Date
July 15, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.784737] ================================================================== [ 15.785111] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 15.785988] Free of addr fff00000c591d600 by task kunit_try_catch/193 [ 15.786043] [ 15.786076] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.786856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.787057] Hardware name: linux,dummy-virt (DT) [ 15.787142] Call trace: [ 15.787167] show_stack+0x20/0x38 (C) [ 15.787228] dump_stack_lvl+0x8c/0xd0 [ 15.787279] print_report+0x118/0x5d0 [ 15.787550] kasan_report_invalid_free+0xc0/0xe8 [ 15.788128] check_slab_allocation+0xd4/0x108 [ 15.788489] __kasan_slab_pre_free+0x2c/0x48 [ 15.788556] kfree+0xe8/0x3c8 [ 15.788597] kfree_sensitive+0x3c/0xb0 [ 15.788920] kmalloc_double_kzfree+0x168/0x308 [ 15.789058] kunit_try_run_case+0x170/0x3f0 [ 15.789104] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.789165] kthread+0x328/0x630 [ 15.789426] ret_from_fork+0x10/0x20 [ 15.789793] [ 15.789818] Allocated by task 193: [ 15.790148] kasan_save_stack+0x3c/0x68 [ 15.790435] kasan_save_track+0x20/0x40 [ 15.790718] kasan_save_alloc_info+0x40/0x58 [ 15.790768] __kasan_kmalloc+0xd4/0xd8 [ 15.790810] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.790851] kmalloc_double_kzfree+0xb8/0x308 [ 15.791474] kunit_try_run_case+0x170/0x3f0 [ 15.791802] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.791860] kthread+0x328/0x630 [ 15.791969] ret_from_fork+0x10/0x20 [ 15.792076] [ 15.792146] Freed by task 193: [ 15.792269] kasan_save_stack+0x3c/0x68 [ 15.792377] kasan_save_track+0x20/0x40 [ 15.792416] kasan_save_free_info+0x4c/0x78 [ 15.792463] __kasan_slab_free+0x6c/0x98 [ 15.792499] kfree+0x214/0x3c8 [ 15.792532] kfree_sensitive+0x80/0xb0 [ 15.792567] kmalloc_double_kzfree+0x11c/0x308 [ 15.793019] kunit_try_run_case+0x170/0x3f0 [ 15.793112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.793299] kthread+0x328/0x630 [ 15.793336] ret_from_fork+0x10/0x20 [ 15.793515] [ 15.793543] The buggy address belongs to the object at fff00000c591d600 [ 15.793543] which belongs to the cache kmalloc-16 of size 16 [ 15.793908] The buggy address is located 0 bytes inside of [ 15.793908] 16-byte region [fff00000c591d600, fff00000c591d610) [ 15.794177] [ 15.794246] The buggy address belongs to the physical page: [ 15.794329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10591d [ 15.794632] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.794900] page_type: f5(slab) [ 15.795010] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 15.795213] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.795257] page dumped because: kasan: bad access detected [ 15.795289] [ 15.795307] Memory state around the buggy address: [ 15.795707] fff00000c591d500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.796038] fff00000c591d580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.796089] >fff00000c591d600: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.796128] ^ [ 15.796156] fff00000c591d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.796360] fff00000c591d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.796449] ==================================================================
[ 12.913267] ================================================================== [ 12.914150] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 12.914667] Free of addr ffff888102514900 by task kunit_try_catch/209 [ 12.914981] [ 12.915074] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.915118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.915129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.915148] Call Trace: [ 12.915162] <TASK> [ 12.915176] dump_stack_lvl+0x73/0xb0 [ 12.915206] print_report+0xd1/0x610 [ 12.915229] ? __virt_addr_valid+0x1db/0x2d0 [ 12.915252] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.915275] ? kfree_sensitive+0x2e/0x90 [ 12.915297] kasan_report_invalid_free+0x10a/0x130 [ 12.915323] ? kfree_sensitive+0x2e/0x90 [ 12.915401] ? kfree_sensitive+0x2e/0x90 [ 12.915422] check_slab_allocation+0x101/0x130 [ 12.915444] __kasan_slab_pre_free+0x28/0x40 [ 12.915466] kfree+0xf0/0x3f0 [ 12.915487] ? kfree_sensitive+0x2e/0x90 [ 12.915509] kfree_sensitive+0x2e/0x90 [ 12.915529] kmalloc_double_kzfree+0x19c/0x350 [ 12.915553] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.915578] ? __schedule+0x10cc/0x2b60 [ 12.915600] ? __pfx_read_tsc+0x10/0x10 [ 12.915620] ? ktime_get_ts64+0x86/0x230 [ 12.915644] kunit_try_run_case+0x1a5/0x480 [ 12.915668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.915691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.915715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.915739] ? __kthread_parkme+0x82/0x180 [ 12.915773] ? preempt_count_sub+0x50/0x80 [ 12.915796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.915820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.915845] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.915870] kthread+0x337/0x6f0 [ 12.915889] ? trace_preempt_on+0x20/0xc0 [ 12.915912] ? __pfx_kthread+0x10/0x10 [ 12.915932] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.915954] ? calculate_sigpending+0x7b/0xa0 [ 12.915978] ? __pfx_kthread+0x10/0x10 [ 12.915999] ret_from_fork+0x116/0x1d0 [ 12.916017] ? __pfx_kthread+0x10/0x10 [ 12.916038] ret_from_fork_asm+0x1a/0x30 [ 12.916068] </TASK> [ 12.916078] [ 12.924300] Allocated by task 209: [ 12.924620] kasan_save_stack+0x45/0x70 [ 12.924838] kasan_save_track+0x18/0x40 [ 12.925027] kasan_save_alloc_info+0x3b/0x50 [ 12.925221] __kasan_kmalloc+0xb7/0xc0 [ 12.925940] __kmalloc_cache_noprof+0x189/0x420 [ 12.926119] kmalloc_double_kzfree+0xa9/0x350 [ 12.926272] kunit_try_run_case+0x1a5/0x480 [ 12.927324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.928083] kthread+0x337/0x6f0 [ 12.928596] ret_from_fork+0x116/0x1d0 [ 12.928801] ret_from_fork_asm+0x1a/0x30 [ 12.928982] [ 12.929060] Freed by task 209: [ 12.929227] kasan_save_stack+0x45/0x70 [ 12.929385] kasan_save_track+0x18/0x40 [ 12.930015] kasan_save_free_info+0x3f/0x60 [ 12.930215] __kasan_slab_free+0x56/0x70 [ 12.930501] kfree+0x222/0x3f0 [ 12.930906] kfree_sensitive+0x67/0x90 [ 12.931061] kmalloc_double_kzfree+0x12b/0x350 [ 12.931360] kunit_try_run_case+0x1a5/0x480 [ 12.931784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.932312] kthread+0x337/0x6f0 [ 12.932655] ret_from_fork+0x116/0x1d0 [ 12.932832] ret_from_fork_asm+0x1a/0x30 [ 12.933147] [ 12.933249] The buggy address belongs to the object at ffff888102514900 [ 12.933249] which belongs to the cache kmalloc-16 of size 16 [ 12.934066] The buggy address is located 0 bytes inside of [ 12.934066] 16-byte region [ffff888102514900, ffff888102514910) [ 12.934669] [ 12.934787] The buggy address belongs to the physical page: [ 12.935048] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102514 [ 12.935369] flags: 0x200000000000000(node=0|zone=2) [ 12.935998] page_type: f5(slab) [ 12.936135] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.936699] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.937040] page dumped because: kasan: bad access detected [ 12.937273] [ 12.937590] Memory state around the buggy address: [ 12.937803] ffff888102514800: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 05 fc fc [ 12.938116] ffff888102514880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.938680] >ffff888102514900: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.938953] ^ [ 12.939124] ffff888102514980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.939417] ffff888102514a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.940053] ==================================================================