lkft/linux-stable-rc-linux-6.15.y - v6.15.6-193-ge6001d5f7944 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 15, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.933026] ==================================================================
[   19.934252] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   19.934416] Free of addr fff00000c59e4e00 by task kunit_try_catch/237
[   19.934467] 
[   19.934499] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   19.934582] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.935388] Hardware name: linux,dummy-virt (DT)
[   19.935821] Call trace:
[   19.935999]  show_stack+0x20/0x38 (C)
[   19.936434]  dump_stack_lvl+0x8c/0xd0
[   19.936896]  print_report+0x118/0x5d0
[   19.936953]  kasan_report_invalid_free+0xc0/0xe8
[   19.937004]  check_slab_allocation+0xd4/0x108
[   19.937903]  __kasan_mempool_poison_object+0x78/0x150
[   19.937968]  mempool_free+0x28c/0x328
[   19.938545]  mempool_double_free_helper+0x150/0x2e8
[   19.939176]  mempool_kmalloc_double_free+0xc0/0x118
[   19.939505]  kunit_try_run_case+0x170/0x3f0
[   19.940064]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.940567]  kthread+0x328/0x630
[   19.940921]  ret_from_fork+0x10/0x20
[   19.941221] 
[   19.941240] Allocated by task 237:
[   19.941272]  kasan_save_stack+0x3c/0x68
[   19.942169]  kasan_save_track+0x20/0x40
[   19.942393]  kasan_save_alloc_info+0x40/0x58
[   19.942436]  __kasan_mempool_unpoison_object+0x11c/0x180
[   19.942480]  remove_element+0x130/0x1f8
[   19.943125]  mempool_alloc_preallocated+0x58/0xc0
[   19.943459]  mempool_double_free_helper+0x94/0x2e8
[   19.943998]  mempool_kmalloc_double_free+0xc0/0x118
[   19.944466]  kunit_try_run_case+0x170/0x3f0
[   19.944518]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.945194]  kthread+0x328/0x630
[   19.945909]  ret_from_fork+0x10/0x20
[   19.946014] 
[   19.946037] Freed by task 237:
[   19.946399]  kasan_save_stack+0x3c/0x68
[   19.946730]  kasan_save_track+0x20/0x40
[   19.946947]  kasan_save_free_info+0x4c/0x78
[   19.947808]  __kasan_mempool_poison_object+0xc0/0x150
[   19.948511]  mempool_free+0x28c/0x328
[   19.948747]  mempool_double_free_helper+0x100/0x2e8
[   19.948839]  mempool_kmalloc_double_free+0xc0/0x118
[   19.949038]  kunit_try_run_case+0x170/0x3f0
[   19.949078]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.949879]  kthread+0x328/0x630
[   19.950033]  ret_from_fork+0x10/0x20
[   19.950088] 
[   19.950110] The buggy address belongs to the object at fff00000c59e4e00
[   19.950110]  which belongs to the cache kmalloc-128 of size 128
[   19.951175] The buggy address is located 0 bytes inside of
[   19.951175]  128-byte region [fff00000c59e4e00, fff00000c59e4e80)
[   19.951507] 
[   19.951543] The buggy address belongs to the physical page:
[   19.951614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059e4
[   19.951671] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.951722] page_type: f5(slab)
[   19.952976] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.953967] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.954328] page dumped because: kasan: bad access detected
[   19.954435] 
[   19.954821] Memory state around the buggy address:
[   19.955047]  fff00000c59e4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.955540]  fff00000c59e4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.956200] >fff00000c59e4e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.956363]                    ^
[   19.956752]  fff00000c59e4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.958078]  fff00000c59e4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.958633] ==================================================================
[   19.973039] ==================================================================
[   19.973099] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   19.973166] Free of addr fff00000c7938000 by task kunit_try_catch/239
[   19.973630] 
[   19.973963] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   19.974476] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.974581] Hardware name: linux,dummy-virt (DT)
[   19.974679] Call trace:
[   19.974892]  show_stack+0x20/0x38 (C)
[   19.974976]  dump_stack_lvl+0x8c/0xd0
[   19.975153]  print_report+0x118/0x5d0
[   19.975221]  kasan_report_invalid_free+0xc0/0xe8
[   19.975411]  __kasan_mempool_poison_object+0x14c/0x150
[   19.975610]  mempool_free+0x28c/0x328
[   19.975681]  mempool_double_free_helper+0x150/0x2e8
[   19.975974]  mempool_kmalloc_large_double_free+0xc0/0x118
[   19.976315]  kunit_try_run_case+0x170/0x3f0
[   19.976662]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.976797]  kthread+0x328/0x630
[   19.976893]  ret_from_fork+0x10/0x20
[   19.977348] 
[   19.977440] The buggy address belongs to the physical page:
[   19.977529] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107938
[   19.977854] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.978022] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.978218] page_type: f8(unknown)
[   19.978262] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.978624] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.978724] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.978797] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.979024] head: 0bfffe0000000002 ffffc1ffc31e4e01 00000000ffffffff 00000000ffffffff
[   19.979238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.979375] page dumped because: kasan: bad access detected
[   19.979460] 
[   19.979487] Memory state around the buggy address:
[   19.979806]  fff00000c7937f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.979887]  fff00000c7937f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.980045] >fff00000c7938000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.980098]                    ^
[   19.980151]  fff00000c7938080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.980454]  fff00000c7938100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.980618] ==================================================================
[   19.987098] ==================================================================
[   19.987156] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   19.987224] Free of addr fff00000c793c000 by task kunit_try_catch/241
[   19.987319] 
[   19.987353] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   19.987581] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.987701] Hardware name: linux,dummy-virt (DT)
[   19.987739] Call trace:
[   19.987849]  show_stack+0x20/0x38 (C)
[   19.987914]  dump_stack_lvl+0x8c/0xd0
[   19.987963]  print_report+0x118/0x5d0
[   19.988238]  kasan_report_invalid_free+0xc0/0xe8
[   19.988375]  __kasan_mempool_poison_pages+0xe0/0xe8
[   19.988443]  mempool_free+0x24c/0x328
[   19.988531]  mempool_double_free_helper+0x150/0x2e8
[   19.988585]  mempool_page_alloc_double_free+0xbc/0x118
[   19.988636]  kunit_try_run_case+0x170/0x3f0
[   19.988894]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.988960]  kthread+0x328/0x630
[   19.989008]  ret_from_fork+0x10/0x20
[   19.989053] 
[   19.989073] The buggy address belongs to the physical page:
[   19.989104] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10793c
[   19.989159] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.989232] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   19.989283] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   19.989401] page dumped because: kasan: bad access detected
[   19.989441] 
[   19.989459] Memory state around the buggy address:
[   19.989492]  fff00000c793bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.989536]  fff00000c793bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.989580] >fff00000c793c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.989646]                    ^
[   19.989675]  fff00000c793c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.989717]  fff00000c793c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.989757] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukwdBCddr8O80gGskAZRJ92TK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukwdBCddr8O80gGskAZRJ92TK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/Image.gz
sha256sum	b0e860f17b10076c4d346cc4e669f0a4314b9c47de014734fef43b203ae0e34e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/modules.tar.xz
sha256sum	ba72242d720b0973d3bbe494c38fcb449b610f739295df61530720aaf0f78e60

durations

tests

boot	0
kunit	190.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.662567] ==================================================================
[   12.663158] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.663480] Free of addr ffff888102ac8000 by task kunit_try_catch/256
[   12.663748] 
[   12.663836] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   12.663891] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.663903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.663923] Call Trace:
[   12.663934]  <TASK>
[   12.663949]  dump_stack_lvl+0x73/0xb0
[   12.663972]  print_report+0xd1/0x610
[   12.664028]  ? __virt_addr_valid+0x1db/0x2d0
[   12.664051]  ? kasan_addr_to_slab+0x11/0xa0
[   12.664071]  ? mempool_double_free_helper+0x184/0x370
[   12.664095]  kasan_report_invalid_free+0x10a/0x130
[   12.664119]  ? mempool_double_free_helper+0x184/0x370
[   12.664145]  ? mempool_double_free_helper+0x184/0x370
[   12.664167]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   12.664191]  mempool_free+0x2ec/0x380
[   12.664214]  mempool_double_free_helper+0x184/0x370
[   12.664237]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.664264]  ? finish_task_switch.isra.0+0x153/0x700
[   12.664290]  mempool_kmalloc_large_double_free+0xed/0x140
[   12.664314]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   12.664337]  ? dequeue_task_fair+0x156/0x4e0
[   12.664359]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.664378]  ? __pfx_mempool_kfree+0x10/0x10
[   12.664399]  ? __pfx_read_tsc+0x10/0x10
[   12.664417]  ? ktime_get_ts64+0x86/0x230
[   12.664441]  kunit_try_run_case+0x1a5/0x480
[   12.664461]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.664479]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.664502]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.664526]  ? __kthread_parkme+0x82/0x180
[   12.664547]  ? preempt_count_sub+0x50/0x80
[   12.664590]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.664611]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.664633]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.664655]  kthread+0x337/0x6f0
[   12.664671]  ? trace_preempt_on+0x20/0xc0
[   12.664694]  ? __pfx_kthread+0x10/0x10
[   12.664711]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.664732]  ? calculate_sigpending+0x7b/0xa0
[   12.664753]  ? __pfx_kthread+0x10/0x10
[   12.664770]  ret_from_fork+0x41/0x80
[   12.664790]  ? __pfx_kthread+0x10/0x10
[   12.664807]  ret_from_fork_asm+0x1a/0x30
[   12.664837]  </TASK>
[   12.664847] 
[   12.674161] The buggy address belongs to the physical page:
[   12.674389] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ac8
[   12.674836] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.675259] flags: 0x200000000000040(head|node=0|zone=2)
[   12.675441] page_type: f8(unknown)
[   12.675578] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.675918] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.676297] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.676530] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.676929] head: 0200000000000002 ffffea00040ab201 00000000ffffffff 00000000ffffffff
[   12.677312] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.677673] page dumped because: kasan: bad access detected
[   12.678077] 
[   12.678176] Memory state around the buggy address:
[   12.678384]  ffff888102ac7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.678670]  ffff888102ac7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.679078] >ffff888102ac8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.679351]                    ^
[   12.679513]  ffff888102ac8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.679738]  ffff888102ac8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.680037] ==================================================================
[   12.620068] ==================================================================
[   12.620560] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.621006] Free of addr ffff888102240600 by task kunit_try_catch/254
[   12.621277] 
[   12.621405] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   12.621454] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.621466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.621488] Call Trace:
[   12.621500]  <TASK>
[   12.621515]  dump_stack_lvl+0x73/0xb0
[   12.621543]  print_report+0xd1/0x610
[   12.621566]  ? __virt_addr_valid+0x1db/0x2d0
[   12.621611]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.621632]  ? mempool_double_free_helper+0x184/0x370
[   12.621656]  kasan_report_invalid_free+0x10a/0x130
[   12.621765]  ? mempool_double_free_helper+0x184/0x370
[   12.621822]  ? mempool_double_free_helper+0x184/0x370
[   12.621846]  ? mempool_double_free_helper+0x184/0x370
[   12.621867]  check_slab_allocation+0x101/0x130
[   12.621900]  __kasan_mempool_poison_object+0x91/0x1d0
[   12.621924]  mempool_free+0x2ec/0x380
[   12.621948]  mempool_double_free_helper+0x184/0x370
[   12.621972]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.621995]  ? dequeue_entities+0x852/0x1740
[   12.622019]  ? finish_task_switch.isra.0+0x153/0x700
[   12.622045]  mempool_kmalloc_double_free+0xed/0x140
[   12.622069]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   12.622091]  ? dequeue_task_fair+0x166/0x4e0
[   12.622113]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.622131]  ? __pfx_mempool_kfree+0x10/0x10
[   12.622152]  ? __pfx_read_tsc+0x10/0x10
[   12.622193]  ? ktime_get_ts64+0x86/0x230
[   12.622218]  kunit_try_run_case+0x1a5/0x480
[   12.622239]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.622257]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.622282]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.622305]  ? __kthread_parkme+0x82/0x180
[   12.622327]  ? preempt_count_sub+0x50/0x80
[   12.622366]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.622386]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.622408]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.622430]  kthread+0x337/0x6f0
[   12.622446]  ? trace_preempt_on+0x20/0xc0
[   12.622469]  ? __pfx_kthread+0x10/0x10
[   12.622487]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.622508]  ? calculate_sigpending+0x7b/0xa0
[   12.622530]  ? __pfx_kthread+0x10/0x10
[   12.622547]  ret_from_fork+0x41/0x80
[   12.622567]  ? __pfx_kthread+0x10/0x10
[   12.622584]  ret_from_fork_asm+0x1a/0x30
[   12.622615]  </TASK>
[   12.622625] 
[   12.636529] Allocated by task 254:
[   12.636663]  kasan_save_stack+0x45/0x70
[   12.637067]  kasan_save_track+0x18/0x40
[   12.637443]  kasan_save_alloc_info+0x3b/0x50
[   12.637935]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.638468]  remove_element+0x11e/0x190
[   12.638866]  mempool_alloc_preallocated+0x4d/0x90
[   12.639035]  mempool_double_free_helper+0x8a/0x370
[   12.639193]  mempool_kmalloc_double_free+0xed/0x140
[   12.639354]  kunit_try_run_case+0x1a5/0x480
[   12.639496]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.639667]  kthread+0x337/0x6f0
[   12.639782]  ret_from_fork+0x41/0x80
[   12.640310]  ret_from_fork_asm+0x1a/0x30
[   12.640747] 
[   12.640947] Freed by task 254:
[   12.641259]  kasan_save_stack+0x45/0x70
[   12.641845]  kasan_save_track+0x18/0x40
[   12.642225]  kasan_save_free_info+0x3f/0x60
[   12.642614]  __kasan_mempool_poison_object+0x131/0x1d0
[   12.643162]  mempool_free+0x2ec/0x380
[   12.643624]  mempool_double_free_helper+0x109/0x370
[   12.644220]  mempool_kmalloc_double_free+0xed/0x140
[   12.644924]  kunit_try_run_case+0x1a5/0x480
[   12.645336]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.645675]  kthread+0x337/0x6f0
[   12.645809]  ret_from_fork+0x41/0x80
[   12.646047]  ret_from_fork_asm+0x1a/0x30
[   12.646420] 
[   12.646577] The buggy address belongs to the object at ffff888102240600
[   12.646577]  which belongs to the cache kmalloc-128 of size 128
[   12.647887] The buggy address is located 0 bytes inside of
[   12.647887]  128-byte region [ffff888102240600, ffff888102240680)
[   12.648508] 
[   12.648700] The buggy address belongs to the physical page:
[   12.649285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102240
[   12.649908] flags: 0x200000000000000(node=0|zone=2)
[   12.650179] page_type: f5(slab)
[   12.650495] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.651255] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.651809] page dumped because: kasan: bad access detected
[   12.652237] 
[   12.652305] Memory state around the buggy address:
[   12.652459]  ffff888102240500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.652671]  ffff888102240580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.653569] >ffff888102240600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.654411]                    ^
[   12.654729]  ffff888102240680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.655669]  ffff888102240700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.656490] ==================================================================
[   12.683366] ==================================================================
[   12.683928] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   12.684343] Free of addr ffff888102acc000 by task kunit_try_catch/258
[   12.684603] 
[   12.684689] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   12.684733] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.684744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.684763] Call Trace:
[   12.684774]  <TASK>
[   12.684788]  dump_stack_lvl+0x73/0xb0
[   12.684821]  print_report+0xd1/0x610
[   12.684844]  ? __virt_addr_valid+0x1db/0x2d0
[   12.684865]  ? kasan_addr_to_slab+0x11/0xa0
[   12.684895]  ? mempool_double_free_helper+0x184/0x370
[   12.684920]  kasan_report_invalid_free+0x10a/0x130
[   12.684944]  ? mempool_double_free_helper+0x184/0x370
[   12.684969]  ? mempool_double_free_helper+0x184/0x370
[   12.684992]  __kasan_mempool_poison_pages+0x115/0x130
[   12.685015]  mempool_free+0x290/0x380
[   12.685037]  mempool_double_free_helper+0x184/0x370
[   12.685060]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   12.685084]  ? dequeue_entities+0x852/0x1740
[   12.685107]  ? finish_task_switch.isra.0+0x153/0x700
[   12.685137]  mempool_page_alloc_double_free+0xe8/0x140
[   12.685158]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   12.685178]  ? dequeue_task_fair+0x166/0x4e0
[   12.685200]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   12.685219]  ? __pfx_mempool_free_pages+0x10/0x10
[   12.685240]  ? __pfx_read_tsc+0x10/0x10
[   12.685259]  ? ktime_get_ts64+0x86/0x230
[   12.685282]  kunit_try_run_case+0x1a5/0x480
[   12.685302]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.685319]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.685341]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.685364]  ? __kthread_parkme+0x82/0x180
[   12.685384]  ? preempt_count_sub+0x50/0x80
[   12.685407]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.685427]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.685449]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.685472]  kthread+0x337/0x6f0
[   12.685487]  ? trace_preempt_on+0x20/0xc0
[   12.685509]  ? __pfx_kthread+0x10/0x10
[   12.685526]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.685547]  ? calculate_sigpending+0x7b/0xa0
[   12.685567]  ? __pfx_kthread+0x10/0x10
[   12.685584]  ret_from_fork+0x41/0x80
[   12.685603]  ? __pfx_kthread+0x10/0x10
[   12.685620]  ret_from_fork_asm+0x1a/0x30
[   12.685651]  </TASK>
[   12.685661] 
[   12.694500] The buggy address belongs to the physical page:
[   12.694744] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102acc
[   12.695023] flags: 0x200000000000000(node=0|zone=2)
[   12.695193] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   12.695731] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.696283] page dumped because: kasan: bad access detected
[   12.696453] 
[   12.696519] Memory state around the buggy address:
[   12.696670]  ffff888102acbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.696887]  ffff888102acbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.697370] >ffff888102acc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.697696]                    ^
[   12.697866]  ffff888102acc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.698171]  ffff888102acc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.698591] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukxmzNrsaISlcQpWi8gxQVWk6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukxmzNrsaISlcQpWi8gxQVWk6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/bzImage
sha256sum	6359b76b264b4bf459aa8408711bf0e517a07721ad97f1471de243ff17baef19

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/modules.tar.xz
sha256sum	f6ea602678cc1fbeece7230b895aa5bbae863bca90c89576af624930df349f2a

durations

tests

boot	0
kunit	210.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit