[ 4164.024822] # Subtest: bitfields [ 4164.024838] 1..2 [ 4164.037904] ok 1 - test_bitfields_constants [ 4164.047972] ok 2 - test_bitfields_variables [ 4164.057990] ok 1 - bitfields [ 4164.870014] # Subtest: cmdline [ 4164.870030] 1..4 [ 4164.880765] ok 1 - cmdline_test_noint [ 4164.890606] ok 2 - cmdline_test_lead_int [ 4164.901048] ok 3 - cmdline_test_tail_int [ 4164.911391] ok 4 - cmdline_test_range [ 4164.920261] ok 2 - cmdline [ 4165.723192] # Subtest: ext4_inode_test [ 4165.723209] 1..1 [ 4165.733300] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits [ 4165.742390] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits [ 4165.754874] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits [ 4165.767264] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits [ 4165.779285] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on [ 4165.791235] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on [ 4165.802870] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on [ 4165.814316] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on [ 4165.825637] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on [ 4165.836953] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on [ 4165.848124] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on [ 4165.859313] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on [ 4165.870399] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns [ 4165.881363] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns [ 4165.897433] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on [ 4165.913378] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on [ 4165.927849] ok 1 - inode_test_xtimestamp_decoding [ 4165.942274] ok 3 - ext4_inode_test [ 4167.669104] # Subtest: kunit-try-catch-test [ 4167.669121] 1..2 [ 4167.677796] ok 1 - kunit_test_try_catch_successful_try_no_catch [ 4167.684929] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch [ 4167.692061] ok 4 - kunit-try-catch-test [ 4167.705584] # Subtest: kunit-resource-test [ 4167.705596] 1..7 [ 4167.712561] ok 1 - kunit_resource_test_init_resources [ 4167.718163] ok 2 - kunit_resource_test_alloc_resource [ 4167.725303] ok 3 - kunit_resource_test_destroy_resource [ 4167.732457] ok 4 - kunit_resource_test_cleanup_resources [ 4167.739556] ok 5 - kunit_resource_test_proper_free_ordering [ 4167.746544] ok 6 - kunit_resource_test_static [ 4167.753620] ok 7 - kunit_resource_test_named [ 4167.759109] ok 5 - kunit-resource-test [ 4167.770187] # Subtest: kunit-log-test [ 4167.770198] 1..1 [ 4167.776272] put this in log. [ 4167.780976] this too. [ 4167.785731] add to suite log. [ 4167.790121] along with this. [ 4167.794884] ok 1 - kunit_log_test [ 4167.799602] ok 6 - kunit-log-test [ 4167.810360] # Subtest: kunit_status [ 4167.810372] 1..2 [ 4167.816430] ok 1 - kunit_status_set_failure_test [ 4167.821775] ok 2 - kunit_status_mark_skipped_test [ 4167.827292] ok 7 - kunit_status [ 4168.341171] # Subtest: list-kunit-test [ 4168.341188] 1..36 [ 4168.348319] ok 1 - list_test_list_init [ 4168.353782] ok 2 - list_test_list_add [ 4168.359774] ok 3 - list_test_list_add_tail [ 4168.365618] ok 4 - list_test_list_del [ 4168.371668] ok 5 - list_test_list_replace [ 4168.377596] ok 6 - list_test_list_replace_init [ 4168.383663] ok 7 - list_test_list_swap [ 4168.389783] ok 8 - list_test_list_del_init [ 4168.395621] ok 9 - list_test_list_move [ 4168.401554] ok 10 - list_test_list_move_tail [ 4168.407238] ok 11 - list_test_list_bulk_move_tail [ 4168.413371] ok 12 - list_test_list_is_first [ 4168.419479] ok 13 - list_test_list_is_last [ 4168.425290] ok 14 - list_test_list_empty [ 4168.430556] ok 15 - list_test_list_empty_careful [ 4168.436233] ok 16 - list_test_list_rotate_left [ 4168.441562] ok 17 - list_test_list_rotate_to_front [ 4168.446669] ok 18 - list_test_list_is_singular [ 4168.452081] ok 19 - list_test_list_cut_position [ 4168.457399] ok 20 - list_test_list_cut_before [ 4168.462512] ok 21 - list_test_list_splice [ 4168.467516] ok 22 - list_test_list_splice_tail [ 4168.472370] ok 23 - list_test_list_splice_init [ 4168.481085] ok 24 - list_test_list_splice_tail_init [ 4168.486351] ok 25 - list_test_list_entry [ 4168.491555] ok 26 - list_test_list_first_entry [ 4168.496333] ok 27 - list_test_list_last_entry [ 4168.501261] ok 28 - list_test_list_first_entry_or_null [ 4168.506249] ok 29 - list_test_list_next_entry [ 4168.511511] ok 30 - list_test_list_prev_entry [ 4168.516352] ok 31 - list_test_list_for_each [ 4168.521386] ok 32 - list_test_list_for_each_prev [ 4168.526112] ok 33 - list_test_list_for_each_safe [ 4168.531443] ok 34 - list_test_list_for_each_prev_safe [ 4168.536293] ok 35 - list_test_list_for_each_entry [ 4168.541352] ok 36 - list_test_list_for_each_entry_reverse [ 4168.545305] ok 8 - list-kunit-test [ 4168.739528] # Subtest: memcpy [ 4168.739543] 1..3 [ 4168.747917] # memset_test: ok: memset() direct assignment [ 4168.754914] # memset_test: ok: memset() complete overwrite [ 4168.759166] # memset_test: ok: memset() middle overwrite [ 4168.763287] # memset_test: ok: memset() argument side-effects [ 4168.767621] # memset_test: ok: memset() memset_after() [ 4168.771680] # memset_test: ok: memset() memset_startat() [ 4168.776277] ok 1 - memset_test [ 4168.776680] # memcpy_test: ok: memcpy() static initializers [ 4168.784141] # memcpy_test: ok: memcpy() direct assignment [ 4168.788336] # memcpy_test: ok: memcpy() complete overwrite [ 4168.792581] # memcpy_test: ok: memcpy() middle overwrite [ 4168.796767] # memcpy_test: ok: memcpy() argument side-effects [ 4168.801415] ok 2 - memcpy_test [ 4168.801964] # memmove_test: ok: memmove() static initializers [ 4168.809656] # memmove_test: ok: memmove() direct assignment [ 4168.814045] # memmove_test: ok: memmove() complete overwrite [ 4168.818460] # memmove_test: ok: memmove() middle overwrite [ 4168.822809] # memmove_test: ok: memmove() argument side-effects [ 4168.827337] # memmove_test: ok: memmove() overlapping write [ 4168.831784] ok 3 - memmove_test [ 4168.831799] ok 9 - memcpy [ 4169.024633] # Subtest: mptcp-crypto [ 4169.024648] 1..1 [ 4169.029926] ok 1 - mptcp_crypto_test_basic [ 4169.032958] ok 10 - mptcp-crypto [ 4169.237667] # Subtest: mptcp-token [ 4169.237681] 1..4 [ 4169.243214] ok 1 - mptcp_token_test_req_basic [ 4169.247460] ok 2 - mptcp_token_test_msk_basic [ 4169.252689] ok 3 - mptcp_token_test_accept [ 4169.257818] ok 4 - mptcp_token_test_destroyed [ 4169.261889] ok 11 - mptcp-token [ 4169.762472] # Subtest: rational [ 4169.762487] 1..1 [ 4169.767712] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term [ 4169.772012] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term [ 4169.778683] # rational_test: ok 3 - Closest to zero [ 4169.785469] # rational_test: ok 4 - Closest to smallest non-zero [ 4169.791218] # rational_test: ok 5 - Use convergent [ 4169.797177] # rational_test: ok 6 - Exact answer [ 4169.802603] # rational_test: ok 7 - Semiconvergent, numerator limit [ 4169.808260] # rational_test: ok 8 - Semiconvergent, denominator limit [ 4169.813450] ok 1 - rational_test [ 4169.818646] ok 12 - rational [ 4170.021221] # Subtest: resource [ 4170.021237] 1..2 [ 4170.026782] ok 1 - resource_test_union [ 4170.031467] ok 2 - resource_test_intersection [ 4170.035705] ok 13 - resource [ 4170.251556] # Subtest: slub_test [ 4170.251570] 1..2 [ 4170.280849] ok 1 - test_clobber_zone [ 4170.299503] ok 2 - test_clobber_redzone_free [ 4170.303791] ok 14 - slub_test [ 4170.669406] # Subtest: snd_soc_tplg_test [ 4170.669424] 1..11 [ 4170.685129] ok 1 - snd_soc_tplg_test_load_with_null_comp [ 4170.691328] ok 2 - snd_soc_tplg_test_load_with_null_ops [ 4170.701691] ok 3 - snd_soc_tplg_test_load_with_null_fw [ 4170.708213] ok 4 - snd_soc_tplg_test_load_empty_tplg [ 4170.715072] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic [ 4170.722122] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi [ 4170.729398] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size [ 4170.736619] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size [ 4170.744164] ok 9 - snd_soc_tplg_test_load_pcm_tplg [ 4170.754089] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp [ 4170.764410] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4170.784048] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4170.854868] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4170.871170] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4170.908460] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4170.925934] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.024844] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.039103] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.077565] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.091480] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.160634] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.176280] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.220542] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.240966] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.293005] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.319335] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.358944] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.375568] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.431388] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.461832] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.510880] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.541229] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.587634] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.627508] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.667846] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.687687] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.745441] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.764070] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.804464] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.834903] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.881989] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.908842] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4171.967853] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4171.987682] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.060123] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.081247] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.161402] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.196866] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.243194] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.264694] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.345492] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.365099] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.431453] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.462978] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.527614] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.556462] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.609733] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.630872] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.704400] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.741958] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.798548] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.824367] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.880578] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.900098] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4172.941677] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4172.961248] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.038839] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.081504] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.140013] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.160413] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.210174] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.231780] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.298768] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.320244] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.397122] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.417104] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.486152] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.516483] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.594420] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.620255] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.683467] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.710188] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.774753] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.802373] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.850515] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.872740] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4173.923095] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4173.954792] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.000970] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.020886] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.073425] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.092769] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.148361] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.169516] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.238016] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.263263] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.301900] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.321504] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.362599] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.385965] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.426068] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.445674] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.505471] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.529856] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.584032] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.603356] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.667735] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.691384] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.733541] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.762467] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.815943] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.852380] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.904877] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4174.934118] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4174.990442] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.010448] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.087680] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.115577] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.177029] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.204417] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.268869] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.288817] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.342450] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.362764] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.439687] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.462183] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.531245] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.557505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.639792] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.669515] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.722433] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.748478] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.806381] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.832201] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.900544] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4175.929264] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4175.983644] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.010282] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.058096] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.079533] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.122167] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.144606] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.207107] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.229679] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.275032] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.293738] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.351412] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.378236] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.437441] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.457104] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.519011] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.538225] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.607904] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.648811] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.729653] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.749421] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.826899] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.857256] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.910535] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4176.934655] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4176.996254] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.025927] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.083040] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.108831] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.166943] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.192247] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.250916] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.270943] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.337692] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.359412] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.424952] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.447650] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.525184] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.549721] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.615252] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.635219] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.711312] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.733060] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.774459] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.802415] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.848803] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.876289] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4177.947501] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4177.967275] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.035756] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.060514] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.115608] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.137238] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.199724] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.234346] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.283474] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.312953] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.353108] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.376180] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.415176] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.443039] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.519204] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.542341] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.608076] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.628467] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.673320] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.700574] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.741262] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.760557] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.820107] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.839750] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.871778] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.891046] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4178.950767] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 4178.980657] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 4179.049553] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card [ 4179.049571] ok 15 - snd_soc_tplg_test [ 4180.261826] # Subtest: sysctl_test [ 4180.261844] 1..10 [ 4180.271312] ok 1 - sysctl_test_api_dointvec_null_tbl_data [ 4180.279196] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset [ 4180.288529] ok 3 - sysctl_test_api_dointvec_table_len_is_zero [ 4180.297878] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set [ 4180.307258] ok 5 - sysctl_test_dointvec_read_happy_single_positive [ 4180.316878] ok 6 - sysctl_test_dointvec_read_happy_single_negative [ 4180.325475] ok 7 - sysctl_test_dointvec_write_happy_single_positive [ 4180.332694] ok 8 - sysctl_test_dointvec_write_happy_single_negative [ 4180.341841] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min [ 4180.350873] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max [ 4180.359005] ok 16 - sysctl_test [ 4180.559003] # Subtest: bits-test [ 4180.559018] 1..3 [ 4180.568414] ok 1 - genmask_test [ 4180.575362] ok 2 - genmask_ull_test [ 4180.582599] ok 3 - genmask_input_check_test [ 4180.589118] ok 17 - bits-test [ 4181.403056] # Subtest: kasan [ 4181.403071] 1..51 [ 4181.410713] ================================================================== [ 4181.424637] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 4181.432371] Write of size 1 at addr ffff8881095c1373 by task kunit_try_catch/119762 [ 4181.444812] CPU: 0 PID: 119762 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4181.458233] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4181.465282] Call Trace: [ 4181.470585] dump_stack_lvl+0x57/0x81 [ 4181.476317] print_address_description.constprop.0+0x1f/0x140 [ 4181.482933] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 4181.489293] __kasan_report.cold+0x7f/0x122 [ 4181.495085] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 4181.501371] kasan_report+0x38/0x50 [ 4181.506738] kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 4181.512815] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 4181.518923] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 4181.525097] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4181.531150] ? kunit_add_resource+0x197/0x280 [kunit] [ 4181.536963] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4181.542560] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4181.548163] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4181.554207] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4181.559763] kthread+0x364/0x420 [ 4181.564378] ? _raw_spin_unlock_irq+0x24/0x50 [ 4181.569422] ? set_kthread_struct+0x110/0x110 [ 4181.574476] ret_from_fork+0x22/0x30 [ 4181.583037] Allocated by task 119762: [ 4181.587764] kasan_save_stack+0x1e/0x50 [ 4181.592540] __kasan_kmalloc+0x81/0xa0 [ 4181.597321] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 4181.602722] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4181.607983] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4181.613834] kthread+0x364/0x420 [ 4181.618472] ret_from_fork+0x22/0x30 [ 4181.627146] The buggy address belongs to the object at ffff8881095c1300 which belongs to the cache kmalloc-128 of size 128 [ 4181.638897] The buggy address is located 115 bytes inside of 128-byte region [ffff8881095c1300, ffff8881095c1380) [ 4181.650427] The buggy address belongs to the page: [ 4181.655853] page:000000002dfe2c5c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095c1 [ 4181.663232] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4181.669809] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 4181.676760] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4181.683653] page dumped because: kasan: bad access detected [ 4181.694063] Memory state around the buggy address: [ 4181.699767] ffff8881095c1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 4181.706484] ffff8881095c1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4181.713162] >ffff8881095c1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 4181.719794] ^ [ 4181.726194] ffff8881095c1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4181.732747] ffff8881095c1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 4181.739318] ================================================================== [ 4181.745936] Disabling lock debugging due to kernel taint [ 4181.751463] ================================================================== [ 4181.757536] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 4181.763987] Write of size 1 at addr ffff8881095c1378 by task kunit_try_catch/119762 [ 4181.774234] CPU: 0 PID: 119762 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4181.786769] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4181.792841] Call Trace: [ 4181.797283] dump_stack_lvl+0x57/0x81 [ 4181.802234] print_address_description.constprop.0+0x1f/0x140 [ 4181.808064] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 4181.813751] __kasan_report.cold+0x7f/0x122 [ 4181.818955] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 4181.824649] kasan_report+0x38/0x50 [ 4181.829549] kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 4181.835205] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 4181.840905] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 4181.846796] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4181.852645] ? kunit_add_resource+0x197/0x280 [kunit] [ 4181.858299] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4181.863864] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4181.869519] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4181.875613] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4181.881333] kthread+0x364/0x420 [ 4181.886234] ? _raw_spin_unlock_irq+0x24/0x50 [ 4181.891598] ? set_kthread_struct+0x110/0x110 [ 4181.896944] ret_from_fork+0x22/0x30 [ 4181.906116] Allocated by task 119762: [ 4181.911109] kasan_save_stack+0x1e/0x50 [ 4181.916148] __kasan_kmalloc+0x81/0xa0 [ 4181.921128] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 4181.926668] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4181.932032] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4181.937869] kthread+0x364/0x420 [ 4181.942542] ret_from_fork+0x22/0x30 [ 4181.951067] The buggy address belongs to the object at ffff8881095c1300 which belongs to the cache kmalloc-128 of size 128 [ 4181.962591] The buggy address is located 120 bytes inside of 128-byte region [ffff8881095c1300, ffff8881095c1380) [ 4181.973779] The buggy address belongs to the page: [ 4181.978991] page:000000002dfe2c5c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095c1 [ 4181.986140] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4181.992325] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 4181.998874] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4182.005361] page dumped because: kasan: bad access detected [ 4182.014899] Memory state around the buggy address: [ 4182.020126] ffff8881095c1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 4182.026349] ffff8881095c1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.032528] >ffff8881095c1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 4182.038661] ^ [ 4182.044714] ffff8881095c1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.050782] ffff8881095c1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 4182.056841] ================================================================== [ 4182.062988] ================================================================== [ 4182.068984] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 4182.075345] Read of size 1 at addr ffff8881095c1380 by task kunit_try_catch/119762 [ 4182.085239] CPU: 0 PID: 119762 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4182.097595] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4182.103491] Call Trace: [ 4182.107826] dump_stack_lvl+0x57/0x81 [ 4182.112643] print_address_description.constprop.0+0x1f/0x140 [ 4182.118318] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 4182.123851] __kasan_report.cold+0x7f/0x122 [ 4182.128902] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 4182.134478] kasan_report+0x38/0x50 [ 4182.139261] kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 4182.144787] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 4182.150355] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 4182.156110] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4182.161838] ? kunit_add_resource+0x197/0x280 [kunit] [ 4182.167355] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4182.172804] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4182.178338] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4182.184321] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4182.189939] kthread+0x364/0x420 [ 4182.194749] ? _raw_spin_unlock_irq+0x24/0x50 [ 4182.200005] ? set_kthread_struct+0x110/0x110 [ 4182.205248] ret_from_fork+0x22/0x30 [ 4182.214244] Allocated by task 119762: [ 4182.219175] kasan_save_stack+0x1e/0x50 [ 4182.224142] __kasan_kmalloc+0x81/0xa0 [ 4182.229062] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 4182.234545] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4182.239879] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4182.245649] kthread+0x364/0x420 [ 4182.250193] ret_from_fork+0x22/0x30 [ 4182.258550] The buggy address belongs to the object at ffff8881095c1300 which belongs to the cache kmalloc-128 of size 128 [ 4182.269908] The buggy address is located 0 bytes to the right of 128-byte region [ffff8881095c1300, ffff8881095c1380) [ 4182.281093] The buggy address belongs to the page: [ 4182.286217] page:000000002dfe2c5c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095c1 [ 4182.293298] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4182.299404] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 4182.305863] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4182.312303] page dumped because: kasan: bad access detected [ 4182.321800] Memory state around the buggy address: [ 4182.327060] ffff8881095c1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.333282] ffff8881095c1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 4182.339499] >ffff8881095c1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.345642] ^ [ 4182.350063] ffff8881095c1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 4182.356138] ffff8881095c1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.362220] ================================================================== [ 4182.369281] ok 1 - kmalloc_oob_right [ 4182.369557] ================================================================== [ 4182.380354] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 4182.386896] Read of size 1 at addr ffff88812354335f by task kunit_try_catch/119765 [ 4182.397181] CPU: 0 PID: 119765 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4182.409752] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4182.415822] Call Trace: [ 4182.420281] dump_stack_lvl+0x57/0x81 [ 4182.425236] print_address_description.constprop.0+0x1f/0x140 [ 4182.431064] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 4182.436732] __kasan_report.cold+0x7f/0x122 [ 4182.441899] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 4182.447531] kasan_report+0x38/0x50 [ 4182.452395] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 4182.457968] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan] [ 4182.464045] ? do_raw_spin_trylock+0xb5/0x180 [ 4182.469351] ? do_raw_spin_lock+0x270/0x270 [ 4182.474576] ? rcu_read_lock_sched_held+0x12/0x80 [ 4182.480043] ? lock_acquire+0x228/0x2d0 [ 4182.485128] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4182.490723] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4182.496594] ? kunit_add_resource+0x197/0x280 [kunit] [ 4182.502211] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4182.507763] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4182.513342] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4182.519414] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4182.525110] kthread+0x364/0x420 [ 4182.529990] ? set_kthread_struct+0x110/0x110 [ 4182.535305] ret_from_fork+0x22/0x30 [ 4182.544386] Allocated by task 0: [ 4182.549157] (stack is not available) [ 4182.557822] The buggy address belongs to the object at ffff888123543340 which belongs to the cache kmalloc-16 of size 16 [ 4182.569339] The buggy address is located 15 bytes to the right of 16-byte region [ffff888123543340, ffff888123543350) [ 4182.580748] The buggy address belongs to the page: [ 4182.585989] page:00000000f047f490 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888123543ca0 pfn:0x123543 [ 4182.593728] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4182.600005] raw: 0017ffffc0000200 ffffea000414b6c0 dead000000000002 ffff8881000413c0 [ 4182.606639] raw: ffff888123543ca0 000000008080007a 00000001ffffffff 0000000000000000 [ 4182.613241] page dumped because: kasan: bad access detected [ 4182.622989] Memory state around the buggy address: [ 4182.628370] ffff888123543200: 00 00 fc fc fb fb fc fc fb fb fc fc 00 00 fc fc [ 4182.634777] ffff888123543280: fb fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 4182.641097] >ffff888123543300: 00 00 fc fc 00 00 fc fc fb fb fc fc 00 07 fc fc [ 4182.647350] ^ [ 4182.653130] ffff888123543380: 00 00 fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 4182.659369] ffff888123543400: 00 00 fc fc fb fb fc fc fa fb fc fc fb fb fc fc [ 4182.665504] ================================================================== [ 4182.672348] ok 2 - kmalloc_oob_left [ 4182.674381] ================================================================== [ 4182.685069] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 4182.691585] Read of size 1 at addr ffff88813a929000 by task kunit_try_catch/119766 [ 4182.701577] CPU: 0 PID: 119766 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4182.713772] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4182.719681] Call Trace: [ 4182.724071] dump_stack_lvl+0x57/0x81 [ 4182.728958] print_address_description.constprop.0+0x1f/0x140 [ 4182.734649] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 4182.740440] __kasan_report.cold+0x7f/0x122 [ 4182.745572] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 4182.751386] kasan_report+0x38/0x50 [ 4182.756256] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 4182.762028] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan] [ 4182.767570] ? do_raw_spin_trylock+0xb5/0x180 [ 4182.772823] ? do_raw_spin_lock+0x270/0x270 [ 4182.777969] ? rcu_read_lock_sched_held+0x12/0x80 [ 4182.783333] ? lock_acquire+0x228/0x2d0 [ 4182.788328] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4182.793762] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4182.799438] ? kunit_add_resource+0x197/0x280 [kunit] [ 4182.804905] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4182.810340] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4182.815857] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4182.821867] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4182.827472] kthread+0x364/0x420 [ 4182.832297] ? set_kthread_struct+0x110/0x110 [ 4182.837558] ret_from_fork+0x22/0x30 [ 4182.846522] Allocated by task 119766: [ 4182.851389] kasan_save_stack+0x1e/0x50 [ 4182.856289] __kasan_kmalloc+0x81/0xa0 [ 4182.861021] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan] [ 4182.866457] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4182.871585] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4182.877187] kthread+0x364/0x420 [ 4182.881642] ret_from_fork+0x22/0x30 [ 4182.889853] The buggy address belongs to the object at ffff88813a928000 which belongs to the cache kmalloc-4k of size 4096 [ 4182.901029] The buggy address is located 0 bytes to the right of 4096-byte region [ffff88813a928000, ffff88813a929000) [ 4182.912124] The buggy address belongs to the page: [ 4182.917244] page:00000000c3115fef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13a928 [ 4182.924247] head:00000000c3115fef order:3 compound_mapcount:0 compound_pincount:0 [ 4182.930518] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4182.936747] raw: 0017ffffc0010200 0000000000000000 dead000000000001 ffff888100042140 [ 4182.943071] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 4182.949371] page dumped because: kasan: bad access detected [ 4182.958505] Memory state around the buggy address: [ 4182.963452] ffff88813a928f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4182.969385] ffff88813a928f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4182.975232] >ffff88813a929000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.981129] ^ [ 4182.985446] ffff88813a929080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.991389] ffff88813a929100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4182.997258] ================================================================== [ 4183.004544] ok 3 - kmalloc_node_oob_right [ 4183.004892] ================================================================== [ 4183.015555] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 4183.022226] Write of size 1 at addr ffff88817abfe00a by task kunit_try_catch/119767 [ 4183.032264] CPU: 0 PID: 119767 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4183.044591] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4183.050553] Call Trace: [ 4183.054972] dump_stack_lvl+0x57/0x81 [ 4183.059882] print_address_description.constprop.0+0x1f/0x140 [ 4183.065645] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 4183.071615] __kasan_report.cold+0x7f/0x122 [ 4183.076751] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 4183.082735] kasan_report+0x38/0x50 [ 4183.087616] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 4183.093578] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan] [ 4183.099415] ? do_raw_spin_trylock+0xb5/0x180 [ 4183.104717] ? do_raw_spin_lock+0x270/0x270 [ 4183.109949] ? rcu_read_lock_sched_held+0x12/0x80 [ 4183.115401] ? lock_acquire+0x228/0x2d0 [ 4183.120514] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4183.126072] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4183.131871] ? kunit_add_resource+0x197/0x280 [kunit] [ 4183.137497] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4183.142976] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4183.148570] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4183.154598] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4183.160225] kthread+0x364/0x420 [ 4183.165083] ? set_kthread_struct+0x110/0x110 [ 4183.170348] ret_from_fork+0x22/0x30 [ 4183.179345] The buggy address belongs to the page: [ 4183.184679] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4183.191870] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4183.198284] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4183.204520] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4183.211046] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4183.217543] page dumped because: kasan: bad access detected [ 4183.227221] Memory state around the buggy address: [ 4183.232535] ffff88817abfdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4183.238921] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4183.245262] >ffff88817abfe000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4183.251581] ^ [ 4183.256366] ffff88817abfe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4183.262742] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4183.269032] ================================================================== [ 4183.276100] ok 4 - kmalloc_pagealloc_oob_right [ 4183.276446] ================================================================== [ 4183.287962] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 4183.294515] Read of size 1 at addr ffff88817abfc000 by task kunit_try_catch/119768 [ 4183.304834] CPU: 0 PID: 119768 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4183.317088] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4183.322965] Call Trace: [ 4183.327365] dump_stack_lvl+0x57/0x81 [ 4183.332230] print_address_description.constprop.0+0x1f/0x140 [ 4183.337959] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 4183.343656] __kasan_report.cold+0x7f/0x122 [ 4183.348713] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 4183.354406] kasan_report+0x38/0x50 [ 4183.359161] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 4183.364790] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan] [ 4183.370830] ? do_raw_spin_trylock+0xb5/0x180 [ 4183.375998] ? do_raw_spin_lock+0x270/0x270 [ 4183.381060] ? rcu_read_lock_sched_held+0x12/0x80 [ 4183.386350] ? lock_acquire+0x228/0x2d0 [ 4183.391302] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4183.396690] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4183.402334] ? kunit_add_resource+0x197/0x280 [kunit] [ 4183.407758] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4183.413103] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4183.418531] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4183.424357] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4183.429822] kthread+0x364/0x420 [ 4183.434519] ? set_kthread_struct+0x110/0x110 [ 4183.439672] ret_from_fork+0x22/0x30 [ 4183.448506] The buggy address belongs to the page: [ 4183.453758] page:0000000037cef854 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4183.460899] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 4183.466894] raw: 0017ffffc0000000 ffffea00043d3908 ffff888196600170 0000000000000000 [ 4183.473359] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 4183.479859] page dumped because: kasan: bad access detected [ 4183.489424] Memory state around the buggy address: [ 4183.494728] ffff88817abfbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4183.501018] ffff88817abfbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4183.507309] >ffff88817abfc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4183.513544] ^ [ 4183.518154] ffff88817abfc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4183.524393] ffff88817abfc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4183.530652] ================================================================== [ 4183.537754] ok 5 - kmalloc_pagealloc_uaf [ 4183.538097] ================================================================== [ 4183.549314] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 4183.560688] CPU: 0 PID: 119769 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4183.573133] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4183.579080] Call Trace: [ 4183.583422] dump_stack_lvl+0x57/0x81 [ 4183.588235] print_address_description.constprop.0+0x1f/0x140 [ 4183.593917] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 4183.599917] kasan_report_invalid_free+0x70/0xa0 [ 4183.605151] kfree+0x27c/0x4e0 [ 4183.609750] ? kmalloc_order+0xb4/0x100 [ 4183.614623] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 4183.620534] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan] [ 4183.626281] ? do_raw_spin_trylock+0xb5/0x180 [ 4183.631372] ? do_raw_spin_lock+0x270/0x270 [ 4183.636409] ? rcu_read_lock_sched_held+0x12/0x80 [ 4183.641618] ? lock_acquire+0x228/0x2d0 [ 4183.646513] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4183.651831] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4183.657416] ? kunit_add_resource+0x197/0x280 [kunit] [ 4183.662783] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4183.668084] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4183.673438] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4183.679235] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4183.684641] kthread+0x364/0x420 [ 4183.689247] ? set_kthread_struct+0x110/0x110 [ 4183.694317] ret_from_fork+0x22/0x30 [ 4183.702998] The buggy address belongs to the page: [ 4183.708240] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4183.715405] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4183.721779] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4183.727900] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4183.734364] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4183.740838] page dumped because: kasan: bad access detected [ 4183.750311] Memory state around the buggy address: [ 4183.755585] ffff88817abfbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4183.761823] ffff88817abfbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4183.768096] >ffff88817abfc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4183.774378] ^ [ 4183.779044] ffff88817abfc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4183.785348] ffff88817abfc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4183.791657] ================================================================== [ 4183.798813] ok 6 - kmalloc_pagealloc_invalid_free [ 4183.799375] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 4183.811415] ================================================================== [ 4183.825467] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 4183.831847] Read of size 1 at addr ffff88813e230000 by task kunit_try_catch/119771 [ 4183.842071] CPU: 0 PID: 119771 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4183.854370] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4183.860425] Call Trace: [ 4183.864847] dump_stack_lvl+0x57/0x81 [ 4183.869731] print_address_description.constprop.0+0x1f/0x140 [ 4183.875472] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 4183.880996] __kasan_report.cold+0x7f/0x122 [ 4183.886141] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 4183.891624] kasan_report+0x38/0x50 [ 4183.896431] pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 4183.901853] ? krealloc_more_oob+0x10/0x10 [test_kasan] [ 4183.907405] ? do_raw_spin_trylock+0xb5/0x180 [ 4183.912602] ? do_raw_spin_lock+0x270/0x270 [ 4183.917704] ? rcu_read_lock_sched_held+0x12/0x80 [ 4183.923037] ? lock_acquire+0x228/0x2d0 [ 4183.928004] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4183.933417] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4183.939115] ? kunit_add_resource+0x197/0x280 [kunit] [ 4183.944579] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4183.949974] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4183.955414] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4183.961286] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4183.966800] kthread+0x364/0x420 [ 4183.971502] ? set_kthread_struct+0x110/0x110 [ 4183.976682] ret_from_fork+0x22/0x30 [ 4183.985449] The buggy address belongs to the page: [ 4183.990698] page:000000006944fac0 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x13e230 [ 4183.998025] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 4184.004067] raw: 0017ffffc0000000 ffffea0004b26c08 ffff8881e13d4220 0000000000000000 [ 4184.010686] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 4184.017245] page dumped because: kasan: bad access detected [ 4184.026873] Memory state around the buggy address: [ 4184.032197] ffff88813e22ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.038643] ffff88813e22ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.045019] >ffff88813e230000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4184.051349] ^ [ 4184.056015] ffff88813e230080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4184.062449] ffff88813e230100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4184.068790] ================================================================== [ 4184.075805] ok 8 - pagealloc_uaf [ 4184.076395] ================================================================== [ 4184.087459] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 4184.094381] Write of size 1 at addr ffff88815ff3df00 by task kunit_try_catch/119772 [ 4184.104870] CPU: 0 PID: 119772 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4184.117363] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4184.123357] Call Trace: [ 4184.127695] dump_stack_lvl+0x57/0x81 [ 4184.132543] print_address_description.constprop.0+0x1f/0x140 [ 4184.138263] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 4184.144106] __kasan_report.cold+0x7f/0x122 [ 4184.149192] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 4184.155029] kasan_report+0x38/0x50 [ 4184.159872] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 4184.165661] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan] [ 4184.171214] ? do_raw_spin_trylock+0xb5/0x180 [ 4184.176433] ? do_raw_spin_lock+0x270/0x270 [ 4184.181575] ? rcu_read_lock_sched_held+0x12/0x80 [ 4184.186913] ? lock_acquire+0x228/0x2d0 [ 4184.191874] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4184.197320] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4184.203034] ? kunit_add_resource+0x197/0x280 [kunit] [ 4184.208572] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4184.214026] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4184.219532] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4184.225483] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4184.231015] kthread+0x364/0x420 [ 4184.235766] ? set_kthread_struct+0x110/0x110 [ 4184.240974] ret_from_fork+0x22/0x30 [ 4184.249873] Allocated by task 119772: [ 4184.254768] kasan_save_stack+0x1e/0x50 [ 4184.259660] __kasan_kmalloc+0x81/0xa0 [ 4184.264452] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan] [ 4184.270011] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4184.275273] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4184.281006] kthread+0x364/0x420 [ 4184.285506] ret_from_fork+0x22/0x30 [ 4184.293862] The buggy address belongs to the object at ffff88815ff3c000 which belongs to the cache kmalloc-8k of size 8192 [ 4184.305361] The buggy address is located 7936 bytes inside of 8192-byte region [ffff88815ff3c000, ffff88815ff3e000) [ 4184.316563] The buggy address belongs to the page: [ 4184.321776] page:00000000c2ba1dd2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15ff38 [ 4184.328986] head:00000000c2ba1dd2 order:3 compound_mapcount:0 compound_pincount:0 [ 4184.335386] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4184.341760] raw: 0017ffffc0010200 0000000000000000 dead000000000122 ffff888100042280 [ 4184.348257] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 4184.354704] page dumped because: kasan: bad access detected [ 4184.364004] Memory state around the buggy address: [ 4184.369050] ffff88815ff3de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4184.375122] ffff88815ff3de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4184.381091] >ffff88815ff3df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.387113] ^ [ 4184.391486] ffff88815ff3df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.397586] ffff88815ff3e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.403614] ================================================================== [ 4184.413019] ok 9 - kmalloc_large_oob_right [ 4184.430077] ================================================================== [ 4184.441306] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4184.448158] Write of size 1 at addr ffff8881251204eb by task kunit_try_catch/119773 [ 4184.458429] CPU: 1 PID: 119773 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4184.471138] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4184.477329] Call Trace: [ 4184.481801] dump_stack_lvl+0x57/0x81 [ 4184.486801] print_address_description.constprop.0+0x1f/0x140 [ 4184.492742] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4184.498786] __kasan_report.cold+0x7f/0x122 [ 4184.504044] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4184.510060] kasan_report+0x38/0x50 [ 4184.515016] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4184.521035] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 4184.526785] ? rcu_read_lock_sched_held+0x12/0x80 [ 4184.532324] ? lock_acquire+0x228/0x2d0 [ 4184.537516] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4184.543505] ? do_raw_spin_lock+0x270/0x270 [ 4184.548955] ? rcu_read_lock_sched_held+0x12/0x80 [ 4184.554563] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4184.560770] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4184.566508] ? kunit_add_resource+0x197/0x280 [kunit] [ 4184.572256] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4184.577957] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4184.583750] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4184.590005] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4184.595820] kthread+0x364/0x420 [ 4184.600774] ? set_kthread_struct+0x110/0x110 [ 4184.606213] ret_from_fork+0x22/0x30 [ 4184.615404] Allocated by task 119773: [ 4184.620372] kasan_save_stack+0x1e/0x50 [ 4184.625420] __kasan_krealloc+0xed/0x130 [ 4184.630395] krealloc+0x50/0xe0 [ 4184.635004] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 4184.640770] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4184.646092] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4184.651942] kthread+0x364/0x420 [ 4184.656536] ret_from_fork+0x22/0x30 [ 4184.665079] The buggy address belongs to the object at ffff888125120400 which belongs to the cache kmalloc-256 of size 256 [ 4184.676749] The buggy address is located 235 bytes inside of 256-byte region [ffff888125120400, ffff888125120500) [ 4184.688215] The buggy address belongs to the page: [ 4184.693510] page:00000000b8f1331b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125120 [ 4184.700836] head:00000000b8f1331b order:1 compound_mapcount:0 compound_pincount:0 [ 4184.707295] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4184.713749] raw: 0017ffffc0010200 ffffea000403b780 dead000000000006 ffff888100041b40 [ 4184.720346] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4184.726888] page dumped because: kasan: bad access detected [ 4184.736125] Memory state around the buggy address: [ 4184.741285] ffff888125120380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.747562] ffff888125120400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4184.753813] >ffff888125120480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 4184.759998] ^ [ 4184.765954] ffff888125120500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.772213] ffff888125120580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4184.778357] ================================================================== [ 4184.784744] ================================================================== [ 4184.790889] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4184.797737] Write of size 1 at addr ffff8881251204f0 by task kunit_try_catch/119773 [ 4184.807970] CPU: 1 PID: 119773 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4184.820535] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4184.826619] Call Trace: [ 4184.830973] dump_stack_lvl+0x57/0x81 [ 4184.835861] print_address_description.constprop.0+0x1f/0x140 [ 4184.841675] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4184.847584] __kasan_report.cold+0x7f/0x122 [ 4184.852739] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4184.858696] kasan_report+0x38/0x50 [ 4184.863534] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4184.869443] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 4184.875116] ? rcu_read_lock_sched_held+0x12/0x80 [ 4184.880530] ? lock_acquire+0x228/0x2d0 [ 4184.885602] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4184.891431] ? do_raw_spin_lock+0x270/0x270 [ 4184.896693] ? rcu_read_lock_sched_held+0x12/0x80 [ 4184.902207] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4184.908368] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4184.914020] ? kunit_add_resource+0x197/0x280 [kunit] [ 4184.919719] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4184.925304] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4184.931016] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4184.937172] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4184.942932] kthread+0x364/0x420 [ 4184.947812] ? set_kthread_struct+0x110/0x110 [ 4184.953172] ret_from_fork+0x22/0x30 [ 4184.962169] Allocated by task 119773: [ 4184.967067] kasan_save_stack+0x1e/0x50 [ 4184.971976] __kasan_krealloc+0xed/0x130 [ 4184.976899] krealloc+0x50/0xe0 [ 4184.981411] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 4184.987072] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4184.992310] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4184.998106] kthread+0x364/0x420 [ 4185.002607] ret_from_fork+0x22/0x30 [ 4185.010898] The buggy address belongs to the object at ffff888125120400 which belongs to the cache kmalloc-256 of size 256 [ 4185.022473] The buggy address is located 240 bytes inside of 256-byte region [ffff888125120400, ffff888125120500) [ 4185.033712] The buggy address belongs to the page: [ 4185.038924] page:00000000b8f1331b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125120 [ 4185.046266] head:00000000b8f1331b order:1 compound_mapcount:0 compound_pincount:0 [ 4185.052754] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4185.059194] raw: 0017ffffc0010200 ffffea000403b780 dead000000000006 ffff888100041b40 [ 4185.065788] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4185.072261] page dumped because: kasan: bad access detected [ 4185.081526] Memory state around the buggy address: [ 4185.086704] ffff888125120380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.093005] ffff888125120400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4185.099253] >ffff888125120480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 4185.105362] ^ [ 4185.111243] ffff888125120500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.117486] ffff888125120580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.123712] ================================================================== [ 4185.130036] ok 10 - krealloc_more_oob [ 4185.132453] ================================================================== [ 4185.143543] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4185.150492] Write of size 1 at addr ffff8881251216c9 by task kunit_try_catch/119774 [ 4185.160918] CPU: 1 PID: 119774 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4185.173687] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4185.179810] Call Trace: [ 4185.184298] dump_stack_lvl+0x57/0x81 [ 4185.189296] print_address_description.constprop.0+0x1f/0x140 [ 4185.195244] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4185.201311] __kasan_report.cold+0x7f/0x122 [ 4185.206544] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4185.212624] kasan_report+0x38/0x50 [ 4185.217590] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4185.223590] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4185.229259] ? rcu_read_lock_sched_held+0x12/0x80 [ 4185.234856] ? lock_acquire+0x228/0x2d0 [ 4185.240082] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4185.246093] ? do_raw_spin_lock+0x270/0x270 [ 4185.251493] ? rcu_read_lock_sched_held+0x12/0x80 [ 4185.257126] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4185.263416] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4185.269172] ? kunit_add_resource+0x197/0x280 [kunit] [ 4185.274948] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4185.280676] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4185.286492] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4185.292776] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4185.298624] kthread+0x364/0x420 [ 4185.303579] ? set_kthread_struct+0x110/0x110 [ 4185.308923] ret_from_fork+0x22/0x30 [ 4185.318073] Allocated by task 119774: [ 4185.322855] kasan_save_stack+0x1e/0x50 [ 4185.327773] __kasan_krealloc+0xed/0x130 [ 4185.332752] krealloc+0x50/0xe0 [ 4185.337291] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 4185.343088] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4185.348425] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4185.354294] kthread+0x364/0x420 [ 4185.358909] ret_from_fork+0x22/0x30 [ 4185.367428] The buggy address belongs to the object at ffff888125121600 which belongs to the cache kmalloc-256 of size 256 [ 4185.379138] The buggy address is located 201 bytes inside of 256-byte region [ffff888125121600, ffff888125121700) [ 4185.390623] The buggy address belongs to the page: [ 4185.395930] page:00000000b8f1331b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125120 [ 4185.403300] head:00000000b8f1331b order:1 compound_mapcount:0 compound_pincount:0 [ 4185.409823] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4185.416300] raw: 0017ffffc0010200 ffffea000403b780 dead000000000006 ffff888100041b40 [ 4185.422881] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4185.429372] page dumped because: kasan: bad access detected [ 4185.438663] Memory state around the buggy address: [ 4185.443803] ffff888125121580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.450114] ffff888125121600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4185.456366] >ffff888125121680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 4185.462601] ^ [ 4185.468062] ffff888125121700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.474299] ffff888125121780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.480522] ================================================================== [ 4185.486902] ================================================================== [ 4185.493072] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4185.499834] Write of size 1 at addr ffff8881251216d0 by task kunit_try_catch/119774 [ 4185.510067] CPU: 1 PID: 119774 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4185.522677] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4185.528793] Call Trace: [ 4185.533159] dump_stack_lvl+0x57/0x81 [ 4185.538078] print_address_description.constprop.0+0x1f/0x140 [ 4185.543903] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4185.549760] __kasan_report.cold+0x7f/0x122 [ 4185.554886] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4185.560800] kasan_report+0x38/0x50 [ 4185.565572] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4185.571385] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4185.576942] ? rcu_read_lock_sched_held+0x12/0x80 [ 4185.582351] ? lock_acquire+0x228/0x2d0 [ 4185.587401] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4185.593238] ? do_raw_spin_lock+0x270/0x270 [ 4185.598353] ? rcu_read_lock_sched_held+0x12/0x80 [ 4185.603873] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4185.610003] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4185.615624] ? kunit_add_resource+0x197/0x280 [kunit] [ 4185.621270] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4185.626842] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4185.632468] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4185.638645] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4185.644361] kthread+0x364/0x420 [ 4185.649249] ? set_kthread_struct+0x110/0x110 [ 4185.654566] ret_from_fork+0x22/0x30 [ 4185.663578] Allocated by task 119774: [ 4185.668437] kasan_save_stack+0x1e/0x50 [ 4185.673347] __kasan_krealloc+0xed/0x130 [ 4185.678259] krealloc+0x50/0xe0 [ 4185.682730] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 4185.688319] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4185.693555] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4185.699262] kthread+0x364/0x420 [ 4185.703786] ret_from_fork+0x22/0x30 [ 4185.712017] The buggy address belongs to the object at ffff888125121600 which belongs to the cache kmalloc-256 of size 256 [ 4185.723399] The buggy address is located 208 bytes inside of 256-byte region [ffff888125121600, ffff888125121700) [ 4185.734480] The buggy address belongs to the page: [ 4185.739676] page:00000000b8f1331b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125120 [ 4185.746966] head:00000000b8f1331b order:1 compound_mapcount:0 compound_pincount:0 [ 4185.753416] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4185.759812] raw: 0017ffffc0010200 ffffea000403b780 dead000000000006 ffff888100041b40 [ 4185.766337] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4185.772858] page dumped because: kasan: bad access detected [ 4185.782108] Memory state around the buggy address: [ 4185.787252] ffff888125121580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.793471] ffff888125121600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4185.799683] >ffff888125121680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 4185.805870] ^ [ 4185.811445] ffff888125121700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.817713] ffff888125121780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4185.823922] ================================================================== [ 4185.830151] ================================================================== [ 4185.836290] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4185.843121] Write of size 1 at addr ffff8881251216da by task kunit_try_catch/119774 [ 4185.853312] CPU: 1 PID: 119774 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4185.865838] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4185.871881] Call Trace: [ 4185.876213] dump_stack_lvl+0x57/0x81 [ 4185.881121] print_address_description.constprop.0+0x1f/0x140 [ 4185.886990] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4185.892954] __kasan_report.cold+0x7f/0x122 [ 4185.898109] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4185.904115] kasan_report+0x38/0x50 [ 4185.909004] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4185.914885] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4185.920526] ? rcu_read_lock_sched_held+0x12/0x80 [ 4185.925985] ? lock_acquire+0x228/0x2d0 [ 4185.931095] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4185.937017] ? do_raw_spin_lock+0x270/0x270 [ 4185.942320] ? rcu_read_lock_sched_held+0x12/0x80 [ 4185.947837] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4185.953051] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4185.957511] ? kunit_add_resource+0x197/0x280 [kunit] [ 4185.963219] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4185.968837] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4185.974482] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4185.980689] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4185.986446] kthread+0x364/0x420 [ 4185.991343] ? set_kthread_struct+0x110/0x110 [ 4185.996722] ret_from_fork+0x22/0x30 [ 4186.005764] Allocated by task 119774: [ 4186.010696] kasan_save_stack+0x1e/0x50 [ 4186.015635] __kasan_krealloc+0xed/0x130 [ 4186.020488] krealloc+0x50/0xe0 [ 4186.025030] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 4186.030762] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4186.036027] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4186.041819] kthread+0x364/0x420 [ 4186.046316] ret_from_fork+0x22/0x30 [ 4186.054674] The buggy address belongs to the object at ffff888125121600 which belongs to the cache kmalloc-256 of size 256 [ 4186.066098] The buggy address is located 218 bytes inside of 256-byte region [ffff888125121600, ffff888125121700) [ 4186.077298] The buggy address belongs to the page: [ 4186.082506] page:00000000b8f1331b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125120 [ 4186.089874] head:00000000b8f1331b order:1 compound_mapcount:0 compound_pincount:0 [ 4186.096355] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4186.102769] raw: 0017ffffc0010200 ffffea000403b780 dead000000000006 ffff888100041b40 [ 4186.109330] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4186.115875] page dumped because: kasan: bad access detected [ 4186.125072] Memory state around the buggy address: [ 4186.130192] ffff888125121580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.136480] ffff888125121600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4186.142771] >ffff888125121680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 4186.148994] ^ [ 4186.154748] ffff888125121700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.161004] ffff888125121780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.167193] ================================================================== [ 4186.173434] ================================================================== [ 4186.179556] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4186.186367] Write of size 1 at addr ffff8881251216ea by task kunit_try_catch/119774 [ 4186.196597] CPU: 1 PID: 119774 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4186.209191] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4186.215307] Call Trace: [ 4186.219673] dump_stack_lvl+0x57/0x81 [ 4186.224563] print_address_description.constprop.0+0x1f/0x140 [ 4186.230395] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4186.236254] __kasan_report.cold+0x7f/0x122 [ 4186.241395] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4186.247358] kasan_report+0x38/0x50 [ 4186.252200] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4186.258119] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4186.263667] ? rcu_read_lock_sched_held+0x12/0x80 [ 4186.269098] ? lock_acquire+0x228/0x2d0 [ 4186.274196] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4186.280137] ? do_raw_spin_lock+0x270/0x270 [ 4186.285387] ? rcu_read_lock_sched_held+0x12/0x80 [ 4186.290942] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4186.297092] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4186.302702] ? kunit_add_resource+0x197/0x280 [kunit] [ 4186.308371] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4186.313976] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4186.319657] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4186.325784] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4186.331499] kthread+0x364/0x420 [ 4186.336379] ? set_kthread_struct+0x110/0x110 [ 4186.341725] ret_from_fork+0x22/0x30 [ 4186.350758] Allocated by task 119774: [ 4186.355664] kasan_save_stack+0x1e/0x50 [ 4186.360579] __kasan_krealloc+0xed/0x130 [ 4186.365483] krealloc+0x50/0xe0 [ 4186.370026] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 4186.375682] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4186.380882] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4186.386648] kthread+0x364/0x420 [ 4186.391176] ret_from_fork+0x22/0x30 [ 4186.399421] The buggy address belongs to the object at ffff888125121600 which belongs to the cache kmalloc-256 of size 256 [ 4186.410948] The buggy address is located 234 bytes inside of 256-byte region [ffff888125121600, ffff888125121700) [ 4186.422084] The buggy address belongs to the page: [ 4186.427268] page:00000000b8f1331b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125120 [ 4186.434543] head:00000000b8f1331b order:1 compound_mapcount:0 compound_pincount:0 [ 4186.441000] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4186.447320] raw: 0017ffffc0010200 ffffea000403b780 dead000000000006 ffff888100041b40 [ 4186.453855] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4186.460379] page dumped because: kasan: bad access detected [ 4186.469593] Memory state around the buggy address: [ 4186.474704] ffff888125121580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.480932] ffff888125121600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4186.487167] >ffff888125121680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 4186.493354] ^ [ 4186.499299] ffff888125121700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.505522] ffff888125121780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.511687] ================================================================== [ 4186.517978] ================================================================== [ 4186.524108] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4186.530917] Write of size 1 at addr ffff8881251216eb by task kunit_try_catch/119774 [ 4186.541124] CPU: 1 PID: 119774 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4186.553711] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4186.559783] Call Trace: [ 4186.564125] dump_stack_lvl+0x57/0x81 [ 4186.569030] print_address_description.constprop.0+0x1f/0x140 [ 4186.574861] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4186.580779] __kasan_report.cold+0x7f/0x122 [ 4186.585917] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4186.591822] kasan_report+0x38/0x50 [ 4186.596696] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4186.602413] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4186.607859] ? rcu_read_lock_sched_held+0x12/0x80 [ 4186.613175] ? lock_acquire+0x228/0x2d0 [ 4186.618256] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4186.624124] ? do_raw_spin_lock+0x270/0x270 [ 4186.629387] ? rcu_read_lock_sched_held+0x12/0x80 [ 4186.634897] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4186.641035] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4186.646667] ? kunit_add_resource+0x197/0x280 [kunit] [ 4186.652324] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4186.657890] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4186.663587] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4186.669770] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4186.675517] kthread+0x364/0x420 [ 4186.680411] ? set_kthread_struct+0x110/0x110 [ 4186.685774] ret_from_fork+0x22/0x30 [ 4186.694811] Allocated by task 119774: [ 4186.699728] kasan_save_stack+0x1e/0x50 [ 4186.704668] __kasan_krealloc+0xed/0x130 [ 4186.709584] krealloc+0x50/0xe0 [ 4186.714119] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 4186.719821] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4186.725064] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4186.730827] kthread+0x364/0x420 [ 4186.735374] ret_from_fork+0x22/0x30 [ 4186.743704] The buggy address belongs to the object at ffff888125121600 which belongs to the cache kmalloc-256 of size 256 [ 4186.755231] The buggy address is located 235 bytes inside of 256-byte region [ffff888125121600, ffff888125121700) [ 4186.766474] The buggy address belongs to the page: [ 4186.771643] page:00000000b8f1331b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125120 [ 4186.778984] head:00000000b8f1331b order:1 compound_mapcount:0 compound_pincount:0 [ 4186.785432] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4186.791875] raw: 0017ffffc0010200 ffffea000403b780 dead000000000006 ffff888100041b40 [ 4186.798434] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4186.804922] page dumped because: kasan: bad access detected [ 4186.814123] Memory state around the buggy address: [ 4186.819229] ffff888125121580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.825502] ffff888125121600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4186.831776] >ffff888125121680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 4186.837983] ^ [ 4186.843848] ffff888125121700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.850052] ffff888125121780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4186.856211] ================================================================== [ 4186.863568] ok 11 - krealloc_less_oob [ 4186.865584] ================================================================== [ 4186.876506] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4186.883363] Write of size 1 at addr ffff88817abfe0eb by task kunit_try_catch/119775 [ 4186.893667] CPU: 0 PID: 119775 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4186.906206] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4186.912296] Call Trace: [ 4186.916752] dump_stack_lvl+0x57/0x81 [ 4186.921685] print_address_description.constprop.0+0x1f/0x140 [ 4186.927520] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4186.933506] __kasan_report.cold+0x7f/0x122 [ 4186.938693] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4186.944666] kasan_report+0x38/0x50 [ 4186.949579] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 4186.955504] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 4186.961196] ? rcu_read_lock_sched_held+0x12/0x80 [ 4186.966709] ? lock_acquire+0x228/0x2d0 [ 4186.971845] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4186.977748] ? do_raw_spin_lock+0x270/0x270 [ 4186.983074] ? rcu_read_lock_sched_held+0x12/0x80 [ 4186.988634] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4186.994769] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4187.000433] ? kunit_add_resource+0x197/0x280 [kunit] [ 4187.006122] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4187.011760] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4187.017454] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4187.023609] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4187.029367] kthread+0x364/0x420 [ 4187.034301] ? set_kthread_struct+0x110/0x110 [ 4187.039681] ret_from_fork+0x22/0x30 [ 4187.048767] The buggy address belongs to the page: [ 4187.054180] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4187.061530] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4187.068032] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4187.074360] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4187.080993] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4187.087579] page dumped because: kasan: bad access detected [ 4187.097346] Memory state around the buggy address: [ 4187.102749] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.109189] ffff88817abfe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.115533] >ffff88817abfe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 4187.121839] ^ [ 4187.127995] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.134442] ffff88817abfe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.140813] ================================================================== [ 4187.147298] ================================================================== [ 4187.153571] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4187.160423] Write of size 1 at addr ffff88817abfe0f0 by task kunit_try_catch/119775 [ 4187.170711] CPU: 0 PID: 119775 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4187.182923] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4187.188809] Call Trace: [ 4187.193118] dump_stack_lvl+0x57/0x81 [ 4187.197925] print_address_description.constprop.0+0x1f/0x140 [ 4187.203604] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4187.209376] __kasan_report.cold+0x7f/0x122 [ 4187.214388] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4187.220218] kasan_report+0x38/0x50 [ 4187.224973] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 4187.230724] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 4187.236201] ? rcu_read_lock_sched_held+0x12/0x80 [ 4187.241448] ? lock_acquire+0x228/0x2d0 [ 4187.246362] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4187.252024] ? do_raw_spin_lock+0x270/0x270 [ 4187.257079] ? rcu_read_lock_sched_held+0x12/0x80 [ 4187.262352] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4187.268211] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4187.273607] ? kunit_add_resource+0x197/0x280 [kunit] [ 4187.279007] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4187.284337] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4187.289747] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4187.295603] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4187.301059] kthread+0x364/0x420 [ 4187.305731] ? set_kthread_struct+0x110/0x110 [ 4187.310868] ret_from_fork+0x22/0x30 [ 4187.319592] The buggy address belongs to the page: [ 4187.324816] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4187.332005] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4187.338384] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4187.344555] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4187.351100] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4187.357635] page dumped because: kasan: bad access detected [ 4187.367184] Memory state around the buggy address: [ 4187.372419] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.378790] ffff88817abfe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.385149] >ffff88817abfe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 4187.391418] ^ [ 4187.397566] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.403893] ffff88817abfe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.410176] ================================================================== [ 4187.420234] ok 12 - krealloc_pagealloc_more_oob [ 4187.420526] ================================================================== [ 4187.432144] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4187.439049] Write of size 1 at addr ffff88817abfe0c9 by task kunit_try_catch/119778 [ 4187.449325] CPU: 0 PID: 119778 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4187.461818] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4187.467860] Call Trace: [ 4187.472274] dump_stack_lvl+0x57/0x81 [ 4187.477203] print_address_description.constprop.0+0x1f/0x140 [ 4187.482987] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4187.488901] __kasan_report.cold+0x7f/0x122 [ 4187.494043] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4187.499934] kasan_report+0x38/0x50 [ 4187.504789] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 4187.510623] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4187.516106] ? rcu_read_lock_sched_held+0x12/0x80 [ 4187.521483] ? lock_acquire+0x228/0x2d0 [ 4187.526478] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4187.532231] ? do_raw_spin_lock+0x270/0x270 [ 4187.537375] ? rcu_read_lock_sched_held+0x12/0x80 [ 4187.542740] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4187.548709] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4187.554196] ? kunit_add_resource+0x197/0x280 [kunit] [ 4187.559761] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4187.565192] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4187.570686] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4187.576631] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4187.582191] kthread+0x364/0x420 [ 4187.586976] ? set_kthread_struct+0x110/0x110 [ 4187.592235] ret_from_fork+0x22/0x30 [ 4187.601127] The buggy address belongs to the page: [ 4187.606415] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4187.613708] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4187.620179] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4187.626496] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4187.633124] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4187.639717] page dumped because: kasan: bad access detected [ 4187.649439] Memory state around the buggy address: [ 4187.653148] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.657153] ffff88817abfe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.661490] >ffff88817abfe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 4187.667797] ^ [ 4187.673511] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.679919] ffff88817abfe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.686226] ================================================================== [ 4187.692669] ================================================================== [ 4187.698835] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4187.705701] Write of size 1 at addr ffff88817abfe0d0 by task kunit_try_catch/119778 [ 4187.716040] CPU: 0 PID: 119778 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4187.728328] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4187.734278] Call Trace: [ 4187.738640] dump_stack_lvl+0x57/0x81 [ 4187.743465] print_address_description.constprop.0+0x1f/0x140 [ 4187.749157] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4187.754969] __kasan_report.cold+0x7f/0x122 [ 4187.760023] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4187.765843] kasan_report+0x38/0x50 [ 4187.770606] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 4187.776316] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4187.781711] ? rcu_read_lock_sched_held+0x12/0x80 [ 4187.786974] ? lock_acquire+0x228/0x2d0 [ 4187.791891] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4187.797528] ? do_raw_spin_lock+0x270/0x270 [ 4187.802577] ? rcu_read_lock_sched_held+0x12/0x80 [ 4187.807829] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4187.813679] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4187.819058] ? kunit_add_resource+0x197/0x280 [kunit] [ 4187.824476] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4187.829865] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4187.835315] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4187.841203] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4187.846714] kthread+0x364/0x420 [ 4187.851385] ? set_kthread_struct+0x110/0x110 [ 4187.856542] ret_from_fork+0x22/0x30 [ 4187.865366] The buggy address belongs to the page: [ 4187.870651] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4187.877984] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4187.884458] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4187.890697] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4187.897312] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4187.903910] page dumped because: kasan: bad access detected [ 4187.913500] Memory state around the buggy address: [ 4187.918806] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.925233] ffff88817abfe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4187.931671] >ffff88817abfe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 4187.938033] ^ [ 4187.943821] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.950272] ffff88817abfe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4187.956640] ================================================================== [ 4187.963162] ================================================================== [ 4187.969470] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4187.976380] Write of size 1 at addr ffff88817abfe0da by task kunit_try_catch/119778 [ 4187.986752] CPU: 0 PID: 119778 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4187.999378] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4188.005285] Call Trace: [ 4188.009661] dump_stack_lvl+0x57/0x81 [ 4188.014480] print_address_description.constprop.0+0x1f/0x140 [ 4188.020431] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4188.026202] __kasan_report.cold+0x7f/0x122 [ 4188.031235] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4188.036971] kasan_report+0x38/0x50 [ 4188.041742] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 4188.047471] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4188.052847] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.058089] ? lock_acquire+0x228/0x2d0 [ 4188.063001] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4188.068631] ? do_raw_spin_lock+0x270/0x270 [ 4188.073684] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.078931] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4188.084801] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4188.090188] ? kunit_add_resource+0x197/0x280 [kunit] [ 4188.095624] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4188.100972] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4188.106379] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4188.112252] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4188.117735] kthread+0x364/0x420 [ 4188.122409] ? set_kthread_struct+0x110/0x110 [ 4188.127585] ret_from_fork+0x22/0x30 [ 4188.136338] The buggy address belongs to the page: [ 4188.141624] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4188.148883] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4188.155338] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4188.161586] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4188.168202] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4188.174756] page dumped because: kasan: bad access detected [ 4188.184312] Memory state around the buggy address: [ 4188.189642] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4188.196055] ffff88817abfe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4188.202457] >ffff88817abfe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 4188.208829] ^ [ 4188.214714] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4188.221132] ffff88817abfe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4188.227455] ================================================================== [ 4188.233925] ================================================================== [ 4188.240186] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4188.247096] Write of size 1 at addr ffff88817abfe0ea by task kunit_try_catch/119778 [ 4188.257411] CPU: 0 PID: 119778 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4188.269752] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4188.275716] Call Trace: [ 4188.280035] dump_stack_lvl+0x57/0x81 [ 4188.284878] print_address_description.constprop.0+0x1f/0x140 [ 4188.290593] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4188.296388] __kasan_report.cold+0x7f/0x122 [ 4188.301453] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4188.307285] kasan_report+0x38/0x50 [ 4188.312062] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 4188.317814] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4188.323204] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.328461] ? lock_acquire+0x228/0x2d0 [ 4188.333349] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4188.338997] ? do_raw_spin_lock+0x270/0x270 [ 4188.344052] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.349355] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4188.355215] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4188.360615] ? kunit_add_resource+0x197/0x280 [kunit] [ 4188.366050] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4188.371419] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4188.376837] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4188.382686] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4188.388138] kthread+0x364/0x420 [ 4188.392805] ? set_kthread_struct+0x110/0x110 [ 4188.397946] ret_from_fork+0x22/0x30 [ 4188.406666] The buggy address belongs to the page: [ 4188.411916] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4188.419115] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4188.425518] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4188.431683] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4188.438253] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4188.444782] page dumped because: kasan: bad access detected [ 4188.454292] Memory state around the buggy address: [ 4188.459572] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4188.465933] ffff88817abfe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4188.472271] >ffff88817abfe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 4188.478599] ^ [ 4188.484634] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4188.491010] ffff88817abfe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4188.497318] ================================================================== [ 4188.503763] ================================================================== [ 4188.509954] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4188.516783] Write of size 1 at addr ffff88817abfe0eb by task kunit_try_catch/119778 [ 4188.527068] CPU: 0 PID: 119778 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4188.539347] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4188.545249] Call Trace: [ 4188.549588] dump_stack_lvl+0x57/0x81 [ 4188.554402] print_address_description.constprop.0+0x1f/0x140 [ 4188.560113] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4188.565914] __kasan_report.cold+0x7f/0x122 [ 4188.570964] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4188.576813] kasan_report+0x38/0x50 [ 4188.581606] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 4188.587353] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 4188.592742] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.598023] ? lock_acquire+0x228/0x2d0 [ 4188.602928] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4188.608550] ? do_raw_spin_lock+0x270/0x270 [ 4188.613598] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.618855] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 4188.624729] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4188.630104] ? kunit_add_resource+0x197/0x280 [kunit] [ 4188.635539] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4188.640909] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4188.646330] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4188.652186] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4188.657659] kthread+0x364/0x420 [ 4188.662297] ? set_kthread_struct+0x110/0x110 [ 4188.667449] ret_from_fork+0x22/0x30 [ 4188.676203] The buggy address belongs to the page: [ 4188.681444] page:0000000037cef854 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17abfc [ 4188.688651] head:0000000037cef854 order:2 compound_mapcount:0 compound_pincount:0 [ 4188.695042] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 4188.701237] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 4188.707799] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 4188.714309] page dumped because: kasan: bad access detected [ 4188.723874] Memory state around the buggy address: [ 4188.729152] ffff88817abfdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4188.735510] ffff88817abfe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4188.741866] >ffff88817abfe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 4188.748196] ^ [ 4188.754251] ffff88817abfe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4188.760624] ffff88817abfe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4188.766916] ================================================================== [ 4188.772934] ok 13 - krealloc_pagealloc_less_oob [ 4188.773458] ================================================================== [ 4188.785180] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan] [ 4188.791602] Read of size 1 at addr ffff888122209c00 by task kunit_try_catch/119779 [ 4188.801925] CPU: 0 PID: 119779 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4188.814443] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4188.820508] Call Trace: [ 4188.824905] dump_stack_lvl+0x57/0x81 [ 4188.829799] print_address_description.constprop.0+0x1f/0x140 [ 4188.835590] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 4188.841031] __kasan_report.cold+0x7f/0x122 [ 4188.846163] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 4188.851603] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 4188.856969] kasan_report+0x38/0x50 [ 4188.861727] __kasan_check_byte+0x36/0x50 [ 4188.866666] krealloc+0x2e/0xe0 [ 4188.871225] krealloc_uaf+0x1c7/0x450 [test_kasan] [ 4188.876482] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 4188.882494] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.887766] ? lock_acquire+0x228/0x2d0 [ 4188.892867] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4188.898753] ? do_raw_spin_lock+0x270/0x270 [ 4188.904016] ? rcu_read_lock_sched_held+0x12/0x80 [ 4188.909491] ? lock_acquire+0x228/0x2d0 [ 4188.914596] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4188.920170] ? trace_hardirqs_on+0x1c/0x180 [ 4188.925405] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4188.930982] ? kunit_add_resource+0x197/0x280 [kunit] [ 4188.936586] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4188.942122] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4188.947633] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4188.953402] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4188.958737] kthread+0x364/0x420 [ 4188.963222] ? set_kthread_struct+0x110/0x110 [ 4188.968133] ret_from_fork+0x22/0x30 [ 4188.976384] Allocated by task 119779: [ 4188.980931] kasan_save_stack+0x1e/0x50 [ 4188.985532] __kasan_kmalloc+0x81/0xa0 [ 4188.990059] krealloc_uaf+0xaa/0x450 [test_kasan] [ 4188.995021] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4189.000092] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4189.005665] kthread+0x364/0x420 [ 4189.009986] ret_from_fork+0x22/0x30 [ 4189.018044] Freed by task 119779: [ 4189.022316] kasan_save_stack+0x1e/0x50 [ 4189.026777] kasan_set_track+0x21/0x30 [ 4189.031142] kasan_set_free_info+0x20/0x40 [ 4189.035601] __kasan_slab_free+0xec/0x120 [ 4189.039970] slab_free_freelist_hook+0xa3/0x1d0 [ 4189.044474] kfree+0xdc/0x4e0 [ 4189.048234] krealloc_uaf+0x147/0x450 [test_kasan] [ 4189.052755] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4189.057266] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4189.062361] kthread+0x364/0x420 [ 4189.066197] ret_from_fork+0x22/0x30 [ 4189.073220] The buggy address belongs to the object at ffff888122209c00 which belongs to the cache kmalloc-256 of size 256 [ 4189.083410] The buggy address is located 0 bytes inside of 256-byte region [ffff888122209c00, ffff888122209d00) [ 4189.093346] The buggy address belongs to the page: [ 4189.097961] page:0000000060a7ff89 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122208 [ 4189.104640] head:0000000060a7ff89 order:1 compound_mapcount:0 compound_pincount:0 [ 4189.110483] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4189.116329] raw: 0017ffffc0010200 0000000000000000 dead000000000001 ffff888100041b40 [ 4189.122370] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4189.128383] page dumped because: kasan: bad access detected [ 4189.136933] Memory state around the buggy address: [ 4189.141765] ffff888122209b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4189.147672] ffff888122209b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4189.153513] >ffff888122209c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4189.159348] ^ [ 4189.163522] ffff888122209c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4189.169448] ffff888122209d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4189.175333] ================================================================== [ 4189.181370] ================================================================== [ 4189.187176] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan] [ 4189.193089] Read of size 1 at addr ffff888122209c00 by task kunit_try_catch/119779 [ 4189.202674] CPU: 0 PID: 119779 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4189.214543] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4189.220348] Call Trace: [ 4189.224591] dump_stack_lvl+0x57/0x81 [ 4189.229295] print_address_description.constprop.0+0x1f/0x140 [ 4189.234910] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 4189.240181] __kasan_report.cold+0x7f/0x122 [ 4189.245107] ? __kasan_krealloc+0x110/0x130 [ 4189.250047] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 4189.255342] kasan_report+0x38/0x50 [ 4189.260036] krealloc_uaf+0x42e/0x450 [test_kasan] [ 4189.265195] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 4189.271204] ? rcu_read_lock_sched_held+0x12/0x80 [ 4189.276515] ? lock_acquire+0x228/0x2d0 [ 4189.281525] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4189.287220] ? do_raw_spin_lock+0x270/0x270 [ 4189.292335] ? rcu_read_lock_sched_held+0x12/0x80 [ 4189.297669] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit] [ 4189.303664] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4189.309136] ? kunit_add_resource+0x197/0x280 [kunit] [ 4189.314657] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4189.320085] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4189.325617] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4189.331598] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4189.337137] kthread+0x364/0x420 [ 4189.341845] ? set_kthread_struct+0x110/0x110 [ 4189.347014] ret_from_fork+0x22/0x30 [ 4189.355696] Allocated by task 119779: [ 4189.360408] kasan_save_stack+0x1e/0x50 [ 4189.365170] __kasan_kmalloc+0x81/0xa0 [ 4189.369849] krealloc_uaf+0xaa/0x450 [test_kasan] [ 4189.374930] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4189.380043] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4189.385691] kthread+0x364/0x420 [ 4189.390106] ret_from_fork+0x22/0x30 [ 4189.398246] Freed by task 119779: [ 4189.402663] kasan_save_stack+0x1e/0x50 [ 4189.407240] kasan_set_track+0x21/0x30 [ 4189.411735] kasan_set_free_info+0x20/0x40 [ 4189.416379] __kasan_slab_free+0xec/0x120 [ 4189.420944] slab_free_freelist_hook+0xa3/0x1d0 [ 4189.425767] kfree+0xdc/0x4e0 [ 4189.429866] krealloc_uaf+0x147/0x450 [test_kasan] [ 4189.434720] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4189.439568] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4189.444916] kthread+0x364/0x420 [ 4189.448918] ret_from_fork+0x22/0x30 [ 4189.456188] The buggy address belongs to the object at ffff888122209c00 which belongs to the cache kmalloc-256 of size 256 [ 4189.466644] The buggy address is located 0 bytes inside of 256-byte region [ffff888122209c00, ffff888122209d00) [ 4189.476663] The buggy address belongs to the page: [ 4189.481287] page:0000000060a7ff89 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122208 [ 4189.487917] head:0000000060a7ff89 order:1 compound_mapcount:0 compound_pincount:0 [ 4189.493786] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 4189.499625] raw: 0017ffffc0010200 0000000000000000 dead000000000001 ffff888100041b40 [ 4189.505602] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4189.511571] page dumped because: kasan: bad access detected [ 4189.520158] Memory state around the buggy address: [ 4189.524964] ffff888122209b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4189.530820] ffff888122209b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4189.536570] >ffff888122209c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4189.542317] ^ [ 4189.546481] ffff888122209c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4189.552293] ffff888122209d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4189.558094] ================================================================== [ 4189.565397] ok 14 - krealloc_uaf [ 4189.566040] ================================================================== [ 4189.576167] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 4189.582231] Write of size 16 at addr ffff888123543240 by task kunit_try_catch/119780 [ 4189.591945] CPU: 0 PID: 119780 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4189.603926] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4189.609775] Call Trace: [ 4189.614071] dump_stack_lvl+0x57/0x81 [ 4189.618895] print_address_description.constprop.0+0x1f/0x140 [ 4189.624576] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 4189.630026] __kasan_report.cold+0x7f/0x122 [ 4189.635115] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 4189.640607] kasan_report+0x38/0x50 [ 4189.645418] kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 4189.650875] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan] [ 4189.656400] ? do_raw_spin_trylock+0xb5/0x180 [ 4189.661632] ? do_raw_spin_lock+0x270/0x270 [ 4189.666776] ? rcu_read_lock_sched_held+0x12/0x80 [ 4189.672132] ? lock_acquire+0x228/0x2d0 [ 4189.677132] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4189.682622] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4189.688341] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4189.693810] ? kunit_add_resource+0x197/0x280 [kunit] [ 4189.699290] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4189.704760] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4189.710285] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4189.716253] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4189.721810] kthread+0x364/0x420 [ 4189.726538] ? set_kthread_struct+0x110/0x110 [ 4189.731742] ret_from_fork+0x22/0x30 [ 4189.740476] Allocated by task 119780: [ 4189.745199] kasan_save_stack+0x1e/0x50 [ 4189.749962] __kasan_kmalloc+0x81/0xa0 [ 4189.754635] kmalloc_oob_16+0xa4/0x3b0 [test_kasan] [ 4189.759766] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4189.764869] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4189.770453] kthread+0x364/0x420 [ 4189.774874] ret_from_fork+0x22/0x30 [ 4189.783060] The buggy address belongs to the object at ffff888123543240 which belongs to the cache kmalloc-16 of size 16 [ 4189.794224] The buggy address is located 0 bytes inside of 16-byte region [ffff888123543240, ffff888123543250) [ 4189.805033] The buggy address belongs to the page: [ 4189.810080] page:00000000f047f490 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888123543ca0 pfn:0x123543 [ 4189.817658] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4189.823727] raw: 0017ffffc0000200 ffffea000414b6c0 dead000000000002 ffff8881000413c0 [ 4189.830100] raw: ffff888123543ca0 000000008080007a 00000001ffffffff 0000000000000000 [ 4189.836449] page dumped because: kasan: bad access detected [ 4189.845615] Memory state around the buggy address: [ 4189.850594] ffff888123543100: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 4189.856604] ffff888123543180: 00 00 fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 4189.862531] >ffff888123543200: 00 00 fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 4189.868485] ^ [ 4189.873752] ffff888123543280: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 4189.879704] ffff888123543300: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 4189.885676] ================================================================== [ 4189.894717] ok 15 - kmalloc_oob_16 [ 4189.897508] ================================================================== [ 4189.908249] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 4189.914482] Read of size 16 at addr ffff888123543940 by task kunit_try_catch/119784 [ 4189.924607] CPU: 0 PID: 119784 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4189.937017] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4189.943049] Call Trace: [ 4189.947471] dump_stack_lvl+0x57/0x81 [ 4189.952370] print_address_description.constprop.0+0x1f/0x140 [ 4189.958175] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 4189.963746] __kasan_report.cold+0x7f/0x122 [ 4189.968889] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 4189.974430] kasan_report+0x38/0x50 [ 4189.979296] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 4189.984770] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan] [ 4189.990199] ? do_raw_spin_trylock+0xb5/0x180 [ 4189.995416] ? do_raw_spin_lock+0x270/0x270 [ 4190.000561] ? rcu_read_lock_sched_held+0x12/0x80 [ 4190.005941] ? lock_acquire+0x228/0x2d0 [ 4190.010957] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4190.016489] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4190.022268] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4190.027807] ? kunit_add_resource+0x197/0x280 [kunit] [ 4190.033368] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4190.038812] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4190.044325] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4190.050328] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4190.055911] kthread+0x364/0x420 [ 4190.060664] ? set_kthread_struct+0x110/0x110 [ 4190.065873] ret_from_fork+0x22/0x30 [ 4190.074728] Allocated by task 119784: [ 4190.079509] kasan_save_stack+0x1e/0x50 [ 4190.084273] __kasan_kmalloc+0x81/0xa0 [ 4190.088943] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan] [ 4190.094088] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4190.099150] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4190.104728] kthread+0x364/0x420 [ 4190.109110] ret_from_fork+0x22/0x30 [ 4190.117227] Freed by task 119784: [ 4190.121624] kasan_save_stack+0x1e/0x50 [ 4190.126197] kasan_set_track+0x21/0x30 [ 4190.130679] kasan_set_free_info+0x20/0x40 [ 4190.135309] __kasan_slab_free+0xec/0x120 [ 4190.139875] slab_free_freelist_hook+0xa3/0x1d0 [ 4190.144613] kfree+0xdc/0x4e0 [ 4190.148647] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan] [ 4190.153473] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4190.158244] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4190.163465] kthread+0x364/0x420 [ 4190.167436] ret_from_fork+0x22/0x30 [ 4190.174564] The buggy address belongs to the object at ffff888123543940 which belongs to the cache kmalloc-16 of size 16 [ 4190.184642] The buggy address is located 0 bytes inside of 16-byte region [ffff888123543940, ffff888123543950) [ 4190.194331] The buggy address belongs to the page: [ 4190.198870] page:00000000f047f490 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888123543ca0 pfn:0x123543 [ 4190.205938] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4190.211546] raw: 0017ffffc0000200 ffffea000414b6c0 dead000000000002 ffff8881000413c0 [ 4190.217514] raw: ffff888123543ca0 000000008080007a 00000001ffffffff 0000000000000000 [ 4190.223490] page dumped because: kasan: bad access detected [ 4190.232044] Memory state around the buggy address: [ 4190.236883] ffff888123543800: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc [ 4190.242741] ffff888123543880: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 4190.248583] >ffff888123543900: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 4190.254337] ^ [ 4190.259383] ffff888123543980: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 4190.265244] ffff888123543a00: 00 00 fc fc fb fb fc fc 00 00 fc fc fa fb fc fc [ 4190.271084] ================================================================== [ 4190.277782] ok 16 - kmalloc_uaf_16 [ 4190.278314] ================================================================== [ 4190.288672] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 4190.295104] Write of size 128 at addr ffff888160d47100 by task kunit_try_catch/119785 [ 4190.305044] CPU: 0 PID: 119785 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4190.317266] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4190.323265] Call Trace: [ 4190.327618] dump_stack_lvl+0x57/0x81 [ 4190.332530] print_address_description.constprop.0+0x1f/0x140 [ 4190.338157] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 4190.343925] __kasan_report.cold+0x7f/0x122 [ 4190.349023] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 4190.354048] kasan_report+0x38/0x50 [ 4190.358461] kasan_check_range+0xfd/0x1e0 [ 4190.363511] memset+0x20/0x50 [ 4190.368144] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 4190.373839] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan] [ 4190.379612] ? do_raw_spin_trylock+0xb5/0x180 [ 4190.384867] ? do_raw_spin_lock+0x270/0x270 [ 4190.390021] ? rcu_read_lock_sched_held+0x12/0x80 [ 4190.395401] ? lock_acquire+0x228/0x2d0 [ 4190.400412] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4190.405927] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4190.411660] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4190.417106] ? kunit_add_resource+0x197/0x280 [kunit] [ 4190.422641] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4190.428090] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4190.433614] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4190.439543] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4190.445083] kthread+0x364/0x420 [ 4190.449847] ? set_kthread_struct+0x110/0x110 [ 4190.455030] ret_from_fork+0x22/0x30 [ 4190.463698] Allocated by task 119785: [ 4190.468350] kasan_save_stack+0x1e/0x50 [ 4190.473051] __kasan_kmalloc+0x81/0xa0 [ 4190.477652] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan] [ 4190.482942] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4190.487991] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4190.493517] kthread+0x364/0x420 [ 4190.497937] ret_from_fork+0x22/0x30 [ 4190.506184] Last potentially related work creation: [ 4190.511207] kasan_save_stack+0x1e/0x50 [ 4190.515839] __kasan_record_aux_stack+0xb2/0xc0 [ 4190.520714] call_rcu+0xee/0x890 [ 4190.525013] inetdev_event+0x3b3/0xf40 [ 4190.529478] notifier_call_chain+0x9e/0x180 [ 4190.534058] unregister_netdevice_many+0x56b/0x11a0 [ 4190.538935] default_device_exit_batch+0x2b0/0x370 [ 4190.543742] cleanup_net+0x42b/0x9a0 [ 4190.547934] process_one_work+0x8cb/0x1590 [ 4190.552273] worker_thread+0x59b/0x1010 [ 4190.556448] kthread+0x364/0x420 [ 4190.560335] ret_from_fork+0x22/0x30 [ 4190.567484] The buggy address belongs to the object at ffff888160d47100 which belongs to the cache kmalloc-128 of size 128 [ 4190.577675] The buggy address is located 0 bytes inside of 128-byte region [ffff888160d47100, ffff888160d47180) [ 4190.587477] The buggy address belongs to the page: [ 4190.592044] page:000000000416d018 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x160d47 [ 4190.598658] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4190.604279] raw: 0017ffffc0000200 ffffea00041f5640 dead000000000004 ffff8881000418c0 [ 4190.610241] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4190.616207] page dumped because: kasan: bad access detected [ 4190.624741] Memory state around the buggy address: [ 4190.629539] ffff888160d47000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4190.635380] ffff888160d47080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4190.641244] >ffff888160d47100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4190.647104] ^ [ 4190.652954] ffff888160d47180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4190.658896] ffff888160d47200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4190.664799] ================================================================== [ 4190.671531] ok 17 - kmalloc_oob_in_memset [ 4190.671816] ================================================================== [ 4190.682550] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 4190.689052] Write of size 2 at addr ffff888160d47277 by task kunit_try_catch/119786 [ 4190.699081] CPU: 0 PID: 119786 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4190.711393] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4190.717390] Call Trace: [ 4190.721765] dump_stack_lvl+0x57/0x81 [ 4190.726635] print_address_description.constprop.0+0x1f/0x140 [ 4190.732396] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 4190.738096] __kasan_report.cold+0x7f/0x122 [ 4190.743229] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 4190.748989] kasan_report+0x38/0x50 [ 4190.753846] kasan_check_range+0xfd/0x1e0 [ 4190.758909] memset+0x20/0x50 [ 4190.763528] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 4190.769223] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan] [ 4190.775025] ? do_raw_spin_trylock+0xb5/0x180 [ 4190.780287] ? do_raw_spin_lock+0x270/0x270 [ 4190.785453] ? rcu_read_lock_sched_held+0x12/0x80 [ 4190.790819] ? lock_acquire+0x228/0x2d0 [ 4190.795841] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4190.801349] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4190.807134] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4190.812678] ? kunit_add_resource+0x197/0x280 [kunit] [ 4190.818265] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4190.823800] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4190.829399] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4190.835436] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4190.841083] kthread+0x364/0x420 [ 4190.845883] ? set_kthread_struct+0x110/0x110 [ 4190.851126] ret_from_fork+0x22/0x30 [ 4190.859883] Allocated by task 119786: [ 4190.864616] kasan_save_stack+0x1e/0x50 [ 4190.869413] __kasan_kmalloc+0x81/0xa0 [ 4190.874081] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan] [ 4190.879493] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4190.884689] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4190.890338] kthread+0x364/0x420 [ 4190.894839] ret_from_fork+0x22/0x30 [ 4190.903155] The buggy address belongs to the object at ffff888160d47200 which belongs to the cache kmalloc-128 of size 128 [ 4190.914453] The buggy address is located 119 bytes inside of 128-byte region [ffff888160d47200, ffff888160d47280) [ 4190.925415] The buggy address belongs to the page: [ 4190.930431] page:000000000416d018 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x160d47 [ 4190.937425] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4190.943398] raw: 0017ffffc0000200 ffffea00041f5640 dead000000000004 ffff8881000418c0 [ 4190.949718] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4190.955971] page dumped because: kasan: bad access detected [ 4190.964823] Memory state around the buggy address: [ 4190.969734] ffff888160d47100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4190.975705] ffff888160d47180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4190.981646] >ffff888160d47200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4190.987588] ^ [ 4190.993520] ffff888160d47280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4190.999535] ffff888160d47300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4191.005549] ================================================================== [ 4191.012399] ok 18 - kmalloc_oob_memset_2 [ 4191.012802] ================================================================== [ 4191.023780] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 4191.030405] Write of size 4 at addr ffff888160d47a75 by task kunit_try_catch/119787 [ 4191.040651] CPU: 0 PID: 119787 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4191.053135] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4191.059182] Call Trace: [ 4191.063696] dump_stack_lvl+0x57/0x81 [ 4191.068669] print_address_description.constprop.0+0x1f/0x140 [ 4191.074522] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 4191.080360] __kasan_report.cold+0x7f/0x122 [ 4191.085588] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 4191.091451] kasan_report+0x38/0x50 [ 4191.096381] kasan_check_range+0xfd/0x1e0 [ 4191.101497] memset+0x20/0x50 [ 4191.106176] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 4191.111946] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan] [ 4191.117815] ? do_raw_spin_trylock+0xb5/0x180 [ 4191.123170] ? do_raw_spin_lock+0x270/0x270 [ 4191.128459] ? rcu_read_lock_sched_held+0x12/0x80 [ 4191.133948] ? lock_acquire+0x228/0x2d0 [ 4191.139051] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4191.144638] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4191.150443] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4191.156007] ? kunit_add_resource+0x197/0x280 [kunit] [ 4191.161638] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4191.167204] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4191.172858] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4191.178906] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4191.184561] kthread+0x364/0x420 [ 4191.189401] ? set_kthread_struct+0x110/0x110 [ 4191.194698] ret_from_fork+0x22/0x30 [ 4191.203481] Allocated by task 119787: [ 4191.208268] kasan_save_stack+0x1e/0x50 [ 4191.213109] __kasan_kmalloc+0x81/0xa0 [ 4191.217829] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan] [ 4191.223244] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4191.228462] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4191.234178] kthread+0x364/0x420 [ 4191.238695] ret_from_fork+0x22/0x30 [ 4191.247033] The buggy address belongs to the object at ffff888160d47a00 which belongs to the cache kmalloc-128 of size 128 [ 4191.258307] The buggy address is located 117 bytes inside of 128-byte region [ffff888160d47a00, ffff888160d47a80) [ 4191.269244] The buggy address belongs to the page: [ 4191.274284] page:000000000416d018 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x160d47 [ 4191.281255] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4191.287235] raw: 0017ffffc0000200 ffffea00041f5640 dead000000000004 ffff8881000418c0 [ 4191.293535] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4191.299794] page dumped because: kasan: bad access detected [ 4191.308656] Memory state around the buggy address: [ 4191.313562] ffff888160d47900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4191.319569] ffff888160d47980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4191.325556] >ffff888160d47a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4191.331542] ^ [ 4191.337513] ffff888160d47a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4191.343537] ffff888160d47b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4191.349553] ================================================================== [ 4191.356427] ok 19 - kmalloc_oob_memset_4 [ 4191.356693] ================================================================== [ 4191.367643] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 4191.374295] Write of size 8 at addr ffff888160d47071 by task kunit_try_catch/119788 [ 4191.384536] CPU: 0 PID: 119788 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4191.397138] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4191.403213] Call Trace: [ 4191.407692] dump_stack_lvl+0x57/0x81 [ 4191.412671] print_address_description.constprop.0+0x1f/0x140 [ 4191.418530] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 4191.424365] __kasan_report.cold+0x7f/0x122 [ 4191.429585] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 4191.435405] kasan_report+0x38/0x50 [ 4191.440330] kasan_check_range+0xfd/0x1e0 [ 4191.445488] memset+0x20/0x50 [ 4191.450155] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 4191.455867] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan] [ 4191.461695] ? do_raw_spin_trylock+0xb5/0x180 [ 4191.466991] ? do_raw_spin_lock+0x270/0x270 [ 4191.472183] ? rcu_read_lock_sched_held+0x12/0x80 [ 4191.477606] ? lock_acquire+0x228/0x2d0 [ 4191.482678] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4191.488175] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4191.493901] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4191.499393] ? kunit_add_resource+0x197/0x280 [kunit] [ 4191.504945] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4191.510499] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4191.516103] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4191.522144] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4191.527773] kthread+0x364/0x420 [ 4191.532592] ? set_kthread_struct+0x110/0x110 [ 4191.537860] ret_from_fork+0x22/0x30 [ 4191.546690] Allocated by task 119788: [ 4191.551453] kasan_save_stack+0x1e/0x50 [ 4191.556287] __kasan_kmalloc+0x81/0xa0 [ 4191.561012] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan] [ 4191.566437] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4191.571668] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4191.577370] kthread+0x364/0x420 [ 4191.581896] ret_from_fork+0x22/0x30 [ 4191.590187] The buggy address belongs to the object at ffff888160d47000 which belongs to the cache kmalloc-128 of size 128 [ 4191.601578] The buggy address is located 113 bytes inside of 128-byte region [ffff888160d47000, ffff888160d47080) [ 4191.612499] The buggy address belongs to the page: [ 4191.617558] page:000000000416d018 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x160d47 [ 4191.624553] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4191.630542] raw: 0017ffffc0000200 ffffea00041f5640 dead000000000004 ffff8881000418c0 [ 4191.636860] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4191.643107] page dumped because: kasan: bad access detected [ 4191.651978] Memory state around the buggy address: [ 4191.656927] ffff888160d46f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4191.662926] ffff888160d46f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4191.668887] >ffff888160d47000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4191.674802] ^ [ 4191.680691] ffff888160d47080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4191.686635] ffff888160d47100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4191.692527] ================================================================== [ 4191.701153] ok 20 - kmalloc_oob_memset_8 [ 4191.706768] ================================================================== [ 4191.717803] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 4191.724539] Write of size 16 at addr ffff888126deb169 by task kunit_try_catch/119790 [ 4191.734826] CPU: 1 PID: 119790 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4191.747452] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4191.753598] Call Trace: [ 4191.758046] dump_stack_lvl+0x57/0x81 [ 4191.763000] print_address_description.constprop.0+0x1f/0x140 [ 4191.768919] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 4191.774837] __kasan_report.cold+0x7f/0x122 [ 4191.780043] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 4191.785895] kasan_report+0x38/0x50 [ 4191.790806] kasan_check_range+0xfd/0x1e0 [ 4191.795911] memset+0x20/0x50 [ 4191.800541] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 4191.806341] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan] [ 4191.812149] ? do_raw_spin_trylock+0xb5/0x180 [ 4191.817497] ? do_raw_spin_lock+0x270/0x270 [ 4191.822735] ? rcu_read_lock_sched_held+0x12/0x80 [ 4191.828214] ? lock_acquire+0x228/0x2d0 [ 4191.833263] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4191.838824] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4191.844638] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4191.850192] ? kunit_add_resource+0x197/0x280 [kunit] [ 4191.855808] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4191.861350] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4191.866935] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4191.872944] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4191.878558] kthread+0x364/0x420 [ 4191.883337] ? set_kthread_struct+0x110/0x110 [ 4191.888575] ret_from_fork+0x22/0x30 [ 4191.897225] Allocated by task 119790: [ 4191.901942] kasan_save_stack+0x1e/0x50 [ 4191.906690] __kasan_kmalloc+0x81/0xa0 [ 4191.911355] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan] [ 4191.916800] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4191.922014] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4191.927727] kthread+0x364/0x420 [ 4191.932247] ret_from_fork+0x22/0x30 [ 4191.940635] The buggy address belongs to the object at ffff888126deb100 which belongs to the cache kmalloc-128 of size 128 [ 4191.952128] The buggy address is located 105 bytes inside of 128-byte region [ffff888126deb100, ffff888126deb180) [ 4191.963275] The buggy address belongs to the page: [ 4191.968393] page:0000000087df6154 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x126deb [ 4191.975509] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4191.981591] raw: 0017ffffc0000200 ffffea000413cd40 dead000000000003 ffff8881000418c0 [ 4191.988006] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4191.994362] page dumped because: kasan: bad access detected [ 4192.003330] Memory state around the buggy address: [ 4192.008344] ffff888126deb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4192.014412] ffff888126deb080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4192.020501] >ffff888126deb100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4192.026570] ^ [ 4192.032611] ffff888126deb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4192.038718] ffff888126deb200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 4192.044838] ================================================================== [ 4192.051168] ok 21 - kmalloc_oob_memset_16 [ 4192.059245] ================================================================== [ 4192.070271] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 4192.077036] Read of size 18446744073709551614 at addr ffff888109ce7d84 by task kunit_try_catch/119792 [ 4192.087939] CPU: 0 PID: 119792 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4192.100122] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4192.105947] Call Trace: [ 4192.110458] dump_stack_lvl+0x57/0x81 [ 4192.115473] print_address_description.constprop.0+0x1f/0x140 [ 4192.121340] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 4192.127547] __kasan_report.cold+0x7f/0x122 [ 4192.132816] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 4192.139033] kasan_report+0x38/0x50 [ 4192.144045] kasan_check_range+0xfd/0x1e0 [ 4192.149259] memmove+0x20/0x60 [ 4192.154083] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 4192.160262] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan] [ 4192.166511] ? do_raw_spin_trylock+0xb5/0x180 [ 4192.171977] ? do_raw_spin_lock+0x270/0x270 [ 4192.177331] ? rcu_read_lock_sched_held+0x12/0x80 [ 4192.182928] ? lock_acquire+0x228/0x2d0 [ 4192.188147] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4192.193839] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4192.199769] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4192.205416] ? kunit_add_resource+0x197/0x280 [kunit] [ 4192.211151] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4192.216831] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4192.222539] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4192.228735] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4192.234487] kthread+0x364/0x420 [ 4192.239430] ? set_kthread_struct+0x110/0x110 [ 4192.244803] ret_from_fork+0x22/0x30 [ 4192.253803] Allocated by task 119792: [ 4192.258650] kasan_save_stack+0x1e/0x50 [ 4192.263567] __kasan_kmalloc+0x81/0xa0 [ 4192.268404] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan] [ 4192.274247] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4192.279566] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4192.285382] kthread+0x364/0x420 [ 4192.290019] ret_from_fork+0x22/0x30 [ 4192.298596] The buggy address belongs to the object at ffff888109ce7d80 which belongs to the cache kmalloc-64 of size 64 [ 4192.310109] The buggy address is located 4 bytes inside of 64-byte region [ffff888109ce7d80, ffff888109ce7dc0) [ 4192.321180] The buggy address belongs to the page: [ 4192.326334] page:0000000055199120 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ce7 [ 4192.333430] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4192.339549] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041640 [ 4192.345942] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 4192.352289] page dumped because: kasan: bad access detected [ 4192.361296] Memory state around the buggy address: [ 4192.366304] ffff888109ce7c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 4192.372376] ffff888109ce7d00: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 4192.378424] >ffff888109ce7d80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 4192.384390] ^ [ 4192.388711] ffff888109ce7e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 4192.394718] ffff888109ce7e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 4192.400625] ================================================================== [ 4192.408402] ok 22 - kmalloc_memmove_negative_size [ 4192.408713] ================================================================== [ 4192.419943] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 4192.426789] Read of size 64 at addr ffff888109ce7884 by task kunit_try_catch/119795 [ 4192.436874] CPU: 0 PID: 119795 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4192.449309] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4192.455349] Call Trace: [ 4192.459768] dump_stack_lvl+0x57/0x81 [ 4192.464699] print_address_description.constprop.0+0x1f/0x140 [ 4192.470509] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 4192.476581] __kasan_report.cold+0x7f/0x122 [ 4192.481786] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 4192.487908] kasan_report+0x38/0x50 [ 4192.492822] kasan_check_range+0xfd/0x1e0 [ 4192.497928] memmove+0x20/0x60 [ 4192.502616] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 4192.508713] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan] [ 4192.514619] ? do_raw_spin_trylock+0xb5/0x180 [ 4192.519974] ? do_raw_spin_lock+0x270/0x270 [ 4192.525242] ? rcu_read_lock_sched_held+0x12/0x80 [ 4192.530756] ? lock_acquire+0x228/0x2d0 [ 4192.535844] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4192.541399] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4192.547227] ? kunit_add_resource+0x197/0x280 [kunit] [ 4192.552812] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4192.558327] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4192.563937] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4192.569975] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4192.575589] kthread+0x364/0x420 [ 4192.580386] ? set_kthread_struct+0x110/0x110 [ 4192.585662] ret_from_fork+0x22/0x30 [ 4192.594476] Allocated by task 119795: [ 4192.599277] kasan_save_stack+0x1e/0x50 [ 4192.604090] __kasan_kmalloc+0x81/0xa0 [ 4192.608834] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan] [ 4192.614541] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4192.619773] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4192.625506] kthread+0x364/0x420 [ 4192.630006] ret_from_fork+0x22/0x30 [ 4192.638430] The buggy address belongs to the object at ffff888109ce7880 which belongs to the cache kmalloc-64 of size 64 [ 4192.649896] The buggy address is located 4 bytes inside of 64-byte region [ffff888109ce7880, ffff888109ce78c0) [ 4192.661051] The buggy address belongs to the page: [ 4192.666243] page:0000000055199120 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ce7 [ 4192.673441] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4192.679628] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041640 [ 4192.686105] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 4192.692554] page dumped because: kasan: bad access detected [ 4192.701701] Memory state around the buggy address: [ 4192.706751] ffff888109ce7780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 4192.712849] ffff888109ce7800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 4192.718961] >ffff888109ce7880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 4192.725015] ^ [ 4192.730236] ffff888109ce7900: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 4192.736314] ffff888109ce7980: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 4192.742318] ================================================================== [ 4192.749108] ok 23 - kmalloc_memmove_invalid_size [ 4192.749586] ================================================================== [ 4192.760741] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 4192.766881] Read of size 1 at addr ffff888123543bc8 by task kunit_try_catch/119796 [ 4192.776883] CPU: 0 PID: 119796 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4192.789271] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4192.795279] Call Trace: [ 4192.799655] dump_stack_lvl+0x57/0x81 [ 4192.804499] print_address_description.constprop.0+0x1f/0x140 [ 4192.810285] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 4192.815729] __kasan_report.cold+0x7f/0x122 [ 4192.820859] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 4192.826288] kasan_report+0x38/0x50 [ 4192.831081] kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 4192.836402] ? kmalloc_uaf2+0x430/0x430 [test_kasan] [ 4192.841850] ? do_raw_spin_trylock+0xb5/0x180 [ 4192.847024] ? do_raw_spin_lock+0x270/0x270 [ 4192.852123] ? rcu_read_lock_sched_held+0x12/0x80 [ 4192.857456] ? lock_acquire+0x228/0x2d0 [ 4192.862417] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4192.867898] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4192.873611] ? kunit_add_resource+0x197/0x280 [kunit] [ 4192.879114] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4192.884492] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4192.889959] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4192.895889] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4192.901438] kthread+0x364/0x420 [ 4192.906145] ? set_kthread_struct+0x110/0x110 [ 4192.911306] ret_from_fork+0x22/0x30 [ 4192.920008] Allocated by task 119796: [ 4192.924822] kasan_save_stack+0x1e/0x50 [ 4192.929575] __kasan_kmalloc+0x81/0xa0 [ 4192.934225] kmalloc_uaf+0x98/0x2b0 [test_kasan] [ 4192.939202] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4192.944265] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4192.949816] kthread+0x364/0x420 [ 4192.954155] ret_from_fork+0x22/0x30 [ 4192.962142] Freed by task 119796: [ 4192.966442] kasan_save_stack+0x1e/0x50 [ 4192.970990] kasan_set_track+0x21/0x30 [ 4192.975451] kasan_set_free_info+0x20/0x40 [ 4192.980003] __kasan_slab_free+0xec/0x120 [ 4192.984549] slab_free_freelist_hook+0xa3/0x1d0 [ 4192.989288] kfree+0xdc/0x4e0 [ 4192.993333] kmalloc_uaf+0x12b/0x2b0 [test_kasan] [ 4192.998062] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4193.002844] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4193.008106] kthread+0x364/0x420 [ 4193.011162] ret_from_fork+0x22/0x30 [ 4193.015459] The buggy address belongs to the object at ffff888123543bc0 which belongs to the cache kmalloc-16 of size 16 [ 4193.022315] The buggy address is located 8 bytes inside of 16-byte region [ffff888123543bc0, ffff888123543bd0) [ 4193.032044] The buggy address belongs to the page: [ 4193.036542] page:00000000f047f490 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888123543ca0 pfn:0x123543 [ 4193.043557] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4193.049133] raw: 0017ffffc0000200 ffffea000414b6c0 dead000000000002 ffff8881000413c0 [ 4193.055095] raw: ffff888123543ca0 000000008080007a 00000001ffffffff 0000000000000000 [ 4193.061045] page dumped because: kasan: bad access detected [ 4193.069580] Memory state around the buggy address: [ 4193.074393] ffff888123543a80: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 4193.080254] ffff888123543b00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 4193.086095] >ffff888123543b80: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 4193.091910] ^ [ 4193.097069] ffff888123543c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 4193.102917] ffff888123543c80: fa fb fc fc fb fb fc fc 00 00 fc fc fb fb fc fc [ 4193.108734] ================================================================== [ 4193.115286] ok 24 - kmalloc_uaf [ 4193.115660] ================================================================== [ 4193.125909] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 4193.132154] Write of size 33 at addr ffff888109ce7400 by task kunit_try_catch/119797 [ 4193.142104] CPU: 0 PID: 119797 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4193.154304] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4193.160243] Call Trace: [ 4193.164585] dump_stack_lvl+0x57/0x81 [ 4193.169446] print_address_description.constprop.0+0x1f/0x140 [ 4193.175185] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 4193.180862] __kasan_report.cold+0x7f/0x122 [ 4193.185957] ? kmalloc_uaf_memset+0xf1/0x280 [test_kasan] [ 4193.191586] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 4193.197272] kasan_report+0x38/0x50 [ 4193.202115] kasan_check_range+0xfd/0x1e0 [ 4193.207190] memset+0x20/0x50 [ 4193.211825] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 4193.217508] ? kmem_cache_accounted+0x170/0x170 [test_kasan] [ 4193.223353] ? do_raw_spin_trylock+0xb5/0x180 [ 4193.228677] ? do_raw_spin_lock+0x270/0x270 [ 4193.233882] ? rcu_read_lock_sched_held+0x12/0x80 [ 4193.239305] ? lock_acquire+0x228/0x2d0 [ 4193.244358] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4193.249898] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4193.261813] ? kunit_add_resource+0x197/0x280 [kunit] [ 4193.267622] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4193.273183] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4193.278889] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4193.284899] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4193.290687] kthread+0x364/0x420 [ 4193.295442] ? set_kthread_struct+0x110/0x110 [ 4193.300656] ret_from_fork+0x22/0x30 [ 4193.309245] Allocated by task 119797: [ 4193.313952] kasan_save_stack+0x1e/0x50 [ 4193.318678] __kasan_kmalloc+0x81/0xa0 [ 4193.323302] kmalloc_uaf_memset+0x9a/0x280 [test_kasan] [ 4193.328572] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4193.333693] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4193.339318] kthread+0x364/0x420 [ 4193.343738] ret_from_fork+0x22/0x30 [ 4193.351912] Freed by task 119797: [ 4193.356280] kasan_save_stack+0x1e/0x50 [ 4193.360914] kasan_set_track+0x21/0x30 [ 4193.365425] kasan_set_free_info+0x20/0x40 [ 4193.370053] __kasan_slab_free+0xec/0x120 [ 4193.374586] slab_free_freelist_hook+0xa3/0x1d0 [ 4193.379309] kfree+0xdc/0x4e0 [ 4193.383302] kmalloc_uaf_memset+0x137/0x280 [test_kasan] [ 4193.388284] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4193.392999] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4193.398152] kthread+0x364/0x420 [ 4193.402064] ret_from_fork+0x22/0x30 [ 4193.409169] The buggy address belongs to the object at ffff888109ce7400 which belongs to the cache kmalloc-64 of size 64 [ 4193.419313] The buggy address is located 0 bytes inside of 64-byte region [ffff888109ce7400, ffff888109ce7440) [ 4193.429055] The buggy address belongs to the page: [ 4193.433599] page:0000000055199120 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ce7 [ 4193.440271] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4193.445925] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041640 [ 4193.451985] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 4193.458050] page dumped because: kasan: bad access detected [ 4193.466616] Memory state around the buggy address: [ 4193.471464] ffff888109ce7300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 4193.477419] ffff888109ce7380: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 4193.483376] >ffff888109ce7400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 4193.489303] ^ [ 4193.493526] ffff888109ce7480: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 4193.499520] ffff888109ce7500: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 4193.505461] ================================================================== [ 4193.512630] ok 25 - kmalloc_uaf_memset [ 4193.513748] ================================================================== [ 4193.524375] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan] [ 4193.530421] Read of size 1 at addr ffff888109ce7fa8 by task kunit_try_catch/119798 [ 4193.540240] CPU: 0 PID: 119798 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4193.552431] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4193.558370] Call Trace: [ 4193.562686] dump_stack_lvl+0x57/0x81 [ 4193.567500] print_address_description.constprop.0+0x1f/0x140 [ 4193.573243] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 4193.578605] __kasan_report.cold+0x7f/0x122 [ 4193.583633] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 4193.589043] kasan_report+0x38/0x50 [ 4193.593826] kmalloc_uaf2+0x402/0x430 [test_kasan] [ 4193.599206] ? kfree_via_page+0x290/0x290 [test_kasan] [ 4193.604738] ? rcu_read_lock_sched_held+0x12/0x80 [ 4193.610088] ? lock_acquire+0x228/0x2d0 [ 4193.615082] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4193.620828] ? do_raw_spin_lock+0x270/0x270 [ 4193.625983] ? rcu_read_lock_sched_held+0x12/0x80 [ 4193.631373] ? lock_acquire+0x228/0x2d0 [ 4193.636408] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4193.641932] ? trace_hardirqs_on+0x1c/0x180 [ 4193.647095] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4193.652580] ? kunit_add_resource+0x197/0x280 [kunit] [ 4193.658115] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4193.663601] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4193.669158] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4193.675148] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4193.680707] kthread+0x364/0x420 [ 4193.685426] ? set_kthread_struct+0x110/0x110 [ 4193.690598] ret_from_fork+0x22/0x30 [ 4193.699219] Allocated by task 119798: [ 4193.703904] kasan_save_stack+0x1e/0x50 [ 4193.708621] __kasan_kmalloc+0x81/0xa0 [ 4193.713274] kmalloc_uaf2+0xad/0x430 [test_kasan] [ 4193.718311] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4193.723433] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4193.729038] kthread+0x364/0x420 [ 4193.733460] ret_from_fork+0x22/0x30 [ 4193.741676] Freed by task 119798: [ 4193.746029] kasan_save_stack+0x1e/0x50 [ 4193.750640] kasan_set_track+0x21/0x30 [ 4193.755176] kasan_set_free_info+0x20/0x40 [ 4193.759778] __kasan_slab_free+0xec/0x120 [ 4193.764312] slab_free_freelist_hook+0xa3/0x1d0 [ 4193.769011] kfree+0xdc/0x4e0 [ 4193.773007] kmalloc_uaf2+0x144/0x430 [test_kasan] [ 4193.777771] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4193.782473] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4193.787638] kthread+0x364/0x420 [ 4193.791566] ret_from_fork+0x22/0x30 [ 4193.798711] The buggy address belongs to the object at ffff888109ce7f80 which belongs to the cache kmalloc-64 of size 64 [ 4193.808891] The buggy address is located 40 bytes inside of 64-byte region [ffff888109ce7f80, ffff888109ce7fc0) [ 4193.818777] The buggy address belongs to the page: [ 4193.823363] page:0000000055199120 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ce7 [ 4193.829992] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4193.835632] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041640 [ 4193.841669] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 4193.847721] page dumped because: kasan: bad access detected [ 4193.856248] Memory state around the buggy address: [ 4193.861053] ffff888109ce7e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 4193.866943] ffff888109ce7f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 4193.872783] >ffff888109ce7f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 4193.878590] ^ [ 4193.883296] ffff888109ce8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4193.889208] ffff888109ce8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4193.895077] ================================================================== [ 4193.901598] ok 26 - kmalloc_uaf2 [ 4193.903352] ok 27 - kfree_via_page [ 4193.908884] ok 28 - kfree_via_phys [ 4193.914734] ================================================================== [ 4193.924976] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 4193.931340] Read of size 1 at addr ffff8881068073e0 by task kunit_try_catch/119801 [ 4193.941276] CPU: 0 PID: 119801 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4193.953342] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4193.959212] Call Trace: [ 4193.963423] dump_stack_lvl+0x57/0x81 [ 4193.968145] print_address_description.constprop.0+0x1f/0x140 [ 4193.973738] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 4193.979090] __kasan_report.cold+0x7f/0x122 [ 4193.984064] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 4193.989499] kasan_report+0x38/0x50 [ 4193.994230] kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 4193.999643] ? kmem_cache_double_free+0x280/0x280 [test_kasan] [ 4194.005448] ? do_raw_spin_trylock+0xb5/0x180 [ 4194.010648] ? do_raw_spin_lock+0x270/0x270 [ 4194.015760] ? rcu_read_lock_sched_held+0x12/0x80 [ 4194.021085] ? lock_acquire+0x228/0x2d0 [ 4194.026045] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4194.031475] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4194.037161] ? kunit_add_resource+0x197/0x280 [kunit] [ 4194.042604] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4194.048009] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4194.053481] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4194.059377] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4194.064871] kthread+0x364/0x420 [ 4194.069512] ? set_kthread_struct+0x110/0x110 [ 4194.074679] ret_from_fork+0x22/0x30 [ 4194.083269] Allocated by task 119801: [ 4194.087906] kasan_save_stack+0x1e/0x50 [ 4194.092537] __kasan_slab_alloc+0x66/0x80 [ 4194.097248] kmem_cache_alloc+0x161/0x310 [ 4194.101931] kmem_cache_oob+0x121/0x2e0 [test_kasan] [ 4194.107000] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4194.112038] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4194.117562] kthread+0x364/0x420 [ 4194.121913] ret_from_fork+0x22/0x30 [ 4194.129957] The buggy address belongs to the object at ffff888106807318 which belongs to the cache test_cache of size 200 [ 4194.141088] The buggy address is located 0 bytes to the right of 200-byte region [ffff888106807318, ffff8881068073e0) [ 4194.152113] The buggy address belongs to the page: [ 4194.157169] page:00000000b91f4e7c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106807 [ 4194.164301] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4194.170425] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff88812199cc80 [ 4194.176893] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 4194.183303] page dumped because: kasan: bad access detected [ 4194.192418] Memory state around the buggy address: [ 4194.197415] ffff888106807280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4194.203452] ffff888106807300: fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4194.209460] >ffff888106807380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 4194.215486] ^ [ 4194.221169] ffff888106807400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4194.227217] ffff888106807480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4194.233238] ================================================================== [ 4194.259911] ok 29 - kmem_cache_oob [ 4194.793065] ok 30 - kmem_cache_accounted [ 4194.807317] ok 31 - kmem_cache_bulk [ 4194.813024] ================================================================== [ 4194.823807] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 4194.830641] Read of size 1 at addr ffffffffc1a5c3cd by task kunit_try_catch/119804 [ 4194.840779] CPU: 1 PID: 119804 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4194.853315] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4194.859408] Call Trace: [ 4194.863815] dump_stack_lvl+0x57/0x81 [ 4194.868712] print_address_description.constprop.0+0x1f/0x140 [ 4194.874538] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 4194.880399] __kasan_report.cold+0x7f/0x122 [ 4194.885549] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 4194.891437] kasan_report+0x38/0x50 [ 4194.896301] kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 4194.902138] ? kasan_stack_oob+0x200/0x200 [test_kasan] [ 4194.907808] ? do_raw_spin_trylock+0xb5/0x180 [ 4194.913076] ? do_raw_spin_lock+0x270/0x270 [ 4194.918263] ? rcu_read_lock_sched_held+0x12/0x80 [ 4194.923707] ? lock_acquire+0x228/0x2d0 [ 4194.928786] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4194.934265] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4194.940066] ? kunit_add_resource+0x197/0x280 [kunit] [ 4194.945655] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4194.951181] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4194.956778] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4194.962877] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4194.968514] kthread+0x364/0x420 [ 4194.973291] ? set_kthread_struct+0x110/0x110 [ 4194.978570] ret_from_fork+0x22/0x30 [ 4194.987363] The buggy address belongs to the variable: [ 4194.992798] global_array+0xd/0xfffffffffffe6c40 [test_kasan] [ 4195.002272] Memory state around the buggy address: [ 4195.007467] ffffffffc1a5c280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.013828] ffffffffc1a5c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.020101] >ffffffffc1a5c380: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 4195.026333] ^ [ 4195.031874] ffffffffc1a5c400: 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 4195.038209] ffffffffc1a5c480: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 [ 4195.044475] ================================================================== [ 4195.051989] ok 32 - kasan_global_oob_right [ 4195.052314] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y [ 4195.058135] ================================================================== [ 4195.070785] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 4195.077334] Read of size 1 at addr ffffc900012dfe72 by task kunit_try_catch/119806 [ 4195.087720] CPU: 0 PID: 119806 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4195.100233] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4195.106264] Call Trace: [ 4195.110569] dump_stack_lvl+0x57/0x81 [ 4195.115296] print_address_description.constprop.0+0x1f/0x140 [ 4195.120912] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 4195.126275] __kasan_report.cold+0x7f/0x122 [ 4195.131210] ? pick_next_task_fair+0x3a0/0xe50 [ 4195.136242] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 4195.141570] kasan_report+0x38/0x50 [ 4195.146180] kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 4195.151444] ? match_all_mem_tag+0x20/0x20 [test_kasan] [ 4195.156780] ? do_raw_spin_trylock+0xb5/0x180 [ 4195.161753] ? do_raw_spin_lock+0x270/0x270 [ 4195.166599] ? rcu_read_lock_sched_held+0x12/0x80 [ 4195.171658] ? lock_acquire+0x228/0x2d0 [ 4195.176373] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4195.181570] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4195.187045] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4195.192255] ? kunit_add_resource+0x197/0x280 [kunit] [ 4195.197518] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4195.202697] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4195.207959] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4195.213637] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4195.218953] kthread+0x364/0x420 [ 4195.223436] ? set_kthread_struct+0x110/0x110 [ 4195.228406] ret_from_fork+0x22/0x30 [ 4195.240468] addr ffffc900012dfe72 is located in stack of task kunit_try_catch/119806 at offset 266 in frame: [ 4195.247715] kasan_stack_oob+0x0/0x200 [test_kasan] [ 4195.256747] this frame has 4 objects: [ 4195.261440] [48, 56) 'array' [ 4195.261448] [80, 128) '__assertion' [ 4195.265822] [160, 224) '__assertion' [ 4195.270438] [256, 266) 'stack_array' [ 4195.283364] Memory state around the buggy address: [ 4195.288413] ffffc900012dfd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 4195.294501] ffffc900012dfd80: f1 00 00 00 f2 f2 f2 00 00 00 00 00 00 f2 f2 f2 [ 4195.300530] >ffffc900012dfe00: f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02 f3 [ 4195.306524] ^ [ 4195.312385] ffffc900012dfe80: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.318351] ffffc900012dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.324270] ================================================================== [ 4195.330309] ok 34 - kasan_stack_oob [ 4195.330504] ================================================================== [ 4195.338185] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 4195.344551] Read of size 1 at addr ffffc900012efd1f by task kunit_try_catch/119807 [ 4195.352591] CPU: 0 PID: 119807 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4195.364213] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4195.369837] Call Trace: [ 4195.373905] dump_stack_lvl+0x57/0x81 [ 4195.378447] print_address_description.constprop.0+0x1f/0x140 [ 4195.383887] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 4195.389330] __kasan_report.cold+0x7f/0x122 [ 4195.394152] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 4195.399593] kasan_report+0x38/0x50 [ 4195.404157] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 4195.409580] ? pick_next_task_fair+0x46a/0xe50 [ 4195.414530] ? rcu_read_lock_sched_held+0x12/0x80 [ 4195.419582] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan] [ 4195.425112] ? do_raw_spin_trylock+0xb5/0x180 [ 4195.430054] ? do_raw_spin_lock+0x270/0x270 [ 4195.434892] ? rcu_read_lock_sched_held+0x12/0x80 [ 4195.439930] ? lock_acquire+0x228/0x2d0 [ 4195.444596] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4195.449731] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4195.455098] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4195.460212] ? kunit_add_resource+0x197/0x280 [kunit] [ 4195.465412] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4195.470477] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4195.475697] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4195.481379] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4195.486603] kthread+0x364/0x420 [ 4195.490997] ? set_kthread_struct+0x110/0x110 [ 4195.495854] ret_from_fork+0x22/0x30 [ 4195.507653] Memory state around the buggy address: [ 4195.512674] ffffc900012efc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.518719] ffffc900012efc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.524741] >ffffc900012efd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 f1 [ 4195.530871] ^ [ 4195.535625] ffffc900012efd80: f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 00 f2 [ 4195.541811] ffffc900012efe00: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 4195.547979] ================================================================== [ 4195.554716] ok 35 - kasan_alloca_oob_left [ 4195.555141] ================================================================== [ 4195.566416] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 4195.573315] Read of size 1 at addr ffffc9000135fd2a by task kunit_try_catch/119808 [ 4195.583584] CPU: 0 PID: 119808 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4195.596038] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4195.601993] Call Trace: [ 4195.606239] dump_stack_lvl+0x57/0x81 [ 4195.610926] print_address_description.constprop.0+0x1f/0x140 [ 4195.616452] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 4195.622050] __kasan_report.cold+0x7f/0x122 [ 4195.626955] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 4195.632533] kasan_report+0x38/0x50 [ 4195.637136] kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 4195.642671] ? pick_next_task_fair+0x46a/0xe50 [ 4195.647667] ? rcu_read_lock_sched_held+0x12/0x80 [ 4195.652787] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan] [ 4195.658377] ? do_raw_spin_trylock+0xb5/0x180 [ 4195.663347] ? do_raw_spin_lock+0x270/0x270 [ 4195.668212] ? rcu_read_lock_sched_held+0x12/0x80 [ 4195.673286] ? lock_acquire+0x228/0x2d0 [ 4195.677989] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4195.683197] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4195.688636] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4195.693839] ? kunit_add_resource+0x197/0x280 [kunit] [ 4195.699096] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4195.704298] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4195.709523] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4195.715167] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4195.720483] kthread+0x364/0x420 [ 4195.724992] ? set_kthread_struct+0x110/0x110 [ 4195.729974] ret_from_fork+0x22/0x30 [ 4195.741969] Memory state around the buggy address: [ 4195.747041] ffffc9000135fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.753165] ffffc9000135fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4195.759325] >ffffc9000135fd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 f1 [ 4195.765455] ^ [ 4195.770468] ffffc9000135fd80: f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 00 f2 [ 4195.776674] ffffc9000135fe00: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 4195.782881] ================================================================== [ 4195.789739] ok 36 - kasan_alloca_oob_right [ 4195.790102] ================================================================== [ 4195.801478] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 4195.808350] Read of size 1 at addr ffff888107d59880 by task kunit_try_catch/119809 [ 4195.818698] CPU: 0 PID: 119809 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4195.831204] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4195.837202] Call Trace: [ 4195.841496] dump_stack_lvl+0x57/0x81 [ 4195.846230] print_address_description.constprop.0+0x1f/0x140 [ 4195.851815] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 4195.857418] __kasan_report.cold+0x7f/0x122 [ 4195.862355] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 4195.867983] kasan_report+0x38/0x50 [ 4195.872623] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 4195.878198] ? ksize_uaf+0x4a0/0x4a0 [test_kasan] [ 4195.883356] ? do_raw_spin_trylock+0xb5/0x180 [ 4195.888345] ? do_raw_spin_lock+0x270/0x270 [ 4195.893236] ? rcu_read_lock_sched_held+0x12/0x80 [ 4195.898342] ? lock_acquire+0x228/0x2d0 [ 4195.903082] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4195.908291] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4195.913755] ? kunit_add_resource+0x197/0x280 [kunit] [ 4195.919021] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4195.924228] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4195.929491] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4195.935226] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4195.940565] kthread+0x364/0x420 [ 4195.945081] ? set_kthread_struct+0x110/0x110 [ 4195.950075] ret_from_fork+0x22/0x30 [ 4195.958413] Allocated by task 119809: [ 4195.963040] kasan_save_stack+0x1e/0x50 [ 4195.966932] __kasan_kmalloc+0x81/0xa0 [ 4195.969730] ksize_unpoisons_memory+0x9a/0x300 [test_kasan] [ 4195.973011] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4195.976125] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4195.980893] kthread+0x364/0x420 [ 4195.985344] ret_from_fork+0x22/0x30 [ 4195.993620] Last potentially related work creation: [ 4195.998745] kasan_save_stack+0x1e/0x50 [ 4196.003441] __kasan_record_aux_stack+0xb2/0xc0 [ 4196.008399] insert_work+0x47/0x310 [ 4196.012902] __queue_work+0x4dd/0xd60 [ 4196.017450] rcu_work_rcufn+0x42/0x70 [ 4196.021953] rcu_do_batch+0x3c5/0xdc0 [ 4196.026378] rcu_core+0x3de/0x5a0 [ 4196.030607] __do_softirq+0x2d3/0x9a8 [ 4196.038275] Second to last potentially related work creation: [ 4196.043308] kasan_save_stack+0x1e/0x50 [ 4196.047535] __kasan_record_aux_stack+0xb2/0xc0 [ 4196.051939] call_rcu+0xee/0x890 [ 4196.055810] queue_rcu_work+0x5a/0x70 [ 4196.059840] writeback_sb_inodes+0x373/0xd00 [ 4196.064145] wb_writeback+0x25a/0xa10 [ 4196.068161] wb_do_writeback+0x1dd/0x8a0 [ 4196.072267] wb_workfn+0x16a/0x700 [ 4196.076125] process_one_work+0x8cb/0x1590 [ 4196.080254] worker_thread+0x59b/0x1010 [ 4196.084243] kthread+0x364/0x420 [ 4196.087950] ret_from_fork+0x22/0x30 [ 4196.094707] The buggy address belongs to the object at ffff888107d59800 which belongs to the cache kmalloc-128 of size 128 [ 4196.104592] The buggy address is located 0 bytes to the right of 128-byte region [ffff888107d59800, ffff888107d59880) [ 4196.114393] The buggy address belongs to the page: [ 4196.118835] page:00000000c27af097 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d59 [ 4196.125268] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4196.130768] raw: 0017ffffc0000200 ffffea0004858640 dead000000000003 ffff8881000418c0 [ 4196.136594] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4196.142425] page dumped because: kasan: bad access detected [ 4196.150617] Memory state around the buggy address: [ 4196.155274] ffff888107d59780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4196.160997] ffff888107d59800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4196.166732] >ffff888107d59880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4196.172503] ^ [ 4196.176622] ffff888107d59900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4196.182463] ffff888107d59980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4196.188242] ================================================================== [ 4196.194939] ok 37 - ksize_unpoisons_memory [ 4196.206682] ================================================================== [ 4196.217274] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 4196.223145] Read of size 1 at addr ffff888121619a00 by task kunit_try_catch/119810 [ 4196.232943] CPU: 0 PID: 119810 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4196.245050] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4196.250922] Call Trace: [ 4196.255203] dump_stack_lvl+0x57/0x81 [ 4196.259995] print_address_description.constprop.0+0x1f/0x140 [ 4196.265687] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 4196.270984] __kasan_report.cold+0x7f/0x122 [ 4196.276082] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 4196.281390] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 4196.286643] kasan_report+0x38/0x50 [ 4196.291384] __kasan_check_byte+0x36/0x50 [ 4196.296329] ksize+0x1b/0x50 [ 4196.300793] ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 4196.305955] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 4196.311388] ? do_raw_spin_trylock+0xb5/0x180 [ 4196.316507] ? do_raw_spin_lock+0x270/0x270 [ 4196.321539] ? rcu_read_lock_sched_held+0x12/0x80 [ 4196.326824] ? lock_acquire+0x228/0x2d0 [ 4196.331734] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4196.337130] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4196.342798] ? kunit_add_resource+0x197/0x280 [kunit] [ 4196.348266] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4196.353689] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4196.359153] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4196.365076] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4196.370564] kthread+0x364/0x420 [ 4196.375254] ? set_kthread_struct+0x110/0x110 [ 4196.380371] ret_from_fork+0x22/0x30 [ 4196.388895] Allocated by task 119810: [ 4196.393521] kasan_save_stack+0x1e/0x50 [ 4196.398189] __kasan_kmalloc+0x81/0xa0 [ 4196.402758] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 4196.407605] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4196.412646] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4196.418183] kthread+0x364/0x420 [ 4196.422500] ret_from_fork+0x22/0x30 [ 4196.430455] Freed by task 119810: [ 4196.434690] kasan_save_stack+0x1e/0x50 [ 4196.439146] kasan_set_track+0x21/0x30 [ 4196.443521] kasan_set_free_info+0x20/0x40 [ 4196.448002] __kasan_slab_free+0xec/0x120 [ 4196.452372] slab_free_freelist_hook+0xa3/0x1d0 [ 4196.456931] kfree+0xdc/0x4e0 [ 4196.460779] ksize_uaf+0x137/0x4a0 [test_kasan] [ 4196.465256] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4196.469811] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4196.474785] kthread+0x364/0x420 [ 4196.478522] ret_from_fork+0x22/0x30 [ 4196.485337] The buggy address belongs to the object at ffff888121619a00 which belongs to the cache kmalloc-128 of size 128 [ 4196.495226] The buggy address is located 0 bytes inside of 128-byte region [ffff888121619a00, ffff888121619a80) [ 4196.504798] The buggy address belongs to the page: [ 4196.509285] page:000000001cfa59a5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121619 [ 4196.515802] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4196.521353] raw: 0017ffffc0000200 ffffea0005f48240 dead000000000002 ffff8881000418c0 [ 4196.527270] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4196.533196] page dumped because: kasan: bad access detected [ 4196.541598] Memory state around the buggy address: [ 4196.546367] ffff888121619900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4196.552189] ffff888121619980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4196.558022] >ffff888121619a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4196.563844] ^ [ 4196.568002] ffff888121619a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4196.573870] ffff888121619b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4196.579723] ================================================================== [ 4196.585714] ================================================================== [ 4196.591580] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan] [ 4196.597413] Read of size 1 at addr ffff888121619a00 by task kunit_try_catch/119810 [ 4196.607076] CPU: 0 PID: 119810 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4196.619077] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4196.624922] Call Trace: [ 4196.629153] dump_stack_lvl+0x57/0x81 [ 4196.633910] print_address_description.constprop.0+0x1f/0x140 [ 4196.639569] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 4196.644792] __kasan_report.cold+0x7f/0x122 [ 4196.649795] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 4196.654971] kasan_report+0x38/0x50 [ 4196.659638] ksize_uaf+0x47d/0x4a0 [test_kasan] [ 4196.664800] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 4196.670233] ? do_raw_spin_trylock+0xb5/0x180 [ 4196.675347] ? do_raw_spin_lock+0x270/0x270 [ 4196.680385] ? rcu_read_lock_sched_held+0x12/0x80 [ 4196.685682] ? lock_acquire+0x228/0x2d0 [ 4196.690575] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4196.696004] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4196.701675] ? kunit_add_resource+0x197/0x280 [kunit] [ 4196.707142] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4196.712513] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4196.717987] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4196.723894] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4196.729409] kthread+0x364/0x420 [ 4196.734123] ? set_kthread_struct+0x110/0x110 [ 4196.739284] ret_from_fork+0x22/0x30 [ 4196.747944] Allocated by task 119810: [ 4196.752688] kasan_save_stack+0x1e/0x50 [ 4196.757518] __kasan_kmalloc+0x81/0xa0 [ 4196.762232] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 4196.767170] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4196.772251] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4196.777880] kthread+0x364/0x420 [ 4196.782215] ret_from_fork+0x22/0x30 [ 4196.790207] Freed by task 119810: [ 4196.794474] kasan_save_stack+0x1e/0x50 [ 4196.798967] kasan_set_track+0x21/0x30 [ 4196.803412] kasan_set_free_info+0x20/0x40 [ 4196.807972] __kasan_slab_free+0xec/0x120 [ 4196.812424] slab_free_freelist_hook+0xa3/0x1d0 [ 4196.817119] kfree+0xdc/0x4e0 [ 4196.821094] ksize_uaf+0x137/0x4a0 [test_kasan] [ 4196.825797] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4196.830605] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4196.835927] kthread+0x364/0x420 [ 4196.839968] ret_from_fork+0x22/0x30 [ 4196.847208] The buggy address belongs to the object at ffff888121619a00 which belongs to the cache kmalloc-128 of size 128 [ 4196.857447] The buggy address is located 0 bytes inside of 128-byte region [ffff888121619a00, ffff888121619a80) [ 4196.867374] The buggy address belongs to the page: [ 4196.871925] page:000000001cfa59a5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121619 [ 4196.878530] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4196.884172] raw: 0017ffffc0000200 ffffea0005f48240 dead000000000002 ffff8881000418c0 [ 4196.890172] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4196.896168] page dumped because: kasan: bad access detected [ 4196.904644] Memory state around the buggy address: [ 4196.909478] ffff888121619900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4196.915393] ffff888121619980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4196.921292] >ffff888121619a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4196.927190] ^ [ 4196.931390] ffff888121619a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4196.937360] ffff888121619b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4196.943276] ================================================================== [ 4196.949358] ================================================================== [ 4196.955248] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan] [ 4196.961067] Read of size 1 at addr ffff888121619a78 by task kunit_try_catch/119810 [ 4196.970689] CPU: 0 PID: 119810 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4196.982750] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4196.988610] Call Trace: [ 4196.992830] dump_stack_lvl+0x57/0x81 [ 4196.997567] print_address_description.constprop.0+0x1f/0x140 [ 4197.003213] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 4197.008436] __kasan_report.cold+0x7f/0x122 [ 4197.013431] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 4197.018629] kasan_report+0x38/0x50 [ 4197.023332] ksize_uaf+0x470/0x4a0 [test_kasan] [ 4197.028493] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 4197.033951] ? do_raw_spin_trylock+0xb5/0x180 [ 4197.039075] ? do_raw_spin_lock+0x270/0x270 [ 4197.044130] ? rcu_read_lock_sched_held+0x12/0x80 [ 4197.049444] ? lock_acquire+0x228/0x2d0 [ 4197.054369] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4197.059764] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4197.065443] ? kunit_add_resource+0x197/0x280 [kunit] [ 4197.070922] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.076330] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4197.081799] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.087663] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4197.093180] kthread+0x364/0x420 [ 4197.097875] ? set_kthread_struct+0x110/0x110 [ 4197.103045] ret_from_fork+0x22/0x30 [ 4197.111478] Allocated by task 119810: [ 4197.116238] kasan_save_stack+0x1e/0x50 [ 4197.121005] __kasan_kmalloc+0x81/0xa0 [ 4197.125628] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 4197.130521] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.135562] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.141111] kthread+0x364/0x420 [ 4197.145439] ret_from_fork+0x22/0x30 [ 4197.153390] Freed by task 119810: [ 4197.157672] kasan_save_stack+0x1e/0x50 [ 4197.162192] kasan_set_track+0x21/0x30 [ 4197.166655] kasan_set_free_info+0x20/0x40 [ 4197.171212] __kasan_slab_free+0xec/0x120 [ 4197.175696] slab_free_freelist_hook+0xa3/0x1d0 [ 4197.180393] kfree+0xdc/0x4e0 [ 4197.184369] ksize_uaf+0x137/0x4a0 [test_kasan] [ 4197.189071] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.193885] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.199193] kthread+0x364/0x420 [ 4197.203223] ret_from_fork+0x22/0x30 [ 4197.210427] The buggy address belongs to the object at ffff888121619a00 which belongs to the cache kmalloc-128 of size 128 [ 4197.220637] The buggy address is located 120 bytes inside of 128-byte region [ffff888121619a00, ffff888121619a80) [ 4197.230592] The buggy address belongs to the page: [ 4197.235148] page:000000001cfa59a5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121619 [ 4197.241763] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4197.247395] raw: 0017ffffc0000200 ffffea0005f48240 dead000000000002 ffff8881000418c0 [ 4197.253411] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 4197.259433] page dumped because: kasan: bad access detected [ 4197.267960] Memory state around the buggy address: [ 4197.272770] ffff888121619900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4197.278663] ffff888121619980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4197.284561] >ffff888121619a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4197.290437] ^ [ 4197.296337] ffff888121619a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4197.302264] ffff888121619b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4197.308204] ================================================================== [ 4197.314985] ok 38 - ksize_uaf [ 4197.315802] ================================================================== [ 4197.326137] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x118/0x4b0 [ 4197.335943] CPU: 0 PID: 119813 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4197.348102] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4197.354012] Call Trace: [ 4197.358298] dump_stack_lvl+0x57/0x81 [ 4197.363120] print_address_description.constprop.0+0x1f/0x140 [ 4197.368834] ? kmem_cache_free+0x118/0x4b0 [ 4197.373864] kasan_report_invalid_free+0x70/0xa0 [ 4197.379116] ? kmem_cache_free+0x118/0x4b0 [ 4197.384123] __kasan_slab_free+0x108/0x120 [ 4197.389112] slab_free_freelist_hook+0xa3/0x1d0 [ 4197.394305] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 4197.400090] kmem_cache_free+0x118/0x4b0 [ 4197.405064] ? trace_kmem_cache_alloc+0x3c/0x100 [ 4197.410378] kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 4197.416193] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan] [ 4197.422138] ? do_raw_spin_trylock+0xb5/0x180 [ 4197.427423] ? do_raw_spin_lock+0x270/0x270 [ 4197.432623] ? rcu_read_lock_sched_held+0x12/0x80 [ 4197.438037] ? lock_acquire+0x228/0x2d0 [ 4197.443088] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4197.448588] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4197.454351] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4197.459879] ? kunit_add_resource+0x197/0x280 [kunit] [ 4197.465462] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.470959] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4197.476485] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.482467] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4197.488053] kthread+0x364/0x420 [ 4197.492776] ? set_kthread_struct+0x110/0x110 [ 4197.497920] ret_from_fork+0x22/0x30 [ 4197.506432] Allocated by task 119813: [ 4197.511124] kasan_save_stack+0x1e/0x50 [ 4197.515842] __kasan_slab_alloc+0x66/0x80 [ 4197.520598] kmem_cache_alloc+0x161/0x310 [ 4197.525357] kmem_cache_double_free+0x123/0x280 [test_kasan] [ 4197.530813] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.535945] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.541607] kthread+0x364/0x420 [ 4197.546020] ret_from_fork+0x22/0x30 [ 4197.554128] Freed by task 119813: [ 4197.558444] kasan_save_stack+0x1e/0x50 [ 4197.562958] kasan_set_track+0x21/0x30 [ 4197.567384] kasan_set_free_info+0x20/0x40 [ 4197.571900] __kasan_slab_free+0xec/0x120 [ 4197.576309] slab_free_freelist_hook+0xa3/0x1d0 [ 4197.580891] kmem_cache_free+0x118/0x4b0 [ 4197.585091] kmem_cache_double_free+0x144/0x280 [test_kasan] [ 4197.590027] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.594606] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.599749] kthread+0x364/0x420 [ 4197.603640] ret_from_fork+0x22/0x30 [ 4197.610786] The buggy address belongs to the object at ffff8881136a9c60 which belongs to the cache test_cache of size 200 [ 4197.621107] The buggy address is located 0 bytes inside of 200-byte region [ffff8881136a9c60, ffff8881136a9d28) [ 4197.631135] The buggy address belongs to the page: [ 4197.635781] page:0000000035598651 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1136a9 [ 4197.642441] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4197.648145] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff88812199c3c0 [ 4197.654208] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 4197.660225] page dumped because: kasan: bad access detected [ 4197.668813] Memory state around the buggy address: [ 4197.673650] ffff8881136a9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4197.679598] ffff8881136a9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4197.685458] >ffff8881136a9c00: fc fc fc fc fc fc fc fc fc fc fc fc fa fb fb fb [ 4197.691298] ^ [ 4197.696804] ffff8881136a9c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4197.702685] ffff8881136a9d00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 4197.708578] ================================================================== [ 4197.727202] ok 39 - kmem_cache_double_free [ 4197.729007] ================================================================== [ 4197.739753] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x118/0x4b0 [ 4197.749400] CPU: 0 PID: 119814 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4197.761439] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4197.767289] Call Trace: [ 4197.771518] dump_stack_lvl+0x57/0x81 [ 4197.776268] print_address_description.constprop.0+0x1f/0x140 [ 4197.781922] ? kmem_cache_free+0x118/0x4b0 [ 4197.786877] kasan_report_invalid_free+0x70/0xa0 [ 4197.792014] ? kmem_cache_free+0x118/0x4b0 [ 4197.796913] __kasan_slab_free+0x108/0x120 [ 4197.801834] slab_free_freelist_hook+0xa3/0x1d0 [ 4197.806949] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 4197.812675] kmem_cache_free+0x118/0x4b0 [ 4197.817603] ? trace_kmem_cache_alloc+0x3c/0x100 [ 4197.822837] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 4197.828565] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan] [ 4197.834468] ? do_raw_spin_trylock+0xb5/0x180 [ 4197.839666] ? do_raw_spin_lock+0x270/0x270 [ 4197.844776] ? rcu_read_lock_sched_held+0x12/0x80 [ 4197.850085] ? lock_acquire+0x228/0x2d0 [ 4197.855013] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4197.860409] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4197.866042] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 4197.871484] ? kunit_add_resource+0x197/0x280 [kunit] [ 4197.876942] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.882309] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4197.887718] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.893572] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4197.899052] kthread+0x364/0x420 [ 4197.903682] ? set_kthread_struct+0x110/0x110 [ 4197.908745] ret_from_fork+0x22/0x30 [ 4197.917102] Allocated by task 119814: [ 4197.921684] kasan_save_stack+0x1e/0x50 [ 4197.926310] __kasan_slab_alloc+0x66/0x80 [ 4197.930989] kmem_cache_alloc+0x161/0x310 [ 4197.935635] kmem_cache_invalid_free+0x126/0x280 [test_kasan] [ 4197.941000] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4197.946066] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4197.951665] kthread+0x364/0x420 [ 4197.956044] ret_from_fork+0x22/0x30 [ 4197.964105] The buggy address belongs to the object at ffff88810f6c4000 which belongs to the cache test_cache of size 200 [ 4197.975127] The buggy address is located 1 bytes inside of 200-byte region [ffff88810f6c4000, ffff88810f6c40c8) [ 4197.985748] The buggy address belongs to the page: [ 4197.990639] page:000000009826bc3b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f6c4 [ 4197.997485] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4198.003279] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff88812199cb40 [ 4198.009416] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 4198.015487] page dumped because: kasan: bad access detected [ 4198.024274] Memory state around the buggy address: [ 4198.029189] ffff88810f6c3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4198.035162] ffff88810f6c3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 4198.041070] >ffff88810f6c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4198.047031] ^ [ 4198.051336] ffff88810f6c4080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 4198.057359] ffff88810f6c4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 4198.063351] ================================================================== [ 4198.079344] ok 40 - kmem_cache_invalid_free [ 4198.080658] ================================================================== [ 4198.091742] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 4198.098299] Read of size 1 at addr ffff88812199c640 by task kunit_try_catch/119815 [ 4198.108468] CPU: 0 PID: 119815 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4198.120943] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4198.127023] Call Trace: [ 4198.131449] dump_stack_lvl+0x57/0x81 [ 4198.136404] print_address_description.constprop.0+0x1f/0x140 [ 4198.142272] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 4198.148313] __kasan_report.cold+0x7f/0x122 [ 4198.153533] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 4198.159568] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 4198.165534] kasan_report+0x38/0x50 [ 4198.170410] __kasan_check_byte+0x36/0x50 [ 4198.175492] kmem_cache_destroy+0x1f/0x150 [ 4198.180624] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 4198.186576] ? kmalloc_oob_right+0x510/0x510 [test_kasan] [ 4198.192326] ? do_raw_spin_trylock+0xb5/0x180 [ 4198.197630] ? do_raw_spin_lock+0x270/0x270 [ 4198.202878] ? rcu_read_lock_sched_held+0x12/0x80 [ 4198.208350] ? lock_acquire+0x228/0x2d0 [ 4198.213409] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4198.218949] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4198.224752] ? kunit_add_resource+0x197/0x280 [kunit] [ 4198.230360] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4198.235888] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4198.241469] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4198.247489] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4198.253107] kthread+0x364/0x420 [ 4198.257882] ? set_kthread_struct+0x110/0x110 [ 4198.263105] ret_from_fork+0x22/0x30 [ 4198.271767] Allocated by task 119815: [ 4198.276479] kasan_save_stack+0x1e/0x50 [ 4198.281259] __kasan_slab_alloc+0x66/0x80 [ 4198.286061] kmem_cache_alloc+0x161/0x310 [ 4198.290832] kmem_cache_create_usercopy+0x1a2/0x2f0 [ 4198.295957] kmem_cache_create+0x12/0x20 [ 4198.300624] kmem_cache_double_destroy+0x8d/0x250 [test_kasan] [ 4198.306190] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4198.311332] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4198.316991] kthread+0x364/0x420 [ 4198.321365] ret_from_fork+0x22/0x30 [ 4198.329477] Freed by task 119815: [ 4198.333796] kasan_save_stack+0x1e/0x50 [ 4198.338289] kasan_set_track+0x21/0x30 [ 4198.342657] kasan_set_free_info+0x20/0x40 [ 4198.347118] __kasan_slab_free+0xec/0x120 [ 4198.351484] slab_free_freelist_hook+0xa3/0x1d0 [ 4198.356007] kmem_cache_free+0x118/0x4b0 [ 4198.360181] kobject_cleanup+0x104/0x390 [ 4198.364289] kmem_cache_destroy+0x11a/0x150 [ 4198.368500] kmem_cache_double_destroy+0x12a/0x250 [test_kasan] [ 4198.373455] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4198.377974] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4198.383002] kthread+0x364/0x420 [ 4198.386786] ret_from_fork+0x22/0x30 [ 4198.393744] The buggy address belongs to the object at ffff88812199c640 which belongs to the cache kmem_cache of size 240 [ 4198.403804] The buggy address is located 0 bytes inside of 240-byte region [ffff88812199c640, ffff88812199c730) [ 4198.413621] The buggy address belongs to the page: [ 4198.418177] page:000000000b63aff1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12199c [ 4198.424800] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4198.430445] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff888100041000 [ 4198.436441] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 4198.442432] page dumped because: kasan: bad access detected [ 4198.450904] Memory state around the buggy address: [ 4198.455674] ffff88812199c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4198.461536] ffff88812199c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 4198.467373] >ffff88812199c600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 4198.473204] ^ [ 4198.478246] ffff88812199c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 4198.484096] ffff88812199c700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 4198.489932] ================================================================== [ 4198.496698] ok 41 - kmem_cache_double_destroy [ 4198.497203] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 4198.503392] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 4198.510383] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 4198.517279] ================================================================== [ 4198.529621] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 4198.536659] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4198.546847] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4198.559358] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4198.565406] Call Trace: [ 4198.569786] dump_stack_lvl+0x57/0x81 [ 4198.574694] print_address_description.constprop.0+0x1f/0x140 [ 4198.580580] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 4198.586822] __kasan_report.cold+0x7f/0x122 [ 4198.592060] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 4198.598393] kasan_report+0x38/0x50 [ 4198.603415] kasan_check_range+0xfd/0x1e0 [ 4198.608599] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 4198.614902] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4198.620659] ? pick_next_task_fair+0x9a/0xe50 [ 4198.626078] ? kunit_kfree+0x200/0x200 [kunit] [ 4198.631551] ? fs_reclaim_acquire+0xb7/0x160 [ 4198.637000] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4198.642951] ? rcu_read_lock_bh_held+0x30/0x70 [ 4198.648396] ? trace_kmalloc+0x3c/0x100 [ 4198.653595] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4198.659193] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4198.665030] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4198.671776] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4198.677767] ? kunit_add_resource+0x197/0x280 [kunit] [ 4198.683563] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4198.689231] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4198.694899] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4198.700938] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4198.706531] kthread+0x364/0x420 [ 4198.711320] ? set_kthread_struct+0x110/0x110 [ 4198.716568] ret_from_fork+0x22/0x30 [ 4198.725463] Allocated by task 119819: [ 4198.730333] kasan_save_stack+0x1e/0x50 [ 4198.735295] __kasan_kmalloc+0x81/0xa0 [ 4198.740190] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4198.745786] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4198.751128] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4198.757026] kthread+0x364/0x420 [ 4198.761656] ret_from_fork+0x22/0x30 [ 4198.770158] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4198.781791] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4198.792922] The buggy address belongs to the page: [ 4198.798067] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10567a [ 4198.805193] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4198.811267] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4198.817679] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 4198.824038] page dumped because: kasan: bad access detected [ 4198.833184] Memory state around the buggy address: [ 4198.838332] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4198.844494] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4198.850595] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4198.856532] ^ [ 4198.860868] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4198.866714] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4198.872511] ================================================================== [ 4198.878577] ================================================================== [ 4198.884303] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 4198.890908] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4198.900694] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4198.912635] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4198.918439] Call Trace: [ 4198.922683] dump_stack_lvl+0x57/0x81 [ 4198.927373] print_address_description.constprop.0+0x1f/0x140 [ 4198.932878] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 4198.938755] __kasan_report.cold+0x7f/0x122 [ 4198.943662] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 4198.949588] kasan_report+0x38/0x50 [ 4198.954253] kasan_check_range+0xfd/0x1e0 [ 4198.959119] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 4198.964936] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4198.970243] ? pick_next_task_fair+0x9a/0xe50 [ 4198.975315] ? kunit_kfree+0x200/0x200 [kunit] [ 4198.980575] ? fs_reclaim_acquire+0xb7/0x160 [ 4198.985774] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4198.991526] ? rcu_read_lock_bh_held+0x30/0x70 [ 4198.996825] ? trace_kmalloc+0x3c/0x100 [ 4199.001819] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4199.007198] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4199.012889] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4199.019448] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4199.025332] ? kunit_add_resource+0x197/0x280 [kunit] [ 4199.030965] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4199.036515] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4199.042113] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4199.048149] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4199.053769] kthread+0x364/0x420 [ 4199.058511] ? set_kthread_struct+0x110/0x110 [ 4199.063710] ret_from_fork+0x22/0x30 [ 4199.072302] Allocated by task 119819: [ 4199.077020] kasan_save_stack+0x1e/0x50 [ 4199.081772] __kasan_kmalloc+0x81/0xa0 [ 4199.086468] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4199.091896] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4199.097081] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4199.102844] kthread+0x364/0x420 [ 4199.107376] ret_from_fork+0x22/0x30 [ 4199.115754] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4199.127258] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4199.138435] The buggy address belongs to the page: [ 4199.143595] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10567a [ 4199.150765] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4199.156865] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4199.163144] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 4199.169423] page dumped because: kasan: bad access detected [ 4199.178431] Memory state around the buggy address: [ 4199.183553] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.189657] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.195730] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.201805] ^ [ 4199.206248] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.212321] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.218341] ================================================================== [ 4199.224490] ================================================================== [ 4199.230515] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 4199.237388] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4199.247411] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4199.259646] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4199.265576] Call Trace: [ 4199.269929] dump_stack_lvl+0x57/0x81 [ 4199.274741] print_address_description.constprop.0+0x1f/0x140 [ 4199.280447] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 4199.286458] __kasan_report.cold+0x7f/0x122 [ 4199.291526] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 4199.297705] kasan_report+0x38/0x50 [ 4199.302519] kasan_check_range+0xfd/0x1e0 [ 4199.307527] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 4199.313475] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4199.318980] ? pick_next_task_fair+0x9a/0xe50 [ 4199.324192] ? kunit_kfree+0x200/0x200 [kunit] [ 4199.329460] ? fs_reclaim_acquire+0xb7/0x160 [ 4199.334621] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4199.340413] ? rcu_read_lock_bh_held+0x30/0x70 [ 4199.345714] ? trace_kmalloc+0x3c/0x100 [ 4199.350708] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4199.356089] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4199.361765] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4199.368337] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4199.374190] ? kunit_add_resource+0x197/0x280 [kunit] [ 4199.379810] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4199.385336] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4199.390845] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4199.396856] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4199.402458] kthread+0x364/0x420 [ 4199.407230] ? set_kthread_struct+0x110/0x110 [ 4199.412401] ret_from_fork+0x22/0x30 [ 4199.421020] Allocated by task 119819: [ 4199.425781] kasan_save_stack+0x1e/0x50 [ 4199.430530] __kasan_kmalloc+0x81/0xa0 [ 4199.435229] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4199.440655] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4199.445825] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4199.451581] kthread+0x364/0x420 [ 4199.456163] ret_from_fork+0x22/0x30 [ 4199.464503] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4199.476023] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4199.487179] The buggy address belongs to the page: [ 4199.492323] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4199.500125] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4199.506304] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4199.512569] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4199.519010] page dumped because: kasan: bad access detected [ 4199.528285] Memory state around the buggy address: [ 4199.533463] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.539740] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.545923] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.552069] ^ [ 4199.556581] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.562794] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.568912] ================================================================== [ 4199.575070] ================================================================== [ 4199.581138] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 4199.588178] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4199.598348] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4199.610828] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4199.616899] Call Trace: [ 4199.621262] dump_stack_lvl+0x57/0x81 [ 4199.626143] print_address_description.constprop.0+0x1f/0x140 [ 4199.631887] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 4199.638047] __kasan_report.cold+0x7f/0x122 [ 4199.643180] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 4199.649387] kasan_report+0x38/0x50 [ 4199.654201] kasan_check_range+0xfd/0x1e0 [ 4199.659269] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 4199.665381] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4199.670934] ? pick_next_task_fair+0x9a/0xe50 [ 4199.676163] ? kunit_kfree+0x200/0x200 [kunit] [ 4199.681439] ? fs_reclaim_acquire+0xb7/0x160 [ 4199.686620] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4199.692394] ? rcu_read_lock_bh_held+0x30/0x70 [ 4199.697715] ? trace_kmalloc+0x3c/0x100 [ 4199.702762] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4199.708173] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4199.713876] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4199.720452] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4199.726373] ? kunit_add_resource+0x197/0x280 [kunit] [ 4199.732018] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4199.737575] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4199.743237] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4199.749308] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4199.754998] kthread+0x364/0x420 [ 4199.759806] ? set_kthread_struct+0x110/0x110 [ 4199.765022] ret_from_fork+0x22/0x30 [ 4199.773591] Allocated by task 119819: [ 4199.778305] kasan_save_stack+0x1e/0x50 [ 4199.783058] __kasan_kmalloc+0x81/0xa0 [ 4199.787741] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4199.793177] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4199.798358] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4199.804165] kthread+0x364/0x420 [ 4199.808715] ret_from_fork+0x22/0x30 [ 4199.817107] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4199.828589] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4199.839839] The buggy address belongs to the page: [ 4199.844993] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4199.852765] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4199.858920] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4199.865392] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4199.871839] page dumped because: kasan: bad access detected [ 4199.881080] Memory state around the buggy address: [ 4199.886284] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.892523] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.898676] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.904801] ^ [ 4199.909331] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.915529] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4199.921645] ================================================================== [ 4199.927812] ================================================================== [ 4199.933868] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 4199.940857] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4199.951032] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4199.963625] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4199.969710] Call Trace: [ 4199.974096] dump_stack_lvl+0x57/0x81 [ 4199.978928] print_address_description.constprop.0+0x1f/0x140 [ 4199.984673] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 4199.990808] __kasan_report.cold+0x7f/0x122 [ 4199.995916] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 4200.002098] kasan_report+0x38/0x50 [ 4200.006926] kasan_check_range+0xfd/0x1e0 [ 4200.011957] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 4200.018067] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4200.023606] ? pick_next_task_fair+0x9a/0xe50 [ 4200.028858] ? kunit_kfree+0x200/0x200 [kunit] [ 4200.034153] ? fs_reclaim_acquire+0xb7/0x160 [ 4200.039335] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4200.045141] ? rcu_read_lock_bh_held+0x30/0x70 [ 4200.050471] ? trace_kmalloc+0x3c/0x100 [ 4200.055522] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4200.060961] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4200.066652] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4200.073303] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4200.079221] ? kunit_add_resource+0x197/0x280 [kunit] [ 4200.084918] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4200.090486] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4200.096128] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4200.102216] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4200.107893] kthread+0x364/0x420 [ 4200.112691] ? set_kthread_struct+0x110/0x110 [ 4200.117884] ret_from_fork+0x22/0x30 [ 4200.126524] Allocated by task 119819: [ 4200.131276] kasan_save_stack+0x1e/0x50 [ 4200.136035] __kasan_kmalloc+0x81/0xa0 [ 4200.140753] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4200.146202] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4200.151371] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4200.157145] kthread+0x364/0x420 [ 4200.161688] ret_from_fork+0x22/0x30 [ 4200.170063] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4200.181576] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4200.192666] The buggy address belongs to the page: [ 4200.197817] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4200.205546] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4200.211727] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4200.218174] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4200.224568] page dumped because: kasan: bad access detected [ 4200.233867] Memory state around the buggy address: [ 4200.239051] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.245312] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.251506] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.257662] ^ [ 4200.262180] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.268369] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.274497] ================================================================== [ 4200.280692] ================================================================== [ 4200.286735] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 4200.293757] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4200.303969] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4200.316565] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4200.322675] Call Trace: [ 4200.327129] dump_stack_lvl+0x57/0x81 [ 4200.332093] print_address_description.constprop.0+0x1f/0x140 [ 4200.337721] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 4200.343825] __kasan_report.cold+0x7f/0x122 [ 4200.348997] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 4200.355060] kasan_report+0x38/0x50 [ 4200.359908] kasan_check_range+0xfd/0x1e0 [ 4200.364964] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 4200.371071] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4200.376612] ? pick_next_task_fair+0x9a/0xe50 [ 4200.381885] ? kunit_kfree+0x200/0x200 [kunit] [ 4200.387156] ? fs_reclaim_acquire+0xb7/0x160 [ 4200.392396] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4200.398233] ? rcu_read_lock_bh_held+0x30/0x70 [ 4200.403567] ? trace_kmalloc+0x3c/0x100 [ 4200.408616] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4200.414095] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4200.419906] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4200.426531] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4200.432474] ? kunit_add_resource+0x197/0x280 [kunit] [ 4200.438165] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4200.443719] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4200.449369] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4200.455430] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4200.461109] kthread+0x364/0x420 [ 4200.465938] ? set_kthread_struct+0x110/0x110 [ 4200.471199] ret_from_fork+0x22/0x30 [ 4200.479833] Allocated by task 119819: [ 4200.484561] kasan_save_stack+0x1e/0x50 [ 4200.489295] __kasan_kmalloc+0x81/0xa0 [ 4200.494005] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4200.499414] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4200.504560] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4200.510327] kthread+0x364/0x420 [ 4200.514866] ret_from_fork+0x22/0x30 [ 4200.523227] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4200.534724] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4200.545934] The buggy address belongs to the page: [ 4200.551081] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4200.558913] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4200.565083] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4200.571518] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4200.577947] page dumped because: kasan: bad access detected [ 4200.587206] Memory state around the buggy address: [ 4200.592373] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.598618] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.604672] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.610802] ^ [ 4200.615297] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.621449] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.627533] ================================================================== [ 4200.633662] ================================================================== [ 4200.639706] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 4200.646673] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4200.656820] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4200.669187] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4200.675230] Call Trace: [ 4200.679598] dump_stack_lvl+0x57/0x81 [ 4200.684452] print_address_description.constprop.0+0x1f/0x140 [ 4200.690223] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 4200.696351] __kasan_report.cold+0x7f/0x122 [ 4200.701426] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 4200.707614] kasan_report+0x38/0x50 [ 4200.712443] kasan_check_range+0xfd/0x1e0 [ 4200.717476] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 4200.723589] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4200.729138] ? pick_next_task_fair+0x9a/0xe50 [ 4200.734369] ? kunit_kfree+0x200/0x200 [kunit] [ 4200.739660] ? fs_reclaim_acquire+0xb7/0x160 [ 4200.744915] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4200.750697] ? rcu_read_lock_bh_held+0x30/0x70 [ 4200.756074] ? trace_kmalloc+0x3c/0x100 [ 4200.761142] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4200.766546] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4200.772289] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4200.778897] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4200.784792] ? kunit_add_resource+0x197/0x280 [kunit] [ 4200.790449] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4200.796000] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4200.801579] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4200.807664] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4200.813331] kthread+0x364/0x420 [ 4200.818148] ? set_kthread_struct+0x110/0x110 [ 4200.823362] ret_from_fork+0x22/0x30 [ 4200.831938] Allocated by task 119819: [ 4200.836663] kasan_save_stack+0x1e/0x50 [ 4200.841439] __kasan_kmalloc+0x81/0xa0 [ 4200.846133] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4200.851567] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4200.856760] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4200.862548] kthread+0x364/0x420 [ 4200.867121] ret_from_fork+0x22/0x30 [ 4200.875462] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4200.887002] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4200.898226] The buggy address belongs to the page: [ 4200.903375] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4200.911109] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4200.917261] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4200.923715] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4200.930174] page dumped because: kasan: bad access detected [ 4200.939418] Memory state around the buggy address: [ 4200.944588] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.950850] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.957009] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.963152] ^ [ 4200.967686] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.973864] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4200.979983] ================================================================== [ 4200.986162] ================================================================== [ 4200.992198] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 4200.999249] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4201.009479] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4201.022061] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4201.028144] Call Trace: [ 4201.032538] dump_stack_lvl+0x57/0x81 [ 4201.037441] print_address_description.constprop.0+0x1f/0x140 [ 4201.043211] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 4201.049397] __kasan_report.cold+0x7f/0x122 [ 4201.054507] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 4201.060712] kasan_report+0x38/0x50 [ 4201.065548] kasan_check_range+0xfd/0x1e0 [ 4201.070616] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 4201.076706] ? kasan_test_init+0x40/0x40 [test_kasan] [ 4201.082226] ? pick_next_task_fair+0x9a/0xe50 [ 4201.087459] ? kunit_kfree+0x200/0x200 [kunit] [ 4201.092721] ? fs_reclaim_acquire+0xb7/0x160 [ 4201.097917] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4201.103710] ? rcu_read_lock_bh_held+0x30/0x70 [ 4201.109019] ? trace_kmalloc+0x3c/0x100 [ 4201.114099] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4201.119489] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 4201.125194] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4201.131813] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4201.137702] ? kunit_add_resource+0x197/0x280 [kunit] [ 4201.143370] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4201.148935] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4201.154562] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4201.160642] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4201.166307] kthread+0x364/0x420 [ 4201.171123] ? set_kthread_struct+0x110/0x110 [ 4201.176350] ret_from_fork+0x22/0x30 [ 4201.184984] Allocated by task 119819: [ 4201.189704] kasan_save_stack+0x1e/0x50 [ 4201.194464] __kasan_kmalloc+0x81/0xa0 [ 4201.199169] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4201.204621] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4201.209833] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4201.215564] kthread+0x364/0x420 [ 4201.220104] ret_from_fork+0x22/0x30 [ 4201.228463] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4201.239928] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4201.251106] The buggy address belongs to the page: [ 4201.256275] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4201.264045] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4201.270156] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4201.276597] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4201.283013] page dumped because: kasan: bad access detected [ 4201.292248] Memory state around the buggy address: [ 4201.297404] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.303668] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.309857] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.315952] ^ [ 4201.320435] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.326616] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.332731] ================================================================== [ 4201.338913] ================================================================== [ 4201.344945] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 4201.352230] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4201.362388] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4201.374899] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4201.380937] Call Trace: [ 4201.385322] dump_stack_lvl+0x57/0x81 [ 4201.390189] print_address_description.constprop.0+0x1f/0x140 [ 4201.395950] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 4201.402437] __kasan_report.cold+0x7f/0x122 [ 4201.407585] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 4201.414113] kasan_report+0x38/0x50 [ 4201.419000] kasan_check_range+0xfd/0x1e0 [ 4201.424116] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 4201.430584] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4201.436894] ? pick_next_task_fair+0x9a/0xe50 [ 4201.442217] ? kunit_kfree+0x200/0x200 [kunit] [ 4201.447623] ? fs_reclaim_acquire+0xb7/0x160 [ 4201.452947] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4201.458855] ? rcu_read_lock_bh_held+0x30/0x70 [ 4201.464265] ? trace_kmalloc+0x3c/0x100 [ 4201.469413] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4201.474925] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4201.480779] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4201.487451] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4201.493476] ? kunit_add_resource+0x197/0x280 [kunit] [ 4201.499209] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4201.504863] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4201.510588] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4201.516776] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4201.522544] kthread+0x364/0x420 [ 4201.527462] ? set_kthread_struct+0x110/0x110 [ 4201.532795] ret_from_fork+0x22/0x30 [ 4201.541627] Allocated by task 119819: [ 4201.546500] kasan_save_stack+0x1e/0x50 [ 4201.551365] __kasan_kmalloc+0x81/0xa0 [ 4201.556199] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4201.561707] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4201.567030] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4201.572897] kthread+0x364/0x420 [ 4201.577578] ret_from_fork+0x22/0x30 [ 4201.586150] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4201.597859] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4201.609220] The buggy address belongs to the page: [ 4201.614433] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4201.621878] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4201.627847] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4201.634093] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4201.640311] page dumped because: kasan: bad access detected [ 4201.649471] Memory state around the buggy address: [ 4201.654525] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.660569] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.666527] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.672441] ^ [ 4201.676868] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.682819] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4201.688689] ================================================================== [ 4201.694636] ================================================================== [ 4201.700406] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 4201.707356] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4201.717267] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4201.729518] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4201.735614] Call Trace: [ 4201.740025] dump_stack_lvl+0x57/0x81 [ 4201.744929] print_address_description.constprop.0+0x1f/0x140 [ 4201.750717] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 4201.757227] __kasan_report.cold+0x7f/0x122 [ 4201.762375] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 4201.768921] kasan_report+0x38/0x50 [ 4201.773833] kasan_check_range+0xfd/0x1e0 [ 4201.778937] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 4201.785447] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4201.791725] ? pick_next_task_fair+0x9a/0xe50 [ 4201.797056] ? kunit_kfree+0x200/0x200 [kunit] [ 4201.802444] ? fs_reclaim_acquire+0xb7/0x160 [ 4201.807775] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4201.813692] ? rcu_read_lock_bh_held+0x30/0x70 [ 4201.819136] ? trace_kmalloc+0x3c/0x100 [ 4201.824273] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4201.829814] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4201.835690] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4201.842383] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4201.848389] ? kunit_add_resource+0x197/0x280 [kunit] [ 4201.854172] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4201.859900] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4201.865612] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4201.871805] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4201.877533] kthread+0x364/0x420 [ 4201.882456] ? set_kthread_struct+0x110/0x110 [ 4201.887769] ret_from_fork+0x22/0x30 [ 4201.896605] Allocated by task 119819: [ 4201.901445] kasan_save_stack+0x1e/0x50 [ 4201.906309] __kasan_kmalloc+0x81/0xa0 [ 4201.911152] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4201.916696] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4201.922024] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4201.927879] kthread+0x364/0x420 [ 4201.932535] ret_from_fork+0x22/0x30 [ 4201.941080] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4201.952817] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4201.964143] The buggy address belongs to the page: [ 4201.969349] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4201.977189] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4201.983396] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4201.989872] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4201.996385] page dumped because: kasan: bad access detected [ 4202.005767] Memory state around the buggy address: [ 4202.011058] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.017387] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.023605] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.029814] ^ [ 4202.034372] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.040604] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.046767] ================================================================== [ 4202.052960] ================================================================== [ 4202.058990] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 4202.066317] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4202.076496] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4202.089013] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4202.095065] Call Trace: [ 4202.099529] dump_stack_lvl+0x57/0x81 [ 4202.104442] print_address_description.constprop.0+0x1f/0x140 [ 4202.110265] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 4202.116887] __kasan_report.cold+0x7f/0x122 [ 4202.122144] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 4202.128727] kasan_report+0x38/0x50 [ 4202.133631] kasan_check_range+0xfd/0x1e0 [ 4202.138761] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 4202.145264] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4202.151565] ? pick_next_task_fair+0x9a/0xe50 [ 4202.156911] ? kunit_kfree+0x200/0x200 [kunit] [ 4202.162321] ? fs_reclaim_acquire+0xb7/0x160 [ 4202.167649] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4202.173568] ? rcu_read_lock_bh_held+0x30/0x70 [ 4202.179021] ? trace_kmalloc+0x3c/0x100 [ 4202.184185] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4202.189711] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4202.195598] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4202.202343] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4202.208378] ? kunit_add_resource+0x197/0x280 [kunit] [ 4202.214160] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4202.219849] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4202.225572] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4202.231770] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4202.237546] kthread+0x364/0x420 [ 4202.242472] ? set_kthread_struct+0x110/0x110 [ 4202.247812] ret_from_fork+0x22/0x30 [ 4202.256658] Allocated by task 119819: [ 4202.261485] kasan_save_stack+0x1e/0x50 [ 4202.266368] __kasan_kmalloc+0x81/0xa0 [ 4202.271213] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4202.276757] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4202.282015] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4202.287856] kthread+0x364/0x420 [ 4202.292528] ret_from_fork+0x22/0x30 [ 4202.301144] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4202.312833] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4202.324232] The buggy address belongs to the page: [ 4202.329480] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4202.337349] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4202.343596] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4202.350133] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4202.356643] page dumped because: kasan: bad access detected [ 4202.366057] Memory state around the buggy address: [ 4202.371292] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.377572] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.383783] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.389968] ^ [ 4202.394508] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.400746] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.406883] ================================================================== [ 4202.413074] ================================================================== [ 4202.419102] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 4202.426457] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4202.436535] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4202.449136] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4202.455249] Call Trace: [ 4202.459663] dump_stack_lvl+0x57/0x81 [ 4202.464562] print_address_description.constprop.0+0x1f/0x140 [ 4202.470341] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 4202.476869] __kasan_report.cold+0x7f/0x122 [ 4202.482053] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 4202.488623] kasan_report+0x38/0x50 [ 4202.493538] kasan_check_range+0xfd/0x1e0 [ 4202.498630] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 4202.505102] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4202.511412] ? pick_next_task_fair+0x9a/0xe50 [ 4202.516749] ? kunit_kfree+0x200/0x200 [kunit] [ 4202.522135] ? fs_reclaim_acquire+0xb7/0x160 [ 4202.527448] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4202.533383] ? rcu_read_lock_bh_held+0x30/0x70 [ 4202.538837] ? trace_kmalloc+0x3c/0x100 [ 4202.543970] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4202.549482] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4202.555358] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4202.562103] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4202.568118] ? kunit_add_resource+0x197/0x280 [kunit] [ 4202.573884] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4202.579560] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4202.585183] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4202.591344] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4202.597097] kthread+0x364/0x420 [ 4202.601998] ? set_kthread_struct+0x110/0x110 [ 4202.607335] ret_from_fork+0x22/0x30 [ 4202.616199] Allocated by task 119819: [ 4202.621059] kasan_save_stack+0x1e/0x50 [ 4202.625908] __kasan_kmalloc+0x81/0xa0 [ 4202.630717] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4202.636254] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4202.641546] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4202.647385] kthread+0x364/0x420 [ 4202.652044] ret_from_fork+0x22/0x30 [ 4202.660581] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4202.672298] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4202.683714] The buggy address belongs to the page: [ 4202.688984] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4202.696782] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4202.702946] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4202.709439] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4202.715934] page dumped because: kasan: bad access detected [ 4202.725376] Memory state around the buggy address: [ 4202.730630] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.736940] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.743150] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.749308] ^ [ 4202.753888] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.760111] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4202.766284] ================================================================== [ 4202.772407] ================================================================== [ 4202.778510] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 4202.785884] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4202.796079] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4202.808674] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4202.814754] Call Trace: [ 4202.819203] dump_stack_lvl+0x57/0x81 [ 4202.824185] print_address_description.constprop.0+0x1f/0x140 [ 4202.829967] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 4202.836514] __kasan_report.cold+0x7f/0x122 [ 4202.841682] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 4202.848329] kasan_report+0x38/0x50 [ 4202.853247] kasan_check_range+0xfd/0x1e0 [ 4202.858374] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 4202.864924] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4202.871235] ? pick_next_task_fair+0x9a/0xe50 [ 4202.876544] ? kunit_kfree+0x200/0x200 [kunit] [ 4202.881929] ? fs_reclaim_acquire+0xb7/0x160 [ 4202.887241] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4202.893136] ? rcu_read_lock_bh_held+0x30/0x70 [ 4202.898568] ? trace_kmalloc+0x3c/0x100 [ 4202.903726] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4202.909268] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4202.915157] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4202.921876] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4202.927884] ? kunit_add_resource+0x197/0x280 [kunit] [ 4202.933616] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4202.939250] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4202.944977] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4202.951163] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4202.956923] kthread+0x364/0x420 [ 4202.961864] ? set_kthread_struct+0x110/0x110 [ 4202.967175] ret_from_fork+0x22/0x30 [ 4202.975991] Allocated by task 119819: [ 4202.980804] kasan_save_stack+0x1e/0x50 [ 4202.985715] __kasan_kmalloc+0x81/0xa0 [ 4202.990586] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4202.996189] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4203.001505] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4203.007401] kthread+0x364/0x420 [ 4203.012104] ret_from_fork+0x22/0x30 [ 4203.020725] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4203.032529] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4203.044032] The buggy address belongs to the page: [ 4203.049347] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4203.057318] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4203.063645] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4203.070242] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4203.076867] page dumped because: kasan: bad access detected [ 4203.086382] Memory state around the buggy address: [ 4203.091716] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.098091] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.104370] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.110618] ^ [ 4203.115223] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.121553] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.127763] ================================================================== [ 4203.134071] ================================================================== [ 4203.140193] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 4203.147647] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4203.157947] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4203.170557] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4203.176701] Call Trace: [ 4203.181144] dump_stack_lvl+0x57/0x81 [ 4203.186027] print_address_description.constprop.0+0x1f/0x140 [ 4203.191862] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 4203.198469] __kasan_report.cold+0x7f/0x122 [ 4203.203683] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 4203.210357] kasan_report+0x38/0x50 [ 4203.215329] kasan_check_range+0xfd/0x1e0 [ 4203.220471] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 4203.227045] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4203.233419] ? pick_next_task_fair+0x9a/0xe50 [ 4203.238843] ? kunit_kfree+0x200/0x200 [kunit] [ 4203.244270] ? fs_reclaim_acquire+0xb7/0x160 [ 4203.249644] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4203.255649] ? rcu_read_lock_bh_held+0x30/0x70 [ 4203.261156] ? trace_kmalloc+0x3c/0x100 [ 4203.266347] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4203.271925] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4203.277851] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4203.284587] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4203.290635] ? kunit_add_resource+0x197/0x280 [kunit] [ 4203.296471] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4203.302198] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4203.307975] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4203.314197] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4203.320010] kthread+0x364/0x420 [ 4203.324968] ? set_kthread_struct+0x110/0x110 [ 4203.330326] ret_from_fork+0x22/0x30 [ 4203.339204] Allocated by task 119819: [ 4203.344104] kasan_save_stack+0x1e/0x50 [ 4203.349021] __kasan_kmalloc+0x81/0xa0 [ 4203.353872] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4203.359446] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4203.364692] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4203.370389] kthread+0x364/0x420 [ 4203.374977] ret_from_fork+0x22/0x30 [ 4203.383416] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4203.394984] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4203.406012] The buggy address belongs to the page: [ 4203.411111] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4203.418615] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4203.424637] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4203.430945] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4203.437190] page dumped because: kasan: bad access detected [ 4203.446401] Memory state around the buggy address: [ 4203.451530] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.457599] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.463597] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.469554] ^ [ 4203.473994] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.479964] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.486035] ================================================================== [ 4203.492324] ================================================================== [ 4203.498425] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 4203.505773] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4203.516035] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4203.528631] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4203.534745] Call Trace: [ 4203.539136] dump_stack_lvl+0x57/0x81 [ 4203.544046] print_address_description.constprop.0+0x1f/0x140 [ 4203.549884] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 4203.556467] __kasan_report.cold+0x7f/0x122 [ 4203.561638] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 4203.568238] kasan_report+0x38/0x50 [ 4203.573166] kasan_check_range+0xfd/0x1e0 [ 4203.578293] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 4203.584830] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4203.591156] ? pick_next_task_fair+0x9a/0xe50 [ 4203.596499] ? kunit_kfree+0x200/0x200 [kunit] [ 4203.601877] ? fs_reclaim_acquire+0xb7/0x160 [ 4203.607200] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4203.613087] ? rcu_read_lock_bh_held+0x30/0x70 [ 4203.618560] ? trace_kmalloc+0x3c/0x100 [ 4203.623743] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4203.629279] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4203.635163] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4203.641914] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4203.647942] ? kunit_add_resource+0x197/0x280 [kunit] [ 4203.653740] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4203.659441] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4203.665168] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4203.671357] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4203.677158] kthread+0x364/0x420 [ 4203.682095] ? set_kthread_struct+0x110/0x110 [ 4203.687425] ret_from_fork+0x22/0x30 [ 4203.696248] Allocated by task 119819: [ 4203.701092] kasan_save_stack+0x1e/0x50 [ 4203.705943] __kasan_kmalloc+0x81/0xa0 [ 4203.710744] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4203.716283] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4203.721574] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4203.727531] kthread+0x364/0x420 [ 4203.732197] ret_from_fork+0x22/0x30 [ 4203.740770] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4203.752512] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4203.763962] The buggy address belongs to the page: [ 4203.769113] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4203.777004] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4203.783268] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4203.789882] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4203.796419] page dumped because: kasan: bad access detected [ 4203.805927] Memory state around the buggy address: [ 4203.811215] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.817547] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.823846] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.830028] ^ [ 4203.834591] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.840847] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4203.847019] ================================================================== [ 4203.853276] ================================================================== [ 4203.859516] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 4203.867043] Read of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4203.877343] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4203.890084] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4203.896235] Call Trace: [ 4203.900677] dump_stack_lvl+0x57/0x81 [ 4203.905587] print_address_description.constprop.0+0x1f/0x140 [ 4203.911457] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 4203.918118] __kasan_report.cold+0x7f/0x122 [ 4203.923329] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 4203.930009] kasan_report+0x38/0x50 [ 4203.934973] kasan_check_range+0xfd/0x1e0 [ 4203.940118] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 4203.946743] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4203.953134] ? pick_next_task_fair+0x9a/0xe50 [ 4203.958526] ? kunit_kfree+0x200/0x200 [kunit] [ 4203.963970] ? fs_reclaim_acquire+0xb7/0x160 [ 4203.969328] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4203.975332] ? rcu_read_lock_bh_held+0x30/0x70 [ 4203.980853] ? trace_kmalloc+0x3c/0x100 [ 4203.986054] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4203.991642] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4203.997603] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4204.004449] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4204.010578] ? kunit_add_resource+0x197/0x280 [kunit] [ 4204.016457] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4204.022209] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4204.027996] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4204.034240] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4204.040095] kthread+0x364/0x420 [ 4204.045048] ? set_kthread_struct+0x110/0x110 [ 4204.050432] ret_from_fork+0x22/0x30 [ 4204.059374] Allocated by task 119819: [ 4204.064268] kasan_save_stack+0x1e/0x50 [ 4204.069204] __kasan_kmalloc+0x81/0xa0 [ 4204.074061] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4204.079673] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4204.085053] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4204.090996] kthread+0x364/0x420 [ 4204.095686] ret_from_fork+0x22/0x30 [ 4204.104348] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4204.116257] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4204.127837] The buggy address belongs to the page: [ 4204.133153] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4204.141166] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4204.147490] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4204.154161] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4204.160776] page dumped because: kasan: bad access detected [ 4204.170297] Memory state around the buggy address: [ 4204.175625] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.182064] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.188428] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.194751] ^ [ 4204.199359] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.205704] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.211966] ================================================================== [ 4204.218308] ================================================================== [ 4204.224544] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 4204.232054] Read of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4204.242409] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4204.255189] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4204.261346] Call Trace: [ 4204.265747] dump_stack_lvl+0x57/0x81 [ 4204.270723] print_address_description.constprop.0+0x1f/0x140 [ 4204.276609] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 4204.283286] __kasan_report.cold+0x7f/0x122 [ 4204.288516] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 4204.295205] kasan_report+0x38/0x50 [ 4204.300160] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 4204.306842] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4204.313220] ? pick_next_task_fair+0x9a/0xe50 [ 4204.318645] ? kunit_kfree+0x200/0x200 [kunit] [ 4204.324150] ? fs_reclaim_acquire+0xb7/0x160 [ 4204.329534] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4204.335566] ? rcu_read_lock_bh_held+0x30/0x70 [ 4204.341076] ? trace_kmalloc+0x3c/0x100 [ 4204.346303] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4204.351908] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4204.357894] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4204.364763] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4204.370829] ? kunit_add_resource+0x197/0x280 [kunit] [ 4204.376698] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4204.382453] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4204.388310] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4204.394612] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4204.400508] kthread+0x364/0x420 [ 4204.405519] ? set_kthread_struct+0x110/0x110 [ 4204.411029] ret_from_fork+0x22/0x30 [ 4204.420101] Allocated by task 119819: [ 4204.425045] kasan_save_stack+0x1e/0x50 [ 4204.430034] __kasan_kmalloc+0x81/0xa0 [ 4204.434932] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4204.440594] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4204.445990] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4204.451925] kthread+0x364/0x420 [ 4204.456619] ret_from_fork+0x22/0x30 [ 4204.465370] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4204.477296] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4204.488889] The buggy address belongs to the page: [ 4204.494286] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4204.502322] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4204.508730] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4204.515473] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4204.522175] page dumped because: kasan: bad access detected [ 4204.531786] Memory state around the buggy address: [ 4204.537172] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.543625] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.550027] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.556387] ^ [ 4204.561066] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.567427] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.573675] ================================================================== [ 4204.580050] ================================================================== [ 4204.586328] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 4204.593731] Write of size 8 at addr ffff88810567ab88 by task kunit_try_catch/119819 [ 4204.603998] CPU: 1 PID: 119819 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4204.616536] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4204.622641] Call Trace: [ 4204.627068] dump_stack_lvl+0x57/0x81 [ 4204.631954] print_address_description.constprop.0+0x1f/0x140 [ 4204.637762] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 4204.644317] __kasan_report.cold+0x7f/0x122 [ 4204.649511] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 4204.656153] kasan_report+0x38/0x50 [ 4204.661076] kasan_check_range+0xfd/0x1e0 [ 4204.666235] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 4204.672767] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 4204.679060] ? pick_next_task_fair+0x9a/0xe50 [ 4204.684394] ? kunit_kfree+0x200/0x200 [kunit] [ 4204.689830] ? fs_reclaim_acquire+0xb7/0x160 [ 4204.695221] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4204.701164] ? rcu_read_lock_bh_held+0x30/0x70 [ 4204.706621] ? trace_kmalloc+0x3c/0x100 [ 4204.711830] ? kmem_cache_alloc_trace+0x1af/0x320 [ 4204.717379] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 4204.723238] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 4204.729998] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 4204.736068] ? kunit_add_resource+0x197/0x280 [kunit] [ 4204.741835] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4204.747538] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4204.753301] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4204.759540] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4204.765314] kthread+0x364/0x420 [ 4204.770257] ? set_kthread_struct+0x110/0x110 [ 4204.775608] ret_from_fork+0x22/0x30 [ 4204.784463] Allocated by task 119819: [ 4204.789310] kasan_save_stack+0x1e/0x50 [ 4204.794207] __kasan_kmalloc+0x81/0xa0 [ 4204.799043] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 4204.804512] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4204.809805] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4204.815704] kthread+0x364/0x420 [ 4204.820398] ret_from_fork+0x22/0x30 [ 4204.829006] The buggy address belongs to the object at ffff88810567ab80 which belongs to the cache kmalloc-16 of size 16 [ 4204.840778] The buggy address is located 8 bytes inside of 16-byte region [ffff88810567ab80, ffff88810567ab90) [ 4204.852235] The buggy address belongs to the page: [ 4204.857473] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4204.865308] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4204.871561] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4204.878000] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4204.884239] page dumped because: kasan: bad access detected [ 4204.893416] Memory state around the buggy address: [ 4204.898578] ffff88810567aa80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.904644] ffff88810567ab00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.910643] >ffff88810567ab80: 00 01 fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.916591] ^ [ 4204.921027] ffff88810567ac00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.927003] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4204.932918] ================================================================== [ 4204.939193] ok 45 - kasan_bitops_generic [ 4204.959909] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 4204.966295] ================================================================== [ 4204.978691] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4204.985209] Read of size 1 at addr ffff88810567ade0 by task kunit_try_catch/119823 [ 4204.995320] CPU: 1 PID: 119823 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4205.007752] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4205.013746] Call Trace: [ 4205.018217] dump_stack_lvl+0x57/0x81 [ 4205.023216] print_address_description.constprop.0+0x1f/0x140 [ 4205.029168] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4205.035143] __kasan_report.cold+0x7f/0x122 [ 4205.040416] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4205.046401] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4205.052306] kasan_report+0x38/0x50 [ 4205.057212] __kasan_check_byte+0x36/0x50 [ 4205.062386] kfree_sensitive+0x1b/0x60 [ 4205.067424] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4205.073316] ? vmalloc_oob+0x280/0x280 [test_kasan] [ 4205.078910] ? do_raw_spin_trylock+0xb5/0x180 [ 4205.084257] ? do_raw_spin_lock+0x270/0x270 [ 4205.089522] ? rcu_read_lock_sched_held+0x12/0x80 [ 4205.095005] ? lock_acquire+0x228/0x2d0 [ 4205.100074] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4205.105645] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4205.111501] ? kunit_add_resource+0x197/0x280 [kunit] [ 4205.117159] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4205.122709] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4205.128331] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4205.134311] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4205.139949] kthread+0x364/0x420 [ 4205.144727] ? set_kthread_struct+0x110/0x110 [ 4205.149948] ret_from_fork+0x22/0x30 [ 4205.158408] Allocated by task 119823: [ 4205.163111] kasan_save_stack+0x1e/0x50 [ 4205.167834] __kasan_kmalloc+0x81/0xa0 [ 4205.172429] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 4205.177831] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4205.182978] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4205.188701] kthread+0x364/0x420 [ 4205.193209] ret_from_fork+0x22/0x30 [ 4205.201461] Freed by task 119823: [ 4205.205965] kasan_save_stack+0x1e/0x50 [ 4205.210602] kasan_set_track+0x21/0x30 [ 4205.215166] kasan_set_free_info+0x20/0x40 [ 4205.219925] __kasan_slab_free+0xec/0x120 [ 4205.224514] slab_free_freelist_hook+0xa3/0x1d0 [ 4205.229306] kfree+0xdc/0x4e0 [ 4205.233307] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 4205.238486] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4205.243273] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4205.248558] kthread+0x364/0x420 [ 4205.252551] ret_from_fork+0x22/0x30 [ 4205.259771] The buggy address belongs to the object at ffff88810567ade0 which belongs to the cache kmalloc-16 of size 16 [ 4205.270190] The buggy address is located 0 bytes inside of 16-byte region [ffff88810567ade0, ffff88810567adf0) [ 4205.280236] The buggy address belongs to the page: [ 4205.284953] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4205.292348] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4205.298189] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4205.304397] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4205.310654] page dumped because: kasan: bad access detected [ 4205.319353] Memory state around the buggy address: [ 4205.324352] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.330233] ffff88810567ad00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.336055] >ffff88810567ad80: fb fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 4205.341840] ^ [ 4205.347540] ffff88810567ae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.353458] ffff88810567ae80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.359547] ================================================================== [ 4205.365796] ================================================================== [ 4205.371847] BUG: KASAN: double-free or invalid-free in kfree+0xdc/0x4e0 [ 4205.381096] CPU: 1 PID: 119823 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4205.393145] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4205.399014] Call Trace: [ 4205.403161] dump_stack_lvl+0x57/0x81 [ 4205.407846] print_address_description.constprop.0+0x1f/0x140 [ 4205.413523] ? kfree+0xdc/0x4e0 [ 4205.418060] kasan_report_invalid_free+0x70/0xa0 [ 4205.423202] ? kfree+0xdc/0x4e0 [ 4205.427688] __kasan_slab_free+0x108/0x120 [ 4205.432565] slab_free_freelist_hook+0xa3/0x1d0 [ 4205.437673] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4205.443354] kfree+0xdc/0x4e0 [ 4205.447820] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4205.453558] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 4205.459257] ? vmalloc_oob+0x280/0x280 [test_kasan] [ 4205.464645] ? do_raw_spin_trylock+0xb5/0x180 [ 4205.469788] ? do_raw_spin_lock+0x270/0x270 [ 4205.474878] ? rcu_read_lock_sched_held+0x12/0x80 [ 4205.480184] ? lock_acquire+0x228/0x2d0 [ 4205.485061] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4205.490417] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4205.496065] ? kunit_add_resource+0x197/0x280 [kunit] [ 4205.501449] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4205.506783] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4205.512207] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4205.518079] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4205.523516] kthread+0x364/0x420 [ 4205.528136] ? set_kthread_struct+0x110/0x110 [ 4205.533237] ret_from_fork+0x22/0x30 [ 4205.541681] Allocated by task 119823: [ 4205.546240] kasan_save_stack+0x1e/0x50 [ 4205.550812] __kasan_kmalloc+0x81/0xa0 [ 4205.555322] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 4205.560567] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4205.565521] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4205.571004] kthread+0x364/0x420 [ 4205.575171] ret_from_fork+0x22/0x30 [ 4205.583117] Freed by task 119823: [ 4205.587379] kasan_save_stack+0x1e/0x50 [ 4205.591850] kasan_set_track+0x21/0x30 [ 4205.596413] kasan_set_free_info+0x20/0x40 [ 4205.600977] __kasan_slab_free+0xec/0x120 [ 4205.605551] slab_free_freelist_hook+0xa3/0x1d0 [ 4205.610286] kfree+0xdc/0x4e0 [ 4205.614315] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 4205.619405] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4205.624129] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4205.629331] kthread+0x364/0x420 [ 4205.633309] ret_from_fork+0x22/0x30 [ 4205.640622] The buggy address belongs to the object at ffff88810567ade0 which belongs to the cache kmalloc-16 of size 16 [ 4205.651017] The buggy address is located 0 bytes inside of 16-byte region [ffff88810567ade0, ffff88810567adf0) [ 4205.661146] The buggy address belongs to the page: [ 4205.665836] page:0000000030e94bec refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810567a7e0 pfn:0x10567a [ 4205.673179] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 4205.678973] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 4205.685105] raw: ffff88810567a7e0 000000008080007f 00000001ffffffff 0000000000000000 [ 4205.691238] page dumped because: kasan: bad access detected [ 4205.699947] Memory state around the buggy address: [ 4205.704904] ffff88810567ac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.710925] ffff88810567ad00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.716917] >ffff88810567ad80: fb fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 4205.722890] ^ [ 4205.728498] ffff88810567ae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.734556] ffff88810567ae80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 4205.740514] ================================================================== [ 4205.748190] ok 47 - kmalloc_double_kzfree [ 4205.748724] ================================================================== [ 4205.759650] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x271/0x280 [test_kasan] [ 4205.766045] Read of size 1 at addr ffffc900001a1c1c by task kunit_try_catch/119824 [ 4205.776087] CPU: 1 PID: 119824 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-171.mr1409_221001_1607.el9.x86_64+debug #1 [ 4205.788702] Hardware name: Red Hat KVM, BIOS 1.15.0-1.el9 04/01/2014 [ 4205.794732] Call Trace: [ 4205.799121] dump_stack_lvl+0x57/0x81 [ 4205.804017] print_address_description.constprop.0+0x1f/0x140 [ 4205.809874] ? vmalloc_oob+0x271/0x280 [test_kasan] [ 4205.815337] __kasan_report.cold+0x7f/0x122 [ 4205.820451] ? vmalloc_oob+0x271/0x280 [test_kasan] [ 4205.825901] kasan_report+0x38/0x50 [ 4205.830643] vmalloc_oob+0x271/0x280 [test_kasan] [ 4205.836095] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 4205.842015] ? do_raw_spin_trylock+0xb5/0x180 [ 4205.847314] ? do_raw_spin_lock+0x270/0x270 [ 4205.852549] ? rcu_read_lock_sched_held+0x12/0x80 [ 4205.858014] ? lock_acquire+0x228/0x2d0 [ 4205.863095] ? kunit_add_resource+0xb4/0x280 [kunit] [ 4205.868665] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 4205.874549] ? kunit_add_resource+0x197/0x280 [kunit] [ 4205.880160] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 4205.885690] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 4205.891311] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 4205.897410] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 4205.903078] kthread+0x364/0x420 [ 4205.907825] ? set_kthread_struct+0x110/0x110 [ 4205.913102] ret_from_fork+0x22/0x30 [ 4205.925829] Memory state around the buggy address: [ 4205.931115] ffffc900001a1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 4205.937414] ffffc900001a1b80: 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 4205.943647] >ffffc900001a1c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 4205.949878] ^ [ 4205.954619] ffffc900001a1c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 4205.960848] ffffc900001a1d00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 4205.967033] ================================================================== [ 4205.974075] ok 48 - vmalloc_oob [ 4205.974558] ok 49 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 4205.979852] ok 50 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 4205.987320] ok 51 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 4205.994194] ok 18 - kasan [ 4206.201278] # Subtest: linear-ranges-test [ 4206.201290] 1..4 [ 4206.208241] ok 1 - range_test_get_value_amount [ 4206.213301] ok 2 - range_test_get_selector_high [ 4206.219658] ok 3 - range_test_get_selector_low [ 4206.226426] ok 4 - range_test_get_value [ 4206.231527] ok 19 - linear-ranges-test [ 4206.317301] # Subtest: list_sort [ 4206.317312] 1..1 [ 4206.338562] ok 1 - list_sort_test [ 4206.342253] ok 20 - list_sort [ 4206.534581] # Subtest: time_test_cases [ 4206.534593] 1..1 [ 4215.599757] ok 1 - time64_to_tm_test_date_range [ 4215.603768] ok 21 - time_test_cases