Date
June 23, 2025, 1:39 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 25.688767] ================================================================== [ 25.688948] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 25.689103] Free of addr fff00000c63cd000 by task kunit_try_catch/211 [ 25.689214] [ 25.689300] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT [ 25.690293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.691471] Hardware name: linux,dummy-virt (DT) [ 25.691564] Call trace: [ 25.691623] show_stack+0x20/0x38 (C) [ 25.692672] dump_stack_lvl+0x8c/0xd0 [ 25.692892] print_report+0x118/0x608 [ 25.693108] kasan_report_invalid_free+0xc0/0xe8 [ 25.693696] check_slab_allocation+0xd4/0x108 [ 25.694141] __kasan_slab_pre_free+0x2c/0x48 [ 25.694297] kmem_cache_free+0xf0/0x468 [ 25.694646] kmem_cache_double_free+0x190/0x3c8 [ 25.694794] kunit_try_run_case+0x170/0x3f0 [ 25.694945] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.695187] kthread+0x328/0x630 [ 25.695322] ret_from_fork+0x10/0x20 [ 25.695872] [ 25.695921] Allocated by task 211: [ 25.695995] kasan_save_stack+0x3c/0x68 [ 25.696163] kasan_save_track+0x20/0x40 [ 25.696326] kasan_save_alloc_info+0x40/0x58 [ 25.696509] __kasan_slab_alloc+0xa8/0xb0 [ 25.696606] kmem_cache_alloc_noprof+0x10c/0x398 [ 25.696769] kmem_cache_double_free+0x12c/0x3c8 [ 25.696879] kunit_try_run_case+0x170/0x3f0 [ 25.697115] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.697298] kthread+0x328/0x630 [ 25.697444] ret_from_fork+0x10/0x20 [ 25.697556] [ 25.697607] Freed by task 211: [ 25.697694] kasan_save_stack+0x3c/0x68 [ 25.697980] kasan_save_track+0x20/0x40 [ 25.698092] kasan_save_free_info+0x4c/0x78 [ 25.698489] __kasan_slab_free+0x6c/0x98 [ 25.698735] kmem_cache_free+0x260/0x468 [ 25.698874] kmem_cache_double_free+0x140/0x3c8 [ 25.699071] kunit_try_run_case+0x170/0x3f0 [ 25.699174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.699293] kthread+0x328/0x630 [ 25.699379] ret_from_fork+0x10/0x20 [ 25.699493] [ 25.699557] The buggy address belongs to the object at fff00000c63cd000 [ 25.699557] which belongs to the cache test_cache of size 200 [ 25.699807] The buggy address is located 0 bytes inside of [ 25.699807] 200-byte region [fff00000c63cd000, fff00000c63cd0c8) [ 25.700028] [ 25.700145] The buggy address belongs to the physical page: [ 25.700370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063cd [ 25.700542] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.700668] page_type: f5(slab) [ 25.700820] raw: 0bfffe0000000000 fff00000c59ebb40 dead000000000122 0000000000000000 [ 25.700939] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.701156] page dumped because: kasan: bad access detected [ 25.701328] [ 25.701490] Memory state around the buggy address: [ 25.701680] fff00000c63ccf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.701800] fff00000c63ccf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.701907] >fff00000c63cd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.702059] ^ [ 25.702177] fff00000c63cd080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.702355] fff00000c63cd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.702595] ==================================================================
[ 18.368218] ================================================================== [ 18.369119] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 18.370241] Free of addr ffff88810a082000 by task kunit_try_catch/230 [ 18.370949] [ 18.371912] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc1 #1 PREEMPT(voluntary) [ 18.372496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.372529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.372582] Call Trace: [ 18.372636] <TASK> [ 18.372685] dump_stack_lvl+0x73/0xb0 [ 18.372762] print_report+0xd1/0x650 [ 18.372827] ? __virt_addr_valid+0x1db/0x2d0 [ 18.372924] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.372999] ? kmem_cache_double_free+0x1e5/0x480 [ 18.373074] kasan_report_invalid_free+0x10a/0x130 [ 18.373172] ? kmem_cache_double_free+0x1e5/0x480 [ 18.373286] ? kmem_cache_double_free+0x1e5/0x480 [ 18.373328] check_slab_allocation+0x101/0x130 [ 18.373364] __kasan_slab_pre_free+0x28/0x40 [ 18.373397] kmem_cache_free+0xed/0x420 [ 18.373427] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 18.373458] ? kmem_cache_double_free+0x1e5/0x480 [ 18.373492] kmem_cache_double_free+0x1e5/0x480 [ 18.373522] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 18.373550] ? finish_task_switch.isra.0+0x153/0x700 [ 18.373585] ? __switch_to+0x5d9/0xf60 [ 18.373650] ? dequeue_task_fair+0x166/0x4e0 [ 18.373738] ? __pfx_read_tsc+0x10/0x10 [ 18.373783] ? ktime_get_ts64+0x86/0x230 [ 18.373820] kunit_try_run_case+0x1a5/0x480 [ 18.373860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.373894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.373929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.373963] ? __kthread_parkme+0x82/0x180 [ 18.373995] ? preempt_count_sub+0x50/0x80 [ 18.374030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.374066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.374100] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.374134] kthread+0x337/0x6f0 [ 18.374157] ? trace_preempt_on+0x20/0xc0 [ 18.374192] ? __pfx_kthread+0x10/0x10 [ 18.374226] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.374278] ? calculate_sigpending+0x7b/0xa0 [ 18.374310] ? __pfx_kthread+0x10/0x10 [ 18.374336] ret_from_fork+0x41/0x80 [ 18.374368] ? __pfx_kthread+0x10/0x10 [ 18.374393] ret_from_fork_asm+0x1a/0x30 [ 18.374435] </TASK> [ 18.374451] [ 18.397331] Allocated by task 230: [ 18.397832] kasan_save_stack+0x45/0x70 [ 18.398340] kasan_save_track+0x18/0x40 [ 18.398957] kasan_save_alloc_info+0x3b/0x50 [ 18.399370] __kasan_slab_alloc+0x91/0xa0 [ 18.400091] kmem_cache_alloc_noprof+0x123/0x3f0 [ 18.400755] kmem_cache_double_free+0x14f/0x480 [ 18.401162] kunit_try_run_case+0x1a5/0x480 [ 18.401845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.402395] kthread+0x337/0x6f0 [ 18.402876] ret_from_fork+0x41/0x80 [ 18.403349] ret_from_fork_asm+0x1a/0x30 [ 18.404210] [ 18.404749] Freed by task 230: [ 18.405086] kasan_save_stack+0x45/0x70 [ 18.405524] kasan_save_track+0x18/0x40 [ 18.406054] kasan_save_free_info+0x3f/0x60 [ 18.406517] __kasan_slab_free+0x56/0x70 [ 18.407084] kmem_cache_free+0x249/0x420 [ 18.407526] kmem_cache_double_free+0x16a/0x480 [ 18.408369] kunit_try_run_case+0x1a5/0x480 [ 18.408965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.409501] kthread+0x337/0x6f0 [ 18.410013] ret_from_fork+0x41/0x80 [ 18.410437] ret_from_fork_asm+0x1a/0x30 [ 18.411041] [ 18.411319] The buggy address belongs to the object at ffff88810a082000 [ 18.411319] which belongs to the cache test_cache of size 200 [ 18.412750] The buggy address is located 0 bytes inside of [ 18.412750] 200-byte region [ffff88810a082000, ffff88810a0820c8) [ 18.413887] [ 18.414138] The buggy address belongs to the physical page: [ 18.414778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a082 [ 18.415419] flags: 0x200000000000000(node=0|zone=2) [ 18.416136] page_type: f5(slab) [ 18.416572] raw: 0200000000000000 ffff888101611780 dead000000000122 0000000000000000 [ 18.417335] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.418093] page dumped because: kasan: bad access detected [ 18.418758] [ 18.419002] Memory state around the buggy address: [ 18.419467] ffff88810a081f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.420205] ffff88810a081f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.421153] >ffff88810a082000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.422085] ^ [ 18.422444] ffff88810a082080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 18.422976] ffff88810a082100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.423645] ==================================================================