Hay
Sign in
Date
July 6, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
x86 

[   18.991145] ==================================================================
[   18.991264] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88
[   18.991339] Read of size 1 at addr fff00000c76c8890 by task kunit_try_catch/260
[   18.991652] 
[   18.991749] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.991840] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.991940] Hardware name: linux,dummy-virt (DT)
[   18.991975] Call trace:
[   18.992025]  show_stack+0x20/0x38 (C)
[   18.992219]  dump_stack_lvl+0x8c/0xd0
[   18.992366]  print_report+0x118/0x608
[   18.992424]  kasan_report+0xdc/0x128
[   18.992472]  __asan_report_load1_noabort+0x20/0x30
[   18.992524]  strnlen+0x80/0x88
[   18.992835]  kasan_strings+0x478/0xb00
[   18.992907]  kunit_try_run_case+0x170/0x3f0
[   18.993224]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.993293]  kthread+0x328/0x630
[   18.993337]  ret_from_fork+0x10/0x20
[   18.993522] 
[   18.993675] Allocated by task 260:
[   18.993736]  kasan_save_stack+0x3c/0x68
[   18.993862]  kasan_save_track+0x20/0x40
[   18.993906]  kasan_save_alloc_info+0x40/0x58
[   18.993962]  __kasan_kmalloc+0xd4/0xd8
[   18.994362]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.994449]  kasan_strings+0xc8/0xb00
[   18.994517]  kunit_try_run_case+0x170/0x3f0
[   18.994566]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.994939]  kthread+0x328/0x630
[   18.995050]  ret_from_fork+0x10/0x20
[   18.995194] 
[   18.995282] Freed by task 260:
[   18.995373]  kasan_save_stack+0x3c/0x68
[   18.995711]  kasan_save_track+0x20/0x40
[   18.995805]  kasan_save_free_info+0x4c/0x78
[   18.995850]  __kasan_slab_free+0x6c/0x98
[   18.995889]  kfree+0x214/0x3c8
[   18.995936]  kasan_strings+0x24c/0xb00
[   18.995972]  kunit_try_run_case+0x170/0x3f0
[   18.996011]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.996069]  kthread+0x328/0x630
[   18.996104]  ret_from_fork+0x10/0x20
[   18.996144] 
[   18.996165] The buggy address belongs to the object at fff00000c76c8880
[   18.996165]  which belongs to the cache kmalloc-32 of size 32
[   18.996232] The buggy address is located 16 bytes inside of
[   18.996232]  freed 32-byte region [fff00000c76c8880, fff00000c76c88a0)
[   18.996311] 
[   18.996340] The buggy address belongs to the physical page:
[   18.996382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c8
[   18.996448] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.996507] page_type: f5(slab)
[   18.996547] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   18.996610] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   18.996657] page dumped because: kasan: bad access detected
[   18.996709] 
[   18.996747] Memory state around the buggy address:
[   18.996783]  fff00000c76c8780: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.996843]  fff00000c76c8800: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   18.996888] >fff00000c76c8880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.996938]                          ^
[   18.996970]  fff00000c76c8900: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   18.997013]  fff00000c76c8980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   18.997067] ==================================================================
Metadata Full log Test run details 

[   15.584875] ==================================================================
[   15.585264] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80
[   15.585818] Read of size 1 at addr ffff888102ab8f90 by task kunit_try_catch/277
[   15.586367] 
[   15.586940] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   15.587040] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.587065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.587103] Call Trace:
[   15.587132]  <TASK>
[   15.587161]  dump_stack_lvl+0x73/0xb0
[   15.587214]  print_report+0xd1/0x650
[   15.587254]  ? __virt_addr_valid+0x1db/0x2d0
[   15.587294]  ? strnlen+0x73/0x80
[   15.587325]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.587365]  ? strnlen+0x73/0x80
[   15.587419]  kasan_report+0x141/0x180
[   15.587465]  ? strnlen+0x73/0x80
[   15.587504]  __asan_report_load1_noabort+0x18/0x20
[   15.587534]  strnlen+0x73/0x80
[   15.587561]  kasan_strings+0x615/0xe80
[   15.587581]  ? trace_hardirqs_on+0x37/0xe0
[   15.587602]  ? __pfx_kasan_strings+0x10/0x10
[   15.587641]  ? finish_task_switch.isra.0+0x153/0x700
[   15.587674]  ? __switch_to+0x47/0xf50
[   15.587709]  ? __schedule+0x10cc/0x2b60
[   15.587740]  ? __pfx_read_tsc+0x10/0x10
[   15.587768]  ? ktime_get_ts64+0x86/0x230
[   15.587803]  kunit_try_run_case+0x1a5/0x480
[   15.587843]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.587881]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.587922]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.587966]  ? __kthread_parkme+0x82/0x180
[   15.588001]  ? preempt_count_sub+0x50/0x80
[   15.588057]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.588091]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.588144]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.588169]  kthread+0x337/0x6f0
[   15.588187]  ? trace_preempt_on+0x20/0xc0
[   15.588209]  ? __pfx_kthread+0x10/0x10
[   15.588228]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.588247]  ? calculate_sigpending+0x7b/0xa0
[   15.588269]  ? __pfx_kthread+0x10/0x10
[   15.588289]  ret_from_fork+0x116/0x1d0
[   15.588306]  ? __pfx_kthread+0x10/0x10
[   15.588325]  ret_from_fork_asm+0x1a/0x30
[   15.588353]  </TASK>
[   15.588365] 
[   15.602105] Allocated by task 277:
[   15.602266]  kasan_save_stack+0x45/0x70
[   15.602583]  kasan_save_track+0x18/0x40
[   15.602865]  kasan_save_alloc_info+0x3b/0x50
[   15.603703]  __kasan_kmalloc+0xb7/0xc0
[   15.603917]  __kmalloc_cache_noprof+0x189/0x420
[   15.604115]  kasan_strings+0xc0/0xe80
[   15.604285]  kunit_try_run_case+0x1a5/0x480
[   15.604580]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.605433]  kthread+0x337/0x6f0
[   15.605848]  ret_from_fork+0x116/0x1d0
[   15.606141]  ret_from_fork_asm+0x1a/0x30
[   15.606681] 
[   15.606797] Freed by task 277:
[   15.606944]  kasan_save_stack+0x45/0x70
[   15.607120]  kasan_save_track+0x18/0x40
[   15.607769]  kasan_save_free_info+0x3f/0x60
[   15.608196]  __kasan_slab_free+0x56/0x70
[   15.608574]  kfree+0x222/0x3f0
[   15.608937]  kasan_strings+0x2aa/0xe80
[   15.609223]  kunit_try_run_case+0x1a5/0x480
[   15.609822]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.610079]  kthread+0x337/0x6f0
[   15.610296]  ret_from_fork+0x116/0x1d0
[   15.610593]  ret_from_fork_asm+0x1a/0x30
[   15.611307] 
[   15.611485] The buggy address belongs to the object at ffff888102ab8f80
[   15.611485]  which belongs to the cache kmalloc-32 of size 32
[   15.612808] The buggy address is located 16 bytes inside of
[   15.612808]  freed 32-byte region [ffff888102ab8f80, ffff888102ab8fa0)
[   15.613340] 
[   15.613502] The buggy address belongs to the physical page:
[   15.613882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   15.614174] flags: 0x200000000000000(node=0|zone=2)
[   15.614416] page_type: f5(slab)
[   15.614560] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   15.615517] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   15.616111] page dumped because: kasan: bad access detected
[   15.616572] 
[   15.616961] Memory state around the buggy address:
[   15.617361]  ffff888102ab8e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   15.617819]  ffff888102ab8f00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   15.618051] >ffff888102ab8f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.618522]                          ^
[   15.618785]  ffff888102ab9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.619163]  ffff888102ab9080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[   15.619456] ==================================================================
Metadata Full log Test run details 

[   15.601010] ==================================================================
[   15.601353] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80
[   15.601646] Read of size 1 at addr ffff8881031d1550 by task kunit_try_catch/276
[   15.601984] 
[   15.602100] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   15.602145] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.602157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.602178] Call Trace:
[   15.602194]  <TASK>
[   15.602211]  dump_stack_lvl+0x73/0xb0
[   15.602237]  print_report+0xd1/0x650
[   15.602258]  ? __virt_addr_valid+0x1db/0x2d0
[   15.602280]  ? strnlen+0x73/0x80
[   15.602301]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.602327]  ? strnlen+0x73/0x80
[   15.602348]  kasan_report+0x141/0x180
[   15.602370]  ? strnlen+0x73/0x80
[   15.602397]  __asan_report_load1_noabort+0x18/0x20
[   15.602424]  strnlen+0x73/0x80
[   15.602447]  kasan_strings+0x615/0xe80
[   15.602467]  ? trace_hardirqs_on+0x37/0xe0
[   15.602490]  ? __pfx_kasan_strings+0x10/0x10
[   15.602510]  ? finish_task_switch.isra.0+0x153/0x700
[   15.602532]  ? __switch_to+0x47/0xf50
[   15.602557]  ? __schedule+0x10cc/0x2b60
[   15.602579]  ? __pfx_read_tsc+0x10/0x10
[   15.602600]  ? ktime_get_ts64+0x86/0x230
[   15.602624]  kunit_try_run_case+0x1a5/0x480
[   15.602646]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.602669]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.602692]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.602714]  ? __kthread_parkme+0x82/0x180
[   15.602735]  ? preempt_count_sub+0x50/0x80
[   15.602759]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.602783]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.602805]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.602829]  kthread+0x337/0x6f0
[   15.602849]  ? trace_preempt_on+0x20/0xc0
[   15.602871]  ? __pfx_kthread+0x10/0x10
[   15.602893]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.602914]  ? calculate_sigpending+0x7b/0xa0
[   15.602938]  ? __pfx_kthread+0x10/0x10
[   15.602960]  ret_from_fork+0x116/0x1d0
[   15.602978]  ? __pfx_kthread+0x10/0x10
[   15.602999]  ret_from_fork_asm+0x1a/0x30
[   15.603031]  </TASK>
[   15.603042] 
[   15.611509] Allocated by task 276:
[   15.611655]  kasan_save_stack+0x45/0x70
[   15.611874]  kasan_save_track+0x18/0x40
[   15.612112]  kasan_save_alloc_info+0x3b/0x50
[   15.612338]  __kasan_kmalloc+0xb7/0xc0
[   15.612537]  __kmalloc_cache_noprof+0x189/0x420
[   15.612757]  kasan_strings+0xc0/0xe80
[   15.612899]  kunit_try_run_case+0x1a5/0x480
[   15.613090]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.613364]  kthread+0x337/0x6f0
[   15.613584]  ret_from_fork+0x116/0x1d0
[   15.613805]  ret_from_fork_asm+0x1a/0x30
[   15.614029] 
[   15.614125] Freed by task 276:
[   15.614294]  kasan_save_stack+0x45/0x70
[   15.614498]  kasan_save_track+0x18/0x40
[   15.614707]  kasan_save_free_info+0x3f/0x60
[   15.614932]  __kasan_slab_free+0x56/0x70
[   15.615152]  kfree+0x222/0x3f0
[   15.615339]  kasan_strings+0x2aa/0xe80
[   15.615522]  kunit_try_run_case+0x1a5/0x480
[   15.615783]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.616069]  kthread+0x337/0x6f0
[   15.616216]  ret_from_fork+0x116/0x1d0
[   15.616358]  ret_from_fork_asm+0x1a/0x30
[   15.616508] 
[   15.616585] The buggy address belongs to the object at ffff8881031d1540
[   15.616585]  which belongs to the cache kmalloc-32 of size 32
[   15.617174] The buggy address is located 16 bytes inside of
[   15.617174]  freed 32-byte region [ffff8881031d1540, ffff8881031d1560)
[   15.617771] 
[   15.617880] The buggy address belongs to the physical page:
[   15.618186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d1
[   15.618531] flags: 0x200000000000000(node=0|zone=2)
[   15.618708] page_type: f5(slab)
[   15.618858] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   15.619127] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   15.619518] page dumped because: kasan: bad access detected
[   15.619855] 
[   15.619969] Memory state around the buggy address:
[   15.620219]  ffff8881031d1400: 00 00 00 04 fc fc fc fc fa fb fb fb fc fc fc fc
[   15.620590]  ffff8881031d1480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.620967] >ffff8881031d1500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   15.621302]                                                  ^
[   15.621585]  ffff8881031d1580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   15.621939]  ffff8881031d1600: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   15.622274] ==================================================================
Metadata Full log Test run details 

[   43.365302] ==================================================================
[   43.372572] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80
[   43.378578] Read of size 1 at addr ffff8881066e8410 by task kunit_try_catch/300
[   43.385886] 
[   43.387407] CPU: 3 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   43.387415] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   43.387418] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   43.387421] Call Trace:
[   43.387423]  <TASK>
[   43.387424]  dump_stack_lvl+0x73/0xb0
[   43.387429]  print_report+0xd1/0x650
[   43.387433]  ? __virt_addr_valid+0x1db/0x2d0
[   43.387437]  ? strnlen+0x73/0x80
[   43.387441]  ? kasan_complete_mode_report_info+0x64/0x200
[   43.387446]  ? strnlen+0x73/0x80
[   43.387450]  kasan_report+0x141/0x180
[   43.387454]  ? strnlen+0x73/0x80
[   43.387459]  __asan_report_load1_noabort+0x18/0x20
[   43.387464]  strnlen+0x73/0x80
[   43.387468]  kasan_strings+0x615/0xe80
[   43.387471]  ? trace_hardirqs_on+0x37/0xe0
[   43.387475]  ? __pfx_kasan_strings+0x10/0x10
[   43.387479]  ? finish_task_switch.isra.0+0x153/0x700
[   43.387483]  ? __switch_to+0x544/0xf50
[   43.387488]  ? __schedule+0x10cc/0x2b60
[   43.387492]  ? ktime_get_ts64+0x83/0x230
[   43.387496]  kunit_try_run_case+0x1a2/0x480
[   43.387501]  ? __pfx_kunit_try_run_case+0x10/0x10
[   43.387505]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   43.387509]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   43.387513]  ? __kthread_parkme+0x82/0x180
[   43.387517]  ? preempt_count_sub+0x50/0x80
[   43.387521]  ? __pfx_kunit_try_run_case+0x10/0x10
[   43.387525]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   43.387530]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   43.387534]  kthread+0x334/0x6f0
[   43.387537]  ? trace_preempt_on+0x20/0xc0
[   43.387541]  ? __pfx_kthread+0x10/0x10
[   43.387545]  ? _raw_spin_unlock_irq+0x47/0x80
[   43.387549]  ? calculate_sigpending+0x7b/0xa0
[   43.387553]  ? __pfx_kthread+0x10/0x10
[   43.387557]  ret_from_fork+0x113/0x1d0
[   43.387560]  ? __pfx_kthread+0x10/0x10
[   43.387564]  ret_from_fork_asm+0x1a/0x30
[   43.387570]  </TASK>
[   43.387571] 
[   43.564468] Allocated by task 300:
[   43.567875]  kasan_save_stack+0x45/0x70
[   43.571714]  kasan_save_track+0x18/0x40
[   43.575554]  kasan_save_alloc_info+0x3b/0x50
[   43.579826]  __kasan_kmalloc+0xb7/0xc0
[   43.583578]  __kmalloc_cache_noprof+0x189/0x420
[   43.588111]  kasan_strings+0xc0/0xe80
[   43.591778]  kunit_try_run_case+0x1a2/0x480
[   43.595962]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   43.601365]  kthread+0x334/0x6f0
[   43.604620]  ret_from_fork+0x113/0x1d0
[   43.608374]  ret_from_fork_asm+0x1a/0x30
[   43.612326] 
[   43.613853] Freed by task 300:
[   43.616911]  kasan_save_stack+0x45/0x70
[   43.620751]  kasan_save_track+0x18/0x40
[   43.624590]  kasan_save_free_info+0x3f/0x60
[   43.628774]  __kasan_slab_free+0x56/0x70
[   43.632702]  kfree+0x222/0x3f0
[   43.635761]  kasan_strings+0x2aa/0xe80
[   43.639513]  kunit_try_run_case+0x1a2/0x480
[   43.643699]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   43.649098]  kthread+0x334/0x6f0
[   43.652349]  ret_from_fork+0x113/0x1d0
[   43.656111]  ret_from_fork_asm+0x1a/0x30
[   43.660035] 
[   43.661534] The buggy address belongs to the object at ffff8881066e8400
[   43.661534]  which belongs to the cache kmalloc-32 of size 32
[   43.673868] The buggy address is located 16 bytes inside of
[   43.673868]  freed 32-byte region [ffff8881066e8400, ffff8881066e8420)
[   43.685950] 
[   43.687450] The buggy address belongs to the physical page:
[   43.693022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066e8
[   43.701022] flags: 0x200000000000000(node=0|zone=2)
[   43.705909] page_type: f5(slab)
[   43.709055] raw: 0200000000000000 ffff888100042780 dead000000000122 0000000000000000
[   43.716794] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   43.724532] page dumped because: kasan: bad access detected
[   43.730106] 
[   43.731604] Memory state around the buggy address:
[   43.736407]  ffff8881066e8300: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   43.743627]  ffff8881066e8380: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   43.750844] >ffff8881066e8400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   43.758064]                          ^
[   43.761816]  ffff8881066e8480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   43.769037]  ffff8881066e8500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   43.776257] ==================================================================
Metadata Full log Test run details