Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.058628] ================================================================== [ 33.058706] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.058771] Free of addr fff00000c8dc5000 by task kunit_try_catch/268 [ 33.058815] [ 33.058853] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.058964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.058995] Hardware name: linux,dummy-virt (DT) [ 33.059027] Call trace: [ 33.059053] show_stack+0x20/0x38 (C) [ 33.059105] dump_stack_lvl+0x8c/0xd0 [ 33.059157] print_report+0x118/0x608 [ 33.059207] kasan_report_invalid_free+0xc0/0xe8 [ 33.059259] check_slab_allocation+0xd4/0x108 [ 33.059310] __kasan_mempool_poison_object+0x78/0x150 [ 33.059362] mempool_free+0x28c/0x328 [ 33.059410] mempool_double_free_helper+0x150/0x2e8 [ 33.059462] mempool_kmalloc_double_free+0xc0/0x118 [ 33.059513] kunit_try_run_case+0x170/0x3f0 [ 33.059606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.059680] kthread+0x328/0x630 [ 33.059726] ret_from_fork+0x10/0x20 [ 33.059776] [ 33.059796] Allocated by task 268: [ 33.059828] kasan_save_stack+0x3c/0x68 [ 33.059871] kasan_save_track+0x20/0x40 [ 33.059909] kasan_save_alloc_info+0x40/0x58 [ 33.059957] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.060002] remove_element+0x130/0x1f8 [ 33.060039] mempool_alloc_preallocated+0x58/0xc0 [ 33.060094] mempool_double_free_helper+0x94/0x2e8 [ 33.060135] mempool_kmalloc_double_free+0xc0/0x118 [ 33.060177] kunit_try_run_case+0x170/0x3f0 [ 33.060215] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.060260] kthread+0x328/0x630 [ 33.060292] ret_from_fork+0x10/0x20 [ 33.060329] [ 33.060348] Freed by task 268: [ 33.060374] kasan_save_stack+0x3c/0x68 [ 33.060413] kasan_save_track+0x20/0x40 [ 33.060451] kasan_save_free_info+0x4c/0x78 [ 33.060487] __kasan_mempool_poison_object+0xc0/0x150 [ 33.060530] mempool_free+0x28c/0x328 [ 33.060566] mempool_double_free_helper+0x100/0x2e8 [ 33.060605] mempool_kmalloc_double_free+0xc0/0x118 [ 33.060646] kunit_try_run_case+0x170/0x3f0 [ 33.060684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.060728] kthread+0x328/0x630 [ 33.060760] ret_from_fork+0x10/0x20 [ 33.060797] [ 33.060816] The buggy address belongs to the object at fff00000c8dc5000 [ 33.060816] which belongs to the cache kmalloc-128 of size 128 [ 33.060877] The buggy address is located 0 bytes inside of [ 33.060877] 128-byte region [fff00000c8dc5000, fff00000c8dc5080) [ 33.060947] [ 33.060969] The buggy address belongs to the physical page: [ 33.061003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 33.061060] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.061111] page_type: f5(slab) [ 33.061152] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.061204] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.061245] page dumped because: kasan: bad access detected [ 33.061278] [ 33.061296] Memory state around the buggy address: [ 33.061329] fff00000c8dc4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.061373] fff00000c8dc4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.061415] >fff00000c8dc5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.061455] ^ [ 33.061483] fff00000c8dc5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.061525] fff00000c8dc5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.061565] ================================================================== [ 33.066623] ================================================================== [ 33.066700] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.066783] Free of addr fff00000c8dbc000 by task kunit_try_catch/270 [ 33.066828] [ 33.066878] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.066981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.067010] Hardware name: linux,dummy-virt (DT) [ 33.067062] Call trace: [ 33.067085] show_stack+0x20/0x38 (C) [ 33.067135] dump_stack_lvl+0x8c/0xd0 [ 33.067184] print_report+0x118/0x608 [ 33.067338] kasan_report_invalid_free+0xc0/0xe8 [ 33.067421] __kasan_mempool_poison_object+0x14c/0x150 [ 33.067477] mempool_free+0x28c/0x328 [ 33.067564] mempool_double_free_helper+0x150/0x2e8 [ 33.067680] mempool_kmalloc_large_double_free+0xc0/0x118 [ 33.067762] kunit_try_run_case+0x170/0x3f0 [ 33.067813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.067887] kthread+0x328/0x630 [ 33.067942] ret_from_fork+0x10/0x20 [ 33.067992] [ 33.068012] The buggy address belongs to the physical page: [ 33.068044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbc [ 33.068099] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.068291] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.068379] page_type: f8(unknown) [ 33.068453] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.068530] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.068641] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.068709] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.068772] head: 0bfffe0000000002 ffffc1ffc3236f01 00000000ffffffff 00000000ffffffff [ 33.068915] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.069083] page dumped because: kasan: bad access detected [ 33.069192] [ 33.069261] Memory state around the buggy address: [ 33.069320] fff00000c8dbbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069364] fff00000c8dbbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069503] >fff00000c8dbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069631] ^ [ 33.069663] fff00000c8dbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069774] fff00000c8dbc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069870] ================================================================== [ 33.074041] ================================================================== [ 33.074106] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.074187] Free of addr fff00000c8dbc000 by task kunit_try_catch/272 [ 33.074232] [ 33.074265] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.074357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.074384] Hardware name: linux,dummy-virt (DT) [ 33.074415] Call trace: [ 33.074437] show_stack+0x20/0x38 (C) [ 33.074609] dump_stack_lvl+0x8c/0xd0 [ 33.074671] print_report+0x118/0x608 [ 33.074750] kasan_report_invalid_free+0xc0/0xe8 [ 33.074829] __kasan_mempool_poison_pages+0xe0/0xe8 [ 33.074883] mempool_free+0x24c/0x328 [ 33.074943] mempool_double_free_helper+0x150/0x2e8 [ 33.074994] mempool_page_alloc_double_free+0xbc/0x118 [ 33.075202] kunit_try_run_case+0x170/0x3f0 [ 33.075270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.075348] kthread+0x328/0x630 [ 33.075403] ret_from_fork+0x10/0x20 [ 33.075460] [ 33.075481] The buggy address belongs to the physical page: [ 33.075513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbc [ 33.075642] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.075706] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.075757] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.075798] page dumped because: kasan: bad access detected [ 33.075828] [ 33.075847] Memory state around the buggy address: [ 33.075892] fff00000c8dbbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.075981] fff00000c8dbbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076026] >fff00000c8dbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076065] ^ [ 33.076094] fff00000c8dbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076136] fff00000c8dbc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076257] ==================================================================
[ 34.876826] ================================================================== [ 34.876889] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 34.876965] Free of addr fff00000c9af4000 by task kunit_try_catch/270 [ 34.877068] [ 34.877104] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.877408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.877503] Hardware name: linux,dummy-virt (DT) [ 34.877561] Call trace: [ 34.877600] show_stack+0x20/0x38 (C) [ 34.877712] dump_stack_lvl+0x8c/0xd0 [ 34.877787] print_report+0x118/0x608 [ 34.877850] kasan_report_invalid_free+0xc0/0xe8 [ 34.878046] __kasan_mempool_poison_pages+0xe0/0xe8 [ 34.878114] mempool_free+0x24c/0x328 [ 34.878206] mempool_double_free_helper+0x150/0x2e8 [ 34.878304] mempool_page_alloc_double_free+0xbc/0x118 [ 34.878359] kunit_try_run_case+0x170/0x3f0 [ 34.878426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.878521] kthread+0x328/0x630 [ 34.878566] ret_from_fork+0x10/0x20 [ 34.878634] [ 34.878671] The buggy address belongs to the physical page: [ 34.878704] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109af4 [ 34.878767] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.878962] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 34.879086] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.879130] page dumped because: kasan: bad access detected [ 34.879239] [ 34.879270] Memory state around the buggy address: [ 34.879305] fff00000c9af3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879365] fff00000c9af3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879416] >fff00000c9af4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879649] ^ [ 34.879788] fff00000c9af4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879867] fff00000c9af4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879981] ================================================================== [ 34.863470] ================================================================== [ 34.863549] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 34.863885] Free of addr fff00000c9af4000 by task kunit_try_catch/268 [ 34.863963] [ 34.864182] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.864295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.864474] Hardware name: linux,dummy-virt (DT) [ 34.864517] Call trace: [ 34.864540] show_stack+0x20/0x38 (C) [ 34.864712] dump_stack_lvl+0x8c/0xd0 [ 34.864919] print_report+0x118/0x608 [ 34.865030] kasan_report_invalid_free+0xc0/0xe8 [ 34.865109] __kasan_mempool_poison_object+0x14c/0x150 [ 34.865280] mempool_free+0x28c/0x328 [ 34.865366] mempool_double_free_helper+0x150/0x2e8 [ 34.865570] mempool_kmalloc_large_double_free+0xc0/0x118 [ 34.865647] kunit_try_run_case+0x170/0x3f0 [ 34.865953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.866043] kthread+0x328/0x630 [ 34.866131] ret_from_fork+0x10/0x20 [ 34.866290] [ 34.866313] The buggy address belongs to the physical page: [ 34.866363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109af4 [ 34.866800] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.866878] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.866977] page_type: f8(unknown) [ 34.867148] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.867242] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.867453] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.867598] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.867707] head: 0bfffe0000000002 ffffc1ffc326bd01 00000000ffffffff 00000000ffffffff [ 34.867800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.867860] page dumped because: kasan: bad access detected [ 34.867927] [ 34.868038] Memory state around the buggy address: [ 34.868096] fff00000c9af3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868170] fff00000c9af3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868222] >fff00000c9af4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868552] ^ [ 34.868849] fff00000c9af4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868954] fff00000c9af4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.869034] ================================================================== [ 34.846738] ================================================================== [ 34.847015] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 34.847191] Free of addr fff00000c8dbd800 by task kunit_try_catch/266 [ 34.847259] [ 34.847295] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.847546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.847736] Hardware name: linux,dummy-virt (DT) [ 34.847816] Call trace: [ 34.847851] show_stack+0x20/0x38 (C) [ 34.847921] dump_stack_lvl+0x8c/0xd0 [ 34.848027] print_report+0x118/0x608 [ 34.848076] kasan_report_invalid_free+0xc0/0xe8 [ 34.848126] check_slab_allocation+0xd4/0x108 [ 34.848188] __kasan_mempool_poison_object+0x78/0x150 [ 34.848240] mempool_free+0x28c/0x328 [ 34.848296] mempool_double_free_helper+0x150/0x2e8 [ 34.848355] mempool_kmalloc_double_free+0xc0/0x118 [ 34.848423] kunit_try_run_case+0x170/0x3f0 [ 34.848474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.848688] kthread+0x328/0x630 [ 34.848891] ret_from_fork+0x10/0x20 [ 34.848973] [ 34.849078] Allocated by task 266: [ 34.849136] kasan_save_stack+0x3c/0x68 [ 34.849278] kasan_save_track+0x20/0x40 [ 34.849337] kasan_save_alloc_info+0x40/0x58 [ 34.849404] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.849488] remove_element+0x130/0x1f8 [ 34.849706] mempool_alloc_preallocated+0x58/0xc0 [ 34.849808] mempool_double_free_helper+0x94/0x2e8 [ 34.849961] mempool_kmalloc_double_free+0xc0/0x118 [ 34.850020] kunit_try_run_case+0x170/0x3f0 [ 34.850175] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.850263] kthread+0x328/0x630 [ 34.850388] ret_from_fork+0x10/0x20 [ 34.850455] [ 34.850480] Freed by task 266: [ 34.850520] kasan_save_stack+0x3c/0x68 [ 34.850758] kasan_save_track+0x20/0x40 [ 34.850805] kasan_save_free_info+0x4c/0x78 [ 34.850848] __kasan_mempool_poison_object+0xc0/0x150 [ 34.851017] mempool_free+0x28c/0x328 [ 34.851136] mempool_double_free_helper+0x100/0x2e8 [ 34.851232] mempool_kmalloc_double_free+0xc0/0x118 [ 34.851366] kunit_try_run_case+0x170/0x3f0 [ 34.851473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.851627] kthread+0x328/0x630 [ 34.851684] ret_from_fork+0x10/0x20 [ 34.851732] [ 34.851879] The buggy address belongs to the object at fff00000c8dbd800 [ 34.851879] which belongs to the cache kmalloc-128 of size 128 [ 34.851996] The buggy address is located 0 bytes inside of [ 34.851996] 128-byte region [fff00000c8dbd800, fff00000c8dbd880) [ 34.852179] [ 34.852204] The buggy address belongs to the physical page: [ 34.852236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd [ 34.852296] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.852346] page_type: f5(slab) [ 34.852386] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.852437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.852478] page dumped because: kasan: bad access detected [ 34.852508] [ 34.852527] Memory state around the buggy address: [ 34.852559] fff00000c8dbd700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.852602] fff00000c8dbd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.852645] >fff00000c8dbd800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.852683] ^ [ 34.852712] fff00000c8dbd880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.852752] fff00000c8dbd900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.852792] ==================================================================
[ 24.976391] ================================================================== [ 24.976908] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.977717] Free of addr ffff88810255ea00 by task kunit_try_catch/284 [ 24.978001] [ 24.978349] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.978412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.978448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.978473] Call Trace: [ 24.978487] <TASK> [ 24.978509] dump_stack_lvl+0x73/0xb0 [ 24.978544] print_report+0xd1/0x650 [ 24.978568] ? __virt_addr_valid+0x1db/0x2d0 [ 24.978594] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.978621] ? mempool_double_free_helper+0x184/0x370 [ 24.978646] kasan_report_invalid_free+0x10a/0x130 [ 24.978671] ? mempool_double_free_helper+0x184/0x370 [ 24.978696] ? mempool_double_free_helper+0x184/0x370 [ 24.978719] ? mempool_double_free_helper+0x184/0x370 [ 24.978743] check_slab_allocation+0x101/0x130 [ 24.978766] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.978791] mempool_free+0x2ec/0x380 [ 24.978819] mempool_double_free_helper+0x184/0x370 [ 24.978844] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.978868] ? update_curr+0x5c1/0x810 [ 24.978899] mempool_kmalloc_double_free+0xed/0x140 [ 24.978922] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 24.978961] ? schedule+0x7c/0x2e0 [ 24.978983] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.979006] ? __pfx_mempool_kfree+0x10/0x10 [ 24.979032] ? __pfx_read_tsc+0x10/0x10 [ 24.979054] ? ktime_get_ts64+0x86/0x230 [ 24.979091] kunit_try_run_case+0x1a5/0x480 [ 24.979120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.979145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.979167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.979281] ? __kthread_parkme+0x82/0x180 [ 24.979309] ? preempt_count_sub+0x50/0x80 [ 24.979332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.979357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.979384] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.979408] kthread+0x337/0x6f0 [ 24.979428] ? trace_preempt_on+0x20/0xc0 [ 24.979453] ? __pfx_kthread+0x10/0x10 [ 24.979474] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.979499] ? calculate_sigpending+0x7b/0xa0 [ 24.979524] ? __pfx_kthread+0x10/0x10 [ 24.979546] ret_from_fork+0x116/0x1d0 [ 24.979565] ? __pfx_kthread+0x10/0x10 [ 24.979587] ret_from_fork_asm+0x1a/0x30 [ 24.979618] </TASK> [ 24.979632] [ 24.990306] Allocated by task 284: [ 24.990629] kasan_save_stack+0x45/0x70 [ 24.990890] kasan_save_track+0x18/0x40 [ 24.991112] kasan_save_alloc_info+0x3b/0x50 [ 24.991364] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.991702] remove_element+0x11e/0x190 [ 24.991882] mempool_alloc_preallocated+0x4d/0x90 [ 24.992042] mempool_double_free_helper+0x8a/0x370 [ 24.992234] mempool_kmalloc_double_free+0xed/0x140 [ 24.992456] kunit_try_run_case+0x1a5/0x480 [ 24.993088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.993451] kthread+0x337/0x6f0 [ 24.993574] ret_from_fork+0x116/0x1d0 [ 24.993698] ret_from_fork_asm+0x1a/0x30 [ 24.993858] [ 24.994021] Freed by task 284: [ 24.994190] kasan_save_stack+0x45/0x70 [ 24.994404] kasan_save_track+0x18/0x40 [ 24.994673] kasan_save_free_info+0x3f/0x60 [ 24.994857] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.995164] mempool_free+0x2ec/0x380 [ 24.995409] mempool_double_free_helper+0x109/0x370 [ 24.995628] mempool_kmalloc_double_free+0xed/0x140 [ 24.995876] kunit_try_run_case+0x1a5/0x480 [ 24.996083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.996549] kthread+0x337/0x6f0 [ 24.996741] ret_from_fork+0x116/0x1d0 [ 24.996928] ret_from_fork_asm+0x1a/0x30 [ 24.997131] [ 24.997201] The buggy address belongs to the object at ffff88810255ea00 [ 24.997201] which belongs to the cache kmalloc-128 of size 128 [ 24.997892] The buggy address is located 0 bytes inside of [ 24.997892] 128-byte region [ffff88810255ea00, ffff88810255ea80) [ 24.998453] [ 24.998581] The buggy address belongs to the physical page: [ 24.998784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 24.999290] flags: 0x200000000000000(node=0|zone=2) [ 24.999518] page_type: f5(slab) [ 24.999682] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.000055] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.000393] page dumped because: kasan: bad access detected [ 25.000897] [ 25.000998] Memory state around the buggy address: [ 25.001234] ffff88810255e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.001781] ffff88810255e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.002115] >ffff88810255ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.002680] ^ [ 25.002944] ffff88810255ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.003352] ffff88810255eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.003639] ================================================================== [ 25.031183] ================================================================== [ 25.032501] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.033116] Free of addr ffff8881060cc000 by task kunit_try_catch/288 [ 25.033632] [ 25.033836] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.033895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.033910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.033952] Call Trace: [ 25.033970] <TASK> [ 25.034003] dump_stack_lvl+0x73/0xb0 [ 25.034037] print_report+0xd1/0x650 [ 25.034070] ? __virt_addr_valid+0x1db/0x2d0 [ 25.034095] ? kasan_addr_to_slab+0x11/0xa0 [ 25.034115] ? mempool_double_free_helper+0x184/0x370 [ 25.034140] kasan_report_invalid_free+0x10a/0x130 [ 25.034163] ? mempool_double_free_helper+0x184/0x370 [ 25.034210] ? mempool_double_free_helper+0x184/0x370 [ 25.034233] __kasan_mempool_poison_pages+0x115/0x130 [ 25.034257] mempool_free+0x290/0x380 [ 25.034285] mempool_double_free_helper+0x184/0x370 [ 25.034308] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.034330] ? update_load_avg+0x1be/0x21b0 [ 25.034357] ? finish_task_switch.isra.0+0x153/0x700 [ 25.034383] mempool_page_alloc_double_free+0xe8/0x140 [ 25.034406] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.034434] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.034457] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.034481] ? __pfx_read_tsc+0x10/0x10 [ 25.034504] ? ktime_get_ts64+0x86/0x230 [ 25.034528] kunit_try_run_case+0x1a5/0x480 [ 25.034555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034578] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.034600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.034623] ? __kthread_parkme+0x82/0x180 [ 25.034643] ? preempt_count_sub+0x50/0x80 [ 25.034666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.034714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.034738] kthread+0x337/0x6f0 [ 25.034758] ? trace_preempt_on+0x20/0xc0 [ 25.034782] ? __pfx_kthread+0x10/0x10 [ 25.034802] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.034826] ? calculate_sigpending+0x7b/0xa0 [ 25.034851] ? __pfx_kthread+0x10/0x10 [ 25.034872] ret_from_fork+0x116/0x1d0 [ 25.034892] ? __pfx_kthread+0x10/0x10 [ 25.034912] ret_from_fork_asm+0x1a/0x30 [ 25.034960] </TASK> [ 25.034973] [ 25.048608] The buggy address belongs to the physical page: [ 25.048966] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060cc [ 25.049223] flags: 0x200000000000000(node=0|zone=2) [ 25.049575] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.049812] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.050477] page dumped because: kasan: bad access detected [ 25.051058] [ 25.051219] Memory state around the buggy address: [ 25.051693] ffff8881060cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.052389] ffff8881060cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.052754] >ffff8881060cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.053024] ^ [ 25.053329] ffff8881060cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.054040] ffff8881060cc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.054947] ================================================================== [ 25.008743] ================================================================== [ 25.009700] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.010125] Free of addr ffff8881060cc000 by task kunit_try_catch/286 [ 25.010384] [ 25.010862] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.010943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.010958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.010997] Call Trace: [ 25.011015] <TASK> [ 25.011038] dump_stack_lvl+0x73/0xb0 [ 25.011108] print_report+0xd1/0x650 [ 25.011143] ? __virt_addr_valid+0x1db/0x2d0 [ 25.011171] ? kasan_addr_to_slab+0x11/0xa0 [ 25.011487] ? mempool_double_free_helper+0x184/0x370 [ 25.011517] kasan_report_invalid_free+0x10a/0x130 [ 25.011542] ? mempool_double_free_helper+0x184/0x370 [ 25.011569] ? mempool_double_free_helper+0x184/0x370 [ 25.011592] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 25.011617] mempool_free+0x2ec/0x380 [ 25.011647] mempool_double_free_helper+0x184/0x370 [ 25.011671] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.011694] ? update_load_avg+0x1be/0x21b0 [ 25.011723] ? finish_task_switch.isra.0+0x153/0x700 [ 25.011749] mempool_kmalloc_large_double_free+0xed/0x140 [ 25.011774] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 25.011802] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.011824] ? __pfx_mempool_kfree+0x10/0x10 [ 25.011850] ? __pfx_read_tsc+0x10/0x10 [ 25.011875] ? ktime_get_ts64+0x86/0x230 [ 25.011902] kunit_try_run_case+0x1a5/0x480 [ 25.011942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.011967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.011991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.012014] ? __kthread_parkme+0x82/0x180 [ 25.012036] ? preempt_count_sub+0x50/0x80 [ 25.012075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.012101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.012125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.012149] kthread+0x337/0x6f0 [ 25.012169] ? trace_preempt_on+0x20/0xc0 [ 25.012248] ? __pfx_kthread+0x10/0x10 [ 25.012271] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.012296] ? calculate_sigpending+0x7b/0xa0 [ 25.012322] ? __pfx_kthread+0x10/0x10 [ 25.012344] ret_from_fork+0x116/0x1d0 [ 25.012364] ? __pfx_kthread+0x10/0x10 [ 25.012385] ret_from_fork_asm+0x1a/0x30 [ 25.012417] </TASK> [ 25.012430] [ 25.020877] The buggy address belongs to the physical page: [ 25.021071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060cc [ 25.021450] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.021789] flags: 0x200000000000040(head|node=0|zone=2) [ 25.022500] page_type: f8(unknown) [ 25.022695] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.022960] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.023431] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.023762] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.024396] head: 0200000000000002 ffffea0004183301 00000000ffffffff 00000000ffffffff [ 25.024732] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.025091] page dumped because: kasan: bad access detected [ 25.025443] [ 25.025537] Memory state around the buggy address: [ 25.025769] ffff8881060cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.026098] ffff8881060cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.026425] >ffff8881060cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.026730] ^ [ 25.026890] ffff8881060cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.027236] ffff8881060cc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.027432] ==================================================================
[ 24.764836] ================================================================== [ 24.765841] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.766610] Free of addr ffff8881060dc000 by task kunit_try_catch/285 [ 24.767097] [ 24.767450] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.767511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.767525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.767548] Call Trace: [ 24.767561] <TASK> [ 24.767582] dump_stack_lvl+0x73/0xb0 [ 24.767616] print_report+0xd1/0x650 [ 24.767640] ? __virt_addr_valid+0x1db/0x2d0 [ 24.767666] ? kasan_addr_to_slab+0x11/0xa0 [ 24.767686] ? mempool_double_free_helper+0x184/0x370 [ 24.767711] kasan_report_invalid_free+0x10a/0x130 [ 24.767808] ? mempool_double_free_helper+0x184/0x370 [ 24.767836] ? mempool_double_free_helper+0x184/0x370 [ 24.767858] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 24.767883] mempool_free+0x2ec/0x380 [ 24.767909] mempool_double_free_helper+0x184/0x370 [ 24.767932] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.767957] ? __kasan_check_write+0x18/0x20 [ 24.767981] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.768003] ? finish_task_switch.isra.0+0x153/0x700 [ 24.768030] mempool_kmalloc_large_double_free+0xed/0x140 [ 24.768054] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 24.768081] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.768104] ? __pfx_mempool_kfree+0x10/0x10 [ 24.768128] ? __pfx_read_tsc+0x10/0x10 [ 24.768150] ? ktime_get_ts64+0x86/0x230 [ 24.768174] kunit_try_run_case+0x1a5/0x480 [ 24.768201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.768223] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.768247] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.768269] ? __kthread_parkme+0x82/0x180 [ 24.768290] ? preempt_count_sub+0x50/0x80 [ 24.768324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.768349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.768374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.768398] kthread+0x337/0x6f0 [ 24.768419] ? trace_preempt_on+0x20/0xc0 [ 24.768442] ? __pfx_kthread+0x10/0x10 [ 24.768463] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.768497] ? calculate_sigpending+0x7b/0xa0 [ 24.768521] ? __pfx_kthread+0x10/0x10 [ 24.768543] ret_from_fork+0x116/0x1d0 [ 24.768561] ? __pfx_kthread+0x10/0x10 [ 24.768582] ret_from_fork_asm+0x1a/0x30 [ 24.768613] </TASK> [ 24.768626] [ 24.781944] The buggy address belongs to the physical page: [ 24.782161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.782493] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.783100] flags: 0x200000000000040(head|node=0|zone=2) [ 24.783452] page_type: f8(unknown) [ 24.783884] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.784333] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.784931] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.785392] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.785904] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.786210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.786687] page dumped because: kasan: bad access detected [ 24.787052] [ 24.787171] Memory state around the buggy address: [ 24.787412] ffff8881060dbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788027] ffff8881060dbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788452] >ffff8881060dc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788897] ^ [ 24.789040] ffff8881060dc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.789725] ffff8881060dc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.790043] ================================================================== [ 24.795296] ================================================================== [ 24.795734] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.795976] Free of addr ffff8881060dc000 by task kunit_try_catch/287 [ 24.796171] [ 24.796256] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.796321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.796334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.796356] Call Trace: [ 24.796370] <TASK> [ 24.796389] dump_stack_lvl+0x73/0xb0 [ 24.796418] print_report+0xd1/0x650 [ 24.796441] ? __virt_addr_valid+0x1db/0x2d0 [ 24.796467] ? kasan_addr_to_slab+0x11/0xa0 [ 24.796486] ? mempool_double_free_helper+0x184/0x370 [ 24.796510] kasan_report_invalid_free+0x10a/0x130 [ 24.796533] ? mempool_double_free_helper+0x184/0x370 [ 24.796558] ? mempool_double_free_helper+0x184/0x370 [ 24.796580] __kasan_mempool_poison_pages+0x115/0x130 [ 24.796605] mempool_free+0x290/0x380 [ 24.796631] mempool_double_free_helper+0x184/0x370 [ 24.796655] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.796681] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.796704] ? finish_task_switch.isra.0+0x153/0x700 [ 24.796730] mempool_page_alloc_double_free+0xe8/0x140 [ 24.797228] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 24.797258] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 24.797283] ? __pfx_mempool_free_pages+0x10/0x10 [ 24.797321] ? __pfx_read_tsc+0x10/0x10 [ 24.797345] ? ktime_get_ts64+0x86/0x230 [ 24.797370] kunit_try_run_case+0x1a5/0x480 [ 24.797396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.797421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.797443] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.797464] ? __kthread_parkme+0x82/0x180 [ 24.797486] ? preempt_count_sub+0x50/0x80 [ 24.797521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.797546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.797571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.797595] kthread+0x337/0x6f0 [ 24.797614] ? trace_preempt_on+0x20/0xc0 [ 24.797638] ? __pfx_kthread+0x10/0x10 [ 24.797659] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.797690] ? calculate_sigpending+0x7b/0xa0 [ 24.797714] ? __pfx_kthread+0x10/0x10 [ 24.797735] ret_from_fork+0x116/0x1d0 [ 24.797759] ? __pfx_kthread+0x10/0x10 [ 24.797779] ret_from_fork_asm+0x1a/0x30 [ 24.797811] </TASK> [ 24.797824] [ 24.808147] The buggy address belongs to the physical page: [ 24.808400] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.809205] flags: 0x200000000000000(node=0|zone=2) [ 24.809503] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 24.809972] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.810205] page dumped because: kasan: bad access detected [ 24.810385] [ 24.810488] Memory state around the buggy address: [ 24.810796] ffff8881060dbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.811234] ffff8881060dbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.811545] >ffff8881060dc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.811918] ^ [ 24.812063] ffff8881060dc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.812419] ffff8881060dc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.812739] ================================================================== [ 24.725973] ================================================================== [ 24.727098] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.727830] Free of addr ffff888105898700 by task kunit_try_catch/283 [ 24.728515] [ 24.728705] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.728774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.728788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.728820] Call Trace: [ 24.728833] <TASK> [ 24.728853] dump_stack_lvl+0x73/0xb0 [ 24.729037] print_report+0xd1/0x650 [ 24.729065] ? __virt_addr_valid+0x1db/0x2d0 [ 24.729091] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.729116] ? mempool_double_free_helper+0x184/0x370 [ 24.729141] kasan_report_invalid_free+0x10a/0x130 [ 24.729165] ? mempool_double_free_helper+0x184/0x370 [ 24.729190] ? mempool_double_free_helper+0x184/0x370 [ 24.729212] ? mempool_double_free_helper+0x184/0x370 [ 24.729235] check_slab_allocation+0x101/0x130 [ 24.729257] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.729280] mempool_free+0x2ec/0x380 [ 24.729322] mempool_double_free_helper+0x184/0x370 [ 24.729348] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.729375] ? finish_task_switch.isra.0+0x153/0x700 [ 24.729401] mempool_kmalloc_double_free+0xed/0x140 [ 24.729424] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 24.729450] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.729472] ? __pfx_mempool_kfree+0x10/0x10 [ 24.729536] ? __pfx_read_tsc+0x10/0x10 [ 24.729560] ? ktime_get_ts64+0x86/0x230 [ 24.729586] kunit_try_run_case+0x1a5/0x480 [ 24.729613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729636] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.729657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.729746] ? __kthread_parkme+0x82/0x180 [ 24.729769] ? preempt_count_sub+0x50/0x80 [ 24.729792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.729842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.729866] kthread+0x337/0x6f0 [ 24.729886] ? trace_preempt_on+0x20/0xc0 [ 24.729910] ? __pfx_kthread+0x10/0x10 [ 24.729930] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.729954] ? calculate_sigpending+0x7b/0xa0 [ 24.729977] ? __pfx_kthread+0x10/0x10 [ 24.729999] ret_from_fork+0x116/0x1d0 [ 24.730017] ? __pfx_kthread+0x10/0x10 [ 24.730039] ret_from_fork_asm+0x1a/0x30 [ 24.730070] </TASK> [ 24.730083] [ 24.742277] Allocated by task 283: [ 24.742481] kasan_save_stack+0x45/0x70 [ 24.742670] kasan_save_track+0x18/0x40 [ 24.742961] kasan_save_alloc_info+0x3b/0x50 [ 24.743108] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.743276] remove_element+0x11e/0x190 [ 24.743420] mempool_alloc_preallocated+0x4d/0x90 [ 24.743859] mempool_double_free_helper+0x8a/0x370 [ 24.744148] mempool_kmalloc_double_free+0xed/0x140 [ 24.744391] kunit_try_run_case+0x1a5/0x480 [ 24.744600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.744849] kthread+0x337/0x6f0 [ 24.745051] ret_from_fork+0x116/0x1d0 [ 24.745822] ret_from_fork_asm+0x1a/0x30 [ 24.746022] [ 24.746090] Freed by task 283: [ 24.746299] kasan_save_stack+0x45/0x70 [ 24.746538] kasan_save_track+0x18/0x40 [ 24.747138] kasan_save_free_info+0x3f/0x60 [ 24.747368] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.747865] mempool_free+0x2ec/0x380 [ 24.748175] mempool_double_free_helper+0x109/0x370 [ 24.748520] mempool_kmalloc_double_free+0xed/0x140 [ 24.748908] kunit_try_run_case+0x1a5/0x480 [ 24.749135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.749791] kthread+0x337/0x6f0 [ 24.750142] ret_from_fork+0x116/0x1d0 [ 24.750355] ret_from_fork_asm+0x1a/0x30 [ 24.750778] [ 24.750876] The buggy address belongs to the object at ffff888105898700 [ 24.750876] which belongs to the cache kmalloc-128 of size 128 [ 24.751530] The buggy address is located 0 bytes inside of [ 24.751530] 128-byte region [ffff888105898700, ffff888105898780) [ 24.752299] [ 24.752644] The buggy address belongs to the physical page: [ 24.753685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 24.754294] flags: 0x200000000000000(node=0|zone=2) [ 24.754483] page_type: f5(slab) [ 24.754913] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.755804] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.756254] page dumped because: kasan: bad access detected [ 24.756436] [ 24.756525] Memory state around the buggy address: [ 24.757195] ffff888105898600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.758085] ffff888105898680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.758616] >ffff888105898700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.759174] ^ [ 24.759499] ffff888105898780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.760119] ffff888105898800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.761011] ==================================================================