Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 40.298266] ================================================================== [ 40.305578] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 40.311670] Free of addr ffff0000946612e0 by task kunit_try_catch/290 [ 40.318195] [ 40.319725] CPU: 5 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.319753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.319761] Hardware name: Thundercomm Dragonboard 845c (DT) [ 40.319771] Call trace: [ 40.319776] show_stack+0x20/0x38 (C) [ 40.319793] dump_stack_lvl+0x8c/0xd0 [ 40.319812] print_report+0x118/0x608 [ 40.319830] kasan_report_invalid_free+0xc0/0xe8 [ 40.319849] check_slab_allocation+0xd4/0x108 [ 40.319867] __kasan_slab_pre_free+0x2c/0x48 [ 40.319885] kfree+0xe8/0x3c8 [ 40.319899] kfree_sensitive+0x3c/0xb0 [ 40.319915] kmalloc_double_kzfree+0x168/0x308 [ 40.319932] kunit_try_run_case+0x170/0x3f0 [ 40.319950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.319970] kthread+0x328/0x630 [ 40.319983] ret_from_fork+0x10/0x20 [ 40.319999] [ 40.397639] Allocated by task 290: [ 40.401089] kasan_save_stack+0x3c/0x68 [ 40.404993] kasan_save_track+0x20/0x40 [ 40.408898] kasan_save_alloc_info+0x40/0x58 [ 40.413230] __kasan_kmalloc+0xd4/0xd8 [ 40.417043] __kmalloc_cache_noprof+0x16c/0x3c0 [ 40.421640] kmalloc_double_kzfree+0xb8/0x308 [ 40.426060] kunit_try_run_case+0x170/0x3f0 [ 40.430306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.435875] kthread+0x328/0x630 [ 40.439158] ret_from_fork+0x10/0x20 [ 40.442790] [ 40.444319] Freed by task 290: [ 40.447421] kasan_save_stack+0x3c/0x68 [ 40.451322] kasan_save_track+0x20/0x40 [ 40.455225] kasan_save_free_info+0x4c/0x78 [ 40.459467] __kasan_slab_free+0x6c/0x98 [ 40.463455] kfree+0x214/0x3c8 [ 40.466567] kfree_sensitive+0x80/0xb0 [ 40.470380] kmalloc_double_kzfree+0x11c/0x308 [ 40.474888] kunit_try_run_case+0x170/0x3f0 [ 40.479134] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.484693] kthread+0x328/0x630 [ 40.487973] ret_from_fork+0x10/0x20 [ 40.491613] [ 40.493135] The buggy address belongs to the object at ffff0000946612e0 [ 40.493135] which belongs to the cache kmalloc-16 of size 16 [ 40.505616] The buggy address is located 0 bytes inside of [ 40.505616] 16-byte region [ffff0000946612e0, ffff0000946612f0) [ 40.517223] [ 40.518747] The buggy address belongs to the physical page: [ 40.524391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114661 [ 40.532498] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 40.539107] page_type: f5(slab) [ 40.542302] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 40.550139] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 40.557968] page dumped because: kasan: bad access detected [ 40.563613] [ 40.565136] Memory state around the buggy address: [ 40.569995] ffff000094661180: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 40.577306] ffff000094661200: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 40.584615] >ffff000094661280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 40.591927] ^ [ 40.598364] ffff000094661300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.605675] ffff000094661380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.612985] ==================================================================
[ 33.307462] ================================================================== [ 33.307594] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 33.307710] Free of addr fff00000c5757320 by task kunit_try_catch/203 [ 33.307813] [ 33.307902] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.308098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.308165] Hardware name: linux,dummy-virt (DT) [ 33.308237] Call trace: [ 33.308286] show_stack+0x20/0x38 (C) [ 33.308399] dump_stack_lvl+0x8c/0xd0 [ 33.308510] print_report+0x118/0x608 [ 33.308616] kasan_report_invalid_free+0xc0/0xe8 [ 33.308734] check_slab_allocation+0xd4/0x108 [ 33.308853] __kasan_slab_pre_free+0x2c/0x48 [ 33.309002] kfree+0xe8/0x3c8 [ 33.309819] kfree_sensitive+0x3c/0xb0 [ 33.310072] kmalloc_double_kzfree+0x168/0x308 [ 33.310253] kunit_try_run_case+0x170/0x3f0 [ 33.310636] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.311001] kthread+0x328/0x630 [ 33.311242] ret_from_fork+0x10/0x20 [ 33.311514] [ 33.311997] Allocated by task 203: [ 33.312090] kasan_save_stack+0x3c/0x68 [ 33.312253] kasan_save_track+0x20/0x40 [ 33.312352] kasan_save_alloc_info+0x40/0x58 [ 33.312862] __kasan_kmalloc+0xd4/0xd8 [ 33.313050] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.313177] kmalloc_double_kzfree+0xb8/0x308 [ 33.313387] kunit_try_run_case+0x170/0x3f0 [ 33.313640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.313848] kthread+0x328/0x630 [ 33.314004] ret_from_fork+0x10/0x20 [ 33.314105] [ 33.314605] Freed by task 203: [ 33.314688] kasan_save_stack+0x3c/0x68 [ 33.314876] kasan_save_track+0x20/0x40 [ 33.315101] kasan_save_free_info+0x4c/0x78 [ 33.315526] __kasan_slab_free+0x6c/0x98 [ 33.315653] kfree+0x214/0x3c8 [ 33.315949] kfree_sensitive+0x80/0xb0 [ 33.316141] kmalloc_double_kzfree+0x11c/0x308 [ 33.316289] kunit_try_run_case+0x170/0x3f0 [ 33.316518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.316738] kthread+0x328/0x630 [ 33.316992] ret_from_fork+0x10/0x20 [ 33.317135] [ 33.317616] The buggy address belongs to the object at fff00000c5757320 [ 33.317616] which belongs to the cache kmalloc-16 of size 16 [ 33.317839] The buggy address is located 0 bytes inside of [ 33.317839] 16-byte region [fff00000c5757320, fff00000c5757330) [ 33.318145] [ 33.318249] The buggy address belongs to the physical page: [ 33.318468] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 33.319149] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.319585] page_type: f5(slab) [ 33.319830] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 33.320073] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 33.320229] page dumped because: kasan: bad access detected [ 33.320792] [ 33.320958] Memory state around the buggy address: [ 33.321126] fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 33.321496] fff00000c5757280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.321853] >fff00000c5757300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 33.322396] ^ [ 33.322516] fff00000c5757380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.323184] fff00000c5757400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.323502] ==================================================================
[ 29.531325] ================================================================== [ 29.531790] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 29.532809] Free of addr ffff8881022bd720 by task kunit_try_catch/222 [ 29.533294] [ 29.533492] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.533618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.533770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.533871] Call Trace: [ 29.533913] <TASK> [ 29.533952] dump_stack_lvl+0x73/0xb0 [ 29.534052] print_report+0xd1/0x650 [ 29.534116] ? __virt_addr_valid+0x1db/0x2d0 [ 29.534240] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.534336] ? kfree_sensitive+0x2e/0x90 [ 29.534399] kasan_report_invalid_free+0x10a/0x130 [ 29.534658] ? kfree_sensitive+0x2e/0x90 [ 29.534730] ? kfree_sensitive+0x2e/0x90 [ 29.534794] check_slab_allocation+0x101/0x130 [ 29.534854] __kasan_slab_pre_free+0x28/0x40 [ 29.534909] kfree+0xf0/0x3f0 [ 29.535165] ? kfree_sensitive+0x2e/0x90 [ 29.535359] kfree_sensitive+0x2e/0x90 [ 29.535437] kmalloc_double_kzfree+0x19c/0x350 [ 29.535502] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 29.535588] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 29.535667] kunit_try_run_case+0x1a5/0x480 [ 29.535706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.535737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.535771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.535803] ? __kthread_parkme+0x82/0x180 [ 29.535841] ? preempt_count_sub+0x50/0x80 [ 29.535871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.535902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.535933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.535963] kthread+0x337/0x6f0 [ 29.535989] ? trace_preempt_on+0x20/0xc0 [ 29.536019] ? __pfx_kthread+0x10/0x10 [ 29.536045] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.536119] ? calculate_sigpending+0x7b/0xa0 [ 29.536175] ? __pfx_kthread+0x10/0x10 [ 29.536224] ret_from_fork+0x116/0x1d0 [ 29.536269] ? __pfx_kthread+0x10/0x10 [ 29.536314] ret_from_fork_asm+0x1a/0x30 [ 29.536380] </TASK> [ 29.536400] [ 29.553319] Allocated by task 222: [ 29.553716] kasan_save_stack+0x45/0x70 [ 29.554007] kasan_save_track+0x18/0x40 [ 29.554288] kasan_save_alloc_info+0x3b/0x50 [ 29.554768] __kasan_kmalloc+0xb7/0xc0 [ 29.555161] __kmalloc_cache_noprof+0x189/0x420 [ 29.555606] kmalloc_double_kzfree+0xa9/0x350 [ 29.555980] kunit_try_run_case+0x1a5/0x480 [ 29.556281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.557057] kthread+0x337/0x6f0 [ 29.557538] ret_from_fork+0x116/0x1d0 [ 29.557963] ret_from_fork_asm+0x1a/0x30 [ 29.558518] [ 29.558757] Freed by task 222: [ 29.558976] kasan_save_stack+0x45/0x70 [ 29.559218] kasan_save_track+0x18/0x40 [ 29.559623] kasan_save_free_info+0x3f/0x60 [ 29.560076] __kasan_slab_free+0x56/0x70 [ 29.560459] kfree+0x222/0x3f0 [ 29.560870] kfree_sensitive+0x67/0x90 [ 29.561251] kmalloc_double_kzfree+0x12b/0x350 [ 29.561693] kunit_try_run_case+0x1a5/0x480 [ 29.561983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.562286] kthread+0x337/0x6f0 [ 29.563178] ret_from_fork+0x116/0x1d0 [ 29.563601] ret_from_fork_asm+0x1a/0x30 [ 29.564023] [ 29.564363] The buggy address belongs to the object at ffff8881022bd720 [ 29.564363] which belongs to the cache kmalloc-16 of size 16 [ 29.565047] The buggy address is located 0 bytes inside of [ 29.565047] 16-byte region [ffff8881022bd720, ffff8881022bd730) [ 29.566180] [ 29.566383] The buggy address belongs to the physical page: [ 29.567276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022bd [ 29.567681] flags: 0x200000000000000(node=0|zone=2) [ 29.567972] page_type: f5(slab) [ 29.568311] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.569202] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.569873] page dumped because: kasan: bad access detected [ 29.570794] [ 29.570985] Memory state around the buggy address: [ 29.571633] ffff8881022bd600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.572003] ffff8881022bd680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.572768] >ffff8881022bd700: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 29.573267] ^ [ 29.573515] ffff8881022bd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.574280] ffff8881022bd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.575340] ==================================================================