Hay
Sign in
Date
April 20, 2025, 11:09 p.m.

Environment
x15
x86 

[   48.663543] ==================================================================
[   48.678680] BUG: KASAN: use-after-free in page_alloc_uaf+0x368/0x39c
[   48.685089] Read of size 1 at addr ccbb0000 by task kunit_try_catch/210
[   48.691741] 
[   48.693237] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.0-rc3 #1 NONE 
[   48.693267] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   48.693298] Hardware name: Generic DRA74X (Flattened Device Tree)
[   48.693298] Call trace: 
[   48.693298]  unwind_backtrace from show_stack+0x18/0x1c
[   48.693328]  show_stack from dump_stack_lvl+0x70/0x90
[   48.693359]  dump_stack_lvl from print_report+0x158/0x528
[   48.693389]  print_report from kasan_report+0xdc/0x118
[   48.693389]  kasan_report from page_alloc_uaf+0x368/0x39c
[   48.693420]  page_alloc_uaf from kunit_try_run_case+0x22c/0x5a8
[   48.693450]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128
[   48.693481]  kunit_generic_run_threadfn_adapter from kthread+0x464/0x810
[   48.693481]  kthread from ret_from_fork+0x14/0x20
[   48.693511] Exception stack(0xf23bbfb0 to 0xf23bbff8)
[   48.693542] bfa0:                                     00000000 00000000 00000000 00000000
[   48.693542] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   48.693572] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   48.693572] 
[   48.797912] The buggy address belongs to the physical page:
[   48.803527] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cbb0
[   48.810791] flags: 0x0(zone=0)
[   48.813873] page_type: f0(buddy)
[   48.817138] raw: 00000000 c69ddb10 c69ddb10 00000000 00000000 00000004 f0000000 00000000
[   48.825286] raw: 00000000
[   48.827911] page dumped because: kasan: bad access detected
[   48.833526] 
[   48.835021] Memory state around the buggy address:
[   48.839843]  ccbaff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.846435]  ccbaff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.852996] >ccbb0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.859558]            ^
[   48.862121]  ccbb0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.868682]  ccbb0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.875244] ==================================================================
Metadata Full log Test run details 

[   17.078843] ==================================================================
[   17.093916] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   17.100284] Read of size 1 at addr ffff888107fb0000 by task kunit_try_catch/197
[   17.107598] 
[   17.109099] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.109107] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.109109] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   17.109113] Call Trace:
[   17.109114]  <TASK>
[   17.109116]  dump_stack_lvl+0x73/0xb0
[   17.109120]  print_report+0xd1/0x650
[   17.109125]  ? __virt_addr_valid+0x1db/0x2d0
[   17.109128]  ? page_alloc_uaf+0x356/0x3d0
[   17.109133]  ? kasan_addr_to_slab+0x11/0xa0
[   17.109136]  ? page_alloc_uaf+0x356/0x3d0
[   17.109141]  kasan_report+0x141/0x180
[   17.109145]  ? page_alloc_uaf+0x356/0x3d0
[   17.109150]  __asan_report_load1_noabort+0x18/0x20
[   17.109153]  page_alloc_uaf+0x356/0x3d0
[   17.109158]  ? __pfx_page_alloc_uaf+0x10/0x10
[   17.109162]  ? __schedule+0x10cc/0x2b30
[   17.109166]  ? ktime_get_ts64+0x83/0x230
[   17.109171]  kunit_try_run_case+0x1a2/0x480
[   17.109175]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.109180]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.109184]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.109189]  ? __kthread_parkme+0x82/0x180
[   17.109193]  ? preempt_count_sub+0x50/0x80
[   17.109197]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.109201]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   17.109205]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.109209]  kthread+0x334/0x6f0
[   17.109213]  ? trace_preempt_on+0x20/0xc0
[   17.109218]  ? __pfx_kthread+0x10/0x10
[   17.109222]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.109226]  ? calculate_sigpending+0x7b/0xa0
[   17.109230]  ? __pfx_kthread+0x10/0x10
[   17.109234]  ret_from_fork+0x3e/0x80
[   17.109238]  ? __pfx_kthread+0x10/0x10
[   17.109242]  ret_from_fork_asm+0x1a/0x30
[   17.109248]  </TASK>
[   17.109249] 
[   17.269543] The buggy address belongs to the physical page:
[   17.275118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107fb0
[   17.283125] flags: 0x200000000000000(node=0|zone=2)
[   17.288003] page_type: f0(buddy)
[   17.291237] raw: 0200000000000000 ffff88846fffd3e0 ffff88846fffd3e0 0000000000000000
[   17.298978] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   17.306732] page dumped because: kasan: bad access detected
[   17.312303] 
[   17.313804] Memory state around the buggy address:
[   17.318596]  ffff888107faff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.325816]  ffff888107faff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.333034] >ffff888107fb0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.340252]                    ^
[   17.343486]  ffff888107fb0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.350704]  ffff888107fb0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.357940] ==================================================================
Metadata Full log Test run details