Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 34.095877] ================================================================== [ 34.100244] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 34.107184] Free of addr ffff000801e2e001 by task kunit_try_catch/255 [ 34.113605] [ 34.115093] CPU: 5 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 34.115152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.115170] Hardware name: WinLink E850-96 board (DT) [ 34.115192] Call trace: [ 34.115208] show_stack+0x20/0x38 (C) [ 34.115247] dump_stack_lvl+0x8c/0xd0 [ 34.115287] print_report+0x118/0x608 [ 34.115322] kasan_report_invalid_free+0xc0/0xe8 [ 34.115358] check_slab_allocation+0xfc/0x108 [ 34.115394] __kasan_slab_pre_free+0x2c/0x48 [ 34.115425] kmem_cache_free+0xf0/0x470 [ 34.115460] kmem_cache_invalid_free+0x184/0x3c8 [ 34.115493] kunit_try_run_case+0x170/0x3f0 [ 34.115528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.115568] kthread+0x328/0x630 [ 34.115600] ret_from_fork+0x10/0x20 [ 34.115638] [ 34.187910] Allocated by task 255: [ 34.191298] kasan_save_stack+0x3c/0x68 [ 34.195115] kasan_save_track+0x20/0x40 [ 34.198934] kasan_save_alloc_info+0x40/0x58 [ 34.203187] __kasan_slab_alloc+0xa8/0xb0 [ 34.207180] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 34.211781] kmem_cache_invalid_free+0x12c/0x3c8 [ 34.216382] kunit_try_run_case+0x170/0x3f0 [ 34.220548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.226018] kthread+0x328/0x630 [ 34.229229] ret_from_fork+0x10/0x20 [ 34.232788] [ 34.234265] The buggy address belongs to the object at ffff000801e2e000 [ 34.234265] which belongs to the cache test_cache of size 200 [ 34.246678] The buggy address is located 1 bytes inside of [ 34.246678] 200-byte region [ffff000801e2e000, ffff000801e2e0c8) [ 34.258221] [ 34.259700] The buggy address belongs to the physical page: [ 34.265257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881e2e [ 34.273242] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.280880] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.287823] page_type: f5(slab) [ 34.290961] raw: 0bfffe0000000040 ffff000801e2c000 dead000000000122 0000000000000000 [ 34.298679] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 34.306407] head: 0bfffe0000000040 ffff000801e2c000 dead000000000122 0000000000000000 [ 34.314217] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 34.322030] head: 0bfffe0000000001 fffffdffe0078b81 00000000ffffffff 00000000ffffffff [ 34.329841] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 34.337647] page dumped because: kasan: bad access detected [ 34.343204] [ 34.344678] Memory state around the buggy address: [ 34.349460] ffff000801e2df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.356661] ffff000801e2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.363868] >ffff000801e2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.371067] ^ [ 34.374282] ffff000801e2e080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 34.381487] ffff000801e2e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.388689] ==================================================================
[ 26.103392] ================================================================== [ 26.103664] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 26.103946] Free of addr fff00000c77f8001 by task kunit_try_catch/212 [ 26.104100] [ 26.104381] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 26.104593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.104660] Hardware name: linux,dummy-virt (DT) [ 26.104756] Call trace: [ 26.104814] show_stack+0x20/0x38 (C) [ 26.105319] dump_stack_lvl+0x8c/0xd0 [ 26.105475] print_report+0x118/0x608 [ 26.105611] kasan_report_invalid_free+0xc0/0xe8 [ 26.105766] check_slab_allocation+0xfc/0x108 [ 26.105899] __kasan_slab_pre_free+0x2c/0x48 [ 26.106123] kmem_cache_free+0xf0/0x470 [ 26.106386] kmem_cache_invalid_free+0x184/0x3c8 [ 26.106697] kunit_try_run_case+0x170/0x3f0 [ 26.106972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.107189] kthread+0x328/0x630 [ 26.107523] ret_from_fork+0x10/0x20 [ 26.107785] [ 26.107841] Allocated by task 212: [ 26.108011] kasan_save_stack+0x3c/0x68 [ 26.108118] kasan_save_track+0x20/0x40 [ 26.108211] kasan_save_alloc_info+0x40/0x58 [ 26.108313] __kasan_slab_alloc+0xa8/0xb0 [ 26.108581] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 26.108747] kmem_cache_invalid_free+0x12c/0x3c8 [ 26.108982] kunit_try_run_case+0x170/0x3f0 [ 26.109084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.109260] kthread+0x328/0x630 [ 26.109353] ret_from_fork+0x10/0x20 [ 26.109626] [ 26.109732] The buggy address belongs to the object at fff00000c77f8000 [ 26.109732] which belongs to the cache test_cache of size 200 [ 26.109874] The buggy address is located 1 bytes inside of [ 26.109874] 200-byte region [fff00000c77f8000, fff00000c77f80c8) [ 26.110063] [ 26.110126] The buggy address belongs to the physical page: [ 26.110211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077f8 [ 26.110347] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.110697] page_type: f5(slab) [ 26.110805] raw: 0bfffe0000000000 fff00000c5bfeb40 dead000000000122 0000000000000000 [ 26.110935] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.111078] page dumped because: kasan: bad access detected [ 26.111164] [ 26.111210] Memory state around the buggy address: [ 26.111298] fff00000c77f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.111449] fff00000c77f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.111561] >fff00000c77f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.111646] ^ [ 26.111739] fff00000c77f8080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.111930] fff00000c77f8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.112118] ==================================================================
[ 19.518090] ================================================================== [ 19.518931] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 19.519941] Free of addr ffff8881022d9001 by task kunit_try_catch/228 [ 19.520671] [ 19.520968] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 19.521115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.521152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.521333] Call Trace: [ 19.521377] <TASK> [ 19.521426] dump_stack_lvl+0x73/0xb0 [ 19.521513] print_report+0xd1/0x650 [ 19.521592] ? __virt_addr_valid+0x1db/0x2d0 [ 19.521673] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.521749] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.521824] kasan_report_invalid_free+0x10a/0x130 [ 19.521911] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.522001] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.522075] check_slab_allocation+0x11f/0x130 [ 19.522135] __kasan_slab_pre_free+0x28/0x40 [ 19.522324] kmem_cache_free+0xed/0x420 [ 19.522389] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.522448] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.522522] kmem_cache_invalid_free+0x1d8/0x460 [ 19.522596] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 19.522668] ? finish_task_switch.isra.0+0x153/0x700 [ 19.522744] ? __switch_to+0x47/0xf50 [ 19.522831] ? __pfx_read_tsc+0x10/0x10 [ 19.522900] ? ktime_get_ts64+0x86/0x230 [ 19.523024] kunit_try_run_case+0x1a5/0x480 [ 19.523106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.523171] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.523252] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.523334] ? __kthread_parkme+0x82/0x180 [ 19.523394] ? preempt_count_sub+0x50/0x80 [ 19.523427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.523457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.523493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.523527] kthread+0x337/0x6f0 [ 19.523553] ? trace_preempt_on+0x20/0xc0 [ 19.523587] ? __pfx_kthread+0x10/0x10 [ 19.523615] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.523647] ? calculate_sigpending+0x7b/0xa0 [ 19.523680] ? __pfx_kthread+0x10/0x10 [ 19.523718] ret_from_fork+0x116/0x1d0 [ 19.523779] ? __pfx_kthread+0x10/0x10 [ 19.523810] ret_from_fork_asm+0x1a/0x30 [ 19.523854] </TASK> [ 19.523869] [ 19.548245] Allocated by task 228: [ 19.549101] kasan_save_stack+0x45/0x70 [ 19.549953] kasan_save_track+0x18/0x40 [ 19.550533] kasan_save_alloc_info+0x3b/0x50 [ 19.551326] __kasan_slab_alloc+0x91/0xa0 [ 19.551692] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.552183] kmem_cache_invalid_free+0x157/0x460 [ 19.552561] kunit_try_run_case+0x1a5/0x480 [ 19.553434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.553799] kthread+0x337/0x6f0 [ 19.554653] ret_from_fork+0x116/0x1d0 [ 19.555081] ret_from_fork_asm+0x1a/0x30 [ 19.555851] [ 19.556105] The buggy address belongs to the object at ffff8881022d9000 [ 19.556105] which belongs to the cache test_cache of size 200 [ 19.557298] The buggy address is located 1 bytes inside of [ 19.557298] 200-byte region [ffff8881022d9000, ffff8881022d90c8) [ 19.558780] [ 19.559048] The buggy address belongs to the physical page: [ 19.560016] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022d9 [ 19.560798] flags: 0x200000000000000(node=0|zone=2) [ 19.561239] page_type: f5(slab) [ 19.561604] raw: 0200000000000000 ffff8881022d3280 dead000000000122 0000000000000000 [ 19.562810] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.563758] page dumped because: kasan: bad access detected [ 19.564522] [ 19.565101] Memory state around the buggy address: [ 19.565832] ffff8881022d8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.566639] ffff8881022d8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.567495] >ffff8881022d9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.568598] ^ [ 19.569004] ffff8881022d9080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 19.569786] ffff8881022d9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.570543] ==================================================================
[ 60.631805] ================================================================== [ 60.643371] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x200/0x4c0 [ 60.650421] Free of addr cc85e001 by task kunit_try_catch/263 [ 60.656188] [ 60.657714] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 60.657745] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 60.657745] Hardware name: Generic DRA74X (Flattened Device Tree) [ 60.657745] Call trace: [ 60.657775] unwind_backtrace from show_stack+0x18/0x1c [ 60.657806] show_stack from dump_stack_lvl+0x70/0x90 [ 60.657806] dump_stack_lvl from print_report+0x158/0x528 [ 60.657836] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 60.657867] kasan_report_invalid_free from check_slab_allocation+0xd0/0xd8 [ 60.657897] check_slab_allocation from kmem_cache_free+0x1c0/0x470 [ 60.657928] kmem_cache_free from kmem_cache_invalid_free+0x200/0x4c0 [ 60.657928] kmem_cache_invalid_free from kunit_try_run_case+0x22c/0x5a8 [ 60.657958] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.657989] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 60.658020] kthread from ret_from_fork+0x14/0x20 [ 60.658050] Exception stack(0xf2393fb0 to 0xf2393ff8) [ 60.658050] 3fa0: 00000000 00000000 00000000 00000000 [ 60.658081] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 60.658081] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 60.658111] [ 60.779479] Allocated by task 263: [ 60.782928] kasan_save_track+0x30/0x5c [ 60.786804] __kasan_slab_alloc+0x60/0x68 [ 60.790832] kmem_cache_alloc_noprof+0x17c/0x36c [ 60.795471] kmem_cache_invalid_free+0x16c/0x4c0 [ 60.800140] kunit_try_run_case+0x22c/0x5a8 [ 60.804351] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.809875] kthread+0x464/0x810 [ 60.813140] ret_from_fork+0x14/0x20 [ 60.816741] [ 60.818237] The buggy address belongs to the object at cc85e000 [ 60.818237] which belongs to the cache test_cache of size 200 [ 60.830078] The buggy address is located 1 bytes inside of [ 60.830078] 200-byte region [cc85e000, cc85e0c8) [ 60.840301] [ 60.841796] The buggy address belongs to the physical page: [ 60.847412] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c85e [ 60.854705] flags: 0x0(zone=0) [ 60.857757] page_type: f5(slab) [ 60.860931] raw: 00000000 cc85a200 00000122 00000000 00000000 800f000f f5000000 00000000 [ 60.869079] raw: 00000000 [ 60.871734] page dumped because: kasan: bad access detected [ 60.877319] [ 60.878845] Memory state around the buggy address: [ 60.883666] cc85df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.890228] cc85df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.896789] >cc85e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.903381] ^ [ 60.905914] cc85e080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 60.912506] cc85e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.919067] ==================================================================