lkft/linux-next-master - next-20250723 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 23, 2025, 3:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.657998] ==================================================================
[   32.658071] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.658212] Free of addr fff00000c9bd9a00 by task kunit_try_catch/268
[   32.658372] 
[   32.658517] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   32.658791] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.658852] Hardware name: linux,dummy-virt (DT)
[   32.658886] Call trace:
[   32.658918]  show_stack+0x20/0x38 (C)
[   32.658968]  dump_stack_lvl+0x8c/0xd0
[   32.659405]  print_report+0x118/0x5e8
[   32.659692]  kasan_report_invalid_free+0xc0/0xe8
[   32.659871]  check_slab_allocation+0xd4/0x108
[   32.659975]  __kasan_mempool_poison_object+0x78/0x150
[   32.660062]  mempool_free+0x3f4/0x5f0
[   32.660118]  mempool_double_free_helper+0x150/0x2e8
[   32.660483]  mempool_kmalloc_double_free+0xc0/0x118
[   32.660656]  kunit_try_run_case+0x170/0x3f0
[   32.660706]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.660787]  kthread+0x328/0x630
[   32.660893]  ret_from_fork+0x10/0x20
[   32.660954] 
[   32.660975] Allocated by task 268:
[   32.661033]  kasan_save_stack+0x3c/0x68
[   32.661076]  kasan_save_track+0x20/0x40
[   32.661112]  kasan_save_alloc_info+0x40/0x58
[   32.661151]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.661194]  remove_element+0x130/0x1f8
[   32.661233]  mempool_alloc_preallocated+0x58/0xc0
[   32.661578]  mempool_double_free_helper+0x94/0x2e8
[   32.661660]  mempool_kmalloc_double_free+0xc0/0x118
[   32.661703]  kunit_try_run_case+0x170/0x3f0
[   32.661751]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.662055]  kthread+0x328/0x630
[   32.662308]  ret_from_fork+0x10/0x20
[   32.662373] 
[   32.662394] Freed by task 268:
[   32.662474]  kasan_save_stack+0x3c/0x68
[   32.662591]  kasan_save_track+0x20/0x40
[   32.662627]  kasan_save_free_info+0x4c/0x78
[   32.662665]  __kasan_mempool_poison_object+0xc0/0x150
[   32.662833]  mempool_free+0x3f4/0x5f0
[   32.662999]  mempool_double_free_helper+0x100/0x2e8
[   32.663066]  mempool_kmalloc_double_free+0xc0/0x118
[   32.663108]  kunit_try_run_case+0x170/0x3f0
[   32.663306]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.663358]  kthread+0x328/0x630
[   32.663392]  ret_from_fork+0x10/0x20
[   32.663646] 
[   32.663679] The buggy address belongs to the object at fff00000c9bd9a00
[   32.663679]  which belongs to the cache kmalloc-128 of size 128
[   32.663742] The buggy address is located 0 bytes inside of
[   32.663742]  128-byte region [fff00000c9bd9a00, fff00000c9bd9a80)
[   32.663801] 
[   32.663822] The buggy address belongs to the physical page:
[   32.663867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bd9
[   32.663933] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.664342] page_type: f5(slab)
[   32.664503] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.664554] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.664659] page dumped because: kasan: bad access detected
[   32.664690] 
[   32.664711] Memory state around the buggy address:
[   32.664742]  fff00000c9bd9900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.664789]  fff00000c9bd9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.664855] >fff00000c9bd9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.664893]                    ^
[   32.664935]  fff00000c9bd9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.665007]  fff00000c9bd9b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.665447] ==================================================================
[   32.673272] ==================================================================
[   32.673332] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.673389] Free of addr fff00000c9bf8000 by task kunit_try_catch/270
[   32.673431] 
[   32.673486] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   32.673578] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.673606] Hardware name: linux,dummy-virt (DT)
[   32.673642] Call trace:
[   32.673753]  show_stack+0x20/0x38 (C)
[   32.673917]  dump_stack_lvl+0x8c/0xd0
[   32.674032]  print_report+0x118/0x5e8
[   32.674076]  kasan_report_invalid_free+0xc0/0xe8
[   32.674123]  __kasan_mempool_poison_object+0x14c/0x150
[   32.674178]  mempool_free+0x3f4/0x5f0
[   32.674384]  mempool_double_free_helper+0x150/0x2e8
[   32.674435]  mempool_kmalloc_large_double_free+0xc0/0x118
[   32.674486]  kunit_try_run_case+0x170/0x3f0
[   32.674534]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.674596]  kthread+0x328/0x630
[   32.674797]  ret_from_fork+0x10/0x20
[   32.674931] 
[   32.674956] The buggy address belongs to the physical page:
[   32.674995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bf8
[   32.675389] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.675741] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.675870] page_type: f8(unknown)
[   32.675921] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.675974] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.676026] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.676077] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.676129] head: 0bfffe0000000002 ffffc1ffc326fe01 00000000ffffffff 00000000ffffffff
[   32.676182] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.676224] page dumped because: kasan: bad access detected
[   32.676258] 
[   32.676280] Memory state around the buggy address:
[   32.676313]  fff00000c9bf7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.676359]  fff00000c9bf7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.676401] >fff00000c9bf8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.676442]                    ^
[   32.676473]  fff00000c9bf8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.677333]  fff00000c9bf8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.677700] ==================================================================
[   32.691721] ==================================================================
[   32.691783] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   32.691838] Free of addr fff00000c9bfc000 by task kunit_try_catch/272
[   32.691883] 
[   32.691939] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   32.692055] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.692123] Hardware name: linux,dummy-virt (DT)
[   32.692165] Call trace:
[   32.692190]  show_stack+0x20/0x38 (C)
[   32.692242]  dump_stack_lvl+0x8c/0xd0
[   32.692290]  print_report+0x118/0x5e8
[   32.692344]  kasan_report_invalid_free+0xc0/0xe8
[   32.692393]  __kasan_mempool_poison_pages+0xe0/0xe8
[   32.692441]  mempool_free+0x3ac/0x5f0
[   32.692488]  mempool_double_free_helper+0x150/0x2e8
[   32.692573]  mempool_page_alloc_double_free+0xbc/0x118
[   32.692626]  kunit_try_run_case+0x170/0x3f0
[   32.692676]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.692727]  kthread+0x328/0x630
[   32.692771]  ret_from_fork+0x10/0x20
[   32.692818] 
[   32.692920] The buggy address belongs to the physical page:
[   32.692980] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bfc
[   32.693082] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.693202] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   32.693292] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   32.693390] page dumped because: kasan: bad access detected
[   32.693472] 
[   32.693571] Memory state around the buggy address:
[   32.693616]  fff00000c9bfbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.693661]  fff00000c9bfbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.693729] >fff00000c9bfc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.693772]                    ^
[   32.693805]  fff00000c9bfc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.694244]  fff00000c9bfc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.694326] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3i68xlwMFkooOhGrPcdOJwq6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3i68xlwMFkooOhGrPcdOJwq6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/Image.gz
sha256sum	b30e1898089cf202216a8d94747025c3be63110289f9fb6007e080b423a71d05

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/modules.tar.xz
sha256sum	eb69e4b4edadc912a9040d92071e298890d9adf22425e3972f798522efd0a9a6

durations

tests

boot	0
kunit	175.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   26.958604] ==================================================================
[   26.959183] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.959538] Free of addr ffff888106228000 by task kunit_try_catch/288
[   26.959869] 
[   26.960040] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   26.960094] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.960106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.960129] Call Trace:
[   26.960153]  <TASK>
[   26.960172]  dump_stack_lvl+0x73/0xb0
[   26.960203]  print_report+0xd1/0x640
[   26.960227]  ? __virt_addr_valid+0x1db/0x2d0
[   26.960252]  ? kasan_addr_to_slab+0x11/0xa0
[   26.960274]  ? mempool_double_free_helper+0x184/0x370
[   26.960299]  kasan_report_invalid_free+0x10a/0x130
[   26.960491]  ? mempool_double_free_helper+0x184/0x370
[   26.960528]  ? mempool_double_free_helper+0x184/0x370
[   26.960551]  __kasan_mempool_poison_pages+0x115/0x130
[   26.960576]  mempool_free+0x430/0x640
[   26.960605]  mempool_double_free_helper+0x184/0x370
[   26.960630]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.960655]  ? dequeue_entities+0x23f/0x1630
[   26.960704]  ? __kasan_check_write+0x18/0x20
[   26.960730]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.960751]  ? finish_task_switch.isra.0+0x153/0x700
[   26.960779]  mempool_page_alloc_double_free+0xe8/0x140
[   26.960805]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   26.960833]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   26.960858]  ? __pfx_mempool_free_pages+0x10/0x10
[   26.960884]  ? __pfx_read_tsc+0x10/0x10
[   26.960906]  ? ktime_get_ts64+0x86/0x230
[   26.960931]  kunit_try_run_case+0x1a5/0x480
[   26.960969]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.960992]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.961019]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.961045]  ? __kthread_parkme+0x82/0x180
[   26.961066]  ? preempt_count_sub+0x50/0x80
[   26.961089]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.961113]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.961137]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.961173]  kthread+0x337/0x6f0
[   26.961194]  ? trace_preempt_on+0x20/0xc0
[   26.961219]  ? __pfx_kthread+0x10/0x10
[   26.961239]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.961263]  ? calculate_sigpending+0x7b/0xa0
[   26.961288]  ? __pfx_kthread+0x10/0x10
[   26.961309]  ret_from_fork+0x116/0x1d0
[   26.961330]  ? __pfx_kthread+0x10/0x10
[   26.961351]  ret_from_fork_asm+0x1a/0x30
[   26.961437]  </TASK>
[   26.961451] 
[   26.976510] The buggy address belongs to the physical page:
[   26.976832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228
[   26.977403] flags: 0x200000000000000(node=0|zone=2)
[   26.977879] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   26.978527] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   26.978839] page dumped because: kasan: bad access detected
[   26.979043] 
[   26.979207] Memory state around the buggy address:
[   26.979658]  ffff888106227f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.980399]  ffff888106227f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.981161] >ffff888106228000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.981759]                    ^
[   26.981893]  ffff888106228080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.982494]  ffff888106228100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.982833] ==================================================================
[   26.931741] ==================================================================
[   26.932330] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.933135] Free of addr ffff8881060f0000 by task kunit_try_catch/286
[   26.933756] 
[   26.934014] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   26.934070] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.934083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.934107] Call Trace:
[   26.934121]  <TASK>
[   26.934142]  dump_stack_lvl+0x73/0xb0
[   26.934186]  print_report+0xd1/0x640
[   26.934210]  ? __virt_addr_valid+0x1db/0x2d0
[   26.934238]  ? kasan_addr_to_slab+0x11/0xa0
[   26.934259]  ? mempool_double_free_helper+0x184/0x370
[   26.934283]  kasan_report_invalid_free+0x10a/0x130
[   26.934308]  ? mempool_double_free_helper+0x184/0x370
[   26.934335]  ? mempool_double_free_helper+0x184/0x370
[   26.934358]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   26.934450]  mempool_free+0x490/0x640
[   26.934483]  mempool_double_free_helper+0x184/0x370
[   26.934508]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.934533]  ? dequeue_entities+0x23f/0x1630
[   26.934558]  ? __kasan_check_write+0x18/0x20
[   26.934582]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.934604]  ? finish_task_switch.isra.0+0x153/0x700
[   26.934632]  mempool_kmalloc_large_double_free+0xed/0x140
[   26.934657]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   26.934682]  ? __kasan_check_write+0x18/0x20
[   26.934708]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.934732]  ? __pfx_mempool_kfree+0x10/0x10
[   26.934758]  ? __pfx_read_tsc+0x10/0x10
[   26.934781]  ? ktime_get_ts64+0x86/0x230
[   26.934803]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   26.934830]  kunit_try_run_case+0x1a5/0x480
[   26.934857]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.934882]  ? queued_spin_lock_slowpath+0x116/0xb40
[   26.934909]  ? __kthread_parkme+0x82/0x180
[   26.934930]  ? preempt_count_sub+0x50/0x80
[   26.934953]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.934977]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.935002]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.935025]  kthread+0x337/0x6f0
[   26.935046]  ? trace_preempt_on+0x20/0xc0
[   26.935071]  ? __pfx_kthread+0x10/0x10
[   26.935092]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.935115]  ? calculate_sigpending+0x7b/0xa0
[   26.935140]  ? __pfx_kthread+0x10/0x10
[   26.935174]  ret_from_fork+0x116/0x1d0
[   26.935196]  ? __pfx_kthread+0x10/0x10
[   26.935218]  ret_from_fork_asm+0x1a/0x30
[   26.935250]  </TASK>
[   26.935262] 
[   26.948766] The buggy address belongs to the physical page:
[   26.949082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f0
[   26.949417] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.949759] flags: 0x200000000000040(head|node=0|zone=2)
[   26.950009] page_type: f8(unknown)
[   26.950255] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.950678] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.951052] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.951581] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.951943] head: 0200000000000002 ffffea0004183c01 00000000ffffffff 00000000ffffffff
[   26.952432] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.952777] page dumped because: kasan: bad access detected
[   26.953012] 
[   26.953105] Memory state around the buggy address:
[   26.953353]  ffff8881060eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.953759]  ffff8881060eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.954040] >ffff8881060f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.954313]                    ^
[   26.954475]  ffff8881060f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.954788]  ffff8881060f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.955115] ==================================================================
[   26.890678] ==================================================================
[   26.891674] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   26.892572] Free of addr ffff8881060a7100 by task kunit_try_catch/284
[   26.892784] 
[   26.892875] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   26.892929] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.892942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.892966] Call Trace:
[   26.892980]  <TASK>
[   26.892998]  dump_stack_lvl+0x73/0xb0
[   26.893030]  print_report+0xd1/0x640
[   26.893053]  ? __virt_addr_valid+0x1db/0x2d0
[   26.893079]  ? kasan_complete_mode_report_info+0x64/0x200
[   26.893104]  ? mempool_double_free_helper+0x184/0x370
[   26.893128]  kasan_report_invalid_free+0x10a/0x130
[   26.893170]  ? mempool_double_free_helper+0x184/0x370
[   26.893196]  ? mempool_double_free_helper+0x184/0x370
[   26.893218]  ? mempool_double_free_helper+0x184/0x370
[   26.893240]  check_slab_allocation+0x101/0x130
[   26.893263]  __kasan_mempool_poison_object+0x91/0x1d0
[   26.893286]  mempool_free+0x490/0x640
[   26.893315]  mempool_double_free_helper+0x184/0x370
[   26.893339]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   26.893365]  ? finish_task_switch.isra.0+0x153/0x700
[   26.893391]  mempool_kmalloc_double_free+0xed/0x140
[   26.893415]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   26.893441]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.893465]  ? __pfx_mempool_kfree+0x10/0x10
[   26.893490]  ? __pfx_read_tsc+0x10/0x10
[   26.893513]  ? ktime_get_ts64+0x86/0x230
[   26.893539]  kunit_try_run_case+0x1a5/0x480
[   26.893564]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.893587]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.893614]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.893639]  ? __kthread_parkme+0x82/0x180
[   26.893680]  ? preempt_count_sub+0x50/0x80
[   26.893705]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.893729]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.893753]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.893777]  kthread+0x337/0x6f0
[   26.893798]  ? trace_preempt_on+0x20/0xc0
[   26.893823]  ? __pfx_kthread+0x10/0x10
[   26.893844]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.893868]  ? calculate_sigpending+0x7b/0xa0
[   26.893892]  ? __pfx_kthread+0x10/0x10
[   26.893914]  ret_from_fork+0x116/0x1d0
[   26.893935]  ? __pfx_kthread+0x10/0x10
[   26.893956]  ret_from_fork_asm+0x1a/0x30
[   26.893988]  </TASK>
[   26.893999] 
[   26.909286] Allocated by task 284:
[   26.909708]  kasan_save_stack+0x45/0x70
[   26.910127]  kasan_save_track+0x18/0x40
[   26.910528]  kasan_save_alloc_info+0x3b/0x50
[   26.910695]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   26.911183]  remove_element+0x11e/0x190
[   26.911543]  mempool_alloc_preallocated+0x4d/0x90
[   26.911915]  mempool_double_free_helper+0x8a/0x370
[   26.912187]  mempool_kmalloc_double_free+0xed/0x140
[   26.912347]  kunit_try_run_case+0x1a5/0x480
[   26.912491]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.912699]  kthread+0x337/0x6f0
[   26.912820]  ret_from_fork+0x116/0x1d0
[   26.912949]  ret_from_fork_asm+0x1a/0x30
[   26.913106] 
[   26.913182] Freed by task 284:
[   26.913291]  kasan_save_stack+0x45/0x70
[   26.913436]  kasan_save_track+0x18/0x40
[   26.913568]  kasan_save_free_info+0x3f/0x60
[   26.913712]  __kasan_mempool_poison_object+0x131/0x1d0
[   26.913883]  mempool_free+0x490/0x640
[   26.914041]  mempool_double_free_helper+0x109/0x370
[   26.914384]  mempool_kmalloc_double_free+0xed/0x140
[   26.914855]  kunit_try_run_case+0x1a5/0x480
[   26.915316]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.915789]  kthread+0x337/0x6f0
[   26.916094]  ret_from_fork+0x116/0x1d0
[   26.916519]  ret_from_fork_asm+0x1a/0x30
[   26.916928] 
[   26.917089] The buggy address belongs to the object at ffff8881060a7100
[   26.917089]  which belongs to the cache kmalloc-128 of size 128
[   26.918188] The buggy address is located 0 bytes inside of
[   26.918188]  128-byte region [ffff8881060a7100, ffff8881060a7180)
[   26.919342] 
[   26.919498] The buggy address belongs to the physical page:
[   26.920057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7
[   26.920757] flags: 0x200000000000000(node=0|zone=2)
[   26.920971] page_type: f5(slab)
[   26.921279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.921978] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.922322] page dumped because: kasan: bad access detected
[   26.922813] 
[   26.922878] Memory state around the buggy address:
[   26.923141]  ffff8881060a7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.923834]  ffff8881060a7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.924524] >ffff8881060a7100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.924949]                    ^
[   26.925070]  ffff8881060a7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.925697]  ffff8881060a7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.926357] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3j74iQKw0QFlrSngm0dpeaMJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3j74iQKw0QFlrSngm0dpeaMJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/bzImage
sha256sum	371f4f87cae012670505649e4e687713b51a0312ceeb0d149c78e0b6bf6d272b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/modules.tar.xz
sha256sum	1a60ff32537a1f4915659be5386778e0052a5e702d5e77815e3fc933dbd119e2

durations

tests

boot	0
kunit	253.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit