Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 30.301843] ================================================================== [ 30.308767] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 30.314751] Free of addr ffff000800c2f0a0 by task kunit_try_catch/239 [ 30.321175] [ 30.322660] CPU: 5 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.322717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.322737] Hardware name: WinLink E850-96 board (DT) [ 30.322758] Call trace: [ 30.322772] show_stack+0x20/0x38 (C) [ 30.322806] dump_stack_lvl+0x8c/0xd0 [ 30.322841] print_report+0x118/0x608 [ 30.322875] kasan_report_invalid_free+0xc0/0xe8 [ 30.322911] check_slab_allocation+0xd4/0x108 [ 30.322948] __kasan_slab_pre_free+0x2c/0x48 [ 30.322983] kfree+0xe8/0x3c8 [ 30.323013] kfree_sensitive+0x3c/0xb0 [ 30.323044] kmalloc_double_kzfree+0x168/0x308 [ 30.323079] kunit_try_run_case+0x170/0x3f0 [ 30.323116] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.323152] kthread+0x328/0x630 [ 30.323180] ret_from_fork+0x10/0x20 [ 30.323214] [ 30.397302] Allocated by task 239: [ 30.400689] kasan_save_stack+0x3c/0x68 [ 30.404509] kasan_save_track+0x20/0x40 [ 30.408326] kasan_save_alloc_info+0x40/0x58 [ 30.412580] __kasan_kmalloc+0xd4/0xd8 [ 30.416312] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.420826] kmalloc_double_kzfree+0xb8/0x308 [ 30.425166] kunit_try_run_case+0x170/0x3f0 [ 30.429333] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.434803] kthread+0x328/0x630 [ 30.438013] ret_from_fork+0x10/0x20 [ 30.441572] [ 30.443048] Freed by task 239: [ 30.446086] kasan_save_stack+0x3c/0x68 [ 30.449905] kasan_save_track+0x20/0x40 [ 30.453725] kasan_save_free_info+0x4c/0x78 [ 30.457891] __kasan_slab_free+0x6c/0x98 [ 30.461798] kfree+0x214/0x3c8 [ 30.464836] kfree_sensitive+0x80/0xb0 [ 30.468568] kmalloc_double_kzfree+0x11c/0x308 [ 30.472996] kunit_try_run_case+0x170/0x3f0 [ 30.477162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.482631] kthread+0x328/0x630 [ 30.485844] ret_from_fork+0x10/0x20 [ 30.489401] [ 30.490878] The buggy address belongs to the object at ffff000800c2f0a0 [ 30.490878] which belongs to the cache kmalloc-16 of size 16 [ 30.503206] The buggy address is located 0 bytes inside of [ 30.503206] 16-byte region [ffff000800c2f0a0, ffff000800c2f0b0) [ 30.514661] [ 30.516139] The buggy address belongs to the physical page: [ 30.521696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880c2f [ 30.529680] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.536191] page_type: f5(slab) [ 30.539325] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000 [ 30.547046] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 30.554765] page dumped because: kasan: bad access detected [ 30.560320] [ 30.561796] Memory state around the buggy address: [ 30.566577] ffff000800c2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.573779] ffff000800c2f000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.580984] >ffff000800c2f080: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 30.588184] ^ [ 30.592442] ffff000800c2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.599647] ffff000800c2f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.606848] ==================================================================
[ 25.677198] ================================================================== [ 25.677335] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 25.677450] Free of addr fff00000c62bd320 by task kunit_try_catch/192 [ 25.677548] [ 25.677613] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.677804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.677884] Hardware name: linux,dummy-virt (DT) [ 25.678011] Call trace: [ 25.678082] show_stack+0x20/0x38 (C) [ 25.678225] dump_stack_lvl+0x8c/0xd0 [ 25.678371] print_report+0x118/0x608 [ 25.678504] kasan_report_invalid_free+0xc0/0xe8 [ 25.678651] check_slab_allocation+0xd4/0x108 [ 25.678794] __kasan_slab_pre_free+0x2c/0x48 [ 25.679055] kfree+0xe8/0x3c8 [ 25.679432] kfree_sensitive+0x3c/0xb0 [ 25.679921] kmalloc_double_kzfree+0x168/0x308 [ 25.680477] kunit_try_run_case+0x170/0x3f0 [ 25.680982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.681127] kthread+0x328/0x630 [ 25.681329] ret_from_fork+0x10/0x20 [ 25.681618] [ 25.682135] Allocated by task 192: [ 25.682372] kasan_save_stack+0x3c/0x68 [ 25.682636] kasan_save_track+0x20/0x40 [ 25.682750] kasan_save_alloc_info+0x40/0x58 [ 25.682876] __kasan_kmalloc+0xd4/0xd8 [ 25.682993] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.683475] kmalloc_double_kzfree+0xb8/0x308 [ 25.683726] kunit_try_run_case+0x170/0x3f0 [ 25.683979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.684138] kthread+0x328/0x630 [ 25.684395] ret_from_fork+0x10/0x20 [ 25.684971] [ 25.685047] Freed by task 192: [ 25.685176] kasan_save_stack+0x3c/0x68 [ 25.685298] kasan_save_track+0x20/0x40 [ 25.685592] kasan_save_free_info+0x4c/0x78 [ 25.685826] __kasan_slab_free+0x6c/0x98 [ 25.685987] kfree+0x214/0x3c8 [ 25.686203] kfree_sensitive+0x80/0xb0 [ 25.686351] kmalloc_double_kzfree+0x11c/0x308 [ 25.686454] kunit_try_run_case+0x170/0x3f0 [ 25.687059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.687234] kthread+0x328/0x630 [ 25.687490] ret_from_fork+0x10/0x20 [ 25.687739] [ 25.687833] The buggy address belongs to the object at fff00000c62bd320 [ 25.687833] which belongs to the cache kmalloc-16 of size 16 [ 25.688141] The buggy address is located 0 bytes inside of [ 25.688141] 16-byte region [fff00000c62bd320, fff00000c62bd330) [ 25.688309] [ 25.688364] The buggy address belongs to the physical page: [ 25.688719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 25.689097] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.689219] page_type: f5(slab) [ 25.689339] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 25.689468] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.689579] page dumped because: kasan: bad access detected [ 25.689658] [ 25.689701] Memory state around the buggy address: [ 25.689777] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.689880] fff00000c62bd280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.690015] >fff00000c62bd300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 25.690113] ^ [ 25.690217] fff00000c62bd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.690327] fff00000c62bd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.690419] ==================================================================
[ 25.942906] ================================================================== [ 25.943398] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 25.943949] Free of addr fff00000c56fe400 by task kunit_try_catch/192 [ 25.944148] [ 25.944241] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.945124] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.945205] Hardware name: linux,dummy-virt (DT) [ 25.945295] Call trace: [ 25.946035] show_stack+0x20/0x38 (C) [ 25.946166] dump_stack_lvl+0x8c/0xd0 [ 25.946293] print_report+0x118/0x608 [ 25.946414] kasan_report_invalid_free+0xc0/0xe8 [ 25.946544] check_slab_allocation+0xd4/0x108 [ 25.946672] __kasan_slab_pre_free+0x2c/0x48 [ 25.947009] kfree+0xe8/0x3c8 [ 25.947327] kfree_sensitive+0x3c/0xb0 [ 25.947472] kmalloc_double_kzfree+0x168/0x308 [ 25.947725] kunit_try_run_case+0x170/0x3f0 [ 25.947974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.948201] kthread+0x328/0x630 [ 25.948326] ret_from_fork+0x10/0x20 [ 25.948901] [ 25.949026] Allocated by task 192: [ 25.949113] kasan_save_stack+0x3c/0x68 [ 25.949219] kasan_save_track+0x20/0x40 [ 25.949334] kasan_save_alloc_info+0x40/0x58 [ 25.949531] __kasan_kmalloc+0xd4/0xd8 [ 25.949724] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.949929] kmalloc_double_kzfree+0xb8/0x308 [ 25.950105] kunit_try_run_case+0x170/0x3f0 [ 25.950258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.950420] kthread+0x328/0x630 [ 25.950516] ret_from_fork+0x10/0x20 [ 25.950646] [ 25.950702] Freed by task 192: [ 25.951012] kasan_save_stack+0x3c/0x68 [ 25.951145] kasan_save_track+0x20/0x40 [ 25.951366] kasan_save_free_info+0x4c/0x78 [ 25.951533] __kasan_slab_free+0x6c/0x98 [ 25.951865] kfree+0x214/0x3c8 [ 25.951972] kfree_sensitive+0x80/0xb0 [ 25.952061] kmalloc_double_kzfree+0x11c/0x308 [ 25.952156] kunit_try_run_case+0x170/0x3f0 [ 25.952420] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.952552] kthread+0x328/0x630 [ 25.952805] ret_from_fork+0x10/0x20 [ 25.952925] [ 25.952982] The buggy address belongs to the object at fff00000c56fe400 [ 25.952982] which belongs to the cache kmalloc-16 of size 16 [ 25.953329] The buggy address is located 0 bytes inside of [ 25.953329] 16-byte region [fff00000c56fe400, fff00000c56fe410) [ 25.953703] [ 25.953780] The buggy address belongs to the physical page: [ 25.953876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056fe [ 25.954471] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.954679] page_type: f5(slab) [ 25.954819] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 25.955152] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.955293] page dumped because: kasan: bad access detected [ 25.955370] [ 25.955415] Memory state around the buggy address: [ 25.956476] fff00000c56fe300: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 25.956646] fff00000c56fe380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.956753] >fff00000c56fe400: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.956863] ^ [ 25.957599] fff00000c56fe480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.958036] fff00000c56fe500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.958146] ==================================================================
[ 19.515774] ================================================================== [ 19.519024] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 19.520059] Free of addr ffff8881023e23e0 by task kunit_try_catch/210 [ 19.521208] [ 19.522644] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 19.522757] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.522785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.522835] Call Trace: [ 19.522877] <TASK> [ 19.522923] dump_stack_lvl+0x73/0xb0 [ 19.523025] print_report+0xd1/0x650 [ 19.523461] ? __virt_addr_valid+0x1db/0x2d0 [ 19.523558] ? kasan_complete_mode_report_info+0x64/0x200 [ 19.523619] ? kfree_sensitive+0x2e/0x90 [ 19.523671] kasan_report_invalid_free+0x10a/0x130 [ 19.523727] ? kfree_sensitive+0x2e/0x90 [ 19.523779] ? kfree_sensitive+0x2e/0x90 [ 19.523826] check_slab_allocation+0x101/0x130 [ 19.523875] __kasan_slab_pre_free+0x28/0x40 [ 19.523922] kfree+0xf0/0x3f0 [ 19.523995] ? kfree_sensitive+0x2e/0x90 [ 19.524058] kfree_sensitive+0x2e/0x90 [ 19.524113] kmalloc_double_kzfree+0x19c/0x350 [ 19.524178] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 19.524355] ? __schedule+0x10cc/0x2b60 [ 19.524440] ? __pfx_read_tsc+0x10/0x10 [ 19.524610] ? ktime_get_ts64+0x86/0x230 [ 19.524695] kunit_try_run_case+0x1a5/0x480 [ 19.524775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.524847] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.524888] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.524924] ? __kthread_parkme+0x82/0x180 [ 19.524956] ? preempt_count_sub+0x50/0x80 [ 19.524990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.525027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.525060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.525094] kthread+0x337/0x6f0 [ 19.525122] ? trace_preempt_on+0x20/0xc0 [ 19.525157] ? __pfx_kthread+0x10/0x10 [ 19.525185] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.525216] ? calculate_sigpending+0x7b/0xa0 [ 19.525316] ? __pfx_kthread+0x10/0x10 [ 19.525350] ret_from_fork+0x116/0x1d0 [ 19.525377] ? __pfx_kthread+0x10/0x10 [ 19.525406] ret_from_fork_asm+0x1a/0x30 [ 19.525449] </TASK> [ 19.525464] [ 19.546053] Allocated by task 210: [ 19.546923] kasan_save_stack+0x45/0x70 [ 19.547365] kasan_save_track+0x18/0x40 [ 19.547940] kasan_save_alloc_info+0x3b/0x50 [ 19.548135] __kasan_kmalloc+0xb7/0xc0 [ 19.548601] __kmalloc_cache_noprof+0x189/0x420 [ 19.549483] kmalloc_double_kzfree+0xa9/0x350 [ 19.549962] kunit_try_run_case+0x1a5/0x480 [ 19.550417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.550954] kthread+0x337/0x6f0 [ 19.551402] ret_from_fork+0x116/0x1d0 [ 19.551830] ret_from_fork_asm+0x1a/0x30 [ 19.552300] [ 19.552534] Freed by task 210: [ 19.552931] kasan_save_stack+0x45/0x70 [ 19.553442] kasan_save_track+0x18/0x40 [ 19.553864] kasan_save_free_info+0x3f/0x60 [ 19.554405] __kasan_slab_free+0x56/0x70 [ 19.554811] kfree+0x222/0x3f0 [ 19.555186] kfree_sensitive+0x67/0x90 [ 19.555678] kmalloc_double_kzfree+0x12b/0x350 [ 19.556184] kunit_try_run_case+0x1a5/0x480 [ 19.556769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.557397] kthread+0x337/0x6f0 [ 19.557824] ret_from_fork+0x116/0x1d0 [ 19.558282] ret_from_fork_asm+0x1a/0x30 [ 19.558687] [ 19.559006] The buggy address belongs to the object at ffff8881023e23e0 [ 19.559006] which belongs to the cache kmalloc-16 of size 16 [ 19.559969] The buggy address is located 0 bytes inside of [ 19.559969] 16-byte region [ffff8881023e23e0, ffff8881023e23f0) [ 19.560782] [ 19.560991] The buggy address belongs to the physical page: [ 19.561664] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023e2 [ 19.562344] flags: 0x200000000000000(node=0|zone=2) [ 19.562820] page_type: f5(slab) [ 19.563257] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 19.563860] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.564430] page dumped because: kasan: bad access detected [ 19.565096] [ 19.565362] Memory state around the buggy address: [ 19.565837] ffff8881023e2280: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 19.566422] ffff8881023e2300: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 19.567118] >ffff8881023e2380: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 19.567748] ^ [ 19.568337] ffff8881023e2400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.568994] ffff8881023e2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.569723] ==================================================================
[ 18.521235] ================================================================== [ 18.522605] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 18.523311] Free of addr ffff88810262e160 by task kunit_try_catch/210 [ 18.524340] [ 18.524707] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 18.524824] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.524862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.524941] Call Trace: [ 18.524978] <TASK> [ 18.525017] dump_stack_lvl+0x73/0xb0 [ 18.525141] print_report+0xd1/0x650 [ 18.525225] ? __virt_addr_valid+0x1db/0x2d0 [ 18.525301] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.525371] ? kfree_sensitive+0x2e/0x90 [ 18.525441] kasan_report_invalid_free+0x10a/0x130 [ 18.525518] ? kfree_sensitive+0x2e/0x90 [ 18.525590] ? kfree_sensitive+0x2e/0x90 [ 18.525657] check_slab_allocation+0x101/0x130 [ 18.525731] __kasan_slab_pre_free+0x28/0x40 [ 18.525769] kfree+0xf0/0x3f0 [ 18.525801] ? kfree_sensitive+0x2e/0x90 [ 18.525832] kfree_sensitive+0x2e/0x90 [ 18.525860] kmalloc_double_kzfree+0x19c/0x350 [ 18.525923] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 18.525962] ? __schedule+0x10cc/0x2b60 [ 18.525998] ? __pfx_read_tsc+0x10/0x10 [ 18.526028] ? ktime_get_ts64+0x86/0x230 [ 18.526060] kunit_try_run_case+0x1a5/0x480 [ 18.526112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.526184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.526220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.526265] ? __kthread_parkme+0x82/0x180 [ 18.526298] ? preempt_count_sub+0x50/0x80 [ 18.526330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.526364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.526397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.526431] kthread+0x337/0x6f0 [ 18.526457] ? trace_preempt_on+0x20/0xc0 [ 18.526489] ? __pfx_kthread+0x10/0x10 [ 18.526518] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.526548] ? calculate_sigpending+0x7b/0xa0 [ 18.526584] ? __pfx_kthread+0x10/0x10 [ 18.526613] ret_from_fork+0x116/0x1d0 [ 18.526638] ? __pfx_kthread+0x10/0x10 [ 18.526666] ret_from_fork_asm+0x1a/0x30 [ 18.526707] </TASK> [ 18.526722] [ 18.540769] Allocated by task 210: [ 18.541200] kasan_save_stack+0x45/0x70 [ 18.541636] kasan_save_track+0x18/0x40 [ 18.542080] kasan_save_alloc_info+0x3b/0x50 [ 18.542553] __kasan_kmalloc+0xb7/0xc0 [ 18.542999] __kmalloc_cache_noprof+0x189/0x420 [ 18.544279] kmalloc_double_kzfree+0xa9/0x350 [ 18.544797] kunit_try_run_case+0x1a5/0x480 [ 18.545250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.545725] kthread+0x337/0x6f0 [ 18.546062] ret_from_fork+0x116/0x1d0 [ 18.546494] ret_from_fork_asm+0x1a/0x30 [ 18.546957] [ 18.547189] Freed by task 210: [ 18.547474] kasan_save_stack+0x45/0x70 [ 18.547918] kasan_save_track+0x18/0x40 [ 18.548412] kasan_save_free_info+0x3f/0x60 [ 18.548859] __kasan_slab_free+0x56/0x70 [ 18.549297] kfree+0x222/0x3f0 [ 18.549592] kfree_sensitive+0x67/0x90 [ 18.549922] kmalloc_double_kzfree+0x12b/0x350 [ 18.550493] kunit_try_run_case+0x1a5/0x480 [ 18.551333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.551738] kthread+0x337/0x6f0 [ 18.552052] ret_from_fork+0x116/0x1d0 [ 18.553962] ret_from_fork_asm+0x1a/0x30 [ 18.554426] [ 18.554702] The buggy address belongs to the object at ffff88810262e160 [ 18.554702] which belongs to the cache kmalloc-16 of size 16 [ 18.555738] The buggy address is located 0 bytes inside of [ 18.555738] 16-byte region [ffff88810262e160, ffff88810262e170) [ 18.556687] [ 18.556938] The buggy address belongs to the physical page: [ 18.557455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262e [ 18.558153] flags: 0x200000000000000(node=0|zone=2) [ 18.558620] page_type: f5(slab) [ 18.559015] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 18.559755] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.560408] page dumped because: kasan: bad access detected [ 18.560861] [ 18.561173] Memory state around the buggy address: [ 18.561649] ffff88810262e000: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 18.562425] ffff88810262e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.562900] >ffff88810262e100: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.563337] ^ [ 18.563738] ffff88810262e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.564493] ffff88810262e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.565727] ==================================================================
[ 20.832283] ================================================================== [ 20.832956] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 20.833543] Free of addr ffff000001e6e700 by task kunit_try_catch/245 [ 20.834139] [ 20.834297] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 20.834334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.834344] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.834358] Call trace: [ 20.834366] show_stack+0x20/0x38 (C) [ 20.834391] dump_stack_lvl+0x8c/0xd0 [ 20.834417] print_report+0x118/0x608 [ 20.834442] kasan_report_invalid_free+0xc0/0xe8 [ 20.834467] check_slab_allocation+0xd4/0x108 [ 20.834490] __kasan_slab_pre_free+0x2c/0x48 [ 20.834514] kfree+0xe8/0x3c8 [ 20.834534] kfree_sensitive+0x3c/0xb0 [ 20.834555] kmalloc_double_kzfree+0x168/0x308 [ 20.834580] kunit_try_run_case+0x170/0x3f0 [ 20.834603] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.834631] kthread+0x328/0x630 [ 20.834650] ret_from_fork+0x10/0x20 [ 20.834673] [ 20.841260] Allocated by task 245: [ 20.841582] kasan_save_stack+0x3c/0x68 [ 20.841952] kasan_save_track+0x20/0x40 [ 20.842316] kasan_save_alloc_info+0x40/0x58 [ 20.842720] __kasan_kmalloc+0xd4/0xd8 [ 20.843075] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.843500] kmalloc_double_kzfree+0xb8/0x308 [ 20.843909] kunit_try_run_case+0x170/0x3f0 [ 20.844302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.844812] kthread+0x328/0x630 [ 20.845117] ret_from_fork+0x10/0x20 [ 20.845457] [ 20.845604] Freed by task 245: [ 20.845889] kasan_save_stack+0x3c/0x68 [ 20.846252] kasan_save_track+0x20/0x40 [ 20.846614] kasan_save_free_info+0x4c/0x78 [ 20.847009] __kasan_slab_free+0x6c/0x98 [ 20.847378] kfree+0x214/0x3c8 [ 20.847670] kfree_sensitive+0x80/0xb0 [ 20.848024] kmalloc_double_kzfree+0x11c/0x308 [ 20.848439] kunit_try_run_case+0x170/0x3f0 [ 20.848833] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.849342] kthread+0x328/0x630 [ 20.849649] ret_from_fork+0x10/0x20 [ 20.849988] [ 20.850135] The buggy address belongs to the object at ffff000001e6e700 [ 20.850135] which belongs to the cache kmalloc-16 of size 16 [ 20.851240] The buggy address is located 0 bytes inside of [ 20.851240] 16-byte region [ffff000001e6e700, ffff000001e6e710) [ 20.852269] [ 20.852416] The buggy address belongs to the physical page: [ 20.852922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e6e [ 20.853633] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 20.854233] page_type: f5(slab) [ 20.854536] raw: 03fffe0000000000 ffff000000402640 dead000000000122 0000000000000000 [ 20.855239] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.855937] page dumped because: kasan: bad access detected [ 20.856442] [ 20.856589] Memory state around the buggy address: [ 20.857029] ffff000001e6e600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.857682] ffff000001e6e680: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.858337] >ffff000001e6e700: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.858988] ^ [ 20.859290] ffff000001e6e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.859944] ffff000001e6e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.860596] ==================================================================