Date
May 30, 2025, 4:14 a.m.
Environment | |
---|---|
x15 |
[ 57.130401] ================================================================== [ 57.137664] BUG: KASAN: double-free in kmalloc_double_kzfree+0x1f4/0x3a8 [ 57.144439] Free of addr cc797880 by task kunit_try_catch/244 [ 57.150207] [ 57.151733] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 57.151733] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 57.151763] Hardware name: Generic DRA74X (Flattened Device Tree) [ 57.151763] Call trace: [ 57.151763] unwind_backtrace from show_stack+0x18/0x1c [ 57.151794] show_stack from dump_stack_lvl+0x70/0x90 [ 57.151824] dump_stack_lvl from print_report+0x158/0x528 [ 57.151855] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 57.151885] kasan_report_invalid_free from check_slab_allocation+0xb8/0xd8 [ 57.151885] check_slab_allocation from kfree+0xc8/0x384 [ 57.151916] kfree from kmalloc_double_kzfree+0x1f4/0x3a8 [ 57.151947] kmalloc_double_kzfree from kunit_try_run_case+0x22c/0x5a8 [ 57.151977] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 57.152008] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 57.152038] kthread from ret_from_fork+0x14/0x20 [ 57.152038] Exception stack(0xf2323fb0 to 0xf2323ff8) [ 57.152069] 3fa0: 00000000 00000000 00000000 00000000 [ 57.152069] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 57.152099] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 57.152099] [ 57.271301] Allocated by task 244: [ 57.274719] kasan_save_track+0x30/0x5c [ 57.278594] __kasan_kmalloc+0x8c/0x94 [ 57.282379] kmalloc_double_kzfree+0xcc/0x3a8 [ 57.286743] kunit_try_run_case+0x22c/0x5a8 [ 57.290985] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 57.296508] kthread+0x464/0x810 [ 57.299774] ret_from_fork+0x14/0x20 [ 57.303375] [ 57.304870] Freed by task 244: [ 57.307952] kasan_save_track+0x30/0x5c [ 57.311798] kasan_save_free_info+0x3c/0x48 [ 57.316040] __kasan_slab_free+0x40/0x50 [ 57.319976] kfree+0xe8/0x384 [ 57.322967] kmalloc_double_kzfree+0x174/0x3a8 [ 57.327453] kunit_try_run_case+0x22c/0x5a8 [ 57.331665] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 57.337188] kthread+0x464/0x810 [ 57.340454] ret_from_fork+0x14/0x20 [ 57.344055] [ 57.345550] The buggy address belongs to the object at cc797880 [ 57.345550] which belongs to the cache kmalloc-64 of size 64 [ 57.357299] The buggy address is located 0 bytes inside of [ 57.357299] 64-byte region [cc797880, cc7978c0) [ 57.367431] [ 57.368927] The buggy address belongs to the physical page: [ 57.374542] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c797 [ 57.381805] flags: 0x0(zone=0) [ 57.384887] page_type: f5(slab) [ 57.388061] raw: 00000000 c7001300 00000122 00000000 00000000 80200020 f5000000 00000000 [ 57.396209] raw: 00000000 [ 57.398834] page dumped because: kasan: bad access detected [ 57.404449] [ 57.405944] Memory state around the buggy address: [ 57.410766] cc797780: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.417358] cc797800: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.423919] >cc797880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 57.430480] ^ [ 57.433044] cc797900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.439605] cc797980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.446166] ==================================================================