lkft/linux-stable-rc-linux-6.15.y - v6.15.4-264-gd5e6f0c9ca48 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 3, 2025, 3:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.665013] ==================================================================
[   17.665094] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.665156] Free of addr fff00000c77fa100 by task kunit_try_catch/238
[   17.665198] 
[   17.666270] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   17.666396] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.668486] Hardware name: linux,dummy-virt (DT)
[   17.668538] Call trace:
[   17.668560]  show_stack+0x20/0x38 (C)
[   17.668612]  dump_stack_lvl+0x8c/0xd0
[   17.668661]  print_report+0x118/0x608
[   17.668706]  kasan_report_invalid_free+0xc0/0xe8
[   17.668754]  check_slab_allocation+0xd4/0x108
[   17.668801]  __kasan_mempool_poison_object+0x78/0x150
[   17.668851]  mempool_free+0x28c/0x328
[   17.668897]  mempool_double_free_helper+0x150/0x2e8
[   17.668962]  mempool_kmalloc_double_free+0xc0/0x118
[   17.669013]  kunit_try_run_case+0x170/0x3f0
[   17.669061]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.669114]  kthread+0x328/0x630
[   17.669158]  ret_from_fork+0x10/0x20
[   17.669206] 
[   17.669223] Allocated by task 238:
[   17.669256]  kasan_save_stack+0x3c/0x68
[   17.669294]  kasan_save_track+0x20/0x40
[   17.669330]  kasan_save_alloc_info+0x40/0x58
[   17.669367]  __kasan_mempool_unpoison_object+0x11c/0x180
[   17.669407]  remove_element+0x130/0x1f8
[   17.669443]  mempool_alloc_preallocated+0x58/0xc0
[   17.669483]  mempool_double_free_helper+0x94/0x2e8
[   17.669523]  mempool_kmalloc_double_free+0xc0/0x118
[   17.669564]  kunit_try_run_case+0x170/0x3f0
[   17.669600]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.669643]  kthread+0x328/0x630
[   17.669678]  ret_from_fork+0x10/0x20
[   17.669996] 
[   17.670052] Freed by task 238:
[   17.670291]  kasan_save_stack+0x3c/0x68
[   17.670387]  kasan_save_track+0x20/0x40
[   17.670465]  kasan_save_free_info+0x4c/0x78
[   17.670504]  __kasan_mempool_poison_object+0xc0/0x150
[   17.670544]  mempool_free+0x28c/0x328
[   17.670579]  mempool_double_free_helper+0x100/0x2e8
[   17.670619]  mempool_kmalloc_double_free+0xc0/0x118
[   17.670661]  kunit_try_run_case+0x170/0x3f0
[   17.670697]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.670742]  kthread+0x328/0x630
[   17.670776]  ret_from_fork+0x10/0x20
[   17.670811] 
[   17.670829] The buggy address belongs to the object at fff00000c77fa100
[   17.670829]  which belongs to the cache kmalloc-128 of size 128
[   17.670889] The buggy address is located 0 bytes inside of
[   17.670889]  128-byte region [fff00000c77fa100, fff00000c77fa180)
[   17.670956] 
[   17.670976] The buggy address belongs to the physical page:
[   17.671007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077fa
[   17.671060] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.671106] page_type: f5(slab)
[   17.671145] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.671194] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.671234] page dumped because: kasan: bad access detected
[   17.671263] 
[   17.671281] Memory state around the buggy address:
[   17.671312]  fff00000c77fa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.671426]  fff00000c77fa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.671489] >fff00000c77fa100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.671527]                    ^
[   17.671558]  fff00000c77fa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.671601]  fff00000c77fa200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.671638] ==================================================================
[   17.693081] ==================================================================
[   17.693256] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.693412] Free of addr fff00000c7924000 by task kunit_try_catch/242
[   17.693462] 
[   17.693494] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   17.693595] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.693759] Hardware name: linux,dummy-virt (DT)
[   17.693806] Call trace:
[   17.693834]  show_stack+0x20/0x38 (C)
[   17.693892]  dump_stack_lvl+0x8c/0xd0
[   17.693966]  print_report+0x118/0x608
[   17.694011]  kasan_report_invalid_free+0xc0/0xe8
[   17.694069]  __kasan_mempool_poison_pages+0xe0/0xe8
[   17.694125]  mempool_free+0x24c/0x328
[   17.694282]  mempool_double_free_helper+0x150/0x2e8
[   17.694368]  mempool_page_alloc_double_free+0xbc/0x118
[   17.694457]  kunit_try_run_case+0x170/0x3f0
[   17.694546]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.694622]  kthread+0x328/0x630
[   17.694702]  ret_from_fork+0x10/0x20
[   17.694747] 
[   17.694767] The buggy address belongs to the physical page:
[   17.694818] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107924
[   17.694872] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.694931] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   17.694991] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.695250] page dumped because: kasan: bad access detected
[   17.695329] 
[   17.695393] Memory state around the buggy address:
[   17.695450]  fff00000c7923f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.695549]  fff00000c7923f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.695607] >fff00000c7924000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.695646]                    ^
[   17.695674]  fff00000c7924080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.695856]  fff00000c7924100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.696027] ==================================================================
[   17.682502] ==================================================================
[   17.682566] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   17.683775] Free of addr fff00000c7924000 by task kunit_try_catch/240
[   17.683841] 
[   17.683877] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   17.683976] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.684004] Hardware name: linux,dummy-virt (DT)
[   17.684038] Call trace:
[   17.684061]  show_stack+0x20/0x38 (C)
[   17.684111]  dump_stack_lvl+0x8c/0xd0
[   17.684158]  print_report+0x118/0x608
[   17.684210]  kasan_report_invalid_free+0xc0/0xe8
[   17.684258]  __kasan_mempool_poison_object+0x14c/0x150
[   17.684309]  mempool_free+0x28c/0x328
[   17.684359]  mempool_double_free_helper+0x150/0x2e8
[   17.684409]  mempool_kmalloc_large_double_free+0xc0/0x118
[   17.684820]  kunit_try_run_case+0x170/0x3f0
[   17.684894]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.684988]  kthread+0x328/0x630
[   17.685034]  ret_from_fork+0x10/0x20
[   17.685110] 
[   17.685131] The buggy address belongs to the physical page:
[   17.685164] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107924
[   17.685219] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.685594] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.685696] page_type: f8(unknown)
[   17.685752] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.685837] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.685988] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.686063] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.686190] head: 0bfffe0000000002 ffffc1ffc31e4901 00000000ffffffff 00000000ffffffff
[   17.686258] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.686343] page dumped because: kasan: bad access detected
[   17.686444] 
[   17.686491] Memory state around the buggy address:
[   17.686524]  fff00000c7923f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.686589]  fff00000c7923f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.686633] >fff00000c7924000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.686671]                    ^
[   17.686698]  fff00000c7924080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.686739]  fff00000c7924100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.686777] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzF16Z6vC8SBU5IjlfCa7naD2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzF16Z6vC8SBU5IjlfCa7naD2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/Image.gz
sha256sum	d34d37a275cf1c4a311c4e7f05818074baab15ba48579f286d9d01d393ed7e9c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/modules.tar.xz
sha256sum	9c89e8adf491cb2a422508baae089982fd64fb3878557b807536b4a091a3a0ca

durations

tests

boot	0
kunit	203.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.845382] ==================================================================
[   12.845883] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.846189] Free of addr ffff888102a3c000 by task kunit_try_catch/256
[   12.846568] 
[   12.846683] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   12.846733] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.846903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.846932] Call Trace:
[   12.846947]  <TASK>
[   12.846966]  dump_stack_lvl+0x73/0xb0
[   12.846996]  print_report+0xd1/0x650
[   12.847020]  ? __virt_addr_valid+0x1db/0x2d0
[   12.847044]  ? kasan_addr_to_slab+0x11/0xa0
[   12.847066]  ? mempool_double_free_helper+0x184/0x370
[   12.847092]  kasan_report_invalid_free+0x10a/0x130
[   12.847119]  ? mempool_double_free_helper+0x184/0x370
[   12.847146]  ? mempool_double_free_helper+0x184/0x370
[   12.847169]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   12.847194]  mempool_free+0x2ec/0x380
[   12.847218]  mempool_double_free_helper+0x184/0x370
[   12.847256]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.847280]  ? dequeue_entities+0x852/0x1740
[   12.847306]  ? finish_task_switch.isra.0+0x153/0x700
[   12.847333]  mempool_kmalloc_large_double_free+0xed/0x140
[   12.847359]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   12.847385]  ? dequeue_task_fair+0x166/0x4e0
[   12.847407]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.847426]  ? __pfx_mempool_kfree+0x10/0x10
[   12.847449]  ? __pfx_read_tsc+0x10/0x10
[   12.847468]  ? ktime_get_ts64+0x86/0x230
[   12.847495]  kunit_try_run_case+0x1a5/0x480
[   12.847521]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.847542]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.847567]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.847591]  ? __kthread_parkme+0x82/0x180
[   12.847613]  ? preempt_count_sub+0x50/0x80
[   12.847637]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.847661]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.847684]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.847722]  kthread+0x337/0x6f0
[   12.847739]  ? trace_preempt_on+0x20/0xc0
[   12.847763]  ? __pfx_kthread+0x10/0x10
[   12.847781]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.847804]  ? calculate_sigpending+0x7b/0xa0
[   12.847828]  ? __pfx_kthread+0x10/0x10
[   12.847846]  ret_from_fork+0x41/0x80
[   12.847867]  ? __pfx_kthread+0x10/0x10
[   12.847885]  ret_from_fork_asm+0x1a/0x30
[   12.847916]  </TASK>
[   12.847927] 
[   12.858550] The buggy address belongs to the physical page:
[   12.858776] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.859116] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.859585] flags: 0x200000000000040(head|node=0|zone=2)
[   12.860014] page_type: f8(unknown)
[   12.860188] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.861203] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.861892] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.862727] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.863142] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.863605] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.864335] page dumped because: kasan: bad access detected
[   12.864654] 
[   12.864793] Memory state around the buggy address:
[   12.865198]  ffff888102a3bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.865756]  ffff888102a3bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.866201] >ffff888102a3c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.866787]                    ^
[   12.867038]  ffff888102a3c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.867485]  ffff888102a3c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.867929] ==================================================================
[   12.812481] ==================================================================
[   12.813099] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.813398] Free of addr ffff888103151600 by task kunit_try_catch/254
[   12.813701] 
[   12.813874] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   12.813925] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.813938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.814204] Call Trace:
[   12.814218]  <TASK>
[   12.814249]  dump_stack_lvl+0x73/0xb0
[   12.814279]  print_report+0xd1/0x650
[   12.814303]  ? __virt_addr_valid+0x1db/0x2d0
[   12.814328]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.814351]  ? mempool_double_free_helper+0x184/0x370
[   12.814376]  kasan_report_invalid_free+0x10a/0x130
[   12.814401]  ? mempool_double_free_helper+0x184/0x370
[   12.814428]  ? mempool_double_free_helper+0x184/0x370
[   12.814451]  ? mempool_double_free_helper+0x184/0x370
[   12.814475]  check_slab_allocation+0x101/0x130
[   12.814497]  __kasan_mempool_poison_object+0x91/0x1d0
[   12.814523]  mempool_free+0x2ec/0x380
[   12.814549]  mempool_double_free_helper+0x184/0x370
[   12.814574]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.814601]  ? kasan_save_track+0x18/0x40
[   12.814621]  ? kasan_save_alloc_info+0x3b/0x50
[   12.814641]  ? kasan_save_stack+0x45/0x70
[   12.814663]  ? mempool_alloc_preallocated+0x5b/0x90
[   12.814688]  mempool_kmalloc_double_free+0xed/0x140
[   12.814713]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   12.814736]  ? dequeue_task_fair+0x166/0x4e0
[   12.814762]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.814781]  ? __pfx_mempool_kfree+0x10/0x10
[   12.814806]  ? __pfx_read_tsc+0x10/0x10
[   12.814827]  ? ktime_get_ts64+0x86/0x230
[   12.814854]  kunit_try_run_case+0x1a5/0x480
[   12.814879]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.814902]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.814926]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.814949]  ? __kthread_parkme+0x82/0x180
[   12.814972]  ? preempt_count_sub+0x50/0x80
[   12.814999]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.815023]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.815046]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.815071]  kthread+0x337/0x6f0
[   12.815088]  ? trace_preempt_on+0x20/0xc0
[   12.815111]  ? __pfx_kthread+0x10/0x10
[   12.815129]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.815151]  ? calculate_sigpending+0x7b/0xa0
[   12.815173]  ? __pfx_kthread+0x10/0x10
[   12.815192]  ret_from_fork+0x41/0x80
[   12.815212]  ? __pfx_kthread+0x10/0x10
[   12.815239]  ret_from_fork_asm+0x1a/0x30
[   12.815271]  </TASK>
[   12.815304] 
[   12.827598] Allocated by task 254:
[   12.828019]  kasan_save_stack+0x45/0x70
[   12.828228]  kasan_save_track+0x18/0x40
[   12.828504]  kasan_save_alloc_info+0x3b/0x50
[   12.828910]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.829401]  remove_element+0x11e/0x190
[   12.829678]  mempool_alloc_preallocated+0x4d/0x90
[   12.829843]  mempool_double_free_helper+0x8a/0x370
[   12.830002]  mempool_kmalloc_double_free+0xed/0x140
[   12.830160]  kunit_try_run_case+0x1a5/0x480
[   12.830348]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.830550]  kthread+0x337/0x6f0
[   12.830797]  ret_from_fork+0x41/0x80
[   12.830949]  ret_from_fork_asm+0x1a/0x30
[   12.831150] 
[   12.831223] Freed by task 254:
[   12.831383]  kasan_save_stack+0x45/0x70
[   12.831587]  kasan_save_track+0x18/0x40
[   12.831775]  kasan_save_free_info+0x3f/0x60
[   12.832249]  __kasan_mempool_poison_object+0x131/0x1d0
[   12.832589]  mempool_free+0x2ec/0x380
[   12.833086]  mempool_double_free_helper+0x109/0x370
[   12.833292]  mempool_kmalloc_double_free+0xed/0x140
[   12.833658]  kunit_try_run_case+0x1a5/0x480
[   12.833880]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.834115]  kthread+0x337/0x6f0
[   12.834637]  ret_from_fork+0x41/0x80
[   12.834834]  ret_from_fork_asm+0x1a/0x30
[   12.834975] 
[   12.835072] The buggy address belongs to the object at ffff888103151600
[   12.835072]  which belongs to the cache kmalloc-128 of size 128
[   12.835790] The buggy address is located 0 bytes inside of
[   12.835790]  128-byte region [ffff888103151600, ffff888103151680)
[   12.836547] 
[   12.836633] The buggy address belongs to the physical page:
[   12.836974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103151
[   12.837569] flags: 0x200000000000000(node=0|zone=2)
[   12.837822] page_type: f5(slab)
[   12.837969] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.838296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.838947] page dumped because: kasan: bad access detected
[   12.839143] 
[   12.839253] Memory state around the buggy address:
[   12.839706]  ffff888103151500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.839952]  ffff888103151580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.840538] >ffff888103151600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.840883]                    ^
[   12.841037]  ffff888103151680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.841624]  ffff888103151700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.841873] ==================================================================
[   12.872044] ==================================================================
[   12.872746] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.873004] Free of addr ffff88810392c000 by task kunit_try_catch/258
[   12.873316] 
[   12.873632] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   12.873686] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.873699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.873749] Call Trace:
[   12.873762]  <TASK>
[   12.873782]  dump_stack_lvl+0x73/0xb0
[   12.873811]  print_report+0xd1/0x650
[   12.873836]  ? __virt_addr_valid+0x1db/0x2d0
[   12.873860]  ? kasan_addr_to_slab+0x11/0xa0
[   12.873881]  ? mempool_double_free_helper+0x184/0x370
[   12.873908]  kasan_report_invalid_free+0x10a/0x130
[   12.874008]  ? mempool_double_free_helper+0x184/0x370
[   12.874037]  ? mempool_double_free_helper+0x184/0x370
[   12.874062]  __kasan_mempool_poison_pages+0x115/0x130
[   12.874088]  mempool_free+0x290/0x380
[   12.874113]  mempool_double_free_helper+0x184/0x370
[   12.874138]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.874162]  ? dequeue_entities+0x852/0x1740
[   12.874188]  ? finish_task_switch.isra.0+0x153/0x700
[   12.874217]  mempool_page_alloc_double_free+0xe8/0x140
[   12.874251]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   12.874273]  ? dequeue_task_fair+0x166/0x4e0
[   12.874296]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   12.874317]  ? __pfx_mempool_free_pages+0x10/0x10
[   12.874340]  ? __pfx_read_tsc+0x10/0x10
[   12.874361]  ? ktime_get_ts64+0x86/0x230
[   12.874387]  kunit_try_run_case+0x1a5/0x480
[   12.874412]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.874434]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.874459]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.874484]  ? __kthread_parkme+0x82/0x180
[   12.874506]  ? preempt_count_sub+0x50/0x80
[   12.874530]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.874554]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.874578]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.874601]  kthread+0x337/0x6f0
[   12.874618]  ? trace_preempt_on+0x20/0xc0
[   12.874642]  ? __pfx_kthread+0x10/0x10
[   12.874660]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.874682]  ? calculate_sigpending+0x7b/0xa0
[   12.874704]  ? __pfx_kthread+0x10/0x10
[   12.874724]  ret_from_fork+0x41/0x80
[   12.874744]  ? __pfx_kthread+0x10/0x10
[   12.874763]  ret_from_fork_asm+0x1a/0x30
[   12.874794]  </TASK>
[   12.874805] 
[   12.885854] The buggy address belongs to the physical page:
[   12.886142] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392c
[   12.886711] flags: 0x200000000000000(node=0|zone=2)
[   12.887139] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   12.887555] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.888010] page dumped because: kasan: bad access detected
[   12.888487] 
[   12.888605] Memory state around the buggy address:
[   12.889023]  ffff88810392bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.889405]  ffff88810392bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.889665] >ffff88810392c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.890271]                    ^
[   12.890448]  ffff88810392c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.890964]  ffff88810392c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.891259] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzGKQRfnDRM24c8Stupaj3rNM

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzGKQRfnDRM24c8Stupaj3rNM

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/bzImage
sha256sum	131f25972ccf6d3dc07ed6136378c45c710f56a35a63be51ac66f3e0e6b9356d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/modules.tar.xz
sha256sum	cdc15104f6ae1897761e61b0f8dc24b998aab0a2fc2653c5aa0cdafc3e2c29fc

durations

tests

boot	0
kunit	225.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit