lkft/linux-next-master - next-20250626 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

June 26, 2025, 9:10 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64

[   49.315735] ==================================================================
[   49.327411] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   49.334664] Free of addr ffff00008039f600 by task kunit_try_catch/321
[   49.341196] 
[   49.342735] CPU: 0 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   49.342774] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.342785] Hardware name: Thundercomm Dragonboard 845c (DT)
[   49.342804] Call trace:
[   49.342814]  show_stack+0x20/0x38 (C)
[   49.342835]  dump_stack_lvl+0x8c/0xd0
[   49.342860]  print_report+0x118/0x608
[   49.342883]  kasan_report_invalid_free+0xc0/0xe8
[   49.342904]  check_slab_allocation+0xd4/0x108
[   49.342927]  __kasan_mempool_poison_object+0x78/0x150
[   49.342952]  mempool_free+0x28c/0x328
[   49.342973]  mempool_double_free_helper+0x150/0x2e8
[   49.342993]  mempool_kmalloc_double_free+0xc0/0x118
[   49.343013]  kunit_try_run_case+0x170/0x3f0
[   49.343038]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.343061]  kthread+0x328/0x630
[   49.343078]  ret_from_fork+0x10/0x20
[   49.343099] 
[   49.423874] Allocated by task 321:
[   49.427337]  kasan_save_stack+0x3c/0x68
[   49.431248]  kasan_save_track+0x20/0x40
[   49.435159]  kasan_save_alloc_info+0x40/0x58
[   49.439505]  __kasan_mempool_unpoison_object+0x11c/0x180
[   49.444900]  remove_element+0x130/0x1f8
[   49.448806]  mempool_alloc_preallocated+0x58/0xc0
[   49.453588]  mempool_double_free_helper+0x94/0x2e8
[   49.458456]  mempool_kmalloc_double_free+0xc0/0x118
[   49.463420]  kunit_try_run_case+0x170/0x3f0
[   49.467676]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.473241]  kthread+0x328/0x630
[   49.476532]  ret_from_fork+0x10/0x20
[   49.480169] 
[   49.481701] Freed by task 321:
[   49.484813]  kasan_save_stack+0x3c/0x68
[   49.488722]  kasan_save_track+0x20/0x40
[   49.492632]  kasan_save_free_info+0x4c/0x78
[   49.496882]  __kasan_mempool_poison_object+0xc0/0x150
[   49.502013]  mempool_free+0x28c/0x328
[   49.505748]  mempool_double_free_helper+0x100/0x2e8
[   49.510702]  mempool_kmalloc_double_free+0xc0/0x118
[   49.515654]  kunit_try_run_case+0x170/0x3f0
[   49.519916]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.525486]  kthread+0x328/0x630
[   49.528776]  ret_from_fork+0x10/0x20
[   49.532424] 
[   49.533955] The buggy address belongs to the object at ffff00008039f600
[   49.533955]  which belongs to the cache kmalloc-128 of size 128
[   49.546621] The buggy address is located 0 bytes inside of
[   49.546621]  128-byte region [ffff00008039f600, ffff00008039f680)
[   49.558321] 
[   49.559850] The buggy address belongs to the physical page:
[   49.565499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e
[   49.573615] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   49.581371] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   49.588431] page_type: f5(slab)
[   49.591645] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000
[   49.599489] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   49.607333] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000
[   49.615265] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   49.623205] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff
[   49.631144] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   49.639070] page dumped because: kasan: bad access detected
[   49.644722] 
[   49.646253] Memory state around the buggy address:
[   49.651120]  ffff00008039f500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   49.658440]  ffff00008039f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.665763] >ffff00008039f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   49.673083]                    ^
[   49.676368]  ffff00008039f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.683686]  ffff00008039f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   49.691006] ==================================================================
[   49.702329] ==================================================================
[   49.714432] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   49.721679] Free of addr ffff000096708000 by task kunit_try_catch/323
[   49.728211] 
[   49.729750] CPU: 1 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   49.729785] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.729797] Hardware name: Thundercomm Dragonboard 845c (DT)
[   49.729813] Call trace:
[   49.729823]  show_stack+0x20/0x38 (C)
[   49.729844]  dump_stack_lvl+0x8c/0xd0
[   49.729867]  print_report+0x118/0x608
[   49.729889]  kasan_report_invalid_free+0xc0/0xe8
[   49.729910]  __kasan_mempool_poison_object+0x14c/0x150
[   49.729934]  mempool_free+0x28c/0x328
[   49.729955]  mempool_double_free_helper+0x150/0x2e8
[   49.729977]  mempool_kmalloc_large_double_free+0xc0/0x118
[   49.729999]  kunit_try_run_case+0x170/0x3f0
[   49.730020]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.730044]  kthread+0x328/0x630
[   49.730061]  ret_from_fork+0x10/0x20
[   49.730084] 
[   49.807065] The buggy address belongs to the physical page:
[   49.812718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116708
[   49.820830] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   49.828585] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   49.835647] page_type: f8(unknown)
[   49.839116] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   49.846957] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   49.854809] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   49.862749] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   49.870689] head: 0bfffe0000000002 fffffdffc259c201 00000000ffffffff 00000000ffffffff
[   49.878628] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   49.886563] page dumped because: kasan: bad access detected
[   49.892215] 
[   49.893743] Memory state around the buggy address:
[   49.898609]  ffff000096707f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   49.905928]  ffff000096707f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   49.913250] >ffff000096708000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   49.920568]                    ^
[   49.923860]  ffff000096708080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   49.931183]  ffff000096708100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   49.938500] ==================================================================
[   49.949529] ==================================================================
[   49.962152] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   49.969396] Free of addr ffff000095370000 by task kunit_try_catch/325
[   49.975929] 
[   49.977466] CPU: 0 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   49.977502] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.977513] Hardware name: Thundercomm Dragonboard 845c (DT)
[   49.977530] Call trace:
[   49.977539]  show_stack+0x20/0x38 (C)
[   49.977560]  dump_stack_lvl+0x8c/0xd0
[   49.977582]  print_report+0x118/0x608
[   49.977604]  kasan_report_invalid_free+0xc0/0xe8
[   49.977626]  __kasan_mempool_poison_pages+0xe0/0xe8
[   49.977649]  mempool_free+0x24c/0x328
[   49.977669]  mempool_double_free_helper+0x150/0x2e8
[   49.977690]  mempool_page_alloc_double_free+0xbc/0x118
[   49.977715]  kunit_try_run_case+0x170/0x3f0
[   49.977738]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.977762]  kthread+0x328/0x630
[   49.977778]  ret_from_fork+0x10/0x20
[   49.977800] 
[   50.054259] The buggy address belongs to the physical page:
[   50.059904] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115370
[   50.068016] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   50.074641] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   50.082482] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   50.090321] page dumped because: kasan: bad access detected
[   50.095966] 
[   50.097492] Memory state around the buggy address:
[   50.102357]  ffff00009536ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   50.109679]  ffff00009536ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   50.117000] >ffff000095370000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   50.124319]                    ^
[   50.127600]  ffff000095370080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   50.134924]  ffff000095370100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   50.142244] ==================================================================

Metadata Full log Test run details

[   28.963159] ==================================================================
[   28.963245] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   28.963305] Free of addr fff00000c5773500 by task kunit_try_catch/247
[   28.963392] 
[   28.963429] CPU: 0 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   28.963544] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.963592] Hardware name: linux,dummy-virt (DT)
[   28.963645] Call trace:
[   28.963679]  show_stack+0x20/0x38 (C)
[   28.963763]  dump_stack_lvl+0x8c/0xd0
[   28.963884]  print_report+0x118/0x608
[   28.964027]  kasan_report_invalid_free+0xc0/0xe8
[   28.964187]  check_slab_allocation+0xd4/0x108
[   28.964244]  __kasan_mempool_poison_object+0x78/0x150
[   28.964297]  mempool_free+0x28c/0x328
[   28.964573]  mempool_double_free_helper+0x150/0x2e8
[   28.964629]  mempool_kmalloc_double_free+0xc0/0x118
[   28.964766]  kunit_try_run_case+0x170/0x3f0
[   28.964860]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.964967]  kthread+0x328/0x630
[   28.965023]  ret_from_fork+0x10/0x20
[   28.965194] 
[   28.965231] Allocated by task 247:
[   28.965261]  kasan_save_stack+0x3c/0x68
[   28.965571]  kasan_save_track+0x20/0x40
[   28.965681]  kasan_save_alloc_info+0x40/0x58
[   28.965719]  __kasan_mempool_unpoison_object+0x11c/0x180
[   28.965773]  remove_element+0x130/0x1f8
[   28.965816]  mempool_alloc_preallocated+0x58/0xc0
[   28.965855]  mempool_double_free_helper+0x94/0x2e8
[   28.965909]  mempool_kmalloc_double_free+0xc0/0x118
[   28.965964]  kunit_try_run_case+0x170/0x3f0
[   28.966005]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.966065]  kthread+0x328/0x630
[   28.966097]  ret_from_fork+0x10/0x20
[   28.966134] 
[   28.966165] Freed by task 247:
[   28.966209]  kasan_save_stack+0x3c/0x68
[   28.966251]  kasan_save_track+0x20/0x40
[   28.966288]  kasan_save_free_info+0x4c/0x78
[   28.966322]  __kasan_mempool_poison_object+0xc0/0x150
[   28.966364]  mempool_free+0x28c/0x328
[   28.966396]  mempool_double_free_helper+0x100/0x2e8
[   28.966446]  mempool_kmalloc_double_free+0xc0/0x118
[   28.966508]  kunit_try_run_case+0x170/0x3f0
[   28.966546]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.966589]  kthread+0x328/0x630
[   28.966634]  ret_from_fork+0x10/0x20
[   28.966671] 
[   28.966697] The buggy address belongs to the object at fff00000c5773500
[   28.966697]  which belongs to the cache kmalloc-128 of size 128
[   28.966754] The buggy address is located 0 bytes inside of
[   28.966754]  128-byte region [fff00000c5773500, fff00000c5773580)
[   28.966814] 
[   28.966833] The buggy address belongs to the physical page:
[   28.966865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773
[   28.966921] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   28.966983] page_type: f5(slab)
[   28.967024] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   28.967083] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.967123] page dumped because: kasan: bad access detected
[   28.967154] 
[   28.967172] Memory state around the buggy address:
[   28.967206]  fff00000c5773400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.967249]  fff00000c5773480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.967290] >fff00000c5773500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.967748]                    ^
[   28.967842]  fff00000c5773580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.968008]  fff00000c5773600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.968128] ==================================================================
[   28.983790] ==================================================================
[   28.983848] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   28.984219] Free of addr fff00000c6550000 by task kunit_try_catch/251
[   28.984393] 
[   28.984500] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   28.984625] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.984716] Hardware name: linux,dummy-virt (DT)
[   28.984748] Call trace:
[   28.984807]  show_stack+0x20/0x38 (C)
[   28.984874]  dump_stack_lvl+0x8c/0xd0
[   28.985046]  print_report+0x118/0x608
[   28.985176]  kasan_report_invalid_free+0xc0/0xe8
[   28.985256]  __kasan_mempool_poison_pages+0xe0/0xe8
[   28.985307]  mempool_free+0x24c/0x328
[   28.985352]  mempool_double_free_helper+0x150/0x2e8
[   28.985400]  mempool_page_alloc_double_free+0xbc/0x118
[   28.985600]  kunit_try_run_case+0x170/0x3f0
[   28.985781]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.985998]  kthread+0x328/0x630
[   28.986075]  ret_from_fork+0x10/0x20
[   28.986174] 
[   28.986296] The buggy address belongs to the physical page:
[   28.986373] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106550
[   28.986453] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   28.986537] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   28.986596] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   28.986857] page dumped because: kasan: bad access detected
[   28.986905] 
[   28.986924] Memory state around the buggy address:
[   28.987006]  fff00000c654ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.987185]  fff00000c654ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.987294] >fff00000c6550000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.987382]                    ^
[   28.987472]  fff00000c6550080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.987613]  fff00000c6550100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.987713] ==================================================================
[   28.974745] ==================================================================
[   28.974805] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   28.974914] Free of addr fff00000c6550000 by task kunit_try_catch/249
[   28.974955] 
[   28.975009] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   28.975146] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.975228] Hardware name: linux,dummy-virt (DT)
[   28.975287] Call trace:
[   28.975355]  show_stack+0x20/0x38 (C)
[   28.975435]  dump_stack_lvl+0x8c/0xd0
[   28.975520]  print_report+0x118/0x608
[   28.975591]  kasan_report_invalid_free+0xc0/0xe8
[   28.975654]  __kasan_mempool_poison_object+0x14c/0x150
[   28.975707]  mempool_free+0x28c/0x328
[   28.975750]  mempool_double_free_helper+0x150/0x2e8
[   28.975811]  mempool_kmalloc_large_double_free+0xc0/0x118
[   28.975863]  kunit_try_run_case+0x170/0x3f0
[   28.975909]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.976144]  kthread+0x328/0x630
[   28.976231]  ret_from_fork+0x10/0x20
[   28.976353] 
[   28.976451] The buggy address belongs to the physical page:
[   28.976516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106550
[   28.976611] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.976686] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   28.976810] page_type: f8(unknown)
[   28.976878] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   28.976961] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.977010] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   28.977258] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.977359] head: 0bfffe0000000002 ffffc1ffc3195401 00000000ffffffff 00000000ffffffff
[   28.977494] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.977598] page dumped because: kasan: bad access detected
[   28.977669] 
[   28.977834] Memory state around the buggy address:
[   28.977941]  fff00000c654ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.978091]  fff00000c654ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.978350] >fff00000c6550000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.978389]                    ^
[   28.978645]  fff00000c6550080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.978751]  fff00000c6550100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.978835] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VBWOwNE7tln7ibBWNJtNgCdd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VBWOwNE7tln7ibBWNJtNgCdd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/Image.gz
sha256sum	42e36f6e4a060d5f9a1060b857a02a69294fe7d2a27b0731adb370bcbc85f1e6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/modules.tar.xz
sha256sum	890b3fa8e09fb90f169b09d75de24714d8b16adf2b500a29a27124602d4970e9

durations

tests

boot	0
kunit	167.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.822073] ==================================================================
[   23.823207] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   23.824169] Free of addr ffff888102ca4000 by task kunit_try_catch/268
[   23.824399] 
[   23.824491] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   23.824546] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.824559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.824583] Call Trace:
[   23.824599]  <TASK>
[   23.824621]  dump_stack_lvl+0x73/0xb0
[   23.824655]  print_report+0xd1/0x650
[   23.824679]  ? __virt_addr_valid+0x1db/0x2d0
[   23.824706]  ? kasan_addr_to_slab+0x11/0xa0
[   23.824725]  ? mempool_double_free_helper+0x184/0x370
[   23.824748]  kasan_report_invalid_free+0x10a/0x130
[   23.824772]  ? mempool_double_free_helper+0x184/0x370
[   23.824796]  ? mempool_double_free_helper+0x184/0x370
[   23.824818]  __kasan_mempool_poison_pages+0x115/0x130
[   23.824842]  mempool_free+0x290/0x380
[   23.824870]  mempool_double_free_helper+0x184/0x370
[   23.824893]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   23.824917]  ? __kasan_check_write+0x18/0x20
[   23.824939]  ? __pfx_sched_clock_cpu+0x10/0x10
[   23.824961]  ? irqentry_exit+0x2a/0x60
[   23.824982]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.825022]  mempool_page_alloc_double_free+0xe8/0x140
[   23.825048]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   23.825076]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   23.825110]  ? __pfx_mempool_free_pages+0x10/0x10
[   23.825135]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   23.825162]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   23.825188]  kunit_try_run_case+0x1a5/0x480
[   23.825216]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.825271]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.825307]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.825331]  ? __kthread_parkme+0x82/0x180
[   23.825353]  ? preempt_count_sub+0x50/0x80
[   23.825388]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.825411]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.825435]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.825458]  kthread+0x337/0x6f0
[   23.825478]  ? trace_preempt_on+0x20/0xc0
[   23.825502]  ? __pfx_kthread+0x10/0x10
[   23.825531]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.825554]  ? calculate_sigpending+0x7b/0xa0
[   23.825578]  ? __pfx_kthread+0x10/0x10
[   23.825612]  ret_from_fork+0x116/0x1d0
[   23.825633]  ? __pfx_kthread+0x10/0x10
[   23.825654]  ret_from_fork_asm+0x1a/0x30
[   23.825687]  </TASK>
[   23.825699] 
[   23.842431] The buggy address belongs to the physical page:
[   23.842639] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca4
[   23.843234] flags: 0x200000000000000(node=0|zone=2)
[   23.843709] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   23.844485] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.845292] page dumped because: kasan: bad access detected
[   23.845742] 
[   23.845948] Memory state around the buggy address:
[   23.846521]  ffff888102ca3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.847038]  ffff888102ca3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.847266] >ffff888102ca4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.847477]                    ^
[   23.847589]  ffff888102ca4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.847823]  ffff888102ca4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.848261] ==================================================================
[   23.798949] ==================================================================
[   23.799451] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   23.799772] Free of addr ffff888102bd8000 by task kunit_try_catch/266
[   23.800038] 
[   23.800185] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   23.800250] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.800263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.800287] Call Trace:
[   23.800303]  <TASK>
[   23.800326]  dump_stack_lvl+0x73/0xb0
[   23.800360]  print_report+0xd1/0x650
[   23.800383]  ? __virt_addr_valid+0x1db/0x2d0
[   23.800414]  ? kasan_addr_to_slab+0x11/0xa0
[   23.800435]  ? mempool_double_free_helper+0x184/0x370
[   23.800459]  kasan_report_invalid_free+0x10a/0x130
[   23.800515]  ? mempool_double_free_helper+0x184/0x370
[   23.800541]  ? mempool_double_free_helper+0x184/0x370
[   23.800563]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   23.800586]  mempool_free+0x2ec/0x380
[   23.800614]  mempool_double_free_helper+0x184/0x370
[   23.800638]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   23.800662]  ? __kasan_check_write+0x18/0x20
[   23.800686]  ? __pfx_sched_clock_cpu+0x10/0x10
[   23.800709]  ? finish_task_switch.isra.0+0x153/0x700
[   23.800737]  mempool_kmalloc_large_double_free+0xed/0x140
[   23.800762]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   23.800791]  ? __pfx_mempool_kmalloc+0x10/0x10
[   23.800815]  ? __pfx_mempool_kfree+0x10/0x10
[   23.800839]  ? __pfx_read_tsc+0x10/0x10
[   23.800863]  ? ktime_get_ts64+0x86/0x230
[   23.800887]  kunit_try_run_case+0x1a5/0x480
[   23.800916]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.800961]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.800988]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.801013]  ? __kthread_parkme+0x82/0x180
[   23.801035]  ? preempt_count_sub+0x50/0x80
[   23.801058]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.801083]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.801106]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.801142]  kthread+0x337/0x6f0
[   23.801162]  ? trace_preempt_on+0x20/0xc0
[   23.801188]  ? __pfx_kthread+0x10/0x10
[   23.801208]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.801241]  ? calculate_sigpending+0x7b/0xa0
[   23.801266]  ? __pfx_kthread+0x10/0x10
[   23.801287]  ret_from_fork+0x116/0x1d0
[   23.801306]  ? __pfx_kthread+0x10/0x10
[   23.801326]  ret_from_fork_asm+0x1a/0x30
[   23.801359]  </TASK>
[   23.801371] 
[   23.811248] The buggy address belongs to the physical page:
[   23.811530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bd8
[   23.811991] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.812310] flags: 0x200000000000040(head|node=0|zone=2)
[   23.812491] page_type: f8(unknown)
[   23.812614] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.812992] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.813685] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.814229] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.814481] head: 0200000000000002 ffffea00040af601 00000000ffffffff 00000000ffffffff
[   23.814927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.815670] page dumped because: kasan: bad access detected
[   23.816034] 
[   23.816169] Memory state around the buggy address:
[   23.816358]  ffff888102bd7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.816714]  ffff888102bd7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.817124] >ffff888102bd8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.817518]                    ^
[   23.817693]  ffff888102bd8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.817987]  ffff888102bd8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.818374] ==================================================================
[   23.770282] ==================================================================
[   23.770743] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   23.771112] Free of addr ffff888102d56a00 by task kunit_try_catch/264
[   23.771410] 
[   23.771505] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   23.771557] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.771571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.771594] Call Trace:
[   23.771608]  <TASK>
[   23.771628]  dump_stack_lvl+0x73/0xb0
[   23.771658]  print_report+0xd1/0x650
[   23.771681]  ? __virt_addr_valid+0x1db/0x2d0
[   23.771706]  ? kasan_complete_mode_report_info+0x64/0x200
[   23.771731]  ? mempool_double_free_helper+0x184/0x370
[   23.771754]  kasan_report_invalid_free+0x10a/0x130
[   23.771777]  ? mempool_double_free_helper+0x184/0x370
[   23.771801]  ? mempool_double_free_helper+0x184/0x370
[   23.771823]  ? mempool_double_free_helper+0x184/0x370
[   23.771844]  check_slab_allocation+0x101/0x130
[   23.771865]  __kasan_mempool_poison_object+0x91/0x1d0
[   23.771889]  mempool_free+0x2ec/0x380
[   23.771916]  mempool_double_free_helper+0x184/0x370
[   23.771986]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   23.772027]  ? __kasan_check_write+0x18/0x20
[   23.772050]  ? __pfx_sched_clock_cpu+0x10/0x10
[   23.772072]  ? finish_task_switch.isra.0+0x153/0x700
[   23.772098]  mempool_kmalloc_double_free+0xed/0x140
[   23.772120]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   23.772145]  ? __pfx_mempool_kmalloc+0x10/0x10
[   23.772167]  ? __pfx_mempool_kfree+0x10/0x10
[   23.772190]  ? __pfx_read_tsc+0x10/0x10
[   23.772212]  ? ktime_get_ts64+0x86/0x230
[   23.772246]  kunit_try_run_case+0x1a5/0x480
[   23.772272]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.772295]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.772322]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.772347]  ? __kthread_parkme+0x82/0x180
[   23.772368]  ? preempt_count_sub+0x50/0x80
[   23.772390]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.772414]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.772438]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.772462]  kthread+0x337/0x6f0
[   23.772481]  ? trace_preempt_on+0x20/0xc0
[   23.772504]  ? __pfx_kthread+0x10/0x10
[   23.772524]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.772547]  ? calculate_sigpending+0x7b/0xa0
[   23.772571]  ? __pfx_kthread+0x10/0x10
[   23.772592]  ret_from_fork+0x116/0x1d0
[   23.772611]  ? __pfx_kthread+0x10/0x10
[   23.772631]  ret_from_fork_asm+0x1a/0x30
[   23.772662]  </TASK>
[   23.772674] 
[   23.781920] Allocated by task 264:
[   23.782124]  kasan_save_stack+0x45/0x70
[   23.782302]  kasan_save_track+0x18/0x40
[   23.782491]  kasan_save_alloc_info+0x3b/0x50
[   23.782666]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   23.782878]  remove_element+0x11e/0x190
[   23.783080]  mempool_alloc_preallocated+0x4d/0x90
[   23.783360]  mempool_double_free_helper+0x8a/0x370
[   23.783547]  mempool_kmalloc_double_free+0xed/0x140
[   23.783833]  kunit_try_run_case+0x1a5/0x480
[   23.784000]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.784258]  kthread+0x337/0x6f0
[   23.784418]  ret_from_fork+0x116/0x1d0
[   23.784601]  ret_from_fork_asm+0x1a/0x30
[   23.784949] 
[   23.785091] Freed by task 264:
[   23.785240]  kasan_save_stack+0x45/0x70
[   23.785433]  kasan_save_track+0x18/0x40
[   23.785593]  kasan_save_free_info+0x3f/0x60
[   23.785875]  __kasan_mempool_poison_object+0x131/0x1d0
[   23.786113]  mempool_free+0x2ec/0x380
[   23.786281]  mempool_double_free_helper+0x109/0x370
[   23.786474]  mempool_kmalloc_double_free+0xed/0x140
[   23.786699]  kunit_try_run_case+0x1a5/0x480
[   23.786971]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.787226]  kthread+0x337/0x6f0
[   23.787343]  ret_from_fork+0x116/0x1d0
[   23.787469]  ret_from_fork_asm+0x1a/0x30
[   23.787600] 
[   23.787665] The buggy address belongs to the object at ffff888102d56a00
[   23.787665]  which belongs to the cache kmalloc-128 of size 128
[   23.788252] The buggy address is located 0 bytes inside of
[   23.788252]  128-byte region [ffff888102d56a00, ffff888102d56a80)
[   23.788756] 
[   23.788852] The buggy address belongs to the physical page:
[   23.789108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56
[   23.789688] flags: 0x200000000000000(node=0|zone=2)
[   23.789988] page_type: f5(slab)
[   23.790179] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   23.790539] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.790977] page dumped because: kasan: bad access detected
[   23.791272] 
[   23.791365] Memory state around the buggy address:
[   23.791594]  ffff888102d56900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.791986]  ffff888102d56980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.792310] >ffff888102d56a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.792540]                    ^
[   23.792701]  ffff888102d56a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.793283]  ffff888102d56b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.793503] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VCWzEgPcUDHhhw0N7L6OuTsi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VCWzEgPcUDHhhw0N7L6OuTsi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/bzImage
sha256sum	af9e113be0609efaece1c192f6aceee5e71a8c7326695ad181171f155187f3ab

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/modules.tar.xz
sha256sum	eb3bf6ab4822a4ffbb4c6a0a8f2b0db2418a278c2192667f80b6a1aac6efaa14

durations

tests

boot	0
kunit	146.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit