Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 19.779628] ================================================================== [ 19.794039] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 19.800371] Read of size 1 at addr ffff0008064b0000 by task kunit_try_catch/203 [ 19.807663] [ 19.809148] CPU: 2 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 19.809201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.809216] Hardware name: WinLink E850-96 board (DT) [ 19.809236] Call trace: [ 19.809251] show_stack+0x20/0x38 (C) [ 19.809286] dump_stack_lvl+0x8c/0xd0 [ 19.809322] print_report+0x118/0x608 [ 19.809351] kasan_report+0xdc/0x128 [ 19.809381] __asan_report_load1_noabort+0x20/0x30 [ 19.809417] page_alloc_uaf+0x328/0x350 [ 19.809443] kunit_try_run_case+0x170/0x3f0 [ 19.809479] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.809515] kthread+0x328/0x630 [ 19.809550] ret_from_fork+0x10/0x20 [ 19.809585] [ 19.871640] The buggy address belongs to the physical page: [ 19.877195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8864b0 [ 19.885177] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.891688] page_type: f0(buddy) [ 19.894913] raw: 0bfffe0000000000 ffff00087f61bbe0 ffff00087f61bbe0 0000000000000000 [ 19.902634] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 19.910352] page dumped because: kasan: bad access detected [ 19.915905] [ 19.917381] Memory state around the buggy address: [ 19.922163] ffff0008064aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.929364] ffff0008064aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.936571] >ffff0008064b0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.943770] ^ [ 19.946985] ffff0008064b0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.954190] ffff0008064b0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.961393] ==================================================================
[ 15.386885] ================================================================== [ 15.386949] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 15.387154] Read of size 1 at addr fff00000c78a0000 by task kunit_try_catch/159 [ 15.387309] [ 15.387388] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.387741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.387861] Hardware name: linux,dummy-virt (DT) [ 15.387980] Call trace: [ 15.388002] show_stack+0x20/0x38 (C) [ 15.388050] dump_stack_lvl+0x8c/0xd0 [ 15.388353] print_report+0x118/0x608 [ 15.388727] kasan_report+0xdc/0x128 [ 15.388814] __asan_report_load1_noabort+0x20/0x30 [ 15.388900] page_alloc_uaf+0x328/0x350 [ 15.388955] kunit_try_run_case+0x170/0x3f0 [ 15.389003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.389107] kthread+0x328/0x630 [ 15.389188] ret_from_fork+0x10/0x20 [ 15.389235] [ 15.389254] The buggy address belongs to the physical page: [ 15.389285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a0 [ 15.389334] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.389656] page_type: f0(buddy) [ 15.389846] raw: 0bfffe0000000000 fff00000ff616088 fff00000ff616088 0000000000000000 [ 15.390000] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 15.390101] page dumped because: kasan: bad access detected [ 15.390142] [ 15.390159] Memory state around the buggy address: [ 15.390190] fff00000c789ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.390231] fff00000c789ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.390939] >fff00000c78a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.391004] ^ [ 15.391032] fff00000c78a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.391115] fff00000c78a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.391315] ==================================================================
[ 13.562845] ================================================================== [ 13.563829] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 13.564762] Read of size 1 at addr ffff888103a40000 by task kunit_try_catch/175 [ 13.565747] [ 13.565918] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.565985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.566009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.566052] Call Trace: [ 13.566082] <TASK> [ 13.566123] dump_stack_lvl+0x73/0xb0 [ 13.566188] print_report+0xd1/0x650 [ 13.566231] ? __virt_addr_valid+0x1db/0x2d0 [ 13.566259] ? page_alloc_uaf+0x356/0x3d0 [ 13.566292] ? kasan_addr_to_slab+0x11/0xa0 [ 13.566324] ? page_alloc_uaf+0x356/0x3d0 [ 13.566371] kasan_report+0x141/0x180 [ 13.566413] ? page_alloc_uaf+0x356/0x3d0 [ 13.566461] __asan_report_load1_noabort+0x18/0x20 [ 13.566505] page_alloc_uaf+0x356/0x3d0 [ 13.566544] ? __pfx_page_alloc_uaf+0x10/0x10 [ 13.566605] kunit_try_run_case+0x1a5/0x480 [ 13.566655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.566682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.566711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.566737] ? __kthread_parkme+0x82/0x180 [ 13.566762] ? preempt_count_sub+0x50/0x80 [ 13.566792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.566818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.566843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.566868] kthread+0x337/0x6f0 [ 13.566887] ? trace_preempt_on+0x20/0xc0 [ 13.566914] ? __pfx_kthread+0x10/0x10 [ 13.566934] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.566958] ? calculate_sigpending+0x7b/0xa0 [ 13.566983] ? __pfx_kthread+0x10/0x10 [ 13.567003] ret_from_fork+0x41/0x80 [ 13.567027] ? __pfx_kthread+0x10/0x10 [ 13.567047] ret_from_fork_asm+0x1a/0x30 [ 13.567129] </TASK> [ 13.567160] [ 13.581063] The buggy address belongs to the physical page: [ 13.581984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a40 [ 13.582764] flags: 0x200000000000000(node=0|zone=2) [ 13.583372] page_type: f0(buddy) [ 13.583835] raw: 0200000000000000 ffff88817fffb470 ffff88817fffb470 0000000000000000 [ 13.584793] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 13.585324] page dumped because: kasan: bad access detected [ 13.585619] [ 13.585802] Memory state around the buggy address: [ 13.586107] ffff888103a3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.586958] ffff888103a3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.587501] >ffff888103a40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.587749] ^ [ 13.588015] ffff888103a40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.589168] ffff888103a40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.589607] ==================================================================
[ 21.575208] ================================================================== [ 21.590265] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 21.596619] Read of size 1 at addr ffff888107240000 by task kunit_try_catch/197 [ 21.603930] [ 21.605451] CPU: 3 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 21.605459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.605461] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.605465] Call Trace: [ 21.605466] <TASK> [ 21.605468] dump_stack_lvl+0x73/0xb0 [ 21.605472] print_report+0xd1/0x650 [ 21.605477] ? __virt_addr_valid+0x1db/0x2d0 [ 21.605481] ? page_alloc_uaf+0x356/0x3d0 [ 21.605484] ? kasan_addr_to_slab+0x11/0xa0 [ 21.605488] ? page_alloc_uaf+0x356/0x3d0 [ 21.605491] kasan_report+0x141/0x180 [ 21.605495] ? page_alloc_uaf+0x356/0x3d0 [ 21.605500] __asan_report_load1_noabort+0x18/0x20 [ 21.605503] page_alloc_uaf+0x356/0x3d0 [ 21.605507] ? __pfx_page_alloc_uaf+0x10/0x10 [ 21.605510] ? __schedule+0x10cc/0x2b60 [ 21.605515] ? ktime_get_ts64+0x83/0x230 [ 21.605519] kunit_try_run_case+0x1a2/0x480 [ 21.605524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.605528] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.605533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.605538] ? __kthread_parkme+0x82/0x180 [ 21.605542] ? preempt_count_sub+0x50/0x80 [ 21.605546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.605551] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.605555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.605560] kthread+0x334/0x6f0 [ 21.605563] ? trace_preempt_on+0x20/0xc0 [ 21.605567] ? __pfx_kthread+0x10/0x10 [ 21.605570] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.605574] ? calculate_sigpending+0x7b/0xa0 [ 21.605578] ? __pfx_kthread+0x10/0x10 [ 21.605581] ret_from_fork+0x3e/0x80 [ 21.605585] ? __pfx_kthread+0x10/0x10 [ 21.605588] ret_from_fork_asm+0x1a/0x30 [ 21.605594] </TASK> [ 21.605596] [ 21.765990] The buggy address belongs to the physical page: [ 21.771562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107240 [ 21.779561] flags: 0x200000000000000(node=0|zone=2) [ 21.784440] page_type: f0(buddy) [ 21.787674] raw: 0200000000000000 ffffea00041c7808 ffff888277bfd3e0 0000000000000000 [ 21.795416] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 21.803161] page dumped because: kasan: bad access detected [ 21.808735] [ 21.810233] Memory state around the buggy address: [ 21.815025] ffff88810723ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.822246] ffff88810723ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.829464] >ffff888107240000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.836684] ^ [ 21.839934] ffff888107240080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.847181] ffff888107240100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.854407] ==================================================================