- fs_fill (gcc-13-lkftconfig-16k_page_size)
- kasan-bug-kasan-double-free-in-kfree_sensitive (gcc-13-lkftconfig-kunit:1) log snippet-1
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop (gcc-13-lkftconfig-kunit:2) log snippet-2
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop (gcc-13-lkftconfig-kunit:2) log snippet-3
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16 (gcc-13-lkftconfig-kunit:1) log snippet-4
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left (gcc-13-lkftconfig-kunit:1) log snippet-5
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-out-of-bounds-in-memcmp (gcc-13-lkftconfig-kunit:1) log snippet-6
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree (gcc-13-lkftconfig-kunit:1) log snippet-7
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf (gcc-13-lkftconfig-kunit:1) log snippet-8
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2 (gcc-13-lkftconfig-kunit:1) log snippet-9
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy (gcc-13-lkftconfig-kunit:1) log snippet-10
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim (gcc-13-lkftconfig-kunit:1) log snippet-11
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
net_mptcp_mptcp_connect_sh_-_mptcp_connect_New_MPTCP_socket_can_be_blocked_via_sysctl pass
net_mptcp_mptcp_connect_sh_-_mptcp_connect_ping_tests pass
net_mptcp_mptcp_connect_sh_-_mptcp_connect_loopback_v4_ns1_MPTCP__ns1_10_0_1_1_10000_MPTCP pass
net_mptcp_mptcp_connect_sh_-_mptcp_connect_loopback_v4_ns1_MPTCP__ns1_10_0_1_1_10001_TCP fail
net_mptcp_mptcp_connect_sh fail
net_mptcp_mptcp_connect_sh_-_mptcp_connect_loopback_v4_ns1_MPTCP__ns1_10_0_1_1_10001_TCP fail
starvation starvation
starvation.c:98: TINFO: Setting affinity to CPU 0
starvation.c:52: TINFO: CPU did 120000000 loops in 533778us
starvation.c:148: TFAIL: Scheduller starvation reproduced.
[ 30.276510] ==================================================================
[ 30.277348] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[ 30.278047] Free of addr fff301d181339c20 by task kunit_try_catch/182
[ 30.278736]
[ 30.279153] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 30.279373] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 30.279446] Hardware name: linux,dummy-virt (DT)
[ 30.279535] Call trace:
[ 30.279592] show_stack+0x20/0x38 (C)
[ 30.279731] dump_stack_lvl+0x8c/0xd0
[ 30.279865] print_report+0x118/0x5e0
[ 30.280001] kasan_report_invalid_free+0xb0/0xd8
[ 30.280162] check_slab_allocation+0xd4/0x108
[ 30.280338] __kasan_slab_pre_free+0x2c/0x48
[ 30.280489] kfree+0xe8/0x3c8
[ 30.280610] kfree_sensitive+0x3c/0xb0
[ 30.280738] kmalloc_double_kzfree+0x168/0x308
[ 30.280872] kunit_try_run_case+0x14c/0x3d0
[ 30.281004] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.281164] kthread+0x318/0x618
[ 30.281297] ret_from_fork+0x10/0x20
[ 30.281374]
[ 30.289416] Allocated by task 182:
[ 30.289877] kasan_save_stack+0x3c/0x68
[ 30.290420] kasan_save_track+0x20/0x40
[ 30.290937] kasan_save_alloc_info+0x40/0x58
[ 30.291482] __kasan_kmalloc+0xd4/0xd8
[ 30.291971] __kmalloc_cache_noprof+0x15c/0x3c0
[ 30.292951] kmalloc_double_kzfree+0xb8/0x308
[ 30.293793] kunit_try_run_case+0x14c/0x3d0
[ 30.294444] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.295057] kthread+0x318/0x618
[ 30.295600] ret_from_fork+0x10/0x20
[ 30.296094]
[ 30.296435] Freed by task 182:
[ 30.296800] kasan_save_stack+0x3c/0x68
[ 30.298030] kasan_save_track+0x20/0x40
[ 30.298624] kasan_save_free_info+0x4c/0x78
[ 30.299137] __kasan_slab_free+0x6c/0x98
[ 30.299610] kfree+0x214/0x3c8
[ 30.300089] kfree_sensitive+0x80/0xb0
[ 30.300727] kmalloc_double_kzfree+0x11c/0x308
[ 30.301356] kunit_try_run_case+0x14c/0x3d0
[ 30.301950] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.302776] kthread+0x318/0x618
[ 30.303262] ret_from_fork+0x10/0x20
[ 30.303785]
[ 30.304101] The buggy address belongs to the object at fff301d181339c20
[ 30.304101] which belongs to the cache kmalloc-16 of size 16
[ 30.305759] The buggy address is located 0 bytes inside of
[ 30.305759] 16-byte region [fff301d181339c20, fff301d181339c30)
[ 30.306401]
[ 30.306738] The buggy address belongs to the physical page:
[ 30.307658] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 30.308790] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 30.309616] page_type: f5(slab)
[ 30.309855] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 30.310422] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 30.311133] page dumped because: kasan: bad access detected
[ 30.312503]
[ 30.312830] Memory state around the buggy address:
[ 30.313462] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 30.314191] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 30.315489] >fff301d181339c00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[ 30.315814] ^
[ 30.316043] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.317523] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.318270] ==================================================================
[ 32.967173] ==================================================================
[ 32.967829] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa28/0xbc8
[ 32.968684] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 32.969558]
[ 32.969885] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 32.971008] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 32.971111] Hardware name: linux,dummy-virt (DT)
[ 32.971206] Call trace:
[ 32.971273] show_stack+0x20/0x38 (C)
[ 32.971388] dump_stack_lvl+0x8c/0xd0
[ 32.971469] print_report+0x118/0x5e0
[ 32.971545] kasan_report+0xc8/0x118
[ 32.971617] __asan_report_load8_noabort+0x20/0x30
[ 32.971699] kasan_bitops_modify.constprop.0+0xa28/0xbc8
[ 32.971781] kasan_bitops_generic+0x110/0x1c8
[ 32.971855] kunit_try_run_case+0x14c/0x3d0
[ 32.971928] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.972009] kthread+0x318/0x618
[ 32.972095] ret_from_fork+0x10/0x20
[ 32.972173]
[ 32.978113] Allocated by task 251:
[ 32.978547] kasan_save_stack+0x3c/0x68
[ 32.979104] kasan_save_track+0x20/0x40
[ 32.979675] kasan_save_alloc_info+0x40/0x58
[ 32.980280] __kasan_kmalloc+0xd4/0xd8
[ 32.980797] __kmalloc_cache_noprof+0x15c/0x3c0
[ 32.981459] kasan_bitops_generic+0xa0/0x1c8
[ 32.982068] kunit_try_run_case+0x14c/0x3d0
[ 32.982687] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.983387] kthread+0x318/0x618
[ 32.983838] ret_from_fork+0x10/0x20
[ 32.984381]
[ 32.984703] The buggy address belongs to the object at fff301d181339c40
[ 32.984703] which belongs to the cache kmalloc-16 of size 16
[ 32.985798] The buggy address is located 8 bytes inside of
[ 32.985798] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 32.986922]
[ 32.987265] The buggy address belongs to the physical page:
[ 32.987850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 32.988577] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 32.989378] page_type: f5(slab)
[ 32.989869] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 32.990756] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 32.991425] page dumped because: kasan: bad access detected
[ 32.992062]
[ 32.992404] Memory state around the buggy address:
[ 32.992875] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 32.993729] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 32.994378] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 32.995178] ^
[ 32.995829] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.996492] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.997290] ==================================================================
---
[ 32.662861] ==================================================================
[ 32.666536] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa4c/0xbc8
[ 32.667516] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 32.669479]
[ 32.669995] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 32.670232] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 32.670490] Hardware name: linux,dummy-virt (DT)
[ 32.670547] Call trace:
[ 32.670582] show_stack+0x20/0x38 (C)
[ 32.670662] dump_stack_lvl+0x8c/0xd0
[ 32.670738] print_report+0x118/0x5e0
[ 32.670814] kasan_report+0xc8/0x118
[ 32.670885] __asan_report_load8_noabort+0x20/0x30
[ 32.670966] kasan_bitops_modify.constprop.0+0xa4c/0xbc8
[ 32.671048] kasan_bitops_generic+0x110/0x1c8
[ 32.671143] kunit_try_run_case+0x14c/0x3d0
[ 32.671214] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.671296] kthread+0x318/0x618
[ 32.671369] ret_from_fork+0x10/0x20
[ 32.671444]
[ 32.678026] Allocated by task 251:
[ 32.678861] kasan_save_stack+0x3c/0x68
[ 32.679551] kasan_save_track+0x20/0x40
[ 32.680142] kasan_save_alloc_info+0x40/0x58
[ 32.680822] __kasan_kmalloc+0xd4/0xd8
[ 32.681095] __kmalloc_cache_noprof+0x15c/0x3c0
[ 32.681475] kasan_bitops_generic+0xa0/0x1c8
[ 32.681744] kunit_try_run_case+0x14c/0x3d0
[ 32.681992] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.682677] kthread+0x318/0x618
[ 32.683235] ret_from_fork+0x10/0x20
[ 32.683802]
[ 32.684169] The buggy address belongs to the object at fff301d181339c40
[ 32.684169] which belongs to the cache kmalloc-16 of size 16
[ 32.686110] The buggy address is located 8 bytes inside of
[ 32.686110] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 32.687731]
[ 32.688061] The buggy address belongs to the physical page:
[ 32.689307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 32.690325] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 32.691016] page_type: f5(slab)
[ 32.691753] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 32.692682] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 32.693911] page dumped because: kasan: bad access detected
[ 32.694601]
[ 32.694922] Memory state around the buggy address:
[ 32.695463] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 32.696122] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 32.697332] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 32.698221] ^
[ 32.698853] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.699618] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.700276] ==================================================================
---
[ 32.741295] ==================================================================
[ 32.742325] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa88/0xbc8
[ 32.742962] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 32.743764]
[ 32.744158] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 32.744437] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 32.744542] Hardware name: linux,dummy-virt (DT)
[ 32.744665] Call trace:
[ 32.744737] show_stack+0x20/0x38 (C)
[ 32.744884] dump_stack_lvl+0x8c/0xd0
[ 32.745021] print_report+0x118/0x5e0
[ 32.745210] kasan_report+0xc8/0x118
[ 32.745382] __asan_report_load8_noabort+0x20/0x30
[ 32.745548] kasan_bitops_modify.constprop.0+0xa88/0xbc8
[ 32.745715] kasan_bitops_generic+0x110/0x1c8
[ 32.745867] kunit_try_run_case+0x14c/0x3d0
[ 32.745972] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.746060] kthread+0x318/0x618
[ 32.746158] ret_from_fork+0x10/0x20
[ 32.746239]
[ 32.754251] Allocated by task 251:
[ 32.754822] kasan_save_stack+0x3c/0x68
[ 32.755424] kasan_save_track+0x20/0x40
[ 32.755955] kasan_save_alloc_info+0x40/0x58
[ 32.757431] __kasan_kmalloc+0xd4/0xd8
[ 32.757998] __kmalloc_cache_noprof+0x15c/0x3c0
[ 32.758639] kasan_bitops_generic+0xa0/0x1c8
[ 32.759210] kunit_try_run_case+0x14c/0x3d0
[ 32.759748] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.760565] kthread+0x318/0x618
[ 32.761225] ret_from_fork+0x10/0x20
[ 32.761829]
[ 32.762220] The buggy address belongs to the object at fff301d181339c40
[ 32.762220] which belongs to the cache kmalloc-16 of size 16
[ 32.763341] The buggy address is located 8 bytes inside of
[ 32.763341] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 32.764508]
[ 32.764831] The buggy address belongs to the physical page:
[ 32.765679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 32.766547] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 32.767298] page_type: f5(slab)
[ 32.767764] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 32.768845] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 32.770119] page dumped because: kasan: bad access detected
[ 32.770779]
[ 32.771260] Memory state around the buggy address:
[ 32.771791] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 32.772846] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 32.773670] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 32.774282] ^
[ 32.774965] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.775704] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.776428] ==================================================================
---
[ 32.857153] ==================================================================
[ 32.857932] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaf4/0xbc8
[ 32.858847] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 32.859748]
[ 32.860061] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 32.860832] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 32.860983] Hardware name: linux,dummy-virt (DT)
[ 32.861123] Call trace:
[ 32.861201] show_stack+0x20/0x38 (C)
[ 32.861378] dump_stack_lvl+0x8c/0xd0
[ 32.861528] print_report+0x118/0x5e0
[ 32.861749] kasan_report+0xc8/0x118
[ 32.861902] __asan_report_load8_noabort+0x20/0x30
[ 32.862091] kasan_bitops_modify.constprop.0+0xaf4/0xbc8
[ 32.862228] kasan_bitops_generic+0x110/0x1c8
[ 32.862315] kunit_try_run_case+0x14c/0x3d0
[ 32.862394] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.862491] kthread+0x318/0x618
[ 32.862564] ret_from_fork+0x10/0x20
[ 32.862640]
[ 32.870460] Allocated by task 251:
[ 32.870916] kasan_save_stack+0x3c/0x68
[ 32.871494] kasan_save_track+0x20/0x40
[ 32.872097] kasan_save_alloc_info+0x40/0x58
[ 32.872970] __kasan_kmalloc+0xd4/0xd8
[ 32.874008] __kmalloc_cache_noprof+0x15c/0x3c0
[ 32.874697] kasan_bitops_generic+0xa0/0x1c8
[ 32.875378] kunit_try_run_case+0x14c/0x3d0
[ 32.876088] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.876747] kthread+0x318/0x618
[ 32.877625] ret_from_fork+0x10/0x20
[ 32.878316]
[ 32.878821] The buggy address belongs to the object at fff301d181339c40
[ 32.878821] which belongs to the cache kmalloc-16 of size 16
[ 32.880063] The buggy address is located 8 bytes inside of
[ 32.880063] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 32.881525]
[ 32.881879] The buggy address belongs to the physical page:
[ 32.882461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 32.883641] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 32.884422] page_type: f5(slab)
[ 32.885256] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 32.886229] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 32.887151] page dumped because: kasan: bad access detected
[ 32.887896]
[ 32.888474] Memory state around the buggy address:
[ 32.888952] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 32.889938] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 32.890890] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 32.891645] ^
[ 32.892531] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.893185] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.893980] ==================================================================
[ 33.100604] ==================================================================
[ 33.101882] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa50/0xbc8
[ 33.102923] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 33.103756]
[ 33.104118] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 33.104344] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 33.104431] Hardware name: linux,dummy-virt (DT)
[ 33.104526] Call trace:
[ 33.104591] show_stack+0x20/0x38 (C)
[ 33.104733] dump_stack_lvl+0x8c/0xd0
[ 33.104883] print_report+0x118/0x5e0
[ 33.105023] kasan_report+0xc8/0x118
[ 33.105195] __asan_report_load8_noabort+0x20/0x30
[ 33.105355] kasan_bitops_test_and_modify.constprop.0+0xa50/0xbc8
[ 33.105450] kasan_bitops_generic+0x11c/0x1c8
[ 33.105529] kunit_try_run_case+0x14c/0x3d0
[ 33.105608] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.105694] kthread+0x318/0x618
[ 33.105771] ret_from_fork+0x10/0x20
[ 33.105851]
[ 33.112198] Allocated by task 251:
[ 33.112688] kasan_save_stack+0x3c/0x68
[ 33.113150] kasan_save_track+0x20/0x40
[ 33.113752] kasan_save_alloc_info+0x40/0x58
[ 33.114298] __kasan_kmalloc+0xd4/0xd8
[ 33.114865] __kmalloc_cache_noprof+0x15c/0x3c0
[ 33.115498] kasan_bitops_generic+0xa0/0x1c8
[ 33.116039] kunit_try_run_case+0x14c/0x3d0
[ 33.116640] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.117301] kthread+0x318/0x618
[ 33.117826] ret_from_fork+0x10/0x20
[ 33.118396]
[ 33.118695] The buggy address belongs to the object at fff301d181339c40
[ 33.118695] which belongs to the cache kmalloc-16 of size 16
[ 33.119971] The buggy address is located 8 bytes inside of
[ 33.119971] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 33.120991]
[ 33.121726] The buggy address belongs to the physical page:
[ 33.122595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 33.123413] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 33.124252] page_type: f5(slab)
[ 33.124844] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 33.125825] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 33.126581] page dumped because: kasan: bad access detected
[ 33.127142]
[ 33.127432] Memory state around the buggy address:
[ 33.127951] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 33.128996] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 33.129927] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 33.130807] ^
[ 33.131454] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.132201] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.132992] ==================================================================
---
[ 33.034470] ==================================================================
[ 33.035055] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa08/0xbc8
[ 33.035787] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 33.037003]
[ 33.037417] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 33.037686] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 33.037785] Hardware name: linux,dummy-virt (DT)
[ 33.037881] Call trace:
[ 33.037948] show_stack+0x20/0x38 (C)
[ 33.038038] dump_stack_lvl+0x8c/0xd0
[ 33.038141] print_report+0x118/0x5e0
[ 33.038222] kasan_report+0xc8/0x118
[ 33.038298] __asan_report_load8_noabort+0x20/0x30
[ 33.038384] kasan_bitops_test_and_modify.constprop.0+0xa08/0xbc8
[ 33.038483] kasan_bitops_generic+0x11c/0x1c8
[ 33.038557] kunit_try_run_case+0x14c/0x3d0
[ 33.038631] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.038713] kthread+0x318/0x618
[ 33.038784] ret_from_fork+0x10/0x20
[ 33.038859]
[ 33.045378] Allocated by task 251:
[ 33.046010] kasan_save_stack+0x3c/0x68
[ 33.046640] kasan_save_track+0x20/0x40
[ 33.047227] kasan_save_alloc_info+0x40/0x58
[ 33.047767] __kasan_kmalloc+0xd4/0xd8
[ 33.048282] __kmalloc_cache_noprof+0x15c/0x3c0
[ 33.048816] kasan_bitops_generic+0xa0/0x1c8
[ 33.049531] kunit_try_run_case+0x14c/0x3d0
[ 33.050208] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.050986] kthread+0x318/0x618
[ 33.051571] ret_from_fork+0x10/0x20
[ 33.052146]
[ 33.052518] The buggy address belongs to the object at fff301d181339c40
[ 33.052518] which belongs to the cache kmalloc-16 of size 16
[ 33.053829] The buggy address is located 8 bytes inside of
[ 33.053829] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 33.055024]
[ 33.055431] The buggy address belongs to the physical page:
[ 33.056134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 33.057020] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 33.057906] page_type: f5(slab)
[ 33.058445] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 33.059327] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 33.060062] page dumped because: kasan: bad access detected
[ 33.060781]
[ 33.061141] Memory state around the buggy address:
[ 33.061836] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 33.062659] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 33.063494] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 33.064273] ^
[ 33.064951] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.065802] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.066690] ==================================================================
---
[ 33.269230] ==================================================================
[ 33.270291] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa8c/0xbc8
[ 33.271289] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 33.272533]
[ 33.272778] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 33.272905] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 33.272949] Hardware name: linux,dummy-virt (DT)
[ 33.273000] Call trace:
[ 33.273034] show_stack+0x20/0x38 (C)
[ 33.273160] dump_stack_lvl+0x8c/0xd0
[ 33.273331] print_report+0x118/0x5e0
[ 33.273509] kasan_report+0xc8/0x118
[ 33.273680] __asan_report_load8_noabort+0x20/0x30
[ 33.273838] kasan_bitops_test_and_modify.constprop.0+0xa8c/0xbc8
[ 33.273938] kasan_bitops_generic+0x11c/0x1c8
[ 33.274020] kunit_try_run_case+0x14c/0x3d0
[ 33.274115] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.274201] kthread+0x318/0x618
[ 33.274281] ret_from_fork+0x10/0x20
[ 33.274359]
[ 33.280539] Allocated by task 251:
[ 33.281052] kasan_save_stack+0x3c/0x68
[ 33.281723] kasan_save_track+0x20/0x40
[ 33.282268] kasan_save_alloc_info+0x40/0x58
[ 33.282750] __kasan_kmalloc+0xd4/0xd8
[ 33.283343] __kmalloc_cache_noprof+0x15c/0x3c0
[ 33.284004] kasan_bitops_generic+0xa0/0x1c8
[ 33.284638] kunit_try_run_case+0x14c/0x3d0
[ 33.285287] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.286057] kthread+0x318/0x618
[ 33.286613] ret_from_fork+0x10/0x20
[ 33.287202]
[ 33.287531] The buggy address belongs to the object at fff301d181339c40
[ 33.287531] which belongs to the cache kmalloc-16 of size 16
[ 33.288689] The buggy address is located 8 bytes inside of
[ 33.288689] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 33.290000]
[ 33.290344] The buggy address belongs to the physical page:
[ 33.290994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 33.291682] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 33.292494] page_type: f5(slab)
[ 33.293024] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 33.293855] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 33.294766] page dumped because: kasan: bad access detected
[ 33.295347]
[ 33.295700] Memory state around the buggy address:
[ 33.296332] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 33.297013] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 33.297929] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 33.298702] ^
[ 33.299372] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.300160] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.300903] ==================================================================
---
[ 33.167726] ==================================================================
[ 33.168493] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xad4/0xbc8
[ 33.169276] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 33.170294]
[ 33.170738] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 33.171026] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 33.171128] Hardware name: linux,dummy-virt (DT)
[ 33.171187] Call trace:
[ 33.171224] show_stack+0x20/0x38 (C)
[ 33.171305] dump_stack_lvl+0x8c/0xd0
[ 33.171381] print_report+0x118/0x5e0
[ 33.171457] kasan_report+0xc8/0x118
[ 33.171528] __asan_report_load8_noabort+0x20/0x30
[ 33.171608] kasan_bitops_test_and_modify.constprop.0+0xad4/0xbc8
[ 33.171696] kasan_bitops_generic+0x11c/0x1c8
[ 33.171772] kunit_try_run_case+0x14c/0x3d0
[ 33.171843] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.171924] kthread+0x318/0x618
[ 33.171997] ret_from_fork+0x10/0x20
[ 33.172085]
[ 33.179020] Allocated by task 251:
[ 33.179520] kasan_save_stack+0x3c/0x68
[ 33.180107] kasan_save_track+0x20/0x40
[ 33.180551] kasan_save_alloc_info+0x40/0x58
[ 33.181045] __kasan_kmalloc+0xd4/0xd8
[ 33.181718] __kmalloc_cache_noprof+0x15c/0x3c0
[ 33.182454] kasan_bitops_generic+0xa0/0x1c8
[ 33.182994] kunit_try_run_case+0x14c/0x3d0
[ 33.183673] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.184360] kthread+0x318/0x618
[ 33.184923] ret_from_fork+0x10/0x20
[ 33.185572]
[ 33.185981] The buggy address belongs to the object at fff301d181339c40
[ 33.185981] which belongs to the cache kmalloc-16 of size 16
[ 33.187177] The buggy address is located 8 bytes inside of
[ 33.187177] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 33.188420]
[ 33.188818] The buggy address belongs to the physical page:
[ 33.189534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 33.190441] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 33.191241] page_type: f5(slab)
[ 33.191749] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 33.192668] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 33.193528] page dumped because: kasan: bad access detected
[ 33.194261]
[ 33.194626] Memory state around the buggy address:
[ 33.195294] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 33.196143] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 33.196942] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 33.197799] ^
[ 33.198533] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.199366] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.200182] ==================================================================
---
[ 33.236850] ==================================================================
[ 33.237841] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa44/0xbc8
[ 33.238501] Read of size 8 at addr fff301d181339c48 by task kunit_try_catch/251
[ 33.239351]
[ 33.239709] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 33.239975] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 33.240062] Hardware name: linux,dummy-virt (DT)
[ 33.240172] Call trace:
[ 33.240256] show_stack+0x20/0x38 (C)
[ 33.240442] dump_stack_lvl+0x8c/0xd0
[ 33.240598] print_report+0x118/0x5e0
[ 33.240738] kasan_report+0xc8/0x118
[ 33.240921] __asan_report_load8_noabort+0x20/0x30
[ 33.241041] kasan_bitops_test_and_modify.constprop.0+0xa44/0xbc8
[ 33.241171] kasan_bitops_generic+0x11c/0x1c8
[ 33.241277] kunit_try_run_case+0x14c/0x3d0
[ 33.241358] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.241445] kthread+0x318/0x618
[ 33.241524] ret_from_fork+0x10/0x20
[ 33.241605]
[ 33.247811] Allocated by task 251:
[ 33.248215] kasan_save_stack+0x3c/0x68
[ 33.248817] kasan_save_track+0x20/0x40
[ 33.249447] kasan_save_alloc_info+0x40/0x58
[ 33.250158] __kasan_kmalloc+0xd4/0xd8
[ 33.250743] __kmalloc_cache_noprof+0x15c/0x3c0
[ 33.251390] kasan_bitops_generic+0xa0/0x1c8
[ 33.251937] kunit_try_run_case+0x14c/0x3d0
[ 33.252771] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 33.253404] kthread+0x318/0x618
[ 33.253840] ret_from_fork+0x10/0x20
[ 33.254372]
[ 33.254668] The buggy address belongs to the object at fff301d181339c40
[ 33.254668] which belongs to the cache kmalloc-16 of size 16
[ 33.255849] The buggy address is located 8 bytes inside of
[ 33.255849] allocated 9-byte region [fff301d181339c40, fff301d181339c49)
[ 33.256947]
[ 33.257317] The buggy address belongs to the physical page:
[ 33.258017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 33.258833] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 33.259557] page_type: f5(slab)
[ 33.260089] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 33.260889] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 33.261683] page dumped because: kasan: bad access detected
[ 33.262367]
[ 33.262725] Memory state around the buggy address:
[ 33.263267] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 33.263971] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 33.264761] >fff301d181339c00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc
[ 33.265550] ^
[ 33.266210] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.266994] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.267727] ==================================================================
[ 29.681875] ==================================================================
[ 29.682894] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[ 29.683596] Write of size 16 at addr fff301d181339bc0 by task kunit_try_catch/156
[ 29.684278]
[ 29.684648] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 29.684871] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 29.684947] Hardware name: linux,dummy-virt (DT)
[ 29.685032] Call trace:
[ 29.685108] show_stack+0x20/0x38 (C)
[ 29.685334] dump_stack_lvl+0x8c/0xd0
[ 29.685500] print_report+0x118/0x5e0
[ 29.685649] kasan_report+0xc8/0x118
[ 29.685782] __asan_report_store16_noabort+0x20/0x30
[ 29.685932] kmalloc_oob_16+0x3a0/0x3f8
[ 29.686063] kunit_try_run_case+0x14c/0x3d0
[ 29.686228] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 29.686383] kthread+0x318/0x618
[ 29.686524] ret_from_fork+0x10/0x20
[ 29.686645]
[ 29.694221] Allocated by task 156:
[ 29.694717] kasan_save_stack+0x3c/0x68
[ 29.695354] kasan_save_track+0x20/0x40
[ 29.696008] kasan_save_alloc_info+0x40/0x58
[ 29.696687] __kasan_kmalloc+0xd4/0xd8
[ 29.697282] __kmalloc_cache_noprof+0x15c/0x3c0
[ 29.697948] kmalloc_oob_16+0xb4/0x3f8
[ 29.698787] kunit_try_run_case+0x14c/0x3d0
[ 29.699331] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 29.700091] kthread+0x318/0x618
[ 29.700778] ret_from_fork+0x10/0x20
[ 29.701607]
[ 29.701946] The buggy address belongs to the object at fff301d181339bc0
[ 29.701946] which belongs to the cache kmalloc-16 of size 16
[ 29.703219] The buggy address is located 0 bytes inside of
[ 29.703219] allocated 13-byte region [fff301d181339bc0, fff301d181339bcd)
[ 29.704725]
[ 29.704964] The buggy address belongs to the physical page:
[ 29.705793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 29.706650] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 29.707473] page_type: f5(slab)
[ 29.707972] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 29.709017] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 29.709672] page dumped because: kasan: bad access detected
[ 29.710386]
[ 29.710756] Memory state around the buggy address:
[ 29.711362] fff301d181339a80: 00 04 fc fc fa fb fc fc 00 05 fc fc 00 05 fc fc
[ 29.712187] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 29.713351] >fff301d181339b80: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc
[ 29.714151] ^
[ 29.714766] fff301d181339c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.715560] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.716458] ==================================================================
[ 28.681890] ==================================================================
[ 28.683087] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[ 28.683773] Read of size 1 at addr fff301d181339b9f by task kunit_try_catch/128
[ 28.684584]
[ 28.684926] CPU: 0 UID: 0 PID: 128 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 28.685306] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 28.685394] Hardware name: linux,dummy-virt (DT)
[ 28.685490] Call trace:
[ 28.685556] show_stack+0x20/0x38 (C)
[ 28.685667] dump_stack_lvl+0x8c/0xd0
[ 28.685747] print_report+0x118/0x5e0
[ 28.685824] kasan_report+0xc8/0x118
[ 28.685898] __asan_report_load1_noabort+0x20/0x30
[ 28.685980] kmalloc_oob_left+0x2ec/0x320
[ 28.686053] kunit_try_run_case+0x14c/0x3d0
[ 28.686151] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 28.686234] kthread+0x318/0x618
[ 28.686307] ret_from_fork+0x10/0x20
[ 28.686383]
[ 28.692481] Allocated by task 28:
[ 28.693000] kasan_save_stack+0x3c/0x68
[ 28.693718] kasan_save_track+0x20/0x40
[ 28.694356] kasan_save_alloc_info+0x40/0x58
[ 28.694827] __kasan_kmalloc+0xd4/0xd8
[ 28.695536] __kmalloc_node_track_caller_noprof+0x184/0x4b8
[ 28.696290] kstrdup+0x54/0xc8
[ 28.696844] devtmpfs_work_loop+0x384/0x590
[ 28.697545] devtmpfsd+0x50/0x58
[ 28.698149] kthread+0x318/0x618
[ 28.698645] ret_from_fork+0x10/0x20
[ 28.699228]
[ 28.699628] Freed by task 28:
[ 28.700175] kasan_save_stack+0x3c/0x68
[ 28.700698] kasan_save_track+0x20/0x40
[ 28.701340] kasan_save_free_info+0x4c/0x78
[ 28.701962] __kasan_slab_free+0x6c/0x98
[ 28.702590] kfree+0x214/0x3c8
[ 28.703101] devtmpfs_work_loop+0x498/0x590
[ 28.703686] devtmpfsd+0x50/0x58
[ 28.704221] kthread+0x318/0x618
[ 28.704743] ret_from_fork+0x10/0x20
[ 28.705351]
[ 28.705767] The buggy address belongs to the object at fff301d181339b80
[ 28.705767] which belongs to the cache kmalloc-16 of size 16
[ 28.706978] The buggy address is located 15 bytes to the right of
[ 28.706978] allocated 16-byte region [fff301d181339b80, fff301d181339b90)
[ 28.708187]
[ 28.708516] The buggy address belongs to the physical page:
[ 28.709096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 28.709894] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 28.710604] page_type: f5(slab)
[ 28.710997] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 28.711949] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 28.712838] page dumped because: kasan: bad access detected
[ 28.713541]
[ 28.713930] Memory state around the buggy address:
[ 28.714563] fff301d181339a80: 00 04 fc fc fa fb fc fc 00 05 fc fc 00 05 fc fc
[ 28.715300] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 28.716247] >fff301d181339b80: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc
[ 28.717107] ^
[ 28.717582] fff301d181339c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 28.718554] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 28.719364] ==================================================================
[ 32.391650] ==================================================================
[ 32.392830] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8
[ 32.393380] Read of size 1 at addr fff301d1867f4458 by task kunit_try_catch/247
[ 32.394725]
[ 32.395133] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 32.395440] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 32.395508] Hardware name: linux,dummy-virt (DT)
[ 32.395561] Call trace:
[ 32.395599] show_stack+0x20/0x38 (C)
[ 32.395682] dump_stack_lvl+0x8c/0xd0
[ 32.395760] print_report+0x118/0x5e0
[ 32.395835] kasan_report+0xc8/0x118
[ 32.395909] __asan_report_load1_noabort+0x20/0x30
[ 32.395988] memcmp+0x198/0x1d8
[ 32.396059] kasan_memcmp+0x16c/0x300
[ 32.396149] kunit_try_run_case+0x14c/0x3d0
[ 32.396229] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.396378] kthread+0x318/0x618
[ 32.396498] ret_from_fork+0x10/0x20
[ 32.396580]
[ 32.403094] Allocated by task 247:
[ 32.403540] kasan_save_stack+0x3c/0x68
[ 32.404143] kasan_save_track+0x20/0x40
[ 32.404602] kasan_save_alloc_info+0x40/0x58
[ 32.405267] __kasan_kmalloc+0xd4/0xd8
[ 32.405854] __kmalloc_cache_noprof+0x15c/0x3c0
[ 32.406484] kasan_memcmp+0xbc/0x300
[ 32.407029] kunit_try_run_case+0x14c/0x3d0
[ 32.407876] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 32.408900] kthread+0x318/0x618
[ 32.409405] ret_from_fork+0x10/0x20
[ 32.409876]
[ 32.410241] The buggy address belongs to the object at fff301d1867f4440
[ 32.410241] which belongs to the cache kmalloc-32 of size 32
[ 32.411343] The buggy address is located 0 bytes to the right of
[ 32.411343] allocated 24-byte region [fff301d1867f4440, fff301d1867f4458)
[ 32.413423]
[ 32.413680] The buggy address belongs to the physical page:
[ 32.414216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067f4
[ 32.415029] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 32.415713] page_type: f5(slab)
[ 32.416217] raw: 0bfffe0000000000 fff301d180001780 dead000000000122 0000000000000000
[ 32.417274] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[ 32.417971] page dumped because: kasan: bad access detected
[ 32.418659]
[ 32.418977] Memory state around the buggy address:
[ 32.419450] fff301d1867f4300: 00 00 07 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[ 32.420265] fff301d1867f4380: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[ 32.420967] >fff301d1867f4400: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[ 32.421987] ^
[ 32.422668] fff301d1867f4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.423422] fff301d1867f4500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.424066] ==================================================================
[ 30.232880] ==================================================================
[ 30.234162] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308
[ 30.234789] Read of size 1 at addr fff301d181339c20 by task kunit_try_catch/182
[ 30.235578]
[ 30.235879] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 30.236104] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 30.236186] Hardware name: linux,dummy-virt (DT)
[ 30.236291] Call trace:
[ 30.236353] show_stack+0x20/0x38 (C)
[ 30.236492] dump_stack_lvl+0x8c/0xd0
[ 30.236623] print_report+0x118/0x5e0
[ 30.236760] kasan_report+0xc8/0x118
[ 30.236862] __kasan_check_byte+0x54/0x70
[ 30.236937] kfree_sensitive+0x30/0xb0
[ 30.237101] kmalloc_double_kzfree+0x168/0x308
[ 30.237274] kunit_try_run_case+0x14c/0x3d0
[ 30.237415] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.237535] kthread+0x318/0x618
[ 30.237612] ret_from_fork+0x10/0x20
[ 30.237685]
[ 30.245690] Allocated by task 182:
[ 30.246259] kasan_save_stack+0x3c/0x68
[ 30.246813] kasan_save_track+0x20/0x40
[ 30.247067] kasan_save_alloc_info+0x40/0x58
[ 30.247533] __kasan_kmalloc+0xd4/0xd8
[ 30.247945] __kmalloc_cache_noprof+0x15c/0x3c0
[ 30.248602] kmalloc_double_kzfree+0xb8/0x308
[ 30.249229] kunit_try_run_case+0x14c/0x3d0
[ 30.249746] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.250403] kthread+0x318/0x618
[ 30.251386] ret_from_fork+0x10/0x20
[ 30.251851]
[ 30.252181] Freed by task 182:
[ 30.252784] kasan_save_stack+0x3c/0x68
[ 30.253523] kasan_save_track+0x20/0x40
[ 30.254102] kasan_save_free_info+0x4c/0x78
[ 30.254685] __kasan_slab_free+0x6c/0x98
[ 30.255246] kfree+0x214/0x3c8
[ 30.255723] kfree_sensitive+0x80/0xb0
[ 30.256161] kmalloc_double_kzfree+0x11c/0x308
[ 30.257518] kunit_try_run_case+0x14c/0x3d0
[ 30.258051] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.258657] kthread+0x318/0x618
[ 30.259453] ret_from_fork+0x10/0x20
[ 30.259957]
[ 30.260287] The buggy address belongs to the object at fff301d181339c20
[ 30.260287] which belongs to the cache kmalloc-16 of size 16
[ 30.261772] The buggy address is located 0 bytes inside of
[ 30.261772] freed 16-byte region [fff301d181339c20, fff301d181339c30)
[ 30.262846]
[ 30.263179] The buggy address belongs to the physical page:
[ 30.263815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101339
[ 30.264997] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 30.265715] page_type: f5(slab)
[ 30.266153] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 30.266976] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 30.267700] page dumped because: kasan: bad access detected
[ 30.268438]
[ 30.269055] Memory state around the buggy address:
[ 30.269718] fff301d181339b00: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[ 30.270382] fff301d181339b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 30.271196] >fff301d181339c00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[ 30.271899] ^
[ 30.272722] fff301d181339c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.273328] fff301d181339d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.274019] ==================================================================
[ 30.075436] ==================================================================
[ 30.076726] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338
[ 30.077322] Read of size 1 at addr fff301d185bd4ee8 by task kunit_try_catch/174
[ 30.078129]
[ 30.078531] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 30.078782] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 30.078864] Hardware name: linux,dummy-virt (DT)
[ 30.078953] Call trace:
[ 30.079040] show_stack+0x20/0x38 (C)
[ 30.079265] dump_stack_lvl+0x8c/0xd0
[ 30.079417] print_report+0x118/0x5e0
[ 30.079551] kasan_report+0xc8/0x118
[ 30.079688] __asan_report_load1_noabort+0x20/0x30
[ 30.079837] kmalloc_uaf+0x300/0x338
[ 30.079965] kunit_try_run_case+0x14c/0x3d0
[ 30.080124] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.080276] kthread+0x318/0x618
[ 30.080419] ret_from_fork+0x10/0x20
[ 30.080550]
[ 30.086647] Allocated by task 174:
[ 30.087004] kasan_save_stack+0x3c/0x68
[ 30.087371] kasan_save_track+0x20/0x40
[ 30.087871] kasan_save_alloc_info+0x40/0x58
[ 30.089166] __kasan_kmalloc+0xd4/0xd8
[ 30.089753] __kmalloc_cache_noprof+0x15c/0x3c0
[ 30.090346] kmalloc_uaf+0xb8/0x338
[ 30.090862] kunit_try_run_case+0x14c/0x3d0
[ 30.091395] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.091996] kthread+0x318/0x618
[ 30.092661] ret_from_fork+0x10/0x20
[ 30.093275]
[ 30.093594] Freed by task 174:
[ 30.093970] kasan_save_stack+0x3c/0x68
[ 30.094564] kasan_save_track+0x20/0x40
[ 30.095016] kasan_save_free_info+0x4c/0x78
[ 30.095619] __kasan_slab_free+0x6c/0x98
[ 30.096112] kfree+0x214/0x3c8
[ 30.096982] kmalloc_uaf+0x11c/0x338
[ 30.097432] kunit_try_run_case+0x14c/0x3d0
[ 30.097892] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.098434] kthread+0x318/0x618
[ 30.099365] ret_from_fork+0x10/0x20
[ 30.099845]
[ 30.100133] The buggy address belongs to the object at fff301d185bd4ee0
[ 30.100133] which belongs to the cache kmalloc-16 of size 16
[ 30.101529] The buggy address is located 8 bytes inside of
[ 30.101529] freed 16-byte region [fff301d185bd4ee0, fff301d185bd4ef0)
[ 30.102636]
[ 30.102931] The buggy address belongs to the physical page:
[ 30.103511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bd4
[ 30.104652] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 30.105420] page_type: f5(slab)
[ 30.105903] raw: 0bfffe0000000000 fff301d180001640 dead000000000122 0000000000000000
[ 30.106605] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 30.107421] page dumped because: kasan: bad access detected
[ 30.108006]
[ 30.108600] Memory state around the buggy address:
[ 30.109127] fff301d185bd4d80: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc
[ 30.109975] fff301d185bd4e00: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 30.110591] >fff301d185bd4e80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[ 30.111367] ^
[ 30.112040] fff301d185bd4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.113110] fff301d185bd4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.113840] ==================================================================
[ 30.174515] ==================================================================
[ 30.175529] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468
[ 30.176468] Read of size 1 at addr fff301d1813abda8 by task kunit_try_catch/178
[ 30.177942]
[ 30.178391] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 30.178633] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 30.178713] Hardware name: linux,dummy-virt (DT)
[ 30.178790] Call trace:
[ 30.178846] show_stack+0x20/0x38 (C)
[ 30.178983] dump_stack_lvl+0x8c/0xd0
[ 30.179340] print_report+0x118/0x5e0
[ 30.179643] kasan_report+0xc8/0x118
[ 30.179779] __asan_report_load1_noabort+0x20/0x30
[ 30.179878] kmalloc_uaf2+0x3f4/0x468
[ 30.179948] kunit_try_run_case+0x14c/0x3d0
[ 30.180020] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.180119] kthread+0x318/0x618
[ 30.180192] ret_from_fork+0x10/0x20
[ 30.180306]
[ 30.186503] Allocated by task 178:
[ 30.186928] kasan_save_stack+0x3c/0x68
[ 30.188993] kasan_save_track+0x20/0x40
[ 30.189539] kasan_save_alloc_info+0x40/0x58
[ 30.190156] __kasan_kmalloc+0xd4/0xd8
[ 30.190655] __kmalloc_cache_noprof+0x15c/0x3c0
[ 30.191168] kmalloc_uaf2+0xc4/0x468
[ 30.191687] kunit_try_run_case+0x14c/0x3d0
[ 30.192281] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.192896] kthread+0x318/0x618
[ 30.193400] ret_from_fork+0x10/0x20
[ 30.193914]
[ 30.195008] Freed by task 178:
[ 30.195498] kasan_save_stack+0x3c/0x68
[ 30.196088] kasan_save_track+0x20/0x40
[ 30.196913] kasan_save_free_info+0x4c/0x78
[ 30.197496] __kasan_slab_free+0x6c/0x98
[ 30.198069] kfree+0x214/0x3c8
[ 30.198557] kmalloc_uaf2+0x134/0x468
[ 30.199020] kunit_try_run_case+0x14c/0x3d0
[ 30.199520] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.200195] kthread+0x318/0x618
[ 30.200670] ret_from_fork+0x10/0x20
[ 30.201130]
[ 30.202180] The buggy address belongs to the object at fff301d1813abd80
[ 30.202180] which belongs to the cache kmalloc-64 of size 64
[ 30.203255] The buggy address is located 40 bytes inside of
[ 30.203255] freed 64-byte region [fff301d1813abd80, fff301d1813abdc0)
[ 30.204328]
[ 30.204647] The buggy address belongs to the physical page:
[ 30.205734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1013ab
[ 30.206713] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 30.207599] page_type: f5(slab)
[ 30.208243] raw: 0bfffe0000000000 fff301d1800018c0 dead000000000122 0000000000000000
[ 30.209123] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[ 30.210539] page dumped because: kasan: bad access detected
[ 30.210814]
[ 30.210954] Memory state around the buggy address:
[ 30.211348] fff301d1813abc80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 30.212694] fff301d1813abd00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 30.213391] >fff301d1813abd80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 30.213878] ^
[ 30.214402] fff301d1813abe00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc
[ 30.215233] fff301d1813abe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.216053] ==================================================================
[ 31.083675] ==================================================================
[ 31.084856] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x17c/0x2f8
[ 31.085680] Read of size 1 at addr fff301d1812c73c0 by task kunit_try_catch/205
[ 31.086457]
[ 31.086797] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 31.087025] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 31.087124] Hardware name: linux,dummy-virt (DT)
[ 31.087217] Call trace:
[ 31.087278] show_stack+0x20/0x38 (C)
[ 31.087416] dump_stack_lvl+0x8c/0xd0
[ 31.087558] print_report+0x118/0x5e0
[ 31.087701] kasan_report+0xc8/0x118
[ 31.087820] __kasan_check_byte+0x54/0x70
[ 31.087898] kmem_cache_destroy+0x34/0x218
[ 31.087973] kmem_cache_double_destroy+0x17c/0x2f8
[ 31.088047] kunit_try_run_case+0x14c/0x3d0
[ 31.088137] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 31.088217] kthread+0x318/0x618
[ 31.088284] ret_from_fork+0x10/0x20
[ 31.088355]
[ 31.094187] Allocated by task 205:
[ 31.094689] kasan_save_stack+0x3c/0x68
[ 31.095246] kasan_save_track+0x20/0x40
[ 31.095790] kasan_save_alloc_info+0x40/0x58
[ 31.096266] __kasan_slab_alloc+0xa8/0xb0
[ 31.096824] kmem_cache_alloc_noprof+0x108/0x398
[ 31.097463] __kmem_cache_create_args+0x18c/0x2b0
[ 31.098005] kmem_cache_double_destroy+0xc8/0x2f8
[ 31.098660] kunit_try_run_case+0x14c/0x3d0
[ 31.099284] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 31.099841] kthread+0x318/0x618
[ 31.100354] ret_from_fork+0x10/0x20
[ 31.100878]
[ 31.101222] Freed by task 205:
[ 31.101649] kasan_save_stack+0x3c/0x68
[ 31.102235] kasan_save_track+0x20/0x40
[ 31.102805] kasan_save_free_info+0x4c/0x78
[ 31.103299] __kasan_slab_free+0x6c/0x98
[ 31.103851] kmem_cache_free+0x260/0x470
[ 31.104365] slab_kmem_cache_release+0x38/0x50
[ 31.104947] kmem_cache_release+0x1c/0x30
[ 31.105570] kobject_put+0x17c/0x430
[ 31.106131] sysfs_slab_release+0x1c/0x30
[ 31.106598] kmem_cache_destroy+0x118/0x218
[ 31.107183] kmem_cache_double_destroy+0x130/0x2f8
[ 31.107800] kunit_try_run_case+0x14c/0x3d0
[ 31.108367] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 31.108900] kthread+0x318/0x618
[ 31.109468] ret_from_fork+0x10/0x20
[ 31.110018]
[ 31.110365] The buggy address belongs to the object at fff301d1812c73c0
[ 31.110365] which belongs to the cache kmem_cache of size 208
[ 31.111455] The buggy address is located 0 bytes inside of
[ 31.111455] freed 208-byte region [fff301d1812c73c0, fff301d1812c7490)
[ 31.112443]
[ 31.112771] The buggy address belongs to the physical page:
[ 31.113361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1012c7
[ 31.114281] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 31.114928] page_type: f5(slab)
[ 31.115438] raw: 0bfffe0000000000 fff301d180001000 dead000000000122 0000000000000000
[ 31.116092] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[ 31.116896] page dumped because: kasan: bad access detected
[ 31.117581]
[ 31.117888] Memory state around the buggy address:
[ 31.118501] fff301d1812c7280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 31.119096] fff301d1812c7300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[ 31.119898] >fff301d1812c7380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 31.120565] ^
[ 31.121210] fff301d1812c7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 31.121939] fff301d1812c7480: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 31.122730] ==================================================================
[ 30.597018] ==================================================================
[ 30.597605] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70
[ 30.597931] Read of size 4 at addr fff301d18139fcc0 by task swapper/0/0
[ 30.598576]
[ 30.598916] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.14.0-rc3 #1
[ 30.599163] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 30.599248] Hardware name: linux,dummy-virt (DT)
[ 30.599333] Call trace:
[ 30.599396] show_stack+0x20/0x38 (C)
[ 30.599536] dump_stack_lvl+0x8c/0xd0
[ 30.599676] print_report+0x118/0x5e0
[ 30.599807] kasan_report+0xc8/0x118
[ 30.599936] __asan_report_load4_noabort+0x20/0x30
[ 30.600092] rcu_uaf_reclaim+0x64/0x70
[ 30.600224] rcu_core+0x9f4/0x1e20
[ 30.600361] rcu_core_si+0x18/0x30
[ 30.600483] handle_softirqs+0x374/0xb20
[ 30.600620] __do_softirq+0x1c/0x28
[ 30.600744] ____do_softirq+0x18/0x30
[ 30.600873] call_on_irq_stack+0x24/0x58
[ 30.601002] do_softirq_own_stack+0x24/0x38
[ 30.601165] __irq_exit_rcu+0x1fc/0x318
[ 30.601323] irq_exit_rcu+0x1c/0x80
[ 30.601445] el1_interrupt+0x38/0x58
[ 30.601581] el1h_64_irq_handler+0x18/0x28
[ 30.601732] el1h_64_irq+0x6c/0x70
[ 30.601959] arch_local_irq_enable+0x4/0x8 (P)
[ 30.602141] do_idle+0x384/0x4e8
[ 30.602272] cpu_startup_entry+0x68/0x80
[ 30.602357] rest_init+0x160/0x188
[ 30.602436] start_kernel+0x30c/0x3d0
[ 30.602515] __primary_switched+0x8c/0xa0
[ 30.602592]
[ 30.614941] Allocated by task 188:
[ 30.615429] kasan_save_stack+0x3c/0x68
[ 30.615904] kasan_save_track+0x20/0x40
[ 30.616903] kasan_save_alloc_info+0x40/0x58
[ 30.617549] __kasan_kmalloc+0xd4/0xd8
[ 30.618034] __kmalloc_cache_noprof+0x15c/0x3c0
[ 30.618594] rcu_uaf+0xb0/0x2d0
[ 30.619181] kunit_try_run_case+0x14c/0x3d0
[ 30.619754] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.620607] kthread+0x318/0x618
[ 30.621524] ret_from_fork+0x10/0x20
[ 30.621980]
[ 30.622349] Freed by task 0:
[ 30.622736] kasan_save_stack+0x3c/0x68
[ 30.623322] kasan_save_track+0x20/0x40
[ 30.623861] kasan_save_free_info+0x4c/0x78
[ 30.624674] __kasan_slab_free+0x6c/0x98
[ 30.625650] kfree+0x214/0x3c8
[ 30.626094] rcu_uaf_reclaim+0x28/0x70
[ 30.626807] rcu_core+0x9f4/0x1e20
[ 30.627403] rcu_core_si+0x18/0x30
[ 30.627962] handle_softirqs+0x374/0xb20
[ 30.628892] __do_softirq+0x1c/0x28
[ 30.629284]
[ 30.629780] Last potentially related work creation:
[ 30.630444] kasan_save_stack+0x3c/0x68
[ 30.631034] kasan_record_aux_stack+0xb4/0xc8
[ 30.631548] __call_rcu_common.constprop.0+0x74/0xa10
[ 30.632264] call_rcu+0x18/0x30
[ 30.632774] rcu_uaf+0x14c/0x2d0
[ 30.633305] kunit_try_run_case+0x14c/0x3d0
[ 30.633904] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 30.635182] kthread+0x318/0x618
[ 30.635705] ret_from_fork+0x10/0x20
[ 30.636229]
[ 30.636772] The buggy address belongs to the object at fff301d18139fcc0
[ 30.636772] which belongs to the cache kmalloc-32 of size 32
[ 30.638164] The buggy address is located 0 bytes inside of
[ 30.638164] freed 32-byte region [fff301d18139fcc0, fff301d18139fce0)
[ 30.639266]
[ 30.639632] The buggy address belongs to the physical page:
[ 30.640324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10139f
[ 30.641430] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 30.642414] page_type: f5(slab)
[ 30.642847] raw: 0bfffe0000000000 fff301d180001780 dead000000000122 0000000000000000
[ 30.643729] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[ 30.644805] page dumped because: kasan: bad access detected
[ 30.645731]
[ 30.646230] Memory state around the buggy address:
[ 30.646992] fff301d18139fb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 30.647892] fff301d18139fc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 30.648851] >fff301d18139fc80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 30.650149] ^
[ 30.651007] fff301d18139fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.651847] fff301d18139fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.652718] ==================================================================