Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.611387] ================================================================== [ 30.611614] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 30.611840] Free of addr fff00000c99d0001 by task kunit_try_catch/183 [ 30.612096] [ 30.612144] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.612298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.612371] Hardware name: linux,dummy-virt (DT) [ 30.612466] Call trace: [ 30.612516] show_stack+0x20/0x38 (C) [ 30.612579] dump_stack_lvl+0x8c/0xd0 [ 30.612840] print_report+0x118/0x608 [ 30.613242] kasan_report_invalid_free+0xc0/0xe8 [ 30.613436] __kasan_kfree_large+0x5c/0xa8 [ 30.613532] free_large_kmalloc+0x68/0x150 [ 30.613839] kfree+0x270/0x3c8 [ 30.614149] kmalloc_large_invalid_free+0x108/0x270 [ 30.614308] kunit_try_run_case+0x170/0x3f0 [ 30.614634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.614764] kthread+0x328/0x630 [ 30.614843] ret_from_fork+0x10/0x20 [ 30.615110] [ 30.615185] The buggy address belongs to the physical page: [ 30.615331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d0 [ 30.615392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.615595] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.615812] page_type: f8(unknown) [ 30.615870] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.616048] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.616110] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.616373] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.616493] head: 0bfffe0000000002 ffffc1ffc3267401 00000000ffffffff 00000000ffffffff [ 30.616571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.616789] page dumped because: kasan: bad access detected [ 30.616960] [ 30.617032] Memory state around the buggy address: [ 30.617091] fff00000c99cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.617206] fff00000c99cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.617275] >fff00000c99d0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.617380] ^ [ 30.617411] fff00000c99d0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.617486] fff00000c99d0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.617858] ==================================================================
[ 32.424052] ================================================================== [ 32.424135] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 32.424411] Free of addr fff00000c99ec001 by task kunit_try_catch/181 [ 32.424701] [ 32.424969] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.425057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.425083] Hardware name: linux,dummy-virt (DT) [ 32.425114] Call trace: [ 32.425136] show_stack+0x20/0x38 (C) [ 32.425205] dump_stack_lvl+0x8c/0xd0 [ 32.425428] print_report+0x118/0x608 [ 32.425508] kasan_report_invalid_free+0xc0/0xe8 [ 32.425712] __kasan_kfree_large+0x5c/0xa8 [ 32.425915] free_large_kmalloc+0x68/0x150 [ 32.426065] kfree+0x270/0x3c8 [ 32.426146] kmalloc_large_invalid_free+0x108/0x270 [ 32.426203] kunit_try_run_case+0x170/0x3f0 [ 32.426251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.426303] kthread+0x328/0x630 [ 32.426346] ret_from_fork+0x10/0x20 [ 32.426566] [ 32.426591] The buggy address belongs to the physical page: [ 32.426621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099ec [ 32.426673] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.426718] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.426768] page_type: f8(unknown) [ 32.426807] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.426917] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.427074] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.427229] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.427277] head: 0bfffe0000000002 ffffc1ffc3267b01 00000000ffffffff 00000000ffffffff [ 32.427324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.427364] page dumped because: kasan: bad access detected [ 32.427394] [ 32.427411] Memory state around the buggy address: [ 32.427442] fff00000c99ebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.427857] fff00000c99ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.427902] >fff00000c99ec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.427939] ^ [ 32.428152] fff00000c99ec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.428332] fff00000c99ec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.428460] ==================================================================
[ 22.648016] ================================================================== [ 22.648518] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 22.648823] Free of addr ffff8881060c4001 by task kunit_try_catch/198 [ 22.649086] [ 22.649195] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.649243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.649256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.649276] Call Trace: [ 22.649290] <TASK> [ 22.649321] dump_stack_lvl+0x73/0xb0 [ 22.649352] print_report+0xd1/0x650 [ 22.649374] ? __virt_addr_valid+0x1db/0x2d0 [ 22.649400] ? kasan_addr_to_slab+0x11/0xa0 [ 22.649419] ? kfree+0x274/0x3f0 [ 22.649442] kasan_report_invalid_free+0x10a/0x130 [ 22.649465] ? kfree+0x274/0x3f0 [ 22.649488] ? kfree+0x274/0x3f0 [ 22.649508] __kasan_kfree_large+0x86/0xd0 [ 22.649529] free_large_kmalloc+0x52/0x110 [ 22.649552] kfree+0x274/0x3f0 [ 22.649577] kmalloc_large_invalid_free+0x120/0x2b0 [ 22.649599] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.649621] ? __schedule+0x10cc/0x2b60 [ 22.649653] ? __pfx_read_tsc+0x10/0x10 [ 22.649688] ? ktime_get_ts64+0x86/0x230 [ 22.649714] kunit_try_run_case+0x1a5/0x480 [ 22.649745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.649768] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.649790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.649811] ? __kthread_parkme+0x82/0x180 [ 22.649831] ? preempt_count_sub+0x50/0x80 [ 22.649861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.649885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.649908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.649932] kthread+0x337/0x6f0 [ 22.649952] ? trace_preempt_on+0x20/0xc0 [ 22.649976] ? __pfx_kthread+0x10/0x10 [ 22.649996] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.650019] ? calculate_sigpending+0x7b/0xa0 [ 22.650043] ? __pfx_kthread+0x10/0x10 [ 22.650064] ret_from_fork+0x116/0x1d0 [ 22.650082] ? __pfx_kthread+0x10/0x10 [ 22.650102] ret_from_fork_asm+0x1a/0x30 [ 22.650134] </TASK> [ 22.650145] [ 22.659377] The buggy address belongs to the physical page: [ 22.659640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 22.660137] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.660429] flags: 0x200000000000040(head|node=0|zone=2) [ 22.661085] page_type: f8(unknown) [ 22.661414] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.662158] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.662513] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.662899] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.663246] head: 0200000000000002 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 22.663608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.664262] page dumped because: kasan: bad access detected [ 22.664536] [ 22.664626] Memory state around the buggy address: [ 22.664939] ffff8881060c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.665282] ffff8881060c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.665605] >ffff8881060c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.665858] ^ [ 22.666030] ffff8881060c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.666354] ffff8881060c4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.666990] ==================================================================
[ 22.856677] ================================================================== [ 22.857187] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 22.857487] Free of addr ffff8881060ac001 by task kunit_try_catch/199 [ 22.857739] [ 22.857857] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.857913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.857925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.858143] Call Trace: [ 22.858159] <TASK> [ 22.858179] dump_stack_lvl+0x73/0xb0 [ 22.858504] print_report+0xd1/0x650 [ 22.858530] ? __virt_addr_valid+0x1db/0x2d0 [ 22.858556] ? kasan_addr_to_slab+0x11/0xa0 [ 22.858576] ? kfree+0x274/0x3f0 [ 22.858598] kasan_report_invalid_free+0x10a/0x130 [ 22.858622] ? kfree+0x274/0x3f0 [ 22.858645] ? kfree+0x274/0x3f0 [ 22.858665] __kasan_kfree_large+0x86/0xd0 [ 22.858687] free_large_kmalloc+0x52/0x110 [ 22.858710] kfree+0x274/0x3f0 [ 22.858734] kmalloc_large_invalid_free+0x120/0x2b0 [ 22.858756] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.858779] ? __schedule+0x10cc/0x2b60 [ 22.858800] ? __pfx_read_tsc+0x10/0x10 [ 22.858822] ? ktime_get_ts64+0x86/0x230 [ 22.858847] kunit_try_run_case+0x1a5/0x480 [ 22.858874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.858897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.858918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.858939] ? __kthread_parkme+0x82/0x180 [ 22.858960] ? preempt_count_sub+0x50/0x80 [ 22.858983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.859008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.859033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.859056] kthread+0x337/0x6f0 [ 22.859089] ? trace_preempt_on+0x20/0xc0 [ 22.859112] ? __pfx_kthread+0x10/0x10 [ 22.859133] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.859156] ? calculate_sigpending+0x7b/0xa0 [ 22.859231] ? __pfx_kthread+0x10/0x10 [ 22.859257] ret_from_fork+0x116/0x1d0 [ 22.859276] ? __pfx_kthread+0x10/0x10 [ 22.859297] ret_from_fork_asm+0x1a/0x30 [ 22.859328] </TASK> [ 22.859341] [ 22.867008] The buggy address belongs to the physical page: [ 22.867500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 22.867860] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.868370] flags: 0x200000000000040(head|node=0|zone=2) [ 22.868600] page_type: f8(unknown) [ 22.868756] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.869106] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.869594] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.869905] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.870151] head: 0200000000000002 ffffea0004182b01 00000000ffffffff 00000000ffffffff [ 22.870434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.871098] page dumped because: kasan: bad access detected [ 22.871377] [ 22.871446] Memory state around the buggy address: [ 22.871601] ffff8881060abf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.871897] ffff8881060abf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.872640] >ffff8881060ac000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.872924] ^ [ 22.873092] ffff8881060ac080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.873538] ffff8881060ac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.873877] ==================================================================