Hay
Sign in
Date
July 6, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
x86 

[   16.717003] ==================================================================
[   16.717077] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   16.717132] Read of size 1 at addr fff00000c7840000 by task kunit_try_catch/155
[   16.717186] 
[   16.717220] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.717326] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.717353] Hardware name: linux,dummy-virt (DT)
[   16.717382] Call trace:
[   16.717404]  show_stack+0x20/0x38 (C)
[   16.717461]  dump_stack_lvl+0x8c/0xd0
[   16.717507]  print_report+0x118/0x608
[   16.717550]  kasan_report+0xdc/0x128
[   16.717776]  __asan_report_load1_noabort+0x20/0x30
[   16.717852]  page_alloc_uaf+0x328/0x350
[   16.717896]  kunit_try_run_case+0x170/0x3f0
[   16.717943]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.718019]  kthread+0x328/0x630
[   16.718099]  ret_from_fork+0x10/0x20
[   16.718145] 
[   16.718171] The buggy address belongs to the physical page:
[   16.718217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   16.718270] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.718317] page_type: f0(buddy)
[   16.718516] raw: 0bfffe0000000000 fff00000ff616170 fff00000ff616170 0000000000000000
[   16.718568] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   16.718621] page dumped because: kasan: bad access detected
[   16.718697] 
[   16.718774] Memory state around the buggy address:
[   16.718840]  fff00000c783ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.718952]  fff00000c783ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.719028] >fff00000c7840000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.719065]                    ^
[   16.719091]  fff00000c7840080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.719149]  fff00000c7840100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.719186] ==================================================================
Metadata Full log Test run details 

[   16.665483] ==================================================================
[   16.666069] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   16.666365] Read of size 1 at addr fff00000c7790000 by task kunit_try_catch/155
[   16.666491] 
[   16.666693] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.666933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.667078] Hardware name: linux,dummy-virt (DT)
[   16.667111] Call trace:
[   16.667133]  show_stack+0x20/0x38 (C)
[   16.667476]  dump_stack_lvl+0x8c/0xd0
[   16.667549]  print_report+0x118/0x608
[   16.667595]  kasan_report+0xdc/0x128
[   16.667639]  __asan_report_load1_noabort+0x20/0x30
[   16.667688]  page_alloc_uaf+0x328/0x350
[   16.667993]  kunit_try_run_case+0x170/0x3f0
[   16.668090]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.668144]  kthread+0x328/0x630
[   16.668455]  ret_from_fork+0x10/0x20
[   16.668505] 
[   16.668526] The buggy address belongs to the physical page:
[   16.668555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107790
[   16.668617] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.668665] page_type: f0(buddy)
[   16.668972] raw: 0bfffe0000000000 fff00000ff6160a0 fff00000ff6160a0 0000000000000000
[   16.669026] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   16.669069] page dumped because: kasan: bad access detected
[   16.669098] 
[   16.669115] Memory state around the buggy address:
[   16.669494]  fff00000c778ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.669540]  fff00000c778ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.669856] >fff00000c7790000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670033]                    ^
[   16.670098]  fff00000c7790080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670139]  fff00000c7790100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670194] ==================================================================
Metadata Full log Test run details 

[   12.778404] ==================================================================
[   12.779139] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   12.779956] Read of size 1 at addr ffff888103a00000 by task kunit_try_catch/172
[   12.780200] 
[   12.780426] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.780501] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.780890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.780932] Call Trace:
[   12.780958]  <TASK>
[   12.780984]  dump_stack_lvl+0x73/0xb0
[   12.781044]  print_report+0xd1/0x650
[   12.781083]  ? __virt_addr_valid+0x1db/0x2d0
[   12.781234]  ? page_alloc_uaf+0x356/0x3d0
[   12.781427]  ? kasan_addr_to_slab+0x11/0xa0
[   12.781472]  ? page_alloc_uaf+0x356/0x3d0
[   12.781509]  kasan_report+0x141/0x180
[   12.781545]  ? page_alloc_uaf+0x356/0x3d0
[   12.781582]  __asan_report_load1_noabort+0x18/0x20
[   12.781633]  page_alloc_uaf+0x356/0x3d0
[   12.781669]  ? __pfx_page_alloc_uaf+0x10/0x10
[   12.781702]  ? __schedule+0x10cc/0x2b60
[   12.781723]  ? __pfx_read_tsc+0x10/0x10
[   12.781744]  ? ktime_get_ts64+0x86/0x230
[   12.781767]  kunit_try_run_case+0x1a5/0x480
[   12.781789]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.781809]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.781831]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.781851]  ? __kthread_parkme+0x82/0x180
[   12.781869]  ? preempt_count_sub+0x50/0x80
[   12.781891]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.781912]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.781944]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.781965]  kthread+0x337/0x6f0
[   12.781983]  ? trace_preempt_on+0x20/0xc0
[   12.782004]  ? __pfx_kthread+0x10/0x10
[   12.782022]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.782041]  ? calculate_sigpending+0x7b/0xa0
[   12.782062]  ? __pfx_kthread+0x10/0x10
[   12.782082]  ret_from_fork+0x116/0x1d0
[   12.782098]  ? __pfx_kthread+0x10/0x10
[   12.782127]  ret_from_fork_asm+0x1a/0x30
[   12.782173]  </TASK>
[   12.782194] 
[   12.793060] The buggy address belongs to the physical page:
[   12.794055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a00
[   12.794409] flags: 0x200000000000000(node=0|zone=2)
[   12.794859] page_type: f0(buddy)
[   12.795056] raw: 0200000000000000 ffff88817fffb5c8 ffff88817fffb5c8 0000000000000000
[   12.795270] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000
[   12.795472] page dumped because: kasan: bad access detected
[   12.795649] 
[   12.795741] Memory state around the buggy address:
[   12.795971]  ffff8881039fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.796267]  ffff8881039fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.796454] >ffff888103a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.797469]                    ^
[   12.798276]  ffff888103a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.799287]  ffff888103a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.799822] ==================================================================
Metadata Full log Test run details 

[   13.047442] ==================================================================
[   13.049147] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   13.049914] Read of size 1 at addr ffff888103940000 by task kunit_try_catch/171
[   13.050833] 
[   13.051077] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.051215] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.051231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.051251] Call Trace:
[   13.051263]  <TASK>
[   13.051279]  dump_stack_lvl+0x73/0xb0
[   13.051308]  print_report+0xd1/0x650
[   13.051332]  ? __virt_addr_valid+0x1db/0x2d0
[   13.051353]  ? page_alloc_uaf+0x356/0x3d0
[   13.051374]  ? kasan_addr_to_slab+0x11/0xa0
[   13.051394]  ? page_alloc_uaf+0x356/0x3d0
[   13.051415]  kasan_report+0x141/0x180
[   13.051436]  ? page_alloc_uaf+0x356/0x3d0
[   13.051462]  __asan_report_load1_noabort+0x18/0x20
[   13.051485]  page_alloc_uaf+0x356/0x3d0
[   13.051506]  ? __pfx_page_alloc_uaf+0x10/0x10
[   13.051528]  ? __schedule+0x10cc/0x2b60
[   13.051549]  ? __pfx_read_tsc+0x10/0x10
[   13.051569]  ? ktime_get_ts64+0x86/0x230
[   13.051594]  kunit_try_run_case+0x1a5/0x480
[   13.051618]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.051640]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.051662]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.051684]  ? __kthread_parkme+0x82/0x180
[   13.051703]  ? preempt_count_sub+0x50/0x80
[   13.051726]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.051748]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.051771]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.051793]  kthread+0x337/0x6f0
[   13.051812]  ? trace_preempt_on+0x20/0xc0
[   13.051835]  ? __pfx_kthread+0x10/0x10
[   13.051855]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.051874]  ? calculate_sigpending+0x7b/0xa0
[   13.051897]  ? __pfx_kthread+0x10/0x10
[   13.051917]  ret_from_fork+0x116/0x1d0
[   13.051935]  ? __pfx_kthread+0x10/0x10
[   13.051954]  ret_from_fork_asm+0x1a/0x30
[   13.051985]  </TASK>
[   13.051996] 
[   13.066124] The buggy address belongs to the physical page:
[   13.066443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103940
[   13.067277] flags: 0x200000000000000(node=0|zone=2)
[   13.067650] page_type: f0(buddy)
[   13.068037] raw: 0200000000000000 ffff88817fffc4f0 ffff88817fffc4f0 0000000000000000
[   13.068390] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   13.068897] page dumped because: kasan: bad access detected
[   13.069414] 
[   13.069602] Memory state around the buggy address:
[   13.069956]  ffff88810393ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.070611]  ffff88810393ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.071083] >ffff888103940000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.071653]                    ^
[   13.071983]  ffff888103940080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.072558]  ffff888103940100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   13.072976] ==================================================================
Metadata Full log Test run details 

[   17.342177] ==================================================================
[   17.357229] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   17.363592] Read of size 1 at addr ffff8881082d0000 by task kunit_try_catch/195
[   17.370905] 
[   17.372407] CPU: 3 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   17.372415] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   17.372418] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   17.372421] Call Trace:
[   17.372423]  <TASK>
[   17.372425]  dump_stack_lvl+0x73/0xb0
[   17.372430]  print_report+0xd1/0x650
[   17.372434]  ? __virt_addr_valid+0x1db/0x2d0
[   17.372438]  ? page_alloc_uaf+0x356/0x3d0
[   17.372442]  ? kasan_addr_to_slab+0x11/0xa0
[   17.372445]  ? page_alloc_uaf+0x356/0x3d0
[   17.372449]  kasan_report+0x141/0x180
[   17.372453]  ? page_alloc_uaf+0x356/0x3d0
[   17.372458]  __asan_report_load1_noabort+0x18/0x20
[   17.372463]  page_alloc_uaf+0x356/0x3d0
[   17.372467]  ? __pfx_page_alloc_uaf+0x10/0x10
[   17.372471]  ? __schedule+0x10cc/0x2b60
[   17.372475]  ? ktime_get_ts64+0x83/0x230
[   17.372479]  kunit_try_run_case+0x1a2/0x480
[   17.372484]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.372488]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.372492]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.372496]  ? __kthread_parkme+0x82/0x180
[   17.372500]  ? preempt_count_sub+0x50/0x80
[   17.372504]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.372508]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   17.372512]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.372516]  kthread+0x334/0x6f0
[   17.372520]  ? trace_preempt_on+0x20/0xc0
[   17.372524]  ? __pfx_kthread+0x10/0x10
[   17.372528]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.372531]  ? calculate_sigpending+0x7b/0xa0
[   17.372536]  ? __pfx_kthread+0x10/0x10
[   17.372540]  ret_from_fork+0x113/0x1d0
[   17.372543]  ? __pfx_kthread+0x10/0x10
[   17.372547]  ret_from_fork_asm+0x1a/0x30
[   17.372552]  </TASK>
[   17.372554] 
[   17.534981] The buggy address belongs to the physical page:
[   17.540555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1082d0
[   17.548561] flags: 0x200000000000000(node=0|zone=2)
[   17.553442] page_type: f0(buddy)
[   17.556677] raw: 0200000000000000 ffff88846fffd460 ffff88846fffd460 0000000000000000
[   17.564423] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   17.572160] page dumped because: kasan: bad access detected
[   17.577734] 
[   17.579233] Memory state around the buggy address:
[   17.584027]  ffff8881082cff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.591245]  ffff8881082cff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.598464] >ffff8881082d0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.605682]                    ^
[   17.608917]  ffff8881082d0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.616137]  ffff8881082d0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   17.623361] ==================================================================
Metadata Full log Test run details