Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 18.180334] ================================================================== [ 18.181769] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19d/0x360 [ 18.182801] Read of size 1 at addr ffff888101f801e0 by task kunit_try_catch/197 [ 18.183580] [ 18.183820] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.12.33-rc1 #1 [ 18.183935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.183969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.184026] Call Trace: [ 18.184062] <TASK> [ 18.184111] dump_stack_lvl+0x73/0xb0 [ 18.184197] print_report+0xd1/0x640 [ 18.184319] ? __virt_addr_valid+0x1db/0x2d0 [ 18.184404] ? kmalloc_double_kzfree+0x19d/0x360 [ 18.184471] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.184544] ? kmalloc_double_kzfree+0x19d/0x360 [ 18.184660] kasan_report+0x140/0x180 [ 18.184721] ? kmalloc_double_kzfree+0x19d/0x360 [ 18.184755] ? kmalloc_double_kzfree+0x19d/0x360 [ 18.184782] __kasan_check_byte+0x3d/0x50 [ 18.184843] kfree_sensitive+0x22/0x90 [ 18.184879] kmalloc_double_kzfree+0x19d/0x360 [ 18.184908] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 18.184937] ? __schedule+0xc49/0x27a0 [ 18.184964] ? __pfx_read_tsc+0x10/0x10 [ 18.184991] ? ktime_get_ts64+0x84/0x230 [ 18.185027] kunit_try_run_case+0x1a6/0x480 [ 18.185059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.185086] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 18.185113] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.185147] ? __kthread_parkme+0x82/0x160 [ 18.185173] ? preempt_count_sub+0x50/0x80 [ 18.185203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.185262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.185301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.185337] kthread+0x257/0x310 [ 18.185361] ? __pfx_kthread+0x10/0x10 [ 18.185386] ret_from_fork+0x41/0x80 [ 18.185414] ? __pfx_kthread+0x10/0x10 [ 18.185441] ret_from_fork_asm+0x1a/0x30 [ 18.185566] </TASK> [ 18.185586] [ 18.205373] Allocated by task 197: [ 18.205949] kasan_save_stack+0x45/0x70 [ 18.206395] kasan_save_track+0x18/0x40 [ 18.206963] kasan_save_alloc_info+0x3b/0x50 [ 18.207468] __kasan_kmalloc+0xb7/0xc0 [ 18.207960] __kmalloc_cache_noprof+0x168/0x350 [ 18.208642] kmalloc_double_kzfree+0xaa/0x360 [ 18.209192] kunit_try_run_case+0x1a6/0x480 [ 18.209704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.210085] kthread+0x257/0x310 [ 18.210837] ret_from_fork+0x41/0x80 [ 18.211245] ret_from_fork_asm+0x1a/0x30 [ 18.212083] [ 18.212345] Freed by task 197: [ 18.212645] kasan_save_stack+0x45/0x70 [ 18.213245] kasan_save_track+0x18/0x40 [ 18.213885] kasan_save_free_info+0x3f/0x60 [ 18.214289] __kasan_slab_free+0x56/0x70 [ 18.215025] kfree+0x123/0x3d0 [ 18.215595] kfree_sensitive+0x67/0x90 [ 18.216023] kmalloc_double_kzfree+0x12c/0x360 [ 18.217112] kunit_try_run_case+0x1a6/0x480 [ 18.217530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.218117] kthread+0x257/0x310 [ 18.218398] ret_from_fork+0x41/0x80 [ 18.219269] ret_from_fork_asm+0x1a/0x30 [ 18.220001] [ 18.220153] The buggy address belongs to the object at ffff888101f801e0 [ 18.220153] which belongs to the cache kmalloc-16 of size 16 [ 18.221502] The buggy address is located 0 bytes inside of [ 18.221502] freed 16-byte region [ffff888101f801e0, ffff888101f801f0) [ 18.222961] [ 18.223142] The buggy address belongs to the physical page: [ 18.223960] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101f80 [ 18.225112] flags: 0x200000000000000(node=0|zone=2) [ 18.225497] page_type: f5(slab) [ 18.226331] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 18.227285] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 18.228298] page dumped because: kasan: bad access detected [ 18.228866] [ 18.229069] Memory state around the buggy address: [ 18.230004] ffff888101f80080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.230983] ffff888101f80100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.231886] >ffff888101f80180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.232543] ^ [ 18.233384] ffff888101f80200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.234254] ffff888101f80280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.235208] ==================================================================