lkft/linux-stable-rc-linux-6.1.y - v6.1.144-91-gcb3da7d94d12 - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive

Date

July 15, 2025, 2:10 p.m.

Environment
qemu-arm64

[   77.621130] ==================================================================
[   77.621718] BUG: KASAN: double-free in kfree_sensitive+0x88/0xa4
[   77.622341] Free of addr ffff0000c5ad0000 by task kunit_try_catch/167
[   77.622908] 
[   77.623137] CPU: 1 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   77.623914] Hardware name: linux,dummy-virt (DT)
[   77.624359] Call trace:
[   77.624829]  dump_backtrace+0xf8/0x118
[   77.625308]  show_stack+0x18/0x24
[   77.625778]  __dump_stack+0x28/0x38
[   77.626225]  dump_stack_lvl+0x54/0x6c
[   77.626651]  print_address_description+0x7c/0x1ec
[   77.627462]  print_report+0x50/0x68
[   77.627919]  kasan_report_invalid_free+0x9c/0xe8
[   77.628452]  ____kasan_slab_free+0x108/0x140
[   77.629430]  __kasan_slab_free+0x18/0x28
[   77.629925]  __kmem_cache_free+0xdc/0x284
[   77.630373]  kfree_sensitive+0x88/0xa4
[   77.630849]  kmalloc_double_kzfree+0xa4/0x144
[   77.631340]  kunit_try_run_case+0x80/0x184
[   77.631825]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   77.632422]  kthread+0x16c/0x21c
[   77.633266]  ret_from_fork+0x10/0x20
[   77.633729] 
[   77.633964] Allocated by task 167:
[   77.634305]  kasan_set_track+0x4c/0x80
[   77.634764]  kasan_save_alloc_info+0x28/0x34
[   77.635209]  __kasan_kmalloc+0x88/0xa0
[   77.635663]  kmalloc_trace+0x54/0x68
[   77.636092]  kmalloc_double_kzfree+0x48/0x144
[   77.636584]  kunit_try_run_case+0x80/0x184
[   77.637237]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   77.637856]  kthread+0x16c/0x21c
[   77.638302]  ret_from_fork+0x10/0x20
[   77.638722] 
[   77.638931] Freed by task 167:
[   77.639238]  kasan_set_track+0x4c/0x80
[   77.639686]  kasan_save_free_info+0x3c/0x60
[   77.640180]  ____kasan_slab_free+0xe8/0x140
[   77.641190]  __kasan_slab_free+0x18/0x28
[   77.641685]  __kmem_cache_free+0xdc/0x284
[   77.642154]  kfree_sensitive+0x88/0xa4
[   77.642617]  kmalloc_double_kzfree+0x90/0x144
[   77.643117]  kunit_try_run_case+0x80/0x184
[   77.643587]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   77.644172]  kthread+0x16c/0x21c
[   77.644748]  ret_from_fork+0x10/0x20
[   77.645221] 
[   77.645423] The buggy address belongs to the object at ffff0000c5ad0000
[   77.645423]  which belongs to the cache kmalloc-128 of size 128
[   77.646377] The buggy address is located 0 bytes inside of
[   77.646377]  128-byte region [ffff0000c5ad0000, ffff0000c5ad0080)
[   77.647338] 
[   77.647569] The buggy address belongs to the physical page:
[   77.648054] page:000000001efa35a5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ad0
[   77.649055] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff)
[   77.649790] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300
[   77.650504] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   77.651108] page dumped because: kasan: bad access detected
[   77.651584] 
[   77.651784] Memory state around the buggy address:
[   77.652252]  ffff0000c5acff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.653122]  ffff0000c5acff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.653768] >ffff0000c5ad0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.654387]                    ^
[   77.654729]  ffff0000c5ad0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   77.655362]  ffff0000c5ad0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   77.655953] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuku2CqOSBNjm45lvXKYaLjyqD

job_id

TEST:linaro@lkft#2zukwgU6XwzjbD9bJg5af3DKzMu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukwgU6XwzjbD9bJg5af3DKzMu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuyyOdHfpRGY4hBWWwyZXYwX/Image.gz
sha256sum	cf8bd852881ba4d50a41678cf8f6cf797c26c26fd23b6c011f2c8643eabe830a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuyyOdHfpRGY4hBWWwyZXYwX/modules.tar.xz
sha256sum	b48f1e2a59eadffc085bdb58533b86e33f4d345575a5b64b5e4b3d01a02a2f1a

durations

tests

boot	0
kunit	126.73

host_arch

amd64

build_name

clang-20-defconfig-40bc7ee5

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   76.824030] ==================================================================
[   76.825059] BUG: KASAN: double-free in kfree_sensitive+0x88/0xa4
[   76.825939] Free of addr ffff0000c58a7b00 by task kunit_try_catch/167
[   76.826756] 
[   76.827054] CPU: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   76.828243] Hardware name: linux,dummy-virt (DT)
[   76.828892] Call trace:
[   76.829283]  dump_backtrace+0xf4/0x114
[   76.829860]  show_stack+0x18/0x24
[   76.830273]  __dump_stack+0x28/0x38
[   76.830664]  dump_stack_lvl+0x50/0x68
[   76.831134]  print_address_description+0x7c/0x1ec
[   76.831729]  print_report+0x50/0x68
[   76.832246]  kasan_report_invalid_free+0x9c/0xe4
[   76.832830]  ____kasan_slab_free+0x108/0x140
[   76.833356]  __kasan_slab_free+0x18/0x28
[   76.833861]  __kmem_cache_free+0xdc/0x27c
[   76.834346]  kfree_sensitive+0x88/0xa4
[   76.834795]  kmalloc_double_kzfree+0xa4/0x144
[   76.835286]  kunit_try_run_case+0x80/0x184
[   76.835814]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   76.836509]  kthread+0x16c/0x21c
[   76.836958]  ret_from_fork+0x10/0x20
[   76.837392] 
[   76.837595] Allocated by task 167:
[   76.837946]  kasan_set_track+0x4c/0x80
[   76.838413]  kasan_save_alloc_info+0x28/0x34
[   76.838917]  __kasan_kmalloc+0x88/0xa0
[   76.839423]  kmalloc_trace+0x54/0x68
[   76.839967]  kmalloc_double_kzfree+0x48/0x144
[   76.840512]  kunit_try_run_case+0x80/0x184
[   76.841044]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   76.841630]  kthread+0x16c/0x21c
[   76.842066]  ret_from_fork+0x10/0x20
[   76.842520] 
[   76.842715] Freed by task 167:
[   76.843069]  kasan_set_track+0x4c/0x80
[   76.843530]  kasan_save_free_info+0x3c/0x60
[   76.844140]  ____kasan_slab_free+0xe8/0x140
[   76.844733]  __kasan_slab_free+0x18/0x28
[   76.845241]  __kmem_cache_free+0xdc/0x27c
[   76.845757]  kfree_sensitive+0x88/0xa4
[   76.846242]  kmalloc_double_kzfree+0x90/0x144
[   76.846768]  kunit_try_run_case+0x80/0x184
[   76.847251]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   76.847933]  kthread+0x16c/0x21c
[   76.848409]  ret_from_fork+0x10/0x20
[   76.848859] 
[   76.849077] The buggy address belongs to the object at ffff0000c58a7b00
[   76.849077]  which belongs to the cache kmalloc-128 of size 128
[   76.850013] The buggy address is located 0 bytes inside of
[   76.850013]  128-byte region [ffff0000c58a7b00, ffff0000c58a7b80)
[   76.850916] 
[   76.851130] The buggy address belongs to the physical page:
[   76.851586] page:00000000333134b1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7
[   76.852671] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff)
[   76.853391] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300
[   76.854066] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   76.854677] page dumped because: kasan: bad access detected
[   76.855172] 
[   76.855372] Memory state around the buggy address:
[   76.855886]  ffff0000c58a7a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.856569]  ffff0000c58a7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.857251] >ffff0000c58a7b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.857863]                    ^
[   76.858236]  ffff0000c58a7b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.858889]  ffff0000c58a7c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.859500] ==================================================================