[ 2779.115487] Running test [R:13242419 T:8 - KUNIT - Kernel: 5.14.0-236.1888_749431169.el9.x86_64+debug] [ 2789.086080] # Subtest: bitfields [ 2789.086091] 1..2 [ 2789.087578] ok 1 - test_bitfields_constants [ 2789.088289] ok 2 - test_bitfields_variables [ 2789.088909] ok 1 - bitfields [ 2789.605700] # Subtest: cmdline [ 2789.605710] 1..4 [ 2789.606671] ok 1 - cmdline_test_noint [ 2789.607589] ok 2 - cmdline_test_lead_int [ 2789.608619] ok 3 - cmdline_test_tail_int [ 2789.609639] ok 4 - cmdline_test_range [ 2789.610240] ok 2 - cmdline [ 2790.080818] # Subtest: ext4_inode_test [ 2790.080829] 1..1 [ 2790.081567] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits [ 2790.085205] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits [ 2790.087536] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits [ 2790.089268] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits [ 2790.090814] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on [ 2790.092609] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on [ 2790.094441] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on [ 2790.096234] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on [ 2790.097795] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on [ 2790.099702] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on [ 2790.101423] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on [ 2790.103190] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on [ 2790.104947] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns [ 2790.106710] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns [ 2790.108538] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on [ 2790.110387] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on [ 2790.111671] ok 1 - inode_test_xtimestamp_decoding [ 2790.112808] ok 3 - ext4_inode_test [ 2791.138327] # Subtest: kunit-try-catch-test [ 2791.138338] 1..2 [ 2791.139793] ok 1 - kunit_test_try_catch_successful_try_no_catch [ 2791.141111] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch [ 2791.141920] ok 4 - kunit-try-catch-test [ 2791.144143] # Subtest: kunit-resource-test [ 2791.144151] 1..7 [ 2791.145354] ok 1 - kunit_resource_test_init_resources [ 2791.146376] ok 2 - kunit_resource_test_alloc_resource [ 2791.147423] ok 3 - kunit_resource_test_destroy_resource [ 2791.149093] ok 4 - kunit_resource_test_cleanup_resources [ 2791.150432] ok 5 - kunit_resource_test_proper_free_ordering [ 2791.151551] ok 6 - kunit_resource_test_static [ 2791.153187] ok 7 - kunit_resource_test_named [ 2791.153774] ok 5 - kunit-resource-test [ 2791.155557] # Subtest: kunit-log-test [ 2791.155564] 1..1 [ 2791.156643] put this in log. [ 2791.157077] this too. [ 2791.157455] add to suite log. [ 2791.157715] along with this. [ 2791.158793] ok 1 - kunit_log_test [ 2791.159278] ok 6 - kunit-log-test [ 2791.160737] # Subtest: kunit_status [ 2791.160744] 1..2 [ 2791.162056] ok 1 - kunit_status_set_failure_test [ 2791.162637] ok 2 - kunit_status_mark_skipped_test [ 2791.163314] ok 7 - kunit_status [ 2791.292122] # Subtest: rtc_lib_test_cases [ 2791.292133] 1..1 [ 2795.552303] ok 1 - rtc_time64_to_tm_test_date_range [ 2795.552653] ok 8 - rtc_lib_test_cases [ 2795.725554] # Subtest: list-kunit-test [ 2795.725565] 1..36 [ 2795.726699] ok 1 - list_test_list_init [ 2795.727598] ok 2 - list_test_list_add [ 2795.728624] ok 3 - list_test_list_add_tail [ 2795.729689] ok 4 - list_test_list_del [ 2795.730951] ok 5 - list_test_list_replace [ 2795.731713] ok 6 - list_test_list_replace_init [ 2795.733107] ok 7 - list_test_list_swap [ 2795.734377] ok 8 - list_test_list_del_init [ 2795.735201] ok 9 - list_test_list_move [ 2795.736516] ok 10 - list_test_list_move_tail [ 2795.737403] ok 11 - list_test_list_bulk_move_tail [ 2795.740078] ok 12 - list_test_list_is_first [ 2795.741269] ok 13 - list_test_list_is_last [ 2795.742286] ok 14 - list_test_list_empty [ 2795.743561] ok 15 - list_test_list_empty_careful [ 2795.744672] ok 16 - list_test_list_rotate_left [ 2795.745995] ok 17 - list_test_list_rotate_to_front [ 2795.747150] ok 18 - list_test_list_is_singular [ 2795.748335] ok 19 - list_test_list_cut_position [ 2795.749384] ok 20 - list_test_list_cut_before [ 2795.750614] ok 21 - list_test_list_splice [ 2795.751950] ok 22 - list_test_list_splice_tail [ 2795.752750] ok 23 - list_test_list_splice_init [ 2795.754144] ok 24 - list_test_list_splice_tail_init [ 2795.755284] ok 25 - list_test_list_entry [ 2795.756359] ok 26 - list_test_list_first_entry [ 2795.757691] ok 27 - list_test_list_last_entry [ 2795.758989] ok 28 - list_test_list_first_entry_or_null [ 2795.760136] ok 29 - list_test_list_next_entry [ 2795.761382] ok 30 - list_test_list_prev_entry [ 2795.762342] ok 31 - list_test_list_for_each [ 2795.763555] ok 32 - list_test_list_for_each_prev [ 2795.764712] ok 33 - list_test_list_for_each_safe [ 2795.766008] ok 34 - list_test_list_for_each_prev_safe [ 2795.767153] ok 35 - list_test_list_for_each_entry [ 2795.768364] ok 36 - list_test_list_for_each_entry_reverse [ 2795.769055] ok 9 - list-kunit-test [ 2795.889477] # Subtest: memcpy [ 2795.889488] 1..4 [ 2795.890444] # memset_test: ok: memset() direct assignment [ 2795.891384] # memset_test: ok: memset() complete overwrite [ 2795.891986] # memset_test: ok: memset() middle overwrite [ 2795.892554] # memset_test: ok: memset() argument side-effects [ 2795.893179] # memset_test: ok: memset() memset_after() [ 2795.893728] # memset_test: ok: memset() memset_startat() [ 2795.895249] ok 1 - memset_test [ 2795.895463] # memcpy_test: ok: memcpy() static initializers [ 2795.896488] # memcpy_test: ok: memcpy() direct assignment [ 2795.897084] # memcpy_test: ok: memcpy() complete overwrite [ 2795.897677] # memcpy_test: ok: memcpy() middle overwrite [ 2795.898261] # memcpy_test: ok: memcpy() argument side-effects [ 2795.899699] ok 2 - memcpy_test [ 2795.900045] # memmove_test: ok: memmove() static initializers [ 2795.901152] # memmove_test: ok: memmove() direct assignment [ 2795.901795] # memmove_test: ok: memmove() complete overwrite [ 2795.902411] # memmove_test: ok: memmove() middle overwrite [ 2795.903070] # memmove_test: ok: memmove() argument side-effects [ 2795.903703] # memmove_test: ok: memmove() overlapping write [ 2795.905201] ok 3 - memmove_test [ 2795.905554] ok 4 - strtomem_test [ 2795.906001] ok 10 - memcpy [ 2796.022317] # Subtest: mptcp-crypto [ 2796.022342] 1..1 [ 2796.028885] ok 1 - mptcp_crypto_test_basic [ 2796.029178] ok 11 - mptcp-crypto [ 2796.160056] # Subtest: mptcp-token [ 2796.160066] 1..4 [ 2796.161211] ok 1 - mptcp_token_test_req_basic [ 2796.162141] ok 2 - mptcp_token_test_msk_basic [ 2796.163314] ok 3 - mptcp_token_test_accept [ 2796.164266] ok 4 - mptcp_token_test_destroyed [ 2796.164914] ok 12 - mptcp-token [ 2796.461541] # Subtest: rational [ 2796.461551] 1..1 [ 2796.462643] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term [ 2796.463524] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term [ 2796.465111] # rational_test: ok 3 - Closest to zero [ 2796.466452] # rational_test: ok 4 - Closest to smallest non-zero [ 2796.467865] # rational_test: ok 5 - Use convergent [ 2796.469138] # rational_test: ok 6 - Exact answer [ 2796.470393] # rational_test: ok 7 - Semiconvergent, numerator limit [ 2796.471398] # rational_test: ok 8 - Semiconvergent, denominator limit [ 2796.472252] ok 1 - rational_test [ 2796.472987] ok 13 - rational [ 2796.588181] # Subtest: resource [ 2796.588192] 1..2 [ 2796.589154] ok 1 - resource_test_union [ 2796.589809] ok 2 - resource_test_intersection [ 2796.590319] ok 14 - resource [ 2796.701295] # Subtest: slub_test [ 2796.701330] 1..2 [ 2796.713415] ok 1 - test_clobber_zone [ 2796.723524] ok 2 - test_clobber_redzone_free [ 2796.724104] ok 15 - slub_test [ 2797.181066] # Subtest: snd_soc_tplg_test [ 2797.181077] 1..11 [ 2797.184490] ok 1 - snd_soc_tplg_test_load_with_null_comp [ 2797.188146] ok 2 - snd_soc_tplg_test_load_with_null_ops [ 2797.191246] ok 3 - snd_soc_tplg_test_load_with_null_fw [ 2797.195357] ok 4 - snd_soc_tplg_test_load_empty_tplg [ 2797.199849] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic [ 2797.203331] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi [ 2797.206921] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size [ 2797.208677] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size [ 2797.210433] ok 9 - snd_soc_tplg_test_load_pcm_tplg [ 2797.213376] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp [ 2797.217350] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.220720] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.263473] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.267519] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.291348] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.295371] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.318558] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.320594] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.349650] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.351656] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.383857] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.387570] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.420124] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.430400] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.459411] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.463510] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.490228] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.493402] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.524072] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.526105] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.554587] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.556658] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.581459] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.586598] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.617872] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.621489] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.647743] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.651468] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.680526] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.686851] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.708881] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.712470] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.747533] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.751499] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.775339] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.779545] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.807997] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.811514] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.838482] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.844140] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.878454] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.885129] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.913102] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.917546] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.940961] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.945199] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2797.972651] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2797.978056] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.005180] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.009518] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.033155] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.041431] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.072585] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.076505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.100562] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.104537] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.129032] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.134265] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.171473] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.175514] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.205709] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.210716] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.235228] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.239650] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.264222] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.268533] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.295619] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.299549] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.331327] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.364164] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.368555] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.395692] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.403228] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.429339] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.432605] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.457398] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.461487] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.495154] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.500084] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.526207] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.533549] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.563157] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.566517] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.591989] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.595554] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.622099] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.625615] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.664082] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.668505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.700285] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.704654] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.730735] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.735573] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.762343] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.766559] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.791270] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.793525] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.825950] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.829674] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.863475] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.865625] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.892168] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.895554] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.922458] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.924681] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.950737] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.957352] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2798.988226] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2798.993272] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.020985] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.024553] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.051484] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.055537] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.082030] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.085638] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.111506] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.117175] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.143457] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.147592] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.184722] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.188541] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.215170] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.219565] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.245907] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.249562] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.276845] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.280541] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.314197] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.319629] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.346956] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.351553] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.377859] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.382539] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.408146] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.412596] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.437453] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.442990] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.473555] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.478513] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.504664] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.509538] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.534481] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.538555] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.565123] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.568488] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.595332] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.599553] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.629476] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.633475] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.657461] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.661507] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.683648] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.687475] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.713534] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.717460] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.748663] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.752444] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.778236] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.781432] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.805496] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.807608] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.834359] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.838487] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.864323] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.871511] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.896222] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.900470] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.924399] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.928457] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.949655] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.954473] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2799.977883] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2799.981430] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.007330] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.011483] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.038901] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.044029] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.065932] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.069404] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.092199] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.095424] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.118053] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.121465] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.152898] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.154814] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.179934] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.183455] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.207319] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.210413] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.233291] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.237419] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.259842] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.261743] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.294262] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.296216] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.320977] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.326106] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.347657] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2800.352480] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2800.377084] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card [ 2800.377094] ok 16 - snd_soc_tplg_test [ 2800.657599] # Subtest: soc-utils [ 2800.657609] 1..1 [ 2800.666780] ok 1 - test_tdm_params_to_bclk [ 2800.667060] ok 17 - soc-utils [ 2801.425387] # Subtest: sysctl_test [ 2801.425399] 1..10 [ 2801.430054] ok 1 - sysctl_test_api_dointvec_null_tbl_data [ 2801.432008] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset [ 2801.434947] ok 3 - sysctl_test_api_dointvec_table_len_is_zero [ 2801.437912] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set [ 2801.440949] ok 5 - sysctl_test_dointvec_read_happy_single_positive [ 2801.443898] ok 6 - sysctl_test_dointvec_read_happy_single_negative [ 2801.445943] ok 7 - sysctl_test_dointvec_write_happy_single_positive [ 2801.448896] ok 8 - sysctl_test_dointvec_write_happy_single_negative [ 2801.451915] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min [ 2801.455044] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max [ 2801.455898] ok 18 - sysctl_test [ 2801.694347] # Subtest: bits-test [ 2801.694358] 1..3 [ 2801.707906] ok 1 - genmask_test [ 2801.710933] ok 2 - genmask_ull_test [ 2801.712873] ok 3 - genmask_input_check_test [ 2801.713279] ok 19 - bits-test [ 2802.831587] # Subtest: kasan [ 2802.831598] 1..55 [ 2802.836963] ================================================================== [ 2802.837889] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2802.838617] Write of size 1 at addr ffff8881095f7673 by task kunit_try_catch/117589 [ 2802.839312] [ 2802.839473] CPU: 0 PID: 117589 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2802.840466] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2802.840979] Call Trace: [ 2802.841214] [ 2802.841426] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2802.841912] dump_stack_lvl+0x57/0x81 [ 2802.842273] print_address_description.constprop.0+0x1f/0x1e0 [ 2802.842838] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2802.843327] print_report.cold+0x5c/0x237 [ 2802.843723] kasan_report+0xc9/0x100 [ 2802.844074] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2802.844563] kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2802.845077] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2802.845607] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2802.846125] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2802.846628] ? kunit_add_resource+0x197/0x280 [kunit] [ 2802.847091] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.847540] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2802.848003] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.848556] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2802.849022] kthread+0x2a7/0x350 [ 2802.849333] ? kthread_complete_and_exit+0x20/0x20 [ 2802.849774] ret_from_fork+0x22/0x30 [ 2802.850117] [ 2802.850336] [ 2802.850494] Allocated by task 117589: [ 2802.850835] kasan_save_stack+0x1e/0x40 [ 2802.851188] __kasan_kmalloc+0x81/0xa0 [ 2802.851535] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2802.852002] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.852450] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.853000] kthread+0x2a7/0x350 [ 2802.853329] ret_from_fork+0x22/0x30 [ 2802.853682] [ 2802.853840] Last potentially related work creation: [ 2802.854281] kasan_save_stack+0x1e/0x40 [ 2802.854633] __kasan_record_aux_stack+0x96/0xb0 [ 2802.855047] insert_work+0x47/0x310 [ 2802.855378] __queue_work+0x4dd/0xd60 [ 2802.855718] rcu_work_rcufn+0x42/0x70 [ 2802.856058] rcu_do_batch+0x3c5/0xdc0 [ 2802.856405] rcu_core+0x3de/0x5a0 [ 2802.856721] __do_softirq+0x2d3/0x9a8 [ 2802.857062] [ 2802.857221] Second to last potentially related work creation: [ 2802.857742] kasan_save_stack+0x1e/0x40 [ 2802.858095] __kasan_record_aux_stack+0x96/0xb0 [ 2802.858514] call_rcu+0xee/0x890 [ 2802.858819] queue_rcu_work+0x5a/0x70 [ 2802.859158] writeback_sb_inodes+0x373/0xd00 [ 2802.859561] __writeback_inodes_wb+0xb7/0x210 [ 2802.859963] wb_writeback+0x686/0xa10 [ 2802.860310] wb_do_writeback+0x539/0x8a0 [ 2802.860671] wb_workfn+0x12c/0x670 [ 2802.860991] process_one_work+0x8e5/0x1520 [ 2802.861370] worker_thread+0x59e/0xf90 [ 2802.861718] kthread+0x2a7/0x350 [ 2802.862022] ret_from_fork+0x22/0x30 [ 2802.862360] [ 2802.862518] The buggy address belongs to the object at ffff8881095f7600 [ 2802.862518] which belongs to the cache kmalloc-128 of size 128 [ 2802.863602] The buggy address is located 115 bytes inside of [ 2802.863602] 128-byte region [ffff8881095f7600, ffff8881095f7680) [ 2802.864630] [ 2802.864788] The buggy address belongs to the physical page: [ 2802.865286] page:00000000c10b378d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095f7 [ 2802.866110] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2802.866736] raw: 0017ffffc0000200 ffffea000007a8c0 dead000000000005 ffff8881000418c0 [ 2802.867425] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2802.868153] page dumped because: kasan: bad access detected [ 2802.868662] [ 2802.868821] Memory state around the buggy address: [ 2802.869254] ffff8881095f7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 2802.869899] ffff8881095f7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2802.870548] >ffff8881095f7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2802.871182] ^ [ 2802.871789] ffff8881095f7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2802.872435] ffff8881095f7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2802.873076] ================================================================== [ 2802.873796] Disabling lock debugging due to kernel taint [ 2802.874306] ================================================================== [ 2802.874977] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2802.875730] Write of size 1 at addr ffff8881095f7678 by task kunit_try_catch/117589 [ 2802.876428] [ 2802.876588] CPU: 0 PID: 117589 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2802.877780] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2802.878300] Call Trace: [ 2802.878535] [ 2802.878743] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2802.879229] dump_stack_lvl+0x57/0x81 [ 2802.879579] print_address_description.constprop.0+0x1f/0x1e0 [ 2802.880100] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2802.880631] print_report.cold+0x5c/0x237 [ 2802.880998] kasan_report+0xc9/0x100 [ 2802.881338] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2802.881820] kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2802.882301] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2802.882779] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2802.883303] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2802.883804] ? kunit_add_resource+0x197/0x280 [kunit] [ 2802.884268] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.884715] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2802.885173] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.885771] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2802.886238] kthread+0x2a7/0x350 [ 2802.886550] ? kthread_complete_and_exit+0x20/0x20 [ 2802.886987] ret_from_fork+0x22/0x30 [ 2802.887330] [ 2802.887545] [ 2802.887704] Allocated by task 117589: [ 2802.888040] kasan_save_stack+0x1e/0x40 [ 2802.888398] __kasan_kmalloc+0x81/0xa0 [ 2802.888742] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2802.889204] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.889656] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.890202] kthread+0x2a7/0x350 [ 2802.890513] ret_from_fork+0x22/0x30 [ 2802.890846] [ 2802.891003] Last potentially related work creation: [ 2802.891445] kasan_save_stack+0x1e/0x40 [ 2802.891796] __kasan_record_aux_stack+0x96/0xb0 [ 2802.892209] insert_work+0x47/0x310 [ 2802.892541] __queue_work+0x4dd/0xd60 [ 2802.892882] rcu_work_rcufn+0x42/0x70 [ 2802.893224] rcu_do_batch+0x3c5/0xdc0 [ 2802.893566] rcu_core+0x3de/0x5a0 [ 2802.893880] __do_softirq+0x2d3/0x9a8 [ 2802.894222] [ 2802.894385] Second to last potentially related work creation: [ 2802.894919] kasan_save_stack+0x1e/0x40 [ 2802.895295] __kasan_record_aux_stack+0x96/0xb0 [ 2802.895709] call_rcu+0xee/0x890 [ 2802.896014] queue_rcu_work+0x5a/0x70 [ 2802.896358] writeback_sb_inodes+0x373/0xd00 [ 2802.896752] __writeback_inodes_wb+0xb7/0x210 [ 2802.897154] wb_writeback+0x686/0xa10 [ 2802.897499] wb_do_writeback+0x539/0x8a0 [ 2802.897861] wb_workfn+0x12c/0x670 [ 2802.898178] process_one_work+0x8e5/0x1520 [ 2802.898555] worker_thread+0x59e/0xf90 [ 2802.898899] kthread+0x2a7/0x350 [ 2802.899203] ret_from_fork+0x22/0x30 [ 2802.899542] [ 2802.899700] The buggy address belongs to the object at ffff8881095f7600 [ 2802.899700] which belongs to the cache kmalloc-128 of size 128 [ 2802.900786] The buggy address is located 120 bytes inside of [ 2802.900786] 128-byte region [ffff8881095f7600, ffff8881095f7680) [ 2802.901802] [ 2802.901962] The buggy address belongs to the physical page: [ 2802.902459] page:00000000c10b378d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095f7 [ 2802.903281] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2802.903896] raw: 0017ffffc0000200 ffffea000007a8c0 dead000000000005 ffff8881000418c0 [ 2802.904582] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2802.905287] page dumped because: kasan: bad access detected [ 2802.905823] [ 2802.906014] Memory state around the buggy address: [ 2802.906467] ffff8881095f7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 2802.907102] ffff8881095f7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2802.907780] >ffff8881095f7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2802.908423] ^ [ 2802.909056] ffff8881095f7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2802.909700] ffff8881095f7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2802.910342] ================================================================== [ 2802.911004] ================================================================== [ 2802.911658] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2802.912389] Read of size 1 at addr ffff8881095f7680 by task kunit_try_catch/117589 [ 2802.913056] [ 2802.913215] CPU: 0 PID: 117589 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2802.914421] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2802.914934] Call Trace: [ 2802.915167] [ 2802.915399] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2802.915907] dump_stack_lvl+0x57/0x81 [ 2802.916269] print_address_description.constprop.0+0x1f/0x1e0 [ 2802.916792] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2802.917279] print_report.cold+0x5c/0x237 [ 2802.917659] kasan_report+0xc9/0x100 [ 2802.917994] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2802.918505] kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2802.919004] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2802.919493] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2802.920016] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2802.920525] ? kunit_add_resource+0x197/0x280 [kunit] [ 2802.920987] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.921468] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2802.921948] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.922500] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2802.922966] kthread+0x2a7/0x350 [ 2802.923274] ? kthread_complete_and_exit+0x20/0x20 [ 2802.923714] ret_from_fork+0x22/0x30 [ 2802.924052] [ 2802.924270] [ 2802.924429] Allocated by task 117589: [ 2802.924766] kasan_save_stack+0x1e/0x40 [ 2802.925117] __kasan_kmalloc+0x81/0xa0 [ 2802.925466] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2802.925932] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.926381] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.926924] kthread+0x2a7/0x350 [ 2802.927228] ret_from_fork+0x22/0x30 [ 2802.927564] [ 2802.927721] Last potentially related work creation: [ 2802.928161] kasan_save_stack+0x1e/0x40 [ 2802.928516] __kasan_record_aux_stack+0x96/0xb0 [ 2802.928932] insert_work+0x47/0x310 [ 2802.929265] __queue_work+0x4dd/0xd60 [ 2802.929605] rcu_work_rcufn+0x42/0x70 [ 2802.929942] rcu_do_batch+0x3c5/0xdc0 [ 2802.930283] rcu_core+0x3de/0x5a0 [ 2802.930595] __do_softirq+0x2d3/0x9a8 [ 2802.930930] [ 2802.931088] Second to last potentially related work creation: [ 2802.931608] kasan_save_stack+0x1e/0x40 [ 2802.931960] __kasan_record_aux_stack+0x96/0xb0 [ 2802.932379] call_rcu+0xee/0x890 [ 2802.932683] queue_rcu_work+0x5a/0x70 [ 2802.933020] writeback_sb_inodes+0x373/0xd00 [ 2802.933419] __writeback_inodes_wb+0xb7/0x210 [ 2802.933821] wb_writeback+0x686/0xa10 [ 2802.934158] wb_do_writeback+0x539/0x8a0 [ 2802.934543] wb_workfn+0x12c/0x670 [ 2802.934900] process_one_work+0x8e5/0x1520 [ 2802.935296] worker_thread+0x59e/0xf90 [ 2802.935689] kthread+0x2a7/0x350 [ 2802.936027] ret_from_fork+0x22/0x30 [ 2802.936361] [ 2802.936518] The buggy address belongs to the object at ffff8881095f7600 [ 2802.936518] which belongs to the cache kmalloc-128 of size 128 [ 2802.937604] The buggy address is located 0 bytes to the right of [ 2802.937604] 128-byte region [ffff8881095f7600, ffff8881095f7680) [ 2802.938650] [ 2802.938807] The buggy address belongs to the physical page: [ 2802.939299] page:00000000c10b378d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095f7 [ 2802.940112] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2802.940728] raw: 0017ffffc0000200 ffffea000007a8c0 dead000000000005 ffff8881000418c0 [ 2802.941410] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2802.942086] page dumped because: kasan: bad access detected [ 2802.942581] [ 2802.942739] Memory state around the buggy address: [ 2802.943169] ffff8881095f7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2802.943814] ffff8881095f7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2802.944456] >ffff8881095f7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2802.945149] ^ [ 2802.945491] ffff8881095f7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2802.946123] ffff8881095f7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2802.946762] ================================================================== [ 2802.947464] ok 1 - kmalloc_oob_right [ 2802.949764] ================================================================== [ 2802.950830] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2802.951554] Read of size 1 at addr ffff888044ccecdf by task kunit_try_catch/117590 [ 2802.952233] [ 2802.952399] CPU: 0 PID: 117590 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2802.953616] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2802.954143] Call Trace: [ 2802.954406] [ 2802.954640] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2802.955129] dump_stack_lvl+0x57/0x81 [ 2802.955481] print_address_description.constprop.0+0x1f/0x1e0 [ 2802.956013] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2802.956511] print_report.cold+0x5c/0x237 [ 2802.956887] kasan_report+0xc9/0x100 [ 2802.957232] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2802.957726] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2802.958203] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan] [ 2802.958780] ? do_raw_spin_trylock+0xb5/0x180 [ 2802.959192] ? do_raw_spin_lock+0x270/0x270 [ 2802.959588] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2802.960099] ? kunit_add_resource+0x197/0x280 [kunit] [ 2802.960574] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.961028] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2802.961498] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.962059] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2802.962540] kthread+0x2a7/0x350 [ 2802.962854] ? kthread_complete_and_exit+0x20/0x20 [ 2802.963307] ret_from_fork+0x22/0x30 [ 2802.963655] [ 2802.963875] [ 2802.964035] Allocated by task 0: [ 2802.964349] (stack is not available) [ 2802.964687] [ 2802.964846] Freed by task 117588: [ 2802.965161] kasan_save_stack+0x1e/0x40 [ 2802.965523] kasan_set_track+0x21/0x30 [ 2802.965872] kasan_set_free_info+0x20/0x40 [ 2802.966253] __kasan_slab_free+0x108/0x170 [ 2802.966636] slab_free_freelist_hook+0x11d/0x1d0 [ 2802.967067] kfree+0xe2/0x3c0 [ 2802.967361] shmem_free_in_core_inode+0x71/0x90 [ 2802.967787] rcu_do_batch+0x3c5/0xdc0 [ 2802.968131] rcu_core+0x3de/0x5a0 [ 2802.968451] __do_softirq+0x2d3/0x9a8 [ 2802.968795] [ 2802.968956] The buggy address belongs to the object at ffff888044ccecc0 [ 2802.968956] which belongs to the cache kmalloc-16 of size 16 [ 2802.970091] The buggy address is located 15 bytes to the right of [ 2802.970091] 16-byte region [ffff888044ccecc0, ffff888044ccecd0) [ 2802.971158] [ 2802.971326] The buggy address belongs to the physical page: [ 2802.971828] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2802.972665] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2802.973290] raw: 000fffffc0000200 ffffea00016f1f40 dead000000000002 ffff8881000413c0 [ 2802.973984] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2802.974681] page dumped because: kasan: bad access detected [ 2802.975187] [ 2802.975353] Memory state around the buggy address: [ 2802.975793] ffff888044cceb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2802.976446] ffff888044ccec00: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2802.977096] >ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 07 fc fc [ 2802.977749] ^ [ 2802.978308] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2802.978957] ffff888044cced80: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 2802.979610] ================================================================== [ 2802.980437] ok 2 - kmalloc_oob_left [ 2802.983780] ================================================================== [ 2802.984840] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2802.985639] Read of size 1 at addr ffff888058cdb000 by task kunit_try_catch/117591 [ 2802.986353] [ 2802.986516] CPU: 0 PID: 117591 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2802.987737] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2802.988270] Call Trace: [ 2802.988512] [ 2802.988726] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2802.989272] dump_stack_lvl+0x57/0x81 [ 2802.989620] print_address_description.constprop.0+0x1f/0x1e0 [ 2802.990153] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2802.990695] print_report.cold+0x5c/0x237 [ 2802.991071] kasan_report+0xc9/0x100 [ 2802.991420] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2802.991959] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2802.992490] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan] [ 2802.992958] ? do_raw_spin_trylock+0xb5/0x180 [ 2802.993375] ? do_raw_spin_lock+0x270/0x270 [ 2802.993769] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2802.994286] ? kunit_add_resource+0x197/0x280 [kunit] [ 2802.994761] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2802.995241] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2802.995730] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2802.996292] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2802.996770] kthread+0x2a7/0x350 [ 2802.997079] ? kthread_complete_and_exit+0x20/0x20 [ 2802.997529] ret_from_fork+0x22/0x30 [ 2802.997874] [ 2802.998092] [ 2802.998253] Allocated by task 117591: [ 2802.998599] kasan_save_stack+0x1e/0x40 [ 2802.998959] __kasan_kmalloc+0x81/0xa0 [ 2802.999317] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan] [ 2802.999828] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.000285] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.000846] kthread+0x2a7/0x350 [ 2803.001156] ret_from_fork+0x22/0x30 [ 2803.001504] [ 2803.001665] The buggy address belongs to the object at ffff888058cda000 [ 2803.001665] which belongs to the cache kmalloc-4k of size 4096 [ 2803.002768] The buggy address is located 0 bytes to the right of [ 2803.002768] 4096-byte region [ffff888058cda000, ffff888058cdb000) [ 2803.003841] [ 2803.004001] The buggy address belongs to the physical page: [ 2803.004510] page:00000000904c189f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58cd8 [ 2803.005338] head:00000000904c189f order:3 compound_mapcount:0 compound_pincount:0 [ 2803.006014] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.006684] raw: 000fffffc0010200 dead000000000100 dead000000000122 ffff888100042140 [ 2803.007381] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 2803.008071] page dumped because: kasan: bad access detected [ 2803.008578] [ 2803.008738] Memory state around the buggy address: [ 2803.009177] ffff888058cdaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.009831] ffff888058cdaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.010487] >ffff888058cdb000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.011137] ^ [ 2803.011448] ffff888058cdb080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.012093] ffff888058cdb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.012743] ================================================================== [ 2803.013504] ok 3 - kmalloc_node_oob_right [ 2803.015778] ================================================================== [ 2803.016879] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2803.017692] Write of size 1 at addr ffff88805bc5e00a by task kunit_try_catch/117592 [ 2803.018382] [ 2803.018543] CPU: 0 PID: 117592 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.019755] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.020284] Call Trace: [ 2803.020541] [ 2803.020759] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2803.021348] dump_stack_lvl+0x57/0x81 [ 2803.021692] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.022225] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2803.022799] print_report.cold+0x5c/0x237 [ 2803.023173] kasan_report+0xc9/0x100 [ 2803.023521] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2803.024094] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2803.024660] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan] [ 2803.025189] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.025607] ? do_raw_spin_lock+0x270/0x270 [ 2803.025998] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.026511] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.026981] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.027442] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.027911] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.028478] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.028953] kthread+0x2a7/0x350 [ 2803.029270] ? kthread_complete_and_exit+0x20/0x20 [ 2803.029719] ret_from_fork+0x22/0x30 [ 2803.030066] [ 2803.030287] [ 2803.030447] The buggy address belongs to the physical page: [ 2803.030950] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.031784] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.032454] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.033133] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.033885] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.034599] page dumped because: kasan: bad access detected [ 2803.035096] [ 2803.035255] Memory state around the buggy address: [ 2803.035701] ffff88805bc5df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.036394] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.037041] >ffff88805bc5e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.037698] ^ [ 2803.038027] ffff88805bc5e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.038684] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.039339] ================================================================== [ 2803.040076] ok 4 - kmalloc_pagealloc_oob_right [ 2803.041816] ================================================================== [ 2803.042963] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2803.043737] Read of size 1 at addr ffff88805bc5c000 by task kunit_try_catch/117593 [ 2803.044424] [ 2803.044586] CPU: 0 PID: 117593 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.045850] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.046377] Call Trace: [ 2803.046616] [ 2803.046828] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2803.047372] dump_stack_lvl+0x57/0x81 [ 2803.047721] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.048254] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2803.048799] print_report.cold+0x5c/0x237 [ 2803.049177] kasan_report+0xc9/0x100 [ 2803.049521] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2803.050054] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2803.050574] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan] [ 2803.051170] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.051611] ? do_raw_spin_lock+0x270/0x270 [ 2803.052023] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.052540] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.053007] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.053467] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.053938] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.054504] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.054978] kthread+0x2a7/0x350 [ 2803.055292] ? kthread_complete_and_exit+0x20/0x20 [ 2803.055737] ret_from_fork+0x22/0x30 [ 2803.056084] [ 2803.056305] [ 2803.056466] The buggy address belongs to the physical page: [ 2803.056970] page:000000009deac59a refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.057804] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2803.058397] raw: 000fffffc0000000 ffffea00016f1b08 ffff88810c200270 0000000000000000 [ 2803.059092] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2803.059790] page dumped because: kasan: bad access detected [ 2803.060297] [ 2803.060458] Memory state around the buggy address: [ 2803.060902] ffff88805bc5bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.061558] ffff88805bc5bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.062211] >ffff88805bc5c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.062866] ^ [ 2803.063174] ffff88805bc5c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.063833] ffff88805bc5c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.064491] ================================================================== [ 2803.065195] ok 5 - kmalloc_pagealloc_uaf [ 2803.066774] ================================================================== [ 2803.067881] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2803.068783] [ 2803.068946] CPU: 0 PID: 117594 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.070180] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.070711] Call Trace: [ 2803.070963] [ 2803.071188] dump_stack_lvl+0x57/0x81 [ 2803.071565] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.072140] print_report.cold+0x5c/0x237 [ 2803.072520] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2803.073123] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2803.073730] kasan_report_invalid_free+0x99/0xc0 [ 2803.074164] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2803.074760] kfree+0x2ab/0x3c0 [ 2803.075061] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2803.075673] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan] [ 2803.076233] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.076650] ? do_raw_spin_lock+0x270/0x270 [ 2803.077038] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.077550] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.078017] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.078479] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.078945] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.079509] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.079984] kthread+0x2a7/0x350 [ 2803.080296] ? kthread_complete_and_exit+0x20/0x20 [ 2803.080740] ret_from_fork+0x22/0x30 [ 2803.081081] [ 2803.081299] [ 2803.081459] The buggy address belongs to the physical page: [ 2803.081960] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.082787] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.083464] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.084089] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.084791] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.085486] page dumped because: kasan: bad access detected [ 2803.086009] [ 2803.086175] Memory state around the buggy address: [ 2803.086633] ffff88805bc5bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.087290] ffff88805bc5bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.087938] >ffff88805bc5c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.088592] ^ [ 2803.088901] ffff88805bc5c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.089559] ffff88805bc5c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.090208] ================================================================== [ 2803.090906] ok 6 - kmalloc_pagealloc_invalid_free [ 2803.092814] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2803.094792] ================================================================== [ 2803.096265] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2803.096943] Read of size 1 at addr ffff888057f10000 by task kunit_try_catch/117596 [ 2803.097638] [ 2803.097801] CPU: 0 PID: 117596 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.099020] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.099552] Call Trace: [ 2803.099791] [ 2803.100004] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2803.100483] dump_stack_lvl+0x57/0x81 [ 2803.100835] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.101377] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2803.101848] print_report.cold+0x5c/0x237 [ 2803.102229] kasan_report+0xc9/0x100 [ 2803.102578] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2803.103054] pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2803.103519] ? krealloc_more_oob+0x10/0x10 [test_kasan] [ 2803.104000] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.104419] ? do_raw_spin_lock+0x270/0x270 [ 2803.104815] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.105336] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.105829] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.106333] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.106825] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.107467] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.107939] kthread+0x2a7/0x350 [ 2803.108248] ? kthread_complete_and_exit+0x20/0x20 [ 2803.108695] ret_from_fork+0x22/0x30 [ 2803.109038] [ 2803.109255] [ 2803.109421] The buggy address belongs to the physical page: [ 2803.109916] page:00000000f492f6fe refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x57f10 [ 2803.110762] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2803.111353] raw: 000fffffc0000000 ffffea0001645008 ffff88813ffd3aa0 0000000000000000 [ 2803.112042] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 2803.112733] page dumped because: kasan: bad access detected [ 2803.113234] [ 2803.113398] Memory state around the buggy address: [ 2803.113835] ffff888057f0ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.114481] ffff888057f0ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.115122] >ffff888057f10000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.115777] ^ [ 2803.116084] ffff888057f10080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.116780] ffff888057f10100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2803.117431] ================================================================== [ 2803.118196] ok 8 - pagealloc_uaf [ 2803.121798] ================================================================== [ 2803.122887] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2803.123689] Write of size 1 at addr ffff8880039d5f00 by task kunit_try_catch/117597 [ 2803.124384] [ 2803.124548] CPU: 0 PID: 117597 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.125787] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.126322] Call Trace: [ 2803.126562] [ 2803.126776] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2803.127332] dump_stack_lvl+0x57/0x81 [ 2803.127681] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.128212] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2803.128761] print_report.cold+0x5c/0x237 [ 2803.129139] kasan_report+0xc9/0x100 [ 2803.129483] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2803.130035] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2803.130575] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan] [ 2803.131052] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.131466] ? do_raw_spin_lock+0x270/0x270 [ 2803.131860] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.132375] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.132845] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.133305] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.133775] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.134340] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.134813] kthread+0x2a7/0x350 [ 2803.135149] ? kthread_complete_and_exit+0x20/0x20 [ 2803.135641] ret_from_fork+0x22/0x30 [ 2803.136023] [ 2803.136281] [ 2803.136487] Allocated by task 117597: [ 2803.136830] kasan_save_stack+0x1e/0x40 [ 2803.137188] __kasan_kmalloc+0x81/0xa0 [ 2803.137545] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan] [ 2803.138069] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.138526] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.139086] kthread+0x2a7/0x350 [ 2803.139399] ret_from_fork+0x22/0x30 [ 2803.139740] [ 2803.139900] The buggy address belongs to the object at ffff8880039d4000 [ 2803.139900] which belongs to the cache kmalloc-8k of size 8192 [ 2803.141006] The buggy address is located 7936 bytes inside of [ 2803.141006] 8192-byte region [ffff8880039d4000, ffff8880039d6000) [ 2803.142060] [ 2803.142220] The buggy address belongs to the physical page: [ 2803.142724] page:000000008d3c13ae refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x39d0 [ 2803.143549] head:000000008d3c13ae order:3 compound_mapcount:0 compound_pincount:0 [ 2803.144222] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.144894] raw: 000fffffc0010200 ffffea0000a44400 dead000000000006 ffff888100042280 [ 2803.145638] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 2803.146378] page dumped because: kasan: bad access detected [ 2803.146878] [ 2803.147038] Memory state around the buggy address: [ 2803.147488] ffff8880039d5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.148141] ffff8880039d5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.148797] >ffff8880039d5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.149465] ^ [ 2803.149773] ffff8880039d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.150431] ffff8880039d6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.151081] ================================================================== [ 2803.151889] ok 9 - kmalloc_large_oob_right [ 2803.155822] ================================================================== [ 2803.156949] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.157760] Write of size 1 at addr ffff8880022c40eb by task kunit_try_catch/117598 [ 2803.158487] [ 2803.158665] CPU: 0 PID: 117598 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.159904] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.160439] Call Trace: [ 2803.160679] [ 2803.160890] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.161462] dump_stack_lvl+0x57/0x81 [ 2803.161801] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.162348] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.162931] print_report.cold+0x5c/0x237 [ 2803.163313] kasan_report+0xc9/0x100 [ 2803.163660] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.164216] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.164763] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2803.165280] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.165720] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.166162] ? lock_acquire+0x4ea/0x620 [ 2803.166529] ? rcu_read_unlock+0x40/0x40 [ 2803.166900] ? rcu_read_unlock+0x40/0x40 [ 2803.167277] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.167747] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.168265] ? do_raw_spin_lock+0x270/0x270 [ 2803.168662] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.169231] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.169703] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.170179] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.170639] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.171111] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.171679] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.172158] kthread+0x2a7/0x350 [ 2803.172475] ? kthread_complete_and_exit+0x20/0x20 [ 2803.172924] ret_from_fork+0x22/0x30 [ 2803.173277] [ 2803.173516] [ 2803.173683] Allocated by task 117598: [ 2803.174048] kasan_save_stack+0x1e/0x40 [ 2803.174418] __kasan_krealloc+0xee/0x160 [ 2803.174785] krealloc+0x50/0xe0 [ 2803.175094] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 2803.175638] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.176094] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.176663] kthread+0x2a7/0x350 [ 2803.176975] ret_from_fork+0x22/0x30 [ 2803.177320] [ 2803.177482] Last potentially related work creation: [ 2803.177931] kasan_save_stack+0x1e/0x40 [ 2803.178301] __kasan_record_aux_stack+0x96/0xb0 [ 2803.178724] kvfree_call_rcu+0x7d/0x840 [ 2803.179089] drop_sysctl_table+0x338/0x460 [ 2803.179481] unregister_sysctl_table+0x9c/0x180 [ 2803.179911] unix_sysctl_unregister+0x58/0x80 [ 2803.180329] unix_net_exit+0xe/0x50 [ 2803.180662] ops_exit_list+0x9c/0x170 [ 2803.181012] cleanup_net+0x42b/0x9a0 [ 2803.181356] process_one_work+0x8e5/0x1520 [ 2803.181738] worker_thread+0x59e/0xf90 [ 2803.182092] kthread+0x2a7/0x350 [ 2803.182410] ret_from_fork+0x22/0x30 [ 2803.182750] [ 2803.182910] The buggy address belongs to the object at ffff8880022c4000 [ 2803.182910] which belongs to the cache kmalloc-256 of size 256 [ 2803.184024] The buggy address is located 235 bytes inside of [ 2803.184024] 256-byte region [ffff8880022c4000, ffff8880022c4100) [ 2803.185071] [ 2803.185232] The buggy address belongs to the physical page: [ 2803.185741] page:00000000cb53f0a2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c4 [ 2803.186610] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.187231] raw: 000fffffc0000200 ffffea0000578900 dead000000000003 ffff888100041b40 [ 2803.187931] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.188629] page dumped because: kasan: bad access detected [ 2803.189134] [ 2803.189298] Memory state around the buggy address: [ 2803.189740] ffff8880022c3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.190396] ffff8880022c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.191049] >ffff8880022c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 2803.191706] ^ [ 2803.192311] ffff8880022c4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.192968] ffff8880022c4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.193626] ================================================================== [ 2803.194344] ================================================================== [ 2803.195009] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.195826] Write of size 1 at addr ffff8880022c40f0 by task kunit_try_catch/117598 [ 2803.196535] [ 2803.196699] CPU: 0 PID: 117598 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.197932] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.198471] Call Trace: [ 2803.198710] [ 2803.198921] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.199482] dump_stack_lvl+0x57/0x81 [ 2803.199833] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.200373] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.200927] print_report.cold+0x5c/0x237 [ 2803.201313] kasan_report+0xc9/0x100 [ 2803.201656] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.202213] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.202765] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2803.203247] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.203692] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.204134] ? lock_acquire+0x4ea/0x620 [ 2803.204500] ? rcu_read_unlock+0x40/0x40 [ 2803.204871] ? rcu_read_unlock+0x40/0x40 [ 2803.205239] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.205689] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.206206] ? do_raw_spin_lock+0x270/0x270 [ 2803.206605] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.207168] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.207636] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.208109] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.208568] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.209040] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.209606] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.210083] kthread+0x2a7/0x350 [ 2803.210403] ? kthread_complete_and_exit+0x20/0x20 [ 2803.210853] ret_from_fork+0x22/0x30 [ 2803.211199] [ 2803.211425] [ 2803.211586] Allocated by task 117598: [ 2803.211933] kasan_save_stack+0x1e/0x40 [ 2803.212298] __kasan_krealloc+0xee/0x160 [ 2803.212664] krealloc+0x50/0xe0 [ 2803.212965] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 2803.213512] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.213965] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.214531] kthread+0x2a7/0x350 [ 2803.214841] ret_from_fork+0x22/0x30 [ 2803.215184] [ 2803.215353] Last potentially related work creation: [ 2803.215803] kasan_save_stack+0x1e/0x40 [ 2803.216160] __kasan_record_aux_stack+0x96/0xb0 [ 2803.216589] kvfree_call_rcu+0x7d/0x840 [ 2803.216954] drop_sysctl_table+0x338/0x460 [ 2803.217341] unregister_sysctl_table+0x9c/0x180 [ 2803.217768] unix_sysctl_unregister+0x58/0x80 [ 2803.218180] unix_net_exit+0xe/0x50 [ 2803.218520] ops_exit_list+0x9c/0x170 [ 2803.218867] cleanup_net+0x42b/0x9a0 [ 2803.219209] process_one_work+0x8e5/0x1520 [ 2803.219598] worker_thread+0x59e/0xf90 [ 2803.219951] kthread+0x2a7/0x350 [ 2803.220291] ret_from_fork+0x22/0x30 [ 2803.220648] [ 2803.220809] The buggy address belongs to the object at ffff8880022c4000 [ 2803.220809] which belongs to the cache kmalloc-256 of size 256 [ 2803.221915] The buggy address is located 240 bytes inside of [ 2803.221915] 256-byte region [ffff8880022c4000, ffff8880022c4100) [ 2803.222959] [ 2803.223121] The buggy address belongs to the physical page: [ 2803.223632] page:00000000cb53f0a2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c4 [ 2803.224477] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.225126] raw: 000fffffc0000200 ffffea0000578900 dead000000000003 ffff888100041b40 [ 2803.225829] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.226526] page dumped because: kasan: bad access detected [ 2803.227031] [ 2803.227191] Memory state around the buggy address: [ 2803.227634] ffff8880022c3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.228284] ffff8880022c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.228933] >ffff8880022c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 2803.229591] ^ [ 2803.230205] ffff8880022c4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.230857] ffff8880022c4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.231512] ================================================================== [ 2803.232219] ok 10 - krealloc_more_oob [ 2803.233807] ================================================================== [ 2803.234942] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.235731] Write of size 1 at addr ffff888015e246c9 by task kunit_try_catch/117599 [ 2803.236451] [ 2803.236634] CPU: 0 PID: 117599 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.237855] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.238390] Call Trace: [ 2803.238629] [ 2803.238842] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.239407] dump_stack_lvl+0x57/0x81 [ 2803.239758] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.240300] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.240850] print_report.cold+0x5c/0x237 [ 2803.241227] kasan_report+0xc9/0x100 [ 2803.241570] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.242123] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.242818] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.243318] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.243822] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.244325] ? lock_acquire+0x4ea/0x620 [ 2803.244731] ? rcu_read_unlock+0x40/0x40 [ 2803.245134] ? rcu_read_unlock+0x40/0x40 [ 2803.245535] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.246041] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.246557] ? do_raw_spin_lock+0x270/0x270 [ 2803.246948] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.247513] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.247973] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.248451] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.248908] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.249379] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.249944] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.250423] kthread+0x2a7/0x350 [ 2803.250734] ? kthread_complete_and_exit+0x20/0x20 [ 2803.251178] ret_from_fork+0x22/0x30 [ 2803.251547] [ 2803.251786] [ 2803.251948] Allocated by task 117599: [ 2803.252298] kasan_save_stack+0x1e/0x40 [ 2803.252660] __kasan_krealloc+0xee/0x160 [ 2803.253024] krealloc+0x50/0xe0 [ 2803.253333] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2803.253869] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.254329] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.254888] kthread+0x2a7/0x350 [ 2803.255197] ret_from_fork+0x22/0x30 [ 2803.255541] [ 2803.255701] Last potentially related work creation: [ 2803.256147] kasan_save_stack+0x1e/0x40 [ 2803.256509] __kasan_record_aux_stack+0x96/0xb0 [ 2803.256930] kvfree_call_rcu+0x7d/0x840 [ 2803.257296] drop_sysctl_table+0x338/0x460 [ 2803.257678] unregister_sysctl_table+0x9c/0x180 [ 2803.258098] neigh_sysctl_unregister+0x56/0x80 [ 2803.258519] inetdev_event+0xbf3/0xf40 [ 2803.258873] notifier_call_chain+0x9e/0x180 [ 2803.259270] unregister_netdevice_many+0x579/0x1210 [ 2803.259749] default_device_exit_batch+0x2b0/0x370 [ 2803.260206] cleanup_net+0x42b/0x9a0 [ 2803.260545] process_one_work+0x8e5/0x1520 [ 2803.260925] worker_thread+0x59e/0xf90 [ 2803.261283] kthread+0x2a7/0x350 [ 2803.261595] ret_from_fork+0x22/0x30 [ 2803.261932] [ 2803.262093] The buggy address belongs to the object at ffff888015e24600 [ 2803.262093] which belongs to the cache kmalloc-256 of size 256 [ 2803.263220] The buggy address is located 201 bytes inside of [ 2803.263220] 256-byte region [ffff888015e24600, ffff888015e24700) [ 2803.264263] [ 2803.264425] The buggy address belongs to the physical page: [ 2803.264968] page:00000000d2deb318 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15e24 [ 2803.265800] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.266423] raw: 000fffffc0000200 ffffea0000610140 dead000000000002 ffff888100041b40 [ 2803.267167] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.267864] page dumped because: kasan: bad access detected [ 2803.268376] [ 2803.268536] Memory state around the buggy address: [ 2803.268975] ffff888015e24580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.269630] ffff888015e24600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.270285] >ffff888015e24680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2803.270935] ^ [ 2803.271443] ffff888015e24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.272094] ffff888015e24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.272754] ================================================================== [ 2803.273443] ================================================================== [ 2803.274105] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.274898] Write of size 1 at addr ffff888015e246d0 by task kunit_try_catch/117599 [ 2803.275608] [ 2803.275790] CPU: 0 PID: 117599 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.277035] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.277593] Call Trace: [ 2803.277831] [ 2803.278042] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.278607] dump_stack_lvl+0x57/0x81 [ 2803.278960] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.279497] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.280050] print_report.cold+0x5c/0x237 [ 2803.280436] kasan_report+0xc9/0x100 [ 2803.280777] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.281339] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.281885] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.282352] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.282792] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.283233] ? lock_acquire+0x4ea/0x620 [ 2803.283599] ? rcu_read_unlock+0x40/0x40 [ 2803.283967] ? rcu_read_unlock+0x40/0x40 [ 2803.284339] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.284778] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.285300] ? do_raw_spin_lock+0x270/0x270 [ 2803.285694] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.286264] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.286763] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.287234] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.287693] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.288162] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.288726] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.289201] kthread+0x2a7/0x350 [ 2803.289517] ? kthread_complete_and_exit+0x20/0x20 [ 2803.289961] ret_from_fork+0x22/0x30 [ 2803.290310] [ 2803.290528] [ 2803.290687] Allocated by task 117599: [ 2803.291031] kasan_save_stack+0x1e/0x40 [ 2803.291395] __kasan_krealloc+0xee/0x160 [ 2803.291760] krealloc+0x50/0xe0 [ 2803.292063] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2803.292608] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.293062] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.293628] kthread+0x2a7/0x350 [ 2803.293938] ret_from_fork+0x22/0x30 [ 2803.294281] [ 2803.294444] Last potentially related work creation: [ 2803.294891] kasan_save_stack+0x1e/0x40 [ 2803.295249] __kasan_record_aux_stack+0x96/0xb0 [ 2803.295675] kvfree_call_rcu+0x7d/0x840 [ 2803.296062] drop_sysctl_table+0x338/0x460 [ 2803.296465] unregister_sysctl_table+0x9c/0x180 [ 2803.296885] neigh_sysctl_unregister+0x56/0x80 [ 2803.297305] inetdev_event+0xbf3/0xf40 [ 2803.297657] notifier_call_chain+0x9e/0x180 [ 2803.298041] unregister_netdevice_many+0x579/0x1210 [ 2803.298500] default_device_exit_batch+0x2b0/0x370 [ 2803.298946] cleanup_net+0x42b/0x9a0 [ 2803.299291] process_one_work+0x8e5/0x1520 [ 2803.299670] worker_thread+0x59e/0xf90 [ 2803.300023] kthread+0x2a7/0x350 [ 2803.300337] ret_from_fork+0x22/0x30 [ 2803.300677] [ 2803.300837] The buggy address belongs to the object at ffff888015e24600 [ 2803.300837] which belongs to the cache kmalloc-256 of size 256 [ 2803.301948] The buggy address is located 208 bytes inside of [ 2803.301948] 256-byte region [ffff888015e24600, ffff888015e24700) [ 2803.302986] [ 2803.303149] The buggy address belongs to the physical page: [ 2803.303656] page:00000000d2deb318 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15e24 [ 2803.304487] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.305106] raw: 000fffffc0000200 ffffea0000610140 dead000000000002 ffff888100041b40 [ 2803.305805] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.306523] page dumped because: kasan: bad access detected [ 2803.307069] [ 2803.307235] Memory state around the buggy address: [ 2803.307719] ffff888015e24580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.308394] ffff888015e24600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.309045] >ffff888015e24680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2803.309703] ^ [ 2803.310232] ffff888015e24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.310888] ffff888015e24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.311543] ================================================================== [ 2803.312205] ================================================================== [ 2803.312869] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.313703] Write of size 1 at addr ffff888015e246da by task kunit_try_catch/117599 [ 2803.314389] [ 2803.314551] CPU: 0 PID: 117599 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.315768] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.316300] Call Trace: [ 2803.316568] [ 2803.316779] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.317383] dump_stack_lvl+0x57/0x81 [ 2803.317728] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.318265] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.318817] print_report.cold+0x5c/0x237 [ 2803.319196] kasan_report+0xc9/0x100 [ 2803.319541] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.320093] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.320634] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.321094] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.321534] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.321974] ? lock_acquire+0x4ea/0x620 [ 2803.322338] ? rcu_read_unlock+0x40/0x40 [ 2803.322705] ? rcu_read_unlock+0x40/0x40 [ 2803.323071] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.323514] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.324022] ? do_raw_spin_lock+0x270/0x270 [ 2803.324415] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.324977] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.325440] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.325908] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.326367] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.326879] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.327442] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.327913] kthread+0x2a7/0x350 [ 2803.328222] ? kthread_complete_and_exit+0x20/0x20 [ 2803.328667] ret_from_fork+0x22/0x30 [ 2803.329011] [ 2803.329229] [ 2803.329398] Allocated by task 117599: [ 2803.329742] kasan_save_stack+0x1e/0x40 [ 2803.330101] __kasan_krealloc+0xee/0x160 [ 2803.330469] krealloc+0x50/0xe0 [ 2803.330771] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2803.331310] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.331757] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.332314] kthread+0x2a7/0x350 [ 2803.332624] ret_from_fork+0x22/0x30 [ 2803.332964] [ 2803.333126] Last potentially related work creation: [ 2803.333575] kasan_save_stack+0x1e/0x40 [ 2803.333934] __kasan_record_aux_stack+0x96/0xb0 [ 2803.334363] kvfree_call_rcu+0x7d/0x840 [ 2803.334721] drop_sysctl_table+0x338/0x460 [ 2803.335095] unregister_sysctl_table+0x9c/0x180 [ 2803.335519] neigh_sysctl_unregister+0x56/0x80 [ 2803.335974] inetdev_event+0xbf3/0xf40 [ 2803.336351] notifier_call_chain+0x9e/0x180 [ 2803.336799] unregister_netdevice_many+0x579/0x1210 [ 2803.337290] default_device_exit_batch+0x2b0/0x370 [ 2803.337734] cleanup_net+0x42b/0x9a0 [ 2803.338074] process_one_work+0x8e5/0x1520 [ 2803.338458] worker_thread+0x59e/0xf90 [ 2803.338807] kthread+0x2a7/0x350 [ 2803.339114] ret_from_fork+0x22/0x30 [ 2803.339470] [ 2803.339630] The buggy address belongs to the object at ffff888015e24600 [ 2803.339630] which belongs to the cache kmalloc-256 of size 256 [ 2803.340728] The buggy address is located 218 bytes inside of [ 2803.340728] 256-byte region [ffff888015e24600, ffff888015e24700) [ 2803.341769] [ 2803.341929] The buggy address belongs to the physical page: [ 2803.342436] page:00000000d2deb318 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15e24 [ 2803.343262] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.343876] raw: 000fffffc0000200 ffffea0000610140 dead000000000002 ffff888100041b40 [ 2803.344572] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.345262] page dumped because: kasan: bad access detected [ 2803.345764] [ 2803.345942] Memory state around the buggy address: [ 2803.346428] ffff888015e24580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.347105] ffff888015e24600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.347758] >ffff888015e24680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2803.348409] ^ [ 2803.348964] ffff888015e24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.349620] ffff888015e24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.350322] ================================================================== [ 2803.350988] ================================================================== [ 2803.351694] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.352492] Write of size 1 at addr ffff888015e246ea by task kunit_try_catch/117599 [ 2803.353179] [ 2803.353345] CPU: 0 PID: 117599 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.354563] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.355088] Call Trace: [ 2803.355330] [ 2803.355542] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.356270] dump_stack_lvl+0x57/0x81 [ 2803.356616] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.357144] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.357707] print_report.cold+0x5c/0x237 [ 2803.358087] kasan_report+0xc9/0x100 [ 2803.358438] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.358988] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.359532] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.359991] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.360435] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.360874] ? lock_acquire+0x4ea/0x620 [ 2803.361233] ? rcu_read_unlock+0x40/0x40 [ 2803.361604] ? rcu_read_unlock+0x40/0x40 [ 2803.361971] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.362412] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.362921] ? do_raw_spin_lock+0x270/0x270 [ 2803.363315] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.363917] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.364380] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.364851] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.365310] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.365776] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.366337] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.366811] kthread+0x2a7/0x350 [ 2803.367120] ? kthread_complete_and_exit+0x20/0x20 [ 2803.367573] ret_from_fork+0x22/0x30 [ 2803.367917] [ 2803.368135] [ 2803.368303] Allocated by task 117599: [ 2803.368646] kasan_save_stack+0x1e/0x40 [ 2803.369001] __kasan_krealloc+0xee/0x160 [ 2803.369370] krealloc+0x50/0xe0 [ 2803.369672] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2803.370206] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.370680] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.371262] kthread+0x2a7/0x350 [ 2803.371571] ret_from_fork+0x22/0x30 [ 2803.371936] [ 2803.372115] Last potentially related work creation: [ 2803.372566] kasan_save_stack+0x1e/0x40 [ 2803.372922] __kasan_record_aux_stack+0x96/0xb0 [ 2803.373346] kvfree_call_rcu+0x7d/0x840 [ 2803.373703] drop_sysctl_table+0x338/0x460 [ 2803.374106] unregister_sysctl_table+0x9c/0x180 [ 2803.374548] neigh_sysctl_unregister+0x56/0x80 [ 2803.374959] inetdev_event+0xbf3/0xf40 [ 2803.375315] notifier_call_chain+0x9e/0x180 [ 2803.375699] unregister_netdevice_many+0x579/0x1210 [ 2803.376148] default_device_exit_batch+0x2b0/0x370 [ 2803.376594] cleanup_net+0x42b/0x9a0 [ 2803.376930] process_one_work+0x8e5/0x1520 [ 2803.377313] worker_thread+0x59e/0xf90 [ 2803.377687] kthread+0x2a7/0x350 [ 2803.378032] ret_from_fork+0x22/0x30 [ 2803.378400] [ 2803.378560] The buggy address belongs to the object at ffff888015e24600 [ 2803.378560] which belongs to the cache kmalloc-256 of size 256 [ 2803.379681] The buggy address is located 234 bytes inside of [ 2803.379681] 256-byte region [ffff888015e24600, ffff888015e24700) [ 2803.380739] [ 2803.380899] The buggy address belongs to the physical page: [ 2803.381402] page:00000000d2deb318 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15e24 [ 2803.382231] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.382853] raw: 000fffffc0000200 ffffea0000610140 dead000000000002 ffff888100041b40 [ 2803.383554] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.384243] page dumped because: kasan: bad access detected [ 2803.384748] [ 2803.384906] Memory state around the buggy address: [ 2803.385348] ffff888015e24580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.385997] ffff888015e24600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.386691] >ffff888015e24680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2803.387341] ^ [ 2803.387930] ffff888015e24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.388584] ffff888015e24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.389229] ================================================================== [ 2803.389891] ================================================================== [ 2803.390550] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.391342] Write of size 1 at addr ffff888015e246eb by task kunit_try_catch/117599 [ 2803.392023] [ 2803.392183] CPU: 0 PID: 117599 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.393399] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.393923] Call Trace: [ 2803.394159] [ 2803.394371] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.394921] dump_stack_lvl+0x57/0x81 [ 2803.395272] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.395799] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.396394] print_report.cold+0x5c/0x237 [ 2803.396767] kasan_report+0xc9/0x100 [ 2803.397107] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.397667] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.398204] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.398669] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.399106] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.399545] ? lock_acquire+0x4ea/0x620 [ 2803.399905] ? rcu_read_unlock+0x40/0x40 [ 2803.400279] ? rcu_read_unlock+0x40/0x40 [ 2803.400647] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.401085] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.401594] ? do_raw_spin_lock+0x270/0x270 [ 2803.401985] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.402595] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.403052] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.403529] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.403981] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.404454] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.405013] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.405513] kthread+0x2a7/0x350 [ 2803.405842] ? kthread_complete_and_exit+0x20/0x20 [ 2803.406288] ret_from_fork+0x22/0x30 [ 2803.406635] [ 2803.406852] [ 2803.407011] Allocated by task 117599: [ 2803.407358] kasan_save_stack+0x1e/0x40 [ 2803.407715] __kasan_krealloc+0xee/0x160 [ 2803.408081] krealloc+0x50/0xe0 [ 2803.408389] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2803.408926] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.409383] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.409940] kthread+0x2a7/0x350 [ 2803.410250] ret_from_fork+0x22/0x30 [ 2803.410595] [ 2803.410755] Last potentially related work creation: [ 2803.411202] kasan_save_stack+0x1e/0x40 [ 2803.411566] __kasan_record_aux_stack+0x96/0xb0 [ 2803.411987] kvfree_call_rcu+0x7d/0x840 [ 2803.412350] drop_sysctl_table+0x338/0x460 [ 2803.412730] unregister_sysctl_table+0x9c/0x180 [ 2803.413152] neigh_sysctl_unregister+0x56/0x80 [ 2803.413574] inetdev_event+0xbf3/0xf40 [ 2803.413926] notifier_call_chain+0x9e/0x180 [ 2803.414319] unregister_netdevice_many+0x579/0x1210 [ 2803.414773] default_device_exit_batch+0x2b0/0x370 [ 2803.415217] cleanup_net+0x42b/0x9a0 [ 2803.415559] process_one_work+0x8e5/0x1520 [ 2803.415940] worker_thread+0x59e/0xf90 [ 2803.416295] kthread+0x2a7/0x350 [ 2803.416607] ret_from_fork+0x22/0x30 [ 2803.416946] [ 2803.417106] The buggy address belongs to the object at ffff888015e24600 [ 2803.417106] which belongs to the cache kmalloc-256 of size 256 [ 2803.418207] The buggy address is located 235 bytes inside of [ 2803.418207] 256-byte region [ffff888015e24600, ffff888015e24700) [ 2803.419242] [ 2803.419409] The buggy address belongs to the physical page: [ 2803.419912] page:00000000d2deb318 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15e24 [ 2803.420741] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.421366] raw: 000fffffc0000200 ffffea0000610140 dead000000000002 ffff888100041b40 [ 2803.422061] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.422758] page dumped because: kasan: bad access detected [ 2803.423262] [ 2803.423423] Memory state around the buggy address: [ 2803.423862] ffff888015e24580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.424520] ffff888015e24600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.425174] >ffff888015e24680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2803.425867] ^ [ 2803.426466] ffff888015e24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.427122] ffff888015e24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.427774] ================================================================== [ 2803.428578] ok 11 - krealloc_less_oob [ 2803.430768] ================================================================== [ 2803.431841] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.432631] Write of size 1 at addr ffff88805bc5e0eb by task kunit_try_catch/117600 [ 2803.433319] [ 2803.433480] CPU: 0 PID: 117600 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.434807] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.435355] Call Trace: [ 2803.435602] [ 2803.435819] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.436392] dump_stack_lvl+0x57/0x81 [ 2803.436750] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.437303] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.437871] print_report.cold+0x5c/0x237 [ 2803.438265] kasan_report+0xc9/0x100 [ 2803.438618] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.439191] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2803.439755] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2803.440250] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.440706] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.441156] ? lock_acquire+0x4ea/0x620 [ 2803.441530] ? rcu_read_unlock+0x40/0x40 [ 2803.441906] ? rcu_read_unlock+0x40/0x40 [ 2803.442289] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.442739] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.443268] ? do_raw_spin_lock+0x270/0x270 [ 2803.443668] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.444247] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.444723] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.445205] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.445676] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.446176] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.446778] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.447269] kthread+0x2a7/0x350 [ 2803.447587] ? kthread_complete_and_exit+0x20/0x20 [ 2803.448045] ret_from_fork+0x22/0x30 [ 2803.448404] [ 2803.448627] [ 2803.448791] The buggy address belongs to the physical page: [ 2803.449317] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.450172] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.450867] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.451509] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.452220] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.452937] page dumped because: kasan: bad access detected [ 2803.453461] [ 2803.453625] Memory state around the buggy address: [ 2803.454076] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.454798] ffff88805bc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.455470] >ffff88805bc5e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 2803.456130] ^ [ 2803.456748] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.457421] ffff88805bc5e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.458086] ================================================================== [ 2803.458832] ================================================================== [ 2803.459517] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.460320] Write of size 1 at addr ffff88805bc5e0f0 by task kunit_try_catch/117600 [ 2803.461025] [ 2803.461192] CPU: 0 PID: 117600 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.462453] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.462993] Call Trace: [ 2803.463236] [ 2803.463459] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.464032] dump_stack_lvl+0x57/0x81 [ 2803.464399] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.464944] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.465518] print_report.cold+0x5c/0x237 [ 2803.465905] kasan_report+0xc9/0x100 [ 2803.466263] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.466829] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2803.467388] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2803.467929] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.468381] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.468845] ? lock_acquire+0x4ea/0x620 [ 2803.469217] ? rcu_read_unlock+0x40/0x40 [ 2803.469601] ? rcu_read_unlock+0x40/0x40 [ 2803.469983] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.470442] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.470967] ? do_raw_spin_lock+0x270/0x270 [ 2803.471375] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.471955] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.472434] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.472922] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.473395] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.473877] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.474457] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.474948] kthread+0x2a7/0x350 [ 2803.475270] ? kthread_complete_and_exit+0x20/0x20 [ 2803.475727] ret_from_fork+0x22/0x30 [ 2803.476082] [ 2803.476310] [ 2803.476486] The buggy address belongs to the physical page: [ 2803.477009] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.477865] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.478563] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.479199] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.479966] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.480687] page dumped because: kasan: bad access detected [ 2803.481205] [ 2803.481374] Memory state around the buggy address: [ 2803.481826] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.482499] ffff88805bc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.483164] >ffff88805bc5e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 2803.483836] ^ [ 2803.484475] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.485188] ffff88805bc5e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.485864] ================================================================== [ 2803.486610] ok 12 - krealloc_pagealloc_more_oob [ 2803.488765] ================================================================== [ 2803.489994] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.490829] Write of size 1 at addr ffff88805bc5e0c9 by task kunit_try_catch/117601 [ 2803.491569] [ 2803.491751] CPU: 0 PID: 117601 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.493041] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.493578] Call Trace: [ 2803.493819] [ 2803.494031] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.494599] dump_stack_lvl+0x57/0x81 [ 2803.494949] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.495510] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.496127] print_report.cold+0x5c/0x237 [ 2803.496535] kasan_report+0xc9/0x100 [ 2803.496913] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.497491] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2803.498089] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.498584] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.499038] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.499508] ? lock_acquire+0x4ea/0x620 [ 2803.499894] ? rcu_read_unlock+0x40/0x40 [ 2803.500310] ? rcu_read_unlock+0x40/0x40 [ 2803.500716] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.501232] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.501770] ? do_raw_spin_lock+0x270/0x270 [ 2803.502189] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.502825] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.503318] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.503809] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.504289] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.504777] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.505372] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.505875] kthread+0x2a7/0x350 [ 2803.506199] ? kthread_complete_and_exit+0x20/0x20 [ 2803.506699] ret_from_fork+0x22/0x30 [ 2803.507056] [ 2803.507289] [ 2803.507456] The buggy address belongs to the physical page: [ 2803.507977] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.508838] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.509545] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.510191] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.510918] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.511647] page dumped because: kasan: bad access detected [ 2803.512171] [ 2803.512343] Memory state around the buggy address: [ 2803.512806] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.513487] ffff88805bc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.514162] >ffff88805bc5e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2803.514842] ^ [ 2803.515370] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.516040] ffff88805bc5e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.516713] ================================================================== [ 2803.517420] ================================================================== [ 2803.518106] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.518924] Write of size 1 at addr ffff88805bc5e0d0 by task kunit_try_catch/117601 [ 2803.519644] [ 2803.519810] CPU: 0 PID: 117601 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.521076] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.521624] Call Trace: [ 2803.521870] [ 2803.522089] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.522666] dump_stack_lvl+0x57/0x81 [ 2803.523026] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.523582] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.524157] print_report.cold+0x5c/0x237 [ 2803.524555] kasan_report+0xc9/0x100 [ 2803.524908] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.525488] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2803.526049] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.526536] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.526992] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.527454] ? lock_acquire+0x4ea/0x620 [ 2803.527872] ? rcu_read_unlock+0x40/0x40 [ 2803.528253] ? rcu_read_unlock+0x40/0x40 [ 2803.528638] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.529094] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.529633] ? do_raw_spin_lock+0x270/0x270 [ 2803.530038] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.530650] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.531147] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.531640] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.532133] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.532647] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.533226] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.533722] kthread+0x2a7/0x350 [ 2803.534045] ? kthread_complete_and_exit+0x20/0x20 [ 2803.534511] ret_from_fork+0x22/0x30 [ 2803.534896] [ 2803.535140] [ 2803.535312] The buggy address belongs to the physical page: [ 2803.535831] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.536694] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.537396] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.538036] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.538757] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.539484] page dumped because: kasan: bad access detected [ 2803.540004] [ 2803.540172] Memory state around the buggy address: [ 2803.540630] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.541307] ffff88805bc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.541980] >ffff88805bc5e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2803.542654] ^ [ 2803.543204] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.543881] ffff88805bc5e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.544555] ================================================================== [ 2803.545250] ================================================================== [ 2803.545943] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.546810] Write of size 1 at addr ffff88805bc5e0da by task kunit_try_catch/117601 [ 2803.547530] [ 2803.547698] CPU: 0 PID: 117601 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.548961] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.549512] Call Trace: [ 2803.549757] [ 2803.549976] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.550548] dump_stack_lvl+0x57/0x81 [ 2803.550908] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.551463] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.552033] print_report.cold+0x5c/0x237 [ 2803.552428] kasan_report+0xc9/0x100 [ 2803.552790] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.553374] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2803.553932] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.554414] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.554868] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.555329] ? lock_acquire+0x4ea/0x620 [ 2803.555705] ? rcu_read_unlock+0x40/0x40 [ 2803.556089] ? rcu_read_unlock+0x40/0x40 [ 2803.556478] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.556933] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.557467] ? do_raw_spin_lock+0x270/0x270 [ 2803.557874] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.558458] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.558937] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.559433] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.559903] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.560392] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.560971] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.561471] kthread+0x2a7/0x350 [ 2803.561792] ? kthread_complete_and_exit+0x20/0x20 [ 2803.562252] ret_from_fork+0x22/0x30 [ 2803.562619] [ 2803.562845] [ 2803.563013] The buggy address belongs to the physical page: [ 2803.563538] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.564392] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.565088] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.565731] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.566458] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.567173] page dumped because: kasan: bad access detected [ 2803.567714] [ 2803.567881] Memory state around the buggy address: [ 2803.568348] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.569021] ffff88805bc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.569691] >ffff88805bc5e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2803.570370] ^ [ 2803.570942] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.571646] ffff88805bc5e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.572431] ================================================================== [ 2803.573205] ================================================================== [ 2803.573914] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.574747] Write of size 1 at addr ffff88805bc5e0ea by task kunit_try_catch/117601 [ 2803.575467] [ 2803.575646] CPU: 0 PID: 117601 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.576904] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.577456] Call Trace: [ 2803.577716] [ 2803.577928] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.578517] dump_stack_lvl+0x57/0x81 [ 2803.578881] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.579437] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.580006] print_report.cold+0x5c/0x237 [ 2803.580389] kasan_report+0xc9/0x100 [ 2803.580735] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.581314] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2803.581916] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.582375] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.582813] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.583250] ? lock_acquire+0x4ea/0x620 [ 2803.583618] ? rcu_read_unlock+0x40/0x40 [ 2803.583987] ? rcu_read_unlock+0x40/0x40 [ 2803.584358] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.584815] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.585357] ? do_raw_spin_lock+0x270/0x270 [ 2803.585748] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.586317] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.586778] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.587251] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.587698] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.588170] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.588759] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.589266] kthread+0x2a7/0x350 [ 2803.589588] ? kthread_complete_and_exit+0x20/0x20 [ 2803.590019] ret_from_fork+0x22/0x30 [ 2803.590361] [ 2803.590573] [ 2803.590751] The buggy address belongs to the physical page: [ 2803.591258] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.592116] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.592836] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.593487] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.594245] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.594964] page dumped because: kasan: bad access detected [ 2803.595500] [ 2803.595676] Memory state around the buggy address: [ 2803.596114] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.596818] ffff88805bc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.597487] >ffff88805bc5e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2803.598140] ^ [ 2803.598733] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.599386] ffff88805bc5e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.600031] ================================================================== [ 2803.600697] ================================================================== [ 2803.601361] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.602144] Write of size 1 at addr ffff88805bc5e0eb by task kunit_try_catch/117601 [ 2803.602838] [ 2803.602998] CPU: 0 PID: 117601 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.604215] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.604742] Call Trace: [ 2803.604981] [ 2803.605192] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.605749] dump_stack_lvl+0x57/0x81 [ 2803.606093] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.606629] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.607179] print_report.cold+0x5c/0x237 [ 2803.607564] kasan_report+0xc9/0x100 [ 2803.607908] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.608470] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2803.609012] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2803.609478] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.609917] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.610361] ? lock_acquire+0x4ea/0x620 [ 2803.610723] ? rcu_read_unlock+0x40/0x40 [ 2803.611092] ? rcu_read_unlock+0x40/0x40 [ 2803.611464] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.611903] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.612422] ? do_raw_spin_lock+0x270/0x270 [ 2803.612816] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2803.613384] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.613849] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.614325] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.614787] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.615274] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.615836] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.616315] kthread+0x2a7/0x350 [ 2803.616626] ? kthread_complete_and_exit+0x20/0x20 [ 2803.617070] ret_from_fork+0x22/0x30 [ 2803.617420] [ 2803.617638] [ 2803.617799] The buggy address belongs to the physical page: [ 2803.618309] page:000000009deac59a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5bc5c [ 2803.619133] head:000000009deac59a order:2 compound_mapcount:0 compound_pincount:0 [ 2803.619807] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.620429] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2803.621125] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2803.621825] page dumped because: kasan: bad access detected [ 2803.622331] [ 2803.622491] Memory state around the buggy address: [ 2803.622930] ffff88805bc5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.623586] ffff88805bc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.624234] >ffff88805bc5e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2803.624884] ^ [ 2803.625482] ffff88805bc5e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.626131] ffff88805bc5e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2803.626781] ================================================================== [ 2803.627667] ok 13 - krealloc_pagealloc_less_oob [ 2803.629757] ================================================================== [ 2803.630906] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2803.631579] Read of size 1 at addr ffff8881089f8600 by task kunit_try_catch/117602 [ 2803.632266] [ 2803.632429] CPU: 0 PID: 117602 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.633701] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.634225] Call Trace: [ 2803.634468] [ 2803.634680] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2803.635204] dump_stack_lvl+0x57/0x81 [ 2803.635584] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.636128] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2803.636615] print_report.cold+0x5c/0x237 [ 2803.637003] kasan_report+0xc9/0x100 [ 2803.637360] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2803.637836] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2803.638317] __kasan_check_byte+0x36/0x50 [ 2803.638704] krealloc+0x2e/0xe0 [ 2803.639019] krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2803.639490] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 2803.640101] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.640562] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.641015] ? lock_acquire+0x4ea/0x620 [ 2803.641393] ? rcu_read_unlock+0x40/0x40 [ 2803.641775] ? rcu_read_unlock+0x40/0x40 [ 2803.642154] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.642613] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.643144] ? do_raw_spin_lock+0x270/0x270 [ 2803.643556] ? trace_hardirqs_on+0x2d/0x160 [ 2803.643960] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.644443] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.644929] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.645404] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.645888] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.646472] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.647006] kthread+0x2a7/0x350 [ 2803.647330] ? kthread_complete_and_exit+0x20/0x20 [ 2803.647790] ret_from_fork+0x22/0x30 [ 2803.648146] [ 2803.648376] [ 2803.648541] Allocated by task 117602: [ 2803.648921] kasan_save_stack+0x1e/0x40 [ 2803.649312] __kasan_kmalloc+0x81/0xa0 [ 2803.649674] krealloc_uaf+0xaa/0x450 [test_kasan] [ 2803.650127] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.650598] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.651174] kthread+0x2a7/0x350 [ 2803.651500] ret_from_fork+0x22/0x30 [ 2803.651850] [ 2803.652015] Freed by task 117602: [ 2803.652346] kasan_save_stack+0x1e/0x40 [ 2803.652715] kasan_set_track+0x21/0x30 [ 2803.653075] kasan_set_free_info+0x20/0x40 [ 2803.653474] __kasan_slab_free+0x108/0x170 [ 2803.653867] slab_free_freelist_hook+0x11d/0x1d0 [ 2803.654321] kfree+0xe2/0x3c0 [ 2803.654620] krealloc_uaf+0x147/0x450 [test_kasan] [ 2803.655078] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.655548] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.656122] kthread+0x2a7/0x350 [ 2803.656448] ret_from_fork+0x22/0x30 [ 2803.656797] [ 2803.656963] The buggy address belongs to the object at ffff8881089f8600 [ 2803.656963] which belongs to the cache kmalloc-256 of size 256 [ 2803.658099] The buggy address is located 0 bytes inside of [ 2803.658099] 256-byte region [ffff8881089f8600, ffff8881089f8700) [ 2803.659155] [ 2803.659326] The buggy address belongs to the physical page: [ 2803.659844] page:000000005735f088 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1089f8 [ 2803.660709] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2803.661360] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40 [ 2803.662076] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.662840] page dumped because: kasan: bad access detected [ 2803.663389] [ 2803.663562] Memory state around the buggy address: [ 2803.664037] ffff8881089f8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.664742] ffff8881089f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.665442] >ffff8881089f8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.666142] ^ [ 2803.666478] ffff8881089f8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.667177] ffff8881089f8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.667880] ================================================================== [ 2803.668695] ================================================================== [ 2803.669413] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan] [ 2803.670137] Read of size 1 at addr ffff8881089f8600 by task kunit_try_catch/117602 [ 2803.670925] [ 2803.671097] CPU: 0 PID: 117602 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.672413] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.672981] Call Trace: [ 2803.673239] [ 2803.673473] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2803.673974] dump_stack_lvl+0x57/0x81 [ 2803.674353] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.674926] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2803.675432] print_report.cold+0x5c/0x237 [ 2803.675838] kasan_report+0xc9/0x100 [ 2803.676208] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2803.676713] krealloc_uaf+0x42e/0x450 [test_kasan] [ 2803.677197] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 2803.677835] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.678312] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.678786] ? lock_acquire+0x4ea/0x620 [ 2803.679176] ? rcu_read_unlock+0x40/0x40 [ 2803.679578] ? rcu_read_unlock+0x40/0x40 [ 2803.679976] ? rcu_read_lock_sched_held+0x12/0x80 [ 2803.680459] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.681012] ? do_raw_spin_lock+0x270/0x270 [ 2803.681439] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit] [ 2803.682054] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.682555] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.683064] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.683564] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.684071] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.684681] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.685220] kthread+0x2a7/0x350 [ 2803.685581] ? kthread_complete_and_exit+0x20/0x20 [ 2803.686062] ret_from_fork+0x22/0x30 [ 2803.686442] [ 2803.686678] [ 2803.686851] Allocated by task 117602: [ 2803.687226] kasan_save_stack+0x1e/0x40 [ 2803.687619] __kasan_kmalloc+0x81/0xa0 [ 2803.688000] krealloc_uaf+0xaa/0x450 [test_kasan] [ 2803.688482] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.688974] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.689584] kthread+0x2a7/0x350 [ 2803.689919] ret_from_fork+0x22/0x30 [ 2803.690290] [ 2803.690464] Freed by task 117602: [ 2803.690804] kasan_save_stack+0x1e/0x40 [ 2803.691190] kasan_set_track+0x21/0x30 [ 2803.691576] kasan_set_free_info+0x20/0x40 [ 2803.691985] __kasan_slab_free+0x108/0x170 [ 2803.692402] slab_free_freelist_hook+0x11d/0x1d0 [ 2803.692869] kfree+0xe2/0x3c0 [ 2803.693180] krealloc_uaf+0x147/0x450 [test_kasan] [ 2803.693669] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.694159] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.694767] kthread+0x2a7/0x350 [ 2803.695102] ret_from_fork+0x22/0x30 [ 2803.695473] [ 2803.695646] The buggy address belongs to the object at ffff8881089f8600 [ 2803.695646] which belongs to the cache kmalloc-256 of size 256 [ 2803.696908] The buggy address is located 0 bytes inside of [ 2803.696908] 256-byte region [ffff8881089f8600, ffff8881089f8700) [ 2803.698044] [ 2803.698219] The buggy address belongs to the physical page: [ 2803.698768] page:000000005735f088 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1089f8 [ 2803.699675] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2803.700358] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40 [ 2803.701112] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2803.701866] page dumped because: kasan: bad access detected [ 2803.702417] [ 2803.702591] Memory state around the buggy address: [ 2803.703068] ffff8881089f8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.703777] ffff8881089f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.704487] >ffff8881089f8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.705189] ^ [ 2803.705528] ffff8881089f8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.706233] ffff8881089f8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.706942] ================================================================== [ 2803.707750] ok 14 - krealloc_uaf [ 2803.709761] ================================================================== [ 2803.710880] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2803.711650] Write of size 16 at addr ffff888041ef0240 by task kunit_try_catch/117603 [ 2803.712403] [ 2803.712578] CPU: 0 PID: 117603 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.713901] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.714479] Call Trace: [ 2803.714737] [ 2803.714966] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2803.715486] dump_stack_lvl+0x57/0x81 [ 2803.715861] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.716445] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2803.716959] print_report.cold+0x5c/0x237 [ 2803.717371] kasan_report+0xc9/0x100 [ 2803.717740] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2803.718261] kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2803.718760] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan] [ 2803.719276] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.719719] ? do_raw_spin_lock+0x270/0x270 [ 2803.720141] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.720697] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.721194] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.721704] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.722194] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.722700] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.723311] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.723824] kthread+0x2a7/0x350 [ 2803.724159] ? kthread_complete_and_exit+0x20/0x20 [ 2803.724643] ret_from_fork+0x22/0x30 [ 2803.725014] [ 2803.725248] [ 2803.725425] Allocated by task 117603: [ 2803.725796] kasan_save_stack+0x1e/0x40 [ 2803.726183] __kasan_kmalloc+0x81/0xa0 [ 2803.726564] kmalloc_oob_16+0xa4/0x3b0 [test_kasan] [ 2803.727059] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.727552] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.728150] kthread+0x2a7/0x350 [ 2803.728488] ret_from_fork+0x22/0x30 [ 2803.728850] [ 2803.729022] The buggy address belongs to the object at ffff888041ef0240 [ 2803.729022] which belongs to the cache kmalloc-16 of size 16 [ 2803.730190] The buggy address is located 0 bytes inside of [ 2803.730190] 16-byte region [ffff888041ef0240, ffff888041ef0250) [ 2803.731287] [ 2803.731459] The buggy address belongs to the physical page: [ 2803.732001] page:000000001d378e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41ef0 [ 2803.732898] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.733567] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2803.734321] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2803.735063] page dumped because: kasan: bad access detected [ 2803.735650] [ 2803.735822] Memory state around the buggy address: [ 2803.736300] ffff888041ef0100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2803.737004] ffff888041ef0180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2803.737707] >ffff888041ef0200: 00 00 fc fc 00 00 fc fc 00 05 fc fc fa fb fc fc [ 2803.738409] ^ [ 2803.738951] ffff888041ef0280: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2803.739657] ffff888041ef0300: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 2803.740364] ================================================================== [ 2803.741431] ok 15 - kmalloc_oob_16 [ 2803.742768] ================================================================== [ 2803.743904] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2803.744645] Read of size 16 at addr ffff888041ef0a60 by task kunit_try_catch/117604 [ 2803.745439] [ 2803.745614] CPU: 0 PID: 117604 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.746952] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.747551] Call Trace: [ 2803.747808] [ 2803.748036] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2803.748555] dump_stack_lvl+0x57/0x81 [ 2803.748930] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.749511] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2803.750022] print_report.cold+0x5c/0x237 [ 2803.750433] kasan_report+0xc9/0x100 [ 2803.750801] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2803.751319] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2803.751817] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan] [ 2803.752313] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.752758] ? do_raw_spin_lock+0x270/0x270 [ 2803.753179] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.753735] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.754231] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.754749] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.755239] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.755749] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.756359] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.756869] kthread+0x2a7/0x350 [ 2803.757204] ? kthread_complete_and_exit+0x20/0x20 [ 2803.757692] ret_from_fork+0x22/0x30 [ 2803.758063] [ 2803.758303] [ 2803.758476] Allocated by task 117604: [ 2803.758849] kasan_save_stack+0x1e/0x40 [ 2803.759232] __kasan_kmalloc+0x81/0xa0 [ 2803.759615] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan] [ 2803.760110] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.760602] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.761204] kthread+0x2a7/0x350 [ 2803.761546] ret_from_fork+0x22/0x30 [ 2803.761912] [ 2803.762086] Freed by task 117604: [ 2803.762430] kasan_save_stack+0x1e/0x40 [ 2803.762816] kasan_set_track+0x21/0x30 [ 2803.763195] kasan_set_free_info+0x20/0x40 [ 2803.763609] __kasan_slab_free+0x108/0x170 [ 2803.764019] slab_free_freelist_hook+0x11d/0x1d0 [ 2803.764490] kfree+0xe2/0x3c0 [ 2803.764803] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan] [ 2803.765302] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.765788] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.766395] kthread+0x2a7/0x350 [ 2803.766730] ret_from_fork+0x22/0x30 [ 2803.767094] [ 2803.767280] The buggy address belongs to the object at ffff888041ef0a60 [ 2803.767280] which belongs to the cache kmalloc-16 of size 16 [ 2803.768453] The buggy address is located 0 bytes inside of [ 2803.768453] 16-byte region [ffff888041ef0a60, ffff888041ef0a70) [ 2803.769556] [ 2803.769729] The buggy address belongs to the physical page: [ 2803.770275] page:000000001d378e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41ef0 [ 2803.771170] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.771845] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2803.772600] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2803.773352] page dumped because: kasan: bad access detected [ 2803.773895] [ 2803.774068] Memory state around the buggy address: [ 2803.774548] ffff888041ef0900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2803.775248] ffff888041ef0980: 00 00 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2803.775956] >ffff888041ef0a00: 00 00 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2803.776663] ^ [ 2803.777291] ffff888041ef0a80: 00 00 fc fc fa fb fc fc 00 00 fc fc fb fb fc fc [ 2803.777993] ffff888041ef0b00: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2803.778699] ================================================================== [ 2803.779470] ok 16 - kmalloc_uaf_16 [ 2803.780775] ================================================================== [ 2803.781903] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2803.782729] Write of size 128 at addr ffff8881024e7100 by task kunit_try_catch/117605 [ 2803.783486] [ 2803.783660] CPU: 0 PID: 117605 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.784969] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.785563] Call Trace: [ 2803.785835] [ 2803.786061] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2803.786637] dump_stack_lvl+0x57/0x81 [ 2803.787010] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.787583] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2803.788153] print_report.cold+0x5c/0x237 [ 2803.788563] kasan_report+0xc9/0x100 [ 2803.788930] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2803.789507] kasan_check_range+0xfd/0x1e0 [ 2803.789909] memset+0x20/0x50 [ 2803.790224] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2803.790779] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan] [ 2803.791351] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.791795] ? do_raw_spin_lock+0x270/0x270 [ 2803.792218] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.792774] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.793273] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.793778] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.794270] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.794774] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.795379] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.795888] kthread+0x2a7/0x350 [ 2803.796222] ? kthread_complete_and_exit+0x20/0x20 [ 2803.796703] ret_from_fork+0x22/0x30 [ 2803.797094] [ 2803.797340] [ 2803.797529] Allocated by task 117605: [ 2803.797897] kasan_save_stack+0x1e/0x40 [ 2803.798283] __kasan_kmalloc+0x81/0xa0 [ 2803.798660] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan] [ 2803.799198] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.799689] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.800292] kthread+0x2a7/0x350 [ 2803.800626] ret_from_fork+0x22/0x30 [ 2803.800990] [ 2803.801162] Last potentially related work creation: [ 2803.801649] kasan_save_stack+0x1e/0x40 [ 2803.802035] __kasan_record_aux_stack+0x96/0xb0 [ 2803.802490] insert_work+0x47/0x310 [ 2803.802846] __queue_work+0x4dd/0xd60 [ 2803.803215] rcu_work_rcufn+0x42/0x70 [ 2803.803590] rcu_do_batch+0x3c5/0xdc0 [ 2803.803962] rcu_core+0x3de/0x5a0 [ 2803.804306] __do_softirq+0x2d3/0x9a8 [ 2803.804676] [ 2803.804849] Second to last potentially related work creation: [ 2803.805417] kasan_save_stack+0x1e/0x40 [ 2803.805801] __kasan_record_aux_stack+0x96/0xb0 [ 2803.806257] call_rcu+0xee/0x890 [ 2803.806592] queue_rcu_work+0x5a/0x70 [ 2803.806963] writeback_sb_inodes+0x373/0xd00 [ 2803.807400] wb_writeback+0x25a/0xa10 [ 2803.807769] wb_do_writeback+0x1dd/0x8a0 [ 2803.808163] wb_workfn+0x12c/0x670 [ 2803.808517] process_one_work+0x8e5/0x1520 [ 2803.808925] worker_thread+0x59e/0xf90 [ 2803.809306] kthread+0x2a7/0x350 [ 2803.809640] ret_from_fork+0x22/0x30 [ 2803.810005] [ 2803.810176] The buggy address belongs to the object at ffff8881024e7100 [ 2803.810176] which belongs to the cache kmalloc-128 of size 128 [ 2803.811359] The buggy address is located 0 bytes inside of [ 2803.811359] 128-byte region [ffff8881024e7100, ffff8881024e7180) [ 2803.812455] [ 2803.812626] The buggy address belongs to the physical page: [ 2803.813166] page:00000000d6a4db90 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e7 [ 2803.814068] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2803.814776] raw: 0017ffffc0000200 ffffea000010e940 dead000000000002 ffff8881000418c0 [ 2803.815525] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2803.816267] page dumped because: kasan: bad access detected [ 2803.816808] [ 2803.816979] Memory state around the buggy address: [ 2803.817457] ffff8881024e7000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.818156] ffff8881024e7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.818856] >ffff8881024e7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2803.819556] ^ [ 2803.820249] ffff8881024e7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.820954] ffff8881024e7200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.821653] ================================================================== [ 2803.822403] ok 17 - kmalloc_oob_in_memset [ 2803.823776] ================================================================== [ 2803.824982] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2803.825800] Write of size 2 at addr ffff8881024e7377 by task kunit_try_catch/117606 [ 2803.826550] [ 2803.826725] CPU: 0 PID: 117606 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.828045] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.828622] Call Trace: [ 2803.828881] [ 2803.829111] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2803.829683] dump_stack_lvl+0x57/0x81 [ 2803.830060] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.830639] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2803.831204] print_report.cold+0x5c/0x237 [ 2803.831615] kasan_report+0xc9/0x100 [ 2803.831984] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2803.832556] kasan_check_range+0xfd/0x1e0 [ 2803.832961] memset+0x20/0x50 [ 2803.833280] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2803.833825] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan] [ 2803.834394] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.834838] ? do_raw_spin_lock+0x270/0x270 [ 2803.835264] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.835863] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.836364] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.836875] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.837373] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.837879] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.838488] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.839005] kthread+0x2a7/0x350 [ 2803.839347] ? kthread_complete_and_exit+0x20/0x20 [ 2803.839829] ret_from_fork+0x22/0x30 [ 2803.840202] [ 2803.840445] [ 2803.840619] Allocated by task 117606: [ 2803.840995] kasan_save_stack+0x1e/0x40 [ 2803.841394] __kasan_kmalloc+0x81/0xa0 [ 2803.841777] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan] [ 2803.842319] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.842814] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.843427] kthread+0x2a7/0x350 [ 2803.843764] ret_from_fork+0x22/0x30 [ 2803.844130] [ 2803.844313] Last potentially related work creation: [ 2803.844800] kasan_save_stack+0x1e/0x40 [ 2803.845190] __kasan_record_aux_stack+0x96/0xb0 [ 2803.845654] insert_work+0x47/0x310 [ 2803.846014] __queue_work+0x4dd/0xd60 [ 2803.846394] rcu_work_rcufn+0x42/0x70 [ 2803.846769] rcu_do_batch+0x3c5/0xdc0 [ 2803.847162] rcu_core+0x3de/0x5a0 [ 2803.847542] __do_softirq+0x2d3/0x9a8 [ 2803.847914] [ 2803.848087] Second to last potentially related work creation: [ 2803.848659] kasan_save_stack+0x1e/0x40 [ 2803.849049] __kasan_record_aux_stack+0x96/0xb0 [ 2803.849511] call_rcu+0xee/0x890 [ 2803.849847] queue_rcu_work+0x5a/0x70 [ 2803.850221] writeback_sb_inodes+0x373/0xd00 [ 2803.850666] wb_writeback+0x25a/0xa10 [ 2803.851043] wb_do_writeback+0x1dd/0x8a0 [ 2803.851448] wb_workfn+0x12c/0x670 [ 2803.851802] process_one_work+0x8e5/0x1520 [ 2803.852213] worker_thread+0x59e/0xf90 [ 2803.852600] kthread+0x2a7/0x350 [ 2803.852936] ret_from_fork+0x22/0x30 [ 2803.853309] [ 2803.853484] The buggy address belongs to the object at ffff8881024e7300 [ 2803.853484] which belongs to the cache kmalloc-128 of size 128 [ 2803.854685] The buggy address is located 119 bytes inside of [ 2803.854685] 128-byte region [ffff8881024e7300, ffff8881024e7380) [ 2803.855815] [ 2803.855990] The buggy address belongs to the physical page: [ 2803.856539] page:00000000d6a4db90 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e7 [ 2803.857450] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2803.858132] raw: 0017ffffc0000200 ffffea000010e940 dead000000000002 ffff8881000418c0 [ 2803.858890] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2803.859650] page dumped because: kasan: bad access detected [ 2803.860196] [ 2803.860375] Memory state around the buggy address: [ 2803.860852] ffff8881024e7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.861563] ffff8881024e7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.862274] >ffff8881024e7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2803.862979] ^ [ 2803.863683] ffff8881024e7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.864398] ffff8881024e7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.865106] ================================================================== [ 2803.866045] ok 18 - kmalloc_oob_memset_2 [ 2803.867799] ================================================================== [ 2803.868987] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2803.869809] Write of size 4 at addr ffff8880043a5d75 by task kunit_try_catch/117607 [ 2803.870564] [ 2803.870738] CPU: 0 PID: 117607 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.872048] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.872620] Call Trace: [ 2803.872878] [ 2803.873107] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2803.873679] dump_stack_lvl+0x57/0x81 [ 2803.874056] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.874632] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2803.875195] print_report.cold+0x5c/0x237 [ 2803.875607] kasan_report+0xc9/0x100 [ 2803.875973] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2803.876596] kasan_check_range+0xfd/0x1e0 [ 2803.877031] memset+0x20/0x50 [ 2803.877351] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2803.877910] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan] [ 2803.878516] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.878964] ? do_raw_spin_lock+0x270/0x270 [ 2803.879439] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.879984] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.880484] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.880987] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.881478] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.881978] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.882579] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.883087] kthread+0x2a7/0x350 [ 2803.883424] ? kthread_complete_and_exit+0x20/0x20 [ 2803.883899] ret_from_fork+0x22/0x30 [ 2803.884271] [ 2803.884504] [ 2803.884675] Allocated by task 117607: [ 2803.885044] kasan_save_stack+0x1e/0x40 [ 2803.885433] __kasan_kmalloc+0x81/0xa0 [ 2803.885835] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan] [ 2803.886385] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.886867] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.887468] kthread+0x2a7/0x350 [ 2803.887800] ret_from_fork+0x22/0x30 [ 2803.888163] [ 2803.888339] The buggy address belongs to the object at ffff8880043a5d00 [ 2803.888339] which belongs to the cache kmalloc-128 of size 128 [ 2803.889522] The buggy address is located 117 bytes inside of [ 2803.889522] 128-byte region [ffff8880043a5d00, ffff8880043a5d80) [ 2803.890639] [ 2803.890812] The buggy address belongs to the physical page: [ 2803.891357] page:000000004e72d89e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43a5 [ 2803.892237] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.892906] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 2803.893658] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2803.894408] page dumped because: kasan: bad access detected [ 2803.894948] [ 2803.895120] Memory state around the buggy address: [ 2803.895597] ffff8880043a5c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.896301] ffff8880043a5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.897000] >ffff8880043a5d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2803.897746] ^ [ 2803.898442] ffff8880043a5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.899138] ffff8880043a5e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.899842] ================================================================== [ 2803.900633] ok 19 - kmalloc_oob_memset_4 [ 2803.901787] ================================================================== [ 2803.902983] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2803.903794] Write of size 8 at addr ffff8880043a5271 by task kunit_try_catch/117608 [ 2803.904537] [ 2803.904711] CPU: 0 PID: 117608 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.906022] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.906594] Call Trace: [ 2803.906851] [ 2803.907078] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2803.907645] dump_stack_lvl+0x57/0x81 [ 2803.908019] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.908592] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2803.909155] print_report.cold+0x5c/0x237 [ 2803.909566] kasan_report+0xc9/0x100 [ 2803.909933] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2803.910505] kasan_check_range+0xfd/0x1e0 [ 2803.910907] memset+0x20/0x50 [ 2803.911247] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2803.911808] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan] [ 2803.912380] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.912825] ? do_raw_spin_lock+0x270/0x270 [ 2803.913246] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.913801] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.914302] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.914815] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.915307] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.915811] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.916419] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.916931] kthread+0x2a7/0x350 [ 2803.917271] ? kthread_complete_and_exit+0x20/0x20 [ 2803.917753] ret_from_fork+0x22/0x30 [ 2803.918126] [ 2803.918365] [ 2803.918539] Allocated by task 117608: [ 2803.918909] kasan_save_stack+0x1e/0x40 [ 2803.919299] __kasan_kmalloc+0x81/0xa0 [ 2803.919676] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan] [ 2803.920208] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.920700] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.921326] kthread+0x2a7/0x350 [ 2803.921683] ret_from_fork+0x22/0x30 [ 2803.922045] [ 2803.922219] The buggy address belongs to the object at ffff8880043a5200 [ 2803.922219] which belongs to the cache kmalloc-128 of size 128 [ 2803.923408] The buggy address is located 113 bytes inside of [ 2803.923408] 128-byte region [ffff8880043a5200, ffff8880043a5280) [ 2803.924527] [ 2803.924701] The buggy address belongs to the physical page: [ 2803.925250] page:000000004e72d89e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43a5 [ 2803.926159] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.926836] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 2803.927640] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2803.928402] page dumped because: kasan: bad access detected [ 2803.928948] [ 2803.929122] Memory state around the buggy address: [ 2803.929608] ffff8880043a5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2803.930466] ffff8880043a5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.931274] >ffff8880043a5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2803.932061] ^ [ 2803.932837] ffff8880043a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.933672] ffff8880043a5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.934408] ================================================================== [ 2803.935332] ok 20 - kmalloc_oob_memset_8 [ 2803.936864] ================================================================== [ 2803.938069] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2803.938931] Write of size 16 at addr ffff8880043a5b69 by task kunit_try_catch/117609 [ 2803.939736] [ 2803.939913] CPU: 0 PID: 117609 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.941236] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.941813] Call Trace: [ 2803.942072] [ 2803.942326] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2803.942925] dump_stack_lvl+0x57/0x81 [ 2803.943307] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.943886] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2803.944471] print_report.cold+0x5c/0x237 [ 2803.944881] kasan_report+0xc9/0x100 [ 2803.945250] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2803.945837] kasan_check_range+0xfd/0x1e0 [ 2803.946246] memset+0x20/0x50 [ 2803.946569] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2803.947123] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan] [ 2803.947702] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.948166] ? do_raw_spin_lock+0x270/0x270 [ 2803.948596] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.949150] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.949655] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.950162] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.950660] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.951169] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.951785] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.952305] kthread+0x2a7/0x350 [ 2803.952643] ? kthread_complete_and_exit+0x20/0x20 [ 2803.953125] ret_from_fork+0x22/0x30 [ 2803.953503] [ 2803.953739] [ 2803.953914] Allocated by task 117609: [ 2803.954295] kasan_save_stack+0x1e/0x40 [ 2803.954684] __kasan_kmalloc+0x81/0xa0 [ 2803.955066] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan] [ 2803.955615] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.956107] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.956717] kthread+0x2a7/0x350 [ 2803.957055] ret_from_fork+0x22/0x30 [ 2803.957428] [ 2803.957602] The buggy address belongs to the object at ffff8880043a5b00 [ 2803.957602] which belongs to the cache kmalloc-128 of size 128 [ 2803.958804] The buggy address is located 105 bytes inside of [ 2803.958804] 128-byte region [ffff8880043a5b00, ffff8880043a5b80) [ 2803.959936] [ 2803.960109] The buggy address belongs to the physical page: [ 2803.960661] page:000000004e72d89e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43a5 [ 2803.961556] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.962230] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 2803.962993] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2803.963793] page dumped because: kasan: bad access detected [ 2803.964348] [ 2803.964522] Memory state around the buggy address: [ 2803.964999] ffff8880043a5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.965714] ffff8880043a5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.966425] >ffff8880043a5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2803.967131] ^ [ 2803.967835] ffff8880043a5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2803.968548] ffff8880043a5c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2803.969260] ================================================================== [ 2803.970011] ok 21 - kmalloc_oob_memset_16 [ 2803.971759] ================================================================== [ 2803.972963] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2803.973827] Read of size 18446744073709551614 at addr ffff8880475f2084 by task kunit_try_catch/117610 [ 2803.974722] [ 2803.974898] CPU: 0 PID: 117610 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2803.976223] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2803.976800] Call Trace: [ 2803.977058] [ 2803.977290] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2803.977931] dump_stack_lvl+0x57/0x81 [ 2803.978360] print_address_description.constprop.0+0x1f/0x1e0 [ 2803.978934] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2803.979572] print_report.cold+0x5c/0x237 [ 2803.979982] kasan_report+0xc9/0x100 [ 2803.980358] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2803.980996] kasan_check_range+0xfd/0x1e0 [ 2803.981410] memmove+0x20/0x60 [ 2803.981736] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2803.982367] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan] [ 2803.982998] ? do_raw_spin_trylock+0xb5/0x180 [ 2803.983454] ? do_raw_spin_lock+0x270/0x270 [ 2803.983879] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2803.984440] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2803.984939] ? kunit_add_resource+0x197/0x280 [kunit] [ 2803.985453] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.985971] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2803.986504] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.987112] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2803.987635] kthread+0x2a7/0x350 [ 2803.987973] ? kthread_complete_and_exit+0x20/0x20 [ 2803.988464] ret_from_fork+0x22/0x30 [ 2803.988899] [ 2803.989183] [ 2803.989362] Allocated by task 117610: [ 2803.989759] kasan_save_stack+0x1e/0x40 [ 2803.990172] __kasan_kmalloc+0x81/0xa0 [ 2803.990556] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan] [ 2803.991211] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2803.991730] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2803.992366] kthread+0x2a7/0x350 [ 2803.992702] ret_from_fork+0x22/0x30 [ 2803.993070] [ 2803.993243] The buggy address belongs to the object at ffff8880475f2080 [ 2803.993243] which belongs to the cache kmalloc-64 of size 64 [ 2803.994430] The buggy address is located 4 bytes inside of [ 2803.994430] 64-byte region [ffff8880475f2080, ffff8880475f20c0) [ 2803.995535] [ 2803.995710] The buggy address belongs to the physical page: [ 2803.996261] page:0000000040bd3fe2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x475f2 [ 2803.997160] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2803.997880] raw: 000fffffc0000200 ffffea00042322c0 dead000000000004 ffff888100041640 [ 2803.998637] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2803.999393] page dumped because: kasan: bad access detected [ 2803.999941] [ 2804.000114] Memory state around the buggy address: [ 2804.000600] ffff8880475f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.001310] ffff8880475f2000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.002017] >ffff8880475f2080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2804.002727] ^ [ 2804.003062] ffff8880475f2100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2804.003774] ffff8880475f2180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2804.004482] ================================================================== [ 2804.005357] ok 22 - kmalloc_memmove_negative_size [ 2804.007001] ================================================================== [ 2804.008269] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2804.009158] Read of size 64 at addr ffff888042bf0284 by task kunit_try_catch/117611 [ 2804.009911] [ 2804.010086] CPU: 0 PID: 117611 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.011415] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.011988] Call Trace: [ 2804.012246] [ 2804.012482] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2804.013116] dump_stack_lvl+0x57/0x81 [ 2804.013504] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.014082] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2804.014719] print_report.cold+0x5c/0x237 [ 2804.015129] kasan_report+0xc9/0x100 [ 2804.015508] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2804.016141] kasan_check_range+0xfd/0x1e0 [ 2804.016553] memmove+0x20/0x60 [ 2804.016880] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2804.017505] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan] [ 2804.018087] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.018539] ? do_raw_spin_lock+0x270/0x270 [ 2804.018966] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.019528] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.020038] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.020540] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.021051] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.021666] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.022183] kthread+0x2a7/0x350 [ 2804.022524] ? kthread_complete_and_exit+0x20/0x20 [ 2804.023008] ret_from_fork+0x22/0x30 [ 2804.023393] [ 2804.023630] [ 2804.023805] Allocated by task 117611: [ 2804.024177] kasan_save_stack+0x1e/0x40 [ 2804.024572] __kasan_kmalloc+0x81/0xa0 [ 2804.024954] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan] [ 2804.025564] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.026055] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.026666] kthread+0x2a7/0x350 [ 2804.027003] ret_from_fork+0x22/0x30 [ 2804.027381] [ 2804.027556] The buggy address belongs to the object at ffff888042bf0280 [ 2804.027556] which belongs to the cache kmalloc-64 of size 64 [ 2804.028741] The buggy address is located 4 bytes inside of [ 2804.028741] 64-byte region [ffff888042bf0280, ffff888042bf02c0) [ 2804.029965] [ 2804.030139] The buggy address belongs to the physical page: [ 2804.030711] page:000000005e8a451a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42bf0 [ 2804.031660] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2804.032367] raw: 000fffffc0000200 ffffea0000616100 dead000000000002 ffff888100041640 [ 2804.033121] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2804.033879] page dumped because: kasan: bad access detected [ 2804.034431] [ 2804.034607] Memory state around the buggy address: [ 2804.035085] ffff888042bf0180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.035801] ffff888042bf0200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.036563] >ffff888042bf0280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2804.037273] ^ [ 2804.037799] ffff888042bf0300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.038512] ffff888042bf0380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.039224] ================================================================== [ 2804.040044] ok 23 - kmalloc_memmove_invalid_size [ 2804.040842] ================================================================== [ 2804.042140] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2804.042862] Read of size 1 at addr ffff888041ef0268 by task kunit_try_catch/117612 [ 2804.043609] [ 2804.043784] CPU: 0 PID: 117612 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.045152] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.045725] Call Trace: [ 2804.045983] [ 2804.046211] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2804.046713] dump_stack_lvl+0x57/0x81 [ 2804.047090] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.047689] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2804.048208] print_report.cold+0x5c/0x237 [ 2804.048625] kasan_report+0xc9/0x100 [ 2804.048994] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2804.049492] kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2804.049969] ? kmalloc_uaf2+0x430/0x430 [test_kasan] [ 2804.050477] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.050923] ? do_raw_spin_lock+0x270/0x270 [ 2804.051354] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.051907] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.052424] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.052916] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.053470] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.054052] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.054671] kthread+0x2a7/0x350 [ 2804.055009] ? kthread_complete_and_exit+0x20/0x20 [ 2804.055494] ret_from_fork+0x22/0x30 [ 2804.055926] [ 2804.056188] [ 2804.056376] Allocated by task 117612: [ 2804.056762] kasan_save_stack+0x1e/0x40 [ 2804.057151] __kasan_kmalloc+0x81/0xa0 [ 2804.057536] kmalloc_uaf+0x98/0x2b0 [test_kasan] [ 2804.058005] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.058501] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.059109] kthread+0x2a7/0x350 [ 2804.059449] ret_from_fork+0x22/0x30 [ 2804.059817] [ 2804.059992] Freed by task 117612: [ 2804.060343] kasan_save_stack+0x1e/0x40 [ 2804.060732] kasan_set_track+0x21/0x30 [ 2804.061113] kasan_set_free_info+0x20/0x40 [ 2804.061530] __kasan_slab_free+0x108/0x170 [ 2804.061941] slab_free_freelist_hook+0x11d/0x1d0 [ 2804.062415] kfree+0xe2/0x3c0 [ 2804.062730] kmalloc_uaf+0x12b/0x2b0 [test_kasan] [ 2804.063202] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.063698] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.064309] kthread+0x2a7/0x350 [ 2804.064645] ret_from_fork+0x22/0x30 [ 2804.065013] [ 2804.065187] The buggy address belongs to the object at ffff888041ef0260 [ 2804.065187] which belongs to the cache kmalloc-16 of size 16 [ 2804.066379] The buggy address is located 8 bytes inside of [ 2804.066379] 16-byte region [ffff888041ef0260, ffff888041ef0270) [ 2804.067485] [ 2804.067659] The buggy address belongs to the physical page: [ 2804.068214] page:000000001d378e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41ef0 [ 2804.069119] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2804.069797] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2804.070556] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2804.071311] page dumped because: kasan: bad access detected [ 2804.071860] [ 2804.072034] Memory state around the buggy address: [ 2804.072517] ffff888041ef0100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2804.073222] ffff888041ef0180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2804.073934] >ffff888041ef0200: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2804.074646] ^ [ 2804.075293] ffff888041ef0280: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2804.075997] ffff888041ef0300: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 2804.076707] ================================================================== [ 2804.077497] ok 24 - kmalloc_uaf [ 2804.078878] ================================================================== [ 2804.079995] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2804.080770] Write of size 33 at addr ffff888042bf0900 by task kunit_try_catch/117613 [ 2804.081531] [ 2804.081706] CPU: 0 PID: 117613 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.083031] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.083609] Call Trace: [ 2804.083866] [ 2804.084096] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2804.084650] dump_stack_lvl+0x57/0x81 [ 2804.085028] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.085608] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2804.086175] print_report.cold+0x5c/0x237 [ 2804.086611] kasan_report+0xc9/0x100 [ 2804.086982] ? kmalloc_uaf_memset+0xc1/0x280 [test_kasan] [ 2804.087529] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2804.088077] kasan_check_range+0xfd/0x1e0 [ 2804.088492] memset+0x20/0x50 [ 2804.088809] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2804.089342] ? kmem_cache_accounted+0x170/0x170 [test_kasan] [ 2804.089911] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.090366] ? do_raw_spin_lock+0x270/0x270 [ 2804.090792] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.091351] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.091862] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.092361] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.092869] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.093494] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.094008] kthread+0x2a7/0x350 [ 2804.094349] ? kthread_complete_and_exit+0x20/0x20 [ 2804.094833] ret_from_fork+0x22/0x30 [ 2804.095213] [ 2804.095463] [ 2804.095637] Allocated by task 117613: [ 2804.096010] kasan_save_stack+0x1e/0x40 [ 2804.096403] __kasan_kmalloc+0x81/0xa0 [ 2804.096784] kmalloc_uaf_memset+0x9a/0x280 [test_kasan] [ 2804.097314] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.097823] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.098454] kthread+0x2a7/0x350 [ 2804.098788] ret_from_fork+0x22/0x30 [ 2804.099155] [ 2804.099334] Freed by task 117613: [ 2804.099675] kasan_save_stack+0x1e/0x40 [ 2804.100065] kasan_set_track+0x21/0x30 [ 2804.100452] kasan_set_free_info+0x20/0x40 [ 2804.100863] __kasan_slab_free+0x108/0x170 [ 2804.101278] slab_free_freelist_hook+0x11d/0x1d0 [ 2804.101742] kfree+0xe2/0x3c0 [ 2804.102054] kmalloc_uaf_memset+0x137/0x280 [test_kasan] [ 2804.102585] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.103074] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.103680] kthread+0x2a7/0x350 [ 2804.104015] ret_from_fork+0x22/0x30 [ 2804.104386] [ 2804.104559] The buggy address belongs to the object at ffff888042bf0900 [ 2804.104559] which belongs to the cache kmalloc-64 of size 64 [ 2804.105740] The buggy address is located 0 bytes inside of [ 2804.105740] 64-byte region [ffff888042bf0900, ffff888042bf0940) [ 2804.106846] [ 2804.107019] The buggy address belongs to the physical page: [ 2804.107571] page:000000005e8a451a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42bf0 [ 2804.108470] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2804.109143] raw: 000fffffc0000200 ffffea0000616100 dead000000000002 ffff888100041640 [ 2804.109900] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2804.110659] page dumped because: kasan: bad access detected [ 2804.111205] [ 2804.111383] Memory state around the buggy address: [ 2804.111862] ffff888042bf0800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.112578] ffff888042bf0880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.113292] >ffff888042bf0900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.113998] ^ [ 2804.114339] ffff888042bf0980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.115046] ffff888042bf0a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.115758] ================================================================== [ 2804.116553] ok 25 - kmalloc_uaf_memset [ 2804.118822] ================================================================== [ 2804.120027] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2804.120755] Read of size 1 at addr ffff888042bf0328 by task kunit_try_catch/117614 [ 2804.121498] [ 2804.121674] CPU: 0 PID: 117614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.123050] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.123622] Call Trace: [ 2804.123882] [ 2804.124112] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2804.124626] dump_stack_lvl+0x57/0x81 [ 2804.125003] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.125637] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2804.126187] print_report.cold+0x5c/0x237 [ 2804.126631] kasan_report+0xc9/0x100 [ 2804.127029] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2804.127573] kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2804.128097] ? kfree_via_page+0x290/0x290 [test_kasan] [ 2804.128673] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.129185] ? lock_acquire+0x4ea/0x620 [ 2804.129611] ? rcu_read_unlock+0x40/0x40 [ 2804.130039] ? rcu_read_unlock+0x40/0x40 [ 2804.130470] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.130982] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.131584] ? do_raw_spin_lock+0x270/0x270 [ 2804.132038] ? trace_hardirqs_on+0x2d/0x160 [ 2804.132498] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2804.133033] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.133586] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.134126] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.134673] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.135351] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.135899] kthread+0x2a7/0x350 [ 2804.136264] ? kthread_complete_and_exit+0x20/0x20 [ 2804.136845] ret_from_fork+0x22/0x30 [ 2804.137244] [ 2804.137563] [ 2804.137749] Allocated by task 117614: [ 2804.138186] kasan_save_stack+0x1e/0x40 [ 2804.138604] __kasan_kmalloc+0x81/0xa0 [ 2804.139017] kmalloc_uaf2+0xad/0x430 [test_kasan] [ 2804.139579] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.140110] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.140839] kthread+0x2a7/0x350 [ 2804.141177] ret_from_fork+0x22/0x30 [ 2804.141533] [ 2804.141719] Freed by task 117614: [ 2804.142124] kasan_save_stack+0x1e/0x40 [ 2804.142600] kasan_set_track+0x21/0x30 [ 2804.143070] kasan_set_free_info+0x20/0x40 [ 2804.143543] __kasan_slab_free+0x108/0x170 [ 2804.143978] slab_free_freelist_hook+0x11d/0x1d0 [ 2804.144503] kfree+0xe2/0x3c0 [ 2804.144846] kmalloc_uaf2+0x144/0x430 [test_kasan] [ 2804.145345] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.145854] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.146474] kthread+0x2a7/0x350 [ 2804.146831] ret_from_fork+0x22/0x30 [ 2804.147169] [ 2804.147351] The buggy address belongs to the object at ffff888042bf0300 [ 2804.147351] which belongs to the cache kmalloc-64 of size 64 [ 2804.148592] The buggy address is located 40 bytes inside of [ 2804.148592] 64-byte region [ffff888042bf0300, ffff888042bf0340) [ 2804.149834] [ 2804.150013] The buggy address belongs to the physical page: [ 2804.150685] page:000000005e8a451a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42bf0 [ 2804.151726] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2804.152535] raw: 000fffffc0000200 ffffea0000616100 dead000000000002 ffff888100041640 [ 2804.153269] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2804.154101] page dumped because: kasan: bad access detected [ 2804.154737] [ 2804.154920] Memory state around the buggy address: [ 2804.155455] ffff888042bf0200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.156334] ffff888042bf0280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.157084] >ffff888042bf0300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.157886] ^ [ 2804.158364] ffff888042bf0380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.159082] ffff888042bf0400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2804.159808] ================================================================== [ 2804.162703] ok 26 - kmalloc_uaf2 [ 2804.167973] ok 27 - kfree_via_page [ 2804.169868] ok 28 - kfree_via_phys [ 2804.172191] ================================================================== [ 2804.173347] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2804.174144] Read of size 1 at addr ffff88804296da10 by task kunit_try_catch/117617 [ 2804.174915] [ 2804.175099] CPU: 0 PID: 117617 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.176384] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.177013] Call Trace: [ 2804.177265] [ 2804.177513] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2804.178049] dump_stack_lvl+0x57/0x81 [ 2804.178542] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.179165] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2804.179662] print_report.cold+0x5c/0x237 [ 2804.180052] kasan_report+0xc9/0x100 [ 2804.180410] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2804.180908] kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2804.181378] ? kmem_cache_double_free+0x280/0x280 [test_kasan] [ 2804.181920] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.182340] ? do_raw_spin_lock+0x270/0x270 [ 2804.182761] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.183292] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.183792] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.184249] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.184746] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.185305] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.185808] kthread+0x2a7/0x350 [ 2804.186132] ? kthread_complete_and_exit+0x20/0x20 [ 2804.186744] ret_from_fork+0x22/0x30 [ 2804.187101] [ 2804.187330] [ 2804.187496] Allocated by task 117617: [ 2804.187850] kasan_save_stack+0x1e/0x40 [ 2804.188288] __kasan_slab_alloc+0x66/0x80 [ 2804.188740] kmem_cache_alloc+0x161/0x310 [ 2804.189125] kmem_cache_oob+0x121/0x2e0 [test_kasan] [ 2804.189604] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.190073] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.190655] kthread+0x2a7/0x350 [ 2804.190975] ret_from_fork+0x22/0x30 [ 2804.191330] [ 2804.191496] The buggy address belongs to the object at ffff88804296d948 [ 2804.191496] which belongs to the cache test_cache of size 200 [ 2804.192727] The buggy address is located 0 bytes to the right of [ 2804.192727] 200-byte region [ffff88804296d948, ffff88804296da10) [ 2804.193916] [ 2804.194083] The buggy address belongs to the physical page: [ 2804.194605] page:00000000f60013d1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4296d [ 2804.195481] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2804.196239] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88800183cc80 [ 2804.196961] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2804.197679] page dumped because: kasan: bad access detected [ 2804.198225] [ 2804.198414] Memory state around the buggy address: [ 2804.198871] ffff88804296d900: fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 [ 2804.199548] ffff88804296d980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.200220] >ffff88804296da00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.200925] ^ [ 2804.201291] ffff88804296da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.201963] ffff88804296db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.202711] ================================================================== [ 2804.253001] ok 29 - kmem_cache_oob [ 2804.786014] ok 30 - kmem_cache_accounted [ 2804.797587] ok 31 - kmem_cache_bulk [ 2804.801786] ================================================================== [ 2804.802864] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2804.803706] Read of size 1 at addr ffffffffc14df90d by task kunit_try_catch/117620 [ 2804.804395] [ 2804.804558] CPU: 0 PID: 117620 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.805865] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.806402] Call Trace: [ 2804.806749] [ 2804.807024] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2804.807609] dump_stack_lvl+0x57/0x81 [ 2804.808011] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.808547] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2804.809106] print_report.cold+0x5c/0x237 [ 2804.809490] kasan_report+0xc9/0x100 [ 2804.809848] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2804.810395] kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2804.810920] ? kasan_stack_oob+0x200/0x200 [test_kasan] [ 2804.811451] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.811867] ? do_raw_spin_lock+0x270/0x270 [ 2804.812269] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.812838] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.813339] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.813811] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.814315] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.814890] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.815439] kthread+0x2a7/0x350 [ 2804.815768] ? kthread_complete_and_exit+0x20/0x20 [ 2804.816216] ret_from_fork+0x22/0x30 [ 2804.816567] [ 2804.816786] [ 2804.816947] The buggy address belongs to the variable: [ 2804.817467] global_array+0xd/0xfffffffffffe5700 [test_kasan] [ 2804.817999] [ 2804.818159] Memory state around the buggy address: [ 2804.818607] ffffffffc14df800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.819288] ffffffffc14df880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.820005] >ffffffffc14df900: 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 2804.820666] ^ [ 2804.820996] ffffffffc14df980: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 [ 2804.821800] ffffffffc14dfa00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 2804.822590] ================================================================== [ 2804.823369] ok 32 - kasan_global_oob_right [ 2804.825807] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y [ 2804.827802] ================================================================== [ 2804.829251] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2804.830106] Read of size 1 at addr ffffc90001027e7a by task kunit_try_catch/117622 [ 2804.830882] [ 2804.831044] CPU: 0 PID: 117622 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.832350] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.832874] Call Trace: [ 2804.833129] [ 2804.833353] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2804.833850] dump_stack_lvl+0x57/0x81 [ 2804.834198] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.834854] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2804.835434] print_report.cold+0x5c/0x237 [ 2804.835836] kasan_report+0xc9/0x100 [ 2804.836195] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2804.836681] kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2804.837170] ? match_all_mem_tag+0x20/0x20 [test_kasan] [ 2804.837679] ? rcu_read_unlock+0x40/0x40 [ 2804.838046] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.838532] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.838982] ? do_raw_spin_lock+0x270/0x270 [ 2804.839444] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.839972] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2804.840459] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.840928] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.841428] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.841897] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.842598] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.843173] kthread+0x2a7/0x350 [ 2804.843512] ? kthread_complete_and_exit+0x20/0x20 [ 2804.843975] ret_from_fork+0x22/0x30 [ 2804.844348] [ 2804.844589] [ 2804.844740] The buggy address belongs to stack of task kunit_try_catch/117622 [ 2804.845394] and is located at offset 266 in frame: [ 2804.845872] kasan_stack_oob+0x0/0x200 [test_kasan] [ 2804.846331] [ 2804.846491] This frame has 4 objects: [ 2804.846834] [48, 56) 'array' [ 2804.846837] [80, 128) '__assertion' [ 2804.847142] [160, 224) '__assertion' [ 2804.847510] [256, 266) 'stack_array' [ 2804.847866] [ 2804.848361] The buggy address belongs to the virtual mapping at [ 2804.848361] [ffffc90001020000, ffffc90001029000) created by: [ 2804.848361] dup_task_struct+0x5e/0x5a0 [ 2804.849826] [ 2804.850007] The buggy address belongs to the physical page: [ 2804.850518] page:0000000065666ca0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56ce5 [ 2804.851382] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2804.851984] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2804.852684] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2804.853506] page dumped because: kasan: bad access detected [ 2804.854119] [ 2804.854295] Memory state around the buggy address: [ 2804.854747] ffffc90001027d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 2804.855449] ffffc90001027d80: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 00 00 f2 f2 [ 2804.856203] >ffffc90001027e00: f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02 [ 2804.856950] ^ [ 2804.857645] ffffc90001027e80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.858309] ffffc90001027f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.858965] ================================================================== [ 2804.859966] ok 34 - kasan_stack_oob [ 2804.861795] ================================================================== [ 2804.862893] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2804.863726] Read of size 1 at addr ffffc90001057d1f by task kunit_try_catch/117623 [ 2804.864494] [ 2804.864666] CPU: 0 PID: 117623 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.865946] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.866487] Call Trace: [ 2804.866742] [ 2804.866958] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2804.867557] dump_stack_lvl+0x57/0x81 [ 2804.867909] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.868453] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2804.868992] print_report.cold+0x5c/0x237 [ 2804.869425] kasan_report+0xc9/0x100 [ 2804.869770] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2804.870314] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2804.870830] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.871301] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.871764] ? lock_acquire+0x4ea/0x620 [ 2804.872129] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan] [ 2804.872678] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.873141] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.873684] ? do_raw_spin_lock+0x270/0x270 [ 2804.874177] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.874849] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2804.875344] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.875850] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.876436] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.876974] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.877599] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.878091] kthread+0x2a7/0x350 [ 2804.878444] ? kthread_complete_and_exit+0x20/0x20 [ 2804.878927] ret_from_fork+0x22/0x30 [ 2804.879314] [ 2804.879574] [ 2804.879793] The buggy address belongs to stack of task kunit_try_catch/117623 [ 2804.880541] [ 2804.880705] The buggy address belongs to the virtual mapping at [ 2804.880705] [ffffc90001050000, ffffc90001059000) created by: [ 2804.880705] dup_task_struct+0x5e/0x5a0 [ 2804.882122] [ 2804.882288] The buggy address belongs to the physical page: [ 2804.882792] page:00000000435559a7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49ea9 [ 2804.883667] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2804.884256] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2804.884955] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2804.885712] page dumped because: kasan: bad access detected [ 2804.886241] [ 2804.886406] Memory state around the buggy address: [ 2804.886847] ffffc90001057c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.887686] ffffc90001057c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.888344] >ffffc90001057d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 2804.888998] ^ [ 2804.889420] ffffc90001057d80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 2804.890075] ffffc90001057e00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 2804.890786] ================================================================== [ 2804.891780] ok 35 - kasan_alloca_oob_left [ 2804.893828] ================================================================== [ 2804.894944] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2804.895835] Read of size 1 at addr ffffc900011e7d2a by task kunit_try_catch/117624 [ 2804.896608] [ 2804.896796] CPU: 0 PID: 117624 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.898205] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.898769] Call Trace: [ 2804.899005] [ 2804.899236] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2804.899857] dump_stack_lvl+0x57/0x81 [ 2804.900241] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.900961] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2804.901576] print_report.cold+0x5c/0x237 [ 2804.901979] kasan_report+0xc9/0x100 [ 2804.902379] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2804.902951] kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2804.903564] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.904015] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.904450] ? lock_acquire+0x4ea/0x620 [ 2804.904807] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan] [ 2804.905404] ? rcu_read_lock_sched_held+0x12/0x80 [ 2804.905858] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.906318] ? do_raw_spin_lock+0x270/0x270 [ 2804.906719] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.907212] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2804.907727] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.908196] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.908692] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.909160] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.909769] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.910208] kthread+0x2a7/0x350 [ 2804.910525] ? kthread_complete_and_exit+0x20/0x20 [ 2804.910993] ret_from_fork+0x22/0x30 [ 2804.911432] [ 2804.911710] [ 2804.911945] The buggy address belongs to stack of task kunit_try_catch/117624 [ 2804.912727] [ 2804.912910] The buggy address belongs to the virtual mapping at [ 2804.912910] [ffffc900011e0000, ffffc900011e9000) created by: [ 2804.912910] dup_task_struct+0x5e/0x5a0 [ 2804.914321] [ 2804.914475] The buggy address belongs to the physical page: [ 2804.914979] page:00000000079d9815 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4503f [ 2804.915930] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2804.916517] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2804.917223] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2804.918012] page dumped because: kasan: bad access detected [ 2804.918513] [ 2804.918687] Memory state around the buggy address: [ 2804.919130] ffffc900011e7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.919799] ffffc900011e7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.920464] >ffffc900011e7d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 2804.921149] ^ [ 2804.921647] ffffc900011e7d80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 2804.922327] ffffc900011e7e00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 2804.922949] ================================================================== [ 2804.923901] ok 36 - kasan_alloca_oob_right [ 2804.925944] ================================================================== [ 2804.927060] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2804.927912] Read of size 1 at addr ffff888044cb8180 by task kunit_try_catch/117625 [ 2804.928666] [ 2804.928823] CPU: 0 PID: 117625 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.930257] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.930807] Call Trace: [ 2804.931037] [ 2804.931299] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2804.931934] dump_stack_lvl+0x57/0x81 [ 2804.932264] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.932883] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2804.933477] print_report.cold+0x5c/0x237 [ 2804.933869] kasan_report+0xc9/0x100 [ 2804.934207] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2804.934781] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2804.935433] ? ksize_uaf+0x4a0/0x4a0 [test_kasan] [ 2804.935900] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.936312] ? do_raw_spin_lock+0x270/0x270 [ 2804.936681] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.937182] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.937695] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.938214] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.938734] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.939344] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.939839] kthread+0x2a7/0x350 [ 2804.940139] ? kthread_complete_and_exit+0x20/0x20 [ 2804.940634] ret_from_fork+0x22/0x30 [ 2804.941039] [ 2804.941292] [ 2804.941472] Allocated by task 117625: [ 2804.941865] kasan_save_stack+0x1e/0x40 [ 2804.942297] __kasan_kmalloc+0x81/0xa0 [ 2804.942675] ksize_unpoisons_memory+0x9a/0x300 [test_kasan] [ 2804.943211] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.943690] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.944251] kthread+0x2a7/0x350 [ 2804.944602] ret_from_fork+0x22/0x30 [ 2804.944961] [ 2804.945141] The buggy address belongs to the object at ffff888044cb8100 [ 2804.945141] which belongs to the cache kmalloc-128 of size 128 [ 2804.946358] The buggy address is located 0 bytes to the right of [ 2804.946358] 128-byte region [ffff888044cb8100, ffff888044cb8180) [ 2804.947468] [ 2804.947647] The buggy address belongs to the physical page: [ 2804.948149] page:0000000093b3cd9b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cb8 [ 2804.949024] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2804.949688] raw: 000fffffc0000200 ffffea000052ee40 dead000000000002 ffff8881000418c0 [ 2804.950448] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2804.951194] page dumped because: kasan: bad access detected [ 2804.951752] [ 2804.951908] Memory state around the buggy address: [ 2804.952419] ffff888044cb8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.953129] ffff888044cb8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.953846] >ffff888044cb8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.954503] ^ [ 2804.954818] ffff888044cb8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.955549] ffff888044cb8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.956299] ================================================================== [ 2804.957017] ok 37 - ksize_unpoisons_memory [ 2804.958817] ================================================================== [ 2804.960064] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2804.960695] Read of size 1 at addr ffff8880013f6900 by task kunit_try_catch/117626 [ 2804.961415] [ 2804.961610] CPU: 0 PID: 117626 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2804.962903] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2804.963529] Call Trace: [ 2804.963797] [ 2804.964002] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2804.964442] dump_stack_lvl+0x57/0x81 [ 2804.964818] print_address_description.constprop.0+0x1f/0x1e0 [ 2804.965416] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2804.965912] print_report.cold+0x5c/0x237 [ 2804.966319] kasan_report+0xc9/0x100 [ 2804.966685] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2804.967109] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2804.967574] __kasan_check_byte+0x36/0x50 [ 2804.968041] ksize+0x1b/0x50 [ 2804.968406] ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2804.968878] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2804.969427] ? do_raw_spin_trylock+0xb5/0x180 [ 2804.969865] ? do_raw_spin_lock+0x270/0x270 [ 2804.970300] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2804.970830] ? kunit_add_resource+0x197/0x280 [kunit] [ 2804.971319] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.971813] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2804.972332] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.972913] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2804.973482] kthread+0x2a7/0x350 [ 2804.973859] ? kthread_complete_and_exit+0x20/0x20 [ 2804.974375] ret_from_fork+0x22/0x30 [ 2804.974738] [ 2804.974954] [ 2804.975134] Allocated by task 117626: [ 2804.975496] kasan_save_stack+0x1e/0x40 [ 2804.975869] __kasan_kmalloc+0x81/0xa0 [ 2804.976220] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2804.976639] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.977108] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.977733] kthread+0x2a7/0x350 [ 2804.978130] ret_from_fork+0x22/0x30 [ 2804.978485] [ 2804.978661] Freed by task 117626: [ 2804.978999] kasan_save_stack+0x1e/0x40 [ 2804.979398] kasan_set_track+0x21/0x30 [ 2804.979790] kasan_set_free_info+0x20/0x40 [ 2804.980187] __kasan_slab_free+0x108/0x170 [ 2804.980608] slab_free_freelist_hook+0x11d/0x1d0 [ 2804.981034] kfree+0xe2/0x3c0 [ 2804.981346] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2804.981813] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2804.982252] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2804.982830] kthread+0x2a7/0x350 [ 2804.983128] ret_from_fork+0x22/0x30 [ 2804.983481] [ 2804.983654] The buggy address belongs to the object at ffff8880013f6900 [ 2804.983654] which belongs to the cache kmalloc-128 of size 128 [ 2804.984893] The buggy address is located 0 bytes inside of [ 2804.984893] 128-byte region [ffff8880013f6900, ffff8880013f6980) [ 2804.986183] [ 2804.986375] The buggy address belongs to the physical page: [ 2804.986989] page:00000000ee5cc529 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13f6 [ 2804.987952] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2804.988801] raw: 000fffffc0000200 ffffea000052ee40 dead000000000002 ffff8881000418c0 [ 2804.989696] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2804.990438] page dumped because: kasan: bad access detected [ 2804.991043] [ 2804.991241] Memory state around the buggy address: [ 2804.991785] ffff8880013f6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2804.992628] ffff8880013f6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.993388] >ffff8880013f6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2804.994134] ^ [ 2804.994560] ffff8880013f6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2804.995395] ffff8880013f6a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2804.996266] ================================================================== [ 2804.997120] ================================================================== [ 2804.997958] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2804.998813] Read of size 1 at addr ffff8880013f6900 by task kunit_try_catch/117626 [ 2804.999592] [ 2804.999791] CPU: 0 PID: 117626 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.001308] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.001955] Call Trace: [ 2805.002255] [ 2805.002583] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2805.003116] dump_stack_lvl+0x57/0x81 [ 2805.003541] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.004102] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2805.004586] print_report.cold+0x5c/0x237 [ 2805.005000] kasan_report+0xc9/0x100 [ 2805.005356] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2805.005860] ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2805.006329] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2805.006861] ? do_raw_spin_trylock+0xb5/0x180 [ 2805.007358] ? do_raw_spin_lock+0x270/0x270 [ 2805.007798] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.008345] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.008852] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.009411] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.009960] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.010567] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.011205] kthread+0x2a7/0x350 [ 2805.011591] ? kthread_complete_and_exit+0x20/0x20 [ 2805.012047] ret_from_fork+0x22/0x30 [ 2805.012405] [ 2805.012628] [ 2805.012792] Allocated by task 117626: [ 2805.013161] kasan_save_stack+0x1e/0x40 [ 2805.013563] __kasan_kmalloc+0x81/0xa0 [ 2805.013930] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2805.014364] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.014861] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.015662] kthread+0x2a7/0x350 [ 2805.015984] ret_from_fork+0x22/0x30 [ 2805.016326] [ 2805.016487] Freed by task 117626: [ 2805.016801] kasan_save_stack+0x1e/0x40 [ 2805.017206] kasan_set_track+0x21/0x30 [ 2805.017593] kasan_set_free_info+0x20/0x40 [ 2805.018047] __kasan_slab_free+0x108/0x170 [ 2805.018524] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.018969] kfree+0xe2/0x3c0 [ 2805.019350] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2805.019795] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.020301] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.020861] kthread+0x2a7/0x350 [ 2805.021175] ret_from_fork+0x22/0x30 [ 2805.021540] [ 2805.021730] The buggy address belongs to the object at ffff8880013f6900 [ 2805.021730] which belongs to the cache kmalloc-128 of size 128 [ 2805.022833] The buggy address is located 0 bytes inside of [ 2805.022833] 128-byte region [ffff8880013f6900, ffff8880013f6980) [ 2805.023923] [ 2805.024116] The buggy address belongs to the physical page: [ 2805.024699] page:00000000ee5cc529 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13f6 [ 2805.025561] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.026197] raw: 000fffffc0000200 ffffea000052ee40 dead000000000002 ffff8881000418c0 [ 2805.026913] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2805.027700] page dumped because: kasan: bad access detected [ 2805.028200] [ 2805.028379] Memory state around the buggy address: [ 2805.028887] ffff8880013f6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2805.029697] ffff8880013f6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.030427] >ffff8880013f6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2805.031141] ^ [ 2805.031502] ffff8880013f6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.032147] ffff8880013f6a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2805.032815] ================================================================== [ 2805.033529] ================================================================== [ 2805.034197] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan] [ 2805.034938] Read of size 1 at addr ffff8880013f6978 by task kunit_try_catch/117626 [ 2805.035673] [ 2805.035881] CPU: 0 PID: 117626 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.037408] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.037935] Call Trace: [ 2805.038163] [ 2805.038410] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2805.038909] dump_stack_lvl+0x57/0x81 [ 2805.039399] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.040073] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2805.040584] print_report.cold+0x5c/0x237 [ 2805.040979] kasan_report+0xc9/0x100 [ 2805.041330] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2805.041794] ksize_uaf+0x470/0x4a0 [test_kasan] [ 2805.042292] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2805.042786] ? do_raw_spin_trylock+0xb5/0x180 [ 2805.043216] ? do_raw_spin_lock+0x270/0x270 [ 2805.043639] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.044130] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.044708] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.045353] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.045852] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.046417] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.046946] kthread+0x2a7/0x350 [ 2805.047334] ? kthread_complete_and_exit+0x20/0x20 [ 2805.047791] ret_from_fork+0x22/0x30 [ 2805.048207] [ 2805.048435] [ 2805.048600] Allocated by task 117626: [ 2805.049024] kasan_save_stack+0x1e/0x40 [ 2805.049410] __kasan_kmalloc+0x81/0xa0 [ 2805.049841] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2805.050305] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.050769] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.051380] kthread+0x2a7/0x350 [ 2805.051725] ret_from_fork+0x22/0x30 [ 2805.052081] [ 2805.052242] Freed by task 117626: [ 2805.052585] kasan_save_stack+0x1e/0x40 [ 2805.052965] kasan_set_track+0x21/0x30 [ 2805.053336] kasan_set_free_info+0x20/0x40 [ 2805.053736] __kasan_slab_free+0x108/0x170 [ 2805.054113] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.054583] kfree+0xe2/0x3c0 [ 2805.054870] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2805.055295] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.055743] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.056320] kthread+0x2a7/0x350 [ 2805.056638] ret_from_fork+0x22/0x30 [ 2805.057127] [ 2805.057322] The buggy address belongs to the object at ffff8880013f6900 [ 2805.057322] which belongs to the cache kmalloc-128 of size 128 [ 2805.058481] The buggy address is located 120 bytes inside of [ 2805.058481] 128-byte region [ffff8880013f6900, ffff8880013f6980) [ 2805.059557] [ 2805.059735] The buggy address belongs to the physical page: [ 2805.060262] page:00000000ee5cc529 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13f6 [ 2805.061214] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.061865] raw: 000fffffc0000200 ffffea000052ee40 dead000000000002 ffff8881000418c0 [ 2805.062577] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2805.063308] page dumped because: kasan: bad access detected [ 2805.063869] [ 2805.064047] Memory state around the buggy address: [ 2805.064558] ffff8880013f6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2805.065250] ffff8880013f6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.065945] >ffff8880013f6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2805.066621] ^ [ 2805.067323] ffff8880013f6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.067968] ffff8880013f6a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2805.068672] ================================================================== [ 2805.069835] ok 38 - ksize_uaf [ 2805.072020] ================================================================== [ 2805.073096] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 2805.073833] [ 2805.074005] CPU: 0 PID: 117627 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.075271] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.075873] Call Trace: [ 2805.076104] [ 2805.076334] dump_stack_lvl+0x57/0x81 [ 2805.076695] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.077278] print_report.cold+0x5c/0x237 [ 2805.077698] ? kmem_cache_free+0x152/0x400 [ 2805.078104] ? kmem_cache_free+0x152/0x400 [ 2805.078525] kasan_report_invalid_free+0x99/0xc0 [ 2805.078988] ? kmem_cache_free+0x152/0x400 [ 2805.079379] ? kmem_cache_free+0x152/0x400 [ 2805.079766] __kasan_slab_free+0x152/0x170 [ 2805.080132] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.080603] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 2805.081201] kmem_cache_free+0x152/0x400 [ 2805.081666] kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 2805.082171] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan] [ 2805.082751] ? do_raw_spin_trylock+0xb5/0x180 [ 2805.083182] ? do_raw_spin_lock+0x270/0x270 [ 2805.083579] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.084133] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2805.084643] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.085096] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.085603] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.086073] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.086661] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.087169] kthread+0x2a7/0x350 [ 2805.087508] ? kthread_complete_and_exit+0x20/0x20 [ 2805.087953] ret_from_fork+0x22/0x30 [ 2805.088332] [ 2805.088556] [ 2805.088748] Allocated by task 117627: [ 2805.089080] kasan_save_stack+0x1e/0x40 [ 2805.089454] __kasan_slab_alloc+0x66/0x80 [ 2805.089850] kmem_cache_alloc+0x161/0x310 [ 2805.090295] kmem_cache_double_free+0x123/0x280 [test_kasan] [ 2805.090822] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.091261] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.091884] kthread+0x2a7/0x350 [ 2805.092182] ret_from_fork+0x22/0x30 [ 2805.092539] [ 2805.092709] Freed by task 117627: [ 2805.093013] kasan_save_stack+0x1e/0x40 [ 2805.093416] kasan_set_track+0x21/0x30 [ 2805.093810] kasan_set_free_info+0x20/0x40 [ 2805.094218] __kasan_slab_free+0x108/0x170 [ 2805.094629] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.095042] kmem_cache_free+0x152/0x400 [ 2805.095434] kmem_cache_double_free+0x144/0x280 [test_kasan] [ 2805.095995] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.096454] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.097026] kthread+0x2a7/0x350 [ 2805.097379] ret_from_fork+0x22/0x30 [ 2805.097753] [ 2805.097962] The buggy address belongs to the object at ffff888047cc7d68 [ 2805.097962] which belongs to the cache test_cache of size 200 [ 2805.099307] The buggy address is located 0 bytes inside of [ 2805.099307] 200-byte region [ffff888047cc7d68, ffff888047cc7e30) [ 2805.100426] [ 2805.100600] The buggy address belongs to the physical page: [ 2805.101202] page:000000003e6cfd34 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47cc7 [ 2805.102054] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.102859] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88800183c000 [ 2805.103620] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2805.104374] page dumped because: kasan: bad access detected [ 2805.104910] [ 2805.105076] Memory state around the buggy address: [ 2805.105561] ffff888047cc7c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.106252] ffff888047cc7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.106928] >ffff888047cc7d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fa fb fb [ 2805.107604] ^ [ 2805.108215] ffff888047cc7d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2805.108935] ffff888047cc7e00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 2805.109615] ================================================================== [ 2805.168233] ok 39 - kmem_cache_double_free [ 2805.172613] ================================================================== [ 2805.173776] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 2805.174560] [ 2805.174741] CPU: 0 PID: 117628 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.176142] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.176694] Call Trace: [ 2805.176989] [ 2805.177241] dump_stack_lvl+0x57/0x81 [ 2805.177669] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.178226] print_report.cold+0x5c/0x237 [ 2805.178662] ? kmem_cache_free+0x152/0x400 [ 2805.179050] ? kmem_cache_free+0x152/0x400 [ 2805.179480] kasan_report_invalid_free+0x99/0xc0 [ 2805.179915] ? kmem_cache_free+0x152/0x400 [ 2805.180288] ? kmem_cache_free+0x152/0x400 [ 2805.180657] __kasan_slab_free+0x152/0x170 [ 2805.181047] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.181528] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 2805.182072] kmem_cache_free+0x152/0x400 [ 2805.182456] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 2805.183034] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan] [ 2805.183616] ? do_raw_spin_trylock+0xb5/0x180 [ 2805.184048] ? do_raw_spin_lock+0x270/0x270 [ 2805.184429] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.184925] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2805.185437] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.185934] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.186452] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.187012] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.187673] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.188231] kthread+0x2a7/0x350 [ 2805.188602] ? kthread_complete_and_exit+0x20/0x20 [ 2805.189076] ret_from_fork+0x22/0x30 [ 2805.189455] [ 2805.189700] [ 2805.189883] Allocated by task 117628: [ 2805.190237] kasan_save_stack+0x1e/0x40 [ 2805.190611] __kasan_slab_alloc+0x66/0x80 [ 2805.190994] kmem_cache_alloc+0x161/0x310 [ 2805.191381] kmem_cache_invalid_free+0x126/0x280 [test_kasan] [ 2805.191986] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.192468] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.193008] kthread+0x2a7/0x350 [ 2805.193328] ret_from_fork+0x22/0x30 [ 2805.193684] [ 2805.193848] The buggy address belongs to the object at ffff88805c105738 [ 2805.193848] which belongs to the cache test_cache of size 200 [ 2805.195044] The buggy address is located 1 bytes inside of [ 2805.195044] 200-byte region [ffff88805c105738, ffff88805c105800) [ 2805.196104] [ 2805.196280] The buggy address belongs to the physical page: [ 2805.196862] page:000000000716118b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5c105 [ 2805.197769] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.198411] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88800183c780 [ 2805.199123] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2805.199856] page dumped because: kasan: bad access detected [ 2805.200379] [ 2805.200566] Memory state around the buggy address: [ 2805.201085] ffff88805c105600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.201775] ffff88805c105680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.202472] >ffff88805c105700: fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 [ 2805.203119] ^ [ 2805.203649] ffff88805c105780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2805.204298] ffff88805c105800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2805.205004] ================================================================== [ 2805.257776] ok 40 - kmem_cache_invalid_free [ 2805.258432] ================================================================== [ 2805.259582] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2805.260457] Read of size 1 at addr ffff88800183c640 by task kunit_try_catch/117629 [ 2805.261275] [ 2805.261497] CPU: 0 PID: 117629 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.262962] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.263513] Call Trace: [ 2805.263826] [ 2805.264102] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2805.264814] dump_stack_lvl+0x57/0x81 [ 2805.265238] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.265957] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2805.266675] print_report.cold+0x5c/0x237 [ 2805.267125] kasan_report+0xc9/0x100 [ 2805.267520] ? kmem_cache_free+0x90/0x400 [ 2805.267905] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2805.268487] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2805.269120] __kasan_check_byte+0x36/0x50 [ 2805.269520] kmem_cache_destroy+0x21/0x170 [ 2805.269932] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2805.270523] ? kmalloc_oob_right+0x510/0x510 [test_kasan] [ 2805.271033] ? do_raw_spin_trylock+0xb5/0x180 [ 2805.271463] ? do_raw_spin_lock+0x270/0x270 [ 2805.271869] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.272409] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.272863] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.273322] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.273817] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.274401] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.274892] kthread+0x2a7/0x350 [ 2805.275192] ? kthread_complete_and_exit+0x20/0x20 [ 2805.275669] ret_from_fork+0x22/0x30 [ 2805.276084] [ 2805.276311] [ 2805.276478] Allocated by task 117629: [ 2805.276836] kasan_save_stack+0x1e/0x40 [ 2805.277206] __kasan_slab_alloc+0x66/0x80 [ 2805.277594] kmem_cache_alloc+0x161/0x310 [ 2805.277979] kmem_cache_create_usercopy+0x1b9/0x310 [ 2805.278477] kmem_cache_create+0x12/0x20 [ 2805.278905] kmem_cache_double_destroy+0x8d/0x250 [test_kasan] [ 2805.279445] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.279914] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.280495] kthread+0x2a7/0x350 [ 2805.280815] ret_from_fork+0x22/0x30 [ 2805.281164] [ 2805.281334] Freed by task 117629: [ 2805.281712] kasan_save_stack+0x1e/0x40 [ 2805.282127] kasan_set_track+0x21/0x30 [ 2805.282514] kasan_set_free_info+0x20/0x40 [ 2805.282905] __kasan_slab_free+0x108/0x170 [ 2805.283355] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.283971] kmem_cache_free+0x152/0x400 [ 2805.284396] kobject_cleanup+0x104/0x390 [ 2805.284783] kmem_cache_double_destroy+0x12a/0x250 [test_kasan] [ 2805.285357] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.285823] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.286402] kthread+0x2a7/0x350 [ 2805.286742] ret_from_fork+0x22/0x30 [ 2805.287115] [ 2805.287285] The buggy address belongs to the object at ffff88800183c640 [ 2805.287285] which belongs to the cache kmem_cache of size 240 [ 2805.288414] The buggy address is located 0 bytes inside of [ 2805.288414] 240-byte region [ffff88800183c640, ffff88800183c730) [ 2805.289452] [ 2805.289613] The buggy address belongs to the physical page: [ 2805.290139] page:000000002656244d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x183c [ 2805.290989] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.291627] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888100041000 [ 2805.292440] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 2805.293148] page dumped because: kasan: bad access detected [ 2805.293679] [ 2805.293871] Memory state around the buggy address: [ 2805.294452] ffff88800183c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2805.295134] ffff88800183c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 2805.295770] >ffff88800183c600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 2805.296404] ^ [ 2805.296872] ffff88800183c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2805.297532] ffff88800183c700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 2805.298175] ================================================================== [ 2805.299011] ok 41 - kmem_cache_double_destroy [ 2805.300946] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2805.303805] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2805.304931] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2805.307890] ================================================================== [ 2805.309610] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2805.310547] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.311272] [ 2805.311458] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.312940] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.313559] Call Trace: [ 2805.313844] [ 2805.314109] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2805.314768] dump_stack_lvl+0x57/0x81 [ 2805.315139] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.315738] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2805.316548] print_report.cold+0x5c/0x237 [ 2805.317039] kasan_report+0xc9/0x100 [ 2805.317456] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2805.318171] kasan_check_range+0xfd/0x1e0 [ 2805.318684] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2805.319417] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.319920] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.320511] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.321149] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.321755] ? rcu_read_lock_held+0x30/0x50 [ 2805.322218] ? trace_kmalloc+0x3c/0x100 [ 2805.322606] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.323076] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.323655] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.324476] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.325090] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.325613] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.326139] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.326694] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.327336] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.327921] kthread+0x2a7/0x350 [ 2805.328272] ? kthread_complete_and_exit+0x20/0x20 [ 2805.328766] ret_from_fork+0x22/0x30 [ 2805.329165] [ 2805.329414] [ 2805.329600] Allocated by task 117634: [ 2805.329955] kasan_save_stack+0x1e/0x40 [ 2805.330371] __kasan_kmalloc+0x81/0xa0 [ 2805.330760] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.331311] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.331850] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.332546] kthread+0x2a7/0x350 [ 2805.332916] ret_from_fork+0x22/0x30 [ 2805.333373] [ 2805.333550] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.333550] which belongs to the cache kmalloc-16 of size 16 [ 2805.334730] The buggy address is located 8 bytes inside of [ 2805.334730] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.335915] [ 2805.336118] The buggy address belongs to the physical page: [ 2805.336640] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.337635] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.338395] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.339216] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.340026] page dumped because: kasan: bad access detected [ 2805.340611] [ 2805.340812] Memory state around the buggy address: [ 2805.341320] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.342080] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.342880] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.343637] ^ [ 2805.344194] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.344944] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.345687] ================================================================== [ 2805.346487] ================================================================== [ 2805.347223] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2805.348192] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.349031] [ 2805.349213] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.350585] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.351133] Call Trace: [ 2805.351501] [ 2805.351787] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2805.352485] dump_stack_lvl+0x57/0x81 [ 2805.352923] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.353479] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2805.354137] print_report.cold+0x5c/0x237 [ 2805.354580] kasan_report+0xc9/0x100 [ 2805.354971] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2805.355593] kasan_check_range+0xfd/0x1e0 [ 2805.355980] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2805.356626] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.357124] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.357559] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.358015] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.358527] ? rcu_read_lock_held+0x30/0x50 [ 2805.358931] ? trace_kmalloc+0x3c/0x100 [ 2805.359305] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.359758] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.360272] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.360963] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.361521] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.361989] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.362445] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.362939] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.363532] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.364049] kthread+0x2a7/0x350 [ 2805.364374] ? kthread_complete_and_exit+0x20/0x20 [ 2805.364831] ret_from_fork+0x22/0x30 [ 2805.365186] [ 2805.365414] [ 2805.365579] Allocated by task 117634: [ 2805.365992] kasan_save_stack+0x1e/0x40 [ 2805.366367] __kasan_kmalloc+0x81/0xa0 [ 2805.366771] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.367290] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.367764] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.368373] kthread+0x2a7/0x350 [ 2805.368692] ret_from_fork+0x22/0x30 [ 2805.369042] [ 2805.369208] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.369208] which belongs to the cache kmalloc-16 of size 16 [ 2805.370329] The buggy address is located 8 bytes inside of [ 2805.370329] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.371378] [ 2805.371558] The buggy address belongs to the physical page: [ 2805.372094] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.372951] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.373678] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.374419] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.375146] page dumped because: kasan: bad access detected [ 2805.375651] [ 2805.375812] Memory state around the buggy address: [ 2805.376255] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.376950] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.377678] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.378393] ^ [ 2805.378905] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.379652] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.380366] ================================================================== [ 2805.381080] ================================================================== [ 2805.381819] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2805.382740] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.383469] [ 2805.383636] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.384896] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.385442] Call Trace: [ 2805.385707] [ 2805.385911] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2805.386545] dump_stack_lvl+0x57/0x81 [ 2805.386960] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.387513] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2805.388134] print_report.cold+0x5c/0x237 [ 2805.388526] kasan_report+0xc9/0x100 [ 2805.388879] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2805.389507] kasan_check_range+0xfd/0x1e0 [ 2805.389897] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2805.390510] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.391028] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.391464] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.391920] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.392452] ? rcu_read_lock_held+0x30/0x50 [ 2805.392857] ? trace_kmalloc+0x3c/0x100 [ 2805.393261] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.393759] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.394328] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.395182] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.395773] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.396265] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.396736] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.397224] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.397806] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.398300] kthread+0x2a7/0x350 [ 2805.398621] ? kthread_complete_and_exit+0x20/0x20 [ 2805.399082] ret_from_fork+0x22/0x30 [ 2805.399443] [ 2805.399668] [ 2805.399833] Allocated by task 117634: [ 2805.400218] kasan_save_stack+0x1e/0x40 [ 2805.400594] __kasan_kmalloc+0x81/0xa0 [ 2805.400957] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.401470] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.401937] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.402519] kthread+0x2a7/0x350 [ 2805.402839] ret_from_fork+0x22/0x30 [ 2805.403188] [ 2805.403357] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.403357] which belongs to the cache kmalloc-16 of size 16 [ 2805.404499] The buggy address is located 8 bytes inside of [ 2805.404499] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.405717] [ 2805.405897] The buggy address belongs to the physical page: [ 2805.406419] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.407274] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.407911] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.408660] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.409367] page dumped because: kasan: bad access detected [ 2805.409872] [ 2805.410026] Memory state around the buggy address: [ 2805.410478] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.411122] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.411793] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.412479] ^ [ 2805.412997] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.413673] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.414415] ================================================================== [ 2805.415070] ================================================================== [ 2805.415762] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2805.416620] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.417420] [ 2805.417609] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.418879] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.419422] Call Trace: [ 2805.419668] [ 2805.419885] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2805.420505] dump_stack_lvl+0x57/0x81 [ 2805.420861] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.421412] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2805.422026] print_report.cold+0x5c/0x237 [ 2805.422418] kasan_report+0xc9/0x100 [ 2805.422769] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2805.423391] kasan_check_range+0xfd/0x1e0 [ 2805.423777] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2805.424383] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.424865] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.425323] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.425797] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.426327] ? rcu_read_lock_held+0x30/0x50 [ 2805.426724] ? trace_kmalloc+0x3c/0x100 [ 2805.427093] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.427570] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.428102] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.428834] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.429391] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.429916] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.430420] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.430962] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.431525] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.432033] kthread+0x2a7/0x350 [ 2805.432357] ? kthread_complete_and_exit+0x20/0x20 [ 2805.432820] ret_from_fork+0x22/0x30 [ 2805.433151] [ 2805.433383] [ 2805.433564] Allocated by task 117634: [ 2805.433976] kasan_save_stack+0x1e/0x40 [ 2805.434348] __kasan_kmalloc+0x81/0xa0 [ 2805.434737] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.435383] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.435907] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.436447] kthread+0x2a7/0x350 [ 2805.436760] ret_from_fork+0x22/0x30 [ 2805.437119] [ 2805.437290] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.437290] which belongs to the cache kmalloc-16 of size 16 [ 2805.438412] The buggy address is located 8 bytes inside of [ 2805.438412] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.439459] [ 2805.439625] The buggy address belongs to the physical page: [ 2805.440138] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.441107] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.441806] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.442545] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.443253] page dumped because: kasan: bad access detected [ 2805.443796] [ 2805.443976] Memory state around the buggy address: [ 2805.444435] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.445101] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.445805] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.446480] ^ [ 2805.446995] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.447724] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.448375] ================================================================== [ 2805.449013] ================================================================== [ 2805.449690] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2805.450493] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.451215] [ 2805.451413] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.452640] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.453145] Call Trace: [ 2805.453397] [ 2805.453620] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2805.454193] dump_stack_lvl+0x57/0x81 [ 2805.454594] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.455216] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2805.455967] print_report.cold+0x5c/0x237 [ 2805.456419] kasan_report+0xc9/0x100 [ 2805.456811] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2805.457453] kasan_check_range+0xfd/0x1e0 [ 2805.457865] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2805.458490] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.458998] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.459435] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.459931] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.460473] ? rcu_read_lock_held+0x30/0x50 [ 2805.460871] ? trace_kmalloc+0x3c/0x100 [ 2805.461247] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.461730] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.462265] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.462929] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.463455] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.463951] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.464420] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.464945] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.465521] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.466018] kthread+0x2a7/0x350 [ 2805.466337] ? kthread_complete_and_exit+0x20/0x20 [ 2805.466809] ret_from_fork+0x22/0x30 [ 2805.467164] [ 2805.467394] [ 2805.467559] Allocated by task 117634: [ 2805.467911] kasan_save_stack+0x1e/0x40 [ 2805.468282] __kasan_kmalloc+0x81/0xa0 [ 2805.468667] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.469193] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.469686] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.470220] kthread+0x2a7/0x350 [ 2805.470521] ret_from_fork+0x22/0x30 [ 2805.470846] [ 2805.471000] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.471000] which belongs to the cache kmalloc-16 of size 16 [ 2805.472085] The buggy address is located 8 bytes inside of [ 2805.472085] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.473207] [ 2805.473376] The buggy address belongs to the physical page: [ 2805.473947] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.474789] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.475435] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.476146] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.476864] page dumped because: kasan: bad access detected [ 2805.477384] [ 2805.477548] Memory state around the buggy address: [ 2805.477998] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.478774] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.479484] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.480125] ^ [ 2805.480654] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.481348] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.482037] ================================================================== [ 2805.482721] ================================================================== [ 2805.483401] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2805.484257] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.484975] [ 2805.485130] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.486421] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.486992] Call Trace: [ 2805.487268] [ 2805.487516] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2805.488163] dump_stack_lvl+0x57/0x81 [ 2805.488540] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.489081] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2805.489701] print_report.cold+0x5c/0x237 [ 2805.490096] kasan_report+0xc9/0x100 [ 2805.490437] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2805.491040] kasan_check_range+0xfd/0x1e0 [ 2805.491473] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2805.492125] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.492612] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.493070] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.493540] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.494121] ? rcu_read_lock_held+0x30/0x50 [ 2805.494528] ? trace_kmalloc+0x3c/0x100 [ 2805.494901] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.495380] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.495935] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.496641] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.497159] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.497652] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.498125] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.498608] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.499179] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.499677] kthread+0x2a7/0x350 [ 2805.500035] ? kthread_complete_and_exit+0x20/0x20 [ 2805.500552] ret_from_fork+0x22/0x30 [ 2805.500922] [ 2805.501174] [ 2805.501343] Allocated by task 117634: [ 2805.501712] kasan_save_stack+0x1e/0x40 [ 2805.502057] __kasan_kmalloc+0x81/0xa0 [ 2805.502402] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.502925] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.503430] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.503985] kthread+0x2a7/0x350 [ 2805.504324] ret_from_fork+0x22/0x30 [ 2805.504712] [ 2805.504895] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.504895] which belongs to the cache kmalloc-16 of size 16 [ 2805.506069] The buggy address is located 8 bytes inside of [ 2805.506069] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.507130] [ 2805.507301] The buggy address belongs to the physical page: [ 2805.507831] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.508713] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.509376] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.510089] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.510875] page dumped because: kasan: bad access detected [ 2805.511422] [ 2805.511607] Memory state around the buggy address: [ 2805.512061] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.512738] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.513490] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.514288] ^ [ 2805.514894] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.515607] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.516312] ================================================================== [ 2805.517012] ================================================================== [ 2805.517818] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2805.518731] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.519538] [ 2805.519710] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.521027] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.521634] Call Trace: [ 2805.521882] [ 2805.522084] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2805.522704] dump_stack_lvl+0x57/0x81 [ 2805.523080] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.523666] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2805.524301] print_report.cold+0x5c/0x237 [ 2805.524729] kasan_report+0xc9/0x100 [ 2805.525116] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2805.525796] kasan_check_range+0xfd/0x1e0 [ 2805.526226] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2805.526897] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.527384] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.527838] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.528354] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.528910] ? rcu_read_lock_held+0x30/0x50 [ 2805.529344] ? trace_kmalloc+0x3c/0x100 [ 2805.529711] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.530132] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.530613] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.531314] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.531852] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.532370] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.532858] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.533377] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.533996] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.534556] kthread+0x2a7/0x350 [ 2805.534919] ? kthread_complete_and_exit+0x20/0x20 [ 2805.535379] ret_from_fork+0x22/0x30 [ 2805.535732] [ 2805.535956] [ 2805.536120] Allocated by task 117634: [ 2805.536477] kasan_save_stack+0x1e/0x40 [ 2805.536856] __kasan_kmalloc+0x81/0xa0 [ 2805.537194] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.537828] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.538377] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.538912] kthread+0x2a7/0x350 [ 2805.539208] ret_from_fork+0x22/0x30 [ 2805.539622] [ 2805.539776] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.539776] which belongs to the cache kmalloc-16 of size 16 [ 2805.540919] The buggy address is located 8 bytes inside of [ 2805.540919] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.541965] [ 2805.542129] The buggy address belongs to the physical page: [ 2805.542669] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.543593] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.544275] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.544988] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.545707] page dumped because: kasan: bad access detected [ 2805.546224] [ 2805.546392] Memory state around the buggy address: [ 2805.546843] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.547568] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.548278] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.548985] ^ [ 2805.549533] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.550202] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.550873] ================================================================== [ 2805.551553] ================================================================== [ 2805.552227] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2805.553081] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.553877] [ 2805.554042] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.555297] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.555836] Call Trace: [ 2805.556081] [ 2805.556306] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2805.556923] dump_stack_lvl+0x57/0x81 [ 2805.557284] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.557831] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2805.558502] print_report.cold+0x5c/0x237 [ 2805.558924] kasan_report+0xc9/0x100 [ 2805.559322] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2805.559957] kasan_check_range+0xfd/0x1e0 [ 2805.560346] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2805.560988] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2805.561481] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.561922] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.562383] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.562908] ? rcu_read_lock_held+0x30/0x50 [ 2805.563331] ? trace_kmalloc+0x3c/0x100 [ 2805.563727] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.564177] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2805.564802] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.565557] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.566094] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.566582] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.567049] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.567581] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.568153] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.568645] kthread+0x2a7/0x350 [ 2805.568962] ? kthread_complete_and_exit+0x20/0x20 [ 2805.569423] ret_from_fork+0x22/0x30 [ 2805.569777] [ 2805.570001] [ 2805.570166] Allocated by task 117634: [ 2805.570578] kasan_save_stack+0x1e/0x40 [ 2805.570972] __kasan_kmalloc+0x81/0xa0 [ 2805.571339] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.571891] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.572371] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.572945] kthread+0x2a7/0x350 [ 2805.573268] ret_from_fork+0x22/0x30 [ 2805.573616] [ 2805.573780] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.573780] which belongs to the cache kmalloc-16 of size 16 [ 2805.574901] The buggy address is located 8 bytes inside of [ 2805.574901] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.575963] [ 2805.576128] The buggy address belongs to the physical page: [ 2805.576648] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.577590] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.578225] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.578942] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.579658] page dumped because: kasan: bad access detected [ 2805.580175] [ 2805.580348] Memory state around the buggy address: [ 2805.580801] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.581476] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.582144] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.582858] ^ [ 2805.583380] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.584048] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.584720] ================================================================== [ 2805.585405] ================================================================== [ 2805.586079] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2805.587002] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.587714] [ 2805.587879] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.589126] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.589670] Call Trace: [ 2805.589915] [ 2805.590134] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2805.590821] dump_stack_lvl+0x57/0x81 [ 2805.591178] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.591729] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2805.592415] print_report.cold+0x5c/0x237 [ 2805.592800] kasan_report+0xc9/0x100 [ 2805.593150] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2805.593835] kasan_check_range+0xfd/0x1e0 [ 2805.594221] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2805.594895] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.595516] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.595947] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.596403] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.596941] ? rcu_read_lock_held+0x30/0x50 [ 2805.597331] ? trace_kmalloc+0x3c/0x100 [ 2805.597714] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.598164] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.598709] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.599427] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.600009] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.600495] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.600962] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.601448] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.602024] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.602518] kthread+0x2a7/0x350 [ 2805.602839] ? kthread_complete_and_exit+0x20/0x20 [ 2805.603301] ret_from_fork+0x22/0x30 [ 2805.603656] [ 2805.603878] [ 2805.604043] Allocated by task 117634: [ 2805.604400] kasan_save_stack+0x1e/0x40 [ 2805.604767] __kasan_kmalloc+0x81/0xa0 [ 2805.605127] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.605639] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.606105] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.606681] kthread+0x2a7/0x350 [ 2805.606999] ret_from_fork+0x22/0x30 [ 2805.607351] [ 2805.607516] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.607516] which belongs to the cache kmalloc-16 of size 16 [ 2805.608630] The buggy address is located 8 bytes inside of [ 2805.608630] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.609720] [ 2805.609886] The buggy address belongs to the physical page: [ 2805.610406] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.611260] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.611895] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.612614] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.613332] page dumped because: kasan: bad access detected [ 2805.613849] [ 2805.614012] Memory state around the buggy address: [ 2805.614469] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.615138] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.615813] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.616493] ^ [ 2805.617018] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.617691] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.618368] ================================================================== [ 2805.619048] ================================================================== [ 2805.619734] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2805.620663] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.621370] [ 2805.621557] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.622828] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.623371] Call Trace: [ 2805.623618] [ 2805.623834] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2805.624526] dump_stack_lvl+0x57/0x81 [ 2805.624884] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.625433] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2805.626120] print_report.cold+0x5c/0x237 [ 2805.626514] kasan_report+0xc9/0x100 [ 2805.626864] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2805.627560] kasan_check_range+0xfd/0x1e0 [ 2805.627946] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2805.628626] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.629267] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.629681] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.630119] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.630652] ? rcu_read_lock_held+0x30/0x50 [ 2805.631052] ? trace_kmalloc+0x3c/0x100 [ 2805.631425] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.631876] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.632397] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.633084] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.633633] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.634115] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.634585] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.635067] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.635644] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.636130] kthread+0x2a7/0x350 [ 2805.636454] ? kthread_complete_and_exit+0x20/0x20 [ 2805.636909] ret_from_fork+0x22/0x30 [ 2805.637271] [ 2805.637494] [ 2805.637658] Allocated by task 117634: [ 2805.638011] kasan_save_stack+0x1e/0x40 [ 2805.638387] __kasan_kmalloc+0x81/0xa0 [ 2805.638820] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.639413] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.640007] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.640666] kthread+0x2a7/0x350 [ 2805.641021] ret_from_fork+0x22/0x30 [ 2805.641459] [ 2805.641636] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.641636] which belongs to the cache kmalloc-16 of size 16 [ 2805.642930] The buggy address is located 8 bytes inside of [ 2805.642930] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.644107] [ 2805.644289] The buggy address belongs to the physical page: [ 2805.644843] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.645825] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.646569] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.647388] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.648124] page dumped because: kasan: bad access detected [ 2805.648732] [ 2805.648916] Memory state around the buggy address: [ 2805.649425] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.650173] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.650896] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.651650] ^ [ 2805.652227] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.652990] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.653717] ================================================================== [ 2805.654517] ================================================================== [ 2805.655302] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2805.656343] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.657120] [ 2805.657313] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.658798] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.659399] Call Trace: [ 2805.659693] [ 2805.659959] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2805.660835] dump_stack_lvl+0x57/0x81 [ 2805.661233] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.661845] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2805.662619] print_report.cold+0x5c/0x237 [ 2805.663034] kasan_report+0xc9/0x100 [ 2805.663444] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2805.664226] kasan_check_range+0xfd/0x1e0 [ 2805.664663] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2805.665437] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.666100] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.666565] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.667184] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.667788] ? rcu_read_lock_held+0x30/0x50 [ 2805.668360] ? trace_kmalloc+0x3c/0x100 [ 2805.668832] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.669364] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.669977] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.670721] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.671308] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.671828] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.672354] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.672900] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.673524] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.674047] kthread+0x2a7/0x350 [ 2805.674395] ? kthread_complete_and_exit+0x20/0x20 [ 2805.674887] ret_from_fork+0x22/0x30 [ 2805.675292] [ 2805.675542] [ 2805.675737] Allocated by task 117634: [ 2805.676114] kasan_save_stack+0x1e/0x40 [ 2805.676514] __kasan_kmalloc+0x81/0xa0 [ 2805.676900] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.677451] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.677951] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.678594] kthread+0x2a7/0x350 [ 2805.678956] ret_from_fork+0x22/0x30 [ 2805.679334] [ 2805.679512] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.679512] which belongs to the cache kmalloc-16 of size 16 [ 2805.680717] The buggy address is located 8 bytes inside of [ 2805.680717] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.681862] [ 2805.682032] The buggy address belongs to the physical page: [ 2805.682626] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.683563] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.684254] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.685039] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.685867] page dumped because: kasan: bad access detected [ 2805.686428] [ 2805.686619] Memory state around the buggy address: [ 2805.687106] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.687903] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.688661] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.689383] ^ [ 2805.689939] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.690659] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.691381] ================================================================== [ 2805.692112] ================================================================== [ 2805.692847] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2805.693894] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.694689] [ 2805.694867] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.696212] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.696798] Call Trace: [ 2805.697100] [ 2805.697353] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2805.698092] dump_stack_lvl+0x57/0x81 [ 2805.698535] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.699120] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2805.699867] print_report.cold+0x5c/0x237 [ 2805.700288] kasan_report+0xc9/0x100 [ 2805.700663] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2805.701448] kasan_check_range+0xfd/0x1e0 [ 2805.701904] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2805.702637] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.703308] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.703770] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.704303] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.704896] ? rcu_read_lock_held+0x30/0x50 [ 2805.705329] ? trace_kmalloc+0x3c/0x100 [ 2805.705728] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.706214] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.706775] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.707553] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.708130] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.708653] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.709153] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.709675] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.710298] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.710821] kthread+0x2a7/0x350 [ 2805.711165] ? kthread_complete_and_exit+0x20/0x20 [ 2805.711659] ret_from_fork+0x22/0x30 [ 2805.712039] [ 2805.712282] [ 2805.712460] Allocated by task 117634: [ 2805.712839] kasan_save_stack+0x1e/0x40 [ 2805.713237] __kasan_kmalloc+0x81/0xa0 [ 2805.713631] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.714179] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.714708] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.715349] kthread+0x2a7/0x350 [ 2805.715690] ret_from_fork+0x22/0x30 [ 2805.716063] [ 2805.716246] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.716246] which belongs to the cache kmalloc-16 of size 16 [ 2805.717448] The buggy address is located 8 bytes inside of [ 2805.717448] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.718571] [ 2805.718749] The buggy address belongs to the physical page: [ 2805.719306] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.720219] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.720905] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.721677] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.722447] page dumped because: kasan: bad access detected [ 2805.723004] [ 2805.723181] Memory state around the buggy address: [ 2805.723698] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.724441] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.725221] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.726011] ^ [ 2805.726665] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.727373] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.728102] ================================================================== [ 2805.728831] ================================================================== [ 2805.729539] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2805.730573] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.731330] [ 2805.731521] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.732827] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.733437] Call Trace: [ 2805.733701] [ 2805.733918] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2805.734614] dump_stack_lvl+0x57/0x81 [ 2805.734970] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.735564] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2805.736255] print_report.cold+0x5c/0x237 [ 2805.736641] kasan_report+0xc9/0x100 [ 2805.736991] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2805.737686] kasan_check_range+0xfd/0x1e0 [ 2805.738073] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2805.738752] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.739375] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.739806] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.740260] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.740785] ? rcu_read_lock_held+0x30/0x50 [ 2805.741184] ? trace_kmalloc+0x3c/0x100 [ 2805.741562] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.742015] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.742582] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.743301] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.743925] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.744456] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.744943] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.745426] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.746000] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.746537] kthread+0x2a7/0x350 [ 2805.746856] ? kthread_complete_and_exit+0x20/0x20 [ 2805.747339] ret_from_fork+0x22/0x30 [ 2805.747713] [ 2805.747935] [ 2805.748099] Allocated by task 117634: [ 2805.748485] kasan_save_stack+0x1e/0x40 [ 2805.748869] __kasan_kmalloc+0x81/0xa0 [ 2805.749252] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.749783] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.750250] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.750824] kthread+0x2a7/0x350 [ 2805.751143] ret_from_fork+0x22/0x30 [ 2805.751494] [ 2805.751659] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.751659] which belongs to the cache kmalloc-16 of size 16 [ 2805.752777] The buggy address is located 8 bytes inside of [ 2805.752777] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.753908] [ 2805.754084] The buggy address belongs to the physical page: [ 2805.754642] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.755549] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.756229] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.756972] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.757741] page dumped because: kasan: bad access detected [ 2805.758282] [ 2805.758452] Memory state around the buggy address: [ 2805.758920] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.759689] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.760400] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.761081] ^ [ 2805.761627] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.762412] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.763106] ================================================================== [ 2805.763850] ================================================================== [ 2805.764553] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2805.765628] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.766364] [ 2805.766536] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.767839] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.768382] Call Trace: [ 2805.768627] [ 2805.768845] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2805.769580] dump_stack_lvl+0x57/0x81 [ 2805.769949] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.770551] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2805.771283] print_report.cold+0x5c/0x237 [ 2805.771682] kasan_report+0xc9/0x100 [ 2805.772104] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2805.772835] kasan_check_range+0xfd/0x1e0 [ 2805.773253] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2805.773975] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.774705] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.775167] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.775641] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.776205] ? rcu_read_lock_held+0x30/0x50 [ 2805.776621] ? trace_kmalloc+0x3c/0x100 [ 2805.777005] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.777478] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.777993] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.778747] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.779401] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.779914] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.780404] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.780904] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.781516] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.782062] kthread+0x2a7/0x350 [ 2805.782426] ? kthread_complete_and_exit+0x20/0x20 [ 2805.782950] ret_from_fork+0x22/0x30 [ 2805.783311] [ 2805.783528] [ 2805.783687] Allocated by task 117634: [ 2805.784029] kasan_save_stack+0x1e/0x40 [ 2805.784439] __kasan_kmalloc+0x81/0xa0 [ 2805.784829] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.785382] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.785908] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.786508] kthread+0x2a7/0x350 [ 2805.786837] ret_from_fork+0x22/0x30 [ 2805.787262] [ 2805.787433] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.787433] which belongs to the cache kmalloc-16 of size 16 [ 2805.788638] The buggy address is located 8 bytes inside of [ 2805.788638] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.789723] [ 2805.789925] The buggy address belongs to the physical page: [ 2805.790468] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.791349] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.792022] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.792759] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.793525] page dumped because: kasan: bad access detected [ 2805.794120] [ 2805.794342] Memory state around the buggy address: [ 2805.794821] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.795519] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.796212] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.796908] ^ [ 2805.797473] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.798193] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.798871] ================================================================== [ 2805.799559] ================================================================== [ 2805.800234] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2805.801165] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.801896] [ 2805.802076] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.803416] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.803978] Call Trace: [ 2805.804222] [ 2805.804442] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2805.805134] dump_stack_lvl+0x57/0x81 [ 2805.805497] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.806042] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2805.806734] print_report.cold+0x5c/0x237 [ 2805.807121] kasan_report+0xc9/0x100 [ 2805.807497] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2805.808206] kasan_check_range+0xfd/0x1e0 [ 2805.808595] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2805.809277] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.809896] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.810331] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.810784] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.811312] ? rcu_read_lock_held+0x30/0x50 [ 2805.811711] ? trace_kmalloc+0x3c/0x100 [ 2805.812080] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.812535] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.813051] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.813755] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.814303] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.814786] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.815258] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.815739] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.816342] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.816847] kthread+0x2a7/0x350 [ 2805.817166] ? kthread_complete_and_exit+0x20/0x20 [ 2805.817626] ret_from_fork+0x22/0x30 [ 2805.817980] [ 2805.818202] [ 2805.818371] Allocated by task 117634: [ 2805.818749] kasan_save_stack+0x1e/0x40 [ 2805.819094] __kasan_kmalloc+0x81/0xa0 [ 2805.819454] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.819967] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.820452] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.821026] kthread+0x2a7/0x350 [ 2805.821348] ret_from_fork+0x22/0x30 [ 2805.821695] [ 2805.821860] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.821860] which belongs to the cache kmalloc-16 of size 16 [ 2805.822962] The buggy address is located 8 bytes inside of [ 2805.822962] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.824018] [ 2805.824184] The buggy address belongs to the physical page: [ 2805.824719] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.825608] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.826247] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.826996] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.827747] page dumped because: kasan: bad access detected [ 2805.828281] [ 2805.828459] Memory state around the buggy address: [ 2805.828900] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.829568] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.830265] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.830974] ^ [ 2805.831522] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.832147] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.832835] ================================================================== [ 2805.833562] ================================================================== [ 2805.834244] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2805.835217] Read of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.835961] [ 2805.836128] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.837496] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.838059] Call Trace: [ 2805.838351] [ 2805.838587] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2805.839280] dump_stack_lvl+0x57/0x81 [ 2805.839645] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.840189] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2805.840884] print_report.cold+0x5c/0x237 [ 2805.841276] kasan_report+0xc9/0x100 [ 2805.841626] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2805.842363] kasan_check_range+0xfd/0x1e0 [ 2805.842768] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2805.843469] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.844088] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.844523] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.844974] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.845502] ? rcu_read_lock_held+0x30/0x50 [ 2805.845902] ? trace_kmalloc+0x3c/0x100 [ 2805.846280] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.846732] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.847255] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.847948] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.848495] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.848979] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.849452] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.849935] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.850516] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.851003] kthread+0x2a7/0x350 [ 2805.851327] ? kthread_complete_and_exit+0x20/0x20 [ 2805.851784] ret_from_fork+0x22/0x30 [ 2805.852159] [ 2805.852410] [ 2805.852575] Allocated by task 117634: [ 2805.852926] kasan_save_stack+0x1e/0x40 [ 2805.853301] __kasan_kmalloc+0x81/0xa0 [ 2805.853661] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.854169] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.854640] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.855213] kthread+0x2a7/0x350 [ 2805.855552] ret_from_fork+0x22/0x30 [ 2805.855899] [ 2805.856058] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.856058] which belongs to the cache kmalloc-16 of size 16 [ 2805.857250] The buggy address is located 8 bytes inside of [ 2805.857250] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.858395] [ 2805.858566] The buggy address belongs to the physical page: [ 2805.859100] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.860057] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.860778] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.861544] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.862257] page dumped because: kasan: bad access detected [ 2805.862773] [ 2805.862936] Memory state around the buggy address: [ 2805.863395] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.864064] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.864741] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.865442] ^ [ 2805.865945] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.866632] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.867303] ================================================================== [ 2805.867988] ================================================================== [ 2805.868670] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2805.869602] Read of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.870304] [ 2805.870470] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.871719] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.872263] Call Trace: [ 2805.872508] [ 2805.872725] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2805.873421] dump_stack_lvl+0x57/0x81 [ 2805.873778] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.874327] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2805.875016] print_report.cold+0x5c/0x237 [ 2805.875405] kasan_report+0xc9/0x100 [ 2805.875755] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2805.876473] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2805.877173] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.877804] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.878244] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.878697] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.879223] ? rcu_read_lock_held+0x30/0x50 [ 2805.879626] ? trace_kmalloc+0x3c/0x100 [ 2805.879997] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.880481] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.881058] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.881820] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.882404] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.882909] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.883437] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.883988] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.884608] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.885113] kthread+0x2a7/0x350 [ 2805.885450] ? kthread_complete_and_exit+0x20/0x20 [ 2805.885924] ret_from_fork+0x22/0x30 [ 2805.886294] [ 2805.886527] [ 2805.886698] Allocated by task 117634: [ 2805.887066] kasan_save_stack+0x1e/0x40 [ 2805.887452] __kasan_kmalloc+0x81/0xa0 [ 2805.887825] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.888357] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.888839] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.889439] kthread+0x2a7/0x350 [ 2805.889769] ret_from_fork+0x22/0x30 [ 2805.890130] [ 2805.890303] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.890303] which belongs to the cache kmalloc-16 of size 16 [ 2805.891462] The buggy address is located 8 bytes inside of [ 2805.891462] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.892543] [ 2805.892714] The buggy address belongs to the physical page: [ 2805.893252] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.894130] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.894796] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.895542] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.896285] page dumped because: kasan: bad access detected [ 2805.896801] [ 2805.896966] Memory state around the buggy address: [ 2805.897452] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.898142] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.898840] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.899558] ^ [ 2805.900121] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.900817] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.901511] ================================================================== [ 2805.902217] ================================================================== [ 2805.902923] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2805.903921] Write of size 8 at addr ffff888044ccedc8 by task kunit_try_catch/117634 [ 2805.904691] [ 2805.904861] CPU: 0 PID: 117634 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.906190] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.906755] Call Trace: [ 2805.907008] [ 2805.907249] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2805.907976] dump_stack_lvl+0x57/0x81 [ 2805.908349] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.908914] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2805.909671] print_report.cold+0x5c/0x237 [ 2805.910107] kasan_report+0xc9/0x100 [ 2805.910511] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2805.911298] kasan_check_range+0xfd/0x1e0 [ 2805.911697] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2805.912401] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2805.913042] ? kunit_kfree+0x200/0x200 [kunit] [ 2805.913492] ? rcu_read_lock_sched_held+0x12/0x80 [ 2805.913962] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.914508] ? rcu_read_lock_held+0x30/0x50 [ 2805.914920] ? trace_kmalloc+0x3c/0x100 [ 2805.915311] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2805.915809] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2805.916391] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2805.917106] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2805.917668] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.918170] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.918659] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.919157] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.919758] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.920269] kthread+0x2a7/0x350 [ 2805.920621] ? kthread_complete_and_exit+0x20/0x20 [ 2805.921117] ret_from_fork+0x22/0x30 [ 2805.921518] [ 2805.921765] [ 2805.921936] Allocated by task 117634: [ 2805.922306] kasan_save_stack+0x1e/0x40 [ 2805.922687] __kasan_kmalloc+0x81/0xa0 [ 2805.923060] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2805.923592] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.924074] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.924670] kthread+0x2a7/0x350 [ 2805.924999] ret_from_fork+0x22/0x30 [ 2805.925366] [ 2805.925537] The buggy address belongs to the object at ffff888044ccedc0 [ 2805.925537] which belongs to the cache kmalloc-16 of size 16 [ 2805.926695] The buggy address is located 8 bytes inside of [ 2805.926695] 16-byte region [ffff888044ccedc0, ffff888044ccedd0) [ 2805.927906] [ 2805.928077] The buggy address belongs to the physical page: [ 2805.928615] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.929497] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.930158] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.930901] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.931644] page dumped because: kasan: bad access detected [ 2805.932181] [ 2805.932356] Memory state around the buggy address: [ 2805.932824] ffff888044ccec80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2805.933520] ffff888044cced00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.934213] >ffff888044cced80: 00 00 fc fc fa fb fc fc 00 01 fc fc 00 00 fc fc [ 2805.934907] ^ [ 2805.935447] ffff888044ccee00: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2805.936140] ffff888044ccee80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.936836] ================================================================== [ 2805.938209] ok 45 - kasan_bitops_generic [ 2805.942773] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2805.944939] ================================================================== [ 2805.946446] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.947201] Read of size 1 at addr ffff888044cce0a0 by task kunit_try_catch/117636 [ 2805.947909] [ 2805.948076] CPU: 0 PID: 117636 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.949344] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.949890] Call Trace: [ 2805.950146] [ 2805.950366] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.950932] dump_stack_lvl+0x57/0x81 [ 2805.951297] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.951846] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.952400] print_report.cold+0x5c/0x237 [ 2805.952790] kasan_report+0xc9/0x100 [ 2805.953143] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.953698] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.954227] __kasan_check_byte+0x36/0x50 [ 2805.954649] kfree_sensitive+0x1b/0x60 [ 2805.955066] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.955619] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 2805.956110] ? do_raw_spin_trylock+0xb5/0x180 [ 2805.956544] ? do_raw_spin_lock+0x270/0x270 [ 2805.956949] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.957485] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.957973] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.958449] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.958935] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.959519] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.960011] kthread+0x2a7/0x350 [ 2805.960339] ? kthread_complete_and_exit+0x20/0x20 [ 2805.960800] ret_from_fork+0x22/0x30 [ 2805.961158] [ 2805.961389] [ 2805.961557] Allocated by task 117636: [ 2805.961914] kasan_save_stack+0x1e/0x40 [ 2805.962288] __kasan_kmalloc+0x81/0xa0 [ 2805.962652] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 2805.963171] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.963673] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.964275] kthread+0x2a7/0x350 [ 2805.964597] ret_from_fork+0x22/0x30 [ 2805.964948] [ 2805.965115] Freed by task 117636: [ 2805.965450] kasan_save_stack+0x1e/0x40 [ 2805.965822] kasan_set_track+0x21/0x30 [ 2805.966187] kasan_set_free_info+0x20/0x40 [ 2805.966587] __kasan_slab_free+0x108/0x170 [ 2805.966981] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.967434] kfree+0xe2/0x3c0 [ 2805.967736] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 2805.968267] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.968738] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.969323] kthread+0x2a7/0x350 [ 2805.969645] ret_from_fork+0x22/0x30 [ 2805.969999] [ 2805.970165] The buggy address belongs to the object at ffff888044cce0a0 [ 2805.970165] which belongs to the cache kmalloc-16 of size 16 [ 2805.971298] The buggy address is located 0 bytes inside of [ 2805.971298] 16-byte region [ffff888044cce0a0, ffff888044cce0b0) [ 2805.972355] [ 2805.972522] The buggy address belongs to the physical page: [ 2805.973044] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2805.973909] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2805.974559] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2805.975326] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2805.976043] page dumped because: kasan: bad access detected [ 2805.976651] [ 2805.976878] Memory state around the buggy address: [ 2805.977447] ffff888044ccdf80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2805.978146] ffff888044cce000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2805.978965] >ffff888044cce080: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2805.979643] ^ [ 2805.980030] ffff888044cce100: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2805.980769] ffff888044cce180: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2805.981502] ================================================================== [ 2805.982388] ================================================================== [ 2805.983074] BUG: KASAN: double-free or invalid-free in kfree+0xe2/0x3c0 [ 2805.983762] [ 2805.983929] CPU: 0 PID: 117636 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2805.985236] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2805.985788] Call Trace: [ 2805.986036] [ 2805.986278] dump_stack_lvl+0x57/0x81 [ 2805.986664] print_address_description.constprop.0+0x1f/0x1e0 [ 2805.987213] print_report.cold+0x5c/0x237 [ 2805.987607] ? kfree+0xe2/0x3c0 [ 2805.987924] ? kfree+0xe2/0x3c0 [ 2805.988244] kasan_report_invalid_free+0x99/0xc0 [ 2805.988694] ? kfree+0xe2/0x3c0 [ 2805.989010] ? kfree+0xe2/0x3c0 [ 2805.989332] __kasan_slab_free+0x152/0x170 [ 2805.989727] slab_free_freelist_hook+0x11d/0x1d0 [ 2805.990176] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.990733] kfree+0xe2/0x3c0 [ 2805.991035] ? __kasan_check_byte+0x36/0x50 [ 2805.991442] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2805.991971] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 2805.992446] ? do_raw_spin_trylock+0xb5/0x180 [ 2805.992871] ? do_raw_spin_lock+0x270/0x270 [ 2805.993282] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2805.993811] ? kunit_add_resource+0x197/0x280 [kunit] [ 2805.994302] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2805.994772] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2805.995266] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2805.995887] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2805.996381] kthread+0x2a7/0x350 [ 2805.996703] ? kthread_complete_and_exit+0x20/0x20 [ 2805.997164] ret_from_fork+0x22/0x30 [ 2805.997567] [ 2805.997792] [ 2805.997959] Allocated by task 117636: [ 2805.998341] kasan_save_stack+0x1e/0x40 [ 2805.998732] __kasan_kmalloc+0x81/0xa0 [ 2805.999097] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 2805.999661] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2806.000131] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2806.000752] kthread+0x2a7/0x350 [ 2806.001072] ret_from_fork+0x22/0x30 [ 2806.001427] [ 2806.001593] Freed by task 117636: [ 2806.001918] kasan_save_stack+0x1e/0x40 [ 2806.002323] kasan_set_track+0x21/0x30 [ 2806.002699] kasan_set_free_info+0x20/0x40 [ 2806.003085] __kasan_slab_free+0x108/0x170 [ 2806.003494] slab_free_freelist_hook+0x11d/0x1d0 [ 2806.003968] kfree+0xe2/0x3c0 [ 2806.004306] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 2806.004841] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2806.005314] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2806.005911] kthread+0x2a7/0x350 [ 2806.006230] ret_from_fork+0x22/0x30 [ 2806.006584] [ 2806.006750] The buggy address belongs to the object at ffff888044cce0a0 [ 2806.006750] which belongs to the cache kmalloc-16 of size 16 [ 2806.007874] The buggy address is located 0 bytes inside of [ 2806.007874] 16-byte region [ffff888044cce0a0, ffff888044cce0b0) [ 2806.008929] [ 2806.009096] The buggy address belongs to the physical page: [ 2806.009621] page:000000003635e3b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44cce [ 2806.010480] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2806.011119] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2806.011839] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2806.012560] page dumped because: kasan: bad access detected [ 2806.013079] [ 2806.013249] Memory state around the buggy address: [ 2806.013703] ffff888044ccdf80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2806.014381] ffff888044cce000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2806.015054] >ffff888044cce080: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2806.015730] ^ [ 2806.016143] ffff888044cce100: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2806.016820] ffff888044cce180: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2806.017499] ================================================================== [ 2806.018266] ok 47 - kmalloc_double_kzfree [ 2806.019741] ok 48 - vmalloc_helpers_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2806.021857] ================================================================== [ 2806.023363] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2806.024095] Read of size 1 at addr ffffc900000797f3 by task kunit_try_catch/117639 [ 2806.024813] [ 2806.024970] CPU: 0 PID: 117639 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2806.026276] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2806.026888] Call Trace: [ 2806.027161] [ 2806.027373] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2806.027874] dump_stack_lvl+0x57/0x81 [ 2806.028225] print_address_description.constprop.0+0x1f/0x1e0 [ 2806.028781] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2806.029235] print_report.cold+0x5c/0x237 [ 2806.029668] kasan_report+0xc9/0x100 [ 2806.030065] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2806.030550] vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2806.030974] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 2806.031549] ? do_raw_spin_trylock+0xb5/0x180 [ 2806.031973] ? do_raw_spin_lock+0x270/0x270 [ 2806.032387] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2806.032913] ? kunit_add_resource+0x197/0x280 [kunit] [ 2806.033404] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2806.033875] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2806.034363] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2806.034941] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2806.035439] kthread+0x2a7/0x350 [ 2806.035760] ? kthread_complete_and_exit+0x20/0x20 [ 2806.036219] ret_from_fork+0x22/0x30 [ 2806.036579] [ 2806.036804] [ 2806.036971] The buggy address belongs to the virtual mapping at [ 2806.036971] [ffffc90000079000, ffffc9000007b000) created by: [ 2806.036971] vmalloc_oob+0x78/0x5e0 [test_kasan] [ 2806.038452] [ 2806.038618] The buggy address belongs to the physical page: [ 2806.039135] page:00000000aca535da refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4881f [ 2806.039992] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2806.040599] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2806.041321] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2806.042032] page dumped because: kasan: bad access detected [ 2806.042556] [ 2806.042740] Memory state around the buggy address: [ 2806.043218] ffffc90000079680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2806.043931] ffffc90000079700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2806.044605] >ffffc90000079780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 2806.045279] ^ [ 2806.045940] ffffc90000079800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2806.046650] ffffc90000079880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2806.047343] ================================================================== [ 2806.048135] ================================================================== [ 2806.048872] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2806.049656] Read of size 1 at addr ffffc900000797f8 by task kunit_try_catch/117639 [ 2806.050391] [ 2806.050580] CPU: 0 PID: 117639 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-236.1888_749431169.el9.x86_64+debug #1 [ 2806.051850] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2806.052424] Call Trace: [ 2806.052692] [ 2806.052933] ? vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2806.053431] dump_stack_lvl+0x57/0x81 [ 2806.053792] print_address_description.constprop.0+0x1f/0x1e0 [ 2806.054344] ? vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2806.054841] print_report.cold+0x5c/0x237 [ 2806.055229] kasan_report+0xc9/0x100 [ 2806.055591] ? vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2806.056043] vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2806.056487] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 2806.057055] ? do_raw_spin_trylock+0xb5/0x180 [ 2806.057484] ? do_raw_spin_lock+0x270/0x270 [ 2806.057891] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2806.058422] ? kunit_add_resource+0x197/0x280 [kunit] [ 2806.058909] kunit_try_run_case+0x10b/0x1a0 [kunit] [ 2806.059382] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2806.059903] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit] [ 2806.060608] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2806.061097] kthread+0x2a7/0x350 [ 2806.061447] ? kthread_complete_and_exit+0x20/0x20 [ 2806.061930] ret_from_fork+0x22/0x30 [ 2806.062296] [ 2806.062556] [ 2806.062723] The buggy address belongs to the virtual mapping at [ 2806.062723] [ffffc90000079000, ffffc9000007b000) created by: [ 2806.062723] vmalloc_oob+0x78/0x5e0 [test_kasan] [ 2806.064296] [ 2806.064464] The buggy address belongs to the physical page: [ 2806.064986] page:00000000aca535da refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4881f [ 2806.065827] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2806.066424] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2806.067195] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2806.067954] page dumped because: kasan: bad access detected [ 2806.068480] [ 2806.068677] Memory state around the buggy address: [ 2806.069132] ffffc90000079680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2806.069808] ffffc90000079700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2806.070490] >ffffc90000079780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 2806.071143] ^ [ 2806.071824] ffffc90000079800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2806.072498] ffffc90000079880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2806.073169] ================================================================== [ 2806.140116] ok 49 - vmalloc_oob [ 2806.142511] ok 50 - vmap_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2806.145810] ok 51 - vm_map_ram_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2806.147795] ok 52 - vmalloc_percpu # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2806.150787] ok 53 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2806.152827] ok 54 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2806.154846] ok 55 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2806.155822] ok 20 - kasan [ 2806.239234] systemd-journald[564]: Data hash table of /run/log/journal/887511893f4f45e88c059c0add2cf190/system.journal has a fill level at 75.0 (7003 of 9336 items, 5378048 file size, 767 bytes per hash table item), suggesting rotation. [ 2806.290815] systemd-journald[564]: /run/log/journal/887511893f4f45e88c059c0add2cf190/system.journal: Journal header limits reached or header out-of-date, rotating. [ 2806.439115] # Subtest: linear-ranges-test [ 2806.439122] 1..4 [ 2806.441746] ok 1 - range_test_get_value_amount [ 2806.444810] ok 2 - range_test_get_selector_high [ 2806.445544] ok 3 - range_test_get_selector_low [ 2806.447767] ok 4 - range_test_get_value [ 2806.448288] ok 21 - linear-ranges-test [ 2806.549813] # Subtest: list_sort [ 2806.549820] 1..1 [ 2806.565041] ok 1 - list_sort_test [ 2806.565343] ok 22 - list_sort [ 2806.829295] # Subtest: time_test_cases [ 2806.829302] 1..1 [ 2810.824120] ok 1 - time64_to_tm_test_date_range [ 2810.824474] ok 23 - time_test_cases