lkft/sashal-linus-next - v6.13-rc7-43871-g530dddedcd5a - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings

Date

July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.338586] ==================================================================
[   19.338860] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00
[   19.339593] Read of size 1 at addr fff00000c799d550 by task kunit_try_catch/259
[   19.339674] 
[   19.339872] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.339969] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.339996] Hardware name: linux,dummy-virt (DT)
[   19.340030] Call trace:
[   19.340711]  show_stack+0x20/0x38 (C)
[   19.341034]  dump_stack_lvl+0x8c/0xd0
[   19.341297]  print_report+0x118/0x5d0
[   19.341574]  kasan_report+0xdc/0x128
[   19.341784]  __asan_report_load1_noabort+0x20/0x30
[   19.342390]  kasan_strings+0x95c/0xb00
[   19.342704]  kunit_try_run_case+0x170/0x3f0
[   19.342854]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.342916]  kthread+0x328/0x630
[   19.343138]  ret_from_fork+0x10/0x20
[   19.343481] 
[   19.343520] Allocated by task 259:
[   19.343552]  kasan_save_stack+0x3c/0x68
[   19.343608]  kasan_save_track+0x20/0x40
[   19.343814]  kasan_save_alloc_info+0x40/0x58
[   19.344064]  __kasan_kmalloc+0xd4/0xd8
[   19.344697]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.344918]  kasan_strings+0xc8/0xb00
[   19.344993]  kunit_try_run_case+0x170/0x3f0
[   19.345314]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.345666]  kthread+0x328/0x630
[   19.345826]  ret_from_fork+0x10/0x20
[   19.345888] 
[   19.345913] Freed by task 259:
[   19.346121]  kasan_save_stack+0x3c/0x68
[   19.346432]  kasan_save_track+0x20/0x40
[   19.346724]  kasan_save_free_info+0x4c/0x78
[   19.346976]  __kasan_slab_free+0x6c/0x98
[   19.347240]  kfree+0x214/0x3c8
[   19.347810]  kasan_strings+0x24c/0xb00
[   19.348049]  kunit_try_run_case+0x170/0x3f0
[   19.348162]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.348372]  kthread+0x328/0x630
[   19.348505]  ret_from_fork+0x10/0x20
[   19.348551] 
[   19.348574] The buggy address belongs to the object at fff00000c799d540
[   19.348574]  which belongs to the cache kmalloc-32 of size 32
[   19.348858] The buggy address is located 16 bytes inside of
[   19.348858]  freed 32-byte region [fff00000c799d540, fff00000c799d560)
[   19.349044] 
[   19.349134] The buggy address belongs to the physical page:
[   19.349316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10799d
[   19.349399] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.349736] page_type: f5(slab)
[   19.349957] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   19.350095] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   19.350168] page dumped because: kasan: bad access detected
[   19.350312] 
[   19.350337] Memory state around the buggy address:
[   19.350440]  fff00000c799d400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.350661]  fff00000c799d480: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   19.350918] >fff00000c799d500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.351156]                                                  ^
[   19.351511]  fff00000c799d580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.351778]  fff00000c799d600: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.351951] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EF25Pp9Vi9nJKRzPLQTha4DW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EF25Pp9Vi9nJKRzPLQTha4DW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/Image.gz
sha256sum	0cd43a55510452afcc094a9b71b52e570abcb0018a9c4b3e8c55713d88f43dcd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/modules.tar.xz
sha256sum	1123cbd40eab351130997a1b3dcec1375004e5d45c47d69105fc241be8d9036c

durations

tests

boot	0
kunit	182.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   18.898411] ==================================================================
[   18.898955] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00
[   18.899011] Read of size 1 at addr fff00000c7a5ef90 by task kunit_try_catch/259
[   18.899066] 
[   18.899101] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.899185] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.899214] Hardware name: linux,dummy-virt (DT)
[   18.899247] Call trace:
[   18.899274]  show_stack+0x20/0x38 (C)
[   18.899335]  dump_stack_lvl+0x8c/0xd0
[   18.899386]  print_report+0x118/0x5d0
[   18.899434]  kasan_report+0xdc/0x128
[   18.899482]  __asan_report_load1_noabort+0x20/0x30
[   18.899535]  kasan_strings+0x95c/0xb00
[   18.899582]  kunit_try_run_case+0x170/0x3f0
[   18.899631]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.899686]  kthread+0x328/0x630
[   18.899728]  ret_from_fork+0x10/0x20
[   18.899778] 
[   18.899800] Allocated by task 259:
[   18.899829]  kasan_save_stack+0x3c/0x68
[   18.899872]  kasan_save_track+0x20/0x40
[   18.899913]  kasan_save_alloc_info+0x40/0x58
[   18.899956]  __kasan_kmalloc+0xd4/0xd8
[   18.899996]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.900038]  kasan_strings+0xc8/0xb00
[   18.900077]  kunit_try_run_case+0x170/0x3f0
[   18.900116]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.900167]  kthread+0x328/0x630
[   18.900202]  ret_from_fork+0x10/0x20
[   18.900240] 
[   18.900260] Freed by task 259:
[   18.900286]  kasan_save_stack+0x3c/0x68
[   18.900337]  kasan_save_track+0x20/0x40
[   18.900375]  kasan_save_free_info+0x4c/0x78
[   18.900417]  __kasan_slab_free+0x6c/0x98
[   18.900456]  kfree+0x214/0x3c8
[   18.900491]  kasan_strings+0x24c/0xb00
[   18.901202]  kunit_try_run_case+0x170/0x3f0
[   18.901275]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.901344]  kthread+0x328/0x630
[   18.901390]  ret_from_fork+0x10/0x20
[   18.901430] 
[   18.901453] The buggy address belongs to the object at fff00000c7a5ef80
[   18.901453]  which belongs to the cache kmalloc-32 of size 32
[   18.901515] The buggy address is located 16 bytes inside of
[   18.901515]  freed 32-byte region [fff00000c7a5ef80, fff00000c7a5efa0)
[   18.901577] 
[   18.901601] The buggy address belongs to the physical page:
[   18.901948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a5e
[   18.902122] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.902297] page_type: f5(slab)
[   18.902352] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   18.902404] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   18.902445] page dumped because: kasan: bad access detected
[   18.902479] 
[   18.903653] Memory state around the buggy address:
[   18.904732]  fff00000c7a5ee80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.904787]  fff00000c7a5ef00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.905490] >fff00000c7a5ef80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.905538]                          ^
[   18.905570]  fff00000c7a5f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.905616]  fff00000c7a5f080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.905659] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MxbItH1xNBq5DVzgi5f9Vk9B

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MxbItH1xNBq5DVzgi5f9Vk9B

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/Image.gz
sha256sum	1d26a50b80602cf96dca0b9e5d4833d551bb9799e3e8f672f61c3fedb7c3633a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/modules.tar.xz
sha256sum	8d3b93659e4b7dd2c56e9a38da739978022e2707277d72909e50cc2549d4beb2

durations

tests

boot	0
kunit	169.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.011066] ==================================================================
[   14.011391] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80
[   14.011946] Read of size 1 at addr ffff8881026f44d0 by task kunit_try_catch/277
[   14.012260] 
[   14.012386] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.012429] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.012455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.012475] Call Trace:
[   14.012489]  <TASK>
[   14.012503]  dump_stack_lvl+0x73/0xb0
[   14.012528]  print_report+0xd1/0x610
[   14.012550]  ? __virt_addr_valid+0x1db/0x2d0
[   14.012571]  ? kasan_strings+0xcbc/0xe80
[   14.012591]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.012615]  ? kasan_strings+0xcbc/0xe80
[   14.012647]  kasan_report+0x141/0x180
[   14.012668]  ? kasan_strings+0xcbc/0xe80
[   14.012695]  __asan_report_load1_noabort+0x18/0x20
[   14.012731]  kasan_strings+0xcbc/0xe80
[   14.012762]  ? trace_hardirqs_on+0x37/0xe0
[   14.012785]  ? __pfx_kasan_strings+0x10/0x10
[   14.012807]  ? __kasan_check_write+0x18/0x20
[   14.012825]  ? queued_spin_lock_slowpath+0x116/0xb40
[   14.012858]  ? irqentry_exit+0x2a/0x60
[   14.012878]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   14.012902]  ? trace_hardirqs_on+0x37/0xe0
[   14.012935]  ? __pfx_read_tsc+0x10/0x10
[   14.012955]  ? ktime_get_ts64+0x86/0x230
[   14.012979]  kunit_try_run_case+0x1a5/0x480
[   14.013002]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.013035]  ? queued_spin_lock_slowpath+0x116/0xb40
[   14.013058]  ? __kthread_parkme+0x82/0x180
[   14.013077]  ? preempt_count_sub+0x50/0x80
[   14.013112]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.013139]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.013163]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.013187]  kthread+0x337/0x6f0
[   14.013214]  ? trace_preempt_on+0x20/0xc0
[   14.013236]  ? __pfx_kthread+0x10/0x10
[   14.013255]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.013287]  ? calculate_sigpending+0x7b/0xa0
[   14.013310]  ? __pfx_kthread+0x10/0x10
[   14.013332]  ret_from_fork+0x116/0x1d0
[   14.013350]  ? __pfx_kthread+0x10/0x10
[   14.013377]  ret_from_fork_asm+0x1a/0x30
[   14.013409]  </TASK>
[   14.013417] 
[   14.021812] Allocated by task 277:
[   14.021940]  kasan_save_stack+0x45/0x70
[   14.022085]  kasan_save_track+0x18/0x40
[   14.022221]  kasan_save_alloc_info+0x3b/0x50
[   14.022371]  __kasan_kmalloc+0xb7/0xc0
[   14.022604]  __kmalloc_cache_noprof+0x189/0x420
[   14.023027]  kasan_strings+0xc0/0xe80
[   14.023221]  kunit_try_run_case+0x1a5/0x480
[   14.023489]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.024040]  kthread+0x337/0x6f0
[   14.024173]  ret_from_fork+0x116/0x1d0
[   14.024306]  ret_from_fork_asm+0x1a/0x30
[   14.024458] 
[   14.024528] Freed by task 277:
[   14.024640]  kasan_save_stack+0x45/0x70
[   14.024929]  kasan_save_track+0x18/0x40
[   14.025147]  kasan_save_free_info+0x3f/0x60
[   14.025402]  __kasan_slab_free+0x56/0x70
[   14.025870]  kfree+0x222/0x3f0
[   14.026068]  kasan_strings+0x2aa/0xe80
[   14.026296]  kunit_try_run_case+0x1a5/0x480
[   14.026662]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.026920]  kthread+0x337/0x6f0
[   14.027042]  ret_from_fork+0x116/0x1d0
[   14.027200]  ret_from_fork_asm+0x1a/0x30
[   14.027398] 
[   14.027614] The buggy address belongs to the object at ffff8881026f44c0
[   14.027614]  which belongs to the cache kmalloc-32 of size 32
[   14.028356] The buggy address is located 16 bytes inside of
[   14.028356]  freed 32-byte region [ffff8881026f44c0, ffff8881026f44e0)
[   14.028957] 
[   14.029059] The buggy address belongs to the physical page:
[   14.029312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f4
[   14.029791] flags: 0x200000000000000(node=0|zone=2)
[   14.030042] page_type: f5(slab)
[   14.030216] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.030666] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.031009] page dumped because: kasan: bad access detected
[   14.031259] 
[   14.031375] Memory state around the buggy address:
[   14.031681]  ffff8881026f4380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.031994]  ffff8881026f4400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.032313] >ffff8881026f4480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.032798]                                                  ^
[   14.033092]  ffff8881026f4500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.033386]  ffff8881026f4580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.033827] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EFrR321z66uMtHD4l4dQQryi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EFrR321z66uMtHD4l4dQQryi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/bzImage
sha256sum	c220f70d9515ab3041e245bb6755df814c152e1bb2b5c646740fe1b3afdde8b5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/modules.tar.xz
sha256sum	ab8bf28231ab6c259d2b1478935ea551409070bcef8061d01f520819ad2ce3b6

durations

tests

boot	0
kunit	217.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.319765] ==================================================================
[   14.320789] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80
[   14.321292] Read of size 1 at addr ffff8881029c9590 by task kunit_try_catch/276
[   14.321561] 
[   14.321785] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.321864] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.321878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.321900] Call Trace:
[   14.321933]  <TASK>
[   14.321953]  dump_stack_lvl+0x73/0xb0
[   14.321986]  print_report+0xd1/0x610
[   14.322045]  ? __virt_addr_valid+0x1db/0x2d0
[   14.322069]  ? kasan_strings+0xcbc/0xe80
[   14.322091]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.322170]  ? kasan_strings+0xcbc/0xe80
[   14.322192]  kasan_report+0x141/0x180
[   14.322214]  ? kasan_strings+0xcbc/0xe80
[   14.322238]  __asan_report_load1_noabort+0x18/0x20
[   14.322263]  kasan_strings+0xcbc/0xe80
[   14.322314]  ? trace_hardirqs_on+0x37/0xe0
[   14.322340]  ? __pfx_kasan_strings+0x10/0x10
[   14.322360]  ? finish_task_switch.isra.0+0x153/0x700
[   14.322394]  ? __switch_to+0x47/0xf50
[   14.322420]  ? __schedule+0x10cc/0x2b60
[   14.322455]  ? __pfx_read_tsc+0x10/0x10
[   14.322476]  ? ktime_get_ts64+0x86/0x230
[   14.322528]  kunit_try_run_case+0x1a5/0x480
[   14.322553]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.322575]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.322611]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.322634]  ? __kthread_parkme+0x82/0x180
[   14.322655]  ? preempt_count_sub+0x50/0x80
[   14.322678]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.322702]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.322726]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.322750]  kthread+0x337/0x6f0
[   14.322769]  ? trace_preempt_on+0x20/0xc0
[   14.322790]  ? __pfx_kthread+0x10/0x10
[   14.322810]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.322832]  ? calculate_sigpending+0x7b/0xa0
[   14.322857]  ? __pfx_kthread+0x10/0x10
[   14.322877]  ret_from_fork+0x116/0x1d0
[   14.322896]  ? __pfx_kthread+0x10/0x10
[   14.322916]  ret_from_fork_asm+0x1a/0x30
[   14.322947]  </TASK>
[   14.322957] 
[   14.337950] Allocated by task 276:
[   14.338271]  kasan_save_stack+0x45/0x70
[   14.338685]  kasan_save_track+0x18/0x40
[   14.338821]  kasan_save_alloc_info+0x3b/0x50
[   14.338965]  __kasan_kmalloc+0xb7/0xc0
[   14.339379]  __kmalloc_cache_noprof+0x189/0x420
[   14.339843]  kasan_strings+0xc0/0xe80
[   14.340268]  kunit_try_run_case+0x1a5/0x480
[   14.340731]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.341522]  kthread+0x337/0x6f0
[   14.341654]  ret_from_fork+0x116/0x1d0
[   14.341786]  ret_from_fork_asm+0x1a/0x30
[   14.341921] 
[   14.341995] Freed by task 276:
[   14.342312]  kasan_save_stack+0x45/0x70
[   14.342862]  kasan_save_track+0x18/0x40
[   14.343365]  kasan_save_free_info+0x3f/0x60
[   14.343821]  __kasan_slab_free+0x56/0x70
[   14.344261]  kfree+0x222/0x3f0
[   14.344626]  kasan_strings+0x2aa/0xe80
[   14.345002]  kunit_try_run_case+0x1a5/0x480
[   14.345285]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.345497]  kthread+0x337/0x6f0
[   14.345841]  ret_from_fork+0x116/0x1d0
[   14.346605]  ret_from_fork_asm+0x1a/0x30
[   14.347082] 
[   14.347291] The buggy address belongs to the object at ffff8881029c9580
[   14.347291]  which belongs to the cache kmalloc-32 of size 32
[   14.348105] The buggy address is located 16 bytes inside of
[   14.348105]  freed 32-byte region [ffff8881029c9580, ffff8881029c95a0)
[   14.348655] 
[   14.348819] The buggy address belongs to the physical page:
[   14.349270] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c9
[   14.349722] flags: 0x200000000000000(node=0|zone=2)
[   14.349889] page_type: f5(slab)
[   14.350021] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.350811] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.351595] page dumped because: kasan: bad access detected
[   14.352571] 
[   14.352651] Memory state around the buggy address:
[   14.352813]  ffff8881029c9480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.353145]  ffff8881029c9500: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   14.353871] >ffff8881029c9580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.354584]                          ^
[   14.354990]  ffff8881029c9600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.355570]  ffff8881029c9680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.355782] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MyNrXgiUK2WQ9kAj3BzGphCF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MyNrXgiUK2WQ9kAj3BzGphCF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/bzImage
sha256sum	e715e0f52245accf83f401d29cc1c2f3b2a59bbdf3f5ad590c1c6f981a5169eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/modules.tar.xz
sha256sum	a6fb5fb0c5521f1f236c8b67ce1b76fdcd44954d158362bf4d88d0d9d544c595

durations

tests

boot	0
kunit	233.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.142396] ==================================================================
[   14.143178] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80
[   14.143577] Read of size 1 at addr ffff8881029b0850 by task kunit_try_catch/276
[   14.144293] 
[   14.144490] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.144534] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.144546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.144567] Call Trace:
[   14.144583]  <TASK>
[   14.144599]  dump_stack_lvl+0x73/0xb0
[   14.144729]  print_report+0xd1/0x610
[   14.144755]  ? __virt_addr_valid+0x1db/0x2d0
[   14.144779]  ? kasan_strings+0xcbc/0xe80
[   14.144799]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.144823]  ? kasan_strings+0xcbc/0xe80
[   14.144844]  kasan_report+0x141/0x180
[   14.144866]  ? kasan_strings+0xcbc/0xe80
[   14.144903]  __asan_report_load1_noabort+0x18/0x20
[   14.144928]  kasan_strings+0xcbc/0xe80
[   14.144948]  ? trace_hardirqs_on+0x37/0xe0
[   14.144972]  ? __pfx_kasan_strings+0x10/0x10
[   14.145123]  ? finish_task_switch.isra.0+0x153/0x700
[   14.145149]  ? __switch_to+0x47/0xf50
[   14.145177]  ? __schedule+0x10cc/0x2b60
[   14.145199]  ? __pfx_read_tsc+0x10/0x10
[   14.145220]  ? ktime_get_ts64+0x86/0x230
[   14.145245]  kunit_try_run_case+0x1a5/0x480
[   14.145271]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.145294]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.145318]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.145342]  ? __kthread_parkme+0x82/0x180
[   14.145363]  ? preempt_count_sub+0x50/0x80
[   14.145387]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.145420]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.145445]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.145479]  kthread+0x337/0x6f0
[   14.145499]  ? trace_preempt_on+0x20/0xc0
[   14.145521]  ? __pfx_kthread+0x10/0x10
[   14.145540]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.145562]  ? calculate_sigpending+0x7b/0xa0
[   14.145629]  ? __pfx_kthread+0x10/0x10
[   14.145652]  ret_from_fork+0x116/0x1d0
[   14.145671]  ? __pfx_kthread+0x10/0x10
[   14.145691]  ret_from_fork_asm+0x1a/0x30
[   14.145724]  </TASK>
[   14.145735] 
[   14.154492] Allocated by task 276:
[   14.154935]  kasan_save_stack+0x45/0x70
[   14.155167]  kasan_save_track+0x18/0x40
[   14.155364]  kasan_save_alloc_info+0x3b/0x50
[   14.155588]  __kasan_kmalloc+0xb7/0xc0
[   14.155752]  __kmalloc_cache_noprof+0x189/0x420
[   14.155924]  kasan_strings+0xc0/0xe80
[   14.156056]  kunit_try_run_case+0x1a5/0x480
[   14.156202]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.156524]  kthread+0x337/0x6f0
[   14.156690]  ret_from_fork+0x116/0x1d0
[   14.157104]  ret_from_fork_asm+0x1a/0x30
[   14.157316] 
[   14.157411] Freed by task 276:
[   14.157661]  kasan_save_stack+0x45/0x70
[   14.157860]  kasan_save_track+0x18/0x40
[   14.158127]  kasan_save_free_info+0x3f/0x60
[   14.158274]  __kasan_slab_free+0x56/0x70
[   14.158433]  kfree+0x222/0x3f0
[   14.158734]  kasan_strings+0x2aa/0xe80
[   14.158953]  kunit_try_run_case+0x1a5/0x480
[   14.159171]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.159393]  kthread+0x337/0x6f0
[   14.159620]  ret_from_fork+0x116/0x1d0
[   14.159783]  ret_from_fork_asm+0x1a/0x30
[   14.159960] 
[   14.160153] The buggy address belongs to the object at ffff8881029b0840
[   14.160153]  which belongs to the cache kmalloc-32 of size 32
[   14.160760] The buggy address is located 16 bytes inside of
[   14.160760]  freed 32-byte region [ffff8881029b0840, ffff8881029b0860)
[   14.161301] 
[   14.161397] The buggy address belongs to the physical page:
[   14.161572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b0
[   14.161816] flags: 0x200000000000000(node=0|zone=2)
[   14.162035] page_type: f5(slab)
[   14.162277] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.162618] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.162977] page dumped because: kasan: bad access detected
[   14.163247] 
[   14.163343] Memory state around the buggy address:
[   14.163591]  ffff8881029b0700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.163869]  ffff8881029b0780: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.164215] >ffff8881029b0800: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.164511]                                                  ^
[   14.164877]  ffff8881029b0880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.165329]  ffff8881029b0900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.165679] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T2OzuK6lIw4rRFlSAhCs7bnu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T2OzuK6lIw4rRFlSAhCs7bnu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/bzImage
sha256sum	42041c61d6e46ef309c371e5fe2f53a0c6849e7beec0f7e1f396b9c65c0adbb2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/modules.tar.xz
sha256sum	02cd970151971431ac5e5e4fcd602180a5476f25314259d1f76384cd0f280f1b

durations

tests

boot	0
kunit	226.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit