Date
Dec. 5, 2024, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.173089] ================================================================== [ 29.174238] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 29.175037] Free of addr fff00000c644c001 by task kunit_try_catch/139 [ 29.176924] [ 29.177232] CPU: 1 UID: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 29.178606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.179282] Hardware name: linux,dummy-virt (DT) [ 29.179966] Call trace: [ 29.180585] show_stack+0x20/0x38 (C) [ 29.181236] dump_stack_lvl+0x8c/0xd0 [ 29.181897] print_report+0x118/0x5e0 [ 29.182649] kasan_report_invalid_free+0xb0/0xd8 [ 29.183649] __kasan_kfree_large+0x5c/0xa8 [ 29.184399] free_large_kmalloc+0x58/0x140 [ 29.185003] kfree+0x270/0x3c8 [ 29.185594] kmalloc_large_invalid_free+0x108/0x270 [ 29.186291] kunit_try_run_case+0x14c/0x3d0 [ 29.186944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.187652] kthread+0x24c/0x2d0 [ 29.188453] ret_from_fork+0x10/0x20 [ 29.189053] [ 29.189366] The buggy address belongs to the physical page: [ 29.190047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10644c [ 29.190841] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.192241] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.193226] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.194260] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 29.195149] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.196168] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 29.197429] head: 0bfffe0000000002 ffffc1ffc3191301 ffffffffffffffff 0000000000000000 [ 29.198568] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 29.199356] page dumped because: kasan: bad access detected [ 29.199779] [ 29.200448] Memory state around the buggy address: [ 29.201125] fff00000c644bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.201907] fff00000c644bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.203005] >fff00000c644c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.204086] ^ [ 29.204551] fff00000c644c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.205486] fff00000c644c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.206408] ==================================================================
[ 26.741948] ================================================================== [ 26.743896] BUG: KASAN: invalid-free in kfree+0x271/0x3f0 [ 26.744503] Free of addr ffff88810226c001 by task kunit_try_catch/157 [ 26.745561] [ 26.746256] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 26.747668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.748034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.748757] Call Trace: [ 26.749443] <TASK> [ 26.749747] dump_stack_lvl+0x73/0xb0 [ 26.750184] print_report+0xd1/0x640 [ 26.750671] ? __virt_addr_valid+0x1db/0x2d0 [ 26.751539] ? kfree+0x271/0x3f0 [ 26.752055] ? kasan_addr_to_slab+0x11/0xa0 [ 26.752565] ? kfree+0x271/0x3f0 [ 26.753105] kasan_report_invalid_free+0xc0/0xf0 [ 26.753578] ? kfree+0x271/0x3f0 [ 26.753956] ? kfree+0x271/0x3f0 [ 26.754443] __kasan_kfree_large+0x86/0xd0 [ 26.754987] free_large_kmalloc+0x3b/0xd0 [ 26.755437] kfree+0x271/0x3f0 [ 26.756508] kmalloc_large_invalid_free+0x121/0x2b0 [ 26.756877] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 26.757992] ? __schedule+0xc70/0x27e0 [ 26.758732] ? __pfx_read_tsc+0x10/0x10 [ 26.759597] ? ktime_get_ts64+0x86/0x230 [ 26.760330] kunit_try_run_case+0x1b3/0x490 [ 26.760823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.761983] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.762706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.763390] ? __kthread_parkme+0x82/0x160 [ 26.763802] ? preempt_count_sub+0x50/0x80 [ 26.764583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.765518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.766453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.766868] kthread+0x257/0x310 [ 26.767762] ? __pfx_kthread+0x10/0x10 [ 26.768419] ret_from_fork+0x41/0x80 [ 26.768819] ? __pfx_kthread+0x10/0x10 [ 26.769743] ret_from_fork_asm+0x1a/0x30 [ 26.770352] </TASK> [ 26.770706] [ 26.770953] The buggy address belongs to the physical page: [ 26.771497] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10226c [ 26.772469] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.773506] flags: 0x200000000000040(head|node=0|zone=2) [ 26.774550] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.775556] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.776542] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.777540] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.779269] head: 0200000000000002 ffffea0004089b01 ffffffffffffffff 0000000000000000 [ 26.780451] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 26.781242] page dumped because: kasan: bad access detected [ 26.782570] [ 26.782861] Memory state around the buggy address: [ 26.783419] ffff88810226bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.784359] ffff88810226bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.785504] >ffff88810226c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.786623] ^ [ 26.787123] ffff88810226c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.787763] ffff88810226c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.788780] ==================================================================