Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 20.518108] ================================================================== [ 20.527779] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.535846] Write of size 1 at addr ffff000801939078 by task kunit_try_catch/186 [ 20.543224] [ 20.544711] CPU: 3 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 20.544769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.544784] Hardware name: WinLink E850-96 board (DT) [ 20.544802] Call trace: [ 20.544816] show_stack+0x20/0x38 (C) [ 20.544850] dump_stack_lvl+0x8c/0xd0 [ 20.544888] print_report+0x118/0x608 [ 20.544925] kasan_report+0xdc/0x128 [ 20.544956] __asan_report_store1_noabort+0x20/0x30 [ 20.544987] kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.545020] kunit_try_run_case+0x170/0x3f0 [ 20.545057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.545096] kthread+0x328/0x630 [ 20.545124] ret_from_fork+0x10/0x20 [ 20.545159] [ 20.609542] Allocated by task 186: [ 20.612931] kasan_save_stack+0x3c/0x68 [ 20.616748] kasan_save_track+0x20/0x40 [ 20.620567] kasan_save_alloc_info+0x40/0x58 [ 20.624820] __kasan_kmalloc+0xd4/0xd8 [ 20.628553] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 20.634108] kmalloc_track_caller_oob_right+0xa8/0x488 [ 20.639229] kunit_try_run_case+0x170/0x3f0 [ 20.643396] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.648866] kthread+0x328/0x630 [ 20.652076] ret_from_fork+0x10/0x20 [ 20.655635] [ 20.657113] The buggy address belongs to the object at ffff000801939000 [ 20.657113] which belongs to the cache kmalloc-128 of size 128 [ 20.669614] The buggy address is located 0 bytes to the right of [ 20.669614] allocated 120-byte region [ffff000801939000, ffff000801939078) [ 20.682545] [ 20.684023] The buggy address belongs to the physical page: [ 20.689581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881938 [ 20.697565] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.705204] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.712146] page_type: f5(slab) [ 20.715282] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 20.723002] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 20.730729] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 20.738539] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 20.746353] head: 0bfffe0000000001 fffffdffe0064e01 00000000ffffffff 00000000ffffffff [ 20.754165] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.761970] page dumped because: kasan: bad access detected [ 20.767527] [ 20.769001] Memory state around the buggy address: [ 20.773783] ffff000801938f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.780984] ffff000801938f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.788191] >ffff000801939000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.795390] ^ [ 20.802511] ffff000801939080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.809716] ffff000801939100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.816918] ==================================================================
[ 24.140091] ================================================================== [ 24.140253] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 24.140499] Write of size 1 at addr fff00000c5eeec78 by task kunit_try_catch/143 [ 24.140623] [ 24.140709] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.140900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.140963] Hardware name: linux,dummy-virt (DT) [ 24.141031] Call trace: [ 24.141078] show_stack+0x20/0x38 (C) [ 24.141200] dump_stack_lvl+0x8c/0xd0 [ 24.141334] print_report+0x118/0x608 [ 24.141445] kasan_report+0xdc/0x128 [ 24.141553] __asan_report_store1_noabort+0x20/0x30 [ 24.141671] kmalloc_track_caller_oob_right+0x418/0x488 [ 24.141817] kunit_try_run_case+0x170/0x3f0 [ 24.141936] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.142061] kthread+0x328/0x630 [ 24.142169] ret_from_fork+0x10/0x20 [ 24.142286] [ 24.142328] Allocated by task 143: [ 24.142388] kasan_save_stack+0x3c/0x68 [ 24.142497] kasan_save_track+0x20/0x40 [ 24.142611] kasan_save_alloc_info+0x40/0x58 [ 24.142775] __kasan_kmalloc+0xd4/0xd8 [ 24.142884] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 24.143040] kmalloc_track_caller_oob_right+0x184/0x488 [ 24.143194] kunit_try_run_case+0x170/0x3f0 [ 24.143389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.143594] kthread+0x328/0x630 [ 24.143706] ret_from_fork+0x10/0x20 [ 24.143802] [ 24.143932] The buggy address belongs to the object at fff00000c5eeec00 [ 24.143932] which belongs to the cache kmalloc-128 of size 128 [ 24.144064] The buggy address is located 0 bytes to the right of [ 24.144064] allocated 120-byte region [fff00000c5eeec00, fff00000c5eeec78) [ 24.144239] [ 24.144368] The buggy address belongs to the physical page: [ 24.144463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eee [ 24.145175] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.145328] page_type: f5(slab) [ 24.145435] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.145709] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.145849] page dumped because: kasan: bad access detected [ 24.145992] [ 24.146038] Memory state around the buggy address: [ 24.146153] fff00000c5eeeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.146426] fff00000c5eeeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.146527] >fff00000c5eeec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.146613] ^ [ 24.146726] fff00000c5eeec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.146837] fff00000c5eeed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.146975] ================================================================== [ 24.130572] ================================================================== [ 24.130758] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 24.130924] Write of size 1 at addr fff00000c5eeeb78 by task kunit_try_catch/143 [ 24.131050] [ 24.131138] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.131335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.131403] Hardware name: linux,dummy-virt (DT) [ 24.131501] Call trace: [ 24.131568] show_stack+0x20/0x38 (C) [ 24.131781] dump_stack_lvl+0x8c/0xd0 [ 24.131995] print_report+0x118/0x608 [ 24.132230] kasan_report+0xdc/0x128 [ 24.132401] __asan_report_store1_noabort+0x20/0x30 [ 24.132646] kmalloc_track_caller_oob_right+0x40c/0x488 [ 24.132881] kunit_try_run_case+0x170/0x3f0 [ 24.133047] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.133174] kthread+0x328/0x630 [ 24.133303] ret_from_fork+0x10/0x20 [ 24.133422] [ 24.133466] Allocated by task 143: [ 24.133535] kasan_save_stack+0x3c/0x68 [ 24.133632] kasan_save_track+0x20/0x40 [ 24.133750] kasan_save_alloc_info+0x40/0x58 [ 24.133900] __kasan_kmalloc+0xd4/0xd8 [ 24.134041] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 24.134172] kmalloc_track_caller_oob_right+0xa8/0x488 [ 24.134294] kunit_try_run_case+0x170/0x3f0 [ 24.134459] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.134613] kthread+0x328/0x630 [ 24.134740] ret_from_fork+0x10/0x20 [ 24.134837] [ 24.134916] The buggy address belongs to the object at fff00000c5eeeb00 [ 24.134916] which belongs to the cache kmalloc-128 of size 128 [ 24.135054] The buggy address is located 0 bytes to the right of [ 24.135054] allocated 120-byte region [fff00000c5eeeb00, fff00000c5eeeb78) [ 24.135231] [ 24.135293] The buggy address belongs to the physical page: [ 24.135406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eee [ 24.135546] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.135698] page_type: f5(slab) [ 24.135882] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.136031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.136285] page dumped because: kasan: bad access detected [ 24.136517] [ 24.136621] Memory state around the buggy address: [ 24.136719] fff00000c5eeea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.136884] fff00000c5eeea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.137182] >fff00000c5eeeb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.137317] ^ [ 24.137577] fff00000c5eeeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.137730] fff00000c5eeec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.137840] ==================================================================
[ 16.818827] ================================================================== [ 16.819627] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.821156] Write of size 1 at addr ffff8881022c3578 by task kunit_try_catch/159 [ 16.822462] [ 16.822655] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 16.822723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.822740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.822770] Call Trace: [ 16.822798] <TASK> [ 16.822838] dump_stack_lvl+0x73/0xb0 [ 16.822879] print_report+0xd1/0x650 [ 16.822913] ? __virt_addr_valid+0x1db/0x2d0 [ 16.822946] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.822981] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.823012] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.823048] kasan_report+0x141/0x180 [ 16.823132] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.823226] __asan_report_store1_noabort+0x1b/0x30 [ 16.823486] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.823578] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.823716] ? __schedule+0x10cc/0x2b60 [ 16.823756] ? __pfx_read_tsc+0x10/0x10 [ 16.823800] ? ktime_get_ts64+0x86/0x230 [ 16.823855] kunit_try_run_case+0x1a5/0x480 [ 16.823891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.823920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.823956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.823990] ? __kthread_parkme+0x82/0x180 [ 16.824020] ? preempt_count_sub+0x50/0x80 [ 16.824051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.824105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.824142] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.824270] kthread+0x337/0x6f0 [ 16.824307] ? trace_preempt_on+0x20/0xc0 [ 16.824343] ? __pfx_kthread+0x10/0x10 [ 16.824372] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.824404] ? calculate_sigpending+0x7b/0xa0 [ 16.824439] ? __pfx_kthread+0x10/0x10 [ 16.824468] ret_from_fork+0x116/0x1d0 [ 16.824493] ? __pfx_kthread+0x10/0x10 [ 16.824520] ret_from_fork_asm+0x1a/0x30 [ 16.824562] </TASK> [ 16.824577] [ 16.844962] Allocated by task 159: [ 16.845361] kasan_save_stack+0x45/0x70 [ 16.845689] kasan_save_track+0x18/0x40 [ 16.846979] kasan_save_alloc_info+0x3b/0x50 [ 16.847456] __kasan_kmalloc+0xb7/0xc0 [ 16.848118] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 16.849125] kmalloc_track_caller_oob_right+0x99/0x520 [ 16.849937] kunit_try_run_case+0x1a5/0x480 [ 16.850253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.850897] kthread+0x337/0x6f0 [ 16.851377] ret_from_fork+0x116/0x1d0 [ 16.851748] ret_from_fork_asm+0x1a/0x30 [ 16.852392] [ 16.852769] The buggy address belongs to the object at ffff8881022c3500 [ 16.852769] which belongs to the cache kmalloc-128 of size 128 [ 16.854496] The buggy address is located 0 bytes to the right of [ 16.854496] allocated 120-byte region [ffff8881022c3500, ffff8881022c3578) [ 16.855770] [ 16.856046] The buggy address belongs to the physical page: [ 16.856569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c3 [ 16.857933] flags: 0x200000000000000(node=0|zone=2) [ 16.858403] page_type: f5(slab) [ 16.858681] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.859768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.860918] page dumped because: kasan: bad access detected [ 16.861585] [ 16.861781] Memory state around the buggy address: [ 16.862571] ffff8881022c3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.864131] ffff8881022c3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.864883] >ffff8881022c3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.865655] ^ [ 16.866807] ffff8881022c3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.867557] ffff8881022c3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.868237] ================================================================== [ 16.871028] ================================================================== [ 16.872013] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.872758] Write of size 1 at addr ffff8881022c3678 by task kunit_try_catch/159 [ 16.874047] [ 16.874691] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 16.874859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.874900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.874958] Call Trace: [ 16.874977] <TASK> [ 16.874997] dump_stack_lvl+0x73/0xb0 [ 16.875034] print_report+0xd1/0x650 [ 16.875099] ? __virt_addr_valid+0x1db/0x2d0 [ 16.875153] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.875218] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.875254] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.875290] kasan_report+0x141/0x180 [ 16.875321] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.875363] __asan_report_store1_noabort+0x1b/0x30 [ 16.875392] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.875428] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.875466] ? __schedule+0x10cc/0x2b60 [ 16.875498] ? __pfx_read_tsc+0x10/0x10 [ 16.875528] ? ktime_get_ts64+0x86/0x230 [ 16.875561] kunit_try_run_case+0x1a5/0x480 [ 16.875589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.875615] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.875650] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.875684] ? __kthread_parkme+0x82/0x180 [ 16.875711] ? preempt_count_sub+0x50/0x80 [ 16.875743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.875770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.875832] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.875868] kthread+0x337/0x6f0 [ 16.875895] ? trace_preempt_on+0x20/0xc0 [ 16.875925] ? __pfx_kthread+0x10/0x10 [ 16.875953] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.875985] ? calculate_sigpending+0x7b/0xa0 [ 16.876019] ? __pfx_kthread+0x10/0x10 [ 16.876049] ret_from_fork+0x116/0x1d0 [ 16.876099] ? __pfx_kthread+0x10/0x10 [ 16.876128] ret_from_fork_asm+0x1a/0x30 [ 16.876169] </TASK> [ 16.876182] [ 16.896153] Allocated by task 159: [ 16.896746] kasan_save_stack+0x45/0x70 [ 16.897264] kasan_save_track+0x18/0x40 [ 16.897827] kasan_save_alloc_info+0x3b/0x50 [ 16.898348] __kasan_kmalloc+0xb7/0xc0 [ 16.898695] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 16.899669] kmalloc_track_caller_oob_right+0x19a/0x520 [ 16.900378] kunit_try_run_case+0x1a5/0x480 [ 16.900901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.901583] kthread+0x337/0x6f0 [ 16.902037] ret_from_fork+0x116/0x1d0 [ 16.902603] ret_from_fork_asm+0x1a/0x30 [ 16.903130] [ 16.903705] The buggy address belongs to the object at ffff8881022c3600 [ 16.903705] which belongs to the cache kmalloc-128 of size 128 [ 16.904855] The buggy address is located 0 bytes to the right of [ 16.904855] allocated 120-byte region [ffff8881022c3600, ffff8881022c3678) [ 16.906283] [ 16.906516] The buggy address belongs to the physical page: [ 16.907022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c3 [ 16.908043] flags: 0x200000000000000(node=0|zone=2) [ 16.908698] page_type: f5(slab) [ 16.909108] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.909690] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.910573] page dumped because: kasan: bad access detected [ 16.911136] [ 16.911646] Memory state around the buggy address: [ 16.912092] ffff8881022c3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.912771] ffff8881022c3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.913399] >ffff8881022c3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.913914] ^ [ 16.914537] ffff8881022c3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.915545] ffff8881022c3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.916330] ==================================================================
[ 47.061279] ================================================================== [ 47.068572] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x548 [ 47.076721] Write of size 1 at addr cc78e878 by task kunit_try_catch/194 [ 47.083465] [ 47.084960] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 47.084991] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 47.084991] Hardware name: Generic DRA74X (Flattened Device Tree) [ 47.085021] Call trace: [ 47.085021] unwind_backtrace from show_stack+0x18/0x1c [ 47.085052] show_stack from dump_stack_lvl+0x70/0x90 [ 47.085052] dump_stack_lvl from print_report+0x158/0x528 [ 47.085083] print_report from kasan_report+0xdc/0x118 [ 47.085113] kasan_report from kmalloc_track_caller_oob_right+0x4c8/0x548 [ 47.085144] kmalloc_track_caller_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 47.085174] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.085205] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 47.085205] kthread from ret_from_fork+0x14/0x20 [ 47.085235] Exception stack(0xf21bbfb0 to 0xf21bbff8) [ 47.085235] bfa0: 00000000 00000000 00000000 00000000 [ 47.085266] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 47.085266] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 47.085296] [ 47.193298] Allocated by task 194: [ 47.196716] kasan_save_track+0x30/0x5c [ 47.200592] __kasan_kmalloc+0x8c/0x94 [ 47.204376] __kmalloc_node_track_caller_noprof+0x210/0x470 [ 47.209991] kmalloc_track_caller_oob_right+0x1c4/0x548 [ 47.215240] kunit_try_run_case+0x22c/0x5a8 [ 47.219482] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.225006] kthread+0x464/0x810 [ 47.228271] ret_from_fork+0x14/0x20 [ 47.231872] [ 47.233367] The buggy address belongs to the object at cc78e800 [ 47.233367] which belongs to the cache kmalloc-128 of size 128 [ 47.245269] The buggy address is located 0 bytes to the right of [ 47.245269] allocated 120-byte region [cc78e800, cc78e878) [ 47.256896] [ 47.258392] The buggy address belongs to the physical page: [ 47.264007] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c78e [ 47.271270] flags: 0x0(zone=0) [ 47.274353] page_type: f5(slab) [ 47.277526] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 47.285675] raw: 00000000 [ 47.288299] page dumped because: kasan: bad access detected [ 47.293914] [ 47.295410] Memory state around the buggy address: [ 47.300231] cc78e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.306793] cc78e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.313385] >cc78e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 47.319946] ^ [ 47.326416] cc78e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.332977] cc78e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.339569] ================================================================== [ 46.771270] ================================================================== [ 46.782745] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c0/0x548 [ 46.790924] Write of size 1 at addr cc78e778 by task kunit_try_catch/194 [ 46.797668] [ 46.799163] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 46.799194] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 46.799194] Hardware name: Generic DRA74X (Flattened Device Tree) [ 46.799224] Call trace: [ 46.799224] unwind_backtrace from show_stack+0x18/0x1c [ 46.799255] show_stack from dump_stack_lvl+0x70/0x90 [ 46.799255] dump_stack_lvl from print_report+0x158/0x528 [ 46.799285] print_report from kasan_report+0xdc/0x118 [ 46.799316] kasan_report from kmalloc_track_caller_oob_right+0x4c0/0x548 [ 46.799346] kmalloc_track_caller_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 46.799377] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 46.799407] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 46.799407] kthread from ret_from_fork+0x14/0x20 [ 46.799438] Exception stack(0xf21bbfb0 to 0xf21bbff8) [ 46.799438] bfa0: 00000000 00000000 00000000 00000000 [ 46.799468] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 46.799468] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 46.799499] [ 46.907501] Allocated by task 194: [ 46.910949] kasan_save_track+0x30/0x5c [ 46.914794] __kasan_kmalloc+0x8c/0x94 [ 46.918579] __kmalloc_node_track_caller_noprof+0x210/0x470 [ 46.924194] kmalloc_track_caller_oob_right+0x98/0x548 [ 46.929382] kunit_try_run_case+0x22c/0x5a8 [ 46.933593] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 46.939117] kthread+0x464/0x810 [ 46.942382] ret_from_fork+0x14/0x20 [ 46.945983] [ 46.947479] The buggy address belongs to the object at cc78e700 [ 46.947479] which belongs to the cache kmalloc-128 of size 128 [ 46.959381] The buggy address is located 0 bytes to the right of [ 46.959381] allocated 120-byte region [cc78e700, cc78e778) [ 46.971008] [ 46.972503] The buggy address belongs to the physical page: [ 46.978118] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c78e [ 46.985382] flags: 0x0(zone=0) [ 46.988464] page_type: f5(slab) [ 46.991638] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 46.999786] raw: 00000000 [ 47.002410] page dumped because: kasan: bad access detected [ 47.008026] [ 47.009521] Memory state around the buggy address: [ 47.014343] cc78e600: 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc fc [ 47.020904] cc78e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.027496] >cc78e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 47.034057] ^ [ 47.040527] cc78e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.047119] cc78e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.053680] ==================================================================