Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 40.752346] ================================================================== [ 40.759443] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 40.765342] Read of size 1 at addr ffff00080499db10 by task kunit_try_catch/306 [ 40.772633] [ 40.774118] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 40.774171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.774188] Hardware name: WinLink E850-96 board (DT) [ 40.774210] Call trace: [ 40.774225] show_stack+0x20/0x38 (C) [ 40.774260] dump_stack_lvl+0x8c/0xd0 [ 40.774296] print_report+0x118/0x608 [ 40.774332] kasan_report+0xdc/0x128 [ 40.774365] __asan_report_load1_noabort+0x20/0x30 [ 40.774402] strlen+0xa8/0xb0 [ 40.774429] kasan_strings+0x418/0xb00 [ 40.774461] kunit_try_run_case+0x170/0x3f0 [ 40.774497] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.774535] kthread+0x328/0x630 [ 40.774564] ret_from_fork+0x10/0x20 [ 40.774603] [ 40.839472] Allocated by task 306: [ 40.842859] kasan_save_stack+0x3c/0x68 [ 40.846677] kasan_save_track+0x20/0x40 [ 40.850496] kasan_save_alloc_info+0x40/0x58 [ 40.854750] __kasan_kmalloc+0xd4/0xd8 [ 40.858482] __kmalloc_cache_noprof+0x16c/0x3c0 [ 40.862996] kasan_strings+0xc8/0xb00 [ 40.866642] kunit_try_run_case+0x170/0x3f0 [ 40.870809] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.876279] kthread+0x328/0x630 [ 40.879489] ret_from_fork+0x10/0x20 [ 40.883048] [ 40.884524] Freed by task 306: [ 40.887562] kasan_save_stack+0x3c/0x68 [ 40.891381] kasan_save_track+0x20/0x40 [ 40.895201] kasan_save_free_info+0x4c/0x78 [ 40.899367] __kasan_slab_free+0x6c/0x98 [ 40.903273] kfree+0x214/0x3c8 [ 40.906312] kasan_strings+0x24c/0xb00 [ 40.910044] kunit_try_run_case+0x170/0x3f0 [ 40.914211] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.919679] kthread+0x328/0x630 [ 40.922891] ret_from_fork+0x10/0x20 [ 40.926451] [ 40.927926] The buggy address belongs to the object at ffff00080499db00 [ 40.927926] which belongs to the cache kmalloc-32 of size 32 [ 40.940254] The buggy address is located 16 bytes inside of [ 40.940254] freed 32-byte region [ffff00080499db00, ffff00080499db20) [ 40.952318] [ 40.953796] The buggy address belongs to the physical page: [ 40.959353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88499d [ 40.967337] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 40.973847] page_type: f5(slab) [ 40.976983] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000 [ 40.984703] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 40.992422] page dumped because: kasan: bad access detected [ 40.997977] [ 40.999451] Memory state around the buggy address: [ 41.004233] ffff00080499da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.011436] ffff00080499da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.018640] >ffff00080499db00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.025841] ^ [ 41.029577] ffff00080499db80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 41.036782] ffff00080499dc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.043985] ==================================================================
[ 28.991914] ================================================================== [ 28.992160] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 28.992296] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 28.992427] [ 28.992516] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.992728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.992801] Hardware name: linux,dummy-virt (DT) [ 28.992880] Call trace: [ 28.992960] show_stack+0x20/0x38 (C) [ 28.993096] dump_stack_lvl+0x8c/0xd0 [ 28.993220] print_report+0x118/0x608 [ 28.993345] kasan_report+0xdc/0x128 [ 28.993465] __asan_report_load1_noabort+0x20/0x30 [ 28.993612] strlen+0xa8/0xb0 [ 28.993749] kasan_strings+0x418/0xb00 [ 28.994173] kunit_try_run_case+0x170/0x3f0 [ 28.994328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.994488] kthread+0x328/0x630 [ 28.994990] ret_from_fork+0x10/0x20 [ 28.995564] [ 28.995973] Allocated by task 259: [ 28.996590] kasan_save_stack+0x3c/0x68 [ 28.996713] kasan_save_track+0x20/0x40 [ 28.996818] kasan_save_alloc_info+0x40/0x58 [ 28.998215] __kasan_kmalloc+0xd4/0xd8 [ 28.998665] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.999469] kasan_strings+0xc8/0xb00 [ 28.999581] kunit_try_run_case+0x170/0x3f0 [ 28.999978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.000388] kthread+0x328/0x630 [ 29.000737] ret_from_fork+0x10/0x20 [ 29.001064] [ 29.001747] Freed by task 259: [ 29.002037] kasan_save_stack+0x3c/0x68 [ 29.002418] kasan_save_track+0x20/0x40 [ 29.003061] kasan_save_free_info+0x4c/0x78 [ 29.003213] __kasan_slab_free+0x6c/0x98 [ 29.003685] kfree+0x214/0x3c8 [ 29.003814] kasan_strings+0x24c/0xb00 [ 29.004297] kunit_try_run_case+0x170/0x3f0 [ 29.004836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.005093] kthread+0x328/0x630 [ 29.005180] ret_from_fork+0x10/0x20 [ 29.006028] [ 29.006291] The buggy address belongs to the object at fff00000c6437e00 [ 29.006291] which belongs to the cache kmalloc-32 of size 32 [ 29.006855] The buggy address is located 16 bytes inside of [ 29.006855] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 29.007653] [ 29.007714] The buggy address belongs to the physical page: [ 29.007810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 29.008261] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.008545] page_type: f5(slab) [ 29.009080] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.009222] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 29.009329] page dumped because: kasan: bad access detected [ 29.010301] [ 29.010406] Memory state around the buggy address: [ 29.010753] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 29.010893] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 29.011235] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.011982] ^ [ 29.012293] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.012408] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.013229] ==================================================================
[ 29.117894] ================================================================== [ 29.118094] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 29.118238] Read of size 1 at addr fff00000c7761a90 by task kunit_try_catch/259 [ 29.118365] [ 29.118449] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.118648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.118720] Hardware name: linux,dummy-virt (DT) [ 29.118802] Call trace: [ 29.118879] show_stack+0x20/0x38 (C) [ 29.119019] dump_stack_lvl+0x8c/0xd0 [ 29.119145] print_report+0x118/0x608 [ 29.119278] kasan_report+0xdc/0x128 [ 29.119398] __asan_report_load1_noabort+0x20/0x30 [ 29.119523] strlen+0xa8/0xb0 [ 29.119634] kasan_strings+0x418/0xb00 [ 29.119748] kunit_try_run_case+0x170/0x3f0 [ 29.123388] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.123536] kthread+0x328/0x630 [ 29.123653] ret_from_fork+0x10/0x20 [ 29.123792] [ 29.123862] Allocated by task 259: [ 29.123940] kasan_save_stack+0x3c/0x68 [ 29.124040] kasan_save_track+0x20/0x40 [ 29.124140] kasan_save_alloc_info+0x40/0x58 [ 29.124241] __kasan_kmalloc+0xd4/0xd8 [ 29.124332] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.124435] kasan_strings+0xc8/0xb00 [ 29.124524] kunit_try_run_case+0x170/0x3f0 [ 29.124624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.124735] kthread+0x328/0x630 [ 29.124817] ret_from_fork+0x10/0x20 [ 29.127619] [ 29.127697] Freed by task 259: [ 29.127802] kasan_save_stack+0x3c/0x68 [ 29.128190] kasan_save_track+0x20/0x40 [ 29.128483] kasan_save_free_info+0x4c/0x78 [ 29.128919] __kasan_slab_free+0x6c/0x98 [ 29.129748] kfree+0x214/0x3c8 [ 29.130351] kasan_strings+0x24c/0xb00 [ 29.130967] kunit_try_run_case+0x170/0x3f0 [ 29.131525] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.132072] kthread+0x328/0x630 [ 29.132169] ret_from_fork+0x10/0x20 [ 29.132263] [ 29.132875] The buggy address belongs to the object at fff00000c7761a80 [ 29.132875] which belongs to the cache kmalloc-32 of size 32 [ 29.133570] The buggy address is located 16 bytes inside of [ 29.133570] freed 32-byte region [fff00000c7761a80, fff00000c7761aa0) [ 29.133729] [ 29.133782] The buggy address belongs to the physical page: [ 29.133878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107761 [ 29.134020] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.134146] page_type: f5(slab) [ 29.134246] raw: 0bfffe0000000000 fff00000c0001780 dead000000000100 dead000000000122 [ 29.134986] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.137028] page dumped because: kasan: bad access detected [ 29.137128] [ 29.137180] Memory state around the buggy address: [ 29.137269] fff00000c7761980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.137386] fff00000c7761a00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 29.137500] >fff00000c7761a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.137602] ^ [ 29.137683] fff00000c7761b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.137797] fff00000c7761b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.137930] ==================================================================
[ 22.214175] ================================================================== [ 22.215692] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 22.216205] Read of size 1 at addr ffff8881039d7c90 by task kunit_try_catch/277 [ 22.216767] [ 22.216993] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 22.217162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.217205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.217284] Call Trace: [ 22.217338] <TASK> [ 22.217390] dump_stack_lvl+0x73/0xb0 [ 22.217480] print_report+0xd1/0x650 [ 22.217603] ? __virt_addr_valid+0x1db/0x2d0 [ 22.217741] ? strlen+0x8f/0xb0 [ 22.217811] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.217927] ? strlen+0x8f/0xb0 [ 22.218028] kasan_report+0x141/0x180 [ 22.218109] ? strlen+0x8f/0xb0 [ 22.218187] __asan_report_load1_noabort+0x18/0x20 [ 22.218305] strlen+0x8f/0xb0 [ 22.218381] kasan_strings+0x57b/0xe80 [ 22.218457] ? __pfx_kasan_strings+0x10/0x10 [ 22.218547] ? __schedule+0x207f/0x2b60 [ 22.218619] ? schedule+0x7c/0x2e0 [ 22.218672] ? trace_hardirqs_on+0x37/0xe0 [ 22.218711] ? __schedule+0x207f/0x2b60 [ 22.218742] ? __pfx_read_tsc+0x10/0x10 [ 22.218775] ? ktime_get_ts64+0x86/0x230 [ 22.218808] kunit_try_run_case+0x1a5/0x480 [ 22.218849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.218889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.218924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.218960] ? __kthread_parkme+0x82/0x180 [ 22.218990] ? preempt_count_sub+0x50/0x80 [ 22.219022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.219059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.219097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.219132] kthread+0x337/0x6f0 [ 22.219160] ? trace_preempt_on+0x20/0xc0 [ 22.219194] ? __pfx_kthread+0x10/0x10 [ 22.219224] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.219301] ? calculate_sigpending+0x7b/0xa0 [ 22.219342] ? __pfx_kthread+0x10/0x10 [ 22.219373] ret_from_fork+0x116/0x1d0 [ 22.219400] ? __pfx_kthread+0x10/0x10 [ 22.219431] ret_from_fork_asm+0x1a/0x30 [ 22.219473] </TASK> [ 22.219488] [ 22.236862] Allocated by task 277: [ 22.237589] kasan_save_stack+0x45/0x70 [ 22.238237] kasan_save_track+0x18/0x40 [ 22.238803] kasan_save_alloc_info+0x3b/0x50 [ 22.239165] __kasan_kmalloc+0xb7/0xc0 [ 22.239691] __kmalloc_cache_noprof+0x189/0x420 [ 22.240189] kasan_strings+0xc0/0xe80 [ 22.240724] kunit_try_run_case+0x1a5/0x480 [ 22.241225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.241875] kthread+0x337/0x6f0 [ 22.242394] ret_from_fork+0x116/0x1d0 [ 22.242750] ret_from_fork_asm+0x1a/0x30 [ 22.243074] [ 22.243264] Freed by task 277: [ 22.243791] kasan_save_stack+0x45/0x70 [ 22.244602] kasan_save_track+0x18/0x40 [ 22.245107] kasan_save_free_info+0x3f/0x60 [ 22.245664] __kasan_slab_free+0x56/0x70 [ 22.246179] kfree+0x222/0x3f0 [ 22.246666] kasan_strings+0x2aa/0xe80 [ 22.247100] kunit_try_run_case+0x1a5/0x480 [ 22.247543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.247928] kthread+0x337/0x6f0 [ 22.248219] ret_from_fork+0x116/0x1d0 [ 22.248730] ret_from_fork_asm+0x1a/0x30 [ 22.249163] [ 22.249517] The buggy address belongs to the object at ffff8881039d7c80 [ 22.249517] which belongs to the cache kmalloc-32 of size 32 [ 22.250952] The buggy address is located 16 bytes inside of [ 22.250952] freed 32-byte region [ffff8881039d7c80, ffff8881039d7ca0) [ 22.251962] [ 22.252279] The buggy address belongs to the physical page: [ 22.253013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039d7 [ 22.253713] flags: 0x200000000000000(node=0|zone=2) [ 22.254117] page_type: f5(slab) [ 22.254403] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.255086] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.256004] page dumped because: kasan: bad access detected [ 22.256593] [ 22.256898] Memory state around the buggy address: [ 22.257559] ffff8881039d7b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.258325] ffff8881039d7c00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.259387] >ffff8881039d7c80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.259850] ^ [ 22.260064] ffff8881039d7d00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.260524] ffff8881039d7d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.261692] ==================================================================
[ 20.996197] ================================================================== [ 20.997553] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 20.998158] Read of size 1 at addr ffff8881038ef290 by task kunit_try_catch/277 [ 20.999664] [ 20.999998] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.000076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.000115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.000165] Call Trace: [ 21.000187] <TASK> [ 21.000204] dump_stack_lvl+0x73/0xb0 [ 21.000248] print_report+0xd1/0x650 [ 21.000282] ? __virt_addr_valid+0x1db/0x2d0 [ 21.000314] ? strlen+0x8f/0xb0 [ 21.000338] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.000370] ? strlen+0x8f/0xb0 [ 21.000395] kasan_report+0x141/0x180 [ 21.000427] ? strlen+0x8f/0xb0 [ 21.000456] __asan_report_load1_noabort+0x18/0x20 [ 21.000492] strlen+0x8f/0xb0 [ 21.000536] kasan_strings+0x57b/0xe80 [ 21.000759] ? trace_hardirqs_on+0x37/0xe0 [ 21.000933] ? __pfx_kasan_strings+0x10/0x10 [ 21.000974] ? finish_task_switch.isra.0+0x153/0x700 [ 21.001009] ? __switch_to+0x47/0xf50 [ 21.001046] ? __schedule+0x10cc/0x2b60 [ 21.001078] ? __pfx_read_tsc+0x10/0x10 [ 21.001149] ? ktime_get_ts64+0x86/0x230 [ 21.001190] kunit_try_run_case+0x1a5/0x480 [ 21.001228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.001265] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.001299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.001334] ? __kthread_parkme+0x82/0x180 [ 21.001362] ? preempt_count_sub+0x50/0x80 [ 21.001393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.001428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.001462] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.001497] kthread+0x337/0x6f0 [ 21.001581] ? trace_preempt_on+0x20/0xc0 [ 21.001668] ? __pfx_kthread+0x10/0x10 [ 21.001748] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.001831] ? calculate_sigpending+0x7b/0xa0 [ 21.001904] ? __pfx_kthread+0x10/0x10 [ 21.001938] ret_from_fork+0x116/0x1d0 [ 21.001966] ? __pfx_kthread+0x10/0x10 [ 21.001997] ret_from_fork_asm+0x1a/0x30 [ 21.002038] </TASK> [ 21.002053] [ 21.025300] Allocated by task 277: [ 21.025492] kasan_save_stack+0x45/0x70 [ 21.026572] kasan_save_track+0x18/0x40 [ 21.027575] kasan_save_alloc_info+0x3b/0x50 [ 21.028117] __kasan_kmalloc+0xb7/0xc0 [ 21.028694] __kmalloc_cache_noprof+0x189/0x420 [ 21.029239] kasan_strings+0xc0/0xe80 [ 21.029976] kunit_try_run_case+0x1a5/0x480 [ 21.030507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.031028] kthread+0x337/0x6f0 [ 21.031621] ret_from_fork+0x116/0x1d0 [ 21.032340] ret_from_fork_asm+0x1a/0x30 [ 21.033005] [ 21.033269] Freed by task 277: [ 21.033561] kasan_save_stack+0x45/0x70 [ 21.034294] kasan_save_track+0x18/0x40 [ 21.035088] kasan_save_free_info+0x3f/0x60 [ 21.035698] __kasan_slab_free+0x56/0x70 [ 21.036115] kfree+0x222/0x3f0 [ 21.036477] kasan_strings+0x2aa/0xe80 [ 21.036911] kunit_try_run_case+0x1a5/0x480 [ 21.037485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.038091] kthread+0x337/0x6f0 [ 21.038499] ret_from_fork+0x116/0x1d0 [ 21.039123] ret_from_fork_asm+0x1a/0x30 [ 21.039687] [ 21.040276] The buggy address belongs to the object at ffff8881038ef280 [ 21.040276] which belongs to the cache kmalloc-32 of size 32 [ 21.041410] The buggy address is located 16 bytes inside of [ 21.041410] freed 32-byte region [ffff8881038ef280, ffff8881038ef2a0) [ 21.042397] [ 21.042760] The buggy address belongs to the physical page: [ 21.043381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038ef [ 21.044237] flags: 0x200000000000000(node=0|zone=2) [ 21.044683] page_type: f5(slab) [ 21.045007] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 21.046124] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 21.046640] page dumped because: kasan: bad access detected [ 21.047157] [ 21.047391] Memory state around the buggy address: [ 21.047858] ffff8881038ef180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 21.048813] ffff8881038ef200: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 21.049447] >ffff8881038ef280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 21.049909] ^ [ 21.050496] ffff8881038ef300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 21.051525] ffff8881038ef380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 21.052289] ==================================================================
[ 22.611696] ================================================================== [ 22.612351] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 22.612897] Read of size 1 at addr ffff00000f4bf450 by task kunit_try_catch/312 [ 22.613559] [ 22.613709] CPU: 4 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.613742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.613752] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.613763] Call trace: [ 22.613771] show_stack+0x20/0x38 (C) [ 22.613792] dump_stack_lvl+0x8c/0xd0 [ 22.613814] print_report+0x118/0x608 [ 22.613836] kasan_report+0xdc/0x128 [ 22.613857] __asan_report_load1_noabort+0x20/0x30 [ 22.613882] strlen+0xa8/0xb0 [ 22.613900] kasan_strings+0x418/0xb00 [ 22.613919] kunit_try_run_case+0x170/0x3f0 [ 22.613941] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.613966] kthread+0x328/0x630 [ 22.613982] ret_from_fork+0x10/0x20 [ 22.614002] [ 22.619754] Allocated by task 312: [ 22.620068] kasan_save_stack+0x3c/0x68 [ 22.620431] kasan_save_track+0x20/0x40 [ 22.620793] kasan_save_alloc_info+0x40/0x58 [ 22.621195] __kasan_kmalloc+0xd4/0xd8 [ 22.621549] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.621971] kasan_strings+0xc8/0xb00 [ 22.622317] kunit_try_run_case+0x170/0x3f0 [ 22.622708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.623215] kthread+0x328/0x630 [ 22.623519] ret_from_fork+0x10/0x20 [ 22.623855] [ 22.624001] Freed by task 312: [ 22.624285] kasan_save_stack+0x3c/0x68 [ 22.624646] kasan_save_track+0x20/0x40 [ 22.625007] kasan_save_free_info+0x4c/0x78 [ 22.625401] __kasan_slab_free+0x6c/0x98 [ 22.625770] kfree+0x214/0x3c8 [ 22.626060] kasan_strings+0x24c/0xb00 [ 22.626412] kunit_try_run_case+0x170/0x3f0 [ 22.626804] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.627312] kthread+0x328/0x630 [ 22.627616] ret_from_fork+0x10/0x20 [ 22.627954] [ 22.628101] The buggy address belongs to the object at ffff00000f4bf440 [ 22.628101] which belongs to the cache kmalloc-32 of size 32 [ 22.629203] The buggy address is located 16 bytes inside of [ 22.629203] freed 32-byte region [ffff00000f4bf440, ffff00000f4bf460) [ 22.630282] [ 22.630429] The buggy address belongs to the physical page: [ 22.630933] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf4bf [ 22.631641] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.632234] page_type: f5(slab) [ 22.632533] raw: 03fffe0000000000 ffff000000402780 dead000000000122 0000000000000000 [ 22.633233] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.633928] page dumped because: kasan: bad access detected [ 22.634432] [ 22.634578] Memory state around the buggy address: [ 22.635015] ffff00000f4bf300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.635668] ffff00000f4bf380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.636319] >ffff00000f4bf400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.636969] ^ [ 22.637499] ffff00000f4bf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.638152] ffff00000f4bf500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.638802] ==================================================================