Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 35.904841] ================================================================== [ 35.914354] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 35.921469] Free of addr ffff000803260000 by task kunit_try_catch/286 [ 35.927891] [ 35.929379] CPU: 6 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 35.929433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.929450] Hardware name: WinLink E850-96 board (DT) [ 35.929471] Call trace: [ 35.929484] show_stack+0x20/0x38 (C) [ 35.929522] dump_stack_lvl+0x8c/0xd0 [ 35.929560] print_report+0x118/0x608 [ 35.929590] kasan_report_invalid_free+0xc0/0xe8 [ 35.929621] __kasan_mempool_poison_object+0x14c/0x150 [ 35.929657] mempool_free+0x28c/0x328 [ 35.929692] mempool_double_free_helper+0x150/0x2e8 [ 35.929729] mempool_kmalloc_large_double_free+0xc0/0x118 [ 35.929765] kunit_try_run_case+0x170/0x3f0 [ 35.929800] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.929839] kthread+0x328/0x630 [ 35.929872] ret_from_fork+0x10/0x20 [ 35.929908] [ 36.003328] The buggy address belongs to the physical page: [ 36.008884] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883260 [ 36.016867] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.024507] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.031448] page_type: f8(unknown) [ 36.034849] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.042566] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.050292] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.058103] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 36.065917] head: 0bfffe0000000002 fffffdffe00c9801 00000000ffffffff 00000000ffffffff [ 36.073729] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 36.081536] page dumped because: kasan: bad access detected [ 36.087089] [ 36.088565] Memory state around the buggy address: [ 36.093346] ffff00080325ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.100550] ffff00080325ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.107757] >ffff000803260000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.114954] ^ [ 36.118169] ffff000803260080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.125374] ffff000803260100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.132577] ================================================================== [ 35.530633] ================================================================== [ 35.540314] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 35.547429] Free of addr ffff000802678600 by task kunit_try_catch/284 [ 35.553852] [ 35.555339] CPU: 7 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 35.555393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.555410] Hardware name: WinLink E850-96 board (DT) [ 35.555430] Call trace: [ 35.555442] show_stack+0x20/0x38 (C) [ 35.555475] dump_stack_lvl+0x8c/0xd0 [ 35.555512] print_report+0x118/0x608 [ 35.555544] kasan_report_invalid_free+0xc0/0xe8 [ 35.555579] check_slab_allocation+0xd4/0x108 [ 35.555611] __kasan_mempool_poison_object+0x78/0x150 [ 35.555642] mempool_free+0x28c/0x328 [ 35.555678] mempool_double_free_helper+0x150/0x2e8 [ 35.555713] mempool_kmalloc_double_free+0xc0/0x118 [ 35.555747] kunit_try_run_case+0x170/0x3f0 [ 35.555784] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.555823] kthread+0x328/0x630 [ 35.555858] ret_from_fork+0x10/0x20 [ 35.555894] [ 35.633017] Allocated by task 284: [ 35.636406] kasan_save_stack+0x3c/0x68 [ 35.640221] kasan_save_track+0x20/0x40 [ 35.644042] kasan_save_alloc_info+0x40/0x58 [ 35.648294] __kasan_mempool_unpoison_object+0x11c/0x180 [ 35.653589] remove_element+0x130/0x1f8 [ 35.657409] mempool_alloc_preallocated+0x58/0xc0 [ 35.662098] mempool_double_free_helper+0x94/0x2e8 [ 35.666870] mempool_kmalloc_double_free+0xc0/0x118 [ 35.671732] kunit_try_run_case+0x170/0x3f0 [ 35.675898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.681367] kthread+0x328/0x630 [ 35.684578] ret_from_fork+0x10/0x20 [ 35.688137] [ 35.689614] Freed by task 284: [ 35.692651] kasan_save_stack+0x3c/0x68 [ 35.696471] kasan_save_track+0x20/0x40 [ 35.700291] kasan_save_free_info+0x4c/0x78 [ 35.704457] __kasan_mempool_poison_object+0xc0/0x150 [ 35.709491] mempool_free+0x28c/0x328 [ 35.713137] mempool_double_free_helper+0x100/0x2e8 [ 35.717998] mempool_kmalloc_double_free+0xc0/0x118 [ 35.722859] kunit_try_run_case+0x170/0x3f0 [ 35.727026] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.732494] kthread+0x328/0x630 [ 35.735708] ret_from_fork+0x10/0x20 [ 35.739265] [ 35.740743] The buggy address belongs to the object at ffff000802678600 [ 35.740743] which belongs to the cache kmalloc-128 of size 128 [ 35.753244] The buggy address is located 0 bytes inside of [ 35.753244] 128-byte region [ffff000802678600, ffff000802678680) [ 35.764785] [ 35.766265] The buggy address belongs to the physical page: [ 35.771821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882678 [ 35.779806] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.787444] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 35.794387] page_type: f5(slab) [ 35.797525] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 35.805243] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.812969] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 35.820783] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.828594] head: 0bfffe0000000001 fffffdffe0099e01 00000000ffffffff 00000000ffffffff [ 35.836406] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 35.844214] page dumped because: kasan: bad access detected [ 35.849767] [ 35.851242] Memory state around the buggy address: [ 35.856025] ffff000802678500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.863228] ffff000802678580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.870435] >ffff000802678600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.877631] ^ [ 35.880847] ffff000802678680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.888051] ffff000802678700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.895254] ================================================================== [ 36.141606] ================================================================== [ 36.152196] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 36.159314] Free of addr ffff000803260000 by task kunit_try_catch/288 [ 36.165735] [ 36.167222] CPU: 6 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 36.167273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.167292] Hardware name: WinLink E850-96 board (DT) [ 36.167317] Call trace: [ 36.167329] show_stack+0x20/0x38 (C) [ 36.167366] dump_stack_lvl+0x8c/0xd0 [ 36.167406] print_report+0x118/0x608 [ 36.167436] kasan_report_invalid_free+0xc0/0xe8 [ 36.167469] __kasan_mempool_poison_pages+0xe0/0xe8 [ 36.167502] mempool_free+0x24c/0x328 [ 36.167537] mempool_double_free_helper+0x150/0x2e8 [ 36.167577] mempool_page_alloc_double_free+0xbc/0x118 [ 36.167608] kunit_try_run_case+0x170/0x3f0 [ 36.167648] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.167686] kthread+0x328/0x630 [ 36.167719] ret_from_fork+0x10/0x20 [ 36.167757] [ 36.240650] The buggy address belongs to the physical page: [ 36.246205] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883260 [ 36.254190] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.260713] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 36.268431] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 36.276152] page dumped because: kasan: bad access detected [ 36.281705] [ 36.283180] Memory state around the buggy address: [ 36.287963] ffff00080325ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.295165] ffff00080325ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.302371] >ffff000803260000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.309569] ^ [ 36.312785] ffff000803260080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.319989] ffff000803260100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.327192] ==================================================================
[ 17.689942] ================================================================== [ 17.690224] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 17.690297] Free of addr fff00000c7968000 by task kunit_try_catch/242 [ 17.690479] [ 17.690523] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 17.690604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.690675] Hardware name: linux,dummy-virt (DT) [ 17.690708] Call trace: [ 17.690730] show_stack+0x20/0x38 (C) [ 17.690781] dump_stack_lvl+0x8c/0xd0 [ 17.690828] print_report+0x118/0x608 [ 17.690883] kasan_report_invalid_free+0xc0/0xe8 [ 17.690933] __kasan_mempool_poison_object+0x14c/0x150 [ 17.690983] mempool_free+0x28c/0x328 [ 17.691029] mempool_double_free_helper+0x150/0x2e8 [ 17.691079] mempool_kmalloc_large_double_free+0xc0/0x118 [ 17.691130] kunit_try_run_case+0x170/0x3f0 [ 17.691177] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.691229] kthread+0x328/0x630 [ 17.691273] ret_from_fork+0x10/0x20 [ 17.691319] [ 17.691339] The buggy address belongs to the physical page: [ 17.691371] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107968 [ 17.691429] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.691487] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.691537] page_type: f8(unknown) [ 17.691575] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.691624] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.691683] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.691732] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.691781] head: 0bfffe0000000002 ffffc1ffc31e5a01 00000000ffffffff 00000000ffffffff [ 17.691839] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.691881] page dumped because: kasan: bad access detected [ 17.691911] [ 17.691929] Memory state around the buggy address: [ 17.691971] fff00000c7967f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.692213] fff00000c7967f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.692265] >fff00000c7968000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.693161] ^ [ 17.693342] fff00000c7968080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.693625] fff00000c7968100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.693751] ================================================================== [ 17.705542] ================================================================== [ 17.705599] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 17.705670] Free of addr fff00000c7968000 by task kunit_try_catch/244 [ 17.705709] [ 17.705751] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 17.705843] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.705881] Hardware name: linux,dummy-virt (DT) [ 17.705919] Call trace: [ 17.705941] show_stack+0x20/0x38 (C) [ 17.705993] dump_stack_lvl+0x8c/0xd0 [ 17.706039] print_report+0x118/0x608 [ 17.706083] kasan_report_invalid_free+0xc0/0xe8 [ 17.706129] __kasan_mempool_poison_pages+0xe0/0xe8 [ 17.706187] mempool_free+0x24c/0x328 [ 17.706239] mempool_double_free_helper+0x150/0x2e8 [ 17.706299] mempool_page_alloc_double_free+0xbc/0x118 [ 17.706355] kunit_try_run_case+0x170/0x3f0 [ 17.706412] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.706466] kthread+0x328/0x630 [ 17.706510] ret_from_fork+0x10/0x20 [ 17.706564] [ 17.706584] The buggy address belongs to the physical page: [ 17.706612] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107968 [ 17.706672] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.706847] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 17.707270] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 17.707332] page dumped because: kasan: bad access detected [ 17.707643] [ 17.707796] Memory state around the buggy address: [ 17.708030] fff00000c7967f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.708088] fff00000c7967f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.708132] >fff00000c7968000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.708403] ^ [ 17.708551] fff00000c7968080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.708671] fff00000c7968100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.708813] ================================================================== [ 17.669619] ================================================================== [ 17.669949] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 17.670177] Free of addr fff00000c6ecac00 by task kunit_try_catch/240 [ 17.670242] [ 17.670360] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 17.670491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.670600] Hardware name: linux,dummy-virt (DT) [ 17.670642] Call trace: [ 17.670664] show_stack+0x20/0x38 (C) [ 17.670953] dump_stack_lvl+0x8c/0xd0 [ 17.671040] print_report+0x118/0x608 [ 17.671169] kasan_report_invalid_free+0xc0/0xe8 [ 17.671255] check_slab_allocation+0xd4/0x108 [ 17.671395] __kasan_mempool_poison_object+0x78/0x150 [ 17.671455] mempool_free+0x28c/0x328 [ 17.671534] mempool_double_free_helper+0x150/0x2e8 [ 17.671719] mempool_kmalloc_double_free+0xc0/0x118 [ 17.671787] kunit_try_run_case+0x170/0x3f0 [ 17.671926] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.672171] kthread+0x328/0x630 [ 17.672234] ret_from_fork+0x10/0x20 [ 17.672306] [ 17.672326] Allocated by task 240: [ 17.672602] kasan_save_stack+0x3c/0x68 [ 17.672758] kasan_save_track+0x20/0x40 [ 17.672847] kasan_save_alloc_info+0x40/0x58 [ 17.673033] __kasan_mempool_unpoison_object+0x11c/0x180 [ 17.673293] remove_element+0x130/0x1f8 [ 17.673359] mempool_alloc_preallocated+0x58/0xc0 [ 17.673769] mempool_double_free_helper+0x94/0x2e8 [ 17.673928] mempool_kmalloc_double_free+0xc0/0x118 [ 17.674040] kunit_try_run_case+0x170/0x3f0 [ 17.674131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.674346] kthread+0x328/0x630 [ 17.674383] ret_from_fork+0x10/0x20 [ 17.674613] [ 17.674785] Freed by task 240: [ 17.674889] kasan_save_stack+0x3c/0x68 [ 17.675072] kasan_save_track+0x20/0x40 [ 17.675194] kasan_save_free_info+0x4c/0x78 [ 17.675362] __kasan_mempool_poison_object+0xc0/0x150 [ 17.675432] mempool_free+0x28c/0x328 [ 17.675644] mempool_double_free_helper+0x100/0x2e8 [ 17.675875] mempool_kmalloc_double_free+0xc0/0x118 [ 17.676005] kunit_try_run_case+0x170/0x3f0 [ 17.676138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.676186] kthread+0x328/0x630 [ 17.676252] ret_from_fork+0x10/0x20 [ 17.676289] [ 17.676675] The buggy address belongs to the object at fff00000c6ecac00 [ 17.676675] which belongs to the cache kmalloc-128 of size 128 [ 17.676799] The buggy address is located 0 bytes inside of [ 17.676799] 128-byte region [fff00000c6ecac00, fff00000c6ecac80) [ 17.676997] [ 17.677095] The buggy address belongs to the physical page: [ 17.677219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106eca [ 17.677273] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.677347] page_type: f5(slab) [ 17.677546] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.677862] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.678168] page dumped because: kasan: bad access detected [ 17.678228] [ 17.678246] Memory state around the buggy address: [ 17.678411] fff00000c6ecab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.678496] fff00000c6ecab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.678553] >fff00000c6ecac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.678906] ^ [ 17.679174] fff00000c6ecac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.679225] fff00000c6ecad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.679264] ==================================================================
[ 16.375187] ================================================================== [ 16.376140] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 16.376964] Free of addr ffff8881039d8000 by task kunit_try_catch/258 [ 16.377729] [ 16.378031] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 16.378175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.378314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.378385] Call Trace: [ 16.378421] <TASK> [ 16.378528] dump_stack_lvl+0x73/0xb0 [ 16.378611] print_report+0xd1/0x650 [ 16.378667] ? __virt_addr_valid+0x1db/0x2d0 [ 16.378726] ? kasan_addr_to_slab+0x11/0xa0 [ 16.378771] ? mempool_double_free_helper+0x184/0x370 [ 16.378827] kasan_report_invalid_free+0x10a/0x130 [ 16.378879] ? mempool_double_free_helper+0x184/0x370 [ 16.378932] ? mempool_double_free_helper+0x184/0x370 [ 16.378979] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 16.379023] mempool_free+0x2ec/0x380 [ 16.379055] mempool_double_free_helper+0x184/0x370 [ 16.379108] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 16.379136] ? dequeue_entities+0x852/0x1740 [ 16.379168] ? finish_task_switch.isra.0+0x153/0x700 [ 16.379201] mempool_kmalloc_large_double_free+0xed/0x140 [ 16.379273] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 16.379321] ? dequeue_task_fair+0x166/0x4e0 [ 16.379376] ? __pfx_mempool_kmalloc+0x10/0x10 [ 16.379403] ? __pfx_mempool_kfree+0x10/0x10 [ 16.379428] ? __pfx_read_tsc+0x10/0x10 [ 16.379452] ? ktime_get_ts64+0x86/0x230 [ 16.379484] kunit_try_run_case+0x1a5/0x480 [ 16.379516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.379541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.379573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.379601] ? __kthread_parkme+0x82/0x180 [ 16.379629] ? preempt_count_sub+0x50/0x80 [ 16.379658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.379685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.379712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.379738] kthread+0x337/0x6f0 [ 16.379759] ? trace_preempt_on+0x20/0xc0 [ 16.379788] ? __pfx_kthread+0x10/0x10 [ 16.379810] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.379835] ? calculate_sigpending+0x7b/0xa0 [ 16.379862] ? __pfx_kthread+0x10/0x10 [ 16.379884] ret_from_fork+0x41/0x80 [ 16.379908] ? __pfx_kthread+0x10/0x10 [ 16.379928] ret_from_fork_asm+0x1a/0x30 [ 16.379966] </TASK> [ 16.379979] [ 16.394493] The buggy address belongs to the physical page: [ 16.395017] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039d8 [ 16.395634] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.396412] flags: 0x200000000000040(head|node=0|zone=2) [ 16.396655] page_type: f8(unknown) [ 16.396827] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.397117] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.397637] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.398141] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.398739] head: 0200000000000002 ffffea00040e7601 00000000ffffffff 00000000ffffffff [ 16.399251] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.399962] page dumped because: kasan: bad access detected [ 16.400566] [ 16.400794] Memory state around the buggy address: [ 16.401664] ffff8881039d7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.402107] ffff8881039d7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.402853] >ffff8881039d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.403354] ^ [ 16.403931] ffff8881039d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.404556] ffff8881039d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.405347] ================================================================== [ 16.411705] ================================================================== [ 16.412280] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 16.412923] Free of addr ffff888103ab4000 by task kunit_try_catch/260 [ 16.413715] [ 16.413936] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 16.414036] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.414062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.414144] Call Trace: [ 16.414600] <TASK> [ 16.414656] dump_stack_lvl+0x73/0xb0 [ 16.414709] print_report+0xd1/0x650 [ 16.414751] ? __virt_addr_valid+0x1db/0x2d0 [ 16.414781] ? kasan_addr_to_slab+0x11/0xa0 [ 16.414803] ? mempool_double_free_helper+0x184/0x370 [ 16.414829] kasan_report_invalid_free+0x10a/0x130 [ 16.414855] ? mempool_double_free_helper+0x184/0x370 [ 16.414882] ? mempool_double_free_helper+0x184/0x370 [ 16.414907] __kasan_mempool_poison_pages+0x115/0x130 [ 16.414932] mempool_free+0x290/0x380 [ 16.414960] mempool_double_free_helper+0x184/0x370 [ 16.414984] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 16.415009] ? dequeue_entities+0x852/0x1740 [ 16.415037] ? finish_task_switch.isra.0+0x153/0x700 [ 16.415108] mempool_page_alloc_double_free+0xe8/0x140 [ 16.415166] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 16.415223] ? dequeue_task_fair+0x166/0x4e0 [ 16.415266] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 16.415302] ? __pfx_mempool_free_pages+0x10/0x10 [ 16.415356] ? __pfx_read_tsc+0x10/0x10 [ 16.415392] ? ktime_get_ts64+0x86/0x230 [ 16.415438] kunit_try_run_case+0x1a5/0x480 [ 16.415484] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.415519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.415564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.415606] ? __kthread_parkme+0x82/0x180 [ 16.415647] ? preempt_count_sub+0x50/0x80 [ 16.415677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.415701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.415726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.415750] kthread+0x337/0x6f0 [ 16.415770] ? trace_preempt_on+0x20/0xc0 [ 16.415796] ? __pfx_kthread+0x10/0x10 [ 16.415815] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.415838] ? calculate_sigpending+0x7b/0xa0 [ 16.415862] ? __pfx_kthread+0x10/0x10 [ 16.415883] ret_from_fork+0x41/0x80 [ 16.415905] ? __pfx_kthread+0x10/0x10 [ 16.415925] ret_from_fork_asm+0x1a/0x30 [ 16.415959] </TASK> [ 16.415973] [ 16.433105] The buggy address belongs to the physical page: [ 16.433578] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab4 [ 16.433763] flags: 0x200000000000000(node=0|zone=2) [ 16.433903] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 16.434051] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 16.434917] page dumped because: kasan: bad access detected [ 16.435194] [ 16.435305] Memory state around the buggy address: [ 16.435572] ffff888103ab3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.435903] ffff888103ab3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.436227] >ffff888103ab4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.437791] ^ [ 16.438498] ffff888103ab4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.439123] ffff888103ab4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.439460] ================================================================== [ 16.330812] ================================================================== [ 16.331378] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 16.331955] Free of addr ffff8881025fa400 by task kunit_try_catch/256 [ 16.332618] [ 16.332846] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 16.332953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.332980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.333034] Call Trace: [ 16.333068] <TASK> [ 16.333520] dump_stack_lvl+0x73/0xb0 [ 16.333598] print_report+0xd1/0x650 [ 16.333633] ? __virt_addr_valid+0x1db/0x2d0 [ 16.333664] ? kasan_complete_mode_report_info+0x64/0x200 [ 16.333693] ? mempool_double_free_helper+0x184/0x370 [ 16.333722] kasan_report_invalid_free+0x10a/0x130 [ 16.333751] ? mempool_double_free_helper+0x184/0x370 [ 16.333782] ? mempool_double_free_helper+0x184/0x370 [ 16.333809] ? mempool_double_free_helper+0x184/0x370 [ 16.333836] check_slab_allocation+0x101/0x130 [ 16.333863] __kasan_mempool_poison_object+0x91/0x1d0 [ 16.333891] mempool_free+0x2ec/0x380 [ 16.333921] mempool_double_free_helper+0x184/0x370 [ 16.333950] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 16.333978] ? dequeue_entities+0x852/0x1740 [ 16.334009] ? finish_task_switch.isra.0+0x153/0x700 [ 16.334043] mempool_kmalloc_double_free+0xed/0x140 [ 16.334101] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 16.334130] ? dequeue_task_fair+0x166/0x4e0 [ 16.334156] ? __pfx_mempool_kmalloc+0x10/0x10 [ 16.334180] ? __pfx_mempool_kfree+0x10/0x10 [ 16.334205] ? __pfx_read_tsc+0x10/0x10 [ 16.334229] ? ktime_get_ts64+0x86/0x230 [ 16.334259] kunit_try_run_case+0x1a5/0x480 [ 16.334291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.334317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.334372] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.334403] ? __kthread_parkme+0x82/0x180 [ 16.334434] ? preempt_count_sub+0x50/0x80 [ 16.334463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.334490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.334518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.334545] kthread+0x337/0x6f0 [ 16.334567] ? trace_preempt_on+0x20/0xc0 [ 16.334596] ? __pfx_kthread+0x10/0x10 [ 16.334619] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.334645] ? calculate_sigpending+0x7b/0xa0 [ 16.334673] ? __pfx_kthread+0x10/0x10 [ 16.334696] ret_from_fork+0x41/0x80 [ 16.334720] ? __pfx_kthread+0x10/0x10 [ 16.334742] ret_from_fork_asm+0x1a/0x30 [ 16.334779] </TASK> [ 16.334792] [ 16.348839] Allocated by task 256: [ 16.349109] kasan_save_stack+0x45/0x70 [ 16.349533] kasan_save_track+0x18/0x40 [ 16.349894] kasan_save_alloc_info+0x3b/0x50 [ 16.350286] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 16.350746] remove_element+0x11e/0x190 [ 16.351099] mempool_alloc_preallocated+0x4d/0x90 [ 16.351514] mempool_double_free_helper+0x8a/0x370 [ 16.351932] mempool_kmalloc_double_free+0xed/0x140 [ 16.352366] kunit_try_run_case+0x1a5/0x480 [ 16.352581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.352814] kthread+0x337/0x6f0 [ 16.353001] ret_from_fork+0x41/0x80 [ 16.353238] ret_from_fork_asm+0x1a/0x30 [ 16.353558] [ 16.353744] Freed by task 256: [ 16.354034] kasan_save_stack+0x45/0x70 [ 16.354419] kasan_save_track+0x18/0x40 [ 16.354846] kasan_save_free_info+0x3f/0x60 [ 16.355356] __kasan_mempool_poison_object+0x131/0x1d0 [ 16.355790] mempool_free+0x2ec/0x380 [ 16.356212] mempool_double_free_helper+0x109/0x370 [ 16.356681] mempool_kmalloc_double_free+0xed/0x140 [ 16.357176] kunit_try_run_case+0x1a5/0x480 [ 16.357492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.357923] kthread+0x337/0x6f0 [ 16.358160] ret_from_fork+0x41/0x80 [ 16.358373] ret_from_fork_asm+0x1a/0x30 [ 16.358577] [ 16.358691] The buggy address belongs to the object at ffff8881025fa400 [ 16.358691] which belongs to the cache kmalloc-128 of size 128 [ 16.359487] The buggy address is located 0 bytes inside of [ 16.359487] 128-byte region [ffff8881025fa400, ffff8881025fa480) [ 16.360463] [ 16.360657] The buggy address belongs to the physical page: [ 16.361217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025fa [ 16.361846] flags: 0x200000000000000(node=0|zone=2) [ 16.362382] page_type: f5(slab) [ 16.362774] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.363285] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.363713] page dumped because: kasan: bad access detected [ 16.364131] [ 16.364249] Memory state around the buggy address: [ 16.364607] ffff8881025fa300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.365307] ffff8881025fa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.365754] >ffff8881025fa400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.366037] ^ [ 16.366236] ffff8881025fa480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.366717] ffff8881025fa500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.367468] ==================================================================