Hay
Sign in
Date
June 20, 2025, 12:38 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   33.256340] ==================================================================
[   33.256659] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8
[   33.256915] Free of addr fff00000c59f8001 by task kunit_try_catch/222
[   33.257115] 
[   33.257447] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   33.257811] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.257949] Hardware name: linux,dummy-virt (DT)
[   33.258069] Call trace:
[   33.258254]  show_stack+0x20/0x38 (C)
[   33.258877]  dump_stack_lvl+0x8c/0xd0
[   33.259355]  print_report+0x118/0x608
[   33.259618]  kasan_report_invalid_free+0xc0/0xe8
[   33.259897]  check_slab_allocation+0xfc/0x108
[   33.260047]  __kasan_slab_pre_free+0x2c/0x48
[   33.260168]  kmem_cache_free+0xf0/0x468
[   33.260671]  kmem_cache_invalid_free+0x184/0x3c8
[   33.260943]  kunit_try_run_case+0x170/0x3f0
[   33.261201]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.261548]  kthread+0x328/0x630
[   33.261667]  ret_from_fork+0x10/0x20
[   33.261859] 
[   33.262023] Allocated by task 222:
[   33.262123]  kasan_save_stack+0x3c/0x68
[   33.262365]  kasan_save_track+0x20/0x40
[   33.262638]  kasan_save_alloc_info+0x40/0x58
[   33.263005]  __kasan_slab_alloc+0xa8/0xb0
[   33.263178]  kmem_cache_alloc_noprof+0x10c/0x398
[   33.263508]  kmem_cache_invalid_free+0x12c/0x3c8
[   33.263831]  kunit_try_run_case+0x170/0x3f0
[   33.264034]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.264299]  kthread+0x328/0x630
[   33.264450]  ret_from_fork+0x10/0x20
[   33.264542] 
[   33.264593] The buggy address belongs to the object at fff00000c59f8000
[   33.264593]  which belongs to the cache test_cache of size 200
[   33.264775] The buggy address is located 1 bytes inside of
[   33.264775]  200-byte region [fff00000c59f8000, fff00000c59f80c8)
[   33.264935] 
[   33.264989] The buggy address belongs to the physical page:
[   33.265167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059f8
[   33.265546] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.265779] page_type: f5(slab)
[   33.265949] raw: 0bfffe0000000000 fff00000c59f3140 dead000000000122 0000000000000000
[   33.266241] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   33.266640] page dumped because: kasan: bad access detected
[   33.266852] 
[   33.266951] Memory state around the buggy address:
[   33.267180]  fff00000c59f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.267453]  fff00000c59f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.267571] >fff00000c59f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.267701]                    ^
[   33.267780]  fff00000c59f8080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   33.267897]  fff00000c59f8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.268571] ==================================================================
Metadata Full log Test run details 

[   26.453848] ==================================================================
[   26.454424] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460
[   26.454750] Free of addr ffff888102ab3001 by task kunit_try_catch/240
[   26.455067] 
[   26.455279] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   26.455412] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.455482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.455529] Call Trace:
[   26.455569]  <TASK>
[   26.455605]  dump_stack_lvl+0x73/0xb0
[   26.455663]  print_report+0xd1/0x650
[   26.455705]  ? __virt_addr_valid+0x1db/0x2d0
[   26.455749]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.455801]  ? kmem_cache_invalid_free+0x1d8/0x460
[   26.455853]  kasan_report_invalid_free+0x10a/0x130
[   26.455906]  ? kmem_cache_invalid_free+0x1d8/0x460
[   26.455961]  ? kmem_cache_invalid_free+0x1d8/0x460
[   26.456012]  check_slab_allocation+0x11f/0x130
[   26.456060]  __kasan_slab_pre_free+0x28/0x40
[   26.456106]  kmem_cache_free+0xed/0x420
[   26.456148]  ? kmem_cache_alloc_noprof+0x123/0x3f0
[   26.456191]  ? kmem_cache_invalid_free+0x1d8/0x460
[   26.456235]  kmem_cache_invalid_free+0x1d8/0x460
[   26.456274]  ? __pfx_kmem_cache_invalid_free+0x10/0x10
[   26.456313]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   26.456368]  ? __pfx_kmem_cache_invalid_free+0x10/0x10
[   26.456419]  kunit_try_run_case+0x1a5/0x480
[   26.456479]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.456523]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.456567]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.456606]  ? __kthread_parkme+0x82/0x180
[   26.456643]  ? preempt_count_sub+0x50/0x80
[   26.456682]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.456736]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.456800]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.456850]  kthread+0x337/0x6f0
[   26.456894]  ? trace_preempt_on+0x20/0xc0
[   26.456945]  ? __pfx_kthread+0x10/0x10
[   26.456974]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.456997]  ? calculate_sigpending+0x7b/0xa0
[   26.457023]  ? __pfx_kthread+0x10/0x10
[   26.457045]  ret_from_fork+0x116/0x1d0
[   26.457066]  ? __pfx_kthread+0x10/0x10
[   26.457088]  ret_from_fork_asm+0x1a/0x30
[   26.457121]  </TASK>
[   26.457135] 
[   26.468363] Allocated by task 240:
[   26.468741]  kasan_save_stack+0x45/0x70
[   26.468970]  kasan_save_track+0x18/0x40
[   26.469362]  kasan_save_alloc_info+0x3b/0x50
[   26.469568]  __kasan_slab_alloc+0x91/0xa0
[   26.469802]  kmem_cache_alloc_noprof+0x123/0x3f0
[   26.470211]  kmem_cache_invalid_free+0x157/0x460
[   26.470563]  kunit_try_run_case+0x1a5/0x480
[   26.470751]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.470957]  kthread+0x337/0x6f0
[   26.471113]  ret_from_fork+0x116/0x1d0
[   26.471277]  ret_from_fork_asm+0x1a/0x30
[   26.471466] 
[   26.471636] The buggy address belongs to the object at ffff888102ab3000
[   26.471636]  which belongs to the cache test_cache of size 200
[   26.473078] The buggy address is located 1 bytes inside of
[   26.473078]  200-byte region [ffff888102ab3000, ffff888102ab30c8)
[   26.473954] 
[   26.474141] The buggy address belongs to the physical page:
[   26.476116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab3
[   26.476418] flags: 0x200000000000000(node=0|zone=2)
[   26.476837] page_type: f5(slab)
[   26.477112] raw: 0200000000000000 ffff888101a68500 dead000000000122 0000000000000000
[   26.477627] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   26.478031] page dumped because: kasan: bad access detected
[   26.478785] 
[   26.478967] Memory state around the buggy address:
[   26.479380]  ffff888102ab2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.480016]  ffff888102ab2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.480654] >ffff888102ab3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.480906]                    ^
[   26.481154]  ffff888102ab3080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   26.481898]  ffff888102ab3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.482593] ==================================================================
Metadata Full log Test run details