lkft/linux-next-master - next-20250722 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 22, 2025, 5:13 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.436447] ==================================================================
[   32.436511] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.436569] Free of addr fff00000c9a95b00 by task kunit_try_catch/266
[   32.436611] 
[   32.436644] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   32.436780] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.437673] Hardware name: linux,dummy-virt (DT)
[   32.437767] Call trace:
[   32.437833]  show_stack+0x20/0x38 (C)
[   32.437932]  dump_stack_lvl+0x8c/0xd0
[   32.438012]  print_report+0x118/0x5e8
[   32.438347]  kasan_report_invalid_free+0xc0/0xe8
[   32.438486]  check_slab_allocation+0xd4/0x108
[   32.438569]  __kasan_mempool_poison_object+0x78/0x150
[   32.438639]  mempool_free+0x3f4/0x5f0
[   32.438725]  mempool_double_free_helper+0x150/0x2e8
[   32.439013]  mempool_kmalloc_double_free+0xc0/0x118
[   32.439449]  kunit_try_run_case+0x170/0x3f0
[   32.439891]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.440031]  kthread+0x328/0x630
[   32.440127]  ret_from_fork+0x10/0x20
[   32.440488] 
[   32.440540] Allocated by task 266:
[   32.440592]  kasan_save_stack+0x3c/0x68
[   32.440734]  kasan_save_track+0x20/0x40
[   32.440792]  kasan_save_alloc_info+0x40/0x58
[   32.440845]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.441235]  remove_element+0x130/0x1f8
[   32.441337]  mempool_alloc_preallocated+0x58/0xc0
[   32.441396]  mempool_double_free_helper+0x94/0x2e8
[   32.441437]  mempool_kmalloc_double_free+0xc0/0x118
[   32.441782]  kunit_try_run_case+0x170/0x3f0
[   32.441893]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.441972]  kthread+0x328/0x630
[   32.442051]  ret_from_fork+0x10/0x20
[   32.442472] 
[   32.442613] Freed by task 266:
[   32.442691]  kasan_save_stack+0x3c/0x68
[   32.442807]  kasan_save_track+0x20/0x40
[   32.442891]  kasan_save_free_info+0x4c/0x78
[   32.442936]  __kasan_mempool_poison_object+0xc0/0x150
[   32.443311]  mempool_free+0x3f4/0x5f0
[   32.443416]  mempool_double_free_helper+0x100/0x2e8
[   32.443489]  mempool_kmalloc_double_free+0xc0/0x118
[   32.443862]  kunit_try_run_case+0x170/0x3f0
[   32.443918]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.444189]  kthread+0x328/0x630
[   32.444332]  ret_from_fork+0x10/0x20
[   32.444547] 
[   32.444656] The buggy address belongs to the object at fff00000c9a95b00
[   32.444656]  which belongs to the cache kmalloc-128 of size 128
[   32.445173] The buggy address is located 0 bytes inside of
[   32.445173]  128-byte region [fff00000c9a95b00, fff00000c9a95b80)
[   32.445272] 
[   32.445310] The buggy address belongs to the physical page:
[   32.445351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a95
[   32.445406] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.445786] page_type: f5(slab)
[   32.445866] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.445919] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.445960] page dumped because: kasan: bad access detected
[   32.446008] 
[   32.446026] Memory state around the buggy address:
[   32.446076]  fff00000c9a95a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.446136]  fff00000c9a95a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.446185] >fff00000c9a95b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.446223]                    ^
[   32.446251]  fff00000c9a95b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.446303]  fff00000c9a95c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.446341] ==================================================================
[   32.471350] ==================================================================
[   32.471414] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.471827] Free of addr fff00000c9ba0000 by task kunit_try_catch/270
[   32.471888] 
[   32.471923] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   32.472023] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.472144] Hardware name: linux,dummy-virt (DT)
[   32.472193] Call trace:
[   32.472218]  show_stack+0x20/0x38 (C)
[   32.472553]  dump_stack_lvl+0x8c/0xd0
[   32.472632]  print_report+0x118/0x5e8
[   32.472794]  kasan_report_invalid_free+0xc0/0xe8
[   32.472948]  __kasan_mempool_poison_pages+0xe0/0xe8
[   32.473036]  mempool_free+0x3ac/0x5f0
[   32.473165]  mempool_double_free_helper+0x150/0x2e8
[   32.473275]  mempool_page_alloc_double_free+0xbc/0x118
[   32.473328]  kunit_try_run_case+0x170/0x3f0
[   32.473375]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.473434]  kthread+0x328/0x630
[   32.473778]  ret_from_fork+0x10/0x20
[   32.473877] 
[   32.473972] The buggy address belongs to the physical page:
[   32.474060] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ba0
[   32.474146] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.474358] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   32.474422] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   32.474803] page dumped because: kasan: bad access detected
[   32.474867] 
[   32.475157] Memory state around the buggy address:
[   32.475337]  fff00000c9b9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.475438]  fff00000c9b9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.475486] >fff00000c9ba0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.475531]                    ^
[   32.475559]  fff00000c9ba0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.475602]  fff00000c9ba0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.475640] ==================================================================
[   32.454600] ==================================================================
[   32.454658] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.454709] Free of addr fff00000c9ba0000 by task kunit_try_catch/268
[   32.454752] 
[   32.454782] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   32.454904] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.454942] Hardware name: linux,dummy-virt (DT)
[   32.454979] Call trace:
[   32.455002]  show_stack+0x20/0x38 (C)
[   32.455049]  dump_stack_lvl+0x8c/0xd0
[   32.455095]  print_report+0x118/0x5e8
[   32.455137]  kasan_report_invalid_free+0xc0/0xe8
[   32.455184]  __kasan_mempool_poison_object+0x14c/0x150
[   32.455231]  mempool_free+0x3f4/0x5f0
[   32.455274]  mempool_double_free_helper+0x150/0x2e8
[   32.455323]  mempool_kmalloc_large_double_free+0xc0/0x118
[   32.455374]  kunit_try_run_case+0x170/0x3f0
[   32.455421]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.455471]  kthread+0x328/0x630
[   32.455513]  ret_from_fork+0x10/0x20
[   32.455559] 
[   32.455588] The buggy address belongs to the physical page:
[   32.455623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ba0
[   32.455676] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.455725] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.455777] page_type: f8(unknown)
[   32.456301] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.456364] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.456880] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.456961] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.457032] head: 0bfffe0000000002 ffffc1ffc326e801 00000000ffffffff 00000000ffffffff
[   32.457107] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.457298] page dumped because: kasan: bad access detected
[   32.457440] 
[   32.457508] Memory state around the buggy address:
[   32.458170]  fff00000c9b9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.458269]  fff00000c9b9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.458501] >fff00000c9ba0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.458545]                    ^
[   32.458576]  fff00000c9ba0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.458627]  fff00000c9ba0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.458665] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30DTUf0OK0VH9qRRuXmJxNbWT3c

job_id

TEST:linaro@lkft#30DTZX2OzvYa7G43GSjb9LZqhSf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30DTZX2OzvYa7G43GSjb9LZqhSf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/Image.gz
sha256sum	d1cc5806bf2ddfbb3802a0a4fd0f8138bf5c842af834ddb398ed867c7a51e5d1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/modules.tar.xz
sha256sum	452c7cc5a7d7fdc2801beb99bb9725c2d2534c879c8c3f4ae12898cd8ccb0426

durations

tests

boot	0
kunit	164.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   26.781086] ==================================================================
[   26.781505] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.781742] Free of addr ffff888105890000 by task kunit_try_catch/287
[   26.782001] 
[   26.782087] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   26.782185] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.782201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.782231] Call Trace:
[   26.782245]  <TASK>
[   26.782259]  dump_stack_lvl+0x73/0xb0
[   26.782291]  print_report+0xd1/0x640
[   26.782316]  ? __virt_addr_valid+0x1db/0x2d0
[   26.782343]  ? kasan_addr_to_slab+0x11/0xa0
[   26.782366]  ? mempool_double_free_helper+0x184/0x370
[   26.782392]  kasan_report_invalid_free+0x10a/0x130
[   26.782420]  ? mempool_double_free_helper+0x184/0x370
[   26.782449]  ? mempool_double_free_helper+0x184/0x370
[   26.782475]  __kasan_mempool_poison_pages+0x115/0x130
[   26.782502]  mempool_free+0x430/0x640
[   26.782530]  mempool_double_free_helper+0x184/0x370
[   26.782556]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.782584]  ? dequeue_entities+0x23f/0x1630
[   26.782610]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.782633]  ? finish_task_switch.isra.0+0x153/0x700
[   26.783058]  mempool_page_alloc_double_free+0xe8/0x140
[   26.783102]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   26.783135]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   26.783170]  ? __pfx_mempool_free_pages+0x10/0x10
[   26.783198]  ? __pfx_read_tsc+0x10/0x10
[   26.783221]  ? ktime_get_ts64+0x86/0x230
[   26.783247]  kunit_try_run_case+0x1a5/0x480
[   26.783273]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.783298]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.783326]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.783353]  ? __kthread_parkme+0x82/0x180
[   26.783375]  ? preempt_count_sub+0x50/0x80
[   26.783400]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.783425]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.783520]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.783552]  kthread+0x337/0x6f0
[   26.783574]  ? trace_preempt_on+0x20/0xc0
[   26.783598]  ? __pfx_kthread+0x10/0x10
[   26.783620]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.783644]  ? calculate_sigpending+0x7b/0xa0
[   26.783669]  ? __pfx_kthread+0x10/0x10
[   26.783691]  ret_from_fork+0x116/0x1d0
[   26.783711]  ? __pfx_kthread+0x10/0x10
[   26.783731]  ret_from_fork_asm+0x1a/0x30
[   26.783763]  </TASK>
[   26.783774] 
[   26.796177] The buggy address belongs to the physical page:
[   26.796441] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105890
[   26.797525] flags: 0x200000000000000(node=0|zone=2)
[   26.797849] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   26.798324] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   26.798803] page dumped because: kasan: bad access detected
[   26.799032] 
[   26.799128] Memory state around the buggy address:
[   26.799542]  ffff88810588ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.799861]  ffff88810588ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.800157] >ffff888105890000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.800728]                    ^
[   26.800887]  ffff888105890080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.801362]  ffff888105890100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.801732] ==================================================================
[   26.752042] ==================================================================
[   26.752734] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.753731] Free of addr ffff888105890000 by task kunit_try_catch/285
[   26.754666] 
[   26.754807] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   26.754871] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.754886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.754908] Call Trace:
[   26.754922]  <TASK>
[   26.754938]  dump_stack_lvl+0x73/0xb0
[   26.754968]  print_report+0xd1/0x640
[   26.754992]  ? __virt_addr_valid+0x1db/0x2d0
[   26.755018]  ? kasan_addr_to_slab+0x11/0xa0
[   26.755040]  ? mempool_double_free_helper+0x184/0x370
[   26.755065]  kasan_report_invalid_free+0x10a/0x130
[   26.755090]  ? mempool_double_free_helper+0x184/0x370
[   26.755119]  ? mempool_double_free_helper+0x184/0x370
[   26.755142]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   26.755336]  mempool_free+0x490/0x640
[   26.755369]  mempool_double_free_helper+0x184/0x370
[   26.755396]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.755421]  ? dequeue_entities+0x23f/0x1630
[   26.755446]  ? __kasan_check_write+0x18/0x20
[   26.755510]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.755535]  ? finish_task_switch.isra.0+0x153/0x700
[   26.755561]  mempool_kmalloc_large_double_free+0xed/0x140
[   26.755588]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   26.755615]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.755638]  ? __pfx_mempool_kfree+0x10/0x10
[   26.755663]  ? __pfx_read_tsc+0x10/0x10
[   26.755684]  ? ktime_get_ts64+0x86/0x230
[   26.755712]  kunit_try_run_case+0x1a5/0x480
[   26.755737]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.755760]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.755786]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.755812]  ? __kthread_parkme+0x82/0x180
[   26.755842]  ? preempt_count_sub+0x50/0x80
[   26.755865]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.755889]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.755913]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.755938]  kthread+0x337/0x6f0
[   26.755958]  ? trace_preempt_on+0x20/0xc0
[   26.755981]  ? __pfx_kthread+0x10/0x10
[   26.756002]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.756026]  ? calculate_sigpending+0x7b/0xa0
[   26.756050]  ? __pfx_kthread+0x10/0x10
[   26.756072]  ret_from_fork+0x116/0x1d0
[   26.756092]  ? __pfx_kthread+0x10/0x10
[   26.756113]  ret_from_fork_asm+0x1a/0x30
[   26.756144]  </TASK>
[   26.756156] 
[   26.769147] The buggy address belongs to the physical page:
[   26.769384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105890
[   26.770111] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.770538] flags: 0x200000000000040(head|node=0|zone=2)
[   26.770763] page_type: f8(unknown)
[   26.770927] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.771281] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.772005] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.772772] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.773256] head: 0200000000000002 ffffea0004162401 00000000ffffffff 00000000ffffffff
[   26.773801] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.774141] page dumped because: kasan: bad access detected
[   26.774375] 
[   26.774759] Memory state around the buggy address:
[   26.775287]  ffff88810588ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.775959]  ffff88810588ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.776664] >ffff888105890000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.776980]                    ^
[   26.777134]  ffff888105890080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.778018]  ffff888105890100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.778467] ==================================================================
[   26.724308] ==================================================================
[   26.725026] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.725372] Free of addr ffff8881058a9d00 by task kunit_try_catch/283
[   26.725660] 
[   26.725767] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   26.725816] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.725842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.725866] Call Trace:
[   26.725879]  <TASK>
[   26.725894]  dump_stack_lvl+0x73/0xb0
[   26.725925]  print_report+0xd1/0x640
[   26.725949]  ? __virt_addr_valid+0x1db/0x2d0
[   26.725975]  ? kasan_complete_mode_report_info+0x64/0x200
[   26.726001]  ? mempool_double_free_helper+0x184/0x370
[   26.726026]  kasan_report_invalid_free+0x10a/0x130
[   26.726051]  ? mempool_double_free_helper+0x184/0x370
[   26.726077]  ? mempool_double_free_helper+0x184/0x370
[   26.726101]  ? mempool_double_free_helper+0x184/0x370
[   26.726125]  check_slab_allocation+0x101/0x130
[   26.726147]  __kasan_mempool_poison_object+0x91/0x1d0
[   26.726186]  mempool_free+0x490/0x640
[   26.726214]  mempool_double_free_helper+0x184/0x370
[   26.726239]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.726267]  ? finish_task_switch.isra.0+0x153/0x700
[   26.726293]  mempool_kmalloc_double_free+0xed/0x140
[   26.726317]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   26.726345]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.726368]  ? __pfx_mempool_kfree+0x10/0x10
[   26.726395]  ? __pfx_read_tsc+0x10/0x10
[   26.726417]  ? ktime_get_ts64+0x86/0x230
[   26.726443]  kunit_try_run_case+0x1a5/0x480
[   26.726469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.726491]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.726517]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.726543]  ? __kthread_parkme+0x82/0x180
[   26.726563]  ? preempt_count_sub+0x50/0x80
[   26.726586]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.726611]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.726636]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.726659]  kthread+0x337/0x6f0
[   26.726680]  ? trace_preempt_on+0x20/0xc0
[   26.726703]  ? __pfx_kthread+0x10/0x10
[   26.726724]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.726748]  ? calculate_sigpending+0x7b/0xa0
[   26.726772]  ? __pfx_kthread+0x10/0x10
[   26.726794]  ret_from_fork+0x116/0x1d0
[   26.726813]  ? __pfx_kthread+0x10/0x10
[   26.726843]  ret_from_fork_asm+0x1a/0x30
[   26.726875]  </TASK>
[   26.726887] 
[   26.735076] Allocated by task 283:
[   26.735206]  kasan_save_stack+0x45/0x70
[   26.735352]  kasan_save_track+0x18/0x40
[   26.735543]  kasan_save_alloc_info+0x3b/0x50
[   26.735752]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   26.736020]  remove_element+0x11e/0x190
[   26.736240]  mempool_alloc_preallocated+0x4d/0x90
[   26.736401]  mempool_double_free_helper+0x8a/0x370
[   26.736560]  mempool_kmalloc_double_free+0xed/0x140
[   26.736760]  kunit_try_run_case+0x1a5/0x480
[   26.736983]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.737343]  kthread+0x337/0x6f0
[   26.737512]  ret_from_fork+0x116/0x1d0
[   26.737696]  ret_from_fork_asm+0x1a/0x30
[   26.737896] 
[   26.737969] Freed by task 283:
[   26.738119]  kasan_save_stack+0x45/0x70
[   26.738305]  kasan_save_track+0x18/0x40
[   26.738470]  kasan_save_free_info+0x3f/0x60
[   26.738664]  __kasan_mempool_poison_object+0x131/0x1d0
[   26.738903]  mempool_free+0x490/0x640
[   26.739102]  mempool_double_free_helper+0x109/0x370
[   26.739339]  mempool_kmalloc_double_free+0xed/0x140
[   26.739530]  kunit_try_run_case+0x1a5/0x480
[   26.739675]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.739861]  kthread+0x337/0x6f0
[   26.739982]  ret_from_fork+0x116/0x1d0
[   26.740114]  ret_from_fork_asm+0x1a/0x30
[   26.740256] 
[   26.740326] The buggy address belongs to the object at ffff8881058a9d00
[   26.740326]  which belongs to the cache kmalloc-128 of size 128
[   26.740767] The buggy address is located 0 bytes inside of
[   26.740767]  128-byte region [ffff8881058a9d00, ffff8881058a9d80)
[   26.741480] 
[   26.741580] The buggy address belongs to the physical page:
[   26.741850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9
[   26.742257] flags: 0x200000000000000(node=0|zone=2)
[   26.742482] page_type: f5(slab)
[   26.742602] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.742846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.743078] page dumped because: kasan: bad access detected
[   26.743249] 
[   26.743315] Memory state around the buggy address:
[   26.743547]  ffff8881058a9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.743877]  ffff8881058a9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.744194] >ffff8881058a9d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.744519]                    ^
[   26.744680]  ffff8881058a9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.745018]  ffff8881058a9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.745434] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30DTUf0OK0VH9qRRuXmJxNbWT3c

job_id

TEST:linaro@lkft#30DTaY6z8UwWD3YGu9YRztFNOsK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30DTaY6z8UwWD3YGu9YRztFNOsK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTXAeOhEZKsCgysZTjz87X5dZ/bzImage
sha256sum	1dd9efd1ac1eaef764f151ccb4e75e2e5c7d980bfbf23ba6be71db9b997a5fe3

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTXAeOhEZKsCgysZTjz87X5dZ/modules.tar.xz
sha256sum	9563d5b087e0cfc4afa89d2de9a36b56201d28fc6e930509c5f9737522fc7569

durations

tests

boot	0
kunit	240.24

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit