Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 38.488906] ================================================================== [ 38.499120] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.507103] Free of addr ffff000805826101 by task kunit_try_catch/285 [ 38.513527] [ 38.515013] CPU: 2 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 38.515077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.515092] Hardware name: WinLink E850-96 board (DT) [ 38.515113] Call trace: [ 38.515130] show_stack+0x20/0x38 (C) [ 38.515166] dump_stack_lvl+0x8c/0xd0 [ 38.515207] print_report+0x118/0x608 [ 38.515243] kasan_report_invalid_free+0xc0/0xe8 [ 38.515277] check_slab_allocation+0xfc/0x108 [ 38.515311] __kasan_mempool_poison_object+0x78/0x150 [ 38.515349] mempool_free+0x28c/0x328 [ 38.515383] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.515419] mempool_kmalloc_invalid_free+0xc0/0x118 [ 38.515452] kunit_try_run_case+0x170/0x3f0 [ 38.515487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.515529] kthread+0x328/0x630 [ 38.515559] ret_from_fork+0x10/0x20 [ 38.515594] [ 38.594429] Allocated by task 285: [ 38.597816] kasan_save_stack+0x3c/0x68 [ 38.601632] kasan_save_track+0x20/0x40 [ 38.605452] kasan_save_alloc_info+0x40/0x58 [ 38.609705] __kasan_mempool_unpoison_object+0x11c/0x180 [ 38.615000] remove_element+0x130/0x1f8 [ 38.618820] mempool_alloc_preallocated+0x58/0xc0 [ 38.623507] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 38.629062] mempool_kmalloc_invalid_free+0xc0/0x118 [ 38.634013] kunit_try_run_case+0x170/0x3f0 [ 38.638177] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.643645] kthread+0x328/0x630 [ 38.646857] ret_from_fork+0x10/0x20 [ 38.650416] [ 38.651894] The buggy address belongs to the object at ffff000805826100 [ 38.651894] which belongs to the cache kmalloc-128 of size 128 [ 38.664395] The buggy address is located 1 bytes inside of [ 38.664395] 128-byte region [ffff000805826100, ffff000805826180) [ 38.675937] [ 38.677415] The buggy address belongs to the physical page: [ 38.682972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885826 [ 38.690957] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.698593] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.705538] page_type: f5(slab) [ 38.708673] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 38.716394] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 38.724121] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 38.731932] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 38.739745] head: 0bfffe0000000001 fffffdffe0160981 00000000ffffffff 00000000ffffffff [ 38.747557] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 38.755363] page dumped because: kasan: bad access detected [ 38.760919] [ 38.762394] Memory state around the buggy address: [ 38.767175] ffff000805826000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.774376] ffff000805826080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.781584] >ffff000805826100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.788782] ^ [ 38.791998] ffff000805826180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.799202] ffff000805826200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.806404] ================================================================== [ 38.815651] ================================================================== [ 38.825593] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.833575] Free of addr ffff000806014001 by task kunit_try_catch/287 [ 38.839997] [ 38.841483] CPU: 4 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 38.841539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.841557] Hardware name: WinLink E850-96 board (DT) [ 38.841577] Call trace: [ 38.841590] show_stack+0x20/0x38 (C) [ 38.841628] dump_stack_lvl+0x8c/0xd0 [ 38.841664] print_report+0x118/0x608 [ 38.841701] kasan_report_invalid_free+0xc0/0xe8 [ 38.841736] __kasan_mempool_poison_object+0xfc/0x150 [ 38.841774] mempool_free+0x28c/0x328 [ 38.841807] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 38.841843] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 38.841878] kunit_try_run_case+0x170/0x3f0 [ 38.841917] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.841956] kthread+0x328/0x630 [ 38.841985] ret_from_fork+0x10/0x20 [ 38.842021] [ 38.917083] The buggy address belongs to the physical page: [ 38.922639] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886014 [ 38.930622] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.938264] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.945205] page_type: f8(unknown) [ 38.948600] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.956321] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.964047] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.971858] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.979672] head: 0bfffe0000000002 fffffdffe0180501 00000000ffffffff 00000000ffffffff [ 38.987484] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 38.995290] page dumped because: kasan: bad access detected [ 39.000846] [ 39.002321] Memory state around the buggy address: [ 39.007102] ffff000806013f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.014303] ffff000806013f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.021511] >ffff000806014000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.028709] ^ [ 39.031924] ffff000806014080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.039129] ffff000806014100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.046330] ==================================================================
[ 28.192382] ================================================================== [ 28.192535] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.193825] Free of addr fff00000c56e8a01 by task kunit_try_catch/242 [ 28.194087] [ 28.194211] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 28.195401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.195479] Hardware name: linux,dummy-virt (DT) [ 28.195554] Call trace: [ 28.196700] show_stack+0x20/0x38 (C) [ 28.197175] dump_stack_lvl+0x8c/0xd0 [ 28.197658] print_report+0x118/0x608 [ 28.198369] kasan_report_invalid_free+0xc0/0xe8 [ 28.198767] check_slab_allocation+0xfc/0x108 [ 28.199218] __kasan_mempool_poison_object+0x78/0x150 [ 28.199362] mempool_free+0x28c/0x328 [ 28.199477] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.199921] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.200217] kunit_try_run_case+0x170/0x3f0 [ 28.200453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.200949] kthread+0x328/0x630 [ 28.201064] ret_from_fork+0x10/0x20 [ 28.201196] [ 28.201252] Allocated by task 242: [ 28.201330] kasan_save_stack+0x3c/0x68 [ 28.201898] kasan_save_track+0x20/0x40 [ 28.202418] kasan_save_alloc_info+0x40/0x58 [ 28.202827] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.203333] remove_element+0x130/0x1f8 [ 28.203967] mempool_alloc_preallocated+0x58/0xc0 [ 28.204323] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 28.204431] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.204533] kunit_try_run_case+0x170/0x3f0 [ 28.205216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.205770] kthread+0x328/0x630 [ 28.205942] ret_from_fork+0x10/0x20 [ 28.206042] [ 28.206103] The buggy address belongs to the object at fff00000c56e8a00 [ 28.206103] which belongs to the cache kmalloc-128 of size 128 [ 28.206429] The buggy address is located 1 bytes inside of [ 28.206429] 128-byte region [fff00000c56e8a00, fff00000c56e8a80) [ 28.206573] [ 28.206664] The buggy address belongs to the physical page: [ 28.206909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 28.207181] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.207457] page_type: f5(slab) [ 28.207558] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.207698] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.207810] page dumped because: kasan: bad access detected [ 28.207968] [ 28.208025] Memory state around the buggy address: [ 28.208164] fff00000c56e8900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.208310] fff00000c56e8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.208427] >fff00000c56e8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.208529] ^ [ 28.208606] fff00000c56e8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.208763] fff00000c56e8b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.208869] ================================================================== [ 28.232214] ================================================================== [ 28.232363] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.232512] Free of addr fff00000c78d8001 by task kunit_try_catch/244 [ 28.232621] [ 28.232841] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 28.233083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.233159] Hardware name: linux,dummy-virt (DT) [ 28.233900] Call trace: [ 28.234005] show_stack+0x20/0x38 (C) [ 28.234142] dump_stack_lvl+0x8c/0xd0 [ 28.234409] print_report+0x118/0x608 [ 28.234701] kasan_report_invalid_free+0xc0/0xe8 [ 28.235019] __kasan_mempool_poison_object+0xfc/0x150 [ 28.235157] mempool_free+0x28c/0x328 [ 28.235270] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.235446] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 28.235761] kunit_try_run_case+0x170/0x3f0 [ 28.236127] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.236295] kthread+0x328/0x630 [ 28.236467] ret_from_fork+0x10/0x20 [ 28.236755] [ 28.236815] The buggy address belongs to the physical page: [ 28.236936] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d8 [ 28.237158] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.237297] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.237534] page_type: f8(unknown) [ 28.237655] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.237887] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.238088] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.238328] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.238453] head: 0bfffe0000000002 ffffc1ffc31e3601 00000000ffffffff 00000000ffffffff [ 28.238736] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.238851] page dumped because: kasan: bad access detected [ 28.238977] [ 28.239071] Memory state around the buggy address: [ 28.239186] fff00000c78d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.239344] fff00000c78d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.239459] >fff00000c78d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.239553] ^ [ 28.239663] fff00000c78d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.239904] fff00000c78d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.240047] ==================================================================
[ 20.907018] ================================================================== [ 20.907740] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.909728] Free of addr ffff888102b56701 by task kunit_try_catch/258 [ 20.910344] [ 20.910868] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 20.911285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.911327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.911363] Call Trace: [ 20.911381] <TASK> [ 20.911404] dump_stack_lvl+0x73/0xb0 [ 20.911446] print_report+0xd1/0x650 [ 20.911480] ? __virt_addr_valid+0x1db/0x2d0 [ 20.911515] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.911549] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.911588] kasan_report_invalid_free+0x10a/0x130 [ 20.911624] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.911664] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.911729] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.911767] check_slab_allocation+0x11f/0x130 [ 20.911800] __kasan_mempool_poison_object+0x91/0x1d0 [ 20.911836] mempool_free+0x2ec/0x380 [ 20.911870] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.911908] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.911966] ? __kasan_check_write+0x18/0x20 [ 20.912006] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.912040] ? finish_task_switch.isra.0+0x153/0x700 [ 20.912079] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.912115] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 20.912154] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.912235] ? __pfx_mempool_kfree+0x10/0x10 [ 20.912304] ? __pfx_read_tsc+0x10/0x10 [ 20.912339] ? ktime_get_ts64+0x86/0x230 [ 20.912374] kunit_try_run_case+0x1a5/0x480 [ 20.912409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.912437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.912475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.912511] ? __kthread_parkme+0x82/0x180 [ 20.912541] ? preempt_count_sub+0x50/0x80 [ 20.912573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.912601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.912637] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.912680] kthread+0x337/0x6f0 [ 20.912731] ? trace_preempt_on+0x20/0xc0 [ 20.912767] ? __pfx_kthread+0x10/0x10 [ 20.912797] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.912829] ? calculate_sigpending+0x7b/0xa0 [ 20.912864] ? __pfx_kthread+0x10/0x10 [ 20.912894] ret_from_fork+0x116/0x1d0 [ 20.912920] ? __pfx_kthread+0x10/0x10 [ 20.912969] ret_from_fork_asm+0x1a/0x30 [ 20.913019] </TASK> [ 20.913035] [ 20.940637] Allocated by task 258: [ 20.941280] kasan_save_stack+0x45/0x70 [ 20.941649] kasan_save_track+0x18/0x40 [ 20.942629] kasan_save_alloc_info+0x3b/0x50 [ 20.943169] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.943836] remove_element+0x11e/0x190 [ 20.944441] mempool_alloc_preallocated+0x4d/0x90 [ 20.945541] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 20.946214] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.947093] kunit_try_run_case+0x1a5/0x480 [ 20.947518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.948311] kthread+0x337/0x6f0 [ 20.948641] ret_from_fork+0x116/0x1d0 [ 20.949669] ret_from_fork_asm+0x1a/0x30 [ 20.950356] [ 20.950600] The buggy address belongs to the object at ffff888102b56700 [ 20.950600] which belongs to the cache kmalloc-128 of size 128 [ 20.952020] The buggy address is located 1 bytes inside of [ 20.952020] 128-byte region [ffff888102b56700, ffff888102b56780) [ 20.953719] [ 20.954300] The buggy address belongs to the physical page: [ 20.954729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b56 [ 20.955998] flags: 0x200000000000000(node=0|zone=2) [ 20.956413] page_type: f5(slab) [ 20.956790] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.957775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.958521] page dumped because: kasan: bad access detected [ 20.959536] [ 20.959715] Memory state around the buggy address: [ 20.960759] ffff888102b56600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.961408] ffff888102b56680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.962025] >ffff888102b56700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.963020] ^ [ 20.963885] ffff888102b56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.964411] ffff888102b56800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.965406] ================================================================== [ 20.971892] ================================================================== [ 20.972517] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.973572] Free of addr ffff888103c28001 by task kunit_try_catch/260 [ 20.974734] [ 20.975125] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 20.975238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.975277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.975340] Call Trace: [ 20.975381] <TASK> [ 20.975418] dump_stack_lvl+0x73/0xb0 [ 20.975474] print_report+0xd1/0x650 [ 20.975539] ? __virt_addr_valid+0x1db/0x2d0 [ 20.975579] ? kasan_addr_to_slab+0x11/0xa0 [ 20.975609] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.975648] kasan_report_invalid_free+0x10a/0x130 [ 20.975684] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.975755] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.975796] __kasan_mempool_poison_object+0x102/0x1d0 [ 20.975833] mempool_free+0x2ec/0x380 [ 20.975866] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.975904] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.975945] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.976041] ? finish_task_switch.isra.0+0x153/0x700 [ 20.976127] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 20.976212] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 20.976282] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.976312] ? __pfx_mempool_kfree+0x10/0x10 [ 20.976341] ? __pfx_read_tsc+0x10/0x10 [ 20.976374] ? ktime_get_ts64+0x86/0x230 [ 20.976406] kunit_try_run_case+0x1a5/0x480 [ 20.976436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.976464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.976500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.976536] ? __kthread_parkme+0x82/0x180 [ 20.976565] ? preempt_count_sub+0x50/0x80 [ 20.976595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.976625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.976659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.976725] kthread+0x337/0x6f0 [ 20.976758] ? trace_preempt_on+0x20/0xc0 [ 20.976790] ? __pfx_kthread+0x10/0x10 [ 20.976820] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.976853] ? calculate_sigpending+0x7b/0xa0 [ 20.976887] ? __pfx_kthread+0x10/0x10 [ 20.976919] ret_from_fork+0x116/0x1d0 [ 20.976944] ? __pfx_kthread+0x10/0x10 [ 20.976998] ret_from_fork_asm+0x1a/0x30 [ 20.977041] </TASK> [ 20.977058] [ 20.995831] The buggy address belongs to the physical page: [ 20.996355] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c28 [ 20.997074] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.997813] flags: 0x200000000000040(head|node=0|zone=2) [ 20.998379] page_type: f8(unknown) [ 20.998837] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.999570] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.000296] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.000861] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.001745] head: 0200000000000002 ffffea00040f0a01 00000000ffffffff 00000000ffffffff [ 21.002528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.003252] page dumped because: kasan: bad access detected [ 21.003691] [ 21.003927] Memory state around the buggy address: [ 21.004404] ffff888103c27f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.005141] ffff888103c27f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.005827] >ffff888103c28000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.006465] ^ [ 21.006869] ffff888103c28080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.007507] ffff888103c28100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.008089] ==================================================================
[ 65.686401] ================================================================== [ 65.698486] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 65.706573] Free of addr cc8fc001 by task kunit_try_catch/295 [ 65.712341] [ 65.713867] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 65.713867] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 65.713897] Hardware name: Generic DRA74X (Flattened Device Tree) [ 65.713897] Call trace: [ 65.713897] unwind_backtrace from show_stack+0x18/0x1c [ 65.713928] show_stack from dump_stack_lvl+0x70/0x90 [ 65.713958] dump_stack_lvl from print_report+0x158/0x528 [ 65.713989] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 65.714019] kasan_report_invalid_free from __kasan_mempool_poison_object+0xd0/0x128 [ 65.714050] __kasan_mempool_poison_object from mempool_free+0x360/0x440 [ 65.714050] mempool_free from mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 65.714080] mempool_kmalloc_invalid_free_helper from mempool_kmalloc_large_invalid_free+0xb8/0x104 [ 65.714111] mempool_kmalloc_large_invalid_free from kunit_try_run_case+0x22c/0x5a8 [ 65.714141] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 65.714172] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 65.714202] kthread from ret_from_fork+0x14/0x20 [ 65.714233] Exception stack(0xf2453fb0 to 0xf2453ff8) [ 65.714233] 3fa0: 00000000 00000000 00000000 00000000 [ 65.714263] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 65.714263] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 65.714294] [ 65.847717] The buggy address belongs to the physical page: [ 65.853332] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c8fc [ 65.860595] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.868316] flags: 0x40(head|zone=0) [ 65.871917] page_type: f8(unknown) [ 65.875335] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 65.883483] raw: 00000000 [ 65.886138] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 65.894378] head: 00000000 00000002 eebc3371 ffffffff 00000000 ffffffff 00000000 ffffffff [ 65.902587] head: 00000000 00000004 [ 65.906097] page dumped because: kasan: bad access detected [ 65.911712] [ 65.913238] Memory state around the buggy address: [ 65.918060] cc8fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 65.924621] cc8fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 65.931182] >cc8fc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.937774] ^ [ 65.940307] cc8fc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.946899] cc8fc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.953460] ================================================================== [ 65.365447] ================================================================== [ 65.377716] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 65.385772] Free of addr cc893b01 by task kunit_try_catch/293 [ 65.391571] [ 65.393066] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 65.393096] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 65.393096] Hardware name: Generic DRA74X (Flattened Device Tree) [ 65.393127] Call trace: [ 65.393127] unwind_backtrace from show_stack+0x18/0x1c [ 65.393157] show_stack from dump_stack_lvl+0x70/0x90 [ 65.393188] dump_stack_lvl from print_report+0x158/0x528 [ 65.393188] print_report from kasan_report_invalid_free+0xc0/0xf4 [ 65.393218] kasan_report_invalid_free from check_slab_allocation+0xd0/0xd8 [ 65.393249] check_slab_allocation from __kasan_mempool_poison_object+0x54/0x128 [ 65.393280] __kasan_mempool_poison_object from mempool_free+0x360/0x440 [ 65.393280] mempool_free from mempool_kmalloc_invalid_free_helper+0x15c/0x2f8 [ 65.393310] mempool_kmalloc_invalid_free_helper from mempool_kmalloc_invalid_free+0xb8/0x104 [ 65.393341] mempool_kmalloc_invalid_free from kunit_try_run_case+0x22c/0x5a8 [ 65.393371] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 65.393402] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 65.393432] kthread from ret_from_fork+0x14/0x20 [ 65.393463] Exception stack(0xf2423fb0 to 0xf2423ff8) [ 65.393463] 3fa0: 00000000 00000000 00000000 00000000 [ 65.393493] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 65.393493] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 65.393493] [ 65.532531] Allocated by task 293: [ 65.535949] kasan_save_track+0x30/0x5c [ 65.539825] remove_element+0x180/0x264 [ 65.543701] mempool_alloc_preallocated+0x60/0x9c [ 65.548431] mempool_kmalloc_invalid_free_helper+0x90/0x2f8 [ 65.554046] mempool_kmalloc_invalid_free+0xb8/0x104 [ 65.559051] kunit_try_run_case+0x22c/0x5a8 [ 65.563293] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 65.568817] kthread+0x464/0x810 [ 65.572082] ret_from_fork+0x14/0x20 [ 65.575683] [ 65.577178] The buggy address belongs to the object at cc893b00 [ 65.577178] which belongs to the cache kmalloc-128 of size 128 [ 65.589080] The buggy address is located 1 bytes inside of [ 65.589080] 128-byte region [cc893b00, cc893b80) [ 65.599334] [ 65.600830] The buggy address belongs to the physical page: [ 65.606445] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c893 [ 65.613708] flags: 0x0(zone=0) [ 65.616790] page_type: f5(slab) [ 65.619964] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 65.628082] raw: 00000000 [ 65.630737] page dumped because: kasan: bad access detected [ 65.636352] [ 65.637847] Memory state around the buggy address: [ 65.642669] cc893a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.649230] cc893a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.655822] >cc893b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.662384] ^ [ 65.664947] cc893b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.671508] cc893c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.678070] ==================================================================