Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.478094] ================================================================== [ 32.478970] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 32.480129] Free of addr fff00000c5925000 by task kunit_try_catch/198 [ 32.481560] [ 32.481924] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.483290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.483948] Hardware name: linux,dummy-virt (DT) [ 32.484810] Call trace: [ 32.485346] show_stack+0x20/0x38 (C) [ 32.486243] dump_stack_lvl+0x8c/0xd0 [ 32.487058] print_report+0x118/0x5e0 [ 32.487773] kasan_report_invalid_free+0xb0/0xd8 [ 32.488632] check_slab_allocation+0xd4/0x108 [ 32.489542] __kasan_slab_pre_free+0x2c/0x48 [ 32.490329] kmem_cache_free+0xf0/0x470 [ 32.491236] kmem_cache_double_free+0x190/0x3c8 [ 32.492067] kunit_try_run_case+0x14c/0x3d0 [ 32.493707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.494645] kthread+0x24c/0x2d0 [ 32.495365] ret_from_fork+0x10/0x20 [ 32.496050] [ 32.496466] Allocated by task 198: [ 32.496945] kasan_save_stack+0x3c/0x68 [ 32.497643] kasan_save_track+0x20/0x40 [ 32.498159] kasan_save_alloc_info+0x40/0x58 [ 32.498826] __kasan_slab_alloc+0xa8/0xb0 [ 32.499425] kmem_cache_alloc_noprof+0x108/0x3a0 [ 32.500115] kmem_cache_double_free+0x12c/0x3c8 [ 32.500994] kunit_try_run_case+0x14c/0x3d0 [ 32.501550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.502882] kthread+0x24c/0x2d0 [ 32.503375] ret_from_fork+0x10/0x20 [ 32.503830] [ 32.504123] Freed by task 198: [ 32.505259] kasan_save_stack+0x3c/0x68 [ 32.506170] kasan_save_track+0x20/0x40 [ 32.506776] kasan_save_free_info+0x4c/0x78 [ 32.507393] __kasan_slab_free+0x6c/0x98 [ 32.508074] kmem_cache_free+0x118/0x470 [ 32.508869] kmem_cache_double_free+0x140/0x3c8 [ 32.509516] kunit_try_run_case+0x14c/0x3d0 [ 32.510119] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.510891] kthread+0x24c/0x2d0 [ 32.512223] ret_from_fork+0x10/0x20 [ 32.513042] [ 32.513360] The buggy address belongs to the object at fff00000c5925000 [ 32.513360] which belongs to the cache test_cache of size 200 [ 32.514552] The buggy address is located 0 bytes inside of [ 32.514552] 200-byte region [fff00000c5925000, fff00000c59250c8) [ 32.515777] [ 32.516160] The buggy address belongs to the physical page: [ 32.517841] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105925 [ 32.518696] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.519455] page_type: f5(slab) [ 32.519968] raw: 0bfffe0000000000 fff00000c56ba3c0 dead000000000122 0000000000000000 [ 32.521332] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 32.522122] page dumped because: kasan: bad access detected [ 32.522818] [ 32.523193] Memory state around the buggy address: [ 32.523751] fff00000c5924f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.525544] fff00000c5924f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.526364] >fff00000c5925000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.527086] ^ [ 32.527619] fff00000c5925080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 32.528885] fff00000c5925100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.529650] ==================================================================
[ 32.467834] ================================================================== [ 32.468949] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 32.469946] Free of addr fff00000c5ea3000 by task kunit_try_catch/198 [ 32.470695] [ 32.471097] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 32.472658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.473204] Hardware name: linux,dummy-virt (DT) [ 32.473827] Call trace: [ 32.474233] show_stack+0x20/0x38 (C) [ 32.475030] dump_stack_lvl+0x8c/0xd0 [ 32.475673] print_report+0x118/0x5e0 [ 32.476287] kasan_report_invalid_free+0xb0/0xd8 [ 32.477149] check_slab_allocation+0xd4/0x108 [ 32.477935] __kasan_slab_pre_free+0x2c/0x48 [ 32.478605] kmem_cache_free+0xf0/0x470 [ 32.479321] kmem_cache_double_free+0x190/0x3c8 [ 32.479957] kunit_try_run_case+0x14c/0x3d0 [ 32.480713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.481441] kthread+0x24c/0x2d0 [ 32.481991] ret_from_fork+0x10/0x20 [ 32.482587] [ 32.482961] Allocated by task 198: [ 32.483601] kasan_save_stack+0x3c/0x68 [ 32.484266] kasan_save_track+0x20/0x40 [ 32.484942] kasan_save_alloc_info+0x40/0x58 [ 32.485712] __kasan_slab_alloc+0xa8/0xb0 [ 32.486373] kmem_cache_alloc_noprof+0x108/0x3a0 [ 32.487156] kmem_cache_double_free+0x12c/0x3c8 [ 32.487902] kunit_try_run_case+0x14c/0x3d0 [ 32.488693] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.489371] kthread+0x24c/0x2d0 [ 32.489942] ret_from_fork+0x10/0x20 [ 32.490423] [ 32.490810] Freed by task 198: [ 32.491319] kasan_save_stack+0x3c/0x68 [ 32.491961] kasan_save_track+0x20/0x40 [ 32.492465] kasan_save_free_info+0x4c/0x78 [ 32.493159] __kasan_slab_free+0x6c/0x98 [ 32.493777] kmem_cache_free+0x118/0x470 [ 32.494408] kmem_cache_double_free+0x140/0x3c8 [ 32.495066] kunit_try_run_case+0x14c/0x3d0 [ 32.495672] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.496446] kthread+0x24c/0x2d0 [ 32.497034] ret_from_fork+0x10/0x20 [ 32.497621] [ 32.497983] The buggy address belongs to the object at fff00000c5ea3000 [ 32.497983] which belongs to the cache test_cache of size 200 [ 32.499185] The buggy address is located 0 bytes inside of [ 32.499185] 200-byte region [fff00000c5ea3000, fff00000c5ea30c8) [ 32.500367] [ 32.500763] The buggy address belongs to the physical page: [ 32.501386] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ea3 [ 32.502420] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.503234] page_type: f5(slab) [ 32.503734] raw: 0bfffe0000000000 fff00000c5d7e780 dead000000000122 0000000000000000 [ 32.504734] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 32.505594] page dumped because: kasan: bad access detected [ 32.506246] [ 32.506638] Memory state around the buggy address: [ 32.507301] fff00000c5ea2f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.508116] fff00000c5ea2f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.509031] >fff00000c5ea3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.509903] ^ [ 32.510356] fff00000c5ea3080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 32.511758] fff00000c5ea3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.512802] ==================================================================
[ 26.638240] ================================================================== [ 26.638266] BUG: KASAN: double-free in kmem_cache_double_free+0x1e6/0x490 [ 26.638266] Free of addr ffff888102942000 by task kunit_try_catch/218 [ 26.638266] [ 26.638266] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 26.638266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.638266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.638266] Call Trace: [ 26.638266] <TASK> [ 26.638266] dump_stack_lvl+0x73/0xb0 [ 26.638266] print_report+0xd1/0x640 [ 26.638266] ? __virt_addr_valid+0x1db/0x2d0 [ 26.638266] ? kmem_cache_double_free+0x1e6/0x490 [ 26.638266] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.638266] ? kmem_cache_double_free+0x1e6/0x490 [ 26.638266] kasan_report_invalid_free+0xc0/0xf0 [ 26.638266] ? kmem_cache_double_free+0x1e6/0x490 [ 26.638266] ? kmem_cache_double_free+0x1e6/0x490 [ 26.638266] check_slab_allocation+0x101/0x130 [ 26.638266] __kasan_slab_pre_free+0x28/0x40 [ 26.638266] kmem_cache_free+0xee/0x420 [ 26.638266] ? kmem_cache_alloc_noprof+0x11e/0x3f0 [ 26.638266] ? kmem_cache_double_free+0x1e6/0x490 [ 26.638266] kmem_cache_double_free+0x1e6/0x490 [ 26.638266] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 26.638266] ? __switch_to+0x5d9/0xf60 [ 26.638266] ? ktime_get_ts64+0x84/0x230 [ 26.638266] kunit_try_run_case+0x1b3/0x490 [ 26.638266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.638266] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.638266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.638266] ? __kthread_parkme+0x82/0x160 [ 26.638266] ? preempt_count_sub+0x50/0x80 [ 26.638266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.638266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.638266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.638266] kthread+0x257/0x310 [ 26.638266] ? __pfx_kthread+0x10/0x10 [ 26.638266] ret_from_fork+0x41/0x80 [ 26.638266] ? __pfx_kthread+0x10/0x10 [ 26.638266] ret_from_fork_asm+0x1a/0x30 [ 26.638266] </TASK> [ 26.638266] [ 26.638266] Allocated by task 218: [ 26.638266] kasan_save_stack+0x3d/0x60 [ 26.638266] kasan_save_track+0x18/0x40 [ 26.638266] kasan_save_alloc_info+0x3b/0x50 [ 26.638266] __kasan_slab_alloc+0x91/0xa0 [ 26.638266] kmem_cache_alloc_noprof+0x11e/0x3f0 [ 26.638266] kmem_cache_double_free+0x150/0x490 [ 26.638266] kunit_try_run_case+0x1b3/0x490 [ 26.638266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.638266] kthread+0x257/0x310 [ 26.638266] ret_from_fork+0x41/0x80 [ 26.638266] ret_from_fork_asm+0x1a/0x30 [ 26.638266] [ 26.638266] Freed by task 218: [ 26.638266] kasan_save_stack+0x3d/0x60 [ 26.638266] kasan_save_track+0x18/0x40 [ 26.638266] kasan_save_free_info+0x3f/0x60 [ 26.638266] __kasan_slab_free+0x56/0x70 [ 26.638266] kmem_cache_free+0x120/0x420 [ 26.638266] kmem_cache_double_free+0x16b/0x490 [ 26.638266] kunit_try_run_case+0x1b3/0x490 [ 26.638266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.638266] kthread+0x257/0x310 [ 26.638266] ret_from_fork+0x41/0x80 [ 26.638266] ret_from_fork_asm+0x1a/0x30 [ 26.638266] [ 26.638266] The buggy address belongs to the object at ffff888102942000 [ 26.638266] which belongs to the cache test_cache of size 200 [ 26.638266] The buggy address is located 0 bytes inside of [ 26.638266] 200-byte region [ffff888102942000, ffff8881029420c8) [ 26.638266] [ 26.638266] The buggy address belongs to the physical page: [ 26.638266] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102942 [ 26.638266] flags: 0x200000000000000(node=0|zone=2) [ 26.638266] page_type: f5(slab) [ 26.638266] raw: 0200000000000000 ffff888101c70a00 dead000000000122 0000000000000000 [ 26.638266] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 26.638266] page dumped because: kasan: bad access detected [ 26.638266] [ 26.638266] Memory state around the buggy address: [ 26.638266] ffff888102941f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.638266] ffff888102941f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.638266] >ffff888102942000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.638266] ^ [ 26.638266] ffff888102942080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.638266] ffff888102942100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.638266] ==================================================================
[ 21.603759] ================================================================== [ 21.604738] BUG: KASAN: double-free in kmem_cache_double_free+0x1e6/0x490 [ 21.605506] Free of addr ffff888102ba1000 by task kunit_try_catch/216 [ 21.606269] [ 21.606626] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 21.607506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.608101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.609864] Call Trace: [ 21.610269] <TASK> [ 21.610853] dump_stack_lvl+0x73/0xb0 [ 21.611445] print_report+0xd1/0x640 [ 21.612024] ? __virt_addr_valid+0x1db/0x2d0 [ 21.612364] ? kmem_cache_double_free+0x1e6/0x490 [ 21.612716] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.613281] ? kmem_cache_double_free+0x1e6/0x490 [ 21.613862] kasan_report_invalid_free+0xc0/0xf0 [ 21.615225] ? kmem_cache_double_free+0x1e6/0x490 [ 21.615919] ? kmem_cache_double_free+0x1e6/0x490 [ 21.616634] check_slab_allocation+0x101/0x130 [ 21.617509] __kasan_slab_pre_free+0x28/0x40 [ 21.618294] kmem_cache_free+0xee/0x420 [ 21.618652] ? kmem_cache_alloc_noprof+0x11e/0x3f0 [ 21.619275] ? kmem_cache_double_free+0x1e6/0x490 [ 21.619866] kmem_cache_double_free+0x1e6/0x490 [ 21.620670] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 21.621532] ? finish_task_switch.isra.0+0x153/0x700 [ 21.622231] ? __switch_to+0x5d9/0xf60 [ 21.622626] ? __pfx_read_tsc+0x10/0x10 [ 21.622947] ? ktime_get_ts64+0x84/0x230 [ 21.623299] kunit_try_run_case+0x1b3/0x490 [ 21.623788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.624224] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.624670] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.625111] ? __kthread_parkme+0x82/0x160 [ 21.625774] ? preempt_count_sub+0x50/0x80 [ 21.626292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.626815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.627232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.627770] kthread+0x257/0x310 [ 21.628129] ? __pfx_kthread+0x10/0x10 [ 21.628425] ret_from_fork+0x41/0x80 [ 21.628896] ? __pfx_kthread+0x10/0x10 [ 21.629393] ret_from_fork_asm+0x1a/0x30 [ 21.629777] </TASK> [ 21.630024] [ 21.630264] Allocated by task 216: [ 21.630737] kasan_save_stack+0x3d/0x60 [ 21.631197] kasan_save_track+0x18/0x40 [ 21.631708] kasan_save_alloc_info+0x3b/0x50 [ 21.632018] __kasan_slab_alloc+0x91/0xa0 [ 21.632621] kmem_cache_alloc_noprof+0x11e/0x3f0 [ 21.633045] kmem_cache_double_free+0x150/0x490 [ 21.633350] kunit_try_run_case+0x1b3/0x490 [ 21.633656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.633980] kthread+0x257/0x310 [ 21.634325] ret_from_fork+0x41/0x80 [ 21.634870] ret_from_fork_asm+0x1a/0x30 [ 21.635436] [ 21.635718] Freed by task 216: [ 21.636169] kasan_save_stack+0x3d/0x60 [ 21.636631] kasan_save_track+0x18/0x40 [ 21.637105] kasan_save_free_info+0x3f/0x60 [ 21.637436] __kasan_slab_free+0x56/0x70 [ 21.637777] kmem_cache_free+0x120/0x420 [ 21.638180] kmem_cache_double_free+0x16b/0x490 [ 21.638691] kunit_try_run_case+0x1b3/0x490 [ 21.639135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.639749] kthread+0x257/0x310 [ 21.640165] ret_from_fork+0x41/0x80 [ 21.640502] ret_from_fork_asm+0x1a/0x30 [ 21.640989] [ 21.641219] The buggy address belongs to the object at ffff888102ba1000 [ 21.641219] which belongs to the cache test_cache of size 200 [ 21.641857] The buggy address is located 0 bytes inside of [ 21.641857] 200-byte region [ffff888102ba1000, ffff888102ba10c8) [ 21.642777] [ 21.643012] The buggy address belongs to the physical page: [ 21.643567] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba1 [ 21.644412] flags: 0x200000000000000(node=0|zone=2) [ 21.645106] page_type: f5(slab) [ 21.645403] raw: 0200000000000000 ffff8881010f4c80 dead000000000122 0000000000000000 [ 21.645869] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 21.646733] page dumped because: kasan: bad access detected [ 21.647253] [ 21.647465] Memory state around the buggy address: [ 21.647976] ffff888102ba0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.648521] ffff888102ba0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.649099] >ffff888102ba1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.649697] ^ [ 21.650030] ffff888102ba1080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 21.650717] ffff888102ba1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.651356] ==================================================================