0x118/0x5d0 [ 17.373251] kasan_report_invalid_free+0xc0/0xe8 [ 17.373302] check_slab_allocation+0xfc/0x108 [ 17.373377] __kasan_slab_pre_free+0x2c/0x48 [ 17.373426] kmem_cache_free+0xf0/0x468 [ 17.373473] kmem_cache_invalid_free+0x184/0x3c8 [ 17.373521] kunit_try_run_case+0x170/0x3f0 [ 17.373572] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.373625] kthread+0x328/0x630 [ 17.373668] ret_from_fork+0x10/0x20 [ 17.373717] [ 17.373844] Allocated by task 211: [ 17.374080] kasan_save_stack+0x3c/0x68 [ 17.374226] kasan_save_track+0x20/0x40 [ 17.374478] kasan_save_alloc_info+0x40/0x58 [ 17.374657] __kasan_slab_alloc+0xa8/0xb0 [ 17.374764] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.375225] kmem_cache_invalid_free+0x12c/0x3c8 [ 17.375314] kunit_try_run_case+0x170/0x3f0 [ 17.375382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.375514] kthread+0x328/0x630 [ 17.375616] ret_from_fork+0x10/0x20 [ 17.375652] [ 17.375812] The buggy address belongs to the object at fff00000c787b000 [ 17.375812] which belongs to the cache test_cache of size 200 [ 17.376196] The buggy address is located 1 bytes inside of [ 17.376196] 200-byte region [fff00000c787b000, fff00000c787b0c8) [ 17.376265] [ 17.376288] The buggy address belongs to the physical page: [ 17.376674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10787b [ 17.376908] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.376965] page_type: f5(slab) [ 17.377017] raw: 0bfffe0000000000 fff00000c5905c80 dead000000000122 0000000000000000 [ 17.377071] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.377173] page dumped because: kasan: bad access detected [ 17.377499] [ 17.377573] Memory state around the buggy address: [ 17.377611] fff00000c787af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.377693] fff00000c787af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.377738] >fff00000c787b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.377777] ^ [ 17.378291] fff00000c787b080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 17.378344] fff00000c787b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.378406] ==================================================================
[ 17.281923] ================================================================== [ 17.281988] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 17.282422] Free of addr fff00000c666c001 by task kunit_try_catch/211 [ 17.282538] [ 17.282663] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 17.282794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.282858] Hardware name: linux,dummy-virt (DT) [ 17.282947] Call trace: [ 17.283005] show_stack+0x20/0x38 (C) [ 17.283103] dump_stack_lvl+0x8c/0xd0 [ 17.283213] print_report+0x118/0x5d0 [ 17.283262] kasan_report_invalid_free+0xc0/0xe8 [ 17.283359] check_slab_allocation+0xfc/0x108 [ 17.283661] __kasan_slab_pre_free+0x2c/0x48 [ 17.283755] kmem_cache_free+0xf0/0x468 [ 17.283817] kmem_cache_invalid_free+0x184/0x3c8 [ 17.283868] kunit_try_run_case+0x170/0x3f0 [ 17.283918] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.283972] kthread+0x328/0x630 [ 17.284085] ret_from_fork+0x10/0x20 [ 17.284196] [ 17.284241] Allocated by task 211: [ 17.284520] kasan_save_stack+0x3c/0x68 [ 17.284890] kasan_save_track+0x20/0x40 [ 17.285380] kasan_save_alloc_info+0x40/0x58 [ 17.285593] __kasan_slab_alloc+0xa8/0xb0 [ 17.285675] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.285827] kmem_cache_invalid_free+0x12c/0x3c8 [ 17.285900] kunit_try_run_case+0x170/0x3f0 [ 17.286071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.286177] kthread+0x328/0x630 [ 17.286320] ret_from_fork+0x10/0x20 [ 17.286585] [ 17.286661] The buggy address belongs to the object at fff00000c666c000 [ 17.286661] which belongs to the cache test_cache of size 200 [ 17.286799] The buggy address is located 1 bytes inside of [ 17.286799] 200-byte region [fff00000c666c000, fff00000c666c0c8) [ 17.286945] [ 17.287028] The buggy address belongs to the physical page: [ 17.287162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10666c [ 17.287226] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.287505] page_type: f5(slab) [ 17.287690] raw: 0bfffe0000000000 fff00000c6670000 dead000000000122 0000000000000000 [ 17.287781] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.287843] page dumped because: kasan: bad access detected [ 17.287876] [ 17.287896] Memory state around the buggy address: [ 17.287929] fff00000c666bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.287983] fff00000c666bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.288036] >fff00000c666c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.288083] ^ [ 17.288110] fff00000c666c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 17.288158] fff00000c666c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.288216] ==================================================================
[ 13.392751] ================================================================== [ 13.393241] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.394200] Free of addr ffff888103949001 by task kunit_try_catch/229 [ 13.394501] [ 13.394741] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.394790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.394803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.394824] Call Trace: [ 13.394838] <TASK> [ 13.394856] dump_stack_lvl+0x73/0xb0 [ 13.394888] print_report+0xd1/0x610 [ 13.394910] ? __virt_addr_valid+0x1db/0x2d0 [ 13.394934] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.394956] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.394981] kasan_report_invalid_free+0x10a/0x130 [ 13.395005] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.395040] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.395064] check_slab_allocation+0x11f/0x130 [ 13.395085] __kasan_slab_pre_free+0x28/0x40 [ 13.395105] kmem_cache_free+0xed/0x420 [ 13.395124] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.395144] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.395172] kmem_cache_invalid_free+0x1d8/0x460 [ 13.395196] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.395219] ? finish_task_switch.isra.0+0x153/0x700 [ 13.395241] ? __switch_to+0x47/0xf50 [ 13.395270] ? __pfx_read_tsc+0x10/0x10 [ 13.395291] ? ktime_get_ts64+0x86/0x230 [ 13.395316] kunit_try_run_case+0x1a5/0x480 [ 13.395340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.395362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.395385] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.395419] ? __kthread_parkme+0x82/0x180 [ 13.395439] ? preempt_count_sub+0x50/0x80 [ 13.395462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.395486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.395509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.395531] kthread+0x337/0x6f0 [ 13.395551] ? trace_preempt_on+0x20/0xc0 [ 13.395575] ? __pfx_kthread+0x10/0x10 [ 13.395596] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.395617] ? calculate_sigpending+0x7b/0xa0 [ 13.395641] ? __pfx_kthread+0x10/0x10 [ 13.395662] ret_from_fork+0x116/0x1d0 [ 13.395680] ? __pfx_kthread+0x10/0x10 [ 13.395701] ret_from_fork_asm+0x1a/0x30 [ 13.395733] </TASK> [ 13.395743] [ 13.409910] Allocated by task 229: [ 13.410357] kasan_save_stack+0x45/0x70 [ 13.410748] kasan_save_track+0x18/0x40 [ 13.410892] kasan_save_alloc_info+0x3b/0x50 [ 13.411205] __kasan_slab_alloc+0x91/0xa0 [ 13.411687] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.412257] kmem_cache_invalid_free+0x157/0x460 [ 13.412714] kunit_try_run_case+0x1a5/0x480 [ 13.413101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.413544] kthread+0x337/0x6f0 [ 13.413906] ret_from_fork+0x116/0x1d0 [ 13.414286] ret_from_fork_asm+0x1a/0x30 [ 13.414449] [ 13.414525] The buggy address belongs to the object at ffff888103949000 [ 13.414525] which belongs to the cache test_cache of size 200 [ 13.414896] The buggy address is located 1 bytes inside of [ 13.414896] 200-byte region [ffff888103949000, ffff8881039490c8) [ 13.415235] [ 13.415310] The buggy address belongs to the physical page: [ 13.415752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103949 [ 13.416567] flags: 0x200000000000000(node=0|zone=2) [ 13.417139] page_type: f5(slab) [ 13.417496] raw: 0200000000000000 ffff888101a54c80 dead000000000122 0000000000000000 [ 13.418257] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.418969] page dumped because: kasan: bad access detected [ 13.419572] [ 13.419797] Memory state around the buggy address: [ 13.420332] ffff888103948f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 13.420924] ffff888103948f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.421529] >ffff888103949000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.421944] ^ [ 13.422287] ffff888103949080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.422967] ffff888103949100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.423298] ==================================================================
[ 13.492293] ================================================================== [ 13.493131] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.494440] Free of addr ffff8881027b6001 by task kunit_try_catch/228 [ 13.494875] [ 13.495124] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.495188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.495200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.495222] Call Trace: [ 13.495235] <TASK> [ 13.495253] dump_stack_lvl+0x73/0xb0 [ 13.495284] print_report+0xd1/0x610 [ 13.495306] ? __virt_addr_valid+0x1db/0x2d0 [ 13.495330] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.495351] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.495375] kasan_report_invalid_free+0x10a/0x130 [ 13.495398] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.495423] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.495447] check_slab_allocation+0x11f/0x130 [ 13.495468] __kasan_slab_pre_free+0x28/0x40 [ 13.495488] kmem_cache_free+0xed/0x420 [ 13.495507] ? kasan_save_track+0x18/0x40 [ 13.495525] ? kasan_save_stack+0x45/0x70 [ 13.495543] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.495566] ? kmem_cache_invalid_free+0x157/0x460 [ 13.495590] kmem_cache_invalid_free+0x1d8/0x460 [ 13.495613] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.495636] ? finish_task_switch.isra.0+0x153/0x700 [ 13.495658] ? __switch_to+0x47/0xf50 [ 13.495686] ? __pfx_read_tsc+0x10/0x10 [ 13.495707] ? ktime_get_ts64+0x86/0x230 [ 13.495731] kunit_try_run_case+0x1a5/0x480 [ 13.495756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.495777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.495800] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.495822] ? __kthread_parkme+0x82/0x180 [ 13.495843] ? preempt_count_sub+0x50/0x80 [ 13.495865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.495918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.495941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.495964] kthread+0x337/0x6f0 [ 13.495984] ? trace_preempt_on+0x20/0xc0 [ 13.496007] ? __pfx_kthread+0x10/0x10 [ 13.496027] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.496047] ? calculate_sigpending+0x7b/0xa0 [ 13.496071] ? __pfx_kthread+0x10/0x10 [ 13.496091] ret_from_fork+0x116/0x1d0 [ 13.496109] ? __pfx_kthread+0x10/0x10 [ 13.496129] ret_from_fork_asm+0x1a/0x30 [ 13.496167] </TASK> [ 13.496177] [ 13.510566] Allocated by task 228: [ 13.510699] kasan_save_stack+0x45/0x70 [ 13.510846] kasan_save_track+0x18/0x40 [ 13.511262] kasan_save_alloc_info+0x3b/0x50 [ 13.511680] __kasan_slab_alloc+0x91/0xa0 [ 13.512126] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.512622] kmem_cache_invalid_free+0x157/0x460 [ 13.513163] kunit_try_run_case+0x1a5/0x480 [ 13.513570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.514081] kthread+0x337/0x6f0 [ 13.514218] ret_from_fork+0x116/0x1d0 [ 13.514410] ret_from_fork_asm+0x1a/0x30 [ 13.514761] [ 13.514918] The buggy address belongs to the object at ffff8881027b6000 [ 13.514918] which belongs to the cache test_cache of size 200 [ 13.516109] The buggy address is located 1 bytes inside of [ 13.516109] 200-byte region [ffff8881027b6000, ffff8881027b60c8) [ 13.516560] [ 13.516638] The buggy address belongs to the physical page: [ 13.516816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b6 [ 13.517540] flags: 0x200000000000000(node=0|zone=2) [ 13.518074] page_type: f5(slab) [ 13.518498] raw: 0200000000000000 ffff888101d4bdc0 dead000000000122 0000000000000000 [ 13.519204] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.520014] page dumped because: kasan: bad access detected [ 13.520415] [ 13.520493] Memory state around the buggy address: [ 13.520660] ffff8881027b5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.520971] ffff8881027b5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.521708] >ffff8881027b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.522444] ^ [ 13.522744] ffff8881027b6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.523495] ffff8881027b6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.524257] ==================================================================