Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.393468] ================================================================== [ 18.393556] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 18.393641] Read of size 1 at addr fff00000c1aa58c0 by task kunit_try_catch/216 [ 18.393693] [ 18.393738] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.393825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.393853] Hardware name: linux,dummy-virt (DT) [ 18.393887] Call trace: [ 18.393911] show_stack+0x20/0x38 (C) [ 18.393963] dump_stack_lvl+0x8c/0xd0 [ 18.394029] print_report+0x118/0x608 [ 18.394075] kasan_report+0xdc/0x128 [ 18.394119] __kasan_check_byte+0x54/0x70 [ 18.394166] kmem_cache_destroy+0x34/0x218 [ 18.394214] kmem_cache_double_destroy+0x174/0x300 [ 18.394262] kunit_try_run_case+0x170/0x3f0 [ 18.394311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.394363] kthread+0x328/0x630 [ 18.394406] ret_from_fork+0x10/0x20 [ 18.394455] [ 18.394473] Allocated by task 216: [ 18.394502] kasan_save_stack+0x3c/0x68 [ 18.394545] kasan_save_track+0x20/0x40 [ 18.394582] kasan_save_alloc_info+0x40/0x58 [ 18.394638] __kasan_slab_alloc+0xa8/0xb0 [ 18.394677] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.394719] __kmem_cache_create_args+0x178/0x280 [ 18.394758] kmem_cache_double_destroy+0xc0/0x300 [ 18.394798] kunit_try_run_case+0x170/0x3f0 [ 18.394836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.394879] kthread+0x328/0x630 [ 18.394912] ret_from_fork+0x10/0x20 [ 18.394948] [ 18.394966] Freed by task 216: [ 18.395006] kasan_save_stack+0x3c/0x68 [ 18.395044] kasan_save_track+0x20/0x40 [ 18.395081] kasan_save_free_info+0x4c/0x78 [ 18.395120] __kasan_slab_free+0x6c/0x98 [ 18.395156] kmem_cache_free+0x260/0x468 [ 18.395191] slab_kmem_cache_release+0x38/0x50 [ 18.395230] kmem_cache_release+0x1c/0x30 [ 18.395264] kobject_put+0x17c/0x420 [ 18.395300] sysfs_slab_release+0x1c/0x30 [ 18.395339] kmem_cache_destroy+0x118/0x218 [ 18.395376] kmem_cache_double_destroy+0x128/0x300 [ 18.395415] kunit_try_run_case+0x170/0x3f0 [ 18.395453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.395494] kthread+0x328/0x630 [ 18.395527] ret_from_fork+0x10/0x20 [ 18.395562] [ 18.395580] The buggy address belongs to the object at fff00000c1aa58c0 [ 18.395580] which belongs to the cache kmem_cache of size 208 [ 18.395638] The buggy address is located 0 bytes inside of [ 18.395638] freed 208-byte region [fff00000c1aa58c0, fff00000c1aa5990) [ 18.395698] [ 18.395720] The buggy address belongs to the physical page: [ 18.395754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aa5 [ 18.395809] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.395862] page_type: f5(slab) [ 18.395903] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 18.395952] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 18.396004] page dumped because: kasan: bad access detected [ 18.396035] [ 18.396053] Memory state around the buggy address: [ 18.396089] fff00000c1aa5780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.396132] fff00000c1aa5800: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 18.396174] >fff00000c1aa5880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 18.396212] ^ [ 18.396246] fff00000c1aa5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.396287] fff00000c1aa5980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.396325] ==================================================================
[ 18.008804] ================================================================== [ 18.008891] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 18.008981] Read of size 1 at addr fff00000c77d9500 by task kunit_try_catch/216 [ 18.009054] [ 18.009107] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 18.009223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.009422] Hardware name: linux,dummy-virt (DT) [ 18.009516] Call trace: [ 18.009580] show_stack+0x20/0x38 (C) [ 18.009638] dump_stack_lvl+0x8c/0xd0 [ 18.009734] print_report+0x118/0x608 [ 18.009783] kasan_report+0xdc/0x128 [ 18.010006] __kasan_check_byte+0x54/0x70 [ 18.010062] kmem_cache_destroy+0x34/0x218 [ 18.010299] kmem_cache_double_destroy+0x174/0x300 [ 18.010447] kunit_try_run_case+0x170/0x3f0 [ 18.010568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.010621] kthread+0x328/0x630 [ 18.010664] ret_from_fork+0x10/0x20 [ 18.010731] [ 18.011120] Allocated by task 216: [ 18.011216] kasan_save_stack+0x3c/0x68 [ 18.011324] kasan_save_track+0x20/0x40 [ 18.011364] kasan_save_alloc_info+0x40/0x58 [ 18.011404] __kasan_slab_alloc+0xa8/0xb0 [ 18.011458] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.011502] __kmem_cache_create_args+0x178/0x280 [ 18.011552] kmem_cache_double_destroy+0xc0/0x300 [ 18.011590] kunit_try_run_case+0x170/0x3f0 [ 18.011634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.011681] kthread+0x328/0x630 [ 18.011724] ret_from_fork+0x10/0x20 [ 18.011768] [ 18.011786] Freed by task 216: [ 18.011828] kasan_save_stack+0x3c/0x68 [ 18.011864] kasan_save_track+0x20/0x40 [ 18.011902] kasan_save_free_info+0x4c/0x78 [ 18.011959] __kasan_slab_free+0x6c/0x98 [ 18.011999] kmem_cache_free+0x260/0x468 [ 18.012035] slab_kmem_cache_release+0x38/0x50 [ 18.012075] kmem_cache_release+0x1c/0x30 [ 18.012112] kobject_put+0x17c/0x420 [ 18.012157] sysfs_slab_release+0x1c/0x30 [ 18.012195] kmem_cache_destroy+0x118/0x218 [ 18.012231] kmem_cache_double_destroy+0x128/0x300 [ 18.012279] kunit_try_run_case+0x170/0x3f0 [ 18.012316] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.012360] kthread+0x328/0x630 [ 18.012392] ret_from_fork+0x10/0x20 [ 18.012442] [ 18.012462] The buggy address belongs to the object at fff00000c77d9500 [ 18.012462] which belongs to the cache kmem_cache of size 208 [ 18.012529] The buggy address is located 0 bytes inside of [ 18.012529] freed 208-byte region [fff00000c77d9500, fff00000c77d95d0) [ 18.012589] [ 18.012612] The buggy address belongs to the physical page: [ 18.012651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d9 [ 18.012712] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.012763] page_type: f5(slab) [ 18.012802] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 18.012853] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 18.012894] page dumped because: kasan: bad access detected [ 18.012944] [ 18.012962] Memory state around the buggy address: [ 18.012997] fff00000c77d9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.013040] fff00000c77d9480: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.013088] >fff00000c77d9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.013125] ^ [ 18.013153] fff00000c77d9580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 18.013195] fff00000c77d9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.013234] ==================================================================
[ 14.313042] ================================================================== [ 14.313354] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 14.313987] Read of size 1 at addr ffff888102568000 by task kunit_try_catch/233 [ 14.315012] [ 14.315281] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.315371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.315393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.315426] Call Trace: [ 14.315442] <TASK> [ 14.315465] dump_stack_lvl+0x73/0xb0 [ 14.315514] print_report+0xd1/0x650 [ 14.315538] ? __virt_addr_valid+0x1db/0x2d0 [ 14.315565] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.315599] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.315825] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.315873] kasan_report+0x141/0x180 [ 14.315896] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.315919] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.315940] __kasan_check_byte+0x3d/0x50 [ 14.315958] kmem_cache_destroy+0x25/0x1d0 [ 14.315980] kmem_cache_double_destroy+0x1bf/0x380 [ 14.316001] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 14.316020] ? finish_task_switch.isra.0+0x153/0x700 [ 14.316041] ? __switch_to+0x47/0xf50 [ 14.316067] ? __pfx_read_tsc+0x10/0x10 [ 14.316086] ? ktime_get_ts64+0x86/0x230 [ 14.316108] kunit_try_run_case+0x1a5/0x480 [ 14.316152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.316171] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.316452] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.316475] ? __kthread_parkme+0x82/0x180 [ 14.316496] ? preempt_count_sub+0x50/0x80 [ 14.316538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.316568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.316599] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.316646] kthread+0x337/0x6f0 [ 14.316676] ? trace_preempt_on+0x20/0xc0 [ 14.316714] ? __pfx_kthread+0x10/0x10 [ 14.316742] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.316773] ? calculate_sigpending+0x7b/0xa0 [ 14.316806] ? __pfx_kthread+0x10/0x10 [ 14.316834] ret_from_fork+0x116/0x1d0 [ 14.316852] ? __pfx_kthread+0x10/0x10 [ 14.316871] ret_from_fork_asm+0x1a/0x30 [ 14.316899] </TASK> [ 14.316914] [ 14.328398] Allocated by task 233: [ 14.329073] kasan_save_stack+0x45/0x70 [ 14.329405] kasan_save_track+0x18/0x40 [ 14.329565] kasan_save_alloc_info+0x3b/0x50 [ 14.330076] __kasan_slab_alloc+0x91/0xa0 [ 14.330392] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.330768] __kmem_cache_create_args+0x169/0x240 [ 14.331173] kmem_cache_double_destroy+0xd5/0x380 [ 14.331731] kunit_try_run_case+0x1a5/0x480 [ 14.331976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.332283] kthread+0x337/0x6f0 [ 14.332544] ret_from_fork+0x116/0x1d0 [ 14.333299] ret_from_fork_asm+0x1a/0x30 [ 14.333597] [ 14.333969] Freed by task 233: [ 14.334236] kasan_save_stack+0x45/0x70 [ 14.334446] kasan_save_track+0x18/0x40 [ 14.334905] kasan_save_free_info+0x3f/0x60 [ 14.335177] __kasan_slab_free+0x56/0x70 [ 14.335466] kmem_cache_free+0x249/0x420 [ 14.335878] slab_kmem_cache_release+0x2e/0x40 [ 14.336252] kmem_cache_release+0x16/0x20 [ 14.336954] kobject_put+0x181/0x450 [ 14.337266] sysfs_slab_release+0x16/0x20 [ 14.337472] kmem_cache_destroy+0xf0/0x1d0 [ 14.337957] kmem_cache_double_destroy+0x14e/0x380 [ 14.338341] kunit_try_run_case+0x1a5/0x480 [ 14.338799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.339020] kthread+0x337/0x6f0 [ 14.339338] ret_from_fork+0x116/0x1d0 [ 14.339799] ret_from_fork_asm+0x1a/0x30 [ 14.339996] [ 14.340095] The buggy address belongs to the object at ffff888102568000 [ 14.340095] which belongs to the cache kmem_cache of size 208 [ 14.341157] The buggy address is located 0 bytes inside of [ 14.341157] freed 208-byte region [ffff888102568000, ffff8881025680d0) [ 14.342039] [ 14.342284] The buggy address belongs to the physical page: [ 14.342824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568 [ 14.343257] flags: 0x200000000000000(node=0|zone=2) [ 14.343486] page_type: f5(slab) [ 14.343866] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 14.344405] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 14.344781] page dumped because: kasan: bad access detected [ 14.344984] [ 14.345132] Memory state around the buggy address: [ 14.345579] ffff888102567f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 14.346581] ffff888102567f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.346989] >ffff888102568000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.347713] ^ [ 14.347900] ffff888102568080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 14.348208] ffff888102568100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.348478] ==================================================================
[ 14.448912] ================================================================== [ 14.449435] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 14.450224] Read of size 1 at addr ffff888101985780 by task kunit_try_catch/232 [ 14.450738] [ 14.451007] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.451076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.451211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.451239] Call Trace: [ 14.451256] <TASK> [ 14.451278] dump_stack_lvl+0x73/0xb0 [ 14.451317] print_report+0xd1/0x650 [ 14.451343] ? __virt_addr_valid+0x1db/0x2d0 [ 14.451372] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.451400] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.451429] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.451456] kasan_report+0x141/0x180 [ 14.451481] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.451512] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.451542] __kasan_check_byte+0x3d/0x50 [ 14.451568] kmem_cache_destroy+0x25/0x1d0 [ 14.451594] kmem_cache_double_destroy+0x1bf/0x380 [ 14.451620] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 14.451647] ? finish_task_switch.isra.0+0x153/0x700 [ 14.451673] ? __switch_to+0x47/0xf50 [ 14.451708] ? __pfx_read_tsc+0x10/0x10 [ 14.451733] ? ktime_get_ts64+0x86/0x230 [ 14.451761] kunit_try_run_case+0x1a5/0x480 [ 14.451790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.451815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.451844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.451870] ? __kthread_parkme+0x82/0x180 [ 14.451894] ? preempt_count_sub+0x50/0x80 [ 14.451921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.451948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.451974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.452000] kthread+0x337/0x6f0 [ 14.452022] ? trace_preempt_on+0x20/0xc0 [ 14.452062] ? __pfx_kthread+0x10/0x10 [ 14.452086] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.452109] ? calculate_sigpending+0x7b/0xa0 [ 14.452138] ? __pfx_kthread+0x10/0x10 [ 14.452162] ret_from_fork+0x116/0x1d0 [ 14.452183] ? __pfx_kthread+0x10/0x10 [ 14.452206] ret_from_fork_asm+0x1a/0x30 [ 14.452242] </TASK> [ 14.452256] [ 14.464404] Allocated by task 232: [ 14.464970] kasan_save_stack+0x45/0x70 [ 14.465213] kasan_save_track+0x18/0x40 [ 14.465492] kasan_save_alloc_info+0x3b/0x50 [ 14.465702] __kasan_slab_alloc+0x91/0xa0 [ 14.466113] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.466290] __kmem_cache_create_args+0x169/0x240 [ 14.466460] kmem_cache_double_destroy+0xd5/0x380 [ 14.466927] kunit_try_run_case+0x1a5/0x480 [ 14.467169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.467413] kthread+0x337/0x6f0 [ 14.467541] ret_from_fork+0x116/0x1d0 [ 14.467680] ret_from_fork_asm+0x1a/0x30 [ 14.467832] [ 14.467909] Freed by task 232: [ 14.468027] kasan_save_stack+0x45/0x70 [ 14.468178] kasan_save_track+0x18/0x40 [ 14.468318] kasan_save_free_info+0x3f/0x60 [ 14.468470] __kasan_slab_free+0x56/0x70 [ 14.468610] kmem_cache_free+0x249/0x420 [ 14.468751] slab_kmem_cache_release+0x2e/0x40 [ 14.468905] kmem_cache_release+0x16/0x20 [ 14.469416] kobject_put+0x181/0x450 [ 14.469650] sysfs_slab_release+0x16/0x20 [ 14.469807] kmem_cache_destroy+0xf0/0x1d0 [ 14.471089] kmem_cache_double_destroy+0x14e/0x380 [ 14.471536] kunit_try_run_case+0x1a5/0x480 [ 14.471909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.472170] kthread+0x337/0x6f0 [ 14.472342] ret_from_fork+0x116/0x1d0 [ 14.472535] ret_from_fork_asm+0x1a/0x30 [ 14.472731] [ 14.472992] The buggy address belongs to the object at ffff888101985780 [ 14.472992] which belongs to the cache kmem_cache of size 208 [ 14.473548] The buggy address is located 0 bytes inside of [ 14.473548] freed 208-byte region [ffff888101985780, ffff888101985850) [ 14.475496] [ 14.475588] The buggy address belongs to the physical page: [ 14.475785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101985 [ 14.476040] flags: 0x200000000000000(node=0|zone=2) [ 14.476303] page_type: f5(slab) [ 14.476481] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 14.476843] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 14.478854] page dumped because: kasan: bad access detected [ 14.479669] [ 14.479943] Memory state around the buggy address: [ 14.480390] ffff888101985680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.481126] ffff888101985700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.481971] >ffff888101985780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.482617] ^ [ 14.483010] ffff888101985800: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 14.483643] ffff888101985880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.484335] ==================================================================
[ 34.640306] ================================================================== [ 34.651468] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 34.659224] Read of size 1 at addr ffff888103805040 by task kunit_try_catch/256 [ 34.666539] [ 34.668039] CPU: 3 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 34.668048] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 34.668052] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 34.668055] Call Trace: [ 34.668057] <TASK> [ 34.668059] dump_stack_lvl+0x73/0xb0 [ 34.668065] print_report+0xd1/0x650 [ 34.668069] ? __virt_addr_valid+0x1db/0x2d0 [ 34.668074] ? kmem_cache_double_destroy+0x1bf/0x380 [ 34.668079] ? kasan_complete_mode_report_info+0x64/0x200 [ 34.668084] ? kmem_cache_double_destroy+0x1bf/0x380 [ 34.668089] kasan_report+0x141/0x180 [ 34.668093] ? kmem_cache_double_destroy+0x1bf/0x380 [ 34.668098] ? kmem_cache_double_destroy+0x1bf/0x380 [ 34.668103] __kasan_check_byte+0x3d/0x50 [ 34.668107] kmem_cache_destroy+0x25/0x1d0 [ 34.668111] kmem_cache_double_destroy+0x1bf/0x380 [ 34.668116] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 34.668121] ? finish_task_switch.isra.0+0x153/0x700 [ 34.668125] ? __switch_to+0x544/0xf50 [ 34.668131] ? ktime_get_ts64+0x83/0x230 [ 34.668136] kunit_try_run_case+0x1a2/0x480 [ 34.668141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.668145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.668150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.668154] ? __kthread_parkme+0x82/0x180 [ 34.668158] ? preempt_count_sub+0x50/0x80 [ 34.668162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.668167] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 34.668171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.668175] kthread+0x334/0x6f0 [ 34.668179] ? trace_preempt_on+0x20/0xc0 [ 34.668184] ? __pfx_kthread+0x10/0x10 [ 34.668187] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.668191] ? calculate_sigpending+0x7b/0xa0 [ 34.668196] ? __pfx_kthread+0x10/0x10 [ 34.668200] ret_from_fork+0x113/0x1d0 [ 34.668204] ? __pfx_kthread+0x10/0x10 [ 34.668208] ret_from_fork_asm+0x1a/0x30 [ 34.668214] </TASK> [ 34.668216] [ 34.849648] Allocated by task 256: [ 34.853054] kasan_save_stack+0x45/0x70 [ 34.856891] kasan_save_track+0x18/0x40 [ 34.860730] kasan_save_alloc_info+0x3b/0x50 [ 34.865004] __kasan_slab_alloc+0x91/0xa0 [ 34.869016] kmem_cache_alloc_noprof+0x123/0x3f0 [ 34.873636] __kmem_cache_create_args+0x169/0x240 [ 34.878367] kmem_cache_double_destroy+0xd5/0x380 [ 34.883100] kunit_try_run_case+0x1a2/0x480 [ 34.887286] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 34.892685] kthread+0x334/0x6f0 [ 34.895918] ret_from_fork+0x113/0x1d0 [ 34.899671] ret_from_fork_asm+0x1a/0x30 [ 34.903598] [ 34.905097] Freed by task 256: [ 34.908155] kasan_save_stack+0x45/0x70 [ 34.911995] kasan_save_track+0x18/0x40 [ 34.915834] kasan_save_free_info+0x3f/0x60 [ 34.920028] __kasan_slab_free+0x56/0x70 [ 34.923955] kmem_cache_free+0x249/0x420 [ 34.927879] slab_kmem_cache_release+0x2e/0x40 [ 34.932327] kmem_cache_release+0x16/0x20 [ 34.936404] kobject_put+0x17e/0x450 [ 34.939986] sysfs_slab_release+0x16/0x20 [ 34.944001] kmem_cache_destroy+0xf0/0x1d0 [ 34.948099] kmem_cache_double_destroy+0x14e/0x380 [ 34.952893] kunit_try_run_case+0x1a2/0x480 [ 34.957077] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 34.962477] kthread+0x334/0x6f0 [ 34.965711] ret_from_fork+0x113/0x1d0 [ 34.969461] ret_from_fork_asm+0x1a/0x30 [ 34.973394] [ 34.974889] The buggy address belongs to the object at ffff888103805040 [ 34.974889] which belongs to the cache kmem_cache of size 208 [ 34.987316] The buggy address is located 0 bytes inside of [ 34.987316] freed 208-byte region [ffff888103805040, ffff888103805110) [ 34.999422] [ 35.000922] The buggy address belongs to the physical page: [ 35.006496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103804 [ 35.014505] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.022163] flags: 0x200000000000040(head|node=0|zone=2) [ 35.027476] page_type: f5(slab) [ 35.030625] raw: 0200000000000040 ffff888100042000 dead000000000122 0000000000000000 [ 35.038372] raw: 0000000000000000 0000000080190019 00000000f5000000 0000000000000000 [ 35.046137] head: 0200000000000040 ffff888100042000 dead000000000122 0000000000000000 [ 35.053963] head: 0000000000000000 0000000080190019 00000000f5000000 0000000000000000 [ 35.061789] head: 0200000000000001 ffffea00040e0101 00000000ffffffff 00000000ffffffff [ 35.069615] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 35.077440] page dumped because: kasan: bad access detected [ 35.083012] [ 35.084511] Memory state around the buggy address: [ 35.089305] ffff888103804f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.096524] ffff888103804f80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 35.103742] >ffff888103805000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 35.110963] ^ [ 35.116277] ffff888103805080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.123504] ffff888103805100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.130722] ==================================================================