Hay
Sign in
Date
July 10, 2025, 9:07 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   30.241616] ==================================================================
[   30.241885] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8
[   30.242622] Free of addr fff00000c99aa000 by task kunit_try_catch/240
[   30.242670] 
[   30.243108] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   30.243716] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.243760] Hardware name: linux,dummy-virt (DT)
[   30.243883] Call trace:
[   30.244007]  show_stack+0x20/0x38 (C)
[   30.244347]  dump_stack_lvl+0x8c/0xd0
[   30.244538]  print_report+0x118/0x5d0
[   30.244593]  kasan_report_invalid_free+0xc0/0xe8
[   30.245060]  check_slab_allocation+0xd4/0x108
[   30.245285]  __kasan_slab_pre_free+0x2c/0x48
[   30.245344]  kmem_cache_free+0xf0/0x468
[   30.245715]  kmem_cache_double_free+0x190/0x3c8
[   30.246097]  kunit_try_run_case+0x170/0x3f0
[   30.246432]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.246731]  kthread+0x328/0x630
[   30.246787]  ret_from_fork+0x10/0x20
[   30.247142] 
[   30.247174] Allocated by task 240:
[   30.247324]  kasan_save_stack+0x3c/0x68
[   30.247377]  kasan_save_track+0x20/0x40
[   30.247441]  kasan_save_alloc_info+0x40/0x58
[   30.247647]  __kasan_slab_alloc+0xa8/0xb0
[   30.247820]  kmem_cache_alloc_noprof+0x10c/0x398
[   30.248052]  kmem_cache_double_free+0x12c/0x3c8
[   30.248095]  kunit_try_run_case+0x170/0x3f0
[   30.248439]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.248623]  kthread+0x328/0x630
[   30.248661]  ret_from_fork+0x10/0x20
[   30.248698] 
[   30.248914] Freed by task 240:
[   30.249194]  kasan_save_stack+0x3c/0x68
[   30.249259]  kasan_save_track+0x20/0x40
[   30.249448]  kasan_save_free_info+0x4c/0x78
[   30.249487]  __kasan_slab_free+0x6c/0x98
[   30.249694]  kmem_cache_free+0x260/0x468
[   30.249842]  kmem_cache_double_free+0x140/0x3c8
[   30.250249]  kunit_try_run_case+0x170/0x3f0
[   30.250301]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.250357]  kthread+0x328/0x630
[   30.250389]  ret_from_fork+0x10/0x20
[   30.250426] 
[   30.250445] The buggy address belongs to the object at fff00000c99aa000
[   30.250445]  which belongs to the cache test_cache of size 200
[   30.251161] The buggy address is located 0 bytes inside of
[   30.251161]  200-byte region [fff00000c99aa000, fff00000c99aa0c8)
[   30.251233] 
[   30.251264] The buggy address belongs to the physical page:
[   30.251309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099aa
[   30.251469] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.251548] page_type: f5(slab)
[   30.251591] raw: 0bfffe0000000000 fff00000c582f8c0 dead000000000122 0000000000000000
[   30.251990] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   30.252102] page dumped because: kasan: bad access detected
[   30.252386] 
[   30.252693] Memory state around the buggy address:
[   30.252729]  fff00000c99a9f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.253052]  fff00000c99a9f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.253119] >fff00000c99aa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.253323]                    ^
[   30.253455]  fff00000c99aa080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   30.253559]  fff00000c99aa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.253613] ==================================================================
Metadata Full log Test run details 

[   25.768776] ==================================================================
[   25.769345] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480
[   25.770180] Free of addr ffff888104397000 by task kunit_try_catch/257
[   25.770653] 
[   25.770777] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   25.771045] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.771059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.771083] Call Trace:
[   25.771098]  <TASK>
[   25.771119]  dump_stack_lvl+0x73/0xb0
[   25.771154]  print_report+0xd1/0x610
[   25.771178]  ? __virt_addr_valid+0x1db/0x2d0
[   25.771205]  ? kasan_complete_mode_report_info+0x64/0x200
[   25.771230]  ? kmem_cache_double_free+0x1e5/0x480
[   25.771255]  kasan_report_invalid_free+0x10a/0x130
[   25.771278]  ? kmem_cache_double_free+0x1e5/0x480
[   25.771303]  ? kmem_cache_double_free+0x1e5/0x480
[   25.771326]  check_slab_allocation+0x101/0x130
[   25.771347]  __kasan_slab_pre_free+0x28/0x40
[   25.771367]  kmem_cache_free+0xed/0x420
[   25.771392]  ? kmem_cache_alloc_noprof+0x123/0x3f0
[   25.771416]  ? kmem_cache_double_free+0x1e5/0x480
[   25.771442]  kmem_cache_double_free+0x1e5/0x480
[   25.771465]  ? __pfx_kmem_cache_double_free+0x10/0x10
[   25.771504]  ? finish_task_switch.isra.0+0x153/0x700
[   25.771528]  ? __switch_to+0x47/0xf80
[   25.771558]  ? __pfx_read_tsc+0x10/0x10
[   25.771580]  ? ktime_get_ts64+0x86/0x230
[   25.771606]  kunit_try_run_case+0x1a5/0x480
[   25.771629]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.771649]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.771673]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.771696]  ? __kthread_parkme+0x82/0x180
[   25.771729]  ? preempt_count_sub+0x50/0x80
[   25.771751]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.771772]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.771808]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.771834]  kthread+0x337/0x6f0
[   25.771861]  ? trace_preempt_on+0x20/0xc0
[   25.771885]  ? __pfx_kthread+0x10/0x10
[   25.771905]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.771926]  ? calculate_sigpending+0x7b/0xa0
[   25.771951]  ? __pfx_kthread+0x10/0x10
[   25.771975]  ret_from_fork+0x116/0x1d0
[   25.771994]  ? __pfx_kthread+0x10/0x10
[   25.772015]  ret_from_fork_asm+0x1a/0x30
[   25.772046]  </TASK>
[   25.772059] 
[   25.784601] Allocated by task 257:
[   25.785015]  kasan_save_stack+0x45/0x70
[   25.785339]  kasan_save_track+0x18/0x40
[   25.785648]  kasan_save_alloc_info+0x3b/0x50
[   25.786069]  __kasan_slab_alloc+0x91/0xa0
[   25.786391]  kmem_cache_alloc_noprof+0x123/0x3f0
[   25.786846]  kmem_cache_double_free+0x14f/0x480
[   25.787229]  kunit_try_run_case+0x1a5/0x480
[   25.787416]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.787779]  kthread+0x337/0x6f0
[   25.788242]  ret_from_fork+0x116/0x1d0
[   25.788630]  ret_from_fork_asm+0x1a/0x30
[   25.788878] 
[   25.788975] Freed by task 257:
[   25.789092]  kasan_save_stack+0x45/0x70
[   25.789598]  kasan_save_track+0x18/0x40
[   25.790036]  kasan_save_free_info+0x3f/0x60
[   25.790247]  __kasan_slab_free+0x56/0x70
[   25.790538]  kmem_cache_free+0x249/0x420
[   25.791003]  kmem_cache_double_free+0x16a/0x480
[   25.791199]  kunit_try_run_case+0x1a5/0x480
[   25.791398]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.791873]  kthread+0x337/0x6f0
[   25.792055]  ret_from_fork+0x116/0x1d0
[   25.792243]  ret_from_fork_asm+0x1a/0x30
[   25.792417] 
[   25.792830] The buggy address belongs to the object at ffff888104397000
[   25.792830]  which belongs to the cache test_cache of size 200
[   25.793300] The buggy address is located 0 bytes inside of
[   25.793300]  200-byte region [ffff888104397000, ffff8881043970c8)
[   25.793878] 
[   25.794088] The buggy address belongs to the physical page:
[   25.794443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104397
[   25.794910] flags: 0x200000000000000(node=0|zone=2)
[   25.795088] page_type: f5(slab)
[   25.795267] raw: 0200000000000000 ffff888101d98a00 dead000000000122 0000000000000000
[   25.795806] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   25.796105] page dumped because: kasan: bad access detected
[   25.796326] 
[   25.796401] Memory state around the buggy address:
[   25.797048]  ffff888104396f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.797459]  ffff888104396f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.798016] >ffff888104397000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.798390]                    ^
[   25.798528]  ffff888104397080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   25.799091]  ffff888104397100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.799368] ==================================================================
Metadata Full log Test run details