==================================================================
BUG: KASAN: double-free or invalid-free in tee_shm_alloc (/mnt/build/optee-qemu/linux/drivers/tee/tee_shm.c:210) 

CPU: 0 PID: 310 Comm: optee_example_h Not tainted 5.14.0 #10
Hardware name: Generic DT based system
(unwind_backtrace) from show_stack (/mnt/build/optee-qemu/linux/arch/arm/kernel/traps.c:254) 
(show_stack) from dump_stack_lvl (/mnt/build/optee-qemu/linux/lib/dump_stack.c:106 (discriminator 1)) 
(dump_stack_lvl) from print_address_description.constprop.0 (/mnt/build/optee-qemu/linux/mm/kasan/report.c:234) 
(print_address_description.constprop.0) from kasan_report_invalid_free (/mnt/build/optee-qemu/linux/mm/kasan/report.c:359) 
(kasan_report_invalid_free) from kfree (/mnt/build/optee-qemu/linux/./include/linux/vmstat.h:523 /mnt/build/optee-qemu/linux/mm/slub.c:3248 /mnt/build/optee-qemu/linux/mm/slub.c:4264) 
(kfree) from tee_shm_alloc (/mnt/build/optee-qemu/linux/drivers/tee/tee_shm.c:210) 
(tee_shm_alloc) from tee_ioctl (/mnt/build/optee-qemu/linux/drivers/tee/tee_core.c:296 /mnt/build/optee-qemu/linux/drivers/tee/tee_core.c:862) 
(tee_ioctl) from sys_ioctl (/mnt/build/optee-qemu/linux/fs/ioctl.c:52 /mnt/build/optee-qemu/linux/fs/ioctl.c:1029 /mnt/build/optee-qemu/linux/fs/ioctl.c:1067 /mnt/build/optee-qemu/linux/fs/ioctl.c:1055) 
(sys_ioctl) from ret_fast_syscall (/mnt/build/optee-qemu/linux/arch/arm/kernel/entry-common.S:51) 
Exception stack(0x86293fa8 to 0x86293ff0)
3fa0:                   00000016 000001a0 00000003 c010a401 20000080 00000001
3fc0: 00000016 000001a0 0049151d 00000036 47ba12d0 47ba0e10 47ba12d0 6ecaec88
3fe0: 47ba0cd0 47ba0cc0 00490e69 66c74d72

The buggy address belongs to the page:
page:(ptrval) refcount:0 mapcount:0 mapping:(ptrval) index:0x0 pfn:0x4686b
aops:0x40 ino:0
flags: 0x0(zone=0)
raw: 00000000 c0888d84 b80654bc 82401200 00000000 80200020 ffffffff 00000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
8686af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
8686b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>8686b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
8686b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
8686b180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================