lkft/linux-next-master - next-20250625 - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free

Date

June 25, 2025, 8:08 a.m.

Environment
qemu-arm64
qemu-x86_64

[   27.572991] ==================================================================
[   27.573063] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8
[   27.573134] Free of addr fff00000c78ef001 by task kunit_try_catch/223
[   27.573176] 
[   27.573216] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   27.573302] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.573330] Hardware name: linux,dummy-virt (DT)
[   27.573363] Call trace:
[   27.573386]  show_stack+0x20/0x38 (C)
[   27.573451]  dump_stack_lvl+0x8c/0xd0
[   27.573513]  print_report+0x118/0x608
[   27.573562]  kasan_report_invalid_free+0xc0/0xe8
[   27.573612]  check_slab_allocation+0xfc/0x108
[   27.573672]  __kasan_slab_pre_free+0x2c/0x48
[   27.573722]  kmem_cache_free+0xf0/0x468
[   27.573780]  kmem_cache_invalid_free+0x184/0x3c8
[   27.573829]  kunit_try_run_case+0x170/0x3f0
[   27.573882]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.573937]  kthread+0x328/0x630
[   27.573981]  ret_from_fork+0x10/0x20
[   27.574031] 
[   27.574049] Allocated by task 223:
[   27.574084]  kasan_save_stack+0x3c/0x68
[   27.574133]  kasan_save_track+0x20/0x40
[   27.574172]  kasan_save_alloc_info+0x40/0x58
[   27.574218]  __kasan_slab_alloc+0xa8/0xb0
[   27.574265]  kmem_cache_alloc_noprof+0x10c/0x398
[   27.574305]  kmem_cache_invalid_free+0x12c/0x3c8
[   27.574347]  kunit_try_run_case+0x170/0x3f0
[   27.574385]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.575167]  kthread+0x328/0x630
[   27.575222]  ret_from_fork+0x10/0x20
[   27.575456] 
[   27.575489] The buggy address belongs to the object at fff00000c78ef000
[   27.575489]  which belongs to the cache test_cache of size 200
[   27.575559] The buggy address is located 1 bytes inside of
[   27.575559]  200-byte region [fff00000c78ef000, fff00000c78ef0c8)
[   27.575618] 
[   27.575927] The buggy address belongs to the physical page:
[   27.576020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078ef
[   27.576195] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   27.576344] page_type: f5(slab)
[   27.576595] raw: 0bfffe0000000000 fff00000c790a000 dead000000000122 0000000000000000
[   27.576698] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   27.576742] page dumped because: kasan: bad access detected
[   27.576972] 
[   27.577098] Memory state around the buggy address:
[   27.577154]  fff00000c78eef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.577244]  fff00000c78eef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.577382] >fff00000c78ef000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.577468]                    ^
[   27.577628]  fff00000c78ef080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   27.577739]  fff00000c78ef100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.577853] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yzYOk343WUC6Wpt3myROi1ycEp

job_id

TEST:linaro@lkft#2yzYUHdREalZeVuTYEtZ0Vg4zyC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yzYUHdREalZeVuTYEtZ0Vg4zyC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYQLBlrPZKRLNAwKs2gdkoA38/Image.gz
sha256sum	ecffa73d9c53e178bc58f77e3a2aaadac22dbb2340351d938f09d8930cf3c815

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYQLBlrPZKRLNAwKs2gdkoA38/modules.tar.xz
sha256sum	d909e31b2675c9cfa4c6c68cb67b8b55a898f72165169b4030348d19c0ca4f80

durations

tests

boot	0
kunit	168.59

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   22.584365] ==================================================================
[   22.585317] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460
[   22.585902] Free of addr ffff888102595001 by task kunit_try_catch/240
[   22.586160] 
[   22.586445] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   22.586499] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.586513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.586534] Call Trace:
[   22.586548]  <TASK>
[   22.586565]  dump_stack_lvl+0x73/0xb0
[   22.586594]  print_report+0xd1/0x650
[   22.586614]  ? __virt_addr_valid+0x1db/0x2d0
[   22.586638]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.586663]  ? kmem_cache_invalid_free+0x1d8/0x460
[   22.586913]  kasan_report_invalid_free+0x10a/0x130
[   22.586968]  ? kmem_cache_invalid_free+0x1d8/0x460
[   22.586993]  ? kmem_cache_invalid_free+0x1d8/0x460
[   22.587017]  check_slab_allocation+0x11f/0x130
[   22.587038]  __kasan_slab_pre_free+0x28/0x40
[   22.587057]  kmem_cache_free+0xed/0x420
[   22.587076]  ? kmem_cache_alloc_noprof+0x123/0x3f0
[   22.587100]  ? kmem_cache_invalid_free+0x1d8/0x460
[   22.587125]  kmem_cache_invalid_free+0x1d8/0x460
[   22.587148]  ? __pfx_kmem_cache_invalid_free+0x10/0x10
[   22.587169]  ? finish_task_switch.isra.0+0x153/0x700
[   22.587191]  ? __switch_to+0x47/0xf50
[   22.587219]  ? __pfx_read_tsc+0x10/0x10
[   22.587239]  ? ktime_get_ts64+0x86/0x230
[   22.587264]  kunit_try_run_case+0x1a5/0x480
[   22.587288]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.587309]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.587330]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.587354]  ? __kthread_parkme+0x82/0x180
[   22.587373]  ? preempt_count_sub+0x50/0x80
[   22.587394]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.587417]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.587439]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.587461]  kthread+0x337/0x6f0
[   22.587479]  ? trace_preempt_on+0x20/0xc0
[   22.587502]  ? __pfx_kthread+0x10/0x10
[   22.587521]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.587543]  ? calculate_sigpending+0x7b/0xa0
[   22.587566]  ? __pfx_kthread+0x10/0x10
[   22.587586]  ret_from_fork+0x116/0x1d0
[   22.587604]  ? __pfx_kthread+0x10/0x10
[   22.587623]  ret_from_fork_asm+0x1a/0x30
[   22.587653]  </TASK>
[   22.587664] 
[   22.603319] Allocated by task 240:
[   22.603658]  kasan_save_stack+0x45/0x70
[   22.604030]  kasan_save_track+0x18/0x40
[   22.604181]  kasan_save_alloc_info+0x3b/0x50
[   22.604624]  __kasan_slab_alloc+0x91/0xa0
[   22.604977]  kmem_cache_alloc_noprof+0x123/0x3f0
[   22.605447]  kmem_cache_invalid_free+0x157/0x460
[   22.605965]  kunit_try_run_case+0x1a5/0x480
[   22.606151]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.606558]  kthread+0x337/0x6f0
[   22.606916]  ret_from_fork+0x116/0x1d0
[   22.607225]  ret_from_fork_asm+0x1a/0x30
[   22.607560] 
[   22.607780] The buggy address belongs to the object at ffff888102595000
[   22.607780]  which belongs to the cache test_cache of size 200
[   22.608457] The buggy address is located 1 bytes inside of
[   22.608457]  200-byte region [ffff888102595000, ffff8881025950c8)
[   22.608775] 
[   22.608977] The buggy address belongs to the physical page:
[   22.609403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102595
[   22.609968] flags: 0x200000000000000(node=0|zone=2)
[   22.610182] page_type: f5(slab)
[   22.610522] raw: 0200000000000000 ffff8881016b7b40 dead000000000122 0000000000000000
[   22.610957] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   22.611541] page dumped because: kasan: bad access detected
[   22.611880] 
[   22.612080] Memory state around the buggy address:
[   22.612318]  ffff888102594f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.612776]  ffff888102594f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.613357] >ffff888102595000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.613699]                    ^
[   22.613994]  ffff888102595080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   22.614433]  ffff888102595100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.614716] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yzYOk343WUC6Wpt3myROi1ycEp

job_id

TEST:linaro@lkft#2yzYVNT6IUjhjLdh7nstgLFd505

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yzYVNT6IUjhjLdh7nstgLFd505

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYRjK4yPgWCSPteds1wuyRjxm/bzImage
sha256sum	a36e634a4a78f2929b45bc04de080bad523a4659b57f144ae08b96bb49e6195c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYRjK4yPgWCSPteds1wuyRjxm/modules.tar.xz
sha256sum	20f0a98822a7ed9176a2a3211e41859c1b0cc5afa6ae6640cdcd27770eeb51ec

durations

tests

boot	0
kunit	118.62

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit