lkft/linux-stable-rc-linux-6.15.y - v6.15-50-g86677b94d603 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

June 2, 2025, 2:11 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   35.852760] ==================================================================
[   35.862699] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   35.869817] Free of addr ffff000803244000 by task kunit_try_catch/284
[   35.876238] 
[   35.877725] CPU: 6 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   35.877777] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.877793] Hardware name: WinLink E850-96 board (DT)
[   35.877817] Call trace:
[   35.877831]  show_stack+0x20/0x38 (C)
[   35.877868]  dump_stack_lvl+0x8c/0xd0
[   35.877903]  print_report+0x118/0x608
[   35.877935]  kasan_report_invalid_free+0xc0/0xe8
[   35.877967]  __kasan_mempool_poison_object+0x14c/0x150
[   35.878000]  mempool_free+0x28c/0x328
[   35.878039]  mempool_double_free_helper+0x150/0x2e8
[   35.878074]  mempool_kmalloc_large_double_free+0xc0/0x118
[   35.878112]  kunit_try_run_case+0x170/0x3f0
[   35.878151]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.878190]  kthread+0x328/0x630
[   35.878225]  ret_from_fork+0x10/0x20
[   35.878260] 
[   35.951675] The buggy address belongs to the physical page:
[   35.957231] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883244
[   35.965215] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.972853] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.979796] page_type: f8(unknown)
[   35.983192] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.990914] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   35.998638] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.006452] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   36.014263] head: 0bfffe0000000002 fffffdffe00c9101 00000000ffffffff 00000000ffffffff
[   36.022075] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   36.029881] page dumped because: kasan: bad access detected
[   36.035436] 
[   36.036913] Memory state around the buggy address:
[   36.041693]  ffff000803243f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.048895]  ffff000803243f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.056101] >ffff000803244000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.063301]                    ^
[   36.066516]  ffff000803244080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.073721]  ffff000803244100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.080923] ==================================================================
[   35.478975] ==================================================================
[   35.488661] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   35.495777] Free of addr ffff000801bfff00 by task kunit_try_catch/282
[   35.502198] 
[   35.503685] CPU: 4 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   35.503741] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.503756] Hardware name: WinLink E850-96 board (DT)
[   35.503778] Call trace:
[   35.503793]  show_stack+0x20/0x38 (C)
[   35.503828]  dump_stack_lvl+0x8c/0xd0
[   35.503862]  print_report+0x118/0x608
[   35.503893]  kasan_report_invalid_free+0xc0/0xe8
[   35.503923]  check_slab_allocation+0xd4/0x108
[   35.503956]  __kasan_mempool_poison_object+0x78/0x150
[   35.503989]  mempool_free+0x28c/0x328
[   35.504028]  mempool_double_free_helper+0x150/0x2e8
[   35.504063]  mempool_kmalloc_double_free+0xc0/0x118
[   35.504099]  kunit_try_run_case+0x170/0x3f0
[   35.504135]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.504175]  kthread+0x328/0x630
[   35.504208]  ret_from_fork+0x10/0x20
[   35.504245] 
[   35.581365] Allocated by task 282:
[   35.584753]  kasan_save_stack+0x3c/0x68
[   35.588569]  kasan_save_track+0x20/0x40
[   35.592388]  kasan_save_alloc_info+0x40/0x58
[   35.596641]  __kasan_mempool_unpoison_object+0x11c/0x180
[   35.601936]  remove_element+0x130/0x1f8
[   35.605755]  mempool_alloc_preallocated+0x58/0xc0
[   35.610443]  mempool_double_free_helper+0x94/0x2e8
[   35.615217]  mempool_kmalloc_double_free+0xc0/0x118
[   35.620078]  kunit_try_run_case+0x170/0x3f0
[   35.624245]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.629715]  kthread+0x328/0x630
[   35.632925]  ret_from_fork+0x10/0x20
[   35.636484] 
[   35.637961] Freed by task 282:
[   35.640998]  kasan_save_stack+0x3c/0x68
[   35.644818]  kasan_save_track+0x20/0x40
[   35.648637]  kasan_save_free_info+0x4c/0x78
[   35.652804]  __kasan_mempool_poison_object+0xc0/0x150
[   35.657838]  mempool_free+0x28c/0x328
[   35.661484]  mempool_double_free_helper+0x100/0x2e8
[   35.666345]  mempool_kmalloc_double_free+0xc0/0x118
[   35.671206]  kunit_try_run_case+0x170/0x3f0
[   35.675373]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.680841]  kthread+0x328/0x630
[   35.684053]  ret_from_fork+0x10/0x20
[   35.687612] 
[   35.689089] The buggy address belongs to the object at ffff000801bfff00
[   35.689089]  which belongs to the cache kmalloc-128 of size 128
[   35.701589] The buggy address is located 0 bytes inside of
[   35.701589]  128-byte region [ffff000801bfff00, ffff000801bfff80)
[   35.713132] 
[   35.714611] The buggy address belongs to the physical page:
[   35.720169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881bfe
[   35.728154] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.735792] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.742735] page_type: f5(slab)
[   35.745872] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   35.753590] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000
[   35.761317] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   35.769128] head: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000
[   35.776941] head: 0bfffe0000000001 fffffdffe006ff81 00000000ffffffff 00000000ffffffff
[   35.784753] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   35.792558] page dumped because: kasan: bad access detected
[   35.798114] 
[   35.799589] Memory state around the buggy address:
[   35.804370]  ffff000801bffe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.811572]  ffff000801bffe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.818778] >ffff000801bfff00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.825978]                    ^
[   35.829193]  ffff000801bfff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.836400]  ffff000801c00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.843602] ==================================================================
[   36.089945] ==================================================================
[   36.100546] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   36.107660] Free of addr ffff000803208000 by task kunit_try_catch/286
[   36.114083] 
[   36.115567] CPU: 5 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   36.115618] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.115635] Hardware name: WinLink E850-96 board (DT)
[   36.115660] Call trace:
[   36.115676]  show_stack+0x20/0x38 (C)
[   36.115712]  dump_stack_lvl+0x8c/0xd0
[   36.115747]  print_report+0x118/0x608
[   36.115779]  kasan_report_invalid_free+0xc0/0xe8
[   36.115810]  __kasan_mempool_poison_pages+0xe0/0xe8
[   36.115842]  mempool_free+0x24c/0x328
[   36.115874]  mempool_double_free_helper+0x150/0x2e8
[   36.115909]  mempool_page_alloc_double_free+0xbc/0x118
[   36.115941]  kunit_try_run_case+0x170/0x3f0
[   36.115977]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.116016]  kthread+0x328/0x630
[   36.116052]  ret_from_fork+0x10/0x20
[   36.116089] 
[   36.188995] The buggy address belongs to the physical page:
[   36.194554] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883208
[   36.202538] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   36.209059] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   36.216777] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   36.224496] page dumped because: kasan: bad access detected
[   36.230051] 
[   36.231527] Memory state around the buggy address:
[   36.236307]  ffff000803207f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.243510]  ffff000803207f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.250716] >ffff000803208000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.257916]                    ^
[   36.261131]  ffff000803208080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.268336]  ffff000803208100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   36.275539] ==================================================================

Metadata Full log Test run details

[   20.555708] ==================================================================
[   20.555764] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.555902] Free of addr fff00000c65c4000 by task kunit_try_catch/240
[   20.555961] 
[   20.556039] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.1-rc1 #1 PREEMPT 
[   20.556128] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   20.556187] Hardware name: linux,dummy-virt (DT)
[   20.556225] Call trace:
[   20.556306]  show_stack+0x20/0x38 (C)
[   20.556419]  dump_stack_lvl+0x8c/0xd0
[   20.556492]  print_report+0x118/0x608
[   20.556559]  kasan_report_invalid_free+0xc0/0xe8
[   20.556612]  __kasan_mempool_poison_object+0x14c/0x150
[   20.556664]  mempool_free+0x28c/0x328
[   20.556714]  mempool_double_free_helper+0x150/0x2e8
[   20.556854]  mempool_kmalloc_large_double_free+0xc0/0x118
[   20.556912]  kunit_try_run_case+0x170/0x3f0
[   20.556977]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.557076]  kthread+0x328/0x630
[   20.557142]  ret_from_fork+0x10/0x20
[   20.557242] 
[   20.557280] The buggy address belongs to the physical page:
[   20.557331] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c4
[   20.557397] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.557446] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.557508] page_type: f8(unknown)
[   20.557604] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.557751] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.557804] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.557856] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.557908] head: 0bfffe0000000002 ffffc1ffc3197101 00000000ffffffff 00000000ffffffff
[   20.558093] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.558134] page dumped because: kasan: bad access detected
[   20.558168] 
[   20.558243] Memory state around the buggy address:
[   20.558458]  fff00000c65c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.558918]  fff00000c65c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.559005] >fff00000c65c4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.559276]                    ^
[   20.559324]  fff00000c65c4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.559382]  fff00000c65c4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.559426] ==================================================================
[   20.544063] ==================================================================
[   20.544123] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.544184] Free of addr fff00000c3e64f00 by task kunit_try_catch/238
[   20.544226] 
[   20.544256] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.1-rc1 #1 PREEMPT 
[   20.544343] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   20.544426] Hardware name: linux,dummy-virt (DT)
[   20.544461] Call trace:
[   20.544502]  show_stack+0x20/0x38 (C)
[   20.544589]  dump_stack_lvl+0x8c/0xd0
[   20.544666]  print_report+0x118/0x608
[   20.544769]  kasan_report_invalid_free+0xc0/0xe8
[   20.544822]  check_slab_allocation+0xd4/0x108
[   20.544954]  __kasan_mempool_poison_object+0x78/0x150
[   20.545007]  mempool_free+0x28c/0x328
[   20.545063]  mempool_double_free_helper+0x150/0x2e8
[   20.545252]  mempool_kmalloc_double_free+0xc0/0x118
[   20.545321]  kunit_try_run_case+0x170/0x3f0
[   20.545424]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.545499]  kthread+0x328/0x630
[   20.545623]  ret_from_fork+0x10/0x20
[   20.545784] 
[   20.545867] Allocated by task 238:
[   20.545923]  kasan_save_stack+0x3c/0x68
[   20.546023]  kasan_save_track+0x20/0x40
[   20.546152]  kasan_save_alloc_info+0x40/0x58
[   20.546193]  __kasan_mempool_unpoison_object+0x11c/0x180
[   20.546415]  remove_element+0x130/0x1f8
[   20.546460]  mempool_alloc_preallocated+0x58/0xc0
[   20.546669]  mempool_double_free_helper+0x94/0x2e8
[   20.546767]  mempool_kmalloc_double_free+0xc0/0x118
[   20.546857]  kunit_try_run_case+0x170/0x3f0
[   20.547041]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.547183]  kthread+0x328/0x630
[   20.547389]  ret_from_fork+0x10/0x20
[   20.547545] 
[   20.547657] Freed by task 238:
[   20.547863]  kasan_save_stack+0x3c/0x68
[   20.547918]  kasan_save_track+0x20/0x40
[   20.548174]  kasan_save_free_info+0x4c/0x78
[   20.548268]  __kasan_mempool_poison_object+0xc0/0x150
[   20.548445]  mempool_free+0x28c/0x328
[   20.548515]  mempool_double_free_helper+0x100/0x2e8
[   20.548609]  mempool_kmalloc_double_free+0xc0/0x118
[   20.548733]  kunit_try_run_case+0x170/0x3f0
[   20.548818]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.548927]  kthread+0x328/0x630
[   20.548966]  ret_from_fork+0x10/0x20
[   20.549210] 
[   20.549233] The buggy address belongs to the object at fff00000c3e64f00
[   20.549233]  which belongs to the cache kmalloc-128 of size 128
[   20.549332] The buggy address is located 0 bytes inside of
[   20.549332]  128-byte region [fff00000c3e64f00, fff00000c3e64f80)
[   20.549492] 
[   20.549521] The buggy address belongs to the physical page:
[   20.549552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e64
[   20.549761] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.549812] page_type: f5(slab)
[   20.549851] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   20.549903] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   20.549971] page dumped because: kasan: bad access detected
[   20.550040] 
[   20.550060] Memory state around the buggy address:
[   20.550092]  fff00000c3e64e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.550145]  fff00000c3e64e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.550197] >fff00000c3e64f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.550235]                    ^
[   20.550273]  fff00000c3e64f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.550315]  fff00000c3e65000: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   20.550364] ==================================================================
[   20.565493] ==================================================================
[   20.565556] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.565629] Free of addr fff00000c65c4000 by task kunit_try_catch/242
[   20.565675] 
[   20.565708] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.1-rc1 #1 PREEMPT 
[   20.565796] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   20.565828] Hardware name: linux,dummy-virt (DT)
[   20.565861] Call trace:
[   20.565886]  show_stack+0x20/0x38 (C)
[   20.565940]  dump_stack_lvl+0x8c/0xd0
[   20.566012]  print_report+0x118/0x608
[   20.566130]  kasan_report_invalid_free+0xc0/0xe8
[   20.566283]  __kasan_mempool_poison_pages+0xe0/0xe8
[   20.566373]  mempool_free+0x24c/0x328
[   20.566471]  mempool_double_free_helper+0x150/0x2e8
[   20.566628]  mempool_page_alloc_double_free+0xbc/0x118
[   20.566684]  kunit_try_run_case+0x170/0x3f0
[   20.566738]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.567410]  kthread+0x328/0x630
[   20.568161]  ret_from_fork+0x10/0x20
[   20.568234] 
[   20.568263] The buggy address belongs to the physical page:
[   20.568307] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c4
[   20.568371] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.568439] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   20.568491] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.568534] page dumped because: kasan: bad access detected
[   20.568568] 
[   20.568588] Memory state around the buggy address:
[   20.568623]  fff00000c65c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.568670]  fff00000c65c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.568715] >fff00000c65c4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.568756]                    ^
[   20.568786]  fff00000c65c4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.568831]  fff00000c65c4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.568872] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxImRmF075dm0nsBZ5X666mMHe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxImRmF075dm0nsBZ5X666mMHe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/Image.gz
sha256sum	b9a9fd4a9b1eed9b2355eb855fcee61950b1feb6d9174198b03424c9d229f427

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/modules.tar.xz
sha256sum	369c25ed9d51a74f47b283fc088bebcc674124ca3658d6e259bf0d14f2ebcf1f

durations

tests

boot	0
kunit	197.32

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.591286] ==================================================================
[   18.591898] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   18.592235] Free of addr ffff888103a18000 by task kunit_try_catch/258
[   18.593294] 
[   18.594134] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   18.594281] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.594309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.594350] Call Trace:
[   18.594376]  <TASK>
[   18.594414]  dump_stack_lvl+0x73/0xb0
[   18.594498]  print_report+0xd1/0x650
[   18.594549]  ? __virt_addr_valid+0x1db/0x2d0
[   18.594602]  ? kasan_addr_to_slab+0x11/0xa0
[   18.594626]  ? mempool_double_free_helper+0x184/0x370
[   18.594655]  kasan_report_invalid_free+0x10a/0x130
[   18.594682]  ? mempool_double_free_helper+0x184/0x370
[   18.594711]  ? mempool_double_free_helper+0x184/0x370
[   18.594736]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   18.594789]  mempool_free+0x2ec/0x380
[   18.594818]  mempool_double_free_helper+0x184/0x370
[   18.594845]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   18.594871]  ? dequeue_entities+0x852/0x1740
[   18.594899]  ? finish_task_switch.isra.0+0x153/0x700
[   18.594930]  mempool_kmalloc_large_double_free+0xed/0x140
[   18.594956]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   18.594983]  ? dequeue_task_fair+0x166/0x4e0
[   18.595006]  ? __pfx_mempool_kmalloc+0x10/0x10
[   18.595028]  ? __pfx_mempool_kfree+0x10/0x10
[   18.595053]  ? __pfx_read_tsc+0x10/0x10
[   18.595075]  ? ktime_get_ts64+0x86/0x230
[   18.595108]  kunit_try_run_case+0x1a5/0x480
[   18.595151]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.595175]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.595217]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.595257]  ? __kthread_parkme+0x82/0x180
[   18.595295]  ? preempt_count_sub+0x50/0x80
[   18.595336]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.595371]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.595407]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.595446]  kthread+0x337/0x6f0
[   18.595475]  ? trace_preempt_on+0x20/0xc0
[   18.595514]  ? __pfx_kthread+0x10/0x10
[   18.595543]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.595576]  ? calculate_sigpending+0x7b/0xa0
[   18.595613]  ? __pfx_kthread+0x10/0x10
[   18.595662]  ret_from_fork+0x41/0x80
[   18.595693]  ? __pfx_kthread+0x10/0x10
[   18.595714]  ret_from_fork_asm+0x1a/0x30
[   18.595761]  </TASK>
[   18.595779] 
[   18.612722] The buggy address belongs to the physical page:
[   18.613798] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18
[   18.614652] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.615062] flags: 0x200000000000040(head|node=0|zone=2)
[   18.616074] page_type: f8(unknown)
[   18.616429] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.617023] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.617365] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.617643] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.617913] head: 0200000000000002 ffffea00040e8601 00000000ffffffff 00000000ffffffff
[   18.618165] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.618396] page dumped because: kasan: bad access detected
[   18.618586] 
[   18.618685] Memory state around the buggy address:
[   18.619976]  ffff888103a17f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.620949]  ffff888103a17f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.621723] >ffff888103a18000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.622455]                    ^
[   18.622807]  ffff888103a18080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.624061]  ffff888103a18100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.624580] ==================================================================
[   18.638076] ==================================================================
[   18.639244] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   18.639960] Free of addr ffff888103a1c000 by task kunit_try_catch/260
[   18.640720] 
[   18.641049] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   18.641335] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.641413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.641479] Call Trace:
[   18.641513]  <TASK>
[   18.641554]  dump_stack_lvl+0x73/0xb0
[   18.641666]  print_report+0xd1/0x650
[   18.641740]  ? __virt_addr_valid+0x1db/0x2d0
[   18.641808]  ? kasan_addr_to_slab+0x11/0xa0
[   18.641840]  ? mempool_double_free_helper+0x184/0x370
[   18.641869]  kasan_report_invalid_free+0x10a/0x130
[   18.641897]  ? mempool_double_free_helper+0x184/0x370
[   18.641927]  ? mempool_double_free_helper+0x184/0x370
[   18.641961]  __kasan_mempool_poison_pages+0x115/0x130
[   18.642005]  mempool_free+0x290/0x380
[   18.642037]  mempool_double_free_helper+0x184/0x370
[   18.642063]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   18.642089]  ? update_load_avg+0x1be/0x21b0
[   18.642139]  ? dequeue_entities+0x852/0x1740
[   18.642167]  ? finish_task_switch.isra.0+0x153/0x700
[   18.642370]  mempool_page_alloc_double_free+0xe8/0x140
[   18.642400]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   18.642423]  ? dequeue_task_fair+0x166/0x4e0
[   18.642450]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   18.642472]  ? __pfx_mempool_free_pages+0x10/0x10
[   18.642496]  ? __pfx_read_tsc+0x10/0x10
[   18.642520]  ? ktime_get_ts64+0x86/0x230
[   18.642547]  kunit_try_run_case+0x1a5/0x480
[   18.642575]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.642598]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.642623]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.642647]  ? __kthread_parkme+0x82/0x180
[   18.642671]  ? preempt_count_sub+0x50/0x80
[   18.642697]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.642721]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.642759]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.642795]  kthread+0x337/0x6f0
[   18.642815]  ? trace_preempt_on+0x20/0xc0
[   18.642842]  ? __pfx_kthread+0x10/0x10
[   18.642862]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.642885]  ? calculate_sigpending+0x7b/0xa0
[   18.642909]  ? __pfx_kthread+0x10/0x10
[   18.642930]  ret_from_fork+0x41/0x80
[   18.642952]  ? __pfx_kthread+0x10/0x10
[   18.642973]  ret_from_fork_asm+0x1a/0x30
[   18.643007]  </TASK>
[   18.643023] 
[   18.661582] The buggy address belongs to the physical page:
[   18.662368] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a1c
[   18.662883] flags: 0x200000000000000(node=0|zone=2)
[   18.663807] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   18.664640] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.664960] page dumped because: kasan: bad access detected
[   18.665689] 
[   18.666071] Memory state around the buggy address:
[   18.666701]  ffff888103a1bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.667120]  ffff888103a1bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.667912] >ffff888103a1c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.668462]                    ^
[   18.668992]  ffff888103a1c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.669741]  ffff888103a1c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.670346] ==================================================================
[   18.540363] ==================================================================
[   18.541172] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   18.541780] Free of addr ffff888102b31800 by task kunit_try_catch/256
[   18.542214] 
[   18.542396] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   18.542509] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.542534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.542580] Call Trace:
[   18.542609]  <TASK>
[   18.542652]  dump_stack_lvl+0x73/0xb0
[   18.542725]  print_report+0xd1/0x650
[   18.542829]  ? __virt_addr_valid+0x1db/0x2d0
[   18.542887]  ? kasan_complete_mode_report_info+0x64/0x200
[   18.542934]  ? mempool_double_free_helper+0x184/0x370
[   18.542981]  kasan_report_invalid_free+0x10a/0x130
[   18.543031]  ? mempool_double_free_helper+0x184/0x370
[   18.543085]  ? mempool_double_free_helper+0x184/0x370
[   18.543165]  ? mempool_double_free_helper+0x184/0x370
[   18.543205]  check_slab_allocation+0x101/0x130
[   18.543245]  __kasan_mempool_poison_object+0x91/0x1d0
[   18.543287]  mempool_free+0x2ec/0x380
[   18.543328]  ? __wake_up+0x49/0x60
[   18.543371]  mempool_double_free_helper+0x184/0x370
[   18.543416]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   18.543457]  ? update_load_avg+0x1be/0x21b0
[   18.543495]  ? dequeue_entities+0x27e/0x1740
[   18.543547]  ? finish_task_switch.isra.0+0x153/0x700
[   18.543605]  mempool_kmalloc_double_free+0xed/0x140
[   18.543716]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   18.543776]  ? dequeue_task_fair+0x166/0x4e0
[   18.543824]  ? __pfx_mempool_kmalloc+0x10/0x10
[   18.543864]  ? __pfx_mempool_kfree+0x10/0x10
[   18.543913]  ? __pfx_read_tsc+0x10/0x10
[   18.543964]  ? ktime_get_ts64+0x86/0x230
[   18.544022]  kunit_try_run_case+0x1a5/0x480
[   18.544073]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.544155]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.544238]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.544288]  ? __kthread_parkme+0x82/0x180
[   18.544330]  ? preempt_count_sub+0x50/0x80
[   18.544374]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.544413]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.544440]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.544467]  kthread+0x337/0x6f0
[   18.544487]  ? trace_preempt_on+0x20/0xc0
[   18.544515]  ? __pfx_kthread+0x10/0x10
[   18.544536]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.544560]  ? calculate_sigpending+0x7b/0xa0
[   18.544585]  ? __pfx_kthread+0x10/0x10
[   18.544605]  ret_from_fork+0x41/0x80
[   18.544631]  ? __pfx_kthread+0x10/0x10
[   18.544651]  ret_from_fork_asm+0x1a/0x30
[   18.544689]  </TASK>
[   18.544706] 
[   18.561528] Allocated by task 256:
[   18.561825]  kasan_save_stack+0x45/0x70
[   18.563117]  kasan_save_track+0x18/0x40
[   18.563532]  kasan_save_alloc_info+0x3b/0x50
[   18.563981]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   18.564406]  remove_element+0x11e/0x190
[   18.564731]  mempool_alloc_preallocated+0x4d/0x90
[   18.565003]  mempool_double_free_helper+0x8a/0x370
[   18.565405]  mempool_kmalloc_double_free+0xed/0x140
[   18.565639]  kunit_try_run_case+0x1a5/0x480
[   18.566395]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.566737]  kthread+0x337/0x6f0
[   18.567062]  ret_from_fork+0x41/0x80
[   18.567493]  ret_from_fork_asm+0x1a/0x30
[   18.567838] 
[   18.568016] Freed by task 256:
[   18.568401]  kasan_save_stack+0x45/0x70
[   18.568774]  kasan_save_track+0x18/0x40
[   18.569122]  kasan_save_free_info+0x3f/0x60
[   18.570386]  __kasan_mempool_poison_object+0x131/0x1d0
[   18.570684]  mempool_free+0x2ec/0x380
[   18.571276]  mempool_double_free_helper+0x109/0x370
[   18.571667]  mempool_kmalloc_double_free+0xed/0x140
[   18.571969]  kunit_try_run_case+0x1a5/0x480
[   18.572404]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.572855]  kthread+0x337/0x6f0
[   18.573090]  ret_from_fork+0x41/0x80
[   18.573589]  ret_from_fork_asm+0x1a/0x30
[   18.573877] 
[   18.574049] The buggy address belongs to the object at ffff888102b31800
[   18.574049]  which belongs to the cache kmalloc-128 of size 128
[   18.575512] The buggy address is located 0 bytes inside of
[   18.575512]  128-byte region [ffff888102b31800, ffff888102b31880)
[   18.576367] 
[   18.576528] The buggy address belongs to the physical page:
[   18.576802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b31
[   18.577356] flags: 0x200000000000000(node=0|zone=2)
[   18.577652] page_type: f5(slab)
[   18.578158] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   18.578742] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.579143] page dumped because: kasan: bad access detected
[   18.579742] 
[   18.579941] Memory state around the buggy address:
[   18.580378]  ffff888102b31700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.580818]  ffff888102b31780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.582354] >ffff888102b31800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.582617]                    ^
[   18.582846]  ffff888102b31880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.583556]  ffff888102b31900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.583936] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxInfPddVDXGngffC9JR7X5Cmc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxInfPddVDXGngffC9JR7X5Cmc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/bzImage
sha256sum	fa931e11017c8ca987af58467ceac4cfbdb749e86f43584874b54f325b4fc4f3

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/modules.tar.xz
sha256sum	7c34359c003080a3ab3b531ece9044002fd87f98de8d7cd8150985fcf69c24ac

durations

tests

boot	0
kunit	459.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit