Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 66.002136] ================================================================== [ 66.014221] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 66.022308] Free of addr ccc10001 by task kunit_try_catch/299 [ 66.028076] [ 66.029602] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 66.029632] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 66.029632] Hardware name: Generic DRA74X (Flattened Device Tree) [ 66.029632] Call trace: [ 66.029663] unwind_backtrace from show_stack+0x18/0x1c [ 66.029663] show_stack from dump_stack_lvl+0x70/0x90 [ 66.029693] dump_stack_lvl from print_report+0x158/0x528 [ 66.029724] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 66.029754] kasan_report_invalid_free from __kasan_mempool_poison_object+0xd0/0x128 [ 66.029785] __kasan_mempool_poison_object from mempool_free+0x360/0x440 [ 66.029785] mempool_free from mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 66.029815] mempool_kmalloc_invalid_free_helper from mempool_kmalloc_large_invalid_free+0xb8/0x104 [ 66.029846] mempool_kmalloc_large_invalid_free from kunit_try_run_case+0x22c/0x5a8 [ 66.029876] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 66.029907] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 66.029937] kthread from ret_from_fork+0x14/0x20 [ 66.029968] Exception stack(0xf2653fb0 to 0xf2653ff8) [ 66.029968] 3fa0: 00000000 00000000 00000000 00000000 [ 66.029998] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 66.029998] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 66.030029] [ 66.162567] The buggy address belongs to the physical page: [ 66.168182] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cc10 [ 66.175476] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.183166] flags: 0x40(head|zone=0) [ 66.186767] page_type: f8(unknown) [ 66.190216] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 66.198364] raw: 00000000 [ 66.200988] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 66.209228] head: 00000000 00000002 eebca241 ffffffff 00000000 ffffffff 00000000 ffffffff [ 66.217468] head: 00000000 00000004 [ 66.220977] page dumped because: kasan: bad access detected [ 66.226593] [ 66.228088] Memory state around the buggy address: [ 66.232910] ccc0ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.239501] ccc0ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.246063] >ccc10000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.252624] ^ [ 66.255187] ccc10080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.261749] ccc10100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.268341] ================================================================== [ 65.681884] ================================================================== [ 65.694152] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 65.702209] Free of addr cc22df01 by task kunit_try_catch/297 [ 65.708007] [ 65.709503] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 65.709533] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 65.709533] Hardware name: Generic DRA74X (Flattened Device Tree) [ 65.709564] Call trace: [ 65.709564] unwind_backtrace from show_stack+0x18/0x1c [ 65.709594] show_stack from dump_stack_lvl+0x70/0x90 [ 65.709625] dump_stack_lvl from print_report+0x158/0x528 [ 65.709625] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 65.709655] kasan_report_invalid_free from check_slab_allocation+0xd0/0xd8 [ 65.709686] check_slab_allocation from __kasan_mempool_poison_object+0x54/0x128 [ 65.709716] __kasan_mempool_poison_object from mempool_free+0x360/0x440 [ 65.709747] mempool_free from mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 65.709777] mempool_kmalloc_invalid_free_helper from mempool_kmalloc_invalid_free+0xb8/0x104 [ 65.709777] mempool_kmalloc_invalid_free from kunit_try_run_case+0x22c/0x5a8 [ 65.709808] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 65.709838] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 65.709869] kthread from ret_from_fork+0x14/0x20 [ 65.709899] Exception stack(0xf2643fb0 to 0xf2643ff8) [ 65.709899] 3fa0: 00000000 00000000 00000000 00000000 [ 65.709930] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 65.709930] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 65.709960] [ 65.848114] Allocated by task 297: [ 65.851531] kasan_save_track+0x30/0x5c [ 65.855407] remove_element+0x180/0x264 [ 65.859283] mempool_alloc_preallocated+0x60/0x9c [ 65.864013] mempool_kmalloc_invalid_free_helper+0x90/0x2f8 [ 65.869628] mempool_kmalloc_invalid_free+0xb8/0x104 [ 65.874633] kunit_try_run_case+0x22c/0x5a8 [ 65.878845] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 65.884399] kthread+0x464/0x810 [ 65.887634] ret_from_fork+0x14/0x20 [ 65.891265] [ 65.892761] The buggy address belongs to the object at cc22df00 [ 65.892761] which belongs to the cache kmalloc-128 of size 128 [ 65.904663] The buggy address is located 1 bytes inside of [ 65.904663] 128-byte region [cc22df00, cc22df80) [ 65.914886] [ 65.916412] The buggy address belongs to the physical page: [ 65.921997] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c22d [ 65.929290] flags: 0x0(zone=0) [ 65.932373] page_type: f5(slab) [ 65.935546] raw: 00000000 c7001400 00000122 00000000 00000000 00100010 f5000000 00000000 [ 65.943664] raw: 00000000 [ 65.946319] page dumped because: kasan: bad access detected [ 65.951934] [ 65.953430] Memory state around the buggy address: [ 65.958251] cc22de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.964813] cc22de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.971405] >cc22df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.977966] ^ [ 65.980529] cc22df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.987091] cc22e000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 65.993682] ==================================================================
[ 39.345978] ================================================================== [ 39.358176] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.366183] Free of addr ffff888107f05a01 by task kunit_try_catch/284 [ 39.372622] [ 39.374122] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 39.374130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.374132] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 39.374136] Call Trace: [ 39.374137] <TASK> [ 39.374139] dump_stack_lvl+0x73/0xb0 [ 39.374143] print_report+0xd1/0x650 [ 39.374147] ? __virt_addr_valid+0x1db/0x2d0 [ 39.374151] ? kasan_complete_mode_report_info+0x2a/0x200 [ 39.374155] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.374160] kasan_report_invalid_free+0x10a/0x130 [ 39.374165] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.374171] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.374175] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.374180] check_slab_allocation+0x11f/0x130 [ 39.374184] __kasan_mempool_poison_object+0x91/0x1d0 [ 39.374189] mempool_free+0x2ec/0x380 [ 39.374193] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.374198] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 39.374203] ? dequeue_entities+0xa24/0x1790 [ 39.374207] ? finish_task_switch.isra.0+0x153/0x700 [ 39.374212] mempool_kmalloc_invalid_free+0xed/0x140 [ 39.374217] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 39.374222] ? dequeue_task_fair+0x166/0x4e0 [ 39.374226] ? __pfx_mempool_kmalloc+0x10/0x10 [ 39.374229] ? __pfx_mempool_kfree+0x10/0x10 [ 39.374233] ? ktime_get_ts64+0x83/0x230 [ 39.374238] kunit_try_run_case+0x1a2/0x480 [ 39.374242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 39.374246] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 39.374251] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 39.374255] ? __kthread_parkme+0x82/0x180 [ 39.374259] ? preempt_count_sub+0x50/0x80 [ 39.374264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 39.374268] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 39.374272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 39.374276] kthread+0x334/0x6f0 [ 39.374280] ? trace_preempt_on+0x20/0xc0 [ 39.374284] ? __pfx_kthread+0x10/0x10 [ 39.374289] ? _raw_spin_unlock_irq+0x47/0x80 [ 39.374293] ? calculate_sigpending+0x7b/0xa0 [ 39.374296] ? __pfx_kthread+0x10/0x10 [ 39.374301] ret_from_fork+0x3e/0x80 [ 39.374305] ? __pfx_kthread+0x10/0x10 [ 39.374309] ret_from_fork_asm+0x1a/0x30 [ 39.374315] </TASK> [ 39.374316] [ 39.589139] Allocated by task 284: [ 39.592546] kasan_save_stack+0x45/0x70 [ 39.596384] kasan_save_track+0x18/0x40 [ 39.600224] kasan_save_alloc_info+0x3b/0x50 [ 39.604498] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 39.609818] remove_element+0x11e/0x190 [ 39.613656] mempool_alloc_preallocated+0x4d/0x90 [ 39.618388] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 39.623962] mempool_kmalloc_invalid_free+0xed/0x140 [ 39.628937] kunit_try_run_case+0x1a2/0x480 [ 39.633130] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 39.638528] kthread+0x334/0x6f0 [ 39.641760] ret_from_fork+0x3e/0x80 [ 39.645339] ret_from_fork_asm+0x1a/0x30 [ 39.649265] [ 39.650765] The buggy address belongs to the object at ffff888107f05a00 [ 39.650765] which belongs to the cache kmalloc-128 of size 128 [ 39.663272] The buggy address is located 1 bytes inside of [ 39.663272] 128-byte region [ffff888107f05a00, ffff888107f05a80) [ 39.674833] [ 39.676330] The buggy address belongs to the physical page: [ 39.681904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107f05 [ 39.689903] flags: 0x200000000000000(node=0|zone=2) [ 39.694781] page_type: f5(slab) [ 39.697928] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 39.705691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 39.713457] page dumped because: kasan: bad access detected [ 39.719032] [ 39.720531] Memory state around the buggy address: [ 39.725322] ffff888107f05900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.732542] ffff888107f05980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.739760] >ffff888107f05a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.746978] ^ [ 39.750212] ffff888107f05a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.757430] ffff888107f05b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.764651] ================================================================== [ 39.772216] ================================================================== [ 39.784226] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.792234] Free of addr ffff888105238001 by task kunit_try_catch/286 [ 39.798687] [ 39.800207] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 39.800215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.800217] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 39.800220] Call Trace: [ 39.800222] <TASK> [ 39.800224] dump_stack_lvl+0x73/0xb0 [ 39.800227] print_report+0xd1/0x650 [ 39.800231] ? __virt_addr_valid+0x1db/0x2d0 [ 39.800235] ? kasan_addr_to_slab+0x11/0xa0 [ 39.800239] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.800244] kasan_report_invalid_free+0x10a/0x130 [ 39.800249] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.800254] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.800259] __kasan_mempool_poison_object+0x102/0x1d0 [ 39.800264] mempool_free+0x2ec/0x380 [ 39.800268] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 39.800273] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 39.800278] ? dequeue_entities+0xa24/0x1790 [ 39.800282] ? finish_task_switch.isra.0+0x153/0x700 [ 39.800287] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 39.800292] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 39.800297] ? dequeue_task_fair+0x166/0x4e0 [ 39.800301] ? __pfx_mempool_kmalloc+0x10/0x10 [ 39.800304] ? __pfx_mempool_kfree+0x10/0x10 [ 39.800308] ? ktime_get_ts64+0x83/0x230 [ 39.800313] kunit_try_run_case+0x1a2/0x480 [ 39.800318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 39.800322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 39.800326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 39.800331] ? __kthread_parkme+0x82/0x180 [ 39.800335] ? preempt_count_sub+0x50/0x80 [ 39.800339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 39.800344] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 39.800348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 39.800352] kthread+0x334/0x6f0 [ 39.800356] ? trace_preempt_on+0x20/0xc0 [ 39.800360] ? __pfx_kthread+0x10/0x10 [ 39.800364] ? _raw_spin_unlock_irq+0x47/0x80 [ 39.800368] ? calculate_sigpending+0x7b/0xa0 [ 39.800372] ? __pfx_kthread+0x10/0x10 [ 39.800376] ret_from_fork+0x3e/0x80 [ 39.800380] ? __pfx_kthread+0x10/0x10 [ 39.800385] ret_from_fork_asm+0x1a/0x30 [ 39.800390] </TASK> [ 39.800392] [ 40.004885] The buggy address belongs to the physical page: [ 40.010460] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105238 [ 40.018467] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 40.026119] flags: 0x200000000000040(head|node=0|zone=2) [ 40.031433] page_type: f8(unknown) [ 40.034837] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 40.042579] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 40.050325] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 40.058151] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 40.065978] head: 0200000000000002 ffffea0004148e01 00000000ffffffff 00000000ffffffff [ 40.073810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 40.081635] page dumped because: kasan: bad access detected [ 40.087207] [ 40.088707] Memory state around the buggy address: [ 40.093499] ffff888105237f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.100720] ffff888105237f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.107965] >ffff888105238000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.115192] ^ [ 40.118423] ffff888105238080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.125644] ffff888105238100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.132887] ==================================================================