lkft/sashal-linus-next - v6.13-rc7-43871-g530dddedcd5a - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp

Date

July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.330504] ==================================================================
[   19.330926] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8
[   19.331191] Read of size 1 at addr fff00000c799d550 by task kunit_try_catch/259
[   19.331243] 
[   19.331288] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.331752] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.331813] Hardware name: linux,dummy-virt (DT)
[   19.331916] Call trace:
[   19.332036]  show_stack+0x20/0x38 (C)
[   19.332229]  dump_stack_lvl+0x8c/0xd0
[   19.332333]  print_report+0x118/0x5d0
[   19.332494]  kasan_report+0xdc/0x128
[   19.332550]  __asan_report_load1_noabort+0x20/0x30
[   19.332899]  strcmp+0xc0/0xc8
[   19.332971]  kasan_strings+0x340/0xb00
[   19.333287]  kunit_try_run_case+0x170/0x3f0
[   19.333482]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.333726]  kthread+0x328/0x630
[   19.333854]  ret_from_fork+0x10/0x20
[   19.334079] 
[   19.334188] Allocated by task 259:
[   19.334443]  kasan_save_stack+0x3c/0x68
[   19.334597]  kasan_save_track+0x20/0x40
[   19.334641]  kasan_save_alloc_info+0x40/0x58
[   19.334684]  __kasan_kmalloc+0xd4/0xd8
[   19.334732]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.334786]  kasan_strings+0xc8/0xb00
[   19.334831]  kunit_try_run_case+0x170/0x3f0
[   19.334884]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.334931]  kthread+0x328/0x630
[   19.334976]  ret_from_fork+0x10/0x20
[   19.335013] 
[   19.335044] Freed by task 259:
[   19.335085]  kasan_save_stack+0x3c/0x68
[   19.335124]  kasan_save_track+0x20/0x40
[   19.335174]  kasan_save_free_info+0x4c/0x78
[   19.335214]  __kasan_slab_free+0x6c/0x98
[   19.335256]  kfree+0x214/0x3c8
[   19.335291]  kasan_strings+0x24c/0xb00
[   19.335337]  kunit_try_run_case+0x170/0x3f0
[   19.335386]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.335431]  kthread+0x328/0x630
[   19.335466]  ret_from_fork+0x10/0x20
[   19.335520] 
[   19.335558] The buggy address belongs to the object at fff00000c799d540
[   19.335558]  which belongs to the cache kmalloc-32 of size 32
[   19.335623] The buggy address is located 16 bytes inside of
[   19.335623]  freed 32-byte region [fff00000c799d540, fff00000c799d560)
[   19.335689] 
[   19.335723] The buggy address belongs to the physical page:
[   19.335784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10799d
[   19.335864] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.335921] page_type: f5(slab)
[   19.335967] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   19.336030] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   19.336073] page dumped because: kasan: bad access detected
[   19.336117] 
[   19.336146] Memory state around the buggy address:
[   19.336183]  fff00000c799d400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.336231]  fff00000c799d480: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   19.336286] >fff00000c799d500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.336333]                                                  ^
[   19.336380]  fff00000c799d580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.336424]  fff00000c799d600: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.336470] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EF25Pp9Vi9nJKRzPLQTha4DW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EF25Pp9Vi9nJKRzPLQTha4DW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/Image.gz
sha256sum	0cd43a55510452afcc094a9b71b52e570abcb0018a9c4b3e8c55713d88f43dcd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/modules.tar.xz
sha256sum	1123cbd40eab351130997a1b3dcec1375004e5d45c47d69105fc241be8d9036c

durations

tests

boot	0
kunit	182.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   18.891757] ==================================================================
[   18.891908] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8
[   18.892000] Read of size 1 at addr fff00000c7a5ef90 by task kunit_try_catch/259
[   18.892053] 
[   18.892106] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.892198] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.892293] Hardware name: linux,dummy-virt (DT)
[   18.892363] Call trace:
[   18.892410]  show_stack+0x20/0x38 (C)
[   18.892465]  dump_stack_lvl+0x8c/0xd0
[   18.892522]  print_report+0x118/0x5d0
[   18.892610]  kasan_report+0xdc/0x128
[   18.892733]  __asan_report_load1_noabort+0x20/0x30
[   18.892799]  strcmp+0xc0/0xc8
[   18.892842]  kasan_strings+0x340/0xb00
[   18.892896]  kunit_try_run_case+0x170/0x3f0
[   18.892946]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.893001]  kthread+0x328/0x630
[   18.893044]  ret_from_fork+0x10/0x20
[   18.893095] 
[   18.893403] Allocated by task 259:
[   18.893472]  kasan_save_stack+0x3c/0x68
[   18.893669]  kasan_save_track+0x20/0x40
[   18.893753]  kasan_save_alloc_info+0x40/0x58
[   18.893904]  __kasan_kmalloc+0xd4/0xd8
[   18.894072]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.894121]  kasan_strings+0xc8/0xb00
[   18.894159]  kunit_try_run_case+0x170/0x3f0
[   18.894200]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.894247]  kthread+0x328/0x630
[   18.894283]  ret_from_fork+0x10/0x20
[   18.894330] 
[   18.894425] Freed by task 259:
[   18.894616]  kasan_save_stack+0x3c/0x68
[   18.894680]  kasan_save_track+0x20/0x40
[   18.894905]  kasan_save_free_info+0x4c/0x78
[   18.895095]  __kasan_slab_free+0x6c/0x98
[   18.895203]  kfree+0x214/0x3c8
[   18.895388]  kasan_strings+0x24c/0xb00
[   18.895444]  kunit_try_run_case+0x170/0x3f0
[   18.895496]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.895543]  kthread+0x328/0x630
[   18.895584]  ret_from_fork+0x10/0x20
[   18.895625] 
[   18.895666] The buggy address belongs to the object at fff00000c7a5ef80
[   18.895666]  which belongs to the cache kmalloc-32 of size 32
[   18.895741] The buggy address is located 16 bytes inside of
[   18.895741]  freed 32-byte region [fff00000c7a5ef80, fff00000c7a5efa0)
[   18.895804] 
[   18.895845] The buggy address belongs to the physical page:
[   18.895881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a5e
[   18.895947] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.896000] page_type: f5(slab)
[   18.896042] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   18.896095] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   18.896148] page dumped because: kasan: bad access detected
[   18.896184] 
[   18.896206] Memory state around the buggy address:
[   18.896250]  fff00000c7a5ee80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.896296]  fff00000c7a5ef00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.896827] >fff00000c7a5ef80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.896925]                          ^
[   18.897088]  fff00000c7a5f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.897151]  fff00000c7a5f080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.898027] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MxbItH1xNBq5DVzgi5f9Vk9B

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MxbItH1xNBq5DVzgi5f9Vk9B

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/Image.gz
sha256sum	1d26a50b80602cf96dca0b9e5d4833d551bb9799e3e8f672f61c3fedb7c3633a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/modules.tar.xz
sha256sum	8d3b93659e4b7dd2c56e9a38da739978022e2707277d72909e50cc2549d4beb2

durations

tests

boot	0
kunit	169.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   13.987896] ==================================================================
[   13.988983] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0
[   13.989327] Read of size 1 at addr ffff8881026f44d0 by task kunit_try_catch/277
[   13.989794] 
[   13.989927] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.989981] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.989993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.990014] Call Trace:
[   13.990037]  <TASK>
[   13.990051]  dump_stack_lvl+0x73/0xb0
[   13.990079]  print_report+0xd1/0x610
[   13.990102]  ? __virt_addr_valid+0x1db/0x2d0
[   13.990125]  ? strcmp+0xb0/0xc0
[   13.990141]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.990163]  ? strcmp+0xb0/0xc0
[   13.990181]  kasan_report+0x141/0x180
[   13.990212]  ? strcmp+0xb0/0xc0
[   13.990235]  __asan_report_load1_noabort+0x18/0x20
[   13.990258]  strcmp+0xb0/0xc0
[   13.990288]  kasan_strings+0x431/0xe80
[   13.990308]  ? trace_hardirqs_on+0x37/0xe0
[   13.990332]  ? __pfx_kasan_strings+0x10/0x10
[   13.990355]  ? __kasan_check_write+0x18/0x20
[   13.990374]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.990399]  ? irqentry_exit+0x2a/0x60
[   13.990420]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.990454]  ? trace_hardirqs_on+0x37/0xe0
[   13.990475]  ? __pfx_read_tsc+0x10/0x10
[   13.990496]  ? ktime_get_ts64+0x86/0x230
[   13.990562]  kunit_try_run_case+0x1a5/0x480
[   13.990603]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.990635]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.990659]  ? __kthread_parkme+0x82/0x180
[   13.990679]  ? preempt_count_sub+0x50/0x80
[   13.990704]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.990728]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.990760]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.990785]  kthread+0x337/0x6f0
[   13.990806]  ? trace_preempt_on+0x20/0xc0
[   13.990841]  ? __pfx_kthread+0x10/0x10
[   13.990861]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.990882]  ? calculate_sigpending+0x7b/0xa0
[   13.990906]  ? __pfx_kthread+0x10/0x10
[   13.990928]  ret_from_fork+0x116/0x1d0
[   13.990946]  ? __pfx_kthread+0x10/0x10
[   13.990967]  ret_from_fork_asm+0x1a/0x30
[   13.991000]  </TASK>
[   13.991009] 
[   13.999231] Allocated by task 277:
[   13.999422]  kasan_save_stack+0x45/0x70
[   13.999928]  kasan_save_track+0x18/0x40
[   14.000154]  kasan_save_alloc_info+0x3b/0x50
[   14.000396]  __kasan_kmalloc+0xb7/0xc0
[   14.000627]  __kmalloc_cache_noprof+0x189/0x420
[   14.000810]  kasan_strings+0xc0/0xe80
[   14.001079]  kunit_try_run_case+0x1a5/0x480
[   14.001253]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.001628]  kthread+0x337/0x6f0
[   14.001754]  ret_from_fork+0x116/0x1d0
[   14.001926]  ret_from_fork_asm+0x1a/0x30
[   14.002156] 
[   14.002253] Freed by task 277:
[   14.002407]  kasan_save_stack+0x45/0x70
[   14.002650]  kasan_save_track+0x18/0x40
[   14.002851]  kasan_save_free_info+0x3f/0x60
[   14.003066]  __kasan_slab_free+0x56/0x70
[   14.003243]  kfree+0x222/0x3f0
[   14.003410]  kasan_strings+0x2aa/0xe80
[   14.003671]  kunit_try_run_case+0x1a5/0x480
[   14.003869]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.004130]  kthread+0x337/0x6f0
[   14.004288]  ret_from_fork+0x116/0x1d0
[   14.004657]  ret_from_fork_asm+0x1a/0x30
[   14.004867] 
[   14.004986] The buggy address belongs to the object at ffff8881026f44c0
[   14.004986]  which belongs to the cache kmalloc-32 of size 32
[   14.005371] The buggy address is located 16 bytes inside of
[   14.005371]  freed 32-byte region [ffff8881026f44c0, ffff8881026f44e0)
[   14.005736] 
[   14.005809] The buggy address belongs to the physical page:
[   14.005983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f4
[   14.006380] flags: 0x200000000000000(node=0|zone=2)
[   14.006678] page_type: f5(slab)
[   14.006845] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.007457] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.008059] page dumped because: kasan: bad access detected
[   14.008234] 
[   14.008303] Memory state around the buggy address:
[   14.008575]  ffff8881026f4380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.008929]  ffff8881026f4400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.009286] >ffff8881026f4480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.009704]                                                  ^
[   14.009947]  ffff8881026f4500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.010166]  ffff8881026f4580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.010535] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EFrR321z66uMtHD4l4dQQryi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EFrR321z66uMtHD4l4dQQryi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/bzImage
sha256sum	c220f70d9515ab3041e245bb6755df814c152e1bb2b5c646740fe1b3afdde8b5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/modules.tar.xz
sha256sum	ab8bf28231ab6c259d2b1478935ea551409070bcef8061d01f520819ad2ce3b6

durations

tests

boot	0
kunit	217.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.279826] ==================================================================
[   14.281394] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0
[   14.282078] Read of size 1 at addr ffff8881029c9590 by task kunit_try_catch/276
[   14.282903] 
[   14.283125] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.283185] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.283198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.283222] Call Trace:
[   14.283241]  <TASK>
[   14.283265]  dump_stack_lvl+0x73/0xb0
[   14.283301]  print_report+0xd1/0x610
[   14.283326]  ? __virt_addr_valid+0x1db/0x2d0
[   14.283351]  ? strcmp+0xb0/0xc0
[   14.283368]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.283392]  ? strcmp+0xb0/0xc0
[   14.283409]  kasan_report+0x141/0x180
[   14.283431]  ? strcmp+0xb0/0xc0
[   14.283453]  __asan_report_load1_noabort+0x18/0x20
[   14.283478]  strcmp+0xb0/0xc0
[   14.283496]  kasan_strings+0x431/0xe80
[   14.283517]  ? trace_hardirqs_on+0x37/0xe0
[   14.283541]  ? __pfx_kasan_strings+0x10/0x10
[   14.283562]  ? finish_task_switch.isra.0+0x153/0x700
[   14.283585]  ? __switch_to+0x47/0xf50
[   14.283611]  ? __schedule+0x10cc/0x2b60
[   14.283635]  ? __pfx_read_tsc+0x10/0x10
[   14.283656]  ? ktime_get_ts64+0x86/0x230
[   14.283681]  kunit_try_run_case+0x1a5/0x480
[   14.283707]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.283729]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.283754]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.283778]  ? __kthread_parkme+0x82/0x180
[   14.283800]  ? preempt_count_sub+0x50/0x80
[   14.283824]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.283849]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.283873]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.283898]  kthread+0x337/0x6f0
[   14.283918]  ? trace_preempt_on+0x20/0xc0
[   14.283940]  ? __pfx_kthread+0x10/0x10
[   14.283962]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.283983]  ? calculate_sigpending+0x7b/0xa0
[   14.284020]  ? __pfx_kthread+0x10/0x10
[   14.284042]  ret_from_fork+0x116/0x1d0
[   14.284063]  ? __pfx_kthread+0x10/0x10
[   14.284083]  ret_from_fork_asm+0x1a/0x30
[   14.284115]  </TASK>
[   14.284127] 
[   14.298155] Allocated by task 276:
[   14.298872]  kasan_save_stack+0x45/0x70
[   14.299452]  kasan_save_track+0x18/0x40
[   14.300007]  kasan_save_alloc_info+0x3b/0x50
[   14.300401]  __kasan_kmalloc+0xb7/0xc0
[   14.300880]  __kmalloc_cache_noprof+0x189/0x420
[   14.301317]  kasan_strings+0xc0/0xe80
[   14.301534]  kunit_try_run_case+0x1a5/0x480
[   14.302184]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.303064]  kthread+0x337/0x6f0
[   14.303205]  ret_from_fork+0x116/0x1d0
[   14.303739]  ret_from_fork_asm+0x1a/0x30
[   14.304221] 
[   14.304431] Freed by task 276:
[   14.304630]  kasan_save_stack+0x45/0x70
[   14.304773]  kasan_save_track+0x18/0x40
[   14.304916]  kasan_save_free_info+0x3f/0x60
[   14.305206]  __kasan_slab_free+0x56/0x70
[   14.305654]  kfree+0x222/0x3f0
[   14.306066]  kasan_strings+0x2aa/0xe80
[   14.306512]  kunit_try_run_case+0x1a5/0x480
[   14.306926]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.307859]  kthread+0x337/0x6f0
[   14.308171]  ret_from_fork+0x116/0x1d0
[   14.308404]  ret_from_fork_asm+0x1a/0x30
[   14.308785] 
[   14.309082] The buggy address belongs to the object at ffff8881029c9580
[   14.309082]  which belongs to the cache kmalloc-32 of size 32
[   14.309912] The buggy address is located 16 bytes inside of
[   14.309912]  freed 32-byte region [ffff8881029c9580, ffff8881029c95a0)
[   14.310801] 
[   14.310886] The buggy address belongs to the physical page:
[   14.311236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c9
[   14.312399] flags: 0x200000000000000(node=0|zone=2)
[   14.312901] page_type: f5(slab)
[   14.313172] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.313691] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.313924] page dumped because: kasan: bad access detected
[   14.314392] 
[   14.314621] Memory state around the buggy address:
[   14.315143]  ffff8881029c9480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.315841]  ffff8881029c9500: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   14.316392] >ffff8881029c9580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.317000]                          ^
[   14.317148]  ffff8881029c9600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.317365]  ffff8881029c9680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.318500] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MyNrXgiUK2WQ9kAj3BzGphCF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MyNrXgiUK2WQ9kAj3BzGphCF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/bzImage
sha256sum	e715e0f52245accf83f401d29cc1c2f3b2a59bbdf3f5ad590c1c6f981a5169eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/modules.tar.xz
sha256sum	a6fb5fb0c5521f1f236c8b67ce1b76fdcd44954d158362bf4d88d0d9d544c595

durations

tests

boot	0
kunit	233.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.103258] ==================================================================
[   14.105807] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0
[   14.106150] Read of size 1 at addr ffff8881029b0850 by task kunit_try_catch/276
[   14.106911] 
[   14.107189] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.107240] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.107262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.107287] Call Trace:
[   14.107300]  <TASK>
[   14.107318]  dump_stack_lvl+0x73/0xb0
[   14.107347]  print_report+0xd1/0x610
[   14.107382]  ? __virt_addr_valid+0x1db/0x2d0
[   14.107407]  ? strcmp+0xb0/0xc0
[   14.107424]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.107458]  ? strcmp+0xb0/0xc0
[   14.107476]  kasan_report+0x141/0x180
[   14.107499]  ? strcmp+0xb0/0xc0
[   14.107522]  __asan_report_load1_noabort+0x18/0x20
[   14.107558]  strcmp+0xb0/0xc0
[   14.107576]  kasan_strings+0x431/0xe80
[   14.107597]  ? trace_hardirqs_on+0x37/0xe0
[   14.107621]  ? __pfx_kasan_strings+0x10/0x10
[   14.107642]  ? finish_task_switch.isra.0+0x153/0x700
[   14.107665]  ? __switch_to+0x47/0xf50
[   14.107694]  ? __schedule+0x10cc/0x2b60
[   14.107717]  ? __pfx_read_tsc+0x10/0x10
[   14.107738]  ? ktime_get_ts64+0x86/0x230
[   14.107763]  kunit_try_run_case+0x1a5/0x480
[   14.107789]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.107812]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.107836]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.107859]  ? __kthread_parkme+0x82/0x180
[   14.107880]  ? preempt_count_sub+0x50/0x80
[   14.107913]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.107937]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.107961]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.107985]  kthread+0x337/0x6f0
[   14.108004]  ? trace_preempt_on+0x20/0xc0
[   14.108026]  ? __pfx_kthread+0x10/0x10
[   14.108046]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.108068]  ? calculate_sigpending+0x7b/0xa0
[   14.108094]  ? __pfx_kthread+0x10/0x10
[   14.108115]  ret_from_fork+0x116/0x1d0
[   14.108133]  ? __pfx_kthread+0x10/0x10
[   14.108153]  ret_from_fork_asm+0x1a/0x30
[   14.108186]  </TASK>
[   14.108198] 
[   14.122318] Allocated by task 276:
[   14.122684]  kasan_save_stack+0x45/0x70
[   14.123124]  kasan_save_track+0x18/0x40
[   14.123269]  kasan_save_alloc_info+0x3b/0x50
[   14.123421]  __kasan_kmalloc+0xb7/0xc0
[   14.123613]  __kmalloc_cache_noprof+0x189/0x420
[   14.124068]  kasan_strings+0xc0/0xe80
[   14.124437]  kunit_try_run_case+0x1a5/0x480
[   14.125023]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.125671]  kthread+0x337/0x6f0
[   14.125994]  ret_from_fork+0x116/0x1d0
[   14.126461]  ret_from_fork_asm+0x1a/0x30
[   14.127080] 
[   14.127280] Freed by task 276:
[   14.127405]  kasan_save_stack+0x45/0x70
[   14.127601]  kasan_save_track+0x18/0x40
[   14.127985]  kasan_save_free_info+0x3f/0x60
[   14.128414]  __kasan_slab_free+0x56/0x70
[   14.128982]  kfree+0x222/0x3f0
[   14.129317]  kasan_strings+0x2aa/0xe80
[   14.129542]  kunit_try_run_case+0x1a5/0x480
[   14.129952]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.130428]  kthread+0x337/0x6f0
[   14.130693]  ret_from_fork+0x116/0x1d0
[   14.131213]  ret_from_fork_asm+0x1a/0x30
[   14.131663] 
[   14.131811] The buggy address belongs to the object at ffff8881029b0840
[   14.131811]  which belongs to the cache kmalloc-32 of size 32
[   14.132442] The buggy address is located 16 bytes inside of
[   14.132442]  freed 32-byte region [ffff8881029b0840, ffff8881029b0860)
[   14.133633] 
[   14.133715] The buggy address belongs to the physical page:
[   14.133903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b0
[   14.134524] flags: 0x200000000000000(node=0|zone=2)
[   14.135113] page_type: f5(slab)
[   14.135434] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.136313] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.136917] page dumped because: kasan: bad access detected
[   14.137348] 
[   14.137502] Memory state around the buggy address:
[   14.138021]  ffff8881029b0700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.138506]  ffff8881029b0780: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.138732] >ffff8881029b0800: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.139461]                                                  ^
[   14.140127]  ffff8881029b0880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.141162]  ffff8881029b0900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.141446] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T2OzuK6lIw4rRFlSAhCs7bnu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T2OzuK6lIw4rRFlSAhCs7bnu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/bzImage
sha256sum	42041c61d6e46ef309c371e5fe2f53a0c6849e7beec0f7e1f396b9c65c0adbb2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/modules.tar.xz
sha256sum	02cd970151971431ac5e5e4fcd602180a5476f25314259d1f76384cd0f280f1b

durations

tests

boot	0
kunit	226.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit