lkft/linux-next-master - next-20250716 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 16, 2025, 12:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   32.826022] ==================================================================
[   32.826080] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.826377] Free of addr fff00000c9bfc000 by task kunit_try_catch/270
[   32.826580] 
[   32.826885] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   32.827060] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.827176] Hardware name: linux,dummy-virt (DT)
[   32.827211] Call trace:
[   32.827235]  show_stack+0x20/0x38 (C)
[   32.827285]  dump_stack_lvl+0x8c/0xd0
[   32.827340]  print_report+0x118/0x5d0
[   32.827564]  kasan_report_invalid_free+0xc0/0xe8
[   32.827640]  __kasan_mempool_poison_pages+0xe0/0xe8
[   32.827852]  mempool_free+0x24c/0x328
[   32.827900]  mempool_double_free_helper+0x150/0x2e8
[   32.827952]  mempool_page_alloc_double_free+0xbc/0x118
[   32.828151]  kunit_try_run_case+0x170/0x3f0
[   32.828406]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.828463]  kthread+0x328/0x630
[   32.828791]  ret_from_fork+0x10/0x20
[   32.828878] 
[   32.828949] The buggy address belongs to the physical page:
[   32.829049] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bfc
[   32.829148] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.829266] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   32.829377] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   32.829420] page dumped because: kasan: bad access detected
[   32.829451] 
[   32.829469] Memory state around the buggy address:
[   32.829581]  fff00000c9bfbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.829765]  fff00000c9bfbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.829810] >fff00000c9bfc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.829850]                    ^
[   32.829878]  fff00000c9bfc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.829922]  fff00000c9bfc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.829989] ==================================================================
[   32.809853] ==================================================================
[   32.809926] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.809984] Free of addr fff00000c9bf8000 by task kunit_try_catch/268
[   32.810238] 
[   32.810397] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   32.810758] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.810937] Hardware name: linux,dummy-virt (DT)
[   32.811003] Call trace:
[   32.811026]  show_stack+0x20/0x38 (C)
[   32.811079]  dump_stack_lvl+0x8c/0xd0
[   32.811129]  print_report+0x118/0x5d0
[   32.811173]  kasan_report_invalid_free+0xc0/0xe8
[   32.811228]  __kasan_mempool_poison_object+0x14c/0x150
[   32.811468]  mempool_free+0x28c/0x328
[   32.811562]  mempool_double_free_helper+0x150/0x2e8
[   32.811815]  mempool_kmalloc_large_double_free+0xc0/0x118
[   32.811871]  kunit_try_run_case+0x170/0x3f0
[   32.812157]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.812347]  kthread+0x328/0x630
[   32.812395]  ret_from_fork+0x10/0x20
[   32.812778] 
[   32.812817] The buggy address belongs to the physical page:
[   32.812858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bf8
[   32.812958] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.813190] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.813252] page_type: f8(unknown)
[   32.813526] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.813587] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.813645] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.813696] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.814050] head: 0bfffe0000000002 ffffc1ffc326fe01 00000000ffffffff 00000000ffffffff
[   32.814105] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.814148] page dumped because: kasan: bad access detected
[   32.814179] 
[   32.814546] Memory state around the buggy address:
[   32.814622]  fff00000c9bf7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.814668]  fff00000c9bf7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.815039] >fff00000c9bf8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.815087]                    ^
[   32.815117]  fff00000c9bf8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.815224]  fff00000c9bf8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.815308] ==================================================================
[   32.787875] ==================================================================
[   32.787944] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.787997] Free of addr fff00000c9ba2a00 by task kunit_try_catch/266
[   32.788320] 
[   32.788394] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   32.788494] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.788601] Hardware name: linux,dummy-virt (DT)
[   32.788638] Call trace:
[   32.788660]  show_stack+0x20/0x38 (C)
[   32.788713]  dump_stack_lvl+0x8c/0xd0
[   32.788760]  print_report+0x118/0x5d0
[   32.789132]  kasan_report_invalid_free+0xc0/0xe8
[   32.789185]  check_slab_allocation+0xd4/0x108
[   32.789254]  __kasan_mempool_poison_object+0x78/0x150
[   32.789320]  mempool_free+0x28c/0x328
[   32.789365]  mempool_double_free_helper+0x150/0x2e8
[   32.789417]  mempool_kmalloc_double_free+0xc0/0x118
[   32.789469]  kunit_try_run_case+0x170/0x3f0
[   32.789526]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.789580]  kthread+0x328/0x630
[   32.790008]  ret_from_fork+0x10/0x20
[   32.790223] 
[   32.790267] Allocated by task 266:
[   32.790370]  kasan_save_stack+0x3c/0x68
[   32.790411]  kasan_save_track+0x20/0x40
[   32.790469]  kasan_save_alloc_info+0x40/0x58
[   32.790794]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.790846]  remove_element+0x130/0x1f8
[   32.791138]  mempool_alloc_preallocated+0x58/0xc0
[   32.791250]  mempool_double_free_helper+0x94/0x2e8
[   32.791319]  mempool_kmalloc_double_free+0xc0/0x118
[   32.791492]  kunit_try_run_case+0x170/0x3f0
[   32.791548]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.791605]  kthread+0x328/0x630
[   32.791639]  ret_from_fork+0x10/0x20
[   32.791674] 
[   32.791695] Freed by task 266:
[   32.791749]  kasan_save_stack+0x3c/0x68
[   32.791828]  kasan_save_track+0x20/0x40
[   32.791864]  kasan_save_free_info+0x4c/0x78
[   32.792581]  __kasan_mempool_poison_object+0xc0/0x150
[   32.792641]  mempool_free+0x28c/0x328
[   32.792678]  mempool_double_free_helper+0x100/0x2e8
[   32.792722]  mempool_kmalloc_double_free+0xc0/0x118
[   32.793056]  kunit_try_run_case+0x170/0x3f0
[   32.793101]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.793146]  kthread+0x328/0x630
[   32.793378]  ret_from_fork+0x10/0x20
[   32.793428] 
[   32.793532] The buggy address belongs to the object at fff00000c9ba2a00
[   32.793532]  which belongs to the cache kmalloc-128 of size 128
[   32.793600] The buggy address is located 0 bytes inside of
[   32.793600]  128-byte region [fff00000c9ba2a00, fff00000c9ba2a80)
[   32.793838] 
[   32.793858] The buggy address belongs to the physical page:
[   32.793947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ba2
[   32.794028] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.794127] page_type: f5(slab)
[   32.794249] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.794399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.794513] page dumped because: kasan: bad access detected
[   32.794544] 
[   32.794563] Memory state around the buggy address:
[   32.794595]  fff00000c9ba2900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.794802]  fff00000c9ba2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.795206] >fff00000c9ba2a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.795495]                    ^
[   32.795803]  fff00000c9ba2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.795879]  fff00000c9ba2b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.795920] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zxLYbkO55A3MZOuL8WgggPQedZ

job_id

TEST:linaro@lkft#2zxLeGb0Cz9DWdDOuIcvrHgzPHF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxLeGb0Cz9DWdDOuIcvrHgzPHF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLaFD9LrwPBdmkVRgfB1whiL3/Image.gz
sha256sum	52b0e0b4d3e1142256a1a9b955e87dd8182ac318909544344275afea897b330f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLaFD9LrwPBdmkVRgfB1whiL3/modules.tar.xz
sha256sum	45cab41eb8bcd09ba6c3a39112d26defc4ebbd207b893e79d28b0eac868edbc7

durations

tests

boot	0
kunit	166.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.968036] ==================================================================
[   24.968986] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   24.969331] Free of addr ffff888106104000 by task kunit_try_catch/286
[   24.969756] 
[   24.970161] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   24.970227] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.970242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.970266] Call Trace:
[   24.970303]  <TASK>
[   24.970325]  dump_stack_lvl+0x73/0xb0
[   24.970363]  print_report+0xd1/0x610
[   24.970388]  ? __virt_addr_valid+0x1db/0x2d0
[   24.970415]  ? kasan_addr_to_slab+0x11/0xa0
[   24.970434]  ? mempool_double_free_helper+0x184/0x370
[   24.970459]  kasan_report_invalid_free+0x10a/0x130
[   24.970482]  ? mempool_double_free_helper+0x184/0x370
[   24.970508]  ? mempool_double_free_helper+0x184/0x370
[   24.970531]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   24.970554]  mempool_free+0x2ec/0x380
[   24.970582]  mempool_double_free_helper+0x184/0x370
[   24.970606]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   24.970668]  ? dequeue_entities+0x23f/0x1630
[   24.970694]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.970716]  ? finish_task_switch.isra.0+0x153/0x700
[   24.970742]  mempool_kmalloc_large_double_free+0xed/0x140
[   24.970766]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   24.970793]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.970814]  ? __pfx_mempool_kfree+0x10/0x10
[   24.970838]  ? __pfx_read_tsc+0x10/0x10
[   24.970861]  ? ktime_get_ts64+0x86/0x230
[   24.970958]  kunit_try_run_case+0x1a5/0x480
[   24.970985]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.971008]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.971032]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.971055]  ? __kthread_parkme+0x82/0x180
[   24.971077]  ? preempt_count_sub+0x50/0x80
[   24.971098]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.971121]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.971148]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.971174]  kthread+0x337/0x6f0
[   24.971194]  ? trace_preempt_on+0x20/0xc0
[   24.971218]  ? __pfx_kthread+0x10/0x10
[   24.971237]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.971258]  ? calculate_sigpending+0x7b/0xa0
[   24.971283]  ? __pfx_kthread+0x10/0x10
[   24.971316]  ret_from_fork+0x116/0x1d0
[   24.971336]  ? __pfx_kthread+0x10/0x10
[   24.971356]  ret_from_fork_asm+0x1a/0x30
[   24.971388]  </TASK>
[   24.971400] 
[   24.986455] The buggy address belongs to the physical page:
[   24.986993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106104
[   24.987467] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.988009] flags: 0x200000000000040(head|node=0|zone=2)
[   24.988251] page_type: f8(unknown)
[   24.988713] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.989316] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.990141] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.990719] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.991255] head: 0200000000000002 ffffea0004184101 00000000ffffffff 00000000ffffffff
[   24.991779] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.992269] page dumped because: kasan: bad access detected
[   24.992514] 
[   24.992814] Memory state around the buggy address:
[   24.993266]  ffff888106103f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.993737]  ffff888106103f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.994243] >ffff888106104000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.994543]                    ^
[   24.994885]  ffff888106104080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.995682]  ffff888106104100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.996191] ==================================================================
[   24.924915] ==================================================================
[   24.925345] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   24.925688] Free of addr ffff88810611d200 by task kunit_try_catch/284
[   24.926136] 
[   24.926236] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   24.926307] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.926323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.926347] Call Trace:
[   24.926363]  <TASK>
[   24.926383]  dump_stack_lvl+0x73/0xb0
[   24.926416]  print_report+0xd1/0x610
[   24.926442]  ? __virt_addr_valid+0x1db/0x2d0
[   24.926469]  ? kasan_complete_mode_report_info+0x64/0x200
[   24.926497]  ? mempool_double_free_helper+0x184/0x370
[   24.926524]  kasan_report_invalid_free+0x10a/0x130
[   24.926550]  ? mempool_double_free_helper+0x184/0x370
[   24.926578]  ? mempool_double_free_helper+0x184/0x370
[   24.926602]  ? mempool_double_free_helper+0x184/0x370
[   24.926626]  check_slab_allocation+0x101/0x130
[   24.926650]  __kasan_mempool_poison_object+0x91/0x1d0
[   24.926675]  mempool_free+0x2ec/0x380
[   24.926699]  ? __wake_up+0x49/0x60
[   24.926727]  mempool_double_free_helper+0x184/0x370
[   24.926752]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   24.926777]  ? dequeue_entities+0x23f/0x1630
[   24.926804]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.926826]  ? finish_task_switch.isra.0+0x153/0x700
[   24.926853]  mempool_kmalloc_double_free+0xed/0x140
[   24.926958]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   24.926986]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.927009]  ? __pfx_mempool_kfree+0x10/0x10
[   24.927036]  ? __pfx_read_tsc+0x10/0x10
[   24.927061]  ? ktime_get_ts64+0x86/0x230
[   24.927088]  kunit_try_run_case+0x1a5/0x480
[   24.927115]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.927139]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.927165]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.927188]  ? __kthread_parkme+0x82/0x180
[   24.927210]  ? preempt_count_sub+0x50/0x80
[   24.927234]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.927259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.927288]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.927327]  kthread+0x337/0x6f0
[   24.927348]  ? trace_preempt_on+0x20/0xc0
[   24.927373]  ? __pfx_kthread+0x10/0x10
[   24.927395]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.927417]  ? calculate_sigpending+0x7b/0xa0
[   24.927443]  ? __pfx_kthread+0x10/0x10
[   24.927466]  ret_from_fork+0x116/0x1d0
[   24.927486]  ? __pfx_kthread+0x10/0x10
[   24.927508]  ret_from_fork_asm+0x1a/0x30
[   24.927543]  </TASK>
[   24.927556] 
[   24.942128] Allocated by task 284:
[   24.943143]  kasan_save_stack+0x45/0x70
[   24.943346]  kasan_save_track+0x18/0x40
[   24.944144]  kasan_save_alloc_info+0x3b/0x50
[   24.944835]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   24.945543]  remove_element+0x11e/0x190
[   24.946071]  mempool_alloc_preallocated+0x4d/0x90
[   24.946592]  mempool_double_free_helper+0x8a/0x370
[   24.947281]  mempool_kmalloc_double_free+0xed/0x140
[   24.947473]  kunit_try_run_case+0x1a5/0x480
[   24.947655]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.948423]  kthread+0x337/0x6f0
[   24.948898]  ret_from_fork+0x116/0x1d0
[   24.949465]  ret_from_fork_asm+0x1a/0x30
[   24.950134] 
[   24.950328] Freed by task 284:
[   24.950452]  kasan_save_stack+0x45/0x70
[   24.950615]  kasan_save_track+0x18/0x40
[   24.951124]  kasan_save_free_info+0x3f/0x60
[   24.951580]  __kasan_mempool_poison_object+0x131/0x1d0
[   24.952162]  mempool_free+0x2ec/0x380
[   24.952375]  mempool_double_free_helper+0x109/0x370
[   24.952539]  mempool_kmalloc_double_free+0xed/0x140
[   24.953027]  kunit_try_run_case+0x1a5/0x480
[   24.953498]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.954074]  kthread+0x337/0x6f0
[   24.954432]  ret_from_fork+0x116/0x1d0
[   24.954571]  ret_from_fork_asm+0x1a/0x30
[   24.954712] 
[   24.954783] The buggy address belongs to the object at ffff88810611d200
[   24.954783]  which belongs to the cache kmalloc-128 of size 128
[   24.955844] The buggy address is located 0 bytes inside of
[   24.955844]  128-byte region [ffff88810611d200, ffff88810611d280)
[   24.956988] 
[   24.957238] The buggy address belongs to the physical page:
[   24.957743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d
[   24.958175] flags: 0x200000000000000(node=0|zone=2)
[   24.958680] page_type: f5(slab)
[   24.959085] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.959735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.959986] page dumped because: kasan: bad access detected
[   24.960159] 
[   24.960226] Memory state around the buggy address:
[   24.960615]  ffff88810611d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.961391]  ffff88810611d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.961904] >ffff88810611d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.962416]                    ^
[   24.962543]  ffff88810611d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.963394]  ffff88810611d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.964128] ==================================================================
[   25.000235] ==================================================================
[   25.000678] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   25.000921] Free of addr ffff888106104000 by task kunit_try_catch/288
[   25.001112] 
[   25.001197] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   25.001249] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.001262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.001285] Call Trace:
[   25.001801]  <TASK>
[   25.001831]  dump_stack_lvl+0x73/0xb0
[   25.002133]  print_report+0xd1/0x610
[   25.002161]  ? __virt_addr_valid+0x1db/0x2d0
[   25.002187]  ? kasan_addr_to_slab+0x11/0xa0
[   25.002207]  ? mempool_double_free_helper+0x184/0x370
[   25.002231]  kasan_report_invalid_free+0x10a/0x130
[   25.002255]  ? mempool_double_free_helper+0x184/0x370
[   25.002281]  ? mempool_double_free_helper+0x184/0x370
[   25.002793]  __kasan_mempool_poison_pages+0x115/0x130
[   25.002824]  mempool_free+0x290/0x380
[   25.002982]  mempool_double_free_helper+0x184/0x370
[   25.003009]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   25.003035]  ? dequeue_entities+0x23f/0x1630
[   25.003061]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.003083]  ? finish_task_switch.isra.0+0x153/0x700
[   25.003107]  mempool_page_alloc_double_free+0xe8/0x140
[   25.003132]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   25.003160]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   25.003183]  ? __pfx_mempool_free_pages+0x10/0x10
[   25.003208]  ? __pfx_read_tsc+0x10/0x10
[   25.003232]  ? ktime_get_ts64+0x86/0x230
[   25.003258]  kunit_try_run_case+0x1a5/0x480
[   25.003283]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.003317]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.003341]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.003363]  ? __kthread_parkme+0x82/0x180
[   25.003383]  ? preempt_count_sub+0x50/0x80
[   25.003405]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.003427]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.003454]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.003480]  kthread+0x337/0x6f0
[   25.003499]  ? trace_preempt_on+0x20/0xc0
[   25.003523]  ? __pfx_kthread+0x10/0x10
[   25.003542]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.003582]  ? calculate_sigpending+0x7b/0xa0
[   25.003607]  ? __pfx_kthread+0x10/0x10
[   25.003627]  ret_from_fork+0x116/0x1d0
[   25.003647]  ? __pfx_kthread+0x10/0x10
[   25.003666]  ret_from_fork_asm+0x1a/0x30
[   25.003698]  </TASK>
[   25.003709] 
[   25.020788] The buggy address belongs to the physical page:
[   25.021450] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106104
[   25.021727] flags: 0x200000000000000(node=0|zone=2)
[   25.022183] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   25.023082] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.023828] page dumped because: kasan: bad access detected
[   25.024139] 
[   25.024316] Memory state around the buggy address:
[   25.024923]  ffff888106103f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.025190]  ffff888106103f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.025413] >ffff888106104000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.025739]                    ^
[   25.026105]  ffff888106104080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.026822]  ffff888106104100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.027636] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zxLYbkO55A3MZOuL8WgggPQedZ

job_id

TEST:linaro@lkft#2zxLfHMSY6akRqbBhVsf5z5iz9e

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxLfHMSY6akRqbBhVsf5z5iz9e

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLbmLo3GA6FujcMpRElLVLfuq/bzImage
sha256sum	97fecc995324d61966003161d99859708a9b079452d45536b9403860fef72719

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLbmLo3GA6FujcMpRElLVLfuq/modules.tar.xz
sha256sum	ce1222732442295d109620928fd8d84fb1cc2fb5dcb61e49ba48e8a442ce3bba

durations

tests

boot	0
kunit	232.49

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit