Date
July 5, 2025, 5:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.886572] ================================================================== [ 18.886636] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 18.886710] Free of addr fff00000c78a8000 by task kunit_try_catch/209 [ 18.887381] [ 18.887494] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.887620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.887671] Hardware name: linux,dummy-virt (DT) [ 18.887801] Call trace: [ 18.887849] show_stack+0x20/0x38 (C) [ 18.887964] dump_stack_lvl+0x8c/0xd0 [ 18.888016] print_report+0x118/0x608 [ 18.888064] kasan_report_invalid_free+0xc0/0xe8 [ 18.888115] check_slab_allocation+0xd4/0x108 [ 18.888310] __kasan_slab_pre_free+0x2c/0x48 [ 18.888367] kmem_cache_free+0xf0/0x468 [ 18.888416] kmem_cache_double_free+0x190/0x3c8 [ 18.888464] kunit_try_run_case+0x170/0x3f0 [ 18.888544] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.888655] kthread+0x328/0x630 [ 18.888707] ret_from_fork+0x10/0x20 [ 18.888759] [ 18.888778] Allocated by task 209: [ 18.890341] kasan_save_stack+0x3c/0x68 [ 18.891238] kasan_save_track+0x20/0x40 [ 18.892845] kasan_save_alloc_info+0x40/0x58 [ 18.893795] __kasan_slab_alloc+0xa8/0xb0 [ 18.893848] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.893905] kmem_cache_double_free+0x12c/0x3c8 [ 18.893944] kunit_try_run_case+0x170/0x3f0 [ 18.895493] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.895552] kthread+0x328/0x630 [ 18.895584] ret_from_fork+0x10/0x20 [ 18.895657] [ 18.895687] Freed by task 209: [ 18.895715] kasan_save_stack+0x3c/0x68 [ 18.897027] kasan_save_track+0x20/0x40 [ 18.897133] kasan_save_free_info+0x4c/0x78 [ 18.897272] __kasan_slab_free+0x6c/0x98 [ 18.897318] kmem_cache_free+0x260/0x468 [ 18.897354] kmem_cache_double_free+0x140/0x3c8 [ 18.897392] kunit_try_run_case+0x170/0x3f0 [ 18.897430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.899144] kthread+0x328/0x630 [ 18.899247] ret_from_fork+0x10/0x20 [ 18.899291] [ 18.899311] The buggy address belongs to the object at fff00000c78a8000 [ 18.899311] which belongs to the cache test_cache of size 200 [ 18.899368] The buggy address is located 0 bytes inside of [ 18.899368] 200-byte region [fff00000c78a8000, fff00000c78a80c8) [ 18.899734] [ 18.899773] The buggy address belongs to the physical page: [ 18.899854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8 [ 18.899972] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.900129] page_type: f5(slab) [ 18.900221] raw: 0bfffe0000000000 fff00000c5ca5640 dead000000000122 0000000000000000 [ 18.900423] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.900578] page dumped because: kasan: bad access detected [ 18.900677] [ 18.900753] Memory state around the buggy address: [ 18.900789] fff00000c78a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.901104] fff00000c78a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.901343] >fff00000c78a8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.901456] ^ [ 18.901567] fff00000c78a8080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 18.901657] fff00000c78a8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.901747] ==================================================================
[ 12.279580] ================================================================== [ 12.280138] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.281524] Free of addr ffff8881031b9000 by task kunit_try_catch/227 [ 12.282496] [ 12.282670] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.282717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.282729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.282752] Call Trace: [ 12.282765] <TASK> [ 12.282783] dump_stack_lvl+0x73/0xb0 [ 12.282814] print_report+0xd1/0x650 [ 12.282836] ? __virt_addr_valid+0x1db/0x2d0 [ 12.282860] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.282882] ? kmem_cache_double_free+0x1e5/0x480 [ 12.282907] kasan_report_invalid_free+0x10a/0x130 [ 12.282930] ? kmem_cache_double_free+0x1e5/0x480 [ 12.282955] ? kmem_cache_double_free+0x1e5/0x480 [ 12.282978] check_slab_allocation+0x101/0x130 [ 12.282998] __kasan_slab_pre_free+0x28/0x40 [ 12.283019] kmem_cache_free+0xed/0x420 [ 12.283038] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.283057] ? kmem_cache_double_free+0x1e5/0x480 [ 12.283083] kmem_cache_double_free+0x1e5/0x480 [ 12.283107] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.283129] ? finish_task_switch.isra.0+0x153/0x700 [ 12.283150] ? __switch_to+0x47/0xf50 [ 12.283177] ? __pfx_read_tsc+0x10/0x10 [ 12.283198] ? ktime_get_ts64+0x86/0x230 [ 12.283221] kunit_try_run_case+0x1a5/0x480 [ 12.283245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.283266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.283288] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.283310] ? __kthread_parkme+0x82/0x180 [ 12.283330] ? preempt_count_sub+0x50/0x80 [ 12.283352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.283375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.283396] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.283418] kthread+0x337/0x6f0 [ 12.283436] ? trace_preempt_on+0x20/0xc0 [ 12.283473] ? __pfx_kthread+0x10/0x10 [ 12.283492] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.283512] ? calculate_sigpending+0x7b/0xa0 [ 12.283535] ? __pfx_kthread+0x10/0x10 [ 12.283556] ret_from_fork+0x116/0x1d0 [ 12.283573] ? __pfx_kthread+0x10/0x10 [ 12.283592] ret_from_fork_asm+0x1a/0x30 [ 12.283640] </TASK> [ 12.283651] [ 12.300890] Allocated by task 227: [ 12.301318] kasan_save_stack+0x45/0x70 [ 12.301700] kasan_save_track+0x18/0x40 [ 12.301987] kasan_save_alloc_info+0x3b/0x50 [ 12.302137] __kasan_slab_alloc+0x91/0xa0 [ 12.302512] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.302817] kmem_cache_double_free+0x14f/0x480 [ 12.303363] kunit_try_run_case+0x1a5/0x480 [ 12.303847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.304345] kthread+0x337/0x6f0 [ 12.304586] ret_from_fork+0x116/0x1d0 [ 12.304996] ret_from_fork_asm+0x1a/0x30 [ 12.305177] [ 12.305409] Freed by task 227: [ 12.305961] kasan_save_stack+0x45/0x70 [ 12.306322] kasan_save_track+0x18/0x40 [ 12.306477] kasan_save_free_info+0x3f/0x60 [ 12.306627] __kasan_slab_free+0x56/0x70 [ 12.306960] kmem_cache_free+0x249/0x420 [ 12.307327] kmem_cache_double_free+0x16a/0x480 [ 12.307844] kunit_try_run_case+0x1a5/0x480 [ 12.308378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.308980] kthread+0x337/0x6f0 [ 12.309105] ret_from_fork+0x116/0x1d0 [ 12.309411] ret_from_fork_asm+0x1a/0x30 [ 12.309841] [ 12.310002] The buggy address belongs to the object at ffff8881031b9000 [ 12.310002] which belongs to the cache test_cache of size 200 [ 12.311032] The buggy address is located 0 bytes inside of [ 12.311032] 200-byte region [ffff8881031b9000, ffff8881031b90c8) [ 12.312358] [ 12.312540] The buggy address belongs to the physical page: [ 12.312720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031b9 [ 12.313439] flags: 0x200000000000000(node=0|zone=2) [ 12.313941] page_type: f5(slab) [ 12.314228] raw: 0200000000000000 ffff888100a55280 dead000000000122 0000000000000000 [ 12.314476] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.314708] page dumped because: kasan: bad access detected [ 12.314940] [ 12.315095] Memory state around the buggy address: [ 12.315867] ffff8881031b8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.316665] ffff8881031b8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.317411] >ffff8881031b9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.318137] ^ [ 12.318551] ffff8881031b9080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.319285] ffff8881031b9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.319862] ==================================================================