lkft/linux-mainline-master - v6.16-rc4-319-g05df91921da6 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 5, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   20.276005] ==================================================================
[   20.276136] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.276199] Free of addr fff00000c7908000 by task kunit_try_catch/237
[   20.276241] 
[   20.276273] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.276755] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.276791] Hardware name: linux,dummy-virt (DT)
[   20.277047] Call trace:
[   20.277241]  show_stack+0x20/0x38 (C)
[   20.277297]  dump_stack_lvl+0x8c/0xd0
[   20.277703]  print_report+0x118/0x608
[   20.278013]  kasan_report_invalid_free+0xc0/0xe8
[   20.278102]  __kasan_mempool_poison_object+0x14c/0x150
[   20.278164]  mempool_free+0x28c/0x328
[   20.278208]  mempool_double_free_helper+0x150/0x2e8
[   20.278260]  mempool_kmalloc_large_double_free+0xc0/0x118
[   20.278313]  kunit_try_run_case+0x170/0x3f0
[   20.278373]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.278527]  kthread+0x328/0x630
[   20.278778]  ret_from_fork+0x10/0x20
[   20.279061] 
[   20.279087] The buggy address belongs to the physical page:
[   20.279387] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107908
[   20.279676] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.279831] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.279950] page_type: f8(unknown)
[   20.280023] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.280075] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.280193] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.280447] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.280500] head: 0bfffe0000000002 ffffc1ffc31e4201 00000000ffffffff 00000000ffffffff
[   20.280615] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.280890] page dumped because: kasan: bad access detected
[   20.280922] 
[   20.280939] Memory state around the buggy address:
[   20.280972]  fff00000c7907f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.281015]  fff00000c7907f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.281058] >fff00000c7908000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.281095]                    ^
[   20.281160]  fff00000c7908080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.281210]  fff00000c7908100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.281261] ==================================================================
[   20.293145] ==================================================================
[   20.293219] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.293323] Free of addr fff00000c790c000 by task kunit_try_catch/239
[   20.293369] 
[   20.293721] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.294424] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.294580] Hardware name: linux,dummy-virt (DT)
[   20.294754] Call trace:
[   20.294779]  show_stack+0x20/0x38 (C)
[   20.294832]  dump_stack_lvl+0x8c/0xd0
[   20.294879]  print_report+0x118/0x608
[   20.294940]  kasan_report_invalid_free+0xc0/0xe8
[   20.295025]  __kasan_mempool_poison_pages+0xe0/0xe8
[   20.295189]  mempool_free+0x24c/0x328
[   20.295233]  mempool_double_free_helper+0x150/0x2e8
[   20.295280]  mempool_page_alloc_double_free+0xbc/0x118
[   20.295331]  kunit_try_run_case+0x170/0x3f0
[   20.295377]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.295429]  kthread+0x328/0x630
[   20.295472]  ret_from_fork+0x10/0x20
[   20.295521] 
[   20.295543] The buggy address belongs to the physical page:
[   20.295913] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790c
[   20.296456] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.296704] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   20.296800] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.297035] page dumped because: kasan: bad access detected
[   20.297380] 
[   20.297435] Memory state around the buggy address:
[   20.297471]  fff00000c790bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.297514]  fff00000c790bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.297558] >fff00000c790c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.297607]                    ^
[   20.297636]  fff00000c790c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.297734]  fff00000c790c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.297992] ==================================================================
[   20.257640] ==================================================================
[   20.258047] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.258252] Free of addr fff00000c78d3200 by task kunit_try_catch/235
[   20.258382] 
[   20.258442] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.258802] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.258893] Hardware name: linux,dummy-virt (DT)
[   20.258998] Call trace:
[   20.259019]  show_stack+0x20/0x38 (C)
[   20.259172]  dump_stack_lvl+0x8c/0xd0
[   20.259331]  print_report+0x118/0x608
[   20.259444]  kasan_report_invalid_free+0xc0/0xe8
[   20.259495]  check_slab_allocation+0xd4/0x108
[   20.259542]  __kasan_mempool_poison_object+0x78/0x150
[   20.259593]  mempool_free+0x28c/0x328
[   20.259640]  mempool_double_free_helper+0x150/0x2e8
[   20.259691]  mempool_kmalloc_double_free+0xc0/0x118
[   20.259741]  kunit_try_run_case+0x170/0x3f0
[   20.259788]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.259847]  kthread+0x328/0x630
[   20.259947]  ret_from_fork+0x10/0x20
[   20.259994] 
[   20.260013] Allocated by task 235:
[   20.260044]  kasan_save_stack+0x3c/0x68
[   20.260143]  kasan_save_track+0x20/0x40
[   20.260201]  kasan_save_alloc_info+0x40/0x58
[   20.260239]  __kasan_mempool_unpoison_object+0x11c/0x180
[   20.260282]  remove_element+0x130/0x1f8
[   20.260317]  mempool_alloc_preallocated+0x58/0xc0
[   20.260394]  mempool_double_free_helper+0x94/0x2e8
[   20.260462]  mempool_kmalloc_double_free+0xc0/0x118
[   20.260502]  kunit_try_run_case+0x170/0x3f0
[   20.260542]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.260587]  kthread+0x328/0x630
[   20.260636]  ret_from_fork+0x10/0x20
[   20.260672] 
[   20.260691] Freed by task 235:
[   20.260719]  kasan_save_stack+0x3c/0x68
[   20.260773]  kasan_save_track+0x20/0x40
[   20.260809]  kasan_save_free_info+0x4c/0x78
[   20.260847]  __kasan_mempool_poison_object+0xc0/0x150
[   20.260899]  mempool_free+0x28c/0x328
[   20.261004]  mempool_double_free_helper+0x100/0x2e8
[   20.261130]  mempool_kmalloc_double_free+0xc0/0x118
[   20.261180]  kunit_try_run_case+0x170/0x3f0
[   20.261218]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.261263]  kthread+0x328/0x630
[   20.261295]  ret_from_fork+0x10/0x20
[   20.261331] 
[   20.261359] The buggy address belongs to the object at fff00000c78d3200
[   20.261359]  which belongs to the cache kmalloc-128 of size 128
[   20.261485] The buggy address is located 0 bytes inside of
[   20.261485]  128-byte region [fff00000c78d3200, fff00000c78d3280)
[   20.261545] 
[   20.261564] The buggy address belongs to the physical page:
[   20.261595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3
[   20.261869] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.262227] page_type: f5(slab)
[   20.262269] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   20.262319] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.262359] page dumped because: kasan: bad access detected
[   20.262389] 
[   20.262413] Memory state around the buggy address:
[   20.262583]  fff00000c78d3100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.262711]  fff00000c78d3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.262846] >fff00000c78d3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.262973]                    ^
[   20.263003]  fff00000c78d3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.263045]  fff00000c78d3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.263083] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zTZX5aSUAhJVwr3xqAbJP8OBr6

job_id

TEST:linaro@lkft#2zTZbHzCE6ZylZlp0lglLTGuydp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zTZbHzCE6ZylZlp0lglLTGuydp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZYHU8IyXjvuXMYZoizjQZyTc/Image.gz
sha256sum	f49ecf90b386c92e37781079e5c76c8827d858d3a69ba7e84f2b1cbecb73deae

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZYHU8IyXjvuXMYZoizjQZyTc/modules.tar.xz
sha256sum	e009b646d141517f47e4a42f0b55703fe9065c966bd6ab95f60ff2cbbb32d2c4

durations

tests

boot	0
kunit	177.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.427847] ==================================================================
[   15.428543] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.428897] Free of addr ffff888103a6c000 by task kunit_try_catch/255
[   15.429277] 
[   15.429429] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   15.429548] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.429565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.429592] Call Trace:
[   15.429608]  <TASK>
[   15.429632]  dump_stack_lvl+0x73/0xb0
[   15.429709]  print_report+0xd1/0x650
[   15.429736]  ? __virt_addr_valid+0x1db/0x2d0
[   15.429765]  ? kasan_addr_to_slab+0x11/0xa0
[   15.429802]  ? mempool_double_free_helper+0x184/0x370
[   15.429830]  kasan_report_invalid_free+0x10a/0x130
[   15.429892]  ? mempool_double_free_helper+0x184/0x370
[   15.429923]  ? mempool_double_free_helper+0x184/0x370
[   15.429949]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   15.429977]  mempool_free+0x2ec/0x380
[   15.430005]  mempool_double_free_helper+0x184/0x370
[   15.430032]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.430061]  ? __kasan_check_write+0x18/0x20
[   15.430082]  ? __pfx_sched_clock_cpu+0x10/0x10
[   15.430109]  ? finish_task_switch.isra.0+0x153/0x700
[   15.430138]  mempool_kmalloc_large_double_free+0xed/0x140
[   15.430203]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   15.430235]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.430261]  ? __pfx_mempool_kfree+0x10/0x10
[   15.430288]  ? __pfx_read_tsc+0x10/0x10
[   15.430313]  ? ktime_get_ts64+0x86/0x230
[   15.430422]  kunit_try_run_case+0x1a5/0x480
[   15.430455]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.430480]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.430510]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.430536]  ? __kthread_parkme+0x82/0x180
[   15.430560]  ? preempt_count_sub+0x50/0x80
[   15.430586]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.430614]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.430640]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.430666]  kthread+0x337/0x6f0
[   15.430687]  ? trace_preempt_on+0x20/0xc0
[   15.430716]  ? __pfx_kthread+0x10/0x10
[   15.430739]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.430762]  ? calculate_sigpending+0x7b/0xa0
[   15.430804]  ? __pfx_kthread+0x10/0x10
[   15.430829]  ret_from_fork+0x116/0x1d0
[   15.430851]  ? __pfx_kthread+0x10/0x10
[   15.430874]  ret_from_fork_asm+0x1a/0x30
[   15.430911]  </TASK>
[   15.430927] 
[   15.445115] The buggy address belongs to the physical page:
[   15.445436] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a6c
[   15.446302] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.446812] flags: 0x200000000000040(head|node=0|zone=2)
[   15.447140] page_type: f8(unknown)
[   15.447484] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.447874] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.448441] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.449050] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.449770] head: 0200000000000002 ffffea00040e9b01 00000000ffffffff 00000000ffffffff
[   15.450452] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.451010] page dumped because: kasan: bad access detected
[   15.451429] 
[   15.451695] Memory state around the buggy address:
[   15.451976]  ffff888103a6bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.452515]  ffff888103a6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.452858] >ffff888103a6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.453196]                    ^
[   15.453500]  ffff888103a6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.453835]  ffff888103a6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.454217] ==================================================================
[   15.386501] ==================================================================
[   15.387017] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.387325] Free of addr ffff8881029f9800 by task kunit_try_catch/253
[   15.388175] 
[   15.388428] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   15.388486] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.388502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.388528] Call Trace:
[   15.388545]  <TASK>
[   15.388564]  dump_stack_lvl+0x73/0xb0
[   15.388858]  print_report+0xd1/0x650
[   15.388887]  ? __virt_addr_valid+0x1db/0x2d0
[   15.388916]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.388941]  ? mempool_double_free_helper+0x184/0x370
[   15.388969]  kasan_report_invalid_free+0x10a/0x130
[   15.388998]  ? mempool_double_free_helper+0x184/0x370
[   15.389028]  ? mempool_double_free_helper+0x184/0x370
[   15.389054]  ? mempool_double_free_helper+0x184/0x370
[   15.389081]  check_slab_allocation+0x101/0x130
[   15.389107]  __kasan_mempool_poison_object+0x91/0x1d0
[   15.389280]  mempool_free+0x2ec/0x380
[   15.389314]  mempool_double_free_helper+0x184/0x370
[   15.389349]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.389378]  ? irqentry_exit+0x2a/0x60
[   15.389404]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   15.389431]  ? trace_hardirqs_on+0x37/0xe0
[   15.389461]  mempool_kmalloc_double_free+0xed/0x140
[   15.389488]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   15.389519]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.389545]  ? __pfx_mempool_kfree+0x10/0x10
[   15.389574]  ? mempool_kmalloc_double_free+0x32/0x140
[   15.389605]  kunit_try_run_case+0x1a5/0x480
[   15.389633]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.389659]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.389685]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.389712]  ? __kthread_parkme+0x82/0x180
[   15.389735]  ? preempt_count_sub+0x50/0x80
[   15.389761]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.389802]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.389831]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.389857]  kthread+0x337/0x6f0
[   15.389879]  ? trace_preempt_on+0x20/0xc0
[   15.389905]  ? __pfx_kthread+0x10/0x10
[   15.389927]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.389952]  ? calculate_sigpending+0x7b/0xa0
[   15.389979]  ? __pfx_kthread+0x10/0x10
[   15.390004]  ret_from_fork+0x116/0x1d0
[   15.390026]  ? __pfx_kthread+0x10/0x10
[   15.390050]  ret_from_fork_asm+0x1a/0x30
[   15.390086]  </TASK>
[   15.390102] 
[   15.404954] Allocated by task 253:
[   15.405269]  kasan_save_stack+0x45/0x70
[   15.406080]  kasan_save_track+0x18/0x40
[   15.406572]  kasan_save_alloc_info+0x3b/0x50
[   15.407014]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   15.407830]  remove_element+0x11e/0x190
[   15.407999]  mempool_alloc_preallocated+0x4d/0x90
[   15.408412]  mempool_double_free_helper+0x8a/0x370
[   15.408925]  mempool_kmalloc_double_free+0xed/0x140
[   15.409498]  kunit_try_run_case+0x1a5/0x480
[   15.410056]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.410570]  kthread+0x337/0x6f0
[   15.410857]  ret_from_fork+0x116/0x1d0
[   15.411012]  ret_from_fork_asm+0x1a/0x30
[   15.411373] 
[   15.411562] Freed by task 253:
[   15.411903]  kasan_save_stack+0x45/0x70
[   15.412328]  kasan_save_track+0x18/0x40
[   15.412856]  kasan_save_free_info+0x3f/0x60
[   15.413479]  __kasan_mempool_poison_object+0x131/0x1d0
[   15.413817]  mempool_free+0x2ec/0x380
[   15.413969]  mempool_double_free_helper+0x109/0x370
[   15.414194]  mempool_kmalloc_double_free+0xed/0x140
[   15.414752]  kunit_try_run_case+0x1a5/0x480
[   15.415216]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.416009]  kthread+0x337/0x6f0
[   15.416555]  ret_from_fork+0x116/0x1d0
[   15.416968]  ret_from_fork_asm+0x1a/0x30
[   15.417499] 
[   15.417699] The buggy address belongs to the object at ffff8881029f9800
[   15.417699]  which belongs to the cache kmalloc-128 of size 128
[   15.418171] The buggy address is located 0 bytes inside of
[   15.418171]  128-byte region [ffff8881029f9800, ffff8881029f9880)
[   15.419059] 
[   15.419383] The buggy address belongs to the physical page:
[   15.419624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9
[   15.419929] flags: 0x200000000000000(node=0|zone=2)
[   15.420148] page_type: f5(slab)
[   15.420397] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   15.420736] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.421169] page dumped because: kasan: bad access detected
[   15.421510] 
[   15.421630] Memory state around the buggy address:
[   15.421893]  ffff8881029f9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.422336]  ffff8881029f9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.422655] >ffff8881029f9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.422991]                    ^
[   15.423177]  ffff8881029f9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.423471]  ffff8881029f9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.423969] ==================================================================
[   15.458430] ==================================================================
[   15.459284] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.459831] Free of addr ffff888103a6c000 by task kunit_try_catch/257
[   15.460254] 
[   15.460396] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   15.460453] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.460484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.460510] Call Trace:
[   15.460540]  <TASK>
[   15.460561]  dump_stack_lvl+0x73/0xb0
[   15.460598]  print_report+0xd1/0x650
[   15.460625]  ? __virt_addr_valid+0x1db/0x2d0
[   15.460653]  ? kasan_addr_to_slab+0x11/0xa0
[   15.460676]  ? mempool_double_free_helper+0x184/0x370
[   15.460704]  kasan_report_invalid_free+0x10a/0x130
[   15.460754]  ? mempool_double_free_helper+0x184/0x370
[   15.460784]  ? mempool_double_free_helper+0x184/0x370
[   15.460823]  __kasan_mempool_poison_pages+0x115/0x130
[   15.460851]  mempool_free+0x290/0x380
[   15.460878]  mempool_double_free_helper+0x184/0x370
[   15.460905]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.460931]  ? update_load_avg+0x1be/0x21b0
[   15.460957]  ? dequeue_entities+0x27e/0x1740
[   15.460985]  ? finish_task_switch.isra.0+0x153/0x700
[   15.461014]  mempool_page_alloc_double_free+0xe8/0x140
[   15.461043]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   15.461074]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   15.461110]  ? __pfx_mempool_free_pages+0x10/0x10
[   15.461185]  ? __pfx_read_tsc+0x10/0x10
[   15.461213]  ? ktime_get_ts64+0x86/0x230
[   15.461241]  kunit_try_run_case+0x1a5/0x480
[   15.461271]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.461295]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.461323]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.461357]  ? __kthread_parkme+0x82/0x180
[   15.461382]  ? preempt_count_sub+0x50/0x80
[   15.461408]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.461435]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.461460]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.461486]  kthread+0x337/0x6f0
[   15.461507]  ? trace_preempt_on+0x20/0xc0
[   15.461534]  ? __pfx_kthread+0x10/0x10
[   15.461557]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.461580]  ? calculate_sigpending+0x7b/0xa0
[   15.461608]  ? __pfx_kthread+0x10/0x10
[   15.461631]  ret_from_fork+0x116/0x1d0
[   15.461654]  ? __pfx_kthread+0x10/0x10
[   15.461676]  ret_from_fork_asm+0x1a/0x30
[   15.461713]  </TASK>
[   15.461727] 
[   15.472938] The buggy address belongs to the physical page:
[   15.473275] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a6c
[   15.473737] flags: 0x200000000000000(node=0|zone=2)
[   15.474035] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   15.474608] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   15.474898] page dumped because: kasan: bad access detected
[   15.475091] 
[   15.475205] Memory state around the buggy address:
[   15.475457]  ffff888103a6bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.475840]  ffff888103a6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.476296] >ffff888103a6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.476611]                    ^
[   15.476837]  ffff888103a6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.477211]  ffff888103a6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.477868] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zTZX5aSUAhJVwr3xqAbJP8OBr6

job_id

TEST:linaro@lkft#2zTZcFbN6XeQzYXjm7UmlxHMasy

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zTZcFbN6XeQzYXjm7UmlxHMasy

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZZFZAMBT45oZ2s8wBIxmVp9n/bzImage
sha256sum	a2b57e07193da995daf026b5840aa05cee4f700ac8e7cbccc02c96a1257e68ad

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZZFZAMBT45oZ2s8wBIxmVp9n/modules.tar.xz
sha256sum	335a214650c08e1986ed91f91f100ecc17a4575dda8f8222f7bc05b16bc937f5

durations

tests

boot	0
kunit	257.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit