Hay
Sign in
Date
June 26, 2025, 11:12 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   40.783903] ==================================================================
[   40.790908] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0
[   40.796807] Read of size 1 at addr ffff0008066bd2d0 by task kunit_try_catch/308
[   40.804099] 
[   40.805584] CPU: 7 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   40.805635] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.805654] Hardware name: WinLink E850-96 board (DT)
[   40.805676] Call trace:
[   40.805690]  show_stack+0x20/0x38 (C)
[   40.805728]  dump_stack_lvl+0x8c/0xd0
[   40.805764]  print_report+0x118/0x608
[   40.805797]  kasan_report+0xdc/0x128
[   40.805827]  __asan_report_load1_noabort+0x20/0x30
[   40.805864]  strlen+0xa8/0xb0
[   40.805893]  kasan_strings+0x418/0xb00
[   40.805928]  kunit_try_run_case+0x170/0x3f0
[   40.805966]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.806004]  kthread+0x328/0x630
[   40.806037]  ret_from_fork+0x10/0x20
[   40.806074] 
[   40.870938] Allocated by task 308:
[   40.874325]  kasan_save_stack+0x3c/0x68
[   40.878142]  kasan_save_track+0x20/0x40
[   40.881962]  kasan_save_alloc_info+0x40/0x58
[   40.886215]  __kasan_kmalloc+0xd4/0xd8
[   40.889948]  __kmalloc_cache_noprof+0x16c/0x3c0
[   40.894462]  kasan_strings+0xc8/0xb00
[   40.898107]  kunit_try_run_case+0x170/0x3f0
[   40.902274]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.907743]  kthread+0x328/0x630
[   40.910956]  ret_from_fork+0x10/0x20
[   40.914515] 
[   40.915989] Freed by task 308:
[   40.919029]  kasan_save_stack+0x3c/0x68
[   40.922847]  kasan_save_track+0x20/0x40
[   40.926666]  kasan_save_free_info+0x4c/0x78
[   40.930832]  __kasan_slab_free+0x6c/0x98
[   40.934738]  kfree+0x214/0x3c8
[   40.937777]  kasan_strings+0x24c/0xb00
[   40.941509]  kunit_try_run_case+0x170/0x3f0
[   40.945676]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.951145]  kthread+0x328/0x630
[   40.954357]  ret_from_fork+0x10/0x20
[   40.957916] 
[   40.959392] The buggy address belongs to the object at ffff0008066bd2c0
[   40.959392]  which belongs to the cache kmalloc-32 of size 32
[   40.971719] The buggy address is located 16 bytes inside of
[   40.971719]  freed 32-byte region [ffff0008066bd2c0, ffff0008066bd2e0)
[   40.983783] 
[   40.985261] The buggy address belongs to the physical page:
[   40.990817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8866bd
[   40.998803] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   41.005310] page_type: f5(slab)
[   41.008449] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000
[   41.016168] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   41.023887] page dumped because: kasan: bad access detected
[   41.029442] 
[   41.030917] Memory state around the buggy address:
[   41.035699]  ffff0008066bd180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.042901]  ffff0008066bd200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.050105] >ffff0008066bd280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.057306]                                                  ^
[   41.063126]  ffff0008066bd300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.070331]  ffff0008066bd380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   41.077532] ==================================================================
Metadata Full log Test run details 

[   20.320047] ==================================================================
[   20.320701] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0
[   20.320810] Read of size 1 at addr fff00000c5be7090 by task kunit_try_catch/261
[   20.320903] 
[   20.321367] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   20.321560] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.321659] Hardware name: linux,dummy-virt (DT)
[   20.321840] Call trace:
[   20.321913]  show_stack+0x20/0x38 (C)
[   20.322498]  dump_stack_lvl+0x8c/0xd0
[   20.322577]  print_report+0x118/0x608
[   20.323008]  kasan_report+0xdc/0x128
[   20.323095]  __asan_report_load1_noabort+0x20/0x30
[   20.323186]  strlen+0xa8/0xb0
[   20.323375]  kasan_strings+0x418/0xb00
[   20.323564]  kunit_try_run_case+0x170/0x3f0
[   20.323998]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.324163]  kthread+0x328/0x630
[   20.324292]  ret_from_fork+0x10/0x20
[   20.324576] 
[   20.324604] Allocated by task 261:
[   20.324706]  kasan_save_stack+0x3c/0x68
[   20.324990]  kasan_save_track+0x20/0x40
[   20.325108]  kasan_save_alloc_info+0x40/0x58
[   20.325505]  __kasan_kmalloc+0xd4/0xd8
[   20.325876]  __kmalloc_cache_noprof+0x16c/0x3c0
[   20.326058]  kasan_strings+0xc8/0xb00
[   20.326157]  kunit_try_run_case+0x170/0x3f0
[   20.326324]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.326630]  kthread+0x328/0x630
[   20.326710]  ret_from_fork+0x10/0x20
[   20.326898] 
[   20.327058] Freed by task 261:
[   20.327195]  kasan_save_stack+0x3c/0x68
[   20.327538]  kasan_save_track+0x20/0x40
[   20.327662]  kasan_save_free_info+0x4c/0x78
[   20.327833]  __kasan_slab_free+0x6c/0x98
[   20.327964]  kfree+0x214/0x3c8
[   20.327999]  kasan_strings+0x24c/0xb00
[   20.328352]  kunit_try_run_case+0x170/0x3f0
[   20.328474]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.328688]  kthread+0x328/0x630
[   20.328909]  ret_from_fork+0x10/0x20
[   20.329140] 
[   20.329225] The buggy address belongs to the object at fff00000c5be7080
[   20.329225]  which belongs to the cache kmalloc-32 of size 32
[   20.329318] The buggy address is located 16 bytes inside of
[   20.329318]  freed 32-byte region [fff00000c5be7080, fff00000c5be70a0)
[   20.329499] 
[   20.329587] The buggy address belongs to the physical page:
[   20.329743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105be7
[   20.330072] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.330149] page_type: f5(slab)
[   20.330341] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   20.330532] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   20.330582] page dumped because: kasan: bad access detected
[   20.330749] 
[   20.330900] Memory state around the buggy address:
[   20.331061]  fff00000c5be6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.331305]  fff00000c5be7000: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   20.331389] >fff00000c5be7080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   20.331890]                          ^
[   20.332019]  fff00000c5be7100: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   20.332148]  fff00000c5be7180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   20.332310] ==================================================================
Metadata Full log Test run details 

[   12.875476] ==================================================================
[   12.875887] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0
[   12.876197] Read of size 1 at addr ffff888102a07fd0 by task kunit_try_catch/278
[   12.876439] 
[   12.876527] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   12.876576] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.876588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.876610] Call Trace:
[   12.876629]  <TASK>
[   12.876646]  dump_stack_lvl+0x73/0xb0
[   12.876669]  print_report+0xd1/0x650
[   12.876693]  ? __virt_addr_valid+0x1db/0x2d0
[   12.876714]  ? strlen+0x8f/0xb0
[   12.876732]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.876755]  ? strlen+0x8f/0xb0
[   12.876773]  kasan_report+0x141/0x180
[   12.876795]  ? strlen+0x8f/0xb0
[   12.876818]  __asan_report_load1_noabort+0x18/0x20
[   12.876839]  strlen+0x8f/0xb0
[   12.876859]  kasan_strings+0x57b/0xe80
[   12.876878]  ? trace_hardirqs_on+0x37/0xe0
[   12.876901]  ? __pfx_kasan_strings+0x10/0x10
[   12.876934]  ? finish_task_switch.isra.0+0x153/0x700
[   12.876960]  ? __switch_to+0x5d9/0xf60
[   12.876981]  ? dequeue_task_fair+0x156/0x4e0
[   12.877006]  ? __schedule+0x10cc/0x2b60
[   12.877028]  ? __pfx_read_tsc+0x10/0x10
[   12.877048]  ? ktime_get_ts64+0x86/0x230
[   12.877075]  kunit_try_run_case+0x1a5/0x480
[   12.877101]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.877123]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.877146]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.877170]  ? __kthread_parkme+0x82/0x180
[   12.877192]  ? preempt_count_sub+0x50/0x80
[   12.877217]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.877240]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.877263]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.877286]  kthread+0x337/0x6f0
[   12.877314]  ? trace_preempt_on+0x20/0xc0
[   12.877336]  ? __pfx_kthread+0x10/0x10
[   12.877353]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.877374]  ? calculate_sigpending+0x7b/0xa0
[   12.877396]  ? __pfx_kthread+0x10/0x10
[   12.877414]  ret_from_fork+0x41/0x80
[   12.877435]  ? __pfx_kthread+0x10/0x10
[   12.877453]  ret_from_fork_asm+0x1a/0x30
[   12.877483]  </TASK>
[   12.877493] 
[   12.885945] Allocated by task 278:
[   12.886103]  kasan_save_stack+0x45/0x70
[   12.886259]  kasan_save_track+0x18/0x40
[   12.886394]  kasan_save_alloc_info+0x3b/0x50
[   12.886539]  __kasan_kmalloc+0xb7/0xc0
[   12.886723]  __kmalloc_cache_noprof+0x189/0x420
[   12.886946]  kasan_strings+0xc0/0xe80
[   12.887135]  kunit_try_run_case+0x1a5/0x480
[   12.887340]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.887970]  kthread+0x337/0x6f0
[   12.888101]  ret_from_fork+0x41/0x80
[   12.888233]  ret_from_fork_asm+0x1a/0x30
[   12.888379] 
[   12.888448] Freed by task 278:
[   12.888558]  kasan_save_stack+0x45/0x70
[   12.888695]  kasan_save_track+0x18/0x40
[   12.888851]  kasan_save_free_info+0x3f/0x60
[   12.889208]  __kasan_slab_free+0x56/0x70
[   12.889412]  kfree+0x222/0x3f0
[   12.889573]  kasan_strings+0x2aa/0xe80
[   12.889762]  kunit_try_run_case+0x1a5/0x480
[   12.890011]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.890268]  kthread+0x337/0x6f0
[   12.890434]  ret_from_fork+0x41/0x80
[   12.890616]  ret_from_fork_asm+0x1a/0x30
[   12.890809] 
[   12.890905] The buggy address belongs to the object at ffff888102a07fc0
[   12.890905]  which belongs to the cache kmalloc-32 of size 32
[   12.891297] The buggy address is located 16 bytes inside of
[   12.891297]  freed 32-byte region [ffff888102a07fc0, ffff888102a07fe0)
[   12.892061] 
[   12.892173] The buggy address belongs to the physical page:
[   12.892438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a07
[   12.892878] flags: 0x200000000000000(node=0|zone=2)
[   12.893066] page_type: f5(slab)
[   12.893193] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   12.893424] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   12.893898] page dumped because: kasan: bad access detected
[   12.894170] 
[   12.894267] Memory state around the buggy address:
[   12.894497]  ffff888102a07e80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   12.894938]  ffff888102a07f00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   12.895224] >ffff888102a07f80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   12.895522]                                                  ^
[   12.896042]  ffff888102a08000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.896353]  ffff888102a08080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.896651] ==================================================================
Metadata Full log Test run details