Date
July 3, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.363601] ================================================================== [ 19.363727] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 19.363841] Read of size 1 at addr fff00000c78c0000 by task kunit_try_catch/154 [ 19.363942] [ 19.364010] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.364201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.364260] Hardware name: linux,dummy-virt (DT) [ 19.364328] Call trace: [ 19.364374] show_stack+0x20/0x38 (C) [ 19.364481] dump_stack_lvl+0x8c/0xd0 [ 19.364609] print_report+0x118/0x608 [ 19.364707] kasan_report+0xdc/0x128 [ 19.364803] __asan_report_load1_noabort+0x20/0x30 [ 19.364918] page_alloc_uaf+0x328/0x350 [ 19.365019] kunit_try_run_case+0x170/0x3f0 [ 19.365143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.365294] kthread+0x328/0x630 [ 19.365429] ret_from_fork+0x10/0x20 [ 19.365579] [ 19.365645] The buggy address belongs to the physical page: [ 19.365993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c0 [ 19.366171] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.366498] page_type: f0(buddy) [ 19.366584] raw: 0bfffe0000000000 fff00000ff616170 fff00000ff616170 0000000000000000 [ 19.366741] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 19.366962] page dumped because: kasan: bad access detected [ 19.367089] [ 19.367152] Memory state around the buggy address: [ 19.367325] fff00000c78bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.367533] fff00000c78bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.367676] >fff00000c78c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.367831] ^ [ 19.368121] fff00000c78c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.368220] fff00000c78c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.368373] ==================================================================
[ 11.060424] ================================================================== [ 11.061028] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 11.061456] Read of size 1 at addr ffff888103980000 by task kunit_try_catch/171 [ 11.061762] [ 11.061864] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.061906] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.061917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.061937] Call Trace: [ 11.061950] <TASK> [ 11.061964] dump_stack_lvl+0x73/0xb0 [ 11.061990] print_report+0xd1/0x650 [ 11.062012] ? __virt_addr_valid+0x1db/0x2d0 [ 11.062034] ? page_alloc_uaf+0x356/0x3d0 [ 11.062055] ? kasan_addr_to_slab+0x11/0xa0 [ 11.062074] ? page_alloc_uaf+0x356/0x3d0 [ 11.062095] kasan_report+0x141/0x180 [ 11.062115] ? page_alloc_uaf+0x356/0x3d0 [ 11.062153] __asan_report_load1_noabort+0x18/0x20 [ 11.062176] page_alloc_uaf+0x356/0x3d0 [ 11.062197] ? __pfx_page_alloc_uaf+0x10/0x10 [ 11.062220] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 11.062243] ? __pfx_read_tsc+0x10/0x10 [ 11.062264] ? ktime_get_ts64+0x86/0x230 [ 11.062286] kunit_try_run_case+0x1a5/0x480 [ 11.062309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.062330] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 11.062351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.062632] ? __kthread_parkme+0x82/0x180 [ 11.062655] ? preempt_count_sub+0x50/0x80 [ 11.062679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.062701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.062723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.062745] kthread+0x337/0x6f0 [ 11.062763] ? trace_preempt_on+0x20/0xc0 [ 11.062785] ? __pfx_kthread+0x10/0x10 [ 11.062805] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.062825] ? calculate_sigpending+0x7b/0xa0 [ 11.062848] ? __pfx_kthread+0x10/0x10 [ 11.062868] ret_from_fork+0x116/0x1d0 [ 11.062885] ? __pfx_kthread+0x10/0x10 [ 11.062905] ret_from_fork_asm+0x1a/0x30 [ 11.062934] </TASK> [ 11.062945] [ 11.070347] The buggy address belongs to the physical page: [ 11.070879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 11.071195] flags: 0x200000000000000(node=0|zone=2) [ 11.071576] page_type: f0(buddy) [ 11.071700] raw: 0200000000000000 ffff88817fffb538 ffff88817fffb538 0000000000000000 [ 11.071988] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000 [ 11.072383] page dumped because: kasan: bad access detected [ 11.072730] [ 11.072828] Memory state around the buggy address: [ 11.073038] ffff88810397ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.073431] ffff88810397ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.073951] >ffff888103980000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.074318] ^ [ 11.074518] ffff888103980080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.074798] ffff888103980100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.075055] ==================================================================