Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 17.968723] ================================================================== [ 17.968881] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 17.968987] Free of addr fff00000c6256120 by task kunit_try_catch/194 [ 17.969082] [ 17.969159] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.971463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.971585] Hardware name: linux,dummy-virt (DT) [ 17.971666] Call trace: [ 17.971753] show_stack+0x20/0x38 (C) [ 17.972186] dump_stack_lvl+0x8c/0xd0 [ 17.972306] print_report+0x118/0x608 [ 17.972647] kasan_report_invalid_free+0xc0/0xe8 [ 17.973207] check_slab_allocation+0xd4/0x108 [ 17.973422] __kasan_slab_pre_free+0x2c/0x48 [ 17.973617] kfree+0xe8/0x3c8 [ 17.973735] kfree_sensitive+0x3c/0xb0 [ 17.974025] kmalloc_double_kzfree+0x168/0x308 [ 17.974684] kunit_try_run_case+0x170/0x3f0 [ 17.975006] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.975343] kthread+0x328/0x630 [ 17.975460] ret_from_fork+0x10/0x20 [ 17.975563] [ 17.975600] Allocated by task 194: [ 17.975658] kasan_save_stack+0x3c/0x68 [ 17.975746] kasan_save_track+0x20/0x40 [ 17.976232] kasan_save_alloc_info+0x40/0x58 [ 17.976693] __kasan_kmalloc+0xd4/0xd8 [ 17.976797] __kmalloc_cache_noprof+0x15c/0x3c0 [ 17.977224] kmalloc_double_kzfree+0xb8/0x308 [ 17.977375] kunit_try_run_case+0x170/0x3f0 [ 17.977478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.977954] kthread+0x328/0x630 [ 17.978043] ret_from_fork+0x10/0x20 [ 17.978162] [ 17.978268] Freed by task 194: [ 17.978832] kasan_save_stack+0x3c/0x68 [ 17.978939] kasan_save_track+0x20/0x40 [ 17.979264] kasan_save_free_info+0x4c/0x78 [ 17.979607] __kasan_slab_free+0x6c/0x98 [ 17.979676] kfree+0x214/0x3c8 [ 17.979752] kfree_sensitive+0x80/0xb0 [ 17.980668] kmalloc_double_kzfree+0x11c/0x308 [ 17.981086] kunit_try_run_case+0x170/0x3f0 [ 17.981618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.982250] kthread+0x328/0x630 [ 17.982351] ret_from_fork+0x10/0x20 [ 17.982438] [ 17.982484] The buggy address belongs to the object at fff00000c6256120 [ 17.982484] which belongs to the cache kmalloc-16 of size 16 [ 17.983688] The buggy address is located 0 bytes inside of [ 17.983688] 16-byte region [fff00000c6256120, fff00000c6256130) [ 17.983883] [ 17.984471] The buggy address belongs to the physical page: [ 17.984599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106256 [ 17.985132] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.985477] page_type: f5(slab) [ 17.986216] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.986476] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.986591] page dumped because: kasan: bad access detected [ 17.986669] [ 17.987361] Memory state around the buggy address: [ 17.987749] fff00000c6256000: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.987846] fff00000c6256080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.987922] >fff00000c6256100: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 17.988000] ^ [ 17.988067] fff00000c6256180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.988809] fff00000c6256200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.989761] ==================================================================
[ 18.690311] ================================================================== [ 18.691268] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 18.692070] Free of addr ffff8881017113a0 by task kunit_try_catch/212 [ 18.692816] [ 18.693154] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 18.693282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.693318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.693640] Call Trace: [ 18.693736] <TASK> [ 18.693793] dump_stack_lvl+0x73/0xb0 [ 18.693873] print_report+0xd1/0x650 [ 18.693952] ? __virt_addr_valid+0x1db/0x2d0 [ 18.694024] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.694094] ? kfree_sensitive+0x2e/0x90 [ 18.694167] kasan_report_invalid_free+0x10a/0x130 [ 18.694230] ? kfree_sensitive+0x2e/0x90 [ 18.694264] ? kfree_sensitive+0x2e/0x90 [ 18.694293] check_slab_allocation+0x101/0x130 [ 18.694325] __kasan_slab_pre_free+0x28/0x40 [ 18.694356] kfree+0xf0/0x3f0 [ 18.694383] ? kfree_sensitive+0x2e/0x90 [ 18.694415] kfree_sensitive+0x2e/0x90 [ 18.694567] kmalloc_double_kzfree+0x19c/0x350 [ 18.694634] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 18.694698] ? __schedule+0x10cc/0x2b30 [ 18.694757] ? __pfx_read_tsc+0x10/0x10 [ 18.694809] ? ktime_get_ts64+0x86/0x230 [ 18.694873] kunit_try_run_case+0x1a5/0x480 [ 18.694934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.694987] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.695045] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.695110] ? __kthread_parkme+0x82/0x180 [ 18.695176] ? preempt_count_sub+0x50/0x80 [ 18.695247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.695362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.695408] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.695770] kthread+0x337/0x6f0 [ 18.695811] ? trace_preempt_on+0x20/0xc0 [ 18.695846] ? __pfx_kthread+0x10/0x10 [ 18.695879] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.695912] ? calculate_sigpending+0x7b/0xa0 [ 18.695942] ? __pfx_kthread+0x10/0x10 [ 18.695974] ret_from_fork+0x41/0x80 [ 18.696004] ? __pfx_kthread+0x10/0x10 [ 18.696036] ret_from_fork_asm+0x1a/0x30 [ 18.696078] </TASK> [ 18.696091] [ 18.719599] Allocated by task 212: [ 18.720123] kasan_save_stack+0x45/0x70 [ 18.721202] kasan_save_track+0x18/0x40 [ 18.721679] kasan_save_alloc_info+0x3b/0x50 [ 18.722037] __kasan_kmalloc+0xb7/0xc0 [ 18.722424] __kmalloc_cache_noprof+0x189/0x420 [ 18.722905] kmalloc_double_kzfree+0xa9/0x350 [ 18.723278] kunit_try_run_case+0x1a5/0x480 [ 18.724982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.725850] kthread+0x337/0x6f0 [ 18.726180] ret_from_fork+0x41/0x80 [ 18.726555] ret_from_fork_asm+0x1a/0x30 [ 18.727684] [ 18.728121] Freed by task 212: [ 18.728262] kasan_save_stack+0x45/0x70 [ 18.728436] kasan_save_track+0x18/0x40 [ 18.729446] kasan_save_free_info+0x3f/0x60 [ 18.729806] __kasan_slab_free+0x56/0x70 [ 18.730661] kfree+0x222/0x3f0 [ 18.731009] kfree_sensitive+0x67/0x90 [ 18.731347] kmalloc_double_kzfree+0x12b/0x350 [ 18.732081] kunit_try_run_case+0x1a5/0x480 [ 18.732421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.733309] kthread+0x337/0x6f0 [ 18.733890] ret_from_fork+0x41/0x80 [ 18.734830] ret_from_fork_asm+0x1a/0x30 [ 18.735769] [ 18.736355] The buggy address belongs to the object at ffff8881017113a0 [ 18.736355] which belongs to the cache kmalloc-16 of size 16 [ 18.737908] The buggy address is located 0 bytes inside of [ 18.737908] 16-byte region [ffff8881017113a0, ffff8881017113b0) [ 18.739222] [ 18.739411] The buggy address belongs to the physical page: [ 18.740237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101711 [ 18.741856] flags: 0x200000000000000(node=0|zone=2) [ 18.742372] page_type: f5(slab) [ 18.742729] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 18.743301] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.744726] page dumped because: kasan: bad access detected [ 18.745052] [ 18.745231] Memory state around the buggy address: [ 18.746557] ffff888101711280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.747055] ffff888101711300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.747905] >ffff888101711380: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 18.748714] ^ [ 18.749037] ffff888101711400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.749847] ffff888101711480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.750490] ==================================================================
[ 20.075441] ================================================================== [ 20.076125] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 20.076704] Free of addr ffff00000a7446a0 by task kunit_try_catch/250 [ 20.077290] [ 20.077448] CPU: 3 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.077486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.077497] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.077510] Call trace: [ 20.077519] show_stack+0x20/0x38 (C) [ 20.077546] dump_stack_lvl+0x8c/0xd0 [ 20.077568] print_report+0x118/0x608 [ 20.077591] kasan_report_invalid_free+0xc0/0xe8 [ 20.077614] check_slab_allocation+0xd4/0x108 [ 20.077634] __kasan_slab_pre_free+0x2c/0x48 [ 20.077656] kfree+0xe8/0x3c8 [ 20.077680] kfree_sensitive+0x3c/0xb0 [ 20.077701] kmalloc_double_kzfree+0x168/0x308 [ 20.077728] kunit_try_run_case+0x170/0x3f0 [ 20.077754] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.077782] kthread+0x328/0x630 [ 20.077807] ret_from_fork+0x10/0x20 [ 20.077831] [ 20.084416] Allocated by task 250: [ 20.084735] kasan_save_stack+0x3c/0x68 [ 20.085097] kasan_save_track+0x20/0x40 [ 20.085457] kasan_save_alloc_info+0x40/0x58 [ 20.085858] __kasan_kmalloc+0xd4/0xd8 [ 20.086212] __kmalloc_cache_noprof+0x15c/0x3c0 [ 20.086639] kmalloc_double_kzfree+0xb8/0x308 [ 20.087049] kunit_try_run_case+0x170/0x3f0 [ 20.087444] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.087953] kthread+0x328/0x630 [ 20.088263] ret_from_fork+0x10/0x20 [ 20.088602] [ 20.088749] Freed by task 250: [ 20.089034] kasan_save_stack+0x3c/0x68 [ 20.089395] kasan_save_track+0x20/0x40 [ 20.089755] kasan_save_free_info+0x4c/0x78 [ 20.090148] __kasan_slab_free+0x6c/0x98 [ 20.090517] kfree+0x214/0x3c8 [ 20.090812] kfree_sensitive+0x80/0xb0 [ 20.091164] kmalloc_double_kzfree+0x11c/0x308 [ 20.091583] kunit_try_run_case+0x170/0x3f0 [ 20.091976] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.092486] kthread+0x328/0x630 [ 20.092795] ret_from_fork+0x10/0x20 [ 20.093133] [ 20.093280] The buggy address belongs to the object at ffff00000a7446a0 [ 20.093280] which belongs to the cache kmalloc-16 of size 16 [ 20.094384] The buggy address is located 0 bytes inside of [ 20.094384] 16-byte region [ffff00000a7446a0, ffff00000a7446b0) [ 20.095412] [ 20.095560] The buggy address belongs to the physical page: [ 20.096067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa744 [ 20.096778] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 20.097378] page_type: f5(slab) [ 20.097680] raw: 03fffe0000000000 ffff000000402640 dead000000000122 0000000000000000 [ 20.098384] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.099083] page dumped because: kasan: bad access detected [ 20.099589] [ 20.099735] Memory state around the buggy address: [ 20.100174] ffff00000a744580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.100829] ffff00000a744600: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 20.101484] >ffff00000a744680: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 20.102136] ^ [ 20.102529] ffff00000a744700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.103184] ffff00000a744780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.103834] ==================================================================