Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 46.126271] ================================================================== [ 46.133245] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 46.139231] Free of addr ffff000802fe65c0 by task kunit_try_catch/276 [ 46.145655] [ 46.147139] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 46.147195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.147213] Hardware name: WinLink E850-96 board (DT) [ 46.147234] Call trace: [ 46.147247] show_stack+0x20/0x38 (C) [ 46.147280] dump_stack_lvl+0x8c/0xd0 [ 46.147311] print_report+0x118/0x5d0 [ 46.147339] kasan_report_invalid_free+0xc0/0xe8 [ 46.147369] check_slab_allocation+0xd4/0x108 [ 46.147406] __kasan_slab_pre_free+0x2c/0x48 [ 46.147441] kfree+0xe8/0x3c8 [ 46.147473] kfree_sensitive+0x3c/0xb0 [ 46.147507] kmalloc_double_kzfree+0x168/0x308 [ 46.147540] kunit_try_run_case+0x170/0x3f0 [ 46.147576] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.147609] kthread+0x328/0x630 [ 46.147638] ret_from_fork+0x10/0x20 [ 46.147675] [ 46.222997] Allocated by task 276: [ 46.226385] kasan_save_stack+0x3c/0x68 [ 46.230202] kasan_save_track+0x20/0x40 [ 46.234023] kasan_save_alloc_info+0x40/0x58 [ 46.238275] __kasan_kmalloc+0xd4/0xd8 [ 46.242008] __kmalloc_cache_noprof+0x16c/0x3c0 [ 46.246521] kmalloc_double_kzfree+0xb8/0x308 [ 46.250862] kunit_try_run_case+0x170/0x3f0 [ 46.255028] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.260497] kthread+0x328/0x630 [ 46.263709] ret_from_fork+0x10/0x20 [ 46.267268] [ 46.268743] Freed by task 276: [ 46.271783] kasan_save_stack+0x3c/0x68 [ 46.275601] kasan_save_track+0x20/0x40 [ 46.279420] kasan_save_free_info+0x4c/0x78 [ 46.283587] __kasan_slab_free+0x6c/0x98 [ 46.287494] kfree+0x214/0x3c8 [ 46.290531] kfree_sensitive+0x80/0xb0 [ 46.294264] kmalloc_double_kzfree+0x11c/0x308 [ 46.298691] kunit_try_run_case+0x170/0x3f0 [ 46.302857] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.308326] kthread+0x328/0x630 [ 46.311538] ret_from_fork+0x10/0x20 [ 46.315097] [ 46.316574] The buggy address belongs to the object at ffff000802fe65c0 [ 46.316574] which belongs to the cache kmalloc-16 of size 16 [ 46.328899] The buggy address is located 0 bytes inside of [ 46.328899] 16-byte region [ffff000802fe65c0, ffff000802fe65d0) [ 46.340357] [ 46.341835] The buggy address belongs to the physical page: [ 46.347392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882fe6 [ 46.355378] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 46.361886] page_type: f5(slab) [ 46.365021] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000 [ 46.372742] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 46.380462] page dumped because: kasan: bad access detected [ 46.386016] [ 46.387491] Memory state around the buggy address: [ 46.392271] ffff000802fe6480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 46.399474] ffff000802fe6500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 46.406679] >ffff000802fe6580: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 46.413880] ^ [ 46.419180] ffff000802fe6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.426383] ffff000802fe6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.433585] ==================================================================
[ 29.799630] ================================================================== [ 29.799834] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 29.799927] Free of addr fff00000c64c1b20 by task kunit_try_catch/223 [ 29.800078] [ 29.800146] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.800382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.800410] Hardware name: linux,dummy-virt (DT) [ 29.800442] Call trace: [ 29.800525] show_stack+0x20/0x38 (C) [ 29.800579] dump_stack_lvl+0x8c/0xd0 [ 29.800916] print_report+0x118/0x5d0 [ 29.800980] kasan_report_invalid_free+0xc0/0xe8 [ 29.801029] check_slab_allocation+0xd4/0x108 [ 29.801091] __kasan_slab_pre_free+0x2c/0x48 [ 29.801179] kfree+0xe8/0x3c8 [ 29.801383] kfree_sensitive+0x3c/0xb0 [ 29.801499] kmalloc_double_kzfree+0x168/0x308 [ 29.801660] kunit_try_run_case+0x170/0x3f0 [ 29.801707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.801757] kthread+0x328/0x630 [ 29.801805] ret_from_fork+0x10/0x20 [ 29.801883] [ 29.801939] Allocated by task 223: [ 29.801975] kasan_save_stack+0x3c/0x68 [ 29.802163] kasan_save_track+0x20/0x40 [ 29.802206] kasan_save_alloc_info+0x40/0x58 [ 29.802244] __kasan_kmalloc+0xd4/0xd8 [ 29.802282] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.802359] kmalloc_double_kzfree+0xb8/0x308 [ 29.802543] kunit_try_run_case+0x170/0x3f0 [ 29.802689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.802738] kthread+0x328/0x630 [ 29.802866] ret_from_fork+0x10/0x20 [ 29.802904] [ 29.802922] Freed by task 223: [ 29.802981] kasan_save_stack+0x3c/0x68 [ 29.803020] kasan_save_track+0x20/0x40 [ 29.803492] kasan_save_free_info+0x4c/0x78 [ 29.803936] __kasan_slab_free+0x6c/0x98 [ 29.804125] kfree+0x214/0x3c8 [ 29.804302] kfree_sensitive+0x80/0xb0 [ 29.804446] kmalloc_double_kzfree+0x11c/0x308 [ 29.804617] kunit_try_run_case+0x170/0x3f0 [ 29.804658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.804699] kthread+0x328/0x630 [ 29.804731] ret_from_fork+0x10/0x20 [ 29.804823] [ 29.805130] The buggy address belongs to the object at fff00000c64c1b20 [ 29.805130] which belongs to the cache kmalloc-16 of size 16 [ 29.805226] The buggy address is located 0 bytes inside of [ 29.805226] 16-byte region [fff00000c64c1b20, fff00000c64c1b30) [ 29.805285] [ 29.805315] The buggy address belongs to the physical page: [ 29.805349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c64c1a40 pfn:0x1064c1 [ 29.805561] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.805841] page_type: f5(slab) [ 29.806198] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.806273] raw: fff00000c64c1a40 000000008080007f 00000000f5000000 0000000000000000 [ 29.806360] page dumped because: kasan: bad access detected [ 29.806393] [ 29.806411] Memory state around the buggy address: [ 29.806445] fff00000c64c1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.806643] fff00000c64c1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.806719] >fff00000c64c1b00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 29.806914] ^ [ 29.806950] fff00000c64c1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.806992] fff00000c64c1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.807225] ==================================================================
[ 24.648884] ================================================================== [ 24.649544] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 24.649943] Free of addr ffff8881058422a0 by task kunit_try_catch/241 [ 24.650255] [ 24.650342] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.650394] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.650407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.650429] Call Trace: [ 24.650448] <TASK> [ 24.650468] dump_stack_lvl+0x73/0xb0 [ 24.650499] print_report+0xd1/0x610 [ 24.650521] ? __virt_addr_valid+0x1db/0x2d0 [ 24.650545] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.650570] ? kfree_sensitive+0x2e/0x90 [ 24.650589] kasan_report_invalid_free+0x10a/0x130 [ 24.650612] ? kfree_sensitive+0x2e/0x90 [ 24.650633] ? kfree_sensitive+0x2e/0x90 [ 24.650652] check_slab_allocation+0x101/0x130 [ 24.650696] __kasan_slab_pre_free+0x28/0x40 [ 24.650716] kfree+0xf0/0x3f0 [ 24.650738] ? kfree_sensitive+0x2e/0x90 [ 24.650780] kfree_sensitive+0x2e/0x90 [ 24.650798] kmalloc_double_kzfree+0x19c/0x350 [ 24.650821] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.650843] ? __schedule+0x10cc/0x2b60 [ 24.650867] ? __pfx_read_tsc+0x10/0x10 [ 24.650888] ? ktime_get_ts64+0x86/0x230 [ 24.650912] kunit_try_run_case+0x1a5/0x480 [ 24.650934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.651005] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.651037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.651059] ? __kthread_parkme+0x82/0x180 [ 24.651081] ? preempt_count_sub+0x50/0x80 [ 24.651104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.651125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.651149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.651173] kthread+0x337/0x6f0 [ 24.651193] ? trace_preempt_on+0x20/0xc0 [ 24.651216] ? __pfx_kthread+0x10/0x10 [ 24.651236] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.651257] ? calculate_sigpending+0x7b/0xa0 [ 24.651281] ? __pfx_kthread+0x10/0x10 [ 24.651302] ret_from_fork+0x116/0x1d0 [ 24.651320] ? __pfx_kthread+0x10/0x10 [ 24.651340] ret_from_fork_asm+0x1a/0x30 [ 24.651370] </TASK> [ 24.651381] [ 24.659722] Allocated by task 241: [ 24.660356] kasan_save_stack+0x45/0x70 [ 24.660583] kasan_save_track+0x18/0x40 [ 24.660851] kasan_save_alloc_info+0x3b/0x50 [ 24.661106] __kasan_kmalloc+0xb7/0xc0 [ 24.661252] __kmalloc_cache_noprof+0x189/0x420 [ 24.661401] kmalloc_double_kzfree+0xa9/0x350 [ 24.661596] kunit_try_run_case+0x1a5/0x480 [ 24.661874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.662438] kthread+0x337/0x6f0 [ 24.662688] ret_from_fork+0x116/0x1d0 [ 24.662981] ret_from_fork_asm+0x1a/0x30 [ 24.663151] [ 24.663235] Freed by task 241: [ 24.663392] kasan_save_stack+0x45/0x70 [ 24.663583] kasan_save_track+0x18/0x40 [ 24.663779] kasan_save_free_info+0x3f/0x60 [ 24.663984] __kasan_slab_free+0x56/0x70 [ 24.664164] kfree+0x222/0x3f0 [ 24.664578] kfree_sensitive+0x67/0x90 [ 24.664782] kmalloc_double_kzfree+0x12b/0x350 [ 24.664972] kunit_try_run_case+0x1a5/0x480 [ 24.665236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.665488] kthread+0x337/0x6f0 [ 24.665671] ret_from_fork+0x116/0x1d0 [ 24.665862] ret_from_fork_asm+0x1a/0x30 [ 24.666112] [ 24.666192] The buggy address belongs to the object at ffff8881058422a0 [ 24.666192] which belongs to the cache kmalloc-16 of size 16 [ 24.666744] The buggy address is located 0 bytes inside of [ 24.666744] 16-byte region [ffff8881058422a0, ffff8881058422b0) [ 24.667069] [ 24.667136] The buggy address belongs to the physical page: [ 24.667304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 24.667648] flags: 0x200000000000000(node=0|zone=2) [ 24.667994] page_type: f5(slab) [ 24.668168] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.668497] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.668906] page dumped because: kasan: bad access detected [ 24.669495] [ 24.669583] Memory state around the buggy address: [ 24.669905] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.670222] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 24.670431] >ffff888105842280: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 24.670677] ^ [ 24.671110] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.671478] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.671928] ==================================================================