lkft/linux-mainline-master - v6.16-rc5 - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp

Date

July 6, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
x86

[   19.312531] ==================================================================
[   19.312588] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8
[   19.312643] Read of size 1 at addr fff00000c77ad110 by task kunit_try_catch/260
[   19.312693] 
[   19.312733] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.312819] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.312861] Hardware name: linux,dummy-virt (DT)
[   19.313015] Call trace:
[   19.313150]  show_stack+0x20/0x38 (C)
[   19.313259]  dump_stack_lvl+0x8c/0xd0
[   19.313409]  print_report+0x118/0x608
[   19.313476]  kasan_report+0xdc/0x128
[   19.313641]  __asan_report_load1_noabort+0x20/0x30
[   19.313701]  strcmp+0xc0/0xc8
[   19.313904]  kasan_strings+0x340/0xb00
[   19.314181]  kunit_try_run_case+0x170/0x3f0
[   19.314239]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.314292]  kthread+0x328/0x630
[   19.314335]  ret_from_fork+0x10/0x20
[   19.314419] 
[   19.314445] Allocated by task 260:
[   19.314476]  kasan_save_stack+0x3c/0x68
[   19.314520]  kasan_save_track+0x20/0x40
[   19.314559]  kasan_save_alloc_info+0x40/0x58
[   19.314633]  __kasan_kmalloc+0xd4/0xd8
[   19.314676]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.314718]  kasan_strings+0xc8/0xb00
[   19.314756]  kunit_try_run_case+0x170/0x3f0
[   19.314794]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.314872]  kthread+0x328/0x630
[   19.314907]  ret_from_fork+0x10/0x20
[   19.314944] 
[   19.314964] Freed by task 260:
[   19.315006]  kasan_save_stack+0x3c/0x68
[   19.315073]  kasan_save_track+0x20/0x40
[   19.315152]  kasan_save_free_info+0x4c/0x78
[   19.315246]  __kasan_slab_free+0x6c/0x98
[   19.315284]  kfree+0x214/0x3c8
[   19.315326]  kasan_strings+0x24c/0xb00
[   19.315427]  kunit_try_run_case+0x170/0x3f0
[   19.315468]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.315572]  kthread+0x328/0x630
[   19.315607]  ret_from_fork+0x10/0x20
[   19.315643] 
[   19.315682] The buggy address belongs to the object at fff00000c77ad100
[   19.315682]  which belongs to the cache kmalloc-32 of size 32
[   19.315743] The buggy address is located 16 bytes inside of
[   19.315743]  freed 32-byte region [fff00000c77ad100, fff00000c77ad120)
[   19.315826] 
[   19.315880] The buggy address belongs to the physical page:
[   19.315998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ad
[   19.316054] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.316106] page_type: f5(slab)
[   19.316146] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   19.316208] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   19.316249] page dumped because: kasan: bad access detected
[   19.316302] 
[   19.316322] Memory state around the buggy address:
[   19.316357]  fff00000c77ad000: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.316403]  fff00000c77ad080: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.316513] >fff00000c77ad100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.316595]                          ^
[   19.316692]  fff00000c77ad180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.316737]  fff00000c77ad200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.316853] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zWOyuIXq8KfPGezZsACY2h9Py5

job_id

TEST:linaro@lkft#2zWP3V1OcVdQ4ohJyYfApbDGj8n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWP3V1OcVdQ4ohJyYfApbDGj8n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOzwXJtcwkvIQ83Ezq39U67AP/Image.gz
sha256sum	0864d91aae8ea4c511d1a9f351fcff12184502f96eb010fa57e7b676cb314913

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOzwXJtcwkvIQ83Ezq39U67AP/modules.tar.xz
sha256sum	0c1b3d0b6ba49ab3b5a9e851cd596f0896ca4322dc635a39b3037c7d3f3b1d7a

durations

tests

boot	0
kunit	176.95

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.963752] ==================================================================
[   18.963820] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8
[   18.964350] Read of size 1 at addr fff00000c76c8890 by task kunit_try_catch/260
[   18.964497] 
[   18.964540] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.964759] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.964965] Hardware name: linux,dummy-virt (DT)
[   18.965017] Call trace:
[   18.965043]  show_stack+0x20/0x38 (C)
[   18.965159]  dump_stack_lvl+0x8c/0xd0
[   18.965213]  print_report+0x118/0x608
[   18.965264]  kasan_report+0xdc/0x128
[   18.965428]  __asan_report_load1_noabort+0x20/0x30
[   18.965490]  strcmp+0xc0/0xc8
[   18.965533]  kasan_strings+0x340/0xb00
[   18.965578]  kunit_try_run_case+0x170/0x3f0
[   18.965630]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.966008]  kthread+0x328/0x630
[   18.966106]  ret_from_fork+0x10/0x20
[   18.966428] 
[   18.966555] Allocated by task 260:
[   18.966776]  kasan_save_stack+0x3c/0x68
[   18.966937]  kasan_save_track+0x20/0x40
[   18.966983]  kasan_save_alloc_info+0x40/0x58
[   18.967083]  __kasan_kmalloc+0xd4/0xd8
[   18.967263]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.967328]  kasan_strings+0xc8/0xb00
[   18.967484]  kunit_try_run_case+0x170/0x3f0
[   18.967571]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.967621]  kthread+0x328/0x630
[   18.967656]  ret_from_fork+0x10/0x20
[   18.967694] 
[   18.967735] Freed by task 260:
[   18.967764]  kasan_save_stack+0x3c/0x68
[   18.967807]  kasan_save_track+0x20/0x40
[   18.967863]  kasan_save_free_info+0x4c/0x78
[   18.967905]  __kasan_slab_free+0x6c/0x98
[   18.967957]  kfree+0x214/0x3c8
[   18.968007]  kasan_strings+0x24c/0xb00
[   18.968045]  kunit_try_run_case+0x170/0x3f0
[   18.968093]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.968139]  kthread+0x328/0x630
[   18.968172]  ret_from_fork+0x10/0x20
[   18.968222] 
[   18.968252] The buggy address belongs to the object at fff00000c76c8880
[   18.968252]  which belongs to the cache kmalloc-32 of size 32
[   18.968313] The buggy address is located 16 bytes inside of
[   18.968313]  freed 32-byte region [fff00000c76c8880, fff00000c76c88a0)
[   18.968378] 
[   18.968401] The buggy address belongs to the physical page:
[   18.968435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c8
[   18.968508] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.969168] page_type: f5(slab)
[   18.969247] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   18.969319] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   18.969395] page dumped because: kasan: bad access detected
[   18.969567] 
[   18.969694] Memory state around the buggy address:
[   18.969739]  fff00000c76c8780: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.970116]  fff00000c76c8800: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   18.970267] >fff00000c76c8880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.970468]                          ^
[   18.970639]  fff00000c76c8900: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.971044]  fff00000c76c8980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.971184] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zWOMr1is0AX4arj0SYVF5JpOke

job_id

TEST:linaro@lkft#2zWOQt6s929bxgUx38gzHQDeEWi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWOQt6s929bxgUx38gzHQDeEWi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWONz22XAnnmTpBnNGDTTWAndE/Image.gz
sha256sum	e425e97b4796f84f3684f795a517e91f191e432f98db0542561ded32ae0821b4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWONz22XAnnmTpBnNGDTTWAndE/modules.tar.xz
sha256sum	1aed0961c44960a298f006a14ef5e7bc7416a278296f1682363efc7cf573b276

durations

tests

boot	0
kunit	170.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.480611] ==================================================================
[   15.482044] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0
[   15.482728] Read of size 1 at addr ffff888102ab8f90 by task kunit_try_catch/277
[   15.483083] 
[   15.483252] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   15.483422] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.483450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.483489] Call Trace:
[   15.483514]  <TASK>
[   15.483845]  dump_stack_lvl+0x73/0xb0
[   15.483903]  print_report+0xd1/0x650
[   15.483927]  ? __virt_addr_valid+0x1db/0x2d0
[   15.483948]  ? strcmp+0xb0/0xc0
[   15.483967]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.483992]  ? strcmp+0xb0/0xc0
[   15.484011]  kasan_report+0x141/0x180
[   15.484031]  ? strcmp+0xb0/0xc0
[   15.484054]  __asan_report_load1_noabort+0x18/0x20
[   15.484077]  strcmp+0xb0/0xc0
[   15.484099]  kasan_strings+0x431/0xe80
[   15.484127]  ? trace_hardirqs_on+0x37/0xe0
[   15.484163]  ? __pfx_kasan_strings+0x10/0x10
[   15.484195]  ? finish_task_switch.isra.0+0x153/0x700
[   15.484235]  ? __switch_to+0x47/0xf50
[   15.484287]  ? __schedule+0x10cc/0x2b60
[   15.484329]  ? __pfx_read_tsc+0x10/0x10
[   15.484367]  ? ktime_get_ts64+0x86/0x230
[   15.484414]  kunit_try_run_case+0x1a5/0x480
[   15.484455]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.484494]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.484551]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.484594]  ? __kthread_parkme+0x82/0x180
[   15.484639]  ? preempt_count_sub+0x50/0x80
[   15.484666]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.484688]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.484709]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.484731]  kthread+0x337/0x6f0
[   15.484749]  ? trace_preempt_on+0x20/0xc0
[   15.484770]  ? __pfx_kthread+0x10/0x10
[   15.484789]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.484809]  ? calculate_sigpending+0x7b/0xa0
[   15.484831]  ? __pfx_kthread+0x10/0x10
[   15.484850]  ret_from_fork+0x116/0x1d0
[   15.484867]  ? __pfx_kthread+0x10/0x10
[   15.484886]  ret_from_fork_asm+0x1a/0x30
[   15.484914]  </TASK>
[   15.484925] 
[   15.496525] Allocated by task 277:
[   15.496722]  kasan_save_stack+0x45/0x70
[   15.497032]  kasan_save_track+0x18/0x40
[   15.497312]  kasan_save_alloc_info+0x3b/0x50
[   15.497575]  __kasan_kmalloc+0xb7/0xc0
[   15.498204]  __kmalloc_cache_noprof+0x189/0x420
[   15.498770]  kasan_strings+0xc0/0xe80
[   15.499140]  kunit_try_run_case+0x1a5/0x480
[   15.499399]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.500158]  kthread+0x337/0x6f0
[   15.500377]  ret_from_fork+0x116/0x1d0
[   15.500711]  ret_from_fork_asm+0x1a/0x30
[   15.500890] 
[   15.500996] Freed by task 277:
[   15.501120]  kasan_save_stack+0x45/0x70
[   15.501312]  kasan_save_track+0x18/0x40
[   15.501762]  kasan_save_free_info+0x3f/0x60
[   15.502082]  __kasan_slab_free+0x56/0x70
[   15.502593]  kfree+0x222/0x3f0
[   15.503089]  kasan_strings+0x2aa/0xe80
[   15.503253]  kunit_try_run_case+0x1a5/0x480
[   15.503516]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.504163]  kthread+0x337/0x6f0
[   15.504387]  ret_from_fork+0x116/0x1d0
[   15.504970]  ret_from_fork_asm+0x1a/0x30
[   15.505419] 
[   15.505549] The buggy address belongs to the object at ffff888102ab8f80
[   15.505549]  which belongs to the cache kmalloc-32 of size 32
[   15.506022] The buggy address is located 16 bytes inside of
[   15.506022]  freed 32-byte region [ffff888102ab8f80, ffff888102ab8fa0)
[   15.506956] 
[   15.507075] The buggy address belongs to the physical page:
[   15.507469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   15.508173] flags: 0x200000000000000(node=0|zone=2)
[   15.508427] page_type: f5(slab)
[   15.508918] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   15.509387] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   15.509847] page dumped because: kasan: bad access detected
[   15.510420] 
[   15.510656] Memory state around the buggy address:
[   15.511026]  ffff888102ab8e80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   15.511418]  ffff888102ab8f00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   15.512026] >ffff888102ab8f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.512450]                          ^
[   15.512931]  ffff888102ab9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.513358]  ffff888102ab9080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[   15.513917] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zWOyuIXq8KfPGezZsACY2h9Py5

job_id

TEST:linaro@lkft#2zWP4XAoGIP10o2o2eFTwBxXj1O

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWP4XAoGIP10o2o2eFTwBxXj1O

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWP11BuUzdrIJpEXMY7APhA7Yy/bzImage
sha256sum	83e45577bfc4e73ad09d0c6ce7ad80e5220d321a924d42244cf194a9a5f31985

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWP11BuUzdrIJpEXMY7APhA7Yy/modules.tar.xz
sha256sum	9d7dfab4782ea546a0cc93566204973e529b1d57d997c9435a9a3cc39972abd5

durations

tests

boot	0
kunit	301.94

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.507548] ==================================================================
[   15.509148] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0
[   15.509418] Read of size 1 at addr ffff8881031d1550 by task kunit_try_catch/276
[   15.509727] 
[   15.511164] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   15.511222] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.511235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.511259] Call Trace:
[   15.511273]  <TASK>
[   15.511291]  dump_stack_lvl+0x73/0xb0
[   15.511324]  print_report+0xd1/0x650
[   15.511349]  ? __virt_addr_valid+0x1db/0x2d0
[   15.511375]  ? strcmp+0xb0/0xc0
[   15.511397]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.511424]  ? strcmp+0xb0/0xc0
[   15.511446]  kasan_report+0x141/0x180
[   15.511469]  ? strcmp+0xb0/0xc0
[   15.511496]  __asan_report_load1_noabort+0x18/0x20
[   15.511522]  strcmp+0xb0/0xc0
[   15.511545]  kasan_strings+0x431/0xe80
[   15.511566]  ? trace_hardirqs_on+0x37/0xe0
[   15.511593]  ? __pfx_kasan_strings+0x10/0x10
[   15.511614]  ? finish_task_switch.isra.0+0x153/0x700
[   15.511638]  ? __switch_to+0x47/0xf50
[   15.511666]  ? __schedule+0x10cc/0x2b60
[   15.511690]  ? __pfx_read_tsc+0x10/0x10
[   15.511722]  ? ktime_get_ts64+0x86/0x230
[   15.511749]  kunit_try_run_case+0x1a5/0x480
[   15.511775]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.511798]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.511822]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.511846]  ? __kthread_parkme+0x82/0x180
[   15.511867]  ? preempt_count_sub+0x50/0x80
[   15.511891]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.511916]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.511939]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.511963]  kthread+0x337/0x6f0
[   15.511984]  ? trace_preempt_on+0x20/0xc0
[   15.512007]  ? __pfx_kthread+0x10/0x10
[   15.512029]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.512062]  ? calculate_sigpending+0x7b/0xa0
[   15.512088]  ? __pfx_kthread+0x10/0x10
[   15.512111]  ret_from_fork+0x116/0x1d0
[   15.512130]  ? __pfx_kthread+0x10/0x10
[   15.512152]  ret_from_fork_asm+0x1a/0x30
[   15.512185]  </TASK>
[   15.512197] 
[   15.526672] Allocated by task 276:
[   15.526900]  kasan_save_stack+0x45/0x70
[   15.527140]  kasan_save_track+0x18/0x40
[   15.527538]  kasan_save_alloc_info+0x3b/0x50
[   15.527954]  __kasan_kmalloc+0xb7/0xc0
[   15.528164]  __kmalloc_cache_noprof+0x189/0x420
[   15.528467]  kasan_strings+0xc0/0xe80
[   15.528668]  kunit_try_run_case+0x1a5/0x480
[   15.529004]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.529287]  kthread+0x337/0x6f0
[   15.529571]  ret_from_fork+0x116/0x1d0
[   15.529946]  ret_from_fork_asm+0x1a/0x30
[   15.530218] 
[   15.530318] Freed by task 276:
[   15.530524]  kasan_save_stack+0x45/0x70
[   15.530847]  kasan_save_track+0x18/0x40
[   15.531150]  kasan_save_free_info+0x3f/0x60
[   15.531352]  __kasan_slab_free+0x56/0x70
[   15.531644]  kfree+0x222/0x3f0
[   15.532058]  kasan_strings+0x2aa/0xe80
[   15.532267]  kunit_try_run_case+0x1a5/0x480
[   15.532601]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.532994]  kthread+0x337/0x6f0
[   15.533181]  ret_from_fork+0x116/0x1d0
[   15.533485]  ret_from_fork_asm+0x1a/0x30
[   15.533677] 
[   15.534028] The buggy address belongs to the object at ffff8881031d1540
[   15.534028]  which belongs to the cache kmalloc-32 of size 32
[   15.534590] The buggy address is located 16 bytes inside of
[   15.534590]  freed 32-byte region [ffff8881031d1540, ffff8881031d1560)
[   15.535245] 
[   15.535404] The buggy address belongs to the physical page:
[   15.535672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d1
[   15.536236] flags: 0x200000000000000(node=0|zone=2)
[   15.536489] page_type: f5(slab)
[   15.536829] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   15.537230] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   15.537600] page dumped because: kasan: bad access detected
[   15.538002] 
[   15.538119] Memory state around the buggy address:
[   15.538433]  ffff8881031d1400: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc
[   15.538880]  ffff8881031d1480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   15.539135] >ffff8881031d1500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   15.539480]                                                  ^
[   15.539752]  ffff8881031d1580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.540516]  ffff8881031d1600: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   15.540982] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zWOMr1is0AX4arj0SYVF5JpOke

job_id

TEST:linaro@lkft#2zWOS6brGmeU2EUwnTYWc14gwbn

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zWOS6brGmeU2EUwnTYWc14gwbn

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOOzVyyYIheCiK7TX69oqwQMV/bzImage
sha256sum	a65cd0dbd8dcb4a1aad498bf6d6e54642475ee6492e666cfa11fecda6547fa0b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zWOOzVyyYIheCiK7TX69oqwQMV/modules.tar.xz
sha256sum	3863d8f18c932bfdc570c4142df231f50aef956846c2ab3b2f15aeea06f45ea4

durations

tests

boot	0
kunit	222.75

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   42.094876] ==================================================================
[   42.118799] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0
[   42.124726] Read of size 1 at addr ffff8881066e8410 by task kunit_try_catch/300
[   42.132042] 
[   42.133542] CPU: 3 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   42.133551] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   42.133554] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   42.133558] Call Trace:
[   42.133559]  <TASK>
[   42.133561]  dump_stack_lvl+0x73/0xb0
[   42.133566]  print_report+0xd1/0x650
[   42.133570]  ? __virt_addr_valid+0x1db/0x2d0
[   42.133575]  ? strcmp+0xb0/0xc0
[   42.133578]  ? kasan_complete_mode_report_info+0x64/0x200
[   42.133584]  ? strcmp+0xb0/0xc0
[   42.133588]  kasan_report+0x141/0x180
[   42.133592]  ? strcmp+0xb0/0xc0
[   42.133597]  __asan_report_load1_noabort+0x18/0x20
[   42.133601]  strcmp+0xb0/0xc0
[   42.133606]  kasan_strings+0x431/0xe80
[   42.133609]  ? trace_hardirqs_on+0x37/0xe0
[   42.133614]  ? __pfx_kasan_strings+0x10/0x10
[   42.133617]  ? finish_task_switch.isra.0+0x153/0x700
[   42.133621]  ? __switch_to+0x544/0xf50
[   42.133626]  ? __schedule+0x10cc/0x2b60
[   42.133630]  ? ktime_get_ts64+0x83/0x230
[   42.133635]  kunit_try_run_case+0x1a2/0x480
[   42.133639]  ? __pfx_kunit_try_run_case+0x10/0x10
[   42.133644]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   42.133648]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   42.133652]  ? __kthread_parkme+0x82/0x180
[   42.133656]  ? preempt_count_sub+0x50/0x80
[   42.133660]  ? __pfx_kunit_try_run_case+0x10/0x10
[   42.133664]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   42.133669]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   42.133673]  kthread+0x334/0x6f0
[   42.133676]  ? trace_preempt_on+0x20/0xc0
[   42.133680]  ? __pfx_kthread+0x10/0x10
[   42.133684]  ? _raw_spin_unlock_irq+0x47/0x80
[   42.133688]  ? calculate_sigpending+0x7b/0xa0
[   42.133693]  ? __pfx_kthread+0x10/0x10
[   42.133697]  ret_from_fork+0x113/0x1d0
[   42.133700]  ? __pfx_kthread+0x10/0x10
[   42.133704]  ret_from_fork_asm+0x1a/0x30
[   42.133710]  </TASK>
[   42.133711] 
[   42.310236] Allocated by task 300:
[   42.313640]  kasan_save_stack+0x45/0x70
[   42.317479]  kasan_save_track+0x18/0x40
[   42.321319]  kasan_save_alloc_info+0x3b/0x50
[   42.325626]  __kasan_kmalloc+0xb7/0xc0
[   42.329380]  __kmalloc_cache_noprof+0x189/0x420
[   42.333938]  kasan_strings+0xc0/0xe80
[   42.337604]  kunit_try_run_case+0x1a2/0x480
[   42.341790]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   42.347190]  kthread+0x334/0x6f0
[   42.350423]  ret_from_fork+0x113/0x1d0
[   42.354176]  ret_from_fork_asm+0x1a/0x30
[   42.358108] 
[   42.359607] Freed by task 300:
[   42.362668]  kasan_save_stack+0x45/0x70
[   42.366506]  kasan_save_track+0x18/0x40
[   42.370383]  kasan_save_free_info+0x3f/0x60
[   42.374602]  __kasan_slab_free+0x56/0x70
[   42.378529]  kfree+0x222/0x3f0
[   42.381594]  kasan_strings+0x2aa/0xe80
[   42.385364]  kunit_try_run_case+0x1a2/0x480
[   42.389577]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   42.394977]  kthread+0x334/0x6f0
[   42.398208]  ret_from_fork+0x113/0x1d0
[   42.401962]  ret_from_fork_asm+0x1a/0x30
[   42.405889] 
[   42.407406] The buggy address belongs to the object at ffff8881066e8400
[   42.407406]  which belongs to the cache kmalloc-32 of size 32
[   42.419745] The buggy address is located 16 bytes inside of
[   42.419745]  freed 32-byte region [ffff8881066e8400, ffff8881066e8420)
[   42.431828] 
[   42.433325] The buggy address belongs to the physical page:
[   42.438924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e8
[   42.446926] flags: 0x200000000000000(node=0|zone=2)
[   42.451803] page_type: f5(slab)
[   42.454952] raw: 0200000000000000 ffff888100042780 dead000000000122 0000000000000000
[   42.462700] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   42.470445] page dumped because: kasan: bad access detected
[   42.476018] 
[   42.477518] Memory state around the buggy address:
[   42.482311]  ffff8881066e8300: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   42.489531]  ffff8881066e8380: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   42.496750] >ffff8881066e8400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   42.503969]                          ^
[   42.507722]  ffff8881066e8480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   42.514942]  ffff8881066e8500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   42.522158] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - x86 - gcc-13-lkftconfig-kunit