Hay
Sign in
Date
July 17, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.813351] ==================================================================
[   16.813492] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[   16.813782] Free of addr fff00000c3e55180 by task kunit_try_catch/192
[   16.813834] 
[   16.813914] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.813998] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.814050] Hardware name: linux,dummy-virt (DT)
[   16.814088] Call trace:
[   16.814112]  show_stack+0x20/0x38 (C)
[   16.814190]  dump_stack_lvl+0x8c/0xd0
[   16.814239]  print_report+0x118/0x5d0
[   16.814284]  kasan_report_invalid_free+0xc0/0xe8
[   16.814337]  check_slab_allocation+0xd4/0x108
[   16.814515]  __kasan_slab_pre_free+0x2c/0x48
[   16.814567]  kfree+0xe8/0x3c8
[   16.814752]  kfree_sensitive+0x3c/0xb0
[   16.814844]  kmalloc_double_kzfree+0x168/0x308
[   16.814939]  kunit_try_run_case+0x170/0x3f0
[   16.814987]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.815041]  kthread+0x328/0x630
[   16.815147]  ret_from_fork+0x10/0x20
[   16.815197] 
[   16.815273] Allocated by task 192:
[   16.815323]  kasan_save_stack+0x3c/0x68
[   16.815366]  kasan_save_track+0x20/0x40
[   16.815404]  kasan_save_alloc_info+0x40/0x58
[   16.815444]  __kasan_kmalloc+0xd4/0xd8
[   16.815479]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.815527]  kmalloc_double_kzfree+0xb8/0x308
[   16.815565]  kunit_try_run_case+0x170/0x3f0
[   16.815603]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.815655]  kthread+0x328/0x630
[   16.815686]  ret_from_fork+0x10/0x20
[   16.815727] 
[   16.815792] Freed by task 192:
[   16.815819]  kasan_save_stack+0x3c/0x68
[   16.816148]  kasan_save_track+0x20/0x40
[   16.816218]  kasan_save_free_info+0x4c/0x78
[   16.816257]  __kasan_slab_free+0x6c/0x98
[   16.816293]  kfree+0x214/0x3c8
[   16.816327]  kfree_sensitive+0x80/0xb0
[   16.816362]  kmalloc_double_kzfree+0x11c/0x308
[   16.816588]  kunit_try_run_case+0x170/0x3f0
[   16.816676]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.816821]  kthread+0x328/0x630
[   16.816959]  ret_from_fork+0x10/0x20
[   16.817066] 
[   16.817197] The buggy address belongs to the object at fff00000c3e55180
[   16.817197]  which belongs to the cache kmalloc-16 of size 16
[   16.817312] The buggy address is located 0 bytes inside of
[   16.817312]  16-byte region [fff00000c3e55180, fff00000c3e55190)
[   16.817460] 
[   16.817510] The buggy address belongs to the physical page:
[   16.817543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e55
[   16.817835] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.818026] page_type: f5(slab)
[   16.818133] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.818419] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.818576] page dumped because: kasan: bad access detected
[   16.818655] 
[   16.818721] Memory state around the buggy address:
[   16.818828]  fff00000c3e55080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   16.818986]  fff00000c3e55100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   16.819071] >fff00000c3e55180: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.819254]                    ^
[   16.819477]  fff00000c3e55200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.819545]  fff00000c3e55280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.819587] ==================================================================
Metadata Full log Test run details 

[   12.643308] ==================================================================
[   12.644024] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90
[   12.644259] Free of addr ffff8881025ee340 by task kunit_try_catch/209
[   12.644462] 
[   12.644551] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.644594] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.644605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.644626] Call Trace:
[   12.644644]  <TASK>
[   12.644662]  dump_stack_lvl+0x73/0xb0
[   12.645255]  print_report+0xd1/0x610
[   12.645286]  ? __virt_addr_valid+0x1db/0x2d0
[   12.645310]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.645332]  ? kfree_sensitive+0x2e/0x90
[   12.645352]  kasan_report_invalid_free+0x10a/0x130
[   12.645377]  ? kfree_sensitive+0x2e/0x90
[   12.645399]  ? kfree_sensitive+0x2e/0x90
[   12.645418]  check_slab_allocation+0x101/0x130
[   12.645439]  __kasan_slab_pre_free+0x28/0x40
[   12.645459]  kfree+0xf0/0x3f0
[   12.645479]  ? kfree_sensitive+0x2e/0x90
[   12.645501]  kfree_sensitive+0x2e/0x90
[   12.645520]  kmalloc_double_kzfree+0x19c/0x350
[   12.645542]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   12.645566]  ? __schedule+0x10cc/0x2b60
[   12.645605]  ? __pfx_read_tsc+0x10/0x10
[   12.645624]  ? ktime_get_ts64+0x86/0x230
[   12.645649]  kunit_try_run_case+0x1a5/0x480
[   12.645673]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.645694]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.645717]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.645740]  ? __kthread_parkme+0x82/0x180
[   12.645759]  ? preempt_count_sub+0x50/0x80
[   12.645783]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.645806]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.645840]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.645863]  kthread+0x337/0x6f0
[   12.645881]  ? trace_preempt_on+0x20/0xc0
[   12.645904]  ? __pfx_kthread+0x10/0x10
[   12.645923]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.645944]  ? calculate_sigpending+0x7b/0xa0
[   12.645967]  ? __pfx_kthread+0x10/0x10
[   12.645988]  ret_from_fork+0x116/0x1d0
[   12.646005]  ? __pfx_kthread+0x10/0x10
[   12.646024]  ret_from_fork_asm+0x1a/0x30
[   12.646067]  </TASK>
[   12.646078] 
[   12.662593] Allocated by task 209:
[   12.662757]  kasan_save_stack+0x45/0x70
[   12.663506]  kasan_save_track+0x18/0x40
[   12.663965]  kasan_save_alloc_info+0x3b/0x50
[   12.664317]  __kasan_kmalloc+0xb7/0xc0
[   12.664774]  __kmalloc_cache_noprof+0x189/0x420
[   12.665117]  kmalloc_double_kzfree+0xa9/0x350
[   12.665428]  kunit_try_run_case+0x1a5/0x480
[   12.665762]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.666124]  kthread+0x337/0x6f0
[   12.666304]  ret_from_fork+0x116/0x1d0
[   12.666486]  ret_from_fork_asm+0x1a/0x30
[   12.667009] 
[   12.667115] Freed by task 209:
[   12.667444]  kasan_save_stack+0x45/0x70
[   12.667671]  kasan_save_track+0x18/0x40
[   12.668297]  kasan_save_free_info+0x3f/0x60
[   12.668502]  __kasan_slab_free+0x56/0x70
[   12.669150]  kfree+0x222/0x3f0
[   12.669322]  kfree_sensitive+0x67/0x90
[   12.669659]  kmalloc_double_kzfree+0x12b/0x350
[   12.669915]  kunit_try_run_case+0x1a5/0x480
[   12.670139]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.670392]  kthread+0x337/0x6f0
[   12.670552]  ret_from_fork+0x116/0x1d0
[   12.671076]  ret_from_fork_asm+0x1a/0x30
[   12.671246] 
[   12.671520] The buggy address belongs to the object at ffff8881025ee340
[   12.671520]  which belongs to the cache kmalloc-16 of size 16
[   12.672278] The buggy address is located 0 bytes inside of
[   12.672278]  16-byte region [ffff8881025ee340, ffff8881025ee350)
[   12.673243] 
[   12.673348] The buggy address belongs to the physical page:
[   12.673560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ee
[   12.674178] flags: 0x200000000000000(node=0|zone=2)
[   12.674548] page_type: f5(slab)
[   12.674890] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.675238] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.675568] page dumped because: kasan: bad access detected
[   12.675804] 
[   12.676253] Memory state around the buggy address:
[   12.676447]  ffff8881025ee200: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc
[   12.676970]  ffff8881025ee280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   12.677452] >ffff8881025ee300: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc
[   12.677844]                                            ^
[   12.678512]  ffff8881025ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.679048]  ffff8881025ee400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.679485] ==================================================================
Metadata Full log Test run details