lkft/linux-mainline-master - v6.16-rc6-281-gf4a40a4282f4 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 20, 2025, 11:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.418022] ==================================================================
[   17.418081] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.418142] Free of addr fff00000c7898000 by task kunit_try_catch/237
[   17.418353] 
[   17.418507] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.418768] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.418857] Hardware name: linux,dummy-virt (DT)
[   17.418894] Call trace:
[   17.419001]  show_stack+0x20/0x38 (C)
[   17.419062]  dump_stack_lvl+0x8c/0xd0
[   17.419109]  print_report+0x118/0x5d0
[   17.419154]  kasan_report_invalid_free+0xc0/0xe8
[   17.419203]  __kasan_mempool_poison_object+0x14c/0x150
[   17.419788]  mempool_free+0x28c/0x328
[   17.419856]  mempool_double_free_helper+0x150/0x2e8
[   17.419956]  mempool_kmalloc_large_double_free+0xc0/0x118
[   17.420161]  kunit_try_run_case+0x170/0x3f0
[   17.420238]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.420290]  kthread+0x328/0x630
[   17.420332]  ret_from_fork+0x10/0x20
[   17.420863] 
[   17.420918] The buggy address belongs to the physical page:
[   17.420985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107898
[   17.421052] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.421221] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.421304] page_type: f8(unknown)
[   17.421387] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.421438] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.421764] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.421820] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.421869] head: 0bfffe0000000002 ffffc1ffc31e2601 00000000ffffffff 00000000ffffffff
[   17.421917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.421983] page dumped because: kasan: bad access detected
[   17.422016] 
[   17.422353] Memory state around the buggy address:
[   17.422396]  fff00000c7897f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.422440]  fff00000c7897f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.422771] >fff00000c7898000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.422813]                    ^
[   17.422842]  fff00000c7898080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.422885]  fff00000c7898100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.423177] ==================================================================
[   17.432831] ==================================================================
[   17.432891] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.433410] Free of addr fff00000c7898000 by task kunit_try_catch/239
[   17.433854] 
[   17.433900] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.433982] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.434010] Hardware name: linux,dummy-virt (DT)
[   17.434157] Call trace:
[   17.434185]  show_stack+0x20/0x38 (C)
[   17.434625]  dump_stack_lvl+0x8c/0xd0
[   17.434760]  print_report+0x118/0x5d0
[   17.434828]  kasan_report_invalid_free+0xc0/0xe8
[   17.435009]  __kasan_mempool_poison_pages+0xe0/0xe8
[   17.435530]  mempool_free+0x24c/0x328
[   17.435749]  mempool_double_free_helper+0x150/0x2e8
[   17.435799]  mempool_page_alloc_double_free+0xbc/0x118
[   17.435979]  kunit_try_run_case+0x170/0x3f0
[   17.436028]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.436078]  kthread+0x328/0x630
[   17.436122]  ret_from_fork+0x10/0x20
[   17.436170] 
[   17.436191] The buggy address belongs to the physical page:
[   17.436514] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107898
[   17.436609] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.436748] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   17.436865] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.436970] page dumped because: kasan: bad access detected
[   17.437258] 
[   17.437374] Memory state around the buggy address:
[   17.437564]  fff00000c7897f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.437612]  fff00000c7897f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.437709] >fff00000c7898000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.437874]                    ^
[   17.437975]  fff00000c7898080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.438018]  fff00000c7898100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.438056] ==================================================================
[   17.401591] ==================================================================
[   17.401676] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.401731] Free of addr fff00000c7025500 by task kunit_try_catch/235
[   17.402207] 
[   17.402241] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.402561] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.402589] Hardware name: linux,dummy-virt (DT)
[   17.402622] Call trace:
[   17.402645]  show_stack+0x20/0x38 (C)
[   17.403090]  dump_stack_lvl+0x8c/0xd0
[   17.403226]  print_report+0x118/0x5d0
[   17.403333]  kasan_report_invalid_free+0xc0/0xe8
[   17.403384]  check_slab_allocation+0xd4/0x108
[   17.403434]  __kasan_mempool_poison_object+0x78/0x150
[   17.403493]  mempool_free+0x28c/0x328
[   17.403542]  mempool_double_free_helper+0x150/0x2e8
[   17.403589]  mempool_kmalloc_double_free+0xc0/0x118
[   17.403638]  kunit_try_run_case+0x170/0x3f0
[   17.403695]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.403747]  kthread+0x328/0x630
[   17.403789]  ret_from_fork+0x10/0x20
[   17.404079] 
[   17.404334] Allocated by task 235:
[   17.404437]  kasan_save_stack+0x3c/0x68
[   17.404521]  kasan_save_track+0x20/0x40
[   17.404597]  kasan_save_alloc_info+0x40/0x58
[   17.404681]  __kasan_mempool_unpoison_object+0x11c/0x180
[   17.404736]  remove_element+0x130/0x1f8
[   17.404769]  mempool_alloc_preallocated+0x58/0xc0
[   17.404807]  mempool_double_free_helper+0x94/0x2e8
[   17.404844]  mempool_kmalloc_double_free+0xc0/0x118
[   17.404884]  kunit_try_run_case+0x170/0x3f0
[   17.404922]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.404999]  kthread+0x328/0x630
[   17.405032]  ret_from_fork+0x10/0x20
[   17.405113] 
[   17.405208] Freed by task 235:
[   17.405301]  kasan_save_stack+0x3c/0x68
[   17.405339]  kasan_save_track+0x20/0x40
[   17.405421]  kasan_save_free_info+0x4c/0x78
[   17.405461]  __kasan_mempool_poison_object+0xc0/0x150
[   17.405548]  mempool_free+0x28c/0x328
[   17.405882]  mempool_double_free_helper+0x100/0x2e8
[   17.406168]  mempool_kmalloc_double_free+0xc0/0x118
[   17.406210]  kunit_try_run_case+0x170/0x3f0
[   17.406249]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.406293]  kthread+0x328/0x630
[   17.406703]  ret_from_fork+0x10/0x20
[   17.406754] 
[   17.407194] The buggy address belongs to the object at fff00000c7025500
[   17.407194]  which belongs to the cache kmalloc-128 of size 128
[   17.407263] The buggy address is located 0 bytes inside of
[   17.407263]  128-byte region [fff00000c7025500, fff00000c7025580)
[   17.407324] 
[   17.407354] The buggy address belongs to the physical page:
[   17.407465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025
[   17.407589] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.407648] page_type: f5(slab)
[   17.407840] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.408000] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.408166] page dumped because: kasan: bad access detected
[   17.408270] 
[   17.408309] Memory state around the buggy address:
[   17.408390]  fff00000c7025400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.408433]  fff00000c7025480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.408494] >fff00000c7025500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.408637]                    ^
[   17.408674]  fff00000c7025580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.408809]  fff00000c7025600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.408847] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308WwJaHQwF9GiJmP1YPiPqA012

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308WwJaHQwF9GiJmP1YPiPqA012

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/Image.gz
sha256sum	4d2e0511bab027133f01b2172d6d8558efd2b45bcadc263c5cacdb0ac44741cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/modules.tar.xz
sha256sum	18d5d5576d3740ea20de31396b726912b8f91395c442996d953fc58d4a74f8e9

durations

tests

boot	0
kunit	197.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   13.974667] ==================================================================
[   13.975169] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.975462] Free of addr ffff888102b8c000 by task kunit_try_catch/254
[   13.975768] 
[   13.975886] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.975943] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.975954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.975976] Call Trace:
[   13.975988]  <TASK>
[   13.976003]  dump_stack_lvl+0x73/0xb0
[   13.976033]  print_report+0xd1/0x610
[   13.976054]  ? __virt_addr_valid+0x1db/0x2d0
[   13.976078]  ? kasan_addr_to_slab+0x11/0xa0
[   13.976097]  ? mempool_double_free_helper+0x184/0x370
[   13.976121]  kasan_report_invalid_free+0x10a/0x130
[   13.976144]  ? mempool_double_free_helper+0x184/0x370
[   13.976170]  ? mempool_double_free_helper+0x184/0x370
[   13.976191]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   13.976214]  mempool_free+0x2ec/0x380
[   13.976241]  mempool_double_free_helper+0x184/0x370
[   13.976265]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.976287]  ? update_load_avg+0x1be/0x21b0
[   13.976310]  ? dequeue_entities+0x27e/0x1740
[   13.976335]  ? finish_task_switch.isra.0+0x153/0x700
[   13.976359]  mempool_kmalloc_large_double_free+0xed/0x140
[   13.976383]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   13.976409]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.976432]  ? __pfx_mempool_kfree+0x10/0x10
[   13.976456]  ? __pfx_read_tsc+0x10/0x10
[   13.976476]  ? ktime_get_ts64+0x86/0x230
[   13.976499]  kunit_try_run_case+0x1a5/0x480
[   13.976524]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.976545]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.976569]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.976591]  ? __kthread_parkme+0x82/0x180
[   13.976611]  ? preempt_count_sub+0x50/0x80
[   13.976633]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.976656]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.976678]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.976701]  kthread+0x337/0x6f0
[   13.976719]  ? recalc_sigpending+0x168/0x1f0
[   13.976743]  ? __pfx_kthread+0x10/0x10
[   13.976950]  ? calculate_sigpending+0x7b/0xa0
[   13.976973]  ? __pfx_kthread+0x10/0x10
[   13.976995]  ret_from_fork+0x116/0x1d0
[   13.977014]  ? __pfx_kthread+0x10/0x10
[   13.977033]  ret_from_fork_asm+0x1a/0x30
[   13.977064]  </TASK>
[   13.977075] 
[   13.985872] The buggy address belongs to the physical page:
[   13.986147] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b8c
[   13.986448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.986692] flags: 0x200000000000040(head|node=0|zone=2)
[   13.986967] page_type: f8(unknown)
[   13.987154] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.987492] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.987745] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.987986] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.988227] head: 0200000000000002 ffffea00040ae301 00000000ffffffff 00000000ffffffff
[   13.988568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.989057] page dumped because: kasan: bad access detected
[   13.989331] 
[   13.989477] Memory state around the buggy address:
[   13.989705]  ffff888102b8bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.989976]  ffff888102b8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.990296] >ffff888102b8c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.990623]                    ^
[   13.990826]  ffff888102b8c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.991057]  ffff888102b8c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.991274] ==================================================================
[   13.936536] ==================================================================
[   13.937110] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.937397] Free of addr ffff888102747100 by task kunit_try_catch/252
[   13.937706] 
[   13.937802] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.937845] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.937856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.937878] Call Trace:
[   13.937889]  <TASK>
[   13.937915]  dump_stack_lvl+0x73/0xb0
[   13.937943]  print_report+0xd1/0x610
[   13.937964]  ? __virt_addr_valid+0x1db/0x2d0
[   13.937987]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.938007]  ? mempool_double_free_helper+0x184/0x370
[   13.938031]  kasan_report_invalid_free+0x10a/0x130
[   13.938055]  ? mempool_double_free_helper+0x184/0x370
[   13.938147]  ? mempool_double_free_helper+0x184/0x370
[   13.938183]  ? mempool_double_free_helper+0x184/0x370
[   13.938205]  check_slab_allocation+0x101/0x130
[   13.938225]  __kasan_mempool_poison_object+0x91/0x1d0
[   13.938249]  mempool_free+0x2ec/0x380
[   13.938275]  mempool_double_free_helper+0x184/0x370
[   13.938298]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.938320]  ? update_load_avg+0x1be/0x21b0
[   13.938342]  ? update_load_avg+0x1be/0x21b0
[   13.938363]  ? update_curr+0x80/0x810
[   13.938385]  ? finish_task_switch.isra.0+0x153/0x700
[   13.938409]  mempool_kmalloc_double_free+0xed/0x140
[   13.938432]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   13.938458]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.938479]  ? __pfx_mempool_kfree+0x10/0x10
[   13.938503]  ? __pfx_read_tsc+0x10/0x10
[   13.938523]  ? ktime_get_ts64+0x86/0x230
[   13.938558]  kunit_try_run_case+0x1a5/0x480
[   13.938581]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.938602]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.938625]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.938647]  ? __kthread_parkme+0x82/0x180
[   13.938666]  ? preempt_count_sub+0x50/0x80
[   13.938687]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.938710]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.938745]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.938768]  kthread+0x337/0x6f0
[   13.938787]  ? trace_preempt_on+0x20/0xc0
[   13.938809]  ? __pfx_kthread+0x10/0x10
[   13.938829]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.938850]  ? calculate_sigpending+0x7b/0xa0
[   13.938872]  ? __pfx_kthread+0x10/0x10
[   13.938892]  ret_from_fork+0x116/0x1d0
[   13.938920]  ? __pfx_kthread+0x10/0x10
[   13.938939]  ret_from_fork_asm+0x1a/0x30
[   13.938968]  </TASK>
[   13.938978] 
[   13.951797] Allocated by task 252:
[   13.952655]  kasan_save_stack+0x45/0x70
[   13.953395]  kasan_save_track+0x18/0x40
[   13.954131]  kasan_save_alloc_info+0x3b/0x50
[   13.954879]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.955554]  remove_element+0x11e/0x190
[   13.956238]  mempool_alloc_preallocated+0x4d/0x90
[   13.957090]  mempool_double_free_helper+0x8a/0x370
[   13.957822]  mempool_kmalloc_double_free+0xed/0x140
[   13.958825]  kunit_try_run_case+0x1a5/0x480
[   13.959295]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.960202]  kthread+0x337/0x6f0
[   13.960809]  ret_from_fork+0x116/0x1d0
[   13.961199]  ret_from_fork_asm+0x1a/0x30
[   13.961426] 
[   13.961527] Freed by task 252:
[   13.961686]  kasan_save_stack+0x45/0x70
[   13.961888]  kasan_save_track+0x18/0x40
[   13.962093]  kasan_save_free_info+0x3f/0x60
[   13.962302]  __kasan_mempool_poison_object+0x131/0x1d0
[   13.962545]  mempool_free+0x2ec/0x380
[   13.962738]  mempool_double_free_helper+0x109/0x370
[   13.963213]  mempool_kmalloc_double_free+0xed/0x140
[   13.963529]  kunit_try_run_case+0x1a5/0x480
[   13.963770]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.964010]  kthread+0x337/0x6f0
[   13.964183]  ret_from_fork+0x116/0x1d0
[   13.964439]  ret_from_fork_asm+0x1a/0x30
[   13.964594] 
[   13.964685] The buggy address belongs to the object at ffff888102747100
[   13.964685]  which belongs to the cache kmalloc-128 of size 128
[   13.965242] The buggy address is located 0 bytes inside of
[   13.965242]  128-byte region [ffff888102747100, ffff888102747180)
[   13.965813] 
[   13.965925] The buggy address belongs to the physical page:
[   13.966210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102747
[   13.966791] flags: 0x200000000000000(node=0|zone=2)
[   13.967077] page_type: f5(slab)
[   13.967251] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.967672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.968040] page dumped because: kasan: bad access detected
[   13.968240] 
[   13.968419] Memory state around the buggy address:
[   13.968636]  ffff888102747000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.969004]  ffff888102747080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.969302] >ffff888102747100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.969713]                    ^
[   13.969892]  ffff888102747180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.970217]  ffff888102747200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.970716] ==================================================================
[   13.996583] ==================================================================
[   13.997318] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.997684] Free of addr ffff888102b8c000 by task kunit_try_catch/256
[   13.997973] 
[   13.998058] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.998100] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.998111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.998131] Call Trace:
[   13.998141]  <TASK>
[   13.998155]  dump_stack_lvl+0x73/0xb0
[   13.998181]  print_report+0xd1/0x610
[   13.998201]  ? __virt_addr_valid+0x1db/0x2d0
[   13.998225]  ? kasan_addr_to_slab+0x11/0xa0
[   13.998244]  ? mempool_double_free_helper+0x184/0x370
[   13.998267]  kasan_report_invalid_free+0x10a/0x130
[   13.998290]  ? mempool_double_free_helper+0x184/0x370
[   13.998315]  ? mempool_double_free_helper+0x184/0x370
[   13.998337]  __kasan_mempool_poison_pages+0x115/0x130
[   13.998361]  mempool_free+0x290/0x380
[   13.998387]  mempool_double_free_helper+0x184/0x370
[   13.998410]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.998434]  ? __kasan_check_write+0x18/0x20
[   13.998453]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.998473]  ? finish_task_switch.isra.0+0x153/0x700
[   13.998498]  mempool_page_alloc_double_free+0xe8/0x140
[   13.998521]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   13.998549]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   13.998571]  ? __pfx_mempool_free_pages+0x10/0x10
[   13.998596]  ? __pfx_read_tsc+0x10/0x10
[   13.998616]  ? ktime_get_ts64+0x86/0x230
[   13.998639]  kunit_try_run_case+0x1a5/0x480
[   13.998663]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.998684]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.998706]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.998729]  ? __kthread_parkme+0x82/0x180
[   13.998749]  ? preempt_count_sub+0x50/0x80
[   13.998771]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.998794]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.998816]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.998839]  kthread+0x337/0x6f0
[   13.998857]  ? trace_preempt_on+0x20/0xc0
[   13.998880]  ? __pfx_kthread+0x10/0x10
[   13.998929]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.998949]  ? calculate_sigpending+0x7b/0xa0
[   13.998972]  ? __pfx_kthread+0x10/0x10
[   13.998992]  ret_from_fork+0x116/0x1d0
[   13.999008]  ? __pfx_kthread+0x10/0x10
[   13.999027]  ret_from_fork_asm+0x1a/0x30
[   13.999064]  </TASK>
[   13.999074] 
[   14.007597] The buggy address belongs to the physical page:
[   14.007871] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b8c
[   14.008179] flags: 0x200000000000000(node=0|zone=2)
[   14.008407] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   14.008753] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   14.009060] page dumped because: kasan: bad access detected
[   14.009259] 
[   14.009328] Memory state around the buggy address:
[   14.009552]  ffff888102b8bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.009926]  ffff888102b8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.010141] >ffff888102b8c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.010349]                    ^
[   14.010463]  ffff888102b8c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.010693]  ffff888102b8c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   14.011012] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308Wxco0Z10DyzYIW4nOQQqgkwI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308Wxco0Z10DyzYIW4nOQQqgkwI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/bzImage
sha256sum	aa8c3294f8e6a312d0005bf4942ab46073b3db37d1a255c29f470aad8b68ac89

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/modules.tar.xz
sha256sum	3f40af07dd0ca48c872811d115b0432b5fee72cae8136e55274a0e7676f09c6e

durations

tests

boot	0
kunit	198.91

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit