Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.291231] ================================================================== [ 17.291305] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 17.291375] Free of addr fff00000c7879000 by task kunit_try_catch/209 [ 17.291420] [ 17.292088] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 17.292453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.292496] Hardware name: linux,dummy-virt (DT) [ 17.292533] Call trace: [ 17.292558] show_stack+0x20/0x38 (C) [ 17.292891] dump_stack_lvl+0x8c/0xd0 [ 17.293292] print_report+0x118/0x5d0 [ 17.293392] kasan_report_invalid_free+0xc0/0xe8 [ 17.293592] check_slab_allocation+0xd4/0x108 [ 17.293932] __kasan_slab_pre_free+0x2c/0x48 [ 17.294195] kmem_cache_free+0xf0/0x468 [ 17.294367] kmem_cache_double_free+0x190/0x3c8 [ 17.294530] kunit_try_run_case+0x170/0x3f0 [ 17.294634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.294689] kthread+0x328/0x630 [ 17.295090] ret_from_fork+0x10/0x20 [ 17.295278] [ 17.295368] Allocated by task 209: [ 17.295534] kasan_save_stack+0x3c/0x68 [ 17.295754] kasan_save_track+0x20/0x40 [ 17.295997] kasan_save_alloc_info+0x40/0x58 [ 17.296065] __kasan_slab_alloc+0xa8/0xb0 [ 17.296105] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.296412] kmem_cache_double_free+0x12c/0x3c8 [ 17.296524] kunit_try_run_case+0x170/0x3f0 [ 17.296737] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.296888] kthread+0x328/0x630 [ 17.296995] ret_from_fork+0x10/0x20 [ 17.297043] [ 17.297062] Freed by task 209: [ 17.297120] kasan_save_stack+0x3c/0x68 [ 17.297464] kasan_save_track+0x20/0x40 [ 17.297775] kasan_save_free_info+0x4c/0x78 [ 17.297949] __kasan_slab_free+0x6c/0x98 [ 17.298063] kmem_cache_free+0x260/0x468 [ 17.298102] kmem_cache_double_free+0x140/0x3c8 [ 17.298162] kunit_try_run_case+0x170/0x3f0 [ 17.298206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.298419] kthread+0x328/0x630 [ 17.298667] ret_from_fork+0x10/0x20 [ 17.298758] [ 17.298888] The buggy address belongs to the object at fff00000c7879000 [ 17.298888] which belongs to the cache test_cache of size 200 [ 17.298972] The buggy address is located 0 bytes inside of [ 17.298972] 200-byte region [fff00000c7879000, fff00000c78790c8) [ 17.299292] [ 17.299518] The buggy address belongs to the physical page: [ 17.299566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107879 [ 17.299644] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.299747] page_type: f5(slab) [ 17.300043] raw: 0bfffe0000000000 fff00000c5905b40 dead000000000122 0000000000000000 [ 17.300234] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.300339] page dumped because: kasan: bad access detected [ 17.300448] [ 17.300626] Memory state around the buggy address: [ 17.300690] fff00000c7878f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.300776] fff00000c7878f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.300822] >fff00000c7879000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.300864] ^ [ 17.300924] fff00000c7879080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 17.300971] fff00000c7879100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.301010] ==================================================================
[ 17.257781] ================================================================== [ 17.257866] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 17.257971] Free of addr fff00000c6670000 by task kunit_try_catch/209 [ 17.258037] [ 17.258080] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 17.258170] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.258217] Hardware name: linux,dummy-virt (DT) [ 17.258254] Call trace: [ 17.258280] show_stack+0x20/0x38 (C) [ 17.258371] dump_stack_lvl+0x8c/0xd0 [ 17.258425] print_report+0x118/0x5d0 [ 17.258473] kasan_report_invalid_free+0xc0/0xe8 [ 17.258523] check_slab_allocation+0xd4/0x108 [ 17.258606] __kasan_slab_pre_free+0x2c/0x48 [ 17.258674] kmem_cache_free+0xf0/0x468 [ 17.258721] kmem_cache_double_free+0x190/0x3c8 [ 17.258784] kunit_try_run_case+0x170/0x3f0 [ 17.258851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.258905] kthread+0x328/0x630 [ 17.258949] ret_from_fork+0x10/0x20 [ 17.258999] [ 17.259017] Allocated by task 209: [ 17.259081] kasan_save_stack+0x3c/0x68 [ 17.259139] kasan_save_track+0x20/0x40 [ 17.259206] kasan_save_alloc_info+0x40/0x58 [ 17.259246] __kasan_slab_alloc+0xa8/0xb0 [ 17.259291] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.259346] kmem_cache_double_free+0x12c/0x3c8 [ 17.259386] kunit_try_run_case+0x170/0x3f0 [ 17.259428] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.259597] kthread+0x328/0x630 [ 17.259691] ret_from_fork+0x10/0x20 [ 17.259735] [ 17.259842] Freed by task 209: [ 17.259937] kasan_save_stack+0x3c/0x68 [ 17.260034] kasan_save_track+0x20/0x40 [ 17.260081] kasan_save_free_info+0x4c/0x78 [ 17.260149] __kasan_slab_free+0x6c/0x98 [ 17.260205] kmem_cache_free+0x260/0x468 [ 17.260250] kmem_cache_double_free+0x140/0x3c8 [ 17.260290] kunit_try_run_case+0x170/0x3f0 [ 17.260444] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.260598] kthread+0x328/0x630 [ 17.260645] ret_from_fork+0x10/0x20 [ 17.260682] [ 17.260701] The buggy address belongs to the object at fff00000c6670000 [ 17.260701] which belongs to the cache test_cache of size 200 [ 17.260761] The buggy address is located 0 bytes inside of [ 17.260761] 200-byte region [fff00000c6670000, fff00000c66700c8) [ 17.260822] [ 17.260844] The buggy address belongs to the physical page: [ 17.260897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106670 [ 17.260985] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.261040] page_type: f5(slab) [ 17.261085] raw: 0bfffe0000000000 fff00000c19dcdc0 dead000000000122 0000000000000000 [ 17.261136] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.261179] page dumped because: kasan: bad access detected [ 17.261232] [ 17.261397] Memory state around the buggy address: [ 17.261508] fff00000c666ff00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.261583] fff00000c666ff80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 17.261693] >fff00000c6670000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.261734] ^ [ 17.261932] fff00000c6670080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 17.262172] fff00000c6670100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.262312] ==================================================================
[ 13.349902] ================================================================== [ 13.350438] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 13.350873] Free of addr ffff888103152000 by task kunit_try_catch/227 [ 13.351413] [ 13.351514] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.351561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.351573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.351595] Call Trace: [ 13.351608] <TASK> [ 13.351626] dump_stack_lvl+0x73/0xb0 [ 13.351659] print_report+0xd1/0x610 [ 13.351681] ? __virt_addr_valid+0x1db/0x2d0 [ 13.351706] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.351727] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351753] kasan_report_invalid_free+0x10a/0x130 [ 13.351777] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351803] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351827] check_slab_allocation+0x101/0x130 [ 13.351849] __kasan_slab_pre_free+0x28/0x40 [ 13.351869] kmem_cache_free+0xed/0x420 [ 13.351889] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.351909] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351936] kmem_cache_double_free+0x1e5/0x480 [ 13.351960] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 13.351982] ? finish_task_switch.isra.0+0x153/0x700 [ 13.352005] ? __switch_to+0x47/0xf50 [ 13.352098] ? __pfx_read_tsc+0x10/0x10 [ 13.352122] ? ktime_get_ts64+0x86/0x230 [ 13.352148] kunit_try_run_case+0x1a5/0x480 [ 13.352173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.352196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.352220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.352243] ? __kthread_parkme+0x82/0x180 [ 13.352264] ? preempt_count_sub+0x50/0x80 [ 13.352287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.352311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.352334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.352356] kthread+0x337/0x6f0 [ 13.352376] ? trace_preempt_on+0x20/0xc0 [ 13.352411] ? __pfx_kthread+0x10/0x10 [ 13.352433] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.352454] ? calculate_sigpending+0x7b/0xa0 [ 13.352479] ? __pfx_kthread+0x10/0x10 [ 13.352500] ret_from_fork+0x116/0x1d0 [ 13.352518] ? __pfx_kthread+0x10/0x10 [ 13.352539] ret_from_fork_asm+0x1a/0x30 [ 13.352571] </TASK> [ 13.352582] [ 13.366893] Allocated by task 227: [ 13.367077] kasan_save_stack+0x45/0x70 [ 13.367441] kasan_save_track+0x18/0x40 [ 13.367792] kasan_save_alloc_info+0x3b/0x50 [ 13.368276] __kasan_slab_alloc+0x91/0xa0 [ 13.368643] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.369135] kmem_cache_double_free+0x14f/0x480 [ 13.369600] kunit_try_run_case+0x1a5/0x480 [ 13.369760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.369939] kthread+0x337/0x6f0 [ 13.370180] ret_from_fork+0x116/0x1d0 [ 13.370528] ret_from_fork_asm+0x1a/0x30 [ 13.370922] [ 13.371079] Freed by task 227: [ 13.371408] kasan_save_stack+0x45/0x70 [ 13.371790] kasan_save_track+0x18/0x40 [ 13.372211] kasan_save_free_info+0x3f/0x60 [ 13.372693] __kasan_slab_free+0x56/0x70 [ 13.373044] kmem_cache_free+0x249/0x420 [ 13.373416] kmem_cache_double_free+0x16a/0x480 [ 13.373580] kunit_try_run_case+0x1a5/0x480 [ 13.373969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.374648] kthread+0x337/0x6f0 [ 13.374961] ret_from_fork+0x116/0x1d0 [ 13.375096] ret_from_fork_asm+0x1a/0x30 [ 13.375447] [ 13.375624] The buggy address belongs to the object at ffff888103152000 [ 13.375624] which belongs to the cache test_cache of size 200 [ 13.376444] The buggy address is located 0 bytes inside of [ 13.376444] 200-byte region [ffff888103152000, ffff8881031520c8) [ 13.377340] [ 13.377522] The buggy address belongs to the physical page: [ 13.378072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103152 [ 13.378614] flags: 0x200000000000000(node=0|zone=2) [ 13.379094] page_type: f5(slab) [ 13.379255] raw: 0200000000000000 ffff888100eebdc0 dead000000000122 0000000000000000 [ 13.380280] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.380616] page dumped because: kasan: bad access detected [ 13.380802] [ 13.380874] Memory state around the buggy address: [ 13.381072] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.381679] ffff888103151f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.382372] >ffff888103152000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.383137] ^ [ 13.383455] ffff888103152080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.384231] ffff888103152100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.384898] ==================================================================
[ 13.448971] ================================================================== [ 13.450661] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 13.451383] Free of addr ffff888102a58000 by task kunit_try_catch/226 [ 13.452489] [ 13.452682] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.452979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.452992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.453015] Call Trace: [ 13.453028] <TASK> [ 13.453049] dump_stack_lvl+0x73/0xb0 [ 13.453083] print_report+0xd1/0x610 [ 13.453105] ? __virt_addr_valid+0x1db/0x2d0 [ 13.453130] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.453163] ? kmem_cache_double_free+0x1e5/0x480 [ 13.453188] kasan_report_invalid_free+0x10a/0x130 [ 13.453211] ? kmem_cache_double_free+0x1e5/0x480 [ 13.453236] ? kmem_cache_double_free+0x1e5/0x480 [ 13.453259] check_slab_allocation+0x101/0x130 [ 13.453280] __kasan_slab_pre_free+0x28/0x40 [ 13.453299] kmem_cache_free+0xed/0x420 [ 13.453333] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.453353] ? kmem_cache_double_free+0x1e5/0x480 [ 13.453378] kmem_cache_double_free+0x1e5/0x480 [ 13.453402] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 13.453424] ? finish_task_switch.isra.0+0x153/0x700 [ 13.453447] ? __switch_to+0x47/0xf50 [ 13.453476] ? __pfx_read_tsc+0x10/0x10 [ 13.453497] ? ktime_get_ts64+0x86/0x230 [ 13.453521] kunit_try_run_case+0x1a5/0x480 [ 13.453547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.453569] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.453594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.453616] ? __kthread_parkme+0x82/0x180 [ 13.453637] ? preempt_count_sub+0x50/0x80 [ 13.453658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.453681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.453703] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.453726] kthread+0x337/0x6f0 [ 13.453745] ? trace_preempt_on+0x20/0xc0 [ 13.453768] ? __pfx_kthread+0x10/0x10 [ 13.453788] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.453808] ? calculate_sigpending+0x7b/0xa0 [ 13.453832] ? __pfx_kthread+0x10/0x10 [ 13.453924] ret_from_fork+0x116/0x1d0 [ 13.453945] ? __pfx_kthread+0x10/0x10 [ 13.453965] ret_from_fork_asm+0x1a/0x30 [ 13.453995] </TASK> [ 13.454005] [ 13.468287] Allocated by task 226: [ 13.468447] kasan_save_stack+0x45/0x70 [ 13.468608] kasan_save_track+0x18/0x40 [ 13.468745] kasan_save_alloc_info+0x3b/0x50 [ 13.469050] __kasan_slab_alloc+0x91/0xa0 [ 13.469430] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.469938] kmem_cache_double_free+0x14f/0x480 [ 13.470403] kunit_try_run_case+0x1a5/0x480 [ 13.470796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.471378] kthread+0x337/0x6f0 [ 13.471712] ret_from_fork+0x116/0x1d0 [ 13.472108] ret_from_fork_asm+0x1a/0x30 [ 13.472565] [ 13.472745] Freed by task 226: [ 13.473045] kasan_save_stack+0x45/0x70 [ 13.473503] kasan_save_track+0x18/0x40 [ 13.473917] kasan_save_free_info+0x3f/0x60 [ 13.474071] __kasan_slab_free+0x56/0x70 [ 13.474223] kmem_cache_free+0x249/0x420 [ 13.474381] kmem_cache_double_free+0x16a/0x480 [ 13.474540] kunit_try_run_case+0x1a5/0x480 [ 13.474688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.474880] kthread+0x337/0x6f0 [ 13.475000] ret_from_fork+0x116/0x1d0 [ 13.475133] ret_from_fork_asm+0x1a/0x30 [ 13.475800] [ 13.476021] The buggy address belongs to the object at ffff888102a58000 [ 13.476021] which belongs to the cache test_cache of size 200 [ 13.476995] The buggy address is located 0 bytes inside of [ 13.476995] 200-byte region [ffff888102a58000, ffff888102a580c8) [ 13.478172] [ 13.478391] The buggy address belongs to the physical page: [ 13.478901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 13.479339] flags: 0x200000000000000(node=0|zone=2) [ 13.479638] page_type: f5(slab) [ 13.479767] raw: 0200000000000000 ffff888101231c80 dead000000000122 0000000000000000 [ 13.480330] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.481007] page dumped because: kasan: bad access detected [ 13.481564] [ 13.481720] Memory state around the buggy address: [ 13.482597] ffff888102a57f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.482837] ffff888102a57f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.483057] >ffff888102a58000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.483299] ^ [ 13.483493] ffff888102a58080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.483778] ffff888102a58100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.484057] ==================================================================