Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 |
[ 30.381406] ================================================================== [ 30.388420] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 30.394405] Free of addr ffff000801dde600 by task kunit_try_catch/237 [ 30.400828] [ 30.402315] CPU: 3 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 30.402373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.402390] Hardware name: WinLink E850-96 board (DT) [ 30.402410] Call trace: [ 30.402423] show_stack+0x20/0x38 (C) [ 30.402458] dump_stack_lvl+0x8c/0xd0 [ 30.402489] print_report+0x118/0x608 [ 30.402520] kasan_report_invalid_free+0xc0/0xe8 [ 30.402553] check_slab_allocation+0xd4/0x108 [ 30.402583] __kasan_slab_pre_free+0x2c/0x48 [ 30.402615] kfree+0xe8/0x3c8 [ 30.402642] kfree_sensitive+0x3c/0xb0 [ 30.402671] kmalloc_double_kzfree+0x168/0x308 [ 30.402704] kunit_try_run_case+0x170/0x3f0 [ 30.402737] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.402772] kthread+0x328/0x630 [ 30.402803] ret_from_fork+0x10/0x20 [ 30.402836] [ 30.478172] Allocated by task 237: [ 30.481558] kasan_save_stack+0x3c/0x68 [ 30.485376] kasan_save_track+0x20/0x40 [ 30.489195] kasan_save_alloc_info+0x40/0x58 [ 30.493449] __kasan_kmalloc+0xd4/0xd8 [ 30.497181] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.501695] kmalloc_double_kzfree+0xb8/0x308 [ 30.506035] kunit_try_run_case+0x170/0x3f0 [ 30.510202] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.515671] kthread+0x328/0x630 [ 30.518882] ret_from_fork+0x10/0x20 [ 30.522441] [ 30.523917] Freed by task 237: [ 30.526956] kasan_save_stack+0x3c/0x68 [ 30.530775] kasan_save_track+0x20/0x40 [ 30.534594] kasan_save_free_info+0x4c/0x78 [ 30.538760] __kasan_slab_free+0x6c/0x98 [ 30.542668] kfree+0x214/0x3c8 [ 30.545705] kfree_sensitive+0x80/0xb0 [ 30.549437] kmalloc_double_kzfree+0x11c/0x308 [ 30.553864] kunit_try_run_case+0x170/0x3f0 [ 30.558031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.563500] kthread+0x328/0x630 [ 30.566712] ret_from_fork+0x10/0x20 [ 30.570271] [ 30.571748] The buggy address belongs to the object at ffff000801dde600 [ 30.571748] which belongs to the cache kmalloc-16 of size 16 [ 30.584075] The buggy address is located 0 bytes inside of [ 30.584075] 16-byte region [ffff000801dde600, ffff000801dde610) [ 30.595530] [ 30.597009] The buggy address belongs to the physical page: [ 30.602565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881dde [ 30.610551] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.617060] page_type: f5(slab) [ 30.620195] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000 [ 30.627915] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 30.635635] page dumped because: kasan: bad access detected [ 30.641189] [ 30.642665] Memory state around the buggy address: [ 30.647446] ffff000801dde500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.654648] ffff000801dde580: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 30.661854] >ffff000801dde600: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.669054] ^ [ 30.672269] ffff000801dde680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.679474] ffff000801dde700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.686677] ==================================================================