Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 21.390510] ================================================================== [ 21.400478] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 21.407074] Read of size 1 at addr ffff00080337c000 by task kunit_try_catch/195 [ 21.414364] [ 21.415852] CPU: 7 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 21.415907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.415928] Hardware name: WinLink E850-96 board (DT) [ 21.415947] Call trace: [ 21.415962] show_stack+0x20/0x38 (C) [ 21.415998] dump_stack_lvl+0x8c/0xd0 [ 21.416035] print_report+0x118/0x608 [ 21.416074] kasan_report+0xdc/0x128 [ 21.416108] __asan_report_load1_noabort+0x20/0x30 [ 21.416146] kmalloc_large_uaf+0x2cc/0x2f8 [ 21.416179] kunit_try_run_case+0x170/0x3f0 [ 21.416216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.416255] kthread+0x328/0x630 [ 21.416286] ret_from_fork+0x10/0x20 [ 21.416321] [ 21.478601] The buggy address belongs to the physical page: [ 21.484158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88337c [ 21.492142] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.498666] raw: 0bfffe0000000000 fffffdffe00ce008 ffff00085b006f40 0000000000000000 [ 21.506383] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 21.514105] page dumped because: kasan: bad access detected [ 21.519658] [ 21.521133] Memory state around the buggy address: [ 21.525914] ffff00080337bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.533118] ffff00080337bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.540321] >ffff00080337c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.547522] ^ [ 21.550738] ffff00080337c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.557942] ffff00080337c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.565145] ==================================================================
[ 24.782157] ================================================================== [ 24.782314] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 24.782428] Read of size 1 at addr fff00000c64b8000 by task kunit_try_catch/148 [ 24.782553] [ 24.782748] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.782967] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.783041] Hardware name: linux,dummy-virt (DT) [ 24.783335] Call trace: [ 24.783632] show_stack+0x20/0x38 (C) [ 24.784011] dump_stack_lvl+0x8c/0xd0 [ 24.784146] print_report+0x118/0x608 [ 24.784915] kasan_report+0xdc/0x128 [ 24.785153] __asan_report_load1_noabort+0x20/0x30 [ 24.785666] kmalloc_large_uaf+0x2cc/0x2f8 [ 24.786197] kunit_try_run_case+0x170/0x3f0 [ 24.786323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.786451] kthread+0x328/0x630 [ 24.786565] ret_from_fork+0x10/0x20 [ 24.786691] [ 24.787284] The buggy address belongs to the physical page: [ 24.787526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 24.787983] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.788911] raw: 0bfffe0000000000 ffffc1ffc3192f08 fff00000da44ac40 0000000000000000 [ 24.789734] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.789834] page dumped because: kasan: bad access detected [ 24.789910] [ 24.790354] Memory state around the buggy address: [ 24.790611] fff00000c64b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.791182] fff00000c64b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.791387] >fff00000c64b8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.791482] ^ [ 24.792066] fff00000c64b8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.792309] fff00000c64b8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.792796] ==================================================================
[ 24.952819] ================================================================== [ 24.952977] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 24.953150] Read of size 1 at addr fff00000c64fc000 by task kunit_try_catch/148 [ 24.953358] [ 24.953515] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.953753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.953924] Hardware name: linux,dummy-virt (DT) [ 24.954051] Call trace: [ 24.954114] show_stack+0x20/0x38 (C) [ 24.954287] dump_stack_lvl+0x8c/0xd0 [ 24.954416] print_report+0x118/0x608 [ 24.954536] kasan_report+0xdc/0x128 [ 24.954696] __asan_report_load1_noabort+0x20/0x30 [ 24.954864] kmalloc_large_uaf+0x2cc/0x2f8 [ 24.954988] kunit_try_run_case+0x170/0x3f0 [ 24.955112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.955343] kthread+0x328/0x630 [ 24.955534] ret_from_fork+0x10/0x20 [ 24.955736] [ 24.955864] The buggy address belongs to the physical page: [ 24.955941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064fc [ 24.956093] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.956314] raw: 0bfffe0000000000 ffffc1ffc3194008 fff00000da44bc40 0000000000000000 [ 24.956576] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.956674] page dumped because: kasan: bad access detected [ 24.956806] [ 24.956952] Memory state around the buggy address: [ 24.957154] fff00000c64fbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.957399] fff00000c64fbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.957572] >fff00000c64fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.957672] ^ [ 24.957794] fff00000c64fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.957919] fff00000c64fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.958048] ==================================================================
[ 17.674049] ================================================================== [ 17.674871] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 17.675881] Read of size 1 at addr ffff888102618000 by task kunit_try_catch/166 [ 17.677652] [ 17.678299] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.678437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.678476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.678560] Call Trace: [ 17.678678] <TASK> [ 17.678854] dump_stack_lvl+0x73/0xb0 [ 17.678961] print_report+0xd1/0x650 [ 17.679023] ? __virt_addr_valid+0x1db/0x2d0 [ 17.679084] ? kmalloc_large_uaf+0x2f1/0x340 [ 17.679140] ? kasan_addr_to_slab+0x11/0xa0 [ 17.679191] ? kmalloc_large_uaf+0x2f1/0x340 [ 17.679251] kasan_report+0x141/0x180 [ 17.679308] ? kmalloc_large_uaf+0x2f1/0x340 [ 17.679370] __asan_report_load1_noabort+0x18/0x20 [ 17.679431] kmalloc_large_uaf+0x2f1/0x340 [ 17.679487] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 17.679574] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 17.679674] kunit_try_run_case+0x1a5/0x480 [ 17.679751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.679790] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.679828] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.679862] ? __kthread_parkme+0x82/0x180 [ 17.679891] ? preempt_count_sub+0x50/0x80 [ 17.679924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.679959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.679995] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.680029] kthread+0x337/0x6f0 [ 17.680058] ? trace_preempt_on+0x20/0xc0 [ 17.680093] ? __pfx_kthread+0x10/0x10 [ 17.680122] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.680152] ? calculate_sigpending+0x7b/0xa0 [ 17.680187] ? __pfx_kthread+0x10/0x10 [ 17.680216] ret_from_fork+0x116/0x1d0 [ 17.680282] ? __pfx_kthread+0x10/0x10 [ 17.680316] ret_from_fork_asm+0x1a/0x30 [ 17.680362] </TASK> [ 17.680377] [ 17.701841] The buggy address belongs to the physical page: [ 17.702341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102618 [ 17.703562] flags: 0x200000000000000(node=0|zone=2) [ 17.704300] raw: 0200000000000000 ffffea0004098708 ffff88815b139f80 0000000000000000 [ 17.704943] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 17.706033] page dumped because: kasan: bad access detected [ 17.706467] [ 17.707188] Memory state around the buggy address: [ 17.707917] ffff888102617f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.708770] ffff888102617f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.709488] >ffff888102618000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.710872] ^ [ 17.711451] ffff888102618080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.712207] ffff888102618100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.712821] ==================================================================
[ 16.861077] ================================================================== [ 16.862102] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 16.862949] Read of size 1 at addr ffff888102324000 by task kunit_try_catch/166 [ 16.863700] [ 16.864510] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.864574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.864591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.864620] Call Trace: [ 16.864636] <TASK> [ 16.864654] dump_stack_lvl+0x73/0xb0 [ 16.864695] print_report+0xd1/0x650 [ 16.864726] ? __virt_addr_valid+0x1db/0x2d0 [ 16.864757] ? kmalloc_large_uaf+0x2f1/0x340 [ 16.864785] ? kasan_addr_to_slab+0x11/0xa0 [ 16.864813] ? kmalloc_large_uaf+0x2f1/0x340 [ 16.864842] kasan_report+0x141/0x180 [ 16.864872] ? kmalloc_large_uaf+0x2f1/0x340 [ 16.864937] __asan_report_load1_noabort+0x18/0x20 [ 16.864974] kmalloc_large_uaf+0x2f1/0x340 [ 16.865003] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 16.865033] ? __schedule+0x10cc/0x2b60 [ 16.865064] ? __pfx_read_tsc+0x10/0x10 [ 16.865092] ? ktime_get_ts64+0x86/0x230 [ 16.865161] kunit_try_run_case+0x1a5/0x480 [ 16.865204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.865239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.865272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.865305] ? __kthread_parkme+0x82/0x180 [ 16.865333] ? preempt_count_sub+0x50/0x80 [ 16.865364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.865398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.865431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.865464] kthread+0x337/0x6f0 [ 16.865490] ? trace_preempt_on+0x20/0xc0 [ 16.865521] ? __pfx_kthread+0x10/0x10 [ 16.865550] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.865579] ? calculate_sigpending+0x7b/0xa0 [ 16.865612] ? __pfx_kthread+0x10/0x10 [ 16.865641] ret_from_fork+0x116/0x1d0 [ 16.865666] ? __pfx_kthread+0x10/0x10 [ 16.865693] ret_from_fork_asm+0x1a/0x30 [ 16.865733] </TASK> [ 16.865747] [ 16.880719] The buggy address belongs to the physical page: [ 16.881307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102324 [ 16.882072] flags: 0x200000000000000(node=0|zone=2) [ 16.882724] raw: 0200000000000000 ffff88815b039f80 ffff88815b039f80 0000000000000000 [ 16.883486] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 16.884204] page dumped because: kasan: bad access detected [ 16.884637] [ 16.884930] Memory state around the buggy address: [ 16.885522] ffff888102323f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.886273] ffff888102323f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.886977] >ffff888102324000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.887647] ^ [ 16.887997] ffff888102324080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.888465] ffff888102324100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.889241] ==================================================================
[ 19.932596] ================================================================== [ 19.933705] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 19.934347] Read of size 1 at addr ffff00000daf8000 by task kunit_try_catch/201 [ 19.935032] [ 19.935202] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.935261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.935278] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.935298] Call trace: [ 19.935312] show_stack+0x20/0x38 (C) [ 19.935352] dump_stack_lvl+0x8c/0xd0 [ 19.935394] print_report+0x118/0x608 [ 19.935435] kasan_report+0xdc/0x128 [ 19.935474] __asan_report_load1_noabort+0x20/0x30 [ 19.935519] kmalloc_large_uaf+0x2cc/0x2f8 [ 19.935554] kunit_try_run_case+0x170/0x3f0 [ 19.935596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.935641] kthread+0x328/0x630 [ 19.935674] ret_from_fork+0x10/0x20 [ 19.935712] [ 19.941322] The buggy address belongs to the physical page: [ 19.941847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdaf8 [ 19.942579] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.943213] raw: 03fffe0000000000 fffffdffc036bf08 ffff0000d16ec640 0000000000000000 [ 19.943938] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 19.944653] page dumped because: kasan: bad access detected [ 19.945173] [ 19.945331] Memory state around the buggy address: [ 19.945786] ffff00000daf7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.946460] ffff00000daf7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.947133] >ffff00000daf8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.947801] ^ [ 19.948118] ffff00000daf8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.948792] ffff00000daf8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.949461] ==================================================================