Hay
Sign in
Date
Nov. 22, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   34.332551] ==================================================================
[   34.333751] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[   34.334543] Free of addr fff00000c6105320 by task kunit_try_catch/181
[   34.335307] 
[   34.335893] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   34.337876] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.338584] Hardware name: linux,dummy-virt (DT)
[   34.339360] Call trace:
[   34.339785]  show_stack+0x20/0x38 (C)
[   34.340926]  dump_stack_lvl+0x8c/0xd0
[   34.341837]  print_report+0x118/0x5e0
[   34.343002]  kasan_report_invalid_free+0xb0/0xd8
[   34.343903]  check_slab_allocation+0xd4/0x108
[   34.344839]  __kasan_slab_pre_free+0x2c/0x48
[   34.345687]  kfree+0xe8/0x3d0
[   34.346894]  kfree_sensitive+0x3c/0xb0
[   34.347580]  kmalloc_double_kzfree+0x168/0x308
[   34.348366]  kunit_try_run_case+0x14c/0x3d0
[   34.349793]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.351848]  kthread+0x24c/0x2d0
[   34.353164]  ret_from_fork+0x10/0x20
[   34.353654] 
[   34.354120] Allocated by task 181:
[   34.354560]  kasan_save_stack+0x3c/0x68
[   34.355424]  kasan_save_track+0x20/0x40
[   34.356098]  kasan_save_alloc_info+0x40/0x58
[   34.356766]  __kasan_kmalloc+0xd4/0xd8
[   34.357718]  __kmalloc_cache_noprof+0x15c/0x3c8
[   34.358738]  kmalloc_double_kzfree+0xb8/0x308
[   34.359221]  kunit_try_run_case+0x14c/0x3d0
[   34.360168]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.361712]  kthread+0x24c/0x2d0
[   34.362129]  ret_from_fork+0x10/0x20
[   34.363037] 
[   34.363564] Freed by task 181:
[   34.364290]  kasan_save_stack+0x3c/0x68
[   34.365221]  kasan_save_track+0x20/0x40
[   34.366175]  kasan_save_free_info+0x4c/0x78
[   34.366694]  __kasan_slab_free+0x6c/0x98
[   34.367113]  kfree+0x114/0x3d0
[   34.368232]  kfree_sensitive+0x80/0xb0
[   34.369461]  kmalloc_double_kzfree+0x11c/0x308
[   34.371237]  kunit_try_run_case+0x14c/0x3d0
[   34.372617]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.373983]  kthread+0x24c/0x2d0
[   34.374886]  ret_from_fork+0x10/0x20
[   34.375820] 
[   34.376297] The buggy address belongs to the object at fff00000c6105320
[   34.376297]  which belongs to the cache kmalloc-16 of size 16
[   34.378937] The buggy address is located 0 bytes inside of
[   34.378937]  16-byte region [fff00000c6105320, fff00000c6105330)
[   34.381295] 
[   34.382139] The buggy address belongs to the physical page:
[   34.383770] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106105
[   34.385882] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   34.387193] page_type: f5(slab)
[   34.387963] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   34.390378] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000
[   34.391339] page dumped because: kasan: bad access detected
[   34.393083] 
[   34.393628] Memory state around the buggy address:
[   34.394255]  fff00000c6105200: 00 06 fc fc 00 06 fc fc 00 00 fc fc fa fb fc fc
[   34.395285]  fff00000c6105280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   34.397414] >fff00000c6105300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   34.398717]                                ^
[   34.399409]  fff00000c6105380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.400378]  fff00000c6105400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.401342] ==================================================================
Metadata Full log Test run details 

[   25.682454] ==================================================================
[   25.683753] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90
[   25.684226] Free of addr ffff8881028346c0 by task kunit_try_catch/200
[   25.685367] 
[   25.685545] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   25.687164] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.687510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.688112] Call Trace:
[   25.688485]  <TASK>
[   25.688743]  dump_stack_lvl+0x73/0xb0
[   25.689049]  print_report+0xd1/0x640
[   25.689275]  ? __virt_addr_valid+0x1db/0x2d0
[   25.690559]  ? kfree_sensitive+0x2e/0x90
[   25.691179]  ? kasan_complete_mode_report_info+0x64/0x200
[   25.691743]  ? kfree_sensitive+0x2e/0x90
[   25.692178]  kasan_report_invalid_free+0xc0/0xf0
[   25.692688]  ? kfree_sensitive+0x2e/0x90
[   25.693660]  ? kfree_sensitive+0x2e/0x90
[   25.694352]  check_slab_allocation+0x101/0x130
[   25.694752]  __kasan_slab_pre_free+0x28/0x40
[   25.695416]  kfree+0xf1/0x3f0
[   25.695765]  ? kfree_sensitive+0x2e/0x90
[   25.696358]  kfree_sensitive+0x2e/0x90
[   25.696923]  kmalloc_double_kzfree+0x19d/0x360
[   25.697288]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   25.697975]  ? __schedule+0xc3e/0x2790
[   25.698423]  ? __pfx_read_tsc+0x10/0x10
[   25.698869]  ? ktime_get_ts64+0x84/0x230
[   25.699463]  kunit_try_run_case+0x1b3/0x490
[   25.700261]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.700952]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.701472]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.702518]  ? __kthread_parkme+0x82/0x160
[   25.703007]  ? preempt_count_sub+0x50/0x80
[   25.703296]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.703917]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.705282]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.705656]  kthread+0x257/0x310
[   25.706180]  ? __pfx_kthread+0x10/0x10
[   25.706610]  ret_from_fork+0x41/0x80
[   25.707209]  ? __pfx_kthread+0x10/0x10
[   25.707511]  ret_from_fork_asm+0x1a/0x30
[   25.708489]  </TASK>
[   25.708804] 
[   25.709061] Allocated by task 200:
[   25.709296]  kasan_save_stack+0x3d/0x60
[   25.709561]  kasan_save_track+0x18/0x40
[   25.710231]  kasan_save_alloc_info+0x3b/0x50
[   25.710890]  __kasan_kmalloc+0xb7/0xc0
[   25.711296]  __kmalloc_cache_noprof+0x184/0x410
[   25.711813]  kmalloc_double_kzfree+0xaa/0x360
[   25.712155]  kunit_try_run_case+0x1b3/0x490
[   25.713455]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.714248]  kthread+0x257/0x310
[   25.714495]  ret_from_fork+0x41/0x80
[   25.714847]  ret_from_fork_asm+0x1a/0x30
[   25.715467] 
[   25.715725] Freed by task 200:
[   25.716269]  kasan_save_stack+0x3d/0x60
[   25.716651]  kasan_save_track+0x18/0x40
[   25.717016]  kasan_save_free_info+0x3f/0x60
[   25.717348]  __kasan_slab_free+0x56/0x70
[   25.718385]  kfree+0x123/0x3f0
[   25.718742]  kfree_sensitive+0x67/0x90
[   25.719164]  kmalloc_double_kzfree+0x12c/0x360
[   25.720009]  kunit_try_run_case+0x1b3/0x490
[   25.720523]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.721401]  kthread+0x257/0x310
[   25.721685]  ret_from_fork+0x41/0x80
[   25.722126]  ret_from_fork_asm+0x1a/0x30
[   25.722608] 
[   25.722849] The buggy address belongs to the object at ffff8881028346c0
[   25.722849]  which belongs to the cache kmalloc-16 of size 16
[   25.724159] The buggy address is located 0 bytes inside of
[   25.724159]  16-byte region [ffff8881028346c0, ffff8881028346d0)
[   25.725243] 
[   25.725669] The buggy address belongs to the physical page:
[   25.726714] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102834
[   25.728493] flags: 0x200000000000000(node=0|zone=2)
[   25.729723] page_type: f5(slab)
[   25.730139] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   25.730798] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000
[   25.731314] page dumped because: kasan: bad access detected
[   25.731778] 
[   25.731986] Memory state around the buggy address:
[   25.732425]  ffff888102834580: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc
[   25.733302]  ffff888102834600: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc
[   25.734086] >ffff888102834680: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc
[   25.734585]                                            ^
[   25.734942]  ffff888102834700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.735681]  ffff888102834780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.736216] ==================================================================
Metadata Full log Test run details