lkft/sashal-linus-next - v6.13-rc7-43871-g530dddedcd5a - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16

Date

July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.951137] ==================================================================
[   16.951242] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438
[   16.951563] Read of size 16 at addr fff00000c5acc0e0 by task kunit_try_catch/168
[   16.951859] 
[   16.952075] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.952349] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.952542] Hardware name: linux,dummy-virt (DT)
[   16.952679] Call trace:
[   16.952779]  show_stack+0x20/0x38 (C)
[   16.952860]  dump_stack_lvl+0x8c/0xd0
[   16.952962]  print_report+0x118/0x5d0
[   16.953157]  kasan_report+0xdc/0x128
[   16.953255]  __asan_report_load16_noabort+0x20/0x30
[   16.953325]  kmalloc_uaf_16+0x3bc/0x438
[   16.953710]  kunit_try_run_case+0x170/0x3f0
[   16.953890]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.953970]  kthread+0x328/0x630
[   16.954016]  ret_from_fork+0x10/0x20
[   16.954067] 
[   16.954086] Allocated by task 168:
[   16.954121]  kasan_save_stack+0x3c/0x68
[   16.954192]  kasan_save_track+0x20/0x40
[   16.954246]  kasan_save_alloc_info+0x40/0x58
[   16.954286]  __kasan_kmalloc+0xd4/0xd8
[   16.954331]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.954369]  kmalloc_uaf_16+0x140/0x438
[   16.954413]  kunit_try_run_case+0x170/0x3f0
[   16.954450]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.954504]  kthread+0x328/0x630
[   16.954534]  ret_from_fork+0x10/0x20
[   16.954568] 
[   16.954586] Freed by task 168:
[   16.954623]  kasan_save_stack+0x3c/0x68
[   16.954659]  kasan_save_track+0x20/0x40
[   16.954703]  kasan_save_free_info+0x4c/0x78
[   16.954741]  __kasan_slab_free+0x6c/0x98
[   16.954776]  kfree+0x214/0x3c8
[   16.954817]  kmalloc_uaf_16+0x190/0x438
[   16.954877]  kunit_try_run_case+0x170/0x3f0
[   16.954920]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.954993]  kthread+0x328/0x630
[   16.955033]  ret_from_fork+0x10/0x20
[   16.955068] 
[   16.955096] The buggy address belongs to the object at fff00000c5acc0e0
[   16.955096]  which belongs to the cache kmalloc-16 of size 16
[   16.955161] The buggy address is located 0 bytes inside of
[   16.955161]  freed 16-byte region [fff00000c5acc0e0, fff00000c5acc0f0)
[   16.955229] 
[   16.955251] The buggy address belongs to the physical page:
[   16.955283] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105acc
[   16.955616] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.956046] page_type: f5(slab)
[   16.956272] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.956332] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.956373] page dumped because: kasan: bad access detected
[   16.956405] 
[   16.956423] Memory state around the buggy address:
[   16.956457]  fff00000c5acbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.956719]  fff00000c5acc000: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   16.957060] >fff00000c5acc080: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   16.957128]                                                        ^
[   16.957248]  fff00000c5acc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.957374]  fff00000c5acc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.957432] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EF25Pp9Vi9nJKRzPLQTha4DW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EF25Pp9Vi9nJKRzPLQTha4DW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/Image.gz
sha256sum	0cd43a55510452afcc094a9b71b52e570abcb0018a9c4b3e8c55713d88f43dcd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/modules.tar.xz
sha256sum	1123cbd40eab351130997a1b3dcec1375004e5d45c47d69105fc241be8d9036c

durations

tests

boot	0
kunit	182.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   16.622263] ==================================================================
[   16.622337] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438
[   16.622389] Read of size 16 at addr fff00000c5a02c00 by task kunit_try_catch/168
[   16.622646] 
[   16.622733] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.622866] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.622921] Hardware name: linux,dummy-virt (DT)
[   16.622959] Call trace:
[   16.622983]  show_stack+0x20/0x38 (C)
[   16.623335]  dump_stack_lvl+0x8c/0xd0
[   16.623391]  print_report+0x118/0x5d0
[   16.623502]  kasan_report+0xdc/0x128
[   16.623596]  __asan_report_load16_noabort+0x20/0x30
[   16.623650]  kmalloc_uaf_16+0x3bc/0x438
[   16.623695]  kunit_try_run_case+0x170/0x3f0
[   16.623741]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.623837]  kthread+0x328/0x630
[   16.623877]  ret_from_fork+0x10/0x20
[   16.624178] 
[   16.624213] Allocated by task 168:
[   16.624252]  kasan_save_stack+0x3c/0x68
[   16.624296]  kasan_save_track+0x20/0x40
[   16.624354]  kasan_save_alloc_info+0x40/0x58
[   16.624403]  __kasan_kmalloc+0xd4/0xd8
[   16.624439]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.624555]  kmalloc_uaf_16+0x140/0x438
[   16.624663]  kunit_try_run_case+0x170/0x3f0
[   16.624804]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.625110]  kthread+0x328/0x630
[   16.625222]  ret_from_fork+0x10/0x20
[   16.625393] 
[   16.625594] Freed by task 168:
[   16.625684]  kasan_save_stack+0x3c/0x68
[   16.625799]  kasan_save_track+0x20/0x40
[   16.625881]  kasan_save_free_info+0x4c/0x78
[   16.626058]  __kasan_slab_free+0x6c/0x98
[   16.626140]  kfree+0x214/0x3c8
[   16.626295]  kmalloc_uaf_16+0x190/0x438
[   16.626342]  kunit_try_run_case+0x170/0x3f0
[   16.626543]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.626720]  kthread+0x328/0x630
[   16.626776]  ret_from_fork+0x10/0x20
[   16.626840] 
[   16.626979] The buggy address belongs to the object at fff00000c5a02c00
[   16.626979]  which belongs to the cache kmalloc-16 of size 16
[   16.627158] The buggy address is located 0 bytes inside of
[   16.627158]  freed 16-byte region [fff00000c5a02c00, fff00000c5a02c10)
[   16.627277] 
[   16.627333] The buggy address belongs to the physical page:
[   16.627654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a02
[   16.627743] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.627894] page_type: f5(slab)
[   16.627964] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.628077] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.628182] page dumped because: kasan: bad access detected
[   16.628268] 
[   16.628626] Memory state around the buggy address:
[   16.628701]  fff00000c5a02b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   16.628850]  fff00000c5a02b80: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[   16.628939] >fff00000c5a02c00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.629067]                    ^
[   16.629115]  fff00000c5a02c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.629261]  fff00000c5a02d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.629449] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MxbItH1xNBq5DVzgi5f9Vk9B

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MxbItH1xNBq5DVzgi5f9Vk9B

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/Image.gz
sha256sum	1d26a50b80602cf96dca0b9e5d4833d551bb9799e3e8f672f61c3fedb7c3633a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/modules.tar.xz
sha256sum	8d3b93659e4b7dd2c56e9a38da739978022e2707277d72909e50cc2549d4beb2

durations

tests

boot	0
kunit	169.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   16.633303] ==================================================================
[   16.633379] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438
[   16.633566] Read of size 16 at addr fff00000c5755e60 by task kunit_try_catch/168
[   16.633735] 
[   16.633782] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.634113] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.634223] Hardware name: linux,dummy-virt (DT)
[   16.634261] Call trace:
[   16.634471]  show_stack+0x20/0x38 (C)
[   16.634654]  dump_stack_lvl+0x8c/0xd0
[   16.634726]  print_report+0x118/0x5d0
[   16.634773]  kasan_report+0xdc/0x128
[   16.634819]  __asan_report_load16_noabort+0x20/0x30
[   16.635673]  kmalloc_uaf_16+0x3bc/0x438
[   16.635958]  kunit_try_run_case+0x170/0x3f0
[   16.636281]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.636707]  kthread+0x328/0x630
[   16.636846]  ret_from_fork+0x10/0x20
[   16.636896] 
[   16.636915] Allocated by task 168:
[   16.637246]  kasan_save_stack+0x3c/0x68
[   16.637419]  kasan_save_track+0x20/0x40
[   16.637705]  kasan_save_alloc_info+0x40/0x58
[   16.637859]  __kasan_kmalloc+0xd4/0xd8
[   16.638239]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.638459]  kmalloc_uaf_16+0x140/0x438
[   16.638500]  kunit_try_run_case+0x170/0x3f0
[   16.638538]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.638579]  kthread+0x328/0x630
[   16.638610]  ret_from_fork+0x10/0x20
[   16.638667] 
[   16.638695] Freed by task 168:
[   16.638733]  kasan_save_stack+0x3c/0x68
[   16.638772]  kasan_save_track+0x20/0x40
[   16.638816]  kasan_save_free_info+0x4c/0x78
[   16.639081]  __kasan_slab_free+0x6c/0x98
[   16.639160]  kfree+0x214/0x3c8
[   16.639203]  kmalloc_uaf_16+0x190/0x438
[   16.639237]  kunit_try_run_case+0x170/0x3f0
[   16.639605]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.639889]  kthread+0x328/0x630
[   16.639951]  ret_from_fork+0x10/0x20
[   16.640056] 
[   16.640156] The buggy address belongs to the object at fff00000c5755e60
[   16.640156]  which belongs to the cache kmalloc-16 of size 16
[   16.640575] The buggy address is located 0 bytes inside of
[   16.640575]  freed 16-byte region [fff00000c5755e60, fff00000c5755e70)
[   16.640781] 
[   16.640871] The buggy address belongs to the physical page:
[   16.641055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105755
[   16.641194] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.641493] page_type: f5(slab)
[   16.641841] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.642017] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.642059] page dumped because: kasan: bad access detected
[   16.642331] 
[   16.642469] Memory state around the buggy address:
[   16.643032]  fff00000c5755d00: fa fb fc fc 00 02 fc fc fa fb fc fc fa fb fc fc
[   16.643185]  fff00000c5755d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   16.643309] >fff00000c5755e00: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   16.643409]                                                        ^
[   16.643486]  fff00000c5755e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.643529]  fff00000c5755f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.643578] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T1aQDgvcqrgu9gN0OeLGQz0C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T1aQDgvcqrgu9gN0OeLGQz0C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Syw9B0zr00cacsipIIbuVtmO/Image.gz
sha256sum	5b11eefa6d464ac909c4aaf2b2e503862ad9b898749580b0c74823fda864756c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Syw9B0zr00cacsipIIbuVtmO/modules.tar.xz
sha256sum	5f304fbdafbe519859f7c742752446676e8da2e281160c33189afc6b1f45e458

durations

tests

boot	0
kunit	175.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.276387] ==================================================================
[   12.277137] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0
[   12.277444] Read of size 16 at addr ffff8881028371c0 by task kunit_try_catch/185
[   12.277846] 
[   12.277980] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.278036] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.278047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.278069] Call Trace:
[   12.278081]  <TASK>
[   12.278098]  dump_stack_lvl+0x73/0xb0
[   12.278130]  print_report+0xd1/0x610
[   12.278151]  ? __virt_addr_valid+0x1db/0x2d0
[   12.278174]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.278193]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.278216]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.278237]  kasan_report+0x141/0x180
[   12.278258]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.278283]  __asan_report_load16_noabort+0x18/0x20
[   12.278308]  kmalloc_uaf_16+0x47b/0x4c0
[   12.278328]  ? __pfx_kmalloc_uaf_16+0x10/0x10
[   12.278351]  ? __schedule+0x10cc/0x2b60
[   12.278373]  ? __pfx_read_tsc+0x10/0x10
[   12.278393]  ? ktime_get_ts64+0x86/0x230
[   12.278417]  kunit_try_run_case+0x1a5/0x480
[   12.278442]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.278464]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.278488]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.278512]  ? __kthread_parkme+0x82/0x180
[   12.278532]  ? preempt_count_sub+0x50/0x80
[   12.278556]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.278580]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.278603]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.278626]  kthread+0x337/0x6f0
[   12.278645]  ? trace_preempt_on+0x20/0xc0
[   12.278669]  ? __pfx_kthread+0x10/0x10
[   12.278700]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.278721]  ? calculate_sigpending+0x7b/0xa0
[   12.278744]  ? __pfx_kthread+0x10/0x10
[   12.278770]  ret_from_fork+0x116/0x1d0
[   12.278787]  ? __pfx_kthread+0x10/0x10
[   12.278807]  ret_from_fork_asm+0x1a/0x30
[   12.278839]  </TASK>
[   12.278849] 
[   12.285937] Allocated by task 185:
[   12.286073]  kasan_save_stack+0x45/0x70
[   12.286283]  kasan_save_track+0x18/0x40
[   12.286490]  kasan_save_alloc_info+0x3b/0x50
[   12.286749]  __kasan_kmalloc+0xb7/0xc0
[   12.286951]  __kmalloc_cache_noprof+0x189/0x420
[   12.287232]  kmalloc_uaf_16+0x15b/0x4c0
[   12.287445]  kunit_try_run_case+0x1a5/0x480
[   12.287803]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.288118]  kthread+0x337/0x6f0
[   12.288267]  ret_from_fork+0x116/0x1d0
[   12.288434]  ret_from_fork_asm+0x1a/0x30
[   12.288746] 
[   12.288852] Freed by task 185:
[   12.289003]  kasan_save_stack+0x45/0x70
[   12.289192]  kasan_save_track+0x18/0x40
[   12.289329]  kasan_save_free_info+0x3f/0x60
[   12.289512]  __kasan_slab_free+0x56/0x70
[   12.289772]  kfree+0x222/0x3f0
[   12.289951]  kmalloc_uaf_16+0x1d6/0x4c0
[   12.290154]  kunit_try_run_case+0x1a5/0x480
[   12.290350]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.290615]  kthread+0x337/0x6f0
[   12.290743]  ret_from_fork+0x116/0x1d0
[   12.290913]  ret_from_fork_asm+0x1a/0x30
[   12.291104] 
[   12.291175] The buggy address belongs to the object at ffff8881028371c0
[   12.291175]  which belongs to the cache kmalloc-16 of size 16
[   12.291780] The buggy address is located 0 bytes inside of
[   12.291780]  freed 16-byte region [ffff8881028371c0, ffff8881028371d0)
[   12.292145] 
[   12.292218] The buggy address belongs to the physical page:
[   12.292397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102837
[   12.292642] flags: 0x200000000000000(node=0|zone=2)
[   12.292815] page_type: f5(slab)
[   12.292994] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.293418] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.294081] page dumped because: kasan: bad access detected
[   12.294335] 
[   12.294425] Memory state around the buggy address:
[   12.294653]  ffff888102837080: 00 04 fc fc 00 04 fc fc 00 05 fc fc 00 05 fc fc
[   12.294983]  ffff888102837100: 00 05 fc fc 00 02 fc fc fa fb fc fc 00 05 fc fc
[   12.295207] >ffff888102837180: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc
[   12.295420]                                            ^
[   12.295587]  ffff888102837200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.295864]  ffff888102837280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.296348] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T2OzuK6lIw4rRFlSAhCs7bnu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T2OzuK6lIw4rRFlSAhCs7bnu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/bzImage
sha256sum	42041c61d6e46ef309c371e5fe2f53a0c6849e7beec0f7e1f396b9c65c0adbb2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/modules.tar.xz
sha256sum	02cd970151971431ac5e5e4fcd602180a5476f25314259d1f76384cd0f280f1b

durations

tests

boot	0
kunit	226.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.026845] ==================================================================
[   12.027292] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0
[   12.027640] Read of size 16 at addr ffff888101cb3cc0 by task kunit_try_catch/186
[   12.027943] 
[   12.028300] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.028346] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.028357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.028377] Call Trace:
[   12.028387]  <TASK>
[   12.028401]  dump_stack_lvl+0x73/0xb0
[   12.028430]  print_report+0xd1/0x610
[   12.028466]  ? __virt_addr_valid+0x1db/0x2d0
[   12.028511]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.028532]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.028563]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.028584]  kasan_report+0x141/0x180
[   12.028606]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.028632]  __asan_report_load16_noabort+0x18/0x20
[   12.028656]  kmalloc_uaf_16+0x47b/0x4c0
[   12.028677]  ? __pfx_kmalloc_uaf_16+0x10/0x10
[   12.028772]  ? __schedule+0x207f/0x2b60
[   12.028794]  ? __pfx_read_tsc+0x10/0x10
[   12.028815]  ? ktime_get_ts64+0x86/0x230
[   12.028839]  kunit_try_run_case+0x1a5/0x480
[   12.028862]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.028884]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.028907]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.028930]  ? __kthread_parkme+0x82/0x180
[   12.028949]  ? preempt_count_sub+0x50/0x80
[   12.028993]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.029016]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.029040]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.029063]  kthread+0x337/0x6f0
[   12.029081]  ? trace_preempt_on+0x20/0xc0
[   12.029104]  ? __pfx_kthread+0x10/0x10
[   12.029124]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.029150]  ? calculate_sigpending+0x7b/0xa0
[   12.029189]  ? __pfx_kthread+0x10/0x10
[   12.029211]  ret_from_fork+0x116/0x1d0
[   12.029229]  ? __pfx_kthread+0x10/0x10
[   12.029249]  ret_from_fork_asm+0x1a/0x30
[   12.029281]  </TASK>
[   12.029292] 
[   12.036952] Allocated by task 186:
[   12.037119]  kasan_save_stack+0x45/0x70
[   12.037324]  kasan_save_track+0x18/0x40
[   12.037596]  kasan_save_alloc_info+0x3b/0x50
[   12.037772]  __kasan_kmalloc+0xb7/0xc0
[   12.037900]  __kmalloc_cache_noprof+0x189/0x420
[   12.038053]  kmalloc_uaf_16+0x15b/0x4c0
[   12.038204]  kunit_try_run_case+0x1a5/0x480
[   12.038400]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.038973]  kthread+0x337/0x6f0
[   12.039118]  ret_from_fork+0x116/0x1d0
[   12.039248]  ret_from_fork_asm+0x1a/0x30
[   12.039383] 
[   12.039462] Freed by task 186:
[   12.039570]  kasan_save_stack+0x45/0x70
[   12.039907]  kasan_save_track+0x18/0x40
[   12.040106]  kasan_save_free_info+0x3f/0x60
[   12.040667]  __kasan_slab_free+0x56/0x70
[   12.040910]  kfree+0x222/0x3f0
[   12.041077]  kmalloc_uaf_16+0x1d6/0x4c0
[   12.041279]  kunit_try_run_case+0x1a5/0x480
[   12.041604]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.041912]  kthread+0x337/0x6f0
[   12.042101]  ret_from_fork+0x116/0x1d0
[   12.042293]  ret_from_fork_asm+0x1a/0x30
[   12.042495] 
[   12.042587] The buggy address belongs to the object at ffff888101cb3cc0
[   12.042587]  which belongs to the cache kmalloc-16 of size 16
[   12.043314] The buggy address is located 0 bytes inside of
[   12.043314]  freed 16-byte region [ffff888101cb3cc0, ffff888101cb3cd0)
[   12.043661] 
[   12.043732] The buggy address belongs to the physical page:
[   12.043898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101cb3
[   12.044522] flags: 0x200000000000000(node=0|zone=2)
[   12.044766] page_type: f5(slab)
[   12.044952] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.045338] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.045680] page dumped because: kasan: bad access detected
[   12.045931] 
[   12.046038] Memory state around the buggy address:
[   12.046454]  ffff888101cb3b80: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc
[   12.047076]  ffff888101cb3c00: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc
[   12.047637] >ffff888101cb3c80: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc
[   12.047842]                                            ^
[   12.048076]  ffff888101cb3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.048430]  ffff888101cb3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.048824] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EFrR321z66uMtHD4l4dQQryi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EFrR321z66uMtHD4l4dQQryi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/bzImage
sha256sum	c220f70d9515ab3041e245bb6755df814c152e1bb2b5c646740fe1b3afdde8b5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/modules.tar.xz
sha256sum	ab8bf28231ab6c259d2b1478935ea551409070bcef8061d01f520819ad2ce3b6

durations

tests

boot	0
kunit	217.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.182819] ==================================================================
[   12.183740] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0
[   12.184678] Read of size 16 at addr ffff888102712140 by task kunit_try_catch/185
[   12.185210] 
[   12.185339] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.185392] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.185403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.185426] Call Trace:
[   12.185440]  <TASK>
[   12.185459]  dump_stack_lvl+0x73/0xb0
[   12.185494]  print_report+0xd1/0x610
[   12.185518]  ? __virt_addr_valid+0x1db/0x2d0
[   12.185542]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.185562]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.185584]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.185604]  kasan_report+0x141/0x180
[   12.185625]  ? kmalloc_uaf_16+0x47b/0x4c0
[   12.185649]  __asan_report_load16_noabort+0x18/0x20
[   12.185674]  kmalloc_uaf_16+0x47b/0x4c0
[   12.185694]  ? __pfx_kmalloc_uaf_16+0x10/0x10
[   12.185715]  ? __schedule+0x10cc/0x2b60
[   12.185738]  ? __pfx_read_tsc+0x10/0x10
[   12.185759]  ? ktime_get_ts64+0x86/0x230
[   12.185786]  kunit_try_run_case+0x1a5/0x480
[   12.185813]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.185835]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.185860]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.185884]  ? __kthread_parkme+0x82/0x180
[   12.185909]  ? preempt_count_sub+0x50/0x80
[   12.185934]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.185960]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.185984]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.186017]  kthread+0x337/0x6f0
[   12.186036]  ? trace_preempt_on+0x20/0xc0
[   12.186060]  ? __pfx_kthread+0x10/0x10
[   12.186079]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.186100]  ? calculate_sigpending+0x7b/0xa0
[   12.186125]  ? __pfx_kthread+0x10/0x10
[   12.186146]  ret_from_fork+0x116/0x1d0
[   12.186164]  ? __pfx_kthread+0x10/0x10
[   12.186184]  ret_from_fork_asm+0x1a/0x30
[   12.186215]  </TASK>
[   12.186225] 
[   12.195808] Allocated by task 185:
[   12.196170]  kasan_save_stack+0x45/0x70
[   12.196360]  kasan_save_track+0x18/0x40
[   12.196988]  kasan_save_alloc_info+0x3b/0x50
[   12.197288]  __kasan_kmalloc+0xb7/0xc0
[   12.197512]  __kmalloc_cache_noprof+0x189/0x420
[   12.197725]  kmalloc_uaf_16+0x15b/0x4c0
[   12.197905]  kunit_try_run_case+0x1a5/0x480
[   12.198386]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.198769]  kthread+0x337/0x6f0
[   12.198936]  ret_from_fork+0x116/0x1d0
[   12.199587]  ret_from_fork_asm+0x1a/0x30
[   12.199838] 
[   12.200358] Freed by task 185:
[   12.200675]  kasan_save_stack+0x45/0x70
[   12.200882]  kasan_save_track+0x18/0x40
[   12.201377]  kasan_save_free_info+0x3f/0x60
[   12.201859]  __kasan_slab_free+0x56/0x70
[   12.202131]  kfree+0x222/0x3f0
[   12.202289]  kmalloc_uaf_16+0x1d6/0x4c0
[   12.202504]  kunit_try_run_case+0x1a5/0x480
[   12.202695]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.202919]  kthread+0x337/0x6f0
[   12.203454]  ret_from_fork+0x116/0x1d0
[   12.203855]  ret_from_fork_asm+0x1a/0x30
[   12.204119] 
[   12.204214] The buggy address belongs to the object at ffff888102712140
[   12.204214]  which belongs to the cache kmalloc-16 of size 16
[   12.205194] The buggy address is located 0 bytes inside of
[   12.205194]  freed 16-byte region [ffff888102712140, ffff888102712150)
[   12.205833] 
[   12.205929] The buggy address belongs to the physical page:
[   12.206507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102712
[   12.206849] flags: 0x200000000000000(node=0|zone=2)
[   12.207314] page_type: f5(slab)
[   12.207727] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.208290] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.208882] page dumped because: kasan: bad access detected
[   12.209443] 
[   12.209538] Memory state around the buggy address:
[   12.209924]  ffff888102712000: 00 06 fc fc 00 06 fc fc 00 00 fc fc 00 04 fc fc
[   12.210933]  ffff888102712080: 00 04 fc fc 00 01 fc fc 00 01 fc fc 00 04 fc fc
[   12.211508] >ffff888102712100: 00 04 fc fc 00 00 fc fc fa fb fc fc fc fc fc fc
[   12.211979]                                            ^
[   12.212481]  ffff888102712180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.212782]  ffff888102712200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.213352] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MyNrXgiUK2WQ9kAj3BzGphCF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MyNrXgiUK2WQ9kAj3BzGphCF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/bzImage
sha256sum	e715e0f52245accf83f401d29cc1c2f3b2a59bbdf3f5ad590c1c6f981a5169eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/modules.tar.xz
sha256sum	a6fb5fb0c5521f1f236c8b67ce1b76fdcd44954d158362bf4d88d0d9d544c595

durations

tests

boot	0
kunit	233.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit