Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 26.093644] ================================================================== [ 26.093764] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 26.094259] Free of addr fff00000c77a0000 by task kunit_try_catch/239 [ 26.094373] [ 26.094459] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 26.094647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.094716] Hardware name: linux,dummy-virt (DT) [ 26.094795] Call trace: [ 26.095294] show_stack+0x20/0x38 (C) [ 26.095638] dump_stack_lvl+0x8c/0xd0 [ 26.096059] print_report+0x118/0x608 [ 26.096208] kasan_report_invalid_free+0xc0/0xe8 [ 26.096347] __kasan_mempool_poison_object+0x14c/0x150 [ 26.096808] mempool_free+0x28c/0x328 [ 26.097063] mempool_double_free_helper+0x150/0x2e8 [ 26.097888] mempool_kmalloc_large_double_free+0xc0/0x118 [ 26.098127] kunit_try_run_case+0x170/0x3f0 [ 26.098766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.099541] kthread+0x328/0x630 [ 26.099897] ret_from_fork+0x10/0x20 [ 26.100043] [ 26.100090] The buggy address belongs to the physical page: [ 26.100832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077a0 [ 26.101299] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.101416] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 26.101540] page_type: f8(unknown) [ 26.101633] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.101749] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.101865] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.102000] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.102118] head: 0bfffe0000000002 ffffc1ffc31de801 00000000ffffffff 00000000ffffffff [ 26.103073] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.103655] page dumped because: kasan: bad access detected [ 26.103836] [ 26.103889] Memory state around the buggy address: [ 26.103993] fff00000c779ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.104253] fff00000c779ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.104593] >fff00000c77a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.104697] ^ [ 26.105187] fff00000c77a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.105296] fff00000c77a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.105390] ================================================================== [ 26.121042] ================================================================== [ 26.121156] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 26.121274] Free of addr fff00000c77a0000 by task kunit_try_catch/241 [ 26.121371] [ 26.121436] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 26.121630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.121797] Hardware name: linux,dummy-virt (DT) [ 26.121974] Call trace: [ 26.122031] show_stack+0x20/0x38 (C) [ 26.122419] dump_stack_lvl+0x8c/0xd0 [ 26.122553] print_report+0x118/0x608 [ 26.122673] kasan_report_invalid_free+0xc0/0xe8 [ 26.122797] __kasan_mempool_poison_pages+0xe0/0xe8 [ 26.122919] mempool_free+0x24c/0x328 [ 26.123060] mempool_double_free_helper+0x150/0x2e8 [ 26.123188] mempool_page_alloc_double_free+0xbc/0x118 [ 26.123310] kunit_try_run_case+0x170/0x3f0 [ 26.123430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.123581] kthread+0x328/0x630 [ 26.123768] ret_from_fork+0x10/0x20 [ 26.124193] [ 26.124249] The buggy address belongs to the physical page: [ 26.124677] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077a0 [ 26.124819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.125169] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.125382] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.125622] page dumped because: kasan: bad access detected [ 26.125669] [ 26.125692] Memory state around the buggy address: [ 26.125733] fff00000c779ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.125829] fff00000c779ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.126075] >fff00000c77a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.126167] ^ [ 26.126235] fff00000c77a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.126344] fff00000c77a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.126619] ================================================================== [ 26.059726] ================================================================== [ 26.060124] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 26.060620] Free of addr fff00000c67e4000 by task kunit_try_catch/237 [ 26.060815] [ 26.060953] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 26.061144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.061212] Hardware name: linux,dummy-virt (DT) [ 26.061290] Call trace: [ 26.061361] show_stack+0x20/0x38 (C) [ 26.061577] dump_stack_lvl+0x8c/0xd0 [ 26.061740] print_report+0x118/0x608 [ 26.061867] kasan_report_invalid_free+0xc0/0xe8 [ 26.062237] check_slab_allocation+0xd4/0x108 [ 26.062427] __kasan_mempool_poison_object+0x78/0x150 [ 26.062682] mempool_free+0x28c/0x328 [ 26.062848] mempool_double_free_helper+0x150/0x2e8 [ 26.063019] mempool_kmalloc_double_free+0xc0/0x118 [ 26.063243] kunit_try_run_case+0x170/0x3f0 [ 26.063533] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.063892] kthread+0x328/0x630 [ 26.064046] ret_from_fork+0x10/0x20 [ 26.064316] [ 26.064367] Allocated by task 237: [ 26.064448] kasan_save_stack+0x3c/0x68 [ 26.064552] kasan_save_track+0x20/0x40 [ 26.064643] kasan_save_alloc_info+0x40/0x58 [ 26.065052] __kasan_mempool_unpoison_object+0x11c/0x180 [ 26.065309] remove_element+0x130/0x1f8 [ 26.065422] mempool_alloc_preallocated+0x58/0xc0 [ 26.065527] mempool_double_free_helper+0x94/0x2e8 [ 26.065625] mempool_kmalloc_double_free+0xc0/0x118 [ 26.065726] kunit_try_run_case+0x170/0x3f0 [ 26.065838] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.066143] kthread+0x328/0x630 [ 26.066233] ret_from_fork+0x10/0x20 [ 26.066328] [ 26.066452] Freed by task 237: [ 26.066561] kasan_save_stack+0x3c/0x68 [ 26.066684] kasan_save_track+0x20/0x40 [ 26.066836] kasan_save_free_info+0x4c/0x78 [ 26.067066] __kasan_mempool_poison_object+0xc0/0x150 [ 26.068289] mempool_free+0x28c/0x328 [ 26.068405] mempool_double_free_helper+0x100/0x2e8 [ 26.068529] mempool_kmalloc_double_free+0xc0/0x118 [ 26.068650] kunit_try_run_case+0x170/0x3f0 [ 26.068813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.069134] kthread+0x328/0x630 [ 26.069261] ret_from_fork+0x10/0x20 [ 26.069366] [ 26.069417] The buggy address belongs to the object at fff00000c67e4000 [ 26.069417] which belongs to the cache kmalloc-128 of size 128 [ 26.069555] The buggy address is located 0 bytes inside of [ 26.069555] 128-byte region [fff00000c67e4000, fff00000c67e4080) [ 26.069760] [ 26.069810] The buggy address belongs to the physical page: [ 26.069881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067e4 [ 26.070082] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.070261] page_type: f5(slab) [ 26.070452] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.070638] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.070735] page dumped because: kasan: bad access detected [ 26.070810] [ 26.070853] Memory state around the buggy address: [ 26.070922] fff00000c67e3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.071201] fff00000c67e3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.071321] >fff00000c67e4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.071428] ^ [ 26.071515] fff00000c67e4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.071630] fff00000c67e4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.071749] ==================================================================
[ 13.164064] ================================================================== [ 13.165118] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.165415] Free of addr ffff888102a1c000 by task kunit_try_catch/257 [ 13.166169] [ 13.166410] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 13.166466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.166479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.166501] Call Trace: [ 13.166513] <TASK> [ 13.166558] dump_stack_lvl+0x73/0xb0 [ 13.166586] print_report+0xd1/0x650 [ 13.166610] ? __virt_addr_valid+0x1db/0x2d0 [ 13.166633] ? kasan_addr_to_slab+0x11/0xa0 [ 13.166654] ? mempool_double_free_helper+0x184/0x370 [ 13.166679] kasan_report_invalid_free+0x10a/0x130 [ 13.166704] ? mempool_double_free_helper+0x184/0x370 [ 13.166731] ? mempool_double_free_helper+0x184/0x370 [ 13.166754] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.166779] mempool_free+0x2ec/0x380 [ 13.166802] mempool_double_free_helper+0x184/0x370 [ 13.166826] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.166850] ? dequeue_entities+0xa24/0x1790 [ 13.166875] ? finish_task_switch.isra.0+0x153/0x700 [ 13.166902] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.166928] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.166952] ? dequeue_task_fair+0x166/0x4e0 [ 13.166974] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.166993] ? __pfx_mempool_kfree+0x10/0x10 [ 13.167015] ? __pfx_read_tsc+0x10/0x10 [ 13.167034] ? ktime_get_ts64+0x86/0x230 [ 13.167059] kunit_try_run_case+0x1a5/0x480 [ 13.167083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.167104] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.167148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.167173] ? __kthread_parkme+0x82/0x180 [ 13.167195] ? preempt_count_sub+0x50/0x80 [ 13.167219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.167243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.167266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.167288] kthread+0x337/0x6f0 [ 13.167309] ? trace_preempt_on+0x20/0xc0 [ 13.167341] ? __pfx_kthread+0x10/0x10 [ 13.167363] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.167385] ? calculate_sigpending+0x7b/0xa0 [ 13.167410] ? __pfx_kthread+0x10/0x10 [ 13.167433] ret_from_fork+0x41/0x80 [ 13.167454] ? __pfx_kthread+0x10/0x10 [ 13.167475] ret_from_fork_asm+0x1a/0x30 [ 13.167506] </TASK> [ 13.167517] [ 13.177128] The buggy address belongs to the physical page: [ 13.177403] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 13.177815] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.178192] flags: 0x200000000000040(head|node=0|zone=2) [ 13.179278] page_type: f8(unknown) [ 13.179527] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.179893] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.180390] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.180831] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.181482] head: 0200000000000002 ffffea00040a8701 00000000ffffffff 00000000ffffffff [ 13.181991] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.182479] page dumped because: kasan: bad access detected [ 13.182732] [ 13.182975] Memory state around the buggy address: [ 13.183185] ffff888102a1bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183744] ffff888102a1bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.184143] >ffff888102a1c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.184782] ^ [ 13.185026] ffff888102a1c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.185636] ffff888102a1c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.185943] ================================================================== [ 13.188827] ================================================================== [ 13.189499] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.189743] Free of addr ffff888102a1c000 by task kunit_try_catch/259 [ 13.190036] [ 13.190184] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 13.190229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.190241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.190262] Call Trace: [ 13.190273] <TASK> [ 13.190289] dump_stack_lvl+0x73/0xb0 [ 13.190314] print_report+0xd1/0x650 [ 13.190350] ? __virt_addr_valid+0x1db/0x2d0 [ 13.190374] ? kasan_addr_to_slab+0x11/0xa0 [ 13.190453] ? mempool_double_free_helper+0x184/0x370 [ 13.190480] kasan_report_invalid_free+0x10a/0x130 [ 13.190505] ? mempool_double_free_helper+0x184/0x370 [ 13.190532] ? mempool_double_free_helper+0x184/0x370 [ 13.190576] __kasan_mempool_poison_pages+0x115/0x130 [ 13.190602] mempool_free+0x290/0x380 [ 13.190627] mempool_double_free_helper+0x184/0x370 [ 13.190651] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.190675] ? dequeue_entities+0xa24/0x1790 [ 13.190700] ? finish_task_switch.isra.0+0x153/0x700 [ 13.190745] mempool_page_alloc_double_free+0xe8/0x140 [ 13.190767] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.190788] ? dequeue_task_fair+0x166/0x4e0 [ 13.190811] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.190831] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.190854] ? __pfx_read_tsc+0x10/0x10 [ 13.190874] ? ktime_get_ts64+0x86/0x230 [ 13.190899] kunit_try_run_case+0x1a5/0x480 [ 13.190924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.190946] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.190970] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.190994] ? __kthread_parkme+0x82/0x180 [ 13.191016] ? preempt_count_sub+0x50/0x80 [ 13.191040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.191063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.191085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.191107] kthread+0x337/0x6f0 [ 13.191142] ? trace_preempt_on+0x20/0xc0 [ 13.191167] ? __pfx_kthread+0x10/0x10 [ 13.191189] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.191210] ? calculate_sigpending+0x7b/0xa0 [ 13.191232] ? __pfx_kthread+0x10/0x10 [ 13.191254] ret_from_fork+0x41/0x80 [ 13.191275] ? __pfx_kthread+0x10/0x10 [ 13.191297] ret_from_fork_asm+0x1a/0x30 [ 13.191341] </TASK> [ 13.191352] [ 13.203761] The buggy address belongs to the physical page: [ 13.204005] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 13.204561] flags: 0x200000000000000(node=0|zone=2) [ 13.204935] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.205564] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.206262] page dumped because: kasan: bad access detected [ 13.206520] [ 13.206834] Memory state around the buggy address: [ 13.207500] ffff888102a1bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.208051] ffff888102a1bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.208802] >ffff888102a1c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.209238] ^ [ 13.209372] ffff888102a1c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.210055] ffff888102a1c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.210779] ================================================================== [ 13.125208] ================================================================== [ 13.125674] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.125911] Free of addr ffff888102756000 by task kunit_try_catch/255 [ 13.126107] [ 13.126189] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 13.126234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.126246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.126266] Call Trace: [ 13.126277] <TASK> [ 13.126290] dump_stack_lvl+0x73/0xb0 [ 13.126313] print_report+0xd1/0x650 [ 13.126349] ? __virt_addr_valid+0x1db/0x2d0 [ 13.126370] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.126392] ? mempool_double_free_helper+0x184/0x370 [ 13.126416] kasan_report_invalid_free+0x10a/0x130 [ 13.126440] ? mempool_double_free_helper+0x184/0x370 [ 13.126999] ? mempool_double_free_helper+0x184/0x370 [ 13.127026] ? mempool_double_free_helper+0x184/0x370 [ 13.127049] check_slab_allocation+0x101/0x130 [ 13.127073] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.127098] mempool_free+0x2ec/0x380 [ 13.127121] mempool_double_free_helper+0x184/0x370 [ 13.127146] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.127170] ? dequeue_entities+0xa24/0x1790 [ 13.127195] ? finish_task_switch.isra.0+0x153/0x700 [ 13.127224] mempool_kmalloc_double_free+0xed/0x140 [ 13.127249] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.127273] ? dequeue_task_fair+0x166/0x4e0 [ 13.127295] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.127314] ? __pfx_mempool_kfree+0x10/0x10 [ 13.127351] ? __pfx_read_tsc+0x10/0x10 [ 13.127370] ? ktime_get_ts64+0x86/0x230 [ 13.127442] kunit_try_run_case+0x1a5/0x480 [ 13.127467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.127490] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.127513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.127537] ? __kthread_parkme+0x82/0x180 [ 13.127558] ? preempt_count_sub+0x50/0x80 [ 13.127582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.127605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.127627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.127650] kthread+0x337/0x6f0 [ 13.127670] ? trace_preempt_on+0x20/0xc0 [ 13.127693] ? __pfx_kthread+0x10/0x10 [ 13.127715] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.127737] ? calculate_sigpending+0x7b/0xa0 [ 13.127757] ? __pfx_kthread+0x10/0x10 [ 13.127779] ret_from_fork+0x41/0x80 [ 13.127799] ? __pfx_kthread+0x10/0x10 [ 13.127820] ret_from_fork_asm+0x1a/0x30 [ 13.127851] </TASK> [ 13.127862] [ 13.142387] Allocated by task 255: [ 13.142753] kasan_save_stack+0x45/0x70 [ 13.142906] kasan_save_track+0x18/0x40 [ 13.143038] kasan_save_alloc_info+0x3b/0x50 [ 13.143309] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.143873] remove_element+0x11e/0x190 [ 13.144262] mempool_alloc_preallocated+0x4d/0x90 [ 13.144819] mempool_double_free_helper+0x8a/0x370 [ 13.145280] mempool_kmalloc_double_free+0xed/0x140 [ 13.145874] kunit_try_run_case+0x1a5/0x480 [ 13.146028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.146418] kthread+0x337/0x6f0 [ 13.146834] ret_from_fork+0x41/0x80 [ 13.147194] ret_from_fork_asm+0x1a/0x30 [ 13.147616] [ 13.147711] Freed by task 255: [ 13.148067] kasan_save_stack+0x45/0x70 [ 13.148242] kasan_save_track+0x18/0x40 [ 13.148679] kasan_save_free_info+0x3f/0x60 [ 13.149072] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.149559] mempool_free+0x2ec/0x380 [ 13.149772] mempool_double_free_helper+0x109/0x370 [ 13.149931] mempool_kmalloc_double_free+0xed/0x140 [ 13.150088] kunit_try_run_case+0x1a5/0x480 [ 13.150468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.151033] kthread+0x337/0x6f0 [ 13.151423] ret_from_fork+0x41/0x80 [ 13.151766] ret_from_fork_asm+0x1a/0x30 [ 13.152112] [ 13.152288] The buggy address belongs to the object at ffff888102756000 [ 13.152288] which belongs to the cache kmalloc-128 of size 128 [ 13.153009] The buggy address is located 0 bytes inside of [ 13.153009] 128-byte region [ffff888102756000, ffff888102756080) [ 13.153866] [ 13.154028] The buggy address belongs to the physical page: [ 13.154634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102756 [ 13.155185] flags: 0x200000000000000(node=0|zone=2) [ 13.155361] page_type: f5(slab) [ 13.155550] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.156205] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.156945] page dumped because: kasan: bad access detected [ 13.157530] [ 13.157693] Memory state around the buggy address: [ 13.157874] ffff888102755f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.158081] ffff888102755f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.158702] >ffff888102756000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.159357] ^ [ 13.159721] ffff888102756080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.160369] ffff888102756100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.160770] ==================================================================
[ 23.246704] ================================================================== [ 23.247836] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 23.248521] Free of addr ffff00000df00000 by task kunit_try_catch/291 [ 23.249118] [ 23.249283] CPU: 2 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.249334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.249347] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.249366] Call trace: [ 23.249378] show_stack+0x20/0x38 (C) [ 23.249411] dump_stack_lvl+0x8c/0xd0 [ 23.249442] print_report+0x118/0x608 [ 23.249472] kasan_report_invalid_free+0xc0/0xe8 [ 23.249502] __kasan_mempool_poison_object+0x14c/0x150 [ 23.249537] mempool_free+0x28c/0x328 [ 23.249571] mempool_double_free_helper+0x150/0x2e8 [ 23.249607] mempool_kmalloc_large_double_free+0xc0/0x118 [ 23.249645] kunit_try_run_case+0x170/0x3f0 [ 23.249682] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.249722] kthread+0x328/0x630 [ 23.249757] ret_from_fork+0x10/0x20 [ 23.249791] [ 23.256360] The buggy address belongs to the physical page: [ 23.256878] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdf00 [ 23.257603] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.258310] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 23.258962] page_type: f8(unknown) [ 23.259298] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.260014] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.260729] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.261452] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.262175] head: 03fffe0000000002 fffffdffc037c001 00000000ffffffff 00000000ffffffff [ 23.262898] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.263613] page dumped because: kasan: bad access detected [ 23.264128] [ 23.264280] Memory state around the buggy address: [ 23.264729] ffff00000defff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.265395] ffff00000defff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.266062] >ffff00000df00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.266723] ^ [ 23.267034] ffff00000df00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.267700] ffff00000df00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.268362] ================================================================== [ 23.212805] ================================================================== [ 23.213872] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 23.214550] Free of addr ffff0000101ea200 by task kunit_try_catch/289 [ 23.215143] [ 23.215303] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.215346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.215359] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.215373] Call trace: [ 23.215384] show_stack+0x20/0x38 (C) [ 23.215412] dump_stack_lvl+0x8c/0xd0 [ 23.215438] print_report+0x118/0x608 [ 23.215463] kasan_report_invalid_free+0xc0/0xe8 [ 23.215489] check_slab_allocation+0xd4/0x108 [ 23.215514] __kasan_mempool_poison_object+0x78/0x150 [ 23.215542] mempool_free+0x28c/0x328 [ 23.215571] mempool_double_free_helper+0x150/0x2e8 [ 23.215603] mempool_kmalloc_double_free+0xc0/0x118 [ 23.215633] kunit_try_run_case+0x170/0x3f0 [ 23.215664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.215697] kthread+0x328/0x630 [ 23.215727] ret_from_fork+0x10/0x20 [ 23.215754] [ 23.222625] Allocated by task 289: [ 23.222946] kasan_save_stack+0x3c/0x68 [ 23.223312] kasan_save_track+0x20/0x40 [ 23.223678] kasan_save_alloc_info+0x40/0x58 [ 23.224084] __kasan_mempool_unpoison_object+0x11c/0x180 [ 23.224581] remove_element+0x130/0x1f8 [ 23.224951] mempool_alloc_preallocated+0x58/0xc0 [ 23.225397] mempool_double_free_helper+0x94/0x2e8 [ 23.225852] mempool_kmalloc_double_free+0xc0/0x118 [ 23.226313] kunit_try_run_case+0x170/0x3f0 [ 23.226713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.227229] kthread+0x328/0x630 [ 23.227544] ret_from_fork+0x10/0x20 [ 23.227887] [ 23.228036] Freed by task 289: [ 23.228325] kasan_save_stack+0x3c/0x68 [ 23.228691] kasan_save_track+0x20/0x40 [ 23.229055] kasan_save_free_info+0x4c/0x78 [ 23.229453] __kasan_mempool_poison_object+0xc0/0x150 [ 23.229928] mempool_free+0x28c/0x328 [ 23.230282] mempool_double_free_helper+0x100/0x2e8 [ 23.230744] mempool_kmalloc_double_free+0xc0/0x118 [ 23.231205] kunit_try_run_case+0x170/0x3f0 [ 23.231605] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.232120] kthread+0x328/0x630 [ 23.232436] ret_from_fork+0x10/0x20 [ 23.232779] [ 23.232929] The buggy address belongs to the object at ffff0000101ea200 [ 23.232929] which belongs to the cache kmalloc-128 of size 128 [ 23.234053] The buggy address is located 0 bytes inside of [ 23.234053] 128-byte region [ffff0000101ea200, ffff0000101ea280) [ 23.235097] [ 23.235247] The buggy address belongs to the physical page: [ 23.235758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea [ 23.236484] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.237089] page_type: f5(slab) [ 23.237397] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.238106] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.238807] page dumped because: kasan: bad access detected [ 23.239317] [ 23.239466] Memory state around the buggy address: [ 23.239909] ffff0000101ea100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.240568] ffff0000101ea180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.241228] >ffff0000101ea200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.241884] ^ [ 23.242189] ffff0000101ea280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.242849] ffff0000101ea300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.243505] ================================================================== [ 23.271597] ================================================================== [ 23.272750] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 23.273418] Free of addr ffff00000d73c000 by task kunit_try_catch/293 [ 23.274006] [ 23.274171] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.274223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.274237] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.274254] Call trace: [ 23.274266] show_stack+0x20/0x38 (C) [ 23.274301] dump_stack_lvl+0x8c/0xd0 [ 23.274331] print_report+0x118/0x608 [ 23.274362] kasan_report_invalid_free+0xc0/0xe8 [ 23.274393] __kasan_mempool_poison_pages+0xe0/0xe8 [ 23.274425] mempool_free+0x24c/0x328 [ 23.274460] mempool_double_free_helper+0x150/0x2e8 [ 23.274498] mempool_page_alloc_double_free+0xbc/0x118 [ 23.274531] kunit_try_run_case+0x170/0x3f0 [ 23.274567] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.274607] kthread+0x328/0x630 [ 23.274641] ret_from_fork+0x10/0x20 [ 23.274673] [ 23.281196] The buggy address belongs to the physical page: [ 23.281713] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd73c [ 23.282439] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.283063] raw: 03fffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.283781] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.284488] page dumped because: kasan: bad access detected [ 23.285002] [ 23.285154] Memory state around the buggy address: [ 23.285603] ffff00000d73bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.286269] ffff00000d73bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.286936] >ffff00000d73c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.287600] ^ [ 23.287911] ffff00000d73c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.288578] ffff00000d73c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.289241] ==================================================================