==================================================================
BUG: KASAN: use-after-free in smpboot_thread_fn+0x6a/0x6cc kernel/smpboot.c:112
Write of size 8 at addr ffffaf8048f6ebb3 by task ksoftirqd/1/19
CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff8047479e>] print_address_description.constprop.0+0x2a/0x330 mm/kasan/report.c:255
[<ffffffff80474d4c>] __kasan_report mm/kasan/report.c:442 [inline]
[<ffffffff80474d4c>] kasan_report+0x184/0x1e0 mm/kasan/report.c:459
[<ffffffff80475bb6>] check_region_inline mm/kasan/generic.c:183 [inline]
[<ffffffff80475bb6>] __asan_store8+0x6e/0x96 mm/kasan/generic.c:256
[<ffffffff800b1f20>] smpboot_thread_fn+0x6a/0x6cc kernel/smpboot.c:112
[<ffffffff800a7f58>] kthread+0x19e/0x1fa kernel/kthread.c:377
The buggy address belongs to the page:
page:ffffaf807bace6f0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc916e
flags: 0xc800000000(section=25|node=0|zone=0)
raw: 000000c800000000 ffffaf807bace6f8 ffffaf807bace6f8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
raw: 00000000000007ff
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)
Memory state around the buggy address:
ffffaf8048f6ea80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffffaf8048f6eb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffffaf8048f6eb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffffaf8048f6ec00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffffaf8048f6ec80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
Unable to handle kernel paging request at virtual address ffffaf7f8b935c90
Oops [#1]
Modules linked in:
CPU: 1 PID: 19 Comm: ksoftirqd/1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
epc : smpboot_thread_fn+0x6e/0x6cc kernel/smpboot.c:112
ra : smpboot_thread_fn+0x6a/0x6cc kernel/smpboot.c:112
epc : ffffffff800b1f24 ra : ffffffff800b1f20 sp : ffffaf800743be10
gp : ffffffff85863ac0 tp : ffffaf8007416100 t0 : 0000000000046000
t1 : fffff5ef012f2bc7 t2 : 0000000000000008 s0 : ffffaf800743be90
s1 : ffffaf80072eb3a0 a0 : 0000000000000001 a1 : 0000000000000007
a2 : 1ffff5f000e82c20 a3 : ffffffff831a6b2e a4 : 0000000000000000
a5 : ffffaf7f8b935730 a6 : 0000000000f00000 a7 : ffffaf8009795e3f
s2 : ffffffff80110fdc s3 : ffffffff8451f630 s4 : 0000000041b58ab3
s5 : 0000000000000001 s6 : ffffaf80072eb3a4 s7 : ffffffff800b1f0a
s8 : ffffaf8007416100 s9 : ffffffff801110e4 s10: ffffaf800743bf40
s11: ffffffff84a5aa90 t3 : 00007fffff513940 t4 : fffff5ef012f2bc7
t5 : fffff5ef012f2bc8 t6 : 2d32303030000000
status: 0000000000000120 badaddr: ffffaf7f8b935c90 cause: 000000000000000f
[<ffffffff800a7f58>] kthread+0x19e/0x1fa kernel/kthread.c:377
---[ end trace 0000000000000000 ]---