Date
Dec. 3, 2024, 11:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.025459] ================================================================== [ 33.026641] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 33.027961] Free of addr fff00000c58ff200 by task kunit_try_catch/224 [ 33.028984] [ 33.029504] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 33.030807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.031835] Hardware name: linux,dummy-virt (DT) [ 33.032472] Call trace: [ 33.033155] show_stack+0x20/0x38 (C) [ 33.033759] dump_stack_lvl+0x8c/0xd0 [ 33.034203] print_report+0x118/0x5e0 [ 33.034881] kasan_report_invalid_free+0xb0/0xd8 [ 33.035996] check_slab_allocation+0xd4/0x108 [ 33.036592] __kasan_mempool_poison_object+0x78/0x150 [ 33.036950] mempool_free+0x28c/0x328 [ 33.037238] mempool_double_free_helper+0x150/0x2e0 [ 33.038099] mempool_kmalloc_double_free+0xb8/0x110 [ 33.039369] kunit_try_run_case+0x14c/0x3d0 [ 33.040372] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.041553] kthread+0x24c/0x2d0 [ 33.042356] ret_from_fork+0x10/0x20 [ 33.042974] [ 33.043278] Allocated by task 224: [ 33.044175] kasan_save_stack+0x3c/0x68 [ 33.045007] kasan_save_track+0x20/0x40 [ 33.045801] kasan_save_alloc_info+0x40/0x58 [ 33.046516] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.047362] remove_element+0x130/0x1f8 [ 33.048421] mempool_alloc_preallocated+0x58/0xc0 [ 33.049817] mempool_double_free_helper+0x94/0x2e0 [ 33.050212] mempool_kmalloc_double_free+0xb8/0x110 [ 33.051002] kunit_try_run_case+0x14c/0x3d0 [ 33.051985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.052831] kthread+0x24c/0x2d0 [ 33.053548] ret_from_fork+0x10/0x20 [ 33.054115] [ 33.054485] Freed by task 224: [ 33.054913] kasan_save_stack+0x3c/0x68 [ 33.055785] kasan_save_track+0x20/0x40 [ 33.056422] kasan_save_free_info+0x4c/0x78 [ 33.057062] __kasan_mempool_poison_object+0xc0/0x150 [ 33.058458] mempool_free+0x28c/0x328 [ 33.058973] mempool_double_free_helper+0x100/0x2e0 [ 33.059751] mempool_kmalloc_double_free+0xb8/0x110 [ 33.060579] kunit_try_run_case+0x14c/0x3d0 [ 33.061117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.062235] kthread+0x24c/0x2d0 [ 33.062958] ret_from_fork+0x10/0x20 [ 33.063724] [ 33.064084] The buggy address belongs to the object at fff00000c58ff200 [ 33.064084] which belongs to the cache kmalloc-128 of size 128 [ 33.066022] The buggy address is located 0 bytes inside of [ 33.066022] 128-byte region [fff00000c58ff200, fff00000c58ff280) [ 33.068658] [ 33.069048] The buggy address belongs to the physical page: [ 33.069907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ff [ 33.071878] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.072617] page_type: f5(slab) [ 33.073187] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.074058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.075476] page dumped because: kasan: bad access detected [ 33.076494] [ 33.076867] Memory state around the buggy address: [ 33.077442] fff00000c58ff100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.078390] fff00000c58ff180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.079591] >fff00000c58ff200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.080865] ^ [ 33.081529] fff00000c58ff280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.082521] fff00000c58ff300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.083563] ================================================================== [ 33.093656] ================================================================== [ 33.094909] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 33.096132] Free of addr fff00000c65e0000 by task kunit_try_catch/226 [ 33.096850] [ 33.097316] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 33.098448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.099006] Hardware name: linux,dummy-virt (DT) [ 33.099755] Call trace: [ 33.100100] show_stack+0x20/0x38 (C) [ 33.101020] dump_stack_lvl+0x8c/0xd0 [ 33.101679] print_report+0x118/0x5e0 [ 33.102454] kasan_report_invalid_free+0xb0/0xd8 [ 33.103148] __kasan_mempool_poison_object+0x14c/0x150 [ 33.104017] mempool_free+0x28c/0x328 [ 33.104519] mempool_double_free_helper+0x150/0x2e0 [ 33.105271] mempool_kmalloc_large_double_free+0xb8/0x110 [ 33.106008] kunit_try_run_case+0x14c/0x3d0 [ 33.106778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.108080] kthread+0x24c/0x2d0 [ 33.108663] ret_from_fork+0x10/0x20 [ 33.109264] [ 33.109573] The buggy address belongs to the physical page: [ 33.110428] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e0 [ 33.111500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.112447] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.113678] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.115283] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.116290] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.117226] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.118134] head: 0bfffe0000000002 ffffc1ffc3197801 ffffffffffffffff 0000000000000000 [ 33.119311] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 33.120504] page dumped because: kasan: bad access detected [ 33.121263] [ 33.121640] Memory state around the buggy address: [ 33.122380] fff00000c65dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.123548] fff00000c65dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.124312] >fff00000c65e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.124895] ^ [ 33.125234] fff00000c65e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.125908] fff00000c65e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.127389] ================================================================== [ 33.138743] ================================================================== [ 33.140514] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 33.141561] Free of addr fff00000c6620000 by task kunit_try_catch/228 [ 33.142837] [ 33.143468] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 33.144756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.145286] Hardware name: linux,dummy-virt (DT) [ 33.145945] Call trace: [ 33.146354] show_stack+0x20/0x38 (C) [ 33.147060] dump_stack_lvl+0x8c/0xd0 [ 33.147644] print_report+0x118/0x5e0 [ 33.148307] kasan_report_invalid_free+0xb0/0xd8 [ 33.148905] __kasan_mempool_poison_pages+0xe0/0xe8 [ 33.150015] mempool_free+0x24c/0x328 [ 33.150701] mempool_double_free_helper+0x150/0x2e0 [ 33.151654] mempool_page_alloc_double_free+0xb4/0x110 [ 33.152385] kunit_try_run_case+0x14c/0x3d0 [ 33.152970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.153754] kthread+0x24c/0x2d0 [ 33.154469] ret_from_fork+0x10/0x20 [ 33.155196] [ 33.155598] The buggy address belongs to the physical page: [ 33.156364] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620 [ 33.157365] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.158231] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.159424] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.160873] page dumped because: kasan: bad access detected [ 33.161595] [ 33.161928] Memory state around the buggy address: [ 33.162608] fff00000c661ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.164110] fff00000c661ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.165273] >fff00000c6620000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.166134] ^ [ 33.166744] fff00000c6620080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.167671] fff00000c6620100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.168810] ==================================================================
[ 28.441964] ================================================================== [ 28.443075] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 28.443648] Free of addr ffff888102764000 by task kunit_try_catch/248 [ 28.443996] [ 28.444540] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 28.446145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.446881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.447908] Call Trace: [ 28.448280] <TASK> [ 28.448629] dump_stack_lvl+0x73/0xb0 [ 28.449518] print_report+0xd1/0x640 [ 28.449827] ? __virt_addr_valid+0x1db/0x2d0 [ 28.450436] ? mempool_double_free_helper+0x185/0x370 [ 28.451154] ? kasan_addr_to_slab+0x11/0xa0 [ 28.451587] ? mempool_double_free_helper+0x185/0x370 [ 28.452110] kasan_report_invalid_free+0xc0/0xf0 [ 28.452644] ? mempool_double_free_helper+0x185/0x370 [ 28.453455] ? mempool_double_free_helper+0x185/0x370 [ 28.453778] __kasan_mempool_poison_pages+0x115/0x130 [ 28.454404] mempool_free+0x290/0x380 [ 28.455248] mempool_double_free_helper+0x185/0x370 [ 28.455755] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 28.456659] ? irqentry_exit+0x2a/0x60 [ 28.457010] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.457788] mempool_page_alloc_double_free+0xac/0x100 [ 28.458294] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 28.458984] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 28.459653] ? __pfx_mempool_free_pages+0x10/0x10 [ 28.459986] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 28.460857] kunit_try_run_case+0x1b3/0x490 [ 28.461316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.462022] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.462378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.463281] ? __kthread_parkme+0x82/0x160 [ 28.464014] ? preempt_count_sub+0x50/0x80 [ 28.464492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.465033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.465690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.466249] kthread+0x257/0x310 [ 28.466527] ? __pfx_kthread+0x10/0x10 [ 28.466741] ret_from_fork+0x41/0x80 [ 28.467554] ? __pfx_kthread+0x10/0x10 [ 28.468207] ret_from_fork_asm+0x1a/0x30 [ 28.468950] </TASK> [ 28.469274] [ 28.469865] The buggy address belongs to the physical page: [ 28.470285] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102764 [ 28.471455] flags: 0x200000000000000(node=0|zone=2) [ 28.472393] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.472980] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.473552] page dumped because: kasan: bad access detected [ 28.473980] [ 28.474180] Memory state around the buggy address: [ 28.474560] ffff888102763f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.475121] ffff888102763f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.476050] >ffff888102764000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.477048] ^ [ 28.477288] ffff888102764080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.478373] ffff888102764100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.479358] ================================================================== [ 28.394715] ================================================================== [ 28.395494] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 28.396339] Free of addr ffff888102ba0000 by task kunit_try_catch/246 [ 28.396940] [ 28.397117] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 28.398108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.398439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.399161] Call Trace: [ 28.399828] <TASK> [ 28.400070] dump_stack_lvl+0x73/0xb0 [ 28.400499] print_report+0xd1/0x640 [ 28.401690] ? __virt_addr_valid+0x1db/0x2d0 [ 28.402111] ? mempool_double_free_helper+0x185/0x370 [ 28.403262] ? kasan_addr_to_slab+0x11/0xa0 [ 28.404014] ? mempool_double_free_helper+0x185/0x370 [ 28.404356] kasan_report_invalid_free+0xc0/0xf0 [ 28.404751] ? mempool_double_free_helper+0x185/0x370 [ 28.405328] ? mempool_double_free_helper+0x185/0x370 [ 28.405662] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 28.406254] mempool_free+0x2ec/0x380 [ 28.406605] mempool_double_free_helper+0x185/0x370 [ 28.407370] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 28.407777] ? finish_task_switch.isra.0+0x153/0x700 [ 28.408426] mempool_kmalloc_large_double_free+0xb1/0x100 [ 28.409512] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 28.410531] ? __switch_to+0x5d9/0xf60 [ 28.411085] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.411613] ? __pfx_mempool_kfree+0x10/0x10 [ 28.412163] ? __pfx_read_tsc+0x10/0x10 [ 28.412386] ? ktime_get_ts64+0x86/0x230 [ 28.413300] kunit_try_run_case+0x1b3/0x490 [ 28.413664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.414546] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.415283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.415788] ? __kthread_parkme+0x82/0x160 [ 28.416242] ? preempt_count_sub+0x50/0x80 [ 28.416626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.417379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.418217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.419044] kthread+0x257/0x310 [ 28.419311] ? __pfx_kthread+0x10/0x10 [ 28.419533] ret_from_fork+0x41/0x80 [ 28.419768] ? __pfx_kthread+0x10/0x10 [ 28.419958] ret_from_fork_asm+0x1a/0x30 [ 28.420317] </TASK> [ 28.420697] [ 28.421091] The buggy address belongs to the physical page: [ 28.421535] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba0 [ 28.422501] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.423218] flags: 0x200000000000040(head|node=0|zone=2) [ 28.423795] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.424702] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.425694] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.426491] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.427485] head: 0200000000000002 ffffea00040ae801 ffffffffffffffff 0000000000000000 [ 28.428099] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 28.428956] page dumped because: kasan: bad access detected [ 28.429585] [ 28.429842] Memory state around the buggy address: [ 28.430409] ffff888102b9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.431466] ffff888102b9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.432250] >ffff888102ba0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.433152] ^ [ 28.433532] ffff888102ba0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.434214] ffff888102ba0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.434696] ================================================================== [ 28.325399] ================================================================== [ 28.326255] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 28.326928] Free of addr ffff888102996000 by task kunit_try_catch/244 [ 28.327393] [ 28.327639] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 28.329044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.329377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.331009] Call Trace: [ 28.331214] <TASK> [ 28.331371] dump_stack_lvl+0x73/0xb0 [ 28.331620] print_report+0xd1/0x640 [ 28.332999] ? __virt_addr_valid+0x1db/0x2d0 [ 28.333422] ? mempool_double_free_helper+0x185/0x370 [ 28.333997] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.335012] ? mempool_double_free_helper+0x185/0x370 [ 28.335293] kasan_report_invalid_free+0xc0/0xf0 [ 28.335536] ? mempool_double_free_helper+0x185/0x370 [ 28.335999] ? mempool_double_free_helper+0x185/0x370 [ 28.337538] ? mempool_double_free_helper+0x185/0x370 [ 28.338202] check_slab_allocation+0x101/0x130 [ 28.338841] __kasan_mempool_poison_object+0x91/0x1d0 [ 28.339131] mempool_free+0x2ec/0x380 [ 28.339353] mempool_double_free_helper+0x185/0x370 [ 28.340104] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 28.340723] ? irqentry_exit+0x2a/0x60 [ 28.341234] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.342566] mempool_kmalloc_double_free+0xb1/0x100 [ 28.343427] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 28.344286] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.345114] ? __pfx_mempool_kfree+0x10/0x10 [ 28.345886] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 28.346339] kunit_try_run_case+0x1b3/0x490 [ 28.346763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.347157] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.347597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.348346] ? __kthread_parkme+0x82/0x160 [ 28.349186] ? preempt_count_sub+0x50/0x80 [ 28.349603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.350224] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.350768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.351392] kthread+0x257/0x310 [ 28.351975] ? __pfx_kthread+0x10/0x10 [ 28.352515] ret_from_fork+0x41/0x80 [ 28.353180] ? __pfx_kthread+0x10/0x10 [ 28.353641] ret_from_fork_asm+0x1a/0x30 [ 28.354189] </TASK> [ 28.354599] [ 28.354802] Allocated by task 244: [ 28.355029] kasan_save_stack+0x3d/0x60 [ 28.355590] kasan_save_track+0x18/0x40 [ 28.356155] kasan_save_alloc_info+0x3b/0x50 [ 28.356780] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.357244] remove_element+0x11e/0x190 [ 28.357732] mempool_alloc_preallocated+0x4d/0x90 [ 28.358316] mempool_double_free_helper+0x8b/0x370 [ 28.359113] mempool_kmalloc_double_free+0xb1/0x100 [ 28.359706] kunit_try_run_case+0x1b3/0x490 [ 28.360099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.361446] kthread+0x257/0x310 [ 28.362387] ret_from_fork+0x41/0x80 [ 28.363141] ret_from_fork_asm+0x1a/0x30 [ 28.363478] [ 28.363895] Freed by task 244: [ 28.364178] kasan_save_stack+0x3d/0x60 [ 28.364995] kasan_save_track+0x18/0x40 [ 28.365981] kasan_save_free_info+0x3f/0x60 [ 28.366934] __kasan_mempool_poison_object+0x131/0x1d0 [ 28.367291] mempool_free+0x2ec/0x380 [ 28.368178] mempool_double_free_helper+0x10a/0x370 [ 28.368564] mempool_kmalloc_double_free+0xb1/0x100 [ 28.369084] kunit_try_run_case+0x1b3/0x490 [ 28.369313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.370426] kthread+0x257/0x310 [ 28.370783] ret_from_fork+0x41/0x80 [ 28.371217] ret_from_fork_asm+0x1a/0x30 [ 28.371948] [ 28.372297] The buggy address belongs to the object at ffff888102996000 [ 28.372297] which belongs to the cache kmalloc-128 of size 128 [ 28.373910] The buggy address is located 0 bytes inside of [ 28.373910] 128-byte region [ffff888102996000, ffff888102996080) [ 28.375184] [ 28.375494] The buggy address belongs to the physical page: [ 28.376104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102996 [ 28.376786] flags: 0x200000000000000(node=0|zone=2) [ 28.377173] page_type: f5(slab) [ 28.377881] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.379308] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.379891] page dumped because: kasan: bad access detected [ 28.380736] [ 28.381017] Memory state around the buggy address: [ 28.381421] ffff888102995f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.381937] ffff888102995f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.382915] >ffff888102996000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.384149] ^ [ 28.384498] ffff888102996080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.385226] ffff888102996100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.386030] ==================================================================