lkft/linux-next-master - next-20250702 - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.184418] ==================================================================
[   32.184517] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468
[   32.184598] Read of size 1 at addr fff00000c406b000 by task kunit_try_catch/246
[   32.184650] 
[   32.184695] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   32.184789] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.184818] Hardware name: linux,dummy-virt (DT)
[   32.184986] Call trace:
[   32.185018]  show_stack+0x20/0x38 (C)
[   32.185185]  dump_stack_lvl+0x8c/0xd0
[   32.185285]  print_report+0x118/0x608
[   32.185444]  kasan_report+0xdc/0x128
[   32.185492]  __asan_report_load1_noabort+0x20/0x30
[   32.185654]  kmem_cache_rcu_uaf+0x388/0x468
[   32.185718]  kunit_try_run_case+0x170/0x3f0
[   32.185816]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.185892]  kthread+0x328/0x630
[   32.186151]  ret_from_fork+0x10/0x20
[   32.186214] 
[   32.186369] Allocated by task 246:
[   32.186834]  kasan_save_stack+0x3c/0x68
[   32.186902]  kasan_save_track+0x20/0x40
[   32.187132]  kasan_save_alloc_info+0x40/0x58
[   32.187209]  __kasan_slab_alloc+0xa8/0xb0
[   32.187294]  kmem_cache_alloc_noprof+0x10c/0x398
[   32.187357]  kmem_cache_rcu_uaf+0x12c/0x468
[   32.187414]  kunit_try_run_case+0x170/0x3f0
[   32.187454]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.187499]  kthread+0x328/0x630
[   32.187661]  ret_from_fork+0x10/0x20
[   32.187736] 
[   32.187999] Freed by task 0:
[   32.188068]  kasan_save_stack+0x3c/0x68
[   32.188154]  kasan_save_track+0x20/0x40
[   32.188272]  kasan_save_free_info+0x4c/0x78
[   32.188342]  __kasan_slab_free+0x6c/0x98
[   32.188427]  slab_free_after_rcu_debug+0xd4/0x2f8
[   32.188513]  rcu_core+0x9f4/0x1e20
[   32.188562]  rcu_core_si+0x18/0x30
[   32.188597]  handle_softirqs+0x374/0xb28
[   32.188634]  __do_softirq+0x1c/0x28
[   32.188669] 
[   32.188689] Last potentially related work creation:
[   32.188739]  kasan_save_stack+0x3c/0x68
[   32.188780]  kasan_record_aux_stack+0xb4/0xc8
[   32.188816]  kmem_cache_free+0x120/0x468
[   32.189020]  kmem_cache_rcu_uaf+0x16c/0x468
[   32.189132]  kunit_try_run_case+0x170/0x3f0
[   32.189233]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.189291]  kthread+0x328/0x630
[   32.189322]  ret_from_fork+0x10/0x20
[   32.189517] 
[   32.189654] The buggy address belongs to the object at fff00000c406b000
[   32.189654]  which belongs to the cache test_cache of size 200
[   32.189783] The buggy address is located 0 bytes inside of
[   32.189783]  freed 200-byte region [fff00000c406b000, fff00000c406b0c8)
[   32.189894] 
[   32.190013] The buggy address belongs to the physical page:
[   32.190068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10406b
[   32.190147] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.190254] page_type: f5(slab)
[   32.190325] raw: 0bfffe0000000000 fff00000c3fa2780 dead000000000122 0000000000000000
[   32.190378] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   32.190423] page dumped because: kasan: bad access detected
[   32.190465] 
[   32.190484] Memory state around the buggy address:
[   32.190523]  fff00000c406af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.190568]  fff00000c406af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.190614] >fff00000c406b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.190664]                    ^
[   32.190693]  fff00000c406b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   32.190752]  fff00000c406b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.190791] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   33.896946] ==================================================================
[   33.897068] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468
[   33.897245] Read of size 1 at addr fff00000c9a51000 by task kunit_try_catch/244
[   33.897377] 
[   33.897426] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.897684] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.897719] Hardware name: linux,dummy-virt (DT)
[   33.897757] Call trace:
[   33.897784]  show_stack+0x20/0x38 (C)
[   33.898054]  dump_stack_lvl+0x8c/0xd0
[   33.898133]  print_report+0x118/0x608
[   33.898276]  kasan_report+0xdc/0x128
[   33.898341]  __asan_report_load1_noabort+0x20/0x30
[   33.898628]  kmem_cache_rcu_uaf+0x388/0x468
[   33.898744]  kunit_try_run_case+0x170/0x3f0
[   33.898807]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.898863]  kthread+0x328/0x630
[   33.898968]  ret_from_fork+0x10/0x20
[   33.899050] 
[   33.899079] Allocated by task 244:
[   33.899129]  kasan_save_stack+0x3c/0x68
[   33.899246]  kasan_save_track+0x20/0x40
[   33.899284]  kasan_save_alloc_info+0x40/0x58
[   33.899324]  __kasan_slab_alloc+0xa8/0xb0
[   33.899361]  kmem_cache_alloc_noprof+0x10c/0x398
[   33.899746]  kmem_cache_rcu_uaf+0x12c/0x468
[   33.899809]  kunit_try_run_case+0x170/0x3f0
[   33.899981]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.900058]  kthread+0x328/0x630
[   33.900201]  ret_from_fork+0x10/0x20
[   33.900269] 
[   33.900296] Freed by task 0:
[   33.900326]  kasan_save_stack+0x3c/0x68
[   33.900659]  kasan_save_track+0x20/0x40
[   33.900826]  kasan_save_free_info+0x4c/0x78
[   33.900895]  __kasan_slab_free+0x6c/0x98
[   33.901026]  slab_free_after_rcu_debug+0xd4/0x2f8
[   33.901116]  rcu_core+0x9f4/0x1e20
[   33.901198]  rcu_core_si+0x18/0x30
[   33.901344]  handle_softirqs+0x374/0xb28
[   33.901389]  __do_softirq+0x1c/0x28
[   33.901448] 
[   33.902077] Last potentially related work creation:
[   33.902133]  kasan_save_stack+0x3c/0x68
[   33.902827]  kasan_record_aux_stack+0xb4/0xc8
[   33.903270]  kmem_cache_free+0x120/0x468
[   33.903374]  kmem_cache_rcu_uaf+0x16c/0x468
[   33.903507]  kunit_try_run_case+0x170/0x3f0
[   33.903585]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.903879]  kthread+0x328/0x630
[   33.904006]  ret_from_fork+0x10/0x20
[   33.904383] 
[   33.904443] The buggy address belongs to the object at fff00000c9a51000
[   33.904443]  which belongs to the cache test_cache of size 200
[   33.904568] The buggy address is located 0 bytes inside of
[   33.904568]  freed 200-byte region [fff00000c9a51000, fff00000c9a510c8)
[   33.904663] 
[   33.904754] The buggy address belongs to the physical page:
[   33.904821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a51
[   33.904928] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.904986] page_type: f5(slab)
[   33.905030] raw: 0bfffe0000000000 fff00000c5c33280 dead000000000122 0000000000000000
[   33.905223] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   33.905378] page dumped because: kasan: bad access detected
[   33.905563] 
[   33.905766] Memory state around the buggy address:
[   33.905836]  fff00000c9a50f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.905948]  fff00000c9a50f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.906049] >fff00000c9a51000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.906179]                    ^
[   33.906236]  fff00000c9a51080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   33.906311]  fff00000c9a51100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.906388] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgVNbTMWSdgH2toga97GQ1Q7f

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgVNbTMWSdgH2toga97GQ1Q7f

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/Image.gz
sha256sum	0bc9f899cfd087a8afeca5d2e97cbfde074f219701c595cf032b0638edac4ebb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/modules.tar.xz
sha256sum	a7c57519c6dd39ab91f2f3c11d9473bcddc038b16e47bd1dafe42a18ff05f66f

durations

tests

boot	0
kunit	166.37

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.103371] ==================================================================
[   24.103887] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510
[   24.104163] Read of size 1 at addr ffff888105a16000 by task kunit_try_catch/262
[   24.105248] 
[   24.105718] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   24.105782] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.105796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.105827] Call Trace:
[   24.105844]  <TASK>
[   24.105867]  dump_stack_lvl+0x73/0xb0
[   24.105904]  print_report+0xd1/0x650
[   24.105929]  ? __virt_addr_valid+0x1db/0x2d0
[   24.105954]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   24.106012]  ? kasan_complete_mode_report_info+0x64/0x200
[   24.106038]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   24.106078]  kasan_report+0x141/0x180
[   24.106101]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   24.106139]  __asan_report_load1_noabort+0x18/0x20
[   24.106163]  kmem_cache_rcu_uaf+0x3e3/0x510
[   24.106196]  ? __pfx_kmem_cache_rcu_uaf+0x10/0x10
[   24.106219]  ? finish_task_switch.isra.0+0x153/0x700
[   24.106245]  ? __switch_to+0x47/0xf50
[   24.106275]  ? __pfx_read_tsc+0x10/0x10
[   24.106298]  ? ktime_get_ts64+0x86/0x230
[   24.106324]  kunit_try_run_case+0x1a5/0x480
[   24.106352]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.106376]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.106399]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.106421]  ? __kthread_parkme+0x82/0x180
[   24.106442]  ? preempt_count_sub+0x50/0x80
[   24.106465]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.106490]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.106514]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.106539]  kthread+0x337/0x6f0
[   24.106559]  ? trace_preempt_on+0x20/0xc0
[   24.106584]  ? __pfx_kthread+0x10/0x10
[   24.106605]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.106629]  ? calculate_sigpending+0x7b/0xa0
[   24.106654]  ? __pfx_kthread+0x10/0x10
[   24.106676]  ret_from_fork+0x116/0x1d0
[   24.106695]  ? __pfx_kthread+0x10/0x10
[   24.106716]  ret_from_fork_asm+0x1a/0x30
[   24.106747]  </TASK>
[   24.106761] 
[   24.117937] Allocated by task 262:
[   24.118114]  kasan_save_stack+0x45/0x70
[   24.118408]  kasan_save_track+0x18/0x40
[   24.118626]  kasan_save_alloc_info+0x3b/0x50
[   24.118820]  __kasan_slab_alloc+0x91/0xa0
[   24.118995]  kmem_cache_alloc_noprof+0x123/0x3f0
[   24.119319]  kmem_cache_rcu_uaf+0x155/0x510
[   24.119534]  kunit_try_run_case+0x1a5/0x480
[   24.119723]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.120001]  kthread+0x337/0x6f0
[   24.120453]  ret_from_fork+0x116/0x1d0
[   24.120660]  ret_from_fork_asm+0x1a/0x30
[   24.120810] 
[   24.120875] Freed by task 0:
[   24.121000]  kasan_save_stack+0x45/0x70
[   24.121298]  kasan_save_track+0x18/0x40
[   24.121519]  kasan_save_free_info+0x3f/0x60
[   24.121725]  __kasan_slab_free+0x56/0x70
[   24.121950]  slab_free_after_rcu_debug+0xe4/0x310
[   24.122136]  rcu_core+0x66f/0x1c40
[   24.122386]  rcu_core_si+0x12/0x20
[   24.122545]  handle_softirqs+0x209/0x730
[   24.122675]  __irq_exit_rcu+0xc9/0x110
[   24.122797]  irq_exit_rcu+0x12/0x20
[   24.123002]  sysvec_apic_timer_interrupt+0x81/0x90
[   24.123299]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   24.123540] 
[   24.123634] Last potentially related work creation:
[   24.123849]  kasan_save_stack+0x45/0x70
[   24.124055]  kasan_record_aux_stack+0xb2/0xc0
[   24.124484]  kmem_cache_free+0x131/0x420
[   24.124707]  kmem_cache_rcu_uaf+0x194/0x510
[   24.124887]  kunit_try_run_case+0x1a5/0x480
[   24.125110]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.125453]  kthread+0x337/0x6f0
[   24.125623]  ret_from_fork+0x116/0x1d0
[   24.125791]  ret_from_fork_asm+0x1a/0x30
[   24.125929] 
[   24.126019] The buggy address belongs to the object at ffff888105a16000
[   24.126019]  which belongs to the cache test_cache of size 200
[   24.126635] The buggy address is located 0 bytes inside of
[   24.126635]  freed 200-byte region [ffff888105a16000, ffff888105a160c8)
[   24.127067] 
[   24.127160] The buggy address belongs to the physical page:
[   24.127506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a16
[   24.127877] flags: 0x200000000000000(node=0|zone=2)
[   24.128317] page_type: f5(slab)
[   24.128599] raw: 0200000000000000 ffff888101095640 dead000000000122 0000000000000000
[   24.128953] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   24.129358] page dumped because: kasan: bad access detected
[   24.129606] 
[   24.129673] Memory state around the buggy address:
[   24.129854]  ffff888105a15f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.130290]  ffff888105a15f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.130581] >ffff888105a16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.130818]                    ^
[   24.130974]  ffff888105a16080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   24.131287]  ffff888105a16100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.131529] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgWLiLp1SzPvoGOQl1Sc7c2xD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgWLiLp1SzPvoGOQl1Sc7c2xD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/bzImage
sha256sum	c63ce0944f5600b46c12779e7ee07bd3abac22ab6ab0025102b975f86834f461

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/modules.tar.xz
sha256sum	6bde680c4711a679bf6c233af89c66b0048bd800f61fd1fce42662ca56dcc624

durations

tests

boot	0
kunit	249.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.848942] ==================================================================
[   23.849490] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510
[   23.850597] Read of size 1 at addr ffff8881058a3000 by task kunit_try_catch/261
[   23.850997] 
[   23.851398] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   23.851462] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.851475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.851499] Call Trace:
[   23.851514]  <TASK>
[   23.851536]  dump_stack_lvl+0x73/0xb0
[   23.851573]  print_report+0xd1/0x650
[   23.851597]  ? __virt_addr_valid+0x1db/0x2d0
[   23.851624]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   23.851646]  ? kasan_complete_mode_report_info+0x64/0x200
[   23.851823]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   23.851858]  kasan_report+0x141/0x180
[   23.851882]  ? kmem_cache_rcu_uaf+0x3e3/0x510
[   23.851909]  __asan_report_load1_noabort+0x18/0x20
[   23.851933]  kmem_cache_rcu_uaf+0x3e3/0x510
[   23.851955]  ? __pfx_kmem_cache_rcu_uaf+0x10/0x10
[   23.851977]  ? finish_task_switch.isra.0+0x153/0x700
[   23.852002]  ? __switch_to+0x47/0xf50
[   23.852032]  ? __pfx_read_tsc+0x10/0x10
[   23.852056]  ? ktime_get_ts64+0x86/0x230
[   23.852082]  kunit_try_run_case+0x1a5/0x480
[   23.852111]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.852134]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.852156]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.852179]  ? __kthread_parkme+0x82/0x180
[   23.852201]  ? preempt_count_sub+0x50/0x80
[   23.852223]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.852248]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.852272]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.852296]  kthread+0x337/0x6f0
[   23.852333]  ? trace_preempt_on+0x20/0xc0
[   23.852358]  ? __pfx_kthread+0x10/0x10
[   23.852379]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.852403]  ? calculate_sigpending+0x7b/0xa0
[   23.852427]  ? __pfx_kthread+0x10/0x10
[   23.852448]  ret_from_fork+0x116/0x1d0
[   23.852467]  ? __pfx_kthread+0x10/0x10
[   23.852488]  ret_from_fork_asm+0x1a/0x30
[   23.852520]  </TASK>
[   23.852533] 
[   23.863241] Allocated by task 261:
[   23.863424]  kasan_save_stack+0x45/0x70
[   23.863647]  kasan_save_track+0x18/0x40
[   23.863877]  kasan_save_alloc_info+0x3b/0x50
[   23.864073]  __kasan_slab_alloc+0x91/0xa0
[   23.864290]  kmem_cache_alloc_noprof+0x123/0x3f0
[   23.864529]  kmem_cache_rcu_uaf+0x155/0x510
[   23.864678]  kunit_try_run_case+0x1a5/0x480
[   23.864930]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.865342]  kthread+0x337/0x6f0
[   23.865515]  ret_from_fork+0x116/0x1d0
[   23.865939]  ret_from_fork_asm+0x1a/0x30
[   23.866163] 
[   23.866234] Freed by task 0:
[   23.866351]  kasan_save_stack+0x45/0x70
[   23.866539]  kasan_save_track+0x18/0x40
[   23.866810]  kasan_save_free_info+0x3f/0x60
[   23.867074]  __kasan_slab_free+0x56/0x70
[   23.867292]  slab_free_after_rcu_debug+0xe4/0x310
[   23.867532]  rcu_core+0x66f/0x1c40
[   23.867761]  rcu_core_si+0x12/0x20
[   23.867927]  handle_softirqs+0x209/0x730
[   23.868108]  __irq_exit_rcu+0xc9/0x110
[   23.868231]  irq_exit_rcu+0x12/0x20
[   23.868406]  sysvec_apic_timer_interrupt+0x81/0x90
[   23.868625]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   23.868906] 
[   23.868972] Last potentially related work creation:
[   23.869444]  kasan_save_stack+0x45/0x70
[   23.869654]  kasan_record_aux_stack+0xb2/0xc0
[   23.870167]  kmem_cache_free+0x131/0x420
[   23.870317]  kmem_cache_rcu_uaf+0x194/0x510
[   23.870481]  kunit_try_run_case+0x1a5/0x480
[   23.870887]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.871106]  kthread+0x337/0x6f0
[   23.871254]  ret_from_fork+0x116/0x1d0
[   23.871425]  ret_from_fork_asm+0x1a/0x30
[   23.872101] 
[   23.872209] The buggy address belongs to the object at ffff8881058a3000
[   23.872209]  which belongs to the cache test_cache of size 200
[   23.873162] The buggy address is located 0 bytes inside of
[   23.873162]  freed 200-byte region [ffff8881058a3000, ffff8881058a30c8)
[   23.874104] 
[   23.874190] The buggy address belongs to the physical page:
[   23.874436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a3
[   23.875069] flags: 0x200000000000000(node=0|zone=2)
[   23.875433] page_type: f5(slab)
[   23.875859] raw: 0200000000000000 ffff8881058a2000 dead000000000122 0000000000000000
[   23.876293] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   23.876987] page dumped because: kasan: bad access detected
[   23.877300] 
[   23.877521] Memory state around the buggy address:
[   23.877980]  ffff8881058a2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.878277]  ffff8881058a2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.878898] >ffff8881058a3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.879242]                    ^
[   23.879633]  ffff8881058a3080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   23.880154]  ffff8881058a3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.880461] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjbo5vUf6Wgav2dNg23QBILve

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjbo5vUf6Wgav2dNg23QBILve

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/bzImage
sha256sum	4acfb3ef7d1c5960d9bb8d8c6946992d600ffa1a2e100775f86dbb73a7e052b1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/modules.tar.xz
sha256sum	9d3b3583400db11d5b102f8eb0fbef431a8d5f7a81319fa4c86c7d93acce21b0

durations

tests

boot	0
kunit	219.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit