Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.925910] ================================================================== [ 105.926966] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xd4/0x1f0 [ 105.927523] Write of size 33 at addr ffff0000c66f6b00 by task kunit_try_catch/228 [ 105.928428] [ 105.928771] CPU: 1 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.929913] Hardware name: linux,dummy-virt (DT) [ 105.930568] Call trace: [ 105.930971] dump_backtrace+0xe0/0x134 [ 105.931582] show_stack+0x20/0x2c [ 105.932133] dump_stack_lvl+0x88/0xb4 [ 105.932883] print_report+0x158/0x44c [ 105.933575] kasan_report+0xc8/0x180 [ 105.934229] kasan_check_range+0xe4/0x190 [ 105.934899] memset+0x40/0x70 [ 105.935444] kmalloc_uaf_memset+0xd4/0x1f0 [ 105.936127] kunit_try_run_case+0x8c/0x124 [ 105.936907] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.937647] kthread+0x15c/0x170 [ 105.938028] ret_from_fork+0x10/0x20 [ 105.938397] [ 105.938577] Allocated by task 228: [ 105.938900] kasan_save_stack+0x3c/0x70 [ 105.939447] kasan_set_track+0x2c/0x40 [ 105.939981] kasan_save_alloc_info+0x24/0x34 [ 105.940694] __kasan_kmalloc+0xd4/0xe0 [ 105.941181] kmalloc_trace+0x8c/0x150 [ 105.941617] kmalloc_uaf_memset+0x9c/0x1f0 [ 105.942068] kunit_try_run_case+0x8c/0x124 [ 105.942472] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.943109] kthread+0x15c/0x170 [ 105.943551] ret_from_fork+0x10/0x20 [ 105.944032] [ 105.944251] Freed by task 228: [ 105.944628] kasan_save_stack+0x3c/0x70 [ 105.945176] kasan_set_track+0x2c/0x40 [ 105.945838] kasan_save_free_info+0x38/0x5c [ 105.946400] __kasan_slab_free+0x100/0x170 [ 105.946801] slab_free_freelist_hook+0xd8/0x1c0 [ 105.947198] __kmem_cache_free+0x15c/0x2a0 [ 105.947579] kfree+0x88/0x150 [ 105.948079] kmalloc_uaf_memset+0xbc/0x1f0 [ 105.948958] kunit_try_run_case+0x8c/0x124 [ 105.949643] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.950448] kthread+0x15c/0x170 [ 105.951047] ret_from_fork+0x10/0x20 [ 105.951612] [ 105.951891] The buggy address belongs to the object at ffff0000c66f6b00 [ 105.951891] which belongs to the cache kmalloc-128 of size 128 [ 105.953535] The buggy address is located 0 bytes inside of [ 105.953535] 128-byte region [ffff0000c66f6b00, ffff0000c66f6b80) [ 105.955076] [ 105.955358] The buggy address belongs to the physical page: [ 105.956040] page:000000008cb3a959 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066f6 [ 105.957992] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.958917] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.959756] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.960239] page dumped because: kasan: bad access detected [ 105.961089] [ 105.961369] Memory state around the buggy address: [ 105.962206] ffff0000c66f6a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.963094] ffff0000c66f6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.963966] >ffff0000c66f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.965664] ^ [ 105.966158] ffff0000c66f6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.966648] ffff0000c66f6c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.967233] ==================================================================
[ 75.674540] ================================================================== [ 75.676406] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xac/0x14c [ 75.677884] Write of size 33 at addr ffff0000c5a46e00 by task kunit_try_catch/144 [ 75.679638] [ 75.680306] CPU: 1 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.681665] Hardware name: linux,dummy-virt (DT) [ 75.682038] Call trace: [ 75.682274] dump_backtrace+0xf8/0x118 [ 75.682703] show_stack+0x18/0x24 [ 75.683104] __dump_stack+0x28/0x38 [ 75.683479] dump_stack_lvl+0x54/0x6c [ 75.684113] print_address_description+0x7c/0x1ec [ 75.685346] print_report+0x50/0x68 [ 75.686145] kasan_report+0xac/0x100 [ 75.686931] kasan_check_range+0x260/0x2a0 [ 75.687773] memset+0x40/0x70 [ 75.688425] kmalloc_uaf_memset+0xac/0x14c [ 75.689279] kunit_try_run_case+0x80/0x184 [ 75.690085] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.691038] kthread+0x16c/0x21c [ 75.691661] ret_from_fork+0x10/0x20 [ 75.692289] [ 75.693143] Allocated by task 144: [ 75.693684] kasan_set_track+0x4c/0x80 [ 75.694383] kasan_save_alloc_info+0x28/0x34 [ 75.695061] __kasan_kmalloc+0x88/0xa0 [ 75.695703] kmalloc_trace+0x54/0x68 [ 75.696311] kmalloc_uaf_memset+0x48/0x14c [ 75.697029] kunit_try_run_case+0x80/0x184 [ 75.697817] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.698698] kthread+0x16c/0x21c [ 75.699356] ret_from_fork+0x10/0x20 [ 75.699944] [ 75.700218] Freed by task 144: [ 75.700671] kasan_set_track+0x4c/0x80 [ 75.701413] kasan_save_free_info+0x3c/0x60 [ 75.702161] ____kasan_slab_free+0xe8/0x140 [ 75.702844] __kasan_slab_free+0x18/0x28 [ 75.703494] __kmem_cache_free+0xdc/0x284 [ 75.703910] kfree+0x60/0x74 [ 75.704263] kmalloc_uaf_memset+0x90/0x14c [ 75.704698] kunit_try_run_case+0x80/0x184 [ 75.705362] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.706167] kthread+0x16c/0x21c [ 75.706734] ret_from_fork+0x10/0x20 [ 75.707309] [ 75.707577] The buggy address belongs to the object at ffff0000c5a46e00 [ 75.707577] which belongs to the cache kmalloc-128 of size 128 [ 75.708417] The buggy address is located 0 bytes inside of [ 75.708417] 128-byte region [ffff0000c5a46e00, ffff0000c5a46e80) [ 75.709942] [ 75.710382] The buggy address belongs to the physical page: [ 75.711060] page:00000000e850444c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a46 [ 75.712173] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.713189] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.714291] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.714793] page dumped because: kasan: bad access detected [ 75.715163] [ 75.715340] Memory state around the buggy address: [ 75.715690] ffff0000c5a46d00: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.716580] ffff0000c5a46d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.717547] >ffff0000c5a46e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.718447] ^ [ 75.718944] ffff0000c5a46e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.719824] ffff0000c5a46f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.720700] ==================================================================
[ 74.730064] ================================================================== [ 74.730927] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xac/0x14c [ 74.731565] Write of size 33 at addr ffff0000c5a14100 by task kunit_try_catch/144 [ 74.732799] [ 74.733266] CPU: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.733928] Hardware name: linux,dummy-virt (DT) [ 74.734275] Call trace: [ 74.734509] dump_backtrace+0xf4/0x114 [ 74.735167] show_stack+0x18/0x24 [ 74.735631] __dump_stack+0x28/0x38 [ 74.736076] dump_stack_lvl+0x50/0x68 [ 74.736528] print_address_description+0x7c/0x1ec [ 74.737067] print_report+0x50/0x68 [ 74.737507] kasan_report+0xac/0xfc [ 74.737963] kasan_check_range+0x258/0x290 [ 74.738437] memset+0x40/0x70 [ 74.738847] kmalloc_uaf_memset+0xac/0x14c [ 74.739301] kunit_try_run_case+0x80/0x184 [ 74.739771] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.740323] kthread+0x16c/0x21c [ 74.740731] ret_from_fork+0x10/0x20 [ 74.741179] [ 74.741390] Allocated by task 144: [ 74.741716] kasan_set_track+0x4c/0x80 [ 74.742172] kasan_save_alloc_info+0x28/0x34 [ 74.742607] __kasan_kmalloc+0x88/0xa0 [ 74.743111] kmalloc_trace+0x54/0x68 [ 74.743533] kmalloc_uaf_memset+0x48/0x14c [ 74.744033] kunit_try_run_case+0x80/0x184 [ 74.744492] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.745103] kthread+0x16c/0x21c [ 74.745551] ret_from_fork+0x10/0x20 [ 74.746009] [ 74.746196] Freed by task 144: [ 74.746533] kasan_set_track+0x4c/0x80 [ 74.747071] kasan_save_free_info+0x3c/0x60 [ 74.747506] ____kasan_slab_free+0xe8/0x140 [ 74.748041] __kasan_slab_free+0x18/0x28 [ 74.748497] __kmem_cache_free+0xdc/0x27c [ 74.748983] kfree+0x60/0x74 [ 74.749383] kmalloc_uaf_memset+0x90/0x14c [ 74.749888] kunit_try_run_case+0x80/0x184 [ 74.750344] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.750941] kthread+0x16c/0x21c [ 74.751355] ret_from_fork+0x10/0x20 [ 74.751801] [ 74.752000] The buggy address belongs to the object at ffff0000c5a14100 [ 74.752000] which belongs to the cache kmalloc-128 of size 128 [ 74.752958] The buggy address is located 0 bytes inside of [ 74.752958] 128-byte region [ffff0000c5a14100, ffff0000c5a14180) [ 74.753843] [ 74.754066] The buggy address belongs to the physical page: [ 74.754544] page:000000002a39f223 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a14 [ 74.755338] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.756029] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.756721] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.757354] page dumped because: kasan: bad access detected [ 74.757832] [ 74.758025] Memory state around the buggy address: [ 74.758456] ffff0000c5a14000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.759096] ffff0000c5a14080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.759720] >ffff0000c5a14100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.760338] ^ [ 74.760682] ffff0000c5a14180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.761339] ffff0000c5a14200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.761985] ==================================================================
[ 73.314952] ================================================================== [ 73.315785] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xcc/0x1f0 [ 73.316428] Write of size 33 at addr ffff0000c589da00 by task kunit_try_catch/144 [ 73.316965] [ 73.317198] CPU: 1 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.318116] Hardware name: linux,dummy-virt (DT) [ 73.318572] Call trace: [ 73.318832] dump_backtrace.part.0+0xdc/0xf0 [ 73.319352] show_stack+0x18/0x30 [ 73.319767] dump_stack_lvl+0x64/0x80 [ 73.320186] print_report+0x158/0x438 [ 73.321414] kasan_report+0xb4/0xf4 [ 73.321884] kasan_check_range+0xe4/0x190 [ 73.322434] memset+0x40/0x70 [ 73.322869] kmalloc_uaf_memset+0xcc/0x1f0 [ 73.323619] kunit_try_run_case+0x84/0x120 [ 73.324296] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.324961] kthread+0x180/0x190 [ 73.325468] ret_from_fork+0x10/0x20 [ 73.326067] [ 73.326240] Allocated by task 144: [ 73.326851] kasan_save_stack+0x3c/0x70 [ 73.327412] kasan_set_track+0x2c/0x40 [ 73.327938] kasan_save_alloc_info+0x24/0x34 [ 73.328533] __kasan_kmalloc+0xb8/0xc0 [ 73.329045] kmalloc_trace+0x58/0x6c [ 73.329573] kmalloc_uaf_memset+0x94/0x1f0 [ 73.330238] kunit_try_run_case+0x84/0x120 [ 73.330811] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.331472] kthread+0x180/0x190 [ 73.331867] ret_from_fork+0x10/0x20 [ 73.332291] [ 73.332493] Freed by task 144: [ 73.332788] kasan_save_stack+0x3c/0x70 [ 73.333232] kasan_set_track+0x2c/0x40 [ 73.333620] kasan_save_free_info+0x38/0x5c [ 73.334110] __kasan_slab_free+0xe4/0x150 [ 73.334532] __kmem_cache_free+0x130/0x2a4 [ 73.335012] kfree+0x58/0x80 [ 73.335356] kmalloc_uaf_memset+0xb4/0x1f0 [ 73.336117] kunit_try_run_case+0x84/0x120 [ 73.336613] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.337178] kthread+0x180/0x190 [ 73.337589] ret_from_fork+0x10/0x20 [ 73.338194] [ 73.338808] The buggy address belongs to the object at ffff0000c589da00 [ 73.338808] which belongs to the cache kmalloc-128 of size 128 [ 73.339773] The buggy address is located 0 bytes inside of [ 73.339773] 128-byte region [ffff0000c589da00, ffff0000c589da80) [ 73.340696] [ 73.340895] The buggy address belongs to the physical page: [ 73.341374] page:00000000b8b1210d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10589d [ 73.342441] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.343272] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.343919] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.344541] page dumped because: kasan: bad access detected [ 73.345045] [ 73.345245] Memory state around the buggy address: [ 73.345714] ffff0000c589d900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 73.346853] ffff0000c589d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.347484] >ffff0000c589da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.348051] ^ [ 73.348371] ffff0000c589da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.349028] ffff0000c589db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.349611] ==================================================================
[ 64.830722] ================================================================== [ 64.831391] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xe4/0x1e8 [ 64.831877] Write of size 33 at addr ffff0000c3c72400 by task kunit_try_catch/142 [ 64.832416] [ 64.832704] CPU: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.833764] Hardware name: linux,dummy-virt (DT) [ 64.834415] Call trace: [ 64.834782] dump_backtrace+0x110/0x120 [ 64.835396] show_stack+0x18/0x28 [ 64.835927] dump_stack_lvl+0x68/0x84 [ 64.836484] print_report+0x158/0x484 [ 64.836999] kasan_report+0x98/0xe0 [ 64.837524] kasan_check_range+0x160/0x1d8 [ 64.838250] memset+0x3c/0x80 [ 64.838722] kmalloc_uaf_memset+0xe4/0x1e8 [ 64.839318] kunit_try_run_case+0x7c/0x120 [ 64.839894] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.840615] kthread+0x1a4/0x1b8 [ 64.841095] ret_from_fork+0x10/0x20 [ 64.841764] [ 64.842017] Allocated by task 142: [ 64.842466] kasan_save_stack+0x2c/0x58 [ 64.842989] kasan_set_track+0x2c/0x40 [ 64.843471] kasan_save_alloc_info+0x24/0x38 [ 64.843823] __kasan_kmalloc+0xa0/0xb8 [ 64.844129] kmalloc_trace+0x50/0x68 [ 64.844495] kmalloc_uaf_memset+0xa8/0x1e8 [ 64.844941] kunit_try_run_case+0x7c/0x120 [ 64.845399] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.845901] kthread+0x1a4/0x1b8 [ 64.846420] ret_from_fork+0x10/0x20 [ 64.846773] [ 64.846973] Freed by task 142: [ 64.847265] kasan_save_stack+0x2c/0x58 [ 64.847655] kasan_set_track+0x2c/0x40 [ 64.847984] kasan_save_free_info+0x38/0x60 [ 64.848425] __kasan_slab_free+0xe8/0x158 [ 64.848815] __kmem_cache_free+0x138/0x2b0 [ 64.849267] kfree+0x5c/0x70 [ 64.850093] kmalloc_uaf_memset+0xc8/0x1e8 [ 64.850547] kunit_try_run_case+0x7c/0x120 [ 64.850965] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.851455] kthread+0x1a4/0x1b8 [ 64.851804] ret_from_fork+0x10/0x20 [ 64.852182] [ 64.852366] The buggy address belongs to the object at ffff0000c3c72400 [ 64.852366] which belongs to the cache kmalloc-128 of size 128 [ 64.853187] The buggy address is located 0 bytes inside of [ 64.853187] 128-byte region [ffff0000c3c72400, ffff0000c3c72480) [ 64.854216] [ 64.854472] The buggy address belongs to the physical page: [ 64.854900] page:00000000a9204604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c72 [ 64.855575] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.856184] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.856908] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.857617] page dumped because: kasan: bad access detected [ 64.858034] [ 64.858215] Memory state around the buggy address: [ 64.858648] ffff0000c3c72300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 64.859190] ffff0000c3c72380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.859738] >ffff0000c3c72400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.860217] ^ [ 64.860529] ffff0000c3c72480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.861058] ffff0000c3c72500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.861823] ==================================================================
[ 31.087118] ================================================================== [ 31.087792] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xcf/0x1c0 [ 31.088123] Write of size 33 at addr ffff8881030dcd80 by task kunit_try_catch/248 [ 31.088606] [ 31.088763] CPU: 1 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.089193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.089572] Call Trace: [ 31.090098] <TASK> [ 31.090244] dump_stack_lvl+0x49/0x62 [ 31.090491] print_report+0x189/0x492 [ 31.090738] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.090985] ? kmalloc_uaf_memset+0xcf/0x1c0 [ 31.091266] kasan_report+0x10c/0x190 [ 31.091501] ? kmalloc_uaf_memset+0xcf/0x1c0 [ 31.091774] kasan_check_range+0x10b/0x1c0 [ 31.091989] memset+0x23/0x50 [ 31.092199] kmalloc_uaf_memset+0xcf/0x1c0 [ 31.092479] ? kasan_strings+0x4e0/0x4e0 [ 31.092719] ? __kunit_add_resource+0xd1/0x100 [ 31.092966] ? kasan_test_init+0x13e/0x1b0 [ 31.093223] kunit_try_run_case+0x8f/0xd0 [ 31.093458] ? kunit_catch_run_case+0x80/0x80 [ 31.093744] ? kunit_try_catch_throw+0x40/0x40 [ 31.093951] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.094292] kthread+0x17b/0x1b0 [ 31.094510] ? kthread_complete_and_exit+0x30/0x30 [ 31.094736] ret_from_fork+0x22/0x30 [ 31.094976] </TASK> [ 31.095121] [ 31.095256] Allocated by task 248: [ 31.095414] kasan_save_stack+0x41/0x70 [ 31.095653] kasan_set_track+0x25/0x40 [ 31.095891] kasan_save_alloc_info+0x1e/0x30 [ 31.096083] __kasan_kmalloc+0xb6/0xc0 [ 31.096429] kmalloc_trace+0x48/0xb0 [ 31.096651] kmalloc_uaf_memset+0x99/0x1c0 [ 31.096854] kunit_try_run_case+0x8f/0xd0 [ 31.097091] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.097344] kthread+0x17b/0x1b0 [ 31.097604] ret_from_fork+0x22/0x30 [ 31.097823] [ 31.097927] Freed by task 248: [ 31.098076] kasan_save_stack+0x41/0x70 [ 31.098369] kasan_set_track+0x25/0x40 [ 31.098569] kasan_save_free_info+0x2e/0x50 [ 31.098812] ____kasan_slab_free+0x175/0x1d0 [ 31.099032] __kasan_slab_free+0x12/0x20 [ 31.099302] __kmem_cache_free+0x188/0x2f0 [ 31.099519] kfree+0x78/0x120 [ 31.099672] kmalloc_uaf_memset+0xb1/0x1c0 [ 31.099883] kunit_try_run_case+0x8f/0xd0 [ 31.100131] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.100431] kthread+0x17b/0x1b0 [ 31.100585] ret_from_fork+0x22/0x30 [ 31.101013] [ 31.101154] The buggy address belongs to the object at ffff8881030dcd80 [ 31.101154] which belongs to the cache kmalloc-64 of size 64 [ 31.102578] The buggy address is located 0 bytes inside of [ 31.102578] 64-byte region [ffff8881030dcd80, ffff8881030dcdc0) [ 31.103477] [ 31.103598] The buggy address belongs to the physical page: [ 31.103854] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030dc [ 31.104487] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.104990] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041640 [ 31.105633] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.106110] page dumped because: kasan: bad access detected [ 31.106606] [ 31.106739] Memory state around the buggy address: [ 31.107139] ffff8881030dcc80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.107925] ffff8881030dcd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.108396] >ffff8881030dcd80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.108900] ^ [ 31.109301] ffff8881030dce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.109766] ffff8881030dce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.110083] ==================================================================