Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 50.696627] ================================================================== [ 50.696807] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 50.696933] Free of addr ffff000802458000 by task kunit_try_catch/290 [ 50.698339] [ 50.699827] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 50.699886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.699905] Hardware name: WinLink E850-96 board (DT) [ 50.699927] Call trace: [ 50.699941] show_stack+0x20/0x38 (C) [ 50.699977] dump_stack_lvl+0x8c/0xd0 [ 50.700011] print_report+0x118/0x5d0 [ 50.700041] kasan_report_invalid_free+0xc0/0xe8 [ 50.700072] check_slab_allocation+0xd4/0x108 [ 50.700110] __kasan_slab_pre_free+0x2c/0x48 [ 50.700143] kmem_cache_free+0xf0/0x468 [ 50.700177] kmem_cache_double_free+0x190/0x3c8 [ 50.700208] kunit_try_run_case+0x170/0x3f0 [ 50.700240] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.700275] kthread+0x328/0x630 [ 50.700303] ret_from_fork+0x10/0x20 [ 50.700342] [ 50.772906] Allocated by task 290: [ 50.776292] kasan_save_stack+0x3c/0x68 [ 50.780108] kasan_save_track+0x20/0x40 [ 50.783928] kasan_save_alloc_info+0x40/0x58 [ 50.788181] __kasan_slab_alloc+0xa8/0xb0 [ 50.792174] kmem_cache_alloc_noprof+0x10c/0x398 [ 50.796775] kmem_cache_double_free+0x12c/0x3c8 [ 50.801289] kunit_try_run_case+0x170/0x3f0 [ 50.805455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.810924] kthread+0x328/0x630 [ 50.814135] ret_from_fork+0x10/0x20 [ 50.817694] [ 50.819170] Freed by task 290: [ 50.822208] kasan_save_stack+0x3c/0x68 [ 50.826027] kasan_save_track+0x20/0x40 [ 50.829847] kasan_save_free_info+0x4c/0x78 [ 50.834014] __kasan_slab_free+0x6c/0x98 [ 50.837920] kmem_cache_free+0x260/0x468 [ 50.841826] kmem_cache_double_free+0x140/0x3c8 [ 50.846340] kunit_try_run_case+0x170/0x3f0 [ 50.850507] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.855975] kthread+0x328/0x630 [ 50.859187] ret_from_fork+0x10/0x20 [ 50.862746] [ 50.864223] The buggy address belongs to the object at ffff000802458000 [ 50.864223] which belongs to the cache test_cache of size 200 [ 50.876638] The buggy address is located 0 bytes inside of [ 50.876638] 200-byte region [ffff000802458000, ffff0008024580c8) [ 50.888180] [ 50.889659] The buggy address belongs to the physical page: [ 50.895215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882458 [ 50.903199] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.910839] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 50.917781] page_type: f5(slab) [ 50.920918] raw: 0bfffe0000000040 ffff000802435e00 dead000000000122 0000000000000000 [ 50.928637] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 50.936365] head: 0bfffe0000000040 ffff000802435e00 dead000000000122 0000000000000000 [ 50.944175] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 50.951988] head: 0bfffe0000000001 fffffdffe0091601 00000000ffffffff 00000000ffffffff [ 50.959800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 50.967607] page dumped because: kasan: bad access detected [ 50.973161] [ 50.974638] Memory state around the buggy address: [ 50.979416] ffff000802457f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.986619] ffff000802457f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.993826] >ffff000802458000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.001025] ^ [ 51.004241] ffff000802458080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 51.011446] ffff000802458100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.018648] ==================================================================
[ 31.222850] ================================================================== [ 31.223221] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 31.223536] Free of addr fff00000c6526000 by task kunit_try_catch/241 [ 31.223642] [ 31.223687] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 31.223779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.223916] Hardware name: linux,dummy-virt (DT) [ 31.223948] Call trace: [ 31.223972] show_stack+0x20/0x38 (C) [ 31.224025] dump_stack_lvl+0x8c/0xd0 [ 31.224084] print_report+0x118/0x5d0 [ 31.224308] kasan_report_invalid_free+0xc0/0xe8 [ 31.224465] check_slab_allocation+0xd4/0x108 [ 31.224515] __kasan_slab_pre_free+0x2c/0x48 [ 31.224565] kmem_cache_free+0xf0/0x468 [ 31.224613] kmem_cache_double_free+0x190/0x3c8 [ 31.224662] kunit_try_run_case+0x170/0x3f0 [ 31.224957] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.225220] kthread+0x328/0x630 [ 31.225301] ret_from_fork+0x10/0x20 [ 31.225352] [ 31.225370] Allocated by task 241: [ 31.225402] kasan_save_stack+0x3c/0x68 [ 31.225454] kasan_save_track+0x20/0x40 [ 31.225678] kasan_save_alloc_info+0x40/0x58 [ 31.225823] __kasan_slab_alloc+0xa8/0xb0 [ 31.225858] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.225900] kmem_cache_double_free+0x12c/0x3c8 [ 31.226123] kunit_try_run_case+0x170/0x3f0 [ 31.226182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.226233] kthread+0x328/0x630 [ 31.226368] ret_from_fork+0x10/0x20 [ 31.226403] [ 31.226421] Freed by task 241: [ 31.226507] kasan_save_stack+0x3c/0x68 [ 31.226547] kasan_save_track+0x20/0x40 [ 31.226586] kasan_save_free_info+0x4c/0x78 [ 31.226634] __kasan_slab_free+0x6c/0x98 [ 31.226675] kmem_cache_free+0x260/0x468 [ 31.226714] kmem_cache_double_free+0x140/0x3c8 [ 31.226757] kunit_try_run_case+0x170/0x3f0 [ 31.227024] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.227090] kthread+0x328/0x630 [ 31.227126] ret_from_fork+0x10/0x20 [ 31.227162] [ 31.227193] The buggy address belongs to the object at fff00000c6526000 [ 31.227193] which belongs to the cache test_cache of size 200 [ 31.227254] The buggy address is located 0 bytes inside of [ 31.227254] 200-byte region [fff00000c6526000, fff00000c65260c8) [ 31.227616] [ 31.227722] The buggy address belongs to the physical page: [ 31.227763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106526 [ 31.227855] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.227993] page_type: f5(slab) [ 31.228068] raw: 0bfffe0000000000 fff00000c5c5c8c0 dead000000000122 0000000000000000 [ 31.228189] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.228383] page dumped because: kasan: bad access detected [ 31.228462] [ 31.228522] Memory state around the buggy address: [ 31.228555] fff00000c6525f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.228643] fff00000c6525f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.228690] >fff00000c6526000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.228729] ^ [ 31.228756] fff00000c6526080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 31.228798] fff00000c6526100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.228864] ==================================================================
[ 24.726668] ================================================================== [ 24.727153] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.727599] Free of addr ffff888105917000 by task kunit_try_catch/257 [ 24.728056] [ 24.728587] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.728650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.728700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.728725] Call Trace: [ 24.728742] <TASK> [ 24.728771] dump_stack_lvl+0x73/0xb0 [ 24.728812] print_report+0xd1/0x610 [ 24.728840] ? __virt_addr_valid+0x1db/0x2d0 [ 24.728873] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.728904] ? kmem_cache_double_free+0x1e5/0x480 [ 24.728934] kasan_report_invalid_free+0x10a/0x130 [ 24.728963] ? kmem_cache_double_free+0x1e5/0x480 [ 24.728995] ? kmem_cache_double_free+0x1e5/0x480 [ 24.729025] check_slab_allocation+0x101/0x130 [ 24.729052] __kasan_slab_pre_free+0x28/0x40 [ 24.729077] kmem_cache_free+0xed/0x420 [ 24.729102] ? kasan_save_track+0x18/0x40 [ 24.729126] ? kasan_save_stack+0x45/0x70 [ 24.729149] ? kmem_cache_double_free+0x1e5/0x480 [ 24.729178] ? __kasan_slab_free+0x61/0x70 [ 24.729205] kmem_cache_double_free+0x1e5/0x480 [ 24.729234] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.729262] ? finish_task_switch.isra.0+0x153/0x700 [ 24.729289] ? __switch_to+0x47/0xf80 [ 24.729328] ? __pfx_read_tsc+0x10/0x10 [ 24.729355] ? ktime_get_ts64+0x86/0x230 [ 24.729388] kunit_try_run_case+0x1a5/0x480 [ 24.729419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729445] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.729473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.729500] ? __kthread_parkme+0x82/0x180 [ 24.729536] ? preempt_count_sub+0x50/0x80 [ 24.729568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.729795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.729828] kthread+0x337/0x6f0 [ 24.729854] ? trace_preempt_on+0x20/0xc0 [ 24.729886] ? __pfx_kthread+0x10/0x10 [ 24.729913] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.729943] ? calculate_sigpending+0x7b/0xa0 [ 24.729973] ? __pfx_kthread+0x10/0x10 [ 24.730000] ret_from_fork+0x116/0x1d0 [ 24.730024] ? __pfx_kthread+0x10/0x10 [ 24.730050] ret_from_fork_asm+0x1a/0x30 [ 24.730092] </TASK> [ 24.730104] [ 24.748476] Allocated by task 257: [ 24.748651] kasan_save_stack+0x45/0x70 [ 24.749377] kasan_save_track+0x18/0x40 [ 24.749918] kasan_save_alloc_info+0x3b/0x50 [ 24.750533] __kasan_slab_alloc+0x91/0xa0 [ 24.750693] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.751307] kmem_cache_double_free+0x14f/0x480 [ 24.751680] kunit_try_run_case+0x1a5/0x480 [ 24.752045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.752295] kthread+0x337/0x6f0 [ 24.752452] ret_from_fork+0x116/0x1d0 [ 24.752648] ret_from_fork_asm+0x1a/0x30 [ 24.752791] [ 24.752862] Freed by task 257: [ 24.752973] kasan_save_stack+0x45/0x70 [ 24.753110] kasan_save_track+0x18/0x40 [ 24.753248] kasan_save_free_info+0x3f/0x60 [ 24.753397] __kasan_slab_free+0x56/0x70 [ 24.753753] kmem_cache_free+0x249/0x420 [ 24.753909] kmem_cache_double_free+0x16a/0x480 [ 24.754068] kunit_try_run_case+0x1a5/0x480 [ 24.754217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.754395] kthread+0x337/0x6f0 [ 24.754540] ret_from_fork+0x116/0x1d0 [ 24.755237] ret_from_fork_asm+0x1a/0x30 [ 24.755442] [ 24.755515] The buggy address belongs to the object at ffff888105917000 [ 24.755515] which belongs to the cache test_cache of size 200 [ 24.756903] The buggy address is located 0 bytes inside of [ 24.756903] 200-byte region [ffff888105917000, ffff8881059170c8) [ 24.757793] [ 24.757895] The buggy address belongs to the physical page: [ 24.758133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105917 [ 24.758464] flags: 0x200000000000000(node=0|zone=2) [ 24.759066] page_type: f5(slab) [ 24.759564] raw: 0200000000000000 ffff888101742a00 dead000000000122 0000000000000000 [ 24.759908] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.760537] page dumped because: kasan: bad access detected [ 24.760849] [ 24.760942] Memory state around the buggy address: [ 24.761151] ffff888105916f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.761444] ffff888105916f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.762244] >ffff888105917000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.762884] ^ [ 24.763050] ffff888105917080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.763346] ffff888105917100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.764039] ==================================================================