Hay
Sign in
Date
May 12, 2025, 6:12 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   18.071481] ==================================================================
[   18.072160] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   18.072398] Read of size 1 at addr fff00000c6510000 by task kunit_try_catch/143
[   18.072617] 
[   18.072732] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.072928] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.072984] Hardware name: linux,dummy-virt (DT)
[   18.073117] Call trace:
[   18.073179]  show_stack+0x20/0x38 (C)
[   18.073330]  dump_stack_lvl+0x8c/0xd0
[   18.073438]  print_report+0x118/0x608
[   18.073536]  kasan_report+0xdc/0x128
[   18.073639]  __asan_report_load1_noabort+0x20/0x30
[   18.073762]  page_alloc_uaf+0x328/0x350
[   18.073937]  kunit_try_run_case+0x170/0x3f0
[   18.074101]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.074277]  kthread+0x318/0x620
[   18.074431]  ret_from_fork+0x10/0x20
[   18.074636] 
[   18.079416] The buggy address belongs to the physical page:
[   18.080138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106510
[   18.080825] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.081448] page_type: f0(buddy)
[   18.081900] raw: 0bfffe0000000000 fff00000ff6150e0 fff00000ff6150e0 0000000000000000
[   18.082922] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   18.083601] page dumped because: kasan: bad access detected
[   18.083812] 
[   18.083908] Memory state around the buggy address:
[   18.084067]  fff00000c650ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.084270]  fff00000c650ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.084475] >fff00000c6510000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.084663]                    ^
[   18.084945]  fff00000c6510080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.085593]  fff00000c6510100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   18.086130] ==================================================================
Metadata Full log Test run details 

[   11.933709] ==================================================================
[   11.934603] BUG: KASAN: use-after-free in page_alloc_uaf+0x358/0x3d0
[   11.934855] Read of size 1 at addr ffff888102c70000 by task kunit_try_catch/162
[   11.935116] 
[   11.935438] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   11.935488] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.935500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.935523] Call Trace:
[   11.935537]  <TASK>
[   11.935558]  dump_stack_lvl+0x73/0xb0
[   11.935591]  print_report+0xd1/0x650
[   11.935612]  ? __virt_addr_valid+0x1db/0x2d0
[   11.935636]  ? page_alloc_uaf+0x358/0x3d0
[   11.935657]  ? kasan_addr_to_slab+0x11/0xa0
[   11.935676]  ? page_alloc_uaf+0x358/0x3d0
[   11.935697]  kasan_report+0x140/0x180
[   11.935717]  ? page_alloc_uaf+0x358/0x3d0
[   11.935742]  __asan_report_load1_noabort+0x18/0x20
[   11.935765]  page_alloc_uaf+0x358/0x3d0
[   11.935785]  ? __pfx_page_alloc_uaf+0x10/0x10
[   11.935807]  ? __schedule+0xce8/0x2840
[   11.935833]  ? __pfx_read_tsc+0x10/0x10
[   11.935866]  ? ktime_get_ts64+0x86/0x230
[   11.935931]  kunit_try_run_case+0x1a6/0x480
[   11.935970]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.936002]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   11.936023]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.936047]  ? __kthread_parkme+0x82/0x160
[   11.936070]  ? preempt_count_sub+0x50/0x80
[   11.936095]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.936117]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.936142]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.936167]  kthread+0x324/0x6e0
[   11.936188]  ? trace_preempt_on+0x20/0xc0
[   11.936212]  ? __pfx_kthread+0x10/0x10
[   11.936233]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.936256]  ? calculate_sigpending+0x7b/0xa0
[   11.936277]  ? __pfx_kthread+0x10/0x10
[   11.936299]  ret_from_fork+0x41/0x80
[   11.936318]  ? __pfx_kthread+0x10/0x10
[   11.936340]  ret_from_fork_asm+0x1a/0x30
[   11.936373]  </TASK>
[   11.936384] 
[   11.949980] The buggy address belongs to the physical page:
[   11.950650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c70
[   11.950929] flags: 0x200000000000000(node=0|zone=2)
[   11.951423] page_type: f0(buddy)
[   11.951746] raw: 0200000000000000 ffff88817fffd4a0 ffff88817fffd4a0 0000000000000000
[   11.952552] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   11.953319] page dumped because: kasan: bad access detected
[   11.953783] 
[   11.953867] Memory state around the buggy address:
[   11.954078]  ffff888102c6ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.954778]  ffff888102c6ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.955671] >ffff888102c70000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.956047]                    ^
[   11.956360]  ffff888102c70080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.956947]  ffff888102c70100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.957220] ==================================================================
Metadata Full log Test run details