lkft/linux-next-master - next-20250702 - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   31.129366] ==================================================================
[   31.129429] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8
[   31.129481] Read of size 8 at addr fff00000c91f2b40 by task kunit_try_catch/233
[   31.129563] 
[   31.129607] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   31.129700] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.129727] Hardware name: linux,dummy-virt (DT)
[   31.129769] Call trace:
[   31.129808]  show_stack+0x20/0x38 (C)
[   31.129857]  dump_stack_lvl+0x8c/0xd0
[   31.129906]  print_report+0x118/0x608
[   31.130343]  kasan_report+0xdc/0x128
[   31.130400]  __asan_report_load8_noabort+0x20/0x30
[   31.130468]  workqueue_uaf+0x480/0x4a8
[   31.130603]  kunit_try_run_case+0x170/0x3f0
[   31.130700]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.130755]  kthread+0x328/0x630
[   31.130816]  ret_from_fork+0x10/0x20
[   31.130936] 
[   31.130976] Allocated by task 233:
[   31.131014]  kasan_save_stack+0x3c/0x68
[   31.131211]  kasan_save_track+0x20/0x40
[   31.131272]  kasan_save_alloc_info+0x40/0x58
[   31.131328]  __kasan_kmalloc+0xd4/0xd8
[   31.131449]  __kmalloc_cache_noprof+0x16c/0x3c0
[   31.131508]  workqueue_uaf+0x13c/0x4a8
[   31.131546]  kunit_try_run_case+0x170/0x3f0
[   31.131702]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.131801]  kthread+0x328/0x630
[   31.131963]  ret_from_fork+0x10/0x20
[   31.132034] 
[   31.132237] Freed by task 9:
[   31.132286]  kasan_save_stack+0x3c/0x68
[   31.132810]  kasan_save_track+0x20/0x40
[   31.132886]  kasan_save_free_info+0x4c/0x78
[   31.132974]  __kasan_slab_free+0x6c/0x98
[   31.133097]  kfree+0x214/0x3c8
[   31.133164]  workqueue_uaf_work+0x18/0x30
[   31.133236]  process_one_work+0x530/0xf98
[   31.133316]  worker_thread+0x618/0xf38
[   31.133433]  kthread+0x328/0x630
[   31.133502]  ret_from_fork+0x10/0x20
[   31.133707] 
[   31.133764] Last potentially related work creation:
[   31.133898]  kasan_save_stack+0x3c/0x68
[   31.134037]  kasan_record_aux_stack+0xb4/0xc8
[   31.134129]  __queue_work+0x65c/0xfe0
[   31.134207]  queue_work_on+0xbc/0xf8
[   31.134539]  workqueue_uaf+0x210/0x4a8
[   31.134608]  kunit_try_run_case+0x170/0x3f0
[   31.134685]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.134801]  kthread+0x328/0x630
[   31.134851]  ret_from_fork+0x10/0x20
[   31.134887] 
[   31.135138] The buggy address belongs to the object at fff00000c91f2b40
[   31.135138]  which belongs to the cache kmalloc-32 of size 32
[   31.135235] The buggy address is located 0 bytes inside of
[   31.135235]  freed 32-byte region [fff00000c91f2b40, fff00000c91f2b60)
[   31.135371] 
[   31.135411] The buggy address belongs to the physical page:
[   31.135451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f2
[   31.135572] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.135669] page_type: f5(slab)
[   31.135771] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   31.135892] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   31.135958] page dumped because: kasan: bad access detected
[   31.135990] 
[   31.136008] Memory state around the buggy address:
[   31.136324]  fff00000c91f2a00: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc
[   31.136426]  fff00000c91f2a80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   31.136498] >fff00000c91f2b00: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc
[   31.136737]                                            ^
[   31.136829]  fff00000c91f2b80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.136919]  fff00000c91f2c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.137002] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   33.013082] ==================================================================
[   33.013169] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8
[   33.014398] Read of size 8 at addr fff00000c8db83c0 by task kunit_try_catch/231
[   33.015508] 
[   33.015743] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.015903] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.015933] Hardware name: linux,dummy-virt (DT)
[   33.016213] Call trace:
[   33.016379]  show_stack+0x20/0x38 (C)
[   33.016485]  dump_stack_lvl+0x8c/0xd0
[   33.016925]  print_report+0x118/0x608
[   33.017185]  kasan_report+0xdc/0x128
[   33.017423]  __asan_report_load8_noabort+0x20/0x30
[   33.017813]  workqueue_uaf+0x480/0x4a8
[   33.018030]  kunit_try_run_case+0x170/0x3f0
[   33.018295]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.018379]  kthread+0x328/0x630
[   33.018424]  ret_from_fork+0x10/0x20
[   33.018473] 
[   33.018492] Allocated by task 231:
[   33.019224]  kasan_save_stack+0x3c/0x68
[   33.019297]  kasan_save_track+0x20/0x40
[   33.019369]  kasan_save_alloc_info+0x40/0x58
[   33.019862]  __kasan_kmalloc+0xd4/0xd8
[   33.020013]  __kmalloc_cache_noprof+0x16c/0x3c0
[   33.020065]  workqueue_uaf+0x13c/0x4a8
[   33.020415]  kunit_try_run_case+0x170/0x3f0
[   33.020493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.020539]  kthread+0x328/0x630
[   33.020760]  ret_from_fork+0x10/0x20
[   33.020798] 
[   33.020818] Freed by task 47:
[   33.021315]  kasan_save_stack+0x3c/0x68
[   33.021589]  kasan_save_track+0x20/0x40
[   33.021753]  kasan_save_free_info+0x4c/0x78
[   33.021870]  __kasan_slab_free+0x6c/0x98
[   33.021938]  kfree+0x214/0x3c8
[   33.021971]  workqueue_uaf_work+0x18/0x30
[   33.022311]  process_one_work+0x530/0xf98
[   33.022633]  worker_thread+0x618/0xf38
[   33.022703]  kthread+0x328/0x630
[   33.022738]  ret_from_fork+0x10/0x20
[   33.022799] 
[   33.022821] Last potentially related work creation:
[   33.022848]  kasan_save_stack+0x3c/0x68
[   33.023379]  kasan_record_aux_stack+0xb4/0xc8
[   33.023434]  __queue_work+0x65c/0xfe0
[   33.023660]  queue_work_on+0xbc/0xf8
[   33.023736]  workqueue_uaf+0x210/0x4a8
[   33.023774]  kunit_try_run_case+0x170/0x3f0
[   33.024040]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.024088]  kthread+0x328/0x630
[   33.024393]  ret_from_fork+0x10/0x20
[   33.024437] 
[   33.024457] The buggy address belongs to the object at fff00000c8db83c0
[   33.024457]  which belongs to the cache kmalloc-32 of size 32
[   33.025027] The buggy address is located 0 bytes inside of
[   33.025027]  freed 32-byte region [fff00000c8db83c0, fff00000c8db83e0)
[   33.025597] 
[   33.025672] The buggy address belongs to the physical page:
[   33.025775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108db8
[   33.026021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.026077] page_type: f5(slab)
[   33.026121] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   33.026185] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   33.026515] page dumped because: kasan: bad access detected
[   33.026709] 
[   33.026839] Memory state around the buggy address:
[   33.026877]  fff00000c8db8280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   33.027314]  fff00000c8db8300: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   33.027437] >fff00000c8db8380: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc
[   33.027758]                                            ^
[   33.027801]  fff00000c8db8400: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.028037]  fff00000c8db8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.028276] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgVNbTMWSdgH2toga97GQ1Q7f

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgVNbTMWSdgH2toga97GQ1Q7f

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/Image.gz
sha256sum	0bc9f899cfd087a8afeca5d2e97cbfde074f219701c595cf032b0638edac4ebb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/modules.tar.xz
sha256sum	a7c57519c6dd39ab91f2f3c11d9473bcddc038b16e47bd1dafe42a18ff05f66f

durations

tests

boot	0
kunit	166.37

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.629724] ==================================================================
[   23.630582] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560
[   23.631556] Read of size 8 at addr ffff888106098980 by task kunit_try_catch/248
[   23.632006] 
[   23.632303] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   23.632374] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.632387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.632409] Call Trace:
[   23.632425]  <TASK>
[   23.632444]  dump_stack_lvl+0x73/0xb0
[   23.632475]  print_report+0xd1/0x650
[   23.632506]  ? __virt_addr_valid+0x1db/0x2d0
[   23.632530]  ? workqueue_uaf+0x4d6/0x560
[   23.632551]  ? kasan_complete_mode_report_info+0x64/0x200
[   23.632576]  ? workqueue_uaf+0x4d6/0x560
[   23.632597]  kasan_report+0x141/0x180
[   23.632618]  ? workqueue_uaf+0x4d6/0x560
[   23.632643]  __asan_report_load8_noabort+0x18/0x20
[   23.632667]  workqueue_uaf+0x4d6/0x560
[   23.632746]  ? __pfx_workqueue_uaf+0x10/0x10
[   23.632768]  ? __schedule+0x10cc/0x2b60
[   23.632789]  ? __pfx_read_tsc+0x10/0x10
[   23.632811]  ? ktime_get_ts64+0x86/0x230
[   23.632836]  kunit_try_run_case+0x1a5/0x480
[   23.632861]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.632884]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.632905]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.632927]  ? __kthread_parkme+0x82/0x180
[   23.632947]  ? preempt_count_sub+0x50/0x80
[   23.632970]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.632994]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.633017]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.633041]  kthread+0x337/0x6f0
[   23.633060]  ? trace_preempt_on+0x20/0xc0
[   23.633085]  ? __pfx_kthread+0x10/0x10
[   23.633105]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.633128]  ? calculate_sigpending+0x7b/0xa0
[   23.633152]  ? __pfx_kthread+0x10/0x10
[   23.633173]  ret_from_fork+0x116/0x1d0
[   23.633191]  ? __pfx_kthread+0x10/0x10
[   23.633211]  ret_from_fork_asm+0x1a/0x30
[   23.633242]  </TASK>
[   23.633255] 
[   23.644195] Allocated by task 248:
[   23.644368]  kasan_save_stack+0x45/0x70
[   23.644939]  kasan_save_track+0x18/0x40
[   23.645111]  kasan_save_alloc_info+0x3b/0x50
[   23.645324]  __kasan_kmalloc+0xb7/0xc0
[   23.646058]  __kmalloc_cache_noprof+0x189/0x420
[   23.646277]  workqueue_uaf+0x152/0x560
[   23.646601]  kunit_try_run_case+0x1a5/0x480
[   23.647067]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.647334]  kthread+0x337/0x6f0
[   23.647773]  ret_from_fork+0x116/0x1d0
[   23.647948]  ret_from_fork_asm+0x1a/0x30
[   23.648099] 
[   23.648394] Freed by task 24:
[   23.648607]  kasan_save_stack+0x45/0x70
[   23.649028]  kasan_save_track+0x18/0x40
[   23.649274]  kasan_save_free_info+0x3f/0x60
[   23.649453]  __kasan_slab_free+0x56/0x70
[   23.650110]  kfree+0x222/0x3f0
[   23.650270]  workqueue_uaf_work+0x12/0x20
[   23.650466]  process_one_work+0x5ee/0xf60
[   23.650941]  worker_thread+0x758/0x1220
[   23.651149]  kthread+0x337/0x6f0
[   23.651326]  ret_from_fork+0x116/0x1d0
[   23.651479]  ret_from_fork_asm+0x1a/0x30
[   23.651771] 
[   23.652220] Last potentially related work creation:
[   23.652411]  kasan_save_stack+0x45/0x70
[   23.652840]  kasan_record_aux_stack+0xb2/0xc0
[   23.653152]  __queue_work+0x61a/0xe70
[   23.653436]  queue_work_on+0xb6/0xc0
[   23.653681]  workqueue_uaf+0x26d/0x560
[   23.654128]  kunit_try_run_case+0x1a5/0x480
[   23.654427]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.654839]  kthread+0x337/0x6f0
[   23.655178]  ret_from_fork+0x116/0x1d0
[   23.655386]  ret_from_fork_asm+0x1a/0x30
[   23.655827] 
[   23.655908] The buggy address belongs to the object at ffff888106098980
[   23.655908]  which belongs to the cache kmalloc-32 of size 32
[   23.656632] The buggy address is located 0 bytes inside of
[   23.656632]  freed 32-byte region [ffff888106098980, ffff8881060989a0)
[   23.657276] 
[   23.657368] The buggy address belongs to the physical page:
[   23.657631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098
[   23.658167] flags: 0x200000000000000(node=0|zone=2)
[   23.658422] page_type: f5(slab)
[   23.658825] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   23.659150] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   23.659547] page dumped because: kasan: bad access detected
[   23.659967] 
[   23.660067] Memory state around the buggy address:
[   23.660266]  ffff888106098880: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   23.660587]  ffff888106098900: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   23.661238] >ffff888106098980: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   23.661564]                    ^
[   23.661934]  ffff888106098a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.662301]  ffff888106098a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.662598] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjbo5vUf6Wgav2dNg23QBILve

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjbo5vUf6Wgav2dNg23QBILve

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/bzImage
sha256sum	4acfb3ef7d1c5960d9bb8d8c6946992d600ffa1a2e100775f86dbb73a7e052b1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/modules.tar.xz
sha256sum	9d3b3583400db11d5b102f8eb0fbef431a8d5f7a81319fa4c86c7d93acce21b0

durations

tests

boot	0
kunit	219.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.919607] ==================================================================
[   23.920168] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560
[   23.920500] Read of size 8 at addr ffff888106057e40 by task kunit_try_catch/249
[   23.920825] 
[   23.920937] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   23.920990] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.921004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.921025] Call Trace:
[   23.921040]  <TASK>
[   23.921091]  dump_stack_lvl+0x73/0xb0
[   23.921124]  print_report+0xd1/0x650
[   23.921148]  ? __virt_addr_valid+0x1db/0x2d0
[   23.921172]  ? workqueue_uaf+0x4d6/0x560
[   23.921194]  ? kasan_complete_mode_report_info+0x64/0x200
[   23.921220]  ? workqueue_uaf+0x4d6/0x560
[   23.921241]  kasan_report+0x141/0x180
[   23.921263]  ? workqueue_uaf+0x4d6/0x560
[   23.921288]  __asan_report_load8_noabort+0x18/0x20
[   23.921312]  workqueue_uaf+0x4d6/0x560
[   23.921334]  ? __pfx_workqueue_uaf+0x10/0x10
[   23.921356]  ? __schedule+0x10cc/0x2b60
[   23.921379]  ? __pfx_read_tsc+0x10/0x10
[   23.921402]  ? ktime_get_ts64+0x86/0x230
[   23.921428]  kunit_try_run_case+0x1a5/0x480
[   23.921455]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.921479]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.921501]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.921523]  ? __kthread_parkme+0x82/0x180
[   23.921544]  ? preempt_count_sub+0x50/0x80
[   23.921568]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.921593]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.921617]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.921641]  kthread+0x337/0x6f0
[   23.921661]  ? trace_preempt_on+0x20/0xc0
[   23.921686]  ? __pfx_kthread+0x10/0x10
[   23.921706]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.921731]  ? calculate_sigpending+0x7b/0xa0
[   23.921756]  ? __pfx_kthread+0x10/0x10
[   23.921778]  ret_from_fork+0x116/0x1d0
[   23.921797]  ? __pfx_kthread+0x10/0x10
[   23.921818]  ret_from_fork_asm+0x1a/0x30
[   23.921864]  </TASK>
[   23.921877] 
[   23.930391] Allocated by task 249:
[   23.930578]  kasan_save_stack+0x45/0x70
[   23.930779]  kasan_save_track+0x18/0x40
[   23.930987]  kasan_save_alloc_info+0x3b/0x50
[   23.931258]  __kasan_kmalloc+0xb7/0xc0
[   23.931455]  __kmalloc_cache_noprof+0x189/0x420
[   23.931607]  workqueue_uaf+0x152/0x560
[   23.931733]  kunit_try_run_case+0x1a5/0x480
[   23.931963]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.932281]  kthread+0x337/0x6f0
[   23.932450]  ret_from_fork+0x116/0x1d0
[   23.932616]  ret_from_fork_asm+0x1a/0x30
[   23.932772] 
[   23.932837] Freed by task 44:
[   23.932973]  kasan_save_stack+0x45/0x70
[   23.933400]  kasan_save_track+0x18/0x40
[   23.933612]  kasan_save_free_info+0x3f/0x60
[   23.933830]  __kasan_slab_free+0x56/0x70
[   23.934029]  kfree+0x222/0x3f0
[   23.934219]  workqueue_uaf_work+0x12/0x20
[   23.934395]  process_one_work+0x5ee/0xf60
[   23.934596]  worker_thread+0x758/0x1220
[   23.934755]  kthread+0x337/0x6f0
[   23.934907]  ret_from_fork+0x116/0x1d0
[   23.935250]  ret_from_fork_asm+0x1a/0x30
[   23.935439] 
[   23.935525] Last potentially related work creation:
[   23.935712]  kasan_save_stack+0x45/0x70
[   23.935889]  kasan_record_aux_stack+0xb2/0xc0
[   23.936104]  __queue_work+0x61a/0xe70
[   23.936310]  queue_work_on+0xb6/0xc0
[   23.936446]  workqueue_uaf+0x26d/0x560
[   23.936615]  kunit_try_run_case+0x1a5/0x480
[   23.936830]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.937115]  kthread+0x337/0x6f0
[   23.937516]  ret_from_fork+0x116/0x1d0
[   23.937722]  ret_from_fork_asm+0x1a/0x30
[   23.937879] 
[   23.937948] The buggy address belongs to the object at ffff888106057e40
[   23.937948]  which belongs to the cache kmalloc-32 of size 32
[   23.938606] The buggy address is located 0 bytes inside of
[   23.938606]  freed 32-byte region [ffff888106057e40, ffff888106057e60)
[   23.939100] 
[   23.939235] The buggy address belongs to the physical page:
[   23.939476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106057
[   23.939829] flags: 0x200000000000000(node=0|zone=2)
[   23.940096] page_type: f5(slab)
[   23.940322] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   23.940634] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   23.940910] page dumped because: kasan: bad access detected
[   23.941164] 
[   23.941256] Memory state around the buggy address:
[   23.941490]  ffff888106057d00: 00 00 05 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   23.941771]  ffff888106057d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   23.942048] >ffff888106057e00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   23.942352]                                            ^
[   23.942577]  ffff888106057e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.942857]  ffff888106057f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.943463] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgWLiLp1SzPvoGOQl1Sc7c2xD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgWLiLp1SzPvoGOQl1Sc7c2xD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/bzImage
sha256sum	c63ce0944f5600b46c12779e7ee07bd3abac22ab6ab0025102b975f86834f461

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/modules.tar.xz
sha256sum	6bde680c4711a679bf6c233af89c66b0048bd800f61fd1fce42662ca56dcc624

durations

tests

boot	0
kunit	249.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit