Hay
Sign in
Date
July 15, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.267684] ==================================================================
[   15.267741] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   15.267796] Read of size 1 at addr fff00000c7880000 by task kunit_try_catch/155
[   15.267845] 
[   15.268313] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.268601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.268629] Hardware name: linux,dummy-virt (DT)
[   15.268889] Call trace:
[   15.269208]  show_stack+0x20/0x38 (C)
[   15.269652]  dump_stack_lvl+0x8c/0xd0
[   15.269911]  print_report+0x118/0x5d0
[   15.270091]  kasan_report+0xdc/0x128
[   15.270135]  __asan_report_load1_noabort+0x20/0x30
[   15.270218]  page_alloc_uaf+0x328/0x350
[   15.270265]  kunit_try_run_case+0x170/0x3f0
[   15.270313]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.270365]  kthread+0x328/0x630
[   15.270868]  ret_from_fork+0x10/0x20
[   15.271038] 
[   15.271058] The buggy address belongs to the physical page:
[   15.271100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107880
[   15.271154] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   15.271593] page_type: f0(buddy)
[   15.271682] raw: 0bfffe0000000000 fff00000ff6161d8 fff00000ff6161d8 0000000000000000
[   15.271822] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000
[   15.271891] page dumped because: kasan: bad access detected
[   15.271921] 
[   15.271938] Memory state around the buggy address:
[   15.272052]  fff00000c787ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.272237]  fff00000c787ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.272298] >fff00000c7880000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.272337]                    ^
[   15.272364]  fff00000c7880080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.272405]  fff00000c7880100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.272812] ==================================================================
Metadata Full log Test run details 

[   12.118666] ==================================================================
[   12.119292] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   12.119536] Read of size 1 at addr ffff888103950000 by task kunit_try_catch/171
[   12.119870] 
[   12.120053] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.120098] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.120109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.120128] Call Trace:
[   12.120139]  <TASK>
[   12.120152]  dump_stack_lvl+0x73/0xb0
[   12.120181]  print_report+0xd1/0x610
[   12.120203]  ? __virt_addr_valid+0x1db/0x2d0
[   12.120225]  ? page_alloc_uaf+0x356/0x3d0
[   12.120248]  ? kasan_addr_to_slab+0x11/0xa0
[   12.120269]  ? page_alloc_uaf+0x356/0x3d0
[   12.120291]  kasan_report+0x141/0x180
[   12.120313]  ? page_alloc_uaf+0x356/0x3d0
[   12.120388]  __asan_report_load1_noabort+0x18/0x20
[   12.120417]  page_alloc_uaf+0x356/0x3d0
[   12.120447]  ? __pfx_page_alloc_uaf+0x10/0x10
[   12.120473]  ? __pfx_page_alloc_uaf+0x10/0x10
[   12.120500]  kunit_try_run_case+0x1a5/0x480
[   12.120526]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.120549]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.120573]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.120598]  ? __kthread_parkme+0x82/0x180
[   12.120619]  ? preempt_count_sub+0x50/0x80
[   12.120643]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.120668]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.120693]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.120718]  kthread+0x337/0x6f0
[   12.120737]  ? trace_preempt_on+0x20/0xc0
[   12.120774]  ? __pfx_kthread+0x10/0x10
[   12.120795]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.120816]  ? calculate_sigpending+0x7b/0xa0
[   12.120840]  ? __pfx_kthread+0x10/0x10
[   12.120861]  ret_from_fork+0x116/0x1d0
[   12.120880]  ? __pfx_kthread+0x10/0x10
[   12.120900]  ret_from_fork_asm+0x1a/0x30
[   12.120931]  </TASK>
[   12.120941] 
[   12.129289] The buggy address belongs to the physical page:
[   12.129964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103950
[   12.130290] flags: 0x200000000000000(node=0|zone=2)
[   12.130944] page_type: f0(buddy)
[   12.131407] raw: 0200000000000000 ffff88817fffc460 ffff88817fffc460 0000000000000000
[   12.131874] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   12.132197] page dumped because: kasan: bad access detected
[   12.132738] 
[   12.132974] Memory state around the buggy address:
[   12.133509]  ffff88810394ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.133835]  ffff88810394ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.134126] >ffff888103950000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.134419]                    ^
[   12.134570]  ffff888103950080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.135543]  ffff888103950100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.136046] ==================================================================
Metadata Full log Test run details