Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 40.139983] ================================================================== [ 40.163706] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 40.169606] Read of size 1 at addr ffff00080499db10 by task kunit_try_catch/306 [ 40.176896] [ 40.178384] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 40.178440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.178459] Hardware name: WinLink E850-96 board (DT) [ 40.178480] Call trace: [ 40.178496] show_stack+0x20/0x38 (C) [ 40.178532] dump_stack_lvl+0x8c/0xd0 [ 40.178568] print_report+0x118/0x608 [ 40.178607] kasan_report+0xdc/0x128 [ 40.178641] __asan_report_load1_noabort+0x20/0x30 [ 40.178683] strcmp+0xc0/0xc8 [ 40.178715] kasan_strings+0x340/0xb00 [ 40.178748] kunit_try_run_case+0x170/0x3f0 [ 40.178786] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.178826] kthread+0x328/0x630 [ 40.178857] ret_from_fork+0x10/0x20 [ 40.178894] [ 40.243735] Allocated by task 306: [ 40.247124] kasan_save_stack+0x3c/0x68 [ 40.250940] kasan_save_track+0x20/0x40 [ 40.254759] kasan_save_alloc_info+0x40/0x58 [ 40.259012] __kasan_kmalloc+0xd4/0xd8 [ 40.262745] __kmalloc_cache_noprof+0x16c/0x3c0 [ 40.267259] kasan_strings+0xc8/0xb00 [ 40.270905] kunit_try_run_case+0x170/0x3f0 [ 40.275071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.280541] kthread+0x328/0x630 [ 40.283751] ret_from_fork+0x10/0x20 [ 40.287310] [ 40.288787] Freed by task 306: [ 40.291827] kasan_save_stack+0x3c/0x68 [ 40.295644] kasan_save_track+0x20/0x40 [ 40.299462] kasan_save_free_info+0x4c/0x78 [ 40.303630] __kasan_slab_free+0x6c/0x98 [ 40.307536] kfree+0x214/0x3c8 [ 40.310574] kasan_strings+0x24c/0xb00 [ 40.314306] kunit_try_run_case+0x170/0x3f0 [ 40.318473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.323942] kthread+0x328/0x630 [ 40.327154] ret_from_fork+0x10/0x20 [ 40.330712] [ 40.332190] The buggy address belongs to the object at ffff00080499db00 [ 40.332190] which belongs to the cache kmalloc-32 of size 32 [ 40.344517] The buggy address is located 16 bytes inside of [ 40.344517] freed 32-byte region [ffff00080499db00, ffff00080499db20) [ 40.356580] [ 40.358058] The buggy address belongs to the physical page: [ 40.363617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88499d [ 40.371600] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 40.378111] page_type: f5(slab) [ 40.381247] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000 [ 40.388965] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 40.396686] page dumped because: kasan: bad access detected [ 40.402239] [ 40.403715] Memory state around the buggy address: [ 40.408498] ffff00080499da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.415698] ffff00080499da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.422902] >ffff00080499db00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.430103] ^ [ 40.433840] ffff00080499db80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 40.441045] ffff00080499dc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 40.448247] ==================================================================
[ 28.952695] ================================================================== [ 28.952817] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 28.956082] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 28.956234] [ 28.956336] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.956578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.956661] Hardware name: linux,dummy-virt (DT) [ 28.956758] Call trace: [ 28.956826] show_stack+0x20/0x38 (C) [ 28.956988] dump_stack_lvl+0x8c/0xd0 [ 28.957140] print_report+0x118/0x608 [ 28.957357] kasan_report+0xdc/0x128 [ 28.959180] __asan_report_load1_noabort+0x20/0x30 [ 28.959340] strcmp+0xc0/0xc8 [ 28.959471] kasan_strings+0x340/0xb00 [ 28.959614] kunit_try_run_case+0x170/0x3f0 [ 28.959845] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.960023] kthread+0x328/0x630 [ 28.960763] ret_from_fork+0x10/0x20 [ 28.960969] [ 28.961587] Allocated by task 259: [ 28.961728] kasan_save_stack+0x3c/0x68 [ 28.962156] kasan_save_track+0x20/0x40 [ 28.962371] kasan_save_alloc_info+0x40/0x58 [ 28.962568] __kasan_kmalloc+0xd4/0xd8 [ 28.962684] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.962850] kasan_strings+0xc8/0xb00 [ 28.963012] kunit_try_run_case+0x170/0x3f0 [ 28.963183] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.963317] kthread+0x328/0x630 [ 28.964034] ret_from_fork+0x10/0x20 [ 28.964154] [ 28.964211] Freed by task 259: [ 28.964290] kasan_save_stack+0x3c/0x68 [ 28.964489] kasan_save_track+0x20/0x40 [ 28.965175] kasan_save_free_info+0x4c/0x78 [ 28.965587] __kasan_slab_free+0x6c/0x98 [ 28.965727] kfree+0x214/0x3c8 [ 28.965825] kasan_strings+0x24c/0xb00 [ 28.966116] kunit_try_run_case+0x170/0x3f0 [ 28.966339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.967012] kthread+0x328/0x630 [ 28.967120] ret_from_fork+0x10/0x20 [ 28.967236] [ 28.967784] The buggy address belongs to the object at fff00000c6437e00 [ 28.967784] which belongs to the cache kmalloc-32 of size 32 [ 28.967995] The buggy address is located 16 bytes inside of [ 28.967995] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 28.968286] [ 28.968358] The buggy address belongs to the physical page: [ 28.968469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 28.968694] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.968839] page_type: f5(slab) [ 28.969040] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 28.969217] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.969377] page dumped because: kasan: bad access detected [ 28.969999] [ 28.970060] Memory state around the buggy address: [ 28.970150] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 28.970266] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.970803] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.971025] ^ [ 28.971930] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.972086] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.972201] ==================================================================
[ 29.059022] ================================================================== [ 29.059385] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 29.059535] Read of size 1 at addr fff00000c7761a90 by task kunit_try_catch/259 [ 29.059662] [ 29.059749] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.059991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.060066] Hardware name: linux,dummy-virt (DT) [ 29.060151] Call trace: [ 29.060221] show_stack+0x20/0x38 (C) [ 29.060356] dump_stack_lvl+0x8c/0xd0 [ 29.060588] print_report+0x118/0x608 [ 29.060726] kasan_report+0xdc/0x128 [ 29.060883] __asan_report_load1_noabort+0x20/0x30 [ 29.061081] strcmp+0xc0/0xc8 [ 29.061392] kasan_strings+0x340/0xb00 [ 29.061600] kunit_try_run_case+0x170/0x3f0 [ 29.061745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.061922] kthread+0x328/0x630 [ 29.062056] ret_from_fork+0x10/0x20 [ 29.062199] [ 29.062259] Allocated by task 259: [ 29.062339] kasan_save_stack+0x3c/0x68 [ 29.062455] kasan_save_track+0x20/0x40 [ 29.062564] kasan_save_alloc_info+0x40/0x58 [ 29.062703] __kasan_kmalloc+0xd4/0xd8 [ 29.062808] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.062960] kasan_strings+0xc8/0xb00 [ 29.063090] kunit_try_run_case+0x170/0x3f0 [ 29.063194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.063303] kthread+0x328/0x630 [ 29.063394] ret_from_fork+0x10/0x20 [ 29.063488] [ 29.063571] Freed by task 259: [ 29.063646] kasan_save_stack+0x3c/0x68 [ 29.063751] kasan_save_track+0x20/0x40 [ 29.063878] kasan_save_free_info+0x4c/0x78 [ 29.064000] __kasan_slab_free+0x6c/0x98 [ 29.064107] kfree+0x214/0x3c8 [ 29.064385] kasan_strings+0x24c/0xb00 [ 29.064506] kunit_try_run_case+0x170/0x3f0 [ 29.064703] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.064830] kthread+0x328/0x630 [ 29.064944] ret_from_fork+0x10/0x20 [ 29.065080] [ 29.065141] The buggy address belongs to the object at fff00000c7761a80 [ 29.065141] which belongs to the cache kmalloc-32 of size 32 [ 29.065296] The buggy address is located 16 bytes inside of [ 29.065296] freed 32-byte region [fff00000c7761a80, fff00000c7761aa0) [ 29.065454] [ 29.065525] The buggy address belongs to the physical page: [ 29.065614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107761 [ 29.065771] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.065942] page_type: f5(slab) [ 29.066065] raw: 0bfffe0000000000 fff00000c0001780 dead000000000100 dead000000000122 [ 29.066211] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.066329] page dumped because: kasan: bad access detected [ 29.066427] [ 29.066482] Memory state around the buggy address: [ 29.066573] fff00000c7761980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.067438] fff00000c7761a00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.068103] >fff00000c7761a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.068645] ^ [ 29.068736] fff00000c7761b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.068876] fff00000c7761b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.068987] ==================================================================
[ 22.099975] ================================================================== [ 22.102048] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 22.102647] Read of size 1 at addr ffff8881039d7c90 by task kunit_try_catch/277 [ 22.103260] [ 22.104331] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 22.104475] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.104824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.104889] Call Trace: [ 22.104916] <TASK> [ 22.104943] dump_stack_lvl+0x73/0xb0 [ 22.104998] print_report+0xd1/0x650 [ 22.105037] ? __virt_addr_valid+0x1db/0x2d0 [ 22.105072] ? strcmp+0xb0/0xc0 [ 22.105098] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.105130] ? strcmp+0xb0/0xc0 [ 22.105155] kasan_report+0x141/0x180 [ 22.105186] ? strcmp+0xb0/0xc0 [ 22.105216] __asan_report_load1_noabort+0x18/0x20 [ 22.105300] strcmp+0xb0/0xc0 [ 22.105330] kasan_strings+0x431/0xe80 [ 22.105364] ? __pfx_kasan_strings+0x10/0x10 [ 22.105393] ? __schedule+0x207f/0x2b60 [ 22.105424] ? schedule+0x7c/0x2e0 [ 22.105453] ? trace_hardirqs_on+0x37/0xe0 [ 22.105488] ? __schedule+0x207f/0x2b60 [ 22.105562] ? __pfx_read_tsc+0x10/0x10 [ 22.105699] ? ktime_get_ts64+0x86/0x230 [ 22.105754] kunit_try_run_case+0x1a5/0x480 [ 22.105798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.105834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.105872] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.105906] ? __kthread_parkme+0x82/0x180 [ 22.105935] ? preempt_count_sub+0x50/0x80 [ 22.105966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.106003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.106036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.106073] kthread+0x337/0x6f0 [ 22.106100] ? trace_preempt_on+0x20/0xc0 [ 22.106134] ? __pfx_kthread+0x10/0x10 [ 22.106163] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.106196] ? calculate_sigpending+0x7b/0xa0 [ 22.106282] ? __pfx_kthread+0x10/0x10 [ 22.106321] ret_from_fork+0x116/0x1d0 [ 22.106351] ? __pfx_kthread+0x10/0x10 [ 22.106381] ret_from_fork_asm+0x1a/0x30 [ 22.106424] </TASK> [ 22.106440] [ 22.128964] Allocated by task 277: [ 22.129416] kasan_save_stack+0x45/0x70 [ 22.129950] kasan_save_track+0x18/0x40 [ 22.130268] kasan_save_alloc_info+0x3b/0x50 [ 22.130739] __kasan_kmalloc+0xb7/0xc0 [ 22.131162] __kmalloc_cache_noprof+0x189/0x420 [ 22.132045] kasan_strings+0xc0/0xe80 [ 22.132514] kunit_try_run_case+0x1a5/0x480 [ 22.132859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.134276] kthread+0x337/0x6f0 [ 22.134880] ret_from_fork+0x116/0x1d0 [ 22.135288] ret_from_fork_asm+0x1a/0x30 [ 22.135958] [ 22.136144] Freed by task 277: [ 22.136421] kasan_save_stack+0x45/0x70 [ 22.136870] kasan_save_track+0x18/0x40 [ 22.137399] kasan_save_free_info+0x3f/0x60 [ 22.137859] __kasan_slab_free+0x56/0x70 [ 22.138241] kfree+0x222/0x3f0 [ 22.138558] kasan_strings+0x2aa/0xe80 [ 22.139866] kunit_try_run_case+0x1a5/0x480 [ 22.140343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.141202] kthread+0x337/0x6f0 [ 22.141731] ret_from_fork+0x116/0x1d0 [ 22.142107] ret_from_fork_asm+0x1a/0x30 [ 22.143110] [ 22.143420] The buggy address belongs to the object at ffff8881039d7c80 [ 22.143420] which belongs to the cache kmalloc-32 of size 32 [ 22.144366] The buggy address is located 16 bytes inside of [ 22.144366] freed 32-byte region [ffff8881039d7c80, ffff8881039d7ca0) [ 22.145542] [ 22.145835] The buggy address belongs to the physical page: [ 22.146445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039d7 [ 22.147474] flags: 0x200000000000000(node=0|zone=2) [ 22.148037] page_type: f5(slab) [ 22.148408] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.149706] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.150294] page dumped because: kasan: bad access detected [ 22.151314] [ 22.151530] Memory state around the buggy address: [ 22.152089] ffff8881039d7b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.152662] ffff8881039d7c00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.153189] >ffff8881039d7c80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.153966] ^ [ 22.154333] ffff8881039d7d00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.155760] ffff8881039d7d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.156257] ==================================================================
[ 20.881278] ================================================================== [ 20.883724] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 20.884930] Read of size 1 at addr ffff8881038ef290 by task kunit_try_catch/277 [ 20.886299] [ 20.886482] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 20.886865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.886920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.886957] Call Trace: [ 20.886997] <TASK> [ 20.887021] dump_stack_lvl+0x73/0xb0 [ 20.887064] print_report+0xd1/0x650 [ 20.887104] ? __virt_addr_valid+0x1db/0x2d0 [ 20.887374] ? strcmp+0xb0/0xc0 [ 20.887405] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.887439] ? strcmp+0xb0/0xc0 [ 20.887464] kasan_report+0x141/0x180 [ 20.887497] ? strcmp+0xb0/0xc0 [ 20.887578] __asan_report_load1_noabort+0x18/0x20 [ 20.887658] strcmp+0xb0/0xc0 [ 20.887690] kasan_strings+0x431/0xe80 [ 20.887724] ? trace_hardirqs_on+0x37/0xe0 [ 20.887759] ? __pfx_kasan_strings+0x10/0x10 [ 20.887789] ? finish_task_switch.isra.0+0x153/0x700 [ 20.887820] ? __switch_to+0x47/0xf50 [ 20.887856] ? __schedule+0x10cc/0x2b60 [ 20.887920] ? __pfx_read_tsc+0x10/0x10 [ 20.887953] ? ktime_get_ts64+0x86/0x230 [ 20.887988] kunit_try_run_case+0x1a5/0x480 [ 20.888026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.888060] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.888114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.888171] ? __kthread_parkme+0x82/0x180 [ 20.888203] ? preempt_count_sub+0x50/0x80 [ 20.888236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.888272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.888305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.888341] kthread+0x337/0x6f0 [ 20.888368] ? trace_preempt_on+0x20/0xc0 [ 20.888398] ? __pfx_kthread+0x10/0x10 [ 20.888427] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.888458] ? calculate_sigpending+0x7b/0xa0 [ 20.888492] ? __pfx_kthread+0x10/0x10 [ 20.888564] ret_from_fork+0x116/0x1d0 [ 20.888633] ? __pfx_kthread+0x10/0x10 [ 20.888667] ret_from_fork_asm+0x1a/0x30 [ 20.888709] </TASK> [ 20.888723] [ 20.911221] Allocated by task 277: [ 20.911545] kasan_save_stack+0x45/0x70 [ 20.912860] kasan_save_track+0x18/0x40 [ 20.913205] kasan_save_alloc_info+0x3b/0x50 [ 20.913777] __kasan_kmalloc+0xb7/0xc0 [ 20.914109] __kmalloc_cache_noprof+0x189/0x420 [ 20.914977] kasan_strings+0xc0/0xe80 [ 20.915469] kunit_try_run_case+0x1a5/0x480 [ 20.916158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.917040] kthread+0x337/0x6f0 [ 20.917444] ret_from_fork+0x116/0x1d0 [ 20.918129] ret_from_fork_asm+0x1a/0x30 [ 20.918485] [ 20.918595] Freed by task 277: [ 20.918729] kasan_save_stack+0x45/0x70 [ 20.918914] kasan_save_track+0x18/0x40 [ 20.919077] kasan_save_free_info+0x3f/0x60 [ 20.920349] __kasan_slab_free+0x56/0x70 [ 20.920831] kfree+0x222/0x3f0 [ 20.921230] kasan_strings+0x2aa/0xe80 [ 20.921732] kunit_try_run_case+0x1a5/0x480 [ 20.922359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.923215] kthread+0x337/0x6f0 [ 20.923535] ret_from_fork+0x116/0x1d0 [ 20.924385] ret_from_fork_asm+0x1a/0x30 [ 20.924787] [ 20.925044] The buggy address belongs to the object at ffff8881038ef280 [ 20.925044] which belongs to the cache kmalloc-32 of size 32 [ 20.926421] The buggy address is located 16 bytes inside of [ 20.926421] freed 32-byte region [ffff8881038ef280, ffff8881038ef2a0) [ 20.927871] [ 20.928222] The buggy address belongs to the physical page: [ 20.929154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038ef [ 20.930080] flags: 0x200000000000000(node=0|zone=2) [ 20.930590] page_type: f5(slab) [ 20.930905] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 20.931505] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.932567] page dumped because: kasan: bad access detected [ 20.933222] [ 20.933552] Memory state around the buggy address: [ 20.934393] ffff8881038ef180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.935088] ffff8881038ef200: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 20.935611] >ffff8881038ef280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.936246] ^ [ 20.936609] ffff8881038ef300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.937628] ffff8881038ef380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.938281] ==================================================================
[ 22.553474] ================================================================== [ 22.555608] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 22.556170] Read of size 1 at addr ffff00000f4bf450 by task kunit_try_catch/312 [ 22.556843] [ 22.557006] CPU: 2 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.557052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.557065] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.557080] Call trace: [ 22.557091] show_stack+0x20/0x38 (C) [ 22.557124] dump_stack_lvl+0x8c/0xd0 [ 22.557155] print_report+0x118/0x608 [ 22.557186] kasan_report+0xdc/0x128 [ 22.557213] __asan_report_load1_noabort+0x20/0x30 [ 22.557245] strcmp+0xc0/0xc8 [ 22.557269] kasan_strings+0x340/0xb00 [ 22.557295] kunit_try_run_case+0x170/0x3f0 [ 22.557326] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.557359] kthread+0x328/0x630 [ 22.557382] ret_from_fork+0x10/0x20 [ 22.557411] [ 22.563195] Allocated by task 312: [ 22.563517] kasan_save_stack+0x3c/0x68 [ 22.563888] kasan_save_track+0x20/0x40 [ 22.564257] kasan_save_alloc_info+0x40/0x58 [ 22.564669] __kasan_kmalloc+0xd4/0xd8 [ 22.565030] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.565463] kasan_strings+0xc8/0xb00 [ 22.565815] kunit_try_run_case+0x170/0x3f0 [ 22.566215] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.566732] kthread+0x328/0x630 [ 22.567043] ret_from_fork+0x10/0x20 [ 22.567388] [ 22.567538] Freed by task 312: [ 22.567829] kasan_save_stack+0x3c/0x68 [ 22.568199] kasan_save_track+0x20/0x40 [ 22.568567] kasan_save_free_info+0x4c/0x78 [ 22.568969] __kasan_slab_free+0x6c/0x98 [ 22.569345] kfree+0x214/0x3c8 [ 22.569643] kasan_strings+0x24c/0xb00 [ 22.570003] kunit_try_run_case+0x170/0x3f0 [ 22.570402] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.570919] kthread+0x328/0x630 [ 22.571230] ret_from_fork+0x10/0x20 [ 22.571575] [ 22.571725] The buggy address belongs to the object at ffff00000f4bf440 [ 22.571725] which belongs to the cache kmalloc-32 of size 32 [ 22.572835] The buggy address is located 16 bytes inside of [ 22.572835] freed 32-byte region [ffff00000f4bf440, ffff00000f4bf460) [ 22.573924] [ 22.574075] The buggy address belongs to the physical page: [ 22.574586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf4bf [ 22.575305] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.575910] page_type: f5(slab) [ 22.576217] raw: 03fffe0000000000 ffff000000402780 dead000000000122 0000000000000000 [ 22.576926] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.577628] page dumped because: kasan: bad access detected [ 22.578138] [ 22.578287] Memory state around the buggy address: [ 22.578732] ffff00000f4bf300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.579393] ffff00000f4bf380: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.580052] >ffff00000f4bf400: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.580709] ^ [ 22.581247] ffff00000f4bf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.581907] ffff00000f4bf500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.582564] ==================================================================