Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 |
[ 38.259468] ================================================================== [ 38.270208] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 38.277325] Free of addr ffff0008034a0000 by task kunit_try_catch/284 [ 38.283746] [ 38.285232] CPU: 6 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 38.285292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.285310] Hardware name: WinLink E850-96 board (DT) [ 38.285334] Call trace: [ 38.285349] show_stack+0x20/0x38 (C) [ 38.285385] dump_stack_lvl+0x8c/0xd0 [ 38.285418] print_report+0x118/0x608 [ 38.285455] kasan_report_invalid_free+0xc0/0xe8 [ 38.285490] __kasan_mempool_poison_pages+0xe0/0xe8 [ 38.285523] mempool_free+0x24c/0x328 [ 38.285561] mempool_double_free_helper+0x150/0x2e8 [ 38.285594] mempool_page_alloc_double_free+0xbc/0x118 [ 38.285627] kunit_try_run_case+0x170/0x3f0 [ 38.285661] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.285696] kthread+0x328/0x630 [ 38.285731] ret_from_fork+0x10/0x20 [ 38.285767] [ 38.359876] The buggy address belongs to the physical page: [ 38.365431] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8834a0 [ 38.373416] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.379938] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 38.387656] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 38.395375] page dumped because: kasan: bad access detected [ 38.400930] [ 38.402406] Memory state around the buggy address: [ 38.407188] ffff00080349ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.414389] ffff00080349ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.421595] >ffff0008034a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.428795] ^ [ 38.432010] ffff0008034a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.439215] ffff0008034a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.446417] ================================================================== [ 38.021360] ================================================================== [ 38.031154] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 38.038265] Free of addr ffff0008067b4000 by task kunit_try_catch/282 [ 38.044687] [ 38.046174] CPU: 7 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 38.046228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.046244] Hardware name: WinLink E850-96 board (DT) [ 38.046264] Call trace: [ 38.046276] show_stack+0x20/0x38 (C) [ 38.046311] dump_stack_lvl+0x8c/0xd0 [ 38.046346] print_report+0x118/0x608 [ 38.046380] kasan_report_invalid_free+0xc0/0xe8 [ 38.046414] __kasan_mempool_poison_object+0x14c/0x150 [ 38.046448] mempool_free+0x28c/0x328 [ 38.046488] mempool_double_free_helper+0x150/0x2e8 [ 38.046521] mempool_kmalloc_large_double_free+0xc0/0x118 [ 38.046553] kunit_try_run_case+0x170/0x3f0 [ 38.046585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.046620] kthread+0x328/0x630 [ 38.046655] ret_from_fork+0x10/0x20 [ 38.046687] [ 38.121337] The buggy address belongs to the physical page: [ 38.126893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8867b4 [ 38.134877] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.142519] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.149460] page_type: f8(unknown) [ 38.152857] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.160576] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.168302] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.176113] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.183927] head: 0bfffe0000000002 fffffdffe019ed01 00000000ffffffff 00000000ffffffff [ 38.191739] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 38.199544] page dumped because: kasan: bad access detected [ 38.205100] [ 38.206575] Memory state around the buggy address: [ 38.211357] ffff0008067b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.218562] ffff0008067b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.225763] >ffff0008067b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.232964] ^ [ 38.236180] ffff0008067b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.243384] ffff0008067b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.250587] ================================================================== [ 37.646161] ================================================================== [ 37.655895] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 37.663012] Free of addr ffff000801edec00 by task kunit_try_catch/280 [ 37.669432] [ 37.670919] CPU: 6 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 37.670981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.670998] Hardware name: WinLink E850-96 board (DT) [ 37.671021] Call trace: [ 37.671035] show_stack+0x20/0x38 (C) [ 37.671072] dump_stack_lvl+0x8c/0xd0 [ 37.671108] print_report+0x118/0x608 [ 37.671143] kasan_report_invalid_free+0xc0/0xe8 [ 37.671180] check_slab_allocation+0xd4/0x108 [ 37.671212] __kasan_mempool_poison_object+0x78/0x150 [ 37.671250] mempool_free+0x28c/0x328 [ 37.671287] mempool_double_free_helper+0x150/0x2e8 [ 37.671317] mempool_kmalloc_double_free+0xc0/0x118 [ 37.671349] kunit_try_run_case+0x170/0x3f0 [ 37.671382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.671417] kthread+0x328/0x630 [ 37.671452] ret_from_fork+0x10/0x20 [ 37.671489] [ 37.749813] Allocated by task 280: [ 37.753200] kasan_save_stack+0x3c/0x68 [ 37.757017] kasan_save_track+0x20/0x40 [ 37.760836] kasan_save_alloc_info+0x40/0x58 [ 37.765089] __kasan_mempool_unpoison_object+0x11c/0x180 [ 37.770384] remove_element+0x130/0x1f8 [ 37.774204] mempool_alloc_preallocated+0x58/0xc0 [ 37.778891] mempool_double_free_helper+0x94/0x2e8 [ 37.783665] mempool_kmalloc_double_free+0xc0/0x118 [ 37.788527] kunit_try_run_case+0x170/0x3f0 [ 37.792693] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.798161] kthread+0x328/0x630 [ 37.801373] ret_from_fork+0x10/0x20 [ 37.804932] [ 37.806410] Freed by task 280: [ 37.809449] kasan_save_stack+0x3c/0x68 [ 37.813266] kasan_save_track+0x20/0x40 [ 37.817085] kasan_save_free_info+0x4c/0x78 [ 37.821252] __kasan_mempool_poison_object+0xc0/0x150 [ 37.826286] mempool_free+0x28c/0x328 [ 37.829932] mempool_double_free_helper+0x100/0x2e8 [ 37.834793] mempool_kmalloc_double_free+0xc0/0x118 [ 37.839654] kunit_try_run_case+0x170/0x3f0 [ 37.843822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.849289] kthread+0x328/0x630 [ 37.852501] ret_from_fork+0x10/0x20 [ 37.856060] [ 37.857538] The buggy address belongs to the object at ffff000801edec00 [ 37.857538] which belongs to the cache kmalloc-128 of size 128 [ 37.870039] The buggy address is located 0 bytes inside of [ 37.870039] 128-byte region [ffff000801edec00, ffff000801edec80) [ 37.881580] [ 37.883061] The buggy address belongs to the physical page: [ 37.888616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ede [ 37.896599] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 37.904240] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 37.911183] page_type: f5(slab) [ 37.914319] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 37.922038] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.929765] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 37.937576] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.945389] head: 0bfffe0000000001 fffffdffe007b781 00000000ffffffff 00000000ffffffff [ 37.953201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 37.961006] page dumped because: kasan: bad access detected [ 37.966562] [ 37.968037] Memory state around the buggy address: [ 37.972819] ffff000801edeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.980022] ffff000801edeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.987225] >ffff000801edec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.994426] ^ [ 37.997641] ffff000801edec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.004847] ffff000801eded00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.012049] ==================================================================