lkft/sashal-linus-next - v6.13-rc7-43871-g530dddedcd5a - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset

Date

July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.150837] ==================================================================
[   17.151906] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310
[   17.152097] Write of size 33 at addr fff00000c7894e80 by task kunit_try_catch/186
[   17.152219] 
[   17.152362] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.152474] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.152502] Hardware name: linux,dummy-virt (DT)
[   17.152535] Call trace:
[   17.152558]  show_stack+0x20/0x38 (C)
[   17.152878]  dump_stack_lvl+0x8c/0xd0
[   17.152993]  print_report+0x118/0x5d0
[   17.153151]  kasan_report+0xdc/0x128
[   17.153260]  kasan_check_range+0x100/0x1a8
[   17.153432]  __asan_memset+0x34/0x78
[   17.153634]  kmalloc_uaf_memset+0x170/0x310
[   17.153706]  kunit_try_run_case+0x170/0x3f0
[   17.154019]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.154192]  kthread+0x328/0x630
[   17.154371]  ret_from_fork+0x10/0x20
[   17.154530] 
[   17.154673] Allocated by task 186:
[   17.154709]  kasan_save_stack+0x3c/0x68
[   17.155018]  kasan_save_track+0x20/0x40
[   17.155189]  kasan_save_alloc_info+0x40/0x58
[   17.155277]  __kasan_kmalloc+0xd4/0xd8
[   17.155442]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.155528]  kmalloc_uaf_memset+0xb8/0x310
[   17.155703]  kunit_try_run_case+0x170/0x3f0
[   17.155741]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.155785]  kthread+0x328/0x630
[   17.156230]  ret_from_fork+0x10/0x20
[   17.156319] 
[   17.156367] Freed by task 186:
[   17.156688]  kasan_save_stack+0x3c/0x68
[   17.156746]  kasan_save_track+0x20/0x40
[   17.157147]  kasan_save_free_info+0x4c/0x78
[   17.157456]  __kasan_slab_free+0x6c/0x98
[   17.157639]  kfree+0x214/0x3c8
[   17.157899]  kmalloc_uaf_memset+0x11c/0x310
[   17.158011]  kunit_try_run_case+0x170/0x3f0
[   17.158519]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.158658]  kthread+0x328/0x630
[   17.158730]  ret_from_fork+0x10/0x20
[   17.158918] 
[   17.159007] The buggy address belongs to the object at fff00000c7894e80
[   17.159007]  which belongs to the cache kmalloc-64 of size 64
[   17.159107] The buggy address is located 0 bytes inside of
[   17.159107]  freed 64-byte region [fff00000c7894e80, fff00000c7894ec0)
[   17.159487] 
[   17.159613] The buggy address belongs to the physical page:
[   17.159753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   17.159896] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.160010] page_type: f5(slab)
[   17.160098] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   17.160150] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   17.160192] page dumped because: kasan: bad access detected
[   17.160382] 
[   17.160660] Memory state around the buggy address:
[   17.160706]  fff00000c7894d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   17.160914]  fff00000c7894e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   17.161013] >fff00000c7894e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   17.161263]                    ^
[   17.161387]  fff00000c7894f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.161519]  fff00000c7894f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.161609] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EF25Pp9Vi9nJKRzPLQTha4DW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EF25Pp9Vi9nJKRzPLQTha4DW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/Image.gz
sha256sum	0cd43a55510452afcc094a9b71b52e570abcb0018a9c4b3e8c55713d88f43dcd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/modules.tar.xz
sha256sum	1123cbd40eab351130997a1b3dcec1375004e5d45c47d69105fc241be8d9036c

durations

tests

boot	0
kunit	182.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   16.783606] ==================================================================
[   16.783699] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310
[   16.783862] Write of size 33 at addr fff00000c7951480 by task kunit_try_catch/186
[   16.783917] 
[   16.783978] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.784411] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.784447] Hardware name: linux,dummy-virt (DT)
[   16.784557] Call trace:
[   16.784615]  show_stack+0x20/0x38 (C)
[   16.784694]  dump_stack_lvl+0x8c/0xd0
[   16.784909]  print_report+0x118/0x5d0
[   16.785134]  kasan_report+0xdc/0x128
[   16.785248]  kasan_check_range+0x100/0x1a8
[   16.785376]  __asan_memset+0x34/0x78
[   16.785425]  kmalloc_uaf_memset+0x170/0x310
[   16.785675]  kunit_try_run_case+0x170/0x3f0
[   16.785853]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.785938]  kthread+0x328/0x630
[   16.786081]  ret_from_fork+0x10/0x20
[   16.786192] 
[   16.786298] Allocated by task 186:
[   16.786398]  kasan_save_stack+0x3c/0x68
[   16.786825]  kasan_save_track+0x20/0x40
[   16.786914]  kasan_save_alloc_info+0x40/0x58
[   16.787077]  __kasan_kmalloc+0xd4/0xd8
[   16.787174]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.787335]  kmalloc_uaf_memset+0xb8/0x310
[   16.787549]  kunit_try_run_case+0x170/0x3f0
[   16.787748]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.787828]  kthread+0x328/0x630
[   16.787940]  ret_from_fork+0x10/0x20
[   16.788063] 
[   16.788143] Freed by task 186:
[   16.788344]  kasan_save_stack+0x3c/0x68
[   16.788503]  kasan_save_track+0x20/0x40
[   16.788583]  kasan_save_free_info+0x4c/0x78
[   16.788975]  __kasan_slab_free+0x6c/0x98
[   16.789067]  kfree+0x214/0x3c8
[   16.789158]  kmalloc_uaf_memset+0x11c/0x310
[   16.789301]  kunit_try_run_case+0x170/0x3f0
[   16.789476]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.789524]  kthread+0x328/0x630
[   16.789872]  ret_from_fork+0x10/0x20
[   16.790053] 
[   16.790123] The buggy address belongs to the object at fff00000c7951480
[   16.790123]  which belongs to the cache kmalloc-64 of size 64
[   16.790295] The buggy address is located 0 bytes inside of
[   16.790295]  freed 64-byte region [fff00000c7951480, fff00000c79514c0)
[   16.790504] 
[   16.790565] The buggy address belongs to the physical page:
[   16.790621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107951
[   16.790851] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.790947] page_type: f5(slab)
[   16.791080] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   16.791189] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   16.791242] page dumped because: kasan: bad access detected
[   16.791274] 
[   16.791313] Memory state around the buggy address:
[   16.791364]  fff00000c7951380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   16.791408]  fff00000c7951400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   16.791457] >fff00000c7951480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   16.791511]                    ^
[   16.791551]  fff00000c7951500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.791613]  fff00000c7951580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.791651] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MxbItH1xNBq5DVzgi5f9Vk9B

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MxbItH1xNBq5DVzgi5f9Vk9B

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/Image.gz
sha256sum	1d26a50b80602cf96dca0b9e5d4833d551bb9799e3e8f672f61c3fedb7c3633a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/modules.tar.xz
sha256sum	8d3b93659e4b7dd2c56e9a38da739978022e2707277d72909e50cc2549d4beb2

durations

tests

boot	0
kunit	169.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   16.798972] ==================================================================
[   16.799191] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310
[   16.799337] Write of size 33 at addr fff00000c7752080 by task kunit_try_catch/186
[   16.799428] 
[   16.799465] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.799566] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.799593] Hardware name: linux,dummy-virt (DT)
[   16.799626] Call trace:
[   16.799648]  show_stack+0x20/0x38 (C)
[   16.799698]  dump_stack_lvl+0x8c/0xd0
[   16.799901]  print_report+0x118/0x5d0
[   16.799952]  kasan_report+0xdc/0x128
[   16.800000]  kasan_check_range+0x100/0x1a8
[   16.800050]  __asan_memset+0x34/0x78
[   16.800091]  kmalloc_uaf_memset+0x170/0x310
[   16.800329]  kunit_try_run_case+0x170/0x3f0
[   16.800415]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.800500]  kthread+0x328/0x630
[   16.800600]  ret_from_fork+0x10/0x20
[   16.800679] 
[   16.800786] Allocated by task 186:
[   16.800901]  kasan_save_stack+0x3c/0x68
[   16.800999]  kasan_save_track+0x20/0x40
[   16.801094]  kasan_save_alloc_info+0x40/0x58
[   16.801212]  __kasan_kmalloc+0xd4/0xd8
[   16.801267]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.801311]  kmalloc_uaf_memset+0xb8/0x310
[   16.801624]  kunit_try_run_case+0x170/0x3f0
[   16.801689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.801745]  kthread+0x328/0x630
[   16.801793]  ret_from_fork+0x10/0x20
[   16.801827] 
[   16.801851] Freed by task 186:
[   16.801890]  kasan_save_stack+0x3c/0x68
[   16.801937]  kasan_save_track+0x20/0x40
[   16.801984]  kasan_save_free_info+0x4c/0x78
[   16.802023]  __kasan_slab_free+0x6c/0x98
[   16.802058]  kfree+0x214/0x3c8
[   16.802092]  kmalloc_uaf_memset+0x11c/0x310
[   16.802126]  kunit_try_run_case+0x170/0x3f0
[   16.802163]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.802206]  kthread+0x328/0x630
[   16.802236]  ret_from_fork+0x10/0x20
[   16.802287] 
[   16.802305] The buggy address belongs to the object at fff00000c7752080
[   16.802305]  which belongs to the cache kmalloc-64 of size 64
[   16.802362] The buggy address is located 0 bytes inside of
[   16.802362]  freed 64-byte region [fff00000c7752080, fff00000c77520c0)
[   16.802421] 
[   16.802441] The buggy address belongs to the physical page:
[   16.802473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107752
[   16.802525] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.802574] page_type: f5(slab)
[   16.802624] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   16.802693] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   16.802747] page dumped because: kasan: bad access detected
[   16.802779] 
[   16.802797] Memory state around the buggy address:
[   16.802828]  fff00000c7751f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.802871]  fff00000c7752000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   16.802914] >fff00000c7752080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   16.802952]                    ^
[   16.802980]  fff00000c7752100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.803220]  fff00000c7752180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.803358] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T1aQDgvcqrgu9gN0OeLGQz0C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T1aQDgvcqrgu9gN0OeLGQz0C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Syw9B0zr00cacsipIIbuVtmO/Image.gz
sha256sum	5b11eefa6d464ac909c4aaf2b2e503862ad9b898749580b0c74823fda864756c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Syw9B0zr00cacsipIIbuVtmO/modules.tar.xz
sha256sum	5f304fbdafbe519859f7c742752446676e8da2e281160c33189afc6b1f45e458

durations

tests

boot	0
kunit	175.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.525273] ==================================================================
[   12.525761] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360
[   12.526092] Write of size 33 at addr ffff888102e2d900 by task kunit_try_catch/203
[   12.526382] 
[   12.526490] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.526534] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.526545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.526567] Call Trace:
[   12.526578]  <TASK>
[   12.526596]  dump_stack_lvl+0x73/0xb0
[   12.526624]  print_report+0xd1/0x610
[   12.526646]  ? __virt_addr_valid+0x1db/0x2d0
[   12.526669]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.526689]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.526710]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.526730]  kasan_report+0x141/0x180
[   12.526751]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.526782]  kasan_check_range+0x10c/0x1c0
[   12.526805]  __asan_memset+0x27/0x50
[   12.526823]  kmalloc_uaf_memset+0x1a3/0x360
[   12.526842]  ? __pfx_kmalloc_uaf_memset+0x10/0x10
[   12.526863]  ? __schedule+0x10cc/0x2b60
[   12.526884]  ? __pfx_read_tsc+0x10/0x10
[   12.526945]  ? ktime_get_ts64+0x86/0x230
[   12.526987]  kunit_try_run_case+0x1a5/0x480
[   12.527012]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.527033]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.527058]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.527081]  ? __kthread_parkme+0x82/0x180
[   12.527101]  ? preempt_count_sub+0x50/0x80
[   12.527125]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.527148]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.527171]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.527194]  kthread+0x337/0x6f0
[   12.527213]  ? trace_preempt_on+0x20/0xc0
[   12.527236]  ? __pfx_kthread+0x10/0x10
[   12.527256]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.527276]  ? calculate_sigpending+0x7b/0xa0
[   12.527325]  ? __pfx_kthread+0x10/0x10
[   12.527345]  ret_from_fork+0x116/0x1d0
[   12.527363]  ? __pfx_kthread+0x10/0x10
[   12.527382]  ret_from_fork_asm+0x1a/0x30
[   12.527414]  </TASK>
[   12.527425] 
[   12.535349] Allocated by task 203:
[   12.535608]  kasan_save_stack+0x45/0x70
[   12.535844]  kasan_save_track+0x18/0x40
[   12.536048]  kasan_save_alloc_info+0x3b/0x50
[   12.536251]  __kasan_kmalloc+0xb7/0xc0
[   12.536422]  __kmalloc_cache_noprof+0x189/0x420
[   12.536703]  kmalloc_uaf_memset+0xa9/0x360
[   12.536948]  kunit_try_run_case+0x1a5/0x480
[   12.537172]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.537391]  kthread+0x337/0x6f0
[   12.537656]  ret_from_fork+0x116/0x1d0
[   12.537841]  ret_from_fork_asm+0x1a/0x30
[   12.538113] 
[   12.538229] Freed by task 203:
[   12.538414]  kasan_save_stack+0x45/0x70
[   12.538686]  kasan_save_track+0x18/0x40
[   12.538887]  kasan_save_free_info+0x3f/0x60
[   12.539130]  __kasan_slab_free+0x56/0x70
[   12.539324]  kfree+0x222/0x3f0
[   12.539486]  kmalloc_uaf_memset+0x12b/0x360
[   12.539700]  kunit_try_run_case+0x1a5/0x480
[   12.539916]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.540220]  kthread+0x337/0x6f0
[   12.540360]  ret_from_fork+0x116/0x1d0
[   12.540663]  ret_from_fork_asm+0x1a/0x30
[   12.540885] 
[   12.540994] The buggy address belongs to the object at ffff888102e2d900
[   12.540994]  which belongs to the cache kmalloc-64 of size 64
[   12.541500] The buggy address is located 0 bytes inside of
[   12.541500]  freed 64-byte region [ffff888102e2d900, ffff888102e2d940)
[   12.542111] 
[   12.542228] The buggy address belongs to the physical page:
[   12.542482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102e2d
[   12.542910] flags: 0x200000000000000(node=0|zone=2)
[   12.543187] page_type: f5(slab)
[   12.543342] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   12.543789] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   12.544192] page dumped because: kasan: bad access detected
[   12.544449] 
[   12.544611] Memory state around the buggy address:
[   12.544840]  ffff888102e2d800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.545163]  ffff888102e2d880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.545478] >ffff888102e2d900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.545784]                    ^
[   12.545954]  ffff888102e2d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.546167]  ffff888102e2da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.546377] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T2OzuK6lIw4rRFlSAhCs7bnu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T2OzuK6lIw4rRFlSAhCs7bnu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/bzImage
sha256sum	42041c61d6e46ef309c371e5fe2f53a0c6849e7beec0f7e1f396b9c65c0adbb2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/modules.tar.xz
sha256sum	02cd970151971431ac5e5e4fcd602180a5476f25314259d1f76384cd0f280f1b

durations

tests

boot	0
kunit	226.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.289339] ==================================================================
[   12.289967] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360
[   12.290210] Write of size 33 at addr ffff8881026e1080 by task kunit_try_catch/204
[   12.290458] 
[   12.290552] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.290597] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.290608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.290629] Call Trace:
[   12.290641]  <TASK>
[   12.290658]  dump_stack_lvl+0x73/0xb0
[   12.290688]  print_report+0xd1/0x610
[   12.290710]  ? __virt_addr_valid+0x1db/0x2d0
[   12.290733]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.290754]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.290777]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.290798]  kasan_report+0x141/0x180
[   12.290819]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.290846]  kasan_check_range+0x10c/0x1c0
[   12.290869]  __asan_memset+0x27/0x50
[   12.290888]  kmalloc_uaf_memset+0x1a3/0x360
[   12.290909]  ? __pfx_kmalloc_uaf_memset+0x10/0x10
[   12.290931]  ? __schedule+0x10cc/0x2b60
[   12.290953]  ? __pfx_read_tsc+0x10/0x10
[   12.290973]  ? ktime_get_ts64+0x86/0x230
[   12.290999]  kunit_try_run_case+0x1a5/0x480
[   12.291023]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.291045]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.291068]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.291091]  ? __kthread_parkme+0x82/0x180
[   12.291110]  ? preempt_count_sub+0x50/0x80
[   12.291134]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.291158]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.291181]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.291204]  kthread+0x337/0x6f0
[   12.291222]  ? trace_preempt_on+0x20/0xc0
[   12.291245]  ? __pfx_kthread+0x10/0x10
[   12.291265]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.291285]  ? calculate_sigpending+0x7b/0xa0
[   12.291309]  ? __pfx_kthread+0x10/0x10
[   12.291330]  ret_from_fork+0x116/0x1d0
[   12.291348]  ? __pfx_kthread+0x10/0x10
[   12.291367]  ret_from_fork_asm+0x1a/0x30
[   12.291399]  </TASK>
[   12.291409] 
[   12.309934] Allocated by task 204:
[   12.310148]  kasan_save_stack+0x45/0x70
[   12.310669]  kasan_save_track+0x18/0x40
[   12.310998]  kasan_save_alloc_info+0x3b/0x50
[   12.311147]  __kasan_kmalloc+0xb7/0xc0
[   12.311276]  __kmalloc_cache_noprof+0x189/0x420
[   12.311496]  kmalloc_uaf_memset+0xa9/0x360
[   12.311951]  kunit_try_run_case+0x1a5/0x480
[   12.312354]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.312989]  kthread+0x337/0x6f0
[   12.313342]  ret_from_fork+0x116/0x1d0
[   12.313794]  ret_from_fork_asm+0x1a/0x30
[   12.314188] 
[   12.314388] Freed by task 204:
[   12.314776]  kasan_save_stack+0x45/0x70
[   12.314918]  kasan_save_track+0x18/0x40
[   12.315049]  kasan_save_free_info+0x3f/0x60
[   12.315190]  __kasan_slab_free+0x56/0x70
[   12.315322]  kfree+0x222/0x3f0
[   12.315477]  kmalloc_uaf_memset+0x12b/0x360
[   12.315619]  kunit_try_run_case+0x1a5/0x480
[   12.315897]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.316384]  kthread+0x337/0x6f0
[   12.316837]  ret_from_fork+0x116/0x1d0
[   12.317083]  ret_from_fork_asm+0x1a/0x30
[   12.317226] 
[   12.317297] The buggy address belongs to the object at ffff8881026e1080
[   12.317297]  which belongs to the cache kmalloc-64 of size 64
[   12.318373] The buggy address is located 0 bytes inside of
[   12.318373]  freed 64-byte region [ffff8881026e1080, ffff8881026e10c0)
[   12.319711] 
[   12.319912] The buggy address belongs to the physical page:
[   12.320193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026e1
[   12.320450] flags: 0x200000000000000(node=0|zone=2)
[   12.320870] page_type: f5(slab)
[   12.321211] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   12.322022] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   12.322796] page dumped because: kasan: bad access detected
[   12.322969] 
[   12.323038] Memory state around the buggy address:
[   12.323189]  ffff8881026e0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.323395]  ffff8881026e1000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.323618] >ffff8881026e1080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.324001]                    ^
[   12.324149]  ffff8881026e1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.324377]  ffff8881026e1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.324890] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EFrR321z66uMtHD4l4dQQryi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EFrR321z66uMtHD4l4dQQryi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/bzImage
sha256sum	c220f70d9515ab3041e245bb6755df814c152e1bb2b5c646740fe1b3afdde8b5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/modules.tar.xz
sha256sum	ab8bf28231ab6c259d2b1478935ea551409070bcef8061d01f520819ad2ce3b6

durations

tests

boot	0
kunit	217.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.469364] ==================================================================
[   12.470547] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360
[   12.471236] Write of size 33 at addr ffff888103412500 by task kunit_try_catch/203
[   12.472300] 
[   12.472546] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.472606] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.472618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.472640] Call Trace:
[   12.472653]  <TASK>
[   12.472672]  dump_stack_lvl+0x73/0xb0
[   12.472705]  print_report+0xd1/0x610
[   12.472728]  ? __virt_addr_valid+0x1db/0x2d0
[   12.472752]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.472772]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.472796]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.472817]  kasan_report+0x141/0x180
[   12.472838]  ? kmalloc_uaf_memset+0x1a3/0x360
[   12.472869]  kasan_check_range+0x10c/0x1c0
[   12.472892]  __asan_memset+0x27/0x50
[   12.472911]  kmalloc_uaf_memset+0x1a3/0x360
[   12.472932]  ? __pfx_kmalloc_uaf_memset+0x10/0x10
[   12.472955]  ? __pfx_kmalloc_uaf_memset+0x10/0x10
[   12.472980]  kunit_try_run_case+0x1a5/0x480
[   12.473006]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.473203]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.473231]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.473254]  ? __kthread_parkme+0x82/0x180
[   12.473275]  ? preempt_count_sub+0x50/0x80
[   12.473300]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.473324]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.473347]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.473371]  kthread+0x337/0x6f0
[   12.473390]  ? trace_preempt_on+0x20/0xc0
[   12.473413]  ? __pfx_kthread+0x10/0x10
[   12.473444]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.473465]  ? calculate_sigpending+0x7b/0xa0
[   12.473489]  ? __pfx_kthread+0x10/0x10
[   12.473509]  ret_from_fork+0x116/0x1d0
[   12.473528]  ? __pfx_kthread+0x10/0x10
[   12.473548]  ret_from_fork_asm+0x1a/0x30
[   12.473579]  </TASK>
[   12.473590] 
[   12.483829] Allocated by task 203:
[   12.484152]  kasan_save_stack+0x45/0x70
[   12.484333]  kasan_save_track+0x18/0x40
[   12.484613]  kasan_save_alloc_info+0x3b/0x50
[   12.484815]  __kasan_kmalloc+0xb7/0xc0
[   12.484987]  __kmalloc_cache_noprof+0x189/0x420
[   12.485403]  kmalloc_uaf_memset+0xa9/0x360
[   12.485627]  kunit_try_run_case+0x1a5/0x480
[   12.485837]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.486165]  kthread+0x337/0x6f0
[   12.486571]  ret_from_fork+0x116/0x1d0
[   12.486754]  ret_from_fork_asm+0x1a/0x30
[   12.486944] 
[   12.487051] Freed by task 203:
[   12.487490]  kasan_save_stack+0x45/0x70
[   12.487671]  kasan_save_track+0x18/0x40
[   12.487984]  kasan_save_free_info+0x3f/0x60
[   12.488238]  __kasan_slab_free+0x56/0x70
[   12.488424]  kfree+0x222/0x3f0
[   12.488754]  kmalloc_uaf_memset+0x12b/0x360
[   12.488965]  kunit_try_run_case+0x1a5/0x480
[   12.489300]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.489550]  kthread+0x337/0x6f0
[   12.489893]  ret_from_fork+0x116/0x1d0
[   12.490403]  ret_from_fork_asm+0x1a/0x30
[   12.490600] 
[   12.490687] The buggy address belongs to the object at ffff888103412500
[   12.490687]  which belongs to the cache kmalloc-64 of size 64
[   12.491386] The buggy address is located 0 bytes inside of
[   12.491386]  freed 64-byte region [ffff888103412500, ffff888103412540)
[   12.491888] 
[   12.491984] The buggy address belongs to the physical page:
[   12.492461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103412
[   12.492798] flags: 0x200000000000000(node=0|zone=2)
[   12.493025] page_type: f5(slab)
[   12.493255] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   12.493668] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   12.493970] page dumped because: kasan: bad access detected
[   12.494631] 
[   12.494724] Memory state around the buggy address:
[   12.494892]  ffff888103412400: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   12.495792]  ffff888103412480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.496067] >ffff888103412500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.496383]                    ^
[   12.496842]  ffff888103412580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.497299]  ffff888103412600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.497738] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MyNrXgiUK2WQ9kAj3BzGphCF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MyNrXgiUK2WQ9kAj3BzGphCF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/bzImage
sha256sum	e715e0f52245accf83f401d29cc1c2f3b2a59bbdf3f5ad590c1c6f981a5169eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/modules.tar.xz
sha256sum	a6fb5fb0c5521f1f236c8b67ce1b76fdcd44954d158362bf4d88d0d9d544c595

durations

tests

boot	0
kunit	233.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit