Date
Dec. 6, 2024, 3:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.650637] ================================================================== [ 33.651842] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 33.652538] Free of addr fff00000c69f2600 by task kunit_try_catch/224 [ 33.653340] [ 33.653696] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.654875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.655480] Hardware name: linux,dummy-virt (DT) [ 33.656182] Call trace: [ 33.656625] show_stack+0x20/0x38 (C) [ 33.657152] dump_stack_lvl+0x8c/0xd0 [ 33.657743] print_report+0x118/0x5e0 [ 33.658291] kasan_report_invalid_free+0xb0/0xd8 [ 33.659046] check_slab_allocation+0xd4/0x108 [ 33.659630] __kasan_mempool_poison_object+0x78/0x150 [ 33.660376] mempool_free+0x28c/0x328 [ 33.660936] mempool_double_free_helper+0x150/0x2e0 [ 33.661668] mempool_kmalloc_double_free+0xb8/0x110 [ 33.662417] kunit_try_run_case+0x14c/0x3d0 [ 33.663135] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.663837] kthread+0x24c/0x2d0 [ 33.664430] ret_from_fork+0x10/0x20 [ 33.665029] [ 33.665404] Allocated by task 224: [ 33.666013] kasan_save_stack+0x3c/0x68 [ 33.666587] kasan_save_track+0x20/0x40 [ 33.667228] kasan_save_alloc_info+0x40/0x58 [ 33.667880] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.668616] remove_element+0x130/0x1f8 [ 33.669243] mempool_alloc_preallocated+0x58/0xc0 [ 33.669963] mempool_double_free_helper+0x94/0x2e0 [ 33.670608] mempool_kmalloc_double_free+0xb8/0x110 [ 33.671341] kunit_try_run_case+0x14c/0x3d0 [ 33.671877] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.672676] kthread+0x24c/0x2d0 [ 33.673139] ret_from_fork+0x10/0x20 [ 33.673761] [ 33.674134] Freed by task 224: [ 33.674659] kasan_save_stack+0x3c/0x68 [ 33.675256] kasan_save_track+0x20/0x40 [ 33.675872] kasan_save_free_info+0x4c/0x78 [ 33.676575] __kasan_mempool_poison_object+0xc0/0x150 [ 33.677325] mempool_free+0x28c/0x328 [ 33.677923] mempool_double_free_helper+0x100/0x2e0 [ 33.678481] mempool_kmalloc_double_free+0xb8/0x110 [ 33.679240] kunit_try_run_case+0x14c/0x3d0 [ 33.679899] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.680669] kthread+0x24c/0x2d0 [ 33.681122] ret_from_fork+0x10/0x20 [ 33.681735] [ 33.682117] The buggy address belongs to the object at fff00000c69f2600 [ 33.682117] which belongs to the cache kmalloc-128 of size 128 [ 33.683199] The buggy address is located 0 bytes inside of [ 33.683199] 128-byte region [fff00000c69f2600, fff00000c69f2680) [ 33.684558] [ 33.684885] The buggy address belongs to the physical page: [ 33.685643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f2 [ 33.686573] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.687370] page_type: f5(slab) [ 33.687947] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.688787] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.689575] page dumped because: kasan: bad access detected [ 33.690322] [ 33.690711] Memory state around the buggy address: [ 33.691306] fff00000c69f2500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.692106] fff00000c69f2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.692924] >fff00000c69f2600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.693834] ^ [ 33.694324] fff00000c69f2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.695040] fff00000c69f2700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.695964] ================================================================== [ 33.707304] ================================================================== [ 33.708572] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 33.709276] Free of addr fff00000c6b30000 by task kunit_try_catch/226 [ 33.709931] [ 33.710336] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.711669] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.712257] Hardware name: linux,dummy-virt (DT) [ 33.712910] Call trace: [ 33.713473] show_stack+0x20/0x38 (C) [ 33.714490] dump_stack_lvl+0x8c/0xd0 [ 33.715160] print_report+0x118/0x5e0 [ 33.715702] kasan_report_invalid_free+0xb0/0xd8 [ 33.716417] __kasan_mempool_poison_object+0x14c/0x150 [ 33.718873] mempool_free+0x28c/0x328 [ 33.719682] mempool_double_free_helper+0x150/0x2e0 [ 33.720529] mempool_kmalloc_large_double_free+0xb8/0x110 [ 33.721349] kunit_try_run_case+0x14c/0x3d0 [ 33.722165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.722964] kthread+0x24c/0x2d0 [ 33.723526] ret_from_fork+0x10/0x20 [ 33.724118] [ 33.724464] The buggy address belongs to the physical page: [ 33.725095] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106b30 [ 33.726818] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.727658] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.729039] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.729869] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.730924] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.731842] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.732911] head: 0bfffe0000000002 ffffc1ffc31acc01 ffffffffffffffff 0000000000000000 [ 33.733837] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 33.735417] page dumped because: kasan: bad access detected [ 33.736125] [ 33.736564] Memory state around the buggy address: [ 33.737320] fff00000c6b2ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.738485] fff00000c6b2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.739250] >fff00000c6b30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.740205] ^ [ 33.740689] fff00000c6b30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.741068] fff00000c6b30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.741419] ================================================================== [ 33.752243] ================================================================== [ 33.753528] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0 [ 33.754468] Free of addr fff00000c6b30000 by task kunit_try_catch/228 [ 33.755572] [ 33.756976] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 33.758065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.758681] Hardware name: linux,dummy-virt (DT) [ 33.759723] Call trace: [ 33.760186] show_stack+0x20/0x38 (C) [ 33.760852] dump_stack_lvl+0x8c/0xd0 [ 33.761548] print_report+0x118/0x5e0 [ 33.762152] kasan_report_invalid_free+0xb0/0xd8 [ 33.763716] __kasan_mempool_poison_pages+0xe0/0xe8 [ 33.764440] mempool_free+0x24c/0x328 [ 33.765034] mempool_double_free_helper+0x150/0x2e0 [ 33.765823] mempool_page_alloc_double_free+0xb4/0x110 [ 33.766635] kunit_try_run_case+0x14c/0x3d0 [ 33.767634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.768452] kthread+0x24c/0x2d0 [ 33.769063] ret_from_fork+0x10/0x20 [ 33.769714] [ 33.770086] The buggy address belongs to the physical page: [ 33.771705] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106b30 [ 33.772669] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.773474] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.774862] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.775756] page dumped because: kasan: bad access detected [ 33.776450] [ 33.776875] Memory state around the buggy address: [ 33.777441] fff00000c6b2ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.778904] fff00000c6b2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.780164] >fff00000c6b30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.780977] ^ [ 33.781578] fff00000c6b30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.782693] fff00000c6b30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.783460] ==================================================================
[ 26.555182] ================================================================== [ 26.556771] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 26.557762] Free of addr ffff888102acc000 by task kunit_try_catch/247 [ 26.558748] [ 26.559188] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 26.560656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.561081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.562248] Call Trace: [ 26.562970] <TASK> [ 26.563335] dump_stack_lvl+0x73/0xb0 [ 26.564069] print_report+0xd1/0x640 [ 26.564493] ? __virt_addr_valid+0x1db/0x2d0 [ 26.565736] ? mempool_double_free_helper+0x185/0x370 [ 26.567309] ? kasan_addr_to_slab+0x11/0xa0 [ 26.568261] ? mempool_double_free_helper+0x185/0x370 [ 26.568749] kasan_report_invalid_free+0xc0/0xf0 [ 26.569854] ? mempool_double_free_helper+0x185/0x370 [ 26.570357] ? mempool_double_free_helper+0x185/0x370 [ 26.570873] __kasan_mempool_poison_pages+0x115/0x130 [ 26.571967] mempool_free+0x290/0x380 [ 26.572428] mempool_double_free_helper+0x185/0x370 [ 26.573439] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.574164] mempool_page_alloc_double_free+0xac/0x100 [ 26.575080] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 26.575820] ? __switch_to+0x5d9/0xf60 [ 26.576821] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.577280] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.577792] ? __pfx_read_tsc+0x10/0x10 [ 26.578532] ? ktime_get_ts64+0x86/0x230 [ 26.579143] kunit_try_run_case+0x1b3/0x490 [ 26.579718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.580115] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.580817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.581386] ? __kthread_parkme+0x82/0x160 [ 26.582030] ? preempt_count_sub+0x50/0x80 [ 26.582392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.583741] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.584510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.585061] kthread+0x257/0x310 [ 26.585427] ? __pfx_kthread+0x10/0x10 [ 26.585808] ret_from_fork+0x41/0x80 [ 26.587168] ? __pfx_kthread+0x10/0x10 [ 26.587946] ret_from_fork_asm+0x1a/0x30 [ 26.588729] </TASK> [ 26.589330] [ 26.589619] The buggy address belongs to the physical page: [ 26.590143] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102acc [ 26.591069] flags: 0x200000000000000(node=0|zone=2) [ 26.591973] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.593178] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.594449] page dumped because: kasan: bad access detected [ 26.595159] [ 26.596076] Memory state around the buggy address: [ 26.596549] ffff888102acbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.597525] ffff888102acbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.599129] >ffff888102acc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.599952] ^ [ 26.600589] ffff888102acc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.601215] ffff888102acc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.602663] ================================================================== [ 26.498604] ================================================================== [ 26.499514] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 26.500007] Free of addr ffff888102acc000 by task kunit_try_catch/245 [ 26.500721] [ 26.501223] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 26.501900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.502992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.504132] Call Trace: [ 26.504432] <TASK> [ 26.505214] dump_stack_lvl+0x73/0xb0 [ 26.505829] print_report+0xd1/0x640 [ 26.506283] ? __virt_addr_valid+0x1db/0x2d0 [ 26.506806] ? mempool_double_free_helper+0x185/0x370 [ 26.507406] ? kasan_addr_to_slab+0x11/0xa0 [ 26.507966] ? mempool_double_free_helper+0x185/0x370 [ 26.508679] kasan_report_invalid_free+0xc0/0xf0 [ 26.509206] ? mempool_double_free_helper+0x185/0x370 [ 26.509657] ? mempool_double_free_helper+0x185/0x370 [ 26.510118] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 26.510675] mempool_free+0x2ec/0x380 [ 26.511226] mempool_double_free_helper+0x185/0x370 [ 26.512745] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.513186] ? finish_task_switch.isra.0+0x153/0x700 [ 26.514190] mempool_kmalloc_large_double_free+0xb1/0x100 [ 26.514975] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 26.515679] ? __switch_to+0x5d9/0xf60 [ 26.516302] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.516852] ? __pfx_mempool_kfree+0x10/0x10 [ 26.517164] ? __pfx_read_tsc+0x10/0x10 [ 26.517689] ? ktime_get_ts64+0x86/0x230 [ 26.518713] kunit_try_run_case+0x1b3/0x490 [ 26.519268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.520176] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.520654] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.521135] ? __kthread_parkme+0x82/0x160 [ 26.521545] ? preempt_count_sub+0x50/0x80 [ 26.522701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.523181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.524454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.525247] kthread+0x257/0x310 [ 26.525765] ? __pfx_kthread+0x10/0x10 [ 26.526630] ret_from_fork+0x41/0x80 [ 26.527030] ? __pfx_kthread+0x10/0x10 [ 26.528018] ret_from_fork_asm+0x1a/0x30 [ 26.528555] </TASK> [ 26.528801] [ 26.529007] The buggy address belongs to the physical page: [ 26.529513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102acc [ 26.531036] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.532000] flags: 0x200000000000040(head|node=0|zone=2) [ 26.532821] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.534153] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.535329] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.536252] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.537892] head: 0200000000000002 ffffea00040ab301 ffffffffffffffff 0000000000000000 [ 26.539475] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 26.540521] page dumped because: kasan: bad access detected [ 26.541648] [ 26.542124] Memory state around the buggy address: [ 26.542768] ffff888102acbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.544301] ffff888102acbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.544656] >ffff888102acc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.544952] ^ [ 26.545159] ffff888102acc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.545432] ffff888102acc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.545700] ================================================================== [ 26.414204] ================================================================== [ 26.415576] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370 [ 26.416220] Free of addr ffff88810292ca00 by task kunit_try_catch/243 [ 26.416760] [ 26.417034] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 26.419215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.419687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.420769] Call Trace: [ 26.421254] <TASK> [ 26.421449] dump_stack_lvl+0x73/0xb0 [ 26.422355] print_report+0xd1/0x640 [ 26.423144] ? __virt_addr_valid+0x1db/0x2d0 [ 26.423902] ? mempool_double_free_helper+0x185/0x370 [ 26.425207] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.426100] ? mempool_double_free_helper+0x185/0x370 [ 26.427328] kasan_report_invalid_free+0xc0/0xf0 [ 26.427646] ? mempool_double_free_helper+0x185/0x370 [ 26.428922] ? mempool_double_free_helper+0x185/0x370 [ 26.430445] ? mempool_double_free_helper+0x185/0x370 [ 26.430955] check_slab_allocation+0x101/0x130 [ 26.432212] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.432869] mempool_free+0x2ec/0x380 [ 26.433240] mempool_double_free_helper+0x185/0x370 [ 26.433608] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.434325] ? irqentry_exit+0x2a/0x60 [ 26.434739] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.435395] mempool_kmalloc_double_free+0xb1/0x100 [ 26.436155] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 26.437572] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.438089] ? __pfx_mempool_kfree+0x10/0x10 [ 26.438476] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 26.439151] kunit_try_run_case+0x1b3/0x490 [ 26.439496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.440358] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.440997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.442525] ? __kthread_parkme+0x82/0x160 [ 26.443185] ? preempt_count_sub+0x50/0x80 [ 26.443854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.444287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.445123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.445799] kthread+0x257/0x310 [ 26.446558] ? __pfx_kthread+0x10/0x10 [ 26.447516] ret_from_fork+0x41/0x80 [ 26.448796] ? __pfx_kthread+0x10/0x10 [ 26.449434] ret_from_fork_asm+0x1a/0x30 [ 26.450070] </TASK> [ 26.450363] [ 26.450546] Allocated by task 243: [ 26.450908] kasan_save_stack+0x3d/0x60 [ 26.452155] kasan_save_track+0x18/0x40 [ 26.452750] kasan_save_alloc_info+0x3b/0x50 [ 26.454107] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.454637] remove_element+0x11e/0x190 [ 26.455105] mempool_alloc_preallocated+0x4d/0x90 [ 26.455477] mempool_double_free_helper+0x8b/0x370 [ 26.456581] mempool_kmalloc_double_free+0xb1/0x100 [ 26.458083] kunit_try_run_case+0x1b3/0x490 [ 26.459247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.460012] kthread+0x257/0x310 [ 26.461182] ret_from_fork+0x41/0x80 [ 26.461866] ret_from_fork_asm+0x1a/0x30 [ 26.462983] [ 26.463177] Freed by task 243: [ 26.464103] kasan_save_stack+0x3d/0x60 [ 26.465004] kasan_save_track+0x18/0x40 [ 26.465289] kasan_save_free_info+0x3f/0x60 [ 26.465806] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.466999] mempool_free+0x2ec/0x380 [ 26.467212] mempool_double_free_helper+0x10a/0x370 [ 26.467430] mempool_kmalloc_double_free+0xb1/0x100 [ 26.467642] kunit_try_run_case+0x1b3/0x490 [ 26.467829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.468314] kthread+0x257/0x310 [ 26.468736] ret_from_fork+0x41/0x80 [ 26.470443] ret_from_fork_asm+0x1a/0x30 [ 26.471195] [ 26.471433] The buggy address belongs to the object at ffff88810292ca00 [ 26.471433] which belongs to the cache kmalloc-128 of size 128 [ 26.472900] The buggy address is located 0 bytes inside of [ 26.472900] 128-byte region [ffff88810292ca00, ffff88810292ca80) [ 26.475526] [ 26.475858] The buggy address belongs to the physical page: [ 26.476902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10292c [ 26.478373] flags: 0x200000000000000(node=0|zone=2) [ 26.478684] page_type: f5(slab) [ 26.479686] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.480844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.481977] page dumped because: kasan: bad access detected [ 26.483434] [ 26.483623] Memory state around the buggy address: [ 26.483978] ffff88810292c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.484963] ffff88810292c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.486487] >ffff88810292ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.487573] ^ [ 26.488411] ffff88810292ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.489594] ffff88810292cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.490232] ==================================================================