lkft/linux-next-master - next-20250515 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

May 15, 2025, 10:38 a.m.

Environment
qemu-arm64
qemu-x86_64

[   20.004035] ==================================================================
[   20.004088] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.004141] Free of addr fff00000c7868000 by task kunit_try_catch/237
[   20.004198] 
[   20.004228] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   20.004311] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.004337] Hardware name: linux,dummy-virt (DT)
[   20.004368] Call trace:
[   20.004390]  show_stack+0x20/0x38 (C)
[   20.004440]  dump_stack_lvl+0x8c/0xd0
[   20.004486]  print_report+0x118/0x608
[   20.004532]  kasan_report_invalid_free+0xc0/0xe8
[   20.004581]  __kasan_mempool_poison_object+0x14c/0x150
[   20.004633]  mempool_free+0x28c/0x328
[   20.004680]  mempool_double_free_helper+0x150/0x2e8
[   20.004728]  mempool_kmalloc_large_double_free+0xc0/0x118
[   20.004778]  kunit_try_run_case+0x170/0x3f0
[   20.004823]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.004874]  kthread+0x328/0x630
[   20.004919]  ret_from_fork+0x10/0x20
[   20.004964] 
[   20.004984] The buggy address belongs to the physical page:
[   20.005016] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107868
[   20.005069] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.005115] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.005199] page_type: f8(unknown)
[   20.005239] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.005286] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.005344] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.005394] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.005443] head: 0bfffe0000000002 ffffc1ffc31e1a01 00000000ffffffff 00000000ffffffff
[   20.005492] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.005532] page dumped because: kasan: bad access detected
[   20.005570] 
[   20.005588] Memory state around the buggy address:
[   20.005627]  fff00000c7867f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.005681]  fff00000c7867f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.005723] >fff00000c7868000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.005759]                    ^
[   20.005785]  fff00000c7868080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.005826]  fff00000c7868100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.005864] ==================================================================
[   20.012327] ==================================================================
[   20.012447] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.012506] Free of addr fff00000c786c000 by task kunit_try_catch/239
[   20.012600] 
[   20.012679] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   20.012792] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.012820] Hardware name: linux,dummy-virt (DT)
[   20.012869] Call trace:
[   20.012901]  show_stack+0x20/0x38 (C)
[   20.012952]  dump_stack_lvl+0x8c/0xd0
[   20.012998]  print_report+0x118/0x608
[   20.013044]  kasan_report_invalid_free+0xc0/0xe8
[   20.013197]  __kasan_mempool_poison_pages+0xe0/0xe8
[   20.013298]  mempool_free+0x24c/0x328
[   20.013385]  mempool_double_free_helper+0x150/0x2e8
[   20.013436]  mempool_page_alloc_double_free+0xbc/0x118
[   20.013486]  kunit_try_run_case+0x170/0x3f0
[   20.013533]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.013584]  kthread+0x328/0x630
[   20.013630]  ret_from_fork+0x10/0x20
[   20.013772] 
[   20.013855] The buggy address belongs to the physical page:
[   20.013926] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c
[   20.014007] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.014102] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   20.014215] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.014276] page dumped because: kasan: bad access detected
[   20.014320] 
[   20.014338] Memory state around the buggy address:
[   20.014371]  fff00000c786bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.014414]  fff00000c786bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.014456] >fff00000c786c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.014599]                    ^
[   20.014669]  fff00000c786c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.014847]  fff00000c786c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.015016] ==================================================================
[   19.993797] ==================================================================
[   19.993932] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   19.994098] Free of addr fff00000c1729100 by task kunit_try_catch/235
[   19.994264] 
[   19.994333] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   19.994425] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.994473] Hardware name: linux,dummy-virt (DT)
[   19.994502] Call trace:
[   19.994531]  show_stack+0x20/0x38 (C)
[   19.994581]  dump_stack_lvl+0x8c/0xd0
[   19.994629]  print_report+0x118/0x608
[   19.994674]  kasan_report_invalid_free+0xc0/0xe8
[   19.994729]  check_slab_allocation+0xd4/0x108
[   19.994775]  __kasan_mempool_poison_object+0x78/0x150
[   19.994827]  mempool_free+0x28c/0x328
[   19.994874]  mempool_double_free_helper+0x150/0x2e8
[   19.994922]  mempool_kmalloc_double_free+0xc0/0x118
[   19.994970]  kunit_try_run_case+0x170/0x3f0
[   19.995016]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.995068]  kthread+0x328/0x630
[   19.995112]  ret_from_fork+0x10/0x20
[   19.995167] 
[   19.995188] Allocated by task 235:
[   19.995215]  kasan_save_stack+0x3c/0x68
[   19.995255]  kasan_save_track+0x20/0x40
[   19.995292]  kasan_save_alloc_info+0x40/0x58
[   19.995331]  __kasan_mempool_unpoison_object+0x11c/0x180
[   19.995371]  remove_element+0x130/0x1f8
[   19.995417]  mempool_alloc_preallocated+0x58/0xc0
[   19.995470]  mempool_double_free_helper+0x94/0x2e8
[   19.995572]  mempool_kmalloc_double_free+0xc0/0x118
[   19.995671]  kunit_try_run_case+0x170/0x3f0
[   19.995744]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.995861]  kthread+0x328/0x630
[   19.995940]  ret_from_fork+0x10/0x20
[   19.996008] 
[   19.996072] Freed by task 235:
[   19.996099]  kasan_save_stack+0x3c/0x68
[   19.996379]  kasan_save_track+0x20/0x40
[   19.996480]  kasan_save_free_info+0x4c/0x78
[   19.996581]  __kasan_mempool_poison_object+0xc0/0x150
[   19.996633]  mempool_free+0x28c/0x328
[   19.996670]  mempool_double_free_helper+0x100/0x2e8
[   19.996709]  mempool_kmalloc_double_free+0xc0/0x118
[   19.996757]  kunit_try_run_case+0x170/0x3f0
[   19.996801]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.996842]  kthread+0x328/0x630
[   19.996886]  ret_from_fork+0x10/0x20
[   19.996927] 
[   19.996945] The buggy address belongs to the object at fff00000c1729100
[   19.996945]  which belongs to the cache kmalloc-128 of size 128
[   19.997013] The buggy address is located 0 bytes inside of
[   19.997013]  128-byte region [fff00000c1729100, fff00000c1729180)
[   19.997069] 
[   19.997098] The buggy address belongs to the physical page:
[   19.997128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101729
[   19.997188] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.997236] page_type: f5(slab)
[   19.997275] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.997324] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.997364] page dumped because: kasan: bad access detected
[   19.997395] 
[   19.997412] Memory state around the buggy address:
[   19.997443]  fff00000c1729000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.997486]  fff00000c1729080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.997527] >fff00000c1729100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.997564]                    ^
[   19.997589]  fff00000c1729180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.997630]  fff00000c1729200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.997669] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x82cn95lnaJcv25aBcIbqxmNlW

job_id

TEST:linaro@lkft#2x82i0VEAX8AHEnAIjjHU38fOa5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x82i0VEAX8AHEnAIjjHU38fOa5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82eG237Xz0oehRyoZ2sE2FTZZ/Image.gz
sha256sum	8d10f44ec72bc28243b4fef40985d64e1d2a2da67aaf1203ca0c5f056291b385

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82eG237Xz0oehRyoZ2sE2FTZZ/modules.tar.xz
sha256sum	260beefc77a5cb8d14f0b0fb6da10f4b829dae2598932fe8a7db834d3bf2199f

durations

tests

boot	0
kunit	179.62

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.926734] ==================================================================
[   15.927173] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.927724] Free of addr ffff8881029a4000 by task kunit_try_catch/255
[   15.928017] 
[   15.928760] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   15.928916] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.928946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.929115] Call Trace:
[   15.929153]  <TASK>
[   15.929187]  dump_stack_lvl+0x73/0xb0
[   15.929254]  print_report+0xd1/0x650
[   15.929283]  ? __virt_addr_valid+0x1db/0x2d0
[   15.929311]  ? kasan_addr_to_slab+0x11/0xa0
[   15.929333]  ? mempool_double_free_helper+0x184/0x370
[   15.929359]  kasan_report_invalid_free+0x10a/0x130
[   15.929385]  ? mempool_double_free_helper+0x184/0x370
[   15.929413]  ? mempool_double_free_helper+0x184/0x370
[   15.929436]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   15.929482]  mempool_free+0x2ec/0x380
[   15.929524]  mempool_double_free_helper+0x184/0x370
[   15.929562]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.929609]  ? __pfx_sched_clock_cpu+0x10/0x10
[   15.929635]  ? finish_task_switch.isra.0+0x153/0x700
[   15.929664]  mempool_kmalloc_large_double_free+0xed/0x140
[   15.929690]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   15.929717]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.929735]  ? __pfx_mempool_kfree+0x10/0x10
[   15.929756]  ? __pfx_read_tsc+0x10/0x10
[   15.929778]  ? ktime_get_ts64+0x86/0x230
[   15.929803]  kunit_try_run_case+0x1a5/0x480
[   15.929828]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.929849]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.929872]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.929893]  ? __kthread_parkme+0x82/0x180
[   15.929914]  ? preempt_count_sub+0x50/0x80
[   15.929937]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.929959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.929981]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.930002]  kthread+0x337/0x6f0
[   15.930020]  ? trace_preempt_on+0x20/0xc0
[   15.930045]  ? __pfx_kthread+0x10/0x10
[   15.930065]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.930085]  ? calculate_sigpending+0x7b/0xa0
[   15.930109]  ? __pfx_kthread+0x10/0x10
[   15.930130]  ret_from_fork+0x116/0x1d0
[   15.930148]  ? __pfx_kthread+0x10/0x10
[   15.930167]  ret_from_fork_asm+0x1a/0x30
[   15.930199]  </TASK>
[   15.930212] 
[   15.941314] The buggy address belongs to the physical page:
[   15.941717] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a4
[   15.942478] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.942803] flags: 0x200000000000040(head|node=0|zone=2)
[   15.943577] page_type: f8(unknown)
[   15.943759] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.944410] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.944852] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.945314] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.945460] head: 0200000000000002 ffffea00040a6901 00000000ffffffff 00000000ffffffff
[   15.945591] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.946789] page dumped because: kasan: bad access detected
[   15.947127] 
[   15.947307] Memory state around the buggy address:
[   15.947633]  ffff8881029a3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.947873]  ffff8881029a3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.948192] >ffff8881029a4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.948644]                    ^
[   15.948908]  ffff8881029a4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.949197]  ffff8881029a4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.949491] ==================================================================
[   15.883059] ==================================================================
[   15.883536] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.884485] Free of addr ffff88810231a600 by task kunit_try_catch/253
[   15.884924] 
[   15.885658] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   15.885728] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.885741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.885764] Call Trace:
[   15.885780]  <TASK>
[   15.885802]  dump_stack_lvl+0x73/0xb0
[   15.885838]  print_report+0xd1/0x650
[   15.885862]  ? __virt_addr_valid+0x1db/0x2d0
[   15.885886]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.885907]  ? mempool_double_free_helper+0x184/0x370
[   15.885929]  kasan_report_invalid_free+0x10a/0x130
[   15.885952]  ? mempool_double_free_helper+0x184/0x370
[   15.885976]  ? mempool_double_free_helper+0x184/0x370
[   15.885998]  ? mempool_double_free_helper+0x184/0x370
[   15.886020]  check_slab_allocation+0x101/0x130
[   15.886041]  __kasan_mempool_poison_object+0x91/0x1d0
[   15.886064]  mempool_free+0x2ec/0x380
[   15.886088]  mempool_double_free_helper+0x184/0x370
[   15.886111]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.886136]  ? __pfx_sched_clock_cpu+0x10/0x10
[   15.886156]  ? irqentry_exit+0x2a/0x60
[   15.886177]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   15.886201]  mempool_kmalloc_double_free+0xed/0x140
[   15.886244]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   15.886287]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.886318]  ? __pfx_mempool_kfree+0x10/0x10
[   15.886369]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   15.886418]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   15.886460]  kunit_try_run_case+0x1a5/0x480
[   15.886514]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.886550]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.886586]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.886621]  ? __kthread_parkme+0x82/0x180
[   15.886657]  ? preempt_count_sub+0x50/0x80
[   15.886695]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.886732]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.886768]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.886805]  kthread+0x337/0x6f0
[   15.886837]  ? trace_preempt_on+0x20/0xc0
[   15.886875]  ? __pfx_kthread+0x10/0x10
[   15.886908]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.886943]  ? calculate_sigpending+0x7b/0xa0
[   15.886979]  ? __pfx_kthread+0x10/0x10
[   15.887014]  ret_from_fork+0x116/0x1d0
[   15.887052]  ? __pfx_kthread+0x10/0x10
[   15.887090]  ret_from_fork_asm+0x1a/0x30
[   15.887151]  </TASK>
[   15.887167] 
[   15.900713] Allocated by task 253:
[   15.901649]  kasan_save_stack+0x45/0x70
[   15.902016]  kasan_save_track+0x18/0x40
[   15.902174]  kasan_save_alloc_info+0x3b/0x50
[   15.902336]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   15.902862]  remove_element+0x11e/0x190
[   15.903139]  mempool_alloc_preallocated+0x4d/0x90
[   15.903400]  mempool_double_free_helper+0x8a/0x370
[   15.904624]  mempool_kmalloc_double_free+0xed/0x140
[   15.905046]  kunit_try_run_case+0x1a5/0x480
[   15.905319]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.905862]  kthread+0x337/0x6f0
[   15.906096]  ret_from_fork+0x116/0x1d0
[   15.906268]  ret_from_fork_asm+0x1a/0x30
[   15.906512] 
[   15.906743] Freed by task 253:
[   15.907178]  kasan_save_stack+0x45/0x70
[   15.907738]  kasan_save_track+0x18/0x40
[   15.908204]  kasan_save_free_info+0x3f/0x60
[   15.908504]  __kasan_mempool_poison_object+0x131/0x1d0
[   15.909081]  mempool_free+0x2ec/0x380
[   15.909284]  mempool_double_free_helper+0x109/0x370
[   15.909697]  mempool_kmalloc_double_free+0xed/0x140
[   15.909912]  kunit_try_run_case+0x1a5/0x480
[   15.910560]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.910865]  kthread+0x337/0x6f0
[   15.911135]  ret_from_fork+0x116/0x1d0
[   15.911363]  ret_from_fork_asm+0x1a/0x30
[   15.912133] 
[   15.912258] The buggy address belongs to the object at ffff88810231a600
[   15.912258]  which belongs to the cache kmalloc-128 of size 128
[   15.912908] The buggy address is located 0 bytes inside of
[   15.912908]  128-byte region [ffff88810231a600, ffff88810231a680)
[   15.913479] 
[   15.913651] The buggy address belongs to the physical page:
[   15.913945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10231a
[   15.914435] flags: 0x200000000000000(node=0|zone=2)
[   15.914920] page_type: f5(slab)
[   15.915111] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   15.915388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.916319] page dumped because: kasan: bad access detected
[   15.916903] 
[   15.917074] Memory state around the buggy address:
[   15.917431]  ffff88810231a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.918079]  ffff88810231a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.918681] >ffff88810231a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.918947]                    ^
[   15.919238]  ffff88810231a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.920079]  ffff88810231a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.920558] ==================================================================
[   15.954383] ==================================================================
[   15.955523] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.956218] Free of addr ffff888103c2c000 by task kunit_try_catch/257
[   15.956461] 
[   15.956648] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   15.956706] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.956719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.956742] Call Trace:
[   15.956758]  <TASK>
[   15.956778]  dump_stack_lvl+0x73/0xb0
[   15.956812]  print_report+0xd1/0x650
[   15.956836]  ? __virt_addr_valid+0x1db/0x2d0
[   15.956862]  ? kasan_addr_to_slab+0x11/0xa0
[   15.956882]  ? mempool_double_free_helper+0x184/0x370
[   15.956906]  kasan_report_invalid_free+0x10a/0x130
[   15.956929]  ? mempool_double_free_helper+0x184/0x370
[   15.956955]  ? mempool_double_free_helper+0x184/0x370
[   15.956977]  __kasan_mempool_poison_pages+0x115/0x130
[   15.957001]  mempool_free+0x290/0x380
[   15.957024]  mempool_double_free_helper+0x184/0x370
[   15.957048]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.957073]  ? __pfx_sched_clock_cpu+0x10/0x10
[   15.957095]  ? finish_task_switch.isra.0+0x153/0x700
[   15.957121]  mempool_page_alloc_double_free+0xe8/0x140
[   15.957145]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   15.957171]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   15.957189]  ? __pfx_mempool_free_pages+0x10/0x10
[   15.957210]  ? __pfx_read_tsc+0x10/0x10
[   15.957271]  ? ktime_get_ts64+0x86/0x230
[   15.957300]  kunit_try_run_case+0x1a5/0x480
[   15.957327]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.957349]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.957371]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.957395]  ? __kthread_parkme+0x82/0x180
[   15.957425]  ? preempt_count_sub+0x50/0x80
[   15.957470]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.957511]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.957553]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.958015]  kthread+0x337/0x6f0
[   15.958086]  ? trace_preempt_on+0x20/0xc0
[   15.958133]  ? __pfx_kthread+0x10/0x10
[   15.958170]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.958207]  ? calculate_sigpending+0x7b/0xa0
[   15.958263]  ? __pfx_kthread+0x10/0x10
[   15.958356]  ret_from_fork+0x116/0x1d0
[   15.958397]  ? __pfx_kthread+0x10/0x10
[   15.958437]  ret_from_fork_asm+0x1a/0x30
[   15.958713]  </TASK>
[   15.958761] 
[   15.971285] The buggy address belongs to the physical page:
[   15.971827] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c2c
[   15.972447] flags: 0x200000000000000(node=0|zone=2)
[   15.973039] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   15.973426] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   15.974164] page dumped because: kasan: bad access detected
[   15.974560] 
[   15.974672] Memory state around the buggy address:
[   15.975164]  ffff888103c2bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.975617]  ffff888103c2bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.975998] >ffff888103c2c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.976295]                    ^
[   15.976515]  ffff888103c2c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.976854]  ffff888103c2c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.977173] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x82cn95lnaJcv25aBcIbqxmNlW

job_id

TEST:linaro@lkft#2x82ipUVL9WHfkZvKCNBEYbkXTJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x82ipUVL9WHfkZvKCNBEYbkXTJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82fkCMGUVy57MkjmocaW2NNv8/bzImage
sha256sum	74edfec95eb8d8148308a14fc1b668c3e17d558cc339e0295e288f4cacaf4e2e

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82fkCMGUVy57MkjmocaW2NNv8/modules.tar.xz
sha256sum	07b80db55c46bb7e71e92134a37f3185bcd0da1c71552ff3a0f50f901a05a4fb

durations

tests

boot	0
kunit	322.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE