Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.875576] ================================================================== [ 105.876371] BUG: KASAN: use-after-free in kmalloc_uaf+0xcc/0x1f0 [ 105.877667] Read of size 1 at addr ffff0000c66f6a08 by task kunit_try_catch/227 [ 105.878912] [ 105.879249] CPU: 1 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.880297] Hardware name: linux,dummy-virt (DT) [ 105.881086] Call trace: [ 105.881668] dump_backtrace+0xe0/0x134 [ 105.882436] show_stack+0x20/0x2c [ 105.883125] dump_stack_lvl+0x88/0xb4 [ 105.883704] print_report+0x158/0x44c [ 105.884079] kasan_report+0xc8/0x180 [ 105.884448] __asan_load1+0x68/0x74 [ 105.884888] kmalloc_uaf+0xcc/0x1f0 [ 105.885783] kunit_try_run_case+0x8c/0x124 [ 105.886555] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.887388] kthread+0x15c/0x170 [ 105.887968] ret_from_fork+0x10/0x20 [ 105.888664] [ 105.888983] Allocated by task 227: [ 105.889593] kasan_save_stack+0x3c/0x70 [ 105.890327] kasan_set_track+0x2c/0x40 [ 105.891114] kasan_save_alloc_info+0x24/0x34 [ 105.891886] __kasan_kmalloc+0xd4/0xe0 [ 105.892620] kmalloc_trace+0x8c/0x150 [ 105.893287] kmalloc_uaf+0x9c/0x1f0 [ 105.893922] kunit_try_run_case+0x8c/0x124 [ 105.894600] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.895452] kthread+0x15c/0x170 [ 105.896047] ret_from_fork+0x10/0x20 [ 105.896689] [ 105.897032] Freed by task 227: [ 105.897532] kasan_save_stack+0x3c/0x70 [ 105.898182] kasan_set_track+0x2c/0x40 [ 105.898801] kasan_save_free_info+0x38/0x5c [ 105.899215] __kasan_slab_free+0x100/0x170 [ 105.899607] slab_free_freelist_hook+0xd8/0x1c0 [ 105.900365] __kmem_cache_free+0x15c/0x2a0 [ 105.901089] kfree+0x88/0x150 [ 105.901635] kmalloc_uaf+0xbc/0x1f0 [ 105.902261] kunit_try_run_case+0x8c/0x124 [ 105.902940] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.903770] kthread+0x15c/0x170 [ 105.904356] ret_from_fork+0x10/0x20 [ 105.905016] [ 105.905355] The buggy address belongs to the object at ffff0000c66f6a00 [ 105.905355] which belongs to the cache kmalloc-128 of size 128 [ 105.907145] The buggy address is located 8 bytes inside of [ 105.907145] 128-byte region [ffff0000c66f6a00, ffff0000c66f6a80) [ 105.908787] [ 105.909099] The buggy address belongs to the physical page: [ 105.909997] page:000000008cb3a959 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066f6 [ 105.910848] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.911401] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.912146] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.913224] page dumped because: kasan: bad access detected [ 105.914021] [ 105.914390] Memory state around the buggy address: [ 105.915095] ffff0000c66f6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 105.916072] ffff0000c66f6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.917078] >ffff0000c66f6a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.918103] ^ [ 105.918690] ffff0000c66f6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.919605] ffff0000c66f6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.920492] ==================================================================
[ 75.629573] ================================================================== [ 75.630348] BUG: KASAN: use-after-free in kmalloc_uaf+0xa4/0x148 [ 75.631053] Read of size 1 at addr ffff0000c5a77308 by task kunit_try_catch/143 [ 75.632345] [ 75.632717] CPU: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.633908] Hardware name: linux,dummy-virt (DT) [ 75.634671] Call trace: [ 75.635169] dump_backtrace+0xf8/0x118 [ 75.635923] show_stack+0x18/0x24 [ 75.636680] __dump_stack+0x28/0x38 [ 75.637342] dump_stack_lvl+0x54/0x6c [ 75.637967] print_address_description+0x7c/0x1ec [ 75.638744] print_report+0x50/0x68 [ 75.639365] kasan_report+0xac/0x100 [ 75.639988] __asan_load1+0x6c/0x70 [ 75.640618] kmalloc_uaf+0xa4/0x148 [ 75.641252] kunit_try_run_case+0x80/0x184 [ 75.641735] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.642247] kthread+0x16c/0x21c [ 75.642629] ret_from_fork+0x10/0x20 [ 75.643225] [ 75.643495] Allocated by task 143: [ 75.643985] kasan_set_track+0x4c/0x80 [ 75.644658] kasan_save_alloc_info+0x28/0x34 [ 75.645355] __kasan_kmalloc+0x88/0xa0 [ 75.645996] kmalloc_trace+0x54/0x68 [ 75.646574] kmalloc_uaf+0x48/0x148 [ 75.647150] kunit_try_run_case+0x80/0x184 [ 75.647799] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.648619] kthread+0x16c/0x21c [ 75.649206] ret_from_fork+0x10/0x20 [ 75.649835] [ 75.650103] Freed by task 143: [ 75.650548] kasan_set_track+0x4c/0x80 [ 75.651174] kasan_save_free_info+0x3c/0x60 [ 75.651812] ____kasan_slab_free+0xe8/0x140 [ 75.652483] __kasan_slab_free+0x18/0x28 [ 75.653202] __kmem_cache_free+0xdc/0x284 [ 75.653913] kfree+0x60/0x74 [ 75.654413] kmalloc_uaf+0x90/0x148 [ 75.654991] kunit_try_run_case+0x80/0x184 [ 75.655630] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.656392] kthread+0x16c/0x21c [ 75.657051] ret_from_fork+0x10/0x20 [ 75.657710] [ 75.657998] The buggy address belongs to the object at ffff0000c5a77300 [ 75.657998] which belongs to the cache kmalloc-128 of size 128 [ 75.659319] The buggy address is located 8 bytes inside of [ 75.659319] 128-byte region [ffff0000c5a77300, ffff0000c5a77380) [ 75.660109] [ 75.660319] The buggy address belongs to the physical page: [ 75.660818] page:00000000495fea3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a77 [ 75.661582] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.662262] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.663303] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.664219] page dumped because: kasan: bad access detected [ 75.665387] [ 75.665667] Memory state around the buggy address: [ 75.666301] ffff0000c5a77200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.667181] ffff0000c5a77280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.668056] >ffff0000c5a77300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.669159] ^ [ 75.669717] ffff0000c5a77380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.670334] ffff0000c5a77400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.670812] ==================================================================
[ 74.682106] ================================================================== [ 74.683766] BUG: KASAN: use-after-free in kmalloc_uaf+0xa4/0x148 [ 74.684987] Read of size 1 at addr ffff0000c5a14008 by task kunit_try_catch/143 [ 74.685506] [ 74.685707] CPU: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.687262] Hardware name: linux,dummy-virt (DT) [ 74.688076] Call trace: [ 74.688721] dump_backtrace+0xf4/0x114 [ 74.689594] show_stack+0x18/0x24 [ 74.690246] __dump_stack+0x28/0x38 [ 74.690864] dump_stack_lvl+0x50/0x68 [ 74.691484] print_address_description+0x7c/0x1ec [ 74.692262] print_report+0x50/0x68 [ 74.692871] kasan_report+0xac/0xfc [ 74.693281] __asan_load1+0x6c/0x70 [ 74.693696] kmalloc_uaf+0xa4/0x148 [ 74.694328] kunit_try_run_case+0x80/0x184 [ 74.695020] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.695926] kthread+0x16c/0x21c [ 74.696533] ret_from_fork+0x10/0x20 [ 74.697269] [ 74.697639] Allocated by task 143: [ 74.698160] kasan_set_track+0x4c/0x80 [ 74.698829] kasan_save_alloc_info+0x28/0x34 [ 74.699499] __kasan_kmalloc+0x88/0xa0 [ 74.700160] kmalloc_trace+0x54/0x68 [ 74.700785] kmalloc_uaf+0x48/0x148 [ 74.701381] kunit_try_run_case+0x80/0x184 [ 74.702066] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.702887] kthread+0x16c/0x21c [ 74.703274] ret_from_fork+0x10/0x20 [ 74.703646] [ 74.703969] Freed by task 143: [ 74.704470] kasan_set_track+0x4c/0x80 [ 74.705177] kasan_save_free_info+0x3c/0x60 [ 74.705934] ____kasan_slab_free+0xe8/0x140 [ 74.706649] __kasan_slab_free+0x18/0x28 [ 74.707337] __kmem_cache_free+0xdc/0x27c [ 74.708001] kfree+0x60/0x74 [ 74.708533] kmalloc_uaf+0x90/0x148 [ 74.709132] kunit_try_run_case+0x80/0x184 [ 74.709820] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.710650] kthread+0x16c/0x21c [ 74.711250] ret_from_fork+0x10/0x20 [ 74.711927] [ 74.712158] The buggy address belongs to the object at ffff0000c5a14000 [ 74.712158] which belongs to the cache kmalloc-128 of size 128 [ 74.713861] The buggy address is located 8 bytes inside of [ 74.713861] 128-byte region [ffff0000c5a14000, ffff0000c5a14080) [ 74.714666] [ 74.715015] The buggy address belongs to the physical page: [ 74.715746] page:000000002a39f223 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a14 [ 74.716937] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.717921] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.718898] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.719381] page dumped because: kasan: bad access detected [ 74.719959] [ 74.720240] Memory state around the buggy address: [ 74.720996] ffff0000c5a13f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.722053] ffff0000c5a13f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.723075] >ffff0000c5a14000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.723979] ^ [ 74.724514] ffff0000c5a14080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.725454] ffff0000c5a14100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.726337] ==================================================================
[ 73.271251] ================================================================== [ 73.272777] BUG: KASAN: use-after-free in kmalloc_uaf+0xc4/0x1e0 [ 73.273908] Read of size 1 at addr ffff0000c589d808 by task kunit_try_catch/143 [ 73.275193] [ 73.275683] CPU: 1 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.276681] Hardware name: linux,dummy-virt (DT) [ 73.277381] Call trace: [ 73.277940] dump_backtrace.part.0+0xdc/0xf0 [ 73.278796] show_stack+0x18/0x30 [ 73.279479] dump_stack_lvl+0x64/0x80 [ 73.280171] print_report+0x158/0x438 [ 73.280865] kasan_report+0xb4/0xf4 [ 73.281513] __asan_load1+0x68/0x74 [ 73.282221] kmalloc_uaf+0xc4/0x1e0 [ 73.283003] kunit_try_run_case+0x84/0x120 [ 73.283764] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.284660] kthread+0x180/0x190 [ 73.285193] ret_from_fork+0x10/0x20 [ 73.285788] [ 73.286064] Allocated by task 143: [ 73.286644] kasan_save_stack+0x3c/0x70 [ 73.287233] kasan_set_track+0x2c/0x40 [ 73.287801] kasan_save_alloc_info+0x24/0x34 [ 73.288443] __kasan_kmalloc+0xb8/0xc0 [ 73.288946] kmalloc_trace+0x58/0x6c [ 73.289294] kmalloc_uaf+0x94/0x1e0 [ 73.289652] kunit_try_run_case+0x84/0x120 [ 73.290346] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.291185] kthread+0x180/0x190 [ 73.291808] ret_from_fork+0x10/0x20 [ 73.292377] [ 73.292651] Freed by task 143: [ 73.293098] kasan_save_stack+0x3c/0x70 [ 73.293681] kasan_set_track+0x2c/0x40 [ 73.294343] kasan_save_free_info+0x38/0x5c [ 73.295078] __kasan_slab_free+0xe4/0x150 [ 73.295717] __kmem_cache_free+0x130/0x2a4 [ 73.296389] kfree+0x58/0x80 [ 73.296900] kmalloc_uaf+0xb4/0x1e0 [ 73.297473] kunit_try_run_case+0x84/0x120 [ 73.298291] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.298927] kthread+0x180/0x190 [ 73.299244] ret_from_fork+0x10/0x20 [ 73.299601] [ 73.299844] The buggy address belongs to the object at ffff0000c589d800 [ 73.299844] which belongs to the cache kmalloc-128 of size 128 [ 73.300812] The buggy address is located 8 bytes inside of [ 73.300812] 128-byte region [ffff0000c589d800, ffff0000c589d880) [ 73.301705] [ 73.302292] The buggy address belongs to the physical page: [ 73.302787] page:00000000b8b1210d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10589d [ 73.303569] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.304233] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.304929] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.305549] page dumped because: kasan: bad access detected [ 73.305988] [ 73.306267] Memory state around the buggy address: [ 73.307255] ffff0000c589d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 73.307908] ffff0000c589d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.308544] >ffff0000c589d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.309123] ^ [ 73.309505] ffff0000c589d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.310158] ffff0000c589d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.310919] ==================================================================
[ 64.784195] ================================================================== [ 64.784935] BUG: KASAN: use-after-free in kmalloc_uaf+0xdc/0x1e8 [ 64.785402] Read of size 1 at addr ffff0000c59aae08 by task kunit_try_catch/141 [ 64.785839] [ 64.786007] CPU: 1 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.787950] Hardware name: linux,dummy-virt (DT) [ 64.788700] Call trace: [ 64.789176] dump_backtrace+0x110/0x120 [ 64.790018] show_stack+0x18/0x28 [ 64.790800] dump_stack_lvl+0x68/0x84 [ 64.791517] print_report+0x158/0x484 [ 64.792219] kasan_report+0x98/0xe0 [ 64.792898] __asan_load1+0x68/0x78 [ 64.793606] kmalloc_uaf+0xdc/0x1e8 [ 64.794321] kunit_try_run_case+0x7c/0x120 [ 64.795112] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.796033] kthread+0x1a4/0x1b8 [ 64.796705] ret_from_fork+0x10/0x20 [ 64.797391] [ 64.797827] Allocated by task 141: [ 64.798467] kasan_save_stack+0x2c/0x58 [ 64.799176] kasan_set_track+0x2c/0x40 [ 64.799890] kasan_save_alloc_info+0x24/0x38 [ 64.800724] __kasan_kmalloc+0xa0/0xb8 [ 64.801354] kmalloc_trace+0x50/0x68 [ 64.802079] kmalloc_uaf+0xa8/0x1e8 [ 64.802774] kunit_try_run_case+0x7c/0x120 [ 64.803541] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.804491] kthread+0x1a4/0x1b8 [ 64.805169] ret_from_fork+0x10/0x20 [ 64.805814] [ 64.806108] Freed by task 141: [ 64.806725] kasan_save_stack+0x2c/0x58 [ 64.807456] kasan_set_track+0x2c/0x40 [ 64.807947] kasan_save_free_info+0x38/0x60 [ 64.808314] __kasan_slab_free+0xe8/0x158 [ 64.808636] __kmem_cache_free+0x138/0x2b0 [ 64.809003] kfree+0x5c/0x70 [ 64.809607] kmalloc_uaf+0xc8/0x1e8 [ 64.810224] kunit_try_run_case+0x7c/0x120 [ 64.811065] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.811878] kthread+0x1a4/0x1b8 [ 64.812566] ret_from_fork+0x10/0x20 [ 64.813338] [ 64.813864] The buggy address belongs to the object at ffff0000c59aae00 [ 64.813864] which belongs to the cache kmalloc-128 of size 128 [ 64.815068] The buggy address is located 8 bytes inside of [ 64.815068] 128-byte region [ffff0000c59aae00, ffff0000c59aae80) [ 64.815702] [ 64.815863] The buggy address belongs to the physical page: [ 64.816193] page:000000007750314d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa [ 64.817222] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.818253] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.819500] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.820359] page dumped because: kasan: bad access detected [ 64.820997] [ 64.821247] Memory state around the buggy address: [ 64.822353] ffff0000c59aad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.823182] ffff0000c59aad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.824013] >ffff0000c59aae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.824806] ^ [ 64.825289] ffff0000c59aae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.826247] ffff0000c59aaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.827174] ==================================================================
[ 31.062331] ================================================================== [ 31.063003] BUG: KASAN: use-after-free in kmalloc_uaf+0xcd/0x1c0 [ 31.063394] Read of size 1 at addr ffff888101a015a8 by task kunit_try_catch/247 [ 31.063863] [ 31.063992] CPU: 1 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.064451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.064922] Call Trace: [ 31.065140] <TASK> [ 31.065315] dump_stack_lvl+0x49/0x62 [ 31.065605] print_report+0x189/0x492 [ 31.065792] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.066301] ? kmalloc_uaf+0xcd/0x1c0 [ 31.066619] kasan_report+0x10c/0x190 [ 31.066890] ? kmalloc_uaf+0xcd/0x1c0 [ 31.067535] __asan_load1+0x62/0x70 [ 31.067782] kmalloc_uaf+0xcd/0x1c0 [ 31.067996] ? kmalloc_uaf2+0x2b0/0x2b0 [ 31.068201] ? __kunit_add_resource+0xd1/0x100 [ 31.068517] ? kasan_test_init+0x13e/0x1b0 [ 31.068782] kunit_try_run_case+0x8f/0xd0 [ 31.069000] ? kunit_catch_run_case+0x80/0x80 [ 31.069328] ? kunit_try_catch_throw+0x40/0x40 [ 31.069585] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.069908] kthread+0x17b/0x1b0 [ 31.070096] ? kthread_complete_and_exit+0x30/0x30 [ 31.070321] ret_from_fork+0x22/0x30 [ 31.070612] </TASK> [ 31.070774] [ 31.070886] Allocated by task 247: [ 31.071084] kasan_save_stack+0x41/0x70 [ 31.071337] kasan_set_track+0x25/0x40 [ 31.071964] kasan_save_alloc_info+0x1e/0x30 [ 31.072273] __kasan_kmalloc+0xb6/0xc0 [ 31.072517] kmalloc_trace+0x48/0xb0 [ 31.072724] kmalloc_uaf+0x99/0x1c0 [ 31.072956] kunit_try_run_case+0x8f/0xd0 [ 31.073152] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.073477] kthread+0x17b/0x1b0 [ 31.073722] ret_from_fork+0x22/0x30 [ 31.073932] [ 31.074015] Freed by task 247: [ 31.074219] kasan_save_stack+0x41/0x70 [ 31.074483] kasan_set_track+0x25/0x40 [ 31.074701] kasan_save_free_info+0x2e/0x50 [ 31.074959] ____kasan_slab_free+0x175/0x1d0 [ 31.075199] __kasan_slab_free+0x12/0x20 [ 31.075426] __kmem_cache_free+0x188/0x2f0 [ 31.075679] kfree+0x78/0x120 [ 31.075860] kmalloc_uaf+0xb5/0x1c0 [ 31.076054] kunit_try_run_case+0x8f/0xd0 [ 31.076669] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.077000] kthread+0x17b/0x1b0 [ 31.077201] ret_from_fork+0x22/0x30 [ 31.077465] [ 31.077572] The buggy address belongs to the object at ffff888101a015a0 [ 31.077572] which belongs to the cache kmalloc-16 of size 16 [ 31.078065] The buggy address is located 8 bytes inside of [ 31.078065] 16-byte region [ffff888101a015a0, ffff888101a015b0) [ 31.078576] [ 31.078667] The buggy address belongs to the physical page: [ 31.078922] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a01 [ 31.079422] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.080020] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 31.080596] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 31.080920] page dumped because: kasan: bad access detected [ 31.081336] [ 31.081577] Memory state around the buggy address: [ 31.081851] ffff888101a01480: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 02 fc fc [ 31.082338] ffff888101a01500: 00 03 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 31.082772] >ffff888101a01580: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 31.083094] ^ [ 31.083544] ffff888101a01600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.084012] ffff888101a01680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.084474] ==================================================================