Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 76.595241] ================================================================== [ 76.596073] BUG: KASAN: double-free in kmem_cache_double_free+0xbc/0x1b8 [ 76.597109] Free of addr ffff0000c5a8d000 by task kunit_try_catch/159 [ 76.597669] [ 76.597900] CPU: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 76.598658] Hardware name: linux,dummy-virt (DT) [ 76.599070] Call trace: [ 76.599341] dump_backtrace+0xf8/0x118 [ 76.599851] show_stack+0x18/0x24 [ 76.600289] __dump_stack+0x28/0x38 [ 76.600940] dump_stack_lvl+0x54/0x6c [ 76.601379] print_address_description+0x7c/0x1ec [ 76.601924] print_report+0x50/0x68 [ 76.602370] kasan_report_invalid_free+0x9c/0xe8 [ 76.602918] ____kasan_slab_free+0x108/0x140 [ 76.603413] __kasan_slab_free+0x18/0x28 [ 76.603889] kmem_cache_free+0xe0/0x358 [ 76.604335] kmem_cache_double_free+0xbc/0x1b8 [ 76.605069] kunit_try_run_case+0x80/0x184 [ 76.605545] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.606123] kthread+0x16c/0x21c [ 76.606535] ret_from_fork+0x10/0x20 [ 76.607008] [ 76.607196] Allocated by task 159: [ 76.607578] kasan_set_track+0x4c/0x80 [ 76.608089] kasan_save_alloc_info+0x28/0x34 [ 76.608558] __kasan_slab_alloc+0x58/0x70 [ 76.609027] slab_post_alloc_hook+0x70/0x2f4 [ 76.609501] kmem_cache_alloc+0x168/0x260 [ 76.609965] kmem_cache_double_free+0x90/0x1b8 [ 76.610469] kunit_try_run_case+0x80/0x184 [ 76.611098] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.611676] kthread+0x16c/0x21c [ 76.612090] ret_from_fork+0x10/0x20 [ 76.612528] [ 76.612712] Freed by task 159: [ 76.613532] kasan_set_track+0x4c/0x80 [ 76.614028] kasan_save_free_info+0x3c/0x60 [ 76.614518] ____kasan_slab_free+0xe8/0x140 [ 76.615017] __kasan_slab_free+0x18/0x28 [ 76.615490] kmem_cache_free+0xe0/0x358 [ 76.615951] kmem_cache_double_free+0xa4/0x1b8 [ 76.616455] kunit_try_run_case+0x80/0x184 [ 76.617078] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.617635] kthread+0x16c/0x21c [ 76.618046] ret_from_fork+0x10/0x20 [ 76.618489] [ 76.618684] The buggy address belongs to the object at ffff0000c5a8d000 [ 76.618684] which belongs to the cache test_cache of size 200 [ 76.619632] The buggy address is located 0 bytes inside of [ 76.619632] 200-byte region [ffff0000c5a8d000, ffff0000c5a8d0c8) [ 76.620544] [ 76.620942] The buggy address belongs to the physical page: [ 76.621426] page:00000000691911c3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8d [ 76.622193] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 76.622887] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c1483b00 [ 76.623546] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 76.624177] page dumped because: kasan: bad access detected [ 76.624823] [ 76.625049] Memory state around the buggy address: [ 76.625491] ffff0000c5a8cf00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.626139] ffff0000c5a8cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.626768] >ffff0000c5a8d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.627387] ^ [ 76.627752] ffff0000c5a8d080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 76.628384] ffff0000c5a8d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.629258] ==================================================================
[ 75.684303] ================================================================== [ 75.685401] BUG: KASAN: double-free in kmem_cache_double_free+0xbc/0x1b8 [ 75.686442] Free of addr ffff0000c58a5000 by task kunit_try_catch/159 [ 75.687272] [ 75.687486] CPU: 1 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.688665] Hardware name: linux,dummy-virt (DT) [ 75.689317] Call trace: [ 75.689726] dump_backtrace+0xf4/0x114 [ 75.690415] show_stack+0x18/0x24 [ 75.691039] __dump_stack+0x28/0x38 [ 75.691641] dump_stack_lvl+0x50/0x68 [ 75.692376] print_address_description+0x7c/0x1ec [ 75.693178] print_report+0x50/0x68 [ 75.693824] kasan_report_invalid_free+0x9c/0xe4 [ 75.694464] ____kasan_slab_free+0x108/0x140 [ 75.694932] __kasan_slab_free+0x18/0x28 [ 75.695374] kmem_cache_free+0xe0/0x34c [ 75.696108] kmem_cache_double_free+0xbc/0x1b8 [ 75.696856] kunit_try_run_case+0x80/0x184 [ 75.697548] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.698388] kthread+0x16c/0x21c [ 75.698998] ret_from_fork+0x10/0x20 [ 75.699612] [ 75.699945] Allocated by task 159: [ 75.700477] kasan_set_track+0x4c/0x80 [ 75.701138] kasan_save_alloc_info+0x28/0x34 [ 75.701824] __kasan_slab_alloc+0x58/0x70 [ 75.702507] slab_post_alloc_hook+0x70/0x2e8 [ 75.703192] kmem_cache_alloc+0x164/0x254 [ 75.703932] kmem_cache_double_free+0x90/0x1b8 [ 75.704694] kunit_try_run_case+0x80/0x184 [ 75.705452] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.706288] kthread+0x16c/0x21c [ 75.706892] ret_from_fork+0x10/0x20 [ 75.707496] [ 75.707825] Freed by task 159: [ 75.708365] kasan_set_track+0x4c/0x80 [ 75.709563] kasan_save_free_info+0x3c/0x60 [ 75.710073] ____kasan_slab_free+0xe8/0x140 [ 75.710530] __kasan_slab_free+0x18/0x28 [ 75.711349] kmem_cache_free+0xe0/0x34c [ 75.712444] kmem_cache_double_free+0xa4/0x1b8 [ 75.713673] kunit_try_run_case+0x80/0x184 [ 75.714163] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.714665] kthread+0x16c/0x21c [ 75.715120] ret_from_fork+0x10/0x20 [ 75.715536] [ 75.716862] The buggy address belongs to the object at ffff0000c58a5000 [ 75.716862] which belongs to the cache test_cache of size 200 [ 75.717709] The buggy address is located 0 bytes inside of [ 75.717709] 200-byte region [ffff0000c58a5000, ffff0000c58a50c8) [ 75.719110] [ 75.719317] The buggy address belongs to the physical page: [ 75.719708] page:000000004e985ca6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a5 [ 75.720985] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.721952] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c159ea80 [ 75.722940] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 75.723915] page dumped because: kasan: bad access detected [ 75.725073] [ 75.725269] Memory state around the buggy address: [ 75.725640] ffff0000c58a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.726152] ffff0000c58a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.726650] >ffff0000c58a5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.727514] ^ [ 75.728235] ffff0000c58a5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 75.729184] ffff0000c58a5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.730063] ==================================================================
[ 74.285056] ================================================================== [ 74.286023] BUG: KASAN: double-free in kmem_cache_double_free+0xe4/0x244 [ 74.286745] Free of addr ffff0000c5900000 by task kunit_try_catch/159 [ 74.287254] [ 74.287520] CPU: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.288254] Hardware name: linux,dummy-virt (DT) [ 74.288690] Call trace: [ 74.288964] dump_backtrace.part.0+0xdc/0xf0 [ 74.289435] show_stack+0x18/0x30 [ 74.291028] dump_stack_lvl+0x64/0x80 [ 74.292347] print_report+0x158/0x438 [ 74.292924] kasan_report_invalid_free+0x9c/0xc0 [ 74.294102] __kasan_slab_free+0x118/0x150 [ 74.294517] kmem_cache_free+0x1b8/0x38c [ 74.295004] kmem_cache_double_free+0xe4/0x244 [ 74.295474] kunit_try_run_case+0x84/0x120 [ 74.295877] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.296335] kthread+0x180/0x190 [ 74.296948] ret_from_fork+0x10/0x20 [ 74.297742] [ 74.297958] Allocated by task 159: [ 74.298528] kasan_save_stack+0x3c/0x70 [ 74.298900] kasan_set_track+0x2c/0x40 [ 74.299467] kasan_save_alloc_info+0x24/0x34 [ 74.299915] __kasan_slab_alloc+0x8c/0x90 [ 74.300273] kmem_cache_alloc+0x170/0x2c4 [ 74.300693] kmem_cache_double_free+0xb4/0x244 [ 74.301344] kunit_try_run_case+0x84/0x120 [ 74.302127] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.303466] kthread+0x180/0x190 [ 74.303957] ret_from_fork+0x10/0x20 [ 74.304463] [ 74.304675] Freed by task 159: [ 74.305116] kasan_save_stack+0x3c/0x70 [ 74.305657] kasan_set_track+0x2c/0x40 [ 74.306116] kasan_save_free_info+0x38/0x5c [ 74.306801] __kasan_slab_free+0xe4/0x150 [ 74.307334] kmem_cache_free+0x1b8/0x38c [ 74.307919] kmem_cache_double_free+0xd0/0x244 [ 74.308514] kunit_try_run_case+0x84/0x120 [ 74.309046] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.309619] kthread+0x180/0x190 [ 74.310052] ret_from_fork+0x10/0x20 [ 74.310599] [ 74.310836] The buggy address belongs to the object at ffff0000c5900000 [ 74.310836] which belongs to the cache test_cache of size 200 [ 74.311825] The buggy address is located 0 bytes inside of [ 74.311825] 200-byte region [ffff0000c5900000, ffff0000c59000c8) [ 74.312768] [ 74.312989] The buggy address belongs to the physical page: [ 74.313519] page:00000000d0a07206 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105900 [ 74.314431] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.315152] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c1398780 [ 74.315841] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 74.316508] page dumped because: kasan: bad access detected [ 74.317022] [ 74.317232] Memory state around the buggy address: [ 74.317700] ffff0000c58fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.318333] ffff0000c58fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.319091] >ffff0000c5900000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.319714] ^ [ 74.320040] ffff0000c5900080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 74.320670] ffff0000c5900100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.321258] ==================================================================
[ 65.750373] ================================================================== [ 65.751118] BUG: KASAN: double-free in kmem_cache_double_free+0xf8/0x260 [ 65.752352] Free of addr ffff0000c59b8000 by task kunit_try_catch/157 [ 65.753281] [ 65.753652] CPU: 1 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 65.754920] Hardware name: linux,dummy-virt (DT) [ 65.755555] Call trace: [ 65.755979] dump_backtrace+0x110/0x120 [ 65.756556] show_stack+0x18/0x28 [ 65.756892] dump_stack_lvl+0x68/0x84 [ 65.757251] print_report+0x158/0x484 [ 65.757953] kasan_report_invalid_free+0x84/0xa0 [ 65.758710] __kasan_slab_free+0x11c/0x158 [ 65.759313] kmem_cache_free+0x1b0/0x3a0 [ 65.759919] kmem_cache_double_free+0xf8/0x260 [ 65.760564] kunit_try_run_case+0x7c/0x120 [ 65.761182] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.762025] kthread+0x1a4/0x1b8 [ 65.762528] ret_from_fork+0x10/0x20 [ 65.763070] [ 65.763344] Allocated by task 157: [ 65.763809] kasan_save_stack+0x2c/0x58 [ 65.764375] kasan_set_track+0x2c/0x40 [ 65.764921] kasan_save_alloc_info+0x24/0x38 [ 65.765545] __kasan_slab_alloc+0x74/0x90 [ 65.766187] slab_post_alloc_hook+0x6c/0x260 [ 65.766575] kmem_cache_alloc+0x164/0x270 [ 65.766931] kmem_cache_double_free+0xc4/0x260 [ 65.767314] kunit_try_run_case+0x7c/0x120 [ 65.767665] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.768084] kthread+0x1a4/0x1b8 [ 65.768579] ret_from_fork+0x10/0x20 [ 65.769116] [ 65.769400] Freed by task 157: [ 65.769849] kasan_save_stack+0x2c/0x58 [ 65.770441] kasan_set_track+0x2c/0x40 [ 65.771020] kasan_save_free_info+0x38/0x60 [ 65.771638] __kasan_slab_free+0xe8/0x158 [ 65.772199] kmem_cache_free+0x1b0/0x3a0 [ 65.772807] kmem_cache_double_free+0xe0/0x260 [ 65.773483] kunit_try_run_case+0x7c/0x120 [ 65.774126] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.774877] kthread+0x1a4/0x1b8 [ 65.775381] ret_from_fork+0x10/0x20 [ 65.775913] [ 65.776178] The buggy address belongs to the object at ffff0000c59b8000 [ 65.776178] which belongs to the cache test_cache of size 200 [ 65.777610] The buggy address is located 0 bytes inside of [ 65.777610] 200-byte region [ffff0000c59b8000, ffff0000c59b80c8) [ 65.779089] [ 65.779368] The buggy address belongs to the physical page: [ 65.780032] page:000000001a4f1f6d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b8 [ 65.781084] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 65.781972] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c15cf800 [ 65.782923] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 65.783828] page dumped because: kasan: bad access detected [ 65.784515] [ 65.784787] Memory state around the buggy address: [ 65.785430] ffff0000c59b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.786406] ffff0000c59b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.787273] >ffff0000c59b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.788096] ^ [ 65.788559] ffff0000c59b8080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 65.789012] ffff0000c59b8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.789531] ==================================================================
[ 31.923531] ================================================================== [ 31.924263] BUG: KASAN: double-free in kmem_cache_double_free+0xe7/0x1e0 [ 31.924637] Free of addr ffff8881034a1000 by task kunit_try_catch/263 [ 31.924919] [ 31.925029] CPU: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.925852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.926322] Call Trace: [ 31.926653] <TASK> [ 31.926899] dump_stack_lvl+0x49/0x62 [ 31.927268] print_report+0x189/0x492 [ 31.927509] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.927970] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.928402] kasan_report_invalid_free+0xd8/0x150 [ 31.928683] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.928960] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.929227] ____kasan_slab_free+0x19f/0x1d0 [ 31.929517] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.929792] __kasan_slab_free+0x12/0x20 [ 31.930015] kmem_cache_free+0x19c/0x4a0 [ 31.930317] kmem_cache_double_free+0xe7/0x1e0 [ 31.930594] ? kmem_cache_invalid_free+0x1f0/0x1f0 [ 31.930891] ? __kunit_add_resource+0xd1/0x100 [ 31.931201] kunit_try_run_case+0x8f/0xd0 [ 31.931506] ? kunit_catch_run_case+0x80/0x80 [ 31.931735] ? kunit_try_catch_throw+0x40/0x40 [ 31.932015] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.932323] kthread+0x17b/0x1b0 [ 31.932570] ? kthread_complete_and_exit+0x30/0x30 [ 31.932839] ret_from_fork+0x22/0x30 [ 31.933096] </TASK> [ 31.933261] [ 31.933354] Allocated by task 263: [ 31.933553] kasan_save_stack+0x41/0x70 [ 31.933803] kasan_set_track+0x25/0x40 [ 31.934048] kasan_save_alloc_info+0x1e/0x30 [ 31.934321] __kasan_slab_alloc+0x90/0xa0 [ 31.934607] kmem_cache_alloc+0x150/0x370 [ 31.934845] kmem_cache_double_free+0xb6/0x1e0 [ 31.935117] kunit_try_run_case+0x8f/0xd0 [ 31.935415] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.935705] kthread+0x17b/0x1b0 [ 31.935936] ret_from_fork+0x22/0x30 [ 31.936150] [ 31.936272] Freed by task 263: [ 31.936416] kasan_save_stack+0x41/0x70 [ 31.936666] kasan_set_track+0x25/0x40 [ 31.936895] kasan_save_free_info+0x2e/0x50 [ 31.937132] ____kasan_slab_free+0x175/0x1d0 [ 31.937426] __kasan_slab_free+0x12/0x20 [ 31.937698] kmem_cache_free+0x19c/0x4a0 [ 31.937964] kmem_cache_double_free+0xcd/0x1e0 [ 31.938237] kunit_try_run_case+0x8f/0xd0 [ 31.938539] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.938835] kthread+0x17b/0x1b0 [ 31.939044] ret_from_fork+0x22/0x30 [ 31.939237] [ 31.939346] The buggy address belongs to the object at ffff8881034a1000 [ 31.939346] which belongs to the cache test_cache of size 200 [ 31.939844] The buggy address is located 0 bytes inside of [ 31.939844] 200-byte region [ffff8881034a1000, ffff8881034a10c8) [ 31.940442] [ 31.940612] The buggy address belongs to the physical page: [ 31.940897] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1034a1 [ 31.941295] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.941624] raw: 0200000000000200 0000000000000000 dead000000000122 ffff88810316c640 [ 31.942000] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 31.942439] page dumped because: kasan: bad access detected [ 31.942736] [ 31.942818] Memory state around the buggy address: [ 31.943074] ffff8881034a0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.943687] ffff8881034a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.944055] >ffff8881034a1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.944372] ^ [ 31.944566] ffff8881034a1080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 31.944874] ffff8881034a1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.945221] ==================================================================