Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-armv7 | |
| qemu-x86_64 |
[ 146.950346] ================================================================== [ 146.951578] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0xd8/0x23c [ 146.952495] Free of addr c8fb9001 by task kunit_try_catch/191 [ 146.953188] [ 146.953590] CPU: 1 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 146.954615] Hardware name: Generic DT based system [ 146.955240] unwind_backtrace from show_stack+0x18/0x1c [ 146.956099] show_stack from dump_stack_lvl+0x58/0x70 [ 146.956819] dump_stack_lvl from print_report+0x164/0x51c [ 146.957583] print_report from kasan_report_invalid_free+0xb4/0xe8 [ 146.958459] kasan_report_invalid_free from __kasan_slab_free+0x114/0x124 [ 146.959428] __kasan_slab_free from kmem_cache_free+0x170/0x41c [ 146.960296] kmem_cache_free from kmem_cache_invalid_free+0xd8/0x23c [ 146.961187] kmem_cache_invalid_free from kunit_try_run_case+0x11c/0x2e4 [ 146.962127] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 146.963079] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 146.963944] kthread from ret_from_fork+0x14/0x30 [ 146.964490] Exception stack(0xfa0c3fb0 to 0xfa0c3ff8) [ 146.965178] 3fa0: 00000000 00000000 00000000 00000000 [ 146.966947] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 146.968097] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 146.968928] [ 146.969278] Allocated by task 191: [ 146.969713] kasan_set_track+0x3c/0x5c [ 146.970297] __kasan_slab_alloc+0x60/0x68 [ 146.970838] kmem_cache_alloc+0x1dc/0x574 [ 146.971508] kmem_cache_invalid_free+0xb0/0x23c [ 146.972142] kunit_try_run_case+0x11c/0x2e4 [ 146.972760] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 146.973609] kthread+0x184/0x1a8 [ 146.974106] ret_from_fork+0x14/0x30 [ 146.974681] [ 146.975033] The buggy address belongs to the object at c8fb9000 [ 146.975033] which belongs to the cache test_cache of size 200 [ 146.976377] The buggy address is located 1 bytes inside of [ 146.976377] 200-byte region [c8fb9000, c8fb90c8) [ 146.977648] [ 146.977982] The buggy address belongs to the physical page: [ 146.978862] page:6f24fb60 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x48fb9 [ 146.979838] flags: 0x800(slab|zone=0) [ 146.980485] page_type: 0xffffffff() [ 146.981037] raw: 00000800 c8919800 00000122 00000000 00000000 800f000f ffffffff 00000001 [ 146.982010] raw: 00000000 [ 146.982285] page dumped because: kasan: bad access detected [ 146.983135] [ 146.983367] Memory state around the buggy address: [ 146.984100] c8fb8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 146.984970] c8fb8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 146.985791] >c8fb9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 146.986712] ^ [ 146.987541] c8fb9080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 146.988266] c8fb9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 146.989015] ==================================================================
[ 49.951842] ================================================================== [ 49.952863] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0xe4/0x260 [ 49.953633] Free of addr ffff88810294f001 by task kunit_try_catch/214 [ 49.954494] [ 49.954901] CPU: 1 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 49.955766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 49.956396] Call Trace: [ 49.956834] <TASK> [ 49.957251] dump_stack_lvl+0x4e/0x90 [ 49.957888] print_report+0xd2/0x660 [ 49.958474] ? __virt_addr_valid+0x156/0x1e0 [ 49.959136] ? kmem_cache_invalid_free+0xe4/0x260 [ 49.959783] ? kasan_complete_mode_report_info+0x2a/0x200 [ 49.960492] ? kmem_cache_invalid_free+0xe4/0x260 [ 49.961170] kasan_report_invalid_free+0xcf/0x100 [ 49.961824] ? kmem_cache_invalid_free+0xe4/0x260 [ 49.962532] ? kmem_cache_invalid_free+0xe4/0x260 [ 49.963181] ____kasan_slab_free+0x1c0/0x1d0 [ 49.963879] ? kmem_cache_invalid_free+0xe4/0x260 [ 49.964429] __kasan_slab_free+0x16/0x20 [ 49.965080] kmem_cache_free+0x1a7/0x4b0 [ 49.965619] kmem_cache_invalid_free+0xe4/0x260 [ 49.966339] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 49.967015] ? __schedule+0x70b/0x1190 [ 49.967626] ? ktime_get_ts64+0x118/0x140 [ 49.968300] kunit_try_run_case+0x126/0x290 [ 49.968975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 49.969558] ? __kasan_check_write+0x18/0x20 [ 49.970244] ? trace_preempt_on+0x20/0xa0 [ 49.970859] ? __kthread_parkme+0x4f/0xd0 [ 49.971469] ? preempt_count_sub+0x50/0x80 [ 49.972067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 49.972762] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 49.973565] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 49.974297] kthread+0x19e/0x1e0 [ 49.974833] ? __pfx_kthread+0x10/0x10 [ 49.975347] ret_from_fork+0x41/0x70 [ 49.975971] ? __pfx_kthread+0x10/0x10 [ 49.976547] ret_from_fork_asm+0x1b/0x30 [ 49.977162] </TASK> [ 49.977550] [ 49.977901] Allocated by task 214: [ 49.978294] kasan_save_stack+0x3c/0x60 [ 49.978935] kasan_set_track+0x29/0x40 [ 49.979473] kasan_save_alloc_info+0x22/0x30 [ 49.980153] __kasan_slab_alloc+0x91/0xa0 [ 49.980637] kmem_cache_alloc+0x180/0x3b0 [ 49.981309] kmem_cache_invalid_free+0xbd/0x260 [ 49.981885] kunit_try_run_case+0x126/0x290 [ 49.982509] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 49.983179] kthread+0x19e/0x1e0 [ 49.983638] ret_from_fork+0x41/0x70 [ 49.984195] ret_from_fork_asm+0x1b/0x30 [ 49.984659] [ 49.985043] The buggy address belongs to the object at ffff88810294f000 [ 49.985043] which belongs to the cache test_cache of size 200 [ 49.986202] The buggy address is located 1 bytes inside of [ 49.986202] 200-byte region [ffff88810294f000, ffff88810294f0c8) [ 49.987225] [ 49.987568] The buggy address belongs to the physical page: [ 49.988215] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294f [ 49.989274] flags: 0x200000000000800(slab|node=0|zone=2) [ 49.989916] page_type: 0xffffffff() [ 49.990420] raw: 0200000000000800 ffff888102947140 dead000000000122 0000000000000000 [ 49.991313] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 49.992046] page dumped because: kasan: bad access detected [ 49.992589] [ 49.992956] Memory state around the buggy address: [ 49.993541] ffff88810294ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.994219] ffff88810294ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.995080] >ffff88810294f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.995751] ^ [ 49.996231] ffff88810294f080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 49.996963] ffff88810294f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.997668] ==================================================================