Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.380960] ================================================================== [ 30.382464] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 30.383336] Read of size 1 at addr fff00000c6530000 by task kunit_try_catch/143 [ 30.384254] [ 30.384704] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.386246] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.387021] Hardware name: linux,dummy-virt (DT) [ 30.387594] Call trace: [ 30.387988] show_stack+0x20/0x38 (C) [ 30.388513] dump_stack_lvl+0x8c/0xd0 [ 30.389080] print_report+0x118/0x5e0 [ 30.390144] kasan_report+0xc8/0x118 [ 30.390747] __asan_report_load1_noabort+0x20/0x30 [ 30.391692] page_alloc_uaf+0x328/0x350 [ 30.392326] kunit_try_run_case+0x14c/0x3d0 [ 30.393216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.394122] kthread+0x24c/0x2d0 [ 30.394861] ret_from_fork+0x10/0x20 [ 30.395501] [ 30.396115] The buggy address belongs to the physical page: [ 30.396884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106530 [ 30.397697] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.398228] page_type: f0(buddy) [ 30.398829] raw: 0bfffe0000000000 fff00000ff6150e0 fff00000ff6150e0 0000000000000000 [ 30.399658] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 30.400562] page dumped because: kasan: bad access detected [ 30.401273] [ 30.401666] Memory state around the buggy address: [ 30.402307] fff00000c652ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.403269] fff00000c652ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.404103] >fff00000c6530000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.404823] ^ [ 30.405393] fff00000c6530080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.406191] fff00000c6530100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.407045] ==================================================================
[ 30.329117] ================================================================== [ 30.330594] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 30.331348] Read of size 1 at addr fff00000c6560000 by task kunit_try_catch/143 [ 30.332896] [ 30.333230] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.335178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.335883] Hardware name: linux,dummy-virt (DT) [ 30.336593] Call trace: [ 30.337068] show_stack+0x20/0x38 (C) [ 30.337731] dump_stack_lvl+0x8c/0xd0 [ 30.338356] print_report+0x118/0x5e0 [ 30.339118] kasan_report+0xc8/0x118 [ 30.339843] __asan_report_load1_noabort+0x20/0x30 [ 30.340514] page_alloc_uaf+0x328/0x350 [ 30.341317] kunit_try_run_case+0x14c/0x3d0 [ 30.342085] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.343251] kthread+0x24c/0x2d0 [ 30.343932] ret_from_fork+0x10/0x20 [ 30.344562] [ 30.345053] The buggy address belongs to the physical page: [ 30.345952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560 [ 30.346986] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.347793] page_type: f0(buddy) [ 30.348444] raw: 0bfffe0000000000 fff00000ff615148 fff00000ff615148 0000000000000000 [ 30.349479] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 30.350589] page dumped because: kasan: bad access detected [ 30.351100] [ 30.351336] Memory state around the buggy address: [ 30.352185] fff00000c655ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.353200] fff00000c655ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.354196] >fff00000c6560000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.355184] ^ [ 30.355817] fff00000c6560080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.356606] fff00000c6560100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.357371] ==================================================================
[ 24.352638] ================================================================== [ 24.354106] BUG: KASAN: use-after-free in page_alloc_uaf+0x358/0x3d0 [ 24.354749] Read of size 1 at addr ffff888102bf0000 by task kunit_try_catch/161 [ 24.355959] [ 24.356647] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.357476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.357974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.358921] Call Trace: [ 24.359922] <TASK> [ 24.360297] dump_stack_lvl+0x73/0xb0 [ 24.360776] print_report+0xd1/0x640 [ 24.361209] ? __virt_addr_valid+0x1db/0x2d0 [ 24.361890] ? kasan_addr_to_slab+0x11/0xa0 [ 24.362479] kasan_report+0x102/0x140 [ 24.362797] ? page_alloc_uaf+0x358/0x3d0 [ 24.363327] ? page_alloc_uaf+0x358/0x3d0 [ 24.364006] __asan_report_load1_noabort+0x18/0x20 [ 24.364575] page_alloc_uaf+0x358/0x3d0 [ 24.365535] ? __pfx_page_alloc_uaf+0x10/0x10 [ 24.366059] ? __schedule+0xc3e/0x2790 [ 24.366499] ? __pfx_read_tsc+0x10/0x10 [ 24.366995] ? ktime_get_ts64+0x84/0x230 [ 24.367942] kunit_try_run_case+0x1b3/0x490 [ 24.368265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.368568] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.369171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.369904] ? __kthread_parkme+0x82/0x160 [ 24.370466] ? preempt_count_sub+0x50/0x80 [ 24.370972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.372027] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.372676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.373501] kthread+0x257/0x310 [ 24.373818] ? __pfx_kthread+0x10/0x10 [ 24.374262] ret_from_fork+0x41/0x80 [ 24.374923] ? __pfx_kthread+0x10/0x10 [ 24.375306] ret_from_fork_asm+0x1a/0x30 [ 24.375618] </TASK> [ 24.375825] [ 24.376182] The buggy address belongs to the physical page: [ 24.376725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bf0 [ 24.378417] flags: 0x200000000000000(node=0|zone=2) [ 24.378946] page_type: f0(buddy) [ 24.379284] raw: 0200000000000000 ffff88817fffb4a0 ffff88817fffb4a0 0000000000000000 [ 24.379669] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 24.380188] page dumped because: kasan: bad access detected [ 24.380534] [ 24.380874] Memory state around the buggy address: [ 24.381336] ffff888102beff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.381742] ffff888102beff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.382376] >ffff888102bf0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.383034] ^ [ 24.383506] ffff888102bf0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.384047] ffff888102bf0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.384551] ==================================================================
[ 19.549600] ================================================================== [ 19.550944] BUG: KASAN: use-after-free in page_alloc_uaf+0x358/0x3d0 [ 19.551956] Read of size 1 at addr ffff888102b00000 by task kunit_try_catch/161 [ 19.552658] [ 19.553336] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.554003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.554654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.555663] Call Trace: [ 19.556138] <TASK> [ 19.556672] dump_stack_lvl+0x73/0xb0 [ 19.557035] print_report+0xd1/0x640 [ 19.557460] ? __virt_addr_valid+0x1db/0x2d0 [ 19.557935] ? kasan_addr_to_slab+0x11/0xa0 [ 19.558377] kasan_report+0x102/0x140 [ 19.559821] ? page_alloc_uaf+0x358/0x3d0 [ 19.560437] ? page_alloc_uaf+0x358/0x3d0 [ 19.561102] __asan_report_load1_noabort+0x18/0x20 [ 19.561476] page_alloc_uaf+0x358/0x3d0 [ 19.562164] ? __pfx_page_alloc_uaf+0x10/0x10 [ 19.562524] ? __schedule+0xc3e/0x2790 [ 19.563354] ? __pfx_read_tsc+0x10/0x10 [ 19.563793] ? ktime_get_ts64+0x84/0x230 [ 19.564102] kunit_try_run_case+0x1b3/0x490 [ 19.564582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.565036] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.565478] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.566401] ? __kthread_parkme+0x82/0x160 [ 19.566920] ? preempt_count_sub+0x50/0x80 [ 19.567804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.568327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.569101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.569500] kthread+0x257/0x310 [ 19.569964] ? __pfx_kthread+0x10/0x10 [ 19.570372] ret_from_fork+0x41/0x80 [ 19.570671] ? __pfx_kthread+0x10/0x10 [ 19.571091] ret_from_fork_asm+0x1a/0x30 [ 19.572037] </TASK> [ 19.572510] [ 19.573172] The buggy address belongs to the physical page: [ 19.574097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b00 [ 19.574755] flags: 0x200000000000000(node=0|zone=2) [ 19.575206] page_type: f0(buddy) [ 19.576148] raw: 0200000000000000 ffff88817fffd5c0 ffff88817fffd5c0 0000000000000000 [ 19.576792] raw: 0000000000000000 0000000000000008 00000000f0000000 0000000000000000 [ 19.577453] page dumped because: kasan: bad access detected [ 19.578118] [ 19.578356] Memory state around the buggy address: [ 19.578852] ffff888102afff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.579858] ffff888102afff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.580320] >ffff888102b00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.580983] ^ [ 19.581320] ffff888102b00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.582134] ffff888102b00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.582801] ==================================================================