Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 67.609863] ================================================================== [ 67.633911] BUG: KASAN: slab-use-after-free in strcmp+0xcc/0xd4 [ 67.639862] Read of size 1 at addr cc23b890 by task kunit_try_catch/315 [ 67.646545] [ 67.648040] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 67.648071] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 67.648071] Hardware name: Generic DRA74X (Flattened Device Tree) [ 67.648101] Call trace: [ 67.648101] unwind_backtrace from show_stack+0x18/0x1c [ 67.648132] show_stack from dump_stack_lvl+0x70/0x90 [ 67.648162] dump_stack_lvl from print_report+0x158/0x528 [ 67.648193] print_report from kasan_report+0xdc/0x118 [ 67.648193] kasan_report from strcmp+0xcc/0xd4 [ 67.648223] strcmp from kasan_strings+0x490/0xf00 [ 67.648254] kasan_strings from kunit_try_run_case+0x22c/0x5a8 [ 67.648284] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 67.648284] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 67.648315] kthread from ret_from_fork+0x14/0x20 [ 67.648345] Exception stack(0xf26c3fb0 to 0xf26c3ff8) [ 67.648376] 3fa0: 00000000 00000000 00000000 00000000 [ 67.648376] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 67.648406] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 67.648406] [ 67.756622] Allocated by task 315: [ 67.760040] kasan_save_track+0x30/0x5c [ 67.763916] __kasan_kmalloc+0x8c/0x94 [ 67.767700] kasan_strings+0xe8/0xf00 [ 67.771392] kunit_try_run_case+0x22c/0x5a8 [ 67.775604] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 67.781127] kthread+0x464/0x810 [ 67.784393] ret_from_fork+0x14/0x20 [ 67.787994] [ 67.789489] Freed by task 315: [ 67.792572] kasan_save_track+0x30/0x5c [ 67.796447] kasan_save_free_info+0x3c/0x48 [ 67.800659] __kasan_slab_free+0x40/0x50 [ 67.804626] kfree+0xe8/0x384 [ 67.807617] kasan_strings+0x310/0xf00 [ 67.811401] kunit_try_run_case+0x22c/0x5a8 [ 67.815612] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 67.821136] kthread+0x464/0x810 [ 67.824401] ret_from_fork+0x14/0x20 [ 67.828002] [ 67.829528] The buggy address belongs to the object at cc23b880 [ 67.829528] which belongs to the cache kmalloc-64 of size 64 [ 67.841247] The buggy address is located 16 bytes inside of [ 67.841247] freed 64-byte region [cc23b880, cc23b8c0) [ 67.852020] [ 67.853515] The buggy address belongs to the physical page: [ 67.859130] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23b [ 67.866394] flags: 0x0(zone=0) [ 67.869476] page_type: f5(slab) [ 67.872650] raw: 00000000 c7001300 00000122 00000000 00000000 00200020 f5000000 00000000 [ 67.880798] raw: 00000000 [ 67.883422] page dumped because: kasan: bad access detected [ 67.889038] [ 67.890533] Memory state around the buggy address: [ 67.895355] cc23b780: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.901947] cc23b800: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.908508] >cc23b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 67.915069] ^ [ 67.918151] cc23b900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 67.924743] cc23b980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 67.931304] ==================================================================
[ 41.825909] ================================================================== [ 41.849813] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 41.855736] Read of size 1 at addr ffff888107fedd10 by task kunit_try_catch/302 [ 41.863047] [ 41.864547] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 41.864556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.864558] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 41.864561] Call Trace: [ 41.864563] <TASK> [ 41.864565] dump_stack_lvl+0x73/0xb0 [ 41.864569] print_report+0xd1/0x650 [ 41.864574] ? __virt_addr_valid+0x1db/0x2d0 [ 41.864578] ? strcmp+0xb0/0xc0 [ 41.864581] ? kasan_complete_mode_report_info+0x64/0x200 [ 41.864585] ? strcmp+0xb0/0xc0 [ 41.864588] kasan_report+0x141/0x180 [ 41.864592] ? strcmp+0xb0/0xc0 [ 41.864597] __asan_report_load1_noabort+0x18/0x20 [ 41.864600] strcmp+0xb0/0xc0 [ 41.864604] kasan_strings+0x431/0xe80 [ 41.864608] ? trace_hardirqs_on+0x37/0xe0 [ 41.864612] ? __pfx_kasan_strings+0x10/0x10 [ 41.864616] ? finish_task_switch.isra.0+0x153/0x700 [ 41.864620] ? __switch_to+0x5d9/0xf60 [ 41.864624] ? dequeue_task_fair+0x166/0x4e0 [ 41.864629] ? __schedule+0x10cc/0x2b30 [ 41.864633] ? ktime_get_ts64+0x83/0x230 [ 41.864638] kunit_try_run_case+0x1a2/0x480 [ 41.864642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 41.864646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 41.864651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 41.864655] ? __kthread_parkme+0x82/0x180 [ 41.864659] ? preempt_count_sub+0x50/0x80 [ 41.864664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 41.864685] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 41.864690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 41.864694] kthread+0x334/0x6f0 [ 41.864698] ? trace_preempt_on+0x20/0xc0 [ 41.864702] ? __pfx_kthread+0x10/0x10 [ 41.864719] ? _raw_spin_unlock_irq+0x47/0x80 [ 41.864723] ? calculate_sigpending+0x7b/0xa0 [ 41.864727] ? __pfx_kthread+0x10/0x10 [ 41.864731] ret_from_fork+0x3e/0x80 [ 41.864735] ? __pfx_kthread+0x10/0x10 [ 41.864739] ret_from_fork_asm+0x1a/0x30 [ 41.864745] </TASK> [ 41.864747] [ 42.043460] Allocated by task 302: [ 42.046867] kasan_save_stack+0x45/0x70 [ 42.050745] kasan_save_track+0x18/0x40 [ 42.054596] kasan_save_alloc_info+0x3b/0x50 [ 42.058871] __kasan_kmalloc+0xb7/0xc0 [ 42.062622] __kmalloc_cache_noprof+0x189/0x420 [ 42.067153] kasan_strings+0xc0/0xe80 [ 42.070820] kunit_try_run_case+0x1a2/0x480 [ 42.075005] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 42.080404] kthread+0x334/0x6f0 [ 42.083637] ret_from_fork+0x3e/0x80 [ 42.087216] ret_from_fork_asm+0x1a/0x30 [ 42.091143] [ 42.092642] Freed by task 302: [ 42.095702] kasan_save_stack+0x45/0x70 [ 42.099567] kasan_save_track+0x18/0x40 [ 42.103406] kasan_save_free_info+0x3f/0x60 [ 42.107590] __kasan_slab_free+0x56/0x70 [ 42.111519] kfree+0x222/0x3f0 [ 42.114575] kasan_strings+0x2aa/0xe80 [ 42.118329] kunit_try_run_case+0x1a2/0x480 [ 42.122515] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 42.127913] kthread+0x334/0x6f0 [ 42.131147] ret_from_fork+0x3e/0x80 [ 42.134758] ret_from_fork_asm+0x1a/0x30 [ 42.138757] [ 42.140279] The buggy address belongs to the object at ffff888107fedd00 [ 42.140279] which belongs to the cache kmalloc-32 of size 32 [ 42.152612] The buggy address is located 16 bytes inside of [ 42.152612] freed 32-byte region [ffff888107fedd00, ffff888107fedd20) [ 42.164704] [ 42.166220] The buggy address belongs to the physical page: [ 42.171791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107fed [ 42.179797] flags: 0x200000000000000(node=0|zone=2) [ 42.184703] page_type: f5(slab) [ 42.187876] raw: 0200000000000000 ffff888100042780 dead000000000122 0000000000000000 [ 42.195616] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 42.203352] page dumped because: kasan: bad access detected [ 42.208926] [ 42.210425] Memory state around the buggy address: [ 42.215218] ffff888107fedc00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 42.222438] ffff888107fedc80: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 42.229665] >ffff888107fedd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 42.236910] ^ [ 42.240662] ffff888107fedd80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 42.247907] ffff888107fede00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 42.255126] ==================================================================