Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.071323] ================================================================== [ 31.071390] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 31.071459] Free of addr fff00000c9231001 by task kunit_try_catch/242 [ 31.071503] [ 31.071569] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 31.071662] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.071719] Hardware name: linux,dummy-virt (DT) [ 31.071872] Call trace: [ 31.072076] show_stack+0x20/0x38 (C) [ 31.072243] dump_stack_lvl+0x8c/0xd0 [ 31.072517] print_report+0x118/0x5e8 [ 31.072582] kasan_report_invalid_free+0xc0/0xe8 [ 31.072780] check_slab_allocation+0xfc/0x108 [ 31.072887] __kasan_slab_pre_free+0x2c/0x48 [ 31.072953] kmem_cache_free+0xf0/0x468 [ 31.073040] kmem_cache_invalid_free+0x184/0x3c8 [ 31.073092] kunit_try_run_case+0x170/0x3f0 [ 31.073152] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.073204] kthread+0x328/0x630 [ 31.073267] ret_from_fork+0x10/0x20 [ 31.073315] [ 31.073335] Allocated by task 242: [ 31.073365] kasan_save_stack+0x3c/0x68 [ 31.073546] kasan_save_track+0x20/0x40 [ 31.073583] kasan_save_alloc_info+0x40/0x58 [ 31.073695] __kasan_slab_alloc+0xa8/0xb0 [ 31.073830] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.073897] kmem_cache_invalid_free+0x12c/0x3c8 [ 31.074248] kunit_try_run_case+0x170/0x3f0 [ 31.074380] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.074497] kthread+0x328/0x630 [ 31.074576] ret_from_fork+0x10/0x20 [ 31.074714] [ 31.074790] The buggy address belongs to the object at fff00000c9231000 [ 31.074790] which belongs to the cache test_cache of size 200 [ 31.074905] The buggy address is located 1 bytes inside of [ 31.074905] 200-byte region [fff00000c9231000, fff00000c92310c8) [ 31.075002] [ 31.075025] The buggy address belongs to the physical page: [ 31.075064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109231 [ 31.075119] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.075303] page_type: f5(slab) [ 31.075495] raw: 0bfffe0000000000 fff00000c3f36a00 dead000000000122 0000000000000000 [ 31.075593] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.075649] page dumped because: kasan: bad access detected [ 31.075697] [ 31.075798] Memory state around the buggy address: [ 31.075940] fff00000c9230f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.076085] fff00000c9230f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.076172] >fff00000c9231000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.076268] ^ [ 31.076295] fff00000c9231080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.076609] fff00000c9231100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.076724] ==================================================================
[ 25.833044] ================================================================== [ 25.833885] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 25.834146] Free of addr ffff88810497d001 by task kunit_try_catch/259 [ 25.834682] [ 25.834783] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.835090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.835108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.835131] Call Trace: [ 25.835145] <TASK> [ 25.835162] dump_stack_lvl+0x73/0xb0 [ 25.835320] print_report+0xd1/0x640 [ 25.835345] ? __virt_addr_valid+0x1db/0x2d0 [ 25.835372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.835398] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835423] kasan_report_invalid_free+0x10a/0x130 [ 25.835447] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835520] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835545] check_slab_allocation+0x11f/0x130 [ 25.835567] __kasan_slab_pre_free+0x28/0x40 [ 25.835589] kmem_cache_free+0xed/0x420 [ 25.835609] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.835634] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835660] kmem_cache_invalid_free+0x1d8/0x460 [ 25.835685] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 25.835708] ? finish_task_switch.isra.0+0x153/0x700 [ 25.835730] ? __switch_to+0x47/0xf80 [ 25.835760] ? __pfx_read_tsc+0x10/0x10 [ 25.835782] ? ktime_get_ts64+0x86/0x230 [ 25.835808] kunit_try_run_case+0x1a5/0x480 [ 25.835846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.835870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.835896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.835926] ? __kthread_parkme+0x82/0x180 [ 25.835946] ? preempt_count_sub+0x50/0x80 [ 25.835969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.835994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.836018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.836042] kthread+0x337/0x6f0 [ 25.836062] ? trace_preempt_on+0x20/0xc0 [ 25.836087] ? __pfx_kthread+0x10/0x10 [ 25.836108] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.836131] ? calculate_sigpending+0x7b/0xa0 [ 25.836156] ? __pfx_kthread+0x10/0x10 [ 25.836186] ret_from_fork+0x116/0x1d0 [ 25.836207] ? __pfx_kthread+0x10/0x10 [ 25.836228] ret_from_fork_asm+0x1a/0x30 [ 25.836261] </TASK> [ 25.836272] [ 25.848558] Allocated by task 259: [ 25.848735] kasan_save_stack+0x45/0x70 [ 25.848961] kasan_save_track+0x18/0x40 [ 25.849142] kasan_save_alloc_info+0x3b/0x50 [ 25.849409] __kasan_slab_alloc+0x91/0xa0 [ 25.849558] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.849936] kmem_cache_invalid_free+0x157/0x460 [ 25.850235] kunit_try_run_case+0x1a5/0x480 [ 25.850808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.851182] kthread+0x337/0x6f0 [ 25.851478] ret_from_fork+0x116/0x1d0 [ 25.851819] ret_from_fork_asm+0x1a/0x30 [ 25.852117] [ 25.852217] The buggy address belongs to the object at ffff88810497d000 [ 25.852217] which belongs to the cache test_cache of size 200 [ 25.853094] The buggy address is located 1 bytes inside of [ 25.853094] 200-byte region [ffff88810497d000, ffff88810497d0c8) [ 25.854103] [ 25.854220] The buggy address belongs to the physical page: [ 25.854427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10497d [ 25.855044] flags: 0x200000000000000(node=0|zone=2) [ 25.855281] page_type: f5(slab) [ 25.855496] raw: 0200000000000000 ffff888101653780 dead000000000122 0000000000000000 [ 25.855902] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.856184] page dumped because: kasan: bad access detected [ 25.856633] [ 25.856894] Memory state around the buggy address: [ 25.857123] ffff88810497cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.857688] ffff88810497cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.858149] >ffff88810497d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.858511] ^ [ 25.858849] ffff88810497d080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.859253] ffff88810497d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.859712] ==================================================================