Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 21.809320] ================================================================== [ 21.823564] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 21.829897] Read of size 1 at addr ffff000806080000 by task kunit_try_catch/201 [ 21.837188] [ 21.838674] CPU: 5 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 21.838731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.838748] Hardware name: WinLink E850-96 board (DT) [ 21.838769] Call trace: [ 21.838783] show_stack+0x20/0x38 (C) [ 21.838820] dump_stack_lvl+0x8c/0xd0 [ 21.838857] print_report+0x118/0x608 [ 21.838894] kasan_report+0xdc/0x128 [ 21.838927] __asan_report_load1_noabort+0x20/0x30 [ 21.838969] page_alloc_uaf+0x328/0x350 [ 21.838999] kunit_try_run_case+0x170/0x3f0 [ 21.839035] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.839072] kthread+0x328/0x630 [ 21.839104] ret_from_fork+0x10/0x20 [ 21.839141] [ 21.901165] The buggy address belongs to the physical page: [ 21.906723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886080 [ 21.914706] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.921216] page_type: f0(buddy) [ 21.924439] raw: 0bfffe0000000000 ffff00087f61bd98 ffff00087f61bd98 0000000000000000 [ 21.932158] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000 [ 21.939879] page dumped because: kasan: bad access detected [ 21.945432] [ 21.946908] Memory state around the buggy address: [ 21.951689] ffff00080607ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.958891] ffff00080607ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.966096] >ffff000806080000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.973297] ^ [ 21.976512] ffff000806080080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.983717] ffff000806080100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.990921] ==================================================================
[ 24.847548] ================================================================== [ 24.847671] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 24.847794] Read of size 1 at addr fff00000c77c0000 by task kunit_try_catch/154 [ 24.847909] [ 24.848107] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.848293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.848352] Hardware name: linux,dummy-virt (DT) [ 24.848419] Call trace: [ 24.848477] show_stack+0x20/0x38 (C) [ 24.848614] dump_stack_lvl+0x8c/0xd0 [ 24.848759] print_report+0x118/0x608 [ 24.848987] kasan_report+0xdc/0x128 [ 24.849808] __asan_report_load1_noabort+0x20/0x30 [ 24.849979] page_alloc_uaf+0x328/0x350 [ 24.850099] kunit_try_run_case+0x170/0x3f0 [ 24.850230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.850367] kthread+0x328/0x630 [ 24.850479] ret_from_fork+0x10/0x20 [ 24.850655] [ 24.850711] The buggy address belongs to the physical page: [ 24.851811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077c0 [ 24.851977] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.852096] page_type: f0(buddy) [ 24.852215] raw: 0bfffe0000000000 fff00000ff616170 fff00000ff616170 0000000000000000 [ 24.852418] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 24.852518] page dumped because: kasan: bad access detected [ 24.852595] [ 24.852706] Memory state around the buggy address: [ 24.852854] fff00000c77bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853058] fff00000c77bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853240] >fff00000c77c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853505] ^ [ 24.853603] fff00000c77c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853778] fff00000c77c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853906] ==================================================================
[ 25.044304] ================================================================== [ 25.044417] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 25.044544] Read of size 1 at addr fff00000c77b0000 by task kunit_try_catch/154 [ 25.044679] [ 25.045391] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.046144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.046213] Hardware name: linux,dummy-virt (DT) [ 25.046292] Call trace: [ 25.047528] show_stack+0x20/0x38 (C) [ 25.048872] dump_stack_lvl+0x8c/0xd0 [ 25.049623] print_report+0x118/0x608 [ 25.050038] kasan_report+0xdc/0x128 [ 25.051519] __asan_report_load1_noabort+0x20/0x30 [ 25.051798] page_alloc_uaf+0x328/0x350 [ 25.053287] kunit_try_run_case+0x170/0x3f0 [ 25.053432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.054533] kthread+0x328/0x630 [ 25.055665] ret_from_fork+0x10/0x20 [ 25.056073] [ 25.056581] The buggy address belongs to the physical page: [ 25.056897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077b0 [ 25.057919] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.058565] page_type: f0(buddy) [ 25.059149] raw: 0bfffe0000000000 fff00000ff6160a0 fff00000ff6160a0 0000000000000000 [ 25.059457] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 25.059556] page dumped because: kasan: bad access detected [ 25.060988] [ 25.061078] Memory state around the buggy address: [ 25.061671] fff00000c77aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.061961] fff00000c77aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.062259] >fff00000c77b0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.062636] ^ [ 25.062754] fff00000c77b0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.062873] fff00000c77b0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.064971] ==================================================================
[ 17.781869] ================================================================== [ 17.782725] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 17.783657] Read of size 1 at addr ffff888103a10000 by task kunit_try_catch/172 [ 17.784481] [ 17.784726] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.784850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.784885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.785647] Call Trace: [ 17.785718] <TASK> [ 17.785772] dump_stack_lvl+0x73/0xb0 [ 17.785887] print_report+0xd1/0x650 [ 17.785966] ? __virt_addr_valid+0x1db/0x2d0 [ 17.786042] ? page_alloc_uaf+0x356/0x3d0 [ 17.786115] ? kasan_addr_to_slab+0x11/0xa0 [ 17.786181] ? page_alloc_uaf+0x356/0x3d0 [ 17.786621] kasan_report+0x141/0x180 [ 17.786867] ? page_alloc_uaf+0x356/0x3d0 [ 17.786960] __asan_report_load1_noabort+0x18/0x20 [ 17.787037] page_alloc_uaf+0x356/0x3d0 [ 17.787080] ? __pfx_page_alloc_uaf+0x10/0x10 [ 17.787119] ? __schedule+0x10cc/0x2b60 [ 17.787154] ? __pfx_read_tsc+0x10/0x10 [ 17.787187] ? ktime_get_ts64+0x86/0x230 [ 17.787223] kunit_try_run_case+0x1a5/0x480 [ 17.787291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.787329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.787364] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.787396] ? __kthread_parkme+0x82/0x180 [ 17.787425] ? preempt_count_sub+0x50/0x80 [ 17.787455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.787490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.787581] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.787656] kthread+0x337/0x6f0 [ 17.787716] ? trace_preempt_on+0x20/0xc0 [ 17.787754] ? __pfx_kthread+0x10/0x10 [ 17.787783] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.787815] ? calculate_sigpending+0x7b/0xa0 [ 17.787850] ? __pfx_kthread+0x10/0x10 [ 17.787878] ret_from_fork+0x116/0x1d0 [ 17.787904] ? __pfx_kthread+0x10/0x10 [ 17.787932] ret_from_fork_asm+0x1a/0x30 [ 17.787974] </TASK> [ 17.787990] [ 17.807819] The buggy address belongs to the physical page: [ 17.808517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a10 [ 17.809553] flags: 0x200000000000000(node=0|zone=2) [ 17.810040] page_type: f0(buddy) [ 17.810421] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000 [ 17.812293] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 17.813688] page dumped because: kasan: bad access detected [ 17.814363] [ 17.814611] Memory state around the buggy address: [ 17.815354] ffff888103a0ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.816495] ffff888103a0ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.817739] >ffff888103a10000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.818126] ^ [ 17.818720] ffff888103a10080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.819808] ffff888103a10100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.820849] ==================================================================
[ 16.951320] ================================================================== [ 16.952951] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 16.953497] Read of size 1 at addr ffff888103950000 by task kunit_try_catch/172 [ 16.954930] [ 16.955376] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.955495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.955567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.955625] Call Trace: [ 16.955663] <TASK> [ 16.955705] dump_stack_lvl+0x73/0xb0 [ 16.955816] print_report+0xd1/0x650 [ 16.955899] ? __virt_addr_valid+0x1db/0x2d0 [ 16.955981] ? page_alloc_uaf+0x356/0x3d0 [ 16.956061] ? kasan_addr_to_slab+0x11/0xa0 [ 16.956138] ? page_alloc_uaf+0x356/0x3d0 [ 16.956242] kasan_report+0x141/0x180 [ 16.956281] ? page_alloc_uaf+0x356/0x3d0 [ 16.956319] __asan_report_load1_noabort+0x18/0x20 [ 16.956354] page_alloc_uaf+0x356/0x3d0 [ 16.956384] ? __pfx_page_alloc_uaf+0x10/0x10 [ 16.956417] ? __schedule+0x10cc/0x2b60 [ 16.956450] ? __pfx_read_tsc+0x10/0x10 [ 16.956479] ? ktime_get_ts64+0x86/0x230 [ 16.956514] kunit_try_run_case+0x1a5/0x480 [ 16.956617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.956667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.956703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.956737] ? __kthread_parkme+0x82/0x180 [ 16.956765] ? preempt_count_sub+0x50/0x80 [ 16.956795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.956830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.956862] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.956920] kthread+0x337/0x6f0 [ 16.956950] ? trace_preempt_on+0x20/0xc0 [ 16.956983] ? __pfx_kthread+0x10/0x10 [ 16.957011] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.957041] ? calculate_sigpending+0x7b/0xa0 [ 16.957074] ? __pfx_kthread+0x10/0x10 [ 16.957110] ret_from_fork+0x116/0x1d0 [ 16.957164] ? __pfx_kthread+0x10/0x10 [ 16.957194] ret_from_fork_asm+0x1a/0x30 [ 16.957237] </TASK> [ 16.957252] [ 16.973217] The buggy address belongs to the physical page: [ 16.974005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103950 [ 16.975350] flags: 0x200000000000000(node=0|zone=2) [ 16.975997] page_type: f0(buddy) [ 16.976408] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000 [ 16.977265] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 16.979782] page dumped because: kasan: bad access detected [ 16.980380] [ 16.980616] Memory state around the buggy address: [ 16.981137] ffff88810394ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.981895] ffff88810394ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.983071] >ffff888103950000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.983916] ^ [ 16.984308] ffff888103950080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.985184] ffff888103950100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.986164] ==================================================================
[ 19.982745] ================================================================== [ 19.984177] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 19.984818] Read of size 1 at addr ffff00000f350000 by task kunit_try_catch/207 [ 19.985524] [ 19.985706] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.985785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.985808] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.985834] Call trace: [ 19.985851] show_stack+0x20/0x38 (C) [ 19.985906] dump_stack_lvl+0x8c/0xd0 [ 19.985962] print_report+0x118/0x608 [ 19.986016] kasan_report+0xdc/0x128 [ 19.986068] __asan_report_load1_noabort+0x20/0x30 [ 19.986130] page_alloc_uaf+0x328/0x350 [ 19.986178] kunit_try_run_case+0x170/0x3f0 [ 19.986232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.986293] kthread+0x328/0x630 [ 19.986336] ret_from_fork+0x10/0x20 [ 19.986387] [ 19.992047] The buggy address belongs to the physical page: [ 19.992582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf350 [ 19.993335] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.993974] page_type: f0(buddy) [ 19.994318] raw: 03fffe0000000000 ffff0000f75f2720 ffff0000f75f2720 0000000000000000 [ 19.995062] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 19.995794] page dumped because: kasan: bad access detected [ 19.996327] [ 19.996495] Memory state around the buggy address: [ 19.996964] ffff00000f34ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.997656] ffff00000f34ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.998347] >ffff00000f350000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.999031] ^ [ 19.999361] ffff00000f350080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.000053] ffff00000f350100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.000738] ==================================================================