Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.668932] ================================================================== [ 18.669139] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.669343] Free of addr fff00000c7994000 by task kunit_try_catch/237 [ 18.669668] [ 18.669726] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.669925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.670057] Hardware name: linux,dummy-virt (DT) [ 18.670162] Call trace: [ 18.670212] show_stack+0x20/0x38 (C) [ 18.670267] dump_stack_lvl+0x8c/0xd0 [ 18.670716] print_report+0x118/0x5d0 [ 18.670971] kasan_report_invalid_free+0xc0/0xe8 [ 18.671092] __kasan_mempool_poison_object+0x14c/0x150 [ 18.671264] mempool_free+0x28c/0x328 [ 18.671312] mempool_double_free_helper+0x150/0x2e8 [ 18.671629] mempool_kmalloc_large_double_free+0xc0/0x118 [ 18.671849] kunit_try_run_case+0x170/0x3f0 [ 18.672065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.672515] kthread+0x328/0x630 [ 18.672596] ret_from_fork+0x10/0x20 [ 18.672780] [ 18.672814] The buggy address belongs to the physical page: [ 18.672921] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107994 [ 18.672991] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.673048] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.673115] page_type: f8(unknown) [ 18.673156] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.673224] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.673289] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.673339] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.673397] head: 0bfffe0000000002 ffffc1ffc31e6501 00000000ffffffff 00000000ffffffff [ 18.673446] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.673496] page dumped because: kasan: bad access detected [ 18.673527] [ 18.673546] Memory state around the buggy address: [ 18.673594] fff00000c7993f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.673641] fff00000c7993f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.673694] >fff00000c7994000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.673747] ^ [ 18.673774] fff00000c7994080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.674192] fff00000c7994100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.674394] ================================================================== [ 18.648594] ================================================================== [ 18.648652] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.648716] Free of addr fff00000c780a100 by task kunit_try_catch/235 [ 18.648759] [ 18.648840] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.648936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.648970] Hardware name: linux,dummy-virt (DT) [ 18.649003] Call trace: [ 18.649035] show_stack+0x20/0x38 (C) [ 18.649086] dump_stack_lvl+0x8c/0xd0 [ 18.649144] print_report+0x118/0x5d0 [ 18.649191] kasan_report_invalid_free+0xc0/0xe8 [ 18.649250] check_slab_allocation+0xd4/0x108 [ 18.649301] __kasan_mempool_poison_object+0x78/0x150 [ 18.649353] mempool_free+0x28c/0x328 [ 18.649398] mempool_double_free_helper+0x150/0x2e8 [ 18.649448] mempool_kmalloc_double_free+0xc0/0x118 [ 18.649514] kunit_try_run_case+0x170/0x3f0 [ 18.649563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.649625] kthread+0x328/0x630 [ 18.649668] ret_from_fork+0x10/0x20 [ 18.649717] [ 18.649735] Allocated by task 235: [ 18.649765] kasan_save_stack+0x3c/0x68 [ 18.650041] kasan_save_track+0x20/0x40 [ 18.650283] kasan_save_alloc_info+0x40/0x58 [ 18.650859] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.651221] remove_element+0x130/0x1f8 [ 18.651797] mempool_alloc_preallocated+0x58/0xc0 [ 18.652160] mempool_double_free_helper+0x94/0x2e8 [ 18.652334] mempool_kmalloc_double_free+0xc0/0x118 [ 18.652401] kunit_try_run_case+0x170/0x3f0 [ 18.652441] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.652793] kthread+0x328/0x630 [ 18.652876] ret_from_fork+0x10/0x20 [ 18.653379] [ 18.653527] Freed by task 235: [ 18.653559] kasan_save_stack+0x3c/0x68 [ 18.653954] kasan_save_track+0x20/0x40 [ 18.654049] kasan_save_free_info+0x4c/0x78 [ 18.654220] __kasan_mempool_poison_object+0xc0/0x150 [ 18.654432] mempool_free+0x28c/0x328 [ 18.654577] mempool_double_free_helper+0x100/0x2e8 [ 18.654764] mempool_kmalloc_double_free+0xc0/0x118 [ 18.655206] kunit_try_run_case+0x170/0x3f0 [ 18.655281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.655356] kthread+0x328/0x630 [ 18.655471] ret_from_fork+0x10/0x20 [ 18.655510] [ 18.655578] The buggy address belongs to the object at fff00000c780a100 [ 18.655578] which belongs to the cache kmalloc-128 of size 128 [ 18.655936] The buggy address is located 0 bytes inside of [ 18.655936] 128-byte region [fff00000c780a100, fff00000c780a180) [ 18.656227] [ 18.656384] The buggy address belongs to the physical page: [ 18.656437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 18.656628] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.657078] page_type: f5(slab) [ 18.657179] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.657239] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.657581] page dumped because: kasan: bad access detected [ 18.657634] [ 18.657825] Memory state around the buggy address: [ 18.657978] fff00000c780a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.658027] fff00000c780a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.658071] >fff00000c780a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.658379] ^ [ 18.658770] fff00000c780a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.658852] fff00000c780a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.659057] ================================================================== [ 18.684455] ================================================================== [ 18.684515] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.684592] Free of addr fff00000c7994000 by task kunit_try_catch/239 [ 18.684636] [ 18.684676] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.684760] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.684786] Hardware name: linux,dummy-virt (DT) [ 18.684823] Call trace: [ 18.684855] show_stack+0x20/0x38 (C) [ 18.684917] dump_stack_lvl+0x8c/0xd0 [ 18.684966] print_report+0x118/0x5d0 [ 18.685019] kasan_report_invalid_free+0xc0/0xe8 [ 18.685071] __kasan_mempool_poison_pages+0xe0/0xe8 [ 18.685122] mempool_free+0x24c/0x328 [ 18.685167] mempool_double_free_helper+0x150/0x2e8 [ 18.685217] mempool_page_alloc_double_free+0xbc/0x118 [ 18.685268] kunit_try_run_case+0x170/0x3f0 [ 18.685325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.685379] kthread+0x328/0x630 [ 18.685422] ret_from_fork+0x10/0x20 [ 18.685470] [ 18.685492] The buggy address belongs to the physical page: [ 18.685524] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107994 [ 18.685585] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.685648] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 18.685699] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 18.685741] page dumped because: kasan: bad access detected [ 18.685773] [ 18.686047] Memory state around the buggy address: [ 18.686084] fff00000c7993f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.686130] fff00000c7993f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.686662] >fff00000c7994000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.686747] ^ [ 18.687239] fff00000c7994080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.687665] fff00000c7994100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.687857] ==================================================================
[ 18.830039] ================================================================== [ 18.830103] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.830162] Free of addr fff00000c79e8000 by task kunit_try_catch/239 [ 18.830215] [ 18.830279] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.830576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.830849] Hardware name: linux,dummy-virt (DT) [ 18.830905] Call trace: [ 18.830928] show_stack+0x20/0x38 (C) [ 18.830979] dump_stack_lvl+0x8c/0xd0 [ 18.831028] print_report+0x118/0x5d0 [ 18.831075] kasan_report_invalid_free+0xc0/0xe8 [ 18.831318] __kasan_mempool_poison_pages+0xe0/0xe8 [ 18.831382] mempool_free+0x24c/0x328 [ 18.831564] mempool_double_free_helper+0x150/0x2e8 [ 18.831631] mempool_page_alloc_double_free+0xbc/0x118 [ 18.831683] kunit_try_run_case+0x170/0x3f0 [ 18.831732] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.831787] kthread+0x328/0x630 [ 18.831829] ret_from_fork+0x10/0x20 [ 18.832184] [ 18.832274] The buggy address belongs to the physical page: [ 18.832310] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079e8 [ 18.832569] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.832886] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 18.833016] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 18.833058] page dumped because: kasan: bad access detected [ 18.833090] [ 18.833108] Memory state around the buggy address: [ 18.833291] fff00000c79e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.833488] fff00000c79e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.833534] >fff00000c79e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.833572] ^ [ 18.833636] fff00000c79e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.833680] fff00000c79e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.833719] ================================================================== [ 18.815466] ================================================================== [ 18.815529] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.815582] Free of addr fff00000c79e8000 by task kunit_try_catch/237 [ 18.815638] [ 18.815669] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.815751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.815778] Hardware name: linux,dummy-virt (DT) [ 18.815809] Call trace: [ 18.815834] show_stack+0x20/0x38 (C) [ 18.815884] dump_stack_lvl+0x8c/0xd0 [ 18.815931] print_report+0x118/0x5d0 [ 18.815978] kasan_report_invalid_free+0xc0/0xe8 [ 18.816029] __kasan_mempool_poison_object+0x14c/0x150 [ 18.816081] mempool_free+0x28c/0x328 [ 18.816126] mempool_double_free_helper+0x150/0x2e8 [ 18.816176] mempool_kmalloc_large_double_free+0xc0/0x118 [ 18.816261] kunit_try_run_case+0x170/0x3f0 [ 18.816315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.816368] kthread+0x328/0x630 [ 18.816411] ret_from_fork+0x10/0x20 [ 18.816651] [ 18.816674] The buggy address belongs to the physical page: [ 18.816708] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079e8 [ 18.816763] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.816813] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.817001] page_type: f8(unknown) [ 18.817351] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.817403] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.817454] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.817504] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.817554] head: 0bfffe0000000002 ffffc1ffc31e7a01 00000000ffffffff 00000000ffffffff [ 18.817603] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.817655] page dumped because: kasan: bad access detected [ 18.817685] [ 18.817702] Memory state around the buggy address: [ 18.817735] fff00000c79e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.817780] fff00000c79e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.817824] >fff00000c79e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.817863] ^ [ 18.818515] fff00000c79e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.818787] fff00000c79e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.818895] ================================================================== [ 18.801079] ================================================================== [ 18.801753] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.801904] Free of addr fff00000c5b4c900 by task kunit_try_catch/235 [ 18.801965] [ 18.802004] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.802089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.802117] Hardware name: linux,dummy-virt (DT) [ 18.802476] Call trace: [ 18.802503] show_stack+0x20/0x38 (C) [ 18.802555] dump_stack_lvl+0x8c/0xd0 [ 18.802607] print_report+0x118/0x5d0 [ 18.802665] kasan_report_invalid_free+0xc0/0xe8 [ 18.802718] check_slab_allocation+0xd4/0x108 [ 18.802768] __kasan_mempool_poison_object+0x78/0x150 [ 18.802818] mempool_free+0x28c/0x328 [ 18.802865] mempool_double_free_helper+0x150/0x2e8 [ 18.802926] mempool_kmalloc_double_free+0xc0/0x118 [ 18.802974] kunit_try_run_case+0x170/0x3f0 [ 18.803025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.803088] kthread+0x328/0x630 [ 18.803304] ret_from_fork+0x10/0x20 [ 18.803357] [ 18.803375] Allocated by task 235: [ 18.803405] kasan_save_stack+0x3c/0x68 [ 18.803673] kasan_save_track+0x20/0x40 [ 18.803788] kasan_save_alloc_info+0x40/0x58 [ 18.803829] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.803873] remove_element+0x130/0x1f8 [ 18.803907] mempool_alloc_preallocated+0x58/0xc0 [ 18.803946] mempool_double_free_helper+0x94/0x2e8 [ 18.804300] mempool_kmalloc_double_free+0xc0/0x118 [ 18.804374] kunit_try_run_case+0x170/0x3f0 [ 18.804415] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.804459] kthread+0x328/0x630 [ 18.804492] ret_from_fork+0x10/0x20 [ 18.804586] [ 18.804647] Freed by task 235: [ 18.804675] kasan_save_stack+0x3c/0x68 [ 18.804759] kasan_save_track+0x20/0x40 [ 18.804931] kasan_save_free_info+0x4c/0x78 [ 18.804971] __kasan_mempool_poison_object+0xc0/0x150 [ 18.805013] mempool_free+0x28c/0x328 [ 18.805048] mempool_double_free_helper+0x100/0x2e8 [ 18.805087] mempool_kmalloc_double_free+0xc0/0x118 [ 18.805127] kunit_try_run_case+0x170/0x3f0 [ 18.805288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.805338] kthread+0x328/0x630 [ 18.805371] ret_from_fork+0x10/0x20 [ 18.805481] [ 18.805505] The buggy address belongs to the object at fff00000c5b4c900 [ 18.805505] which belongs to the cache kmalloc-128 of size 128 [ 18.805594] The buggy address is located 0 bytes inside of [ 18.805594] 128-byte region [fff00000c5b4c900, fff00000c5b4c980) [ 18.805709] [ 18.805736] The buggy address belongs to the physical page: [ 18.805825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4c [ 18.805880] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.805948] page_type: f5(slab) [ 18.806077] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.806209] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.806256] page dumped because: kasan: bad access detected [ 18.806287] [ 18.806304] Memory state around the buggy address: [ 18.806337] fff00000c5b4c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.806381] fff00000c5b4c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.806425] >fff00000c5b4c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.806464] ^ [ 18.806727] fff00000c5b4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.806818] fff00000c5b4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.806940] ==================================================================
[ 14.362762] ================================================================== [ 14.363486] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.364384] Free of addr ffff8881038b4000 by task kunit_try_catch/255 [ 14.364871] [ 14.364998] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.365049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.365062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.365085] Call Trace: [ 14.365099] <TASK> [ 14.365117] dump_stack_lvl+0x73/0xb0 [ 14.365150] print_report+0xd1/0x610 [ 14.365344] ? __virt_addr_valid+0x1db/0x2d0 [ 14.365373] ? kasan_addr_to_slab+0x11/0xa0 [ 14.365408] ? mempool_double_free_helper+0x184/0x370 [ 14.365433] kasan_report_invalid_free+0x10a/0x130 [ 14.365458] ? mempool_double_free_helper+0x184/0x370 [ 14.365519] ? mempool_double_free_helper+0x184/0x370 [ 14.365542] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 14.365567] mempool_free+0x2ec/0x380 [ 14.365612] mempool_double_free_helper+0x184/0x370 [ 14.365638] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.365663] ? __kasan_check_write+0x18/0x20 [ 14.365683] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.365706] ? finish_task_switch.isra.0+0x153/0x700 [ 14.365733] mempool_kmalloc_large_double_free+0xed/0x140 [ 14.365757] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.365785] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.365807] ? __pfx_mempool_kfree+0x10/0x10 [ 14.365833] ? __pfx_read_tsc+0x10/0x10 [ 14.365854] ? ktime_get_ts64+0x86/0x230 [ 14.365880] kunit_try_run_case+0x1a5/0x480 [ 14.365906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.365929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.365953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.365977] ? __kthread_parkme+0x82/0x180 [ 14.365997] ? preempt_count_sub+0x50/0x80 [ 14.366021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.366045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.366068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.366092] kthread+0x337/0x6f0 [ 14.366112] ? trace_preempt_on+0x20/0xc0 [ 14.366136] ? __pfx_kthread+0x10/0x10 [ 14.366156] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.366178] ? calculate_sigpending+0x7b/0xa0 [ 14.366203] ? __pfx_kthread+0x10/0x10 [ 14.366224] ret_from_fork+0x116/0x1d0 [ 14.366243] ? __pfx_kthread+0x10/0x10 [ 14.366263] ret_from_fork_asm+0x1a/0x30 [ 14.366296] </TASK> [ 14.366306] [ 14.380789] The buggy address belongs to the physical page: [ 14.381329] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038b4 [ 14.381811] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.382531] flags: 0x200000000000040(head|node=0|zone=2) [ 14.382829] page_type: f8(unknown) [ 14.383006] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.383311] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.384015] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.384557] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.385200] head: 0200000000000002 ffffea00040e2d01 00000000ffffffff 00000000ffffffff [ 14.385884] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.386404] page dumped because: kasan: bad access detected [ 14.386938] [ 14.387186] Memory state around the buggy address: [ 14.387625] ffff8881038b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.388331] ffff8881038b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.388861] >ffff8881038b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.389474] ^ [ 14.389802] ffff8881038b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.390325] ffff8881038b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.390792] ================================================================== [ 14.318586] ================================================================== [ 14.319818] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.320562] Free of addr ffff888101bc1900 by task kunit_try_catch/253 [ 14.321237] [ 14.321337] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.321384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.321411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.321434] Call Trace: [ 14.321447] <TASK> [ 14.321464] dump_stack_lvl+0x73/0xb0 [ 14.321495] print_report+0xd1/0x610 [ 14.321517] ? __virt_addr_valid+0x1db/0x2d0 [ 14.321544] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.321566] ? mempool_double_free_helper+0x184/0x370 [ 14.321602] kasan_report_invalid_free+0x10a/0x130 [ 14.321627] ? mempool_double_free_helper+0x184/0x370 [ 14.321653] ? mempool_double_free_helper+0x184/0x370 [ 14.321676] ? mempool_double_free_helper+0x184/0x370 [ 14.321722] check_slab_allocation+0x101/0x130 [ 14.321769] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.321794] mempool_free+0x2ec/0x380 [ 14.321823] mempool_double_free_helper+0x184/0x370 [ 14.321860] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.321889] ? finish_task_switch.isra.0+0x153/0x700 [ 14.321928] mempool_kmalloc_double_free+0xed/0x140 [ 14.321953] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.321981] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.322004] ? __pfx_mempool_kfree+0x10/0x10 [ 14.322030] ? __pfx_read_tsc+0x10/0x10 [ 14.322052] ? ktime_get_ts64+0x86/0x230 [ 14.322077] kunit_try_run_case+0x1a5/0x480 [ 14.322104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.322126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.322151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.322175] ? __kthread_parkme+0x82/0x180 [ 14.322196] ? preempt_count_sub+0x50/0x80 [ 14.322221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.322245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.322269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.322292] kthread+0x337/0x6f0 [ 14.322312] ? trace_preempt_on+0x20/0xc0 [ 14.322336] ? __pfx_kthread+0x10/0x10 [ 14.322356] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.322378] ? calculate_sigpending+0x7b/0xa0 [ 14.322412] ? __pfx_kthread+0x10/0x10 [ 14.322434] ret_from_fork+0x116/0x1d0 [ 14.322454] ? __pfx_kthread+0x10/0x10 [ 14.322475] ret_from_fork_asm+0x1a/0x30 [ 14.322507] </TASK> [ 14.322518] [ 14.338866] Allocated by task 253: [ 14.339012] kasan_save_stack+0x45/0x70 [ 14.339520] kasan_save_track+0x18/0x40 [ 14.340002] kasan_save_alloc_info+0x3b/0x50 [ 14.340578] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.340940] remove_element+0x11e/0x190 [ 14.341306] mempool_alloc_preallocated+0x4d/0x90 [ 14.341790] mempool_double_free_helper+0x8a/0x370 [ 14.341955] mempool_kmalloc_double_free+0xed/0x140 [ 14.342501] kunit_try_run_case+0x1a5/0x480 [ 14.342945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.343501] kthread+0x337/0x6f0 [ 14.343849] ret_from_fork+0x116/0x1d0 [ 14.343988] ret_from_fork_asm+0x1a/0x30 [ 14.344365] [ 14.344580] Freed by task 253: [ 14.344977] kasan_save_stack+0x45/0x70 [ 14.345388] kasan_save_track+0x18/0x40 [ 14.345717] kasan_save_free_info+0x3f/0x60 [ 14.345873] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.346213] mempool_free+0x2ec/0x380 [ 14.346626] mempool_double_free_helper+0x109/0x370 [ 14.347156] mempool_kmalloc_double_free+0xed/0x140 [ 14.347633] kunit_try_run_case+0x1a5/0x480 [ 14.348011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.348187] kthread+0x337/0x6f0 [ 14.348306] ret_from_fork+0x116/0x1d0 [ 14.348461] ret_from_fork_asm+0x1a/0x30 [ 14.348915] [ 14.349080] The buggy address belongs to the object at ffff888101bc1900 [ 14.349080] which belongs to the cache kmalloc-128 of size 128 [ 14.350456] The buggy address is located 0 bytes inside of [ 14.350456] 128-byte region [ffff888101bc1900, ffff888101bc1980) [ 14.351278] [ 14.351510] The buggy address belongs to the physical page: [ 14.352143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 14.352880] flags: 0x200000000000000(node=0|zone=2) [ 14.353316] page_type: f5(slab) [ 14.353470] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.353985] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.354791] page dumped because: kasan: bad access detected [ 14.355414] [ 14.355574] Memory state around the buggy address: [ 14.355928] ffff888101bc1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.356466] ffff888101bc1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.357140] >ffff888101bc1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.357795] ^ [ 14.358143] ffff888101bc1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.358515] ffff888101bc1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.359199] ================================================================== [ 14.394558] ================================================================== [ 14.395004] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.395908] Free of addr ffff888103920000 by task kunit_try_catch/257 [ 14.396897] [ 14.397089] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.397139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.397152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.397175] Call Trace: [ 14.397190] <TASK> [ 14.397208] dump_stack_lvl+0x73/0xb0 [ 14.397243] print_report+0xd1/0x610 [ 14.397266] ? __virt_addr_valid+0x1db/0x2d0 [ 14.397293] ? kasan_addr_to_slab+0x11/0xa0 [ 14.397313] ? mempool_double_free_helper+0x184/0x370 [ 14.397338] kasan_report_invalid_free+0x10a/0x130 [ 14.397363] ? mempool_double_free_helper+0x184/0x370 [ 14.397391] ? mempool_double_free_helper+0x184/0x370 [ 14.397429] __kasan_mempool_poison_pages+0x115/0x130 [ 14.397496] mempool_free+0x290/0x380 [ 14.397527] mempool_double_free_helper+0x184/0x370 [ 14.397558] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.397583] ? __kasan_check_write+0x18/0x20 [ 14.397603] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.397627] ? finish_task_switch.isra.0+0x153/0x700 [ 14.397653] mempool_page_alloc_double_free+0xe8/0x140 [ 14.397679] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.397708] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.397733] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.397760] ? __pfx_read_tsc+0x10/0x10 [ 14.397782] ? ktime_get_ts64+0x86/0x230 [ 14.397808] kunit_try_run_case+0x1a5/0x480 [ 14.397835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.397858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.397882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.397907] ? __kthread_parkme+0x82/0x180 [ 14.397929] ? preempt_count_sub+0x50/0x80 [ 14.397953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.397977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.398001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.398025] kthread+0x337/0x6f0 [ 14.398045] ? trace_preempt_on+0x20/0xc0 [ 14.398070] ? __pfx_kthread+0x10/0x10 [ 14.398091] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.398113] ? calculate_sigpending+0x7b/0xa0 [ 14.398139] ? __pfx_kthread+0x10/0x10 [ 14.398161] ret_from_fork+0x116/0x1d0 [ 14.398179] ? __pfx_kthread+0x10/0x10 [ 14.398200] ret_from_fork_asm+0x1a/0x30 [ 14.398233] </TASK> [ 14.398244] [ 14.415646] The buggy address belongs to the physical page: [ 14.416218] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103920 [ 14.416485] flags: 0x200000000000000(node=0|zone=2) [ 14.416692] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.417813] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.418869] page dumped because: kasan: bad access detected [ 14.419505] [ 14.419588] Memory state around the buggy address: [ 14.419747] ffff88810391ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.419964] ffff88810391ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.420611] >ffff888103920000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.421125] ^ [ 14.421544] ffff888103920080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.422058] ffff888103920100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.422807] ==================================================================
[ 14.416419] ================================================================== [ 14.416861] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.417655] Free of addr ffff888102a51500 by task kunit_try_catch/253 [ 14.418438] [ 14.418680] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.418730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.418743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.418767] Call Trace: [ 14.418780] <TASK> [ 14.418798] dump_stack_lvl+0x73/0xb0 [ 14.418830] print_report+0xd1/0x610 [ 14.418861] ? __virt_addr_valid+0x1db/0x2d0 [ 14.418886] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.418908] ? mempool_double_free_helper+0x184/0x370 [ 14.418932] kasan_report_invalid_free+0x10a/0x130 [ 14.418957] ? mempool_double_free_helper+0x184/0x370 [ 14.418981] ? mempool_double_free_helper+0x184/0x370 [ 14.419005] ? mempool_double_free_helper+0x184/0x370 [ 14.419027] check_slab_allocation+0x101/0x130 [ 14.419049] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.419072] mempool_free+0x2ec/0x380 [ 14.419100] mempool_double_free_helper+0x184/0x370 [ 14.419124] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.419159] ? __kasan_check_write+0x18/0x20 [ 14.419180] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.419202] ? finish_task_switch.isra.0+0x153/0x700 [ 14.419229] mempool_kmalloc_double_free+0xed/0x140 [ 14.419252] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.419279] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.419301] ? __pfx_mempool_kfree+0x10/0x10 [ 14.419325] ? __pfx_read_tsc+0x10/0x10 [ 14.419347] ? ktime_get_ts64+0x86/0x230 [ 14.419371] kunit_try_run_case+0x1a5/0x480 [ 14.419397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.419419] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.419444] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.419466] ? __kthread_parkme+0x82/0x180 [ 14.419487] ? preempt_count_sub+0x50/0x80 [ 14.419509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.419533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.419556] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.419580] kthread+0x337/0x6f0 [ 14.419599] ? trace_preempt_on+0x20/0xc0 [ 14.419622] ? __pfx_kthread+0x10/0x10 [ 14.419642] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.419664] ? calculate_sigpending+0x7b/0xa0 [ 14.419687] ? __pfx_kthread+0x10/0x10 [ 14.419708] ret_from_fork+0x116/0x1d0 [ 14.419726] ? __pfx_kthread+0x10/0x10 [ 14.419747] ret_from_fork_asm+0x1a/0x30 [ 14.419777] </TASK> [ 14.419789] [ 14.434666] Allocated by task 253: [ 14.435115] kasan_save_stack+0x45/0x70 [ 14.435393] kasan_save_track+0x18/0x40 [ 14.435663] kasan_save_alloc_info+0x3b/0x50 [ 14.435812] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.436353] remove_element+0x11e/0x190 [ 14.436723] mempool_alloc_preallocated+0x4d/0x90 [ 14.437381] mempool_double_free_helper+0x8a/0x370 [ 14.437656] mempool_kmalloc_double_free+0xed/0x140 [ 14.437818] kunit_try_run_case+0x1a5/0x480 [ 14.438288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.438769] kthread+0x337/0x6f0 [ 14.439200] ret_from_fork+0x116/0x1d0 [ 14.439636] ret_from_fork_asm+0x1a/0x30 [ 14.439830] [ 14.440058] Freed by task 253: [ 14.440395] kasan_save_stack+0x45/0x70 [ 14.440677] kasan_save_track+0x18/0x40 [ 14.440815] kasan_save_free_info+0x3f/0x60 [ 14.441282] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.441765] mempool_free+0x2ec/0x380 [ 14.442372] mempool_double_free_helper+0x109/0x370 [ 14.442623] mempool_kmalloc_double_free+0xed/0x140 [ 14.442786] kunit_try_run_case+0x1a5/0x480 [ 14.443243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.443824] kthread+0x337/0x6f0 [ 14.444211] ret_from_fork+0x116/0x1d0 [ 14.444605] ret_from_fork_asm+0x1a/0x30 [ 14.444913] [ 14.445101] The buggy address belongs to the object at ffff888102a51500 [ 14.445101] which belongs to the cache kmalloc-128 of size 128 [ 14.445603] The buggy address is located 0 bytes inside of [ 14.445603] 128-byte region [ffff888102a51500, ffff888102a51580) [ 14.446199] [ 14.446365] The buggy address belongs to the physical page: [ 14.446894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a51 [ 14.448042] flags: 0x200000000000000(node=0|zone=2) [ 14.448635] page_type: f5(slab) [ 14.448991] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.449237] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.449512] page dumped because: kasan: bad access detected [ 14.450099] [ 14.450279] Memory state around the buggy address: [ 14.450725] ffff888102a51400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.451447] ffff888102a51480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.452173] >ffff888102a51500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.452445] ^ [ 14.452746] ffff888102a51580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.453491] ffff888102a51600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.454239] ================================================================== [ 14.489756] ================================================================== [ 14.490386] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.490646] Free of addr ffff8881038c4000 by task kunit_try_catch/257 [ 14.490851] [ 14.490950] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.491000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.491013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.491038] Call Trace: [ 14.491051] <TASK> [ 14.491071] dump_stack_lvl+0x73/0xb0 [ 14.491102] print_report+0xd1/0x610 [ 14.491126] ? __virt_addr_valid+0x1db/0x2d0 [ 14.491164] ? kasan_addr_to_slab+0x11/0xa0 [ 14.491184] ? mempool_double_free_helper+0x184/0x370 [ 14.491209] kasan_report_invalid_free+0x10a/0x130 [ 14.491233] ? mempool_double_free_helper+0x184/0x370 [ 14.491258] ? mempool_double_free_helper+0x184/0x370 [ 14.491282] __kasan_mempool_poison_pages+0x115/0x130 [ 14.491305] mempool_free+0x290/0x380 [ 14.491334] mempool_double_free_helper+0x184/0x370 [ 14.491357] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.491381] ? __kasan_check_write+0x18/0x20 [ 14.491401] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.491424] ? finish_task_switch.isra.0+0x153/0x700 [ 14.491450] mempool_page_alloc_double_free+0xe8/0x140 [ 14.491475] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.491503] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.491525] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.491551] ? __pfx_read_tsc+0x10/0x10 [ 14.491572] ? ktime_get_ts64+0x86/0x230 [ 14.492052] kunit_try_run_case+0x1a5/0x480 [ 14.492082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.492106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.492132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.492167] ? __kthread_parkme+0x82/0x180 [ 14.492189] ? preempt_count_sub+0x50/0x80 [ 14.492212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.492236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.492258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.492282] kthread+0x337/0x6f0 [ 14.492301] ? trace_preempt_on+0x20/0xc0 [ 14.492329] ? __pfx_kthread+0x10/0x10 [ 14.492350] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.492370] ? calculate_sigpending+0x7b/0xa0 [ 14.492396] ? __pfx_kthread+0x10/0x10 [ 14.492417] ret_from_fork+0x116/0x1d0 [ 14.492436] ? __pfx_kthread+0x10/0x10 [ 14.492457] ret_from_fork_asm+0x1a/0x30 [ 14.492489] </TASK> [ 14.492500] [ 14.508204] The buggy address belongs to the physical page: [ 14.508583] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038c4 [ 14.509165] flags: 0x200000000000000(node=0|zone=2) [ 14.509537] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.509767] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.510378] page dumped because: kasan: bad access detected [ 14.510919] [ 14.511102] Memory state around the buggy address: [ 14.511637] ffff8881038c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.512284] ffff8881038c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.512510] >ffff8881038c4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.512721] ^ [ 14.512839] ffff8881038c4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.513181] ffff8881038c4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.513449] ================================================================== [ 14.458389] ================================================================== [ 14.458871] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.459664] Free of addr ffff88810395c000 by task kunit_try_catch/255 [ 14.460734] [ 14.460997] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.461049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.461063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.461086] Call Trace: [ 14.461100] <TASK> [ 14.461119] dump_stack_lvl+0x73/0xb0 [ 14.461164] print_report+0xd1/0x610 [ 14.461188] ? __virt_addr_valid+0x1db/0x2d0 [ 14.461213] ? kasan_addr_to_slab+0x11/0xa0 [ 14.461232] ? mempool_double_free_helper+0x184/0x370 [ 14.461256] kasan_report_invalid_free+0x10a/0x130 [ 14.461279] ? mempool_double_free_helper+0x184/0x370 [ 14.461305] ? mempool_double_free_helper+0x184/0x370 [ 14.461329] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 14.461353] mempool_free+0x2ec/0x380 [ 14.461379] mempool_double_free_helper+0x184/0x370 [ 14.461403] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.461428] ? __kasan_check_write+0x18/0x20 [ 14.461447] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.461469] ? finish_task_switch.isra.0+0x153/0x700 [ 14.461496] mempool_kmalloc_large_double_free+0xed/0x140 [ 14.461520] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.461547] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.461570] ? __pfx_mempool_kfree+0x10/0x10 [ 14.461594] ? __pfx_read_tsc+0x10/0x10 [ 14.461615] ? ktime_get_ts64+0x86/0x230 [ 14.461640] kunit_try_run_case+0x1a5/0x480 [ 14.461665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.461688] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.461713] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.461736] ? __kthread_parkme+0x82/0x180 [ 14.461756] ? preempt_count_sub+0x50/0x80 [ 14.461780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.461803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.461826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.461849] kthread+0x337/0x6f0 [ 14.461867] ? trace_preempt_on+0x20/0xc0 [ 14.461891] ? __pfx_kthread+0x10/0x10 [ 14.461911] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.461933] ? calculate_sigpending+0x7b/0xa0 [ 14.461969] ? __pfx_kthread+0x10/0x10 [ 14.461989] ret_from_fork+0x116/0x1d0 [ 14.462008] ? __pfx_kthread+0x10/0x10 [ 14.462028] ret_from_fork_asm+0x1a/0x30 [ 14.462071] </TASK> [ 14.462082] [ 14.475495] The buggy address belongs to the physical page: [ 14.476112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10395c [ 14.476606] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.477169] flags: 0x200000000000040(head|node=0|zone=2) [ 14.477641] page_type: f8(unknown) [ 14.477926] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.478278] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.478852] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.479461] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.480097] head: 0200000000000002 ffffea00040e5701 00000000ffffffff 00000000ffffffff [ 14.480738] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.481260] page dumped because: kasan: bad access detected [ 14.481720] [ 14.482004] Memory state around the buggy address: [ 14.482547] ffff88810395bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.483074] ffff88810395bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.483529] >ffff88810395c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.483849] ^ [ 14.484222] ffff88810395c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.484638] ffff88810395c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.485072] ==================================================================