lkft/linux-next-master - next-20250714 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 14, 2025, 10:38 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   53.443481] ==================================================================
[   53.453398] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   53.460514] Free of addr ffff000801e64400 by task kunit_try_catch/319
[   53.466937] 
[   53.468424] CPU: 6 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   53.468483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   53.468502] Hardware name: WinLink E850-96 board (DT)
[   53.468523] Call trace:
[   53.468539]  show_stack+0x20/0x38 (C)
[   53.468577]  dump_stack_lvl+0x8c/0xd0
[   53.468612]  print_report+0x118/0x5d0
[   53.468641]  kasan_report_invalid_free+0xc0/0xe8
[   53.468673]  check_slab_allocation+0xd4/0x108
[   53.468713]  __kasan_mempool_poison_object+0x78/0x150
[   53.468753]  mempool_free+0x28c/0x328
[   53.468785]  mempool_double_free_helper+0x150/0x2e8
[   53.468824]  mempool_kmalloc_double_free+0xc0/0x118
[   53.468858]  kunit_try_run_case+0x170/0x3f0
[   53.468897]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.468930]  kthread+0x328/0x630
[   53.468959]  ret_from_fork+0x10/0x20
[   53.468994] 
[   53.547319] Allocated by task 319:
[   53.550707]  kasan_save_stack+0x3c/0x68
[   53.554522]  kasan_save_track+0x20/0x40
[   53.558341]  kasan_save_alloc_info+0x40/0x58
[   53.562595]  __kasan_mempool_unpoison_object+0x11c/0x180
[   53.567890]  remove_element+0x130/0x1f8
[   53.571709]  mempool_alloc_preallocated+0x58/0xc0
[   53.576398]  mempool_double_free_helper+0x94/0x2e8
[   53.581171]  mempool_kmalloc_double_free+0xc0/0x118
[   53.586032]  kunit_try_run_case+0x170/0x3f0
[   53.590199]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.595667]  kthread+0x328/0x630
[   53.598879]  ret_from_fork+0x10/0x20
[   53.602438] 
[   53.603915] Freed by task 319:
[   53.606953]  kasan_save_stack+0x3c/0x68
[   53.610771]  kasan_save_track+0x20/0x40
[   53.614592]  kasan_save_free_info+0x4c/0x78
[   53.618757]  __kasan_mempool_poison_object+0xc0/0x150
[   53.623792]  mempool_free+0x28c/0x328
[   53.627438]  mempool_double_free_helper+0x100/0x2e8
[   53.632299]  mempool_kmalloc_double_free+0xc0/0x118
[   53.637160]  kunit_try_run_case+0x170/0x3f0
[   53.641326]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.646795]  kthread+0x328/0x630
[   53.650008]  ret_from_fork+0x10/0x20
[   53.653566] 
[   53.655043] The buggy address belongs to the object at ffff000801e64400
[   53.655043]  which belongs to the cache kmalloc-128 of size 128
[   53.667544] The buggy address is located 0 bytes inside of
[   53.667544]  128-byte region [ffff000801e64400, ffff000801e64480)
[   53.679086] 
[   53.680566] The buggy address belongs to the physical page:
[   53.686123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881e64
[   53.694105] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   53.701746] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   53.708688] page_type: f5(slab)
[   53.711825] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   53.719544] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   53.727270] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   53.735081] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   53.742894] head: 0bfffe0000000001 fffffdffe0079901 00000000ffffffff 00000000ffffffff
[   53.750706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   53.758514] page dumped because: kasan: bad access detected
[   53.764068] 
[   53.765544] Memory state around the buggy address:
[   53.770326]  ffff000801e64300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.777526]  ffff000801e64380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.784732] >ffff000801e64400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.791932]                    ^
[   53.795147]  ffff000801e64480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.802352]  ffff000801e64500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.809555] ==================================================================
[   54.056920] ==================================================================
[   54.067715] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   54.074827] Free of addr ffff000808920000 by task kunit_try_catch/323
[   54.081252] 
[   54.082738] CPU: 4 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   54.082794] Tainted: [B]=BAD_PAGE, [N]=TEST
[   54.082812] Hardware name: WinLink E850-96 board (DT)
[   54.082833] Call trace:
[   54.082846]  show_stack+0x20/0x38 (C)
[   54.082880]  dump_stack_lvl+0x8c/0xd0
[   54.082914]  print_report+0x118/0x5d0
[   54.082942]  kasan_report_invalid_free+0xc0/0xe8
[   54.082973]  __kasan_mempool_poison_pages+0xe0/0xe8
[   54.083014]  mempool_free+0x24c/0x328
[   54.083047]  mempool_double_free_helper+0x150/0x2e8
[   54.083084]  mempool_page_alloc_double_free+0xbc/0x118
[   54.083124]  kunit_try_run_case+0x170/0x3f0
[   54.083160]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   54.083193]  kthread+0x328/0x630
[   54.083223]  ret_from_fork+0x10/0x20
[   54.083258] 
[   54.157381] The buggy address belongs to the physical page:
[   54.162938] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x888920
[   54.170922] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   54.177443] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   54.185162] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   54.192881] page dumped because: kasan: bad access detected
[   54.198436] 
[   54.199911] Memory state around the buggy address:
[   54.204692]  ffff00080891ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.211895]  ffff00080891ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.219100] >ffff000808920000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.226300]                    ^
[   54.229515]  ffff000808920080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.236720]  ffff000808920100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.243923] ==================================================================
[   53.818641] ==================================================================
[   53.828653] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   53.835770] Free of addr ffff000805f94000 by task kunit_try_catch/321
[   53.842194] 
[   53.843678] CPU: 5 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   53.843730] Tainted: [B]=BAD_PAGE, [N]=TEST
[   53.843750] Hardware name: WinLink E850-96 board (DT)
[   53.843772] Call trace:
[   53.843785]  show_stack+0x20/0x38 (C)
[   53.843821]  dump_stack_lvl+0x8c/0xd0
[   53.843854]  print_report+0x118/0x5d0
[   53.843882]  kasan_report_invalid_free+0xc0/0xe8
[   53.843913]  __kasan_mempool_poison_object+0x14c/0x150
[   53.843953]  mempool_free+0x28c/0x328
[   53.843985]  mempool_double_free_helper+0x150/0x2e8
[   53.844022]  mempool_kmalloc_large_double_free+0xc0/0x118
[   53.844059]  kunit_try_run_case+0x170/0x3f0
[   53.844100]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.844132]  kthread+0x328/0x630
[   53.844160]  ret_from_fork+0x10/0x20
[   53.844195] 
[   53.918842] The buggy address belongs to the physical page:
[   53.924400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885f94
[   53.932383] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   53.940022] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   53.946966] page_type: f8(unknown)
[   53.950363] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   53.958082] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   53.965810] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   53.973618] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   53.981433] head: 0bfffe0000000002 fffffdffe017e501 00000000ffffffff 00000000ffffffff
[   53.989245] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   53.997052] page dumped because: kasan: bad access detected
[   54.002605] 
[   54.004081] Memory state around the buggy address:
[   54.008861]  ffff000805f93f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.016064]  ffff000805f93f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.023270] >ffff000805f94000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.030470]                    ^
[   54.033685]  ffff000805f94080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.040890]  ffff000805f94100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.048093] ==================================================================

Metadata Full log Test run details

[   31.798164] ==================================================================
[   31.798271] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   31.798418] Free of addr fff00000c9c04000 by task kunit_try_catch/268
[   31.798486] 
[   31.798543] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   31.798783] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.798816] Hardware name: linux,dummy-virt (DT)
[   31.798847] Call trace:
[   31.798877]  show_stack+0x20/0x38 (C)
[   31.799146]  dump_stack_lvl+0x8c/0xd0
[   31.799354]  print_report+0x118/0x5d0
[   31.799655]  kasan_report_invalid_free+0xc0/0xe8
[   31.799727]  __kasan_mempool_poison_object+0x14c/0x150
[   31.799780]  mempool_free+0x28c/0x328
[   31.799879]  mempool_double_free_helper+0x150/0x2e8
[   31.799966]  mempool_kmalloc_large_double_free+0xc0/0x118
[   31.800020]  kunit_try_run_case+0x170/0x3f0
[   31.800157]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.800238]  kthread+0x328/0x630
[   31.800699]  ret_from_fork+0x10/0x20
[   31.800811] 
[   31.801277] The buggy address belongs to the physical page:
[   31.801351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c04
[   31.801431] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.801489] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.801806] page_type: f8(unknown)
[   31.801960] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.802704] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.802776] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.802853] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.802937] head: 0bfffe0000000002 ffffc1ffc3270101 00000000ffffffff 00000000ffffffff
[   31.803255] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.803372] page dumped because: kasan: bad access detected
[   31.803487] 
[   31.803541] Memory state around the buggy address:
[   31.803622]  fff00000c9c03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.803788]  fff00000c9c03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.803867] >fff00000c9c04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.804160]                    ^
[   31.804263]  fff00000c9c04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.804336]  fff00000c9c04100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.804428] ==================================================================
[   31.817115] ==================================================================
[   31.817181] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   31.817245] Free of addr fff00000c9c04000 by task kunit_try_catch/270
[   31.817288] 
[   31.817756] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   31.817900] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.818068] Hardware name: linux,dummy-virt (DT)
[   31.818159] Call trace:
[   31.818205]  show_stack+0x20/0x38 (C)
[   31.818280]  dump_stack_lvl+0x8c/0xd0
[   31.818665]  print_report+0x118/0x5d0
[   31.818786]  kasan_report_invalid_free+0xc0/0xe8
[   31.818872]  __kasan_mempool_poison_pages+0xe0/0xe8
[   31.819011]  mempool_free+0x24c/0x328
[   31.819110]  mempool_double_free_helper+0x150/0x2e8
[   31.819472]  mempool_page_alloc_double_free+0xbc/0x118
[   31.819605]  kunit_try_run_case+0x170/0x3f0
[   31.819930]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.820098]  kthread+0x328/0x630
[   31.820268]  ret_from_fork+0x10/0x20
[   31.820347] 
[   31.820409] The buggy address belongs to the physical page:
[   31.820527] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c04
[   31.820598] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.820673] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   31.821032] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.821165] page dumped because: kasan: bad access detected
[   31.821302] 
[   31.821355] Memory state around the buggy address:
[   31.821432]  fff00000c9c03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.821580]  fff00000c9c03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.821633] >fff00000c9c04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.822099]                    ^
[   31.822231]  fff00000c9c04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.822352]  fff00000c9c04100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.822477] ==================================================================
[   31.775992] ==================================================================
[   31.776540] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   31.776872] Free of addr fff00000c85fc600 by task kunit_try_catch/266
[   31.777226] 
[   31.777269] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   31.777659] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.777700] Hardware name: linux,dummy-virt (DT)
[   31.777769] Call trace:
[   31.778119]  show_stack+0x20/0x38 (C)
[   31.778526]  dump_stack_lvl+0x8c/0xd0
[   31.778665]  print_report+0x118/0x5d0
[   31.778744]  kasan_report_invalid_free+0xc0/0xe8
[   31.779119]  check_slab_allocation+0xd4/0x108
[   31.779273]  __kasan_mempool_poison_object+0x78/0x150
[   31.779329]  mempool_free+0x28c/0x328
[   31.779680]  mempool_double_free_helper+0x150/0x2e8
[   31.779763]  mempool_kmalloc_double_free+0xc0/0x118
[   31.779848]  kunit_try_run_case+0x170/0x3f0
[   31.780247]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.780415]  kthread+0x328/0x630
[   31.780494]  ret_from_fork+0x10/0x20
[   31.780562] 
[   31.780580] Allocated by task 266:
[   31.780887]  kasan_save_stack+0x3c/0x68
[   31.780982]  kasan_save_track+0x20/0x40
[   31.781141]  kasan_save_alloc_info+0x40/0x58
[   31.781220]  __kasan_mempool_unpoison_object+0x11c/0x180
[   31.781519]  remove_element+0x130/0x1f8
[   31.781742]  mempool_alloc_preallocated+0x58/0xc0
[   31.781803]  mempool_double_free_helper+0x94/0x2e8
[   31.782031]  mempool_kmalloc_double_free+0xc0/0x118
[   31.782230]  kunit_try_run_case+0x170/0x3f0
[   31.782354]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.782417]  kthread+0x328/0x630
[   31.782733]  ret_from_fork+0x10/0x20
[   31.782808] 
[   31.782857] Freed by task 266:
[   31.783003]  kasan_save_stack+0x3c/0x68
[   31.783089]  kasan_save_track+0x20/0x40
[   31.783351]  kasan_save_free_info+0x4c/0x78
[   31.783566]  __kasan_mempool_poison_object+0xc0/0x150
[   31.783690]  mempool_free+0x28c/0x328
[   31.783880]  mempool_double_free_helper+0x100/0x2e8
[   31.784072]  mempool_kmalloc_double_free+0xc0/0x118
[   31.784147]  kunit_try_run_case+0x170/0x3f0
[   31.784365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.784598]  kthread+0x328/0x630
[   31.784686]  ret_from_fork+0x10/0x20
[   31.784798] 
[   31.784851] The buggy address belongs to the object at fff00000c85fc600
[   31.784851]  which belongs to the cache kmalloc-128 of size 128
[   31.784972] The buggy address is located 0 bytes inside of
[   31.784972]  128-byte region [fff00000c85fc600, fff00000c85fc680)
[   31.785097] 
[   31.785148] The buggy address belongs to the physical page:
[   31.785180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc
[   31.785246] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.785294] page_type: f5(slab)
[   31.785335] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   31.785394] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.785434] page dumped because: kasan: bad access detected
[   31.785465] 
[   31.785482] Memory state around the buggy address:
[   31.785520]  fff00000c85fc500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.785578]  fff00000c85fc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.785636] >fff00000c85fc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.785673]                    ^
[   31.785715]  fff00000c85fc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.785758]  fff00000c85fc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.785805] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW4gkgpPvPvyu1JhrLI5SfZ9n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW4gkgpPvPvyu1JhrLI5SfZ9n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/Image.gz
sha256sum	f1b1de68ab66795221ea7af2c885166039edc905709ae2b868dbc429ffb32d0d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/modules.tar.xz
sha256sum	94a5b5b8edfcc1ec8f65ff9d692207a782ba849df77dd9baa05c20bf5972d8f6

durations

tests

boot	0
kunit	174.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   26.010341] ==================================================================
[   26.011912] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.012693] Free of addr ffff8881061b4000 by task kunit_try_catch/286
[   26.013336] 
[   26.013583] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   26.013644] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.013667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.013693] Call Trace:
[   26.013706]  <TASK>
[   26.013727]  dump_stack_lvl+0x73/0xb0
[   26.013777]  print_report+0xd1/0x610
[   26.013835]  ? __virt_addr_valid+0x1db/0x2d0
[   26.013863]  ? kasan_addr_to_slab+0x11/0xa0
[   26.013883]  ? mempool_double_free_helper+0x184/0x370
[   26.013919]  kasan_report_invalid_free+0x10a/0x130
[   26.013943]  ? mempool_double_free_helper+0x184/0x370
[   26.013980]  ? mempool_double_free_helper+0x184/0x370
[   26.014003]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   26.014027]  mempool_free+0x2ec/0x380
[   26.014061]  mempool_double_free_helper+0x184/0x370
[   26.014085]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.014109]  ? dequeue_entities+0x23f/0x1630
[   26.014135]  ? __kasan_check_write+0x18/0x20
[   26.014159]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.014181]  ? finish_task_switch.isra.0+0x153/0x700
[   26.014206]  mempool_kmalloc_large_double_free+0xed/0x140
[   26.014230]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   26.014256]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.014279]  ? __pfx_mempool_kfree+0x10/0x10
[   26.014301]  ? irqentry_exit+0x2a/0x60
[   26.014325]  ? __pfx_read_tsc+0x10/0x10
[   26.014347]  ? ktime_get_ts64+0x86/0x230
[   26.014373]  kunit_try_run_case+0x1a5/0x480
[   26.014396]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   26.014420]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.014442]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.014469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.014490]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.014516]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.014541]  kthread+0x337/0x6f0
[   26.014561]  ? trace_preempt_on+0x20/0xc0
[   26.014585]  ? __pfx_kthread+0x10/0x10
[   26.014605]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.014627]  ? calculate_sigpending+0x7b/0xa0
[   26.014652]  ? __pfx_kthread+0x10/0x10
[   26.014682]  ret_from_fork+0x116/0x1d0
[   26.014701]  ? __pfx_kthread+0x10/0x10
[   26.014722]  ret_from_fork_asm+0x1a/0x30
[   26.014769]  </TASK>
[   26.014780] 
[   26.029284] The buggy address belongs to the physical page:
[   26.029665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b4
[   26.030115] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.030509] flags: 0x200000000000040(head|node=0|zone=2)
[   26.030702] page_type: f8(unknown)
[   26.030861] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.031157] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.031521] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.031832] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.032194] head: 0200000000000002 ffffea0004186d01 00000000ffffffff 00000000ffffffff
[   26.032491] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.032833] page dumped because: kasan: bad access detected
[   26.033096] 
[   26.033178] Memory state around the buggy address:
[   26.033810]  ffff8881061b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.034203]  ffff8881061b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.034510] >ffff8881061b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.034783]                    ^
[   26.034953]  ffff8881061b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.035255]  ffff8881061b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.035567] ==================================================================
[   26.039298] ==================================================================
[   26.039885] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.040245] Free of addr ffff888106144000 by task kunit_try_catch/288
[   26.040542] 
[   26.040682] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   26.040739] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.040753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.040777] Call Trace:
[   26.040790]  <TASK>
[   26.040810]  dump_stack_lvl+0x73/0xb0
[   26.040844]  print_report+0xd1/0x610
[   26.040867]  ? __virt_addr_valid+0x1db/0x2d0
[   26.040894]  ? kasan_addr_to_slab+0x11/0xa0
[   26.040914]  ? mempool_double_free_helper+0x184/0x370
[   26.040938]  kasan_report_invalid_free+0x10a/0x130
[   26.040963]  ? mempool_double_free_helper+0x184/0x370
[   26.040988]  ? mempool_double_free_helper+0x184/0x370
[   26.041023]  __kasan_mempool_poison_pages+0x115/0x130
[   26.041059]  mempool_free+0x290/0x380
[   26.041087]  mempool_double_free_helper+0x184/0x370
[   26.041124]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.041148]  ? update_load_avg+0x1be/0x21b0
[   26.041184]  ? update_curr+0x7d/0x7f0
[   26.041207]  ? finish_task_switch.isra.0+0x153/0x700
[   26.041245]  mempool_page_alloc_double_free+0xe8/0x140
[   26.041271]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   26.041297]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   26.041322]  ? __pfx_mempool_free_pages+0x10/0x10
[   26.041418]  ? __pfx_read_tsc+0x10/0x10
[   26.041443]  ? ktime_get_ts64+0x86/0x230
[   26.041469]  kunit_try_run_case+0x1a5/0x480
[   26.041493]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.041514]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.041538]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.041563]  ? __kthread_parkme+0x82/0x180
[   26.041585]  ? preempt_count_sub+0x50/0x80
[   26.041608]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.041630]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.041666]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.041692]  kthread+0x337/0x6f0
[   26.041712]  ? trace_preempt_on+0x20/0xc0
[   26.041736]  ? __pfx_kthread+0x10/0x10
[   26.041773]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.041794]  ? calculate_sigpending+0x7b/0xa0
[   26.041819]  ? __pfx_kthread+0x10/0x10
[   26.041841]  ret_from_fork+0x116/0x1d0
[   26.041860]  ? __pfx_kthread+0x10/0x10
[   26.041881]  ret_from_fork_asm+0x1a/0x30
[   26.041913]  </TASK>
[   26.041925] 
[   26.052107] The buggy address belongs to the physical page:
[   26.052481] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   26.053018] flags: 0x200000000000000(node=0|zone=2)
[   26.053614] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   26.054004] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   26.054380] page dumped because: kasan: bad access detected
[   26.054724] 
[   26.054866] Memory state around the buggy address:
[   26.055064]  ffff888106143f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.055453]  ffff888106143f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.055751] >ffff888106144000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.056045]                    ^
[   26.056252]  ffff888106144080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.056460]  ffff888106144100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.057002] ==================================================================
[   25.967147] ==================================================================
[   25.967565] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   25.968144] Free of addr ffff888105919a00 by task kunit_try_catch/284
[   25.969477] 
[   25.969596] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   25.969667] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   25.969681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.969706] Call Trace:
[   25.969719]  <TASK>
[   25.969739]  dump_stack_lvl+0x73/0xb0
[   25.969777]  print_report+0xd1/0x610
[   25.969802]  ? __virt_addr_valid+0x1db/0x2d0
[   25.969828]  ? kasan_complete_mode_report_info+0x64/0x200
[   25.969854]  ? mempool_double_free_helper+0x184/0x370
[   25.969878]  kasan_report_invalid_free+0x10a/0x130
[   25.969901]  ? mempool_double_free_helper+0x184/0x370
[   25.969925]  ? mempool_double_free_helper+0x184/0x370
[   25.969947]  ? mempool_double_free_helper+0x184/0x370
[   25.969969]  check_slab_allocation+0x101/0x130
[   25.970141]  __kasan_mempool_poison_object+0x91/0x1d0
[   25.970166]  mempool_free+0x2ec/0x380
[   25.970193]  ? mempool_alloc_preallocated+0x5b/0x90
[   25.970222]  mempool_double_free_helper+0x184/0x370
[   25.970245]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   25.970269]  ? dequeue_entities+0x23f/0x1630
[   25.970295]  ? __kasan_check_write+0x18/0x20
[   25.970318]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.970341]  ? finish_task_switch.isra.0+0x153/0x700
[   25.970369]  mempool_kmalloc_double_free+0xed/0x140
[   25.970392]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   25.970417]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.970441]  ? __pfx_mempool_kfree+0x10/0x10
[   25.970467]  ? __pfx_read_tsc+0x10/0x10
[   25.970493]  ? ktime_get_ts64+0x86/0x230
[   25.970519]  kunit_try_run_case+0x1a5/0x480
[   25.970545]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.970566]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.970591]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.970615]  ? __kthread_parkme+0x82/0x180
[   25.970637]  ? preempt_count_sub+0x50/0x80
[   25.970671]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.970694]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.970719]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.970745]  kthread+0x337/0x6f0
[   25.970765]  ? trace_preempt_on+0x20/0xc0
[   25.970792]  ? __pfx_kthread+0x10/0x10
[   25.970814]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.970836]  ? calculate_sigpending+0x7b/0xa0
[   25.970862]  ? __pfx_kthread+0x10/0x10
[   25.970883]  ret_from_fork+0x116/0x1d0
[   25.970903]  ? __pfx_kthread+0x10/0x10
[   25.970924]  ret_from_fork_asm+0x1a/0x30
[   25.971188]  </TASK>
[   25.971201] 
[   25.985329] Allocated by task 284:
[   25.985771]  kasan_save_stack+0x45/0x70
[   25.986248]  kasan_save_track+0x18/0x40
[   25.986457]  kasan_save_alloc_info+0x3b/0x50
[   25.986647]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   25.987136]  remove_element+0x11e/0x190
[   25.987551]  mempool_alloc_preallocated+0x4d/0x90
[   25.987844]  mempool_double_free_helper+0x8a/0x370
[   25.988182]  mempool_kmalloc_double_free+0xed/0x140
[   25.988391]  kunit_try_run_case+0x1a5/0x480
[   25.988579]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.989568]  kthread+0x337/0x6f0
[   25.989895]  ret_from_fork+0x116/0x1d0
[   25.990306]  ret_from_fork_asm+0x1a/0x30
[   25.990631] 
[   25.990856] Freed by task 284:
[   25.991129]  kasan_save_stack+0x45/0x70
[   25.991430]  kasan_save_track+0x18/0x40
[   25.991621]  kasan_save_free_info+0x3f/0x60
[   25.992095]  __kasan_mempool_poison_object+0x131/0x1d0
[   25.992483]  mempool_free+0x2ec/0x380
[   25.992668]  mempool_double_free_helper+0x109/0x370
[   25.993031]  mempool_kmalloc_double_free+0xed/0x140
[   25.993889]  kunit_try_run_case+0x1a5/0x480
[   25.994036]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.994218]  kthread+0x337/0x6f0
[   25.994341]  ret_from_fork+0x116/0x1d0
[   25.994469]  ret_from_fork_asm+0x1a/0x30
[   25.994604] 
[   25.994684] The buggy address belongs to the object at ffff888105919a00
[   25.994684]  which belongs to the cache kmalloc-128 of size 128
[   25.996535] The buggy address is located 0 bytes inside of
[   25.996535]  128-byte region [ffff888105919a00, ffff888105919a80)
[   25.997939] 
[   25.998288] The buggy address belongs to the physical page:
[   25.998948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919
[   25.999859] flags: 0x200000000000000(node=0|zone=2)
[   26.000490] page_type: f5(slab)
[   26.000969] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.001524] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.001867] page dumped because: kasan: bad access detected
[   26.002454] 
[   26.002617] Memory state around the buggy address:
[   26.003172]  ffff888105919900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.003923]  ffff888105919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.004176] >ffff888105919a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.004384]                    ^
[   26.004497]  ffff888105919a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.004726]  ffff888105919b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.004976] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW5XeyUzOSFr9BpBP7b7OYkHS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW5XeyUzOSFr9BpBP7b7OYkHS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/bzImage
sha256sum	4565f21e261caec61f0904b87ff9eab2fa750b37970854db3ef378370e96c96a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/modules.tar.xz
sha256sum	25191cedf68988510c88d39b245d9f83740d3133c412cf5e2b129a6de7adb415

durations

tests

boot	0
kunit	230.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit