Hay
Sign in
Date
Nov. 28, 2024, 2:36 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   29.732218] ==================================================================
[   29.733743] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   29.734338] Read of size 1 at addr fff00000c6570000 by task kunit_try_catch/142
[   29.735498] 
[   29.735812] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   29.736677] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.737491] Hardware name: linux,dummy-virt (DT)
[   29.738192] Call trace:
[   29.738646]  show_stack+0x20/0x38 (C)
[   29.739321]  dump_stack_lvl+0x8c/0xd0
[   29.739937]  print_report+0x118/0x5e0
[   29.740597]  kasan_report+0xc8/0x118
[   29.741340]  __asan_report_load1_noabort+0x20/0x30
[   29.742045]  page_alloc_uaf+0x328/0x350
[   29.742714]  kunit_try_run_case+0x14c/0x3d0
[   29.743426]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.744185]  kthread+0x24c/0x2d0
[   29.744671]  ret_from_fork+0x10/0x20
[   29.745406] 
[   29.745757] The buggy address belongs to the physical page:
[   29.746769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106570
[   29.747565] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   29.748308] page_type: f0(buddy)
[   29.748783] raw: 0bfffe0000000000 fff00000ff6150e0 fff00000ff6150e0 0000000000000000
[   29.750109] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   29.750889] page dumped because: kasan: bad access detected
[   29.751562] 
[   29.751938] Memory state around the buggy address:
[   29.752524]  fff00000c656ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.753446]  fff00000c656ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.754624] >fff00000c6570000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.755394]                    ^
[   29.755914]  fff00000c6570080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.756676]  fff00000c6570100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.757808] ==================================================================
Metadata Full log Test run details 

[   20.482789] ==================================================================
[   20.484103] BUG: KASAN: use-after-free in page_alloc_uaf+0x358/0x3d0
[   20.484641] Read of size 1 at addr ffff888102d30000 by task kunit_try_catch/162
[   20.485239] 
[   20.485799] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.487539] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.487986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.488732] Call Trace:
[   20.489021]  <TASK>
[   20.489234]  dump_stack_lvl+0x73/0xb0
[   20.489859]  print_report+0xd1/0x640
[   20.490395]  ? __virt_addr_valid+0x1db/0x2d0
[   20.490793]  ? kasan_addr_to_slab+0x11/0xa0
[   20.491442]  kasan_report+0x102/0x140
[   20.491736]  ? page_alloc_uaf+0x358/0x3d0
[   20.492359]  ? page_alloc_uaf+0x358/0x3d0
[   20.492881]  __asan_report_load1_noabort+0x18/0x20
[   20.493461]  page_alloc_uaf+0x358/0x3d0
[   20.493927]  ? __pfx_page_alloc_uaf+0x10/0x10
[   20.494370]  ? __schedule+0xc3e/0x2790
[   20.494761]  ? __pfx_read_tsc+0x10/0x10
[   20.495250]  ? ktime_get_ts64+0x84/0x230
[   20.495725]  kunit_try_run_case+0x1b3/0x490
[   20.496389]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.496907]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.497509]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.498080]  ? __kthread_parkme+0x82/0x160
[   20.498638]  ? preempt_count_sub+0x50/0x80
[   20.499002]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.499642]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.500116]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.500843]  kthread+0x257/0x310
[   20.501119]  ? __pfx_kthread+0x10/0x10
[   20.501815]  ret_from_fork+0x41/0x80
[   20.502427]  ? __pfx_kthread+0x10/0x10
[   20.502794]  ret_from_fork_asm+0x1a/0x30
[   20.503408]  </TASK>
[   20.503691] 
[   20.503924] The buggy address belongs to the physical page:
[   20.504532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d30
[   20.505441] flags: 0x200000000000000(node=0|zone=2)
[   20.505950] page_type: f0(buddy)
[   20.506825] raw: 0200000000000000 ffff88817fffb4a0 ffff88817fffb4a0 0000000000000000
[   20.507540] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   20.508170] page dumped because: kasan: bad access detected
[   20.508661] 
[   20.508850] Memory state around the buggy address:
[   20.509276]  ffff888102d2ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.509828]  ffff888102d2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.510415] >ffff888102d30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.511189]                    ^
[   20.511614]  ffff888102d30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.512584]  ffff888102d30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.513612] ==================================================================
Metadata Full log Test run details