Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.443927] ================================================================== [ 20.445112] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2d8/0x300 [ 20.445750] Read of size 1 at addr fff00000c68e8000 by task kunit_try_catch/136 [ 20.446440] [ 20.446805] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.12.33-rc1 #1 [ 20.447034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.447111] Hardware name: linux,dummy-virt (DT) [ 20.447199] Call trace: [ 20.447264] dump_backtrace+0x9c/0x128 [ 20.447545] show_stack+0x20/0x38 [ 20.447654] dump_stack_lvl+0x8c/0xd0 [ 20.447769] print_report+0x118/0x5f0 [ 20.447863] kasan_report+0xdc/0x128 [ 20.447987] __asan_report_load1_noabort+0x20/0x30 [ 20.448108] kmalloc_large_uaf+0x2d8/0x300 [ 20.448205] kunit_try_run_case+0x170/0x3f0 [ 20.448255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.448307] kthread+0x24c/0x2d0 [ 20.448351] ret_from_fork+0x10/0x20 [ 20.448400] [ 20.454754] The buggy address belongs to the physical page: [ 20.455387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1068e8 [ 20.456199] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.457649] raw: 0bfffe0000000000 ffffc1ffc31a3b08 fff00000da522200 0000000000000000 [ 20.458328] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 20.459095] page dumped because: kasan: bad access detected [ 20.459880] [ 20.460182] Memory state around the buggy address: [ 20.460652] fff00000c68e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.461438] fff00000c68e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.462115] >fff00000c68e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.462972] ^ [ 20.463402] fff00000c68e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.464473] fff00000c68e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.465225] ==================================================================
[ 16.554108] ================================================================== [ 16.555238] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f3/0x340 [ 16.556739] Read of size 1 at addr ffff888102bdc000 by task kunit_try_catch/153 [ 16.557733] [ 16.557938] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.12.33-rc1 #1 [ 16.558000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.558015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.558044] Call Trace: [ 16.558061] <TASK> [ 16.558083] dump_stack_lvl+0x73/0xb0 [ 16.558123] print_report+0xd1/0x640 [ 16.558157] ? __virt_addr_valid+0x1db/0x2d0 [ 16.558191] ? kmalloc_large_uaf+0x2f3/0x340 [ 16.558263] ? kasan_addr_to_slab+0x11/0xa0 [ 16.558337] ? kmalloc_large_uaf+0x2f3/0x340 [ 16.558410] kasan_report+0x140/0x180 [ 16.558488] ? kmalloc_large_uaf+0x2f3/0x340 [ 16.558577] __asan_report_load1_noabort+0x18/0x20 [ 16.558656] kmalloc_large_uaf+0x2f3/0x340 [ 16.558733] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 16.558808] ? __schedule+0xc49/0x27a0 [ 16.558879] ? __pfx_read_tsc+0x10/0x10 [ 16.558941] ? ktime_get_ts64+0x84/0x230 [ 16.559024] kunit_try_run_case+0x1a6/0x480 [ 16.559199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.559291] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.559359] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.559424] ? __kthread_parkme+0x82/0x160 [ 16.559490] ? preempt_count_sub+0x50/0x80 [ 16.559567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.559610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.559650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.559687] kthread+0x257/0x310 [ 16.559712] ? __pfx_kthread+0x10/0x10 [ 16.559737] ret_from_fork+0x41/0x80 [ 16.559765] ? __pfx_kthread+0x10/0x10 [ 16.559789] ret_from_fork_asm+0x1a/0x30 [ 16.559872] </TASK> [ 16.559902] [ 16.578757] The buggy address belongs to the physical page: [ 16.580810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bdc [ 16.582496] flags: 0x200000000000000(node=0|zone=2) [ 16.583299] raw: 0200000000000000 ffffea00040af808 ffff88815b03f000 0000000000000000 [ 16.584185] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 16.584836] page dumped because: kasan: bad access detected [ 16.585331] [ 16.586074] Memory state around the buggy address: [ 16.586483] ffff888102bdbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.587376] ffff888102bdbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.588447] >ffff888102bdc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.589340] ^ [ 16.589765] ffff888102bdc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.590847] ffff888102bdc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.591561] ==================================================================