Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 17.045854] ================================================================== [ 17.045935] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 17.046009] Read of size 1 at addr fff00000c5fbe840 by task kunit_try_catch/193 [ 17.046058] [ 17.046093] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.046174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.046202] Hardware name: linux,dummy-virt (DT) [ 17.046231] Call trace: [ 17.046255] show_stack+0x20/0x38 (C) [ 17.046301] dump_stack_lvl+0x8c/0xd0 [ 17.046347] print_report+0x118/0x608 [ 17.046391] kasan_report+0xdc/0x128 [ 17.046436] __kasan_check_byte+0x54/0x70 [ 17.046480] kfree_sensitive+0x30/0xb0 [ 17.046527] kmalloc_double_kzfree+0x168/0x308 [ 17.046571] kunit_try_run_case+0x170/0x3f0 [ 17.046652] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.046705] kthread+0x328/0x630 [ 17.047033] ret_from_fork+0x10/0x20 [ 17.047126] [ 17.047145] Allocated by task 193: [ 17.047199] kasan_save_stack+0x3c/0x68 [ 17.047268] kasan_save_track+0x20/0x40 [ 17.047385] kasan_save_alloc_info+0x40/0x58 [ 17.047485] __kasan_kmalloc+0xd4/0xd8 [ 17.047593] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.047669] kmalloc_double_kzfree+0xb8/0x308 [ 17.047718] kunit_try_run_case+0x170/0x3f0 [ 17.047787] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.047831] kthread+0x328/0x630 [ 17.047862] ret_from_fork+0x10/0x20 [ 17.047898] [ 17.047915] Freed by task 193: [ 17.047942] kasan_save_stack+0x3c/0x68 [ 17.048140] kasan_save_track+0x20/0x40 [ 17.048296] kasan_save_free_info+0x4c/0x78 [ 17.048429] __kasan_slab_free+0x6c/0x98 [ 17.048505] kfree+0x214/0x3c8 [ 17.048598] kfree_sensitive+0x80/0xb0 [ 17.048686] kmalloc_double_kzfree+0x11c/0x308 [ 17.048805] kunit_try_run_case+0x170/0x3f0 [ 17.048901] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.049058] kthread+0x328/0x630 [ 17.049102] ret_from_fork+0x10/0x20 [ 17.049146] [ 17.049202] The buggy address belongs to the object at fff00000c5fbe840 [ 17.049202] which belongs to the cache kmalloc-16 of size 16 [ 17.049270] The buggy address is located 0 bytes inside of [ 17.049270] freed 16-byte region [fff00000c5fbe840, fff00000c5fbe850) [ 17.049610] [ 17.049685] The buggy address belongs to the physical page: [ 17.049754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fbe [ 17.049875] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.049959] page_type: f5(slab) [ 17.050297] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.050392] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.050493] page dumped because: kasan: bad access detected [ 17.050570] [ 17.050714] Memory state around the buggy address: [ 17.050777] fff00000c5fbe700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.050874] fff00000c5fbe780: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.050999] >fff00000c5fbe800: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 17.051110] ^ [ 17.051143] fff00000c5fbe880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.051195] fff00000c5fbe900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.051234] ==================================================================
[ 17.033329] ================================================================== [ 17.033466] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 17.033525] Read of size 1 at addr fff00000c1376c40 by task kunit_try_catch/193 [ 17.033575] [ 17.033835] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.033953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.034035] Hardware name: linux,dummy-virt (DT) [ 17.034091] Call trace: [ 17.034151] show_stack+0x20/0x38 (C) [ 17.034534] dump_stack_lvl+0x8c/0xd0 [ 17.034640] print_report+0x118/0x608 [ 17.034833] kasan_report+0xdc/0x128 [ 17.034951] __kasan_check_byte+0x54/0x70 [ 17.035048] kfree_sensitive+0x30/0xb0 [ 17.035106] kmalloc_double_kzfree+0x168/0x308 [ 17.035424] kunit_try_run_case+0x170/0x3f0 [ 17.035591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.035660] kthread+0x328/0x630 [ 17.036003] ret_from_fork+0x10/0x20 [ 17.036095] [ 17.036219] Allocated by task 193: [ 17.036253] kasan_save_stack+0x3c/0x68 [ 17.036605] kasan_save_track+0x20/0x40 [ 17.036678] kasan_save_alloc_info+0x40/0x58 [ 17.036871] __kasan_kmalloc+0xd4/0xd8 [ 17.036995] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.037039] kmalloc_double_kzfree+0xb8/0x308 [ 17.037338] kunit_try_run_case+0x170/0x3f0 [ 17.037416] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.037474] kthread+0x328/0x630 [ 17.037506] ret_from_fork+0x10/0x20 [ 17.037724] [ 17.037837] Freed by task 193: [ 17.037925] kasan_save_stack+0x3c/0x68 [ 17.038013] kasan_save_track+0x20/0x40 [ 17.038049] kasan_save_free_info+0x4c/0x78 [ 17.038307] __kasan_slab_free+0x6c/0x98 [ 17.038394] kfree+0x214/0x3c8 [ 17.038444] kfree_sensitive+0x80/0xb0 [ 17.038726] kmalloc_double_kzfree+0x11c/0x308 [ 17.038800] kunit_try_run_case+0x170/0x3f0 [ 17.038930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.039243] kthread+0x328/0x630 [ 17.039307] ret_from_fork+0x10/0x20 [ 17.039375] [ 17.039460] The buggy address belongs to the object at fff00000c1376c40 [ 17.039460] which belongs to the cache kmalloc-16 of size 16 [ 17.039555] The buggy address is located 0 bytes inside of [ 17.039555] freed 16-byte region [fff00000c1376c40, fff00000c1376c50) [ 17.039900] [ 17.039951] The buggy address belongs to the physical page: [ 17.040201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101376 [ 17.040282] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.040406] page_type: f5(slab) [ 17.040510] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.040600] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.040856] page dumped because: kasan: bad access detected [ 17.041074] [ 17.041164] Memory state around the buggy address: [ 17.041487] fff00000c1376b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 17.041568] fff00000c1376b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.041624] >fff00000c1376c00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 17.041761] ^ [ 17.041799] fff00000c1376c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.042195] fff00000c1376d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.042324] ==================================================================
[ 13.715080] ================================================================== [ 13.715647] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 13.716502] Read of size 1 at addr ffff8881024eb420 by task kunit_try_catch/210 [ 13.717367] [ 13.717563] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.717658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.717678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.717708] Call Trace: [ 13.717730] <TASK> [ 13.717755] dump_stack_lvl+0x73/0xb0 [ 13.717807] print_report+0xd1/0x650 [ 13.717836] ? __virt_addr_valid+0x1db/0x2d0 [ 13.717869] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.717899] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.717942] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.717974] kasan_report+0x141/0x180 [ 13.718006] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.718041] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.718070] __kasan_check_byte+0x3d/0x50 [ 13.718099] kfree_sensitive+0x22/0x90 [ 13.718131] kmalloc_double_kzfree+0x19c/0x350 [ 13.718160] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 13.718197] ? __schedule+0x10cc/0x2b60 [ 13.718233] ? __pfx_read_tsc+0x10/0x10 [ 13.718268] ? ktime_get_ts64+0x86/0x230 [ 13.718306] kunit_try_run_case+0x1a5/0x480 [ 13.718335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.718354] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.718375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.718394] ? __kthread_parkme+0x82/0x180 [ 13.718413] ? preempt_count_sub+0x50/0x80 [ 13.718434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.718454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.718474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.718493] kthread+0x337/0x6f0 [ 13.718539] ? trace_preempt_on+0x20/0xc0 [ 13.718583] ? __pfx_kthread+0x10/0x10 [ 13.718613] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.718654] ? calculate_sigpending+0x7b/0xa0 [ 13.718677] ? __pfx_kthread+0x10/0x10 [ 13.718696] ret_from_fork+0x116/0x1d0 [ 13.718713] ? __pfx_kthread+0x10/0x10 [ 13.718730] ret_from_fork_asm+0x1a/0x30 [ 13.718759] </TASK> [ 13.718771] [ 13.731777] Allocated by task 210: [ 13.731935] kasan_save_stack+0x45/0x70 [ 13.732270] kasan_save_track+0x18/0x40 [ 13.732502] kasan_save_alloc_info+0x3b/0x50 [ 13.732879] __kasan_kmalloc+0xb7/0xc0 [ 13.733159] __kmalloc_cache_noprof+0x189/0x420 [ 13.733361] kmalloc_double_kzfree+0xa9/0x350 [ 13.733551] kunit_try_run_case+0x1a5/0x480 [ 13.733850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.734150] kthread+0x337/0x6f0 [ 13.734303] ret_from_fork+0x116/0x1d0 [ 13.734491] ret_from_fork_asm+0x1a/0x30 [ 13.734807] [ 13.734969] Freed by task 210: [ 13.735222] kasan_save_stack+0x45/0x70 [ 13.735724] kasan_save_track+0x18/0x40 [ 13.736044] kasan_save_free_info+0x3f/0x60 [ 13.737134] __kasan_slab_free+0x56/0x70 [ 13.737382] kfree+0x222/0x3f0 [ 13.737668] kfree_sensitive+0x67/0x90 [ 13.737885] kmalloc_double_kzfree+0x12b/0x350 [ 13.738264] kunit_try_run_case+0x1a5/0x480 [ 13.738457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.738908] kthread+0x337/0x6f0 [ 13.739169] ret_from_fork+0x116/0x1d0 [ 13.739356] ret_from_fork_asm+0x1a/0x30 [ 13.739675] [ 13.739811] The buggy address belongs to the object at ffff8881024eb420 [ 13.739811] which belongs to the cache kmalloc-16 of size 16 [ 13.740799] The buggy address is located 0 bytes inside of [ 13.740799] freed 16-byte region [ffff8881024eb420, ffff8881024eb430) [ 13.741661] [ 13.741832] The buggy address belongs to the physical page: [ 13.742008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024eb [ 13.742779] flags: 0x200000000000000(node=0|zone=2) [ 13.743053] page_type: f5(slab) [ 13.743358] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.744076] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.744665] page dumped because: kasan: bad access detected [ 13.745072] [ 13.745265] Memory state around the buggy address: [ 13.745695] ffff8881024eb300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.746209] ffff8881024eb380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.746699] >ffff8881024eb400: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 13.746917] ^ [ 13.747210] ffff8881024eb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.748190] ffff8881024eb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.748765] ==================================================================
[ 13.894243] ================================================================== [ 13.896144] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 13.897342] Read of size 1 at addr ffff88810168fee0 by task kunit_try_catch/209 [ 13.898353] [ 13.898942] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.899020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.899034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.899069] Call Trace: [ 13.899082] <TASK> [ 13.899098] dump_stack_lvl+0x73/0xb0 [ 13.899130] print_report+0xd1/0x650 [ 13.899153] ? __virt_addr_valid+0x1db/0x2d0 [ 13.899175] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.899198] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.899223] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.899246] kasan_report+0x141/0x180 [ 13.899268] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.899294] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.899317] __kasan_check_byte+0x3d/0x50 [ 13.899338] kfree_sensitive+0x22/0x90 [ 13.899361] kmalloc_double_kzfree+0x19c/0x350 [ 13.899384] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 13.899408] ? __schedule+0x10cc/0x2b60 [ 13.899430] ? __pfx_read_tsc+0x10/0x10 [ 13.899451] ? ktime_get_ts64+0x86/0x230 [ 13.899476] kunit_try_run_case+0x1a5/0x480 [ 13.899500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.899521] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.899544] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.899567] ? __kthread_parkme+0x82/0x180 [ 13.899586] ? preempt_count_sub+0x50/0x80 [ 13.899610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.899633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.899655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.899678] kthread+0x337/0x6f0 [ 13.899697] ? trace_preempt_on+0x20/0xc0 [ 13.899720] ? __pfx_kthread+0x10/0x10 [ 13.899741] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.899762] ? calculate_sigpending+0x7b/0xa0 [ 13.899786] ? __pfx_kthread+0x10/0x10 [ 13.899807] ret_from_fork+0x116/0x1d0 [ 13.899826] ? __pfx_kthread+0x10/0x10 [ 13.899846] ret_from_fork_asm+0x1a/0x30 [ 13.899878] </TASK> [ 13.899890] [ 13.913229] Allocated by task 209: [ 13.913427] kasan_save_stack+0x45/0x70 [ 13.913586] kasan_save_track+0x18/0x40 [ 13.913815] kasan_save_alloc_info+0x3b/0x50 [ 13.914036] __kasan_kmalloc+0xb7/0xc0 [ 13.914249] __kmalloc_cache_noprof+0x189/0x420 [ 13.914485] kmalloc_double_kzfree+0xa9/0x350 [ 13.914770] kunit_try_run_case+0x1a5/0x480 [ 13.914954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.915212] kthread+0x337/0x6f0 [ 13.915365] ret_from_fork+0x116/0x1d0 [ 13.915513] ret_from_fork_asm+0x1a/0x30 [ 13.915789] [ 13.915898] Freed by task 209: [ 13.916045] kasan_save_stack+0x45/0x70 [ 13.916232] kasan_save_track+0x18/0x40 [ 13.916430] kasan_save_free_info+0x3f/0x60 [ 13.916635] __kasan_slab_free+0x56/0x70 [ 13.917018] kfree+0x222/0x3f0 [ 13.917194] kfree_sensitive+0x67/0x90 [ 13.917340] kmalloc_double_kzfree+0x12b/0x350 [ 13.917495] kunit_try_run_case+0x1a5/0x480 [ 13.917649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.917985] kthread+0x337/0x6f0 [ 13.918173] ret_from_fork+0x116/0x1d0 [ 13.918366] ret_from_fork_asm+0x1a/0x30 [ 13.918563] [ 13.918662] The buggy address belongs to the object at ffff88810168fee0 [ 13.918662] which belongs to the cache kmalloc-16 of size 16 [ 13.919228] The buggy address is located 0 bytes inside of [ 13.919228] freed 16-byte region [ffff88810168fee0, ffff88810168fef0) [ 13.919643] [ 13.919799] The buggy address belongs to the physical page: [ 13.920075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10168f [ 13.920443] flags: 0x200000000000000(node=0|zone=2) [ 13.920672] page_type: f5(slab) [ 13.920907] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.921246] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.921569] page dumped because: kasan: bad access detected [ 13.922006] [ 13.922114] Memory state around the buggy address: [ 13.922281] ffff88810168fd80: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 13.922506] ffff88810168fe00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 13.922885] >ffff88810168fe80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.923232] ^ [ 13.923522] ffff88810168ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.923894] ffff88810168ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.924200] ==================================================================
[ 28.530583] ================================================================== [ 28.545022] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 28.552422] Read of size 1 at addr ffff888105602c00 by task kunit_try_catch/233 [ 28.559728] [ 28.561229] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 28.561238] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 28.561240] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 28.561244] Call Trace: [ 28.561245] <TASK> [ 28.561247] dump_stack_lvl+0x73/0xb0 [ 28.561252] print_report+0xd1/0x650 [ 28.561256] ? __virt_addr_valid+0x1db/0x2d0 [ 28.561260] ? kmalloc_double_kzfree+0x19c/0x350 [ 28.561264] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.561269] ? kmalloc_double_kzfree+0x19c/0x350 [ 28.561273] kasan_report+0x141/0x180 [ 28.561277] ? kmalloc_double_kzfree+0x19c/0x350 [ 28.561282] ? kmalloc_double_kzfree+0x19c/0x350 [ 28.561286] __kasan_check_byte+0x3d/0x50 [ 28.561290] kfree_sensitive+0x22/0x90 [ 28.561294] kmalloc_double_kzfree+0x19c/0x350 [ 28.561298] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 28.561302] ? __schedule+0x10cc/0x2b60 [ 28.561306] ? ktime_get_ts64+0x83/0x230 [ 28.561310] kunit_try_run_case+0x1a2/0x480 [ 28.561315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.561319] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.561323] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.561327] ? __kthread_parkme+0x82/0x180 [ 28.561347] ? preempt_count_sub+0x50/0x80 [ 28.561352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.561356] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.561360] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.561365] kthread+0x334/0x6f0 [ 28.561368] ? trace_preempt_on+0x20/0xc0 [ 28.561372] ? __pfx_kthread+0x10/0x10 [ 28.561388] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.561392] ? calculate_sigpending+0x7b/0xa0 [ 28.561397] ? __pfx_kthread+0x10/0x10 [ 28.561400] ret_from_fork+0x113/0x1d0 [ 28.561404] ? __pfx_kthread+0x10/0x10 [ 28.561407] ret_from_fork_asm+0x1a/0x30 [ 28.561413] </TASK> [ 28.561415] [ 28.735549] Allocated by task 233: [ 28.738954] kasan_save_stack+0x45/0x70 [ 28.742795] kasan_save_track+0x18/0x40 [ 28.746634] kasan_save_alloc_info+0x3b/0x50 [ 28.750906] __kasan_kmalloc+0xb7/0xc0 [ 28.754658] __kmalloc_cache_noprof+0x189/0x420 [ 28.759191] kmalloc_double_kzfree+0xa9/0x350 [ 28.763549] kunit_try_run_case+0x1a2/0x480 [ 28.767737] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.773135] kthread+0x334/0x6f0 [ 28.776370] ret_from_fork+0x113/0x1d0 [ 28.780148] ret_from_fork_asm+0x1a/0x30 [ 28.784074] [ 28.785574] Freed by task 233: [ 28.788633] kasan_save_stack+0x45/0x70 [ 28.792472] kasan_save_track+0x18/0x40 [ 28.796310] kasan_save_free_info+0x3f/0x60 [ 28.800497] __kasan_slab_free+0x56/0x70 [ 28.804422] kfree+0x222/0x3f0 [ 28.807483] kfree_sensitive+0x67/0x90 [ 28.811235] kmalloc_double_kzfree+0x12b/0x350 [ 28.815690] kunit_try_run_case+0x1a2/0x480 [ 28.819883] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.825283] kthread+0x334/0x6f0 [ 28.828517] ret_from_fork+0x113/0x1d0 [ 28.832267] ret_from_fork_asm+0x1a/0x30 [ 28.836195] [ 28.837695] The buggy address belongs to the object at ffff888105602c00 [ 28.837695] which belongs to the cache kmalloc-16 of size 16 [ 28.850036] The buggy address is located 0 bytes inside of [ 28.850036] freed 16-byte region [ffff888105602c00, ffff888105602c10) [ 28.862037] [ 28.863539] The buggy address belongs to the physical page: [ 28.869109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105602 [ 28.877110] flags: 0x200000000000000(node=0|zone=2) [ 28.881988] page_type: f5(slab) [ 28.885136] raw: 0200000000000000 ffff888100042640 dead000000000122 0000000000000000 [ 28.892883] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.900621] page dumped because: kasan: bad access detected [ 28.906196] [ 28.907693] Memory state around the buggy address: [ 28.912486] ffff888105602b00: 00 03 fc fc 00 03 fc fc fa fb fc fc 00 04 fc fc [ 28.919707] ffff888105602b80: 00 04 fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 28.926926] >ffff888105602c00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.934143] ^ [ 28.937389] ffff888105602c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.944615] ffff888105602d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.951832] ==================================================================