Hay
Sign in
Date
May 12, 2025, 11:48 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   17.651974] ==================================================================
[   17.652125] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8
[   17.652247] Free of addr fff00000c794b001 by task kunit_try_catch/211
[   17.652342] 
[   17.652421] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   17.652607] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.652662] Hardware name: linux,dummy-virt (DT)
[   17.652732] Call trace:
[   17.652779]  show_stack+0x20/0x38 (C)
[   17.652887]  dump_stack_lvl+0x8c/0xd0
[   17.652993]  print_report+0x118/0x608
[   17.653612]  kasan_report_invalid_free+0xc0/0xe8
[   17.653779]  check_slab_allocation+0xfc/0x108
[   17.653917]  __kasan_slab_pre_free+0x2c/0x48
[   17.654036]  kmem_cache_free+0xf0/0x470
[   17.654154]  kmem_cache_invalid_free+0x184/0x3c8
[   17.654261]  kunit_try_run_case+0x170/0x3f0
[   17.654361]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.654453]  kthread+0x328/0x630
[   17.654542]  ret_from_fork+0x10/0x20
[   17.654657] 
[   17.654698] Allocated by task 211:
[   17.654763]  kasan_save_stack+0x3c/0x68
[   17.655281]  kasan_save_track+0x20/0x40
[   17.655536]  kasan_save_alloc_info+0x40/0x58
[   17.655765]  __kasan_slab_alloc+0xa8/0xb0
[   17.655885]  kmem_cache_alloc_noprof+0x10c/0x3a0
[   17.656106]  kmem_cache_invalid_free+0x12c/0x3c8
[   17.656513]  kunit_try_run_case+0x170/0x3f0
[   17.656740]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.656980]  kthread+0x328/0x630
[   17.657148]  ret_from_fork+0x10/0x20
[   17.657232] 
[   17.657362] The buggy address belongs to the object at fff00000c794b000
[   17.657362]  which belongs to the cache test_cache of size 200
[   17.657748] The buggy address is located 1 bytes inside of
[   17.657748]  200-byte region [fff00000c794b000, fff00000c794b0c8)
[   17.658025] 
[   17.658108] The buggy address belongs to the physical page:
[   17.658292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10794b
[   17.658431] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.658530] page_type: f5(slab)
[   17.658611] raw: 0bfffe0000000000 fff00000c1096a00 dead000000000122 0000000000000000
[   17.658712] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   17.659399] page dumped because: kasan: bad access detected
[   17.659492] 
[   17.659707] Memory state around the buggy address:
[   17.659793]  fff00000c794af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.660254]  fff00000c794af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.660404] >fff00000c794b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.660549]                    ^
[   17.660685]  fff00000c794b080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   17.660805]  fff00000c794b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.660890] ==================================================================
Metadata Full log Test run details 

[   17.582020] ==================================================================
[   17.582934] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460
[   17.583327] Free of addr ffff888102b5c001 by task kunit_try_catch/228
[   17.583966] 
[   17.584065] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   17.584673] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.584701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.584727] Call Trace:
[   17.584744]  <TASK>
[   17.584768]  dump_stack_lvl+0x73/0xb0
[   17.584809]  print_report+0xd1/0x650
[   17.584834]  ? __virt_addr_valid+0x1db/0x2d0
[   17.584862]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.584887]  ? kmem_cache_invalid_free+0x1d8/0x460
[   17.584910]  kasan_report_invalid_free+0x10a/0x130
[   17.584936]  ? kmem_cache_invalid_free+0x1d8/0x460
[   17.584959]  ? kmem_cache_invalid_free+0x1d8/0x460
[   17.584981]  check_slab_allocation+0x11f/0x130
[   17.585005]  __kasan_slab_pre_free+0x28/0x40
[   17.585027]  kmem_cache_free+0xed/0x420
[   17.585050]  ? kmem_cache_alloc_noprof+0x123/0x3f0
[   17.585289]  ? kmem_cache_invalid_free+0x1d8/0x460
[   17.585325]  kmem_cache_invalid_free+0x1d8/0x460
[   17.585352]  ? __pfx_kmem_cache_invalid_free+0x10/0x10
[   17.585373]  ? finish_task_switch.isra.0+0x153/0x700
[   17.585401]  ? __switch_to+0x47/0xf50
[   17.585431]  ? __pfx_read_tsc+0x10/0x10
[   17.585455]  ? ktime_get_ts64+0x86/0x230
[   17.585480]  kunit_try_run_case+0x1a5/0x480
[   17.585509]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.585533]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.585558]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.585599]  ? __kthread_parkme+0x82/0x180
[   17.585626]  ? preempt_count_sub+0x50/0x80
[   17.585653]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.585699]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.585724]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.585802]  kthread+0x337/0x6f0
[   17.585827]  ? trace_preempt_on+0x20/0xc0
[   17.585854]  ? __pfx_kthread+0x10/0x10
[   17.585876]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.585897]  ? calculate_sigpending+0x7b/0xa0
[   17.585923]  ? __pfx_kthread+0x10/0x10
[   17.585946]  ret_from_fork+0x116/0x1d0
[   17.585966]  ? __pfx_kthread+0x10/0x10
[   17.585988]  ret_from_fork_asm+0x1a/0x30
[   17.586020]  </TASK>
[   17.586035] 
[   17.597812] Allocated by task 228:
[   17.598195]  kasan_save_stack+0x45/0x70
[   17.598399]  kasan_save_track+0x18/0x40
[   17.598506]  kasan_save_alloc_info+0x3b/0x50
[   17.598613]  __kasan_slab_alloc+0x91/0xa0
[   17.598938]  kmem_cache_alloc_noprof+0x123/0x3f0
[   17.599387]  kmem_cache_invalid_free+0x157/0x460
[   17.599725]  kunit_try_run_case+0x1a5/0x480
[   17.600007]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.600326]  kthread+0x337/0x6f0
[   17.600599]  ret_from_fork+0x116/0x1d0
[   17.600827]  ret_from_fork_asm+0x1a/0x30
[   17.601485] 
[   17.601716] The buggy address belongs to the object at ffff888102b5c000
[   17.601716]  which belongs to the cache test_cache of size 200
[   17.601989] The buggy address is located 1 bytes inside of
[   17.601989]  200-byte region [ffff888102b5c000, ffff888102b5c0c8)
[   17.602847] 
[   17.603104] The buggy address belongs to the physical page:
[   17.603647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b5c
[   17.604371] flags: 0x200000000000000(node=0|zone=2)
[   17.604778] page_type: f5(slab)
[   17.605077] raw: 0200000000000000 ffff888102b5a000 dead000000000122 0000000000000000
[   17.605510] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   17.606000] page dumped because: kasan: bad access detected
[   17.606198] 
[   17.606515] Memory state around the buggy address:
[   17.606762]  ffff888102b5bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.607439]  ffff888102b5bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.607841] >ffff888102b5c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.608075]                    ^
[   17.608221]  ffff888102b5c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   17.608492]  ffff888102b5c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.608903] ==================================================================
Metadata Full log Test run details