bisecting cause commit starting from 6915bf3b002bba76cbbb928a983795fdd93af49b building syzkaller on 03f94a45567bcce27a020b2843fc217c568e117a testing commit 6915bf3b002bba76cbbb928a983795fdd93af49b with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #5: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #6: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #7: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #8: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #9: crashed: INFO: task hung in tls_sw_free_resources_tx testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in tls_push_record testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in padata_parallel_worker run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker run #2: crashed: KASAN: use-after-free Write in padata_serial_worker run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker run #5: crashed: KASAN: use-after-free Write in padata_parallel_worker run #6: crashed: KASAN: use-after-free Write in padata_parallel_worker run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker run #9: crashed: KASAN: use-after-free Write in padata_parallel_worker testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in padata_parallel_worker run #1: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #2: crashed: KASAN: use-after-free Write in padata_parallel_worker run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: KASAN: use-after-free Write in padata_parallel_worker run #5: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #6: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #7: crashed: KASAN: use-after-free Read in padata_do_parallel run #8: crashed: KASAN: use-after-free Read in padata_do_parallel run #9: crashed: KASAN: use-after-free Read in padata_do_parallel testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in padata_parallel_worker run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: KASAN: use-after-free Read in padata_do_parallel run #5: crashed: KASAN: use-after-free Write in padata_serial_worker run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker run #8: crashed: KASAN: use-after-free Read in padata_do_parallel run #9: crashed: BUG: unable to handle kernel paging request in corrupted testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.13 v4.12 Bisecting: 7028 revisions left to test after this (roughly 13 steps) [ac7b75966c9c86426b55fe1c50ae148aa4571075] Merge tag 'pinctrl-v4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit ac7b75966c9c86426b55fe1c50ae148aa4571075 with gcc (GCC) 8.1.0 run #0: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #1: crashed: KASAN: use-after-free Write in padata_parallel_worker run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #5: crashed: KASAN: use-after-free Write in padata_parallel_worker run #6: crashed: BUG: unable to handle kernel paging request in corrupted run #7: crashed: KASAN: use-after-free Read in padata_do_parallel run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker # git bisect bad ac7b75966c9c86426b55fe1c50ae148aa4571075 Bisecting: 3538 revisions left to test after this (roughly 12 steps) [e24dd9ee5399747b71c1d982a484fc7601795f31] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security testing commit e24dd9ee5399747b71c1d982a484fc7601795f31 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e24dd9ee5399747b71c1d982a484fc7601795f31 Bisecting: 1787 revisions left to test after this (roughly 11 steps) [9cc9a5cb176ccb4f2cda5ac34da5a659926f125f] datapath: Avoid using stack larger than 1024. testing commit 9cc9a5cb176ccb4f2cda5ac34da5a659926f125f with gcc (GCC) 7.3.0 run #0: crashed: general protection fault in corrupted run #1: crashed: KASAN: use-after-free Read in padata_do_parallel run #2: crashed: KASAN: use-after-free Read in padata_do_parallel run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: KASAN: use-after-free Read in padata_do_parallel run #5: crashed: KASAN: use-after-free Write in padata_parallel_worker run #6: crashed: KASAN: use-after-free Read in padata_do_parallel run #7: crashed: KASAN: use-after-free Write in padata_parallel_worker run #8: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #9: crashed: KASAN: use-after-free Read in padata_do_parallel # git bisect bad 9cc9a5cb176ccb4f2cda5ac34da5a659926f125f Bisecting: 882 revisions left to test after this (roughly 10 steps) [073cf9e20c333ab29744717a23f9e43ec7512a20] Merge branch 'udp-reduce-cache-pressure' testing commit 073cf9e20c333ab29744717a23f9e43ec7512a20 with gcc (GCC) 7.3.0 all runs: OK # git bisect good 073cf9e20c333ab29744717a23f9e43ec7512a20 Bisecting: 441 revisions left to test after this (roughly 9 steps) [8abd5599a520e9f188a750f1bde9dde5fb856230] Merge branch 's390-net-updates-part-2' testing commit 8abd5599a520e9f188a750f1bde9dde5fb856230 with gcc (GCC) 7.3.0 run #0: crashed: KASAN: use-after-free Write in padata_parallel_worker run #1: crashed: KASAN: use-after-free Read in padata_do_parallel run #2: crashed: KASAN: use-after-free Read in padata_do_parallel run #3: crashed: KASAN: use-after-free Read in padata_do_parallel run #4: crashed: KASAN: use-after-free Read in padata_do_parallel run #5: crashed: KASAN: use-after-free Read in padata_do_parallel run #6: crashed: KASAN: use-after-free Read in padata_do_parallel run #7: crashed: KASAN: use-after-free Read in padata_do_parallel run #8: crashed: KASAN: use-after-free Read in padata_do_parallel run #9: basic kernel testing failed: timed out # git bisect bad 8abd5599a520e9f188a750f1bde9dde5fb856230 Bisecting: 220 revisions left to test after this (roughly 8 steps) [2fae5d0e647c6470d206e72b5fc24972bb900f70] Merge branch 'bpf-ctx-narrow' testing commit 2fae5d0e647c6470d206e72b5fc24972bb900f70 with gcc (GCC) 7.3.0 all runs: OK # git bisect good 2fae5d0e647c6470d206e72b5fc24972bb900f70 Bisecting: 110 revisions left to test after this (roughly 7 steps) [41500c3e2a19ffcf40a7158fce1774de08e26ba2] rds: tcp: remove cp_outgoing testing commit 41500c3e2a19ffcf40a7158fce1774de08e26ba2 with gcc (GCC) 7.3.0 run #0: crashed: KASAN: use-after-free Read in padata_do_parallel run #1: crashed: KASAN: use-after-free Read in padata_do_parallel run #2: crashed: KASAN: use-after-free Read in padata_do_parallel run #3: crashed: KASAN: use-after-free Read in padata_do_parallel run #4: crashed: KASAN: use-after-free Write in padata_parallel_worker run #5: crashed: KASAN: use-after-free Read in padata_do_parallel run #6: crashed: BUG: unable to handle kernel paging request in pcrypt_aead_enc run #7: crashed: KASAN: use-after-free Read in padata_do_parallel run #8: crashed: KASAN: use-after-free Read in padata_do_parallel run #9: crashed: KASAN: use-after-free Read in padata_do_parallel # git bisect bad 41500c3e2a19ffcf40a7158fce1774de08e26ba2 Bisecting: 54 revisions left to test after this (roughly 6 steps) [c27b32c2a4e6adc09323262d5b38b06979f063ab] r8152: support new chip 8050 testing commit c27b32c2a4e6adc09323262d5b38b06979f063ab with gcc (GCC) 7.3.0 run #0: crashed: KASAN: use-after-free Read in padata_do_parallel run #1: crashed: KASAN: use-after-free Read in padata_do_parallel run #2: crashed: KASAN: use-after-free Write in padata_parallel_worker run #3: crashed: KASAN: use-after-free Read in padata_do_parallel run #4: crashed: KASAN: use-after-free Write in padata_parallel_worker run #5: crashed: general protection fault in pcrypt_aead_serial run #6: crashed: KASAN: use-after-free Write in padata_parallel_worker run #7: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #8: crashed: KASAN: use-after-free Read in padata_do_parallel run #9: crashed: KASAN: use-after-free Write in padata_serial_worker # git bisect bad c27b32c2a4e6adc09323262d5b38b06979f063ab Bisecting: 26 revisions left to test after this (roughly 5 steps) [206f60e1451b4b90cb7f3a803d1c440602a458e0] Merge branch 'Broadcom-DTE-based-PTP-clock' testing commit 206f60e1451b4b90cb7f3a803d1c440602a458e0 with gcc (GCC) 7.3.0 run #0: boot failed: can't ssh into the instance run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 206f60e1451b4b90cb7f3a803d1c440602a458e0 Bisecting: 13 revisions left to test after this (roughly 4 steps) [57d1ef389c96b5ae192767ae16843e839b1eff74] net: dsa: mv88e6xxx: prefix Global Stats macros testing commit 57d1ef389c96b5ae192767ae16843e839b1eff74 with gcc (GCC) 7.3.0 run #0: crashed: general protection fault in pcrypt_aead_serial run #1: crashed: KASAN: use-after-free Read in padata_do_parallel run #2: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #3: crashed: KASAN: use-after-free Write in padata_parallel_worker run #4: crashed: KASAN: use-after-free Read in padata_do_parallel run #5: crashed: general protection fault in corrupted run #6: crashed: KASAN: use-after-free Read in padata_do_parallel run #7: crashed: KASAN: use-after-free Write in padata_parallel_worker run #8: crashed: KASAN: use-after-free Read in padata_do_parallel run #9: crashed: BUG: unable to handle kernel paging request in pcrypt_aead_enc # git bisect bad 57d1ef389c96b5ae192767ae16843e839b1eff74 Bisecting: 6 revisions left to test after this (roughly 3 steps) [83ad357dee467f63574de35752bc40033deab30e] skbuff: make skb_put_zero() return void testing commit 83ad357dee467f63574de35752bc40033deab30e with gcc (GCC) 7.3.0 run #0: crashed: KASAN: use-after-free Read in padata_do_parallel run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: general protection fault in corrupted run #3: crashed: KASAN: use-after-free Read in padata_do_parallel run #4: crashed: BUG: unable to handle kernel paging request in padata_serial_worker run #5: crashed: KASAN: use-after-free Read in padata_do_parallel run #6: crashed: KASAN: use-after-free Read in padata_do_parallel run #7: crashed: general protection fault in corrupted run #8: crashed: KASAN: use-after-free Write in padata_serial_worker run #9: crashed: KASAN: use-after-free Write in padata_parallel_worker # git bisect bad 83ad357dee467f63574de35752bc40033deab30e Bisecting: 2 revisions left to test after this (roughly 2 steps) [3c4d7559159bfe1e3b94df3a657b2cda3a34e218] tls: kernel TLS support testing commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 with gcc (GCC) 7.3.0 run #0: crashed: KASAN: use-after-free Write in padata_parallel_worker run #1: crashed: KASAN: use-after-free Read in padata_do_parallel run #2: crashed: KASAN: use-after-free Write in padata_parallel_worker run #3: crashed: KASAN: use-after-free Read in padata_do_parallel run #4: crashed: KASAN: use-after-free Read in padata_do_parallel run #5: crashed: KASAN: use-after-free Read in padata_do_parallel run #6: crashed: KASAN: use-after-free Read in crypto_gcm_init_common run #7: crashed: KASAN: use-after-free Write in padata_parallel_worker run #8: crashed: KASAN: use-after-free Read in gcm_hash_crypt_remain_continue run #9: crashed: KASAN: use-after-free Read in padata_do_parallel # git bisect bad 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 Bisecting: 0 revisions left to test after this (roughly 1 step) [e3b5616a347603a521fe3ac46f3194a60900e3a7] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions testing commit e3b5616a347603a521fe3ac46f3194a60900e3a7 with gcc (GCC) 7.3.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor192279415" "root@10.128.15.221:./syz-executor192279415"]: exit status 1 ssh: connect to host 10.128.15.221 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor282261610" "root@10.128.15.228:./syz-executor282261610"]: exit status 1 ssh: connect to host 10.128.15.228 port 22: Connection timed out lost connection run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good e3b5616a347603a521fe3ac46f3194a60900e3a7 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 is the first bad commit commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 Author: Dave Watson Date: Wed Jun 14 11:37:39 2017 -0700 tls: kernel TLS support Software implementation of transport layer security, implemented using ULP infrastructure. tcp proto_ops are replaced with tls equivalents of sendmsg and sendpage. Only symmetric crypto is done in the kernel, keys are passed by setsockopt after the handshake is complete. All control messages are supported via CMSG data - the actual symmetric encryption is the same, just the message type needs to be passed separately. For user API, please see Documentation patch. Pieces that can be shared between hw and sw implementation are in tls_main.c Signed-off-by: Boris Pismenny Signed-off-by: Ilya Lesokhin Signed-off-by: Aviad Yehezkel Signed-off-by: Dave Watson Signed-off-by: David S. Miller :100644 100644 10f158ee95a31509882e94012affd0665088af1f 71a74555afdf4695b74267333e31a691d1e1b97e M MAINTAINERS :040000 040000 7ae2ecdd101f57ded34a9abfa2efebf204d3948c ebc8e78bcf2da708086aaddd279518a289626e81 M include :040000 040000 4ec602f2afe3dbcb390c844ea96d1df793983c6e ead4e27e5324e665f24b9b5aeacf855dc2207e68 M net revisions tested: 22, total time: 4h43m58.443476501s (build: 1h52m1.593553121s, test: 2h44m16.968867752s) first bad commit: 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 tls: kernel TLS support cc: ["aviadye@mellanox.com" "borisp@mellanox.com" "davejwatson@fb.com" "davem@davemloft.net" "ilyal@mellanox.com"] crash: KASAN: use-after-free Read in padata_do_parallel IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device team0 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0xc6/0xd0 lib/list_debug.c:26 Read of size 8 at addr ffff8801da611250 by task syz-executor4/7356 CPU: 0 PID: 7356 Comm: syz-executor4 Not tainted 4.12.0-rc5+ #1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x145/0x1f1 lib/dump_stack.c:52 print_address_description+0xd4/0x230 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report+0x24d/0x340 mm/kasan/report.c:408 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429 __list_add_valid+0xc6/0xd0 lib/list_debug.c:26 __list_add include/linux/list.h:59 [inline] list_add_tail include/linux/list.h:92 [inline] padata_do_parallel+0x3bd/0x7a0 kernel/padata.c:137 pcrypt_do_parallel+0x1fb/0x3f0 crypto/pcrypt.c:99 pcrypt_aead_encrypt+0x351/0x450 crypto/pcrypt.c:173 crypto_aead_encrypt include/crypto/aead.h:330 [inline] tls_do_encryption net/tls/tls_sw.c:233 [inline] tls_push_record+0x902/0x12d0 net/tls/tls_sw.c:264 tls_sw_push_pending_record+0xe/0x10 net/tls/tls_sw.c:292 tls_push_pending_closed_record+0x64/0x120 net/tls/tls_main.c:180 tls_complete_pending_work include/net/tls.h:150 [inline] tls_sk_proto_close+0x5ce/0xa70 net/tls/tls_main.c:220 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:425 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:432 sock_release+0x83/0x1b0 net/socket.c:597 sock_close+0xd/0x20 net/socket.c:1113 __fput+0x307/0x900 fs/file_table.c:209 ____fput+0x9/0x10 fs/file_table.c:245 task_work_run+0x140/0x220 kernel/task_work.c:116 get_signal+0x12d4/0x16c0 kernel/signal.c:2148 do_signal+0x90/0x1e90 arch/x86/kernel/signal.c:808 exit_to_usermode_loop+0x1c7/0x2a0 arch/x86/entry/common.c:157 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath+0x344/0x3f0 arch/x86/entry/common.c:263 entry_SYSCALL_64_fastpath+0xc0/0xc2 RIP: 0033:0x4576b9 RSP: 002b:00007f57c7026c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: 0000000000000001 RBX: 0000000000000006 RCX: 00000000004576b9 RDX: 0000000000000001 RSI: 00000000200003c0 RDI: 0000000000000006 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57c70276d4 R13: 00000000004c411b R14: 00000000004d69b0 R15: 00000000ffffffff Allocated by task 7356: save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:513 set_track mm/kasan/kasan.c:525 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:617 __do_kmalloc mm/slab.c:3733 [inline] __kmalloc+0x156/0x790 mm/slab.c:3742 kmalloc include/linux/slab.h:497 [inline] tls_do_encryption net/tls/tls_sw.c:222 [inline] tls_push_record+0x6b7/0x12d0 net/tls/tls_sw.c:264 tls_sw_sendmsg+0xb45/0x12d0 net/tls/tls_sw.c:449 inet_sendmsg+0x10e/0x5d0 net/ipv4/af_inet.c:762 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:643 SYSC_sendto+0x30e/0x5e0 net/socket.c:1737 SyS_sendto+0x9/0x10 net/socket.c:1705 entry_SYSCALL_64_fastpath+0x23/0xc2 Freed by task 7356: save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:513 set_track mm/kasan/kasan.c:525 [inline] kasan_slab_free+0x71/0xc0 mm/kasan/kasan.c:590 __cache_free mm/slab.c:3511 [inline] kfree+0xcc/0x270 mm/slab.c:3828 tls_do_encryption net/tls/tls_sw.c:238 [inline] tls_push_record+0x9ad/0x12d0 net/tls/tls_sw.c:264 tls_sw_sendmsg+0xb45/0x12d0 net/tls/tls_sw.c:449 inet_sendmsg+0x10e/0x5d0 net/ipv4/af_inet.c:762 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:643 SYSC_sendto+0x30e/0x5e0 net/socket.c:1737 SyS_sendto+0x9/0x10 net/socket.c:1705 entry_SYSCALL_64_fastpath+0x23/0xc2 The buggy address belongs to the object at ffff8801da611200 which belongs to the cache kmalloc-1024 of size 1024 The buggy address is located 80 bytes inside of 1024-byte region [ffff8801da611200, ffff8801da611600) The buggy address belongs to the page: page:ffffea0007698400 count:1 mapcount:0 mapping:ffff8801da610000 index:0x0 compound_mapcount: 0 flags: 0x2fffc0000008100(slab|head) raw: 02fffc0000008100 ffff8801da610000 0000000000000000 0000000100000007 raw: ffffea0007640720 ffffea00075f6020 ffff8801da400ac0 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801da611100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801da611180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8801da611200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801da611280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801da611300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================