Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.845839] ================================================================== [ 31.846679] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 31.847474] Free of addr fff00000c599a880 by task kunit_try_catch/181 [ 31.848036] [ 31.849448] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 31.850512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.851015] Hardware name: linux,dummy-virt (DT) [ 31.851698] Call trace: [ 31.852212] show_stack+0x20/0x38 (C) [ 31.853127] dump_stack_lvl+0x8c/0xd0 [ 31.853745] print_report+0x118/0x5e0 [ 31.854381] kasan_report_invalid_free+0xb0/0xd8 [ 31.855020] check_slab_allocation+0xd4/0x108 [ 31.855741] __kasan_slab_pre_free+0x2c/0x48 [ 31.856331] kfree+0xe8/0x3d0 [ 31.856949] kfree_sensitive+0x3c/0xb0 [ 31.857499] kmalloc_double_kzfree+0x168/0x308 [ 31.858160] kunit_try_run_case+0x14c/0x3d0 [ 31.858705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.859764] kthread+0x24c/0x2d0 [ 31.860328] ret_from_fork+0x10/0x20 [ 31.861249] [ 31.861569] Allocated by task 181: [ 31.862135] kasan_save_stack+0x3c/0x68 [ 31.862774] kasan_save_track+0x20/0x40 [ 31.863275] kasan_save_alloc_info+0x40/0x58 [ 31.863944] __kasan_kmalloc+0xd4/0xd8 [ 31.864828] __kmalloc_cache_noprof+0x15c/0x3c8 [ 31.865451] kmalloc_double_kzfree+0xb8/0x308 [ 31.866065] kunit_try_run_case+0x14c/0x3d0 [ 31.866586] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.867359] kthread+0x24c/0x2d0 [ 31.867927] ret_from_fork+0x10/0x20 [ 31.868897] [ 31.869176] Freed by task 181: [ 31.869524] kasan_save_stack+0x3c/0x68 [ 31.870345] kasan_save_track+0x20/0x40 [ 31.870999] kasan_save_free_info+0x4c/0x78 [ 31.871568] __kasan_slab_free+0x6c/0x98 [ 31.872158] kfree+0x114/0x3d0 [ 31.872745] kfree_sensitive+0x80/0xb0 [ 31.873399] kmalloc_double_kzfree+0x11c/0x308 [ 31.874115] kunit_try_run_case+0x14c/0x3d0 [ 31.874811] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.875509] kthread+0x24c/0x2d0 [ 31.875999] ret_from_fork+0x10/0x20 [ 31.876588] [ 31.876895] The buggy address belongs to the object at fff00000c599a880 [ 31.876895] which belongs to the cache kmalloc-16 of size 16 [ 31.878365] The buggy address is located 0 bytes inside of [ 31.878365] 16-byte region [fff00000c599a880, fff00000c599a890) [ 31.879528] [ 31.879890] The buggy address belongs to the physical page: [ 31.880839] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10599a [ 31.881831] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.882590] page_type: f5(slab) [ 31.883168] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 31.884043] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 31.885226] page dumped because: kasan: bad access detected [ 31.885874] [ 31.886248] Memory state around the buggy address: [ 31.886754] fff00000c599a780: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 31.887667] fff00000c599a800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.888721] >fff00000c599a880: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.889460] ^ [ 31.890008] fff00000c599a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.890785] fff00000c599a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.892171] ==================================================================
[ 31.823122] ================================================================== [ 31.824008] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 31.824870] Free of addr fff00000c56f3820 by task kunit_try_catch/181 [ 31.825476] [ 31.827015] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 31.828242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.829045] Hardware name: linux,dummy-virt (DT) [ 31.830089] Call trace: [ 31.830544] show_stack+0x20/0x38 (C) [ 31.831208] dump_stack_lvl+0x8c/0xd0 [ 31.831869] print_report+0x118/0x5e0 [ 31.832418] kasan_report_invalid_free+0xb0/0xd8 [ 31.833164] check_slab_allocation+0xd4/0x108 [ 31.833832] __kasan_slab_pre_free+0x2c/0x48 [ 31.834421] kfree+0xe8/0x3d0 [ 31.835722] kfree_sensitive+0x3c/0xb0 [ 31.836355] kmalloc_double_kzfree+0x168/0x308 [ 31.837061] kunit_try_run_case+0x14c/0x3d0 [ 31.838199] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.839013] kthread+0x24c/0x2d0 [ 31.839627] ret_from_fork+0x10/0x20 [ 31.840191] [ 31.840582] Allocated by task 181: [ 31.841064] kasan_save_stack+0x3c/0x68 [ 31.841642] kasan_save_track+0x20/0x40 [ 31.842745] kasan_save_alloc_info+0x40/0x58 [ 31.843434] __kasan_kmalloc+0xd4/0xd8 [ 31.843915] __kmalloc_cache_noprof+0x15c/0x3c8 [ 31.844628] kmalloc_double_kzfree+0xb8/0x308 [ 31.845229] kunit_try_run_case+0x14c/0x3d0 [ 31.845982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.846694] kthread+0x24c/0x2d0 [ 31.847606] ret_from_fork+0x10/0x20 [ 31.848219] [ 31.848611] Freed by task 181: [ 31.849120] kasan_save_stack+0x3c/0x68 [ 31.850034] kasan_save_track+0x20/0x40 [ 31.850689] kasan_save_free_info+0x4c/0x78 [ 31.851356] __kasan_slab_free+0x6c/0x98 [ 31.852740] kfree+0x114/0x3d0 [ 31.853432] kfree_sensitive+0x80/0xb0 [ 31.854460] kmalloc_double_kzfree+0x11c/0x308 [ 31.855329] kunit_try_run_case+0x14c/0x3d0 [ 31.856154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.856915] kthread+0x24c/0x2d0 [ 31.857172] ret_from_fork+0x10/0x20 [ 31.857413] [ 31.857628] The buggy address belongs to the object at fff00000c56f3820 [ 31.857628] which belongs to the cache kmalloc-16 of size 16 [ 31.860111] The buggy address is located 0 bytes inside of [ 31.860111] 16-byte region [fff00000c56f3820, fff00000c56f3830) [ 31.861355] [ 31.861788] The buggy address belongs to the physical page: [ 31.862800] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f3 [ 31.863703] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.864372] page_type: f5(slab) [ 31.865115] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 31.866957] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 31.867771] page dumped because: kasan: bad access detected [ 31.868394] [ 31.868791] Memory state around the buggy address: [ 31.869480] fff00000c56f3700: fa fb fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 31.870326] fff00000c56f3780: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 31.871176] >fff00000c56f3800: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 31.872513] ^ [ 31.873107] fff00000c56f3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.874775] fff00000c56f3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.875581] ==================================================================
[ 25.982964] ================================================================== [ 25.983493] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 25.983505] Free of addr ffff888101a468e0 by task kunit_try_catch/201 [ 25.983505] [ 25.983505] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 25.983505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.983505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.983505] Call Trace: [ 25.983505] <TASK> [ 25.983505] dump_stack_lvl+0x73/0xb0 [ 25.983505] print_report+0xd1/0x640 [ 25.983505] ? __virt_addr_valid+0x1db/0x2d0 [ 25.983505] ? kfree_sensitive+0x2e/0x90 [ 25.983505] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.983505] ? kfree_sensitive+0x2e/0x90 [ 25.983505] kasan_report_invalid_free+0xc0/0xf0 [ 25.983505] ? kfree_sensitive+0x2e/0x90 [ 25.983505] ? kfree_sensitive+0x2e/0x90 [ 25.983505] check_slab_allocation+0x101/0x130 [ 25.983505] __kasan_slab_pre_free+0x28/0x40 [ 25.983505] kfree+0xf1/0x3f0 [ 25.983505] ? kfree_sensitive+0x2e/0x90 [ 25.983505] kfree_sensitive+0x2e/0x90 [ 25.983505] kmalloc_double_kzfree+0x19d/0x360 [ 25.983505] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.983505] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.983505] kunit_try_run_case+0x1b3/0x490 [ 25.983505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.983505] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.983505] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.983505] ? __kthread_parkme+0x82/0x160 [ 25.983505] ? preempt_count_sub+0x50/0x80 [ 25.983505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.983505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.983505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.983505] kthread+0x257/0x310 [ 25.983505] ? __pfx_kthread+0x10/0x10 [ 25.983505] ret_from_fork+0x41/0x80 [ 25.983505] ? __pfx_kthread+0x10/0x10 [ 25.983505] ret_from_fork_asm+0x1a/0x30 [ 25.983505] </TASK> [ 25.983505] [ 25.983505] Allocated by task 201: [ 25.983505] kasan_save_stack+0x3d/0x60 [ 25.983505] kasan_save_track+0x18/0x40 [ 25.983505] kasan_save_alloc_info+0x3b/0x50 [ 25.983505] __kasan_kmalloc+0xb7/0xc0 [ 25.983505] __kmalloc_cache_noprof+0x184/0x410 [ 25.983505] kmalloc_double_kzfree+0xaa/0x360 [ 25.983505] kunit_try_run_case+0x1b3/0x490 [ 25.983505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.983505] kthread+0x257/0x310 [ 25.983505] ret_from_fork+0x41/0x80 [ 25.983505] ret_from_fork_asm+0x1a/0x30 [ 25.983505] [ 25.983505] Freed by task 201: [ 25.983505] kasan_save_stack+0x3d/0x60 [ 25.983505] kasan_save_track+0x18/0x40 [ 25.983505] kasan_save_free_info+0x3f/0x60 [ 25.983505] __kasan_slab_free+0x56/0x70 [ 25.983505] kfree+0x123/0x3f0 [ 25.983505] kfree_sensitive+0x67/0x90 [ 25.983505] kmalloc_double_kzfree+0x12c/0x360 [ 25.983505] kunit_try_run_case+0x1b3/0x490 [ 25.983505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.983505] kthread+0x257/0x310 [ 25.983505] ret_from_fork+0x41/0x80 [ 25.983505] ret_from_fork_asm+0x1a/0x30 [ 25.983505] [ 25.983505] The buggy address belongs to the object at ffff888101a468e0 [ 25.983505] which belongs to the cache kmalloc-16 of size 16 [ 25.983505] The buggy address is located 0 bytes inside of [ 25.983505] 16-byte region [ffff888101a468e0, ffff888101a468f0) [ 25.983505] [ 25.983505] The buggy address belongs to the physical page: [ 25.983505] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a46 [ 25.983505] flags: 0x200000000000000(node=0|zone=2) [ 25.983505] page_type: f5(slab) [ 25.983505] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.983505] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 25.983505] page dumped because: kasan: bad access detected [ 25.983505] [ 25.983505] Memory state around the buggy address: [ 25.983505] ffff888101a46780: 00 05 fc fc 00 05 fc fc 00 02 fc fc fa fb fc fc [ 25.983505] ffff888101a46800: 00 05 fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.983505] >ffff888101a46880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.983505] ^ [ 25.983505] ffff888101a46900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.983505] ffff888101a46980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.983505] ==================================================================
[ 20.998985] ================================================================== [ 21.000363] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 21.001001] Free of addr ffff8881011ae2e0 by task kunit_try_catch/199 [ 21.001956] [ 21.002527] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 21.003838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.004530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.005347] Call Trace: [ 21.005713] <TASK> [ 21.006212] dump_stack_lvl+0x73/0xb0 [ 21.007227] print_report+0xd1/0x640 [ 21.007590] ? __virt_addr_valid+0x1db/0x2d0 [ 21.008284] ? kfree_sensitive+0x2e/0x90 [ 21.009082] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.009933] ? kfree_sensitive+0x2e/0x90 [ 21.010654] kasan_report_invalid_free+0xc0/0xf0 [ 21.011374] ? kfree_sensitive+0x2e/0x90 [ 21.012265] ? kfree_sensitive+0x2e/0x90 [ 21.012719] check_slab_allocation+0x101/0x130 [ 21.012996] __kasan_slab_pre_free+0x28/0x40 [ 21.013862] kfree+0xf1/0x3f0 [ 21.014863] ? kfree_sensitive+0x2e/0x90 [ 21.015572] kfree_sensitive+0x2e/0x90 [ 21.016031] kmalloc_double_kzfree+0x19d/0x360 [ 21.016425] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 21.017067] ? __schedule+0xc3e/0x2790 [ 21.017965] ? __pfx_read_tsc+0x10/0x10 [ 21.019014] ? ktime_get_ts64+0x84/0x230 [ 21.019451] kunit_try_run_case+0x1b3/0x490 [ 21.020126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.020831] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.021594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.022388] ? __kthread_parkme+0x82/0x160 [ 21.023002] ? preempt_count_sub+0x50/0x80 [ 21.023369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.024203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.025117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.025920] kthread+0x257/0x310 [ 21.026354] ? __pfx_kthread+0x10/0x10 [ 21.026860] ret_from_fork+0x41/0x80 [ 21.027262] ? __pfx_kthread+0x10/0x10 [ 21.027933] ret_from_fork_asm+0x1a/0x30 [ 21.028339] </TASK> [ 21.028675] [ 21.028896] Allocated by task 199: [ 21.029254] kasan_save_stack+0x3d/0x60 [ 21.029586] kasan_save_track+0x18/0x40 [ 21.030580] kasan_save_alloc_info+0x3b/0x50 [ 21.031433] __kasan_kmalloc+0xb7/0xc0 [ 21.031908] __kmalloc_cache_noprof+0x184/0x410 [ 21.032447] kmalloc_double_kzfree+0xaa/0x360 [ 21.033465] kunit_try_run_case+0x1b3/0x490 [ 21.034262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.034809] kthread+0x257/0x310 [ 21.035240] ret_from_fork+0x41/0x80 [ 21.035768] ret_from_fork_asm+0x1a/0x30 [ 21.036196] [ 21.036440] Freed by task 199: [ 21.036828] kasan_save_stack+0x3d/0x60 [ 21.037364] kasan_save_track+0x18/0x40 [ 21.037700] kasan_save_free_info+0x3f/0x60 [ 21.038132] __kasan_slab_free+0x56/0x70 [ 21.038715] kfree+0x123/0x3f0 [ 21.038934] kfree_sensitive+0x67/0x90 [ 21.039422] kmalloc_double_kzfree+0x12c/0x360 [ 21.039967] kunit_try_run_case+0x1b3/0x490 [ 21.040421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.041143] kthread+0x257/0x310 [ 21.041407] ret_from_fork+0x41/0x80 [ 21.041983] ret_from_fork_asm+0x1a/0x30 [ 21.042402] [ 21.042672] The buggy address belongs to the object at ffff8881011ae2e0 [ 21.042672] which belongs to the cache kmalloc-16 of size 16 [ 21.043682] The buggy address is located 0 bytes inside of [ 21.043682] 16-byte region [ffff8881011ae2e0, ffff8881011ae2f0) [ 21.044743] [ 21.045025] The buggy address belongs to the physical page: [ 21.045426] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1011ae [ 21.046124] flags: 0x200000000000000(node=0|zone=2) [ 21.046758] page_type: f5(slab) [ 21.047000] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 21.047349] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 21.048022] page dumped because: kasan: bad access detected [ 21.048646] [ 21.048909] Memory state around the buggy address: [ 21.049439] ffff8881011ae180: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 21.049990] ffff8881011ae200: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 05 fc fc [ 21.050379] >ffff8881011ae280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.050900] ^ [ 21.051651] ffff8881011ae300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.053184] ffff8881011ae380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.054867] ==================================================================