lkft/linux-next-master - next-20250515 - log-parser-test/kasan-bug-kasan-slab-use-after-free-in-strnlen

Date
May 15, 2025, 10:38 a.m.
Environment
e850-96
[   41.147017] ==================================================================
[   41.154102] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88
[   41.160091] Read of size 1 at addr ffff0008065c9310 by task kunit_try_catch/304
[   41.167382] 
[   41.168865] CPU: 6 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   41.168914] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.168930] Hardware name: WinLink E850-96 board (DT)
[   41.168951] Call trace:
[   41.168961]  show_stack+0x20/0x38 (C)
[   41.168996]  dump_stack_lvl+0x8c/0xd0
[   41.169029]  print_report+0x118/0x608
[   41.169064]  kasan_report+0xdc/0x128
[   41.169096]  __asan_report_load1_noabort+0x20/0x30
[   41.169131]  strnlen+0x80/0x88
[   41.169161]  kasan_strings+0x478/0xb00
[   41.169189]  kunit_try_run_case+0x170/0x3f0
[   41.169221]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.169258]  kthread+0x328/0x630
[   41.169295]  ret_from_fork+0x10/0x20
[   41.169328] 
[   41.235523] Allocated by task 304:
[   41.238909]  kasan_save_stack+0x3c/0x68
[   41.242728]  kasan_save_track+0x20/0x40
[   41.246548]  kasan_save_alloc_info+0x40/0x58
[   41.250801]  __kasan_kmalloc+0xd4/0xd8
[   41.254534]  __kmalloc_cache_noprof+0x15c/0x3c0
[   41.259047]  kasan_strings+0xc8/0xb00
[   41.262693]  kunit_try_run_case+0x170/0x3f0
[   41.266860]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.272328]  kthread+0x328/0x630
[   41.275540]  ret_from_fork+0x10/0x20
[   41.279099] 
[   41.280574] Freed by task 304:
[   41.283614]  kasan_save_stack+0x3c/0x68
[   41.287433]  kasan_save_track+0x20/0x40
[   41.291253]  kasan_save_free_info+0x4c/0x78
[   41.295418]  __kasan_slab_free+0x6c/0x98
[   41.299325]  kfree+0x214/0x3c8
[   41.302362]  kasan_strings+0x24c/0xb00
[   41.306095]  kunit_try_run_case+0x170/0x3f0
[   41.310262]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.315730]  kthread+0x328/0x630
[   41.318942]  ret_from_fork+0x10/0x20
[   41.322501] 
[   41.323977] The buggy address belongs to the object at ffff0008065c9300
[   41.323977]  which belongs to the cache kmalloc-32 of size 32
[   41.336305] The buggy address is located 16 bytes inside of
[   41.336305]  freed 32-byte region [ffff0008065c9300, ffff0008065c9320)
[   41.348369] 
[   41.349845] The buggy address belongs to the physical page:
[   41.355403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8865c9
[   41.363387] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   41.369898] page_type: f5(slab)
[   41.373031] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000
[   41.380754] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   41.388474] page dumped because: kasan: bad access detected
[   41.394028] 
[   41.395503] Memory state around the buggy address:
[   41.400283]  ffff0008065c9200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.407486]  ffff0008065c9280: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   41.414691] >ffff0008065c9300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.421892]                          ^
[   41.425628]  ffff0008065c9380: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   41.432833]  ffff0008065c9400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.440034] ==================================================================
KNOWN ISSUE - log-parser-test/kasan-bug-kasan-slab-use-after-free-in-strnlen: Failure
Metadata Full log Test run details
Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit KNOWN ISSUE
