lkft/linux-next-master - next-20250526 - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf

Date

May 26, 2025, 9:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.352639] ==================================================================
[   17.352756] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520
[   17.352871] Read of size 1 at addr fff00000c6323200 by task kunit_try_catch/164
[   17.352979] 
[   17.353055] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.353646] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.353736] Hardware name: linux,dummy-virt (DT)
[   17.353895] Call trace:
[   17.353943]  show_stack+0x20/0x38 (C)
[   17.354795]  dump_stack_lvl+0x8c/0xd0
[   17.355424]  print_report+0x118/0x608
[   17.355830]  kasan_report+0xdc/0x128
[   17.356212]  __asan_report_load1_noabort+0x20/0x30
[   17.356438]  krealloc_uaf+0x4c8/0x520
[   17.357186]  kunit_try_run_case+0x170/0x3f0
[   17.358025]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.358181]  kthread+0x328/0x630
[   17.358585]  ret_from_fork+0x10/0x20
[   17.358907] 
[   17.358950] Allocated by task 164:
[   17.359211]  kasan_save_stack+0x3c/0x68
[   17.359609]  kasan_save_track+0x20/0x40
[   17.359691]  kasan_save_alloc_info+0x40/0x58
[   17.360214]  __kasan_kmalloc+0xd4/0xd8
[   17.360763]  __kmalloc_cache_noprof+0x15c/0x3c0
[   17.361004]  krealloc_uaf+0xc8/0x520
[   17.361352]  kunit_try_run_case+0x170/0x3f0
[   17.361529]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.361845]  kthread+0x328/0x630
[   17.361918]  ret_from_fork+0x10/0x20
[   17.362500] 
[   17.362698] Freed by task 164:
[   17.363026]  kasan_save_stack+0x3c/0x68
[   17.363114]  kasan_save_track+0x20/0x40
[   17.363184]  kasan_save_free_info+0x4c/0x78
[   17.363260]  __kasan_slab_free+0x6c/0x98
[   17.363828]  kfree+0x214/0x3c8
[   17.364404]  krealloc_uaf+0x12c/0x520
[   17.364603]  kunit_try_run_case+0x170/0x3f0
[   17.364971]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.365254]  kthread+0x328/0x630
[   17.365409]  ret_from_fork+0x10/0x20
[   17.365491] 
[   17.365539] The buggy address belongs to the object at fff00000c6323200
[   17.365539]  which belongs to the cache kmalloc-256 of size 256
[   17.365667] The buggy address is located 0 bytes inside of
[   17.365667]  freed 256-byte region [fff00000c6323200, fff00000c6323300)
[   17.365801] 
[   17.365846] The buggy address belongs to the physical page:
[   17.366451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.367073] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.367673] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.367957] page_type: f5(slab)
[   17.368584] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.368943] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.369062] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.369174] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.369284] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.369406] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.369499] page dumped because: kasan: bad access detected
[   17.369565] 
[   17.369604] Memory state around the buggy address:
[   17.370272]  fff00000c6323100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.371120]  fff00000c6323180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.371624] >fff00000c6323200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.371708]                    ^
[   17.371764]  fff00000c6323280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.371836]  fff00000c6323300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.371914] ==================================================================
[   17.325676] ==================================================================
[   17.325864] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520
[   17.326678] Read of size 1 at addr fff00000c6323200 by task kunit_try_catch/164
[   17.327945] 
[   17.328036] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.328781] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.328879] Hardware name: linux,dummy-virt (DT)
[   17.329081] Call trace:
[   17.329135]  show_stack+0x20/0x38 (C)
[   17.329489]  dump_stack_lvl+0x8c/0xd0
[   17.329842]  print_report+0x118/0x608
[   17.329951]  kasan_report+0xdc/0x128
[   17.330261]  __kasan_check_byte+0x54/0x70
[   17.330480]  krealloc_noprof+0x44/0x360
[   17.330698]  krealloc_uaf+0x180/0x520
[   17.330849]  kunit_try_run_case+0x170/0x3f0
[   17.331106]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.331237]  kthread+0x328/0x630
[   17.332073]  ret_from_fork+0x10/0x20
[   17.332194] 
[   17.332235] Allocated by task 164:
[   17.332785]  kasan_save_stack+0x3c/0x68
[   17.332959]  kasan_save_track+0x20/0x40
[   17.333215]  kasan_save_alloc_info+0x40/0x58
[   17.333794]  __kasan_kmalloc+0xd4/0xd8
[   17.333985]  __kmalloc_cache_noprof+0x15c/0x3c0
[   17.334316]  krealloc_uaf+0xc8/0x520
[   17.334633]  kunit_try_run_case+0x170/0x3f0
[   17.334836]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.335145]  kthread+0x328/0x630
[   17.335516]  ret_from_fork+0x10/0x20
[   17.335595] 
[   17.335976] Freed by task 164:
[   17.336210]  kasan_save_stack+0x3c/0x68
[   17.336330]  kasan_save_track+0x20/0x40
[   17.336413]  kasan_save_free_info+0x4c/0x78
[   17.336504]  __kasan_slab_free+0x6c/0x98
[   17.336589]  kfree+0x214/0x3c8
[   17.337090]  krealloc_uaf+0x12c/0x520
[   17.337381]  kunit_try_run_case+0x170/0x3f0
[   17.337896]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.338171]  kthread+0x328/0x630
[   17.338276]  ret_from_fork+0x10/0x20
[   17.338386] 
[   17.338795] The buggy address belongs to the object at fff00000c6323200
[   17.338795]  which belongs to the cache kmalloc-256 of size 256
[   17.339425] The buggy address is located 0 bytes inside of
[   17.339425]  freed 256-byte region [fff00000c6323200, fff00000c6323300)
[   17.340046] 
[   17.340333] The buggy address belongs to the physical page:
[   17.340589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.341017] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.341190] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.341636] page_type: f5(slab)
[   17.342081] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.342490] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.342773] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.343466] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.343591] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.343699] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.343774] page dumped because: kasan: bad access detected
[   17.343830] 
[   17.344567] Memory state around the buggy address:
[   17.344773]  fff00000c6323100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.345020]  fff00000c6323180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.345653] >fff00000c6323200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.346338]                    ^
[   17.346422]  fff00000c6323280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.346522]  fff00000c6323300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.347185] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwKRqCiBXqZTfBUVGk3R7kFyV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwKRqCiBXqZTfBUVGk3R7kFyV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/Image.gz
sha256sum	5eb220ec8a0577057e846893fd6765de2862993ea9b0ac08817113a8276aa5f2

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/modules.tar.xz
sha256sum	4b1624b924fe7746dfbcb89db1c4c5f348e5b645d9f62b80c2bae0383b878251

durations

tests

boot	0
kunit	238.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.941795] ==================================================================
[   10.942271] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0
[   10.942557] Read of size 1 at addr ffff888100a37400 by task kunit_try_catch/182
[   10.942900] 
[   10.942996] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.943083] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.943095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.943115] Call Trace:
[   10.943130]  <TASK>
[   10.943144]  dump_stack_lvl+0x73/0xb0
[   10.943169]  print_report+0xd1/0x650
[   10.943191]  ? __virt_addr_valid+0x1db/0x2d0
[   10.943214]  ? krealloc_uaf+0x53c/0x5e0
[   10.943236]  ? kasan_complete_mode_report_info+0x64/0x200
[   10.943261]  ? krealloc_uaf+0x53c/0x5e0
[   10.943284]  kasan_report+0x141/0x180
[   10.943307]  ? krealloc_uaf+0x53c/0x5e0
[   10.943334]  __asan_report_load1_noabort+0x18/0x20
[   10.943354]  krealloc_uaf+0x53c/0x5e0
[   10.943387]  ? __pfx_krealloc_uaf+0x10/0x10
[   10.943410]  ? __kasan_check_write+0x18/0x20
[   10.943430]  ? queued_spin_lock_slowpath+0x116/0xb40
[   10.943454]  ? irqentry_exit+0x2a/0x60
[   10.943472]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   10.943496]  ? trace_hardirqs_on+0x37/0xe0
[   10.943519]  ? __pfx_read_tsc+0x10/0x10
[   10.943539]  ? ktime_get_ts64+0x86/0x230
[   10.943562]  kunit_try_run_case+0x1a5/0x480
[   10.943582]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.943603]  ? queued_spin_lock_slowpath+0x116/0xb40
[   10.943627]  ? __kthread_parkme+0x82/0x180
[   10.943647]  ? preempt_count_sub+0x50/0x80
[   10.943670]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.943690]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.943713]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.943737]  kthread+0x337/0x6f0
[   10.943755]  ? trace_preempt_on+0x20/0xc0
[   10.943777]  ? __pfx_kthread+0x10/0x10
[   10.943797]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.943820]  ? calculate_sigpending+0x7b/0xa0
[   10.943844]  ? __pfx_kthread+0x10/0x10
[   10.943865]  ret_from_fork+0x116/0x1d0
[   10.943884]  ? __pfx_kthread+0x10/0x10
[   10.943904]  ret_from_fork_asm+0x1a/0x30
[   10.943935]  </TASK>
[   10.943945] 
[   10.951781] Allocated by task 182:
[   10.951966]  kasan_save_stack+0x45/0x70
[   10.952176]  kasan_save_track+0x18/0x40
[   10.952369]  kasan_save_alloc_info+0x3b/0x50
[   10.952535]  __kasan_kmalloc+0xb7/0xc0
[   10.952669]  __kmalloc_cache_noprof+0x189/0x420
[   10.952926]  krealloc_uaf+0xbb/0x5e0
[   10.953253]  kunit_try_run_case+0x1a5/0x480
[   10.953435]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.953611]  kthread+0x337/0x6f0
[   10.953785]  ret_from_fork+0x116/0x1d0
[   10.954204]  ret_from_fork_asm+0x1a/0x30
[   10.954427] 
[   10.954508] Freed by task 182:
[   10.954655]  kasan_save_stack+0x45/0x70
[   10.954845]  kasan_save_track+0x18/0x40
[   10.955060]  kasan_save_free_info+0x3f/0x60
[   10.955249]  __kasan_slab_free+0x56/0x70
[   10.955423]  kfree+0x222/0x3f0
[   10.955588]  krealloc_uaf+0x13d/0x5e0
[   10.955778]  kunit_try_run_case+0x1a5/0x480
[   10.955934]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.956350]  kthread+0x337/0x6f0
[   10.956514]  ret_from_fork+0x116/0x1d0
[   10.956647]  ret_from_fork_asm+0x1a/0x30
[   10.957036] 
[   10.957131] The buggy address belongs to the object at ffff888100a37400
[   10.957131]  which belongs to the cache kmalloc-256 of size 256
[   10.957545] The buggy address is located 0 bytes inside of
[   10.957545]  freed 256-byte region [ffff888100a37400, ffff888100a37500)
[   10.957999] 
[   10.958098] The buggy address belongs to the physical page:
[   10.958355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.958719] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.958943] flags: 0x200000000000040(head|node=0|zone=2)
[   10.959474] page_type: f5(slab)
[   10.959662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.960115] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.960387] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.960747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.961113] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.961404] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.961744] page dumped because: kasan: bad access detected
[   10.961951] 
[   10.962075] Memory state around the buggy address:
[   10.962233]  ffff888100a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.962578]  ffff888100a37380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.962905] >ffff888100a37400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   10.963219]                    ^
[   10.963370]  ffff888100a37480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   10.963592]  ffff888100a37500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.964232] ==================================================================
[   10.917237] ==================================================================
[   10.917786] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0
[   10.918085] Read of size 1 at addr ffff888100a37400 by task kunit_try_catch/182
[   10.918730] 
[   10.918852] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.918897] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.918909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.918929] Call Trace:
[   10.918941]  <TASK>
[   10.918957]  dump_stack_lvl+0x73/0xb0
[   10.918985]  print_report+0xd1/0x650
[   10.919008]  ? __virt_addr_valid+0x1db/0x2d0
[   10.919031]  ? krealloc_uaf+0x1b8/0x5e0
[   10.919051]  ? kasan_complete_mode_report_info+0x64/0x200
[   10.919073]  ? krealloc_uaf+0x1b8/0x5e0
[   10.919095]  kasan_report+0x141/0x180
[   10.919116]  ? krealloc_uaf+0x1b8/0x5e0
[   10.919140]  ? krealloc_uaf+0x1b8/0x5e0
[   10.919161]  __kasan_check_byte+0x3d/0x50
[   10.919183]  krealloc_noprof+0x3f/0x340
[   10.919207]  krealloc_uaf+0x1b8/0x5e0
[   10.919228]  ? __pfx_krealloc_uaf+0x10/0x10
[   10.919250]  ? __kasan_check_write+0x18/0x20
[   10.919269]  ? queued_spin_lock_slowpath+0x116/0xb40
[   10.919294]  ? irqentry_exit+0x2a/0x60
[   10.919312]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   10.919602]  ? trace_hardirqs_on+0x37/0xe0
[   10.919630]  ? __pfx_read_tsc+0x10/0x10
[   10.919651]  ? ktime_get_ts64+0x86/0x230
[   10.919676]  kunit_try_run_case+0x1a5/0x480
[   10.919698]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.919729]  ? queued_spin_lock_slowpath+0x116/0xb40
[   10.919754]  ? __kthread_parkme+0x82/0x180
[   10.919774]  ? preempt_count_sub+0x50/0x80
[   10.919797]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.919817]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.919841]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.919864]  kthread+0x337/0x6f0
[   10.919883]  ? trace_preempt_on+0x20/0xc0
[   10.919904]  ? __pfx_kthread+0x10/0x10
[   10.919924]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.919947]  ? calculate_sigpending+0x7b/0xa0
[   10.919970]  ? __pfx_kthread+0x10/0x10
[   10.919991]  ret_from_fork+0x116/0x1d0
[   10.920053]  ? __pfx_kthread+0x10/0x10
[   10.920074]  ret_from_fork_asm+0x1a/0x30
[   10.920104]  </TASK>
[   10.920115] 
[   10.928492] Allocated by task 182:
[   10.928676]  kasan_save_stack+0x45/0x70
[   10.928943]  kasan_save_track+0x18/0x40
[   10.929127]  kasan_save_alloc_info+0x3b/0x50
[   10.929558]  __kasan_kmalloc+0xb7/0xc0
[   10.929704]  __kmalloc_cache_noprof+0x189/0x420
[   10.929947]  krealloc_uaf+0xbb/0x5e0
[   10.930144]  kunit_try_run_case+0x1a5/0x480
[   10.930405]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.930620]  kthread+0x337/0x6f0
[   10.930742]  ret_from_fork+0x116/0x1d0
[   10.930873]  ret_from_fork_asm+0x1a/0x30
[   10.931065] 
[   10.931180] Freed by task 182:
[   10.931363]  kasan_save_stack+0x45/0x70
[   10.931667]  kasan_save_track+0x18/0x40
[   10.932081]  kasan_save_free_info+0x3f/0x60
[   10.932269]  __kasan_slab_free+0x56/0x70
[   10.932444]  kfree+0x222/0x3f0
[   10.932605]  krealloc_uaf+0x13d/0x5e0
[   10.932804]  kunit_try_run_case+0x1a5/0x480
[   10.932948]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.933124]  kthread+0x337/0x6f0
[   10.933415]  ret_from_fork+0x116/0x1d0
[   10.933611]  ret_from_fork_asm+0x1a/0x30
[   10.933825] 
[   10.933927] The buggy address belongs to the object at ffff888100a37400
[   10.933927]  which belongs to the cache kmalloc-256 of size 256
[   10.934330] The buggy address is located 0 bytes inside of
[   10.934330]  freed 256-byte region [ffff888100a37400, ffff888100a37500)
[   10.935348] 
[   10.935460] The buggy address belongs to the physical page:
[   10.935650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.935894] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.936127] flags: 0x200000000000040(head|node=0|zone=2)
[   10.936592] page_type: f5(slab)
[   10.936771] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.937126] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.937456] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.938061] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.938301] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.938546] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.939142] page dumped because: kasan: bad access detected
[   10.939415] 
[   10.939514] Memory state around the buggy address:
[   10.939739]  ffff888100a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.940030]  ffff888100a37380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.940310] >ffff888100a37400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   10.940559]                    ^
[   10.940710]  ffff888100a37480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   10.941038]  ffff888100a37500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.941314] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwLWYXo1r3LJpulqtiW2zsnrb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwLWYXo1r3LJpulqtiW2zsnrb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/bzImage
sha256sum	b09b9976970e4221a2c7611dba5f82a6b21199333e8eaa872d8eeba71513307b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/modules.tar.xz
sha256sum	2494407470591358d825e0a38516dda0affd27e1b84431d2c86d654acedface9

durations

tests

boot	0
kunit	198.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned