Hay
Sign in
Date
July 14, 2025, 10:38 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   38.901456] ==================================================================
[   38.915907] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   38.922239] Read of size 1 at addr ffff000808600000 by task kunit_try_catch/238
[   38.929532] 
[   38.931016] CPU: 2 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   38.931069] Tainted: [B]=BAD_PAGE, [N]=TEST
[   38.931085] Hardware name: WinLink E850-96 board (DT)
[   38.931106] Call trace:
[   38.931122]  show_stack+0x20/0x38 (C)
[   38.931156]  dump_stack_lvl+0x8c/0xd0
[   38.931191]  print_report+0x118/0x5d0
[   38.931221]  kasan_report+0xdc/0x128
[   38.931246]  __asan_report_load1_noabort+0x20/0x30
[   38.931278]  page_alloc_uaf+0x328/0x350
[   38.931311]  kunit_try_run_case+0x170/0x3f0
[   38.931352]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.931384]  kthread+0x328/0x630
[   38.931416]  ret_from_fork+0x10/0x20
[   38.931448] 
[   38.994724] The buggy address belongs to the physical page:
[   39.000281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x888600
[   39.008264] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   39.014775] page_type: f0(buddy)
[   39.017997] raw: 0bfffe0000000000 ffff00087f61bea8 ffff00087f61bea8 0000000000000000
[   39.025716] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000
[   39.033437] page dumped because: kasan: bad access detected
[   39.038991] 
[   39.040466] Memory state around the buggy address:
[   39.045246]  ffff0008085fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.052449]  ffff0008085fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.059655] >ffff000808600000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.066855]                    ^
[   39.070070]  ffff000808600080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.077275]  ffff000808600100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.084478] ==================================================================
Metadata Full log Test run details 

[   29.403312] ==================================================================
[   29.403440] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   29.403506] Read of size 1 at addr fff00000c9b40000 by task kunit_try_catch/185
[   29.403888] 
[   29.404082] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.404384] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.404872] Hardware name: linux,dummy-virt (DT)
[   29.405008] Call trace:
[   29.405032]  show_stack+0x20/0x38 (C)
[   29.405139]  dump_stack_lvl+0x8c/0xd0
[   29.405192]  print_report+0x118/0x5d0
[   29.405237]  kasan_report+0xdc/0x128
[   29.405279]  __asan_report_load1_noabort+0x20/0x30
[   29.405405]  page_alloc_uaf+0x328/0x350
[   29.405615]  kunit_try_run_case+0x170/0x3f0
[   29.405664]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.405715]  kthread+0x328/0x630
[   29.405757]  ret_from_fork+0x10/0x20
[   29.405872] 
[   29.405978] The buggy address belongs to the physical page:
[   29.406077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b40
[   29.406133] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   29.406183] page_type: f0(buddy)
[   29.406249] raw: 0bfffe0000000000 fff00000ff6161b0 fff00000ff6161b0 0000000000000000
[   29.407097] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   29.407195] page dumped because: kasan: bad access detected
[   29.407243] 
[   29.407291] Memory state around the buggy address:
[   29.407878]  fff00000c9b3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.407928]  fff00000c9b3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.407970] >fff00000c9b40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.408006]                    ^
[   29.408103]  fff00000c9b40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.408254]  fff00000c9b40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.408291] ==================================================================
Metadata Full log Test run details 

[   23.796809] ==================================================================
[   23.797534] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   23.797798] Read of size 1 at addr ffff8881058c0000 by task kunit_try_catch/203
[   23.798278] 
[   23.798396] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.798450] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.798463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.798486] Call Trace:
[   23.798501]  <TASK>
[   23.798519]  dump_stack_lvl+0x73/0xb0
[   23.798551]  print_report+0xd1/0x610
[   23.798573]  ? __virt_addr_valid+0x1db/0x2d0
[   23.798596]  ? page_alloc_uaf+0x356/0x3d0
[   23.798616]  ? kasan_addr_to_slab+0x11/0xa0
[   23.798635]  ? page_alloc_uaf+0x356/0x3d0
[   23.798670]  kasan_report+0x141/0x180
[   23.798691]  ? page_alloc_uaf+0x356/0x3d0
[   23.798716]  __asan_report_load1_noabort+0x18/0x20
[   23.798739]  page_alloc_uaf+0x356/0x3d0
[   23.798759]  ? __pfx_page_alloc_uaf+0x10/0x10
[   23.798781]  ? __schedule+0x10cc/0x2b60
[   23.798804]  ? __pfx_read_tsc+0x10/0x10
[   23.798824]  ? ktime_get_ts64+0x86/0x230
[   23.798848]  kunit_try_run_case+0x1a5/0x480
[   23.798889]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.798908]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.798930]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.799002]  ? __kthread_parkme+0x82/0x180
[   23.799023]  ? preempt_count_sub+0x50/0x80
[   23.799046]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.799067]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.799091]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.799116]  kthread+0x337/0x6f0
[   23.799135]  ? trace_preempt_on+0x20/0xc0
[   23.799158]  ? __pfx_kthread+0x10/0x10
[   23.799178]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.799199]  ? calculate_sigpending+0x7b/0xa0
[   23.799222]  ? __pfx_kthread+0x10/0x10
[   23.799243]  ret_from_fork+0x116/0x1d0
[   23.799261]  ? __pfx_kthread+0x10/0x10
[   23.799281]  ret_from_fork_asm+0x1a/0x30
[   23.799311]  </TASK>
[   23.799322] 
[   23.809822] The buggy address belongs to the physical page:
[   23.810256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c0
[   23.810835] flags: 0x200000000000000(node=0|zone=2)
[   23.811193] page_type: f0(buddy)
[   23.811368] raw: 0200000000000000 ffff88817fffd4f0 ffff88817fffd4f0 0000000000000000
[   23.811672] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   23.811961] page dumped because: kasan: bad access detected
[   23.812312] 
[   23.812436] Memory state around the buggy address:
[   23.812932]  ffff8881058bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.813354]  ffff8881058bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.813639] >ffff8881058c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.814167]                    ^
[   23.814300]  ffff8881058c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.814779]  ffff8881058c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.815217] ==================================================================
Metadata Full log Test run details