Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 104.811215] ================================================================== [ 104.812011] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xc8/0x200 [ 104.813000] Read of size 1 at addr ffff0000c67feeff by task kunit_try_catch/205 [ 104.814099] [ 104.814445] CPU: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 104.815496] Hardware name: linux,dummy-virt (DT) [ 104.816216] Call trace: [ 104.816757] dump_backtrace+0xe0/0x134 [ 104.817424] show_stack+0x20/0x2c [ 104.817999] dump_stack_lvl+0x88/0xb4 [ 104.818666] print_report+0x158/0x44c [ 104.819289] kasan_report+0xc8/0x180 [ 104.819917] __asan_load1+0x68/0x74 [ 104.820587] kmalloc_oob_left+0xc8/0x200 [ 104.821305] kunit_try_run_case+0x8c/0x124 [ 104.822006] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 104.822669] kthread+0x15c/0x170 [ 104.823047] ret_from_fork+0x10/0x20 [ 104.823419] [ 104.823601] Allocated by task 1: [ 104.823951] kasan_save_stack+0x3c/0x70 [ 104.824536] kasan_set_track+0x2c/0x40 [ 104.825047] kasan_save_alloc_info+0x24/0x34 [ 104.825735] __kasan_kmalloc+0xd4/0xe0 [ 104.826126] __kmalloc_node_track_caller+0x70/0x1c0 [ 104.826562] kvasprintf+0xe8/0x190 [ 104.826997] __kthread_create_on_node+0x290/0x300 [ 104.827555] kthread_create_on_node+0xe4/0x130 [ 104.828204] kunit_try_catch_run+0xec/0x34c [ 104.829024] kunit_run_case_catch_errors+0x15c/0x1e8 [ 104.829897] kunit_run_tests+0x324/0x6c4 [ 104.830555] __kunit_test_suites_init+0x88/0xbc [ 104.831288] kunit_run_all_tests+0x18c/0x2f0 [ 104.831797] kernel_init_freeable+0x33c/0x380 [ 104.832219] kernel_init+0x2c/0x150 [ 104.832941] ret_from_fork+0x10/0x20 [ 104.833615] [ 104.833956] The buggy address belongs to the object at ffff0000c67fee00 [ 104.833956] which belongs to the cache kmalloc-128 of size 128 [ 104.835430] The buggy address is located 127 bytes to the right of [ 104.835430] 128-byte region [ffff0000c67fee00, ffff0000c67fee80) [ 104.836985] [ 104.837372] The buggy address belongs to the physical page: [ 104.838109] page:0000000038e10ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067fe [ 104.839251] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 104.839943] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 104.840482] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 104.840982] page dumped because: kasan: bad access detected [ 104.841355] [ 104.841533] Memory state around the buggy address: [ 104.842467] ffff0000c67fed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.843733] ffff0000c67fee00: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.845066] >ffff0000c67fee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.846289] ^ [ 104.847558] ffff0000c67fef00: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.848915] ffff0000c67fef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.850031] ==================================================================
[ 74.622957] ================================================================== [ 74.623870] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x9c/0x154 [ 74.624600] Read of size 1 at addr ffff0000c59e1dff by task kunit_try_catch/121 [ 74.625383] [ 74.625668] CPU: 0 PID: 121 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.626737] Hardware name: linux,dummy-virt (DT) [ 74.627158] Call trace: [ 74.627478] dump_backtrace+0xf8/0x118 [ 74.627992] show_stack+0x18/0x24 [ 74.628475] __dump_stack+0x28/0x38 [ 74.628936] dump_stack_lvl+0x54/0x6c [ 74.629363] print_address_description+0x7c/0x1ec [ 74.629933] print_report+0x50/0x68 [ 74.630388] kasan_report+0xac/0x100 [ 74.630841] __asan_load1+0x6c/0x70 [ 74.631318] kmalloc_oob_left+0x9c/0x154 [ 74.631841] kunit_try_run_case+0x80/0x184 [ 74.632440] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.633047] kthread+0x16c/0x21c [ 74.633790] ret_from_fork+0x10/0x20 [ 74.634235] [ 74.634444] Allocated by task 1: [ 74.634768] kasan_set_track+0x4c/0x80 [ 74.635281] kasan_save_alloc_info+0x28/0x34 [ 74.635782] __kasan_kmalloc+0x88/0xa0 [ 74.636250] __kmalloc_node_track_caller+0xc4/0xf0 [ 74.636840] kvasprintf+0xac/0x138 [ 74.637430] __kthread_create_on_node+0x1dc/0x28c [ 74.638018] kthread_create_on_node+0x8c/0xbc [ 74.638502] kunit_try_catch_run+0xac/0x314 [ 74.638992] kunit_run_tests+0x2fc/0xa40 [ 74.639431] __kunit_test_suites_init+0x74/0xa8 [ 74.639939] kunit_exec_run_tests+0x64/0x74 [ 74.640417] kunit_run_all_tests+0x88/0x1e0 [ 74.640950] kernel_init_freeable+0x174/0x1ec [ 74.641661] kernel_init+0x20/0x138 [ 74.642098] ret_from_fork+0x10/0x20 [ 74.642490] [ 74.642696] The buggy address belongs to the object at ffff0000c59e1d00 [ 74.642696] which belongs to the cache kmalloc-128 of size 128 [ 74.643601] The buggy address is located 127 bytes to the right of [ 74.643601] 128-byte region [ffff0000c59e1d00, ffff0000c59e1d80) [ 74.644559] [ 74.644774] The buggy address belongs to the physical page: [ 74.645312] page:000000000015983b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059e1 [ 74.646245] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.646951] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.647566] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.648237] page dumped because: kasan: bad access detected [ 74.648711] [ 74.648936] Memory state around the buggy address: [ 74.649434] ffff0000c59e1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.650267] ffff0000c59e1d00: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.650899] >ffff0000c59e1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.651518] ^ [ 74.652109] ffff0000c59e1e00: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.653274] ffff0000c59e1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.653892] ==================================================================
[ 73.584537] ================================================================== [ 73.585273] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x9c/0x154 [ 73.586507] Read of size 1 at addr ffff0000c54ff4ff by task kunit_try_catch/121 [ 73.588266] [ 73.588688] CPU: 1 PID: 121 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.590154] Hardware name: linux,dummy-virt (DT) [ 73.591228] Call trace: [ 73.591889] dump_backtrace+0xf4/0x114 [ 73.593065] show_stack+0x18/0x24 [ 73.593935] __dump_stack+0x28/0x38 [ 73.594901] dump_stack_lvl+0x50/0x68 [ 73.596079] print_address_description+0x7c/0x1ec [ 73.597179] print_report+0x50/0x68 [ 73.597962] kasan_report+0xac/0xfc [ 73.598394] __asan_load1+0x6c/0x70 [ 73.599003] kmalloc_oob_left+0x9c/0x154 [ 73.599929] kunit_try_run_case+0x80/0x184 [ 73.600792] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.601653] kthread+0x16c/0x21c [ 73.602282] ret_from_fork+0x10/0x20 [ 73.602922] [ 73.603225] Allocated by task 1: [ 73.603760] kasan_set_track+0x4c/0x80 [ 73.604451] kasan_save_alloc_info+0x28/0x34 [ 73.605139] __kasan_kmalloc+0x88/0xa0 [ 73.605834] kmalloc_trace+0x54/0x68 [ 73.606468] __kthread_create_on_node+0x90/0x28c [ 73.607219] kthread_create_on_node+0x8c/0xbc [ 73.608048] kunit_try_catch_run+0xac/0x30c [ 73.608490] kunit_run_tests+0x2f8/0xa3c [ 73.608907] __kunit_test_suites_init+0x74/0xa8 [ 73.609351] kunit_exec_run_tests+0x64/0x74 [ 73.609854] kunit_run_all_tests+0x88/0x1e0 [ 73.610380] kernel_init_freeable+0x174/0x1e4 [ 73.610832] kernel_init+0x20/0x138 [ 73.611372] ret_from_fork+0x10/0x20 [ 73.612018] [ 73.612255] Freed by task 1: [ 73.612591] kasan_set_track+0x4c/0x80 [ 73.613094] kasan_save_free_info+0x3c/0x60 [ 73.613622] ____kasan_slab_free+0xe8/0x140 [ 73.614134] __kasan_slab_free+0x18/0x28 [ 73.614636] __kmem_cache_free+0xdc/0x27c [ 73.615119] kfree+0x60/0x74 [ 73.615533] __kthread_create_on_node+0x204/0x28c [ 73.616307] kthread_create_on_node+0x8c/0xbc [ 73.616802] kunit_try_catch_run+0xac/0x30c [ 73.617316] kunit_run_tests+0x2f8/0xa3c [ 73.617776] __kunit_test_suites_init+0x74/0xa8 [ 73.618291] kunit_exec_run_tests+0x64/0x74 [ 73.618769] kunit_run_all_tests+0x88/0x1e0 [ 73.619271] kernel_init_freeable+0x174/0x1e4 [ 73.619769] kernel_init+0x20/0x138 [ 73.620219] ret_from_fork+0x10/0x20 [ 73.620647] [ 73.620897] The buggy address belongs to the object at ffff0000c54ff400 [ 73.620897] which belongs to the cache kmalloc-128 of size 128 [ 73.621812] The buggy address is located 127 bytes to the right of [ 73.621812] 128-byte region [ffff0000c54ff400, ffff0000c54ff480) [ 73.622734] [ 73.622963] The buggy address belongs to the physical page: [ 73.623415] page:00000000a33f1f12 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054ff [ 73.624401] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.625127] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.625884] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.626497] page dumped because: kasan: bad access detected [ 73.626989] [ 73.627178] Memory state around the buggy address: [ 73.627638] ffff0000c54ff380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.628504] ffff0000c54ff400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.629148] >ffff0000c54ff480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.629757] ^ [ 73.630336] ffff0000c54ff500: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.630931] ffff0000c54ff580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.631530] ==================================================================
[ 72.247949] ================================================================== [ 72.248958] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xc0/0x200 [ 72.249744] Read of size 1 at addr ffff0000c596cfff by task kunit_try_catch/121 [ 72.250672] [ 72.251128] CPU: 1 PID: 121 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.251825] Hardware name: linux,dummy-virt (DT) [ 72.252331] Call trace: [ 72.252709] dump_backtrace.part.0+0xdc/0xf0 [ 72.253305] show_stack+0x18/0x30 [ 72.253876] dump_stack_lvl+0x64/0x80 [ 72.254290] print_report+0x158/0x438 [ 72.254749] kasan_report+0xb4/0xf4 [ 72.255149] __asan_load1+0x68/0x74 [ 72.255638] kmalloc_oob_left+0xc0/0x200 [ 72.256115] kunit_try_run_case+0x84/0x120 [ 72.256575] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.257148] kthread+0x180/0x190 [ 72.257516] ret_from_fork+0x10/0x20 [ 72.257936] [ 72.258149] The buggy address belongs to the object at ffff0000c596cf00 [ 72.258149] which belongs to the cache cred_jar of size 176 [ 72.259311] The buggy address is located 79 bytes to the right of [ 72.259311] 176-byte region [ffff0000c596cf00, ffff0000c596cfb0) [ 72.260199] [ 72.260406] The buggy address belongs to the physical page: [ 72.260871] page:000000008af61330 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10596c [ 72.261591] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 72.262534] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c02ce000 [ 72.263205] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.263804] page dumped because: kasan: bad access detected [ 72.264239] [ 72.264428] Memory state around the buggy address: [ 72.264879] ffff0000c596ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.265472] ffff0000c596cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.266319] >ffff0000c596cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.266904] ^ [ 72.267472] ffff0000c596d000: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.268064] ffff0000c596d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.268634] ==================================================================
[ 63.932914] ================================================================== [ 63.934144] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xd4/0x1e8 [ 63.934755] Read of size 1 at addr ffff0000c580feff by task kunit_try_catch/119 [ 63.935289] [ 63.935507] CPU: 0 PID: 119 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 63.936144] Hardware name: linux,dummy-virt (DT) [ 63.936582] Call trace: [ 63.936874] dump_backtrace+0x110/0x120 [ 63.937302] show_stack+0x18/0x28 [ 63.938151] dump_stack_lvl+0x68/0x84 [ 63.938567] print_report+0x158/0x484 [ 63.938966] kasan_report+0x98/0xe0 [ 63.939355] __asan_load1+0x68/0x78 [ 63.939744] kmalloc_oob_left+0xd4/0x1e8 [ 63.940167] kunit_try_run_case+0x7c/0x120 [ 63.940611] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 63.941091] kthread+0x1a4/0x1b8 [ 63.941606] ret_from_fork+0x10/0x20 [ 63.941978] [ 63.942158] Allocated by task 1: [ 63.942523] kasan_save_stack+0x2c/0x58 [ 63.942891] kasan_set_track+0x2c/0x40 [ 63.943422] kasan_save_alloc_info+0x24/0x38 [ 63.943844] __kasan_kmalloc+0xa0/0xb8 [ 63.944213] kmalloc_trace+0x50/0x68 [ 63.944601] __kthread_create_on_node+0xc8/0x2c0 [ 63.945044] kthread_create_on_node+0xa4/0xd8 [ 63.945937] kunit_try_catch_run+0xe8/0x348 [ 63.946378] kunit_run_case_catch_errors+0x150/0x1c8 [ 63.946872] kunit_run_tests+0x2d4/0x7a0 [ 63.947272] __kunit_test_suites_init+0x84/0xb8 [ 63.947733] kunit_run_all_tests+0x188/0x2f0 [ 63.948183] kernel_init_freeable+0x2f4/0x338 [ 63.948650] kernel_init+0x24/0x148 [ 63.949004] ret_from_fork+0x10/0x20 [ 63.949387] [ 63.949839] Freed by task 1: [ 63.950129] kasan_save_stack+0x2c/0x58 [ 63.950519] kasan_set_track+0x2c/0x40 [ 63.950901] kasan_save_free_info+0x38/0x60 [ 63.951356] __kasan_slab_free+0xe8/0x158 [ 63.951709] __kmem_cache_free+0x138/0x2b0 [ 63.952164] kfree+0x5c/0x70 [ 63.952494] __kthread_create_on_node+0x18c/0x2c0 [ 63.952918] kthread_create_on_node+0xa4/0xd8 [ 63.953326] kunit_try_catch_run+0xe8/0x348 [ 63.953755] kunit_run_case_catch_errors+0x150/0x1c8 [ 63.954224] kunit_run_tests+0x2d4/0x7a0 [ 63.954639] __kunit_test_suites_init+0x84/0xb8 [ 63.955075] kunit_run_all_tests+0x188/0x2f0 [ 63.955957] kernel_init_freeable+0x2f4/0x338 [ 63.956421] kernel_init+0x24/0x148 [ 63.956784] ret_from_fork+0x10/0x20 [ 63.957162] [ 63.957360] The buggy address belongs to the object at ffff0000c580fe00 [ 63.957360] which belongs to the cache kmalloc-128 of size 128 [ 63.958458] The buggy address is located 127 bytes to the right of [ 63.958458] 128-byte region [ffff0000c580fe00, ffff0000c580fe80) [ 63.959318] [ 63.959500] The buggy address belongs to the physical page: [ 63.959910] page:0000000019561651 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10580f [ 63.960649] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 63.961256] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 63.962510] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 63.963047] page dumped because: kasan: bad access detected [ 63.963504] [ 63.963691] Memory state around the buggy address: [ 63.964077] ffff0000c580fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.964632] ffff0000c580fe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.965196] >ffff0000c580fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.966107] ^ [ 63.966624] ffff0000c580ff00: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.967182] ffff0000c580ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.967725] ==================================================================
[ 30.273889] ================================================================== [ 30.274291] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xcb/0x1e0 [ 30.274625] Read of size 1 at addr ffff888102f54abf by task kunit_try_catch/225 [ 30.274989] [ 30.275135] CPU: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.275585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.276098] Call Trace: [ 30.276285] <TASK> [ 30.276414] dump_stack_lvl+0x49/0x62 [ 30.276653] print_report+0x189/0x492 [ 30.276936] ? kasan_complete_mode_report_info+0x7c/0x200 [ 30.277300] ? kmalloc_oob_left+0xcb/0x1e0 [ 30.277546] kasan_report+0x10c/0x190 [ 30.277789] ? kmalloc_oob_left+0xcb/0x1e0 [ 30.278086] __asan_load1+0x62/0x70 [ 30.278319] kmalloc_oob_left+0xcb/0x1e0 [ 30.278503] ? kmalloc_pagealloc_oob_right+0x1c0/0x1c0 [ 30.278794] ? __kunit_add_resource+0xd1/0x100 [ 30.279123] kunit_try_run_case+0x8f/0xd0 [ 30.279426] ? kunit_catch_run_case+0x80/0x80 [ 30.279658] ? kunit_try_catch_throw+0x40/0x40 [ 30.279934] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.280267] kthread+0x17b/0x1b0 [ 30.280492] ? kthread_complete_and_exit+0x30/0x30 [ 30.280760] ret_from_fork+0x22/0x30 [ 30.281025] </TASK> [ 30.281207] [ 30.281324] Allocated by task 27: [ 30.281539] kasan_save_stack+0x41/0x70 [ 30.281798] kasan_set_track+0x25/0x40 [ 30.282020] kasan_save_alloc_info+0x1e/0x30 [ 30.282296] __kasan_kmalloc+0xb6/0xc0 [ 30.282546] __kmalloc_node_track_caller+0x62/0x170 [ 30.282858] kvasprintf+0xc2/0x150 [ 30.283036] kasprintf+0xb3/0xe0 [ 30.283246] input_devnode+0x3b/0x50 [ 30.283419] device_get_devnode+0xcb/0x150 [ 30.283670] dev_uevent+0x28e/0x410 [ 30.283880] kobject_uevent_env+0x33b/0x890 [ 30.284139] kobject_uevent+0xb/0x20 [ 30.284422] device_add+0x73a/0xf50 [ 30.284662] cdev_device_add+0xf2/0x160 [ 30.284836] evdev_connect+0x228/0x260 [ 30.285064] input_attach_handler.isra.0+0xb8/0xe0 [ 30.285354] input_register_device.cold+0xcc/0x1a3 [ 30.285628] psmouse_connect+0x4f0/0x680 [ 30.285893] serio_driver_probe+0x55/0x70 [ 30.286087] really_probe+0x138/0x520 [ 30.286439] __driver_probe_device+0xcd/0x1d0 [ 30.286682] driver_probe_device+0x4f/0x100 [ 30.286938] __driver_attach+0x13c/0x290 [ 30.287213] bus_for_each_dev+0x10c/0x160 [ 30.287453] driver_attach+0x2b/0x40 [ 30.287664] serio_handle_event+0x199/0x3c0 [ 30.287847] process_one_work+0x444/0x750 [ 30.288089] worker_thread+0x91/0x6c0 [ 30.288434] kthread+0x17b/0x1b0 [ 30.288634] ret_from_fork+0x22/0x30 [ 30.288942] [ 30.289103] Freed by task 27: [ 30.289283] kasan_save_stack+0x41/0x70 [ 30.289496] kasan_set_track+0x25/0x40 [ 30.289669] kasan_save_free_info+0x2e/0x50 [ 30.290031] ____kasan_slab_free+0x175/0x1d0 [ 30.290331] __kasan_slab_free+0x12/0x20 [ 30.290592] __kmem_cache_free+0x188/0x2f0 [ 30.290847] kfree+0x78/0x120 [ 30.291052] dev_uevent+0x2e1/0x410 [ 30.291314] kobject_uevent_env+0x33b/0x890 [ 30.291585] kobject_uevent+0xb/0x20 [ 30.291797] device_add+0x73a/0xf50 [ 30.292001] cdev_device_add+0xf2/0x160 [ 30.292439] evdev_connect+0x228/0x260 [ 30.292683] input_attach_handler.isra.0+0xb8/0xe0 [ 30.292877] input_register_device.cold+0xcc/0x1a3 [ 30.293251] psmouse_connect+0x4f0/0x680 [ 30.293693] serio_driver_probe+0x55/0x70 [ 30.293991] really_probe+0x138/0x520 [ 30.294255] __driver_probe_device+0xcd/0x1d0 [ 30.294571] driver_probe_device+0x4f/0x100 [ 30.294852] __driver_attach+0x13c/0x290 [ 30.295070] bus_for_each_dev+0x10c/0x160 [ 30.295333] driver_attach+0x2b/0x40 [ 30.295577] serio_handle_event+0x199/0x3c0 [ 30.295814] process_one_work+0x444/0x750 [ 30.296156] worker_thread+0x91/0x6c0 [ 30.296367] kthread+0x17b/0x1b0 [ 30.296516] ret_from_fork+0x22/0x30 [ 30.296790] [ 30.296950] The buggy address belongs to the object at ffff888102f54aa0 [ 30.296950] which belongs to the cache kmalloc-16 of size 16 [ 30.297614] The buggy address is located 15 bytes to the right of [ 30.297614] 16-byte region [ffff888102f54aa0, ffff888102f54ab0) [ 30.298196] [ 30.298356] The buggy address belongs to the physical page: [ 30.298627] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 30.298974] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.299338] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 30.299857] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 30.300176] page dumped because: kasan: bad access detected [ 30.300600] [ 30.300700] Memory state around the buggy address: [ 30.300954] ffff888102f54980: 00 02 fc fc 00 05 fc fc 00 02 fc fc 00 02 fc fc [ 30.301298] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 30.301684] >ffff888102f54a80: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 30.302025] ^ [ 30.302310] ffff888102f54b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.302650] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.302990] ==================================================================