Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.000113] ================================================================== [ 18.000287] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.000394] Free of addr fff00000c799c000 by task kunit_try_catch/240 [ 18.000498] [ 18.000532] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.000633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.000659] Hardware name: linux,dummy-virt (DT) [ 18.000691] Call trace: [ 18.000712] show_stack+0x20/0x38 (C) [ 18.001073] dump_stack_lvl+0x8c/0xd0 [ 18.001194] print_report+0x118/0x5d0 [ 18.001330] kasan_report_invalid_free+0xc0/0xe8 [ 18.001406] __kasan_mempool_poison_pages+0xe0/0xe8 [ 18.001505] mempool_free+0x24c/0x328 [ 18.001612] mempool_double_free_helper+0x150/0x2e8 [ 18.001709] mempool_page_alloc_double_free+0xbc/0x118 [ 18.001804] kunit_try_run_case+0x170/0x3f0 [ 18.001932] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.001997] kthread+0x328/0x630 [ 18.002038] ret_from_fork+0x10/0x20 [ 18.002394] [ 18.002455] The buggy address belongs to the physical page: [ 18.002508] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10799c [ 18.002611] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.002748] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 18.002846] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 18.002945] page dumped because: kasan: bad access detected [ 18.003063] [ 18.003156] Memory state around the buggy address: [ 18.003281] fff00000c799bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.003327] fff00000c799bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.003389] >fff00000c799c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.003641] ^ [ 18.003688] fff00000c799c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.003735] fff00000c799c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.003833] ================================================================== [ 17.989636] ================================================================== [ 17.989699] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 17.989770] Free of addr fff00000c799c000 by task kunit_try_catch/238 [ 17.989814] [ 17.989873] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.989972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.989999] Hardware name: linux,dummy-virt (DT) [ 17.990030] Call trace: [ 17.990050] show_stack+0x20/0x38 (C) [ 17.990281] dump_stack_lvl+0x8c/0xd0 [ 17.990344] print_report+0x118/0x5d0 [ 17.990432] kasan_report_invalid_free+0xc0/0xe8 [ 17.990484] __kasan_mempool_poison_object+0x14c/0x150 [ 17.990538] mempool_free+0x28c/0x328 [ 17.990582] mempool_double_free_helper+0x150/0x2e8 [ 17.990656] mempool_kmalloc_large_double_free+0xc0/0x118 [ 17.990708] kunit_try_run_case+0x170/0x3f0 [ 17.990755] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.990807] kthread+0x328/0x630 [ 17.990848] ret_from_fork+0x10/0x20 [ 17.990893] [ 17.990914] The buggy address belongs to the physical page: [ 17.990944] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10799c [ 17.990999] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.991046] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.991215] page_type: f8(unknown) [ 17.991264] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.991316] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.991366] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.991561] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.991625] head: 0bfffe0000000002 ffffc1ffc31e6701 00000000ffffffff 00000000ffffffff [ 17.991676] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.991753] page dumped because: kasan: bad access detected [ 17.991815] [ 17.991834] Memory state around the buggy address: [ 17.991870] fff00000c799bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.991916] fff00000c799bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.991960] >fff00000c799c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.991998] ^ [ 17.992026] fff00000c799c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.992068] fff00000c799c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.992115] ================================================================== [ 17.975927] ================================================================== [ 17.975993] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 17.976057] Free of addr fff00000c58c3200 by task kunit_try_catch/236 [ 17.976179] [ 17.976277] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.976402] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.976548] Hardware name: linux,dummy-virt (DT) [ 17.976637] Call trace: [ 17.976671] show_stack+0x20/0x38 (C) [ 17.976723] dump_stack_lvl+0x8c/0xd0 [ 17.977063] print_report+0x118/0x5d0 [ 17.977174] kasan_report_invalid_free+0xc0/0xe8 [ 17.977307] check_slab_allocation+0xd4/0x108 [ 17.977526] __kasan_mempool_poison_object+0x78/0x150 [ 17.977687] mempool_free+0x28c/0x328 [ 17.977794] mempool_double_free_helper+0x150/0x2e8 [ 17.977897] mempool_kmalloc_double_free+0xc0/0x118 [ 17.977992] kunit_try_run_case+0x170/0x3f0 [ 17.978041] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.978141] kthread+0x328/0x630 [ 17.978416] ret_from_fork+0x10/0x20 [ 17.978579] [ 17.978755] Allocated by task 236: [ 17.978788] kasan_save_stack+0x3c/0x68 [ 17.978978] kasan_save_track+0x20/0x40 [ 17.979119] kasan_save_alloc_info+0x40/0x58 [ 17.979206] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.979352] remove_element+0x130/0x1f8 [ 17.979438] mempool_alloc_preallocated+0x58/0xc0 [ 17.979515] mempool_double_free_helper+0x94/0x2e8 [ 17.979666] mempool_kmalloc_double_free+0xc0/0x118 [ 17.979771] kunit_try_run_case+0x170/0x3f0 [ 17.979907] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.979952] kthread+0x328/0x630 [ 17.980493] ret_from_fork+0x10/0x20 [ 17.980692] [ 17.980715] Freed by task 236: [ 17.980745] kasan_save_stack+0x3c/0x68 [ 17.980843] kasan_save_track+0x20/0x40 [ 17.980883] kasan_save_free_info+0x4c/0x78 [ 17.980921] __kasan_mempool_poison_object+0xc0/0x150 [ 17.980963] mempool_free+0x28c/0x328 [ 17.980997] mempool_double_free_helper+0x100/0x2e8 [ 17.981035] mempool_kmalloc_double_free+0xc0/0x118 [ 17.981075] kunit_try_run_case+0x170/0x3f0 [ 17.981112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.981173] kthread+0x328/0x630 [ 17.981218] ret_from_fork+0x10/0x20 [ 17.981252] [ 17.981271] The buggy address belongs to the object at fff00000c58c3200 [ 17.981271] which belongs to the cache kmalloc-128 of size 128 [ 17.981500] The buggy address is located 0 bytes inside of [ 17.981500] 128-byte region [fff00000c58c3200, fff00000c58c3280) [ 17.981635] [ 17.981657] The buggy address belongs to the physical page: [ 17.981690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 17.981763] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.981897] page_type: f5(slab) [ 17.981964] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.982043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.982084] page dumped because: kasan: bad access detected [ 17.982215] [ 17.982234] Memory state around the buggy address: [ 17.982267] fff00000c58c3100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.982321] fff00000c58c3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.982414] >fff00000c58c3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.982453] ^ [ 17.982482] fff00000c58c3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.982687] fff00000c58c3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.982760] ==================================================================
[ 18.735330] ================================================================== [ 18.735394] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.735447] Free of addr fff00000c78ec000 by task kunit_try_catch/238 [ 18.735491] [ 18.735525] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.735605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.735632] Hardware name: linux,dummy-virt (DT) [ 18.735664] Call trace: [ 18.735686] show_stack+0x20/0x38 (C) [ 18.735733] dump_stack_lvl+0x8c/0xd0 [ 18.735779] print_report+0x118/0x5d0 [ 18.735825] kasan_report_invalid_free+0xc0/0xe8 [ 18.736228] __kasan_mempool_poison_object+0x14c/0x150 [ 18.736427] mempool_free+0x28c/0x328 [ 18.736606] mempool_double_free_helper+0x150/0x2e8 [ 18.736708] mempool_kmalloc_large_double_free+0xc0/0x118 [ 18.736774] kunit_try_run_case+0x170/0x3f0 [ 18.736821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.737177] kthread+0x328/0x630 [ 18.737249] ret_from_fork+0x10/0x20 [ 18.737299] [ 18.737320] The buggy address belongs to the physical page: [ 18.737366] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078ec [ 18.737425] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.737794] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.737874] page_type: f8(unknown) [ 18.738081] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.738251] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.738307] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.738358] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.738419] head: 0bfffe0000000002 ffffc1ffc31e3b01 00000000ffffffff 00000000ffffffff [ 18.738704] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.738805] page dumped because: kasan: bad access detected [ 18.738837] [ 18.738854] Memory state around the buggy address: [ 18.738906] fff00000c78ebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.739259] fff00000c78ebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.739422] >fff00000c78ec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.739469] ^ [ 18.739496] fff00000c78ec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.739539] fff00000c78ec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.739578] ================================================================== [ 18.718922] ================================================================== [ 18.719099] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.719201] Free of addr fff00000c5ae0200 by task kunit_try_catch/236 [ 18.719246] [ 18.719479] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.719816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.719872] Hardware name: linux,dummy-virt (DT) [ 18.719957] Call trace: [ 18.719978] show_stack+0x20/0x38 (C) [ 18.720047] dump_stack_lvl+0x8c/0xd0 [ 18.720092] print_report+0x118/0x5d0 [ 18.720140] kasan_report_invalid_free+0xc0/0xe8 [ 18.720199] check_slab_allocation+0xd4/0x108 [ 18.720447] __kasan_mempool_poison_object+0x78/0x150 [ 18.720562] mempool_free+0x28c/0x328 [ 18.720655] mempool_double_free_helper+0x150/0x2e8 [ 18.720784] mempool_kmalloc_double_free+0xc0/0x118 [ 18.720851] kunit_try_run_case+0x170/0x3f0 [ 18.720993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.721047] kthread+0x328/0x630 [ 18.721089] ret_from_fork+0x10/0x20 [ 18.721154] [ 18.721254] Allocated by task 236: [ 18.721284] kasan_save_stack+0x3c/0x68 [ 18.721324] kasan_save_track+0x20/0x40 [ 18.721361] kasan_save_alloc_info+0x40/0x58 [ 18.721399] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.721559] remove_element+0x130/0x1f8 [ 18.721604] mempool_alloc_preallocated+0x58/0xc0 [ 18.721762] mempool_double_free_helper+0x94/0x2e8 [ 18.721954] mempool_kmalloc_double_free+0xc0/0x118 [ 18.722070] kunit_try_run_case+0x170/0x3f0 [ 18.722107] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.722151] kthread+0x328/0x630 [ 18.722235] ret_from_fork+0x10/0x20 [ 18.722272] [ 18.722291] Freed by task 236: [ 18.722319] kasan_save_stack+0x3c/0x68 [ 18.722357] kasan_save_track+0x20/0x40 [ 18.722509] kasan_save_free_info+0x4c/0x78 [ 18.722550] __kasan_mempool_poison_object+0xc0/0x150 [ 18.722887] mempool_free+0x28c/0x328 [ 18.722962] mempool_double_free_helper+0x100/0x2e8 [ 18.723010] mempool_kmalloc_double_free+0xc0/0x118 [ 18.723052] kunit_try_run_case+0x170/0x3f0 [ 18.723191] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.723236] kthread+0x328/0x630 [ 18.723269] ret_from_fork+0x10/0x20 [ 18.723305] [ 18.723324] The buggy address belongs to the object at fff00000c5ae0200 [ 18.723324] which belongs to the cache kmalloc-128 of size 128 [ 18.723385] The buggy address is located 0 bytes inside of [ 18.723385] 128-byte region [fff00000c5ae0200, fff00000c5ae0280) [ 18.723446] [ 18.723465] The buggy address belongs to the physical page: [ 18.723504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 18.723610] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.723820] page_type: f5(slab) [ 18.723866] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.724004] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.724046] page dumped because: kasan: bad access detected [ 18.724078] [ 18.724096] Memory state around the buggy address: [ 18.724127] fff00000c5ae0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.724458] fff00000c5ae0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.724774] >fff00000c5ae0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.724858] ^ [ 18.725077] fff00000c5ae0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.725173] fff00000c5ae0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.725246] ================================================================== [ 18.752901] ================================================================== [ 18.752963] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.753027] Free of addr fff00000c78ec000 by task kunit_try_catch/240 [ 18.753242] [ 18.753275] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.753594] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.753622] Hardware name: linux,dummy-virt (DT) [ 18.753731] Call trace: [ 18.753839] show_stack+0x20/0x38 (C) [ 18.754008] dump_stack_lvl+0x8c/0xd0 [ 18.754457] print_report+0x118/0x5d0 [ 18.754555] kasan_report_invalid_free+0xc0/0xe8 [ 18.754607] __kasan_mempool_poison_pages+0xe0/0xe8 [ 18.754659] mempool_free+0x24c/0x328 [ 18.754703] mempool_double_free_helper+0x150/0x2e8 [ 18.755295] mempool_page_alloc_double_free+0xbc/0x118 [ 18.755542] kunit_try_run_case+0x170/0x3f0 [ 18.755861] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.755946] kthread+0x328/0x630 [ 18.756005] ret_from_fork+0x10/0x20 [ 18.756053] [ 18.756075] The buggy address belongs to the physical page: [ 18.756107] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078ec [ 18.756167] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.756241] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 18.756292] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 18.756334] page dumped because: kasan: bad access detected [ 18.756759] [ 18.756779] Memory state around the buggy address: [ 18.756819] fff00000c78ebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.757013] fff00000c78ebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.757320] >fff00000c78ec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.757364] ^ [ 18.757395] fff00000c78ec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.757441] fff00000c78ec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.757479] ==================================================================
[ 14.346146] ================================================================== [ 14.346847] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.347826] Free of addr ffff888103a64000 by task kunit_try_catch/257 [ 14.348058] [ 14.348259] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.348317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.348329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.348350] Call Trace: [ 14.348363] <TASK> [ 14.348398] dump_stack_lvl+0x73/0xb0 [ 14.348432] print_report+0xd1/0x610 [ 14.348467] ? __virt_addr_valid+0x1db/0x2d0 [ 14.348510] ? kasan_addr_to_slab+0x11/0xa0 [ 14.348532] ? mempool_double_free_helper+0x184/0x370 [ 14.348558] kasan_report_invalid_free+0x10a/0x130 [ 14.348691] ? mempool_double_free_helper+0x184/0x370 [ 14.348720] ? mempool_double_free_helper+0x184/0x370 [ 14.348745] __kasan_mempool_poison_pages+0x115/0x130 [ 14.348771] mempool_free+0x290/0x380 [ 14.348799] mempool_double_free_helper+0x184/0x370 [ 14.348824] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.348848] ? update_load_avg+0x1be/0x21b0 [ 14.348877] ? finish_task_switch.isra.0+0x153/0x700 [ 14.348904] mempool_page_alloc_double_free+0xe8/0x140 [ 14.348933] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.348964] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.348988] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.349015] ? __pfx_read_tsc+0x10/0x10 [ 14.349037] ? ktime_get_ts64+0x86/0x230 [ 14.349063] kunit_try_run_case+0x1a5/0x480 [ 14.349089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.349113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.349138] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.349163] ? __kthread_parkme+0x82/0x180 [ 14.349185] ? preempt_count_sub+0x50/0x80 [ 14.349209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.349234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.349260] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.349286] kthread+0x337/0x6f0 [ 14.349305] ? trace_preempt_on+0x20/0xc0 [ 14.349330] ? __pfx_kthread+0x10/0x10 [ 14.349351] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.349372] ? calculate_sigpending+0x7b/0xa0 [ 14.349397] ? __pfx_kthread+0x10/0x10 [ 14.349420] ret_from_fork+0x116/0x1d0 [ 14.349439] ? __pfx_kthread+0x10/0x10 [ 14.349475] ret_from_fork_asm+0x1a/0x30 [ 14.349505] </TASK> [ 14.349516] [ 14.359139] The buggy address belongs to the physical page: [ 14.359417] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a64 [ 14.359984] flags: 0x200000000000000(node=0|zone=2) [ 14.360165] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.360732] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.361181] page dumped because: kasan: bad access detected [ 14.361407] [ 14.361491] Memory state around the buggy address: [ 14.361735] ffff888103a63f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.362153] ffff888103a63f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.362476] >ffff888103a64000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.362884] ^ [ 14.363006] ffff888103a64080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.363347] ffff888103a64100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.363691] ================================================================== [ 14.325321] ================================================================== [ 14.326124] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.326443] Free of addr ffff888103a64000 by task kunit_try_catch/255 [ 14.326814] [ 14.326936] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.326984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.326996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.327018] Call Trace: [ 14.327053] <TASK> [ 14.327069] dump_stack_lvl+0x73/0xb0 [ 14.327102] print_report+0xd1/0x610 [ 14.327127] ? __virt_addr_valid+0x1db/0x2d0 [ 14.327153] ? kasan_addr_to_slab+0x11/0xa0 [ 14.327175] ? mempool_double_free_helper+0x184/0x370 [ 14.327202] kasan_report_invalid_free+0x10a/0x130 [ 14.327250] ? mempool_double_free_helper+0x184/0x370 [ 14.327279] ? mempool_double_free_helper+0x184/0x370 [ 14.327304] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 14.327330] mempool_free+0x2ec/0x380 [ 14.327358] mempool_double_free_helper+0x184/0x370 [ 14.327384] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.327422] ? __kasan_check_write+0x18/0x20 [ 14.327473] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.327498] ? finish_task_switch.isra.0+0x153/0x700 [ 14.327526] mempool_kmalloc_large_double_free+0xed/0x140 [ 14.327553] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.327636] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.327660] ? __pfx_mempool_kfree+0x10/0x10 [ 14.327686] ? __pfx_read_tsc+0x10/0x10 [ 14.327729] ? ktime_get_ts64+0x86/0x230 [ 14.327755] kunit_try_run_case+0x1a5/0x480 [ 14.327783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.327807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.327833] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.327858] ? __kthread_parkme+0x82/0x180 [ 14.327881] ? preempt_count_sub+0x50/0x80 [ 14.327906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.327931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.327956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.327982] kthread+0x337/0x6f0 [ 14.328003] ? trace_preempt_on+0x20/0xc0 [ 14.328027] ? __pfx_kthread+0x10/0x10 [ 14.328047] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.328070] ? calculate_sigpending+0x7b/0xa0 [ 14.328095] ? __pfx_kthread+0x10/0x10 [ 14.328117] ret_from_fork+0x116/0x1d0 [ 14.328136] ? __pfx_kthread+0x10/0x10 [ 14.328157] ret_from_fork_asm+0x1a/0x30 [ 14.328189] </TASK> [ 14.328199] [ 14.337130] The buggy address belongs to the physical page: [ 14.337438] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a64 [ 14.337840] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.338135] flags: 0x200000000000040(head|node=0|zone=2) [ 14.338393] page_type: f8(unknown) [ 14.338551] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.338899] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.339266] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.339842] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.340081] head: 0200000000000002 ffffea00040e9901 00000000ffffffff 00000000ffffffff [ 14.340372] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.340874] page dumped because: kasan: bad access detected [ 14.341051] [ 14.341144] Memory state around the buggy address: [ 14.341369] ffff888103a63f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.341834] ffff888103a63f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.342076] >ffff888103a64000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.342415] ^ [ 14.342629] ffff888103a64080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.342999] ffff888103a64100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.343305] ================================================================== [ 14.293904] ================================================================== [ 14.295087] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.295344] Free of addr ffff8881026ce500 by task kunit_try_catch/253 [ 14.296585] [ 14.297019] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.297072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.297085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.297117] Call Trace: [ 14.297129] <TASK> [ 14.297146] dump_stack_lvl+0x73/0xb0 [ 14.297178] print_report+0xd1/0x610 [ 14.297202] ? __virt_addr_valid+0x1db/0x2d0 [ 14.297228] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.297252] ? mempool_double_free_helper+0x184/0x370 [ 14.297277] kasan_report_invalid_free+0x10a/0x130 [ 14.297302] ? mempool_double_free_helper+0x184/0x370 [ 14.297330] ? mempool_double_free_helper+0x184/0x370 [ 14.297353] ? mempool_double_free_helper+0x184/0x370 [ 14.297377] check_slab_allocation+0x101/0x130 [ 14.297400] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.297702] mempool_free+0x2ec/0x380 [ 14.297737] mempool_double_free_helper+0x184/0x370 [ 14.297763] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.297790] ? update_curr+0x5c1/0x810 [ 14.297820] mempool_kmalloc_double_free+0xed/0x140 [ 14.297845] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.297871] ? schedule+0x7c/0x2e0 [ 14.297894] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.297917] ? __pfx_mempool_kfree+0x10/0x10 [ 14.297943] ? __pfx_read_tsc+0x10/0x10 [ 14.297965] ? ktime_get_ts64+0x86/0x230 [ 14.297987] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.298014] kunit_try_run_case+0x1a5/0x480 [ 14.298041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.298067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.298092] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 14.298115] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 14.298142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.298166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.298191] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.298217] kthread+0x337/0x6f0 [ 14.298237] ? trace_preempt_on+0x20/0xc0 [ 14.298261] ? __pfx_kthread+0x10/0x10 [ 14.298282] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.298304] ? calculate_sigpending+0x7b/0xa0 [ 14.298329] ? __pfx_kthread+0x10/0x10 [ 14.298351] ret_from_fork+0x116/0x1d0 [ 14.298369] ? __pfx_kthread+0x10/0x10 [ 14.298390] ret_from_fork_asm+0x1a/0x30 [ 14.298421] </TASK> [ 14.298432] [ 14.309148] Allocated by task 253: [ 14.309355] kasan_save_stack+0x45/0x70 [ 14.309678] kasan_save_track+0x18/0x40 [ 14.309904] kasan_save_alloc_info+0x3b/0x50 [ 14.310142] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.310410] remove_element+0x11e/0x190 [ 14.310889] mempool_alloc_preallocated+0x4d/0x90 [ 14.311080] mempool_double_free_helper+0x8a/0x370 [ 14.311380] mempool_kmalloc_double_free+0xed/0x140 [ 14.311696] kunit_try_run_case+0x1a5/0x480 [ 14.312081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.312340] kthread+0x337/0x6f0 [ 14.312543] ret_from_fork+0x116/0x1d0 [ 14.312785] ret_from_fork_asm+0x1a/0x30 [ 14.313024] [ 14.313146] Freed by task 253: [ 14.313314] kasan_save_stack+0x45/0x70 [ 14.313641] kasan_save_track+0x18/0x40 [ 14.313853] kasan_save_free_info+0x3f/0x60 [ 14.314004] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.314251] mempool_free+0x2ec/0x380 [ 14.314511] mempool_double_free_helper+0x109/0x370 [ 14.314819] mempool_kmalloc_double_free+0xed/0x140 [ 14.314989] kunit_try_run_case+0x1a5/0x480 [ 14.315196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.315475] kthread+0x337/0x6f0 [ 14.315646] ret_from_fork+0x116/0x1d0 [ 14.315830] ret_from_fork_asm+0x1a/0x30 [ 14.316035] [ 14.316133] The buggy address belongs to the object at ffff8881026ce500 [ 14.316133] which belongs to the cache kmalloc-128 of size 128 [ 14.316900] The buggy address is located 0 bytes inside of [ 14.316900] 128-byte region [ffff8881026ce500, ffff8881026ce580) [ 14.317435] [ 14.317598] The buggy address belongs to the physical page: [ 14.317867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ce [ 14.318251] flags: 0x200000000000000(node=0|zone=2) [ 14.318480] page_type: f5(slab) [ 14.318672] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.319003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.319458] page dumped because: kasan: bad access detected [ 14.319842] [ 14.319941] Memory state around the buggy address: [ 14.320164] ffff8881026ce400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.320510] ffff8881026ce480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.321010] >ffff8881026ce500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.321347] ^ [ 14.321650] ffff8881026ce580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.321981] ffff8881026ce600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.322307] ==================================================================
[ 14.557436] ================================================================== [ 14.558163] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.558526] Free of addr ffff888102cc0000 by task kunit_try_catch/257 [ 14.558817] [ 14.558986] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.559034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.559047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.559091] Call Trace: [ 14.559103] <TASK> [ 14.559118] dump_stack_lvl+0x73/0xb0 [ 14.559163] print_report+0xd1/0x610 [ 14.559186] ? __virt_addr_valid+0x1db/0x2d0 [ 14.559212] ? kasan_addr_to_slab+0x11/0xa0 [ 14.559241] ? mempool_double_free_helper+0x184/0x370 [ 14.559268] kasan_report_invalid_free+0x10a/0x130 [ 14.559294] ? mempool_double_free_helper+0x184/0x370 [ 14.559323] ? mempool_double_free_helper+0x184/0x370 [ 14.559357] __kasan_mempool_poison_pages+0x115/0x130 [ 14.559384] mempool_free+0x290/0x380 [ 14.559412] mempool_double_free_helper+0x184/0x370 [ 14.559450] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.559490] ? finish_task_switch.isra.0+0x153/0x700 [ 14.559517] mempool_page_alloc_double_free+0xe8/0x140 [ 14.559555] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.559585] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.559611] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.559639] ? __pfx_read_tsc+0x10/0x10 [ 14.559671] ? ktime_get_ts64+0x86/0x230 [ 14.559697] kunit_try_run_case+0x1a5/0x480 [ 14.559724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.559748] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.559774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.559800] ? __kthread_parkme+0x82/0x180 [ 14.559821] ? preempt_count_sub+0x50/0x80 [ 14.559847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.559873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.559900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.559925] kthread+0x337/0x6f0 [ 14.559945] ? trace_preempt_on+0x20/0xc0 [ 14.559969] ? __pfx_kthread+0x10/0x10 [ 14.559991] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.560012] ? calculate_sigpending+0x7b/0xa0 [ 14.560038] ? __pfx_kthread+0x10/0x10 [ 14.560070] ret_from_fork+0x116/0x1d0 [ 14.560090] ? __pfx_kthread+0x10/0x10 [ 14.560110] ret_from_fork_asm+0x1a/0x30 [ 14.560189] </TASK> [ 14.560199] [ 14.569395] The buggy address belongs to the physical page: [ 14.569659] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cc0 [ 14.570007] flags: 0x200000000000000(node=0|zone=2) [ 14.570484] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.570903] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.571175] page dumped because: kasan: bad access detected [ 14.571351] [ 14.571423] Memory state around the buggy address: [ 14.571646] ffff888102cbff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.571969] ffff888102cbff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.572295] >ffff888102cc0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.572507] ^ [ 14.572624] ffff888102cc0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.573352] ffff888102cc0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.573696] ================================================================== [ 14.505120] ================================================================== [ 14.505608] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.506111] Free of addr ffff888102594d00 by task kunit_try_catch/253 [ 14.506395] [ 14.506593] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.506638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.506651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.506672] Call Trace: [ 14.506684] <TASK> [ 14.506699] dump_stack_lvl+0x73/0xb0 [ 14.506737] print_report+0xd1/0x610 [ 14.506760] ? __virt_addr_valid+0x1db/0x2d0 [ 14.506787] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.506810] ? mempool_double_free_helper+0x184/0x370 [ 14.506837] kasan_report_invalid_free+0x10a/0x130 [ 14.506863] ? mempool_double_free_helper+0x184/0x370 [ 14.506891] ? mempool_double_free_helper+0x184/0x370 [ 14.506915] ? mempool_double_free_helper+0x184/0x370 [ 14.506940] check_slab_allocation+0x101/0x130 [ 14.507015] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.507068] mempool_free+0x2ec/0x380 [ 14.507097] mempool_double_free_helper+0x184/0x370 [ 14.507123] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.507150] ? __kasan_check_write+0x18/0x20 [ 14.507170] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.507192] ? finish_task_switch.isra.0+0x153/0x700 [ 14.507231] mempool_kmalloc_double_free+0xed/0x140 [ 14.507256] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.507285] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.507308] ? __pfx_mempool_kfree+0x10/0x10 [ 14.507335] ? __pfx_read_tsc+0x10/0x10 [ 14.507357] ? ktime_get_ts64+0x86/0x230 [ 14.507382] kunit_try_run_case+0x1a5/0x480 [ 14.507407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.507431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.507457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.507482] ? __kthread_parkme+0x82/0x180 [ 14.507504] ? preempt_count_sub+0x50/0x80 [ 14.507528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.507552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.507578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.507605] kthread+0x337/0x6f0 [ 14.507624] ? trace_preempt_on+0x20/0xc0 [ 14.507686] ? __pfx_kthread+0x10/0x10 [ 14.507708] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.507731] ? calculate_sigpending+0x7b/0xa0 [ 14.507757] ? __pfx_kthread+0x10/0x10 [ 14.507780] ret_from_fork+0x116/0x1d0 [ 14.507800] ? __pfx_kthread+0x10/0x10 [ 14.507821] ret_from_fork_asm+0x1a/0x30 [ 14.507854] </TASK> [ 14.507865] [ 14.517489] Allocated by task 253: [ 14.517687] kasan_save_stack+0x45/0x70 [ 14.517950] kasan_save_track+0x18/0x40 [ 14.518167] kasan_save_alloc_info+0x3b/0x50 [ 14.518346] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.518521] remove_element+0x11e/0x190 [ 14.518662] mempool_alloc_preallocated+0x4d/0x90 [ 14.518826] mempool_double_free_helper+0x8a/0x370 [ 14.519070] mempool_kmalloc_double_free+0xed/0x140 [ 14.519409] kunit_try_run_case+0x1a5/0x480 [ 14.519624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.519914] kthread+0x337/0x6f0 [ 14.520036] ret_from_fork+0x116/0x1d0 [ 14.520350] ret_from_fork_asm+0x1a/0x30 [ 14.520554] [ 14.520737] Freed by task 253: [ 14.520952] kasan_save_stack+0x45/0x70 [ 14.521194] kasan_save_track+0x18/0x40 [ 14.521344] kasan_save_free_info+0x3f/0x60 [ 14.521491] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.521693] mempool_free+0x2ec/0x380 [ 14.521920] mempool_double_free_helper+0x109/0x370 [ 14.522256] mempool_kmalloc_double_free+0xed/0x140 [ 14.522495] kunit_try_run_case+0x1a5/0x480 [ 14.522795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.522979] kthread+0x337/0x6f0 [ 14.523113] ret_from_fork+0x116/0x1d0 [ 14.523310] ret_from_fork_asm+0x1a/0x30 [ 14.523514] [ 14.523625] The buggy address belongs to the object at ffff888102594d00 [ 14.523625] which belongs to the cache kmalloc-128 of size 128 [ 14.524306] The buggy address is located 0 bytes inside of [ 14.524306] 128-byte region [ffff888102594d00, ffff888102594d80) [ 14.524671] [ 14.524769] The buggy address belongs to the physical page: [ 14.525078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102594 [ 14.525574] flags: 0x200000000000000(node=0|zone=2) [ 14.525952] page_type: f5(slab) [ 14.526085] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.526519] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.526871] page dumped because: kasan: bad access detected [ 14.527122] [ 14.527232] Memory state around the buggy address: [ 14.527471] ffff888102594c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.527788] ffff888102594c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.528168] >ffff888102594d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.528489] ^ [ 14.528612] ffff888102594d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.528829] ffff888102594e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.529074] ================================================================== [ 14.533522] ================================================================== [ 14.534297] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.534637] Free of addr ffff888103bc0000 by task kunit_try_catch/255 [ 14.534896] [ 14.535162] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.535222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.535236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.535258] Call Trace: [ 14.535271] <TASK> [ 14.535298] dump_stack_lvl+0x73/0xb0 [ 14.535330] print_report+0xd1/0x610 [ 14.535354] ? __virt_addr_valid+0x1db/0x2d0 [ 14.535379] ? kasan_addr_to_slab+0x11/0xa0 [ 14.535410] ? mempool_double_free_helper+0x184/0x370 [ 14.535436] kasan_report_invalid_free+0x10a/0x130 [ 14.535473] ? mempool_double_free_helper+0x184/0x370 [ 14.535502] ? mempool_double_free_helper+0x184/0x370 [ 14.535526] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 14.535555] mempool_free+0x2ec/0x380 [ 14.535585] mempool_double_free_helper+0x184/0x370 [ 14.535612] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.535637] ? update_load_avg+0x1be/0x21b0 [ 14.535723] ? finish_task_switch.isra.0+0x153/0x700 [ 14.535751] mempool_kmalloc_large_double_free+0xed/0x140 [ 14.535778] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.535808] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.535845] ? __pfx_mempool_kfree+0x10/0x10 [ 14.535871] ? __pfx_read_tsc+0x10/0x10 [ 14.535893] ? ktime_get_ts64+0x86/0x230 [ 14.535930] kunit_try_run_case+0x1a5/0x480 [ 14.535957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.535981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.536007] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.536032] ? __kthread_parkme+0x82/0x180 [ 14.536062] ? preempt_count_sub+0x50/0x80 [ 14.536086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.536112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.536147] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.536173] kthread+0x337/0x6f0 [ 14.536192] ? trace_preempt_on+0x20/0xc0 [ 14.536216] ? __pfx_kthread+0x10/0x10 [ 14.536238] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.536261] ? calculate_sigpending+0x7b/0xa0 [ 14.536286] ? __pfx_kthread+0x10/0x10 [ 14.536308] ret_from_fork+0x116/0x1d0 [ 14.536327] ? __pfx_kthread+0x10/0x10 [ 14.536348] ret_from_fork_asm+0x1a/0x30 [ 14.536380] </TASK> [ 14.536389] [ 14.545968] The buggy address belongs to the physical page: [ 14.546297] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bc0 [ 14.546720] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.547064] flags: 0x200000000000040(head|node=0|zone=2) [ 14.547347] page_type: f8(unknown) [ 14.547560] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.547930] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.548221] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.548474] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.549067] head: 0200000000000002 ffffea00040ef001 00000000ffffffff 00000000ffffffff [ 14.549377] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.549604] page dumped because: kasan: bad access detected [ 14.550186] [ 14.550307] Memory state around the buggy address: [ 14.550507] ffff888103bbff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.550942] ffff888103bbff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.551287] >ffff888103bc0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.551611] ^ [ 14.551857] ffff888103bc0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.552226] ffff888103bc0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.552445] ==================================================================