Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 45.927019] ================================================================== [ 45.937987] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 45.944882] Free of addr ffff0000952aa000 by task kunit_try_catch/318 [ 45.951410] [ 45.952945] CPU: 6 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 45.952982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 45.952991] Hardware name: Thundercomm Dragonboard 845c (DT) [ 45.953008] Call trace: [ 45.953016] show_stack+0x20/0x38 (C) [ 45.953038] dump_stack_lvl+0x8c/0xd0 [ 45.953060] print_report+0x118/0x608 [ 45.953079] kasan_report_invalid_free+0xc0/0xe8 [ 45.953099] check_slab_allocation+0xd4/0x108 [ 45.953119] __kasan_slab_pre_free+0x2c/0x48 [ 45.953138] kmem_cache_free+0xf0/0x468 [ 45.953160] kmem_cache_double_free+0x190/0x3c8 [ 45.953177] kunit_try_run_case+0x170/0x3f0 [ 45.953198] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.953220] kthread+0x328/0x630 [ 45.953235] ret_from_fork+0x10/0x20 [ 45.953256] [ 46.028107] Allocated by task 318: [ 46.031563] kasan_save_stack+0x3c/0x68 [ 46.035470] kasan_save_track+0x20/0x40 [ 46.039377] kasan_save_alloc_info+0x40/0x58 [ 46.043714] __kasan_slab_alloc+0xa8/0xb0 [ 46.047794] kmem_cache_alloc_noprof+0x10c/0x398 [ 46.052481] kmem_cache_double_free+0x12c/0x3c8 [ 46.057081] kunit_try_run_case+0x170/0x3f0 [ 46.061330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.066896] kthread+0x328/0x630 [ 46.070181] ret_from_fork+0x10/0x20 [ 46.073814] [ 46.075345] Freed by task 318: [ 46.078454] kasan_save_stack+0x3c/0x68 [ 46.082349] kasan_save_track+0x20/0x40 [ 46.086254] kasan_save_free_info+0x4c/0x78 [ 46.090504] __kasan_slab_free+0x6c/0x98 [ 46.094495] kmem_cache_free+0x260/0x468 [ 46.098488] kmem_cache_double_free+0x140/0x3c8 [ 46.103085] kunit_try_run_case+0x170/0x3f0 [ 46.107334] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.112901] kthread+0x328/0x630 [ 46.116182] ret_from_fork+0x10/0x20 [ 46.119815] [ 46.121339] The buggy address belongs to the object at ffff0000952aa000 [ 46.121339] which belongs to the cache test_cache of size 200 [ 46.133909] The buggy address is located 0 bytes inside of [ 46.133909] 200-byte region [ffff0000952aa000, ffff0000952aa0c8) [ 46.145601] [ 46.147136] The buggy address belongs to the physical page: [ 46.152781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1152aa [ 46.160886] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 46.168638] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 46.175695] page_type: f5(slab) [ 46.178902] raw: 0bfffe0000000040 ffff000087bc8dc0 dead000000000122 0000000000000000 [ 46.186743] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 46.194586] head: 0bfffe0000000040 ffff000087bc8dc0 dead000000000122 0000000000000000 [ 46.202514] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 46.210444] head: 0bfffe0000000001 fffffdffc254aa81 00000000ffffffff 00000000ffffffff [ 46.218373] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 46.226295] page dumped because: kasan: bad access detected [ 46.231937] [ 46.233459] Memory state around the buggy address: [ 46.238316] ffff0000952a9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.245635] ffff0000952a9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.252952] >ffff0000952aa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.260258] ^ [ 46.263539] ffff0000952aa080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 46.270848] ffff0000952aa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.278154] ==================================================================
[ 31.902999] ================================================================== [ 31.903082] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 31.903159] Free of addr fff00000c9aae000 by task kunit_try_catch/241 [ 31.903204] [ 31.903250] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.903338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.903365] Hardware name: linux,dummy-virt (DT) [ 31.903399] Call trace: [ 31.903949] show_stack+0x20/0x38 (C) [ 31.904277] dump_stack_lvl+0x8c/0xd0 [ 31.904421] print_report+0x118/0x608 [ 31.904506] kasan_report_invalid_free+0xc0/0xe8 [ 31.904723] check_slab_allocation+0xd4/0x108 [ 31.904775] __kasan_slab_pre_free+0x2c/0x48 [ 31.904996] kmem_cache_free+0xf0/0x468 [ 31.905305] kmem_cache_double_free+0x190/0x3c8 [ 31.906034] kunit_try_run_case+0x170/0x3f0 [ 31.906143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.906208] kthread+0x328/0x630 [ 31.906252] ret_from_fork+0x10/0x20 [ 31.906751] [ 31.906793] Allocated by task 241: [ 31.907094] kasan_save_stack+0x3c/0x68 [ 31.907204] kasan_save_track+0x20/0x40 [ 31.907561] kasan_save_alloc_info+0x40/0x58 [ 31.907609] __kasan_slab_alloc+0xa8/0xb0 [ 31.907652] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.907694] kmem_cache_double_free+0x12c/0x3c8 [ 31.907737] kunit_try_run_case+0x170/0x3f0 [ 31.907779] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.907826] kthread+0x328/0x630 [ 31.907870] ret_from_fork+0x10/0x20 [ 31.907908] [ 31.907927] Freed by task 241: [ 31.907955] kasan_save_stack+0x3c/0x68 [ 31.908720] kasan_save_track+0x20/0x40 [ 31.908768] kasan_save_free_info+0x4c/0x78 [ 31.908809] __kasan_slab_free+0x6c/0x98 [ 31.908863] kmem_cache_free+0x260/0x468 [ 31.908900] kmem_cache_double_free+0x140/0x3c8 [ 31.908941] kunit_try_run_case+0x170/0x3f0 [ 31.908981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.909027] kthread+0x328/0x630 [ 31.909060] ret_from_fork+0x10/0x20 [ 31.909140] [ 31.909168] The buggy address belongs to the object at fff00000c9aae000 [ 31.909168] which belongs to the cache test_cache of size 200 [ 31.909904] The buggy address is located 0 bytes inside of [ 31.909904] 200-byte region [fff00000c9aae000, fff00000c9aae0c8) [ 31.910267] [ 31.910683] The buggy address belongs to the physical page: [ 31.910815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aae [ 31.911014] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.911116] page_type: f5(slab) [ 31.911163] raw: 0bfffe0000000000 fff00000c1c3ca00 dead000000000122 0000000000000000 [ 31.911216] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.911664] page dumped because: kasan: bad access detected [ 31.911702] [ 31.911733] Memory state around the buggy address: [ 31.911845] fff00000c9aadf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.911892] fff00000c9aadf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.912241] >fff00000c9aae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.912287] ^ [ 31.912458] fff00000c9aae080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 31.912685] fff00000c9aae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.912909] ==================================================================
[ 23.841631] ================================================================== [ 23.842077] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 23.842400] Free of addr ffff888105ac5000 by task kunit_try_catch/258 [ 23.843117] [ 23.843298] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.843348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.843360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.843382] Call Trace: [ 23.843393] <TASK> [ 23.843410] dump_stack_lvl+0x73/0xb0 [ 23.843540] print_report+0xd1/0x650 [ 23.843564] ? __virt_addr_valid+0x1db/0x2d0 [ 23.843588] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.843613] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843637] kasan_report_invalid_free+0x10a/0x130 [ 23.843660] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843685] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843709] check_slab_allocation+0x101/0x130 [ 23.843734] __kasan_slab_pre_free+0x28/0x40 [ 23.843754] kmem_cache_free+0xed/0x420 [ 23.843778] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.843801] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843827] kmem_cache_double_free+0x1e5/0x480 [ 23.843851] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 23.843874] ? finish_task_switch.isra.0+0x153/0x700 [ 23.843896] ? __switch_to+0x47/0xf50 [ 23.843930] ? __pfx_read_tsc+0x10/0x10 [ 23.843956] ? ktime_get_ts64+0x86/0x230 [ 23.843980] kunit_try_run_case+0x1a5/0x480 [ 23.844005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.844028] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.844049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.844075] ? __kthread_parkme+0x82/0x180 [ 23.844095] ? preempt_count_sub+0x50/0x80 [ 23.844117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.844159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.844193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.844217] kthread+0x337/0x6f0 [ 23.844237] ? trace_preempt_on+0x20/0xc0 [ 23.844259] ? __pfx_kthread+0x10/0x10 [ 23.844280] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.844303] ? calculate_sigpending+0x7b/0xa0 [ 23.844327] ? __pfx_kthread+0x10/0x10 [ 23.844348] ret_from_fork+0x116/0x1d0 [ 23.844368] ? __pfx_kthread+0x10/0x10 [ 23.844389] ret_from_fork_asm+0x1a/0x30 [ 23.844419] </TASK> [ 23.844431] [ 23.853747] Allocated by task 258: [ 23.853924] kasan_save_stack+0x45/0x70 [ 23.854109] kasan_save_track+0x18/0x40 [ 23.855371] kasan_save_alloc_info+0x3b/0x50 [ 23.855643] __kasan_slab_alloc+0x91/0xa0 [ 23.855804] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.856007] kmem_cache_double_free+0x14f/0x480 [ 23.856532] kunit_try_run_case+0x1a5/0x480 [ 23.856815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.857036] kthread+0x337/0x6f0 [ 23.857194] ret_from_fork+0x116/0x1d0 [ 23.857536] ret_from_fork_asm+0x1a/0x30 [ 23.857864] [ 23.857959] Freed by task 258: [ 23.858097] kasan_save_stack+0x45/0x70 [ 23.858560] kasan_save_track+0x18/0x40 [ 23.858933] kasan_save_free_info+0x3f/0x60 [ 23.859089] __kasan_slab_free+0x56/0x70 [ 23.859306] kmem_cache_free+0x249/0x420 [ 23.859724] kmem_cache_double_free+0x16a/0x480 [ 23.859925] kunit_try_run_case+0x1a5/0x480 [ 23.860134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.860343] kthread+0x337/0x6f0 [ 23.860807] ret_from_fork+0x116/0x1d0 [ 23.860979] ret_from_fork_asm+0x1a/0x30 [ 23.861386] [ 23.861494] The buggy address belongs to the object at ffff888105ac5000 [ 23.861494] which belongs to the cache test_cache of size 200 [ 23.862085] The buggy address is located 0 bytes inside of [ 23.862085] 200-byte region [ffff888105ac5000, ffff888105ac50c8) [ 23.862785] [ 23.862892] The buggy address belongs to the physical page: [ 23.863092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ac5 [ 23.863416] flags: 0x200000000000000(node=0|zone=2) [ 23.863839] page_type: f5(slab) [ 23.863993] raw: 0200000000000000 ffff888101248b40 dead000000000122 0000000000000000 [ 23.864373] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.864785] page dumped because: kasan: bad access detected [ 23.864963] [ 23.865056] Memory state around the buggy address: [ 23.865267] ffff888105ac4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.865589] ffff888105ac4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.865914] >ffff888105ac5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.866180] ^ [ 23.866315] ffff888105ac5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 23.866588] ffff888105ac5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.867144] ==================================================================