Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 68.559356] ================================================================== [ 68.566650] BUG: KASAN: slab-use-after-free in strnlen+0x94/0x9c [ 68.572692] Read of size 1 at addr cc23b890 by task kunit_try_catch/315 [ 68.579345] [ 68.580871] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 68.580902] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 68.580902] Hardware name: Generic DRA74X (Flattened Device Tree) [ 68.580902] Call trace: [ 68.580902] unwind_backtrace from show_stack+0x18/0x1c [ 68.580932] show_stack from dump_stack_lvl+0x70/0x90 [ 68.580963] dump_stack_lvl from print_report+0x158/0x528 [ 68.580993] print_report from kasan_report+0xdc/0x118 [ 68.581024] kasan_report from strnlen+0x94/0x9c [ 68.581024] strnlen from kasan_strings+0x670/0xf00 [ 68.581054] kasan_strings from kunit_try_run_case+0x22c/0x5a8 [ 68.581085] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 68.581115] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 68.581146] kthread from ret_from_fork+0x14/0x20 [ 68.581146] Exception stack(0xf26c3fb0 to 0xf26c3ff8) [ 68.581176] 3fa0: 00000000 00000000 00000000 00000000 [ 68.581207] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 68.581207] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 68.581237] [ 68.689605] Allocated by task 315: [ 68.693023] kasan_save_track+0x30/0x5c [ 68.696899] __kasan_kmalloc+0x8c/0x94 [ 68.700683] kasan_strings+0xe8/0xf00 [ 68.704376] kunit_try_run_case+0x22c/0x5a8 [ 68.708587] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 68.714111] kthread+0x464/0x810 [ 68.717376] ret_from_fork+0x14/0x20 [ 68.720977] [ 68.722473] Freed by task 315: [ 68.725555] kasan_save_track+0x30/0x5c [ 68.729431] kasan_save_free_info+0x3c/0x48 [ 68.733642] __kasan_slab_free+0x40/0x50 [ 68.737579] kfree+0xe8/0x384 [ 68.740600] kasan_strings+0x310/0xf00 [ 68.744384] kunit_try_run_case+0x22c/0x5a8 [ 68.748596] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 68.754119] kthread+0x464/0x810 [ 68.757385] ret_from_fork+0x14/0x20 [ 68.760986] [ 68.762481] The buggy address belongs to the object at cc23b880 [ 68.762481] which belongs to the cache kmalloc-64 of size 64 [ 68.774200] The buggy address is located 16 bytes inside of [ 68.774200] freed 64-byte region [cc23b880, cc23b8c0) [ 68.784973] [ 68.786468] The buggy address belongs to the physical page: [ 68.792083] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23b [ 68.799377] flags: 0x0(zone=0) [ 68.802429] page_type: f5(slab) [ 68.805603] raw: 00000000 c7001300 00000122 00000000 00000000 00200020 f5000000 00000000 [ 68.813751] raw: 00000000 [ 68.816406] page dumped because: kasan: bad access detected [ 68.822021] [ 68.823516] Memory state around the buggy address: [ 68.828338] cc23b780: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.834899] cc23b800: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.841491] >cc23b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.848052] ^ [ 68.851135] cc23b900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.857696] cc23b980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.864288] ==================================================================
[ 43.101816] ================================================================== [ 43.109056] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 43.115061] Read of size 1 at addr ffff888107fedd10 by task kunit_try_catch/302 [ 43.122368] [ 43.123867] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 43.123875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.123877] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 43.123880] Call Trace: [ 43.123882] <TASK> [ 43.123883] dump_stack_lvl+0x73/0xb0 [ 43.123887] print_report+0xd1/0x650 [ 43.123891] ? __virt_addr_valid+0x1db/0x2d0 [ 43.123894] ? strnlen+0x73/0x80 [ 43.123898] ? kasan_complete_mode_report_info+0x64/0x200 [ 43.123902] ? strnlen+0x73/0x80 [ 43.123905] kasan_report+0x141/0x180 [ 43.123909] ? strnlen+0x73/0x80 [ 43.123913] __asan_report_load1_noabort+0x18/0x20 [ 43.123917] strnlen+0x73/0x80 [ 43.123921] kasan_strings+0x615/0xe80 [ 43.123924] ? trace_hardirqs_on+0x37/0xe0 [ 43.123929] ? __pfx_kasan_strings+0x10/0x10 [ 43.123932] ? finish_task_switch.isra.0+0x153/0x700 [ 43.123937] ? __switch_to+0x5d9/0xf60 [ 43.123940] ? dequeue_task_fair+0x166/0x4e0 [ 43.123945] ? __schedule+0x10cc/0x2b30 [ 43.123949] ? ktime_get_ts64+0x83/0x230 [ 43.123954] kunit_try_run_case+0x1a2/0x480 [ 43.123958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 43.123962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 43.123966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 43.123971] ? __kthread_parkme+0x82/0x180 [ 43.123975] ? preempt_count_sub+0x50/0x80 [ 43.123979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 43.123984] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 43.123988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 43.123992] kthread+0x334/0x6f0 [ 43.123996] ? trace_preempt_on+0x20/0xc0 [ 43.124000] ? __pfx_kthread+0x10/0x10 [ 43.124004] ? _raw_spin_unlock_irq+0x47/0x80 [ 43.124008] ? calculate_sigpending+0x7b/0xa0 [ 43.124012] ? __pfx_kthread+0x10/0x10 [ 43.124016] ret_from_fork+0x3e/0x80 [ 43.124020] ? __pfx_kthread+0x10/0x10 [ 43.124025] ret_from_fork_asm+0x1a/0x30 [ 43.124030] </TASK> [ 43.124032] [ 43.303197] Allocated by task 302: [ 43.306603] kasan_save_stack+0x45/0x70 [ 43.310443] kasan_save_track+0x18/0x40 [ 43.314281] kasan_save_alloc_info+0x3b/0x50 [ 43.318553] __kasan_kmalloc+0xb7/0xc0 [ 43.322309] __kmalloc_cache_noprof+0x189/0x420 [ 43.326839] kasan_strings+0xc0/0xe80 [ 43.330506] kunit_try_run_case+0x1a2/0x480 [ 43.334704] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 43.340125] kthread+0x334/0x6f0 [ 43.343359] ret_from_fork+0x3e/0x80 [ 43.346938] ret_from_fork_asm+0x1a/0x30 [ 43.350863] [ 43.352361] Freed by task 302: [ 43.355420] kasan_save_stack+0x45/0x70 [ 43.359260] kasan_save_track+0x18/0x40 [ 43.363098] kasan_save_free_info+0x3f/0x60 [ 43.367286] __kasan_slab_free+0x56/0x70 [ 43.371221] kfree+0x222/0x3f0 [ 43.374279] kasan_strings+0x2aa/0xe80 [ 43.378031] kunit_try_run_case+0x1a2/0x480 [ 43.382216] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 43.387615] kthread+0x334/0x6f0 [ 43.390848] ret_from_fork+0x3e/0x80 [ 43.394426] ret_from_fork_asm+0x1a/0x30 [ 43.398354] [ 43.399852] The buggy address belongs to the object at ffff888107fedd00 [ 43.399852] which belongs to the cache kmalloc-32 of size 32 [ 43.412193] The buggy address is located 16 bytes inside of [ 43.412193] freed 32-byte region [ffff888107fedd00, ffff888107fedd20) [ 43.424276] [ 43.425772] The buggy address belongs to the physical page: [ 43.431347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107fed [ 43.439355] flags: 0x200000000000000(node=0|zone=2) [ 43.444233] page_type: f5(slab) [ 43.447379] raw: 0200000000000000 ffff888100042780 dead000000000122 0000000000000000 [ 43.455120] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 43.462867] page dumped because: kasan: bad access detected [ 43.468439] [ 43.469935] Memory state around the buggy address: [ 43.474741] ffff888107fedc00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 43.481967] ffff888107fedc80: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 43.489185] >ffff888107fedd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 43.496402] ^ [ 43.500155] ffff888107fedd80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 43.507376] ffff888107fede00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 43.514595] ==================================================================