lkft/linux-next-master - next-20250715 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   55.042254] ==================================================================
[   55.052293] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   55.059407] Free of addr ffff000808728000 by task kunit_try_catch/318
[   55.065830] 
[   55.067316] CPU: 7 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   55.067372] Tainted: [B]=BAD_PAGE, [N]=TEST
[   55.067389] Hardware name: WinLink E850-96 board (DT)
[   55.067410] Call trace:
[   55.067423]  show_stack+0x20/0x38 (C)
[   55.067455]  dump_stack_lvl+0x8c/0xd0
[   55.067490]  print_report+0x118/0x5d0
[   55.067519]  kasan_report_invalid_free+0xc0/0xe8
[   55.067550]  __kasan_mempool_poison_object+0x14c/0x150
[   55.067582]  mempool_free+0x28c/0x328
[   55.067614]  mempool_double_free_helper+0x150/0x2e8
[   55.067647]  mempool_kmalloc_large_double_free+0xc0/0x118
[   55.067682]  kunit_try_run_case+0x170/0x3f0
[   55.067713]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   55.067747]  kthread+0x328/0x630
[   55.067775]  ret_from_fork+0x10/0x20
[   55.067812] 
[   55.142481] The buggy address belongs to the physical page:
[   55.148038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x888728
[   55.156021] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   55.163661] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   55.170603] page_type: f8(unknown)
[   55.174000] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   55.181719] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   55.189447] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   55.197257] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   55.205071] head: 0bfffe0000000002 fffffdffe021ca01 00000000ffffffff 00000000ffffffff
[   55.212883] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   55.220688] page dumped because: kasan: bad access detected
[   55.226244] 
[   55.227719] Memory state around the buggy address:
[   55.232501]  ffff000808727f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.239702]  ffff000808727f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.246909] >ffff000808728000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.254108]                    ^
[   55.257323]  ffff000808728080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.264528]  ffff000808728100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.271730] ==================================================================
[   54.667233] ==================================================================
[   54.677037] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   54.684155] Free of addr ffff00080244df00 by task kunit_try_catch/316
[   54.690575] 
[   54.692060] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   54.692115] Tainted: [B]=BAD_PAGE, [N]=TEST
[   54.692133] Hardware name: WinLink E850-96 board (DT)
[   54.692154] Call trace:
[   54.692167]  show_stack+0x20/0x38 (C)
[   54.692203]  dump_stack_lvl+0x8c/0xd0
[   54.692236]  print_report+0x118/0x5d0
[   54.692263]  kasan_report_invalid_free+0xc0/0xe8
[   54.692294]  check_slab_allocation+0xd4/0x108
[   54.692333]  __kasan_mempool_poison_object+0x78/0x150
[   54.692365]  mempool_free+0x28c/0x328
[   54.692397]  mempool_double_free_helper+0x150/0x2e8
[   54.692431]  mempool_kmalloc_double_free+0xc0/0x118
[   54.692466]  kunit_try_run_case+0x170/0x3f0
[   54.692496]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   54.692531]  kthread+0x328/0x630
[   54.692561]  ret_from_fork+0x10/0x20
[   54.692596] 
[   54.770958] Allocated by task 316:
[   54.774345]  kasan_save_stack+0x3c/0x68
[   54.778160]  kasan_save_track+0x20/0x40
[   54.781980]  kasan_save_alloc_info+0x40/0x58
[   54.786233]  __kasan_mempool_unpoison_object+0x11c/0x180
[   54.791530]  remove_element+0x130/0x1f8
[   54.795348]  mempool_alloc_preallocated+0x58/0xc0
[   54.800035]  mempool_double_free_helper+0x94/0x2e8
[   54.804809]  mempool_kmalloc_double_free+0xc0/0x118
[   54.809670]  kunit_try_run_case+0x170/0x3f0
[   54.813837]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   54.819306]  kthread+0x328/0x630
[   54.822517]  ret_from_fork+0x10/0x20
[   54.826076] 
[   54.827552] Freed by task 316:
[   54.830592]  kasan_save_stack+0x3c/0x68
[   54.834409]  kasan_save_track+0x20/0x40
[   54.838229]  kasan_save_free_info+0x4c/0x78
[   54.842395]  __kasan_mempool_poison_object+0xc0/0x150
[   54.847430]  mempool_free+0x28c/0x328
[   54.851076]  mempool_double_free_helper+0x100/0x2e8
[   54.855937]  mempool_kmalloc_double_free+0xc0/0x118
[   54.860798]  kunit_try_run_case+0x170/0x3f0
[   54.864964]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   54.870433]  kthread+0x328/0x630
[   54.873645]  ret_from_fork+0x10/0x20
[   54.877204] 
[   54.878681] The buggy address belongs to the object at ffff00080244df00
[   54.878681]  which belongs to the cache kmalloc-128 of size 128
[   54.891182] The buggy address is located 0 bytes inside of
[   54.891182]  128-byte region [ffff00080244df00, ffff00080244df80)
[   54.902724] 
[   54.904204] The buggy address belongs to the physical page:
[   54.909760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88244c
[   54.917744] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   54.925384] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   54.932326] page_type: f5(slab)
[   54.935464] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   54.943182] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000
[   54.950909] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   54.958720] head: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000
[   54.966533] head: 0bfffe0000000001 fffffdffe0091301 00000000ffffffff 00000000ffffffff
[   54.974344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   54.982152] page dumped because: kasan: bad access detected
[   54.987706] 
[   54.989181] Memory state around the buggy address:
[   54.993965]  ffff00080244de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.001166]  ffff00080244de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.008369] >ffff00080244df00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.015570]                    ^
[   55.018785]  ffff00080244df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.025992]  ffff00080244e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.033191] ==================================================================
[   55.281456] ==================================================================
[   55.291350] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   55.298466] Free of addr ffff0008062cc000 by task kunit_try_catch/320
[   55.304889] 
[   55.306377] CPU: 2 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   55.306433] Tainted: [B]=BAD_PAGE, [N]=TEST
[   55.306451] Hardware name: WinLink E850-96 board (DT)
[   55.306477] Call trace:
[   55.306491]  show_stack+0x20/0x38 (C)
[   55.306527]  dump_stack_lvl+0x8c/0xd0
[   55.306564]  print_report+0x118/0x5d0
[   55.306592]  kasan_report_invalid_free+0xc0/0xe8
[   55.306623]  __kasan_mempool_poison_pages+0xe0/0xe8
[   55.306656]  mempool_free+0x24c/0x328
[   55.306688]  mempool_double_free_helper+0x150/0x2e8
[   55.306723]  mempool_page_alloc_double_free+0xbc/0x118
[   55.306762]  kunit_try_run_case+0x170/0x3f0
[   55.306794]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   55.306830]  kthread+0x328/0x630
[   55.306860]  ret_from_fork+0x10/0x20
[   55.306893] 
[   55.381020] The buggy address belongs to the physical page:
[   55.386575] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8862cc
[   55.394560] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   55.401082] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   55.408800] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   55.416521] page dumped because: kasan: bad access detected
[   55.422074] 
[   55.423550] Memory state around the buggy address:
[   55.428331]  ffff0008062cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.435532]  ffff0008062cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.442739] >ffff0008062cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.449938]                    ^
[   55.453154]  ffff0008062cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.460358]  ffff0008062cc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.467561] ==================================================================

Metadata Full log Test run details

[   32.740742] ==================================================================
[   32.740808] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.740870] Free of addr fff00000c9b28000 by task kunit_try_catch/269
[   32.740914] 
[   32.740948] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   32.741169] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.741254] Hardware name: linux,dummy-virt (DT)
[   32.741287] Call trace:
[   32.741311]  show_stack+0x20/0x38 (C)
[   32.741982]  dump_stack_lvl+0x8c/0xd0
[   32.742178]  print_report+0x118/0x5d0
[   32.742227]  kasan_report_invalid_free+0xc0/0xe8
[   32.742622]  __kasan_mempool_poison_object+0x14c/0x150
[   32.742714]  mempool_free+0x28c/0x328
[   32.742890]  mempool_double_free_helper+0x150/0x2e8
[   32.743098]  mempool_kmalloc_large_double_free+0xc0/0x118
[   32.743195]  kunit_try_run_case+0x170/0x3f0
[   32.743267]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.743427]  kthread+0x328/0x630
[   32.743482]  ret_from_fork+0x10/0x20
[   32.743530] 
[   32.743799] The buggy address belongs to the physical page:
[   32.743869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b28
[   32.744183] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.744240] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.744295] page_type: f8(unknown)
[   32.744336] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.744646] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.744874] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.744926] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.744975] head: 0bfffe0000000002 ffffc1ffc326ca01 00000000ffffffff 00000000ffffffff
[   32.745057] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.745105] page dumped because: kasan: bad access detected
[   32.745342] 
[   32.745577] Memory state around the buggy address:
[   32.745660]  fff00000c9b27f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.745704]  fff00000c9b27f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.745746] >fff00000c9b28000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.745785]                    ^
[   32.745837]  fff00000c9b28080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.745881]  fff00000c9b28100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.745921] ==================================================================
[   32.780127] ==================================================================
[   32.780204] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.780367] Free of addr fff00000c9b2c000 by task kunit_try_catch/271
[   32.782153] 
[   32.782292] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   32.783516] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.783554] Hardware name: linux,dummy-virt (DT)
[   32.783692] Call trace:
[   32.784149]  show_stack+0x20/0x38 (C)
[   32.784565]  dump_stack_lvl+0x8c/0xd0
[   32.784815]  print_report+0x118/0x5d0
[   32.784898]  kasan_report_invalid_free+0xc0/0xe8
[   32.785305]  __kasan_mempool_poison_pages+0xe0/0xe8
[   32.785397]  mempool_free+0x24c/0x328
[   32.786517]  mempool_double_free_helper+0x150/0x2e8
[   32.786993]  mempool_page_alloc_double_free+0xbc/0x118
[   32.787318]  kunit_try_run_case+0x170/0x3f0
[   32.787432]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.787498]  kthread+0x328/0x630
[   32.787544]  ret_from_fork+0x10/0x20
[   32.787596] 
[   32.788353] The buggy address belongs to the physical page:
[   32.788835] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b2c
[   32.789188] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.789543] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   32.789594] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   32.790503] page dumped because: kasan: bad access detected
[   32.791243] 
[   32.791308] Memory state around the buggy address:
[   32.791344]  fff00000c9b2bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.791848]  fff00000c9b2bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.792083] >fff00000c9b2c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.792925]                    ^
[   32.793142]  fff00000c9b2c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.793270]  fff00000c9b2c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.793557] ==================================================================
[   32.722882] ==================================================================
[   32.723257] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.723478] Free of addr fff00000c9147e00 by task kunit_try_catch/267
[   32.723591] 
[   32.723624] CPU: 1 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   32.723708] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.723733] Hardware name: linux,dummy-virt (DT)
[   32.723788] Call trace:
[   32.723917]  show_stack+0x20/0x38 (C)
[   32.723977]  dump_stack_lvl+0x8c/0xd0
[   32.724026]  print_report+0x118/0x5d0
[   32.724070]  kasan_report_invalid_free+0xc0/0xe8
[   32.724119]  check_slab_allocation+0xd4/0x108
[   32.724172]  __kasan_mempool_poison_object+0x78/0x150
[   32.724314]  mempool_free+0x28c/0x328
[   32.724848]  mempool_double_free_helper+0x150/0x2e8
[   32.724990]  mempool_kmalloc_double_free+0xc0/0x118
[   32.725345]  kunit_try_run_case+0x170/0x3f0
[   32.725401]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.725465]  kthread+0x328/0x630
[   32.725510]  ret_from_fork+0x10/0x20
[   32.725971] 
[   32.726218] Allocated by task 267:
[   32.726359]  kasan_save_stack+0x3c/0x68
[   32.726406]  kasan_save_track+0x20/0x40
[   32.726459]  kasan_save_alloc_info+0x40/0x58
[   32.726615]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.726805]  remove_element+0x130/0x1f8
[   32.726848]  mempool_alloc_preallocated+0x58/0xc0
[   32.726909]  mempool_double_free_helper+0x94/0x2e8
[   32.727012]  mempool_kmalloc_double_free+0xc0/0x118
[   32.727055]  kunit_try_run_case+0x170/0x3f0
[   32.727091]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.727139]  kthread+0x328/0x630
[   32.727184]  ret_from_fork+0x10/0x20
[   32.727243] 
[   32.727262] Freed by task 267:
[   32.727589]  kasan_save_stack+0x3c/0x68
[   32.727639]  kasan_save_track+0x20/0x40
[   32.727961]  kasan_save_free_info+0x4c/0x78
[   32.728143]  __kasan_mempool_poison_object+0xc0/0x150
[   32.728197]  mempool_free+0x28c/0x328
[   32.728232]  mempool_double_free_helper+0x100/0x2e8
[   32.728301]  mempool_kmalloc_double_free+0xc0/0x118
[   32.728383]  kunit_try_run_case+0x170/0x3f0
[   32.728447]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.728490]  kthread+0x328/0x630
[   32.728522]  ret_from_fork+0x10/0x20
[   32.728560] 
[   32.728580] The buggy address belongs to the object at fff00000c9147e00
[   32.728580]  which belongs to the cache kmalloc-128 of size 128
[   32.728642] The buggy address is located 0 bytes inside of
[   32.728642]  128-byte region [fff00000c9147e00, fff00000c9147e80)
[   32.728711] 
[   32.728733] The buggy address belongs to the physical page:
[   32.728766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109147
[   32.729230] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.729285] page_type: f5(slab)
[   32.729326] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122
[   32.729682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.729797] page dumped because: kasan: bad access detected
[   32.729887] 
[   32.729911] Memory state around the buggy address:
[   32.729945]  fff00000c9147d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.729988]  fff00000c9147d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.730029] >fff00000c9147e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.730170]                    ^
[   32.730204]  fff00000c9147e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.730366]  fff00000c9147f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.730473] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSB6ZD0TprNwndx8osoZfzNbs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSB6ZD0TprNwndx8osoZfzNbs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/Image.gz
sha256sum	118b4ece9a238a43bf808c098cf2bf253d887d33e129eb81e3c965d23e20b8c5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/modules.tar.xz
sha256sum	01435f1d178968cd8186d4f9b9cf47e1273301cd5c54bfdff2cd2593d26e1adb

durations

tests

boot	0
kunit	165.28

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.727541] ==================================================================
[   25.729012] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   25.729266] Free of addr ffff888106228000 by task kunit_try_catch/285
[   25.729468] 
[   25.729571] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   25.729658] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.729673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.729699] Call Trace:
[   25.729714]  <TASK>
[   25.729736]  dump_stack_lvl+0x73/0xb0
[   25.729772]  print_report+0xd1/0x610
[   25.729800]  ? __virt_addr_valid+0x1db/0x2d0
[   25.729831]  ? kasan_addr_to_slab+0x11/0xa0
[   25.729857]  ? mempool_double_free_helper+0x184/0x370
[   25.729946]  kasan_report_invalid_free+0x10a/0x130
[   25.729990]  ? mempool_double_free_helper+0x184/0x370
[   25.730024]  ? mempool_double_free_helper+0x184/0x370
[   25.730052]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   25.730081]  mempool_free+0x2ec/0x380
[   25.730116]  mempool_double_free_helper+0x184/0x370
[   25.730145]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   25.730175]  ? dequeue_entities+0x23f/0x1630
[   25.730206]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.730251]  ? finish_task_switch.isra.0+0x153/0x700
[   25.730283]  mempool_kmalloc_large_double_free+0xed/0x140
[   25.730314]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   25.730348]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.730376]  ? __pfx_mempool_kfree+0x10/0x10
[   25.730407]  ? __pfx_read_tsc+0x10/0x10
[   25.730435]  ? ktime_get_ts64+0x86/0x230
[   25.730480]  kunit_try_run_case+0x1a5/0x480
[   25.730550]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.730639]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.730667]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.730695]  ? __kthread_parkme+0x82/0x180
[   25.730720]  ? preempt_count_sub+0x50/0x80
[   25.730749]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.730778]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.730809]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.730841]  kthread+0x337/0x6f0
[   25.730866]  ? trace_preempt_on+0x20/0xc0
[   25.730896]  ? __pfx_kthread+0x10/0x10
[   25.730922]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.730951]  ? calculate_sigpending+0x7b/0xa0
[   25.730981]  ? __pfx_kthread+0x10/0x10
[   25.731007]  ret_from_fork+0x116/0x1d0
[   25.731031]  ? __pfx_kthread+0x10/0x10
[   25.731057]  ret_from_fork_asm+0x1a/0x30
[   25.731098]  </TASK>
[   25.731112] 
[   25.749892] The buggy address belongs to the physical page:
[   25.750098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228
[   25.750354] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.751179] flags: 0x200000000000040(head|node=0|zone=2)
[   25.751791] page_type: f8(unknown)
[   25.752205] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.753047] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.753751] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.754601] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.755245] head: 0200000000000002 ffffea0004188a01 00000000ffffffff 00000000ffffffff
[   25.755809] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.756266] page dumped because: kasan: bad access detected
[   25.756440] 
[   25.756507] Memory state around the buggy address:
[   25.756698]  ffff888106227f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.757376]  ffff888106227f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.758115] >ffff888106228000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.758515]                    ^
[   25.758921]  ffff888106228080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.759573]  ffff888106228100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.759811] ==================================================================
[   25.689391] ==================================================================
[   25.690188] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   25.690789] Free of addr ffff8881060ab000 by task kunit_try_catch/283
[   25.691378] 
[   25.691496] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   25.691564] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.692607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.692638] Call Trace:
[   25.692654]  <TASK>
[   25.692677]  dump_stack_lvl+0x73/0xb0
[   25.692714]  print_report+0xd1/0x610
[   25.692739]  ? __virt_addr_valid+0x1db/0x2d0
[   25.692766]  ? kasan_complete_mode_report_info+0x64/0x200
[   25.692792]  ? mempool_double_free_helper+0x184/0x370
[   25.692817]  kasan_report_invalid_free+0x10a/0x130
[   25.692843]  ? mempool_double_free_helper+0x184/0x370
[   25.692870]  ? mempool_double_free_helper+0x184/0x370
[   25.692892]  ? mempool_double_free_helper+0x184/0x370
[   25.692915]  check_slab_allocation+0x101/0x130
[   25.692937]  __kasan_mempool_poison_object+0x91/0x1d0
[   25.692962]  mempool_free+0x2ec/0x380
[   25.692989]  mempool_double_free_helper+0x184/0x370
[   25.693013]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   25.693037]  ? dequeue_entities+0x23f/0x1630
[   25.693062]  ? __kasan_check_write+0x18/0x20
[   25.693086]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.693315]  ? finish_task_switch.isra.0+0x153/0x700
[   25.693343]  mempool_kmalloc_double_free+0xed/0x140
[   25.693368]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   25.693395]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.693418]  ? __pfx_mempool_kfree+0x10/0x10
[   25.693442]  ? __pfx_read_tsc+0x10/0x10
[   25.693465]  ? ktime_get_ts64+0x86/0x230
[   25.693491]  kunit_try_run_case+0x1a5/0x480
[   25.693517]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.693553]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.693576]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.693600]  ? __kthread_parkme+0x82/0x180
[   25.693633]  ? preempt_count_sub+0x50/0x80
[   25.693679]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.693703]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.693730]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.693757]  kthread+0x337/0x6f0
[   25.693776]  ? trace_preempt_on+0x20/0xc0
[   25.693801]  ? __pfx_kthread+0x10/0x10
[   25.693822]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.693848]  ? calculate_sigpending+0x7b/0xa0
[   25.693873]  ? __pfx_kthread+0x10/0x10
[   25.693895]  ret_from_fork+0x116/0x1d0
[   25.693915]  ? __pfx_kthread+0x10/0x10
[   25.693935]  ret_from_fork_asm+0x1a/0x30
[   25.693969]  </TASK>
[   25.693982] 
[   25.709722] Allocated by task 283:
[   25.709937]  kasan_save_stack+0x45/0x70
[   25.710114]  kasan_save_track+0x18/0x40
[   25.710248]  kasan_save_alloc_info+0x3b/0x50
[   25.710393]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   25.710629]  remove_element+0x11e/0x190
[   25.710842]  mempool_alloc_preallocated+0x4d/0x90
[   25.710997]  mempool_double_free_helper+0x8a/0x370
[   25.711406]  mempool_kmalloc_double_free+0xed/0x140
[   25.711882]  kunit_try_run_case+0x1a5/0x480
[   25.712412]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.712979]  kthread+0x337/0x6f0
[   25.713166]  ret_from_fork+0x116/0x1d0
[   25.713302]  ret_from_fork_asm+0x1a/0x30
[   25.713440] 
[   25.713507] Freed by task 283:
[   25.713994]  kasan_save_stack+0x45/0x70
[   25.714459]  kasan_save_track+0x18/0x40
[   25.714830]  kasan_save_free_info+0x3f/0x60
[   25.715267]  __kasan_mempool_poison_object+0x131/0x1d0
[   25.715853]  mempool_free+0x2ec/0x380
[   25.716209]  mempool_double_free_helper+0x109/0x370
[   25.716695]  mempool_kmalloc_double_free+0xed/0x140
[   25.716893]  kunit_try_run_case+0x1a5/0x480
[   25.717037]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.717206]  kthread+0x337/0x6f0
[   25.717319]  ret_from_fork+0x116/0x1d0
[   25.717447]  ret_from_fork_asm+0x1a/0x30
[   25.717605] 
[   25.717690] The buggy address belongs to the object at ffff8881060ab000
[   25.717690]  which belongs to the cache kmalloc-128 of size 128
[   25.718418] The buggy address is located 0 bytes inside of
[   25.718418]  128-byte region [ffff8881060ab000, ffff8881060ab080)
[   25.718966] 
[   25.719068] The buggy address belongs to the physical page:
[   25.719256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab
[   25.719561] flags: 0x200000000000000(node=0|zone=2)
[   25.719728] page_type: f5(slab)
[   25.719910] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.720243] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.720555] page dumped because: kasan: bad access detected
[   25.721047] 
[   25.721131] Memory state around the buggy address:
[   25.721352]  ffff8881060aaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.721720]  ffff8881060aaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.721986] >ffff8881060ab000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.722241]                    ^
[   25.722401]  ffff8881060ab080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.722699]  ffff8881060ab100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.723002] ==================================================================
[   25.764043] ==================================================================
[   25.764601] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   25.764937] Free of addr ffff888106128000 by task kunit_try_catch/287
[   25.765222] 
[   25.765315] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   25.765368] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.765381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.765404] Call Trace:
[   25.765419]  <TASK>
[   25.765439]  dump_stack_lvl+0x73/0xb0
[   25.765471]  print_report+0xd1/0x610
[   25.765495]  ? __virt_addr_valid+0x1db/0x2d0
[   25.765971]  ? kasan_addr_to_slab+0x11/0xa0
[   25.766008]  ? mempool_double_free_helper+0x184/0x370
[   25.766037]  kasan_report_invalid_free+0x10a/0x130
[   25.766066]  ? mempool_double_free_helper+0x184/0x370
[   25.766093]  ? mempool_double_free_helper+0x184/0x370
[   25.766116]  __kasan_mempool_poison_pages+0x115/0x130
[   25.766141]  mempool_free+0x290/0x380
[   25.766170]  mempool_double_free_helper+0x184/0x370
[   25.766194]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   25.766219]  ? dequeue_entities+0x23f/0x1630
[   25.766244]  ? __kasan_check_write+0x18/0x20
[   25.766268]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.766290]  ? finish_task_switch.isra.0+0x153/0x700
[   25.766318]  mempool_page_alloc_double_free+0xe8/0x140
[   25.766343]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   25.766371]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   25.766394]  ? __pfx_mempool_free_pages+0x10/0x10
[   25.766420]  ? __pfx_read_tsc+0x10/0x10
[   25.766443]  ? ktime_get_ts64+0x86/0x230
[   25.766478]  kunit_try_run_case+0x1a5/0x480
[   25.766505]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.766541]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.766589]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.766647]  ? __kthread_parkme+0x82/0x180
[   25.766668]  ? preempt_count_sub+0x50/0x80
[   25.766692]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.766715]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.766741]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.766768]  kthread+0x337/0x6f0
[   25.766787]  ? trace_preempt_on+0x20/0xc0
[   25.766812]  ? __pfx_kthread+0x10/0x10
[   25.766835]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.766861]  ? calculate_sigpending+0x7b/0xa0
[   25.766886]  ? __pfx_kthread+0x10/0x10
[   25.766908]  ret_from_fork+0x116/0x1d0
[   25.766927]  ? __pfx_kthread+0x10/0x10
[   25.766948]  ret_from_fork_asm+0x1a/0x30
[   25.766981]  </TASK>
[   25.766994] 
[   25.779290] The buggy address belongs to the physical page:
[   25.779818] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106128
[   25.780177] flags: 0x200000000000000(node=0|zone=2)
[   25.780636] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   25.781081] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.781489] page dumped because: kasan: bad access detected
[   25.781981] 
[   25.782128] Memory state around the buggy address:
[   25.782547]  ffff888106127f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.782954]  ffff888106127f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.783342] >ffff888106128000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.783824]                    ^
[   25.783997]  ffff888106128080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.784507]  ffff888106128100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.784958] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSCDmb4DEQtYONUdNKA0gDr4g

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSCDmb4DEQtYONUdNKA0gDr4g

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/bzImage
sha256sum	c1e74129e828139d1503e1b2906d7bf3cc50987150c7e120efde5dc3ba3dece2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/modules.tar.xz
sha256sum	c033def305798e90a1dd43392f34d6ac3a5642caf58a41fa7d2b499626275ec8

durations

tests

boot	0
kunit	244.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit