Hay
Date
July 20, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.962791] ==================================================================
[   16.964167] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70
[   16.964262] Read of size 4 at addr fff00000c7805340 by task swapper/1/0
[   16.964356] 
[   16.964433] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   16.964522] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.964946] Hardware name: linux,dummy-virt (DT)
[   16.965032] Call trace:
[   16.965133]  show_stack+0x20/0x38 (C)
[   16.965452]  dump_stack_lvl+0x8c/0xd0
[   16.965567]  print_report+0x118/0x5d0
[   16.965613]  kasan_report+0xdc/0x128
[   16.965659]  __asan_report_load4_noabort+0x20/0x30
[   16.965708]  rcu_uaf_reclaim+0x64/0x70
[   16.965877]  rcu_core+0x9f4/0x1e20
[   16.965988]  rcu_core_si+0x18/0x30
[   16.966312]  handle_softirqs+0x374/0xb28
[   16.966366]  __do_softirq+0x1c/0x28
[   16.966409]  ____do_softirq+0x18/0x30
[   16.966455]  call_on_irq_stack+0x24/0x30
[   16.967207]  do_softirq_own_stack+0x24/0x38
[   16.967453]  __irq_exit_rcu+0x1fc/0x318
[   16.967601]  irq_exit_rcu+0x1c/0x80
[   16.967882]  el1_interrupt+0x38/0x58
[   16.968185]  el1h_64_irq_handler+0x18/0x28
[   16.968532]  el1h_64_irq+0x6c/0x70
[   16.968656]  arch_local_irq_enable+0x4/0x8 (P)
[   16.968711]  do_idle+0x384/0x4e8
[   16.969511]  cpu_startup_entry+0x68/0x80
[   16.969580]  secondary_start_kernel+0x288/0x340
[   16.969630]  __secondary_switched+0xc0/0xc8
[   16.969685] 
[   16.969705] Allocated by task 198:
[   16.969812]  kasan_save_stack+0x3c/0x68
[   16.970165]  kasan_save_track+0x20/0x40
[   16.970265]  kasan_save_alloc_info+0x40/0x58
[   16.970783]  __kasan_kmalloc+0xd4/0xd8
[   16.970829]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.970869]  rcu_uaf+0xb0/0x2d8
[   16.970912]  kunit_try_run_case+0x170/0x3f0
[   16.970953]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.971000]  kthread+0x328/0x630
[   16.971731]  ret_from_fork+0x10/0x20
[   16.971781] 
[   16.972000] Freed by task 0:
[   16.972181]  kasan_save_stack+0x3c/0x68
[   16.972226]  kasan_save_track+0x20/0x40
[   16.972264]  kasan_save_free_info+0x4c/0x78
[   16.972602]  __kasan_slab_free+0x6c/0x98
[   16.972786]  kfree+0x214/0x3c8
[   16.972886]  rcu_uaf_reclaim+0x28/0x70
[   16.973401]  rcu_core+0x9f4/0x1e20
[   16.973584]  rcu_core_si+0x18/0x30
[   16.973621]  handle_softirqs+0x374/0xb28
[   16.974113]  __do_softirq+0x1c/0x28
[   16.974170] 
[   16.974349] Last potentially related work creation:
[   16.974387]  kasan_save_stack+0x3c/0x68
[   16.974671]  kasan_record_aux_stack+0xb4/0xc8
[   16.974740]  __call_rcu_common.constprop.0+0x74/0x8c8
[   16.974806]  call_rcu+0x18/0x30
[   16.975005]  rcu_uaf+0x14c/0x2d8
[   16.975125]  kunit_try_run_case+0x170/0x3f0
[   16.975164]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.975210]  kthread+0x328/0x630
[   16.975243]  ret_from_fork+0x10/0x20
[   16.975923] 
[   16.976125] The buggy address belongs to the object at fff00000c7805340
[   16.976125]  which belongs to the cache kmalloc-32 of size 32
[   16.976239] The buggy address is located 0 bytes inside of
[   16.976239]  freed 32-byte region [fff00000c7805340, fff00000c7805360)
[   16.976300] 
[   16.976323] The buggy address belongs to the physical page:
[   16.976358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107805
[   16.977176] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.977561] page_type: f5(slab)
[   16.978100] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   16.978468] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   16.979021] page dumped because: kasan: bad access detected
[   16.979539] 
[   16.979586] Memory state around the buggy address:
[   16.979632]  fff00000c7805200: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   16.979681]  fff00000c7805280: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   16.980252] >fff00000c7805300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   16.980299]                                            ^
[   16.980335]  fff00000c7805380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.980389]  fff00000c7805400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.980568] ==================================================================

[   16.886453] ==================================================================
[   16.886582] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70
[   16.886664] Read of size 4 at addr fff00000c6a1f880 by task swapper/1/0
[   16.886713] 
[   16.887768] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   16.887870] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.887938] Hardware name: linux,dummy-virt (DT)
[   16.887973] Call trace:
[   16.888001]  show_stack+0x20/0x38 (C)
[   16.888055]  dump_stack_lvl+0x8c/0xd0
[   16.888247]  print_report+0x118/0x5d0
[   16.888756]  kasan_report+0xdc/0x128
[   16.888922]  __asan_report_load4_noabort+0x20/0x30
[   16.889546]  rcu_uaf_reclaim+0x64/0x70
[   16.889604]  rcu_core+0x9f4/0x1e20
[   16.889707]  rcu_core_si+0x18/0x30
[   16.889768]  handle_softirqs+0x374/0xb28
[   16.890323]  __do_softirq+0x1c/0x28
[   16.890370]  ____do_softirq+0x18/0x30
[   16.890415]  call_on_irq_stack+0x24/0x30
[   16.890463]  do_softirq_own_stack+0x24/0x38
[   16.890919]  __irq_exit_rcu+0x1fc/0x318
[   16.891383]  irq_exit_rcu+0x1c/0x80
[   16.891432]  el1_interrupt+0x38/0x58
[   16.891592]  el1h_64_irq_handler+0x18/0x28
[   16.891973]  el1h_64_irq+0x6c/0x70
[   16.892167]  arch_local_irq_enable+0x4/0x8 (P)
[   16.892562]  do_idle+0x384/0x4e8
[   16.893015]  cpu_startup_entry+0x68/0x80
[   16.893260]  secondary_start_kernel+0x288/0x340
[   16.893314]  __secondary_switched+0xc0/0xc8
[   16.893371] 
[   16.893391] Allocated by task 198:
[   16.893423]  kasan_save_stack+0x3c/0x68
[   16.893466]  kasan_save_track+0x20/0x40
[   16.893503]  kasan_save_alloc_info+0x40/0x58
[   16.894167]  __kasan_kmalloc+0xd4/0xd8
[   16.894369]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.894424]  rcu_uaf+0xb0/0x2d8
[   16.894561]  kunit_try_run_case+0x170/0x3f0
[   16.894833]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.895126]  kthread+0x328/0x630
[   16.895196]  ret_from_fork+0x10/0x20
[   16.895235] 
[   16.895255] Freed by task 0:
[   16.895283]  kasan_save_stack+0x3c/0x68
[   16.895325]  kasan_save_track+0x20/0x40
[   16.895364]  kasan_save_free_info+0x4c/0x78
[   16.895405]  __kasan_slab_free+0x6c/0x98
[   16.896176]  kfree+0x214/0x3c8
[   16.896220]  rcu_uaf_reclaim+0x28/0x70
[   16.896258]  rcu_core+0x9f4/0x1e20
[   16.896294]  rcu_core_si+0x18/0x30
[   16.896805]  handle_softirqs+0x374/0xb28
[   16.897188]  __do_softirq+0x1c/0x28
[   16.897242] 
[   16.897277] Last potentially related work creation:
[   16.897314]  kasan_save_stack+0x3c/0x68
[   16.897355]  kasan_record_aux_stack+0xb4/0xc8
[   16.898043]  __call_rcu_common.constprop.0+0x74/0x8c8
[   16.898191]  call_rcu+0x18/0x30
[   16.898486]  rcu_uaf+0x14c/0x2d8
[   16.898532]  kunit_try_run_case+0x170/0x3f0
[   16.898732]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.898778]  kthread+0x328/0x630
[   16.898938]  ret_from_fork+0x10/0x20
[   16.899495] 
[   16.900266] The buggy address belongs to the object at fff00000c6a1f880
[   16.900266]  which belongs to the cache kmalloc-32 of size 32
[   16.900448] The buggy address is located 0 bytes inside of
[   16.900448]  freed 32-byte region [fff00000c6a1f880, fff00000c6a1f8a0)
[   16.900885] 
[   16.900985] The buggy address belongs to the physical page:
[   16.901019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106a1f
[   16.901082] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.901133] page_type: f5(slab)
[   16.901177] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   16.901476] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   16.901524] page dumped because: kasan: bad access detected
[   16.901607] 
[   16.901638] Memory state around the buggy address:
[   16.901676]  fff00000c6a1f780: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc
[   16.901765]  fff00000c6a1f800: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   16.901882] >fff00000c6a1f880: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   16.902440]                    ^
[   16.902754]  fff00000c6a1f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.902806]  fff00000c6a1f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.903080] ==================================================================

[   13.218244] ==================================================================
[   13.218717] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60
[   13.219270] Read of size 4 at addr ffff888103944040 by task swapper/1/0
[   13.219650] 
[   13.219784] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   13.219830] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.219841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.219862] Call Trace:
[   13.219889]  <IRQ>
[   13.219908]  dump_stack_lvl+0x73/0xb0
[   13.219955]  print_report+0xd1/0x610
[   13.219978]  ? __virt_addr_valid+0x1db/0x2d0
[   13.220015]  ? rcu_uaf_reclaim+0x50/0x60
[   13.220034]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.220056]  ? rcu_uaf_reclaim+0x50/0x60
[   13.220092]  kasan_report+0x141/0x180
[   13.220115]  ? rcu_uaf_reclaim+0x50/0x60
[   13.220141]  __asan_report_load4_noabort+0x18/0x20
[   13.220165]  rcu_uaf_reclaim+0x50/0x60
[   13.220185]  rcu_core+0x66f/0x1c40
[   13.220286]  ? __pfx_rcu_core+0x10/0x10
[   13.220309]  ? ktime_get+0x6b/0x150
[   13.220332]  ? handle_softirqs+0x18e/0x730
[   13.220358]  rcu_core_si+0x12/0x20
[   13.220385]  handle_softirqs+0x209/0x730
[   13.220421]  ? hrtimer_interrupt+0x2fe/0x780
[   13.220445]  ? __pfx_handle_softirqs+0x10/0x10
[   13.220470]  __irq_exit_rcu+0xc9/0x110
[   13.220491]  irq_exit_rcu+0x12/0x20
[   13.220511]  sysvec_apic_timer_interrupt+0x81/0x90
[   13.220536]  </IRQ>
[   13.220565]  <TASK>
[   13.220576]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   13.220689] RIP: 0010:pv_native_safe_halt+0xf/0x20
[   13.220906] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 23 52 21 00 fb f4 <e9> 3c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[   13.220988] RSP: 0000:ffff888100877dc8 EFLAGS: 00010206
[   13.221246] RAX: ffff8881c3372000 RBX: ffff888100853000 RCX: ffffffff95877125
[   13.221302] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 0000000000020754
[   13.221347] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a
[   13.221391] R10: ffff88815b130c53 R11: ffffffff97dc36c0 R12: 0000000000000001
[   13.221452] R13: ffffed102010a600 R14: ffffffff975b1a90 R15: 0000000000000000
[   13.221516]  ? ct_kernel_exit.constprop.0+0xa5/0xd0
[   13.221573]  ? default_idle+0xd/0x20
[   13.221593]  arch_cpu_idle+0xd/0x20
[   13.221612]  default_idle_call+0x48/0x80
[   13.221630]  do_idle+0x379/0x4f0
[   13.221656]  ? __pfx_do_idle+0x10/0x10
[   13.221686]  cpu_startup_entry+0x5c/0x70
[   13.221705]  start_secondary+0x211/0x290
[   13.221727]  ? __pfx_start_secondary+0x10/0x10
[   13.221754]  common_startup_64+0x13e/0x148
[   13.221788]  </TASK>
[   13.221799] 
[   13.240322] Allocated by task 216:
[   13.240854]  kasan_save_stack+0x45/0x70
[   13.241216]  kasan_save_track+0x18/0x40
[   13.241365]  kasan_save_alloc_info+0x3b/0x50
[   13.241530]  __kasan_kmalloc+0xb7/0xc0
[   13.242251]  __kmalloc_cache_noprof+0x189/0x420
[   13.242948]  rcu_uaf+0xb0/0x330
[   13.243438]  kunit_try_run_case+0x1a5/0x480
[   13.243985]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.244729]  kthread+0x337/0x6f0
[   13.245312]  ret_from_fork+0x116/0x1d0
[   13.245536]  ret_from_fork_asm+0x1a/0x30
[   13.246103] 
[   13.246299] Freed by task 0:
[   13.246771]  kasan_save_stack+0x45/0x70
[   13.247269]  kasan_save_track+0x18/0x40
[   13.247666]  kasan_save_free_info+0x3f/0x60
[   13.247939]  __kasan_slab_free+0x56/0x70
[   13.248432]  kfree+0x222/0x3f0
[   13.248891]  rcu_uaf_reclaim+0x1f/0x60
[   13.249571]  rcu_core+0x66f/0x1c40
[   13.249860]  rcu_core_si+0x12/0x20
[   13.249994]  handle_softirqs+0x209/0x730
[   13.250387]  __irq_exit_rcu+0xc9/0x110
[   13.251128]  irq_exit_rcu+0x12/0x20
[   13.251608]  sysvec_apic_timer_interrupt+0x81/0x90
[   13.251788]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   13.252698] 
[   13.252947] Last potentially related work creation:
[   13.253497]  kasan_save_stack+0x45/0x70
[   13.253830]  kasan_record_aux_stack+0xb2/0xc0
[   13.254473]  __call_rcu_common.constprop.0+0x7b/0x9e0
[   13.255169]  call_rcu+0x12/0x20
[   13.255311]  rcu_uaf+0x168/0x330
[   13.255453]  kunit_try_run_case+0x1a5/0x480
[   13.255636]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.256411]  kthread+0x337/0x6f0
[   13.256944]  ret_from_fork+0x116/0x1d0
[   13.257726]  ret_from_fork_asm+0x1a/0x30
[   13.258297] 
[   13.258561] The buggy address belongs to the object at ffff888103944040
[   13.258561]  which belongs to the cache kmalloc-32 of size 32
[   13.259765] The buggy address is located 0 bytes inside of
[   13.259765]  freed 32-byte region [ffff888103944040, ffff888103944060)
[   13.260133] 
[   13.260214] The buggy address belongs to the physical page:
[   13.260390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103944
[   13.260767] flags: 0x200000000000000(node=0|zone=2)
[   13.261009] page_type: f5(slab)
[   13.261183] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   13.261772] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   13.262203] page dumped because: kasan: bad access detected
[   13.262450] 
[   13.262546] Memory state around the buggy address:
[   13.262769]  ffff888103943f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.263156]  ffff888103943f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.263475] >ffff888103944000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   13.263782]                                            ^
[   13.264004]  ffff888103944080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.264338]  ffff888103944100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.264678] ==================================================================

[   13.346953] ==================================================================
[   13.347431] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60
[   13.347723] Read of size 4 at addr ffff888102a4db40 by task swapper/0/0
[   13.348020] 
[   13.348142] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   13.348200] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.348211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.348234] Call Trace:
[   13.348260]  <IRQ>
[   13.348279]  dump_stack_lvl+0x73/0xb0
[   13.348311]  print_report+0xd1/0x610
[   13.348338]  ? __virt_addr_valid+0x1db/0x2d0
[   13.348363]  ? rcu_uaf_reclaim+0x50/0x60
[   13.348382]  ? kasan_complete_mode_report_info+0x64/0x200
[   13.348403]  ? rcu_uaf_reclaim+0x50/0x60
[   13.348423]  kasan_report+0x141/0x180
[   13.348444]  ? rcu_uaf_reclaim+0x50/0x60
[   13.348467]  __asan_report_load4_noabort+0x18/0x20
[   13.348490]  rcu_uaf_reclaim+0x50/0x60
[   13.348510]  rcu_core+0x66f/0x1c40
[   13.348538]  ? __pfx_rcu_core+0x10/0x10
[   13.348558]  ? ktime_get+0x6b/0x150
[   13.348580]  ? handle_softirqs+0x18e/0x730
[   13.348604]  rcu_core_si+0x12/0x20
[   13.348623]  handle_softirqs+0x209/0x730
[   13.348642]  ? hrtimer_interrupt+0x2fe/0x780
[   13.348663]  ? __pfx_handle_softirqs+0x10/0x10
[   13.348688]  __irq_exit_rcu+0xc9/0x110
[   13.348707]  irq_exit_rcu+0x12/0x20
[   13.348727]  sysvec_apic_timer_interrupt+0x81/0x90
[   13.348751]  </IRQ>
[   13.348781]  <TASK>
[   13.348792]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   13.348879] RIP: 0010:pv_native_safe_halt+0xf/0x20
[   13.349085] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 23 52 21 00 fb f4 <e9> 3c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[   13.349202] RSP: 0000:ffffffff86807dd8 EFLAGS: 00010202
[   13.349294] RAX: ffff8881d3472000 RBX: ffffffff8681cac0 RCX: ffffffff85677125
[   13.349365] RDX: ffffed102b60618b RSI: 0000000000000004 RDI: 0000000000005744
[   13.349407] RBP: ffffffff86807de0 R08: 0000000000000001 R09: ffffed102b60618a
[   13.349448] R10: ffff88815b030c53 R11: 000000000001f000 R12: 0000000000000000
[   13.349490] R13: fffffbfff0d03958 R14: ffffffff873b1a90 R15: 0000000000000000
[   13.349547]  ? ct_kernel_exit.constprop.0+0xa5/0xd0
[   13.349600]  ? default_idle+0xd/0x20
[   13.349619]  arch_cpu_idle+0xd/0x20
[   13.349637]  default_idle_call+0x48/0x80
[   13.349656]  do_idle+0x379/0x4f0
[   13.349681]  ? __pfx_do_idle+0x10/0x10
[   13.349702]  ? trace_preempt_on+0x20/0xc0
[   13.349725]  ? schedule+0x86/0x2e0
[   13.349744]  ? preempt_count_sub+0x50/0x80
[   13.349767]  cpu_startup_entry+0x5c/0x70
[   13.349786]  rest_init+0x11a/0x140
[   13.349803]  ? acpi_subsystem_init+0x5d/0x150
[   13.349828]  start_kernel+0x330/0x410
[   13.349849]  x86_64_start_reservations+0x1c/0x30
[   13.349869]  x86_64_start_kernel+0x10d/0x120
[   13.349889]  common_startup_64+0x13e/0x148
[   13.349921]  </TASK>
[   13.349932] 
[   13.359672] Allocated by task 215:
[   13.359836]  kasan_save_stack+0x45/0x70
[   13.360025]  kasan_save_track+0x18/0x40
[   13.360202]  kasan_save_alloc_info+0x3b/0x50
[   13.360415]  __kasan_kmalloc+0xb7/0xc0
[   13.360605]  __kmalloc_cache_noprof+0x189/0x420
[   13.360815]  rcu_uaf+0xb0/0x330
[   13.360963]  kunit_try_run_case+0x1a5/0x480
[   13.361154]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.361407]  kthread+0x337/0x6f0
[   13.361567]  ret_from_fork+0x116/0x1d0
[   13.361720]  ret_from_fork_asm+0x1a/0x30
[   13.361868] 
[   13.361947] Freed by task 0:
[   13.362057]  kasan_save_stack+0x45/0x70
[   13.362205]  kasan_save_track+0x18/0x40
[   13.362367]  kasan_save_free_info+0x3f/0x60
[   13.362517]  __kasan_slab_free+0x56/0x70
[   13.362684]  kfree+0x222/0x3f0
[   13.362849]  rcu_uaf_reclaim+0x1f/0x60
[   13.363037]  rcu_core+0x66f/0x1c40
[   13.363224]  rcu_core_si+0x12/0x20
[   13.363434]  handle_softirqs+0x209/0x730
[   13.363631]  __irq_exit_rcu+0xc9/0x110
[   13.363818]  irq_exit_rcu+0x12/0x20
[   13.363990]  sysvec_apic_timer_interrupt+0x81/0x90
[   13.364231]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[   13.364502] 
[   13.364617] Last potentially related work creation:
[   13.364851]  kasan_save_stack+0x45/0x70
[   13.365048]  kasan_record_aux_stack+0xb2/0xc0
[   13.365233]  __call_rcu_common.constprop.0+0x7b/0x9e0
[   13.365481]  call_rcu+0x12/0x20
[   13.365601]  rcu_uaf+0x168/0x330
[   13.365724]  kunit_try_run_case+0x1a5/0x480
[   13.365873]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.366120]  kthread+0x337/0x6f0
[   13.366318]  ret_from_fork+0x116/0x1d0
[   13.366516]  ret_from_fork_asm+0x1a/0x30
[   13.366722] 
[   13.366828] The buggy address belongs to the object at ffff888102a4db40
[   13.366828]  which belongs to the cache kmalloc-32 of size 32
[   13.367405] The buggy address is located 0 bytes inside of
[   13.367405]  freed 32-byte region [ffff888102a4db40, ffff888102a4db60)
[   13.367824] 
[   13.367900] The buggy address belongs to the physical page:
[   13.368173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4d
[   13.368560] flags: 0x200000000000000(node=0|zone=2)
[   13.368770] page_type: f5(slab)
[   13.368896] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   13.369194] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   13.369566] page dumped because: kasan: bad access detected
[   13.369802] 
[   13.369900] Memory state around the buggy address:
[   13.370092]  ffff888102a4da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   13.370404]  ffff888102a4da80: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc
[   13.370694] >ffff888102a4db00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   13.370931]                                            ^
[   13.371180]  ffff888102a4db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.371527]  ffff888102a4dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.371815] ==================================================================