Hay
Sign in
Date
May 15, 2025, 10:38 a.m.

Environment
e850-96 

[   29.763217] ==================================================================
[   29.772546] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468
[   29.779138] Read of size 1 at addr ffff000800de74a8 by task kunit_try_catch/233
[   29.786430] 
[   29.787915] CPU: 7 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   29.787974] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.787992] Hardware name: WinLink E850-96 board (DT)
[   29.788013] Call trace:
[   29.788026]  show_stack+0x20/0x38 (C)
[   29.788063]  dump_stack_lvl+0x8c/0xd0
[   29.788099]  print_report+0x118/0x608
[   29.788132]  kasan_report+0xdc/0x128
[   29.788163]  __asan_report_load1_noabort+0x20/0x30
[   29.788199]  kmalloc_uaf2+0x3f4/0x468
[   29.788227]  kunit_try_run_case+0x170/0x3f0
[   29.788259]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.788294]  kthread+0x328/0x630
[   29.788329]  ret_from_fork+0x10/0x20
[   29.788365] 
[   29.851444] Allocated by task 233:
[   29.854833]  kasan_save_stack+0x3c/0x68
[   29.858649]  kasan_save_track+0x20/0x40
[   29.862470]  kasan_save_alloc_info+0x40/0x58
[   29.866722]  __kasan_kmalloc+0xd4/0xd8
[   29.870454]  __kmalloc_cache_noprof+0x15c/0x3c0
[   29.874969]  kmalloc_uaf2+0xc4/0x468
[   29.878528]  kunit_try_run_case+0x170/0x3f0
[   29.882694]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.888162]  kthread+0x328/0x630
[   29.891375]  ret_from_fork+0x10/0x20
[   29.894933] 
[   29.896410] Freed by task 233:
[   29.899447]  kasan_save_stack+0x3c/0x68
[   29.903267]  kasan_save_track+0x20/0x40
[   29.907086]  kasan_save_free_info+0x4c/0x78
[   29.911252]  __kasan_slab_free+0x6c/0x98
[   29.915160]  kfree+0x214/0x3c8
[   29.918197]  kmalloc_uaf2+0x134/0x468
[   29.921843]  kunit_try_run_case+0x170/0x3f0
[   29.926009]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.931478]  kthread+0x328/0x630
[   29.934690]  ret_from_fork+0x10/0x20
[   29.938249] 
[   29.939726] The buggy address belongs to the object at ffff000800de7480
[   29.939726]  which belongs to the cache kmalloc-64 of size 64
[   29.952054] The buggy address is located 40 bytes inside of
[   29.952054]  freed 64-byte region [ffff000800de7480, ffff000800de74c0)
[   29.964116] 
[   29.965596] The buggy address belongs to the physical page:
[   29.971151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de7
[   29.979136] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   29.985644] page_type: f5(slab)
[   29.988784] raw: 0bfffe0000000000 ffff0008000028c0 dead000000000122 0000000000000000
[   29.996501] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   30.004221] page dumped because: kasan: bad access detected
[   30.009775] 
[   30.011251] Memory state around the buggy address:
[   30.016033]  ffff000800de7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   30.023234]  ffff000800de7400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   30.030438] >ffff000800de7480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   30.037640]                                   ^
[   30.042157]  ffff000800de7500: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc
[   30.049362]  ffff000800de7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.056564] ==================================================================
Metadata Full log Test run details