Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.919837] ================================================================== [ 31.923291] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 31.930234] Free of addr ffff000801bca001 by task kunit_try_catch/260 [ 31.936656] [ 31.938142] CPU: 4 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 31.938200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.938215] Hardware name: WinLink E850-96 board (DT) [ 31.938240] Call trace: [ 31.938252] show_stack+0x20/0x38 (C) [ 31.938288] dump_stack_lvl+0x8c/0xd0 [ 31.938325] print_report+0x118/0x608 [ 31.938356] kasan_report_invalid_free+0xc0/0xe8 [ 31.938389] check_slab_allocation+0xfc/0x108 [ 31.938420] __kasan_slab_pre_free+0x2c/0x48 [ 31.938449] kmem_cache_free+0xf0/0x468 [ 31.938479] kmem_cache_invalid_free+0x184/0x3c8 [ 31.938514] kunit_try_run_case+0x170/0x3f0 [ 31.938552] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.938588] kthread+0x328/0x630 [ 31.938622] ret_from_fork+0x10/0x20 [ 31.938661] [ 32.010093] Allocated by task 260: [ 32.013481] kasan_save_stack+0x3c/0x68 [ 32.017296] kasan_save_track+0x20/0x40 [ 32.021115] kasan_save_alloc_info+0x40/0x58 [ 32.025369] __kasan_slab_alloc+0xa8/0xb0 [ 32.029361] kmem_cache_alloc_noprof+0x10c/0x398 [ 32.033962] kmem_cache_invalid_free+0x12c/0x3c8 [ 32.038564] kunit_try_run_case+0x170/0x3f0 [ 32.042730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.048198] kthread+0x328/0x630 [ 32.051410] ret_from_fork+0x10/0x20 [ 32.054969] [ 32.056446] The buggy address belongs to the object at ffff000801bca000 [ 32.056446] which belongs to the cache test_cache of size 200 [ 32.068861] The buggy address is located 1 bytes inside of [ 32.068861] 200-byte region [ffff000801bca000, ffff000801bca0c8) [ 32.080403] [ 32.081882] The buggy address belongs to the physical page: [ 32.087437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881bca [ 32.095422] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.103062] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.110002] page_type: f5(slab) [ 32.113141] raw: 0bfffe0000000040 ffff000801bc6140 dead000000000122 0000000000000000 [ 32.120860] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 32.128586] head: 0bfffe0000000040 ffff000801bc6140 dead000000000122 0000000000000000 [ 32.136398] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 32.144211] head: 0bfffe0000000001 fffffdffe006f281 00000000ffffffff 00000000ffffffff [ 32.152023] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.159829] page dumped because: kasan: bad access detected [ 32.165384] [ 32.166859] Memory state around the buggy address: [ 32.171639] ffff000801bc9f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.178844] ffff000801bc9f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.186051] >ffff000801bca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.193248] ^ [ 32.196464] ffff000801bca080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 32.203668] ffff000801bca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.210871] ==================================================================
[ 16.266029] ================================================================== [ 16.266091] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 16.266712] Free of addr fff00000c65a0001 by task kunit_try_catch/216 [ 16.266763] [ 16.266800] CPU: 0 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 16.266882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.266910] Hardware name: linux,dummy-virt (DT) [ 16.266942] Call trace: [ 16.266964] show_stack+0x20/0x38 (C) [ 16.267015] dump_stack_lvl+0x8c/0xd0 [ 16.267065] print_report+0x118/0x608 [ 16.267121] kasan_report_invalid_free+0xc0/0xe8 [ 16.267170] check_slab_allocation+0xfc/0x108 [ 16.267216] __kasan_slab_pre_free+0x2c/0x48 [ 16.267309] kmem_cache_free+0xf0/0x468 [ 16.267355] kmem_cache_invalid_free+0x184/0x3c8 [ 16.267404] kunit_try_run_case+0x170/0x3f0 [ 16.267454] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.267507] kthread+0x328/0x630 [ 16.267551] ret_from_fork+0x10/0x20 [ 16.267679] [ 16.267697] Allocated by task 216: [ 16.267737] kasan_save_stack+0x3c/0x68 [ 16.267777] kasan_save_track+0x20/0x40 [ 16.267864] kasan_save_alloc_info+0x40/0x58 [ 16.267914] __kasan_slab_alloc+0xa8/0xb0 [ 16.268069] kmem_cache_alloc_noprof+0x10c/0x398 [ 16.268107] kmem_cache_invalid_free+0x12c/0x3c8 [ 16.268148] kunit_try_run_case+0x170/0x3f0 [ 16.268185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.268307] kthread+0x328/0x630 [ 16.268362] ret_from_fork+0x10/0x20 [ 16.268509] [ 16.268539] The buggy address belongs to the object at fff00000c65a0000 [ 16.268539] which belongs to the cache test_cache of size 200 [ 16.268597] The buggy address is located 1 bytes inside of [ 16.268597] 200-byte region [fff00000c65a0000, fff00000c65a00c8) [ 16.268665] [ 16.268686] The buggy address belongs to the physical page: [ 16.268720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0 [ 16.268807] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.268856] page_type: f5(slab) [ 16.268897] raw: 0bfffe0000000000 fff00000c65af140 dead000000000122 0000000000000000 [ 16.268982] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 16.269023] page dumped because: kasan: bad access detected [ 16.269063] [ 16.269168] Memory state around the buggy address: [ 16.269200] fff00000c659ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.269251] fff00000c659ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.269396] >fff00000c65a0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.269434] ^ [ 16.269498] fff00000c65a0080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 16.269600] fff00000c65a0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.269659] ==================================================================
[ 15.280701] ================================================================== [ 15.281378] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 15.281941] Free of addr ffff888102609001 by task kunit_try_catch/232 [ 15.282817] [ 15.282991] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 15.283074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.283095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.283121] Call Trace: [ 15.283138] <TASK> [ 15.283166] dump_stack_lvl+0x73/0xb0 [ 15.283369] print_report+0xd1/0x650 [ 15.283747] ? __virt_addr_valid+0x1db/0x2d0 [ 15.283877] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.283935] ? kmem_cache_invalid_free+0x1d8/0x460 [ 15.283990] kasan_report_invalid_free+0x10a/0x130 [ 15.284049] ? kmem_cache_invalid_free+0x1d8/0x460 [ 15.284113] ? kmem_cache_invalid_free+0x1d8/0x460 [ 15.284156] check_slab_allocation+0x11f/0x130 [ 15.284196] __kasan_slab_pre_free+0x28/0x40 [ 15.284235] kmem_cache_free+0xed/0x420 [ 15.284273] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 15.284310] ? kmem_cache_invalid_free+0x1d8/0x460 [ 15.284366] kmem_cache_invalid_free+0x1d8/0x460 [ 15.284393] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 15.284418] ? finish_task_switch.isra.0+0x153/0x700 [ 15.284448] ? __switch_to+0x5d9/0xf60 [ 15.284474] ? dequeue_task_fair+0x166/0x4e0 [ 15.284505] ? __pfx_read_tsc+0x10/0x10 [ 15.284528] ? ktime_get_ts64+0x86/0x230 [ 15.284559] kunit_try_run_case+0x1a5/0x480 [ 15.284589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.284614] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.284645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.284674] ? __kthread_parkme+0x82/0x180 [ 15.284701] ? preempt_count_sub+0x50/0x80 [ 15.284729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.284756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.284784] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.284812] kthread+0x337/0x6f0 [ 15.284831] ? trace_preempt_on+0x20/0xc0 [ 15.284859] ? __pfx_kthread+0x10/0x10 [ 15.284880] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.284906] ? calculate_sigpending+0x7b/0xa0 [ 15.284931] ? __pfx_kthread+0x10/0x10 [ 15.284953] ret_from_fork+0x41/0x80 [ 15.284976] ? __pfx_kthread+0x10/0x10 [ 15.284997] ret_from_fork_asm+0x1a/0x30 [ 15.285046] </TASK> [ 15.285060] [ 15.298461] Allocated by task 232: [ 15.298857] kasan_save_stack+0x45/0x70 [ 15.299510] kasan_save_track+0x18/0x40 [ 15.299730] kasan_save_alloc_info+0x3b/0x50 [ 15.299930] __kasan_slab_alloc+0x91/0xa0 [ 15.300137] kmem_cache_alloc_noprof+0x123/0x3f0 [ 15.300512] kmem_cache_invalid_free+0x157/0x460 [ 15.300886] kunit_try_run_case+0x1a5/0x480 [ 15.301462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.302037] kthread+0x337/0x6f0 [ 15.302525] ret_from_fork+0x41/0x80 [ 15.302852] ret_from_fork_asm+0x1a/0x30 [ 15.303906] [ 15.304057] The buggy address belongs to the object at ffff888102609000 [ 15.304057] which belongs to the cache test_cache of size 200 [ 15.304786] The buggy address is located 1 bytes inside of [ 15.304786] 200-byte region [ffff888102609000, ffff8881026090c8) [ 15.305598] [ 15.305798] The buggy address belongs to the physical page: [ 15.306406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102609 [ 15.306821] flags: 0x200000000000000(node=0|zone=2) [ 15.307061] page_type: f5(slab) [ 15.307368] raw: 0200000000000000 ffff8881016a0a00 dead000000000122 0000000000000000 [ 15.308061] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 15.309209] page dumped because: kasan: bad access detected [ 15.309665] [ 15.309896] Memory state around the buggy address: [ 15.310553] ffff888102608f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.310950] ffff888102608f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.311547] >ffff888102609000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.312139] ^ [ 15.312640] ffff888102609080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 15.313170] ffff888102609100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.313451] ==================================================================