Date
Nov. 28, 2024, 2:36 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.702659] ================================================================== [ 31.703454] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 31.704244] Free of addr fff00000c4074000 by task kunit_try_catch/197 [ 31.704984] [ 31.705506] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 31.707158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.707773] Hardware name: linux,dummy-virt (DT) [ 31.708411] Call trace: [ 31.708876] show_stack+0x20/0x38 (C) [ 31.709841] dump_stack_lvl+0x8c/0xd0 [ 31.710433] print_report+0x118/0x5e0 [ 31.711004] kasan_report_invalid_free+0xb0/0xd8 [ 31.711668] check_slab_allocation+0xd4/0x108 [ 31.712304] __kasan_slab_pre_free+0x2c/0x48 [ 31.713041] kmem_cache_free+0xf0/0x470 [ 31.713840] kmem_cache_double_free+0x190/0x3c8 [ 31.714574] kunit_try_run_case+0x14c/0x3d0 [ 31.715140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.715794] kthread+0x24c/0x2d0 [ 31.716254] ret_from_fork+0x10/0x20 [ 31.716848] [ 31.717214] Allocated by task 197: [ 31.717609] kasan_save_stack+0x3c/0x68 [ 31.718239] kasan_save_track+0x20/0x40 [ 31.718742] kasan_save_alloc_info+0x40/0x58 [ 31.719381] __kasan_slab_alloc+0xa8/0xb0 [ 31.719944] kmem_cache_alloc_noprof+0x108/0x398 [ 31.720488] kmem_cache_double_free+0x12c/0x3c8 [ 31.721626] kunit_try_run_case+0x14c/0x3d0 [ 31.722245] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.722882] kthread+0x24c/0x2d0 [ 31.723384] ret_from_fork+0x10/0x20 [ 31.723839] [ 31.724204] Freed by task 197: [ 31.724671] kasan_save_stack+0x3c/0x68 [ 31.725662] kasan_save_track+0x20/0x40 [ 31.726255] kasan_save_free_info+0x4c/0x78 [ 31.726802] __kasan_slab_free+0x6c/0x98 [ 31.727324] kmem_cache_free+0x118/0x470 [ 31.727878] kmem_cache_double_free+0x140/0x3c8 [ 31.728403] kunit_try_run_case+0x14c/0x3d0 [ 31.729366] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.730004] kthread+0x24c/0x2d0 [ 31.730464] ret_from_fork+0x10/0x20 [ 31.730994] [ 31.731367] The buggy address belongs to the object at fff00000c4074000 [ 31.731367] which belongs to the cache test_cache of size 200 [ 31.732510] The buggy address is located 0 bytes inside of [ 31.732510] 200-byte region [fff00000c4074000, fff00000c40740c8) [ 31.733897] [ 31.734244] The buggy address belongs to the physical page: [ 31.734861] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104074 [ 31.735842] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.736673] page_type: f5(slab) [ 31.737634] raw: 0bfffe0000000000 fff00000c5b7b280 dead000000000122 0000000000000000 [ 31.738445] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 31.739234] page dumped because: kasan: bad access detected [ 31.739806] [ 31.740166] Memory state around the buggy address: [ 31.740799] fff00000c4073f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.741969] fff00000c4073f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.742742] >fff00000c4074000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.743501] ^ [ 31.744009] fff00000c4074080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 31.744771] fff00000c4074100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.745904] ==================================================================
[ 22.613513] ================================================================== [ 22.614682] BUG: KASAN: double-free in kmem_cache_double_free+0x1e6/0x490 [ 22.616041] Free of addr ffff888102a23000 by task kunit_try_catch/217 [ 22.616754] [ 22.616972] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 22.618825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.619615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.620521] Call Trace: [ 22.620744] <TASK> [ 22.621721] dump_stack_lvl+0x73/0xb0 [ 22.622445] print_report+0xd1/0x640 [ 22.622914] ? __virt_addr_valid+0x1db/0x2d0 [ 22.623845] ? kmem_cache_double_free+0x1e6/0x490 [ 22.624218] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.625057] ? kmem_cache_double_free+0x1e6/0x490 [ 22.626120] kasan_report_invalid_free+0xc0/0xf0 [ 22.626768] ? kmem_cache_double_free+0x1e6/0x490 [ 22.627489] ? kmem_cache_double_free+0x1e6/0x490 [ 22.628000] check_slab_allocation+0x101/0x130 [ 22.628599] __kasan_slab_pre_free+0x28/0x40 [ 22.628959] kmem_cache_free+0xee/0x420 [ 22.629508] ? kmem_cache_alloc_noprof+0x11e/0x3e0 [ 22.630057] ? kmem_cache_double_free+0x1e6/0x490 [ 22.631012] kmem_cache_double_free+0x1e6/0x490 [ 22.631798] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 22.632602] ? finish_task_switch.isra.0+0x153/0x700 [ 22.633164] ? __switch_to+0x5d9/0xf60 [ 22.633965] ? __pfx_read_tsc+0x10/0x10 [ 22.634590] ? ktime_get_ts64+0x84/0x230 [ 22.635019] kunit_try_run_case+0x1b3/0x490 [ 22.635834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.636580] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.637036] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.637678] ? __kthread_parkme+0x82/0x160 [ 22.638180] ? preempt_count_sub+0x50/0x80 [ 22.638870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.639654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.640207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.640961] kthread+0x257/0x310 [ 22.641408] ? __pfx_kthread+0x10/0x10 [ 22.642060] ret_from_fork+0x41/0x80 [ 22.642813] ? __pfx_kthread+0x10/0x10 [ 22.643423] ret_from_fork_asm+0x1a/0x30 [ 22.644050] </TASK> [ 22.644381] [ 22.644680] Allocated by task 217: [ 22.645518] kasan_save_stack+0x3d/0x60 [ 22.646085] kasan_save_track+0x18/0x40 [ 22.646639] kasan_save_alloc_info+0x3b/0x50 [ 22.648002] __kasan_slab_alloc+0x91/0xa0 [ 22.648600] kmem_cache_alloc_noprof+0x11e/0x3e0 [ 22.649122] kmem_cache_double_free+0x150/0x490 [ 22.649730] kunit_try_run_case+0x1b3/0x490 [ 22.650635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.651157] kthread+0x257/0x310 [ 22.651835] ret_from_fork+0x41/0x80 [ 22.652142] ret_from_fork_asm+0x1a/0x30 [ 22.652823] [ 22.653365] Freed by task 217: [ 22.653905] kasan_save_stack+0x3d/0x60 [ 22.654263] kasan_save_track+0x18/0x40 [ 22.654708] kasan_save_free_info+0x3f/0x60 [ 22.655099] __kasan_slab_free+0x56/0x70 [ 22.655979] kmem_cache_free+0x120/0x420 [ 22.656537] kmem_cache_double_free+0x16b/0x490 [ 22.656994] kunit_try_run_case+0x1b3/0x490 [ 22.657585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.658587] kthread+0x257/0x310 [ 22.658821] ret_from_fork+0x41/0x80 [ 22.659442] ret_from_fork_asm+0x1a/0x30 [ 22.660579] [ 22.660783] The buggy address belongs to the object at ffff888102a23000 [ 22.660783] which belongs to the cache test_cache of size 200 [ 22.662566] The buggy address is located 0 bytes inside of [ 22.662566] 200-byte region [ffff888102a23000, ffff888102a230c8) [ 22.663844] [ 22.664158] The buggy address belongs to the physical page: [ 22.664544] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a23 [ 22.665222] flags: 0x200000000000000(node=0|zone=2) [ 22.666467] page_type: f5(slab) [ 22.666995] raw: 0200000000000000 ffff888101653a00 dead000000000122 0000000000000000 [ 22.668026] raw: 0000000000000000 00000000800f000f 00000001f5000000 0000000000000000 [ 22.668673] page dumped because: kasan: bad access detected [ 22.669160] [ 22.669767] Memory state around the buggy address: [ 22.670436] ffff888102a22f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.671393] ffff888102a22f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.671992] >ffff888102a23000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.672863] ^ [ 22.673329] ffff888102a23080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 22.674091] ffff888102a23100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.674682] ==================================================================