Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 41.051386] ================================================================== [ 41.058396] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 41.064382] Read of size 1 at addr ffff00080499db10 by task kunit_try_catch/306 [ 41.071674] [ 41.073158] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 41.073211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.073231] Hardware name: WinLink E850-96 board (DT) [ 41.073252] Call trace: [ 41.073269] show_stack+0x20/0x38 (C) [ 41.073307] dump_stack_lvl+0x8c/0xd0 [ 41.073342] print_report+0x118/0x608 [ 41.073376] kasan_report+0xdc/0x128 [ 41.073411] __asan_report_load1_noabort+0x20/0x30 [ 41.073449] strnlen+0x80/0x88 [ 41.073477] kasan_strings+0x478/0xb00 [ 41.073509] kunit_try_run_case+0x170/0x3f0 [ 41.073545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.073583] kthread+0x328/0x630 [ 41.073610] ret_from_fork+0x10/0x20 [ 41.073644] [ 41.138600] Allocated by task 306: [ 41.141987] kasan_save_stack+0x3c/0x68 [ 41.145804] kasan_save_track+0x20/0x40 [ 41.149624] kasan_save_alloc_info+0x40/0x58 [ 41.153878] __kasan_kmalloc+0xd4/0xd8 [ 41.157610] __kmalloc_cache_noprof+0x16c/0x3c0 [ 41.162124] kasan_strings+0xc8/0xb00 [ 41.165769] kunit_try_run_case+0x170/0x3f0 [ 41.169936] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.175406] kthread+0x328/0x630 [ 41.178617] ret_from_fork+0x10/0x20 [ 41.182176] [ 41.183651] Freed by task 306: [ 41.186689] kasan_save_stack+0x3c/0x68 [ 41.190509] kasan_save_track+0x20/0x40 [ 41.194328] kasan_save_free_info+0x4c/0x78 [ 41.198495] __kasan_slab_free+0x6c/0x98 [ 41.202401] kfree+0x214/0x3c8 [ 41.205439] kasan_strings+0x24c/0xb00 [ 41.209172] kunit_try_run_case+0x170/0x3f0 [ 41.213338] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.218807] kthread+0x328/0x630 [ 41.222019] ret_from_fork+0x10/0x20 [ 41.225578] [ 41.227054] The buggy address belongs to the object at ffff00080499db00 [ 41.227054] which belongs to the cache kmalloc-32 of size 32 [ 41.239382] The buggy address is located 16 bytes inside of [ 41.239382] freed 32-byte region [ffff00080499db00, ffff00080499db20) [ 41.251446] [ 41.252923] The buggy address belongs to the physical page: [ 41.258479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88499d [ 41.266463] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 41.272974] page_type: f5(slab) [ 41.276109] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000 [ 41.283831] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 41.291549] page dumped because: kasan: bad access detected [ 41.297104] [ 41.298580] Memory state around the buggy address: [ 41.303360] ffff00080499da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.310563] ffff00080499da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.317768] >ffff00080499db00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.324969] ^ [ 41.328705] ffff00080499db80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 41.335910] ffff00080499dc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 41.343111] ==================================================================
[ 29.016591] ================================================================== [ 29.016708] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 29.016830] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 29.016967] [ 29.018204] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.018617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.018694] Hardware name: linux,dummy-virt (DT) [ 29.018796] Call trace: [ 29.018878] show_stack+0x20/0x38 (C) [ 29.019659] dump_stack_lvl+0x8c/0xd0 [ 29.020025] print_report+0x118/0x608 [ 29.020188] kasan_report+0xdc/0x128 [ 29.021097] __asan_report_load1_noabort+0x20/0x30 [ 29.021259] strnlen+0x80/0x88 [ 29.021399] kasan_strings+0x478/0xb00 [ 29.021537] kunit_try_run_case+0x170/0x3f0 [ 29.022284] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.022457] kthread+0x328/0x630 [ 29.022581] ret_from_fork+0x10/0x20 [ 29.022706] [ 29.022760] Allocated by task 259: [ 29.022839] kasan_save_stack+0x3c/0x68 [ 29.022980] kasan_save_track+0x20/0x40 [ 29.023129] kasan_save_alloc_info+0x40/0x58 [ 29.023238] __kasan_kmalloc+0xd4/0xd8 [ 29.023335] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.023454] kasan_strings+0xc8/0xb00 [ 29.023552] kunit_try_run_case+0x170/0x3f0 [ 29.023662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.023823] kthread+0x328/0x630 [ 29.023952] ret_from_fork+0x10/0x20 [ 29.024074] [ 29.024140] Freed by task 259: [ 29.024242] kasan_save_stack+0x3c/0x68 [ 29.024364] kasan_save_track+0x20/0x40 [ 29.024480] kasan_save_free_info+0x4c/0x78 [ 29.024603] __kasan_slab_free+0x6c/0x98 [ 29.024794] kfree+0x214/0x3c8 [ 29.024895] kasan_strings+0x24c/0xb00 [ 29.025041] kunit_try_run_case+0x170/0x3f0 [ 29.025179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.025318] kthread+0x328/0x630 [ 29.025427] ret_from_fork+0x10/0x20 [ 29.025546] [ 29.025610] The buggy address belongs to the object at fff00000c6437e00 [ 29.025610] which belongs to the cache kmalloc-32 of size 32 [ 29.025764] The buggy address is located 16 bytes inside of [ 29.025764] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 29.026038] [ 29.026186] The buggy address belongs to the physical page: [ 29.026292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 29.026436] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.026572] page_type: f5(slab) [ 29.026677] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.026833] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 29.026986] page dumped because: kasan: bad access detected [ 29.027085] [ 29.027146] Memory state around the buggy address: [ 29.027242] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 29.027434] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 29.027601] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.027710] ^ [ 29.027972] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.028110] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.028216] ==================================================================
[ 29.138802] ================================================================== [ 29.139993] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 29.140436] Read of size 1 at addr fff00000c7761a90 by task kunit_try_catch/259 [ 29.141108] [ 29.141499] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.141689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.141755] Hardware name: linux,dummy-virt (DT) [ 29.141826] Call trace: [ 29.141918] show_stack+0x20/0x38 (C) [ 29.142076] dump_stack_lvl+0x8c/0xd0 [ 29.142221] print_report+0x118/0x608 [ 29.142348] kasan_report+0xdc/0x128 [ 29.142465] __asan_report_load1_noabort+0x20/0x30 [ 29.142593] strnlen+0x80/0x88 [ 29.142697] kasan_strings+0x478/0xb00 [ 29.142806] kunit_try_run_case+0x170/0x3f0 [ 29.142958] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.143094] kthread+0x328/0x630 [ 29.143204] ret_from_fork+0x10/0x20 [ 29.143322] [ 29.143371] Allocated by task 259: [ 29.143439] kasan_save_stack+0x3c/0x68 [ 29.143543] kasan_save_track+0x20/0x40 [ 29.143639] kasan_save_alloc_info+0x40/0x58 [ 29.143737] __kasan_kmalloc+0xd4/0xd8 [ 29.145295] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.145785] kasan_strings+0xc8/0xb00 [ 29.146276] kunit_try_run_case+0x170/0x3f0 [ 29.147097] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.147238] kthread+0x328/0x630 [ 29.147334] ret_from_fork+0x10/0x20 [ 29.147440] [ 29.147501] Freed by task 259: [ 29.147587] kasan_save_stack+0x3c/0x68 [ 29.147697] kasan_save_track+0x20/0x40 [ 29.149348] kasan_save_free_info+0x4c/0x78 [ 29.149783] __kasan_slab_free+0x6c/0x98 [ 29.149987] kfree+0x214/0x3c8 [ 29.150147] kasan_strings+0x24c/0xb00 [ 29.150256] kunit_try_run_case+0x170/0x3f0 [ 29.150361] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.150472] kthread+0x328/0x630 [ 29.150562] ret_from_fork+0x10/0x20 [ 29.150675] [ 29.150731] The buggy address belongs to the object at fff00000c7761a80 [ 29.150731] which belongs to the cache kmalloc-32 of size 32 [ 29.150889] The buggy address is located 16 bytes inside of [ 29.150889] freed 32-byte region [fff00000c7761a80, fff00000c7761aa0) [ 29.151957] [ 29.152030] The buggy address belongs to the physical page: [ 29.152121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107761 [ 29.152741] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.153011] page_type: f5(slab) [ 29.153207] raw: 0bfffe0000000000 fff00000c0001780 dead000000000100 dead000000000122 [ 29.153552] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.153753] page dumped because: kasan: bad access detected [ 29.154352] [ 29.154437] Memory state around the buggy address: [ 29.155538] ==================================================================
[ 22.263867] ================================================================== [ 22.264661] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 22.265380] Read of size 1 at addr ffff8881039d7c90 by task kunit_try_catch/277 [ 22.265927] [ 22.266202] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 22.266519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.266562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.266626] Call Trace: [ 22.266678] <TASK> [ 22.266728] dump_stack_lvl+0x73/0xb0 [ 22.266821] print_report+0xd1/0x650 [ 22.266905] ? __virt_addr_valid+0x1db/0x2d0 [ 22.266983] ? strnlen+0x73/0x80 [ 22.267033] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.267068] ? strnlen+0x73/0x80 [ 22.267095] kasan_report+0x141/0x180 [ 22.267129] ? strnlen+0x73/0x80 [ 22.267186] __asan_report_load1_noabort+0x18/0x20 [ 22.267286] strnlen+0x73/0x80 [ 22.267319] kasan_strings+0x615/0xe80 [ 22.267352] ? __pfx_kasan_strings+0x10/0x10 [ 22.267384] ? __schedule+0x207f/0x2b60 [ 22.267413] ? schedule+0x7c/0x2e0 [ 22.267442] ? trace_hardirqs_on+0x37/0xe0 [ 22.267476] ? __schedule+0x207f/0x2b60 [ 22.267534] ? __pfx_read_tsc+0x10/0x10 [ 22.267570] ? ktime_get_ts64+0x86/0x230 [ 22.267605] kunit_try_run_case+0x1a5/0x480 [ 22.267644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.267680] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.267714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.267748] ? __kthread_parkme+0x82/0x180 [ 22.267777] ? preempt_count_sub+0x50/0x80 [ 22.267808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.267845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.267880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.267915] kthread+0x337/0x6f0 [ 22.267942] ? trace_preempt_on+0x20/0xc0 [ 22.267974] ? __pfx_kthread+0x10/0x10 [ 22.268004] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.268034] ? calculate_sigpending+0x7b/0xa0 [ 22.268070] ? __pfx_kthread+0x10/0x10 [ 22.268099] ret_from_fork+0x116/0x1d0 [ 22.268125] ? __pfx_kthread+0x10/0x10 [ 22.268153] ret_from_fork_asm+0x1a/0x30 [ 22.268196] </TASK> [ 22.268210] [ 22.286571] Allocated by task 277: [ 22.287313] kasan_save_stack+0x45/0x70 [ 22.287829] kasan_save_track+0x18/0x40 [ 22.288142] kasan_save_alloc_info+0x3b/0x50 [ 22.288611] __kasan_kmalloc+0xb7/0xc0 [ 22.289102] __kmalloc_cache_noprof+0x189/0x420 [ 22.289679] kasan_strings+0xc0/0xe80 [ 22.290061] kunit_try_run_case+0x1a5/0x480 [ 22.290427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.291236] kthread+0x337/0x6f0 [ 22.291676] ret_from_fork+0x116/0x1d0 [ 22.291992] ret_from_fork_asm+0x1a/0x30 [ 22.292327] [ 22.292595] Freed by task 277: [ 22.293001] kasan_save_stack+0x45/0x70 [ 22.293730] kasan_save_track+0x18/0x40 [ 22.294166] kasan_save_free_info+0x3f/0x60 [ 22.294595] __kasan_slab_free+0x56/0x70 [ 22.295059] kfree+0x222/0x3f0 [ 22.295595] kasan_strings+0x2aa/0xe80 [ 22.296070] kunit_try_run_case+0x1a5/0x480 [ 22.296760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.297314] kthread+0x337/0x6f0 [ 22.297905] ret_from_fork+0x116/0x1d0 [ 22.298461] ret_from_fork_asm+0x1a/0x30 [ 22.298825] [ 22.299020] The buggy address belongs to the object at ffff8881039d7c80 [ 22.299020] which belongs to the cache kmalloc-32 of size 32 [ 22.300458] The buggy address is located 16 bytes inside of [ 22.300458] freed 32-byte region [ffff8881039d7c80, ffff8881039d7ca0) [ 22.301841] [ 22.302089] The buggy address belongs to the physical page: [ 22.302801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039d7 [ 22.303676] flags: 0x200000000000000(node=0|zone=2) [ 22.304269] page_type: f5(slab) [ 22.304699] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.305256] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.306079] page dumped because: kasan: bad access detected [ 22.306451] [ 22.306826] Memory state around the buggy address: [ 22.307655] ffff8881039d7b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.308322] ffff8881039d7c00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.308933] >ffff8881039d7c80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.309379] ^ [ 22.309863] ffff8881039d7d00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.310806] ffff8881039d7d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.311449] ==================================================================
[ 21.053398] ================================================================== [ 21.053955] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 21.054437] Read of size 1 at addr ffff8881038ef290 by task kunit_try_catch/277 [ 21.055655] [ 21.056223] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 21.056712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.056753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.056812] Call Trace: [ 21.056850] <TASK> [ 21.056906] dump_stack_lvl+0x73/0xb0 [ 21.056991] print_report+0xd1/0x650 [ 21.057067] ? __virt_addr_valid+0x1db/0x2d0 [ 21.057161] ? strnlen+0x73/0x80 [ 21.057225] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.057296] ? strnlen+0x73/0x80 [ 21.057363] kasan_report+0x141/0x180 [ 21.057437] ? strnlen+0x73/0x80 [ 21.057523] __asan_report_load1_noabort+0x18/0x20 [ 21.057590] strnlen+0x73/0x80 [ 21.057620] kasan_strings+0x615/0xe80 [ 21.057650] ? trace_hardirqs_on+0x37/0xe0 [ 21.057684] ? __pfx_kasan_strings+0x10/0x10 [ 21.057715] ? finish_task_switch.isra.0+0x153/0x700 [ 21.057745] ? __switch_to+0x47/0xf50 [ 21.057781] ? __schedule+0x10cc/0x2b60 [ 21.057813] ? __pfx_read_tsc+0x10/0x10 [ 21.057842] ? ktime_get_ts64+0x86/0x230 [ 21.057892] kunit_try_run_case+0x1a5/0x480 [ 21.057974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.058052] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.058136] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.058223] ? __kthread_parkme+0x82/0x180 [ 21.058294] ? preempt_count_sub+0x50/0x80 [ 21.058329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.058366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.058404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.058439] kthread+0x337/0x6f0 [ 21.058467] ? trace_preempt_on+0x20/0xc0 [ 21.058497] ? __pfx_kthread+0x10/0x10 [ 21.058527] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.058558] ? calculate_sigpending+0x7b/0xa0 [ 21.058592] ? __pfx_kthread+0x10/0x10 [ 21.058622] ret_from_fork+0x116/0x1d0 [ 21.058646] ? __pfx_kthread+0x10/0x10 [ 21.058674] ret_from_fork_asm+0x1a/0x30 [ 21.058715] </TASK> [ 21.058730] [ 21.086469] Allocated by task 277: [ 21.087394] kasan_save_stack+0x45/0x70 [ 21.087926] kasan_save_track+0x18/0x40 [ 21.088688] kasan_save_alloc_info+0x3b/0x50 [ 21.089335] __kasan_kmalloc+0xb7/0xc0 [ 21.090083] __kmalloc_cache_noprof+0x189/0x420 [ 21.090959] kasan_strings+0xc0/0xe80 [ 21.091721] kunit_try_run_case+0x1a5/0x480 [ 21.092231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.092985] kthread+0x337/0x6f0 [ 21.093511] ret_from_fork+0x116/0x1d0 [ 21.094169] ret_from_fork_asm+0x1a/0x30 [ 21.094725] [ 21.094922] Freed by task 277: [ 21.095965] kasan_save_stack+0x45/0x70 [ 21.096330] kasan_save_track+0x18/0x40 [ 21.096580] kasan_save_free_info+0x3f/0x60 [ 21.097481] __kasan_slab_free+0x56/0x70 [ 21.097828] kfree+0x222/0x3f0 [ 21.098304] kasan_strings+0x2aa/0xe80 [ 21.098925] kunit_try_run_case+0x1a5/0x480 [ 21.099579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.100783] kthread+0x337/0x6f0 [ 21.101398] ret_from_fork+0x116/0x1d0 [ 21.102354] ret_from_fork_asm+0x1a/0x30 [ 21.102818] [ 21.102967] The buggy address belongs to the object at ffff8881038ef280 [ 21.102967] which belongs to the cache kmalloc-32 of size 32 [ 21.104411] The buggy address is located 16 bytes inside of [ 21.104411] freed 32-byte region [ffff8881038ef280, ffff8881038ef2a0) [ 21.106116] [ 21.106360] The buggy address belongs to the physical page: [ 21.107141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038ef [ 21.107964] flags: 0x200000000000000(node=0|zone=2) [ 21.108505] page_type: f5(slab) [ 21.109033] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 21.109697] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 21.110824] page dumped because: kasan: bad access detected [ 21.112004] [ 21.112209] Memory state around the buggy address: [ 21.112510] ffff8881038ef180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 21.113473] ffff8881038ef200: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 21.114161] >ffff8881038ef280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 21.115027] ^ [ 21.115306] ffff8881038ef300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 21.116710] ffff8881038ef380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 21.117215] ==================================================================
[ 22.639589] ================================================================== [ 22.640243] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 22.640794] Read of size 1 at addr ffff00000f4bf450 by task kunit_try_catch/312 [ 22.641455] [ 22.641605] CPU: 4 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.641638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.641648] Hardware name: Radxa ROCK Pi 4B (DT) [ 22.641658] Call trace: [ 22.641666] show_stack+0x20/0x38 (C) [ 22.641687] dump_stack_lvl+0x8c/0xd0 [ 22.641708] print_report+0x118/0x608 [ 22.641730] kasan_report+0xdc/0x128 [ 22.641751] __asan_report_load1_noabort+0x20/0x30 [ 22.641777] strnlen+0x80/0x88 [ 22.641794] kasan_strings+0x478/0xb00 [ 22.641812] kunit_try_run_case+0x170/0x3f0 [ 22.641834] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.641859] kthread+0x328/0x630 [ 22.641875] ret_from_fork+0x10/0x20 [ 22.641895] [ 22.647654] Allocated by task 312: [ 22.647969] kasan_save_stack+0x3c/0x68 [ 22.648330] kasan_save_track+0x20/0x40 [ 22.648691] kasan_save_alloc_info+0x40/0x58 [ 22.649092] __kasan_kmalloc+0xd4/0xd8 [ 22.649448] __kmalloc_cache_noprof+0x16c/0x3c0 [ 22.649869] kasan_strings+0xc8/0xb00 [ 22.650212] kunit_try_run_case+0x170/0x3f0 [ 22.650604] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.651112] kthread+0x328/0x630 [ 22.651416] ret_from_fork+0x10/0x20 [ 22.651754] [ 22.651899] Freed by task 312: [ 22.652183] kasan_save_stack+0x3c/0x68 [ 22.652545] kasan_save_track+0x20/0x40 [ 22.652905] kasan_save_free_info+0x4c/0x78 [ 22.653298] __kasan_slab_free+0x6c/0x98 [ 22.653667] kfree+0x214/0x3c8 [ 22.653959] kasan_strings+0x24c/0xb00 [ 22.654310] kunit_try_run_case+0x170/0x3f0 [ 22.654701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.655209] kthread+0x328/0x630 [ 22.655512] ret_from_fork+0x10/0x20 [ 22.655850] [ 22.655996] The buggy address belongs to the object at ffff00000f4bf440 [ 22.655996] which belongs to the cache kmalloc-32 of size 32 [ 22.657095] The buggy address is located 16 bytes inside of [ 22.657095] freed 32-byte region [ffff00000f4bf440, ffff00000f4bf460) [ 22.658174] [ 22.658320] The buggy address belongs to the physical page: [ 22.658823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf4bf [ 22.659531] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 22.660124] page_type: f5(slab) [ 22.660423] raw: 03fffe0000000000 ffff000000402780 dead000000000122 0000000000000000 [ 22.661123] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.661818] page dumped because: kasan: bad access detected [ 22.662321] [ 22.662466] Memory state around the buggy address: [ 22.662903] ffff00000f4bf300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.663556] ffff00000f4bf380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.664210] >ffff00000f4bf400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.664860] ^ [ 22.665389] ffff00000f4bf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.666041] ffff00000f4bf500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.666691] ==================================================================