Date
July 3, 2025, 6:13 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 16.998877] ================================================================== [ 16.999147] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 16.999206] Free of addr fff00000c3fbdda0 by task kunit_try_catch/192 [ 16.999249] [ 16.999301] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.999384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.999415] Hardware name: linux,dummy-virt (DT) [ 16.999445] Call trace: [ 16.999465] show_stack+0x20/0x38 (C) [ 16.999511] dump_stack_lvl+0x8c/0xd0 [ 16.999556] print_report+0x118/0x608 [ 16.999602] kasan_report_invalid_free+0xc0/0xe8 [ 16.999658] check_slab_allocation+0xd4/0x108 [ 16.999706] __kasan_slab_pre_free+0x2c/0x48 [ 16.999753] kfree+0xe8/0x3c8 [ 16.999802] kfree_sensitive+0x3c/0xb0 [ 16.999849] kmalloc_double_kzfree+0x168/0x308 [ 16.999894] kunit_try_run_case+0x170/0x3f0 [ 16.999941] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.999992] kthread+0x328/0x630 [ 17.000045] ret_from_fork+0x10/0x20 [ 17.000101] [ 17.000120] Allocated by task 192: [ 17.000147] kasan_save_stack+0x3c/0x68 [ 17.000185] kasan_save_track+0x20/0x40 [ 17.000235] kasan_save_alloc_info+0x40/0x58 [ 17.000278] __kasan_kmalloc+0xd4/0xd8 [ 17.000315] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.000363] kmalloc_double_kzfree+0xb8/0x308 [ 17.000407] kunit_try_run_case+0x170/0x3f0 [ 17.000457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.000506] kthread+0x328/0x630 [ 17.000697] ret_from_fork+0x10/0x20 [ 17.000867] [ 17.001140] Freed by task 192: [ 17.001490] kasan_save_stack+0x3c/0x68 [ 17.001560] kasan_save_track+0x20/0x40 [ 17.001620] kasan_save_free_info+0x4c/0x78 [ 17.001830] __kasan_slab_free+0x6c/0x98 [ 17.002280] kfree+0x214/0x3c8 [ 17.002356] kfree_sensitive+0x80/0xb0 [ 17.002493] kmalloc_double_kzfree+0x11c/0x308 [ 17.002881] kunit_try_run_case+0x170/0x3f0 [ 17.002971] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.003225] kthread+0x328/0x630 [ 17.003436] ret_from_fork+0x10/0x20 [ 17.003519] [ 17.003539] The buggy address belongs to the object at fff00000c3fbdda0 [ 17.003539] which belongs to the cache kmalloc-16 of size 16 [ 17.003850] The buggy address is located 0 bytes inside of [ 17.003850] 16-byte region [fff00000c3fbdda0, fff00000c3fbddb0) [ 17.003930] [ 17.004043] The buggy address belongs to the physical page: [ 17.004096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fbd [ 17.004332] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.004544] page_type: f5(slab) [ 17.004948] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.005153] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.005286] page dumped because: kasan: bad access detected [ 17.005326] [ 17.005343] Memory state around the buggy address: [ 17.005681] fff00000c3fbdc80: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 17.005734] fff00000c3fbdd00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.005977] >fff00000c3fbdd80: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 17.006188] ^ [ 17.006399] fff00000c3fbde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.006445] fff00000c3fbde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.006652] ==================================================================
[ 11.829023] ================================================================== [ 11.829844] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.830425] Free of addr ffff888101745ec0 by task kunit_try_catch/210 [ 11.830741] [ 11.830836] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.830877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.830889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.830909] Call Trace: [ 11.830923] <TASK> [ 11.830939] dump_stack_lvl+0x73/0xb0 [ 11.832581] print_report+0xd1/0x650 [ 11.832623] ? __virt_addr_valid+0x1db/0x2d0 [ 11.832648] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.832670] ? kfree_sensitive+0x2e/0x90 [ 11.832692] kasan_report_invalid_free+0x10a/0x130 [ 11.832717] ? kfree_sensitive+0x2e/0x90 [ 11.832738] ? kfree_sensitive+0x2e/0x90 [ 11.832756] check_slab_allocation+0x101/0x130 [ 11.832777] __kasan_slab_pre_free+0x28/0x40 [ 11.832798] kfree+0xf0/0x3f0 [ 11.832820] ? kfree_sensitive+0x2e/0x90 [ 11.832841] kfree_sensitive+0x2e/0x90 [ 11.832860] kmalloc_double_kzfree+0x19c/0x350 [ 11.832883] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.832906] ? __schedule+0x10cc/0x2b60 [ 11.832927] ? __pfx_read_tsc+0x10/0x10 [ 11.832948] ? ktime_get_ts64+0x86/0x230 [ 11.832971] kunit_try_run_case+0x1a5/0x480 [ 11.832995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.833016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.833039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.833061] ? __kthread_parkme+0x82/0x180 [ 11.833079] ? preempt_count_sub+0x50/0x80 [ 11.833126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.833149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.833341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.833364] kthread+0x337/0x6f0 [ 11.833383] ? trace_preempt_on+0x20/0xc0 [ 11.833406] ? __pfx_kthread+0x10/0x10 [ 11.833427] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.833447] ? calculate_sigpending+0x7b/0xa0 [ 11.833470] ? __pfx_kthread+0x10/0x10 [ 11.833490] ret_from_fork+0x116/0x1d0 [ 11.833508] ? __pfx_kthread+0x10/0x10 [ 11.833527] ret_from_fork_asm+0x1a/0x30 [ 11.833557] </TASK> [ 11.833569] [ 11.841055] Allocated by task 210: [ 11.841411] kasan_save_stack+0x45/0x70 [ 11.841620] kasan_save_track+0x18/0x40 [ 11.841817] kasan_save_alloc_info+0x3b/0x50 [ 11.842017] __kasan_kmalloc+0xb7/0xc0 [ 11.842348] __kmalloc_cache_noprof+0x189/0x420 [ 11.842591] kmalloc_double_kzfree+0xa9/0x350 [ 11.842786] kunit_try_run_case+0x1a5/0x480 [ 11.842932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.843122] kthread+0x337/0x6f0 [ 11.843301] ret_from_fork+0x116/0x1d0 [ 11.843491] ret_from_fork_asm+0x1a/0x30 [ 11.843863] [ 11.844016] Freed by task 210: [ 11.844183] kasan_save_stack+0x45/0x70 [ 11.844451] kasan_save_track+0x18/0x40 [ 11.844622] kasan_save_free_info+0x3f/0x60 [ 11.844809] __kasan_slab_free+0x56/0x70 [ 11.845000] kfree+0x222/0x3f0 [ 11.845149] kfree_sensitive+0x67/0x90 [ 11.845282] kmalloc_double_kzfree+0x12b/0x350 [ 11.845434] kunit_try_run_case+0x1a5/0x480 [ 11.845579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.845792] kthread+0x337/0x6f0 [ 11.845957] ret_from_fork+0x116/0x1d0 [ 11.846143] ret_from_fork_asm+0x1a/0x30 [ 11.846342] [ 11.846586] The buggy address belongs to the object at ffff888101745ec0 [ 11.846586] which belongs to the cache kmalloc-16 of size 16 [ 11.847066] The buggy address is located 0 bytes inside of [ 11.847066] 16-byte region [ffff888101745ec0, ffff888101745ed0) [ 11.847840] [ 11.847925] The buggy address belongs to the physical page: [ 11.848235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 11.848553] flags: 0x200000000000000(node=0|zone=2) [ 11.848721] page_type: f5(slab) [ 11.848842] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.849142] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.849705] page dumped because: kasan: bad access detected [ 11.849969] [ 11.850061] Memory state around the buggy address: [ 11.850576] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 11.850903] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.851152] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 11.851488] ^ [ 11.851766] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.851984] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.852571] ==================================================================