lkft/sashal-linus-next - v6.13-rc7-43871-g530dddedcd5a - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen

Date

July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.353687] ==================================================================
[   19.353960] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0
[   19.354079] Read of size 1 at addr fff00000c799d550 by task kunit_try_catch/259
[   19.354167] 
[   19.354211] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.354294] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.354322] Hardware name: linux,dummy-virt (DT)
[   19.354357] Call trace:
[   19.354636]  show_stack+0x20/0x38 (C)
[   19.354873]  dump_stack_lvl+0x8c/0xd0
[   19.355331]  print_report+0x118/0x5d0
[   19.355511]  kasan_report+0xdc/0x128
[   19.355743]  __asan_report_load1_noabort+0x20/0x30
[   19.355864]  strlen+0xa8/0xb0
[   19.356082]  kasan_strings+0x418/0xb00
[   19.356255]  kunit_try_run_case+0x170/0x3f0
[   19.356539]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.356624]  kthread+0x328/0x630
[   19.356758]  ret_from_fork+0x10/0x20
[   19.356813] 
[   19.356835] Allocated by task 259:
[   19.357037]  kasan_save_stack+0x3c/0x68
[   19.357236]  kasan_save_track+0x20/0x40
[   19.357469]  kasan_save_alloc_info+0x40/0x58
[   19.357617]  __kasan_kmalloc+0xd4/0xd8
[   19.357822]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.358031]  kasan_strings+0xc8/0xb00
[   19.358073]  kunit_try_run_case+0x170/0x3f0
[   19.358245]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.358537]  kthread+0x328/0x630
[   19.358591]  ret_from_fork+0x10/0x20
[   19.358655] 
[   19.358677] Freed by task 259:
[   19.358720]  kasan_save_stack+0x3c/0x68
[   19.358767]  kasan_save_track+0x20/0x40
[   19.358807]  kasan_save_free_info+0x4c/0x78
[   19.358862]  __kasan_slab_free+0x6c/0x98
[   19.358904]  kfree+0x214/0x3c8
[   19.358952]  kasan_strings+0x24c/0xb00
[   19.358990]  kunit_try_run_case+0x170/0x3f0
[   19.359029]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.359074]  kthread+0x328/0x630
[   19.359112]  ret_from_fork+0x10/0x20
[   19.359150] 
[   19.359181] The buggy address belongs to the object at fff00000c799d540
[   19.359181]  which belongs to the cache kmalloc-32 of size 32
[   19.359251] The buggy address is located 16 bytes inside of
[   19.359251]  freed 32-byte region [fff00000c799d540, fff00000c799d560)
[   19.359316] 
[   19.359349] The buggy address belongs to the physical page:
[   19.359695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10799d
[   19.360054] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.361151] page_type: f5(slab)
[   19.361307] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   19.361604] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   19.361873] page dumped because: kasan: bad access detected
[   19.362085] 
[   19.362219] Memory state around the buggy address:
[   19.362260]  fff00000c799d400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.362576]  fff00000c799d480: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   19.362780] >fff00000c799d500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.363058]                                                  ^
[   19.363267]  fff00000c799d580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.363655]  fff00000c799d600: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.363872] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EF25Pp9Vi9nJKRzPLQTha4DW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EF25Pp9Vi9nJKRzPLQTha4DW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/Image.gz
sha256sum	0cd43a55510452afcc094a9b71b52e570abcb0018a9c4b3e8c55713d88f43dcd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/modules.tar.xz
sha256sum	1123cbd40eab351130997a1b3dcec1375004e5d45c47d69105fc241be8d9036c

durations

tests

boot	0
kunit	182.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   18.907359] ==================================================================
[   18.907567] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0
[   18.907784] Read of size 1 at addr fff00000c7a5ef90 by task kunit_try_catch/259
[   18.908109] 
[   18.908539] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.908781] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.909142] Hardware name: linux,dummy-virt (DT)
[   18.909847] Call trace:
[   18.909912]  show_stack+0x20/0x38 (C)
[   18.910169]  dump_stack_lvl+0x8c/0xd0
[   18.910442]  print_report+0x118/0x5d0
[   18.910626]  kasan_report+0xdc/0x128
[   18.910676]  __asan_report_load1_noabort+0x20/0x30
[   18.910730]  strlen+0xa8/0xb0
[   18.911850]  kasan_strings+0x418/0xb00
[   18.912884]  kunit_try_run_case+0x170/0x3f0
[   18.913201]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.913276]  kthread+0x328/0x630
[   18.913334]  ret_from_fork+0x10/0x20
[   18.913387] 
[   18.913408] Allocated by task 259:
[   18.913438]  kasan_save_stack+0x3c/0x68
[   18.913483]  kasan_save_track+0x20/0x40
[   18.913520]  kasan_save_alloc_info+0x40/0x58
[   18.913918]  __kasan_kmalloc+0xd4/0xd8
[   18.913971]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.914014]  kasan_strings+0xc8/0xb00
[   18.914052]  kunit_try_run_case+0x170/0x3f0
[   18.914340]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.914946]  kthread+0x328/0x630
[   18.915096]  ret_from_fork+0x10/0x20
[   18.915138] 
[   18.915161] Freed by task 259:
[   18.915190]  kasan_save_stack+0x3c/0x68
[   18.915384]  kasan_save_track+0x20/0x40
[   18.915955]  kasan_save_free_info+0x4c/0x78
[   18.916310]  __kasan_slab_free+0x6c/0x98
[   18.916682]  kfree+0x214/0x3c8
[   18.916857]  kasan_strings+0x24c/0xb00
[   18.916896]  kunit_try_run_case+0x170/0x3f0
[   18.917167]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.917371]  kthread+0x328/0x630
[   18.917465]  ret_from_fork+0x10/0x20
[   18.917779] 
[   18.917872] The buggy address belongs to the object at fff00000c7a5ef80
[   18.917872]  which belongs to the cache kmalloc-32 of size 32
[   18.918066] The buggy address is located 16 bytes inside of
[   18.918066]  freed 32-byte region [fff00000c7a5ef80, fff00000c7a5efa0)
[   18.918612] 
[   18.918649] The buggy address belongs to the physical page:
[   18.918774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a5e
[   18.919231] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.919289] page_type: f5(slab)
[   18.919578] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   18.919888] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   18.920100] page dumped because: kasan: bad access detected
[   18.920139] 
[   18.920364] Memory state around the buggy address:
[   18.920406]  fff00000c7a5ee80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.920869]  fff00000c7a5ef00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.920921] >fff00000c7a5ef80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.922034]                          ^
[   18.922086]  fff00000c7a5f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.922134]  fff00000c7a5f080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.922175] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MxbItH1xNBq5DVzgi5f9Vk9B

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MxbItH1xNBq5DVzgi5f9Vk9B

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/Image.gz
sha256sum	1d26a50b80602cf96dca0b9e5d4833d551bb9799e3e8f672f61c3fedb7c3633a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/modules.tar.xz
sha256sum	8d3b93659e4b7dd2c56e9a38da739978022e2707277d72909e50cc2549d4beb2

durations

tests

boot	0
kunit	169.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.034304] ==================================================================
[   14.034695] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0
[   14.034989] Read of size 1 at addr ffff8881026f44d0 by task kunit_try_catch/277
[   14.035249] 
[   14.035332] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.035373] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.035385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.035404] Call Trace:
[   14.035417]  <TASK>
[   14.035432]  dump_stack_lvl+0x73/0xb0
[   14.035468]  print_report+0xd1/0x610
[   14.035490]  ? __virt_addr_valid+0x1db/0x2d0
[   14.035511]  ? strlen+0x8f/0xb0
[   14.035526]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.035549]  ? strlen+0x8f/0xb0
[   14.035567]  kasan_report+0x141/0x180
[   14.035589]  ? strlen+0x8f/0xb0
[   14.035611]  __asan_report_load1_noabort+0x18/0x20
[   14.035635]  strlen+0x8f/0xb0
[   14.035653]  kasan_strings+0x57b/0xe80
[   14.035673]  ? trace_hardirqs_on+0x37/0xe0
[   14.035695]  ? __pfx_kasan_strings+0x10/0x10
[   14.035717]  ? __kasan_check_write+0x18/0x20
[   14.035736]  ? queued_spin_lock_slowpath+0x116/0xb40
[   14.035759]  ? irqentry_exit+0x2a/0x60
[   14.035779]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   14.035803]  ? trace_hardirqs_on+0x37/0xe0
[   14.035825]  ? __pfx_read_tsc+0x10/0x10
[   14.035844]  ? ktime_get_ts64+0x86/0x230
[   14.035868]  kunit_try_run_case+0x1a5/0x480
[   14.035891]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.035915]  ? queued_spin_lock_slowpath+0x116/0xb40
[   14.035938]  ? __kthread_parkme+0x82/0x180
[   14.035958]  ? preempt_count_sub+0x50/0x80
[   14.035981]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.036005]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.036029]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.036053]  kthread+0x337/0x6f0
[   14.036072]  ? trace_preempt_on+0x20/0xc0
[   14.036093]  ? __pfx_kthread+0x10/0x10
[   14.036112]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.036134]  ? calculate_sigpending+0x7b/0xa0
[   14.036158]  ? __pfx_kthread+0x10/0x10
[   14.036179]  ret_from_fork+0x116/0x1d0
[   14.036197]  ? __pfx_kthread+0x10/0x10
[   14.036219]  ret_from_fork_asm+0x1a/0x30
[   14.036333]  </TASK>
[   14.036345] 
[   14.045034] Allocated by task 277:
[   14.045198]  kasan_save_stack+0x45/0x70
[   14.045628]  kasan_save_track+0x18/0x40
[   14.045834]  kasan_save_alloc_info+0x3b/0x50
[   14.046052]  __kasan_kmalloc+0xb7/0xc0
[   14.046225]  __kmalloc_cache_noprof+0x189/0x420
[   14.046529]  kasan_strings+0xc0/0xe80
[   14.046710]  kunit_try_run_case+0x1a5/0x480
[   14.046859]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.047035]  kthread+0x337/0x6f0
[   14.047203]  ret_from_fork+0x116/0x1d0
[   14.047432]  ret_from_fork_asm+0x1a/0x30
[   14.047728] 
[   14.047865] Freed by task 277:
[   14.048019]  kasan_save_stack+0x45/0x70
[   14.048215]  kasan_save_track+0x18/0x40
[   14.048362]  kasan_save_free_info+0x3f/0x60
[   14.048751]  __kasan_slab_free+0x56/0x70
[   14.048944]  kfree+0x222/0x3f0
[   14.049083]  kasan_strings+0x2aa/0xe80
[   14.049294]  kunit_try_run_case+0x1a5/0x480
[   14.049493]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.049873]  kthread+0x337/0x6f0
[   14.050056]  ret_from_fork+0x116/0x1d0
[   14.050227]  ret_from_fork_asm+0x1a/0x30
[   14.050484] 
[   14.050716] The buggy address belongs to the object at ffff8881026f44c0
[   14.050716]  which belongs to the cache kmalloc-32 of size 32
[   14.051202] The buggy address is located 16 bytes inside of
[   14.051202]  freed 32-byte region [ffff8881026f44c0, ffff8881026f44e0)
[   14.051731] 
[   14.051806] The buggy address belongs to the physical page:
[   14.051978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f4
[   14.052218] flags: 0x200000000000000(node=0|zone=2)
[   14.052380] page_type: f5(slab)
[   14.052753] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.053093] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.053475] page dumped because: kasan: bad access detected
[   14.053852] 
[   14.053923] Memory state around the buggy address:
[   14.054079]  ffff8881026f4380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.054298]  ffff8881026f4400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.054546] >ffff8881026f4480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.054894]                                                  ^
[   14.055191]  ffff8881026f4500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.055657]  ffff8881026f4580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.056267] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EFrR321z66uMtHD4l4dQQryi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EFrR321z66uMtHD4l4dQQryi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/bzImage
sha256sum	c220f70d9515ab3041e245bb6755df814c152e1bb2b5c646740fe1b3afdde8b5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/modules.tar.xz
sha256sum	ab8bf28231ab6c259d2b1478935ea551409070bcef8061d01f520819ad2ce3b6

durations

tests

boot	0
kunit	217.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.356299] ==================================================================
[   14.357032] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0
[   14.357663] Read of size 1 at addr ffff8881029c9590 by task kunit_try_catch/276
[   14.358386] 
[   14.358608] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.358659] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.358682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.358705] Call Trace:
[   14.358726]  <TASK>
[   14.358746]  dump_stack_lvl+0x73/0xb0
[   14.358777]  print_report+0xd1/0x610
[   14.358803]  ? __virt_addr_valid+0x1db/0x2d0
[   14.358836]  ? strlen+0x8f/0xb0
[   14.358853]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.358876]  ? strlen+0x8f/0xb0
[   14.358903]  kasan_report+0x141/0x180
[   14.358925]  ? strlen+0x8f/0xb0
[   14.358947]  __asan_report_load1_noabort+0x18/0x20
[   14.358971]  strlen+0x8f/0xb0
[   14.358989]  kasan_strings+0x57b/0xe80
[   14.359027]  ? trace_hardirqs_on+0x37/0xe0
[   14.359051]  ? __pfx_kasan_strings+0x10/0x10
[   14.359118]  ? finish_task_switch.isra.0+0x153/0x700
[   14.359144]  ? __switch_to+0x47/0xf50
[   14.359171]  ? __schedule+0x10cc/0x2b60
[   14.359193]  ? __pfx_read_tsc+0x10/0x10
[   14.359214]  ? ktime_get_ts64+0x86/0x230
[   14.359238]  kunit_try_run_case+0x1a5/0x480
[   14.359263]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.359286]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.359311]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.359334]  ? __kthread_parkme+0x82/0x180
[   14.359356]  ? preempt_count_sub+0x50/0x80
[   14.359379]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.359402]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.359427]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.359451]  kthread+0x337/0x6f0
[   14.359470]  ? trace_preempt_on+0x20/0xc0
[   14.359492]  ? __pfx_kthread+0x10/0x10
[   14.359512]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.359533]  ? calculate_sigpending+0x7b/0xa0
[   14.359559]  ? __pfx_kthread+0x10/0x10
[   14.359579]  ret_from_fork+0x116/0x1d0
[   14.359598]  ? __pfx_kthread+0x10/0x10
[   14.359618]  ret_from_fork_asm+0x1a/0x30
[   14.359650]  </TASK>
[   14.359660] 
[   14.374828] Allocated by task 276:
[   14.375088]  kasan_save_stack+0x45/0x70
[   14.375553]  kasan_save_track+0x18/0x40
[   14.375692]  kasan_save_alloc_info+0x3b/0x50
[   14.375841]  __kasan_kmalloc+0xb7/0xc0
[   14.375974]  __kmalloc_cache_noprof+0x189/0x420
[   14.376920]  kasan_strings+0xc0/0xe80
[   14.377389]  kunit_try_run_case+0x1a5/0x480
[   14.377805]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.378460]  kthread+0x337/0x6f0
[   14.378872]  ret_from_fork+0x116/0x1d0
[   14.379247]  ret_from_fork_asm+0x1a/0x30
[   14.379686] 
[   14.379764] Freed by task 276:
[   14.379881]  kasan_save_stack+0x45/0x70
[   14.380079]  kasan_save_track+0x18/0x40
[   14.380443]  kasan_save_free_info+0x3f/0x60
[   14.380861]  __kasan_slab_free+0x56/0x70
[   14.381626]  kfree+0x222/0x3f0
[   14.381947]  kasan_strings+0x2aa/0xe80
[   14.382413]  kunit_try_run_case+0x1a5/0x480
[   14.382755]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.382935]  kthread+0x337/0x6f0
[   14.383197]  ret_from_fork+0x116/0x1d0
[   14.383572]  ret_from_fork_asm+0x1a/0x30
[   14.383957] 
[   14.384189] The buggy address belongs to the object at ffff8881029c9580
[   14.384189]  which belongs to the cache kmalloc-32 of size 32
[   14.385105] The buggy address is located 16 bytes inside of
[   14.385105]  freed 32-byte region [ffff8881029c9580, ffff8881029c95a0)
[   14.386112] 
[   14.386233] The buggy address belongs to the physical page:
[   14.386465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c9
[   14.386776] flags: 0x200000000000000(node=0|zone=2)
[   14.386983] page_type: f5(slab)
[   14.387142] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.387425] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.387714] page dumped because: kasan: bad access detected
[   14.387925] 
[   14.388028] Memory state around the buggy address:
[   14.388776]  ffff8881029c9480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.390146]  ffff8881029c9500: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   14.391022] >ffff8881029c9580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.391858]                          ^
[   14.392454]  ffff8881029c9600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.393643]  ffff8881029c9680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.394419] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MyNrXgiUK2WQ9kAj3BzGphCF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MyNrXgiUK2WQ9kAj3BzGphCF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/bzImage
sha256sum	e715e0f52245accf83f401d29cc1c2f3b2a59bbdf3f5ad590c1c6f981a5169eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/modules.tar.xz
sha256sum	a6fb5fb0c5521f1f236c8b67ce1b76fdcd44954d158362bf4d88d0d9d544c595

durations

tests

boot	0
kunit	233.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.166143] ==================================================================
[   14.166493] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0
[   14.166827] Read of size 1 at addr ffff8881029b0850 by task kunit_try_catch/276
[   14.167165] 
[   14.167280] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.167323] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.167335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.167355] Call Trace:
[   14.167370]  <TASK>
[   14.167384]  dump_stack_lvl+0x73/0xb0
[   14.167410]  print_report+0xd1/0x610
[   14.167433]  ? __virt_addr_valid+0x1db/0x2d0
[   14.167456]  ? strlen+0x8f/0xb0
[   14.167474]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.167499]  ? strlen+0x8f/0xb0
[   14.167517]  kasan_report+0x141/0x180
[   14.167590]  ? strlen+0x8f/0xb0
[   14.167614]  __asan_report_load1_noabort+0x18/0x20
[   14.167639]  strlen+0x8f/0xb0
[   14.167657]  kasan_strings+0x57b/0xe80
[   14.167677]  ? trace_hardirqs_on+0x37/0xe0
[   14.167701]  ? __pfx_kasan_strings+0x10/0x10
[   14.167721]  ? finish_task_switch.isra.0+0x153/0x700
[   14.167744]  ? __switch_to+0x47/0xf50
[   14.167771]  ? __schedule+0x10cc/0x2b60
[   14.167794]  ? __pfx_read_tsc+0x10/0x10
[   14.167814]  ? ktime_get_ts64+0x86/0x230
[   14.167839]  kunit_try_run_case+0x1a5/0x480
[   14.167863]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.167886]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.167923]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.167947]  ? __kthread_parkme+0x82/0x180
[   14.167968]  ? preempt_count_sub+0x50/0x80
[   14.168000]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.168023]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.168047]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.168071]  kthread+0x337/0x6f0
[   14.168091]  ? trace_preempt_on+0x20/0xc0
[   14.168112]  ? __pfx_kthread+0x10/0x10
[   14.168133]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.168154]  ? calculate_sigpending+0x7b/0xa0
[   14.168178]  ? __pfx_kthread+0x10/0x10
[   14.168199]  ret_from_fork+0x116/0x1d0
[   14.168218]  ? __pfx_kthread+0x10/0x10
[   14.168238]  ret_from_fork_asm+0x1a/0x30
[   14.168271]  </TASK>
[   14.168281] 
[   14.176872] Allocated by task 276:
[   14.177016]  kasan_save_stack+0x45/0x70
[   14.177163]  kasan_save_track+0x18/0x40
[   14.177299]  kasan_save_alloc_info+0x3b/0x50
[   14.177448]  __kasan_kmalloc+0xb7/0xc0
[   14.177582]  __kmalloc_cache_noprof+0x189/0x420
[   14.177738]  kasan_strings+0xc0/0xe80
[   14.177929]  kunit_try_run_case+0x1a5/0x480
[   14.178136]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.178389]  kthread+0x337/0x6f0
[   14.178786]  ret_from_fork+0x116/0x1d0
[   14.178998]  ret_from_fork_asm+0x1a/0x30
[   14.179207] 
[   14.179300] Freed by task 276:
[   14.179459]  kasan_save_stack+0x45/0x70
[   14.179794]  kasan_save_track+0x18/0x40
[   14.179939]  kasan_save_free_info+0x3f/0x60
[   14.180085]  __kasan_slab_free+0x56/0x70
[   14.180220]  kfree+0x222/0x3f0
[   14.180335]  kasan_strings+0x2aa/0xe80
[   14.180467]  kunit_try_run_case+0x1a5/0x480
[   14.180847]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.181318]  kthread+0x337/0x6f0
[   14.181489]  ret_from_fork+0x116/0x1d0
[   14.181922]  ret_from_fork_asm+0x1a/0x30
[   14.182327] 
[   14.182431] The buggy address belongs to the object at ffff8881029b0840
[   14.182431]  which belongs to the cache kmalloc-32 of size 32
[   14.183160] The buggy address is located 16 bytes inside of
[   14.183160]  freed 32-byte region [ffff8881029b0840, ffff8881029b0860)
[   14.183693] 
[   14.183791] The buggy address belongs to the physical page:
[   14.184047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b0
[   14.184363] flags: 0x200000000000000(node=0|zone=2)
[   14.184718] page_type: f5(slab)
[   14.184866] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.185240] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.185597] page dumped because: kasan: bad access detected
[   14.185830] 
[   14.185911] Memory state around the buggy address:
[   14.186220]  ffff8881029b0700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.186520]  ffff8881029b0780: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.186804] >ffff8881029b0800: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.187277]                                                  ^
[   14.187511]  ffff8881029b0880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.187847]  ffff8881029b0900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.188302] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T2OzuK6lIw4rRFlSAhCs7bnu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T2OzuK6lIw4rRFlSAhCs7bnu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/bzImage
sha256sum	42041c61d6e46ef309c371e5fe2f53a0c6849e7beec0f7e1f396b9c65c0adbb2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/modules.tar.xz
sha256sum	02cd970151971431ac5e5e4fcd602180a5476f25314259d1f76384cd0f280f1b

durations

tests

boot	0
kunit	226.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit