Date
June 18, 2025, 6:43 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.303968] ================================================================== [ 21.304178] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 21.304314] Free of addr fff00000c6058180 by task kunit_try_catch/202 [ 21.304408] [ 21.304487] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 21.304726] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.304802] Hardware name: linux,dummy-virt (DT) [ 21.304886] Call trace: [ 21.305149] show_stack+0x20/0x38 (C) [ 21.305279] dump_stack_lvl+0x8c/0xd0 [ 21.305734] print_report+0x118/0x608 [ 21.305867] kasan_report_invalid_free+0xc0/0xe8 [ 21.306013] check_slab_allocation+0xd4/0x108 [ 21.306250] __kasan_slab_pre_free+0x2c/0x48 [ 21.306399] kfree+0xe8/0x3c8 [ 21.306602] kfree_sensitive+0x3c/0xb0 [ 21.306918] kmalloc_double_kzfree+0x168/0x308 [ 21.307060] kunit_try_run_case+0x170/0x3f0 [ 21.307176] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.307420] kthread+0x328/0x630 [ 21.307632] ret_from_fork+0x10/0x20 [ 21.307972] [ 21.308031] Allocated by task 202: [ 21.308171] kasan_save_stack+0x3c/0x68 [ 21.308381] kasan_save_track+0x20/0x40 [ 21.308748] kasan_save_alloc_info+0x40/0x58 [ 21.308915] __kasan_kmalloc+0xd4/0xd8 [ 21.309003] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.309172] kmalloc_double_kzfree+0xb8/0x308 [ 21.309271] kunit_try_run_case+0x170/0x3f0 [ 21.309370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.309476] kthread+0x328/0x630 [ 21.309561] ret_from_fork+0x10/0x20 [ 21.309647] [ 21.309700] Freed by task 202: [ 21.309767] kasan_save_stack+0x3c/0x68 [ 21.309862] kasan_save_track+0x20/0x40 [ 21.310150] kasan_save_free_info+0x4c/0x78 [ 21.310323] __kasan_slab_free+0x6c/0x98 [ 21.310579] kfree+0x214/0x3c8 [ 21.310726] kfree_sensitive+0x80/0xb0 [ 21.310986] kmalloc_double_kzfree+0x11c/0x308 [ 21.311348] kunit_try_run_case+0x170/0x3f0 [ 21.311454] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.311583] kthread+0x328/0x630 [ 21.311660] ret_from_fork+0x10/0x20 [ 21.311895] [ 21.311979] The buggy address belongs to the object at fff00000c6058180 [ 21.311979] which belongs to the cache kmalloc-16 of size 16 [ 21.312160] The buggy address is located 0 bytes inside of [ 21.312160] 16-byte region [fff00000c6058180, fff00000c6058190) [ 21.312316] [ 21.312375] The buggy address belongs to the physical page: [ 21.312454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106058 [ 21.312604] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.313065] page_type: f5(slab) [ 21.313172] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 21.313697] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.313813] page dumped because: kasan: bad access detected [ 21.314136] [ 21.314212] Memory state around the buggy address: [ 21.314460] fff00000c6058080: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 21.314738] fff00000c6058100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.314912] >fff00000c6058180: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.314996] ^ [ 21.315298] fff00000c6058200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.315468] fff00000c6058280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.315623] ==================================================================
[ 11.495306] ================================================================== [ 11.496124] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.496665] Free of addr ffff8881028596a0 by task kunit_try_catch/218 [ 11.497254] [ 11.497374] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.497585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.497602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.497624] Call Trace: [ 11.497641] <TASK> [ 11.497657] dump_stack_lvl+0x73/0xb0 [ 11.497686] print_report+0xd1/0x650 [ 11.497706] ? __virt_addr_valid+0x1db/0x2d0 [ 11.497730] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.497757] ? kfree_sensitive+0x2e/0x90 [ 11.497777] kasan_report_invalid_free+0x10a/0x130 [ 11.497800] ? kfree_sensitive+0x2e/0x90 [ 11.497820] ? kfree_sensitive+0x2e/0x90 [ 11.497838] check_slab_allocation+0x101/0x130 [ 11.497859] __kasan_slab_pre_free+0x28/0x40 [ 11.497878] kfree+0xf0/0x3f0 [ 11.497898] ? kfree_sensitive+0x2e/0x90 [ 11.497919] kfree_sensitive+0x2e/0x90 [ 11.497937] kmalloc_double_kzfree+0x19c/0x350 [ 11.497958] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.497981] ? __schedule+0x10cc/0x2b60 [ 11.498002] ? __pfx_read_tsc+0x10/0x10 [ 11.498022] ? ktime_get_ts64+0x86/0x230 [ 11.498047] kunit_try_run_case+0x1a5/0x480 [ 11.498070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.498090] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.498111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.498132] ? __kthread_parkme+0x82/0x180 [ 11.498151] ? preempt_count_sub+0x50/0x80 [ 11.498174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.498196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.498228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.498250] kthread+0x337/0x6f0 [ 11.498268] ? trace_preempt_on+0x20/0xc0 [ 11.498290] ? __pfx_kthread+0x10/0x10 [ 11.498309] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.498328] ? calculate_sigpending+0x7b/0xa0 [ 11.498351] ? __pfx_kthread+0x10/0x10 [ 11.498371] ret_from_fork+0x116/0x1d0 [ 11.498388] ? __pfx_kthread+0x10/0x10 [ 11.498407] ret_from_fork_asm+0x1a/0x30 [ 11.498484] </TASK> [ 11.498496] [ 11.510560] Allocated by task 218: [ 11.510833] kasan_save_stack+0x45/0x70 [ 11.511123] kasan_save_track+0x18/0x40 [ 11.511655] kasan_save_alloc_info+0x3b/0x50 [ 11.511874] __kasan_kmalloc+0xb7/0xc0 [ 11.512348] __kmalloc_cache_noprof+0x189/0x420 [ 11.512750] kmalloc_double_kzfree+0xa9/0x350 [ 11.513042] kunit_try_run_case+0x1a5/0x480 [ 11.513405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.513810] kthread+0x337/0x6f0 [ 11.514085] ret_from_fork+0x116/0x1d0 [ 11.514613] ret_from_fork_asm+0x1a/0x30 [ 11.514805] [ 11.514883] Freed by task 218: [ 11.515166] kasan_save_stack+0x45/0x70 [ 11.515381] kasan_save_track+0x18/0x40 [ 11.515892] kasan_save_free_info+0x3f/0x60 [ 11.516104] __kasan_slab_free+0x56/0x70 [ 11.516438] kfree+0x222/0x3f0 [ 11.516916] kfree_sensitive+0x67/0x90 [ 11.517478] kmalloc_double_kzfree+0x12b/0x350 [ 11.518015] kunit_try_run_case+0x1a5/0x480 [ 11.518243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.518488] kthread+0x337/0x6f0 [ 11.518639] ret_from_fork+0x116/0x1d0 [ 11.518807] ret_from_fork_asm+0x1a/0x30 [ 11.518978] [ 11.519050] The buggy address belongs to the object at ffff8881028596a0 [ 11.519050] which belongs to the cache kmalloc-16 of size 16 [ 11.519512] The buggy address is located 0 bytes inside of [ 11.519512] 16-byte region [ffff8881028596a0, ffff8881028596b0) [ 11.519971] [ 11.520044] The buggy address belongs to the physical page: [ 11.520583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 11.520941] flags: 0x200000000000000(node=0|zone=2) [ 11.521101] page_type: f5(slab) [ 11.521245] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 11.521544] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.521768] page dumped because: kasan: bad access detected [ 11.522095] [ 11.522249] Memory state around the buggy address: [ 11.522415] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.522810] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.523116] >ffff888102859680: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.523524] ^ [ 11.523667] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.523914] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.524282] ==================================================================