Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 104.923313] ================================================================== [ 104.924175] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xb0/0x1d0 [ 104.925380] Read of size 1 at addr ffff0000c683c000 by task kunit_try_catch/208 [ 104.926364] [ 104.926661] CPU: 1 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 104.927707] Hardware name: linux,dummy-virt (DT) [ 104.928348] Call trace: [ 104.928864] dump_backtrace+0xe0/0x134 [ 104.929539] show_stack+0x20/0x2c [ 104.930124] dump_stack_lvl+0x88/0xb4 [ 104.930777] print_report+0x158/0x44c [ 104.931404] kasan_report+0xc8/0x180 [ 104.932002] __asan_load1+0x68/0x74 [ 104.932674] kmalloc_pagealloc_uaf+0xb0/0x1d0 [ 104.933441] kunit_try_run_case+0x8c/0x124 [ 104.933919] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 104.934408] kthread+0x15c/0x170 [ 104.934783] ret_from_fork+0x10/0x20 [ 104.935393] [ 104.935697] The buggy address belongs to the physical page: [ 104.936482] page:00000000e328b301 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10683c [ 104.937702] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 104.938609] raw: 0bfffc0000000000 fffffc00031a1008 ffff0000da7b76b8 0000000000000000 [ 104.939568] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 104.940527] page dumped because: kasan: bad access detected [ 104.941284] [ 104.941574] Memory state around the buggy address: [ 104.942235] ffff0000c683bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.943133] ffff0000c683bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.944028] >ffff0000c683c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.944944] ^ [ 104.945427] ffff0000c683c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.946198] ffff0000c683c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.947049] ==================================================================
[ 74.718669] ================================================================== [ 74.719590] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x88/0x12c [ 74.720338] Read of size 1 at addr ffff0000c5a24000 by task kunit_try_catch/124 [ 74.720894] [ 74.721135] CPU: 1 PID: 124 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.721904] Hardware name: linux,dummy-virt (DT) [ 74.722329] Call trace: [ 74.722604] dump_backtrace+0xf8/0x118 [ 74.723147] show_stack+0x18/0x24 [ 74.723699] __dump_stack+0x28/0x38 [ 74.724143] dump_stack_lvl+0x54/0x6c [ 74.724622] print_address_description+0x7c/0x1ec [ 74.725210] print_report+0x50/0x68 [ 74.725697] kasan_report+0xac/0x100 [ 74.726178] __asan_load1+0x6c/0x70 [ 74.726618] kmalloc_pagealloc_uaf+0x88/0x12c [ 74.727096] kunit_try_run_case+0x80/0x184 [ 74.727588] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.728162] kthread+0x16c/0x21c [ 74.728606] ret_from_fork+0x10/0x20 [ 74.729074] [ 74.729301] The buggy address belongs to the physical page: [ 74.729781] page:0000000021e95fe4 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 74.730570] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 74.731219] raw: 0bfffc0000000000 ffff0000daf62fb8 ffff0000daf62fb8 0000000000000000 [ 74.731910] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 74.732493] page dumped because: kasan: bad access detected [ 74.732994] [ 74.733260] Memory state around the buggy address: [ 74.733697] ffff0000c5a23f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.734302] ffff0000c5a23f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.734990] >ffff0000c5a24000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.735841] ^ [ 74.736330] ffff0000c5a24080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.737325] ffff0000c5a24100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.738307] ==================================================================
[ 73.702692] ================================================================== [ 73.703603] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x88/0x12c [ 73.705547] Read of size 1 at addr ffff0000c58c8000 by task kunit_try_catch/124 [ 73.707400] [ 73.708179] CPU: 1 PID: 124 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.709421] Hardware name: linux,dummy-virt (DT) [ 73.710162] Call trace: [ 73.710940] dump_backtrace+0xf4/0x114 [ 73.711952] show_stack+0x18/0x24 [ 73.712644] __dump_stack+0x28/0x38 [ 73.713499] dump_stack_lvl+0x50/0x68 [ 73.714311] print_address_description+0x7c/0x1ec [ 73.715174] print_report+0x50/0x68 [ 73.716039] kasan_report+0xac/0xfc [ 73.716847] __asan_load1+0x6c/0x70 [ 73.717277] kmalloc_pagealloc_uaf+0x88/0x12c [ 73.717703] kunit_try_run_case+0x80/0x184 [ 73.718503] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.719294] kthread+0x16c/0x21c [ 73.720021] ret_from_fork+0x10/0x20 [ 73.720569] [ 73.720774] The buggy address belongs to the physical page: [ 73.721419] page:000000000dfb6053 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 73.722124] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 73.722677] raw: 0bfffc0000000000 ffff0000daf64fb8 ffff0000daf64fb8 0000000000000000 [ 73.723696] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 73.724728] page dumped because: kasan: bad access detected [ 73.725461] [ 73.725768] Memory state around the buggy address: [ 73.726413] ffff0000c58c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.727320] ffff0000c58c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.728351] >ffff0000c58c8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.729171] ^ [ 73.729575] ffff0000c58c8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.730072] ffff0000c58c8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.730525] ==================================================================
[ 72.333163] ================================================================== [ 72.334193] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xa8/0x1d0 [ 72.335243] Read of size 1 at addr ffff0000c5a04000 by task kunit_try_catch/124 [ 72.335836] [ 72.336080] CPU: 1 PID: 124 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.336865] Hardware name: linux,dummy-virt (DT) [ 72.337294] Call trace: [ 72.337592] dump_backtrace.part.0+0xdc/0xf0 [ 72.338118] show_stack+0x18/0x30 [ 72.338810] dump_stack_lvl+0x64/0x80 [ 72.339216] print_report+0x158/0x438 [ 72.339653] kasan_report+0xb4/0xf4 [ 72.340028] __asan_load1+0x68/0x74 [ 72.340446] kmalloc_pagealloc_uaf+0xa8/0x1d0 [ 72.340934] kunit_try_run_case+0x84/0x120 [ 72.341435] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.342270] kthread+0x180/0x190 [ 72.342702] ret_from_fork+0x10/0x20 [ 72.343101] [ 72.343310] The buggy address belongs to the physical page: [ 72.343846] page:00000000275a55ef refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a04 [ 72.344594] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 72.345213] raw: 0bfffc0000000000 fffffc0003168208 ffff0000dac48ff8 0000000000000000 [ 72.346059] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 72.346682] page dumped because: kasan: bad access detected [ 72.347097] [ 72.347269] Memory state around the buggy address: [ 72.347726] ffff0000c5a03f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.348296] ffff0000c5a03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.349105] >ffff0000c5a04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.349720] ^ [ 72.350280] ffff0000c5a04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.350900] ffff0000c5a04100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.351484] ==================================================================
[ 64.032305] ================================================================== [ 64.033004] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xc8/0x1d0 [ 64.033932] Read of size 1 at addr ffff0000c5994000 by task kunit_try_catch/122 [ 64.034677] [ 64.034929] CPU: 1 PID: 122 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.036009] Hardware name: linux,dummy-virt (DT) [ 64.036620] Call trace: [ 64.037003] dump_backtrace+0x110/0x120 [ 64.037599] show_stack+0x18/0x28 [ 64.038196] dump_stack_lvl+0x68/0x84 [ 64.038803] print_report+0x158/0x484 [ 64.039370] kasan_report+0x98/0xe0 [ 64.039827] __asan_load1+0x68/0x78 [ 64.040134] kmalloc_pagealloc_uaf+0xc8/0x1d0 [ 64.040515] kunit_try_run_case+0x7c/0x120 [ 64.040872] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.041414] kthread+0x1a4/0x1b8 [ 64.042012] ret_from_fork+0x10/0x20 [ 64.042585] [ 64.042862] The buggy address belongs to the physical page: [ 64.043571] page:00000000b32ac4a2 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105994 [ 64.044632] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 64.045573] raw: 0bfffc0000000000 fffffc0003166608 ffff0000dac50ff8 0000000000000000 [ 64.046503] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 64.047369] page dumped because: kasan: bad access detected [ 64.048008] [ 64.048259] Memory state around the buggy address: [ 64.048832] ffff0000c5993f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.049731] ffff0000c5993f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.050670] >ffff0000c5994000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.051592] ^ [ 64.052043] ffff0000c5994080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.052858] ffff0000c5994100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.053759] ==================================================================
[ 30.361472] ================================================================== [ 30.362191] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.363506] Read of size 1 at addr ffff8881036bc000 by task kunit_try_catch/228 [ 30.364386] [ 30.364555] CPU: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.364870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.365204] Call Trace: [ 30.365334] <TASK> [ 30.365447] dump_stack_lvl+0x49/0x62 [ 30.365640] print_report+0x189/0x492 [ 30.365819] ? kasan_addr_to_slab+0xd/0xb0 [ 30.366006] ? kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.366828] kasan_report+0x10c/0x190 [ 30.367143] ? kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.367685] __asan_load1+0x62/0x70 [ 30.367964] kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.368387] ? kmalloc_pagealloc_invalid_free+0x1b0/0x1b0 [ 30.368862] ? __kunit_add_resource+0xd1/0x100 [ 30.369273] ? kasan_test_init+0x13e/0x1b0 [ 30.369723] kunit_try_run_case+0x8f/0xd0 [ 30.370025] ? kunit_catch_run_case+0x80/0x80 [ 30.370481] ? kunit_try_catch_throw+0x40/0x40 [ 30.370750] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.371036] kthread+0x17b/0x1b0 [ 30.371209] ? kthread_complete_and_exit+0x30/0x30 [ 30.371476] ret_from_fork+0x22/0x30 [ 30.371718] </TASK> [ 30.371866] [ 30.371966] The buggy address belongs to the physical page: [ 30.372298] page:(____ptrval____) refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.372692] flags: 0x200000000000000(node=0|zone=2) [ 30.373018] raw: 0200000000000000 ffffea00040db008 ffff88815b43b2b8 0000000000000000 [ 30.373539] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 30.373918] page dumped because: kasan: bad access detected [ 30.374738] [ 30.374985] Memory state around the buggy address: [ 30.375566] ffff8881036bbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.375932] ffff8881036bbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.376387] >ffff8881036bc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.376822] ^ [ 30.377404] ffff8881036bc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.378384] ffff8881036bc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.378986] ==================================================================