Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 35.867518] ================================================================== [ 35.868827] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 35.869509] Read of size 1 at addr fff00000c6770000 by task kunit_try_catch/143 [ 35.871189] [ 35.871607] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 35.873024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.874248] Hardware name: linux,dummy-virt (DT) [ 35.874841] Call trace: [ 35.875325] show_stack+0x20/0x38 (C) [ 35.875994] dump_stack_lvl+0x8c/0xd0 [ 35.876626] print_report+0x118/0x5e0 [ 35.877229] kasan_report+0xc8/0x118 [ 35.877782] __asan_report_load1_noabort+0x20/0x30 [ 35.878415] page_alloc_uaf+0x328/0x350 [ 35.879210] kunit_try_run_case+0x14c/0x3d0 [ 35.879951] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.880547] kthread+0x24c/0x2d0 [ 35.881060] ret_from_fork+0x10/0x20 [ 35.881649] [ 35.881973] The buggy address belongs to the physical page: [ 35.883123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106770 [ 35.884074] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.885487] page_type: f0(buddy) [ 35.886662] raw: 0bfffe0000000000 fff00000ff6150e0 fff00000ff6150e0 0000000000000000 [ 35.888098] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 35.889385] page dumped because: kasan: bad access detected [ 35.890177] [ 35.890428] Memory state around the buggy address: [ 35.890866] fff00000c676ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.892033] fff00000c676ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.893009] >fff00000c6770000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.894128] ^ [ 35.894619] fff00000c6770080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.895500] fff00000c6770100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.896273] ==================================================================
[ 27.109936] ================================================================== [ 27.112006] BUG: KASAN: use-after-free in page_alloc_uaf+0x358/0x3d0 [ 27.112636] Read of size 1 at addr ffff888102c40000 by task kunit_try_catch/161 [ 27.113200] [ 27.113433] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 27.114346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.114878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.116003] Call Trace: [ 27.116322] <TASK> [ 27.116762] dump_stack_lvl+0x73/0xb0 [ 27.117327] print_report+0xd1/0x640 [ 27.117751] ? __virt_addr_valid+0x1db/0x2d0 [ 27.118204] ? kasan_addr_to_slab+0x11/0xa0 [ 27.118858] kasan_report+0x102/0x140 [ 27.119139] ? page_alloc_uaf+0x358/0x3d0 [ 27.120048] ? page_alloc_uaf+0x358/0x3d0 [ 27.120640] __asan_report_load1_noabort+0x18/0x20 [ 27.121222] page_alloc_uaf+0x358/0x3d0 [ 27.121650] ? __pfx_page_alloc_uaf+0x10/0x10 [ 27.122001] ? __schedule+0xc3e/0x2790 [ 27.122348] ? __pfx_read_tsc+0x10/0x10 [ 27.123074] ? ktime_get_ts64+0x84/0x230 [ 27.123822] kunit_try_run_case+0x1b3/0x490 [ 27.124128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.124945] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.125530] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.126247] ? __kthread_parkme+0x82/0x160 [ 27.126621] ? preempt_count_sub+0x50/0x80 [ 27.127176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.127616] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.129462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.130500] kthread+0x257/0x310 [ 27.131035] ? __pfx_kthread+0x10/0x10 [ 27.131232] ret_from_fork+0x41/0x80 [ 27.131408] ? __pfx_kthread+0x10/0x10 [ 27.131585] ret_from_fork_asm+0x1a/0x30 [ 27.132001] </TASK> [ 27.132326] [ 27.132583] The buggy address belongs to the physical page: [ 27.133235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c40 [ 27.133903] flags: 0x200000000000000(node=0|zone=2) [ 27.134565] page_type: f0(buddy) [ 27.135261] raw: 0200000000000000 ffff88817fffb530 ffff88817fffb530 0000000000000000 [ 27.136329] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 27.137702] page dumped because: kasan: bad access detected [ 27.138096] [ 27.138370] Memory state around the buggy address: [ 27.139243] ffff888102c3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.139930] ffff888102c3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.141108] >ffff888102c40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.142179] ^ [ 27.142769] ffff888102c40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.143248] ffff888102c40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.145055] ==================================================================