Date
June 25, 2025, 8:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.381502] ================================================================== [ 26.381588] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 26.381654] Free of addr fff00000c7820001 by task kunit_try_catch/162 [ 26.381934] [ 26.382038] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT [ 26.382636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.382780] Hardware name: linux,dummy-virt (DT) [ 26.382878] Call trace: [ 26.382902] show_stack+0x20/0x38 (C) [ 26.383145] dump_stack_lvl+0x8c/0xd0 [ 26.383209] print_report+0x118/0x608 [ 26.383312] kasan_report_invalid_free+0xc0/0xe8 [ 26.383361] __kasan_kfree_large+0x5c/0xa8 [ 26.383711] free_large_kmalloc+0x68/0x150 [ 26.383796] kfree+0x270/0x3c8 [ 26.383882] kmalloc_large_invalid_free+0x108/0x270 [ 26.384027] kunit_try_run_case+0x170/0x3f0 [ 26.384093] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.384306] kthread+0x328/0x630 [ 26.384377] ret_from_fork+0x10/0x20 [ 26.384543] [ 26.384638] The buggy address belongs to the physical page: [ 26.384671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107820 [ 26.384723] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.384799] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 26.384966] page_type: f8(unknown) [ 26.385038] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.385559] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.385803] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.385945] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.386045] head: 0bfffe0000000002 ffffc1ffc31e0801 00000000ffffffff 00000000ffffffff [ 26.386715] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.387054] page dumped because: kasan: bad access detected [ 26.387119] [ 26.387138] Memory state around the buggy address: [ 26.387173] fff00000c781ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.387216] fff00000c781ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.387258] >fff00000c7820000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.387294] ^ [ 26.387322] fff00000c7820080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.388517] fff00000c7820100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.389083] ==================================================================
[ 21.429215] ================================================================== [ 21.429720] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 21.430122] Free of addr ffff888102918001 by task kunit_try_catch/179 [ 21.430374] [ 21.430484] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.430533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.430545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.430564] Call Trace: [ 21.430577] <TASK> [ 21.430594] dump_stack_lvl+0x73/0xb0 [ 21.430636] print_report+0xd1/0x650 [ 21.430825] ? __virt_addr_valid+0x1db/0x2d0 [ 21.430856] ? kasan_addr_to_slab+0x11/0xa0 [ 21.430875] ? kfree+0x274/0x3f0 [ 21.430896] kasan_report_invalid_free+0x10a/0x130 [ 21.430918] ? kfree+0x274/0x3f0 [ 21.430950] ? kfree+0x274/0x3f0 [ 21.431068] __kasan_kfree_large+0x86/0xd0 [ 21.431089] free_large_kmalloc+0x52/0x110 [ 21.431110] kfree+0x274/0x3f0 [ 21.431143] kmalloc_large_invalid_free+0x120/0x2b0 [ 21.431165] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 21.431186] ? __schedule+0x10cc/0x2b60 [ 21.431210] ? __pfx_read_tsc+0x10/0x10 [ 21.431232] ? ktime_get_ts64+0x86/0x230 [ 21.431256] kunit_try_run_case+0x1a5/0x480 [ 21.431282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.431303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.431322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.431346] ? __kthread_parkme+0x82/0x180 [ 21.431365] ? preempt_count_sub+0x50/0x80 [ 21.431387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.431409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.431431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.431453] kthread+0x337/0x6f0 [ 21.431473] ? trace_preempt_on+0x20/0xc0 [ 21.431495] ? __pfx_kthread+0x10/0x10 [ 21.431514] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.431535] ? calculate_sigpending+0x7b/0xa0 [ 21.431557] ? __pfx_kthread+0x10/0x10 [ 21.431577] ret_from_fork+0x116/0x1d0 [ 21.431594] ? __pfx_kthread+0x10/0x10 [ 21.431612] ret_from_fork_asm+0x1a/0x30 [ 21.431642] </TASK> [ 21.431652] [ 21.441541] The buggy address belongs to the physical page: [ 21.441922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102918 [ 21.442375] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.442727] flags: 0x200000000000040(head|node=0|zone=2) [ 21.443191] page_type: f8(unknown) [ 21.443354] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.443802] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.444157] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.444480] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.444796] head: 0200000000000002 ffffea00040a4601 00000000ffffffff 00000000ffffffff [ 21.445112] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.445771] page dumped because: kasan: bad access detected [ 21.446170] [ 21.446267] Memory state around the buggy address: [ 21.446447] ffff888102917f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447066] ffff888102917f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447541] >ffff888102918000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.447989] ^ [ 21.448244] ffff888102918080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.448581] ffff888102918100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.448895] ==================================================================