Recently got a kernel panic from the use-after-free detector code:
Memory modified after free 0xfffff8009665d0c0(56) val=deadc0dedeadc0df @ 0xfffff8009665d0e8
rdi: deadc0dedeadc1ae rsi: fffff80032103740 rdx: ffffffff89cb372b
panic: Most recently used by nvidia
The memory region in question looks like this:
(kgdb) x/8a 0xfffff8009665d0c0
0xfffff8009665d0c0: 0xdeadc0dedeadc0de 0xdeadc0dedeadc0de
0xfffff8009665d0d0: 0xdeadc0dedeadc0de 0xdeadc0dedeadc0de
0xfffff8009665d0e0: 0xdeadc0dedeadc0de 0xdeadc0dedeadc0df
0xfffff8009665d0f0: 0xdeadc0dedeadc0de 0xffffffff89dd9cd0 <M_NVIDIA>
So, it looks like some code either incremented a field at offset 40 (bytes) in some object or OR-ed 1 into that field.
The object size must be between 41 (at least one byte at offset 40) and 64 (the maximum item size in the corresponding malloc zone).