lkft/linux-next-master - next-20250715 - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree

Date

July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   38.605328] ==================================================================
[   38.614542] BUG: KASAN: invalid-free in kfree+0x270/0x3c8
[   38.619924] Free of addr ffff0008062c4001 by task kunit_try_catch/231
[   38.626344] 
[   38.627831] CPU: 2 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   38.627889] Tainted: [B]=BAD_PAGE, [N]=TEST
[   38.627904] Hardware name: WinLink E850-96 board (DT)
[   38.627928] Call trace:
[   38.627940]  show_stack+0x20/0x38 (C)
[   38.627973]  dump_stack_lvl+0x8c/0xd0
[   38.628007]  print_report+0x118/0x5d0
[   38.628037]  kasan_report_invalid_free+0xc0/0xe8
[   38.628067]  __kasan_kfree_large+0x5c/0xa8
[   38.628096]  free_large_kmalloc+0x68/0x150
[   38.628127]  kfree+0x270/0x3c8
[   38.628154]  kmalloc_large_invalid_free+0x108/0x270
[   38.628186]  kunit_try_run_case+0x170/0x3f0
[   38.628217]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.628252]  kthread+0x328/0x630
[   38.628282]  ret_from_fork+0x10/0x20
[   38.628314] 
[   38.700044] The buggy address belongs to the physical page:
[   38.705601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8862c4
[   38.713585] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   38.721225] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   38.728167] page_type: f8(unknown)
[   38.731564] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   38.739283] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   38.747011] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   38.754821] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   38.762634] head: 0bfffe0000000002 fffffdffe018b101 00000000ffffffff 00000000ffffffff
[   38.770446] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   38.778253] page dumped because: kasan: bad access detected
[   38.783807] 
[   38.785282] Memory state around the buggy address:
[   38.790063]  ffff0008062c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.797266]  ffff0008062c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.804472] >ffff0008062c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   38.811671]                    ^
[   38.814887]  ffff0008062c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   38.822092]  ffff0008062c4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   38.829293] ==================================================================

Metadata Full log Test run details

[   30.391658] ==================================================================
[   30.391803] BUG: KASAN: invalid-free in kfree+0x270/0x3c8
[   30.392068] Free of addr fff00000c92fc001 by task kunit_try_catch/182
[   30.392131] 
[   30.392173] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.392838] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.392931] Hardware name: linux,dummy-virt (DT)
[   30.393006] Call trace:
[   30.393031]  show_stack+0x20/0x38 (C)
[   30.393234]  dump_stack_lvl+0x8c/0xd0
[   30.393445]  print_report+0x118/0x5d0
[   30.393510]  kasan_report_invalid_free+0xc0/0xe8
[   30.393642]  __kasan_kfree_large+0x5c/0xa8
[   30.393746]  free_large_kmalloc+0x68/0x150
[   30.393893]  kfree+0x270/0x3c8
[   30.394024]  kmalloc_large_invalid_free+0x108/0x270
[   30.394098]  kunit_try_run_case+0x170/0x3f0
[   30.394517]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.394661]  kthread+0x328/0x630
[   30.394759]  ret_from_fork+0x10/0x20
[   30.394862] 
[   30.395001] The buggy address belongs to the physical page:
[   30.395223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1092fc
[   30.395553] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.395670] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.395997] page_type: f8(unknown)
[   30.396149] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.396255] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.396388] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.396493] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.396547] head: 0bfffe0000000002 ffffc1ffc324bf01 00000000ffffffff 00000000ffffffff
[   30.396769] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.397069] page dumped because: kasan: bad access detected
[   30.397147] 
[   30.397292] Memory state around the buggy address:
[   30.397387]  fff00000c92fbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.397700]  fff00000c92fbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.397986] >fff00000c92fc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.398083]                    ^
[   30.398307]  fff00000c92fc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.398421]  fff00000c92fc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.398680] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSB6ZD0TprNwndx8osoZfzNbs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSB6ZD0TprNwndx8osoZfzNbs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/Image.gz
sha256sum	118b4ece9a238a43bf808c098cf2bf253d887d33e129eb81e3c965d23e20b8c5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/modules.tar.xz
sha256sum	01435f1d178968cd8186d4f9b9cf47e1273301cd5c54bfdff2cd2593d26e1adb

durations

tests

boot	0
kunit	165.28

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.628151] ==================================================================
[   23.628691] BUG: KASAN: invalid-free in kfree+0x274/0x3f0
[   23.628949] Free of addr ffff88810610c001 by task kunit_try_catch/198
[   23.629197] 
[   23.629283] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.629329] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.629341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.629361] Call Trace:
[   23.629373]  <TASK>
[   23.629389]  dump_stack_lvl+0x73/0xb0
[   23.629418]  print_report+0xd1/0x610
[   23.629442]  ? __virt_addr_valid+0x1db/0x2d0
[   23.629468]  ? kasan_addr_to_slab+0x11/0xa0
[   23.629488]  ? kfree+0x274/0x3f0
[   23.629509]  kasan_report_invalid_free+0x10a/0x130
[   23.629547]  ? kfree+0x274/0x3f0
[   23.629570]  ? kfree+0x274/0x3f0
[   23.629873]  __kasan_kfree_large+0x86/0xd0
[   23.629906]  free_large_kmalloc+0x52/0x110
[   23.629931]  kfree+0x274/0x3f0
[   23.629958]  kmalloc_large_invalid_free+0x120/0x2b0
[   23.629982]  ? __pfx_kmalloc_large_invalid_free+0x10/0x10
[   23.630005]  ? __schedule+0x10cc/0x2b60
[   23.630027]  ? __pfx_read_tsc+0x10/0x10
[   23.630049]  ? ktime_get_ts64+0x86/0x230
[   23.630074]  kunit_try_run_case+0x1a5/0x480
[   23.630098]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.630119]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.630141]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.630163]  ? __kthread_parkme+0x82/0x180
[   23.630184]  ? preempt_count_sub+0x50/0x80
[   23.630207]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.630229]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.630255]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.630280]  kthread+0x337/0x6f0
[   23.630299]  ? trace_preempt_on+0x20/0xc0
[   23.630323]  ? __pfx_kthread+0x10/0x10
[   23.630343]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.630367]  ? calculate_sigpending+0x7b/0xa0
[   23.630391]  ? __pfx_kthread+0x10/0x10
[   23.630412]  ret_from_fork+0x116/0x1d0
[   23.630431]  ? __pfx_kthread+0x10/0x10
[   23.630451]  ret_from_fork_asm+0x1a/0x30
[   23.630488]  </TASK>
[   23.630499] 
[   23.643967] The buggy address belongs to the physical page:
[   23.644199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10610c
[   23.644497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.645263] flags: 0x200000000000040(head|node=0|zone=2)
[   23.645737] page_type: f8(unknown)
[   23.645953] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.646240] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.646544] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.647188] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.647948] head: 0200000000000002 ffffea0004184301 00000000ffffffff 00000000ffffffff
[   23.648339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.649016] page dumped because: kasan: bad access detected
[   23.649499] 
[   23.649706] Memory state around the buggy address:
[   23.649902]  ffff88810610bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.650171]  ffff88810610bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.650439] >ffff88810610c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.651264]                    ^
[   23.651502]  ffff88810610c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.652130]  ffff88810610c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.652748] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSCDmb4DEQtYONUdNKA0gDr4g

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSCDmb4DEQtYONUdNKA0gDr4g

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/bzImage
sha256sum	c1e74129e828139d1503e1b2906d7bf3cc50987150c7e120efde5dc3ba3dece2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/modules.tar.xz
sha256sum	c033def305798e90a1dd43392f34d6ac3a5642caf58a41fa7d2b499626275ec8

durations

tests

boot	0
kunit	244.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit