[ 2297.952745] # Subtest: bitfields
[ 2297.952767] 1..2
[ 2297.956134] ok 1 - test_bitfields_constants
[ 2297.956664] ok 2 - test_bitfields_variables
[ 2297.957219] ok 1 - bitfields
[ 2298.442134] # Subtest: cmdline
[ 2298.442146] 1..4
[ 2298.442756] ok 1 - cmdline_test_noint
[ 2298.443678] ok 2 - cmdline_test_lead_int
[ 2298.444605] ok 3 - cmdline_test_tail_int
[ 2298.445559] ok 4 - cmdline_test_range
[ 2298.446187] ok 2 - cmdline
[ 2299.043290] # Subtest: ext4_inode_test
[ 2299.043305] 1..1
[ 2299.044623] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits
[ 2299.045922] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits
[ 2299.047813] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits
[ 2299.049839] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits
[ 2299.051706] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on
[ 2299.053616] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on
[ 2299.055628] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on
[ 2299.057551] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on
[ 2299.059418] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on
[ 2299.061528] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on
[ 2299.063522] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on
[ 2299.065454] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on
[ 2299.067482] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns
[ 2299.069416] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns
[ 2299.071558] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on
[ 2299.073554] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on
[ 2299.074929] ok 1 - inode_test_xtimestamp_decoding
[ 2299.076327] ok 3 - ext4_inode_test
[ 2300.150173] # Subtest: kunit-try-catch-test
[ 2300.150188] 1..2
[ 2300.151774] ok 1 - kunit_test_try_catch_successful_try_no_catch
[ 2300.152722] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch
[ 2300.153437] ok 4 - kunit-try-catch-test
[ 2300.155504] # Subtest: kunit-resource-test
[ 2300.155510] 1..7
[ 2300.156663] ok 1 - kunit_resource_test_init_resources
[ 2300.157729] ok 2 - kunit_resource_test_alloc_resource
[ 2300.158719] ok 3 - kunit_resource_test_destroy_resource
[ 2300.160230] ok 4 - kunit_resource_test_cleanup_resources
[ 2300.161412] ok 5 - kunit_resource_test_proper_free_ordering
[ 2300.162467] ok 6 - kunit_resource_test_static
[ 2300.163817] ok 7 - kunit_resource_test_named
[ 2300.164884] ok 5 - kunit-resource-test
[ 2300.166550] # Subtest: kunit-log-test
[ 2300.166557] 1..1
[ 2300.167662] put this in log.
[ 2300.167916] this too.
[ 2300.168352] add to suite log.
[ 2300.168592] along with this.
[ 2300.169520] ok 1 - kunit_log_test
[ 2300.169837] ok 6 - kunit-log-test
[ 2300.170767] # Subtest: kunit_status
[ 2300.170772] 1..2
[ 2300.172264] ok 1 - kunit_status_set_failure_test
[ 2300.172850] ok 2 - kunit_status_mark_skipped_test
[ 2300.173394] ok 7 - kunit_status
[ 2300.342985] # Subtest: rtc_lib_test_cases
[ 2300.342992] 1..1
[ 2304.138759] ok 1 - rtc_time64_to_tm_test_date_range
[ 2304.139138] ok 8 - rtc_lib_test_cases
[ 2304.343835] # Subtest: list-kunit-test
[ 2304.343845] 1..36
[ 2304.344798] ok 1 - list_test_list_init
[ 2304.345585] ok 2 - list_test_list_add
[ 2304.346455] ok 3 - list_test_list_add_tail
[ 2304.347336] ok 4 - list_test_list_del
[ 2304.348312] ok 5 - list_test_list_replace
[ 2304.349220] ok 6 - list_test_list_replace_init
[ 2304.350254] ok 7 - list_test_list_swap
[ 2304.351348] ok 8 - list_test_list_del_init
[ 2304.352321] ok 9 - list_test_list_move
[ 2304.353241] ok 10 - list_test_list_move_tail
[ 2304.354214] ok 11 - list_test_list_bulk_move_tail
[ 2304.355209] ok 12 - list_test_list_is_first
[ 2304.356384] ok 13 - list_test_list_is_last
[ 2304.357355] ok 14 - list_test_list_empty
[ 2304.358409] ok 15 - list_test_list_empty_careful
[ 2304.359320] ok 16 - list_test_list_rotate_left
[ 2304.360358] ok 17 - list_test_list_rotate_to_front
[ 2304.361322] ok 18 - list_test_list_is_singular
[ 2304.362426] ok 19 - list_test_list_cut_position
[ 2304.363313] ok 20 - list_test_list_cut_before
[ 2304.364523] ok 21 - list_test_list_splice
[ 2304.365395] ok 22 - list_test_list_splice_tail
[ 2304.366575] ok 23 - list_test_list_splice_init
[ 2304.367397] ok 24 - list_test_list_splice_tail_init
[ 2304.368581] ok 25 - list_test_list_entry
[ 2304.369528] ok 26 - list_test_list_first_entry
[ 2304.370661] ok 27 - list_test_list_last_entry
[ 2304.371643] ok 28 - list_test_list_first_entry_or_null
[ 2304.372716] ok 29 - list_test_list_next_entry
[ 2304.373792] ok 30 - list_test_list_prev_entry
[ 2304.375064] ok 31 - list_test_list_for_each
[ 2304.375812] ok 32 - list_test_list_for_each_prev
[ 2304.377121] ok 33 - list_test_list_for_each_safe
[ 2304.377822] ok 34 - list_test_list_for_each_prev_safe
[ 2304.379076] ok 35 - list_test_list_for_each_entry
[ 2304.379828] ok 36 - list_test_list_for_each_entry_reverse
[ 2304.380612] ok 9 - list-kunit-test
[ 2304.489689] # Subtest: memcpy
[ 2304.489696] 1..4
[ 2304.490415] # memset_test: ok: memset() direct assignment
[ 2304.491190] # memset_test: ok: memset() complete overwrite
[ 2304.491703] # memset_test: ok: memset() middle overwrite
[ 2304.492238] # memset_test: ok: memset() argument side-effects
[ 2304.492770] # memset_test: ok: memset() memset_after()
[ 2304.493265] # memset_test: ok: memset() memset_startat()
[ 2304.494611] ok 1 - memset_test
[ 2304.494930] # memcpy_test: ok: memcpy() static initializers
[ 2304.495787] # memcpy_test: ok: memcpy() direct assignment
[ 2304.496340] # memcpy_test: ok: memcpy() complete overwrite
[ 2304.496875] # memcpy_test: ok: memcpy() middle overwrite
[ 2304.497378] # memcpy_test: ok: memcpy() argument side-effects
[ 2304.498784] ok 2 - memcpy_test
[ 2304.499265] # memmove_test: ok: memmove() static initializers
[ 2304.500545] # memmove_test: ok: memmove() direct assignment
[ 2304.501155] # memmove_test: ok: memmove() complete overwrite
[ 2304.501712] # memmove_test: ok: memmove() middle overwrite
[ 2304.502272] # memmove_test: ok: memmove() argument side-effects
[ 2304.502849] # memmove_test: ok: memmove() overlapping write
[ 2304.504513] ok 3 - memmove_test
[ 2304.504974] ok 4 - strtomem_test
[ 2304.505386] ok 10 - memcpy
[ 2304.622511] # Subtest: mptcp-crypto
[ 2304.622518] 1..1
[ 2304.629041] ok 1 - mptcp_crypto_test_basic
[ 2304.629272] ok 11 - mptcp-crypto
[ 2304.754153] # Subtest: mptcp-token
[ 2304.754160] 1..4
[ 2304.757910] ok 1 - mptcp_token_test_req_basic
[ 2304.760474] ok 2 - mptcp_token_test_msk_basic
[ 2304.761357] ok 3 - mptcp_token_test_accept
[ 2304.762535] ok 4 - mptcp_token_test_destroyed
[ 2304.763055] ok 12 - mptcp-token
[ 2305.056438] # Subtest: rational
[ 2305.056446] 1..1
[ 2305.057233] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term
[ 2305.057784] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term
[ 2305.059172] # rational_test: ok 3 - Closest to zero
[ 2305.060263] # rational_test: ok 4 - Closest to smallest non-zero
[ 2305.061736] # rational_test: ok 5 - Use convergent
[ 2305.063117] # rational_test: ok 6 - Exact answer
[ 2305.064518] # rational_test: ok 7 - Semiconvergent, numerator limit
[ 2305.065438] # rational_test: ok 8 - Semiconvergent, denominator limit
[ 2305.066323] ok 1 - rational_test
[ 2305.067019] ok 13 - rational
[ 2305.179699] # Subtest: resource
[ 2305.179706] 1..2
[ 2305.180570] ok 1 - resource_test_union
[ 2305.181333] ok 2 - resource_test_intersection
[ 2305.181753] ok 14 - resource
[ 2305.316826] # Subtest: slub_test
[ 2305.316839] 1..2
[ 2305.353033] ok 1 - test_clobber_zone
[ 2305.358513] ok 2 - test_clobber_redzone_free
[ 2305.358958] ok 15 - slub_test
[ 2305.575809] # Subtest: snd_soc_tplg_test
[ 2305.575820] 1..11
[ 2305.578828] ok 1 - snd_soc_tplg_test_load_with_null_comp
[ 2305.583408] ok 2 - snd_soc_tplg_test_load_with_null_ops
[ 2305.586361] ok 3 - snd_soc_tplg_test_load_with_null_fw
[ 2305.592490] ok 4 - snd_soc_tplg_test_load_empty_tplg
[ 2305.596346] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic
[ 2305.599382] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi
[ 2305.602361] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size
[ 2305.605517] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size
[ 2305.610126] ok 9 - snd_soc_tplg_test_load_pcm_tplg
[ 2305.613249] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp
[ 2305.622101] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.630134] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.671637] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.675647] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.699534] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.702635] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.723908] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.727648] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.749423] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.752666] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.775268] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.778644] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.805589] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.809596] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.832428] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.835730] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.858566] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.863174] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.884437] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.886225] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.919445] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.934793] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.966187] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2305.970592] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2305.997686] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.001688] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.037730] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.039542] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.066565] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.073602] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.092442] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.096662] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.121642] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.125612] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.152149] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.155693] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.182172] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.185722] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.206822] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.210601] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.236716] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.238524] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.261294] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.267592] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.289338] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.301621] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.328173] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.331602] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.351593] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.355588] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.383345] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.386756] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.412807] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.416604] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.445310] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.448614] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.468814] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.474339] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.494491] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.498574] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.520677] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.525800] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.547781] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.551582] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.573604] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.578689] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.598242] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.601559] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.622680] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.626460] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.661808] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.674691] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.698945] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.702580] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.723397] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.727646] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.750362] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.752193] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.779074] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.781073] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.803442] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.807544] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.828208] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.832519] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.858298] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.862182] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.888166] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.891528] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.912059] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.913793] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.942724] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.946512] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2306.969371] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2306.972520] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.001071] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.012690] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.034297] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.037561] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.063504] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.067671] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.088467] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.092662] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.115778] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.120512] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.142554] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.145498] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.165734] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.169586] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.189791] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.193524] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.213406] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.217517] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.243337] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.246604] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.274701] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.278636] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.299497] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.303544] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.330451] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.333574] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.354312] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.357523] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.382759] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.386505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.408788] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.410525] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.438668] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.444347] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.471531] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.476617] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.498611] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.503627] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.528546] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.530702] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.558251] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.561596] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.583901] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.585622] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.609031] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.612567] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.632775] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.637527] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.661914] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.663647] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.690981] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.695511] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.714715] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.718516] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.740327] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.746133] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.766136] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.771236] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.793464] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.795391] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.822692] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.826547] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.850472] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.854419] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.884113] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.885770] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.911940] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.913576] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.935417] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.938482] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.959731] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.965296] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2307.986481] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2307.990762] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.012699] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.016474] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.036642] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.040455] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.060908] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.064474] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.089440] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.094672] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.123750] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.127789] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.150719] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.155978] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.176097] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.179469] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.200715] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.204534] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.226732] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.231517] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.254728] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.269657] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.297218] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.300577] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.321596] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.325464] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.346015] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.350488] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.370429] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.374226] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.399070] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.402461] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.423702] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2308.428538] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2308.449542] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card
[ 2308.449559] ok 16 - snd_soc_tplg_test
[ 2308.739103] # Subtest: soc-utils
[ 2308.739112] 1..1
[ 2308.751995] ok 1 - test_tdm_params_to_bclk
[ 2308.752232] ok 17 - soc-utils
[ 2309.397162] # Subtest: sysctl_test
[ 2309.397172] 1..10
[ 2309.399989] ok 1 - sysctl_test_api_dointvec_null_tbl_data
[ 2309.401976] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset
[ 2309.405021] ok 3 - sysctl_test_api_dointvec_table_len_is_zero
[ 2309.408413] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set
[ 2309.411021] ok 5 - sysctl_test_dointvec_read_happy_single_positive
[ 2309.414094] ok 6 - sysctl_test_dointvec_read_happy_single_negative
[ 2309.417232] ok 7 - sysctl_test_dointvec_write_happy_single_positive
[ 2309.419987] ok 8 - sysctl_test_dointvec_write_happy_single_negative
[ 2309.424055] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min
[ 2309.428682] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max
[ 2309.429432] ok 18 - sysctl_test
[ 2309.667393] # Subtest: bits-test
[ 2309.667403] 1..3
[ 2309.671126] ok 1 - genmask_test
[ 2309.673989] ok 2 - genmask_ull_test
[ 2309.676022] ok 3 - genmask_input_check_test
[ 2309.676476] ok 19 - bits-test
[ 2310.798776] # Subtest: kasan
[ 2310.798803] 1..55
[ 2310.801960] ==================================================================
[ 2310.802825] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2310.803542] Write of size 1 at addr ffff888004943a73 by task kunit_try_catch/48109
[ 2310.804356] CPU: 0 PID: 48109 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2310.805280] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2310.805833] Call Trace:
[ 2310.806116]
[ 2310.806318] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2310.806785] dump_stack_lvl+0x57/0x81
[ 2310.807203] print_address_description.constprop.0+0x1f/0x1e0
[ 2310.807732] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2310.808202] print_report.cold+0x5c/0x237
[ 2310.808584] kasan_report+0xc9/0x100
[ 2310.808905] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2310.809374] kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2310.809892] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 2310.810405] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 2310.810938] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2310.811432] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2310.811875] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.812307] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2310.812748] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.813312] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2310.813815] kthread+0x2a7/0x350
[ 2310.814195] ? kthread_complete_and_exit+0x20/0x20
[ 2310.814650] ret_from_fork+0x22/0x30
[ 2310.815014]
[ 2310.815403] Allocated by task 48109:
[ 2310.815757] kasan_save_stack+0x1e/0x40
[ 2310.816122] __kasan_kmalloc+0x81/0xa0
[ 2310.816483] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 2310.816927] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.817349] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.817873] kthread+0x2a7/0x350
[ 2310.818163] ret_from_fork+0x22/0x30
[ 2310.818689] Last potentially related work creation:
[ 2310.819115] kasan_save_stack+0x1e/0x40
[ 2310.819452] __kasan_record_aux_stack+0x96/0xb0
[ 2310.819849] kvfree_call_rcu+0x7d/0x840
[ 2310.820195] drop_sysctl_table+0x338/0x460
[ 2310.820575] unregister_sysctl_table+0x9c/0x180
[ 2310.820976] devinet_exit_net+0x6d/0x270
[ 2310.821335] ops_exit_list+0x9c/0x170
[ 2310.821670] cleanup_net+0x42b/0x9a0
[ 2310.821988] process_one_work+0x8e5/0x1520
[ 2310.822348] worker_thread+0x59e/0xf90
[ 2310.822675] kthread+0x2a7/0x350
[ 2310.822983] ret_from_fork+0x22/0x30
[ 2310.823483] Second to last potentially related work creation:
[ 2310.824009] kasan_save_stack+0x1e/0x40
[ 2310.824368] __kasan_record_aux_stack+0x96/0xb0
[ 2310.824760] kvfree_call_rcu+0x7d/0x840
[ 2310.825100] dma_resv_reserve_fences+0x35d/0x680
[ 2310.825548] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2310.826042] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2310.826532] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2310.827122] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2310.827745] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2310.828397] process_one_work+0x8e5/0x1520
[ 2310.828815] worker_thread+0x59e/0xf90
[ 2310.829197] kthread+0x2a7/0x350
[ 2310.829484] ret_from_fork+0x22/0x30
[ 2310.830154] The buggy address belongs to the object at ffff888004943a00
which belongs to the cache kmalloc-128 of size 128
[ 2310.831199] The buggy address is located 115 bytes inside of
128-byte region [ffff888004943a00, ffff888004943a80)
[ 2310.832323] The buggy address belongs to the physical page:
[ 2310.832798] page:00000000b1b3ec3f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4943
[ 2310.833585] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2310.834182] raw: 000fffffc0000200 ffffea0000696800 dead000000000002 ffff8881000418c0
[ 2310.834833] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2310.835539] page dumped because: kasan: bad access detected
[ 2310.836212] Memory state around the buggy address:
[ 2310.836641] ffff888004943900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2310.837283] ffff888004943980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.837973] >ffff888004943a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 2310.838580] ^
[ 2310.839160] ffff888004943a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.839766] ffff888004943b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2310.840386] ==================================================================
[ 2310.841147] Disabling lock debugging due to kernel taint
[ 2310.841612] ==================================================================
[ 2310.842241] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2310.842950] Write of size 1 at addr ffff888004943a78 by task kunit_try_catch/48109
[ 2310.843773] CPU: 0 PID: 48109 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2310.844902] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2310.845452] Call Trace:
[ 2310.845676]
[ 2310.845873] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2310.846369] dump_stack_lvl+0x57/0x81
[ 2310.846716] print_address_description.constprop.0+0x1f/0x1e0
[ 2310.847215] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2310.847677] print_report.cold+0x5c/0x237
[ 2310.848033] kasan_report+0xc9/0x100
[ 2310.848351] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2310.848813] kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2310.849269] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 2310.849727] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 2310.850236] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2310.850713] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2310.851156] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.851600] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2310.852075] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.852596] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2310.853045] kthread+0x2a7/0x350
[ 2310.853334] ? kthread_complete_and_exit+0x20/0x20
[ 2310.853748] ret_from_fork+0x22/0x30
[ 2310.854110]
[ 2310.854488] Allocated by task 48109:
[ 2310.854802] kasan_save_stack+0x1e/0x40
[ 2310.855144] __kasan_kmalloc+0x81/0xa0
[ 2310.855471] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 2310.855918] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.856342] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.856893] kthread+0x2a7/0x350
[ 2310.857207] ret_from_fork+0x22/0x30
[ 2310.857742] Last potentially related work creation:
[ 2310.858200] kasan_save_stack+0x1e/0x40
[ 2310.858557] __kasan_record_aux_stack+0x96/0xb0
[ 2310.858979] kvfree_call_rcu+0x7d/0x840
[ 2310.859334] drop_sysctl_table+0x338/0x460
[ 2310.859714] unregister_sysctl_table+0x9c/0x180
[ 2310.860225] devinet_exit_net+0x6d/0x270
[ 2310.860597] ops_exit_list+0x9c/0x170
[ 2310.860943] cleanup_net+0x42b/0x9a0
[ 2310.861276] process_one_work+0x8e5/0x1520
[ 2310.861653] worker_thread+0x59e/0xf90
[ 2310.862006] kthread+0x2a7/0x350
[ 2310.862311] ret_from_fork+0x22/0x30
[ 2310.862799] Second to last potentially related work creation:
[ 2310.863336] kasan_save_stack+0x1e/0x40
[ 2310.863672] __kasan_record_aux_stack+0x96/0xb0
[ 2310.864118] kvfree_call_rcu+0x7d/0x840
[ 2310.864502] dma_resv_reserve_fences+0x35d/0x680
[ 2310.864940] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2310.865418] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2310.866116] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2310.866647] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2310.867258] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2310.867857] process_one_work+0x8e5/0x1520
[ 2310.868303] worker_thread+0x59e/0xf90
[ 2310.868670] kthread+0x2a7/0x350
[ 2310.869058] ret_from_fork+0x22/0x30
[ 2310.869547] The buggy address belongs to the object at ffff888004943a00
which belongs to the cache kmalloc-128 of size 128
[ 2310.870673] The buggy address is located 120 bytes inside of
128-byte region [ffff888004943a00, ffff888004943a80)
[ 2310.871851] The buggy address belongs to the physical page:
[ 2310.872401] page:00000000b1b3ec3f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4943
[ 2310.873239] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2310.873874] raw: 000fffffc0000200 ffffea0000696800 dead000000000002 ffff8881000418c0
[ 2310.874613] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2310.875355] page dumped because: kasan: bad access detected
[ 2310.875996] Memory state around the buggy address:
[ 2310.876445] ffff888004943900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2310.877080] ffff888004943980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.877687] >ffff888004943a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 2310.878297] ^
[ 2310.878897] ffff888004943a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.879544] ffff888004943b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2310.880189] ==================================================================
[ 2310.880820] ==================================================================
[ 2310.881469] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2310.882207] Read of size 1 at addr ffff888004943a80 by task kunit_try_catch/48109
[ 2310.882987] CPU: 0 PID: 48109 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2310.884169] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2310.884656] Call Trace:
[ 2310.884878]
[ 2310.885080] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2310.885543] dump_stack_lvl+0x57/0x81
[ 2310.885867] print_address_description.constprop.0+0x1f/0x1e0
[ 2310.886463] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2310.886932] print_report.cold+0x5c/0x237
[ 2310.887309] kasan_report+0xc9/0x100
[ 2310.887662] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2310.888129] kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2310.888578] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 2310.889105] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 2310.889599] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2310.890192] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2310.890631] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.891098] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2310.891561] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.892090] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2310.892535] kthread+0x2a7/0x350
[ 2310.892825] ? kthread_complete_and_exit+0x20/0x20
[ 2310.893247] ret_from_fork+0x22/0x30
[ 2310.893570]
[ 2310.893924] Allocated by task 48109:
[ 2310.894247] kasan_save_stack+0x1e/0x40
[ 2310.894584] __kasan_kmalloc+0x81/0xa0
[ 2310.894952] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 2310.895410] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.895919] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.896465] kthread+0x2a7/0x350
[ 2310.896780] ret_from_fork+0x22/0x30
[ 2310.897278] Last potentially related work creation:
[ 2310.897740] kasan_save_stack+0x1e/0x40
[ 2310.898139] __kasan_record_aux_stack+0x96/0xb0
[ 2310.898533] kvfree_call_rcu+0x7d/0x840
[ 2310.898866] drop_sysctl_table+0x338/0x460
[ 2310.899236] unregister_sysctl_table+0x9c/0x180
[ 2310.899630] devinet_exit_net+0x6d/0x270
[ 2310.900029] ops_exit_list+0x9c/0x170
[ 2310.900373] cleanup_net+0x42b/0x9a0
[ 2310.900686] process_one_work+0x8e5/0x1520
[ 2310.901053] worker_thread+0x59e/0xf90
[ 2310.901380] kthread+0x2a7/0x350
[ 2310.901667] ret_from_fork+0x22/0x30
[ 2310.902137] Second to last potentially related work creation:
[ 2310.902627] kasan_save_stack+0x1e/0x40
[ 2310.902995] __kasan_record_aux_stack+0x96/0xb0
[ 2310.903432] kvfree_call_rcu+0x7d/0x840
[ 2310.903767] dma_resv_reserve_fences+0x35d/0x680
[ 2310.904177] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2310.904647] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2310.905152] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2310.905595] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2310.906094] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2310.906665] process_one_work+0x8e5/0x1520
[ 2310.907055] worker_thread+0x59e/0xf90
[ 2310.907387] kthread+0x2a7/0x350
[ 2310.907674] ret_from_fork+0x22/0x30
[ 2310.908147] The buggy address belongs to the object at ffff888004943a00
which belongs to the cache kmalloc-128 of size 128
[ 2310.909189] The buggy address is located 0 bytes to the right of
128-byte region [ffff888004943a00, ffff888004943a80)
[ 2310.910401] The buggy address belongs to the physical page:
[ 2310.910876] page:00000000b1b3ec3f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4943
[ 2310.911658] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2310.912277] raw: 000fffffc0000200 ffffea0000696800 dead000000000002 ffff8881000418c0
[ 2310.912960] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2310.913637] page dumped because: kasan: bad access detected
[ 2310.914343] Memory state around the buggy address:
[ 2310.914814] ffff888004943980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.915454] ffff888004943a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 2310.916095] >ffff888004943a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.916739] ^
[ 2310.917056] ffff888004943b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2310.917695] ffff888004943b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.918310] ==================================================================
[ 2310.919814] ok 1 - kmalloc_oob_right
[ 2310.921985] ==================================================================
[ 2310.922966] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2310.923672] Read of size 1 at addr ffff888005318a5f by task kunit_try_catch/48110
[ 2310.924532] CPU: 0 PID: 48110 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2310.925687] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2310.926241] Call Trace:
[ 2310.926492]
[ 2310.926701] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2310.927186] dump_stack_lvl+0x57/0x81
[ 2310.927514] print_address_description.constprop.0+0x1f/0x1e0
[ 2310.928021] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2310.928481] print_report.cold+0x5c/0x237
[ 2310.928835] kasan_report+0xc9/0x100
[ 2310.929162] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2310.929644] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2310.930133] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan]
[ 2310.930671] ? do_raw_spin_trylock+0xb5/0x180
[ 2310.931063] ? do_raw_spin_lock+0x270/0x270
[ 2310.931434] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2310.931973] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2310.932420] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.932845] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2310.933330] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.933904] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2310.934376] kthread+0x2a7/0x350
[ 2310.934667] ? kthread_complete_and_exit+0x20/0x20
[ 2310.935119] ret_from_fork+0x22/0x30
[ 2310.935473]
[ 2310.935822] Allocated by task 0:
[ 2310.936145] (stack is not available)
[ 2310.936626] The buggy address belongs to the object at ffff888005318a40
which belongs to the cache kmalloc-16 of size 16
[ 2310.937689] The buggy address is located 15 bytes to the right of
16-byte region [ffff888005318a40, ffff888005318a50)
[ 2310.938898] The buggy address belongs to the physical page:
[ 2310.939378] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2310.940190] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2310.940790] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0
[ 2310.941444] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2310.942124] page dumped because: kasan: bad access detected
[ 2310.942771] Memory state around the buggy address:
[ 2310.943189] ffff888005318900: 00 00 fc fc 00 00 fc fc fa fb fc fc fb fb fc fc
[ 2310.943797] ffff888005318980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2310.944446] >ffff888005318a00: fa fb fc fc fa fb fc fc 00 00 fc fc 00 07 fc fc
[ 2310.945078] ^
[ 2310.945595] ffff888005318a80: 00 00 fc fc 00 00 fc fc fb fb fc fc 00 00 fc fc
[ 2310.946211] ffff888005318b00: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[ 2310.946873] ==================================================================
[ 2310.947592] ok 2 - kmalloc_oob_left
[ 2310.949852] ==================================================================
[ 2310.950986] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2310.951732] Read of size 1 at addr ffff888001f55000 by task kunit_try_catch/48111
[ 2310.952518] CPU: 0 PID: 48111 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2310.953679] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2310.954207] Call Trace:
[ 2310.954443]
[ 2310.954654] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2310.955226] dump_stack_lvl+0x57/0x81
[ 2310.955592] print_address_description.constprop.0+0x1f/0x1e0
[ 2310.956128] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2310.956662] print_report.cold+0x5c/0x237
[ 2310.957065] kasan_report+0xc9/0x100
[ 2310.957426] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2310.957945] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2310.958436] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan]
[ 2310.958873] ? do_raw_spin_trylock+0xb5/0x180
[ 2310.959264] ? do_raw_spin_lock+0x270/0x270
[ 2310.959661] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2310.960172] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2310.960615] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.961048] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2310.961488] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.962051] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2310.962518] kthread+0x2a7/0x350
[ 2310.962807] ? kthread_complete_and_exit+0x20/0x20
[ 2310.963267] ret_from_fork+0x22/0x30
[ 2310.963613]
[ 2310.963969] Allocated by task 48111:
[ 2310.964322] kasan_save_stack+0x1e/0x40
[ 2310.964707] __kasan_kmalloc+0x81/0xa0
[ 2310.965092] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan]
[ 2310.965601] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.966088] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.966610] kthread+0x2a7/0x350
[ 2310.966899] ret_from_fork+0x22/0x30
[ 2310.967376] The buggy address belongs to the object at ffff888001f54000
which belongs to the cache kmalloc-4k of size 4096
[ 2310.968416] The buggy address is located 0 bytes to the right of
4096-byte region [ffff888001f54000, ffff888001f55000)
[ 2310.969591] The buggy address belongs to the physical page:
[ 2310.970121] page:00000000c23a2fb5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f50
[ 2310.970895] head:00000000c23a2fb5 order:3 compound_mapcount:0 compound_pincount:0
[ 2310.971534] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2310.972163] raw: 000fffffc0010200 0000000000000000 dead000000000001 ffff888100042140
[ 2310.972824] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 2310.973480] page dumped because: kasan: bad access detected
[ 2310.974109] Memory state around the buggy address:
[ 2310.974559] ffff888001f54f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2310.975194] ffff888001f54f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2310.975842] >ffff888001f55000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.976493] ^
[ 2310.976815] ffff888001f55080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.977456] ffff888001f55100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2310.978160] ==================================================================
[ 2310.978981] ok 3 - kmalloc_node_oob_right
[ 2310.980819] ==================================================================
[ 2310.981845] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2310.982606] Write of size 1 at addr ffff88802dbee00a by task kunit_try_catch/48112
[ 2310.983393] CPU: 0 PID: 48112 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2310.984584] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2310.985080] Call Trace:
[ 2310.985303]
[ 2310.985499] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2310.986069] dump_stack_lvl+0x57/0x81
[ 2310.986422] print_address_description.constprop.0+0x1f/0x1e0
[ 2310.986985] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2310.987525] print_report.cold+0x5c/0x237
[ 2310.987918] kasan_report+0xc9/0x100
[ 2310.988264] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2310.988807] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2310.989346] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan]
[ 2310.989847] ? do_raw_spin_trylock+0xb5/0x180
[ 2310.990240] ? do_raw_spin_lock+0x270/0x270
[ 2310.990607] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2310.991095] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2310.991539] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2310.991971] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2310.992412] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2310.992966] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2310.993456] kthread+0x2a7/0x350
[ 2310.993747] ? kthread_complete_and_exit+0x20/0x20
[ 2310.994168] ret_from_fork+0x22/0x30
[ 2310.994489]
[ 2310.994840] The buggy address belongs to the physical page:
[ 2310.995359] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2310.996164] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2310.996795] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2310.997431] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2310.998117] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2310.998771] page dumped because: kasan: bad access detected
[ 2310.999410] Memory state around the buggy address:
[ 2310.999826] ffff88802dbedf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.000446] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.001067] >ffff88802dbee000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.001705] ^
[ 2311.002049] ffff88802dbee080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.002658] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.003270] ==================================================================
[ 2311.005102] ok 4 - kmalloc_pagealloc_oob_right
[ 2311.006826] ==================================================================
[ 2311.007882] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2311.008572] Read of size 1 at addr ffff88802dbec000 by task kunit_try_catch/48113
[ 2311.009358] CPU: 0 PID: 48113 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.010648] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.011149] Call Trace:
[ 2311.011373]
[ 2311.011569] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2311.012070] dump_stack_lvl+0x57/0x81
[ 2311.012396] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.012893] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2311.013398] print_report.cold+0x5c/0x237
[ 2311.013752] kasan_report+0xc9/0x100
[ 2311.014078] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2311.014574] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2311.015114] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan]
[ 2311.015673] ? do_raw_spin_trylock+0xb5/0x180
[ 2311.016062] ? do_raw_spin_lock+0x270/0x270
[ 2311.016460] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.016968] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.017408] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.017868] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.018331] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.018919] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.019363] kthread+0x2a7/0x350
[ 2311.019653] ? kthread_complete_and_exit+0x20/0x20
[ 2311.020075] ret_from_fork+0x22/0x30
[ 2311.020398]
[ 2311.020772] The buggy address belongs to the physical page:
[ 2311.021280] page:00000000cf8e0249 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.022067] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.022619] raw: 000fffffc0000000 ffffea0000654008 ffff88810c200270 0000000000000000
[ 2311.023338] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2311.024019] page dumped because: kasan: bad access detected
[ 2311.024673] Memory state around the buggy address:
[ 2311.025144] ffff88802dbebf00: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc
[ 2311.025835] ffff88802dbebf80: 00 00 00 00 00 02 fc fc fc fc fc fc fc fc fc fc
[ 2311.026449] >ffff88802dbec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2311.027297] ^
[ 2311.027635] ffff88802dbec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2311.028355] ffff88802dbec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2311.029067] ==================================================================
[ 2311.030147] ok 5 - kmalloc_pagealloc_uaf
[ 2311.034897] ==================================================================
[ 2311.035990] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2311.037022] CPU: 0 PID: 48114 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.038198] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.038731] Call Trace:
[ 2311.038972]
[ 2311.039187] dump_stack_lvl+0x57/0x81
[ 2311.039514] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.040144] print_report.cold+0x5c/0x237
[ 2311.040496] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2311.041076] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2311.041636] kasan_report_invalid_free+0x99/0xc0
[ 2311.042046] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2311.042605] kfree+0x2ab/0x3c0
[ 2311.042918] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2311.043518] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan]
[ 2311.044035] ? do_raw_spin_trylock+0xb5/0x180
[ 2311.044420] ? do_raw_spin_lock+0x270/0x270
[ 2311.044787] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.045275] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.045766] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.046197] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.046636] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.047165] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.047634] kthread+0x2a7/0x350
[ 2311.047965] ? kthread_complete_and_exit+0x20/0x20
[ 2311.048384] ret_from_fork+0x22/0x30
[ 2311.048708]
[ 2311.049065] The buggy address belongs to the physical page:
[ 2311.049537] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.050315] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.050950] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.051547] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.052200] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.052848] page dumped because: kasan: bad access detected
[ 2311.056759] Memory state around the buggy address:
[ 2311.057202] ffff88802dbebf00: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc
[ 2311.057849] ffff88802dbebf80: 00 00 00 00 00 02 fc fc fc fc fc fc fc fc fc fc
[ 2311.058492] >ffff88802dbec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.059185] ^
[ 2311.059491] ffff88802dbec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.060105] ffff88802dbec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.060712] ==================================================================
[ 2311.061505] ok 6 - kmalloc_pagealloc_invalid_free
[ 2311.064100] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2311.066252] ==================================================================
[ 2311.067736] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2311.068435] Read of size 1 at addr ffff88800b9e0000 by task kunit_try_catch/48116
[ 2311.069366] CPU: 0 PID: 48116 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.070614] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.071166] Call Trace:
[ 2311.071390]
[ 2311.071588] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2311.072041] dump_stack_lvl+0x57/0x81
[ 2311.072367] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.072862] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2311.073385] print_report.cold+0x5c/0x237
[ 2311.073773] kasan_report+0xc9/0x100
[ 2311.074098] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2311.074536] pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2311.074963] ? krealloc_more_oob+0x10/0x10 [test_kasan]
[ 2311.075466] ? do_raw_spin_trylock+0xb5/0x180
[ 2311.075848] ? do_raw_spin_lock+0x270/0x270
[ 2311.076220] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.076700] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.077186] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.077684] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.078126] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.078652] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.079100] kthread+0x2a7/0x350
[ 2311.079391] ? kthread_complete_and_exit+0x20/0x20
[ 2311.079807] ret_from_fork+0x22/0x30
[ 2311.080133]
[ 2311.080484] The buggy address belongs to the physical page:
[ 2311.080959] page:00000000f2320154 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0xb9e0
[ 2311.081797] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.082471] raw: 000fffffc0000000 ffffea00000e6c08 ffff88813ffd2aa0 0000000000000000
[ 2311.083160] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000
[ 2311.083847] page dumped because: kasan: bad access detected
[ 2311.084527] Memory state around the buggy address:
[ 2311.085782] ffff88800b9dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.087476] ffff88800b9dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.089040] >ffff88800b9e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2311.090557] ^
[ 2311.091274] ffff88800b9e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2311.092767] ffff88800b9e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2311.094279] ==================================================================
[ 2311.096037] ok 8 - pagealloc_uaf
[ 2311.098039] ==================================================================
[ 2311.100274] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2311.101971] Write of size 1 at addr ffff888005efdf00 by task kunit_try_catch/48117
[ 2311.103750] CPU: 0 PID: 48117 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.106373] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.107499] Call Trace:
[ 2311.107988]
[ 2311.108405] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2311.109476] dump_stack_lvl+0x57/0x81
[ 2311.110179] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.111251] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2311.112336] print_report.cold+0x5c/0x237
[ 2311.113085] kasan_report+0xc9/0x100
[ 2311.113756] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2311.114840] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2311.115941] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan]
[ 2311.116884] ? do_raw_spin_trylock+0xb5/0x180
[ 2311.117688] ? do_raw_spin_lock+0x270/0x270
[ 2311.118446] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.119415] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.120303] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.121141] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.122029] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.123079] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.123951] kthread+0x2a7/0x350
[ 2311.124544] ? kthread_complete_and_exit+0x20/0x20
[ 2311.125383] ret_from_fork+0x22/0x30
[ 2311.126057]
[ 2311.126797] Allocated by task 48117:
[ 2311.127492] kasan_save_stack+0x1e/0x40
[ 2311.128171] __kasan_kmalloc+0x81/0xa0
[ 2311.128842] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan]
[ 2311.129785] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.130650] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.131646] kthread+0x2a7/0x350
[ 2311.132209] ret_from_fork+0x22/0x30
[ 2311.133091] The buggy address belongs to the object at ffff888005efc000
which belongs to the cache kmalloc-8k of size 8192
[ 2311.135054] The buggy address is located 7936 bytes inside of
8192-byte region [ffff888005efc000, ffff888005efe000)
[ 2311.137228] The buggy address belongs to the physical page:
[ 2311.138122] page:00000000fad58b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ef8
[ 2311.139596] head:00000000fad58b40 order:3 compound_mapcount:0 compound_pincount:0
[ 2311.140735] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.141855] raw: 000fffffc0010200 ffffea00000a7600 dead000000000004 ffff888100042280
[ 2311.143015] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 2311.144181] page dumped because: kasan: bad access detected
[ 2311.145298] Memory state around the buggy address:
[ 2311.146034] ffff888005efde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.147115] ffff888005efde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.148194] >ffff888005efdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.149281] ^
[ 2311.149778] ffff888005efdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.150841] ffff888005efe000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.151894] ==================================================================
[ 2311.153590] ok 9 - kmalloc_large_oob_right
[ 2311.155963] ==================================================================
[ 2311.157690] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.158956] Write of size 1 at addr ffff88802f48d8eb by task kunit_try_catch/48118
[ 2311.160327] CPU: 0 PID: 48118 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.162180] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.162963] Call Trace:
[ 2311.163311]
[ 2311.163621] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.164444] dump_stack_lvl+0x57/0x81
[ 2311.164975] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.165781] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.166661] print_report.cold+0x5c/0x237
[ 2311.167245] kasan_report+0xc9/0x100
[ 2311.167782] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.168638] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.169475] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2311.170218] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.170839] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.171382] ? lock_acquire+0x4ea/0x620
[ 2311.171808] ? rcu_read_unlock+0x40/0x40
[ 2311.172694] ? rcu_read_unlock+0x40/0x40
[ 2311.173513] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.174466] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.175593] ? do_raw_spin_lock+0x270/0x270
[ 2311.176462] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.177697] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.178735] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.179759] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.180747] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.181775] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.182993] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.183996] kthread+0x2a7/0x350
[ 2311.184618] ? kthread_complete_and_exit+0x20/0x20
[ 2311.185501] ret_from_fork+0x22/0x30
[ 2311.186207]
[ 2311.186981] Allocated by task 48118:
[ 2311.187643] kasan_save_stack+0x1e/0x40
[ 2311.188373] __kasan_krealloc+0xee/0x160
[ 2311.189106] krealloc+0x50/0xe0
[ 2311.189724] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan]
[ 2311.190920] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.191834] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.192987] kthread+0x2a7/0x350
[ 2311.193609] ret_from_fork+0x22/0x30
[ 2311.194543] Last potentially related work creation:
[ 2311.195414] kasan_save_stack+0x1e/0x40
[ 2311.196104] __kasan_record_aux_stack+0x96/0xb0
[ 2311.196893] kvfree_call_rcu+0x7d/0x840
[ 2311.197556] dma_resv_fini+0x38/0x50
[ 2311.198192] drm_gem_object_release+0x73/0x100 [drm]
[ 2311.199332] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2311.200141] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2311.200904] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2311.201770] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2311.202700] process_one_work+0x8e5/0x1520
[ 2311.203417] worker_thread+0x59e/0xf90
[ 2311.204050] kthread+0x2a7/0x350
[ 2311.204599] ret_from_fork+0x22/0x30
[ 2311.205451] Second to last potentially related work creation:
[ 2311.206382] kasan_save_stack+0x1e/0x40
[ 2311.207047] __kasan_record_aux_stack+0x96/0xb0
[ 2311.207774] kvfree_call_rcu+0x7d/0x840
[ 2311.208458] dma_resv_reserve_fences+0x35d/0x680
[ 2311.209203] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2311.210070] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2311.210894] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2311.211670] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2311.212623] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2311.213660] process_one_work+0x8e5/0x1520
[ 2311.214308] worker_thread+0x59e/0xf90
[ 2311.214881] kthread+0x2a7/0x350
[ 2311.215414] ret_from_fork+0x22/0x30
[ 2311.216267] The buggy address belongs to the object at ffff88802f48d800
which belongs to the cache kmalloc-256 of size 256
[ 2311.218151] The buggy address is located 235 bytes inside of
256-byte region [ffff88802f48d800, ffff88802f48d900)
[ 2311.220267] The buggy address belongs to the physical page:
[ 2311.221092] page:000000009e711371 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f48d
[ 2311.222464] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.223498] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 2311.224651] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.225734] page dumped because: kasan: bad access detected
[ 2311.226777] Memory state around the buggy address:
[ 2311.227500] ffff88802f48d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.228561] ffff88802f48d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.229604] >ffff88802f48d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[ 2311.230661] ^
[ 2311.231601] ffff88802f48d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.232672] ffff88802f48d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.233704] ==================================================================
[ 2311.234597] ==================================================================
[ 2311.235381] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.236240] Write of size 1 at addr ffff88802f48d8f0 by task kunit_try_catch/48118
[ 2311.237106] CPU: 0 PID: 48118 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.238435] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.239026] Call Trace:
[ 2311.239296]
[ 2311.239504] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.240073] dump_stack_lvl+0x57/0x81
[ 2311.240436] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.241047] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.241602] print_report.cold+0x5c/0x237
[ 2311.241990] kasan_report+0xc9/0x100
[ 2311.242342] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.242901] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.243452] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2311.244027] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.244479] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.244953] ? lock_acquire+0x4ea/0x620
[ 2311.245312] ? rcu_read_unlock+0x40/0x40
[ 2311.245684] ? rcu_read_unlock+0x40/0x40
[ 2311.246090] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.246582] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.247102] ? do_raw_spin_lock+0x270/0x270
[ 2311.247488] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.248084] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.248559] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.249034] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.249505] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.250079] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.250658] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.251132] kthread+0x2a7/0x350
[ 2311.251445] ? kthread_complete_and_exit+0x20/0x20
[ 2311.251934] ret_from_fork+0x22/0x30
[ 2311.252305]
[ 2311.252683] Allocated by task 48118:
[ 2311.253028] kasan_save_stack+0x1e/0x40
[ 2311.253388] __kasan_krealloc+0xee/0x160
[ 2311.253763] krealloc+0x50/0xe0
[ 2311.254090] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan]
[ 2311.254630] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.255159] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.255732] kthread+0x2a7/0x350
[ 2311.256051] ret_from_fork+0x22/0x30
[ 2311.256564] Last potentially related work creation:
[ 2311.257036] kasan_save_stack+0x1e/0x40
[ 2311.257400] __kasan_record_aux_stack+0x96/0xb0
[ 2311.257851] kvfree_call_rcu+0x7d/0x840
[ 2311.258254] dma_resv_fini+0x38/0x50
[ 2311.258600] drm_gem_object_release+0x73/0x100 [drm]
[ 2311.259098] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2311.259555] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2311.259988] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2311.260460] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2311.260969] process_one_work+0x8e5/0x1520
[ 2311.261343] worker_thread+0x59e/0xf90
[ 2311.261687] kthread+0x2a7/0x350
[ 2311.262006] ret_from_fork+0x22/0x30
[ 2311.262553] Second to last potentially related work creation:
[ 2311.263148] kasan_save_stack+0x1e/0x40
[ 2311.263564] __kasan_record_aux_stack+0x96/0xb0
[ 2311.264005] kvfree_call_rcu+0x7d/0x840
[ 2311.264387] dma_resv_reserve_fences+0x35d/0x680
[ 2311.264838] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2311.265405] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2311.266021] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2311.266477] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2311.267033] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2311.267650] process_one_work+0x8e5/0x1520
[ 2311.268090] worker_thread+0x59e/0xf90
[ 2311.268482] kthread+0x2a7/0x350
[ 2311.268794] ret_from_fork+0x22/0x30
[ 2311.269289] The buggy address belongs to the object at ffff88802f48d800
which belongs to the cache kmalloc-256 of size 256
[ 2311.270423] The buggy address is located 240 bytes inside of
256-byte region [ffff88802f48d800, ffff88802f48d900)
[ 2311.271701] The buggy address belongs to the physical page:
[ 2311.272249] page:000000009e711371 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f48d
[ 2311.273143] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.273837] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 2311.274564] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.275265] page dumped because: kasan: bad access detected
[ 2311.275963] Memory state around the buggy address:
[ 2311.276406] ffff88802f48d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.277125] ffff88802f48d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.277783] >ffff88802f48d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[ 2311.278544] ^
[ 2311.279227] ffff88802f48d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.279886] ffff88802f48d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.280681] ==================================================================
[ 2311.282833] ok 10 - krealloc_more_oob
[ 2311.284829] ==================================================================
[ 2311.285947] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.286783] Write of size 1 at addr ffff8881098712c9 by task kunit_try_catch/48119
[ 2311.287662] CPU: 0 PID: 48119 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.288983] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.289593] Call Trace:
[ 2311.289880]
[ 2311.290120] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.290752] dump_stack_lvl+0x57/0x81
[ 2311.291121] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.291692] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.292300] print_report.cold+0x5c/0x237
[ 2311.292670] kasan_report+0xc9/0x100
[ 2311.293048] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.293653] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.294272] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.294769] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.295243] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.295708] ? lock_acquire+0x4ea/0x620
[ 2311.296095] ? rcu_read_unlock+0x40/0x40
[ 2311.296469] ? rcu_read_unlock+0x40/0x40
[ 2311.296840] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.297300] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.297823] ? do_raw_spin_lock+0x270/0x270
[ 2311.298239] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.298797] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.299292] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.299827] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.300308] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.300782] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.301351] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.301846] kthread+0x2a7/0x350
[ 2311.302183] ? kthread_complete_and_exit+0x20/0x20
[ 2311.302635] ret_from_fork+0x22/0x30
[ 2311.302992]
[ 2311.303377] Allocated by task 48119:
[ 2311.303719] kasan_save_stack+0x1e/0x40
[ 2311.304092] __kasan_krealloc+0xee/0x160
[ 2311.304462] krealloc+0x50/0xe0
[ 2311.304775] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2311.305332] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.305783] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.306359] kthread+0x2a7/0x350
[ 2311.306673] ret_from_fork+0x22/0x30
[ 2311.307198] The buggy address belongs to the object at ffff888109871200
which belongs to the cache kmalloc-256 of size 256
[ 2311.308332] The buggy address is located 201 bytes inside of
256-byte region [ffff888109871200, ffff888109871300)
[ 2311.309581] The buggy address belongs to the physical page:
[ 2311.310205] page:000000005deda98b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109871
[ 2311.311085] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2311.311770] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 2311.312526] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.313234] page dumped because: kasan: bad access detected
[ 2311.313913] Memory state around the buggy address:
[ 2311.314426] ffff888109871180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.315132] ffff888109871200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.315851] >ffff888109871280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2311.316577] ^
[ 2311.317106] ffff888109871300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.317793] ffff888109871380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.318494] ==================================================================
[ 2311.319242] ==================================================================
[ 2311.319923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.320723] Write of size 1 at addr ffff8881098712d0 by task kunit_try_catch/48119
[ 2311.321580] CPU: 0 PID: 48119 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.322892] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.323497] Call Trace:
[ 2311.323732]
[ 2311.323952] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.324516] dump_stack_lvl+0x57/0x81
[ 2311.324869] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.325477] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.326049] print_report.cold+0x5c/0x237
[ 2311.326438] kasan_report+0xc9/0x100
[ 2311.326772] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.327353] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.327910] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.328424] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.328896] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.329349] ? lock_acquire+0x4ea/0x620
[ 2311.329762] ? rcu_read_unlock+0x40/0x40
[ 2311.330228] ? rcu_read_unlock+0x40/0x40
[ 2311.330609] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.331080] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.331604] ? do_raw_spin_lock+0x270/0x270
[ 2311.332010] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.332596] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.333063] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.333576] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.334069] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.334549] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.335131] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.335610] kthread+0x2a7/0x350
[ 2311.335939] ? kthread_complete_and_exit+0x20/0x20
[ 2311.336441] ret_from_fork+0x22/0x30
[ 2311.336787]
[ 2311.337166] Allocated by task 48119:
[ 2311.337499] kasan_save_stack+0x1e/0x40
[ 2311.337856] __kasan_krealloc+0xee/0x160
[ 2311.338247] krealloc+0x50/0xe0
[ 2311.338588] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2311.339206] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.339692] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.340373] kthread+0x2a7/0x350
[ 2311.340690] ret_from_fork+0x22/0x30
[ 2311.341213] The buggy address belongs to the object at ffff888109871200
which belongs to the cache kmalloc-256 of size 256
[ 2311.342355] The buggy address is located 208 bytes inside of
256-byte region [ffff888109871200, ffff888109871300)
[ 2311.343697] The buggy address belongs to the physical page:
[ 2311.344281] page:000000005deda98b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109871
[ 2311.345142] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2311.345801] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 2311.346519] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.347257] page dumped because: kasan: bad access detected
[ 2311.347945] Memory state around the buggy address:
[ 2311.348398] ffff888109871180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.349066] ffff888109871200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.349739] >ffff888109871280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2311.350427] ^
[ 2311.350987] ffff888109871300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.351707] ffff888109871380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.352408] ==================================================================
[ 2311.353117] ==================================================================
[ 2311.353832] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.354651] Write of size 1 at addr ffff8881098712da by task kunit_try_catch/48119
[ 2311.355601] CPU: 0 PID: 48119 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.356865] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.357418] Call Trace:
[ 2311.357654]
[ 2311.357863] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.358458] dump_stack_lvl+0x57/0x81
[ 2311.358799] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.359365] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.359973] print_report.cold+0x5c/0x237
[ 2311.360353] kasan_report+0xc9/0x100
[ 2311.360689] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.361244] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.361793] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.362577] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.363851] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.364927] ? lock_acquire+0x4ea/0x620
[ 2311.365876] ? rcu_read_unlock+0x40/0x40
[ 2311.366858] ? rcu_read_unlock+0x40/0x40
[ 2311.367816] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.369055] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.370451] ? do_raw_spin_lock+0x270/0x270
[ 2311.371502] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.372981] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.374083] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.375199] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.376300] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.377433] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.378764] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.379879] kthread+0x2a7/0x350
[ 2311.380643] ? kthread_complete_and_exit+0x20/0x20
[ 2311.381689] ret_from_fork+0x22/0x30
[ 2311.382518]
[ 2311.383404] Allocated by task 48119:
[ 2311.384163] kasan_save_stack+0x1e/0x40
[ 2311.384963] __kasan_krealloc+0xee/0x160
[ 2311.385753] krealloc+0x50/0xe0
[ 2311.386443] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2311.387625] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.388635] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.389883] kthread+0x2a7/0x350
[ 2311.390561] ret_from_fork+0x22/0x30
[ 2311.391663] The buggy address belongs to the object at ffff888109871200
which belongs to the cache kmalloc-256 of size 256
[ 2311.394142] The buggy address is located 218 bytes inside of
256-byte region [ffff888109871200, ffff888109871300)
[ 2311.396608] The buggy address belongs to the physical page:
[ 2311.397642] page:000000005deda98b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109871
[ 2311.399399] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2311.400752] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 2311.402196] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.403277] page dumped because: kasan: bad access detected
[ 2311.404204] Memory state around the buggy address:
[ 2311.404813] ffff888109871180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.405762] ffff888109871200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.406523] >ffff888109871280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2311.407305] ^
[ 2311.407976] ffff888109871300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.408762] ffff888109871380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.409529] ==================================================================
[ 2311.410476] ==================================================================
[ 2311.411274] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.412187] Write of size 1 at addr ffff8881098712ea by task kunit_try_catch/48119
[ 2311.413153] CPU: 0 PID: 48119 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.414615] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.415281] Call Trace:
[ 2311.415571]
[ 2311.415811] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.416514] dump_stack_lvl+0x57/0x81
[ 2311.416947] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.417658] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.418316] print_report.cold+0x5c/0x237
[ 2311.418750] kasan_report+0xc9/0x100
[ 2311.419149] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.419772] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.420453] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.421007] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.421530] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.422013] ? lock_acquire+0x4ea/0x620
[ 2311.422409] ? rcu_read_unlock+0x40/0x40
[ 2311.422811] ? rcu_read_unlock+0x40/0x40
[ 2311.423260] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.423758] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.424402] ? do_raw_spin_lock+0x270/0x270
[ 2311.424831] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.425491] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.426020] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.426584] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.427706] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.428733] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.429896] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.430935] kthread+0x2a7/0x350
[ 2311.431557] ? kthread_complete_and_exit+0x20/0x20
[ 2311.432435] ret_from_fork+0x22/0x30
[ 2311.433107]
[ 2311.433863] Allocated by task 48119:
[ 2311.434555] kasan_save_stack+0x1e/0x40
[ 2311.435258] __kasan_krealloc+0xee/0x160
[ 2311.435970] krealloc+0x50/0xe0
[ 2311.436564] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2311.437628] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.438535] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.439615] kthread+0x2a7/0x350
[ 2311.440180] ret_from_fork+0x22/0x30
[ 2311.441113] The buggy address belongs to the object at ffff888109871200
which belongs to the cache kmalloc-256 of size 256
[ 2311.443138] The buggy address is located 234 bytes inside of
256-byte region [ffff888109871200, ffff888109871300)
[ 2311.445349] The buggy address belongs to the physical page:
[ 2311.446277] page:000000005deda98b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109871
[ 2311.447825] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2311.448976] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 2311.450220] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.451423] page dumped because: kasan: bad access detected
[ 2311.452578] Memory state around the buggy address:
[ 2311.453342] ffff888109871180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.454502] ffff888109871200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.455647] >ffff888109871280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2311.456783] ^
[ 2311.457822] ffff888109871300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.458955] ffff888109871380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.460120] ==================================================================
[ 2311.461215] ==================================================================
[ 2311.462286] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.463576] Write of size 1 at addr ffff8881098712eb by task kunit_try_catch/48119
[ 2311.464979] CPU: 0 PID: 48119 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.467072] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.467937] Call Trace:
[ 2311.468328]
[ 2311.468686] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.469579] dump_stack_lvl+0x57/0x81
[ 2311.470116] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.470943] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.471799] print_report.cold+0x5c/0x237
[ 2311.472384] kasan_report+0xc9/0x100
[ 2311.472921] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.473782] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.474618] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.475329] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.476011] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.476702] ? lock_acquire+0x4ea/0x620
[ 2311.477266] ? rcu_read_unlock+0x40/0x40
[ 2311.477837] ? rcu_read_unlock+0x40/0x40
[ 2311.478418] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.479102] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.479898] ? do_raw_spin_lock+0x270/0x270
[ 2311.480485] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.481312] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.481985] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.482679] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.483364] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.484060] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.484880] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.485576] kthread+0x2a7/0x350
[ 2311.486030] ? kthread_complete_and_exit+0x20/0x20
[ 2311.486678] ret_from_fork+0x22/0x30
[ 2311.487196]
[ 2311.487767] Allocated by task 48119:
[ 2311.488298] kasan_save_stack+0x1e/0x40
[ 2311.488844] __kasan_krealloc+0xee/0x160
[ 2311.489331] krealloc+0x50/0xe0
[ 2311.489660] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2311.490361] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.490854] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.495883] kthread+0x2a7/0x350
[ 2311.496288] ret_from_fork+0x22/0x30
[ 2311.496828] The buggy address belongs to the object at ffff888109871200
which belongs to the cache kmalloc-256 of size 256
[ 2311.498113] The buggy address is located 235 bytes inside of
256-byte region [ffff888109871200, ffff888109871300)
[ 2311.499514] The buggy address belongs to the physical page:
[ 2311.500121] page:000000005deda98b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109871
[ 2311.501058] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2311.501782] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 2311.502644] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.503449] page dumped because: kasan: bad access detected
[ 2311.504263] Memory state around the buggy address:
[ 2311.504743] ffff888109871180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.505457] ffff888109871200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.506238] >ffff888109871280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2311.507029] ^
[ 2311.507727] ffff888109871300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.508484] ffff888109871380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.509332] ==================================================================
[ 2311.510851] ok 11 - krealloc_less_oob
[ 2311.515361] ==================================================================
[ 2311.516559] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.517545] Write of size 1 at addr ffff88802dbee0eb by task kunit_try_catch/48120
[ 2311.518549] CPU: 0 PID: 48120 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.520027] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.520683] Call Trace:
[ 2311.520975]
[ 2311.521250] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.521890] dump_stack_lvl+0x57/0x81
[ 2311.522341] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.522965] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.523638] print_report.cold+0x5c/0x237
[ 2311.524094] kasan_report+0xc9/0x100
[ 2311.524508] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.525147] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2311.525744] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2311.526338] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.526876] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.527433] ? lock_acquire+0x4ea/0x620
[ 2311.527826] ? rcu_read_unlock+0x40/0x40
[ 2311.528276] ? rcu_read_unlock+0x40/0x40
[ 2311.528675] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.529160] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.529719] ? do_raw_spin_lock+0x270/0x270
[ 2311.530176] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.530804] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.531396] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.532041] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.532606] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.533131] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.533786] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.534396] kthread+0x2a7/0x350
[ 2311.534734] ? kthread_complete_and_exit+0x20/0x20
[ 2311.535265] ret_from_fork+0x22/0x30
[ 2311.535641]
[ 2311.536078] The buggy address belongs to the physical page:
[ 2311.536654] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.537639] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.538452] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.539207] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.540024] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.540808] page dumped because: kasan: bad access detected
[ 2311.541572] Memory state around the buggy address:
[ 2311.542106] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.542818] ffff88802dbee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.543534] >ffff88802dbee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[ 2311.544319] ^
[ 2311.545069] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.545803] ffff88802dbee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.546516] ==================================================================
[ 2311.547296] ==================================================================
[ 2311.548073] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.549025] Write of size 1 at addr ffff88802dbee0f0 by task kunit_try_catch/48120
[ 2311.550049] CPU: 0 PID: 48120 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.551468] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.552069] Call Trace:
[ 2311.552348]
[ 2311.552577] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.553212] dump_stack_lvl+0x57/0x81
[ 2311.553631] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.554247] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.554893] print_report.cold+0x5c/0x237
[ 2311.555306] kasan_report+0xc9/0x100
[ 2311.555674] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.556322] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2311.556911] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2311.557483] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.557983] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.558484] ? lock_acquire+0x4ea/0x620
[ 2311.558877] ? rcu_read_unlock+0x40/0x40
[ 2311.559301] ? rcu_read_unlock+0x40/0x40
[ 2311.559749] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.560282] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.560869] ? do_raw_spin_lock+0x270/0x270
[ 2311.561297] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.561930] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.562486] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.563053] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.563653] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.564186] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.564865] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.565388] kthread+0x2a7/0x350
[ 2311.565724] ? kthread_complete_and_exit+0x20/0x20
[ 2311.566278] ret_from_fork+0x22/0x30
[ 2311.566695]
[ 2311.567184] The buggy address belongs to the physical page:
[ 2311.567778] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.568732] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.569547] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.570330] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.571091] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.571867] page dumped because: kasan: bad access detected
[ 2311.572675] Memory state around the buggy address:
[ 2311.573279] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.574035] ffff88802dbee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.574768] >ffff88802dbee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[ 2311.575550] ^
[ 2311.576296] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.577010] ffff88802dbee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.577735] ==================================================================
[ 2311.578634] ok 12 - krealloc_pagealloc_more_oob
[ 2311.579838] ==================================================================
[ 2311.581318] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.582318] Write of size 1 at addr ffff88802dbee0c9 by task kunit_try_catch/48121
[ 2311.583269] CPU: 0 PID: 48121 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.584796] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.585388] Call Trace:
[ 2311.585647]
[ 2311.585876] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.586596] dump_stack_lvl+0x57/0x81
[ 2311.587019] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.587623] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.588644] print_report.cold+0x5c/0x237
[ 2311.589562] kasan_report+0xc9/0x100
[ 2311.590495] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.592023] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2311.593512] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.594752] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.595941] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.597124] ? lock_acquire+0x4ea/0x620
[ 2311.598102] ? rcu_read_unlock+0x40/0x40
[ 2311.599089] ? rcu_read_unlock+0x40/0x40
[ 2311.600066] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.601203] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.602472] ? do_raw_spin_lock+0x270/0x270
[ 2311.603449] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.604850] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.606001] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.607161] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.608298] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.609462] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.610886] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.612012] kthread+0x2a7/0x350
[ 2311.612717] ? kthread_complete_and_exit+0x20/0x20
[ 2311.613743] ret_from_fork+0x22/0x30
[ 2311.614538]
[ 2311.615394] The buggy address belongs to the physical page:
[ 2311.616553] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.618459] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.620004] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.621335] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.622796] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.624279] page dumped because: kasan: bad access detected
[ 2311.625700] Memory state around the buggy address:
[ 2311.626633] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.627604] ffff88802dbee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.628513] >ffff88802dbee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2311.629396] ^
[ 2311.630117] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.630865] ffff88802dbee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.631637] ==================================================================
[ 2311.632553] ==================================================================
[ 2311.633356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.634330] Write of size 1 at addr ffff88802dbee0d0 by task kunit_try_catch/48121
[ 2311.635411] CPU: 0 PID: 48121 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.636848] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.637471] Call Trace:
[ 2311.637736]
[ 2311.637989] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.638617] dump_stack_lvl+0x57/0x81
[ 2311.639020] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.639649] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.640369] print_report.cold+0x5c/0x237
[ 2311.640782] kasan_report+0xc9/0x100
[ 2311.641220] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.641910] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2311.642517] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.643042] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.643561] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.644120] ? lock_acquire+0x4ea/0x620
[ 2311.644552] ? rcu_read_unlock+0x40/0x40
[ 2311.644988] ? rcu_read_unlock+0x40/0x40
[ 2311.645453] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.645936] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.646492] ? do_raw_spin_lock+0x270/0x270
[ 2311.646968] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.647640] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.648169] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.648700] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.649240] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.649749] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.650429] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.650995] kthread+0x2a7/0x350
[ 2311.651355] ? kthread_complete_and_exit+0x20/0x20
[ 2311.651837] ret_from_fork+0x22/0x30
[ 2311.652243]
[ 2311.652666] The buggy address belongs to the physical page:
[ 2311.653283] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.654265] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.655001] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.655678] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.656486] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.657315] page dumped because: kasan: bad access detected
[ 2311.658041] Memory state around the buggy address:
[ 2311.658540] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.659283] ffff88802dbee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.660015] >ffff88802dbee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2311.660748] ^
[ 2311.661373] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.662123] ffff88802dbee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.662857] ==================================================================
[ 2311.663608] ==================================================================
[ 2311.664370] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.665267] Write of size 1 at addr ffff88802dbee0da by task kunit_try_catch/48121
[ 2311.666692] CPU: 0 PID: 48121 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.669132] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.670187] Call Trace:
[ 2311.670620]
[ 2311.671011] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.672037] dump_stack_lvl+0x57/0x81
[ 2311.672676] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.673661] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.674677] print_report.cold+0x5c/0x237
[ 2311.675367] kasan_report+0xc9/0x100
[ 2311.676014] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.677058] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2311.678048] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.678874] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.679631] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.680395] ? lock_acquire+0x4ea/0x620
[ 2311.681014] ? rcu_read_unlock+0x40/0x40
[ 2311.681651] ? rcu_read_unlock+0x40/0x40
[ 2311.682309] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.683065] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.683946] ? do_raw_spin_lock+0x270/0x270
[ 2311.684632] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.685622] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.686423] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.687252] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.688041] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.688842] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.689789] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.690585] kthread+0x2a7/0x350
[ 2311.691100] ? kthread_complete_and_exit+0x20/0x20
[ 2311.691817] ret_from_fork+0x22/0x30
[ 2311.692394]
[ 2311.693034] The buggy address belongs to the physical page:
[ 2311.693867] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.695241] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.696352] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.697375] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.698520] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.699666] page dumped because: kasan: bad access detected
[ 2311.700775] Memory state around the buggy address:
[ 2311.701482] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.702499] ffff88802dbee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.703521] >ffff88802dbee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2311.704547] ^
[ 2311.705406] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.706442] ffff88802dbee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.707462] ==================================================================
[ 2311.708511] ==================================================================
[ 2311.709544] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.710750] Write of size 1 at addr ffff88802dbee0ea by task kunit_try_catch/48121
[ 2311.711990] CPU: 0 PID: 48121 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.713785] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.714564] Call Trace:
[ 2311.714917]
[ 2311.715237] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.716050] dump_stack_lvl+0x57/0x81
[ 2311.716564] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.717373] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.718192] print_report.cold+0x5c/0x237
[ 2311.718741] kasan_report+0xc9/0x100
[ 2311.719242] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.720073] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2311.720768] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.721333] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.721815] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.722297] ? lock_acquire+0x4ea/0x620
[ 2311.722719] ? rcu_read_unlock+0x40/0x40
[ 2311.723144] ? rcu_read_unlock+0x40/0x40
[ 2311.723545] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.724080] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.724688] ? do_raw_spin_lock+0x270/0x270
[ 2311.725168] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.725820] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.726419] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.726973] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.727556] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.728171] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.728846] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.729435] kthread+0x2a7/0x350
[ 2311.729825] ? kthread_complete_and_exit+0x20/0x20
[ 2311.730480] ret_from_fork+0x22/0x30
[ 2311.730871]
[ 2311.731333] The buggy address belongs to the physical page:
[ 2311.732024] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.733037] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.733837] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.734647] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.735513] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.736363] page dumped because: kasan: bad access detected
[ 2311.737146] Memory state around the buggy address:
[ 2311.737708] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.738555] ffff88802dbee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.739372] >ffff88802dbee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2311.740211] ^
[ 2311.740947] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.741744] ffff88802dbee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.742566] ==================================================================
[ 2311.743371] ==================================================================
[ 2311.744212] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.745224] Write of size 1 at addr ffff88802dbee0eb by task kunit_try_catch/48121
[ 2311.746310] CPU: 0 PID: 48121 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.747759] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.748402] Call Trace:
[ 2311.748681]
[ 2311.748955] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.749607] dump_stack_lvl+0x57/0x81
[ 2311.750066] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.750727] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.751430] print_report.cold+0x5c/0x237
[ 2311.751856] kasan_report+0xc9/0x100
[ 2311.752304] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.752978] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2311.753641] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2311.754222] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.754752] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.755304] ? lock_acquire+0x4ea/0x620
[ 2311.755755] ? rcu_read_unlock+0x40/0x40
[ 2311.756562] ? rcu_read_unlock+0x40/0x40
[ 2311.757448] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.758673] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.760238] ? do_raw_spin_lock+0x270/0x270
[ 2311.761302] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2311.762712] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.763851] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.765001] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.766093] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.767230] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.768607] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.769773] kthread+0x2a7/0x350
[ 2311.770525] ? kthread_complete_and_exit+0x20/0x20
[ 2311.771618] ret_from_fork+0x22/0x30
[ 2311.772450]
[ 2311.773282] The buggy address belongs to the physical page:
[ 2311.774426] page:00000000cf8e0249 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbec
[ 2311.776326] head:00000000cf8e0249 order:2 compound_mapcount:0 compound_pincount:0
[ 2311.777846] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.779266] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2311.780837] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2311.782410] page dumped because: kasan: bad access detected
[ 2311.783875] Memory state around the buggy address:
[ 2311.784798] ffff88802dbedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.786152] ffff88802dbee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2311.787484] >ffff88802dbee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2311.788814] ^
[ 2311.790149] ffff88802dbee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.791503] ffff88802dbee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2311.792857] ==================================================================
[ 2311.794800] ok 13 - krealloc_pagealloc_less_oob
[ 2311.799895] ==================================================================
[ 2311.802107] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2311.803397] Read of size 1 at addr ffff888017829600 by task kunit_try_catch/48122
[ 2311.804881] CPU: 0 PID: 48122 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.807045] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.807986] Call Trace:
[ 2311.808406]
[ 2311.808783] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2311.809613] dump_stack_lvl+0x57/0x81
[ 2311.810232] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.811176] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2311.811997] print_report.cold+0x5c/0x237
[ 2311.812653] kasan_report+0xc9/0x100
[ 2311.813259] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2311.814054] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2311.814874] __kasan_check_byte+0x36/0x50
[ 2311.815554] krealloc+0x2e/0xe0
[ 2311.816104] krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2311.816906] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan]
[ 2311.817941] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.818668] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.819419] ? lock_acquire+0x4ea/0x620
[ 2311.820131] ? rcu_read_unlock+0x40/0x40
[ 2311.820739] ? rcu_read_unlock+0x40/0x40
[ 2311.821370] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.822107] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.822992] ? do_raw_spin_lock+0x270/0x270
[ 2311.823635] ? trace_hardirqs_on+0x2d/0x160
[ 2311.824311] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.825054] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.825796] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.826513] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.827282] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.828185] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.828945] kthread+0x2a7/0x350
[ 2311.829424] ? kthread_complete_and_exit+0x20/0x20
[ 2311.830139] ret_from_fork+0x22/0x30
[ 2311.830675]
[ 2311.831276] Allocated by task 48122:
[ 2311.831792] kasan_save_stack+0x1e/0x40
[ 2311.832370] __kasan_kmalloc+0x81/0xa0
[ 2311.832927] krealloc_uaf+0xaa/0x450 [test_kasan]
[ 2311.833622] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.834331] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.835185] kthread+0x2a7/0x350
[ 2311.835667] ret_from_fork+0x22/0x30
[ 2311.836419] Freed by task 48122:
[ 2311.836867] kasan_save_stack+0x1e/0x40
[ 2311.837442] kasan_set_track+0x21/0x30
[ 2311.837976] kasan_set_free_info+0x20/0x40
[ 2311.838551] __kasan_slab_free+0x108/0x170
[ 2311.839118] slab_free_freelist_hook+0x11d/0x1d0
[ 2311.839764] kfree+0xe2/0x3c0
[ 2311.840217] krealloc_uaf+0x147/0x450 [test_kasan]
[ 2311.840903] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.841568] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.842401] kthread+0x2a7/0x350
[ 2311.842863] ret_from_fork+0x22/0x30
[ 2311.843614] Last potentially related work creation:
[ 2311.844307] kasan_save_stack+0x1e/0x40
[ 2311.844733] __kasan_record_aux_stack+0x96/0xb0
[ 2311.845293] kvfree_call_rcu+0x7d/0x840
[ 2311.845733] dma_resv_reserve_fences+0x35d/0x680
[ 2311.846227] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2311.846777] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2311.847371] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2311.847869] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2311.848520] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2311.849237] process_one_work+0x8e5/0x1520
[ 2311.849696] worker_thread+0x59e/0xf90
[ 2311.850179] kthread+0x2a7/0x350
[ 2311.850543] ret_from_fork+0x22/0x30
[ 2311.851200] Second to last potentially related work creation:
[ 2311.851877] kasan_save_stack+0x1e/0x40
[ 2311.852324] __kasan_record_aux_stack+0x96/0xb0
[ 2311.852860] kvfree_call_rcu+0x7d/0x840
[ 2311.853311] dma_resv_reserve_fences+0x35d/0x680
[ 2311.853824] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2311.854413] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2311.854971] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2311.855473] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2311.856068] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2311.856727] process_one_work+0x8e5/0x1520
[ 2311.857175] worker_thread+0x59e/0xf90
[ 2311.857583] kthread+0x2a7/0x350
[ 2311.857939] ret_from_fork+0x22/0x30
[ 2311.858552] The buggy address belongs to the object at ffff888017829600
which belongs to the cache kmalloc-256 of size 256
[ 2311.859854] The buggy address is located 0 bytes inside of
256-byte region [ffff888017829600, ffff888017829700)
[ 2311.861229] The buggy address belongs to the physical page:
[ 2311.861828] page:000000005a82f954 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17829
[ 2311.862823] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.863550] raw: 000fffffc0000200 ffffea00005a6d40 dead000000000005 ffff888100041b40
[ 2311.864359] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.865143] page dumped because: kasan: bad access detected
[ 2311.866022] Memory state around the buggy address:
[ 2311.866617] ffff888017829500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.867454] ffff888017829580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.868369] >ffff888017829600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2311.869250] ^
[ 2311.869622] ffff888017829680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2311.870463] ffff888017829700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.871241] ==================================================================
[ 2311.872273] ==================================================================
[ 2311.873090] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2311.873952] Read of size 1 at addr ffff888017829600 by task kunit_try_catch/48122
[ 2311.875000] CPU: 0 PID: 48122 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.876544] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.877180] Call Trace:
[ 2311.877487]
[ 2311.877759] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2311.878311] dump_stack_lvl+0x57/0x81
[ 2311.878770] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.879511] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2311.880209] print_report.cold+0x5c/0x237
[ 2311.880653] kasan_report+0xc9/0x100
[ 2311.881075] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2311.881662] krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2311.882232] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan]
[ 2311.882984] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.883509] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.884037] ? lock_acquire+0x4ea/0x620
[ 2311.884505] ? rcu_read_unlock+0x40/0x40
[ 2311.884948] ? rcu_read_unlock+0x40/0x40
[ 2311.885389] ? rcu_read_lock_sched_held+0x12/0x80
[ 2311.885955] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.886594] ? do_raw_spin_lock+0x270/0x270
[ 2311.887092] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit]
[ 2311.887770] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.888369] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.888960] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.889541] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.890134] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.890847] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.891412] kthread+0x2a7/0x350
[ 2311.891811] ? kthread_complete_and_exit+0x20/0x20
[ 2311.892381] ret_from_fork+0x22/0x30
[ 2311.892794]
[ 2311.893320] Allocated by task 48122:
[ 2311.893749] kasan_save_stack+0x1e/0x40
[ 2311.894233] __kasan_kmalloc+0x81/0xa0
[ 2311.894641] krealloc_uaf+0xaa/0x450 [test_kasan]
[ 2311.895139] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.895690] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.896387] kthread+0x2a7/0x350
[ 2311.896757] ret_from_fork+0x22/0x30
[ 2311.897437] Freed by task 48122:
[ 2311.897797] kasan_save_stack+0x1e/0x40
[ 2311.898217] kasan_set_track+0x21/0x30
[ 2311.898599] kasan_set_free_info+0x20/0x40
[ 2311.899068] __kasan_slab_free+0x108/0x170
[ 2311.899525] slab_free_freelist_hook+0x11d/0x1d0
[ 2311.900036] kfree+0xe2/0x3c0
[ 2311.900419] krealloc_uaf+0x147/0x450 [test_kasan]
[ 2311.900980] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.901523] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.902185] kthread+0x2a7/0x350
[ 2311.902581] ret_from_fork+0x22/0x30
[ 2311.903177] Last potentially related work creation:
[ 2311.903711] kasan_save_stack+0x1e/0x40
[ 2311.904182] __kasan_record_aux_stack+0x96/0xb0
[ 2311.904679] kvfree_call_rcu+0x7d/0x840
[ 2311.905112] dma_resv_reserve_fences+0x35d/0x680
[ 2311.905652] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2311.906272] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2311.906825] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2311.907331] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2311.907954] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2311.908675] process_one_work+0x8e5/0x1520
[ 2311.909173] worker_thread+0x59e/0xf90
[ 2311.909640] kthread+0x2a7/0x350
[ 2311.910122] ret_from_fork+0x22/0x30
[ 2311.910735] Second to last potentially related work creation:
[ 2311.911452] kasan_save_stack+0x1e/0x40
[ 2311.911900] __kasan_record_aux_stack+0x96/0xb0
[ 2311.912420] kvfree_call_rcu+0x7d/0x840
[ 2311.912866] dma_resv_reserve_fences+0x35d/0x680
[ 2311.913431] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2311.913999] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2311.914583] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2311.915112] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2311.915722] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2311.916445] process_one_work+0x8e5/0x1520
[ 2311.916874] worker_thread+0x59e/0xf90
[ 2311.917353] kthread+0x2a7/0x350
[ 2311.917747] ret_from_fork+0x22/0x30
[ 2311.918399] The buggy address belongs to the object at ffff888017829600
which belongs to the cache kmalloc-256 of size 256
[ 2311.919702] The buggy address is located 0 bytes inside of
256-byte region [ffff888017829600, ffff888017829700)
[ 2311.921127] The buggy address belongs to the physical page:
[ 2311.921756] page:000000005a82f954 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17829
[ 2311.922779] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2311.923487] raw: 000fffffc0000200 ffffea00005a6d40 dead000000000005 ffff888100041b40
[ 2311.924864] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2311.926670] page dumped because: kasan: bad access detected
[ 2311.928418] Memory state around the buggy address:
[ 2311.929593] ffff888017829500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.931218] ffff888017829580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.932812] >ffff888017829600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2311.934410] ^
[ 2311.935165] ffff888017829680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2311.936723] ffff888017829700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2311.938199] ==================================================================
[ 2311.940376] ok 14 - krealloc_uaf
[ 2311.943021] ==================================================================
[ 2311.945304] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2311.946888] Write of size 16 at addr ffff8880053187e0 by task kunit_try_catch/48123
[ 2311.948684] CPU: 0 PID: 48123 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2311.951320] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2311.952418] Call Trace:
[ 2311.952932]
[ 2311.953371] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2311.954372] dump_stack_lvl+0x57/0x81
[ 2311.955114] print_address_description.constprop.0+0x1f/0x1e0
[ 2311.956223] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2311.957243] print_report.cold+0x5c/0x237
[ 2311.957979] kasan_report+0xc9/0x100
[ 2311.958643] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2311.959574] kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2311.960484] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan]
[ 2311.983978] ? do_raw_spin_trylock+0xb5/0x180
[ 2311.984690] ? do_raw_spin_lock+0x270/0x270
[ 2311.985383] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2311.986289] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2311.987099] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2311.987922] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.988692] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2311.989491] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.990414] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2311.991200] kthread+0x2a7/0x350
[ 2311.991710] ? kthread_complete_and_exit+0x20/0x20
[ 2311.992462] ret_from_fork+0x22/0x30
[ 2311.993026]
[ 2311.993648] Allocated by task 48123:
[ 2311.994202] kasan_save_stack+0x1e/0x40
[ 2311.994791] __kasan_kmalloc+0x81/0xa0
[ 2311.995364] kmalloc_oob_16+0xa4/0x3b0 [test_kasan]
[ 2311.996104] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2311.996843] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2311.997767] kthread+0x2a7/0x350
[ 2311.998288] ret_from_fork+0x22/0x30
[ 2311.999108] The buggy address belongs to the object at ffff8880053187e0
which belongs to the cache kmalloc-16 of size 16
[ 2312.000871] The buggy address is located 0 bytes inside of
16-byte region [ffff8880053187e0, ffff8880053187f0)
[ 2312.002705] The buggy address belongs to the physical page:
[ 2312.003488] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2312.004778] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.005741] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0
[ 2312.006820] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2312.007908] page dumped because: kasan: bad access detected
[ 2312.008935] Memory state around the buggy address:
[ 2312.009614] ffff888005318680: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[ 2312.010577] ffff888005318700: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2312.011541] >ffff888005318780: fa fb fc fc 00 00 fc fc fa fb fc fc 00 05 fc fc
[ 2312.012514] ^
[ 2312.013394] ffff888005318800: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2312.014354] ffff888005318880: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 2312.015314] ==================================================================
[ 2312.017008] ok 15 - kmalloc_oob_16
[ 2312.020889] ==================================================================
[ 2312.021919] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2312.022600] Read of size 16 at addr ffff88802f5912a0 by task kunit_try_catch/48124
[ 2312.023448] CPU: 0 PID: 48124 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.024716] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.025271] Call Trace:
[ 2312.025509]
[ 2312.025719] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2312.026200] dump_stack_lvl+0x57/0x81
[ 2312.026547] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.027079] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2312.027580] print_report.cold+0x5c/0x237
[ 2312.027980] kasan_report+0xc9/0x100
[ 2312.028320] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2312.028793] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2312.029257] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan]
[ 2312.029709] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.030239] ? do_raw_spin_lock+0x270/0x270
[ 2312.030632] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.031147] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.031605] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.032076] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.032530] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.033017] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.033575] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.034051] kthread+0x2a7/0x350
[ 2312.034363] ? kthread_complete_and_exit+0x20/0x20
[ 2312.034805] ret_from_fork+0x22/0x30
[ 2312.035177]
[ 2312.035568] Allocated by task 48124:
[ 2312.035921] kasan_save_stack+0x1e/0x40
[ 2312.036303] __kasan_kmalloc+0x81/0xa0
[ 2312.036655] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan]
[ 2312.037116] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.037565] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.038131] kthread+0x2a7/0x350
[ 2312.038437] ret_from_fork+0x22/0x30
[ 2312.038987] Freed by task 48124:
[ 2312.039330] kasan_save_stack+0x1e/0x40
[ 2312.039703] kasan_set_track+0x21/0x30
[ 2312.040056] kasan_set_free_info+0x20/0x40
[ 2312.040433] __kasan_slab_free+0x108/0x170
[ 2312.040810] slab_free_freelist_hook+0x11d/0x1d0
[ 2312.041241] kfree+0xe2/0x3c0
[ 2312.041526] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan]
[ 2312.041985] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.042462] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.043063] kthread+0x2a7/0x350
[ 2312.043396] ret_from_fork+0x22/0x30
[ 2312.043987] The buggy address belongs to the object at ffff88802f5912a0
which belongs to the cache kmalloc-16 of size 16
[ 2312.045150] The buggy address is located 0 bytes inside of
16-byte region [ffff88802f5912a0, ffff88802f5912b0)
[ 2312.046352] The buggy address belongs to the physical page:
[ 2312.046853] page:0000000071c6d3ba refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f591
[ 2312.047733] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.048358] raw: 000fffffc0000200 ffffea0000b72a80 dead000000000002 ffff8881000413c0
[ 2312.049056] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2312.049767] page dumped because: kasan: bad access detected
[ 2312.050459] Memory state around the buggy address:
[ 2312.050917] ffff88802f591180: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2312.051570] ffff88802f591200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2312.052246] >ffff88802f591280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2312.052923] ^
[ 2312.053319] ffff88802f591300: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 2312.053972] ffff88802f591380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2312.054624] ==================================================================
[ 2312.055761] ok 16 - kmalloc_uaf_16
[ 2312.057833] ==================================================================
[ 2312.058957] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2312.059745] Write of size 128 at addr ffff88801a5a0800 by task kunit_try_catch/48125
[ 2312.060755] CPU: 0 PID: 48125 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.062040] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.062593] Call Trace:
[ 2312.062837]
[ 2312.063078] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2312.063627] dump_stack_lvl+0x57/0x81
[ 2312.064016] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.064567] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2312.065131] print_report.cold+0x5c/0x237
[ 2312.065533] kasan_report+0xc9/0x100
[ 2312.065921] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2312.066468] kasan_check_range+0xfd/0x1e0
[ 2312.066843] memset+0x20/0x50
[ 2312.067135] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2312.067674] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan]
[ 2312.068239] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.068683] ? do_raw_spin_lock+0x270/0x270
[ 2312.069107] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.069616] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.070080] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.070593] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.071051] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.071520] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.072090] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.072565] kthread+0x2a7/0x350
[ 2312.072874] ? kthread_complete_and_exit+0x20/0x20
[ 2312.073351] ret_from_fork+0x22/0x30
[ 2312.073712]
[ 2312.074088] Allocated by task 48125:
[ 2312.074422] kasan_save_stack+0x1e/0x40
[ 2312.074796] __kasan_kmalloc+0x81/0xa0
[ 2312.075202] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan]
[ 2312.075723] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.076183] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.076754] kthread+0x2a7/0x350
[ 2312.077092] ret_from_fork+0x22/0x30
[ 2312.077672] The buggy address belongs to the object at ffff88801a5a0800
which belongs to the cache kmalloc-128 of size 128
[ 2312.078799] The buggy address is located 0 bytes inside of
128-byte region [ffff88801a5a0800, ffff88801a5a0880)
[ 2312.079983] The buggy address belongs to the physical page:
[ 2312.080484] page:00000000f15e5ea6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a5a0
[ 2312.081364] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.081993] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2312.082684] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2312.083379] page dumped because: kasan: bad access detected
[ 2312.084053] Memory state around the buggy address:
[ 2312.084491] ffff88801a5a0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.085149] ffff88801a5a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.085799] >ffff88801a5a0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2312.086492] ^
[ 2312.087141] ffff88801a5a0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.087791] ffff88801a5a0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2312.088451] ==================================================================
[ 2312.089209] ok 17 - kmalloc_oob_in_memset
[ 2312.090818] ==================================================================
[ 2312.091948] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2312.092758] Write of size 2 at addr ffff88801a5a0377 by task kunit_try_catch/48126
[ 2312.093669] CPU: 0 PID: 48126 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.094881] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.095439] Call Trace:
[ 2312.095683]
[ 2312.095899] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2312.096470] dump_stack_lvl+0x57/0x81
[ 2312.096819] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.097360] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2312.097886] print_report.cold+0x5c/0x237
[ 2312.098270] kasan_report+0xc9/0x100
[ 2312.098635] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2312.099182] kasan_check_range+0xfd/0x1e0
[ 2312.099557] memset+0x20/0x50
[ 2312.099845] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2312.100354] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan]
[ 2312.100907] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.101335] ? do_raw_spin_lock+0x270/0x270
[ 2312.101726] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.102243] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.102703] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.103233] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.103727] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.104206] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.104762] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.105268] kthread+0x2a7/0x350
[ 2312.105597] ? kthread_complete_and_exit+0x20/0x20
[ 2312.106051] ret_from_fork+0x22/0x30
[ 2312.106395]
[ 2312.106771] Allocated by task 48126:
[ 2312.107112] kasan_save_stack+0x1e/0x40
[ 2312.107471] __kasan_kmalloc+0x81/0xa0
[ 2312.107821] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan]
[ 2312.108323] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.108792] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.109380] kthread+0x2a7/0x350
[ 2312.109690] ret_from_fork+0x22/0x30
[ 2312.110187] Last potentially related work creation:
[ 2312.110632] kasan_save_stack+0x1e/0x40
[ 2312.110994] __kasan_record_aux_stack+0x96/0xb0
[ 2312.111415] kvfree_call_rcu+0x7d/0x840
[ 2312.111773] dma_resv_reserve_fences+0x35d/0x680
[ 2312.112207] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2312.112686] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2312.113168] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2312.113605] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2312.114130] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2312.114721] process_one_work+0x8e5/0x1520
[ 2312.115121] worker_thread+0x59e/0xf90
[ 2312.115470] kthread+0x2a7/0x350
[ 2312.115778] ret_from_fork+0x22/0x30
[ 2312.116278] The buggy address belongs to the object at ffff88801a5a0300
which belongs to the cache kmalloc-128 of size 128
[ 2312.117379] The buggy address is located 119 bytes inside of
128-byte region [ffff88801a5a0300, ffff88801a5a0380)
[ 2312.118601] The buggy address belongs to the physical page:
[ 2312.119129] page:00000000f15e5ea6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a5a0
[ 2312.119972] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.121797] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2312.123721] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2312.125648] page dumped because: kasan: bad access detected
[ 2312.127449] Memory state around the buggy address:
[ 2312.128660] ffff88801a5a0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.130436] ffff88801a5a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.132195] >ffff88801a5a0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2312.133872] ^
[ 2312.135511] ffff88801a5a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.137182] ffff88801a5a0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.138824] ==================================================================
[ 2312.140719] ok 18 - kmalloc_oob_memset_2
[ 2312.142943] ==================================================================
[ 2312.145433] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2312.147218] Write of size 4 at addr ffff88801a5a0275 by task kunit_try_catch/48127
[ 2312.149198] CPU: 0 PID: 48127 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.152123] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.153335] Call Trace:
[ 2312.153866]
[ 2312.154351] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2312.155506] dump_stack_lvl+0x57/0x81
[ 2312.156310] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.157503] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2312.158675] print_report.cold+0x5c/0x237
[ 2312.159521] kasan_report+0xc9/0x100
[ 2312.160259] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2312.161401] kasan_check_range+0xfd/0x1e0
[ 2312.162252] memset+0x20/0x50
[ 2312.162885] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2312.164000] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan]
[ 2312.165057] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.165933] ? do_raw_spin_lock+0x270/0x270
[ 2312.166755] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.167961] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.168923] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.169927] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.170843] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.171781] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.172952] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.173933] kthread+0x2a7/0x350
[ 2312.174545] ? kthread_complete_and_exit+0x20/0x20
[ 2312.175413] ret_from_fork+0x22/0x30
[ 2312.176083]
[ 2312.176805] Allocated by task 48127:
[ 2312.177476] kasan_save_stack+0x1e/0x40
[ 2312.178182] __kasan_kmalloc+0x81/0xa0
[ 2312.178884] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan]
[ 2312.179871] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.180826] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.181952] kthread+0x2a7/0x350
[ 2312.182539] ret_from_fork+0x22/0x30
[ 2312.183522] The buggy address belongs to the object at ffff88801a5a0200
which belongs to the cache kmalloc-128 of size 128
[ 2312.185587] The buggy address is located 117 bytes inside of
128-byte region [ffff88801a5a0200, ffff88801a5a0280)
[ 2312.187782] The buggy address belongs to the physical page:
[ 2312.188697] page:00000000f15e5ea6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a5a0
[ 2312.190232] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.191342] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2312.192586] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2312.193854] page dumped because: kasan: bad access detected
[ 2312.195048] Memory state around the buggy address:
[ 2312.195805] ffff88801a5a0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.196989] ffff88801a5a0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.198120] >ffff88801a5a0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2312.199278] ^
[ 2312.200409] ffff88801a5a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.201556] ffff88801a5a0300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.202662] ==================================================================
[ 2312.204398] ok 19 - kmalloc_oob_memset_4
[ 2312.206917] ==================================================================
[ 2312.208615] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2312.209844] Write of size 8 at addr ffff88801a5a0a71 by task kunit_try_catch/48128
[ 2312.211290] CPU: 0 PID: 48128 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.213301] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.214161] Call Trace:
[ 2312.214538]
[ 2312.214900] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2312.215764] dump_stack_lvl+0x57/0x81
[ 2312.216344] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.217017] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2312.217715] print_report.cold+0x5c/0x237
[ 2312.218254] kasan_report+0xc9/0x100
[ 2312.218691] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2312.219376] kasan_check_range+0xfd/0x1e0
[ 2312.219824] memset+0x20/0x50
[ 2312.220220] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2312.220867] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan]
[ 2312.221552] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.222093] ? do_raw_spin_lock+0x270/0x270
[ 2312.222571] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.223247] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.223806] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.224499] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.225099] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.225710] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.226508] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.227182] kthread+0x2a7/0x350
[ 2312.227606] ? kthread_complete_and_exit+0x20/0x20
[ 2312.228177] ret_from_fork+0x22/0x30
[ 2312.228645]
[ 2312.229176] Allocated by task 48128:
[ 2312.229630] kasan_save_stack+0x1e/0x40
[ 2312.230099] __kasan_kmalloc+0x81/0xa0
[ 2312.230549] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan]
[ 2312.231368] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.232035] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.232875] kthread+0x2a7/0x350
[ 2312.233332] ret_from_fork+0x22/0x30
[ 2312.234129] Last potentially related work creation:
[ 2312.234729] kasan_save_stack+0x1e/0x40
[ 2312.235195] __kasan_record_aux_stack+0x96/0xb0
[ 2312.235763] kvfree_call_rcu+0x7d/0x840
[ 2312.236270] dma_resv_reserve_fences+0x35d/0x680
[ 2312.236834] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2312.237503] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2312.238119] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2312.238686] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2312.239426] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2312.240326] process_one_work+0x8e5/0x1520
[ 2312.240822] worker_thread+0x59e/0xf90
[ 2312.241367] kthread+0x2a7/0x350
[ 2312.241799] ret_from_fork+0x22/0x30
[ 2312.242472] The buggy address belongs to the object at ffff88801a5a0a00
which belongs to the cache kmalloc-128 of size 128
[ 2312.244015] The buggy address is located 113 bytes inside of
128-byte region [ffff88801a5a0a00, ffff88801a5a0a80)
[ 2312.245706] The buggy address belongs to the physical page:
[ 2312.246418] page:00000000f15e5ea6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a5a0
[ 2312.247595] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.248463] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2312.249350] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2312.250268] page dumped because: kasan: bad access detected
[ 2312.251113] Memory state around the buggy address:
[ 2312.251663] ffff88801a5a0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2312.252576] ffff88801a5a0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.253425] >ffff88801a5a0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2312.254365] ^
[ 2312.255218] ffff88801a5a0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.256114] ffff88801a5a0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.257023] ==================================================================
[ 2312.260126] ok 20 - kmalloc_oob_memset_8
[ 2312.265674] ==================================================================
[ 2312.267275] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2312.268374] Write of size 16 at addr ffff88801a5a0769 by task kunit_try_catch/48129
[ 2312.269605] CPU: 0 PID: 48129 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.271305] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.271986] Call Trace:
[ 2312.272310]
[ 2312.272552] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2312.273239] dump_stack_lvl+0x57/0x81
[ 2312.273724] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.274463] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2312.275106] print_report.cold+0x5c/0x237
[ 2312.275570] kasan_report+0xc9/0x100
[ 2312.276026] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2312.276708] kasan_check_range+0xfd/0x1e0
[ 2312.277202] memset+0x20/0x50
[ 2312.277555] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2312.278237] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan]
[ 2312.278939] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.279466] ? do_raw_spin_lock+0x270/0x270
[ 2312.279963] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.280680] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.281311] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.281899] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.282496] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.283118] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.283865] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.284509] kthread+0x2a7/0x350
[ 2312.284896] ? kthread_complete_and_exit+0x20/0x20
[ 2312.285519] ret_from_fork+0x22/0x30
[ 2312.286060]
[ 2312.286567] Allocated by task 48129:
[ 2312.287028] kasan_save_stack+0x1e/0x40
[ 2312.287525] __kasan_kmalloc+0x81/0xa0
[ 2312.288029] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan]
[ 2312.288686] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.289275] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.289980] kthread+0x2a7/0x350
[ 2312.290416] ret_from_fork+0x22/0x30
[ 2312.291080] The buggy address belongs to the object at ffff88801a5a0700
which belongs to the cache kmalloc-128 of size 128
[ 2312.292530] The buggy address is located 105 bytes inside of
128-byte region [ffff88801a5a0700, ffff88801a5a0780)
[ 2312.294153] The buggy address belongs to the physical page:
[ 2312.294805] page:00000000f15e5ea6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a5a0
[ 2312.296016] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.296854] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2312.297750] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2312.298731] page dumped because: kasan: bad access detected
[ 2312.299594] Memory state around the buggy address:
[ 2312.300245] ffff88801a5a0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.301143] ffff88801a5a0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.301956] >ffff88801a5a0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2312.302718] ^
[ 2312.303550] ffff88801a5a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.304392] ffff88801a5a0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2312.305191] ==================================================================
[ 2312.306884] ok 21 - kmalloc_oob_memset_16
[ 2312.308879] ==================================================================
[ 2312.310376] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2312.311386] Read of size 18446744073709551614 at addr ffff888004102184 by task kunit_try_catch/48130
[ 2312.312704] CPU: 0 PID: 48130 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.314309] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.315044] Call Trace:
[ 2312.315360]
[ 2312.315616] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2312.316378] dump_stack_lvl+0x57/0x81
[ 2312.316816] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.317500] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2312.318202] print_report.cold+0x5c/0x237
[ 2312.318657] kasan_report+0xc9/0x100
[ 2312.319069] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2312.319873] kasan_check_range+0xfd/0x1e0
[ 2312.320345] memmove+0x20/0x60
[ 2312.320697] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2312.321421] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan]
[ 2312.322151] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.322632] ? do_raw_spin_lock+0x270/0x270
[ 2312.323104] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.323791] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.324363] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.324952] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.325493] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.326100] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.326853] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.327461] kthread+0x2a7/0x350
[ 2312.327849] ? kthread_complete_and_exit+0x20/0x20
[ 2312.328490] ret_from_fork+0x22/0x30
[ 2312.328952]
[ 2312.329423] Allocated by task 48130:
[ 2312.329807] kasan_save_stack+0x1e/0x40
[ 2312.330307] __kasan_kmalloc+0x81/0xa0
[ 2312.330833] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan]
[ 2312.331587] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.332248] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.333007] kthread+0x2a7/0x350
[ 2312.333384] ret_from_fork+0x22/0x30
[ 2312.334080] The buggy address belongs to the object at ffff888004102180
which belongs to the cache kmalloc-64 of size 64
[ 2312.335513] The buggy address is located 4 bytes inside of
64-byte region [ffff888004102180, ffff8880041021c0)
[ 2312.336982] The buggy address belongs to the physical page:
[ 2312.337629] page:000000008b450fff refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4102
[ 2312.338607] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.339377] raw: 000fffffc0000200 ffffea0000149400 dead000000000002 ffff888100041640
[ 2312.340353] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2312.341176] page dumped because: kasan: bad access detected
[ 2312.341994] Memory state around the buggy address:
[ 2312.342554] ffff888004102080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.343354] ffff888004102100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.344186] >ffff888004102180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2312.345017] ^
[ 2312.345394] ffff888004102200: 00 00 00 00 00 02 fc fc fc fc fc fc fc fc fc fc
[ 2312.346161] ffff888004102280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.346976] ==================================================================
[ 2312.348212] ok 22 - kmalloc_memmove_negative_size
[ 2312.349981] ==================================================================
[ 2312.351355] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2312.352384] Read of size 64 at addr ffff888004102c04 by task kunit_try_catch/48131
[ 2312.353387] CPU: 0 PID: 48131 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.354882] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.355544] Call Trace:
[ 2312.355828]
[ 2312.356094] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2312.356795] dump_stack_lvl+0x57/0x81
[ 2312.357258] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.357875] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2312.358584] print_report.cold+0x5c/0x237
[ 2312.359050] kasan_report+0xc9/0x100
[ 2312.359463] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2312.360322] kasan_check_range+0xfd/0x1e0
[ 2312.360731] memmove+0x20/0x60
[ 2312.361149] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2312.361954] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan]
[ 2312.362637] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.363180] ? do_raw_spin_lock+0x270/0x270
[ 2312.363703] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.364390] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.364971] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.365555] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.366114] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.366762] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.367376] kthread+0x2a7/0x350
[ 2312.367780] ? kthread_complete_and_exit+0x20/0x20
[ 2312.368339] ret_from_fork+0x22/0x30
[ 2312.368736]
[ 2312.369190] Allocated by task 48131:
[ 2312.369637] kasan_save_stack+0x1e/0x40
[ 2312.370113] __kasan_kmalloc+0x81/0xa0
[ 2312.370511] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan]
[ 2312.371168] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.371740] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.372496] kthread+0x2a7/0x350
[ 2312.372859] ret_from_fork+0x22/0x30
[ 2312.373481] The buggy address belongs to the object at ffff888004102c00
which belongs to the cache kmalloc-64 of size 64
[ 2312.374789] The buggy address is located 4 bytes inside of
64-byte region [ffff888004102c00, ffff888004102c40)
[ 2312.376173] The buggy address belongs to the physical page:
[ 2312.376821] page:000000008b450fff refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4102
[ 2312.377870] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.378644] raw: 000fffffc0000200 ffffea0000149400 dead000000000002 ffff888100041640
[ 2312.379572] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2312.380476] page dumped because: kasan: bad access detected
[ 2312.381335] Memory state around the buggy address:
[ 2312.381881] ffff888004102b00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.382664] ffff888004102b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.383496] >ffff888004102c00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2312.384279] ^
[ 2312.384891] ffff888004102c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.385721] ffff888004102d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.386540] ==================================================================
[ 2312.387701] ok 23 - kmalloc_memmove_invalid_size
[ 2312.390572] ==================================================================
[ 2312.391932] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2312.392757] Read of size 1 at addr ffff88802dcaad08 by task kunit_try_catch/48132
[ 2312.393781] CPU: 0 PID: 48132 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.395308] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.395999] Call Trace:
[ 2312.396290]
[ 2312.396526] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2312.397110] dump_stack_lvl+0x57/0x81
[ 2312.397587] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.398332] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2312.398843] print_report.cold+0x5c/0x237
[ 2312.399328] kasan_report+0xc9/0x100
[ 2312.399720] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2312.400277] kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2312.400872] ? kmalloc_uaf2+0x430/0x430 [test_kasan]
[ 2312.401466] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.401959] ? do_raw_spin_lock+0x270/0x270
[ 2312.402437] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.403052] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.403701] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.404216] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.404746] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.405457] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.406053] kthread+0x2a7/0x350
[ 2312.406441] ? kthread_complete_and_exit+0x20/0x20
[ 2312.406999] ret_from_fork+0x22/0x30
[ 2312.407445]
[ 2312.407867] Allocated by task 48132:
[ 2312.408294] kasan_save_stack+0x1e/0x40
[ 2312.408701] __kasan_kmalloc+0x81/0xa0
[ 2312.409141] kmalloc_uaf+0x98/0x2b0 [test_kasan]
[ 2312.409661] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.410224] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.410963] kthread+0x2a7/0x350
[ 2312.411324] ret_from_fork+0x22/0x30
[ 2312.411893] Freed by task 48132:
[ 2312.412288] kasan_save_stack+0x1e/0x40
[ 2312.412732] kasan_set_track+0x21/0x30
[ 2312.413230] kasan_set_free_info+0x20/0x40
[ 2312.413677] __kasan_slab_free+0x108/0x170
[ 2312.414160] slab_free_freelist_hook+0x11d/0x1d0
[ 2312.414676] kfree+0xe2/0x3c0
[ 2312.415024] kmalloc_uaf+0x12b/0x2b0 [test_kasan]
[ 2312.415577] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.416161] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.416836] kthread+0x2a7/0x350
[ 2312.417266] ret_from_fork+0x22/0x30
[ 2312.417933] The buggy address belongs to the object at ffff88802dcaad00
which belongs to the cache kmalloc-16 of size 16
[ 2312.419320] The buggy address is located 8 bytes inside of
16-byte region [ffff88802dcaad00, ffff88802dcaad10)
[ 2312.420772] The buggy address belongs to the physical page:
[ 2312.421439] page:00000000ea62dabb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dcaa
[ 2312.422424] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.423177] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0
[ 2312.424039] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2312.424846] page dumped because: kasan: bad access detected
[ 2312.425668] Memory state around the buggy address:
[ 2312.426240] ffff88802dcaac00: 00 00 fc fc fb fb fc fc 00 00 fc fc 00 00 fc fc
[ 2312.427053] ffff88802dcaac80: fa fb fc fc fa fb fc fc 00 00 fc fc fb fb fc fc
[ 2312.427862] >ffff88802dcaad00: fa fb fc fc fb fb fc fc fb fb fc fc 00 00 fc fc
[ 2312.428695] ^
[ 2312.429094] ffff88802dcaad80: 00 00 fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 2312.429917] ffff88802dcaae00: 00 00 fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 2312.430776] ==================================================================
[ 2312.432124] ok 24 - kmalloc_uaf
[ 2312.433962] ==================================================================
[ 2312.435264] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2312.436158] Write of size 33 at addr ffff888004102a00 by task kunit_try_catch/48133
[ 2312.437262] CPU: 0 PID: 48133 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.438769] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.439443] Call Trace:
[ 2312.439752]
[ 2312.440003] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2312.440610] dump_stack_lvl+0x57/0x81
[ 2312.441024] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.441692] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2312.442344] print_report.cold+0x5c/0x237
[ 2312.442807] kasan_report+0xc9/0x100
[ 2312.443223] ? kmalloc_uaf_memset+0xc1/0x280 [test_kasan]
[ 2312.443846] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2312.444477] kasan_check_range+0xfd/0x1e0
[ 2312.444930] memset+0x20/0x50
[ 2312.445257] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2312.445846] ? kmem_cache_accounted+0x170/0x170 [test_kasan]
[ 2312.446528] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.447016] ? do_raw_spin_lock+0x270/0x270
[ 2312.447478] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.448123] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.448736] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.449308] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.449844] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.450618] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.451230] kthread+0x2a7/0x350
[ 2312.451643] ? kthread_complete_and_exit+0x20/0x20
[ 2312.452241] ret_from_fork+0x22/0x30
[ 2312.452635]
[ 2312.453084] Allocated by task 48133:
[ 2312.453540] kasan_save_stack+0x1e/0x40
[ 2312.454032] __kasan_kmalloc+0x81/0xa0
[ 2312.454454] kmalloc_uaf_memset+0x9a/0x280 [test_kasan]
[ 2312.455024] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.455611] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.456346] kthread+0x2a7/0x350
[ 2312.456725] ret_from_fork+0x22/0x30
[ 2312.457389] Freed by task 48133:
[ 2312.457792] kasan_save_stack+0x1e/0x40
[ 2312.458317] kasan_set_track+0x21/0x30
[ 2312.458753] kasan_set_free_info+0x20/0x40
[ 2312.459242] __kasan_slab_free+0x108/0x170
[ 2312.459671] slab_free_freelist_hook+0x11d/0x1d0
[ 2312.460186] kfree+0xe2/0x3c0
[ 2312.460543] kmalloc_uaf_memset+0x137/0x280 [test_kasan]
[ 2312.461168] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.461738] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.462422] kthread+0x2a7/0x350
[ 2312.462806] ret_from_fork+0x22/0x30
[ 2312.463455] The buggy address belongs to the object at ffff888004102a00
which belongs to the cache kmalloc-64 of size 64
[ 2312.464964] The buggy address is located 0 bytes inside of
64-byte region [ffff888004102a00, ffff888004102a40)
[ 2312.466574] The buggy address belongs to the physical page:
[ 2312.467294] page:000000008b450fff refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4102
[ 2312.468376] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.469279] raw: 000fffffc0000200 ffffea0000149400 dead000000000002 ffff888100041640
[ 2312.470272] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2312.471094] page dumped because: kasan: bad access detected
[ 2312.471892] Memory state around the buggy address:
[ 2312.472444] ffff888004102900: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc
[ 2312.473321] ffff888004102980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.474144] >ffff888004102a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.474921] ^
[ 2312.475312] ffff888004102a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2312.476134] ffff888004102b00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.476934] ==================================================================
[ 2312.480366] ok 25 - kmalloc_uaf_memset
[ 2312.481865] ==================================================================
[ 2312.483115] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2312.483877] Read of size 1 at addr ffff888005250ca8 by task kunit_try_catch/48134
[ 2312.484880] CPU: 0 PID: 48134 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.486398] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.487088] Call Trace:
[ 2312.487409]
[ 2312.487677] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2312.488299] dump_stack_lvl+0x57/0x81
[ 2312.488712] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.489379] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2312.489899] print_report.cold+0x5c/0x237
[ 2312.490336] kasan_report+0xc9/0x100
[ 2312.490743] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2312.491330] kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2312.491852] ? kfree_via_page+0x290/0x290 [test_kasan]
[ 2312.492466] ? rcu_read_lock_sched_held+0x12/0x80
[ 2312.493029] ? lock_acquire+0x4ea/0x620
[ 2312.493474] ? rcu_read_unlock+0x40/0x40
[ 2312.493993] ? rcu_read_unlock+0x40/0x40
[ 2312.495301] ? rcu_read_lock_sched_held+0x12/0x80
[ 2312.496532] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.497930] ? do_raw_spin_lock+0x270/0x270
[ 2312.498948] ? trace_hardirqs_on+0x2d/0x160
[ 2312.499989] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2312.501206] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.502453] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.503672] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.504917] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.506321] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.507477] kthread+0x2a7/0x350
[ 2312.508244] ? kthread_complete_and_exit+0x20/0x20
[ 2312.509327] ret_from_fork+0x22/0x30
[ 2312.510193]
[ 2312.510649] Allocated by task 48134:
[ 2312.511072] kasan_save_stack+0x1e/0x40
[ 2312.511541] __kasan_kmalloc+0x81/0xa0
[ 2312.511945] kmalloc_uaf2+0xad/0x430 [test_kasan]
[ 2312.512506] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.513120] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.513789] kthread+0x2a7/0x350
[ 2312.514165] ret_from_fork+0x22/0x30
[ 2312.514725] Freed by task 48134:
[ 2312.515116] kasan_save_stack+0x1e/0x40
[ 2312.515544] kasan_set_track+0x21/0x30
[ 2312.515991] kasan_set_free_info+0x20/0x40
[ 2312.516426] __kasan_slab_free+0x108/0x170
[ 2312.516839] slab_free_freelist_hook+0x11d/0x1d0
[ 2312.517421] kfree+0xe2/0x3c0
[ 2312.517756] kmalloc_uaf2+0x144/0x430 [test_kasan]
[ 2312.518292] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.518781] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.519452] kthread+0x2a7/0x350
[ 2312.519800] ret_from_fork+0x22/0x30
[ 2312.520404] The buggy address belongs to the object at ffff888005250c80
which belongs to the cache kmalloc-64 of size 64
[ 2312.521597] The buggy address is located 40 bytes inside of
64-byte region [ffff888005250c80, ffff888005250cc0)
[ 2312.523060] The buggy address belongs to the physical page:
[ 2312.523632] page:00000000751318ce refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5250
[ 2312.524626] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.525352] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888100041640
[ 2312.526136] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2312.527047] page dumped because: kasan: bad access detected
[ 2312.527838] Memory state around the buggy address:
[ 2312.528367] ffff888005250b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.529106] ffff888005250c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.529833] >ffff888005250c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2312.530589] ^
[ 2312.531093] ffff888005250d00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 2312.532003] ffff888005250d80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 2312.532947] ==================================================================
[ 2312.534374] ok 26 - kmalloc_uaf2
[ 2312.539164] ok 27 - kfree_via_page
[ 2312.541191] ok 28 - kfree_via_phys
[ 2312.542680] ==================================================================
[ 2312.543927] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2312.544816] Read of size 1 at addr ffff88800276de30 by task kunit_try_catch/48137
[ 2312.545913] CPU: 0 PID: 48137 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2312.547434] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2312.548048] Call Trace:
[ 2312.548320]
[ 2312.548564] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2312.549112] dump_stack_lvl+0x57/0x81
[ 2312.549524] print_address_description.constprop.0+0x1f/0x1e0
[ 2312.550115] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2312.550643] print_report.cold+0x5c/0x237
[ 2312.551089] kasan_report+0xc9/0x100
[ 2312.551497] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2312.552126] kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2312.552666] ? kmem_cache_double_free+0x280/0x280 [test_kasan]
[ 2312.553304] ? do_raw_spin_trylock+0xb5/0x180
[ 2312.553828] ? do_raw_spin_lock+0x270/0x270
[ 2312.554297] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2312.554861] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2312.555455] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.556003] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2312.556550] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.557236] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2312.557787] kthread+0x2a7/0x350
[ 2312.558164] ? kthread_complete_and_exit+0x20/0x20
[ 2312.558708] ret_from_fork+0x22/0x30
[ 2312.559098]
[ 2312.559509] Allocated by task 48137:
[ 2312.559874] kasan_save_stack+0x1e/0x40
[ 2312.560324] __kasan_slab_alloc+0x66/0x80
[ 2312.560762] kmem_cache_alloc+0x161/0x310
[ 2312.561237] kmem_cache_oob+0x121/0x2e0 [test_kasan]
[ 2312.561747] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2312.562301] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2312.562965] kthread+0x2a7/0x350
[ 2312.563360] ret_from_fork+0x22/0x30
[ 2312.563918] The buggy address belongs to the object at ffff88800276dd68
which belongs to the cache test_cache of size 200
[ 2312.565205] The buggy address is located 0 bytes to the right of
200-byte region [ffff88800276dd68, ffff88800276de30)
[ 2312.566892] The buggy address belongs to the physical page:
[ 2312.567599] page:00000000538f7574 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x276d
[ 2312.568720] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2312.569542] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888106696000
[ 2312.570455] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 2312.571318] page dumped because: kasan: bad access detected
[ 2312.572159] Memory state around the buggy address:
[ 2312.572675] ffff88800276dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00
[ 2312.573488] ffff88800276dd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2312.574328] >ffff88800276de00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 2312.575091] ^
[ 2312.575639] ffff88800276de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.576484] ffff88800276df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2312.577405] ==================================================================
[ 2312.652981] ok 29 - kmem_cache_oob
[ 2313.195076] ok 30 - kmem_cache_accounted
[ 2313.203075] ok 31 - kmem_cache_bulk
[ 2313.205797] ==================================================================
[ 2313.206924] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2313.207837] Read of size 1 at addr ffffffffc195690d by task kunit_try_catch/48140
[ 2313.208826] CPU: 0 PID: 48140 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.210158] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.210709] Call Trace:
[ 2313.210997]
[ 2313.211251] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2313.211798] dump_stack_lvl+0x57/0x81
[ 2313.212251] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.212793] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2313.213422] print_report.cold+0x5c/0x237
[ 2313.213789] kasan_report+0xc9/0x100
[ 2313.214220] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2313.214791] kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2313.215388] ? kasan_stack_oob+0x200/0x200 [test_kasan]
[ 2313.215870] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.216355] ? do_raw_spin_lock+0x270/0x270
[ 2313.216739] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.217356] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.217815] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.218320] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.218778] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.219391] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.219857] kthread+0x2a7/0x350
[ 2313.220229] ? kthread_complete_and_exit+0x20/0x20
[ 2313.220713] ret_from_fork+0x22/0x30
[ 2313.221107]
[ 2313.221497] The buggy address belongs to the variable:
[ 2313.221982] global_array+0xd/0xfffffffffffe5700 [test_kasan]
[ 2313.222734] Memory state around the buggy address:
[ 2313.223223] ffffffffc1956800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.223860] ffffffffc1956880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.224554] >ffffffffc1956900: 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
[ 2313.225254] ^
[ 2313.225576] ffffffffc1956980: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9
[ 2313.226320] ffffffffc1956a00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[ 2313.226986] ==================================================================
[ 2313.227763] ok 32 - kasan_global_oob_right
[ 2313.232845] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y
[ 2313.234780] ==================================================================
[ 2313.236157] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2313.236919] Read of size 1 at addr ffffc90001577e7a by task kunit_try_catch/48142
[ 2313.237758] CPU: 0 PID: 48142 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.239003] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.239533] Call Trace:
[ 2313.239791]
[ 2313.240017] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2313.240504] dump_stack_lvl+0x57/0x81
[ 2313.240845] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.241366] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2313.241895] print_report.cold+0x5c/0x237
[ 2313.242317] kasan_report+0xc9/0x100
[ 2313.242693] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2313.243227] kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2313.243732] ? match_all_mem_tag+0x20/0x20 [test_kasan]
[ 2313.244250] ? rcu_read_unlock+0x40/0x40
[ 2313.244638] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.245130] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.245577] ? do_raw_spin_lock+0x270/0x270
[ 2313.245971] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.246473] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2313.246959] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.247485] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.247942] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.248401] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.248958] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.249430] kthread+0x2a7/0x350
[ 2313.249776] ? kthread_complete_and_exit+0x20/0x20
[ 2313.250236] ret_from_fork+0x22/0x30
[ 2313.250573]
[ 2313.250950] The buggy address belongs to stack of task kunit_try_catch/48142
[ 2313.251574] and is located at offset 266 in frame:
[ 2313.252028] kasan_stack_oob+0x0/0x200 [test_kasan]
[ 2313.252674] This frame has 4 objects:
[ 2313.253014] [48, 56) 'array'
[ 2313.253017] [80, 128) '__assertion'
[ 2313.253294] [160, 224) '__assertion'
[ 2313.253623] [256, 266) 'stack_array'
[ 2313.254453] The buggy address belongs to the virtual mapping at
[ffffc90001570000, ffffc90001579000) created by:
dup_task_struct+0x5e/0x5a0
[ 2313.256061] The buggy address belongs to the physical page:
[ 2313.256560] page:0000000091a4fd55 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1796d
[ 2313.257418] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.258023] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2313.258756] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2313.259460] page dumped because: kasan: bad access detected
[ 2313.260223] Memory state around the buggy address:
[ 2313.260659] ffffc90001577d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 2313.261312] ffffc90001577d80: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 00 00 f2 f2
[ 2313.261956] >ffffc90001577e00: f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02
[ 2313.262593] ^
[ 2313.263234] ffffc90001577e80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.263866] ffffc90001577f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.264514] ==================================================================
[ 2313.265302] ok 34 - kasan_stack_oob
[ 2313.267785] ==================================================================
[ 2313.269021] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2313.269799] Read of size 1 at addr ffffc90001cdfd1f by task kunit_try_catch/48143
[ 2313.270634] CPU: 0 PID: 48143 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.271833] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.272385] Call Trace:
[ 2313.272644]
[ 2313.272853] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2313.273479] dump_stack_lvl+0x57/0x81
[ 2313.273838] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.274363] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2313.274909] print_report.cold+0x5c/0x237
[ 2313.275304] kasan_report+0xc9/0x100
[ 2313.275654] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2313.276262] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2313.276784] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.277229] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.277660] ? lock_acquire+0x4ea/0x620
[ 2313.278020] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan]
[ 2313.278611] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.279050] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.279453] ? do_raw_spin_lock+0x270/0x270
[ 2313.279836] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.280358] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2313.280850] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.281341] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.281826] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.282314] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.282864] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.283385] kthread+0x2a7/0x350
[ 2313.283691] ? kthread_complete_and_exit+0x20/0x20
[ 2313.284142] ret_from_fork+0x22/0x30
[ 2313.284488]
[ 2313.284856] The buggy address belongs to stack of task kunit_try_catch/48143
[ 2313.285668] The buggy address belongs to the virtual mapping at
[ffffc90001cd8000, ffffc90001ce1000) created by:
dup_task_struct+0x5e/0x5a0
[ 2313.287180] The buggy address belongs to the physical page:
[ 2313.287698] page:000000006fae18f1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1aafa
[ 2313.288591] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.289183] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2313.289885] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2313.290713] page dumped because: kasan: bad access detected
[ 2313.291369] Memory state around the buggy address:
[ 2313.291801] ffffc90001cdfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.292462] ffffc90001cdfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.293144] >ffffc90001cdfd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00
[ 2313.293780] ^
[ 2313.294151] ffffc90001cdfd80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00
[ 2313.294795] ffffc90001cdfe00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[ 2313.295450] ==================================================================
[ 2313.296168] ok 35 - kasan_alloca_oob_left
[ 2313.297781] ==================================================================
[ 2313.298914] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2313.299720] Read of size 1 at addr ffffc90001fefd2a by task kunit_try_catch/48144
[ 2313.300601] CPU: 0 PID: 48144 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.301886] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.302409] Call Trace:
[ 2313.302657]
[ 2313.302897] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2313.303504] dump_stack_lvl+0x57/0x81
[ 2313.303898] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.304440] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2313.305041] print_report.cold+0x5c/0x237
[ 2313.305476] kasan_report+0xc9/0x100
[ 2313.305880] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2313.306460] kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2313.306999] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.307504] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.308023] ? lock_acquire+0x4ea/0x620
[ 2313.308420] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan]
[ 2313.308987] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.309449] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.309878] ? do_raw_spin_lock+0x270/0x270
[ 2313.310282] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.310833] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2313.311334] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.311814] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.312300] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.312783] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.313393] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.313895] kthread+0x2a7/0x350
[ 2313.314208] ? kthread_complete_and_exit+0x20/0x20
[ 2313.314659] ret_from_fork+0x22/0x30
[ 2313.315023]
[ 2313.315407] The buggy address belongs to stack of task kunit_try_catch/48144
[ 2313.316272] The buggy address belongs to the virtual mapping at
[ffffc90001fe8000, ffffc90001ff1000) created by:
dup_task_struct+0x5e/0x5a0
[ 2313.317840] The buggy address belongs to the physical page:
[ 2313.318389] page:00000000d3b27ead refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d17d
[ 2313.319268] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.319867] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2313.320786] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2313.321529] page dumped because: kasan: bad access detected
[ 2313.322206] Memory state around the buggy address:
[ 2313.322697] ffffc90001fefc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.323456] ffffc90001fefc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.324125] >ffffc90001fefd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00
[ 2313.324790] ^
[ 2313.325225] ffffc90001fefd80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00
[ 2313.325924] ffffc90001fefe00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[ 2313.326645] ==================================================================
[ 2313.328896] ok 36 - kasan_alloca_oob_right
[ 2313.330979] ==================================================================
[ 2313.332201] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2313.333001] Read of size 1 at addr ffff8880115ede80 by task kunit_try_catch/48145
[ 2313.333961] CPU: 0 PID: 48145 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.335291] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.335884] Call Trace:
[ 2313.336138]
[ 2313.336496] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2313.337169] dump_stack_lvl+0x57/0x81
[ 2313.337602] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.338288] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2313.338909] print_report.cold+0x5c/0x237
[ 2313.339356] kasan_report+0xc9/0x100
[ 2313.339744] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2313.340320] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2313.340850] ? ksize_uaf+0x4a0/0x4a0 [test_kasan]
[ 2313.341318] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.341766] ? do_raw_spin_lock+0x270/0x270
[ 2313.342203] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.342725] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.343222] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.343704] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.344238] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.344880] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.345402] kthread+0x2a7/0x350
[ 2313.345711] ? kthread_complete_and_exit+0x20/0x20
[ 2313.346176] ret_from_fork+0x22/0x30
[ 2313.346544]
[ 2313.346933] Allocated by task 48145:
[ 2313.347287] kasan_save_stack+0x1e/0x40
[ 2313.347671] __kasan_kmalloc+0x81/0xa0
[ 2313.348041] ksize_unpoisons_memory+0x9a/0x300 [test_kasan]
[ 2313.348565] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.349045] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.349605] kthread+0x2a7/0x350
[ 2313.349944] ret_from_fork+0x22/0x30
[ 2313.350599] The buggy address belongs to the object at ffff8880115ede00
which belongs to the cache kmalloc-128 of size 128
[ 2313.351865] The buggy address is located 0 bytes to the right of
128-byte region [ffff8880115ede00, ffff8880115ede80)
[ 2313.353129] The buggy address belongs to the physical page:
[ 2313.353662] page:0000000023b97de5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115ed
[ 2313.354547] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.355201] raw: 000fffffc0000200 ffffea0004089c40 dead000000000004 ffff8881000418c0
[ 2313.355906] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2313.356629] page dumped because: kasan: bad access detected
[ 2313.357333] Memory state around the buggy address:
[ 2313.357828] ffff8880115edd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.358531] ffff8880115ede00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.359272] >ffff8880115ede80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.359956] ^
[ 2313.360273] ffff8880115edf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.360960] ffff8880115edf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.361645] ==================================================================
[ 2313.362587] ok 37 - ksize_unpoisons_memory
[ 2313.364822] ==================================================================
[ 2313.366056] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2313.366711] Read of size 1 at addr ffff8880115ed600 by task kunit_try_catch/48146
[ 2313.367615] CPU: 0 PID: 48146 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.368852] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.369388] Call Trace:
[ 2313.369700]
[ 2313.369999] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2313.370505] dump_stack_lvl+0x57/0x81
[ 2313.370863] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.371406] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2313.371855] print_report.cold+0x5c/0x237
[ 2313.372293] kasan_report+0xc9/0x100
[ 2313.372672] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2313.373170] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2313.373607] __kasan_check_byte+0x36/0x50
[ 2313.374002] ksize+0x1b/0x50
[ 2313.374324] ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2313.374789] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 2313.375287] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.375731] ? do_raw_spin_lock+0x270/0x270
[ 2313.376129] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.376685] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.377188] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.377662] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.378142] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.378704] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.379187] kthread+0x2a7/0x350
[ 2313.379497] ? kthread_complete_and_exit+0x20/0x20
[ 2313.380187] ret_from_fork+0x22/0x30
[ 2313.381053]
[ 2313.382007] Allocated by task 48146:
[ 2313.382857] kasan_save_stack+0x1e/0x40
[ 2313.383798] __kasan_kmalloc+0x81/0xa0
[ 2313.384702] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 2313.385772] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.386911] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.388301] kthread+0x2a7/0x350
[ 2313.389080] ret_from_fork+0x22/0x30
[ 2313.390341] Freed by task 48146:
[ 2313.391122] kasan_save_stack+0x1e/0x40
[ 2313.392047] kasan_set_track+0x21/0x30
[ 2313.392906] kasan_set_free_info+0x20/0x40
[ 2313.393794] __kasan_slab_free+0x108/0x170
[ 2313.394663] slab_free_freelist_hook+0x11d/0x1d0
[ 2313.395668] kfree+0xe2/0x3c0
[ 2313.396370] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 2313.397412] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.398493] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.399790] kthread+0x2a7/0x350
[ 2313.400529] ret_from_fork+0x22/0x30
[ 2313.401685] Last potentially related work creation:
[ 2313.402695] kasan_save_stack+0x1e/0x40
[ 2313.403470] __kasan_record_aux_stack+0x96/0xb0
[ 2313.404386] kvfree_call_rcu+0x7d/0x840
[ 2313.405187] dma_resv_reserve_fences+0x35d/0x680
[ 2313.406149] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2313.407247] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2313.408282] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2313.409230] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2313.410427] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2313.411844] process_one_work+0x8e5/0x1520
[ 2313.412679] worker_thread+0x59e/0xf90
[ 2313.413395] kthread+0x2a7/0x350
[ 2313.414036] ret_from_fork+0x22/0x30
[ 2313.415046] The buggy address belongs to the object at ffff8880115ed600
which belongs to the cache kmalloc-128 of size 128
[ 2313.417345] The buggy address is located 0 bytes inside of
128-byte region [ffff8880115ed600, ffff8880115ed680)
[ 2313.419745] The buggy address belongs to the physical page:
[ 2313.420802] page:0000000023b97de5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115ed
[ 2313.422497] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.423710] raw: 000fffffc0000200 ffffea0004089c40 dead000000000004 ffff8881000418c0
[ 2313.425030] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2313.426380] page dumped because: kasan: bad access detected
[ 2313.427666] Memory state around the buggy address:
[ 2313.428500] ffff8880115ed500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.429741] ffff8880115ed580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.431023] >ffff8880115ed600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.432282] ^
[ 2313.432862] ffff8880115ed680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.434045] ffff8880115ed700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.435235] ==================================================================
[ 2313.436675] ==================================================================
[ 2313.437878] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2313.439057] Read of size 1 at addr ffff8880115ed600 by task kunit_try_catch/48146
[ 2313.440655] CPU: 0 PID: 48146 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.442841] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.443751] Call Trace:
[ 2313.444154]
[ 2313.444531] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2313.445277] dump_stack_lvl+0x57/0x81
[ 2313.445880] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.446782] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2313.447558] print_report.cold+0x5c/0x237
[ 2313.448213] kasan_report+0xc9/0x100
[ 2313.448794] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2313.449567] ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2313.450285] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 2313.451111] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.451811] ? do_raw_spin_lock+0x270/0x270
[ 2313.452487] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.453315] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.454091] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.454813] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.455582] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.456515] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.457301] kthread+0x2a7/0x350
[ 2313.457792] ? kthread_complete_and_exit+0x20/0x20
[ 2313.458524] ret_from_fork+0x22/0x30
[ 2313.459115]
[ 2313.459722] Allocated by task 48146:
[ 2313.460274] kasan_save_stack+0x1e/0x40
[ 2313.460849] __kasan_kmalloc+0x81/0xa0
[ 2313.461422] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 2313.462111] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.462794] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.463664] kthread+0x2a7/0x350
[ 2313.464154] ret_from_fork+0x22/0x30
[ 2313.464913] Freed by task 48146:
[ 2313.465374] kasan_save_stack+0x1e/0x40
[ 2313.466031] kasan_set_track+0x21/0x30
[ 2313.466642] kasan_set_free_info+0x20/0x40
[ 2313.467282] __kasan_slab_free+0x108/0x170
[ 2313.467927] slab_free_freelist_hook+0x11d/0x1d0
[ 2313.468620] kfree+0xe2/0x3c0
[ 2313.469117] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 2313.469793] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.470572] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.471553] kthread+0x2a7/0x350
[ 2313.472086] ret_from_fork+0x22/0x30
[ 2313.472923] Last potentially related work creation:
[ 2313.473507] kasan_save_stack+0x1e/0x40
[ 2313.473988] __kasan_record_aux_stack+0x96/0xb0
[ 2313.474489] kvfree_call_rcu+0x7d/0x840
[ 2313.474936] dma_resv_reserve_fences+0x35d/0x680
[ 2313.475477] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2313.476009] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2313.476528] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2313.477093] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2313.477755] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2313.478414] process_one_work+0x8e5/0x1520
[ 2313.478825] worker_thread+0x59e/0xf90
[ 2313.479219] kthread+0x2a7/0x350
[ 2313.479564] ret_from_fork+0x22/0x30
[ 2313.480182] The buggy address belongs to the object at ffff8880115ed600
which belongs to the cache kmalloc-128 of size 128
[ 2313.481476] The buggy address is located 0 bytes inside of
128-byte region [ffff8880115ed600, ffff8880115ed680)
[ 2313.482782] The buggy address belongs to the physical page:
[ 2313.483344] page:0000000023b97de5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115ed
[ 2313.484375] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.485193] raw: 000fffffc0000200 ffffea0004089c40 dead000000000004 ffff8881000418c0
[ 2313.485982] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2313.486799] page dumped because: kasan: bad access detected
[ 2313.487644] Memory state around the buggy address:
[ 2313.488181] ffff8880115ed500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.488984] ffff8880115ed580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.489732] >ffff8880115ed600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.490545] ^
[ 2313.490920] ffff8880115ed680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.491638] ffff8880115ed700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.492389] ==================================================================
[ 2313.493243] ==================================================================
[ 2313.493986] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2313.494700] Read of size 1 at addr ffff8880115ed678 by task kunit_try_catch/48146
[ 2313.495692] CPU: 0 PID: 48146 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.497064] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.497662] Call Trace:
[ 2313.497934]
[ 2313.498185] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2313.498681] dump_stack_lvl+0x57/0x81
[ 2313.499061] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.499638] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2313.500281] print_report.cold+0x5c/0x237
[ 2313.500720] kasan_report+0xc9/0x100
[ 2313.501135] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2313.501658] ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2313.502134] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 2313.502738] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.503211] ? do_raw_spin_lock+0x270/0x270
[ 2313.503645] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.504247] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.504800] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.505334] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.505840] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.506465] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.507026] kthread+0x2a7/0x350
[ 2313.507428] ? kthread_complete_and_exit+0x20/0x20
[ 2313.507916] ret_from_fork+0x22/0x30
[ 2313.508341]
[ 2313.508765] Allocated by task 48146:
[ 2313.509151] kasan_save_stack+0x1e/0x40
[ 2313.509546] __kasan_kmalloc+0x81/0xa0
[ 2313.509932] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 2313.510417] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.510948] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.511604] kthread+0x2a7/0x350
[ 2313.511972] ret_from_fork+0x22/0x30
[ 2313.512510] Freed by task 48146:
[ 2313.512850] kasan_save_stack+0x1e/0x40
[ 2313.513288] kasan_set_track+0x21/0x30
[ 2313.513693] kasan_set_free_info+0x20/0x40
[ 2313.514116] __kasan_slab_free+0x108/0x170
[ 2313.514536] slab_free_freelist_hook+0x11d/0x1d0
[ 2313.515033] kfree+0xe2/0x3c0
[ 2313.515380] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 2313.515904] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.516447] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.517092] kthread+0x2a7/0x350
[ 2313.517464] ret_from_fork+0x22/0x30
[ 2313.518053] Last potentially related work creation:
[ 2313.518616] kasan_save_stack+0x1e/0x40
[ 2313.519078] __kasan_record_aux_stack+0x96/0xb0
[ 2313.519545] kvfree_call_rcu+0x7d/0x840
[ 2313.519944] dma_resv_reserve_fences+0x35d/0x680
[ 2313.520417] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2313.520997] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2313.521629] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2313.522140] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2313.522745] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2313.523418] process_one_work+0x8e5/0x1520
[ 2313.523890] worker_thread+0x59e/0xf90
[ 2313.524315] kthread+0x2a7/0x350
[ 2313.524698] ret_from_fork+0x22/0x30
[ 2313.525260] The buggy address belongs to the object at ffff8880115ed600
which belongs to the cache kmalloc-128 of size 128
[ 2313.526544] The buggy address is located 120 bytes inside of
128-byte region [ffff8880115ed600, ffff8880115ed680)
[ 2313.527992] The buggy address belongs to the physical page:
[ 2313.528588] page:0000000023b97de5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115ed
[ 2313.529577] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.530381] raw: 000fffffc0000200 ffffea0004089c40 dead000000000004 ffff8881000418c0
[ 2313.531232] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2313.532114] page dumped because: kasan: bad access detected
[ 2313.532879] Memory state around the buggy address:
[ 2313.533360] ffff8880115ed500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.534139] ffff8880115ed580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.534946] >ffff8880115ed600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.535686] ^
[ 2313.536443] ffff8880115ed680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.537273] ffff8880115ed700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.538021] ==================================================================
[ 2313.539521] ok 38 - ksize_uaf
[ 2313.549241] ==================================================================
[ 2313.550407] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400
[ 2313.551352] CPU: 0 PID: 48147 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.552779] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.553437] Call Trace:
[ 2313.553698]
[ 2313.553941] dump_stack_lvl+0x57/0x81
[ 2313.554367] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.554987] print_report.cold+0x5c/0x237
[ 2313.555402] ? kmem_cache_free+0x152/0x400
[ 2313.555816] ? kmem_cache_free+0x152/0x400
[ 2313.556234] kasan_report_invalid_free+0x99/0xc0
[ 2313.556737] ? kmem_cache_free+0x152/0x400
[ 2313.557197] ? kmem_cache_free+0x152/0x400
[ 2313.557625] __kasan_slab_free+0x152/0x170
[ 2313.558073] slab_free_freelist_hook+0x11d/0x1d0
[ 2313.558569] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan]
[ 2313.559210] kmem_cache_free+0x152/0x400
[ 2313.559636] kmem_cache_double_free+0x1bd/0x280 [test_kasan]
[ 2313.560318] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan]
[ 2313.560988] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.561479] ? do_raw_spin_lock+0x270/0x270
[ 2313.562020] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.562592] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2313.563112] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.563637] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.564187] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.564765] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.565379] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.565916] kthread+0x2a7/0x350
[ 2313.566244] ? kthread_complete_and_exit+0x20/0x20
[ 2313.566740] ret_from_fork+0x22/0x30
[ 2313.567192]
[ 2313.567675] Allocated by task 48147:
[ 2313.568049] kasan_save_stack+0x1e/0x40
[ 2313.568449] __kasan_slab_alloc+0x66/0x80
[ 2313.568896] kmem_cache_alloc+0x161/0x310
[ 2313.569316] kmem_cache_double_free+0x123/0x280 [test_kasan]
[ 2313.569919] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.570447] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.571057] kthread+0x2a7/0x350
[ 2313.571406] ret_from_fork+0x22/0x30
[ 2313.571952] Freed by task 48147:
[ 2313.572293] kasan_save_stack+0x1e/0x40
[ 2313.572697] kasan_set_track+0x21/0x30
[ 2313.573082] kasan_set_free_info+0x20/0x40
[ 2313.573500] __kasan_slab_free+0x108/0x170
[ 2313.573977] slab_free_freelist_hook+0x11d/0x1d0
[ 2313.574459] kmem_cache_free+0x152/0x400
[ 2313.574862] kmem_cache_double_free+0x144/0x280 [test_kasan]
[ 2313.575438] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.575938] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.576563] kthread+0x2a7/0x350
[ 2313.576926] ret_from_fork+0x22/0x30
[ 2313.577570] The buggy address belongs to the object at ffff88801693b210
which belongs to the cache test_cache of size 200
[ 2313.578838] The buggy address is located 0 bytes inside of
200-byte region [ffff88801693b210, ffff88801693b2d8)
[ 2313.580164] The buggy address belongs to the physical page:
[ 2313.580730] page:0000000073fe2dc2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1693b
[ 2313.581705] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.582401] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888106696b40
[ 2313.583186] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 2313.583958] page dumped because: kasan: bad access detected
[ 2313.584686] Memory state around the buggy address:
[ 2313.585207] ffff88801693b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.586001] ffff88801693b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.586755] >ffff88801693b200: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.587491] ^
[ 2313.587905] ffff88801693b280: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[ 2313.588683] ffff88801693b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.589441] ==================================================================
[ 2313.657017] ok 39 - kmem_cache_double_free
[ 2313.659080] ==================================================================
[ 2313.660310] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400
[ 2313.661259] CPU: 0 PID: 48148 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.662639] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.663224] Call Trace:
[ 2313.663491]
[ 2313.663734] dump_stack_lvl+0x57/0x81
[ 2313.664128] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.664705] print_report.cold+0x5c/0x237
[ 2313.665124] ? kmem_cache_free+0x152/0x400
[ 2313.665547] ? kmem_cache_free+0x152/0x400
[ 2313.665965] kasan_report_invalid_free+0x99/0xc0
[ 2313.666434] ? kmem_cache_free+0x152/0x400
[ 2313.666861] ? kmem_cache_free+0x152/0x400
[ 2313.667310] __kasan_slab_free+0x152/0x170
[ 2313.667745] slab_free_freelist_hook+0x11d/0x1d0
[ 2313.668260] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan]
[ 2313.668886] kmem_cache_free+0x152/0x400
[ 2313.669295] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan]
[ 2313.669891] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan]
[ 2313.670500] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.671046] ? do_raw_spin_lock+0x270/0x270
[ 2313.671495] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.672057] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2313.672559] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.673087] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.673586] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.674106] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.674722] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.675249] kthread+0x2a7/0x350
[ 2313.675607] ? kthread_complete_and_exit+0x20/0x20
[ 2313.676122] ret_from_fork+0x22/0x30
[ 2313.676510]
[ 2313.676921] Allocated by task 48148:
[ 2313.677301] kasan_save_stack+0x1e/0x40
[ 2313.677722] __kasan_slab_alloc+0x66/0x80
[ 2313.678181] kmem_cache_alloc+0x161/0x310
[ 2313.678616] kmem_cache_invalid_free+0x126/0x280 [test_kasan]
[ 2313.679216] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.679717] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.680504] kthread+0x2a7/0x350
[ 2313.680851] ret_from_fork+0x22/0x30
[ 2313.681511] The buggy address belongs to the object at ffff88800478c000
which belongs to the cache test_cache of size 200
[ 2313.682760] The buggy address is located 1 bytes inside of
200-byte region [ffff88800478c000, ffff88800478c0c8)
[ 2313.684102] The buggy address belongs to the physical page:
[ 2313.684682] page:00000000c9b00d6c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x478c
[ 2313.685623] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.686343] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff8881066968c0
[ 2313.687141] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 2313.687984] page dumped because: kasan: bad access detected
[ 2313.688747] Memory state around the buggy address:
[ 2313.689266] ffff88800478bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.689985] ffff88800478bf80: 00 00 00 00 00 00 05 fc fc fc fc fc fc fc fc fc
[ 2313.690767] >ffff88800478c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2313.691476] ^
[ 2313.691834] ffff88800478c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 2313.692564] ffff88800478c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2313.693351] ==================================================================
[ 2313.745325] ok 40 - kmem_cache_invalid_free
[ 2313.751664] ==================================================================
[ 2313.753893] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2313.755531] Read of size 1 at addr ffff888106696c80 by task kunit_try_catch/48149
[ 2313.757354] CPU: 0 PID: 48149 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.760011] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.761108] Call Trace:
[ 2313.761590]
[ 2313.762012] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2313.763128] dump_stack_lvl+0x57/0x81
[ 2313.763834] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.764921] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2313.766044] print_report.cold+0x5c/0x237
[ 2313.766783] kasan_report+0xc9/0x100
[ 2313.767486] ? kmem_cache_free+0x90/0x400
[ 2313.768252] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2313.769381] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2313.770675] __kasan_check_byte+0x36/0x50
[ 2313.771424] kmem_cache_destroy+0x21/0x170
[ 2313.772146] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2313.773199] ? kmalloc_oob_right+0x510/0x510 [test_kasan]
[ 2313.774140] ? do_raw_spin_trylock+0xb5/0x180
[ 2313.774970] ? do_raw_spin_lock+0x270/0x270
[ 2313.775709] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.776683] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.777604] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.778468] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.779353] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.780425] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.781336] kthread+0x2a7/0x350
[ 2313.781917] ? kthread_complete_and_exit+0x20/0x20
[ 2313.782715] ret_from_fork+0x22/0x30
[ 2313.783352]
[ 2313.784011] Allocated by task 48149:
[ 2313.784618] kasan_save_stack+0x1e/0x40
[ 2313.785247] __kasan_slab_alloc+0x66/0x80
[ 2313.785918] kmem_cache_alloc+0x161/0x310
[ 2313.786561] kmem_cache_create_usercopy+0x1b9/0x310
[ 2313.787394] kmem_cache_create+0x12/0x20
[ 2313.788050] kmem_cache_double_destroy+0x8d/0x250 [test_kasan]
[ 2313.789012] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.789830] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.790833] kthread+0x2a7/0x350
[ 2313.791380] ret_from_fork+0x22/0x30
[ 2313.792196] Freed by task 48149:
[ 2313.792692] kasan_save_stack+0x1e/0x40
[ 2313.793293] kasan_set_track+0x21/0x30
[ 2313.793871] kasan_set_free_info+0x20/0x40
[ 2313.794498] __kasan_slab_free+0x108/0x170
[ 2313.795122] slab_free_freelist_hook+0x11d/0x1d0
[ 2313.795844] kmem_cache_free+0x152/0x400
[ 2313.796454] kobject_cleanup+0x104/0x390
[ 2313.797131] kmem_cache_double_destroy+0x12a/0x250 [test_kasan]
[ 2313.798080] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.798821] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.799734] kthread+0x2a7/0x350
[ 2313.800441] ret_from_fork+0x22/0x30
[ 2313.801295] The buggy address belongs to the object at ffff888106696c80
which belongs to the cache kmem_cache of size 240
[ 2313.803042] The buggy address is located 0 bytes inside of
240-byte region [ffff888106696c80, ffff888106696d70)
[ 2313.805033] The buggy address belongs to the physical page:
[ 2313.805841] page:0000000076fb7e3e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106696
[ 2313.807185] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2313.808230] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff888100041000
[ 2313.809342] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 2313.810441] page dumped because: kasan: bad access detected
[ 2313.811445] Memory state around the buggy address:
[ 2313.811922] ffff888106696b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.812633] ffff888106696c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 2313.813431] >ffff888106696c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2313.814151] ^
[ 2313.814495] ffff888106696d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 2313.815236] ffff888106696d80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 2313.815977] ==================================================================
[ 2313.816873] ok 41 - kmem_cache_double_destroy
[ 2313.822847] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 2313.824707] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 2313.827986] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 2313.830829] ==================================================================
[ 2313.832498] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2313.833585] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2313.834584] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.835798] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.836324] Call Trace:
[ 2313.836561]
[ 2313.836771] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2313.837371] dump_stack_lvl+0x57/0x81
[ 2313.837718] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.838293] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2313.838888] print_report.cold+0x5c/0x237
[ 2313.839263] kasan_report+0xc9/0x100
[ 2313.839603] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2313.840221] kasan_check_range+0xfd/0x1e0
[ 2313.840598] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2313.841198] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2313.841669] ? kunit_kfree+0x200/0x200 [kunit]
[ 2313.842092] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.842533] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.843074] ? rcu_read_lock_held+0x30/0x50
[ 2313.843488] ? trace_kmalloc+0x3c/0x100
[ 2313.843849] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2313.844297] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2313.844793] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2313.845519] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2313.846063] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.846533] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.846991] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.847460] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.848022] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.848497] kthread+0x2a7/0x350
[ 2313.848839] ? kthread_complete_and_exit+0x20/0x20
[ 2313.849304] ret_from_fork+0x22/0x30
[ 2313.849648]
[ 2313.850028] Allocated by task 48153:
[ 2313.850361] kasan_save_stack+0x1e/0x40
[ 2313.850718] __kasan_kmalloc+0x81/0xa0
[ 2313.851073] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2313.851565] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.852020] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.852574] kthread+0x2a7/0x350
[ 2313.852883] ret_from_fork+0x22/0x30
[ 2313.853376] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2313.854459] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2313.855644] The buggy address belongs to the physical page:
[ 2313.856150] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2313.856972] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.857589] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2313.858287] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2313.858980] page dumped because: kasan: bad access detected
[ 2313.859639] Memory state around the buggy address:
[ 2313.860170] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2313.860820] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2313.861524] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2313.862201] ^
[ 2313.862636] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2313.863313] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2313.863991] ==================================================================
[ 2313.864840] ==================================================================
[ 2313.865532] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2313.866398] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2313.867267] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.868510] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.869055] Call Trace:
[ 2313.869300]
[ 2313.869516] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2313.870142] dump_stack_lvl+0x57/0x81
[ 2313.870499] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.871048] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2313.871667] print_report.cold+0x5c/0x237
[ 2313.872058] kasan_report+0xc9/0x100
[ 2313.872409] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2313.873078] kasan_check_range+0xfd/0x1e0
[ 2313.873515] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2313.874143] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2313.874651] ? kunit_kfree+0x200/0x200 [kunit]
[ 2313.875085] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.875537] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.876071] ? rcu_read_lock_held+0x30/0x50
[ 2313.876471] ? trace_kmalloc+0x3c/0x100
[ 2313.876842] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2313.877310] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2313.877822] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2313.878563] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2313.879108] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.879591] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.880067] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.880549] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.881152] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.881684] kthread+0x2a7/0x350
[ 2313.882024] ? kthread_complete_and_exit+0x20/0x20
[ 2313.882482] ret_from_fork+0x22/0x30
[ 2313.882836]
[ 2313.883228] Allocated by task 48153:
[ 2313.883573] kasan_save_stack+0x1e/0x40
[ 2313.883947] __kasan_kmalloc+0x81/0xa0
[ 2313.884308] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2313.884816] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.885285] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.885859] kthread+0x2a7/0x350
[ 2313.886229] ret_from_fork+0x22/0x30
[ 2313.886743] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2313.887902] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2313.889307] The buggy address belongs to the physical page:
[ 2313.889837] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2313.892214] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.893846] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2313.895623] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2313.897438] page dumped because: kasan: bad access detected
[ 2313.899148] Memory state around the buggy address:
[ 2313.900193] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2313.901753] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2313.903308] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2313.904824] ^
[ 2313.905802] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2313.907360] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2313.908911] ==================================================================
[ 2313.910428] ==================================================================
[ 2313.911860] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2313.913716] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2313.915535] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.918204] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.919353] Call Trace:
[ 2313.919837]
[ 2313.920337] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2313.921600] dump_stack_lvl+0x57/0x81
[ 2313.922325] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.923412] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2313.924621] print_report.cold+0x5c/0x237
[ 2313.925401] kasan_report+0xc9/0x100
[ 2313.926093] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2313.927365] kasan_check_range+0xfd/0x1e0
[ 2313.928182] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2313.929497] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2313.930455] ? kunit_kfree+0x200/0x200 [kunit]
[ 2313.931336] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.932232] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.933283] ? rcu_read_lock_held+0x30/0x50
[ 2313.934072] ? trace_kmalloc+0x3c/0x100
[ 2313.934804] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2313.935698] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2313.936710] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2313.938112] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2313.939190] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.940137] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.941011] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.941922] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.942998] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.943917] kthread+0x2a7/0x350
[ 2313.944496] ? kthread_complete_and_exit+0x20/0x20
[ 2313.945370] ret_from_fork+0x22/0x30
[ 2313.946039]
[ 2313.946726] Allocated by task 48153:
[ 2313.947372] kasan_save_stack+0x1e/0x40
[ 2313.948055] __kasan_kmalloc+0x81/0xa0
[ 2313.948734] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2313.949711] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.950640] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.951687] kthread+0x2a7/0x350
[ 2313.952254] ret_from_fork+0x22/0x30
[ 2313.953154] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2313.955145] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2313.957285] The buggy address belongs to the physical page:
[ 2313.958198] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2313.959696] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2313.960828] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2313.962046] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2313.963390] page dumped because: kasan: bad access detected
[ 2313.964650] Memory state around the buggy address:
[ 2313.965476] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2313.966603] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2313.967739] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2313.968855] ^
[ 2313.969592] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2313.970731] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2313.971814] ==================================================================
[ 2313.972895] ==================================================================
[ 2313.973962] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2313.975326] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2313.976708] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2313.978720] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2313.979577] Call Trace:
[ 2313.980039]
[ 2313.980371] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2313.981364] dump_stack_lvl+0x57/0x81
[ 2313.981940] print_address_description.constprop.0+0x1f/0x1e0
[ 2313.982634] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2313.983380] print_report.cold+0x5c/0x237
[ 2313.983818] kasan_report+0xc9/0x100
[ 2313.984288] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2313.985010] kasan_check_range+0xfd/0x1e0
[ 2313.985463] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2313.986161] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2313.986737] ? kunit_kfree+0x200/0x200 [kunit]
[ 2313.987295] ? rcu_read_lock_sched_held+0x12/0x80
[ 2313.987804] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2313.988455] ? rcu_read_lock_held+0x30/0x50
[ 2313.988910] ? trace_kmalloc+0x3c/0x100
[ 2313.989347] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2313.989845] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2313.990457] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2313.991357] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2313.992020] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2313.992584] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.993169] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2313.993749] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2313.994486] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2313.995111] kthread+0x2a7/0x350
[ 2313.995472] ? kthread_complete_and_exit+0x20/0x20
[ 2313.996018] ret_from_fork+0x22/0x30
[ 2313.996441]
[ 2313.996928] Allocated by task 48153:
[ 2313.997344] kasan_save_stack+0x1e/0x40
[ 2313.997814] __kasan_kmalloc+0x81/0xa0
[ 2313.998295] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2313.998886] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2313.999477] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.000206] kthread+0x2a7/0x350
[ 2314.000538] ret_from_fork+0x22/0x30
[ 2314.001137] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.002452] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.003919] The buggy address belongs to the physical page:
[ 2314.004578] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.005615] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.006362] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.007203] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.008082] page dumped because: kasan: bad access detected
[ 2314.008910] Memory state around the buggy address:
[ 2314.009430] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.010292] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.011101] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.011920] ^
[ 2314.012404] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.013205] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.014050] ==================================================================
[ 2314.014852] ==================================================================
[ 2314.015678] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2314.016712] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.017807] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.019312] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.019970] Call Trace:
[ 2314.020264]
[ 2314.020498] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2314.021309] dump_stack_lvl+0x57/0x81
[ 2314.021718] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.022359] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2314.023125] print_report.cold+0x5c/0x237
[ 2314.023584] kasan_report+0xc9/0x100
[ 2314.023983] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2314.024667] kasan_check_range+0xfd/0x1e0
[ 2314.025138] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2314.025827] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2314.026413] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.026927] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.027509] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.028148] ? rcu_read_lock_held+0x30/0x50
[ 2314.028634] ? trace_kmalloc+0x3c/0x100
[ 2314.029133] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.029685] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2314.030331] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.031147] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.031853] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.032487] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.033108] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.033669] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.034362] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.034917] kthread+0x2a7/0x350
[ 2314.035288] ? kthread_complete_and_exit+0x20/0x20
[ 2314.035844] ret_from_fork+0x22/0x30
[ 2314.036257]
[ 2314.036673] Allocated by task 48153:
[ 2314.037087] kasan_save_stack+0x1e/0x40
[ 2314.037522] __kasan_kmalloc+0x81/0xa0
[ 2314.037948] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.038554] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.039088] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.039757] kthread+0x2a7/0x350
[ 2314.040370] ret_from_fork+0x22/0x30
[ 2314.041114] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.047508] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.048966] The buggy address belongs to the physical page:
[ 2314.049547] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.050538] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.051278] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.052173] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.053012] page dumped because: kasan: bad access detected
[ 2314.053806] Memory state around the buggy address:
[ 2314.054326] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.055088] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.055857] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.056650] ^
[ 2314.057170] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.057973] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.058762] ==================================================================
[ 2314.059639] ==================================================================
[ 2314.060443] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2314.061440] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.062406] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.063866] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.064546] Call Trace:
[ 2314.064844]
[ 2314.065142] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2314.066019] dump_stack_lvl+0x57/0x81
[ 2314.066550] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.067309] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2314.068148] print_report.cold+0x5c/0x237
[ 2314.068639] kasan_report+0xc9/0x100
[ 2314.069150] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2314.069839] kasan_check_range+0xfd/0x1e0
[ 2314.070432] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2314.071141] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2314.071695] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.072193] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.072697] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.073306] ? rcu_read_lock_held+0x30/0x50
[ 2314.073740] ? trace_kmalloc+0x3c/0x100
[ 2314.074200] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.074723] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2314.075308] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.076092] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.076679] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.077273] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.077782] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.078361] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.078993] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.079594] kthread+0x2a7/0x350
[ 2314.079981] ? kthread_complete_and_exit+0x20/0x20
[ 2314.080512] ret_from_fork+0x22/0x30
[ 2314.080948]
[ 2314.081392] Allocated by task 48153:
[ 2314.081785] kasan_save_stack+0x1e/0x40
[ 2314.082255] __kasan_kmalloc+0x81/0xa0
[ 2314.082659] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.083327] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.083842] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.084536] kthread+0x2a7/0x350
[ 2314.084890] ret_from_fork+0x22/0x30
[ 2314.085455] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.086698] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.088105] The buggy address belongs to the physical page:
[ 2314.088695] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.089651] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.090386] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.091168] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.092001] page dumped because: kasan: bad access detected
[ 2314.092757] Memory state around the buggy address:
[ 2314.093281] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.094026] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.094756] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.095576] ^
[ 2314.096095] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.096889] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.097652] ==================================================================
[ 2314.098475] ==================================================================
[ 2314.099246] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2314.100332] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.101399] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.102787] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.103415] Call Trace:
[ 2314.103673]
[ 2314.103938] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2314.104648] dump_stack_lvl+0x57/0x81
[ 2314.105027] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.105644] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2314.106391] print_report.cold+0x5c/0x237
[ 2314.106802] kasan_report+0xc9/0x100
[ 2314.107245] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2314.107960] kasan_check_range+0xfd/0x1e0
[ 2314.108392] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2314.109076] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2314.109599] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.110087] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.110648] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.111291] ? rcu_read_lock_held+0x30/0x50
[ 2314.111772] ? trace_kmalloc+0x3c/0x100
[ 2314.112199] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.112689] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2314.113306] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.114108] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.114696] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.115252] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.115758] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.116318] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.116975] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.117544] kthread+0x2a7/0x350
[ 2314.117959] ? kthread_complete_and_exit+0x20/0x20
[ 2314.118530] ret_from_fork+0x22/0x30
[ 2314.118928]
[ 2314.119358] Allocated by task 48153:
[ 2314.119758] kasan_save_stack+0x1e/0x40
[ 2314.120198] __kasan_kmalloc+0x81/0xa0
[ 2314.120594] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.121162] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.121680] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.122334] kthread+0x2a7/0x350
[ 2314.122679] ret_from_fork+0x22/0x30
[ 2314.123274] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.124515] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.125886] The buggy address belongs to the physical page:
[ 2314.126461] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.127400] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.128114] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.128910] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.129713] page dumped because: kasan: bad access detected
[ 2314.130629] Memory state around the buggy address:
[ 2314.131240] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.132153] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.133060] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.133959] ^
[ 2314.134459] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.135272] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.136030] ==================================================================
[ 2314.136777] ==================================================================
[ 2314.137655] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2314.138686] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.139702] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.141153] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.141749] Call Trace:
[ 2314.142035]
[ 2314.142279] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2314.142963] dump_stack_lvl+0x57/0x81
[ 2314.143378] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.143999] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2314.144685] print_report.cold+0x5c/0x237
[ 2314.145134] kasan_report+0xc9/0x100
[ 2314.145531] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2314.146232] kasan_check_range+0xfd/0x1e0
[ 2314.146691] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2314.147429] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2314.148041] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.148546] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.149032] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.149604] ? rcu_read_lock_held+0x30/0x50
[ 2314.150063] ? trace_kmalloc+0x3c/0x100
[ 2314.150485] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.151011] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2314.151627] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.152425] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.153030] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.153582] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.154097] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.154638] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.155297] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.155815] kthread+0x2a7/0x350
[ 2314.156183] ? kthread_complete_and_exit+0x20/0x20
[ 2314.156707] ret_from_fork+0x22/0x30
[ 2314.157086]
[ 2314.157496] Allocated by task 48153:
[ 2314.157893] kasan_save_stack+0x1e/0x40
[ 2314.158308] __kasan_kmalloc+0x81/0xa0
[ 2314.158695] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.159300] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.159798] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.160629] kthread+0x2a7/0x350
[ 2314.161005] ret_from_fork+0x22/0x30
[ 2314.161607] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.162864] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.164307] The buggy address belongs to the physical page:
[ 2314.164879] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.165916] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.166728] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.167672] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.168612] page dumped because: kasan: bad access detected
[ 2314.169486] Memory state around the buggy address:
[ 2314.170033] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.170829] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.171602] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.172363] ^
[ 2314.172830] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.173609] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.174477] ==================================================================
[ 2314.175304] ==================================================================
[ 2314.176054] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2314.177172] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.178202] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.179692] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.180332] Call Trace:
[ 2314.180604]
[ 2314.180840] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2314.181633] dump_stack_lvl+0x57/0x81
[ 2314.182064] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.182683] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2314.183467] print_report.cold+0x5c/0x237
[ 2314.183905] kasan_report+0xc9/0x100
[ 2314.184335] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2314.185115] kasan_check_range+0xfd/0x1e0
[ 2314.185570] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2314.186313] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.187006] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.187493] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.188004] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.188598] ? rcu_read_lock_held+0x30/0x50
[ 2314.189033] ? trace_kmalloc+0x3c/0x100
[ 2314.189462] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.190043] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.190640] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.191458] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.192116] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.192726] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.193267] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.193787] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.194449] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.195002] kthread+0x2a7/0x350
[ 2314.195358] ? kthread_complete_and_exit+0x20/0x20
[ 2314.195862] ret_from_fork+0x22/0x30
[ 2314.196290]
[ 2314.196703] Allocated by task 48153:
[ 2314.197106] kasan_save_stack+0x1e/0x40
[ 2314.197572] __kasan_kmalloc+0x81/0xa0
[ 2314.197999] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.198584] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.199158] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.199780] kthread+0x2a7/0x350
[ 2314.200149] ret_from_fork+0x22/0x30
[ 2314.200720] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.202007] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.203418] The buggy address belongs to the physical page:
[ 2314.204023] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.204962] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.205691] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.206497] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.207418] page dumped because: kasan: bad access detected
[ 2314.208341] Memory state around the buggy address:
[ 2314.208997] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.209846] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.210728] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.211599] ^
[ 2314.212120] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.212966] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.213734] ==================================================================
[ 2314.214559] ==================================================================
[ 2314.215340] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2314.216374] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.217401] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.218775] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.219409] Call Trace:
[ 2314.219693]
[ 2314.220069] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2314.220912] dump_stack_lvl+0x57/0x81
[ 2314.221339] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.222019] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2314.222790] print_report.cold+0x5c/0x237
[ 2314.223246] kasan_report+0xc9/0x100
[ 2314.223625] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2314.224461] kasan_check_range+0xfd/0x1e0
[ 2314.224907] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2314.225656] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.226364] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.226829] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.227400] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.227987] ? rcu_read_lock_held+0x30/0x50
[ 2314.228449] ? trace_kmalloc+0x3c/0x100
[ 2314.228827] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.229387] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.229992] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.230957] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.231677] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.232297] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.232946] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.233520] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.234294] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.234889] kthread+0x2a7/0x350
[ 2314.235280] ? kthread_complete_and_exit+0x20/0x20
[ 2314.235795] ret_from_fork+0x22/0x30
[ 2314.236233]
[ 2314.236691] Allocated by task 48153:
[ 2314.237148] kasan_save_stack+0x1e/0x40
[ 2314.237607] __kasan_kmalloc+0x81/0xa0
[ 2314.238048] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.238659] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.239226] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.239865] kthread+0x2a7/0x350
[ 2314.240264] ret_from_fork+0x22/0x30
[ 2314.240835] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.242099] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.243476] The buggy address belongs to the physical page:
[ 2314.244081] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.245049] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.245745] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.246575] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.247433] page dumped because: kasan: bad access detected
[ 2314.248255] Memory state around the buggy address:
[ 2314.248789] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.249543] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.250477] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.251256] ^
[ 2314.251845] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.252720] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.253538] ==================================================================
[ 2314.254400] ==================================================================
[ 2314.255179] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2314.256210] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.257245] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.258655] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.259287] Call Trace:
[ 2314.259561]
[ 2314.259780] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2314.260570] dump_stack_lvl+0x57/0x81
[ 2314.260963] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.261541] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2314.262345] print_report.cold+0x5c/0x237
[ 2314.262761] kasan_report+0xc9/0x100
[ 2314.263186] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2314.263983] kasan_check_range+0xfd/0x1e0
[ 2314.264435] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2314.265216] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.265915] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.266398] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.266961] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.267601] ? rcu_read_lock_held+0x30/0x50
[ 2314.268078] ? trace_kmalloc+0x3c/0x100
[ 2314.268514] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.269016] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.269563] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.270361] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.270969] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.271506] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.272026] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.272579] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.273228] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.273744] kthread+0x2a7/0x350
[ 2314.274122] ? kthread_complete_and_exit+0x20/0x20
[ 2314.274622] ret_from_fork+0x22/0x30
[ 2314.275036]
[ 2314.275496] Allocated by task 48153:
[ 2314.275880] kasan_save_stack+0x1e/0x40
[ 2314.276304] __kasan_kmalloc+0x81/0xa0
[ 2314.276701] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.277302] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.277819] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.278510] kthread+0x2a7/0x350
[ 2314.278854] ret_from_fork+0x22/0x30
[ 2314.279447] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.280914] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.282317] The buggy address belongs to the physical page:
[ 2314.282903] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.283863] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.284666] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.285501] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.286311] page dumped because: kasan: bad access detected
[ 2314.287089] Memory state around the buggy address:
[ 2314.287657] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.288471] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.289227] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.289973] ^
[ 2314.290446] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.291211] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.291974] ==================================================================
[ 2314.292726] ==================================================================
[ 2314.293486] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2314.294515] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.295492] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.296894] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.297529] Call Trace:
[ 2314.297826]
[ 2314.298113] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2314.298937] dump_stack_lvl+0x57/0x81
[ 2314.299335] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.299990] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2314.300748] print_report.cold+0x5c/0x237
[ 2314.301190] kasan_report+0xc9/0x100
[ 2314.301589] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2314.302355] kasan_check_range+0xfd/0x1e0
[ 2314.302791] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2314.303545] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.304277] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.304741] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.305283] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.305844] ? rcu_read_lock_held+0x30/0x50
[ 2314.306313] ? trace_kmalloc+0x3c/0x100
[ 2314.306714] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.307252] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.307810] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.308608] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.309218] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.309728] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.310438] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.310980] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.311660] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.312225] kthread+0x2a7/0x350
[ 2314.312569] ? kthread_complete_and_exit+0x20/0x20
[ 2314.313094] ret_from_fork+0x22/0x30
[ 2314.313499]
[ 2314.313969] Allocated by task 48153:
[ 2314.314403] kasan_save_stack+0x1e/0x40
[ 2314.314827] __kasan_kmalloc+0x81/0xa0
[ 2314.315262] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.315800] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.316348] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.317041] kthread+0x2a7/0x350
[ 2314.317416] ret_from_fork+0x22/0x30
[ 2314.317995] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.319316] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.320702] The buggy address belongs to the physical page:
[ 2314.321302] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.322253] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.322959] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.323801] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.324612] page dumped because: kasan: bad access detected
[ 2314.325407] Memory state around the buggy address:
[ 2314.325924] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.326661] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.327485] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.328314] ^
[ 2314.328805] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.329577] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.330336] ==================================================================
[ 2314.331289] ==================================================================
[ 2314.332191] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2314.333453] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.334543] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.335991] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.336600] Call Trace:
[ 2314.336891]
[ 2314.337120] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2314.337907] dump_stack_lvl+0x57/0x81
[ 2314.338331] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.339221] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2314.341183] print_report.cold+0x5c/0x237
[ 2314.342115] kasan_report+0xc9/0x100
[ 2314.342950] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2314.344599] kasan_check_range+0xfd/0x1e0
[ 2314.345512] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2314.347131] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.348613] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.349638] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.350738] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.351961] ? rcu_read_lock_held+0x30/0x50
[ 2314.352839] ? trace_kmalloc+0x3c/0x100
[ 2314.353704] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.354691] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.355824] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.357364] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.358548] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.359610] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.360634] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.361686] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.362878] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.363873] kthread+0x2a7/0x350
[ 2314.364520] ? kthread_complete_and_exit+0x20/0x20
[ 2314.365456] ret_from_fork+0x22/0x30
[ 2314.366181]
[ 2314.366968] Allocated by task 48153:
[ 2314.367668] kasan_save_stack+0x1e/0x40
[ 2314.368424] __kasan_kmalloc+0x81/0xa0
[ 2314.369174] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.370366] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.371305] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.372393] kthread+0x2a7/0x350
[ 2314.372993] ret_from_fork+0x22/0x30
[ 2314.373963] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.376094] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.378399] The buggy address belongs to the physical page:
[ 2314.379383] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.381006] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.382161] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.383439] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.384708] page dumped because: kasan: bad access detected
[ 2314.385934] Memory state around the buggy address:
[ 2314.386778] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.388046] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.389252] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.390455] ^
[ 2314.391237] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.392373] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.393516] ==================================================================
[ 2314.394690] ==================================================================
[ 2314.395839] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2314.397416] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.398893] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.401183] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.402104] Call Trace:
[ 2314.402514]
[ 2314.402866] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2314.403971] dump_stack_lvl+0x57/0x81
[ 2314.404538] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.405415] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2314.406521] print_report.cold+0x5c/0x237
[ 2314.407138] kasan_report+0xc9/0x100
[ 2314.407691] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2314.408791] kasan_check_range+0xfd/0x1e0
[ 2314.409414] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2314.410496] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.411488] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.412184] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.412868] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.413658] ? rcu_read_lock_held+0x30/0x50
[ 2314.414267] ? trace_kmalloc+0x3c/0x100
[ 2314.414824] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.415520] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.416306] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.417354] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.418174] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.418909] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.419612] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.420346] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.421217] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.421979] kthread+0x2a7/0x350
[ 2314.422461] ? kthread_complete_and_exit+0x20/0x20
[ 2314.423143] ret_from_fork+0x22/0x30
[ 2314.423671]
[ 2314.424243] Allocated by task 48153:
[ 2314.424754] kasan_save_stack+0x1e/0x40
[ 2314.425330] __kasan_kmalloc+0x81/0xa0
[ 2314.425885] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.426635] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.427336] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.428191] kthread+0x2a7/0x350
[ 2314.428656] ret_from_fork+0x22/0x30
[ 2314.429411] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.431270] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.433093] The buggy address belongs to the physical page:
[ 2314.433608] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.434443] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.435030] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.435680] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.436335] page dumped because: kasan: bad access detected
[ 2314.436961] Memory state around the buggy address:
[ 2314.437376] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.438015] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.438666] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.439279] ^
[ 2314.439674] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.440293] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.440907] ==================================================================
[ 2314.441535] ==================================================================
[ 2314.442162] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2314.443059] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.443890] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.445049] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.445576] Call Trace:
[ 2314.445798]
[ 2314.446001] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2314.446633] dump_stack_lvl+0x57/0x81
[ 2314.446966] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.447465] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2314.448105] print_report.cold+0x5c/0x237
[ 2314.448459] kasan_report+0xc9/0x100
[ 2314.448779] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2314.449426] kasan_check_range+0xfd/0x1e0
[ 2314.449779] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2314.450405] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.450978] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.451376] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.451789] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.452274] ? rcu_read_lock_held+0x30/0x50
[ 2314.452659] ? trace_kmalloc+0x3c/0x100
[ 2314.453005] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.453416] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.453905] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.454542] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.455045] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.455492] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.455925] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.456366] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.456898] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.457345] kthread+0x2a7/0x350
[ 2314.457638] ? kthread_complete_and_exit+0x20/0x20
[ 2314.458063] ret_from_fork+0x22/0x30
[ 2314.458387]
[ 2314.458739] Allocated by task 48153:
[ 2314.459060] kasan_save_stack+0x1e/0x40
[ 2314.459397] __kasan_kmalloc+0x81/0xa0
[ 2314.459727] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.460995] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.462196] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.463610] kthread+0x2a7/0x350
[ 2314.464400] ret_from_fork+0x22/0x30
[ 2314.465666] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.468682] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.471791] The buggy address belongs to the physical page:
[ 2314.473063] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.475034] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.476524] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.478227] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.479897] page dumped because: kasan: bad access detected
[ 2314.481490] Memory state around the buggy address:
[ 2314.482463] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.483944] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.485388] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.486809] ^
[ 2314.487751] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.489196] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.490769] ==================================================================
[ 2314.492283] ==================================================================
[ 2314.493662] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2314.495571] Read of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.497306] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.499825] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.500937] Call Trace:
[ 2314.501432]
[ 2314.501882] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2314.503239] dump_stack_lvl+0x57/0x81
[ 2314.503940] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.504974] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2314.506261] print_report.cold+0x5c/0x237
[ 2314.507013] kasan_report+0xc9/0x100
[ 2314.507686] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2314.508972] kasan_check_range+0xfd/0x1e0
[ 2314.509675] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2314.510926] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.518269] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.519036] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.519800] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.520809] ? rcu_read_lock_held+0x30/0x50
[ 2314.521531] ? trace_kmalloc+0x3c/0x100
[ 2314.522159] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.522927] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.523756] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.524892] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.525759] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.526515] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.527264] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.528079] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.528975] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.529739] kthread+0x2a7/0x350
[ 2314.530233] ? kthread_complete_and_exit+0x20/0x20
[ 2314.531024] ret_from_fork+0x22/0x30
[ 2314.531617]
[ 2314.532293] Allocated by task 48153:
[ 2314.532869] kasan_save_stack+0x1e/0x40
[ 2314.533504] __kasan_kmalloc+0x81/0xa0
[ 2314.534061] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.534816] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.535553] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.536462] kthread+0x2a7/0x350
[ 2314.536949] ret_from_fork+0x22/0x30
[ 2314.537722] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.539453] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.541321] The buggy address belongs to the physical page:
[ 2314.542129] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.543463] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.544403] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.545269] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.546119] page dumped because: kasan: bad access detected
[ 2314.546983] Memory state around the buggy address:
[ 2314.547512] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.548358] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.549176] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.550069] ^
[ 2314.550601] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.551460] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.552273] ==================================================================
[ 2314.553124] ==================================================================
[ 2314.554016] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2314.555230] Read of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.556345] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.557927] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.558559] Call Trace:
[ 2314.558830]
[ 2314.559107] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2314.559941] dump_stack_lvl+0x57/0x81
[ 2314.560374] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.561039] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2314.561858] print_report.cold+0x5c/0x237
[ 2314.562334] kasan_report+0xc9/0x100
[ 2314.562866] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2314.563725] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2314.564555] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.565403] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.566037] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.566622] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.567404] ? rcu_read_lock_held+0x30/0x50
[ 2314.567985] ? trace_kmalloc+0x3c/0x100
[ 2314.568494] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.569106] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.569715] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.570544] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.571219] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.571754] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.572349] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.572907] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.573590] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.574227] kthread+0x2a7/0x350
[ 2314.574590] ? kthread_complete_and_exit+0x20/0x20
[ 2314.575184] ret_from_fork+0x22/0x30
[ 2314.575596]
[ 2314.576045] Allocated by task 48153:
[ 2314.576449] kasan_save_stack+0x1e/0x40
[ 2314.576910] __kasan_kmalloc+0x81/0xa0
[ 2314.577346] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.577994] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.578588] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.579304] kthread+0x2a7/0x350
[ 2314.579675] ret_from_fork+0x22/0x30
[ 2314.580394] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.581793] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.583301] The buggy address belongs to the physical page:
[ 2314.583996] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.585051] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.585822] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.586683] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.587580] page dumped because: kasan: bad access detected
[ 2314.588397] Memory state around the buggy address:
[ 2314.588937] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.589724] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.590548] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.591301] ^
[ 2314.591783] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.592598] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.593448] ==================================================================
[ 2314.594308] ==================================================================
[ 2314.595092] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2314.596154] Write of size 8 at addr ffff8880053183a8 by task kunit_try_catch/48153
[ 2314.597201] CPU: 0 PID: 48153 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.598740] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.599387] Call Trace:
[ 2314.599668]
[ 2314.599948] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2314.600761] dump_stack_lvl+0x57/0x81
[ 2314.601189] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.601849] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2314.602676] print_report.cold+0x5c/0x237
[ 2314.603150] kasan_report+0xc9/0x100
[ 2314.603574] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2314.604427] kasan_check_range+0xfd/0x1e0
[ 2314.604926] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2314.605779] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2314.606565] ? kunit_kfree+0x200/0x200 [kunit]
[ 2314.607088] ? rcu_read_lock_sched_held+0x12/0x80
[ 2314.607644] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.608329] ? rcu_read_lock_held+0x30/0x50
[ 2314.608797] ? trace_kmalloc+0x3c/0x100
[ 2314.609265] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2314.609784] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2314.610529] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2314.611405] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2314.612048] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.612628] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.613202] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.613754] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.614510] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.615113] kthread+0x2a7/0x350
[ 2314.615508] ? kthread_complete_and_exit+0x20/0x20
[ 2314.616074] ret_from_fork+0x22/0x30
[ 2314.616494]
[ 2314.616983] Allocated by task 48153:
[ 2314.617428] kasan_save_stack+0x1e/0x40
[ 2314.617844] __kasan_kmalloc+0x81/0xa0
[ 2314.618302] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2314.618911] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.619451] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.620143] kthread+0x2a7/0x350
[ 2314.620506] ret_from_fork+0x22/0x30
[ 2314.621129] The buggy address belongs to the object at ffff8880053183a0
which belongs to the cache kmalloc-16 of size 16
[ 2314.622475] The buggy address is located 8 bytes inside of
16-byte region [ffff8880053183a0, ffff8880053183b0)
[ 2314.623839] The buggy address belongs to the physical page:
[ 2314.624481] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.625476] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.626246] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.627094] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.627956] page dumped because: kasan: bad access detected
[ 2314.628820] Memory state around the buggy address:
[ 2314.629395] ffff888005318280: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 2314.630281] ffff888005318300: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.631068] >ffff888005318380: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc
[ 2314.631895] ^
[ 2314.632421] ffff888005318400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.633236] ffff888005318480: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2314.634032] ==================================================================
[ 2314.636524] ok 45 - kasan_bitops_generic
[ 2314.645336] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2314.646768] ==================================================================
[ 2314.648583] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.649526] Read of size 1 at addr ffff8880053189e0 by task kunit_try_catch/48155
[ 2314.650634] CPU: 0 PID: 48155 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.652139] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.652876] Call Trace:
[ 2314.653169]
[ 2314.653459] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.654128] dump_stack_lvl+0x57/0x81
[ 2314.654599] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.655268] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.655968] print_report.cold+0x5c/0x237
[ 2314.656445] kasan_report+0xc9/0x100
[ 2314.656890] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.657569] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.658275] __kasan_check_byte+0x36/0x50
[ 2314.658728] kfree_sensitive+0x1b/0x60
[ 2314.659187] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.659806] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan]
[ 2314.660378] ? do_raw_spin_trylock+0xb5/0x180
[ 2314.660833] ? do_raw_spin_lock+0x270/0x270
[ 2314.661356] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.661967] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.662549] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.663086] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.663654] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.664385] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.664976] kthread+0x2a7/0x350
[ 2314.665414] ? kthread_complete_and_exit+0x20/0x20
[ 2314.666058] ret_from_fork+0x22/0x30
[ 2314.666513]
[ 2314.667047] Allocated by task 48155:
[ 2314.667493] kasan_save_stack+0x1e/0x40
[ 2314.668053] __kasan_kmalloc+0x81/0xa0
[ 2314.668549] kmalloc_double_kzfree+0x9a/0x270 [test_kasan]
[ 2314.669252] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.669771] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.670568] kthread+0x2a7/0x350
[ 2314.670971] ret_from_fork+0x22/0x30
[ 2314.671621] Freed by task 48155:
[ 2314.671998] kasan_save_stack+0x1e/0x40
[ 2314.672470] kasan_set_track+0x21/0x30
[ 2314.672901] kasan_set_free_info+0x20/0x40
[ 2314.673376] __kasan_slab_free+0x108/0x170
[ 2314.673830] slab_free_freelist_hook+0x11d/0x1d0
[ 2314.674438] kfree+0xe2/0x3c0
[ 2314.674754] kmalloc_double_kzfree+0x137/0x270 [test_kasan]
[ 2314.675422] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.675980] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.676628] kthread+0x2a7/0x350
[ 2314.677047] ret_from_fork+0x22/0x30
[ 2314.677681] The buggy address belongs to the object at ffff8880053189e0
which belongs to the cache kmalloc-16 of size 16
[ 2314.679074] The buggy address is located 0 bytes inside of
16-byte region [ffff8880053189e0, ffff8880053189f0)
[ 2314.680549] The buggy address belongs to the physical page:
[ 2314.681205] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.682249] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.683042] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.683977] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.684809] page dumped because: kasan: bad access detected
[ 2314.685658] Memory state around the buggy address:
[ 2314.686304] ffff888005318880: 00 00 fc fc 00 00 fc fc fb fb fc fc fa fb fc fc
[ 2314.687112] ffff888005318900: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 2314.687991] >ffff888005318980: fb fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc
[ 2314.688831] ^
[ 2314.689559] ffff888005318a00: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.690431] ffff888005318a80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2314.691248] ==================================================================
[ 2314.692269] ==================================================================
[ 2314.693082] BUG: KASAN: double-free or invalid-free in kfree+0xe2/0x3c0
[ 2314.694068] CPU: 0 PID: 48155 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.695564] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.696263] Call Trace:
[ 2314.696546]
[ 2314.696792] dump_stack_lvl+0x57/0x81
[ 2314.697240] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.697904] print_report.cold+0x5c/0x237
[ 2314.698386] ? kfree+0xe2/0x3c0
[ 2314.698772] ? kfree+0xe2/0x3c0
[ 2314.699201] kasan_report_invalid_free+0x99/0xc0
[ 2314.699725] ? kfree+0xe2/0x3c0
[ 2314.700286] ? kfree+0xe2/0x3c0
[ 2314.700675] __kasan_slab_free+0x152/0x170
[ 2314.701226] slab_free_freelist_hook+0x11d/0x1d0
[ 2314.701772] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.702440] kfree+0xe2/0x3c0
[ 2314.702821] ? __kasan_check_byte+0x36/0x50
[ 2314.703289] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2314.703969] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan]
[ 2314.704560] ? do_raw_spin_trylock+0xb5/0x180
[ 2314.705063] ? do_raw_spin_lock+0x270/0x270
[ 2314.705559] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.706202] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.706760] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.707370] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.707998] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.708792] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.709465] kthread+0x2a7/0x350
[ 2314.709863] ? kthread_complete_and_exit+0x20/0x20
[ 2314.710460] ret_from_fork+0x22/0x30
[ 2314.710983]
[ 2314.711433] Allocated by task 48155:
[ 2314.711831] kasan_save_stack+0x1e/0x40
[ 2314.712304] __kasan_kmalloc+0x81/0xa0
[ 2314.712738] kmalloc_double_kzfree+0x9a/0x270 [test_kasan]
[ 2314.713381] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.713937] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.714596] kthread+0x2a7/0x350
[ 2314.714974] ret_from_fork+0x22/0x30
[ 2314.715581] Freed by task 48155:
[ 2314.715992] kasan_save_stack+0x1e/0x40
[ 2314.716432] kasan_set_track+0x21/0x30
[ 2314.716815] kasan_set_free_info+0x20/0x40
[ 2314.717368] __kasan_slab_free+0x108/0x170
[ 2314.717804] slab_free_freelist_hook+0x11d/0x1d0
[ 2314.718406] kfree+0xe2/0x3c0
[ 2314.718735] kmalloc_double_kzfree+0x137/0x270 [test_kasan]
[ 2314.719378] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.719931] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.720615] kthread+0x2a7/0x350
[ 2314.721018] ret_from_fork+0x22/0x30
[ 2314.721658] The buggy address belongs to the object at ffff8880053189e0
which belongs to the cache kmalloc-16 of size 16
[ 2314.723022] The buggy address is located 0 bytes inside of
16-byte region [ffff8880053189e0, ffff8880053189f0)
[ 2314.724556] The buggy address belongs to the physical page:
[ 2314.725176] page:000000008728a81e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5318
[ 2314.726154] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.726909] raw: 000fffffc0000200 ffffea0000bd7300 dead000000000002 ffff8881000413c0
[ 2314.727750] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2314.728656] page dumped because: kasan: bad access detected
[ 2314.729427] Memory state around the buggy address:
[ 2314.730048] ffff888005318880: 00 00 fc fc 00 00 fc fc fb fb fc fc fa fb fc fc
[ 2314.730907] ffff888005318900: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 2314.731743] >ffff888005318980: fb fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc
[ 2314.732625] ^
[ 2314.733318] ffff888005318a00: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2314.734102] ffff888005318a80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2314.734926] ==================================================================
[ 2314.736198] ok 47 - kmalloc_double_kzfree
[ 2314.737779] ok 48 - vmalloc_helpers_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2314.740890] ==================================================================
[ 2314.742602] BUG: KASAN: out-of-bounds in vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2314.743397] Read of size 1 at addr ffffc9000007b7f3 by task kunit_try_catch/48157
[ 2314.744414] CPU: 0 PID: 48157 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1858_750349426.el9.x86_64+debug #1
[ 2314.745805] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2314.746479] Call Trace:
[ 2314.746814]
[ 2314.747105] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2314.747676] dump_stack_lvl+0x57/0x81
[ 2314.748137] print_address_description.constprop.0+0x1f/0x1e0
[ 2314.748787] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2314.749314] print_report.cold+0x5c/0x237
[ 2314.749751] kasan_report+0xc9/0x100
[ 2314.750236] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2314.750775] vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2314.751323] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan]
[ 2314.751961] ? do_raw_spin_trylock+0xb5/0x180
[ 2314.752465] ? do_raw_spin_lock+0x270/0x270
[ 2314.752941] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2314.753559] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2314.754140] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2314.754682] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2314.755268] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2314.755933] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2314.756507] kthread+0x2a7/0x350
[ 2314.756868] ? kthread_complete_and_exit+0x20/0x20
[ 2314.757375] ret_from_fork+0x22/0x30
[ 2314.757771]
[ 2314.758269] The buggy address belongs to the virtual mapping at
[ffffc9000007b000, ffffc9000007d000) created by:
vmalloc_oob+0x78/0x5e0 [test_kasan]
[ 2314.760416] The buggy address belongs to the physical page:
[ 2314.761054] page:000000009322f22e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13122
[ 2314.762140] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2314.762921] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2314.763757] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2314.764690] page dumped because: kasan: bad access detected
[ 2314.765519] Memory state around the buggy address:
[ 2314.766126] ffffc9000007b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2314.767034] ffffc9000007b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2314.767974] >ffffc9000007b780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00
[ 2314.768836] ^
[ 2314.769626] ffffc9000007b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2314.770452] ffffc9000007b880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2314.771287] ==================================================================
[ 2314.807140] # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1131
KASAN failure expected in "((volatile char *)v_ptr)[size + 5]", but none occurred
[ 2314.807441] not ok 49 - vmalloc_oob
[ 2314.814841] ok 50 - vmap_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 2314.816807] ok 51 - vm_map_ram_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 2314.821411] ok 52 - vmalloc_percpu # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 2314.824917] ok 53 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2314.835541] ok 54 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2314.841177] ok 55 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2314.842653] not ok 20 - kasan
[ 2315.157615] # Subtest: linear-ranges-test
[ 2315.157623] 1..4
[ 2315.161879] ok 1 - range_test_get_value_amount
[ 2315.164154] ok 2 - range_test_get_selector_high
[ 2315.165860] ok 3 - range_test_get_selector_low
[ 2315.167793] ok 4 - range_test_get_value
[ 2315.168300] ok 21 - linear-ranges-test
[ 2315.269411] # Subtest: list_sort
[ 2315.269417] 1..1
[ 2315.281609] ok 1 - list_sort_test
[ 2315.281908] ok 22 - list_sort
[ 2315.540594] # Subtest: time_test_cases
[ 2315.540601] 1..1
[ 2319.223939] ok 1 - time64_to_tm_test_date_range
[ 2319.224201] ok 23 - time_test_cases
[ 2320.807569] systemd-journald[564]: Data hash table of /run/log/journal/8d7d49c9e1184b609d7402837852291d/system.journal has a fill level at 75.0 (7003 of 9336 items, 5378048 file size, 767 bytes per hash table item), suggesting rotation.
[ 2320.820896] systemd-journald[564]: /run/log/journal/8d7d49c9e1184b609d7402837852291d/system.journal: Journal header limits reached or header out-of-date, rotating.