Date
July 1, 2025, 11:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.064082] ================================================================== [ 19.064349] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 19.064637] Free of addr fff00000c7733000 by task kunit_try_catch/210 [ 19.064812] [ 19.064941] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.065176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.065557] Hardware name: linux,dummy-virt (DT) [ 19.065638] Call trace: [ 19.065664] show_stack+0x20/0x38 (C) [ 19.065727] dump_stack_lvl+0x8c/0xd0 [ 19.065784] print_report+0x118/0x608 [ 19.065837] kasan_report_invalid_free+0xc0/0xe8 [ 19.065891] check_slab_allocation+0xd4/0x108 [ 19.065943] __kasan_slab_pre_free+0x2c/0x48 [ 19.065996] kmem_cache_free+0xf0/0x468 [ 19.066046] kmem_cache_double_free+0x190/0x3c8 [ 19.066097] kunit_try_run_case+0x170/0x3f0 [ 19.066166] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.066225] kthread+0x328/0x630 [ 19.066305] ret_from_fork+0x10/0x20 [ 19.066362] [ 19.066401] Allocated by task 210: [ 19.066793] kasan_save_stack+0x3c/0x68 [ 19.066998] kasan_save_track+0x20/0x40 [ 19.067042] kasan_save_alloc_info+0x40/0x58 [ 19.067309] __kasan_slab_alloc+0xa8/0xb0 [ 19.067411] kmem_cache_alloc_noprof+0x10c/0x398 [ 19.067456] kmem_cache_double_free+0x12c/0x3c8 [ 19.067650] kunit_try_run_case+0x170/0x3f0 [ 19.067697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.067747] kthread+0x328/0x630 [ 19.068178] ret_from_fork+0x10/0x20 [ 19.068240] [ 19.068261] Freed by task 210: [ 19.068291] kasan_save_stack+0x3c/0x68 [ 19.068347] kasan_save_track+0x20/0x40 [ 19.068518] kasan_save_free_info+0x4c/0x78 [ 19.068585] __kasan_slab_free+0x6c/0x98 [ 19.068703] kmem_cache_free+0x260/0x468 [ 19.068746] kmem_cache_double_free+0x140/0x3c8 [ 19.068787] kunit_try_run_case+0x170/0x3f0 [ 19.068840] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.068889] kthread+0x328/0x630 [ 19.068923] ret_from_fork+0x10/0x20 [ 19.069039] [ 19.069121] The buggy address belongs to the object at fff00000c7733000 [ 19.069121] which belongs to the cache test_cache of size 200 [ 19.069437] The buggy address is located 0 bytes inside of [ 19.069437] 200-byte region [fff00000c7733000, fff00000c77330c8) [ 19.069509] [ 19.069536] The buggy address belongs to the physical page: [ 19.069849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107733 [ 19.069953] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.070014] page_type: f5(slab) [ 19.070062] raw: 0bfffe0000000000 fff00000c0cacb40 dead000000000122 0000000000000000 [ 19.070121] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.070180] page dumped because: kasan: bad access detected [ 19.070227] [ 19.070246] Memory state around the buggy address: [ 19.070285] fff00000c7732f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.070503] fff00000c7732f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.070822] >fff00000c7733000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.071005] ^ [ 19.071040] fff00000c7733080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 19.071090] fff00000c7733100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.071148] ==================================================================
[ 12.185840] ================================================================== [ 12.187255] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.187972] Free of addr ffff88810259b000 by task kunit_try_catch/226 [ 12.188313] [ 12.188628] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.188680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.188692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.188714] Call Trace: [ 12.188727] <TASK> [ 12.188746] dump_stack_lvl+0x73/0xb0 [ 12.188778] print_report+0xd1/0x650 [ 12.188801] ? __virt_addr_valid+0x1db/0x2d0 [ 12.188826] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.188846] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189173] kasan_report_invalid_free+0x10a/0x130 [ 12.189202] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189228] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189251] check_slab_allocation+0x101/0x130 [ 12.189272] __kasan_slab_pre_free+0x28/0x40 [ 12.189291] kmem_cache_free+0xed/0x420 [ 12.189312] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.189331] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189357] kmem_cache_double_free+0x1e5/0x480 [ 12.189394] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.189417] ? finish_task_switch.isra.0+0x153/0x700 [ 12.189439] ? __switch_to+0x47/0xf50 [ 12.189469] ? __pfx_read_tsc+0x10/0x10 [ 12.189491] ? ktime_get_ts64+0x86/0x230 [ 12.189514] kunit_try_run_case+0x1a5/0x480 [ 12.189540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.189560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.189584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.189606] ? __kthread_parkme+0x82/0x180 [ 12.189626] ? preempt_count_sub+0x50/0x80 [ 12.189648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.189670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.189691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.189712] kthread+0x337/0x6f0 [ 12.189731] ? trace_preempt_on+0x20/0xc0 [ 12.189753] ? __pfx_kthread+0x10/0x10 [ 12.189773] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.189793] ? calculate_sigpending+0x7b/0xa0 [ 12.189816] ? __pfx_kthread+0x10/0x10 [ 12.189835] ret_from_fork+0x116/0x1d0 [ 12.189852] ? __pfx_kthread+0x10/0x10 [ 12.189871] ret_from_fork_asm+0x1a/0x30 [ 12.189902] </TASK> [ 12.189913] [ 12.206046] Allocated by task 226: [ 12.206503] kasan_save_stack+0x45/0x70 [ 12.206940] kasan_save_track+0x18/0x40 [ 12.207102] kasan_save_alloc_info+0x3b/0x50 [ 12.207247] __kasan_slab_alloc+0x91/0xa0 [ 12.207392] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.207545] kmem_cache_double_free+0x14f/0x480 [ 12.208306] kunit_try_run_case+0x1a5/0x480 [ 12.208773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.209588] kthread+0x337/0x6f0 [ 12.210187] ret_from_fork+0x116/0x1d0 [ 12.210793] ret_from_fork_asm+0x1a/0x30 [ 12.211310] [ 12.211607] Freed by task 226: [ 12.211925] kasan_save_stack+0x45/0x70 [ 12.212430] kasan_save_track+0x18/0x40 [ 12.212765] kasan_save_free_info+0x3f/0x60 [ 12.213314] __kasan_slab_free+0x56/0x70 [ 12.213765] kmem_cache_free+0x249/0x420 [ 12.213913] kmem_cache_double_free+0x16a/0x480 [ 12.214557] kunit_try_run_case+0x1a5/0x480 [ 12.215116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.215499] kthread+0x337/0x6f0 [ 12.215880] ret_from_fork+0x116/0x1d0 [ 12.216451] ret_from_fork_asm+0x1a/0x30 [ 12.216618] [ 12.216941] The buggy address belongs to the object at ffff88810259b000 [ 12.216941] which belongs to the cache test_cache of size 200 [ 12.218136] The buggy address is located 0 bytes inside of [ 12.218136] 200-byte region [ffff88810259b000, ffff88810259b0c8) [ 12.218483] [ 12.218561] The buggy address belongs to the physical page: [ 12.218731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10259b [ 12.219173] flags: 0x200000000000000(node=0|zone=2) [ 12.219921] page_type: f5(slab) [ 12.220634] raw: 0200000000000000 ffff888102596140 dead000000000122 0000000000000000 [ 12.221492] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.222316] page dumped because: kasan: bad access detected [ 12.223072] [ 12.223348] Memory state around the buggy address: [ 12.224303] ffff88810259af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.224840] ffff88810259af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.225457] >ffff88810259b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.226040] ^ [ 12.226469] ffff88810259b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.227121] ffff88810259b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.227342] ==================================================================