lkft/linux-stable-rc-linux-6.15.y - v6.15.5-179-gb283c37b8f14 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 8, 2025, 4:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.898711] ==================================================================
[   19.898765] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   19.898839] Free of addr fff00000c78e4000 by task kunit_try_catch/241
[   19.899046] 
[   19.899084] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   19.899276] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.899368] Hardware name: linux,dummy-virt (DT)
[   19.899409] Call trace:
[   19.899448]  show_stack+0x20/0x38 (C)
[   19.899512]  dump_stack_lvl+0x8c/0xd0
[   19.899564]  print_report+0x118/0x608
[   19.899618]  kasan_report_invalid_free+0xc0/0xe8
[   19.899671]  __kasan_mempool_poison_pages+0xe0/0xe8
[   19.899721]  mempool_free+0x24c/0x328
[   19.899770]  mempool_double_free_helper+0x150/0x2e8
[   19.899822]  mempool_page_alloc_double_free+0xbc/0x118
[   19.899871]  kunit_try_run_case+0x170/0x3f0
[   19.899920]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.899973]  kthread+0x328/0x630
[   19.900193]  ret_from_fork+0x10/0x20
[   19.900322] 
[   19.900391] The buggy address belongs to the physical page:
[   19.900423] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e4
[   19.900479] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.900787] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   19.900900] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   19.900954] page dumped because: kasan: bad access detected
[   19.900985] 
[   19.901018] Memory state around the buggy address:
[   19.901056]  fff00000c78e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.901099]  fff00000c78e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.901141] >fff00000c78e4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.901178]                    ^
[   19.901205]  fff00000c78e4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.901246]  fff00000c78e4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.901285] ==================================================================
[   19.875830] ==================================================================
[   19.875886] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   19.875940] Free of addr fff00000c6e6c100 by task kunit_try_catch/237
[   19.875983] 
[   19.876014] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   19.876095] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.876123] Hardware name: linux,dummy-virt (DT)
[   19.876152] Call trace:
[   19.876382]  show_stack+0x20/0x38 (C)
[   19.876540]  dump_stack_lvl+0x8c/0xd0
[   19.876619]  print_report+0x118/0x608
[   19.876743]  kasan_report_invalid_free+0xc0/0xe8
[   19.876830]  check_slab_allocation+0xd4/0x108
[   19.876904]  __kasan_mempool_poison_object+0x78/0x150
[   19.876957]  mempool_free+0x28c/0x328
[   19.877032]  mempool_double_free_helper+0x150/0x2e8
[   19.877084]  mempool_kmalloc_double_free+0xc0/0x118
[   19.877137]  kunit_try_run_case+0x170/0x3f0
[   19.877397]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.877471]  kthread+0x328/0x630
[   19.877562]  ret_from_fork+0x10/0x20
[   19.877658] 
[   19.877707] Allocated by task 237:
[   19.877777]  kasan_save_stack+0x3c/0x68
[   19.877866]  kasan_save_track+0x20/0x40
[   19.877903]  kasan_save_alloc_info+0x40/0x58
[   19.877959]  __kasan_mempool_unpoison_object+0x11c/0x180
[   19.878023]  remove_element+0x130/0x1f8
[   19.878311]  mempool_alloc_preallocated+0x58/0xc0
[   19.878418]  mempool_double_free_helper+0x94/0x2e8
[   19.878551]  mempool_kmalloc_double_free+0xc0/0x118
[   19.878606]  kunit_try_run_case+0x170/0x3f0
[   19.878644]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.878920]  kthread+0x328/0x630
[   19.879001]  ret_from_fork+0x10/0x20
[   19.879105] 
[   19.879163] Freed by task 237:
[   19.879237]  kasan_save_stack+0x3c/0x68
[   19.879325]  kasan_save_track+0x20/0x40
[   19.879395]  kasan_save_free_info+0x4c/0x78
[   19.879432]  __kasan_mempool_poison_object+0xc0/0x150
[   19.879607]  mempool_free+0x28c/0x328
[   19.879788]  mempool_double_free_helper+0x100/0x2e8
[   19.879865]  mempool_kmalloc_double_free+0xc0/0x118
[   19.879968]  kunit_try_run_case+0x170/0x3f0
[   19.880045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.880188]  kthread+0x328/0x630
[   19.880244]  ret_from_fork+0x10/0x20
[   19.880302] 
[   19.880321] The buggy address belongs to the object at fff00000c6e6c100
[   19.880321]  which belongs to the cache kmalloc-128 of size 128
[   19.880394] The buggy address is located 0 bytes inside of
[   19.880394]  128-byte region [fff00000c6e6c100, fff00000c6e6c180)
[   19.880466] 
[   19.880499] The buggy address belongs to the physical page:
[   19.880529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e6c
[   19.880581] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.880627] page_type: f5(slab)
[   19.880805] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.880874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.880991] page dumped because: kasan: bad access detected
[   19.881082] 
[   19.881129] Memory state around the buggy address:
[   19.881223]  fff00000c6e6c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.881272]  fff00000c6e6c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.881469] >fff00000c6e6c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.881644]                    ^
[   19.881706]  fff00000c6e6c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.881769]  fff00000c6e6c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.881808] ==================================================================
[   19.887845] ==================================================================
[   19.887908] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   19.887982] Free of addr fff00000c78e4000 by task kunit_try_catch/239
[   19.888053] 
[   19.888101] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   19.888183] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.888208] Hardware name: linux,dummy-virt (DT)
[   19.888242] Call trace:
[   19.888263]  show_stack+0x20/0x38 (C)
[   19.888312]  dump_stack_lvl+0x8c/0xd0
[   19.888494]  print_report+0x118/0x608
[   19.888541]  kasan_report_invalid_free+0xc0/0xe8
[   19.888590]  __kasan_mempool_poison_object+0x14c/0x150
[   19.888639]  mempool_free+0x28c/0x328
[   19.888806]  mempool_double_free_helper+0x150/0x2e8
[   19.888942]  mempool_kmalloc_large_double_free+0xc0/0x118
[   19.889033]  kunit_try_run_case+0x170/0x3f0
[   19.889141]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.889274]  kthread+0x328/0x630
[   19.889352]  ret_from_fork+0x10/0x20
[   19.889432] 
[   19.889730] The buggy address belongs to the physical page:
[   19.889808] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e4
[   19.889878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.889935] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.889988] page_type: f8(unknown)
[   19.890050] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.890115] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.890171] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.890228] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.890292] head: 0bfffe0000000002 ffffc1ffc31e3901 00000000ffffffff 00000000ffffffff
[   19.890357] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.890397] page dumped because: kasan: bad access detected
[   19.890428] 
[   19.890454] Memory state around the buggy address:
[   19.890496]  fff00000c78e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.890537]  fff00000c78e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.890581] >fff00000c78e4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.890619]                    ^
[   19.890648]  fff00000c78e4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.890690]  fff00000c78e4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.890729] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHCHYqfIu4VBVZVnMqPbdHKQ6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHCHYqfIu4VBVZVnMqPbdHKQ6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/Image.gz
sha256sum	377fc1f956356f0192a0ae5a36f5141cc4f5c82f23686cbb581490c555233292

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/modules.tar.xz
sha256sum	63862ff5342865dbcabf053997348687cbf8c69b4178e317b99ac30d13bd68f5

durations

tests

boot	0
kunit	196.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.989591] ==================================================================
[   12.990200] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.990509] Free of addr ffff888103cac000 by task kunit_try_catch/257
[   12.990754] 
[   12.990881] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   12.990929] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.990942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.990980] Call Trace:
[   12.990992]  <TASK>
[   12.991007]  dump_stack_lvl+0x73/0xb0
[   12.991034]  print_report+0xd1/0x650
[   12.991058]  ? __virt_addr_valid+0x1db/0x2d0
[   12.991091]  ? kasan_addr_to_slab+0x11/0xa0
[   12.991113]  ? mempool_double_free_helper+0x184/0x370
[   12.991139]  kasan_report_invalid_free+0x10a/0x130
[   12.991166]  ? mempool_double_free_helper+0x184/0x370
[   12.991194]  ? mempool_double_free_helper+0x184/0x370
[   12.991219]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   12.991245]  mempool_free+0x2ec/0x380
[   12.991270]  mempool_double_free_helper+0x184/0x370
[   12.991297]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.991323]  ? update_load_avg+0x1be/0x21b0
[   12.991349]  ? finish_task_switch.isra.0+0x153/0x700
[   12.991376]  mempool_kmalloc_large_double_free+0xed/0x140
[   12.991404]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   12.991431]  ? dequeue_task_fair+0x166/0x4e0
[   12.991454]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.991476]  ? __pfx_mempool_kfree+0x10/0x10
[   12.991499]  ? __pfx_read_tsc+0x10/0x10
[   12.991522]  ? ktime_get_ts64+0x86/0x230
[   12.991549]  kunit_try_run_case+0x1a5/0x480
[   12.991772]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.991810]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.991846]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.991871]  ? __kthread_parkme+0x82/0x180
[   12.991904]  ? preempt_count_sub+0x50/0x80
[   12.991929]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.991951]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.991975]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.991999]  kthread+0x337/0x6f0
[   12.992017]  ? trace_preempt_on+0x20/0xc0
[   12.992041]  ? __pfx_kthread+0x10/0x10
[   12.992060]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.992083]  ? calculate_sigpending+0x7b/0xa0
[   12.992106]  ? __pfx_kthread+0x10/0x10
[   12.992125]  ret_from_fork+0x41/0x80
[   12.992146]  ? __pfx_kthread+0x10/0x10
[   12.992165]  ret_from_fork_asm+0x1a/0x30
[   12.992196]  </TASK>
[   12.992208] 
[   13.003306] The buggy address belongs to the physical page:
[   13.003607] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cac
[   13.004111] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.004473] flags: 0x200000000000040(head|node=0|zone=2)
[   13.004831] page_type: f8(unknown)
[   13.004975] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.005583] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.005908] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.006373] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.006943] head: 0200000000000002 ffffea00040f2b01 00000000ffffffff 00000000ffffffff
[   13.007290] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.007707] page dumped because: kasan: bad access detected
[   13.008058] 
[   13.008175] Memory state around the buggy address:
[   13.008371]  ffff888103cabf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.008781]  ffff888103cabf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.009267] >ffff888103cac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.009573]                    ^
[   13.009775]  ffff888103cac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.010199]  ffff888103cac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.010552] ==================================================================
[   12.960139] ==================================================================
[   12.960565] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.960888] Free of addr ffff8881029e8200 by task kunit_try_catch/255
[   12.961140] 
[   12.961263] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   12.961310] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.961323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.961347] Call Trace:
[   12.961360]  <TASK>
[   12.961375]  dump_stack_lvl+0x73/0xb0
[   12.961402]  print_report+0xd1/0x650
[   12.961430]  ? __virt_addr_valid+0x1db/0x2d0
[   12.961454]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.961478]  ? mempool_double_free_helper+0x184/0x370
[   12.961505]  kasan_report_invalid_free+0x10a/0x130
[   12.961531]  ? mempool_double_free_helper+0x184/0x370
[   12.961560]  ? mempool_double_free_helper+0x184/0x370
[   12.961585]  ? mempool_double_free_helper+0x184/0x370
[   12.961609]  check_slab_allocation+0x101/0x130
[   12.961633]  __kasan_mempool_poison_object+0x91/0x1d0
[   12.961659]  mempool_free+0x2ec/0x380
[   12.961686]  mempool_double_free_helper+0x184/0x370
[   12.961712]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.961737]  ? update_load_avg+0x1be/0x21b0
[   12.961766]  ? finish_task_switch.isra.0+0x153/0x700
[   12.961797]  mempool_kmalloc_double_free+0xed/0x140
[   12.961823]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   12.961849]  ? dequeue_task_fair+0x166/0x4e0
[   12.961884]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.961905]  ? __pfx_mempool_kfree+0x10/0x10
[   12.961929]  ? __pfx_read_tsc+0x10/0x10
[   12.961950]  ? ktime_get_ts64+0x86/0x230
[   12.961977]  kunit_try_run_case+0x1a5/0x480
[   12.962000]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.962020]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.962046]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.962072]  ? __kthread_parkme+0x82/0x180
[   12.962096]  ? preempt_count_sub+0x50/0x80
[   12.962122]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.962144]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.962170]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.962195]  kthread+0x337/0x6f0
[   12.962213]  ? trace_preempt_on+0x20/0xc0
[   12.962238]  ? __pfx_kthread+0x10/0x10
[   12.962258]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.962281]  ? calculate_sigpending+0x7b/0xa0
[   12.962304]  ? __pfx_kthread+0x10/0x10
[   12.962326]  ret_from_fork+0x41/0x80
[   12.962348]  ? __pfx_kthread+0x10/0x10
[   12.962368]  ret_from_fork_asm+0x1a/0x30
[   12.962404]  </TASK>
[   12.962417] 
[   12.972009] Allocated by task 255:
[   12.972479]  kasan_save_stack+0x45/0x70
[   12.972662]  kasan_save_track+0x18/0x40
[   12.972803]  kasan_save_alloc_info+0x3b/0x50
[   12.972967]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.973160]  remove_element+0x11e/0x190
[   12.973356]  mempool_alloc_preallocated+0x4d/0x90
[   12.973811]  mempool_double_free_helper+0x8a/0x370
[   12.974127]  mempool_kmalloc_double_free+0xed/0x140
[   12.974303]  kunit_try_run_case+0x1a5/0x480
[   12.974451]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.974761]  kthread+0x337/0x6f0
[   12.975077]  ret_from_fork+0x41/0x80
[   12.975270]  ret_from_fork_asm+0x1a/0x30
[   12.975473] 
[   12.975576] Freed by task 255:
[   12.975815]  kasan_save_stack+0x45/0x70
[   12.976127]  kasan_save_track+0x18/0x40
[   12.976267]  kasan_save_free_info+0x3f/0x60
[   12.976411]  __kasan_mempool_poison_object+0x131/0x1d0
[   12.977035]  mempool_free+0x2ec/0x380
[   12.977245]  mempool_double_free_helper+0x109/0x370
[   12.977490]  mempool_kmalloc_double_free+0xed/0x140
[   12.977718]  kunit_try_run_case+0x1a5/0x480
[   12.978011]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.978221]  kthread+0x337/0x6f0
[   12.978344]  ret_from_fork+0x41/0x80
[   12.978478]  ret_from_fork_asm+0x1a/0x30
[   12.978661] 
[   12.978810] The buggy address belongs to the object at ffff8881029e8200
[   12.978810]  which belongs to the cache kmalloc-128 of size 128
[   12.979373] The buggy address is located 0 bytes inside of
[   12.979373]  128-byte region [ffff8881029e8200, ffff8881029e8280)
[   12.979976] 
[   12.980083] The buggy address belongs to the physical page:
[   12.980340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8
[   12.980683] flags: 0x200000000000000(node=0|zone=2)
[   12.980945] page_type: f5(slab)
[   12.981070] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.981305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.982019] page dumped because: kasan: bad access detected
[   12.982298] 
[   12.982400] Memory state around the buggy address:
[   12.982640]  ffff8881029e8100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.983034]  ffff8881029e8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.983261] >ffff8881029e8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.983583]                    ^
[   12.983782]  ffff8881029e8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.984136]  ffff8881029e8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.984357] ==================================================================
[   13.013534] ==================================================================
[   13.014170] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.014541] Free of addr ffff888103cec000 by task kunit_try_catch/259
[   13.014789] 
[   13.014919] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   13.014970] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.014984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.015007] Call Trace:
[   13.015021]  <TASK>
[   13.015037]  dump_stack_lvl+0x73/0xb0
[   13.015066]  print_report+0xd1/0x650
[   13.015091]  ? __virt_addr_valid+0x1db/0x2d0
[   13.015119]  ? kasan_addr_to_slab+0x11/0xa0
[   13.015142]  ? mempool_double_free_helper+0x184/0x370
[   13.015169]  kasan_report_invalid_free+0x10a/0x130
[   13.015197]  ? mempool_double_free_helper+0x184/0x370
[   13.015226]  ? mempool_double_free_helper+0x184/0x370
[   13.015252]  __kasan_mempool_poison_pages+0x115/0x130
[   13.015280]  mempool_free+0x290/0x380
[   13.015306]  mempool_double_free_helper+0x184/0x370
[   13.015333]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.015359]  ? update_load_avg+0x1be/0x21b0
[   13.015387]  ? finish_task_switch.isra.0+0x153/0x700
[   13.015416]  mempool_page_alloc_double_free+0xe8/0x140
[   13.015441]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   13.015465]  ? dequeue_task_fair+0x166/0x4e0
[   13.015490]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   13.015514]  ? __pfx_mempool_free_pages+0x10/0x10
[   13.015539]  ? __pfx_read_tsc+0x10/0x10
[   13.015562]  ? ktime_get_ts64+0x86/0x230
[   13.015595]  kunit_try_run_case+0x1a5/0x480
[   13.015620]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.015641]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.015668]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.015695]  ? __kthread_parkme+0x82/0x180
[   13.015719]  ? preempt_count_sub+0x50/0x80
[   13.016073]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.016108]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.016135]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.016163]  kthread+0x337/0x6f0
[   13.016182]  ? trace_preempt_on+0x20/0xc0
[   13.016209]  ? __pfx_kthread+0x10/0x10
[   13.016230]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.016254]  ? calculate_sigpending+0x7b/0xa0
[   13.016278]  ? __pfx_kthread+0x10/0x10
[   13.016299]  ret_from_fork+0x41/0x80
[   13.016322]  ? __pfx_kthread+0x10/0x10
[   13.016344]  ret_from_fork_asm+0x1a/0x30
[   13.016378]  </TASK>
[   13.016391] 
[   13.026129] The buggy address belongs to the physical page:
[   13.026398] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cec
[   13.026723] flags: 0x200000000000000(node=0|zone=2)
[   13.027167] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   13.027466] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   13.027814] page dumped because: kasan: bad access detected
[   13.028101] 
[   13.028182] Memory state around the buggy address:
[   13.028384]  ffff888103cebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.028714]  ffff888103cebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.028975] >ffff888103cec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.029196]                    ^
[   13.029331]  ffff888103cec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.029653]  ffff888103cec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.030490] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHDX45bldMSBJpzmaNX6Oa8ya

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHDX45bldMSBJpzmaNX6Oa8ya

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/bzImage
sha256sum	f832e357085de19206056a035510bd43f1bc47badc4ae10b58ebab3542c23787

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/modules.tar.xz
sha256sum	ab3c5377b690ddf19fc7a14491556416ddf08419ceb427959995f1c420d461c9

durations

tests

boot	0
kunit	224.81

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit