lkft/linux-next-master - next-20250515 - log-parser-test/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree

Date
May 15, 2025, 10:38 a.m.
Environment
e850-96
[   30.068236] ==================================================================
[   30.081567] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308
[   30.088942] Read of size 1 at addr ffff000801dde600 by task kunit_try_catch/237
[   30.096232] 
[   30.097721] CPU: 3 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   30.097780] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.097799] Hardware name: WinLink E850-96 board (DT)
[   30.097821] Call trace:
[   30.097835]  show_stack+0x20/0x38 (C)
[   30.097871]  dump_stack_lvl+0x8c/0xd0
[   30.097903]  print_report+0x118/0x608
[   30.097937]  kasan_report+0xdc/0x128
[   30.097969]  __kasan_check_byte+0x54/0x70
[   30.098003]  kfree_sensitive+0x30/0xb0
[   30.098035]  kmalloc_double_kzfree+0x168/0x308
[   30.098064]  kunit_try_run_case+0x170/0x3f0
[   30.098098]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.098135]  kthread+0x328/0x630
[   30.098173]  ret_from_fork+0x10/0x20
[   30.098207] 
[   30.164981] Allocated by task 237:
[   30.168370]  kasan_save_stack+0x3c/0x68
[   30.172186]  kasan_save_track+0x20/0x40
[   30.176005]  kasan_save_alloc_info+0x40/0x58
[   30.180259]  __kasan_kmalloc+0xd4/0xd8
[   30.183991]  __kmalloc_cache_noprof+0x15c/0x3c0
[   30.188505]  kmalloc_double_kzfree+0xb8/0x308
[   30.192846]  kunit_try_run_case+0x170/0x3f0
[   30.197012]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.202481]  kthread+0x328/0x630
[   30.205692]  ret_from_fork+0x10/0x20
[   30.209251] 
[   30.210728] Freed by task 237:
[   30.213767]  kasan_save_stack+0x3c/0x68
[   30.217585]  kasan_save_track+0x20/0x40
[   30.221404]  kasan_save_free_info+0x4c/0x78
[   30.225571]  __kasan_slab_free+0x6c/0x98
[   30.229478]  kfree+0x214/0x3c8
[   30.232515]  kfree_sensitive+0x80/0xb0
[   30.236248]  kmalloc_double_kzfree+0x11c/0x308
[   30.240675]  kunit_try_run_case+0x170/0x3f0
[   30.244842]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.250310]  kthread+0x328/0x630
[   30.253522]  ret_from_fork+0x10/0x20
[   30.257082] 
[   30.258558] The buggy address belongs to the object at ffff000801dde600
[   30.258558]  which belongs to the cache kmalloc-16 of size 16
[   30.270886] The buggy address is located 0 bytes inside of
[   30.270886]  freed 16-byte region [ffff000801dde600, ffff000801dde610)
[   30.282861] 
[   30.284341] The buggy address belongs to the physical page:
[   30.289897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881dde
[   30.297883] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.304391] page_type: f5(slab)
[   30.307527] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000
[   30.315246] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   30.322965] page dumped because: kasan: bad access detected
[   30.328520] 
[   30.329996] Memory state around the buggy address:
[   30.334779]  ffff000801dde500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.341979]  ffff000801dde580: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   30.349185] >ffff000801dde600: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.356386]                    ^
[   30.359600]  ffff000801dde680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.366805]  ffff000801dde700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.374007] ==================================================================
KNOWN ISSUE - log-parser-test/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree: Failure
Metadata Full log Test run details
Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit KNOWN ISSUE
