Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-armv7 |
[ 147.885949] ================================================================== [ 147.886861] BUG: KASAN: double-free in kmalloc_double_kzfree+0xd0/0x1cc [ 147.887588] Free of addr c8fbdb00 by task kunit_try_catch/205 [ 147.888146] [ 147.888464] CPU: 1 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 147.889346] Hardware name: Generic DT based system [ 147.889857] unwind_backtrace from show_stack+0x18/0x1c [ 147.890558] show_stack from dump_stack_lvl+0x58/0x70 [ 147.891262] dump_stack_lvl from print_report+0x164/0x51c [ 147.891811] print_report from kasan_report_invalid_free+0xb4/0xe8 [ 147.892659] kasan_report_invalid_free from __kasan_slab_free+0xfc/0x124 [ 147.893609] __kasan_slab_free from __kmem_cache_free+0x140/0x2a8 [ 147.894489] __kmem_cache_free from kmalloc_double_kzfree+0xd0/0x1cc [ 147.895302] kmalloc_double_kzfree from kunit_try_run_case+0x11c/0x2e4 [ 147.896530] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 147.897590] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 147.898453] kthread from ret_from_fork+0x14/0x30 [ 147.899075] Exception stack(0xfa123fb0 to 0xfa123ff8) [ 147.899687] 3fa0: 00000000 00000000 00000000 00000000 [ 147.900652] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 147.901520] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 147.902296] [ 147.902527] Allocated by task 205: [ 147.902959] kasan_set_track+0x3c/0x5c [ 147.903547] __kasan_kmalloc+0x8c/0x94 [ 147.904016] kmalloc_double_kzfree+0xa0/0x1cc [ 147.904711] kunit_try_run_case+0x11c/0x2e4 [ 147.905248] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 147.906449] kthread+0x184/0x1a8 [ 147.906892] ret_from_fork+0x14/0x30 [ 147.907310] [ 147.907646] Freed by task 205: [ 147.908154] kasan_set_track+0x3c/0x5c [ 147.908701] kasan_save_free_info+0x30/0x3c [ 147.909444] __kasan_slab_free+0xdc/0x124 [ 147.910015] __kmem_cache_free+0x140/0x2a8 [ 147.910583] kmalloc_double_kzfree+0xbc/0x1cc [ 147.911139] kunit_try_run_case+0x11c/0x2e4 [ 147.911767] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 147.912493] kthread+0x184/0x1a8 [ 147.912881] ret_from_fork+0x14/0x30 [ 147.913446] [ 147.913761] The buggy address belongs to the object at c8fbdb00 [ 147.913761] which belongs to the cache kmalloc-64 of size 64 [ 147.914998] The buggy address is located 0 bytes inside of [ 147.914998] 64-byte region [c8fbdb00, c8fbdb40) [ 147.916403] [ 147.916674] The buggy address belongs to the physical page: [ 147.917167] page:652e16b7 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x48fbd [ 147.918228] flags: 0x800(slab|zone=0) [ 147.918782] page_type: 0xffffffff() [ 147.919309] raw: 00000800 c4801200 00000122 00000000 00000000 80200020 ffffffff 00000001 [ 147.920188] raw: 00000000 [ 147.920527] page dumped because: kasan: bad access detected [ 147.921197] [ 147.921545] Memory state around the buggy address: [ 147.922139] c8fbda00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 147.922862] c8fbda80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 147.923676] >c8fbdb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 147.924403] ^ [ 147.924812] c8fbdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 147.925512] c8fbdc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 147.926623] ==================================================================