Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 104.987162] ================================================================== [ 104.988666] BUG: KASAN: use-after-free in pagealloc_uaf+0xd4/0x210 [ 104.989227] Read of size 1 at addr ffff0000c6860000 by task kunit_try_catch/211 [ 104.990077] [ 104.990299] CPU: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 104.991078] Hardware name: linux,dummy-virt (DT) [ 104.991525] Call trace: [ 104.991873] dump_backtrace+0xe0/0x134 [ 104.992365] show_stack+0x20/0x2c [ 104.992834] dump_stack_lvl+0x88/0xb4 [ 104.993395] print_report+0x158/0x44c [ 104.993923] kasan_report+0xc8/0x180 [ 104.994392] __asan_load1+0x68/0x74 [ 104.994768] pagealloc_uaf+0xd4/0x210 [ 104.995267] kunit_try_run_case+0x8c/0x124 [ 104.995735] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 104.996291] kthread+0x15c/0x170 [ 104.996797] ret_from_fork+0x10/0x20 [ 104.997347] [ 104.997563] The buggy address belongs to the physical page: [ 104.998072] page:0000000051b64075 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x106860 [ 104.998905] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 104.999582] raw: 0bfffc0000000000 ffff0000ff5faa08 ffff0000ff5faa08 0000000000000000 [ 105.000225] raw: 0000000000000000 0000000000000005 00000000ffffff7f 0000000000000000 [ 105.001051] page dumped because: kasan: bad access detected [ 105.001547] [ 105.001782] Memory state around the buggy address: [ 105.002233] ffff0000c685ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 105.002869] ffff0000c685ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 105.003494] >ffff0000c6860000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 105.004105] ^ [ 105.004448] ffff0000c6860080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 105.005088] ffff0000c6860100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 105.005680] ==================================================================
[ 74.771656] ================================================================== [ 74.772849] BUG: KASAN: use-after-free in pagealloc_uaf+0x90/0x134 [ 74.773613] Read of size 1 at addr ffff0000c5a80000 by task kunit_try_catch/127 [ 74.774359] [ 74.774638] CPU: 0 PID: 127 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.775365] Hardware name: linux,dummy-virt (DT) [ 74.775830] Call trace: [ 74.776124] dump_backtrace+0xf8/0x118 [ 74.776694] show_stack+0x18/0x24 [ 74.777261] __dump_stack+0x28/0x38 [ 74.777733] dump_stack_lvl+0x54/0x6c [ 74.778229] print_address_description+0x7c/0x1ec [ 74.778835] print_report+0x50/0x68 [ 74.779344] kasan_report+0xac/0x100 [ 74.779872] __asan_load1+0x6c/0x70 [ 74.780393] pagealloc_uaf+0x90/0x134 [ 74.780964] kunit_try_run_case+0x80/0x184 [ 74.781438] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.782044] kthread+0x16c/0x21c [ 74.782545] ret_from_fork+0x10/0x20 [ 74.783014] [ 74.783256] The buggy address belongs to the physical page: [ 74.783796] page:000000003f79304c refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x105a80 [ 74.784670] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 74.785552] raw: 0bfffc0000000000 ffff0000ff7f4ad8 ffff0000ff7f4ad8 0000000000000000 [ 74.786332] raw: 0000000000000000 0000000000000007 00000000ffffff7f 0000000000000000 [ 74.786947] page dumped because: kasan: bad access detected [ 74.787382] [ 74.787574] Memory state around the buggy address: [ 74.787998] ffff0000c5a7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.788700] ffff0000c5a7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.789479] >ffff0000c5a80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.790133] ^ [ 74.790552] ffff0000c5a80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.791220] ffff0000c5a80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.791861] ==================================================================
[ 73.770390] ================================================================== [ 73.771629] BUG: KASAN: use-after-free in pagealloc_uaf+0x90/0x134 [ 73.773529] Read of size 1 at addr ffff0000c5a20000 by task kunit_try_catch/127 [ 73.774954] [ 73.775471] CPU: 0 PID: 127 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.776891] Hardware name: linux,dummy-virt (DT) [ 73.777253] Call trace: [ 73.777493] dump_backtrace+0xf4/0x114 [ 73.778422] show_stack+0x18/0x24 [ 73.779255] __dump_stack+0x28/0x38 [ 73.780317] dump_stack_lvl+0x50/0x68 [ 73.781056] print_address_description+0x7c/0x1ec [ 73.782038] print_report+0x50/0x68 [ 73.782878] kasan_report+0xac/0xfc [ 73.783717] __asan_load1+0x6c/0x70 [ 73.784584] pagealloc_uaf+0x90/0x134 [ 73.785433] kunit_try_run_case+0x80/0x184 [ 73.786348] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.787384] kthread+0x16c/0x21c [ 73.788254] ret_from_fork+0x10/0x20 [ 73.788937] [ 73.789132] The buggy address belongs to the physical page: [ 73.789515] page:00000000ef861166 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x105a20 [ 73.791106] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 73.792559] raw: 0bfffc0000000000 ffff0000ff7f4a08 ffff0000ff7f4a08 0000000000000000 [ 73.793706] raw: 0000000000000000 0000000000000005 00000000ffffff7f 0000000000000000 [ 73.794921] page dumped because: kasan: bad access detected [ 73.795885] [ 73.796445] Memory state around the buggy address: [ 73.797163] ffff0000c5a1ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.797671] ffff0000c5a1ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.798952] >ffff0000c5a20000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.800231] ^ [ 73.800974] ffff0000c5a20080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.802164] ffff0000c5a20100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.803006] ==================================================================
[ 72.388821] ================================================================== [ 72.390690] BUG: KASAN: use-after-free in pagealloc_uaf+0xcc/0x200 [ 72.391692] Read of size 1 at addr ffff0000c5a50000 by task kunit_try_catch/127 [ 72.392645] [ 72.392965] CPU: 1 PID: 127 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.394041] Hardware name: linux,dummy-virt (DT) [ 72.394552] Call trace: [ 72.394774] dump_backtrace.part.0+0xdc/0xf0 [ 72.395193] show_stack+0x18/0x30 [ 72.395683] dump_stack_lvl+0x64/0x80 [ 72.396182] print_report+0x158/0x438 [ 72.396660] kasan_report+0xb4/0xf4 [ 72.397107] __asan_load1+0x68/0x74 [ 72.397549] pagealloc_uaf+0xcc/0x200 [ 72.398031] kunit_try_run_case+0x84/0x120 [ 72.399049] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.399646] kthread+0x180/0x190 [ 72.400084] ret_from_fork+0x10/0x20 [ 72.400562] [ 72.400793] The buggy address belongs to the physical page: [ 72.401259] page:000000004d85e480 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x105a50 [ 72.402225] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 72.403030] raw: 0bfffc0000000000 ffff0000ff7f59a0 ffff0000ff7f59a0 0000000000000000 [ 72.403590] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 72.404043] page dumped because: kasan: bad access detected [ 72.404389] [ 72.404564] Memory state around the buggy address: [ 72.404918] ffff0000c5a4ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.405621] ffff0000c5a4ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.406783] >ffff0000c5a50000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.407416] ^ [ 72.407706] ffff0000c5a50080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.408161] ffff0000c5a50100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.408722] ==================================================================
[ 64.088287] ================================================================== [ 64.090000] BUG: KASAN: use-after-free in pagealloc_uaf+0xe8/0x208 [ 64.090917] Read of size 1 at addr ffff0000c59b0000 by task kunit_try_catch/125 [ 64.091715] [ 64.091892] CPU: 0 PID: 125 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.092665] Hardware name: linux,dummy-virt (DT) [ 64.093248] Call trace: [ 64.093672] dump_backtrace+0x110/0x120 [ 64.094387] show_stack+0x18/0x28 [ 64.094922] dump_stack_lvl+0x68/0x84 [ 64.095503] print_report+0x158/0x484 [ 64.096040] kasan_report+0x98/0xe0 [ 64.096564] __asan_load1+0x68/0x78 [ 64.097089] pagealloc_uaf+0xe8/0x208 [ 64.097745] kunit_try_run_case+0x7c/0x120 [ 64.098398] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.099116] kthread+0x1a4/0x1b8 [ 64.099429] ret_from_fork+0x10/0x20 [ 64.099742] [ 64.099902] The buggy address belongs to the physical page: [ 64.100244] page:0000000052409ff8 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x1059b0 [ 64.100781] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 64.101260] raw: 0bfffc0000000000 ffff0000ff7f59a0 ffff0000ff7f59a0 0000000000000000 [ 64.102249] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 64.103292] page dumped because: kasan: bad access detected [ 64.103945] [ 64.104214] Memory state around the buggy address: [ 64.104825] ffff0000c59aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.105744] ffff0000c59aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.106680] >ffff0000c59b0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.107544] ^ [ 64.107999] ffff0000c59b0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.108840] ffff0000c59b0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.109763] ==================================================================
[ 30.401686] ================================================================== [ 30.402533] BUG: KASAN: use-after-free in pagealloc_uaf+0xe7/0x1e0 [ 30.402962] Read of size 1 at addr ffff888103730000 by task kunit_try_catch/231 [ 30.403333] [ 30.403438] CPU: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.404192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.404601] Call Trace: [ 30.404729] <TASK> [ 30.404850] dump_stack_lvl+0x49/0x62 [ 30.405053] print_report+0x189/0x492 [ 30.405260] ? kasan_addr_to_slab+0xd/0xb0 [ 30.405458] ? pagealloc_uaf+0xe7/0x1e0 [ 30.405640] kasan_report+0x10c/0x190 [ 30.405824] ? pagealloc_uaf+0xe7/0x1e0 [ 30.406012] __asan_load1+0x62/0x70 [ 30.406183] pagealloc_uaf+0xe7/0x1e0 [ 30.407556] ? krealloc_more_oob+0x20/0x20 [ 30.408460] ? __kunit_add_resource+0xd1/0x100 [ 30.409017] ? kasan_test_init+0x13e/0x1b0 [ 30.410552] kunit_try_run_case+0x8f/0xd0 [ 30.411609] ? kunit_catch_run_case+0x80/0x80 [ 30.412566] ? kunit_try_catch_throw+0x40/0x40 [ 30.412797] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.413044] kthread+0x17b/0x1b0 [ 30.413318] ? kthread_complete_and_exit+0x30/0x30 [ 30.413922] ret_from_fork+0x22/0x30 [ 30.414199] </TASK> [ 30.414718] [ 30.414844] The buggy address belongs to the physical page: [ 30.415143] page:(____ptrval____) refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x103730 [ 30.415589] flags: 0x200000000000000(node=0|zone=2) [ 30.415942] raw: 0200000000000000 ffff88817fffab60 ffff88817fffab60 0000000000000000 [ 30.416401] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 30.416749] page dumped because: kasan: bad access detected [ 30.416989] [ 30.417100] Memory state around the buggy address: [ 30.417440] ffff88810372ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.417768] ffff88810372ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.418058] >ffff888103730000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.418493] ^ [ 30.418679] ffff888103730080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.419000] ffff888103730100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.419649] ==================================================================