lkft/linux-next-master - next-20241126 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

Nov. 26, 2024, 6:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   33.789866] ==================================================================
[   33.791291] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0
[   33.792232] Free of addr fff00000c6087400 by task kunit_try_catch/224
[   33.793728] 
[   33.794156] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   33.795840] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.797017] Hardware name: linux,dummy-virt (DT)
[   33.797743] Call trace:
[   33.798283]  show_stack+0x20/0x38 (C)
[   33.798994]  dump_stack_lvl+0x8c/0xd0
[   33.799646]  print_report+0x118/0x5e0
[   33.800163]  kasan_report_invalid_free+0xb0/0xd8
[   33.801212]  check_slab_allocation+0xd4/0x108
[   33.801926]  __kasan_mempool_poison_object+0x78/0x150
[   33.802522]  mempool_free+0x28c/0x328
[   33.803157]  mempool_double_free_helper+0x150/0x2e0
[   33.803722]  mempool_kmalloc_double_free+0xb8/0x110
[   33.804960]  kunit_try_run_case+0x14c/0x3d0
[   33.805570]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.806376]  kthread+0x24c/0x2d0
[   33.806934]  ret_from_fork+0x10/0x20
[   33.807502] 
[   33.807824] Allocated by task 224:
[   33.809527]  kasan_save_stack+0x3c/0x68
[   33.810067]  kasan_save_track+0x20/0x40
[   33.810635]  kasan_save_alloc_info+0x40/0x58
[   33.811345]  __kasan_mempool_unpoison_object+0x11c/0x180
[   33.811987]  remove_element+0x130/0x1f8
[   33.812939]  mempool_alloc_preallocated+0x58/0xc0
[   33.813604]  mempool_double_free_helper+0x94/0x2e0
[   33.814401]  mempool_kmalloc_double_free+0xb8/0x110
[   33.815186]  kunit_try_run_case+0x14c/0x3d0
[   33.815739]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.816800]  kthread+0x24c/0x2d0
[   33.817278]  ret_from_fork+0x10/0x20
[   33.817774] 
[   33.818311] Freed by task 224:
[   33.818875]  kasan_save_stack+0x3c/0x68
[   33.819437]  kasan_save_track+0x20/0x40
[   33.819952]  kasan_save_free_info+0x4c/0x78
[   33.820963]  __kasan_mempool_poison_object+0xc0/0x150
[   33.821520]  mempool_free+0x28c/0x328
[   33.822016]  mempool_double_free_helper+0x100/0x2e0
[   33.822601]  mempool_kmalloc_double_free+0xb8/0x110
[   33.823180]  kunit_try_run_case+0x14c/0x3d0
[   33.823693]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.825706]  kthread+0x24c/0x2d0
[   33.826127]  ret_from_fork+0x10/0x20
[   33.826587] 
[   33.827020] The buggy address belongs to the object at fff00000c6087400
[   33.827020]  which belongs to the cache kmalloc-128 of size 128
[   33.828392] The buggy address is located 0 bytes inside of
[   33.828392]  128-byte region [fff00000c6087400, fff00000c6087480)
[   33.830199] 
[   33.830576] The buggy address belongs to the physical page:
[   33.831463] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106087
[   33.832520] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.833131] page_type: f5(slab)
[   33.833534] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   33.834743] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   33.835539] page dumped because: kasan: bad access detected
[   33.836836] 
[   33.837354] Memory state around the buggy address:
[   33.838112]  fff00000c6087300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.839117]  fff00000c6087380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.840131] >fff00000c6087400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.841173]                    ^
[   33.841562]  fff00000c6087480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.842419]  fff00000c6087500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.843754] ==================================================================
[   33.854859] ==================================================================
[   33.856280] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0
[   33.857686] Free of addr fff00000c65b8000 by task kunit_try_catch/226
[   33.858246] 
[   33.858660] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   33.860922] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.861428] Hardware name: linux,dummy-virt (DT)
[   33.862246] Call trace:
[   33.862860]  show_stack+0x20/0x38 (C)
[   33.863648]  dump_stack_lvl+0x8c/0xd0
[   33.864450]  print_report+0x118/0x5e0
[   33.865083]  kasan_report_invalid_free+0xb0/0xd8
[   33.865699]  __kasan_mempool_poison_object+0x14c/0x150
[   33.866762]  mempool_free+0x28c/0x328
[   33.867247]  mempool_double_free_helper+0x150/0x2e0
[   33.868083]  mempool_kmalloc_large_double_free+0xb8/0x110
[   33.869032]  kunit_try_run_case+0x14c/0x3d0
[   33.869833]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.870866]  kthread+0x24c/0x2d0
[   33.871596]  ret_from_fork+0x10/0x20
[   33.872550] 
[   33.872922] The buggy address belongs to the physical page:
[   33.874225] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b8
[   33.875132] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.876107] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.877171] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.877563] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.877965] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.879083] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.880261] head: 0bfffe0000000002 ffffc1ffc3196e01 ffffffffffffffff 0000000000000000
[   33.881170] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.883035] page dumped because: kasan: bad access detected
[   33.883704] 
[   33.884117] Memory state around the buggy address:
[   33.884670]  fff00000c65b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.885479]  fff00000c65b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.886701] >fff00000c65b8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.887546]                    ^
[   33.888140]  fff00000c65b8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.889711]  fff00000c65b8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.890785] ==================================================================
[   33.904200] ==================================================================
[   33.905451] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0
[   33.906596] Free of addr fff00000c65b8000 by task kunit_try_catch/228
[   33.907927] 
[   33.908317] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   33.909632] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.910195] Hardware name: linux,dummy-virt (DT)
[   33.911062] Call trace:
[   33.911680]  show_stack+0x20/0x38 (C)
[   33.912321]  dump_stack_lvl+0x8c/0xd0
[   33.912850]  print_report+0x118/0x5e0
[   33.913388]  kasan_report_invalid_free+0xb0/0xd8
[   33.914184]  __kasan_mempool_poison_pages+0xe0/0xe8
[   33.915144]  mempool_free+0x24c/0x328
[   33.915655]  mempool_double_free_helper+0x150/0x2e0
[   33.916416]  mempool_page_alloc_double_free+0xb4/0x110
[   33.917111]  kunit_try_run_case+0x14c/0x3d0
[   33.917800]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.918618]  kthread+0x24c/0x2d0
[   33.919181]  ret_from_fork+0x10/0x20
[   33.919718] 
[   33.920108] The buggy address belongs to the physical page:
[   33.920888] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b8
[   33.921953] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.922694] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   33.923358] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.924485] page dumped because: kasan: bad access detected
[   33.925148] 
[   33.925576] Memory state around the buggy address:
[   33.926261]  fff00000c65b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.927042]  fff00000c65b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.927956] >fff00000c65b8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.928760]                    ^
[   33.929275]  fff00000c65b8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.930163]  fff00000c65b8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.930966] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pNLRA0IBHuJTf07d272FmWDvGc

job_id

TEST:linaro@lkft#2pNLVChLm6O8OE9kFFUb2JRePJW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNLVChLm6O8OE9kFFUb2JRePJW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLSEqM3byntpC85gJqI4B2WZl/Image.gz
sha256sum	7e81128b3f5cd5661a1ca94f4014d04ea2b4d60c42ee0538da245262b16ff790

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLSEqM3byntpC85gJqI4B2WZl/modules.tar.xz
sha256sum	639d946629d114008a931ff40c21d2d44d7004c1191b97766b75eddb21223f93

durations

tests

boot	405.85
kunit	501.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   33.814687] ==================================================================
[   33.816123] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0
[   33.816861] Free of addr fff00000c5e7bc00 by task kunit_try_catch/224
[   33.817566] 
[   33.817970] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   33.820113] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.820759] Hardware name: linux,dummy-virt (DT)
[   33.821356] Call trace:
[   33.822061]  show_stack+0x20/0x38 (C)
[   33.822663]  dump_stack_lvl+0x8c/0xd0
[   33.823248]  print_report+0x118/0x5e0
[   33.824374]  kasan_report_invalid_free+0xb0/0xd8
[   33.825117]  check_slab_allocation+0xd4/0x108
[   33.826149]  __kasan_mempool_poison_object+0x78/0x150
[   33.826831]  mempool_free+0x28c/0x328
[   33.827323]  mempool_double_free_helper+0x150/0x2e0
[   33.828081]  mempool_kmalloc_double_free+0xb8/0x110
[   33.828811]  kunit_try_run_case+0x14c/0x3d0
[   33.829513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.830372]  kthread+0x24c/0x2d0
[   33.831422]  ret_from_fork+0x10/0x20
[   33.832357] 
[   33.832755] Allocated by task 224:
[   33.833301]  kasan_save_stack+0x3c/0x68
[   33.833895]  kasan_save_track+0x20/0x40
[   33.834509]  kasan_save_alloc_info+0x40/0x58
[   33.835622]  __kasan_mempool_unpoison_object+0x11c/0x180
[   33.836223]  remove_element+0x130/0x1f8
[   33.836864]  mempool_alloc_preallocated+0x58/0xc0
[   33.837490]  mempool_double_free_helper+0x94/0x2e0
[   33.838081]  mempool_kmalloc_double_free+0xb8/0x110
[   33.838987]  kunit_try_run_case+0x14c/0x3d0
[   33.840393]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.841107]  kthread+0x24c/0x2d0
[   33.841594]  ret_from_fork+0x10/0x20
[   33.842609] 
[   33.842956] Freed by task 224:
[   33.843427]  kasan_save_stack+0x3c/0x68
[   33.843953]  kasan_save_track+0x20/0x40
[   33.844487]  kasan_save_free_info+0x4c/0x78
[   33.845211]  __kasan_mempool_poison_object+0xc0/0x150
[   33.846268]  mempool_free+0x28c/0x328
[   33.847411]  mempool_double_free_helper+0x100/0x2e0
[   33.848616]  mempool_kmalloc_double_free+0xb8/0x110
[   33.849290]  kunit_try_run_case+0x14c/0x3d0
[   33.850112]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.851205]  kthread+0x24c/0x2d0
[   33.851795]  ret_from_fork+0x10/0x20
[   33.852386] 
[   33.852780] The buggy address belongs to the object at fff00000c5e7bc00
[   33.852780]  which belongs to the cache kmalloc-128 of size 128
[   33.854318] The buggy address is located 0 bytes inside of
[   33.854318]  128-byte region [fff00000c5e7bc00, fff00000c5e7bc80)
[   33.856403] 
[   33.856814] The buggy address belongs to the physical page:
[   33.857496] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e7b
[   33.858818] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.859737] page_type: f5(slab)
[   33.860321] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   33.861452] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   33.862610] page dumped because: kasan: bad access detected
[   33.863367] 
[   33.863718] Memory state around the buggy address:
[   33.864403]  fff00000c5e7bb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.865348]  fff00000c5e7bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.866024] >fff00000c5e7bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.867356]                    ^
[   33.867764]  fff00000c5e7bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.868850]  fff00000c5e7bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.870001] ==================================================================
[   33.882966] ==================================================================
[   33.884217] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0
[   33.885068] Free of addr fff00000c6630000 by task kunit_try_catch/226
[   33.885991] 
[   33.887430] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   33.888478] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.889084] Hardware name: linux,dummy-virt (DT)
[   33.889862] Call trace:
[   33.890246]  show_stack+0x20/0x38 (C)
[   33.890896]  dump_stack_lvl+0x8c/0xd0
[   33.891715]  print_report+0x118/0x5e0
[   33.892307]  kasan_report_invalid_free+0xb0/0xd8
[   33.892978]  __kasan_mempool_poison_object+0x14c/0x150
[   33.893911]  mempool_free+0x28c/0x328
[   33.894446]  mempool_double_free_helper+0x150/0x2e0
[   33.895139]  mempool_kmalloc_large_double_free+0xb8/0x110
[   33.895859]  kunit_try_run_case+0x14c/0x3d0
[   33.896580]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.897277]  kthread+0x24c/0x2d0
[   33.898268]  ret_from_fork+0x10/0x20
[   33.898866] 
[   33.899229] The buggy address belongs to the physical page:
[   33.899849] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106630
[   33.900829] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.901701] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.903051] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.904635] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.905612] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.906832] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.907760] head: 0bfffe0000000002 ffffc1ffc3198c01 ffffffffffffffff 0000000000000000
[   33.908700] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.909503] page dumped because: kasan: bad access detected
[   33.910368] 
[   33.910757] Memory state around the buggy address:
[   33.911285]  fff00000c662ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.912502]  fff00000c662ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.913373] >fff00000c6630000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.914447]                    ^
[   33.914939]  fff00000c6630080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.915855]  fff00000c6630100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.916728] ==================================================================
[   33.929269] ==================================================================
[   33.930953] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e0
[   33.931989] Free of addr fff00000c6630000 by task kunit_try_catch/228
[   33.932969] 
[   33.933411] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   33.934781] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.935620] Hardware name: linux,dummy-virt (DT)
[   33.936328] Call trace:
[   33.936853]  show_stack+0x20/0x38 (C)
[   33.937508]  dump_stack_lvl+0x8c/0xd0
[   33.938376]  print_report+0x118/0x5e0
[   33.938979]  kasan_report_invalid_free+0xb0/0xd8
[   33.939654]  __kasan_mempool_poison_pages+0xe0/0xe8
[   33.940327]  mempool_free+0x24c/0x328
[   33.940953]  mempool_double_free_helper+0x150/0x2e0
[   33.941581]  mempool_page_alloc_double_free+0xb4/0x110
[   33.942743]  kunit_try_run_case+0x14c/0x3d0
[   33.943305]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.944097]  kthread+0x24c/0x2d0
[   33.944721]  ret_from_fork+0x10/0x20
[   33.945299] 
[   33.945651] The buggy address belongs to the physical page:
[   33.946654] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106630
[   33.947461] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.948402] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   33.949254] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.950712] page dumped because: kasan: bad access detected
[   33.951916] 
[   33.952313] Memory state around the buggy address:
[   33.953130]  fff00000c662ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.954546]  fff00000c662ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.955410] >fff00000c6630000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.956263]                    ^
[   33.956761]  fff00000c6630080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.957911]  fff00000c6630100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.958887] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pNKxJFf8Xmw36QpJYyZTCAyOBG

job_id

TEST:linaro@lkft#2pNL1zFXlY64AJo0IF1bnKU3bR5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNL1zFXlY64AJo0IF1bnKU3bR5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKydSEI4rkzfuAHppcpnFq00j/Image.gz
sha256sum	7b1b43afb686ef43832a2d80e728eafe16a89e7e62e745193a8842d528fd56f0

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKydSEI4rkzfuAHppcpnFq00j/modules.tar.xz
sha256sum	8ec5f776eaaf415e5766c1d67a7fb500bb3660edcbbf897cafe8b5baa13b08c6

durations

tests

boot	406.34
kunit	486.40

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   27.994389] ==================================================================
[   27.995154] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370
[   27.995154] Free of addr ffff888102b24000 by task kunit_try_catch/246
[   27.995154] 
[   27.995154] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   27.995154] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.995154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.995154] Call Trace:
[   27.995154]  <TASK>
[   27.995154]  dump_stack_lvl+0x73/0xb0
[   27.995154]  print_report+0xd1/0x640
[   27.995154]  ? __virt_addr_valid+0x1db/0x2d0
[   27.995154]  ? mempool_double_free_helper+0x185/0x370
[   27.995154]  ? kasan_addr_to_slab+0x11/0xa0
[   27.995154]  ? mempool_double_free_helper+0x185/0x370
[   27.995154]  kasan_report_invalid_free+0xc0/0xf0
[   27.995154]  ? mempool_double_free_helper+0x185/0x370
[   27.995154]  ? mempool_double_free_helper+0x185/0x370
[   27.995154]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   27.995154]  mempool_free+0x2ec/0x380
[   27.995154]  mempool_double_free_helper+0x185/0x370
[   27.995154]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   27.995154]  mempool_kmalloc_large_double_free+0xb1/0x100
[   27.995154]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   27.995154]  ? __switch_to+0x5d9/0xf60
[   27.995154]  ? __pfx_mempool_kmalloc+0x10/0x10
[   27.995154]  ? __pfx_mempool_kfree+0x10/0x10
[   27.995154]  ? ktime_get_ts64+0x84/0x230
[   27.995154]  kunit_try_run_case+0x1b3/0x490
[   27.995154]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.995154]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   27.995154]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.995154]  ? __kthread_parkme+0x82/0x160
[   27.995154]  ? preempt_count_sub+0x50/0x80
[   27.995154]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.995154]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.995154]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.995154]  kthread+0x257/0x310
[   27.995154]  ? __pfx_kthread+0x10/0x10
[   27.995154]  ret_from_fork+0x41/0x80
[   27.995154]  ? __pfx_kthread+0x10/0x10
[   27.995154]  ret_from_fork_asm+0x1a/0x30
[   27.995154]  </TASK>
[   27.995154] 
[   27.995154] The buggy address belongs to the physical page:
[   27.995154] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b24
[   27.995154] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.995154] flags: 0x200000000000040(head|node=0|zone=2)
[   27.995154] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.995154] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.995154] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.995154] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.995154] head: 0200000000000002 ffffea00040ac901 ffffffffffffffff 0000000000000000
[   27.995154] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   27.995154] page dumped because: kasan: bad access detected
[   27.995154] 
[   27.995154] Memory state around the buggy address:
[   27.995154]  ffff888102b23f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.995154]  ffff888102b23f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.995154] >ffff888102b24000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.995154]                    ^
[   27.995154]  ffff888102b24080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.995154]  ffff888102b24100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.995154] ==================================================================
[   28.041822] ==================================================================
[   28.042248] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370
[   28.042248] Free of addr ffff888102b9c000 by task kunit_try_catch/248
[   28.042248] 
[   28.042248] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   28.042248] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.042248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.042248] Call Trace:
[   28.047960]  <TASK>
[   28.047960]  dump_stack_lvl+0x73/0xb0
[   28.047960]  print_report+0xd1/0x640
[   28.047960]  ? __virt_addr_valid+0x1db/0x2d0
[   28.047960]  ? mempool_double_free_helper+0x185/0x370
[   28.047960]  ? kasan_addr_to_slab+0x11/0xa0
[   28.047960]  ? mempool_double_free_helper+0x185/0x370
[   28.047960]  kasan_report_invalid_free+0xc0/0xf0
[   28.047960]  ? mempool_double_free_helper+0x185/0x370
[   28.047960]  ? mempool_double_free_helper+0x185/0x370
[   28.047960]  __kasan_mempool_poison_pages+0x115/0x130
[   28.047960]  mempool_free+0x290/0x380
[   28.047960]  mempool_double_free_helper+0x185/0x370
[   28.047960]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   28.047960]  ? read_hpet+0x1f0/0x230
[   28.047960]  ? ktime_get_ts64+0x84/0x230
[   28.047960]  ? trace_hardirqs_on+0x37/0xe0
[   28.047960]  mempool_page_alloc_double_free+0xac/0x100
[   28.047960]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   28.047960]  ? __switch_to+0x5d9/0xf60
[   28.047960]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   28.047960]  ? __pfx_mempool_free_pages+0x10/0x10
[   28.047960]  ? ktime_get_ts64+0x84/0x230
[   28.047960]  kunit_try_run_case+0x1b3/0x490
[   28.047960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.047960]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   28.047960]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.047960]  ? __kthread_parkme+0x82/0x160
[   28.047960]  ? preempt_count_sub+0x50/0x80
[   28.047960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.047960]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.047960]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.047960]  kthread+0x257/0x310
[   28.047960]  ? __pfx_kthread+0x10/0x10
[   28.047960]  ret_from_fork+0x41/0x80
[   28.047960]  ? __pfx_kthread+0x10/0x10
[   28.047960]  ret_from_fork_asm+0x1a/0x30
[   28.047960]  </TASK>
[   28.047960] 
[   28.047960] The buggy address belongs to the physical page:
[   28.047960] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b9c
[   28.047960] flags: 0x200000000000000(node=0|zone=2)
[   28.047960] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   28.047960] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   28.047960] page dumped because: kasan: bad access detected
[   28.047960] 
[   28.047960] Memory state around the buggy address:
[   28.047960]  ffff888102b9bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.047960]  ffff888102b9bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.047960] >ffff888102b9c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.047960]                    ^
[   28.047960]  ffff888102b9c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.047960]  ffff888102b9c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.047960] ==================================================================
[   27.924522] ==================================================================
[   27.925187] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370
[   27.925187] Free of addr ffff8881028f1100 by task kunit_try_catch/244
[   27.925187] 
[   27.925187] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   27.925187] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.925187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.925187] Call Trace:
[   27.925187]  <TASK>
[   27.925187]  dump_stack_lvl+0x73/0xb0
[   27.925187]  print_report+0xd1/0x640
[   27.925187]  ? __virt_addr_valid+0x1db/0x2d0
[   27.925187]  ? mempool_double_free_helper+0x185/0x370
[   27.925187]  ? kasan_complete_mode_report_info+0x64/0x200
[   27.925187]  ? mempool_double_free_helper+0x185/0x370
[   27.925187]  kasan_report_invalid_free+0xc0/0xf0
[   27.925187]  ? mempool_double_free_helper+0x185/0x370
[   27.925187]  ? mempool_double_free_helper+0x185/0x370
[   27.925187]  ? mempool_double_free_helper+0x185/0x370
[   27.925187]  check_slab_allocation+0x101/0x130
[   27.925187]  __kasan_mempool_poison_object+0x91/0x1d0
[   27.925187]  mempool_free+0x2ec/0x380
[   27.925187]  mempool_double_free_helper+0x185/0x370
[   27.925187]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   27.925187]  ? ret_from_fork+0x41/0x80
[   27.925187]  ? kthread+0x257/0x310
[   27.925187]  ? ret_from_fork_asm+0x1a/0x30
[   27.925187]  ? ret_from_fork_asm+0x1a/0x30
[   27.925187]  mempool_kmalloc_double_free+0xb1/0x100
[   27.925187]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   27.925187]  ? __switch_to+0x5d9/0xf60
[   27.925187]  ? __pfx_mempool_kmalloc+0x10/0x10
[   27.925187]  ? __pfx_mempool_kfree+0x10/0x10
[   27.925187]  ? ktime_get_ts64+0x84/0x230
[   27.925187]  kunit_try_run_case+0x1b3/0x490
[   27.925187]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.925187]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   27.925187]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.925187]  ? __kthread_parkme+0x82/0x160
[   27.925187]  ? preempt_count_sub+0x50/0x80
[   27.925187]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.925187]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.925187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.925187]  kthread+0x257/0x310
[   27.925187]  ? __pfx_kthread+0x10/0x10
[   27.925187]  ret_from_fork+0x41/0x80
[   27.925187]  ? __pfx_kthread+0x10/0x10
[   27.925187]  ret_from_fork_asm+0x1a/0x30
[   27.925187]  </TASK>
[   27.925187] 
[   27.925187] Allocated by task 244:
[   27.925187]  kasan_save_stack+0x3d/0x60
[   27.925187]  kasan_save_track+0x18/0x40
[   27.925187]  kasan_save_alloc_info+0x3b/0x50
[   27.925187]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   27.925187]  remove_element+0x11e/0x190
[   27.925187]  mempool_alloc_preallocated+0x4d/0x90
[   27.925187]  mempool_double_free_helper+0x8b/0x370
[   27.925187]  mempool_kmalloc_double_free+0xb1/0x100
[   27.925187]  kunit_try_run_case+0x1b3/0x490
[   27.925187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.925187]  kthread+0x257/0x310
[   27.925187]  ret_from_fork+0x41/0x80
[   27.925187]  ret_from_fork_asm+0x1a/0x30
[   27.925187] 
[   27.925187] Freed by task 244:
[   27.925187]  kasan_save_stack+0x3d/0x60
[   27.925187]  kasan_save_track+0x18/0x40
[   27.925187]  kasan_save_free_info+0x3f/0x60
[   27.925187]  __kasan_mempool_poison_object+0x131/0x1d0
[   27.925187]  mempool_free+0x2ec/0x380
[   27.925187]  mempool_double_free_helper+0x10a/0x370
[   27.925187]  mempool_kmalloc_double_free+0xb1/0x100
[   27.925187]  kunit_try_run_case+0x1b3/0x490
[   27.925187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.925187]  kthread+0x257/0x310
[   27.925187]  ret_from_fork+0x41/0x80
[   27.925187]  ret_from_fork_asm+0x1a/0x30
[   27.925187] 
[   27.925187] The buggy address belongs to the object at ffff8881028f1100
[   27.925187]  which belongs to the cache kmalloc-128 of size 128
[   27.925187] The buggy address is located 0 bytes inside of
[   27.925187]  128-byte region [ffff8881028f1100, ffff8881028f1180)
[   27.925187] 
[   27.925187] The buggy address belongs to the physical page:
[   27.925187] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f1
[   27.925187] flags: 0x200000000000000(node=0|zone=2)
[   27.925187] page_type: f5(slab)
[   27.925187] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   27.925187] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   27.925187] page dumped because: kasan: bad access detected
[   27.925187] 
[   27.925187] Memory state around the buggy address:
[   27.925187]  ffff8881028f1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.925187]  ffff8881028f1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.925187] >ffff8881028f1100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.925187]                    ^
[   27.925187]  ffff8881028f1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.925187]  ffff8881028f1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.925187] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pNKxJFf8Xmw36QpJYyZTCAyOBG

job_id

TEST:linaro@lkft#2pNL37jdItRW9kD3t1f1iUv9jWi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNL37jdItRW9kD3t1f1iUv9jWi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKzut8T8XNaub0jog0DurvLHG/bzImage
sha256sum	8a228c416158a60c7a52ef95959c2b3fdcb3ef4176ed86add7ebb604864acafb

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKzut8T8XNaub0jog0DurvLHG/modules.tar.xz
sha256sum	0c9def84dcea843251616ddfbdafbf78ef77930a5ece1629a86a4abad75aaef9

durations

tests

boot	396.11
kunit	522.52

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   22.921870] ==================================================================
[   22.922810] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370
[   22.924024] Free of addr ffff888102a30000 by task kunit_try_catch/244
[   22.924647] 
[   22.924842] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   22.926195] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.926873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.928254] Call Trace:
[   22.928504]  <TASK>
[   22.928879]  dump_stack_lvl+0x73/0xb0
[   22.929298]  print_report+0xd1/0x640
[   22.929923]  ? __virt_addr_valid+0x1db/0x2d0
[   22.931002]  ? mempool_double_free_helper+0x185/0x370
[   22.931514]  ? kasan_addr_to_slab+0x11/0xa0
[   22.932010]  ? mempool_double_free_helper+0x185/0x370
[   22.932713]  kasan_report_invalid_free+0xc0/0xf0
[   22.933473]  ? mempool_double_free_helper+0x185/0x370
[   22.933889]  ? mempool_double_free_helper+0x185/0x370
[   22.934716]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   22.935159]  mempool_free+0x2ec/0x380
[   22.936506]  mempool_double_free_helper+0x185/0x370
[   22.937025]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   22.937625]  ? finish_task_switch.isra.0+0x153/0x700
[   22.938382]  mempool_kmalloc_large_double_free+0xb1/0x100
[   22.939249]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   22.939952]  ? __switch_to+0x5d9/0xf60
[   22.940366]  ? __pfx_mempool_kmalloc+0x10/0x10
[   22.941371]  ? __pfx_mempool_kfree+0x10/0x10
[   22.941800]  ? __pfx_read_tsc+0x10/0x10
[   22.942570]  ? ktime_get_ts64+0x84/0x230
[   22.943434]  kunit_try_run_case+0x1b3/0x490
[   22.944171]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.945404]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.946463]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.946950]  ? __kthread_parkme+0x82/0x160
[   22.947563]  ? preempt_count_sub+0x50/0x80
[   22.948069]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.948861]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.949442]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.949942]  kthread+0x257/0x310
[   22.950305]  ? __pfx_kthread+0x10/0x10
[   22.951813]  ret_from_fork+0x41/0x80
[   22.952273]  ? __pfx_kthread+0x10/0x10
[   22.952577]  ret_from_fork_asm+0x1a/0x30
[   22.953754]  </TASK>
[   22.954178] 
[   22.954660] The buggy address belongs to the physical page:
[   22.955406] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30
[   22.956659] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.957559] flags: 0x200000000000040(head|node=0|zone=2)
[   22.958847] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.959332] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.960007] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.960811] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.961502] head: 0200000000000002 ffffea00040a8c01 ffffffffffffffff 0000000000000000
[   22.962061] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.963506] page dumped because: kasan: bad access detected
[   22.964558] 
[   22.964761] Memory state around the buggy address:
[   22.965070]  ffff888102a2ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.966335]  ffff888102a2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.967187] >ffff888102a30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.967809]                    ^
[   22.968115]  ffff888102a30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.969517]  ffff888102a30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.970132] ==================================================================
[   22.977735] ==================================================================
[   22.978562] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370
[   22.979406] Free of addr ffff888102ad8000 by task kunit_try_catch/246
[   22.980417] 
[   22.980647] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   22.981434] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.983032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.983874] Call Trace:
[   22.984244]  <TASK>
[   22.984476]  dump_stack_lvl+0x73/0xb0
[   22.985036]  print_report+0xd1/0x640
[   22.985630]  ? __virt_addr_valid+0x1db/0x2d0
[   22.986687]  ? mempool_double_free_helper+0x185/0x370
[   22.987425]  ? kasan_addr_to_slab+0x11/0xa0
[   22.987726]  ? mempool_double_free_helper+0x185/0x370
[   22.988974]  kasan_report_invalid_free+0xc0/0xf0
[   22.989794]  ? mempool_double_free_helper+0x185/0x370
[   22.990503]  ? mempool_double_free_helper+0x185/0x370
[   22.991534]  __kasan_mempool_poison_pages+0x115/0x130
[   22.992370]  mempool_free+0x290/0x380
[   22.993246]  mempool_double_free_helper+0x185/0x370
[   22.993811]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   22.994364]  ? finish_task_switch.isra.0+0x153/0x700
[   22.995390]  mempool_page_alloc_double_free+0xac/0x100
[   22.996541]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   22.997251]  ? __switch_to+0x5d9/0xf60
[   22.998249]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   22.998619]  ? __pfx_mempool_free_pages+0x10/0x10
[   22.999811]  ? __pfx_read_tsc+0x10/0x10
[   23.000173]  ? ktime_get_ts64+0x84/0x230
[   23.001055]  kunit_try_run_case+0x1b3/0x490
[   23.001438]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.001967]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.002909]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.003453]  ? __kthread_parkme+0x82/0x160
[   23.004043]  ? preempt_count_sub+0x50/0x80
[   23.004626]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.004881]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.005093]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.005326]  kthread+0x257/0x310
[   23.005466]  ? __pfx_kthread+0x10/0x10
[   23.005728]  ret_from_fork+0x41/0x80
[   23.006000]  ? __pfx_kthread+0x10/0x10
[   23.006401]  ret_from_fork_asm+0x1a/0x30
[   23.007068]  </TASK>
[   23.007349] 
[   23.007647] The buggy address belongs to the physical page:
[   23.008283] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad8
[   23.009109] flags: 0x200000000000000(node=0|zone=2)
[   23.009713] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   23.010710] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.011246] page dumped because: kasan: bad access detected
[   23.011715] 
[   23.011968] Memory state around the buggy address:
[   23.012689]  ffff888102ad7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.013118]  ffff888102ad7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.013514] >ffff888102ad8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.014250]                    ^
[   23.014832]  ffff888102ad8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.015836]  ffff888102ad8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.016281] ==================================================================
[   22.852925] ==================================================================
[   22.854146] BUG: KASAN: double-free in mempool_double_free_helper+0x185/0x370
[   22.855129] Free of addr ffff888102ba4b00 by task kunit_try_catch/242
[   22.856373] 
[   22.856637] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   22.857373] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.857833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.858422] Call Trace:
[   22.858815]  <TASK>
[   22.859103]  dump_stack_lvl+0x73/0xb0
[   22.859665]  print_report+0xd1/0x640
[   22.860510]  ? __virt_addr_valid+0x1db/0x2d0
[   22.860892]  ? mempool_double_free_helper+0x185/0x370
[   22.861446]  ? kasan_complete_mode_report_info+0x64/0x200
[   22.862145]  ? mempool_double_free_helper+0x185/0x370
[   22.862682]  kasan_report_invalid_free+0xc0/0xf0
[   22.863266]  ? mempool_double_free_helper+0x185/0x370
[   22.863884]  ? mempool_double_free_helper+0x185/0x370
[   22.864890]  ? mempool_double_free_helper+0x185/0x370
[   22.865436]  check_slab_allocation+0x101/0x130
[   22.866006]  __kasan_mempool_poison_object+0x91/0x1d0
[   22.866719]  mempool_free+0x2ec/0x380
[   22.867167]  mempool_double_free_helper+0x185/0x370
[   22.867736]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   22.868332]  ? finish_task_switch.isra.0+0x153/0x700
[   22.868891]  mempool_kmalloc_double_free+0xb1/0x100
[   22.871169]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   22.872014]  ? __switch_to+0x5d9/0xf60
[   22.872412]  ? __pfx_mempool_kmalloc+0x10/0x10
[   22.872884]  ? __pfx_mempool_kfree+0x10/0x10
[   22.873269]  ? __pfx_read_tsc+0x10/0x10
[   22.873735]  ? ktime_get_ts64+0x84/0x230
[   22.874155]  kunit_try_run_case+0x1b3/0x490
[   22.874782]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.875056]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.875543]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.875870]  ? __kthread_parkme+0x82/0x160
[   22.876430]  ? preempt_count_sub+0x50/0x80
[   22.877151]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.878361]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.878983]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.880233]  kthread+0x257/0x310
[   22.880747]  ? __pfx_kthread+0x10/0x10
[   22.881316]  ret_from_fork+0x41/0x80
[   22.882005]  ? __pfx_kthread+0x10/0x10
[   22.882574]  ret_from_fork_asm+0x1a/0x30
[   22.883264]  </TASK>
[   22.883668] 
[   22.883924] Allocated by task 242:
[   22.884388]  kasan_save_stack+0x3d/0x60
[   22.885247]  kasan_save_track+0x18/0x40
[   22.885766]  kasan_save_alloc_info+0x3b/0x50
[   22.886366]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   22.887003]  remove_element+0x11e/0x190
[   22.887547]  mempool_alloc_preallocated+0x4d/0x90
[   22.888201]  mempool_double_free_helper+0x8b/0x370
[   22.888745]  mempool_kmalloc_double_free+0xb1/0x100
[   22.889345]  kunit_try_run_case+0x1b3/0x490
[   22.889722]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.890402]  kthread+0x257/0x310
[   22.891513]  ret_from_fork+0x41/0x80
[   22.891859]  ret_from_fork_asm+0x1a/0x30
[   22.892315] 
[   22.892527] Freed by task 242:
[   22.893241]  kasan_save_stack+0x3d/0x60
[   22.893913]  kasan_save_track+0x18/0x40
[   22.894466]  kasan_save_free_info+0x3f/0x60
[   22.895114]  __kasan_mempool_poison_object+0x131/0x1d0
[   22.895999]  mempool_free+0x2ec/0x380
[   22.896354]  mempool_double_free_helper+0x10a/0x370
[   22.897051]  mempool_kmalloc_double_free+0xb1/0x100
[   22.897961]  kunit_try_run_case+0x1b3/0x490
[   22.898363]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.899168]  kthread+0x257/0x310
[   22.899665]  ret_from_fork+0x41/0x80
[   22.900379]  ret_from_fork_asm+0x1a/0x30
[   22.900655] 
[   22.901395] The buggy address belongs to the object at ffff888102ba4b00
[   22.901395]  which belongs to the cache kmalloc-128 of size 128
[   22.902303] The buggy address is located 0 bytes inside of
[   22.902303]  128-byte region [ffff888102ba4b00, ffff888102ba4b80)
[   22.902855] 
[   22.903065] The buggy address belongs to the physical page:
[   22.904520] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba4
[   22.905563] flags: 0x200000000000000(node=0|zone=2)
[   22.905941] page_type: f5(slab)
[   22.906343] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   22.907247] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   22.908110] page dumped because: kasan: bad access detected
[   22.908636] 
[   22.909088] Memory state around the buggy address:
[   22.909510]  ffff888102ba4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.910691]  ffff888102ba4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.911154] >ffff888102ba4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.911877]                    ^
[   22.912154]  ffff888102ba4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.913441]  ffff888102ba4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.913884] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pNLRA0IBHuJTf07d272FmWDvGc

job_id

TEST:linaro@lkft#2pNLWIxbKMQbNd3LjqmUpOkXL4T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNLWIxbKMQbNd3LjqmUpOkXL4T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLT2lusIsQZPDw4GJIP5UU6Ir/bzImage
sha256sum	143f713ad1814f248c0c6d1590c70927e1849fbba08c832c7f24bbfdcc2ff727

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLT2lusIsQZPDw4GJIP5UU6Ir/modules.tar.xz
sha256sum	0249b32685233d9e186ba4576d570fd3be1e101fbee1ffd6032f1bcc02720bc8

durations

tests

boot	379.18
kunit	483.72

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit