Date
June 19, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.820736] ================================================================== [ 30.821580] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 30.822255] Free of addr fff00000c4726d20 by task kunit_try_catch/203 [ 30.822694] [ 30.823483] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 30.824959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.825148] Hardware name: linux,dummy-virt (DT) [ 30.825313] Call trace: [ 30.825377] show_stack+0x20/0x38 (C) [ 30.826022] dump_stack_lvl+0x8c/0xd0 [ 30.826514] print_report+0x118/0x608 [ 30.826884] kasan_report_invalid_free+0xc0/0xe8 [ 30.827034] check_slab_allocation+0xd4/0x108 [ 30.827142] __kasan_slab_pre_free+0x2c/0x48 [ 30.827255] kfree+0xe8/0x3c8 [ 30.827453] kfree_sensitive+0x3c/0xb0 [ 30.827736] kmalloc_double_kzfree+0x168/0x308 [ 30.828010] kunit_try_run_case+0x170/0x3f0 [ 30.828287] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.828758] kthread+0x328/0x630 [ 30.828858] ret_from_fork+0x10/0x20 [ 30.829083] [ 30.829134] Allocated by task 203: [ 30.829329] kasan_save_stack+0x3c/0x68 [ 30.829564] kasan_save_track+0x20/0x40 [ 30.829919] kasan_save_alloc_info+0x40/0x58 [ 30.830161] __kasan_kmalloc+0xd4/0xd8 [ 30.830416] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.830566] kmalloc_double_kzfree+0xb8/0x308 [ 30.830796] kunit_try_run_case+0x170/0x3f0 [ 30.831077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.831241] kthread+0x328/0x630 [ 30.831324] ret_from_fork+0x10/0x20 [ 30.831414] [ 30.831469] Freed by task 203: [ 30.831540] kasan_save_stack+0x3c/0x68 [ 30.831638] kasan_save_track+0x20/0x40 [ 30.831731] kasan_save_free_info+0x4c/0x78 [ 30.831830] __kasan_slab_free+0x6c/0x98 [ 30.831936] kfree+0x214/0x3c8 [ 30.832474] kfree_sensitive+0x80/0xb0 [ 30.832606] kmalloc_double_kzfree+0x11c/0x308 [ 30.832990] kunit_try_run_case+0x170/0x3f0 [ 30.833236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.833536] kthread+0x328/0x630 [ 30.833623] ret_from_fork+0x10/0x20 [ 30.833833] [ 30.834128] The buggy address belongs to the object at fff00000c4726d20 [ 30.834128] which belongs to the cache kmalloc-16 of size 16 [ 30.834275] The buggy address is located 0 bytes inside of [ 30.834275] 16-byte region [fff00000c4726d20, fff00000c4726d30) [ 30.834430] [ 30.834477] The buggy address belongs to the physical page: [ 30.834541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104726 [ 30.834642] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.834756] page_type: f5(slab) [ 30.835003] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 30.835433] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 30.835806] page dumped because: kasan: bad access detected [ 30.836070] [ 30.836202] Memory state around the buggy address: [ 30.836508] fff00000c4726c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.836868] fff00000c4726c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.837141] >fff00000c4726d00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 30.837255] ^ [ 30.837346] fff00000c4726d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.837508] fff00000c4726e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.837654] ==================================================================
[ 27.372744] ================================================================== [ 27.373429] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 27.373945] Free of addr ffff8881022a26c0 by task kunit_try_catch/221 [ 27.375673] [ 27.376216] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.376346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.376376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.376416] Call Trace: [ 27.376459] <TASK> [ 27.376500] dump_stack_lvl+0x73/0xb0 [ 27.376590] print_report+0xd1/0x650 [ 27.376659] ? __virt_addr_valid+0x1db/0x2d0 [ 27.376707] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.376757] ? kfree_sensitive+0x2e/0x90 [ 27.376801] kasan_report_invalid_free+0x10a/0x130 [ 27.376852] ? kfree_sensitive+0x2e/0x90 [ 27.376895] ? kfree_sensitive+0x2e/0x90 [ 27.376976] check_slab_allocation+0x101/0x130 [ 27.377023] __kasan_slab_pre_free+0x28/0x40 [ 27.377068] kfree+0xf0/0x3f0 [ 27.377170] ? kfree_sensitive+0x2e/0x90 [ 27.377235] kfree_sensitive+0x2e/0x90 [ 27.377281] kmalloc_double_kzfree+0x19c/0x350 [ 27.377334] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 27.377387] ? __schedule+0x10cc/0x2b60 [ 27.377438] ? __pfx_read_tsc+0x10/0x10 [ 27.377485] ? ktime_get_ts64+0x86/0x230 [ 27.377542] kunit_try_run_case+0x1a5/0x480 [ 27.377591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.377635] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.377714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.377802] ? __kthread_parkme+0x82/0x180 [ 27.377848] ? preempt_count_sub+0x50/0x80 [ 27.377946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.377991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.378038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.378083] kthread+0x337/0x6f0 [ 27.378137] ? trace_preempt_on+0x20/0xc0 [ 27.378174] ? __pfx_kthread+0x10/0x10 [ 27.378197] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.378220] ? calculate_sigpending+0x7b/0xa0 [ 27.378245] ? __pfx_kthread+0x10/0x10 [ 27.378268] ret_from_fork+0x116/0x1d0 [ 27.378289] ? __pfx_kthread+0x10/0x10 [ 27.378310] ret_from_fork_asm+0x1a/0x30 [ 27.378342] </TASK> [ 27.378355] [ 27.389019] Allocated by task 221: [ 27.389426] kasan_save_stack+0x45/0x70 [ 27.389797] kasan_save_track+0x18/0x40 [ 27.390198] kasan_save_alloc_info+0x3b/0x50 [ 27.390523] __kasan_kmalloc+0xb7/0xc0 [ 27.390851] __kmalloc_cache_noprof+0x189/0x420 [ 27.391245] kmalloc_double_kzfree+0xa9/0x350 [ 27.391596] kunit_try_run_case+0x1a5/0x480 [ 27.392040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.392551] kthread+0x337/0x6f0 [ 27.392745] ret_from_fork+0x116/0x1d0 [ 27.393025] ret_from_fork_asm+0x1a/0x30 [ 27.393383] [ 27.393606] Freed by task 221: [ 27.393783] kasan_save_stack+0x45/0x70 [ 27.394029] kasan_save_track+0x18/0x40 [ 27.394249] kasan_save_free_info+0x3f/0x60 [ 27.394469] __kasan_slab_free+0x56/0x70 [ 27.394677] kfree+0x222/0x3f0 [ 27.394830] kfree_sensitive+0x67/0x90 [ 27.395060] kmalloc_double_kzfree+0x12b/0x350 [ 27.395455] kunit_try_run_case+0x1a5/0x480 [ 27.395831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.396286] kthread+0x337/0x6f0 [ 27.396576] ret_from_fork+0x116/0x1d0 [ 27.396932] ret_from_fork_asm+0x1a/0x30 [ 27.397284] [ 27.397427] The buggy address belongs to the object at ffff8881022a26c0 [ 27.397427] which belongs to the cache kmalloc-16 of size 16 [ 27.398184] The buggy address is located 0 bytes inside of [ 27.398184] 16-byte region [ffff8881022a26c0, ffff8881022a26d0) [ 27.398697] [ 27.398959] The buggy address belongs to the physical page: [ 27.399441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2 [ 27.400160] flags: 0x200000000000000(node=0|zone=2) [ 27.400551] page_type: f5(slab) [ 27.400841] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.401423] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.401732] page dumped because: kasan: bad access detected [ 27.402050] [ 27.402231] Memory state around the buggy address: [ 27.402627] ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.403243] ffff8881022a2600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.403636] >ffff8881022a2680: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 27.404248] ^ [ 27.404678] ffff8881022a2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.405115] ffff8881022a2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.405668] ==================================================================