Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.974713] ================================================================== [ 30.974783] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 30.974832] Free of addr fff00000c919c7c0 by task kunit_try_catch/225 [ 30.974875] [ 30.974903] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.975004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.975032] Hardware name: linux,dummy-virt (DT) [ 30.975400] Call trace: [ 30.975493] show_stack+0x20/0x38 (C) [ 30.975696] dump_stack_lvl+0x8c/0xd0 [ 30.975757] print_report+0x118/0x608 [ 30.976037] kasan_report_invalid_free+0xc0/0xe8 [ 30.976136] check_slab_allocation+0xd4/0x108 [ 30.976267] __kasan_slab_pre_free+0x2c/0x48 [ 30.976369] kfree+0xe8/0x3c8 [ 30.976427] kfree_sensitive+0x3c/0xb0 [ 30.976606] kmalloc_double_kzfree+0x168/0x308 [ 30.976693] kunit_try_run_case+0x170/0x3f0 [ 30.976759] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.976992] kthread+0x328/0x630 [ 30.977127] ret_from_fork+0x10/0x20 [ 30.977359] [ 30.977448] Allocated by task 225: [ 30.977498] kasan_save_stack+0x3c/0x68 [ 30.977576] kasan_save_track+0x20/0x40 [ 30.977695] kasan_save_alloc_info+0x40/0x58 [ 30.977762] __kasan_kmalloc+0xd4/0xd8 [ 30.977836] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.978278] kmalloc_double_kzfree+0xb8/0x308 [ 30.978359] kunit_try_run_case+0x170/0x3f0 [ 30.978442] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.978622] kthread+0x328/0x630 [ 30.978679] ret_from_fork+0x10/0x20 [ 30.978743] [ 30.979135] Freed by task 225: [ 30.979188] kasan_save_stack+0x3c/0x68 [ 30.979235] kasan_save_track+0x20/0x40 [ 30.979680] kasan_save_free_info+0x4c/0x78 [ 30.979748] __kasan_slab_free+0x6c/0x98 [ 30.979831] kfree+0x214/0x3c8 [ 30.979889] kfree_sensitive+0x80/0xb0 [ 30.980043] kmalloc_double_kzfree+0x11c/0x308 [ 30.980111] kunit_try_run_case+0x170/0x3f0 [ 30.980318] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.980537] kthread+0x328/0x630 [ 30.980608] ret_from_fork+0x10/0x20 [ 30.980734] [ 30.980823] The buggy address belongs to the object at fff00000c919c7c0 [ 30.980823] which belongs to the cache kmalloc-16 of size 16 [ 30.980910] The buggy address is located 0 bytes inside of [ 30.980910] 16-byte region [fff00000c919c7c0, fff00000c919c7d0) [ 30.981436] [ 30.981484] The buggy address belongs to the physical page: [ 30.981549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c [ 30.981782] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.981987] page_type: f5(slab) [ 30.982089] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.982166] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000 [ 30.982271] page dumped because: kasan: bad access detected [ 30.982341] [ 30.982382] Memory state around the buggy address: [ 30.982656] fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 30.982712] fff00000c919c700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.983079] >fff00000c919c780: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 30.983219] ^ [ 30.983279] fff00000c919c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.983344] fff00000c919c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.983444] ==================================================================
[ 32.717533] ================================================================== [ 32.717606] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 32.717654] Free of addr fff00000c57889c0 by task kunit_try_catch/223 [ 32.717698] [ 32.717726] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.717814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.717840] Hardware name: linux,dummy-virt (DT) [ 32.717871] Call trace: [ 32.717893] show_stack+0x20/0x38 (C) [ 32.717942] dump_stack_lvl+0x8c/0xd0 [ 32.717988] print_report+0x118/0x608 [ 32.718036] kasan_report_invalid_free+0xc0/0xe8 [ 32.718088] check_slab_allocation+0xd4/0x108 [ 32.718137] __kasan_slab_pre_free+0x2c/0x48 [ 32.718204] kfree+0xe8/0x3c8 [ 32.718289] kfree_sensitive+0x3c/0xb0 [ 32.718338] kmalloc_double_kzfree+0x168/0x308 [ 32.718387] kunit_try_run_case+0x170/0x3f0 [ 32.718436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.718489] kthread+0x328/0x630 [ 32.718532] ret_from_fork+0x10/0x20 [ 32.718584] [ 32.718632] Allocated by task 223: [ 32.718671] kasan_save_stack+0x3c/0x68 [ 32.718714] kasan_save_track+0x20/0x40 [ 32.718752] kasan_save_alloc_info+0x40/0x58 [ 32.718789] __kasan_kmalloc+0xd4/0xd8 [ 32.718835] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.718883] kmalloc_double_kzfree+0xb8/0x308 [ 32.718923] kunit_try_run_case+0x170/0x3f0 [ 32.718961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.719005] kthread+0x328/0x630 [ 32.719038] ret_from_fork+0x10/0x20 [ 32.719212] [ 32.719234] Freed by task 223: [ 32.719262] kasan_save_stack+0x3c/0x68 [ 32.719324] kasan_save_track+0x20/0x40 [ 32.719371] kasan_save_free_info+0x4c/0x78 [ 32.719417] __kasan_slab_free+0x6c/0x98 [ 32.719478] kfree+0x214/0x3c8 [ 32.719544] kfree_sensitive+0x80/0xb0 [ 32.719614] kmalloc_double_kzfree+0x11c/0x308 [ 32.719695] kunit_try_run_case+0x170/0x3f0 [ 32.719776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.719876] kthread+0x328/0x630 [ 32.719944] ret_from_fork+0x10/0x20 [ 32.720058] [ 32.720121] The buggy address belongs to the object at fff00000c57889c0 [ 32.720121] which belongs to the cache kmalloc-16 of size 16 [ 32.720299] The buggy address is located 0 bytes inside of [ 32.720299] 16-byte region [fff00000c57889c0, fff00000c57889d0) [ 32.720363] [ 32.720397] The buggy address belongs to the physical page: [ 32.720430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788 [ 32.720481] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.720674] page_type: f5(slab) [ 32.720746] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.720867] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.720947] page dumped because: kasan: bad access detected [ 32.721021] [ 32.721070] Memory state around the buggy address: [ 32.721181] fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.721254] fff00000c5788900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.721367] >fff00000c5788980: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 32.721425] ^ [ 32.721504] fff00000c5788a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.721596] fff00000c5788a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.721672] ==================================================================
[ 23.409733] ================================================================== [ 23.410087] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 23.410382] Free of addr ffff88810586d4a0 by task kunit_try_catch/240 [ 23.411120] [ 23.411256] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.411303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.411325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.411375] Call Trace: [ 23.411392] <TASK> [ 23.411407] dump_stack_lvl+0x73/0xb0 [ 23.411448] print_report+0xd1/0x650 [ 23.411469] ? __virt_addr_valid+0x1db/0x2d0 [ 23.411492] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.411517] ? kfree_sensitive+0x2e/0x90 [ 23.411567] kasan_report_invalid_free+0x10a/0x130 [ 23.411592] ? kfree_sensitive+0x2e/0x90 [ 23.411616] ? kfree_sensitive+0x2e/0x90 [ 23.411649] check_slab_allocation+0x101/0x130 [ 23.411749] __kasan_slab_pre_free+0x28/0x40 [ 23.411787] kfree+0xf0/0x3f0 [ 23.411808] ? kfree_sensitive+0x2e/0x90 [ 23.411915] kfree_sensitive+0x2e/0x90 [ 23.411940] kmalloc_double_kzfree+0x19c/0x350 [ 23.411962] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.412144] ? __schedule+0x10cc/0x2b60 [ 23.412167] ? __pfx_read_tsc+0x10/0x10 [ 23.412188] ? ktime_get_ts64+0x86/0x230 [ 23.412212] kunit_try_run_case+0x1a5/0x480 [ 23.412236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.412259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.412469] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.412509] ? __kthread_parkme+0x82/0x180 [ 23.412530] ? preempt_count_sub+0x50/0x80 [ 23.412563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.412588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.412611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.412635] kthread+0x337/0x6f0 [ 23.412654] ? trace_preempt_on+0x20/0xc0 [ 23.412723] ? __pfx_kthread+0x10/0x10 [ 23.412747] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.412770] ? calculate_sigpending+0x7b/0xa0 [ 23.412792] ? __pfx_kthread+0x10/0x10 [ 23.412813] ret_from_fork+0x116/0x1d0 [ 23.412832] ? __pfx_kthread+0x10/0x10 [ 23.412851] ret_from_fork_asm+0x1a/0x30 [ 23.412882] </TASK> [ 23.412893] [ 23.421689] Allocated by task 240: [ 23.421940] kasan_save_stack+0x45/0x70 [ 23.422169] kasan_save_track+0x18/0x40 [ 23.422389] kasan_save_alloc_info+0x3b/0x50 [ 23.422665] __kasan_kmalloc+0xb7/0xc0 [ 23.422975] __kmalloc_cache_noprof+0x189/0x420 [ 23.423198] kmalloc_double_kzfree+0xa9/0x350 [ 23.423396] kunit_try_run_case+0x1a5/0x480 [ 23.423670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.423871] kthread+0x337/0x6f0 [ 23.424106] ret_from_fork+0x116/0x1d0 [ 23.424324] ret_from_fork_asm+0x1a/0x30 [ 23.424517] [ 23.424615] Freed by task 240: [ 23.424915] kasan_save_stack+0x45/0x70 [ 23.425048] kasan_save_track+0x18/0x40 [ 23.425171] kasan_save_free_info+0x3f/0x60 [ 23.425318] __kasan_slab_free+0x56/0x70 [ 23.425444] kfree+0x222/0x3f0 [ 23.425913] kfree_sensitive+0x67/0x90 [ 23.426134] kmalloc_double_kzfree+0x12b/0x350 [ 23.426394] kunit_try_run_case+0x1a5/0x480 [ 23.426673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.426933] kthread+0x337/0x6f0 [ 23.427042] ret_from_fork+0x116/0x1d0 [ 23.427161] ret_from_fork_asm+0x1a/0x30 [ 23.427287] [ 23.427359] The buggy address belongs to the object at ffff88810586d4a0 [ 23.427359] which belongs to the cache kmalloc-16 of size 16 [ 23.427865] The buggy address is located 0 bytes inside of [ 23.427865] 16-byte region [ffff88810586d4a0, ffff88810586d4b0) [ 23.428666] [ 23.428843] The buggy address belongs to the physical page: [ 23.429179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 23.429632] flags: 0x200000000000000(node=0|zone=2) [ 23.429919] page_type: f5(slab) [ 23.430037] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.430252] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.430716] page dumped because: kasan: bad access detected [ 23.431058] [ 23.431190] Memory state around the buggy address: [ 23.431493] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.432013] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.432389] >ffff88810586d480: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.432821] ^ [ 23.432958] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.433213] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.433627] ==================================================================
[ 23.703616] ================================================================== [ 23.703920] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 23.704414] Free of addr ffff8881049ad5a0 by task kunit_try_catch/241 [ 23.704618] [ 23.704714] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.704768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.704781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.704804] Call Trace: [ 23.704827] <TASK> [ 23.704849] dump_stack_lvl+0x73/0xb0 [ 23.704881] print_report+0xd1/0x650 [ 23.704905] ? __virt_addr_valid+0x1db/0x2d0 [ 23.704931] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.704957] ? kfree_sensitive+0x2e/0x90 [ 23.704983] kasan_report_invalid_free+0x10a/0x130 [ 23.705007] ? kfree_sensitive+0x2e/0x90 [ 23.705031] ? kfree_sensitive+0x2e/0x90 [ 23.705054] check_slab_allocation+0x101/0x130 [ 23.705101] __kasan_slab_pre_free+0x28/0x40 [ 23.705121] kfree+0xf0/0x3f0 [ 23.705144] ? kfree_sensitive+0x2e/0x90 [ 23.705169] kfree_sensitive+0x2e/0x90 [ 23.705192] kmalloc_double_kzfree+0x19c/0x350 [ 23.705214] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.705253] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.705277] ? trace_hardirqs_on+0x37/0xe0 [ 23.705300] ? __pfx_read_tsc+0x10/0x10 [ 23.705322] ? ktime_get_ts64+0x86/0x230 [ 23.705346] kunit_try_run_case+0x1a5/0x480 [ 23.705373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.705397] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.705419] ? __kthread_parkme+0x82/0x180 [ 23.705440] ? preempt_count_sub+0x50/0x80 [ 23.705464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.705488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.705512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.705536] kthread+0x337/0x6f0 [ 23.705555] ? trace_preempt_on+0x20/0xc0 [ 23.705576] ? __pfx_kthread+0x10/0x10 [ 23.705597] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.705620] ? calculate_sigpending+0x7b/0xa0 [ 23.705644] ? __pfx_kthread+0x10/0x10 [ 23.705665] ret_from_fork+0x116/0x1d0 [ 23.705684] ? __pfx_kthread+0x10/0x10 [ 23.705704] ret_from_fork_asm+0x1a/0x30 [ 23.705736] </TASK> [ 23.705748] [ 23.713771] Allocated by task 241: [ 23.714081] kasan_save_stack+0x45/0x70 [ 23.714426] kasan_save_track+0x18/0x40 [ 23.714617] kasan_save_alloc_info+0x3b/0x50 [ 23.714831] __kasan_kmalloc+0xb7/0xc0 [ 23.715134] __kmalloc_cache_noprof+0x189/0x420 [ 23.715496] kmalloc_double_kzfree+0xa9/0x350 [ 23.715716] kunit_try_run_case+0x1a5/0x480 [ 23.715920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.716131] kthread+0x337/0x6f0 [ 23.716250] ret_from_fork+0x116/0x1d0 [ 23.716468] ret_from_fork_asm+0x1a/0x30 [ 23.716674] [ 23.716762] Freed by task 241: [ 23.716909] kasan_save_stack+0x45/0x70 [ 23.717102] kasan_save_track+0x18/0x40 [ 23.717233] kasan_save_free_info+0x3f/0x60 [ 23.717372] __kasan_slab_free+0x56/0x70 [ 23.717510] kfree+0x222/0x3f0 [ 23.717899] kfree_sensitive+0x67/0x90 [ 23.718112] kmalloc_double_kzfree+0x12b/0x350 [ 23.718325] kunit_try_run_case+0x1a5/0x480 [ 23.718670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.718846] kthread+0x337/0x6f0 [ 23.719051] ret_from_fork+0x116/0x1d0 [ 23.719519] ret_from_fork_asm+0x1a/0x30 [ 23.719730] [ 23.719822] The buggy address belongs to the object at ffff8881049ad5a0 [ 23.719822] which belongs to the cache kmalloc-16 of size 16 [ 23.720467] The buggy address is located 0 bytes inside of [ 23.720467] 16-byte region [ffff8881049ad5a0, ffff8881049ad5b0) [ 23.720800] [ 23.720870] The buggy address belongs to the physical page: [ 23.721132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 23.721564] flags: 0x200000000000000(node=0|zone=2) [ 23.721807] page_type: f5(slab) [ 23.722022] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.722394] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.722619] page dumped because: kasan: bad access detected [ 23.722785] [ 23.722855] Memory state around the buggy address: [ 23.723171] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.723487] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.723783] >ffff8881049ad580: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.724437] ^ [ 23.724611] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.724821] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.725136] ==================================================================