Hay
Sign in
Date
July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.667934] ==================================================================
[   16.667999] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   16.668065] Read of size 1 at addr fff00000c7900000 by task kunit_try_catch/154
[   16.668114] 
[   16.668154] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.668236] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.668263] Hardware name: linux,dummy-virt (DT)
[   16.668294] Call trace:
[   16.668317]  show_stack+0x20/0x38 (C)
[   16.668570]  dump_stack_lvl+0x8c/0xd0
[   16.668658]  print_report+0x118/0x5d0
[   16.668720]  kasan_report+0xdc/0x128
[   16.668816]  __asan_report_load1_noabort+0x20/0x30
[   16.668929]  page_alloc_uaf+0x328/0x350
[   16.668974]  kunit_try_run_case+0x170/0x3f0
[   16.669271]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.669390]  kthread+0x328/0x630
[   16.669472]  ret_from_fork+0x10/0x20
[   16.669620] 
[   16.669662] The buggy address belongs to the physical page:
[   16.669693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107900
[   16.669748] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.669799] page_type: f0(buddy)
[   16.670014] raw: 0bfffe0000000000 fff00000ff616240 fff00000ff616240 0000000000000000
[   16.670106] raw: 0000000000000000 0000000000000008 00000000f0000000 0000000000000000
[   16.670204] page dumped because: kasan: bad access detected
[   16.670317] 
[   16.670355] Memory state around the buggy address:
[   16.670389]  fff00000c78fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670432]  fff00000c78fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670472] >fff00000c7900000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670508]                    ^
[   16.670705]  fff00000c7900080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670788]  fff00000c7900100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.670859] ==================================================================
Metadata Full log Test run details 

[   16.425514] ==================================================================
[   16.425581] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   16.426460] Read of size 1 at addr fff00000c79c0000 by task kunit_try_catch/154
[   16.426528] 
[   16.426571] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.427200] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.427736] Hardware name: linux,dummy-virt (DT)
[   16.427797] Call trace:
[   16.427824]  show_stack+0x20/0x38 (C)
[   16.427882]  dump_stack_lvl+0x8c/0xd0
[   16.427931]  print_report+0x118/0x5d0
[   16.427978]  kasan_report+0xdc/0x128
[   16.428023]  __asan_report_load1_noabort+0x20/0x30
[   16.428074]  page_alloc_uaf+0x328/0x350
[   16.428662]  kunit_try_run_case+0x170/0x3f0
[   16.428734]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.428788]  kthread+0x328/0x630
[   16.428878]  ret_from_fork+0x10/0x20
[   16.428930] 
[   16.428951] The buggy address belongs to the physical page:
[   16.429045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079c0
[   16.429173] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.429848] page_type: f0(buddy)
[   16.429910] raw: 0bfffe0000000000 fff00000ff616170 fff00000ff616170 0000000000000000
[   16.430259] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   16.430567] page dumped because: kasan: bad access detected
[   16.430612] 
[   16.430630] Memory state around the buggy address:
[   16.430675]  fff00000c79bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.430718]  fff00000c79bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.431365] >fff00000c79c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.431671]                    ^
[   16.431758]  fff00000c79c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.432097]  fff00000c79c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.432410] ==================================================================
Metadata Full log Test run details 

[   16.424552] ==================================================================
[   16.424613] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350
[   16.425095] Read of size 1 at addr fff00000c7740000 by task kunit_try_catch/154
[   16.425191] 
[   16.425400] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.425583] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.425757] Hardware name: linux,dummy-virt (DT)
[   16.425837] Call trace:
[   16.425862]  show_stack+0x20/0x38 (C)
[   16.425932]  dump_stack_lvl+0x8c/0xd0
[   16.426076]  print_report+0x118/0x5d0
[   16.426154]  kasan_report+0xdc/0x128
[   16.426374]  __asan_report_load1_noabort+0x20/0x30
[   16.426466]  page_alloc_uaf+0x328/0x350
[   16.426614]  kunit_try_run_case+0x170/0x3f0
[   16.426695]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.426866]  kthread+0x328/0x630
[   16.426945]  ret_from_fork+0x10/0x20
[   16.427072] 
[   16.427174] The buggy address belongs to the physical page:
[   16.427415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107740
[   16.427815] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.427905] page_type: f0(buddy)
[   16.428061] raw: 0bfffe0000000000 fff00000ff616170 fff00000ff616170 0000000000000000
[   16.428193] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   16.428305] page dumped because: kasan: bad access detected
[   16.428370] 
[   16.428388] Memory state around the buggy address:
[   16.428596]  fff00000c773ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.428855]  fff00000c773ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.428924] >fff00000c7740000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.429049]                    ^
[   16.429127]  fff00000c7740080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.429339]  fff00000c7740100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   16.429389] ==================================================================
Metadata Full log Test run details 

[   11.554501] ==================================================================
[   11.555371] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   11.555904] Read of size 1 at addr ffff888103a40000 by task kunit_try_catch/172
[   11.556405] 
[   11.556762] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.556826] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.556837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.556858] Call Trace:
[   11.556876]  <TASK>
[   11.556890]  dump_stack_lvl+0x73/0xb0
[   11.556919]  print_report+0xd1/0x610
[   11.556940]  ? __virt_addr_valid+0x1db/0x2d0
[   11.556962]  ? page_alloc_uaf+0x356/0x3d0
[   11.556983]  ? kasan_addr_to_slab+0x11/0xa0
[   11.557004]  ? page_alloc_uaf+0x356/0x3d0
[   11.557025]  kasan_report+0x141/0x180
[   11.557046]  ? page_alloc_uaf+0x356/0x3d0
[   11.557073]  __asan_report_load1_noabort+0x18/0x20
[   11.557097]  page_alloc_uaf+0x356/0x3d0
[   11.557118]  ? __pfx_page_alloc_uaf+0x10/0x10
[   11.557144]  ? __schedule+0x10cc/0x2b60
[   11.557166]  ? __pfx_read_tsc+0x10/0x10
[   11.557185]  ? ktime_get_ts64+0x86/0x230
[   11.557209]  kunit_try_run_case+0x1a5/0x480
[   11.557234]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.557256]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.557278]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.557302]  ? __kthread_parkme+0x82/0x180
[   11.557322]  ? preempt_count_sub+0x50/0x80
[   11.557345]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.557368]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.557391]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.557415]  kthread+0x337/0x6f0
[   11.557433]  ? trace_preempt_on+0x20/0xc0
[   11.557465]  ? __pfx_kthread+0x10/0x10
[   11.557559]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.557582]  ? calculate_sigpending+0x7b/0xa0
[   11.557605]  ? __pfx_kthread+0x10/0x10
[   11.557626]  ret_from_fork+0x116/0x1d0
[   11.557644]  ? __pfx_kthread+0x10/0x10
[   11.557663]  ret_from_fork_asm+0x1a/0x30
[   11.557695]  </TASK>
[   11.557704] 
[   11.572911] The buggy address belongs to the physical page:
[   11.573114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a40
[   11.573368] flags: 0x200000000000000(node=0|zone=2)
[   11.574212] page_type: f0(buddy)
[   11.574833] raw: 0200000000000000 ffff88817fffc4f0 ffff88817fffc4f0 0000000000000000
[   11.575611] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000
[   11.576639] page dumped because: kasan: bad access detected
[   11.577178] 
[   11.577496] Memory state around the buggy address:
[   11.578171]  ffff888103a3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.578842]  ffff888103a3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.579269] >ffff888103a40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.580162]                    ^
[   11.580700]  ffff888103a40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.581760]  ffff888103a40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.582101] ==================================================================
Metadata Full log Test run details 

[   11.682692] ==================================================================
[   11.683446] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   11.683722] Read of size 1 at addr ffff888103990000 by task kunit_try_catch/171
[   11.684031] 
[   11.684151] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.684200] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.684211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.684233] Call Trace:
[   11.684249]  <TASK>
[   11.684268]  dump_stack_lvl+0x73/0xb0
[   11.684299]  print_report+0xd1/0x610
[   11.684322]  ? __virt_addr_valid+0x1db/0x2d0
[   11.684361]  ? page_alloc_uaf+0x356/0x3d0
[   11.684382]  ? kasan_addr_to_slab+0x11/0xa0
[   11.684404]  ? page_alloc_uaf+0x356/0x3d0
[   11.684426]  kasan_report+0x141/0x180
[   11.684448]  ? page_alloc_uaf+0x356/0x3d0
[   11.684474]  __asan_report_load1_noabort+0x18/0x20
[   11.684499]  page_alloc_uaf+0x356/0x3d0
[   11.684520]  ? __pfx_page_alloc_uaf+0x10/0x10
[   11.684542]  ? __schedule+0x10cc/0x2b60
[   11.684565]  ? __pfx_read_tsc+0x10/0x10
[   11.684586]  ? ktime_get_ts64+0x86/0x230
[   11.684675]  kunit_try_run_case+0x1a5/0x480
[   11.684701]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.684723]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.684747]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.684770]  ? __kthread_parkme+0x82/0x180
[   11.684791]  ? preempt_count_sub+0x50/0x80
[   11.684815]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.684838]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.684869]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.684893]  kthread+0x337/0x6f0
[   11.684911]  ? trace_preempt_on+0x20/0xc0
[   11.684934]  ? __pfx_kthread+0x10/0x10
[   11.684954]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.684975]  ? calculate_sigpending+0x7b/0xa0
[   11.684999]  ? __pfx_kthread+0x10/0x10
[   11.685078]  ret_from_fork+0x116/0x1d0
[   11.685097]  ? __pfx_kthread+0x10/0x10
[   11.685116]  ret_from_fork_asm+0x1a/0x30
[   11.685149]  </TASK>
[   11.685159] 
[   11.692437] The buggy address belongs to the physical page:
[   11.692687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103990
[   11.692945] flags: 0x200000000000000(node=0|zone=2)
[   11.693149] page_type: f0(buddy)
[   11.693539] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000
[   11.693918] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000
[   11.694422] page dumped because: kasan: bad access detected
[   11.694674] 
[   11.694772] Memory state around the buggy address:
[   11.694996]  ffff88810398ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.695292]  ffff88810398ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.695604] >ffff888103990000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.695882]                    ^
[   11.696029]  ffff888103990080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.696352]  ffff888103990100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.696682] ==================================================================
Metadata Full log Test run details 

[   11.770288] ==================================================================
[   11.771020] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0
[   11.771347] Read of size 1 at addr ffff888103a80000 by task kunit_try_catch/171
[   11.771922] 
[   11.772030] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.772078] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.772089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.772111] Call Trace:
[   11.772122]  <TASK>
[   11.772138]  dump_stack_lvl+0x73/0xb0
[   11.772168]  print_report+0xd1/0x610
[   11.772191]  ? __virt_addr_valid+0x1db/0x2d0
[   11.772215]  ? page_alloc_uaf+0x356/0x3d0
[   11.772237]  ? kasan_addr_to_slab+0x11/0xa0
[   11.772257]  ? page_alloc_uaf+0x356/0x3d0
[   11.772279]  kasan_report+0x141/0x180
[   11.772300]  ? page_alloc_uaf+0x356/0x3d0
[   11.772327]  __asan_report_load1_noabort+0x18/0x20
[   11.772352]  page_alloc_uaf+0x356/0x3d0
[   11.772373]  ? __pfx_page_alloc_uaf+0x10/0x10
[   11.772394]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.772419]  ? trace_hardirqs_on+0x37/0xe0
[   11.772442]  ? __pfx_read_tsc+0x10/0x10
[   11.772462]  ? ktime_get_ts64+0x86/0x230
[   11.772486]  kunit_try_run_case+0x1a5/0x480
[   11.772511]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.772590]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.772616]  ? __kthread_parkme+0x82/0x180
[   11.772636]  ? preempt_count_sub+0x50/0x80
[   11.772661]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.772684]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.772708]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.772731]  kthread+0x337/0x6f0
[   11.772749]  ? trace_preempt_on+0x20/0xc0
[   11.772771]  ? __pfx_kthread+0x10/0x10
[   11.772790]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.772811]  ? calculate_sigpending+0x7b/0xa0
[   11.772835]  ? __pfx_kthread+0x10/0x10
[   11.772855]  ret_from_fork+0x116/0x1d0
[   11.772874]  ? __pfx_kthread+0x10/0x10
[   11.772906]  ret_from_fork_asm+0x1a/0x30
[   11.772939]  </TASK>
[   11.772950] 
[   11.780449] The buggy address belongs to the physical page:
[   11.780952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a80
[   11.781328] flags: 0x200000000000000(node=0|zone=2)
[   11.781652] page_type: f0(buddy)
[   11.781827] raw: 0200000000000000 ffff88817fffc538 ffff88817fffc538 0000000000000000
[   11.782148] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000
[   11.782374] page dumped because: kasan: bad access detected
[   11.782717] 
[   11.782822] Memory state around the buggy address:
[   11.783173]  ffff888103a7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.783420]  ffff888103a7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.783663] >ffff888103a80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.784104]                    ^
[   11.784266]  ffff888103a80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.784818]  ffff888103a80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   11.785169] ==================================================================
Metadata Full log Test run details