Hay
Sign in
Date
June 17, 2025, 3:39 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   94.196236] ==================================================================
[   94.197713] BUG: KASAN: double-free in kmem_cache_double_free+0xe8/0x240
[   94.199070] Free of addr ffff0000c6102000 by task kunit_try_catch/195
[   94.200457] 
[   94.201050] CPU: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   94.202348] Hardware name: linux,dummy-virt (DT)
[   94.203281] Call trace:
[   94.203642]  dump_backtrace+0x9c/0x128
[   94.204843]  show_stack+0x20/0x38
[   94.205536]  dump_stack_lvl+0x60/0xb0
[   94.206397]  print_report+0xf8/0x5e8
[   94.207275]  kasan_report_invalid_free+0xc0/0xe8
[   94.208299]  __kasan_slab_free+0x134/0x170
[   94.209311]  kmem_cache_free+0x18c/0x3f8
[   94.210229]  kmem_cache_double_free+0xe8/0x240
[   94.211186]  kunit_try_run_case+0x114/0x298
[   94.212325]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   94.213470]  kthread+0x18c/0x1a8
[   94.214226]  ret_from_fork+0x10/0x20
[   94.215213] 
[   94.215640] Allocated by task 195:
[   94.216270]  kasan_save_stack+0x3c/0x68
[   94.217164]  kasan_set_track+0x2c/0x40
[   94.218016]  kasan_save_alloc_info+0x24/0x38
[   94.218927]  __kasan_slab_alloc+0xa8/0xb0
[   94.219839]  kmem_cache_alloc+0x138/0x330
[   94.220888]  kmem_cache_double_free+0xb8/0x240
[   94.221852]  kunit_try_run_case+0x114/0x298
[   94.222805]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   94.224130]  kthread+0x18c/0x1a8
[   94.224943]  ret_from_fork+0x10/0x20
[   94.225831] 
[   94.226295] Freed by task 195:
[   94.227294]  kasan_save_stack+0x3c/0x68
[   94.228275]  kasan_set_track+0x2c/0x40
[   94.229146]  kasan_save_free_info+0x38/0x60
[   94.230022]  __kasan_slab_free+0x100/0x170
[   94.230914]  kmem_cache_free+0x18c/0x3f8
[   94.231461]  kmem_cache_double_free+0xd4/0x240
[   94.232688]  kunit_try_run_case+0x114/0x298
[   94.233607]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   94.234672]  kthread+0x18c/0x1a8
[   94.235607]  ret_from_fork+0x10/0x20
[   94.236502] 
[   94.236984] The buggy address belongs to the object at ffff0000c6102000
[   94.236984]  which belongs to the cache test_cache of size 200
[   94.238478] The buggy address is located 0 bytes inside of
[   94.238478]  200-byte region [ffff0000c6102000, ffff0000c61020c8)
[   94.240180] 
[   94.240572] The buggy address belongs to the physical page:
[   94.241273] page:0000000082e9616c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106102
[   94.243018] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[   94.244286] page_type: 0xffffffff()
[   94.245138] raw: 0bfffc0000000800 ffff0000c5437c80 dead000000000122 0000000000000000
[   94.246354] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[   94.247518] page dumped because: kasan: bad access detected
[   94.248324] 
[   94.248806] Memory state around the buggy address:
[   94.249738]  ffff0000c6101f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.251149]  ffff0000c6101f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.252298] >ffff0000c6102000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.253440]                    ^
[   94.254141]  ffff0000c6102080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   94.255057]  ffff0000c6102100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.255551] ==================================================================
Metadata Full log Test run details 

[   35.270064] ==================================================================
[   35.271924] BUG: KASAN: double-free in kmem_cache_double_free+0xeb/0x250
[   35.272371] Free of addr ffff88810286f000 by task kunit_try_catch/210
[   35.273133] 
[   35.273351] CPU: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   35.274220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   35.275222] Call Trace:
[   35.275624]  <TASK>
[   35.275957]  dump_stack_lvl+0x4e/0x90
[   35.276511]  print_report+0xd2/0x650
[   35.277007]  ? __virt_addr_valid+0x156/0x1e0
[   35.277714]  ? kasan_complete_mode_report_info+0x64/0x200
[   35.278219]  ? kmem_cache_double_free+0xeb/0x250
[   35.278757]  kasan_report_invalid_free+0xfd/0x120
[   35.279310]  ? kmem_cache_double_free+0xeb/0x250
[   35.279923]  ? kmem_cache_double_free+0xeb/0x250
[   35.280179]  ____kasan_slab_free+0x19c/0x1d0
[   35.280566]  ? kmem_cache_double_free+0xeb/0x250
[   35.281160]  __kasan_slab_free+0x16/0x20
[   35.281942]  kmem_cache_free+0x1a7/0x4b0
[   35.282483]  kmem_cache_double_free+0xeb/0x250
[   35.283006]  ? __pfx_kmem_cache_double_free+0x10/0x10
[   35.283652]  ? __schedule+0x715/0x11a0
[   35.283978]  ? ktime_get_ts64+0x118/0x140
[   35.284226]  kunit_try_run_case+0x120/0x290
[   35.284700]  ? __pfx_kunit_try_run_case+0x10/0x10
[   35.285233]  ? __kasan_check_write+0x18/0x20
[   35.286057]  ? trace_preempt_on+0x20/0xa0
[   35.286609]  ? __kthread_parkme+0x4f/0xd0
[   35.287108]  ? preempt_count_sub+0x50/0x80
[   35.287652]  ? __pfx_kunit_try_run_case+0x10/0x10
[   35.288193]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   35.288643]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   35.288950]  kthread+0x19e/0x1e0
[   35.289167]  ? __pfx_kthread+0x10/0x10
[   35.289779]  ret_from_fork+0x41/0x70
[   35.290263]  ? __pfx_kthread+0x10/0x10
[   35.290824]  ret_from_fork_asm+0x1b/0x30
[   35.291320]  </TASK>
[   35.291674] 
[   35.291920] Allocated by task 210:
[   35.292293]  kasan_save_stack+0x44/0x70
[   35.292828]  kasan_set_track+0x29/0x40
[   35.293274]  kasan_save_alloc_info+0x22/0x30
[   35.294167]  __kasan_slab_alloc+0x91/0xa0
[   35.294811]  kmem_cache_alloc+0x186/0x3b0
[   35.295292]  kmem_cache_double_free+0xba/0x250
[   35.295735]  kunit_try_run_case+0x120/0x290
[   35.295993]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   35.296264]  kthread+0x19e/0x1e0
[   35.296695]  ret_from_fork+0x41/0x70
[   35.297124]  ret_from_fork_asm+0x1b/0x30
[   35.297928] 
[   35.298136] Freed by task 210:
[   35.298551]  kasan_save_stack+0x44/0x70
[   35.299074]  kasan_set_track+0x29/0x40
[   35.299590]  kasan_save_free_info+0x2f/0x50
[   35.300164]  ____kasan_slab_free+0x172/0x1d0
[   35.300548]  __kasan_slab_free+0x16/0x20
[   35.301042]  kmem_cache_free+0x1a7/0x4b0
[   35.301274]  kmem_cache_double_free+0xd1/0x250
[   35.302207]  kunit_try_run_case+0x120/0x290
[   35.302820]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   35.303288]  kthread+0x19e/0x1e0
[   35.303745]  ret_from_fork+0x41/0x70
[   35.304194]  ret_from_fork_asm+0x1b/0x30
[   35.304551] 
[   35.304662] The buggy address belongs to the object at ffff88810286f000
[   35.304662]  which belongs to the cache test_cache of size 200
[   35.306276] The buggy address is located 0 bytes inside of
[   35.306276]  200-byte region [ffff88810286f000, ffff88810286f0c8)
[   35.307255] 
[   35.307381] The buggy address belongs to the physical page:
[   35.308071] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10286f
[   35.309111] flags: 0x200000000000800(slab|node=0|zone=2)
[   35.309876] page_type: 0xffffffff()
[   35.310091] raw: 0200000000000800 ffff8881017ab500 dead000000000122 0000000000000000
[   35.310610] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[   35.311501] page dumped because: kasan: bad access detected
[   35.312103] 
[   35.312297] Memory state around the buggy address:
[   35.312940]  ffff88810286ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.314070]  ffff88810286ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.314879] >ffff88810286f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.315198]                    ^
[   35.315384]  ffff88810286f080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   35.316240]  ffff88810286f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.317055] ==================================================================
Metadata Full log Test run details