Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 38.723198] ================================================================== [ 38.730282] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 38.736183] Read of size 1 at addr ffff000800cab9d0 by task kunit_try_catch/308 [ 38.743474] [ 38.744958] CPU: 6 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 38.745010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.745026] Hardware name: WinLink E850-96 board (DT) [ 38.745047] Call trace: [ 38.745061] show_stack+0x20/0x38 (C) [ 38.745096] dump_stack_lvl+0x8c/0xd0 [ 38.745130] print_report+0x118/0x608 [ 38.745162] kasan_report+0xdc/0x128 [ 38.745191] __asan_report_load1_noabort+0x20/0x30 [ 38.745227] strlen+0xa8/0xb0 [ 38.745254] kasan_strings+0x418/0xb00 [ 38.745285] kunit_try_run_case+0x170/0x3f0 [ 38.745321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.745360] kthread+0x328/0x630 [ 38.745393] ret_from_fork+0x10/0x20 [ 38.745428] [ 38.810313] Allocated by task 308: [ 38.813702] kasan_save_stack+0x3c/0x68 [ 38.817518] kasan_save_track+0x20/0x40 [ 38.821337] kasan_save_alloc_info+0x40/0x58 [ 38.825590] __kasan_kmalloc+0xd4/0xd8 [ 38.829323] __kmalloc_cache_noprof+0x16c/0x3c0 [ 38.833837] kasan_strings+0xc8/0xb00 [ 38.837483] kunit_try_run_case+0x170/0x3f0 [ 38.841649] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.847118] kthread+0x328/0x630 [ 38.850330] ret_from_fork+0x10/0x20 [ 38.853889] [ 38.855364] Freed by task 308: [ 38.858403] kasan_save_stack+0x3c/0x68 [ 38.862222] kasan_save_track+0x20/0x40 [ 38.866041] kasan_save_free_info+0x4c/0x78 [ 38.870208] __kasan_slab_free+0x6c/0x98 [ 38.874114] kfree+0x214/0x3c8 [ 38.877152] kasan_strings+0x24c/0xb00 [ 38.880885] kunit_try_run_case+0x170/0x3f0 [ 38.885051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.890520] kthread+0x328/0x630 [ 38.893732] ret_from_fork+0x10/0x20 [ 38.897291] [ 38.898767] The buggy address belongs to the object at ffff000800cab9c0 [ 38.898767] which belongs to the cache kmalloc-32 of size 32 [ 38.911093] The buggy address is located 16 bytes inside of [ 38.911093] freed 32-byte region [ffff000800cab9c0, ffff000800cab9e0) [ 38.923159] [ 38.924636] The buggy address belongs to the physical page: [ 38.930193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880cab [ 38.938176] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.944686] page_type: f5(slab) [ 38.947820] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000 [ 38.955543] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 38.963262] page dumped because: kasan: bad access detected [ 38.968817] [ 38.970293] Memory state around the buggy address: [ 38.975075] ffff000800cab880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 38.982276] ffff000800cab900: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 38.989483] >ffff000800cab980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 38.996681] ^ [ 39.002501] ffff000800caba00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 39.009706] ffff000800caba80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 39.016907] ==================================================================
[ 17.858829] ================================================================== [ 17.858882] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 17.858929] Read of size 1 at addr fff00000c7949310 by task kunit_try_catch/264 [ 17.859248] [ 17.859292] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 17.859487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.859557] Hardware name: linux,dummy-virt (DT) [ 17.859665] Call trace: [ 17.859722] show_stack+0x20/0x38 (C) [ 17.859810] dump_stack_lvl+0x8c/0xd0 [ 17.859863] print_report+0x118/0x608 [ 17.859947] kasan_report+0xdc/0x128 [ 17.860179] __asan_report_load1_noabort+0x20/0x30 [ 17.860374] strlen+0xa8/0xb0 [ 17.860497] kasan_strings+0x418/0xb00 [ 17.860601] kunit_try_run_case+0x170/0x3f0 [ 17.860665] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.860939] kthread+0x328/0x630 [ 17.861091] ret_from_fork+0x10/0x20 [ 17.861274] [ 17.861373] Allocated by task 264: [ 17.861416] kasan_save_stack+0x3c/0x68 [ 17.861662] kasan_save_track+0x20/0x40 [ 17.861800] kasan_save_alloc_info+0x40/0x58 [ 17.861881] __kasan_kmalloc+0xd4/0xd8 [ 17.862014] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.862125] kasan_strings+0xc8/0xb00 [ 17.862420] kunit_try_run_case+0x170/0x3f0 [ 17.862545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.862702] kthread+0x328/0x630 [ 17.862801] ret_from_fork+0x10/0x20 [ 17.862840] [ 17.863134] Freed by task 264: [ 17.863247] kasan_save_stack+0x3c/0x68 [ 17.863450] __kasan_slab_free+0x6c/0x98 [ 17.864620] The buggy address is located 16 bytes inside of [ 17.864620] freed 32-byte region [fff00000c7949300, fff00000c7949320) [ 17.866135] fff00000c7949200: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 17.867782] [ 17.867813] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 17.869796] kthread+0x328/0x630 [ 17.870509] kasan_save_stack+0x3c/0x68 [ 17.871328] kunit_try_run_case+0x170/0x3f0 [ 17.871806] ret_from_fork+0x10/0x20 [ 17.873019] kasan_strings+0x24c/0xb00 [ 17.873879] The buggy address is located 16 bytes inside of [ 17.873879] freed 32-byte region [fff00000c7949300, fff00000c7949320) [ 17.875964] >fff00000c7949300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 17.876607] ==================================================================
[ 16.796553] ================================================================== [ 16.797039] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 16.797862] Read of size 1 at addr ffff8881029f4750 by task kunit_try_catch/280 [ 16.798169] [ 16.798397] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 16.798507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.798536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.798610] Call Trace: [ 16.798653] <TASK> [ 16.798696] dump_stack_lvl+0x73/0xb0 [ 16.798803] print_report+0xd1/0x650 [ 16.798874] ? __virt_addr_valid+0x1db/0x2d0 [ 16.798944] ? strlen+0x8f/0xb0 [ 16.798984] ? kasan_complete_mode_report_info+0x64/0x200 [ 16.799031] ? strlen+0x8f/0xb0 [ 16.799072] kasan_report+0x141/0x180 [ 16.799123] ? strlen+0x8f/0xb0 [ 16.799200] __asan_report_load1_noabort+0x18/0x20 [ 16.799244] strlen+0x8f/0xb0 [ 16.799274] kasan_strings+0x57b/0xe80 [ 16.799303] ? __pfx_kasan_strings+0x10/0x10 [ 16.799325] ? __schedule+0x207f/0x2b60 [ 16.799371] ? schedule+0x7c/0x2e0 [ 16.799393] ? trace_hardirqs_on+0x37/0xe0 [ 16.799421] ? __schedule+0x207f/0x2b60 [ 16.799444] ? __pfx_read_tsc+0x10/0x10 [ 16.799465] ? ktime_get_ts64+0x86/0x230 [ 16.799493] kunit_try_run_case+0x1a5/0x480 [ 16.799520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.799542] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.799568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.799593] ? __kthread_parkme+0x82/0x180 [ 16.799617] ? preempt_count_sub+0x50/0x80 [ 16.799644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.799668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.799691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.799715] kthread+0x337/0x6f0 [ 16.799733] ? trace_preempt_on+0x20/0xc0 [ 16.799756] ? __pfx_kthread+0x10/0x10 [ 16.799775] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.799797] ? calculate_sigpending+0x7b/0xa0 [ 16.799821] ? __pfx_kthread+0x10/0x10 [ 16.799841] ret_from_fork+0x41/0x80 [ 16.799862] ? __pfx_kthread+0x10/0x10 [ 16.799881] ret_from_fork_asm+0x1a/0x30 [ 16.799915] </TASK> [ 16.799928] [ 16.814525] Allocated by task 280: [ 16.814812] kasan_save_stack+0x45/0x70 [ 16.815588] kasan_save_track+0x18/0x40 [ 16.815814] kasan_save_alloc_info+0x3b/0x50 [ 16.815990] __kasan_kmalloc+0xb7/0xc0 [ 16.816462] __kmalloc_cache_noprof+0x189/0x420 [ 16.816825] kasan_strings+0xc0/0xe80 [ 16.817166] kunit_try_run_case+0x1a5/0x480 [ 16.817455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.817867] kthread+0x337/0x6f0 [ 16.818124] ret_from_fork+0x41/0x80 [ 16.818447] ret_from_fork_asm+0x1a/0x30 [ 16.818879] [ 16.819058] Freed by task 280: [ 16.819255] kasan_save_stack+0x45/0x70 [ 16.819522] kasan_save_track+0x18/0x40 [ 16.819717] kasan_save_free_info+0x3f/0x60 [ 16.820090] __kasan_slab_free+0x56/0x70 [ 16.820480] kfree+0x222/0x3f0 [ 16.820854] kasan_strings+0x2aa/0xe80 [ 16.821110] kunit_try_run_case+0x1a5/0x480 [ 16.821402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.821722] kthread+0x337/0x6f0 [ 16.821902] ret_from_fork+0x41/0x80 [ 16.822260] ret_from_fork_asm+0x1a/0x30 [ 16.822613] [ 16.822830] The buggy address belongs to the object at ffff8881029f4740 [ 16.822830] which belongs to the cache kmalloc-32 of size 32 [ 16.823297] The buggy address is located 16 bytes inside of [ 16.823297] freed 32-byte region [ffff8881029f4740, ffff8881029f4760) [ 16.824222] [ 16.824453] The buggy address belongs to the physical page: [ 16.825085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f4 [ 16.825536] flags: 0x200000000000000(node=0|zone=2) [ 16.825827] page_type: f5(slab) [ 16.826165] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 16.826537] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 16.826861] page dumped because: kasan: bad access detected [ 16.827292] [ 16.827483] Memory state around the buggy address: [ 16.827978] ffff8881029f4600: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 16.828562] ffff8881029f4680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 16.828916] >ffff8881029f4700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 16.829193] ^ [ 16.829653] ffff8881029f4780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 16.830265] ffff8881029f4800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 16.830821] ==================================================================