Hay
Sign in
Date
July 18, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   17.214390] ==================================================================
[   17.214501] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[   17.214820] Free of addr fff00000c5acc120 by task kunit_try_catch/192
[   17.214937] 
[   17.214984] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.215069] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.215098] Hardware name: linux,dummy-virt (DT)
[   17.215129] Call trace:
[   17.215153]  show_stack+0x20/0x38 (C)
[   17.215231]  dump_stack_lvl+0x8c/0xd0
[   17.215287]  print_report+0x118/0x5d0
[   17.215567]  kasan_report_invalid_free+0xc0/0xe8
[   17.215646]  check_slab_allocation+0xd4/0x108
[   17.215994]  __kasan_slab_pre_free+0x2c/0x48
[   17.216183]  kfree+0xe8/0x3c8
[   17.216303]  kfree_sensitive+0x3c/0xb0
[   17.216518]  kmalloc_double_kzfree+0x168/0x308
[   17.217016]  kunit_try_run_case+0x170/0x3f0
[   17.217108]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.217233]  kthread+0x328/0x630
[   17.217411]  ret_from_fork+0x10/0x20
[   17.217522] 
[   17.218056] Allocated by task 192:
[   17.218151]  kasan_save_stack+0x3c/0x68
[   17.218334]  kasan_save_track+0x20/0x40
[   17.218375]  kasan_save_alloc_info+0x40/0x58
[   17.218818]  __kasan_kmalloc+0xd4/0xd8
[   17.219059]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.219582]  kmalloc_double_kzfree+0xb8/0x308
[   17.219715]  kunit_try_run_case+0x170/0x3f0
[   17.219898]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.219944]  kthread+0x328/0x630
[   17.219979]  ret_from_fork+0x10/0x20
[   17.220208] 
[   17.220493] Freed by task 192:
[   17.220606]  kasan_save_stack+0x3c/0x68
[   17.220735]  kasan_save_track+0x20/0x40
[   17.221392]  kasan_save_free_info+0x4c/0x78
[   17.221460]  __kasan_slab_free+0x6c/0x98
[   17.221577]  kfree+0x214/0x3c8
[   17.221766]  kfree_sensitive+0x80/0xb0
[   17.221906]  kmalloc_double_kzfree+0x11c/0x308
[   17.222030]  kunit_try_run_case+0x170/0x3f0
[   17.222343]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.222570]  kthread+0x328/0x630
[   17.222646]  ret_from_fork+0x10/0x20
[   17.222838] 
[   17.222958] The buggy address belongs to the object at fff00000c5acc120
[   17.222958]  which belongs to the cache kmalloc-16 of size 16
[   17.223102] The buggy address is located 0 bytes inside of
[   17.223102]  16-byte region [fff00000c5acc120, fff00000c5acc130)
[   17.223213] 
[   17.223258] The buggy address belongs to the physical page:
[   17.223291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105acc
[   17.223796] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.224153] page_type: f5(slab)
[   17.224373] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   17.224471] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   17.224633] page dumped because: kasan: bad access detected
[   17.224667] 
[   17.224725] Memory state around the buggy address:
[   17.224768]  fff00000c5acc000: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   17.224811]  fff00000c5acc080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   17.225114] >fff00000c5acc100: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   17.225168]                                ^
[   17.225250]  fff00000c5acc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.225331]  fff00000c5acc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.225382] ==================================================================
Metadata Full log Test run details 

[   16.832307] ==================================================================
[   16.832691] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[   16.832775] Free of addr fff00000c5a02c40 by task kunit_try_catch/192
[   16.832828] 
[   16.833008] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.833217] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.833542] Hardware name: linux,dummy-virt (DT)
[   16.833580] Call trace:
[   16.833603]  show_stack+0x20/0x38 (C)
[   16.833732]  dump_stack_lvl+0x8c/0xd0
[   16.833832]  print_report+0x118/0x5d0
[   16.834004]  kasan_report_invalid_free+0xc0/0xe8
[   16.834111]  check_slab_allocation+0xd4/0x108
[   16.834281]  __kasan_slab_pre_free+0x2c/0x48
[   16.834346]  kfree+0xe8/0x3c8
[   16.834693]  kfree_sensitive+0x3c/0xb0
[   16.834946]  kmalloc_double_kzfree+0x168/0x308
[   16.835097]  kunit_try_run_case+0x170/0x3f0
[   16.835181]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.835301]  kthread+0x328/0x630
[   16.835391]  ret_from_fork+0x10/0x20
[   16.835630] 
[   16.835719] Allocated by task 192:
[   16.835751]  kasan_save_stack+0x3c/0x68
[   16.835824]  kasan_save_track+0x20/0x40
[   16.835864]  kasan_save_alloc_info+0x40/0x58
[   16.835905]  __kasan_kmalloc+0xd4/0xd8
[   16.835941]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.835982]  kmalloc_double_kzfree+0xb8/0x308
[   16.836084]  kunit_try_run_case+0x170/0x3f0
[   16.836125]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.836185]  kthread+0x328/0x630
[   16.836229]  ret_from_fork+0x10/0x20
[   16.836265] 
[   16.836284] Freed by task 192:
[   16.836309]  kasan_save_stack+0x3c/0x68
[   16.836703]  kasan_save_track+0x20/0x40
[   16.836768]  kasan_save_free_info+0x4c/0x78
[   16.837145]  __kasan_slab_free+0x6c/0x98
[   16.837254]  kfree+0x214/0x3c8
[   16.837397]  kfree_sensitive+0x80/0xb0
[   16.837503]  kmalloc_double_kzfree+0x11c/0x308
[   16.837664]  kunit_try_run_case+0x170/0x3f0
[   16.837765]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.837993]  kthread+0x328/0x630
[   16.838062]  ret_from_fork+0x10/0x20
[   16.838248] 
[   16.838307] The buggy address belongs to the object at fff00000c5a02c40
[   16.838307]  which belongs to the cache kmalloc-16 of size 16
[   16.838499] The buggy address is located 0 bytes inside of
[   16.838499]  16-byte region [fff00000c5a02c40, fff00000c5a02c50)
[   16.838652] 
[   16.838736] The buggy address belongs to the physical page:
[   16.838806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a02
[   16.839143] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.839370] page_type: f5(slab)
[   16.839534] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.839640] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.839786] page dumped because: kasan: bad access detected
[   16.839826] 
[   16.839844] Memory state around the buggy address:
[   16.840140]  fff00000c5a02b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   16.840329]  fff00000c5a02b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   16.840384] >fff00000c5a02c00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc
[   16.840514]                                            ^
[   16.840648]  fff00000c5a02c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.840736]  fff00000c5a02d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.840853] ==================================================================
Metadata Full log Test run details 

[   16.832940] ==================================================================
[   16.833021] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[   16.833072] Free of addr fff00000c5755ea0 by task kunit_try_catch/192
[   16.833114] 
[   16.833350] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.833448] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.833476] Hardware name: linux,dummy-virt (DT)
[   16.833523] Call trace:
[   16.833581]  show_stack+0x20/0x38 (C)
[   16.833647]  dump_stack_lvl+0x8c/0xd0
[   16.833741]  print_report+0x118/0x5d0
[   16.833816]  kasan_report_invalid_free+0xc0/0xe8
[   16.833870]  check_slab_allocation+0xd4/0x108
[   16.833920]  __kasan_slab_pre_free+0x2c/0x48
[   16.834189]  kfree+0xe8/0x3c8
[   16.834279]  kfree_sensitive+0x3c/0xb0
[   16.834353]  kmalloc_double_kzfree+0x168/0x308
[   16.834408]  kunit_try_run_case+0x170/0x3f0
[   16.834492]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.834575]  kthread+0x328/0x630
[   16.834618]  ret_from_fork+0x10/0x20
[   16.834709] 
[   16.834766] Allocated by task 192:
[   16.834795]  kasan_save_stack+0x3c/0x68
[   16.834851]  kasan_save_track+0x20/0x40
[   16.834889]  kasan_save_alloc_info+0x40/0x58
[   16.834929]  __kasan_kmalloc+0xd4/0xd8
[   16.835074]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.835244]  kmalloc_double_kzfree+0xb8/0x308
[   16.835317]  kunit_try_run_case+0x170/0x3f0
[   16.835464]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.835518]  kthread+0x328/0x630
[   16.835551]  ret_from_fork+0x10/0x20
[   16.835604] 
[   16.835623] Freed by task 192:
[   16.835649]  kasan_save_stack+0x3c/0x68
[   16.835687]  kasan_save_track+0x20/0x40
[   16.835768]  kasan_save_free_info+0x4c/0x78
[   16.835890]  __kasan_slab_free+0x6c/0x98
[   16.835973]  kfree+0x214/0x3c8
[   16.836034]  kfree_sensitive+0x80/0xb0
[   16.836200]  kmalloc_double_kzfree+0x11c/0x308
[   16.836299]  kunit_try_run_case+0x170/0x3f0
[   16.836357]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.836624]  kthread+0x328/0x630
[   16.836699]  ret_from_fork+0x10/0x20
[   16.836774] 
[   16.836795] The buggy address belongs to the object at fff00000c5755ea0
[   16.836795]  which belongs to the cache kmalloc-16 of size 16
[   16.836854] The buggy address is located 0 bytes inside of
[   16.836854]  16-byte region [fff00000c5755ea0, fff00000c5755eb0)
[   16.836933] 
[   16.837043] The buggy address belongs to the physical page:
[   16.837106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105755
[   16.837245] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.837383] page_type: f5(slab)
[   16.837476] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.837552] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.837943] page dumped because: kasan: bad access detected
[   16.838017] 
[   16.838109] Memory state around the buggy address:
[   16.838186]  fff00000c5755d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   16.838229]  fff00000c5755e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   16.838564] >fff00000c5755e80: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   16.838696]                                ^
[   16.838806]  fff00000c5755f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.838936]  fff00000c5755f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.838974] ==================================================================
Metadata Full log Test run details 

[   12.617214] ==================================================================
[   12.617983] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90
[   12.618317] Free of addr ffff888102837200 by task kunit_try_catch/209
[   12.618518] 
[   12.618695] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.618739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.618749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.618775] Call Trace:
[   12.618787]  <TASK>
[   12.618802]  dump_stack_lvl+0x73/0xb0
[   12.618831]  print_report+0xd1/0x610
[   12.618863]  ? __virt_addr_valid+0x1db/0x2d0
[   12.618887]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.618927]  ? kfree_sensitive+0x2e/0x90
[   12.618948]  kasan_report_invalid_free+0x10a/0x130
[   12.618973]  ? kfree_sensitive+0x2e/0x90
[   12.619004]  ? kfree_sensitive+0x2e/0x90
[   12.619023]  check_slab_allocation+0x101/0x130
[   12.619045]  __kasan_slab_pre_free+0x28/0x40
[   12.619065]  kfree+0xf0/0x3f0
[   12.619086]  ? add_taint+0x2e/0xa0
[   12.619104]  ? kfree_sensitive+0x2e/0x90
[   12.619126]  kfree_sensitive+0x2e/0x90
[   12.619145]  kmalloc_double_kzfree+0x19c/0x350
[   12.619179]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   12.619202]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.619228]  ? trace_hardirqs_on+0x37/0xe0
[   12.619261]  ? __pfx_read_tsc+0x10/0x10
[   12.619282]  ? ktime_get_ts64+0x86/0x230
[   12.619306]  kunit_try_run_case+0x1a5/0x480
[   12.619330]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.619354]  ? queued_spin_lock_slowpath+0x116/0xb40
[   12.619379]  ? __kthread_parkme+0x82/0x180
[   12.619400]  ? preempt_count_sub+0x50/0x80
[   12.619424]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.619447]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.619471]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.619494]  kthread+0x337/0x6f0
[   12.619522]  ? trace_preempt_on+0x20/0xc0
[   12.619610]  ? __pfx_kthread+0x10/0x10
[   12.619631]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.619652]  ? calculate_sigpending+0x7b/0xa0
[   12.619677]  ? __pfx_kthread+0x10/0x10
[   12.619698]  ret_from_fork+0x116/0x1d0
[   12.619716]  ? __pfx_kthread+0x10/0x10
[   12.619736]  ret_from_fork_asm+0x1a/0x30
[   12.619768]  </TASK>
[   12.619779] 
[   12.628797] Allocated by task 209:
[   12.629154]  kasan_save_stack+0x45/0x70
[   12.629398]  kasan_save_track+0x18/0x40
[   12.629691]  kasan_save_alloc_info+0x3b/0x50
[   12.629899]  __kasan_kmalloc+0xb7/0xc0
[   12.630153]  __kmalloc_cache_noprof+0x189/0x420
[   12.630313]  kmalloc_double_kzfree+0xa9/0x350
[   12.630465]  kunit_try_run_case+0x1a5/0x480
[   12.630611]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.630870]  kthread+0x337/0x6f0
[   12.631078]  ret_from_fork+0x116/0x1d0
[   12.631301]  ret_from_fork_asm+0x1a/0x30
[   12.631625] 
[   12.631727] Freed by task 209:
[   12.631886]  kasan_save_stack+0x45/0x70
[   12.632087]  kasan_save_track+0x18/0x40
[   12.632272]  kasan_save_free_info+0x3f/0x60
[   12.632484]  __kasan_slab_free+0x56/0x70
[   12.632884]  kfree+0x222/0x3f0
[   12.633021]  kfree_sensitive+0x67/0x90
[   12.633416]  kmalloc_double_kzfree+0x12b/0x350
[   12.633753]  kunit_try_run_case+0x1a5/0x480
[   12.633927]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.634105]  kthread+0x337/0x6f0
[   12.634229]  ret_from_fork+0x116/0x1d0
[   12.634361]  ret_from_fork_asm+0x1a/0x30
[   12.634501] 
[   12.634573] The buggy address belongs to the object at ffff888102837200
[   12.634573]  which belongs to the cache kmalloc-16 of size 16
[   12.635091] The buggy address is located 0 bytes inside of
[   12.635091]  16-byte region [ffff888102837200, ffff888102837210)
[   12.635589] 
[   12.635687] The buggy address belongs to the physical page:
[   12.635887] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102837
[   12.636231] flags: 0x200000000000000(node=0|zone=2)
[   12.636398] page_type: f5(slab)
[   12.636790] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.637286] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.637796] page dumped because: kasan: bad access detected
[   12.638148] 
[   12.638220] Memory state around the buggy address:
[   12.638379]  ffff888102837100: 00 05 fc fc 00 02 fc fc fa fb fc fc 00 05 fc fc
[   12.638967]  ffff888102837180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   12.639291] >ffff888102837200: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.639704]                    ^
[   12.639876]  ffff888102837280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.640209]  ffff888102837300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.640455] ==================================================================
Metadata Full log Test run details 

[   12.391157] ==================================================================
[   12.391586] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90
[   12.391877] Free of addr ffff8881016842e0 by task kunit_try_catch/210
[   12.392162] 
[   12.392258] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.392300] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.392310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.392330] Call Trace:
[   12.392346]  <TASK>
[   12.392361]  dump_stack_lvl+0x73/0xb0
[   12.392388]  print_report+0xd1/0x610
[   12.392599]  ? __virt_addr_valid+0x1db/0x2d0
[   12.392642]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.392665]  ? kfree_sensitive+0x2e/0x90
[   12.392686]  kasan_report_invalid_free+0x10a/0x130
[   12.392962]  ? kfree_sensitive+0x2e/0x90
[   12.392989]  ? kfree_sensitive+0x2e/0x90
[   12.393009]  check_slab_allocation+0x101/0x130
[   12.393031]  __kasan_slab_pre_free+0x28/0x40
[   12.393051]  kfree+0xf0/0x3f0
[   12.393073]  ? kfree_sensitive+0x2e/0x90
[   12.393095]  kfree_sensitive+0x2e/0x90
[   12.393114]  kmalloc_double_kzfree+0x19c/0x350
[   12.393145]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   12.393168]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.393193]  ? trace_hardirqs_on+0x37/0xe0
[   12.393216]  ? __pfx_read_tsc+0x10/0x10
[   12.393235]  ? ktime_get_ts64+0x86/0x230
[   12.393259]  kunit_try_run_case+0x1a5/0x480
[   12.393282]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.393306]  ? queued_spin_lock_slowpath+0x116/0xb40
[   12.393330]  ? __kthread_parkme+0x82/0x180
[   12.393349]  ? preempt_count_sub+0x50/0x80
[   12.393373]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.393396]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.393476]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.393500]  kthread+0x337/0x6f0
[   12.393519]  ? trace_preempt_on+0x20/0xc0
[   12.393540]  ? __pfx_kthread+0x10/0x10
[   12.393559]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.393581]  ? calculate_sigpending+0x7b/0xa0
[   12.393604]  ? __pfx_kthread+0x10/0x10
[   12.393625]  ret_from_fork+0x116/0x1d0
[   12.393643]  ? __pfx_kthread+0x10/0x10
[   12.393662]  ret_from_fork_asm+0x1a/0x30
[   12.393695]  </TASK>
[   12.393705] 
[   12.407424] Allocated by task 210:
[   12.407661]  kasan_save_stack+0x45/0x70
[   12.408109]  kasan_save_track+0x18/0x40
[   12.408423]  kasan_save_alloc_info+0x3b/0x50
[   12.408601]  __kasan_kmalloc+0xb7/0xc0
[   12.409095]  __kmalloc_cache_noprof+0x189/0x420
[   12.409534]  kmalloc_double_kzfree+0xa9/0x350
[   12.409694]  kunit_try_run_case+0x1a5/0x480
[   12.409846]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.410028]  kthread+0x337/0x6f0
[   12.410148]  ret_from_fork+0x116/0x1d0
[   12.410279]  ret_from_fork_asm+0x1a/0x30
[   12.410493] 
[   12.410736] Freed by task 210:
[   12.411064]  kasan_save_stack+0x45/0x70
[   12.411402]  kasan_save_track+0x18/0x40
[   12.411996]  kasan_save_free_info+0x3f/0x60
[   12.412390]  __kasan_slab_free+0x56/0x70
[   12.412917]  kfree+0x222/0x3f0
[   12.413224]  kfree_sensitive+0x67/0x90
[   12.413716]  kmalloc_double_kzfree+0x12b/0x350
[   12.414138]  kunit_try_run_case+0x1a5/0x480
[   12.414617]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.415103]  kthread+0x337/0x6f0
[   12.415416]  ret_from_fork+0x116/0x1d0
[   12.415919]  ret_from_fork_asm+0x1a/0x30
[   12.416276] 
[   12.416350] The buggy address belongs to the object at ffff8881016842e0
[   12.416350]  which belongs to the cache kmalloc-16 of size 16
[   12.417656] The buggy address is located 0 bytes inside of
[   12.417656]  16-byte region [ffff8881016842e0, ffff8881016842f0)
[   12.418116] 
[   12.418190] The buggy address belongs to the physical page:
[   12.418358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101684
[   12.419139] flags: 0x200000000000000(node=0|zone=2)
[   12.419677] page_type: f5(slab)
[   12.420073] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.420834] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.421761] page dumped because: kasan: bad access detected
[   12.421986] 
[   12.422057] Memory state around the buggy address:
[   12.422216]  ffff888101684180: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[   12.422537]  ffff888101684200: 00 02 fc fc 00 02 fc fc 00 06 fc fc 00 06 fc fc
[   12.423216] >ffff888101684280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   12.423939]                                                        ^
[   12.424560]  ffff888101684300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.425209]  ffff888101684380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.425969] ==================================================================
Metadata Full log Test run details 

[   12.556459] ==================================================================
[   12.556837] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90
[   12.557384] Free of addr ffff888101be2ea0 by task kunit_try_catch/209
[   12.558334] 
[   12.558706] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.558891] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.558903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.558925] Call Trace:
[   12.558943]  <TASK>
[   12.558962]  dump_stack_lvl+0x73/0xb0
[   12.559028]  print_report+0xd1/0x610
[   12.559053]  ? __virt_addr_valid+0x1db/0x2d0
[   12.559078]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.559100]  ? kfree_sensitive+0x2e/0x90
[   12.559121]  kasan_report_invalid_free+0x10a/0x130
[   12.559146]  ? kfree_sensitive+0x2e/0x90
[   12.559167]  ? kfree_sensitive+0x2e/0x90
[   12.559186]  check_slab_allocation+0x101/0x130
[   12.559208]  __kasan_slab_pre_free+0x28/0x40
[   12.559229]  kfree+0xf0/0x3f0
[   12.559251]  ? kfree_sensitive+0x2e/0x90
[   12.559273]  kfree_sensitive+0x2e/0x90
[   12.559293]  kmalloc_double_kzfree+0x19c/0x350
[   12.559317]  ? __pfx_kmalloc_double_kzfree+0x10/0x10
[   12.559341]  ? __schedule+0x10cc/0x2b60
[   12.559364]  ? __pfx_read_tsc+0x10/0x10
[   12.559385]  ? ktime_get_ts64+0x86/0x230
[   12.559425]  kunit_try_run_case+0x1a5/0x480
[   12.559449]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.559471]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.559495]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.559518]  ? __kthread_parkme+0x82/0x180
[   12.559539]  ? preempt_count_sub+0x50/0x80
[   12.559563]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.559586]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.559609]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.559633]  kthread+0x337/0x6f0
[   12.559652]  ? trace_preempt_on+0x20/0xc0
[   12.559674]  ? __pfx_kthread+0x10/0x10
[   12.559694]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.559715]  ? calculate_sigpending+0x7b/0xa0
[   12.559739]  ? __pfx_kthread+0x10/0x10
[   12.559760]  ret_from_fork+0x116/0x1d0
[   12.559777]  ? __pfx_kthread+0x10/0x10
[   12.559797]  ret_from_fork_asm+0x1a/0x30
[   12.559829]  </TASK>
[   12.559839] 
[   12.570631] Allocated by task 209:
[   12.570836]  kasan_save_stack+0x45/0x70
[   12.571069]  kasan_save_track+0x18/0x40
[   12.571662]  kasan_save_alloc_info+0x3b/0x50
[   12.571836]  __kasan_kmalloc+0xb7/0xc0
[   12.571970]  __kmalloc_cache_noprof+0x189/0x420
[   12.572141]  kmalloc_double_kzfree+0xa9/0x350
[   12.572296]  kunit_try_run_case+0x1a5/0x480
[   12.572442]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.572618]  kthread+0x337/0x6f0
[   12.572762]  ret_from_fork+0x116/0x1d0
[   12.574173]  ret_from_fork_asm+0x1a/0x30
[   12.574875] 
[   12.574991] Freed by task 209:
[   12.575172]  kasan_save_stack+0x45/0x70
[   12.575376]  kasan_save_track+0x18/0x40
[   12.576299]  kasan_save_free_info+0x3f/0x60
[   12.576527]  __kasan_slab_free+0x56/0x70
[   12.576679]  kfree+0x222/0x3f0
[   12.577020]  kfree_sensitive+0x67/0x90
[   12.577401]  kmalloc_double_kzfree+0x12b/0x350
[   12.577637]  kunit_try_run_case+0x1a5/0x480
[   12.577953]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.578422]  kthread+0x337/0x6f0
[   12.578576]  ret_from_fork+0x116/0x1d0
[   12.578839]  ret_from_fork_asm+0x1a/0x30
[   12.579285] 
[   12.579386] The buggy address belongs to the object at ffff888101be2ea0
[   12.579386]  which belongs to the cache kmalloc-16 of size 16
[   12.579984] The buggy address is located 0 bytes inside of
[   12.579984]  16-byte region [ffff888101be2ea0, ffff888101be2eb0)
[   12.580878] 
[   12.581160] The buggy address belongs to the physical page:
[   12.581430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101be2
[   12.581765] flags: 0x200000000000000(node=0|zone=2)
[   12.581981] page_type: f5(slab)
[   12.582489] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.582835] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.583286] page dumped because: kasan: bad access detected
[   12.583766] 
[   12.583871] Memory state around the buggy address:
[   12.584477]  ffff888101be2d80: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc
[   12.584786]  ffff888101be2e00: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc
[   12.585188] >ffff888101be2e80: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc
[   12.585644]                                ^
[   12.585835]  ffff888101be2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.586442]  ffff888101be2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.586760] ==================================================================
Metadata Full log Test run details