lkft/linux-mainline-master - v6.16-rc6-279-gbf61759db409 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 19, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.385090] ==================================================================
[   17.385148] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.385199] Free of addr fff00000c78e4000 by task kunit_try_catch/237
[   17.385241] 
[   17.385273] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.385352] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.385379] Hardware name: linux,dummy-virt (DT)
[   17.385409] Call trace:
[   17.385430]  show_stack+0x20/0x38 (C)
[   17.385955]  dump_stack_lvl+0x8c/0xd0
[   17.386303]  print_report+0x118/0x5d0
[   17.386355]  kasan_report_invalid_free+0xc0/0xe8
[   17.386406]  __kasan_mempool_poison_object+0x14c/0x150
[   17.386742]  mempool_free+0x28c/0x328
[   17.386872]  mempool_double_free_helper+0x150/0x2e8
[   17.387112]  mempool_kmalloc_large_double_free+0xc0/0x118
[   17.387162]  kunit_try_run_case+0x170/0x3f0
[   17.387213]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.387265]  kthread+0x328/0x630
[   17.387306]  ret_from_fork+0x10/0x20
[   17.387360] 
[   17.387462] The buggy address belongs to the physical page:
[   17.387513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e4
[   17.387971] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.388416] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.388512] page_type: f8(unknown)
[   17.388554] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.388658] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.388745] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.388793] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.388843] head: 0bfffe0000000002 ffffc1ffc31e3901 00000000ffffffff 00000000ffffffff
[   17.388894] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.388935] page dumped because: kasan: bad access detected
[   17.388968] 
[   17.388987] Memory state around the buggy address:
[   17.389020]  fff00000c78e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.389091]  fff00000c78e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.389222] >fff00000c78e4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.389435]                    ^
[   17.389493]  fff00000c78e4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.389545]  fff00000c78e4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.389601] ==================================================================
[   17.372716] ==================================================================
[   17.372773] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.372828] Free of addr fff00000c63ebd00 by task kunit_try_catch/235
[   17.372908] 
[   17.372956] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.373358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.373389] Hardware name: linux,dummy-virt (DT)
[   17.373422] Call trace:
[   17.373444]  show_stack+0x20/0x38 (C)
[   17.373495]  dump_stack_lvl+0x8c/0xd0
[   17.373542]  print_report+0x118/0x5d0
[   17.373589]  kasan_report_invalid_free+0xc0/0xe8
[   17.373644]  check_slab_allocation+0xd4/0x108
[   17.374146]  __kasan_mempool_poison_object+0x78/0x150
[   17.374269]  mempool_free+0x28c/0x328
[   17.374351]  mempool_double_free_helper+0x150/0x2e8
[   17.374401]  mempool_kmalloc_double_free+0xc0/0x118
[   17.374476]  kunit_try_run_case+0x170/0x3f0
[   17.374539]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.374592]  kthread+0x328/0x630
[   17.374699]  ret_from_fork+0x10/0x20
[   17.374748] 
[   17.374766] Allocated by task 235:
[   17.374797]  kasan_save_stack+0x3c/0x68
[   17.374862]  kasan_save_track+0x20/0x40
[   17.375134]  kasan_save_alloc_info+0x40/0x58
[   17.375182]  __kasan_mempool_unpoison_object+0x11c/0x180
[   17.375244]  remove_element+0x130/0x1f8
[   17.375298]  mempool_alloc_preallocated+0x58/0xc0
[   17.375403]  mempool_double_free_helper+0x94/0x2e8
[   17.375481]  mempool_kmalloc_double_free+0xc0/0x118
[   17.375541]  kunit_try_run_case+0x170/0x3f0
[   17.375623]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.375664]  kthread+0x328/0x630
[   17.375842]  ret_from_fork+0x10/0x20
[   17.375878] 
[   17.375927] Freed by task 235:
[   17.376116]  kasan_save_stack+0x3c/0x68
[   17.376244]  kasan_save_track+0x20/0x40
[   17.376319]  kasan_save_free_info+0x4c/0x78
[   17.376397]  __kasan_mempool_poison_object+0xc0/0x150
[   17.376438]  mempool_free+0x28c/0x328
[   17.376473]  mempool_double_free_helper+0x100/0x2e8
[   17.376512]  mempool_kmalloc_double_free+0xc0/0x118
[   17.376550]  kunit_try_run_case+0x170/0x3f0
[   17.376587]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.376638]  kthread+0x328/0x630
[   17.376669]  ret_from_fork+0x10/0x20
[   17.376716] 
[   17.376735] The buggy address belongs to the object at fff00000c63ebd00
[   17.376735]  which belongs to the cache kmalloc-128 of size 128
[   17.376796] The buggy address is located 0 bytes inside of
[   17.376796]  128-byte region [fff00000c63ebd00, fff00000c63ebd80)
[   17.376915] 
[   17.376936] The buggy address belongs to the physical page:
[   17.377117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063eb
[   17.377172] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.377247] page_type: f5(slab)
[   17.377385] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.377543] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.377704] page dumped because: kasan: bad access detected
[   17.377737] 
[   17.377756] Memory state around the buggy address:
[   17.377836]  fff00000c63ebc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.377892]  fff00000c63ebc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.377935] >fff00000c63ebd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.377974]                    ^
[   17.378025]  fff00000c63ebd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.378085]  fff00000c63ebe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.378277] ==================================================================
[   17.400619] ==================================================================
[   17.400675] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.400741] Free of addr fff00000c78e8000 by task kunit_try_catch/239
[   17.400783] 
[   17.401035] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.401137] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.401166] Hardware name: linux,dummy-virt (DT)
[   17.401195] Call trace:
[   17.401231]  show_stack+0x20/0x38 (C)
[   17.401429]  dump_stack_lvl+0x8c/0xd0
[   17.401502]  print_report+0x118/0x5d0
[   17.401559]  kasan_report_invalid_free+0xc0/0xe8
[   17.401618]  __kasan_mempool_poison_pages+0xe0/0xe8
[   17.401669]  mempool_free+0x24c/0x328
[   17.401924]  mempool_double_free_helper+0x150/0x2e8
[   17.402065]  mempool_page_alloc_double_free+0xbc/0x118
[   17.402115]  kunit_try_run_case+0x170/0x3f0
[   17.402165]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.402218]  kthread+0x328/0x630
[   17.402259]  ret_from_fork+0x10/0x20
[   17.402327] 
[   17.402376] The buggy address belongs to the physical page:
[   17.402406] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e8
[   17.402486] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.402547] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   17.402843] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.403034] page dumped because: kasan: bad access detected
[   17.403189] 
[   17.403208] Memory state around the buggy address:
[   17.403246]  fff00000c78e7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.403348]  fff00000c78e7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.403407] >fff00000c78e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.403446]                    ^
[   17.403475]  fff00000c78e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.403517]  fff00000c78e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.403557] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077NNFJrWWkcAy8IID5ILATusq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077NNFJrWWkcAy8IID5ILATusq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/Image.gz
sha256sum	4fb6bfc3e42cafc0ebb4a145f4b0e856366a60f4ad09bf55eaf187601ba57254

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/modules.tar.xz
sha256sum	e970ffe65eabeeb4747aabb09f86153746494bc2902552f8c3f7db6a8fa892c6

durations

tests

boot	0
kunit	180.80

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   13.644842] ==================================================================
[   13.645775] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.646107] Free of addr ffff8881039b7200 by task kunit_try_catch/252
[   13.646366] 
[   13.646498] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.646544] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.646555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.646577] Call Trace:
[   13.646588]  <TASK>
[   13.646603]  dump_stack_lvl+0x73/0xb0
[   13.646632]  print_report+0xd1/0x610
[   13.646653]  ? __virt_addr_valid+0x1db/0x2d0
[   13.646679]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.646700]  ? mempool_double_free_helper+0x184/0x370
[   13.646723]  kasan_report_invalid_free+0x10a/0x130
[   13.646746]  ? mempool_double_free_helper+0x184/0x370
[   13.646771]  ? mempool_double_free_helper+0x184/0x370
[   13.646793]  ? mempool_double_free_helper+0x184/0x370
[   13.646815]  check_slab_allocation+0x101/0x130
[   13.646835]  __kasan_mempool_poison_object+0x91/0x1d0
[   13.646859]  mempool_free+0x2ec/0x380
[   13.646887]  mempool_double_free_helper+0x184/0x370
[   13.646910]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.646935]  ? __kasan_check_write+0x18/0x20
[   13.646953]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.646974]  ? finish_task_switch.isra.0+0x153/0x700
[   13.646999]  mempool_kmalloc_double_free+0xed/0x140
[   13.647044]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   13.647071]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.647092]  ? __pfx_mempool_kfree+0x10/0x10
[   13.647116]  ? __pfx_read_tsc+0x10/0x10
[   13.647137]  ? ktime_get_ts64+0x86/0x230
[   13.647161]  kunit_try_run_case+0x1a5/0x480
[   13.647186]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.647208]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.647231]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.647253]  ? __kthread_parkme+0x82/0x180
[   13.647273]  ? preempt_count_sub+0x50/0x80
[   13.647294]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.647317]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.647340]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.647363]  kthread+0x337/0x6f0
[   13.647392]  ? trace_preempt_on+0x20/0xc0
[   13.647414]  ? __pfx_kthread+0x10/0x10
[   13.647434]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.647454]  ? calculate_sigpending+0x7b/0xa0
[   13.647477]  ? __pfx_kthread+0x10/0x10
[   13.647498]  ret_from_fork+0x116/0x1d0
[   13.647516]  ? __pfx_kthread+0x10/0x10
[   13.647536]  ret_from_fork_asm+0x1a/0x30
[   13.647565]  </TASK>
[   13.647575] 
[   13.660182] Allocated by task 252:
[   13.660362]  kasan_save_stack+0x45/0x70
[   13.660973]  kasan_save_track+0x18/0x40
[   13.661158]  kasan_save_alloc_info+0x3b/0x50
[   13.661728]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.662114]  remove_element+0x11e/0x190
[   13.662398]  mempool_alloc_preallocated+0x4d/0x90
[   13.662792]  mempool_double_free_helper+0x8a/0x370
[   13.662995]  mempool_kmalloc_double_free+0xed/0x140
[   13.663223]  kunit_try_run_case+0x1a5/0x480
[   13.663431]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.663920]  kthread+0x337/0x6f0
[   13.664068]  ret_from_fork+0x116/0x1d0
[   13.664505]  ret_from_fork_asm+0x1a/0x30
[   13.664808] 
[   13.664911] Freed by task 252:
[   13.665217]  kasan_save_stack+0x45/0x70
[   13.665426]  kasan_save_track+0x18/0x40
[   13.665764]  kasan_save_free_info+0x3f/0x60
[   13.665974]  __kasan_mempool_poison_object+0x131/0x1d0
[   13.666215]  mempool_free+0x2ec/0x380
[   13.666721]  mempool_double_free_helper+0x109/0x370
[   13.666958]  mempool_kmalloc_double_free+0xed/0x140
[   13.667258]  kunit_try_run_case+0x1a5/0x480
[   13.667430]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.667860]  kthread+0x337/0x6f0
[   13.668051]  ret_from_fork+0x116/0x1d0
[   13.668232]  ret_from_fork_asm+0x1a/0x30
[   13.668667] 
[   13.668841] The buggy address belongs to the object at ffff8881039b7200
[   13.668841]  which belongs to the cache kmalloc-128 of size 128
[   13.669427] The buggy address is located 0 bytes inside of
[   13.669427]  128-byte region [ffff8881039b7200, ffff8881039b7280)
[   13.670185] 
[   13.670283] The buggy address belongs to the physical page:
[   13.670611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7
[   13.671111] flags: 0x200000000000000(node=0|zone=2)
[   13.671325] page_type: f5(slab)
[   13.671793] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.672176] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.672715] page dumped because: kasan: bad access detected
[   13.672976] 
[   13.673081] Memory state around the buggy address:
[   13.673269]  ffff8881039b7100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.673587]  ffff8881039b7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.674158] >ffff8881039b7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.674598]                    ^
[   13.674749]  ffff8881039b7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.675049]  ffff8881039b7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.675375] ==================================================================
[   13.678357] ==================================================================
[   13.679550] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.679887] Free of addr ffff8881039f8000 by task kunit_try_catch/254
[   13.680189] 
[   13.680298] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.680342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.680353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.680374] Call Trace:
[   13.680385]  <TASK>
[   13.680399]  dump_stack_lvl+0x73/0xb0
[   13.680427]  print_report+0xd1/0x610
[   13.680448]  ? __virt_addr_valid+0x1db/0x2d0
[   13.680471]  ? kasan_addr_to_slab+0x11/0xa0
[   13.680490]  ? mempool_double_free_helper+0x184/0x370
[   13.680513]  kasan_report_invalid_free+0x10a/0x130
[   13.680537]  ? mempool_double_free_helper+0x184/0x370
[   13.680563]  ? mempool_double_free_helper+0x184/0x370
[   13.680584]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   13.680608]  mempool_free+0x2ec/0x380
[   13.680634]  mempool_double_free_helper+0x184/0x370
[   13.680657]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.680682]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.680703]  ? finish_task_switch.isra.0+0x153/0x700
[   13.680728]  mempool_kmalloc_large_double_free+0xed/0x140
[   13.680752]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   13.680779]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.680800]  ? __pfx_mempool_kfree+0x10/0x10
[   13.680824]  ? __pfx_read_tsc+0x10/0x10
[   13.680844]  ? ktime_get_ts64+0x86/0x230
[   13.680867]  kunit_try_run_case+0x1a5/0x480
[   13.680890]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.680912]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.680934]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.680957]  ? __kthread_parkme+0x82/0x180
[   13.680982]  ? preempt_count_sub+0x50/0x80
[   13.681013]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.681037]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.681058]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.681081]  kthread+0x337/0x6f0
[   13.681100]  ? trace_preempt_on+0x20/0xc0
[   13.681121]  ? __pfx_kthread+0x10/0x10
[   13.681141]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.681162]  ? calculate_sigpending+0x7b/0xa0
[   13.681186]  ? __pfx_kthread+0x10/0x10
[   13.681206]  ret_from_fork+0x116/0x1d0
[   13.681223]  ? __pfx_kthread+0x10/0x10
[   13.681242]  ret_from_fork_asm+0x1a/0x30
[   13.681271]  </TASK>
[   13.681281] 
[   13.689526] The buggy address belongs to the physical page:
[   13.689788] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f8
[   13.690151] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.690577] flags: 0x200000000000040(head|node=0|zone=2)
[   13.690755] page_type: f8(unknown)
[   13.690909] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.691266] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.691627] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.691905] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.692147] head: 0200000000000002 ffffea00040e7e01 00000000ffffffff 00000000ffffffff
[   13.692380] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.692795] page dumped because: kasan: bad access detected
[   13.693067] 
[   13.693161] Memory state around the buggy address:
[   13.693383]  ffff8881039f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.693702]  ffff8881039f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.694031] >ffff8881039f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.694246]                    ^
[   13.694364]  ffff8881039f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.695088]  ffff8881039f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.695370] ==================================================================
[   13.699946] ==================================================================
[   13.700486] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.700879] Free of addr ffff8881039f8000 by task kunit_try_catch/256
[   13.701192] 
[   13.701298] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.701343] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.701355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.701377] Call Trace:
[   13.701388]  <TASK>
[   13.701403]  dump_stack_lvl+0x73/0xb0
[   13.701432]  print_report+0xd1/0x610
[   13.701453]  ? __virt_addr_valid+0x1db/0x2d0
[   13.701477]  ? kasan_addr_to_slab+0x11/0xa0
[   13.701495]  ? mempool_double_free_helper+0x184/0x370
[   13.701519]  kasan_report_invalid_free+0x10a/0x130
[   13.701543]  ? mempool_double_free_helper+0x184/0x370
[   13.701568]  ? mempool_double_free_helper+0x184/0x370
[   13.701590]  __kasan_mempool_poison_pages+0x115/0x130
[   13.701614]  mempool_free+0x290/0x380
[   13.701640]  mempool_double_free_helper+0x184/0x370
[   13.701662]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.701687]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.701709]  ? finish_task_switch.isra.0+0x153/0x700
[   13.701733]  mempool_page_alloc_double_free+0xe8/0x140
[   13.701757]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   13.701782]  ? __kasan_check_write+0x18/0x20
[   13.701802]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   13.701824]  ? __pfx_mempool_free_pages+0x10/0x10
[   13.701849]  ? __pfx_read_tsc+0x10/0x10
[   13.701869]  ? ktime_get_ts64+0x86/0x230
[   13.701889]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.701915]  kunit_try_run_case+0x1a5/0x480
[   13.701940]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.701963]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.701988]  ? __kthread_parkme+0x82/0x180
[   13.702018]  ? preempt_count_sub+0x50/0x80
[   13.702040]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.702063]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.702085]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.702107]  kthread+0x337/0x6f0
[   13.702125]  ? trace_preempt_on+0x20/0xc0
[   13.702147]  ? __pfx_kthread+0x10/0x10
[   13.702167]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.702187]  ? calculate_sigpending+0x7b/0xa0
[   13.702210]  ? __pfx_kthread+0x10/0x10
[   13.702231]  ret_from_fork+0x116/0x1d0
[   13.702249]  ? __pfx_kthread+0x10/0x10
[   13.702269]  ret_from_fork_asm+0x1a/0x30
[   13.702300]  </TASK>
[   13.702310] 
[   13.710488] The buggy address belongs to the physical page:
[   13.710667] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f8
[   13.711346] flags: 0x200000000000000(node=0|zone=2)
[   13.711646] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   13.712030] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   13.712326] page dumped because: kasan: bad access detected
[   13.712770] 
[   13.712842] Memory state around the buggy address:
[   13.713074]  ffff8881039f7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.713389]  ffff8881039f7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.713695] >ffff8881039f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.713986]                    ^
[   13.714136]  ffff8881039f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.714465]  ffff8881039f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.714794] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077OUKeH4klMzGPpiURQkIkRoq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077OUKeH4klMzGPpiURQkIkRoq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/bzImage
sha256sum	688f7e44f740c230bc3dd9986a1dcb2217f21e43e087467b257af26e6d1daa91

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/modules.tar.xz
sha256sum	42f1ae1d624ca92b080f0b1da8d82c9161e8e8c5828ad9bdb8670b6bf906480e

durations

tests

boot	0
kunit	203.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit