Hay
Sign in
Date
April 22, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b 

[   17.426573] ==================================================================
[   17.426763] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   17.426878] Read of size 1 at addr fff00000c7a00000 by task kunit_try_catch/156
[   17.426983] 
[   17.427062] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.427240] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.428848] Hardware name: linux,dummy-virt (DT)
[   17.428958] Call trace:
[   17.429023]  show_stack+0x20/0x38 (C)
[   17.429150]  dump_stack_lvl+0x8c/0xd0
[   17.429267]  print_report+0x118/0x608
[   17.429358]  kasan_report+0xdc/0x128
[   17.429436]  __asan_report_load1_noabort+0x20/0x30
[   17.429568]  page_alloc_uaf+0x328/0x350
[   17.429662]  kunit_try_run_case+0x170/0x3f0
[   17.429761]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.429855]  kthread+0x328/0x630
[   17.429943]  ret_from_fork+0x10/0x20
[   17.430041] 
[   17.430082] The buggy address belongs to the physical page:
[   17.430202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a00
[   17.430345] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.430580] page_type: f0(buddy)
[   17.430671] raw: 0bfffe0000000000 fff00000ff616228 fff00000ff616228 0000000000000000
[   17.430800] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000
[   17.431064] page dumped because: kasan: bad access detected
[   17.431150] 
[   17.431191] Memory state around the buggy address:
[   17.431433]  fff00000c79fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.431946]  fff00000c79fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.432046] >fff00000c7a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.432596]                    ^
[   17.432859]  fff00000c7a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.433164]  fff00000c7a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.433772] ==================================================================
Metadata Full log Test run details 

[   17.094169] ==================================================================
[   17.095326] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   17.097383] Read of size 1 at addr ffff888103bc0000 by task kunit_try_catch/174
[   17.097983] 
[   17.098289] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.098677] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.098695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.098727] Call Trace:
[   17.098744]  <TASK>
[   17.098769]  dump_stack_lvl+0x73/0xb0
[   17.098811]  print_report+0xd1/0x650
[   17.098845]  ? __virt_addr_valid+0x1db/0x2d0
[   17.098878]  ? page_alloc_uaf+0x356/0x3d0
[   17.098910]  ? kasan_addr_to_slab+0x11/0xa0
[   17.098939]  ? page_alloc_uaf+0x356/0x3d0
[   17.098970]  kasan_report+0x141/0x180
[   17.099003]  ? page_alloc_uaf+0x356/0x3d0
[   17.099042]  __asan_report_load1_noabort+0x18/0x20
[   17.099071]  page_alloc_uaf+0x356/0x3d0
[   17.099103]  ? __pfx_page_alloc_uaf+0x10/0x10
[   17.099136]  ? __schedule+0x10cc/0x2b30
[   17.099171]  ? __pfx_read_tsc+0x10/0x10
[   17.099199]  ? ktime_get_ts64+0x86/0x230
[   17.099237]  kunit_try_run_case+0x1a5/0x480
[   17.099273]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.099304]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.099338]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.099372]  ? __kthread_parkme+0x82/0x180
[   17.099404]  ? preempt_count_sub+0x50/0x80
[   17.099453]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.099527]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.099564]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.099597]  kthread+0x337/0x6f0
[   17.099628]  ? trace_preempt_on+0x20/0xc0
[   17.099664]  ? __pfx_kthread+0x10/0x10
[   17.099696]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.099727]  ? calculate_sigpending+0x7b/0xa0
[   17.099758]  ? __pfx_kthread+0x10/0x10
[   17.099789]  ret_from_fork+0x41/0x80
[   17.099818]  ? __pfx_kthread+0x10/0x10
[   17.099849]  ret_from_fork_asm+0x1a/0x30
[   17.099893]  </TASK>
[   17.099908] 
[   17.114530] The buggy address belongs to the physical page:
[   17.115114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bc0
[   17.115889] flags: 0x200000000000000(node=0|zone=2)
[   17.116397] page_type: f0(buddy)
[   17.116838] raw: 0200000000000000 ffff88817fffb470 ffff88817fffb470 0000000000000000
[   17.117381] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   17.118009] page dumped because: kasan: bad access detected
[   17.118570] 
[   17.118794] Memory state around the buggy address:
[   17.119248]  ffff888103bbff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.119907]  ffff888103bbff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.120574] >ffff888103bc0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.121120]                    ^
[   17.121529]  ffff888103bc0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.122077]  ffff888103bc0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.122690] ==================================================================
Metadata Full log Test run details 

[   19.237279] ==================================================================
[   19.238660] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   19.239290] Read of size 1 at addr ffff000010940000 by task kunit_try_catch/212
[   19.239976] 
[   19.240149] CPU: 3 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.240209] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.240226] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.240247] Call trace:
[   19.240261]  show_stack+0x20/0x38 (C)
[   19.240300]  dump_stack_lvl+0x8c/0xd0
[   19.240337]  print_report+0x118/0x608
[   19.240372]  kasan_report+0xdc/0x128
[   19.240406]  __asan_report_load1_noabort+0x20/0x30
[   19.240448]  page_alloc_uaf+0x328/0x350
[   19.240489]  kunit_try_run_case+0x170/0x3f0
[   19.240532]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.240580]  kthread+0x328/0x630
[   19.240621]  ret_from_fork+0x10/0x20
[   19.240661] 
[   19.246259] The buggy address belongs to the physical page:
[   19.246783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10940
[   19.247527] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff)
[   19.248149] page_type: f0(buddy)
[   19.248479] raw: 03fffe0000000000 ffff0000f75f26f0 ffff0000f75f26f0 0000000000000000
[   19.249205] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   19.249921] page dumped because: kasan: bad access detected
[   19.250443] 
[   19.250601] Memory state around the buggy address:
[   19.251056]  ffff00001093ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.251731]  ffff00001093ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.252406] >ffff000010940000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.253076]                    ^
[   19.253394]  ffff000010940080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.254068]  ffff000010940100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.254738] ==================================================================
Metadata Full log Test run details