Hay
Date
July 4, 2025, 3:11 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   28.274296] ==================================================================
[   28.281323] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[   28.287308] Free of addr ffff000800cad020 by task kunit_try_catch/241
[   28.293731] 
[   28.295217] CPU: 6 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   28.295271] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.295289] Hardware name: WinLink E850-96 board (DT)
[   28.295307] Call trace:
[   28.295318]  show_stack+0x20/0x38 (C)
[   28.295352]  dump_stack_lvl+0x8c/0xd0
[   28.295388]  print_report+0x118/0x608
[   28.295418]  kasan_report_invalid_free+0xc0/0xe8
[   28.295450]  check_slab_allocation+0xd4/0x108
[   28.295479]  __kasan_slab_pre_free+0x2c/0x48
[   28.295509]  kfree+0xe8/0x3c8
[   28.295535]  kfree_sensitive+0x3c/0xb0
[   28.295562]  kmalloc_double_kzfree+0x168/0x308
[   28.295598]  kunit_try_run_case+0x170/0x3f0
[   28.295635]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.295671]  kthread+0x328/0x630
[   28.295702]  ret_from_fork+0x10/0x20
[   28.295733] 
[   28.369860] Allocated by task 241:
[   28.373246]  kasan_save_stack+0x3c/0x68
[   28.377063]  kasan_save_track+0x20/0x40
[   28.380883]  kasan_save_alloc_info+0x40/0x58
[   28.385136]  __kasan_kmalloc+0xd4/0xd8
[   28.388869]  __kmalloc_cache_noprof+0x16c/0x3c0
[   28.393383]  kmalloc_double_kzfree+0xb8/0x308
[   28.397723]  kunit_try_run_case+0x170/0x3f0
[   28.401890]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.407358]  kthread+0x328/0x630
[   28.410570]  ret_from_fork+0x10/0x20
[   28.414129] 
[   28.415605] Freed by task 241:
[   28.418644]  kasan_save_stack+0x3c/0x68
[   28.422462]  kasan_save_track+0x20/0x40
[   28.426281]  kasan_save_free_info+0x4c/0x78
[   28.430448]  __kasan_slab_free+0x6c/0x98
[   28.434354]  kfree+0x214/0x3c8
[   28.437392]  kfree_sensitive+0x80/0xb0
[   28.441125]  kmalloc_double_kzfree+0x11c/0x308
[   28.445552]  kunit_try_run_case+0x170/0x3f0
[   28.449719]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.455187]  kthread+0x328/0x630
[   28.458399]  ret_from_fork+0x10/0x20
[   28.461958] 
[   28.463435] The buggy address belongs to the object at ffff000800cad020
[   28.463435]  which belongs to the cache kmalloc-16 of size 16
[   28.475760] The buggy address is located 0 bytes inside of
[   28.475760]  16-byte region [ffff000800cad020, ffff000800cad030)
[   28.487218] 
[   28.488695] The buggy address belongs to the physical page:
[   28.494253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880cad
[   28.502235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   28.508747] page_type: f5(slab)
[   28.511883] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000
[   28.519603] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   28.527322] page dumped because: kasan: bad access detected
[   28.532877] 
[   28.534352] Memory state around the buggy address:
[   28.539134]  ffff000800cacf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.546336]  ffff000800cacf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.553542] >ffff000800cad000: 00 04 fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   28.560741]                                ^
[   28.564999]  ffff000800cad080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.572203]  ffff000800cad100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.579406] ==================================================================

[   15.733908] ==================================================================
[   15.733983] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[   15.734042] Free of addr fff00000c6271320 by task kunit_try_catch/197
[   15.734082] 
[   15.734112] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   15.734191] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.734217] Hardware name: linux,dummy-virt (DT)
[   15.734245] Call trace:
[   15.734268]  show_stack+0x20/0x38 (C)
[   15.734323]  dump_stack_lvl+0x8c/0xd0
[   15.734372]  print_report+0x118/0x608
[   15.734414]  kasan_report_invalid_free+0xc0/0xe8
[   15.734460]  check_slab_allocation+0xd4/0x108
[   15.734503]  __kasan_slab_pre_free+0x2c/0x48
[   15.734548]  kfree+0xe8/0x3c8
[   15.734596]  kfree_sensitive+0x3c/0xb0
[   15.734653]  kmalloc_double_kzfree+0x168/0x308
[   15.734702]  kunit_try_run_case+0x170/0x3f0
[   15.734748]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.734798]  kthread+0x328/0x630
[   15.734842]  ret_from_fork+0x10/0x20
[   15.734886] 
[   15.734903] Allocated by task 197:
[   15.734930]  kasan_save_stack+0x3c/0x68
[   15.734968]  kasan_save_track+0x20/0x40
[   15.735001]  kasan_save_alloc_info+0x40/0x58
[   15.735049]  __kasan_kmalloc+0xd4/0xd8
[   15.735085]  __kmalloc_cache_noprof+0x16c/0x3c0
[   15.735129]  kmalloc_double_kzfree+0xb8/0x308
[   15.735169]  kunit_try_run_case+0x170/0x3f0
[   15.735207]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.735249]  kthread+0x328/0x630
[   15.735284]  ret_from_fork+0x10/0x20
[   15.735317] 
[   15.735336] Freed by task 197:
[   15.735360]  kasan_save_stack+0x3c/0x68
[   15.735403]  kasan_save_track+0x20/0x40
[   15.735443]  kasan_save_free_info+0x4c/0x78
[   15.735489]  __kasan_slab_free+0x6c/0x98
[   15.735525]  kfree+0x214/0x3c8
[   15.735555]  kfree_sensitive+0x80/0xb0
[   15.735589]  kmalloc_double_kzfree+0x11c/0x308
[   15.735987]  kunit_try_run_case+0x170/0x3f0
[   15.736066]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.736135]  kthread+0x328/0x630
[   15.736477]  ret_from_fork+0x10/0x20
[   15.736844] 
[   15.736892] The buggy address belongs to the object at fff00000c6271320
[   15.736892]  which belongs to the cache kmalloc-16 of size 16
[   15.737209] The buggy address is located 0 bytes inside of
[   15.737209]  16-byte region [fff00000c6271320, fff00000c6271330)
[   15.737305] 
[   15.737347] The buggy address belongs to the physical page:
[   15.737386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106271
[   15.737602] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   15.737829] page_type: f5(slab)
[   15.738000] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   15.738390] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   15.738497] page dumped because: kasan: bad access detected
[   15.738981] 
[   15.739030] Memory state around the buggy address:
[   15.739076]  fff00000c6271200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   15.739121]  fff00000c6271280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   15.739448] >fff00000c6271300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   15.739590]                                ^
[   15.739667]  fff00000c6271380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.739810]  fff00000c6271400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.739956] ==================================================================

[   14.742543] ==================================================================
[   14.744462] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90
[   14.745468] Free of addr ffff8881024d25e0 by task kunit_try_catch/213
[   14.746677] 
[   14.748087] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT(voluntary) 
[   14.748223] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.748247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.748286] Call Trace:
[   14.748326]  <TASK>
[   14.748400]  dump_stack_lvl+0x73/0xb0
[   14.748462]  print_report+0xd1/0x650
[   14.748503]  ? __virt_addr_valid+0x1db/0x2d0
[   14.748542]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.748580]  ? kfree_sensitive+0x2e/0x90
[   14.748618]  kasan_report_invalid_free+0x10a/0x130
[   14.748667]  ? kfree_sensitive+0x2e/0x90
[   14.748713]  ? kfree_sensitive+0x2e/0x90
[   14.748753]  check_slab_allocation+0x101/0x130
[   14.748791]  __kasan_slab_pre_free+0x28/0x40
[   14.748824]  kfree+0xf0/0x3f0
[   14.748858]  ? kfree_sensitive+0x2e/0x90
[   14.748902]  kfree_sensitive+0x2e/0x90
[   14.748934]  kmalloc_double_kzfree+0x19c/0x350
[   14.748969]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   14.749006]  ? __schedule+0x10cc/0x2b60
[   14.749066]  ? __pfx_read_tsc+0x10/0x10
[   14.749106]  ? ktime_get_ts64+0x86/0x230
[   14.749156]  kunit_try_run_case+0x1a5/0x480
[   14.749203]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.749242]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.749286]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.749327]  ? __kthread_parkme+0x82/0x180
[   14.749398]  ? preempt_count_sub+0x50/0x80
[   14.749588]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.749649]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.749697]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.749742]  kthread+0x337/0x6f0
[   14.749777]  ? trace_preempt_on+0x20/0xc0
[   14.749822]  ? __pfx_kthread+0x10/0x10
[   14.749856]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.749897]  ? calculate_sigpending+0x7b/0xa0
[   14.749939]  ? __pfx_kthread+0x10/0x10
[   14.749977]  ret_from_fork+0x41/0x80
[   14.750017]  ? __pfx_kthread+0x10/0x10
[   14.750054]  ret_from_fork_asm+0x1a/0x30
[   14.750134]  </TASK>
[   14.750157] 
[   14.764988] Allocated by task 213:
[   14.765262]  kasan_save_stack+0x45/0x70
[   14.765609]  kasan_save_track+0x18/0x40
[   14.765889]  kasan_save_alloc_info+0x3b/0x50
[   14.766088]  __kasan_kmalloc+0xb7/0xc0
[   14.766654]  __kmalloc_cache_noprof+0x189/0x420
[   14.767047]  kmalloc_double_kzfree+0xa9/0x350
[   14.767725]  kunit_try_run_case+0x1a5/0x480
[   14.767943]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.768173]  kthread+0x337/0x6f0
[   14.768498]  ret_from_fork+0x41/0x80
[   14.768854]  ret_from_fork_asm+0x1a/0x30
[   14.769373] 
[   14.769570] Freed by task 213:
[   14.769931]  kasan_save_stack+0x45/0x70
[   14.770829]  kasan_save_track+0x18/0x40
[   14.771211]  kasan_save_free_info+0x3f/0x60
[   14.771834]  __kasan_slab_free+0x56/0x70
[   14.772196]  kfree+0x222/0x3f0
[   14.772366]  kfree_sensitive+0x67/0x90
[   14.772550]  kmalloc_double_kzfree+0x12b/0x350
[   14.772928]  kunit_try_run_case+0x1a5/0x480
[   14.773500]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.773938]  kthread+0x337/0x6f0
[   14.774157]  ret_from_fork+0x41/0x80
[   14.774722]  ret_from_fork_asm+0x1a/0x30
[   14.775420] 
[   14.775551] The buggy address belongs to the object at ffff8881024d25e0
[   14.775551]  which belongs to the cache kmalloc-16 of size 16
[   14.776641] The buggy address is located 0 bytes inside of
[   14.776641]  16-byte region [ffff8881024d25e0, ffff8881024d25f0)
[   14.777503] 
[   14.777729] The buggy address belongs to the physical page:
[   14.778757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d2
[   14.779231] flags: 0x200000000000000(node=0|zone=2)
[   14.779740] page_type: f5(slab)
[   14.780031] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   14.780638] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   14.781451] page dumped because: kasan: bad access detected
[   14.781807] 
[   14.782029] Memory state around the buggy address:
[   14.782304]  ffff8881024d2480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   14.783245]  ffff8881024d2500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   14.783811] >ffff8881024d2580: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc
[   14.784440]                                                        ^
[   14.784986]  ffff8881024d2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.785510]  ffff8881024d2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.786077] ==================================================================