Date
June 2, 2025, 2:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 28.231850] ================================================================== [ 28.238854] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 28.244840] Free of addr ffff000800a7c640 by task kunit_try_catch/239 [ 28.251263] [ 28.252749] CPU: 2 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 28.252806] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.252824] Hardware name: WinLink E850-96 board (DT) [ 28.252843] Call trace: [ 28.252856] show_stack+0x20/0x38 (C) [ 28.252886] dump_stack_lvl+0x8c/0xd0 [ 28.252920] print_report+0x118/0x608 [ 28.252949] kasan_report_invalid_free+0xc0/0xe8 [ 28.252979] check_slab_allocation+0xd4/0x108 [ 28.253011] __kasan_slab_pre_free+0x2c/0x48 [ 28.253041] kfree+0xe8/0x3c8 [ 28.253074] kfree_sensitive+0x3c/0xb0 [ 28.253102] kmalloc_double_kzfree+0x168/0x308 [ 28.253137] kunit_try_run_case+0x170/0x3f0 [ 28.253171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.253207] kthread+0x328/0x630 [ 28.253239] ret_from_fork+0x10/0x20 [ 28.253276] [ 28.327390] Allocated by task 239: [ 28.330778] kasan_save_stack+0x3c/0x68 [ 28.334595] kasan_save_track+0x20/0x40 [ 28.338415] kasan_save_alloc_info+0x40/0x58 [ 28.342668] __kasan_kmalloc+0xd4/0xd8 [ 28.346401] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.350914] kmalloc_double_kzfree+0xb8/0x308 [ 28.355255] kunit_try_run_case+0x170/0x3f0 [ 28.359421] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.364890] kthread+0x328/0x630 [ 28.368102] ret_from_fork+0x10/0x20 [ 28.371661] [ 28.373136] Freed by task 239: [ 28.376176] kasan_save_stack+0x3c/0x68 [ 28.379994] kasan_save_track+0x20/0x40 [ 28.383813] kasan_save_free_info+0x4c/0x78 [ 28.387980] __kasan_slab_free+0x6c/0x98 [ 28.391886] kfree+0x214/0x3c8 [ 28.394924] kfree_sensitive+0x80/0xb0 [ 28.398657] kmalloc_double_kzfree+0x11c/0x308 [ 28.403084] kunit_try_run_case+0x170/0x3f0 [ 28.407252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.412719] kthread+0x328/0x630 [ 28.415931] ret_from_fork+0x10/0x20 [ 28.419490] [ 28.420965] The buggy address belongs to the object at ffff000800a7c640 [ 28.420965] which belongs to the cache kmalloc-16 of size 16 [ 28.433293] The buggy address is located 0 bytes inside of [ 28.433293] 16-byte region [ffff000800a7c640, ffff000800a7c650) [ 28.444750] [ 28.446229] The buggy address belongs to the physical page: [ 28.451784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880a7c [ 28.459770] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.466279] page_type: f5(slab) [ 28.469411] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000 [ 28.477135] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.484853] page dumped because: kasan: bad access detected [ 28.490409] [ 28.491884] Memory state around the buggy address: [ 28.496664] ffff000800a7c500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.503867] ffff000800a7c580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.511072] >ffff000800a7c600: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 28.518273] ^ [ 28.523571] ffff000800a7c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.530776] ffff000800a7c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.537978] ==================================================================
[ 19.191539] ================================================================== [ 19.191709] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 19.191774] Free of addr fff00000c5915980 by task kunit_try_catch/195 [ 19.191819] [ 19.191852] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B W N 6.15.1-rc1 #1 PREEMPT [ 19.191985] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.192016] Hardware name: linux,dummy-virt (DT) [ 19.192048] Call trace: [ 19.192082] show_stack+0x20/0x38 (C) [ 19.192133] dump_stack_lvl+0x8c/0xd0 [ 19.192183] print_report+0x118/0x608 [ 19.192230] kasan_report_invalid_free+0xc0/0xe8 [ 19.192280] check_slab_allocation+0xd4/0x108 [ 19.192329] __kasan_slab_pre_free+0x2c/0x48 [ 19.192643] kfree+0xe8/0x3c8 [ 19.192713] kfree_sensitive+0x3c/0xb0 [ 19.192770] kmalloc_double_kzfree+0x168/0x308 [ 19.192853] kunit_try_run_case+0x170/0x3f0 [ 19.192971] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.193030] kthread+0x328/0x630 [ 19.193093] ret_from_fork+0x10/0x20 [ 19.193367] [ 19.193411] Allocated by task 195: [ 19.193490] kasan_save_stack+0x3c/0x68 [ 19.193558] kasan_save_track+0x20/0x40 [ 19.193692] kasan_save_alloc_info+0x40/0x58 [ 19.193770] __kasan_kmalloc+0xd4/0xd8 [ 19.193968] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.194024] kmalloc_double_kzfree+0xb8/0x308 [ 19.194067] kunit_try_run_case+0x170/0x3f0 [ 19.194235] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.194321] kthread+0x328/0x630 [ 19.194449] ret_from_fork+0x10/0x20 [ 19.194537] [ 19.194559] Freed by task 195: [ 19.194586] kasan_save_stack+0x3c/0x68 [ 19.194858] kasan_save_track+0x20/0x40 [ 19.194931] kasan_save_free_info+0x4c/0x78 [ 19.195049] __kasan_slab_free+0x6c/0x98 [ 19.195116] kfree+0x214/0x3c8 [ 19.195172] kfree_sensitive+0x80/0xb0 [ 19.195425] kmalloc_double_kzfree+0x11c/0x308 [ 19.195554] kunit_try_run_case+0x170/0x3f0 [ 19.195715] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.195870] kthread+0x328/0x630 [ 19.195940] ret_from_fork+0x10/0x20 [ 19.196026] [ 19.196056] The buggy address belongs to the object at fff00000c5915980 [ 19.196056] which belongs to the cache kmalloc-16 of size 16 [ 19.196173] The buggy address is located 0 bytes inside of [ 19.196173] 16-byte region [fff00000c5915980, fff00000c5915990) [ 19.196268] [ 19.196372] The buggy address belongs to the physical page: [ 19.196411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105915 [ 19.196483] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.196690] page_type: f5(slab) [ 19.196755] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.196823] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.196923] page dumped because: kasan: bad access detected [ 19.196972] [ 19.197023] Memory state around the buggy address: [ 19.197094] fff00000c5915880: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 19.197213] fff00000c5915900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.197258] >fff00000c5915980: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.197324] ^ [ 19.197542] fff00000c5915a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.197608] fff00000c5915a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.197659] ==================================================================
[ 17.033812] ================================================================== [ 17.034467] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 17.035005] Free of addr ffff888101d9a420 by task kunit_try_catch/213 [ 17.035447] [ 17.035638] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 17.035763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.035792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.035833] Call Trace: [ 17.035860] <TASK> [ 17.035897] dump_stack_lvl+0x73/0xb0 [ 17.035972] print_report+0xd1/0x650 [ 17.036027] ? __virt_addr_valid+0x1db/0x2d0 [ 17.036083] ? kasan_complete_mode_report_info+0x64/0x200 [ 17.036132] ? kfree_sensitive+0x2e/0x90 [ 17.036178] kasan_report_invalid_free+0x10a/0x130 [ 17.036229] ? kfree_sensitive+0x2e/0x90 [ 17.036278] ? kfree_sensitive+0x2e/0x90 [ 17.036318] check_slab_allocation+0x101/0x130 [ 17.036360] __kasan_slab_pre_free+0x28/0x40 [ 17.036404] kfree+0xf0/0x3f0 [ 17.036448] ? kfree_sensitive+0x2e/0x90 [ 17.036510] kfree_sensitive+0x2e/0x90 [ 17.036563] kmalloc_double_kzfree+0x19c/0x350 [ 17.036603] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 17.036641] ? __schedule+0x10cc/0x2b30 [ 17.036677] ? __pfx_read_tsc+0x10/0x10 [ 17.036710] ? ktime_get_ts64+0x86/0x230 [ 17.036760] kunit_try_run_case+0x1a5/0x480 [ 17.036801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.036836] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.036869] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.036899] ? __kthread_parkme+0x82/0x180 [ 17.036937] ? preempt_count_sub+0x50/0x80 [ 17.036965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.036990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.037015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.037038] kthread+0x337/0x6f0 [ 17.037057] ? trace_preempt_on+0x20/0xc0 [ 17.037084] ? __pfx_kthread+0x10/0x10 [ 17.037106] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.037140] ? calculate_sigpending+0x7b/0xa0 [ 17.037172] ? __pfx_kthread+0x10/0x10 [ 17.037200] ret_from_fork+0x41/0x80 [ 17.037234] ? __pfx_kthread+0x10/0x10 [ 17.037262] ret_from_fork_asm+0x1a/0x30 [ 17.037317] </TASK> [ 17.037339] [ 17.065877] Allocated by task 213: [ 17.066438] kasan_save_stack+0x45/0x70 [ 17.066916] kasan_save_track+0x18/0x40 [ 17.067343] kasan_save_alloc_info+0x3b/0x50 [ 17.067763] __kasan_kmalloc+0xb7/0xc0 [ 17.068089] __kmalloc_cache_noprof+0x189/0x420 [ 17.068333] kmalloc_double_kzfree+0xa9/0x350 [ 17.068539] kunit_try_run_case+0x1a5/0x480 [ 17.069005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.069562] kthread+0x337/0x6f0 [ 17.069900] ret_from_fork+0x41/0x80 [ 17.070330] ret_from_fork_asm+0x1a/0x30 [ 17.070640] [ 17.070810] Freed by task 213: [ 17.070959] kasan_save_stack+0x45/0x70 [ 17.071169] kasan_save_track+0x18/0x40 [ 17.071532] kasan_save_free_info+0x3f/0x60 [ 17.071975] __kasan_slab_free+0x56/0x70 [ 17.072389] kfree+0x222/0x3f0 [ 17.072720] kfree_sensitive+0x67/0x90 [ 17.073078] kmalloc_double_kzfree+0x12b/0x350 [ 17.073850] kunit_try_run_case+0x1a5/0x480 [ 17.074281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.074676] kthread+0x337/0x6f0 [ 17.074992] ret_from_fork+0x41/0x80 [ 17.075347] ret_from_fork_asm+0x1a/0x30 [ 17.075719] [ 17.075940] The buggy address belongs to the object at ffff888101d9a420 [ 17.075940] which belongs to the cache kmalloc-16 of size 16 [ 17.076694] The buggy address is located 0 bytes inside of [ 17.076694] 16-byte region [ffff888101d9a420, ffff888101d9a430) [ 17.077066] [ 17.077417] The buggy address belongs to the physical page: [ 17.077908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d9a [ 17.078673] flags: 0x200000000000000(node=0|zone=2) [ 17.079277] page_type: f5(slab) [ 17.079598] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 17.080472] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.081165] page dumped because: kasan: bad access detected [ 17.081351] [ 17.081547] Memory state around the buggy address: [ 17.081957] ffff888101d9a300: 00 01 fc fc 00 01 fc fc fa fb fc fc fa fb fc fc [ 17.082572] ffff888101d9a380: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.083045] >ffff888101d9a400: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 17.084048] ^ [ 17.084851] ffff888101d9a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.085402] ffff888101d9a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.085728] ==================================================================