lkft/linux-next-master - next-20250710 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 10, 2025, 9:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   31.630504] ==================================================================
[   31.630564] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   31.630617] Free of addr fff00000c9b8c000 by task kunit_try_catch/268
[   31.630660] 
[   31.630692] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   31.633909] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.633941] Hardware name: linux,dummy-virt (DT)
[   31.634532] Call trace:
[   31.634562]  show_stack+0x20/0x38 (C)
[   31.634786]  dump_stack_lvl+0x8c/0xd0
[   31.635238]  print_report+0x118/0x5d0
[   31.635296]  kasan_report_invalid_free+0xc0/0xe8
[   31.635345]  __kasan_mempool_poison_object+0x14c/0x150
[   31.635399]  mempool_free+0x28c/0x328
[   31.635448]  mempool_double_free_helper+0x150/0x2e8
[   31.635506]  mempool_kmalloc_large_double_free+0xc0/0x118
[   31.635559]  kunit_try_run_case+0x170/0x3f0
[   31.635607]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.635661]  kthread+0x328/0x630
[   31.635701]  ret_from_fork+0x10/0x20
[   31.635749] 
[   31.635772] The buggy address belongs to the physical page:
[   31.635805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b8c
[   31.635860] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.635909] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.635963] page_type: f8(unknown)
[   31.636004] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.636056] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.636106] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.636167] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.636218] head: 0bfffe0000000002 ffffc1ffc326e301 00000000ffffffff 00000000ffffffff
[   31.636308] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.636350] page dumped because: kasan: bad access detected
[   31.636383] 
[   31.636442] Memory state around the buggy address:
[   31.636547]  fff00000c9b8bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.636593]  fff00000c9b8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.636674] >fff00000c9b8c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.636856]                    ^
[   31.636923]  fff00000c9b8c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.636972]  fff00000c9b8c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.637012] ==================================================================
[   31.651355] ==================================================================
[   31.651546] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   31.651671] Free of addr fff00000c9b8c000 by task kunit_try_catch/270
[   31.651994] 
[   31.652046] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   31.652295] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.652404] Hardware name: linux,dummy-virt (DT)
[   31.652606] Call trace:
[   31.652655]  show_stack+0x20/0x38 (C)
[   31.652923]  dump_stack_lvl+0x8c/0xd0
[   31.653049]  print_report+0x118/0x5d0
[   31.653422]  kasan_report_invalid_free+0xc0/0xe8
[   31.653661]  __kasan_mempool_poison_pages+0xe0/0xe8
[   31.653725]  mempool_free+0x24c/0x328
[   31.653779]  mempool_double_free_helper+0x150/0x2e8
[   31.653855]  mempool_page_alloc_double_free+0xbc/0x118
[   31.653908]  kunit_try_run_case+0x170/0x3f0
[   31.653976]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.654503]  kthread+0x328/0x630
[   31.654737]  ret_from_fork+0x10/0x20
[   31.654829] 
[   31.654850] The buggy address belongs to the physical page:
[   31.655180] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b8c
[   31.655260] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.655591] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   31.655666] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.655710] page dumped because: kasan: bad access detected
[   31.655742] 
[   31.655761] Memory state around the buggy address:
[   31.655808]  fff00000c9b8bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.655857]  fff00000c9b8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.655901] >fff00000c9b8c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.656216]                    ^
[   31.656260]  fff00000c9b8c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.656306]  fff00000c9b8c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.656356] ==================================================================
[   31.615828] ==================================================================
[   31.615950] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   31.616039] Free of addr fff00000c9bc2000 by task kunit_try_catch/266
[   31.618196] 
[   31.618232] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   31.618320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.618346] Hardware name: linux,dummy-virt (DT)
[   31.618378] Call trace:
[   31.618399]  show_stack+0x20/0x38 (C)
[   31.618451]  dump_stack_lvl+0x8c/0xd0
[   31.618495]  print_report+0x118/0x5d0
[   31.618539]  kasan_report_invalid_free+0xc0/0xe8
[   31.618585]  check_slab_allocation+0xd4/0x108
[   31.618634]  __kasan_mempool_poison_object+0x78/0x150
[   31.618687]  mempool_free+0x28c/0x328
[   31.618740]  mempool_double_free_helper+0x150/0x2e8
[   31.618790]  mempool_kmalloc_double_free+0xc0/0x118
[   31.618839]  kunit_try_run_case+0x170/0x3f0
[   31.618889]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.618943]  kthread+0x328/0x630
[   31.618984]  ret_from_fork+0x10/0x20
[   31.619029] 
[   31.619047] Allocated by task 266:
[   31.619076]  kasan_save_stack+0x3c/0x68
[   31.619116]  kasan_save_track+0x20/0x40
[   31.619200]  kasan_save_alloc_info+0x40/0x58
[   31.619279]  __kasan_mempool_unpoison_object+0x11c/0x180
[   31.619325]  remove_element+0x130/0x1f8
[   31.619483]  mempool_alloc_preallocated+0x58/0xc0
[   31.619528]  mempool_double_free_helper+0x94/0x2e8
[   31.619568]  mempool_kmalloc_double_free+0xc0/0x118
[   31.619609]  kunit_try_run_case+0x170/0x3f0
[   31.619858]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.622194]  kthread+0x328/0x630
[   31.622228]  ret_from_fork+0x10/0x20
[   31.622263] 
[   31.622282] Freed by task 266:
[   31.622312]  kasan_save_stack+0x3c/0x68
[   31.622352]  kasan_save_track+0x20/0x40
[   31.622388]  kasan_save_free_info+0x4c/0x78
[   31.622425]  __kasan_mempool_poison_object+0xc0/0x150
[   31.622466]  mempool_free+0x28c/0x328
[   31.622502]  mempool_double_free_helper+0x100/0x2e8
[   31.622543]  mempool_kmalloc_double_free+0xc0/0x118
[   31.622582]  kunit_try_run_case+0x170/0x3f0
[   31.622621]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.622665]  kthread+0x328/0x630
[   31.622703]  ret_from_fork+0x10/0x20
[   31.622739] 
[   31.622757] The buggy address belongs to the object at fff00000c9bc2000
[   31.622757]  which belongs to the cache kmalloc-128 of size 128
[   31.622817] The buggy address is located 0 bytes inside of
[   31.622817]  128-byte region [fff00000c9bc2000, fff00000c9bc2080)
[   31.622879] 
[   31.622899] The buggy address belongs to the physical page:
[   31.622930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2
[   31.622983] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.623033] page_type: f5(slab)
[   31.623069] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   31.623120] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.623173] page dumped because: kasan: bad access detected
[   31.623205] 
[   31.623222] Memory state around the buggy address:
[   31.623254]  fff00000c9bc1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.623297]  fff00000c9bc1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.623341] >fff00000c9bc2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.623382]                    ^
[   31.623410]  fff00000c9bc2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.623453]  fff00000c9bc2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.623492] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2bsAOkg3wb79cd8Vo2Ft0I1T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2bsAOkg3wb79cd8Vo2Ft0I1T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/Image.gz
sha256sum	3f8bc09ed9f9b9b07dd9347c2471900b9e11e4d06f46c1535963c2786d616931

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/modules.tar.xz
sha256sum	18d47f695b0cc0ec439f0c595d58fd07556cd744245e3297b23baf9d55fb3bf2

durations

tests

boot	0
kunit	167.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   26.810771] ==================================================================
[   26.812233] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.813369] Free of addr ffff8881060f4000 by task kunit_try_catch/285
[   26.814049] 
[   26.814347] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   26.814406] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.814420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.814444] Call Trace:
[   26.814459]  <TASK>
[   26.814479]  dump_stack_lvl+0x73/0xb0
[   26.814510]  print_report+0xd1/0x610
[   26.814534]  ? __virt_addr_valid+0x1db/0x2d0
[   26.814559]  ? kasan_addr_to_slab+0x11/0xa0
[   26.814581]  ? mempool_double_free_helper+0x184/0x370
[   26.814606]  kasan_report_invalid_free+0x10a/0x130
[   26.814630]  ? mempool_double_free_helper+0x184/0x370
[   26.814657]  ? mempool_double_free_helper+0x184/0x370
[   26.814680]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   26.814716]  mempool_free+0x2ec/0x380
[   26.814745]  mempool_double_free_helper+0x184/0x370
[   26.814770]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.814796]  ? __kasan_check_write+0x18/0x20
[   26.814821]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.814843]  ? finish_task_switch.isra.0+0x153/0x700
[   26.814869]  mempool_kmalloc_large_double_free+0xed/0x140
[   26.814893]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   26.814920]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.814942]  ? __pfx_mempool_kfree+0x10/0x10
[   26.814980]  ? __pfx_read_tsc+0x10/0x10
[   26.815002]  ? ktime_get_ts64+0x86/0x230
[   26.815028]  kunit_try_run_case+0x1a5/0x480
[   26.815059]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.815080]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.815104]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.815128]  ? __kthread_parkme+0x82/0x180
[   26.815148]  ? preempt_count_sub+0x50/0x80
[   26.815172]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.815194]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.815219]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.815245]  kthread+0x337/0x6f0
[   26.815265]  ? trace_preempt_on+0x20/0xc0
[   26.815288]  ? __pfx_kthread+0x10/0x10
[   26.815309]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.815331]  ? calculate_sigpending+0x7b/0xa0
[   26.815355]  ? __pfx_kthread+0x10/0x10
[   26.815377]  ret_from_fork+0x116/0x1d0
[   26.815396]  ? __pfx_kthread+0x10/0x10
[   26.815418]  ret_from_fork_asm+0x1a/0x30
[   26.815449]  </TASK>
[   26.815460] 
[   26.829068] The buggy address belongs to the physical page:
[   26.829260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   26.829645] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.830265] flags: 0x200000000000040(head|node=0|zone=2)
[   26.830597] page_type: f8(unknown)
[   26.830762] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.831235] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.831522] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.832085] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.832475] head: 0200000000000002 ffffea0004183d01 00000000ffffffff 00000000ffffffff
[   26.832973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.833304] page dumped because: kasan: bad access detected
[   26.833535] 
[   26.833619] Memory state around the buggy address:
[   26.833850]  ffff8881060f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.834355]  ffff8881060f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.834668] >ffff8881060f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.835127]                    ^
[   26.835289]  ffff8881060f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.835828]  ffff8881060f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.836286] ==================================================================
[   26.839379] ==================================================================
[   26.840168] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.840411] Free of addr ffff8881060f4000 by task kunit_try_catch/287
[   26.841444] 
[   26.841724] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   26.841781] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.841794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.841818] Call Trace:
[   26.841832]  <TASK>
[   26.841852]  dump_stack_lvl+0x73/0xb0
[   26.841884]  print_report+0xd1/0x610
[   26.841908]  ? __virt_addr_valid+0x1db/0x2d0
[   26.841933]  ? kasan_addr_to_slab+0x11/0xa0
[   26.841953]  ? mempool_double_free_helper+0x184/0x370
[   26.841978]  kasan_report_invalid_free+0x10a/0x130
[   26.842002]  ? mempool_double_free_helper+0x184/0x370
[   26.842028]  ? mempool_double_free_helper+0x184/0x370
[   26.842051]  __kasan_mempool_poison_pages+0x115/0x130
[   26.842075]  mempool_free+0x290/0x380
[   26.842102]  mempool_double_free_helper+0x184/0x370
[   26.842126]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.842153]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.842174]  ? finish_task_switch.isra.0+0x153/0x700
[   26.842199]  mempool_page_alloc_double_free+0xe8/0x140
[   26.842224]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   26.842252]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   26.842277]  ? __pfx_mempool_free_pages+0x10/0x10
[   26.842302]  ? __pfx_read_tsc+0x10/0x10
[   26.842323]  ? ktime_get_ts64+0x86/0x230
[   26.842347]  kunit_try_run_case+0x1a5/0x480
[   26.842371]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.842393]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.842491]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.842518]  ? __kthread_parkme+0x82/0x180
[   26.842560]  ? preempt_count_sub+0x50/0x80
[   26.842602]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.842624]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.842649]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.842674]  kthread+0x337/0x6f0
[   26.842694]  ? trace_preempt_on+0x20/0xc0
[   26.842727]  ? __pfx_kthread+0x10/0x10
[   26.842748]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.842775]  ? calculate_sigpending+0x7b/0xa0
[   26.842799]  ? __pfx_kthread+0x10/0x10
[   26.842820]  ret_from_fork+0x116/0x1d0
[   26.842841]  ? __pfx_kthread+0x10/0x10
[   26.842861]  ret_from_fork_asm+0x1a/0x30
[   26.842893]  </TASK>
[   26.842905] 
[   26.857499] The buggy address belongs to the physical page:
[   26.858040] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   26.858439] flags: 0x200000000000000(node=0|zone=2)
[   26.858992] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   26.859608] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   26.860236] page dumped because: kasan: bad access detected
[   26.860414] 
[   26.860497] Memory state around the buggy address:
[   26.860983]  ffff8881060f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.861720]  ffff8881060f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.862327] >ffff8881060f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.862549]                    ^
[   26.862666]  ffff8881060f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.862959]  ffff8881060f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.863434] ==================================================================
[   26.767856] ==================================================================
[   26.768367] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.769003] Free of addr ffff88810583aa00 by task kunit_try_catch/283
[   26.769690] 
[   26.769877] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   26.770013] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.770027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.770050] Call Trace:
[   26.770064]  <TASK>
[   26.770083]  dump_stack_lvl+0x73/0xb0
[   26.770113]  print_report+0xd1/0x610
[   26.770137]  ? __virt_addr_valid+0x1db/0x2d0
[   26.770163]  ? kasan_complete_mode_report_info+0x64/0x200
[   26.770189]  ? mempool_double_free_helper+0x184/0x370
[   26.770214]  kasan_report_invalid_free+0x10a/0x130
[   26.770238]  ? mempool_double_free_helper+0x184/0x370
[   26.770264]  ? mempool_double_free_helper+0x184/0x370
[   26.770286]  ? mempool_double_free_helper+0x184/0x370
[   26.770309]  check_slab_allocation+0x101/0x130
[   26.770331]  __kasan_mempool_poison_object+0x91/0x1d0
[   26.770355]  mempool_free+0x2ec/0x380
[   26.770382]  mempool_double_free_helper+0x184/0x370
[   26.770407]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.770431]  ? __call_rcu_common.constprop.0+0x455/0x9e0
[   26.770456]  ? __pfx_task_dead_fair+0x10/0x10
[   26.770508]  mempool_kmalloc_double_free+0xed/0x140
[   26.770532]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   26.770558]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.770580]  ? __pfx_mempool_kfree+0x10/0x10
[   26.770605]  ? __pfx_read_tsc+0x10/0x10
[   26.770627]  ? ktime_get_ts64+0x86/0x230
[   26.770652]  kunit_try_run_case+0x1a5/0x480
[   26.770674]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.770695]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.770726]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.770750]  ? __kthread_parkme+0x82/0x180
[   26.770772]  ? preempt_count_sub+0x50/0x80
[   26.770795]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.770817]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.770842]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.770868]  kthread+0x337/0x6f0
[   26.770887]  ? trace_preempt_on+0x20/0xc0
[   26.770909]  ? __pfx_kthread+0x10/0x10
[   26.770930]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.770951]  ? calculate_sigpending+0x7b/0xa0
[   26.770976]  ? __pfx_kthread+0x10/0x10
[   26.770998]  ret_from_fork+0x116/0x1d0
[   26.771017]  ? __pfx_kthread+0x10/0x10
[   26.771038]  ret_from_fork_asm+0x1a/0x30
[   26.771069]  </TASK>
[   26.771081] 
[   26.785716] Allocated by task 283:
[   26.785853]  kasan_save_stack+0x45/0x70
[   26.786000]  kasan_save_track+0x18/0x40
[   26.786130]  kasan_save_alloc_info+0x3b/0x50
[   26.786275]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   26.786443]  remove_element+0x11e/0x190
[   26.786976]  mempool_alloc_preallocated+0x4d/0x90
[   26.787414]  mempool_double_free_helper+0x8a/0x370
[   26.787948]  mempool_kmalloc_double_free+0xed/0x140
[   26.788501]  kunit_try_run_case+0x1a5/0x480
[   26.788909]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.789398]  kthread+0x337/0x6f0
[   26.789761]  ret_from_fork+0x116/0x1d0
[   26.790122]  ret_from_fork_asm+0x1a/0x30
[   26.790523] 
[   26.790723] Freed by task 283:
[   26.791034]  kasan_save_stack+0x45/0x70
[   26.791330]  kasan_save_track+0x18/0x40
[   26.791462]  kasan_save_free_info+0x3f/0x60
[   26.791918]  __kasan_mempool_poison_object+0x131/0x1d0
[   26.792391]  mempool_free+0x2ec/0x380
[   26.792757]  mempool_double_free_helper+0x109/0x370
[   26.792922]  mempool_kmalloc_double_free+0xed/0x140
[   26.793081]  kunit_try_run_case+0x1a5/0x480
[   26.793221]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.793394]  kthread+0x337/0x6f0
[   26.793510]  ret_from_fork+0x116/0x1d0
[   26.793641]  ret_from_fork_asm+0x1a/0x30
[   26.793792] 
[   26.793860] The buggy address belongs to the object at ffff88810583aa00
[   26.793860]  which belongs to the cache kmalloc-128 of size 128
[   26.794222] The buggy address is located 0 bytes inside of
[   26.794222]  128-byte region [ffff88810583aa00, ffff88810583aa80)
[   26.794903] 
[   26.795565] The buggy address belongs to the physical page:
[   26.796064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a
[   26.796897] flags: 0x200000000000000(node=0|zone=2)
[   26.797600] page_type: f5(slab)
[   26.798067] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.799195] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.800231] page dumped because: kasan: bad access detected
[   26.801080] 
[   26.801396] Memory state around the buggy address:
[   26.802052]  ffff88810583a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.802937]  ffff88810583a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.803925] >ffff88810583aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.804480]                    ^
[   26.805078]  ffff88810583aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.805434]  ffff88810583ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.806292] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2chsWj6P6g4Yh42ScAolxoFf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2chsWj6P6g4Yh42ScAolxoFf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/bzImage
sha256sum	eb7410b0b69b19788d5882352e576aee30487b33703b12e52517fe201bd88014

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/modules.tar.xz
sha256sum	c3a441bb14076463ddc241205f7bbeb2eae739a3ece169faa37e10094e3dfd2b

durations

tests

boot	0
kunit	225.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit