Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 33.759908] ================================================================== [ 33.760083] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 33.760207] Free of addr ffff000803ec2000 by task kunit_try_catch/253 [ 33.761614] [ 33.763102] CPU: 4 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 33.763156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.763172] Hardware name: WinLink E850-96 board (DT) [ 33.763192] Call trace: [ 33.763205] show_stack+0x20/0x38 (C) [ 33.763240] dump_stack_lvl+0x8c/0xd0 [ 33.763280] print_report+0x118/0x608 [ 33.763319] kasan_report_invalid_free+0xc0/0xe8 [ 33.763355] check_slab_allocation+0xd4/0x108 [ 33.763391] __kasan_slab_pre_free+0x2c/0x48 [ 33.763422] kmem_cache_free+0xf0/0x470 [ 33.763454] kmem_cache_double_free+0x190/0x3c8 [ 33.763486] kunit_try_run_case+0x170/0x3f0 [ 33.763520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.763558] kthread+0x328/0x630 [ 33.763587] ret_from_fork+0x10/0x20 [ 33.763622] [ 33.835832] Allocated by task 253: [ 33.839220] kasan_save_stack+0x3c/0x68 [ 33.843037] kasan_save_track+0x20/0x40 [ 33.846858] kasan_save_alloc_info+0x40/0x58 [ 33.851110] __kasan_slab_alloc+0xa8/0xb0 [ 33.855103] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 33.859703] kmem_cache_double_free+0x12c/0x3c8 [ 33.864217] kunit_try_run_case+0x170/0x3f0 [ 33.868383] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.873852] kthread+0x328/0x630 [ 33.877064] ret_from_fork+0x10/0x20 [ 33.880623] [ 33.882100] Freed by task 253: [ 33.885138] kasan_save_stack+0x3c/0x68 [ 33.888956] kasan_save_track+0x20/0x40 [ 33.892775] kasan_save_free_info+0x4c/0x78 [ 33.896942] __kasan_slab_free+0x6c/0x98 [ 33.900850] kmem_cache_free+0x260/0x470 [ 33.904754] kmem_cache_double_free+0x140/0x3c8 [ 33.909269] kunit_try_run_case+0x170/0x3f0 [ 33.913435] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.918904] kthread+0x328/0x630 [ 33.922115] ret_from_fork+0x10/0x20 [ 33.925674] [ 33.927153] The buggy address belongs to the object at ffff000803ec2000 [ 33.927153] which belongs to the cache test_cache of size 200 [ 33.939565] The buggy address is located 0 bytes inside of [ 33.939565] 200-byte region [ffff000803ec2000, ffff000803ec20c8) [ 33.951108] [ 33.952586] The buggy address belongs to the physical page: [ 33.958144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883ec2 [ 33.966128] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.973768] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.980709] page_type: f5(slab) [ 33.983847] raw: 0bfffe0000000040 ffff000801de7680 dead000000000122 0000000000000000 [ 33.991565] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.999293] head: 0bfffe0000000040 ffff000801de7680 dead000000000122 0000000000000000 [ 34.007103] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 34.014916] head: 0bfffe0000000001 fffffdffe00fb081 00000000ffffffff 00000000ffffffff [ 34.022728] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 34.030534] page dumped because: kasan: bad access detected [ 34.036091] [ 34.037566] Memory state around the buggy address: [ 34.042347] ffff000803ec1f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.049549] ffff000803ec1f80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 34.056755] >ffff000803ec2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.063953] ^ [ 34.067169] ffff000803ec2080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 34.074374] ffff000803ec2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.081576] ==================================================================
[ 26.027201] ================================================================== [ 26.027780] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 26.028478] Free of addr fff00000c77f5000 by task kunit_try_catch/210 [ 26.028585] [ 26.029382] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 26.030223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.030291] Hardware name: linux,dummy-virt (DT) [ 26.030371] Call trace: [ 26.030425] show_stack+0x20/0x38 (C) [ 26.030554] dump_stack_lvl+0x8c/0xd0 [ 26.032385] print_report+0x118/0x608 [ 26.032819] kasan_report_invalid_free+0xc0/0xe8 [ 26.033427] check_slab_allocation+0xd4/0x108 [ 26.034016] __kasan_slab_pre_free+0x2c/0x48 [ 26.034212] kmem_cache_free+0xf0/0x470 [ 26.034575] kmem_cache_double_free+0x190/0x3c8 [ 26.034805] kunit_try_run_case+0x170/0x3f0 [ 26.035305] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.035733] kthread+0x328/0x630 [ 26.035949] ret_from_fork+0x10/0x20 [ 26.036124] [ 26.036174] Allocated by task 210: [ 26.036264] kasan_save_stack+0x3c/0x68 [ 26.036532] kasan_save_track+0x20/0x40 [ 26.036632] kasan_save_alloc_info+0x40/0x58 [ 26.036745] __kasan_slab_alloc+0xa8/0xb0 [ 26.036845] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 26.036943] kmem_cache_double_free+0x12c/0x3c8 [ 26.037035] kunit_try_run_case+0x170/0x3f0 [ 26.037128] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.037309] kthread+0x328/0x630 [ 26.037500] ret_from_fork+0x10/0x20 [ 26.037594] [ 26.037643] Freed by task 210: [ 26.037727] kasan_save_stack+0x3c/0x68 [ 26.037836] kasan_save_track+0x20/0x40 [ 26.038017] kasan_save_free_info+0x4c/0x78 [ 26.038236] __kasan_slab_free+0x6c/0x98 [ 26.038342] kmem_cache_free+0x260/0x470 [ 26.038453] kmem_cache_double_free+0x140/0x3c8 [ 26.038707] kunit_try_run_case+0x170/0x3f0 [ 26.038818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.039002] kthread+0x328/0x630 [ 26.039139] ret_from_fork+0x10/0x20 [ 26.039320] [ 26.039436] The buggy address belongs to the object at fff00000c77f5000 [ 26.039436] which belongs to the cache test_cache of size 200 [ 26.039644] The buggy address is located 0 bytes inside of [ 26.039644] 200-byte region [fff00000c77f5000, fff00000c77f50c8) [ 26.039861] [ 26.039914] The buggy address belongs to the physical page: [ 26.039993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077f5 [ 26.040130] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.040254] page_type: f5(slab) [ 26.040358] raw: 0bfffe0000000000 fff00000c5bfea00 dead000000000122 0000000000000000 [ 26.040483] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.040629] page dumped because: kasan: bad access detected [ 26.040980] [ 26.041254] Memory state around the buggy address: [ 26.041505] fff00000c77f4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.041613] fff00000c77f4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.041734] >fff00000c77f5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.042063] ^ [ 26.042505] fff00000c77f5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.042610] fff00000c77f5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.042943] ==================================================================
[ 19.452859] ================================================================== [ 19.453667] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 19.456349] Free of addr ffff8881022d8000 by task kunit_try_catch/226 [ 19.457226] [ 19.457508] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 19.457636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.457673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.457751] Call Trace: [ 19.457790] <TASK> [ 19.457839] dump_stack_lvl+0x73/0xb0 [ 19.457919] print_report+0xd1/0x650 [ 19.458018] ? __virt_addr_valid+0x1db/0x2d0 [ 19.458100] ? kasan_complete_mode_report_info+0x64/0x200 [ 19.458177] ? kmem_cache_double_free+0x1e5/0x480 [ 19.458252] kasan_report_invalid_free+0x10a/0x130 [ 19.458350] ? kmem_cache_double_free+0x1e5/0x480 [ 19.458427] ? kmem_cache_double_free+0x1e5/0x480 [ 19.458499] check_slab_allocation+0x101/0x130 [ 19.458580] __kasan_slab_pre_free+0x28/0x40 [ 19.458654] kmem_cache_free+0xed/0x420 [ 19.458725] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.458795] ? kmem_cache_double_free+0x1e5/0x480 [ 19.458869] kmem_cache_double_free+0x1e5/0x480 [ 19.458938] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 19.459062] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.459242] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 19.459331] kunit_try_run_case+0x1a5/0x480 [ 19.459409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.459472] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.459555] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.459601] ? __kthread_parkme+0x82/0x180 [ 19.459633] ? preempt_count_sub+0x50/0x80 [ 19.459665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.459694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.459761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.459799] kthread+0x337/0x6f0 [ 19.459826] ? trace_preempt_on+0x20/0xc0 [ 19.459859] ? __pfx_kthread+0x10/0x10 [ 19.459887] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.459921] ? calculate_sigpending+0x7b/0xa0 [ 19.459954] ? __pfx_kthread+0x10/0x10 [ 19.459984] ret_from_fork+0x116/0x1d0 [ 19.460043] ? __pfx_kthread+0x10/0x10 [ 19.460073] ret_from_fork_asm+0x1a/0x30 [ 19.460116] </TASK> [ 19.460132] [ 19.479700] Allocated by task 226: [ 19.480111] kasan_save_stack+0x45/0x70 [ 19.480911] kasan_save_track+0x18/0x40 [ 19.481533] kasan_save_alloc_info+0x3b/0x50 [ 19.482050] __kasan_slab_alloc+0x91/0xa0 [ 19.482471] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.482983] kmem_cache_double_free+0x14f/0x480 [ 19.483608] kunit_try_run_case+0x1a5/0x480 [ 19.484088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.484935] kthread+0x337/0x6f0 [ 19.485378] ret_from_fork+0x116/0x1d0 [ 19.485743] ret_from_fork_asm+0x1a/0x30 [ 19.486189] [ 19.486386] Freed by task 226: [ 19.486675] kasan_save_stack+0x45/0x70 [ 19.487386] kasan_save_track+0x18/0x40 [ 19.487846] kasan_save_free_info+0x3f/0x60 [ 19.488607] __kasan_slab_free+0x56/0x70 [ 19.489073] kmem_cache_free+0x249/0x420 [ 19.489538] kmem_cache_double_free+0x16a/0x480 [ 19.490030] kunit_try_run_case+0x1a5/0x480 [ 19.490617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.491198] kthread+0x337/0x6f0 [ 19.491553] ret_from_fork+0x116/0x1d0 [ 19.491909] ret_from_fork_asm+0x1a/0x30 [ 19.492324] [ 19.492522] The buggy address belongs to the object at ffff8881022d8000 [ 19.492522] which belongs to the cache test_cache of size 200 [ 19.494034] The buggy address is located 0 bytes inside of [ 19.494034] 200-byte region [ffff8881022d8000, ffff8881022d80c8) [ 19.495983] [ 19.496559] The buggy address belongs to the physical page: [ 19.496945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022d8 [ 19.497845] flags: 0x200000000000000(node=0|zone=2) [ 19.498433] page_type: f5(slab) [ 19.498838] raw: 0200000000000000 ffff8881022d3140 dead000000000122 0000000000000000 [ 19.499633] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.500614] page dumped because: kasan: bad access detected [ 19.501066] [ 19.501451] Memory state around the buggy address: [ 19.501885] ffff8881022d7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.502651] ffff8881022d7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.503245] >ffff8881022d8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.503800] ^ [ 19.504183] ffff8881022d8080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 19.505157] ffff8881022d8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.505838] ==================================================================
[ 60.289825] ================================================================== [ 60.300720] BUG: KASAN: double-free in kmem_cache_double_free+0x208/0x4bc [ 60.307586] Free of addr cc85d000 by task kunit_try_catch/261 [ 60.313354] [ 60.314880] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 60.314910] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 60.314941] Hardware name: Generic DRA74X (Flattened Device Tree) [ 60.314941] Call trace: [ 60.314941] unwind_backtrace from show_stack+0x18/0x1c [ 60.315002] show_stack from dump_stack_lvl+0x70/0x90 [ 60.315032] dump_stack_lvl from print_report+0x158/0x528 [ 60.315063] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 60.315093] kasan_report_invalid_free from check_slab_allocation+0xb8/0xd8 [ 60.315124] check_slab_allocation from kmem_cache_free+0xe0/0x470 [ 60.315155] kmem_cache_free from kmem_cache_double_free+0x208/0x4bc [ 60.315185] kmem_cache_double_free from kunit_try_run_case+0x22c/0x5a8 [ 60.315216] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.315246] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 60.315277] kthread from ret_from_fork+0x14/0x20 [ 60.315307] Exception stack(0xf2383fb0 to 0xf2383ff8) [ 60.315307] 3fa0: 00000000 00000000 00000000 00000000 [ 60.315338] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 60.315368] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 60.315368] [ 60.436523] Allocated by task 261: [ 60.439971] kasan_save_track+0x30/0x5c [ 60.443847] __kasan_slab_alloc+0x60/0x68 [ 60.447875] kmem_cache_alloc_noprof+0x17c/0x36c [ 60.452545] kmem_cache_double_free+0x16c/0x4bc [ 60.457122] kunit_try_run_case+0x22c/0x5a8 [ 60.461334] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.466888] kthread+0x464/0x810 [ 60.470153] ret_from_fork+0x14/0x20 [ 60.473754] [ 60.475250] Freed by task 261: [ 60.478332] kasan_save_track+0x30/0x5c [ 60.482208] kasan_save_free_info+0x3c/0x48 [ 60.486419] __kasan_slab_free+0x40/0x50 [ 60.490386] kmem_cache_free+0x100/0x470 [ 60.494354] kmem_cache_double_free+0x184/0x4bc [ 60.498931] kunit_try_run_case+0x22c/0x5a8 [ 60.503143] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.508697] kthread+0x464/0x810 [ 60.511962] ret_from_fork+0x14/0x20 [ 60.515563] [ 60.517059] The buggy address belongs to the object at cc85d000 [ 60.517059] which belongs to the cache test_cache of size 200 [ 60.528900] The buggy address is located 0 bytes inside of [ 60.528900] 200-byte region [cc85d000, cc85d0c8) [ 60.539123] [ 60.540649] The buggy address belongs to the physical page: [ 60.546264] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c85d [ 60.553527] flags: 0x0(zone=0) [ 60.556610] page_type: f5(slab) [ 60.559814] raw: 00000000 cc85a100 00000122 00000000 00000000 800f000f f5000000 00000000 [ 60.567962] raw: 00000000 [ 60.570587] page dumped because: kasan: bad access detected [ 60.576202] [ 60.577697] Memory state around the buggy address: [ 60.582550] cc85cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.589111] cc85cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.595703] >cc85d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.602264] ^ [ 60.604827] cc85d080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 60.611389] cc85d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.617980] ==================================================================