lkft/sashal-linus-next - v6.13-rc7-43165-gcfb37db724c4 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

July 3, 2025, 6:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.966322] ==================================================================
[   18.967112] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   18.967184] Free of addr fff00000c79a0000 by task kunit_try_catch/239
[   18.967382] 
[   18.967617] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.968147] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.968423] Hardware name: linux,dummy-virt (DT)
[   18.968476] Call trace:
[   18.968499]  show_stack+0x20/0x38 (C)
[   18.968553]  dump_stack_lvl+0x8c/0xd0
[   18.968604]  print_report+0x118/0x608
[   18.968650]  kasan_report_invalid_free+0xc0/0xe8
[   18.968861]  __kasan_mempool_poison_pages+0xe0/0xe8
[   18.969453]  mempool_free+0x24c/0x328
[   18.969788]  mempool_double_free_helper+0x150/0x2e8
[   18.970025]  mempool_page_alloc_double_free+0xbc/0x118
[   18.970254]  kunit_try_run_case+0x170/0x3f0
[   18.970425]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.970482]  kthread+0x328/0x630
[   18.971004]  ret_from_fork+0x10/0x20
[   18.971073] 
[   18.971153] The buggy address belongs to the physical page:
[   18.971190] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079a0
[   18.971613] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.971797] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   18.972134] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.972292] page dumped because: kasan: bad access detected
[   18.972478] 
[   18.972590] Memory state around the buggy address:
[   18.972625]  fff00000c799ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.973159]  fff00000c799ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.973215] >fff00000c79a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.973359]                    ^
[   18.973392]  fff00000c79a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.973522]  fff00000c79a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.973599] ==================================================================
[   18.943194] ==================================================================
[   18.943253] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   18.943306] Free of addr fff00000c79a0000 by task kunit_try_catch/237
[   18.943348] 
[   18.943379] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.943461] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.943489] Hardware name: linux,dummy-virt (DT)
[   18.944570] Call trace:
[   18.944607]  show_stack+0x20/0x38 (C)
[   18.944722]  dump_stack_lvl+0x8c/0xd0
[   18.944773]  print_report+0x118/0x608
[   18.944823]  kasan_report_invalid_free+0xc0/0xe8
[   18.944930]  __kasan_mempool_poison_object+0x14c/0x150
[   18.944983]  mempool_free+0x28c/0x328
[   18.945199]  mempool_double_free_helper+0x150/0x2e8
[   18.945363]  mempool_kmalloc_large_double_free+0xc0/0x118
[   18.945422]  kunit_try_run_case+0x170/0x3f0
[   18.945748]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.946009]  kthread+0x328/0x630
[   18.946083]  ret_from_fork+0x10/0x20
[   18.946153] 
[   18.946335] The buggy address belongs to the physical page:
[   18.946373] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079a0
[   18.946430] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.946681] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.946945] page_type: f8(unknown)
[   18.947016] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.947077] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.947628] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.947683] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.947732] head: 0bfffe0000000002 ffffc1ffc31e6801 00000000ffffffff 00000000ffffffff
[   18.948313] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.948551] page dumped because: kasan: bad access detected
[   18.948607] 
[   18.948625] Memory state around the buggy address:
[   18.948781]  fff00000c799ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.948867]  fff00000c799ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.948932] >fff00000c79a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.949146]                    ^
[   18.949259]  fff00000c79a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.949420]  fff00000c79a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.949848] ==================================================================
[   18.914903] ==================================================================
[   18.914965] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   18.916796] Free of addr fff00000c57d5c00 by task kunit_try_catch/235
[   18.916973] 
[   18.917016] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.917264] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.917293] Hardware name: linux,dummy-virt (DT)
[   18.917356] Call trace:
[   18.917377]  show_stack+0x20/0x38 (C)
[   18.917432]  dump_stack_lvl+0x8c/0xd0
[   18.917520]  print_report+0x118/0x608
[   18.917568]  kasan_report_invalid_free+0xc0/0xe8
[   18.917618]  check_slab_allocation+0xd4/0x108
[   18.917664]  __kasan_mempool_poison_object+0x78/0x150
[   18.917726]  mempool_free+0x28c/0x328
[   18.917814]  mempool_double_free_helper+0x150/0x2e8
[   18.917934]  mempool_kmalloc_double_free+0xc0/0x118
[   18.918172]  kunit_try_run_case+0x170/0x3f0
[   18.918298]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.918608]  kthread+0x328/0x630
[   18.918987]  ret_from_fork+0x10/0x20
[   18.919442] 
[   18.919487] Allocated by task 235:
[   18.919524]  kasan_save_stack+0x3c/0x68
[   18.919703]  kasan_save_track+0x20/0x40
[   18.919744]  kasan_save_alloc_info+0x40/0x58
[   18.920072]  __kasan_mempool_unpoison_object+0x11c/0x180
[   18.920293]  remove_element+0x130/0x1f8
[   18.920329]  mempool_alloc_preallocated+0x58/0xc0
[   18.920367]  mempool_double_free_helper+0x94/0x2e8
[   18.920772]  mempool_kmalloc_double_free+0xc0/0x118
[   18.920899]  kunit_try_run_case+0x170/0x3f0
[   18.921130]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.921198]  kthread+0x328/0x630
[   18.921231]  ret_from_fork+0x10/0x20
[   18.921267] 
[   18.921711] Freed by task 235:
[   18.921743]  kasan_save_stack+0x3c/0x68
[   18.922200]  kasan_save_track+0x20/0x40
[   18.922316]  kasan_save_free_info+0x4c/0x78
[   18.922357]  __kasan_mempool_poison_object+0xc0/0x150
[   18.922864]  mempool_free+0x28c/0x328
[   18.923111]  mempool_double_free_helper+0x100/0x2e8
[   18.923383]  mempool_kmalloc_double_free+0xc0/0x118
[   18.923433]  kunit_try_run_case+0x170/0x3f0
[   18.923782]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.923838]  kthread+0x328/0x630
[   18.924110]  ret_from_fork+0x10/0x20
[   18.924199] 
[   18.924331] The buggy address belongs to the object at fff00000c57d5c00
[   18.924331]  which belongs to the cache kmalloc-128 of size 128
[   18.924679] The buggy address is located 0 bytes inside of
[   18.924679]  128-byte region [fff00000c57d5c00, fff00000c57d5c80)
[   18.924805] 
[   18.924827] The buggy address belongs to the physical page:
[   18.925153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d5
[   18.925228] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.925276] page_type: f5(slab)
[   18.925316] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.925365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.925404] page dumped because: kasan: bad access detected
[   18.925434] 
[   18.925451] Memory state around the buggy address:
[   18.925752]  fff00000c57d5b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.926248]  fff00000c57d5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.926320] >fff00000c57d5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.926558]                    ^
[   18.926707]  fff00000c57d5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.926906]  fff00000c57d5d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.927009] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL5oRbEmqaoyhMhEOvLzS6IfC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL5oRbEmqaoyhMhEOvLzS6IfC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/Image.gz
sha256sum	75bd93f2a9f934a99efc331115dacf43cd61683d1338c69f56928f4e505c4b9f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/modules.tar.xz
sha256sum	ba9b1a7bf6af40dbc6b67719635e8125d452a6738f5e6a1c543b4789f281320d

durations

tests

boot	0
kunit	167.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.115164] ==================================================================
[   13.116318] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.116736] Free of addr ffff888102a14000 by task kunit_try_catch/257
[   13.116945] 
[   13.117035] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.117081] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.117093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.117125] Call Trace:
[   13.117139]  <TASK>
[   13.117164]  dump_stack_lvl+0x73/0xb0
[   13.117192]  print_report+0xd1/0x650
[   13.117214]  ? __virt_addr_valid+0x1db/0x2d0
[   13.117237]  ? kasan_addr_to_slab+0x11/0xa0
[   13.117257]  ? mempool_double_free_helper+0x184/0x370
[   13.117282]  kasan_report_invalid_free+0x10a/0x130
[   13.117306]  ? mempool_double_free_helper+0x184/0x370
[   13.117338]  ? mempool_double_free_helper+0x184/0x370
[   13.117361]  __kasan_mempool_poison_pages+0x115/0x130
[   13.117384]  mempool_free+0x290/0x380
[   13.117405]  mempool_double_free_helper+0x184/0x370
[   13.117428]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.117453]  ? __kasan_check_write+0x18/0x20
[   13.117484]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.117504]  ? finish_task_switch.isra.0+0x153/0x700
[   13.117529]  mempool_page_alloc_double_free+0xe8/0x140
[   13.117564]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   13.117601]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   13.117620]  ? __pfx_mempool_free_pages+0x10/0x10
[   13.117642]  ? __pfx_read_tsc+0x10/0x10
[   13.117674]  ? ktime_get_ts64+0x86/0x230
[   13.117696]  kunit_try_run_case+0x1a5/0x480
[   13.117719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.117740]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.117763]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.117784]  ? __kthread_parkme+0x82/0x180
[   13.117804]  ? preempt_count_sub+0x50/0x80
[   13.117835]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.117859]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.117881]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.117914]  kthread+0x337/0x6f0
[   13.117933]  ? trace_preempt_on+0x20/0xc0
[   13.117956]  ? __pfx_kthread+0x10/0x10
[   13.117976]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.118007]  ? calculate_sigpending+0x7b/0xa0
[   13.118030]  ? __pfx_kthread+0x10/0x10
[   13.118051]  ret_from_fork+0x116/0x1d0
[   13.118078]  ? __pfx_kthread+0x10/0x10
[   13.118108]  ret_from_fork_asm+0x1a/0x30
[   13.118138]  </TASK>
[   13.118149] 
[   13.128438] The buggy address belongs to the physical page:
[   13.128623] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a14
[   13.129598] flags: 0x200000000000000(node=0|zone=2)
[   13.129779] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   13.130153] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   13.130704] page dumped because: kasan: bad access detected
[   13.130971] 
[   13.131045] Memory state around the buggy address:
[   13.131528]  ffff888102a13f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.131860]  ffff888102a13f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.132725] >ffff888102a14000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.132955]                    ^
[   13.133074]  ffff888102a14080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.133883]  ffff888102a14100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.134298] ==================================================================
[   13.058515] ==================================================================
[   13.058995] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.059439] Free of addr ffff888103348300 by task kunit_try_catch/253
[   13.059699] 
[   13.059810] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.059852] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.059864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.059885] Call Trace:
[   13.059896]  <TASK>
[   13.059912]  dump_stack_lvl+0x73/0xb0
[   13.059941]  print_report+0xd1/0x650
[   13.059963]  ? __virt_addr_valid+0x1db/0x2d0
[   13.059988]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.060010]  ? mempool_double_free_helper+0x184/0x370
[   13.060033]  kasan_report_invalid_free+0x10a/0x130
[   13.060056]  ? mempool_double_free_helper+0x184/0x370
[   13.060082]  ? mempool_double_free_helper+0x184/0x370
[   13.060116]  ? mempool_double_free_helper+0x184/0x370
[   13.060140]  check_slab_allocation+0x101/0x130
[   13.060164]  __kasan_mempool_poison_object+0x91/0x1d0
[   13.060190]  mempool_free+0x2ec/0x380
[   13.060213]  mempool_double_free_helper+0x184/0x370
[   13.060236]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.060261]  ? __kasan_check_write+0x18/0x20
[   13.060281]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.060303]  ? irqentry_exit+0x2a/0x60
[   13.060326]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.060351]  mempool_kmalloc_double_free+0xed/0x140
[   13.060373]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   13.060400]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.060424]  ? __pfx_mempool_kfree+0x10/0x10
[   13.060448]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   13.060472]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   13.060552]  kunit_try_run_case+0x1a5/0x480
[   13.060579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.060600]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.060623]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.060644]  ? __kthread_parkme+0x82/0x180
[   13.060680]  ? preempt_count_sub+0x50/0x80
[   13.060704]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.060726]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.060748]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.060771]  kthread+0x337/0x6f0
[   13.060790]  ? trace_preempt_on+0x20/0xc0
[   13.060812]  ? __pfx_kthread+0x10/0x10
[   13.060832]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.060852]  ? calculate_sigpending+0x7b/0xa0
[   13.060876]  ? __pfx_kthread+0x10/0x10
[   13.060897]  ret_from_fork+0x116/0x1d0
[   13.060916]  ? __pfx_kthread+0x10/0x10
[   13.060936]  ret_from_fork_asm+0x1a/0x30
[   13.060965]  </TASK>
[   13.060976] 
[   13.075086] Allocated by task 253:
[   13.075281]  kasan_save_stack+0x45/0x70
[   13.075503]  kasan_save_track+0x18/0x40
[   13.075637]  kasan_save_alloc_info+0x3b/0x50
[   13.075977]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.076340]  remove_element+0x11e/0x190
[   13.076528]  mempool_alloc_preallocated+0x4d/0x90
[   13.076820]  mempool_double_free_helper+0x8a/0x370
[   13.076980]  mempool_kmalloc_double_free+0xed/0x140
[   13.077198]  kunit_try_run_case+0x1a5/0x480
[   13.077530]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.077789]  kthread+0x337/0x6f0
[   13.077959]  ret_from_fork+0x116/0x1d0
[   13.078200]  ret_from_fork_asm+0x1a/0x30
[   13.078404] 
[   13.078500] Freed by task 253:
[   13.078644]  kasan_save_stack+0x45/0x70
[   13.078821]  kasan_save_track+0x18/0x40
[   13.078956]  kasan_save_free_info+0x3f/0x60
[   13.079116]  __kasan_mempool_poison_object+0x131/0x1d0
[   13.079406]  mempool_free+0x2ec/0x380
[   13.079597]  mempool_double_free_helper+0x109/0x370
[   13.079828]  mempool_kmalloc_double_free+0xed/0x140
[   13.079997]  kunit_try_run_case+0x1a5/0x480
[   13.080155]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.080421]  kthread+0x337/0x6f0
[   13.080644]  ret_from_fork+0x116/0x1d0
[   13.080836]  ret_from_fork_asm+0x1a/0x30
[   13.081030] 
[   13.081135] The buggy address belongs to the object at ffff888103348300
[   13.081135]  which belongs to the cache kmalloc-128 of size 128
[   13.081638] The buggy address is located 0 bytes inside of
[   13.081638]  128-byte region [ffff888103348300, ffff888103348380)
[   13.082085] 
[   13.082172] The buggy address belongs to the physical page:
[   13.082348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103348
[   13.082698] flags: 0x200000000000000(node=0|zone=2)
[   13.083070] page_type: f5(slab)
[   13.083395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.083682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.083911] page dumped because: kasan: bad access detected
[   13.084214] 
[   13.084314] Memory state around the buggy address:
[   13.084546]  ffff888103348200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.084873]  ffff888103348280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.085184] >ffff888103348300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.085561]                    ^
[   13.085729]  ffff888103348380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.085968]  ffff888103348400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.086506] ==================================================================
[   13.090080] ==================================================================
[   13.090660] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   13.090963] Free of addr ffff8881039c0000 by task kunit_try_catch/255
[   13.091845] 
[   13.092096] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.092154] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.092167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.092189] Call Trace:
[   13.092297]  <TASK>
[   13.092312]  dump_stack_lvl+0x73/0xb0
[   13.092343]  print_report+0xd1/0x650
[   13.092366]  ? __virt_addr_valid+0x1db/0x2d0
[   13.092388]  ? kasan_addr_to_slab+0x11/0xa0
[   13.092407]  ? mempool_double_free_helper+0x184/0x370
[   13.092431]  kasan_report_invalid_free+0x10a/0x130
[   13.092454]  ? mempool_double_free_helper+0x184/0x370
[   13.092480]  ? mempool_double_free_helper+0x184/0x370
[   13.092502]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   13.092526]  mempool_free+0x2ec/0x380
[   13.092547]  mempool_double_free_helper+0x184/0x370
[   13.092569]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   13.092593]  ? __kasan_check_write+0x18/0x20
[   13.092612]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.092633]  ? finish_task_switch.isra.0+0x153/0x700
[   13.092658]  mempool_kmalloc_large_double_free+0xed/0x140
[   13.092682]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   13.092708]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.092730]  ? __pfx_mempool_kfree+0x10/0x10
[   13.092753]  ? __pfx_read_tsc+0x10/0x10
[   13.092774]  ? ktime_get_ts64+0x86/0x230
[   13.092798]  kunit_try_run_case+0x1a5/0x480
[   13.092821]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.092842]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.092865]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.092886]  ? __kthread_parkme+0x82/0x180
[   13.092905]  ? preempt_count_sub+0x50/0x80
[   13.092927]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.092950]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.092972]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.092993]  kthread+0x337/0x6f0
[   13.093012]  ? trace_preempt_on+0x20/0xc0
[   13.093034]  ? __pfx_kthread+0x10/0x10
[   13.093053]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.093074]  ? calculate_sigpending+0x7b/0xa0
[   13.093109]  ? __pfx_kthread+0x10/0x10
[   13.093132]  ret_from_fork+0x116/0x1d0
[   13.093163]  ? __pfx_kthread+0x10/0x10
[   13.093183]  ret_from_fork_asm+0x1a/0x30
[   13.093213]  </TASK>
[   13.093224] 
[   13.105552] The buggy address belongs to the physical page:
[   13.105910] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0
[   13.106312] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.106852] flags: 0x200000000000040(head|node=0|zone=2)
[   13.107129] page_type: f8(unknown)
[   13.107383] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.107707] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.108027] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.108456] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.108747] head: 0200000000000002 ffffea00040e7001 00000000ffffffff 00000000ffffffff
[   13.109063] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.109512] page dumped because: kasan: bad access detected
[   13.109700] 
[   13.109817] Memory state around the buggy address:
[   13.110041]  ffff8881039bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.110785]  ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.111140] >ffff8881039c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.111740]                    ^
[   13.111940]  ffff8881039c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.112519]  ffff8881039c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.112825] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL6lw8QpiLx2X80bHtYDEoIkO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL6lw8QpiLx2X80bHtYDEoIkO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/bzImage
sha256sum	f913311db6c7753aa3ccadda2e754832cad135a441849c4a73d7959c2b6c87e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/modules.tar.xz
sha256sum	43ae06e48ef12e1aba423c47b6cdbc55af315831d6ed3f78d515cc08d1dc28a1

durations

tests

boot	0
kunit	204.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit