Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 107.097974] ================================================================== [ 107.099280] BUG: KASAN: use-after-free in strchr+0x20/0x80 [ 107.100089] Read of size 1 at addr ffff0000c66ab410 by task kunit_try_catch/248 [ 107.101811] [ 107.102050] CPU: 1 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 107.102610] Hardware name: linux,dummy-virt (DT) [ 107.102993] Call trace: [ 107.103343] dump_backtrace+0xe0/0x134 [ 107.104075] show_stack+0x20/0x2c [ 107.104672] dump_stack_lvl+0x88/0xb4 [ 107.105276] print_report+0x158/0x44c [ 107.105783] kasan_report+0xc8/0x180 [ 107.106350] __asan_load1+0x68/0x74 [ 107.106884] strchr+0x20/0x80 [ 107.107394] kasan_strings+0xd8/0x530 [ 107.107961] kunit_try_run_case+0x8c/0x124 [ 107.108613] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 107.109328] kthread+0x15c/0x170 [ 107.109791] ret_from_fork+0x10/0x20 [ 107.110196] [ 107.110410] Allocated by task 248: [ 107.110767] kasan_save_stack+0x3c/0x70 [ 107.111222] kasan_set_track+0x2c/0x40 [ 107.111683] kasan_save_alloc_info+0x24/0x34 [ 107.112150] __kasan_kmalloc+0xd4/0xe0 [ 107.112628] kmalloc_trace+0x8c/0x150 [ 107.113038] kasan_strings+0xa0/0x530 [ 107.113517] kunit_try_run_case+0x8c/0x124 [ 107.113989] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 107.114603] kthread+0x15c/0x170 [ 107.115016] ret_from_fork+0x10/0x20 [ 107.115444] [ 107.115637] Freed by task 248: [ 107.116764] kasan_save_stack+0x3c/0x70 [ 107.117554] kasan_set_track+0x2c/0x40 [ 107.118158] kasan_save_free_info+0x38/0x5c [ 107.118812] __kasan_slab_free+0x100/0x170 [ 107.119430] slab_free_freelist_hook+0xd8/0x1c0 [ 107.120088] __kmem_cache_free+0x15c/0x2a0 [ 107.121552] kfree+0x88/0x150 [ 107.122081] kasan_strings+0xc0/0x530 [ 107.122686] kunit_try_run_case+0x8c/0x124 [ 107.123318] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 107.124104] kthread+0x15c/0x170 [ 107.125016] ret_from_fork+0x10/0x20 [ 107.125600] [ 107.125887] The buggy address belongs to the object at ffff0000c66ab400 [ 107.125887] which belongs to the cache kmalloc-128 of size 128 [ 107.126866] The buggy address is located 16 bytes inside of [ 107.126866] 128-byte region [ffff0000c66ab400, ffff0000c66ab480) [ 107.127563] [ 107.127753] The buggy address belongs to the physical page: [ 107.128129] page:0000000069500412 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066ab [ 107.129697] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 107.130807] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 107.131812] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 107.132880] page dumped because: kasan: bad access detected [ 107.133561] [ 107.133992] Memory state around the buggy address: [ 107.134787] ffff0000c66ab300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 107.135822] ffff0000c66ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.136849] >ffff0000c66ab400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 107.137953] ^ [ 107.138286] ffff0000c66ab480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.138788] ffff0000c66ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.139958] ==================================================================
[ 76.803113] ================================================================== [ 76.803852] BUG: KASAN: use-after-free in strchr+0x20/0x6c [ 76.804333] Read of size 1 at addr ffff0000c5abca10 by task kunit_try_catch/164 [ 76.805669] [ 76.805998] CPU: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 76.807301] Hardware name: linux,dummy-virt (DT) [ 76.808117] Call trace: [ 76.808561] dump_backtrace+0xf8/0x118 [ 76.809335] show_stack+0x18/0x24 [ 76.809984] __dump_stack+0x28/0x38 [ 76.810609] dump_stack_lvl+0x54/0x6c [ 76.811256] print_address_description+0x7c/0x1ec [ 76.812046] print_report+0x50/0x68 [ 76.812753] kasan_report+0xac/0x100 [ 76.813691] __asan_load1+0x6c/0x70 [ 76.814381] strchr+0x20/0x6c [ 76.814942] kasan_strings+0xa8/0x404 [ 76.815589] kunit_try_run_case+0x80/0x184 [ 76.816308] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.817309] kthread+0x16c/0x21c [ 76.818101] ret_from_fork+0x10/0x20 [ 76.818501] [ 76.818688] Allocated by task 164: [ 76.818990] kasan_set_track+0x4c/0x80 [ 76.819408] kasan_save_alloc_info+0x28/0x34 [ 76.819831] __kasan_kmalloc+0x88/0xa0 [ 76.820339] kmalloc_trace+0x54/0x68 [ 76.820880] kasan_strings+0x48/0x404 [ 76.821329] kunit_try_run_case+0x80/0x184 [ 76.822047] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.822643] kthread+0x16c/0x21c [ 76.823113] ret_from_fork+0x10/0x20 [ 76.823488] [ 76.823667] Freed by task 164: [ 76.824125] kasan_set_track+0x4c/0x80 [ 76.824629] kasan_save_free_info+0x3c/0x60 [ 76.825129] ____kasan_slab_free+0xe8/0x140 [ 76.825686] __kasan_slab_free+0x18/0x28 [ 76.826203] __kmem_cache_free+0xdc/0x284 [ 76.826682] kfree+0x60/0x74 [ 76.827106] kasan_strings+0x90/0x404 [ 76.827580] kunit_try_run_case+0x80/0x184 [ 76.828041] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.828619] kthread+0x16c/0x21c [ 76.829066] ret_from_fork+0x10/0x20 [ 76.829500] [ 76.829698] The buggy address belongs to the object at ffff0000c5abca00 [ 76.829698] which belongs to the cache kmalloc-128 of size 128 [ 76.830656] The buggy address is located 16 bytes inside of [ 76.830656] 128-byte region [ffff0000c5abca00, ffff0000c5abca80) [ 76.832021] [ 76.832232] The buggy address belongs to the physical page: [ 76.832890] page:00000000b0163b2b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 76.833649] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 76.834325] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 76.835171] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 76.835818] page dumped because: kasan: bad access detected [ 76.836293] [ 76.836483] Memory state around the buggy address: [ 76.837456] ffff0000c5abc900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.838118] ffff0000c5abc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.838778] >ffff0000c5abca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.839411] ^ [ 76.839812] ffff0000c5abca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.840442] ffff0000c5abcb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.841202] ==================================================================
[ 75.916364] ================================================================== [ 75.917414] BUG: KASAN: use-after-free in strchr+0x20/0x6c [ 75.917907] Read of size 1 at addr ffff0000c58a7510 by task kunit_try_catch/164 [ 75.918414] [ 75.918621] CPU: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.920393] Hardware name: linux,dummy-virt (DT) [ 75.921313] Call trace: [ 75.921916] dump_backtrace+0xf4/0x114 [ 75.922717] show_stack+0x18/0x24 [ 75.923508] __dump_stack+0x28/0x38 [ 75.924303] dump_stack_lvl+0x50/0x68 [ 75.925032] print_address_description+0x7c/0x1ec [ 75.925926] print_report+0x50/0x68 [ 75.926650] kasan_report+0xac/0xfc [ 75.927390] __asan_load1+0x6c/0x70 [ 75.928202] strchr+0x20/0x6c [ 75.928795] kasan_strings+0xa8/0x404 [ 75.929602] kunit_try_run_case+0x80/0x184 [ 75.930430] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.931376] kthread+0x16c/0x21c [ 75.932582] ret_from_fork+0x10/0x20 [ 75.933236] [ 75.933552] Allocated by task 164: [ 75.934084] kasan_set_track+0x4c/0x80 [ 75.934775] kasan_save_alloc_info+0x28/0x34 [ 75.935341] __kasan_kmalloc+0x88/0xa0 [ 75.936354] kmalloc_trace+0x54/0x68 [ 75.936983] kasan_strings+0x48/0x404 [ 75.937589] kunit_try_run_case+0x80/0x184 [ 75.938254] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.939069] kthread+0x16c/0x21c [ 75.939525] ret_from_fork+0x10/0x20 [ 75.940144] [ 75.940612] Freed by task 164: [ 75.941093] kasan_set_track+0x4c/0x80 [ 75.941733] kasan_save_free_info+0x3c/0x60 [ 75.942194] ____kasan_slab_free+0xe8/0x140 [ 75.942639] __kasan_slab_free+0x18/0x28 [ 75.943076] __kmem_cache_free+0xdc/0x27c [ 75.943484] kfree+0x60/0x74 [ 75.944500] kasan_strings+0x90/0x404 [ 75.945136] kunit_try_run_case+0x80/0x184 [ 75.945810] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.946616] kthread+0x16c/0x21c [ 75.947209] ret_from_fork+0x10/0x20 [ 75.947857] [ 75.948078] The buggy address belongs to the object at ffff0000c58a7500 [ 75.948078] which belongs to the cache kmalloc-128 of size 128 [ 75.949024] The buggy address is located 16 bytes inside of [ 75.949024] 128-byte region [ffff0000c58a7500, ffff0000c58a7580) [ 75.950197] [ 75.950401] The buggy address belongs to the physical page: [ 75.950866] page:00000000333134b1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 75.952127] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.953100] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.954089] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.955002] page dumped because: kasan: bad access detected [ 75.955958] [ 75.956252] Memory state around the buggy address: [ 75.956887] ffff0000c58a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.957789] ffff0000c58a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.958679] >ffff0000c58a7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.959375] ^ [ 75.959719] ffff0000c58a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.961129] ffff0000c58a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.962030] ==================================================================
[ 74.513034] ================================================================== [ 74.514487] BUG: KASAN: use-after-free in strchr+0x20/0x80 [ 74.515310] Read of size 1 at addr ffff0000c5938710 by task kunit_try_catch/164 [ 74.516309] [ 74.516649] CPU: 1 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.518659] Hardware name: linux,dummy-virt (DT) [ 74.519414] Call trace: [ 74.519830] dump_backtrace.part.0+0xdc/0xf0 [ 74.520551] show_stack+0x18/0x30 [ 74.521150] dump_stack_lvl+0x64/0x80 [ 74.521753] print_report+0x158/0x438 [ 74.522414] kasan_report+0xb4/0xf4 [ 74.522971] __asan_load1+0x68/0x74 [ 74.523547] strchr+0x20/0x80 [ 74.523926] kasan_strings+0xd0/0x520 [ 74.524294] kunit_try_run_case+0x84/0x120 [ 74.524801] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.525331] kthread+0x180/0x190 [ 74.525744] ret_from_fork+0x10/0x20 [ 74.526202] [ 74.526446] Allocated by task 164: [ 74.526838] kasan_save_stack+0x3c/0x70 [ 74.527317] kasan_set_track+0x2c/0x40 [ 74.527908] kasan_save_alloc_info+0x24/0x34 [ 74.528572] __kasan_kmalloc+0xb8/0xc0 [ 74.529139] kmalloc_trace+0x58/0x6c [ 74.529538] kasan_strings+0x98/0x520 [ 74.530080] kunit_try_run_case+0x84/0x120 [ 74.530492] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.530951] kthread+0x180/0x190 [ 74.531266] ret_from_fork+0x10/0x20 [ 74.531845] [ 74.532104] Freed by task 164: [ 74.532535] kasan_save_stack+0x3c/0x70 [ 74.533089] kasan_set_track+0x2c/0x40 [ 74.533640] kasan_save_free_info+0x38/0x5c [ 74.534983] __kasan_slab_free+0xe4/0x150 [ 74.535591] __kmem_cache_free+0x130/0x2a4 [ 74.536233] kfree+0x58/0x80 [ 74.536708] kasan_strings+0xb8/0x520 [ 74.537263] kunit_try_run_case+0x84/0x120 [ 74.538019] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.538836] kthread+0x180/0x190 [ 74.539334] ret_from_fork+0x10/0x20 [ 74.539892] [ 74.540152] The buggy address belongs to the object at ffff0000c5938700 [ 74.540152] which belongs to the cache kmalloc-128 of size 128 [ 74.541515] The buggy address is located 16 bytes inside of [ 74.541515] 128-byte region [ffff0000c5938700, ffff0000c5938780) [ 74.542482] [ 74.542667] The buggy address belongs to the physical page: [ 74.543027] page:000000003af4cecf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105938 [ 74.543827] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.544733] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.545651] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.546818] page dumped because: kasan: bad access detected [ 74.547512] [ 74.547775] Memory state around the buggy address: [ 74.548366] ffff0000c5938600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 74.549224] ffff0000c5938680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.550125] >ffff0000c5938700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.551050] ^ [ 74.551605] ffff0000c5938780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.552712] ffff0000c5938800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.553161] ==================================================================
[ 65.943557] ================================================================== [ 65.944776] BUG: KASAN: use-after-free in strchr+0x1c/0x78 [ 65.945204] Read of size 1 at addr ffff0000c59bd910 by task kunit_try_catch/162 [ 65.946625] [ 65.947167] CPU: 1 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 65.948405] Hardware name: linux,dummy-virt (DT) [ 65.949204] Call trace: [ 65.950084] dump_backtrace+0x110/0x120 [ 65.950539] show_stack+0x18/0x28 [ 65.950923] dump_stack_lvl+0x68/0x84 [ 65.951322] print_report+0x158/0x484 [ 65.951782] kasan_report+0x98/0xe0 [ 65.952143] __asan_load1+0x68/0x78 [ 65.952588] strchr+0x1c/0x78 [ 65.952918] kasan_strings+0xe4/0x4e0 [ 65.953339] kunit_try_run_case+0x7c/0x120 [ 65.953759] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.954425] kthread+0x1a4/0x1b8 [ 65.954773] ret_from_fork+0x10/0x20 [ 65.955156] [ 65.955343] Allocated by task 162: [ 65.955624] kasan_save_stack+0x2c/0x58 [ 65.956024] kasan_set_track+0x2c/0x40 [ 65.956390] kasan_save_alloc_info+0x24/0x38 [ 65.956823] __kasan_kmalloc+0xa0/0xb8 [ 65.957187] kmalloc_trace+0x50/0x68 [ 65.957814] kasan_strings+0xa8/0x4e0 [ 65.958204] kunit_try_run_case+0x7c/0x120 [ 65.958656] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.959179] kthread+0x1a4/0x1b8 [ 65.959897] ret_from_fork+0x10/0x20 [ 65.960280] [ 65.960471] Freed by task 162: [ 65.960727] kasan_save_stack+0x2c/0x58 [ 65.961103] kasan_set_track+0x2c/0x40 [ 65.961526] kasan_save_free_info+0x38/0x60 [ 65.962208] __kasan_slab_free+0xe8/0x158 [ 65.962611] __kmem_cache_free+0x138/0x2b0 [ 65.963056] kfree+0x5c/0x70 [ 65.963356] kasan_strings+0xc8/0x4e0 [ 65.963769] kunit_try_run_case+0x7c/0x120 [ 65.964179] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.964714] kthread+0x1a4/0x1b8 [ 65.965059] ret_from_fork+0x10/0x20 [ 65.965439] [ 65.966081] The buggy address belongs to the object at ffff0000c59bd900 [ 65.966081] which belongs to the cache kmalloc-128 of size 128 [ 65.966960] The buggy address is located 16 bytes inside of [ 65.966960] 128-byte region [ffff0000c59bd900, ffff0000c59bd980) [ 65.967778] [ 65.967972] The buggy address belongs to the physical page: [ 65.968389] page:00000000a3aeb2fe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059bd [ 65.969110] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 65.970019] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 65.970642] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 65.971208] page dumped because: kasan: bad access detected [ 65.971642] [ 65.971817] Memory state around the buggy address: [ 65.972196] ffff0000c59bd800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.972715] ffff0000c59bd880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.973300] >ffff0000c59bd900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.974744] ^ [ 65.975083] ffff0000c59bd980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.975673] ffff0000c59bda00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.976214] ==================================================================
[ 32.076190] ================================================================== [ 32.076835] BUG: KASAN: use-after-free in strchr+0x14/0x60 [ 32.077110] Read of size 1 at addr ffff8881037341d0 by task kunit_try_catch/268 [ 32.077577] [ 32.077700] CPU: 1 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.078119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.078659] Call Trace: [ 32.078796] <TASK> [ 32.078954] dump_stack_lvl+0x49/0x62 [ 32.079229] print_report+0x189/0x492 [ 32.079530] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.079884] ? strchr+0x14/0x60 [ 32.080102] kasan_report+0x10c/0x190 [ 32.080432] ? kasan_quarantine_put+0xba/0x1c0 [ 32.080665] ? strchr+0x14/0x60 [ 32.080901] __asan_load1+0x62/0x70 [ 32.081099] strchr+0x14/0x60 [ 32.081384] kasan_strings+0xd9/0x4e0 [ 32.081616] ? kmalloc_oob_right+0x310/0x310 [ 32.081876] ? __kunit_add_resource+0xd1/0x100 [ 32.082138] ? kasan_test_init+0x13e/0x1b0 [ 32.082429] kunit_try_run_case+0x8f/0xd0 [ 32.082664] ? kunit_catch_run_case+0x80/0x80 [ 32.082964] ? kunit_try_catch_throw+0x40/0x40 [ 32.083207] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.083590] kthread+0x17b/0x1b0 [ 32.084117] ? kthread_complete_and_exit+0x30/0x30 [ 32.084838] ret_from_fork+0x22/0x30 [ 32.085421] </TASK> [ 32.085576] [ 32.085684] Allocated by task 268: [ 32.085862] kasan_save_stack+0x41/0x70 [ 32.086088] kasan_set_track+0x25/0x40 [ 32.086668] kasan_save_alloc_info+0x1e/0x30 [ 32.087094] __kasan_kmalloc+0xb6/0xc0 [ 32.087498] kmalloc_trace+0x48/0xb0 [ 32.087852] kasan_strings+0x99/0x4e0 [ 32.088071] kunit_try_run_case+0x8f/0xd0 [ 32.088490] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.089093] kthread+0x17b/0x1b0 [ 32.089367] ret_from_fork+0x22/0x30 [ 32.089582] [ 32.089686] Freed by task 268: [ 32.089849] kasan_save_stack+0x41/0x70 [ 32.090068] kasan_set_track+0x25/0x40 [ 32.090590] kasan_save_free_info+0x2e/0x50 [ 32.091092] ____kasan_slab_free+0x175/0x1d0 [ 32.091501] __kasan_slab_free+0x12/0x20 [ 32.091866] __kmem_cache_free+0x188/0x2f0 [ 32.092119] kfree+0x78/0x120 [ 32.092497] kasan_strings+0xbd/0x4e0 [ 32.092915] kunit_try_run_case+0x8f/0xd0 [ 32.093331] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.093621] kthread+0x17b/0x1b0 [ 32.093804] ret_from_fork+0x22/0x30 [ 32.094000] [ 32.094107] The buggy address belongs to the object at ffff8881037341c0 [ 32.094107] which belongs to the cache kmalloc-32 of size 32 [ 32.095121] The buggy address is located 16 bytes inside of [ 32.095121] 32-byte region [ffff8881037341c0, ffff8881037341e0) [ 32.095951] [ 32.096067] The buggy address belongs to the physical page: [ 32.096455] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.096866] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.097184] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.097491] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.097921] page dumped because: kasan: bad access detected [ 32.098144] [ 32.098239] Memory state around the buggy address: [ 32.098509] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.099011] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.099338] >ffff888103734180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.099647] ^ [ 32.100153] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.100494] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.100842] ==================================================================