Hay
Sign in
Date
June 26, 2025, 11:12 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   41.084854] ==================================================================
[   41.091947] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88
[   41.097932] Read of size 1 at addr ffff0008066bd2d0 by task kunit_try_catch/308
[   41.105222] 
[   41.106708] CPU: 7 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   41.106761] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.106778] Hardware name: WinLink E850-96 board (DT)
[   41.106798] Call trace:
[   41.106814]  show_stack+0x20/0x38 (C)
[   41.106854]  dump_stack_lvl+0x8c/0xd0
[   41.106891]  print_report+0x118/0x608
[   41.106923]  kasan_report+0xdc/0x128
[   41.106953]  __asan_report_load1_noabort+0x20/0x30
[   41.106991]  strnlen+0x80/0x88
[   41.107019]  kasan_strings+0x478/0xb00
[   41.107053]  kunit_try_run_case+0x170/0x3f0
[   41.107093]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.107132]  kthread+0x328/0x630
[   41.107167]  ret_from_fork+0x10/0x20
[   41.107201] 
[   41.172148] Allocated by task 308:
[   41.175534]  kasan_save_stack+0x3c/0x68
[   41.179353]  kasan_save_track+0x20/0x40
[   41.183172]  kasan_save_alloc_info+0x40/0x58
[   41.187426]  __kasan_kmalloc+0xd4/0xd8
[   41.191158]  __kmalloc_cache_noprof+0x16c/0x3c0
[   41.195672]  kasan_strings+0xc8/0xb00
[   41.199318]  kunit_try_run_case+0x170/0x3f0
[   41.203485]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.208953]  kthread+0x328/0x630
[   41.212165]  ret_from_fork+0x10/0x20
[   41.215724] 
[   41.217200] Freed by task 308:
[   41.220240]  kasan_save_stack+0x3c/0x68
[   41.224058]  kasan_save_track+0x20/0x40
[   41.227878]  kasan_save_free_info+0x4c/0x78
[   41.232043]  __kasan_slab_free+0x6c/0x98
[   41.235949]  kfree+0x214/0x3c8
[   41.238987]  kasan_strings+0x24c/0xb00
[   41.242720]  kunit_try_run_case+0x170/0x3f0
[   41.246887]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.252355]  kthread+0x328/0x630
[   41.255567]  ret_from_fork+0x10/0x20
[   41.259126] 
[   41.260603] The buggy address belongs to the object at ffff0008066bd2c0
[   41.260603]  which belongs to the cache kmalloc-32 of size 32
[   41.272928] The buggy address is located 16 bytes inside of
[   41.272928]  freed 32-byte region [ffff0008066bd2c0, ffff0008066bd2e0)
[   41.284994] 
[   41.286473] The buggy address belongs to the physical page:
[   41.292029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8866bd
[   41.300013] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   41.306522] page_type: f5(slab)
[   41.309658] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000
[   41.317379] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   41.325099] page dumped because: kasan: bad access detected
[   41.330653] 
[   41.332128] Memory state around the buggy address:
[   41.336910]  ffff0008066bd180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.344112]  ffff0008066bd200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.351316] >ffff0008066bd280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.358517]                                                  ^
[   41.364337]  ffff0008066bd300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   41.371541]  ffff0008066bd380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   41.378744] ==================================================================
Metadata Full log Test run details 

[   20.333903] ==================================================================
[   20.333987] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88
[   20.334041] Read of size 1 at addr fff00000c5be7090 by task kunit_try_catch/261
[   20.334341] 
[   20.334450] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   20.334549] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.334578] Hardware name: linux,dummy-virt (DT)
[   20.334612] Call trace:
[   20.334636]  show_stack+0x20/0x38 (C)
[   20.334690]  dump_stack_lvl+0x8c/0xd0
[   20.335065]  print_report+0x118/0x608
[   20.335316]  kasan_report+0xdc/0x128
[   20.335384]  __asan_report_load1_noabort+0x20/0x30
[   20.335437]  strnlen+0x80/0x88
[   20.335491]  kasan_strings+0x478/0xb00
[   20.335937]  kunit_try_run_case+0x170/0x3f0
[   20.336035]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.336157]  kthread+0x328/0x630
[   20.336211]  ret_from_fork+0x10/0x20
[   20.336609] 
[   20.336654] Allocated by task 261:
[   20.336865]  kasan_save_stack+0x3c/0x68
[   20.337042]  kasan_save_track+0x20/0x40
[   20.337242]  kasan_save_alloc_info+0x40/0x58
[   20.337326]  __kasan_kmalloc+0xd4/0xd8
[   20.337448]  __kmalloc_cache_noprof+0x16c/0x3c0
[   20.337538]  kasan_strings+0xc8/0xb00
[   20.337728]  kunit_try_run_case+0x170/0x3f0
[   20.337946]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.338122]  kthread+0x328/0x630
[   20.338212]  ret_from_fork+0x10/0x20
[   20.338350] 
[   20.338576] Freed by task 261:
[   20.338652]  kasan_save_stack+0x3c/0x68
[   20.338999]  kasan_save_track+0x20/0x40
[   20.339139]  kasan_save_free_info+0x4c/0x78
[   20.339544]  __kasan_slab_free+0x6c/0x98
[   20.339780]  kfree+0x214/0x3c8
[   20.339975]  kasan_strings+0x24c/0xb00
[   20.340022]  kunit_try_run_case+0x170/0x3f0
[   20.340065]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.340345]  kthread+0x328/0x630
[   20.340537]  ret_from_fork+0x10/0x20
[   20.340712] 
[   20.340770] The buggy address belongs to the object at fff00000c5be7080
[   20.340770]  which belongs to the cache kmalloc-32 of size 32
[   20.340941] The buggy address is located 16 bytes inside of
[   20.340941]  freed 32-byte region [fff00000c5be7080, fff00000c5be70a0)
[   20.341208] 
[   20.341422] The buggy address belongs to the physical page:
[   20.341539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105be7
[   20.341796] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.342050] page_type: f5(slab)
[   20.342113] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   20.342185] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   20.342248] page dumped because: kasan: bad access detected
[   20.342283] 
[   20.342313] Memory state around the buggy address:
[   20.342359]  fff00000c5be6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.342417]  fff00000c5be7000: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   20.342479] >fff00000c5be7080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   20.342531]                          ^
[   20.342562]  fff00000c5be7100: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   20.342608]  fff00000c5be7180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   20.342660] ==================================================================
Metadata Full log Test run details 

[   12.897235] ==================================================================
[   12.897505] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80
[   12.898070] Read of size 1 at addr ffff888102a07fd0 by task kunit_try_catch/278
[   12.898384] 
[   12.898492] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   12.898539] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.898551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.898575] Call Trace:
[   12.898594]  <TASK>
[   12.898613]  dump_stack_lvl+0x73/0xb0
[   12.898638]  print_report+0xd1/0x650
[   12.898661]  ? __virt_addr_valid+0x1db/0x2d0
[   12.898684]  ? strnlen+0x73/0x80
[   12.898701]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.898770]  ? strnlen+0x73/0x80
[   12.898791]  kasan_report+0x141/0x180
[   12.898813]  ? strnlen+0x73/0x80
[   12.898836]  __asan_report_load1_noabort+0x18/0x20
[   12.898858]  strnlen+0x73/0x80
[   12.898877]  kasan_strings+0x615/0xe80
[   12.898897]  ? trace_hardirqs_on+0x37/0xe0
[   12.898934]  ? __pfx_kasan_strings+0x10/0x10
[   12.898954]  ? finish_task_switch.isra.0+0x153/0x700
[   12.898979]  ? __switch_to+0x5d9/0xf60
[   12.898999]  ? dequeue_task_fair+0x156/0x4e0
[   12.899023]  ? __schedule+0x10cc/0x2b60
[   12.899046]  ? __pfx_read_tsc+0x10/0x10
[   12.899066]  ? ktime_get_ts64+0x86/0x230
[   12.899090]  kunit_try_run_case+0x1a5/0x480
[   12.899116]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.899137]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.899161]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.899184]  ? __kthread_parkme+0x82/0x180
[   12.899206]  ? preempt_count_sub+0x50/0x80
[   12.899231]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.899254]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.899277]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.899299]  kthread+0x337/0x6f0
[   12.899315]  ? trace_preempt_on+0x20/0xc0
[   12.899337]  ? __pfx_kthread+0x10/0x10
[   12.899355]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.899376]  ? calculate_sigpending+0x7b/0xa0
[   12.899397]  ? __pfx_kthread+0x10/0x10
[   12.899415]  ret_from_fork+0x41/0x80
[   12.899435]  ? __pfx_kthread+0x10/0x10
[   12.899453]  ret_from_fork_asm+0x1a/0x30
[   12.899485]  </TASK>
[   12.899495] 
[   12.908026] Allocated by task 278:
[   12.908422]  kasan_save_stack+0x45/0x70
[   12.908756]  kasan_save_track+0x18/0x40
[   12.908966]  kasan_save_alloc_info+0x3b/0x50
[   12.909171]  __kasan_kmalloc+0xb7/0xc0
[   12.909349]  __kmalloc_cache_noprof+0x189/0x420
[   12.909616]  kasan_strings+0xc0/0xe80
[   12.909875]  kunit_try_run_case+0x1a5/0x480
[   12.910037]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.910212]  kthread+0x337/0x6f0
[   12.910328]  ret_from_fork+0x41/0x80
[   12.910512]  ret_from_fork_asm+0x1a/0x30
[   12.910870] 
[   12.910983] Freed by task 278:
[   12.911140]  kasan_save_stack+0x45/0x70
[   12.911329]  kasan_save_track+0x18/0x40
[   12.911516]  kasan_save_free_info+0x3f/0x60
[   12.912032]  __kasan_slab_free+0x56/0x70
[   12.912224]  kfree+0x222/0x3f0
[   12.912378]  kasan_strings+0x2aa/0xe80
[   12.912566]  kunit_try_run_case+0x1a5/0x480
[   12.912727]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.912981]  kthread+0x337/0x6f0
[   12.913113]  ret_from_fork+0x41/0x80
[   12.913286]  ret_from_fork_asm+0x1a/0x30
[   12.913453] 
[   12.913536] The buggy address belongs to the object at ffff888102a07fc0
[   12.913536]  which belongs to the cache kmalloc-32 of size 32
[   12.914054] The buggy address is located 16 bytes inside of
[   12.914054]  freed 32-byte region [ffff888102a07fc0, ffff888102a07fe0)
[   12.914404] 
[   12.914475] The buggy address belongs to the physical page:
[   12.914903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a07
[   12.915273] flags: 0x200000000000000(node=0|zone=2)
[   12.915513] page_type: f5(slab)
[   12.915684] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   12.915956] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[   12.916182] page dumped because: kasan: bad access detected
[   12.916364] 
[   12.916480] Memory state around the buggy address:
[   12.917069]  ffff888102a07e80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   12.917401]  ffff888102a07f00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   12.917933] >ffff888102a07f80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   12.918152]                                                  ^
[   12.918373]  ffff888102a08000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.918684]  ffff888102a08080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.919006] ==================================================================
Metadata Full log Test run details