Hay
Date
May 30, 2025, 4:14 a.m.

Environment
x15

[   57.130401] ==================================================================
[   57.137664] BUG: KASAN: double-free in kmalloc_double_kzfree+0x1f4/0x3a8
[   57.144439] Free of addr cc797880 by task kunit_try_catch/244
[   57.150207] 
[   57.151733] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.0-next-20250530 #1 NONE 
[   57.151733] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   57.151763] Hardware name: Generic DRA74X (Flattened Device Tree)
[   57.151763] Call trace: 
[   57.151763]  unwind_backtrace from show_stack+0x18/0x1c
[   57.151794]  show_stack from dump_stack_lvl+0x70/0x90
[   57.151824]  dump_stack_lvl from print_report+0x158/0x528
[   57.151855]  print_report from kasan_report_invalid_free+0xc0/0xf4
[   57.151885]  kasan_report_invalid_free from check_slab_allocation+0xb8/0xd8
[   57.151885]  check_slab_allocation from kfree+0xc8/0x384
[   57.151916]  kfree from kmalloc_double_kzfree+0x1f4/0x3a8
[   57.151947]  kmalloc_double_kzfree from kunit_try_run_case+0x22c/0x5a8
[   57.151977]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128
[   57.152008]  kunit_generic_run_threadfn_adapter from kthread+0x464/0x810
[   57.152038]  kthread from ret_from_fork+0x14/0x20
[   57.152038] Exception stack(0xf2323fb0 to 0xf2323ff8)
[   57.152069] 3fa0:                                     00000000 00000000 00000000 00000000
[   57.152069] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   57.152099] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   57.152099] 
[   57.271301] Allocated by task 244:
[   57.274719]  kasan_save_track+0x30/0x5c
[   57.278594]  __kasan_kmalloc+0x8c/0x94
[   57.282379]  kmalloc_double_kzfree+0xcc/0x3a8
[   57.286743]  kunit_try_run_case+0x22c/0x5a8
[   57.290985]  kunit_generic_run_threadfn_adapter+0xc4/0x128
[   57.296508]  kthread+0x464/0x810
[   57.299774]  ret_from_fork+0x14/0x20
[   57.303375] 
[   57.304870] Freed by task 244:
[   57.307952]  kasan_save_track+0x30/0x5c
[   57.311798]  kasan_save_free_info+0x3c/0x48
[   57.316040]  __kasan_slab_free+0x40/0x50
[   57.319976]  kfree+0xe8/0x384
[   57.322967]  kmalloc_double_kzfree+0x174/0x3a8
[   57.327453]  kunit_try_run_case+0x22c/0x5a8
[   57.331665]  kunit_generic_run_threadfn_adapter+0xc4/0x128
[   57.337188]  kthread+0x464/0x810
[   57.340454]  ret_from_fork+0x14/0x20
[   57.344055] 
[   57.345550] The buggy address belongs to the object at cc797880
[   57.345550]  which belongs to the cache kmalloc-64 of size 64
[   57.357299] The buggy address is located 0 bytes inside of
[   57.357299]  64-byte region [cc797880, cc7978c0)
[   57.367431] 
[   57.368927] The buggy address belongs to the physical page:
[   57.374542] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c797
[   57.381805] flags: 0x0(zone=0)
[   57.384887] page_type: f5(slab)
[   57.388061] raw: 00000000 c7001300 00000122 00000000 00000000 80200020 f5000000 00000000
[   57.396209] raw: 00000000
[   57.398834] page dumped because: kasan: bad access detected
[   57.404449] 
[   57.405944] Memory state around the buggy address:
[   57.410766]  cc797780: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.417358]  cc797800: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.423919] >cc797880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   57.430480]            ^
[   57.433044]  cc797900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.439605]  cc797980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.446166] ==================================================================