Hay
Sign in
Date
June 2, 2025, 2:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   22.129932] ==================================================================
[   22.130711] BUG: KASAN: slab-use-after-free in strrchr+0x6c/0x78
[   22.131343] Read of size 1 at addr fff00000c6cfdcd0 by task kunit_try_catch/246
[   22.131794] 
[   22.132131] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N 6.12.32-rc1 #1
[   22.132269] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.132333] Hardware name: linux,dummy-virt (DT)
[   22.132406] Call trace:
[   22.132455]  dump_backtrace+0x9c/0x128
[   22.132555]  show_stack+0x20/0x38
[   22.132623]  dump_stack_lvl+0x8c/0xd0
[   22.132700]  print_report+0x118/0x5f0
[   22.132784]  kasan_report+0xdc/0x128
[   22.132865]  __asan_report_load1_noabort+0x20/0x30
[   22.132949]  strrchr+0x6c/0x78
[   22.133025]  kasan_strings+0x1f0/0x938
[   22.133105]  kunit_try_run_case+0x170/0x3f0
[   22.133186]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.133327]  kthread+0x24c/0x2d0
[   22.133411]  ret_from_fork+0x10/0x20
[   22.133507] 
[   22.140339] Allocated by task 246:
[   22.140582]  kasan_save_stack+0x3c/0x68
[   22.140843]  kasan_save_track+0x20/0x40
[   22.141072]  kasan_save_alloc_info+0x40/0x58
[   22.142473]  __kasan_kmalloc+0xd4/0xd8
[   22.142947]  __kmalloc_cache_noprof+0x154/0x320
[   22.143564]  kasan_strings+0xb0/0x938
[   22.144057]  kunit_try_run_case+0x170/0x3f0
[   22.144404]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.144818]  kthread+0x24c/0x2d0
[   22.145256]  ret_from_fork+0x10/0x20
[   22.145738] 
[   22.146020] Freed by task 246:
[   22.146450]  kasan_save_stack+0x3c/0x68
[   22.146966]  kasan_save_track+0x20/0x40
[   22.147817]  kasan_save_free_info+0x4c/0x78
[   22.148364]  __kasan_slab_free+0x6c/0x98
[   22.148968]  kfree+0x110/0x3b8
[   22.149533]  kasan_strings+0x128/0x938
[   22.150105]  kunit_try_run_case+0x170/0x3f0
[   22.150651]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.151368]  kthread+0x24c/0x2d0
[   22.151650]  ret_from_fork+0x10/0x20
[   22.152643] 
[   22.152983] The buggy address belongs to the object at fff00000c6cfdcc0
[   22.152983]  which belongs to the cache kmalloc-32 of size 32
[   22.154384] The buggy address is located 16 bytes inside of
[   22.154384]  freed 32-byte region [fff00000c6cfdcc0, fff00000c6cfdce0)
[   22.155369] 
[   22.155692] The buggy address belongs to the physical page:
[   22.156605] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106cfd
[   22.157147] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.157863] page_type: f5(slab)
[   22.158440] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   22.160021] raw: 0000000000000000 0000000080400040 00000001f5000000 0000000000000000
[   22.160897] page dumped because: kasan: bad access detected
[   22.161358] 
[   22.161595] Memory state around the buggy address:
[   22.162029]  fff00000c6cfdb80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   22.162636]  fff00000c6cfdc00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   22.163568] >fff00000c6cfdc80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   22.164358]                                                  ^
[   22.165131]  fff00000c6cfdd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.165716]  fff00000c6cfdd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.166612] ==================================================================
Metadata Full log Test run details 

[   14.046344] ==================================================================
[   14.046532] BUG: KASAN: slab-use-after-free in strrchr+0x64/0x70
[   14.046678] Read of size 1 at addr ffff888102632890 by task kunit_try_catch/264
[   14.046909] 
[   14.047024] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G    B            N 6.12.32-rc1 #1
[   14.047074] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.047087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.047108] Call Trace:
[   14.047120]  <TASK>
[   14.047134]  dump_stack_lvl+0x73/0xb0
[   14.047157]  print_report+0xd1/0x640
[   14.047179]  ? __virt_addr_valid+0x1db/0x2d0
[   14.047200]  ? strrchr+0x64/0x70
[   14.047219]  ? kasan_complete_mode_report_info+0x64/0x200
[   14.047240]  ? strrchr+0x64/0x70
[   14.047258]  kasan_report+0x140/0x180
[   14.047279]  ? strrchr+0x64/0x70
[   14.047302]  __asan_report_load1_noabort+0x18/0x20
[   14.047321]  strrchr+0x64/0x70
[   14.047340]  kasan_strings+0x24c/0xb60
[   14.047360]  ? __pfx_kasan_strings+0x10/0x10
[   14.047380]  ? __schedule+0xc49/0x27a0
[   14.047398]  ? __pfx_read_tsc+0x10/0x10
[   14.047415]  ? ktime_get_ts64+0x84/0x230
[   14.047440]  kunit_try_run_case+0x1a6/0x480
[   14.047459]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.047477]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   14.047496]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.047518]  ? __kthread_parkme+0x82/0x160
[   14.047535]  ? preempt_count_sub+0x50/0x80
[   14.047556]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.047574]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.047597]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.047620]  kthread+0x257/0x310
[   14.047637]  ? __pfx_kthread+0x10/0x10
[   14.047655]  ret_from_fork+0x41/0x80
[   14.047700]  ? __pfx_kthread+0x10/0x10
[   14.047719]  ret_from_fork_asm+0x1a/0x30
[   14.047747]  </TASK>
[   14.047758] 
[   14.052105] Allocated by task 264:
[   14.052249]  kasan_save_stack+0x45/0x70
[   14.052382]  kasan_save_track+0x18/0x40
[   14.052513]  kasan_save_alloc_info+0x3b/0x50
[   14.052708]  __kasan_kmalloc+0xb7/0xc0
[   14.052794]  __kmalloc_cache_noprof+0x168/0x350
[   14.052887]  kasan_strings+0xb3/0xb60
[   14.052968]  kunit_try_run_case+0x1a6/0x480
[   14.053067]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.053177]  kthread+0x257/0x310
[   14.053251]  ret_from_fork+0x41/0x80
[   14.053331]  ret_from_fork_asm+0x1a/0x30
[   14.053452] 
[   14.053542] Freed by task 264:
[   14.053728]  kasan_save_stack+0x45/0x70
[   14.053958]  kasan_save_track+0x18/0x40
[   14.054202]  kasan_save_free_info+0x3f/0x60
[   14.054438]  __kasan_slab_free+0x56/0x70
[   14.054653]  kfree+0x123/0x3d0
[   14.054855]  kasan_strings+0x13a/0xb60
[   14.055067]  kunit_try_run_case+0x1a6/0x480
[   14.055306]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.055472]  kthread+0x257/0x310
[   14.055574]  ret_from_fork+0x41/0x80
[   14.055658]  ret_from_fork_asm+0x1a/0x30
[   14.055754] 
[   14.055802] The buggy address belongs to the object at ffff888102632880
[   14.055802]  which belongs to the cache kmalloc-32 of size 32
[   14.055985] The buggy address is located 16 bytes inside of
[   14.055985]  freed 32-byte region [ffff888102632880, ffff8881026328a0)
[   14.056483] 
[   14.056584] The buggy address belongs to the physical page:
[   14.056857] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102632
[   14.057185] flags: 0x200000000000000(node=0|zone=2)
[   14.057401] page_type: f5(slab)
[   14.057537] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.057734] raw: 0000000000000000 0000000080400040 00000001f5000000 0000000000000000
[   14.057861] page dumped because: kasan: bad access detected
[   14.057977] 
[   14.058033] Memory state around the buggy address:
[   14.058313]  ffff888102632780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   14.058692]  ffff888102632800: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.058936] >ffff888102632880: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   14.059193]                          ^
[   14.059327]  ffff888102632900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.059451]  ffff888102632980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.059679] ==================================================================
Metadata Full log Test run details