lkft/sashal-linus-next - v6.13-rc7-43871-g530dddedcd5a - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree

Date

July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.202987] ==================================================================
[   17.203202] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308
[   17.203298] Read of size 1 at addr fff00000c5acc120 by task kunit_try_catch/192
[   17.203350] 
[   17.203393] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.203480] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.203524] Hardware name: linux,dummy-virt (DT)
[   17.203557] Call trace:
[   17.203581]  show_stack+0x20/0x38 (C)
[   17.203633]  dump_stack_lvl+0x8c/0xd0
[   17.203685]  print_report+0x118/0x5d0
[   17.203732]  kasan_report+0xdc/0x128
[   17.203779]  __kasan_check_byte+0x54/0x70
[   17.203827]  kfree_sensitive+0x30/0xb0
[   17.204185]  kmalloc_double_kzfree+0x168/0x308
[   17.204415]  kunit_try_run_case+0x170/0x3f0
[   17.204513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.204802]  kthread+0x328/0x630
[   17.204989]  ret_from_fork+0x10/0x20
[   17.205405] 
[   17.205489] Allocated by task 192:
[   17.205589]  kasan_save_stack+0x3c/0x68
[   17.205705]  kasan_save_track+0x20/0x40
[   17.205932]  kasan_save_alloc_info+0x40/0x58
[   17.206371]  __kasan_kmalloc+0xd4/0xd8
[   17.206590]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.206712]  kmalloc_double_kzfree+0xb8/0x308
[   17.206899]  kunit_try_run_case+0x170/0x3f0
[   17.207167]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.207261]  kthread+0x328/0x630
[   17.207565]  ret_from_fork+0x10/0x20
[   17.207706] 
[   17.207763] Freed by task 192:
[   17.207915]  kasan_save_stack+0x3c/0x68
[   17.207960]  kasan_save_track+0x20/0x40
[   17.208013]  kasan_save_free_info+0x4c/0x78
[   17.208342]  __kasan_slab_free+0x6c/0x98
[   17.208474]  kfree+0x214/0x3c8
[   17.208582]  kfree_sensitive+0x80/0xb0
[   17.208765]  kmalloc_double_kzfree+0x11c/0x308
[   17.208938]  kunit_try_run_case+0x170/0x3f0
[   17.209033]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.209135]  kthread+0x328/0x630
[   17.209534]  ret_from_fork+0x10/0x20
[   17.209618] 
[   17.209717] The buggy address belongs to the object at fff00000c5acc120
[   17.209717]  which belongs to the cache kmalloc-16 of size 16
[   17.209830] The buggy address is located 0 bytes inside of
[   17.209830]  freed 16-byte region [fff00000c5acc120, fff00000c5acc130)
[   17.209979] 
[   17.210003] The buggy address belongs to the physical page:
[   17.210198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105acc
[   17.210532] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.210630] page_type: f5(slab)
[   17.210751] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   17.210916] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   17.210958] page dumped because: kasan: bad access detected
[   17.211252] 
[   17.211363] Memory state around the buggy address:
[   17.211502]  fff00000c5acc000: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   17.211661]  fff00000c5acc080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   17.211732] >fff00000c5acc100: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   17.211949]                                ^
[   17.212196]  fff00000c5acc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.212508]  fff00000c5acc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.212608] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EF25Pp9Vi9nJKRzPLQTha4DW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EF25Pp9Vi9nJKRzPLQTha4DW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/Image.gz
sha256sum	0cd43a55510452afcc094a9b71b52e570abcb0018a9c4b3e8c55713d88f43dcd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/modules.tar.xz
sha256sum	1123cbd40eab351130997a1b3dcec1375004e5d45c47d69105fc241be8d9036c

durations

tests

boot	0
kunit	182.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   16.825065] ==================================================================
[   16.825125] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308
[   16.825178] Read of size 1 at addr fff00000c5a02c40 by task kunit_try_catch/192
[   16.825228] 
[   16.825262] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.825364] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.825392] Hardware name: linux,dummy-virt (DT)
[   16.825424] Call trace:
[   16.825449]  show_stack+0x20/0x38 (C)
[   16.825498]  dump_stack_lvl+0x8c/0xd0
[   16.825546]  print_report+0x118/0x5d0
[   16.825593]  kasan_report+0xdc/0x128
[   16.825636]  __kasan_check_byte+0x54/0x70
[   16.825682]  kfree_sensitive+0x30/0xb0
[   16.825729]  kmalloc_double_kzfree+0x168/0x308
[   16.825774]  kunit_try_run_case+0x170/0x3f0
[   16.825822]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.825875]  kthread+0x328/0x630
[   16.825916]  ret_from_fork+0x10/0x20
[   16.825963] 
[   16.825982] Allocated by task 192:
[   16.826010]  kasan_save_stack+0x3c/0x68
[   16.826049]  kasan_save_track+0x20/0x40
[   16.826087]  kasan_save_alloc_info+0x40/0x58
[   16.826128]  __kasan_kmalloc+0xd4/0xd8
[   16.826165]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.826205]  kmalloc_double_kzfree+0xb8/0x308
[   16.826243]  kunit_try_run_case+0x170/0x3f0
[   16.826280]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.826456]  kthread+0x328/0x630
[   16.826502]  ret_from_fork+0x10/0x20
[   16.826548] 
[   16.826997] Freed by task 192:
[   16.827067]  kasan_save_stack+0x3c/0x68
[   16.827241]  kasan_save_track+0x20/0x40
[   16.827395]  kasan_save_free_info+0x4c/0x78
[   16.827520]  __kasan_slab_free+0x6c/0x98
[   16.827699]  kfree+0x214/0x3c8
[   16.827784]  kfree_sensitive+0x80/0xb0
[   16.827825]  kmalloc_double_kzfree+0x11c/0x308
[   16.828093]  kunit_try_run_case+0x170/0x3f0
[   16.828272]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.828923]  kthread+0x328/0x630
[   16.828961]  ret_from_fork+0x10/0x20
[   16.829005] 
[   16.829027] The buggy address belongs to the object at fff00000c5a02c40
[   16.829027]  which belongs to the cache kmalloc-16 of size 16
[   16.829334] The buggy address is located 0 bytes inside of
[   16.829334]  freed 16-byte region [fff00000c5a02c40, fff00000c5a02c50)
[   16.829517] 
[   16.829578] The buggy address belongs to the physical page:
[   16.829670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a02
[   16.829748] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.829909] page_type: f5(slab)
[   16.829992] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.830121] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.830163] page dumped because: kasan: bad access detected
[   16.830231] 
[   16.830421] Memory state around the buggy address:
[   16.830559]  fff00000c5a02b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   16.830699]  fff00000c5a02b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   16.830775] >fff00000c5a02c00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc
[   16.830869]                                            ^
[   16.830946]  fff00000c5a02c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.831014]  fff00000c5a02d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.831127] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MxbItH1xNBq5DVzgi5f9Vk9B

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MxbItH1xNBq5DVzgi5f9Vk9B

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/Image.gz
sha256sum	1d26a50b80602cf96dca0b9e5d4833d551bb9799e3e8f672f61c3fedb7c3633a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/modules.tar.xz
sha256sum	8d3b93659e4b7dd2c56e9a38da739978022e2707277d72909e50cc2549d4beb2

durations

tests

boot	0
kunit	169.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   16.827737] ==================================================================
[   16.827804] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308
[   16.827862] Read of size 1 at addr fff00000c5755ea0 by task kunit_try_catch/192
[   16.827938] 
[   16.828153] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.828255] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.828282] Hardware name: linux,dummy-virt (DT)
[   16.828380] Call trace:
[   16.828407]  show_stack+0x20/0x38 (C)
[   16.828460]  dump_stack_lvl+0x8c/0xd0
[   16.828510]  print_report+0x118/0x5d0
[   16.828554]  kasan_report+0xdc/0x128
[   16.828599]  __kasan_check_byte+0x54/0x70
[   16.828646]  kfree_sensitive+0x30/0xb0
[   16.828706]  kmalloc_double_kzfree+0x168/0x308
[   16.828998]  kunit_try_run_case+0x170/0x3f0
[   16.829140]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.829196]  kthread+0x328/0x630
[   16.829265]  ret_from_fork+0x10/0x20
[   16.829426] 
[   16.829531] Allocated by task 192:
[   16.829596]  kasan_save_stack+0x3c/0x68
[   16.829642]  kasan_save_track+0x20/0x40
[   16.829688]  kasan_save_alloc_info+0x40/0x58
[   16.829738]  __kasan_kmalloc+0xd4/0xd8
[   16.829775]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.829814]  kmalloc_double_kzfree+0xb8/0x308
[   16.829852]  kunit_try_run_case+0x170/0x3f0
[   16.829890]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.829941]  kthread+0x328/0x630
[   16.829973]  ret_from_fork+0x10/0x20
[   16.830010] 
[   16.830028] Freed by task 192:
[   16.830064]  kasan_save_stack+0x3c/0x68
[   16.830102]  kasan_save_track+0x20/0x40
[   16.830137]  kasan_save_free_info+0x4c/0x78
[   16.830176]  __kasan_slab_free+0x6c/0x98
[   16.830213]  kfree+0x214/0x3c8
[   16.830252]  kfree_sensitive+0x80/0xb0
[   16.830287]  kmalloc_double_kzfree+0x11c/0x308
[   16.830334]  kunit_try_run_case+0x170/0x3f0
[   16.830372]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.830416]  kthread+0x328/0x630
[   16.830455]  ret_from_fork+0x10/0x20
[   16.830491] 
[   16.830510] The buggy address belongs to the object at fff00000c5755ea0
[   16.830510]  which belongs to the cache kmalloc-16 of size 16
[   16.830575] The buggy address is located 0 bytes inside of
[   16.830575]  freed 16-byte region [fff00000c5755ea0, fff00000c5755eb0)
[   16.830635] 
[   16.830655] The buggy address belongs to the physical page:
[   16.830686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105755
[   16.831188] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.831261] page_type: f5(slab)
[   16.831303] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.831352] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.831392] page dumped because: kasan: bad access detected
[   16.831422] 
[   16.831442] Memory state around the buggy address:
[   16.831474]  fff00000c5755d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   16.831516]  fff00000c5755e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   16.831559] >fff00000c5755e80: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   16.831798]                                ^
[   16.831857]  fff00000c5755f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.831971]  fff00000c5755f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.832067] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T1aQDgvcqrgu9gN0OeLGQz0C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T1aQDgvcqrgu9gN0OeLGQz0C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Syw9B0zr00cacsipIIbuVtmO/Image.gz
sha256sum	5b11eefa6d464ac909c4aaf2b2e503862ad9b898749580b0c74823fda864756c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Syw9B0zr00cacsipIIbuVtmO/modules.tar.xz
sha256sum	5f304fbdafbe519859f7c742752446676e8da2e281160c33189afc6b1f45e458

durations

tests

boot	0
kunit	175.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.592997] ==================================================================
[   12.593621] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350
[   12.594091] Read of size 1 at addr ffff888102837200 by task kunit_try_catch/209
[   12.594653] 
[   12.594864] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.594923] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.594935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.594957] Call Trace:
[   12.594979]  <TASK>
[   12.594995]  dump_stack_lvl+0x73/0xb0
[   12.595028]  print_report+0xd1/0x610
[   12.595062]  ? __virt_addr_valid+0x1db/0x2d0
[   12.595086]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.595109]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.595132]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.595155]  kasan_report+0x141/0x180
[   12.595177]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.595204]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.595227]  __kasan_check_byte+0x3d/0x50
[   12.595249]  kfree_sensitive+0x22/0x90
[   12.595281]  kmalloc_double_kzfree+0x19c/0x350
[   12.595305]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   12.595328]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.595364]  ? trace_hardirqs_on+0x37/0xe0
[   12.595387]  ? __pfx_read_tsc+0x10/0x10
[   12.595408]  ? ktime_get_ts64+0x86/0x230
[   12.595432]  kunit_try_run_case+0x1a5/0x480
[   12.595457]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.595490]  ? queued_spin_lock_slowpath+0x116/0xb40
[   12.595516]  ? __kthread_parkme+0x82/0x180
[   12.595598]  ? preempt_count_sub+0x50/0x80
[   12.595624]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.595648]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.595672]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.595695]  kthread+0x337/0x6f0
[   12.595714]  ? trace_preempt_on+0x20/0xc0
[   12.595736]  ? __pfx_kthread+0x10/0x10
[   12.595756]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.595777]  ? calculate_sigpending+0x7b/0xa0
[   12.595801]  ? __pfx_kthread+0x10/0x10
[   12.595822]  ret_from_fork+0x116/0x1d0
[   12.595839]  ? __pfx_kthread+0x10/0x10
[   12.595859]  ret_from_fork_asm+0x1a/0x30
[   12.595902]  </TASK>
[   12.595913] 
[   12.604583] Allocated by task 209:
[   12.604828]  kasan_save_stack+0x45/0x70
[   12.605091]  kasan_save_track+0x18/0x40
[   12.605286]  kasan_save_alloc_info+0x3b/0x50
[   12.605505]  __kasan_kmalloc+0xb7/0xc0
[   12.605637]  __kmalloc_cache_noprof+0x189/0x420
[   12.605796]  kmalloc_double_kzfree+0xa9/0x350
[   12.606218]  kunit_try_run_case+0x1a5/0x480
[   12.606441]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.606728]  kthread+0x337/0x6f0
[   12.606931]  ret_from_fork+0x116/0x1d0
[   12.607138]  ret_from_fork_asm+0x1a/0x30
[   12.607332] 
[   12.607442] Freed by task 209:
[   12.607660]  kasan_save_stack+0x45/0x70
[   12.607858]  kasan_save_track+0x18/0x40
[   12.608146]  kasan_save_free_info+0x3f/0x60
[   12.608331]  __kasan_slab_free+0x56/0x70
[   12.608604]  kfree+0x222/0x3f0
[   12.608744]  kfree_sensitive+0x67/0x90
[   12.608958]  kmalloc_double_kzfree+0x12b/0x350
[   12.609177]  kunit_try_run_case+0x1a5/0x480
[   12.609344]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.609521]  kthread+0x337/0x6f0
[   12.609695]  ret_from_fork+0x116/0x1d0
[   12.610202]  ret_from_fork_asm+0x1a/0x30
[   12.610409] 
[   12.610525] The buggy address belongs to the object at ffff888102837200
[   12.610525]  which belongs to the cache kmalloc-16 of size 16
[   12.610944] The buggy address is located 0 bytes inside of
[   12.610944]  freed 16-byte region [ffff888102837200, ffff888102837210)
[   12.611289] 
[   12.611361] The buggy address belongs to the physical page:
[   12.611587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102837
[   12.612193] flags: 0x200000000000000(node=0|zone=2)
[   12.612445] page_type: f5(slab)
[   12.612706] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.612970] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.613310] page dumped because: kasan: bad access detected
[   12.613613] 
[   12.613832] Memory state around the buggy address:
[   12.614124]  ffff888102837100: 00 05 fc fc 00 02 fc fc fa fb fc fc 00 05 fc fc
[   12.614396]  ffff888102837180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   12.614800] >ffff888102837200: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.615129]                    ^
[   12.615249]  ffff888102837280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.615465]  ffff888102837300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.615847] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T2OzuK6lIw4rRFlSAhCs7bnu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T2OzuK6lIw4rRFlSAhCs7bnu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/bzImage
sha256sum	42041c61d6e46ef309c371e5fe2f53a0c6849e7beec0f7e1f396b9c65c0adbb2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/modules.tar.xz
sha256sum	02cd970151971431ac5e5e4fcd602180a5476f25314259d1f76384cd0f280f1b

durations

tests

boot	0
kunit	226.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.362769] ==================================================================
[   12.363354] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350
[   12.363794] Read of size 1 at addr ffff8881016842e0 by task kunit_try_catch/210
[   12.364100] 
[   12.364217] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.364262] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.364273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.364294] Call Trace:
[   12.364305]  <TASK>
[   12.364320]  dump_stack_lvl+0x73/0xb0
[   12.364351]  print_report+0xd1/0x610
[   12.364374]  ? __virt_addr_valid+0x1db/0x2d0
[   12.364398]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.364893]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.364917]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.364941]  kasan_report+0x141/0x180
[   12.364963]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.364990]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.365013]  __kasan_check_byte+0x3d/0x50
[   12.365232]  kfree_sensitive+0x22/0x90
[   12.365258]  kmalloc_double_kzfree+0x19c/0x350
[   12.365282]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   12.365304]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.365329]  ? trace_hardirqs_on+0x37/0xe0
[   12.365352]  ? __pfx_read_tsc+0x10/0x10
[   12.365373]  ? ktime_get_ts64+0x86/0x230
[   12.365450]  kunit_try_run_case+0x1a5/0x480
[   12.365479]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.365503]  ? queued_spin_lock_slowpath+0x116/0xb40
[   12.365528]  ? __kthread_parkme+0x82/0x180
[   12.365549]  ? preempt_count_sub+0x50/0x80
[   12.365573]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.365596]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.365619]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.365643]  kthread+0x337/0x6f0
[   12.365661]  ? trace_preempt_on+0x20/0xc0
[   12.365683]  ? __pfx_kthread+0x10/0x10
[   12.365703]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.365723]  ? calculate_sigpending+0x7b/0xa0
[   12.365747]  ? __pfx_kthread+0x10/0x10
[   12.365768]  ret_from_fork+0x116/0x1d0
[   12.365786]  ? __pfx_kthread+0x10/0x10
[   12.365806]  ret_from_fork_asm+0x1a/0x30
[   12.365838]  </TASK>
[   12.365849] 
[   12.375960] Allocated by task 210:
[   12.376260]  kasan_save_stack+0x45/0x70
[   12.376660]  kasan_save_track+0x18/0x40
[   12.376853]  kasan_save_alloc_info+0x3b/0x50
[   12.377182]  __kasan_kmalloc+0xb7/0xc0
[   12.377415]  __kmalloc_cache_noprof+0x189/0x420
[   12.377815]  kmalloc_double_kzfree+0xa9/0x350
[   12.378012]  kunit_try_run_case+0x1a5/0x480
[   12.378203]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.378424]  kthread+0x337/0x6f0
[   12.379019]  ret_from_fork+0x116/0x1d0
[   12.379170]  ret_from_fork_asm+0x1a/0x30
[   12.379483] 
[   12.379580] Freed by task 210:
[   12.379726]  kasan_save_stack+0x45/0x70
[   12.379915]  kasan_save_track+0x18/0x40
[   12.380091]  kasan_save_free_info+0x3f/0x60
[   12.380279]  __kasan_slab_free+0x56/0x70
[   12.380483]  kfree+0x222/0x3f0
[   12.381046]  kfree_sensitive+0x67/0x90
[   12.381214]  kmalloc_double_kzfree+0x12b/0x350
[   12.381561]  kunit_try_run_case+0x1a5/0x480
[   12.381939]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.382260]  kthread+0x337/0x6f0
[   12.382389]  ret_from_fork+0x116/0x1d0
[   12.382672]  ret_from_fork_asm+0x1a/0x30
[   12.383137] 
[   12.383225] The buggy address belongs to the object at ffff8881016842e0
[   12.383225]  which belongs to the cache kmalloc-16 of size 16
[   12.383891] The buggy address is located 0 bytes inside of
[   12.383891]  freed 16-byte region [ffff8881016842e0, ffff8881016842f0)
[   12.384359] 
[   12.384471] The buggy address belongs to the physical page:
[   12.385166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101684
[   12.385615] flags: 0x200000000000000(node=0|zone=2)
[   12.385808] page_type: f5(slab)
[   12.386122] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.386527] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.386926] page dumped because: kasan: bad access detected
[   12.387284] 
[   12.387384] Memory state around the buggy address:
[   12.387935]  ffff888101684180: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[   12.388265]  ffff888101684200: 00 02 fc fc 00 02 fc fc 00 06 fc fc 00 06 fc fc
[   12.388734] >ffff888101684280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   12.389055]                                                        ^
[   12.389334]  ffff888101684300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.390081]  ffff888101684380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.390430] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EFrR321z66uMtHD4l4dQQryi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EFrR321z66uMtHD4l4dQQryi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/bzImage
sha256sum	c220f70d9515ab3041e245bb6755df814c152e1bb2b5c646740fe1b3afdde8b5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/modules.tar.xz
sha256sum	ab8bf28231ab6c259d2b1478935ea551409070bcef8061d01f520819ad2ce3b6

durations

tests

boot	0
kunit	217.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.530935] ==================================================================
[   12.531689] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350
[   12.532028] Read of size 1 at addr ffff888101be2ea0 by task kunit_try_catch/209
[   12.532344] 
[   12.532440] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.532490] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.532501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.532523] Call Trace:
[   12.532536]  <TASK>
[   12.532555]  dump_stack_lvl+0x73/0xb0
[   12.532587]  print_report+0xd1/0x610
[   12.532610]  ? __virt_addr_valid+0x1db/0x2d0
[   12.532634]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.532657]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.532680]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.532703]  kasan_report+0x141/0x180
[   12.532724]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.532750]  ? kmalloc_double_kzfree+0x19c/0x350
[   12.532773]  __kasan_check_byte+0x3d/0x50
[   12.532794]  kfree_sensitive+0x22/0x90
[   12.532818]  kmalloc_double_kzfree+0x19c/0x350
[   12.532842]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   12.532873]  ? __schedule+0x10cc/0x2b60
[   12.532897]  ? __pfx_read_tsc+0x10/0x10
[   12.532918]  ? ktime_get_ts64+0x86/0x230
[   12.532944]  kunit_try_run_case+0x1a5/0x480
[   12.532971]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.532993]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.533027]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.533050]  ? __kthread_parkme+0x82/0x180
[   12.533072]  ? preempt_count_sub+0x50/0x80
[   12.533097]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.533120]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.533144]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.533168]  kthread+0x337/0x6f0
[   12.533187]  ? trace_preempt_on+0x20/0xc0
[   12.533211]  ? __pfx_kthread+0x10/0x10
[   12.533231]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.533253]  ? calculate_sigpending+0x7b/0xa0
[   12.533278]  ? __pfx_kthread+0x10/0x10
[   12.533302]  ret_from_fork+0x116/0x1d0
[   12.533320]  ? __pfx_kthread+0x10/0x10
[   12.533340]  ret_from_fork_asm+0x1a/0x30
[   12.533372]  </TASK>
[   12.533382] 
[   12.541201] Allocated by task 209:
[   12.541392]  kasan_save_stack+0x45/0x70
[   12.541601]  kasan_save_track+0x18/0x40
[   12.541790]  kasan_save_alloc_info+0x3b/0x50
[   12.541999]  __kasan_kmalloc+0xb7/0xc0
[   12.542191]  __kmalloc_cache_noprof+0x189/0x420
[   12.542420]  kmalloc_double_kzfree+0xa9/0x350
[   12.542849]  kunit_try_run_case+0x1a5/0x480
[   12.543133]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.543314]  kthread+0x337/0x6f0
[   12.543435]  ret_from_fork+0x116/0x1d0
[   12.543569]  ret_from_fork_asm+0x1a/0x30
[   12.543823] 
[   12.543922] Freed by task 209:
[   12.544090]  kasan_save_stack+0x45/0x70
[   12.544286]  kasan_save_track+0x18/0x40
[   12.544477]  kasan_save_free_info+0x3f/0x60
[   12.544722]  __kasan_slab_free+0x56/0x70
[   12.544868]  kfree+0x222/0x3f0
[   12.544987]  kfree_sensitive+0x67/0x90
[   12.545224]  kmalloc_double_kzfree+0x12b/0x350
[   12.545467]  kunit_try_run_case+0x1a5/0x480
[   12.545674]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.545926]  kthread+0x337/0x6f0
[   12.546356]  ret_from_fork+0x116/0x1d0
[   12.546543]  ret_from_fork_asm+0x1a/0x30
[   12.546689] 
[   12.546762] The buggy address belongs to the object at ffff888101be2ea0
[   12.546762]  which belongs to the cache kmalloc-16 of size 16
[   12.547246] The buggy address is located 0 bytes inside of
[   12.547246]  freed 16-byte region [ffff888101be2ea0, ffff888101be2eb0)
[   12.547824] 
[   12.547951] The buggy address belongs to the physical page:
[   12.548222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101be2
[   12.548470] flags: 0x200000000000000(node=0|zone=2)
[   12.548692] page_type: f5(slab)
[   12.548878] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.549232] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.549634] page dumped because: kasan: bad access detected
[   12.550322] 
[   12.550407] Memory state around the buggy address:
[   12.550635]  ffff888101be2d80: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc
[   12.550878]  ffff888101be2e00: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc
[   12.551109] >ffff888101be2e80: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   12.551427]                                ^
[   12.551635]  ffff888101be2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.551959]  ffff888101be2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.552325] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MyNrXgiUK2WQ9kAj3BzGphCF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MyNrXgiUK2WQ9kAj3BzGphCF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/bzImage
sha256sum	e715e0f52245accf83f401d29cc1c2f3b2a59bbdf3f5ad590c1c6f981a5169eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/modules.tar.xz
sha256sum	a6fb5fb0c5521f1f236c8b67ce1b76fdcd44954d158362bf4d88d0d9d544c595

durations

tests

boot	0
kunit	233.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit