Hay
Sign in
Date
Dec. 5, 2024, 2:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   31.339085] ==================================================================
[   31.341487] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3b8
[   31.342174] Free of addr fff00000c63bc001 by task kunit_try_catch/200
[   31.343120] 
[   31.344348] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   31.345205] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.346388] Hardware name: linux,dummy-virt (DT)
[   31.347675] Call trace:
[   31.348418]  show_stack+0x20/0x38 (C)
[   31.348733]  dump_stack_lvl+0x8c/0xd0
[   31.349129]  print_report+0x118/0x5e0
[   31.349672]  kasan_report_invalid_free+0xb0/0xd8
[   31.350533]  check_slab_allocation+0xfc/0x108
[   31.351212]  __kasan_slab_pre_free+0x2c/0x48
[   31.352102]  kmem_cache_free+0xf0/0x470
[   31.352971]  kmem_cache_invalid_free+0x184/0x3b8
[   31.353754]  kunit_try_run_case+0x14c/0x3d0
[   31.354491]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.355442]  kthread+0x24c/0x2d0
[   31.356412]  ret_from_fork+0x10/0x20
[   31.356945] 
[   31.357338] Allocated by task 200:
[   31.357817]  kasan_save_stack+0x3c/0x68
[   31.358390]  kasan_save_track+0x20/0x40
[   31.359053]  kasan_save_alloc_info+0x40/0x58
[   31.359974]  __kasan_slab_alloc+0xa8/0xb0
[   31.360562]  kmem_cache_alloc_noprof+0x108/0x398
[   31.361246]  kmem_cache_invalid_free+0x12c/0x3b8
[   31.361858]  kunit_try_run_case+0x14c/0x3d0
[   31.362445]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.363219]  kthread+0x24c/0x2d0
[   31.363726]  ret_from_fork+0x10/0x20
[   31.364272] 
[   31.364562] The buggy address belongs to the object at fff00000c63bc000
[   31.364562]  which belongs to the cache test_cache of size 200
[   31.366551] The buggy address is located 1 bytes inside of
[   31.366551]  200-byte region [fff00000c63bc000, fff00000c63bc0c8)
[   31.368128] 
[   31.368624] The buggy address belongs to the physical page:
[   31.369528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063bc
[   31.370438] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.371489] page_type: f5(slab)
[   31.372379] raw: 0bfffe0000000000 fff00000c56a0b40 dead000000000122 0000000000000000
[   31.373161] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   31.374072] page dumped because: kasan: bad access detected
[   31.374782] 
[   31.375140] Memory state around the buggy address:
[   31.376077]  fff00000c63bbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.377018]  fff00000c63bbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.378014] >fff00000c63bc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.378933]                    ^
[   31.379367]  fff00000c63bc080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   31.380840]  fff00000c63bc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.381698] ==================================================================
Metadata Full log Test run details 

[   29.173351] ==================================================================
[   29.174915] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d9/0x470
[   29.175901] Free of addr ffff888102a06001 by task kunit_try_catch/218
[   29.176476] 
[   29.176801] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   29.177613] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.177907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   29.179307] Call Trace:
[   29.179766]  <TASK>
[   29.180072]  dump_stack_lvl+0x73/0xb0
[   29.180588]  print_report+0xd1/0x640
[   29.181180]  ? __virt_addr_valid+0x1db/0x2d0
[   29.181864]  ? kmem_cache_invalid_free+0x1d9/0x470
[   29.182921]  ? kasan_complete_mode_report_info+0x2a/0x200
[   29.183881]  ? kmem_cache_invalid_free+0x1d9/0x470
[   29.184622]  kasan_report_invalid_free+0xc0/0xf0
[   29.185540]  ? kmem_cache_invalid_free+0x1d9/0x470
[   29.186276]  ? kmem_cache_invalid_free+0x1d9/0x470
[   29.186656]  check_slab_allocation+0x11f/0x130
[   29.187263]  __kasan_slab_pre_free+0x28/0x40
[   29.187716]  kmem_cache_free+0xee/0x420
[   29.188555]  ? kmem_cache_alloc_noprof+0x11e/0x3e0
[   29.189103]  ? kmem_cache_invalid_free+0x1d9/0x470
[   29.189676]  kmem_cache_invalid_free+0x1d9/0x470
[   29.190369]  ? __pfx_kmem_cache_invalid_free+0x10/0x10
[   29.191126]  ? finish_task_switch.isra.0+0x153/0x700
[   29.191573]  ? __switch_to+0x5d9/0xf60
[   29.192354]  ? __pfx_read_tsc+0x10/0x10
[   29.192770]  ? ktime_get_ts64+0x86/0x230
[   29.193332]  kunit_try_run_case+0x1b3/0x490
[   29.193741]  ? __pfx_kunit_try_run_case+0x10/0x10
[   29.194349]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   29.194826]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   29.195310]  ? __kthread_parkme+0x82/0x160
[   29.195758]  ? preempt_count_sub+0x50/0x80
[   29.196336]  ? __pfx_kunit_try_run_case+0x10/0x10
[   29.197390]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   29.198125]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.198677]  kthread+0x257/0x310
[   29.199243]  ? __pfx_kthread+0x10/0x10
[   29.199667]  ret_from_fork+0x41/0x80
[   29.200470]  ? __pfx_kthread+0x10/0x10
[   29.200974]  ret_from_fork_asm+0x1a/0x30
[   29.201585]  </TASK>
[   29.202149] 
[   29.202455] Allocated by task 218:
[   29.202844]  kasan_save_stack+0x3d/0x60
[   29.203449]  kasan_save_track+0x18/0x40
[   29.203918]  kasan_save_alloc_info+0x3b/0x50
[   29.204798]  __kasan_slab_alloc+0x91/0xa0
[   29.205426]  kmem_cache_alloc_noprof+0x11e/0x3e0
[   29.205739]  kmem_cache_invalid_free+0x158/0x470
[   29.206438]  kunit_try_run_case+0x1b3/0x490
[   29.207280]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.208017]  kthread+0x257/0x310
[   29.208952]  ret_from_fork+0x41/0x80
[   29.209462]  ret_from_fork_asm+0x1a/0x30
[   29.209882] 
[   29.210214] The buggy address belongs to the object at ffff888102a06000
[   29.210214]  which belongs to the cache test_cache of size 200
[   29.212514] The buggy address is located 1 bytes inside of
[   29.212514]  200-byte region [ffff888102a06000, ffff888102a060c8)
[   29.214502] 
[   29.214844] The buggy address belongs to the physical page:
[   29.215591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a06
[   29.216230] flags: 0x200000000000000(node=0|zone=2)
[   29.216636] page_type: f5(slab)
[   29.217365] raw: 0200000000000000 ffff888101d40780 dead000000000122 0000000000000000
[   29.217666] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   29.218460] page dumped because: kasan: bad access detected
[   29.219265] 
[   29.219453] Memory state around the buggy address:
[   29.220071]  ffff888102a05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.221004]  ffff888102a05f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.221752] >ffff888102a06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.222367]                    ^
[   29.222943]  ffff888102a06080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   29.223669]  ffff888102a06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.224402] ==================================================================
Metadata Full log Test run details