Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.615809] ================================================================== [ 16.615879] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 16.615950] Free of addr fff00000c7048000 by task kunit_try_catch/210 [ 16.616003] [ 16.616046] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.616134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.616586] Hardware name: linux,dummy-virt (DT) [ 16.616632] Call trace: [ 16.616693] show_stack+0x20/0x38 (C) [ 16.617056] dump_stack_lvl+0x8c/0xd0 [ 16.617133] print_report+0x118/0x5d0 [ 16.617250] kasan_report_invalid_free+0xc0/0xe8 [ 16.617303] check_slab_allocation+0xd4/0x108 [ 16.617363] __kasan_slab_pre_free+0x2c/0x48 [ 16.617744] kmem_cache_free+0xf0/0x468 [ 16.617849] kmem_cache_double_free+0x190/0x3c8 [ 16.617939] kunit_try_run_case+0x170/0x3f0 [ 16.618077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.618145] kthread+0x328/0x630 [ 16.618523] ret_from_fork+0x10/0x20 [ 16.618644] [ 16.618705] Allocated by task 210: [ 16.618813] kasan_save_stack+0x3c/0x68 [ 16.618904] kasan_save_track+0x20/0x40 [ 16.618974] kasan_save_alloc_info+0x40/0x58 [ 16.619093] __kasan_slab_alloc+0xa8/0xb0 [ 16.619159] kmem_cache_alloc_noprof+0x10c/0x398 [ 16.619241] kmem_cache_double_free+0x12c/0x3c8 [ 16.619589] kunit_try_run_case+0x170/0x3f0 [ 16.619675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.619754] kthread+0x328/0x630 [ 16.619874] ret_from_fork+0x10/0x20 [ 16.619943] [ 16.620139] Freed by task 210: [ 16.620325] kasan_save_stack+0x3c/0x68 [ 16.620420] kasan_save_track+0x20/0x40 [ 16.620487] kasan_save_free_info+0x4c/0x78 [ 16.620633] __kasan_slab_free+0x6c/0x98 [ 16.620738] kmem_cache_free+0x260/0x468 [ 16.620808] kmem_cache_double_free+0x140/0x3c8 [ 16.620942] kunit_try_run_case+0x170/0x3f0 [ 16.620980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.621024] kthread+0x328/0x630 [ 16.621099] ret_from_fork+0x10/0x20 [ 16.621456] [ 16.621507] The buggy address belongs to the object at fff00000c7048000 [ 16.621507] which belongs to the cache test_cache of size 200 [ 16.621610] The buggy address is located 0 bytes inside of [ 16.621610] 200-byte region [fff00000c7048000, fff00000c70480c8) [ 16.621672] [ 16.622107] The buggy address belongs to the physical page: [ 16.622520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107048 [ 16.622608] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.622681] page_type: f5(slab) [ 16.623269] raw: 0bfffe0000000000 fff00000c708c140 dead000000000122 0000000000000000 [ 16.623342] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 16.623386] page dumped because: kasan: bad access detected [ 16.623571] [ 16.623595] Memory state around the buggy address: [ 16.623712] fff00000c7047f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.623781] fff00000c7047f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.623837] >fff00000c7048000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.623876] ^ [ 16.623928] fff00000c7048080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 16.623988] fff00000c7048100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.624033] ==================================================================
[ 17.278370] ================================================================== [ 17.278445] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 17.279230] Free of addr fff00000c5ace000 by task kunit_try_catch/210 [ 17.279839] [ 17.279888] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.280606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.280731] Hardware name: linux,dummy-virt (DT) [ 17.280768] Call trace: [ 17.280791] show_stack+0x20/0x38 (C) [ 17.280847] dump_stack_lvl+0x8c/0xd0 [ 17.280898] print_report+0x118/0x5d0 [ 17.282726] kasan_report_invalid_free+0xc0/0xe8 [ 17.282822] check_slab_allocation+0xd4/0x108 [ 17.282872] __kasan_slab_pre_free+0x2c/0x48 [ 17.282956] kmem_cache_free+0xf0/0x468 [ 17.283017] kmem_cache_double_free+0x190/0x3c8 [ 17.283094] kunit_try_run_case+0x170/0x3f0 [ 17.283660] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.283830] kthread+0x328/0x630 [ 17.283880] ret_from_fork+0x10/0x20 [ 17.283984] [ 17.284003] Allocated by task 210: [ 17.284032] kasan_save_stack+0x3c/0x68 [ 17.284369] kasan_save_track+0x20/0x40 [ 17.284419] kasan_save_alloc_info+0x40/0x58 [ 17.284459] __kasan_slab_alloc+0xa8/0xb0 [ 17.284495] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.284569] kmem_cache_double_free+0x12c/0x3c8 [ 17.284606] kunit_try_run_case+0x170/0x3f0 [ 17.284682] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.284764] kthread+0x328/0x630 [ 17.284823] ret_from_fork+0x10/0x20 [ 17.284965] [ 17.284983] Freed by task 210: [ 17.285011] kasan_save_stack+0x3c/0x68 [ 17.285135] kasan_save_track+0x20/0x40 [ 17.285255] kasan_save_free_info+0x4c/0x78 [ 17.285762] __kasan_slab_free+0x6c/0x98 [ 17.285838] kmem_cache_free+0x260/0x468 [ 17.285877] kmem_cache_double_free+0x140/0x3c8 [ 17.286696] kunit_try_run_case+0x170/0x3f0 [ 17.286865] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.286912] kthread+0x328/0x630 [ 17.286948] ret_from_fork+0x10/0x20 [ 17.286985] [ 17.287011] The buggy address belongs to the object at fff00000c5ace000 [ 17.287011] which belongs to the cache test_cache of size 200 [ 17.287222] The buggy address is located 0 bytes inside of [ 17.287222] 200-byte region [fff00000c5ace000, fff00000c5ace0c8) [ 17.287435] [ 17.287459] The buggy address belongs to the physical page: [ 17.287493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ace [ 17.287801] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.287876] page_type: f5(slab) [ 17.287943] raw: 0bfffe0000000000 fff00000c472a8c0 dead000000000122 0000000000000000 [ 17.287994] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.288036] page dumped because: kasan: bad access detected [ 17.288069] [ 17.288087] Memory state around the buggy address: [ 17.288121] fff00000c5acdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.288167] fff00000c5acdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.288285] >fff00000c5ace000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.288431] ^ [ 17.288508] fff00000c5ace080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 17.288571] fff00000c5ace100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.288639] ==================================================================
[ 13.361739] ================================================================== [ 13.362277] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 13.362626] Free of addr ffff8881026cb000 by task kunit_try_catch/226 [ 13.362841] [ 13.362955] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.362999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.363011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.363033] Call Trace: [ 13.363045] <TASK> [ 13.363138] dump_stack_lvl+0x73/0xb0 [ 13.363175] print_report+0xd1/0x610 [ 13.363199] ? __virt_addr_valid+0x1db/0x2d0 [ 13.363226] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.363249] ? kmem_cache_double_free+0x1e5/0x480 [ 13.363276] kasan_report_invalid_free+0x10a/0x130 [ 13.363301] ? kmem_cache_double_free+0x1e5/0x480 [ 13.363328] ? kmem_cache_double_free+0x1e5/0x480 [ 13.363353] check_slab_allocation+0x101/0x130 [ 13.363376] __kasan_slab_pre_free+0x28/0x40 [ 13.363397] kmem_cache_free+0xed/0x420 [ 13.363434] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.363465] ? kmem_cache_double_free+0x1e5/0x480 [ 13.363493] kmem_cache_double_free+0x1e5/0x480 [ 13.363518] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 13.363543] ? finish_task_switch.isra.0+0x153/0x700 [ 13.363636] ? __switch_to+0x47/0xf50 [ 13.363672] ? __pfx_read_tsc+0x10/0x10 [ 13.363697] ? ktime_get_ts64+0x86/0x230 [ 13.363723] kunit_try_run_case+0x1a5/0x480 [ 13.363750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.363773] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.363799] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.363824] ? __kthread_parkme+0x82/0x180 [ 13.363845] ? preempt_count_sub+0x50/0x80 [ 13.363869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.363894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.363919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.363945] kthread+0x337/0x6f0 [ 13.363964] ? trace_preempt_on+0x20/0xc0 [ 13.363989] ? __pfx_kthread+0x10/0x10 [ 13.364009] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.364031] ? calculate_sigpending+0x7b/0xa0 [ 13.364056] ? __pfx_kthread+0x10/0x10 [ 13.364078] ret_from_fork+0x116/0x1d0 [ 13.364097] ? __pfx_kthread+0x10/0x10 [ 13.364118] ret_from_fork_asm+0x1a/0x30 [ 13.364149] </TASK> [ 13.364159] [ 13.373962] Allocated by task 226: [ 13.374170] kasan_save_stack+0x45/0x70 [ 13.374404] kasan_save_track+0x18/0x40 [ 13.374567] kasan_save_alloc_info+0x3b/0x50 [ 13.374717] __kasan_slab_alloc+0x91/0xa0 [ 13.374996] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.375241] kmem_cache_double_free+0x14f/0x480 [ 13.375503] kunit_try_run_case+0x1a5/0x480 [ 13.375770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.376076] kthread+0x337/0x6f0 [ 13.376243] ret_from_fork+0x116/0x1d0 [ 13.376432] ret_from_fork_asm+0x1a/0x30 [ 13.376640] [ 13.376903] Freed by task 226: [ 13.377053] kasan_save_stack+0x45/0x70 [ 13.377281] kasan_save_track+0x18/0x40 [ 13.377520] kasan_save_free_info+0x3f/0x60 [ 13.377774] __kasan_slab_free+0x56/0x70 [ 13.378012] kmem_cache_free+0x249/0x420 [ 13.378206] kmem_cache_double_free+0x16a/0x480 [ 13.378429] kunit_try_run_case+0x1a5/0x480 [ 13.378617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.378793] kthread+0x337/0x6f0 [ 13.378913] ret_from_fork+0x116/0x1d0 [ 13.379186] ret_from_fork_asm+0x1a/0x30 [ 13.379403] [ 13.379530] The buggy address belongs to the object at ffff8881026cb000 [ 13.379530] which belongs to the cache test_cache of size 200 [ 13.380318] The buggy address is located 0 bytes inside of [ 13.380318] 200-byte region [ffff8881026cb000, ffff8881026cb0c8) [ 13.381284] [ 13.381731] The buggy address belongs to the physical page: [ 13.382269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026cb [ 13.383138] flags: 0x200000000000000(node=0|zone=2) [ 13.383657] page_type: f5(slab) [ 13.384015] raw: 0200000000000000 ffff8881009fc8c0 dead000000000122 0000000000000000 [ 13.384736] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.385570] page dumped because: kasan: bad access detected [ 13.385990] [ 13.386067] Memory state around the buggy address: [ 13.386225] ffff8881026caf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.386475] ffff8881026caf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.386804] >ffff8881026cb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.387196] ^ [ 13.387366] ffff8881026cb080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.387782] ffff8881026cb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.388076] ==================================================================
[ 13.540437] ================================================================== [ 13.542122] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 13.542365] Free of addr ffff888102b47000 by task kunit_try_catch/227 [ 13.542564] [ 13.542665] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.542716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.542728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.542748] Call Trace: [ 13.542759] <TASK> [ 13.542776] dump_stack_lvl+0x73/0xb0 [ 13.542806] print_report+0xd1/0x610 [ 13.542830] ? __virt_addr_valid+0x1db/0x2d0 [ 13.542856] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.542921] ? kmem_cache_double_free+0x1e5/0x480 [ 13.542948] kasan_report_invalid_free+0x10a/0x130 [ 13.542972] ? kmem_cache_double_free+0x1e5/0x480 [ 13.542999] ? kmem_cache_double_free+0x1e5/0x480 [ 13.543024] check_slab_allocation+0x101/0x130 [ 13.543046] __kasan_slab_pre_free+0x28/0x40 [ 13.543080] kmem_cache_free+0xed/0x420 [ 13.543101] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.543122] ? kmem_cache_double_free+0x1e5/0x480 [ 13.543149] kmem_cache_double_free+0x1e5/0x480 [ 13.543174] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 13.543199] ? finish_task_switch.isra.0+0x153/0x700 [ 13.543222] ? __switch_to+0x47/0xf50 [ 13.543250] ? __pfx_read_tsc+0x10/0x10 [ 13.543272] ? ktime_get_ts64+0x86/0x230 [ 13.543334] kunit_try_run_case+0x1a5/0x480 [ 13.543380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.543426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.543452] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.543476] ? __kthread_parkme+0x82/0x180 [ 13.543497] ? preempt_count_sub+0x50/0x80 [ 13.543520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.543545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.543569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.543594] kthread+0x337/0x6f0 [ 13.543613] ? trace_preempt_on+0x20/0xc0 [ 13.543637] ? __pfx_kthread+0x10/0x10 [ 13.543849] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.543873] ? calculate_sigpending+0x7b/0xa0 [ 13.543898] ? __pfx_kthread+0x10/0x10 [ 13.543919] ret_from_fork+0x116/0x1d0 [ 13.543940] ? __pfx_kthread+0x10/0x10 [ 13.543960] ret_from_fork_asm+0x1a/0x30 [ 13.543991] </TASK> [ 13.544000] [ 13.560306] Allocated by task 227: [ 13.560448] kasan_save_stack+0x45/0x70 [ 13.560598] kasan_save_track+0x18/0x40 [ 13.560988] kasan_save_alloc_info+0x3b/0x50 [ 13.561488] __kasan_slab_alloc+0x91/0xa0 [ 13.561950] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.562449] kmem_cache_double_free+0x14f/0x480 [ 13.563020] kunit_try_run_case+0x1a5/0x480 [ 13.563501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.563848] kthread+0x337/0x6f0 [ 13.564239] ret_from_fork+0x116/0x1d0 [ 13.564745] ret_from_fork_asm+0x1a/0x30 [ 13.565102] [ 13.565351] Freed by task 227: [ 13.565567] kasan_save_stack+0x45/0x70 [ 13.565858] kasan_save_track+0x18/0x40 [ 13.566247] kasan_save_free_info+0x3f/0x60 [ 13.566716] __kasan_slab_free+0x56/0x70 [ 13.566888] kmem_cache_free+0x249/0x420 [ 13.567338] kmem_cache_double_free+0x16a/0x480 [ 13.567582] kunit_try_run_case+0x1a5/0x480 [ 13.568143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.568603] kthread+0x337/0x6f0 [ 13.569018] ret_from_fork+0x116/0x1d0 [ 13.569342] ret_from_fork_asm+0x1a/0x30 [ 13.569483] [ 13.569554] The buggy address belongs to the object at ffff888102b47000 [ 13.569554] which belongs to the cache test_cache of size 200 [ 13.570820] The buggy address is located 0 bytes inside of [ 13.570820] 200-byte region [ffff888102b47000, ffff888102b470c8) [ 13.571524] [ 13.571630] The buggy address belongs to the physical page: [ 13.571845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b47 [ 13.572185] flags: 0x200000000000000(node=0|zone=2) [ 13.572411] page_type: f5(slab) [ 13.572569] raw: 0200000000000000 ffff888101b198c0 dead000000000122 0000000000000000 [ 13.572881] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.574291] page dumped because: kasan: bad access detected [ 13.574594] [ 13.575142] Memory state around the buggy address: [ 13.575692] ffff888102b46f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.576004] ffff888102b46f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.576955] >ffff888102b47000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.577679] ^ [ 13.578250] ffff888102b47080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.578984] ffff888102b47100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.579297] ==================================================================