lkft/linux-mainline-master - v6.15-rc7-142-g4856ebd99715 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

May 23, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.632524] ==================================================================
[   30.632709] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   30.632876] Free of addr fff00000c7894000 by task kunit_try_catch/241
[   30.632994] 
[   30.633419] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   30.633771] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.633864] Hardware name: linux,dummy-virt (DT)
[   30.633961] Call trace:
[   30.634024]  show_stack+0x20/0x38 (C)
[   30.634179]  dump_stack_lvl+0x8c/0xd0
[   30.634324]  print_report+0x118/0x608
[   30.634477]  kasan_report_invalid_free+0xc0/0xe8
[   30.634610]  __kasan_mempool_poison_pages+0xe0/0xe8
[   30.635040]  mempool_free+0x24c/0x328
[   30.635247]  mempool_double_free_helper+0x150/0x2e8
[   30.635441]  mempool_page_alloc_double_free+0xbc/0x118
[   30.635640]  kunit_try_run_case+0x170/0x3f0
[   30.635861]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.636066]  kthread+0x328/0x630
[   30.636226]  ret_from_fork+0x10/0x20
[   30.636936] 
[   30.637126] The buggy address belongs to the physical page:
[   30.637265] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   30.637505] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.637744] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   30.637900] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.638046] page dumped because: kasan: bad access detected
[   30.638122] 
[   30.638161] Memory state around the buggy address:
[   30.638237]  fff00000c7893f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.638373]  fff00000c7893f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.638519] >fff00000c7894000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.638997]                    ^
[   30.639144]  fff00000c7894080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.639277]  fff00000c7894100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.639513] ==================================================================
[   30.590418] ==================================================================
[   30.590702] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   30.590900] Free of addr fff00000c7894000 by task kunit_try_catch/239
[   30.591094] 
[   30.591216] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   30.592235] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.592312] Hardware name: linux,dummy-virt (DT)
[   30.592406] Call trace:
[   30.592485]  show_stack+0x20/0x38 (C)
[   30.593162]  dump_stack_lvl+0x8c/0xd0
[   30.593844]  print_report+0x118/0x608
[   30.594003]  kasan_report_invalid_free+0xc0/0xe8
[   30.594154]  __kasan_mempool_poison_object+0x14c/0x150
[   30.594314]  mempool_free+0x28c/0x328
[   30.595158]  mempool_double_free_helper+0x150/0x2e8
[   30.595356]  mempool_kmalloc_large_double_free+0xc0/0x118
[   30.595542]  kunit_try_run_case+0x170/0x3f0
[   30.595692]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.595859]  kthread+0x328/0x630
[   30.596704]  ret_from_fork+0x10/0x20
[   30.597271] 
[   30.597403] The buggy address belongs to the physical page:
[   30.597598] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   30.598041] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.598401] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.598617] page_type: f8(unknown)
[   30.598735] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.599345] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   30.599833] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.599993] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   30.600339] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   30.600915] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.601043] page dumped because: kasan: bad access detected
[   30.601167] 
[   30.601226] Memory state around the buggy address:
[   30.601341]  fff00000c7893f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.601593]  fff00000c7893f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.601805] >fff00000c7894000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.602371]                    ^
[   30.602492]  fff00000c7894080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.602633]  fff00000c7894100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.602756] ==================================================================
[   30.550366] ==================================================================
[   30.551069] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   30.551602] Free of addr fff00000c775a800 by task kunit_try_catch/237
[   30.551913] 
[   30.552232] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   30.552483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.552663] Hardware name: linux,dummy-virt (DT)
[   30.552804] Call trace:
[   30.552921]  show_stack+0x20/0x38 (C)
[   30.553479]  dump_stack_lvl+0x8c/0xd0
[   30.553921]  print_report+0x118/0x608
[   30.554585]  kasan_report_invalid_free+0xc0/0xe8
[   30.554984]  check_slab_allocation+0xd4/0x108
[   30.555148]  __kasan_mempool_poison_object+0x78/0x150
[   30.555304]  mempool_free+0x28c/0x328
[   30.555472]  mempool_double_free_helper+0x150/0x2e8
[   30.555621]  mempool_kmalloc_double_free+0xc0/0x118
[   30.555769]  kunit_try_run_case+0x170/0x3f0
[   30.556271]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.557005]  kthread+0x328/0x630
[   30.557412]  ret_from_fork+0x10/0x20
[   30.557799] 
[   30.557886] Allocated by task 237:
[   30.558049]  kasan_save_stack+0x3c/0x68
[   30.558391]  kasan_save_track+0x20/0x40
[   30.558542]  kasan_save_alloc_info+0x40/0x58
[   30.558641]  __kasan_mempool_unpoison_object+0x11c/0x180
[   30.558728]  remove_element+0x130/0x1f8
[   30.559153]  mempool_alloc_preallocated+0x58/0xc0
[   30.559669]  mempool_double_free_helper+0x94/0x2e8
[   30.559991]  mempool_kmalloc_double_free+0xc0/0x118
[   30.560317]  kunit_try_run_case+0x170/0x3f0
[   30.560951]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.561137]  kthread+0x328/0x630
[   30.561241]  ret_from_fork+0x10/0x20
[   30.561337] 
[   30.561391] Freed by task 237:
[   30.561620]  kasan_save_stack+0x3c/0x68
[   30.561838]  kasan_save_track+0x20/0x40
[   30.561952]  kasan_save_free_info+0x4c/0x78
[   30.562051]  __kasan_mempool_poison_object+0xc0/0x150
[   30.562154]  mempool_free+0x28c/0x328
[   30.562248]  mempool_double_free_helper+0x100/0x2e8
[   30.562364]  mempool_kmalloc_double_free+0xc0/0x118
[   30.562545]  kunit_try_run_case+0x170/0x3f0
[   30.562663]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.562759]  kthread+0x328/0x630
[   30.562997]  ret_from_fork+0x10/0x20
[   30.563110] 
[   30.563242] The buggy address belongs to the object at fff00000c775a800
[   30.563242]  which belongs to the cache kmalloc-128 of size 128
[   30.563591] The buggy address is located 0 bytes inside of
[   30.563591]  128-byte region [fff00000c775a800, fff00000c775a880)
[   30.563780] 
[   30.563966] The buggy address belongs to the physical page:
[   30.564146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775a
[   30.564297] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.564429] page_type: f5(slab)
[   30.564551] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   30.564697] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.564816] page dumped because: kasan: bad access detected
[   30.564906] 
[   30.564956] Memory state around the buggy address:
[   30.565051]  fff00000c775a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.565179]  fff00000c775a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.565306] >fff00000c775a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.565418]                    ^
[   30.565511]  fff00000c775a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.565639]  fff00000c775a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.565751] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6oKOcbQKiXvB9zY8T3TP346C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6oKOcbQKiXvB9zY8T3TP346C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/Image.gz
sha256sum	dc9d86ed0aa28c5a8c7aea5e5bbc5feee23ca57992b3a59f2660a2851e548fda

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/modules.tar.xz
sha256sum	bbf3712a920adb12a832cfcb69e456c8653dc36a192261fbeb4c1ef5e924a8d4

durations

tests

boot	0
kunit	423.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   14.301804] ==================================================================
[   14.302473] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   14.302768] Free of addr ffff888102acc000 by task kunit_try_catch/256
[   14.303245] 
[   14.303369] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   14.303418] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.303430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.303452] Call Trace:
[   14.303463]  <TASK>
[   14.303479]  dump_stack_lvl+0x73/0xb0
[   14.303508]  print_report+0xd1/0x650
[   14.303530]  ? __virt_addr_valid+0x1db/0x2d0
[   14.303553]  ? kasan_addr_to_slab+0x11/0xa0
[   14.303573]  ? mempool_double_free_helper+0x184/0x370
[   14.303598]  kasan_report_invalid_free+0x10a/0x130
[   14.303622]  ? mempool_double_free_helper+0x184/0x370
[   14.303649]  ? mempool_double_free_helper+0x184/0x370
[   14.303671]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   14.303696]  mempool_free+0x2ec/0x380
[   14.303719]  mempool_double_free_helper+0x184/0x370
[   14.303743]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   14.303766]  ? update_load_avg+0x1be/0x21b0
[   14.303789]  ? finish_task_switch.isra.0+0x153/0x700
[   14.303817]  mempool_kmalloc_large_double_free+0xed/0x140
[   14.303842]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   14.303866]  ? dequeue_task_fair+0x156/0x4e0
[   14.303889]  ? __pfx_mempool_kmalloc+0x10/0x10
[   14.303908]  ? __pfx_mempool_kfree+0x10/0x10
[   14.303930]  ? __pfx_read_tsc+0x10/0x10
[   14.303949]  ? ktime_get_ts64+0x86/0x230
[   14.303974]  kunit_try_run_case+0x1a5/0x480
[   14.303998]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.304019]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.304042]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.304065]  ? __kthread_parkme+0x82/0x180
[   14.304086]  ? preempt_count_sub+0x50/0x80
[   14.304111]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.304134]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.304156]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.304178]  kthread+0x337/0x6f0
[   14.304195]  ? trace_preempt_on+0x20/0xc0
[   14.304218]  ? __pfx_kthread+0x10/0x10
[   14.304236]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.304257]  ? calculate_sigpending+0x7b/0xa0
[   14.304277]  ? __pfx_kthread+0x10/0x10
[   14.304305]  ret_from_fork+0x41/0x80
[   14.304326]  ? __pfx_kthread+0x10/0x10
[   14.304345]  ret_from_fork_asm+0x1a/0x30
[   14.304375]  </TASK>
[   14.304387] 
[   14.312739] The buggy address belongs to the physical page:
[   14.313005] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102acc
[   14.313372] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   14.313646] flags: 0x200000000000040(head|node=0|zone=2)
[   14.314076] page_type: f8(unknown)
[   14.314237] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.314514] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.314758] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.315180] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.315666] head: 0200000000000002 ffffea00040ab301 00000000ffffffff 00000000ffffffff
[   14.315990] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   14.316218] page dumped because: kasan: bad access detected
[   14.316401] 
[   14.316732] Memory state around the buggy address:
[   14.316967]  ffff888102acbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.317554]  ffff888102acbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.317882] >ffff888102acc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.318197]                    ^
[   14.318371]  ffff888102acc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.319400]  ffff888102acc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.319716] ==================================================================
[   14.271850] ==================================================================
[   14.272400] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   14.272775] Free of addr ffff8881026f5600 by task kunit_try_catch/254
[   14.273052] 
[   14.273175] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   14.273222] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.273235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.273258] Call Trace:
[   14.273271]  <TASK>
[   14.273287]  dump_stack_lvl+0x73/0xb0
[   14.273329]  print_report+0xd1/0x650
[   14.273351]  ? __virt_addr_valid+0x1db/0x2d0
[   14.273374]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.273396]  ? mempool_double_free_helper+0x184/0x370
[   14.273419]  kasan_report_invalid_free+0x10a/0x130
[   14.273445]  ? mempool_double_free_helper+0x184/0x370
[   14.273471]  ? mempool_double_free_helper+0x184/0x370
[   14.273494]  ? mempool_double_free_helper+0x184/0x370
[   14.273518]  check_slab_allocation+0x101/0x130
[   14.273541]  __kasan_mempool_poison_object+0x91/0x1d0
[   14.273565]  mempool_free+0x2ec/0x380
[   14.273591]  mempool_double_free_helper+0x184/0x370
[   14.273616]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   14.273643]  ? dequeue_entities+0x852/0x1740
[   14.273671]  ? finish_task_switch.isra.0+0x153/0x700
[   14.273699]  mempool_kmalloc_double_free+0xed/0x140
[   14.273722]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   14.273745]  ? dequeue_task_fair+0x166/0x4e0
[   14.273768]  ? __pfx_mempool_kmalloc+0x10/0x10
[   14.273787]  ? __pfx_mempool_kfree+0x10/0x10
[   14.273809]  ? __pfx_read_tsc+0x10/0x10
[   14.273828]  ? ktime_get_ts64+0x86/0x230
[   14.273854]  kunit_try_run_case+0x1a5/0x480
[   14.273953]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.273979]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.274004]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.274026]  ? __kthread_parkme+0x82/0x180
[   14.274048]  ? preempt_count_sub+0x50/0x80
[   14.274072]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.274096]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.274118]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.274140]  kthread+0x337/0x6f0
[   14.274157]  ? trace_preempt_on+0x20/0xc0
[   14.274181]  ? __pfx_kthread+0x10/0x10
[   14.274198]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.274219]  ? calculate_sigpending+0x7b/0xa0
[   14.274240]  ? __pfx_kthread+0x10/0x10
[   14.274259]  ret_from_fork+0x41/0x80
[   14.274280]  ? __pfx_kthread+0x10/0x10
[   14.274309]  ret_from_fork_asm+0x1a/0x30
[   14.274340]  </TASK>
[   14.274351] 
[   14.284503] Allocated by task 254:
[   14.284685]  kasan_save_stack+0x45/0x70
[   14.284859]  kasan_save_track+0x18/0x40
[   14.285076]  kasan_save_alloc_info+0x3b/0x50
[   14.285354]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   14.285699]  remove_element+0x11e/0x190
[   14.285871]  mempool_alloc_preallocated+0x4d/0x90
[   14.286153]  mempool_double_free_helper+0x8a/0x370
[   14.286381]  mempool_kmalloc_double_free+0xed/0x140
[   14.286551]  kunit_try_run_case+0x1a5/0x480
[   14.286706]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.286882]  kthread+0x337/0x6f0
[   14.287149]  ret_from_fork+0x41/0x80
[   14.287370]  ret_from_fork_asm+0x1a/0x30
[   14.287757] 
[   14.287855] Freed by task 254:
[   14.288080]  kasan_save_stack+0x45/0x70
[   14.288247]  kasan_save_track+0x18/0x40
[   14.288444]  kasan_save_free_info+0x3f/0x60
[   14.288623]  __kasan_mempool_poison_object+0x131/0x1d0
[   14.288795]  mempool_free+0x2ec/0x380
[   14.288928]  mempool_double_free_helper+0x109/0x370
[   14.289094]  mempool_kmalloc_double_free+0xed/0x140
[   14.289432]  kunit_try_run_case+0x1a5/0x480
[   14.289718]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.290122]  kthread+0x337/0x6f0
[   14.290312]  ret_from_fork+0x41/0x80
[   14.290567]  ret_from_fork_asm+0x1a/0x30
[   14.290766] 
[   14.290841] The buggy address belongs to the object at ffff8881026f5600
[   14.290841]  which belongs to the cache kmalloc-128 of size 128
[   14.291887] The buggy address is located 0 bytes inside of
[   14.291887]  128-byte region [ffff8881026f5600, ffff8881026f5680)
[   14.292454] 
[   14.292555] The buggy address belongs to the physical page:
[   14.292749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f5
[   14.293092] flags: 0x200000000000000(node=0|zone=2)
[   14.293347] page_type: f5(slab)
[   14.293524] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   14.293938] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   14.294207] page dumped because: kasan: bad access detected
[   14.294468] 
[   14.294543] Memory state around the buggy address:
[   14.294710]  ffff8881026f5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.295188]  ffff8881026f5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.295611] >ffff8881026f5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.295839]                    ^
[   14.296200]  ffff8881026f5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.296575]  ffff8881026f5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.296848] ==================================================================
[   14.323412] ==================================================================
[   14.323930] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   14.324476] Free of addr ffff888103928000 by task kunit_try_catch/258
[   14.324831] 
[   14.325141] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   14.325192] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.325207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.325227] Call Trace:
[   14.325241]  <TASK>
[   14.325258]  dump_stack_lvl+0x73/0xb0
[   14.325289]  print_report+0xd1/0x650
[   14.325324]  ? __virt_addr_valid+0x1db/0x2d0
[   14.325348]  ? kasan_addr_to_slab+0x11/0xa0
[   14.325369]  ? mempool_double_free_helper+0x184/0x370
[   14.325394]  kasan_report_invalid_free+0x10a/0x130
[   14.325419]  ? mempool_double_free_helper+0x184/0x370
[   14.325445]  ? mempool_double_free_helper+0x184/0x370
[   14.325468]  __kasan_mempool_poison_pages+0x115/0x130
[   14.325493]  mempool_free+0x290/0x380
[   14.325517]  mempool_double_free_helper+0x184/0x370
[   14.325541]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   14.325565]  ? dequeue_entities+0x852/0x1740
[   14.325590]  ? finish_task_switch.isra.0+0x153/0x700
[   14.325616]  mempool_page_alloc_double_free+0xe8/0x140
[   14.325638]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   14.325659]  ? dequeue_task_fair+0x166/0x4e0
[   14.325681]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   14.325702]  ? __pfx_mempool_free_pages+0x10/0x10
[   14.325724]  ? __pfx_read_tsc+0x10/0x10
[   14.325745]  ? ktime_get_ts64+0x86/0x230
[   14.325770]  kunit_try_run_case+0x1a5/0x480
[   14.325795]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.325818]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.325841]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.325863]  ? __kthread_parkme+0x82/0x180
[   14.325954]  ? preempt_count_sub+0x50/0x80
[   14.325982]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.326006]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.326029]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.326052]  kthread+0x337/0x6f0
[   14.326068]  ? trace_preempt_on+0x20/0xc0
[   14.326093]  ? __pfx_kthread+0x10/0x10
[   14.326111]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.326132]  ? calculate_sigpending+0x7b/0xa0
[   14.326155]  ? __pfx_kthread+0x10/0x10
[   14.326173]  ret_from_fork+0x41/0x80
[   14.326194]  ? __pfx_kthread+0x10/0x10
[   14.326212]  ret_from_fork_asm+0x1a/0x30
[   14.326244]  </TASK>
[   14.326256] 
[   14.334938] The buggy address belongs to the physical page:
[   14.335166] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103928
[   14.335533] flags: 0x200000000000000(node=0|zone=2)
[   14.335733] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   14.336071] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   14.336323] page dumped because: kasan: bad access detected
[   14.336656] 
[   14.336756] Memory state around the buggy address:
[   14.336986]  ffff888103927f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.337268]  ffff888103927f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.337563] >ffff888103928000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.337815]                    ^
[   14.337961]  ffff888103928080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.338272]  ffff888103928100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.338565] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6pFlrRJjT7hepkB9aiMlUziD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6pFlrRJjT7hepkB9aiMlUziD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/bzImage
sha256sum	87310a5ce2e449ea32174d5c60c63ddcd1873527b924fc92af17800f3b6a0c85

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/modules.tar.xz
sha256sum	392011dc561b93e70d20c4f59de7bf990a438ea01b5984e8279d811e404b080b

durations

tests

boot	0
kunit	211.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit