Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 67.938629] ================================================================== [ 67.945922] BUG: KASAN: slab-use-after-free in kasan_strings+0xd0c/0xf00 [ 67.952667] Read of size 1 at addr cc23b890 by task kunit_try_catch/315 [ 67.959320] [ 67.960845] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 67.960876] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 67.960876] Hardware name: Generic DRA74X (Flattened Device Tree) [ 67.960876] Call trace: [ 67.960906] unwind_backtrace from show_stack+0x18/0x1c [ 67.960937] show_stack from dump_stack_lvl+0x70/0x90 [ 67.960937] dump_stack_lvl from print_report+0x158/0x528 [ 67.960968] print_report from kasan_report+0xdc/0x118 [ 67.960998] kasan_report from kasan_strings+0xd0c/0xf00 [ 67.961029] kasan_strings from kunit_try_run_case+0x22c/0x5a8 [ 67.961029] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 67.961059] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 67.961090] kthread from ret_from_fork+0x14/0x20 [ 67.961120] Exception stack(0xf26c3fb0 to 0xf26c3ff8) [ 67.961120] 3fa0: 00000000 00000000 00000000 00000000 [ 67.961151] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 67.961181] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 67.961181] [ 68.065368] Allocated by task 315: [ 68.068786] kasan_save_track+0x30/0x5c [ 68.072662] __kasan_kmalloc+0x8c/0x94 [ 68.076446] kasan_strings+0xe8/0xf00 [ 68.080139] kunit_try_run_case+0x22c/0x5a8 [ 68.084350] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 68.089874] kthread+0x464/0x810 [ 68.093139] ret_from_fork+0x14/0x20 [ 68.096740] [ 68.098236] Freed by task 315: [ 68.101318] kasan_save_track+0x30/0x5c [ 68.105194] kasan_save_free_info+0x3c/0x48 [ 68.109405] __kasan_slab_free+0x40/0x50 [ 68.113372] kfree+0xe8/0x384 [ 68.116363] kasan_strings+0x310/0xf00 [ 68.120147] kunit_try_run_case+0x22c/0x5a8 [ 68.124359] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 68.129882] kthread+0x464/0x810 [ 68.133148] ret_from_fork+0x14/0x20 [ 68.136749] [ 68.138244] The buggy address belongs to the object at cc23b880 [ 68.138244] which belongs to the cache kmalloc-64 of size 64 [ 68.149993] The buggy address is located 16 bytes inside of [ 68.149993] freed 64-byte region [cc23b880, cc23b8c0) [ 68.160736] [ 68.162261] The buggy address belongs to the physical page: [ 68.167846] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23b [ 68.175140] flags: 0x0(zone=0) [ 68.178222] page_type: f5(slab) [ 68.181365] raw: 00000000 c7001300 00000122 00000000 00000000 00200020 f5000000 00000000 [ 68.189514] raw: 00000000 [ 68.192169] page dumped because: kasan: bad access detected [ 68.197784] [ 68.199279] Memory state around the buggy address: [ 68.204101] cc23b780: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.210662] cc23b800: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.217254] >cc23b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.223815] ^ [ 68.226898] cc23b900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.233459] cc23b980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.240051] ==================================================================
[ 42.262351] ================================================================== [ 42.269589] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 42.276289] Read of size 1 at addr ffff888107fedd10 by task kunit_try_catch/302 [ 42.283595] [ 42.285094] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 42.285102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 42.285104] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 42.285107] Call Trace: [ 42.285108] <TASK> [ 42.285110] dump_stack_lvl+0x73/0xb0 [ 42.285114] print_report+0xd1/0x650 [ 42.285118] ? __virt_addr_valid+0x1db/0x2d0 [ 42.285122] ? kasan_strings+0xcbc/0xe80 [ 42.285126] ? kasan_complete_mode_report_info+0x64/0x200 [ 42.285130] ? kasan_strings+0xcbc/0xe80 [ 42.285134] kasan_report+0x141/0x180 [ 42.285138] ? kasan_strings+0xcbc/0xe80 [ 42.285143] __asan_report_load1_noabort+0x18/0x20 [ 42.285147] kasan_strings+0xcbc/0xe80 [ 42.285151] ? trace_hardirqs_on+0x37/0xe0 [ 42.285155] ? __pfx_kasan_strings+0x10/0x10 [ 42.285159] ? finish_task_switch.isra.0+0x153/0x700 [ 42.285163] ? __switch_to+0x5d9/0xf60 [ 42.285167] ? dequeue_task_fair+0x166/0x4e0 [ 42.285171] ? __schedule+0x10cc/0x2b30 [ 42.285176] ? ktime_get_ts64+0x83/0x230 [ 42.285180] kunit_try_run_case+0x1a2/0x480 [ 42.285185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 42.285189] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 42.285194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 42.285198] ? __kthread_parkme+0x82/0x180 [ 42.285202] ? preempt_count_sub+0x50/0x80 [ 42.285207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 42.285211] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 42.285216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 42.285220] kthread+0x334/0x6f0 [ 42.285224] ? trace_preempt_on+0x20/0xc0 [ 42.285228] ? __pfx_kthread+0x10/0x10 [ 42.285233] ? _raw_spin_unlock_irq+0x47/0x80 [ 42.285237] ? calculate_sigpending+0x7b/0xa0 [ 42.285241] ? __pfx_kthread+0x10/0x10 [ 42.285245] ret_from_fork+0x3e/0x80 [ 42.285249] ? __pfx_kthread+0x10/0x10 [ 42.285253] ret_from_fork_asm+0x1a/0x30 [ 42.285259] </TASK> [ 42.285261] [ 42.463489] Allocated by task 302: [ 42.466894] kasan_save_stack+0x45/0x70 [ 42.470746] kasan_save_track+0x18/0x40 [ 42.474581] kasan_save_alloc_info+0x3b/0x50 [ 42.478855] __kasan_kmalloc+0xb7/0xc0 [ 42.482607] __kmalloc_cache_noprof+0x189/0x420 [ 42.487141] kasan_strings+0xc0/0xe80 [ 42.490813] kunit_try_run_case+0x1a2/0x480 [ 42.494998] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 42.500399] kthread+0x334/0x6f0 [ 42.503631] ret_from_fork+0x3e/0x80 [ 42.507209] ret_from_fork_asm+0x1a/0x30 [ 42.511135] [ 42.512636] Freed by task 302: [ 42.515740] kasan_save_stack+0x45/0x70 [ 42.519613] kasan_save_track+0x18/0x40 [ 42.523452] kasan_save_free_info+0x3f/0x60 [ 42.527637] __kasan_slab_free+0x56/0x70 [ 42.531564] kfree+0x222/0x3f0 [ 42.534622] kasan_strings+0x2aa/0xe80 [ 42.538374] kunit_try_run_case+0x1a2/0x480 [ 42.542561] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 42.547958] kthread+0x334/0x6f0 [ 42.551193] ret_from_fork+0x3e/0x80 [ 42.554778] ret_from_fork_asm+0x1a/0x30 [ 42.558705] [ 42.560223] The buggy address belongs to the object at ffff888107fedd00 [ 42.560223] which belongs to the cache kmalloc-32 of size 32 [ 42.572562] The buggy address is located 16 bytes inside of [ 42.572562] freed 32-byte region [ffff888107fedd00, ffff888107fedd20) [ 42.584643] [ 42.586141] The buggy address belongs to the physical page: [ 42.591755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107fed [ 42.599791] flags: 0x200000000000000(node=0|zone=2) [ 42.604689] page_type: f5(slab) [ 42.607871] raw: 0200000000000000 ffff888100042780 dead000000000122 0000000000000000 [ 42.615617] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 42.623357] page dumped because: kasan: bad access detected [ 42.628929] [ 42.630428] Memory state around the buggy address: [ 42.635221] ffff888107fedc00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 42.642439] ffff888107fedc80: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 42.649659] >ffff888107fedd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 42.656910] ^ [ 42.660665] ffff888107fedd80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 42.667909] ffff888107fede00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 42.675129] ==================================================================