Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.144506] ================================================================== [ 19.144587] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 19.144648] Free of addr fff00000c7a04000 by task kunit_try_catch/239 [ 19.144691] [ 19.144729] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.144811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.144838] Hardware name: linux,dummy-virt (DT) [ 19.144887] Call trace: [ 19.144909] show_stack+0x20/0x38 (C) [ 19.145083] dump_stack_lvl+0x8c/0xd0 [ 19.145200] print_report+0x118/0x5d0 [ 19.145252] kasan_report_invalid_free+0xc0/0xe8 [ 19.145395] __kasan_mempool_poison_pages+0xe0/0xe8 [ 19.145448] mempool_free+0x24c/0x328 [ 19.145500] mempool_double_free_helper+0x150/0x2e8 [ 19.145568] mempool_page_alloc_double_free+0xbc/0x118 [ 19.145776] kunit_try_run_case+0x170/0x3f0 [ 19.145854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.146012] kthread+0x328/0x630 [ 19.146136] ret_from_fork+0x10/0x20 [ 19.146228] [ 19.146250] The buggy address belongs to the physical page: [ 19.146284] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a04 [ 19.146340] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.146597] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.146659] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.146827] page dumped because: kasan: bad access detected [ 19.146872] [ 19.146891] Memory state around the buggy address: [ 19.146924] fff00000c7a03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.146968] fff00000c7a03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.147202] >fff00000c7a04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.147263] ^ [ 19.147389] fff00000c7a04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.147549] fff00000c7a04100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.147711] ================================================================== [ 19.103960] ================================================================== [ 19.104115] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 19.104360] Free of addr fff00000c78e9400 by task kunit_try_catch/235 [ 19.104555] [ 19.104652] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.104829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.105284] Hardware name: linux,dummy-virt (DT) [ 19.105358] Call trace: [ 19.105419] show_stack+0x20/0x38 (C) [ 19.105690] dump_stack_lvl+0x8c/0xd0 [ 19.105945] print_report+0x118/0x5d0 [ 19.106043] kasan_report_invalid_free+0xc0/0xe8 [ 19.106241] check_slab_allocation+0xd4/0x108 [ 19.106306] __kasan_mempool_poison_object+0x78/0x150 [ 19.106381] mempool_free+0x28c/0x328 [ 19.106433] mempool_double_free_helper+0x150/0x2e8 [ 19.106516] mempool_kmalloc_double_free+0xc0/0x118 [ 19.106568] kunit_try_run_case+0x170/0x3f0 [ 19.106618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.106686] kthread+0x328/0x630 [ 19.106731] ret_from_fork+0x10/0x20 [ 19.106797] [ 19.106831] Allocated by task 235: [ 19.106880] kasan_save_stack+0x3c/0x68 [ 19.106938] kasan_save_track+0x20/0x40 [ 19.106977] kasan_save_alloc_info+0x40/0x58 [ 19.107025] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.107070] remove_element+0x130/0x1f8 [ 19.107123] mempool_alloc_preallocated+0x58/0xc0 [ 19.107162] mempool_double_free_helper+0x94/0x2e8 [ 19.107210] mempool_kmalloc_double_free+0xc0/0x118 [ 19.107258] kunit_try_run_case+0x170/0x3f0 [ 19.107467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.107542] kthread+0x328/0x630 [ 19.107577] ret_from_fork+0x10/0x20 [ 19.107900] [ 19.108104] Freed by task 235: [ 19.108140] kasan_save_stack+0x3c/0x68 [ 19.108553] kasan_save_track+0x20/0x40 [ 19.108643] kasan_save_free_info+0x4c/0x78 [ 19.108687] __kasan_mempool_poison_object+0xc0/0x150 [ 19.108799] mempool_free+0x28c/0x328 [ 19.109260] mempool_double_free_helper+0x100/0x2e8 [ 19.109443] mempool_kmalloc_double_free+0xc0/0x118 [ 19.109530] kunit_try_run_case+0x170/0x3f0 [ 19.109907] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.109964] kthread+0x328/0x630 [ 19.110407] ret_from_fork+0x10/0x20 [ 19.110506] [ 19.110528] The buggy address belongs to the object at fff00000c78e9400 [ 19.110528] which belongs to the cache kmalloc-128 of size 128 [ 19.111066] The buggy address is located 0 bytes inside of [ 19.111066] 128-byte region [fff00000c78e9400, fff00000c78e9480) [ 19.111155] [ 19.111189] The buggy address belongs to the physical page: [ 19.111225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 19.111480] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.111672] page_type: f5(slab) [ 19.111946] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.112004] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.112235] page dumped because: kasan: bad access detected [ 19.112347] [ 19.112463] Memory state around the buggy address: [ 19.112529] fff00000c78e9300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.113084] fff00000c78e9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.113145] >fff00000c78e9400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.113327] ^ [ 19.113548] fff00000c78e9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.113760] fff00000c78e9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.114002] ================================================================== [ 19.130180] ================================================================== [ 19.130456] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 19.130542] Free of addr fff00000c7a04000 by task kunit_try_catch/237 [ 19.130609] [ 19.130652] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.130740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.130767] Hardware name: linux,dummy-virt (DT) [ 19.131265] Call trace: [ 19.131502] show_stack+0x20/0x38 (C) [ 19.131568] dump_stack_lvl+0x8c/0xd0 [ 19.131788] print_report+0x118/0x5d0 [ 19.131961] kasan_report_invalid_free+0xc0/0xe8 [ 19.132112] __kasan_mempool_poison_object+0x14c/0x150 [ 19.132331] mempool_free+0x28c/0x328 [ 19.132462] mempool_double_free_helper+0x150/0x2e8 [ 19.132526] mempool_kmalloc_large_double_free+0xc0/0x118 [ 19.132882] kunit_try_run_case+0x170/0x3f0 [ 19.133173] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.133371] kthread+0x328/0x630 [ 19.133456] ret_from_fork+0x10/0x20 [ 19.133876] [ 19.133922] The buggy address belongs to the physical page: [ 19.134033] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a04 [ 19.134141] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.134361] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.134440] page_type: f8(unknown) [ 19.134563] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.134616] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.134695] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.134752] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.134817] head: 0bfffe0000000002 ffffc1ffc31e8101 00000000ffffffff 00000000ffffffff [ 19.134878] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.134927] page dumped because: kasan: bad access detected [ 19.134959] [ 19.134984] Memory state around the buggy address: [ 19.135027] fff00000c7a03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.135086] fff00000c7a03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.135144] >fff00000c7a04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.135183] ^ [ 19.135214] fff00000c7a04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.135280] fff00000c7a04100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.135354] ==================================================================
[ 18.788028] ================================================================== [ 18.788099] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.788491] Free of addr fff00000c7a74000 by task kunit_try_catch/239 [ 18.788673] [ 18.788825] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.788947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.788986] Hardware name: linux,dummy-virt (DT) [ 18.789017] Call trace: [ 18.789043] show_stack+0x20/0x38 (C) [ 18.789096] dump_stack_lvl+0x8c/0xd0 [ 18.789686] print_report+0x118/0x5d0 [ 18.789917] kasan_report_invalid_free+0xc0/0xe8 [ 18.790018] __kasan_mempool_poison_pages+0xe0/0xe8 [ 18.790628] mempool_free+0x24c/0x328 [ 18.790714] mempool_double_free_helper+0x150/0x2e8 [ 18.790928] mempool_page_alloc_double_free+0xbc/0x118 [ 18.791061] kunit_try_run_case+0x170/0x3f0 [ 18.791159] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.791433] kthread+0x328/0x630 [ 18.791550] ret_from_fork+0x10/0x20 [ 18.791876] [ 18.791944] The buggy address belongs to the physical page: [ 18.791997] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a74 [ 18.792068] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.792312] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 18.792564] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 18.792648] page dumped because: kasan: bad access detected [ 18.792706] [ 18.792742] Memory state around the buggy address: [ 18.792817] fff00000c7a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.792951] fff00000c7a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.793002] >fff00000c7a74000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.793040] ^ [ 18.793068] fff00000c7a74080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.793587] fff00000c7a74100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.793683] ================================================================== [ 18.774265] ================================================================== [ 18.774351] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.774409] Free of addr fff00000c7a74000 by task kunit_try_catch/237 [ 18.774451] [ 18.774499] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.774581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.774611] Hardware name: linux,dummy-virt (DT) [ 18.774644] Call trace: [ 18.774666] show_stack+0x20/0x38 (C) [ 18.774715] dump_stack_lvl+0x8c/0xd0 [ 18.774774] print_report+0x118/0x5d0 [ 18.774825] kasan_report_invalid_free+0xc0/0xe8 [ 18.774876] __kasan_mempool_poison_object+0x14c/0x150 [ 18.774929] mempool_free+0x28c/0x328 [ 18.774983] mempool_double_free_helper+0x150/0x2e8 [ 18.775033] mempool_kmalloc_large_double_free+0xc0/0x118 [ 18.775084] kunit_try_run_case+0x170/0x3f0 [ 18.775131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.775191] kthread+0x328/0x630 [ 18.775234] ret_from_fork+0x10/0x20 [ 18.775283] [ 18.775303] The buggy address belongs to the physical page: [ 18.775346] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a74 [ 18.775679] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.775935] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.776628] page_type: f8(unknown) [ 18.776712] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.776765] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.776843] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.777694] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.777777] head: 0bfffe0000000002 ffffc1ffc31e9d01 00000000ffffffff 00000000ffffffff [ 18.777849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.777924] page dumped because: kasan: bad access detected [ 18.777984] [ 18.778019] Memory state around the buggy address: [ 18.778072] fff00000c7a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.778140] fff00000c7a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.778185] >fff00000c7a74000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.778539] ^ [ 18.778740] fff00000c7a74080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.778817] fff00000c7a74100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.778893] ================================================================== [ 18.755153] ================================================================== [ 18.755232] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.755295] Free of addr fff00000c7a4e500 by task kunit_try_catch/235 [ 18.755349] [ 18.755652] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.755785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.755826] Hardware name: linux,dummy-virt (DT) [ 18.755865] Call trace: [ 18.755892] show_stack+0x20/0x38 (C) [ 18.755949] dump_stack_lvl+0x8c/0xd0 [ 18.756217] print_report+0x118/0x5d0 [ 18.756296] kasan_report_invalid_free+0xc0/0xe8 [ 18.756358] check_slab_allocation+0xd4/0x108 [ 18.756740] __kasan_mempool_poison_object+0x78/0x150 [ 18.756829] mempool_free+0x28c/0x328 [ 18.756961] mempool_double_free_helper+0x150/0x2e8 [ 18.757087] mempool_kmalloc_double_free+0xc0/0x118 [ 18.757147] kunit_try_run_case+0x170/0x3f0 [ 18.757496] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.757640] kthread+0x328/0x630 [ 18.757716] ret_from_fork+0x10/0x20 [ 18.758069] [ 18.758124] Allocated by task 235: [ 18.758176] kasan_save_stack+0x3c/0x68 [ 18.758309] kasan_save_track+0x20/0x40 [ 18.758384] kasan_save_alloc_info+0x40/0x58 [ 18.758426] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.758762] remove_element+0x130/0x1f8 [ 18.758834] mempool_alloc_preallocated+0x58/0xc0 [ 18.758932] mempool_double_free_helper+0x94/0x2e8 [ 18.759047] mempool_kmalloc_double_free+0xc0/0x118 [ 18.759106] kunit_try_run_case+0x170/0x3f0 [ 18.759145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.759410] kthread+0x328/0x630 [ 18.759590] ret_from_fork+0x10/0x20 [ 18.759637] [ 18.759699] Freed by task 235: [ 18.759983] kasan_save_stack+0x3c/0x68 [ 18.760127] kasan_save_track+0x20/0x40 [ 18.760182] kasan_save_free_info+0x4c/0x78 [ 18.760486] __kasan_mempool_poison_object+0xc0/0x150 [ 18.760573] mempool_free+0x28c/0x328 [ 18.760650] mempool_double_free_helper+0x100/0x2e8 [ 18.760993] mempool_kmalloc_double_free+0xc0/0x118 [ 18.761109] kunit_try_run_case+0x170/0x3f0 [ 18.761198] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.761314] kthread+0x328/0x630 [ 18.761381] ret_from_fork+0x10/0x20 [ 18.761439] [ 18.761779] The buggy address belongs to the object at fff00000c7a4e500 [ 18.761779] which belongs to the cache kmalloc-128 of size 128 [ 18.761961] The buggy address is located 0 bytes inside of [ 18.761961] 128-byte region [fff00000c7a4e500, fff00000c7a4e580) [ 18.762032] [ 18.762055] The buggy address belongs to the physical page: [ 18.762088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 18.762433] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.762589] page_type: f5(slab) [ 18.762648] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.762743] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.762851] page dumped because: kasan: bad access detected [ 18.762917] [ 18.762958] Memory state around the buggy address: [ 18.763350] fff00000c7a4e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.763449] fff00000c7a4e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.763493] >fff00000c7a4e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.763531] ^ [ 18.763578] fff00000c7a4e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.763655] fff00000c7a4e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.763733] ==================================================================
[ 18.666489] ================================================================== [ 18.666690] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.666783] Free of addr fff00000c7800000 by task kunit_try_catch/237 [ 18.666989] [ 18.667030] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.667111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.667139] Hardware name: linux,dummy-virt (DT) [ 18.667171] Call trace: [ 18.667193] show_stack+0x20/0x38 (C) [ 18.667500] dump_stack_lvl+0x8c/0xd0 [ 18.667568] print_report+0x118/0x5d0 [ 18.667693] kasan_report_invalid_free+0xc0/0xe8 [ 18.667816] __kasan_mempool_poison_object+0x14c/0x150 [ 18.667980] mempool_free+0x28c/0x328 [ 18.668065] mempool_double_free_helper+0x150/0x2e8 [ 18.668114] mempool_kmalloc_large_double_free+0xc0/0x118 [ 18.668431] kunit_try_run_case+0x170/0x3f0 [ 18.668576] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.668787] kthread+0x328/0x630 [ 18.668920] ret_from_fork+0x10/0x20 [ 18.669041] [ 18.669063] The buggy address belongs to the physical page: [ 18.669243] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107800 [ 18.669406] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.669565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.669675] page_type: f8(unknown) [ 18.669749] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.670080] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.670181] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.670303] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.670419] head: 0bfffe0000000002 ffffc1ffc31e0001 00000000ffffffff 00000000ffffffff [ 18.670499] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.670745] page dumped because: kasan: bad access detected [ 18.671089] [ 18.671145] Memory state around the buggy address: [ 18.671218] fff00000c77fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.671396] fff00000c77fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.671557] >fff00000c7800000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.671721] ^ [ 18.671790] fff00000c7800080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.671878] fff00000c7800100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.671995] ================================================================== [ 18.652596] ================================================================== [ 18.652656] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.652853] Free of addr fff00000c7716300 by task kunit_try_catch/235 [ 18.652934] [ 18.653007] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.653088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.653114] Hardware name: linux,dummy-virt (DT) [ 18.653183] Call trace: [ 18.653209] show_stack+0x20/0x38 (C) [ 18.653264] dump_stack_lvl+0x8c/0xd0 [ 18.653326] print_report+0x118/0x5d0 [ 18.653393] kasan_report_invalid_free+0xc0/0xe8 [ 18.653456] check_slab_allocation+0xd4/0x108 [ 18.653506] __kasan_mempool_poison_object+0x78/0x150 [ 18.653662] mempool_free+0x28c/0x328 [ 18.653725] mempool_double_free_helper+0x150/0x2e8 [ 18.653809] mempool_kmalloc_double_free+0xc0/0x118 [ 18.653882] kunit_try_run_case+0x170/0x3f0 [ 18.653948] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.654001] kthread+0x328/0x630 [ 18.654096] ret_from_fork+0x10/0x20 [ 18.654183] [ 18.654232] Allocated by task 235: [ 18.654264] kasan_save_stack+0x3c/0x68 [ 18.654304] kasan_save_track+0x20/0x40 [ 18.654351] kasan_save_alloc_info+0x40/0x58 [ 18.654390] __kasan_mempool_unpoison_object+0x11c/0x180 [ 18.654460] remove_element+0x130/0x1f8 [ 18.654627] mempool_alloc_preallocated+0x58/0xc0 [ 18.654784] mempool_double_free_helper+0x94/0x2e8 [ 18.654901] mempool_kmalloc_double_free+0xc0/0x118 [ 18.655033] kunit_try_run_case+0x170/0x3f0 [ 18.655170] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.655299] kthread+0x328/0x630 [ 18.655397] ret_from_fork+0x10/0x20 [ 18.655437] [ 18.655456] Freed by task 235: [ 18.655484] kasan_save_stack+0x3c/0x68 [ 18.655541] kasan_save_track+0x20/0x40 [ 18.655579] kasan_save_free_info+0x4c/0x78 [ 18.655620] __kasan_mempool_poison_object+0xc0/0x150 [ 18.655661] mempool_free+0x28c/0x328 [ 18.655697] mempool_double_free_helper+0x100/0x2e8 [ 18.655748] mempool_kmalloc_double_free+0xc0/0x118 [ 18.655787] kunit_try_run_case+0x170/0x3f0 [ 18.656009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.656082] kthread+0x328/0x630 [ 18.656162] ret_from_fork+0x10/0x20 [ 18.656273] [ 18.656362] The buggy address belongs to the object at fff00000c7716300 [ 18.656362] which belongs to the cache kmalloc-128 of size 128 [ 18.656475] The buggy address is located 0 bytes inside of [ 18.656475] 128-byte region [fff00000c7716300, fff00000c7716380) [ 18.656542] [ 18.656564] The buggy address belongs to the physical page: [ 18.656593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 18.656916] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.657064] page_type: f5(slab) [ 18.657205] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.657301] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.657393] page dumped because: kasan: bad access detected [ 18.657423] [ 18.657441] Memory state around the buggy address: [ 18.657782] fff00000c7716200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.657916] fff00000c7716280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.657989] >fff00000c7716300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.658117] ^ [ 18.658177] fff00000c7716380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.658238] fff00000c7716400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.658276] ================================================================== [ 18.687920] ================================================================== [ 18.688407] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 18.688509] Free of addr fff00000c7804000 by task kunit_try_catch/239 [ 18.688579] [ 18.688652] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.688750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.688776] Hardware name: linux,dummy-virt (DT) [ 18.688810] Call trace: [ 18.688839] show_stack+0x20/0x38 (C) [ 18.688912] dump_stack_lvl+0x8c/0xd0 [ 18.688967] print_report+0x118/0x5d0 [ 18.689032] kasan_report_invalid_free+0xc0/0xe8 [ 18.689082] __kasan_mempool_poison_pages+0xe0/0xe8 [ 18.689175] mempool_free+0x24c/0x328 [ 18.689221] mempool_double_free_helper+0x150/0x2e8 [ 18.689342] mempool_page_alloc_double_free+0xbc/0x118 [ 18.689641] kunit_try_run_case+0x170/0x3f0 [ 18.689752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.689875] kthread+0x328/0x630 [ 18.689966] ret_from_fork+0x10/0x20 [ 18.690021] [ 18.690046] The buggy address belongs to the physical page: [ 18.690085] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107804 [ 18.690167] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.690260] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 18.690367] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 18.690410] page dumped because: kasan: bad access detected [ 18.690439] [ 18.690458] Memory state around the buggy address: [ 18.690726] fff00000c7803f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.690835] fff00000c7803f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.690907] >fff00000c7804000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.690972] ^ [ 18.691033] fff00000c7804080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.691098] fff00000c7804100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.691231] ==================================================================
[ 13.879819] ================================================================== [ 13.880536] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.880952] Free of addr ffff8881039f8000 by task kunit_try_catch/254 [ 13.881221] [ 13.881360] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.881406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.881418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.881440] Call Trace: [ 13.881453] <TASK> [ 13.881469] dump_stack_lvl+0x73/0xb0 [ 13.881499] print_report+0xd1/0x610 [ 13.881522] ? __virt_addr_valid+0x1db/0x2d0 [ 13.881546] ? kasan_addr_to_slab+0x11/0xa0 [ 13.881577] ? mempool_double_free_helper+0x184/0x370 [ 13.881603] kasan_report_invalid_free+0x10a/0x130 [ 13.881640] ? mempool_double_free_helper+0x184/0x370 [ 13.881668] ? mempool_double_free_helper+0x184/0x370 [ 13.881691] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.881770] mempool_free+0x2ec/0x380 [ 13.881796] mempool_double_free_helper+0x184/0x370 [ 13.881831] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.881855] ? update_load_avg+0x1be/0x21b0 [ 13.881878] ? dequeue_entities+0x27e/0x1740 [ 13.881921] ? finish_task_switch.isra.0+0x153/0x700 [ 13.881948] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.881974] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.882013] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.882044] ? __pfx_mempool_kfree+0x10/0x10 [ 13.882070] ? __pfx_read_tsc+0x10/0x10 [ 13.882091] ? ktime_get_ts64+0x86/0x230 [ 13.882126] kunit_try_run_case+0x1a5/0x480 [ 13.882150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.882173] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.882198] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.882221] ? __kthread_parkme+0x82/0x180 [ 13.882241] ? preempt_count_sub+0x50/0x80 [ 13.882265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.882288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.882312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.882336] kthread+0x337/0x6f0 [ 13.882355] ? trace_preempt_on+0x20/0xc0 [ 13.882379] ? __pfx_kthread+0x10/0x10 [ 13.882399] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.882420] ? calculate_sigpending+0x7b/0xa0 [ 13.882444] ? __pfx_kthread+0x10/0x10 [ 13.882465] ret_from_fork+0x116/0x1d0 [ 13.882483] ? __pfx_kthread+0x10/0x10 [ 13.882503] ret_from_fork_asm+0x1a/0x30 [ 13.882535] </TASK> [ 13.882545] [ 13.892576] The buggy address belongs to the physical page: [ 13.892857] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f8 [ 13.893230] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.893464] flags: 0x200000000000040(head|node=0|zone=2) [ 13.893651] page_type: f8(unknown) [ 13.893831] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.894218] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.894707] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.895278] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.896386] head: 0200000000000002 ffffea00040e7e01 00000000ffffffff 00000000ffffffff [ 13.896953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.897271] page dumped because: kasan: bad access detected [ 13.897502] [ 13.898065] Memory state around the buggy address: [ 13.898375] ffff8881039f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.898726] ffff8881039f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.899110] >ffff8881039f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.899400] ^ [ 13.899992] ffff8881039f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.900307] ffff8881039f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.900961] ================================================================== [ 13.849146] ================================================================== [ 13.849682] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.850297] Free of addr ffff888102988b00 by task kunit_try_catch/252 [ 13.850575] [ 13.850757] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.850821] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.850833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.850868] Call Trace: [ 13.850880] <TASK> [ 13.850907] dump_stack_lvl+0x73/0xb0 [ 13.850939] print_report+0xd1/0x610 [ 13.850961] ? __virt_addr_valid+0x1db/0x2d0 [ 13.850986] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.851018] ? mempool_double_free_helper+0x184/0x370 [ 13.851044] kasan_report_invalid_free+0x10a/0x130 [ 13.851069] ? mempool_double_free_helper+0x184/0x370 [ 13.851107] ? mempool_double_free_helper+0x184/0x370 [ 13.851130] ? mempool_double_free_helper+0x184/0x370 [ 13.851153] check_slab_allocation+0x101/0x130 [ 13.851176] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.851201] mempool_free+0x2ec/0x380 [ 13.851229] mempool_double_free_helper+0x184/0x370 [ 13.851253] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.851277] ? update_load_avg+0x1be/0x21b0 [ 13.851314] ? finish_task_switch.isra.0+0x153/0x700 [ 13.851341] mempool_kmalloc_double_free+0xed/0x140 [ 13.851366] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.851404] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.851427] ? __pfx_mempool_kfree+0x10/0x10 [ 13.851452] ? __pfx_read_tsc+0x10/0x10 [ 13.851473] ? ktime_get_ts64+0x86/0x230 [ 13.851499] kunit_try_run_case+0x1a5/0x480 [ 13.851526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.851558] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.851584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.851609] ? __kthread_parkme+0x82/0x180 [ 13.851630] ? preempt_count_sub+0x50/0x80 [ 13.851654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.851678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.851702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.851727] kthread+0x337/0x6f0 [ 13.851746] ? trace_preempt_on+0x20/0xc0 [ 13.851771] ? __pfx_kthread+0x10/0x10 [ 13.851791] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.851812] ? calculate_sigpending+0x7b/0xa0 [ 13.851837] ? __pfx_kthread+0x10/0x10 [ 13.851858] ret_from_fork+0x116/0x1d0 [ 13.851876] ? __pfx_kthread+0x10/0x10 [ 13.851904] ret_from_fork_asm+0x1a/0x30 [ 13.851938] </TASK> [ 13.851948] [ 13.862128] Allocated by task 252: [ 13.862295] kasan_save_stack+0x45/0x70 [ 13.862528] kasan_save_track+0x18/0x40 [ 13.862751] kasan_save_alloc_info+0x3b/0x50 [ 13.863037] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.863330] remove_element+0x11e/0x190 [ 13.863500] mempool_alloc_preallocated+0x4d/0x90 [ 13.863731] mempool_double_free_helper+0x8a/0x370 [ 13.864009] mempool_kmalloc_double_free+0xed/0x140 [ 13.864270] kunit_try_run_case+0x1a5/0x480 [ 13.864496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.864904] kthread+0x337/0x6f0 [ 13.865230] ret_from_fork+0x116/0x1d0 [ 13.865413] ret_from_fork_asm+0x1a/0x30 [ 13.865695] [ 13.865786] Freed by task 252: [ 13.865951] kasan_save_stack+0x45/0x70 [ 13.866156] kasan_save_track+0x18/0x40 [ 13.866348] kasan_save_free_info+0x3f/0x60 [ 13.866614] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.866883] mempool_free+0x2ec/0x380 [ 13.867171] mempool_double_free_helper+0x109/0x370 [ 13.867395] mempool_kmalloc_double_free+0xed/0x140 [ 13.867560] kunit_try_run_case+0x1a5/0x480 [ 13.867706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.867882] kthread+0x337/0x6f0 [ 13.868257] ret_from_fork+0x116/0x1d0 [ 13.868498] ret_from_fork_asm+0x1a/0x30 [ 13.868975] [ 13.869077] The buggy address belongs to the object at ffff888102988b00 [ 13.869077] which belongs to the cache kmalloc-128 of size 128 [ 13.869475] The buggy address is located 0 bytes inside of [ 13.869475] 128-byte region [ffff888102988b00, ffff888102988b80) [ 13.869855] [ 13.869965] The buggy address belongs to the physical page: [ 13.870249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102988 [ 13.870647] flags: 0x200000000000000(node=0|zone=2) [ 13.871168] page_type: f5(slab) [ 13.871335] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.871903] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.872190] page dumped because: kasan: bad access detected [ 13.872450] [ 13.872565] Memory state around the buggy address: [ 13.872986] ffff888102988a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.873383] ffff888102988a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.873836] >ffff888102988b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.874101] ^ [ 13.874282] ffff888102988b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.874559] ffff888102988c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.874779] ================================================================== [ 13.905129] ================================================================== [ 13.905673] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.906144] Free of addr ffff8881039f8000 by task kunit_try_catch/256 [ 13.906455] [ 13.906666] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.906715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.906726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.906749] Call Trace: [ 13.906768] <TASK> [ 13.906794] dump_stack_lvl+0x73/0xb0 [ 13.906826] print_report+0xd1/0x610 [ 13.906848] ? __virt_addr_valid+0x1db/0x2d0 [ 13.906885] ? kasan_addr_to_slab+0x11/0xa0 [ 13.906916] ? mempool_double_free_helper+0x184/0x370 [ 13.906942] kasan_report_invalid_free+0x10a/0x130 [ 13.906967] ? mempool_double_free_helper+0x184/0x370 [ 13.907004] ? mempool_double_free_helper+0x184/0x370 [ 13.907037] __kasan_mempool_poison_pages+0x115/0x130 [ 13.907063] mempool_free+0x290/0x380 [ 13.907090] mempool_double_free_helper+0x184/0x370 [ 13.907125] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.907154] ? finish_task_switch.isra.0+0x153/0x700 [ 13.907181] mempool_page_alloc_double_free+0xe8/0x140 [ 13.907207] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.907237] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.907260] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.907287] ? __pfx_read_tsc+0x10/0x10 [ 13.907307] ? ktime_get_ts64+0x86/0x230 [ 13.907331] kunit_try_run_case+0x1a5/0x480 [ 13.907357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.907388] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.907413] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.907437] ? __kthread_parkme+0x82/0x180 [ 13.907469] ? preempt_count_sub+0x50/0x80 [ 13.907492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.907516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.907540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.907608] kthread+0x337/0x6f0 [ 13.907628] ? trace_preempt_on+0x20/0xc0 [ 13.907652] ? __pfx_kthread+0x10/0x10 [ 13.907672] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.907693] ? calculate_sigpending+0x7b/0xa0 [ 13.907717] ? __pfx_kthread+0x10/0x10 [ 13.907738] ret_from_fork+0x116/0x1d0 [ 13.907757] ? __pfx_kthread+0x10/0x10 [ 13.907776] ret_from_fork_asm+0x1a/0x30 [ 13.907809] </TASK> [ 13.907820] [ 13.916781] The buggy address belongs to the physical page: [ 13.917135] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f8 [ 13.917492] flags: 0x200000000000000(node=0|zone=2) [ 13.917773] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.918123] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.918498] page dumped because: kasan: bad access detected [ 13.918718] [ 13.918826] Memory state around the buggy address: [ 13.919144] ffff8881039f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.919390] ffff8881039f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.919655] >ffff8881039f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.920119] ^ [ 13.920284] ffff8881039f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.920516] ffff8881039f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.921181] ==================================================================
[ 13.755785] ================================================================== [ 13.756298] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.756647] Free of addr ffff888103af8000 by task kunit_try_catch/257 [ 13.756941] [ 13.757040] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.757084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.757096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.757117] Call Trace: [ 13.757135] <TASK> [ 13.757151] dump_stack_lvl+0x73/0xb0 [ 13.757180] print_report+0xd1/0x610 [ 13.757202] ? __virt_addr_valid+0x1db/0x2d0 [ 13.757226] ? kasan_addr_to_slab+0x11/0xa0 [ 13.757246] ? mempool_double_free_helper+0x184/0x370 [ 13.757272] kasan_report_invalid_free+0x10a/0x130 [ 13.757297] ? mempool_double_free_helper+0x184/0x370 [ 13.757324] ? mempool_double_free_helper+0x184/0x370 [ 13.757347] __kasan_mempool_poison_pages+0x115/0x130 [ 13.757372] mempool_free+0x290/0x380 [ 13.757400] mempool_double_free_helper+0x184/0x370 [ 13.757425] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.757463] ? __kasan_check_write+0x18/0x20 [ 13.757484] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.757506] ? finish_task_switch.isra.0+0x153/0x700 [ 13.757537] mempool_page_alloc_double_free+0xe8/0x140 [ 13.757562] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.757592] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.757616] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.757644] ? __pfx_read_tsc+0x10/0x10 [ 13.757664] ? ktime_get_ts64+0x86/0x230 [ 13.757690] kunit_try_run_case+0x1a5/0x480 [ 13.757715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.757748] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.757774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.757798] ? __kthread_parkme+0x82/0x180 [ 13.758025] ? preempt_count_sub+0x50/0x80 [ 13.758048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.758072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.758096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.758120] kthread+0x337/0x6f0 [ 13.758138] ? trace_preempt_on+0x20/0xc0 [ 13.758161] ? __pfx_kthread+0x10/0x10 [ 13.758182] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.758202] ? calculate_sigpending+0x7b/0xa0 [ 13.758226] ? __pfx_kthread+0x10/0x10 [ 13.758247] ret_from_fork+0x116/0x1d0 [ 13.758266] ? __pfx_kthread+0x10/0x10 [ 13.758286] ret_from_fork_asm+0x1a/0x30 [ 13.758318] </TASK> [ 13.758329] [ 13.770793] The buggy address belongs to the physical page: [ 13.771451] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af8 [ 13.772428] flags: 0x200000000000000(node=0|zone=2) [ 13.773304] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.773766] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.774155] page dumped because: kasan: bad access detected [ 13.774417] [ 13.774548] Memory state around the buggy address: [ 13.774998] ffff888103af7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.775282] ffff888103af7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.775759] >ffff888103af8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.776103] ^ [ 13.776265] ffff888103af8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.776757] ffff888103af8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.777077] ================================================================== [ 13.692684] ================================================================== [ 13.694016] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.694929] Free of addr ffff8881026ef500 by task kunit_try_catch/253 [ 13.695651] [ 13.695862] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.695910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.695922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.695946] Call Trace: [ 13.695958] <TASK> [ 13.695976] dump_stack_lvl+0x73/0xb0 [ 13.696010] print_report+0xd1/0x610 [ 13.696033] ? __virt_addr_valid+0x1db/0x2d0 [ 13.696059] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.696082] ? mempool_double_free_helper+0x184/0x370 [ 13.696108] kasan_report_invalid_free+0x10a/0x130 [ 13.696133] ? mempool_double_free_helper+0x184/0x370 [ 13.696159] ? mempool_double_free_helper+0x184/0x370 [ 13.696182] ? mempool_double_free_helper+0x184/0x370 [ 13.696205] check_slab_allocation+0x101/0x130 [ 13.696227] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.696252] mempool_free+0x2ec/0x380 [ 13.696280] mempool_double_free_helper+0x184/0x370 [ 13.696306] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.696329] ? update_load_avg+0x1be/0x21b0 [ 13.696358] ? finish_task_switch.isra.0+0x153/0x700 [ 13.696385] mempool_kmalloc_double_free+0xed/0x140 [ 13.696410] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.696449] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.696471] ? __pfx_mempool_kfree+0x10/0x10 [ 13.696497] ? __pfx_read_tsc+0x10/0x10 [ 13.696519] ? ktime_get_ts64+0x86/0x230 [ 13.696557] kunit_try_run_case+0x1a5/0x480 [ 13.696585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.696608] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.696633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.696657] ? __kthread_parkme+0x82/0x180 [ 13.696679] ? preempt_count_sub+0x50/0x80 [ 13.696704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.696728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.696752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.696777] kthread+0x337/0x6f0 [ 13.696795] ? trace_preempt_on+0x20/0xc0 [ 13.696820] ? __pfx_kthread+0x10/0x10 [ 13.696840] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.696862] ? calculate_sigpending+0x7b/0xa0 [ 13.696887] ? __pfx_kthread+0x10/0x10 [ 13.696909] ret_from_fork+0x116/0x1d0 [ 13.696928] ? __pfx_kthread+0x10/0x10 [ 13.696948] ret_from_fork_asm+0x1a/0x30 [ 13.696983] </TASK> [ 13.696993] [ 13.713184] Allocated by task 253: [ 13.713557] kasan_save_stack+0x45/0x70 [ 13.714056] kasan_save_track+0x18/0x40 [ 13.714203] kasan_save_alloc_info+0x3b/0x50 [ 13.714355] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.714856] remove_element+0x11e/0x190 [ 13.715248] mempool_alloc_preallocated+0x4d/0x90 [ 13.715776] mempool_double_free_helper+0x8a/0x370 [ 13.716291] mempool_kmalloc_double_free+0xed/0x140 [ 13.716876] kunit_try_run_case+0x1a5/0x480 [ 13.717031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.717216] kthread+0x337/0x6f0 [ 13.717340] ret_from_fork+0x116/0x1d0 [ 13.717502] ret_from_fork_asm+0x1a/0x30 [ 13.717644] [ 13.717871] Freed by task 253: [ 13.718035] kasan_save_stack+0x45/0x70 [ 13.718185] kasan_save_track+0x18/0x40 [ 13.718348] kasan_save_free_info+0x3f/0x60 [ 13.718924] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.719161] mempool_free+0x2ec/0x380 [ 13.719301] mempool_double_free_helper+0x109/0x370 [ 13.719541] mempool_kmalloc_double_free+0xed/0x140 [ 13.719851] kunit_try_run_case+0x1a5/0x480 [ 13.720031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.720261] kthread+0x337/0x6f0 [ 13.720477] ret_from_fork+0x116/0x1d0 [ 13.720737] ret_from_fork_asm+0x1a/0x30 [ 13.720923] [ 13.721020] The buggy address belongs to the object at ffff8881026ef500 [ 13.721020] which belongs to the cache kmalloc-128 of size 128 [ 13.721570] The buggy address is located 0 bytes inside of [ 13.721570] 128-byte region [ffff8881026ef500, ffff8881026ef580) [ 13.721968] [ 13.722044] The buggy address belongs to the physical page: [ 13.722220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ef [ 13.722581] flags: 0x200000000000000(node=0|zone=2) [ 13.723031] page_type: f5(slab) [ 13.723212] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.723527] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.723755] page dumped because: kasan: bad access detected [ 13.724176] [ 13.724352] Memory state around the buggy address: [ 13.724696] ffff8881026ef400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.724975] ffff8881026ef480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.725596] >ffff8881026ef500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.725821] ^ [ 13.725988] ffff8881026ef580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.726306] ffff8881026ef600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.726671] ================================================================== [ 13.732724] ================================================================== [ 13.733231] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.733593] Free of addr ffff888103af8000 by task kunit_try_catch/255 [ 13.733873] [ 13.734117] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.734167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.734178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.734201] Call Trace: [ 13.734214] <TASK> [ 13.734231] dump_stack_lvl+0x73/0xb0 [ 13.734263] print_report+0xd1/0x610 [ 13.734286] ? __virt_addr_valid+0x1db/0x2d0 [ 13.734311] ? kasan_addr_to_slab+0x11/0xa0 [ 13.734331] ? mempool_double_free_helper+0x184/0x370 [ 13.734356] kasan_report_invalid_free+0x10a/0x130 [ 13.734381] ? mempool_double_free_helper+0x184/0x370 [ 13.734724] ? mempool_double_free_helper+0x184/0x370 [ 13.734748] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.734774] mempool_free+0x2ec/0x380 [ 13.734803] mempool_double_free_helper+0x184/0x370 [ 13.734828] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.734854] ? __kasan_check_write+0x18/0x20 [ 13.734874] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.734896] ? finish_task_switch.isra.0+0x153/0x700 [ 13.734924] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.734950] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.734979] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.735001] ? __pfx_mempool_kfree+0x10/0x10 [ 13.735027] ? __pfx_read_tsc+0x10/0x10 [ 13.735048] ? ktime_get_ts64+0x86/0x230 [ 13.735073] kunit_try_run_case+0x1a5/0x480 [ 13.735098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.735120] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.735145] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.735170] ? __kthread_parkme+0x82/0x180 [ 13.735191] ? preempt_count_sub+0x50/0x80 [ 13.735214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.735238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.735263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.735287] kthread+0x337/0x6f0 [ 13.735306] ? trace_preempt_on+0x20/0xc0 [ 13.735330] ? __pfx_kthread+0x10/0x10 [ 13.735350] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.735371] ? calculate_sigpending+0x7b/0xa0 [ 13.735396] ? __pfx_kthread+0x10/0x10 [ 13.735500] ret_from_fork+0x116/0x1d0 [ 13.735519] ? __pfx_kthread+0x10/0x10 [ 13.735552] ret_from_fork_asm+0x1a/0x30 [ 13.735585] </TASK> [ 13.735596] [ 13.744685] The buggy address belongs to the physical page: [ 13.745080] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af8 [ 13.745616] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.745945] flags: 0x200000000000040(head|node=0|zone=2) [ 13.746154] page_type: f8(unknown) [ 13.746332] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.746986] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.747313] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.747718] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.748037] head: 0200000000000002 ffffea00040ebe01 00000000ffffffff 00000000ffffffff [ 13.748329] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.748760] page dumped because: kasan: bad access detected [ 13.748984] [ 13.749080] Memory state around the buggy address: [ 13.749277] ffff888103af7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.749802] ffff888103af7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.750113] >ffff888103af8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.750402] ^ [ 13.750584] ffff888103af8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.750979] ffff888103af8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.751239] ==================================================================
[ 13.938264] ================================================================== [ 13.940064] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.940347] Free of addr ffff888102b7d800 by task kunit_try_catch/252 [ 13.940926] [ 13.941692] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.941748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.941759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.941783] Call Trace: [ 13.941796] <TASK> [ 13.941816] dump_stack_lvl+0x73/0xb0 [ 13.941853] print_report+0xd1/0x610 [ 13.941876] ? __virt_addr_valid+0x1db/0x2d0 [ 13.941903] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.941926] ? mempool_double_free_helper+0x184/0x370 [ 13.941950] kasan_report_invalid_free+0x10a/0x130 [ 13.941975] ? mempool_double_free_helper+0x184/0x370 [ 13.942069] ? mempool_double_free_helper+0x184/0x370 [ 13.942094] ? mempool_double_free_helper+0x184/0x370 [ 13.942131] check_slab_allocation+0x101/0x130 [ 13.942154] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.942178] mempool_free+0x2ec/0x380 [ 13.942207] mempool_double_free_helper+0x184/0x370 [ 13.942231] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.942256] ? kasan_save_track+0x18/0x40 [ 13.942275] ? kasan_save_alloc_info+0x3b/0x50 [ 13.942298] ? kasan_save_stack+0x45/0x70 [ 13.942323] mempool_kmalloc_double_free+0xed/0x140 [ 13.942348] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.942376] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.942398] ? __pfx_mempool_kfree+0x10/0x10 [ 13.942423] ? __pfx_read_tsc+0x10/0x10 [ 13.942445] ? ktime_get_ts64+0x86/0x230 [ 13.942471] kunit_try_run_case+0x1a5/0x480 [ 13.942499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.942523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.942549] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.942573] ? __kthread_parkme+0x82/0x180 [ 13.942594] ? preempt_count_sub+0x50/0x80 [ 13.942619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.942643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.942668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.942692] kthread+0x337/0x6f0 [ 13.942711] ? trace_preempt_on+0x20/0xc0 [ 13.942734] ? __pfx_kthread+0x10/0x10 [ 13.942754] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.942776] ? calculate_sigpending+0x7b/0xa0 [ 13.942801] ? __pfx_kthread+0x10/0x10 [ 13.942822] ret_from_fork+0x116/0x1d0 [ 13.942840] ? __pfx_kthread+0x10/0x10 [ 13.942860] ret_from_fork_asm+0x1a/0x30 [ 13.942893] </TASK> [ 13.942904] [ 13.959537] Allocated by task 252: [ 13.959703] kasan_save_stack+0x45/0x70 [ 13.959864] kasan_save_track+0x18/0x40 [ 13.959996] kasan_save_alloc_info+0x3b/0x50 [ 13.960152] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.960630] remove_element+0x11e/0x190 [ 13.961107] mempool_alloc_preallocated+0x4d/0x90 [ 13.961662] mempool_double_free_helper+0x8a/0x370 [ 13.962178] mempool_kmalloc_double_free+0xed/0x140 [ 13.962783] kunit_try_run_case+0x1a5/0x480 [ 13.963228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.963791] kthread+0x337/0x6f0 [ 13.964108] ret_from_fork+0x116/0x1d0 [ 13.964528] ret_from_fork_asm+0x1a/0x30 [ 13.965039] [ 13.965228] Freed by task 252: [ 13.965595] kasan_save_stack+0x45/0x70 [ 13.965996] kasan_save_track+0x18/0x40 [ 13.966490] kasan_save_free_info+0x3f/0x60 [ 13.966913] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.967486] mempool_free+0x2ec/0x380 [ 13.967907] mempool_double_free_helper+0x109/0x370 [ 13.968279] mempool_kmalloc_double_free+0xed/0x140 [ 13.968446] kunit_try_run_case+0x1a5/0x480 [ 13.968616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.968816] kthread+0x337/0x6f0 [ 13.969555] ret_from_fork+0x116/0x1d0 [ 13.969936] ret_from_fork_asm+0x1a/0x30 [ 13.970357] [ 13.970565] The buggy address belongs to the object at ffff888102b7d800 [ 13.970565] which belongs to the cache kmalloc-128 of size 128 [ 13.971605] The buggy address is located 0 bytes inside of [ 13.971605] 128-byte region [ffff888102b7d800, ffff888102b7d880) [ 13.972652] [ 13.972993] The buggy address belongs to the physical page: [ 13.973341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b7d [ 13.974187] flags: 0x200000000000000(node=0|zone=2) [ 13.974421] page_type: f5(slab) [ 13.974887] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.975128] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.975772] page dumped because: kasan: bad access detected [ 13.976535] [ 13.976824] Memory state around the buggy address: [ 13.977434] ffff888102b7d700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.978191] ffff888102b7d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.979070] >ffff888102b7d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.979738] ^ [ 13.980187] ffff888102b7d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.980576] ffff888102b7d900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.981377] ================================================================== [ 14.011964] ================================================================== [ 14.012478] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.012870] Free of addr ffff888103a30000 by task kunit_try_catch/256 [ 14.013108] [ 14.013204] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.013254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.013266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.013289] Call Trace: [ 14.013302] <TASK> [ 14.013321] dump_stack_lvl+0x73/0xb0 [ 14.013378] print_report+0xd1/0x610 [ 14.013402] ? __virt_addr_valid+0x1db/0x2d0 [ 14.013426] ? kasan_addr_to_slab+0x11/0xa0 [ 14.013455] ? mempool_double_free_helper+0x184/0x370 [ 14.013480] kasan_report_invalid_free+0x10a/0x130 [ 14.013504] ? mempool_double_free_helper+0x184/0x370 [ 14.013531] ? mempool_double_free_helper+0x184/0x370 [ 14.013554] __kasan_mempool_poison_pages+0x115/0x130 [ 14.013578] mempool_free+0x290/0x380 [ 14.013604] mempool_double_free_helper+0x184/0x370 [ 14.013628] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.013677] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.013699] ? finish_task_switch.isra.0+0x153/0x700 [ 14.013725] mempool_page_alloc_double_free+0xe8/0x140 [ 14.013750] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.013778] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.013801] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.013841] ? __pfx_read_tsc+0x10/0x10 [ 14.013863] ? ktime_get_ts64+0x86/0x230 [ 14.013887] kunit_try_run_case+0x1a5/0x480 [ 14.013912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.013934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.013959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.013983] ? __kthread_parkme+0x82/0x180 [ 14.014004] ? preempt_count_sub+0x50/0x80 [ 14.014070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.014094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.014118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.014142] kthread+0x337/0x6f0 [ 14.014161] ? trace_preempt_on+0x20/0xc0 [ 14.014186] ? __pfx_kthread+0x10/0x10 [ 14.014207] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.014228] ? calculate_sigpending+0x7b/0xa0 [ 14.014252] ? __pfx_kthread+0x10/0x10 [ 14.014273] ret_from_fork+0x116/0x1d0 [ 14.014292] ? __pfx_kthread+0x10/0x10 [ 14.014312] ret_from_fork_asm+0x1a/0x30 [ 14.014343] </TASK> [ 14.014375] [ 14.023585] The buggy address belongs to the physical page: [ 14.023792] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a30 [ 14.024205] flags: 0x200000000000000(node=0|zone=2) [ 14.024536] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.024896] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.025282] page dumped because: kasan: bad access detected [ 14.025457] [ 14.025528] Memory state around the buggy address: [ 14.025684] ffff888103a2ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.025976] ffff888103a2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.026327] >ffff888103a30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.026820] ^ [ 14.026983] ffff888103a30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.027288] ffff888103a30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.027710] ================================================================== [ 13.985683] ================================================================== [ 13.986196] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.986760] Free of addr ffff888103a30000 by task kunit_try_catch/254 [ 13.987070] [ 13.987171] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.987222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.987236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.987260] Call Trace: [ 13.987272] <TASK> [ 13.987293] dump_stack_lvl+0x73/0xb0 [ 13.987327] print_report+0xd1/0x610 [ 13.987350] ? __virt_addr_valid+0x1db/0x2d0 [ 13.987376] ? kasan_addr_to_slab+0x11/0xa0 [ 13.987397] ? mempool_double_free_helper+0x184/0x370 [ 13.987422] kasan_report_invalid_free+0x10a/0x130 [ 13.987446] ? mempool_double_free_helper+0x184/0x370 [ 13.987473] ? mempool_double_free_helper+0x184/0x370 [ 13.987496] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.987521] mempool_free+0x2ec/0x380 [ 13.987549] mempool_double_free_helper+0x184/0x370 [ 13.987573] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.987598] ? __kasan_check_write+0x18/0x20 [ 13.987617] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.987673] ? finish_task_switch.isra.0+0x153/0x700 [ 13.987701] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.987726] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.987756] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.987778] ? __pfx_mempool_kfree+0x10/0x10 [ 13.987802] ? __pfx_read_tsc+0x10/0x10 [ 13.987825] ? ktime_get_ts64+0x86/0x230 [ 13.987850] kunit_try_run_case+0x1a5/0x480 [ 13.987877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.987899] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.987924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.987948] ? __kthread_parkme+0x82/0x180 [ 13.987970] ? preempt_count_sub+0x50/0x80 [ 13.987993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.988026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.988050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.988074] kthread+0x337/0x6f0 [ 13.988092] ? trace_preempt_on+0x20/0xc0 [ 13.988132] ? __pfx_kthread+0x10/0x10 [ 13.988171] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.988200] ? calculate_sigpending+0x7b/0xa0 [ 13.988226] ? __pfx_kthread+0x10/0x10 [ 13.988247] ret_from_fork+0x116/0x1d0 [ 13.988267] ? __pfx_kthread+0x10/0x10 [ 13.988288] ret_from_fork_asm+0x1a/0x30 [ 13.988320] </TASK> [ 13.988332] [ 14.001387] The buggy address belongs to the physical page: [ 14.001684] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a30 [ 14.002027] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.002252] flags: 0x200000000000040(head|node=0|zone=2) [ 14.002432] page_type: f8(unknown) [ 14.002668] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.003002] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.003328] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.003703] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.003927] head: 0200000000000002 ffffea00040e8c01 00000000ffffffff 00000000ffffffff [ 14.004272] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.004958] page dumped because: kasan: bad access detected [ 14.005332] [ 14.005414] Memory state around the buggy address: [ 14.005632] ffff888103a2ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.005953] ffff888103a2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.006373] >ffff888103a30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.006679] ^ [ 14.006842] ffff888103a30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.007147] ffff888103a30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.007413] ==================================================================