Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 |
[ 38.782600] ================================================================== [ 38.792597] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.800579] Free of addr ffff0008034a0001 by task kunit_try_catch/288 [ 38.807002] [ 38.808490] CPU: 6 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 38.808551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.808569] Hardware name: WinLink E850-96 board (DT) [ 38.808591] Call trace: [ 38.808608] show_stack+0x20/0x38 (C) [ 38.808645] dump_stack_lvl+0x8c/0xd0 [ 38.808678] print_report+0x118/0x608 [ 38.808711] kasan_report_invalid_free+0xc0/0xe8 [ 38.808748] __kasan_mempool_poison_object+0xfc/0x150 [ 38.808787] mempool_free+0x28c/0x328 [ 38.808824] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.808860] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 38.808894] kunit_try_run_case+0x170/0x3f0 [ 38.808927] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.808965] kthread+0x328/0x630 [ 38.809001] ret_from_fork+0x10/0x20 [ 38.809035] [ 38.884433] The buggy address belongs to the physical page: [ 38.889989] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8834a0 [ 38.897973] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.905612] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.912556] page_type: f8(unknown) [ 38.915954] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.923672] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.931398] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.939210] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.947023] head: 0bfffe0000000002 fffffdffe00d2801 00000000ffffffff 00000000ffffffff [ 38.954835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 38.962641] page dumped because: kasan: bad access detected [ 38.968196] [ 38.969672] Memory state around the buggy address: [ 38.974455] ffff00080349ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.981654] ffff00080349ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.988860] >ffff0008034a0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.996060] ^ [ 38.999276] ffff0008034a0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.006481] ffff0008034a0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.013683] ================================================================== [ 38.455485] ================================================================== [ 38.465779] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.473759] Free of addr ffff000801f1cb01 by task kunit_try_catch/286 [ 38.480184] [ 38.481670] CPU: 7 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 38.481727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.481744] Hardware name: WinLink E850-96 board (DT) [ 38.481767] Call trace: [ 38.481780] show_stack+0x20/0x38 (C) [ 38.481820] dump_stack_lvl+0x8c/0xd0 [ 38.481855] print_report+0x118/0x608 [ 38.481888] kasan_report_invalid_free+0xc0/0xe8 [ 38.481922] check_slab_allocation+0xfc/0x108 [ 38.481953] __kasan_mempool_poison_object+0x78/0x150 [ 38.481989] mempool_free+0x28c/0x328 [ 38.482027] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.482060] mempool_kmalloc_invalid_free+0xc0/0x118 [ 38.482089] kunit_try_run_case+0x170/0x3f0 [ 38.482123] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.482157] kthread+0x328/0x630 [ 38.482191] ret_from_fork+0x10/0x20 [ 38.482226] [ 38.561433] Allocated by task 286: [ 38.564821] kasan_save_stack+0x3c/0x68 [ 38.568636] kasan_save_track+0x20/0x40 [ 38.572455] kasan_save_alloc_info+0x40/0x58 [ 38.576709] __kasan_mempool_unpoison_object+0x11c/0x180 [ 38.582004] remove_element+0x130/0x1f8 [ 38.585824] mempool_alloc_preallocated+0x58/0xc0 [ 38.590511] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 38.596067] mempool_kmalloc_invalid_free+0xc0/0x118 [ 38.601014] kunit_try_run_case+0x170/0x3f0 [ 38.605181] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.610649] kthread+0x328/0x630 [ 38.613861] ret_from_fork+0x10/0x20 [ 38.617420] [ 38.618897] The buggy address belongs to the object at ffff000801f1cb00 [ 38.618897] which belongs to the cache kmalloc-128 of size 128 [ 38.631398] The buggy address is located 1 bytes inside of [ 38.631398] 128-byte region [ffff000801f1cb00, ffff000801f1cb80) [ 38.642941] [ 38.644420] The buggy address belongs to the physical page: [ 38.649976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881f1c [ 38.657959] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.665600] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.672543] page_type: f5(slab) [ 38.675679] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 38.683398] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 38.691124] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 38.698936] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 38.706749] head: 0bfffe0000000001 fffffdffe007c701 00000000ffffffff 00000000ffffffff [ 38.714561] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 38.722367] page dumped because: kasan: bad access detected [ 38.727922] [ 38.729397] Memory state around the buggy address: [ 38.734179] ffff000801f1ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.741381] ffff000801f1ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.748587] >ffff000801f1cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.755786] ^ [ 38.759002] ffff000801f1cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.766208] ffff000801f1cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.773409] ==================================================================