Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.259923] ================================================================== [ 39.260980] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 39.262887] Free of addr fff00000c6c18000 by task kunit_try_catch/228 [ 39.263552] [ 39.263934] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 39.265015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.265622] Hardware name: linux,dummy-virt (DT) [ 39.266113] Call trace: [ 39.266822] show_stack+0x20/0x38 (C) [ 39.267516] dump_stack_lvl+0x8c/0xd0 [ 39.268054] print_report+0x118/0x5e0 [ 39.268707] kasan_report_invalid_free+0xb0/0xd8 [ 39.269376] __kasan_mempool_poison_pages+0xe0/0xe8 [ 39.270193] mempool_free+0x24c/0x328 [ 39.270704] mempool_double_free_helper+0x150/0x2e0 [ 39.271392] mempool_page_alloc_double_free+0xb4/0x110 [ 39.272111] kunit_try_run_case+0x14c/0x3d0 [ 39.272677] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.273378] kthread+0x24c/0x2d0 [ 39.274017] ret_from_fork+0x10/0x20 [ 39.274663] [ 39.275333] The buggy address belongs to the physical page: [ 39.276302] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c18 [ 39.277156] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.278083] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 39.279313] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.280501] page dumped because: kasan: bad access detected [ 39.281185] [ 39.281812] Memory state around the buggy address: [ 39.282730] fff00000c6c17f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.283617] fff00000c6c17f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.284395] >fff00000c6c18000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.285204] ^ [ 39.285916] fff00000c6c18080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.286538] fff00000c6c18100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.287078] ================================================================== [ 39.216934] ================================================================== [ 39.218660] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 39.219416] Free of addr fff00000c6c18000 by task kunit_try_catch/226 [ 39.220053] [ 39.220501] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 39.221725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.222278] Hardware name: linux,dummy-virt (DT) [ 39.222952] Call trace: [ 39.223684] show_stack+0x20/0x38 (C) [ 39.224166] dump_stack_lvl+0x8c/0xd0 [ 39.224754] print_report+0x118/0x5e0 [ 39.225396] kasan_report_invalid_free+0xb0/0xd8 [ 39.225987] __kasan_mempool_poison_object+0x14c/0x150 [ 39.226925] mempool_free+0x28c/0x328 [ 39.227499] mempool_double_free_helper+0x150/0x2e0 [ 39.228189] mempool_kmalloc_large_double_free+0xb8/0x110 [ 39.229425] kunit_try_run_case+0x14c/0x3d0 [ 39.230271] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.231103] kthread+0x24c/0x2d0 [ 39.231737] ret_from_fork+0x10/0x20 [ 39.232477] [ 39.232968] The buggy address belongs to the physical page: [ 39.233972] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c18 [ 39.234607] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 39.235389] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 39.236314] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 39.236984] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.238062] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 39.238899] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.239547] head: 0bfffe0000000002 ffffc1ffc31b0601 ffffffffffffffff 0000000000000000 [ 39.240472] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 39.241235] page dumped because: kasan: bad access detected [ 39.242187] [ 39.242546] Memory state around the buggy address: [ 39.243200] fff00000c6c17f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.243798] fff00000c6c17f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.244650] >fff00000c6c18000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.245418] ^ [ 39.246042] fff00000c6c18080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.246991] fff00000c6c18100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.247887] ================================================================== [ 39.156405] ================================================================== [ 39.157419] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 39.158241] Free of addr fff00000c6599a00 by task kunit_try_catch/224 [ 39.158917] [ 39.159263] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 39.161539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.162365] Hardware name: linux,dummy-virt (DT) [ 39.163424] Call trace: [ 39.163817] show_stack+0x20/0x38 (C) [ 39.164369] dump_stack_lvl+0x8c/0xd0 [ 39.164948] print_report+0x118/0x5e0 [ 39.165581] kasan_report_invalid_free+0xb0/0xd8 [ 39.166494] check_slab_allocation+0xd4/0x108 [ 39.166891] __kasan_mempool_poison_object+0x78/0x150 [ 39.167600] mempool_free+0x28c/0x328 [ 39.168152] mempool_double_free_helper+0x150/0x2e0 [ 39.168845] mempool_kmalloc_double_free+0xb8/0x110 [ 39.169421] kunit_try_run_case+0x14c/0x3d0 [ 39.170092] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.170762] kthread+0x24c/0x2d0 [ 39.171256] ret_from_fork+0x10/0x20 [ 39.171825] [ 39.172164] Allocated by task 224: [ 39.172692] kasan_save_stack+0x3c/0x68 [ 39.173314] kasan_save_track+0x20/0x40 [ 39.174199] kasan_save_alloc_info+0x40/0x58 [ 39.174704] __kasan_mempool_unpoison_object+0x11c/0x180 [ 39.175465] remove_element+0x130/0x1f8 [ 39.176050] mempool_alloc_preallocated+0x58/0xc0 [ 39.176715] mempool_double_free_helper+0x94/0x2e0 [ 39.177319] mempool_kmalloc_double_free+0xb8/0x110 [ 39.177985] kunit_try_run_case+0x14c/0x3d0 [ 39.178507] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.179223] kthread+0x24c/0x2d0 [ 39.179693] ret_from_fork+0x10/0x20 [ 39.180620] [ 39.181429] Freed by task 224: [ 39.181975] kasan_save_stack+0x3c/0x68 [ 39.182642] kasan_save_track+0x20/0x40 [ 39.183399] kasan_save_free_info+0x4c/0x78 [ 39.184057] __kasan_mempool_poison_object+0xc0/0x150 [ 39.184710] mempool_free+0x28c/0x328 [ 39.185275] mempool_double_free_helper+0x100/0x2e0 [ 39.185912] mempool_kmalloc_double_free+0xb8/0x110 [ 39.186511] kunit_try_run_case+0x14c/0x3d0 [ 39.187053] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.188020] kthread+0x24c/0x2d0 [ 39.188610] ret_from_fork+0x10/0x20 [ 39.189117] [ 39.189476] The buggy address belongs to the object at fff00000c6599a00 [ 39.189476] which belongs to the cache kmalloc-128 of size 128 [ 39.191093] The buggy address is located 0 bytes inside of [ 39.191093] 128-byte region [fff00000c6599a00, fff00000c6599a80) [ 39.192232] [ 39.192603] The buggy address belongs to the physical page: [ 39.193566] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106599 [ 39.194426] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.195106] page_type: f5(slab) [ 39.195667] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.196510] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.197459] page dumped because: kasan: bad access detected [ 39.198203] [ 39.198539] Memory state around the buggy address: [ 39.199618] fff00000c6599900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.200706] fff00000c6599980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.201781] >fff00000c6599a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.202762] ^ [ 39.203341] fff00000c6599a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.204129] fff00000c6599b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.204928] ==================================================================
[ 30.835929] ================================================================== [ 30.837570] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 30.838380] Free of addr ffff888102ce8000 by task kunit_try_catch/246 [ 30.839787] [ 30.840215] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 30.841432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.841909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.842930] Call Trace: [ 30.843065] <TASK> [ 30.843289] dump_stack_lvl+0x73/0xb0 [ 30.844375] print_report+0xd1/0x640 [ 30.845155] ? __virt_addr_valid+0x1db/0x2d0 [ 30.845551] ? mempool_double_free_helper+0x185/0x370 [ 30.846337] ? kasan_addr_to_slab+0x11/0xa0 [ 30.846946] ? mempool_double_free_helper+0x185/0x370 [ 30.847754] kasan_report_invalid_free+0xc0/0xf0 [ 30.848741] ? mempool_double_free_helper+0x185/0x370 [ 30.849224] ? mempool_double_free_helper+0x185/0x370 [ 30.849986] __kasan_mempool_poison_pages+0x115/0x130 [ 30.850804] mempool_free+0x290/0x380 [ 30.851225] mempool_double_free_helper+0x185/0x370 [ 30.852595] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 30.853126] ? finish_task_switch.isra.0+0x153/0x700 [ 30.853985] mempool_page_alloc_double_free+0xac/0x100 [ 30.854888] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 30.855556] ? __switch_to+0x5d9/0xf60 [ 30.856090] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 30.856846] ? __pfx_mempool_free_pages+0x10/0x10 [ 30.857410] ? __pfx_read_tsc+0x10/0x10 [ 30.858151] ? ktime_get_ts64+0x84/0x230 [ 30.858571] kunit_try_run_case+0x1b3/0x490 [ 30.859306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.859855] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.860624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.861172] ? __kthread_parkme+0x82/0x160 [ 30.861996] ? preempt_count_sub+0x50/0x80 [ 30.862656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.863249] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.863988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.864928] kthread+0x257/0x310 [ 30.865233] ? __pfx_kthread+0x10/0x10 [ 30.865978] ret_from_fork+0x41/0x80 [ 30.866671] ? __pfx_kthread+0x10/0x10 [ 30.866990] ret_from_fork_asm+0x1a/0x30 [ 30.867531] </TASK> [ 30.867911] [ 30.868521] The buggy address belongs to the physical page: [ 30.868921] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ce8 [ 30.869970] flags: 0x200000000000000(node=0|zone=2) [ 30.871062] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 30.872046] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.872712] page dumped because: kasan: bad access detected [ 30.873483] [ 30.873672] Memory state around the buggy address: [ 30.874591] ffff888102ce7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.875416] ffff888102ce7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.876210] >ffff888102ce8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.877010] ^ [ 30.877707] ffff888102ce8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.878071] ffff888102ce8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.878420] ================================================================== [ 30.792896] ================================================================== [ 30.794203] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 30.794931] Free of addr ffff888102cb0000 by task kunit_try_catch/244 [ 30.795537] [ 30.796717] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 30.797842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.798388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.799422] Call Trace: [ 30.799925] <TASK> [ 30.800132] dump_stack_lvl+0x73/0xb0 [ 30.800907] print_report+0xd1/0x640 [ 30.801441] ? __virt_addr_valid+0x1db/0x2d0 [ 30.802158] ? mempool_double_free_helper+0x185/0x370 [ 30.802776] ? kasan_addr_to_slab+0x11/0xa0 [ 30.803125] ? mempool_double_free_helper+0x185/0x370 [ 30.803572] kasan_report_invalid_free+0xc0/0xf0 [ 30.804160] ? mempool_double_free_helper+0x185/0x370 [ 30.804662] ? mempool_double_free_helper+0x185/0x370 [ 30.805248] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 30.805790] mempool_free+0x2ec/0x380 [ 30.806120] mempool_double_free_helper+0x185/0x370 [ 30.806707] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 30.807185] ? finish_task_switch.isra.0+0x153/0x700 [ 30.807615] mempool_kmalloc_large_double_free+0xb1/0x100 [ 30.808176] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 30.808594] ? __switch_to+0x5d9/0xf60 [ 30.809128] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.809525] ? __pfx_mempool_kfree+0x10/0x10 [ 30.810076] ? __pfx_read_tsc+0x10/0x10 [ 30.810384] ? ktime_get_ts64+0x84/0x230 [ 30.810893] kunit_try_run_case+0x1b3/0x490 [ 30.811366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.811846] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.812350] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.812833] ? __kthread_parkme+0x82/0x160 [ 30.813329] ? preempt_count_sub+0x50/0x80 [ 30.813892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.814255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.814970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.815502] kthread+0x257/0x310 [ 30.815847] ? __pfx_kthread+0x10/0x10 [ 30.816275] ret_from_fork+0x41/0x80 [ 30.816810] ? __pfx_kthread+0x10/0x10 [ 30.817130] ret_from_fork_asm+0x1a/0x30 [ 30.817542] </TASK> [ 30.817855] [ 30.818021] The buggy address belongs to the physical page: [ 30.818470] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cb0 [ 30.819079] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.819788] flags: 0x200000000000040(head|node=0|zone=2) [ 30.820388] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.821113] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.821832] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.822455] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.823056] head: 0200000000000002 ffffea00040b2c01 ffffffffffffffff 0000000000000000 [ 30.823861] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.824403] page dumped because: kasan: bad access detected [ 30.824866] [ 30.825119] Memory state around the buggy address: [ 30.825656] ffff888102caff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.826291] ffff888102caff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.826920] >ffff888102cb0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.827550] ^ [ 30.827915] ffff888102cb0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.828563] ffff888102cb0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.829334] ================================================================== [ 30.725801] ================================================================== [ 30.726744] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 30.727195] Free of addr ffff888101acff00 by task kunit_try_catch/242 [ 30.727930] [ 30.728490] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 30.730430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.730768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.731598] Call Trace: [ 30.732120] <TASK> [ 30.732320] dump_stack_lvl+0x73/0xb0 [ 30.732842] print_report+0xd1/0x640 [ 30.733247] ? __virt_addr_valid+0x1db/0x2d0 [ 30.733802] ? mempool_double_free_helper+0x185/0x370 [ 30.735040] ? kasan_complete_mode_report_info+0x64/0x200 [ 30.735765] ? mempool_double_free_helper+0x185/0x370 [ 30.736452] kasan_report_invalid_free+0xc0/0xf0 [ 30.737008] ? mempool_double_free_helper+0x185/0x370 [ 30.737832] ? mempool_double_free_helper+0x185/0x370 [ 30.738991] ? mempool_double_free_helper+0x185/0x370 [ 30.740047] check_slab_allocation+0x101/0x130 [ 30.740787] __kasan_mempool_poison_object+0x91/0x1d0 [ 30.741475] mempool_free+0x2ec/0x380 [ 30.741843] mempool_double_free_helper+0x185/0x370 [ 30.742764] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 30.743304] mempool_kmalloc_double_free+0xb1/0x100 [ 30.743858] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 30.744638] ? __switch_to+0x5d9/0xf60 [ 30.745723] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.746426] ? __pfx_mempool_kfree+0x10/0x10 [ 30.747042] ? __pfx_read_tsc+0x10/0x10 [ 30.748509] ? ktime_get_ts64+0x84/0x230 [ 30.748902] kunit_try_run_case+0x1b3/0x490 [ 30.749606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.750322] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 30.751272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.751790] ? __kthread_parkme+0x82/0x160 [ 30.752231] ? preempt_count_sub+0x50/0x80 [ 30.753302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.753904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.754544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.755878] kthread+0x257/0x310 [ 30.756165] ? __pfx_kthread+0x10/0x10 [ 30.757250] ret_from_fork+0x41/0x80 [ 30.757823] ? __pfx_kthread+0x10/0x10 [ 30.758264] ret_from_fork_asm+0x1a/0x30 [ 30.758671] </TASK> [ 30.758972] [ 30.759121] Allocated by task 242: [ 30.759545] kasan_save_stack+0x3d/0x60 [ 30.760045] kasan_save_track+0x18/0x40 [ 30.760626] kasan_save_alloc_info+0x3b/0x50 [ 30.761383] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 30.762041] remove_element+0x11e/0x190 [ 30.762651] mempool_alloc_preallocated+0x4d/0x90 [ 30.763230] mempool_double_free_helper+0x8b/0x370 [ 30.763844] mempool_kmalloc_double_free+0xb1/0x100 [ 30.764402] kunit_try_run_case+0x1b3/0x490 [ 30.764898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.765451] kthread+0x257/0x310 [ 30.765888] ret_from_fork+0x41/0x80 [ 30.766524] ret_from_fork_asm+0x1a/0x30 [ 30.767054] [ 30.767360] Freed by task 242: [ 30.767603] kasan_save_stack+0x3d/0x60 [ 30.768191] kasan_save_track+0x18/0x40 [ 30.768542] kasan_save_free_info+0x3f/0x60 [ 30.768991] __kasan_mempool_poison_object+0x131/0x1d0 [ 30.769353] mempool_free+0x2ec/0x380 [ 30.769841] mempool_double_free_helper+0x10a/0x370 [ 30.770448] mempool_kmalloc_double_free+0xb1/0x100 [ 30.771009] kunit_try_run_case+0x1b3/0x490 [ 30.771648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.772053] kthread+0x257/0x310 [ 30.772908] ret_from_fork+0x41/0x80 [ 30.773498] ret_from_fork_asm+0x1a/0x30 [ 30.773913] [ 30.774284] The buggy address belongs to the object at ffff888101acff00 [ 30.774284] which belongs to the cache kmalloc-128 of size 128 [ 30.775212] The buggy address is located 0 bytes inside of [ 30.775212] 128-byte region [ffff888101acff00, ffff888101acff80) [ 30.776467] [ 30.776767] The buggy address belongs to the physical page: [ 30.777579] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101acf [ 30.778344] flags: 0x200000000000000(node=0|zone=2) [ 30.778726] page_type: f5(slab) [ 30.779143] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.779669] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 30.780755] page dumped because: kasan: bad access detected [ 30.781356] [ 30.781525] Memory state around the buggy address: [ 30.782200] ffff888101acfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.782759] ffff888101acfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.783395] >ffff888101acff00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.784473] ^ [ 30.784823] ffff888101acff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.785526] ffff888101ad0000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 30.786353] ==================================================================