lkft/linux-mainline-master - v6.16-rc6-253-g4871b7cb27f4 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 19, 2025, 11:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.391192] ==================================================================
[   17.391370] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.391611] Free of addr fff00000c776c000 by task kunit_try_catch/240
[   17.391825] 
[   17.391997] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.392078] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.392105] Hardware name: linux,dummy-virt (DT)
[   17.392144] Call trace:
[   17.392264]  show_stack+0x20/0x38 (C)
[   17.392367]  dump_stack_lvl+0x8c/0xd0
[   17.392486]  print_report+0x118/0x5d0
[   17.392544]  kasan_report_invalid_free+0xc0/0xe8
[   17.392594]  __kasan_mempool_poison_pages+0xe0/0xe8
[   17.392644]  mempool_free+0x24c/0x328
[   17.392733]  mempool_double_free_helper+0x150/0x2e8
[   17.392785]  mempool_page_alloc_double_free+0xbc/0x118
[   17.393156]  kunit_try_run_case+0x170/0x3f0
[   17.393415]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.393505]  kthread+0x328/0x630
[   17.393810]  ret_from_fork+0x10/0x20
[   17.393876] 
[   17.393920] The buggy address belongs to the physical page:
[   17.394073] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10776c
[   17.394126] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.394188] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   17.394276] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.394527] page dumped because: kasan: bad access detected
[   17.394572] 
[   17.394620] Memory state around the buggy address:
[   17.394652]  fff00000c776bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.394696]  fff00000c776bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.394739] >fff00000c776c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.394778]                    ^
[   17.394805]  fff00000c776c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.395153]  fff00000c776c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.395248] ==================================================================
[   17.378051] ==================================================================
[   17.378132] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.378184] Free of addr fff00000c776c000 by task kunit_try_catch/238
[   17.378720] 
[   17.378758] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.378879] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.378918] Hardware name: linux,dummy-virt (DT)
[   17.378949] Call trace:
[   17.378970]  show_stack+0x20/0x38 (C)
[   17.379023]  dump_stack_lvl+0x8c/0xd0
[   17.379070]  print_report+0x118/0x5d0
[   17.379119]  kasan_report_invalid_free+0xc0/0xe8
[   17.379213]  __kasan_mempool_poison_object+0x14c/0x150
[   17.379478]  mempool_free+0x28c/0x328
[   17.379542]  mempool_double_free_helper+0x150/0x2e8
[   17.379592]  mempool_kmalloc_large_double_free+0xc0/0x118
[   17.379866]  kunit_try_run_case+0x170/0x3f0
[   17.379921]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.379978]  kthread+0x328/0x630
[   17.380021]  ret_from_fork+0x10/0x20
[   17.380091] 
[   17.380205] The buggy address belongs to the physical page:
[   17.380378] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10776c
[   17.380640] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.380785] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.380841] page_type: f8(unknown)
[   17.380880] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.380932] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.380981] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.381064] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.381269] head: 0bfffe0000000002 ffffc1ffc31ddb01 00000000ffffffff 00000000ffffffff
[   17.381325] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.381390] page dumped because: kasan: bad access detected
[   17.381420] 
[   17.381440] Memory state around the buggy address:
[   17.381470]  fff00000c776bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.381635]  fff00000c776bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.381680] >fff00000c776c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.381923]                    ^
[   17.381953]  fff00000c776c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.382085]  fff00000c776c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.382157] ==================================================================
[   17.364765] ==================================================================
[   17.364825] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.364876] Free of addr fff00000c6e65c00 by task kunit_try_catch/236
[   17.364918] 
[   17.364949] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.365029] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.365055] Hardware name: linux,dummy-virt (DT)
[   17.365104] Call trace:
[   17.365127]  show_stack+0x20/0x38 (C)
[   17.365176]  dump_stack_lvl+0x8c/0xd0
[   17.365312]  print_report+0x118/0x5d0
[   17.365625]  kasan_report_invalid_free+0xc0/0xe8
[   17.365722]  check_slab_allocation+0xd4/0x108
[   17.365773]  __kasan_mempool_poison_object+0x78/0x150
[   17.366149]  mempool_free+0x28c/0x328
[   17.366219]  mempool_double_free_helper+0x150/0x2e8
[   17.366269]  mempool_kmalloc_double_free+0xc0/0x118
[   17.366320]  kunit_try_run_case+0x170/0x3f0
[   17.366366]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.366424]  kthread+0x328/0x630
[   17.366477]  ret_from_fork+0x10/0x20
[   17.366526] 
[   17.366555] Allocated by task 236:
[   17.366696]  kasan_save_stack+0x3c/0x68
[   17.366741]  kasan_save_track+0x20/0x40
[   17.366866]  kasan_save_alloc_info+0x40/0x58
[   17.367067]  __kasan_mempool_unpoison_object+0x11c/0x180
[   17.367123]  remove_element+0x130/0x1f8
[   17.367158]  mempool_alloc_preallocated+0x58/0xc0
[   17.367275]  mempool_double_free_helper+0x94/0x2e8
[   17.367314]  mempool_kmalloc_double_free+0xc0/0x118
[   17.367355]  kunit_try_run_case+0x170/0x3f0
[   17.367393]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.367471]  kthread+0x328/0x630
[   17.367504]  ret_from_fork+0x10/0x20
[   17.367872] 
[   17.367896] Freed by task 236:
[   17.368198]  kasan_save_stack+0x3c/0x68
[   17.368242]  kasan_save_track+0x20/0x40
[   17.368280]  kasan_save_free_info+0x4c/0x78
[   17.368320]  __kasan_mempool_poison_object+0xc0/0x150
[   17.368364]  mempool_free+0x28c/0x328
[   17.368717]  mempool_double_free_helper+0x100/0x2e8
[   17.368775]  mempool_kmalloc_double_free+0xc0/0x118
[   17.368815]  kunit_try_run_case+0x170/0x3f0
[   17.368853]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.368896]  kthread+0x328/0x630
[   17.368929]  ret_from_fork+0x10/0x20
[   17.368963] 
[   17.368984] The buggy address belongs to the object at fff00000c6e65c00
[   17.368984]  which belongs to the cache kmalloc-128 of size 128
[   17.369045] The buggy address is located 0 bytes inside of
[   17.369045]  128-byte region [fff00000c6e65c00, fff00000c6e65c80)
[   17.369106] 
[   17.369135] The buggy address belongs to the physical page:
[   17.369164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e65
[   17.369376] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.369429] page_type: f5(slab)
[   17.369467] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.369641] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.369934] page dumped because: kasan: bad access detected
[   17.369965] 
[   17.369984] Memory state around the buggy address:
[   17.370015]  fff00000c6e65b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.370060]  fff00000c6e65b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.370133] >fff00000c6e65c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.370266]                    ^
[   17.370298]  fff00000c6e65c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.370463]  fff00000c6e65d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.370501] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hjrHVuMhrP4C74zJJY45Voxp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hjrHVuMhrP4C74zJJY45Voxp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/Image.gz
sha256sum	c169ac4c7e9b0e4bbf64da467768ab89f00b0225b3c522460b0d6d662bcd1ac5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/modules.tar.xz
sha256sum	999d2f5e28bad9d0877e65fac807375f30017fd2497321fa0aded245299f46f3

durations

tests

boot	0
kunit	166.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   13.659638] ==================================================================
[   13.660096] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.660516] Free of addr ffff8881027f9000 by task kunit_try_catch/253
[   13.660802] 
[   13.660960] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.661217] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.661231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.661255] Call Trace:
[   13.661268]  <TASK>
[   13.661286]  dump_stack_lvl+0x73/0xb0
[   13.661320]  print_report+0xd1/0x610
[   13.661343]  ? __virt_addr_valid+0x1db/0x2d0
[   13.661367]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.661389]  ? mempool_double_free_helper+0x184/0x370
[   13.661414]  kasan_report_invalid_free+0x10a/0x130
[   13.661438]  ? mempool_double_free_helper+0x184/0x370
[   13.661464]  ? mempool_double_free_helper+0x184/0x370
[   13.661487]  ? mempool_double_free_helper+0x184/0x370
[   13.661523]  check_slab_allocation+0x101/0x130
[   13.661545]  __kasan_mempool_poison_object+0x91/0x1d0
[   13.661570]  mempool_free+0x2ec/0x380
[   13.661596]  mempool_double_free_helper+0x184/0x370
[   13.661620]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.661644]  ? update_curr+0x5c1/0x810
[   13.661672]  mempool_kmalloc_double_free+0xed/0x140
[   13.661696]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   13.661720]  ? schedule+0x7c/0x2e0
[   13.661743]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.661764]  ? __pfx_mempool_kfree+0x10/0x10
[   13.661788]  ? __pfx_read_tsc+0x10/0x10
[   13.661809]  ? ktime_get_ts64+0x86/0x230
[   13.661833]  kunit_try_run_case+0x1a5/0x480
[   13.661858]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.661880]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.661904]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.661927]  ? __kthread_parkme+0x82/0x180
[   13.661948]  ? preempt_count_sub+0x50/0x80
[   13.661970]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.661994]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.662016]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.662040]  kthread+0x337/0x6f0
[   13.662070]  ? trace_preempt_on+0x20/0xc0
[   13.662093]  ? __pfx_kthread+0x10/0x10
[   13.662113]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.662135]  ? calculate_sigpending+0x7b/0xa0
[   13.662158]  ? __pfx_kthread+0x10/0x10
[   13.662179]  ret_from_fork+0x116/0x1d0
[   13.662202]  ? __pfx_kthread+0x10/0x10
[   13.662221]  ret_from_fork_asm+0x1a/0x30
[   13.662251]  </TASK>
[   13.662262] 
[   13.672752] Allocated by task 253:
[   13.672914]  kasan_save_stack+0x45/0x70
[   13.673150]  kasan_save_track+0x18/0x40
[   13.673877]  kasan_save_alloc_info+0x3b/0x50
[   13.674322]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.674613]  remove_element+0x11e/0x190
[   13.674797]  mempool_alloc_preallocated+0x4d/0x90
[   13.675005]  mempool_double_free_helper+0x8a/0x370
[   13.675522]  mempool_kmalloc_double_free+0xed/0x140
[   13.675741]  kunit_try_run_case+0x1a5/0x480
[   13.675937]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.676810]  kthread+0x337/0x6f0
[   13.677128]  ret_from_fork+0x116/0x1d0
[   13.677327]  ret_from_fork_asm+0x1a/0x30
[   13.677518] 
[   13.677607] Freed by task 253:
[   13.677752]  kasan_save_stack+0x45/0x70
[   13.677923]  kasan_save_track+0x18/0x40
[   13.678623]  kasan_save_free_info+0x3f/0x60
[   13.679252]  __kasan_mempool_poison_object+0x131/0x1d0
[   13.679576]  mempool_free+0x2ec/0x380
[   13.680010]  mempool_double_free_helper+0x109/0x370
[   13.680451]  mempool_kmalloc_double_free+0xed/0x140
[   13.680639]  kunit_try_run_case+0x1a5/0x480
[   13.680846]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.681045]  kthread+0x337/0x6f0
[   13.681197]  ret_from_fork+0x116/0x1d0
[   13.681463]  ret_from_fork_asm+0x1a/0x30
[   13.681692] 
[   13.681789] The buggy address belongs to the object at ffff8881027f9000
[   13.681789]  which belongs to the cache kmalloc-128 of size 128
[   13.682338] The buggy address is located 0 bytes inside of
[   13.682338]  128-byte region [ffff8881027f9000, ffff8881027f9080)
[   13.682784] 
[   13.682875] The buggy address belongs to the physical page:
[   13.683078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027f9
[   13.683470] flags: 0x200000000000000(node=0|zone=2)
[   13.683722] page_type: f5(slab)
[   13.683845] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.684070] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.684742] page dumped because: kasan: bad access detected
[   13.684943] 
[   13.685035] Memory state around the buggy address:
[   13.685453]  ffff8881027f8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.685773]  ffff8881027f8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.686066] >ffff8881027f9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.686397]                    ^
[   13.686525]  ffff8881027f9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.686822]  ffff8881027f9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.687262] ==================================================================
[   13.717329] ==================================================================
[   13.717871] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.718172] Free of addr ffff888103960000 by task kunit_try_catch/257
[   13.718666] 
[   13.718791] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.718839] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.718851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.718874] Call Trace:
[   13.718888]  <TASK>
[   13.718904]  dump_stack_lvl+0x73/0xb0
[   13.718936]  print_report+0xd1/0x610
[   13.718959]  ? __virt_addr_valid+0x1db/0x2d0
[   13.718983]  ? kasan_addr_to_slab+0x11/0xa0
[   13.719003]  ? mempool_double_free_helper+0x184/0x370
[   13.719028]  kasan_report_invalid_free+0x10a/0x130
[   13.719115]  ? mempool_double_free_helper+0x184/0x370
[   13.719144]  ? mempool_double_free_helper+0x184/0x370
[   13.719167]  __kasan_mempool_poison_pages+0x115/0x130
[   13.719192]  mempool_free+0x290/0x380
[   13.719220]  mempool_double_free_helper+0x184/0x370
[   13.719244]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.719283]  ? update_load_avg+0x1be/0x21b0
[   13.719309]  ? finish_task_switch.isra.0+0x153/0x700
[   13.719335]  mempool_page_alloc_double_free+0xe8/0x140
[   13.719361]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   13.719388]  ? __kasan_check_write+0x18/0x20
[   13.719408]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   13.719431]  ? __pfx_mempool_free_pages+0x10/0x10
[   13.719457]  ? __pfx_read_tsc+0x10/0x10
[   13.719478]  ? ktime_get_ts64+0x86/0x230
[   13.719511]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.719538]  kunit_try_run_case+0x1a5/0x480
[   13.719565]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.719590]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.719616]  ? __kthread_parkme+0x82/0x180
[   13.719638]  ? preempt_count_sub+0x50/0x80
[   13.719660]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.719683]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.719707]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.719731]  kthread+0x337/0x6f0
[   13.719749]  ? trace_preempt_on+0x20/0xc0
[   13.719773]  ? __pfx_kthread+0x10/0x10
[   13.719793]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.719816]  ? calculate_sigpending+0x7b/0xa0
[   13.719840]  ? __pfx_kthread+0x10/0x10
[   13.719861]  ret_from_fork+0x116/0x1d0
[   13.719880]  ? __pfx_kthread+0x10/0x10
[   13.719899]  ret_from_fork_asm+0x1a/0x30
[   13.719931]  </TASK>
[   13.719942] 
[   13.728245] The buggy address belongs to the physical page:
[   13.728513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103960
[   13.728875] flags: 0x200000000000000(node=0|zone=2)
[   13.729124] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   13.729583] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   13.729834] page dumped because: kasan: bad access detected
[   13.730091] 
[   13.730516] Memory state around the buggy address:
[   13.730766]  ffff88810395ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.731512]  ffff88810395ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.731830] >ffff888103960000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.732247]                    ^
[   13.732414]  ffff888103960080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.732687]  ffff888103960100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.732941] ==================================================================
[   13.694243] ==================================================================
[   13.694741] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.695062] Free of addr ffff888103934000 by task kunit_try_catch/255
[   13.695363] 
[   13.695623] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.695676] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.695688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.695711] Call Trace:
[   13.695725]  <TASK>
[   13.695742]  dump_stack_lvl+0x73/0xb0
[   13.695775]  print_report+0xd1/0x610
[   13.695796]  ? __virt_addr_valid+0x1db/0x2d0
[   13.695821]  ? kasan_addr_to_slab+0x11/0xa0
[   13.695842]  ? mempool_double_free_helper+0x184/0x370
[   13.695867]  kasan_report_invalid_free+0x10a/0x130
[   13.695891]  ? mempool_double_free_helper+0x184/0x370
[   13.695917]  ? mempool_double_free_helper+0x184/0x370
[   13.695943]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   13.695969]  mempool_free+0x2ec/0x380
[   13.695996]  mempool_double_free_helper+0x184/0x370
[   13.696021]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.696348]  ? update_curr+0x5c1/0x810
[   13.696382]  mempool_kmalloc_large_double_free+0xed/0x140
[   13.696408]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   13.696433]  ? schedule+0x7c/0x2e0
[   13.696455]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.696478]  ? __pfx_mempool_kfree+0x10/0x10
[   13.696517]  ? __pfx_read_tsc+0x10/0x10
[   13.696538]  ? ktime_get_ts64+0x86/0x230
[   13.696563]  kunit_try_run_case+0x1a5/0x480
[   13.696588]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.696610]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.696634]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.696658]  ? __kthread_parkme+0x82/0x180
[   13.696678]  ? preempt_count_sub+0x50/0x80
[   13.696702]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.696725]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.696748]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.696771]  kthread+0x337/0x6f0
[   13.696789]  ? trace_preempt_on+0x20/0xc0
[   13.696813]  ? __pfx_kthread+0x10/0x10
[   13.696832]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.696853]  ? calculate_sigpending+0x7b/0xa0
[   13.696878]  ? __pfx_kthread+0x10/0x10
[   13.696898]  ret_from_fork+0x116/0x1d0
[   13.696917]  ? __pfx_kthread+0x10/0x10
[   13.696936]  ret_from_fork_asm+0x1a/0x30
[   13.696966]  </TASK>
[   13.696977] 
[   13.705430] The buggy address belongs to the physical page:
[   13.705715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103934
[   13.706078] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.706644] flags: 0x200000000000040(head|node=0|zone=2)
[   13.706873] page_type: f8(unknown)
[   13.707014] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.707675] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.707989] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.708286] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.708529] head: 0200000000000002 ffffea00040e4d01 00000000ffffffff 00000000ffffffff
[   13.708767] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.709369] page dumped because: kasan: bad access detected
[   13.709628] 
[   13.709719] Memory state around the buggy address:
[   13.709938]  ffff888103933f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.710340]  ffff888103933f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.710572] >ffff888103934000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.710843]                    ^
[   13.711007]  ffff888103934080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.711748]  ffff888103934100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.712094] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hkxk4umYymvAHR1enE6Lr0J7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hkxk4umYymvAHR1enE6Lr0J7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/bzImage
sha256sum	4b79c38ff9b1d3fd5b9bc01d29127c64ba58368915842f230bb5db740b0e37c2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/modules.tar.xz
sha256sum	3ef36255dcc209be48379112d67feb901ccf616788896aa1facf84baa027e63e

durations

tests

boot	0
kunit	219.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit