lkft/linux-mainline-master - v6.16-rc6-2-g155a3c003e55 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 15, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.641927] ==================================================================
[   17.641989] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.642067] Free of addr fff00000c78f4000 by task kunit_try_catch/238
[   17.642110] 
[   17.642149] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.642246] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.642272] Hardware name: linux,dummy-virt (DT)
[   17.642314] Call trace:
[   17.642336]  show_stack+0x20/0x38 (C)
[   17.642384]  dump_stack_lvl+0x8c/0xd0
[   17.642433]  print_report+0x118/0x5d0
[   17.642523]  kasan_report_invalid_free+0xc0/0xe8
[   17.642575]  __kasan_mempool_poison_object+0x14c/0x150
[   17.642628]  mempool_free+0x28c/0x328
[   17.642671]  mempool_double_free_helper+0x150/0x2e8
[   17.642720]  mempool_kmalloc_large_double_free+0xc0/0x118
[   17.642770]  kunit_try_run_case+0x170/0x3f0
[   17.642837]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.642891]  kthread+0x328/0x630
[   17.642939]  ret_from_fork+0x10/0x20
[   17.643023] 
[   17.643071] The buggy address belongs to the physical page:
[   17.643105] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078f4
[   17.643210] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.643266] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.643350] page_type: f8(unknown)
[   17.643390] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.643486] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.643573] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.643627] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.643702] head: 0bfffe0000000002 ffffc1ffc31e3d01 00000000ffffffff 00000000ffffffff
[   17.643772] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.643839] page dumped because: kasan: bad access detected
[   17.643871] 
[   17.643888] Memory state around the buggy address:
[   17.643919]  fff00000c78f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.644049]  fff00000c78f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.644095] >fff00000c78f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.644134]                    ^
[   17.644204]  fff00000c78f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.644248]  fff00000c78f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.644341] ==================================================================
[   17.614952] ==================================================================
[   17.615018] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.615077] Free of addr fff00000c5962a00 by task kunit_try_catch/236
[   17.615119] 
[   17.615153] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.616195] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.616499] Hardware name: linux,dummy-virt (DT)
[   17.616859] Call trace:
[   17.617167]  show_stack+0x20/0x38 (C)
[   17.617273]  dump_stack_lvl+0x8c/0xd0
[   17.617348]  print_report+0x118/0x5d0
[   17.617451]  kasan_report_invalid_free+0xc0/0xe8
[   17.617547]  check_slab_allocation+0xd4/0x108
[   17.617691]  __kasan_mempool_poison_object+0x78/0x150
[   17.618145]  mempool_free+0x28c/0x328
[   17.618216]  mempool_double_free_helper+0x150/0x2e8
[   17.618653]  mempool_kmalloc_double_free+0xc0/0x118
[   17.618721]  kunit_try_run_case+0x170/0x3f0
[   17.618986]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.619106]  kthread+0x328/0x630
[   17.619174]  ret_from_fork+0x10/0x20
[   17.619297] 
[   17.619468] Allocated by task 236:
[   17.619501]  kasan_save_stack+0x3c/0x68
[   17.619858]  kasan_save_track+0x20/0x40
[   17.620126]  kasan_save_alloc_info+0x40/0x58
[   17.620172]  __kasan_mempool_unpoison_object+0x11c/0x180
[   17.620224]  remove_element+0x130/0x1f8
[   17.620259]  mempool_alloc_preallocated+0x58/0xc0
[   17.620710]  mempool_double_free_helper+0x94/0x2e8
[   17.620761]  mempool_kmalloc_double_free+0xc0/0x118
[   17.620913]  kunit_try_run_case+0x170/0x3f0
[   17.621130]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.621411]  kthread+0x328/0x630
[   17.621479]  ret_from_fork+0x10/0x20
[   17.621541] 
[   17.621568] Freed by task 236:
[   17.621596]  kasan_save_stack+0x3c/0x68
[   17.621769]  kasan_save_track+0x20/0x40
[   17.622015]  kasan_save_free_info+0x4c/0x78
[   17.622235]  __kasan_mempool_poison_object+0xc0/0x150
[   17.622281]  mempool_free+0x28c/0x328
[   17.622776]  mempool_double_free_helper+0x100/0x2e8
[   17.622841]  mempool_kmalloc_double_free+0xc0/0x118
[   17.622881]  kunit_try_run_case+0x170/0x3f0
[   17.622918]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.622961]  kthread+0x328/0x630
[   17.622995]  ret_from_fork+0x10/0x20
[   17.623029] 
[   17.623814] The buggy address belongs to the object at fff00000c5962a00
[   17.623814]  which belongs to the cache kmalloc-128 of size 128
[   17.624331] The buggy address is located 0 bytes inside of
[   17.624331]  128-byte region [fff00000c5962a00, fff00000c5962a80)
[   17.624782] 
[   17.624805] The buggy address belongs to the physical page:
[   17.625554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105962
[   17.626193] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.626252] page_type: f5(slab)
[   17.626291] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.627317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.627394] page dumped because: kasan: bad access detected
[   17.627682] 
[   17.627701] Memory state around the buggy address:
[   17.627737]  fff00000c5962900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.627783]  fff00000c5962980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.628799] >fff00000c5962a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.628865]                    ^
[   17.628894]  fff00000c5962a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.629377]  fff00000c5962b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.629748] ==================================================================
[   17.650212] ==================================================================
[   17.650296] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.650389] Free of addr fff00000c78f4000 by task kunit_try_catch/240
[   17.650432] 
[   17.650460] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.650569] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.650639] Hardware name: linux,dummy-virt (DT)
[   17.650676] Call trace:
[   17.650696]  show_stack+0x20/0x38 (C)
[   17.650744]  dump_stack_lvl+0x8c/0xd0
[   17.651045]  print_report+0x118/0x5d0
[   17.651099]  kasan_report_invalid_free+0xc0/0xe8
[   17.651207]  __kasan_mempool_poison_pages+0xe0/0xe8
[   17.651289]  mempool_free+0x24c/0x328
[   17.651334]  mempool_double_free_helper+0x150/0x2e8
[   17.651382]  mempool_page_alloc_double_free+0xbc/0x118
[   17.651432]  kunit_try_run_case+0x170/0x3f0
[   17.651488]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.651550]  kthread+0x328/0x630
[   17.651593]  ret_from_fork+0x10/0x20
[   17.651648] 
[   17.651667] The buggy address belongs to the physical page:
[   17.651699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078f4
[   17.651762] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.651821] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   17.651870] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.651910] page dumped because: kasan: bad access detected
[   17.651950] 
[   17.651975] Memory state around the buggy address:
[   17.652005]  fff00000c78f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.652054]  fff00000c78f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.652109] >fff00000c78f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.652146]                    ^
[   17.652173]  fff00000c78f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.652225]  fff00000c78f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.652263] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP10Uvq3v7pNP5Dz5FpJPvIM7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP10Uvq3v7pNP5Dz5FpJPvIM7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/Image.gz
sha256sum	5a0d130704720f4526a2744fe4c07d1dc11e96f7c77a2725cbb1e7b19399a7ae

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/modules.tar.xz
sha256sum	5545751b55566af933425aa17face5fb1f95b6bef7d17212e64661e6fa4f872f

durations

tests

boot	0
kunit	176.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   14.198705] ==================================================================
[   14.199849] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   14.200175] Free of addr ffff8881029d4000 by task kunit_try_catch/254
[   14.201060] 
[   14.201184] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.201234] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.201247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.201267] Call Trace:
[   14.201279]  <TASK>
[   14.201295]  dump_stack_lvl+0x73/0xb0
[   14.201728]  print_report+0xd1/0x610
[   14.201781]  ? __virt_addr_valid+0x1db/0x2d0
[   14.201809]  ? kasan_addr_to_slab+0x11/0xa0
[   14.201830]  ? mempool_double_free_helper+0x184/0x370
[   14.201855]  kasan_report_invalid_free+0x10a/0x130
[   14.201881]  ? mempool_double_free_helper+0x184/0x370
[   14.201909]  ? mempool_double_free_helper+0x184/0x370
[   14.201933]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   14.201959]  mempool_free+0x2ec/0x380
[   14.201988]  mempool_double_free_helper+0x184/0x370
[   14.202014]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   14.202042]  ? __pfx_sched_clock_cpu+0x10/0x10
[   14.202065]  ? finish_task_switch.isra.0+0x153/0x700
[   14.202093]  mempool_kmalloc_large_double_free+0xed/0x140
[   14.202119]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   14.202149]  ? __pfx_mempool_kmalloc+0x10/0x10
[   14.202173]  ? __pfx_mempool_kfree+0x10/0x10
[   14.202199]  ? __pfx_read_tsc+0x10/0x10
[   14.202220]  ? ktime_get_ts64+0x86/0x230
[   14.202246]  kunit_try_run_case+0x1a5/0x480
[   14.202271]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.202295]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.202416]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.202458]  ? __kthread_parkme+0x82/0x180
[   14.202482]  ? preempt_count_sub+0x50/0x80
[   14.202507]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.202532]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.202558]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.202584]  kthread+0x337/0x6f0
[   14.202604]  ? trace_preempt_on+0x20/0xc0
[   14.202628]  ? __pfx_kthread+0x10/0x10
[   14.202650]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.202672]  ? calculate_sigpending+0x7b/0xa0
[   14.202697]  ? __pfx_kthread+0x10/0x10
[   14.202719]  ret_from_fork+0x116/0x1d0
[   14.202738]  ? __pfx_kthread+0x10/0x10
[   14.202770]  ret_from_fork_asm+0x1a/0x30
[   14.202802]  </TASK>
[   14.202813] 
[   14.217666] The buggy address belongs to the physical page:
[   14.218138] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d4
[   14.218598] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   14.219274] flags: 0x200000000000040(head|node=0|zone=2)
[   14.219950] page_type: f8(unknown)
[   14.220216] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.220870] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.221115] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.221424] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.221865] head: 0200000000000002 ffffea00040a7501 00000000ffffffff 00000000ffffffff
[   14.222195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   14.222626] page dumped because: kasan: bad access detected
[   14.223125] 
[   14.223202] Memory state around the buggy address:
[   14.223575]  ffff8881029d3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.223922]  ffff8881029d3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.224269] >ffff8881029d4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.224695]                    ^
[   14.224932]  ffff8881029d4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.225267]  ffff8881029d4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.225818] ==================================================================
[   14.153584] ==================================================================
[   14.154773] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   14.155555] Free of addr ffff8881038e2000 by task kunit_try_catch/252
[   14.156537] 
[   14.156829] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.156878] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.156890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.156912] Call Trace:
[   14.156925]  <TASK>
[   14.156940]  dump_stack_lvl+0x73/0xb0
[   14.156987]  print_report+0xd1/0x610
[   14.157011]  ? __virt_addr_valid+0x1db/0x2d0
[   14.157036]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.157074]  ? mempool_double_free_helper+0x184/0x370
[   14.157101]  kasan_report_invalid_free+0x10a/0x130
[   14.157127]  ? mempool_double_free_helper+0x184/0x370
[   14.157154]  ? mempool_double_free_helper+0x184/0x370
[   14.157179]  ? mempool_double_free_helper+0x184/0x370
[   14.157203]  check_slab_allocation+0x101/0x130
[   14.157226]  __kasan_mempool_poison_object+0x91/0x1d0
[   14.157252]  mempool_free+0x2ec/0x380
[   14.157281]  mempool_double_free_helper+0x184/0x370
[   14.157305]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   14.157373]  ? update_load_avg+0x1be/0x21b0
[   14.157400]  ? update_load_avg+0x1be/0x21b0
[   14.157421]  ? update_curr+0x80/0x810
[   14.157457]  ? finish_task_switch.isra.0+0x153/0x700
[   14.157484]  mempool_kmalloc_double_free+0xed/0x140
[   14.157509]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   14.157538]  ? __pfx_mempool_kmalloc+0x10/0x10
[   14.157561]  ? __pfx_mempool_kfree+0x10/0x10
[   14.157587]  ? __pfx_read_tsc+0x10/0x10
[   14.157609]  ? ktime_get_ts64+0x86/0x230
[   14.157634]  kunit_try_run_case+0x1a5/0x480
[   14.157660]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.157683]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.157709]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.157734]  ? __kthread_parkme+0x82/0x180
[   14.157765]  ? preempt_count_sub+0x50/0x80
[   14.157790]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.157815]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.157840]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.157866]  kthread+0x337/0x6f0
[   14.157886]  ? trace_preempt_on+0x20/0xc0
[   14.157910]  ? __pfx_kthread+0x10/0x10
[   14.157931]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.157953]  ? calculate_sigpending+0x7b/0xa0
[   14.157978]  ? __pfx_kthread+0x10/0x10
[   14.158000]  ret_from_fork+0x116/0x1d0
[   14.158020]  ? __pfx_kthread+0x10/0x10
[   14.158040]  ret_from_fork_asm+0x1a/0x30
[   14.158072]  </TASK>
[   14.158082] 
[   14.174971] Allocated by task 252:
[   14.175207]  kasan_save_stack+0x45/0x70
[   14.175672]  kasan_save_track+0x18/0x40
[   14.176027]  kasan_save_alloc_info+0x3b/0x50
[   14.176178]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   14.176439]  remove_element+0x11e/0x190
[   14.176827]  mempool_alloc_preallocated+0x4d/0x90
[   14.177266]  mempool_double_free_helper+0x8a/0x370
[   14.177811]  mempool_kmalloc_double_free+0xed/0x140
[   14.178268]  kunit_try_run_case+0x1a5/0x480
[   14.178713]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.179117]  kthread+0x337/0x6f0
[   14.179243]  ret_from_fork+0x116/0x1d0
[   14.179590]  ret_from_fork_asm+0x1a/0x30
[   14.180004] 
[   14.180164] Freed by task 252:
[   14.180535]  kasan_save_stack+0x45/0x70
[   14.181039]  kasan_save_track+0x18/0x40
[   14.181492]  kasan_save_free_info+0x3f/0x60
[   14.181786]  __kasan_mempool_poison_object+0x131/0x1d0
[   14.182121]  mempool_free+0x2ec/0x380
[   14.182503]  mempool_double_free_helper+0x109/0x370
[   14.182809]  mempool_kmalloc_double_free+0xed/0x140
[   14.182978]  kunit_try_run_case+0x1a5/0x480
[   14.183126]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.183303]  kthread+0x337/0x6f0
[   14.183664]  ret_from_fork+0x116/0x1d0
[   14.184049]  ret_from_fork_asm+0x1a/0x30
[   14.184624] 
[   14.184836] The buggy address belongs to the object at ffff8881038e2000
[   14.184836]  which belongs to the cache kmalloc-128 of size 128
[   14.186063] The buggy address is located 0 bytes inside of
[   14.186063]  128-byte region [ffff8881038e2000, ffff8881038e2080)
[   14.187194] 
[   14.187273] The buggy address belongs to the physical page:
[   14.187794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2
[   14.188432] flags: 0x200000000000000(node=0|zone=2)
[   14.188894] page_type: f5(slab)
[   14.189021] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   14.189254] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   14.189911] page dumped because: kasan: bad access detected
[   14.190560] 
[   14.190772] Memory state around the buggy address:
[   14.191210]  ffff8881038e1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.191962]  ffff8881038e1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.192502] >ffff8881038e2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.193066]                    ^
[   14.193186]  ffff8881038e2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.193559]  ffff8881038e2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.194268] ==================================================================
[   14.228898] ==================================================================
[   14.229804] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   14.230122] Free of addr ffff8881039c8000 by task kunit_try_catch/256
[   14.230526] 
[   14.230661] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.230706] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.230717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.230739] Call Trace:
[   14.230750]  <TASK>
[   14.230777]  dump_stack_lvl+0x73/0xb0
[   14.230834]  print_report+0xd1/0x610
[   14.230857]  ? __virt_addr_valid+0x1db/0x2d0
[   14.230882]  ? kasan_addr_to_slab+0x11/0xa0
[   14.230904]  ? mempool_double_free_helper+0x184/0x370
[   14.230929]  kasan_report_invalid_free+0x10a/0x130
[   14.230956]  ? mempool_double_free_helper+0x184/0x370
[   14.230983]  ? mempool_double_free_helper+0x184/0x370
[   14.231008]  __kasan_mempool_poison_pages+0x115/0x130
[   14.231034]  mempool_free+0x290/0x380
[   14.231061]  mempool_double_free_helper+0x184/0x370
[   14.231086]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   14.231116]  ? finish_task_switch.isra.0+0x153/0x700
[   14.231143]  mempool_page_alloc_double_free+0xe8/0x140
[   14.231170]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   14.231199]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   14.231224]  ? __pfx_mempool_free_pages+0x10/0x10
[   14.231251]  ? __pfx_read_tsc+0x10/0x10
[   14.231272]  ? ktime_get_ts64+0x86/0x230
[   14.231296]  kunit_try_run_case+0x1a5/0x480
[   14.231321]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.231379]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.231404]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.231428]  ? __kthread_parkme+0x82/0x180
[   14.231456]  ? preempt_count_sub+0x50/0x80
[   14.231481]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.231506]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.231531]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.231557]  kthread+0x337/0x6f0
[   14.231578]  ? trace_preempt_on+0x20/0xc0
[   14.231601]  ? __pfx_kthread+0x10/0x10
[   14.231622]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.231645]  ? calculate_sigpending+0x7b/0xa0
[   14.231669]  ? __pfx_kthread+0x10/0x10
[   14.231691]  ret_from_fork+0x116/0x1d0
[   14.231711]  ? __pfx_kthread+0x10/0x10
[   14.231732]  ret_from_fork_asm+0x1a/0x30
[   14.231773]  </TASK>
[   14.231783] 
[   14.241191] The buggy address belongs to the physical page:
[   14.241617] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8
[   14.241999] flags: 0x200000000000000(node=0|zone=2)
[   14.242246] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   14.242742] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   14.243033] page dumped because: kasan: bad access detected
[   14.243225] 
[   14.243318] Memory state around the buggy address:
[   14.243839]  ffff8881039c7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.244176]  ffff8881039c7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.244497] >ffff8881039c8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.245030]                    ^
[   14.245191]  ffff8881039c8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.245608]  ffff8881039c8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.245973] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP26Tk5EJZ1G6GaUB8xY8QPvA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP26Tk5EJZ1G6GaUB8xY8QPvA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/bzImage
sha256sum	7f84fda91605b0af54dfe2d5c5260bb6187dbc13cda660557c6c08afdfffa70b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/modules.tar.xz
sha256sum	de8e55555874efdb420c4953f6a34916082341d76415460497e1eaea92137ba8

durations

tests

boot	0
kunit	205.20

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit