Date
July 9, 2025, 1:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.971398] ================================================================== [ 29.971471] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 29.971545] Free of addr fff00000c96bd000 by task kunit_try_catch/241 [ 29.971588] [ 29.971680] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.971811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.971901] Hardware name: linux,dummy-virt (DT) [ 29.971937] Call trace: [ 29.971962] show_stack+0x20/0x38 (C) [ 29.972015] dump_stack_lvl+0x8c/0xd0 [ 29.972081] print_report+0x118/0x5d0 [ 29.972124] kasan_report_invalid_free+0xc0/0xe8 [ 29.972306] check_slab_allocation+0xd4/0x108 [ 29.972434] __kasan_slab_pre_free+0x2c/0x48 [ 29.972611] kmem_cache_free+0xf0/0x468 [ 29.972746] kmem_cache_double_free+0x190/0x3c8 [ 29.972806] kunit_try_run_case+0x170/0x3f0 [ 29.972860] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.972915] kthread+0x328/0x630 [ 29.973124] ret_from_fork+0x10/0x20 [ 29.973252] [ 29.973397] Allocated by task 241: [ 29.973536] kasan_save_stack+0x3c/0x68 [ 29.973647] kasan_save_track+0x20/0x40 [ 29.973707] kasan_save_alloc_info+0x40/0x58 [ 29.973779] __kasan_slab_alloc+0xa8/0xb0 [ 29.974210] kmem_cache_alloc_noprof+0x10c/0x398 [ 29.974326] kmem_cache_double_free+0x12c/0x3c8 [ 29.974434] kunit_try_run_case+0x170/0x3f0 [ 29.974475] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.974517] kthread+0x328/0x630 [ 29.974568] ret_from_fork+0x10/0x20 [ 29.974614] [ 29.974634] Freed by task 241: [ 29.974660] kasan_save_stack+0x3c/0x68 [ 29.974699] kasan_save_track+0x20/0x40 [ 29.974744] kasan_save_free_info+0x4c/0x78 [ 29.974793] __kasan_slab_free+0x6c/0x98 [ 29.974838] kmem_cache_free+0x260/0x468 [ 29.974887] kmem_cache_double_free+0x140/0x3c8 [ 29.974932] kunit_try_run_case+0x170/0x3f0 [ 29.975005] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.975050] kthread+0x328/0x630 [ 29.975092] ret_from_fork+0x10/0x20 [ 29.975322] [ 29.975347] The buggy address belongs to the object at fff00000c96bd000 [ 29.975347] which belongs to the cache test_cache of size 200 [ 29.975423] The buggy address is located 0 bytes inside of [ 29.975423] 200-byte region [fff00000c96bd000, fff00000c96bd0c8) [ 29.975483] [ 29.975506] The buggy address belongs to the physical page: [ 29.975763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1096bd [ 29.975823] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.975877] page_type: f5(slab) [ 29.976031] raw: 0bfffe0000000000 fff00000c4412780 dead000000000122 0000000000000000 [ 29.976102] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 29.976210] page dumped because: kasan: bad access detected [ 29.976291] [ 29.976311] Memory state around the buggy address: [ 29.976380] fff00000c96bcf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.976464] fff00000c96bcf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.976581] >fff00000c96bd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.976705] ^ [ 29.976797] fff00000c96bd080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 29.976880] fff00000c96bd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.976980] ==================================================================
[ 24.761298] ================================================================== [ 24.761745] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.762175] Free of addr ffff8881050b5000 by task kunit_try_catch/259 [ 24.762539] [ 24.763196] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.763256] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.763270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.763293] Call Trace: [ 24.763306] <TASK> [ 24.763327] dump_stack_lvl+0x73/0xb0 [ 24.763362] print_report+0xd1/0x610 [ 24.763385] ? __virt_addr_valid+0x1db/0x2d0 [ 24.763411] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.763465] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763490] kasan_report_invalid_free+0x10a/0x130 [ 24.763513] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763539] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763566] check_slab_allocation+0x101/0x130 [ 24.763587] __kasan_slab_pre_free+0x28/0x40 [ 24.763607] kmem_cache_free+0xed/0x420 [ 24.763627] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.763653] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763679] kmem_cache_double_free+0x1e5/0x480 [ 24.763715] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.763737] ? finish_task_switch.isra.0+0x153/0x700 [ 24.763761] ? __switch_to+0x47/0xf80 [ 24.763800] ? __pfx_read_tsc+0x10/0x10 [ 24.763827] ? ktime_get_ts64+0x86/0x230 [ 24.763853] kunit_try_run_case+0x1a5/0x480 [ 24.763877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.763958] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.763986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.764011] ? __kthread_parkme+0x82/0x180 [ 24.764033] ? preempt_count_sub+0x50/0x80 [ 24.764057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.764079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.764105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.764130] kthread+0x337/0x6f0 [ 24.764150] ? trace_preempt_on+0x20/0xc0 [ 24.764175] ? __pfx_kthread+0x10/0x10 [ 24.764196] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.764219] ? calculate_sigpending+0x7b/0xa0 [ 24.764244] ? __pfx_kthread+0x10/0x10 [ 24.764267] ret_from_fork+0x116/0x1d0 [ 24.764286] ? __pfx_kthread+0x10/0x10 [ 24.764307] ret_from_fork_asm+0x1a/0x30 [ 24.764338] </TASK> [ 24.764351] [ 24.773120] Allocated by task 259: [ 24.773247] kasan_save_stack+0x45/0x70 [ 24.773380] kasan_save_track+0x18/0x40 [ 24.773803] kasan_save_alloc_info+0x3b/0x50 [ 24.774045] __kasan_slab_alloc+0x91/0xa0 [ 24.774757] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.775569] kmem_cache_double_free+0x14f/0x480 [ 24.775769] kunit_try_run_case+0x1a5/0x480 [ 24.775916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.776086] kthread+0x337/0x6f0 [ 24.776200] ret_from_fork+0x116/0x1d0 [ 24.776324] ret_from_fork_asm+0x1a/0x30 [ 24.776455] [ 24.776519] Freed by task 259: [ 24.776628] kasan_save_stack+0x45/0x70 [ 24.776769] kasan_save_track+0x18/0x40 [ 24.776900] kasan_save_free_info+0x3f/0x60 [ 24.777040] __kasan_slab_free+0x56/0x70 [ 24.777168] kmem_cache_free+0x249/0x420 [ 24.777295] kmem_cache_double_free+0x16a/0x480 [ 24.777442] kunit_try_run_case+0x1a5/0x480 [ 24.777579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.777866] kthread+0x337/0x6f0 [ 24.778032] ret_from_fork+0x116/0x1d0 [ 24.778212] ret_from_fork_asm+0x1a/0x30 [ 24.778408] [ 24.778497] The buggy address belongs to the object at ffff8881050b5000 [ 24.778497] which belongs to the cache test_cache of size 200 [ 24.779177] The buggy address is located 0 bytes inside of [ 24.779177] 200-byte region [ffff8881050b5000, ffff8881050b50c8) [ 24.780148] [ 24.780286] The buggy address belongs to the physical page: [ 24.780627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b5 [ 24.781207] flags: 0x200000000000000(node=0|zone=2) [ 24.781627] page_type: f5(slab) [ 24.781757] raw: 0200000000000000 ffff8881017ad780 dead000000000122 0000000000000000 [ 24.782582] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.783080] page dumped because: kasan: bad access detected [ 24.783562] [ 24.783721] Memory state around the buggy address: [ 24.783984] ffff8881050b4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.784534] ffff8881050b4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.785248] >ffff8881050b5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.785459] ^ [ 24.785570] ffff8881050b5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.785803] ffff8881050b5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.786078] ==================================================================