Hay
Sign in
Date
July 5, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   18.683601] ==================================================================
[   18.683726] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   18.683838] Read of size 1 at addr fff00000c78e0000 by task kunit_try_catch/155
[   18.683949] 
[   18.684014] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.684192] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.684251] Hardware name: linux,dummy-virt (DT)
[   18.684317] Call trace:
[   18.684384]  show_stack+0x20/0x38 (C)
[   18.684473]  dump_stack_lvl+0x8c/0xd0
[   18.684569]  print_report+0x118/0x608
[   18.685099]  kasan_report+0xdc/0x128
[   18.685446]  __asan_report_load1_noabort+0x20/0x30
[   18.685689]  page_alloc_uaf+0x328/0x350
[   18.685811]  kunit_try_run_case+0x170/0x3f0
[   18.685912]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.686025]  kthread+0x328/0x630
[   18.686115]  ret_from_fork+0x10/0x20
[   18.686461] 
[   18.686546] The buggy address belongs to the physical page:
[   18.686633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   18.686783] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.686922] page_type: f0(buddy)
[   18.687001] raw: 0bfffe0000000000 fff00000ff616108 fff00000ff616108 0000000000000000
[   18.687115] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000
[   18.687206] page dumped because: kasan: bad access detected
[   18.687275] 
[   18.687315] Memory state around the buggy address:
[   18.687395]  fff00000c78dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.687477]  fff00000c78dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.687911] >fff00000c78e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.688005]                    ^
[   18.688065]  fff00000c78e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.688150]  fff00000c78e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.688236] ==================================================================
Metadata Full log Test run details 

[   13.080589] ==================================================================
[   13.082391] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   13.083084] Read of size 1 at addr ffff888103980000 by task kunit_try_catch/171
[   13.083361] 
[   13.083473] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.083529] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.083545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.083571] Call Trace:
[   13.083587]  <TASK>
[   13.083614]  dump_stack_lvl+0x73/0xb0
[   13.083663]  print_report+0xd1/0x650
[   13.083690]  ? __virt_addr_valid+0x1db/0x2d0
[   13.083718]  ? page_alloc_uaf+0x356/0x3d0
[   13.083744]  ? kasan_addr_to_slab+0x11/0xa0
[   13.083853]  ? page_alloc_uaf+0x356/0x3d0
[   13.083883]  kasan_report+0x141/0x180
[   13.083909]  ? page_alloc_uaf+0x356/0x3d0
[   13.083940]  __asan_report_load1_noabort+0x18/0x20
[   13.083968]  page_alloc_uaf+0x356/0x3d0
[   13.083994]  ? __pfx_page_alloc_uaf+0x10/0x10
[   13.084021]  ? __schedule+0x10cc/0x2b60
[   13.084047]  ? __pfx_read_tsc+0x10/0x10
[   13.084076]  ? ktime_get_ts64+0x86/0x230
[   13.084108]  kunit_try_run_case+0x1a5/0x480
[   13.084138]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.084164]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.084191]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.084218]  ? __kthread_parkme+0x82/0x180
[   13.084243]  ? preempt_count_sub+0x50/0x80
[   13.084272]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.084299]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.084326]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.084353]  kthread+0x337/0x6f0
[   13.084376]  ? trace_preempt_on+0x20/0xc0
[   13.084405]  ? __pfx_kthread+0x10/0x10
[   13.084429]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.084453]  ? calculate_sigpending+0x7b/0xa0
[   13.084482]  ? __pfx_kthread+0x10/0x10
[   13.084507]  ret_from_fork+0x116/0x1d0
[   13.084528]  ? __pfx_kthread+0x10/0x10
[   13.084552]  ret_from_fork_asm+0x1a/0x30
[   13.084589]  </TASK>
[   13.084602] 
[   13.093513] The buggy address belongs to the physical page:
[   13.093885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980
[   13.094312] flags: 0x200000000000000(node=0|zone=2)
[   13.094601] page_type: f0(buddy)
[   13.094908] raw: 0200000000000000 ffff88817fffb538 ffff88817fffb538 0000000000000000
[   13.095276] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000
[   13.095678] page dumped because: kasan: bad access detected
[   13.096169] 
[   13.096293] Memory state around the buggy address:
[   13.096569]  ffff88810397ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.097082]  ffff88810397ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.097406] >ffff888103980000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.097785]                    ^
[   13.098010]  ffff888103980080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.098337]  ffff888103980100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.098729] ==================================================================
Metadata Full log Test run details