lkft/linux-next-master - next-20250702 - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   33.080651] ==================================================================
[   33.080728] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8
[   33.080790] Free of addr fff00000c8dc5401 by task kunit_try_catch/274
[   33.080833] 
[   33.080873] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.080975] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.081004] Hardware name: linux,dummy-virt (DT)
[   33.081033] Call trace:
[   33.081088]  show_stack+0x20/0x38 (C)
[   33.081287]  dump_stack_lvl+0x8c/0xd0
[   33.081336]  print_report+0x118/0x608
[   33.081403]  kasan_report_invalid_free+0xc0/0xe8
[   33.081456]  check_slab_allocation+0xfc/0x108
[   33.081523]  __kasan_mempool_poison_object+0x78/0x150
[   33.081578]  mempool_free+0x28c/0x328
[   33.081651]  mempool_kmalloc_invalid_free_helper+0x118/0x2a8
[   33.081715]  mempool_kmalloc_invalid_free+0xc0/0x118
[   33.081782]  kunit_try_run_case+0x170/0x3f0
[   33.081835]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.082178]  kthread+0x328/0x630
[   33.082264]  ret_from_fork+0x10/0x20
[   33.082317] 
[   33.082335] Allocated by task 274:
[   33.082384]  kasan_save_stack+0x3c/0x68
[   33.082453]  kasan_save_track+0x20/0x40
[   33.082512]  kasan_save_alloc_info+0x40/0x58
[   33.082567]  __kasan_mempool_unpoison_object+0x11c/0x180
[   33.082613]  remove_element+0x130/0x1f8
[   33.082648]  mempool_alloc_preallocated+0x58/0xc0
[   33.082707]  mempool_kmalloc_invalid_free_helper+0x94/0x2a8
[   33.082751]  mempool_kmalloc_invalid_free+0xc0/0x118
[   33.082791]  kunit_try_run_case+0x170/0x3f0
[   33.082938]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.083013]  kthread+0x328/0x630
[   33.083050]  ret_from_fork+0x10/0x20
[   33.083087] 
[   33.083179] The buggy address belongs to the object at fff00000c8dc5400
[   33.083179]  which belongs to the cache kmalloc-128 of size 128
[   33.083258] The buggy address is located 1 bytes inside of
[   33.083258]  128-byte region [fff00000c8dc5400, fff00000c8dc5480)
[   33.083321] 
[   33.083362] The buggy address belongs to the physical page:
[   33.083394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5
[   33.083448] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.083497] page_type: f5(slab)
[   33.083535] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   33.083602] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.083876] page dumped because: kasan: bad access detected
[   33.083996] 
[   33.084084] Memory state around the buggy address:
[   33.084145]  fff00000c8dc5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.084210]  fff00000c8dc5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.084308] >fff00000c8dc5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.084349]                    ^
[   33.084378]  fff00000c8dc5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.084438]  fff00000c8dc5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.084477] ==================================================================
[   33.091068] ==================================================================
[   33.091172] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8
[   33.091233] Free of addr fff00000c9b04001 by task kunit_try_catch/276
[   33.091278] 
[   33.091313] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.091497] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.091563] Hardware name: linux,dummy-virt (DT)
[   33.091704] Call trace:
[   33.091825]  show_stack+0x20/0x38 (C)
[   33.091922]  dump_stack_lvl+0x8c/0xd0
[   33.091986]  print_report+0x118/0x608
[   33.092034]  kasan_report_invalid_free+0xc0/0xe8
[   33.092105]  __kasan_mempool_poison_object+0xfc/0x150
[   33.092158]  mempool_free+0x28c/0x328
[   33.092204]  mempool_kmalloc_invalid_free_helper+0x118/0x2a8
[   33.092257]  mempool_kmalloc_large_invalid_free+0xc0/0x118
[   33.092310]  kunit_try_run_case+0x170/0x3f0
[   33.092359]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.092414]  kthread+0x328/0x630
[   33.092456]  ret_from_fork+0x10/0x20
[   33.092766] 
[   33.092811] The buggy address belongs to the physical page:
[   33.092912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   33.093026] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.093153] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.093219] page_type: f8(unknown)
[   33.093261] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.093311] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.093510] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.093575] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.093662] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   33.093723] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.093784] page dumped because: kasan: bad access detected
[   33.093816] 
[   33.093834] Memory state around the buggy address:
[   33.093876]  fff00000c9b03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.093918]  fff00000c9b03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   33.093973] >fff00000c9b04000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.094012]                    ^
[   33.094052]  fff00000c9b04080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.094105]  fff00000c9b04100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.094155] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   34.885114] ==================================================================
[   34.885206] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8
[   34.885475] Free of addr fff00000c8dbdc01 by task kunit_try_catch/272
[   34.885556] 
[   34.885652] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   34.885767] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.885861] Hardware name: linux,dummy-virt (DT)
[   34.885929] Call trace:
[   34.885970]  show_stack+0x20/0x38 (C)
[   34.886023]  dump_stack_lvl+0x8c/0xd0
[   34.886128]  print_report+0x118/0x608
[   34.886190]  kasan_report_invalid_free+0xc0/0xe8
[   34.886259]  check_slab_allocation+0xfc/0x108
[   34.886308]  __kasan_mempool_poison_object+0x78/0x150
[   34.886362]  mempool_free+0x28c/0x328
[   34.886629]  mempool_kmalloc_invalid_free_helper+0x118/0x2a8
[   34.886742]  mempool_kmalloc_invalid_free+0xc0/0x118
[   34.886810]  kunit_try_run_case+0x170/0x3f0
[   34.886924]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.886990]  kthread+0x328/0x630
[   34.887047]  ret_from_fork+0x10/0x20
[   34.887143] 
[   34.887190] Allocated by task 272:
[   34.887225]  kasan_save_stack+0x3c/0x68
[   34.887272]  kasan_save_track+0x20/0x40
[   34.887380]  kasan_save_alloc_info+0x40/0x58
[   34.887420]  __kasan_mempool_unpoison_object+0x11c/0x180
[   34.887482]  remove_element+0x130/0x1f8
[   34.887827]  mempool_alloc_preallocated+0x58/0xc0
[   34.887917]  mempool_kmalloc_invalid_free_helper+0x94/0x2a8
[   34.887984]  mempool_kmalloc_invalid_free+0xc0/0x118
[   34.888123]  kunit_try_run_case+0x170/0x3f0
[   34.888219]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.888384]  kthread+0x328/0x630
[   34.888452]  ret_from_fork+0x10/0x20
[   34.888616] 
[   34.888814] The buggy address belongs to the object at fff00000c8dbdc00
[   34.888814]  which belongs to the cache kmalloc-128 of size 128
[   34.888907] The buggy address is located 1 bytes inside of
[   34.888907]  128-byte region [fff00000c8dbdc00, fff00000c8dbdc80)
[   34.888993] 
[   34.889032] The buggy address belongs to the physical page:
[   34.889143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd
[   34.889232] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   34.889368] page_type: f5(slab)
[   34.889446] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   34.889614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   34.889683] page dumped because: kasan: bad access detected
[   34.889786] 
[   34.889826] Memory state around the buggy address:
[   34.889859]  fff00000c8dbdb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.889914]  fff00000c8dbdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.890078] >fff00000c8dbdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.890128]                    ^
[   34.890171]  fff00000c8dbdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.890215]  fff00000c8dbdd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.898534]  dump_stack_lvl+0x8c/0xd0
[   34.900841] 
[   34.901942] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgVNbTMWSdgH2toga97GQ1Q7f

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgVNbTMWSdgH2toga97GQ1Q7f

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/Image.gz
sha256sum	0bc9f899cfd087a8afeca5d2e97cbfde074f219701c595cf032b0638edac4ebb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/modules.tar.xz
sha256sum	a7c57519c6dd39ab91f2f3c11d9473bcddc038b16e47bd1dafe42a18ff05f66f

durations

tests

boot	0
kunit	166.37

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.059039] ==================================================================
[   25.059896] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.060194] Free of addr ffff888103b7e801 by task kunit_try_catch/290
[   25.061204] 
[   25.061487] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   25.061550] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.061564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.061589] Call Trace:
[   25.061605]  <TASK>
[   25.061626]  dump_stack_lvl+0x73/0xb0
[   25.061662]  print_report+0xd1/0x650
[   25.061686]  ? __virt_addr_valid+0x1db/0x2d0
[   25.061712]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.061739]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.061765]  kasan_report_invalid_free+0x10a/0x130
[   25.061790]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.061817]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.061848]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.061872]  check_slab_allocation+0x11f/0x130
[   25.061894]  __kasan_mempool_poison_object+0x91/0x1d0
[   25.061918]  mempool_free+0x2ec/0x380
[   25.062021]  mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.062048]  ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10
[   25.062087]  ? __kasan_check_write+0x18/0x20
[   25.062111]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.062134]  ? finish_task_switch.isra.0+0x153/0x700
[   25.062161]  mempool_kmalloc_invalid_free+0xed/0x140
[   25.062202]  ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10
[   25.062230]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.062252]  ? __pfx_mempool_kfree+0x10/0x10
[   25.062278]  ? __pfx_read_tsc+0x10/0x10
[   25.062300]  ? ktime_get_ts64+0x86/0x230
[   25.062326]  kunit_try_run_case+0x1a5/0x480
[   25.062354]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.062378]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.062401]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.062424]  ? __kthread_parkme+0x82/0x180
[   25.062445]  ? preempt_count_sub+0x50/0x80
[   25.062469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.062493]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.062517]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.062542]  kthread+0x337/0x6f0
[   25.062562]  ? trace_preempt_on+0x20/0xc0
[   25.062587]  ? __pfx_kthread+0x10/0x10
[   25.062608]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.062632]  ? calculate_sigpending+0x7b/0xa0
[   25.062656]  ? __pfx_kthread+0x10/0x10
[   25.062678]  ret_from_fork+0x116/0x1d0
[   25.062698]  ? __pfx_kthread+0x10/0x10
[   25.062719]  ret_from_fork_asm+0x1a/0x30
[   25.062750]  </TASK>
[   25.062763] 
[   25.079580] Allocated by task 290:
[   25.079738]  kasan_save_stack+0x45/0x70
[   25.079895]  kasan_save_track+0x18/0x40
[   25.080406]  kasan_save_alloc_info+0x3b/0x50
[   25.080834]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   25.081450]  remove_element+0x11e/0x190
[   25.081780]  mempool_alloc_preallocated+0x4d/0x90
[   25.081951]  mempool_kmalloc_invalid_free_helper+0x83/0x2e0
[   25.082510]  mempool_kmalloc_invalid_free+0xed/0x140
[   25.082981]  kunit_try_run_case+0x1a5/0x480
[   25.083177]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.083690]  kthread+0x337/0x6f0
[   25.083854]  ret_from_fork+0x116/0x1d0
[   25.083977]  ret_from_fork_asm+0x1a/0x30
[   25.084120] 
[   25.084229] The buggy address belongs to the object at ffff888103b7e800
[   25.084229]  which belongs to the cache kmalloc-128 of size 128
[   25.085297] The buggy address is located 1 bytes inside of
[   25.085297]  128-byte region [ffff888103b7e800, ffff888103b7e880)
[   25.086507] 
[   25.086677] The buggy address belongs to the physical page:
[   25.086849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b7e
[   25.087539] flags: 0x200000000000000(node=0|zone=2)
[   25.088007] page_type: f5(slab)
[   25.088359] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.088625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.088839] page dumped because: kasan: bad access detected
[   25.089173] 
[   25.089323] Memory state around the buggy address:
[   25.089779]  ffff888103b7e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.090518]  ffff888103b7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.091259] >ffff888103b7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.091919]                    ^
[   25.092176]  ffff888103b7e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.092733]  ffff888103b7e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.093041] ==================================================================
[   25.096726] ==================================================================
[   25.097886] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.098826] Free of addr ffff8881061f0001 by task kunit_try_catch/292
[   25.099045] 
[   25.099186] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   25.099245] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.099259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.099283] Call Trace:
[   25.099299]  <TASK>
[   25.099321]  dump_stack_lvl+0x73/0xb0
[   25.099366]  print_report+0xd1/0x650
[   25.099390]  ? __virt_addr_valid+0x1db/0x2d0
[   25.099418]  ? kasan_addr_to_slab+0x11/0xa0
[   25.099438]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.099464]  kasan_report_invalid_free+0x10a/0x130
[   25.099489]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.099517]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.099541]  __kasan_mempool_poison_object+0x102/0x1d0
[   25.099565]  mempool_free+0x2ec/0x380
[   25.099594]  mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   25.099619]  ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10
[   25.099646]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.099670]  ? finish_task_switch.isra.0+0x153/0x700
[   25.099697]  mempool_kmalloc_large_invalid_free+0xed/0x140
[   25.099721]  ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10
[   25.099748]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.099771]  ? __pfx_mempool_kfree+0x10/0x10
[   25.099795]  ? __pfx_read_tsc+0x10/0x10
[   25.099818]  ? ktime_get_ts64+0x86/0x230
[   25.099844]  kunit_try_run_case+0x1a5/0x480
[   25.099871]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.099894]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.099918]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.099991]  ? __kthread_parkme+0x82/0x180
[   25.100015]  ? preempt_count_sub+0x50/0x80
[   25.100039]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.100076]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.100101]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.100126]  kthread+0x337/0x6f0
[   25.100146]  ? trace_preempt_on+0x20/0xc0
[   25.100171]  ? __pfx_kthread+0x10/0x10
[   25.100232]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.100259]  ? calculate_sigpending+0x7b/0xa0
[   25.100285]  ? __pfx_kthread+0x10/0x10
[   25.100306]  ret_from_fork+0x116/0x1d0
[   25.100326]  ? __pfx_kthread+0x10/0x10
[   25.100347]  ret_from_fork_asm+0x1a/0x30
[   25.100380]  </TASK>
[   25.100393] 
[   25.110781] The buggy address belongs to the physical page:
[   25.111017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061f0
[   25.111463] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.111792] flags: 0x200000000000040(head|node=0|zone=2)
[   25.112096] page_type: f8(unknown)
[   25.112399] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.112753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.112978] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.113423] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.114150] head: 0200000000000002 ffffea0004187c01 00000000ffffffff 00000000ffffffff
[   25.114503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.114797] page dumped because: kasan: bad access detected
[   25.115050] 
[   25.115155] Memory state around the buggy address:
[   25.115390]  ffff8881061eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.115715]  ffff8881061eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.115998] >ffff8881061f0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.116321]                    ^
[   25.116438]  ffff8881061f0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.116701]  ffff8881061f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.117009] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgWLiLp1SzPvoGOQl1Sc7c2xD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgWLiLp1SzPvoGOQl1Sc7c2xD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/bzImage
sha256sum	c63ce0944f5600b46c12779e7ee07bd3abac22ab6ab0025102b975f86834f461

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/modules.tar.xz
sha256sum	6bde680c4711a679bf6c233af89c66b0048bd800f61fd1fce42662ca56dcc624

durations

tests

boot	0
kunit	249.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.847044] ==================================================================
[   24.847868] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.848572] Free of addr ffff888106154001 by task kunit_try_catch/291
[   24.849009] 
[   24.849103] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   24.849155] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.849168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.849190] Call Trace:
[   24.849203]  <TASK>
[   24.849219]  dump_stack_lvl+0x73/0xb0
[   24.849248]  print_report+0xd1/0x650
[   24.849269]  ? __virt_addr_valid+0x1db/0x2d0
[   24.849293]  ? kasan_addr_to_slab+0x11/0xa0
[   24.849325]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.849352]  kasan_report_invalid_free+0x10a/0x130
[   24.849376]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.849402]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.849426]  __kasan_mempool_poison_object+0x102/0x1d0
[   24.849450]  mempool_free+0x2ec/0x380
[   24.849500]  mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.849525]  ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10
[   24.849554]  ? finish_task_switch.isra.0+0x153/0x700
[   24.849580]  mempool_kmalloc_large_invalid_free+0xed/0x140
[   24.849605]  ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10
[   24.849631]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.849655]  ? __pfx_mempool_kfree+0x10/0x10
[   24.849700]  ? __pfx_read_tsc+0x10/0x10
[   24.849721]  ? ktime_get_ts64+0x86/0x230
[   24.849750]  kunit_try_run_case+0x1a5/0x480
[   24.849775]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.849798]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.849820]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.849842]  ? __kthread_parkme+0x82/0x180
[   24.849862]  ? preempt_count_sub+0x50/0x80
[   24.849885]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.849909]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.849934]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.849958]  kthread+0x337/0x6f0
[   24.849977]  ? trace_preempt_on+0x20/0xc0
[   24.850000]  ? __pfx_kthread+0x10/0x10
[   24.850020]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.850043]  ? calculate_sigpending+0x7b/0xa0
[   24.850067]  ? __pfx_kthread+0x10/0x10
[   24.850088]  ret_from_fork+0x116/0x1d0
[   24.850107]  ? __pfx_kthread+0x10/0x10
[   24.850127]  ret_from_fork_asm+0x1a/0x30
[   24.850157]  </TASK>
[   24.850169] 
[   24.864178] The buggy address belongs to the physical page:
[   24.864729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106154
[   24.864998] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.865221] flags: 0x200000000000040(head|node=0|zone=2)
[   24.865412] page_type: f8(unknown)
[   24.865615] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.865958] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.866237] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.866601] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.866976] head: 0200000000000002 ffffea0004185501 00000000ffffffff 00000000ffffffff
[   24.867300] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.867625] page dumped because: kasan: bad access detected
[   24.868090] 
[   24.868189] Memory state around the buggy address:
[   24.868373]  ffff888106153f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.868777]  ffff888106153f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.869068] >ffff888106154000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.869363]                    ^
[   24.869494]  ffff888106154080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.869847]  ffff888106154100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.870127] ==================================================================
[   24.817654] ==================================================================
[   24.818346] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.818753] Free of addr ffff888104950d01 by task kunit_try_catch/289
[   24.819038] 
[   24.819151] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   24.819330] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.819345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.819417] Call Trace:
[   24.819430]  <TASK>
[   24.819449]  dump_stack_lvl+0x73/0xb0
[   24.819494]  print_report+0xd1/0x650
[   24.819519]  ? __virt_addr_valid+0x1db/0x2d0
[   24.819545]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.819572]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.819598]  kasan_report_invalid_free+0x10a/0x130
[   24.819623]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.819650]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.819674]  ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.819710]  check_slab_allocation+0x11f/0x130
[   24.819732]  __kasan_mempool_poison_object+0x91/0x1d0
[   24.819756]  mempool_free+0x2ec/0x380
[   24.819785]  mempool_kmalloc_invalid_free_helper+0x132/0x2e0
[   24.819810]  ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10
[   24.819834]  ? update_load_avg+0x1be/0x21b0
[   24.819905]  ? finish_task_switch.isra.0+0x153/0x700
[   24.819933]  mempool_kmalloc_invalid_free+0xed/0x140
[   24.820005]  ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10
[   24.820032]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.820065]  ? __pfx_mempool_kfree+0x10/0x10
[   24.820091]  ? __pfx_read_tsc+0x10/0x10
[   24.820114]  ? ktime_get_ts64+0x86/0x230
[   24.820141]  kunit_try_run_case+0x1a5/0x480
[   24.820169]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.820193]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.820216]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.820239]  ? __kthread_parkme+0x82/0x180
[   24.820261]  ? preempt_count_sub+0x50/0x80
[   24.820286]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.820320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.820345]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.820370]  kthread+0x337/0x6f0
[   24.820389]  ? trace_preempt_on+0x20/0xc0
[   24.820414]  ? __pfx_kthread+0x10/0x10
[   24.820435]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.820460]  ? calculate_sigpending+0x7b/0xa0
[   24.820485]  ? __pfx_kthread+0x10/0x10
[   24.820516]  ret_from_fork+0x116/0x1d0
[   24.820536]  ? __pfx_kthread+0x10/0x10
[   24.820557]  ret_from_fork_asm+0x1a/0x30
[   24.820591]  </TASK>
[   24.820603] 
[   24.833888] Allocated by task 289:
[   24.834024]  kasan_save_stack+0x45/0x70
[   24.834236]  kasan_save_track+0x18/0x40
[   24.834445]  kasan_save_alloc_info+0x3b/0x50
[   24.834765]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   24.835014]  remove_element+0x11e/0x190
[   24.835156]  mempool_alloc_preallocated+0x4d/0x90
[   24.835351]  mempool_kmalloc_invalid_free_helper+0x83/0x2e0
[   24.835601]  mempool_kmalloc_invalid_free+0xed/0x140
[   24.835963]  kunit_try_run_case+0x1a5/0x480
[   24.836259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.836444]  kthread+0x337/0x6f0
[   24.836606]  ret_from_fork+0x116/0x1d0
[   24.836860]  ret_from_fork_asm+0x1a/0x30
[   24.837085] 
[   24.837193] The buggy address belongs to the object at ffff888104950d00
[   24.837193]  which belongs to the cache kmalloc-128 of size 128
[   24.837599] The buggy address is located 1 bytes inside of
[   24.837599]  128-byte region [ffff888104950d00, ffff888104950d80)
[   24.838064] 
[   24.838167] The buggy address belongs to the physical page:
[   24.838356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950
[   24.838830] flags: 0x200000000000000(node=0|zone=2)
[   24.839086] page_type: f5(slab)
[   24.839259] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.839853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.840181] page dumped because: kasan: bad access detected
[   24.840416] 
[   24.840519] Memory state around the buggy address:
[   24.840770]  ffff888104950c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.841104]  ffff888104950c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.841416] >ffff888104950d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.841784]                    ^
[   24.841977]  ffff888104950d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.842289]  ffff888104950e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.842621] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjbo5vUf6Wgav2dNg23QBILve

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjbo5vUf6Wgav2dNg23QBILve

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/bzImage
sha256sum	4acfb3ef7d1c5960d9bb8d8c6946992d600ffa1a2e100775f86dbb73a7e052b1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/modules.tar.xz
sha256sum	9d3b3583400db11d5b102f8eb0fbef431a8d5f7a81319fa4c86c7d93acce21b0

durations

tests

boot	0
kunit	219.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit