Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 40.455571] ================================================================== [ 40.462660] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 40.469339] Read of size 1 at addr ffff00080499db10 by task kunit_try_catch/306 [ 40.476630] [ 40.478116] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 40.478167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.478186] Hardware name: WinLink E850-96 board (DT) [ 40.478207] Call trace: [ 40.478223] show_stack+0x20/0x38 (C) [ 40.478256] dump_stack_lvl+0x8c/0xd0 [ 40.478294] print_report+0x118/0x608 [ 40.478331] kasan_report+0xdc/0x128 [ 40.478364] __asan_report_load1_noabort+0x20/0x30 [ 40.478403] kasan_strings+0x95c/0xb00 [ 40.478432] kunit_try_run_case+0x170/0x3f0 [ 40.478468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.478509] kthread+0x328/0x630 [ 40.478540] ret_from_fork+0x10/0x20 [ 40.478576] [ 40.540520] Allocated by task 306: [ 40.543907] kasan_save_stack+0x3c/0x68 [ 40.547723] kasan_save_track+0x20/0x40 [ 40.551543] kasan_save_alloc_info+0x40/0x58 [ 40.555796] __kasan_kmalloc+0xd4/0xd8 [ 40.559529] __kmalloc_cache_noprof+0x16c/0x3c0 [ 40.564042] kasan_strings+0xc8/0xb00 [ 40.567688] kunit_try_run_case+0x170/0x3f0 [ 40.571855] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.577325] kthread+0x328/0x630 [ 40.580535] ret_from_fork+0x10/0x20 [ 40.584094] [ 40.585570] Freed by task 306: [ 40.588608] kasan_save_stack+0x3c/0x68 [ 40.592428] kasan_save_track+0x20/0x40 [ 40.596247] kasan_save_free_info+0x4c/0x78 [ 40.600414] __kasan_slab_free+0x6c/0x98 [ 40.604320] kfree+0x214/0x3c8 [ 40.607358] kasan_strings+0x24c/0xb00 [ 40.611091] kunit_try_run_case+0x170/0x3f0 [ 40.615257] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.620726] kthread+0x328/0x630 [ 40.623937] ret_from_fork+0x10/0x20 [ 40.627497] [ 40.628972] The buggy address belongs to the object at ffff00080499db00 [ 40.628972] which belongs to the cache kmalloc-32 of size 32 [ 40.641300] The buggy address is located 16 bytes inside of [ 40.641300] freed 32-byte region [ffff00080499db00, ffff00080499db20) [ 40.653364] [ 40.654842] The buggy address belongs to the physical page: [ 40.660397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88499d [ 40.668382] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 40.674893] page_type: f5(slab) [ 40.678029] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000 [ 40.685749] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 40.693467] page dumped because: kasan: bad access detected [ 40.699023] [ 40.700499] Memory state around the buggy address: [ 40.705278] ffff00080499da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.712482] ffff00080499da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.719686] >ffff00080499db00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.726887] ^ [ 40.730624] ffff00080499db80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 40.737828] ffff00080499dc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.745031] ==================================================================
[ 28.975113] ================================================================== [ 28.975260] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 28.975399] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 28.975834] [ 28.975975] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.976184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.976256] Hardware name: linux,dummy-virt (DT) [ 28.976345] Call trace: [ 28.976432] show_stack+0x20/0x38 (C) [ 28.976704] dump_stack_lvl+0x8c/0xd0 [ 28.976857] print_report+0x118/0x608 [ 28.977070] kasan_report+0xdc/0x128 [ 28.977205] __asan_report_load1_noabort+0x20/0x30 [ 28.977400] kasan_strings+0x95c/0xb00 [ 28.977529] kunit_try_run_case+0x170/0x3f0 [ 28.977720] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.977899] kthread+0x328/0x630 [ 28.978061] ret_from_fork+0x10/0x20 [ 28.978505] [ 28.978661] Allocated by task 259: [ 28.978747] kasan_save_stack+0x3c/0x68 [ 28.978960] kasan_save_track+0x20/0x40 [ 28.979258] kasan_save_alloc_info+0x40/0x58 [ 28.979779] __kasan_kmalloc+0xd4/0xd8 [ 28.980343] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.980488] kasan_strings+0xc8/0xb00 [ 28.980599] kunit_try_run_case+0x170/0x3f0 [ 28.981596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.981762] kthread+0x328/0x630 [ 28.981865] ret_from_fork+0x10/0x20 [ 28.981981] [ 28.982037] Freed by task 259: [ 28.982113] kasan_save_stack+0x3c/0x68 [ 28.983181] kasan_save_track+0x20/0x40 [ 28.983346] kasan_save_free_info+0x4c/0x78 [ 28.984072] __kasan_slab_free+0x6c/0x98 [ 28.984202] kfree+0x214/0x3c8 [ 28.984299] kasan_strings+0x24c/0xb00 [ 28.984383] kunit_try_run_case+0x170/0x3f0 [ 28.984489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.985093] kthread+0x328/0x630 [ 28.985214] ret_from_fork+0x10/0x20 [ 28.985310] [ 28.986100] The buggy address belongs to the object at fff00000c6437e00 [ 28.986100] which belongs to the cache kmalloc-32 of size 32 [ 28.986999] The buggy address is located 16 bytes inside of [ 28.986999] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 28.987336] [ 28.987417] The buggy address belongs to the physical page: [ 28.987504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 28.987772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.987915] page_type: f5(slab) [ 28.988164] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 28.988358] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.988660] page dumped because: kasan: bad access detected [ 28.988766] [ 28.988821] Memory state around the buggy address: [ 28.988973] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 28.989274] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.989391] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.989518] ^ [ 28.989695] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.989815] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.989952] ==================================================================
[ 29.072562] ================================================================== [ 29.072681] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 29.072803] Read of size 1 at addr fff00000c7761a90 by task kunit_try_catch/259 [ 29.072958] [ 29.073072] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.073311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.073387] Hardware name: linux,dummy-virt (DT) [ 29.073483] Call trace: [ 29.073549] show_stack+0x20/0x38 (C) [ 29.073678] dump_stack_lvl+0x8c/0xd0 [ 29.073802] print_report+0x118/0x608 [ 29.075563] kasan_report+0xdc/0x128 [ 29.076149] __asan_report_load1_noabort+0x20/0x30 [ 29.076294] kasan_strings+0x95c/0xb00 [ 29.076408] kunit_try_run_case+0x170/0x3f0 [ 29.076534] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.076673] kthread+0x328/0x630 [ 29.076790] ret_from_fork+0x10/0x20 [ 29.076933] [ 29.076982] Allocated by task 259: [ 29.077069] kasan_save_stack+0x3c/0x68 [ 29.077174] kasan_save_track+0x20/0x40 [ 29.077268] kasan_save_alloc_info+0x40/0x58 [ 29.077367] __kasan_kmalloc+0xd4/0xd8 [ 29.077466] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.077568] kasan_strings+0xc8/0xb00 [ 29.077660] kunit_try_run_case+0x170/0x3f0 [ 29.077752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.080240] kthread+0x328/0x630 [ 29.080343] ret_from_fork+0x10/0x20 [ 29.080444] [ 29.080500] Freed by task 259: [ 29.080570] kasan_save_stack+0x3c/0x68 [ 29.080672] kasan_save_track+0x20/0x40 [ 29.080773] kasan_save_free_info+0x4c/0x78 [ 29.081937] __kasan_slab_free+0x6c/0x98 [ 29.082073] kfree+0x214/0x3c8 [ 29.082179] kasan_strings+0x24c/0xb00 [ 29.082277] kunit_try_run_case+0x170/0x3f0 [ 29.082377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.082485] kthread+0x328/0x630 [ 29.082580] ret_from_fork+0x10/0x20 [ 29.082672] [ 29.082726] The buggy address belongs to the object at fff00000c7761a80 [ 29.082726] which belongs to the cache kmalloc-32 of size 32 [ 29.082881] The buggy address is located 16 bytes inside of [ 29.082881] freed 32-byte region [fff00000c7761a80, fff00000c7761aa0) [ 29.083035] [ 29.083089] The buggy address belongs to the physical page: [ 29.083165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107761 [ 29.083295] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.083418] page_type: f5(slab) [ 29.083515] raw: 0bfffe0000000000 fff00000c0001780 dead000000000100 dead000000000122 [ 29.083644] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.083744] page dumped because: kasan: bad access detected [ 29.083833] [ 29.087037] Memory state around the buggy address: [ 29.087437] fff00000c7761980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.087920] fff00000c7761a00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.088530] >fff00000c7761a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.088651] ^ [ 29.088732] fff00000c7761b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.088858] fff00000c7761b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.088959] ==================================================================
[ 22.158986] ================================================================== [ 22.160142] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 22.160813] Read of size 1 at addr ffff8881039d7c90 by task kunit_try_catch/277 [ 22.161244] [ 22.161464] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 22.161601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.161655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.161715] Call Trace: [ 22.161752] <TASK> [ 22.161795] dump_stack_lvl+0x73/0xb0 [ 22.161882] print_report+0xd1/0x650 [ 22.161958] ? __virt_addr_valid+0x1db/0x2d0 [ 22.162029] ? kasan_strings+0xcbc/0xe80 [ 22.162093] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.162161] ? kasan_strings+0xcbc/0xe80 [ 22.162228] kasan_report+0x141/0x180 [ 22.162292] ? kasan_strings+0xcbc/0xe80 [ 22.162356] __asan_report_load1_noabort+0x18/0x20 [ 22.162420] kasan_strings+0xcbc/0xe80 [ 22.162478] ? __pfx_kasan_strings+0x10/0x10 [ 22.162991] ? __schedule+0x207f/0x2b60 [ 22.163428] ? schedule+0x7c/0x2e0 [ 22.163526] ? trace_hardirqs_on+0x37/0xe0 [ 22.163652] ? __schedule+0x207f/0x2b60 [ 22.163728] ? __pfx_read_tsc+0x10/0x10 [ 22.163799] ? ktime_get_ts64+0x86/0x230 [ 22.163877] kunit_try_run_case+0x1a5/0x480 [ 22.163960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.164036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.164110] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.164186] ? __kthread_parkme+0x82/0x180 [ 22.164299] ? preempt_count_sub+0x50/0x80 [ 22.164372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.164440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.164517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.164586] kthread+0x337/0x6f0 [ 22.164635] ? trace_preempt_on+0x20/0xc0 [ 22.164692] ? __pfx_kthread+0x10/0x10 [ 22.164742] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.164794] ? calculate_sigpending+0x7b/0xa0 [ 22.164848] ? __pfx_kthread+0x10/0x10 [ 22.164900] ret_from_fork+0x116/0x1d0 [ 22.164944] ? __pfx_kthread+0x10/0x10 [ 22.164993] ret_from_fork_asm+0x1a/0x30 [ 22.165062] </TASK> [ 22.165090] [ 22.189451] Allocated by task 277: [ 22.189885] kasan_save_stack+0x45/0x70 [ 22.190456] kasan_save_track+0x18/0x40 [ 22.190907] kasan_save_alloc_info+0x3b/0x50 [ 22.191430] __kasan_kmalloc+0xb7/0xc0 [ 22.191861] __kmalloc_cache_noprof+0x189/0x420 [ 22.192427] kasan_strings+0xc0/0xe80 [ 22.192853] kunit_try_run_case+0x1a5/0x480 [ 22.193378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.194006] kthread+0x337/0x6f0 [ 22.194433] ret_from_fork+0x116/0x1d0 [ 22.194870] ret_from_fork_asm+0x1a/0x30 [ 22.195427] [ 22.195672] Freed by task 277: [ 22.195950] kasan_save_stack+0x45/0x70 [ 22.196380] kasan_save_track+0x18/0x40 [ 22.196867] kasan_save_free_info+0x3f/0x60 [ 22.197206] __kasan_slab_free+0x56/0x70 [ 22.197663] kfree+0x222/0x3f0 [ 22.198122] kasan_strings+0x2aa/0xe80 [ 22.198679] kunit_try_run_case+0x1a5/0x480 [ 22.199189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.199756] kthread+0x337/0x6f0 [ 22.200188] ret_from_fork+0x116/0x1d0 [ 22.200738] ret_from_fork_asm+0x1a/0x30 [ 22.201165] [ 22.201443] The buggy address belongs to the object at ffff8881039d7c80 [ 22.201443] which belongs to the cache kmalloc-32 of size 32 [ 22.202311] The buggy address is located 16 bytes inside of [ 22.202311] freed 32-byte region [ffff8881039d7c80, ffff8881039d7ca0) [ 22.203203] [ 22.203541] The buggy address belongs to the physical page: [ 22.204121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039d7 [ 22.204896] flags: 0x200000000000000(node=0|zone=2) [ 22.205529] page_type: f5(slab) [ 22.205845] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.206393] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.207158] page dumped because: kasan: bad access detected [ 22.207748] [ 22.208015] Memory state around the buggy address: [ 22.208469] ffff8881039d7b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.209153] ffff8881039d7c00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.209789] >ffff8881039d7c80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.210308] ^ [ 22.210835] ffff8881039d7d00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.211452] ffff8881039d7d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.212118] ==================================================================
[ 20.939417] ================================================================== [ 20.940049] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 20.940643] Read of size 1 at addr ffff8881038ef290 by task kunit_try_catch/277 [ 20.941398] [ 20.941819] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.941957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.941996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.942055] Call Trace: [ 20.942100] <TASK> [ 20.942143] dump_stack_lvl+0x73/0xb0 [ 20.942233] print_report+0xd1/0x650 [ 20.942318] ? __virt_addr_valid+0x1db/0x2d0 [ 20.942414] ? kasan_strings+0xcbc/0xe80 [ 20.942515] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.942593] ? kasan_strings+0xcbc/0xe80 [ 20.942662] kasan_report+0x141/0x180 [ 20.942736] ? kasan_strings+0xcbc/0xe80 [ 20.942816] __asan_report_load1_noabort+0x18/0x20 [ 20.942916] kasan_strings+0xcbc/0xe80 [ 20.943076] ? trace_hardirqs_on+0x37/0xe0 [ 20.943194] ? __pfx_kasan_strings+0x10/0x10 [ 20.943295] ? finish_task_switch.isra.0+0x153/0x700 [ 20.943415] ? __switch_to+0x47/0xf50 [ 20.943501] ? __schedule+0x10cc/0x2b60 [ 20.943810] ? __pfx_read_tsc+0x10/0x10 [ 20.943847] ? ktime_get_ts64+0x86/0x230 [ 20.943909] kunit_try_run_case+0x1a5/0x480 [ 20.943952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.943990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.944025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.944058] ? __kthread_parkme+0x82/0x180 [ 20.944087] ? preempt_count_sub+0x50/0x80 [ 20.944147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.944187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.944223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.944261] kthread+0x337/0x6f0 [ 20.944289] ? trace_preempt_on+0x20/0xc0 [ 20.944320] ? __pfx_kthread+0x10/0x10 [ 20.944349] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.944379] ? calculate_sigpending+0x7b/0xa0 [ 20.944413] ? __pfx_kthread+0x10/0x10 [ 20.944443] ret_from_fork+0x116/0x1d0 [ 20.944467] ? __pfx_kthread+0x10/0x10 [ 20.944495] ret_from_fork_asm+0x1a/0x30 [ 20.944610] </TASK> [ 20.944644] [ 20.967078] Allocated by task 277: [ 20.967930] kasan_save_stack+0x45/0x70 [ 20.968359] kasan_save_track+0x18/0x40 [ 20.969067] kasan_save_alloc_info+0x3b/0x50 [ 20.969494] __kasan_kmalloc+0xb7/0xc0 [ 20.970436] __kmalloc_cache_noprof+0x189/0x420 [ 20.971438] kasan_strings+0xc0/0xe80 [ 20.972020] kunit_try_run_case+0x1a5/0x480 [ 20.972898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.973979] kthread+0x337/0x6f0 [ 20.974353] ret_from_fork+0x116/0x1d0 [ 20.975015] ret_from_fork_asm+0x1a/0x30 [ 20.975948] [ 20.976122] Freed by task 277: [ 20.976395] kasan_save_stack+0x45/0x70 [ 20.976721] kasan_save_track+0x18/0x40 [ 20.977052] kasan_save_free_info+0x3f/0x60 [ 20.978284] __kasan_slab_free+0x56/0x70 [ 20.979056] kfree+0x222/0x3f0 [ 20.979903] kasan_strings+0x2aa/0xe80 [ 20.980712] kunit_try_run_case+0x1a5/0x480 [ 20.981101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.982055] kthread+0x337/0x6f0 [ 20.982456] ret_from_fork+0x116/0x1d0 [ 20.982988] ret_from_fork_asm+0x1a/0x30 [ 20.983344] [ 20.983576] The buggy address belongs to the object at ffff8881038ef280 [ 20.983576] which belongs to the cache kmalloc-32 of size 32 [ 20.984526] The buggy address is located 16 bytes inside of [ 20.984526] freed 32-byte region [ffff8881038ef280, ffff8881038ef2a0) [ 20.985512] [ 20.985792] The buggy address belongs to the physical page: [ 20.986209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038ef [ 20.987028] flags: 0x200000000000000(node=0|zone=2) [ 20.987499] page_type: f5(slab) [ 20.987902] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 20.988524] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.989199] page dumped because: kasan: bad access detected [ 20.989691] [ 20.989947] Memory state around the buggy address: [ 20.990407] ffff8881038ef180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.990941] ffff8881038ef200: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 20.991682] >ffff8881038ef280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.992276] ^ [ 20.992811] ffff8881038ef300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.993710] ffff8881038ef380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.994719] ==================================================================
[ 22.583888] ================================================================== [ 22.584564] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 22.585188] Read of size 1 at addr ffff00000f4bf450 by task kunit_try_catch/312 [ 22.585854] [ 22.586008] CPU: 4 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.586046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.586056] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.586068] Call trace: [ 22.586077] show_stack+0x20/0x38 (C) [ 22.586102] dump_stack_lvl+0x8c/0xd0 [ 22.586126] print_report+0x118/0x608 [ 22.586149] kasan_report+0xdc/0x128 [ 22.586171] __asan_report_load1_noabort+0x20/0x30 [ 22.586197] kasan_strings+0x95c/0xb00 [ 22.586215] kunit_try_run_case+0x170/0x3f0 [ 22.586239] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.586264] kthread+0x328/0x630 [ 22.586281] ret_from_fork+0x10/0x20 [ 22.586303] [ 22.591799] Allocated by task 312: [ 22.592115] kasan_save_stack+0x3c/0x68 [ 22.592481] kasan_save_track+0x20/0x40 [ 22.592842] kasan_save_alloc_info+0x40/0x58 [ 22.593245] __kasan_kmalloc+0xd4/0xd8 [ 22.593600] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.594023] kasan_strings+0xc8/0xb00 [ 22.594368] kunit_try_run_case+0x170/0x3f0 [ 22.594759] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.595267] kthread+0x328/0x630 [ 22.595571] ret_from_fork+0x10/0x20 [ 22.595910] [ 22.596056] Freed by task 312: [ 22.596342] kasan_save_stack+0x3c/0x68 [ 22.596705] kasan_save_track+0x20/0x40 [ 22.597066] kasan_save_free_info+0x4c/0x78 [ 22.597461] __kasan_slab_free+0x6c/0x98 [ 22.597831] kfree+0x214/0x3c8 [ 22.598121] kasan_strings+0x24c/0xb00 [ 22.598472] kunit_try_run_case+0x170/0x3f0 [ 22.598864] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.599371] kthread+0x328/0x630 [ 22.599675] ret_from_fork+0x10/0x20 [ 22.600014] [ 22.600160] The buggy address belongs to the object at ffff00000f4bf440 [ 22.600160] which belongs to the cache kmalloc-32 of size 32 [ 22.601262] The buggy address is located 16 bytes inside of [ 22.601262] freed 32-byte region [ffff00000f4bf440, ffff00000f4bf460) [ 22.602343] [ 22.602490] The buggy address belongs to the physical page: [ 22.602995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf4bf [ 22.603707] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.604304] page_type: f5(slab) [ 22.604605] raw: 03fffe0000000000 ffff000000402780 dead000000000122 0000000000000000 [ 22.605307] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.606003] page dumped because: kasan: bad access detected [ 22.606508] [ 22.606654] Memory state around the buggy address: [ 22.607091] ffff00000f4bf300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.607745] ffff00000f4bf380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.608397] >ffff00000f4bf400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.609047] ^ [ 22.609577] ffff00000f4bf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.610229] ffff00000f4bf500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.610879] ==================================================================