Date
March 19, 2025, 10:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.567126] ================================================================== [ 33.567542] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 33.567957] Read of size 1 at addr fff00000c7748000 by task kunit_try_catch/150 [ 33.568164] [ 33.568263] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 33.568529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.568617] Hardware name: linux,dummy-virt (DT) [ 33.568718] Call trace: [ 33.568785] show_stack+0x20/0x38 (C) [ 33.568931] dump_stack_lvl+0x8c/0xd0 [ 33.569893] print_report+0x118/0x5f0 [ 33.570174] kasan_report+0xc8/0x118 [ 33.570320] __asan_report_load1_noabort+0x20/0x30 [ 33.570477] kmalloc_large_uaf+0x2cc/0x2f8 [ 33.570917] kunit_try_run_case+0x14c/0x3d0 [ 33.571861] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.572463] kthread+0x318/0x618 [ 33.572619] ret_from_fork+0x10/0x20 [ 33.572938] [ 33.573273] The buggy address belongs to the physical page: [ 33.573723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107748 [ 33.574071] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.574572] raw: 0bfffe0000000000 ffffc1ffc31dd308 fff00000da45ec40 0000000000000000 [ 33.575110] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 33.575478] page dumped because: kasan: bad access detected [ 33.575670] [ 33.576072] Memory state around the buggy address: [ 33.576339] fff00000c7747f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.576660] fff00000c7747f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.576821] >fff00000c7748000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.576934] ^ [ 33.577020] fff00000c7748080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.578142] fff00000c7748100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.578518] ==================================================================
[ 20.728730] ================================================================== [ 20.730363] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 20.731078] Read of size 1 at addr ffff888102188000 by task kunit_try_catch/169 [ 20.731697] [ 20.731988] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 20.732062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.732079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.732107] Call Trace: [ 20.732161] <TASK> [ 20.732195] dump_stack_lvl+0x73/0xb0 [ 20.732266] print_report+0xd1/0x660 [ 20.732328] ? __virt_addr_valid+0x1db/0x2d0 [ 20.732446] ? kasan_addr_to_slab+0x11/0xa0 [ 20.732510] kasan_report+0x104/0x140 [ 20.732564] ? kmalloc_large_uaf+0x2f1/0x340 [ 20.732625] ? kmalloc_large_uaf+0x2f1/0x340 [ 20.732698] __asan_report_load1_noabort+0x18/0x20 [ 20.732785] kmalloc_large_uaf+0x2f1/0x340 [ 20.733224] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 20.733321] ? __schedule+0xd46/0x29c0 [ 20.733403] ? __pfx_read_tsc+0x10/0x10 [ 20.733465] ? ktime_get_ts64+0x86/0x240 [ 20.733514] kunit_try_run_case+0x1b2/0x490 [ 20.733554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.733586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.733618] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.733649] ? __kthread_parkme+0x82/0x160 [ 20.733680] ? preempt_count_sub+0x50/0x80 [ 20.733787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.733857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.733894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.733927] kthread+0x323/0x710 [ 20.733958] ? trace_preempt_on+0x20/0xc0 [ 20.733993] ? __pfx_kthread+0x10/0x10 [ 20.734024] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.734056] ? calculate_sigpending+0x7b/0xa0 [ 20.734086] ? __pfx_kthread+0x10/0x10 [ 20.734166] ret_from_fork+0x41/0x80 [ 20.734202] ? __pfx_kthread+0x10/0x10 [ 20.734233] ret_from_fork_asm+0x1a/0x30 [ 20.734280] </TASK> [ 20.734296] [ 20.746741] The buggy address belongs to the physical page: [ 20.747357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102188 [ 20.748232] flags: 0x200000000000000(node=0|zone=2) [ 20.748845] raw: 0200000000000000 ffff88815b039c00 ffff88815b039c00 0000000000000000 [ 20.749669] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 20.750482] page dumped because: kasan: bad access detected [ 20.751322] [ 20.751585] Memory state around the buggy address: [ 20.752321] ffff888102187f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.753101] ffff888102187f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.753700] >ffff888102188000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.754180] ^ [ 20.754537] ffff888102188080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.755057] ffff888102188100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.755480] ==================================================================