Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 38.175154] ================================================================== [ 38.185784] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 38.192900] Free of addr ffff000800e14000 by task kunit_try_catch/286 [ 38.199322] [ 38.200809] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 38.200867] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.200883] Hardware name: WinLink E850-96 board (DT) [ 38.200904] Call trace: [ 38.200919] show_stack+0x20/0x38 (C) [ 38.200956] dump_stack_lvl+0x8c/0xd0 [ 38.200993] print_report+0x118/0x608 [ 38.201030] kasan_report_invalid_free+0xc0/0xe8 [ 38.201068] __kasan_mempool_poison_pages+0xe0/0xe8 [ 38.201107] mempool_free+0x24c/0x328 [ 38.201139] mempool_double_free_helper+0x150/0x2e8 [ 38.201172] mempool_page_alloc_double_free+0xbc/0x118 [ 38.201209] kunit_try_run_case+0x170/0x3f0 [ 38.201250] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.201287] kthread+0x328/0x630 [ 38.201316] ret_from_fork+0x10/0x20 [ 38.201353] [ 38.274235] The buggy address belongs to the physical page: [ 38.279794] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880e14 [ 38.287777] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.294298] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 38.302017] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 38.309739] page dumped because: kasan: bad access detected [ 38.315291] [ 38.316767] Memory state around the buggy address: [ 38.321549] ffff000800e13f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.328750] ffff000800e13f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.335956] >ffff000800e14000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.343156] ^ [ 38.346371] ffff000800e14080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.353576] ffff000800e14100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.360778] ================================================================== [ 37.937870] ================================================================== [ 37.947941] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 37.955057] Free of addr ffff000806390000 by task kunit_try_catch/284 [ 37.961479] [ 37.962965] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 37.963021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.963038] Hardware name: WinLink E850-96 board (DT) [ 37.963062] Call trace: [ 37.963075] show_stack+0x20/0x38 (C) [ 37.963111] dump_stack_lvl+0x8c/0xd0 [ 37.963146] print_report+0x118/0x608 [ 37.963185] kasan_report_invalid_free+0xc0/0xe8 [ 37.963222] __kasan_mempool_poison_object+0x14c/0x150 [ 37.963259] mempool_free+0x28c/0x328 [ 37.963291] mempool_double_free_helper+0x150/0x2e8 [ 37.963324] mempool_kmalloc_large_double_free+0xc0/0x118 [ 37.963359] kunit_try_run_case+0x170/0x3f0 [ 37.963394] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.963432] kthread+0x328/0x630 [ 37.963460] ret_from_fork+0x10/0x20 [ 37.963492] [ 38.036913] The buggy address belongs to the physical page: [ 38.042470] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886390 [ 38.050455] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 38.058093] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 38.065035] page_type: f8(unknown) [ 38.068434] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.076153] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.083880] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 38.091690] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 38.099504] head: 0bfffe0000000002 fffffdffe018e401 00000000ffffffff 00000000ffffffff [ 38.107315] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 38.115121] page dumped because: kasan: bad access detected [ 38.120676] [ 38.122152] Memory state around the buggy address: [ 38.126937] ffff00080638ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.134135] ffff00080638ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.141341] >ffff000806390000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.148540] ^ [ 38.151756] ffff000806390080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.158961] ffff000806390100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.166163] ================================================================== [ 37.564296] ================================================================== [ 37.573900] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 37.581016] Free of addr ffff000802ca6800 by task kunit_try_catch/282 [ 37.587439] [ 37.588925] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 37.588983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.589002] Hardware name: WinLink E850-96 board (DT) [ 37.589023] Call trace: [ 37.589039] show_stack+0x20/0x38 (C) [ 37.589079] dump_stack_lvl+0x8c/0xd0 [ 37.589116] print_report+0x118/0x608 [ 37.589154] kasan_report_invalid_free+0xc0/0xe8 [ 37.589193] check_slab_allocation+0xd4/0x108 [ 37.589229] __kasan_mempool_poison_object+0x78/0x150 [ 37.589266] mempool_free+0x28c/0x328 [ 37.589297] mempool_double_free_helper+0x150/0x2e8 [ 37.589333] mempool_kmalloc_double_free+0xc0/0x118 [ 37.589367] kunit_try_run_case+0x170/0x3f0 [ 37.589406] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.589444] kthread+0x328/0x630 [ 37.589473] ret_from_fork+0x10/0x20 [ 37.589506] [ 37.666605] Allocated by task 282: [ 37.669992] kasan_save_stack+0x3c/0x68 [ 37.673808] kasan_save_track+0x20/0x40 [ 37.677628] kasan_save_alloc_info+0x40/0x58 [ 37.681881] __kasan_mempool_unpoison_object+0x11c/0x180 [ 37.687177] remove_element+0x130/0x1f8 [ 37.690995] mempool_alloc_preallocated+0x58/0xc0 [ 37.695682] mempool_double_free_helper+0x94/0x2e8 [ 37.700457] mempool_kmalloc_double_free+0xc0/0x118 [ 37.705318] kunit_try_run_case+0x170/0x3f0 [ 37.709485] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.714953] kthread+0x328/0x630 [ 37.718165] ret_from_fork+0x10/0x20 [ 37.721724] [ 37.723201] Freed by task 282: [ 37.726237] kasan_save_stack+0x3c/0x68 [ 37.730057] kasan_save_track+0x20/0x40 [ 37.733876] kasan_save_free_info+0x4c/0x78 [ 37.738043] __kasan_mempool_poison_object+0xc0/0x150 [ 37.743079] mempool_free+0x28c/0x328 [ 37.746724] mempool_double_free_helper+0x100/0x2e8 [ 37.751585] mempool_kmalloc_double_free+0xc0/0x118 [ 37.756445] kunit_try_run_case+0x170/0x3f0 [ 37.760612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.766081] kthread+0x328/0x630 [ 37.769293] ret_from_fork+0x10/0x20 [ 37.772852] [ 37.774329] The buggy address belongs to the object at ffff000802ca6800 [ 37.774329] which belongs to the cache kmalloc-128 of size 128 [ 37.786830] The buggy address is located 0 bytes inside of [ 37.786830] 128-byte region [ffff000802ca6800, ffff000802ca6880) [ 37.798372] [ 37.799852] The buggy address belongs to the physical page: [ 37.805408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882ca6 [ 37.813392] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 37.821031] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 37.827974] page_type: f5(slab) [ 37.831112] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 37.838830] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.846558] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 37.854367] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.862181] head: 0bfffe0000000001 fffffdffe00b2981 00000000ffffffff 00000000ffffffff [ 37.869992] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 37.877798] page dumped because: kasan: bad access detected [ 37.883353] [ 37.884829] Memory state around the buggy address: [ 37.889611] ffff000802ca6700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.896813] ffff000802ca6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.904018] >ffff000802ca6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.911218] ^ [ 37.914433] ffff000802ca6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.921638] ffff000802ca6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.928840] ==================================================================
[ 28.646200] ================================================================== [ 28.646343] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.646589] Free of addr fff00000c7870000 by task kunit_try_catch/239 [ 28.646736] [ 28.646918] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.647264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.647336] Hardware name: linux,dummy-virt (DT) [ 28.647423] Call trace: [ 28.647484] show_stack+0x20/0x38 (C) [ 28.647725] dump_stack_lvl+0x8c/0xd0 [ 28.647909] print_report+0x118/0x608 [ 28.648066] kasan_report_invalid_free+0xc0/0xe8 [ 28.648430] __kasan_mempool_poison_pages+0xe0/0xe8 [ 28.648743] mempool_free+0x24c/0x328 [ 28.648879] mempool_double_free_helper+0x150/0x2e8 [ 28.649221] mempool_page_alloc_double_free+0xbc/0x118 [ 28.649397] kunit_try_run_case+0x170/0x3f0 [ 28.649540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.649694] kthread+0x328/0x630 [ 28.649892] ret_from_fork+0x10/0x20 [ 28.650073] [ 28.650161] The buggy address belongs to the physical page: [ 28.650393] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107870 [ 28.650604] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.650780] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.651095] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.651255] page dumped because: kasan: bad access detected [ 28.651419] [ 28.651505] Memory state around the buggy address: [ 28.651590] fff00000c786ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.651714] fff00000c786ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.651830] >fff00000c7870000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.651964] ^ [ 28.652122] fff00000c7870080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.652241] fff00000c7870100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.652397] ================================================================== [ 28.623204] ================================================================== [ 28.623356] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.623546] Free of addr fff00000c786c000 by task kunit_try_catch/237 [ 28.623656] [ 28.623788] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.624031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.624115] Hardware name: linux,dummy-virt (DT) [ 28.624195] Call trace: [ 28.624248] show_stack+0x20/0x38 (C) [ 28.624380] dump_stack_lvl+0x8c/0xd0 [ 28.624540] print_report+0x118/0x608 [ 28.624798] kasan_report_invalid_free+0xc0/0xe8 [ 28.624953] __kasan_mempool_poison_object+0x14c/0x150 [ 28.625161] mempool_free+0x28c/0x328 [ 28.625294] mempool_double_free_helper+0x150/0x2e8 [ 28.625634] mempool_kmalloc_large_double_free+0xc0/0x118 [ 28.625832] kunit_try_run_case+0x170/0x3f0 [ 28.626066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.626226] kthread+0x328/0x630 [ 28.626365] ret_from_fork+0x10/0x20 [ 28.626735] [ 28.626795] The buggy address belongs to the physical page: [ 28.626904] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c [ 28.627076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.627450] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.627614] page_type: f8(unknown) [ 28.627675] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.627765] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.628102] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.628369] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.628499] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff [ 28.628676] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.628965] page dumped because: kasan: bad access detected [ 28.629169] [ 28.629214] Memory state around the buggy address: [ 28.629294] fff00000c786bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.629476] fff00000c786bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.629764] >fff00000c786c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.629862] ^ [ 28.630205] fff00000c786c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.630335] fff00000c786c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.630444] ================================================================== [ 28.595444] ================================================================== [ 28.595923] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.596201] Free of addr fff00000c6431500 by task kunit_try_catch/235 [ 28.596363] [ 28.596477] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.596687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.596908] Hardware name: linux,dummy-virt (DT) [ 28.597008] Call trace: [ 28.597151] show_stack+0x20/0x38 (C) [ 28.597297] dump_stack_lvl+0x8c/0xd0 [ 28.597431] print_report+0x118/0x608 [ 28.597553] kasan_report_invalid_free+0xc0/0xe8 [ 28.597898] check_slab_allocation+0xd4/0x108 [ 28.598393] __kasan_mempool_poison_object+0x78/0x150 [ 28.598526] mempool_free+0x28c/0x328 [ 28.598965] mempool_double_free_helper+0x150/0x2e8 [ 28.599260] mempool_kmalloc_double_free+0xc0/0x118 [ 28.599520] kunit_try_run_case+0x170/0x3f0 [ 28.600551] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.601145] kthread+0x328/0x630 [ 28.601531] ret_from_fork+0x10/0x20 [ 28.601662] [ 28.602092] Allocated by task 235: [ 28.602185] kasan_save_stack+0x3c/0x68 [ 28.602918] kasan_save_track+0x20/0x40 [ 28.603390] kasan_save_alloc_info+0x40/0x58 [ 28.604137] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.604259] remove_element+0x130/0x1f8 [ 28.604347] mempool_alloc_preallocated+0x58/0xc0 [ 28.604450] mempool_double_free_helper+0x94/0x2e8 [ 28.604731] mempool_kmalloc_double_free+0xc0/0x118 [ 28.604976] kunit_try_run_case+0x170/0x3f0 [ 28.605121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.605806] kthread+0x328/0x630 [ 28.606139] ret_from_fork+0x10/0x20 [ 28.606248] [ 28.606307] Freed by task 235: [ 28.606427] kasan_save_stack+0x3c/0x68 [ 28.606565] kasan_save_track+0x20/0x40 [ 28.606782] kasan_save_free_info+0x4c/0x78 [ 28.607056] __kasan_mempool_poison_object+0xc0/0x150 [ 28.607276] mempool_free+0x28c/0x328 [ 28.607389] mempool_double_free_helper+0x100/0x2e8 [ 28.607513] mempool_kmalloc_double_free+0xc0/0x118 [ 28.607626] kunit_try_run_case+0x170/0x3f0 [ 28.607738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.607864] kthread+0x328/0x630 [ 28.607999] ret_from_fork+0x10/0x20 [ 28.608095] [ 28.608140] The buggy address belongs to the object at fff00000c6431500 [ 28.608140] which belongs to the cache kmalloc-128 of size 128 [ 28.608282] The buggy address is located 0 bytes inside of [ 28.608282] 128-byte region [fff00000c6431500, fff00000c6431580) [ 28.608484] [ 28.608552] The buggy address belongs to the physical page: [ 28.608637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 28.608785] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.608920] page_type: f5(slab) [ 28.609083] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.609341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.609498] page dumped because: kasan: bad access detected [ 28.609611] [ 28.609676] Memory state around the buggy address: [ 28.609760] fff00000c6431400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.609983] fff00000c6431480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.610092] >fff00000c6431500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.610207] ^ [ 28.610281] fff00000c6431580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.610391] fff00000c6431600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.610488] ==================================================================
[ 28.660896] ================================================================== [ 28.661129] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.661242] Free of addr fff00000c7772100 by task kunit_try_catch/235 [ 28.661380] [ 28.661471] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.661676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.661743] Hardware name: linux,dummy-virt (DT) [ 28.661821] Call trace: [ 28.661937] show_stack+0x20/0x38 (C) [ 28.662308] dump_stack_lvl+0x8c/0xd0 [ 28.662524] print_report+0x118/0x608 [ 28.662651] kasan_report_invalid_free+0xc0/0xe8 [ 28.662792] check_slab_allocation+0xd4/0x108 [ 28.662975] __kasan_mempool_poison_object+0x78/0x150 [ 28.663130] mempool_free+0x28c/0x328 [ 28.663864] mempool_double_free_helper+0x150/0x2e8 [ 28.664009] mempool_kmalloc_double_free+0xc0/0x118 [ 28.664157] kunit_try_run_case+0x170/0x3f0 [ 28.664400] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.664648] kthread+0x328/0x630 [ 28.664772] ret_from_fork+0x10/0x20 [ 28.664937] [ 28.664991] Allocated by task 235: [ 28.665131] kasan_save_stack+0x3c/0x68 [ 28.665291] kasan_save_track+0x20/0x40 [ 28.665393] kasan_save_alloc_info+0x40/0x58 [ 28.665518] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.665631] remove_element+0x130/0x1f8 [ 28.665778] mempool_alloc_preallocated+0x58/0xc0 [ 28.665908] mempool_double_free_helper+0x94/0x2e8 [ 28.666376] mempool_kmalloc_double_free+0xc0/0x118 [ 28.666499] kunit_try_run_case+0x170/0x3f0 [ 28.666877] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.667023] kthread+0x328/0x630 [ 28.667211] ret_from_fork+0x10/0x20 [ 28.667418] [ 28.667505] Freed by task 235: [ 28.671977] kasan_save_stack+0x3c/0x68 [ 28.672233] kasan_save_track+0x20/0x40 [ 28.672366] kasan_save_free_info+0x4c/0x78 [ 28.672535] __kasan_mempool_poison_object+0xc0/0x150 [ 28.672726] mempool_free+0x28c/0x328 [ 28.673094] mempool_double_free_helper+0x100/0x2e8 [ 28.673427] mempool_kmalloc_double_free+0xc0/0x118 [ 28.673661] kunit_try_run_case+0x170/0x3f0 [ 28.673902] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.674296] kthread+0x328/0x630 [ 28.674662] ret_from_fork+0x10/0x20 [ 28.674931] [ 28.675163] The buggy address belongs to the object at fff00000c7772100 [ 28.675163] which belongs to the cache kmalloc-128 of size 128 [ 28.675410] The buggy address is located 0 bytes inside of [ 28.675410] 128-byte region [fff00000c7772100, fff00000c7772180) [ 28.675893] [ 28.675996] The buggy address belongs to the physical page: [ 28.676131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 28.676268] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.676396] page_type: f5(slab) [ 28.676501] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.677093] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.677573] page dumped because: kasan: bad access detected [ 28.677760] [ 28.677890] Memory state around the buggy address: [ 28.677996] fff00000c7772000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.678201] fff00000c7772080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.678315] >fff00000c7772100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.678417] ^ [ 28.678496] fff00000c7772180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.679031] fff00000c7772200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.679133] ================================================================== [ 28.758808] ================================================================== [ 28.759005] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.759167] Free of addr fff00000c7730000 by task kunit_try_catch/239 [ 28.759269] [ 28.759352] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.759550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.759619] Hardware name: linux,dummy-virt (DT) [ 28.759696] Call trace: [ 28.759747] show_stack+0x20/0x38 (C) [ 28.760590] dump_stack_lvl+0x8c/0xd0 [ 28.760869] print_report+0x118/0x608 [ 28.761104] kasan_report_invalid_free+0xc0/0xe8 [ 28.761344] __kasan_mempool_poison_pages+0xe0/0xe8 [ 28.761513] mempool_free+0x24c/0x328 [ 28.761664] mempool_double_free_helper+0x150/0x2e8 [ 28.761872] mempool_page_alloc_double_free+0xbc/0x118 [ 28.762016] kunit_try_run_case+0x170/0x3f0 [ 28.762154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.762292] kthread+0x328/0x630 [ 28.762429] ret_from_fork+0x10/0x20 [ 28.762887] [ 28.762951] The buggy address belongs to the physical page: [ 28.763030] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107730 [ 28.763197] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.763470] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.763604] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.763701] page dumped because: kasan: bad access detected [ 28.763809] [ 28.763880] Memory state around the buggy address: [ 28.764302] fff00000c772ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.764415] fff00000c772ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.764522] >fff00000c7730000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.764630] ^ [ 28.764879] fff00000c7730080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.765036] fff00000c7730100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.765511] ================================================================== [ 28.704411] ================================================================== [ 28.704564] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.704695] Free of addr fff00000c7730000 by task kunit_try_catch/237 [ 28.707226] [ 28.708472] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.709703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.710130] Hardware name: linux,dummy-virt (DT) [ 28.710578] Call trace: [ 28.711202] show_stack+0x20/0x38 (C) [ 28.711426] dump_stack_lvl+0x8c/0xd0 [ 28.711948] print_report+0x118/0x608 [ 28.712132] kasan_report_invalid_free+0xc0/0xe8 [ 28.712240] __kasan_mempool_poison_object+0x14c/0x150 [ 28.712311] mempool_free+0x28c/0x328 [ 28.712428] mempool_double_free_helper+0x150/0x2e8 [ 28.713088] mempool_kmalloc_large_double_free+0xc0/0x118 [ 28.713182] kunit_try_run_case+0x170/0x3f0 [ 28.713295] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.713438] kthread+0x328/0x630 [ 28.713546] ret_from_fork+0x10/0x20 [ 28.713678] [ 28.713734] The buggy address belongs to the physical page: [ 28.713857] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107730 [ 28.713995] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.714158] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.714313] page_type: f8(unknown) [ 28.714419] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.714545] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.714684] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.714825] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.715207] head: 0bfffe0000000002 ffffc1ffc31dcc01 00000000ffffffff 00000000ffffffff [ 28.715346] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.715450] page dumped because: kasan: bad access detected [ 28.716681] [ 28.716730] Memory state around the buggy address: [ 28.717090] fff00000c772ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.717521] fff00000c772ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.718261] >fff00000c7730000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.718421] ^ [ 28.718495] fff00000c7730080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.718603] fff00000c7730100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.720204] ==================================================================
[ 21.592916] ================================================================== [ 21.594267] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 21.594959] Free of addr ffff888103a78000 by task kunit_try_catch/255 [ 21.595651] [ 21.596813] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.596960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.597004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.597072] Call Trace: [ 21.597119] <TASK> [ 21.597171] dump_stack_lvl+0x73/0xb0 [ 21.597250] print_report+0xd1/0x650 [ 21.597310] ? __virt_addr_valid+0x1db/0x2d0 [ 21.597353] ? kasan_addr_to_slab+0x11/0xa0 [ 21.597384] ? mempool_double_free_helper+0x184/0x370 [ 21.597422] kasan_report_invalid_free+0x10a/0x130 [ 21.597458] ? mempool_double_free_helper+0x184/0x370 [ 21.597518] ? mempool_double_free_helper+0x184/0x370 [ 21.597668] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 21.597746] mempool_free+0x2ec/0x380 [ 21.597820] mempool_double_free_helper+0x184/0x370 [ 21.597858] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 21.597898] ? __pfx_sched_clock_cpu+0x10/0x10 [ 21.597934] ? finish_task_switch.isra.0+0x153/0x700 [ 21.597973] mempool_kmalloc_large_double_free+0xed/0x140 [ 21.598010] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 21.598051] ? __pfx_mempool_kmalloc+0x10/0x10 [ 21.598086] ? __pfx_mempool_kfree+0x10/0x10 [ 21.598126] ? __pfx_read_tsc+0x10/0x10 [ 21.598161] ? ktime_get_ts64+0x86/0x230 [ 21.598197] kunit_try_run_case+0x1a5/0x480 [ 21.598284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.598328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.598369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.598405] ? __kthread_parkme+0x82/0x180 [ 21.598435] ? preempt_count_sub+0x50/0x80 [ 21.598469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.598534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.598622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.598694] kthread+0x337/0x6f0 [ 21.598727] ? trace_preempt_on+0x20/0xc0 [ 21.598766] ? __pfx_kthread+0x10/0x10 [ 21.598797] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.598830] ? calculate_sigpending+0x7b/0xa0 [ 21.598868] ? __pfx_kthread+0x10/0x10 [ 21.598899] ret_from_fork+0x116/0x1d0 [ 21.598926] ? __pfx_kthread+0x10/0x10 [ 21.598957] ret_from_fork_asm+0x1a/0x30 [ 21.599003] </TASK> [ 21.599019] [ 21.620459] The buggy address belongs to the physical page: [ 21.621194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a78 [ 21.622135] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.623078] flags: 0x200000000000040(head|node=0|zone=2) [ 21.623819] page_type: f8(unknown) [ 21.624283] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.625060] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.625951] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.627605] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.628479] head: 0200000000000002 ffffea00040e9e01 00000000ffffffff 00000000ffffffff [ 21.629609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.631091] page dumped because: kasan: bad access detected [ 21.631437] [ 21.632278] Memory state around the buggy address: [ 21.634279] ffff888103a77f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.636379] ffff888103a77f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.637939] >ffff888103a78000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.638334] ^ [ 21.639840] ffff888103a78080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.642432] ffff888103a78100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.644406] ================================================================== [ 21.529234] ================================================================== [ 21.530055] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 21.530472] Free of addr ffff8881039c8400 by task kunit_try_catch/253 [ 21.531300] [ 21.532226] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.532362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.532529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.532601] Call Trace: [ 21.532693] <TASK> [ 21.532763] dump_stack_lvl+0x73/0xb0 [ 21.532883] print_report+0xd1/0x650 [ 21.532971] ? __virt_addr_valid+0x1db/0x2d0 [ 21.533027] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.533062] ? mempool_double_free_helper+0x184/0x370 [ 21.533099] kasan_report_invalid_free+0x10a/0x130 [ 21.533133] ? mempool_double_free_helper+0x184/0x370 [ 21.533170] ? mempool_double_free_helper+0x184/0x370 [ 21.533204] ? mempool_double_free_helper+0x184/0x370 [ 21.533257] check_slab_allocation+0x101/0x130 [ 21.533305] __kasan_mempool_poison_object+0x91/0x1d0 [ 21.533341] mempool_free+0x2ec/0x380 [ 21.533376] mempool_double_free_helper+0x184/0x370 [ 21.533412] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 21.533449] ? __kasan_check_write+0x18/0x20 [ 21.533479] ? __pfx_sched_clock_cpu+0x10/0x10 [ 21.533547] ? finish_task_switch.isra.0+0x153/0x700 [ 21.533649] mempool_kmalloc_double_free+0xed/0x140 [ 21.533703] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 21.533745] ? __pfx_mempool_kmalloc+0x10/0x10 [ 21.533782] ? __pfx_mempool_kfree+0x10/0x10 [ 21.533822] ? __pfx_read_tsc+0x10/0x10 [ 21.533852] ? ktime_get_ts64+0x86/0x230 [ 21.533889] kunit_try_run_case+0x1a5/0x480 [ 21.533930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.533965] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.534002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.534036] ? __kthread_parkme+0x82/0x180 [ 21.534064] ? preempt_count_sub+0x50/0x80 [ 21.534095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.534131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.534165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.534199] kthread+0x337/0x6f0 [ 21.534244] ? trace_preempt_on+0x20/0xc0 [ 21.534293] ? __pfx_kthread+0x10/0x10 [ 21.534328] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.534361] ? calculate_sigpending+0x7b/0xa0 [ 21.534400] ? __pfx_kthread+0x10/0x10 [ 21.534430] ret_from_fork+0x116/0x1d0 [ 21.534456] ? __pfx_kthread+0x10/0x10 [ 21.534485] ret_from_fork_asm+0x1a/0x30 [ 21.534561] </TASK> [ 21.534595] [ 21.557767] Allocated by task 253: [ 21.558191] kasan_save_stack+0x45/0x70 [ 21.558845] kasan_save_track+0x18/0x40 [ 21.559264] kasan_save_alloc_info+0x3b/0x50 [ 21.559773] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 21.560298] remove_element+0x11e/0x190 [ 21.561241] mempool_alloc_preallocated+0x4d/0x90 [ 21.561823] mempool_double_free_helper+0x8a/0x370 [ 21.562350] mempool_kmalloc_double_free+0xed/0x140 [ 21.562899] kunit_try_run_case+0x1a5/0x480 [ 21.563341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.563940] kthread+0x337/0x6f0 [ 21.564296] ret_from_fork+0x116/0x1d0 [ 21.564742] ret_from_fork_asm+0x1a/0x30 [ 21.565095] [ 21.565322] Freed by task 253: [ 21.565710] kasan_save_stack+0x45/0x70 [ 21.566097] kasan_save_track+0x18/0x40 [ 21.566648] kasan_save_free_info+0x3f/0x60 [ 21.567104] __kasan_mempool_poison_object+0x131/0x1d0 [ 21.567592] mempool_free+0x2ec/0x380 [ 21.568880] mempool_double_free_helper+0x109/0x370 [ 21.569260] mempool_kmalloc_double_free+0xed/0x140 [ 21.569777] kunit_try_run_case+0x1a5/0x480 [ 21.570289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.570870] kthread+0x337/0x6f0 [ 21.571247] ret_from_fork+0x116/0x1d0 [ 21.571599] ret_from_fork_asm+0x1a/0x30 [ 21.572028] [ 21.572270] The buggy address belongs to the object at ffff8881039c8400 [ 21.572270] which belongs to the cache kmalloc-128 of size 128 [ 21.573205] The buggy address is located 0 bytes inside of [ 21.573205] 128-byte region [ffff8881039c8400, ffff8881039c8480) [ 21.574397] [ 21.574879] The buggy address belongs to the physical page: [ 21.575297] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 21.576395] flags: 0x200000000000000(node=0|zone=2) [ 21.576968] page_type: f5(slab) [ 21.577308] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.577932] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.578724] page dumped because: kasan: bad access detected [ 21.579088] [ 21.579271] Memory state around the buggy address: [ 21.580641] ffff8881039c8300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.581692] ffff8881039c8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.582154] >ffff8881039c8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.583093] ^ [ 21.583533] ffff8881039c8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.584178] ffff8881039c8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.584789] ================================================================== [ 21.651811] ================================================================== [ 21.652700] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 21.654122] Free of addr ffff888103ab8000 by task kunit_try_catch/257 [ 21.655193] [ 21.655645] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.655834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.655895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.655961] Call Trace: [ 21.656005] <TASK> [ 21.656058] dump_stack_lvl+0x73/0xb0 [ 21.656160] print_report+0xd1/0x650 [ 21.656229] ? __virt_addr_valid+0x1db/0x2d0 [ 21.656294] ? kasan_addr_to_slab+0x11/0xa0 [ 21.656325] ? mempool_double_free_helper+0x184/0x370 [ 21.656360] kasan_report_invalid_free+0x10a/0x130 [ 21.656396] ? mempool_double_free_helper+0x184/0x370 [ 21.656434] ? mempool_double_free_helper+0x184/0x370 [ 21.656468] __kasan_mempool_poison_pages+0x115/0x130 [ 21.656533] mempool_free+0x290/0x380 [ 21.656637] mempool_double_free_helper+0x184/0x370 [ 21.656712] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 21.656786] ? __kasan_check_write+0x18/0x20 [ 21.656845] ? __pfx_sched_clock_cpu+0x10/0x10 [ 21.656912] ? finish_task_switch.isra.0+0x153/0x700 [ 21.656984] mempool_page_alloc_double_free+0xe8/0x140 [ 21.657026] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 21.657067] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 21.657094] ? __pfx_mempool_free_pages+0x10/0x10 [ 21.657126] ? __pfx_read_tsc+0x10/0x10 [ 21.657157] ? ktime_get_ts64+0x86/0x230 [ 21.657192] kunit_try_run_case+0x1a5/0x480 [ 21.657245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.657299] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.657337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.657371] ? __kthread_parkme+0x82/0x180 [ 21.657400] ? preempt_count_sub+0x50/0x80 [ 21.657431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.657465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.657523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.657597] kthread+0x337/0x6f0 [ 21.657692] ? trace_preempt_on+0x20/0xc0 [ 21.657732] ? __pfx_kthread+0x10/0x10 [ 21.657762] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.657794] ? calculate_sigpending+0x7b/0xa0 [ 21.657830] ? __pfx_kthread+0x10/0x10 [ 21.657859] ret_from_fork+0x116/0x1d0 [ 21.657886] ? __pfx_kthread+0x10/0x10 [ 21.657914] ret_from_fork_asm+0x1a/0x30 [ 21.657958] </TASK> [ 21.657974] [ 21.683755] The buggy address belongs to the physical page: [ 21.684492] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab8 [ 21.685859] flags: 0x200000000000000(node=0|zone=2) [ 21.686564] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 21.687443] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 21.688189] page dumped because: kasan: bad access detected [ 21.689054] [ 21.689219] Memory state around the buggy address: [ 21.689986] ffff888103ab7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.690929] ffff888103ab7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.691790] >ffff888103ab8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.693094] ^ [ 21.693886] ffff888103ab8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.694466] ffff888103ab8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.695357] ==================================================================
[ 20.335164] ================================================================== [ 20.336191] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 20.337138] Free of addr ffff8881038d5a00 by task kunit_try_catch/253 [ 20.338164] [ 20.338675] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.338794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.338832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.338910] Call Trace: [ 20.338947] <TASK> [ 20.338971] dump_stack_lvl+0x73/0xb0 [ 20.339017] print_report+0xd1/0x650 [ 20.339050] ? __virt_addr_valid+0x1db/0x2d0 [ 20.339084] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.339136] ? mempool_double_free_helper+0x184/0x370 [ 20.339185] kasan_report_invalid_free+0x10a/0x130 [ 20.339222] ? mempool_double_free_helper+0x184/0x370 [ 20.339259] ? mempool_double_free_helper+0x184/0x370 [ 20.339293] ? mempool_double_free_helper+0x184/0x370 [ 20.339326] check_slab_allocation+0x101/0x130 [ 20.339356] __kasan_mempool_poison_object+0x91/0x1d0 [ 20.339392] mempool_free+0x2ec/0x380 [ 20.339426] mempool_double_free_helper+0x184/0x370 [ 20.339461] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 20.339497] ? __kasan_check_write+0x18/0x20 [ 20.339726] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.339814] ? finish_task_switch.isra.0+0x153/0x700 [ 20.339978] mempool_kmalloc_double_free+0xed/0x140 [ 20.340021] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 20.340063] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.340104] ? __pfx_mempool_kfree+0x10/0x10 [ 20.340168] ? __pfx_read_tsc+0x10/0x10 [ 20.340201] ? ktime_get_ts64+0x86/0x230 [ 20.340234] kunit_try_run_case+0x1a5/0x480 [ 20.340270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.340304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.340341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.340375] ? __kthread_parkme+0x82/0x180 [ 20.340401] ? preempt_count_sub+0x50/0x80 [ 20.340433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.340470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.340502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.340575] kthread+0x337/0x6f0 [ 20.340654] ? trace_preempt_on+0x20/0xc0 [ 20.340709] ? __pfx_kthread+0x10/0x10 [ 20.340743] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.340775] ? calculate_sigpending+0x7b/0xa0 [ 20.340809] ? __pfx_kthread+0x10/0x10 [ 20.340840] ret_from_fork+0x116/0x1d0 [ 20.340865] ? __pfx_kthread+0x10/0x10 [ 20.340923] ret_from_fork_asm+0x1a/0x30 [ 20.340967] </TASK> [ 20.340982] [ 20.360153] Allocated by task 253: [ 20.360680] kasan_save_stack+0x45/0x70 [ 20.361174] kasan_save_track+0x18/0x40 [ 20.361821] kasan_save_alloc_info+0x3b/0x50 [ 20.362377] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.363175] remove_element+0x11e/0x190 [ 20.363737] mempool_alloc_preallocated+0x4d/0x90 [ 20.364302] mempool_double_free_helper+0x8a/0x370 [ 20.364927] mempool_kmalloc_double_free+0xed/0x140 [ 20.365500] kunit_try_run_case+0x1a5/0x480 [ 20.366180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.366850] kthread+0x337/0x6f0 [ 20.367304] ret_from_fork+0x116/0x1d0 [ 20.367740] ret_from_fork_asm+0x1a/0x30 [ 20.368444] [ 20.368795] Freed by task 253: [ 20.369143] kasan_save_stack+0x45/0x70 [ 20.369720] kasan_save_track+0x18/0x40 [ 20.370217] kasan_save_free_info+0x3f/0x60 [ 20.370843] __kasan_mempool_poison_object+0x131/0x1d0 [ 20.371301] mempool_free+0x2ec/0x380 [ 20.371801] mempool_double_free_helper+0x109/0x370 [ 20.372455] mempool_kmalloc_double_free+0xed/0x140 [ 20.373188] kunit_try_run_case+0x1a5/0x480 [ 20.373871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.374484] kthread+0x337/0x6f0 [ 20.375002] ret_from_fork+0x116/0x1d0 [ 20.375334] ret_from_fork_asm+0x1a/0x30 [ 20.375761] [ 20.376220] The buggy address belongs to the object at ffff8881038d5a00 [ 20.376220] which belongs to the cache kmalloc-128 of size 128 [ 20.377437] The buggy address is located 0 bytes inside of [ 20.377437] 128-byte region [ffff8881038d5a00, ffff8881038d5a80) [ 20.378743] [ 20.379014] The buggy address belongs to the physical page: [ 20.379527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 20.380390] flags: 0x200000000000000(node=0|zone=2) [ 20.381034] page_type: f5(slab) [ 20.381461] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.382226] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.383124] page dumped because: kasan: bad access detected [ 20.384182] [ 20.384384] Memory state around the buggy address: [ 20.385035] ffff8881038d5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.385847] ffff8881038d5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.386673] >ffff8881038d5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.387314] ^ [ 20.388024] ffff8881038d5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.388721] ffff8881038d5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.389322] ================================================================== [ 20.447837] ================================================================== [ 20.449058] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 20.450775] Free of addr ffff888102a48000 by task kunit_try_catch/257 [ 20.452610] [ 20.452764] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.452829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.452847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.452901] Call Trace: [ 20.452943] <TASK> [ 20.452985] dump_stack_lvl+0x73/0xb0 [ 20.453075] print_report+0xd1/0x650 [ 20.453215] ? __virt_addr_valid+0x1db/0x2d0 [ 20.453284] ? kasan_addr_to_slab+0x11/0xa0 [ 20.453322] ? mempool_double_free_helper+0x184/0x370 [ 20.453396] kasan_report_invalid_free+0x10a/0x130 [ 20.453437] ? mempool_double_free_helper+0x184/0x370 [ 20.453475] ? mempool_double_free_helper+0x184/0x370 [ 20.453510] __kasan_mempool_poison_pages+0x115/0x130 [ 20.453771] mempool_free+0x290/0x380 [ 20.453816] mempool_double_free_helper+0x184/0x370 [ 20.453855] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 20.453918] ? __kasan_check_write+0x18/0x20 [ 20.453949] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.453979] ? irqentry_exit+0x2a/0x60 [ 20.454013] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 20.454052] mempool_page_alloc_double_free+0xe8/0x140 [ 20.454089] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 20.454159] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 20.454189] ? __pfx_mempool_free_pages+0x10/0x10 [ 20.454219] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 20.454268] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 20.454308] kunit_try_run_case+0x1a5/0x480 [ 20.454348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.454384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.454419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.454453] ? __kthread_parkme+0x82/0x180 [ 20.454483] ? preempt_count_sub+0x50/0x80 [ 20.454523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.454602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.454660] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.454696] kthread+0x337/0x6f0 [ 20.454725] ? trace_preempt_on+0x20/0xc0 [ 20.454757] ? __pfx_kthread+0x10/0x10 [ 20.454786] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.454816] ? calculate_sigpending+0x7b/0xa0 [ 20.454851] ? __pfx_kthread+0x10/0x10 [ 20.454904] ret_from_fork+0x116/0x1d0 [ 20.454937] ? __pfx_kthread+0x10/0x10 [ 20.454967] ret_from_fork_asm+0x1a/0x30 [ 20.455010] </TASK> [ 20.455024] [ 20.478702] The buggy address belongs to the physical page: [ 20.479373] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a48 [ 20.480301] flags: 0x200000000000000(node=0|zone=2) [ 20.480934] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 20.482313] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.482944] page dumped because: kasan: bad access detected [ 20.483714] [ 20.483954] Memory state around the buggy address: [ 20.484872] ffff888102a47f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.485575] ffff888102a47f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.486504] >ffff888102a48000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.487417] ^ [ 20.488076] ffff888102a48080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.489090] ffff888102a48100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.489909] ================================================================== [ 20.395377] ================================================================== [ 20.396703] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 20.397747] Free of addr ffff888103990000 by task kunit_try_catch/255 [ 20.398359] [ 20.398716] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.398836] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.398891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.398956] Call Trace: [ 20.398992] <TASK> [ 20.399155] dump_stack_lvl+0x73/0xb0 [ 20.399421] print_report+0xd1/0x650 [ 20.399487] ? __virt_addr_valid+0x1db/0x2d0 [ 20.400030] ? kasan_addr_to_slab+0x11/0xa0 [ 20.400074] ? mempool_double_free_helper+0x184/0x370 [ 20.400130] kasan_report_invalid_free+0x10a/0x130 [ 20.400181] ? mempool_double_free_helper+0x184/0x370 [ 20.400220] ? mempool_double_free_helper+0x184/0x370 [ 20.400254] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 20.400292] mempool_free+0x2ec/0x380 [ 20.400324] mempool_double_free_helper+0x184/0x370 [ 20.400359] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 20.400397] ? __kasan_check_write+0x18/0x20 [ 20.400424] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.400455] ? finish_task_switch.isra.0+0x153/0x700 [ 20.400491] mempool_kmalloc_large_double_free+0xed/0x140 [ 20.400587] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 20.400671] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.400709] ? __pfx_mempool_kfree+0x10/0x10 [ 20.400746] ? __pfx_read_tsc+0x10/0x10 [ 20.400777] ? ktime_get_ts64+0x86/0x230 [ 20.400810] kunit_try_run_case+0x1a5/0x480 [ 20.400848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.400909] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.400951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.400986] ? __kthread_parkme+0x82/0x180 [ 20.401014] ? preempt_count_sub+0x50/0x80 [ 20.401045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.401080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.401157] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.401199] kthread+0x337/0x6f0 [ 20.401228] ? trace_preempt_on+0x20/0xc0 [ 20.401262] ? __pfx_kthread+0x10/0x10 [ 20.401292] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.401323] ? calculate_sigpending+0x7b/0xa0 [ 20.401359] ? __pfx_kthread+0x10/0x10 [ 20.401389] ret_from_fork+0x116/0x1d0 [ 20.401414] ? __pfx_kthread+0x10/0x10 [ 20.401443] ret_from_fork_asm+0x1a/0x30 [ 20.401483] </TASK> [ 20.401497] [ 20.427678] The buggy address belongs to the physical page: [ 20.428255] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103990 [ 20.429004] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.429899] flags: 0x200000000000040(head|node=0|zone=2) [ 20.430535] page_type: f8(unknown) [ 20.431080] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.432187] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.432948] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.433734] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.434470] head: 0200000000000002 ffffea00040e6401 00000000ffffffff 00000000ffffffff [ 20.435261] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.436163] page dumped because: kasan: bad access detected [ 20.436673] [ 20.437075] Memory state around the buggy address: [ 20.437579] ffff88810398ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.438674] ffff88810398ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.439354] >ffff888103990000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.440297] ^ [ 20.440655] ffff888103990080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.441387] ffff888103990100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.441900] ==================================================================
[ 22.339973] ================================================================== [ 22.341142] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 22.341830] Free of addr ffff00000e1f8000 by task kunit_try_catch/292 [ 22.342427] [ 22.342590] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.342640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.342654] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.342672] Call trace: [ 22.342683] show_stack+0x20/0x38 (C) [ 22.342717] dump_stack_lvl+0x8c/0xd0 [ 22.342752] print_report+0x118/0x608 [ 22.342787] kasan_report_invalid_free+0xc0/0xe8 [ 22.342821] __kasan_mempool_poison_pages+0xe0/0xe8 [ 22.342857] mempool_free+0x24c/0x328 [ 22.342885] mempool_double_free_helper+0x150/0x2e8 [ 22.342916] mempool_page_alloc_double_free+0xbc/0x118 [ 22.342951] kunit_try_run_case+0x170/0x3f0 [ 22.342986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.343025] kthread+0x328/0x630 [ 22.343053] ret_from_fork+0x10/0x20 [ 22.343087] [ 22.349610] The buggy address belongs to the physical page: [ 22.350127] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe1f8 [ 22.350853] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.351477] raw: 03fffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 22.352193] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 22.352902] page dumped because: kasan: bad access detected [ 22.353416] [ 22.353569] Memory state around the buggy address: [ 22.354018] ffff00000e1f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.354685] ffff00000e1f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.355351] >ffff00000e1f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.356014] ^ [ 22.356325] ffff00000e1f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.356992] ffff00000e1f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.357655] ================================================================== [ 22.315025] ================================================================== [ 22.316152] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 22.316825] Free of addr ffff00000e270000 by task kunit_try_catch/290 [ 22.317417] [ 22.317577] CPU: 3 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.317620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.317632] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.317647] Call trace: [ 22.317657] show_stack+0x20/0x38 (C) [ 22.317688] dump_stack_lvl+0x8c/0xd0 [ 22.317719] print_report+0x118/0x608 [ 22.317748] kasan_report_invalid_free+0xc0/0xe8 [ 22.317777] __kasan_mempool_poison_object+0x14c/0x150 [ 22.317807] mempool_free+0x28c/0x328 [ 22.317831] mempool_double_free_helper+0x150/0x2e8 [ 22.317859] mempool_kmalloc_large_double_free+0xc0/0x118 [ 22.317886] kunit_try_run_case+0x170/0x3f0 [ 22.317916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.317948] kthread+0x328/0x630 [ 22.317972] ret_from_fork+0x10/0x20 [ 22.317999] [ 22.324535] The buggy address belongs to the physical page: [ 22.325047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe270 [ 22.325765] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.326463] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 22.327108] page_type: f8(unknown) [ 22.327437] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.328144] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.328852] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.329567] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.330284] head: 03fffe0000000002 fffffdffc0389c01 00000000ffffffff 00000000ffffffff [ 22.330999] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.331708] page dumped because: kasan: bad access detected [ 22.332216] [ 22.332364] Memory state around the buggy address: [ 22.332808] ffff00000e26ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.333467] ffff00000e26ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.334127] >ffff00000e270000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.334781] ^ [ 22.335087] ffff00000e270080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.335746] ffff00000e270100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.336402] ================================================================== [ 22.280405] ================================================================== [ 22.281489] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 22.282171] Free of addr ffff00000cea4600 by task kunit_try_catch/288 [ 22.282763] [ 22.282922] CPU: 3 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.282965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.282978] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.282993] Call trace: [ 22.283003] show_stack+0x20/0x38 (C) [ 22.283031] dump_stack_lvl+0x8c/0xd0 [ 22.283061] print_report+0x118/0x608 [ 22.283090] kasan_report_invalid_free+0xc0/0xe8 [ 22.283119] check_slab_allocation+0xd4/0x108 [ 22.283147] __kasan_mempool_poison_object+0x78/0x150 [ 22.283177] mempool_free+0x28c/0x328 [ 22.283202] mempool_double_free_helper+0x150/0x2e8 [ 22.283228] mempool_kmalloc_double_free+0xc0/0x118 [ 22.283255] kunit_try_run_case+0x170/0x3f0 [ 22.283285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.283317] kthread+0x328/0x630 [ 22.283340] ret_from_fork+0x10/0x20 [ 22.283367] [ 22.290235] Allocated by task 288: [ 22.290557] kasan_save_stack+0x3c/0x68 [ 22.290928] kasan_save_track+0x20/0x40 [ 22.291296] kasan_save_alloc_info+0x40/0x58 [ 22.291705] __kasan_mempool_unpoison_object+0x11c/0x180 [ 22.292206] remove_element+0x130/0x1f8 [ 22.292572] mempool_alloc_preallocated+0x58/0xc0 [ 22.293014] mempool_double_free_helper+0x94/0x2e8 [ 22.293466] mempool_kmalloc_double_free+0xc0/0x118 [ 22.293923] kunit_try_run_case+0x170/0x3f0 [ 22.294322] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.294838] kthread+0x328/0x630 [ 22.295148] ret_from_fork+0x10/0x20 [ 22.295491] [ 22.295641] Freed by task 288: [ 22.295930] kasan_save_stack+0x3c/0x68 [ 22.296298] kasan_save_track+0x20/0x40 [ 22.296667] kasan_save_free_info+0x4c/0x78 [ 22.297068] __kasan_mempool_poison_object+0xc0/0x150 [ 22.297545] mempool_free+0x28c/0x328 [ 22.297895] mempool_double_free_helper+0x100/0x2e8 [ 22.298354] mempool_kmalloc_double_free+0xc0/0x118 [ 22.298812] kunit_try_run_case+0x170/0x3f0 [ 22.299212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.299727] kthread+0x328/0x630 [ 22.300037] ret_from_fork+0x10/0x20 [ 22.300381] [ 22.300531] The buggy address belongs to the object at ffff00000cea4600 [ 22.300531] which belongs to the cache kmalloc-128 of size 128 [ 22.301656] The buggy address is located 0 bytes inside of [ 22.301656] 128-byte region [ffff00000cea4600, ffff00000cea4680) [ 22.302698] [ 22.302848] The buggy address belongs to the physical page: [ 22.303359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xcea4 [ 22.304077] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.304682] page_type: f5(slab) [ 22.304990] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 22.305697] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.306399] page dumped because: kasan: bad access detected [ 22.306907] [ 22.307056] Memory state around the buggy address: [ 22.307499] ffff00000cea4500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.308158] ffff00000cea4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.308817] >ffff00000cea4600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.309473] ^ [ 22.309778] ffff00000cea4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.310436] ffff00000cea4700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.311092] ==================================================================