Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 25.332219] ================================================================== [ 25.333093] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 25.333948] Free of addr fff00000c6519000 by task kunit_try_catch/197 [ 25.334744] [ 25.335509] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 25.336979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.337587] Hardware name: linux,dummy-virt (DT) [ 25.338299] Call trace: [ 25.338660] show_stack+0x20/0x38 (C) [ 25.339395] dump_stack_lvl+0x8c/0xd0 [ 25.340204] print_report+0x118/0x5e0 [ 25.340749] kasan_report_invalid_free+0xb0/0xd8 [ 25.341401] check_slab_allocation+0xd4/0x108 [ 25.342020] __kasan_slab_pre_free+0x2c/0x48 [ 25.342632] kmem_cache_free+0xf0/0x470 [ 25.343227] kmem_cache_double_free+0x190/0x3c8 [ 25.344070] kunit_try_run_case+0x14c/0x3d0 [ 25.344795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.345544] kthread+0x24c/0x2d0 [ 25.346106] ret_from_fork+0x10/0x20 [ 25.346736] [ 25.347046] Allocated by task 197: [ 25.347543] kasan_save_stack+0x3c/0x68 [ 25.348084] kasan_save_track+0x20/0x40 [ 25.348663] kasan_save_alloc_info+0x40/0x58 [ 25.349489] __kasan_slab_alloc+0xa8/0xb0 [ 25.350116] kmem_cache_alloc_noprof+0x108/0x398 [ 25.350768] kmem_cache_double_free+0x12c/0x3c8 [ 25.351974] kunit_try_run_case+0x14c/0x3d0 [ 25.352591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.353322] kthread+0x24c/0x2d0 [ 25.353840] ret_from_fork+0x10/0x20 [ 25.354380] [ 25.354770] Freed by task 197: [ 25.355521] kasan_save_stack+0x3c/0x68 [ 25.356063] kasan_save_track+0x20/0x40 [ 25.356737] kasan_save_free_info+0x4c/0x78 [ 25.357296] __kasan_slab_free+0x6c/0x98 [ 25.357960] kmem_cache_free+0x118/0x470 [ 25.358575] kmem_cache_double_free+0x140/0x3c8 [ 25.359469] kunit_try_run_case+0x14c/0x3d0 [ 25.360087] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.360823] kthread+0x24c/0x2d0 [ 25.361350] ret_from_fork+0x10/0x20 [ 25.361933] [ 25.362282] The buggy address belongs to the object at fff00000c6519000 [ 25.362282] which belongs to the cache test_cache of size 200 [ 25.363849] The buggy address is located 0 bytes inside of [ 25.363849] 200-byte region [fff00000c6519000, fff00000c65190c8) [ 25.365050] [ 25.365470] The buggy address belongs to the physical page: [ 25.366148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106519 [ 25.367184] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.368043] page_type: f5(slab) [ 25.368575] raw: 0bfffe0000000000 fff00000c5798280 dead000000000122 0000000000000000 [ 25.369458] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.370381] page dumped because: kasan: bad access detected [ 25.371449] [ 25.371857] Memory state around the buggy address: [ 25.372382] fff00000c6518f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.373233] fff00000c6518f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.374045] >fff00000c6519000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.374890] ^ [ 25.375510] fff00000c6519080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.376553] fff00000c6519100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.377418] ==================================================================
[ 25.456686] ================================================================== [ 25.457632] BUG: KASAN: double-free in kmem_cache_double_free+0x1e6/0x490 [ 25.458712] Free of addr ffff88810240d000 by task kunit_try_catch/216 [ 25.460115] [ 25.460747] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 25.461785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.462164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.462903] Call Trace: [ 25.463193] <TASK> [ 25.463787] dump_stack_lvl+0x73/0xb0 [ 25.464159] print_report+0xd1/0x640 [ 25.464912] ? __virt_addr_valid+0x1db/0x2d0 [ 25.465326] ? kmem_cache_double_free+0x1e6/0x490 [ 25.465779] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.467087] ? kmem_cache_double_free+0x1e6/0x490 [ 25.468143] kasan_report_invalid_free+0xc0/0xf0 [ 25.468812] ? kmem_cache_double_free+0x1e6/0x490 [ 25.469666] ? kmem_cache_double_free+0x1e6/0x490 [ 25.470541] check_slab_allocation+0x101/0x130 [ 25.471259] __kasan_slab_pre_free+0x28/0x40 [ 25.472134] kmem_cache_free+0xee/0x420 [ 25.472492] ? kmem_cache_alloc_noprof+0x11e/0x3e0 [ 25.473499] ? kmem_cache_double_free+0x1e6/0x490 [ 25.474018] kmem_cache_double_free+0x1e6/0x490 [ 25.474784] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 25.475311] ? finish_task_switch.isra.0+0x153/0x700 [ 25.476061] ? __switch_to+0x5d9/0xf60 [ 25.476926] ? __pfx_read_tsc+0x10/0x10 [ 25.477327] ? ktime_get_ts64+0x86/0x230 [ 25.478572] kunit_try_run_case+0x1b3/0x490 [ 25.479475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.480429] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.480763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.482289] ? __kthread_parkme+0x82/0x160 [ 25.482767] ? preempt_count_sub+0x50/0x80 [ 25.483228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.483548] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.484752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.485174] kthread+0x257/0x310 [ 25.486375] ? __pfx_kthread+0x10/0x10 [ 25.486879] ret_from_fork+0x41/0x80 [ 25.487246] ? __pfx_kthread+0x10/0x10 [ 25.488134] ret_from_fork_asm+0x1a/0x30 [ 25.488956] </TASK> [ 25.489586] [ 25.489767] Allocated by task 216: [ 25.490743] kasan_save_stack+0x3d/0x60 [ 25.491168] kasan_save_track+0x18/0x40 [ 25.491837] kasan_save_alloc_info+0x3b/0x50 [ 25.492349] __kasan_slab_alloc+0x91/0xa0 [ 25.492727] kmem_cache_alloc_noprof+0x11e/0x3e0 [ 25.493795] kmem_cache_double_free+0x150/0x490 [ 25.494096] kunit_try_run_case+0x1b3/0x490 [ 25.494892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.495451] kthread+0x257/0x310 [ 25.495792] ret_from_fork+0x41/0x80 [ 25.496765] ret_from_fork_asm+0x1a/0x30 [ 25.497251] [ 25.498065] Freed by task 216: [ 25.498358] kasan_save_stack+0x3d/0x60 [ 25.499517] kasan_save_track+0x18/0x40 [ 25.500136] kasan_save_free_info+0x3f/0x60 [ 25.501013] __kasan_slab_free+0x56/0x70 [ 25.501480] kmem_cache_free+0x120/0x420 [ 25.502487] kmem_cache_double_free+0x16b/0x490 [ 25.502733] kunit_try_run_case+0x1b3/0x490 [ 25.502936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.503163] kthread+0x257/0x310 [ 25.503357] ret_from_fork+0x41/0x80 [ 25.504515] ret_from_fork_asm+0x1a/0x30 [ 25.505492] [ 25.506162] The buggy address belongs to the object at ffff88810240d000 [ 25.506162] which belongs to the cache test_cache of size 200 [ 25.507648] The buggy address is located 0 bytes inside of [ 25.507648] 200-byte region [ffff88810240d000, ffff88810240d0c8) [ 25.509137] [ 25.509247] The buggy address belongs to the physical page: [ 25.509560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10240d [ 25.510037] flags: 0x200000000000000(node=0|zone=2) [ 25.512084] page_type: f5(slab) [ 25.513400] raw: 0200000000000000 ffff888101012a00 dead000000000122 0000000000000000 [ 25.514814] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.515666] page dumped because: kasan: bad access detected [ 25.516235] [ 25.516860] Memory state around the buggy address: [ 25.517897] ffff88810240cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.519129] ffff88810240cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.520894] >ffff88810240d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.522403] ^ [ 25.522833] ffff88810240d080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.523456] ffff88810240d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.524611] ==================================================================