lkft/linux-next-master - next-20250605 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

June 5, 2025, 7:08 a.m.

Environment
qemu-arm64
qemu-x86_64

[   28.482719] ==================================================================
[   28.482831] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   28.483149] Free of addr fff00000c787c000 by task kunit_try_catch/239
[   28.483275] 
[   28.483361] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   28.483662] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.483739] Hardware name: linux,dummy-virt (DT)
[   28.483821] Call trace:
[   28.483903]  show_stack+0x20/0x38 (C)
[   28.484034]  dump_stack_lvl+0x8c/0xd0
[   28.484160]  print_report+0x118/0x608
[   28.484514]  kasan_report_invalid_free+0xc0/0xe8
[   28.484734]  __kasan_mempool_poison_pages+0xe0/0xe8
[   28.484901]  mempool_free+0x24c/0x328
[   28.485020]  mempool_double_free_helper+0x150/0x2e8
[   28.485160]  mempool_page_alloc_double_free+0xbc/0x118
[   28.485396]  kunit_try_run_case+0x170/0x3f0
[   28.485567]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.485830]  kthread+0x328/0x630
[   28.485978]  ret_from_fork+0x10/0x20
[   28.486098] 
[   28.486204] The buggy address belongs to the physical page:
[   28.486438] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10787c
[   28.486751] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   28.486956] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   28.487081] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   28.487180] page dumped because: kasan: bad access detected
[   28.487305] 
[   28.487451] Memory state around the buggy address:
[   28.487609]  fff00000c787bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.487718]  fff00000c787bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.488219] >fff00000c787c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.488622]                    ^
[   28.488730]  fff00000c787c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.488849]  fff00000c787c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.489599] ==================================================================
[   28.431548] ==================================================================
[   28.431665] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   28.431773] Free of addr fff00000c7719300 by task kunit_try_catch/235
[   28.431879] 
[   28.431947] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   28.432470] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.432596] Hardware name: linux,dummy-virt (DT)
[   28.432687] Call trace:
[   28.432746]  show_stack+0x20/0x38 (C)
[   28.432880]  dump_stack_lvl+0x8c/0xd0
[   28.433010]  print_report+0x118/0x608
[   28.433665]  kasan_report_invalid_free+0xc0/0xe8
[   28.434261]  check_slab_allocation+0xd4/0x108
[   28.434596]  __kasan_mempool_poison_object+0x78/0x150
[   28.434751]  mempool_free+0x28c/0x328
[   28.435088]  mempool_double_free_helper+0x150/0x2e8
[   28.435257]  mempool_kmalloc_double_free+0xc0/0x118
[   28.435425]  kunit_try_run_case+0x170/0x3f0
[   28.435594]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.435999]  kthread+0x328/0x630
[   28.436127]  ret_from_fork+0x10/0x20
[   28.436532] 
[   28.436617] Allocated by task 235:
[   28.436844]  kasan_save_stack+0x3c/0x68
[   28.436980]  kasan_save_track+0x20/0x40
[   28.437169]  kasan_save_alloc_info+0x40/0x58
[   28.437372]  __kasan_mempool_unpoison_object+0x11c/0x180
[   28.437805]  remove_element+0x130/0x1f8
[   28.437923]  mempool_alloc_preallocated+0x58/0xc0
[   28.438053]  mempool_double_free_helper+0x94/0x2e8
[   28.438223]  mempool_kmalloc_double_free+0xc0/0x118
[   28.438352]  kunit_try_run_case+0x170/0x3f0
[   28.438824]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.439012]  kthread+0x328/0x630
[   28.439104]  ret_from_fork+0x10/0x20
[   28.439226] 
[   28.439304] Freed by task 235:
[   28.439399]  kasan_save_stack+0x3c/0x68
[   28.439514]  kasan_save_track+0x20/0x40
[   28.440014]  kasan_save_free_info+0x4c/0x78
[   28.440223]  __kasan_mempool_poison_object+0xc0/0x150
[   28.440638]  mempool_free+0x28c/0x328
[   28.440746]  mempool_double_free_helper+0x100/0x2e8
[   28.440891]  mempool_kmalloc_double_free+0xc0/0x118
[   28.441431]  kunit_try_run_case+0x170/0x3f0
[   28.441660]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.441775]  kthread+0x328/0x630
[   28.441857]  ret_from_fork+0x10/0x20
[   28.441978] 
[   28.442122] The buggy address belongs to the object at fff00000c7719300
[   28.442122]  which belongs to the cache kmalloc-128 of size 128
[   28.442502] The buggy address is located 0 bytes inside of
[   28.442502]  128-byte region [fff00000c7719300, fff00000c7719380)
[   28.442652] 
[   28.442709] The buggy address belongs to the physical page:
[   28.442916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107719
[   28.443043] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   28.443186] page_type: f5(slab)
[   28.443281] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   28.443433] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.443588] page dumped because: kasan: bad access detected
[   28.443711] 
[   28.443779] Memory state around the buggy address:
[   28.444083]  fff00000c7719200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.444658]  fff00000c7719280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.445078] >fff00000c7719300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.445185]                    ^
[   28.445265]  fff00000c7719380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.445408]  fff00000c7719400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.445509] ==================================================================
[   28.466040] ==================================================================
[   28.466215] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   28.466432] Free of addr fff00000c787c000 by task kunit_try_catch/237
[   28.466615] 
[   28.466696] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   28.466992] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.467073] Hardware name: linux,dummy-virt (DT)
[   28.467159] Call trace:
[   28.467249]  show_stack+0x20/0x38 (C)
[   28.467475]  dump_stack_lvl+0x8c/0xd0
[   28.467599]  print_report+0x118/0x608
[   28.467725]  kasan_report_invalid_free+0xc0/0xe8
[   28.467868]  __kasan_mempool_poison_object+0x14c/0x150
[   28.468026]  mempool_free+0x28c/0x328
[   28.468159]  mempool_double_free_helper+0x150/0x2e8
[   28.468388]  mempool_kmalloc_large_double_free+0xc0/0x118
[   28.468575]  kunit_try_run_case+0x170/0x3f0
[   28.468789]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.468934]  kthread+0x328/0x630
[   28.469098]  ret_from_fork+0x10/0x20
[   28.469225] 
[   28.469277] The buggy address belongs to the physical page:
[   28.469405] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10787c
[   28.469575] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.469696] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   28.469927] page_type: f8(unknown)
[   28.470089] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   28.470347] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   28.470536] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   28.470660] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   28.470783] head: 0bfffe0000000002 ffffc1ffc31e1f01 00000000ffffffff 00000000ffffffff
[   28.471001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.471113] page dumped because: kasan: bad access detected
[   28.471350] 
[   28.471399] Memory state around the buggy address:
[   28.471488]  fff00000c787bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.471689]  fff00000c787bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.471841] >fff00000c787c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.471942]                    ^
[   28.472020]  fff00000c787c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.472198]  fff00000c787c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.472300] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2y4wfFFz5evLcuglEi0lZhHSzNe

job_id

TEST:linaro@lkft#2y4wjowvqrWW4OmAKc8rw3ym5sm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2y4wjowvqrWW4OmAKc8rw3ym5sm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4wgQN6czqm2PQVcU8FNdjsVN5/Image.gz
sha256sum	1b2f5b47cb4b601221e74af41b134f90082aa5ee3e601e5e72d092f948866699

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4wgQN6czqm2PQVcU8FNdjsVN5/modules.tar.xz
sha256sum	3d8bdbd3d2915b5fde20d97ab030d3ad2e77aa77d3254354a85ea96acf7b3f33

durations

tests

boot	0
kunit	292.94

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.069545] ==================================================================
[   13.070191] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.070624] Free of addr ffff88810276ee00 by task kunit_try_catch/252
[   13.071057] 
[   13.071194] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   13.071289] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.071303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.071324] Call Trace:
[   13.071336]  <TASK>
[   13.071350]  dump_stack_lvl+0x73/0xb0
[   13.071378]  print_report+0xd1/0x650
[   13.071400]  ? __virt_addr_valid+0x1db/0x2d0
[   13.071423]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.071469]  ? mempool_double_free_helper+0x184/0x370
[   13.071495]  kasan_report_invalid_free+0x10a/0x130
[   13.071519]  ? mempool_double_free_helper+0x184/0x370
[   13.071544]  ? mempool_double_free_helper+0x184/0x370
[   13.071567]  ? mempool_double_free_helper+0x184/0x370
[   13.071590]  check_slab_allocation+0x101/0x130
[   13.071626]  __kasan_mempool_poison_object+0x91/0x1d0
[   13.071662]  mempool_free+0x2ec/0x380
[   13.071685]  mempool_double_free_helper+0x184/0x370
[   13.071708]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.071731]  ? update_load_avg+0x1be/0x21b0
[   13.071756]  ? update_load_avg+0x1be/0x21b0
[   13.071776]  ? update_curr+0x80/0x810
[   13.071798]  ? finish_task_switch.isra.0+0x153/0x700
[   13.071822]  mempool_kmalloc_double_free+0xed/0x140
[   13.071846]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   13.071872]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.071890]  ? __pfx_mempool_kfree+0x10/0x10
[   13.071924]  ? __pfx_read_tsc+0x10/0x10
[   13.072010]  ? ktime_get_ts64+0x86/0x230
[   13.072037]  kunit_try_run_case+0x1a5/0x480
[   13.072061]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.072080]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.072104]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.072130]  ? __kthread_parkme+0x82/0x180
[   13.072151]  ? preempt_count_sub+0x50/0x80
[   13.072173]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.072195]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.072219]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.072244]  kthread+0x337/0x6f0
[   13.072263]  ? trace_preempt_on+0x20/0xc0
[   13.072285]  ? __pfx_kthread+0x10/0x10
[   13.072305]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.072327]  ? calculate_sigpending+0x7b/0xa0
[   13.072351]  ? __pfx_kthread+0x10/0x10
[   13.072371]  ret_from_fork+0x116/0x1d0
[   13.072390]  ? __pfx_kthread+0x10/0x10
[   13.072410]  ret_from_fork_asm+0x1a/0x30
[   13.072440]  </TASK>
[   13.072451] 
[   13.083408] Allocated by task 252:
[   13.083613]  kasan_save_stack+0x45/0x70
[   13.083794]  kasan_save_track+0x18/0x40
[   13.084021]  kasan_save_alloc_info+0x3b/0x50
[   13.084259]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.084491]  remove_element+0x11e/0x190
[   13.084698]  mempool_alloc_preallocated+0x4d/0x90
[   13.085009]  mempool_double_free_helper+0x8a/0x370
[   13.085328]  mempool_kmalloc_double_free+0xed/0x140
[   13.085600]  kunit_try_run_case+0x1a5/0x480
[   13.085805]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.086075]  kthread+0x337/0x6f0
[   13.086245]  ret_from_fork+0x116/0x1d0
[   13.086374]  ret_from_fork_asm+0x1a/0x30
[   13.086510] 
[   13.086578] Freed by task 252:
[   13.086922]  kasan_save_stack+0x45/0x70
[   13.087121]  kasan_save_track+0x18/0x40
[   13.087305]  kasan_save_free_info+0x3f/0x60
[   13.087514]  __kasan_mempool_poison_object+0x131/0x1d0
[   13.087937]  mempool_free+0x2ec/0x380
[   13.088205]  mempool_double_free_helper+0x109/0x370
[   13.088412]  mempool_kmalloc_double_free+0xed/0x140
[   13.088572]  kunit_try_run_case+0x1a5/0x480
[   13.089012]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.089348]  kthread+0x337/0x6f0
[   13.089570]  ret_from_fork+0x116/0x1d0
[   13.089769]  ret_from_fork_asm+0x1a/0x30
[   13.089976] 
[   13.090070] The buggy address belongs to the object at ffff88810276ee00
[   13.090070]  which belongs to the cache kmalloc-128 of size 128
[   13.090842] The buggy address is located 0 bytes inside of
[   13.090842]  128-byte region [ffff88810276ee00, ffff88810276ee80)
[   13.091696] 
[   13.091796] The buggy address belongs to the physical page:
[   13.092151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10276e
[   13.092428] flags: 0x200000000000000(node=0|zone=2)
[   13.092717] page_type: f5(slab)
[   13.093130] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.093395] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.093780] page dumped because: kasan: bad access detected
[   13.094133] 
[   13.094256] Memory state around the buggy address:
[   13.094433]  ffff88810276ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.094841]  ffff88810276ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.095200] >ffff88810276ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.095636]                    ^
[   13.095776]  ffff88810276ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.096306]  ffff88810276ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.096582] ==================================================================
[   13.102138] ==================================================================
[   13.102615] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.103199] Free of addr ffff888103b0c000 by task kunit_try_catch/254
[   13.103486] 
[   13.103600] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   13.103645] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.103657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.103678] Call Trace:
[   13.103689]  <TASK>
[   13.103705]  dump_stack_lvl+0x73/0xb0
[   13.103732]  print_report+0xd1/0x650
[   13.103754]  ? __virt_addr_valid+0x1db/0x2d0
[   13.103778]  ? kasan_addr_to_slab+0x11/0xa0
[   13.103800]  ? mempool_double_free_helper+0x184/0x370
[   13.103826]  kasan_report_invalid_free+0x10a/0x130
[   13.103867]  ? mempool_double_free_helper+0x184/0x370
[   13.103906]  ? mempool_double_free_helper+0x184/0x370
[   13.103929]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   13.103954]  mempool_free+0x2ec/0x380
[   13.103977]  mempool_double_free_helper+0x184/0x370
[   13.104000]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.104026]  ? __kasan_check_write+0x18/0x20
[   13.104046]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.104068]  ? finish_task_switch.isra.0+0x153/0x700
[   13.104094]  mempool_kmalloc_large_double_free+0xed/0x140
[   13.104119]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   13.104144]  ? __kasan_check_write+0x18/0x20
[   13.104367]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.104388]  ? __pfx_mempool_kfree+0x10/0x10
[   13.104410]  ? __pfx_read_tsc+0x10/0x10
[   13.104433]  ? ktime_get_ts64+0x86/0x230
[   13.104453]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.104482]  kunit_try_run_case+0x1a5/0x480
[   13.104505]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.104526]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.104552]  ? __kthread_parkme+0x82/0x180
[   13.104573]  ? preempt_count_sub+0x50/0x80
[   13.104596]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.104617]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.104657]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.104682]  kthread+0x337/0x6f0
[   13.104700]  ? trace_preempt_on+0x20/0xc0
[   13.104723]  ? __pfx_kthread+0x10/0x10
[   13.104744]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.104766]  ? calculate_sigpending+0x7b/0xa0
[   13.104790]  ? __pfx_kthread+0x10/0x10
[   13.104812]  ret_from_fork+0x116/0x1d0
[   13.104830]  ? __pfx_kthread+0x10/0x10
[   13.104851]  ret_from_fork_asm+0x1a/0x30
[   13.104880]  </TASK>
[   13.104902] 
[   13.114183] The buggy address belongs to the physical page:
[   13.114456] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b0c
[   13.114834] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.115322] flags: 0x200000000000040(head|node=0|zone=2)
[   13.115533] page_type: f8(unknown)
[   13.115716] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.116195] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.116504] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.116831] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.117208] head: 0200000000000002 ffffea00040ec301 00000000ffffffff 00000000ffffffff
[   13.117479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.117741] page dumped because: kasan: bad access detected
[   13.118013] 
[   13.118107] Memory state around the buggy address:
[   13.118398]  ffff888103b0bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.118815]  ffff888103b0bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.119207] >ffff888103b0c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.119444]                    ^
[   13.119612]  ffff888103b0c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.119962]  ffff888103b0c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.120413] ==================================================================
[   13.124208] ==================================================================
[   13.124694] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.125033] Free of addr ffff888102c44000 by task kunit_try_catch/256
[   13.125370] 
[   13.125457] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   13.125500] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.125512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.125533] Call Trace:
[   13.125544]  <TASK>
[   13.125557]  dump_stack_lvl+0x73/0xb0
[   13.125582]  print_report+0xd1/0x650
[   13.125605]  ? __virt_addr_valid+0x1db/0x2d0
[   13.125629]  ? kasan_addr_to_slab+0x11/0xa0
[   13.125663]  ? mempool_double_free_helper+0x184/0x370
[   13.125688]  kasan_report_invalid_free+0x10a/0x130
[   13.125713]  ? mempool_double_free_helper+0x184/0x370
[   13.125738]  ? mempool_double_free_helper+0x184/0x370
[   13.125762]  __kasan_mempool_poison_pages+0x115/0x130
[   13.125788]  mempool_free+0x290/0x380
[   13.125810]  mempool_double_free_helper+0x184/0x370
[   13.125834]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.125859]  ? __kasan_check_write+0x18/0x20
[   13.125880]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.125914]  ? finish_task_switch.isra.0+0x153/0x700
[   13.125939]  mempool_page_alloc_double_free+0xe8/0x140
[   13.126020]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   13.126049]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   13.126069]  ? __pfx_mempool_free_pages+0x10/0x10
[   13.126091]  ? __pfx_read_tsc+0x10/0x10
[   13.126112]  ? ktime_get_ts64+0x86/0x230
[   13.126135]  kunit_try_run_case+0x1a5/0x480
[   13.126156]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.126176]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.126201]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.126225]  ? __kthread_parkme+0x82/0x180
[   13.126246]  ? preempt_count_sub+0x50/0x80
[   13.126268]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.126289]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.126313]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.126338]  kthread+0x337/0x6f0
[   13.126356]  ? trace_preempt_on+0x20/0xc0
[   13.126379]  ? __pfx_kthread+0x10/0x10
[   13.126399]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.126422]  ? calculate_sigpending+0x7b/0xa0
[   13.126446]  ? __pfx_kthread+0x10/0x10
[   13.126466]  ret_from_fork+0x116/0x1d0
[   13.126485]  ? __pfx_kthread+0x10/0x10
[   13.126505]  ret_from_fork_asm+0x1a/0x30
[   13.126535]  </TASK>
[   13.126545] 
[   13.135306] The buggy address belongs to the physical page:
[   13.135558] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44
[   13.135877] flags: 0x200000000000000(node=0|zone=2)
[   13.136187] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   13.136452] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   13.136866] page dumped because: kasan: bad access detected
[   13.137205] 
[   13.137279] Memory state around the buggy address:
[   13.137450]  ffff888102c43f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.137837]  ffff888102c43f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.138177] >ffff888102c44000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.138394]                    ^
[   13.138509]  ffff888102c44080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.138775]  ffff888102c44100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.139231] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2y4wfFFz5evLcuglEi0lZhHSzNe

job_id

TEST:linaro@lkft#2y4wkwtti07OHEfdevzhqA6LZmP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2y4wkwtti07OHEfdevzhqA6LZmP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4whKyYdhH0fShDWipTWaZ18Fr/bzImage
sha256sum	732b0784565e56626280894de8e0c01cb6df50c3a4b830053e8a19dc7b69a758

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4whKyYdhH0fShDWipTWaZ18Fr/modules.tar.xz
sha256sum	63a93b8e373ae517e7a0c06715102b269a88ee449bb807871272906141bb634f

durations

tests

boot	0
kunit	204.26

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned