[ 2896.626843] # Subtest: bitfields [ 2896.626865] 1..2 [ 2896.631046] ok 1 - test_bitfields_constants [ 2896.631988] ok 2 - test_bitfields_variables [ 2896.632481] ok 1 - bitfields [ 2897.326252] # Subtest: cmdline [ 2897.326264] 1..4 [ 2897.334186] ok 1 - cmdline_test_noint [ 2897.335230] ok 2 - cmdline_test_lead_int [ 2897.336133] ok 3 - cmdline_test_tail_int [ 2897.337981] ok 4 - cmdline_test_range [ 2897.338473] ok 2 - cmdline [ 2897.960731] # Subtest: ext4_inode_test [ 2897.960743] 1..1 [ 2897.968307] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits [ 2897.969134] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits [ 2897.972325] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits [ 2897.974145] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits [ 2897.976224] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on [ 2897.977896] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on [ 2897.980278] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on [ 2897.982019] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on [ 2897.984118] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on [ 2897.986768] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on [ 2897.988359] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on [ 2897.990678] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on [ 2897.992334] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns [ 2897.994804] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns [ 2897.997695] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on [ 2898.000002] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on [ 2898.001276] ok 1 - inode_test_xtimestamp_decoding [ 2898.002516] ok 3 - ext4_inode_test [ 2899.400402] # Subtest: kunit-try-catch-test [ 2899.400415] 1..2 [ 2899.402156] ok 1 - kunit_test_try_catch_successful_try_no_catch [ 2899.403261] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch [ 2899.404018] ok 4 - kunit-try-catch-test [ 2899.407278] # Subtest: kunit-resource-test [ 2899.407286] 1..7 [ 2899.408844] ok 1 - kunit_resource_test_init_resources [ 2899.409967] ok 2 - kunit_resource_test_alloc_resource [ 2899.411415] ok 3 - kunit_resource_test_destroy_resource [ 2899.412947] ok 4 - kunit_resource_test_cleanup_resources [ 2899.413966] ok 5 - kunit_resource_test_proper_free_ordering [ 2899.415430] ok 6 - kunit_resource_test_static [ 2899.417122] ok 7 - kunit_resource_test_named [ 2899.417837] ok 5 - kunit-resource-test [ 2899.419862] # Subtest: kunit-log-test [ 2899.419870] 1..1 [ 2899.421037] put this in log. [ 2899.421310] this too. [ 2899.421719] add to suite log. [ 2899.421987] along with this. [ 2899.422853] ok 1 - kunit_log_test [ 2899.423322] ok 6 - kunit-log-test [ 2899.425378] # Subtest: kunit_status [ 2899.425386] 1..2 [ 2899.428250] ok 1 - kunit_status_set_failure_test [ 2899.428967] ok 2 - kunit_status_mark_skipped_test [ 2899.429617] ok 7 - kunit_status [ 2899.584723] # Subtest: rtc_lib_test_cases [ 2899.584736] 1..1 [ 2904.730125] ok 1 - rtc_time64_to_tm_test_date_range [ 2904.732298] ok 8 - rtc_lib_test_cases [ 2905.035384] # Subtest: list-kunit-test [ 2905.035403] 1..36 [ 2905.036197] ok 1 - list_test_list_init [ 2905.037465] ok 2 - list_test_list_add [ 2905.038292] ok 3 - list_test_list_add_tail [ 2905.039823] ok 4 - list_test_list_del [ 2905.040766] ok 5 - list_test_list_replace [ 2905.045128] ok 6 - list_test_list_replace_init [ 2905.046079] ok 7 - list_test_list_swap [ 2905.047652] ok 8 - list_test_list_del_init [ 2905.048897] ok 9 - list_test_list_move [ 2905.049792] ok 10 - list_test_list_move_tail [ 2905.051138] ok 11 - list_test_list_bulk_move_tail [ 2905.052127] ok 12 - list_test_list_is_first [ 2905.053965] ok 13 - list_test_list_is_last [ 2905.054981] ok 14 - list_test_list_empty [ 2905.056446] ok 15 - list_test_list_empty_careful [ 2905.057245] ok 16 - list_test_list_rotate_left [ 2905.059509] ok 17 - list_test_list_rotate_to_front [ 2905.060832] ok 18 - list_test_list_is_singular [ 2905.061912] ok 19 - list_test_list_cut_position [ 2905.063685] ok 20 - list_test_list_cut_before [ 2905.064940] ok 21 - list_test_list_splice [ 2905.065872] ok 22 - list_test_list_splice_tail [ 2905.067168] ok 23 - list_test_list_splice_init [ 2905.068575] ok 24 - list_test_list_splice_tail_init [ 2905.069850] ok 25 - list_test_list_entry [ 2905.070866] ok 26 - list_test_list_first_entry [ 2905.072499] ok 27 - list_test_list_last_entry [ 2905.073708] ok 28 - list_test_list_first_entry_or_null [ 2905.074920] ok 29 - list_test_list_next_entry [ 2905.076155] ok 30 - list_test_list_prev_entry [ 2905.077824] ok 31 - list_test_list_for_each [ 2905.078866] ok 32 - list_test_list_for_each_prev [ 2905.080190] ok 33 - list_test_list_for_each_safe [ 2905.081637] ok 34 - list_test_list_for_each_prev_safe [ 2905.082881] ok 35 - list_test_list_for_each_entry [ 2905.083891] ok 36 - list_test_list_for_each_entry_reverse [ 2905.084628] ok 9 - list-kunit-test [ 2905.253108] # Subtest: memcpy [ 2905.253121] 1..4 [ 2905.254153] # memset_test: ok: memset() direct assignment [ 2905.255102] # memset_test: ok: memset() complete overwrite [ 2905.255758] # memset_test: ok: memset() middle overwrite [ 2905.256401] # memset_test: ok: memset() argument side-effects [ 2905.257052] # memset_test: ok: memset() memset_after() [ 2905.257666] # memset_test: ok: memset() memset_startat() [ 2905.259220] ok 1 - memset_test [ 2905.260478] # memcpy_test: ok: memcpy() static initializers [ 2905.261604] # memcpy_test: ok: memcpy() direct assignment [ 2905.262222] # memcpy_test: ok: memcpy() complete overwrite [ 2905.262888] # memcpy_test: ok: memcpy() middle overwrite [ 2905.263523] # memcpy_test: ok: memcpy() argument side-effects [ 2905.264641] ok 2 - memcpy_test [ 2905.265699] # memmove_test: ok: memmove() static initializers [ 2905.266782] # memmove_test: ok: memmove() direct assignment [ 2905.267454] # memmove_test: ok: memmove() complete overwrite [ 2905.268072] # memmove_test: ok: memmove() middle overwrite [ 2905.268723] # memmove_test: ok: memmove() argument side-effects [ 2905.269420] # memmove_test: ok: memmove() overlapping write [ 2905.270523] ok 3 - memmove_test [ 2905.272634] ok 4 - strtomem_test [ 2905.273033] ok 10 - memcpy [ 2905.423270] # Subtest: mptcp-crypto [ 2905.423282] 1..1 [ 2905.424127] ok 1 - mptcp_crypto_test_basic [ 2905.424448] ok 11 - mptcp-crypto [ 2905.600860] # Subtest: mptcp-token [ 2905.600872] 1..4 [ 2905.602151] ok 1 - mptcp_token_test_req_basic [ 2905.603673] ok 2 - mptcp_token_test_msk_basic [ 2905.604863] ok 3 - mptcp_token_test_accept [ 2905.605847] ok 4 - mptcp_token_test_destroyed [ 2905.606484] ok 12 - mptcp-token [ 2906.008394] # Subtest: rational [ 2906.008407] 1..1 [ 2906.009166] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term [ 2906.010385] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term [ 2906.011690] # rational_test: ok 3 - Closest to zero [ 2906.013496] # rational_test: ok 4 - Closest to smallest non-zero [ 2906.014739] # rational_test: ok 5 - Use convergent [ 2906.015940] # rational_test: ok 6 - Exact answer [ 2906.017827] # rational_test: ok 7 - Semiconvergent, numerator limit [ 2906.018843] # rational_test: ok 8 - Semiconvergent, denominator limit [ 2906.019710] ok 1 - rational_test [ 2906.020460] ok 13 - rational [ 2906.170953] # Subtest: resource [ 2906.170966] 1..2 [ 2906.172030] ok 1 - resource_test_union [ 2906.172922] ok 2 - resource_test_intersection [ 2906.173454] ok 14 - resource [ 2906.325584] # Subtest: slub_test [ 2906.325599] 1..2 [ 2906.366254] ok 1 - test_clobber_zone [ 2906.376168] ok 2 - test_clobber_redzone_free [ 2906.376722] ok 15 - slub_test [ 2906.952662] # Subtest: snd_soc_tplg_test [ 2906.952674] 1..11 [ 2906.958122] ok 1 - snd_soc_tplg_test_load_with_null_comp [ 2906.960912] ok 2 - snd_soc_tplg_test_load_with_null_ops [ 2906.964755] ok 3 - snd_soc_tplg_test_load_with_null_fw [ 2906.967760] ok 4 - snd_soc_tplg_test_load_empty_tplg [ 2906.971877] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic [ 2906.975858] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi [ 2906.980162] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size [ 2906.983850] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size [ 2906.987924] ok 9 - snd_soc_tplg_test_load_pcm_tplg [ 2906.995334] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp [ 2907.002816] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.006914] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.073646] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.079126] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.113738] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.117983] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.148036] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.157129] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.206356] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.208589] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.244117] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.250102] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.279619] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.281845] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.313505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.318056] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.346900] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.353451] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.384116] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.391044] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.418120] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.428919] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.464032] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.468130] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.505586] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.513864] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.565422] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.570406] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.609652] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.614406] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.653721] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.662989] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.697240] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.701038] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.729901] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.735371] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.764522] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.769342] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.805025] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.807521] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.845477] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.849738] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.884425] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.890733] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.926622] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.932405] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.965634] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2907.971319] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2907.999125] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.004672] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.033889] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.039338] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.078699] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.092574] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.126106] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.132340] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.161844] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.166343] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.196938] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.202784] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.243972] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.252224] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.293750] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.309236] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.340872] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.347228] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.379559] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.383868] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.420486] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.422855] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.461196] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.471546] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.502554] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.508029] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.536012] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.544476] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.573372] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.578819] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.611406] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.615363] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.659828] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.664673] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.703017] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.708070] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.737867] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.742062] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.780836] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.789765] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.824737] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.829067] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.859676] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.864058] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.900061] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.907211] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.943246] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.947631] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2908.989363] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2908.996874] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.027930] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.032368] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.068421] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.070750] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.119061] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.125027] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.153026] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.158293] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.200903] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.208412] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.236477] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.240217] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.269400] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.275232] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.316350] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.322206] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.355991] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.358408] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.391884] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.397197] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.424561] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.431319] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.459775] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.462065] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.492963] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.496981] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.532077] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.537956] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.576000] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.580019] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.611526] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.616001] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.646505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.650917] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.686742] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.691057] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.728316] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.730478] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.760986] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.767050] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.794471] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.799835] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.828894] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.843014] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.886180] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.888513] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.926581] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.930951] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.962483] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2909.966773] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2909.996841] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.002377] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.030241] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.033983] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.062759] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.069341] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.105496] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.110972] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.145146] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.149409] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.178775] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.182920] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.215256] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.220035] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.248598] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.252927] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.287911] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.290172] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.324472] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.327967] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.362874] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.369026] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.396347] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.399960] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.430456] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.436961] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.471455] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.477629] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.506746] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.508997] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.541423] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.549925] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.585279] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.589498] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.618841] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.632969] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.670998] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.674947] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.704551] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.708932] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.738023] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.742025] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.784015] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.792816] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.826888] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.830959] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.866717] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.870945] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.902934] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.909307] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.936754] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2910.941965] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2910.981252] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card [ 2910.981269] ok 16 - snd_soc_tplg_test [ 2911.350966] # Subtest: soc-utils [ 2911.350979] 1..1 [ 2911.355465] ok 1 - test_tdm_params_to_bclk [ 2911.355762] ok 17 - soc-utils [ 2912.314743] # Subtest: sysctl_test [ 2912.314755] 1..10 [ 2912.319298] ok 1 - sysctl_test_api_dointvec_null_tbl_data [ 2912.321268] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset [ 2912.324205] ok 3 - sysctl_test_api_dointvec_table_len_is_zero [ 2912.327214] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set [ 2912.330211] ok 5 - sysctl_test_dointvec_read_happy_single_positive [ 2912.333184] ok 6 - sysctl_test_dointvec_read_happy_single_negative [ 2912.336197] ok 7 - sysctl_test_dointvec_write_happy_single_positive [ 2912.339449] ok 8 - sysctl_test_dointvec_write_happy_single_negative [ 2912.342225] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min [ 2912.345228] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max [ 2912.345974] ok 18 - sysctl_test [ 2912.707498] # Subtest: bits-test [ 2912.707511] 1..3 [ 2912.711229] ok 1 - genmask_test [ 2912.713274] ok 2 - genmask_ull_test [ 2912.716219] ok 3 - genmask_input_check_test [ 2912.716643] ok 19 - bits-test [ 2914.302561] # Subtest: kasan [ 2914.302580] 1..55 [ 2914.306142] ================================================================== [ 2914.307151] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2914.307979] Write of size 1 at addr ffff888105987873 by task kunit_try_catch/48568 [ 2914.308934] CPU: 0 PID: 48568 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.310077] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.310683] Call Trace: [ 2914.310994] [ 2914.311245] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2914.311794] dump_stack_lvl+0x57/0x81 [ 2914.312275] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.312916] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2914.313472] print_report.cold+0x5c/0x237 [ 2914.313906] kasan_report+0xc9/0x100 [ 2914.314289] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2914.314842] kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2914.315382] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2914.315929] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2914.316565] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.317160] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.317715] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.318309] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.318915] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.319600] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.320151] kthread+0x2a4/0x350 [ 2914.320527] ? kthread_complete_and_exit+0x20/0x20 [ 2914.321042] ret_from_fork+0x1f/0x30 [ 2914.321521] [ 2914.322005] Allocated by task 48568: [ 2914.322432] kasan_save_stack+0x1e/0x40 [ 2914.322850] __kasan_kmalloc+0x81/0xa0 [ 2914.323257] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2914.323802] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.324329] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.324978] kthread+0x2a4/0x350 [ 2914.325337] ret_from_fork+0x1f/0x30 [ 2914.325910] Last potentially related work creation: [ 2914.326432] kasan_save_stack+0x1e/0x40 [ 2914.326846] __kasan_record_aux_stack+0x96/0xb0 [ 2914.327342] kvfree_call_rcu+0x7d/0x840 [ 2914.327761] dma_resv_reserve_fences+0x35d/0x680 [ 2914.328296] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2914.328869] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2914.329431] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2914.329934] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2914.330539] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2914.331282] process_one_work+0x8e2/0x1520 [ 2914.331723] worker_thread+0x59e/0xf90 [ 2914.332141] kthread+0x2a4/0x350 [ 2914.332497] ret_from_fork+0x1f/0x30 [ 2914.333073] The buggy address belongs to the object at ffff888105987800 which belongs to the cache kmalloc-128 of size 128 [ 2914.334427] The buggy address is located 115 bytes inside of 128-byte region [ffff888105987800, ffff888105987880) [ 2914.335819] The buggy address belongs to the physical page: [ 2914.336410] page:0000000011cb2ed7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105987 [ 2914.337402] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2914.338136] raw: 0017ffffc0000200 ffffea000067ebc0 dead000000000004 ffff8881000418c0 [ 2914.338947] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2914.339755] page dumped because: kasan: bad access detected [ 2914.340526] Memory state around the buggy address: [ 2914.341036] ffff888105987700: 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc [ 2914.341791] ffff888105987780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.342551] >ffff888105987800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2914.343310] ^ [ 2914.344025] ffff888105987880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.344782] ffff888105987900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2914.345561] ================================================================== [ 2914.346415] Disabling lock debugging due to kernel taint [ 2914.346993] ================================================================== [ 2914.347757] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2914.348605] Write of size 1 at addr ffff888105987878 by task kunit_try_catch/48568 [ 2914.349580] CPU: 0 PID: 48568 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.350987] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.351599] Call Trace: [ 2914.351873] [ 2914.352117] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2914.352688] dump_stack_lvl+0x57/0x81 [ 2914.353094] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.353706] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2914.354280] print_report.cold+0x5c/0x237 [ 2914.354713] kasan_report+0xc9/0x100 [ 2914.355106] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2914.355678] kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2914.356284] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2914.356918] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2914.357603] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.358264] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.358809] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.359332] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.359870] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.360518] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.361062] kthread+0x2a4/0x350 [ 2914.361424] ? kthread_complete_and_exit+0x20/0x20 [ 2914.361935] ret_from_fork+0x1f/0x30 [ 2914.362335] [ 2914.362765] Allocated by task 48568: [ 2914.363186] kasan_save_stack+0x1e/0x40 [ 2914.363601] __kasan_kmalloc+0x81/0xa0 [ 2914.364004] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2914.364554] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.365078] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.365797] kthread+0x2a4/0x350 [ 2914.366197] ret_from_fork+0x1f/0x30 [ 2914.366836] Last potentially related work creation: [ 2914.367400] kasan_save_stack+0x1e/0x40 [ 2914.367811] __kasan_record_aux_stack+0x96/0xb0 [ 2914.368303] kvfree_call_rcu+0x7d/0x840 [ 2914.368716] dma_resv_reserve_fences+0x35d/0x680 [ 2914.369214] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2914.369764] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2914.370315] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2914.370818] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2914.371422] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2914.372096] process_one_work+0x8e2/0x1520 [ 2914.372533] worker_thread+0x59e/0xf90 [ 2914.372923] kthread+0x2a4/0x350 [ 2914.373270] ret_from_fork+0x1f/0x30 [ 2914.373818] The buggy address belongs to the object at ffff888105987800 which belongs to the cache kmalloc-128 of size 128 [ 2914.375055] The buggy address is located 120 bytes inside of 128-byte region [ffff888105987800, ffff888105987880) [ 2914.376424] The buggy address belongs to the physical page: [ 2914.377006] page:0000000011cb2ed7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105987 [ 2914.377961] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2914.378673] raw: 0017ffffc0000200 ffffea000067ebc0 dead000000000004 ffff8881000418c0 [ 2914.379456] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2914.380267] page dumped because: kasan: bad access detected [ 2914.381035] Memory state around the buggy address: [ 2914.381548] ffff888105987700: 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc [ 2914.382314] ffff888105987780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.383070] >ffff888105987800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2914.383824] ^ [ 2914.384570] ffff888105987880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.385302] ffff888105987900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2914.386030] ================================================================== [ 2914.386772] ================================================================== [ 2914.387506] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2914.388324] Read of size 1 at addr ffff888105987880 by task kunit_try_catch/48568 [ 2914.389260] CPU: 0 PID: 48568 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.390614] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.391204] Call Trace: [ 2914.391468] [ 2914.391700] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2914.392255] dump_stack_lvl+0x57/0x81 [ 2914.392640] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.393293] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2914.393867] print_report.cold+0x5c/0x237 [ 2914.394303] kasan_report+0xc9/0x100 [ 2914.394694] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2914.395277] kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2914.395841] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2914.396413] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2914.397024] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.397616] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.398159] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.398683] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.399230] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.399852] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.400382] kthread+0x2a4/0x350 [ 2914.400726] ? kthread_complete_and_exit+0x20/0x20 [ 2914.401222] ret_from_fork+0x1f/0x30 [ 2914.401605] [ 2914.402019] Allocated by task 48568: [ 2914.402397] kasan_save_stack+0x1e/0x40 [ 2914.402795] __kasan_kmalloc+0x81/0xa0 [ 2914.403194] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2914.403719] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.404227] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.404850] kthread+0x2a4/0x350 [ 2914.405197] ret_from_fork+0x1f/0x30 [ 2914.405747] Last potentially related work creation: [ 2914.406249] kasan_save_stack+0x1e/0x40 [ 2914.406647] __kasan_record_aux_stack+0x96/0xb0 [ 2914.407117] kvfree_call_rcu+0x7d/0x840 [ 2914.407518] dma_resv_reserve_fences+0x35d/0x680 [ 2914.407995] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2914.408551] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2914.409102] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2914.409607] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2914.410213] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2914.410881] process_one_work+0x8e2/0x1520 [ 2914.411321] worker_thread+0x59e/0xf90 [ 2914.411725] kthread+0x2a4/0x350 [ 2914.412082] ret_from_fork+0x1f/0x30 [ 2914.412653] The buggy address belongs to the object at ffff888105987800 which belongs to the cache kmalloc-128 of size 128 [ 2914.413931] The buggy address is located 0 bytes to the right of 128-byte region [ffff888105987800, ffff888105987880) [ 2914.415320] The buggy address belongs to the physical page: [ 2914.415881] page:0000000011cb2ed7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105987 [ 2914.416820] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2914.417561] raw: 0017ffffc0000200 ffffea000067ebc0 dead000000000004 ffff8881000418c0 [ 2914.418340] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2914.419118] page dumped because: kasan: bad access detected [ 2914.419858] Memory state around the buggy address: [ 2914.420380] ffff888105987780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.421139] ffff888105987800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2914.421891] >ffff888105987880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.422644] ^ [ 2914.422986] ffff888105987900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2914.423792] ffff888105987980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.424549] ================================================================== [ 2914.425896] ok 1 - kmalloc_oob_right [ 2914.428131] ================================================================== [ 2914.429295] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2914.430107] Read of size 1 at addr ffff88800535f1ff by task kunit_try_catch/48569 [ 2914.431058] CPU: 0 PID: 48569 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.432423] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.433013] Call Trace: [ 2914.433279] [ 2914.433512] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2914.434058] dump_stack_lvl+0x57/0x81 [ 2914.434452] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.435071] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2914.435635] print_report.cold+0x5c/0x237 [ 2914.436075] kasan_report+0xc9/0x100 [ 2914.436469] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2914.437058] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2914.437613] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan] [ 2914.438281] ? do_raw_spin_trylock+0xb5/0x180 [ 2914.438738] ? do_raw_spin_lock+0x270/0x270 [ 2914.439178] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.439750] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.440303] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.440827] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.441371] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.442019] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.442568] kthread+0x2a4/0x350 [ 2914.442924] ? kthread_complete_and_exit+0x20/0x20 [ 2914.443441] ret_from_fork+0x1f/0x30 [ 2914.443840] [ 2914.444279] Allocated by task 48482: [ 2914.444651] kasan_save_stack+0x1e/0x40 [ 2914.445052] __kasan_kmalloc+0x81/0xa0 [ 2914.445450] proc_self_get_link+0x165/0x1d0 [ 2914.445945] pick_link+0x86c/0xfb0 [ 2914.446330] step_into+0x507/0xd50 [ 2914.446703] walk_component+0x11f/0x5b0 [ 2914.447122] link_path_walk.part.0.constprop.0+0x567/0xb90 [ 2914.447699] path_lookupat+0x79/0x6b0 [ 2914.448101] filename_lookup+0x19b/0x520 [ 2914.448527] user_path_at_empty+0x3a/0x60 [ 2914.448957] do_utimes+0xe9/0x190 [ 2914.449331] __x64_sys_utimensat+0x150/0x200 [ 2914.449776] do_syscall_64+0x59/0x90 [ 2914.450184] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2914.450884] Freed by task 48482: [ 2914.451229] kasan_save_stack+0x1e/0x40 [ 2914.451638] kasan_set_track+0x21/0x30 [ 2914.452030] kasan_set_free_info+0x20/0x40 [ 2914.452489] __kasan_slab_free+0x108/0x170 [ 2914.452926] slab_free_freelist_hook+0x11d/0x1d0 [ 2914.453466] kfree+0xe2/0x3c0 [ 2914.453802] walk_component+0x1ee/0x5b0 [ 2914.454222] link_path_walk.part.0.constprop.0+0x485/0xb90 [ 2914.454800] path_lookupat+0x79/0x6b0 [ 2914.455209] filename_lookup+0x19b/0x520 [ 2914.455618] user_path_at_empty+0x3a/0x60 [ 2914.456038] do_utimes+0xe9/0x190 [ 2914.456392] __x64_sys_utimensat+0x150/0x200 [ 2914.456835] do_syscall_64+0x59/0x90 [ 2914.457237] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2914.457954] The buggy address belongs to the object at ffff88800535f1e0 which belongs to the cache kmalloc-16 of size 16 [ 2914.459229] The buggy address is located 15 bytes to the right of 16-byte region [ffff88800535f1e0, ffff88800535f1f0) [ 2914.460646] The buggy address belongs to the physical page: [ 2914.461236] page:00000000024f4ae5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x535f [ 2914.462192] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.462914] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2914.463717] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2914.464496] page dumped because: kasan: bad access detected [ 2914.465240] Memory state around the buggy address: [ 2914.465731] ffff88800535f080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2914.466465] ffff88800535f100: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 2914.467220] >ffff88800535f180: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2914.467972] ^ [ 2914.468722] ffff88800535f200: 00 07 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2914.469481] ffff88800535f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 2914.470236] ================================================================== [ 2914.471112] ok 2 - kmalloc_oob_left [ 2914.472986] ================================================================== [ 2914.474192] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2914.475053] Read of size 1 at addr ffff8880335bf000 by task kunit_try_catch/48570 [ 2914.476020] CPU: 0 PID: 48570 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.477436] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.478020] Call Trace: [ 2914.478289] [ 2914.478520] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2914.479123] dump_stack_lvl+0x57/0x81 [ 2914.479538] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.480155] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2914.480774] print_report.cold+0x5c/0x237 [ 2914.481219] kasan_report+0xc9/0x100 [ 2914.481596] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2914.482198] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2914.482781] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan] [ 2914.483367] ? do_raw_spin_trylock+0xb5/0x180 [ 2914.483838] ? do_raw_spin_lock+0x270/0x270 [ 2914.484295] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.484882] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.485426] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.485931] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.486453] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.487079] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.487607] kthread+0x2a4/0x350 [ 2914.487952] ? kthread_complete_and_exit+0x20/0x20 [ 2914.488450] ret_from_fork+0x1f/0x30 [ 2914.488837] [ 2914.489256] Allocated by task 48570: [ 2914.489632] kasan_save_stack+0x1e/0x40 [ 2914.490032] __kasan_kmalloc+0x81/0xa0 [ 2914.490428] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan] [ 2914.490998] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.491505] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.492130] kthread+0x2a4/0x350 [ 2914.492472] ret_from_fork+0x1f/0x30 [ 2914.493025] The buggy address belongs to the object at ffff8880335be000 which belongs to the cache kmalloc-4k of size 4096 [ 2914.494270] The buggy address is located 0 bytes to the right of 4096-byte region [ffff8880335be000, ffff8880335bf000) [ 2914.495650] The buggy address belongs to the physical page: [ 2914.496246] page:00000000c8bb6ba0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x335b8 [ 2914.497206] head:00000000c8bb6ba0 order:3 compound_mapcount:0 compound_pincount:0 [ 2914.497986] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.498755] raw: 000fffffc0010200 0000000000000000 dead000000000001 ffff888100042140 [ 2914.499564] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 2914.500396] page dumped because: kasan: bad access detected [ 2914.501166] Memory state around the buggy address: [ 2914.501673] ffff8880335bef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.502434] ffff8880335bef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.503190] >ffff8880335bf000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.503946] ^ [ 2914.504309] ffff8880335bf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.505036] ffff8880335bf100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.505767] ================================================================== [ 2914.506754] ok 3 - kmalloc_node_oob_right [ 2914.510003] ================================================================== [ 2914.511285] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2914.512221] Write of size 1 at addr ffff888036c6a00a by task kunit_try_catch/48571 [ 2914.513247] CPU: 0 PID: 48571 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.514682] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.515292] Call Trace: [ 2914.515566] [ 2914.515808] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2914.516475] dump_stack_lvl+0x57/0x81 [ 2914.516875] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.517490] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2914.518158] print_report.cold+0x5c/0x237 [ 2914.518593] kasan_report+0xc9/0x100 [ 2914.518984] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2914.519644] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2914.520272] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan] [ 2914.520865] ? do_raw_spin_trylock+0xb5/0x180 [ 2914.521328] ? do_raw_spin_lock+0x270/0x270 [ 2914.521767] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.522339] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.522864] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.523373] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.523893] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.524521] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.525049] kthread+0x2a4/0x350 [ 2914.525396] ? kthread_complete_and_exit+0x20/0x20 [ 2914.525919] ret_from_fork+0x1f/0x30 [ 2914.526323] [ 2914.526753] The buggy address belongs to the physical page: [ 2914.527342] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2914.528273] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2914.529030] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.529728] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2914.530539] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2914.531345] page dumped because: kasan: bad access detected [ 2914.532122] Memory state around the buggy address: [ 2914.532649] ffff888036c69f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.533409] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.534175] >ffff888036c6a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2914.534928] ^ [ 2914.535315] ffff888036c6a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2914.536077] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2914.536819] ================================================================== [ 2914.537646] ok 4 - kmalloc_pagealloc_oob_right [ 2914.538984] ================================================================== [ 2914.540244] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2914.541055] Read of size 1 at addr ffff888036c68000 by task kunit_try_catch/48572 [ 2914.541999] CPU: 0 PID: 48572 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.543432] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.544039] Call Trace: [ 2914.544321] [ 2914.544563] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2914.545187] dump_stack_lvl+0x57/0x81 [ 2914.545574] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.546170] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2914.546802] print_report.cold+0x5c/0x237 [ 2914.547242] kasan_report+0xc9/0x100 [ 2914.547633] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2914.548249] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2914.548837] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan] [ 2914.549521] ? do_raw_spin_trylock+0xb5/0x180 [ 2914.549978] ? do_raw_spin_lock+0x270/0x270 [ 2914.550419] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.550988] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.551519] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.552023] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.552550] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.553174] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.553700] kthread+0x2a4/0x350 [ 2914.554046] ? kthread_complete_and_exit+0x20/0x20 [ 2914.554543] ret_from_fork+0x1f/0x30 [ 2914.554927] [ 2914.555345] The buggy address belongs to the physical page: [ 2914.555910] page:00000000d199dffc refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2914.556837] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2914.557493] raw: 000fffffc0000000 ffffea0000db1b08 ffff88810c200270 0000000000000000 [ 2914.558277] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2914.559051] page dumped because: kasan: bad access detected [ 2914.559793] Memory state around the buggy address: [ 2914.560293] ffff888036c67f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.561022] ffff888036c67f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.561751] >ffff888036c68000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2914.562543] ^ [ 2914.562896] ffff888036c68080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2914.563664] ffff888036c68100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2914.564491] ================================================================== [ 2914.565447] ok 5 - kmalloc_pagealloc_uaf [ 2914.566982] ================================================================== [ 2914.568184] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2914.569365] CPU: 0 PID: 48573 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.570723] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.571317] Call Trace: [ 2914.571580] [ 2914.571814] dump_stack_lvl+0x57/0x81 [ 2914.572202] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.572794] print_report.cold+0x5c/0x237 [ 2914.573266] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2914.573928] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2914.574597] kasan_report_invalid_free+0x99/0xc0 [ 2914.575082] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2914.575744] kfree+0x2ab/0x3c0 [ 2914.576080] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2914.576756] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan] [ 2914.577400] ? do_raw_spin_trylock+0xb5/0x180 [ 2914.577874] ? do_raw_spin_lock+0x270/0x270 [ 2914.578330] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.578918] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.579463] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.579985] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.580526] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.581151] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.581679] kthread+0x2a4/0x350 [ 2914.582024] ? kthread_complete_and_exit+0x20/0x20 [ 2914.582524] ret_from_fork+0x1f/0x30 [ 2914.582910] [ 2914.583330] The buggy address belongs to the physical page: [ 2914.583894] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2914.584826] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2914.585582] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.586280] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2914.587063] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2914.587837] page dumped because: kasan: bad access detected [ 2914.588578] Memory state around the buggy address: [ 2914.589070] ffff888036c67f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.589801] ffff888036c67f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.590560] >ffff888036c68000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.591317] ^ [ 2914.591673] ffff888036c68080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.592457] ffff888036c68100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.593211] ================================================================== [ 2914.594041] ok 6 - kmalloc_pagealloc_invalid_free [ 2914.596008] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2914.598084] ================================================================== [ 2914.599717] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2914.600499] Read of size 1 at addr ffff888036c80000 by task kunit_try_catch/48575 [ 2914.601437] CPU: 0 PID: 48575 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.602793] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.603444] Call Trace: [ 2914.603720] [ 2914.603963] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2914.604508] dump_stack_lvl+0x57/0x81 [ 2914.604908] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.605520] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2914.606038] print_report.cold+0x5c/0x237 [ 2914.606461] kasan_report+0xc9/0x100 [ 2914.606842] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2914.607366] pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2914.607871] ? krealloc_more_oob+0x10/0x10 [test_kasan] [ 2914.608411] ? do_raw_spin_trylock+0xb5/0x180 [ 2914.608869] ? do_raw_spin_lock+0x270/0x270 [ 2914.609312] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.609884] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.610411] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.610914] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.611439] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.612065] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.612592] kthread+0x2a4/0x350 [ 2914.612937] ? kthread_complete_and_exit+0x20/0x20 [ 2914.613450] ret_from_fork+0x1f/0x30 [ 2914.613838] [ 2914.614256] The buggy address belongs to the physical page: [ 2914.614819] page:0000000035248fca refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x36c80 [ 2914.615775] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2914.616431] raw: 000fffffc0000000 ffff88813ffd3bd8 ffff88813ffd3bd8 0000000000000000 [ 2914.617232] raw: 0000000000000000 0000000000000007 00000000ffffff7f 0000000000000000 [ 2914.618036] page dumped because: kasan: bad access detected [ 2914.618800] Memory state around the buggy address: [ 2914.619317] ffff888036c7ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.620042] ffff888036c7ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.620815] >ffff888036c80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2914.621571] ^ [ 2914.621926] ffff888036c80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2914.622688] ffff888036c80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2914.623446] ================================================================== [ 2914.624350] ok 8 - pagealloc_uaf [ 2914.626001] ================================================================== [ 2914.627188] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2914.628111] Write of size 1 at addr ffff888002c3df00 by task kunit_try_catch/48576 [ 2914.629118] CPU: 0 PID: 48576 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.630522] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.631112] Call Trace: [ 2914.631377] [ 2914.631611] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2914.632223] dump_stack_lvl+0x57/0x81 [ 2914.632638] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.633292] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2914.633918] print_report.cold+0x5c/0x237 [ 2914.634356] kasan_report+0xc9/0x100 [ 2914.634750] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2914.635382] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2914.635975] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan] [ 2914.636514] ? do_raw_spin_trylock+0xb5/0x180 [ 2914.636970] ? do_raw_spin_lock+0x270/0x270 [ 2914.637412] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.637983] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.638507] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.639049] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.639594] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.640251] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.640779] kthread+0x2a4/0x350 [ 2914.641129] ? kthread_complete_and_exit+0x20/0x20 [ 2914.641626] ret_from_fork+0x1f/0x30 [ 2914.642011] [ 2914.642431] Allocated by task 48576: [ 2914.642824] kasan_save_stack+0x1e/0x40 [ 2914.643239] __kasan_kmalloc+0x81/0xa0 [ 2914.643644] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan] [ 2914.644258] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.644759] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.645419] kthread+0x2a4/0x350 [ 2914.645775] ret_from_fork+0x1f/0x30 [ 2914.646350] The buggy address belongs to the object at ffff888002c3c000 which belongs to the cache kmalloc-8k of size 8192 [ 2914.647631] The buggy address is located 7936 bytes inside of 8192-byte region [ffff888002c3c000, ffff888002c3e000) [ 2914.649036] The buggy address belongs to the physical page: [ 2914.649622] page:0000000029693ae7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c38 [ 2914.650607] head:0000000029693ae7 order:3 compound_mapcount:0 compound_pincount:0 [ 2914.651387] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.652158] raw: 000fffffc0010200 0000000000000000 dead000000000001 ffff888100042280 [ 2914.652963] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 2914.653767] page dumped because: kasan: bad access detected [ 2914.654537] Memory state around the buggy address: [ 2914.655050] ffff888002c3de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.655806] ffff888002c3de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.656561] >ffff888002c3df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.657318] ^ [ 2914.657671] ffff888002c3df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.658432] ffff888002c3e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.659184] ================================================================== [ 2914.660036] ok 9 - kmalloc_large_oob_right [ 2914.662069] ================================================================== [ 2914.663335] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.664215] Write of size 1 at addr ffff888017d69ceb by task kunit_try_catch/48577 [ 2914.665154] CPU: 0 PID: 48577 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.666512] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.667102] Call Trace: [ 2914.667365] [ 2914.667598] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.668220] dump_stack_lvl+0x57/0x81 [ 2914.668608] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.669208] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.669820] print_report.cold+0x5c/0x237 [ 2914.670244] kasan_report+0xc9/0x100 [ 2914.670624] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.671245] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.671843] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2914.672380] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.672874] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.673365] ? lock_acquire+0x4ea/0x620 [ 2914.673769] ? rcu_read_unlock+0x40/0x40 [ 2914.674207] ? rcu_read_unlock+0x40/0x40 [ 2914.674628] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.675134] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.675726] ? do_raw_spin_lock+0x270/0x270 [ 2914.676187] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.676850] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.677386] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.677926] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.678452] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.678973] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.679600] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.680133] kthread+0x2a4/0x350 [ 2914.680508] ? kthread_complete_and_exit+0x20/0x20 [ 2914.681022] ret_from_fork+0x1f/0x30 [ 2914.681426] [ 2914.681856] Allocated by task 48577: [ 2914.682264] kasan_save_stack+0x1e/0x40 [ 2914.682676] __kasan_krealloc+0xee/0x160 [ 2914.683100] krealloc+0x50/0xe0 [ 2914.683470] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 2914.684102] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.684609] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.685233] kthread+0x2a4/0x350 [ 2914.685578] ret_from_fork+0x1f/0x30 [ 2914.686132] The buggy address belongs to the object at ffff888017d69c00 which belongs to the cache kmalloc-256 of size 256 [ 2914.687490] The buggy address is located 235 bytes inside of 256-byte region [ffff888017d69c00, ffff888017d69d00) [ 2914.688952] The buggy address belongs to the physical page: [ 2914.689534] page:000000002ec44518 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17d69 [ 2914.690469] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.691166] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888100041b40 [ 2914.691940] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2914.692721] page dumped because: kasan: bad access detected [ 2914.693562] Memory state around the buggy address: [ 2914.694076] ffff888017d69b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.694815] ffff888017d69c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.695545] >ffff888017d69c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 2914.696279] ^ [ 2914.696945] ffff888017d69d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.697677] ffff888017d69d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.698408] ================================================================== [ 2914.699273] ================================================================== [ 2914.700031] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.700927] Write of size 1 at addr ffff888017d69cf0 by task kunit_try_catch/48577 [ 2914.701976] CPU: 0 PID: 48577 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.703515] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.704137] Call Trace: [ 2914.704401] [ 2914.704634] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.705252] dump_stack_lvl+0x57/0x81 [ 2914.705636] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.706230] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.706843] print_report.cold+0x5c/0x237 [ 2914.707305] kasan_report+0xc9/0x100 [ 2914.707696] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.708339] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.708964] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2914.709521] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.710026] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.710563] ? lock_acquire+0x4ea/0x620 [ 2914.710981] ? rcu_read_unlock+0x40/0x40 [ 2914.711408] ? rcu_read_unlock+0x40/0x40 [ 2914.711828] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.712364] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.713015] ? do_raw_spin_lock+0x270/0x270 [ 2914.713524] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.714255] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.714809] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.715427] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.716010] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.716575] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.717222] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.717777] kthread+0x2a4/0x350 [ 2914.718136] ? kthread_complete_and_exit+0x20/0x20 [ 2914.718651] ret_from_fork+0x1f/0x30 [ 2914.719056] [ 2914.719522] Allocated by task 48577: [ 2914.719952] kasan_save_stack+0x1e/0x40 [ 2914.720431] __kasan_krealloc+0xee/0x160 [ 2914.720901] krealloc+0x50/0xe0 [ 2914.721289] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 2914.721909] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.722431] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.723057] kthread+0x2a4/0x350 [ 2914.723472] ret_from_fork+0x1f/0x30 [ 2914.724043] The buggy address belongs to the object at ffff888017d69c00 which belongs to the cache kmalloc-256 of size 256 [ 2914.725326] The buggy address is located 240 bytes inside of 256-byte region [ffff888017d69c00, ffff888017d69d00) [ 2914.726727] The buggy address belongs to the physical page: [ 2914.727319] page:000000002ec44518 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17d69 [ 2914.728284] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.728976] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888100041b40 [ 2914.729755] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2914.730533] page dumped because: kasan: bad access detected [ 2914.731286] Memory state around the buggy address: [ 2914.731780] ffff888017d69b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.732514] ffff888017d69c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.733247] >ffff888017d69c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 2914.733977] ^ [ 2914.734672] ffff888017d69d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.735408] ffff888017d69d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.736144] ================================================================== [ 2914.737374] ok 10 - krealloc_more_oob [ 2914.741079] ================================================================== [ 2914.742319] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2914.743229] Write of size 1 at addr ffff8880028f78c9 by task kunit_try_catch/48578 [ 2914.744209] CPU: 0 PID: 48578 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.745566] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.746154] Call Trace: [ 2914.746417] [ 2914.746648] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2914.747300] dump_stack_lvl+0x57/0x81 [ 2914.747700] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.748320] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2914.748952] print_report.cold+0x5c/0x237 [ 2914.749390] kasan_report+0xc9/0x100 [ 2914.749783] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2914.750425] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2914.751047] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2914.751577] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.752069] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.752583] ? lock_acquire+0x4ea/0x620 [ 2914.752986] ? rcu_read_unlock+0x40/0x40 [ 2914.753482] ? rcu_read_unlock+0x40/0x40 [ 2914.753905] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.754419] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.755008] ? do_raw_spin_lock+0x270/0x270 [ 2914.755460] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.756088] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.756601] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.757131] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.757636] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.758161] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.758781] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.759314] kthread+0x2a4/0x350 [ 2914.759656] ? kthread_complete_and_exit+0x20/0x20 [ 2914.760163] ret_from_fork+0x1f/0x30 [ 2914.760550] [ 2914.760963] Allocated by task 48578: [ 2914.761340] kasan_save_stack+0x1e/0x40 [ 2914.761740] __kasan_krealloc+0xee/0x160 [ 2914.762150] krealloc+0x50/0xe0 [ 2914.762484] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2914.763086] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.763587] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.764210] kthread+0x2a4/0x350 [ 2914.764552] ret_from_fork+0x1f/0x30 [ 2914.765119] The buggy address belongs to the object at ffff8880028f7800 which belongs to the cache kmalloc-256 of size 256 [ 2914.766355] The buggy address is located 201 bytes inside of 256-byte region [ffff8880028f7800, ffff8880028f7900) [ 2914.767693] The buggy address belongs to the physical page: [ 2914.768258] page:000000005b4969bb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28f7 [ 2914.769178] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.769871] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041b40 [ 2914.770690] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2914.771494] page dumped because: kasan: bad access detected [ 2914.772283] Memory state around the buggy address: [ 2914.772791] ffff8880028f7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.773550] ffff8880028f7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.774311] >ffff8880028f7880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2914.775037] ^ [ 2914.775602] ffff8880028f7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.776335] ffff8880028f7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.777098] ================================================================== [ 2914.777891] ================================================================== [ 2914.778645] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2914.779524] Write of size 1 at addr ffff8880028f78d0 by task kunit_try_catch/48578 [ 2914.780466] CPU: 0 PID: 48578 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.781823] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.782414] Call Trace: [ 2914.782676] [ 2914.782910] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2914.783603] dump_stack_lvl+0x57/0x81 [ 2914.784003] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.784617] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2914.785264] print_report.cold+0x5c/0x237 [ 2914.785683] kasan_report+0xc9/0x100 [ 2914.786066] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2914.786682] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2914.787288] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2914.787832] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.788343] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.788846] ? lock_acquire+0x4ea/0x620 [ 2914.789269] ? rcu_read_unlock+0x40/0x40 [ 2914.789676] ? rcu_read_unlock+0x40/0x40 [ 2914.790088] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.790576] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.791151] ? do_raw_spin_lock+0x270/0x270 [ 2914.791591] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.792219] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.792731] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.793263] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.793771] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.794297] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.794917] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.795448] kthread+0x2a4/0x350 [ 2914.795791] ? kthread_complete_and_exit+0x20/0x20 [ 2914.796291] ret_from_fork+0x1f/0x30 [ 2914.796676] [ 2914.797092] Allocated by task 48578: [ 2914.797489] kasan_save_stack+0x1e/0x40 [ 2914.797903] __kasan_krealloc+0xee/0x160 [ 2914.798326] krealloc+0x50/0xe0 [ 2914.798674] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2914.799295] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.799817] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.800490] kthread+0x2a4/0x350 [ 2914.800846] ret_from_fork+0x1f/0x30 [ 2914.801419] The buggy address belongs to the object at ffff8880028f7800 which belongs to the cache kmalloc-256 of size 256 [ 2914.802734] The buggy address is located 208 bytes inside of 256-byte region [ffff8880028f7800, ffff8880028f7900) [ 2914.804138] The buggy address belongs to the physical page: [ 2914.804704] page:000000005b4969bb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28f7 [ 2914.805624] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.806320] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041b40 [ 2914.807100] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2914.807870] page dumped because: kasan: bad access detected [ 2914.808613] Memory state around the buggy address: [ 2914.809109] ffff8880028f7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.809840] ffff8880028f7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.810577] >ffff8880028f7880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2914.811311] ^ [ 2914.811909] ffff8880028f7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.812645] ffff8880028f7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.813440] ================================================================== [ 2914.814222] ================================================================== [ 2914.814981] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2914.815875] Write of size 1 at addr ffff8880028f78da by task kunit_try_catch/48578 [ 2914.816816] CPU: 0 PID: 48578 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.818339] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.819013] Call Trace: [ 2914.819315] [ 2914.819546] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2914.820166] dump_stack_lvl+0x57/0x81 [ 2914.820556] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.821150] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2914.821759] print_report.cold+0x5c/0x237 [ 2914.822180] kasan_report+0xc9/0x100 [ 2914.822559] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2914.823199] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2914.823823] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2914.824354] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.824860] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.825372] ? lock_acquire+0x4ea/0x620 [ 2914.825773] ? rcu_read_unlock+0x40/0x40 [ 2914.826185] ? rcu_read_unlock+0x40/0x40 [ 2914.826590] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.827115] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.827747] ? do_raw_spin_lock+0x270/0x270 [ 2914.828252] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.828896] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.829432] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.829956] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.830500] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.831036] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.831683] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.832236] kthread+0x2a4/0x350 [ 2914.832589] ? kthread_complete_and_exit+0x20/0x20 [ 2914.833104] ret_from_fork+0x1f/0x30 [ 2914.833503] [ 2914.833935] Allocated by task 48578: [ 2914.834342] kasan_save_stack+0x1e/0x40 [ 2914.834741] __kasan_krealloc+0xee/0x160 [ 2914.835147] krealloc+0x50/0xe0 [ 2914.835481] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2914.836081] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.836620] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.837266] kthread+0x2a4/0x350 [ 2914.837621] ret_from_fork+0x1f/0x30 [ 2914.838201] The buggy address belongs to the object at ffff8880028f7800 which belongs to the cache kmalloc-256 of size 256 [ 2914.839459] The buggy address is located 218 bytes inside of 256-byte region [ffff8880028f7800, ffff8880028f7900) [ 2914.840911] The buggy address belongs to the physical page: [ 2914.841529] page:000000005b4969bb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28f7 [ 2914.842480] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.843255] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041b40 [ 2914.844061] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2914.844863] page dumped because: kasan: bad access detected [ 2914.845625] Memory state around the buggy address: [ 2914.846119] ffff8880028f7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.846873] ffff8880028f7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.847631] >ffff8880028f7880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2914.848385] ^ [ 2914.849023] ffff8880028f7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.849767] ffff8880028f7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.850502] ================================================================== [ 2914.851609] ================================================================== [ 2914.852445] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2914.853356] Write of size 1 at addr ffff8880028f78ea by task kunit_try_catch/48578 [ 2914.854331] CPU: 0 PID: 48578 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.855735] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.856342] Call Trace: [ 2914.856613] [ 2914.856855] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2914.857494] dump_stack_lvl+0x57/0x81 [ 2914.857891] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.858498] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2914.859115] print_report.cold+0x5c/0x237 [ 2914.859530] kasan_report+0xc9/0x100 [ 2914.859907] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2914.860556] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2914.861180] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2914.861709] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.862250] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.862753] ? lock_acquire+0x4ea/0x620 [ 2914.863172] ? rcu_read_unlock+0x40/0x40 [ 2914.863596] ? rcu_read_unlock+0x40/0x40 [ 2914.864016] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.864526] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.865131] ? do_raw_spin_lock+0x270/0x270 [ 2914.865587] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.866243] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.866773] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.867317] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.867839] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.868383] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.869037] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.869588] kthread+0x2a4/0x350 [ 2914.869942] ? kthread_complete_and_exit+0x20/0x20 [ 2914.870466] ret_from_fork+0x1f/0x30 [ 2914.870865] [ 2914.871299] Allocated by task 48578: [ 2914.871692] kasan_save_stack+0x1e/0x40 [ 2914.872121] __kasan_krealloc+0xee/0x160 [ 2914.872527] krealloc+0x50/0xe0 [ 2914.872863] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2914.873525] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.874044] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.874691] kthread+0x2a4/0x350 [ 2914.875045] ret_from_fork+0x1f/0x30 [ 2914.875612] The buggy address belongs to the object at ffff8880028f7800 which belongs to the cache kmalloc-256 of size 256 [ 2914.876846] The buggy address is located 234 bytes inside of 256-byte region [ffff8880028f7800, ffff8880028f7900) [ 2914.878251] The buggy address belongs to the physical page: [ 2914.878834] page:000000005b4969bb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28f7 [ 2914.879782] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.880477] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041b40 [ 2914.881255] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2914.882030] page dumped because: kasan: bad access detected [ 2914.882771] Memory state around the buggy address: [ 2914.883266] ffff8880028f7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.883992] ffff8880028f7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.884723] >ffff8880028f7880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2914.885482] ^ [ 2914.886175] ffff8880028f7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.886910] ffff8880028f7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.887638] ================================================================== [ 2914.888393] ================================================================== [ 2914.889126] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2914.890002] Write of size 1 at addr ffff8880028f78eb by task kunit_try_catch/48578 [ 2914.890989] CPU: 0 PID: 48578 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.892422] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.893027] Call Trace: [ 2914.893306] [ 2914.893547] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2914.894194] dump_stack_lvl+0x57/0x81 [ 2914.894578] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.895167] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2914.895779] print_report.cold+0x5c/0x237 [ 2914.896203] kasan_report+0xc9/0x100 [ 2914.896579] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2914.897200] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2914.897831] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2914.898363] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.898868] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.899378] ? lock_acquire+0x4ea/0x620 [ 2914.899792] ? rcu_read_unlock+0x40/0x40 [ 2914.900225] ? rcu_read_unlock+0x40/0x40 [ 2914.900631] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.901123] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.901710] ? do_raw_spin_lock+0x270/0x270 [ 2914.902165] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.902811] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.903377] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.903916] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.904451] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.904988] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.905636] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.906193] kthread+0x2a4/0x350 [ 2914.906536] ? kthread_complete_and_exit+0x20/0x20 [ 2914.907065] ret_from_fork+0x1f/0x30 [ 2914.907465] [ 2914.907895] Allocated by task 48578: [ 2914.908285] kasan_save_stack+0x1e/0x40 [ 2914.908722] __kasan_krealloc+0xee/0x160 [ 2914.909204] krealloc+0x50/0xe0 [ 2914.909590] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2914.910283] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.910864] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.911546] kthread+0x2a4/0x350 [ 2914.911901] ret_from_fork+0x1f/0x30 [ 2914.912477] The buggy address belongs to the object at ffff8880028f7800 which belongs to the cache kmalloc-256 of size 256 [ 2914.913756] The buggy address is located 235 bytes inside of 256-byte region [ffff8880028f7800, ffff8880028f7900) [ 2914.915148] The buggy address belongs to the physical page: [ 2914.915729] page:000000005b4969bb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28f7 [ 2914.916681] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.917399] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041b40 [ 2914.918208] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2914.919010] page dumped because: kasan: bad access detected [ 2914.919766] Memory state around the buggy address: [ 2914.920283] ffff8880028f7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.921034] ffff8880028f7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.921789] >ffff8880028f7880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2914.922571] ^ [ 2914.923261] ffff8880028f7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.924014] ffff8880028f7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2914.924762] ================================================================== [ 2914.925694] ok 11 - krealloc_less_oob [ 2914.927982] ================================================================== [ 2914.929210] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.930093] Write of size 1 at addr ffff888036c6a0eb by task kunit_try_catch/48579 [ 2914.931031] CPU: 0 PID: 48579 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.932399] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.932987] Call Trace: [ 2914.933312] [ 2914.933554] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.934197] dump_stack_lvl+0x57/0x81 [ 2914.934596] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.935215] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.935827] print_report.cold+0x5c/0x237 [ 2914.936257] kasan_report+0xc9/0x100 [ 2914.936637] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.937255] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2914.937853] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2914.938393] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.938879] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.939367] ? lock_acquire+0x4ea/0x620 [ 2914.939804] ? rcu_read_unlock+0x40/0x40 [ 2914.940231] ? rcu_read_unlock+0x40/0x40 [ 2914.940651] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.941170] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.941756] ? do_raw_spin_lock+0x270/0x270 [ 2914.942210] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.942856] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.943396] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.943936] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.944463] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.945019] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.945669] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.946215] kthread+0x2a4/0x350 [ 2914.946579] ? kthread_complete_and_exit+0x20/0x20 [ 2914.947096] ret_from_fork+0x1f/0x30 [ 2914.947497] [ 2914.947935] The buggy address belongs to the physical page: [ 2914.948522] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2914.949485] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2914.950270] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.950990] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2914.951797] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2914.952599] page dumped because: kasan: bad access detected [ 2914.953368] Memory state around the buggy address: [ 2914.953877] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.954654] ffff888036c6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.955385] >ffff888036c6a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 2914.956138] ^ [ 2914.956828] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2914.957583] ffff888036c6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2914.958342] ================================================================== [ 2914.959180] ================================================================== [ 2914.959913] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.960799] Write of size 1 at addr ffff888036c6a0f0 by task kunit_try_catch/48579 [ 2914.961735] CPU: 0 PID: 48579 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.963092] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2914.963750] Call Trace: [ 2914.964023] [ 2914.964271] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.964909] dump_stack_lvl+0x57/0x81 [ 2914.965314] print_address_description.constprop.0+0x1f/0x1e0 [ 2914.965904] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.966523] print_report.cold+0x5c/0x237 [ 2914.966942] kasan_report+0xc9/0x100 [ 2914.967324] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.967939] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2914.968545] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2914.969085] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.969573] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.970060] ? lock_acquire+0x4ea/0x620 [ 2914.970462] ? rcu_read_unlock+0x40/0x40 [ 2914.970871] ? rcu_read_unlock+0x40/0x40 [ 2914.971283] ? rcu_read_lock_sched_held+0x12/0x80 [ 2914.971769] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2914.972340] ? do_raw_spin_lock+0x270/0x270 [ 2914.972773] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2914.973406] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2914.973918] ? kunit_add_resource+0x197/0x280 [kunit] [ 2914.974448] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2914.974951] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2914.975474] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2914.976178] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2914.976790] kthread+0x2a4/0x350 [ 2914.977197] ? kthread_complete_and_exit+0x20/0x20 [ 2914.977744] ret_from_fork+0x1f/0x30 [ 2914.978218] [ 2914.978701] The buggy address belongs to the physical page: [ 2914.979364] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2914.980445] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2914.981328] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2914.982134] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2914.983030] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2914.983891] page dumped because: kasan: bad access detected [ 2914.984753] Memory state around the buggy address: [ 2914.985332] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.986183] ffff888036c6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2914.986935] >ffff888036c6a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 2914.987692] ^ [ 2914.988422] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2914.989176] ffff888036c6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2914.989928] ================================================================== [ 2914.992384] ok 12 - krealloc_pagealloc_more_oob [ 2914.994994] ================================================================== [ 2914.996443] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2914.997348] Write of size 1 at addr ffff888036c6a0c9 by task kunit_try_catch/48580 [ 2914.998331] CPU: 0 PID: 48580 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2914.999683] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.000310] Call Trace: [ 2915.000574] [ 2915.000805] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2915.001424] dump_stack_lvl+0x57/0x81 [ 2915.001812] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.002405] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2915.003019] print_report.cold+0x5c/0x237 [ 2915.003445] kasan_report+0xc9/0x100 [ 2915.003825] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2915.004482] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2915.005122] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2915.005634] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.006126] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.006613] ? lock_acquire+0x4ea/0x620 [ 2915.007014] ? rcu_read_unlock+0x40/0x40 [ 2915.007426] ? rcu_read_unlock+0x40/0x40 [ 2915.007834] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.008327] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.008895] ? do_raw_spin_lock+0x270/0x270 [ 2915.009334] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2915.009958] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.010474] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.011000] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.011509] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.012030] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.012692] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.013247] kthread+0x2a4/0x350 [ 2915.013655] ? kthread_complete_and_exit+0x20/0x20 [ 2915.014235] ret_from_fork+0x1f/0x30 [ 2915.014635] [ 2915.015067] The buggy address belongs to the physical page: [ 2915.015662] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2915.016629] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2915.017412] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.018161] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2915.018965] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2915.019767] page dumped because: kasan: bad access detected [ 2915.026017] Memory state around the buggy address: [ 2915.026516] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.027249] ffff888036c6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.028008] >ffff888036c6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2915.028762] ^ [ 2915.029351] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.030079] ffff888036c6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.030807] ================================================================== [ 2915.031812] ================================================================== [ 2915.032550] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2915.033430] Write of size 1 at addr ffff888036c6a0d0 by task kunit_try_catch/48580 [ 2915.034370] CPU: 0 PID: 48580 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.035733] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.036323] Call Trace: [ 2915.036588] [ 2915.036826] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2915.037446] dump_stack_lvl+0x57/0x81 [ 2915.037834] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.038428] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2915.039063] print_report.cold+0x5c/0x237 [ 2915.039482] kasan_report+0xc9/0x100 [ 2915.039859] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2915.040481] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2915.041084] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2915.041595] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.042087] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.042574] ? lock_acquire+0x4ea/0x620 [ 2915.042975] ? rcu_read_unlock+0x40/0x40 [ 2915.043390] ? rcu_read_unlock+0x40/0x40 [ 2915.043798] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.044289] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.044896] ? do_raw_spin_lock+0x270/0x270 [ 2915.045351] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2915.046001] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.046532] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.047055] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.047560] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.048086] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.048706] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.049237] kthread+0x2a4/0x350 [ 2915.049578] ? kthread_complete_and_exit+0x20/0x20 [ 2915.050072] ret_from_fork+0x1f/0x30 [ 2915.050458] [ 2915.050907] The buggy address belongs to the physical page: [ 2915.051496] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2915.052456] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2915.053284] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.053999] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2915.054861] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2915.055764] page dumped because: kasan: bad access detected [ 2915.056577] Memory state around the buggy address: [ 2915.057102] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.057855] ffff888036c6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.058613] >ffff888036c6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2915.059368] ^ [ 2915.059993] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.060750] ffff888036c6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.061503] ================================================================== [ 2915.062281] ================================================================== [ 2915.063037] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2915.063929] Write of size 1 at addr ffff888036c6a0da by task kunit_try_catch/48580 [ 2915.064870] CPU: 0 PID: 48580 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.066293] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.066898] Call Trace: [ 2915.067174] [ 2915.067415] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2915.068052] dump_stack_lvl+0x57/0x81 [ 2915.068452] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.069066] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2915.069702] print_report.cold+0x5c/0x237 [ 2915.070137] kasan_report+0xc9/0x100 [ 2915.070527] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2915.071171] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2915.071794] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2915.072358] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.072862] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.073369] ? lock_acquire+0x4ea/0x620 [ 2915.073788] ? rcu_read_unlock+0x40/0x40 [ 2915.074222] ? rcu_read_unlock+0x40/0x40 [ 2915.074632] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.075123] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.075692] ? do_raw_spin_lock+0x270/0x270 [ 2915.076129] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2915.076754] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.077271] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.077837] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.078371] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.078911] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.079560] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.080120] kthread+0x2a4/0x350 [ 2915.080465] ? kthread_complete_and_exit+0x20/0x20 [ 2915.080960] ret_from_fork+0x1f/0x30 [ 2915.081351] [ 2915.081766] The buggy address belongs to the physical page: [ 2915.082333] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2915.083330] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2915.084115] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.084840] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2915.085649] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2915.086461] page dumped because: kasan: bad access detected [ 2915.087237] Memory state around the buggy address: [ 2915.087729] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.088460] ffff888036c6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.089190] >ffff888036c6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2915.089917] ^ [ 2915.090539] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.091270] ffff888036c6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.091995] ================================================================== [ 2915.092740] ================================================================== [ 2915.093508] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2915.094420] Write of size 1 at addr ffff888036c6a0ea by task kunit_try_catch/48580 [ 2915.095488] CPU: 0 PID: 48580 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.096889] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.097497] Call Trace: [ 2915.097769] [ 2915.098010] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2915.098641] dump_stack_lvl+0x57/0x81 [ 2915.099024] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.099653] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2915.100287] print_report.cold+0x5c/0x237 [ 2915.100725] kasan_report+0xc9/0x100 [ 2915.101119] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2915.101757] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2915.102378] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2915.102907] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.103415] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.103918] ? lock_acquire+0x4ea/0x620 [ 2915.104338] ? rcu_read_unlock+0x40/0x40 [ 2915.104747] ? rcu_read_unlock+0x40/0x40 [ 2915.105159] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.105650] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.106223] ? do_raw_spin_lock+0x270/0x270 [ 2915.106659] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2915.107320] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.107847] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.108394] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.108914] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.109460] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.110106] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.110653] kthread+0x2a4/0x350 [ 2915.111010] ? kthread_complete_and_exit+0x20/0x20 [ 2915.111527] ret_from_fork+0x1f/0x30 [ 2915.111925] [ 2915.112358] The buggy address belongs to the physical page: [ 2915.112940] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2915.113958] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2915.114743] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.115462] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2915.116249] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2915.117020] page dumped because: kasan: bad access detected [ 2915.117759] Memory state around the buggy address: [ 2915.118252] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.118977] ffff888036c6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.119710] >ffff888036c6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2915.120441] ^ [ 2915.121108] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.121835] ffff888036c6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.122562] ================================================================== [ 2915.123302] ================================================================== [ 2915.124033] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2915.124912] Write of size 1 at addr ffff888036c6a0eb by task kunit_try_catch/48580 [ 2915.125854] CPU: 0 PID: 48580 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.127208] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.127795] Call Trace: [ 2915.128065] [ 2915.128297] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2915.128929] dump_stack_lvl+0x57/0x81 [ 2915.129331] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.129920] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2915.130571] print_report.cold+0x5c/0x237 [ 2915.131005] kasan_report+0xc9/0x100 [ 2915.131402] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2915.132044] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2915.132691] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2915.133229] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.133733] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.134243] ? lock_acquire+0x4ea/0x620 [ 2915.134658] ? rcu_read_unlock+0x40/0x40 [ 2915.135091] ? rcu_read_unlock+0x40/0x40 [ 2915.135511] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.136014] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.136616] ? do_raw_spin_lock+0x270/0x270 [ 2915.137073] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2915.137731] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.138267] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.138808] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.139336] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.139877] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.140521] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.141072] kthread+0x2a4/0x350 [ 2915.141429] ? kthread_complete_and_exit+0x20/0x20 [ 2915.141926] ret_from_fork+0x1f/0x30 [ 2915.142320] [ 2915.142735] The buggy address belongs to the physical page: [ 2915.143372] page:00000000d199dffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c68 [ 2915.144334] head:00000000d199dffc order:2 compound_mapcount:0 compound_pincount:0 [ 2915.145116] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.145831] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2915.146639] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2915.147444] page dumped because: kasan: bad access detected [ 2915.148218] Memory state around the buggy address: [ 2915.148709] ffff888036c69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.149439] ffff888036c6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.150200] >ffff888036c6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2915.150948] ^ [ 2915.151632] ffff888036c6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.152361] ffff888036c6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2915.153091] ================================================================== [ 2915.157058] ok 13 - krealloc_pagealloc_less_oob [ 2915.159079] ================================================================== [ 2915.160406] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2915.161190] Read of size 1 at addr ffff888003941600 by task kunit_try_catch/48581 [ 2915.162123] CPU: 0 PID: 48581 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.163526] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.164138] Call Trace: [ 2915.164410] [ 2915.164651] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2915.165197] dump_stack_lvl+0x57/0x81 [ 2915.165583] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.166179] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2915.166689] print_report.cold+0x5c/0x237 [ 2915.167113] kasan_report+0xc9/0x100 [ 2915.167493] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2915.168012] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2915.168528] __kasan_check_byte+0x36/0x50 [ 2915.168945] krealloc+0x2e/0xe0 [ 2915.169288] krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2915.169808] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 2915.170488] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.170995] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.171502] ? lock_acquire+0x4ea/0x620 [ 2915.171923] ? rcu_read_unlock+0x40/0x40 [ 2915.172347] ? rcu_read_unlock+0x40/0x40 [ 2915.172772] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.173316] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.173907] ? do_raw_spin_lock+0x270/0x270 [ 2915.174362] ? trace_hardirqs_on+0x2d/0x160 [ 2915.174831] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.175365] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.175907] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.176434] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.176973] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.177615] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.178184] kthread+0x2a4/0x350 [ 2915.178600] ? kthread_complete_and_exit+0x20/0x20 [ 2915.179178] ret_from_fork+0x1f/0x30 [ 2915.179627] [ 2915.180124] Allocated by task 48581: [ 2915.180510] kasan_save_stack+0x1e/0x40 [ 2915.180923] __kasan_kmalloc+0x81/0xa0 [ 2915.181332] krealloc_uaf+0xaa/0x450 [test_kasan] [ 2915.181819] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.182325] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.182963] kthread+0x2a4/0x350 [ 2915.183306] ret_from_fork+0x1f/0x30 [ 2915.183855] Freed by task 48581: [ 2915.184199] kasan_save_stack+0x1e/0x40 [ 2915.184598] kasan_set_track+0x21/0x30 [ 2915.184988] kasan_set_free_info+0x20/0x40 [ 2915.185454] __kasan_slab_free+0x108/0x170 [ 2915.185892] slab_free_freelist_hook+0x11d/0x1d0 [ 2915.186395] kfree+0xe2/0x3c0 [ 2915.186724] krealloc_uaf+0x147/0x450 [test_kasan] [ 2915.187248] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.187754] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.188381] kthread+0x2a4/0x350 [ 2915.188723] ret_from_fork+0x1f/0x30 [ 2915.189277] Last potentially related work creation: [ 2915.189783] kasan_save_stack+0x1e/0x40 [ 2915.190211] __kasan_record_aux_stack+0x96/0xb0 [ 2915.190696] kvfree_call_rcu+0x7d/0x840 [ 2915.191115] dma_resv_list_free.part.0+0xd4/0x130 [ 2915.191617] dma_resv_fini+0x38/0x50 [ 2915.192006] drm_gem_object_release+0x73/0x100 [drm] [ 2915.192743] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 2915.193239] ttm_bo_release+0x688/0xbc0 [ttm] [ 2915.193698] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 2915.194214] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 2915.194767] process_one_work+0x8e2/0x1520 [ 2915.195197] worker_thread+0x59e/0xf90 [ 2915.195587] kthread+0x2a4/0x350 [ 2915.195930] ret_from_fork+0x1f/0x30 [ 2915.196486] The buggy address belongs to the object at ffff888003941600 which belongs to the cache kmalloc-256 of size 256 [ 2915.197727] The buggy address is located 0 bytes inside of 256-byte region [ffff888003941600, ffff888003941700) [ 2915.199057] The buggy address belongs to the physical page: [ 2915.199623] page:000000003453e9ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3941 [ 2915.200547] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.201245] raw: 000fffffc0000200 ffffea0000178800 dead000000000006 ffff888100041b40 [ 2915.202021] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2915.202801] page dumped because: kasan: bad access detected [ 2915.203585] Memory state around the buggy address: [ 2915.204085] ffff888003941500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.204811] ffff888003941580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.205578] >ffff888003941600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.206312] ^ [ 2915.206653] ffff888003941680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.207386] ffff888003941700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.208116] ================================================================== [ 2915.208923] ================================================================== [ 2915.209708] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan] [ 2915.210506] Read of size 1 at addr ffff888003941600 by task kunit_try_catch/48581 [ 2915.211591] CPU: 0 PID: 48581 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.213070] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.213745] Call Trace: [ 2915.214054] [ 2915.214311] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2915.214843] dump_stack_lvl+0x57/0x81 [ 2915.215246] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.215857] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2915.216394] print_report.cold+0x5c/0x237 [ 2915.216828] kasan_report+0xc9/0x100 [ 2915.217227] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2915.217757] krealloc_uaf+0x42e/0x450 [test_kasan] [ 2915.218277] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 2915.218954] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.219461] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.219966] ? lock_acquire+0x4ea/0x620 [ 2915.220384] ? rcu_read_unlock+0x40/0x40 [ 2915.220806] ? rcu_read_unlock+0x40/0x40 [ 2915.221231] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.221737] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.222331] ? do_raw_spin_lock+0x270/0x270 [ 2915.222781] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit] [ 2915.223442] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.223973] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.224518] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.225022] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.225548] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.226175] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.226705] kthread+0x2a4/0x350 [ 2915.227049] ? kthread_complete_and_exit+0x20/0x20 [ 2915.227545] ret_from_fork+0x1f/0x30 [ 2915.227930] [ 2915.228368] Allocated by task 48581: [ 2915.228752] kasan_save_stack+0x1e/0x40 [ 2915.229179] __kasan_kmalloc+0x81/0xa0 [ 2915.229570] krealloc_uaf+0xaa/0x450 [test_kasan] [ 2915.230058] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.230559] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.231189] kthread+0x2a4/0x350 [ 2915.231533] ret_from_fork+0x1f/0x30 [ 2915.232086] Freed by task 48581: [ 2915.232430] kasan_save_stack+0x1e/0x40 [ 2915.232829] kasan_set_track+0x21/0x30 [ 2915.233256] kasan_set_free_info+0x20/0x40 [ 2915.233682] __kasan_slab_free+0x108/0x170 [ 2915.234112] slab_free_freelist_hook+0x11d/0x1d0 [ 2915.234591] kfree+0xe2/0x3c0 [ 2915.234910] krealloc_uaf+0x147/0x450 [test_kasan] [ 2915.235410] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.235912] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.236557] kthread+0x2a4/0x350 [ 2915.236898] ret_from_fork+0x1f/0x30 [ 2915.237456] Last potentially related work creation: [ 2915.237954] kasan_save_stack+0x1e/0x40 [ 2915.238359] __kasan_record_aux_stack+0x96/0xb0 [ 2915.238831] kvfree_call_rcu+0x7d/0x840 [ 2915.239233] dma_resv_list_free.part.0+0xd4/0x130 [ 2915.239721] dma_resv_fini+0x38/0x50 [ 2915.240129] drm_gem_object_release+0x73/0x100 [drm] [ 2915.240686] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 2915.241192] ttm_bo_release+0x688/0xbc0 [ttm] [ 2915.241667] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 2915.242206] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 2915.242777] process_one_work+0x8e2/0x1520 [ 2915.243226] worker_thread+0x59e/0xf90 [ 2915.243619] kthread+0x2a4/0x350 [ 2915.243962] ret_from_fork+0x1f/0x30 [ 2915.244519] The buggy address belongs to the object at ffff888003941600 which belongs to the cache kmalloc-256 of size 256 [ 2915.245805] The buggy address is located 0 bytes inside of 256-byte region [ffff888003941600, ffff888003941700) [ 2915.247197] The buggy address belongs to the physical page: [ 2915.247763] page:000000003453e9ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3941 [ 2915.248689] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.249420] raw: 000fffffc0000200 ffffea0000178800 dead000000000006 ffff888100041b40 [ 2915.250229] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 2915.251027] page dumped because: kasan: bad access detected [ 2915.251805] Memory state around the buggy address: [ 2915.252370] ffff888003941500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.253217] ffff888003941580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.253971] >ffff888003941600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.254742] ^ [ 2915.255105] ffff888003941680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.255859] ffff888003941700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.256649] ================================================================== [ 2915.259801] ok 14 - krealloc_uaf [ 2915.262159] ================================================================== [ 2915.263376] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2915.264204] Write of size 16 at addr ffff88800535f3c0 by task kunit_try_catch/48582 [ 2915.265195] CPU: 0 PID: 48582 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.266548] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.267138] Call Trace: [ 2915.267402] [ 2915.267634] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2915.268172] dump_stack_lvl+0x57/0x81 [ 2915.268559] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.269155] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2915.269682] print_report.cold+0x5c/0x237 [ 2915.270103] kasan_report+0xc9/0x100 [ 2915.270482] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2915.271011] kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2915.271592] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan] [ 2915.272209] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.272738] ? do_raw_spin_lock+0x270/0x270 [ 2915.273243] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.273830] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.274369] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.274913] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.275441] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.275961] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.276591] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.277121] kthread+0x2a4/0x350 [ 2915.277463] ? kthread_complete_and_exit+0x20/0x20 [ 2915.277959] ret_from_fork+0x1f/0x30 [ 2915.278351] [ 2915.278789] Allocated by task 48582: [ 2915.279184] kasan_save_stack+0x1e/0x40 [ 2915.279597] __kasan_kmalloc+0x81/0xa0 [ 2915.280001] kmalloc_oob_16+0xa4/0x3b0 [test_kasan] [ 2915.280529] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.281031] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.281664] kthread+0x2a4/0x350 [ 2915.282007] ret_from_fork+0x1f/0x30 [ 2915.282564] The buggy address belongs to the object at ffff88800535f3c0 which belongs to the cache kmalloc-16 of size 16 [ 2915.283792] The buggy address is located 0 bytes inside of 16-byte region [ffff88800535f3c0, ffff88800535f3d0) [ 2915.285118] The buggy address belongs to the physical page: [ 2915.285681] page:00000000024f4ae5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x535f [ 2915.286605] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.287301] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2915.288078] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2915.288896] page dumped because: kasan: bad access detected [ 2915.289664] Memory state around the buggy address: [ 2915.290182] ffff88800535f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 2915.290936] ffff88800535f300: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2915.291715] >ffff88800535f380: 00 00 fc fc 00 00 fc fc 00 05 fc fc fa fb fc fc [ 2915.292474] ^ [ 2915.293081] ffff88800535f400: 00 00 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2915.293833] ffff88800535f480: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2915.294591] ================================================================== [ 2915.295643] ok 15 - kmalloc_oob_16 [ 2915.298009] ================================================================== [ 2915.299187] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2915.299947] Read of size 16 at addr ffff88800535fa80 by task kunit_try_catch/48583 [ 2915.300885] CPU: 0 PID: 48583 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.302248] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.302834] Call Trace: [ 2915.303101] [ 2915.303335] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2915.303865] dump_stack_lvl+0x57/0x81 [ 2915.304255] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.304846] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2915.305378] print_report.cold+0x5c/0x237 [ 2915.305798] kasan_report+0xc9/0x100 [ 2915.306190] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2915.306719] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2915.307237] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan] [ 2915.307740] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.308202] ? do_raw_spin_lock+0x270/0x270 [ 2915.308638] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.309213] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.309723] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.310273] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.310796] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.311357] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.311977] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.312507] kthread+0x2a4/0x350 [ 2915.312853] ? kthread_complete_and_exit+0x20/0x20 [ 2915.313350] ret_from_fork+0x1f/0x30 [ 2915.313736] [ 2915.314159] Allocated by task 48583: [ 2915.314531] kasan_save_stack+0x1e/0x40 [ 2915.314930] __kasan_kmalloc+0x81/0xa0 [ 2915.315323] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan] [ 2915.315834] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.316340] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.316961] kthread+0x2a4/0x350 [ 2915.317307] ret_from_fork+0x1f/0x30 [ 2915.317859] Freed by task 48583: [ 2915.318205] kasan_save_stack+0x1e/0x40 [ 2915.318605] kasan_set_track+0x21/0x30 [ 2915.318997] kasan_set_free_info+0x20/0x40 [ 2915.319424] __kasan_slab_free+0x108/0x170 [ 2915.319846] slab_free_freelist_hook+0x11d/0x1d0 [ 2915.320326] kfree+0xe2/0x3c0 [ 2915.320645] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan] [ 2915.321162] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.321662] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.322289] kthread+0x2a4/0x350 [ 2915.322633] ret_from_fork+0x1f/0x30 [ 2915.323218] The buggy address belongs to the object at ffff88800535fa80 which belongs to the cache kmalloc-16 of size 16 [ 2915.324460] The buggy address is located 0 bytes inside of 16-byte region [ffff88800535fa80, ffff88800535fa90) [ 2915.325816] The buggy address belongs to the physical page: [ 2915.326383] page:00000000024f4ae5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x535f [ 2915.327303] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.328047] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2915.328881] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2915.329723] page dumped because: kasan: bad access detected [ 2915.330551] Memory state around the buggy address: [ 2915.331066] ffff88800535f980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2915.331819] ffff88800535fa00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2915.332567] >ffff88800535fa80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2915.333333] ^ [ 2915.333688] ffff88800535fb00: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 2915.334444] ffff88800535fb80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 2915.335198] ================================================================== [ 2915.336017] ok 16 - kmalloc_uaf_16 [ 2915.337952] ================================================================== [ 2915.339104] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2915.339961] Write of size 128 at addr ffff888105987200 by task kunit_try_catch/48584 [ 2915.340975] CPU: 0 PID: 48584 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.342386] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.342992] Call Trace: [ 2915.343268] [ 2915.343508] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2915.344138] dump_stack_lvl+0x57/0x81 [ 2915.344524] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.345122] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2915.345718] print_report.cold+0x5c/0x237 [ 2915.346144] kasan_report+0xc9/0x100 [ 2915.346524] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2915.347121] kasan_check_range+0xfd/0x1e0 [ 2915.347539] memset+0x20/0x50 [ 2915.347863] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2915.348437] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan] [ 2915.349022] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.349485] ? do_raw_spin_lock+0x270/0x270 [ 2915.349922] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.350498] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.351010] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.351539] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.352051] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.352575] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.353233] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.353759] kthread+0x2a4/0x350 [ 2915.354111] ? kthread_complete_and_exit+0x20/0x20 [ 2915.354608] ret_from_fork+0x1f/0x30 [ 2915.354995] [ 2915.355415] Allocated by task 48584: [ 2915.355819] kasan_save_stack+0x1e/0x40 [ 2915.356240] __kasan_kmalloc+0x81/0xa0 [ 2915.356643] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan] [ 2915.357225] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.357749] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.358399] kthread+0x2a4/0x350 [ 2915.358756] ret_from_fork+0x1f/0x30 [ 2915.359333] The buggy address belongs to the object at ffff888105987200 which belongs to the cache kmalloc-128 of size 128 [ 2915.360620] The buggy address is located 0 bytes inside of 128-byte region [ffff888105987200, ffff888105987280) [ 2915.361994] The buggy address belongs to the physical page: [ 2915.362580] page:0000000011cb2ed7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105987 [ 2915.363560] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2915.364298] raw: 0017ffffc0000200 ffffea000067ebc0 dead000000000004 ffff8881000418c0 [ 2915.365082] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2915.365891] page dumped because: kasan: bad access detected [ 2915.366670] Memory state around the buggy address: [ 2915.367233] ffff888105987100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.367990] ffff888105987180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.368740] >ffff888105987200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2915.369513] ^ [ 2915.370262] ffff888105987280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.371017] ffff888105987300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.371769] ================================================================== [ 2915.373221] ok 17 - kmalloc_oob_in_memset [ 2915.375022] ================================================================== [ 2915.376260] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2915.377103] Write of size 2 at addr ffff888105987677 by task kunit_try_catch/48585 [ 2915.378047] CPU: 0 PID: 48585 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.379449] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.380061] Call Trace: [ 2915.380336] [ 2915.380576] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2915.381185] dump_stack_lvl+0x57/0x81 [ 2915.381584] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.382205] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2915.382789] print_report.cold+0x5c/0x237 [ 2915.383283] kasan_report+0xc9/0x100 [ 2915.383678] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2915.384290] kasan_check_range+0xfd/0x1e0 [ 2915.384704] memset+0x20/0x50 [ 2915.385026] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2915.385593] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan] [ 2915.386180] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.386634] ? do_raw_spin_lock+0x270/0x270 [ 2915.387075] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.387645] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.388162] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.388685] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.389195] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.389711] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.390339] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.390899] kthread+0x2a4/0x350 [ 2915.391262] ? kthread_complete_and_exit+0x20/0x20 [ 2915.391774] ret_from_fork+0x1f/0x30 [ 2915.392189] [ 2915.392605] Allocated by task 48585: [ 2915.392979] kasan_save_stack+0x1e/0x40 [ 2915.393385] __kasan_kmalloc+0x81/0xa0 [ 2915.393799] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan] [ 2915.394353] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.394854] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.395480] kthread+0x2a4/0x350 [ 2915.395824] ret_from_fork+0x1f/0x30 [ 2915.396379] Last potentially related work creation: [ 2915.396880] kasan_save_stack+0x1e/0x40 [ 2915.397283] __kasan_record_aux_stack+0x96/0xb0 [ 2915.397752] kvfree_call_rcu+0x7d/0x840 [ 2915.398156] dma_resv_reserve_fences+0x35d/0x680 [ 2915.398632] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2915.399167] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2915.399697] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2915.400198] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2915.400780] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2915.401459] process_one_work+0x8e2/0x1520 [ 2915.401898] worker_thread+0x59e/0xf90 [ 2915.402335] kthread+0x2a4/0x350 [ 2915.402690] ret_from_fork+0x1f/0x30 [ 2915.403262] Second to last potentially related work creation: [ 2915.403865] kasan_save_stack+0x1e/0x40 [ 2915.404304] __kasan_record_aux_stack+0x96/0xb0 [ 2915.404792] kvfree_call_rcu+0x7d/0x840 [ 2915.405208] dma_resv_reserve_fences+0x35d/0x680 [ 2915.405703] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2915.406257] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2915.406812] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2915.407324] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2915.407922] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2915.408610] process_one_work+0x8e2/0x1520 [ 2915.409053] worker_thread+0x59e/0xf90 [ 2915.409459] kthread+0x2a4/0x350 [ 2915.409799] ret_from_fork+0x1f/0x30 [ 2915.410391] The buggy address belongs to the object at ffff888105987600 which belongs to the cache kmalloc-128 of size 128 [ 2915.411669] The buggy address is located 119 bytes inside of 128-byte region [ffff888105987600, ffff888105987680) [ 2915.413113] The buggy address belongs to the physical page: [ 2915.413707] page:0000000011cb2ed7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105987 [ 2915.414675] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2915.415402] raw: 0017ffffc0000200 ffffea000067ebc0 dead000000000004 ffff8881000418c0 [ 2915.416179] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2915.416955] page dumped because: kasan: bad access detected [ 2915.417699] Memory state around the buggy address: [ 2915.418197] ffff888105987500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.418925] ffff888105987580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.419656] >ffff888105987600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2915.420389] ^ [ 2915.421111] ffff888105987680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.421838] ffff888105987700: 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc [ 2915.422564] ================================================================== [ 2915.423420] ok 18 - kmalloc_oob_memset_2 [ 2915.424930] ================================================================== [ 2915.426193] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2915.427063] Write of size 4 at addr ffff888019fafc75 by task kunit_try_catch/48587 [ 2915.428018] CPU: 0 PID: 48587 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.429398] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.430005] Call Trace: [ 2915.430280] [ 2915.430522] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2915.431126] dump_stack_lvl+0x57/0x81 [ 2915.431524] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.432172] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2915.432774] print_report.cold+0x5c/0x237 [ 2915.433212] kasan_report+0xc9/0x100 [ 2915.433602] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2915.434217] kasan_check_range+0xfd/0x1e0 [ 2915.434635] memset+0x20/0x50 [ 2915.434957] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2915.435523] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan] [ 2915.436145] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.436621] ? do_raw_spin_lock+0x270/0x270 [ 2915.437080] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.437670] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.438210] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.438733] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.439244] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.439763] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.440384] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.440913] kthread+0x2a4/0x350 [ 2915.441261] ? kthread_complete_and_exit+0x20/0x20 [ 2915.441774] ret_from_fork+0x1f/0x30 [ 2915.442178] [ 2915.442609] Allocated by task 48587: [ 2915.442995] kasan_save_stack+0x1e/0x40 [ 2915.443445] __kasan_kmalloc+0x81/0xa0 [ 2915.443847] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan] [ 2915.444429] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.444954] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.445600] kthread+0x2a4/0x350 [ 2915.445953] ret_from_fork+0x1f/0x30 [ 2915.446524] Last potentially related work creation: [ 2915.447047] kasan_save_stack+0x1e/0x40 [ 2915.447459] __kasan_record_aux_stack+0x96/0xb0 [ 2915.447943] kvfree_call_rcu+0x7d/0x840 [ 2915.448359] dma_resv_reserve_fences+0x35d/0x680 [ 2915.448854] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2915.449411] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2915.449957] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2915.450464] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2915.451049] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2915.451697] process_one_work+0x8e2/0x1520 [ 2915.452123] worker_thread+0x59e/0xf90 [ 2915.452515] kthread+0x2a4/0x350 [ 2915.452855] ret_from_fork+0x1f/0x30 [ 2915.453406] The buggy address belongs to the object at ffff888019fafc00 which belongs to the cache kmalloc-128 of size 128 [ 2915.454645] The buggy address is located 117 bytes inside of 128-byte region [ffff888019fafc00, ffff888019fafc80) [ 2915.455986] The buggy address belongs to the physical page: [ 2915.456551] page:00000000936802a3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19faf [ 2915.457481] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.458176] raw: 000fffffc0000200 ffffea000011b240 dead000000000003 ffff8881000418c0 [ 2915.458951] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2915.459722] page dumped because: kasan: bad access detected [ 2915.460497] Memory state around the buggy address: [ 2915.461005] ffff888019fafb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2915.461765] ffff888019fafb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.462550] >ffff888019fafc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2915.463305] ^ [ 2915.464058] ffff888019fafc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.464810] ffff888019fafd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.465545] ================================================================== [ 2915.468100] ok 19 - kmalloc_oob_memset_4 [ 2915.472217] ================================================================== [ 2915.473462] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2915.474305] Write of size 8 at addr ffff888019faf371 by task kunit_try_catch/48588 [ 2915.475246] CPU: 0 PID: 48588 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.476599] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.477187] Call Trace: [ 2915.477452] [ 2915.477685] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2915.478279] dump_stack_lvl+0x57/0x81 [ 2915.478687] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.479304] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2915.479992] print_report.cold+0x5c/0x237 [ 2915.480482] kasan_report+0xc9/0x100 [ 2915.480919] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2915.481550] kasan_check_range+0xfd/0x1e0 [ 2915.481997] memset+0x20/0x50 [ 2915.482333] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2915.482915] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan] [ 2915.483531] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.484002] ? do_raw_spin_lock+0x270/0x270 [ 2915.484459] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.485031] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.485563] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.486110] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.486632] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.487178] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.487822] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.488379] kthread+0x2a4/0x350 [ 2915.488737] ? kthread_complete_and_exit+0x20/0x20 [ 2915.489257] ret_from_fork+0x1f/0x30 [ 2915.489645] [ 2915.490079] Allocated by task 48588: [ 2915.490468] kasan_save_stack+0x1e/0x40 [ 2915.490882] __kasan_kmalloc+0x81/0xa0 [ 2915.491288] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan] [ 2915.491857] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.492379] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.493023] kthread+0x2a4/0x350 [ 2915.493382] ret_from_fork+0x1f/0x30 [ 2915.493967] Last potentially related work creation: [ 2915.494489] kasan_save_stack+0x1e/0x40 [ 2915.494888] __kasan_record_aux_stack+0x96/0xb0 [ 2915.495359] kvfree_call_rcu+0x7d/0x840 [ 2915.495758] dma_resv_reserve_fences+0x35d/0x680 [ 2915.496268] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2915.496817] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2915.497367] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2915.497857] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2915.498444] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2915.499095] process_one_work+0x8e2/0x1520 [ 2915.499518] worker_thread+0x59e/0xf90 [ 2915.499906] kthread+0x2a4/0x350 [ 2915.500261] ret_from_fork+0x1f/0x30 [ 2915.500812] The buggy address belongs to the object at ffff888019faf300 which belongs to the cache kmalloc-128 of size 128 [ 2915.502052] The buggy address is located 113 bytes inside of 128-byte region [ffff888019faf300, ffff888019faf380) [ 2915.503479] The buggy address belongs to the physical page: [ 2915.504077] page:00000000936802a3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19faf [ 2915.505007] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.505704] raw: 000fffffc0000200 ffffea000011b240 dead000000000003 ffff8881000418c0 [ 2915.506485] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2915.507261] page dumped because: kasan: bad access detected [ 2915.507997] Memory state around the buggy address: [ 2915.508493] ffff888019faf200: 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc fc [ 2915.509227] ffff888019faf280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.509952] >ffff888019faf300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2915.510687] ^ [ 2915.511415] ffff888019faf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.512148] ffff888019faf400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.512875] ================================================================== [ 2915.513839] ok 20 - kmalloc_oob_memset_8 [ 2915.516592] ================================================================== [ 2915.517852] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2915.518738] Write of size 16 at addr ffff888019fafd69 by task kunit_try_catch/48589 [ 2915.519728] CPU: 0 PID: 48589 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.521136] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.521741] Call Trace: [ 2915.522013] [ 2915.522257] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2915.522871] dump_stack_lvl+0x57/0x81 [ 2915.523275] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.523885] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2915.524501] print_report.cold+0x5c/0x237 [ 2915.524936] kasan_report+0xc9/0x100 [ 2915.525336] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2915.525926] kasan_check_range+0xfd/0x1e0 [ 2915.526344] memset+0x20/0x50 [ 2915.526669] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2915.527242] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan] [ 2915.527837] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.528317] ? do_raw_spin_lock+0x270/0x270 [ 2915.528769] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.529361] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.529898] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.530443] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.530964] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.531493] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.532122] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.532647] kthread+0x2a4/0x350 [ 2915.532987] ? kthread_complete_and_exit+0x20/0x20 [ 2915.533558] ret_from_fork+0x1f/0x30 [ 2915.533959] [ 2915.534393] Allocated by task 48589: [ 2915.534778] kasan_save_stack+0x1e/0x40 [ 2915.535200] __kasan_kmalloc+0x81/0xa0 [ 2915.535589] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan] [ 2915.536151] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.536657] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.537282] kthread+0x2a4/0x350 [ 2915.537623] ret_from_fork+0x1f/0x30 [ 2915.538175] The buggy address belongs to the object at ffff888019fafd00 which belongs to the cache kmalloc-128 of size 128 [ 2915.539407] The buggy address is located 105 bytes inside of 128-byte region [ffff888019fafd00, ffff888019fafd80) [ 2915.540745] The buggy address belongs to the physical page: [ 2915.541313] page:00000000936802a3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19faf [ 2915.542243] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.542935] raw: 000fffffc0000200 ffffea000011b240 dead000000000003 ffff8881000418c0 [ 2915.543711] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2915.544488] page dumped because: kasan: bad access detected [ 2915.545230] Memory state around the buggy address: [ 2915.545720] ffff888019fafc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2915.546451] ffff888019fafc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.547182] >ffff888019fafd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2915.547909] ^ [ 2915.548634] ffff888019fafd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.549368] ffff888019fafe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 2915.550099] ================================================================== [ 2915.551273] ok 21 - kmalloc_oob_memset_16 [ 2915.553079] ================================================================== [ 2915.554335] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2915.555228] Read of size 18446744073709551614 at addr ffff88801615e004 by task kunit_try_catch/48590 [ 2915.556359] CPU: 0 PID: 48590 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.557767] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.558377] Call Trace: [ 2915.558650] [ 2915.558891] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2915.559572] dump_stack_lvl+0x57/0x81 [ 2915.559973] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.560581] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2915.561290] print_report.cold+0x5c/0x237 [ 2915.561725] kasan_report+0xc9/0x100 [ 2915.562119] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2915.562796] kasan_check_range+0xfd/0x1e0 [ 2915.563266] memmove+0x20/0x60 [ 2915.563610] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2915.564274] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan] [ 2915.564942] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.565424] ? do_raw_spin_lock+0x270/0x270 [ 2915.565875] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.566476] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.567006] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.567548] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.568053] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.568576] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.569202] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.569731] kthread+0x2a4/0x350 [ 2915.570078] ? kthread_complete_and_exit+0x20/0x20 [ 2915.570575] ret_from_fork+0x1f/0x30 [ 2915.570963] [ 2915.571412] Allocated by task 48590: [ 2915.571800] kasan_save_stack+0x1e/0x40 [ 2915.572216] __kasan_kmalloc+0x81/0xa0 [ 2915.572618] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan] [ 2915.573276] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.573779] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.574430] kthread+0x2a4/0x350 [ 2915.574786] ret_from_fork+0x1f/0x30 [ 2915.575362] The buggy address belongs to the object at ffff88801615e000 which belongs to the cache kmalloc-64 of size 64 [ 2915.576641] The buggy address is located 4 bytes inside of 64-byte region [ffff88801615e000, ffff88801615e040) [ 2915.578007] The buggy address belongs to the physical page: [ 2915.578587] page:000000002be466a1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1615e [ 2915.579521] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.580242] raw: 000fffffc0000200 ffffea0000cb7a40 dead000000000004 ffff888100041640 [ 2915.581046] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2915.581843] page dumped because: kasan: bad access detected [ 2915.582605] Memory state around the buggy address: [ 2915.583100] ffff88801615df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.583825] ffff88801615df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.584560] >ffff88801615e000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2915.585293] ^ [ 2915.585634] ffff88801615e080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.586372] ffff88801615e100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.587105] ================================================================== [ 2915.588256] ok 22 - kmalloc_memmove_negative_size [ 2915.589942] ================================================================== [ 2915.591217] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2915.592133] Read of size 64 at addr ffff88801615e584 by task kunit_try_catch/48591 [ 2915.593145] CPU: 0 PID: 48591 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.594553] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.595191] Call Trace: [ 2915.595464] [ 2915.595705] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2915.596378] dump_stack_lvl+0x57/0x81 [ 2915.596779] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.597397] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2915.598088] print_report.cold+0x5c/0x237 [ 2915.598526] kasan_report+0xc9/0x100 [ 2915.598917] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2915.599593] kasan_check_range+0xfd/0x1e0 [ 2915.600029] memmove+0x20/0x60 [ 2915.600372] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2915.601031] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan] [ 2915.601643] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.602128] ? do_raw_spin_lock+0x270/0x270 [ 2915.602566] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.603140] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.603664] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.604170] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.604692] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.605319] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.605846] kthread+0x2a4/0x350 [ 2915.606192] ? kthread_complete_and_exit+0x20/0x20 [ 2915.606688] ret_from_fork+0x1f/0x30 [ 2915.607077] [ 2915.607490] Allocated by task 48591: [ 2915.607864] kasan_save_stack+0x1e/0x40 [ 2915.608270] __kasan_kmalloc+0x81/0xa0 [ 2915.608660] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan] [ 2915.609283] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.609787] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.610439] kthread+0x2a4/0x350 [ 2915.610794] ret_from_fork+0x1f/0x30 [ 2915.611367] The buggy address belongs to the object at ffff88801615e580 which belongs to the cache kmalloc-64 of size 64 [ 2915.612661] The buggy address is located 4 bytes inside of 64-byte region [ffff88801615e580, ffff88801615e5c0) [ 2915.614057] The buggy address belongs to the physical page: [ 2915.614631] page:000000002be466a1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1615e [ 2915.615561] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.616260] raw: 000fffffc0000200 ffffea0000cb7a40 dead000000000004 ffff888100041640 [ 2915.617040] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2915.617812] page dumped because: kasan: bad access detected [ 2915.618575] Memory state around the buggy address: [ 2915.619071] ffff88801615e480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.619803] ffff88801615e500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2915.620531] >ffff88801615e580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2915.621263] ^ [ 2915.621800] ffff88801615e600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2915.622530] ffff88801615e680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.623299] ================================================================== [ 2915.624477] ok 23 - kmalloc_memmove_invalid_size [ 2915.626837] ================================================================== [ 2915.628115] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2915.628849] Read of size 1 at addr ffff88803907a168 by task kunit_try_catch/48592 [ 2915.629783] CPU: 0 PID: 48592 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.631200] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.631805] Call Trace: [ 2915.632082] [ 2915.632323] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2915.632844] dump_stack_lvl+0x57/0x81 [ 2915.633270] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.633883] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2915.634409] print_report.cold+0x5c/0x237 [ 2915.634842] kasan_report+0xc9/0x100 [ 2915.635245] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2915.635752] kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2915.636261] ? kmalloc_uaf2+0x430/0x430 [test_kasan] [ 2915.636791] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.637266] ? do_raw_spin_lock+0x270/0x270 [ 2915.637718] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.638310] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.638852] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.639378] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.639919] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.640568] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.641126] kthread+0x2a4/0x350 [ 2915.641481] ? kthread_complete_and_exit+0x20/0x20 [ 2915.641993] ret_from_fork+0x1f/0x30 [ 2915.642401] [ 2915.642834] Allocated by task 48592: [ 2915.643226] kasan_save_stack+0x1e/0x40 [ 2915.643640] __kasan_kmalloc+0x81/0xa0 [ 2915.644047] kmalloc_uaf+0x98/0x2b0 [test_kasan] [ 2915.644537] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.645045] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.645668] kthread+0x2a4/0x350 [ 2915.646011] ret_from_fork+0x1f/0x30 [ 2915.646566] Freed by task 48592: [ 2915.646909] kasan_save_stack+0x1e/0x40 [ 2915.647311] kasan_set_track+0x21/0x30 [ 2915.647702] kasan_set_free_info+0x20/0x40 [ 2915.648129] __kasan_slab_free+0x108/0x170 [ 2915.648551] slab_free_freelist_hook+0x11d/0x1d0 [ 2915.649031] kfree+0xe2/0x3c0 [ 2915.649351] kmalloc_uaf+0x12b/0x2b0 [test_kasan] [ 2915.649840] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.650348] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.650968] kthread+0x2a4/0x350 [ 2915.651312] ret_from_fork+0x1f/0x30 [ 2915.651864] The buggy address belongs to the object at ffff88803907a160 which belongs to the cache kmalloc-16 of size 16 [ 2915.653112] The buggy address is located 8 bytes inside of 16-byte region [ffff88803907a160, ffff88803907a170) [ 2915.654496] The buggy address belongs to the physical page: [ 2915.655091] page:00000000dffc9545 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3907a [ 2915.656016] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.656714] raw: 000fffffc0000200 ffffea0000650d40 dead000000000002 ffff8881000413c0 [ 2915.657495] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2915.658273] page dumped because: kasan: bad access detected [ 2915.659012] Memory state around the buggy address: [ 2915.659504] ffff88803907a000: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 2915.660242] ffff88803907a080: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 2915.660969] >ffff88803907a100: 00 00 fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2915.661701] ^ [ 2915.662368] ffff88803907a180: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2915.663100] ffff88803907a200: 00 00 fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2915.663830] ================================================================== [ 2915.664737] ok 24 - kmalloc_uaf [ 2915.670034] ================================================================== [ 2915.671200] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2915.672013] Write of size 33 at addr ffff88801615e080 by task kunit_try_catch/48593 [ 2915.673007] CPU: 0 PID: 48593 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.674419] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.675035] Call Trace: [ 2915.675307] [ 2915.675547] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2915.676143] dump_stack_lvl+0x57/0x81 [ 2915.676528] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.677124] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2915.677684] print_report.cold+0x5c/0x237 [ 2915.678108] kasan_report+0xc9/0x100 [ 2915.678485] ? kmalloc_uaf_memset+0xc1/0x280 [test_kasan] [ 2915.679040] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2915.679597] kasan_check_range+0xfd/0x1e0 [ 2915.680012] memset+0x20/0x50 [ 2915.680334] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2915.680882] ? kmem_cache_accounted+0x170/0x170 [test_kasan] [ 2915.681510] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.681981] ? do_raw_spin_lock+0x270/0x270 [ 2915.682436] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.683029] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.683601] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.684132] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.684670] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.685323] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.685847] kthread+0x2a4/0x350 [ 2915.686195] ? kthread_complete_and_exit+0x20/0x20 [ 2915.686689] ret_from_fork+0x1f/0x30 [ 2915.687080] [ 2915.687496] Allocated by task 48593: [ 2915.687868] kasan_save_stack+0x1e/0x40 [ 2915.688272] __kasan_kmalloc+0x81/0xa0 [ 2915.688664] kmalloc_uaf_memset+0x9a/0x280 [test_kasan] [ 2915.689201] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.689702] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.690329] kthread+0x2a4/0x350 [ 2915.690671] ret_from_fork+0x1f/0x30 [ 2915.691224] Freed by task 48593: [ 2915.691565] kasan_save_stack+0x1e/0x40 [ 2915.691963] kasan_set_track+0x21/0x30 [ 2915.692361] kasan_set_free_info+0x20/0x40 [ 2915.692784] __kasan_slab_free+0x108/0x170 [ 2915.693212] slab_free_freelist_hook+0x11d/0x1d0 [ 2915.693689] kfree+0xe2/0x3c0 [ 2915.694006] kmalloc_uaf_memset+0x137/0x280 [test_kasan] [ 2915.694553] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.695094] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.695740] kthread+0x2a4/0x350 [ 2915.696109] ret_from_fork+0x1f/0x30 [ 2915.696662] The buggy address belongs to the object at ffff88801615e080 which belongs to the cache kmalloc-64 of size 64 [ 2915.697880] The buggy address is located 0 bytes inside of 64-byte region [ffff88801615e080, ffff88801615e0c0) [ 2915.699207] The buggy address belongs to the physical page: [ 2915.699770] page:000000002be466a1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1615e [ 2915.700703] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.701399] raw: 000fffffc0000200 ffffea0000cb7a40 dead000000000004 ffff888100041640 [ 2915.702234] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2915.703037] page dumped because: kasan: bad access detected [ 2915.703804] Memory state around the buggy address: [ 2915.704325] ffff88801615df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.705058] ffff88801615e000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.705810] >ffff88801615e080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.706564] ^ [ 2915.706916] ffff88801615e100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.707671] ffff88801615e180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.708427] ================================================================== [ 2915.711256] ok 25 - kmalloc_uaf_memset [ 2915.713028] ================================================================== [ 2915.714281] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2915.715051] Read of size 1 at addr ffff888032de96a8 by task kunit_try_catch/48594 [ 2915.715996] CPU: 0 PID: 48594 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.717354] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.717940] Call Trace: [ 2915.718208] [ 2915.718442] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2915.718955] dump_stack_lvl+0x57/0x81 [ 2915.719344] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.719935] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2915.720451] print_report.cold+0x5c/0x237 [ 2915.720869] kasan_report+0xc9/0x100 [ 2915.721254] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2915.721799] kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2915.722317] ? kfree_via_page+0x290/0x290 [test_kasan] [ 2915.722862] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.723374] ? lock_acquire+0x4ea/0x620 [ 2915.723775] ? rcu_read_unlock+0x40/0x40 [ 2915.724186] ? rcu_read_unlock+0x40/0x40 [ 2915.724591] ? rcu_read_lock_sched_held+0x12/0x80 [ 2915.725086] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.725655] ? do_raw_spin_lock+0x270/0x270 [ 2915.726096] ? trace_hardirqs_on+0x2d/0x160 [ 2915.726536] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2915.727054] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.727580] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.728090] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.728611] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.729235] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.729763] kthread+0x2a4/0x350 [ 2915.730111] ? kthread_complete_and_exit+0x20/0x20 [ 2915.730649] ret_from_fork+0x1f/0x30 [ 2915.731054] [ 2915.731486] Allocated by task 48594: [ 2915.731873] kasan_save_stack+0x1e/0x40 [ 2915.732293] __kasan_kmalloc+0x81/0xa0 [ 2915.732695] kmalloc_uaf2+0xad/0x430 [test_kasan] [ 2915.733202] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.733720] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.734368] kthread+0x2a4/0x350 [ 2915.734711] ret_from_fork+0x1f/0x30 [ 2915.735264] Freed by task 48594: [ 2915.735605] kasan_save_stack+0x1e/0x40 [ 2915.736004] kasan_set_track+0x21/0x30 [ 2915.736400] kasan_set_free_info+0x20/0x40 [ 2915.736822] __kasan_slab_free+0x108/0x170 [ 2915.737252] slab_free_freelist_hook+0x11d/0x1d0 [ 2915.737728] kfree+0xe2/0x3c0 [ 2915.738051] kmalloc_uaf2+0x144/0x430 [test_kasan] [ 2915.738551] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.739061] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.739717] kthread+0x2a4/0x350 [ 2915.740076] ret_from_fork+0x1f/0x30 [ 2915.740648] The buggy address belongs to the object at ffff888032de9680 which belongs to the cache kmalloc-64 of size 64 [ 2915.741893] The buggy address is located 40 bytes inside of 64-byte region [ffff888032de9680, ffff888032de96c0) [ 2915.743285] The buggy address belongs to the physical page: [ 2915.743868] page:00000000269ef1ec refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32de9 [ 2915.744952] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.745709] raw: 000fffffc0000200 ffffea00005d5580 dead000000000003 ffff888100041640 [ 2915.746535] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2915.747346] page dumped because: kasan: bad access detected [ 2915.748173] Memory state around the buggy address: [ 2915.748682] ffff888032de9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 2915.749462] ffff888032de9600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.750225] >ffff888032de9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2915.750974] ^ [ 2915.751462] ffff888032de9700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2915.752237] ffff888032de9780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2915.752989] ================================================================== [ 2915.754219] ok 26 - kmalloc_uaf2 [ 2915.756010] ok 27 - kfree_via_page [ 2915.758030] ok 28 - kfree_via_phys [ 2915.760464] ================================================================== [ 2915.761652] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2915.762475] Read of size 1 at addr ffff888001effb18 by task kunit_try_catch/48597 [ 2915.763441] CPU: 0 PID: 48597 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2915.764834] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2915.765423] Call Trace: [ 2915.765687] [ 2915.765918] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2915.766452] dump_stack_lvl+0x57/0x81 [ 2915.766837] print_address_description.constprop.0+0x1f/0x1e0 [ 2915.767432] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2915.767958] print_report.cold+0x5c/0x237 [ 2915.768382] kasan_report+0xc9/0x100 [ 2915.768760] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2915.769292] kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2915.769806] ? kmem_cache_double_free+0x280/0x280 [test_kasan] [ 2915.770407] ? do_raw_spin_trylock+0xb5/0x180 [ 2915.770865] ? do_raw_spin_lock+0x270/0x270 [ 2915.771305] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2915.771877] ? kunit_add_resource+0x197/0x280 [kunit] [ 2915.772404] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.772910] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2915.773468] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.774101] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2915.774630] kthread+0x2a4/0x350 [ 2915.774974] ? kthread_complete_and_exit+0x20/0x20 [ 2915.775475] ret_from_fork+0x1f/0x30 [ 2915.775860] [ 2915.776283] Allocated by task 48597: [ 2915.776658] kasan_save_stack+0x1e/0x40 [ 2915.777063] __kasan_slab_alloc+0x66/0x80 [ 2915.777481] kmem_cache_alloc+0x161/0x310 [ 2915.777896] kmem_cache_oob+0x121/0x2e0 [test_kasan] [ 2915.778416] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2915.778921] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2915.779546] kthread+0x2a4/0x350 [ 2915.779888] ret_from_fork+0x1f/0x30 [ 2915.780458] The buggy address belongs to the object at ffff888001effa50 which belongs to the cache test_cache of size 200 [ 2915.781737] The buggy address is located 0 bytes to the right of 200-byte region [ffff888001effa50, ffff888001effb18) [ 2915.783171] The buggy address belongs to the physical page: [ 2915.783777] page:00000000d2688b0b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff [ 2915.784732] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2915.785450] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888109a24780 [ 2915.786262] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2915.787069] page dumped because: kasan: bad access detected [ 2915.787830] Memory state around the buggy address: [ 2915.788343] ffff888001effa00: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 [ 2915.789098] ffff888001effa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2915.789850] >ffff888001effb00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.790604] ^ [ 2915.791036] ffff888001effb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.791790] ffff888001effc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2915.792550] ================================================================== [ 2915.859989] ok 29 - kmem_cache_oob [ 2916.391693] ok 30 - kmem_cache_accounted [ 2916.412203] ok 31 - kmem_cache_bulk [ 2916.415038] ================================================================== [ 2916.416206] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2916.417096] Read of size 1 at addr ffffffffc180690d by task kunit_try_catch/48601 [ 2916.418026] CPU: 0 PID: 48601 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.419379] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.419966] Call Trace: [ 2916.420258] [ 2916.420498] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2916.421122] dump_stack_lvl+0x57/0x81 [ 2916.421524] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.422177] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2916.422797] print_report.cold+0x5c/0x237 [ 2916.423240] kasan_report+0xc9/0x100 [ 2916.423619] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2916.424223] kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2916.424808] ? kasan_stack_oob+0x200/0x200 [test_kasan] [ 2916.425348] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.425806] ? do_raw_spin_lock+0x270/0x270 [ 2916.426249] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.426820] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.427347] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.427853] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.428376] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.429010] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.429538] kthread+0x2a4/0x350 [ 2916.429917] ? kthread_complete_and_exit+0x20/0x20 [ 2916.430433] ret_from_fork+0x1f/0x30 [ 2916.430834] [ 2916.431267] The buggy address belongs to the variable: [ 2916.431807] global_array+0xd/0xfffffffffffe5700 [test_kasan] [ 2916.432596] Memory state around the buggy address: [ 2916.433115] ffffffffc1806800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.433905] ffffffffc1806880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.434666] >ffffffffc1806900: 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 2916.435419] ^ [ 2916.435784] ffffffffc1806980: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 [ 2916.436517] ffffffffc1806a00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 2916.437245] ================================================================== [ 2916.438111] ok 32 - kasan_global_oob_right [ 2916.439924] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y [ 2916.443930] ================================================================== [ 2916.445685] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2916.446604] Read of size 1 at addr ffffc90000bf7e7a by task kunit_try_catch/48603 [ 2916.447567] CPU: 0 PID: 48603 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.448953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.449537] Call Trace: [ 2916.449802] [ 2916.450057] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2916.450614] dump_stack_lvl+0x57/0x81 [ 2916.451022] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.451638] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2916.452205] print_report.cold+0x5c/0x237 [ 2916.452641] kasan_report+0xc9/0x100 [ 2916.453037] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2916.453596] kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2916.454151] ? match_all_mem_tag+0x20/0x20 [test_kasan] [ 2916.454686] ? rcu_read_unlock+0x40/0x40 [ 2916.455100] ? rcu_read_lock_sched_held+0x12/0x80 [ 2916.455591] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.456051] ? do_raw_spin_lock+0x270/0x270 [ 2916.456484] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.457055] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2916.457566] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.458101] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.458607] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.459130] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.459749] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.460305] kthread+0x2a4/0x350 [ 2916.460648] ? kthread_complete_and_exit+0x20/0x20 [ 2916.461150] ret_from_fork+0x1f/0x30 [ 2916.461537] [ 2916.461953] The buggy address belongs to stack of task kunit_try_catch/48603 [ 2916.462668] and is located at offset 266 in frame: [ 2916.463224] kasan_stack_oob+0x0/0x200 [test_kasan] [ 2916.463926] This frame has 4 objects: [ 2916.464334] [48, 56) 'array' [ 2916.464337] [80, 128) '__assertion' [ 2916.464657] [160, 224) '__assertion' [ 2916.465038] [256, 266) 'stack_array' [ 2916.465976] The buggy address belongs to the virtual mapping at [ffffc90000bf0000, ffffc90000bf9000) created by: dup_task_struct+0x5e/0x5a0 [ 2916.467708] The buggy address belongs to the physical page: [ 2916.468278] page:0000000083517df2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6e3e [ 2916.469197] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2916.469851] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2916.470629] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2916.471409] page dumped because: kasan: bad access detected [ 2916.472149] Memory state around the buggy address: [ 2916.472641] ffffc90000bf7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 2916.473374] ffffc90000bf7d80: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 00 00 f2 f2 [ 2916.474114] >ffffc90000bf7e00: f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02 [ 2916.474840] ^ [ 2916.475563] ffffc90000bf7e80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.476293] ffffc90000bf7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.477018] ================================================================== [ 2916.478085] ok 34 - kasan_stack_oob [ 2916.479920] ================================================================== [ 2916.481144] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2916.482075] Read of size 1 at addr ffffc90000c67d1f by task kunit_try_catch/48604 [ 2916.483153] CPU: 0 PID: 48604 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.484549] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.485180] Call Trace: [ 2916.485501] [ 2916.485771] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2916.486430] dump_stack_lvl+0x57/0x81 [ 2916.486830] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.487446] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2916.488073] print_report.cold+0x5c/0x237 [ 2916.488493] kasan_report+0xc9/0x100 [ 2916.488878] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2916.489473] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2916.490047] ? rcu_read_lock_sched_held+0x12/0x80 [ 2916.490535] ? rcu_read_lock_sched_held+0x12/0x80 [ 2916.491022] ? lock_acquire+0x4ea/0x620 [ 2916.491424] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan] [ 2916.492028] ? rcu_read_lock_sched_held+0x12/0x80 [ 2916.492513] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.492967] ? do_raw_spin_lock+0x270/0x270 [ 2916.493489] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.494085] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2916.494615] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.495167] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.495673] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.496199] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.496823] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.497354] kthread+0x2a4/0x350 [ 2916.497698] ? kthread_complete_and_exit+0x20/0x20 [ 2916.498234] ret_from_fork+0x1f/0x30 [ 2916.498634] [ 2916.499073] The buggy address belongs to stack of task kunit_try_catch/48604 [ 2916.500007] The buggy address belongs to the virtual mapping at [ffffc90000c60000, ffffc90000c69000) created by: dup_task_struct+0x5e/0x5a0 [ 2916.501735] The buggy address belongs to the physical page: [ 2916.502303] page:0000000056515b21 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ded [ 2916.503224] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2916.503875] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2916.504650] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2916.505429] page dumped because: kasan: bad access detected [ 2916.506171] Memory state around the buggy address: [ 2916.506664] ffffc90000c67c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.507399] ffffc90000c67c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.508129] >ffffc90000c67d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 2916.508857] ^ [ 2916.509273] ffffc90000c67d80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 2916.510003] ffffc90000c67e00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 2916.510782] ================================================================== [ 2916.511625] ok 35 - kasan_alloca_oob_left [ 2916.513915] ================================================================== [ 2916.515148] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2916.516028] Read of size 1 at addr ffffc900015afd2a by task kunit_try_catch/48605 [ 2916.516956] CPU: 0 PID: 48605 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.518352] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.518986] Call Trace: [ 2916.519299] [ 2916.519569] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2916.520261] dump_stack_lvl+0x57/0x81 [ 2916.520648] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.521288] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2916.521966] print_report.cold+0x5c/0x237 [ 2916.522457] kasan_report+0xc9/0x100 [ 2916.522896] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2916.523616] kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2916.524230] ? rcu_read_lock_sched_held+0x12/0x80 [ 2916.524741] ? rcu_read_lock_sched_held+0x12/0x80 [ 2916.525323] ? lock_acquire+0x4ea/0x620 [ 2916.525790] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan] [ 2916.526450] ? rcu_read_lock_sched_held+0x12/0x80 [ 2916.526957] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.527436] ? do_raw_spin_lock+0x270/0x270 [ 2916.527888] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.528479] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2916.528995] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.529526] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.530033] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.530556] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.531177] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.531704] kthread+0x2a4/0x350 [ 2916.532054] ? kthread_complete_and_exit+0x20/0x20 [ 2916.532548] ret_from_fork+0x1f/0x30 [ 2916.532936] [ 2916.533357] The buggy address belongs to stack of task kunit_try_catch/48605 [ 2916.534254] The buggy address belongs to the virtual mapping at [ffffc900015a8000, ffffc900015b1000) created by: dup_task_struct+0x5e/0x5a0 [ 2916.535960] The buggy address belongs to the physical page: [ 2916.536564] page:0000000023c125a0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x38d4 [ 2916.537523] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2916.538210] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2916.538986] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2916.539766] page dumped because: kasan: bad access detected [ 2916.540515] Memory state around the buggy address: [ 2916.541009] ffffc900015afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.541740] ffffc900015afc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.542542] >ffffc900015afd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 2916.543301] ^ [ 2916.543771] ffffc900015afd80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 2916.544507] ffffc900015afe00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 2916.545240] ================================================================== [ 2916.547963] ok 36 - kasan_alloca_oob_right [ 2916.549916] ================================================================== [ 2916.551153] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2916.552024] Read of size 1 at addr ffff888108f6fd80 by task kunit_try_catch/48606 [ 2916.552957] CPU: 0 PID: 48606 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.554357] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.554974] Call Trace: [ 2916.555258] [ 2916.555491] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2916.556096] dump_stack_lvl+0x57/0x81 [ 2916.556482] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.557075] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2916.557672] print_report.cold+0x5c/0x237 [ 2916.558094] kasan_report+0xc9/0x100 [ 2916.558495] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2916.559122] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2916.559731] ? ksize_uaf+0x4a0/0x4a0 [test_kasan] [ 2916.560286] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.560814] ? do_raw_spin_lock+0x270/0x270 [ 2916.561307] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.561901] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.562472] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.563047] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.563654] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.564355] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.564885] kthread+0x2a4/0x350 [ 2916.565250] ? kthread_complete_and_exit+0x20/0x20 [ 2916.565782] ret_from_fork+0x1f/0x30 [ 2916.566236] [ 2916.566717] Allocated by task 48606: [ 2916.567170] kasan_save_stack+0x1e/0x40 [ 2916.567600] __kasan_kmalloc+0x81/0xa0 [ 2916.568010] ksize_unpoisons_memory+0x9a/0x300 [test_kasan] [ 2916.568597] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.569132] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.569756] kthread+0x2a4/0x350 [ 2916.570137] ret_from_fork+0x1f/0x30 [ 2916.570709] The buggy address belongs to the object at ffff888108f6fd00 which belongs to the cache kmalloc-128 of size 128 [ 2916.571992] The buggy address is located 0 bytes to the right of 128-byte region [ffff888108f6fd00, ffff888108f6fd80) [ 2916.573424] The buggy address belongs to the physical page: [ 2916.574014] page:0000000000e6f8ec refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6f [ 2916.574961] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2916.575665] raw: 0017ffffc0000200 ffffea0000670800 dead000000000003 ffff8881000418c0 [ 2916.576475] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2916.577280] page dumped because: kasan: bad access detected [ 2916.578050] Memory state around the buggy address: [ 2916.578561] ffff888108f6fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.579319] ffff888108f6fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.580074] >ffff888108f6fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.580830] ^ [ 2916.581188] ffff888108f6fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.581941] ffff888108f6fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.582700] ================================================================== [ 2916.583611] ok 37 - ksize_unpoisons_memory [ 2916.585965] ================================================================== [ 2916.587358] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2916.588117] Read of size 1 at addr ffff888019c20700 by task kunit_try_catch/48607 [ 2916.589060] CPU: 0 PID: 48607 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.590414] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.591006] Call Trace: [ 2916.591270] [ 2916.591503] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2916.591996] dump_stack_lvl+0x57/0x81 [ 2916.592402] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.593021] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2916.593524] print_report.cold+0x5c/0x237 [ 2916.593959] kasan_report+0xc9/0x100 [ 2916.594356] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2916.594863] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2916.595374] __kasan_check_byte+0x36/0x50 [ 2916.595807] ksize+0x1b/0x50 [ 2916.596139] ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2916.596630] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2916.597184] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.597657] ? do_raw_spin_lock+0x270/0x270 [ 2916.598115] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.598707] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.599253] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.599776] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.600397] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.601126] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.601741] kthread+0x2a4/0x350 [ 2916.602145] ? kthread_complete_and_exit+0x20/0x20 [ 2916.602711] ret_from_fork+0x1f/0x30 [ 2916.603163] [ 2916.603652] Allocated by task 48607: [ 2916.604099] kasan_save_stack+0x1e/0x40 [ 2916.604515] __kasan_kmalloc+0x81/0xa0 [ 2916.604918] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2916.605403] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.605959] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.606681] kthread+0x2a4/0x350 [ 2916.607094] ret_from_fork+0x1f/0x30 [ 2916.607710] Freed by task 48607: [ 2916.608115] kasan_save_stack+0x1e/0x40 [ 2916.608528] kasan_set_track+0x21/0x30 [ 2916.608932] kasan_set_free_info+0x20/0x40 [ 2916.609373] __kasan_slab_free+0x108/0x170 [ 2916.609812] slab_free_freelist_hook+0x11d/0x1d0 [ 2916.610316] kfree+0xe2/0x3c0 [ 2916.610647] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2916.611139] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.611659] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.612304] kthread+0x2a4/0x350 [ 2916.612657] ret_from_fork+0x1f/0x30 [ 2916.613324] Last potentially related work creation: [ 2916.613901] kasan_save_stack+0x1e/0x40 [ 2916.614347] __kasan_record_aux_stack+0x96/0xb0 [ 2916.614834] kvfree_call_rcu+0x7d/0x840 [ 2916.616120] dma_resv_reserve_fences+0x35d/0x680 [ 2916.616622] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2916.617180] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2916.617727] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2916.618238] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2916.618842] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2916.619520] process_one_work+0x8e2/0x1520 [ 2916.619963] worker_thread+0x59e/0xf90 [ 2916.620374] kthread+0x2a4/0x350 [ 2916.620731] ret_from_fork+0x1f/0x30 [ 2916.621310] The buggy address belongs to the object at ffff888019c20700 which belongs to the cache kmalloc-128 of size 128 [ 2916.622594] The buggy address is located 0 bytes inside of 128-byte region [ffff888019c20700, ffff888019c20780) [ 2916.623968] The buggy address belongs to the physical page: [ 2916.624570] page:000000008f7d30b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19c20 [ 2916.625504] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2916.626209] raw: 000fffffc0000200 ffffea0004051040 dead000000000002 ffff8881000418c0 [ 2916.627015] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2916.627822] page dumped because: kasan: bad access detected [ 2916.628595] Memory state around the buggy address: [ 2916.629119] ffff888019c20600: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 2916.629870] ffff888019c20680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.630640] >ffff888019c20700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.631400] ^ [ 2916.631755] ffff888019c20780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.632546] ffff888019c20800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.633304] ================================================================== [ 2916.634187] ================================================================== [ 2916.634921] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2916.635647] Read of size 1 at addr ffff888019c20700 by task kunit_try_catch/48607 [ 2916.636620] CPU: 0 PID: 48607 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.638031] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.638639] Call Trace: [ 2916.638913] [ 2916.639159] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2916.639666] dump_stack_lvl+0x57/0x81 [ 2916.640069] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.640679] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2916.641273] print_report.cold+0x5c/0x237 [ 2916.641762] kasan_report+0xc9/0x100 [ 2916.642202] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2916.642707] ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2916.643289] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2916.643904] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.644440] ? do_raw_spin_lock+0x270/0x270 [ 2916.644950] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.645568] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.646117] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.646674] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.647286] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.648014] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.648585] kthread+0x2a4/0x350 [ 2916.649007] ? kthread_complete_and_exit+0x20/0x20 [ 2916.649583] ret_from_fork+0x1f/0x30 [ 2916.650049] [ 2916.650480] Allocated by task 48607: [ 2916.650865] kasan_save_stack+0x1e/0x40 [ 2916.651282] __kasan_kmalloc+0x81/0xa0 [ 2916.651691] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2916.652177] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.652698] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.653349] kthread+0x2a4/0x350 [ 2916.653711] ret_from_fork+0x1f/0x30 [ 2916.654286] Freed by task 48607: [ 2916.654642] kasan_save_stack+0x1e/0x40 [ 2916.655061] kasan_set_track+0x21/0x30 [ 2916.655525] kasan_set_free_info+0x20/0x40 [ 2916.656021] __kasan_slab_free+0x108/0x170 [ 2916.656510] slab_free_freelist_hook+0x11d/0x1d0 [ 2916.657080] kfree+0xe2/0x3c0 [ 2916.657411] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2916.657900] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.658426] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.659071] kthread+0x2a4/0x350 [ 2916.659425] ret_from_fork+0x1f/0x30 [ 2916.659996] Last potentially related work creation: [ 2916.660523] kasan_save_stack+0x1e/0x40 [ 2916.660938] __kasan_record_aux_stack+0x96/0xb0 [ 2916.661428] kvfree_call_rcu+0x7d/0x840 [ 2916.661842] dma_resv_reserve_fences+0x35d/0x680 [ 2916.662352] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2916.662901] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2916.663453] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2916.663957] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2916.664560] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2916.665298] process_one_work+0x8e2/0x1520 [ 2916.665793] worker_thread+0x59e/0xf90 [ 2916.666239] kthread+0x2a4/0x350 [ 2916.666615] ret_from_fork+0x1f/0x30 [ 2916.667201] The buggy address belongs to the object at ffff888019c20700 which belongs to the cache kmalloc-128 of size 128 [ 2916.668438] The buggy address is located 0 bytes inside of 128-byte region [ffff888019c20700, ffff888019c20780) [ 2916.669763] The buggy address belongs to the physical page: [ 2916.670335] page:000000008f7d30b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19c20 [ 2916.671317] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2916.672041] raw: 000fffffc0000200 ffffea0004051040 dead000000000002 ffff8881000418c0 [ 2916.672850] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2916.673731] page dumped because: kasan: bad access detected [ 2916.674503] Memory state around the buggy address: [ 2916.675032] ffff888019c20600: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 2916.675763] ffff888019c20680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.676494] >ffff888019c20700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.677254] ^ [ 2916.677609] ffff888019c20780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.678393] ffff888019c20800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.679147] ================================================================== [ 2916.679974] ================================================================== [ 2916.680828] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan] [ 2916.681662] Read of size 1 at addr ffff888019c20778 by task kunit_try_catch/48607 [ 2916.682748] CPU: 0 PID: 48607 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.684296] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.684975] Call Trace: [ 2916.685271] [ 2916.685512] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2916.686117] dump_stack_lvl+0x57/0x81 [ 2916.686566] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.687270] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2916.687835] print_report.cold+0x5c/0x237 [ 2916.688325] kasan_report+0xc9/0x100 [ 2916.688764] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2916.689322] ksize_uaf+0x470/0x4a0 [test_kasan] [ 2916.689886] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2916.690506] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.691051] ? do_raw_spin_lock+0x270/0x270 [ 2916.691506] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.692099] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.692641] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.693162] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.693702] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.694351] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.694896] kthread+0x2a4/0x350 [ 2916.695258] ? kthread_complete_and_exit+0x20/0x20 [ 2916.695770] ret_from_fork+0x1f/0x30 [ 2916.696174] [ 2916.696604] Allocated by task 48607: [ 2916.696997] kasan_save_stack+0x1e/0x40 [ 2916.697410] __kasan_kmalloc+0x81/0xa0 [ 2916.697817] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2916.698302] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.698824] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.699477] kthread+0x2a4/0x350 [ 2916.699835] ret_from_fork+0x1f/0x30 [ 2916.700412] Freed by task 48607: [ 2916.700768] kasan_save_stack+0x1e/0x40 [ 2916.701187] kasan_set_track+0x21/0x30 [ 2916.701593] kasan_set_free_info+0x20/0x40 [ 2916.702048] __kasan_slab_free+0x108/0x170 [ 2916.702469] slab_free_freelist_hook+0x11d/0x1d0 [ 2916.702953] kfree+0xe2/0x3c0 [ 2916.703344] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2916.703831] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.704359] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.705005] kthread+0x2a4/0x350 [ 2916.705360] ret_from_fork+0x1f/0x30 [ 2916.705932] Last potentially related work creation: [ 2916.706451] kasan_save_stack+0x1e/0x40 [ 2916.706850] __kasan_record_aux_stack+0x96/0xb0 [ 2916.707327] kvfree_call_rcu+0x7d/0x840 [ 2916.707726] dma_resv_reserve_fences+0x35d/0x680 [ 2916.708220] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 2916.708752] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 2916.709290] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 2916.709781] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 2916.710363] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 2916.711031] process_one_work+0x8e2/0x1520 [ 2916.711455] worker_thread+0x59e/0xf90 [ 2916.711848] kthread+0x2a4/0x350 [ 2916.712194] ret_from_fork+0x1f/0x30 [ 2916.712747] The buggy address belongs to the object at ffff888019c20700 which belongs to the cache kmalloc-128 of size 128 [ 2916.713992] The buggy address is located 120 bytes inside of 128-byte region [ffff888019c20700, ffff888019c20780) [ 2916.715333] The buggy address belongs to the physical page: [ 2916.715899] page:000000008f7d30b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19c20 [ 2916.716832] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2916.717530] raw: 000fffffc0000200 ffffea0004051040 dead000000000002 ffff8881000418c0 [ 2916.718347] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2916.719164] page dumped because: kasan: bad access detected [ 2916.719929] Memory state around the buggy address: [ 2916.720441] ffff888019c20600: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc [ 2916.721222] ffff888019c20680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.722072] >ffff888019c20700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.722916] ^ [ 2916.723692] ffff888019c20780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.724524] ffff888019c20800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.725379] ================================================================== [ 2916.726532] ok 38 - ksize_uaf [ 2916.728277] ================================================================== [ 2916.729527] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 2916.730504] CPU: 0 PID: 48608 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.731910] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.732527] Call Trace: [ 2916.732802] [ 2916.733048] dump_stack_lvl+0x57/0x81 [ 2916.733507] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.734127] print_report.cold+0x5c/0x237 [ 2916.734559] ? kmem_cache_free+0x152/0x400 [ 2916.735002] ? kmem_cache_free+0x152/0x400 [ 2916.735442] kasan_report_invalid_free+0x99/0xc0 [ 2916.735937] ? kmem_cache_free+0x152/0x400 [ 2916.736379] ? kmem_cache_free+0x152/0x400 [ 2916.736816] __kasan_slab_free+0x152/0x170 [ 2916.737265] slab_free_freelist_hook+0x11d/0x1d0 [ 2916.737766] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 2916.738389] kmem_cache_free+0x152/0x400 [ 2916.738814] kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 2916.739422] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan] [ 2916.740064] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.740538] ? do_raw_spin_lock+0x270/0x270 [ 2916.740992] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.741581] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2916.742118] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.742663] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.743197] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.743717] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.744343] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.744869] kthread+0x2a4/0x350 [ 2916.745215] ? kthread_complete_and_exit+0x20/0x20 [ 2916.745709] ret_from_fork+0x1f/0x30 [ 2916.746101] [ 2916.746532] Allocated by task 48608: [ 2916.746919] kasan_save_stack+0x1e/0x40 [ 2916.747343] __kasan_slab_alloc+0x66/0x80 [ 2916.747772] kmem_cache_alloc+0x161/0x310 [ 2916.748206] kmem_cache_double_free+0x123/0x280 [test_kasan] [ 2916.748807] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.749334] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.749958] kthread+0x2a4/0x350 [ 2916.750333] ret_from_fork+0x1f/0x30 [ 2916.750907] Freed by task 48608: [ 2916.751263] kasan_save_stack+0x1e/0x40 [ 2916.751675] kasan_set_track+0x21/0x30 [ 2916.752109] kasan_set_free_info+0x20/0x40 [ 2916.752610] __kasan_slab_free+0x108/0x170 [ 2916.753133] slab_free_freelist_hook+0x11d/0x1d0 [ 2916.753722] kmem_cache_free+0x152/0x400 [ 2916.754219] kmem_cache_double_free+0x144/0x280 [test_kasan] [ 2916.754852] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.755408] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.756093] kthread+0x2a4/0x350 [ 2916.756470] ret_from_fork+0x1f/0x30 [ 2916.757080] The buggy address belongs to the object at ffff88801975b630 which belongs to the cache test_cache of size 200 [ 2916.758428] The buggy address is located 0 bytes inside of 200-byte region [ffff88801975b630, ffff88801975b6f8) [ 2916.759899] The buggy address belongs to the physical page: [ 2916.760526] page:0000000060904b8b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1975b [ 2916.761646] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2916.762501] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888109a24a00 [ 2916.763485] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2916.764455] page dumped because: kasan: bad access detected [ 2916.765362] Memory state around the buggy address: [ 2916.765898] ffff88801975b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.766701] ffff88801975b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.767598] >ffff88801975b600: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb [ 2916.768502] ^ [ 2916.769116] ffff88801975b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 2916.770033] ffff88801975b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.770836] ================================================================== [ 2916.846217] ok 39 - kmem_cache_double_free [ 2916.853330] ================================================================== [ 2916.854689] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 2916.855719] CPU: 0 PID: 48609 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.857163] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.857785] Call Trace: [ 2916.858072] [ 2916.858318] dump_stack_lvl+0x57/0x81 [ 2916.858730] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.859358] print_report.cold+0x5c/0x237 [ 2916.859798] ? kmem_cache_free+0x152/0x400 [ 2916.860253] ? kmem_cache_free+0x152/0x400 [ 2916.860707] kasan_report_invalid_free+0x99/0xc0 [ 2916.861227] ? kmem_cache_free+0x152/0x400 [ 2916.861674] ? kmem_cache_free+0x152/0x400 [ 2916.862124] __kasan_slab_free+0x152/0x170 [ 2916.862577] slab_free_freelist_hook+0x11d/0x1d0 [ 2916.863093] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 2916.863741] kmem_cache_free+0x152/0x400 [ 2916.864177] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 2916.864808] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan] [ 2916.865472] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.865964] ? do_raw_spin_lock+0x270/0x270 [ 2916.866426] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.867036] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2916.867581] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.868162] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.868701] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.869259] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.869916] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.870478] kthread+0x2a4/0x350 [ 2916.870845] ? kthread_complete_and_exit+0x20/0x20 [ 2916.871393] ret_from_fork+0x1f/0x30 [ 2916.871816] [ 2916.872285] Allocated by task 48609: [ 2916.872683] kasan_save_stack+0x1e/0x40 [ 2916.873114] __kasan_slab_alloc+0x66/0x80 [ 2916.873554] kmem_cache_alloc+0x161/0x310 [ 2916.874000] kmem_cache_invalid_free+0x126/0x280 [test_kasan] [ 2916.874626] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.875166] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.875823] kthread+0x2a4/0x350 [ 2916.876190] ret_from_fork+0x1f/0x30 [ 2916.876773] The buggy address belongs to the object at ffff88801975b210 which belongs to the cache test_cache of size 200 [ 2916.878090] The buggy address is located 1 bytes inside of 200-byte region [ffff88801975b210, ffff88801975b2d8) [ 2916.879510] The buggy address belongs to the physical page: [ 2916.880120] page:0000000060904b8b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1975b [ 2916.881114] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2916.881874] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888109a243c0 [ 2916.882807] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2916.883847] page dumped because: kasan: bad access detected [ 2916.884701] Memory state around the buggy address: [ 2916.885327] ffff88801975b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.886223] ffff88801975b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.887041] >ffff88801975b200: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2916.887848] ^ [ 2916.888327] ffff88801975b280: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 2916.889223] ffff88801975b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2916.890119] ================================================================== [ 2916.947352] ok 40 - kmem_cache_invalid_free [ 2916.955475] ================================================================== [ 2916.956816] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2916.957726] Read of size 1 at addr ffff888109a24b40 by task kunit_try_catch/48610 [ 2916.958736] CPU: 0 PID: 48610 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2916.960209] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2916.960855] Call Trace: [ 2916.961179] [ 2916.961436] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2916.962159] dump_stack_lvl+0x57/0x81 [ 2916.962589] print_address_description.constprop.0+0x1f/0x1e0 [ 2916.963310] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2916.964084] print_report.cold+0x5c/0x237 [ 2916.964542] kasan_report+0xc9/0x100 [ 2916.965008] ? kmem_cache_free+0x90/0x400 [ 2916.965528] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2916.966278] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2916.966968] __kasan_check_byte+0x36/0x50 [ 2916.967465] kmem_cache_destroy+0x21/0x170 [ 2916.967982] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2916.968731] ? kmalloc_oob_right+0x510/0x510 [test_kasan] [ 2916.969392] ? do_raw_spin_trylock+0xb5/0x180 [ 2916.969881] ? do_raw_spin_lock+0x270/0x270 [ 2916.970378] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2916.971053] ? kunit_add_resource+0x197/0x280 [kunit] [ 2916.971696] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.972310] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2916.972882] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.973724] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2916.974360] kthread+0x2a4/0x350 [ 2916.974741] ? kthread_complete_and_exit+0x20/0x20 [ 2916.975295] ret_from_fork+0x1f/0x30 [ 2916.975707] [ 2916.976152] Allocated by task 48610: [ 2916.976549] kasan_save_stack+0x1e/0x40 [ 2916.976978] __kasan_slab_alloc+0x66/0x80 [ 2916.977431] kmem_cache_alloc+0x161/0x310 [ 2916.977869] kmem_cache_create_usercopy+0x1b9/0x310 [ 2916.978401] kmem_cache_create+0x12/0x20 [ 2916.978834] kmem_cache_double_destroy+0x8d/0x250 [test_kasan] [ 2916.979478] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.980017] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.980681] kthread+0x2a4/0x350 [ 2916.981056] ret_from_fork+0x1f/0x30 [ 2916.981638] Freed by task 48610: [ 2916.982006] kasan_save_stack+0x1e/0x40 [ 2916.982428] kasan_set_track+0x21/0x30 [ 2916.982841] kasan_set_free_info+0x20/0x40 [ 2916.983296] __kasan_slab_free+0x108/0x170 [ 2916.983747] slab_free_freelist_hook+0x11d/0x1d0 [ 2916.984273] kmem_cache_free+0x152/0x400 [ 2916.984708] kobject_cleanup+0x101/0x390 [ 2916.985189] kmem_cache_double_destroy+0x12a/0x250 [test_kasan] [ 2916.985827] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2916.986369] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2916.987035] kthread+0x2a4/0x350 [ 2916.987402] ret_from_fork+0x1f/0x30 [ 2916.988002] The buggy address belongs to the object at ffff888109a24b40 which belongs to the cache kmem_cache of size 240 [ 2916.989319] The buggy address is located 0 bytes inside of 240-byte region [ffff888109a24b40, ffff888109a24c30) [ 2916.990738] The buggy address belongs to the physical page: [ 2916.991348] page:0000000036b77e66 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a24 [ 2916.992362] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2916.993110] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff888100041000 [ 2916.993934] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 2916.994768] page dumped because: kasan: bad access detected [ 2916.995564] Memory state around the buggy address: [ 2916.996132] ffff888109a24a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.996929] ffff888109a24a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 2916.997728] >ffff888109a24b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 2916.998542] ^ [ 2916.999117] ffff888109a24b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2916.999906] ffff888109a24c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 2917.000730] ================================================================== [ 2917.003025] ok 41 - kmem_cache_double_destroy [ 2917.005919] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2917.008923] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2917.011025] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2917.014464] ================================================================== [ 2917.016133] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2917.017130] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.018138] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.019573] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.020238] Call Trace: [ 2917.020526] [ 2917.020781] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2917.021517] dump_stack_lvl+0x57/0x81 [ 2917.021945] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.022638] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2917.023384] print_report.cold+0x5c/0x237 [ 2917.023853] kasan_report+0xc9/0x100 [ 2917.024275] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2917.024993] kasan_check_range+0xfd/0x1e0 [ 2917.025436] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2917.026131] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.026691] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.027193] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.027718] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.028332] ? rcu_read_lock_held+0x30/0x50 [ 2917.028790] ? trace_kmalloc+0x3c/0x100 [ 2917.029220] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.029737] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.030332] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.031135] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.031775] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.032339] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.032897] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.033520] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.034212] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.034794] kthread+0x2a4/0x350 [ 2917.035195] ? kthread_complete_and_exit+0x20/0x20 [ 2917.035721] ret_from_fork+0x1f/0x30 [ 2917.036133] [ 2917.036569] Allocated by task 48614: [ 2917.036977] kasan_save_stack+0x1e/0x40 [ 2917.037410] __kasan_kmalloc+0x81/0xa0 [ 2917.037828] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.038424] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.038960] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.039631] kthread+0x2a4/0x350 [ 2917.039997] ret_from_fork+0x1f/0x30 [ 2917.040613] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.041954] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.043384] The buggy address belongs to the physical page: [ 2917.044006] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.045112] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.045993] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.046873] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.047819] page dumped because: kasan: bad access detected [ 2917.048739] Memory state around the buggy address: [ 2917.049339] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.050177] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.051079] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.051980] ^ [ 2917.052621] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.053472] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.054278] ================================================================== [ 2917.055189] ================================================================== [ 2917.055975] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2917.056978] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.057988] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.059433] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.060061] Call Trace: [ 2917.060343] [ 2917.060591] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2917.061312] dump_stack_lvl+0x57/0x81 [ 2917.061722] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.062357] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2917.063094] print_report.cold+0x5c/0x237 [ 2917.063594] kasan_report+0xc9/0x100 [ 2917.064019] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2917.064773] kasan_check_range+0xfd/0x1e0 [ 2917.065232] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2917.065955] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.066524] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.067021] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.067545] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.068157] ? rcu_read_lock_held+0x30/0x50 [ 2917.068618] ? trace_kmalloc+0x3c/0x100 [ 2917.069091] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.069625] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.070238] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.071071] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.071687] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.072247] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.072787] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.073349] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.074021] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.074580] kthread+0x2a4/0x350 [ 2917.074948] ? kthread_complete_and_exit+0x20/0x20 [ 2917.075478] ret_from_fork+0x1f/0x30 [ 2917.075902] [ 2917.076349] Allocated by task 48614: [ 2917.076745] kasan_save_stack+0x1e/0x40 [ 2917.077174] __kasan_kmalloc+0x81/0xa0 [ 2917.077588] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.078194] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.078732] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.079401] kthread+0x2a4/0x350 [ 2917.079767] ret_from_fork+0x1f/0x30 [ 2917.080358] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.081699] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.083193] The buggy address belongs to the physical page: [ 2917.083815] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.084905] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.085776] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.086681] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.087604] page dumped because: kasan: bad access detected [ 2917.088526] Memory state around the buggy address: [ 2917.089138] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.089950] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.090836] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.091738] ^ [ 2917.092398] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.093258] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.094063] ================================================================== [ 2917.095208] ================================================================== [ 2917.095997] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2917.097029] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.098072] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.099526] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.100174] Call Trace: [ 2917.100461] [ 2917.100715] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2917.101461] dump_stack_lvl+0x57/0x81 [ 2917.101882] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.102537] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2917.103298] print_report.cold+0x5c/0x237 [ 2917.103754] kasan_report+0xc9/0x100 [ 2917.104176] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2917.104882] kasan_check_range+0xfd/0x1e0 [ 2917.105333] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2917.106045] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.106599] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.107096] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.107616] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.108242] ? rcu_read_lock_held+0x30/0x50 [ 2917.108704] ? trace_kmalloc+0x3c/0x100 [ 2917.109135] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.109654] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.110278] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.111105] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.111754] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.112336] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.112876] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.113444] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.114113] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.114690] kthread+0x2a4/0x350 [ 2917.115057] ? kthread_complete_and_exit+0x20/0x20 [ 2917.115581] ret_from_fork+0x1f/0x30 [ 2917.115997] [ 2917.116436] Allocated by task 48614: [ 2917.116832] kasan_save_stack+0x1e/0x40 [ 2917.117287] __kasan_kmalloc+0x81/0xa0 [ 2917.117717] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.118323] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.118873] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.119559] kthread+0x2a4/0x350 [ 2917.119936] ret_from_fork+0x1f/0x30 [ 2917.120531] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.121843] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.123310] The buggy address belongs to the physical page: [ 2917.123966] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.125109] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.125950] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.126815] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.127653] page dumped because: kasan: bad access detected [ 2917.128461] Memory state around the buggy address: [ 2917.129004] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.129804] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.130607] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.131409] ^ [ 2917.132028] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.132825] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.133628] ================================================================== [ 2917.138073] ================================================================== [ 2917.138882] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2917.140058] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.141207] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.142807] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.143469] Call Trace: [ 2917.143756] [ 2917.144013] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2917.144756] dump_stack_lvl+0x57/0x81 [ 2917.145187] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.145838] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2917.146576] print_report.cold+0x5c/0x237 [ 2917.147043] kasan_report+0xc9/0x100 [ 2917.147455] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2917.148198] kasan_check_range+0xfd/0x1e0 [ 2917.148636] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2917.149335] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.149890] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.150390] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.150907] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.151511] ? rcu_read_lock_held+0x30/0x50 [ 2917.151970] ? trace_kmalloc+0x3c/0x100 [ 2917.152396] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.152932] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.153590] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.154419] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.155065] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.155644] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.156203] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.156772] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.157453] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.158013] kthread+0x2a4/0x350 [ 2917.158378] ? kthread_complete_and_exit+0x20/0x20 [ 2917.158907] ret_from_fork+0x1f/0x30 [ 2917.159328] [ 2917.159767] Allocated by task 48614: [ 2917.160171] kasan_save_stack+0x1e/0x40 [ 2917.160597] __kasan_kmalloc+0x81/0xa0 [ 2917.161023] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.161612] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.162153] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.162816] kthread+0x2a4/0x350 [ 2917.163186] ret_from_fork+0x1f/0x30 [ 2917.163772] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.165081] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.166498] The buggy address belongs to the physical page: [ 2917.167112] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.168098] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.168835] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.169670] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.170537] page dumped because: kasan: bad access detected [ 2917.171358] Memory state around the buggy address: [ 2917.171899] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.172740] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.173543] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.174352] ^ [ 2917.174980] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.175844] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.176679] ================================================================== [ 2917.177518] ================================================================== [ 2917.178369] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2917.179484] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.180615] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.182291] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.182994] Call Trace: [ 2917.183342] [ 2917.183596] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2917.184338] dump_stack_lvl+0x57/0x81 [ 2917.184758] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.185414] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2917.186128] print_report.cold+0x5c/0x237 [ 2917.186572] kasan_report+0xc9/0x100 [ 2917.186976] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2917.187698] kasan_check_range+0xfd/0x1e0 [ 2917.188159] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2917.188863] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.189420] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.189914] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.190437] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.191046] ? rcu_read_lock_held+0x30/0x50 [ 2917.191521] ? trace_kmalloc+0x3c/0x100 [ 2917.191943] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.192473] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.193082] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.193886] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.194515] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.195079] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.195610] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.196181] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.196844] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.197444] kthread+0x2a4/0x350 [ 2917.197821] ? kthread_complete_and_exit+0x20/0x20 [ 2917.198371] ret_from_fork+0x1f/0x30 [ 2917.198796] [ 2917.199261] Allocated by task 48614: [ 2917.199686] kasan_save_stack+0x1e/0x40 [ 2917.200140] __kasan_kmalloc+0x81/0xa0 [ 2917.200569] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.201184] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.201733] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.202426] kthread+0x2a4/0x350 [ 2917.202801] ret_from_fork+0x1f/0x30 [ 2917.203424] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.204775] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.206243] The buggy address belongs to the physical page: [ 2917.206868] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.207873] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.208618] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.209468] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.210298] page dumped because: kasan: bad access detected [ 2917.211083] Memory state around the buggy address: [ 2917.211612] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.212389] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.213253] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.214063] ^ [ 2917.214689] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.215529] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.216427] ================================================================== [ 2917.217322] ================================================================== [ 2917.218155] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2917.219298] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.220379] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.221984] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.222705] Call Trace: [ 2917.223053] [ 2917.223327] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2917.224068] dump_stack_lvl+0x57/0x81 [ 2917.224488] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.225146] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2917.225854] print_report.cold+0x5c/0x237 [ 2917.226299] kasan_report+0xc9/0x100 [ 2917.226700] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2917.227418] kasan_check_range+0xfd/0x1e0 [ 2917.227857] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2917.228583] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.229152] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.229649] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.230200] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.230838] ? rcu_read_lock_held+0x30/0x50 [ 2917.231321] ? trace_kmalloc+0x3c/0x100 [ 2917.231768] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.232315] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.232922] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.233754] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.234396] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.234950] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.235490] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.236045] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.236705] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.237271] kthread+0x2a4/0x350 [ 2917.237634] ? kthread_complete_and_exit+0x20/0x20 [ 2917.238166] ret_from_fork+0x1f/0x30 [ 2917.238579] [ 2917.239022] Allocated by task 48614: [ 2917.239429] kasan_save_stack+0x1e/0x40 [ 2917.239853] __kasan_kmalloc+0x81/0xa0 [ 2917.240297] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.240904] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.241457] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.242154] kthread+0x2a4/0x350 [ 2917.242516] ret_from_fork+0x1f/0x30 [ 2917.243153] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.244509] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.245945] The buggy address belongs to the physical page: [ 2917.246550] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.247575] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.248355] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.249219] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.250059] page dumped because: kasan: bad access detected [ 2917.250839] Memory state around the buggy address: [ 2917.251371] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.252157] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.252929] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.253756] ^ [ 2917.254380] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.255186] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.256060] ================================================================== [ 2917.256972] ================================================================== [ 2917.257799] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2917.258910] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.259975] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.261509] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.262241] Call Trace: [ 2917.262533] [ 2917.262827] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2917.263606] dump_stack_lvl+0x57/0x81 [ 2917.264045] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.264672] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2917.265403] print_report.cold+0x5c/0x237 [ 2917.265850] kasan_report+0xc9/0x100 [ 2917.266254] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2917.266968] kasan_check_range+0xfd/0x1e0 [ 2917.267414] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2917.268114] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.268675] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.269171] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.269691] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.270297] ? rcu_read_lock_held+0x30/0x50 [ 2917.270756] ? trace_kmalloc+0x3c/0x100 [ 2917.271225] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.271762] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.272371] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.273275] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.273912] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.274497] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.275069] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.275623] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.276292] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.276853] kthread+0x2a4/0x350 [ 2917.277219] ? kthread_complete_and_exit+0x20/0x20 [ 2917.277750] ret_from_fork+0x1f/0x30 [ 2917.278160] [ 2917.278598] Allocated by task 48614: [ 2917.278997] kasan_save_stack+0x1e/0x40 [ 2917.279415] __kasan_kmalloc+0x81/0xa0 [ 2917.279832] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.280425] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.280967] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.281634] kthread+0x2a4/0x350 [ 2917.282005] ret_from_fork+0x1f/0x30 [ 2917.282591] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.283911] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.285333] The buggy address belongs to the physical page: [ 2917.286020] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.287011] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.287747] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.288582] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.289419] page dumped because: kasan: bad access detected [ 2917.290215] Memory state around the buggy address: [ 2917.290737] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.291559] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.292405] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.293219] ^ [ 2917.293850] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.294666] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.295482] ================================================================== [ 2917.296348] ================================================================== [ 2917.297263] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2917.298386] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.299513] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.301185] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.301837] Call Trace: [ 2917.302132] [ 2917.302392] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2917.303293] dump_stack_lvl+0x57/0x81 [ 2917.303772] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.304519] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2917.305320] print_report.cold+0x5c/0x237 [ 2917.305817] kasan_report+0xc9/0x100 [ 2917.306270] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2917.307033] kasan_check_range+0xfd/0x1e0 [ 2917.307477] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2917.308181] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2917.308736] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.309240] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.309768] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.310382] ? rcu_read_lock_held+0x30/0x50 [ 2917.310838] ? trace_kmalloc+0x3c/0x100 [ 2917.311272] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.311806] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2917.312397] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.313203] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.313823] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.314383] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.314922] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.315484] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.316197] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.316778] kthread+0x2a4/0x350 [ 2917.317169] ? kthread_complete_and_exit+0x20/0x20 [ 2917.317696] ret_from_fork+0x1f/0x30 [ 2917.318114] [ 2917.318552] Allocated by task 48614: [ 2917.318959] kasan_save_stack+0x1e/0x40 [ 2917.319392] __kasan_kmalloc+0x81/0xa0 [ 2917.319803] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.320434] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.320989] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.321674] kthread+0x2a4/0x350 [ 2917.322078] ret_from_fork+0x1f/0x30 [ 2917.322689] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.324050] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.325457] The buggy address belongs to the physical page: [ 2917.326060] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.327039] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.327772] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.328617] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.329448] page dumped because: kasan: bad access detected [ 2917.330234] Memory state around the buggy address: [ 2917.330764] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.331554] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.332346] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.333176] ^ [ 2917.333794] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.334619] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.335432] ================================================================== [ 2917.336283] ================================================================== [ 2917.337194] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2917.338411] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.339484] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.341076] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.341698] Call Trace: [ 2917.342013] [ 2917.342267] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2917.343186] dump_stack_lvl+0x57/0x81 [ 2917.343609] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.344333] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2917.345168] print_report.cold+0x5c/0x237 [ 2917.345623] kasan_report+0xc9/0x100 [ 2917.346028] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2917.346843] kasan_check_range+0xfd/0x1e0 [ 2917.347310] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2917.348123] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.348871] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.349387] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.349910] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.350549] ? rcu_read_lock_held+0x30/0x50 [ 2917.351028] ? trace_kmalloc+0x3c/0x100 [ 2917.351467] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.352011] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.352630] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.353466] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.354119] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.354702] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.355267] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.355822] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.356485] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.357052] kthread+0x2a4/0x350 [ 2917.357422] ? kthread_complete_and_exit+0x20/0x20 [ 2917.357947] ret_from_fork+0x1f/0x30 [ 2917.358360] [ 2917.358797] Allocated by task 48614: [ 2917.359199] kasan_save_stack+0x1e/0x40 [ 2917.359627] __kasan_kmalloc+0x81/0xa0 [ 2917.360052] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.360628] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.361177] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.361845] kthread+0x2a4/0x350 [ 2917.362210] ret_from_fork+0x1f/0x30 [ 2917.362794] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.364213] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.365692] The buggy address belongs to the physical page: [ 2917.366314] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.367327] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.368097] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.368951] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.369805] page dumped because: kasan: bad access detected [ 2917.370617] Memory state around the buggy address: [ 2917.371139] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.371922] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.372712] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.373503] ^ [ 2917.374120] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.374907] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.375706] ================================================================== [ 2917.376501] ================================================================== [ 2917.377317] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2917.378572] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.379658] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.381289] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.382026] Call Trace: [ 2917.382316] [ 2917.382571] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2917.383398] dump_stack_lvl+0x57/0x81 [ 2917.383871] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.384605] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2917.385518] print_report.cold+0x5c/0x237 [ 2917.385988] kasan_report+0xc9/0x100 [ 2917.386410] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2917.387245] kasan_check_range+0xfd/0x1e0 [ 2917.387690] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2917.388475] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.389191] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.389684] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.390210] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.390818] ? rcu_read_lock_held+0x30/0x50 [ 2917.391281] ? trace_kmalloc+0x3c/0x100 [ 2917.391703] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.392227] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.392831] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.393726] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.394377] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.394955] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.395508] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.396062] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.396724] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.397288] kthread+0x2a4/0x350 [ 2917.397650] ? kthread_complete_and_exit+0x20/0x20 [ 2917.398219] ret_from_fork+0x1f/0x30 [ 2917.398644] [ 2917.399103] Allocated by task 48614: [ 2917.399510] kasan_save_stack+0x1e/0x40 [ 2917.399951] __kasan_kmalloc+0x81/0xa0 [ 2917.400384] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.400973] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.401505] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.402168] kthread+0x2a4/0x350 [ 2917.402541] ret_from_fork+0x1f/0x30 [ 2917.403133] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.404437] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.405845] The buggy address belongs to the physical page: [ 2917.406454] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.407449] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.408191] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.409025] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.409851] page dumped because: kasan: bad access detected [ 2917.410635] Memory state around the buggy address: [ 2917.411162] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.411964] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.412798] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.413600] ^ [ 2917.414227] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.415001] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.415804] ================================================================== [ 2917.416685] ================================================================== [ 2917.417543] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2917.418693] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.419829] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.421369] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.422032] Call Trace: [ 2917.422362] [ 2917.422643] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2917.423583] dump_stack_lvl+0x57/0x81 [ 2917.424063] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.424785] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2917.425644] print_report.cold+0x5c/0x237 [ 2917.426090] kasan_report+0xc9/0x100 [ 2917.426495] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2917.427302] kasan_check_range+0xfd/0x1e0 [ 2917.427750] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2917.428531] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.429253] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.429747] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.430271] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.430876] ? rcu_read_lock_held+0x30/0x50 [ 2917.431338] ? trace_kmalloc+0x3c/0x100 [ 2917.431762] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.432282] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.432878] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.433676] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.434308] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.434870] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.435412] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.435970] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.436629] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.437191] kthread+0x2a4/0x350 [ 2917.437561] ? kthread_complete_and_exit+0x20/0x20 [ 2917.438101] ret_from_fork+0x1f/0x30 [ 2917.438516] [ 2917.438965] Allocated by task 48614: [ 2917.439384] kasan_save_stack+0x1e/0x40 [ 2917.439806] __kasan_kmalloc+0x81/0xa0 [ 2917.440229] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.440812] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.441348] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.442024] kthread+0x2a4/0x350 [ 2917.442391] ret_from_fork+0x1f/0x30 [ 2917.442984] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.444298] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.445710] The buggy address belongs to the physical page: [ 2917.446317] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.447299] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.448038] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.448912] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.449774] page dumped because: kasan: bad access detected [ 2917.450585] Memory state around the buggy address: [ 2917.451119] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.451892] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.452719] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.453569] ^ [ 2917.454190] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.454990] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.455802] ================================================================== [ 2917.456663] ================================================================== [ 2917.457523] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2917.458657] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.459791] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.461341] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.462002] Call Trace: [ 2917.462322] [ 2917.462605] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2917.463492] dump_stack_lvl+0x57/0x81 [ 2917.463980] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.464644] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2917.465479] print_report.cold+0x5c/0x237 [ 2917.465919] kasan_report+0xc9/0x100 [ 2917.466325] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2917.467129] kasan_check_range+0xfd/0x1e0 [ 2917.467571] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2917.468355] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.469075] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.469571] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.470122] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.470748] ? rcu_read_lock_held+0x30/0x50 [ 2917.471223] ? trace_kmalloc+0x3c/0x100 [ 2917.471663] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.472208] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.472824] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.473666] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.474312] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.474868] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.475403] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.475961] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.476625] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.477189] kthread+0x2a4/0x350 [ 2917.477556] ? kthread_complete_and_exit+0x20/0x20 [ 2917.478091] ret_from_fork+0x1f/0x30 [ 2917.478498] [ 2917.478937] Allocated by task 48614: [ 2917.479342] kasan_save_stack+0x1e/0x40 [ 2917.479770] __kasan_kmalloc+0x81/0xa0 [ 2917.480191] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.480771] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.481311] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.481976] kthread+0x2a4/0x350 [ 2917.482347] ret_from_fork+0x1f/0x30 [ 2917.482935] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.484343] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.485792] The buggy address belongs to the physical page: [ 2917.486401] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.487390] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.488134] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.488977] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.489806] page dumped because: kasan: bad access detected [ 2917.490603] Memory state around the buggy address: [ 2917.491125] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.491913] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.492699] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.493487] ^ [ 2917.494092] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.494864] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.495704] ================================================================== [ 2917.496613] ================================================================== [ 2917.497474] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2917.498662] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.499829] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.501414] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.502151] Call Trace: [ 2917.502443] [ 2917.502700] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2917.503530] dump_stack_lvl+0x57/0x81 [ 2917.503951] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.504605] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2917.505438] print_report.cold+0x5c/0x237 [ 2917.505907] kasan_report+0xc9/0x100 [ 2917.506337] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2917.507140] kasan_check_range+0xfd/0x1e0 [ 2917.507583] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2917.508363] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.509084] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.509575] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.510099] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.510701] ? rcu_read_lock_held+0x30/0x50 [ 2917.511164] ? trace_kmalloc+0x3c/0x100 [ 2917.511590] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.512116] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.512714] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.513589] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.514236] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.514814] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.515374] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.515944] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.516640] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.517237] kthread+0x2a4/0x350 [ 2917.517608] ? kthread_complete_and_exit+0x20/0x20 [ 2917.518142] ret_from_fork+0x1f/0x30 [ 2917.518554] [ 2917.519004] Allocated by task 48614: [ 2917.519410] kasan_save_stack+0x1e/0x40 [ 2917.519836] __kasan_kmalloc+0x81/0xa0 [ 2917.520255] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.520839] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.521376] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.522047] kthread+0x2a4/0x350 [ 2917.522412] ret_from_fork+0x1f/0x30 [ 2917.523003] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.524306] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.525749] The buggy address belongs to the physical page: [ 2917.526375] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.527404] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.528141] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.528983] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.529817] page dumped because: kasan: bad access detected [ 2917.530614] Memory state around the buggy address: [ 2917.531176] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.531977] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.532791] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.533602] ^ [ 2917.534225] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.535012] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.535816] ================================================================== [ 2917.536704] ================================================================== [ 2917.537561] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2917.538714] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.539879] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.541414] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.542076] Call Trace: [ 2917.542414] [ 2917.542698] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2917.543653] dump_stack_lvl+0x57/0x81 [ 2917.544129] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.544870] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2917.545730] print_report.cold+0x5c/0x237 [ 2917.546205] kasan_report+0xc9/0x100 [ 2917.546607] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2917.547413] kasan_check_range+0xfd/0x1e0 [ 2917.547857] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2917.548665] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.549429] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.549942] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.550482] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.551097] ? rcu_read_lock_held+0x30/0x50 [ 2917.551554] ? trace_kmalloc+0x3c/0x100 [ 2917.551983] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.552518] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.553120] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.553917] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.554580] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.555162] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.555718] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.556301] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.556971] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.557542] kthread+0x2a4/0x350 [ 2917.557913] ? kthread_complete_and_exit+0x20/0x20 [ 2917.558451] ret_from_fork+0x1f/0x30 [ 2917.558874] [ 2917.559318] Allocated by task 48614: [ 2917.559710] kasan_save_stack+0x1e/0x40 [ 2917.560140] __kasan_kmalloc+0x81/0xa0 [ 2917.560559] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.561158] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.561695] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.562362] kthread+0x2a4/0x350 [ 2917.562723] ret_from_fork+0x1f/0x30 [ 2917.563333] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.564678] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.566113] The buggy address belongs to the physical page: [ 2917.566721] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.567708] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.568454] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.569291] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.570133] page dumped because: kasan: bad access detected [ 2917.570923] Memory state around the buggy address: [ 2917.571453] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.572237] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.573017] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.573906] ^ [ 2917.574535] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.575342] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.576142] ================================================================== [ 2917.577010] ================================================================== [ 2917.577908] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2917.579068] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.580208] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.581701] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.582388] Call Trace: [ 2917.582715] [ 2917.583020] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2917.583893] dump_stack_lvl+0x57/0x81 [ 2917.584356] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.585024] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2917.585819] print_report.cold+0x5c/0x237 [ 2917.586276] kasan_report+0xc9/0x100 [ 2917.586676] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2917.587480] kasan_check_range+0xfd/0x1e0 [ 2917.587924] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2917.588709] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.589439] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.589933] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.590500] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.591129] ? rcu_read_lock_held+0x30/0x50 [ 2917.591606] ? trace_kmalloc+0x3c/0x100 [ 2917.592057] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.592608] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.593233] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.594074] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.594693] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.595249] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.595785] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.596340] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.597005] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.597574] kthread+0x2a4/0x350 [ 2917.597940] ? kthread_complete_and_exit+0x20/0x20 [ 2917.598478] ret_from_fork+0x1f/0x30 [ 2917.598917] [ 2917.599374] Allocated by task 48614: [ 2917.599786] kasan_save_stack+0x1e/0x40 [ 2917.600227] __kasan_kmalloc+0x81/0xa0 [ 2917.600656] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.601265] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.601801] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.602468] kthread+0x2a4/0x350 [ 2917.602833] ret_from_fork+0x1f/0x30 [ 2917.603497] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.604824] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.606235] The buggy address belongs to the physical page: [ 2917.606841] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.607830] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.608576] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.609416] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.611722] page dumped because: kasan: bad access detected [ 2917.612515] Memory state around the buggy address: [ 2917.613045] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.613817] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.614592] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.615397] ^ [ 2917.616035] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.616937] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.617773] ================================================================== [ 2917.618647] ================================================================== [ 2917.619546] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2917.620727] Read of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.621779] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.623416] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.624068] Call Trace: [ 2917.624363] [ 2917.624619] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2917.625457] dump_stack_lvl+0x57/0x81 [ 2917.625870] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.626509] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2917.627309] print_report.cold+0x5c/0x237 [ 2917.627757] kasan_report+0xc9/0x100 [ 2917.628157] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2917.628968] kasan_check_range+0xfd/0x1e0 [ 2917.629417] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2917.630205] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.630932] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.631427] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.631947] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.632556] ? rcu_read_lock_held+0x30/0x50 [ 2917.633042] ? trace_kmalloc+0x3c/0x100 [ 2917.633556] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.634098] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.634711] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.635534] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.636176] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.636752] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.637319] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.637898] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.638596] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.639181] kthread+0x2a4/0x350 [ 2917.639568] ? kthread_complete_and_exit+0x20/0x20 [ 2917.640118] ret_from_fork+0x1f/0x30 [ 2917.640542] [ 2917.641001] Allocated by task 48614: [ 2917.641414] kasan_save_stack+0x1e/0x40 [ 2917.641853] __kasan_kmalloc+0x81/0xa0 [ 2917.642283] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.642892] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.643450] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.644142] kthread+0x2a4/0x350 [ 2917.644519] ret_from_fork+0x1f/0x30 [ 2917.645124] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.646475] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.647923] The buggy address belongs to the physical page: [ 2917.648548] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.649578] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.650372] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.651235] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.652137] page dumped because: kasan: bad access detected [ 2917.652946] Memory state around the buggy address: [ 2917.653501] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.654311] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.655114] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.655924] ^ [ 2917.656568] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.657467] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.658345] ================================================================== [ 2917.659200] ================================================================== [ 2917.660111] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2917.661333] Read of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.662390] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.664129] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.664771] Call Trace: [ 2917.665064] [ 2917.665321] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2917.666145] dump_stack_lvl+0x57/0x81 [ 2917.666568] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.667222] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2917.668059] print_report.cold+0x5c/0x237 [ 2917.668541] kasan_report+0xc9/0x100 [ 2917.668958] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2917.669792] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2917.670598] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.671340] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.671853] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.672398] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.673042] ? rcu_read_lock_held+0x30/0x50 [ 2917.673524] ? trace_kmalloc+0x3c/0x100 [ 2917.673967] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.674508] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.675134] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.675957] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.676614] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.677198] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.677759] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.678339] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.679041] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.679635] kthread+0x2a4/0x350 [ 2917.680020] ? kthread_complete_and_exit+0x20/0x20 [ 2917.680561] ret_from_fork+0x1f/0x30 [ 2917.680986] [ 2917.681443] Allocated by task 48614: [ 2917.681858] kasan_save_stack+0x1e/0x40 [ 2917.682296] __kasan_kmalloc+0x81/0xa0 [ 2917.682728] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.683346] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.683905] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.684596] kthread+0x2a4/0x350 [ 2917.684977] ret_from_fork+0x1f/0x30 [ 2917.685580] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.686933] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.688405] The buggy address belongs to the physical page: [ 2917.689032] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.690062] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.690822] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.691677] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.692528] page dumped because: kasan: bad access detected [ 2917.693394] Memory state around the buggy address: [ 2917.693933] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.694748] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.695551] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.696368] ^ [ 2917.697033] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.697940] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.698787] ================================================================== [ 2917.699627] ================================================================== [ 2917.700543] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2917.701732] Write of size 8 at addr ffff8880038280c8 by task kunit_try_catch/48614 [ 2917.702765] CPU: 0 PID: 48614 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.704441] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.705169] Call Trace: [ 2917.705489] [ 2917.705775] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2917.706642] dump_stack_lvl+0x57/0x81 [ 2917.707073] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.707725] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2917.708559] print_report.cold+0x5c/0x237 [ 2917.709025] kasan_report+0xc9/0x100 [ 2917.709444] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2917.710281] kasan_check_range+0xfd/0x1e0 [ 2917.710743] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2917.711563] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2917.712305] ? kunit_kfree+0x200/0x200 [kunit] [ 2917.712817] ? rcu_read_lock_sched_held+0x12/0x80 [ 2917.713357] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.713994] ? rcu_read_lock_held+0x30/0x50 [ 2917.714482] ? trace_kmalloc+0x3c/0x100 [ 2917.714926] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2917.715469] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2917.716089] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2917.716912] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2917.717560] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.718141] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.718693] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.719269] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.719959] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.720543] kthread+0x2a4/0x350 [ 2917.720928] ? kthread_complete_and_exit+0x20/0x20 [ 2917.721479] ret_from_fork+0x1f/0x30 [ 2917.721901] [ 2917.722357] Allocated by task 48614: [ 2917.722768] kasan_save_stack+0x1e/0x40 [ 2917.723266] __kasan_kmalloc+0x81/0xa0 [ 2917.723697] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2917.724307] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.724863] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.725553] kthread+0x2a4/0x350 [ 2917.725932] ret_from_fork+0x1f/0x30 [ 2917.726541] The buggy address belongs to the object at ffff8880038280c0 which belongs to the cache kmalloc-16 of size 16 [ 2917.727851] The buggy address is located 8 bytes inside of 16-byte region [ffff8880038280c0, ffff8880038280d0) [ 2917.729289] The buggy address belongs to the physical page: [ 2917.729894] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.730880] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.731622] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.732459] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.733298] page dumped because: kasan: bad access detected [ 2917.734086] Memory state around the buggy address: [ 2917.734641] ffff888003827f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2917.735446] ffff888003828000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.736256] >ffff888003828080: fa fb fc fc fa fb fc fc 00 01 fc fc fb fb fc fc [ 2917.737061] ^ [ 2917.737685] ffff888003828100: fa fb fc fc 00 00 fc fc fb fb fc fc fb fb fc fc [ 2917.738493] ffff888003828180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 2917.739354] ================================================================== [ 2917.744208] ok 45 - kasan_bitops_generic [ 2917.748217] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2917.749889] ================================================================== [ 2917.751570] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.752482] Read of size 1 at addr ffff888003828ec0 by task kunit_try_catch/48616 [ 2917.753545] CPU: 0 PID: 48616 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.755060] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.755715] Call Trace: [ 2917.756007] [ 2917.756263] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.756923] dump_stack_lvl+0x57/0x81 [ 2917.757361] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.758026] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.758674] print_report.cold+0x5c/0x237 [ 2917.759139] kasan_report+0xc9/0x100 [ 2917.759557] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.760210] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.760857] __kasan_check_byte+0x36/0x50 [ 2917.761318] kfree_sensitive+0x1b/0x60 [ 2917.761754] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.762387] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 2917.762941] ? do_raw_spin_trylock+0xb5/0x180 [ 2917.763446] ? do_raw_spin_lock+0x270/0x270 [ 2917.763926] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.764557] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.765164] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.765711] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.766271] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.766933] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.767496] kthread+0x2a4/0x350 [ 2917.767861] ? kthread_complete_and_exit+0x20/0x20 [ 2917.768398] ret_from_fork+0x1f/0x30 [ 2917.768805] [ 2917.769258] Allocated by task 48616: [ 2917.769656] kasan_save_stack+0x1e/0x40 [ 2917.770108] __kasan_kmalloc+0x81/0xa0 [ 2917.770544] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 2917.771169] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.771719] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.772440] kthread+0x2a4/0x350 [ 2917.772818] ret_from_fork+0x1f/0x30 [ 2917.773430] Freed by task 48616: [ 2917.773805] kasan_save_stack+0x1e/0x40 [ 2917.774250] kasan_set_track+0x21/0x30 [ 2917.774667] kasan_set_free_info+0x20/0x40 [ 2917.775128] __kasan_slab_free+0x108/0x170 [ 2917.775580] slab_free_freelist_hook+0x11d/0x1d0 [ 2917.776092] kfree+0xe2/0x3c0 [ 2917.776462] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 2917.777091] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.777649] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.778339] kthread+0x2a4/0x350 [ 2917.778715] ret_from_fork+0x1f/0x30 [ 2917.779325] The buggy address belongs to the object at ffff888003828ec0 which belongs to the cache kmalloc-16 of size 16 [ 2917.780813] The buggy address is located 0 bytes inside of 16-byte region [ffff888003828ec0, ffff888003828ed0) [ 2917.782406] The buggy address belongs to the physical page: [ 2917.783147] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.784272] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.785048] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.786023] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.786983] page dumped because: kasan: bad access detected [ 2917.787819] Memory state around the buggy address: [ 2917.788368] ffff888003828d80: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.789179] ffff888003828e00: 00 00 fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2917.790006] >ffff888003828e80: fb fb fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2917.790814] ^ [ 2917.791418] ffff888003828f00: fa fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 2917.792223] ffff888003828f80: fa fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 2917.793044] ================================================================== [ 2917.793910] ================================================================== [ 2917.794727] BUG: KASAN: double-free or invalid-free in kfree+0xe2/0x3c0 [ 2917.795664] CPU: 0 PID: 48616 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.797182] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.797829] Call Trace: [ 2917.798123] [ 2917.798379] dump_stack_lvl+0x57/0x81 [ 2917.798798] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.799451] print_report.cold+0x5c/0x237 [ 2917.799909] ? kfree+0xe2/0x3c0 [ 2917.800314] ? kfree+0xe2/0x3c0 [ 2917.800684] kasan_report_invalid_free+0x99/0xc0 [ 2917.801216] ? kfree+0xe2/0x3c0 [ 2917.801592] ? kfree+0xe2/0x3c0 [ 2917.801973] __kasan_slab_free+0x152/0x170 [ 2917.802462] slab_free_freelist_hook+0x11d/0x1d0 [ 2917.802996] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.803656] kfree+0xe2/0x3c0 [ 2917.804027] ? __kasan_check_byte+0x36/0x50 [ 2917.804490] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2917.805101] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 2917.805641] ? do_raw_spin_trylock+0xb5/0x180 [ 2917.806130] ? do_raw_spin_lock+0x270/0x270 [ 2917.806600] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.807220] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.807791] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.808338] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.808900] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.809562] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.810125] kthread+0x2a4/0x350 [ 2917.810491] ? kthread_complete_and_exit+0x20/0x20 [ 2917.811020] ret_from_fork+0x1f/0x30 [ 2917.811431] [ 2917.811869] Allocated by task 48616: [ 2917.812273] kasan_save_stack+0x1e/0x40 [ 2917.812697] __kasan_kmalloc+0x81/0xa0 [ 2917.813182] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 2917.813801] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.814366] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.815056] kthread+0x2a4/0x350 [ 2917.815433] ret_from_fork+0x1f/0x30 [ 2917.816050] Freed by task 48616: [ 2917.816415] kasan_save_stack+0x1e/0x40 [ 2917.816843] kasan_set_track+0x21/0x30 [ 2917.817270] kasan_set_free_info+0x20/0x40 [ 2917.817748] __kasan_slab_free+0x108/0x170 [ 2917.818217] slab_free_freelist_hook+0x11d/0x1d0 [ 2917.818739] kfree+0xe2/0x3c0 [ 2917.819095] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 2917.819718] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.820273] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.820957] kthread+0x2a4/0x350 [ 2917.821385] ret_from_fork+0x1f/0x30 [ 2917.822064] The buggy address belongs to the object at ffff888003828ec0 which belongs to the cache kmalloc-16 of size 16 [ 2917.823532] The buggy address is located 0 bytes inside of 16-byte region [ffff888003828ec0, ffff888003828ed0) [ 2917.825148] The buggy address belongs to the physical page: [ 2917.825774] page:00000000f0f0ca43 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3828 [ 2917.826785] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 2917.827625] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0 [ 2917.828592] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2917.829585] page dumped because: kasan: bad access detected [ 2917.830493] Memory state around the buggy address: [ 2917.831104] ffff888003828d80: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2917.831916] ffff888003828e00: 00 00 fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2917.832725] >ffff888003828e80: fb fb fc fc fb fb fc fc fa fb fc fc fa fb fc fc [ 2917.833538] ^ [ 2917.834141] ffff888003828f00: fa fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 2917.834953] ffff888003828f80: fa fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 2917.835751] ================================================================== [ 2917.836728] ok 47 - kmalloc_double_kzfree [ 2917.838935] ok 48 - vmalloc_helpers_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2917.840925] ================================================================== [ 2917.842627] BUG: KASAN: out-of-bounds in vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2917.843485] Read of size 1 at addr ffffc9000007d7f3 by task kunit_try_catch/48618 [ 2917.844512] CPU: 0 PID: 48618 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-237.1663_750680994.el9.x86_64+debug #1 [ 2917.846023] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2917.846646] Call Trace: [ 2917.846930] [ 2917.847183] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2917.847720] dump_stack_lvl+0x57/0x81 [ 2917.848138] print_address_description.constprop.0+0x1f/0x1e0 [ 2917.848766] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2917.849310] print_report.cold+0x5c/0x237 [ 2917.849761] kasan_report+0xc9/0x100 [ 2917.850167] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2917.850711] vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2917.851240] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 2917.851892] ? do_raw_spin_trylock+0xb5/0x180 [ 2917.852383] ? do_raw_spin_lock+0x270/0x270 [ 2917.852847] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2917.853480] ? kunit_add_resource+0x197/0x280 [kunit] [ 2917.854050] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2917.854593] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2917.855150] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2917.855816] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2917.856385] kthread+0x2a4/0x350 [ 2917.856750] ? kthread_complete_and_exit+0x20/0x20 [ 2917.857284] ret_from_fork+0x1f/0x30 [ 2917.857689] [ 2917.858168] The buggy address belongs to the virtual mapping at [ffffc9000007d000, ffffc9000007f000) created by: vmalloc_oob+0x78/0x5e0 [test_kasan] [ 2917.860143] The buggy address belongs to the physical page: [ 2917.860768] page:00000000ce970a77 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23bc [ 2917.861800] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 2917.862543] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2917.863501] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2917.864424] page dumped because: kasan: bad access detected [ 2917.865242] Memory state around the buggy address: [ 2917.865853] ffffc9000007d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2917.866762] ffffc9000007d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2917.867600] >ffffc9000007d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 [ 2917.868404] ^ [ 2917.869226] ffffc9000007d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2917.870133] ffffc9000007d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2917.871044] ================================================================== [ 2917.912100] # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1131 KASAN failure expected in "((volatile char *)v_ptr)[size + 5]", but none occurred [ 2917.912236] not ok 49 - vmalloc_oob [ 2917.915867] ok 50 - vmap_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2917.918952] ok 51 - vm_map_ram_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2917.920903] ok 52 - vmalloc_percpu # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2917.922913] ok 53 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2917.925033] ok 54 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2917.927952] ok 55 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2917.928857] not ok 20 - kasan [ 2918.343733] # Subtest: linear-ranges-test [ 2918.343743] 1..4 [ 2918.350890] ok 1 - range_test_get_value_amount [ 2918.353212] ok 2 - range_test_get_selector_high [ 2918.354845] ok 3 - range_test_get_selector_low [ 2918.357009] ok 4 - range_test_get_value [ 2918.357589] ok 21 - linear-ranges-test [ 2918.495094] # Subtest: list_sort [ 2918.495103] 1..1 [ 2918.513525] ok 1 - list_sort_test [ 2918.513848] ok 22 - list_sort [ 2918.894605] # Subtest: time_test_cases [ 2918.894614] 1..1 [ 2923.666553] ok 1 - time64_to_tm_test_date_range [ 2923.672894] ok 23 - time_test_cases [ 2923.758525] systemd-journald[564]: Data hash table of /run/log/journal/2c9acbe313324c8aa0c2083864308760/system.journal has a fill level at 75.0 (7003 of 9336 items, 5378048 file size, 767 bytes per hash table item), suggesting rotation. [ 2923.795935] systemd-journald[564]: /run/log/journal/2c9acbe313324c8aa0c2083864308760/system.journal: Journal header limits reached or header out-of-date, rotating.