[ 3737.204371] Running test [R:12670516 T:7 - KUNIT - Kernel: 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug] [ 3750.633811] # Subtest: bitfields [ 3750.633824] 1..2 [ 3750.639179] ok 1 - test_bitfields_constants [ 3750.640322] ok 2 - test_bitfields_variables [ 3750.641638] ok 1 - bitfields [ 3751.345483] # Subtest: cmdline [ 3751.345496] 1..4 [ 3751.349705] ok 1 - cmdline_test_noint [ 3751.351060] ok 2 - cmdline_test_lead_int [ 3751.353456] ok 3 - cmdline_test_tail_int [ 3751.355159] ok 4 - cmdline_test_range [ 3751.356473] ok 2 - cmdline [ 3752.186406] # Subtest: ext4_inode_test [ 3752.186417] 1..1 [ 3752.190721] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits [ 3752.192110] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits [ 3752.196063] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits [ 3752.199988] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits [ 3752.203215] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on [ 3752.207087] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on [ 3752.210401] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on [ 3752.214353] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on [ 3752.218121] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on [ 3752.222066] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on [ 3752.225956] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on [ 3752.229306] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on [ 3752.233246] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns [ 3752.237244] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns [ 3752.240855] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on [ 3752.244990] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on [ 3752.248156] ok 1 - inode_test_xtimestamp_decoding [ 3752.251169] ok 3 - ext4_inode_test [ 3753.656310] # Subtest: kunit-try-catch-test [ 3753.656321] 1..2 [ 3753.661929] ok 1 - kunit_test_try_catch_successful_try_no_catch [ 3753.663956] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch [ 3753.665669] ok 4 - kunit-try-catch-test [ 3753.670753] # Subtest: kunit-resource-test [ 3753.670761] 1..7 [ 3753.672694] ok 1 - kunit_resource_test_init_resources [ 3753.674173] ok 2 - kunit_resource_test_alloc_resource [ 3753.676102] ok 3 - kunit_resource_test_destroy_resource [ 3753.678757] ok 4 - kunit_resource_test_cleanup_resources [ 3753.680876] ok 5 - kunit_resource_test_proper_free_ordering [ 3753.683275] ok 6 - kunit_resource_test_static [ 3753.685840] ok 7 - kunit_resource_test_named [ 3753.687292] ok 5 - kunit-resource-test [ 3753.690692] # Subtest: kunit-log-test [ 3753.690700] 1..1 [ 3753.692642] put this in log. [ 3753.693252] this too. [ 3753.694153] add to suite log. [ 3753.694805] along with this. [ 3753.697190] ok 1 - kunit_log_test [ 3753.698065] ok 6 - kunit-log-test [ 3753.701051] # Subtest: kunit_status [ 3753.701059] 1..2 [ 3753.702959] ok 1 - kunit_status_set_failure_test [ 3753.704004] ok 2 - kunit_status_mark_skipped_test [ 3753.705427] ok 7 - kunit_status [ 3754.144548] # Subtest: list-kunit-test [ 3754.144560] 1..36 [ 3754.148861] ok 1 - list_test_list_init [ 3754.149959] ok 2 - list_test_list_add [ 3754.152025] ok 3 - list_test_list_add_tail [ 3754.153965] ok 4 - list_test_list_del [ 3754.155699] ok 5 - list_test_list_replace [ 3754.157733] ok 6 - list_test_list_replace_init [ 3754.161448] ok 7 - list_test_list_swap [ 3754.163196] ok 8 - list_test_list_del_init [ 3754.165404] ok 9 - list_test_list_move [ 3754.167115] ok 10 - list_test_list_move_tail [ 3754.169275] ok 11 - list_test_list_bulk_move_tail [ 3754.171229] ok 12 - list_test_list_is_first [ 3754.173564] ok 13 - list_test_list_is_last [ 3754.175772] ok 14 - list_test_list_empty [ 3754.177826] ok 15 - list_test_list_empty_careful [ 3754.179712] ok 16 - list_test_list_rotate_left [ 3754.181956] ok 17 - list_test_list_rotate_to_front [ 3754.183696] ok 18 - list_test_list_is_singular [ 3754.185985] ok 19 - list_test_list_cut_position [ 3754.187809] ok 20 - list_test_list_cut_before [ 3754.190198] ok 21 - list_test_list_splice [ 3754.192006] ok 22 - list_test_list_splice_tail [ 3754.194220] ok 23 - list_test_list_splice_init [ 3754.196482] ok 24 - list_test_list_splice_tail_init [ 3754.199030] ok 25 - list_test_list_entry [ 3754.201081] ok 26 - list_test_list_first_entry [ 3754.203572] ok 27 - list_test_list_last_entry [ 3754.205457] ok 28 - list_test_list_first_entry_or_null [ 3754.207573] ok 29 - list_test_list_next_entry [ 3754.209908] ok 30 - list_test_list_prev_entry [ 3754.211717] ok 31 - list_test_list_for_each [ 3754.213934] ok 32 - list_test_list_for_each_prev [ 3754.215753] ok 33 - list_test_list_for_each_safe [ 3754.218073] ok 34 - list_test_list_for_each_prev_safe [ 3754.219938] ok 35 - list_test_list_for_each_entry [ 3754.222719] ok 36 - list_test_list_for_each_entry_reverse [ 3754.224306] ok 8 - list-kunit-test [ 3754.390296] # Subtest: memcpy [ 3754.390308] 1..3 [ 3754.394471] # memset_test: ok: memset() direct assignment [ 3754.396646] # memset_test: ok: memset() complete overwrite [ 3754.398216] # memset_test: ok: memset() middle overwrite [ 3754.399746] # memset_test: ok: memset() argument side-effects [ 3754.401367] # memset_test: ok: memset() memset_after() [ 3754.402850] # memset_test: ok: memset() memset_startat() [ 3754.407068] ok 1 - memset_test [ 3754.412109] # memcpy_test: ok: memcpy() static initializers [ 3754.414730] # memcpy_test: ok: memcpy() direct assignment [ 3754.416294] # memcpy_test: ok: memcpy() complete overwrite [ 3754.417858] # memcpy_test: ok: memcpy() middle overwrite [ 3754.419357] # memcpy_test: ok: memcpy() argument side-effects [ 3754.422319] ok 2 - memcpy_test [ 3754.424490] # memmove_test: ok: memmove() static initializers [ 3754.427101] # memmove_test: ok: memmove() direct assignment [ 3754.428692] # memmove_test: ok: memmove() complete overwrite [ 3754.430299] # memmove_test: ok: memmove() middle overwrite [ 3754.431856] # memmove_test: ok: memmove() argument side-effects [ 3754.433515] # memmove_test: ok: memmove() overlapping write [ 3754.436323] ok 3 - memmove_test [ 3754.436333] ok 9 - memcpy [ 3754.886395] # Subtest: mptcp-crypto [ 3754.886405] 1..1 [ 3754.890663] ok 1 - mptcp_crypto_test_basic [ 3754.891332] ok 10 - mptcp-crypto [ 3755.071451] # Subtest: mptcp-token [ 3755.071465] 1..4 [ 3755.076051] ok 1 - mptcp_token_test_req_basic [ 3755.077700] ok 2 - mptcp_token_test_msk_basic [ 3755.079933] ok 3 - mptcp_token_test_accept [ 3755.081888] ok 4 - mptcp_token_test_destroyed [ 3755.083243] ok 11 - mptcp-token [ 3755.611724] # Subtest: rational [ 3755.611737] 1..1 [ 3755.620811] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term [ 3755.621884] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term [ 3755.625040] # rational_test: ok 3 - Closest to zero [ 3755.627960] # rational_test: ok 4 - Closest to smallest non-zero [ 3755.630142] # rational_test: ok 5 - Use convergent [ 3755.632690] # rational_test: ok 6 - Exact answer [ 3755.634643] # rational_test: ok 7 - Semiconvergent, numerator limit [ 3755.636991] # rational_test: ok 8 - Semiconvergent, denominator limit [ 3755.638921] ok 1 - rational_test [ 3755.640754] ok 12 - rational [ 3755.805367] # Subtest: resource [ 3755.805379] 1..2 [ 3755.811439] ok 1 - resource_test_union [ 3755.812866] ok 2 - resource_test_intersection [ 3755.814038] ok 13 - resource [ 3755.984182] # Subtest: slub_test [ 3755.984193] 1..2 [ 3756.010266] ok 1 - test_clobber_zone [ 3756.020729] ok 2 - test_clobber_redzone_free [ 3756.021875] ok 14 - slub_test [ 3756.783506] # Subtest: snd_soc_tplg_test [ 3756.783516] 1..11 [ 3756.792392] ok 1 - snd_soc_tplg_test_load_with_null_comp [ 3756.794375] ok 2 - snd_soc_tplg_test_load_with_null_ops [ 3756.796971] ok 3 - snd_soc_tplg_test_load_with_null_fw [ 3756.801807] ok 4 - snd_soc_tplg_test_load_empty_tplg [ 3756.804609] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic [ 3756.807407] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi [ 3756.810475] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size [ 3756.813200] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size [ 3756.816217] ok 9 - snd_soc_tplg_test_load_pcm_tplg [ 3756.820758] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp [ 3756.826411] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3756.834303] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3756.889722] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3756.901410] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3756.939486] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3756.948036] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3756.982773] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3756.992138] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.033545] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.046052] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.092592] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.108617] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.161865] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.189159] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.243243] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.255025] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.294191] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.303279] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.342799] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.353175] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.399826] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.409187] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.444656] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.452943] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.490311] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.501491] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.553551] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.563249] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.598806] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.613956] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.652660] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.667518] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.703472] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.714406] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.763745] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.779244] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.823142] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.833210] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.879752] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.899657] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3757.955224] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3757.964145] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.013961] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.023200] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.059493] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.070118] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.121920] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.132249] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.168431] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.183163] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.228382] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.237205] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.274756] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.284251] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.343296] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.356695] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.390550] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.399101] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.447680] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.467206] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.525169] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.533102] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.573819] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.584201] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.620642] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.631169] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.689698] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.699228] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.736832] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.754999] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.789489] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.796912] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.830086] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.837876] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.890720] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.897903] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.932715] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.943190] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3758.977181] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3758.987128] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.021616] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.056830] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.089828] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.097849] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.134151] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.141833] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.185517] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.201404] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.236867] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.250017] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.287413] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.301860] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.340509] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.350047] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.409546] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.424125] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.456541] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.463835] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.501076] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.508842] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.559283] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.573805] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.615402] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.623809] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.656280] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.667323] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.721458] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.731049] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.769576] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.780262] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.818114] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.830048] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.888543] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.896793] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.936274] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.943808] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3759.979335] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3759.989024] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.038349] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.047978] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.083572] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.102771] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.147639] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.163956] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.206790] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.217015] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.254484] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.271129] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.307488] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.326711] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.402938] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.415910] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.456717] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.467939] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.505512] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.515208] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.572504] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.587121] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.622622] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.641196] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.676753] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.685765] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.737413] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.751968] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.786352] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.797947] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.832272] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.841973] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.900092] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.928955] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3760.968136] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3760.977014] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.013567] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.023088] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.078382] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.095041] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.131993] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.140975] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.184565] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.193690] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.245314] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.261579] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.298593] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.309987] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.346074] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.359657] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.407867] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.431873] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.468033] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.478020] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.517166] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.533916] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.586456] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.599920] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.636269] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.646774] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.687262] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.702651] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.756485] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.766972] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.802340] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.813843] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.852572] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.860933] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.920167] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.929876] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3761.966209] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3761.983853] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3762.023087] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3762.033818] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3762.087914] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3762.096917] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3762.132495] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3762.147934] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3762.187148] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3762.196828] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3762.255046] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3762.268875] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3762.304384] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3762.314565] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3762.353940] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card [ 3762.353956] ok 15 - snd_soc_tplg_test [ 3764.046348] # Subtest: sysctl_test [ 3764.046359] 1..10 [ 3764.052736] ok 1 - sysctl_test_api_dointvec_null_tbl_data [ 3764.054775] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset [ 3764.059475] ok 3 - sysctl_test_api_dointvec_table_len_is_zero [ 3764.064779] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set [ 3764.068695] ok 5 - sysctl_test_dointvec_read_happy_single_positive [ 3764.077408] ok 6 - sysctl_test_dointvec_read_happy_single_negative [ 3764.082729] ok 7 - sysctl_test_dointvec_write_happy_single_positive [ 3764.094778] ok 8 - sysctl_test_dointvec_write_happy_single_negative [ 3764.098788] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min [ 3764.105064] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max [ 3764.106939] ok 16 - sysctl_test [ 3764.493229] # Subtest: bits-test [ 3764.493241] 1..3 [ 3764.504724] ok 1 - genmask_test [ 3764.507660] ok 2 - genmask_ull_test [ 3764.512005] ok 3 - genmask_input_check_test [ 3764.513271] ok 17 - bits-test [ 3766.185573] # Subtest: kasan [ 3766.185585] 1..51 [ 3766.196699] ================================================================== [ 3766.199216] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3766.201337] Write of size 1 at addr ffff88807936ec73 by task kunit_try_catch/117906 [ 3766.203340] [ 3766.203774] CPU: 0 PID: 117906 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.206790] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.208310] Call Trace: [ 3766.208993] dump_stack_lvl+0x57/0x81 [ 3766.209987] print_address_description.constprop.0+0x1f/0x140 [ 3766.211511] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3766.212962] __kasan_report.cold+0x7f/0x122 [ 3766.214089] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3766.215529] kasan_report+0x38/0x50 [ 3766.216474] kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3766.217864] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 3766.219289] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 3766.220826] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.222304] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.223674] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.224974] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.226317] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.227926] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.229290] kthread+0x361/0x420 [ 3766.230165] ? _raw_spin_unlock_irq+0x24/0x50 [ 3766.231325] ? set_kthread_struct+0x110/0x110 [ 3766.232496] ret_from_fork+0x1f/0x30 [ 3766.233504] [ 3766.233928] Allocated by task 117906: [ 3766.234913] kasan_save_stack+0x1e/0x50 [ 3766.235942] __kasan_kmalloc+0x81/0xa0 [ 3766.236947] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 3766.238303] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.239595] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.241203] kthread+0x361/0x420 [ 3766.242071] ret_from_fork+0x1f/0x30 [ 3766.243024] [ 3766.243442] Last potentially related work creation: [ 3766.244733] kasan_save_stack+0x1e/0x50 [ 3766.245756] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.246964] insert_work+0x47/0x310 [ 3766.247879] __queue_work+0x4dd/0xd60 [ 3766.248753] rcu_work_rcufn+0x42/0x70 [ 3766.249627] rcu_do_batch+0x3c2/0xdc0 [ 3766.250616] rcu_core+0x3de/0x5a0 [ 3766.251509] __do_softirq+0x2d0/0x9a8 [ 3766.252493] [ 3766.252920] Second to last potentially related work creation: [ 3766.254426] kasan_save_stack+0x1e/0x50 [ 3766.255447] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.256645] call_rcu+0xee/0x890 [ 3766.257512] queue_rcu_work+0x5a/0x70 [ 3766.258490] writeback_sb_inodes+0x373/0xd00 [ 3766.259624] __writeback_inodes_wb+0xb7/0x210 [ 3766.260787] wb_writeback+0x686/0xa10 [ 3766.261762] wb_do_writeback+0x539/0x8a0 [ 3766.262806] wb_workfn+0x16a/0x700 [ 3766.263711] process_one_work+0x8c8/0x1590 [ 3766.264797] worker_thread+0x59b/0x1010 [ 3766.265817] kthread+0x361/0x420 [ 3766.266619] ret_from_fork+0x1f/0x30 [ 3766.267476] [ 3766.267882] The buggy address belongs to the object at ffff88807936ec00 [ 3766.267882] which belongs to the cache kmalloc-128 of size 128 [ 3766.271112] The buggy address is located 115 bytes inside of [ 3766.271112] 128-byte region [ffff88807936ec00, ffff88807936ec80) [ 3766.274089] The buggy address belongs to the page: [ 3766.275340] page:00000000b5801451 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7936e [ 3766.277621] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3766.279306] raw: 000fffffc0000200 ffffea0001fc7640 dead000000000004 ffff8880010418c0 [ 3766.281182] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3766.283102] page dumped because: kasan: bad access detected [ 3766.284454] [ 3766.284885] Memory state around the buggy address: [ 3766.286149] ffff88807936eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3766.288038] ffff88807936eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.289934] >ffff88807936ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 3766.291814] ^ [ 3766.293596] ffff88807936ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.295452] ffff88807936ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3766.297134] ================================================================== [ 3766.298928] Disabling lock debugging due to kernel taint [ 3766.300403] ================================================================== [ 3766.302128] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3766.304243] Write of size 1 at addr ffff88807936ec78 by task kunit_try_catch/117906 [ 3766.306235] [ 3766.306651] CPU: 0 PID: 117906 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.310109] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.311624] Call Trace: [ 3766.312289] dump_stack_lvl+0x57/0x81 [ 3766.313260] print_address_description.constprop.0+0x1f/0x140 [ 3766.314738] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3766.316008] __kasan_report.cold+0x7f/0x122 [ 3766.317001] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3766.318270] kasan_report+0x38/0x50 [ 3766.319203] kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3766.320578] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 3766.321980] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 3766.323480] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.324950] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.326283] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.327567] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.328901] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.330354] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.331654] kthread+0x361/0x420 [ 3766.332516] ? _raw_spin_unlock_irq+0x24/0x50 [ 3766.333666] ? set_kthread_struct+0x110/0x110 [ 3766.334829] ret_from_fork+0x1f/0x30 [ 3766.335790] [ 3766.336202] Allocated by task 117906: [ 3766.337171] kasan_save_stack+0x1e/0x50 [ 3766.338189] __kasan_kmalloc+0x81/0xa0 [ 3766.339187] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 3766.340403] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.341698] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.343287] kthread+0x361/0x420 [ 3766.344056] ret_from_fork+0x1f/0x30 [ 3766.345012] [ 3766.345425] Last potentially related work creation: [ 3766.346708] kasan_save_stack+0x1e/0x50 [ 3766.347731] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.348927] insert_work+0x47/0x310 [ 3766.349854] __queue_work+0x4dd/0xd60 [ 3766.350744] rcu_work_rcufn+0x42/0x70 [ 3766.351611] rcu_do_batch+0x3c2/0xdc0 [ 3766.352582] rcu_core+0x3de/0x5a0 [ 3766.353440] __do_softirq+0x2d0/0x9a8 [ 3766.354312] [ 3766.354682] Second to last potentially related work creation: [ 3766.356078] kasan_save_stack+0x1e/0x50 [ 3766.357110] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.358180] call_rcu+0xee/0x890 [ 3766.359061] queue_rcu_work+0x5a/0x70 [ 3766.360024] writeback_sb_inodes+0x373/0xd00 [ 3766.361151] __writeback_inodes_wb+0xb7/0x210 [ 3766.362297] wb_writeback+0x686/0xa10 [ 3766.363270] wb_do_writeback+0x539/0x8a0 [ 3766.364314] wb_workfn+0x16a/0x700 [ 3766.365219] process_one_work+0x8c8/0x1590 [ 3766.366303] worker_thread+0x59b/0x1010 [ 3766.367320] kthread+0x361/0x420 [ 3766.368171] ret_from_fork+0x1f/0x30 [ 3766.369013] [ 3766.369382] The buggy address belongs to the object at ffff88807936ec00 [ 3766.369382] which belongs to the cache kmalloc-128 of size 128 [ 3766.372437] The buggy address is located 120 bytes inside of [ 3766.372437] 128-byte region [ffff88807936ec00, ffff88807936ec80) [ 3766.375316] The buggy address belongs to the page: [ 3766.376442] page:00000000b5801451 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7936e [ 3766.378830] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3766.380623] raw: 000fffffc0000200 ffffea0001fc7640 dead000000000004 ffff8880010418c0 [ 3766.382636] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3766.384643] page dumped because: kasan: bad access detected [ 3766.386101] [ 3766.386514] Memory state around the buggy address: [ 3766.387779] ffff88807936eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3766.389656] ffff88807936eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.391538] >ffff88807936ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 3766.393420] ^ [ 3766.395281] ffff88807936ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.397157] ffff88807936ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3766.399043] ================================================================== [ 3766.400946] ================================================================== [ 3766.402826] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3766.404844] Read of size 1 at addr ffff88807936ec80 by task kunit_try_catch/117906 [ 3766.406699] [ 3766.407118] CPU: 0 PID: 117906 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.410769] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.412251] Call Trace: [ 3766.412844] dump_stack_lvl+0x57/0x81 [ 3766.413709] print_address_description.constprop.0+0x1f/0x140 [ 3766.415109] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3766.416493] __kasan_report.cold+0x7f/0x122 [ 3766.417478] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3766.418747] kasan_report+0x38/0x50 [ 3766.419695] kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3766.420987] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 3766.422237] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 3766.423590] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.425006] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.426261] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.427407] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.428595] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.430158] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.431507] kthread+0x361/0x420 [ 3766.432371] ? _raw_spin_unlock_irq+0x24/0x50 [ 3766.433521] ? set_kthread_struct+0x110/0x110 [ 3766.434679] ret_from_fork+0x1f/0x30 [ 3766.435650] [ 3766.436070] Allocated by task 117906: [ 3766.437041] kasan_save_stack+0x1e/0x50 [ 3766.438062] __kasan_kmalloc+0x81/0xa0 [ 3766.439058] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 3766.440411] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.441693] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.443283] kthread+0x361/0x420 [ 3766.444141] ret_from_fork+0x1f/0x30 [ 3766.445083] [ 3766.445452] Last potentially related work creation: [ 3766.446708] kasan_save_stack+0x1e/0x50 [ 3766.447726] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.448824] insert_work+0x47/0x310 [ 3766.449649] __queue_work+0x4dd/0xd60 [ 3766.450622] rcu_work_rcufn+0x42/0x70 [ 3766.451590] rcu_do_batch+0x3c2/0xdc0 [ 3766.452555] rcu_core+0x3de/0x5a0 [ 3766.453433] __do_softirq+0x2d0/0x9a8 [ 3766.454405] [ 3766.454822] Second to last potentially related work creation: [ 3766.456320] kasan_save_stack+0x1e/0x50 [ 3766.459640] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.460850] call_rcu+0xee/0x890 [ 3766.461704] queue_rcu_work+0x5a/0x70 [ 3766.462676] writeback_sb_inodes+0x373/0xd00 [ 3766.463728] __writeback_inodes_wb+0xb7/0x210 [ 3766.464887] wb_writeback+0x686/0xa10 [ 3766.465789] wb_do_writeback+0x539/0x8a0 [ 3766.466716] wb_workfn+0x16a/0x700 [ 3766.467519] process_one_work+0x8c8/0x1590 [ 3766.468584] worker_thread+0x59b/0x1010 [ 3766.469609] kthread+0x361/0x420 [ 3766.470467] ret_from_fork+0x1f/0x30 [ 3766.471417] [ 3766.471838] The buggy address belongs to the object at ffff88807936ec00 [ 3766.471838] which belongs to the cache kmalloc-128 of size 128 [ 3766.475053] The buggy address is located 0 bytes to the right of [ 3766.475053] 128-byte region [ffff88807936ec00, ffff88807936ec80) [ 3766.478165] The buggy address belongs to the page: [ 3766.479421] page:00000000b5801451 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7936e [ 3766.481832] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3766.483617] raw: 000fffffc0000200 ffffea0001fc7640 dead000000000004 ffff8880010418c0 [ 3766.485628] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3766.487637] page dumped because: kasan: bad access detected [ 3766.489097] [ 3766.489508] Memory state around the buggy address: [ 3766.490767] ffff88807936eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.492636] ffff88807936ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 3766.494521] >ffff88807936ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.496397] ^ [ 3766.497235] ffff88807936ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3766.499093] ffff88807936ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.500977] ================================================================== [ 3766.505596] ok 1 - kmalloc_oob_right [ 3766.511489] ================================================================== [ 3766.514132] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3766.515992] Read of size 1 at addr ffff888006237fdf by task kunit_try_catch/117907 [ 3766.517754] [ 3766.518126] CPU: 0 PID: 117907 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.521386] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.522734] Call Trace: [ 3766.523327] dump_stack_lvl+0x57/0x81 [ 3766.524201] print_address_description.constprop.0+0x1f/0x140 [ 3766.525555] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3766.526810] __kasan_report.cold+0x7f/0x122 [ 3766.527806] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3766.529055] kasan_report+0x38/0x50 [ 3766.529887] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3766.531101] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan] [ 3766.532566] ? do_raw_spin_trylock+0xb5/0x180 [ 3766.533595] ? do_raw_spin_lock+0x270/0x270 [ 3766.534587] ? rcu_read_lock_sched_held+0x12/0x80 [ 3766.535703] ? lock_acquire+0x228/0x2d0 [ 3766.536617] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3766.537799] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.539106] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.540295] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.541447] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.542639] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.544075] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.545286] kthread+0x361/0x420 [ 3766.546148] ? set_kthread_struct+0x110/0x110 [ 3766.547253] ret_from_fork+0x1f/0x30 [ 3766.548118] [ 3766.548488] Allocated by task 117814: [ 3766.549357] kasan_save_stack+0x1e/0x50 [ 3766.550374] __kasan_kmalloc+0x81/0xa0 [ 3766.551365] proc_self_get_link+0x165/0x1d0 [ 3766.552468] pick_link+0x86c/0xfb0 [ 3766.553378] step_into+0x507/0xd50 [ 3766.554240] walk_component+0x11f/0x5b0 [ 3766.555146] link_path_walk.part.0.constprop.0+0x53f/0x9b0 [ 3766.556428] path_lookupat+0x79/0x6b0 [ 3766.557294] filename_lookup+0x19b/0x530 [ 3766.558220] do_utimes+0xe9/0x190 [ 3766.559012] __x64_sys_utimensat+0x150/0x200 [ 3766.560020] do_syscall_64+0x59/0x90 [ 3766.560876] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3766.562153] [ 3766.562567] Freed by task 117814: [ 3766.563370] kasan_save_stack+0x1e/0x50 [ 3766.564277] kasan_set_track+0x21/0x30 [ 3766.565166] kasan_set_free_info+0x20/0x40 [ 3766.566137] __kasan_slab_free+0xec/0x120 [ 3766.567200] slab_free_freelist_hook+0xa3/0x1d0 [ 3766.568394] kfree+0xdc/0x4e0 [ 3766.569188] walk_component+0x1ee/0x5b0 [ 3766.570168] link_path_walk.part.0.constprop.0+0x468/0x9b0 [ 3766.571445] path_lookupat+0x79/0x6b0 [ 3766.572310] filename_lookup+0x19b/0x530 [ 3766.573235] do_utimes+0xe9/0x190 [ 3766.574027] __x64_sys_utimensat+0x150/0x200 [ 3766.575034] do_syscall_64+0x59/0x90 [ 3766.575880] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3766.577064] [ 3766.577432] The buggy address belongs to the object at ffff888006237fc0 [ 3766.577432] which belongs to the cache kmalloc-16 of size 16 [ 3766.580285] The buggy address is located 15 bytes to the right of [ 3766.580285] 16-byte region [ffff888006237fc0, ffff888006237fd0) [ 3766.583071] The buggy address belongs to the page: [ 3766.584194] page:000000006c79857a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6237 [ 3766.586326] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3766.587936] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3766.589734] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3766.591528] page dumped because: kasan: bad access detected [ 3766.593005] [ 3766.593376] Memory state around the buggy address: [ 3766.594499] ffff888006237e80: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 3766.596169] ffff888006237f00: fb fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3766.597851] >ffff888006237f80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 07 fc fc [ 3766.599520] ^ [ 3766.600949] ffff888006238000: 00 00 00 00 00 fc fc 00 00 00 00 00 fc fc 00 00 [ 3766.602621] ffff888006238080: 00 00 00 fc fc 00 00 00 00 00 fc fc 00 00 00 00 [ 3766.604297] ================================================================== [ 3766.606268] ok 2 - kmalloc_oob_left [ 3766.614421] ================================================================== [ 3766.617061] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3766.619043] Read of size 1 at addr ffff88807b5b1000 by task kunit_try_catch/117908 [ 3766.620804] [ 3766.621177] CPU: 0 PID: 117908 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.624566] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.625967] Call Trace: [ 3766.626557] dump_stack_lvl+0x57/0x81 [ 3766.627499] print_address_description.constprop.0+0x1f/0x140 [ 3766.628965] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3766.630329] __kasan_report.cold+0x7f/0x122 [ 3766.631321] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3766.632685] kasan_report+0x38/0x50 [ 3766.633518] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3766.634844] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan] [ 3766.636033] ? do_raw_spin_trylock+0xb5/0x180 [ 3766.637063] ? do_raw_spin_lock+0x270/0x270 [ 3766.638047] ? rcu_read_lock_sched_held+0x12/0x80 [ 3766.639152] ? lock_acquire+0x228/0x2d0 [ 3766.640060] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3766.641231] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.642540] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.643738] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.644886] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.646075] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.647490] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.648695] kthread+0x361/0x420 [ 3766.649470] ? set_kthread_struct+0x110/0x110 [ 3766.650505] ret_from_fork+0x1f/0x30 [ 3766.651366] [ 3766.651741] Allocated by task 117908: [ 3766.652608] kasan_save_stack+0x1e/0x50 [ 3766.653514] __kasan_kmalloc+0x81/0xa0 [ 3766.654402] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan] [ 3766.655711] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.656855] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.658278] kthread+0x361/0x420 [ 3766.659047] ret_from_fork+0x1f/0x30 [ 3766.659893] [ 3766.660263] Last potentially related work creation: [ 3766.661490] kasan_save_stack+0x1e/0x50 [ 3766.662508] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.663709] insert_work+0x47/0x310 [ 3766.664632] __queue_work+0x4dd/0xd60 [ 3766.665602] queue_work_on+0x7f/0x90 [ 3766.666549] rcu_do_batch+0x3c2/0xdc0 [ 3766.667521] rcu_core+0x3de/0x5a0 [ 3766.668401] __do_softirq+0x2d0/0x9a8 [ 3766.669371] [ 3766.669789] Second to last potentially related work creation: [ 3766.671286] kasan_save_stack+0x1e/0x50 [ 3766.672301] __kasan_record_aux_stack+0xb2/0xc0 [ 3766.673488] call_rcu+0xee/0x890 [ 3766.674350] deactivate_locked_super+0x109/0x140 [ 3766.675561] cleanup_mnt+0x31f/0x4a0 [ 3766.676507] task_work_run+0xcb/0x170 [ 3766.677474] do_exit+0x51d/0xc30 [ 3766.678335] do_group_exit+0xec/0x2a0 [ 3766.679303] __x64_sys_exit_group+0x3a/0x50 [ 3766.680405] do_syscall_64+0x59/0x90 [ 3766.681352] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3766.682680] [ 3766.683097] The buggy address belongs to the object at ffff88807b5b0000 [ 3766.683097] which belongs to the cache kmalloc-4k of size 4096 [ 3766.686324] The buggy address is located 0 bytes to the right of [ 3766.686324] 4096-byte region [ffff88807b5b0000, ffff88807b5b1000) [ 3766.689459] The buggy address belongs to the page: [ 3766.690720] page:0000000027e3fb39 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b5b0 [ 3766.693135] head:0000000027e3fb39 order:3 compound_mapcount:0 compound_pincount:0 [ 3766.695080] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 3766.696987] raw: 000fffffc0010200 dead000000000100 dead000000000122 ffff888001042140 [ 3766.698998] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 3766.701007] page dumped because: kasan: bad access detected [ 3766.702459] [ 3766.702877] Memory state around the buggy address: [ 3766.704133] ffff88807b5b0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3766.706007] ffff88807b5b0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3766.707888] >ffff88807b5b1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.709760] ^ [ 3766.710613] ffff88807b5b1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.712483] ffff88807b5b1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.714357] ================================================================== [ 3766.717439] ok 3 - kmalloc_node_oob_right [ 3766.720420] ================================================================== [ 3766.723479] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3766.725818] Write of size 1 at addr ffff8880104d200a by task kunit_try_catch/117909 [ 3766.727804] [ 3766.728217] CPU: 0 PID: 117909 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.733884] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.735290] Call Trace: [ 3766.735888] dump_stack_lvl+0x57/0x81 [ 3766.736763] print_address_description.constprop.0+0x1f/0x140 [ 3766.738111] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3766.739571] __kasan_report.cold+0x7f/0x122 [ 3766.740553] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3766.742017] kasan_report+0x38/0x50 [ 3766.742846] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3766.744270] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan] [ 3766.745613] ? do_raw_spin_trylock+0xb5/0x180 [ 3766.746643] ? do_raw_spin_lock+0x270/0x270 [ 3766.747623] ? rcu_read_lock_sched_held+0x12/0x80 [ 3766.748733] ? lock_acquire+0x228/0x2d0 [ 3766.749634] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3766.750811] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.752113] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.753298] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.754510] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.755817] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.757349] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.758608] kthread+0x361/0x420 [ 3766.759375] ? set_kthread_struct+0x110/0x110 [ 3766.760398] ret_from_fork+0x1f/0x30 [ 3766.761325] [ 3766.761741] The buggy address belongs to the page: [ 3766.762923] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3766.765100] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3766.766988] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3766.768587] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3766.770390] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3766.772349] page dumped because: kasan: bad access detected [ 3766.773643] [ 3766.774020] Memory state around the buggy address: [ 3766.775143] ffff8880104d1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3766.776823] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3766.778498] >ffff8880104d2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3766.780319] ^ [ 3766.781173] ffff8880104d2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3766.782954] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3766.784703] ================================================================== [ 3766.786983] ok 4 - kmalloc_pagealloc_oob_right [ 3766.791395] ================================================================== [ 3766.794263] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3766.796150] Read of size 1 at addr ffff8880104d0000 by task kunit_try_catch/117910 [ 3766.797911] [ 3766.798288] CPU: 0 PID: 117910 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.801563] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.803067] Call Trace: [ 3766.803703] dump_stack_lvl+0x57/0x81 [ 3766.804575] print_address_description.constprop.0+0x1f/0x140 [ 3766.805928] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3766.807385] __kasan_report.cold+0x7f/0x122 [ 3766.808497] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3766.809945] kasan_report+0x38/0x50 [ 3766.810777] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3766.812090] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan] [ 3766.813754] ? do_raw_spin_trylock+0xb5/0x180 [ 3766.814813] ? do_raw_spin_lock+0x270/0x270 [ 3766.815800] ? rcu_read_lock_sched_held+0x12/0x80 [ 3766.816909] ? lock_acquire+0x228/0x2d0 [ 3766.817918] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3766.819113] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.820418] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.821607] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.822760] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.823941] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.825363] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.826572] kthread+0x361/0x420 [ 3766.827337] ? set_kthread_struct+0x110/0x110 [ 3766.828365] ret_from_fork+0x1f/0x30 [ 3766.829228] [ 3766.829596] The buggy address belongs to the page: [ 3766.830724] page:00000000e02a0f8e refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3766.832879] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 3766.834473] raw: 000fffffc0000000 ffffea0000640f08 ffff88808a800030 0000000000000000 [ 3766.836342] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 3766.838178] page dumped because: kasan: bad access detected [ 3766.839602] [ 3766.839978] Memory state around the buggy address: [ 3766.841101] ffff8880104cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.842877] ffff8880104cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.844670] >ffff8880104d0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.846349] ^ [ 3766.847122] ffff8880104d0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.848795] ffff8880104d0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.850624] ================================================================== [ 3766.852665] ok 5 - kmalloc_pagealloc_uaf [ 3766.855450] ================================================================== [ 3766.858490] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3766.860976] [ 3766.861348] CPU: 0 PID: 117911 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.864791] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.866130] Call Trace: [ 3766.866725] dump_stack_lvl+0x57/0x81 [ 3766.867721] print_address_description.constprop.0+0x1f/0x140 [ 3766.869228] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3766.870933] kasan_report_invalid_free+0x70/0xa0 [ 3766.872152] kfree+0x27c/0x4e0 [ 3766.872983] ? kmalloc_order+0xb4/0x100 [ 3766.874007] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3766.875599] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan] [ 3766.877081] ? do_raw_spin_trylock+0xb5/0x180 [ 3766.878244] ? do_raw_spin_lock+0x270/0x270 [ 3766.879354] ? rcu_read_lock_sched_held+0x12/0x80 [ 3766.880597] ? lock_acquire+0x228/0x2d0 [ 3766.881613] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3766.882932] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.884398] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.885738] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.887023] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.888354] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.889949] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.891296] kthread+0x361/0x420 [ 3766.892160] ? set_kthread_struct+0x110/0x110 [ 3766.893309] ret_from_fork+0x1f/0x30 [ 3766.894273] [ 3766.894692] The buggy address belongs to the page: [ 3766.895940] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3766.898328] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3766.900272] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3766.902060] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3766.904076] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3766.906079] page dumped because: kasan: bad access detected [ 3766.907533] [ 3766.907954] Memory state around the buggy address: [ 3766.909205] ffff8880104cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.911092] ffff8880104cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3766.912865] >ffff8880104d0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3766.914624] ^ [ 3766.915483] ffff8880104d0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3766.917353] ffff8880104d0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3766.919227] ================================================================== [ 3766.921863] ok 6 - kmalloc_pagealloc_invalid_free [ 3766.924362] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3766.928418] ================================================================== [ 3766.932382] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3766.934316] Read of size 1 at addr ffff8880684d0000 by task kunit_try_catch/117913 [ 3766.936281] [ 3766.936699] CPU: 0 PID: 117913 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3766.940349] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3766.941849] Call Trace: [ 3766.942510] dump_stack_lvl+0x57/0x81 [ 3766.943487] print_address_description.constprop.0+0x1f/0x140 [ 3766.945002] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3766.946331] __kasan_report.cold+0x7f/0x122 [ 3766.947449] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3766.948778] kasan_report+0x38/0x50 [ 3766.949713] pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3766.950994] ? krealloc_more_oob+0x10/0x10 [test_kasan] [ 3766.952363] ? do_raw_spin_trylock+0xb5/0x180 [ 3766.953514] ? do_raw_spin_lock+0x270/0x270 [ 3766.954620] ? rcu_read_lock_sched_held+0x12/0x80 [ 3766.955869] ? lock_acquire+0x228/0x2d0 [ 3766.956884] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3766.958194] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3766.959662] ? kunit_add_resource+0x197/0x280 [kunit] [ 3766.961004] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3766.962287] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3766.963615] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3766.965215] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3766.966565] kthread+0x361/0x420 [ 3766.967423] ? set_kthread_struct+0x110/0x110 [ 3766.968570] ret_from_fork+0x1f/0x30 [ 3766.969546] [ 3766.969967] The buggy address belongs to the page: [ 3766.971222] page:000000000f3f99a9 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x684d0 [ 3766.973711] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 3766.975392] raw: 000fffffc0000000 ffffea000061ac08 ffff8881342d5aa0 0000000000000000 [ 3766.977407] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 3766.979420] page dumped because: kasan: bad access detected [ 3766.980881] [ 3766.981295] Memory state around the buggy address: [ 3766.982554] ffff8880684cff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.984435] ffff8880684cff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.986317] >ffff8880684d0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.988189] ^ [ 3766.989051] ffff8880684d0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.990930] ffff8880684d0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3766.992802] ================================================================== [ 3766.996530] ok 8 - pagealloc_uaf [ 3767.001376] ================================================================== [ 3767.006551] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3767.008816] Write of size 1 at addr ffff888019ac1f00 by task kunit_try_catch/117914 [ 3767.010805] [ 3767.011217] CPU: 0 PID: 117914 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.014870] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.016363] Call Trace: [ 3767.017032] dump_stack_lvl+0x57/0x81 [ 3767.018013] print_address_description.constprop.0+0x1f/0x140 [ 3767.019516] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3767.021067] __kasan_report.cold+0x7f/0x122 [ 3767.022174] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3767.023728] kasan_report+0x38/0x50 [ 3767.024653] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3767.026157] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan] [ 3767.027506] ? do_raw_spin_trylock+0xb5/0x180 [ 3767.028659] ? do_raw_spin_lock+0x270/0x270 [ 3767.029768] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.031006] ? lock_acquire+0x228/0x2d0 [ 3767.032025] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3767.033342] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.034801] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.036130] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.037406] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.038733] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.040318] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.041674] kthread+0x361/0x420 [ 3767.042530] ? set_kthread_struct+0x110/0x110 [ 3767.043679] ret_from_fork+0x1f/0x30 [ 3767.044633] [ 3767.045049] Allocated by task 117914: [ 3767.046016] kasan_save_stack+0x1e/0x50 [ 3767.047024] __kasan_kmalloc+0x81/0xa0 [ 3767.048011] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan] [ 3767.049482] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.050759] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.052345] kthread+0x361/0x420 [ 3767.053205] ret_from_fork+0x1f/0x30 [ 3767.054152] [ 3767.054563] The buggy address belongs to the object at ffff888019ac0000 [ 3767.054563] which belongs to the cache kmalloc-8k of size 8192 [ 3767.057781] The buggy address is located 7936 bytes inside of [ 3767.057781] 8192-byte region [ffff888019ac0000, ffff888019ac2000) [ 3767.060846] The buggy address belongs to the page: [ 3767.062097] page:0000000087e5fa5f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19ac0 [ 3767.064502] head:0000000087e5fa5f order:3 compound_mapcount:0 compound_pincount:0 [ 3767.066448] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.068353] raw: 000fffffc0010200 0000000000000000 dead000000000001 ffff888001042280 [ 3767.070360] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 3767.072362] page dumped because: kasan: bad access detected [ 3767.073819] [ 3767.074233] Memory state around the buggy address: [ 3767.075497] ffff888019ac1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.077371] ffff888019ac1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.079248] >ffff888019ac1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.081116] ^ [ 3767.081976] ffff888019ac1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.083856] ffff888019ac2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.085725] ================================================================== [ 3767.088078] ok 9 - kmalloc_large_oob_right [ 3767.091347] ================================================================== [ 3767.094433] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.096713] Write of size 1 at addr ffff888008881ceb by task kunit_try_catch/117915 [ 3767.098708] [ 3767.099125] CPU: 0 PID: 117915 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.102794] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.104295] Call Trace: [ 3767.104966] dump_stack_lvl+0x57/0x81 [ 3767.105946] print_address_description.constprop.0+0x1f/0x140 [ 3767.107451] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.109032] __kasan_report.cold+0x7f/0x122 [ 3767.110148] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.111733] kasan_report+0x38/0x50 [ 3767.112657] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.114206] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3767.115579] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.116831] ? lock_acquire+0x228/0x2d0 [ 3767.117857] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.119324] ? do_raw_spin_lock+0x270/0x270 [ 3767.120433] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.121679] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.123284] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.124593] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.125931] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.127208] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.128541] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.130140] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.131492] kthread+0x361/0x420 [ 3767.132357] ? set_kthread_struct+0x110/0x110 [ 3767.133510] ret_from_fork+0x1f/0x30 [ 3767.134478] [ 3767.134897] Allocated by task 117915: [ 3767.135864] kasan_save_stack+0x1e/0x50 [ 3767.136880] __kasan_krealloc+0xed/0x130 [ 3767.137917] krealloc+0x50/0xe0 [ 3767.138754] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 3767.140278] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.141560] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.143156] kthread+0x361/0x420 [ 3767.144020] ret_from_fork+0x1f/0x30 [ 3767.144971] [ 3767.145385] Last potentially related work creation: [ 3767.146673] kasan_save_stack+0x1e/0x50 [ 3767.147693] __kasan_record_aux_stack+0xb2/0xc0 [ 3767.148892] kvfree_call_rcu+0x7d/0x840 [ 3767.149910] drop_sysctl_table+0x338/0x460 [ 3767.150997] unregister_sysctl_table+0x9c/0x180 [ 3767.152189] retire_userns_sysctls+0x58/0x80 [ 3767.153280] free_user_ns+0xd3/0x2c0 [ 3767.154123] process_one_work+0x8c8/0x1590 [ 3767.155094] worker_thread+0x59b/0x1010 [ 3767.156000] kthread+0x361/0x420 [ 3767.156767] ret_from_fork+0x1f/0x30 [ 3767.157612] [ 3767.157987] Second to last potentially related work creation: [ 3767.159330] kasan_save_stack+0x1e/0x50 [ 3767.160236] __kasan_record_aux_stack+0xb2/0xc0 [ 3767.161305] kvfree_call_rcu+0x7d/0x840 [ 3767.162212] drop_sysctl_table+0x338/0x460 [ 3767.163256] unregister_sysctl_table+0x9c/0x180 [ 3767.164449] neigh_sysctl_unregister+0x56/0x80 [ 3767.165624] inetdev_event+0xbf3/0xf40 [ 3767.166621] notifier_call_chain+0x9b/0x180 [ 3767.167731] unregister_netdevice_many+0x56b/0x11a0 [ 3767.169016] default_device_exit_batch+0x2b0/0x370 [ 3767.170277] cleanup_net+0x42b/0x9a0 [ 3767.171228] process_one_work+0x8c8/0x1590 [ 3767.172283] worker_thread+0x59b/0x1010 [ 3767.173197] kthread+0x361/0x420 [ 3767.174015] ret_from_fork+0x1f/0x30 [ 3767.174969] [ 3767.175360] The buggy address belongs to the object at ffff888008881c00 [ 3767.175360] which belongs to the cache kmalloc-256 of size 256 [ 3767.178332] The buggy address is located 235 bytes inside of [ 3767.178332] 256-byte region [ffff888008881c00, ffff888008881d00) [ 3767.181157] The buggy address belongs to the page: [ 3767.182417] page:00000000ae6d7c25 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8881 [ 3767.184814] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.186611] raw: 000fffffc0000200 ffffea0001a9d500 dead000000000003 ffff888001041b40 [ 3767.188580] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3767.190490] page dumped because: kasan: bad access detected [ 3767.191891] [ 3767.192265] Memory state around the buggy address: [ 3767.193405] ffff888008881b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.195103] ffff888008881c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.196789] >ffff888008881c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 3767.198469] ^ [ 3767.200034] ffff888008881d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.201731] ffff888008881d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.203412] ================================================================== [ 3767.205196] ================================================================== [ 3767.206887] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.208921] Write of size 1 at addr ffff888008881cf0 by task kunit_try_catch/117915 [ 3767.210705] [ 3767.211085] CPU: 0 PID: 117915 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.214415] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.215932] Call Trace: [ 3767.216594] dump_stack_lvl+0x57/0x81 [ 3767.217572] print_address_description.constprop.0+0x1f/0x140 [ 3767.219082] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.220663] __kasan_report.cold+0x7f/0x122 [ 3767.221776] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.223354] kasan_report+0x38/0x50 [ 3767.224284] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.225817] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3767.227199] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.228434] ? lock_acquire+0x228/0x2d0 [ 3767.229445] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.230842] ? do_raw_spin_lock+0x270/0x270 [ 3767.231832] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.232993] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.234590] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.235902] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.237242] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.238534] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.239880] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.241431] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.242659] kthread+0x361/0x420 [ 3767.243538] ? set_kthread_struct+0x110/0x110 [ 3767.244643] ret_from_fork+0x1f/0x30 [ 3767.245506] [ 3767.245883] Allocated by task 117915: [ 3767.246788] kasan_save_stack+0x1e/0x50 [ 3767.247812] __kasan_krealloc+0xed/0x130 [ 3767.248851] krealloc+0x50/0xe0 [ 3767.249690] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 3767.251216] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.252512] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.254115] kthread+0x361/0x420 [ 3767.254971] ret_from_fork+0x1f/0x30 [ 3767.255860] [ 3767.256277] Last potentially related work creation: [ 3767.257525] kasan_save_stack+0x1e/0x50 [ 3767.258436] __kasan_record_aux_stack+0xb2/0xc0 [ 3767.259506] kvfree_call_rcu+0x7d/0x840 [ 3767.260520] drop_sysctl_table+0x338/0x460 [ 3767.261562] unregister_sysctl_table+0x9c/0x180 [ 3767.262740] retire_userns_sysctls+0x58/0x80 [ 3767.263803] free_user_ns+0xd3/0x2c0 [ 3767.264684] process_one_work+0x8c8/0x1590 [ 3767.265769] worker_thread+0x59b/0x1010 [ 3767.266699] kthread+0x361/0x420 [ 3767.267504] ret_from_fork+0x1f/0x30 [ 3767.268455] [ 3767.268879] Second to last potentially related work creation: [ 3767.270389] kasan_save_stack+0x1e/0x50 [ 3767.271410] __kasan_record_aux_stack+0xb2/0xc0 [ 3767.272616] kvfree_call_rcu+0x7d/0x840 [ 3767.275942] drop_sysctl_table+0x338/0x460 [ 3767.276990] unregister_sysctl_table+0x9c/0x180 [ 3767.278163] neigh_sysctl_unregister+0x56/0x80 [ 3767.279319] inetdev_event+0xbf3/0xf40 [ 3767.280310] notifier_call_chain+0x9b/0x180 [ 3767.281417] unregister_netdevice_many+0x56b/0x11a0 [ 3767.282711] default_device_exit_batch+0x2b0/0x370 [ 3767.283973] cleanup_net+0x42b/0x9a0 [ 3767.284932] process_one_work+0x8c8/0x1590 [ 3767.286019] worker_thread+0x59b/0x1010 [ 3767.287047] kthread+0x361/0x420 [ 3767.287912] ret_from_fork+0x1f/0x30 [ 3767.288867] [ 3767.289277] The buggy address belongs to the object at ffff888008881c00 [ 3767.289277] which belongs to the cache kmalloc-256 of size 256 [ 3767.292509] The buggy address is located 240 bytes inside of [ 3767.292509] 256-byte region [ffff888008881c00, ffff888008881d00) [ 3767.295538] The buggy address belongs to the page: [ 3767.296802] page:00000000ae6d7c25 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8881 [ 3767.299186] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.300982] raw: 000fffffc0000200 ffffea0001a9d500 dead000000000003 ffff888001041b40 [ 3767.302993] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3767.304999] page dumped because: kasan: bad access detected [ 3767.306453] [ 3767.306870] Memory state around the buggy address: [ 3767.308129] ffff888008881b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.310013] ffff888008881c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.311899] >ffff888008881c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 3767.313777] ^ [ 3767.315564] ffff888008881d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.317443] ffff888008881d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.319335] ================================================================== [ 3767.322881] ok 10 - krealloc_more_oob [ 3767.327421] ================================================================== [ 3767.330407] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.332688] Write of size 1 at addr ffff88806a7546c9 by task kunit_try_catch/117916 [ 3767.334707] [ 3767.335124] CPU: 0 PID: 117916 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.338803] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.340310] Call Trace: [ 3767.340980] dump_stack_lvl+0x57/0x81 [ 3767.341963] print_address_description.constprop.0+0x1f/0x140 [ 3767.343476] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.345067] __kasan_report.cold+0x7f/0x122 [ 3767.346190] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.347786] kasan_report+0x38/0x50 [ 3767.348718] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.350253] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3767.351558] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.352801] ? lock_acquire+0x228/0x2d0 [ 3767.353828] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.355291] ? do_raw_spin_lock+0x270/0x270 [ 3767.356399] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.357637] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.359247] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.360562] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.361908] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.363067] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.364258] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.365695] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.366898] kthread+0x361/0x420 [ 3767.367673] ? set_kthread_struct+0x110/0x110 [ 3767.368718] ret_from_fork+0x1f/0x30 [ 3767.369573] [ 3767.369952] Allocated by task 117916: [ 3767.370821] kasan_save_stack+0x1e/0x50 [ 3767.371738] __kasan_krealloc+0xed/0x130 [ 3767.372789] krealloc+0x50/0xe0 [ 3767.373615] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3767.375103] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.376253] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.377685] kthread+0x361/0x420 [ 3767.378473] ret_from_fork+0x1f/0x30 [ 3767.379432] [ 3767.379854] The buggy address belongs to the object at ffff88806a754600 [ 3767.379854] which belongs to the cache kmalloc-256 of size 256 [ 3767.382844] The buggy address is located 201 bytes inside of [ 3767.382844] 256-byte region [ffff88806a754600, ffff88806a754700) [ 3767.385570] The buggy address belongs to the page: [ 3767.386712] page:000000000e466ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a754 [ 3767.388888] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.390502] raw: 000fffffc0000200 ffffea0001a1f400 dead000000000002 ffff888001041b40 [ 3767.392316] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3767.394199] page dumped because: kasan: bad access detected [ 3767.395668] [ 3767.396080] Memory state around the buggy address: [ 3767.397264] ffff88806a754580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.398955] ffff88806a754600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.400636] >ffff88806a754680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3767.402326] ^ [ 3767.403631] ffff88806a754700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.405316] ffff88806a754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.407000] ================================================================== [ 3767.408758] ================================================================== [ 3767.410441] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.412453] Write of size 1 at addr ffff88806a7546d0 by task kunit_try_catch/117916 [ 3767.414236] [ 3767.414605] CPU: 0 PID: 117916 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.417948] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.419401] Call Trace: [ 3767.419997] dump_stack_lvl+0x57/0x81 [ 3767.420967] print_address_description.constprop.0+0x1f/0x140 [ 3767.422484] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.424058] __kasan_report.cold+0x7f/0x122 [ 3767.425107] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.426516] kasan_report+0x38/0x50 [ 3767.427353] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.428724] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3767.429944] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.431172] ? lock_acquire+0x228/0x2d0 [ 3767.432087] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.433397] ? do_raw_spin_lock+0x270/0x270 [ 3767.434409] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.435660] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.437117] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.438367] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.439702] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.440885] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.442072] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.443499] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.444709] kthread+0x361/0x420 [ 3767.445476] ? set_kthread_struct+0x110/0x110 [ 3767.446499] ret_from_fork+0x1f/0x30 [ 3767.447360] [ 3767.447735] Allocated by task 117916: [ 3767.448593] kasan_save_stack+0x1e/0x50 [ 3767.449507] __kasan_krealloc+0xed/0x130 [ 3767.450434] krealloc+0x50/0xe0 [ 3767.451185] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3767.452576] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.453868] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.455424] kthread+0x361/0x420 [ 3767.456283] ret_from_fork+0x1f/0x30 [ 3767.457209] [ 3767.457620] The buggy address belongs to the object at ffff88806a754600 [ 3767.457620] which belongs to the cache kmalloc-256 of size 256 [ 3767.460853] The buggy address is located 208 bytes inside of [ 3767.460853] 256-byte region [ffff88806a754600, ffff88806a754700) [ 3767.463902] The buggy address belongs to the page: [ 3767.465169] page:000000000e466ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a754 [ 3767.467587] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.469387] raw: 000fffffc0000200 ffffea0001a1f400 dead000000000002 ffff888001041b40 [ 3767.471409] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3767.473433] page dumped because: kasan: bad access detected [ 3767.474905] [ 3767.475320] Memory state around the buggy address: [ 3767.476587] ffff88806a754580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.478474] ffff88806a754600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.480358] >ffff88806a754680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3767.482239] ^ [ 3767.483772] ffff88806a754700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.485654] ffff88806a754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.487531] ================================================================== [ 3767.489438] ================================================================== [ 3767.491323] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3767.493583] Write of size 1 at addr ffff88806a7546da by task kunit_try_catch/117916 [ 3767.495584] [ 3767.496005] CPU: 0 PID: 117916 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.499662] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.501158] Call Trace: [ 3767.501823] dump_stack_lvl+0x57/0x81 [ 3767.502802] print_address_description.constprop.0+0x1f/0x140 [ 3767.504311] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3767.505886] __kasan_report.cold+0x7f/0x122 [ 3767.506995] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3767.508567] kasan_report+0x38/0x50 [ 3767.509499] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3767.511037] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3767.512349] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.513586] ? lock_acquire+0x228/0x2d0 [ 3767.514610] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.515969] ? do_raw_spin_lock+0x270/0x270 [ 3767.516970] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.518085] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.519517] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.520803] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.522055] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.523208] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.524405] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.525845] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.527160] kthread+0x361/0x420 [ 3767.527999] ? set_kthread_struct+0x110/0x110 [ 3767.529032] ret_from_fork+0x1f/0x30 [ 3767.529897] [ 3767.530268] Allocated by task 117916: [ 3767.531143] kasan_save_stack+0x1e/0x50 [ 3767.532052] __kasan_krealloc+0xed/0x130 [ 3767.532984] krealloc+0x50/0xe0 [ 3767.533740] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3767.535101] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.536250] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.537682] kthread+0x361/0x420 [ 3767.538446] ret_from_fork+0x1f/0x30 [ 3767.539383] [ 3767.539805] The buggy address belongs to the object at ffff88806a754600 [ 3767.539805] which belongs to the cache kmalloc-256 of size 256 [ 3767.542900] The buggy address is located 218 bytes inside of [ 3767.542900] 256-byte region [ffff88806a754600, ffff88806a754700) [ 3767.547718] The buggy address belongs to the page: [ 3767.548854] page:000000000e466ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a754 [ 3767.551010] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.552792] raw: 000fffffc0000200 ffffea0001a1f400 dead000000000002 ffff888001041b40 [ 3767.554599] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3767.556601] page dumped because: kasan: bad access detected [ 3767.558051] [ 3767.558465] Memory state around the buggy address: [ 3767.559684] ffff88806a754580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.561357] ffff88806a754600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.563103] >ffff88806a754680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3767.564925] ^ [ 3767.566479] ffff88806a754700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.568345] ffff88806a754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.570043] ================================================================== [ 3767.571811] ================================================================== [ 3767.573482] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3767.575618] Write of size 1 at addr ffff88806a7546ea by task kunit_try_catch/117916 [ 3767.577448] [ 3767.577825] CPU: 0 PID: 117916 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.581236] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.582567] Call Trace: [ 3767.583172] dump_stack_lvl+0x57/0x81 [ 3767.584044] print_address_description.constprop.0+0x1f/0x140 [ 3767.585384] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3767.586787] __kasan_report.cold+0x7f/0x122 [ 3767.587779] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3767.589180] kasan_report+0x38/0x50 [ 3767.590008] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3767.591363] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3767.592527] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.593641] ? lock_acquire+0x228/0x2d0 [ 3767.594564] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.595880] ? do_raw_spin_lock+0x270/0x270 [ 3767.596866] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.597972] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.599500] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.600809] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.602137] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.603331] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.604504] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.605935] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.607135] kthread+0x361/0x420 [ 3767.607906] ? set_kthread_struct+0x110/0x110 [ 3767.608930] ret_from_fork+0x1f/0x30 [ 3767.609792] [ 3767.610160] Allocated by task 117916: [ 3767.611033] kasan_save_stack+0x1e/0x50 [ 3767.611942] __kasan_krealloc+0xed/0x130 [ 3767.612865] krealloc+0x50/0xe0 [ 3767.613610] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3767.614974] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.616116] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.617534] kthread+0x361/0x420 [ 3767.618302] ret_from_fork+0x1f/0x30 [ 3767.619148] [ 3767.619515] The buggy address belongs to the object at ffff88806a754600 [ 3767.619515] which belongs to the cache kmalloc-256 of size 256 [ 3767.622391] The buggy address is located 234 bytes inside of [ 3767.622391] 256-byte region [ffff88806a754600, ffff88806a754700) [ 3767.625082] The buggy address belongs to the page: [ 3767.626211] page:000000000e466ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a754 [ 3767.628354] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.629953] raw: 000fffffc0000200 ffffea0001a1f400 dead000000000002 ffff888001041b40 [ 3767.631743] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3767.633522] page dumped because: kasan: bad access detected [ 3767.634819] [ 3767.635189] Memory state around the buggy address: [ 3767.636305] ffff88806a754580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.638049] ffff88806a754600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.639897] >ffff88806a754680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3767.641557] ^ [ 3767.643096] ffff88806a754700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.644782] ffff88806a754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.646462] ================================================================== [ 3767.648156] ================================================================== [ 3767.649834] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3767.651999] Write of size 1 at addr ffff88806a7546eb by task kunit_try_catch/117916 [ 3767.653906] [ 3767.654275] CPU: 0 PID: 117916 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.657797] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.659285] Call Trace: [ 3767.659946] dump_stack_lvl+0x57/0x81 [ 3767.660927] print_address_description.constprop.0+0x1f/0x140 [ 3767.662428] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3767.664005] __kasan_report.cold+0x7f/0x122 [ 3767.665108] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3767.666673] kasan_report+0x38/0x50 [ 3767.667590] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3767.669112] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3767.670419] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.671646] ? lock_acquire+0x228/0x2d0 [ 3767.672552] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.673900] ? do_raw_spin_lock+0x270/0x270 [ 3767.674994] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.676170] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.677761] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.679060] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.680395] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.681682] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.682972] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.684386] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.685590] kthread+0x361/0x420 [ 3767.686356] ? set_kthread_struct+0x110/0x110 [ 3767.687381] ret_from_fork+0x1f/0x30 [ 3767.688235] [ 3767.688604] Allocated by task 117916: [ 3767.689526] kasan_save_stack+0x1e/0x50 [ 3767.690531] __kasan_krealloc+0xed/0x130 [ 3767.691452] krealloc+0x50/0xe0 [ 3767.692199] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3767.693557] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.694707] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.696126] kthread+0x361/0x420 [ 3767.696891] ret_from_fork+0x1f/0x30 [ 3767.697737] [ 3767.698105] The buggy address belongs to the object at ffff88806a754600 [ 3767.698105] which belongs to the cache kmalloc-256 of size 256 [ 3767.700988] The buggy address is located 235 bytes inside of [ 3767.700988] 256-byte region [ffff88806a754600, ffff88806a754700) [ 3767.703677] The buggy address belongs to the page: [ 3767.704793] page:000000000e466ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a754 [ 3767.706942] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.708531] raw: 000fffffc0000200 ffffea0001a1f400 dead000000000002 ffff888001041b40 [ 3767.710327] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3767.712126] page dumped because: kasan: bad access detected [ 3767.713420] [ 3767.713791] Memory state around the buggy address: [ 3767.714909] ffff88806a754580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.716570] ffff88806a754600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.718244] >ffff88806a754680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3767.719909] ^ [ 3767.721440] ffff88806a754700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.723106] ffff88806a754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3767.724788] ================================================================== [ 3767.726592] ok 11 - krealloc_less_oob [ 3767.732357] ================================================================== [ 3767.735017] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.737026] Write of size 1 at addr ffff8880104d20eb by task kunit_try_catch/117917 [ 3767.738927] [ 3767.739346] CPU: 0 PID: 117917 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.742762] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.744094] Call Trace: [ 3767.744687] dump_stack_lvl+0x57/0x81 [ 3767.745556] print_address_description.constprop.0+0x1f/0x140 [ 3767.746904] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.748301] __kasan_report.cold+0x7f/0x122 [ 3767.749281] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.750683] kasan_report+0x38/0x50 [ 3767.751506] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3767.752875] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3767.754103] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.755206] ? lock_acquire+0x228/0x2d0 [ 3767.756125] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.757430] ? do_raw_spin_lock+0x270/0x270 [ 3767.758412] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.759517] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.760936] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.762098] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.763284] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.764419] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.765601] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.767021] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.768223] kthread+0x361/0x420 [ 3767.768991] ? set_kthread_struct+0x110/0x110 [ 3767.770016] ret_from_fork+0x1f/0x30 [ 3767.770876] [ 3767.771246] The buggy address belongs to the page: [ 3767.772370] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3767.774522] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3767.776425] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.778026] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3767.779816] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3767.781727] page dumped because: kasan: bad access detected [ 3767.783058] [ 3767.783425] Memory state around the buggy address: [ 3767.784540] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.786215] ffff8880104d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.787879] >ffff8880104d2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 3767.789543] ^ [ 3767.791073] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.792750] ffff8880104d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.794415] ================================================================== [ 3767.796153] ================================================================== [ 3767.797824] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.799830] Write of size 1 at addr ffff8880104d20f0 by task kunit_try_catch/117917 [ 3767.801594] [ 3767.801968] CPU: 0 PID: 117917 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.805221] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.806555] Call Trace: [ 3767.807148] dump_stack_lvl+0x57/0x81 [ 3767.808014] print_address_description.constprop.0+0x1f/0x140 [ 3767.809359] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.810763] __kasan_report.cold+0x7f/0x122 [ 3767.811822] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.813307] kasan_report+0x38/0x50 [ 3767.814176] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3767.815663] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3767.819144] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.820250] ? lock_acquire+0x228/0x2d0 [ 3767.821160] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.822466] ? do_raw_spin_lock+0x270/0x270 [ 3767.823446] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.824554] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.825979] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.827144] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.828333] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.829470] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.830664] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.832088] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.833284] kthread+0x361/0x420 [ 3767.834053] ? set_kthread_struct+0x110/0x110 [ 3767.835080] ret_from_fork+0x1f/0x30 [ 3767.835938] [ 3767.836305] The buggy address belongs to the page: [ 3767.837427] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3767.839575] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3767.841305] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.842905] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3767.844696] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3767.846485] page dumped because: kasan: bad access detected [ 3767.847787] [ 3767.848154] Memory state around the buggy address: [ 3767.849270] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.850937] ffff8880104d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.852796] >ffff8880104d2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 3767.854499] ^ [ 3767.856152] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.858015] ffff8880104d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.859722] ================================================================== [ 3767.861691] ok 12 - krealloc_pagealloc_more_oob [ 3767.867274] ================================================================== [ 3767.870139] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.872161] Write of size 1 at addr ffff8880104d20c9 by task kunit_try_catch/117918 [ 3767.874163] [ 3767.874573] CPU: 0 PID: 117918 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.877878] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.879372] Call Trace: [ 3767.880034] dump_stack_lvl+0x57/0x81 [ 3767.880943] print_address_description.constprop.0+0x1f/0x140 [ 3767.882419] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.883985] __kasan_report.cold+0x7f/0x122 [ 3767.884971] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.886374] kasan_report+0x38/0x50 [ 3767.887200] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3767.888566] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3767.889730] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.890829] ? lock_acquire+0x228/0x2d0 [ 3767.891741] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.893038] ? do_raw_spin_lock+0x270/0x270 [ 3767.894021] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.895125] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.896551] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.897720] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.899010] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.900206] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.901514] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.902983] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.904181] kthread+0x361/0x420 [ 3767.904947] ? set_kthread_struct+0x110/0x110 [ 3767.905971] ret_from_fork+0x1f/0x30 [ 3767.906829] [ 3767.907198] The buggy address belongs to the page: [ 3767.908321] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3767.910466] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3767.912211] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.913806] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3767.915595] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3767.917387] page dumped because: kasan: bad access detected [ 3767.918692] [ 3767.919060] Memory state around the buggy address: [ 3767.920174] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.921847] ffff8880104d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.923509] >ffff8880104d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3767.925177] ^ [ 3767.926477] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.928345] ffff8880104d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.930106] ================================================================== [ 3767.932053] ================================================================== [ 3767.933936] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.936174] Write of size 1 at addr ffff8880104d20d0 by task kunit_try_catch/117918 [ 3767.938112] [ 3767.938526] CPU: 0 PID: 117918 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3767.941975] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3767.943472] Call Trace: [ 3767.944132] dump_stack_lvl+0x57/0x81 [ 3767.945038] print_address_description.constprop.0+0x1f/0x140 [ 3767.946377] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.947905] __kasan_report.cold+0x7f/0x122 [ 3767.949009] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.950484] kasan_report+0x38/0x50 [ 3767.951377] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3767.952890] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3767.954057] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.955284] ? lock_acquire+0x228/0x2d0 [ 3767.956230] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3767.957622] ? do_raw_spin_lock+0x270/0x270 [ 3767.958669] ? rcu_read_lock_sched_held+0x12/0x80 [ 3767.959778] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3767.961193] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3767.962357] ? kunit_add_resource+0x197/0x280 [kunit] [ 3767.963543] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3767.964688] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3767.965867] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3767.967283] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3767.968481] kthread+0x361/0x420 [ 3767.969247] ? set_kthread_struct+0x110/0x110 [ 3767.970275] ret_from_fork+0x1f/0x30 [ 3767.971137] [ 3767.971503] The buggy address belongs to the page: [ 3767.972626] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3767.974779] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3767.976500] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3767.978094] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3767.979892] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3767.981666] page dumped because: kasan: bad access detected [ 3767.982962] [ 3767.983331] Memory state around the buggy address: [ 3767.984450] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.986124] ffff8880104d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3767.987792] >ffff8880104d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3767.989454] ^ [ 3767.990821] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.992487] ffff8880104d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3767.994155] ================================================================== [ 3767.995852] ================================================================== [ 3767.997523] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3767.999546] Write of size 1 at addr ffff8880104d20da by task kunit_try_catch/117918 [ 3768.001318] [ 3768.001719] CPU: 0 PID: 117918 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.005110] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.006441] Call Trace: [ 3768.007030] dump_stack_lvl+0x57/0x81 [ 3768.007895] print_address_description.constprop.0+0x1f/0x140 [ 3768.009230] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3768.010633] __kasan_report.cold+0x7f/0x122 [ 3768.011623] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3768.013014] kasan_report+0x38/0x50 [ 3768.013842] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3768.015198] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3768.016363] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.017467] ? lock_acquire+0x228/0x2d0 [ 3768.018384] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.019689] ? do_raw_spin_lock+0x270/0x270 [ 3768.020670] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.021774] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3768.023221] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.024526] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.025827] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.027105] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.028436] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.029966] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.031170] kthread+0x361/0x420 [ 3768.031934] ? set_kthread_struct+0x110/0x110 [ 3768.032952] ret_from_fork+0x1f/0x30 [ 3768.033809] [ 3768.034175] The buggy address belongs to the page: [ 3768.035295] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3768.037438] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3768.039180] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.040774] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3768.042555] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3768.044481] page dumped because: kasan: bad access detected [ 3768.045802] [ 3768.046172] Memory state around the buggy address: [ 3768.047289] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3768.048959] ffff8880104d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3768.050632] >ffff8880104d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3768.052298] ^ [ 3768.053716] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3768.055385] ffff8880104d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3768.057046] ================================================================== [ 3768.058729] ================================================================== [ 3768.060610] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3768.062795] Write of size 1 at addr ffff8880104d20ea by task kunit_try_catch/117918 [ 3768.064572] [ 3768.064946] CPU: 0 PID: 117918 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.068181] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.069510] Call Trace: [ 3768.070101] dump_stack_lvl+0x57/0x81 [ 3768.070967] print_address_description.constprop.0+0x1f/0x140 [ 3768.072304] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3768.073704] __kasan_report.cold+0x7f/0x122 [ 3768.074689] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3768.076079] kasan_report+0x38/0x50 [ 3768.076901] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3768.078259] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3768.079418] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.080516] ? lock_acquire+0x228/0x2d0 [ 3768.081424] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.082724] ? do_raw_spin_lock+0x270/0x270 [ 3768.083705] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.084808] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3768.086225] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.087396] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.088584] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.096064] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.097244] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.098673] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.099871] kthread+0x361/0x420 [ 3768.100644] ? set_kthread_struct+0x110/0x110 [ 3768.101664] ret_from_fork+0x1f/0x30 [ 3768.102519] [ 3768.102891] The buggy address belongs to the page: [ 3768.104006] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3768.106142] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3768.107875] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.109468] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3768.111481] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3768.113471] page dumped because: kasan: bad access detected [ 3768.114792] [ 3768.115157] Memory state around the buggy address: [ 3768.116272] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3768.117937] ffff8880104d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3768.119602] >ffff8880104d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3768.121272] ^ [ 3768.122809] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3768.124468] ffff8880104d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3768.126139] ================================================================== [ 3768.127840] ================================================================== [ 3768.129513] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3768.131526] Write of size 1 at addr ffff8880104d20eb by task kunit_try_catch/117918 [ 3768.133456] [ 3768.133830] CPU: 0 PID: 117918 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.137082] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.138414] Call Trace: [ 3768.139006] dump_stack_lvl+0x57/0x81 [ 3768.139874] print_address_description.constprop.0+0x1f/0x140 [ 3768.141213] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3768.142616] __kasan_report.cold+0x7f/0x122 [ 3768.143602] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3768.144997] kasan_report+0x38/0x50 [ 3768.145819] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3768.147182] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3768.148345] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.149447] ? lock_acquire+0x228/0x2d0 [ 3768.150361] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.151671] ? do_raw_spin_lock+0x270/0x270 [ 3768.152655] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.153756] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3768.155174] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.156334] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.157513] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.158658] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.159840] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.161249] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.162447] kthread+0x361/0x420 [ 3768.163213] ? set_kthread_struct+0x110/0x110 [ 3768.164236] ret_from_fork+0x1f/0x30 [ 3768.165092] [ 3768.165460] The buggy address belongs to the page: [ 3768.166578] page:00000000e02a0f8e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d0 [ 3768.168725] head:00000000e02a0f8e order:2 compound_mapcount:0 compound_pincount:0 [ 3768.170450] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.172049] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3768.173832] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3768.175620] page dumped because: kasan: bad access detected [ 3768.176910] [ 3768.177277] Memory state around the buggy address: [ 3768.178391] ffff8880104d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3768.180061] ffff8880104d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3768.181726] >ffff8880104d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3768.183385] ^ [ 3768.184913] ffff8880104d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3768.186580] ffff8880104d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3768.188250] ================================================================== [ 3768.190875] ok 13 - krealloc_pagealloc_less_oob [ 3768.195335] ================================================================== [ 3768.198183] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3768.199886] Read of size 1 at addr ffff88806a754800 by task kunit_try_catch/117919 [ 3768.201643] [ 3768.202014] CPU: 0 PID: 117919 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.205532] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.207017] Call Trace: [ 3768.207608] dump_stack_lvl+0x57/0x81 [ 3768.208474] print_address_description.constprop.0+0x1f/0x140 [ 3768.209815] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3768.211114] __kasan_report.cold+0x7f/0x122 [ 3768.212127] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3768.213292] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3768.214481] kasan_report+0x38/0x50 [ 3768.215406] __kasan_check_byte+0x36/0x50 [ 3768.216468] krealloc+0x2e/0xe0 [ 3768.217305] krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3768.218565] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 3768.220132] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.221251] ? lock_acquire+0x228/0x2d0 [ 3768.222173] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.223632] ? do_raw_spin_lock+0x270/0x270 [ 3768.224616] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.225718] ? lock_acquire+0x228/0x2d0 [ 3768.226688] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.227936] ? trace_hardirqs_on+0x1c/0x180 [ 3768.229042] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.230241] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.231432] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.232585] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.233891] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.235438] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.236707] kthread+0x361/0x420 [ 3768.237471] ? set_kthread_struct+0x110/0x110 [ 3768.238494] ret_from_fork+0x1f/0x30 [ 3768.239350] [ 3768.239723] Allocated by task 117919: [ 3768.240589] kasan_save_stack+0x1e/0x50 [ 3768.241491] __kasan_kmalloc+0x81/0xa0 [ 3768.242374] krealloc_uaf+0xaa/0x450 [test_kasan] [ 3768.243473] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.244619] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.246028] kthread+0x361/0x420 [ 3768.246828] ret_from_fork+0x1f/0x30 [ 3768.247671] [ 3768.248070] Freed by task 117919: [ 3768.248957] kasan_save_stack+0x1e/0x50 [ 3768.249861] kasan_set_track+0x21/0x30 [ 3768.250746] kasan_set_free_info+0x20/0x40 [ 3768.251710] __kasan_slab_free+0xec/0x120 [ 3768.252648] slab_free_freelist_hook+0xa3/0x1d0 [ 3768.253792] kfree+0xdc/0x4e0 [ 3768.254584] krealloc_uaf+0x147/0x450 [test_kasan] [ 3768.255702] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.256839] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.258257] kthread+0x361/0x420 [ 3768.259024] ret_from_fork+0x1f/0x30 [ 3768.259872] [ 3768.260236] The buggy address belongs to the object at ffff88806a754800 [ 3768.260236] which belongs to the cache kmalloc-256 of size 256 [ 3768.263111] The buggy address is located 0 bytes inside of [ 3768.263111] 256-byte region [ffff88806a754800, ffff88806a754900) [ 3768.265818] The buggy address belongs to the page: [ 3768.267059] page:000000000e466ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a754 [ 3768.269199] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.270829] raw: 000fffffc0000200 ffffea0001a1f400 dead000000000002 ffff888001041b40 [ 3768.272751] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3768.274536] page dumped because: kasan: bad access detected [ 3768.275834] [ 3768.276202] Memory state around the buggy address: [ 3768.277321] ffff88806a754700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.278994] ffff88806a754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.280667] >ffff88806a754800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3768.282333] ^ [ 3768.283098] ffff88806a754880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3768.284770] ffff88806a754900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.286452] ================================================================== [ 3768.288258] ================================================================== [ 3768.290007] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan] [ 3768.291792] Read of size 1 at addr ffff88806a754800 by task kunit_try_catch/117919 [ 3768.293699] [ 3768.294068] CPU: 0 PID: 117919 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.297477] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.298813] Call Trace: [ 3768.299396] dump_stack_lvl+0x57/0x81 [ 3768.300261] print_address_description.constprop.0+0x1f/0x140 [ 3768.301597] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 3768.302752] __kasan_report.cold+0x7f/0x122 [ 3768.303731] ? __kasan_krealloc+0xf0/0x130 [ 3768.304715] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 3768.306012] kasan_report+0x38/0x50 [ 3768.306844] krealloc_uaf+0x42e/0x450 [test_kasan] [ 3768.307966] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 3768.309457] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.310599] ? lock_acquire+0x228/0x2d0 [ 3768.311612] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.313016] ? do_raw_spin_lock+0x270/0x270 [ 3768.314001] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.315102] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit] [ 3768.316533] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.317693] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.318880] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.320036] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.321300] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.322883] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.324228] kthread+0x361/0x420 [ 3768.325087] ? set_kthread_struct+0x110/0x110 [ 3768.326233] ret_from_fork+0x1f/0x30 [ 3768.327193] [ 3768.327611] Allocated by task 117919: [ 3768.328569] kasan_save_stack+0x1e/0x50 [ 3768.329578] __kasan_kmalloc+0x81/0xa0 [ 3768.330560] krealloc_uaf+0xaa/0x450 [test_kasan] [ 3768.331798] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.333073] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.334665] kthread+0x361/0x420 [ 3768.335515] ret_from_fork+0x1f/0x30 [ 3768.336462] [ 3768.336878] Freed by task 117919: [ 3768.337758] kasan_save_stack+0x1e/0x50 [ 3768.338768] kasan_set_track+0x21/0x30 [ 3768.339757] kasan_set_free_info+0x20/0x40 [ 3768.340835] __kasan_slab_free+0xec/0x120 [ 3768.341885] slab_free_freelist_hook+0xa3/0x1d0 [ 3768.343071] kfree+0xdc/0x4e0 [ 3768.343867] krealloc_uaf+0x147/0x450 [test_kasan] [ 3768.345128] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.346397] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.347957] kthread+0x361/0x420 [ 3768.348723] ret_from_fork+0x1f/0x30 [ 3768.349564] [ 3768.349993] The buggy address belongs to the object at ffff88806a754800 [ 3768.349993] which belongs to the cache kmalloc-256 of size 256 [ 3768.353195] The buggy address is located 0 bytes inside of [ 3768.353195] 256-byte region [ffff88806a754800, ffff88806a754900) [ 3768.356007] The buggy address belongs to the page: [ 3768.357125] page:000000000e466ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a754 [ 3768.359270] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.363221] raw: 000fffffc0000200 ffffea0001a1f400 dead000000000002 ffff888001041b40 [ 3768.365043] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3768.366834] page dumped because: kasan: bad access detected [ 3768.368136] [ 3768.368504] Memory state around the buggy address: [ 3768.369625] ffff88806a754700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.371454] ffff88806a754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.373119] >ffff88806a754800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3768.374945] ^ [ 3768.375705] ffff88806a754880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3768.377529] ffff88806a754900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.379201] ================================================================== [ 3768.382257] ok 14 - krealloc_uaf [ 3768.387286] ================================================================== [ 3768.389856] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3768.391827] Write of size 16 at addr ffff888006237980 by task kunit_try_catch/117920 [ 3768.393616] [ 3768.393991] CPU: 0 PID: 117920 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.397397] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.398747] Call Trace: [ 3768.399335] dump_stack_lvl+0x57/0x81 [ 3768.400206] print_address_description.constprop.0+0x1f/0x140 [ 3768.401546] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3768.402773] __kasan_report.cold+0x7f/0x122 [ 3768.403878] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3768.405151] kasan_report+0x38/0x50 [ 3768.405980] kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3768.407149] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan] [ 3768.408354] ? do_raw_spin_trylock+0xb5/0x180 [ 3768.409389] ? do_raw_spin_lock+0x270/0x270 [ 3768.410376] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.411621] ? lock_acquire+0x228/0x2d0 [ 3768.412555] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.413733] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.415040] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.416199] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.417376] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.418519] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.419700] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.421107] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.422305] kthread+0x361/0x420 [ 3768.423072] ? set_kthread_struct+0x110/0x110 [ 3768.424090] ret_from_fork+0x1f/0x30 [ 3768.424944] [ 3768.425312] Allocated by task 117920: [ 3768.426177] kasan_save_stack+0x1e/0x50 [ 3768.427090] __kasan_kmalloc+0x81/0xa0 [ 3768.427975] kmalloc_oob_16+0xa4/0x3b0 [test_kasan] [ 3768.429113] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.430251] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.431760] kthread+0x361/0x420 [ 3768.432603] ret_from_fork+0x1f/0x30 [ 3768.433441] [ 3768.433814] The buggy address belongs to the object at ffff888006237980 [ 3768.433814] which belongs to the cache kmalloc-16 of size 16 [ 3768.436636] The buggy address is located 0 bytes inside of [ 3768.436636] 16-byte region [ffff888006237980, ffff888006237990) [ 3768.439291] The buggy address belongs to the page: [ 3768.440552] page:000000006c79857a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6237 [ 3768.442698] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.444461] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3768.446258] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3768.448054] page dumped because: kasan: bad access detected [ 3768.449348] [ 3768.449721] Memory state around the buggy address: [ 3768.450836] ffff888006237880: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3768.452505] ffff888006237900: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 3768.454183] >ffff888006237980: 00 05 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3768.455853] ^ [ 3768.456679] ffff888006237a00: fa fb fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 3768.458342] ffff888006237a80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 3768.460015] ================================================================== [ 3768.462351] ok 15 - kmalloc_oob_16 [ 3768.466293] ================================================================== [ 3768.469077] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3768.470834] Read of size 16 at addr ffff8880062375a0 by task kunit_try_catch/117921 [ 3768.472611] [ 3768.472980] CPU: 0 PID: 117921 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.476220] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.477536] Call Trace: [ 3768.478111] dump_stack_lvl+0x57/0x81 [ 3768.478958] print_address_description.constprop.0+0x1f/0x140 [ 3768.480258] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3768.481425] __kasan_report.cold+0x7f/0x122 [ 3768.482402] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3768.483615] kasan_report+0x38/0x50 [ 3768.484431] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3768.485600] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan] [ 3768.486738] ? do_raw_spin_trylock+0xb5/0x180 [ 3768.487768] ? do_raw_spin_lock+0x270/0x270 [ 3768.488749] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.489958] ? lock_acquire+0x228/0x2d0 [ 3768.490907] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.492071] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.493335] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.494468] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.495632] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.496751] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.497934] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.499350] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.500550] kthread+0x361/0x420 [ 3768.501315] ? set_kthread_struct+0x110/0x110 [ 3768.502329] ret_from_fork+0x1f/0x30 [ 3768.503179] [ 3768.503546] Allocated by task 117921: [ 3768.504405] kasan_save_stack+0x1e/0x50 [ 3768.505311] __kasan_kmalloc+0x81/0xa0 [ 3768.506193] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan] [ 3768.507353] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.508489] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.509906] kthread+0x361/0x420 [ 3768.510721] ret_from_fork+0x1f/0x30 [ 3768.511669] [ 3768.512081] Freed by task 117921: [ 3768.512905] kasan_save_stack+0x1e/0x50 [ 3768.513790] kasan_set_track+0x21/0x30 [ 3768.514638] kasan_set_free_info+0x20/0x40 [ 3768.515574] __kasan_slab_free+0xec/0x120 [ 3768.516526] slab_free_freelist_hook+0xa3/0x1d0 [ 3768.517698] kfree+0xdc/0x4e0 [ 3768.518405] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan] [ 3768.519685] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.520946] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.522352] kthread+0x361/0x420 [ 3768.523145] ret_from_fork+0x1f/0x30 [ 3768.524089] [ 3768.524487] The buggy address belongs to the object at ffff8880062375a0 [ 3768.524487] which belongs to the cache kmalloc-16 of size 16 [ 3768.527311] The buggy address is located 0 bytes inside of [ 3768.527311] 16-byte region [ffff8880062375a0, ffff8880062375b0) [ 3768.529946] The buggy address belongs to the page: [ 3768.531061] page:000000006c79857a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6237 [ 3768.533182] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.534879] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3768.536644] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3768.538409] page dumped because: kasan: bad access detected [ 3768.539704] [ 3768.540069] Memory state around the buggy address: [ 3768.541189] ffff888006237480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3768.542856] ffff888006237500: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 3768.544635] >ffff888006237580: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3768.546448] ^ [ 3768.547572] ffff888006237600: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc [ 3768.549313] ffff888006237680: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3768.550936] ================================================================== [ 3768.553128] ok 16 - kmalloc_uaf_16 [ 3768.557304] ================================================================== [ 3768.560064] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3768.562237] Write of size 128 at addr ffff888066c90600 by task kunit_try_catch/117922 [ 3768.564250] [ 3768.564666] CPU: 0 PID: 117922 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.568122] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.569613] Call Trace: [ 3768.570256] dump_stack_lvl+0x57/0x81 [ 3768.571214] print_address_description.constprop.0+0x1f/0x140 [ 3768.572647] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3768.573952] __kasan_report.cold+0x7f/0x122 [ 3768.574942] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3768.576282] kasan_report+0x38/0x50 [ 3768.577112] kasan_check_range+0xfd/0x1e0 [ 3768.578173] memset+0x20/0x50 [ 3768.578960] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3768.580413] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan] [ 3768.581894] ? do_raw_spin_trylock+0xb5/0x180 [ 3768.583035] ? do_raw_spin_lock+0x270/0x270 [ 3768.584138] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.585299] ? lock_acquire+0x228/0x2d0 [ 3768.586316] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.587621] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.589088] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.590364] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.591683] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.592961] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.594285] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.595871] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.597214] kthread+0x361/0x420 [ 3768.598074] ? set_kthread_struct+0x110/0x110 [ 3768.599095] ret_from_fork+0x1f/0x30 [ 3768.600025] [ 3768.600435] Allocated by task 117922: [ 3768.601350] kasan_save_stack+0x1e/0x50 [ 3768.602261] __kasan_kmalloc+0x81/0xa0 [ 3768.603238] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan] [ 3768.604678] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.605956] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.607470] kthread+0x361/0x420 [ 3768.608346] ret_from_fork+0x1f/0x30 [ 3768.609319] [ 3768.609736] The buggy address belongs to the object at ffff888066c90600 [ 3768.609736] which belongs to the cache kmalloc-128 of size 128 [ 3768.612715] The buggy address is located 0 bytes inside of [ 3768.612715] 128-byte region [ffff888066c90600, ffff888066c90680) [ 3768.615608] The buggy address belongs to the page: [ 3768.616769] page:00000000381dcbdd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x66c90 [ 3768.618901] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.620493] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8880010418c0 [ 3768.622394] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3768.624228] page dumped because: kasan: bad access detected [ 3768.625522] [ 3768.625899] Memory state around the buggy address: [ 3768.627108] ffff888066c90500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.628878] ffff888066c90580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.630557] >ffff888066c90600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.632388] ^ [ 3768.634054] ffff888066c90680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.635721] ffff888066c90700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.637386] ================================================================== [ 3768.639454] ok 17 - kmalloc_oob_in_memset [ 3768.643328] ================================================================== [ 3768.646236] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3768.648176] Write of size 2 at addr ffff88807c502377 by task kunit_try_catch/117923 [ 3768.649945] [ 3768.650321] CPU: 0 PID: 117923 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.653579] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.654917] Call Trace: [ 3768.655597] dump_stack_lvl+0x57/0x81 [ 3768.656527] print_address_description.constprop.0+0x1f/0x140 [ 3768.657874] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3768.659195] __kasan_report.cold+0x7f/0x122 [ 3768.660185] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3768.661604] kasan_report+0x38/0x50 [ 3768.662527] kasan_check_range+0xfd/0x1e0 [ 3768.663590] memset+0x20/0x50 [ 3768.664380] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3768.665813] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan] [ 3768.667285] ? do_raw_spin_trylock+0xb5/0x180 [ 3768.668434] ? do_raw_spin_lock+0x270/0x270 [ 3768.669532] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.670772] ? lock_acquire+0x228/0x2d0 [ 3768.671787] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.673091] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.674554] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.675859] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.677188] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.678471] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.679803] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.681390] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.682743] kthread+0x361/0x420 [ 3768.683603] ? set_kthread_struct+0x110/0x110 [ 3768.684753] ret_from_fork+0x1f/0x30 [ 3768.685716] [ 3768.686127] Allocated by task 117923: [ 3768.687092] kasan_save_stack+0x1e/0x50 [ 3768.688108] __kasan_kmalloc+0x81/0xa0 [ 3768.689096] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan] [ 3768.690508] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.691792] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.693378] kthread+0x361/0x420 [ 3768.694245] ret_from_fork+0x1f/0x30 [ 3768.695189] [ 3768.695607] Last potentially related work creation: [ 3768.696874] kasan_save_stack+0x1e/0x50 [ 3768.697888] __kasan_record_aux_stack+0xb2/0xc0 [ 3768.699078] insert_work+0x47/0x310 [ 3768.700004] __queue_work+0x4dd/0xd60 [ 3768.700969] rcu_work_rcufn+0x42/0x70 [ 3768.701940] rcu_do_batch+0x3c2/0xdc0 [ 3768.702907] rcu_core+0x3de/0x5a0 [ 3768.703791] __do_softirq+0x2d0/0x9a8 [ 3768.704759] [ 3768.705151] Second to last potentially related work creation: [ 3768.706614] kasan_save_stack+0x1e/0x50 [ 3768.707557] __kasan_record_aux_stack+0xb2/0xc0 [ 3768.708620] call_rcu+0xee/0x890 [ 3768.709478] queue_rcu_work+0x5a/0x70 [ 3768.710448] writeback_sb_inodes+0x373/0xd00 [ 3768.711577] __writeback_inodes_wb+0xb7/0x210 [ 3768.712718] wb_writeback+0x686/0xa10 [ 3768.713685] wb_do_writeback+0x539/0x8a0 [ 3768.714717] wb_workfn+0x16a/0x700 [ 3768.715620] process_one_work+0x8c8/0x1590 [ 3768.716655] worker_thread+0x59b/0x1010 [ 3768.717558] kthread+0x361/0x420 [ 3768.718321] ret_from_fork+0x1f/0x30 [ 3768.719225] [ 3768.719595] The buggy address belongs to the object at ffff88807c502300 [ 3768.719595] which belongs to the cache kmalloc-128 of size 128 [ 3768.722465] The buggy address is located 119 bytes inside of [ 3768.722465] 128-byte region [ffff88807c502300, ffff88807c502380) [ 3768.725220] The buggy address belongs to the page: [ 3768.726338] page:0000000094cb0926 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c502 [ 3768.728589] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.730209] raw: 000fffffc0000200 ffffea0001f1e580 dead000000000004 ffff8880010418c0 [ 3768.732044] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3768.733832] page dumped because: kasan: bad access detected [ 3768.735131] [ 3768.735498] Memory state around the buggy address: [ 3768.736624] ffff88807c502200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3768.738293] ffff88807c502280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.739977] >ffff88807c502300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.741654] ^ [ 3768.743301] ffff88807c502380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.744972] ffff88807c502400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.746642] ================================================================== [ 3768.749179] ok 18 - kmalloc_oob_memset_2 [ 3768.753197] ================================================================== [ 3768.755915] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3768.757859] Write of size 4 at addr ffff88807c502675 by task kunit_try_catch/117924 [ 3768.759653] [ 3768.760020] CPU: 0 PID: 117924 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.763291] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.764638] Call Trace: [ 3768.765229] dump_stack_lvl+0x57/0x81 [ 3768.766104] print_address_description.constprop.0+0x1f/0x140 [ 3768.767446] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3768.768776] __kasan_report.cold+0x7f/0x122 [ 3768.769763] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3768.771082] kasan_report+0x38/0x50 [ 3768.771912] kasan_check_range+0xfd/0x1e0 [ 3768.772863] memset+0x20/0x50 [ 3768.773577] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3768.774866] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan] [ 3768.776189] ? do_raw_spin_trylock+0xb5/0x180 [ 3768.777222] ? do_raw_spin_lock+0x270/0x270 [ 3768.778209] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.779317] ? lock_acquire+0x228/0x2d0 [ 3768.780233] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.781402] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.782784] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.784057] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.785383] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.786569] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.787760] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.789199] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.790413] kthread+0x361/0x420 [ 3768.791190] ? set_kthread_struct+0x110/0x110 [ 3768.792223] ret_from_fork+0x1f/0x30 [ 3768.793082] [ 3768.793452] Allocated by task 117924: [ 3768.794324] kasan_save_stack+0x1e/0x50 [ 3768.795230] __kasan_kmalloc+0x81/0xa0 [ 3768.796115] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan] [ 3768.797380] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.798524] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.799945] kthread+0x361/0x420 [ 3768.800714] ret_from_fork+0x1f/0x30 [ 3768.801565] [ 3768.801932] Last potentially related work creation: [ 3768.803063] kasan_save_stack+0x1e/0x50 [ 3768.803967] __kasan_record_aux_stack+0xb2/0xc0 [ 3768.805025] insert_work+0x47/0x310 [ 3768.805851] __queue_work+0x4dd/0xd60 [ 3768.806717] rcu_work_rcufn+0x42/0x70 [ 3768.807583] rcu_do_batch+0x3c2/0xdc0 [ 3768.808442] rcu_core+0x3de/0x5a0 [ 3768.809230] __do_softirq+0x2d0/0x9a8 [ 3768.810104] [ 3768.810474] Second to last potentially related work creation: [ 3768.811818] kasan_save_stack+0x1e/0x50 [ 3768.812727] __kasan_record_aux_stack+0xb2/0xc0 [ 3768.813788] call_rcu+0xee/0x890 [ 3768.814557] queue_rcu_work+0x5a/0x70 [ 3768.815418] writeback_sb_inodes+0x373/0xd00 [ 3768.816547] __writeback_inodes_wb+0xb7/0x210 [ 3768.817621] wb_writeback+0x686/0xa10 [ 3768.818540] wb_do_writeback+0x539/0x8a0 [ 3768.819575] wb_workfn+0x16a/0x700 [ 3768.820472] process_one_work+0x8c8/0x1590 [ 3768.821553] worker_thread+0x59b/0x1010 [ 3768.822560] kthread+0x361/0x420 [ 3768.823411] ret_from_fork+0x1f/0x30 [ 3768.824331] [ 3768.824711] The buggy address belongs to the object at ffff88807c502600 [ 3768.824711] which belongs to the cache kmalloc-128 of size 128 [ 3768.827905] The buggy address is located 117 bytes inside of [ 3768.827905] 128-byte region [ffff88807c502600, ffff88807c502680) [ 3768.830926] The buggy address belongs to the page: [ 3768.832183] page:0000000094cb0926 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c502 [ 3768.834591] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.836232] raw: 000fffffc0000200 ffffea0001f1e580 dead000000000004 ffff8880010418c0 [ 3768.838028] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3768.839867] page dumped because: kasan: bad access detected [ 3768.841253] [ 3768.841673] Memory state around the buggy address: [ 3768.842826] ffff88807c502500: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 3768.844492] ffff88807c502580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.846171] >ffff88807c502600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.847844] ^ [ 3768.849562] ffff88807c502680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.851330] ffff88807c502700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.853001] ================================================================== [ 3768.855100] ok 19 - kmalloc_oob_memset_4 [ 3768.859223] ================================================================== [ 3768.861944] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3768.863937] Write of size 8 at addr ffff88807c796b71 by task kunit_try_catch/117925 [ 3768.865906] [ 3768.866275] CPU: 0 PID: 117925 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.869522] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.870942] Call Trace: [ 3768.871525] dump_stack_lvl+0x57/0x81 [ 3768.872395] print_address_description.constprop.0+0x1f/0x140 [ 3768.873741] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3768.875062] __kasan_report.cold+0x7f/0x122 [ 3768.876052] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3768.877375] kasan_report+0x38/0x50 [ 3768.878207] kasan_check_range+0xfd/0x1e0 [ 3768.879153] memset+0x20/0x50 [ 3768.879865] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3768.881255] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan] [ 3768.882758] ? do_raw_spin_trylock+0xb5/0x180 [ 3768.883908] ? do_raw_spin_lock+0x270/0x270 [ 3768.887346] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.888587] ? lock_acquire+0x228/0x2d0 [ 3768.889489] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.890659] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.891970] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.893268] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.894587] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.895729] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.897051] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.898644] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.899987] kthread+0x361/0x420 [ 3768.900849] ? set_kthread_struct+0x110/0x110 [ 3768.901972] ret_from_fork+0x1f/0x30 [ 3768.902827] [ 3768.903196] Allocated by task 117925: [ 3768.904061] kasan_save_stack+0x1e/0x50 [ 3768.904967] __kasan_kmalloc+0x81/0xa0 [ 3768.905847] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan] [ 3768.907102] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.908384] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.909830] kthread+0x361/0x420 [ 3768.910602] ret_from_fork+0x1f/0x30 [ 3768.911445] [ 3768.911824] The buggy address belongs to the object at ffff88807c796b00 [ 3768.911824] which belongs to the cache kmalloc-128 of size 128 [ 3768.914920] The buggy address is located 113 bytes inside of [ 3768.914920] 128-byte region [ffff88807c796b00, ffff88807c796b80) [ 3768.917722] The buggy address belongs to the page: [ 3768.918842] page:0000000046400a97 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c796 [ 3768.920978] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3768.922581] raw: 000fffffc0000200 ffffea0001fee040 dead000000000003 ffff8880010418c0 [ 3768.924396] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3768.926401] page dumped because: kasan: bad access detected [ 3768.927858] [ 3768.928272] Memory state around the buggy address: [ 3768.929522] ffff88807c796a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3768.931398] ffff88807c796a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.933179] >ffff88807c796b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.935002] ^ [ 3768.936701] ffff88807c796b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3768.938573] ffff88807c796c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3768.940393] ================================================================== [ 3768.943051] ok 20 - kmalloc_oob_memset_8 [ 3768.947221] ================================================================== [ 3768.950043] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3768.952006] Write of size 16 at addr ffff88807c796e69 by task kunit_try_catch/117926 [ 3768.953808] [ 3768.954176] CPU: 0 PID: 117926 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3768.957440] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3768.958901] Call Trace: [ 3768.959491] dump_stack_lvl+0x57/0x81 [ 3768.960370] print_address_description.constprop.0+0x1f/0x140 [ 3768.961857] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3768.963295] __kasan_report.cold+0x7f/0x122 [ 3768.964379] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3768.965729] kasan_report+0x38/0x50 [ 3768.966558] kasan_check_range+0xfd/0x1e0 [ 3768.967503] memset+0x20/0x50 [ 3768.968218] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3768.969519] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan] [ 3768.970806] ? do_raw_spin_trylock+0xb5/0x180 [ 3768.971832] ? do_raw_spin_lock+0x270/0x270 [ 3768.972817] ? rcu_read_lock_sched_held+0x12/0x80 [ 3768.973921] ? lock_acquire+0x228/0x2d0 [ 3768.974823] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3768.975991] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3768.977291] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3768.978460] ? kunit_add_resource+0x197/0x280 [kunit] [ 3768.979666] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.980815] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3768.982003] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.983583] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3768.984936] kthread+0x361/0x420 [ 3768.985799] ? set_kthread_struct+0x110/0x110 [ 3768.986946] ret_from_fork+0x1f/0x30 [ 3768.987905] [ 3768.988321] Allocated by task 117926: [ 3768.989292] kasan_save_stack+0x1e/0x50 [ 3768.990304] __kasan_kmalloc+0x81/0xa0 [ 3768.991300] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan] [ 3768.992747] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3768.993890] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3768.995313] kthread+0x361/0x420 [ 3768.996081] ret_from_fork+0x1f/0x30 [ 3768.996928] [ 3768.997296] The buggy address belongs to the object at ffff88807c796e00 [ 3768.997296] which belongs to the cache kmalloc-128 of size 128 [ 3769.000175] The buggy address is located 105 bytes inside of [ 3769.000175] 128-byte region [ffff88807c796e00, ffff88807c796e80) [ 3769.002924] The buggy address belongs to the page: [ 3769.004177] page:0000000046400a97 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c796 [ 3769.006586] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3769.008385] raw: 000fffffc0000200 ffffea0001fee040 dead000000000003 ffff8880010418c0 [ 3769.010387] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3769.012394] page dumped because: kasan: bad access detected [ 3769.013841] [ 3769.014250] Memory state around the buggy address: [ 3769.015504] ffff88807c796d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3769.017340] ffff88807c796d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3769.019216] >ffff88807c796e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3769.021091] ^ [ 3769.022944] ffff88807c796e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3769.024817] ffff88807c796f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3769.026549] ================================================================== [ 3769.028880] ok 21 - kmalloc_oob_memset_16 [ 3769.036192] ================================================================== [ 3769.039088] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3769.041354] Read of size 18446744073709551614 at addr ffff8880794a0804 by task kunit_try_catch/117927 [ 3769.043748] [ 3769.044117] CPU: 0 PID: 117927 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3769.047365] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3769.048750] Call Trace: [ 3769.049408] dump_stack_lvl+0x57/0x81 [ 3769.050338] print_address_description.constprop.0+0x1f/0x140 [ 3769.051807] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3769.053460] __kasan_report.cold+0x7f/0x122 [ 3769.054575] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3769.056257] kasan_report+0x38/0x50 [ 3769.057187] kasan_check_range+0xfd/0x1e0 [ 3769.058246] memmove+0x20/0x60 [ 3769.059066] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3769.060589] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan] [ 3769.062241] ? do_raw_spin_trylock+0xb5/0x180 [ 3769.063396] ? do_raw_spin_lock+0x270/0x270 [ 3769.064494] ? rcu_read_lock_sched_held+0x12/0x80 [ 3769.065735] ? lock_acquire+0x228/0x2d0 [ 3769.066695] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3769.067873] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3769.069177] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3769.070339] ? kunit_add_resource+0x197/0x280 [kunit] [ 3769.071529] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.072674] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3769.073865] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.075281] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3769.076488] kthread+0x361/0x420 [ 3769.077261] ? set_kthread_struct+0x110/0x110 [ 3769.078283] ret_from_fork+0x1f/0x30 [ 3769.079145] [ 3769.079522] Allocated by task 117927: [ 3769.080385] kasan_save_stack+0x1e/0x50 [ 3769.081296] __kasan_kmalloc+0x81/0xa0 [ 3769.082182] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan] [ 3769.083636] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.084789] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.086211] kthread+0x361/0x420 [ 3769.086979] ret_from_fork+0x1f/0x30 [ 3769.087826] [ 3769.088195] The buggy address belongs to the object at ffff8880794a0800 [ 3769.088195] which belongs to the cache kmalloc-64 of size 64 [ 3769.091210] The buggy address is located 4 bytes inside of [ 3769.091210] 64-byte region [ffff8880794a0800, ffff8880794a0840) [ 3769.093856] The buggy address belongs to the page: [ 3769.095036] page:00000000607c5d5c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x794a0 [ 3769.097311] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3769.098909] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888001041640 [ 3769.100697] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3769.102487] page dumped because: kasan: bad access detected [ 3769.103781] [ 3769.104148] Memory state around the buggy address: [ 3769.105269] ffff8880794a0700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.106945] ffff8880794a0780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.108608] >ffff8880794a0800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.110272] ^ [ 3769.111038] ffff8880794a0880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.112811] ffff8880794a0900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.114683] ================================================================== [ 3769.116893] ok 22 - kmalloc_memmove_negative_size [ 3769.121224] ================================================================== [ 3769.124461] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3769.126815] Read of size 64 at addr ffff8880794a0384 by task kunit_try_catch/117928 [ 3769.128801] [ 3769.129217] CPU: 0 PID: 117928 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3769.132874] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3769.134384] Call Trace: [ 3769.135056] dump_stack_lvl+0x57/0x81 [ 3769.136030] print_address_description.constprop.0+0x1f/0x140 [ 3769.137539] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3769.139194] __kasan_report.cold+0x7f/0x122 [ 3769.140303] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3769.141973] kasan_report+0x38/0x50 [ 3769.142902] kasan_check_range+0xfd/0x1e0 [ 3769.143962] memmove+0x20/0x60 [ 3769.144780] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3769.146388] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan] [ 3769.147868] ? do_raw_spin_trylock+0xb5/0x180 [ 3769.149021] ? do_raw_spin_lock+0x270/0x270 [ 3769.150089] ? rcu_read_lock_sched_held+0x12/0x80 [ 3769.151328] ? lock_acquire+0x228/0x2d0 [ 3769.152341] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3769.153657] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3769.155118] ? kunit_add_resource+0x197/0x280 [kunit] [ 3769.156449] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.157741] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3769.159063] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.160656] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3769.162007] kthread+0x361/0x420 [ 3769.162868] ? set_kthread_struct+0x110/0x110 [ 3769.164021] ret_from_fork+0x1f/0x30 [ 3769.164990] [ 3769.165405] Allocated by task 117928: [ 3769.166374] kasan_save_stack+0x1e/0x50 [ 3769.167389] __kasan_kmalloc+0x81/0xa0 [ 3769.168376] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan] [ 3769.169970] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.171253] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.172850] kthread+0x361/0x420 [ 3769.173711] ret_from_fork+0x1f/0x30 [ 3769.174661] [ 3769.175075] The buggy address belongs to the object at ffff8880794a0380 [ 3769.175075] which belongs to the cache kmalloc-64 of size 64 [ 3769.178256] The buggy address is located 4 bytes inside of [ 3769.178256] 64-byte region [ffff8880794a0380, ffff8880794a03c0) [ 3769.181218] The buggy address belongs to the page: [ 3769.182472] page:00000000607c5d5c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x794a0 [ 3769.184878] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3769.186676] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888001041640 [ 3769.188703] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3769.190709] page dumped because: kasan: bad access detected [ 3769.192165] [ 3769.192587] Memory state around the buggy address: [ 3769.193842] ffff8880794a0280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.195712] ffff8880794a0300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.197588] >ffff8880794a0380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.199473] ^ [ 3769.200860] ffff8880794a0400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.202739] ffff8880794a0480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.204611] ================================================================== [ 3769.206905] ok 23 - kmalloc_memmove_invalid_size [ 3769.211329] ================================================================== [ 3769.214218] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3769.215955] Read of size 1 at addr ffff8880062373c8 by task kunit_try_catch/117929 [ 3769.217919] [ 3769.218332] CPU: 0 PID: 117929 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3769.221971] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3769.225757] Call Trace: [ 3769.226383] dump_stack_lvl+0x57/0x81 [ 3769.227358] print_address_description.constprop.0+0x1f/0x140 [ 3769.228868] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3769.230160] __kasan_report.cold+0x7f/0x122 [ 3769.231267] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3769.232411] kasan_report+0x38/0x50 [ 3769.233240] kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3769.234340] ? kmalloc_uaf2+0x430/0x430 [test_kasan] [ 3769.235511] ? do_raw_spin_trylock+0xb5/0x180 [ 3769.236539] ? do_raw_spin_lock+0x270/0x270 [ 3769.237523] ? rcu_read_lock_sched_held+0x12/0x80 [ 3769.238630] ? lock_acquire+0x228/0x2d0 [ 3769.239540] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3769.240709] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3769.242013] ? kunit_add_resource+0x197/0x280 [kunit] [ 3769.243205] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.244348] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3769.245539] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.246955] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3769.248155] kthread+0x361/0x420 [ 3769.248920] ? set_kthread_struct+0x110/0x110 [ 3769.249955] ret_from_fork+0x1f/0x30 [ 3769.250816] [ 3769.251203] Allocated by task 117929: [ 3769.252078] kasan_save_stack+0x1e/0x50 [ 3769.252987] __kasan_kmalloc+0x81/0xa0 [ 3769.253880] kmalloc_uaf+0x98/0x2b0 [test_kasan] [ 3769.255035] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.256316] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.257906] kthread+0x361/0x420 [ 3769.258766] ret_from_fork+0x1f/0x30 [ 3769.259714] [ 3769.260131] Freed by task 117929: [ 3769.261011] kasan_save_stack+0x1e/0x50 [ 3769.261963] kasan_set_track+0x21/0x30 [ 3769.262845] kasan_set_free_info+0x20/0x40 [ 3769.263811] __kasan_slab_free+0xec/0x120 [ 3769.264757] slab_free_freelist_hook+0xa3/0x1d0 [ 3769.265937] kfree+0xdc/0x4e0 [ 3769.266713] kmalloc_uaf+0x12b/0x2b0 [test_kasan] [ 3769.267812] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.268951] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.270370] kthread+0x361/0x420 [ 3769.271138] ret_from_fork+0x1f/0x30 [ 3769.271989] [ 3769.272354] The buggy address belongs to the object at ffff8880062373c0 [ 3769.272354] which belongs to the cache kmalloc-16 of size 16 [ 3769.275187] The buggy address is located 8 bytes inside of [ 3769.275187] 16-byte region [ffff8880062373c0, ffff8880062373d0) [ 3769.277827] The buggy address belongs to the page: [ 3769.278963] page:000000006c79857a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6237 [ 3769.281095] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3769.282699] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3769.284619] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3769.286621] page dumped because: kasan: bad access detected [ 3769.288075] [ 3769.288490] Memory state around the buggy address: [ 3769.289747] ffff888006237280: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 3769.291605] ffff888006237300: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3769.293472] >ffff888006237380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3769.295340] ^ [ 3769.296799] ffff888006237400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3769.298664] ffff888006237480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3769.300537] ================================================================== [ 3769.303278] ok 24 - kmalloc_uaf [ 3769.307282] ================================================================== [ 3769.310006] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3769.311883] Write of size 33 at addr ffff8880794a0980 by task kunit_try_catch/117930 [ 3769.313884] [ 3769.314256] CPU: 0 PID: 117930 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3769.317730] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3769.319192] Call Trace: [ 3769.319787] dump_stack_lvl+0x57/0x81 [ 3769.320705] print_address_description.constprop.0+0x1f/0x140 [ 3769.322171] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3769.323462] __kasan_report.cold+0x7f/0x122 [ 3769.324454] ? kmalloc_uaf_memset+0xf1/0x280 [test_kasan] [ 3769.325774] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3769.327184] kasan_report+0x38/0x50 [ 3769.328016] kasan_check_range+0xfd/0x1e0 [ 3769.328964] memset+0x20/0x50 [ 3769.329756] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3769.331091] ? kmem_cache_accounted+0x170/0x170 [test_kasan] [ 3769.332414] ? do_raw_spin_trylock+0xb5/0x180 [ 3769.333569] ? do_raw_spin_lock+0x270/0x270 [ 3769.334666] ? rcu_read_lock_sched_held+0x12/0x80 [ 3769.335907] ? lock_acquire+0x228/0x2d0 [ 3769.336921] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3769.338215] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3769.339527] ? kunit_add_resource+0x197/0x280 [kunit] [ 3769.340713] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.341860] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3769.343041] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.344465] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3769.345817] kthread+0x361/0x420 [ 3769.346671] ? set_kthread_struct+0x110/0x110 [ 3769.347821] ret_from_fork+0x1f/0x30 [ 3769.348782] [ 3769.349195] Allocated by task 117930: [ 3769.350165] kasan_save_stack+0x1e/0x50 [ 3769.351180] __kasan_kmalloc+0x81/0xa0 [ 3769.352175] kmalloc_uaf_memset+0x9a/0x280 [test_kasan] [ 3769.353551] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.354827] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.356416] kthread+0x361/0x420 [ 3769.357277] ret_from_fork+0x1f/0x30 [ 3769.358224] [ 3769.358640] Freed by task 117930: [ 3769.359525] kasan_save_stack+0x1e/0x50 [ 3769.360542] kasan_set_track+0x21/0x30 [ 3769.361535] kasan_set_free_info+0x20/0x40 [ 3769.362614] __kasan_slab_free+0xec/0x120 [ 3769.363620] slab_free_freelist_hook+0xa3/0x1d0 [ 3769.364809] kfree+0xdc/0x4e0 [ 3769.365548] kmalloc_uaf_memset+0x137/0x280 [test_kasan] [ 3769.366945] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.368219] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.369816] kthread+0x361/0x420 [ 3769.370676] ret_from_fork+0x1f/0x30 [ 3769.371626] [ 3769.372038] The buggy address belongs to the object at ffff8880794a0980 [ 3769.372038] which belongs to the cache kmalloc-64 of size 64 [ 3769.375228] The buggy address is located 0 bytes inside of [ 3769.375228] 64-byte region [ffff8880794a0980, ffff8880794a09c0) [ 3769.378191] The buggy address belongs to the page: [ 3769.379444] page:00000000607c5d5c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x794a0 [ 3769.381861] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3769.383649] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888001041640 [ 3769.385649] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3769.387658] page dumped because: kasan: bad access detected [ 3769.389104] [ 3769.389522] Memory state around the buggy address: [ 3769.390781] ffff8880794a0880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.392499] ffff8880794a0900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.394169] >ffff8880794a0980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.395842] ^ [ 3769.396682] ffff8880794a0a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.398580] ffff8880794a0a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3769.400456] ================================================================== [ 3769.404815] ok 25 - kmalloc_uaf_memset [ 3769.414543] ================================================================== [ 3769.417563] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3769.419446] Read of size 1 at addr ffff888019648928 by task kunit_try_catch/117931 [ 3769.421358] [ 3769.421732] CPU: 0 PID: 117931 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3769.424980] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3769.426308] Call Trace: [ 3769.426929] dump_stack_lvl+0x57/0x81 [ 3769.427911] print_address_description.constprop.0+0x1f/0x140 [ 3769.429282] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3769.430440] __kasan_report.cold+0x7f/0x122 [ 3769.431426] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3769.432653] kasan_report+0x38/0x50 [ 3769.433581] kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3769.434836] ? kfree_via_page+0x290/0x290 [test_kasan] [ 3769.436183] ? rcu_read_lock_sched_held+0x12/0x80 [ 3769.437417] ? lock_acquire+0x228/0x2d0 [ 3769.438437] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3769.439898] ? do_raw_spin_lock+0x270/0x270 [ 3769.441008] ? rcu_read_lock_sched_held+0x12/0x80 [ 3769.442243] ? lock_acquire+0x228/0x2d0 [ 3769.443255] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3769.444564] ? trace_hardirqs_on+0x1c/0x180 [ 3769.445666] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3769.446951] ? kunit_add_resource+0x197/0x280 [kunit] [ 3769.448136] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.449280] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3769.450511] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.452100] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3769.453447] kthread+0x361/0x420 [ 3769.454316] ? set_kthread_struct+0x110/0x110 [ 3769.455439] ret_from_fork+0x1f/0x30 [ 3769.456294] [ 3769.456669] Allocated by task 117931: [ 3769.457536] kasan_save_stack+0x1e/0x50 [ 3769.458552] __kasan_kmalloc+0x81/0xa0 [ 3769.459496] kmalloc_uaf2+0xad/0x430 [test_kasan] [ 3769.460600] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.461740] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.463157] kthread+0x361/0x420 [ 3769.463922] ret_from_fork+0x1f/0x30 [ 3769.464775] [ 3769.465143] Freed by task 117931: [ 3769.465927] kasan_save_stack+0x1e/0x50 [ 3769.466828] kasan_set_track+0x21/0x30 [ 3769.467710] kasan_set_free_info+0x20/0x40 [ 3769.468671] __kasan_slab_free+0xec/0x120 [ 3769.469713] slab_free_freelist_hook+0xa3/0x1d0 [ 3769.470842] kfree+0xdc/0x4e0 [ 3769.471550] kmalloc_uaf2+0x144/0x430 [test_kasan] [ 3769.472788] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.474065] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.475532] kthread+0x361/0x420 [ 3769.476299] ret_from_fork+0x1f/0x30 [ 3769.477247] [ 3769.477666] The buggy address belongs to the object at ffff888019648900 [ 3769.477666] which belongs to the cache kmalloc-64 of size 64 [ 3769.480531] The buggy address is located 40 bytes inside of [ 3769.480531] 64-byte region [ffff888019648900, ffff888019648940) [ 3769.483199] The buggy address belongs to the page: [ 3769.484467] page:00000000e3d4c917 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19648 [ 3769.486868] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3769.488655] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888001041640 [ 3769.490657] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3769.492653] page dumped because: kasan: bad access detected [ 3769.494098] [ 3769.494517] Memory state around the buggy address: [ 3769.495765] ffff888019648800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.497634] ffff888019648880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.499506] >ffff888019648900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.501365] ^ [ 3769.502554] ffff888019648980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.504424] ffff888019648a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3769.506293] ================================================================== [ 3769.508496] ok 26 - kmalloc_uaf2 [ 3769.512251] ok 27 - kfree_via_page [ 3769.517157] ok 28 - kfree_via_phys [ 3769.519556] ================================================================== [ 3769.522263] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3769.524281] Read of size 1 at addr ffff88807c6670c8 by task kunit_try_catch/117934 [ 3769.526090] [ 3769.526460] CPU: 0 PID: 117934 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3769.529885] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3769.531276] Call Trace: [ 3769.531943] dump_stack_lvl+0x57/0x81 [ 3769.532854] print_address_description.constprop.0+0x1f/0x140 [ 3769.534299] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3769.535646] __kasan_report.cold+0x7f/0x122 [ 3769.536752] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3769.538097] kasan_report+0x38/0x50 [ 3769.539023] kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3769.540325] ? kmem_cache_double_free+0x280/0x280 [test_kasan] [ 3769.541854] ? do_raw_spin_trylock+0xb5/0x180 [ 3769.542998] ? do_raw_spin_lock+0x270/0x270 [ 3769.544065] ? rcu_read_lock_sched_held+0x12/0x80 [ 3769.545170] ? lock_acquire+0x228/0x2d0 [ 3769.546111] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3769.547416] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3769.548718] ? kunit_add_resource+0x197/0x280 [kunit] [ 3769.549973] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.551232] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3769.552477] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.554071] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3769.555415] kthread+0x361/0x420 [ 3769.556273] ? set_kthread_struct+0x110/0x110 [ 3769.557422] ret_from_fork+0x1f/0x30 [ 3769.558385] [ 3769.558802] Allocated by task 117934: [ 3769.559766] kasan_save_stack+0x1e/0x50 [ 3769.560785] __kasan_slab_alloc+0x66/0x80 [ 3769.561841] kmem_cache_alloc+0x161/0x310 [ 3769.562899] kmem_cache_oob+0x121/0x2e0 [test_kasan] [ 3769.564204] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3769.565490] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3769.567075] kthread+0x361/0x420 [ 3769.567931] ret_from_fork+0x1f/0x30 [ 3769.568877] [ 3769.569289] The buggy address belongs to the object at ffff88807c667000 [ 3769.569289] which belongs to the cache test_cache of size 200 [ 3769.572485] The buggy address is located 0 bytes to the right of [ 3769.572485] 200-byte region [ffff88807c667000, ffff88807c6670c8) [ 3769.575593] The buggy address belongs to the page: [ 3769.576840] page:00000000ee6ff113 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c667 [ 3769.579238] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3769.581000] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888079658b40 [ 3769.582791] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 3769.584577] page dumped because: kasan: bad access detected [ 3769.585947] [ 3769.586360] Memory state around the buggy address: [ 3769.587616] ffff88807c666f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3769.589403] ffff88807c667000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3769.591075] >ffff88807c667080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 3769.592746] ^ [ 3769.594039] ffff88807c667100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3769.595711] ffff88807c667180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3769.597376] ================================================================== [ 3769.914747] ok 29 - kmem_cache_oob [ 3770.455339] ok 30 - kmem_cache_accounted [ 3770.486326] ok 31 - kmem_cache_bulk [ 3770.490088] ================================================================== [ 3770.492931] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3770.495113] Read of size 1 at addr ffffffffc1a7e3cd by task kunit_try_catch/117937 [ 3770.497012] [ 3770.497422] CPU: 0 PID: 117937 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3770.500949] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3770.502397] Call Trace: [ 3770.503038] dump_stack_lvl+0x57/0x81 [ 3770.503983] print_address_description.constprop.0+0x1f/0x140 [ 3770.505444] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3770.506910] __kasan_report.cold+0x7f/0x122 [ 3770.507988] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3770.509466] kasan_report+0x38/0x50 [ 3770.510356] kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3770.511787] ? kasan_stack_oob+0x200/0x200 [test_kasan] [ 3770.513112] ? do_raw_spin_trylock+0xb5/0x180 [ 3770.514222] ? do_raw_spin_lock+0x270/0x270 [ 3770.515287] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.516481] ? lock_acquire+0x228/0x2d0 [ 3770.517472] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3770.518735] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3770.520152] ? kunit_add_resource+0x197/0x280 [kunit] [ 3770.521442] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.522689] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3770.523967] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.525515] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3770.526825] kthread+0x361/0x420 [ 3770.527661] ? set_kthread_struct+0x110/0x110 [ 3770.528777] ret_from_fork+0x1f/0x30 [ 3770.529700] [ 3770.530103] The buggy address belongs to the variable: [ 3770.531414] global_array+0xd/0xfffffffffffe6c40 [test_kasan] [ 3770.532862] [ 3770.533261] Memory state around the buggy address: [ 3770.534477] ffffffffc1a7e280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.536283] ffffffffc1a7e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.538095] >ffffffffc1a7e380: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 3770.539913] ^ [ 3770.541322] ffffffffc1a7e400: 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 3770.543134] ffffffffc1a7e480: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 [ 3770.544945] ================================================================== [ 3770.549147] ok 32 - kasan_global_oob_right [ 3770.559078] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y [ 3770.564104] ================================================================== [ 3770.568861] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3770.571581] Read of size 1 at addr ffffc9000120fe72 by task kunit_try_catch/117940 [ 3770.574136] [ 3770.574684] CPU: 0 PID: 117940 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3770.579419] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3770.581356] Call Trace: [ 3770.582224] dump_stack_lvl+0x57/0x81 [ 3770.583505] print_address_description.constprop.0+0x1f/0x140 [ 3770.585472] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3770.587257] __kasan_report.cold+0x7f/0x122 [ 3770.588710] ? pick_next_task_fair+0x370/0xe50 [ 3770.590239] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3770.592032] kasan_report+0x38/0x50 [ 3770.593246] kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3770.594981] ? match_all_mem_tag+0x20/0x20 [test_kasan] [ 3770.596779] ? do_raw_spin_trylock+0xb5/0x180 [ 3770.598275] ? do_raw_spin_lock+0x270/0x270 [ 3770.599723] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.601335] ? lock_acquire+0x228/0x2d0 [ 3770.602666] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3770.604371] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3770.606280] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3770.607988] ? kunit_add_resource+0x197/0x280 [kunit] [ 3770.609731] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.611393] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3770.613131] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.615212] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3770.616972] kthread+0x361/0x420 [ 3770.618099] ? set_kthread_struct+0x110/0x110 [ 3770.619602] ret_from_fork+0x1f/0x30 [ 3770.620860] [ 3770.621412] [ 3770.621954] addr ffffc9000120fe72 is located in stack of task kunit_try_catch/117940 at offset 266 in frame: [ 3770.625273] kasan_stack_oob+0x0/0x200 [test_kasan] [ 3770.626949] [ 3770.627500] this frame has 4 objects: [ 3770.628769] [48, 56) 'array' [ 3770.628775] [80, 128) '__assertion' [ 3770.629815] [160, 224) '__assertion' [ 3770.631054] [256, 266) 'stack_array' [ 3770.632323] [ 3770.634122] Memory state around the buggy address: [ 3770.635772] ffffc9000120fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 3770.638209] ffffc9000120fd80: f1 00 00 00 f2 f2 f2 00 00 00 00 00 00 f2 f2 f2 [ 3770.640408] >ffffc9000120fe00: f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02 f3 [ 3770.642586] ^ [ 3770.644651] ffffc9000120fe80: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.647002] ffffc9000120ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.649230] ================================================================== [ 3770.651803] ok 34 - kasan_stack_oob [ 3770.658161] ================================================================== [ 3770.661068] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3770.663267] Read of size 1 at addr ffffc9000107fd1f by task kunit_try_catch/117941 [ 3770.665196] [ 3770.665618] CPU: 0 PID: 117941 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3770.669302] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3770.670819] Call Trace: [ 3770.671495] dump_stack_lvl+0x57/0x81 [ 3770.672483] print_address_description.constprop.0+0x1f/0x140 [ 3770.674001] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3770.675518] __kasan_report.cold+0x7f/0x122 [ 3770.676630] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3770.678134] kasan_report+0x38/0x50 [ 3770.679063] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3770.680533] ? pick_next_task_fair+0x46a/0xe50 [ 3770.681692] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.682898] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan] [ 3770.684388] ? do_raw_spin_trylock+0xb5/0x180 [ 3770.685517] ? do_raw_spin_lock+0x270/0x270 [ 3770.686619] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.687859] ? lock_acquire+0x228/0x2d0 [ 3770.688874] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3770.690191] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3770.691655] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3770.692973] ? kunit_add_resource+0x197/0x280 [kunit] [ 3770.694316] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.695600] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3770.696939] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.698548] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3770.699895] kthread+0x361/0x420 [ 3770.700757] ? set_kthread_struct+0x110/0x110 [ 3770.701912] ret_from_fork+0x1f/0x30 [ 3770.702873] [ 3770.703275] [ 3770.703688] Memory state around the buggy address: [ 3770.704912] ffffc9000107fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.706752] ffffc9000107fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.708592] >ffffc9000107fd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 f1 [ 3770.710471] ^ [ 3770.711536] ffffc9000107fd80: f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 00 f2 [ 3770.713429] ffffc9000107fe00: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 3770.715303] ================================================================== [ 3770.717834] ok 35 - kasan_alloca_oob_left [ 3770.723060] ================================================================== [ 3770.726142] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3770.728414] Read of size 1 at addr ffffc900013c7d2a by task kunit_try_catch/117943 [ 3770.730377] [ 3770.730799] CPU: 0 PID: 117943 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3770.734462] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3770.735958] Call Trace: [ 3770.736610] dump_stack_lvl+0x57/0x81 [ 3770.737565] print_address_description.constprop.0+0x1f/0x140 [ 3770.739025] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3770.740528] __kasan_report.cold+0x7f/0x122 [ 3770.741626] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3770.743123] kasan_report+0x38/0x50 [ 3770.744053] kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3770.745539] ? pick_next_task_fair+0x46a/0xe50 [ 3770.746719] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.747966] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan] [ 3770.749509] ? do_raw_spin_trylock+0xb5/0x180 [ 3770.750673] ? do_raw_spin_lock+0x270/0x270 [ 3770.751777] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.753025] ? lock_acquire+0x228/0x2d0 [ 3770.754044] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3770.755369] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3770.756840] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3770.758147] ? kunit_add_resource+0x197/0x280 [kunit] [ 3770.759460] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.760717] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3770.762018] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.763594] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3770.764955] kthread+0x361/0x420 [ 3770.765829] ? set_kthread_struct+0x110/0x110 [ 3770.766981] ret_from_fork+0x1f/0x30 [ 3770.767948] [ 3770.768370] [ 3770.768792] Memory state around the buggy address: [ 3770.770047] ffffc900013c7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.771924] ffffc900013c7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.773806] >ffffc900013c7d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 f1 [ 3770.775638] ^ [ 3770.776797] ffffc900013c7d80: f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 00 f2 [ 3770.778530] ffffc900013c7e00: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 3770.780212] ================================================================== [ 3770.782155] ok 36 - kasan_alloca_oob_right [ 3770.788098] ================================================================== [ 3770.791083] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3770.793038] Read of size 1 at addr ffff88805d7c8580 by task kunit_try_catch/117944 [ 3770.794734] [ 3770.795090] CPU: 0 PID: 117944 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3770.798258] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3770.799587] Call Trace: [ 3770.800178] dump_stack_lvl+0x57/0x81 [ 3770.801051] print_address_description.constprop.0+0x1f/0x140 [ 3770.802400] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3770.803764] __kasan_report.cold+0x7f/0x122 [ 3770.804752] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3770.806119] kasan_report+0x38/0x50 [ 3770.806948] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3770.808278] ? ksize_uaf+0x4a0/0x4a0 [test_kasan] [ 3770.809381] ? do_raw_spin_trylock+0xb5/0x180 [ 3770.810404] ? do_raw_spin_lock+0x270/0x270 [ 3770.811347] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.812422] ? lock_acquire+0x228/0x2d0 [ 3770.813291] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3770.814439] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3770.815727] ? kunit_add_resource+0x197/0x280 [kunit] [ 3770.816912] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.818056] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3770.819244] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.820659] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3770.821895] kthread+0x361/0x420 [ 3770.822754] ? set_kthread_struct+0x110/0x110 [ 3770.823794] ret_from_fork+0x1f/0x30 [ 3770.824626] [ 3770.824982] Allocated by task 117944: [ 3770.825820] kasan_save_stack+0x1e/0x50 [ 3770.826702] __kasan_kmalloc+0x81/0xa0 [ 3770.827575] ksize_unpoisons_memory+0x9a/0x300 [test_kasan] [ 3770.828873] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.830021] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.831442] kthread+0x361/0x420 [ 3770.832201] ret_from_fork+0x1f/0x30 [ 3770.833045] [ 3770.833420] The buggy address belongs to the object at ffff88805d7c8500 [ 3770.833420] which belongs to the cache kmalloc-128 of size 128 [ 3770.836291] The buggy address is located 0 bytes to the right of [ 3770.836291] 128-byte region [ffff88805d7c8500, ffff88805d7c8580) [ 3770.839072] The buggy address belongs to the page: [ 3770.840174] page:00000000f577d699 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d7c8 [ 3770.842242] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3770.843793] raw: 000fffffc0000200 ffffea00001eee00 dead000000000004 ffff8880010418c0 [ 3770.845566] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3770.847358] page dumped because: kasan: bad access detected [ 3770.848656] [ 3770.849021] Memory state around the buggy address: [ 3770.850134] ffff88805d7c8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3770.851798] ffff88805d7c8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3770.853467] >ffff88805d7c8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3770.855131] ^ [ 3770.855950] ffff88805d7c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3770.857694] ffff88805d7c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3770.859423] ================================================================== [ 3770.861334] ok 37 - ksize_unpoisons_memory [ 3770.866174] ================================================================== [ 3770.868932] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3770.870560] Read of size 1 at addr ffff88805d6c6000 by task kunit_try_catch/117945 [ 3770.872423] [ 3770.872781] CPU: 0 PID: 117945 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3770.875968] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3770.877303] Call Trace: [ 3770.877893] dump_stack_lvl+0x57/0x81 [ 3770.878767] print_address_description.constprop.0+0x1f/0x140 [ 3770.880107] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3770.881209] __kasan_report.cold+0x7f/0x122 [ 3770.882194] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3770.883389] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3770.884575] kasan_report+0x38/0x50 [ 3770.885409] __kasan_check_byte+0x36/0x50 [ 3770.886352] ksize+0x1b/0x50 [ 3770.887043] ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3770.888237] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 3770.889419] ? do_raw_spin_trylock+0xb5/0x180 [ 3770.890407] ? do_raw_spin_lock+0x270/0x270 [ 3770.891361] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.892428] ? lock_acquire+0x228/0x2d0 [ 3770.893329] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3770.894500] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3770.895810] ? kunit_add_resource+0x197/0x280 [kunit] [ 3770.897003] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.898137] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3770.899322] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.900749] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3770.901949] kthread+0x361/0x420 [ 3770.902714] ? set_kthread_struct+0x110/0x110 [ 3770.903743] ret_from_fork+0x1f/0x30 [ 3770.904601] [ 3770.904972] Allocated by task 117945: [ 3770.905829] kasan_save_stack+0x1e/0x50 [ 3770.906738] __kasan_kmalloc+0x81/0xa0 [ 3770.907605] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 3770.908694] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.909900] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.911276] kthread+0x361/0x420 [ 3770.912015] ret_from_fork+0x1f/0x30 [ 3770.912845] [ 3770.913203] Freed by task 117945: [ 3770.913965] kasan_save_stack+0x1e/0x50 [ 3770.914841] kasan_set_track+0x21/0x30 [ 3770.915696] kasan_set_free_info+0x20/0x40 [ 3770.916637] __kasan_slab_free+0xec/0x120 [ 3770.917626] slab_free_freelist_hook+0xa3/0x1d0 [ 3770.918750] kfree+0xdc/0x4e0 [ 3770.919443] ksize_uaf+0x137/0x4a0 [test_kasan] [ 3770.920477] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3770.921685] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3770.923189] kthread+0x361/0x420 [ 3770.923929] ret_from_fork+0x1f/0x30 [ 3770.924748] [ 3770.925107] Last potentially related work creation: [ 3770.926210] kasan_save_stack+0x1e/0x50 [ 3770.927153] __kasan_record_aux_stack+0xb2/0xc0 [ 3770.928279] insert_work+0x47/0x310 [ 3770.929105] __queue_work+0x4dd/0xd60 [ 3770.929973] rcu_work_rcufn+0x42/0x70 [ 3770.930813] rcu_do_batch+0x3c2/0xdc0 [ 3770.931792] rcu_core+0x3de/0x5a0 [ 3770.932587] __do_softirq+0x2d0/0x9a8 [ 3770.933432] [ 3770.933790] Second to last potentially related work creation: [ 3770.935085] kasan_save_stack+0x1e/0x50 [ 3770.935959] __kasan_record_aux_stack+0xb2/0xc0 [ 3770.936986] call_rcu+0xee/0x890 [ 3770.937733] queue_rcu_work+0x5a/0x70 [ 3770.938568] writeback_sb_inodes+0x373/0xd00 [ 3770.939536] __writeback_inodes_wb+0xb7/0x210 [ 3770.940533] wb_writeback+0x686/0xa10 [ 3770.941371] wb_do_writeback+0x5de/0x8a0 [ 3770.942275] wb_workfn+0x16a/0x700 [ 3770.943066] process_one_work+0x8c8/0x1590 [ 3770.944002] worker_thread+0x59b/0x1010 [ 3770.944873] kthread+0x361/0x420 [ 3770.945741] ret_from_fork+0x1f/0x30 [ 3770.946624] [ 3770.946982] The buggy address belongs to the object at ffff88805d6c6000 [ 3770.946982] which belongs to the cache kmalloc-128 of size 128 [ 3770.949774] The buggy address is located 0 bytes inside of [ 3770.949774] 128-byte region [ffff88805d6c6000, ffff88805d6c6080) [ 3770.952349] The buggy address belongs to the page: [ 3770.953443] page:000000008dabd177 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d6c6 [ 3770.955527] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3770.957089] raw: 000fffffc0000200 ffffea00019bb500 dead000000000006 ffff8880010418c0 [ 3770.958865] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3770.960676] page dumped because: kasan: bad access detected [ 3770.962042] [ 3770.962408] Memory state around the buggy address: [ 3770.963488] ffff88805d6c5f00: 00 fc fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc [ 3770.965120] ffff88805d6c5f80: fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc fc fc [ 3770.966732] >ffff88805d6c6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3770.968302] ^ [ 3770.969025] ffff88805d6c6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3770.970592] ffff88805d6c6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3770.972162] ================================================================== [ 3770.974074] ================================================================== [ 3770.975675] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3770.977220] Read of size 1 at addr ffff88805d6c6000 by task kunit_try_catch/117945 [ 3770.978869] [ 3770.979222] CPU: 0 PID: 117945 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3770.982296] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3770.983569] Call Trace: [ 3770.984129] dump_stack_lvl+0x57/0x81 [ 3770.984951] print_address_description.constprop.0+0x1f/0x140 [ 3770.986221] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3770.987268] __kasan_report.cold+0x7f/0x122 [ 3770.988201] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3770.989251] kasan_report+0x38/0x50 [ 3770.990039] ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3770.991089] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 3770.992249] ? do_raw_spin_trylock+0xb5/0x180 [ 3770.993212] ? do_raw_spin_lock+0x270/0x270 [ 3770.994139] ? rcu_read_lock_sched_held+0x12/0x80 [ 3770.995182] ? lock_acquire+0x228/0x2d0 [ 3770.996044] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3770.997152] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3770.998390] ? kunit_add_resource+0x197/0x280 [kunit] [ 3770.999513] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.000613] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3771.001888] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.003222] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3771.004359] kthread+0x361/0x420 [ 3771.005085] ? set_kthread_struct+0x110/0x110 [ 3771.006049] ret_from_fork+0x1f/0x30 [ 3771.006882] [ 3771.007275] Allocated by task 117945: [ 3771.008184] kasan_save_stack+0x1e/0x50 [ 3771.009041] __kasan_kmalloc+0x81/0xa0 [ 3771.009880] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 3771.010868] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.011949] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.013291] kthread+0x361/0x420 [ 3771.014014] ret_from_fork+0x1f/0x30 [ 3771.014817] [ 3771.015166] Freed by task 117945: [ 3771.015935] kasan_save_stack+0x1e/0x50 [ 3771.016841] kasan_set_track+0x21/0x30 [ 3771.017717] kasan_set_free_info+0x20/0x40 [ 3771.018687] __kasan_slab_free+0xec/0x120 [ 3771.019635] slab_free_freelist_hook+0xa3/0x1d0 [ 3771.020703] kfree+0xdc/0x4e0 [ 3771.021416] ksize_uaf+0x137/0x4a0 [test_kasan] [ 3771.022488] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.023633] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.025052] kthread+0x361/0x420 [ 3771.025821] ret_from_fork+0x1f/0x30 [ 3771.026675] [ 3771.027048] Last potentially related work creation: [ 3771.028192] kasan_save_stack+0x1e/0x50 [ 3771.029104] __kasan_record_aux_stack+0xb2/0xc0 [ 3771.030171] insert_work+0x47/0x310 [ 3771.030994] __queue_work+0x4dd/0xd60 [ 3771.031866] rcu_work_rcufn+0x42/0x70 [ 3771.032737] rcu_do_batch+0x3c2/0xdc0 [ 3771.033608] rcu_core+0x3de/0x5a0 [ 3771.034398] __do_softirq+0x2d0/0x9a8 [ 3771.035266] [ 3771.035643] Second to last potentially related work creation: [ 3771.037102] kasan_save_stack+0x1e/0x50 [ 3771.038069] __kasan_record_aux_stack+0xb2/0xc0 [ 3771.039139] call_rcu+0xee/0x890 [ 3771.039916] queue_rcu_work+0x5a/0x70 [ 3771.040845] writeback_sb_inodes+0x373/0xd00 [ 3771.041940] __writeback_inodes_wb+0xb7/0x210 [ 3771.042973] wb_writeback+0x686/0xa10 [ 3771.043845] wb_do_writeback+0x5de/0x8a0 [ 3771.044836] wb_workfn+0x16a/0x700 [ 3771.045734] process_one_work+0x8c8/0x1590 [ 3771.046739] worker_thread+0x59b/0x1010 [ 3771.047758] kthread+0x361/0x420 [ 3771.048618] ret_from_fork+0x1f/0x30 [ 3771.049568] [ 3771.049982] The buggy address belongs to the object at ffff88805d6c6000 [ 3771.049982] which belongs to the cache kmalloc-128 of size 128 [ 3771.053152] The buggy address is located 0 bytes inside of [ 3771.053152] 128-byte region [ffff88805d6c6000, ffff88805d6c6080) [ 3771.055827] The buggy address belongs to the page: [ 3771.056950] page:000000008dabd177 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d6c6 [ 3771.059095] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3771.060711] raw: 000fffffc0000200 ffffea00019bb500 dead000000000006 ffff8880010418c0 [ 3771.062505] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3771.064415] page dumped because: kasan: bad access detected [ 3771.065775] [ 3771.066150] Memory state around the buggy address: [ 3771.067279] ffff88805d6c5f00: 00 fc fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc [ 3771.069051] ffff88805d6c5f80: fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc fc fc [ 3771.070797] >ffff88805d6c6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3771.072477] ^ [ 3771.073236] ffff88805d6c6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.074907] ffff88805d6c6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3771.076580] ================================================================== [ 3771.078276] ================================================================== [ 3771.079965] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan] [ 3771.081596] Read of size 1 at addr ffff88805d6c6078 by task kunit_try_catch/117945 [ 3771.083358] [ 3771.083733] CPU: 0 PID: 117945 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3771.086999] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3771.088345] Call Trace: [ 3771.088942] dump_stack_lvl+0x57/0x81 [ 3771.089812] print_address_description.constprop.0+0x1f/0x140 [ 3771.091163] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 3771.092270] __kasan_report.cold+0x7f/0x122 [ 3771.093264] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 3771.094381] kasan_report+0x38/0x50 [ 3771.095259] ksize_uaf+0x470/0x4a0 [test_kasan] [ 3771.096374] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 3771.097577] ? do_raw_spin_trylock+0xb5/0x180 [ 3771.098675] ? do_raw_spin_lock+0x270/0x270 [ 3771.099691] ? rcu_read_lock_sched_held+0x12/0x80 [ 3771.100887] ? lock_acquire+0x228/0x2d0 [ 3771.101898] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3771.103155] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3771.104466] ? kunit_add_resource+0x197/0x280 [kunit] [ 3771.105774] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.106922] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3771.108107] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.109664] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3771.111025] kthread+0x361/0x420 [ 3771.111885] ? set_kthread_struct+0x110/0x110 [ 3771.113032] ret_from_fork+0x1f/0x30 [ 3771.113998] [ 3771.114416] Allocated by task 117945: [ 3771.115339] kasan_save_stack+0x1e/0x50 [ 3771.116358] __kasan_kmalloc+0x81/0xa0 [ 3771.117336] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 3771.118471] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.119744] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.121330] kthread+0x361/0x420 [ 3771.122115] ret_from_fork+0x1f/0x30 [ 3771.123003] [ 3771.123421] Freed by task 117945: [ 3771.124304] kasan_save_stack+0x1e/0x50 [ 3771.125254] kasan_set_track+0x21/0x30 [ 3771.126139] kasan_set_free_info+0x20/0x40 [ 3771.127096] __kasan_slab_free+0xec/0x120 [ 3771.128040] slab_free_freelist_hook+0xa3/0x1d0 [ 3771.129101] kfree+0xdc/0x4e0 [ 3771.129805] ksize_uaf+0x137/0x4a0 [test_kasan] [ 3771.130869] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.132024] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.133449] kthread+0x361/0x420 [ 3771.134207] ret_from_fork+0x1f/0x30 [ 3771.135053] [ 3771.135423] Last potentially related work creation: [ 3771.136562] kasan_save_stack+0x1e/0x50 [ 3771.137471] __kasan_record_aux_stack+0xb2/0xc0 [ 3771.138533] insert_work+0x47/0x310 [ 3771.139367] __queue_work+0x4dd/0xd60 [ 3771.140229] rcu_work_rcufn+0x42/0x70 [ 3771.141098] rcu_do_batch+0x3c2/0xdc0 [ 3771.141964] rcu_core+0x3de/0x5a0 [ 3771.142753] __do_softirq+0x2d0/0x9a8 [ 3771.143621] [ 3771.143989] Second to last potentially related work creation: [ 3771.145437] kasan_save_stack+0x1e/0x50 [ 3771.146450] __kasan_record_aux_stack+0xb2/0xc0 [ 3771.147640] call_rcu+0xee/0x890 [ 3771.148497] queue_rcu_work+0x5a/0x70 [ 3771.149471] writeback_sb_inodes+0x373/0xd00 [ 3771.150596] __writeback_inodes_wb+0xb7/0x210 [ 3771.151746] wb_writeback+0x686/0xa10 [ 3771.152708] wb_do_writeback+0x5de/0x8a0 [ 3771.153748] wb_workfn+0x16a/0x700 [ 3771.154650] process_one_work+0x8c8/0x1590 [ 3771.155737] worker_thread+0x59b/0x1010 [ 3771.156741] kthread+0x361/0x420 [ 3771.157553] ret_from_fork+0x1f/0x30 [ 3771.158401] [ 3771.158824] The buggy address belongs to the object at ffff88805d6c6000 [ 3771.158824] which belongs to the cache kmalloc-128 of size 128 [ 3771.161842] The buggy address is located 120 bytes inside of [ 3771.161842] 128-byte region [ffff88805d6c6000, ffff88805d6c6080) [ 3771.164707] The buggy address belongs to the page: [ 3771.165835] page:000000008dabd177 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d6c6 [ 3771.168018] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3771.169742] raw: 000fffffc0000200 ffffea00019bb500 dead000000000006 ffff8880010418c0 [ 3771.171529] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3771.173321] page dumped because: kasan: bad access detected [ 3771.174625] [ 3771.174996] Memory state around the buggy address: [ 3771.176127] ffff88805d6c5f00: 00 fc fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc [ 3771.177806] ffff88805d6c5f80: fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc fc fc [ 3771.179484] >ffff88805d6c6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3771.181158] ^ [ 3771.182811] ffff88805d6c6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.184492] ffff88805d6c6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3771.186166] ================================================================== [ 3771.188572] ok 38 - ksize_uaf [ 3771.194393] ================================================================== [ 3771.196907] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x118/0x4b0 [ 3771.198671] [ 3771.199042] CPU: 0 PID: 117946 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3771.202436] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3771.203781] Call Trace: [ 3771.204380] dump_stack_lvl+0x57/0x81 [ 3771.205250] print_address_description.constprop.0+0x1f/0x140 [ 3771.206598] ? kmem_cache_free+0x118/0x4b0 [ 3771.207568] kasan_report_invalid_free+0x70/0xa0 [ 3771.208727] ? kmem_cache_free+0x118/0x4b0 [ 3771.209824] __kasan_slab_free+0x108/0x120 [ 3771.210796] slab_free_freelist_hook+0xa3/0x1d0 [ 3771.211874] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 3771.213246] kmem_cache_free+0x118/0x4b0 [ 3771.214183] ? trace_kmem_cache_alloc+0x3c/0x100 [ 3771.215276] kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 3771.216606] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan] [ 3771.217993] ? do_raw_spin_trylock+0xb5/0x180 [ 3771.219029] ? do_raw_spin_lock+0x270/0x270 [ 3771.220104] ? rcu_read_lock_sched_held+0x12/0x80 [ 3771.221342] ? lock_acquire+0x228/0x2d0 [ 3771.222252] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3771.223428] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3771.224735] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3771.225908] ? kunit_add_resource+0x197/0x280 [kunit] [ 3771.227108] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.228261] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3771.229455] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.230880] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3771.232094] kthread+0x361/0x420 [ 3771.232869] ? set_kthread_struct+0x110/0x110 [ 3771.233906] ret_from_fork+0x1f/0x30 [ 3771.234763] [ 3771.235133] Allocated by task 117946: [ 3771.236005] kasan_save_stack+0x1e/0x50 [ 3771.236913] __kasan_slab_alloc+0x66/0x80 [ 3771.237863] kmem_cache_alloc+0x161/0x310 [ 3771.238817] kmem_cache_double_free+0x123/0x280 [test_kasan] [ 3771.240136] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.241284] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.242723] kthread+0x361/0x420 [ 3771.243500] ret_from_fork+0x1f/0x30 [ 3771.244347] [ 3771.244723] Freed by task 117946: [ 3771.245515] kasan_save_stack+0x1e/0x50 [ 3771.246425] kasan_set_track+0x21/0x30 [ 3771.247308] kasan_set_free_info+0x20/0x40 [ 3771.248282] __kasan_slab_free+0xec/0x120 [ 3771.249230] slab_free_freelist_hook+0xa3/0x1d0 [ 3771.250302] kmem_cache_free+0x118/0x4b0 [ 3771.251232] kmem_cache_double_free+0x144/0x280 [test_kasan] [ 3771.252566] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.253718] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.255148] kthread+0x361/0x420 [ 3771.255919] ret_from_fork+0x1f/0x30 [ 3771.256769] [ 3771.257141] The buggy address belongs to the object at ffff88807b4b4a50 [ 3771.257141] which belongs to the cache test_cache of size 200 [ 3771.260171] The buggy address is located 0 bytes inside of [ 3771.260171] 200-byte region [ffff88807b4b4a50, ffff88807b4b4b18) [ 3771.262842] The buggy address belongs to the page: [ 3771.263968] page:00000000989f114d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b4b4 [ 3771.266126] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3771.267735] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888079658000 [ 3771.269565] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 3771.271483] page dumped because: kasan: bad access detected [ 3771.272787] [ 3771.273156] Memory state around the buggy address: [ 3771.274277] ffff88807b4b4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.275954] ffff88807b4b4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.277632] >ffff88807b4b4a00: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 3771.279303] ^ [ 3771.280666] ffff88807b4b4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3771.282336] ffff88807b4b4b00: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.284016] ================================================================== [ 3771.580436] ok 39 - kmem_cache_double_free [ 3771.584407] ================================================================== [ 3771.587159] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x118/0x4b0 [ 3771.588864] [ 3771.589226] CPU: 0 PID: 117947 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3771.592432] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3771.593765] Call Trace: [ 3771.594361] dump_stack_lvl+0x57/0x81 [ 3771.595227] print_address_description.constprop.0+0x1f/0x140 [ 3771.596578] ? kmem_cache_free+0x118/0x4b0 [ 3771.597547] kasan_report_invalid_free+0x70/0xa0 [ 3771.598652] ? kmem_cache_free+0x118/0x4b0 [ 3771.599733] __kasan_slab_free+0x108/0x120 [ 3771.600733] slab_free_freelist_hook+0xa3/0x1d0 [ 3771.601804] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 3771.603200] kmem_cache_free+0x118/0x4b0 [ 3771.604121] ? trace_kmem_cache_alloc+0x3c/0x100 [ 3771.605308] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 3771.606652] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan] [ 3771.608035] ? do_raw_spin_trylock+0xb5/0x180 [ 3771.609040] ? do_raw_spin_lock+0x270/0x270 [ 3771.610021] ? rcu_read_lock_sched_held+0x12/0x80 [ 3771.611130] ? lock_acquire+0x228/0x2d0 [ 3771.612045] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3771.613335] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3771.614703] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3771.615868] ? kunit_add_resource+0x197/0x280 [kunit] [ 3771.617059] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.618177] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3771.619334] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.620705] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3771.621894] kthread+0x361/0x420 [ 3771.622660] ? set_kthread_struct+0x110/0x110 [ 3771.623685] ret_from_fork+0x1f/0x30 [ 3771.624625] [ 3771.625038] Allocated by task 117947: [ 3771.625977] kasan_save_stack+0x1e/0x50 [ 3771.626920] __kasan_slab_alloc+0x66/0x80 [ 3771.627985] kmem_cache_alloc+0x161/0x310 [ 3771.628933] kmem_cache_invalid_free+0x126/0x280 [test_kasan] [ 3771.630272] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.631422] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.632848] kthread+0x361/0x420 [ 3771.633615] ret_from_fork+0x1f/0x30 [ 3771.634464] [ 3771.634835] The buggy address belongs to the object at ffff88807d589528 [ 3771.634835] which belongs to the cache test_cache of size 200 [ 3771.637763] The buggy address is located 1 bytes inside of [ 3771.637763] 200-byte region [ffff88807d589528, ffff88807d5895f0) [ 3771.640400] The buggy address belongs to the page: [ 3771.641526] page:000000007e4313c6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d589 [ 3771.643673] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3771.645277] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888079658280 [ 3771.647063] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 3771.648866] page dumped because: kasan: bad access detected [ 3771.650168] [ 3771.650537] Memory state around the buggy address: [ 3771.651663] ffff88807d589400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.653332] ffff88807d589480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.654955] >ffff88807d589500: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 [ 3771.656582] ^ [ 3771.657628] ffff88807d589580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 3771.659299] ffff88807d589600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3771.661070] ================================================================== [ 3771.889286] ok 40 - kmem_cache_invalid_free [ 3771.893638] ================================================================== [ 3771.897701] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3771.899692] Read of size 1 at addr ffff888079658b40 by task kunit_try_catch/117948 [ 3771.901454] [ 3771.901826] CPU: 0 PID: 117948 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3771.905136] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3771.906636] Call Trace: [ 3771.907298] dump_stack_lvl+0x57/0x81 [ 3771.908281] print_address_description.constprop.0+0x1f/0x140 [ 3771.909795] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3771.911397] __kasan_report.cold+0x7f/0x122 [ 3771.912471] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3771.913896] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3771.915328] kasan_report+0x38/0x50 [ 3771.916153] __kasan_check_byte+0x36/0x50 [ 3771.917217] kmem_cache_destroy+0x1f/0x150 [ 3771.918270] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3771.919674] ? kmalloc_oob_right+0x510/0x510 [test_kasan] [ 3771.920945] ? do_raw_spin_trylock+0xb5/0x180 [ 3771.921977] ? do_raw_spin_lock+0x270/0x270 [ 3771.922968] ? rcu_read_lock_sched_held+0x12/0x80 [ 3771.924082] ? lock_acquire+0x228/0x2d0 [ 3771.925009] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3771.926319] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3771.927788] ? kunit_add_resource+0x197/0x280 [kunit] [ 3771.929126] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.930413] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3771.931755] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.933354] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3771.934706] kthread+0x361/0x420 [ 3771.935571] ? set_kthread_struct+0x110/0x110 [ 3771.936725] ret_from_fork+0x1f/0x30 [ 3771.937690] [ 3771.938105] Allocated by task 117948: [ 3771.939076] kasan_save_stack+0x1e/0x50 [ 3771.940007] __kasan_slab_alloc+0x66/0x80 [ 3771.940959] kmem_cache_alloc+0x161/0x310 [ 3771.942005] kmem_cache_create_usercopy+0x1a2/0x2f0 [ 3771.943298] kmem_cache_create+0x12/0x20 [ 3771.944231] kmem_cache_double_destroy+0x8d/0x250 [test_kasan] [ 3771.945603] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.946756] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.948184] kthread+0x361/0x420 [ 3771.948956] ret_from_fork+0x1f/0x30 [ 3771.949816] [ 3771.950186] Freed by task 117948: [ 3771.950979] kasan_save_stack+0x1e/0x50 [ 3771.951934] kasan_set_track+0x21/0x30 [ 3771.952925] kasan_set_free_info+0x20/0x40 [ 3771.954029] __kasan_slab_free+0xec/0x120 [ 3771.955038] slab_free_freelist_hook+0xa3/0x1d0 [ 3771.956110] kmem_cache_free+0x118/0x4b0 [ 3771.957039] kobject_cleanup+0x101/0x390 [ 3771.957971] kmem_cache_destroy+0x11a/0x150 [ 3771.958964] kmem_cache_double_destroy+0x12a/0x250 [test_kasan] [ 3771.960354] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3771.961579] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3771.963098] kthread+0x361/0x420 [ 3771.963902] ret_from_fork+0x1f/0x30 [ 3771.964858] [ 3771.965227] The buggy address belongs to the object at ffff888079658b40 [ 3771.965227] which belongs to the cache kmem_cache of size 240 [ 3771.968200] The buggy address is located 0 bytes inside of [ 3771.968200] 240-byte region [ffff888079658b40, ffff888079658c30) [ 3771.971135] The buggy address belongs to the page: [ 3771.972399] page:0000000084534b21 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79658 [ 3771.974806] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3771.976548] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888001041000 [ 3771.978350] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 3771.980146] page dumped because: kasan: bad access detected [ 3771.981453] [ 3771.981824] Memory state around the buggy address: [ 3771.982949] ffff888079658a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3771.984632] ffff888079658a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 3771.986401] >ffff888079658b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 3771.988148] ^ [ 3771.989389] ffff888079658b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3771.991069] ffff888079658c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 3771.992752] ================================================================== [ 3771.996202] ok 41 - kmem_cache_double_destroy [ 3772.002976] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 3772.008049] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 3772.017109] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 3772.022957] ================================================================== [ 3772.026871] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3772.029275] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.031275] [ 3772.031698] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.035364] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.036871] Call Trace: [ 3772.037538] dump_stack_lvl+0x57/0x81 [ 3772.038519] print_address_description.constprop.0+0x1f/0x140 [ 3772.040029] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3772.041739] __kasan_report.cold+0x7f/0x122 [ 3772.042849] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3772.044553] kasan_report+0x38/0x50 [ 3772.045486] kasan_check_range+0xfd/0x1e0 [ 3772.046554] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3772.048218] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.049545] ? pick_next_task_fair+0x46a/0xe50 [ 3772.050723] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.051900] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.053029] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.054498] ? rcu_read_lock_held+0x50/0x50 [ 3772.055604] ? trace_kmalloc+0x3c/0x100 [ 3772.056625] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.057870] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.059289] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.061221] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.062710] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.064041] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.065331] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.066664] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.068259] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.069615] kthread+0x361/0x420 [ 3772.070481] ? set_kthread_struct+0x110/0x110 [ 3772.071640] ret_from_fork+0x1f/0x30 [ 3772.072606] [ 3772.073021] Allocated by task 117952: [ 3772.073993] kasan_save_stack+0x1e/0x50 [ 3772.075008] __kasan_kmalloc+0x81/0xa0 [ 3772.076000] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.077423] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.078709] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.080313] kthread+0x361/0x420 [ 3772.081174] ret_from_fork+0x1f/0x30 [ 3772.082122] [ 3772.082540] The buggy address belongs to the object at ffff88806a556820 [ 3772.082540] which belongs to the cache kmalloc-16 of size 16 [ 3772.085730] The buggy address is located 8 bytes inside of [ 3772.085730] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.088692] The buggy address belongs to the page: [ 3772.089949] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.092368] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.094159] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.096058] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.098067] page dumped because: kasan: bad access detected [ 3772.099531] [ 3772.099947] Memory state around the buggy address: [ 3772.101207] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.102974] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.104663] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.106523] ^ [ 3772.107671] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.109547] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.111367] ================================================================== [ 3772.113398] ================================================================== [ 3772.115279] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3772.117701] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.119686] [ 3772.120058] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.123624] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.125090] Call Trace: [ 3772.125756] dump_stack_lvl+0x57/0x81 [ 3772.126737] print_address_description.constprop.0+0x1f/0x140 [ 3772.128243] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3772.129985] __kasan_report.cold+0x7f/0x122 [ 3772.131105] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3772.132655] kasan_report+0x38/0x50 [ 3772.133489] kasan_check_range+0xfd/0x1e0 [ 3772.134446] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3772.135957] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.137150] ? pick_next_task_fair+0x46a/0xe50 [ 3772.138198] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.139252] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.140266] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.141586] ? rcu_read_lock_held+0x50/0x50 [ 3772.142590] ? trace_kmalloc+0x3c/0x100 [ 3772.143509] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.144625] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.145904] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.147822] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.149318] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.150559] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.151715] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.152908] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.154338] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.155610] kthread+0x361/0x420 [ 3772.156470] ? set_kthread_struct+0x110/0x110 [ 3772.157618] ret_from_fork+0x1f/0x30 [ 3772.158520] [ 3772.158891] Allocated by task 117952: [ 3772.159764] kasan_save_stack+0x1e/0x50 [ 3772.160680] __kasan_kmalloc+0x81/0xa0 [ 3772.161569] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.162841] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.163987] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.165415] kthread+0x361/0x420 [ 3772.166185] ret_from_fork+0x1f/0x30 [ 3772.167036] [ 3772.167428] The buggy address belongs to the object at ffff88806a556820 [ 3772.167428] which belongs to the cache kmalloc-16 of size 16 [ 3772.170443] The buggy address is located 8 bytes inside of [ 3772.170443] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.173323] The buggy address belongs to the page: [ 3772.174449] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.176611] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.178214] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.180018] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.182013] page dumped because: kasan: bad access detected [ 3772.183313] [ 3772.183687] Memory state around the buggy address: [ 3772.184811] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.186628] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.188501] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.190376] ^ [ 3772.191565] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.193445] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.195321] ================================================================== [ 3772.197052] ================================================================== [ 3772.198932] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3772.201236] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.203230] [ 3772.203662] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.207288] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.208791] Call Trace: [ 3772.209455] dump_stack_lvl+0x57/0x81 [ 3772.210433] print_address_description.constprop.0+0x1f/0x140 [ 3772.211878] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3772.213524] __kasan_report.cold+0x7f/0x122 [ 3772.214517] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3772.216167] kasan_report+0x38/0x50 [ 3772.217100] kasan_check_range+0xfd/0x1e0 [ 3772.218167] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3772.219854] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.221178] ? pick_next_task_fair+0x46a/0xe50 [ 3772.222355] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.223533] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.224670] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.226073] ? rcu_read_lock_held+0x50/0x50 [ 3772.227065] ? trace_kmalloc+0x3c/0x100 [ 3772.227976] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.229086] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.230353] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.232073] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.233404] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.234597] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.235747] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.236937] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.238368] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.239575] kthread+0x361/0x420 [ 3772.240350] ? set_kthread_struct+0x110/0x110 [ 3772.241385] ret_from_fork+0x1f/0x30 [ 3772.242240] [ 3772.242613] Allocated by task 117952: [ 3772.243479] kasan_save_stack+0x1e/0x50 [ 3772.244392] __kasan_kmalloc+0x81/0xa0 [ 3772.245285] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.246548] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.247825] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.249292] kthread+0x361/0x420 [ 3772.250060] ret_from_fork+0x1f/0x30 [ 3772.250917] [ 3772.251295] The buggy address belongs to the object at ffff88806a556820 [ 3772.251295] which belongs to the cache kmalloc-16 of size 16 [ 3772.254138] The buggy address is located 8 bytes inside of [ 3772.254138] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.256800] The buggy address belongs to the page: [ 3772.257929] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.260269] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.262070] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.263922] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.265717] page dumped because: kasan: bad access detected [ 3772.267022] [ 3772.267397] Memory state around the buggy address: [ 3772.268523] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.270202] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.271893] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.273578] ^ [ 3772.274643] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.276331] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.278002] ================================================================== [ 3772.279696] ================================================================== [ 3772.281383] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3772.283542] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.285429] [ 3772.285845] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.289211] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.290554] Call Trace: [ 3772.291142] dump_stack_lvl+0x57/0x81 [ 3772.292014] print_address_description.constprop.0+0x1f/0x140 [ 3772.293364] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3772.294985] __kasan_report.cold+0x7f/0x122 [ 3772.296094] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3772.297835] kasan_report+0x38/0x50 [ 3772.298781] kasan_check_range+0xfd/0x1e0 [ 3772.299732] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3772.301239] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.302439] ? pick_next_task_fair+0x46a/0xe50 [ 3772.303494] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.304553] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.305572] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.306883] ? rcu_read_lock_held+0x50/0x50 [ 3772.307877] ? trace_kmalloc+0x3c/0x100 [ 3772.308792] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.309898] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.311165] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.312900] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.314233] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.315442] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.316599] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.317875] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.319475] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.320822] kthread+0x361/0x420 [ 3772.321683] ? set_kthread_struct+0x110/0x110 [ 3772.322766] ret_from_fork+0x1f/0x30 [ 3772.323623] [ 3772.323994] Allocated by task 117952: [ 3772.324964] kasan_save_stack+0x1e/0x50 [ 3772.325991] __kasan_kmalloc+0x81/0xa0 [ 3772.326993] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.328265] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.329521] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.331114] kthread+0x361/0x420 [ 3772.331979] ret_from_fork+0x1f/0x30 [ 3772.332828] [ 3772.333199] The buggy address belongs to the object at ffff88806a556820 [ 3772.333199] which belongs to the cache kmalloc-16 of size 16 [ 3772.336047] The buggy address is located 8 bytes inside of [ 3772.336047] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.338708] The buggy address belongs to the page: [ 3772.339834] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.342000] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.343780] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.345788] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.347619] page dumped because: kasan: bad access detected [ 3772.348927] [ 3772.349303] Memory state around the buggy address: [ 3772.350431] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.352286] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.354017] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.355695] ^ [ 3772.356764] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.358445] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.360123] ================================================================== [ 3772.361818] ================================================================== [ 3772.363503] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3772.365843] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.367701] [ 3772.368074] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.371465] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.372960] Call Trace: [ 3772.373634] dump_stack_lvl+0x57/0x81 [ 3772.374604] print_address_description.constprop.0+0x1f/0x140 [ 3772.375993] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3772.377641] __kasan_report.cold+0x7f/0x122 [ 3772.378708] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3772.380254] kasan_report+0x38/0x50 [ 3772.381090] kasan_check_range+0xfd/0x1e0 [ 3772.382041] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3772.383553] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.384749] ? pick_next_task_fair+0x46a/0xe50 [ 3772.385797] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.386847] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.387862] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.389172] ? rcu_read_lock_held+0x50/0x50 [ 3772.390163] ? trace_kmalloc+0x3c/0x100 [ 3772.391074] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.392188] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.393463] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.395194] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.396523] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.397722] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.398979] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.400200] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.401638] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.402849] kthread+0x361/0x420 [ 3772.403624] ? set_kthread_struct+0x110/0x110 [ 3772.404788] ret_from_fork+0x1f/0x30 [ 3772.405727] [ 3772.406099] Allocated by task 117952: [ 3772.406971] kasan_save_stack+0x1e/0x50 [ 3772.407884] __kasan_kmalloc+0x81/0xa0 [ 3772.408778] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.410048] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.411199] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.412629] kthread+0x361/0x420 [ 3772.413400] ret_from_fork+0x1f/0x30 [ 3772.414308] [ 3772.414700] The buggy address belongs to the object at ffff88806a556820 [ 3772.414700] which belongs to the cache kmalloc-16 of size 16 [ 3772.417742] The buggy address is located 8 bytes inside of [ 3772.417742] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.420455] The buggy address belongs to the page: [ 3772.421576] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.423734] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.425467] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.427373] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.429170] page dumped because: kasan: bad access detected [ 3772.430478] [ 3772.430847] Memory state around the buggy address: [ 3772.431978] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.433658] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.435343] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.437138] ^ [ 3772.438249] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.440102] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.441897] ================================================================== [ 3772.443771] ================================================================== [ 3772.445649] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3772.448057] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.450047] [ 3772.450449] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.453717] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.455061] Call Trace: [ 3772.455657] dump_stack_lvl+0x57/0x81 [ 3772.456527] print_address_description.constprop.0+0x1f/0x140 [ 3772.457877] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3772.459534] __kasan_report.cold+0x7f/0x122 [ 3772.460590] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3772.462299] kasan_report+0x38/0x50 [ 3772.463125] kasan_check_range+0xfd/0x1e0 [ 3772.464078] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3772.465730] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.467063] ? pick_next_task_fair+0x46a/0xe50 [ 3772.468238] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.469375] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.470508] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.471968] ? rcu_read_lock_held+0x50/0x50 [ 3772.473079] ? trace_kmalloc+0x3c/0x100 [ 3772.474097] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.475342] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.476766] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.478682] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.480007] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.481339] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.482616] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.483882] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.485443] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.486794] kthread+0x361/0x420 [ 3772.487655] ? set_kthread_struct+0x110/0x110 [ 3772.488811] ret_from_fork+0x1f/0x30 [ 3772.489775] [ 3772.490189] Allocated by task 117952: [ 3772.491160] kasan_save_stack+0x1e/0x50 [ 3772.492178] __kasan_kmalloc+0x81/0xa0 [ 3772.493173] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.494594] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.495879] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.497476] kthread+0x361/0x420 [ 3772.498340] ret_from_fork+0x1f/0x30 [ 3772.499292] [ 3772.499706] The buggy address belongs to the object at ffff88806a556820 [ 3772.499706] which belongs to the cache kmalloc-16 of size 16 [ 3772.502899] The buggy address is located 8 bytes inside of [ 3772.502899] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.505868] The buggy address belongs to the page: [ 3772.507105] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.509465] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.511155] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.512952] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.514943] page dumped because: kasan: bad access detected [ 3772.516393] [ 3772.516765] Memory state around the buggy address: [ 3772.518044] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.519860] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.521743] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.523451] ^ [ 3772.524517] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.526367] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.528047] ================================================================== [ 3772.529743] ================================================================== [ 3772.531516] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3772.533750] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.535530] [ 3772.535901] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.539248] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.540742] Call Trace: [ 3772.541334] dump_stack_lvl+0x57/0x81 [ 3772.542324] print_address_description.constprop.0+0x1f/0x140 [ 3772.543826] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3772.545452] __kasan_report.cold+0x7f/0x122 [ 3772.546444] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3772.547986] kasan_report+0x38/0x50 [ 3772.548894] kasan_check_range+0xfd/0x1e0 [ 3772.549958] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3772.551597] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.552924] ? pick_next_task_fair+0x46a/0xe50 [ 3772.554098] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.555218] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.556355] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.557659] ? rcu_read_lock_held+0x50/0x50 [ 3772.558647] ? trace_kmalloc+0x3c/0x100 [ 3772.559620] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.560861] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.562284] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.564208] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.565697] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.567033] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.568325] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.569631] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.571062] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.572283] kthread+0x361/0x420 [ 3772.573051] ? set_kthread_struct+0x110/0x110 [ 3772.574219] ret_from_fork+0x1f/0x30 [ 3772.575118] [ 3772.575495] Allocated by task 117952: [ 3772.576361] kasan_save_stack+0x1e/0x50 [ 3772.577274] __kasan_kmalloc+0x81/0xa0 [ 3772.578164] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.579442] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.580676] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.582269] kthread+0x361/0x420 [ 3772.583129] ret_from_fork+0x1f/0x30 [ 3772.584041] [ 3772.584448] The buggy address belongs to the object at ffff88806a556820 [ 3772.584448] which belongs to the cache kmalloc-16 of size 16 [ 3772.587450] The buggy address is located 8 bytes inside of [ 3772.587450] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.590269] The buggy address belongs to the page: [ 3772.591395] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.593727] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.595527] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.597536] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.599547] page dumped because: kasan: bad access detected [ 3772.601008] [ 3772.601385] Memory state around the buggy address: [ 3772.602512] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.604197] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.605901] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.607717] ^ [ 3772.608781] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.610464] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.612141] ================================================================== [ 3772.613831] ================================================================== [ 3772.615520] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3772.617678] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.619460] [ 3772.619831] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.623095] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.624443] Call Trace: [ 3772.625029] dump_stack_lvl+0x57/0x81 [ 3772.625902] print_address_description.constprop.0+0x1f/0x140 [ 3772.627259] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3772.628803] __kasan_report.cold+0x7f/0x122 [ 3772.629791] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3772.631451] kasan_report+0x38/0x50 [ 3772.632289] kasan_check_range+0xfd/0x1e0 [ 3772.633232] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3772.634743] ? kasan_test_init+0x40/0x40 [test_kasan] [ 3772.635934] ? pick_next_task_fair+0x46a/0xe50 [ 3772.636975] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.638024] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.639033] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.640431] ? rcu_read_lock_held+0x50/0x50 [ 3772.641491] ? trace_kmalloc+0x3c/0x100 [ 3772.644497] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.645629] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3772.646908] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.648638] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.649967] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.651159] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.652315] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.653501] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.654923] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.656131] kthread+0x361/0x420 [ 3772.656900] ? set_kthread_struct+0x110/0x110 [ 3772.657932] ret_from_fork+0x1f/0x30 [ 3772.658793] [ 3772.659166] Allocated by task 117952: [ 3772.660046] kasan_save_stack+0x1e/0x50 [ 3772.660957] __kasan_kmalloc+0x81/0xa0 [ 3772.661937] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.663355] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.664635] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.666225] kthread+0x361/0x420 [ 3772.667085] ret_from_fork+0x1f/0x30 [ 3772.668040] [ 3772.668459] The buggy address belongs to the object at ffff88806a556820 [ 3772.668459] which belongs to the cache kmalloc-16 of size 16 [ 3772.671641] The buggy address is located 8 bytes inside of [ 3772.671641] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.674599] The buggy address belongs to the page: [ 3772.675856] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.678276] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.680069] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.682085] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.684096] page dumped because: kasan: bad access detected [ 3772.685559] [ 3772.685973] Memory state around the buggy address: [ 3772.687230] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.689112] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.690982] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.692860] ^ [ 3772.694051] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.695928] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.697809] ================================================================== [ 3772.699749] ================================================================== [ 3772.701632] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3772.704213] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.706211] [ 3772.706630] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.710287] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.711786] Call Trace: [ 3772.712458] dump_stack_lvl+0x57/0x81 [ 3772.713438] print_address_description.constprop.0+0x1f/0x140 [ 3772.714941] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3772.716840] __kasan_report.cold+0x7f/0x122 [ 3772.717947] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3772.719856] kasan_report+0x38/0x50 [ 3772.720784] kasan_check_range+0xfd/0x1e0 [ 3772.721844] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3772.723708] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3772.725407] ? pick_next_task_fair+0x46a/0xe50 [ 3772.726456] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.727615] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.728689] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.729996] ? rcu_read_lock_held+0x50/0x50 [ 3772.731047] ? trace_kmalloc+0x3c/0x100 [ 3772.732052] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.733285] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3772.734596] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.736320] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.737642] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.738836] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.739987] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.741169] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.742602] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.743807] kthread+0x361/0x420 [ 3772.744582] ? set_kthread_struct+0x110/0x110 [ 3772.745620] ret_from_fork+0x1f/0x30 [ 3772.746489] [ 3772.746856] Allocated by task 117952: [ 3772.747725] kasan_save_stack+0x1e/0x50 [ 3772.748640] __kasan_kmalloc+0x81/0xa0 [ 3772.749537] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.750812] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.751969] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.753509] kthread+0x361/0x420 [ 3772.754369] ret_from_fork+0x1f/0x30 [ 3772.755245] [ 3772.755616] The buggy address belongs to the object at ffff88806a556820 [ 3772.755616] which belongs to the cache kmalloc-16 of size 16 [ 3772.758486] The buggy address is located 8 bytes inside of [ 3772.758486] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.761150] The buggy address belongs to the page: [ 3772.762309] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.764640] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.766279] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.768301] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.770255] page dumped because: kasan: bad access detected [ 3772.771658] [ 3772.772074] Memory state around the buggy address: [ 3772.773336] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.775214] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.777093] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.778968] ^ [ 3772.780101] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.781919] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.783762] ================================================================== [ 3772.785615] ================================================================== [ 3772.787513] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3772.790136] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.792138] [ 3772.792558] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.796219] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.797610] Call Trace: [ 3772.798202] dump_stack_lvl+0x57/0x81 [ 3772.799193] print_address_description.constprop.0+0x1f/0x140 [ 3772.800690] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3772.802455] __kasan_report.cold+0x7f/0x122 [ 3772.803566] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3772.805498] kasan_report+0x38/0x50 [ 3772.806427] kasan_check_range+0xfd/0x1e0 [ 3772.807493] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3772.809387] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3772.811117] ? pick_next_task_fair+0x46a/0xe50 [ 3772.812170] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.813342] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.814398] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.815793] ? rcu_read_lock_held+0x50/0x50 [ 3772.816901] ? trace_kmalloc+0x3c/0x100 [ 3772.817920] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.819165] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3772.820519] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.822439] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.823925] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.825264] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.826550] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.827877] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.829472] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.830823] kthread+0x361/0x420 [ 3772.831678] ? set_kthread_struct+0x110/0x110 [ 3772.832830] ret_from_fork+0x1f/0x30 [ 3772.833791] [ 3772.834209] Allocated by task 117952: [ 3772.835179] kasan_save_stack+0x1e/0x50 [ 3772.836198] __kasan_kmalloc+0x81/0xa0 [ 3772.837197] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.838614] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.839897] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.841499] kthread+0x361/0x420 [ 3772.842360] ret_from_fork+0x1f/0x30 [ 3772.843309] [ 3772.843717] The buggy address belongs to the object at ffff88806a556820 [ 3772.843717] which belongs to the cache kmalloc-16 of size 16 [ 3772.846913] The buggy address is located 8 bytes inside of [ 3772.846913] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.849897] The buggy address belongs to the page: [ 3772.851166] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.853583] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.855389] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.857410] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.859437] page dumped because: kasan: bad access detected [ 3772.860904] [ 3772.861329] Memory state around the buggy address: [ 3772.862599] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.864492] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.866375] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.868266] ^ [ 3772.869468] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.871359] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.873246] ================================================================== [ 3772.875140] ================================================================== [ 3772.877026] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3772.879648] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.881647] [ 3772.882062] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.885732] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.887244] Call Trace: [ 3772.887906] dump_stack_lvl+0x57/0x81 [ 3772.888885] print_address_description.constprop.0+0x1f/0x140 [ 3772.890295] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3772.892022] __kasan_report.cold+0x7f/0x122 [ 3772.893069] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3772.894937] kasan_report+0x38/0x50 [ 3772.895771] kasan_check_range+0xfd/0x1e0 [ 3772.896728] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3772.898414] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3772.899959] ? pick_next_task_fair+0x46a/0xe50 [ 3772.901014] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.902169] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.903305] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.904772] ? rcu_read_lock_held+0x50/0x50 [ 3772.905905] ? trace_kmalloc+0x3c/0x100 [ 3772.906914] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.908155] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3772.909600] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.911530] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.913012] ? kunit_add_resource+0x197/0x280 [kunit] [ 3772.914352] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.915640] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3772.916978] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.918588] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3772.919942] kthread+0x361/0x420 [ 3772.920812] ? set_kthread_struct+0x110/0x110 [ 3772.921968] ret_from_fork+0x1f/0x30 [ 3772.922928] [ 3772.923342] Allocated by task 117952: [ 3772.924313] kasan_save_stack+0x1e/0x50 [ 3772.925330] __kasan_kmalloc+0x81/0xa0 [ 3772.926319] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3772.927739] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3772.929023] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3772.930611] kthread+0x361/0x420 [ 3772.931473] ret_from_fork+0x1f/0x30 [ 3772.932424] [ 3772.932839] The buggy address belongs to the object at ffff88806a556820 [ 3772.932839] which belongs to the cache kmalloc-16 of size 16 [ 3772.936018] The buggy address is located 8 bytes inside of [ 3772.936018] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3772.938905] The buggy address belongs to the page: [ 3772.940141] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3772.942532] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3772.944325] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3772.946185] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3772.948130] page dumped because: kasan: bad access detected [ 3772.949598] [ 3772.950011] Memory state around the buggy address: [ 3772.951235] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.952882] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3772.954508] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3772.956163] ^ [ 3772.957346] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3772.959003] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3772.960814] ================================================================== [ 3772.962680] ================================================================== [ 3772.964560] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3772.967178] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3772.969150] [ 3772.969568] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3772.972925] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3772.974378] Call Trace: [ 3772.975032] dump_stack_lvl+0x57/0x81 [ 3772.975877] print_address_description.constprop.0+0x1f/0x140 [ 3772.977337] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3772.979229] __kasan_report.cold+0x7f/0x122 [ 3772.980204] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3772.981990] kasan_report+0x38/0x50 [ 3772.982917] kasan_check_range+0xfd/0x1e0 [ 3772.983985] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3772.985736] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3772.987287] ? pick_next_task_fair+0x46a/0xe50 [ 3772.988340] ? kunit_kfree+0x200/0x200 [kunit] [ 3772.989395] ? fs_reclaim_acquire+0xb7/0x160 [ 3772.990394] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3772.991658] ? rcu_read_lock_held+0x50/0x50 [ 3772.992612] ? trace_kmalloc+0x3c/0x100 [ 3772.993599] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3772.994817] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3772.996233] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3772.998157] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3772.999649] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.000898] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.002059] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.003325] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.004925] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.006289] kthread+0x361/0x420 [ 3773.007139] ? set_kthread_struct+0x110/0x110 [ 3773.008266] ret_from_fork+0x1f/0x30 [ 3773.009195] [ 3773.009607] Allocated by task 117952: [ 3773.010505] kasan_save_stack+0x1e/0x50 [ 3773.011389] __kasan_kmalloc+0x81/0xa0 [ 3773.012281] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3773.013607] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.014861] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.016452] kthread+0x361/0x420 [ 3773.017316] ret_from_fork+0x1f/0x30 [ 3773.018269] [ 3773.018685] The buggy address belongs to the object at ffff88806a556820 [ 3773.018685] which belongs to the cache kmalloc-16 of size 16 [ 3773.021878] The buggy address is located 8 bytes inside of [ 3773.021878] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3773.024852] The buggy address belongs to the page: [ 3773.026105] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.028467] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.030229] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.032201] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.034230] page dumped because: kasan: bad access detected [ 3773.035689] [ 3773.036104] Memory state around the buggy address: [ 3773.037369] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.039250] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3773.041121] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3773.043003] ^ [ 3773.044110] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.045795] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3773.047426] ================================================================== [ 3773.049060] ================================================================== [ 3773.050704] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3773.053025] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3773.054796] [ 3773.055168] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.058513] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.059952] Call Trace: [ 3773.060531] dump_stack_lvl+0x57/0x81 [ 3773.061405] print_address_description.constprop.0+0x1f/0x140 [ 3773.062873] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3773.064618] __kasan_report.cold+0x7f/0x122 [ 3773.065603] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3773.067475] kasan_report+0x38/0x50 [ 3773.068405] kasan_check_range+0xfd/0x1e0 [ 3773.069564] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3773.071454] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3773.073183] ? pick_next_task_fair+0x46a/0xe50 [ 3773.074365] ? kunit_kfree+0x200/0x200 [kunit] [ 3773.075537] ? fs_reclaim_acquire+0xb7/0x160 [ 3773.076675] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.078139] ? rcu_read_lock_held+0x50/0x50 [ 3773.079237] ? trace_kmalloc+0x3c/0x100 [ 3773.080234] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3773.081465] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3773.082888] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3773.084821] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3773.086303] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.087633] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.088919] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.090248] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.091830] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.093110] kthread+0x361/0x420 [ 3773.093885] ? set_kthread_struct+0x110/0x110 [ 3773.094910] ret_from_fork+0x1f/0x30 [ 3773.095804] [ 3773.096226] Allocated by task 117952: [ 3773.097186] kasan_save_stack+0x1e/0x50 [ 3773.098100] __kasan_kmalloc+0x81/0xa0 [ 3773.098983] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3773.100240] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.101528] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.102908] kthread+0x361/0x420 [ 3773.103671] ret_from_fork+0x1f/0x30 [ 3773.104521] [ 3773.104891] The buggy address belongs to the object at ffff88806a556820 [ 3773.104891] which belongs to the cache kmalloc-16 of size 16 [ 3773.107730] The buggy address is located 8 bytes inside of [ 3773.107730] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3773.110383] The buggy address belongs to the page: [ 3773.111508] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.113599] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.115156] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.116922] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.118713] page dumped because: kasan: bad access detected [ 3773.120010] [ 3773.120385] Memory state around the buggy address: [ 3773.121510] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.123190] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3773.124861] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3773.126540] ^ [ 3773.127607] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.129261] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3773.130888] ================================================================== [ 3773.132543] ================================================================== [ 3773.134322] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3773.136779] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3773.138559] [ 3773.138930] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.142185] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.143525] Call Trace: [ 3773.144117] dump_stack_lvl+0x57/0x81 [ 3773.145044] print_address_description.constprop.0+0x1f/0x140 [ 3773.146551] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3773.148411] __kasan_report.cold+0x7f/0x122 [ 3773.149484] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3773.151327] kasan_report+0x38/0x50 [ 3773.152250] kasan_check_range+0xfd/0x1e0 [ 3773.153315] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3773.155067] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3773.156607] ? pick_next_task_fair+0x46a/0xe50 [ 3773.157738] ? kunit_kfree+0x200/0x200 [kunit] [ 3773.158859] ? fs_reclaim_acquire+0xb7/0x160 [ 3773.159866] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.161319] ? rcu_read_lock_held+0x50/0x50 [ 3773.162394] ? trace_kmalloc+0x3c/0x100 [ 3773.163384] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3773.164589] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3773.165981] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3773.167828] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3773.169163] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.170352] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.171510] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.172703] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.174135] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.175460] kthread+0x361/0x420 [ 3773.176327] ? set_kthread_struct+0x110/0x110 [ 3773.179517] ret_from_fork+0x1f/0x30 [ 3773.180352] [ 3773.180711] Allocated by task 117952: [ 3773.181555] kasan_save_stack+0x1e/0x50 [ 3773.182475] __kasan_kmalloc+0x81/0xa0 [ 3773.183452] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3773.184749] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.185990] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.187492] kthread+0x361/0x420 [ 3773.188267] ret_from_fork+0x1f/0x30 [ 3773.189116] [ 3773.189491] The buggy address belongs to the object at ffff88806a556820 [ 3773.189491] which belongs to the cache kmalloc-16 of size 16 [ 3773.192498] The buggy address is located 8 bytes inside of [ 3773.192498] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3773.195402] The buggy address belongs to the page: [ 3773.196658] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.199055] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.200816] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.202790] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.204784] page dumped because: kasan: bad access detected [ 3773.206242] [ 3773.206655] Memory state around the buggy address: [ 3773.207905] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.209789] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3773.211661] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3773.213509] ^ [ 3773.214662] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.216506] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3773.218350] ================================================================== [ 3773.220273] ================================================================== [ 3773.222150] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3773.224766] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3773.226716] [ 3773.227087] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.230352] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.231689] Call Trace: [ 3773.232274] dump_stack_lvl+0x57/0x81 [ 3773.233217] print_address_description.constprop.0+0x1f/0x140 [ 3773.234659] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3773.236586] __kasan_report.cold+0x7f/0x122 [ 3773.237699] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3773.239616] kasan_report+0x38/0x50 [ 3773.240488] kasan_check_range+0xfd/0x1e0 [ 3773.241556] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3773.243437] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3773.245161] ? pick_next_task_fair+0x46a/0xe50 [ 3773.246336] ? kunit_kfree+0x200/0x200 [kunit] [ 3773.247509] ? fs_reclaim_acquire+0xb7/0x160 [ 3773.248642] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.250098] ? rcu_read_lock_held+0x50/0x50 [ 3773.251215] ? trace_kmalloc+0x3c/0x100 [ 3773.252235] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3773.253483] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3773.254923] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3773.256857] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3773.258345] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.259555] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.260861] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.262071] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.263499] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.264806] kthread+0x361/0x420 [ 3773.265647] ? set_kthread_struct+0x110/0x110 [ 3773.266676] ret_from_fork+0x1f/0x30 [ 3773.267538] [ 3773.267909] Allocated by task 117952: [ 3773.268773] kasan_save_stack+0x1e/0x50 [ 3773.269688] __kasan_kmalloc+0x81/0xa0 [ 3773.270575] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3773.271837] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.272988] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.274417] kthread+0x361/0x420 [ 3773.275183] ret_from_fork+0x1f/0x30 [ 3773.276035] [ 3773.276410] The buggy address belongs to the object at ffff88806a556820 [ 3773.276410] which belongs to the cache kmalloc-16 of size 16 [ 3773.279267] The buggy address is located 8 bytes inside of [ 3773.279267] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3773.282195] The buggy address belongs to the page: [ 3773.283462] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.285877] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.287617] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.289419] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.291211] page dumped because: kasan: bad access detected [ 3773.292508] [ 3773.292931] Memory state around the buggy address: [ 3773.294193] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.295992] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3773.297874] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3773.299755] ^ [ 3773.300953] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.302833] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3773.304724] ================================================================== [ 3773.306521] ================================================================== [ 3773.308204] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3773.310812] Read of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3773.312783] [ 3773.313205] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.316893] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.318396] Call Trace: [ 3773.319058] dump_stack_lvl+0x57/0x81 [ 3773.320033] print_address_description.constprop.0+0x1f/0x140 [ 3773.321545] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3773.323474] __kasan_report.cold+0x7f/0x122 [ 3773.324590] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3773.326532] kasan_report+0x38/0x50 [ 3773.327463] kasan_check_range+0xfd/0x1e0 [ 3773.328531] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3773.330417] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3773.332138] ? pick_next_task_fair+0x46a/0xe50 [ 3773.333321] ? kunit_kfree+0x200/0x200 [kunit] [ 3773.334497] ? fs_reclaim_acquire+0xb7/0x160 [ 3773.335630] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.337085] ? rcu_read_lock_held+0x50/0x50 [ 3773.338192] ? trace_kmalloc+0x3c/0x100 [ 3773.339216] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3773.340464] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3773.341909] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3773.343839] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3773.345328] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.346663] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.347947] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.349292] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.350883] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.352238] kthread+0x361/0x420 [ 3773.353097] ? set_kthread_struct+0x110/0x110 [ 3773.354254] ret_from_fork+0x1f/0x30 [ 3773.355213] [ 3773.355628] Allocated by task 117952: [ 3773.356597] kasan_save_stack+0x1e/0x50 [ 3773.357612] __kasan_kmalloc+0x81/0xa0 [ 3773.358606] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3773.360022] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.361318] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.362906] kthread+0x361/0x420 [ 3773.363765] ret_from_fork+0x1f/0x30 [ 3773.364720] [ 3773.365135] The buggy address belongs to the object at ffff88806a556820 [ 3773.365135] which belongs to the cache kmalloc-16 of size 16 [ 3773.368325] The buggy address is located 8 bytes inside of [ 3773.368325] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3773.371288] The buggy address belongs to the page: [ 3773.372547] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.374959] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.376761] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.378775] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.380787] page dumped because: kasan: bad access detected [ 3773.382249] [ 3773.382663] Memory state around the buggy address: [ 3773.383921] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.385700] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3773.387581] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3773.389416] ^ [ 3773.390550] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.392360] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3773.394183] ================================================================== [ 3773.396093] ================================================================== [ 3773.397984] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3773.400640] Read of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3773.402598] [ 3773.402969] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.406487] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.408005] Call Trace: [ 3773.408670] dump_stack_lvl+0x57/0x81 [ 3773.409648] print_address_description.constprop.0+0x1f/0x140 [ 3773.411147] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3773.413018] __kasan_report.cold+0x7f/0x122 [ 3773.414099] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3773.415985] kasan_report+0x38/0x50 [ 3773.416818] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3773.418555] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3773.420222] ? pick_next_task_fair+0x46a/0xe50 [ 3773.421296] ? kunit_kfree+0x200/0x200 [kunit] [ 3773.422471] ? fs_reclaim_acquire+0xb7/0x160 [ 3773.423606] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.425073] ? rcu_read_lock_held+0x50/0x50 [ 3773.426182] ? trace_kmalloc+0x3c/0x100 [ 3773.427209] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3773.428453] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3773.429898] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3773.431806] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3773.433168] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.434501] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.435774] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.436957] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.438536] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.439763] kthread+0x361/0x420 [ 3773.440583] ? set_kthread_struct+0x110/0x110 [ 3773.441698] ret_from_fork+0x1f/0x30 [ 3773.442556] [ 3773.442929] Allocated by task 117952: [ 3773.443798] kasan_save_stack+0x1e/0x50 [ 3773.444711] __kasan_kmalloc+0x81/0xa0 [ 3773.445666] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3773.446934] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.448119] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.449547] kthread+0x361/0x420 [ 3773.450315] ret_from_fork+0x1f/0x30 [ 3773.451162] [ 3773.451544] The buggy address belongs to the object at ffff88806a556820 [ 3773.451544] which belongs to the cache kmalloc-16 of size 16 [ 3773.454595] The buggy address is located 8 bytes inside of [ 3773.454595] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3773.457335] The buggy address belongs to the page: [ 3773.458448] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.460674] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.462475] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.464363] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.466296] page dumped because: kasan: bad access detected [ 3773.467686] [ 3773.468100] Memory state around the buggy address: [ 3773.469367] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.471247] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3773.473132] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3773.475013] ^ [ 3773.476211] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.478084] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3773.479955] ================================================================== [ 3773.481852] ================================================================== [ 3773.483734] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3773.486360] Write of size 8 at addr ffff88806a556828 by task kunit_try_catch/117952 [ 3773.488350] [ 3773.488766] CPU: 0 PID: 117952 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.492432] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.493931] Call Trace: [ 3773.494598] dump_stack_lvl+0x57/0x81 [ 3773.495574] print_address_description.constprop.0+0x1f/0x140 [ 3773.497084] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3773.499014] __kasan_report.cold+0x7f/0x122 [ 3773.500122] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3773.502047] kasan_report+0x38/0x50 [ 3773.502974] kasan_check_range+0xfd/0x1e0 [ 3773.504038] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3773.505928] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3773.507647] ? pick_next_task_fair+0x46a/0xe50 [ 3773.508700] ? kunit_kfree+0x200/0x200 [kunit] [ 3773.509846] ? fs_reclaim_acquire+0xb7/0x160 [ 3773.510943] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.512262] ? rcu_read_lock_held+0x50/0x50 [ 3773.513279] ? trace_kmalloc+0x3c/0x100 [ 3773.514297] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3773.515441] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3773.516736] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3773.518634] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3773.520117] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.521452] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.522736] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.524061] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.525669] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.527022] kthread+0x361/0x420 [ 3773.527884] ? set_kthread_struct+0x110/0x110 [ 3773.529036] ret_from_fork+0x1f/0x30 [ 3773.529999] [ 3773.530417] Allocated by task 117952: [ 3773.531386] kasan_save_stack+0x1e/0x50 [ 3773.532320] __kasan_kmalloc+0x81/0xa0 [ 3773.533206] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3773.534467] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.535615] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.537043] kthread+0x361/0x420 [ 3773.537808] ret_from_fork+0x1f/0x30 [ 3773.538659] [ 3773.539028] The buggy address belongs to the object at ffff88806a556820 [ 3773.539028] which belongs to the cache kmalloc-16 of size 16 [ 3773.541872] The buggy address is located 8 bytes inside of [ 3773.541872] 16-byte region [ffff88806a556820, ffff88806a556830) [ 3773.544532] The buggy address belongs to the page: [ 3773.545651] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.547807] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.549588] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.551472] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.553266] page dumped because: kasan: bad access detected [ 3773.554731] [ 3773.555145] Memory state around the buggy address: [ 3773.556318] ffff88806a556700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.557993] ffff88806a556780: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc [ 3773.559668] >ffff88806a556800: fa fb fc fc 00 01 fc fc 00 00 fc fc fa fb fc fc [ 3773.561350] ^ [ 3773.562409] ffff88806a556880: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3773.564169] ffff88806a556900: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 3773.566062] ================================================================== [ 3773.575333] ok 45 - kasan_bitops_generic [ 3773.583980] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3773.592573] ================================================================== [ 3773.596366] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.598338] Read of size 1 at addr ffff88806a556200 by task kunit_try_catch/117954 [ 3773.600308] [ 3773.600681] CPU: 0 PID: 117954 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.604207] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.605549] Call Trace: [ 3773.606139] dump_stack_lvl+0x57/0x81 [ 3773.607127] print_address_description.constprop.0+0x1f/0x140 [ 3773.608559] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.610061] __kasan_report.cold+0x7f/0x122 [ 3773.611167] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.612674] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.614186] kasan_report+0x38/0x50 [ 3773.615108] __kasan_check_byte+0x36/0x50 [ 3773.616169] kfree_sensitive+0x1b/0x60 [ 3773.617169] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.618635] ? vmalloc_oob+0x280/0x280 [test_kasan] [ 3773.619917] ? do_raw_spin_trylock+0xb5/0x180 [ 3773.621072] ? do_raw_spin_lock+0x270/0x270 [ 3773.622182] ? rcu_read_lock_sched_held+0x12/0x80 [ 3773.623417] ? lock_acquire+0x228/0x2d0 [ 3773.624431] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3773.625740] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.627200] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.628530] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.629810] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.631138] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.632738] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.634086] kthread+0x361/0x420 [ 3773.634938] ? set_kthread_struct+0x110/0x110 [ 3773.636082] ret_from_fork+0x1f/0x30 [ 3773.637044] [ 3773.637461] Allocated by task 117954: [ 3773.638392] kasan_save_stack+0x1e/0x50 [ 3773.639301] __kasan_kmalloc+0x81/0xa0 [ 3773.640192] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 3773.641477] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.642622] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.644043] kthread+0x361/0x420 [ 3773.644815] ret_from_fork+0x1f/0x30 [ 3773.645664] [ 3773.646033] Freed by task 117954: [ 3773.646824] kasan_save_stack+0x1e/0x50 [ 3773.647731] kasan_set_track+0x21/0x30 [ 3773.648619] kasan_set_free_info+0x20/0x40 [ 3773.649583] __kasan_slab_free+0xec/0x120 [ 3773.650530] slab_free_freelist_hook+0xa3/0x1d0 [ 3773.651599] kfree+0xdc/0x4e0 [ 3773.652310] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 3773.653620] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.654774] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.656207] kthread+0x361/0x420 [ 3773.656971] ret_from_fork+0x1f/0x30 [ 3773.657822] [ 3773.658196] The buggy address belongs to the object at ffff88806a556200 [ 3773.658196] which belongs to the cache kmalloc-16 of size 16 [ 3773.661321] The buggy address is located 0 bytes inside of [ 3773.661321] 16-byte region [ffff88806a556200, ffff88806a556210) [ 3773.664255] The buggy address belongs to the page: [ 3773.665511] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.667890] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.669615] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.671632] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.673640] page dumped because: kasan: bad access detected [ 3773.675095] [ 3773.675513] Memory state around the buggy address: [ 3773.676771] ffff88806a556100: fa fb fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 3773.678645] ffff88806a556180: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 3773.680521] >ffff88806a556200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3773.682401] ^ [ 3773.683265] ffff88806a556280: 00 00 fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 3773.685137] ffff88806a556300: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3773.687014] ================================================================== [ 3773.688954] ================================================================== [ 3773.690838] BUG: KASAN: double-free or invalid-free in kfree+0xdc/0x4e0 [ 3773.692563] [ 3773.692979] CPU: 0 PID: 117954 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.696637] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.698144] Call Trace: [ 3773.698807] dump_stack_lvl+0x57/0x81 [ 3773.699789] print_address_description.constprop.0+0x1f/0x140 [ 3773.701303] ? kfree+0xdc/0x4e0 [ 3773.702145] kasan_report_invalid_free+0x70/0xa0 [ 3773.703372] ? kfree+0xdc/0x4e0 [ 3773.704213] __kasan_slab_free+0x108/0x120 [ 3773.705297] slab_free_freelist_hook+0xa3/0x1d0 [ 3773.706497] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.708006] kfree+0xdc/0x4e0 [ 3773.708808] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.710328] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3773.711783] ? vmalloc_oob+0x280/0x280 [test_kasan] [ 3773.715211] ? do_raw_spin_trylock+0xb5/0x180 [ 3773.716241] ? do_raw_spin_lock+0x270/0x270 [ 3773.717232] ? rcu_read_lock_sched_held+0x12/0x80 [ 3773.718344] ? lock_acquire+0x228/0x2d0 [ 3773.719257] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3773.720427] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.721735] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.723008] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.724300] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.725515] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.726933] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.728141] kthread+0x361/0x420 [ 3773.728912] ? set_kthread_struct+0x110/0x110 [ 3773.729938] ret_from_fork+0x1f/0x30 [ 3773.730798] [ 3773.731175] Allocated by task 117954: [ 3773.732038] kasan_save_stack+0x1e/0x50 [ 3773.732947] __kasan_kmalloc+0x81/0xa0 [ 3773.733836] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 3773.735121] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.736268] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.737692] kthread+0x361/0x420 [ 3773.738460] ret_from_fork+0x1f/0x30 [ 3773.739312] [ 3773.739683] Freed by task 117954: [ 3773.740472] kasan_save_stack+0x1e/0x50 [ 3773.741381] kasan_set_track+0x21/0x30 [ 3773.742272] kasan_set_free_info+0x20/0x40 [ 3773.743244] __kasan_slab_free+0xec/0x120 [ 3773.744193] slab_free_freelist_hook+0xa3/0x1d0 [ 3773.745259] kfree+0xdc/0x4e0 [ 3773.745966] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 3773.747274] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.748422] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.749847] kthread+0x361/0x420 [ 3773.750620] ret_from_fork+0x1f/0x30 [ 3773.751474] [ 3773.751843] The buggy address belongs to the object at ffff88806a556200 [ 3773.751843] which belongs to the cache kmalloc-16 of size 16 [ 3773.754702] The buggy address is located 0 bytes inside of [ 3773.754702] 16-byte region [ffff88806a556200, ffff88806a556210) [ 3773.757620] The buggy address belongs to the page: [ 3773.758875] page:0000000071dbe01b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a556 [ 3773.761284] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3773.763068] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8880010413c0 [ 3773.765072] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3773.767080] page dumped because: kasan: bad access detected [ 3773.768536] [ 3773.768952] Memory state around the buggy address: [ 3773.770209] ffff88806a556100: fa fb fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 3773.772085] ffff88806a556180: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 3773.773966] >ffff88806a556200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3773.775833] ^ [ 3773.776690] ffff88806a556280: 00 00 fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 3773.778563] ffff88806a556300: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3773.780440] ================================================================== [ 3773.782421] ok 47 - kmalloc_double_kzfree [ 3773.788077] ================================================================== [ 3773.791155] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x271/0x280 [test_kasan] [ 3773.793203] Read of size 1 at addr ffffc90000b86c1c by task kunit_try_catch/117955 [ 3773.795182] [ 3773.795599] CPU: 0 PID: 117955 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-168.mr1400_220927_1633.el9.x86_64+debug #1 [ 3773.799268] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3773.800770] Call Trace: [ 3773.801438] dump_stack_lvl+0x57/0x81 [ 3773.802417] print_address_description.constprop.0+0x1f/0x140 [ 3773.803923] ? vmalloc_oob+0x271/0x280 [test_kasan] [ 3773.805135] __kasan_report.cold+0x7f/0x122 [ 3773.806256] ? vmalloc_oob+0x271/0x280 [test_kasan] [ 3773.807544] kasan_report+0x38/0x50 [ 3773.808472] vmalloc_oob+0x271/0x280 [test_kasan] [ 3773.809713] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 3773.811237] ? do_raw_spin_trylock+0xb5/0x180 [ 3773.812389] ? do_raw_spin_lock+0x270/0x270 [ 3773.813487] ? rcu_read_lock_sched_held+0x12/0x80 [ 3773.814721] ? lock_acquire+0x228/0x2d0 [ 3773.815739] ? kunit_add_resource+0xb4/0x280 [kunit] [ 3773.817047] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3773.818517] ? kunit_add_resource+0x197/0x280 [kunit] [ 3773.819849] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3773.821134] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3773.822472] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3773.824062] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3773.825419] kthread+0x361/0x420 [ 3773.826292] ? set_kthread_struct+0x110/0x110 [ 3773.827329] ret_from_fork+0x1f/0x30 [ 3773.828190] [ 3773.828611] [ 3773.829016] Memory state around the buggy address: [ 3773.830270] ffffc90000b86b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3773.831945] ffffc90000b86b80: 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 3773.833622] >ffffc90000b86c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 3773.835296] ^ [ 3773.836243] ffffc90000b86c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 3773.837926] ffffc90000b86d00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 3773.839609] ================================================================== [ 3774.032945] ok 48 - vmalloc_oob [ 3774.036821] ok 49 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3774.040779] ok 50 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3774.051078] ok 51 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3774.053102] ok 18 - kasan [ 3774.650152] # Subtest: linear-ranges-test [ 3774.650160] 1..4 [ 3774.667737] ok 1 - range_test_get_value_amount [ 3774.671792] ok 2 - range_test_get_selector_high [ 3774.678857] ok 3 - range_test_get_selector_low [ 3774.686228] ok 4 - range_test_get_value [ 3774.687525] ok 19 - linear-ranges-test [ 3774.875498] # Subtest: list_sort [ 3774.875507] 1..1 [ 3774.904425] ok 1 - list_sort_test [ 3774.905093] ok 20 - list_sort [ 3775.398081] # Subtest: time_test_cases [ 3775.398090] 1..1 [ 3780.779192] ok 1 - time64_to_tm_test_date_range [ 3780.782188] ok 21 - time_test_cases