lkft/linux-mainline-master - v6.16-rc5 - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings

Date

July 6, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
x86

[   19.317499] ==================================================================
[   19.317595] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00
[   19.317656] Read of size 1 at addr fff00000c77ad110 by task kunit_try_catch/260
[   19.317727] 
[   19.317759] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.317857] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.317886] Hardware name: linux,dummy-virt (DT)
[   19.317917] Call trace:
[   19.317942]  show_stack+0x20/0x38 (C)
[   19.318004]  dump_stack_lvl+0x8c/0xd0
[   19.318104]  print_report+0x118/0x608
[   19.318315]  kasan_report+0xdc/0x128
[   19.318380]  __asan_report_load1_noabort+0x20/0x30
[   19.318547]  kasan_strings+0x95c/0xb00
[   19.318680]  kunit_try_run_case+0x170/0x3f0
[   19.318731]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.318811]  kthread+0x328/0x630
[   19.318852]  ret_from_fork+0x10/0x20
[   19.318900] 
[   19.318929] Allocated by task 260:
[   19.319143]  kasan_save_stack+0x3c/0x68
[   19.319187]  kasan_save_track+0x20/0x40
[   19.319225]  kasan_save_alloc_info+0x40/0x58
[   19.319290]  __kasan_kmalloc+0xd4/0xd8
[   19.319329]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.319389]  kasan_strings+0xc8/0xb00
[   19.319425]  kunit_try_run_case+0x170/0x3f0
[   19.319465]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.319508]  kthread+0x328/0x630
[   19.319543]  ret_from_fork+0x10/0x20
[   19.319688] 
[   19.319747] Freed by task 260:
[   19.319855]  kasan_save_stack+0x3c/0x68
[   19.319896]  kasan_save_track+0x20/0x40
[   19.319934]  kasan_save_free_info+0x4c/0x78
[   19.319987]  __kasan_slab_free+0x6c/0x98
[   19.320026]  kfree+0x214/0x3c8
[   19.320061]  kasan_strings+0x24c/0xb00
[   19.320110]  kunit_try_run_case+0x170/0x3f0
[   19.320192]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.320257]  kthread+0x328/0x630
[   19.320290]  ret_from_fork+0x10/0x20
[   19.320328] 
[   19.320348] The buggy address belongs to the object at fff00000c77ad100
[   19.320348]  which belongs to the cache kmalloc-32 of size 32
[   19.320503] The buggy address is located 16 bytes inside of
[   19.320503]  freed 32-byte region [fff00000c77ad100, fff00000c77ad120)
[   19.320575] 
[   19.320672] The buggy address belongs to the physical page:
[   19.320766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ad
[   19.320837] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.320956] page_type: f5(slab)
[   19.321011] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   19.321141] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   19.321269] page dumped because: kasan: bad access detected
[   19.321302] 
[   19.321323] Memory state around the buggy address:
[   19.321363]  fff00000c77ad000: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.321556]  fff00000c77ad080: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.321601] >fff00000c77ad100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.321670]                          ^
[   19.321829]  fff00000c77ad180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.322233]  fff00000c77ad200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.322274] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zWOyuIXq8KfPGezZsACY2h9Py5

job_id

TEST:linaro@lkft#2zWP3V1OcVdQ4ohJyYfApbDGj8n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWP3V1OcVdQ4ohJyYfApbDGj8n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOzwXJtcwkvIQ83Ezq39U67AP/Image.gz
sha256sum	0864d91aae8ea4c511d1a9f351fcff12184502f96eb010fa57e7b676cb314913

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOzwXJtcwkvIQ83Ezq39U67AP/modules.tar.xz
sha256sum	0c1b3d0b6ba49ab3b5a9e851cd596f0896ca4322dc635a39b3037c7d3f3b1d7a

durations

tests

boot	0
kunit	176.95

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.972447] ==================================================================
[   18.972503] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00
[   18.972556] Read of size 1 at addr fff00000c76c8890 by task kunit_try_catch/260
[   18.972980] 
[   18.973105] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.973320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.973405] Hardware name: linux,dummy-virt (DT)
[   18.973440] Call trace:
[   18.973471]  show_stack+0x20/0x38 (C)
[   18.973524]  dump_stack_lvl+0x8c/0xd0
[   18.973739]  print_report+0x118/0x608
[   18.973963]  kasan_report+0xdc/0x128
[   18.974122]  __asan_report_load1_noabort+0x20/0x30
[   18.974293]  kasan_strings+0x95c/0xb00
[   18.974442]  kunit_try_run_case+0x170/0x3f0
[   18.974495]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.974550]  kthread+0x328/0x630
[   18.974928]  ret_from_fork+0x10/0x20
[   18.975168] 
[   18.975258] Allocated by task 260:
[   18.975363]  kasan_save_stack+0x3c/0x68
[   18.975462]  kasan_save_track+0x20/0x40
[   18.975515]  kasan_save_alloc_info+0x40/0x58
[   18.975861]  __kasan_kmalloc+0xd4/0xd8
[   18.976003]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.976106]  kasan_strings+0xc8/0xb00
[   18.976264]  kunit_try_run_case+0x170/0x3f0
[   18.976362]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.976473]  kthread+0x328/0x630
[   18.976509]  ret_from_fork+0x10/0x20
[   18.976587] 
[   18.976645] Freed by task 260:
[   18.976982]  kasan_save_stack+0x3c/0x68
[   18.977059]  kasan_save_track+0x20/0x40
[   18.977218]  kasan_save_free_info+0x4c/0x78
[   18.977359]  __kasan_slab_free+0x6c/0x98
[   18.977458]  kfree+0x214/0x3c8
[   18.977500]  kasan_strings+0x24c/0xb00
[   18.977693]  kunit_try_run_case+0x170/0x3f0
[   18.977953]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.978089]  kthread+0x328/0x630
[   18.978169]  ret_from_fork+0x10/0x20
[   18.978226] 
[   18.978254] The buggy address belongs to the object at fff00000c76c8880
[   18.978254]  which belongs to the cache kmalloc-32 of size 32
[   18.978452] The buggy address is located 16 bytes inside of
[   18.978452]  freed 32-byte region [fff00000c76c8880, fff00000c76c88a0)
[   18.978989] 
[   18.979072] The buggy address belongs to the physical page:
[   18.979199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c8
[   18.979518] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.979630] page_type: f5(slab)
[   18.979699] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   18.979751] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   18.979841] page dumped because: kasan: bad access detected
[   18.979884] 
[   18.979903] Memory state around the buggy address:
[   18.979958]  fff00000c76c8780: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.980016]  fff00000c76c8800: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   18.980062] >fff00000c76c8880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.980104]                          ^
[   18.980142]  fff00000c76c8900: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.980187]  fff00000c76c8980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.980235] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zWOMr1is0AX4arj0SYVF5JpOke

job_id

TEST:linaro@lkft#2zWOQt6s929bxgUx38gzHQDeEWi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWOQt6s929bxgUx38gzHQDeEWi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWONz22XAnnmTpBnNGDTTWAndE/Image.gz
sha256sum	e425e97b4796f84f3684f795a517e91f191e432f98db0542561ded32ae0821b4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWONz22XAnnmTpBnNGDTTWAndE/modules.tar.xz
sha256sum	1aed0961c44960a298f006a14ef5e7bc7416a278296f1682363efc7cf573b276

durations

tests

boot	0
kunit	170.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.515337] ==================================================================
[   15.515968] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80
[   15.516218] Read of size 1 at addr ffff888102ab8f90 by task kunit_try_catch/277
[   15.516745] 
[   15.516933] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   15.517010] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.517030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.517065] Call Trace:
[   15.517092]  <TASK>
[   15.517160]  dump_stack_lvl+0x73/0xb0
[   15.517221]  print_report+0xd1/0x650
[   15.517262]  ? __virt_addr_valid+0x1db/0x2d0
[   15.517298]  ? kasan_strings+0xcbc/0xe80
[   15.517333]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.517375]  ? kasan_strings+0xcbc/0xe80
[   15.517642]  kasan_report+0x141/0x180
[   15.517709]  ? kasan_strings+0xcbc/0xe80
[   15.517751]  __asan_report_load1_noabort+0x18/0x20
[   15.517801]  kasan_strings+0xcbc/0xe80
[   15.517848]  ? trace_hardirqs_on+0x37/0xe0
[   15.517894]  ? __pfx_kasan_strings+0x10/0x10
[   15.517934]  ? finish_task_switch.isra.0+0x153/0x700
[   15.517973]  ? __switch_to+0x47/0xf50
[   15.518018]  ? __schedule+0x10cc/0x2b60
[   15.518054]  ? __pfx_read_tsc+0x10/0x10
[   15.518092]  ? ktime_get_ts64+0x86/0x230
[   15.518175]  kunit_try_run_case+0x1a5/0x480
[   15.518203]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.518225]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.518248]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.518269]  ? __kthread_parkme+0x82/0x180
[   15.518289]  ? preempt_count_sub+0x50/0x80
[   15.518310]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.518331]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.518352]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.518373]  kthread+0x337/0x6f0
[   15.518390]  ? trace_preempt_on+0x20/0xc0
[   15.518411]  ? __pfx_kthread+0x10/0x10
[   15.518430]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.518448]  ? calculate_sigpending+0x7b/0xa0
[   15.518470]  ? __pfx_kthread+0x10/0x10
[   15.518490]  ret_from_fork+0x116/0x1d0
[   15.518535]  ? __pfx_kthread+0x10/0x10
[   15.518574]  ret_from_fork_asm+0x1a/0x30
[   15.518635]  </TASK>
[   15.518653] 
[   15.531205] Allocated by task 277:
[   15.531490]  kasan_save_stack+0x45/0x70
[   15.532184]  kasan_save_track+0x18/0x40
[   15.532414]  kasan_save_alloc_info+0x3b/0x50
[   15.532886]  __kasan_kmalloc+0xb7/0xc0
[   15.533230]  __kmalloc_cache_noprof+0x189/0x420
[   15.533445]  kasan_strings+0xc0/0xe80
[   15.533607]  kunit_try_run_case+0x1a5/0x480
[   15.533794]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.534378]  kthread+0x337/0x6f0
[   15.534865]  ret_from_fork+0x116/0x1d0
[   15.535224]  ret_from_fork_asm+0x1a/0x30
[   15.535893] 
[   15.536116] Freed by task 277:
[   15.536369]  kasan_save_stack+0x45/0x70
[   15.536639]  kasan_save_track+0x18/0x40
[   15.536861]  kasan_save_free_info+0x3f/0x60
[   15.537356]  __kasan_slab_free+0x56/0x70
[   15.537557]  kfree+0x222/0x3f0
[   15.537981]  kasan_strings+0x2aa/0xe80
[   15.538261]  kunit_try_run_case+0x1a5/0x480
[   15.538658]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.539032]  kthread+0x337/0x6f0
[   15.539288]  ret_from_fork+0x116/0x1d0
[   15.539527]  ret_from_fork_asm+0x1a/0x30
[   15.540275] 
[   15.540403] The buggy address belongs to the object at ffff888102ab8f80
[   15.540403]  which belongs to the cache kmalloc-32 of size 32
[   15.540787] The buggy address is located 16 bytes inside of
[   15.540787]  freed 32-byte region [ffff888102ab8f80, ffff888102ab8fa0)
[   15.541731] 
[   15.541923] The buggy address belongs to the physical page:
[   15.542291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   15.543127] flags: 0x200000000000000(node=0|zone=2)
[   15.543354] page_type: f5(slab)
[   15.543505] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   15.544468] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   15.545042] page dumped because: kasan: bad access detected
[   15.545241] 
[   15.545331] Memory state around the buggy address:
[   15.545728]  ffff888102ab8e80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   15.546432]  ffff888102ab8f00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   15.547093] >ffff888102ab8f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.548071]                          ^
[   15.548425]  ffff888102ab9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.548860]  ffff888102ab9080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[   15.549090] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zWOyuIXq8KfPGezZsACY2h9Py5

job_id

TEST:linaro@lkft#2zWP4XAoGIP10o2o2eFTwBxXj1O

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWP4XAoGIP10o2o2eFTwBxXj1O

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWP11BuUzdrIJpEXMY7APhA7Yy/bzImage
sha256sum	83e45577bfc4e73ad09d0c6ce7ad80e5220d321a924d42244cf194a9a5f31985

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWP11BuUzdrIJpEXMY7APhA7Yy/modules.tar.xz
sha256sum	9d7dfab4782ea546a0cc93566204973e529b1d57d997c9435a9a3cc39972abd5

durations

tests

boot	0
kunit	301.94

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.542337] ==================================================================
[   15.542919] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80
[   15.543361] Read of size 1 at addr ffff8881031d1550 by task kunit_try_catch/276
[   15.544394] 
[   15.544639] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   15.544814] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.544830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.544876] Call Trace:
[   15.544890]  <TASK>
[   15.544904]  dump_stack_lvl+0x73/0xb0
[   15.544937]  print_report+0xd1/0x650
[   15.544962]  ? __virt_addr_valid+0x1db/0x2d0
[   15.544984]  ? kasan_strings+0xcbc/0xe80
[   15.545004]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.545030]  ? kasan_strings+0xcbc/0xe80
[   15.545061]  kasan_report+0x141/0x180
[   15.545084]  ? kasan_strings+0xcbc/0xe80
[   15.545111]  __asan_report_load1_noabort+0x18/0x20
[   15.545136]  kasan_strings+0xcbc/0xe80
[   15.545155]  ? trace_hardirqs_on+0x37/0xe0
[   15.545179]  ? __pfx_kasan_strings+0x10/0x10
[   15.545199]  ? finish_task_switch.isra.0+0x153/0x700
[   15.545221]  ? __switch_to+0x47/0xf50
[   15.545246]  ? __schedule+0x10cc/0x2b60
[   15.545270]  ? __pfx_read_tsc+0x10/0x10
[   15.545291]  ? ktime_get_ts64+0x86/0x230
[   15.545315]  kunit_try_run_case+0x1a5/0x480
[   15.545340]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.545361]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.545383]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.545407]  ? __kthread_parkme+0x82/0x180
[   15.545427]  ? preempt_count_sub+0x50/0x80
[   15.545450]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.545473]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.545496]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.545519]  kthread+0x337/0x6f0
[   15.545543]  ? trace_preempt_on+0x20/0xc0
[   15.545565]  ? __pfx_kthread+0x10/0x10
[   15.545586]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.545607]  ? calculate_sigpending+0x7b/0xa0
[   15.545632]  ? __pfx_kthread+0x10/0x10
[   15.545654]  ret_from_fork+0x116/0x1d0
[   15.545672]  ? __pfx_kthread+0x10/0x10
[   15.545693]  ret_from_fork_asm+0x1a/0x30
[   15.545810]  </TASK>
[   15.545821] 
[   15.559602] Allocated by task 276:
[   15.560011]  kasan_save_stack+0x45/0x70
[   15.560444]  kasan_save_track+0x18/0x40
[   15.560940]  kasan_save_alloc_info+0x3b/0x50
[   15.561411]  __kasan_kmalloc+0xb7/0xc0
[   15.561932]  __kmalloc_cache_noprof+0x189/0x420
[   15.562440]  kasan_strings+0xc0/0xe80
[   15.562925]  kunit_try_run_case+0x1a5/0x480
[   15.563396]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.563994]  kthread+0x337/0x6f0
[   15.564363]  ret_from_fork+0x116/0x1d0
[   15.564823]  ret_from_fork_asm+0x1a/0x30
[   15.564984] 
[   15.565077] Freed by task 276:
[   15.565201]  kasan_save_stack+0x45/0x70
[   15.565414]  kasan_save_track+0x18/0x40
[   15.565598]  kasan_save_free_info+0x3f/0x60
[   15.565980]  __kasan_slab_free+0x56/0x70
[   15.566154]  kfree+0x222/0x3f0
[   15.566334]  kasan_strings+0x2aa/0xe80
[   15.566576]  kunit_try_run_case+0x1a5/0x480
[   15.566951]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.567223]  kthread+0x337/0x6f0
[   15.567377]  ret_from_fork+0x116/0x1d0
[   15.567619]  ret_from_fork_asm+0x1a/0x30
[   15.568031] 
[   15.568165] The buggy address belongs to the object at ffff8881031d1540
[   15.568165]  which belongs to the cache kmalloc-32 of size 32
[   15.568827] The buggy address is located 16 bytes inside of
[   15.568827]  freed 32-byte region [ffff8881031d1540, ffff8881031d1560)
[   15.569509] 
[   15.569628] The buggy address belongs to the physical page:
[   15.570104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d1
[   15.570425] flags: 0x200000000000000(node=0|zone=2)
[   15.570682] page_type: f5(slab)
[   15.570865] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   15.571243] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   15.571615] page dumped because: kasan: bad access detected
[   15.571864] 
[   15.571955] Memory state around the buggy address:
[   15.572486]  ffff8881031d1400: 00 00 00 04 fc fc fc fc fa fb fb fb fc fc fc fc
[   15.572979]  ffff8881031d1480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.573329] >ffff8881031d1500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   15.573679]                                                  ^
[   15.574067]  ffff8881031d1580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.574416]  ffff8881031d1600: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   15.574917] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zWOMr1is0AX4arj0SYVF5JpOke

job_id

TEST:linaro@lkft#2zWOS6brGmeU2EUwnTYWc14gwbn

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWOS6brGmeU2EUwnTYWc14gwbn

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOOzVyyYIheCiK7TX69oqwQMV/bzImage
sha256sum	a65cd0dbd8dcb4a1aad498bf6d6e54642475ee6492e666cfa11fecda6547fa0b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOOzVyyYIheCiK7TX69oqwQMV/modules.tar.xz
sha256sum	3863d8f18c932bfdc570c4142df231f50aef956846c2ab3b2f15aeea06f45ea4

durations

tests

boot	0
kunit	222.75

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   42.529427] ==================================================================
[   42.536661] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80
[   42.543367] Read of size 1 at addr ffff8881066e8410 by task kunit_try_catch/300
[   42.550700] 
[   42.552199] CPU: 3 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   42.552208] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   42.552210] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   42.552214] Call Trace:
[   42.552215]  <TASK>
[   42.552217]  dump_stack_lvl+0x73/0xb0
[   42.552222]  print_report+0xd1/0x650
[   42.552226]  ? __virt_addr_valid+0x1db/0x2d0
[   42.552230]  ? kasan_strings+0xcbc/0xe80
[   42.552233]  ? kasan_complete_mode_report_info+0x64/0x200
[   42.552239]  ? kasan_strings+0xcbc/0xe80
[   42.552242]  kasan_report+0x141/0x180
[   42.552246]  ? kasan_strings+0xcbc/0xe80
[   42.552251]  __asan_report_load1_noabort+0x18/0x20
[   42.552256]  kasan_strings+0xcbc/0xe80
[   42.552259]  ? trace_hardirqs_on+0x37/0xe0
[   42.552263]  ? __pfx_kasan_strings+0x10/0x10
[   42.552267]  ? finish_task_switch.isra.0+0x153/0x700
[   42.552271]  ? __switch_to+0x544/0xf50
[   42.552276]  ? __schedule+0x10cc/0x2b60
[   42.552280]  ? ktime_get_ts64+0x83/0x230
[   42.552284]  kunit_try_run_case+0x1a2/0x480
[   42.552289]  ? __pfx_kunit_try_run_case+0x10/0x10
[   42.552293]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   42.552297]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   42.552301]  ? __kthread_parkme+0x82/0x180
[   42.552305]  ? preempt_count_sub+0x50/0x80
[   42.552309]  ? __pfx_kunit_try_run_case+0x10/0x10
[   42.552314]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   42.552318]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   42.552322]  kthread+0x334/0x6f0
[   42.552325]  ? trace_preempt_on+0x20/0xc0
[   42.552347]  ? __pfx_kthread+0x10/0x10
[   42.552351]  ? _raw_spin_unlock_irq+0x47/0x80
[   42.552354]  ? calculate_sigpending+0x7b/0xa0
[   42.552377]  ? __pfx_kthread+0x10/0x10
[   42.552381]  ret_from_fork+0x113/0x1d0
[   42.552385]  ? __pfx_kthread+0x10/0x10
[   42.552401]  ret_from_fork_asm+0x1a/0x30
[   42.552407]  </TASK>
[   42.552409] 
[   42.728278] Allocated by task 300:
[   42.731685]  kasan_save_stack+0x45/0x70
[   42.735524]  kasan_save_track+0x18/0x40
[   42.739364]  kasan_save_alloc_info+0x3b/0x50
[   42.743661]  __kasan_kmalloc+0xb7/0xc0
[   42.747415]  __kmalloc_cache_noprof+0x189/0x420
[   42.751947]  kasan_strings+0xc0/0xe80
[   42.755612]  kunit_try_run_case+0x1a2/0x480
[   42.759800]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   42.765207]  kthread+0x334/0x6f0
[   42.768463]  ret_from_fork+0x113/0x1d0
[   42.772218]  ret_from_fork_asm+0x1a/0x30
[   42.776144] 
[   42.777642] Freed by task 300:
[   42.780701]  kasan_save_stack+0x45/0x70
[   42.784543]  kasan_save_track+0x18/0x40
[   42.788415]  kasan_save_free_info+0x3f/0x60
[   42.792602]  __kasan_slab_free+0x56/0x70
[   42.796527]  kfree+0x222/0x3f0
[   42.799586]  kasan_strings+0x2aa/0xe80
[   42.803363]  kunit_try_run_case+0x1a2/0x480
[   42.807551]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   42.812950]  kthread+0x334/0x6f0
[   42.816184]  ret_from_fork+0x113/0x1d0
[   42.819935]  ret_from_fork_asm+0x1a/0x30
[   42.823863] 
[   42.825363] The buggy address belongs to the object at ffff8881066e8400
[   42.825363]  which belongs to the cache kmalloc-32 of size 32
[   42.837722] The buggy address is located 16 bytes inside of
[   42.837722]  freed 32-byte region [ffff8881066e8400, ffff8881066e8420)
[   42.849801] 
[   42.851302] The buggy address belongs to the physical page:
[   42.856874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e8
[   42.864874] flags: 0x200000000000000(node=0|zone=2)
[   42.869753] page_type: f5(slab)
[   42.872900] raw: 0200000000000000 ffff888100042780 dead000000000122 0000000000000000
[   42.880646] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   42.888416] page dumped because: kasan: bad access detected
[   42.893994] 
[   42.895493] Memory state around the buggy address:
[   42.900286]  ffff8881066e8300: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   42.907505]  ffff8881066e8380: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   42.914724] >ffff8881066e8400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   42.921942]                          ^
[   42.925697]  ffff8881066e8480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   42.932925]  ffff8881066e8500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   42.940144] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - x86 - gcc-13-lkftconfig-kunit