Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 25.043648] ================================================================== [ 25.044021] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 25.044203] Free of addr fff00000c5a1a000 by task kunit_try_catch/211 [ 25.044609] [ 25.044730] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 25.045179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.045281] Hardware name: linux,dummy-virt (DT) [ 25.045368] Call trace: [ 25.045561] show_stack+0x20/0x38 (C) [ 25.045687] dump_stack_lvl+0x8c/0xd0 [ 25.045826] print_report+0x118/0x608 [ 25.045953] kasan_report_invalid_free+0xc0/0xe8 [ 25.046144] check_slab_allocation+0xd4/0x108 [ 25.046441] __kasan_slab_pre_free+0x2c/0x48 [ 25.046581] kmem_cache_free+0xf0/0x468 [ 25.046799] kmem_cache_double_free+0x190/0x3c8 [ 25.047006] kunit_try_run_case+0x170/0x3f0 [ 25.047148] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.047297] kthread+0x328/0x630 [ 25.047537] ret_from_fork+0x10/0x20 [ 25.047676] [ 25.047742] Allocated by task 211: [ 25.048040] kasan_save_stack+0x3c/0x68 [ 25.048151] kasan_save_track+0x20/0x40 [ 25.048259] kasan_save_alloc_info+0x40/0x58 [ 25.048371] __kasan_slab_alloc+0xa8/0xb0 [ 25.048559] kmem_cache_alloc_noprof+0x10c/0x398 [ 25.048704] kmem_cache_double_free+0x12c/0x3c8 [ 25.048818] kunit_try_run_case+0x170/0x3f0 [ 25.048942] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.049080] kthread+0x328/0x630 [ 25.049183] ret_from_fork+0x10/0x20 [ 25.049422] [ 25.049472] Freed by task 211: [ 25.049540] kasan_save_stack+0x3c/0x68 [ 25.049640] kasan_save_track+0x20/0x40 [ 25.049735] kasan_save_free_info+0x4c/0x78 [ 25.049864] __kasan_slab_free+0x6c/0x98 [ 25.049970] kmem_cache_free+0x260/0x468 [ 25.050204] kmem_cache_double_free+0x140/0x3c8 [ 25.050394] kunit_try_run_case+0x170/0x3f0 [ 25.050640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.050752] kthread+0x328/0x630 [ 25.050878] ret_from_fork+0x10/0x20 [ 25.051033] [ 25.051125] The buggy address belongs to the object at fff00000c5a1a000 [ 25.051125] which belongs to the cache test_cache of size 200 [ 25.051267] The buggy address is located 0 bytes inside of [ 25.051267] 200-byte region [fff00000c5a1a000, fff00000c5a1a0c8) [ 25.051807] [ 25.052202] The buggy address belongs to the physical page: [ 25.052281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1a [ 25.052864] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.052996] page_type: f5(slab) [ 25.053866] raw: 0bfffe0000000000 fff00000c3f5a780 dead000000000122 0000000000000000 [ 25.054168] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.054837] page dumped because: kasan: bad access detected [ 25.055144] [ 25.055195] Memory state around the buggy address: [ 25.055680] fff00000c5a19f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.055796] fff00000c5a19f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.056142] >fff00000c5a1a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.056586] ^ [ 25.056739] fff00000c5a1a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.056927] fff00000c5a1a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.057374] ==================================================================
[ 12.557804] ================================================================== [ 12.558585] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.559132] Free of addr ffff8881029e3000 by task kunit_try_catch/229 [ 12.559556] [ 12.559755] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 12.559842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.559860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.559896] Call Trace: [ 12.559919] <TASK> [ 12.559951] dump_stack_lvl+0x73/0xb0 [ 12.560002] print_report+0xd1/0x650 [ 12.560045] ? __virt_addr_valid+0x1db/0x2d0 [ 12.560087] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.560127] ? kmem_cache_double_free+0x1e5/0x480 [ 12.560165] kasan_report_invalid_free+0x10a/0x130 [ 12.560205] ? kmem_cache_double_free+0x1e5/0x480 [ 12.560238] ? kmem_cache_double_free+0x1e5/0x480 [ 12.560268] check_slab_allocation+0x101/0x130 [ 12.560301] __kasan_slab_pre_free+0x28/0x40 [ 12.560332] kmem_cache_free+0xed/0x420 [ 12.560366] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.560399] ? kmem_cache_double_free+0x1e5/0x480 [ 12.560435] kmem_cache_double_free+0x1e5/0x480 [ 12.560469] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.560507] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.560562] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.560612] kunit_try_run_case+0x1a5/0x480 [ 12.560795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.560840] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.560880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.560914] ? __kthread_parkme+0x82/0x180 [ 12.560949] ? preempt_count_sub+0x50/0x80 [ 12.560993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.561038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.561082] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.561127] kthread+0x337/0x6f0 [ 12.561153] ? trace_preempt_on+0x20/0xc0 [ 12.561178] ? __pfx_kthread+0x10/0x10 [ 12.561195] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.561215] ? calculate_sigpending+0x7b/0xa0 [ 12.561236] ? __pfx_kthread+0x10/0x10 [ 12.561254] ret_from_fork+0x41/0x80 [ 12.561274] ? __pfx_kthread+0x10/0x10 [ 12.561326] ret_from_fork_asm+0x1a/0x30 [ 12.561385] </TASK> [ 12.561400] [ 12.572137] Allocated by task 229: [ 12.572381] kasan_save_stack+0x45/0x70 [ 12.572865] kasan_save_track+0x18/0x40 [ 12.573181] kasan_save_alloc_info+0x3b/0x50 [ 12.573664] __kasan_slab_alloc+0x91/0xa0 [ 12.573927] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.574259] kmem_cache_double_free+0x14f/0x480 [ 12.574683] kunit_try_run_case+0x1a5/0x480 [ 12.574875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.575073] kthread+0x337/0x6f0 [ 12.575400] ret_from_fork+0x41/0x80 [ 12.575721] ret_from_fork_asm+0x1a/0x30 [ 12.576023] [ 12.576176] Freed by task 229: [ 12.577235] kasan_save_stack+0x45/0x70 [ 12.577765] kasan_save_track+0x18/0x40 [ 12.578095] kasan_save_free_info+0x3f/0x60 [ 12.578506] __kasan_slab_free+0x56/0x70 [ 12.578854] kmem_cache_free+0x249/0x420 [ 12.579076] kmem_cache_double_free+0x16a/0x480 [ 12.579516] kunit_try_run_case+0x1a5/0x480 [ 12.579806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.580054] kthread+0x337/0x6f0 [ 12.580209] ret_from_fork+0x41/0x80 [ 12.580639] ret_from_fork_asm+0x1a/0x30 [ 12.580947] [ 12.581090] The buggy address belongs to the object at ffff8881029e3000 [ 12.581090] which belongs to the cache test_cache of size 200 [ 12.581687] The buggy address is located 0 bytes inside of [ 12.581687] 200-byte region [ffff8881029e3000, ffff8881029e30c8) [ 12.582095] [ 12.582206] The buggy address belongs to the physical page: [ 12.582532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e3 [ 12.583047] flags: 0x200000000000000(node=0|zone=2) [ 12.583391] page_type: f5(slab) [ 12.584566] raw: 0200000000000000 ffff888101ab5280 dead000000000122 0000000000000000 [ 12.584912] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.585501] page dumped because: kasan: bad access detected [ 12.585832] [ 12.585979] Memory state around the buggy address: [ 12.586238] ffff8881029e2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.586867] ffff8881029e2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.587216] >ffff8881029e3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.587798] ^ [ 12.587968] ffff8881029e3080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.588960] ffff8881029e3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.589472] ==================================================================