Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 75.367597] ================================================================== [ 75.368147] BUG: KASAN: double-free in kfree+0x58/0x80 [ 75.368844] Free of addr ffff0000c5938e00 by task kunit_try_catch/167 [ 75.369327] [ 75.369589] CPU: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.370378] Hardware name: linux,dummy-virt (DT) [ 75.370793] Call trace: [ 75.371061] dump_backtrace.part.0+0xdc/0xf0 [ 75.371591] show_stack+0x18/0x30 [ 75.372017] dump_stack_lvl+0x64/0x80 [ 75.372510] print_report+0x158/0x438 [ 75.372916] kasan_report_invalid_free+0x9c/0xc0 [ 75.373384] __kasan_slab_free+0x118/0x150 [ 75.374457] __kmem_cache_free+0x130/0x2a4 [ 75.375070] kfree+0x58/0x80 [ 75.375786] kfree_sensitive+0x24/0x5c [ 75.376213] kmalloc_double_kzfree+0xc4/0x1d0 [ 75.376720] kunit_try_run_case+0x84/0x120 [ 75.377178] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 75.377749] kthread+0x180/0x190 [ 75.378135] ret_from_fork+0x10/0x20 [ 75.378568] [ 75.378748] Allocated by task 167: [ 75.379114] kasan_save_stack+0x3c/0x70 [ 75.379513] kasan_set_track+0x2c/0x40 [ 75.379944] kasan_save_alloc_info+0x24/0x34 [ 75.380432] __kasan_kmalloc+0xb8/0xc0 [ 75.380833] kmalloc_trace+0x58/0x6c [ 75.381254] kmalloc_double_kzfree+0x94/0x1d0 [ 75.381725] kunit_try_run_case+0x84/0x120 [ 75.382937] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 75.383515] kthread+0x180/0x190 [ 75.383876] ret_from_fork+0x10/0x20 [ 75.384307] [ 75.384495] Freed by task 167: [ 75.384830] kasan_save_stack+0x3c/0x70 [ 75.385211] kasan_set_track+0x2c/0x40 [ 75.385660] kasan_save_free_info+0x38/0x5c [ 75.386087] __kasan_slab_free+0xe4/0x150 [ 75.386532] __kmem_cache_free+0x130/0x2a4 [ 75.387017] kfree+0x58/0x80 [ 75.387374] kfree_sensitive+0x4c/0x5c [ 75.387828] kmalloc_double_kzfree+0xb4/0x1d0 [ 75.388283] kunit_try_run_case+0x84/0x120 [ 75.388756] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 75.389290] kthread+0x180/0x190 [ 75.389679] ret_from_fork+0x10/0x20 [ 75.390086] [ 75.390274] The buggy address belongs to the object at ffff0000c5938e00 [ 75.390274] which belongs to the cache kmalloc-128 of size 128 [ 75.391207] The buggy address is located 0 bytes inside of [ 75.391207] 128-byte region [ffff0000c5938e00, ffff0000c5938e80) [ 75.392083] [ 75.392282] The buggy address belongs to the physical page: [ 75.393457] page:000000003af4cecf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105938 [ 75.394065] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.394624] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.395636] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.396255] page dumped because: kasan: bad access detected [ 75.396810] [ 75.397123] Memory state around the buggy address: [ 75.397643] ffff0000c5938d00: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.398951] ffff0000c5938d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.399629] >ffff0000c5938e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.400277] ^ [ 75.400702] ffff0000c5938e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.401383] ffff0000c5938f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.402019] ==================================================================
[ 66.684955] ================================================================== [ 66.685693] BUG: KASAN: double-free in kfree+0x5c/0x70 [ 66.686184] Free of addr ffff0000c5a10200 by task kunit_try_catch/165 [ 66.686685] [ 66.686878] CPU: 1 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 66.688184] Hardware name: linux,dummy-virt (DT) [ 66.688600] Call trace: [ 66.688849] dump_backtrace+0x110/0x120 [ 66.689314] show_stack+0x18/0x28 [ 66.689970] dump_stack_lvl+0x68/0x84 [ 66.690383] print_report+0x158/0x484 [ 66.690767] kasan_report_invalid_free+0x84/0xa0 [ 66.691211] __kasan_slab_free+0x11c/0x158 [ 66.691623] __kmem_cache_free+0x138/0x2b0 [ 66.692036] kfree+0x5c/0x70 [ 66.692390] kfree_sensitive+0x24/0x60 [ 66.692799] kmalloc_double_kzfree+0xdc/0x1d8 [ 66.693217] kunit_try_run_case+0x7c/0x120 [ 66.694194] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 66.694717] kthread+0x1a4/0x1b8 [ 66.695070] ret_from_fork+0x10/0x20 [ 66.695461] [ 66.695636] Allocated by task 165: [ 66.695942] kasan_save_stack+0x2c/0x58 [ 66.696367] kasan_set_track+0x2c/0x40 [ 66.696736] kasan_save_alloc_info+0x24/0x38 [ 66.697166] __kasan_kmalloc+0xa0/0xb8 [ 66.697582] kmalloc_trace+0x50/0x68 [ 66.698199] kmalloc_double_kzfree+0xa8/0x1d8 [ 66.698660] kunit_try_run_case+0x7c/0x120 [ 66.699089] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 66.699596] kthread+0x1a4/0x1b8 [ 66.699944] ret_from_fork+0x10/0x20 [ 66.700312] [ 66.700506] Freed by task 165: [ 66.700783] kasan_save_stack+0x2c/0x58 [ 66.701153] kasan_set_track+0x2c/0x40 [ 66.701591] kasan_save_free_info+0x38/0x60 [ 66.702495] __kasan_slab_free+0xe8/0x158 [ 66.702875] __kmem_cache_free+0x138/0x2b0 [ 66.703291] kfree+0x5c/0x70 [ 66.703612] kfree_sensitive+0x4c/0x60 [ 66.704017] kmalloc_double_kzfree+0xc8/0x1d8 [ 66.704464] kunit_try_run_case+0x7c/0x120 [ 66.704881] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 66.705383] kthread+0x1a4/0x1b8 [ 66.705712] ret_from_fork+0x10/0x20 [ 66.706116] [ 66.706321] The buggy address belongs to the object at ffff0000c5a10200 [ 66.706321] which belongs to the cache kmalloc-128 of size 128 [ 66.707182] The buggy address is located 0 bytes inside of [ 66.707182] 128-byte region [ffff0000c5a10200, ffff0000c5a10280) [ 66.708257] [ 66.708434] The buggy address belongs to the physical page: [ 66.708829] page:000000003e6c9983 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a10 [ 66.710019] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 66.710645] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 66.711257] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 66.711825] page dumped because: kasan: bad access detected [ 66.712266] [ 66.712458] Memory state around the buggy address: [ 66.712862] ffff0000c5a10100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.713450] ffff0000c5a10180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.714264] >ffff0000c5a10200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.714796] ^ [ 66.715103] ffff0000c5a10280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.715670] ffff0000c5a10300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.716196] ==================================================================
[ 32.653731] ================================================================== [ 32.654055] BUG: KASAN: double-free in kfree+0x78/0x120 [ 32.654407] Free of addr ffff888101a015c0 by task kunit_try_catch/271 [ 32.654830] [ 32.654957] CPU: 1 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.655598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.656072] Call Trace: [ 32.656251] <TASK> [ 32.656384] dump_stack_lvl+0x49/0x62 [ 32.656884] print_report+0x189/0x492 [ 32.657158] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.657547] ? kfree+0x78/0x120 [ 32.657769] kasan_report_invalid_free+0xd8/0x150 [ 32.658085] ? kfree+0x78/0x120 [ 32.658311] ? kfree+0x78/0x120 [ 32.658687] ____kasan_slab_free+0x19f/0x1d0 [ 32.659061] ? kfree_sensitive+0x1f/0x50 [ 32.659326] __kasan_slab_free+0x12/0x20 [ 32.659662] __kmem_cache_free+0x188/0x2f0 [ 32.660004] kfree+0x78/0x120 [ 32.660283] kfree_sensitive+0x1f/0x50 [ 32.660523] kmalloc_double_kzfree+0xc8/0x1b0 [ 32.660940] ? kasan_global_oob_right+0x160/0x160 [ 32.661190] ? __kunit_add_resource+0xd1/0x100 [ 32.661437] ? kasan_test_init+0x13e/0x1b0 [ 32.661686] kunit_try_run_case+0x8f/0xd0 [ 32.661913] ? kunit_catch_run_case+0x80/0x80 [ 32.662176] ? kunit_try_catch_throw+0x40/0x40 [ 32.662666] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.662995] kthread+0x17b/0x1b0 [ 32.663179] ? kthread_complete_and_exit+0x30/0x30 [ 32.663423] ret_from_fork+0x22/0x30 [ 32.663749] </TASK> [ 32.664119] [ 32.664227] Allocated by task 271: [ 32.664428] kasan_save_stack+0x41/0x70 [ 32.664736] kasan_set_track+0x25/0x40 [ 32.664955] kasan_save_alloc_info+0x1e/0x30 [ 32.665203] __kasan_kmalloc+0xb6/0xc0 [ 32.665414] kmalloc_trace+0x48/0xb0 [ 32.665624] kmalloc_double_kzfree+0x99/0x1b0 [ 32.665872] kunit_try_run_case+0x8f/0xd0 [ 32.666098] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.666412] kthread+0x17b/0x1b0 [ 32.666571] ret_from_fork+0x22/0x30 [ 32.666790] [ 32.666901] Freed by task 271: [ 32.667083] kasan_save_stack+0x41/0x70 [ 32.667310] kasan_set_track+0x25/0x40 [ 32.667554] kasan_save_free_info+0x2e/0x50 [ 32.667791] ____kasan_slab_free+0x175/0x1d0 [ 32.668020] __kasan_slab_free+0x12/0x20 [ 32.668564] __kmem_cache_free+0x188/0x2f0 [ 32.668804] kfree+0x78/0x120 [ 32.668991] kfree_sensitive+0x3e/0x50 [ 32.669235] kmalloc_double_kzfree+0xb1/0x1b0 [ 32.669580] kunit_try_run_case+0x8f/0xd0 [ 32.669806] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.670083] kthread+0x17b/0x1b0 [ 32.670341] ret_from_fork+0x22/0x30 [ 32.670521] [ 32.670612] The buggy address belongs to the object at ffff888101a015c0 [ 32.670612] which belongs to the cache kmalloc-16 of size 16 [ 32.671375] The buggy address is located 0 bytes inside of [ 32.671375] 16-byte region [ffff888101a015c0, ffff888101a015d0) [ 32.671866] [ 32.671984] The buggy address belongs to the physical page: [ 32.672306] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a01 [ 32.672904] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.673236] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.673774] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.674108] page dumped because: kasan: bad access detected [ 32.674483] [ 32.674581] Memory state around the buggy address: [ 32.674840] ffff888101a01480: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 02 fc fc [ 32.675183] ffff888101a01500: 00 03 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 32.675652] >ffff888101a01580: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 32.675969] ^ [ 32.676222] ffff888101a01600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.676509] ffff888101a01680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.676864] ==================================================================