lkft/sashal-linus-next - v6.13-rc7-43871-g530dddedcd5a - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen

Date

July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.365281] ==================================================================
[   19.365345] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88
[   19.365471] Read of size 1 at addr fff00000c799d550 by task kunit_try_catch/259
[   19.365540] 
[   19.365582] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.365933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.365976] Hardware name: linux,dummy-virt (DT)
[   19.366011] Call trace:
[   19.366037]  show_stack+0x20/0x38 (C)
[   19.366099]  dump_stack_lvl+0x8c/0xd0
[   19.366542]  print_report+0x118/0x5d0
[   19.366621]  kasan_report+0xdc/0x128
[   19.366672]  __asan_report_load1_noabort+0x20/0x30
[   19.366875]  strnlen+0x80/0x88
[   19.366920]  kasan_strings+0x478/0xb00
[   19.366973]  kunit_try_run_case+0x170/0x3f0
[   19.367274]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.367538]  kthread+0x328/0x630
[   19.367593]  ret_from_fork+0x10/0x20
[   19.367949] 
[   19.368056] Allocated by task 259:
[   19.368094]  kasan_save_stack+0x3c/0x68
[   19.368546]  kasan_save_track+0x20/0x40
[   19.368764]  kasan_save_alloc_info+0x40/0x58
[   19.368997]  __kasan_kmalloc+0xd4/0xd8
[   19.369047]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.369427]  kasan_strings+0xc8/0xb00
[   19.369675]  kunit_try_run_case+0x170/0x3f0
[   19.369874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.370126]  kthread+0x328/0x630
[   19.370198]  ret_from_fork+0x10/0x20
[   19.370429] 
[   19.370562] Freed by task 259:
[   19.370745]  kasan_save_stack+0x3c/0x68
[   19.370818]  kasan_save_track+0x20/0x40
[   19.371078]  kasan_save_free_info+0x4c/0x78
[   19.371373]  __kasan_slab_free+0x6c/0x98
[   19.371554]  kfree+0x214/0x3c8
[   19.371790]  kasan_strings+0x24c/0xb00
[   19.371901]  kunit_try_run_case+0x170/0x3f0
[   19.371954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.372011]  kthread+0x328/0x630
[   19.372047]  ret_from_fork+0x10/0x20
[   19.372095] 
[   19.372126] The buggy address belongs to the object at fff00000c799d540
[   19.372126]  which belongs to the cache kmalloc-32 of size 32
[   19.372189] The buggy address is located 16 bytes inside of
[   19.372189]  freed 32-byte region [fff00000c799d540, fff00000c799d560)
[   19.372252] 
[   19.372299] The buggy address belongs to the physical page:
[   19.372344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10799d
[   19.372409] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.372477] page_type: f5(slab)
[   19.372519] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   19.372574] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   19.372616] page dumped because: kasan: bad access detected
[   19.372659] 
[   19.372695] Memory state around the buggy address:
[   19.372732]  fff00000c799d400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   19.372776]  fff00000c799d480: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   19.372820] >fff00000c799d500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.372870]                                                  ^
[   19.372918]  fff00000c799d580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   19.372972]  fff00000c799d600: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   19.373013] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EF25Pp9Vi9nJKRzPLQTha4DW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EF25Pp9Vi9nJKRzPLQTha4DW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/Image.gz
sha256sum	0cd43a55510452afcc094a9b71b52e570abcb0018a9c4b3e8c55713d88f43dcd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303ECYTm040GLO6kXFdSkAckpUQ/modules.tar.xz
sha256sum	1123cbd40eab351130997a1b3dcec1375004e5d45c47d69105fc241be8d9036c

durations

tests

boot	0
kunit	182.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   18.922612] ==================================================================
[   18.922676] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88
[   18.922723] Read of size 1 at addr fff00000c7a5ef90 by task kunit_try_catch/259
[   18.922775] 
[   18.922809] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.922893] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.922922] Hardware name: linux,dummy-virt (DT)
[   18.922955] Call trace:
[   18.922980]  show_stack+0x20/0x38 (C)
[   18.923031]  dump_stack_lvl+0x8c/0xd0
[   18.923080]  print_report+0x118/0x5d0
[   18.923129]  kasan_report+0xdc/0x128
[   18.923176]  __asan_report_load1_noabort+0x20/0x30
[   18.923228]  strnlen+0x80/0x88
[   18.923271]  kasan_strings+0x478/0xb00
[   18.923316]  kunit_try_run_case+0x170/0x3f0
[   18.923375]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.923430]  kthread+0x328/0x630
[   18.923472]  ret_from_fork+0x10/0x20
[   18.923521] 
[   18.923542] Allocated by task 259:
[   18.923571]  kasan_save_stack+0x3c/0x68
[   18.923612]  kasan_save_track+0x20/0x40
[   18.923652]  kasan_save_alloc_info+0x40/0x58
[   18.923694]  __kasan_kmalloc+0xd4/0xd8
[   18.923732]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.923777]  kasan_strings+0xc8/0xb00
[   18.923814]  kunit_try_run_case+0x170/0x3f0
[   18.923854]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.923900]  kthread+0x328/0x630
[   18.923933]  ret_from_fork+0x10/0x20
[   18.923971] 
[   18.923992] Freed by task 259:
[   18.924019]  kasan_save_stack+0x3c/0x68
[   18.924059]  kasan_save_track+0x20/0x40
[   18.924096]  kasan_save_free_info+0x4c/0x78
[   18.924138]  __kasan_slab_free+0x6c/0x98
[   18.924181]  kfree+0x214/0x3c8
[   18.924217]  kasan_strings+0x24c/0xb00
[   18.924252]  kunit_try_run_case+0x170/0x3f0
[   18.924298]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.924439]  kthread+0x328/0x630
[   18.924473]  ret_from_fork+0x10/0x20
[   18.924583] 
[   18.924635] The buggy address belongs to the object at fff00000c7a5ef80
[   18.924635]  which belongs to the cache kmalloc-32 of size 32
[   18.924840] The buggy address is located 16 bytes inside of
[   18.924840]  freed 32-byte region [fff00000c7a5ef80, fff00000c7a5efa0)
[   18.924966] 
[   18.925087] The buggy address belongs to the physical page:
[   18.925145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a5e
[   18.925201] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.925267] page_type: f5(slab)
[   18.925354] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   18.925487] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   18.925555] page dumped because: kasan: bad access detected
[   18.925701] 
[   18.925722] Memory state around the buggy address:
[   18.925755]  fff00000c7a5ee80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.925800]  fff00000c7a5ef00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.925844] >fff00000c7a5ef80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.925886]                          ^
[   18.925920]  fff00000c7a5f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.925964]  fff00000c7a5f080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.926004] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MxbItH1xNBq5DVzgi5f9Vk9B

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MxbItH1xNBq5DVzgi5f9Vk9B

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/Image.gz
sha256sum	1d26a50b80602cf96dca0b9e5d4833d551bb9799e3e8f672f61c3fedb7c3633a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MuvPW3SK4gLbQ1ALw5htqwSd/modules.tar.xz
sha256sum	8d3b93659e4b7dd2c56e9a38da739978022e2707277d72909e50cc2549d4beb2

durations

tests

boot	0
kunit	169.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.056894] ==================================================================
[   14.057238] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80
[   14.057672] Read of size 1 at addr ffff8881026f44d0 by task kunit_try_catch/277
[   14.058015] 
[   14.058115] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.058156] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.058166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.058186] Call Trace:
[   14.058199]  <TASK>
[   14.058224]  dump_stack_lvl+0x73/0xb0
[   14.058250]  print_report+0xd1/0x610
[   14.058271]  ? __virt_addr_valid+0x1db/0x2d0
[   14.058304]  ? strnlen+0x73/0x80
[   14.058321]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.058343]  ? strnlen+0x73/0x80
[   14.058361]  kasan_report+0x141/0x180
[   14.058383]  ? strnlen+0x73/0x80
[   14.058426]  __asan_report_load1_noabort+0x18/0x20
[   14.058467]  strnlen+0x73/0x80
[   14.058487]  kasan_strings+0x615/0xe80
[   14.058547]  ? trace_hardirqs_on+0x37/0xe0
[   14.058572]  ? __pfx_kasan_strings+0x10/0x10
[   14.058594]  ? __kasan_check_write+0x18/0x20
[   14.058613]  ? queued_spin_lock_slowpath+0x116/0xb40
[   14.058647]  ? irqentry_exit+0x2a/0x60
[   14.058667]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   14.058692]  ? trace_hardirqs_on+0x37/0xe0
[   14.058725]  ? __pfx_read_tsc+0x10/0x10
[   14.058744]  ? ktime_get_ts64+0x86/0x230
[   14.058768]  kunit_try_run_case+0x1a5/0x480
[   14.058792]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.058825]  ? queued_spin_lock_slowpath+0x116/0xb40
[   14.058848]  ? __kthread_parkme+0x82/0x180
[   14.058868]  ? preempt_count_sub+0x50/0x80
[   14.058902]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.058927]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.058951]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.058975]  kthread+0x337/0x6f0
[   14.059002]  ? trace_preempt_on+0x20/0xc0
[   14.059023]  ? __pfx_kthread+0x10/0x10
[   14.059044]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.059075]  ? calculate_sigpending+0x7b/0xa0
[   14.059099]  ? __pfx_kthread+0x10/0x10
[   14.059121]  ret_from_fork+0x116/0x1d0
[   14.059139]  ? __pfx_kthread+0x10/0x10
[   14.059159]  ret_from_fork_asm+0x1a/0x30
[   14.059191]  </TASK>
[   14.059201] 
[   14.066835] Allocated by task 277:
[   14.066967]  kasan_save_stack+0x45/0x70
[   14.067114]  kasan_save_track+0x18/0x40
[   14.067250]  kasan_save_alloc_info+0x3b/0x50
[   14.067422]  __kasan_kmalloc+0xb7/0xc0
[   14.067618]  __kmalloc_cache_noprof+0x189/0x420
[   14.067841]  kasan_strings+0xc0/0xe80
[   14.068110]  kunit_try_run_case+0x1a5/0x480
[   14.068321]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.068812]  kthread+0x337/0x6f0
[   14.068981]  ret_from_fork+0x116/0x1d0
[   14.069168]  ret_from_fork_asm+0x1a/0x30
[   14.069361] 
[   14.069461] Freed by task 277:
[   14.069904]  kasan_save_stack+0x45/0x70
[   14.070123]  kasan_save_track+0x18/0x40
[   14.070348]  kasan_save_free_info+0x3f/0x60
[   14.070697]  __kasan_slab_free+0x56/0x70
[   14.070842]  kfree+0x222/0x3f0
[   14.070956]  kasan_strings+0x2aa/0xe80
[   14.071086]  kunit_try_run_case+0x1a5/0x480
[   14.071228]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.071398]  kthread+0x337/0x6f0
[   14.071696]  ret_from_fork+0x116/0x1d0
[   14.072084]  ret_from_fork_asm+0x1a/0x30
[   14.072342] 
[   14.072584] The buggy address belongs to the object at ffff8881026f44c0
[   14.072584]  which belongs to the cache kmalloc-32 of size 32
[   14.073451] The buggy address is located 16 bytes inside of
[   14.073451]  freed 32-byte region [ffff8881026f44c0, ffff8881026f44e0)
[   14.074134] 
[   14.074282] The buggy address belongs to the physical page:
[   14.074739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f4
[   14.075043] flags: 0x200000000000000(node=0|zone=2)
[   14.075210] page_type: f5(slab)
[   14.075335] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.075691] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.076263] page dumped because: kasan: bad access detected
[   14.076682] 
[   14.076814] Memory state around the buggy address:
[   14.077061]  ffff8881026f4380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.077287]  ffff8881026f4400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.077518] >ffff8881026f4480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.077891]                                                  ^
[   14.078218]  ffff8881026f4500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.079046]  ffff8881026f4580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.080079] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303EBflBPqSbIUkiUzReBHe3YjN

job_id

TEST:linaro@lkft#303EFrR321z66uMtHD4l4dQQryi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303EFrR321z66uMtHD4l4dQQryi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/bzImage
sha256sum	c220f70d9515ab3041e245bb6755df814c152e1bb2b5c646740fe1b3afdde8b5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303EDHUQV2HWml6WToh69KJUFJb/modules.tar.xz
sha256sum	ab8bf28231ab6c259d2b1478935ea551409070bcef8061d01f520819ad2ce3b6

durations

tests

boot	0
kunit	217.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.395671] ==================================================================
[   14.396736] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80
[   14.397425] Read of size 1 at addr ffff8881029c9590 by task kunit_try_catch/276
[   14.397939] 
[   14.398104] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.398159] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.398171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.398196] Call Trace:
[   14.398217]  <TASK>
[   14.398238]  dump_stack_lvl+0x73/0xb0
[   14.398274]  print_report+0xd1/0x610
[   14.398300]  ? __virt_addr_valid+0x1db/0x2d0
[   14.398326]  ? strnlen+0x73/0x80
[   14.398343]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.398366]  ? strnlen+0x73/0x80
[   14.398384]  kasan_report+0x141/0x180
[   14.398405]  ? strnlen+0x73/0x80
[   14.398427]  __asan_report_load1_noabort+0x18/0x20
[   14.398452]  strnlen+0x73/0x80
[   14.398471]  kasan_strings+0x615/0xe80
[   14.398491]  ? trace_hardirqs_on+0x37/0xe0
[   14.398515]  ? __pfx_kasan_strings+0x10/0x10
[   14.398535]  ? finish_task_switch.isra.0+0x153/0x700
[   14.398558]  ? __switch_to+0x47/0xf50
[   14.398583]  ? __schedule+0x10cc/0x2b60
[   14.398606]  ? __pfx_read_tsc+0x10/0x10
[   14.398626]  ? ktime_get_ts64+0x86/0x230
[   14.398651]  kunit_try_run_case+0x1a5/0x480
[   14.398676]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.398698]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.398723]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.398746]  ? __kthread_parkme+0x82/0x180
[   14.398768]  ? preempt_count_sub+0x50/0x80
[   14.398790]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.398814]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.398838]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.398861]  kthread+0x337/0x6f0
[   14.398882]  ? trace_preempt_on+0x20/0xc0
[   14.398903]  ? __pfx_kthread+0x10/0x10
[   14.398924]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.398945]  ? calculate_sigpending+0x7b/0xa0
[   14.398970]  ? __pfx_kthread+0x10/0x10
[   14.398991]  ret_from_fork+0x116/0x1d0
[   14.399022]  ? __pfx_kthread+0x10/0x10
[   14.399043]  ret_from_fork_asm+0x1a/0x30
[   14.399074]  </TASK>
[   14.399084] 
[   14.413909] Allocated by task 276:
[   14.414315]  kasan_save_stack+0x45/0x70
[   14.414740]  kasan_save_track+0x18/0x40
[   14.415137]  kasan_save_alloc_info+0x3b/0x50
[   14.415517]  __kasan_kmalloc+0xb7/0xc0
[   14.415693]  __kmalloc_cache_noprof+0x189/0x420
[   14.415854]  kasan_strings+0xc0/0xe80
[   14.415987]  kunit_try_run_case+0x1a5/0x480
[   14.416732]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.417284]  kthread+0x337/0x6f0
[   14.417699]  ret_from_fork+0x116/0x1d0
[   14.418123]  ret_from_fork_asm+0x1a/0x30
[   14.418496] 
[   14.418574] Freed by task 276:
[   14.418689]  kasan_save_stack+0x45/0x70
[   14.418827]  kasan_save_track+0x18/0x40
[   14.418962]  kasan_save_free_info+0x3f/0x60
[   14.419414]  __kasan_slab_free+0x56/0x70
[   14.419813]  kfree+0x222/0x3f0
[   14.420111]  kasan_strings+0x2aa/0xe80
[   14.420571]  kunit_try_run_case+0x1a5/0x480
[   14.420811]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.420996]  kthread+0x337/0x6f0
[   14.421687]  ret_from_fork+0x116/0x1d0
[   14.422124]  ret_from_fork_asm+0x1a/0x30
[   14.422538] 
[   14.422713] The buggy address belongs to the object at ffff8881029c9580
[   14.422713]  which belongs to the cache kmalloc-32 of size 32
[   14.423663] The buggy address is located 16 bytes inside of
[   14.423663]  freed 32-byte region [ffff8881029c9580, ffff8881029c95a0)
[   14.424512] 
[   14.424710] The buggy address belongs to the physical page:
[   14.425182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c9
[   14.425441] flags: 0x200000000000000(node=0|zone=2)
[   14.425863] page_type: f5(slab)
[   14.426571] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.427280] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.427721] page dumped because: kasan: bad access detected
[   14.427896] 
[   14.427966] Memory state around the buggy address:
[   14.428219]  ffff8881029c9480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.428821]  ffff8881029c9500: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   14.429477] >ffff8881029c9580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.430218]                          ^
[   14.430561]  ffff8881029c9600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.431603]  ffff8881029c9680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.431825] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Mu3ntpbAl90E7xFJwTYkz6hg

job_id

TEST:linaro@lkft#303MyNrXgiUK2WQ9kAj3BzGphCF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303MyNrXgiUK2WQ9kAj3BzGphCF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/bzImage
sha256sum	e715e0f52245accf83f401d29cc1c2f3b2a59bbdf3f5ad590c1c6f981a5169eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303MvjxJUPUp0dSFAYAM6r89zAg/modules.tar.xz
sha256sum	a6fb5fb0c5521f1f236c8b67ce1b76fdcd44954d158362bf4d88d0d9d544c595

durations

tests

boot	0
kunit	233.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   14.188881] ==================================================================
[   14.189261] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80
[   14.189614] Read of size 1 at addr ffff8881029b0850 by task kunit_try_catch/276
[   14.189851] 
[   14.189953] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.189995] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.190007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.190028] Call Trace:
[   14.190042]  <TASK>
[   14.190058]  dump_stack_lvl+0x73/0xb0
[   14.190083]  print_report+0xd1/0x610
[   14.190106]  ? __virt_addr_valid+0x1db/0x2d0
[   14.190130]  ? strnlen+0x73/0x80
[   14.190147]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.190171]  ? strnlen+0x73/0x80
[   14.190189]  kasan_report+0x141/0x180
[   14.190211]  ? strnlen+0x73/0x80
[   14.190234]  __asan_report_load1_noabort+0x18/0x20
[   14.190259]  strnlen+0x73/0x80
[   14.190278]  kasan_strings+0x615/0xe80
[   14.190297]  ? trace_hardirqs_on+0x37/0xe0
[   14.190321]  ? __pfx_kasan_strings+0x10/0x10
[   14.190341]  ? finish_task_switch.isra.0+0x153/0x700
[   14.190364]  ? __switch_to+0x47/0xf50
[   14.190390]  ? __schedule+0x10cc/0x2b60
[   14.190413]  ? __pfx_read_tsc+0x10/0x10
[   14.190433]  ? ktime_get_ts64+0x86/0x230
[   14.190458]  kunit_try_run_case+0x1a5/0x480
[   14.190482]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.190504]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.190610]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.190638]  ? __kthread_parkme+0x82/0x180
[   14.190659]  ? preempt_count_sub+0x50/0x80
[   14.190683]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.190708]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.190733]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.190757]  kthread+0x337/0x6f0
[   14.190781]  ? trace_preempt_on+0x20/0xc0
[   14.190803]  ? __pfx_kthread+0x10/0x10
[   14.190824]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.190845]  ? calculate_sigpending+0x7b/0xa0
[   14.190869]  ? __pfx_kthread+0x10/0x10
[   14.190890]  ret_from_fork+0x116/0x1d0
[   14.190920]  ? __pfx_kthread+0x10/0x10
[   14.190941]  ret_from_fork_asm+0x1a/0x30
[   14.190973]  </TASK>
[   14.190983] 
[   14.199193] Allocated by task 276:
[   14.199327]  kasan_save_stack+0x45/0x70
[   14.199474]  kasan_save_track+0x18/0x40
[   14.199610]  kasan_save_alloc_info+0x3b/0x50
[   14.199759]  __kasan_kmalloc+0xb7/0xc0
[   14.199900]  __kmalloc_cache_noprof+0x189/0x420
[   14.200321]  kasan_strings+0xc0/0xe80
[   14.200518]  kunit_try_run_case+0x1a5/0x480
[   14.200861]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.201167]  kthread+0x337/0x6f0
[   14.201301]  ret_from_fork+0x116/0x1d0
[   14.201434]  ret_from_fork_asm+0x1a/0x30
[   14.201728] 
[   14.201827] Freed by task 276:
[   14.202005]  kasan_save_stack+0x45/0x70
[   14.202206]  kasan_save_track+0x18/0x40
[   14.202377]  kasan_save_free_info+0x3f/0x60
[   14.202631]  __kasan_slab_free+0x56/0x70
[   14.202781]  kfree+0x222/0x3f0
[   14.202909]  kasan_strings+0x2aa/0xe80
[   14.203229]  kunit_try_run_case+0x1a5/0x480
[   14.203433]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.203779]  kthread+0x337/0x6f0
[   14.203949]  ret_from_fork+0x116/0x1d0
[   14.204134]  ret_from_fork_asm+0x1a/0x30
[   14.204334] 
[   14.204413] The buggy address belongs to the object at ffff8881029b0840
[   14.204413]  which belongs to the cache kmalloc-32 of size 32
[   14.204983] The buggy address is located 16 bytes inside of
[   14.204983]  freed 32-byte region [ffff8881029b0840, ffff8881029b0860)
[   14.205517] 
[   14.205674] The buggy address belongs to the physical page:
[   14.205887] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b0
[   14.206283] flags: 0x200000000000000(node=0|zone=2)
[   14.206502] page_type: f5(slab)
[   14.206733] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.207105] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.207411] page dumped because: kasan: bad access detected
[   14.207698] 
[   14.207792] Memory state around the buggy address:
[   14.207987]  ffff8881029b0700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.208280]  ffff8881029b0780: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.208736] >ffff8881029b0800: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.208978]                                                  ^
[   14.209296]  ffff8881029b0880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.209643]  ffff8881029b0900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   14.210009] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

303Sxu1j8OyuX5lG527CuRMl0zm

job_id

TEST:linaro@lkft#303T2OzuK6lIw4rRFlSAhCs7bnu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/303T2OzuK6lIw4rRFlSAhCs7bnu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/bzImage
sha256sum	42041c61d6e46ef309c371e5fe2f53a0c6849e7beec0f7e1f396b9c65c0adbb2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/303Szma0mGNAiZG6rKGjPWN7fGT/modules.tar.xz
sha256sum	02cd970151971431ac5e5e4fcd602180a5476f25314259d1f76384cd0f280f1b

durations

tests

boot	0
kunit	226.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit