Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.531230] ================================================================== [ 34.532032] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 34.532919] Read of size 1 at addr fff00000c58bc8d0 by task kunit_try_catch/248 [ 34.533822] [ 34.534227] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 34.535693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.536396] Hardware name: linux,dummy-virt (DT) [ 34.537151] Call trace: [ 34.537620] show_stack+0x20/0x38 (C) [ 34.538187] dump_stack_lvl+0x8c/0xd0 [ 34.538677] print_report+0x118/0x5e0 [ 34.539359] kasan_report+0xc8/0x118 [ 34.540046] __asan_report_load1_noabort+0x20/0x30 [ 34.540852] strlen+0xa8/0xb0 [ 34.541473] kasan_strings+0x320/0x8f8 [ 34.542155] kunit_try_run_case+0x14c/0x3d0 [ 34.542925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.543799] kthread+0x24c/0x2d0 [ 34.544466] ret_from_fork+0x10/0x20 [ 34.545146] [ 34.545573] Allocated by task 248: [ 34.546220] kasan_save_stack+0x3c/0x68 [ 34.546922] kasan_save_track+0x20/0x40 [ 34.547598] kasan_save_alloc_info+0x40/0x58 [ 34.548333] __kasan_kmalloc+0xd4/0xd8 [ 34.549019] __kmalloc_cache_noprof+0x15c/0x3c8 [ 34.549776] kasan_strings+0xb4/0x8f8 [ 34.550486] kunit_try_run_case+0x14c/0x3d0 [ 34.551227] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.552122] kthread+0x24c/0x2d0 [ 34.552700] ret_from_fork+0x10/0x20 [ 34.553286] [ 34.553475] Freed by task 248: [ 34.553692] kasan_save_stack+0x3c/0x68 [ 34.554021] kasan_save_track+0x20/0x40 [ 34.554646] kasan_save_free_info+0x4c/0x78 [ 34.555208] __kasan_slab_free+0x6c/0x98 [ 34.555889] kfree+0x114/0x3d0 [ 34.556458] kasan_strings+0x128/0x8f8 [ 34.557024] kunit_try_run_case+0x14c/0x3d0 [ 34.557681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.558440] kthread+0x24c/0x2d0 [ 34.558935] ret_from_fork+0x10/0x20 [ 34.559533] [ 34.559924] The buggy address belongs to the object at fff00000c58bc8c0 [ 34.559924] which belongs to the cache kmalloc-32 of size 32 [ 34.561240] The buggy address is located 16 bytes inside of [ 34.561240] freed 32-byte region [fff00000c58bc8c0, fff00000c58bc8e0) [ 34.562775] [ 34.563212] The buggy address belongs to the physical page: [ 34.563980] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058bc [ 34.564833] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.565525] page_type: f5(slab) [ 34.566489] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 34.567602] raw: 0000000000000000 0000000080400040 00000001f5000000 0000000000000000 [ 34.568650] page dumped because: kasan: bad access detected [ 34.569529] [ 34.570345] Memory state around the buggy address: [ 34.570928] fff00000c58bc780: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 34.571835] fff00000c58bc800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 34.573029] >fff00000c58bc880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 34.574022] ^ [ 34.574923] fff00000c58bc900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.575950] fff00000c58bc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.576791] ==================================================================
[ 34.558907] ================================================================== [ 34.559605] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 34.560470] Read of size 1 at addr fff00000c5ec1d10 by task kunit_try_catch/248 [ 34.561430] [ 34.561823] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 34.562828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.563447] Hardware name: linux,dummy-virt (DT) [ 34.564823] Call trace: [ 34.565263] show_stack+0x20/0x38 (C) [ 34.566170] dump_stack_lvl+0x8c/0xd0 [ 34.566851] print_report+0x118/0x5e0 [ 34.567498] kasan_report+0xc8/0x118 [ 34.568164] __asan_report_load1_noabort+0x20/0x30 [ 34.568899] strlen+0xa8/0xb0 [ 34.569517] kasan_strings+0x320/0x8f8 [ 34.570491] kunit_try_run_case+0x14c/0x3d0 [ 34.571188] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.571933] kthread+0x24c/0x2d0 [ 34.572491] ret_from_fork+0x10/0x20 [ 34.573028] [ 34.573397] Allocated by task 248: [ 34.574277] kasan_save_stack+0x3c/0x68 [ 34.574798] kasan_save_track+0x20/0x40 [ 34.575448] kasan_save_alloc_info+0x40/0x58 [ 34.576145] __kasan_kmalloc+0xd4/0xd8 [ 34.576798] __kmalloc_cache_noprof+0x15c/0x3c8 [ 34.577440] kasan_strings+0xb4/0x8f8 [ 34.578371] kunit_try_run_case+0x14c/0x3d0 [ 34.579041] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.579748] kthread+0x24c/0x2d0 [ 34.580347] ret_from_fork+0x10/0x20 [ 34.580981] [ 34.581329] Freed by task 248: [ 34.582917] kasan_save_stack+0x3c/0x68 [ 34.583442] kasan_save_track+0x20/0x40 [ 34.584090] kasan_save_free_info+0x4c/0x78 [ 34.584714] __kasan_slab_free+0x6c/0x98 [ 34.585221] kfree+0x114/0x3d0 [ 34.585792] kasan_strings+0x128/0x8f8 [ 34.586412] kunit_try_run_case+0x14c/0x3d0 [ 34.587015] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.587725] kthread+0x24c/0x2d0 [ 34.588318] ret_from_fork+0x10/0x20 [ 34.588948] [ 34.589356] The buggy address belongs to the object at fff00000c5ec1d00 [ 34.589356] which belongs to the cache kmalloc-32 of size 32 [ 34.590581] The buggy address is located 16 bytes inside of [ 34.590581] freed 32-byte region [fff00000c5ec1d00, fff00000c5ec1d20) [ 34.591810] [ 34.592169] The buggy address belongs to the physical page: [ 34.592935] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec1 [ 34.593816] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.594715] page_type: f5(slab) [ 34.595183] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 34.596063] raw: 0000000000000000 0000000080400040 00000001f5000000 0000000000000000 [ 34.596938] page dumped because: kasan: bad access detected [ 34.597596] [ 34.597974] Memory state around the buggy address: [ 34.598656] fff00000c5ec1c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 34.599481] fff00000c5ec1c80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 34.600320] >fff00000c5ec1d00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 34.601129] ^ [ 34.601752] fff00000c5ec1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.602608] fff00000c5ec1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.603516] ==================================================================
[ 28.740040] ================================================================== [ 28.740755] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 28.740755] Read of size 1 at addr ffff88810294c410 by task kunit_try_catch/268 [ 28.740755] [ 28.740755] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 28.740755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.740755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.740755] Call Trace: [ 28.745359] <TASK> [ 28.745359] dump_stack_lvl+0x73/0xb0 [ 28.746238] print_report+0xd1/0x640 [ 28.746238] ? __virt_addr_valid+0x1db/0x2d0 [ 28.746238] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.748613] kasan_report+0x102/0x140 [ 28.748613] ? strlen+0x8f/0xb0 [ 28.748613] ? strlen+0x8f/0xb0 [ 28.748613] __asan_report_load1_noabort+0x18/0x20 [ 28.750450] strlen+0x8f/0xb0 [ 28.750450] kasan_strings+0x432/0xb60 [ 28.750450] ? __pfx_kasan_strings+0x10/0x10 [ 28.750450] ? __schedule+0xc3e/0x2790 [ 28.752580] ? ktime_get_ts64+0x84/0x230 [ 28.752580] kunit_try_run_case+0x1b3/0x490 [ 28.752580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.752580] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.752580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.752580] ? __kthread_parkme+0x82/0x160 [ 28.757671] ? preempt_count_sub+0x50/0x80 [ 28.757671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.758866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.758866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.758866] kthread+0x257/0x310 [ 28.758866] ? __pfx_kthread+0x10/0x10 [ 28.758866] ret_from_fork+0x41/0x80 [ 28.758866] ? __pfx_kthread+0x10/0x10 [ 28.762868] ret_from_fork_asm+0x1a/0x30 [ 28.762868] </TASK> [ 28.762868] [ 28.765730] Allocated by task 268: [ 28.766210] kasan_save_stack+0x3d/0x60 [ 28.766210] kasan_save_track+0x18/0x40 [ 28.766210] kasan_save_alloc_info+0x3b/0x50 [ 28.766210] __kasan_kmalloc+0xb7/0xc0 [ 28.766210] __kmalloc_cache_noprof+0x184/0x410 [ 28.769557] kasan_strings+0xb3/0xb60 [ 28.769557] kunit_try_run_case+0x1b3/0x490 [ 28.769557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.769557] kthread+0x257/0x310 [ 28.772233] ret_from_fork+0x41/0x80 [ 28.772233] ret_from_fork_asm+0x1a/0x30 [ 28.772233] [ 28.772233] Freed by task 268: [ 28.772233] kasan_save_stack+0x3d/0x60 [ 28.775077] kasan_save_track+0x18/0x40 [ 28.775077] kasan_save_free_info+0x3f/0x60 [ 28.775077] __kasan_slab_free+0x56/0x70 [ 28.775077] kfree+0x123/0x3f0 [ 28.775077] kasan_strings+0x13a/0xb60 [ 28.775077] kunit_try_run_case+0x1b3/0x490 [ 28.775077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.775077] kthread+0x257/0x310 [ 28.779653] ret_from_fork+0x41/0x80 [ 28.779653] ret_from_fork_asm+0x1a/0x30 [ 28.779653] [ 28.779653] The buggy address belongs to the object at ffff88810294c400 [ 28.779653] which belongs to the cache kmalloc-32 of size 32 [ 28.779653] The buggy address is located 16 bytes inside of [ 28.779653] freed 32-byte region [ffff88810294c400, ffff88810294c420) [ 28.779653] [ 28.779653] The buggy address belongs to the physical page: [ 28.784047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c [ 28.784047] flags: 0x200000000000000(node=0|zone=2) [ 28.785830] page_type: f5(slab) [ 28.785830] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 28.785830] raw: 0000000000000000 0000000080400040 00000001f5000000 0000000000000000 [ 28.787850] page dumped because: kasan: bad access detected [ 28.787850] [ 28.787850] Memory state around the buggy address: [ 28.787850] ffff88810294c300: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.789982] ffff88810294c380: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 28.789982] >ffff88810294c400: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 28.791614] ^ [ 28.791614] ffff88810294c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.792420] ffff88810294c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.793531] ==================================================================
[ 23.603795] ================================================================== [ 23.604547] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 23.605170] Read of size 1 at addr ffff8881028c9250 by task kunit_try_catch/266 [ 23.606189] [ 23.606387] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 23.607011] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.607458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.608300] Call Trace: [ 23.608560] <TASK> [ 23.608815] dump_stack_lvl+0x73/0xb0 [ 23.609116] print_report+0xd1/0x640 [ 23.609639] ? __virt_addr_valid+0x1db/0x2d0 [ 23.610169] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.610798] kasan_report+0x102/0x140 [ 23.611231] ? strlen+0x8f/0xb0 [ 23.611689] ? strlen+0x8f/0xb0 [ 23.612115] __asan_report_load1_noabort+0x18/0x20 [ 23.612448] strlen+0x8f/0xb0 [ 23.612773] kasan_strings+0x432/0xb60 [ 23.613201] ? __pfx_kasan_strings+0x10/0x10 [ 23.613791] ? __schedule+0xc3e/0x2790 [ 23.614245] ? __pfx_read_tsc+0x10/0x10 [ 23.614780] ? ktime_get_ts64+0x84/0x230 [ 23.615293] kunit_try_run_case+0x1b3/0x490 [ 23.615831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.616345] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.616749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.617299] ? __kthread_parkme+0x82/0x160 [ 23.617803] ? preempt_count_sub+0x50/0x80 [ 23.618291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.618814] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.619392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.619801] kthread+0x257/0x310 [ 23.620070] ? __pfx_kthread+0x10/0x10 [ 23.620347] ret_from_fork+0x41/0x80 [ 23.620853] ? __pfx_kthread+0x10/0x10 [ 23.621285] ret_from_fork_asm+0x1a/0x30 [ 23.621810] </TASK> [ 23.622107] [ 23.622326] Allocated by task 266: [ 23.622759] kasan_save_stack+0x3d/0x60 [ 23.623175] kasan_save_track+0x18/0x40 [ 23.623703] kasan_save_alloc_info+0x3b/0x50 [ 23.624205] __kasan_kmalloc+0xb7/0xc0 [ 23.624693] __kmalloc_cache_noprof+0x184/0x410 [ 23.624988] kasan_strings+0xb3/0xb60 [ 23.625315] kunit_try_run_case+0x1b3/0x490 [ 23.625862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.626404] kthread+0x257/0x310 [ 23.626878] ret_from_fork+0x41/0x80 [ 23.627287] ret_from_fork_asm+0x1a/0x30 [ 23.627639] [ 23.627903] Freed by task 266: [ 23.628171] kasan_save_stack+0x3d/0x60 [ 23.628432] kasan_save_track+0x18/0x40 [ 23.628768] kasan_save_free_info+0x3f/0x60 [ 23.629058] __kasan_slab_free+0x56/0x70 [ 23.629330] kfree+0x123/0x3f0 [ 23.629709] kasan_strings+0x13a/0xb60 [ 23.630146] kunit_try_run_case+0x1b3/0x490 [ 23.630650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.631173] kthread+0x257/0x310 [ 23.631646] ret_from_fork+0x41/0x80 [ 23.632054] ret_from_fork_asm+0x1a/0x30 [ 23.632525] [ 23.632795] The buggy address belongs to the object at ffff8881028c9240 [ 23.632795] which belongs to the cache kmalloc-32 of size 32 [ 23.633948] The buggy address is located 16 bytes inside of [ 23.633948] freed 32-byte region [ffff8881028c9240, ffff8881028c9260) [ 23.634902] [ 23.635066] The buggy address belongs to the physical page: [ 23.635421] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c9 [ 23.636155] flags: 0x200000000000000(node=0|zone=2) [ 23.636764] page_type: f5(slab) [ 23.637169] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.637940] raw: 0000000000000000 0000000080400040 00000001f5000000 0000000000000000 [ 23.638387] page dumped because: kasan: bad access detected [ 23.638951] [ 23.639208] Memory state around the buggy address: [ 23.639745] ffff8881028c9100: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 23.640294] ffff8881028c9180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.640786] >ffff8881028c9200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.641153] ^ [ 23.641546] ffff8881028c9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.642269] ffff8881028c9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.642989] ==================================================================