Date
July 4, 2025, 3:11 p.m.
Environment | |
---|---|
e850-96 | |
qemu-arm64 | |
qemu-x86_64 |
[ 28.274296] ================================================================== [ 28.281323] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 28.287308] Free of addr ffff000800cad020 by task kunit_try_catch/241 [ 28.293731] [ 28.295217] CPU: 6 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 28.295271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.295289] Hardware name: WinLink E850-96 board (DT) [ 28.295307] Call trace: [ 28.295318] show_stack+0x20/0x38 (C) [ 28.295352] dump_stack_lvl+0x8c/0xd0 [ 28.295388] print_report+0x118/0x608 [ 28.295418] kasan_report_invalid_free+0xc0/0xe8 [ 28.295450] check_slab_allocation+0xd4/0x108 [ 28.295479] __kasan_slab_pre_free+0x2c/0x48 [ 28.295509] kfree+0xe8/0x3c8 [ 28.295535] kfree_sensitive+0x3c/0xb0 [ 28.295562] kmalloc_double_kzfree+0x168/0x308 [ 28.295598] kunit_try_run_case+0x170/0x3f0 [ 28.295635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.295671] kthread+0x328/0x630 [ 28.295702] ret_from_fork+0x10/0x20 [ 28.295733] [ 28.369860] Allocated by task 241: [ 28.373246] kasan_save_stack+0x3c/0x68 [ 28.377063] kasan_save_track+0x20/0x40 [ 28.380883] kasan_save_alloc_info+0x40/0x58 [ 28.385136] __kasan_kmalloc+0xd4/0xd8 [ 28.388869] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.393383] kmalloc_double_kzfree+0xb8/0x308 [ 28.397723] kunit_try_run_case+0x170/0x3f0 [ 28.401890] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.407358] kthread+0x328/0x630 [ 28.410570] ret_from_fork+0x10/0x20 [ 28.414129] [ 28.415605] Freed by task 241: [ 28.418644] kasan_save_stack+0x3c/0x68 [ 28.422462] kasan_save_track+0x20/0x40 [ 28.426281] kasan_save_free_info+0x4c/0x78 [ 28.430448] __kasan_slab_free+0x6c/0x98 [ 28.434354] kfree+0x214/0x3c8 [ 28.437392] kfree_sensitive+0x80/0xb0 [ 28.441125] kmalloc_double_kzfree+0x11c/0x308 [ 28.445552] kunit_try_run_case+0x170/0x3f0 [ 28.449719] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.455187] kthread+0x328/0x630 [ 28.458399] ret_from_fork+0x10/0x20 [ 28.461958] [ 28.463435] The buggy address belongs to the object at ffff000800cad020 [ 28.463435] which belongs to the cache kmalloc-16 of size 16 [ 28.475760] The buggy address is located 0 bytes inside of [ 28.475760] 16-byte region [ffff000800cad020, ffff000800cad030) [ 28.487218] [ 28.488695] The buggy address belongs to the physical page: [ 28.494253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880cad [ 28.502235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.508747] page_type: f5(slab) [ 28.511883] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000 [ 28.519603] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.527322] page dumped because: kasan: bad access detected [ 28.532877] [ 28.534352] Memory state around the buggy address: [ 28.539134] ffff000800cacf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.546336] ffff000800cacf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.553542] >ffff000800cad000: 00 04 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 28.560741] ^ [ 28.564999] ffff000800cad080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.572203] ffff000800cad100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.579406] ==================================================================
[ 15.733908] ================================================================== [ 15.733983] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 15.734042] Free of addr fff00000c6271320 by task kunit_try_catch/197 [ 15.734082] [ 15.734112] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.734191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.734217] Hardware name: linux,dummy-virt (DT) [ 15.734245] Call trace: [ 15.734268] show_stack+0x20/0x38 (C) [ 15.734323] dump_stack_lvl+0x8c/0xd0 [ 15.734372] print_report+0x118/0x608 [ 15.734414] kasan_report_invalid_free+0xc0/0xe8 [ 15.734460] check_slab_allocation+0xd4/0x108 [ 15.734503] __kasan_slab_pre_free+0x2c/0x48 [ 15.734548] kfree+0xe8/0x3c8 [ 15.734596] kfree_sensitive+0x3c/0xb0 [ 15.734653] kmalloc_double_kzfree+0x168/0x308 [ 15.734702] kunit_try_run_case+0x170/0x3f0 [ 15.734748] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.734798] kthread+0x328/0x630 [ 15.734842] ret_from_fork+0x10/0x20 [ 15.734886] [ 15.734903] Allocated by task 197: [ 15.734930] kasan_save_stack+0x3c/0x68 [ 15.734968] kasan_save_track+0x20/0x40 [ 15.735001] kasan_save_alloc_info+0x40/0x58 [ 15.735049] __kasan_kmalloc+0xd4/0xd8 [ 15.735085] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.735129] kmalloc_double_kzfree+0xb8/0x308 [ 15.735169] kunit_try_run_case+0x170/0x3f0 [ 15.735207] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.735249] kthread+0x328/0x630 [ 15.735284] ret_from_fork+0x10/0x20 [ 15.735317] [ 15.735336] Freed by task 197: [ 15.735360] kasan_save_stack+0x3c/0x68 [ 15.735403] kasan_save_track+0x20/0x40 [ 15.735443] kasan_save_free_info+0x4c/0x78 [ 15.735489] __kasan_slab_free+0x6c/0x98 [ 15.735525] kfree+0x214/0x3c8 [ 15.735555] kfree_sensitive+0x80/0xb0 [ 15.735589] kmalloc_double_kzfree+0x11c/0x308 [ 15.735987] kunit_try_run_case+0x170/0x3f0 [ 15.736066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.736135] kthread+0x328/0x630 [ 15.736477] ret_from_fork+0x10/0x20 [ 15.736844] [ 15.736892] The buggy address belongs to the object at fff00000c6271320 [ 15.736892] which belongs to the cache kmalloc-16 of size 16 [ 15.737209] The buggy address is located 0 bytes inside of [ 15.737209] 16-byte region [fff00000c6271320, fff00000c6271330) [ 15.737305] [ 15.737347] The buggy address belongs to the physical page: [ 15.737386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106271 [ 15.737602] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.737829] page_type: f5(slab) [ 15.738000] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 15.738390] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.738497] page dumped because: kasan: bad access detected [ 15.738981] [ 15.739030] Memory state around the buggy address: [ 15.739076] fff00000c6271200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 15.739121] fff00000c6271280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.739448] >fff00000c6271300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 15.739590] ^ [ 15.739667] fff00000c6271380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.739810] fff00000c6271400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.739956] ==================================================================
[ 14.742543] ================================================================== [ 14.744462] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 14.745468] Free of addr ffff8881024d25e0 by task kunit_try_catch/213 [ 14.746677] [ 14.748087] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 14.748223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.748247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.748286] Call Trace: [ 14.748326] <TASK> [ 14.748400] dump_stack_lvl+0x73/0xb0 [ 14.748462] print_report+0xd1/0x650 [ 14.748503] ? __virt_addr_valid+0x1db/0x2d0 [ 14.748542] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.748580] ? kfree_sensitive+0x2e/0x90 [ 14.748618] kasan_report_invalid_free+0x10a/0x130 [ 14.748667] ? kfree_sensitive+0x2e/0x90 [ 14.748713] ? kfree_sensitive+0x2e/0x90 [ 14.748753] check_slab_allocation+0x101/0x130 [ 14.748791] __kasan_slab_pre_free+0x28/0x40 [ 14.748824] kfree+0xf0/0x3f0 [ 14.748858] ? kfree_sensitive+0x2e/0x90 [ 14.748902] kfree_sensitive+0x2e/0x90 [ 14.748934] kmalloc_double_kzfree+0x19c/0x350 [ 14.748969] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 14.749006] ? __schedule+0x10cc/0x2b60 [ 14.749066] ? __pfx_read_tsc+0x10/0x10 [ 14.749106] ? ktime_get_ts64+0x86/0x230 [ 14.749156] kunit_try_run_case+0x1a5/0x480 [ 14.749203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.749242] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.749286] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.749327] ? __kthread_parkme+0x82/0x180 [ 14.749398] ? preempt_count_sub+0x50/0x80 [ 14.749588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.749649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.749697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.749742] kthread+0x337/0x6f0 [ 14.749777] ? trace_preempt_on+0x20/0xc0 [ 14.749822] ? __pfx_kthread+0x10/0x10 [ 14.749856] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.749897] ? calculate_sigpending+0x7b/0xa0 [ 14.749939] ? __pfx_kthread+0x10/0x10 [ 14.749977] ret_from_fork+0x41/0x80 [ 14.750017] ? __pfx_kthread+0x10/0x10 [ 14.750054] ret_from_fork_asm+0x1a/0x30 [ 14.750134] </TASK> [ 14.750157] [ 14.764988] Allocated by task 213: [ 14.765262] kasan_save_stack+0x45/0x70 [ 14.765609] kasan_save_track+0x18/0x40 [ 14.765889] kasan_save_alloc_info+0x3b/0x50 [ 14.766088] __kasan_kmalloc+0xb7/0xc0 [ 14.766654] __kmalloc_cache_noprof+0x189/0x420 [ 14.767047] kmalloc_double_kzfree+0xa9/0x350 [ 14.767725] kunit_try_run_case+0x1a5/0x480 [ 14.767943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.768173] kthread+0x337/0x6f0 [ 14.768498] ret_from_fork+0x41/0x80 [ 14.768854] ret_from_fork_asm+0x1a/0x30 [ 14.769373] [ 14.769570] Freed by task 213: [ 14.769931] kasan_save_stack+0x45/0x70 [ 14.770829] kasan_save_track+0x18/0x40 [ 14.771211] kasan_save_free_info+0x3f/0x60 [ 14.771834] __kasan_slab_free+0x56/0x70 [ 14.772196] kfree+0x222/0x3f0 [ 14.772366] kfree_sensitive+0x67/0x90 [ 14.772550] kmalloc_double_kzfree+0x12b/0x350 [ 14.772928] kunit_try_run_case+0x1a5/0x480 [ 14.773500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.773938] kthread+0x337/0x6f0 [ 14.774157] ret_from_fork+0x41/0x80 [ 14.774722] ret_from_fork_asm+0x1a/0x30 [ 14.775420] [ 14.775551] The buggy address belongs to the object at ffff8881024d25e0 [ 14.775551] which belongs to the cache kmalloc-16 of size 16 [ 14.776641] The buggy address is located 0 bytes inside of [ 14.776641] 16-byte region [ffff8881024d25e0, ffff8881024d25f0) [ 14.777503] [ 14.777729] The buggy address belongs to the physical page: [ 14.778757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d2 [ 14.779231] flags: 0x200000000000000(node=0|zone=2) [ 14.779740] page_type: f5(slab) [ 14.780031] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.780638] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.781451] page dumped because: kasan: bad access detected [ 14.781807] [ 14.782029] Memory state around the buggy address: [ 14.782304] ffff8881024d2480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.783245] ffff8881024d2500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.783811] >ffff8881024d2580: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 14.784440] ^ [ 14.784986] ffff8881024d2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.785510] ffff8881024d2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.786077] ==================================================================