lkft/linux-stable-rc-linux-6.15.y - v6.15.3-590-gd93bc5feded1 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

June 26, 2025, 11:12 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   37.968259] ==================================================================
[   37.978364] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   37.985479] Free of addr ffff000803330000 by task kunit_try_catch/286
[   37.991902] 
[   37.993386] CPU: 7 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   37.993442] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.993457] Hardware name: WinLink E850-96 board (DT)
[   37.993481] Call trace:
[   37.993497]  show_stack+0x20/0x38 (C)
[   37.993532]  dump_stack_lvl+0x8c/0xd0
[   37.993570]  print_report+0x118/0x608
[   37.993603]  kasan_report_invalid_free+0xc0/0xe8
[   37.993635]  __kasan_mempool_poison_object+0x14c/0x150
[   37.993666]  mempool_free+0x28c/0x328
[   37.993703]  mempool_double_free_helper+0x150/0x2e8
[   37.993740]  mempool_kmalloc_large_double_free+0xc0/0x118
[   37.993779]  kunit_try_run_case+0x170/0x3f0
[   37.993818]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.993856]  kthread+0x328/0x630
[   37.993892]  ret_from_fork+0x10/0x20
[   37.993929] 
[   38.067337] The buggy address belongs to the physical page:
[   38.072894] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883330
[   38.080878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   38.088518] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   38.095460] page_type: f8(unknown)
[   38.098858] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   38.106576] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   38.114302] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   38.122114] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   38.129927] head: 0bfffe0000000002 fffffdffe00ccc01 00000000ffffffff 00000000ffffffff
[   38.137740] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   38.145544] page dumped because: kasan: bad access detected
[   38.151101] 
[   38.152577] Memory state around the buggy address:
[   38.157358]  ffff00080332ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.164561]  ffff00080332ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.171763] >ffff000803330000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.178964]                    ^
[   38.182180]  ffff000803330080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.189384]  ffff000803330100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.196587] ==================================================================
[   37.594678] ==================================================================
[   37.604324] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   37.611439] Free of addr ffff000800dad400 by task kunit_try_catch/284
[   37.617861] 
[   37.619350] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   37.619406] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.619423] Hardware name: WinLink E850-96 board (DT)
[   37.619444] Call trace:
[   37.619460]  show_stack+0x20/0x38 (C)
[   37.619499]  dump_stack_lvl+0x8c/0xd0
[   37.619539]  print_report+0x118/0x608
[   37.619572]  kasan_report_invalid_free+0xc0/0xe8
[   37.619604]  check_slab_allocation+0xd4/0x108
[   37.619636]  __kasan_mempool_poison_object+0x78/0x150
[   37.619672]  mempool_free+0x28c/0x328
[   37.619708]  mempool_double_free_helper+0x150/0x2e8
[   37.619751]  mempool_kmalloc_double_free+0xc0/0x118
[   37.619787]  kunit_try_run_case+0x170/0x3f0
[   37.619823]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.619863]  kthread+0x328/0x630
[   37.619901]  ret_from_fork+0x10/0x20
[   37.619937] 
[   37.697028] Allocated by task 284:
[   37.700417]  kasan_save_stack+0x3c/0x68
[   37.704231]  kasan_save_track+0x20/0x40
[   37.708051]  kasan_save_alloc_info+0x40/0x58
[   37.712305]  __kasan_mempool_unpoison_object+0x11c/0x180
[   37.717599]  remove_element+0x130/0x1f8
[   37.721419]  mempool_alloc_preallocated+0x58/0xc0
[   37.726106]  mempool_double_free_helper+0x94/0x2e8
[   37.730880]  mempool_kmalloc_double_free+0xc0/0x118
[   37.735743]  kunit_try_run_case+0x170/0x3f0
[   37.739908]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.745377]  kthread+0x328/0x630
[   37.748588]  ret_from_fork+0x10/0x20
[   37.752147] 
[   37.753624] Freed by task 284:
[   37.756663]  kasan_save_stack+0x3c/0x68
[   37.760481]  kasan_save_track+0x20/0x40
[   37.764300]  kasan_save_free_info+0x4c/0x78
[   37.768467]  __kasan_mempool_poison_object+0xc0/0x150
[   37.773501]  mempool_free+0x28c/0x328
[   37.777147]  mempool_double_free_helper+0x100/0x2e8
[   37.782008]  mempool_kmalloc_double_free+0xc0/0x118
[   37.786869]  kunit_try_run_case+0x170/0x3f0
[   37.791036]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.796505]  kthread+0x328/0x630
[   37.799716]  ret_from_fork+0x10/0x20
[   37.803275] 
[   37.804752] The buggy address belongs to the object at ffff000800dad400
[   37.804752]  which belongs to the cache kmalloc-128 of size 128
[   37.817254] The buggy address is located 0 bytes inside of
[   37.817254]  128-byte region [ffff000800dad400, ffff000800dad480)
[   37.828796] 
[   37.830276] The buggy address belongs to the physical page:
[   37.835832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880dac
[   37.843815] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   37.851455] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   37.858397] page_type: f5(slab)
[   37.861536] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   37.869253] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   37.876980] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   37.884791] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   37.892604] head: 0bfffe0000000001 fffffdffe0036b01 00000000ffffffff 00000000ffffffff
[   37.900416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   37.908221] page dumped because: kasan: bad access detected
[   37.913778] 
[   37.915254] Memory state around the buggy address:
[   37.920036]  ffff000800dad300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.927240]  ffff000800dad380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.934442] >ffff000800dad400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.941641]                    ^
[   37.944857]  ffff000800dad480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.952062]  ffff000800dad500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.959264] ==================================================================
[   38.205655] ==================================================================
[   38.216208] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   38.223324] Free of addr ffff000803330000 by task kunit_try_catch/288
[   38.229746] 
[   38.231232] CPU: 7 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   38.231290] Tainted: [B]=BAD_PAGE, [N]=TEST
[   38.231306] Hardware name: WinLink E850-96 board (DT)
[   38.231328] Call trace:
[   38.231342]  show_stack+0x20/0x38 (C)
[   38.231380]  dump_stack_lvl+0x8c/0xd0
[   38.231417]  print_report+0x118/0x608
[   38.231451]  kasan_report_invalid_free+0xc0/0xe8
[   38.231486]  __kasan_mempool_poison_pages+0xe0/0xe8
[   38.231519]  mempool_free+0x24c/0x328
[   38.231555]  mempool_double_free_helper+0x150/0x2e8
[   38.231592]  mempool_page_alloc_double_free+0xbc/0x118
[   38.231625]  kunit_try_run_case+0x170/0x3f0
[   38.231663]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.231701]  kthread+0x328/0x630
[   38.231737]  ret_from_fork+0x10/0x20
[   38.231773] 
[   38.304659] The buggy address belongs to the physical page:
[   38.310217] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883330
[   38.318200] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   38.324723] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   38.332441] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   38.340159] page dumped because: kasan: bad access detected
[   38.345716] 
[   38.347192] Memory state around the buggy address:
[   38.351973]  ffff00080332ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.359175]  ffff00080332ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.366380] >ffff000803330000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.373579]                    ^
[   38.376795]  ffff000803330080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.383999]  ffff000803330100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   38.391202] ==================================================================

Metadata Full log Test run details

[   20.125112] ==================================================================
[   20.125181] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.125241] Free of addr fff00000c791d500 by task kunit_try_catch/237
[   20.125284] 
[   20.125317] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   20.125403] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.125432] Hardware name: linux,dummy-virt (DT)
[   20.125464] Call trace:
[   20.125487]  show_stack+0x20/0x38 (C)
[   20.125535]  dump_stack_lvl+0x8c/0xd0
[   20.125584]  print_report+0x118/0x608
[   20.125631]  kasan_report_invalid_free+0xc0/0xe8
[   20.125682]  check_slab_allocation+0xd4/0x108
[   20.125728]  __kasan_mempool_poison_object+0x78/0x150
[   20.125779]  mempool_free+0x28c/0x328
[   20.125829]  mempool_double_free_helper+0x150/0x2e8
[   20.125895]  mempool_kmalloc_double_free+0xc0/0x118
[   20.125947]  kunit_try_run_case+0x170/0x3f0
[   20.125997]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.126052]  kthread+0x328/0x630
[   20.126097]  ret_from_fork+0x10/0x20
[   20.126144] 
[   20.126164] Allocated by task 237:
[   20.126191]  kasan_save_stack+0x3c/0x68
[   20.126231]  kasan_save_track+0x20/0x40
[   20.126266]  kasan_save_alloc_info+0x40/0x58
[   20.126306]  __kasan_mempool_unpoison_object+0x11c/0x180
[   20.126348]  remove_element+0x130/0x1f8
[   20.126385]  mempool_alloc_preallocated+0x58/0xc0
[   20.126427]  mempool_double_free_helper+0x94/0x2e8
[   20.126469]  mempool_kmalloc_double_free+0xc0/0x118
[   20.126510]  kunit_try_run_case+0x170/0x3f0
[   20.126553]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.126596]  kthread+0x328/0x630
[   20.126632]  ret_from_fork+0x10/0x20
[   20.126668] 
[   20.126685] Freed by task 237:
[   20.126712]  kasan_save_stack+0x3c/0x68
[   20.126747]  kasan_save_track+0x20/0x40
[   20.126783]  kasan_save_free_info+0x4c/0x78
[   20.126823]  __kasan_mempool_poison_object+0xc0/0x150
[   20.126896]  mempool_free+0x28c/0x328
[   20.126935]  mempool_double_free_helper+0x100/0x2e8
[   20.126977]  mempool_kmalloc_double_free+0xc0/0x118
[   20.127019]  kunit_try_run_case+0x170/0x3f0
[   20.127058]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.127102]  kthread+0x328/0x630
[   20.127136]  ret_from_fork+0x10/0x20
[   20.127178] 
[   20.127196] The buggy address belongs to the object at fff00000c791d500
[   20.127196]  which belongs to the cache kmalloc-128 of size 128
[   20.127257] The buggy address is located 0 bytes inside of
[   20.127257]  128-byte region [fff00000c791d500, fff00000c791d580)
[   20.127317] 
[   20.127336] The buggy address belongs to the physical page:
[   20.127366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10791d
[   20.127421] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.127470] page_type: f5(slab)
[   20.127511] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   20.127564] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.127607] page dumped because: kasan: bad access detected
[   20.127639] 
[   20.127656] Memory state around the buggy address:
[   20.127686]  fff00000c791d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.127731]  fff00000c791d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.127776] >fff00000c791d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.127819]                    ^
[   20.127845]  fff00000c791d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.127926]  fff00000c791d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.127989] ==================================================================
[   20.184788] ==================================================================
[   20.185330] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.185995] Free of addr fff00000c795c000 by task kunit_try_catch/241
[   20.186045] 
[   20.186082] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   20.186167] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.186196] Hardware name: linux,dummy-virt (DT)
[   20.187754] Call trace:
[   20.188049]  show_stack+0x20/0x38 (C)
[   20.188625]  dump_stack_lvl+0x8c/0xd0
[   20.188873]  print_report+0x118/0x608
[   20.188922]  kasan_report_invalid_free+0xc0/0xe8
[   20.188971]  __kasan_mempool_poison_pages+0xe0/0xe8
[   20.189021]  mempool_free+0x24c/0x328
[   20.190339]  mempool_double_free_helper+0x150/0x2e8
[   20.190409]  mempool_page_alloc_double_free+0xbc/0x118
[   20.190460]  kunit_try_run_case+0x170/0x3f0
[   20.191659]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.191862]  kthread+0x328/0x630
[   20.192364]  ret_from_fork+0x10/0x20
[   20.192776] 
[   20.193317] The buggy address belongs to the physical page:
[   20.193393] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10795c
[   20.194021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.194459] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   20.194762] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.195044] page dumped because: kasan: bad access detected
[   20.195081] 
[   20.195099] Memory state around the buggy address:
[   20.195623]  fff00000c795bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.195678]  fff00000c795bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.196240] >fff00000c795c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.196439]                    ^
[   20.197006]  fff00000c795c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.197076]  fff00000c795c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.197119] ==================================================================
[   20.154959] ==================================================================
[   20.155045] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   20.155141] Free of addr fff00000c795c000 by task kunit_try_catch/239
[   20.155372] 
[   20.155679] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   20.155944] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.156007] Hardware name: linux,dummy-virt (DT)
[   20.156059] Call trace:
[   20.156223]  show_stack+0x20/0x38 (C)
[   20.156374]  dump_stack_lvl+0x8c/0xd0
[   20.156423]  print_report+0x118/0x608
[   20.156469]  kasan_report_invalid_free+0xc0/0xe8
[   20.156520]  __kasan_mempool_poison_object+0x14c/0x150
[   20.156872]  mempool_free+0x28c/0x328
[   20.157267]  mempool_double_free_helper+0x150/0x2e8
[   20.157385]  mempool_kmalloc_large_double_free+0xc0/0x118
[   20.157666]  kunit_try_run_case+0x170/0x3f0
[   20.158240]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.158635]  kthread+0x328/0x630
[   20.158741]  ret_from_fork+0x10/0x20
[   20.159306] 
[   20.159430] The buggy address belongs to the physical page:
[   20.159634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10795c
[   20.160022] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.160364] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.160425] page_type: f8(unknown)
[   20.160665] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.160729] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.161057] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.161119] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.161470] head: 0bfffe0000000002 ffffc1ffc31e5701 00000000ffffffff 00000000ffffffff
[   20.162182] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.162261] page dumped because: kasan: bad access detected
[   20.162573] 
[   20.162598] Memory state around the buggy address:
[   20.162635]  fff00000c795bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.162688]  fff00000c795bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.162734] >fff00000c795c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.162776]                    ^
[   20.163412]  fff00000c795c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.163471]  fff00000c795c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.163514] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2jyLmJ6z1BqjhwiejBJ9RGyCS

job_id

TEST:linaro@lkft#2z2k2l9byJaNN182er1n5wXsS9a

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2k2l9byJaNN182er1n5wXsS9a

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2jzZjd6XwbIkbAqyFkpO4xknj/Image.gz
sha256sum	4fe981caa8e1ab0677344dea9975703ca09f32389026eeb9f77fae76c6c0e9ba

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2jzZjd6XwbIkbAqyFkpO4xknj/modules.tar.xz
sha256sum	74a01e20d3d706452182b8388f6aa7ab2c9166f6c4a19d7a4587dd3d7a7ca51e

durations

tests

boot	0
kunit	192.49

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.601269] ==================================================================
[   12.602498] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.602767] Free of addr ffff888103a04000 by task kunit_try_catch/256
[   12.603210] 
[   12.603340] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   12.603533] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.603591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.603614] Call Trace:
[   12.603626]  <TASK>
[   12.603645]  dump_stack_lvl+0x73/0xb0
[   12.603688]  print_report+0xd1/0x650
[   12.603712]  ? __virt_addr_valid+0x1db/0x2d0
[   12.603736]  ? kasan_addr_to_slab+0x11/0xa0
[   12.603785]  ? mempool_double_free_helper+0x184/0x370
[   12.603811]  kasan_report_invalid_free+0x10a/0x130
[   12.603836]  ? mempool_double_free_helper+0x184/0x370
[   12.603931]  ? mempool_double_free_helper+0x184/0x370
[   12.603954]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   12.603979]  mempool_free+0x2ec/0x380
[   12.604025]  mempool_double_free_helper+0x184/0x370
[   12.604049]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.604088]  ? dequeue_entities+0x852/0x1740
[   12.604122]  ? finish_task_switch.isra.0+0x153/0x700
[   12.604149]  mempool_kmalloc_large_double_free+0xed/0x140
[   12.604173]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   12.604211]  ? dequeue_task_fair+0x166/0x4e0
[   12.604232]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.604257]  ? __pfx_mempool_kfree+0x10/0x10
[   12.604290]  ? __pfx_read_tsc+0x10/0x10
[   12.604311]  ? ktime_get_ts64+0x86/0x230
[   12.604337]  kunit_try_run_case+0x1a5/0x480
[   12.604363]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.604385]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.604410]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.604433]  ? __kthread_parkme+0x82/0x180
[   12.604455]  ? preempt_count_sub+0x50/0x80
[   12.604480]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.604503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.604526]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.604548]  kthread+0x337/0x6f0
[   12.604576]  ? trace_preempt_on+0x20/0xc0
[   12.604600]  ? __pfx_kthread+0x10/0x10
[   12.604617]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.604639]  ? calculate_sigpending+0x7b/0xa0
[   12.604661]  ? __pfx_kthread+0x10/0x10
[   12.604678]  ret_from_fork+0x41/0x80
[   12.604699]  ? __pfx_kthread+0x10/0x10
[   12.604788]  ret_from_fork_asm+0x1a/0x30
[   12.604825]  </TASK>
[   12.604836] 
[   12.615444] The buggy address belongs to the physical page:
[   12.615754] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a04
[   12.616452] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.616875] flags: 0x200000000000040(head|node=0|zone=2)
[   12.617342] page_type: f8(unknown)
[   12.617550] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.618036] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.618414] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.618847] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.619306] head: 0200000000000002 ffffea00040e8101 00000000ffffffff 00000000ffffffff
[   12.619692] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.620339] page dumped because: kasan: bad access detected
[   12.620610] 
[   12.620721] Memory state around the buggy address:
[   12.621107]  ffff888103a03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.621482]  ffff888103a03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.621975] >ffff888103a04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.622361]                    ^
[   12.622528]  ffff888103a04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.622937]  ffff888103a04100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.623322] ==================================================================
[   12.627340] ==================================================================
[   12.627974] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.628464] Free of addr ffff8881039c4000 by task kunit_try_catch/258
[   12.628767] 
[   12.628884] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   12.628945] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.628958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.629035] Call Trace:
[   12.629062]  <TASK>
[   12.629083]  dump_stack_lvl+0x73/0xb0
[   12.629114]  print_report+0xd1/0x650
[   12.629138]  ? __virt_addr_valid+0x1db/0x2d0
[   12.629163]  ? kasan_addr_to_slab+0x11/0xa0
[   12.629216]  ? mempool_double_free_helper+0x184/0x370
[   12.629241]  kasan_report_invalid_free+0x10a/0x130
[   12.629277]  ? mempool_double_free_helper+0x184/0x370
[   12.629303]  ? mempool_double_free_helper+0x184/0x370
[   12.629352]  __kasan_mempool_poison_pages+0x115/0x130
[   12.629377]  mempool_free+0x290/0x380
[   12.629403]  mempool_double_free_helper+0x184/0x370
[   12.629438]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.629461]  ? dequeue_entities+0x852/0x1740
[   12.629487]  ? finish_task_switch.isra.0+0x153/0x700
[   12.629514]  mempool_page_alloc_double_free+0xe8/0x140
[   12.629535]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   12.629556]  ? dequeue_task_fair+0x166/0x4e0
[   12.629578]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   12.629598]  ? __pfx_mempool_free_pages+0x10/0x10
[   12.629620]  ? __pfx_read_tsc+0x10/0x10
[   12.629641]  ? ktime_get_ts64+0x86/0x230
[   12.629667]  kunit_try_run_case+0x1a5/0x480
[   12.629694]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.629731]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.629756]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.629779]  ? __kthread_parkme+0x82/0x180
[   12.629802]  ? preempt_count_sub+0x50/0x80
[   12.629826]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.629849]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.629871]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.629894]  kthread+0x337/0x6f0
[   12.629910]  ? trace_preempt_on+0x20/0xc0
[   12.629944]  ? __pfx_kthread+0x10/0x10
[   12.629961]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.629983]  ? calculate_sigpending+0x7b/0xa0
[   12.630006]  ? __pfx_kthread+0x10/0x10
[   12.630023]  ret_from_fork+0x41/0x80
[   12.630044]  ? __pfx_kthread+0x10/0x10
[   12.630061]  ret_from_fork_asm+0x1a/0x30
[   12.630093]  </TASK>
[   12.630105] 
[   12.639861] The buggy address belongs to the physical page:
[   12.640179] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c4
[   12.640547] flags: 0x200000000000000(node=0|zone=2)
[   12.640818] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   12.641195] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.641503] page dumped because: kasan: bad access detected
[   12.641787] 
[   12.641855] Memory state around the buggy address:
[   12.642020]  ffff8881039c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.642374]  ffff8881039c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.642689] >ffff8881039c4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.643038]                    ^
[   12.643158]  ffff8881039c4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.643828]  ffff8881039c4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.644151] ==================================================================
[   12.572408] ==================================================================
[   12.573038] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.573472] Free of addr ffff888102f60c00 by task kunit_try_catch/254
[   12.573764] 
[   12.573945] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   12.573997] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.574008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.574030] Call Trace:
[   12.574043]  <TASK>
[   12.574063]  dump_stack_lvl+0x73/0xb0
[   12.574092]  print_report+0xd1/0x650
[   12.574116]  ? __virt_addr_valid+0x1db/0x2d0
[   12.574142]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.574165]  ? mempool_double_free_helper+0x184/0x370
[   12.574190]  kasan_report_invalid_free+0x10a/0x130
[   12.574215]  ? mempool_double_free_helper+0x184/0x370
[   12.574241]  ? mempool_double_free_helper+0x184/0x370
[   12.574263]  ? mempool_double_free_helper+0x184/0x370
[   12.574286]  check_slab_allocation+0x101/0x130
[   12.574308]  __kasan_mempool_poison_object+0x91/0x1d0
[   12.574333]  mempool_free+0x2ec/0x380
[   12.574358]  mempool_double_free_helper+0x184/0x370
[   12.574383]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.574407]  ? dequeue_entities+0x852/0x1740
[   12.574433]  ? finish_task_switch.isra.0+0x153/0x700
[   12.574460]  mempool_kmalloc_double_free+0xed/0x140
[   12.574487]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   12.574510]  ? dequeue_task_fair+0x166/0x4e0
[   12.574532]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.574552]  ? __pfx_mempool_kfree+0x10/0x10
[   12.574584]  ? __pfx_read_tsc+0x10/0x10
[   12.574605]  ? ktime_get_ts64+0x86/0x230
[   12.574632]  kunit_try_run_case+0x1a5/0x480
[   12.574673]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574695]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.574721]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.574795]  ? __kthread_parkme+0x82/0x180
[   12.574822]  ? preempt_count_sub+0x50/0x80
[   12.574847]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574870]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.574894]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.574927]  kthread+0x337/0x6f0
[   12.574944]  ? trace_preempt_on+0x20/0xc0
[   12.574969]  ? __pfx_kthread+0x10/0x10
[   12.574987]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.575009]  ? calculate_sigpending+0x7b/0xa0
[   12.575031]  ? __pfx_kthread+0x10/0x10
[   12.575049]  ret_from_fork+0x41/0x80
[   12.575070]  ? __pfx_kthread+0x10/0x10
[   12.575088]  ret_from_fork_asm+0x1a/0x30
[   12.575119]  </TASK>
[   12.575131] 
[   12.584749] Allocated by task 254:
[   12.584895]  kasan_save_stack+0x45/0x70
[   12.585061]  kasan_save_track+0x18/0x40
[   12.585460]  kasan_save_alloc_info+0x3b/0x50
[   12.585897]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.586166]  remove_element+0x11e/0x190
[   12.586361]  mempool_alloc_preallocated+0x4d/0x90
[   12.586533]  mempool_double_free_helper+0x8a/0x370
[   12.586828]  mempool_kmalloc_double_free+0xed/0x140
[   12.587091]  kunit_try_run_case+0x1a5/0x480
[   12.587242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.587491]  kthread+0x337/0x6f0
[   12.587666]  ret_from_fork+0x41/0x80
[   12.587955]  ret_from_fork_asm+0x1a/0x30
[   12.588102] 
[   12.588172] Freed by task 254:
[   12.588291]  kasan_save_stack+0x45/0x70
[   12.588483]  kasan_save_track+0x18/0x40
[   12.588841]  kasan_save_free_info+0x3f/0x60
[   12.589195]  __kasan_mempool_poison_object+0x131/0x1d0
[   12.589543]  mempool_free+0x2ec/0x380
[   12.589751]  mempool_double_free_helper+0x109/0x370
[   12.590033]  mempool_kmalloc_double_free+0xed/0x140
[   12.590241]  kunit_try_run_case+0x1a5/0x480
[   12.590387]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.590602]  kthread+0x337/0x6f0
[   12.590764]  ret_from_fork+0x41/0x80
[   12.591020]  ret_from_fork_asm+0x1a/0x30
[   12.591218] 
[   12.591315] The buggy address belongs to the object at ffff888102f60c00
[   12.591315]  which belongs to the cache kmalloc-128 of size 128
[   12.592058] The buggy address is located 0 bytes inside of
[   12.592058]  128-byte region [ffff888102f60c00, ffff888102f60c80)
[   12.592540] 
[   12.592636] The buggy address belongs to the physical page:
[   12.592984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60
[   12.593320] flags: 0x200000000000000(node=0|zone=2)
[   12.593528] page_type: f5(slab)
[   12.593792] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.594322] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.594673] page dumped because: kasan: bad access detected
[   12.594978] 
[   12.595048] Memory state around the buggy address:
[   12.595204]  ffff888102f60b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.595541]  ffff888102f60b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.596063] >ffff888102f60c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.596284]                    ^
[   12.596442]  ffff888102f60c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.597027]  ffff888102f60d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.597415] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2z2jyLmJ6z1BqjhwiejBJ9RGyCS

job_id

TEST:linaro@lkft#2z2k43Ith0GXrqHIS1HUQzGmLgm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2k43Ith0GXrqHIS1HUQzGmLgm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2k0bZqZSn9XVzQywnOj3pF9S9/bzImage
sha256sum	9197980208d3516ab74c7966c051fb8dc8a70a6c93c6b0af7bd520b43d93459e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2k0bZqZSn9XVzQywnOj3pF9S9/modules.tar.xz
sha256sum	ead902337972221197eb985803def87a4a8d3b17e572371d2f5392640490b3a8

durations

tests

boot	0
kunit	236.11

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit