Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 49.461016] ================================================================== [ 49.461202] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 49.461328] Free of addr ffff000801b6a000 by task kunit_try_catch/293 [ 49.462731] [ 49.464219] CPU: 4 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 49.464278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 49.464296] Hardware name: WinLink E850-96 board (DT) [ 49.464319] Call trace: [ 49.464335] show_stack+0x20/0x38 (C) [ 49.464374] dump_stack_lvl+0x8c/0xd0 [ 49.464409] print_report+0x118/0x5d0 [ 49.464439] kasan_report_invalid_free+0xc0/0xe8 [ 49.464470] check_slab_allocation+0xd4/0x108 [ 49.464509] __kasan_slab_pre_free+0x2c/0x48 [ 49.464543] kmem_cache_free+0xf0/0x468 [ 49.464581] kmem_cache_double_free+0x190/0x3c8 [ 49.464616] kunit_try_run_case+0x170/0x3f0 [ 49.464653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 49.464687] kthread+0x328/0x630 [ 49.464718] ret_from_fork+0x10/0x20 [ 49.464755] [ 49.537296] Allocated by task 293: [ 49.540684] kasan_save_stack+0x3c/0x68 [ 49.544499] kasan_save_track+0x20/0x40 [ 49.548319] kasan_save_alloc_info+0x40/0x58 [ 49.552572] __kasan_slab_alloc+0xa8/0xb0 [ 49.556565] kmem_cache_alloc_noprof+0x10c/0x398 [ 49.561166] kmem_cache_double_free+0x12c/0x3c8 [ 49.565680] kunit_try_run_case+0x170/0x3f0 [ 49.569846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 49.575315] kthread+0x328/0x630 [ 49.578527] ret_from_fork+0x10/0x20 [ 49.582086] [ 49.583563] Freed by task 293: [ 49.586600] kasan_save_stack+0x3c/0x68 [ 49.590419] kasan_save_track+0x20/0x40 [ 49.594240] kasan_save_free_info+0x4c/0x78 [ 49.598405] __kasan_slab_free+0x6c/0x98 [ 49.602311] kmem_cache_free+0x260/0x468 [ 49.606217] kmem_cache_double_free+0x140/0x3c8 [ 49.610731] kunit_try_run_case+0x170/0x3f0 [ 49.614898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 49.620366] kthread+0x328/0x630 [ 49.623578] ret_from_fork+0x10/0x20 [ 49.627137] [ 49.628612] The buggy address belongs to the object at ffff000801b6a000 [ 49.628612] which belongs to the cache test_cache of size 200 [ 49.641029] The buggy address is located 0 bytes inside of [ 49.641029] 200-byte region [ffff000801b6a000, ffff000801b6a0c8) [ 49.652571] [ 49.654050] The buggy address belongs to the physical page: [ 49.659607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b6a [ 49.667590] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 49.675230] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 49.682174] page_type: f5(slab) [ 49.685310] raw: 0bfffe0000000040 ffff000801b483c0 dead000000000122 0000000000000000 [ 49.693028] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 49.700756] head: 0bfffe0000000040 ffff000801b483c0 dead000000000122 0000000000000000 [ 49.708566] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 49.716379] head: 0bfffe0000000001 fffffdffe006da81 00000000ffffffff 00000000ffffffff [ 49.724191] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 49.731998] page dumped because: kasan: bad access detected [ 49.737552] [ 49.739027] Memory state around the buggy address: [ 49.743809] ffff000801b69f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.751012] ffff000801b69f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.758220] >ffff000801b6a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.765416] ^ [ 49.768632] ffff000801b6a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 49.775836] ffff000801b6a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.783041] ==================================================================
[ 30.268041] ================================================================== [ 30.268679] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 30.268916] Free of addr fff00000c9b84000 by task kunit_try_catch/240 [ 30.269075] [ 30.269121] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 30.269208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.269235] Hardware name: linux,dummy-virt (DT) [ 30.269269] Call trace: [ 30.269295] show_stack+0x20/0x38 (C) [ 30.269384] dump_stack_lvl+0x8c/0xd0 [ 30.269435] print_report+0x118/0x5d0 [ 30.269480] kasan_report_invalid_free+0xc0/0xe8 [ 30.269526] check_slab_allocation+0xd4/0x108 [ 30.269575] __kasan_slab_pre_free+0x2c/0x48 [ 30.269630] kmem_cache_free+0xf0/0x468 [ 30.269733] kmem_cache_double_free+0x190/0x3c8 [ 30.269783] kunit_try_run_case+0x170/0x3f0 [ 30.269904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.270025] kthread+0x328/0x630 [ 30.270181] ret_from_fork+0x10/0x20 [ 30.270231] [ 30.270259] Allocated by task 240: [ 30.270373] kasan_save_stack+0x3c/0x68 [ 30.270415] kasan_save_track+0x20/0x40 [ 30.270464] kasan_save_alloc_info+0x40/0x58 [ 30.270502] __kasan_slab_alloc+0xa8/0xb0 [ 30.270540] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.270619] kmem_cache_double_free+0x12c/0x3c8 [ 30.270809] kunit_try_run_case+0x170/0x3f0 [ 30.270867] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.271011] kthread+0x328/0x630 [ 30.271044] ret_from_fork+0x10/0x20 [ 30.271132] [ 30.271151] Freed by task 240: [ 30.271238] kasan_save_stack+0x3c/0x68 [ 30.271289] kasan_save_track+0x20/0x40 [ 30.271332] kasan_save_free_info+0x4c/0x78 [ 30.271369] __kasan_slab_free+0x6c/0x98 [ 30.271407] kmem_cache_free+0x260/0x468 [ 30.271472] kmem_cache_double_free+0x140/0x3c8 [ 30.271510] kunit_try_run_case+0x170/0x3f0 [ 30.271589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.271780] kthread+0x328/0x630 [ 30.271900] ret_from_fork+0x10/0x20 [ 30.271937] [ 30.271956] The buggy address belongs to the object at fff00000c9b84000 [ 30.271956] which belongs to the cache test_cache of size 200 [ 30.272014] The buggy address is located 0 bytes inside of [ 30.272014] 200-byte region [fff00000c9b84000, fff00000c9b840c8) [ 30.272082] [ 30.272106] The buggy address belongs to the physical page: [ 30.272138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b84 [ 30.272224] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.272276] page_type: f5(slab) [ 30.272318] raw: 0bfffe0000000000 fff00000c5687500 dead000000000122 0000000000000000 [ 30.272367] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.272408] page dumped because: kasan: bad access detected [ 30.272439] [ 30.272456] Memory state around the buggy address: [ 30.272489] fff00000c9b83f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.272532] fff00000c9b83f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.272574] >fff00000c9b84000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.272612] ^ [ 30.272639] fff00000c9b84080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 30.272680] fff00000c9b84100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.272716] ==================================================================
[ 24.978173] ================================================================== [ 24.979274] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.979961] Free of addr ffff888105fef000 by task kunit_try_catch/258 [ 24.980165] [ 24.980260] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.980316] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.980329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.980353] Call Trace: [ 24.980367] <TASK> [ 24.980526] dump_stack_lvl+0x73/0xb0 [ 24.980563] print_report+0xd1/0x610 [ 24.980586] ? __virt_addr_valid+0x1db/0x2d0 [ 24.980612] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.980637] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980674] kasan_report_invalid_free+0x10a/0x130 [ 24.980698] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980722] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980745] check_slab_allocation+0x101/0x130 [ 24.980777] __kasan_slab_pre_free+0x28/0x40 [ 24.980797] kmem_cache_free+0xed/0x420 [ 24.980818] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.980854] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980879] kmem_cache_double_free+0x1e5/0x480 [ 24.980902] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.980925] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.981183] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.981216] kunit_try_run_case+0x1a5/0x480 [ 24.981247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.981267] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.981290] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.981313] ? __kthread_parkme+0x82/0x180 [ 24.981335] ? preempt_count_sub+0x50/0x80 [ 24.981358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.981380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.981405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.981430] kthread+0x337/0x6f0 [ 24.981449] ? trace_preempt_on+0x20/0xc0 [ 24.981475] ? __pfx_kthread+0x10/0x10 [ 24.981495] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.981517] ? calculate_sigpending+0x7b/0xa0 [ 24.981542] ? __pfx_kthread+0x10/0x10 [ 24.981563] ret_from_fork+0x116/0x1d0 [ 24.981583] ? __pfx_kthread+0x10/0x10 [ 24.981603] ret_from_fork_asm+0x1a/0x30 [ 24.981635] </TASK> [ 24.981646] [ 24.995484] Allocated by task 258: [ 24.995879] kasan_save_stack+0x45/0x70 [ 24.996091] kasan_save_track+0x18/0x40 [ 24.996243] kasan_save_alloc_info+0x3b/0x50 [ 24.996637] __kasan_slab_alloc+0x91/0xa0 [ 24.997034] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.997393] kmem_cache_double_free+0x14f/0x480 [ 24.997549] kunit_try_run_case+0x1a5/0x480 [ 24.997695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.998131] kthread+0x337/0x6f0 [ 24.998497] ret_from_fork+0x116/0x1d0 [ 24.998893] ret_from_fork_asm+0x1a/0x30 [ 24.999345] [ 24.999496] Freed by task 258: [ 24.999807] kasan_save_stack+0x45/0x70 [ 25.000205] kasan_save_track+0x18/0x40 [ 25.000654] kasan_save_free_info+0x3f/0x60 [ 25.001030] __kasan_slab_free+0x56/0x70 [ 25.001315] kmem_cache_free+0x249/0x420 [ 25.001720] kmem_cache_double_free+0x16a/0x480 [ 25.001987] kunit_try_run_case+0x1a5/0x480 [ 25.002437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.002968] kthread+0x337/0x6f0 [ 25.003085] ret_from_fork+0x116/0x1d0 [ 25.003228] ret_from_fork_asm+0x1a/0x30 [ 25.003614] [ 25.003792] The buggy address belongs to the object at ffff888105fef000 [ 25.003792] which belongs to the cache test_cache of size 200 [ 25.005181] The buggy address is located 0 bytes inside of [ 25.005181] 200-byte region [ffff888105fef000, ffff888105fef0c8) [ 25.006004] [ 25.006222] The buggy address belongs to the physical page: [ 25.006409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fef [ 25.007118] flags: 0x200000000000000(node=0|zone=2) [ 25.007616] page_type: f5(slab) [ 25.007918] raw: 0200000000000000 ffff888101a6adc0 dead000000000122 0000000000000000 [ 25.008670] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.009360] page dumped because: kasan: bad access detected [ 25.009773] [ 25.009839] Memory state around the buggy address: [ 25.009990] ffff888105feef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.010206] ffff888105feef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.010548] >ffff888105fef000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.011327] ^ [ 25.011676] ffff888105fef080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.012287] ffff888105fef100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.012752] ==================================================================