lkft/linux-mainline-master - v6.16-rc6 - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf

Date

July 13, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.192818] ==================================================================
[   17.192926] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468
[   17.193002] Read of size 1 at addr fff00000c7042000 by task kunit_try_catch/214
[   17.193055] 
[   17.193099] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.193184] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.193230] Hardware name: linux,dummy-virt (DT)
[   17.193263] Call trace:
[   17.193286]  show_stack+0x20/0x38 (C)
[   17.193341]  dump_stack_lvl+0x8c/0xd0
[   17.193391]  print_report+0x118/0x5d0
[   17.193438]  kasan_report+0xdc/0x128
[   17.193482]  __asan_report_load1_noabort+0x20/0x30
[   17.193534]  kmem_cache_rcu_uaf+0x388/0x468
[   17.193579]  kunit_try_run_case+0x170/0x3f0
[   17.193630]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.193682]  kthread+0x328/0x630
[   17.193725]  ret_from_fork+0x10/0x20
[   17.193774] 
[   17.193793] Allocated by task 214:
[   17.193824]  kasan_save_stack+0x3c/0x68
[   17.193867]  kasan_save_track+0x20/0x40
[   17.193903]  kasan_save_alloc_info+0x40/0x58
[   17.193944]  __kasan_slab_alloc+0xa8/0xb0
[   17.193982]  kmem_cache_alloc_noprof+0x10c/0x398
[   17.194023]  kmem_cache_rcu_uaf+0x12c/0x468
[   17.194060]  kunit_try_run_case+0x170/0x3f0
[   17.194097]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.194142]  kthread+0x328/0x630
[   17.194173]  ret_from_fork+0x10/0x20
[   17.194221] 
[   17.194239] Freed by task 0:
[   17.194264]  kasan_save_stack+0x3c/0x68
[   17.194302]  kasan_save_track+0x20/0x40
[   17.194337]  kasan_save_free_info+0x4c/0x78
[   17.194376]  __kasan_slab_free+0x6c/0x98
[   17.194413]  slab_free_after_rcu_debug+0xd4/0x2f8
[   17.194452]  rcu_core+0x9f4/0x1e20
[   17.194490]  rcu_core_si+0x18/0x30
[   17.194522]  handle_softirqs+0x374/0xb28
[   17.194559]  __do_softirq+0x1c/0x28
[   17.194593] 
[   17.194612] Last potentially related work creation:
[   17.194639]  kasan_save_stack+0x3c/0x68
[   17.194676]  kasan_record_aux_stack+0xb4/0xc8
[   17.194718]  kmem_cache_free+0x120/0x468
[   17.194754]  kmem_cache_rcu_uaf+0x16c/0x468
[   17.194792]  kunit_try_run_case+0x170/0x3f0
[   17.194831]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.194874]  kthread+0x328/0x630
[   17.194907]  ret_from_fork+0x10/0x20
[   17.194943] 
[   17.194961] The buggy address belongs to the object at fff00000c7042000
[   17.194961]  which belongs to the cache test_cache of size 200
[   17.195022] The buggy address is located 0 bytes inside of
[   17.195022]  freed 200-byte region [fff00000c7042000, fff00000c70420c8)
[   17.195088] 
[   17.195110] The buggy address belongs to the physical page:
[   17.195144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107042
[   17.195212] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.195266] page_type: f5(slab)
[   17.195308] raw: 0bfffe0000000000 fff00000c708c3c0 dead000000000122 0000000000000000
[   17.195361] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   17.195402] page dumped because: kasan: bad access detected
[   17.195433] 
[   17.195451] Memory state around the buggy address:
[   17.195484]  fff00000c7041f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.195528]  fff00000c7041f80: 00 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.195572] >fff00000c7042000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.195611]                    ^
[   17.195637]  fff00000c7042080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   17.195680]  fff00000c7042100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.195720] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zqAptjhcOzJ4yWziuszPhFuVFY

job_id

TEST:linaro@lkft#2zqAtvTnhA8tXUUOK3QDm2PF24C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAtvTnhA8tXUUOK3QDm2PF24C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAr1hYUrQW3RtaZkxautdt0BG/Image.gz
sha256sum	91974e256417c37307fb0eb79db4941b38ffb081f2b36dd1bf502ba6c5a3b85c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAr1hYUrQW3RtaZkxautdt0BG/modules.tar.xz
sha256sum	8ae65b38e3609075180c907454f6410350330e46fa245ab9d10ce638377cf59a

durations

tests

boot	0
kunit	168.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.906624] ==================================================================
[   17.906722] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468
[   17.908493] Read of size 1 at addr fff00000c5ad4000 by task kunit_try_catch/214
[   17.908805] 
[   17.909793] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.910485] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.910518] Hardware name: linux,dummy-virt (DT)
[   17.910555] Call trace:
[   17.911046]  show_stack+0x20/0x38 (C)
[   17.911593]  dump_stack_lvl+0x8c/0xd0
[   17.912046]  print_report+0x118/0x5d0
[   17.912581]  kasan_report+0xdc/0x128
[   17.913207]  __asan_report_load1_noabort+0x20/0x30
[   17.913276]  kmem_cache_rcu_uaf+0x388/0x468
[   17.913325]  kunit_try_run_case+0x170/0x3f0
[   17.913376]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.913430]  kthread+0x328/0x630
[   17.913474]  ret_from_fork+0x10/0x20
[   17.913526] 
[   17.913545] Allocated by task 214:
[   17.913574]  kasan_save_stack+0x3c/0x68
[   17.913617]  kasan_save_track+0x20/0x40
[   17.913655]  kasan_save_alloc_info+0x40/0x58
[   17.913695]  __kasan_slab_alloc+0xa8/0xb0
[   17.913733]  kmem_cache_alloc_noprof+0x10c/0x398
[   17.913774]  kmem_cache_rcu_uaf+0x12c/0x468
[   17.913812]  kunit_try_run_case+0x170/0x3f0
[   17.913851]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.913942]  kthread+0x328/0x630
[   17.913975]  ret_from_fork+0x10/0x20
[   17.914016] 
[   17.914035] Freed by task 0:
[   17.914086]  kasan_save_stack+0x3c/0x68
[   17.914124]  kasan_save_track+0x20/0x40
[   17.914161]  kasan_save_free_info+0x4c/0x78
[   17.914220]  __kasan_slab_free+0x6c/0x98
[   17.914256]  slab_free_after_rcu_debug+0xd4/0x2f8
[   17.914297]  rcu_core+0x9f4/0x1e20
[   17.914333]  rcu_core_si+0x18/0x30
[   17.914369]  handle_softirqs+0x374/0xb28
[   17.914413]  __do_softirq+0x1c/0x28
[   17.914448] 
[   17.914468] Last potentially related work creation:
[   17.914503]  kasan_save_stack+0x3c/0x68
[   17.914557]  kasan_record_aux_stack+0xb4/0xc8
[   17.914606]  kmem_cache_free+0x120/0x468
[   17.914653]  kmem_cache_rcu_uaf+0x16c/0x468
[   17.914691]  kunit_try_run_case+0x170/0x3f0
[   17.914736]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.914780]  kthread+0x328/0x630
[   17.914811]  ret_from_fork+0x10/0x20
[   17.914868] 
[   17.914886] The buggy address belongs to the object at fff00000c5ad4000
[   17.914886]  which belongs to the cache test_cache of size 200
[   17.914948] The buggy address is located 0 bytes inside of
[   17.914948]  freed 200-byte region [fff00000c5ad4000, fff00000c5ad40c8)
[   17.915011] 
[   17.915034] The buggy address belongs to the physical page:
[   17.915083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ad4
[   17.915157] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.915229] page_type: f5(slab)
[   17.915274] raw: 0bfffe0000000000 fff00000c472ab40 dead000000000122 0000000000000000
[   17.915325] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   17.915381] page dumped because: kasan: bad access detected
[   17.915422] 
[   17.915444] Memory state around the buggy address:
[   17.915487]  fff00000c5ad3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.915547]  fff00000c5ad3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.915600] >fff00000c5ad4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.915652]                    ^
[   17.915700]  fff00000c5ad4080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   17.915754]  fff00000c5ad4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.915817] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zqAFfqIOxGLcXSxmIRvg01aRN8

job_id

TEST:linaro@lkft#2zqAL3z1Uwsecwff4F9eiE8LTwQ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAL3z1Uwsecwff4F9eiE8LTwQ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAHCzMADUVxqNcYOm5yIn8fV4/Image.gz
sha256sum	3301de7d03e943734eee038d439b5396ecf55f197ca9e5bf09da179d6dc89488

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAHCzMADUVxqNcYOm5yIn8fV4/modules.tar.xz
sha256sum	e81c255d24c32683641742211931fe0b81f9fc670f4f5aacee2b730bbb6c1c04

durations

tests

boot	0
kunit	176.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.454853] ==================================================================
[   13.455330] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510
[   13.456538] Read of size 1 at addr ffff8881026cc000 by task kunit_try_catch/230
[   13.457428] 
[   13.457795] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.457847] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.457859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.458112] Call Trace:
[   13.458126]  <TASK>
[   13.458145]  dump_stack_lvl+0x73/0xb0
[   13.458183]  print_report+0xd1/0x610
[   13.458207]  ? __virt_addr_valid+0x1db/0x2d0
[   13.458233]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   13.458256]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.458281]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   13.458305]  kasan_report+0x141/0x180
[   13.458327]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   13.458356]  __asan_report_load1_noabort+0x18/0x20
[   13.458382]  kmem_cache_rcu_uaf+0x3e3/0x510
[   13.458407]  ? __pfx_kmem_cache_rcu_uaf+0x10/0x10
[   13.458430]  ? finish_task_switch.isra.0+0x153/0x700
[   13.458469]  ? __switch_to+0x47/0xf50
[   13.458499]  ? __pfx_read_tsc+0x10/0x10
[   13.458521]  ? ktime_get_ts64+0x86/0x230
[   13.458547]  kunit_try_run_case+0x1a5/0x480
[   13.458574]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.458686]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.458715]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.458739]  ? __kthread_parkme+0x82/0x180
[   13.458761]  ? preempt_count_sub+0x50/0x80
[   13.458784]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.458810]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.458849]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.458876]  kthread+0x337/0x6f0
[   13.458895]  ? trace_preempt_on+0x20/0xc0
[   13.458921]  ? __pfx_kthread+0x10/0x10
[   13.458942]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.458964]  ? calculate_sigpending+0x7b/0xa0
[   13.458990]  ? __pfx_kthread+0x10/0x10
[   13.459011]  ret_from_fork+0x116/0x1d0
[   13.459031]  ? __pfx_kthread+0x10/0x10
[   13.459052]  ret_from_fork_asm+0x1a/0x30
[   13.459084]  </TASK>
[   13.459095] 
[   13.472301] Allocated by task 230:
[   13.472806]  kasan_save_stack+0x45/0x70
[   13.473196]  kasan_save_track+0x18/0x40
[   13.473679]  kasan_save_alloc_info+0x3b/0x50
[   13.474199]  __kasan_slab_alloc+0x91/0xa0
[   13.474665]  kmem_cache_alloc_noprof+0x123/0x3f0
[   13.475103]  kmem_cache_rcu_uaf+0x155/0x510
[   13.475502]  kunit_try_run_case+0x1a5/0x480
[   13.475837]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.476020]  kthread+0x337/0x6f0
[   13.476142]  ret_from_fork+0x116/0x1d0
[   13.476273]  ret_from_fork_asm+0x1a/0x30
[   13.476420] 
[   13.476595] Freed by task 0:
[   13.476823]  kasan_save_stack+0x45/0x70
[   13.477032]  kasan_save_track+0x18/0x40
[   13.477245]  kasan_save_free_info+0x3f/0x60
[   13.477631]  __kasan_slab_free+0x56/0x70
[   13.477770]  slab_free_after_rcu_debug+0xe4/0x310
[   13.477927]  rcu_core+0x66f/0x1c40
[   13.478053]  rcu_core_si+0x12/0x20
[   13.478176]  handle_softirqs+0x209/0x730
[   13.478314]  __irq_exit_rcu+0xc9/0x110
[   13.478474]  irq_exit_rcu+0x12/0x20
[   13.478818]  sysvec_apic_timer_interrupt+0x81/0x90
[   13.479354]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   13.479905] 
[   13.480066] Last potentially related work creation:
[   13.480548]  kasan_save_stack+0x45/0x70
[   13.481015]  kasan_record_aux_stack+0xb2/0xc0
[   13.481435]  kmem_cache_free+0x131/0x420
[   13.481964]  kmem_cache_rcu_uaf+0x194/0x510
[   13.482389]  kunit_try_run_case+0x1a5/0x480
[   13.482874]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.483189]  kthread+0x337/0x6f0
[   13.483311]  ret_from_fork+0x116/0x1d0
[   13.483473]  ret_from_fork_asm+0x1a/0x30
[   13.483842] 
[   13.484081] The buggy address belongs to the object at ffff8881026cc000
[   13.484081]  which belongs to the cache test_cache of size 200
[   13.485213] The buggy address is located 0 bytes inside of
[   13.485213]  freed 200-byte region [ffff8881026cc000, ffff8881026cc0c8)
[   13.486170] 
[   13.486367] The buggy address belongs to the physical page:
[   13.486781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026cc
[   13.487225] flags: 0x200000000000000(node=0|zone=2)
[   13.487394] page_type: f5(slab)
[   13.487557] raw: 0200000000000000 ffff8881009fca00 dead000000000122 0000000000000000
[   13.488132] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   13.488370] page dumped because: kasan: bad access detected
[   13.488671] 
[   13.488943] Memory state around the buggy address:
[   13.489395]  ffff8881026cbf00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   13.490077]  ffff8881026cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.490927] >ffff8881026cc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.491658]                    ^
[   13.491784]  ffff8881026cc080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   13.492001]  ffff8881026cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.492213] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zqAptjhcOzJ4yWziuszPhFuVFY

job_id

TEST:linaro@lkft#2zqAv13TsGihfIIXF8guTlDsAmU

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAv13TsGihfIIXF8guTlDsAmU

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAs2J5eY5rg68b56XS35R9qg3/bzImage
sha256sum	a5ae9a8919e6b38e9247226ab11aad01782f9a98290c7aea89ce99f032cb03f8

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAs2J5eY5rg68b56XS35R9qg3/modules.tar.xz
sha256sum	4577f1e051624f39dc637674c41c494d4fccbc4fe65a319e30f4fa0cd97e9a6b

durations

tests

boot	0
kunit	220.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.660821] ==================================================================
[   13.662129] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510
[   13.662510] Read of size 1 at addr ffff8881025a9000 by task kunit_try_catch/231
[   13.662985] 
[   13.663107] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.663157] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.663170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.663193] Call Trace:
[   13.663207]  <TASK>
[   13.663226]  dump_stack_lvl+0x73/0xb0
[   13.663261]  print_report+0xd1/0x610
[   13.663284]  ? __virt_addr_valid+0x1db/0x2d0
[   13.663527]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   13.663555]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.663594]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   13.663620]  kasan_report+0x141/0x180
[   13.663655]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   13.663698]  __asan_report_load1_noabort+0x18/0x20
[   13.663725]  kmem_cache_rcu_uaf+0x3e3/0x510
[   13.663750]  ? __pfx_kmem_cache_rcu_uaf+0x10/0x10
[   13.663774]  ? finish_task_switch.isra.0+0x153/0x700
[   13.663800]  ? __switch_to+0x47/0xf50
[   13.663830]  ? __pfx_read_tsc+0x10/0x10
[   13.663853]  ? ktime_get_ts64+0x86/0x230
[   13.663880]  kunit_try_run_case+0x1a5/0x480
[   13.663906]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.663931]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.663958]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.663983]  ? __kthread_parkme+0x82/0x180
[   13.664005]  ? preempt_count_sub+0x50/0x80
[   13.664029]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.664064]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.664089]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.664116]  kthread+0x337/0x6f0
[   13.664136]  ? trace_preempt_on+0x20/0xc0
[   13.664161]  ? __pfx_kthread+0x10/0x10
[   13.664182]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.664205]  ? calculate_sigpending+0x7b/0xa0
[   13.664231]  ? __pfx_kthread+0x10/0x10
[   13.664252]  ret_from_fork+0x116/0x1d0
[   13.664272]  ? __pfx_kthread+0x10/0x10
[   13.664294]  ret_from_fork_asm+0x1a/0x30
[   13.664326]  </TASK>
[   13.664337] 
[   13.675253] Allocated by task 231:
[   13.675558]  kasan_save_stack+0x45/0x70
[   13.676142]  kasan_save_track+0x18/0x40
[   13.676333]  kasan_save_alloc_info+0x3b/0x50
[   13.676541]  __kasan_slab_alloc+0x91/0xa0
[   13.676859]  kmem_cache_alloc_noprof+0x123/0x3f0
[   13.677086]  kmem_cache_rcu_uaf+0x155/0x510
[   13.677358]  kunit_try_run_case+0x1a5/0x480
[   13.677928]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.678140]  kthread+0x337/0x6f0
[   13.678524]  ret_from_fork+0x116/0x1d0
[   13.678952]  ret_from_fork_asm+0x1a/0x30
[   13.679334] 
[   13.679444] Freed by task 0:
[   13.679836]  kasan_save_stack+0x45/0x70
[   13.679999]  kasan_save_track+0x18/0x40
[   13.680239]  kasan_save_free_info+0x3f/0x60
[   13.681007]  __kasan_slab_free+0x56/0x70
[   13.681217]  slab_free_after_rcu_debug+0xe4/0x310
[   13.681459]  rcu_core+0x66f/0x1c40
[   13.681629]  rcu_core_si+0x12/0x20
[   13.682384]  handle_softirqs+0x209/0x730
[   13.682558]  __irq_exit_rcu+0xc9/0x110
[   13.683273]  irq_exit_rcu+0x12/0x20
[   13.683443]  sysvec_apic_timer_interrupt+0x81/0x90
[   13.683931]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   13.684226] 
[   13.684345] Last potentially related work creation:
[   13.684895]  kasan_save_stack+0x45/0x70
[   13.685232]  kasan_record_aux_stack+0xb2/0xc0
[   13.685425]  kmem_cache_free+0x131/0x420
[   13.685639]  kmem_cache_rcu_uaf+0x194/0x510
[   13.686226]  kunit_try_run_case+0x1a5/0x480
[   13.686414]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.686687]  kthread+0x337/0x6f0
[   13.687206]  ret_from_fork+0x116/0x1d0
[   13.687386]  ret_from_fork_asm+0x1a/0x30
[   13.687871] 
[   13.688081] The buggy address belongs to the object at ffff8881025a9000
[   13.688081]  which belongs to the cache test_cache of size 200
[   13.688687] The buggy address is located 0 bytes inside of
[   13.688687]  freed 200-byte region [ffff8881025a9000, ffff8881025a90c8)
[   13.689653] 
[   13.689757] The buggy address belongs to the physical page:
[   13.690451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a9
[   13.691045] flags: 0x200000000000000(node=0|zone=2)
[   13.691474] page_type: f5(slab)
[   13.691737] raw: 0200000000000000 ffff8881016c1280 dead000000000122 0000000000000000
[   13.692287] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   13.692852] page dumped because: kasan: bad access detected
[   13.693255] 
[   13.693335] Memory state around the buggy address:
[   13.693583]  ffff8881025a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.694284]  ffff8881025a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.694599] >ffff8881025a9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.695198]                    ^
[   13.695495]  ffff8881025a9080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   13.695940]  ffff8881025a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.696500] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zqAFfqIOxGLcXSxmIRvg01aRN8

job_id

TEST:linaro@lkft#2zqALu2Oe2Lt2cHJbKxRgFXPxWl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqALu2Oe2Lt2cHJbKxRgFXPxWl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAInDHTQ1MJ3zW9aHru7mEB1o/bzImage
sha256sum	09b1d683c7484c0b3ea40e0e68e7e24d5319ec104b1b54a03517d8beaf049d75

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAInDHTQ1MJ3zW9aHru7mEB1o/modules.tar.xz
sha256sum	f6b96df8ffcaeb8ef3eb0533f6e104b9adaa5cd8ccb9736c96c5a9b77c7165bb

durations

tests

boot	0
kunit	212.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit