Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 107.927611] ================================================================== [ 107.928799] BUG: KASAN: use-after-free in kfree_sensitive+0x20/0x64 [ 107.929402] Read of size 1 at addr ffff0000c66abb00 by task kunit_try_catch/251 [ 107.930010] [ 107.930232] CPU: 1 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 107.930967] Hardware name: linux,dummy-virt (DT) [ 107.931421] Call trace: [ 107.931687] dump_backtrace+0xe0/0x134 [ 107.932126] show_stack+0x20/0x2c [ 107.932578] dump_stack_lvl+0x88/0xb4 [ 107.933094] print_report+0x158/0x44c [ 107.933510] kasan_report+0xc8/0x180 [ 107.933928] __kasan_check_byte+0x54/0x70 [ 107.934384] ksize+0x44/0xb0 [ 107.934783] kfree_sensitive+0x20/0x64 [ 107.935258] kmalloc_double_kzfree+0xcc/0x1e0 [ 107.935750] kunit_try_run_case+0x8c/0x124 [ 107.936215] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 107.937010] kthread+0x15c/0x170 [ 107.937413] ret_from_fork+0x10/0x20 [ 107.937826] [ 107.938043] Allocated by task 251: [ 107.938390] kasan_save_stack+0x3c/0x70 [ 107.938851] kasan_set_track+0x2c/0x40 [ 107.939259] kasan_save_alloc_info+0x24/0x34 [ 107.939724] __kasan_kmalloc+0xd4/0xe0 [ 107.940132] kmalloc_trace+0x8c/0x150 [ 107.940734] kmalloc_double_kzfree+0x9c/0x1e0 [ 107.941246] kunit_try_run_case+0x8c/0x124 [ 107.941730] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 107.942351] kthread+0x15c/0x170 [ 107.942807] ret_from_fork+0x10/0x20 [ 107.943200] [ 107.943424] Freed by task 251: [ 107.943754] kasan_save_stack+0x3c/0x70 [ 107.944226] kasan_set_track+0x2c/0x40 [ 107.944873] kasan_save_free_info+0x38/0x5c [ 107.945389] __kasan_slab_free+0x100/0x170 [ 107.945825] slab_free_freelist_hook+0xd8/0x1c0 [ 107.946237] __kmem_cache_free+0x15c/0x2a0 [ 107.946767] kfree+0x88/0x150 [ 107.947196] kfree_sensitive+0x54/0x64 [ 107.947671] kmalloc_double_kzfree+0xbc/0x1e0 [ 107.948233] kunit_try_run_case+0x8c/0x124 [ 107.948779] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 107.949406] kthread+0x15c/0x170 [ 107.949833] ret_from_fork+0x10/0x20 [ 107.950307] [ 107.950559] The buggy address belongs to the object at ffff0000c66abb00 [ 107.950559] which belongs to the cache kmalloc-128 of size 128 [ 107.951730] The buggy address is located 0 bytes inside of [ 107.951730] 128-byte region [ffff0000c66abb00, ffff0000c66abb80) [ 107.953058] [ 107.953294] The buggy address belongs to the physical page: [ 107.953766] page:0000000069500412 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066ab [ 107.954551] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 107.955279] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 107.955978] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 107.956933] page dumped because: kasan: bad access detected [ 107.957391] [ 107.957600] Memory state around the buggy address: [ 107.958073] ffff0000c66aba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 107.959065] ffff0000c66aba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.959658] >ffff0000c66abb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 107.960348] ^ [ 107.960871] ffff0000c66abb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.961674] ffff0000c66abc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.962269] ==================================================================
[ 77.586541] ================================================================== [ 77.587632] BUG: KASAN: use-after-free in kfree_sensitive+0x1c/0xa4 [ 77.588282] Read of size 1 at addr ffff0000c5ad0000 by task kunit_try_catch/167 [ 77.588908] [ 77.589125] CPU: 1 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 77.589900] Hardware name: linux,dummy-virt (DT) [ 77.590347] Call trace: [ 77.590624] dump_backtrace+0xf8/0x118 [ 77.591164] show_stack+0x18/0x24 [ 77.591626] __dump_stack+0x28/0x38 [ 77.592095] dump_stack_lvl+0x54/0x6c [ 77.592543] print_address_description+0x7c/0x1ec [ 77.593194] print_report+0x50/0x68 [ 77.593664] kasan_report+0xac/0x100 [ 77.594156] __kasan_check_byte+0x3c/0x54 [ 77.594646] ksize+0x34/0x13c [ 77.595055] kfree_sensitive+0x1c/0xa4 [ 77.595506] kmalloc_double_kzfree+0xa4/0x144 [ 77.596013] kunit_try_run_case+0x80/0x184 [ 77.596523] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 77.597236] kthread+0x16c/0x21c [ 77.597653] ret_from_fork+0x10/0x20 [ 77.598113] [ 77.598303] Allocated by task 167: [ 77.598638] kasan_set_track+0x4c/0x80 [ 77.599129] kasan_save_alloc_info+0x28/0x34 [ 77.599627] __kasan_kmalloc+0x88/0xa0 [ 77.600129] kmalloc_trace+0x54/0x68 [ 77.600555] kmalloc_double_kzfree+0x48/0x144 [ 77.601063] kunit_try_run_case+0x80/0x184 [ 77.601677] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 77.602280] kthread+0x16c/0x21c [ 77.602695] ret_from_fork+0x10/0x20 [ 77.603139] [ 77.603339] Freed by task 167: [ 77.603659] kasan_set_track+0x4c/0x80 [ 77.604198] kasan_save_free_info+0x3c/0x60 [ 77.604678] ____kasan_slab_free+0xe8/0x140 [ 77.605262] __kasan_slab_free+0x18/0x28 [ 77.605771] __kmem_cache_free+0xdc/0x284 [ 77.606250] kfree_sensitive+0x88/0xa4 [ 77.606697] kmalloc_double_kzfree+0x90/0x144 [ 77.607225] kunit_try_run_case+0x80/0x184 [ 77.607726] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 77.608294] kthread+0x16c/0x21c [ 77.608826] ret_from_fork+0x10/0x20 [ 77.609272] [ 77.609489] The buggy address belongs to the object at ffff0000c5ad0000 [ 77.609489] which belongs to the cache kmalloc-128 of size 128 [ 77.610422] The buggy address is located 0 bytes inside of [ 77.610422] 128-byte region [ffff0000c5ad0000, ffff0000c5ad0080) [ 77.611346] [ 77.611561] The buggy address belongs to the physical page: [ 77.612048] page:000000001efa35a5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ad0 [ 77.612923] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 77.613794] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 77.614500] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 77.615153] page dumped because: kasan: bad access detected [ 77.615633] [ 77.615836] Memory state around the buggy address: [ 77.616314] ffff0000c5acff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.617058] ffff0000c5acff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.617719] >ffff0000c5ad0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.618361] ^ [ 77.618726] ffff0000c5ad0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.619367] ffff0000c5ad0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.619969] ==================================================================
[ 76.778528] ================================================================== [ 76.780377] BUG: KASAN: use-after-free in kfree_sensitive+0x1c/0xa4 [ 76.781366] Read of size 1 at addr ffff0000c58a7b00 by task kunit_try_catch/167 [ 76.782309] [ 76.782638] CPU: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 76.783792] Hardware name: linux,dummy-virt (DT) [ 76.784537] Call trace: [ 76.784958] dump_backtrace+0xf4/0x114 [ 76.785646] show_stack+0x18/0x24 [ 76.786285] __dump_stack+0x28/0x38 [ 76.786907] dump_stack_lvl+0x50/0x68 [ 76.787534] print_address_description+0x7c/0x1ec [ 76.788260] print_report+0x50/0x68 [ 76.788686] kasan_report+0xac/0xfc [ 76.789214] __kasan_check_byte+0x3c/0x54 [ 76.789714] ksize+0x34/0x13c [ 76.790152] kfree_sensitive+0x1c/0xa4 [ 76.790556] kmalloc_double_kzfree+0xa4/0x144 [ 76.791309] kunit_try_run_case+0x80/0x184 [ 76.792092] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.792965] kthread+0x16c/0x21c [ 76.793578] ret_from_fork+0x10/0x20 [ 76.794206] [ 76.794503] Allocated by task 167: [ 76.795025] kasan_set_track+0x4c/0x80 [ 76.795757] kasan_save_alloc_info+0x28/0x34 [ 76.796462] __kasan_kmalloc+0x88/0xa0 [ 76.796981] kmalloc_trace+0x54/0x68 [ 76.797384] kmalloc_double_kzfree+0x48/0x144 [ 76.797921] kunit_try_run_case+0x80/0x184 [ 76.798597] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.799437] kthread+0x16c/0x21c [ 76.800109] ret_from_fork+0x10/0x20 [ 76.800792] [ 76.801167] Freed by task 167: [ 76.801651] kasan_set_track+0x4c/0x80 [ 76.802319] kasan_save_free_info+0x3c/0x60 [ 76.803003] ____kasan_slab_free+0xe8/0x140 [ 76.803782] __kasan_slab_free+0x18/0x28 [ 76.804498] __kmem_cache_free+0xdc/0x27c [ 76.805172] kfree_sensitive+0x88/0xa4 [ 76.805735] kmalloc_double_kzfree+0x90/0x144 [ 76.806196] kunit_try_run_case+0x80/0x184 [ 76.806619] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.807140] kthread+0x16c/0x21c [ 76.807532] ret_from_fork+0x10/0x20 [ 76.808307] [ 76.808655] The buggy address belongs to the object at ffff0000c58a7b00 [ 76.808655] which belongs to the cache kmalloc-128 of size 128 [ 76.810120] The buggy address is located 0 bytes inside of [ 76.810120] 128-byte region [ffff0000c58a7b00, ffff0000c58a7b80) [ 76.811477] [ 76.811824] The buggy address belongs to the physical page: [ 76.812616] page:00000000333134b1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 76.813772] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 76.814725] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 76.815734] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 76.816686] page dumped because: kasan: bad access detected [ 76.817390] [ 76.817675] Memory state around the buggy address: [ 76.818315] ffff0000c58a7a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.819239] ffff0000c58a7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.820262] >ffff0000c58a7b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.821241] ^ [ 76.821793] ffff0000c58a7b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.822697] ffff0000c58a7c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.823238] ==================================================================
[ 75.326116] ================================================================== [ 75.327374] BUG: KASAN: use-after-free in kfree_sensitive+0x18/0x5c [ 75.328032] Read of size 1 at addr ffff0000c5938e00 by task kunit_try_catch/167 [ 75.328733] [ 75.329029] CPU: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.329855] Hardware name: linux,dummy-virt (DT) [ 75.330320] Call trace: [ 75.330637] dump_backtrace.part.0+0xdc/0xf0 [ 75.331155] show_stack+0x18/0x30 [ 75.331750] dump_stack_lvl+0x64/0x80 [ 75.332348] print_report+0x158/0x438 [ 75.332965] kasan_report+0xb4/0xf4 [ 75.333420] __kasan_check_byte+0x54/0x70 [ 75.334795] ksize+0x3c/0x94 [ 75.335281] kfree_sensitive+0x18/0x5c [ 75.335673] kmalloc_double_kzfree+0xc4/0x1d0 [ 75.336082] kunit_try_run_case+0x84/0x120 [ 75.336482] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 75.336951] kthread+0x180/0x190 [ 75.337271] ret_from_fork+0x10/0x20 [ 75.338053] [ 75.338246] Allocated by task 167: [ 75.338534] kasan_save_stack+0x3c/0x70 [ 75.338889] kasan_set_track+0x2c/0x40 [ 75.339225] kasan_save_alloc_info+0x24/0x34 [ 75.341016] __kasan_kmalloc+0xb8/0xc0 [ 75.341737] kmalloc_trace+0x58/0x6c [ 75.343082] kmalloc_double_kzfree+0x94/0x1d0 [ 75.344123] kunit_try_run_case+0x84/0x120 [ 75.345198] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 75.347550] kthread+0x180/0x190 [ 75.348469] ret_from_fork+0x10/0x20 [ 75.348863] [ 75.349046] Freed by task 167: [ 75.349671] kasan_save_stack+0x3c/0x70 [ 75.350187] kasan_set_track+0x2c/0x40 [ 75.351216] kasan_save_free_info+0x38/0x5c [ 75.351706] __kasan_slab_free+0xe4/0x150 [ 75.352138] __kmem_cache_free+0x130/0x2a4 [ 75.352623] kfree+0x58/0x80 [ 75.353012] kfree_sensitive+0x4c/0x5c [ 75.353419] kmalloc_double_kzfree+0xb4/0x1d0 [ 75.353880] kunit_try_run_case+0x84/0x120 [ 75.354342] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 75.354866] kthread+0x180/0x190 [ 75.355235] ret_from_fork+0x10/0x20 [ 75.355676] [ 75.355871] The buggy address belongs to the object at ffff0000c5938e00 [ 75.355871] which belongs to the cache kmalloc-128 of size 128 [ 75.356769] The buggy address is located 0 bytes inside of [ 75.356769] 128-byte region [ffff0000c5938e00, ffff0000c5938e80) [ 75.357662] [ 75.357869] The buggy address belongs to the physical page: [ 75.358326] page:000000003af4cecf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105938 [ 75.359071] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.360298] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.360978] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.361476] page dumped because: kasan: bad access detected [ 75.361994] [ 75.362257] Memory state around the buggy address: [ 75.362759] ffff0000c5938d00: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.363387] ffff0000c5938d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.364007] >ffff0000c5938e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.364556] ^ [ 75.364895] ffff0000c5938e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.365362] ffff0000c5938f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.366709] ==================================================================
[ 66.652338] ================================================================== [ 66.654401] BUG: KASAN: use-after-free in kfree_sensitive+0x18/0x60 [ 66.655278] Read of size 1 at addr ffff0000c5a10200 by task kunit_try_catch/165 [ 66.655737] [ 66.655918] CPU: 1 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 66.656438] Hardware name: linux,dummy-virt (DT) [ 66.656758] Call trace: [ 66.657018] dump_backtrace+0x110/0x120 [ 66.657519] show_stack+0x18/0x28 [ 66.657974] dump_stack_lvl+0x68/0x84 [ 66.658619] print_report+0x158/0x484 [ 66.659030] kasan_report+0x98/0xe0 [ 66.659410] __kasan_check_byte+0x58/0x70 [ 66.659803] ksize+0x30/0x80 [ 66.660114] kfree_sensitive+0x18/0x60 [ 66.660518] kmalloc_double_kzfree+0xdc/0x1d8 [ 66.660978] kunit_try_run_case+0x7c/0x120 [ 66.661407] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 66.661936] kthread+0x1a4/0x1b8 [ 66.662545] ret_from_fork+0x10/0x20 [ 66.662938] [ 66.663119] Allocated by task 165: [ 66.663435] kasan_save_stack+0x2c/0x58 [ 66.663814] kasan_set_track+0x2c/0x40 [ 66.664213] kasan_save_alloc_info+0x24/0x38 [ 66.664655] __kasan_kmalloc+0xa0/0xb8 [ 66.665020] kmalloc_trace+0x50/0x68 [ 66.665414] kmalloc_double_kzfree+0xa8/0x1d8 [ 66.666094] kunit_try_run_case+0x7c/0x120 [ 66.666545] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 66.667036] kthread+0x1a4/0x1b8 [ 66.667412] ret_from_fork+0x10/0x20 [ 66.667789] [ 66.667966] Freed by task 165: [ 66.668242] kasan_save_stack+0x2c/0x58 [ 66.668640] kasan_set_track+0x2c/0x40 [ 66.669029] kasan_save_free_info+0x38/0x60 [ 66.669725] __kasan_slab_free+0xe8/0x158 [ 66.670137] __kmem_cache_free+0x138/0x2b0 [ 66.670577] kfree+0x5c/0x70 [ 66.670914] kfree_sensitive+0x4c/0x60 [ 66.671326] kmalloc_double_kzfree+0xc8/0x1d8 [ 66.671766] kunit_try_run_case+0x7c/0x120 [ 66.672181] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 66.672715] kthread+0x1a4/0x1b8 [ 66.673066] ret_from_fork+0x10/0x20 [ 66.673443] [ 66.673643] The buggy address belongs to the object at ffff0000c5a10200 [ 66.673643] which belongs to the cache kmalloc-128 of size 128 [ 66.674491] The buggy address is located 0 bytes inside of [ 66.674491] 128-byte region [ffff0000c5a10200, ffff0000c5a10280) [ 66.675585] [ 66.675799] The buggy address belongs to the physical page: [ 66.676224] page:000000003e6c9983 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a10 [ 66.676956] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 66.678250] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 66.678843] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 66.679432] page dumped because: kasan: bad access detected [ 66.679872] [ 66.680067] Memory state around the buggy address: [ 66.680505] ffff0000c5a10100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.681046] ffff0000c5a10180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.681938] >ffff0000c5a10200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.682614] ^ [ 66.682932] ffff0000c5a10280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.683504] ffff0000c5a10300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.684032] ==================================================================
[ 32.620510] ================================================================== [ 32.621370] BUG: KASAN: use-after-free in kfree_sensitive+0x12/0x50 [ 32.621872] Read of size 1 at addr ffff888101a015c0 by task kunit_try_catch/271 [ 32.622931] [ 32.623155] CPU: 1 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.623836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.624313] Call Trace: [ 32.624875] <TASK> [ 32.625241] dump_stack_lvl+0x49/0x62 [ 32.625653] print_report+0x189/0x492 [ 32.626036] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.626602] ? kfree_sensitive+0x12/0x50 [ 32.627004] kasan_report+0x10c/0x190 [ 32.627548] ? kfree_sensitive+0x12/0x50 [ 32.627925] ? kfree_sensitive+0x12/0x50 [ 32.628367] __kasan_check_byte+0x39/0x50 [ 32.628977] ksize+0x1e/0x70 [ 32.629376] kfree_sensitive+0x12/0x50 [ 32.629604] kmalloc_double_kzfree+0xc8/0x1b0 [ 32.629844] ? kasan_global_oob_right+0x160/0x160 [ 32.630089] ? __kunit_add_resource+0xd1/0x100 [ 32.630778] ? kasan_test_init+0x13e/0x1b0 [ 32.631148] kunit_try_run_case+0x8f/0xd0 [ 32.631606] ? kunit_catch_run_case+0x80/0x80 [ 32.632002] ? kunit_try_catch_throw+0x40/0x40 [ 32.632846] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.633174] kthread+0x17b/0x1b0 [ 32.633631] ? kthread_complete_and_exit+0x30/0x30 [ 32.634072] ret_from_fork+0x22/0x30 [ 32.634528] </TASK> [ 32.634866] [ 32.635022] Allocated by task 271: [ 32.635413] kasan_save_stack+0x41/0x70 [ 32.635747] kasan_set_track+0x25/0x40 [ 32.636093] kasan_save_alloc_info+0x1e/0x30 [ 32.636778] __kasan_kmalloc+0xb6/0xc0 [ 32.637192] kmalloc_trace+0x48/0xb0 [ 32.637622] kmalloc_double_kzfree+0x99/0x1b0 [ 32.637992] kunit_try_run_case+0x8f/0xd0 [ 32.638296] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.638783] kthread+0x17b/0x1b0 [ 32.639108] ret_from_fork+0x22/0x30 [ 32.639738] [ 32.639861] Freed by task 271: [ 32.640026] kasan_save_stack+0x41/0x70 [ 32.640697] kasan_set_track+0x25/0x40 [ 32.641089] kasan_save_free_info+0x2e/0x50 [ 32.641603] ____kasan_slab_free+0x175/0x1d0 [ 32.641864] __kasan_slab_free+0x12/0x20 [ 32.642215] __kmem_cache_free+0x188/0x2f0 [ 32.642681] kfree+0x78/0x120 [ 32.643007] kfree_sensitive+0x3e/0x50 [ 32.643255] kmalloc_double_kzfree+0xb1/0x1b0 [ 32.643724] kunit_try_run_case+0x8f/0xd0 [ 32.643997] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.644594] kthread+0x17b/0x1b0 [ 32.644815] ret_from_fork+0x22/0x30 [ 32.645204] [ 32.645299] The buggy address belongs to the object at ffff888101a015c0 [ 32.645299] which belongs to the cache kmalloc-16 of size 16 [ 32.646097] The buggy address is located 0 bytes inside of [ 32.646097] 16-byte region [ffff888101a015c0, ffff888101a015d0) [ 32.647001] [ 32.647125] The buggy address belongs to the physical page: [ 32.647453] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a01 [ 32.647944] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.648309] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.649130] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.649752] page dumped because: kasan: bad access detected [ 32.650027] [ 32.650158] Memory state around the buggy address: [ 32.650577] ffff888101a01480: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 02 fc fc [ 32.650962] ffff888101a01500: 00 03 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 32.651344] >ffff888101a01580: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 32.651813] ^ [ 32.652058] ffff888101a01600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.652729] ffff888101a01680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.653103] ==================================================================