Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 50.372009] ================================================================== [ 50.372979] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 50.373640] Free of addr fff00000c615a300 by task kunit_try_catch/224 [ 50.374181] [ 50.375700] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 50.377099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.377622] Hardware name: linux,dummy-virt (DT) [ 50.378074] Call trace: [ 50.378367] show_stack+0x20/0x38 (C) [ 50.379086] dump_stack_lvl+0x8c/0xd0 [ 50.381663] print_report+0x118/0x5e0 [ 50.382234] kasan_report_invalid_free+0xb0/0xd8 [ 50.382938] check_slab_allocation+0xd4/0x108 [ 50.383597] __kasan_mempool_poison_object+0x78/0x150 [ 50.384425] mempool_free+0x28c/0x328 [ 50.385015] mempool_double_free_helper+0x150/0x2e0 [ 50.385927] mempool_kmalloc_double_free+0xb8/0x110 [ 50.387176] kunit_try_run_case+0x14c/0x3d0 [ 50.388101] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.388942] kthread+0x24c/0x2d0 [ 50.389856] ret_from_fork+0x10/0x20 [ 50.390405] [ 50.390775] Allocated by task 224: [ 50.391238] kasan_save_stack+0x3c/0x68 [ 50.391990] kasan_save_track+0x20/0x40 [ 50.392585] kasan_save_alloc_info+0x40/0x58 [ 50.393344] __kasan_mempool_unpoison_object+0x11c/0x180 [ 50.393976] remove_element+0x130/0x1f8 [ 50.394560] mempool_alloc_preallocated+0x58/0xc0 [ 50.395188] mempool_double_free_helper+0x94/0x2e0 [ 50.396010] mempool_kmalloc_double_free+0xb8/0x110 [ 50.396659] kunit_try_run_case+0x14c/0x3d0 [ 50.397536] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.398191] kthread+0x24c/0x2d0 [ 50.398827] ret_from_fork+0x10/0x20 [ 50.399283] [ 50.399924] Freed by task 224: [ 50.400421] kasan_save_stack+0x3c/0x68 [ 50.401402] kasan_save_track+0x20/0x40 [ 50.401947] kasan_save_free_info+0x4c/0x78 [ 50.402574] __kasan_mempool_poison_object+0xc0/0x150 [ 50.403328] mempool_free+0x28c/0x328 [ 50.403865] mempool_double_free_helper+0x100/0x2e0 [ 50.404573] mempool_kmalloc_double_free+0xb8/0x110 [ 50.405553] kunit_try_run_case+0x14c/0x3d0 [ 50.406100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.406817] kthread+0x24c/0x2d0 [ 50.407416] ret_from_fork+0x10/0x20 [ 50.408002] [ 50.408313] The buggy address belongs to the object at fff00000c615a300 [ 50.408313] which belongs to the cache kmalloc-128 of size 128 [ 50.410042] The buggy address is located 0 bytes inside of [ 50.410042] 128-byte region [fff00000c615a300, fff00000c615a380) [ 50.411339] [ 50.411632] The buggy address belongs to the physical page: [ 50.412353] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10615a [ 50.413582] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 50.414477] page_type: f5(slab) [ 50.414999] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 50.415960] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 50.416835] page dumped because: kasan: bad access detected [ 50.417687] [ 50.418039] Memory state around the buggy address: [ 50.418737] fff00000c615a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.419787] fff00000c615a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.420695] >fff00000c615a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.421849] ^ [ 50.422429] fff00000c615a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.423165] fff00000c615a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.424462] ================================================================== [ 50.435053] ================================================================== [ 50.436167] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 50.437048] Free of addr fff00000c66e4000 by task kunit_try_catch/226 [ 50.438523] [ 50.438930] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 50.440038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.440682] Hardware name: linux,dummy-virt (DT) [ 50.441436] Call trace: [ 50.441803] show_stack+0x20/0x38 (C) [ 50.442362] dump_stack_lvl+0x8c/0xd0 [ 50.442896] print_report+0x118/0x5e0 [ 50.443834] kasan_report_invalid_free+0xb0/0xd8 [ 50.444526] __kasan_mempool_poison_object+0x14c/0x150 [ 50.445182] mempool_free+0x28c/0x328 [ 50.446093] mempool_double_free_helper+0x150/0x2e0 [ 50.446976] mempool_kmalloc_large_double_free+0xb8/0x110 [ 50.447651] kunit_try_run_case+0x14c/0x3d0 [ 50.448360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.449037] kthread+0x24c/0x2d0 [ 50.449664] ret_from_fork+0x10/0x20 [ 50.450362] [ 50.450723] The buggy address belongs to the physical page: [ 50.451562] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e4 [ 50.452611] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.453781] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 50.454877] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 50.455567] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 50.456469] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 50.457327] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 50.458612] head: 0bfffe0000000002 ffffc1ffc319b901 ffffffffffffffff 0000000000000000 [ 50.459571] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 50.460622] page dumped because: kasan: bad access detected [ 50.461365] [ 50.462097] Memory state around the buggy address: [ 50.462924] fff00000c66e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.463759] fff00000c66e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.464569] >fff00000c66e4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.465828] ^ [ 50.466269] fff00000c66e4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.467163] fff00000c66e4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.468032] ================================================================== [ 50.476842] ================================================================== [ 50.478482] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 50.479846] Free of addr fff00000c6614000 by task kunit_try_catch/228 [ 50.481333] [ 50.482277] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 50.483886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.484609] Hardware name: linux,dummy-virt (DT) [ 50.485505] Call trace: [ 50.486116] show_stack+0x20/0x38 (C) [ 50.486827] dump_stack_lvl+0x8c/0xd0 [ 50.487129] print_report+0x118/0x5e0 [ 50.487518] kasan_report_invalid_free+0xb0/0xd8 [ 50.488250] __kasan_mempool_poison_pages+0xe0/0xe8 [ 50.489074] mempool_free+0x24c/0x328 [ 50.489933] mempool_double_free_helper+0x150/0x2e0 [ 50.490717] mempool_page_alloc_double_free+0xb4/0x110 [ 50.491579] kunit_try_run_case+0x14c/0x3d0 [ 50.492284] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.493109] kthread+0x24c/0x2d0 [ 50.493652] ret_from_fork+0x10/0x20 [ 50.494526] [ 50.495077] The buggy address belongs to the physical page: [ 50.495855] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614 [ 50.496746] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 50.497911] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 50.499523] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 50.500632] page dumped because: kasan: bad access detected [ 50.501348] [ 50.502023] Memory state around the buggy address: [ 50.502599] fff00000c6613f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.503741] fff00000c6613f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.504676] >fff00000c6614000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.506011] ^ [ 50.506556] fff00000c6614080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.507439] fff00000c6614100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.508273] ==================================================================
[ 27.773844] ================================================================== [ 27.775852] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 27.776665] Free of addr ffff888102cdc000 by task kunit_try_catch/245 [ 27.777210] [ 27.777399] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.779642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.780332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.781830] Call Trace: [ 27.782374] <TASK> [ 27.782601] dump_stack_lvl+0x73/0xb0 [ 27.783405] print_report+0xd1/0x640 [ 27.783772] ? __virt_addr_valid+0x1db/0x2d0 [ 27.784612] ? mempool_double_free_helper+0x185/0x370 [ 27.785378] ? kasan_addr_to_slab+0x11/0xa0 [ 27.786015] ? mempool_double_free_helper+0x185/0x370 [ 27.786814] kasan_report_invalid_free+0xc0/0xf0 [ 27.787799] ? mempool_double_free_helper+0x185/0x370 [ 27.788788] ? mempool_double_free_helper+0x185/0x370 [ 27.789415] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 27.790371] mempool_free+0x2ec/0x380 [ 27.790782] mempool_double_free_helper+0x185/0x370 [ 27.791807] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.792698] ? finish_task_switch.isra.0+0x153/0x700 [ 27.793701] mempool_kmalloc_large_double_free+0xb1/0x100 [ 27.794511] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 27.795308] ? __switch_to+0x5d9/0xf60 [ 27.795736] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.796122] ? __pfx_mempool_kfree+0x10/0x10 [ 27.796713] ? __pfx_read_tsc+0x10/0x10 [ 27.797065] ? ktime_get_ts64+0x84/0x230 [ 27.797476] kunit_try_run_case+0x1b3/0x490 [ 27.798425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.799047] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.799555] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.800460] ? __kthread_parkme+0x82/0x160 [ 27.801085] ? preempt_count_sub+0x50/0x80 [ 27.801548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.802227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.802893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.803577] kthread+0x257/0x310 [ 27.804086] ? __pfx_kthread+0x10/0x10 [ 27.804862] ret_from_fork+0x41/0x80 [ 27.805854] ? __pfx_kthread+0x10/0x10 [ 27.806570] ret_from_fork_asm+0x1a/0x30 [ 27.807119] </TASK> [ 27.807710] [ 27.807908] The buggy address belongs to the physical page: [ 27.808609] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cdc [ 27.809719] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.810848] flags: 0x200000000000040(head|node=0|zone=2) [ 27.811619] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.812565] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.813454] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.814173] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.814892] head: 0200000000000002 ffffea00040b3701 ffffffffffffffff 0000000000000000 [ 27.815719] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 27.816625] page dumped because: kasan: bad access detected [ 27.817181] [ 27.817471] Memory state around the buggy address: [ 27.818038] ffff888102cdbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.818878] ffff888102cdbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.819512] >ffff888102cdc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.820324] ^ [ 27.820765] ffff888102cdc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.821711] ffff888102cdc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.822764] ================================================================== [ 27.828596] ================================================================== [ 27.829849] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 27.831304] Free of addr ffff888102c6c000 by task kunit_try_catch/247 [ 27.832490] [ 27.832773] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.833903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.834649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.836323] Call Trace: [ 27.836773] <TASK> [ 27.837012] dump_stack_lvl+0x73/0xb0 [ 27.838041] print_report+0xd1/0x640 [ 27.838447] ? __virt_addr_valid+0x1db/0x2d0 [ 27.839085] ? mempool_double_free_helper+0x185/0x370 [ 27.839615] ? kasan_addr_to_slab+0x11/0xa0 [ 27.840454] ? mempool_double_free_helper+0x185/0x370 [ 27.841244] kasan_report_invalid_free+0xc0/0xf0 [ 27.841728] ? mempool_double_free_helper+0x185/0x370 [ 27.842732] ? mempool_double_free_helper+0x185/0x370 [ 27.843277] __kasan_mempool_poison_pages+0x115/0x130 [ 27.843539] mempool_free+0x290/0x380 [ 27.843731] mempool_double_free_helper+0x185/0x370 [ 27.844062] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.845391] ? finish_task_switch.isra.0+0x153/0x700 [ 27.846767] mempool_page_alloc_double_free+0xac/0x100 [ 27.847471] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 27.848350] ? __switch_to+0x5d9/0xf60 [ 27.848904] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 27.849424] ? __pfx_mempool_free_pages+0x10/0x10 [ 27.849651] ? __pfx_read_tsc+0x10/0x10 [ 27.849833] ? ktime_get_ts64+0x84/0x230 [ 27.850208] kunit_try_run_case+0x1b3/0x490 [ 27.851001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.852170] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.852740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.853215] ? __kthread_parkme+0x82/0x160 [ 27.853836] ? preempt_count_sub+0x50/0x80 [ 27.854572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.855123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.855961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.856671] kthread+0x257/0x310 [ 27.857120] ? __pfx_kthread+0x10/0x10 [ 27.858000] ret_from_fork+0x41/0x80 [ 27.858671] ? __pfx_kthread+0x10/0x10 [ 27.859295] ret_from_fork_asm+0x1a/0x30 [ 27.859670] </TASK> [ 27.860122] [ 27.860363] The buggy address belongs to the physical page: [ 27.860769] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c6c [ 27.861448] flags: 0x200000000000000(node=0|zone=2) [ 27.862384] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 27.863049] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.863781] page dumped because: kasan: bad access detected [ 27.864443] [ 27.864961] Memory state around the buggy address: [ 27.865442] ffff888102c6bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.866445] ffff888102c6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.867191] >ffff888102c6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.868145] ^ [ 27.868480] ffff888102c6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.869347] ffff888102c6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.870484] ================================================================== [ 27.699324] ================================================================== [ 27.700517] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 27.702098] Free of addr ffff888101ab3800 by task kunit_try_catch/243 [ 27.703342] [ 27.703550] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 27.705035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.705416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.706279] Call Trace: [ 27.707306] <TASK> [ 27.707802] dump_stack_lvl+0x73/0xb0 [ 27.708486] print_report+0xd1/0x640 [ 27.708917] ? __virt_addr_valid+0x1db/0x2d0 [ 27.709669] ? mempool_double_free_helper+0x185/0x370 [ 27.710499] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.711553] ? mempool_double_free_helper+0x185/0x370 [ 27.712542] kasan_report_invalid_free+0xc0/0xf0 [ 27.713125] ? mempool_double_free_helper+0x185/0x370 [ 27.713573] ? mempool_double_free_helper+0x185/0x370 [ 27.714052] ? mempool_double_free_helper+0x185/0x370 [ 27.715410] check_slab_allocation+0x101/0x130 [ 27.715795] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.716381] mempool_free+0x2ec/0x380 [ 27.716790] mempool_double_free_helper+0x185/0x370 [ 27.717840] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.719044] ? finish_task_switch.isra.0+0x153/0x700 [ 27.719560] mempool_kmalloc_double_free+0xb1/0x100 [ 27.719789] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 27.720622] ? __switch_to+0x5d9/0xf60 [ 27.720916] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.721599] ? __pfx_mempool_kfree+0x10/0x10 [ 27.722361] ? __pfx_read_tsc+0x10/0x10 [ 27.722868] ? ktime_get_ts64+0x84/0x230 [ 27.723685] kunit_try_run_case+0x1b3/0x490 [ 27.724467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.725182] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.725660] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.726299] ? __kthread_parkme+0x82/0x160 [ 27.726789] ? preempt_count_sub+0x50/0x80 [ 27.727355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.727726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.728713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.729524] kthread+0x257/0x310 [ 27.729882] ? __pfx_kthread+0x10/0x10 [ 27.730745] ret_from_fork+0x41/0x80 [ 27.731473] ? __pfx_kthread+0x10/0x10 [ 27.731873] ret_from_fork_asm+0x1a/0x30 [ 27.732551] </TASK> [ 27.732852] [ 27.733418] Allocated by task 243: [ 27.733766] kasan_save_stack+0x3d/0x60 [ 27.734756] kasan_save_track+0x18/0x40 [ 27.735734] kasan_save_alloc_info+0x3b/0x50 [ 27.736366] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.736906] remove_element+0x11e/0x190 [ 27.737514] mempool_alloc_preallocated+0x4d/0x90 [ 27.738620] mempool_double_free_helper+0x8b/0x370 [ 27.739041] mempool_kmalloc_double_free+0xb1/0x100 [ 27.739585] kunit_try_run_case+0x1b3/0x490 [ 27.740002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.740473] kthread+0x257/0x310 [ 27.740793] ret_from_fork+0x41/0x80 [ 27.741654] ret_from_fork_asm+0x1a/0x30 [ 27.741927] [ 27.742177] Freed by task 243: [ 27.743300] kasan_save_stack+0x3d/0x60 [ 27.743799] kasan_save_track+0x18/0x40 [ 27.744436] kasan_save_free_info+0x3f/0x60 [ 27.745183] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.745591] mempool_free+0x2ec/0x380 [ 27.746509] mempool_double_free_helper+0x10a/0x370 [ 27.746927] mempool_kmalloc_double_free+0xb1/0x100 [ 27.747547] kunit_try_run_case+0x1b3/0x490 [ 27.747966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.749080] kthread+0x257/0x310 [ 27.749390] ret_from_fork+0x41/0x80 [ 27.749670] ret_from_fork_asm+0x1a/0x30 [ 27.750524] [ 27.750767] The buggy address belongs to the object at ffff888101ab3800 [ 27.750767] which belongs to the cache kmalloc-128 of size 128 [ 27.752563] The buggy address is located 0 bytes inside of [ 27.752563] 128-byte region [ffff888101ab3800, ffff888101ab3880) [ 27.753916] [ 27.754253] The buggy address belongs to the physical page: [ 27.754845] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ab3 [ 27.756544] flags: 0x200000000000000(node=0|zone=2) [ 27.756962] page_type: f5(slab) [ 27.757479] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.759205] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 27.759800] page dumped because: kasan: bad access detected [ 27.760542] [ 27.760858] Memory state around the buggy address: [ 27.761284] ffff888101ab3700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.762745] ffff888101ab3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.763679] >ffff888101ab3800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.764656] ^ [ 27.765097] ffff888101ab3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.765681] ffff888101ab3900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.766801] ==================================================================