Hay
Sign in
Date
July 8, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.145747] ==================================================================
[   19.145800] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   19.145849] Read of size 1 at addr fff00000c7790000 by task kunit_try_catch/154
[   19.145898] 
[   19.146210] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.146519] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.146546] Hardware name: linux,dummy-virt (DT)
[   19.146576] Call trace:
[   19.146823]  show_stack+0x20/0x38 (C)
[   19.147181]  dump_stack_lvl+0x8c/0xd0
[   19.147255]  print_report+0x118/0x608
[   19.147313]  kasan_report+0xdc/0x128
[   19.147516]  __asan_report_load1_noabort+0x20/0x30
[   19.147590]  page_alloc_uaf+0x328/0x350
[   19.147635]  kunit_try_run_case+0x170/0x3f0
[   19.147795]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.148025]  kthread+0x328/0x630
[   19.148203]  ret_from_fork+0x10/0x20
[   19.148392] 
[   19.148412] The buggy address belongs to the physical page:
[   19.148441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107790
[   19.148494] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.148854] page_type: f0(buddy)
[   19.149065] raw: 0bfffe0000000000 fff00000ff6160a0 fff00000ff6160a0 0000000000000000
[   19.149244] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   19.149348] page dumped because: kasan: bad access detected
[   19.149541] 
[   19.149679] Memory state around the buggy address:
[   19.149733]  fff00000c778ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.150203]  fff00000c778ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.150280] >fff00000c7790000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.150394]                    ^
[   19.150425]  fff00000c7790080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.150831]  fff00000c7790100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.150896] ==================================================================
Metadata Full log Test run details 

[   12.056073] ==================================================================
[   12.056791] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   12.057225] Read of size 1 at addr ffff888103a80000 by task kunit_try_catch/172
[   12.057544] 
[   12.057798] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.057882] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.057894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.057913] Call Trace:
[   12.057974]  <TASK>
[   12.057992]  dump_stack_lvl+0x73/0xb0
[   12.058024]  print_report+0xd1/0x650
[   12.058047]  ? __virt_addr_valid+0x1db/0x2d0
[   12.058071]  ? page_alloc_uaf+0x356/0x3d0
[   12.058092]  ? kasan_addr_to_slab+0x11/0xa0
[   12.058112]  ? page_alloc_uaf+0x356/0x3d0
[   12.058133]  kasan_report+0x141/0x180
[   12.058154]  ? page_alloc_uaf+0x356/0x3d0
[   12.058181]  __asan_report_load1_noabort+0x18/0x20
[   12.058205]  page_alloc_uaf+0x356/0x3d0
[   12.058226]  ? __pfx_page_alloc_uaf+0x10/0x10
[   12.058249]  ? __schedule+0x10cc/0x2b60
[   12.058270]  ? __pfx_read_tsc+0x10/0x10
[   12.058292]  ? ktime_get_ts64+0x86/0x230
[   12.058317]  kunit_try_run_case+0x1a5/0x480
[   12.058343]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.058365]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.058388]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.058412]  ? __kthread_parkme+0x82/0x180
[   12.058433]  ? preempt_count_sub+0x50/0x80
[   12.058457]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.058481]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.058505]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.058529]  kthread+0x337/0x6f0
[   12.058547]  ? trace_preempt_on+0x20/0xc0
[   12.058571]  ? __pfx_kthread+0x10/0x10
[   12.058591]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.058623]  ? calculate_sigpending+0x7b/0xa0
[   12.058647]  ? __pfx_kthread+0x10/0x10
[   12.058667]  ret_from_fork+0x116/0x1d0
[   12.058685]  ? __pfx_kthread+0x10/0x10
[   12.058705]  ret_from_fork_asm+0x1a/0x30
[   12.058736]  </TASK>
[   12.058746] 
[   12.067795] The buggy address belongs to the physical page:
[   12.068283] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a80
[   12.068817] flags: 0x200000000000000(node=0|zone=2)
[   12.068984] page_type: f0(buddy)
[   12.069223] raw: 0200000000000000 ffff88817fffb538 ffff88817fffb538 0000000000000000
[   12.069563] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000
[   12.070128] page dumped because: kasan: bad access detected
[   12.070412] 
[   12.070516] Memory state around the buggy address:
[   12.070693]  ffff888103a7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.071336]  ffff888103a7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.071665] >ffff888103a80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.072056]                    ^
[   12.072206]  ffff888103a80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.072567]  ffff888103a80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.072983] ==================================================================
Metadata Full log Test run details