Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 |
[ 33.711297] ================================================================== [ 33.711476] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 33.711602] Free of addr ffff000801ee6000 by task kunit_try_catch/254 [ 33.713008] [ 33.714496] CPU: 6 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 33.714555] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.714572] Hardware name: WinLink E850-96 board (DT) [ 33.714594] Call trace: [ 33.714606] show_stack+0x20/0x38 (C) [ 33.714644] dump_stack_lvl+0x8c/0xd0 [ 33.714677] print_report+0x118/0x608 [ 33.714713] kasan_report_invalid_free+0xc0/0xe8 [ 33.714746] check_slab_allocation+0xd4/0x108 [ 33.714783] __kasan_slab_pre_free+0x2c/0x48 [ 33.714813] kmem_cache_free+0xf0/0x470 [ 33.714846] kmem_cache_double_free+0x190/0x3c8 [ 33.714875] kunit_try_run_case+0x170/0x3f0 [ 33.714910] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.714946] kthread+0x328/0x630 [ 33.714980] ret_from_fork+0x10/0x20 [ 33.715015] [ 33.787572] Allocated by task 254: [ 33.790960] kasan_save_stack+0x3c/0x68 [ 33.794776] kasan_save_track+0x20/0x40 [ 33.798597] kasan_save_alloc_info+0x40/0x58 [ 33.802849] __kasan_slab_alloc+0xa8/0xb0 [ 33.806842] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 33.811443] kmem_cache_double_free+0x12c/0x3c8 [ 33.815957] kunit_try_run_case+0x170/0x3f0 [ 33.820123] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.825592] kthread+0x328/0x630 [ 33.828803] ret_from_fork+0x10/0x20 [ 33.832362] [ 33.833839] Freed by task 254: [ 33.836877] kasan_save_stack+0x3c/0x68 [ 33.840696] kasan_save_track+0x20/0x40 [ 33.844515] kasan_save_free_info+0x4c/0x78 [ 33.848681] __kasan_slab_free+0x6c/0x98 [ 33.852589] kmem_cache_free+0x260/0x470 [ 33.856494] kmem_cache_double_free+0x140/0x3c8 [ 33.861008] kunit_try_run_case+0x170/0x3f0 [ 33.865175] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.870643] kthread+0x328/0x630 [ 33.873855] ret_from_fork+0x10/0x20 [ 33.877414] [ 33.878891] The buggy address belongs to the object at ffff000801ee6000 [ 33.878891] which belongs to the cache test_cache of size 200 [ 33.891304] The buggy address is located 0 bytes inside of [ 33.891304] 200-byte region [ffff000801ee6000, ffff000801ee60c8) [ 33.902847] [ 33.904327] The buggy address belongs to the physical page: [ 33.909883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ee6 [ 33.917868] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.925507] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.932449] page_type: f5(slab) [ 33.935587] raw: 0bfffe0000000040 ffff000801ee4000 dead000000000122 0000000000000000 [ 33.943305] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.951032] head: 0bfffe0000000040 ffff000801ee4000 dead000000000122 0000000000000000 [ 33.958843] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.966656] head: 0bfffe0000000001 fffffdffe007b981 00000000ffffffff 00000000ffffffff [ 33.974467] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 33.982273] page dumped because: kasan: bad access detected [ 33.987828] [ 33.989304] Memory state around the buggy address: [ 33.994086] ffff000801ee5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.001287] ffff000801ee5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.008494] >ffff000801ee6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.015693] ^ [ 34.018908] ffff000801ee6080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 34.026113] ffff000801ee6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.033316] ==================================================================