Date
July 9, 2025, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.292504] ================================================================== [ 18.292598] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 18.292667] Free of addr fff00000c7752001 by task kunit_try_catch/211 [ 18.292710] [ 18.292749] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 18.292839] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 18.292974] Hardware name: linux,dummy-virt (DT) [ 18.293156] Call trace: [ 18.293271] show_stack+0x20/0x38 (C) [ 18.293487] dump_stack_lvl+0x8c/0xd0 [ 18.293550] print_report+0x118/0x608 [ 18.293749] kasan_report_invalid_free+0xc0/0xe8 [ 18.293999] check_slab_allocation+0xfc/0x108 [ 18.294048] __kasan_slab_pre_free+0x2c/0x48 [ 18.294113] kmem_cache_free+0xf0/0x468 [ 18.294228] kmem_cache_invalid_free+0x184/0x3c8 [ 18.294411] kunit_try_run_case+0x170/0x3f0 [ 18.294645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.294707] kthread+0x328/0x630 [ 18.294790] ret_from_fork+0x10/0x20 [ 18.294842] [ 18.294861] Allocated by task 211: [ 18.294889] kasan_save_stack+0x3c/0x68 [ 18.294930] kasan_save_track+0x20/0x40 [ 18.294969] kasan_save_alloc_info+0x40/0x58 [ 18.295009] __kasan_slab_alloc+0xa8/0xb0 [ 18.295056] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.295817] kmem_cache_invalid_free+0x12c/0x3c8 [ 18.295926] kunit_try_run_case+0x170/0x3f0 [ 18.295967] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.296011] kthread+0x328/0x630 [ 18.296048] ret_from_fork+0x10/0x20 [ 18.296094] [ 18.296113] The buggy address belongs to the object at fff00000c7752000 [ 18.296113] which belongs to the cache test_cache of size 200 [ 18.296173] The buggy address is located 1 bytes inside of [ 18.296173] 200-byte region [fff00000c7752000, fff00000c77520c8) [ 18.296234] [ 18.296253] The buggy address belongs to the physical page: [ 18.296287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107752 [ 18.296344] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.296394] page_type: f5(slab) [ 18.296439] raw: 0bfffe0000000000 fff00000c1ba2500 dead000000000122 0000000000000000 [ 18.296581] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.296748] page dumped because: kasan: bad access detected [ 18.296814] [ 18.296837] Memory state around the buggy address: [ 18.296878] fff00000c7751f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.297106] fff00000c7751f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.297151] >fff00000c7752000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.297208] ^ [ 18.297237] fff00000c7752080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 18.297280] fff00000c7752100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.297319] ==================================================================
[ 13.498729] ================================================================== [ 13.499348] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.500033] Free of addr ffff8881029c1001 by task kunit_try_catch/228 [ 13.500860] [ 13.501102] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.501151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.501162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.501183] Call Trace: [ 13.501197] <TASK> [ 13.501217] dump_stack_lvl+0x73/0xb0 [ 13.501254] print_report+0xd1/0x650 [ 13.501278] ? __virt_addr_valid+0x1db/0x2d0 [ 13.501305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.501327] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.501353] kasan_report_invalid_free+0x10a/0x130 [ 13.501377] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.501403] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.501427] check_slab_allocation+0x11f/0x130 [ 13.501449] __kasan_slab_pre_free+0x28/0x40 [ 13.501469] kmem_cache_free+0xed/0x420 [ 13.501489] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.501510] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.501537] kmem_cache_invalid_free+0x1d8/0x460 [ 13.501561] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.501585] ? finish_task_switch.isra.0+0x153/0x700 [ 13.501620] ? __switch_to+0x47/0xf50 [ 13.501649] ? __pfx_read_tsc+0x10/0x10 [ 13.501671] ? ktime_get_ts64+0x86/0x230 [ 13.501696] kunit_try_run_case+0x1a5/0x480 [ 13.501722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.501745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.501789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.501850] ? __kthread_parkme+0x82/0x180 [ 13.501872] ? preempt_count_sub+0x50/0x80 [ 13.501894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.501918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.501942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.501966] kthread+0x337/0x6f0 [ 13.501985] ? trace_preempt_on+0x20/0xc0 [ 13.502009] ? __pfx_kthread+0x10/0x10 [ 13.502029] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.502050] ? calculate_sigpending+0x7b/0xa0 [ 13.502074] ? __pfx_kthread+0x10/0x10 [ 13.502095] ret_from_fork+0x116/0x1d0 [ 13.502113] ? __pfx_kthread+0x10/0x10 [ 13.502133] ret_from_fork_asm+0x1a/0x30 [ 13.502164] </TASK> [ 13.502174] [ 13.514161] Allocated by task 228: [ 13.514502] kasan_save_stack+0x45/0x70 [ 13.514974] kasan_save_track+0x18/0x40 [ 13.515322] kasan_save_alloc_info+0x3b/0x50 [ 13.515727] __kasan_slab_alloc+0x91/0xa0 [ 13.516149] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.516561] kmem_cache_invalid_free+0x157/0x460 [ 13.517036] kunit_try_run_case+0x1a5/0x480 [ 13.517421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.517989] kthread+0x337/0x6f0 [ 13.518297] ret_from_fork+0x116/0x1d0 [ 13.518658] ret_from_fork_asm+0x1a/0x30 [ 13.519068] [ 13.519164] The buggy address belongs to the object at ffff8881029c1000 [ 13.519164] which belongs to the cache test_cache of size 200 [ 13.519521] The buggy address is located 1 bytes inside of [ 13.519521] 200-byte region [ffff8881029c1000, ffff8881029c10c8) [ 13.520449] [ 13.520620] The buggy address belongs to the physical page: [ 13.521142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c1 [ 13.521887] flags: 0x200000000000000(node=0|zone=2) [ 13.522145] page_type: f5(slab) [ 13.522271] raw: 0200000000000000 ffff888100eebc80 dead000000000122 0000000000000000 [ 13.522503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.523147] page dumped because: kasan: bad access detected [ 13.523636] [ 13.523789] Memory state around the buggy address: [ 13.524283] ffff8881029c0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.524957] ffff8881029c0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.525384] >ffff8881029c1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.525608] ^ [ 13.525723] ffff8881029c1080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.526275] ffff8881029c1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.526933] ==================================================================