Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 33.618540] ================================================================== [ 33.618722] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 33.618848] Free of addr ffff000800dbc000 by task kunit_try_catch/256 [ 33.620249] [ 33.621736] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 33.621791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.621808] Hardware name: WinLink E850-96 board (DT) [ 33.621832] Call trace: [ 33.621846] show_stack+0x20/0x38 (C) [ 33.621885] dump_stack_lvl+0x8c/0xd0 [ 33.621922] print_report+0x118/0x608 [ 33.621957] kasan_report_invalid_free+0xc0/0xe8 [ 33.621994] check_slab_allocation+0xd4/0x108 [ 33.622027] __kasan_slab_pre_free+0x2c/0x48 [ 33.622061] kmem_cache_free+0xf0/0x468 [ 33.622094] kmem_cache_double_free+0x190/0x3c8 [ 33.622128] kunit_try_run_case+0x170/0x3f0 [ 33.622167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.622203] kthread+0x328/0x630 [ 33.622232] ret_from_fork+0x10/0x20 [ 33.622271] [ 33.693600] Allocated by task 256: [ 33.696986] kasan_save_stack+0x3c/0x68 [ 33.700802] kasan_save_track+0x20/0x40 [ 33.704621] kasan_save_alloc_info+0x40/0x58 [ 33.708875] __kasan_slab_alloc+0xa8/0xb0 [ 33.712869] kmem_cache_alloc_noprof+0x10c/0x398 [ 33.717468] kmem_cache_double_free+0x12c/0x3c8 [ 33.721982] kunit_try_run_case+0x170/0x3f0 [ 33.726149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.731617] kthread+0x328/0x630 [ 33.734829] ret_from_fork+0x10/0x20 [ 33.738388] [ 33.739865] Freed by task 256: [ 33.742903] kasan_save_stack+0x3c/0x68 [ 33.746721] kasan_save_track+0x20/0x40 [ 33.750540] kasan_save_free_info+0x4c/0x78 [ 33.754707] __kasan_slab_free+0x6c/0x98 [ 33.758614] kmem_cache_free+0x260/0x468 [ 33.762520] kmem_cache_double_free+0x140/0x3c8 [ 33.767035] kunit_try_run_case+0x170/0x3f0 [ 33.771200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.776669] kthread+0x328/0x630 [ 33.779880] ret_from_fork+0x10/0x20 [ 33.783439] [ 33.784916] The buggy address belongs to the object at ffff000800dbc000 [ 33.784916] which belongs to the cache test_cache of size 200 [ 33.797331] The buggy address is located 0 bytes inside of [ 33.797331] 200-byte region [ffff000800dbc000, ffff000800dbc0c8) [ 33.808873] [ 33.810353] The buggy address belongs to the physical page: [ 33.815909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dbc [ 33.823892] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.831533] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.838475] page_type: f5(slab) [ 33.841613] raw: 0bfffe0000000040 ffff000800dba000 dead000000000122 0000000000000000 [ 33.849331] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.857060] head: 0bfffe0000000040 ffff000800dba000 dead000000000122 0000000000000000 [ 33.864868] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.872682] head: 0bfffe0000000001 fffffdffe0036f01 00000000ffffffff 00000000ffffffff [ 33.880494] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 33.888301] page dumped because: kasan: bad access detected [ 33.893854] [ 33.895329] Memory state around the buggy address: [ 33.900109] ffff000800dbbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.907313] ffff000800dbbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.914517] >ffff000800dbc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.921719] ^ [ 33.924934] ffff000800dbc080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 33.932139] ffff000800dbc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.939341] ==================================================================
[ 26.506813] ================================================================== [ 26.506999] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 26.507987] Free of addr fff00000c6424000 by task kunit_try_catch/209 [ 26.508125] [ 26.508229] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 26.508886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.509082] Hardware name: linux,dummy-virt (DT) [ 26.509210] Call trace: [ 26.509294] show_stack+0x20/0x38 (C) [ 26.509493] dump_stack_lvl+0x8c/0xd0 [ 26.509730] print_report+0x118/0x608 [ 26.510379] kasan_report_invalid_free+0xc0/0xe8 [ 26.510568] check_slab_allocation+0xd4/0x108 [ 26.510754] __kasan_slab_pre_free+0x2c/0x48 [ 26.510919] kmem_cache_free+0xf0/0x468 [ 26.511203] kmem_cache_double_free+0x190/0x3c8 [ 26.511584] kunit_try_run_case+0x170/0x3f0 [ 26.512027] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.512603] kthread+0x328/0x630 [ 26.512736] ret_from_fork+0x10/0x20 [ 26.512917] [ 26.512994] Allocated by task 209: [ 26.513359] kasan_save_stack+0x3c/0x68 [ 26.513759] kasan_save_track+0x20/0x40 [ 26.513929] kasan_save_alloc_info+0x40/0x58 [ 26.514223] __kasan_slab_alloc+0xa8/0xb0 [ 26.514321] kmem_cache_alloc_noprof+0x10c/0x398 [ 26.514502] kmem_cache_double_free+0x12c/0x3c8 [ 26.514637] kunit_try_run_case+0x170/0x3f0 [ 26.514912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.515083] kthread+0x328/0x630 [ 26.515245] ret_from_fork+0x10/0x20 [ 26.515572] [ 26.515623] Freed by task 209: [ 26.515900] kasan_save_stack+0x3c/0x68 [ 26.516324] kasan_save_track+0x20/0x40 [ 26.516465] kasan_save_free_info+0x4c/0x78 [ 26.516573] __kasan_slab_free+0x6c/0x98 [ 26.516671] kmem_cache_free+0x260/0x468 [ 26.516788] kmem_cache_double_free+0x140/0x3c8 [ 26.517225] kunit_try_run_case+0x170/0x3f0 [ 26.517654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.517830] kthread+0x328/0x630 [ 26.517924] ret_from_fork+0x10/0x20 [ 26.518042] [ 26.518217] The buggy address belongs to the object at fff00000c6424000 [ 26.518217] which belongs to the cache test_cache of size 200 [ 26.518821] The buggy address is located 0 bytes inside of [ 26.518821] 200-byte region [fff00000c6424000, fff00000c64240c8) [ 26.519150] [ 26.519212] The buggy address belongs to the physical page: [ 26.519302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106424 [ 26.519740] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.519877] page_type: f5(slab) [ 26.519994] raw: 0bfffe0000000000 fff00000c569f780 dead000000000122 0000000000000000 [ 26.520518] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.520639] page dumped because: kasan: bad access detected [ 26.521123] [ 26.521231] Memory state around the buggy address: [ 26.521317] fff00000c6423f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.521434] fff00000c6423f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.521538] >fff00000c6424000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.521633] ^ [ 26.521706] fff00000c6424080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.521812] fff00000c6424100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.521994] ==================================================================
[ 26.770042] ================================================================== [ 26.770193] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 26.770435] Free of addr fff00000c7735000 by task kunit_try_catch/209 [ 26.770552] [ 26.770679] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 26.771016] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.771165] Hardware name: linux,dummy-virt (DT) [ 26.771341] Call trace: [ 26.771422] show_stack+0x20/0x38 (C) [ 26.771559] dump_stack_lvl+0x8c/0xd0 [ 26.771697] print_report+0x118/0x608 [ 26.771854] kasan_report_invalid_free+0xc0/0xe8 [ 26.771998] check_slab_allocation+0xd4/0x108 [ 26.772206] __kasan_slab_pre_free+0x2c/0x48 [ 26.772358] kmem_cache_free+0xf0/0x468 [ 26.772595] kmem_cache_double_free+0x190/0x3c8 [ 26.772895] kunit_try_run_case+0x170/0x3f0 [ 26.773121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.773350] kthread+0x328/0x630 [ 26.773485] ret_from_fork+0x10/0x20 [ 26.773656] [ 26.773707] Allocated by task 209: [ 26.773781] kasan_save_stack+0x3c/0x68 [ 26.773906] kasan_save_track+0x20/0x40 [ 26.774001] kasan_save_alloc_info+0x40/0x58 [ 26.774109] __kasan_slab_alloc+0xa8/0xb0 [ 26.774229] kmem_cache_alloc_noprof+0x10c/0x398 [ 26.774409] kmem_cache_double_free+0x12c/0x3c8 [ 26.774526] kunit_try_run_case+0x170/0x3f0 [ 26.774632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.774781] kthread+0x328/0x630 [ 26.775001] ret_from_fork+0x10/0x20 [ 26.775289] [ 26.775345] Freed by task 209: [ 26.775488] kasan_save_stack+0x3c/0x68 [ 26.775589] kasan_save_track+0x20/0x40 [ 26.775728] kasan_save_free_info+0x4c/0x78 [ 26.776609] __kasan_slab_free+0x6c/0x98 [ 26.776997] kmem_cache_free+0x260/0x468 [ 26.778075] kmem_cache_double_free+0x140/0x3c8 [ 26.778319] kunit_try_run_case+0x170/0x3f0 [ 26.778490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.778600] kthread+0x328/0x630 [ 26.778705] ret_from_fork+0x10/0x20 [ 26.778801] [ 26.778896] The buggy address belongs to the object at fff00000c7735000 [ 26.778896] which belongs to the cache test_cache of size 200 [ 26.779175] The buggy address is located 0 bytes inside of [ 26.779175] 200-byte region [fff00000c7735000, fff00000c77350c8) [ 26.779318] [ 26.779373] The buggy address belongs to the physical page: [ 26.779448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107735 [ 26.779637] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.779813] page_type: f5(slab) [ 26.779944] raw: 0bfffe0000000000 fff00000ffeb4000 dead000000000122 0000000000000000 [ 26.780208] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.780329] page dumped because: kasan: bad access detected [ 26.780418] [ 26.780475] Memory state around the buggy address: [ 26.780564] fff00000c7734f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.780678] fff00000c7734f80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 26.780886] >fff00000c7735000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.781000] ^ [ 26.781157] fff00000c7735080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.781277] fff00000c7735100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.781386] ==================================================================
[ 20.177413] ================================================================== [ 20.178465] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 20.178951] Free of addr ffff888101b39000 by task kunit_try_catch/227 [ 20.180320] [ 20.180620] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.180741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.180778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.180839] Call Trace: [ 20.180884] <TASK> [ 20.180937] dump_stack_lvl+0x73/0xb0 [ 20.181045] print_report+0xd1/0x650 [ 20.181124] ? __virt_addr_valid+0x1db/0x2d0 [ 20.181211] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.181359] ? kmem_cache_double_free+0x1e5/0x480 [ 20.181469] kasan_report_invalid_free+0x10a/0x130 [ 20.181568] ? kmem_cache_double_free+0x1e5/0x480 [ 20.181672] ? kmem_cache_double_free+0x1e5/0x480 [ 20.181750] check_slab_allocation+0x101/0x130 [ 20.181821] __kasan_slab_pre_free+0x28/0x40 [ 20.181891] kmem_cache_free+0xed/0x420 [ 20.181971] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 20.182041] ? kmem_cache_double_free+0x1e5/0x480 [ 20.182111] kmem_cache_double_free+0x1e5/0x480 [ 20.182175] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 20.182238] ? finish_task_switch.isra.0+0x153/0x700 [ 20.182295] ? __switch_to+0x47/0xf50 [ 20.182366] ? __pfx_read_tsc+0x10/0x10 [ 20.182419] ? ktime_get_ts64+0x86/0x230 [ 20.182478] kunit_try_run_case+0x1a5/0x480 [ 20.182565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.182626] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.182728] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.182807] ? __kthread_parkme+0x82/0x180 [ 20.182855] ? preempt_count_sub+0x50/0x80 [ 20.182890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.182927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.182961] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.182996] kthread+0x337/0x6f0 [ 20.183024] ? trace_preempt_on+0x20/0xc0 [ 20.183060] ? __pfx_kthread+0x10/0x10 [ 20.183089] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.183120] ? calculate_sigpending+0x7b/0xa0 [ 20.183155] ? __pfx_kthread+0x10/0x10 [ 20.183184] ret_from_fork+0x116/0x1d0 [ 20.183210] ? __pfx_kthread+0x10/0x10 [ 20.183258] ret_from_fork_asm+0x1a/0x30 [ 20.183316] </TASK> [ 20.183332] [ 20.206361] Allocated by task 227: [ 20.207446] kasan_save_stack+0x45/0x70 [ 20.208078] kasan_save_track+0x18/0x40 [ 20.208587] kasan_save_alloc_info+0x3b/0x50 [ 20.209010] __kasan_slab_alloc+0x91/0xa0 [ 20.209827] kmem_cache_alloc_noprof+0x123/0x3f0 [ 20.210377] kmem_cache_double_free+0x14f/0x480 [ 20.211516] kunit_try_run_case+0x1a5/0x480 [ 20.212000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.212946] kthread+0x337/0x6f0 [ 20.213333] ret_from_fork+0x116/0x1d0 [ 20.213876] ret_from_fork_asm+0x1a/0x30 [ 20.214306] [ 20.214985] Freed by task 227: [ 20.215556] kasan_save_stack+0x45/0x70 [ 20.216136] kasan_save_track+0x18/0x40 [ 20.216564] kasan_save_free_info+0x3f/0x60 [ 20.216936] __kasan_slab_free+0x56/0x70 [ 20.217363] kmem_cache_free+0x249/0x420 [ 20.218064] kmem_cache_double_free+0x16a/0x480 [ 20.218451] kunit_try_run_case+0x1a5/0x480 [ 20.219526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.220217] kthread+0x337/0x6f0 [ 20.220814] ret_from_fork+0x116/0x1d0 [ 20.221197] ret_from_fork_asm+0x1a/0x30 [ 20.221939] [ 20.222167] The buggy address belongs to the object at ffff888101b39000 [ 20.222167] which belongs to the cache test_cache of size 200 [ 20.223696] The buggy address is located 0 bytes inside of [ 20.223696] 200-byte region [ffff888101b39000, ffff888101b390c8) [ 20.224950] [ 20.225197] The buggy address belongs to the physical page: [ 20.225954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b39 [ 20.226728] flags: 0x200000000000000(node=0|zone=2) [ 20.227162] page_type: f5(slab) [ 20.228321] raw: 0200000000000000 ffff8881010fd500 dead000000000122 0000000000000000 [ 20.229083] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 20.229874] page dumped because: kasan: bad access detected [ 20.230586] [ 20.230768] Memory state around the buggy address: [ 20.231759] ffff888101b38f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.232490] ffff888101b38f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.233185] >ffff888101b39000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.234049] ^ [ 20.234438] ffff888101b39080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 20.235524] ffff888101b39100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.236082] ==================================================================
[ 19.074292] ================================================================== [ 19.075147] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 19.075725] Free of addr ffff888103309000 by task kunit_try_catch/227 [ 19.076273] [ 19.076587] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 19.076711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.076749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.076809] Call Trace: [ 19.076846] <TASK> [ 19.076907] dump_stack_lvl+0x73/0xb0 [ 19.076999] print_report+0xd1/0x650 [ 19.077076] ? __virt_addr_valid+0x1db/0x2d0 [ 19.077158] ? kasan_complete_mode_report_info+0x64/0x200 [ 19.077231] ? kmem_cache_double_free+0x1e5/0x480 [ 19.077312] kasan_report_invalid_free+0x10a/0x130 [ 19.077389] ? kmem_cache_double_free+0x1e5/0x480 [ 19.077473] ? kmem_cache_double_free+0x1e5/0x480 [ 19.077606] check_slab_allocation+0x101/0x130 [ 19.077692] __kasan_slab_pre_free+0x28/0x40 [ 19.077769] kmem_cache_free+0xed/0x420 [ 19.077839] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.077928] ? kmem_cache_double_free+0x1e5/0x480 [ 19.078011] kmem_cache_double_free+0x1e5/0x480 [ 19.078090] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 19.078169] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.078318] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 19.078409] kunit_try_run_case+0x1a5/0x480 [ 19.078493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.078604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.078686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.078762] ? __kthread_parkme+0x82/0x180 [ 19.078833] ? preempt_count_sub+0x50/0x80 [ 19.078922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.078965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.079001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.079037] kthread+0x337/0x6f0 [ 19.079065] ? trace_preempt_on+0x20/0xc0 [ 19.079104] ? __pfx_kthread+0x10/0x10 [ 19.079168] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.079202] ? calculate_sigpending+0x7b/0xa0 [ 19.079237] ? __pfx_kthread+0x10/0x10 [ 19.079266] ret_from_fork+0x116/0x1d0 [ 19.079292] ? __pfx_kthread+0x10/0x10 [ 19.079321] ret_from_fork_asm+0x1a/0x30 [ 19.079362] </TASK> [ 19.079376] [ 19.100328] Allocated by task 227: [ 19.100813] kasan_save_stack+0x45/0x70 [ 19.101167] kasan_save_track+0x18/0x40 [ 19.101483] kasan_save_alloc_info+0x3b/0x50 [ 19.102023] __kasan_slab_alloc+0x91/0xa0 [ 19.102482] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.103068] kmem_cache_double_free+0x14f/0x480 [ 19.103579] kunit_try_run_case+0x1a5/0x480 [ 19.104104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.104569] kthread+0x337/0x6f0 [ 19.105088] ret_from_fork+0x116/0x1d0 [ 19.105499] ret_from_fork_asm+0x1a/0x30 [ 19.105963] [ 19.106197] Freed by task 227: [ 19.106499] kasan_save_stack+0x45/0x70 [ 19.107092] kasan_save_track+0x18/0x40 [ 19.107460] kasan_save_free_info+0x3f/0x60 [ 19.107941] __kasan_slab_free+0x56/0x70 [ 19.108266] kmem_cache_free+0x249/0x420 [ 19.108583] kmem_cache_double_free+0x16a/0x480 [ 19.109070] kunit_try_run_case+0x1a5/0x480 [ 19.109579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.110122] kthread+0x337/0x6f0 [ 19.110765] ret_from_fork+0x116/0x1d0 [ 19.111183] ret_from_fork_asm+0x1a/0x30 [ 19.111728] [ 19.111996] The buggy address belongs to the object at ffff888103309000 [ 19.111996] which belongs to the cache test_cache of size 200 [ 19.113118] The buggy address is located 0 bytes inside of [ 19.113118] 200-byte region [ffff888103309000, ffff8881033090c8) [ 19.113769] [ 19.113993] The buggy address belongs to the physical page: [ 19.114503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103309 [ 19.115458] flags: 0x200000000000000(node=0|zone=2) [ 19.115822] page_type: f5(slab) [ 19.116135] raw: 0200000000000000 ffff888101aff8c0 dead000000000122 0000000000000000 [ 19.116793] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.117870] page dumped because: kasan: bad access detected [ 19.118451] [ 19.118715] Memory state around the buggy address: [ 19.119078] ffff888103308f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.119526] ffff888103308f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.120017] >ffff888103309000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.120731] ^ [ 19.121336] ffff888103309080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 19.121993] ffff888103309100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.122577] ==================================================================
[ 21.204938] ================================================================== [ 21.205975] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 21.206624] Free of addr ffff00000daa4000 by task kunit_try_catch/262 [ 21.207221] [ 21.207386] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 21.207436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.207450] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.207468] Call trace: [ 21.207479] show_stack+0x20/0x38 (C) [ 21.207513] dump_stack_lvl+0x8c/0xd0 [ 21.207548] print_report+0x118/0x608 [ 21.207582] kasan_report_invalid_free+0xc0/0xe8 [ 21.207617] check_slab_allocation+0xd4/0x108 [ 21.207649] __kasan_slab_pre_free+0x2c/0x48 [ 21.207682] kmem_cache_free+0xf0/0x468 [ 21.207714] kmem_cache_double_free+0x190/0x3c8 [ 21.207745] kunit_try_run_case+0x170/0x3f0 [ 21.207779] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.207817] kthread+0x328/0x630 [ 21.207843] ret_from_fork+0x10/0x20 [ 21.207875] [ 21.214293] Allocated by task 262: [ 21.214638] kasan_save_stack+0x3c/0x68 [ 21.215047] kasan_save_track+0x20/0x40 [ 21.215454] kasan_save_alloc_info+0x40/0x58 [ 21.215903] __kasan_slab_alloc+0xa8/0xb0 [ 21.216323] kmem_cache_alloc_noprof+0x10c/0x398 [ 21.216800] kmem_cache_double_free+0x12c/0x3c8 [ 21.217266] kunit_try_run_case+0x170/0x3f0 [ 21.217703] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.218260] kthread+0x328/0x630 [ 21.218601] ret_from_fork+0x10/0x20 [ 21.218980] [ 21.219148] Freed by task 262: [ 21.219460] kasan_save_stack+0x3c/0x68 [ 21.219866] kasan_save_track+0x20/0x40 [ 21.220271] kasan_save_free_info+0x4c/0x78 [ 21.220713] __kasan_slab_free+0x6c/0x98 [ 21.221123] kmem_cache_free+0x260/0x468 [ 21.221534] kmem_cache_double_free+0x140/0x3c8 [ 21.222000] kunit_try_run_case+0x170/0x3f0 [ 21.222436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.222990] kthread+0x328/0x630 [ 21.223331] ret_from_fork+0x10/0x20 [ 21.223708] [ 21.223875] The buggy address belongs to the object at ffff00000daa4000 [ 21.223875] which belongs to the cache test_cache of size 200 [ 21.225032] The buggy address is located 0 bytes inside of [ 21.225032] 200-byte region [ffff00000daa4000, ffff00000daa40c8) [ 21.226117] [ 21.226287] The buggy address belongs to the physical page: [ 21.226823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdaa4 [ 21.227577] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.228311] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 21.228995] page_type: f5(slab) [ 21.229334] raw: 03fffe0000000040 ffff00000daa2000 dead000000000122 0000000000000000 [ 21.230081] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 21.230829] head: 03fffe0000000040 ffff00000daa2000 dead000000000122 0000000000000000 [ 21.231583] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 21.232339] head: 03fffe0000000001 fffffdffc036a901 00000000ffffffff 00000000ffffffff [ 21.233093] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.233834] page dumped because: kasan: bad access detected [ 21.234370] [ 21.234537] Memory state around the buggy address: [ 21.235007] ffff00000daa3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.235700] ffff00000daa3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.236393] >ffff00000daa4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.237079] ^ [ 21.237411] ffff00000daa4080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 21.238104] ffff00000daa4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.238790] ==================================================================