Hay
Sign in
Date
July 24, 2025, 4:41 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   32.284776] ==================================================================
[   32.284847] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   32.284911] Read of size 1 at addr fff00000c9a80000 by task kunit_try_catch/185
[   32.284963] 
[   32.285005] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   32.285105] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.285132] Hardware name: linux,dummy-virt (DT)
[   32.285165] Call trace:
[   32.285189]  show_stack+0x20/0x38 (C)
[   32.285239]  dump_stack_lvl+0x8c/0xd0
[   32.285285]  print_report+0x118/0x5e8
[   32.285327]  kasan_report+0xdc/0x128
[   32.285369]  __asan_report_load1_noabort+0x20/0x30
[   32.285430]  page_alloc_uaf+0x328/0x350
[   32.285476]  kunit_try_run_case+0x170/0x3f0
[   32.285522]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.285573]  kthread+0x328/0x630
[   32.285616]  ret_from_fork+0x10/0x20
[   32.285664] 
[   32.285685] The buggy address belongs to the physical page:
[   32.286155] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a80
[   32.286249] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.286304] page_type: f0(buddy)
[   32.286346] raw: 0bfffe0000000000 fff00000ff616218 fff00000ff616218 0000000000000000
[   32.286429] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000
[   32.286604] page dumped because: kasan: bad access detected
[   32.286649] 
[   32.286667] Memory state around the buggy address:
[   32.286704]  fff00000c9a7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.287352]  fff00000c9a7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.287499] >fff00000c9a80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.287539]                    ^
[   32.288080]  fff00000c9a80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.288725]  fff00000c9a80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.288800] ==================================================================
Metadata Full log Test run details 

[   26.395090] ==================================================================
[   26.395841] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   26.396390] Read of size 1 at addr ffff888106190000 by task kunit_try_catch/202
[   26.397222] 
[   26.397614] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   26.397672] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.397686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.397708] Call Trace:
[   26.397720]  <TASK>
[   26.397739]  dump_stack_lvl+0x73/0xb0
[   26.397769]  print_report+0xd1/0x640
[   26.397836]  ? __virt_addr_valid+0x1db/0x2d0
[   26.397862]  ? page_alloc_uaf+0x356/0x3d0
[   26.397883]  ? kasan_addr_to_slab+0x11/0xa0
[   26.397904]  ? page_alloc_uaf+0x356/0x3d0
[   26.397938]  kasan_report+0x141/0x180
[   26.397960]  ? page_alloc_uaf+0x356/0x3d0
[   26.397986]  __asan_report_load1_noabort+0x18/0x20
[   26.398010]  page_alloc_uaf+0x356/0x3d0
[   26.398030]  ? __pfx_page_alloc_uaf+0x10/0x10
[   26.398055]  ? __pfx_page_alloc_uaf+0x10/0x10
[   26.398080]  kunit_try_run_case+0x1a5/0x480
[   26.398105]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.398127]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.398152]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.398177]  ? __kthread_parkme+0x82/0x180
[   26.398197]  ? preempt_count_sub+0x50/0x80
[   26.398220]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.398243]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.398266]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.398288]  kthread+0x337/0x6f0
[   26.398308]  ? trace_preempt_on+0x20/0xc0
[   26.398331]  ? __pfx_kthread+0x10/0x10
[   26.398352]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.398376]  ? calculate_sigpending+0x7b/0xa0
[   26.398399]  ? __pfx_kthread+0x10/0x10
[   26.398422]  ret_from_fork+0x116/0x1d0
[   26.398441]  ? __pfx_kthread+0x10/0x10
[   26.398461]  ret_from_fork_asm+0x1a/0x30
[   26.398492]  </TASK>
[   26.398503] 
[   26.409221] The buggy address belongs to the physical page:
[   26.409529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106190
[   26.409878] flags: 0x200000000000000(node=0|zone=2)
[   26.410442] page_type: f0(buddy)
[   26.410710] raw: 0200000000000000 ffff88817fffc460 ffff88817fffc460 0000000000000000
[   26.411117] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   26.411512] page dumped because: kasan: bad access detected
[   26.411710] 
[   26.412329] Memory state around the buggy address:
[   26.412526]  ffff88810618ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.413018]  ffff88810618ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.413480] >ffff888106190000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.413785]                    ^
[   26.414165]  ffff888106190080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.414552]  ffff888106190100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.414807] ==================================================================
Metadata Full log Test run details