Hay
Sign in
Date
Nov. 27, 2024, 3:37 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   46.952850] ==================================================================
[   46.954601] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   46.955363] Read of size 1 at addr fff00000c6630000 by task kunit_try_catch/143
[   46.956230] 
[   46.956696] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   46.957821] Tainted: [B]=BAD_PAGE, [N]=TEST
[   46.958554] Hardware name: linux,dummy-virt (DT)
[   46.959140] Call trace:
[   46.959503]  show_stack+0x20/0x38 (C)
[   46.960036]  dump_stack_lvl+0x8c/0xd0
[   46.960654]  print_report+0x118/0x5e0
[   46.961533]  kasan_report+0xc8/0x118
[   46.961989]  __asan_report_load1_noabort+0x20/0x30
[   46.962775]  page_alloc_uaf+0x328/0x350
[   46.963382]  kunit_try_run_case+0x14c/0x3d0
[   46.963972]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   46.964715]  kthread+0x24c/0x2d0
[   46.965313]  ret_from_fork+0x10/0x20
[   46.966013] 
[   46.966390] The buggy address belongs to the physical page:
[   46.967167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106630
[   46.968124] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   46.969023] page_type: f0(buddy)
[   46.969497] raw: 0bfffe0000000000 fff00000ff6150e0 fff00000ff6150e0 0000000000000000
[   46.970606] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   46.971873] page dumped because: kasan: bad access detected
[   46.972636] 
[   46.973411] Memory state around the buggy address:
[   46.974013]  fff00000c662ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.975067]  fff00000c662ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.976032] >fff00000c6630000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.976925]                    ^
[   46.977599]  fff00000c6630080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.978583]  fff00000c6630100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.979406] ==================================================================
Metadata Full log Test run details 

[   24.043809] ==================================================================
[   24.045288] BUG: KASAN: use-after-free in page_alloc_uaf+0x358/0x3d0
[   24.046070] Read of size 1 at addr ffff888102d70000 by task kunit_try_catch/162
[   24.047134] 
[   24.047632] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   24.049076] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.049647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.050589] Call Trace:
[   24.050863]  <TASK>
[   24.051416]  dump_stack_lvl+0x73/0xb0
[   24.051876]  print_report+0xd1/0x640
[   24.052625]  ? __virt_addr_valid+0x1db/0x2d0
[   24.052951]  ? kasan_addr_to_slab+0x11/0xa0
[   24.053763]  kasan_report+0x102/0x140
[   24.054367]  ? page_alloc_uaf+0x358/0x3d0
[   24.054786]  ? page_alloc_uaf+0x358/0x3d0
[   24.055796]  __asan_report_load1_noabort+0x18/0x20
[   24.056529]  page_alloc_uaf+0x358/0x3d0
[   24.057055]  ? __pfx_page_alloc_uaf+0x10/0x10
[   24.057890]  ? __schedule+0xc3e/0x2790
[   24.058505]  ? __pfx_read_tsc+0x10/0x10
[   24.058887]  ? ktime_get_ts64+0x84/0x230
[   24.059536]  kunit_try_run_case+0x1b3/0x490
[   24.060098]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.060739]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.061273]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.061972]  ? __kthread_parkme+0x82/0x160
[   24.062494]  ? preempt_count_sub+0x50/0x80
[   24.063234]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.063773]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.064695]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.065333]  kthread+0x257/0x310
[   24.065842]  ? __pfx_kthread+0x10/0x10
[   24.066401]  ret_from_fork+0x41/0x80
[   24.067033]  ? __pfx_kthread+0x10/0x10
[   24.067502]  ret_from_fork_asm+0x1a/0x30
[   24.067936]  </TASK>
[   24.068446] 
[   24.068653] The buggy address belongs to the physical page:
[   24.069000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d70
[   24.069936] flags: 0x200000000000000(node=0|zone=2)
[   24.070525] page_type: f0(buddy)
[   24.070921] raw: 0200000000000000 ffff88817fffc4a0 ffff88817fffc4a0 0000000000000000
[   24.071711] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   24.072763] page dumped because: kasan: bad access detected
[   24.073296] 
[   24.073826] Memory state around the buggy address:
[   24.074675]  ffff888102d6ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.075388]  ffff888102d6ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.076378] >ffff888102d70000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.076868]                    ^
[   24.077454]  ffff888102d70080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.078380]  ffff888102d70100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.079306] ==================================================================
Metadata Full log Test run details